public override string ProcessMessage() { LMKPairs.LMKPair LMKKeyPair = LMKPairs.LMKPair.Null; string var = ""; KeySchemeTable.KeyScheme ks = KeySchemeTable.KeyScheme.Unspecified; HexKey.KeyLength kl = HexKey.KeyLength.SingleLength; KeySchemeTable.KeyScheme zmkKS = KeySchemeTable.KeyScheme.Unspecified; HexKey.KeyLength zmkKL; string cryptKey = m_inStack.PopFromStack().ConsoleMessageProperty; string cryptZMK = m_inStack.PopFromStack().ConsoleMessageProperty; string keyScheme = m_inStack.PopFromStack().ConsoleMessageProperty; string keyType = m_inStack.PopFromStack().ConsoleMessageProperty; ExtractKeySchemeAndLength(cryptZMK, out zmkKL, out zmkKS); ExtractKeySchemeAndLength(cryptKey, out kl, out ks); ValidateKeyTypeCode(keyType, out LMKKeyPair, out var); string clearZMK = Utility.DecryptZMKEncryptedUnderLMK(new HexKey(cryptZMK).ToString(), zmkKS, 0); string clearKey = Utility.DecryptUnderLMK(new HexKey(cryptKey).ToString(), ks, LMKKeyPair, var); string cryptUnderZMK = Utility.EncryptUnderZMK(clearZMK, new HexKey(clearKey).ToString(), KeySchemeTable.GetKeySchemeFromValue(keyScheme)); string chkVal = TripleDES.TripleDESEncrypt(new HexKey(clearKey), ZEROES); return("Key encrypted under ZMK: " + MakeKeyPresentable(cryptUnderZMK) + System.Environment.NewLine + "Key Check Value: " + MakeCheckValuePresentable(chkVal)); }
public AuthStateReqs(KeyFunction Func, LMKPairs.LMKPair LMKKeyPair, string Variant, AuthorizedStateRequirement Req) { this.Func = Func; this.LMKKeyPair = LMKKeyPair; this.var = Variant; this.Requirement = Req; }
private void GenerateTestKeyAndZMKKey(out HexKey k, LMKPairs.LMKPair kLMK, KeySchemeTable.KeyScheme kScheme, out HexKey ZMK, out string cryptZMK, out string cryptKey, out string cryptUnderZMK) { k = GetRandomKey(HexKey.KeyLength.DoubleLength); ZMK = GetRandomKey(HexKey.KeyLength.DoubleLength); cryptZMK = Utility.EncryptUnderLMK(ZMK.ToString(), KeySchemeTable.KeyScheme.DoubleLengthKeyVariant, LMKPairs.LMKPair.Pair04_05, "0"); cryptKey = Utility.EncryptUnderLMK(k.ToString(), kScheme, kLMK, "0"); cryptUnderZMK = Utility.EncryptUnderZMK(ZMK.ToString(), k.ToString(), kScheme); }
public static string LMK(LMKPairs.LMKPair pair) { if (!UseOldLMKStorage) { return(_LMKs[Convert.ToInt32(pair)]); } else { return(_LMKsOld[Convert.ToInt32(pair)]); } }
public static string LMKVariant(LMKPairs.LMKPair pair, int v) { string s = LMK(pair); if (v == 0) { return(s); } string var = Cryptography.LMK.Variants.VariantNbr(v).PadRight(32, '0'); return(Utility.XORHexStringsFull(s, var)); }
protected void ValidateKeySchemeAndLength(KeyTypeTable.KeyFunction func, LMKPairs.LMKPair Pair, string var) { KeyTypeTable.AuthorizedStateRequirement requirement = KeyTypeTable.GetAuthorizedStateRequirement(KeyTypeTable.KeyFunction.Generate, Pair, var); if (requirement == KeyTypeTable.AuthorizedStateRequirement.NotAllowed) { throw new Exceptions.XFunctionNotPermitted("FUNCTION NOT PERMITTED"); } else if ((requirement == KeyTypeTable.AuthorizedStateRequirement.NeedsAuthorizedState) && (Convert.ToBoolean(Resources.GetResource(Resources.AUTHORIZED_STATE)) == false)) { throw new Exceptions.XNeedsAuthorizedState("NOT AUTHORIZED"); } }
protected bool ValidateKeyTypeCode(string ktc, out LMKPairs.LMKPair Pair, ref string Var, ref ThalesCore.Message.MessageResponse MR) { Pair = LMKPairs.LMKPair.Null; try { KeyTypeTable.ParseKeyTypeCode(ktc, out Pair, out Var); return(true); } catch (ThalesCore.Exceptions.XInvalidKeyType ex) { MR.AddElement(ErrorCodes.ER_04_INVALID_KEY_TYPE_CODE); return(false); } }
protected bool ValidateFunctionRequirement(KeyTypeTable.KeyFunction func, LMKPairs.LMKPair Pair, string var, ThalesCore.Message.MessageResponse MR) { KeyTypeTable.AuthorizedStateRequirement requirement = KeyTypeTable.GetAuthorizedStateRequirement(KeyTypeTable.KeyFunction.Generate, Pair, var); if (requirement == KeyTypeTable.AuthorizedStateRequirement.NotAllowed) { MR.AddElement(ErrorCodes.ER_29_FUNCTION_NOT_PERMITTED); return(false); } else if ((requirement == KeyTypeTable.AuthorizedStateRequirement.NeedsAuthorizedState) && (Convert.ToBoolean(Resources.GetResource(Resources.AUTHORIZED_STATE)) == false)) { MR.AddElement(ErrorCodes.ER_17_HSM_IS_NOT_IN_THE_AUTHORIZED_STATE); return(false); } else { return(true); } }
