Note that when the expected length of the response APDU is specified - * in the {@linkplain #CommandAPDU(int,int,int,int,int) constructors}, - * the actual length (Ne) must be specified, not its - * encoded form (Le). Similarly, {@linkplain #getNe} returns the actual - * value Ne. In other words, a value of 0 means "no data in the response APDU" - * rather than "maximum length." - * - *
This class supports both the short and extended forms of length - * encoding for Ne and Nc. However, note that not all terminals and Smart Cards - * are capable of accepting APDUs that use the extended form. - * - *
For the header bytes CLA, INS, P1, and P2 the Java type int
- * is used to represent the 8 bit unsigned values. In the constructors, only
- * the 8 lowest bits of the int value specified by the application
- * are significant. The accessor methods always return the byte as an unsigned
- * value between 0 and 255.
- *
- *
Instances of this class are immutable. Where data is passed in or out - * via byte arrays, defensive cloning is performed. - * - * @see ResponseApdu - * - * @since 1.6 - * @author Andreas Sterbenz - * @author JSR 268 Expert Group - */ -public final class CommandAPDU implements java.io.Serializable { - - private static final long serialVersionUID = 398698301286670877L; - - private static final int MAX_APDU_SIZE = 65544; - - /** @serial */ - private byte[] apdu; - - // value of nc - private transient int nc; - - // value of ne - private transient int ne; - - // index of start of data within the apdu array - private transient int dataOffset; - - /** - * Constructs a CommandAPDU from a byte array containing the complete - * APDU contents (header and body). - * - *
Note that the apdu bytes are copied to protect against
- * subsequent modification.
- *
- * @param apdu the complete command APDU
- *
- * @throws NullPointerException if apdu is null
- * @throws IllegalArgumentException if apdu does not contain a valid
- * command APDU
- */
- public CommandAPDU(byte[] apdu) {
- this.apdu = apdu.clone();
- parse();
- }
-
- /**
- * Constructs a CommandAPDU from a byte array containing the complete
- * APDU contents (header and body). The APDU starts at the index
- * apduOffset in the byte array and is apduLength
- * bytes long.
- *
- *
Note that the apdu bytes are copied to protect against
- * subsequent modification.
- *
- * @param apdu the complete command APDU
- * @param apduOffset the offset in the byte array at which the apdu
- * data begins
- * @param apduLength the length of the APDU
- *
- * @throws NullPointerException if apdu is null
- * @throws IllegalArgumentException if apduOffset or apduLength are
- * negative or if apduOffset + apduLength are greater than apdu.length,
- * or if the specified bytes are not a valid APDU
- */
- public CommandAPDU(byte[] apdu, int apduOffset, int apduLength) {
- checkArrayBounds(apdu, apduOffset, apduLength);
- this.apdu = new byte[apduLength];
- System.arraycopy(apdu, apduOffset, this.apdu, 0, apduLength);
- parse();
- }
-
- private void checkArrayBounds(byte[] b, int ofs, int len) {
- if ((ofs < 0) || (len < 0)) {
- throw new IllegalArgumentException
- ("Offset and length must not be negative");
- }
- if (b == null) {
- if ((ofs != 0) && (len != 0)) {
- throw new IllegalArgumentException
- ("offset and length must be 0 if array is null");
- }
- } else {
- if (ofs > b.length - len) {
- throw new IllegalArgumentException
- ("Offset plus length exceed array size");
- }
- }
- }
-
- /**
- * Creates a CommandAPDU from the ByteBuffer containing the complete APDU
- * contents (header and body).
- * The buffer's position must be set to the start of the APDU,
- * its limit to the end of the APDU. Upon return, the buffer's
- * position is equal to its limit; its limit remains unchanged.
- *
- *
Note that the data in the ByteBuffer is copied to protect against
- * subsequent modification.
- *
- * @param apdu the ByteBuffer containing the complete APDU
- *
- * @throws NullPointerException if apdu is null
- * @throws IllegalArgumentException if apdu does not contain a valid
- * command APDU
- */
- public CommandAPDU(ByteBuffer apdu) {
- this.apdu = new byte[apdu.remaining()];
- apdu.get(this.apdu);
- parse();
- }
-
- /**
- * Constructs a CommandAPDU from the four header bytes. This is case 1
- * in ISO 7816, no command body.
