Beispiel #1
0
        public override string ProcessMessage()
        {
            LMKPairs.LMKPair LMKKeyPair = LMKPairs.LMKPair.Null;
            string           var        = "";

            KeySchemeTable.KeyScheme ks    = KeySchemeTable.KeyScheme.Unspecified;
            HexKey.KeyLength         kl    = HexKey.KeyLength.SingleLength;
            KeySchemeTable.KeyScheme zmkKS = KeySchemeTable.KeyScheme.Unspecified;
            HexKey.KeyLength         zmkKL;

            string cryptKey  = m_inStack.PopFromStack().ConsoleMessageProperty;
            string cryptZMK  = m_inStack.PopFromStack().ConsoleMessageProperty;
            string keyScheme = m_inStack.PopFromStack().ConsoleMessageProperty;
            string keyType   = m_inStack.PopFromStack().ConsoleMessageProperty;

            ExtractKeySchemeAndLength(cryptZMK, out zmkKL, out zmkKS);
            ExtractKeySchemeAndLength(cryptKey, out kl, out ks);
            ValidateKeyTypeCode(keyType, out LMKKeyPair, out var);

            string clearZMK = Utility.DecryptZMKEncryptedUnderLMK(new HexKey(cryptZMK).ToString(), zmkKS, 0);
            string clearKey = Utility.DecryptUnderLMK(new HexKey(cryptKey).ToString(), ks, LMKKeyPair, var);

            string cryptUnderZMK = Utility.EncryptUnderZMK(clearZMK, new HexKey(clearKey).ToString(), KeySchemeTable.GetKeySchemeFromValue(keyScheme));
            string chkVal        = TripleDES.TripleDESEncrypt(new HexKey(clearKey), ZEROES);

            return("Key encrypted under ZMK: " + MakeKeyPresentable(cryptUnderZMK) + System.Environment.NewLine +
                   "Key Check Value: " + MakeCheckValuePresentable(chkVal));
        }
Beispiel #2
0
 public AuthStateReqs(KeyFunction Func, LMKPairs.LMKPair LMKKeyPair, string Variant, AuthorizedStateRequirement Req)
 {
     this.Func        = Func;
     this.LMKKeyPair  = LMKKeyPair;
     this.var         = Variant;
     this.Requirement = Req;
 }
Beispiel #3
0
 private void GenerateTestKeyAndZMKKey(out HexKey k, LMKPairs.LMKPair kLMK, KeySchemeTable.KeyScheme kScheme, out HexKey ZMK, out string cryptZMK, out string cryptKey, out string cryptUnderZMK)
 {
     k             = GetRandomKey(HexKey.KeyLength.DoubleLength);
     ZMK           = GetRandomKey(HexKey.KeyLength.DoubleLength);
     cryptZMK      = Utility.EncryptUnderLMK(ZMK.ToString(), KeySchemeTable.KeyScheme.DoubleLengthKeyVariant, LMKPairs.LMKPair.Pair04_05, "0");
     cryptKey      = Utility.EncryptUnderLMK(k.ToString(), kScheme, kLMK, "0");
     cryptUnderZMK = Utility.EncryptUnderZMK(ZMK.ToString(), k.ToString(), kScheme);
 }
Beispiel #4
0
 public static string LMK(LMKPairs.LMKPair pair)
 {
     if (!UseOldLMKStorage)
     {
         return(_LMKs[Convert.ToInt32(pair)]);
     }
     else
     {
         return(_LMKsOld[Convert.ToInt32(pair)]);
     }
 }
Beispiel #5
0
        public static string LMKVariant(LMKPairs.LMKPair pair, int v)
        {
            string s = LMK(pair);

            if (v == 0)
            {
                return(s);
            }
            string var = Cryptography.LMK.Variants.VariantNbr(v).PadRight(32, '0');

            return(Utility.XORHexStringsFull(s, var));
        }
 protected void ValidateKeySchemeAndLength(KeyTypeTable.KeyFunction func, LMKPairs.LMKPair Pair, string var)
 {
     KeyTypeTable.AuthorizedStateRequirement requirement = KeyTypeTable.GetAuthorizedStateRequirement(KeyTypeTable.KeyFunction.Generate, Pair, var);
     if (requirement == KeyTypeTable.AuthorizedStateRequirement.NotAllowed)
     {
         throw new Exceptions.XFunctionNotPermitted("FUNCTION NOT PERMITTED");
     }
     else if ((requirement == KeyTypeTable.AuthorizedStateRequirement.NeedsAuthorizedState) && (Convert.ToBoolean(Resources.GetResource(Resources.AUTHORIZED_STATE)) == false))
     {
         throw new Exceptions.XNeedsAuthorizedState("NOT AUTHORIZED");
     }
 }
Beispiel #7
0
 protected bool ValidateKeyTypeCode(string ktc, out LMKPairs.LMKPair Pair, ref string Var, ref ThalesCore.Message.MessageResponse MR)
 {
     Pair = LMKPairs.LMKPair.Null;
     try
     {
         KeyTypeTable.ParseKeyTypeCode(ktc, out Pair, out Var);
         return(true);
     }
     catch (ThalesCore.Exceptions.XInvalidKeyType ex)
     {
         MR.AddElement(ErrorCodes.ER_04_INVALID_KEY_TYPE_CODE);
         return(false);
     }
 }
Beispiel #8
0
 protected bool ValidateFunctionRequirement(KeyTypeTable.KeyFunction func, LMKPairs.LMKPair Pair, string var, ThalesCore.Message.MessageResponse MR)
 {
     KeyTypeTable.AuthorizedStateRequirement requirement = KeyTypeTable.GetAuthorizedStateRequirement(KeyTypeTable.KeyFunction.Generate, Pair, var);
     if (requirement == KeyTypeTable.AuthorizedStateRequirement.NotAllowed)
     {
         MR.AddElement(ErrorCodes.ER_29_FUNCTION_NOT_PERMITTED);
         return(false);
     }
     else if ((requirement == KeyTypeTable.AuthorizedStateRequirement.NeedsAuthorizedState) && (Convert.ToBoolean(Resources.GetResource(Resources.AUTHORIZED_STATE)) == false))
     {
         MR.AddElement(ErrorCodes.ER_17_HSM_IS_NOT_IN_THE_AUTHORIZED_STATE);
         return(false);
     }
     else
     {
         return(true);
     }
 }
Beispiel #9
0
        public static string DecryptUnderLMK(string encryptedKey, KeySchemeTable.KeyScheme Target_KeyScheme, LMKPairs.LMKPair LMKKeyPair, string variantNumber)
        {
            string result = "";

