public override string ProcessMessage()
{
LMKPairs.LMKPair LMKKeyPair = LMKPairs.LMKPair.Null;
string var = "";
KeySchemeTable.KeyScheme ks = KeySchemeTable.KeyScheme.Unspecified;
HexKey.KeyLength kl = HexKey.KeyLength.SingleLength;
KeySchemeTable.KeyScheme zmkKS = KeySchemeTable.KeyScheme.Unspecified;
HexKey.KeyLength zmkKL;
string cryptKey = m_inStack.PopFromStack().ConsoleMessageProperty;
string cryptZMK = m_inStack.PopFromStack().ConsoleMessageProperty;
string keyScheme = m_inStack.PopFromStack().ConsoleMessageProperty;
string keyType = m_inStack.PopFromStack().ConsoleMessageProperty;
ExtractKeySchemeAndLength(cryptZMK, out zmkKL, out zmkKS);
ExtractKeySchemeAndLength(cryptKey, out kl, out ks);
ValidateKeyTypeCode(keyType, out LMKKeyPair, out var);
string clearZMK = Utility.DecryptZMKEncryptedUnderLMK(new HexKey(cryptZMK).ToString(), zmkKS, 0);
string clearKey = Utility.DecryptUnderLMK(new HexKey(cryptKey).ToString(), ks, LMKKeyPair, var);
string cryptUnderZMK = Utility.EncryptUnderZMK(clearZMK, new HexKey(clearKey).ToString(), KeySchemeTable.GetKeySchemeFromValue(keyScheme));
string chkVal = TripleDES.TripleDESEncrypt(new HexKey(clearKey), ZEROES);
return("Key encrypted under ZMK: " + MakeKeyPresentable(cryptUnderZMK) + System.Environment.NewLine +
"Key Check Value: " + MakeCheckValuePresentable(chkVal));
}
public AuthStateReqs(KeyFunction Func, LMKPairs.LMKPair LMKKeyPair, string Variant, AuthorizedStateRequirement Req)
{
this.Func = Func;
this.LMKKeyPair = LMKKeyPair;
this.var = Variant;
this.Requirement = Req;
}
private void GenerateTestKeyAndZMKKey(out HexKey k, LMKPairs.LMKPair kLMK, KeySchemeTable.KeyScheme kScheme, out HexKey ZMK, out string cryptZMK, out string cryptKey, out string cryptUnderZMK)
{
k = GetRandomKey(HexKey.KeyLength.DoubleLength);
ZMK = GetRandomKey(HexKey.KeyLength.DoubleLength);
cryptZMK = Utility.EncryptUnderLMK(ZMK.ToString(), KeySchemeTable.KeyScheme.DoubleLengthKeyVariant, LMKPairs.LMKPair.Pair04_05, "0");
cryptKey = Utility.EncryptUnderLMK(k.ToString(), kScheme, kLMK, "0");
cryptUnderZMK = Utility.EncryptUnderZMK(ZMK.ToString(), k.ToString(), kScheme);
}
public static string LMK(LMKPairs.LMKPair pair)
{
if (!UseOldLMKStorage)
{
return(_LMKs[Convert.ToInt32(pair)]);
}
else
{
return(_LMKsOld[Convert.ToInt32(pair)]);
}
}
public static string LMKVariant(LMKPairs.LMKPair pair, int v)
{
string s = LMK(pair);
if (v == 0)
{
return(s);
}
string var = Cryptography.LMK.Variants.VariantNbr(v).PadRight(32, '0');
return(Utility.XORHexStringsFull(s, var));
}
protected void ValidateKeySchemeAndLength(KeyTypeTable.KeyFunction func, LMKPairs.LMKPair Pair, string var)
{
KeyTypeTable.AuthorizedStateRequirement requirement = KeyTypeTable.GetAuthorizedStateRequirement(KeyTypeTable.KeyFunction.Generate, Pair, var);
if (requirement == KeyTypeTable.AuthorizedStateRequirement.NotAllowed)
{
throw new Exceptions.XFunctionNotPermitted("FUNCTION NOT PERMITTED");
}
else if ((requirement == KeyTypeTable.AuthorizedStateRequirement.NeedsAuthorizedState) && (Convert.ToBoolean(Resources.GetResource(Resources.AUTHORIZED_STATE)) == false))
{
throw new Exceptions.XNeedsAuthorizedState("NOT AUTHORIZED");
}
}
protected bool ValidateKeyTypeCode(string ktc, out LMKPairs.LMKPair Pair, ref string Var, ref ThalesCore.Message.MessageResponse MR)
{
Pair = LMKPairs.LMKPair.Null;
try
{
KeyTypeTable.ParseKeyTypeCode(ktc, out Pair, out Var);
return(true);
}
catch (ThalesCore.Exceptions.XInvalidKeyType ex)
{
MR.AddElement(ErrorCodes.ER_04_INVALID_KEY_TYPE_CODE);
return(false);
}
}
protected bool ValidateFunctionRequirement(KeyTypeTable.KeyFunction func, LMKPairs.LMKPair Pair, string var, ThalesCore.Message.MessageResponse MR)
{
KeyTypeTable.AuthorizedStateRequirement requirement = KeyTypeTable.GetAuthorizedStateRequirement(KeyTypeTable.KeyFunction.Generate, Pair, var);
if (requirement == KeyTypeTable.AuthorizedStateRequirement.NotAllowed)
{
MR.AddElement(ErrorCodes.ER_29_FUNCTION_NOT_PERMITTED);
return(false);
}