- *
- * @param cla the class byte CLA
- * @param ins the instruction byte INS
- * @param p1 the parameter byte P1
- * @param p2 the parameter byte P2
- */
- public CommandAPDU(int cla, int ins, int p1, int p2) {
- this(cla, ins, p1, p2, null, 0, 0, 0);
- }
-
- /**
- * Constructs a CommandAPDU from the four header bytes and the expected
- * response data length. This is case 2 in ISO 7816, empty command data
- * field with Ne specified. If Ne is 0, the APDU is encoded as ISO 7816
- * case 1.
- *
- * @param cla the class byte CLA
- * @param ins the instruction byte INS
- * @param p1 the parameter byte P1
- * @param p2 the parameter byte P2
- * @param ne the maximum number of expected data bytes in a response APDU
- *
- * @throws IllegalArgumentException if ne is negative or greater than
- * 65536
- */
- public CommandAPDU(int cla, int ins, int p1, int p2, int ne) {
- this(cla, ins, p1, p2, null, 0, 0, ne);
- }
-
- /**
- * Constructs a CommandAPDU from the four header bytes and command data.
- * This is case 3 in ISO 7816, command data present and Ne absent. The
- * value Nc is taken as data.length. If data is null or
- * its length is 0, the APDU is encoded as ISO 7816 case 1.
- *
- *
Note that the data bytes are copied to protect against
- * subsequent modification.
- *
- * @param cla the class byte CLA
- * @param ins the instruction byte INS
- * @param p1 the parameter byte P1
- * @param p2 the parameter byte P2
- * @param data the byte array containing the data bytes of the command body
- *
- * @throws IllegalArgumentException if data.length is greater than 65535
- */
- public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data) {
- this(cla, ins, p1, p2, data, 0, arrayLength(data), 0);
- }
-
- /**
- * Constructs a CommandAPDU from the four header bytes and command data.
- * This is case 3 in ISO 7816, command data present and Ne absent. The
- * value Nc is taken as dataLength. If dataLength
- * is 0, the APDU is encoded as ISO 7816 case 1.
- *
- *
Note that the data bytes are copied to protect against
- * subsequent modification.
- *
- * @param cla the class byte CLA
- * @param ins the instruction byte INS
- * @param p1 the parameter byte P1
- * @param p2 the parameter byte P2
- * @param data the byte array containing the data bytes of the command body
- * @param dataOffset the offset in the byte array at which the data
- * bytes of the command body begin
- * @param dataLength the number of the data bytes in the command body
- *
- * @throws NullPointerException if data is null and dataLength is not 0
- * @throws IllegalArgumentException if dataOffset or dataLength are
- * negative or if dataOffset + dataLength are greater than data.length
- * or if dataLength is greater than 65535
- */
- public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data,
- int dataOffset, int dataLength) {
- this(cla, ins, p1, p2, data, dataOffset, dataLength, 0);
- }
-
- /**
- * Constructs a CommandAPDU from the four header bytes, command data,
- * and expected response data length. This is case 4 in ISO 7816,
- * command data and Ne present. The value Nc is taken as data.length
- * if data is non-null and as 0 otherwise. If Ne or Nc
- * are zero, the APDU is encoded as case 1, 2, or 3 per ISO 7816.
- *
- *
Note that the data bytes are copied to protect against
- * subsequent modification.
- *
- * @param cla the class byte CLA
- * @param ins the instruction byte INS
- * @param p1 the parameter byte P1
- * @param p2 the parameter byte P2
- * @param data the byte array containing the data bytes of the command body
- * @param ne the maximum number of expected data bytes in a response APDU
- *
- * @throws IllegalArgumentException if data.length is greater than 65535
- * or if ne is negative or greater than 65536
- */
- public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data, int ne) {
- this(cla, ins, p1, p2, data, 0, arrayLength(data), ne);
- }
-
- private static int arrayLength(byte[] b) {
- return (b != null) ? b.length : 0;
- }
-
- /**
- * Command APDU encoding options:
- *
- * case 1: |CLA|INS|P1 |P2 | len = 4
- * case 2s: |CLA|INS|P1 |P2 |LE | len = 5
- * case 3s: |CLA|INS|P1 |P2 |LC |...BODY...| len = 6..260
- * case 4s: |CLA|INS|P1 |P2 |LC |...BODY...|LE | len = 7..261
- * case 2e: |CLA|INS|P1 |P2 |00 |LE1|LE2| len = 7
- * case 3e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...| len = 8..65542
- * case 4e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...|LE1|LE2| len =10..65544
- *
- * LE, LE1, LE2 may be 0x00.
