output which data is encrypted
git-svn-id: svn+ssh://localhost/home/henryk/svn/cyberflex-shell/trunk@145 f711b948-2313-0410-aaa9-d29f33439f0b
This commit is contained in:
parent
f45e4df652
commit
ed4230a5cc
|
@ -100,6 +100,10 @@ class TCOS_Security_Environment(object):
|
||||||
|
|
||||||
def encrypt_command(self, tlv_data):
|
def encrypt_command(self, tlv_data):
|
||||||
config = self.get_config(SE_APDU, TEMPLATE_CT)
|
config = self.get_config(SE_APDU, TEMPLATE_CT)
|
||||||
|
|
||||||
|
if config.algorithm is None: ## FIXME: Find out the correct way to determine this
|
||||||
|
return tlv_data
|
||||||
|
|
||||||
result = []
|
result = []
|
||||||
for data in tlv_data:
|
for data in tlv_data:
|
||||||
tag, length, value, marks = data
|
tag, length, value, marks = data
|
||||||
|
@ -107,21 +111,33 @@ class TCOS_Security_Environment(object):
|
||||||
t = tag & ~(0x01)
|
t = tag & ~(0x01)
|
||||||
if t == 0x84:
|
if t == 0x84:
|
||||||
value_ = self.pad(value)
|
value_ = self.pad(value)
|
||||||
|
print "| Tag 0x%02x, length 0x%02x, encrypting (with ISO padding): " % (tag, length)
|
||||||
|
print "|| " + "\n|| ".join( utils.hexdump( value_ ).splitlines() )
|
||||||
|
|
||||||
value = crypto_utils.cipher( True,
|
value = crypto_utils.cipher( True,
|
||||||
self.get_cipherspec(config),
|
self.get_cipherspec(config),
|
||||||
self.get_key(config),
|
self.get_key(config),
|
||||||
value_,
|
value_,
|
||||||
self.get_iv(config) )
|
self.get_iv(config) )
|
||||||
|
|
||||||
|
print "| Encrypted result of length 0x%02x:" % len(value)
|
||||||
|
print "|| " + "\n|| ".join( utils.hexdump(value).splitlines() )
|
||||||
|
print
|
||||||
elif t == 0x86:
|
elif t == 0x86:
|
||||||
pi = value[0]
|
pi = value[0]
|
||||||
value_ = self.pad(value[1:], ord(pi))
|
value_ = self.pad(value[1:], ord(pi))
|
||||||
|
print "| Tag 0x%02x, length 0x%02x, encrypting (with padding type %x): " % (tag, length, ord(pi))
|
||||||
|
print "|| " + "\n|| ".join( utils.hexdump( value_ ).splitlines() )
|
||||||
|
|
||||||
value = pi + crypto_utils.cipher( True,
|
value = pi + crypto_utils.cipher( True,
|
||||||
self.get_cipherspec(config),
|
self.get_cipherspec(config),
|
||||||
self.get_key(config),
|
self.get_key(config),
|
||||||
value_,
|
value_,
|
||||||
self.get_iv(config) )
|
self.get_iv(config) )
|
||||||
|
|
||||||
|
print "| Encrypted result of length 0x%02x:" % len(value)
|
||||||
|
print "|| " + "\n|| ".join( utils.hexdump(value).splitlines() )
|
||||||
|
print
|
||||||
|
|
||||||
result.append( (tag, length, value) )
|
result.append( (tag, length, value) )
|
||||||
else: # Ignore
|
else: # Ignore
|
||||||
|
@ -132,34 +148,60 @@ class TCOS_Security_Environment(object):
|
||||||
def authenticate_command(self, apdu, tlv_data):
|
def authenticate_command(self, apdu, tlv_data):
|
||||||
# FIXME: This method does not work correctly when there are 00 or ff fill bytes in the TLV stream
|
# FIXME: This method does not work correctly when there are 00 or ff fill bytes in the TLV stream
|
