cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

token: send expected result size as Le

Browse Source 
This is a different take on 1c8cc99c68,
sending the expected result size. It's not what the spec says, but it's
what GnuPG does, so it should achieve good compatibility.
This commit is contained in:
Vincent Breitmoser
2018-03-22 17:09:16 +01:00
parent 1e7ed06698
commit 52c8824969
4 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
View File

@@ -135,8 +135,9 @@ public class OpenPgpCommandApduFactory {
}
@NonNull
public CommandApdu createDecipherCommand(byte[] data) {
return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data);
public CommandApdu createDecipherCommand(byte[] data, int expectedLength) {
return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data,
expectedLength);
}
@NonNull

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/PsoDecryptTokenOp.java
View File

@@ -85,9 +85,10 @@ public class PsoDecryptTokenOp {
}
private byte[] decryptSessionKeyRsa(byte[] encryptedSessionKeyMpi) throws IOException {
int mpiLength = getMpiLength(encryptedSessionKeyMpi);
byte[] psoDecipherPayload = getRsaOperationPayload(encryptedSessionKeyMpi);
CommandApdu command = connection.getCommandFactory().createDecipherCommand(psoDecipherPayload);
CommandApdu command = connection.getCommandFactory().createDecipherCommand(psoDecipherPayload, mpiLength);
ResponseApdu response = connection.communicate(command);
if (!response.isSuccess()) {
@@ -139,7 +140,8 @@ public class PsoDecryptTokenOp {
}
psoDecipherPayload = Arrays.concatenate(Hex.decode("A6"), dataLen, psoDecipherPayload);
CommandApdu command = connection.getCommandFactory().createDecipherCommand(psoDecipherPayload);
CommandApdu command = connection.getCommandFactory().createDecipherCommand(
psoDecipherPayload, encryptedPoint.length);
ResponseApdu response = connection.communicate(command);
if (!response.isSuccess()) {

2
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnectionCompatTest.java
View File

@@ -85,7 +85,7 @@ public class SecurityTokenConnectionCompatTest {
PsoDecryptTokenOp psoDecryptTokenOp = PsoDecryptTokenOp.create(mock(SecurityTokenConnection.class));
byte[] psoDecipherPayload = psoDecryptTokenOp.getRsaOperationPayload(encryptedSessionKey);
CommandApdu command = openPgpCommandApduFactory.createDecipherCommand(psoDecipherPayload);
CommandApdu command = openPgpCommandApduFactory.createDecipherCommand(psoDecipherPayload, encryptedSessionKey.length);
List<CommandApdu> chainedApdus = openPgpCommandApduFactory.createChainedApdus(command);
List<String> apduData = new ArrayList<>();

5
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/operations/PsoDecryptTokenOpTest.java
View File

@@ -32,6 +32,7 @@ import org.sufficientlysecure.keychain.securitytoken.operations.PsoDecryptTokenO
import static org.junit.Assert.*;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -45,6 +46,8 @@ public class PsoDecryptTokenOpTest {
"fb9d8cbcb34f28d0b968b6e09eda0e1d3ab6b251eb09f9fb9d9abfeaf9010001733b9015e9e4b6c9df61bbc76041f439d1" +
"273e41f5d0e8414a2b8d6d4c7e86f30b94cfba308b38de53d694a8ca15382301ace806c8237641b03525b3e3e8cbb017e2" +
"51265229bcbb0da5d5aeb4eafbad9779");
private static final int RSA_ENC_MODULUS = 256;
private SecurityTokenConnection securityTokenConnection;
private OpenPgpCommandApduFactory commandFactory;
private PsoDecryptTokenOp useCase;
@@ -75,7 +78,7 @@ public class PsoDecryptTokenOpTest {
ResponseApdu dummyResponseApdu = ResponseApdu.fromBytes(Hex.decode("010203049000"));
when(commandFactory.createDecipherCommand(any(byte[].class))).thenReturn(dummyCommandApdu);
when(commandFactory.createDecipherCommand(any(byte[].class), eq(RSA_ENC_MODULUS))).thenReturn(dummyCommandApdu);
when(securityTokenConnection.communicate(dummyCommandApdu)).thenReturn(dummyResponseApdu);
byte[] response = useCase.verifyAndDecryptSessionKey(RSA_ENC_SESSIONKEY_MPI, null);