-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsecurechannel.c
More file actions
132 lines (114 loc) · 4.74 KB
/
securechannel.c
File metadata and controls
132 lines (114 loc) · 4.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/*
============================
= saada.benamar@gmail.com =
= plug-up international =
============================
*/
#include "securechannel.h"
//for log
FILE *flog;
char vtime[30]="";
//
int openSecureChannel(hid_device *plug_up,char* keysetId, char *div_key, char* c_macKey, char* c_mac, char *s_dekKey){
int retvalue=0,
ccc;
char s_hostChallenge[8*2+1] = "",
d_initializeUpdateApdu[SIZE_BYTES_APDU*2+1] = "",
externalAuthenticateApdu[SIZE_BYTES_APDU*2+1]= "",
s_init_up_data[SIZE_BYTES_APDU_REP_DATA*2+1]="",
computedCardCryptogram[8*2+1]="",
s_encKey[16*2+1] = "",
//c_macKey[16*2+1] = "",
tmp_diversifier[18*2+1]="",
hostCryptogram[8*2+1] = "",
//c_mac[8*2+1] = "",
externalAuthenticateApdu_mac[SIZE_BYTES_APDU*2+1]="",
*counter = "",
*cardChallenge = "",
*returnedCardCryptogram = "",
*diversifier="",
sw[2*2+1]="",
s_ext_auth_data[SIZE_BYTES_APDU_REP_DATA*2+1]="";
unsigned char hostChallenge[8];
//generate host challenge
generateChallenge(hostChallenge,8);
bytesToString(hostChallenge,8,s_hostChallenge);
//get plug-up serial number to use its 16-first-bytes as diversifier
exchangeApdu(plug_up, "80e6000012",tmp_diversifier,sw);
if(!strcmp(sw,"9000")){
diversifier=str_sub(tmp_diversifier,0,31);
}
else{
//printf("\nopenSecureChannel() error : can not retreive plug-up SN. exchangeApdu() returned %s",sw);
printTime(vtime);
flog = fopen(LOG_FILE_NAME,"a");
fprintf(flog,"%s\nopenSecureChannel() error : can not retreive plug-up SN. exchangeApdu() returned %s\n",vtime,sw);
fclose(flog);
return retvalue;
}
//diversified initialize update creation & sending
diversifiedInitializeUpdate(keysetId, s_hostChallenge,diversifier, d_initializeUpdateApdu);
exchangeApdu(plug_up, d_initializeUpdateApdu,s_init_up_data,sw);
//get data from initialize update response
if(!strcmp(sw,"9000")){
counter = str_sub(s_init_up_data, 24, 27);
cardChallenge = str_sub(s_init_up_data, 28, 39);
returnedCardCryptogram = str_sub(s_init_up_data, 40, 56);
}
else{
//log - output sw meaning
//printf("\nopenSecureChannel() error : initialize update returned %s",sw);
printTime(vtime);
flog = fopen(LOG_FILE_NAME,"a");
fprintf(flog,"%s\nopenSecureChannel() error : initialize update returned %s\n",vtime,sw);
fclose(flog);
//exit(EXIT_FAILURE);
return retvalue;
}
//compute session dek key and return it in parameters. In case of need it will be used. (to form "put key" command for example)
computeSessionKey(counter,"0181", div_key, s_dekKey);
//compute session enc key
computeSessionKey(counter,"0182",div_key,s_encKey);
//compute card cryptogram
computeCardCryptogram(s_hostChallenge,cardChallenge,counter,s_encKey,computedCardCryptogram);
//check card cryptogram
ccc = checkCardCryptogram(returnedCardCryptogram,computedCardCryptogram);
if(ccc!=SUCCESS){
//printf("\nopenSecureChannel() error : Card Cryptogram verification failed !");
printTime(vtime);
flog = fopen(LOG_FILE_NAME,"a");
fprintf(flog,"%s\nopenSecureChannel() error : Card Cryptogram verification failed !\n",vtime);
fclose(flog);
//exit(EXIT_FAILURE);
return retvalue;
}
else{
//compute data that an external authenticate apdu needs
computeHostCryptogram(s_hostChallenge, cardChallenge, counter, s_encKey, hostCryptogram);
computeSessionKey(counter, "0101", div_key, c_macKey);
externalAuthenticate(SECURITY_LEVEL, hostCryptogram,externalAuthenticateApdu);
macedCommand(externalAuthenticateApdu,c_macKey,"",c_mac,externalAuthenticateApdu_mac);
//send external authenticate
exchangeApdu(plug_up, externalAuthenticateApdu_mac, s_ext_auth_data, sw);
//get data from external authenticate response
if(!strcmp(sw,"9000")){
//printf("\nopenSecureChannel() success : SC opened !");
printTime(vtime);
flog = fopen(LOG_FILE_NAME,"a");
fprintf(flog,"%s\nopenSecureChannel() success : SC opened !\n",vtime);
fclose(flog);
retvalue=1;
}
else{
//output sw meaning
//printf("\nopenSecureChannel() : external authenticate returned %s",sw);
printTime(vtime);
flog = fopen(LOG_FILE_NAME,"a");
fprintf(flog,"%s\nopenSecureChannel() : external authenticate returned %s\n",vtime,sw);
fclose(flog);
//exit(EXIT_FAILURE);
return retvalue;
}
}
return retvalue;
}