cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OTG: update methods

Browse Source
This commit is contained in:
Nikita Mikhailov
2016-04-03 22:20:33 +06:00
parent 65f17d7449
commit 834440199a
8 changed files with 309 additions and 708 deletions
Download Patch File Download Diff File Expand all files Collapse all files

279
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/javacard/BaseJavacardDevice.java
View File

@@ -15,7 +15,12 @@ import java.math.BigInteger;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.security.interfaces.RSAPrivateCrtKey; import java.security.interfaces.RSAPrivateCrtKey;
import nordpol.Apdu;
public class BaseJavacardDevice implements JavacardDevice { public class BaseJavacardDevice implements JavacardDevice {
// Fidesmo constants
private static final String FIDESMO_APPS_AID_PREFIX = "A000000617";
private static final byte[] BLANK_FINGERPRINT = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; private static final byte[] BLANK_FINGERPRINT = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
private final Transport mTransport; private final Transport mTransport;
@@ -68,9 +73,9 @@ public class BaseJavacardDevice implements JavacardDevice {
keyType.toString())); keyType.toString()));
} }
nfcPutKey(keyType.getmSlot(), secretKey, passphrase); putKey(keyType.getmSlot(), secretKey, passphrase);
nfcPutData(keyType.getmFingerprintObjectId(), secretKey.getFingerprint()); putData(keyType.getmFingerprintObjectId(), secretKey.getFingerprint());
nfcPutData(keyType.getTimestampObjectId(), timestampBytes); putData(keyType.getTimestampObjectId(), timestampBytes);
} }
public boolean containsKey(KeyType keyType) throws IOException { public boolean containsKey(KeyType keyType) throws IOException {
@@ -78,9 +83,10 @@ public class BaseJavacardDevice implements JavacardDevice {
} }
public boolean keyMatchesFingerPrint(KeyType keyType, byte[] fingerprint) throws IOException { public boolean keyMatchesFingerPrint(KeyType keyType, byte[] fingerprint) throws IOException {
return java.util.Arrays.equals(nfcGetFingerprint(keyType.getIdx()), fingerprint); return java.util.Arrays.equals(getMasterKeyFingerprint(keyType.getIdx()), fingerprint);
} }
// METHOD UPDATED OK
public void connectToDevice() throws IOException { public void connectToDevice() throws IOException {
// SW1/2 0x9000 is the generic "ok" response, which we expect most of the time. // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
// See specification, page 51 // See specification, page 51
@@ -127,53 +133,61 @@ public class BaseJavacardDevice implements JavacardDevice {
/** /**
* Modifies the user's PW1 or PW3. Before sending, the new PIN will be validated for * Modifies the user's PW1 or PW3. Before sending, the new PIN will be validated for
* conformance to the card's requirements for key length. * conformance to the token's requirements for key length.
* *
* @param pinType For PW1, this is 0x81. For PW3 (Admin PIN), mode is 0x83. * @param pw For PW1, this is 0x81. For PW3 (Admin PIN), mode is 0x83.
* @param newPin The new PW1 or PW3. * @param newPin The new PW1 or PW3.
*/ */
public void nfcModifyPIN(PinType pinType, byte[] newPin) throws IOException { // METHOD UPDATED[OK]
public void modifyPin(int pw, byte[] newPin) throws IOException {
final int MAX_PW1_LENGTH_INDEX = 1; final int MAX_PW1_LENGTH_INDEX = 1;
final int MAX_PW3_LENGTH_INDEX = 3; final int MAX_PW3_LENGTH_INDEX = 3;
byte[] pwStatusBytes = nfcGetPwStatusBytes(); byte[] pwStatusBytes = nfcGetPwStatusBytes();
byte[] oldPin;
if (pinType == PinType.BASIC) { if (pw == 0x81) {
if (newPin.length < 6 || newPin.length > pwStatusBytes[MAX_PW1_LENGTH_INDEX]) { if (newPin.length < 6 || newPin.length > pwStatusBytes[MAX_PW1_LENGTH_INDEX]) {
throw new IOException("Invalid PIN length"); throw new IOException("Invalid PIN length");
} }
oldPin = mPin.toStringUnsafe().getBytes(); } else if (pw == 0x83) {
} else {
if (newPin.length < 8 || newPin.length > pwStatusBytes[MAX_PW3_LENGTH_INDEX]) { if (newPin.length < 8 || newPin.length > pwStatusBytes[MAX_PW3_LENGTH_INDEX]) {
throw new IOException("Invalid PIN length"); throw new IOException("Invalid PIN length");
} }
oldPin = mAdminPin.toStringUnsafe().getBytes(); } else {
throw new IOException("Invalid PW index for modify PIN operation");
}
byte[] pin;
if (pw == 0x83) {
pin = mAdminPin.toStringUnsafe().getBytes();
} else {
pin = mPin.toStringUnsafe().getBytes();
} }
// Command APDU for CHANGE REFERENCE DATA command (page 32) // Command APDU for CHANGE REFERENCE DATA command (page 32)
String changeReferenceDataApdu = "00" // CLA String changeReferenceDataApdu = "00" // CLA
+ "24" // INS + "24" // INS
+ "00" // P1 + "00" // P1
+ String.format("%02x", pinType.getmMode()) // P2 + String.format("%02x", pw) // P2
+ String.format("%02x", oldPin.length + newPin.length) // Lc + String.format("%02x", pin.length + newPin.length) // Lc
+ getHex(oldPin) + getHex(pin)
+ getHex(newPin); + getHex(newPin);
String response = nfcCommunicate(changeReferenceDataApdu); // change PIN String response = nfcCommunicate(changeReferenceDataApdu); // change PIN
if (!response.equals("9000")) { if (!response.equals("9000")) {
throw new PinException("Failed to change PIN", parseCardStatus(response)); throw new CardException("Failed to change PIN", parseCardStatus(response));
} }
} }
/** /**
* Calls to calculate the signature and returns the MPI value * Call DECIPHER command
* *
* @param encryptedSessionKey the encoded session key * @param encryptedSessionKey the encoded session key
* @return the decoded session key * @return the decoded session key
*/ */
// METHOD UPDATED [OK]
public byte[] decryptSessionKey(byte[] encryptedSessionKey) throws IOException { public byte[] decryptSessionKey(byte[] encryptedSessionKey) throws IOException {
if (!mPw1ValidatedForDecrypt) { if (!mPw1ValidatedForDecrypt) {
nfcVerifyPIN(0x82); // (Verify PW1 with mode 82 for decryption) nfcVerifyPin(0x82); // (Verify PW1 with mode 82 for decryption)
} }
String firstApdu = "102a8086fe"; String firstApdu = "102a8086fe";
@@ -189,12 +203,10 @@ public class BaseJavacardDevice implements JavacardDevice {
two[i] = encryptedSessionKey[i + one.length + 1]; two[i] = encryptedSessionKey[i + one.length + 1];
} }
String first = nfcCommunicate(firstApdu + getHex(one)); nfcCommunicate(firstApdu + getHex(one));
String second = nfcCommunicate(secondApdu + getHex(two) + le); String second = nfcCommunicate(secondApdu + getHex(two) + le);
String decryptedSessionKey = nfcGetDataField(second); String decryptedSessionKey = getDataField(second);
Log.d(Constants.TAG, "decryptedSessionKey: " + decryptedSessionKey);
return Hex.decode(decryptedSessionKey); return Hex.decode(decryptedSessionKey);
} }
@@ -205,7 +217,8 @@ public class BaseJavacardDevice implements JavacardDevice {
* @param mode For PW1, this is 0x81 for signing, 0x82 for everything else. * @param mode For PW1, this is 0x81 for signing, 0x82 for everything else.
* For PW3 (Admin PIN), mode is 0x83. * For PW3 (Admin PIN), mode is 0x83.
*/ */
public void nfcVerifyPIN(int mode) throws IOException { // METHOD UPDATED [OK]
public void nfcVerifyPin(int mode) throws IOException {
if (mPin != null || mode == 0x83) { if (mPin != null || mode == 0x83) {
byte[] pin; byte[] pin;
@@ -218,18 +231,9 @@ public class BaseJavacardDevice implements JavacardDevice {
