acl.c

一个免费的SMART CARD OS系统。

/* ============================================================================
   Project Name : jayaCard
   Module Name  : proto/bios/fs/acl.c
   Version : $Id: acl.c,v 1.19 2004/04/23 21:33:43 dgil Exp $

	Description: Access Condition List

    The Original Code is jayaCard code.

    The Initial Developer of the Original Code is Gilles Dumortier.

	Portions created by the Initial Developer are Copyright (C) 2002-2004 the
    Initial Developer. All Rights Reserved.

    Contributor(s):

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; see http://www.gnu.org/licenses/gpl.html

   History Rev	Description
   030103 dgil	wrote it from scratch
   ============================================================================
*/

#include "precomp.h"

#ifdef JAYA_FILESYSTEM
/* ============================================================================
    __fs_check_AC()

	Implicit input parameters : current_EF/DF header file

	Secure: use the global semaphore to protect the callee.

	returns JSEC_OK if the access condition is correct, JSEC_FAIL otherwise.
   ========================================================================= */

jbyte __fs_check_AC(jbyte acc)
{
	LOCAL(jbyte,cond);
	LOCAL(jbyte,res);
    LOCAL(jbyte,key);

	/* default res is can't access */
	gGlobalSem = JSEC_OK;
	res = JSEC_FAIL;

    #ifdef JAYACFG_FILESYSTEM_INVALIDATE
    if ((acc&ACC_MASK) != ACC_REHABILITATE) {
        if ((acc&(ACC_CHECK_DF|ACC_CHECK_EF)) == ACC_CHECK_DF ) {
            if ( (current_DF.fdesc&FDESC_INVALIDATED) == FDESC_INVALIDATED ) {
                LOG1("FS","__fs_check_AC() fid=0x%.4X INVALIDATED !",current_DF.fid);
                cond = ACR_NEVER;
                key = 0x00;
                goto bypass;
            }
        } else {
            if ( (current_EF.fdesc&FDESC_INVALIDATED) == FDESC_INVALIDATED ) {
                LOG1("FS","__fs_check_AC() fid=0x%.4X INVALIDATED !",current_EF.fid);
                cond = ACR_NEVER;
                key = 0x00;
                goto bypass;
            }
        }
    }
    #endif

    /* get the right nibble given the Access Condition Class */
    switch (acc) {
        case ACC_CHECK_EF|ACC_READ:
            cond = current_EF.ac[0]>>4;
            key = current_EF.ac_key[0]>>4;
			break;

        case ACC_CHECK_EF|ACC_UPDATE:
            cond = current_EF.ac[0]&0x0F;
            key = current_EF.ac_key[0]&0x0F;
			break;

        case ACC_CHECK_EF|ACC_DELETE:
            cond = current_EF.ac[1]>>4;
            key = current_EF.ac_key[1]>>4;
			break;

        case ACC_CHECK_EF|ACC_APPEND:       // | ACC_ERASE | ACC_USE | ACC_DECREASE
            cond = current_EF.ac[1]&0x0F;
            key = current_EF.ac_key[1]&0x0F;
			break;

        case ACC_CHECK_EF|ACC_INVALIDATE:
            cond = current_EF.ac[2]>>4;
            key = current_EF.ac_key[2]>>4;
			break;

        case ACC_CHECK_EF|ACC_REHABILITATE:
            cond = current_EF.ac[2]&0x0F;
            key = current_EF.ac_key[2]&0x0F;
			break;

        case ACC_CHECK_DF|ACC_LOOKUP:
            cond = current_DF.ac[0]>>4;
            key = current_DF.ac_key[0]>>4;
			break;

        case ACC_CHECK_DF|ACC_CREATE_FILE:
            cond = current_DF.ac[0]&0x0F;
            key = current_DF.ac_key[0]&0x0F;
			break;

        case ACC_CHECK_DF|ACC_DELETE:
            cond = current_DF.ac[1]>>4;
            key = current_DF.ac_key[1]>>4;
			break;

        case ACC_CHECK_DF|ACC_DELETE_FILE:
            cond = current_DF.ac[1]&0x0F;
            key = current_DF.ac_key[1]&0x0F;
			break;

        case ACC_CHECK_DF|ACC_INVALIDATE:
            cond = current_DF.ac[2]>>4;
            key = current_DF.ac_key[2]>>4;
			break;

        case ACC_CHECK_DF|ACC_REHABILITATE:
            cond = current_DF.ac[2]&0x0F;
            key = current_DF.ac_key[2]&0x0F;
			break;

		default:
            LOG1("ACL","invalid Access Condition Class 0x%.2X",acc);
			HAL_HALT();
			return JSEC_FAIL;
	}
    #ifdef JAYACFG_FILESYSTEM_INVALIDATE
    bypass:
    #endif
    gGlobalSem++;

