Add Div Input configuration on NXP SAM authentication key

Author: Maxhy

KeyManager.Library.KeyStore.NXP_SAM.UI/Properties/Resources.fr.resx

@@ -199,7 +199,7 @@
     <value>Désactiver la génération du MAC à partir d'une carte PICC</value>
   </data>
   <data name="DisableKeyEntry" xml:space="preserve">
-    <value>Désactiver l'enregistrement de clés</value>
+    <value>Désactiver la clé</value>
   </data>
   <data name="DisableVerifyMACFromPICC" xml:space="preserve">
     <value>Désactiver la vérification du MAC à partir d'une carte PICC</value>

KeyManager.Library.KeyStore.NXP_SAM.UI/SAMKeyStorePropertiesControl.xaml

@@ -71,6 +71,7 @@
                         </DataTemplate>
                     </ComboBox.ItemTemplate>
                 </ComboBox>
+                <libui:DivInputControl Grid.Row="3" DivInput="{Binding SAMProperties.AuthenticationDivInput}" Margin="5, 15, 5, 5" />
             </StackPanel>
         </Expander>
         <ComboBox ItemsSource="{Binding CardTypes}" SelectedItem="{Binding SAMProperties.ForceCardType}"

KeyManager.Library.KeyStore.NXP_SAM/SAMKeyStore.cs

@@ -231,7 +231,7 @@ public override Task Delete(KeyEntryId identifier, KeyEntryClass keClass, bool i
 
             if (!_unlocked)
             {
-                UnlockSAM(av2cmd, GetSAMProperties().AuthenticationMode, GetSAMProperties().AuthenticateKeyEntryIdentifier, GetSAMProperties().AuthenticateKeyVersion, KeyMaterial.GetValueAsString(Properties?.Secret, KeyValueStringFormat.HexStringWithSpace));
+                UnlockSAM(av2cmd, GetSAMProperties().AuthenticationMode, GetSAMProperties().AuthenticateKeyEntryIdentifier, GetAuthenticationKey());
                 _unlocked = true;
             }
 
@@ -432,19 +432,7 @@ public override async Task Store(IList<IChangeKeyEntry> changes)
         public override Task Update(IChangeKeyEntry change, bool ignoreIfMissing)
         {
             log.Info(string.Format("Updating key entry `{0}`...", change.Identifier));
-
-            var key = new LibLogicalAccess.Card.DESFireKey();
-            key.setKeyType(LibLogicalAccess.Card.DESFireKeyType.DF_KEY_AES);
-            key.setKeyVersion(GetSAMProperties().AuthenticateKeyVersion);
-            if (!string.IsNullOrEmpty(Properties?.Secret))
-            {
-                key.fromString(KeyMaterial.GetValueAsString(Properties.Secret, KeyValueStringFormat.HexStringWithSpace));
-            }
-            else
-            {
-                key.fromString("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00");
-            }
-
+            var key = GetAuthenticationKey();
             if (change is SAMSymmetricKeyEntry samkey)
             {
                 var cmd = Chip?.getCommands();
@@ -674,27 +662,72 @@ public static LibLogicalAccess.Card.DESFireKey CreateDESFireKey(LibLogicalAccess
             return key;
         }
 
