1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
/* --- BEGIN COPYRIGHT BLOCK ---
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation;
* version 2.1 of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA
*
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* --- END COPYRIGHT BLOCK ---
*/
#ifndef SECURE_CHANNEL_H
#define SECURE_CHANNEL_H
#ifdef HAVE_CONFIG_H
#ifndef AUTOTOOLS_CONFIG_H
#define AUTOTOOLS_CONFIG_H
/* Eliminate warnings when using Autotools */
#undef PACKAGE_BUGREPORT
#undef PACKAGE_NAME
#undef PACKAGE_STRING
#undef PACKAGE_TARNAME
#undef PACKAGE_VERSION
#include <config.h>
#endif /* AUTOTOOLS_CONFIG_H */
#endif /* HAVE_CONFIG_H */
#include "pk11func.h"
#include "main/Buffer.h"
#include "main/RA_Session.h"
#include "apdu/APDU.h"
#include "apdu/APDU_Response.h"
#include "channel/Channel.h"
enum SecurityLevel {
SECURE_MSG_ANY = 0,
SECURE_MSG_MAC = 1,
SECURE_MSG_NONE = 2, // not yet supported
SECURE_MSG_MAC_ENC = 3
} ;
enum TokenKeyType {
KEY_TYPE_ENCRYPTION = 0,
KEY_TYPE_SIGNING = 1,
KEY_TYPE_SIGNING_AND_ENCRYPTION = 2
};
class Secure_Channel : public Channel
{
public:
Secure_Channel(
RA_Session *session,
PK11SymKey *session_key,
PK11SymKey *enc_session_key,
char *drm_des_key_s,
char *kek_des_key_s,
char *keycheck_s,
Buffer &key_diversification_data,
Buffer &key_info_data,
Buffer &card_challenge,
Buffer &card_cryptogram,
Buffer &host_challenge,
Buffer &host_cryptogram);
~Secure_Channel();
public:
Buffer &GetKeyDiversificationData();
Buffer &GetKeyInfoData();
Buffer &GetCardChallenge();
Buffer &GetCardCryptogram();
Buffer &GetHostChallenge();
Buffer &GetHostCryptogram();
SecurityLevel GetSecurityLevel();
void SetSecurityLevel(SecurityLevel level);
char *getDrmWrappedDESKey();
char *getKekWrappedDESKey();
char *getKeycheck();
public:
int ImportKeyEnc(BYTE priv_key_number, BYTE pub_key_number, Buffer* data);
int ImportKey(BYTE key_number);
int CreatePin(BYTE pin_number, BYTE max_retries, const char *pin);
int ExternalAuthenticate();
int SetIssuerInfo(Buffer *info);
Buffer GetIssuerInfo();
int ResetPin(BYTE pin_number, char *pin);
int IsPinPresent(BYTE pin_number);
int SetLifecycleState(BYTE flag);
int StartEnrollment(BYTE p1, BYTE p2, Buffer *wrapped_challenge,
Buffer *key_check,
BYTE alg, int keysize, BYTE option);
int ReadBuffer(BYTE *buf, int buf_len);
int CreateObject(BYTE *object_id, BYTE* permissions, int len);
int WriteObject(BYTE *objid, BYTE *buf, int buf_len);
Buffer *ReadObject(BYTE *objid, int offset, int len);
int PutKeys(RA_Session *session, BYTE key_version,
BYTE key_index, Buffer *key_data);
int LoadFile(RA_Session *session, BYTE refControl, BYTE blockNum,
Buffer *data);
int InstallApplet(RA_Session *session,
Buffer &packageAID, Buffer &appletAID,
BYTE appPrivileges, unsigned int instanceSize, unsigned int appletMemorySize);
int InstallLoad(RA_Session *session,
Buffer& packageAID, Buffer& sdAID, unsigned int fileLen);
int DeleteFileX(RA_Session *session, Buffer *aid);
int Close();
public:
int CreateObject(BYTE *objid, BYTE *perms, Buffer *obj);
int CreateCertificate(const char *id, Buffer *cert);
Buffer CreatePKCS11CertAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid);
int CreatePKCS11CertAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid);
Buffer CreatePKCS11PriKeyAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid,
Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
int CreatePKCS11PriKeyAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid,
Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
Buffer CreatePKCS11PubKeyAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid,
Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
int CreatePKCS11PubKeyAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid,
Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
APDU_Response *SendTokenAPU(APDU *apdu);
public:
Buffer *ComputeAPDUMac(APDU *apdu);
int ComputeAPDU(APDU *apdu);
private:
PK11SymKey *m_session_key;
PK11SymKey *m_enc_session_key;
char *m_drm_wrapped_des_key_s;
char *m_kek_wrapped_des_key_s;
char *m_keycheck_s;
RA_Session *m_session;
Buffer m_icv;
Buffer m_cryptogram;
Buffer m_key_diversification_data;
Buffer m_key_info_data;
Buffer m_card_challenge;
Buffer m_card_cryptogram;
Buffer m_host_challenge;
Buffer m_host_cryptogram;
SecurityLevel m_security_level;
};
#endif /* SECURE_CHANNEL_H */
|
