Support encrypted SAM Manager Template and implements ResolveKeyLink …

…for such Key Store
leosac · Oct 18, 2023 · aafaa4b · aafaa4b
1 parent 7d150f3
commit aafaa4b
Show file tree

Hide file tree

Showing 5 changed files with 92 additions and 7 deletions.
diff --git a/KeyManager.Library.KeyStore.NXP_SAM.UI/ISLOG/ISLOGKeyStorePropertiesControl.xaml b/KeyManager.Library.KeyStore.NXP_SAM.UI/ISLOG/ISLOGKeyStorePropertiesControl.xaml
@@ -16,6 +16,7 @@
  <Grid>
  <Grid.RowDefinitions>
  <RowDefinition />
+ <RowDefinition />
  </Grid.RowDefinitions>
  <Grid.ColumnDefinitions>
  <ColumnDefinition Width="*" />
@@ -34,5 +35,28 @@
  </TextBox.Text>
  </TextBox>
  <Button Grid.Row="0" Grid.Column="1" x:Name="btnBrowse" Content="{x:Static properties:Resources.Browse}" HorizontalAlignment="Left" Margin="5,5,5,5" VerticalAlignment="Top" Command="{Binding BrowseCommand}"/>
+ <DockPanel Grid.Row="1" Grid.ColumnSpan="2">
+ <StackPanel DockPanel.Dock="Right">
+ <ToggleButton IsChecked="{Binding Properties.StoreSecret, Mode=TwoWay}"
+ Style="{StaticResource MaterialDesignSwitchToggleButton}"
+ ToolTip="{x:Static properties:Resources.StoreSecret}"
+ Width="35" Margin="2">
+ <materialDesign:PackIcon Kind="ContentSave" RenderTransformOrigin=".5,.5">
+ <materialDesign:PackIcon.RenderTransform>
+ <RotateTransform Angle="45" />
+ </materialDesign:PackIcon.RenderTransform>
+ </materialDesign:PackIcon>
+ <materialDesign:ToggleButtonAssist.OnContent>
+ <materialDesign:PackIcon Kind="ContentSave" />
+ </materialDesign:ToggleButtonAssist.OnContent>
+ </ToggleButton>
+ </StackPanel>
+ <PasswordBox materialDesign:HintAssist.HelperText="{x:Static properties:Resources.EncryptionKeyHelper}"
+ materialDesign:HintAssist.Hint="{x:Static properties:Resources.EncryptionKey}"
+ materialDesign:TextFieldAssist.CharacterCounterVisibility="Visible"
+ Style="{StaticResource MaterialDesignFloatingHintRevealPasswordBox}"
+ materialDesign:PasswordBoxAssist.Password="{Binding Properties.Secret, Mode=TwoWay, UpdateSourceTrigger=PropertyChanged}"
+ MaxLength="{Binding Properties.SecretMaxLength}" />
+ </DockPanel>
  </Grid>
 </UserControl>
diff --git a/KeyManager.Library.KeyStore.NXP_SAM.UI/Properties/Resources.Designer.cs b/KeyManager.Library.KeyStore.NXP_SAM.UI/Properties/Resources.Designer.cs
diff --git a/KeyManager.Library.KeyStore.NXP_SAM.UI/Properties/Resources.fr.resx b/KeyManager.Library.KeyStore.NXP_SAM.UI/Properties/Resources.fr.resx
@@ -198,6 +198,12 @@
  <data name="EnableDumpSessionKey" xml:space="preserve">
  <value>Activer le dump de la clé de session</value>
  </data>
+ <data name="EncryptionKey" xml:space="preserve">
+ <value>Clé de chiffrement</value>
+ </data>
+ <data name="EncryptionKeyHelper" xml:space="preserve">
+ <value>Clé de chiffrement maitre pour le modèle SAM Manager</value>
+ </data>
  <data name="ForceCardType" xml:space="preserve">
  <value>Forcer la version de SAM à utiliser</value>
  </data>

