// --------------------------------------------------------------------------- // Name: actISCardOS.h // Product: cv act library // Purpose: The class ISCardOS accesses the card operating system // // Copyright: (c) 2002 cv cryptovision GmbH // all rights reserved // Licence: The conditions for the use of this software are regulated // in the cv act library licence agreement. // // Autor: Dr. Xiangdong Wang (XWG) // Date: 03/21/2002 // --------------------------------------------------------------------------- #ifndef ACT_ISCardOS_h #define ACT_ISCardOS_h #include "actBlob.h" #include "actTokenBase.h" #include "actITokenPIN.h" #include "actITokenConfig.h" #include "actITokenInitializer.h" #include "actIRefCounted.h" #include "actIAccessCondition.h" namespace act { class IKey; class IEMSAAlg; class ITokenFile; class ISCardAccess; class ISCardOSBehavior; class IKeyDerivation; class EFDIR; const FIDType FID_EF_DIR = 0x2F00; const FIDType FID_EF_ATR = 0x2F01; // // ISO 7816-4 enum SCardFileType { BINARY = 0x01, LINEAR_FIXED = 0x02, LINEAR_TLV = 0x05, LINEAR_VARIABLE = 0x04, CYCLIC_FIXED = 0x06, DF = 0x38 }; // // ISO 7816-4 enum SCardRecordMode { ABSOLUTE_MODE = 0x04 }; // // ISO 7816-4 enum SCardSelectType { MFType = 0x00, DFType = 0x01, EFType = 0x02, AIDType = 0x04, PathType = 0x08 }; enum SCardSelectMode { FCI = 0x00, // FCI template FCP = 0x04, // FCP template FMD = 0x08, // FMD template NoData = 0x0c, // No response data }; enum SCardError { SCARD_SUCCESS = 0, SCARD_FUNCTION_NOT_SUPPORTED = -1, SCARD_FUNCTION_FAILED = -2 }; // // ISCardOS class ISCardOS : public IRefCounted , public IAcConverter { public: virtual ~ISCardOS() { } // ISCardOS virtual ISCardOS* Clone() const = 0; virtual bool IsMoC() = 0; virtual const char* GetName() const = 0; virtual Blob GetSerialNumber() const = 0; // hardware serial number virtual Blob GetCardId(unsigned short fid_card_id) = 0; virtual Blob GetCardCF(unsigned short fid_card_cf) = 0; virtual ISCardAccess* GetAccess() const = 0; virtual Blob ComputeDigitalSignature(const Blob& data, int mode = SIGN_DATA) = 0; virtual Blob ComputeDigitalSignature(IEMSAAlg* emsa, int mode = SIGN_DATA) = 0; virtual Blob Encipher(const Blob& plaintext) = 0; virtual Blob Decipher(const Blob& encrypted_data) = 0; virtual Blob AgreeKey(const Blob& pubkey) = 0; virtual void ComputeECDigitalSignature(const Blob& data, Blob& signature) = 0; virtual Blob SelectFile(const int filetype, const char* filepath) = 0; // return file control information virtual Blob SelectFile(const int filetype, const Blob& filepath) = 0; // return file control information virtual Blob SelectFile(const int filetype, FIDType fid) = 0; // return file control information virtual Blob SelectApp(const Blob& aid, SCardSelectMode mode = NoData) = 0; // EF.DIR virtual EFDIR* GetEFDIR(ushort fid = FID_INVALID) = 0; virtual int GetEFSize(FIDType fid) = 0; virtual int GetEFSize(const Blob& filepath, Blob& fci) = 0; virtual void GetFCI(FIDType fid, Blob& fci) = 0; virtual Blob GetFCIValue(const Blob& fci, const byte tag) = 0; virtual byte GetFileInfo(const Blob& fc_data, unsigned short& ef_size, size_t& num_of_records) = 0; // select and read binary virtual Blob ReadBinary(const char* filepath) = 0; virtual Blob ReadBinary(const Blob& filepath) = 0; virtual Blob ReadBinary(FIDType fid) = 0; // read/update binary, file is selected, file size is known virtual Blob ReadSelectedBinary(size_t file_size, unsigned short offset = 0) = 0; virtual void UpdateSelectedBinary(const Blob& data, unsigned short offset = 0) = 0; // select and update binary virtual void UpdateBinary(const Blob& filepath, const Blob& data, unsigned short offset = 0) = 0; virtual void UpdateBinary(FIDType fid, const Blob& data, unsigned short offset = 0) = 0; // read binary with XL-APDUs virtual Blob ReadBinaryX(const char* filepath) = 0; virtual Blob ReadBinaryX(const Blob& filepath) = 0; virtual Blob ReadBinaryX(FIDType fid) = 0; virtual Blob ReadSelectedBinaryX(size_t file_size, unsigned short offset = 0) = 0; // update binary with XL-APDUs virtual void UpdateBinaryX(const Blob& filepath, const Blob& data, unsigned short offset = 0) = 0; virtual void UpdateBinaryX(FIDType fid, const Blob& data, unsigned short offset = 0) = 0; virtual void UpdateSelectedBinaryX(const Blob& data, unsigned short offset = 0) = 0; // record read/write (file must be selected) virtual Blob ReadRecord(byte mode) = 0; // p2 virtual Blob ReadRecord(byte rec_id, byte mode) = 0; // p1, p2 virtual void UpdateRecord(const Blob& data, byte rec_id, byte