- * LC must not be 0x00 and LC1|LC2 must not be 0x00|0x00
- */
- private void parse() {
- if (apdu.length < 4) {
- throw new IllegalArgumentException("apdu must be at least 4 bytes long");
- }
- if (apdu.length == 4) {
- // case 1
- return;
- }
- int l1 = apdu[4] & 0xff;
- if (apdu.length == 5) {
- // case 2s
- this.ne = (l1 == 0) ? 256 : l1;
- return;
- }
- if (l1 != 0) {
- if (apdu.length == 4 + 1 + l1) {
- // case 3s
- this.nc = l1;
- this.dataOffset = 5;
- return;
- } else if (apdu.length == 4 + 2 + l1) {
- // case 4s
- this.nc = l1;
- this.dataOffset = 5;
- int l2 = apdu[apdu.length - 1] & 0xff;
- this.ne = (l2 == 0) ? 256 : l2;
- return;
- } else {
- throw new IllegalArgumentException
- ("Invalid APDU: length=" + apdu.length + ", b1=" + l1);
- }
- }
- if (apdu.length < 7) {
- throw new IllegalArgumentException
- ("Invalid APDU: length=" + apdu.length + ", b1=" + l1);
- }
- int l2 = ((apdu[5] & 0xff) << 8) | (apdu[6] & 0xff);
- if (apdu.length == 7) {
- // case 2e
- this.ne = (l2 == 0) ? 65536 : l2;
- return;
- }
- if (l2 == 0) {
- throw new IllegalArgumentException("Invalid APDU: length="
- + apdu.length + ", b1=" + l1 + ", b2||b3=" + l2);
- }
- if (apdu.length == 4 + 3 + l2) {
- // case 3e
- this.nc = l2;
- this.dataOffset = 7;
- return;
- } else if (apdu.length == 4 + 5 + l2) {
- // case 4e
- this.nc = l2;
- this.dataOffset = 7;
- int leOfs = apdu.length - 2;
- int l3 = ((apdu[leOfs] & 0xff) << 8) | (apdu[leOfs + 1] & 0xff);
- this.ne = (l3 == 0) ? 65536 : l3;
- } else {
- throw new IllegalArgumentException("Invalid APDU: length="
- + apdu.length + ", b1=" + l1 + ", b2||b3=" + l2);
- }
- }
-
- /**
- * Constructs a CommandAPDU from the four header bytes, command data,
- * and expected response data length. This is case 4 in ISO 7816,
- * command data and Le present. The value Nc is taken as
- * dataLength.
- * If Ne or Nc
- * are zero, the APDU is encoded as case 1, 2, or 3 per ISO 7816.
- *
- *
Note that the data bytes are copied to protect against
- * subsequent modification.
- *
- * @param cla the class byte CLA
- * @param ins the instruction byte INS
- * @param p1 the parameter byte P1
- * @param p2 the parameter byte P2
- * @param data the byte array containing the data bytes of the command body
- * @param dataOffset the offset in the byte array at which the data
- * bytes of the command body begin
- * @param dataLength the number of the data bytes in the command body
- * @param ne the maximum number of expected data bytes in a response APDU
- *
- * @throws NullPointerException if data is null and dataLength is not 0
- * @throws IllegalArgumentException if dataOffset or dataLength are
- * negative or if dataOffset + dataLength are greater than data.length,
- * or if ne is negative or greater than 65536,
- * or if dataLength is greater than 65535
- */
- public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data,
- int dataOffset, int dataLength, int ne) {
- checkArrayBounds(data, dataOffset, dataLength);
- if (dataLength > 65535) {
- throw new IllegalArgumentException("dataLength is too large");
- }
- if (ne < 0) {
- throw new IllegalArgumentException("ne must not be negative");
- }
- if (ne > 65536) {
- throw new IllegalArgumentException("ne is too large");
- }
- this.ne = ne;
- this.nc = dataLength;
- if (dataLength == 0) {
