cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rewrite CommandApdu

Browse Source
This commit is contained in:
Vincent Breitmoser
2017-10-13 18:22:04 +02:00
parent c89aab8802
commit 911d2a1c96
9 changed files with 318 additions and 689 deletions
Download Patch File Download Diff File Expand all files Collapse all files

608
OpenKeychain/src/main/java/javax/smartcardio/CommandAPDU.java
View File

@@ -1,608 +0,0 @@
/*
* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.smartcardio;
import java.util.Arrays;
import java.nio.ByteBuffer;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
/**
* A command APDU following the structure defined in ISO/IEC 7816-4.
* It consists of a four byte header and a conditional body of variable length.
* This class does not attempt to verify that the APDU encodes a semantically
* valid command.
*
* <p>Note that when the expected length of the response APDU is specified
* in the {@linkplain #CommandAPDU(int,int,int,int,int) constructors},
* the actual length (Ne) must be specified, not its
* encoded form (Le). Similarly, {@linkplain #getNe} returns the actual
* value Ne. In other words, a value of 0 means "no data in the response APDU"
* rather than "maximum length."
*
* <p>This class supports both the short and extended forms of length
* encoding for Ne and Nc. However, note that not all terminals and Smart Cards
* are capable of accepting APDUs that use the extended form.
*
* <p>For the header bytes CLA, INS, P1, and P2 the Java type <code>int</code>
* is used to represent the 8 bit unsigned values. In the constructors, only
* the 8 lowest bits of the <code>int</code> value specified by the application
* are significant. The accessor methods always return the byte as an unsigned
* value between 0 and 255.
*
* <p>Instances of this class are immutable. Where data is passed in or out
* via byte arrays, defensive cloning is performed.
*
* @see ResponseApdu
*
* @since 1.6
* @author Andreas Sterbenz
* @author JSR 268 Expert Group
*/
public final class CommandAPDU implements java.io.Serializable {
private static final long serialVersionUID = 398698301286670877L;
private static final int MAX_APDU_SIZE = 65544;
/** @serial */
private byte[] apdu;
// value of nc
private transient int nc;
// value of ne
private transient int ne;
// index of start of data within the apdu array
private transient int dataOffset;
/**
* Constructs a CommandAPDU from a byte array containing the complete
* APDU contents (header and body).
*
* <p>Note that the apdu bytes are copied to protect against
* subsequent modification.
*
* @param apdu the complete command APDU
*
* @throws NullPointerException if apdu is null
* @throws IllegalArgumentException if apdu does not contain a valid
* command APDU
*/
public CommandAPDU(byte[] apdu) {
this.apdu = apdu.clone();
parse();
}
/**
* Constructs a CommandAPDU from a byte array containing the complete
* APDU contents (header and body). The APDU starts at the index
* <code>apduOffset</code> in the byte array and is <code>apduLength</code>
* bytes long.
*
* <p>Note that the apdu bytes are copied to protect against
* subsequent modification.
*
* @param apdu the complete command APDU
* @param apduOffset the offset in the byte array at which the apdu
* data begins
* @param apduLength the length of the APDU
*
* @throws NullPointerException if apdu is null
* @throws IllegalArgumentException if apduOffset or apduLength are
* negative or if apduOffset + apduLength are greater than apdu.length,
* or if the specified bytes are not a valid APDU
*/
public CommandAPDU(byte[] apdu, int apduOffset, int apduLength) {
checkArrayBounds(apdu, apduOffset, apduLength);
this.apdu = new byte[apduLength];
System.arraycopy(apdu, apduOffset, this.apdu, 0, apduLength);
parse();
}
private void checkArrayBounds(byte[] b, int ofs, int len) {
if ((ofs < 0) || (len < 0)) {
throw new IllegalArgumentException
("Offset and length must not be negative");
}
if (b == null) {
if ((ofs != 0) && (len != 0)) {
throw new IllegalArgumentException
("offset and length must be 0 if array is null");
}
} else {
if (ofs > b.length - len) {
throw new IllegalArgumentException
("Offset plus length exceed array size");
}
}
}
/**
* Creates a CommandAPDU from the ByteBuffer containing the complete APDU
* contents (header and body).
* The buffer's <code>position</code> must be set to the start of the APDU,
* its <code>limit</code> to the end of the APDU. Upon return, the buffer's
* <code>position</code> is equal to its limit; its limit remains unchanged.
*
* <p>Note that the data in the ByteBuffer is copied to protect against
* subsequent modification.
*
* @param apdu the ByteBuffer containing the complete APDU
*
* @throws NullPointerException if apdu is null
* @throws IllegalArgumentException if apdu does not contain a valid
* command APDU
*/
public CommandAPDU(ByteBuffer apdu) {
this.apdu = new byte[apdu.remaining()];
apdu.get(this.apdu);
parse();
}
/**
* Constructs a CommandAPDU from the four header bytes. This is case 1
* in ISO 7816, no command body.
*
* @param cla the class byte CLA
* @param ins the instruction byte INS
* @param p1 the parameter byte P1
