protected string DecryptUnderZMK(string clearZMK, string cryptData, KeySchemeTable.KeyScheme ZMK_KeyScheme, string AtallaVariant)
{
string result = "";
clearZMK = Utility.TransformUsingAtallaVariant(clearZMK, AtallaVariant);
switch (ZMK_KeyScheme)
{
case KeySchemeTable.KeyScheme.SingleDESKey:
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.Unspecified:
result = ThalesCore.Cryptography.TripleDES.TripleDESDecrypt(new ThalesCore.Cryptography.HexKey(clearZMK), cryptData);
break;
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = ThalesCore.Cryptography.TripleDES.TripleDESDecryptVariant(new ThalesCore.Cryptography.HexKey(clearZMK), cryptData);
break;
}
switch (ZMK_KeyScheme)
{
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = KeySchemeTable.GetKeySchemeValue(ZMK_KeyScheme) + result;
break;
}
return(result);
}
public override string ProcessMessage()
{
LMKPairs.LMKPair LMKKeyPair = LMKPairs.LMKPair.Null;
string var = "";
KeySchemeTable.KeyScheme ks = KeySchemeTable.KeyScheme.Unspecified;
HexKey.KeyLength kl = HexKey.KeyLength.SingleLength;
KeySchemeTable.KeyScheme zmkKS = KeySchemeTable.KeyScheme.Unspecified;
HexKey.KeyLength zmkKL;
string cryptKey = m_inStack.PopFromStack().ConsoleMessageProperty;
string cryptZMK = m_inStack.PopFromStack().ConsoleMessageProperty;
string keyScheme = m_inStack.PopFromStack().ConsoleMessageProperty;
string keyType = m_inStack.PopFromStack().ConsoleMessageProperty;
ExtractKeySchemeAndLength(cryptZMK, out zmkKL, out zmkKS);
ExtractKeySchemeAndLength(cryptKey, out kl, out ks);
ValidateKeyTypeCode(keyType, out LMKKeyPair, out var);
string clearZMK = Utility.DecryptZMKEncryptedUnderLMK(new HexKey(cryptZMK).ToString(), zmkKS, 0);
string clearKey = Utility.DecryptUnderLMK(new HexKey(cryptKey).ToString(), ks, LMKKeyPair, var);
string cryptUnderZMK = Utility.EncryptUnderZMK(clearZMK, new HexKey(clearKey).ToString(), KeySchemeTable.GetKeySchemeFromValue(keyScheme));
string chkVal = TripleDES.TripleDESEncrypt(new HexKey(clearKey), ZEROES);
return("Key encrypted under ZMK: " + MakeKeyPresentable(cryptUnderZMK) + System.Environment.NewLine +
"Key Check Value: " + MakeCheckValuePresentable(chkVal));
}
private void GenerateTestKeyAndZMKKey(out HexKey k, LMKPairs.LMKPair kLMK, KeySchemeTable.KeyScheme kScheme, out HexKey ZMK, out string cryptZMK, out string cryptKey, out string cryptUnderZMK)
{
k = GetRandomKey(HexKey.KeyLength.DoubleLength);
ZMK = GetRandomKey(HexKey.KeyLength.DoubleLength);
cryptZMK = Utility.EncryptUnderLMK(ZMK.ToString(), KeySchemeTable.KeyScheme.DoubleLengthKeyVariant, LMKPairs.LMKPair.Pair04_05, "0");
cryptKey = Utility.EncryptUnderLMK(k.ToString(), kScheme, kLMK, "0");
cryptUnderZMK = Utility.EncryptUnderZMK(ZMK.ToString(), k.ToString(), kScheme);
}
protected bool ValidateKeySchemeCode(string ksc, ref KeySchemeTable.KeyScheme KS, ref ThalesCore.Message.MessageResponse MR)
{
try
{
KS = KeySchemeTable.GetKeySchemeFromValue(ksc);
return(true);
}
catch (ThalesCore.Exceptions.XInvalidKeyType ex)
{
MR.AddElement(ErrorCodes.ER_26_INVALID_KEY_SCHEME);
return(false);
}
}
protected void ValidateKeySchemeAndLength(string keyLen, string keyScheme, out KeySchemeTable.KeyScheme ks)
{
switch (keyLen)
{
case "1":
ks = KeySchemeTable.KeyScheme.SingleDESKey;
if (keyScheme != "0")
{
throw new Exceptions.XInvalidKeyScheme("INVALID KEY SCHEME FOR KEY LENGTH");
}
break;
case "2":
switch (keyScheme)
{
case "U":
ks = KeySchemeTable.KeyScheme.DoubleLengthKeyVariant;
break;
case "X":
ks = KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi;
break;
default:
throw new Exceptions.XInvalidKeyScheme("INVALID KEY SCHEME FOR KEY LENGTH");
}
break;
case "3":
switch (keyScheme)
{
case "Y":
ks = KeySchemeTable.KeyScheme.TripleLengthKeyAnsi;
break;
case "T":
ks = KeySchemeTable.KeyScheme.TripleLengthKeyVariant;
break;
default:
throw new Exceptions.XInvalidKeyScheme("INVALID KEY SCHEME FOR KEY LENGTH");
}
break;
default:
throw new Exceptions.XInvalidKeyScheme("INVALID KEY SCHEME FOR KEY LENGTH");
}
}
public static string DecryptZMKEncryptedUnderLMK(string encryptedZMK, KeySchemeTable.KeyScheme ks, int var)
{
switch (ks)
{
case KeySchemeTable.KeyScheme.SingleDESKey:
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
return(TripleDES.TripleDESDecrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKPairs.LMKPair.Pair04_05, var)), encryptedZMK));
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
return(TripleDES.TripleDESDecryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKPairs.LMKPair.Pair04_05, var)), encryptedZMK));
default:
throw new InvalidOperationException("Invalid key scheme [" + ks.ToString() + "]");
}
}
public static string CreateRandomKey(KeySchemeTable.KeyScheme ks)
{
switch (ks)
{
case KeySchemeTable.KeyScheme.SingleDESKey:
return(Utility.RandomKey(true, Utility.ParityCheck.OddParity));
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
return(Utility.MakeParity(Utility.RandomKey(false, Utility.ParityCheck.OddParity) + Utility.RandomKey(false, Utility.ParityCheck.OddParity), Utility.ParityCheck.OddParity));
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
return(Utility.MakeParity(Utility.RandomKey(false, Utility.ParityCheck.OddParity) + Utility.RandomKey(false, Utility.ParityCheck.OddParity) + Utility.RandomKey(false, Utility.ParityCheck.OddParity), Utility.ParityCheck.OddParity));
default:
throw new InvalidOperationException("Invalid key scheme [" + ks.ToString() + "]");
}
}
public static string EncryptUnderZMK(string clearZMK, string clearData, KeySchemeTable.KeyScheme ZMK_KeyScheme, string AtallaVariant)
{
string result = "";
clearZMK = Utility.TransformUsingAtallaVariant(clearZMK, AtallaVariant);
switch (ZMK_KeyScheme)
{
case KeySchemeTable.KeyScheme.SingleDESKey:
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.Unspecified:
result = TripleDES.TripleDESEncrypt(new HexKey(clearZMK), clearData);
break;
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = TripleDES.TripleDESEncryptVariant(new HexKey(clearZMK), clearData);
break;
default:
break;
}
switch (ZMK_KeyScheme)
{
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = KeySchemeTable.GetKeySchemeValue(ZMK_KeyScheme) + result;
break;
default:
break;
}
return(result);
}
public static string DecryptUnderLMK(string encryptedKey, KeySchemeTable.KeyScheme Target_KeyScheme, LMKPairs.LMKPair LMKKeyPair, string variantNumber)
{
string result = "";
switch (Target_KeyScheme)
{
case KeySchemeTable.KeyScheme.SingleDESKey:
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.Unspecified:
result = TripleDES.TripleDESDecrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), encryptedKey);
break;
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = TripleDES.TripleDESDecryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), encryptedKey);
break;
default:
break;
}
switch (Target_KeyScheme)
{
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = KeySchemeTable.GetKeySchemeValue(Target_KeyScheme) + result;
break;
default:
break;
}
return(result);
}
public static string EncryptUnderLMK(string clearKey, KeySchemeTable.KeyScheme Target_KeyScheme, LMKPairs.LMKPair LMKKeyPair, string variantNumber)
{
string result = "";
switch (Target_KeyScheme)
{
case KeySchemeTable.KeyScheme.SingleDESKey:
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.Unspecified:
result = TripleDES.TripleDESEncrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), clearKey);
break;
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = TripleDES.TripleDESEncryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), clearKey);
break;
default:
//throw new InvalidOperationException("Invalid key scheme [" + Target_KeyScheme.ToString() + "]");
break;
}
switch (Target_KeyScheme)
{
case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant:
case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi:
case KeySchemeTable.KeyScheme.TripleLengthKeyVariant:
result = KeySchemeTable.GetKeySchemeValue(Target_KeyScheme) + result;
break;
default:
break;
}
return(result);
}
public static string EncryptUnderZMK(string clearZMK, string clearData, KeySchemeTable.KeyScheme ZMK_KeyScheme)
{
return(EncryptUnderZMK(clearZMK, clearData, ZMK_KeyScheme, String.Empty));
}
public HexKey(string key)
{
if ((key == null) || (key == ""))
{
throw new Exceptions.XInvalidKey("Invalid key data: " + key);