- if (ne == 0) {
- // case 1
- this.apdu = new byte[4];
- setHeader(cla, ins, p1, p2);
- } else {
- // case 2s or 2e
- if (ne <= 256) {
- // case 2s
- // 256 is encoded as 0x00
- byte len = (ne != 256) ? (byte)ne : 0;
- this.apdu = new byte[5];
- setHeader(cla, ins, p1, p2);
- this.apdu[4] = len;
- } else {
- // case 2e
- byte l1, l2;
- // 65536 is encoded as 0x00 0x00
- if (ne == 65536) {
- l1 = 0;
- l2 = 0;
- } else {
- l1 = (byte)(ne >> 8);
- l2 = (byte)ne;
- }
- this.apdu = new byte[7];
- setHeader(cla, ins, p1, p2);
- this.apdu[5] = l1;
- this.apdu[6] = l2;
- }
- }
- } else {
- if (ne == 0) {
- // case 3s or 3e
- if (dataLength <= 255) {
- // case 3s
- apdu = new byte[4 + 1 + dataLength];
- setHeader(cla, ins, p1, p2);
- apdu[4] = (byte)dataLength;
- this.dataOffset = 5;
- System.arraycopy(data, dataOffset, apdu, 5, dataLength);
- } else {
- // case 3e
- apdu = new byte[4 + 3 + dataLength];
- setHeader(cla, ins, p1, p2);
- apdu[4] = 0;
- apdu[5] = (byte)(dataLength >> 8);
- apdu[6] = (byte)dataLength;
- this.dataOffset = 7;
- System.arraycopy(data, dataOffset, apdu, 7, dataLength);
- }
- } else {
- // case 4s or 4e
- if ((dataLength <= 255) && (ne <= 256)) {
- // case 4s
- apdu = new byte[4 + 2 + dataLength];
- setHeader(cla, ins, p1, p2);
- apdu[4] = (byte)dataLength;
- this.dataOffset = 5;
- System.arraycopy(data, dataOffset, apdu, 5, dataLength);
- apdu[apdu.length - 1] = (ne != 256) ? (byte)ne : 0;
- } else {
- // case 4e
- apdu = new byte[4 + 5 + dataLength];
- setHeader(cla, ins, p1, p2);
- apdu[4] = 0;
- apdu[5] = (byte)(dataLength >> 8);
- apdu[6] = (byte)dataLength;
- this.dataOffset = 7;
- System.arraycopy(data, dataOffset, apdu, 7, dataLength);
- if (ne != 65536) {
- int leOfs = apdu.length - 2;
- apdu[leOfs] = (byte)(ne >> 8);
- apdu[leOfs + 1] = (byte)ne;
- } // else le == 65536: no need to fill in, encoded as 0
- }
- }
- }
- }
-
- private void setHeader(int cla, int ins, int p1, int p2) {
- apdu[0] = (byte)cla;
- apdu[1] = (byte)ins;
- apdu[2] = (byte)p1;
- apdu[3] = (byte)p2;
- }
-
- /**
- * Returns the value of the class byte CLA.
- *
- * @return the value of the class byte CLA.
- */
- public int getCLA() {
- return apdu[0] & 0xff;
- }
-
- /**
- * Returns the value of the instruction byte INS.
- *
- * @return the value of the instruction byte INS.
- */
- public int getINS() {
- return apdu[1] & 0xff;
- }
-
- /**
- * Returns the value of the parameter byte P1.
- *
- * @return the value of the parameter byte P1.
- */
- public int getP1() {
- return apdu[2] & 0xff;
- }
-
- /**
- * Returns the value of the parameter byte P2.
- *
- * @return the value of the parameter byte P2.
- */
- public int getP2() {
- return apdu[3] & 0xff;
- }
-
- /**
- * Returns the number of data bytes in the command body (Nc) or 0 if this
- * APDU has no body. This call is equivalent to
- *
+ * case 1: |CLA|INS|P1 |P2 | len = 4
+ * case 2s: |CLA|INS|P1 |P2 |LE | len = 5
+ * case 3s: |CLA|INS|P1 |P2 |LC |...BODY...| len = 6..260
+ * case 4s: |CLA|INS|P1 |P2 |LC |...BODY...|LE | len = 7..261
+ * case 2e: |CLA|INS|P1 |P2 |00 |LE1|LE2| len = 7
+ * case 3e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...| len = 8..65542
+ * case 4e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...|LE1|LE2| len =10..65544
+ *
+ * LE, LE1, LE2 may be 0x00.
