cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rewrite CommandApdu

Browse Source
This commit is contained in:
Vincent Breitmoser
2017-10-13 18:22:04 +02:00
parent c89aab8802
commit 911d2a1c96
9 changed files with 318 additions and 689 deletions
Download Patch File Download Diff File Expand all files Collapse all files

245
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CommandApdu.java Normal file
View File

@@ -0,0 +1,245 @@
/*
* Copyright (C) 2016 Vincent Breitmoser <look@my.amazin.horse>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.securitytoken;
import java.util.Arrays;
import com.google.auto.value.AutoValue;
/**
* A command APDU following the structure defined in ISO/IEC 7816-4.
* It consists of a four byte header and a conditional body of variable length.
*/
@AutoValue
public abstract class CommandApdu {
public abstract int getCLA();
public abstract int getINS();
public abstract int getP1();
public abstract int getP2();
public abstract byte[] getData();
public abstract int getNe();
public static CommandApdu create(byte[] apdu, int apduOffset, int apduLength) {
return fromBytes(Arrays.copyOfRange(apdu, apduOffset, apduOffset + apduLength));
}
public static CommandApdu create(int cla, int ins, int p1, int p2) {
return create(cla, ins, p1, p2, null, 0);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, int ne) {
return create(cla, ins, p1, p2, null, ne);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, byte[] data) {
return create(cla, ins, p1, p2, data, 0);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, byte[] data, int dataOffset, int dataLength) {
if (data != null) {
data = Arrays.copyOfRange(data, dataOffset, dataOffset + dataLength);
}
return create(cla, ins, p1, p2, data, 0);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, byte[] data, int dataOffset, int dataLength,
int ne) {
if (data != null) {
data = Arrays.copyOfRange(data, dataOffset, dataOffset + dataLength);
}
return create(cla, ins, p1, p2, data, ne);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, byte[] data, int ne) {
if (ne < 0) {
throw new IllegalArgumentException("ne must not be negative");
}
if (ne > 65536) {
throw new IllegalArgumentException("ne is too large");
}
if (data == null) {
data = new byte[0];
}
return new AutoValue_CommandApdu(cla, ins, p1, p2, data, ne);
}
public static CommandApdu fromBytes(byte[] apdu, int offset, int length) {
return fromBytes(Arrays.copyOfRange(apdu, offset, offset + length));
}
/**
* Command APDU encoding options:
* <p>
* case 1: |CLA|INS|P1 |P2 | len = 4
* case 2s: |CLA|INS|P1 |P2 |LE | len = 5
* case 3s: |CLA|INS|P1 |P2 |LC |...BODY...| len = 6..260
* case 4s: |CLA|INS|P1 |P2 |LC |...BODY...|LE | len = 7..261
* case 2e: |CLA|INS|P1 |P2 |00 |LE1|LE2| len = 7
* case 3e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...| len = 8..65542
* case 4e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...|LE1|LE2| len =10..65544
* <p>