// SW1/2 0x9000 is the generic "ok" response, which we expect most of the time. // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
// See specification, page 51 // See specification, page 51
String accepted = "9000"; String accepted = "9000";
String response = nfcTryPin(mode, pin); // login
// Command APDU for VERIFY command (page 32)
String login =
"00" // CLA
+ "20" // INS
+ "00" // P1
+ String.format("%02x", mode) // P2
+ String.format("%02x", pin.length) // Lc
+ Hex.toHexString(pin);
String response = nfcCommunicate(login); // login
if (!response.equals(accepted)) { if (!response.equals(accepted)) {
throw new PinException("Bad PIN!", parseCardStatus(response)); throw new CardException("Bad PIN!", parseCardStatus(response));
} }
if (mode == 0x81) { if (mode == 0x81) {
@@ -243,23 +247,24 @@ public class BaseJavacardDevice implements JavacardDevice {
} }
/** /**
* Stores a data object on the card. Automatically validates the proper PIN for the operation. * Stores a data object on the token. Automatically validates the proper PIN for the operation.
* Supported for all data objects < 255 bytes in length. Only the cardholder certificate * Supported for all data objects < 255 bytes in length. Only the cardholder certificate
* (0x7F21) can exceed this length. * (0x7F21) can exceed this length.
* *
* @param dataObject The data object to be stored. * @param dataObject The data object to be stored.
* @param data The data to store in the object * @param data The data to store in the object
*/ */
public void nfcPutData(int dataObject, byte[] data) throws IOException { // METHOD UPDATED [OK]
public void putData(int dataObject, byte[] data) throws IOException {
if (data.length > 254) { if (data.length > 254) {
throw new IOException("Cannot PUT DATA with length > 254"); throw new IOException("Cannot PUT DATA with length > 254");
} }
if (dataObject == 0x0101 || dataObject == 0x0103) { if (dataObject == 0x0101 || dataObject == 0x0103) {
if (!mPw1ValidatedForDecrypt) { if (!mPw1ValidatedForDecrypt) {
nfcVerifyPIN(0x82); // (Verify PW1 for non-signing operations) nfcVerifyPin(0x82); // (Verify PW1 for non-signing operations)
} }
} else if (!mPw3Validated) { } else if (!mPw3Validated) {
nfcVerifyPIN(0x83); // (Verify PW3) nfcVerifyPin(0x83); // (Verify PW3)
} }
String putDataApdu = "00" // CLA String putDataApdu = "00" // CLA
@@ -275,15 +280,17 @@ public class BaseJavacardDevice implements JavacardDevice {
} }
} }
/** /**
* Puts a key on the card in the given slot. * Puts a key on the token in the given slot.
* *
* @param slot The slot on the card where the key should be stored: * @param slot The slot on the token where the key should be stored:
* 0xB6: Signature Key * 0xB6: Signature Key
* 0xB8: Decipherment Key * 0xB8: Decipherment Key
* 0xA4: Authentication Key * 0xA4: Authentication Key
*/ */
public void nfcPutKey(int slot, CanonicalizedSecretKey secretKey, Passphrase passphrase) // METHOD UPDATED [OK]
public void putKey(int slot, CanonicalizedSecretKey secretKey, Passphrase passphrase)
throws IOException { throws IOException {
if (slot != 0xB6 && slot != 0xB8 && slot != 0xA4) { if (slot != 0xB6 && slot != 0xB8 && slot != 0xA4) {
throw new IOException("Invalid key slot"); throw new IOException("Invalid key slot");
@@ -299,16 +306,16 @@ public class BaseJavacardDevice implements JavacardDevice {
// Shouldn't happen; the UI should block the user from getting an incompatible key this far. // Shouldn't happen; the UI should block the user from getting an incompatible key this far.
if (crtSecretKey.getModulus().bitLength() > 2048) { if (crtSecretKey.getModulus().bitLength() > 2048) {
throw new IOException("Key too large to export to smart card."); throw new IOException("Key too large to export to Security Token.");
} }
// Should happen only rarely; all GnuPG keys since 2006 use public exponent 65537. // Should happen only rarely; all GnuPG keys since 2006 use public exponent 65537.
if (!crtSecretKey.getPublicExponent().equals(new BigInteger("65537"))) { if (!crtSecretKey.getPublicExponent().equals(new BigInteger("65537"))) {
throw new IOException("Invalid public exponent for smart card key."); throw new IOException("Invalid public exponent for smart Security Token.");
} }
if (!mPw3Validated) { if (!mPw3Validated) {
nfcVerifyPIN(0x83); // (Verify PW3 with mode 83) nfcVerifyPin(0x83); // (Verify PW3 with mode 83)
} }
byte[] header = Hex.decode( byte[] header = Hex.decode(
@@ -360,7 +367,7 @@ public class BaseJavacardDevice implements JavacardDevice {
String putKeyCommand = "10DB3FFF"; String putKeyCommand = "10DB3FFF";
String lastPutKeyCommand = "00DB3FFF"; String lastPutKeyCommand = "00DB3FFF";
// Now we're ready to communicate with the card. // Now we're ready to communicate with the token.
offset = 0; offset = 0;
String response; String response;
while (offset < dataToSend.length) { while (offset < dataToSend.length) {
@@ -379,7 +386,7 @@ public class BaseJavacardDevice implements JavacardDevice {
} }
if (!response.endsWith("9000")) { if (!response.endsWith("9000")) {
throw new CardException("Key export to card failed", parseCardStatus(response)); throw new CardException("Key export to Security Token failed", parseCardStatus(response));
} }
} }
@@ -387,6 +394,7 @@ public class BaseJavacardDevice implements JavacardDevice {
Arrays.fill(dataToSend, (byte) 0); Arrays.fill(dataToSend, (byte) 0);
} }
/** /**
* Return the key id from application specific data stored on tag, or null * Return the key id from application specific data stored on tag, or null
* if it doesn't exist. * if it doesn't exist.
@@ -395,7 +403,7 @@ public class BaseJavacardDevice implements JavacardDevice {
* @return The long key id of the requested key, or null if not found. * @return The long key id of the requested key, or null if not found.
*/ */
public Long nfcGetKeyId(int idx) throws IOException { public Long nfcGetKeyId(int idx) throws IOException {
byte[] fp = nfcGetFingerprint(idx); byte[] fp = getMasterKeyFingerprint(idx);
if (fp == null) { if (fp == null) {
return null; return null;
} }
@@ -412,12 +420,13 @@ public class BaseJavacardDevice implements JavacardDevice {
* *
* @return The fingerprints of all subkeys in a contiguous byte array. * @return The fingerprints of all subkeys in a contiguous byte array.
*/ */
// METHOD UPDATED [OK]
public byte[] getFingerprints() throws IOException { public byte[] getFingerprints() throws IOException {
String data = "00CA006E00"; String data = "00CA006E00";
byte[] buf = mTransport.sendAndReceive(Hex.decode(data)); byte[] buf = mTransport.sendAndReceive(Hex.decode(data));
Iso7816TLV tlv = Iso7816TLV.readSingle(buf, true); Iso7816TLV tlv = Iso7816TLV.readSingle(buf, true);
Log.d(Constants.TAG, "nfc tlv data:\n" + tlv.prettyPrint()); Log.d(Constants.TAG, "nfcGetFingerprints() Iso7816TLV tlv data:\n" + tlv.prettyPrint());
Iso7816TLV fptlv = Iso7816TLV.findRecursive(tlv, 0xc5); Iso7816TLV fptlv = Iso7816TLV.findRecursive(tlv, 0xc5);
if (fptlv == null) { if (fptlv == null) {
@@ -427,53 +436,38 @@ public class BaseJavacardDevice implements JavacardDevice {
} }
/** /**
* Return the PW Status Bytes from the card. This is a simple DO; no TLV decoding needed. * Return the PW Status Bytes from the token. This is a simple DO; no TLV decoding needed.
* *
