objkey.c

一个免费的SMART CARD OS系统。

/* ============================================================================
   Project Name : jayaCard
   Module Name  : proto/bios/odata/objkey.c
   Version : $Id: objkey.c,v 1.9 2004/04/23 20:29:15 dgil Exp $

	Description: ISO7816-4 BIOS HELPER FUNCTIONS for KEY

		__bios_load_keyfile()
			load a keyfile from the EEPROM

		__calculate_LRC_of_currentkey()		[private]
			as the name said ...

		__bios_lookup_key()
 			lookup and load a key, updating crypto context

		__bios_reset_key()
			reset the attemp counter, reset the crypto context

		__bios_change_key()
			change or append a key, updating also crypto context


    The Original Code is jayaCard code.

    The Initial Developer of the Original Code is Gilles Dumortier.

	Portions created by the Initial Developer are Copyright (C) 2002-2004 the
    Initial Developer. All Rights Reserved.

    Contributor(s):

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; see http://www.gnu.org/licenses/gpl.html

   History Rev	Description
   100503 dgil	wrote it from scratch
   ============================================================================
*/

#include "precomp.h"

/* ============================================================================
	__bios_load_keyfile()

    algo:
        lookup the FID_KEYS file in the current DF and place it on current EF
        make some access condition checks
   ========================================================================= */

void __bios_load_keyfile(jword fid)
{
	LOCAL(jbyte,res);

	/* lookup the KEYs file */
    FS_LOOKUP_FID(fid,LOOKUP_MODE_EF_ONLY);
    if (lasterr!=NOERR) return;

	/* check the key(s) file : binary content + internal file */
	if ((current_EF.fdesc&(FDESC_TYPE_MASK|FDESC_INTERNAL_EF))!=(FDESC_TYPE_BINARY|FDESC_INTERNAL_EF)) {
		BIOS_SETERR(ERR_INVALID_FILE_TYPE);
        return;
	}

	/* check this is a keyfile ! */
	if ((current_EF.sfi&FDESC2_MASK)!=FDESC2_KEYS) {
 		BIOS_SETERR(ERR_INVALID_FILE_TYPE);
        return;
	}

	/* check the access conditions of EF_KEYS */
	gGlobalSem = JSEC_FAIL;

    res = FS_CHECK_AC(ACC_CHECK_EF|ACC_USE);
	gGlobalSem++;

	if (res != JSEC_OK) {
		BIOS_SETERR(ERR_ACCESS_DENIED);
        return;
	}

	if (gGlobalSem!=JSEC_SEM) {
		LOG("ATTACK","__bios_load_keyfile() #1 - check security failure !");
		BIOS_SETERR(ERR_ACCESS_DENIED);
		HAL_HALT();
		return;
	}
}

/* ============================================================================
 	__calculate_LRC_of_currentkey()		[private]

	calculate LRC for the currentkey
   ========================================================================= */

jbyte	__calculate_LRC_of_currentkey(void)
{
	LOCAL(jbyte,lrc);

	/* start with an internal value not zero */
	lrc = 0xAA;

	/* LRC the fields */
	lrc += refdata_algo;
	lrc += currentkey_attributes;
    lrc += currentkey_counter;
	lrc += currentkey_number;
	lrc += r.bBlock[JAYA_BCRYPTO_KEYCRC];
	lrc += r.bBlock[JAYA_BCRYPTO_KEYCRC+1];

	LOG1("KEY","__calculate_LRC_of_currentkey(): %.2X",lrc);

	return lrc;
}

/* ============================================================================
	__bios_reset_key()

	reset the current key :
		- reset the attempt counter
		- update the LRC
		- update in memory
		- conditionaly reset the context

   ========================================================================= */

void __bios_reset_key(jbool bResetTheContext)
{
	if ( (currentkey_type == KEY_TYPE_NOKEY) || ( (currentkey_type != KEY_TYPE_MSKPSK) && (currentkey_type != KEY_TYPE_KEYFILE) )) {
		LOG1("KEY","__bios_reset_key() invalid currentkey type : 0x%.2X",currentkey_type);
		HAL_HALT();
		return;
	}

    /* re-init the counter if necessary */
    if ((currentkey_attributes&KEY_MASK_MANAGECOUNTER)!=0) {
        if (refdata_algo == REFDATA_ALGO_PASSWORD) {
            if ( (currentkey_attributes&KEY_ATTRIBUTE_PUK) == KEY_ATTRIBUTE_PUK) {
                currentkey_counter = JAYACFG_SUBMITUNBLOCK_MAX;
            } else {
                currentkey_counter = JAYACFG_SUBMITPASSWORD_MAX;
            }
        } else {
            if ( (currentkey_attributes&KEY_ATTRIBUTE_MASTER) == KEY_ATTRIBUTE_MASTER) {
                currentkey_counter = JAYACFG_SUBMITUNBLOCK_MAX;
            } else {
                currentkey_counter = JAYACFG_SUBMITKEY_MAX;
            }
        }

        if (currentkey_type == KEY_TYPE_KEYFILE) {
            /* update LRC */
            currentkey_lrc = __calculate_LRC_of_currentkey();

            /* wrote the information */
            HAL_EEPROM_WRITE_BYTE(currentkey_addr+KEY_INDEX_ATTEMPT,currentkey_counter);
            HAL_EEPROM_WRITE_BYTE(currentkey_addr+KEY_INDEX_LRC,currentkey_lrc);

