Merge pull request #1200 from josecastillo/development

Fix for NFC signing operations: move PIN verify inside sign/decrypt operation and set correct mode.
This commit is contained in:
Dominik Schürmann 2015-04-15 09:49:09 +02:00
commit 284ae594bb

View File

@ -185,25 +185,6 @@ public abstract class BaseNfcActivity extends BaseActivity {
throw new IOException("Initialization failed!"); throw new IOException("Initialization failed!");
} }
if (mPin != null) {
byte[] pin = new String(mPin.getCharArray()).getBytes();
// Command APDU for VERIFY command (page 32)
String login =
"00" // CLA
+ "20" // INS
+ "00" // P1
+ "82" // P2 (PW1)
+ String.format("%02x", pin.length) // Lc
+ Hex.toHexString(pin);
if (!nfcCommunicate(login).equals(accepted)) { // login
handlePinError();
return;
}
}
onNfcPerform(); onNfcPerform();
mIsoDep.close(); mIsoDep.close();
@ -320,6 +301,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
* @return a big integer representing the MPI for the given hash * @return a big integer representing the MPI for the given hash
*/ */
public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException { public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
nfcVerifyPIN(0x81); // (Verify PW1 with mode 81 for signing)
// dsi, including Lc // dsi, including Lc
String dsi; String dsi;
@ -413,6 +395,8 @@ public abstract class BaseNfcActivity extends BaseActivity {
* @return the decoded session key * @return the decoded session key
*/ */
public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException { public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
nfcVerifyPIN(0x82); // (Verify PW1 with mode 82 for decryption)
String firstApdu = "102a8086fe"; String firstApdu = "102a8086fe";
String secondApdu = "002a808603"; String secondApdu = "002a808603";
String le = "00"; String le = "00";
@ -436,6 +420,32 @@ public abstract class BaseNfcActivity extends BaseActivity {
return Hex.decode(decryptedSessionKey); return Hex.decode(decryptedSessionKey);
} }
/** Verifies the user's PW1 with the appropriate mode.
*
* @param mode This is 0x81 for signing, 0x82 for everything else
*/
public void nfcVerifyPIN(int mode) throws IOException {
if (mPin != null) {
byte[] pin = new String(mPin.getCharArray()).getBytes();
// SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
// See specification, page 51
String accepted = "9000";
// Command APDU for VERIFY command (page 32)
String login =
"00" // CLA
+ "20" // INS
+ "00" // P1
+ String.format("%02x", mode) // P2
+ String.format("%02x", pin.length) // Lc
+ Hex.toHexString(pin);
if (!nfcCommunicate(login).equals(accepted)) { // login
handlePinError();
throw new IOException("Bad PIN!");
}
}
}
/** /**
* Prints a message to the screen * Prints a message to the screen
* *