||||||
config = self.get_config(SE_APDU, TEMPLATE_CCT)
|
config = self.get_config(SE_APDU, TEMPLATE_CCT)
|
||||||
buffer = ""
|
|
||||||
|
if config.algorithm is None: ## FIXME: Find out the correct way to determine this
|
||||||
|
return tlv_data
|
||||||
|
|
||||||
|
print_buffer = False
|
||||||
|
for data in tlv_data:
|
||||||
|
if data[0] == 0x8E:
|
||||||
|
print_buffer = True
|
||||||
|
print "| Calculating cryptographic checksum:"
|
||||||
|
|
||||||
|
def do_block(buffer, block):
|
||||||
|
block = self.pad(block, pi = PI_ISO)
|
||||||
|
offset = sum( [len(b) for b in buffer] )
|
||||||
|
buffer.append(block)
|
||||||
|
if print_buffer:
|
||||||
|
print "|| " + "\n|| ".join( utils.hexdump( block, offset = offset ).splitlines() )
|
||||||
|
|
||||||
|
buffer = []
|
||||||
if apdu.cla & 0x0c == 0x0c:
|
if apdu.cla & 0x0c == 0x0c:
|
||||||
buffer = apdu.render()[:4]
|
block = apdu.render()[:4]
|
||||||
buffer = self.pad(buffer, pi = PI_ISO)
|
do_block(buffer, block)
|
||||||
|
|
||||||
need_pad = False
|
need_pad = False
|
||||||
|
|
||||||
|
block = ""
|
||||||
for data in tlv_data:
|
for data in tlv_data:
|
||||||
tag, length, value = data[:3]
|
tag, length, value = data[:3]
|
||||||
if tag & 0x01 == 0x01 or tag not in range(0x80, 0xbf+1):
|
if tag & 0x01 == 0x01 or tag not in range(0x80, 0xbf+1):
|
||||||
value_ = TLV_utils.pack( (data, ), recalculate_length=True )
|
value_ = TLV_utils.pack( (data, ), recalculate_length=True )
|
||||||
|
|
||||||
buffer = buffer + value_
|
block = block + value_
|
||||||
need_pad = True
|
need_pad = True
|
||||||
else:
|
else:
|
||||||
if need_pad:
|
if need_pad:
|
||||||
buffer = self.pad(buffer, pi = PI_ISO)
|
do_block(buffer, block)
|
||||||
|
block = ""
|
||||||
need_pad = False
|
need_pad = False
|
||||||
|
|
||||||
if need_pad:
|
if need_pad:
|
||||||
buffer = self.pad(buffer, pi = PI_ISO)
|
do_block(buffer, block)
|
||||||
|
block = ""
|
||||||
need_pad = False
|
need_pad = False
|
||||||
|
|
||||||
cct = crypto_utils.cipher( True,
|
cct = crypto_utils.cipher( True,
|
||||||
self.get_cipherspec(config),
|
self.get_cipherspec(config),
|
||||||
self.get_key(config),
|
self.get_key(config),
|
||||||
buffer,
|
"".join(buffer),
|
||||||
self.get_iv(config) )[-8:]
|
self.get_iv(config) )[-8:]
|
||||||
|
|
||||||
|
if print_buffer:
|
||||||
|
print "| Result (Tag 0x8e, length: 0x%02x):" % len(cct)
|
||||||
|
print "|| " + "\n|| ".join( utils.hexdump( cct ).splitlines() )
|
||||||
|
print
|
||||||
|
|
||||||
result = []
|
result = []
|
||||||
for data in tlv_data:
|
for data in tlv_data:
|
||||||
if data[0] == 0x8E:
|
if data[0] == 0x8E:
|
||||||
|
@ -169,6 +211,7 @@ class TCOS_Security_Environment(object):
|
||||||
data = tuple(data)
|
data = tuple(data)
|
||||||
result.append( data )
|
result.append( data )
|
||||||
|
|
||||||
|
|
||||||
return result
|
return result
|
||||||
|
|
||||||
def get_cipherspec(self, config):
|
def get_cipherspec(self, config):
|
||||||
|
|
Loading…
Reference in New Issue