        } else {
            HAL_EEPROM_WRITE_BYTE(ADDR_MSK_ATTEMPT,currentkey_counter);
        }
        LOG3("KEY","__bios_reset_key() reset %d currentkey_counter to %d (attr=%.2X)",currentkey_number,currentkey_counter,currentkey_attributes);
    } else {
        LOG3("KEY","__bios_reset_key() do not touch %d currentkey_counter (%d) (attr=%.2X)",currentkey_number,currentkey_counter,currentkey_attributes);
    }

	/* reset the cryptographic context if requested */
	if (bResetTheContext) {
		BIOS_RESET_CONTEXT(lasterr);
	}
}

/* ============================================================================
	__load_current_key_header()

		load the header of the current key (after a TLV seek) into the global
 		variables currentkey_*.
   ========================================================================= */

void __load_current_key_header(void)
{
	currentkey_addr = current_tlv_val;

	/* load information about the current key */
	refdata_algo = HAL_EEPROM_READ_BYTE(currentkey_addr+KEY_INDEX_ALGO);
    currentkey_counter = HAL_EEPROM_READ_BYTE(currentkey_addr+KEY_INDEX_ATTEMPT);
	currentkey_number = HAL_EEPROM_READ_BYTE(currentkey_addr+KEY_INDEX_NUMBER);
	currentkey_attributes = HAL_EEPROM_READ_BYTE(currentkey_addr+KEY_INDEX_ATTRIBUTES);

	/* force locked attribut (just to be sure ...) */
	if (currentkey_counter == 0x00) currentkey_attributes |= KEY_ATTRIBUTE_LOCKED;

    LOG4("KEY","__load_current_key_header(): addr=%.4X num=%d counter=%d attributes=%.2X ...",
		currentkey_addr,
		currentkey_number,
		currentkey_counter,
		currentkey_attributes
		);
}

/* ============================================================================
	__bios_lookup_key()

	byUsage : to check the key is usable for the requested usage.
    byKeyNum : to request a specific key

    Warning: this function change the current EF !

	Algo:
        - Lookup for a key file given the byUsage/byKeyNum parameter
 			- INIT/PERSO : load the MSK/PSK from EEPROM
 			- APPLI : lookup Key in EF_KEYS file from the current selected DF.
		- Then increment the attempt counter
		- Then load the key from EEPROM for usage

	Key Format (APPLI):
		BYTE 0	:	key algorithm (see refdata_algo) or pincode
        BYTE 1  :   attempt counter
		BYTE 2	:	key number
		BYTE 3	:	attributes (see KEY_ATTRIBUTE_x below)
		BYTE 4	:	LRC of bytes 0,1,2 and CRC
		BYTE 5/6:	CRC of the key
		BYTE 7..n:	n-6 bytes of the key : use CIPHER_ALGO_KEYMASK for keysize

	Internal EF_KEY Format is TLV :
		{ T=TAG_KEYFORMAT L=? V=KeyFormat } x numOfKeys

	Security: internally use BIOS_LOADKEY_FROM_EEPROM() which is very secure

	Note1: in case of error, the cryptographic context is resetted.
	Note2: this function can be used to lookup pincode
   ========================================================================= */

void __bios_lookup_key(jword fid,jbyte byUsage,jbyte byKeyNum)
{
    #ifdef JAYA_FILESYSTEM
    if ( ((tag_life==LIFE_INIT) || (tag_life==LIFE_PERSO)) && (byKeyNum==KEY_NUMBER_ANY) ) {
    #else
    if ((tag_life==LIFE_INIT) || (tag_life==LIFE_PERSO) || (tag_life==LIFE_APPLI)) {
    #endif
        LOG("KEY","Lookup PSK/MSK Key");
        /* note: if no filesystem -> only MSK/PSK usable  */

		gGlobalSem = JSEC_OK;

		/* use MSK/PSK from ADDR_MSK in EEPROM */
		currentkey_type = KEY_TYPE_MSKPSK;

		/* PSK / MSK can be user for authentication, secure messaging and key change */
        currentkey_attributes = KEY_ATTRIBUTE_EAUTH | KEY_ATTRIBUTE_CIPHER | KEY_ATTRIBUTE_MASTER;
        currentkey_counter = HAL_EEPROM_READ_BYTE(ADDR_MSK_ATTEMPT);
		currentkey_number = KEY_NUMBER_INITIAL;
		gGlobalSem++;

		/* force locked attribut (just to be sure ...) */
		if (currentkey_counter == 0x00) currentkey_attributes |= KEY_ATTRIBUTE_LOCKED;

		/* check key usage */
		if ( (currentkey_counter == 0x00) || (currentkey_attributes&KEY_ATTRIBUTE_LOCKED) == KEY_ATTRIBUTE_LOCKED) {
			BIOS_RESET_CONTEXT(ERR_KEY_LOCKED);
			return;
		}
		gGlobalSem--;

		/* update the attempt counter NOW */
		currentkey_counter--;
        LOG1("KEY","__bios_lookup_key() change MSK/PSK currentkey_counter to %d",currentkey_counter);

        HAL_EEPROM_WRITE_BYTE(ADDR_MSK_ATTEMPT,currentkey_counter);