* @return Seven bytes in fixed format, plus 0x9000 status word at the end. * @return Seven bytes in fixed format, plus 0x9000 status word at the end.
*/ */
// METHOD UPDATED [OK]
public byte[] nfcGetPwStatusBytes() throws IOException { public byte[] nfcGetPwStatusBytes() throws IOException {
String data = "00CA00C400"; String data = "00CA00C400";
return mTransport.sendAndReceive(Hex.decode(data)); return mTransport.sendAndReceive(Hex.decode(data));
} }
/** // METHOD UPDATED [OK]
* Return the fingerprint from application specific data stored on tag, or
* null if it doesn't exist.
*
* @param idx Index of the key to return the fingerprint from.
* @return The fingerprint of the requested key, or null if not found.
*/
public byte[] nfcGetFingerprint(int idx) throws IOException {
byte[] data = getFingerprints();
// return the master key fingerprint
ByteBuffer fpbuf = ByteBuffer.wrap(data);
byte[] fp = new byte[20];
fpbuf.position(idx * 20);
fpbuf.get(fp, 0, 20);
return fp;
}
public byte[] getAid() throws IOException { public byte[] getAid() throws IOException {
String info = "00CA004F00"; String info = "00CA004F00";
return mTransport.sendAndReceive(Hex.decode(info)); return mTransport.sendAndReceive(Hex.decode(info));
} }
// METHOD UPDATED [OK]
public String getUserId() throws IOException { public String getUserId() throws IOException {
String info = "00CA006500"; String info = "00CA006500";
return nfcGetHolderName(nfcCommunicate(info)); return nfcGetHolderName(nfcCommunicate(info));
} }
/** /**
* Calls to calculate the signature and returns the MPI value * Call COMPUTE DIGITAL SIGNATURE command and returns the MPI value
* *
* @param hash the hash for signing * @param hash the hash for signing
* @return a big integer representing the MPI for the given hash * @return a big integer representing the MPI for the given hash
*/ */
public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException { // METHOD UPDATED [OK]
public byte[] calculateSignature(byte[] hash, int hashAlgo) throws IOException {
if (!mPw1ValidatedForSignature) { if (!mPw1ValidatedForSignature) {
nfcVerifyPIN(0x81); // (Verify PW1 with mode 81 for signing) nfcVerifyPin(0x81); // (Verify PW1 with mode 81 for signing)
} }
// dsi, including Lc // dsi, including Lc
@@ -580,6 +574,10 @@ public class BaseJavacardDevice implements JavacardDevice {
return output.substring(0, output.length() - 4); return output.substring(0, output.length() - 4);
} }
/**
* Transceive data via NFC encoded as Hex
*/
// METHOD UPDATED [OK]
public String nfcCommunicate(String apdu) throws IOException, TransportIoException { public String nfcCommunicate(String apdu) throws IOException, TransportIoException {
return getHex(mTransport.sendAndReceive(Hex.decode(apdu))); return getHex(mTransport.sendAndReceive(Hex.decode(apdu)));
} }
@@ -587,4 +585,141 @@ public class BaseJavacardDevice implements JavacardDevice {
public boolean isConnected() { public boolean isConnected() {
return mTransport.isConnected(); return mTransport.isConnected();
} }
// NEW METHOD [OK]
public boolean isFidesmoToken() {
if (isConnected()) { // Check if we can still talk to the card
try {
// By trying to select any apps that have the Fidesmo AID prefix we can
// see if it is a Fidesmo device or not
byte[] mSelectResponse = mTransport.sendAndReceive(Apdu.select(FIDESMO_APPS_AID_PREFIX));
// Compare the status returned by our select with the OK status code
return Apdu.hasStatus(mSelectResponse, Apdu.OK_APDU);
} catch (IOException e) {
Log.e(Constants.TAG, "Card communication failed!", e);
}
}
return false;
}
/**
* Generates a key on the card in the given slot. If the slot is 0xB6 (the signature key),
* this command also has the effect of resetting the digital signature counter.
* NOTE: This does not set the key fingerprint data object! After calling this command, you
* must construct a public key packet using the returned public key data objects, compute the
* key fingerprint, and store it on the card using: putData(0xC8, key.getFingerprint())
*
* @param slot The slot on the card where the key should be generated:
* 0xB6: Signature Key
* 0xB8: Decipherment Key
* 0xA4: Authentication Key
* @return the public key data objects, in TLV format. For RSA this will be the public modulus
* (0x81) and exponent (0x82). These may come out of order; proper TLV parsing is required.
*/
// NEW METHOD [OK]
public byte[] nfcGenerateKey(int slot) throws IOException {
if (slot != 0xB6 && slot != 0xB8 && slot != 0xA4) {
throw new IOException("Invalid key slot");
}
if (!mPw3Validated) {
nfcVerifyPin(0x83); // (Verify PW3 with mode 83)
}
String generateKeyApdu = "0047800002" + String.format("%02x", slot) + "0000";
String getResponseApdu = "00C00000";
String first = nfcCommunicate(generateKeyApdu);
String second = nfcCommunicate(getResponseApdu);
if (!second.endsWith("9000")) {
throw new IOException("On-card key generation failed");
}
String publicKeyData = getDataField(first) + getDataField(second);
Log.d(Constants.TAG, "Public Key Data Objects: " + publicKeyData);
return Hex.decode(publicKeyData);
}
// NEW METHOD [OK][OK]
private String getDataField(String output) {
return output.substring(0, output.length() - 4);
}
// NEW METHOD [OK]
private String nfcTryPin(int mode, byte[] pin) throws IOException {
// Command APDU for VERIFY command (page 32)
String login =
"00" // CLA
+ "20" // INS
+ "00" // P1
+ String.format("%02x", mode) // P2
+ String.format("%02x", pin.length) // Lc
+ Hex.toHexString(pin);
return nfcCommunicate(login);
}
/**
* Resets security token, which deletes all keys and data objects.
* This works by entering a wrong PIN and then Admin PIN 4 times respectively.
* Afterwards, the token is reactivated.
*/
// NEW METHOD [OK]
public void resetAndWipeToken() throws IOException {
String accepted = "9000";
// try wrong PIN 4 times until counter goes to C0
byte[] pin = "XXXXXX".getBytes();
for (int i = 0; i <= 4; i++) {
String response = nfcTryPin(0x81, pin);
if (response.equals(accepted)) { // Should NOT accept!
throw new CardException("Should never happen, XXXXXX has been accepted!", parseCardStatus(response));
}
}
// try wrong Admin PIN 4 times until counter goes to C0
byte[] adminPin = "XXXXXXXX".getBytes();
for (int i = 0; i <= 4; i++) {
String response = nfcTryPin(0x83, adminPin);
if (response.equals(accepted)) { // Should NOT accept!
throw new CardException("Should never happen, XXXXXXXX has been accepted", parseCardStatus(response));
}
}
// reactivate token!
String reactivate1 = "00" + "e6" + "00" + "00";
String reactivate2 = "00" + "44" + "00" + "00";
String response1 = nfcCommunicate(reactivate1);
String response2 = nfcCommunicate(reactivate2);
if (!response1.equals(accepted) || !response2.equals(accepted)) {
throw new CardException("Reactivating failed!", parseCardStatus(response1));
}
}
/**
* Return the fingerprint from application specific data stored on tag, or
* null if it doesn't exist.
*
* @param idx Index of the key to return the fingerprint from.
* @return The fingerprint of the requested key, or null if not found.
*/
public byte[] getMasterKeyFingerprint(int idx) throws IOException {
byte[] data = getFingerprints();
if (data == null) {
return null;
}
// return the master key fingerprint
ByteBuffer fpbuf = ByteBuffer.wrap(data);
byte[] fp = new byte[20];
fpbuf.position(idx * 20);
fpbuf.get(fp, 0, 20);
return fp;
}
} }

