Move PIN verify inside sign/decrypt operation and set correct mode.

2015-04-14 15:34:25 -04:00 · 2015-04-14 15:34:25 -04:00 · f981c36bf4
parent 191784bf4b
commit f981c36bf4
1 changed files with 45 additions and 19 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@ -185,25 +185,6 @@ public abstract class BaseNfcActivity extends BaseActivity {
            throw new IOException("Initialization failed!");
        }

-        if (mPin != null) {
-
-            byte[] pin = new String(mPin.getCharArray()).getBytes();
-
-            // Command APDU for VERIFY command (page 32)
-            String login =
-                    "00" // CLA
-                            + "20" // INS
-                            + "00" // P1
-                            + "82" // P2 (PW1)
-                            + String.format("%02x", pin.length) // Lc
-                            + Hex.toHexString(pin);
-            if (!nfcCommunicate(login).equals(accepted)) { // login
-                handlePinError();
-                return;
-            }
-
-        }
-
        onNfcPerform();

        mIsoDep.close();
@ -321,6 +302,28 @@ public abstract class BaseNfcActivity extends BaseActivity {
     */
    public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {

+        if (mPin != null) {
+
+            byte[] pin = new String(mPin.getCharArray()).getBytes();
+            // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
+            // See specification, page 51
+            String accepted = "9000";
+
+            // Command APDU for VERIFY command (page 32)
+            String login =
+            "00" // CLA
+            + "20" // INS
+            + "00" // P1
+            + "81" // P2 (PW1 with mode 81 for signing)
+            + String.format("%02x", pin.length) // Lc
+            + Hex.toHexString(pin);
+            if (!nfcCommunicate(login).equals(accepted)) { // login
+                handlePinError();
+                throw new IOException("Bad PIN!");
+            }
+
+        }
+
        // dsi, including Lc
        String dsi;

@ -413,6 +416,29 @@ public abstract class BaseNfcActivity extends BaseActivity {
     * @return the decoded session key
     */
    public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
+
+        if (mPin != null) {
+
+            byte[] pin = new String(mPin.getCharArray()).getBytes();
+            // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
+            // See specification, page 51
+            String accepted = "9000";
+
+            // Command APDU for VERIFY command (page 32)
+            String login =
+            "00" // CLA
+            + "20" // INS
+            + "00" // P1
+            + "82" // P2 (PW1 with mode 82 for decryption)
+            + String.format("%02x", pin.length) // Lc
+            + Hex.toHexString(pin);
+            if (!nfcCommunicate(login).equals(accepted)) { // login
+                handlePinError();
+                throw new IOException("Bad PIN!");
+            }
+
+        }
+
        String firstApdu = "102a8086fe";
        String secondApdu = "002a808603";
        String le = "00";