+ * LC must not be 0x00 and LC1|LC2 must not be 0x00|0x00
+ */
+ public static CommandApdu fromBytes(byte[] apdu) {
+ if (apdu.length < 4) {
+ throw new IllegalArgumentException("apdu must be at least 4 bytes long");
+ }
+
+ int cla = apdu[0] & 0xff;
+ int ins = apdu[1] & 0xff;
+ int p1 = apdu[2] & 0xff;
+ int p2 = apdu[3] & 0xff;
+ final Integer dataOffset;
+ final Integer dataLength;
+ final int ne;
+
+ if (apdu.length == 4) {
+ // case 1
+ dataOffset = null;
+ dataLength = null;
+ ne = 0;
+ } else if (apdu.length == 5) {
+ // case 2s
+ dataOffset = null;
+ dataLength = null;
+ ne = (apdu[4] == 0) ? 256 : (apdu[4] & 0xff);
+ } else if (apdu[4] != 0) {
+ dataOffset = 5;
+ dataLength = apdu[4] & 0xff;
+
+ if (apdu.length == 4 + 1 + dataLength) {
+ // case 3s
+ ne = 0;
+ } else {
+ // case 4s
+ int l2 = apdu[apdu.length - 1] & 0xff;
+ ne = (l2 == 0) ? 256 : l2;
+ }
+ } else {
+ int l2 = ((apdu[5] & 0xff) << 8) | (apdu[6] & 0xff);
+ if (apdu.length == 7) {
+ // case 2e
+ dataOffset = null;
+ dataLength = null;
+ ne = (l2 == 0) ? 65536 : l2;
+ } else {
+ dataOffset = 7;
+ dataLength = l2;
+
+ if (apdu.length == 4 + 3 + l2) {
+ // case 3e
+ ne = 0;
+ } else {
+ // case 4e
+ int leOfs = apdu.length - 2;
+ int le = ((apdu[leOfs] & 0xff) << 8) | (apdu[leOfs + 1] & 0xff);
+ ne = (le == 0) ? 65536 : le;
+ }
+ }
+ }
+
+ byte[] data;
+ if (dataOffset != null) {
+ data = Arrays.copyOfRange(apdu, dataOffset, dataOffset + dataLength);
+ } else {
+ data = new byte[0];
+ }
+
+ return new AutoValue_CommandApdu(cla, ins, p1, p2, data, ne);
+ }
+
+ public byte[] toBytes() {
+ final byte[] apdu;
+
+ byte[] data = getData();
+ int ne = getNe();
+ if (data.length == 0) {
+ if (ne == 0) {
+ // case 1
+ apdu = new byte[4];
+ } else {
+ // case 2s or 2e
+ if (ne <= 256) {
+ // case 2s
+ apdu = new byte[5];
+ apdu[4] = (ne != 256) ? (byte) ne : 0;
+ } else {
+ // case 2e
+ apdu = new byte[7];
+ if (ne != 65536) {
+ apdu[5] = (byte) (ne >> 8);
+ apdu[6] = (byte) ne;
+ } else {
+ apdu[5] = 0;
+ apdu[6] = 0;
+ }
+ }
+ }
+ } else {
+ if (ne == 0) {
+ // case 3s or 3e
+ if (data.length <= 255) {
+ // case 3s
+ apdu = new byte[4 + 1 + data.length];
+ apdu[4] = (byte) data.length;
+ System.arraycopy(data, 0, apdu, 5, data.length);
+ } else {
+ // case 3e
+ apdu = new byte[4 + 3 + data.length];
+ apdu[4] = 0;
+ apdu[5] = (byte) (data.length >> 8);
+ apdu[6] = (byte) data.length;
+ System.arraycopy(data, 0, apdu, 7, data.length);
+ }
+ } else {
+ if (data.length <= 255 && ne <= 256) {
+ // case 4s
+ apdu = new byte[4 + 2 + data.length];
+ apdu[4] = (byte) data.length;
+ System.arraycopy(data, 0, apdu, 5, data.length);
+ apdu[apdu.length - 1] = (ne != 256) ? (byte) ne : 0;
+ } else {
+ // case 4e
+ apdu = new byte[4 + 5 + data.length];
+ apdu[4] = 0;
+ apdu[5] = (byte) (data.length >> 8);
+ apdu[6] = (byte) data.length;
+ System.arraycopy(data, 0, apdu, 7, data.length);
+ if (ne != 65536) {
+ apdu[apdu.length - 2] = (byte) (ne >> 8);
+ apdu[apdu.length - 1] = (byte) ne;
+ } else {
+ apdu[apdu.length - 2] = 0;
+ apdu[apdu.length - 1] = 0;
+ }
+ }
+ }
+ }
+
+ apdu[0] = (byte) getCLA();
+ apdu[1] = (byte) getINS();
+ apdu[2] = (byte) getP1();
+ apdu[3] = (byte) getP2();
+
+ return apdu;
+ }
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java
index ac1c653ed..f004379bd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java
@@ -19,7 +19,6 @@ package org.sufficientlysecure.keychain.securitytoken;
import android.nfc.Tag;