public static string DecryptUnderLMK(string encryptedKey, KeySchemeTable.KeyScheme Target_KeyScheme, LMKPairs.LMKPair LMKKeyPair, string variantNumber) { string result = ""; switch (Target_KeyScheme) { case KeySchemeTable.KeyScheme.SingleDESKey: case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi: case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi: case KeySchemeTable.KeyScheme.Unspecified: result = TripleDES.TripleDESDecrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), encryptedKey); break; case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant: case KeySchemeTable.KeyScheme.TripleLengthKeyVariant: result = TripleDES.TripleDESDecryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), encryptedKey); break; default: break; } switch (Target_KeyScheme) { case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi: case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant: case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi: case KeySchemeTable.KeyScheme.TripleLengthKeyVariant: result = KeySchemeTable.GetKeySchemeValue(Target_KeyScheme) + result; break; default: break; } return(result); }
public static string EncryptUnderLMK(string clearKey, KeySchemeTable.KeyScheme Target_KeyScheme, LMKPairs.LMKPair LMKKeyPair, string variantNumber) { string result = ""; switch (Target_KeyScheme) { case KeySchemeTable.KeyScheme.SingleDESKey: case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi: case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi: case KeySchemeTable.KeyScheme.Unspecified: result = TripleDES.TripleDESEncrypt(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), clearKey); break; case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant: case KeySchemeTable.KeyScheme.TripleLengthKeyVariant: result = TripleDES.TripleDESEncryptVariant(new HexKey(Cryptography.LMK.LMKStorage.LMKVariant(LMKKeyPair, Convert.ToInt32(variantNumber))), clearKey); break; default: //throw new InvalidOperationException("Invalid key scheme [" + Target_KeyScheme.ToString() + "]"); break; } switch (Target_KeyScheme) { case KeySchemeTable.KeyScheme.DoubleLengthKeyAnsi: case KeySchemeTable.KeyScheme.DoubleLengthKeyVariant: case KeySchemeTable.KeyScheme.TripleLengthKeyAnsi: case KeySchemeTable.KeyScheme.TripleLengthKeyVariant: result = KeySchemeTable.GetKeySchemeValue(Target_KeyScheme) + result; break; default: break; } return(result); }
public static void ParseKeyTypeCode(string keyTypeCode, out LMKPairs.LMKPair LMKKeyPair, out string Variant) { if ((keyTypeCode == null) || (keyTypeCode.Length != 3)) { throw new Exceptions.XInvalidKeyType("Invalid key type"); } string lmkpair; string var; var = keyTypeCode.Substring(0, 1); lmkpair = keyTypeCode.Substring(1, 2); try { if ((Convert.ToInt32(var) < 0) || (Convert.ToInt32(var) > 9)) { throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")"); } } catch (Exception ex) { throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")"); } Variant = var; switch (lmkpair) { case "00": LMKKeyPair = LMKPairs.LMKPair.Pair04_05; break; case "01": LMKKeyPair = LMKPairs.LMKPair.Pair06_07; break; case "02": LMKKeyPair = LMKPairs.LMKPair.Pair14_15; break; case "03": LMKKeyPair = LMKPairs.LMKPair.Pair16_17; break; case "04": LMKKeyPair = LMKPairs.LMKPair.Pair18_19; break; case "05": LMKKeyPair = LMKPairs.LMKPair.Pair20_21; break; case "06": LMKKeyPair = LMKPairs.LMKPair.Pair22_23; break; case "07": LMKKeyPair = LMKPairs.LMKPair.Pair24_25; break; case "08": LMKKeyPair = LMKPairs.LMKPair.Pair26_27; break; case "09": LMKKeyPair = LMKPairs.LMKPair.Pair28_29; break; case "0A": LMKKeyPair = LMKPairs.LMKPair.Pair30_31; break; case "0B": LMKKeyPair = LMKPairs.LMKPair.Pair32_33; break; case "0C": LMKKeyPair = LMKPairs.LMKPair.Pair34_35; break; case "0D": LMKKeyPair = LMKPairs.LMKPair.Pair36_37; break; case "0E": LMKKeyPair = LMKPairs.LMKPair.Pair38_39; break; default: throw new Exceptions.XInvalidKeyType("Invalid Variant in key type (" + var + ")"); } }
public static AuthorizedStateRequirement GetAuthorizedStateRequirement(KeyFunction NeededFunction, LMKPairs.LMKPair LMKKeyPair, string Variant) { for (int i = 0; i < Reqs.GetUpperBound(0); i++) { if ((Reqs[i].Func == NeededFunction) && (Reqs[i].LMKKeyPair == LMKKeyPair) && (Reqs[i].var == Variant)) { return(Reqs[i].Requirement); } } return(AuthorizedStateRequirement.NotAllowed); }
protected void ValidateKeyTypeCode(string ktc, out LMKPairs.LMKPair Pair, out string Var) { KeyTypeTable.ParseKeyTypeCode(ktc, out Pair, out Var); }