42
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/javacard/JavacardDevice.java
View File

@@ -30,7 +30,7 @@ public interface JavacardDevice {
* @param pinType For PW1, this is 0x81. For PW3 (Admin PIN), mode is 0x83. * @param pinType For PW1, this is 0x81. For PW3 (Admin PIN), mode is 0x83.
* @param newPin The new PW1 or PW3. * @param newPin The new PW1 or PW3.
*/ */
void nfcModifyPIN(PinType pinType, byte[] newPin) throws IOException; void modifyPin(int pinType, byte[] newPin) throws IOException;
/** /**
* Calls to calculate the signature and returns the MPI value * Calls to calculate the signature and returns the MPI value
@@ -61,5 +61,43 @@ public interface JavacardDevice {
* @param hash the hash for signing * @param hash the hash for signing
* @return a big integer representing the MPI for the given hash * @return a big integer representing the MPI for the given hash
*/ */
byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException; byte[] calculateSignature(byte[] hash, int hashAlgo) throws IOException;
boolean isFidesmoToken();
/**
* Return the fingerprint from application specific data stored on tag, or
* null if it doesn't exist.
*
* @param idx Index of the key to return the fingerprint from.
* @return The fingerprint of the requested key, or null if not found.
*/
byte[] getMasterKeyFingerprint(int idx) throws IOException;
/**
* Resets security token, which deletes all keys and data objects.
* This works by entering a wrong PIN and then Admin PIN 4 times respectively.
* Afterwards, the token is reactivated.
*/
void resetAndWipeToken() throws IOException;
/**
* Puts a key on the token in the given slot.
*
* @param slot The slot on the token where the key should be stored:
* 0xB6: Signature Key
* 0xB8: Decipherment Key
* 0xA4: Authentication Key
*/
void putKey(int slot, CanonicalizedSecretKey secretKey, Passphrase passphrase) throws IOException;
/**
* Stores a data object on the token. Automatically validates the proper PIN for the operation.
* Supported for all data objects < 255 bytes in length. Only the cardholder certificate
* (0x7F21) can exceed this length.
*
* @param dataObject The data object to be stored.
* @param data The data to store in the object
*/
void putData(int dataObject, byte[] data) throws IOException;
} }

20
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/javacard/NfcTransport.java
View File

@@ -1,23 +1,23 @@
package org.sufficientlysecure.keychain.javacard; package org.sufficientlysecure.keychain.javacard;
import android.nfc.tech.IsoDep;
import java.io.IOException; import java.io.IOException;
public class NfcTransport implements Transport { import nordpol.IsoCard;
public class NfcTransport implements Transport {
// timeout is set to 100 seconds to avoid cancellation during calculation // timeout is set to 100 seconds to avoid cancellation during calculation
private static final int TIMEOUT = 100 * 1000; private static final int TIMEOUT = 100 * 1000;
private final IsoDep mIsoDep; private final IsoCard mIsoCard;
public NfcTransport(final IsoDep isoDep) throws IOException { public NfcTransport(final IsoCard isoDep) throws IOException {
this.mIsoDep = isoDep; this.mIsoCard = isoDep;
mIsoDep.setTimeout(TIMEOUT); mIsoCard.setTimeout(TIMEOUT);
mIsoDep.connect(); mIsoCard.connect();
} }
@Override @Override
public byte[] sendAndReceive(final byte[] data) throws TransportIoException, IOException { public byte[] sendAndReceive(final byte[] data) throws TransportIoException, IOException {
return mIsoDep.transceive(data); return mIsoCard.transceive(data);
} }
@Override @Override
@@ -26,6 +26,6 @@ public class NfcTransport implements Transport {
@Override @Override
public boolean isConnected() { public boolean isConnected() {
return mIsoDep.isConnected(); return mIsoCard.isConnected();
} }
} }

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
View File

@@ -149,9 +149,9 @@ public class CreateKeyActivity extends BaseSecurityTokenNfcActivity {
return; return;
} }
mScannedFingerprints = nfcGetFingerprints(); mScannedFingerprints = mJavacardDevice.getFingerprints();
mNfcAid = nfcGetAid(); mNfcAid = mJavacardDevice.getAid();
mNfcUserId = nfcGetUserId(); mNfcUserId = mJavacardDevice.getUserId();
} }
@Override @Override

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenImportResetFragment.java
View File

@@ -250,9 +250,9 @@ public class CreateSecurityTokenImportResetFragment
@Override @Override
public void doNfcInBackground() throws IOException { public void doNfcInBackground() throws IOException {
mTokenFingerprints = mCreateKeyActivity.nfcGetFingerprints(); mTokenFingerprints = mCreateKeyActivity.mJavacardDevice.getFingerprints();
mTokenAid = mCreateKeyActivity.nfcGetAid(); mTokenAid = mCreateKeyActivity.mJavacardDevice.getAid();
mTokenUserId = mCreateKeyActivity.nfcGetUserId(); mTokenUserId = mCreateKeyActivity.mJavacardDevice.getUserId();
byte[] fp = new byte[20]; byte[] fp = new byte[20];
ByteBuffer.wrap(fp).put(mTokenFingerprints, 0, 20); ByteBuffer.wrap(fp).put(mTokenFingerprints, 0, 20);