	/* if default key, set the current key ! */
	if (key == 0) {
		key = (gSeqKeyPin>>SEQKEYPIN_DECAL_KEY);
	}

	#ifdef JAYA_BIOS_SM
	#else
    LOG5("ACL","ACL: acc=%.2X cond=%.2X key=%.2X vs gSeqVal=%.2X gSeqKeyPin=%.2X",acc,cond,key,gSeqVal,gSeqKeyPin);
	#endif

	/* check the conditions */
	switch (cond) {
		   case ACR_NEVER:
				res = JSEC_FAIL;
				break;

		   case ACR_PIN:
                res = (((gSeqVal&SEQVAL_VERIFY)==SEQVAL_VERIFY) && ((gSeqKeyPin&SEQKEYPIN_MASK_PIN) == 0))?JSEC_OK:JSEC_FAIL;
				break;

		   case ACR_AUTH:
                res = (((gSeqVal&SEQVAL_EXT_AUTH)==SEQVAL_EXT_AUTH) && ((gSeqKeyPin>>SEQKEYPIN_DECAL_KEY) == key) )?JSEC_OK:JSEC_FAIL;
				break;

		   case ACR_PIN_AND_AUTH:
                res = (((gSeqVal&(SEQVAL_EXT_AUTH|SEQVAL_VERIFY))==(SEQVAL_EXT_AUTH|SEQVAL_VERIFY)) && ((gSeqKeyPin>>SEQKEYPIN_DECAL_KEY) == key) && ((gSeqKeyPin&SEQKEYPIN_MASK_PIN) == 0) )?JSEC_OK:JSEC_FAIL;
				break;

		   case ACR_SM:
		   		#ifdef JAYA_BIOS_SM
				#else
				res = JSEC_FAIL;
				#endif
				break;

		   case ACR_PIN_AND_SM:
		   		#ifdef JAYA_BIOS_SM
				#else
				res = JSEC_FAIL;
				#endif
				break;

		   case ACR_PIN_OR_AUTH:
                res = ( ((gSeqVal&(SEQVAL_EXT_AUTH|SEQVAL_VERIFY))!=0x00) && ((gSeqKeyPin>>SEQKEYPIN_DECAL_KEY) == key) && ((gSeqKeyPin&SEQKEYPIN_MASK_PIN) == 0) )?JSEC_OK:JSEC_FAIL;
				break;

           case ACR_PIN_CHV2:
                res = (((gSeqVal&SEQVAL_VERIFY)==SEQVAL_VERIFY) && ((gSeqKeyPin&SEQKEYPIN_MASK_PIN) == 1))?JSEC_OK:JSEC_FAIL;
				break;

		   case ACR_PICOSEAL:
				#ifdef PICOSEAL
				res = picoseal_check_ACS();
				#else
				res = JSEC_FAIL;
				#endif
				break;

		   case ACR_PRIOR_PIN:
                res = (((gSeqVal&SEQVAL_VERIFY_PRIOR)==SEQVAL_VERIFY_PRIOR) && ((gSeqKeyPin&SEQKEYPIN_MASK_PIN) == 0) )?JSEC_OK:JSEC_FAIL;
				break;

		   case ACR_EXT:
                res = cos_check_AC_ext();
				break;

		   case ACR_PRIOR_PIN_AND_AUTH:
                res = (((gSeqVal&(SEQVAL_EXT_AUTH|SEQVAL_VERIFY_PRIOR))==(SEQVAL_EXT_AUTH|SEQVAL_VERIFY_PRIOR)) && ((gSeqKeyPin>>SEQKEYPIN_DECAL_KEY) == key) && ((gSeqKeyPin&SEQKEYPIN_MASK_PIN) == 0) )?JSEC_OK:JSEC_FAIL;
				break;

		   case ACR_CHANNEL_GP:
				/* __x */
				res = JSEC_FAIL;
				break;

		   case ACR_PRIOR_PIN_AND_SM:
		   		#ifdef JAYA_BIOS_SM
				#else
				res = JSEC_FAIL;
				#endif
				break;

		   case ACR_PRIOR_PIN_OR_AUTH:
                res = ( ((gSeqVal&(SEQVAL_EXT_AUTH|SEQVAL_VERIFY_PRIOR))!=0x00) && ((gSeqKeyPin>>SEQKEYPIN_DECAL_KEY) == key) && ((gSeqKeyPin&SEQKEYPIN_MASK_PIN) == 0) )?JSEC_OK:JSEC_FAIL;
				break;

		   case ACR_ALWAYS:
				res = JSEC_OK;
				break;

	}
	gGlobalSem++;
	return res;
}

/* =========================================================================
	That's all folks !
   ========================================================================= */
#endif
/* JAYA_FILESYSTEM */