* LE, LE1, LE2 may be 0x00.
* LC must not be 0x00 and LC1|LC2 must not be 0x00|0x00
*/
public static CommandApdu fromBytes(byte[] apdu) {
if (apdu.length < 4) {
throw new IllegalArgumentException("apdu must be at least 4 bytes long");
}
int cla = apdu[0] & 0xff;
int ins = apdu[1] & 0xff;
int p1 = apdu[2] & 0xff;
int p2 = apdu[3] & 0xff;
final Integer dataOffset;
final Integer dataLength;
final int ne;
if (apdu.length == 4) {
// case 1
dataOffset = null;
dataLength = null;
ne = 0;
} else if (apdu.length == 5) {
// case 2s
dataOffset = null;
dataLength = null;
ne = (apdu[4] == 0) ? 256 : (apdu[4] & 0xff);
} else if (apdu[4] != 0) {
dataOffset = 5;
dataLength = apdu[4] & 0xff;
if (apdu.length == 4 + 1 + dataLength) {
// case 3s
ne = 0;
} else {
// case 4s
int l2 = apdu[apdu.length - 1] & 0xff;
ne = (l2 == 0) ? 256 : l2;
}
} else {
int l2 = ((apdu[5] & 0xff) << 8) | (apdu[6] & 0xff);
if (apdu.length == 7) {
// case 2e
dataOffset = null;
dataLength = null;
ne = (l2 == 0) ? 65536 : l2;
} else {
dataOffset = 7;
dataLength = l2;
if (apdu.length == 4 + 3 + l2) {
// case 3e
ne = 0;
} else {
// case 4e
int leOfs = apdu.length - 2;
int le = ((apdu[leOfs] & 0xff) << 8) | (apdu[leOfs + 1] & 0xff);
ne = (le == 0) ? 65536 : le;
}
}
}
byte[] data;
if (dataOffset != null) {
data = Arrays.copyOfRange(apdu, dataOffset, dataOffset + dataLength);
} else {
data = new byte[0];
}
return new AutoValue_CommandApdu(cla, ins, p1, p2, data, ne);
}
public byte[] toBytes() {
final byte[] apdu;
byte[] data = getData();
int ne = getNe();
if (data.length == 0) {
if (ne == 0) {
// case 1
apdu = new byte[4];
} else {
// case 2s or 2e
if (ne <= 256) {
// case 2s
apdu = new byte[5];
apdu[4] = (ne != 256) ? (byte) ne : 0;
} else {
// case 2e
apdu = new byte[7];
if (ne != 65536) {
apdu[5] = (byte) (ne >> 8);
apdu[6] = (byte) ne;
} else {
apdu[5] = 0;
apdu[6] = 0;
}
}
}
} else {
if (ne == 0) {
// case 3s or 3e
if (data.length <= 255) {
// case 3s
apdu = new byte[4 + 1 + data.length];
apdu[4] = (byte) data.length;
System.arraycopy(data, 0, apdu, 5, data.length);
} else {
// case 3e
apdu = new byte[4 + 3 + data.length];
apdu[4] = 0;
apdu[5] = (byte) (data.length >> 8);
apdu[6] = (byte) data.length;
System.arraycopy(data, 0, apdu, 7, data.length);
}
} else {
if (data.length <= 255 && ne <= 256) {
// case 4s
apdu = new byte[4 + 2 + data.length];
apdu[4] = (byte) data.length;
System.arraycopy(data, 0, apdu, 5, data.length);
apdu[apdu.length - 1] = (ne != 256) ? (byte) ne : 0;
} else {
// case 4e
apdu = new byte[4 + 5 + data.length];
apdu[4] = 0;
apdu[5] = (byte) (data.length >> 8);
apdu[6] = (byte) data.length;
System.arraycopy(data, 0, apdu, 7, data.length);
if (ne != 65536) {
apdu[apdu.length - 2] = (byte) (ne >> 8);
apdu[apdu.length - 1] = (byte) ne;
} else {
apdu[apdu.length - 2] = 0;
apdu[apdu.length - 1] = 0;
}
}
}
}
apdu[0] = (byte) getCLA();
apdu[1] = (byte) getINS();
apdu[2] = (byte) getP1();
apdu[3] = (byte) getP2();
return apdu;
}
}