            switch (Target_KeyScheme)
            {
            case KeySchemeTable.KeyScheme.SingleDESKey:
            case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
            case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
            case KeySchemeTable.KeyScheme.Unspecified:
                result = TripleDES.TripleDESDecrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), encryptedKey);
                break;

            case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
            case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
                result = TripleDES.TripleDESDecryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), encryptedKey);
                break;

            default:
                break;
            }


            switch (Target_KeyScheme)
            {
            case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
            case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
            case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
            case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
                result = KeySchemeTable.GetKeySchemeValue(Target_KeyScheme) + result;
                break;

            default:
                break;
            }

            return(result);
        }
Beispiel #10
0
        public static string EncryptUnderLMK(string clearKey, KeySchemeTable.KeyScheme Target_KeyScheme, LMKPairs.LMKPair LMKKeyPair, string variantNumber)
        {
            string result = "";

            switch (Target_KeyScheme)
            {
            case KeySchemeTable.KeyScheme.SingleDESKey:
            case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
            case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
            case KeySchemeTable.KeyScheme.Unspecified:
                result = TripleDES.TripleDESEncrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), clearKey);
                break;

            case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
            case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
                result = TripleDES.TripleDESEncryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), clearKey);
                break;

            default:
                //throw new InvalidOperationException("Invalid key scheme [" + Target_KeyScheme.ToString() + "]");
                break;
            }

            switch (Target_KeyScheme)
            {
            case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
            case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
            case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
            case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
                result = KeySchemeTable.GetKeySchemeValue(Target_KeyScheme) + result;
                break;

            default:
                break;
            }
            return(result);
        }
Beispiel #11
0
        public static void ParseKeyTypeCode(string keyTypeCode, out LMKPairs.LMKPair LMKKeyPair, out string Variant)
        {
            if ((keyTypeCode == null) || (keyTypeCode.Length != 3))
            {
                throw new Exceptions.XInvalidKeyType("Invalid key type");
            }
            string lmkpair;
            string var;

            var = keyTypeCode.Substring(0, 1);

            lmkpair = keyTypeCode.Substring(1, 2);

            try
            {
                if ((Convert.ToInt32(var) < 0) || (Convert.ToInt32(var) > 9))
                {
                    throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")");
                }
            }
            catch (Exception ex)
            {
                throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")");
            }
            Variant = var;

            switch (lmkpair)
            {
            case "00":
                LMKKeyPair = LMKPairs.LMKPair.Pair04_05;
                break;

            case "01":
                LMKKeyPair = LMKPairs.LMKPair.Pair06_07;
                break;

            case "02":
                LMKKeyPair = LMKPairs.LMKPair.Pair14_15;
                break;

            case "03":
                LMKKeyPair = LMKPairs.LMKPair.Pair16_17;
                break;

            case "04":
                LMKKeyPair = LMKPairs.LMKPair.Pair18_19;
                break;

            case "05":
                LMKKeyPair = LMKPairs.LMKPair.Pair20_21;
                break;

            case "06":
                LMKKeyPair = LMKPairs.LMKPair.Pair22_23;
                break;

            case "07":
                LMKKeyPair = LMKPairs.LMKPair.Pair24_25;
                break;

            case "08":
                LMKKeyPair = LMKPairs.LMKPair.Pair26_27;
                break;

            case "09":
                LMKKeyPair = LMKPairs.LMKPair.Pair28_29;
                break;

            case "0A":
                LMKKeyPair = LMKPairs.LMKPair.Pair30_31;
                break;

            case "0B":
                LMKKeyPair = LMKPairs.LMKPair.Pair32_33;
                break;

            case "0C":
                LMKKeyPair = LMKPairs.LMKPair.Pair34_35;
                break;

            case "0D":
                LMKKeyPair = LMKPairs.LMKPair.Pair36_37;
                break;

            case "0E":
                LMKKeyPair = LMKPairs.LMKPair.Pair38_39;
                break;

            default:
                throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")");
            }
        }
Beispiel #12
0
        public static AuthorizedStateRequirement GetAuthorizedStateRequirement(KeyFunction NeededFunction, LMKPairs.LMKPair LMKKeyPair, string Variant)
        {
            for (int i = 0; i < Reqs.GetUpperBound(0); i++)
            {
                if ((Reqs[i].Func == NeededFunction) && (Reqs[i].LMKKeyPair == LMKKeyPair) && (Reqs[i].var == Variant))
                {
                    return(Reqs[i].Requirement);
                }
            }

            return(AuthorizedStateRequirement.NotAllowed);
        }
 protected void ValidateKeyTypeCode(string ktc, out LMKPairs.LMKPair Pair, out string Var)
 {
     KeyTypeTable.ParseKeyTypeCode(ktc, out Pair, out Var);
 }