36
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
View File

@@ -162,7 +162,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
case NFC_DECRYPT: { case NFC_DECRYPT: {
for (int i = 0; i < mRequiredInput.mInputData.length; i++) { for (int i = 0; i < mRequiredInput.mInputData.length; i++) {
byte[] encryptedSessionKey = mRequiredInput.mInputData[i]; byte[] encryptedSessionKey = mRequiredInput.mInputData[i];
byte[] decryptedSessionKey = nfcDecryptSessionKey(encryptedSessionKey); byte[] decryptedSessionKey = mJavacardDevice.decryptSessionKey(encryptedSessionKey);
mInputParcel.addCryptoData(encryptedSessionKey, decryptedSessionKey); mInputParcel.addCryptoData(encryptedSessionKey, decryptedSessionKey);
} }
break; break;
@@ -173,15 +173,15 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
for (int i = 0; i < mRequiredInput.mInputData.length; i++) { for (int i = 0; i < mRequiredInput.mInputData.length; i++) {
byte[] hash = mRequiredInput.mInputData[i]; byte[] hash = mRequiredInput.mInputData[i];
int algo = mRequiredInput.mSignAlgos[i]; int algo = mRequiredInput.mSignAlgos[i];
byte[] signedHash = nfcCalculateSignature(hash, algo); byte[] signedHash = mJavacardDevice.calculateSignature(hash, algo);
mInputParcel.addCryptoData(hash, signedHash); mInputParcel.addCryptoData(hash, signedHash);
} }
break; break;
} }
case NFC_MOVE_KEY_TO_CARD: { case NFC_MOVE_KEY_TO_CARD: {
// TODO: assume PIN and Admin PIN to be default for this operation // TODO: assume PIN and Admin PIN to be default for this operation
mPin = new Passphrase("123456"); mJavacardDevice.setPin(new Passphrase("123456"));
mAdminPin = new Passphrase("12345678"); mJavacardDevice.setAdminPin(new Passphrase("12345678"));
ProviderHelper providerHelper = new ProviderHelper(this); ProviderHelper providerHelper = new ProviderHelper(this);
CanonicalizedSecretKeyRing secretKeyRing; CanonicalizedSecretKeyRing secretKeyRing;
@@ -206,7 +206,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
long keyGenerationTimestampMillis = key.getCreationTime().getTime(); long keyGenerationTimestampMillis = key.getCreationTime().getTime();
long keyGenerationTimestamp = keyGenerationTimestampMillis / 1000; long keyGenerationTimestamp = keyGenerationTimestampMillis / 1000;
byte[] timestampBytes = ByteBuffer.allocate(4).putInt((int) keyGenerationTimestamp).array(); byte[] timestampBytes = ByteBuffer.allocate(4).putInt((int) keyGenerationTimestamp).array();
byte[] tokenSerialNumber = Arrays.copyOf(nfcGetAid(), 16); byte[] tokenSerialNumber = Arrays.copyOf(mJavacardDevice.getAid(), 16);
Passphrase passphrase; Passphrase passphrase;
try { try {
@@ -218,25 +218,25 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
if (key.canSign() || key.canCertify()) { if (key.canSign() || key.canCertify()) {
if (shouldPutKey(key.getFingerprint(), 0)) { if (shouldPutKey(key.getFingerprint(), 0)) {
nfcPutKey(0xB6, key, passphrase); mJavacardDevice.putKey(0xB6, key, passphrase);
nfcPutData(0xCE, timestampBytes); mJavacardDevice.putData(0xCE, timestampBytes);
nfcPutData(0xC7, key.getFingerprint()); mJavacardDevice.putData(0xC7, key.getFingerprint());
} else { } else {
throw new IOException("Key slot occupied; token must be reset to put new signature key."); throw new IOException("Key slot occupied; token must be reset to put new signature key.");
} }
} else if (key.canEncrypt()) { } else if (key.canEncrypt()) {
if (shouldPutKey(key.getFingerprint(), 1)) { if (shouldPutKey(key.getFingerprint(), 1)) {
nfcPutKey(0xB8, key, passphrase); mJavacardDevice.putKey(0xB8, key, passphrase);
nfcPutData(0xCF, timestampBytes); mJavacardDevice.putData(0xCF, timestampBytes);
nfcPutData(0xC8, key.getFingerprint()); mJavacardDevice.putData(0xC8, key.getFingerprint());
} else { } else {
throw new IOException("Key slot occupied; token must be reset to put new decryption key."); throw new IOException("Key slot occupied; token must be reset to put new decryption key.");
} }
} else if (key.canAuthenticate()) { } else if (key.canAuthenticate()) {
if (shouldPutKey(key.getFingerprint(), 2)) { if (shouldPutKey(key.getFingerprint(), 2)) {
nfcPutKey(0xA4, key, passphrase); mJavacardDevice.putKey(0xA4, key, passphrase);
nfcPutData(0xD0, timestampBytes); mJavacardDevice.putData(0xD0, timestampBytes);
nfcPutData(0xC9, key.getFingerprint()); mJavacardDevice.putData(0xC9, key.getFingerprint());
} else { } else {
throw new IOException("Key slot occupied; token must be reset to put new authentication key."); throw new IOException("Key slot occupied; token must be reset to put new authentication key.");
} }
@@ -249,13 +249,13 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
} }
// change PINs afterwards // change PINs afterwards
nfcModifyPin(0x81, newPin); mJavacardDevice.modifyPin(0x81, newPin);
nfcModifyPin(0x83, newAdminPin); mJavacardDevice.modifyPin(0x83, newAdminPin);
break; break;
} }
case NFC_RESET_CARD: { case NFC_RESET_CARD: {
nfcReset(); mJavacardDevice.resetAndWipeToken();
break; break;
} }
@@ -330,7 +330,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
} }
private boolean shouldPutKey(byte[] fingerprint, int idx) throws IOException { private boolean shouldPutKey(byte[] fingerprint, int idx) throws IOException {
byte[] tokenFingerprint = nfcGetMasterKeyFingerprint(idx); byte[] tokenFingerprint = mJavacardDevice.getMasterKeyFingerprint(idx);
// Note: special case: This should not happen, but happens with // Note: special case: This should not happen, but happens with
// https://github.com/FluffyKaon/OpenPGP-Card, thus for now assume true // https://github.com/FluffyKaon/OpenPGP-Card, thus for now assume true

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
View File

@@ -649,9 +649,9 @@ public class ViewKeyActivity extends BaseSecurityTokenNfcActivity implements
@Override @Override
protected void doNfcInBackground() throws IOException { protected void doNfcInBackground() throws IOException {
mNfcFingerprints = nfcGetFingerprints(); mNfcFingerprints = mJavacardDevice.getFingerprints();
mNfcUserId = nfcGetUserId(); mNfcUserId = mJavacardDevice.getUserId();
mNfcAid = nfcGetAid(); mNfcAid = mJavacardDevice.getAid();
} }
@Override @Override