5
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java
View File

@@ -19,7 +19,6 @@ package org.sufficientlysecure.keychain.securitytoken;
import android.nfc.Tag;
import javax.smartcardio.CommandAPDU;
import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity;
import java.io.IOException;
@@ -44,8 +43,8 @@ public class NfcTransport implements Transport {
* @throws IOException
*/
@Override
public ResponseApdu transceive(final CommandAPDU data) throws IOException {
return ResponseApdu.fromBytes(mIsoCard.transceive(data.getBytes()));
public ResponseApdu transceive(final CommandApdu data) throws IOException {
return ResponseApdu.fromBytes(mIsoCard.transceive(data.toBytes()));
}
/**

93
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
View File

@@ -6,7 +6,6 @@ import java.util.List;
import android.support.annotation.NonNull;
import javax.smartcardio.CommandAPDU;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;
@@ -75,126 +74,126 @@ class OpenPgpCommandApduFactory {
private static final int P2_EMPTY = 0x00;
@NonNull
CommandAPDU createPutDataCommand(int dataObject, byte[] data) {
return new CommandAPDU(CLA, INS_PUT_DATA, (dataObject & 0xFF00) >> 8, dataObject & 0xFF, data);
CommandApdu createPutDataCommand(int dataObject, byte[] data) {
return CommandApdu.create(CLA, INS_PUT_DATA, (dataObject & 0xFF00) >> 8, dataObject & 0xFF, data);
}
@NonNull
CommandAPDU createPutKeyCommand(byte[] keyBytes) {
CommandApdu createPutKeyCommand(byte[] keyBytes) {
// the odd PUT DATA INS is for compliance with ISO 7816-8. This is used only to put key data on the card
return new CommandAPDU(CLA, INS_PUT_DATA_ODD, P1_PUT_DATA_ODD_KEY, P2_PUT_DATA_ODD_KEY, keyBytes);
return CommandApdu.create(CLA, INS_PUT_DATA_ODD, P1_PUT_DATA_ODD_KEY, P2_PUT_DATA_ODD_KEY, keyBytes);
}
@NonNull
CommandAPDU createComputeDigitalSignatureCommand(byte[] data) {
return new CommandAPDU(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_COMPUTE_DIGITAL_SIGNATURE,
CommandApdu createComputeDigitalSignatureCommand(byte[] data) {
return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_COMPUTE_DIGITAL_SIGNATURE,
P2_PSO_COMPUTE_DIGITAL_SIGNATURE, data, MAX_APDU_NE_EXT);
}
@NonNull
CommandAPDU createDecipherCommand(byte[] data) {
return new CommandAPDU(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data,
CommandApdu createDecipherCommand(byte[] data) {
return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data,
MAX_APDU_NE_EXT);
}
@NonNull
CommandAPDU createChangePw3Command(byte[] adminPin, byte[] newAdminPin) {
return new CommandAPDU(CLA, INS_CHANGE_REFERENCE_DATA, P1_EMPTY,
CommandApdu createChangePw3Command(byte[] adminPin, byte[] newAdminPin) {
return CommandApdu.create(CLA, INS_CHANGE_REFERENCE_DATA, P1_EMPTY,
P2_CHANGE_REFERENCE_DATA_PW3, Arrays.concatenate(adminPin, newAdminPin));
}
@NonNull
CommandAPDU createResetPw1Command(byte[] newPin) {
return new CommandAPDU(CLA, INS_RESET_RETRY_COUNTER, P1_RESET_RETRY_COUNTER_NEW_PW,
CommandApdu createResetPw1Command(byte[] newPin) {
return CommandApdu.create(CLA, INS_RESET_RETRY_COUNTER, P1_RESET_RETRY_COUNTER_NEW_PW,
P2_RESET_RETRY_COUNTER, newPin);
}
@NonNull
CommandAPDU createGetDataCommand(int p1, int p2) {
return new CommandAPDU(CLA, INS_GET_DATA, p1, p2, MAX_APDU_NE_EXT);
CommandApdu createGetDataCommand(int p1, int p2) {
return CommandApdu.create(CLA, INS_GET_DATA, p1, p2, MAX_APDU_NE_EXT);
}
@NonNull
CommandAPDU createGetResponseCommand(int lastResponseSw2) {
return new CommandAPDU(CLA, INS_GET_RESPONSE, P1_EMPTY, P2_EMPTY, lastResponseSw2);
CommandApdu createGetResponseCommand(int lastResponseSw2) {
return CommandApdu.create(CLA, INS_GET_RESPONSE, P1_EMPTY, P2_EMPTY, lastResponseSw2);
}
@NonNull
CommandAPDU createVerifyPw1ForSignatureCommand(byte[] pin) {
return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_SIGN, pin);
CommandApdu createVerifyPw1ForSignatureCommand(byte[] pin) {
return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_SIGN, pin);
}
@NonNull
CommandAPDU createVerifyPw1ForOtherCommand(byte[] pin) {
return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_OTHER, pin);
CommandApdu createVerifyPw1ForOtherCommand(byte[] pin) {
return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_OTHER, pin);
}
@NonNull
CommandAPDU createVerifyPw3Command(byte[] pin) {
return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW3, pin);
CommandApdu createVerifyPw3Command(byte[] pin) {