-import javax.smartcardio.CommandAPDU;
import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity;
import java.io.IOException;
@@ -44,8 +43,8 @@ public class NfcTransport implements Transport {
* @throws IOException
*/
@Override
- public ResponseApdu transceive(final CommandAPDU data) throws IOException {
- return ResponseApdu.fromBytes(mIsoCard.transceive(data.getBytes()));
+ public ResponseApdu transceive(final CommandApdu data) throws IOException {
+ return ResponseApdu.fromBytes(mIsoCard.transceive(data.toBytes()));
}
/**
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
index dfee53265..6d6b7e812 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
@@ -6,7 +6,6 @@ import java.util.List;
import android.support.annotation.NonNull;
-import javax.smartcardio.CommandAPDU;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;
@@ -75,126 +74,126 @@ class OpenPgpCommandApduFactory {
private static final int P2_EMPTY = 0x00;
@NonNull
- CommandAPDU createPutDataCommand(int dataObject, byte[] data) {
- return new CommandAPDU(CLA, INS_PUT_DATA, (dataObject & 0xFF00) >> 8, dataObject & 0xFF, data);
+ CommandApdu createPutDataCommand(int dataObject, byte[] data) {
+ return CommandApdu.create(CLA, INS_PUT_DATA, (dataObject & 0xFF00) >> 8, dataObject & 0xFF, data);
}
@NonNull
- CommandAPDU createPutKeyCommand(byte[] keyBytes) {
+ CommandApdu createPutKeyCommand(byte[] keyBytes) {
// the odd PUT DATA INS is for compliance with ISO 7816-8. This is used only to put key data on the card
- return new CommandAPDU(CLA, INS_PUT_DATA_ODD, P1_PUT_DATA_ODD_KEY, P2_PUT_DATA_ODD_KEY, keyBytes);
+ return CommandApdu.create(CLA, INS_PUT_DATA_ODD, P1_PUT_DATA_ODD_KEY, P2_PUT_DATA_ODD_KEY, keyBytes);
}
@NonNull
- CommandAPDU createComputeDigitalSignatureCommand(byte[] data) {
- return new CommandAPDU(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_COMPUTE_DIGITAL_SIGNATURE,
+ CommandApdu createComputeDigitalSignatureCommand(byte[] data) {
+ return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_COMPUTE_DIGITAL_SIGNATURE,
P2_PSO_COMPUTE_DIGITAL_SIGNATURE, data, MAX_APDU_NE_EXT);
}
@NonNull
- CommandAPDU createDecipherCommand(byte[] data) {
- return new CommandAPDU(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data,
+ CommandApdu createDecipherCommand(byte[] data) {
+ return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data,
MAX_APDU_NE_EXT);
}
@NonNull
- CommandAPDU createChangePw3Command(byte[] adminPin, byte[] newAdminPin) {
- return new CommandAPDU(CLA, INS_CHANGE_REFERENCE_DATA, P1_EMPTY,
+ CommandApdu createChangePw3Command(byte[] adminPin, byte[] newAdminPin) {
+ return CommandApdu.create(CLA, INS_CHANGE_REFERENCE_DATA, P1_EMPTY,
P2_CHANGE_REFERENCE_DATA_PW3, Arrays.concatenate(adminPin, newAdminPin));
}
@NonNull
- CommandAPDU createResetPw1Command(byte[] newPin) {
- return new CommandAPDU(CLA, INS_RESET_RETRY_COUNTER, P1_RESET_RETRY_COUNTER_NEW_PW,
+ CommandApdu createResetPw1Command(byte[] newPin) {
+ return CommandApdu.create(CLA, INS_RESET_RETRY_COUNTER, P1_RESET_RETRY_COUNTER_NEW_PW,
P2_RESET_RETRY_COUNTER, newPin);
}
@NonNull
- CommandAPDU createGetDataCommand(int p1, int p2) {
- return new CommandAPDU(CLA, INS_GET_DATA, p1, p2, MAX_APDU_NE_EXT);
+ CommandApdu createGetDataCommand(int p1, int p2) {
+ return CommandApdu.create(CLA, INS_GET_DATA, p1, p2, MAX_APDU_NE_EXT);
}
@NonNull
- CommandAPDU createGetResponseCommand(int lastResponseSw2) {
- return new CommandAPDU(CLA, INS_GET_RESPONSE, P1_EMPTY, P2_EMPTY, lastResponseSw2);