622
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java
View File

@@ -35,16 +35,19 @@ import android.os.AsyncTask;
import android.os.Bundle; import android.os.Bundle;
import nordpol.Apdu; import nordpol.Apdu;
import nordpol.IsoCard;
import nordpol.android.TagDispatcher; import nordpol.android.TagDispatcher;
import nordpol.android.AndroidCard; import nordpol.android.AndroidCard;
import nordpol.android.OnDiscoveredTagListener; import nordpol.android.OnDiscoveredTagListener;
import nordpol.IsoCard;
import org.bouncycastle.bcpg.HashAlgorithmTags; import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.encoders.Hex;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.javacard.BaseJavacardDevice;
import org.sufficientlysecure.keychain.javacard.JavacardDevice;
import org.sufficientlysecure.keychain.javacard.NfcTransport;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey; import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
@@ -72,21 +75,19 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
public static final String EXTRA_TAG_HANDLING_ENABLED = "tag_handling_enabled"; public static final String EXTRA_TAG_HANDLING_ENABLED = "tag_handling_enabled";
// Fidesmo constants
private static final String FIDESMO_APPS_AID_PREFIX = "A000000617";
private static final String FIDESMO_APP_PACKAGE = "com.fidesmo.sec.android"; private static final String FIDESMO_APP_PACKAGE = "com.fidesmo.sec.android";
protected Passphrase mPin; //protected Passphrase mPin;
protected Passphrase mAdminPin; //protected Passphrase mAdminPin;
protected boolean mPw1ValidForMultipleSignatures; //protected boolean mPw1ValidForMultipleSignatures;
protected boolean mPw1ValidatedForSignature; //protected boolean mPw1ValidatedForSignature;
protected boolean mPw1ValidatedForDecrypt; // Mode 82 does other things; consider renaming? //protected boolean mPw1ValidatedForDecrypt; // Mode 82 does other things; consider renaming?
protected boolean mPw3Validated; //protected boolean mPw3Validated;
protected TagDispatcher mTagDispatcher;
private IsoCard mIsoCard;
private boolean mTagHandlingEnabled;
private static final int TIMEOUT = 100000; public JavacardDevice mJavacardDevice;
protected TagDispatcher mTagDispatcher;
// private IsoCard mIsoCard;
private boolean mTagHandlingEnabled;
private byte[] mNfcFingerprints; private byte[] mNfcFingerprints;
private String mNfcUserId; private String mNfcUserId;
@@ -102,9 +103,9 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
* Override to implement NFC operations (background thread) * Override to implement NFC operations (background thread)
*/ */
protected void doNfcInBackground() throws IOException { protected void doNfcInBackground() throws IOException {
mNfcFingerprints = nfcGetFingerprints(); mNfcFingerprints = mJavacardDevice.getFingerprints();
mNfcUserId = nfcGetUserId(); mNfcUserId = mJavacardDevice.getUserId();
mNfcAid = nfcGetAid(); mNfcAid = mJavacardDevice.getAid();
} }
/** /**
@@ -316,7 +317,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
} }
// 6A82 app not installed on security token! // 6A82 app not installed on security token!
case 0x6A82: { case 0x6A82: {
if (isFidesmoToken()) { if (mJavacardDevice.isFidesmoToken()) {
// Check if the Fidesmo app is installed // Check if the Fidesmo app is installed
if (isAndroidAppInstalled(FIDESMO_APP_PACKAGE)) { if (isAndroidAppInstalled(FIDESMO_APP_PACKAGE)) {
promptFidesmoPgpInstall(); promptFidesmoPgpInstall();
@@ -363,7 +364,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
Passphrase passphrase = PassphraseCacheService.getCachedPassphrase(this, Passphrase passphrase = PassphraseCacheService.getCachedPassphrase(this,
requiredInput.getMasterKeyId(), requiredInput.getSubKeyId()); requiredInput.getMasterKeyId(), requiredInput.getSubKeyId());
if (passphrase != null) { if (passphrase != null) {
mPin = passphrase; mJavacardDevice.setPin(passphrase);
return; return;
} }
@@ -388,7 +389,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
return; return;
} }
CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_CRYPTO_INPUT); CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_CRYPTO_INPUT);
mPin = input.getPassphrase(); mJavacardDevice.setPin(input.getPassphrase());
break; break;
} }
default: default:
@@ -413,573 +414,19 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
protected void handleTagDiscovered(Tag tag) throws IOException { protected void handleTagDiscovered(Tag tag) throws IOException {
// Connect to the detected tag, setting a couple of settings // Connect to the detected tag, setting a couple of settings
mIsoCard = AndroidCard.get(tag); IsoCard isoCard = AndroidCard.get(tag);
if (mIsoCard == null) { if (isoCard == null) {
throw new IsoDepNotSupportedException("Tag does not support ISO-DEP (ISO 14443-4)"); throw new IsoDepNotSupportedException("Tag does not support ISO-DEP (ISO 14443-4)");
} }
mIsoCard.setTimeout(TIMEOUT); // timeout is set to 100 seconds to avoid cancellation during calculation
mIsoCard.connect();
// SW1/2 0x9000 is the generic "ok" response, which we expect most of the time. mJavacardDevice = new BaseJavacardDevice(new NfcTransport(isoCard));
// See specification, page 51 mJavacardDevice.connectToDevice();
String accepted = "9000";
// Command APDU (page 51) for SELECT FILE command (page 29)
String opening =
"00" // CLA
+ "A4" // INS
+ "04" // P1
+ "00" // P2
+ "06" // Lc (number of bytes)
+ "D27600012401" // Data (6 bytes)
+ "00"; // Le
String response = nfcCommunicate(opening); // activate connection
if ( ! response.endsWith(accepted) ) {
throw new CardException("Initialization failed!", parseCardStatus(response));
}
byte[] pwStatusBytes = nfcGetPwStatusBytes();
mPw1ValidForMultipleSignatures = (pwStatusBytes[0] == 1);
mPw1ValidatedForSignature = false;
mPw1ValidatedForDecrypt = false;
mPw3Validated = false;
doNfcInBackground(); doNfcInBackground();
} }
public boolean isNfcConnected() { public boolean isNfcConnected() {
return mIsoCard.isConnected(); return mJavacardDevice.isConnected();
}
/** Return the key id from application specific data stored on tag, or null
* if it doesn't exist.
*
* @param idx Index of the key to return the fingerprint from.
* @return The long key id of the requested key, or null if not found.
*/
public Long nfcGetKeyId(int idx) throws IOException {
byte[] fp = nfcGetMasterKeyFingerprint(idx);
if (fp == null) {
return null;
}
ByteBuffer buf = ByteBuffer.wrap(fp);
// skip first 12 bytes of the fingerprint
buf.position(12);
// the last eight bytes are the key id (big endian, which is default order in ByteBuffer)
return buf.getLong();
}
/** Return fingerprints of all keys from application specific data stored
* on tag, or null if data not available.
*
* @return The fingerprints of all subkeys in a contiguous byte array.
*/
public byte[] nfcGetFingerprints() throws IOException {
String data = "00CA006E00";
byte[] buf = mIsoCard.transceive(Hex.decode(data));
Iso7816TLV tlv = Iso7816TLV.readSingle(buf, true);
Log.d(Constants.TAG, "nfcGetFingerprints() Iso7816TLV tlv data:\n" + tlv.prettyPrint());
Iso7816TLV fptlv = Iso7816TLV.findRecursive(tlv, 0xc5);
if (fptlv == null) {
return null;
}
return fptlv.mV;
}
/** Return the PW Status Bytes from the token. This is a simple DO; no TLV decoding needed.
*
* @return Seven bytes in fixed format, plus 0x9000 status word at the end.
*/
public byte[] nfcGetPwStatusBytes() throws IOException {
String data = "00CA00C400";
return mIsoCard.transceive(Hex.decode(data));
}
/** Return the fingerprint from application specific data stored on tag, or
* null if it doesn't exist.
*
* @param idx Index of the key to return the fingerprint from.
* @return The fingerprint of the requested key, or null if not found.
*/
public byte[] nfcGetMasterKeyFingerprint(int idx) throws IOException {
byte[] data = nfcGetFingerprints();
if (data == null) {
return null;
}
// return the master key fingerprint
ByteBuffer fpbuf = ByteBuffer.wrap(data);
byte[] fp = new byte[20];
fpbuf.position(idx * 20);
fpbuf.get(fp, 0, 20);
return fp;
}
public byte[] nfcGetAid() throws IOException {
