From f981c36bf4124f892c5b4c75f89437f320772fbd Mon Sep 17 00:00:00 2001 From: Joey Castillo Date: Tue, 14 Apr 2015 15:34:25 -0400 Subject: [PATCH] Move PIN verify inside sign/decrypt operation and set correct mode. --- .../keychain/ui/base/BaseNfcActivity.java | 64 +++++++++++++------ 1 file changed, 45 insertions(+), 19 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java index 9b10ccdb1..1faa5f6b5 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java @@ -185,25 +185,6 @@ public abstract class BaseNfcActivity extends BaseActivity { throw new IOException("Initialization failed!"); } - if (mPin != null) { - - byte[] pin = new String(mPin.getCharArray()).getBytes(); - - // Command APDU for VERIFY command (page 32) - String login = - "00" // CLA - + "20" // INS - + "00" // P1 - + "82" // P2 (PW1) - + String.format("%02x", pin.length) // Lc - + Hex.toHexString(pin); - if (!nfcCommunicate(login).equals(accepted)) { // login - handlePinError(); - return; - } - - } - onNfcPerform(); mIsoDep.close(); @@ -321,6 +302,28 @@ public abstract class BaseNfcActivity extends BaseActivity { */ public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException { + if (mPin != null) { + + byte[] pin = new String(mPin.getCharArray()).getBytes(); + // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time. + // See specification, page 51 + String accepted = "9000"; + + // Command APDU for VERIFY command (page 32) + String login = + "00" // CLA + + "20" // INS + + "00" // P1 + + "81" // P2 (PW1 with mode 81 for signing) + + String.format("%02x", pin.length) // Lc + + Hex.toHexString(pin); + if (!nfcCommunicate(login).equals(accepted)) { // login + handlePinError(); + throw new IOException("Bad PIN!"); + } + + } + // dsi, including Lc String dsi; @@ -413,6 +416,29 @@ public abstract class BaseNfcActivity extends BaseActivity { * @return the decoded session key */ public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException { + + if (mPin != null) { + + byte[] pin = new String(mPin.getCharArray()).getBytes(); + // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time. + // See specification, page 51 + String accepted = "9000"; + + // Command APDU for VERIFY command (page 32) + String login = + "00" // CLA + + "20" // INS + + "00" // P1 + + "82" // P2 (PW1 with mode 82 for decryption) + + String.format("%02x", pin.length) // Lc + + Hex.toHexString(pin); + if (!nfcCommunicate(login).equals(accepted)) { // login + handlePinError(); + throw new IOException("Bad PIN!"); + } + + } + String firstApdu = "102a8086fe"; String secondApdu = "002a808603"; String le = "00";