mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-30 12:32:17 -05:00
Merge pull request #1200 from josecastillo/development
Fix for NFC signing operations: move PIN verify inside sign/decrypt operation and set correct mode.
This commit is contained in:
commit
284ae594bb
@ -185,25 +185,6 @@ public abstract class BaseNfcActivity extends BaseActivity {
|
|||||||
throw new IOException("Initialization failed!");
|
throw new IOException("Initialization failed!");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mPin != null) {
|
|
||||||
|
|
||||||
byte[] pin = new String(mPin.getCharArray()).getBytes();
|
|
||||||
|
|
||||||
// Command APDU for VERIFY command (page 32)
|
|
||||||
String login =
|
|
||||||
"00" // CLA
|
|
||||||
+ "20" // INS
|
|
||||||
+ "00" // P1
|
|
||||||
+ "82" // P2 (PW1)
|
|
||||||
+ String.format("%02x", pin.length) // Lc
|
|
||||||
+ Hex.toHexString(pin);
|
|
||||||
if (!nfcCommunicate(login).equals(accepted)) { // login
|
|
||||||
handlePinError();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
onNfcPerform();
|
onNfcPerform();
|
||||||
|
|
||||||
mIsoDep.close();
|
mIsoDep.close();
|
||||||
@ -320,6 +301,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
|
|||||||
* @return a big integer representing the MPI for the given hash
|
* @return a big integer representing the MPI for the given hash
|
||||||
*/
|
*/
|
||||||
public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
|
public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
|
||||||
|
nfcVerifyPIN(0x81); // (Verify PW1 with mode 81 for signing)
|
||||||
|
|
||||||
// dsi, including Lc
|
// dsi, including Lc
|
||||||
String dsi;
|
String dsi;
|
||||||
@ -413,6 +395,8 @@ public abstract class BaseNfcActivity extends BaseActivity {
|
|||||||
* @return the decoded session key
|
* @return the decoded session key
|
||||||
*/
|
*/
|
||||||
public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
|
public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
|
||||||
|
nfcVerifyPIN(0x82); // (Verify PW1 with mode 82 for decryption)
|
||||||
|
|
||||||
String firstApdu = "102a8086fe";
|
String firstApdu = "102a8086fe";
|
||||||
String secondApdu = "002a808603";
|
String secondApdu = "002a808603";
|
||||||
String le = "00";
|
String le = "00";
|
||||||
@ -436,6 +420,32 @@ public abstract class BaseNfcActivity extends BaseActivity {
|
|||||||
return Hex.decode(decryptedSessionKey);
|
return Hex.decode(decryptedSessionKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Verifies the user's PW1 with the appropriate mode.
|
||||||
|
*
|
||||||
|
* @param mode This is 0x81 for signing, 0x82 for everything else
|
||||||
|
*/
|
||||||
|
public void nfcVerifyPIN(int mode) throws IOException {
|
||||||
|
if (mPin != null) {
|
||||||
|
byte[] pin = new String(mPin.getCharArray()).getBytes();
|
||||||
|
// SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
|
||||||
|
// See specification, page 51
|
||||||
|
String accepted = "9000";
|
||||||
|
|
||||||
|
// Command APDU for VERIFY command (page 32)
|
||||||
|
String login =
|
||||||
|
"00" // CLA
|
||||||
|
+ "20" // INS
|
||||||
|
+ "00" // P1
|
||||||
|
+ String.format("%02x", mode) // P2
|
||||||
|
+ String.format("%02x", pin.length) // Lc
|
||||||
|
+ Hex.toHexString(pin);
|
||||||
|
if (!nfcCommunicate(login).equals(accepted)) { // login
|
||||||
|
handlePinError();
|
||||||
|
throw new IOException("Bad PIN!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Prints a message to the screen
|
* Prints a message to the screen
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user