String info = "00CA004F00";
return mIsoCard.transceive(Hex.decode(info));
}
public String nfcGetUserId() throws IOException {
String info = "00CA006500";
return getHolderName(nfcCommunicate(info));
}
/**
* Call COMPUTE DIGITAL SIGNATURE command and returns the MPI value
*
* @param hash the hash for signing
* @return a big integer representing the MPI for the given hash
*/
public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
if (!mPw1ValidatedForSignature) {
nfcVerifyPin(0x81); // (Verify PW1 with mode 81 for signing)
}
// dsi, including Lc
String dsi;
Log.i(Constants.TAG, "Hash: " + hashAlgo);
switch (hashAlgo) {
case HashAlgorithmTags.SHA1:
if (hash.length != 20) {
throw new IOException("Bad hash length (" + hash.length + ", expected 10!");
}
dsi = "23" // Lc
+ "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
+ "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes
+ "0605" + "2B0E03021A" // OID of SHA1
+ "0500" // TLV coding of ZERO
+ "0414" + getHex(hash); // 0x14 are 20 hash bytes
break;
case HashAlgorithmTags.RIPEMD160:
if (hash.length != 20) {
throw new IOException("Bad hash length (" + hash.length + ", expected 20!");
}
dsi = "233021300906052B2403020105000414" + getHex(hash);
break;
case HashAlgorithmTags.SHA224:
if (hash.length != 28) {
throw new IOException("Bad hash length (" + hash.length + ", expected 28!");
}
dsi = "2F302D300D06096086480165030402040500041C" + getHex(hash);
break;
case HashAlgorithmTags.SHA256:
if (hash.length != 32) {
throw new IOException("Bad hash length (" + hash.length + ", expected 32!");
}
dsi = "333031300D060960864801650304020105000420" + getHex(hash);
break;
case HashAlgorithmTags.SHA384:
if (hash.length != 48) {
throw new IOException("Bad hash length (" + hash.length + ", expected 48!");
}
dsi = "433041300D060960864801650304020205000430" + getHex(hash);
break;
case HashAlgorithmTags.SHA512:
if (hash.length != 64) {
throw new IOException("Bad hash length (" + hash.length + ", expected 64!");
}
dsi = "533051300D060960864801650304020305000440" + getHex(hash);
break;
default:
throw new IOException("Not supported hash algo!");
}
// Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
String apdu =
"002A9E9A" // CLA, INS, P1, P2
+ dsi // digital signature input
+ "00"; // Le
String response = nfcCommunicate(apdu);
// split up response into signature and status
String status = response.substring(response.length()-4);
String signature = response.substring(0, response.length() - 4);
// while we are getting 0x61 status codes, retrieve more data
while (status.substring(0, 2).equals("61")) {
Log.d(Constants.TAG, "requesting more data, status " + status);
// Send GET RESPONSE command
response = nfcCommunicate("00C00000" + status.substring(2));
status = response.substring(response.length()-4);
signature += response.substring(0, response.length()-4);
}
Log.d(Constants.TAG, "final response:" + status);
if (!mPw1ValidForMultipleSignatures) {
mPw1ValidatedForSignature = false;
}
if ( ! "9000".equals(status)) {
throw new CardException("Bad NFC response code: " + status, parseCardStatus(response));
}
// Make sure the signature we received is actually the expected number of bytes long!
if (signature.length() != 256 && signature.length() != 512) {
throw new IOException("Bad signature length! Expected 128 or 256 bytes, got " + signature.length() / 2);
}
return Hex.decode(signature);
}
/**
* Call DECIPHER command
*
* @param encryptedSessionKey the encoded session key
* @return the decoded session key
*/
public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
if (!mPw1ValidatedForDecrypt) {
nfcVerifyPin(0x82); // (Verify PW1 with mode 82 for decryption)
}
String firstApdu = "102a8086fe";
String secondApdu = "002a808603";
String le = "00";
byte[] one = new byte[254];
// leave out first byte:
System.arraycopy(encryptedSessionKey, 1, one, 0, one.length);
byte[] two = new byte[encryptedSessionKey.length - 1 - one.length];
for (int i = 0; i < two.length; i++) {
two[i] = encryptedSessionKey[i + one.length + 1];
}
nfcCommunicate(firstApdu + getHex(one));
String second = nfcCommunicate(secondApdu + getHex(two) + le);
String decryptedSessionKey = getDataField(second);
return Hex.decode(decryptedSessionKey);
}
/** Verifies the user's PW1 or PW3 with the appropriate mode.
*
* @param mode For PW1, this is 0x81 for signing, 0x82 for everything else.
* For PW3 (Admin PIN), mode is 0x83.
*/
public void nfcVerifyPin(int mode) throws IOException {
if (mPin != null || mode == 0x83) {
byte[] pin;
if (mode == 0x83) {
pin = mAdminPin.toStringUnsafe().getBytes();
} else {
pin = mPin.toStringUnsafe().getBytes();
}
// SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
// See specification, page 51
String accepted = "9000";
String response = nfcTryPin(mode, pin); // login
if (!response.equals(accepted)) {
throw new CardException("Bad PIN!", parseCardStatus(response));
}
if (mode == 0x81) {
mPw1ValidatedForSignature = true;
} else if (mode == 0x82) {
mPw1ValidatedForDecrypt = true;
} else if (mode == 0x83) {
mPw3Validated = true;
}
}
}
/**
* Resets security token, which deletes all keys and data objects.
* This works by entering a wrong PIN and then Admin PIN 4 times respectively.
* Afterwards, the token is reactivated.
*/
public void nfcReset() throws IOException {
String accepted = "9000";
// try wrong PIN 4 times until counter goes to C0
byte[] pin = "XXXXXX".getBytes();
for (int i = 0; i <= 4; i++) {
String response = nfcTryPin(0x81, pin);
if (response.equals(accepted)) { // Should NOT accept!
throw new CardException("Should never happen, XXXXXX has been accepted!", parseCardStatus(response));
}
}
// try wrong Admin PIN 4 times until counter goes to C0
byte[] adminPin = "XXXXXXXX".getBytes();
for (int i = 0; i <= 4; i++) {
String response = nfcTryPin(0x83, adminPin);
if (response.equals(accepted)) { // Should NOT accept!
throw new CardException("Should never happen, XXXXXXXX has been accepted", parseCardStatus(response));
}
}
// reactivate token!
String reactivate1 = "00" + "e6" + "00" + "00";
String reactivate2 = "00" + "44" + "00" + "00";
String response1 = nfcCommunicate(reactivate1);
String response2 = nfcCommunicate(reactivate2);
if (!response1.equals(accepted) || !response2.equals(accepted)) {
throw new CardException("Reactivating failed!", parseCardStatus(response1));
}
}
private String nfcTryPin(int mode, byte[] pin) throws IOException {
// Command APDU for VERIFY command (page 32)
String login =
"00" // CLA
+ "20" // INS
+ "00" // P1
+ String.format("%02x", mode) // P2
+ String.format("%02x", pin.length) // Lc
+ Hex.toHexString(pin);
return nfcCommunicate(login);
}
/** Modifies the user's PW1 or PW3. Before sending, the new PIN will be validated for
* conformance to the token's requirements for key length.
*
* @param pw For PW1, this is 0x81. For PW3 (Admin PIN), mode is 0x83.
* @param newPin The new PW1 or PW3.
*/
public void nfcModifyPin(int pw, byte[] newPin) throws IOException {
final int MAX_PW1_LENGTH_INDEX = 1;
final int MAX_PW3_LENGTH_INDEX = 3;
byte[] pwStatusBytes = nfcGetPwStatusBytes();
if (pw == 0x81) {
if (newPin.length < 6 || newPin.length > pwStatusBytes[MAX_PW1_LENGTH_INDEX]) {
throw new IOException("Invalid PIN length");
}
} else if (pw == 0x83) {
if (newPin.length < 8 || newPin.length > pwStatusBytes[MAX_PW3_LENGTH_INDEX]) {
throw new IOException("Invalid PIN length");
}
} else {
throw new IOException("Invalid PW index for modify PIN operation");
}
byte[] pin;
if (pw == 0x83) {
pin = mAdminPin.toStringUnsafe().getBytes();
} else {
pin = mPin.toStringUnsafe().getBytes();
}
// Command APDU for CHANGE REFERENCE DATA command (page 32)
String changeReferenceDataApdu = "00" // CLA
+ "24" // INS
+ "00" // P1
+ String.format("%02x", pw) // P2
+ String.format("%02x", pin.length + newPin.length) // Lc
+ getHex(pin)
+ getHex(newPin);
String response = nfcCommunicate(changeReferenceDataApdu); // change PIN
if (!response.equals("9000")) {
throw new CardException("Failed to change PIN", parseCardStatus(response));
}
}
/**