+ CommandApdu createGetResponseCommand(int lastResponseSw2) {
+ return CommandApdu.create(CLA, INS_GET_RESPONSE, P1_EMPTY, P2_EMPTY, lastResponseSw2);
}
@NonNull
- CommandAPDU createVerifyPw1ForSignatureCommand(byte[] pin) {
- return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_SIGN, pin);
+ CommandApdu createVerifyPw1ForSignatureCommand(byte[] pin) {
+ return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_SIGN, pin);
}
@NonNull
- CommandAPDU createVerifyPw1ForOtherCommand(byte[] pin) {
- return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_OTHER, pin);
+ CommandApdu createVerifyPw1ForOtherCommand(byte[] pin) {
+ return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_OTHER, pin);
}
@NonNull
- CommandAPDU createVerifyPw3Command(byte[] pin) {
- return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW3, pin);
+ CommandApdu createVerifyPw3Command(byte[] pin) {
+ return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW3, pin);
}
@NonNull
- CommandAPDU createSelectFileOpenPgpCommand() {
- return new CommandAPDU(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, AID_SELECT_FILE_OPENPGP);
+ CommandApdu createSelectFileOpenPgpCommand() {
+ return CommandApdu.create(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, AID_SELECT_FILE_OPENPGP);
}
@NonNull
- CommandAPDU createSelectFileCommand(String fileAid) {
- return new CommandAPDU(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, Hex.decode(fileAid));
+ CommandApdu createSelectFileCommand(String fileAid) {
+ return CommandApdu.create(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, Hex.decode(fileAid));
}
@NonNull
- CommandAPDU createReactivate2Command() {
- return new CommandAPDU(CLA, INS_ACTIVATE_FILE, P1_EMPTY, P2_EMPTY);
+ CommandApdu createReactivate2Command() {
+ return CommandApdu.create(CLA, INS_ACTIVATE_FILE, P1_EMPTY, P2_EMPTY);
}
@NonNull
- CommandAPDU createReactivate1Command() {
- return new CommandAPDU(CLA, INS_TERMINATE_DF, P1_EMPTY, P2_EMPTY);
+ CommandApdu createReactivate1Command() {
+ return CommandApdu.create(CLA, INS_TERMINATE_DF, P1_EMPTY, P2_EMPTY);
}
@NonNull
- CommandAPDU createInternalAuthForSecureMessagingCommand(byte[] authData) {
- return new CommandAPDU(CLA, INS_INTERNAL_AUTHENTICATE, P1_INTERNAL_AUTH_SECURE_MESSAGING, P2_EMPTY, authData,
+ CommandApdu createInternalAuthForSecureMessagingCommand(byte[] authData) {
+ return CommandApdu.create(CLA, INS_INTERNAL_AUTHENTICATE, P1_INTERNAL_AUTH_SECURE_MESSAGING, P2_EMPTY, authData,
MAX_APDU_NE_EXT);
}
@NonNull
- CommandAPDU createGenerateKeyCommand(int slot) {
- return new CommandAPDU(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR,
+ CommandApdu createGenerateKeyCommand(int slot) {
+ return CommandApdu.create(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR,
P1_GAKP_GENERATE, P2_EMPTY, new byte[] { (byte) slot, 0x00 }, MAX_APDU_NE_EXT);
}
@NonNull
- CommandAPDU createRetrieveSecureMessagingPublicKeyCommand() {
+ CommandApdu createRetrieveSecureMessagingPublicKeyCommand() {
// see https://github.com/ANSSI-FR/SmartPGP/blob/master/secure_messaging/smartpgp_sm.pdf
- return new CommandAPDU(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR, P1_GAKP_READ_PUBKEY_TEMPLATE, P2_EMPTY,
+ return CommandApdu.create(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR, P1_GAKP_READ_PUBKEY_TEMPLATE, P2_EMPTY,
CRT_GAKP_SECURE_MESSAGING, MAX_APDU_NE_EXT);
}
@NonNull
- CommandAPDU createSelectSecureMessagingCertificateCommand() {
