cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update SecureMessaging/SCP11b wrt OpenPGP card v3.3

Browse Source
This commit is contained in:
Arnaud Fontaine
2017-07-06 18:25:36 +02:00
parent ddd8be07da
commit 47b0763f9f
3 changed files with 17 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCapabilities.java
View File

@@ -34,7 +34,7 @@ public class OpenPgpCapabilities {
private boolean mAttriburesChangable; private boolean mAttriburesChangable;
private boolean mHasKeyImport; private boolean mHasKeyImport;
private int mSMAESKeySize; private int mSMType;
private int mMaxCmdLen; private int mMaxCmdLen;
private int mMaxRspLen; private int mMaxRspLen;
@@ -108,16 +108,7 @@ public class OpenPgpCapabilities {
mHasKeyImport = (v[0] & MASK_KEY_IMPORT) != 0; mHasKeyImport = (v[0] & MASK_KEY_IMPORT) != 0;
mAttriburesChangable = (v[0] & MASK_ATTRIBUTES_CHANGABLE) != 0; mAttriburesChangable = (v[0] & MASK_ATTRIBUTES_CHANGABLE) != 0;
mSMAESKeySize = 0; mSMType = v[1];
switch(v[1]) {
case 1:
mSMAESKeySize = 16;
break;
case 2:
mSMAESKeySize = 32;
break;
}
mMaxCmdLen = (v[6] << 8) + v[7]; mMaxCmdLen = (v[6] << 8) + v[7];
mMaxRspLen = (v[8] << 8) + v[9]; mMaxRspLen = (v[8] << 8) + v[9];
@@ -147,12 +138,12 @@ public class OpenPgpCapabilities {
return mHasKeyImport; return mHasKeyImport;
} }
public int getSMAESKeySize() { public boolean isHasAESSM() {
return mSMAESKeySize; return isHasSM() && ((mSMType == 1) || (mSMType == 2));
} }
public boolean isHasAESSM() { public boolean isHasSCP11bSM() {
return isHasSM() && ((mSMAESKeySize == 16) || (mSMAESKeySize == 32)); return isHasSM() && (mSMType == 3);
} }
public int getMaxCmdLen() { public int getMaxCmdLen() {

19
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java
View File

@@ -277,19 +277,12 @@ class SCP11bSecureMessaging implements SecureMessaging {
public static void establish(final SecurityTokenHelper t, final Context ctx) public static void establish(final SecurityTokenHelper t, final Context ctx)
throws SecureMessagingException, IOException { throws SecureMessagingException, IOException {
final int keySize = t.getOpenPgpCapabilities().getSMAESKeySize();
t.clearSecureMessaging();
if ((keySize != 16)
&& (keySize != 32)) {
throw new SecureMessagingException("invalid key size");
}
CommandAPDU cmd; CommandAPDU cmd;
ResponseAPDU resp; ResponseAPDU resp;
Iso7816TLV[] tlvs; Iso7816TLV[] tlvs;
t.clearSecureMessaging();
// retrieving key algorithm // retrieving key algorithm
cmd = new CommandAPDU(0, (byte)0xCA, (byte)0x00, cmd = new CommandAPDU(0, (byte)0xCA, (byte)0x00,
OPENPGP_SECURE_MESSAGING_KEY_ATTRIBUTES_TAG, SecurityTokenHelper.MAX_APDU_NE_EXT); OPENPGP_SECURE_MESSAGING_KEY_ATTRIBUTES_TAG, SecurityTokenHelper.MAX_APDU_NE_EXT);
@@ -365,6 +358,14 @@ class SCP11bSecureMessaging implements SecureMessaging {
throw new SecureMessagingException("No key in token for secure messaging"); throw new SecureMessagingException("No key in token for secure messaging");
} }
final int fieldSize = pkcard.getParams().getCurve().getField().getFieldSize();
int keySize;
if(fieldSize < 512) {
keySize = 16;
} else {
keySize = 32;
}
final KeyPair ekoce = generateECDHKeyPair(eckf); final KeyPair ekoce = generateECDHKeyPair(eckf);
final ECPublicKey epkoce = (ECPublicKey)ekoce.getPublic(); final ECPublicKey epkoce = (ECPublicKey)ekoce.getPublic();
final ECPrivateKey eskoce = (ECPrivateKey)ekoce.getPrivate(); final ECPrivateKey eskoce = (ECPrivateKey)ekoce.getPrivate();

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
View File

@@ -206,7 +206,7 @@ public class SecurityTokenHelper {
mPw1ValidatedForDecrypt = false; mPw1ValidatedForDecrypt = false;
mPw3Validated = false; mPw3Validated = false;
if (mOpenPgpCapabilities.isHasAESSM()) { if (mOpenPgpCapabilities.isHasSCP11bSM()) {
try { try {
SCP11bSecureMessaging.establish(this, ctx); SCP11bSecureMessaging.establish(this, ctx);
} catch (SecureMessagingException e) { } catch (SecureMessagingException e) {