diff --git a/KeyManager.Library.KeyStore.NXP_SAM.UI/Properties/Resources.resx b/KeyManager.Library.KeyStore.NXP_SAM.UI/Properties/Resources.resx
@@ -198,6 +198,12 @@
  <data name="EnableDumpSessionKey" xml:space="preserve">
  <value>Enable Dump SessionKey</value>
  </data>
+ <data name="EncryptionKey" xml:space="preserve">
+ <value>Encryption Key</value>
+ </data>
+ <data name="EncryptionKeyHelper" xml:space="preserve">
+ <value>Master Encryption Key for SAM Manager Template</value>
+ </data>
  <data name="ForceCardType" xml:space="preserve">
  <value>Force the SAM version</value>
  </data>

diff --git a/KeyManager.Library.KeyStore.NXP_SAM/ISLOG/ISLOGKeyStore.cs b/KeyManager.Library.KeyStore.NXP_SAM/ISLOG/ISLOGKeyStore.cs
@@ -1,4 +1,5 @@
-using System.Xml.Linq;
+using System.Security.Cryptography;
+using System.Xml.Linq;
 using System.Xml.XPath;
 
 namespace Leosac.KeyManager.Library.KeyStore.NXP_SAM.ISLOG
@@ -83,12 +84,25 @@ public override Task MoveUp(KeyEntryId identifier, KeyEntryClass keClass)
  throw new NotImplementedException();
  }
 
- public override Task Open()
+ public override async Task Open()
  {
  var fileName = GetISLOGProperties().TemplateFile;
  if (!string.IsNullOrEmpty(fileName) && System.IO.File.Exists(fileName))
  {
- var xdoc = XDocument.Load(fileName);
+ Stream stream = System.IO.File.OpenRead(fileName);
+ if (!string.IsNullOrEmpty(Properties?.Secret))
+ {
+ using var aes = Aes.Create();
+ aes.Key = Convert.FromHexString(Properties.Secret);
+ aes.IV = new byte[16];
+ using var decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
+ using var cryptoStream = new CryptoStream(stream, decryptor, CryptoStreamMode.Read);
+ var memstream = new MemoryStream();
+ await cryptoStream.CopyToAsync(memstream);
+ stream.Dispose();
+ stream = memstream;
+ }
+ var xdoc = await XDocument.LoadAsync(stream, LoadOptions.None, new CancellationToken());
  var entries = xdoc.XPathSelectElements("/XMLSAMConfiguration/Keyentrys/item");
  foreach (var entry in entries)
  {
@@ -203,19 +217,36 @@ public override Task Open()
  log.Error("Missing /key/int node for the key entry.");
  }
  }
+ stream.Dispose();
  }
-
- return Task.CompletedTask;
  }
 
  public override Task<string?> ResolveKeyEntryLink(KeyEntryId keyIdentifier, KeyEntryClass keClass, string? divInput, KeyEntryId? wrappingKeyId, string? wrappingContainerSelector)
  {
  throw new NotImplementedException();
  }
 
- public override Task<string?> ResolveKeyLink(KeyEntryId keyIdentifier, KeyEntryClass keClass, string? containerSelector, string? divInput)
+ public override async Task<string?> ResolveKeyLink(KeyEntryId keyIdentifier, KeyEntryClass keClass, string? containerSelector, string? divInput)
  {
- throw new NotImplementedException();
+ log.Info(string.Format("Resolving key link with Key Entry Identifier `{0}`...", keyIdentifier));
+ if (!string.IsNullOrEmpty(divInput))
+ {
+ log.Error("Div Input parameter is not supported.");
+ throw new KeyStoreException("Div Input parameter is not supported.");
+ }
+ if (!byte.TryParse(containerSelector, out byte keyVersion))
+ {
+ log.Warn("Cannot parse the container selector as a key version, falling back to version 0.");
+ }
+
+ var key = await GetKey(keyIdentifier, keClass, containerSelector);
+ if (key == null)
+ {
+ throw new KeyStoreException("The key doesn't exist.");
+ }
+
+ log.Info("Key link completed.");
+ return key.GetAggregatedValue<string>();
  }
 
  public override Task Store(IList<IChangeKeyEntry> changes)