}
if ((key.Length == 17) || (key.Length == 33) || (key.Length == 49))
{
_scheme = KeySchemeTable.GetKeySchemeFromValue(key.Substring(0, 1));
if ((_scheme != KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi) &&
(_scheme != KeySchemeTable.KeyScheme.DoubleLengthKeyVariant) &&
(_scheme != KeySchemeTable.KeyScheme.SingleDESKey) &&
(_scheme != KeySchemeTable.KeyScheme.TripleLengthKeyAnsi) &&
(_scheme != KeySchemeTable.KeyScheme.TripleLengthKeyVariant))
{
throw new Exceptions.XInvalidKeyScheme("Invalid key scheme " + key.Substring(0, 1));
}
else
{
key = key.Substring(1);
}
}
else
{
if (key.Length == 16)
{
_scheme = KeySchemeTable.KeyScheme.SingleDESKey;
}
else if (key.Length == 32)
{
_scheme = KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi;
}
else
{
_scheme = KeySchemeTable.KeyScheme.TripleLengthKeyAnsi;
}
}
if (Utility.IsHexString(key) == false)
{
throw new Exceptions.XInvalidKey("Invalid key data: " + key);
}
if (key.Length == 16)
{
_partA = key;
_partB = key;
_partC = key;
_keyLength = KeyLength.SingleLength;
}
else if (key.Length == 32)
{
_partA = key.Substring(0, 16);
_partB = key.Substring(16);
_partC = _partA;
_keyLength = KeyLength.DoubleLength;
}
else if (key.Length == 48)
{
_partA = key.Substring(0, 16);
_partB = key.Substring(16, 16);
_partC = key.Substring(32);
_keyLength = KeyLength.TripleLength;
}
else
{
throw new Exceptions.XInvalidKey("Invalid key length: " + key);
}
}
protected void ValidateKeySchemeCode(string ksc, KeySchemeTable.KeyScheme KS)
{
KS = KeySchemeTable.GetKeySchemeFromValue(ksc);
}
protected string DecryptUnderZMK(string clearZMK, string cryptData, KeySchemeTable.KeyScheme ZMK_KeyScheme)
{
return(DecryptUnderZMK(clearZMK, cryptData, ZMK_KeyScheme, String.Empty));
}
public override MessageResponse ConstructResponse()
{
MessageResponse mr = new MessageResponse();
LMKPairs.LMKPair LMKKeyPair;
string var = "";
KeySchemeTable.KeyScheme ks = KeySchemeTable.KeyScheme.Unspecified;
KeySchemeTable.KeyScheme zmk_ks = KeySchemeTable.KeyScheme.Unspecified;
if (!ValidateKeyTypeCode(_keyType, out LMKKeyPair, ref var, ref mr))
{
return(mr);
}
if (!ValidateKeySchemeCode(_keyScheme, ref ks, ref mr))
{
return(mr);
}
if (_zmkScheme != "")
{
if (!ValidateKeySchemeCode(_zmkScheme, ref zmk_ks, ref mr))
{
return(mr);
}
}
if (!ValidateFunctionRequirement(KeyTypeTable.KeyFunction.Generate, LMKKeyPair, var, mr))
{
return(mr);
}
string rndKey = Utility.CreateRandomKey(ks);
string cryptRndKey = Utility.EncryptUnderLMK(rndKey, ks, LMKKeyPair, var);
string chkVal = TripleDES.TripleDESEncrypt(new HexKey(rndKey), Constants.ZEROES);
Log.Logger.MinorInfo("Key generated (clear): " + rndKey);
Log.Logger.MinorInfo("Key generated (LMK): " + cryptRndKey);
Log.Logger.MinorInfo("Check value: " + chkVal.Substring(0, 6));
string clearZMK;
string cryptUnderZMK = "";
if (_zmk != "")
{
HexKey cryptZMK = new HexKey(_zmk);
clearZMK = Utility.DecryptZMKEncryptedUnderLMK(cryptZMK.ToString(), cryptZMK.Scheme, 0);
if (!Utility.IsParityOK(clearZMK, Utility.ParityCheck.OddParity))
{
mr.AddElement(ErrorCodes.ER_10_SOURCE_KEY_PARITY_ERROR);
return(mr);
}
cryptUnderZMK = Utility.EncryptUnderZMK(clearZMK, rndKey, zmk_ks);
Log.Logger.MinorInfo("ZMK (clear): " + clearZMK);
Log.Logger.MinorInfo("Key under ZMK: " + cryptUnderZMK);
}
mr.AddElement(ErrorCodes.ER_00_NO_ERROR);
mr.AddElement(cryptRndKey);
mr.AddElement(cryptUnderZMK);
mr.AddElement(chkVal.Substring(0, 6));
return(mr);
}
protected void ExtractKeySchemeAndLength(string key, out Cryptography.HexKey.KeyLength keyLen, out KeySchemeTable.KeyScheme keyScheme)
{
HexKey hk = new HexKey(key);
keyLen = hk.KeyLen;
keyScheme = hk.Scheme;
}
protected void ValidateKeySchemeAndLength(HexKey.KeyLength keyLen, string keyScheme, KeySchemeTable.KeyScheme ks)
{
switch (keyLen)
{
case HexKey.KeyLength.SingleLength:
ValidateKeySchemeAndLength("1", keyScheme, out ks);
break;
case HexKey.KeyLength.DoubleLength:
ValidateKeySchemeAndLength("2", keyScheme, out ks);
break;
case HexKey.KeyLength.TripleLength:
ValidateKeySchemeAndLength("3", keyScheme, out ks);
break;
default:
throw new Exceptions.XInvalidKeyScheme("INVALID KEY SCHEME FOR KEY LENGTH");
}
}
