some secure messaging and security environment infrastructure
git-svn-id: svn+ssh://localhost/home/henryk/svn/cyberflex-shell/trunk@136 f711b948-2313-0410-aaa9-d29f33439f0b
This commit is contained in:
parent
3f8d22e4d5
commit
8534043036
|
@ -2,6 +2,79 @@ import utils, TLV_utils
|
||||||
from iso_7816_4_card import *
|
from iso_7816_4_card import *
|
||||||
import building_blocks
|
import building_blocks
|
||||||
|
|
||||||
|
MODE_ECB = 0
|
||||||
|
MODE_CBC = 1
|
||||||
|
ALGO_IDEA = 0x1
|
||||||
|
ALGO_DES = 0x2
|
||||||
|
ALGO_DES3 = 0x3
|
||||||
|
|
||||||
|
class SE_Config:
|
||||||
|
def __init__(self, config = None, operation = "\xB4"):
|
||||||
|
self.algorithm = None
|
||||||
|
self.mode = MODE_ECB
|
||||||
|
self.keyref = 0
|
||||||
|
self.keytype = 0
|
||||||
|
self.iv = "\x00" * 8
|
||||||
|
if config is not None:
|
||||||
|
self.parse(config)
|
||||||
|
|
||||||
|
def parse(self, config):
|
||||||
|
structure = TLV_utils.unpack(config)
|
||||||
|
for tag, length, value in structure:
|
||||||
|
if tag == 0x80:
|
||||||
|
self.mode = ord(value[0]) & 1
|
||||||
|
algorithm = (ord(value[0]) >> 2) & 0x7
|
||||||
|
if algorithm not in (ALGO_DES, ALGO_DES3, ALGO_IDEA):
|
||||||
|
raise ValueError, "Malformed cipher algorithm (tag 0x80)"
|
||||||
|
self.algorithm = algorithm
|
||||||
|
elif tag in (0x83, 0x84):
|
||||||
|
self.keyref = ord(value)
|
||||||
|
self.keytype = tag
|
||||||
|
elif tag == 0x85:
|
||||||
|
self.iv = "\x00" * 8
|
||||||
|
elif tag == 0x87:
|
||||||
|
self.iv = value
|
||||||
|
elif tag == 0x88:
|
||||||
|
self.iv = None ## FIXME
|
||||||
|
else:
|
||||||
|
raise ValueError, "Malformed MSE parameters (tag 0x%02x)" % tag
|
||||||
|
|
||||||
|
class TCOS_Security_Environment(object):
|
||||||
|
def __init__(self, card):
|
||||||
|
self.keys = {}
|
||||||
|
self.card = card
|
||||||
|
self.last_c_apdu = None
|
||||||
|
self.last_r_apdu = None
|
||||||
|
self.mso = SE_Config()
|
||||||
|
self.se_apdu = SE_Config()
|
||||||
|
self.se_rapdu = SE_Config()
|
||||||
|
|
||||||
|
def before_send(self, apdu):
|
||||||
|
self.last_c_apdu = apdu
|
||||||
|
return apdu
|
||||||
|
|
||||||
|
def after_send(self, result):
|
||||||
|
self.last_r_apdu = result
|
||||||
|
if result.sw == self.card.SW_OK:
|
||||||
|
if (self.last_c_apdu.cla & 0xf0) == 0x00:
|
||||||
|
if self.last_c_apdu.ins == 0x22:
|
||||||
|
self.parse_mse(self.last_c_apdu)
|
||||||
|
return result
|
||||||
|
|
||||||
|
def parse_mse(self, apdu):
|
||||||
|
if apdu.p1 & 1 != 1:
|
||||||
|
return
|
||||||
|
|
||||||
|
if apdu.p1 & 0x10 == 0x10:
|
||||||
|
self.se_apdu = SE_Config(apdu.data, apdu.p2)
|
||||||
|
if apdu.p1 & 0x20 == 0x20:
|
||||||
|
self.se_rapdu = SE_Config(apdu.data, apdu.p2)
|
||||||
|
if apdu.p1 & 0xc0 == 0xc0:
|
||||||
|
self.se_pso = SE_Config(apdu.data, apdu.p2)
|
||||||
|
|
||||||
|
def set_key(self, keyref, keyvalue):
|
||||||
|
self.keys[keyref] = keyvalue
|
||||||
|
|
||||||
class TCOS_Card(ISO_7816_4_Card,building_blocks.Card_with_80_aa):
|
class TCOS_Card(ISO_7816_4_Card,building_blocks.Card_with_80_aa):
|
||||||
DRIVER_NAME = "TCOS"
|
DRIVER_NAME = "TCOS"
|
||||||
APDU_DELETE_FILE = C_APDU(cla=0x80,ins=0xe4)
|
APDU_DELETE_FILE = C_APDU(cla=0x80,ins=0xe4)
|
||||||
|
@ -194,6 +267,18 @@ class TCOS_Card(ISO_7816_4_Card,building_blocks.Card_with_80_aa):
|
||||||
|
|
||||||
return "\n".join(results)
|
return "\n".join(results)
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
ISO_7816_4_Card.__init__(self,*args,**kwargs)
|
||||||
|
self.cmd_clear_se()
|
||||||
|
|
||||||
|
def cmd_clear_se(self):
|
||||||
|
"Reset the host security environment"
|
||||||
|
self.se = TCOS_Security_Environment(self)
|
||||||
|
|
||||||
|
def cmd_set_key(self, ref, key, *args):
|
||||||
|
"Set a key in the host security environment"
|
||||||
|
self.se.set_key( int(ref,0), binascii.a2b_hex( "".join( (key + "".join(args)).split() ) ) )
|
||||||
|
|
||||||
def delete_file(self, fid):
|
def delete_file(self, fid):
|
||||||
result = self.send_apdu(
|
result = self.send_apdu(
|
||||||
C_APDU(self.APDU_DELETE_FILE, data = fid)
|
C_APDU(self.APDU_DELETE_FILE, data = fid)
|
||||||
|
@ -206,6 +291,12 @@ class TCOS_Card(ISO_7816_4_Card,building_blocks.Card_with_80_aa):
|
||||||
|
|
||||||
self.delete_file(fid)
|
self.delete_file(fid)
|
||||||
|
|
||||||
|
def before_send(self, apdu):
|
||||||
|
return self.se.before_send(apdu)
|
||||||
|
|
||||||
|
def after_send(self, result):
|
||||||
|
return self.se.after_send(result)
|
||||||
|
|
||||||
TLV_OBJECTS = {
|
TLV_OBJECTS = {
|
||||||
TLV_utils.context_FCP: {
|
TLV_utils.context_FCP: {
|
||||||
0x86: (decode_security_attributes, "Security attributes"),
|
0x86: (decode_security_attributes, "Security attributes"),
|
||||||
|
@ -219,5 +310,7 @@ class TCOS_Card(ISO_7816_4_Card,building_blocks.Card_with_80_aa):
|
||||||
"list_files": building_blocks.Card_with_80_aa.cmd_listfiles,
|
"list_files": building_blocks.Card_with_80_aa.cmd_listfiles,
|
||||||
"ls": building_blocks.Card_with_80_aa.cmd_list,
|
"ls": building_blocks.Card_with_80_aa.cmd_list,
|
||||||
"delete": cmd_delete,
|
"delete": cmd_delete,
|
||||||
|
"clear_se": cmd_clear_se,
|
||||||
|
"set_key": cmd_set_key,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue