230-management-token-plugin.js
Summary
Plug-In
function ManagementToken(km) {
this.km = km;
}
exports.Plugin = ManagementToken;
ManagementToken.USE_TOKEN_ACTION = "Use as Management Token";
ManagementToken.RELEASE_TOKEN_ACTION = "Release Management Token";
ManagementToken.prototype.addDeviceContextMenu = function(contextMenu, isInitialized, authenticationState) {
if (typeof(this.km.managementToken) == "undefined") {
if (isInitialized && authenticationState == 0x9000) {
contextMenu.push(ManagementToken.USE_TOKEN_ACTION);
}
} else {
contextMenu.push(ManagementToken.RELEASE_TOKEN_ACTION);
}
}
ManagementToken.prototype.useAsManagementToken = function() {
this.sc = this.km.sc;
this.ks = this.km.ks;
this.id = this.km.id;
this.certchain = this.km.certchain;
this.km.managementToken = this;
this.km.autoInsert = true;
var keys = this.sc.getKeys();
for (var i = 0; i < keys.length; i++) {
var key = keys[i];
if ((key.getType() == "AES") && (key.algorithms.find(ByteString.valueOf(SmartCardHSM.ALG_CMAC)) >= 0)) {
this.tmk = key;
var label = key.getLabel();
this.kcv = key.getPKCS15Id();
if (this.kcv.length != 8) {
print("No subject key identifier found. Generating one...");
this.kcv = this.tmk.sign(Crypto.AES_CMAC, new ByteString("KeyCheckValue", ASCII)).left(8);
}
print("Found AES key '" + label + "' with KCV " + this.kcv.toString(HEX) + " to manage the SO-PIN");
break;
}
}
this.task = new Task(this);
this.task.setContextMenu([ ManagementToken.RELEASE_TOKEN_ACTION ]);
this.km.cardRemoved(this.sc.card.readerName);
print("See Tasks tab for management token");
}
ManagementToken.prototype.releaseManagementToken = function() {
delete this.km.managementToken;
this.sc.logout();
this.sc.card.close();
this.task.dispose();
}
ManagementToken.prototype.deriveSOPIN = function(id, seed) {
var inp = new ByteString(id, ASCII);
if (seed) {
inp = inp.concat(seed);
}
var cmac = this.tmk.sign(Crypto.AES_CMAC, inp);
return cmac.left(8);
}
ManagementToken.prototype.actionListener = function(source, action) {
switch(action) {
case ManagementToken.USE_TOKEN_ACTION:
this.useAsManagementToken();
return true;
case ManagementToken.RELEASE_TOKEN_ACTION:
this.releaseManagementToken();
return true;
}
return false;
}
ManagementToken.prototype.toString = function() {
return "Management-Token " + this.id;
}
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024