return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW3, pin);
}
@NonNull
CommandAPDU createSelectFileOpenPgpCommand() {
return new CommandAPDU(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, AID_SELECT_FILE_OPENPGP);
CommandApdu createSelectFileOpenPgpCommand() {
return CommandApdu.create(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, AID_SELECT_FILE_OPENPGP);
}
@NonNull
CommandAPDU createSelectFileCommand(String fileAid) {
return new CommandAPDU(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, Hex.decode(fileAid));
CommandApdu createSelectFileCommand(String fileAid) {
return CommandApdu.create(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, Hex.decode(fileAid));
}
@NonNull
CommandAPDU createReactivate2Command() {
return new CommandAPDU(CLA, INS_ACTIVATE_FILE, P1_EMPTY, P2_EMPTY);
CommandApdu createReactivate2Command() {
return CommandApdu.create(CLA, INS_ACTIVATE_FILE, P1_EMPTY, P2_EMPTY);
}
@NonNull
CommandAPDU createReactivate1Command() {
return new CommandAPDU(CLA, INS_TERMINATE_DF, P1_EMPTY, P2_EMPTY);
CommandApdu createReactivate1Command() {
return CommandApdu.create(CLA, INS_TERMINATE_DF, P1_EMPTY, P2_EMPTY);
}
@NonNull
CommandAPDU createInternalAuthForSecureMessagingCommand(byte[] authData) {
return new CommandAPDU(CLA, INS_INTERNAL_AUTHENTICATE, P1_INTERNAL_AUTH_SECURE_MESSAGING, P2_EMPTY, authData,
CommandApdu createInternalAuthForSecureMessagingCommand(byte[] authData) {
return CommandApdu.create(CLA, INS_INTERNAL_AUTHENTICATE, P1_INTERNAL_AUTH_SECURE_MESSAGING, P2_EMPTY, authData,
MAX_APDU_NE_EXT);
}
@NonNull
CommandAPDU createGenerateKeyCommand(int slot) {
return new CommandAPDU(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR,
CommandApdu createGenerateKeyCommand(int slot) {
return CommandApdu.create(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR,
P1_GAKP_GENERATE, P2_EMPTY, new byte[] { (byte) slot, 0x00 }, MAX_APDU_NE_EXT);
}
@NonNull
CommandAPDU createRetrieveSecureMessagingPublicKeyCommand() {
CommandApdu createRetrieveSecureMessagingPublicKeyCommand() {
// see https://github.com/ANSSI-FR/SmartPGP/blob/master/secure_messaging/smartpgp_sm.pdf
return new CommandAPDU(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR, P1_GAKP_READ_PUBKEY_TEMPLATE, P2_EMPTY,
return CommandApdu.create(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR, P1_GAKP_READ_PUBKEY_TEMPLATE, P2_EMPTY,
CRT_GAKP_SECURE_MESSAGING, MAX_APDU_NE_EXT);
}
@NonNull
CommandAPDU createSelectSecureMessagingCertificateCommand() {
CommandApdu createSelectSecureMessagingCertificateCommand() {
// see https://github.com/ANSSI-FR/SmartPGP/blob/master/secure_messaging/smartpgp_sm.pdf
// this command selects the fourth occurence of data tag 7F21
return new CommandAPDU(CLA, INS_SELECT_DATA, P1_SELECT_DATA_FOURTH, P2_SELECT_DATA,
return CommandApdu.create(CLA, INS_SELECT_DATA, P1_SELECT_DATA_FOURTH, P2_SELECT_DATA,
CP_SELECT_DATA_CARD_HOLDER_CERT);
}
@NonNull
CommandAPDU createGetDataCardHolderCertCommand() {
CommandApdu createGetDataCardHolderCertCommand() {
return createGetDataCommand(P1_GET_DATA_CARD_HOLDER_CERT, P2_GET_DATA_CARD_HOLDER_CERT);
}
@NonNull
CommandAPDU createShortApdu(CommandAPDU apdu) {
CommandApdu createShortApdu(CommandApdu apdu) {
int ne = Math.min(apdu.getNe(), MAX_APDU_NE);
return new CommandAPDU(apdu.getCLA(), apdu.getINS(), apdu.getP1(), apdu.getP2(), apdu.getData(), ne);
return CommandApdu.create(apdu.getCLA(), apdu.getINS(), apdu.getP1(), apdu.getP2(), apdu.getData(), ne);
}
@NonNull
List<CommandAPDU> createChainedApdus(CommandAPDU apdu) {
ArrayList<CommandAPDU> result = new ArrayList<>();
List<CommandApdu> createChainedApdus(CommandApdu apdu) {
ArrayList<CommandApdu> result = new ArrayList<>();
int offset = 0;
byte[] data = apdu.getData();
@@ -204,8 +203,8 @@ class OpenPgpCommandApduFactory {
boolean last = offset + curLen >= data.length;
int cla = apdu.getCLA() + (last ? 0 : MASK_CLA_CHAINING);
CommandAPDU cmd =
new CommandAPDU(cla, apdu.getINS(), apdu.getP1(), apdu.getP2(), data, offset, curLen, ne);
CommandApdu cmd =
CommandApdu.create(cla, apdu.getINS(), apdu.getP1(), apdu.getP2(), data, offset, curLen, ne);
result.add(cmd);
offset += curLen;
@@ -214,7 +213,7 @@ class OpenPgpCommandApduFactory {
return result;
}
boolean isSuitableForShortApdu(CommandAPDU apdu) {
boolean isSuitableForShortApdu(CommandApdu apdu) {
return apdu.getData().length <= MAX_APDU_NC;
}
}