else if ((requirement == KeyTypeTable.AuthorizedStateRequirement.NeedsAuthorizedState) && (Convert.ToBoolean(Resources.GetResource(Resources.AUTHORIZED_STATE)) == false))
{
MR.AddElement(ErrorCodes.ER_17_HSM_IS_NOT_IN_THE_AUTHORIZED_STATE);
return(false);
}
else
{
return(true);
}
}
public static string DecryptUnderLMK(string encryptedKey, KeySchemeTable.KeyScheme Target_KeyScheme, LMKPairs.LMKPair LMKKeyPair, string variantNumber)
{
string result = "";
switch (Target_KeyScheme)
{
case KeySchemeTable.KeyScheme.SingleDESKey:
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.Unspecified:
result = TripleDES.TripleDESDecrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), encryptedKey);
break;
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = TripleDES.TripleDESDecryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), encryptedKey);
break;
default:
break;
}
switch (Target_KeyScheme)
{
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = KeySchemeTable.GetKeySchemeValue(Target_KeyScheme) + result;
break;
default:
break;
}
return(result);
}
public static string EncryptUnderLMK(string clearKey, KeySchemeTable.KeyScheme Target_KeyScheme, LMKPairs.LMKPair LMKKeyPair, string variantNumber)
{
string result = "";
switch (Target_KeyScheme)
{
case KeySchemeTable.KeyScheme.SingleDESKey:
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.Unspecified:
result = TripleDES.TripleDESEncrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), clearKey);
break;
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = TripleDES.TripleDESEncryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), clearKey);
break;
default:
//throw new InvalidOperationException("Invalid key scheme [" + Target_KeyScheme.ToString() + "]");
break;
}
switch (Target_KeyScheme)
{
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = KeySchemeTable.GetKeySchemeValue(Target_KeyScheme) + result;
break;
default:
break;
}
return(result);
}
public static void ParseKeyTypeCode(string keyTypeCode, out LMKPairs.LMKPair LMKKeyPair, out string Variant)
{
if ((keyTypeCode == null) || (keyTypeCode.Length != 3))
{
throw new Exceptions.XInvalidKeyType("Invalid key type");
}
string lmkpair;
string var;
var = keyTypeCode.Substring(0, 1);
lmkpair = keyTypeCode.Substring(1, 2);
try
{
if ((Convert.ToInt32(var) < 0) || (Convert.ToInt32(var) > 9))
{
throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")");
}
}
catch (Exception ex)
{
throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")");
}
Variant = var;
switch (lmkpair)
{
case "00":
LMKKeyPair = LMKPairs.LMKPair.Pair04_05;
break;
case "01":
LMKKeyPair = LMKPairs.LMKPair.Pair06_07;
break;
case "02":
LMKKeyPair = LMKPairs.LMKPair.Pair14_15;
break;
case "03":
LMKKeyPair = LMKPairs.LMKPair.Pair16_17;
break;
case "04":
LMKKeyPair = LMKPairs.LMKPair.Pair18_19;
break;
case "05":
LMKKeyPair = LMKPairs.LMKPair.Pair20_21;
break;
case "06":
LMKKeyPair = LMKPairs.LMKPair.Pair22_23;
break;
case "07":
LMKKeyPair = LMKPairs.LMKPair.Pair24_25;
break;
case "08":
LMKKeyPair = LMKPairs.LMKPair.Pair26_27;
break;
case "09":
LMKKeyPair = LMKPairs.LMKPair.Pair28_29;
break;
case "0A":
LMKKeyPair = LMKPairs.LMKPair.Pair30_31;
break;
case "0B":
LMKKeyPair = LMKPairs.LMKPair.Pair32_33;
break;
case "0C":
LMKKeyPair = LMKPairs.LMKPair.Pair34_35;
break;
case "0D":
LMKKeyPair = LMKPairs.LMKPair.Pair36_37;
break;
case "0E":
LMKKeyPair = LMKPairs.LMKPair.Pair38_39;
break;
default:
throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")");
}
}
public static AuthorizedStateRequirement GetAuthorizedStateRequirement(KeyFunction NeededFunction, LMKPairs.LMKPair LMKKeyPair, string Variant)
{
for (int i = 0; i < Reqs.GetUpperBound(0); i++)
{
if ((Reqs[i].Func == NeededFunction) && (Reqs[i].LMKKeyPair == LMKKeyPair) && (Reqs[i].var == Variant))
{
return(Reqs[i].Requirement);
}
}
return(AuthorizedStateRequirement.NotAllowed);
}
protected void ValidateKeyTypeCode(string ktc, out LMKPairs.LMKPair Pair, out string Var)
{
KeyTypeTable.ParseKeyTypeCode(ktc, out Pair, out Var);
}