+        public LibLogicalAccess.Card.DESFireKey GetAuthenticationKey()
+        {
+            var key = new LibLogicalAccess.Card.DESFireKey();
+            key.setKeyType(GetSAMProperties().AuthenticateKeyType);
+            key.setKeyVersion(GetSAMProperties().AuthenticateKeyVersion);
+            if (!string.IsNullOrEmpty(Properties?.Secret))
+            {
+                key.fromString(KeyMaterial.GetValueAsString(Properties.Secret, KeyValueStringFormat.HexStringWithSpace));
+            }
+            else
+            {
+                key.fromString("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00");
+            }
+            if (GetSAMProperties().AuthenticationDivInput.Count > 0)
+            {
+                var divContext = new DivInput.DivInputContext
+                {
+                    KeyStore = this
+                };
+                var div = new LibLogicalAccess.Card.NXPAV2KeyDiversification();
+                var input = ComputeDivInput(divContext, GetSAMProperties().AuthenticationDivInput);
+                if (!string.IsNullOrEmpty(input))
+                {
+                    div.setDivInput([.. Convert.FromHexString(input)]);
+                    key.setKeyDiversification(div);
+                }
+            }
+            return key;
+        }
+
         public void ActivateMifareSAM(LibLogicalAccess.Reader.SAMAV2ISO7816Commands av2cmd)
         {
-            ActivateMifareSAM(av2cmd, GetSAMProperties().AuthenticateKeyEntryIdentifier, GetSAMProperties().AuthenticateKeyType, GetSAMProperties().AuthenticateKeyVersion, Properties?.Secret);
+            ActivateMifareSAM(av2cmd, GetSAMProperties().AuthenticateKeyEntryIdentifier, GetAuthenticationKey());
             Close();
             Open();
         }
 
         public static void ActivateMifareSAM(LibLogicalAccess.Reader.SAMAV2ISO7816Commands av2cmd, byte keyno, LibLogicalAccess.Card.DESFireKeyType keyType, byte keyVersion, string? keyValue)
         {
             var key = CreateDESFireKey(keyType, keyVersion, keyValue);
+            ActivateMifareSAM(av2cmd, keyno, key);
+        }
+
+        public static void ActivateMifareSAM(LibLogicalAccess.Reader.SAMAV2ISO7816Commands av2cmd, byte keyno, LibLogicalAccess.Card.DESFireKey key)
+        {
             av2cmd.lockUnlock(key, LibLogicalAccess.Card.SAMLockUnlock.SwitchAV2Mode /* AV3 = Active Mifare SAM */, keyno, 0, 0);
             log.Info("Mifare SAM features activation completed.");
         }
 
         public static void UnlockSAM(LibLogicalAccess.Reader.SAMAV2ISO7816Commands av2cmd, SAMAuthenticationMode mode, byte keyEntry, byte keyVersion, string? keyValue)
         {
-            log.Info("Unlocking SAM...");
             var key = new LibLogicalAccess.Card.DESFireKey();
             key.setKeyType(LibLogicalAccess.Card.DESFireKeyType.DF_KEY_AES);
             key.setKeyVersion(keyVersion);
             key.fromString(keyValue ?? "");
+            UnlockSAM(av2cmd, mode, keyEntry, key);
+        }
+
+        public void UnlockSAM(LibLogicalAccess.Reader.SAMAV2ISO7816Commands av2cmd)
+        {
+            UnlockSAM(av2cmd, GetSAMProperties().AuthenticationMode, GetSAMProperties().AuthenticateKeyEntryIdentifier, GetAuthenticationKey());
+        }
+
+        public static void UnlockSAM(LibLogicalAccess.Reader.SAMAV2ISO7816Commands av2cmd, SAMAuthenticationMode mode, byte keyEntry, LibLogicalAccess.Card.DESFireKey key)
+        {
+            log.Info("Unlocking SAM...");
             if (mode == SAMAuthenticationMode.AuthenticateHost)
             {
                 av2cmd.authenticateHost(key, keyEntry);
@@ -756,18 +789,7 @@ public void UpdateCounter(SAMKeyUsageCounter counter)
             var cmd = Chip?.getCommands();
             if (cmd is LibLogicalAccess.Reader.SAMAV2ISO7816Commands av2cmd)
             {
-                var key = new LibLogicalAccess.Card.DESFireKey();
-                key.setKeyType(LibLogicalAccess.Card.DESFireKeyType.DF_KEY_AES);
-                key.setKeyVersion(GetSAMProperties().AuthenticateKeyVersion);
-                if (!string.IsNullOrEmpty(Properties?.Secret))
-                {
-                    key.fromString(KeyMaterial.GetValueAsString(Properties.Secret, KeyValueStringFormat.HexStringWithSpace));
-                }
-                else
-                {
-                    key.fromString("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00");
-                }
-
+                var key = GetAuthenticationKey();
                 var kucEntry = new LibLogicalAccess.Card.SAMKucEntry();
                 var entry = kucEntry.getKucEntryStruct();
 