+ CommandApdu createSelectSecureMessagingCertificateCommand() {
// see https://github.com/ANSSI-FR/SmartPGP/blob/master/secure_messaging/smartpgp_sm.pdf
// this command selects the fourth occurence of data tag 7F21
- return new CommandAPDU(CLA, INS_SELECT_DATA, P1_SELECT_DATA_FOURTH, P2_SELECT_DATA,
+ return CommandApdu.create(CLA, INS_SELECT_DATA, P1_SELECT_DATA_FOURTH, P2_SELECT_DATA,
CP_SELECT_DATA_CARD_HOLDER_CERT);
}
@NonNull
- CommandAPDU createGetDataCardHolderCertCommand() {
+ CommandApdu createGetDataCardHolderCertCommand() {
return createGetDataCommand(P1_GET_DATA_CARD_HOLDER_CERT, P2_GET_DATA_CARD_HOLDER_CERT);
}
@NonNull
- CommandAPDU createShortApdu(CommandAPDU apdu) {
+ CommandApdu createShortApdu(CommandApdu apdu) {
int ne = Math.min(apdu.getNe(), MAX_APDU_NE);
- return new CommandAPDU(apdu.getCLA(), apdu.getINS(), apdu.getP1(), apdu.getP2(), apdu.getData(), ne);
+ return CommandApdu.create(apdu.getCLA(), apdu.getINS(), apdu.getP1(), apdu.getP2(), apdu.getData(), ne);
}
@NonNull
- ListgetData().length.
- *
- * @return the number of data bytes in the command body or 0 if this APDU
- * has no body.
- */
- public int getNc() {
- return nc;
- }
-
- /**
- * Returns a copy of the data bytes in the command body. If this APDU as
- * no body, this method returns a byte array with length zero.
- *
- * @return a copy of the data bytes in the command body or the empty
- * byte array if this APDU has no body.
- */
- public byte[] getData() {
- byte[] data = new byte[nc];
- System.arraycopy(apdu, dataOffset, data, 0, nc);
- return data;
- }
-
- /**
- * Returns the maximum number of expected data bytes in a response
- * APDU (Ne).
- *
- * @return the maximum number of expected data bytes in a response APDU.
- */
- public int getNe() {
- return ne;
- }
-
- /**
- * Returns a copy of the bytes in this APDU.
- *
- * @return a copy of the bytes in this APDU.
- */
- public byte[] getBytes() {
- return apdu.clone();
- }
-
- /**
- * Returns a string representation of this command APDU.
- *
- * @return a String representation of this command APDU.
- */
- public String toString() {
- return "CommmandAPDU: " + apdu.length + " bytes, nc=" + nc + ", ne=" + ne;
- }
-
- /**
- * Compares the specified object with this command APDU for equality.
- * Returns true if the given object is also a CommandAPDU and its bytes are
- * identical to the bytes in this CommandAPDU.
- *
- * @param obj the object to be compared for equality with this command APDU
- * @return true if the specified object is equal to this command APDU
- */
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj instanceof CommandAPDU == false) {
- return false;
- }
- CommandAPDU other = (CommandAPDU)obj;
- return Arrays.equals(this.apdu, other.apdu);
- }
-
- /**
- * Returns the hash code value for this command APDU.
- *
- * @return the hash code value for this command APDU.
- */
- public int hashCode() {
- return Arrays.hashCode(apdu);
- }
-
- private void readObject(java.io.ObjectInputStream in)
- throws java.io.IOException, ClassNotFoundException {
- apdu = (byte[])in.readUnshared();
- // initialize transient fields
- parse();
- }
-
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CommandApdu.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CommandApdu.java
new file mode 100644
index 000000000..9a6d91613
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CommandApdu.java
@@ -0,0 +1,245 @@
+/*
+ * Copyright (C) 2016 Vincent Breitmoser