7
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java
View File

@@ -66,7 +66,6 @@ import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.smartcardio.CommandAPDU;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X9ECParameters;
@@ -276,7 +275,7 @@ class SCP11bSecureMessaging implements SecureMessaging {
static void establish(final SecurityTokenConnection t, final Context ctx, OpenPgpCommandApduFactory commandFactory)
throws SecureMessagingException, IOException {
CommandAPDU cmd;
CommandApdu cmd;
ResponseApdu resp;
Iso7816TLV[] tlvs;
@@ -501,7 +500,7 @@ class SCP11bSecureMessaging implements SecureMessaging {
@Override
public CommandAPDU encryptAndSign(CommandAPDU apdu)
public CommandApdu encryptAndSign(CommandApdu apdu)
throws SecureMessagingException {
if (!isEstablished()) {
@@ -579,7 +578,7 @@ class SCP11bSecureMessaging implements SecureMessaging {
}
odata[ooff++] = (byte) 0;
apdu = new CommandAPDU(odata, 0, ooff);
apdu = CommandApdu.fromBytes(odata, 0, ooff);
Arrays.fill(odata, (byte)0);

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecureMessaging.java
View File

@@ -17,8 +17,6 @@
package org.sufficientlysecure.keychain.securitytoken;
import javax.smartcardio.CommandAPDU;
public interface SecureMessaging {
@@ -26,7 +24,7 @@ public interface SecureMessaging {
boolean isEstablished();
CommandAPDU encryptAndSign(CommandAPDU apdu) throws SecureMessagingException;
CommandApdu encryptAndSign(CommandApdu apdu) throws SecureMessagingException;
ResponseApdu verifyAndDecrypt(ResponseApdu apdu) throws SecureMessagingException;
}