mode) = 0; // data, p1, p2 virtual void AppendRecord(const Blob& data, byte ef_id = 0) = 0; // data, p2 // record write (includes file selection and resize) virtual void UpdateRecord(const Blob& filepath, const Blob& data, byte rec_id, byte mode) = 0; virtual void AppendRecord(const Blob& filepath, const Blob& data) = 0; virtual void DeleteEF(const Blob& fid) = 0; virtual void DeleteEF(FIDType fid) = 0; virtual void CreateEF(const Blob& fcp) = 0; virtual void CreateEF(const Blob& fid, unsigned short len, bool secure = false) = 0; virtual void CreateEF(FIDType fid, unsigned short len, bool secure = false) = 0; virtual void CreateEF_TLV(FIDType fid, unsigned short len, unsigned short num_of_records = 1) = 0; virtual void CreateEF_TLV(const Blob& fid, unsigned short len, unsigned short num_of_records = 1) = 0; virtual unsigned short GetOSFileOffset() const = 0; // get/put dat virtual Blob GetData(ushort tag, ushort le = 0) const = 0; // INS=CA virtual void PutData(ushort tag, const Blob& data) = 0; // INS=DA // MSE/PSO functions virtual void ManageSecurityEnvironment(byte p1, byte p2, const Blob& data = Blob()) = 0; virtual void PerformSecurityOperation(Blob& response, byte p1, byte p2, const Blob& data, bool chaining = false) = 0; virtual void PerformSecurityOperationX(Blob& response, byte p1, byte p2, const Blob& data) = 0; // explicit extended APDU // ISO authentication functions virtual void ExternalAuthenticate(byte key_id, const Blob& response, bool odd_INS = false) = 0; // INS=82/83, P1=00, P2=key_id virtual Blob InternalAuthenticate(byte key_id, const Blob& challenge, bool odd_INS = false) = 0; // INS=88/89, P1=00, P2=key_id virtual Blob MutualAuthenticate(byte key_id, const Blob& auth_data, bool odd_INS = false) = 0; // INS=82/83, P1=00, P2=key_id virtual Blob GeneralAuthenticate(byte key_id, const Blob& auth_data, bool chaining = false, bool odd_INS = false) = 0; // INS=86/87, P1=00, P2=key_id virtual void ResetRetryCounter(byte p1, byte p2, const Blob& data) = 0; virtual void Verify(byte p1, byte p2, const Blob& data, bool odd_INS = false) = 0; // INS=20/21 // random functions virtual Blob GetChallenge(byte le = byte(8)) const = 0; virtual Blob GetRandom(const unsigned long count) const = 0; // token type / config virtual ProfileType GetProfileType(bool refresh = false) = 0; virtual void SetTokenConfig(ITokenConfig* tkcfg) = 0; virtual ITokenConfig* GetTokenConfig() const = 0; // set/get behavior virtual void SetBehavior(ISCardOSBehavior* behave) = 0; virtual ISCardOSBehavior* GetBehavior() = 0; // access rights virtual void SetAccessRights(const Blob& access_rights) = 0; virtual void SetAccessRights(move_from access_rights) = 0; virtual void SetExplicitRights(IAccessCondition* ac, size_t ac_cnt = 1) = 0; virtual bool HasExplicitRights() const = 0; virtual Blob GetAccessRights() = 0; virtual IAccessCondition* GetAccessRights(const Blob& fci) = 0; virtual Blob GetAccessRights(ACSCardObjType ac_obj_type, bool tagged) const = 0; // selected path virtual void SetSelectedPath(ITokenFile* selected_path) const = 0; virtual ITokenFile* GetSelectedPath() const = 0; // key derivation virtual void SetKeyDerivation(IKeyDerivation* key_derivation) = 0; virtual IKeyDerivation* GetKeyDerivation() const = 0; // key handling virtual void GenerateRSAKeyPair(int key_id, size_t key_size, // in bits Blob& pubkey) = 0; virtual void ImportRSAKeyPair(int key_id, const Blob& prime_p, const Blob& prime_q, const Blob& priv_exp, Blob& pubkey) = 0; virtual void GenerateECKeyPair(Blob& pubkey) = 0; virtual void GenerateECKeyPair(int key_id, const Blob& curve_oid, const Blob& curve_param, Blob& pubkey) = 0; virtual void ImportECKeyPair(int key_nr, const Blob& curve_oid, const Blob& curve_param, const Blob& privkey, const Blob& pubkey) = 0; virtual void ImportDESKey(int key_id, const Blob& keyblob) = 0; virtual void DeletePrivateKeyObj(FIDType fid) = 0; virtual void DeleteECPrivateKeyObj(FIDType fid) = 0; virtual void DeleteBlockCipherKeyObj(FIDType fid) = 0; virtual void SelectKey(int key_id) = 0; // authentication functions virtual Blob ComputeResponse(const Blob& auth_key, const Blob& challenge) const = 0; virtual void UpdateExternalAuthenticateKey(byte key_id, const Blob& auth_key) = 0; virtual void ResetSecurityStatus() = 0; virtual SecStatus GetSecurityStatus(byte obj_ref, Blob& context) const = 0; // token initialization virtual void SetDefaultLabel(move_from label) = 0; virtual ITokenInitializer* GetTokenInitializer() = 0; }; } // namespace act #endif // ACT_ISCardOS_h