diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCapabilities.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCapabilities.java index 36b0fc99a..082ae90ec 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCapabilities.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCapabilities.java @@ -34,7 +34,7 @@ public class OpenPgpCapabilities { private boolean mAttriburesChangable; private boolean mHasKeyImport; - private int mSMAESKeySize; + private int mSMType; private int mMaxCmdLen; private int mMaxRspLen; @@ -108,16 +108,7 @@ public class OpenPgpCapabilities { mHasKeyImport = (v[0] & MASK_KEY_IMPORT) != 0; mAttriburesChangable = (v[0] & MASK_ATTRIBUTES_CHANGABLE) != 0; - mSMAESKeySize = 0; - - switch(v[1]) { - case 1: - mSMAESKeySize = 16; - break; - case 2: - mSMAESKeySize = 32; - break; - } + mSMType = v[1]; mMaxCmdLen = (v[6] << 8) + v[7]; mMaxRspLen = (v[8] << 8) + v[9]; @@ -147,12 +138,12 @@ public class OpenPgpCapabilities { return mHasKeyImport; } - public int getSMAESKeySize() { - return mSMAESKeySize; + public boolean isHasAESSM() { + return isHasSM() && ((mSMType == 1) || (mSMType == 2)); } - public boolean isHasAESSM() { - return isHasSM() && ((mSMAESKeySize == 16) || (mSMAESKeySize == 32)); + public boolean isHasSCP11bSM() { + return isHasSM() && (mSMType == 3); } public int getMaxCmdLen() { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java index 6a3aa1e8c..aa831f9ba 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java @@ -277,19 +277,12 @@ class SCP11bSecureMessaging implements SecureMessaging { public static void establish(final SecurityTokenHelper t, final Context ctx) throws SecureMessagingException, IOException { - final int keySize = t.getOpenPgpCapabilities().getSMAESKeySize(); - - t.clearSecureMessaging(); - - if ((keySize != 16) - && (keySize != 32)) { - throw new SecureMessagingException("invalid key size"); - } - CommandAPDU cmd; ResponseAPDU resp; Iso7816TLV[] tlvs; + t.clearSecureMessaging(); + // retrieving key algorithm cmd = new CommandAPDU(0, (byte)0xCA, (byte)0x00, OPENPGP_SECURE_MESSAGING_KEY_ATTRIBUTES_TAG, SecurityTokenHelper.MAX_APDU_NE_EXT); @@ -365,6 +358,14 @@ class SCP11bSecureMessaging implements SecureMessaging { throw new SecureMessagingException("No key in token for secure messaging"); } + final int fieldSize = pkcard.getParams().getCurve().getField().getFieldSize(); + int keySize; + if(fieldSize < 512) { + keySize = 16; + } else { + keySize = 32; + } + final KeyPair ekoce = generateECDHKeyPair(eckf); final ECPublicKey epkoce = (ECPublicKey)ekoce.getPublic(); final ECPrivateKey eskoce = (ECPrivateKey)ekoce.getPrivate(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java index 98aa82f3a..5b687f488 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java @@ -206,7 +206,7 @@ public class SecurityTokenHelper { mPw1ValidatedForDecrypt = false; mPw3Validated = false; - if (mOpenPgpCapabilities.isHasAESSM()) { + if (mOpenPgpCapabilities.isHasSCP11bSM()) { try { SCP11bSecureMessaging.establish(this, ctx); } catch (SecureMessagingException e) {