* Stores a data object on the token. Automatically validates the proper PIN for the operation.
* Supported for all data objects < 255 bytes in length. Only the cardholder certificate
* (0x7F21) can exceed this length.
*
* @param dataObject The data object to be stored.
* @param data The data to store in the object
*/
public void nfcPutData(int dataObject, byte[] data) throws IOException {
if (data.length > 254) {
throw new IOException("Cannot PUT DATA with length > 254");
}
if (dataObject == 0x0101 || dataObject == 0x0103) {
if (!mPw1ValidatedForDecrypt) {
nfcVerifyPin(0x82); // (Verify PW1 for non-signing operations)
}
} else if (!mPw3Validated) {
nfcVerifyPin(0x83); // (Verify PW3)
}
String putDataApdu = "00" // CLA
+ "DA" // INS
+ String.format("%02x", (dataObject & 0xFF00) >> 8) // P1
+ String.format("%02x", dataObject & 0xFF) // P2
+ String.format("%02x", data.length) // Lc
+ getHex(data);
String response = nfcCommunicate(putDataApdu); // put data
if (!response.equals("9000")) {
throw new CardException("Failed to put data.", parseCardStatus(response));
}
}
/**
* Puts a key on the token in the given slot.
*
* @param slot The slot on the token where the key should be stored:
* 0xB6: Signature Key
* 0xB8: Decipherment Key
* 0xA4: Authentication Key
*/
public void nfcPutKey(int slot, CanonicalizedSecretKey secretKey, Passphrase passphrase)
throws IOException {
if (slot != 0xB6 && slot != 0xB8 && slot != 0xA4) {
throw new IOException("Invalid key slot");
}
RSAPrivateCrtKey crtSecretKey;
try {
secretKey.unlock(passphrase);
crtSecretKey = secretKey.getCrtSecretKey();
} catch (PgpGeneralException e) {
throw new IOException(e.getMessage());
}
// Shouldn't happen; the UI should block the user from getting an incompatible key this far.
if (crtSecretKey.getModulus().bitLength() > 2048) {
throw new IOException("Key too large to export to Security Token.");
}
// Should happen only rarely; all GnuPG keys since 2006 use public exponent 65537.
if (!crtSecretKey.getPublicExponent().equals(new BigInteger("65537"))) {
throw new IOException("Invalid public exponent for smart Security Token.");
}
if (!mPw3Validated) {
nfcVerifyPin(0x83); // (Verify PW3 with mode 83)
}
byte[] header= Hex.decode(
"4D82" + "03A2" // Extended header list 4D82, length of 930 bytes. (page 23)
+ String.format("%02x", slot) + "00" // CRT to indicate targeted key, no length
+ "7F48" + "15" // Private key template 0x7F48, length 21 (decimal, 0x15 hex)
+ "9103" // Public modulus, length 3
+ "928180" // Prime P, length 128
+ "938180" // Prime Q, length 128
+ "948180" // Coefficient (1/q mod p), length 128
+ "958180" // Prime exponent P (d mod (p - 1)), length 128
+ "968180" // Prime exponent Q (d mod (1 - 1)), length 128
+ "97820100" // Modulus, length 256, last item in private key template
+ "5F48" + "820383");// DO 5F48; 899 bytes of concatenated key data will follow
byte[] dataToSend = new byte[934];
byte[] currentKeyObject;
int offset = 0;
System.arraycopy(header, 0, dataToSend, offset, header.length);
offset += header.length;
currentKeyObject = crtSecretKey.getPublicExponent().toByteArray();
System.arraycopy(currentKeyObject, 0, dataToSend, offset, 3);
offset += 3;
// NOTE: For a 2048-bit key, these lengths are fixed. However, bigint includes a leading 0
// in the array to represent sign, so we take care to set the offset to 1 if necessary.
currentKeyObject = crtSecretKey.getPrimeP().toByteArray();
System.arraycopy(currentKeyObject, currentKeyObject.length - 128, dataToSend, offset, 128);
Arrays.fill(currentKeyObject, (byte)0);
offset += 128;
currentKeyObject = crtSecretKey.getPrimeQ().toByteArray();
System.arraycopy(currentKeyObject, currentKeyObject.length - 128, dataToSend, offset, 128);
Arrays.fill(currentKeyObject, (byte)0);
offset += 128;
currentKeyObject = crtSecretKey.getCrtCoefficient().toByteArray();
System.arraycopy(currentKeyObject, currentKeyObject.length - 128, dataToSend, offset, 128);
Arrays.fill(currentKeyObject, (byte)0);
offset += 128;
currentKeyObject = crtSecretKey.getPrimeExponentP().toByteArray();
System.arraycopy(currentKeyObject, currentKeyObject.length - 128, dataToSend, offset, 128);
Arrays.fill(currentKeyObject, (byte)0);
offset += 128;
currentKeyObject = crtSecretKey.getPrimeExponentQ().toByteArray();
System.arraycopy(currentKeyObject, currentKeyObject.length - 128, dataToSend, offset, 128);
Arrays.fill(currentKeyObject, (byte)0);
offset += 128;
currentKeyObject = crtSecretKey.getModulus().toByteArray();
System.arraycopy(currentKeyObject, currentKeyObject.length - 256, dataToSend, offset, 256);
String putKeyCommand = "10DB3FFF";
String lastPutKeyCommand = "00DB3FFF";
// Now we're ready to communicate with the token.
offset = 0;
String response;
while(offset < dataToSend.length) {
int dataRemaining = dataToSend.length - offset;
if (dataRemaining > 254) {
response = nfcCommunicate(
putKeyCommand + "FE" + Hex.toHexString(dataToSend, offset, 254)
);
offset += 254;
} else {
int length = dataToSend.length - offset;
response = nfcCommunicate(
lastPutKeyCommand + String.format("%02x", length)
+ Hex.toHexString(dataToSend, offset, length));
offset += length;
}
if (!response.endsWith("9000")) {
throw new CardException("Key export to Security Token failed", parseCardStatus(response));
}
}
// Clear array with secret data before we return.
Arrays.fill(dataToSend, (byte) 0);
}
/**
* Generates a key on the card in the given slot. If the slot is 0xB6 (the signature key),
* this command also has the effect of resetting the digital signature counter.
* NOTE: This does not set the key fingerprint data object! After calling this command, you
* must construct a public key packet using the returned public key data objects, compute the
* key fingerprint, and store it on the card using: nfcPutData(0xC8, key.getFingerprint())
*
* @param slot The slot on the card where the key should be generated:
* 0xB6: Signature Key
* 0xB8: Decipherment Key
* 0xA4: Authentication Key
* @return the public key data objects, in TLV format. For RSA this will be the public modulus
* (0x81) and exponent (0x82). These may come out of order; proper TLV parsing is required.
*/
public byte[] nfcGenerateKey(int slot) throws IOException {
if (slot != 0xB6 && slot != 0xB8 && slot != 0xA4) {
throw new IOException("Invalid key slot");
}
if (!mPw3Validated) {
nfcVerifyPin(0x83); // (Verify PW3 with mode 83)
}
String generateKeyApdu = "0047800002" + String.format("%02x", slot) + "0000";
String getResponseApdu = "00C00000";
String first = nfcCommunicate(generateKeyApdu);
String second = nfcCommunicate(getResponseApdu);
if (!second.endsWith("9000")) {
throw new IOException("On-card key generation failed");
}
String publicKeyData = getDataField(first) + getDataField(second);
Log.d(Constants.TAG, "Public Key Data Objects: " + publicKeyData);
return Hex.decode(publicKeyData);
}
/**
* Transceive data via NFC encoded as Hex
*/
public String nfcCommunicate(String apdu) throws IOException {
return getHex(mIsoCard.transceive(Hex.decode(apdu)));
} }
/** /**
@@ -1020,10 +467,6 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
} }
} }
private String getDataField(String output) {
return output.substring(0, output.length() - 4);
}
public static String getHex(byte[] raw) { public static String getHex(byte[] raw) {
return new String(Hex.encode(raw)); return new String(Hex.encode(raw));
} }
@@ -1050,21 +493,6 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
} }
private boolean isFidesmoToken() {
if (isNfcConnected()) { // Check if we can still talk to the card
try {
// By trying to select any apps that have the Fidesmo AID prefix we can
// see if it is a Fidesmo device or not
byte[] mSelectResponse = mIsoCard.transceive(Apdu.select(FIDESMO_APPS_AID_PREFIX));
// Compare the status returned by our select with the OK status code
return Apdu.hasStatus(mSelectResponse, Apdu.OK_APDU);
} catch (IOException e) {
Log.e(Constants.TAG, "Card communication failed!", e);
}
}
return false;
}
/** /**
* Ask user if she wants to install PGP onto her Fidesmo token * Ask user if she wants to install PGP onto her Fidesmo token
*/ */