35
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
View File

@@ -46,7 +46,6 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import javax.smartcardio.CommandAPDU;
import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException;
import org.sufficientlysecure.keychain.util.Log;
@@ -181,7 +180,7 @@ public class SecurityTokenConnection {
// Connect on smartcard layer
// Command APDU (page 51) for SELECT FILE command (page 29)
CommandAPDU select = commandFactory.createSelectFileOpenPgpCommand();
CommandApdu select = commandFactory.createSelectFileOpenPgpCommand();
ResponseApdu response = communicate(select); // activate connection
if (!response.isSuccess()) {
@@ -218,7 +217,7 @@ public class SecurityTokenConnection {
}
// Command APDU for RESET RETRY COUNTER command (page 33)
CommandAPDU changePin = commandFactory.createResetPw1Command(newPin);
CommandApdu changePin = commandFactory.createResetPw1Command(newPin);
ResponseApdu response = communicate(changePin);
if (!response.isSuccess()) {
@@ -243,7 +242,7 @@ public class SecurityTokenConnection {
byte[] pin = adminPin.toStringUnsafe().getBytes();
CommandAPDU changePin = commandFactory.createChangePw3Command(pin, newAdminPin);
CommandApdu changePin = commandFactory.createChangePw3Command(pin, newAdminPin);
ResponseApdu response = communicate(changePin);
if (!response.isSuccess()) {
@@ -323,7 +322,7 @@ public class SecurityTokenConnection {
throw new CardException("Unknown encryption key type!");
}
CommandAPDU command = commandFactory.createDecipherCommand(data);
CommandApdu command = commandFactory.createDecipherCommand(data);
ResponseApdu response = communicate(command);
if (!response.isSuccess()) {
@@ -450,7 +449,7 @@ public class SecurityTokenConnection {
verifyAdminPin(adminPin);
}
CommandAPDU command = commandFactory.createPutDataCommand(dataObject, data);
CommandApdu command = commandFactory.createPutDataCommand(dataObject, data);
ResponseApdu response = communicate(command); // put data
if (!response.isSuccess()) {
@@ -549,7 +548,7 @@ public class SecurityTokenConnection {
throw new IOException(e.getMessage());
}
CommandAPDU apdu = commandFactory.createPutKeyCommand(keyBytes);
CommandApdu apdu = commandFactory.createPutKeyCommand(keyBytes);
ResponseApdu response = communicate(apdu);
if (!response.isSuccess()) {
@@ -564,7 +563,7 @@ public class SecurityTokenConnection {
* @return The fingerprints of all subkeys in a contiguous byte array.
*/
public byte[] getFingerprints() throws IOException {
CommandAPDU apdu = commandFactory.createGetDataCommand(0x00, 0x6E);
CommandApdu apdu = commandFactory.createGetDataCommand(0x00, 0x6E);
ResponseApdu response = communicate(apdu);
if (!response.isSuccess()) {
@@ -694,7 +693,7 @@ public class SecurityTokenConnection {
}
// Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
CommandAPDU command = commandFactory.createComputeDigitalSignatureCommand(data);
CommandApdu command = commandFactory.createComputeDigitalSignatureCommand(data);
ResponseApdu response = communicate(command);
if (!response.isSuccess()) {
@@ -748,7 +747,7 @@ public class SecurityTokenConnection {
* @return response from the card
* @throws IOException
*/
ResponseApdu communicate(CommandAPDU apdu) throws IOException {
ResponseApdu communicate(CommandApdu apdu) throws IOException {
if ((mSecureMessaging != null) && mSecureMessaging.isEstablished()) {
try {
apdu = mSecureMessaging.encryptAndSign(apdu);
@@ -763,12 +762,12 @@ public class SecurityTokenConnection {
if (mCardCapabilities.hasExtended()) {
lastResponse = mTransport.transceive(apdu);
} else if (commandFactory.isSuitableForShortApdu(apdu)) {
CommandAPDU shortApdu = commandFactory.createShortApdu(apdu);
CommandApdu shortApdu = commandFactory.createShortApdu(apdu);
lastResponse = mTransport.transceive(shortApdu);
} else if (mCardCapabilities.hasChaining()) {
List<CommandAPDU> chainedApdus = commandFactory.createChainedApdus(apdu);
List<CommandApdu> chainedApdus = commandFactory.createChainedApdus(apdu);
for (int i = 0, totalCommands = chainedApdus.size(); i < totalCommands; i++) {
CommandAPDU chainedApdu = chainedApdus.get(i);
CommandApdu chainedApdu = chainedApdus.get(i);
lastResponse = mTransport.transceive(chainedApdu);
boolean isLastCommand = i < totalCommands - 1;
@@ -787,7 +786,7 @@ public class SecurityTokenConnection {
// Receive
while (lastResponse.getSw1() == APDU_SW1_RESPONSE_AVAILABLE) {
// GET RESPONSE ISO/IEC 7816-4 par.7.6.1
CommandAPDU getResponse = commandFactory.createGetResponseCommand(lastResponse.getSw2());
CommandApdu getResponse = commandFactory.createGetResponseCommand(lastResponse.getSw2());
lastResponse = mTransport.transceive(getResponse);
result.write(lastResponse.getData());
}
@@ -814,7 +813,7 @@ public class SecurityTokenConnection {
try {
// By trying to select any apps that have the Fidesmo AID prefix we can
// see if it is a Fidesmo device or not
CommandAPDU apdu = commandFactory.createSelectFileCommand(FIDESMO_APPS_AID_PREFIX);
CommandApdu apdu = commandFactory.createSelectFileCommand(FIDESMO_APPS_AID_PREFIX);
return communicate(apdu).isSuccess();
} catch (IOException e) {
Log.e(Constants.TAG, "Card communication failed!", e);
@@ -846,7 +845,7 @@ public class SecurityTokenConnection {
verifyAdminPin(adminPin);
}
CommandAPDU apdu = commandFactory.createGenerateKeyCommand(slot);
CommandApdu apdu = commandFactory.createGenerateKeyCommand(slot);
ResponseApdu response = communicate(apdu);
if (!response.isSuccess()) {
@@ -888,8 +887,8 @@ public class SecurityTokenConnection {
// reactivate token!
// NOTE: keep the order here! First execute _both_ reactivate commands. Before checking _both_ responses
// If a token is in a bad state and reactivate1 fails, it could still be reactivated with reactivate2
CommandAPDU reactivate1 = commandFactory.createReactivate1Command();
CommandAPDU reactivate2 = commandFactory.createReactivate2Command();
CommandApdu reactivate1 = commandFactory.createReactivate1Command();
CommandApdu reactivate2 = commandFactory.createReactivate2Command();
ResponseApdu response1 = communicate(reactivate1);
ResponseApdu response2 = communicate(reactivate2);
if (!response1.isSuccess()) {

