Add special handling for expected ECC import format for Nitrokey 3

2024-02-20 15:50:55 +01:00
parent c9e86b00ed
commit 90f859749e
2 changed files with 10 additions and 5 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtils.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtils.java
@@ -33,13 +33,13 @@ import java.security.interfaces.RSAPrivateCrtKey;

 public class SecurityTokenUtils {
    public static byte[] attributesFromSecretKey(KeyType slot, CanonicalizedSecretKey secretKey,
-            KeyFormat formatForKeyType)
+            KeyFormat currentKeyFormat, boolean withEccPublicKey)
            throws IOException {
        if (secretKey.isRSA()) {
-            return attributesForRsaKey(secretKey.getBitStrength(), (RsaKeyFormat) formatForKeyType);
+            return attributesForRsaKey(secretKey.getBitStrength(), (RsaKeyFormat) currentKeyFormat);
        } else if (secretKey.isEC()) {
            byte[] oid = new ASN1ObjectIdentifier(secretKey.getCurveOid()).getEncoded();
-            byte[] attrs = new byte[1 + (oid.length - 2) + 1];
+            byte[] attrs = new byte[1 + (oid.length - 2) + (withEccPublicKey ? 1 : 0)];

            if (slot.equals(KeyType.ENCRYPT))
                attrs[0] = PublicKeyAlgorithmTags.ECDH;
@@ -49,7 +49,9 @@ public class SecurityTokenUtils {

            System.arraycopy(oid, 2, attrs, 1, (oid.length - 2));

+            if (withEccPublicKey) {
                attrs[attrs.length - 1] = (byte) 0xff;
+            }

            return attrs;
        } else {
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenChangeKeyTokenOp.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenChangeKeyTokenOp.java
@@ -39,6 +39,7 @@ import org.sufficientlysecure.keychain.securitytoken.OpenPgpCapabilities;
 import org.sufficientlysecure.keychain.securitytoken.RsaKeyFormat;
 import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
 import org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection;
+import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;
 import org.sufficientlysecure.keychain.securitytoken.SecurityTokenUtils;
 import org.sufficientlysecure.keychain.util.Passphrase;

@@ -150,7 +151,9 @@ public class SecurityTokenChangeKeyTokenOp {
        OpenPgpCapabilities openPgpCapabilities = connection.getOpenPgpCapabilities();
        KeyFormat formatForKeyType = openPgpCapabilities.getFormatForKeyType(slot);

-        return SecurityTokenUtils.attributesFromSecretKey(slot, secretKey, formatForKeyType);
+        // the Nitrokey 3 doesn't support including the public key
+        boolean withEccPublicKey = connection.getTokenType() != TokenType.NITROKEY_3;
+        return SecurityTokenUtils.attributesFromSecretKey(slot, secretKey, formatForKeyType, withEccPublicKey);
    }

    private void setKeyAttributes(Passphrase adminPin, KeyType keyType, byte[] data) throws IOException {