@@ -804,7 +826,7 @@ public void UpdateCounter(SAMKeyUsageCounter counter)
             {
                 if (!string.IsNullOrEmpty(GetSAMProperties().Secret) && !_unlocked)
                 {
-                    UnlockSAM(av3cmd, GetSAMProperties().AuthenticationMode, GetSAMProperties().AuthenticateKeyEntryIdentifier, GetSAMProperties().AuthenticateKeyVersion, KeyMaterial.GetValueAsString(Properties?.Secret, KeyValueStringFormat.HexStringWithSpace));
+                    UnlockSAM(av3cmd);
                     _unlocked = true;
                 }
 
@@ -862,7 +884,7 @@ public void UpdateCounter(SAMKeyUsageCounter counter)
             {
                 if (!string.IsNullOrEmpty(GetSAMProperties().Secret) && !_unlocked)
                 {
-                    UnlockSAM(av2cmd, GetSAMProperties().AuthenticationMode, GetSAMProperties().AuthenticateKeyEntryIdentifier, GetSAMProperties().AuthenticateKeyVersion, KeyMaterial.GetValueAsString(Properties?.Secret, KeyValueStringFormat.HexStringWithSpace));
+                    UnlockSAM(av2cmd);
                     _unlocked = true;
                 }
 

KeyManager.Library.KeyStore.NXP_SAM/SAMKeyStoreProperties.cs

@@ -1,4 +1,6 @@
-using LibLogicalAccess.Card;
+using Leosac.KeyManager.Library.DivInput;
+using LibLogicalAccess.Card;
+using System.Collections.ObjectModel;
 
 namespace Leosac.KeyManager.Library.KeyStore.NXP_SAM
 {
@@ -13,6 +15,7 @@ public SAMKeyStoreProperties()
             _authenticateKeyType = DESFireKeyType.DF_KEY_AES;
             _authenticateKeyVersion = 0;
             _authenticationMode = SAMAuthenticationMode.Unlock;
+            AuthenticationDivInput = new ObservableCollection<DivInputFragment>();
         }
 
         private string _readerProvider;
@@ -71,6 +74,8 @@ public SAMAuthenticationMode AuthenticationMode
             set => SetProperty(ref _authenticationMode, value);
         }
 
+        public ObservableCollection<DivInputFragment> AuthenticationDivInput { get; set; }
+
         private string? _forceCardType;
         public string? ForceCardType
         {

KeyManager.Library.UI/Domain/KeyEntriesControlViewModel.cs

@@ -706,6 +706,17 @@ private async Task PrintSelection()
             flow.Blocks.Add(sign);
 
             var footer = new Section() { Background = Brushes.Orange };
+            footer.Blocks.Add(new Paragraph()
+            {
+                Inlines =
+                {
+                    new Run(Properties.Resources.KeyExportDisclaimer1),
+                    new LineBreak(),
+                    new Run(Properties.Resources.KeyExportDisclaimer2)
+                },
+                TextAlignment = TextAlignment.Center,
+                FontSize = 12
+            });
             var fp = new Paragraph(new Run(Properties.Resources.DocumentGenerated)) { Margin = new Thickness(5) };
             fp.Inlines.Add(new Run(" Leosac Key Manager ") { FontWeight = FontWeights.Bold });
             fp.Inlines.Add(new Run(" - "));

KeyManager.Library/KeyStore/KeyStore.cs

@@ -600,7 +600,7 @@ public virtual Task Diff(KeyStore store, Func<string, KeyStore?> getFavoriteKeyS
             }));
         }
 
-        private static string? ComputeDivInput(DivInputContext divContext, IList<DivInputFragment> divInput)
+        protected static string? ComputeDivInput(DivInputContext divContext, IList<DivInputFragment> divInput)
         {
             divContext.CurrentDivInput = null;
             if (divInput != null && divInput.Count > 0)