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/Transport.java
View File

@@ -17,8 +17,6 @@
package org.sufficientlysecure.keychain.securitytoken;
import javax.smartcardio.CommandAPDU;
import java.io.IOException;
/**
@@ -31,7 +29,7 @@ public interface Transport {
* @return received data
* @throws IOException
*/
ResponseApdu transceive(CommandAPDU data) throws IOException;
ResponseApdu transceive(CommandApdu data) throws IOException;
/**
* Disconnect and release connection

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java
View File

@@ -29,7 +29,7 @@ import android.util.Pair;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.securitytoken.Transport;
import javax.smartcardio.CommandAPDU;
import org.sufficientlysecure.keychain.securitytoken.CommandApdu;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
import org.sufficientlysecure.keychain.securitytoken.usb.tpdu.T1ShortApduProtocol;
import org.sufficientlysecure.keychain.securitytoken.usb.tpdu.T1TpduProtocol;
@@ -183,8 +183,8 @@ public class UsbTransport implements Transport {
* @return received data
*/
@Override
public ResponseApdu transceive(CommandAPDU data) throws UsbTransportException {
return ResponseApdu.fromBytes(ccidTransportProtocol.transceive(data.getBytes()));
public ResponseApdu transceive(CommandApdu data) throws UsbTransportException {
return ResponseApdu.fromBytes(ccidTransportProtocol.transceive(data.toBytes()));
}
@Override