* @param p2 the parameter byte P2
*/
public CommandAPDU(int cla, int ins, int p1, int p2) {
this(cla, ins, p1, p2, null, 0, 0, 0);
}
/**
* Constructs a CommandAPDU from the four header bytes and the expected
* response data length. This is case 2 in ISO 7816, empty command data
* field with Ne specified. If Ne is 0, the APDU is encoded as ISO 7816
* case 1.
*
* @param cla the class byte CLA
* @param ins the instruction byte INS
* @param p1 the parameter byte P1
* @param p2 the parameter byte P2
* @param ne the maximum number of expected data bytes in a response APDU
*
* @throws IllegalArgumentException if ne is negative or greater than
* 65536
*/
public CommandAPDU(int cla, int ins, int p1, int p2, int ne) {
this(cla, ins, p1, p2, null, 0, 0, ne);
}
/**
* Constructs a CommandAPDU from the four header bytes and command data.
* This is case 3 in ISO 7816, command data present and Ne absent. The
* value Nc is taken as data.length. If <code>data</code> is null or
* its length is 0, the APDU is encoded as ISO 7816 case 1.
*
* <p>Note that the data bytes are copied to protect against
* subsequent modification.
*
* @param cla the class byte CLA
* @param ins the instruction byte INS
* @param p1 the parameter byte P1
* @param p2 the parameter byte P2
* @param data the byte array containing the data bytes of the command body
*
* @throws IllegalArgumentException if data.length is greater than 65535
*/
public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data) {
this(cla, ins, p1, p2, data, 0, arrayLength(data), 0);
}
/**
* Constructs a CommandAPDU from the four header bytes and command data.
* This is case 3 in ISO 7816, command data present and Ne absent. The
* value Nc is taken as dataLength. If <code>dataLength</code>
* is 0, the APDU is encoded as ISO 7816 case 1.
*
* <p>Note that the data bytes are copied to protect against
* subsequent modification.
*
* @param cla the class byte CLA
* @param ins the instruction byte INS
* @param p1 the parameter byte P1
* @param p2 the parameter byte P2
* @param data the byte array containing the data bytes of the command body
* @param dataOffset the offset in the byte array at which the data
* bytes of the command body begin
* @param dataLength the number of the data bytes in the command body
*
* @throws NullPointerException if data is null and dataLength is not 0
* @throws IllegalArgumentException if dataOffset or dataLength are
* negative or if dataOffset + dataLength are greater than data.length
* or if dataLength is greater than 65535
*/
public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data,
int dataOffset, int dataLength) {
this(cla, ins, p1, p2, data, dataOffset, dataLength, 0);
}
/**
* Constructs a CommandAPDU from the four header bytes, command data,
* and expected response data length. This is case 4 in ISO 7816,
* command data and Ne present. The value Nc is taken as data.length
* if <code>data</code> is non-null and as 0 otherwise. If Ne or Nc
* are zero, the APDU is encoded as case 1, 2, or 3 per ISO 7816.
*
* <p>Note that the data bytes are copied to protect against
* subsequent modification.
*
* @param cla the class byte CLA
* @param ins the instruction byte INS
* @param p1 the parameter byte P1
* @param p2 the parameter byte P2
* @param data the byte array containing the data bytes of the command body
* @param ne the maximum number of expected data bytes in a response APDU
*
* @throws IllegalArgumentException if data.length is greater than 65535
* or if ne is negative or greater than 65536
*/
public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data, int ne) {
this(cla, ins, p1, p2, data, 0, arrayLength(data), ne);
}
private static int arrayLength(byte[] b) {
return (b != null) ? b.length : 0;
}
/**
* Command APDU encoding options:
*
* case 1: |CLA|INS|P1 |P2 | len = 4
* case 2s: |CLA|INS|P1 |P2 |LE | len = 5
* case 3s: |CLA|INS|P1 |P2 |LC |...BODY...| len = 6..260
* case 4s: |CLA|INS|P1 |P2 |LC |...BODY...|LE | len = 7..261
* case 2e: |CLA|INS|P1 |P2 |00 |LE1|LE2| len = 7
* case 3e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...| len = 8..65542
* case 4e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...|LE1|LE2| len =10..65544
*
* LE, LE1, LE2 may be 0x00.
* LC must not be 0x00 and LC1|LC2 must not be 0x00|0x00
*/
private void parse() {
if (apdu.length < 4) {
throw new IllegalArgumentException("apdu must be at least 4 bytes long");
}
if (apdu.length == 4) {
// case 1
return;
}
int l1 = apdu[4] & 0xff;
if (apdu.length == 5) {
// case 2s
this.ne = (l1 == 0) ? 256 : l1;
return;
}
if (l1 != 0) {
if (apdu.length == 4 + 1 + l1) {
// case 3s
this.nc = l1;
this.dataOffset = 5;
return;
} else if (apdu.length == 4 + 2 + l1) {
// case 4s
this.nc = l1;
this.dataOffset = 5;
int l2 = apdu[apdu.length - 1] & 0xff;
this.ne = (l2 == 0) ? 256 : l2;
return;
} else {
throw new IllegalArgumentException
("Invalid APDU: length=" + apdu.length + ", b1=" + l1);
}
}
if (apdu.length < 7) {
throw new IllegalArgumentException
("Invalid APDU: length=" + apdu.length + ", b1=" + l1);
}
int l2 = ((apdu[5] & 0xff) << 8) | (apdu[6] & 0xff);
if (apdu.length == 7) {
// case 2e
this.ne = (l2 == 0) ? 65536 : l2;
return;
}
if (l2 == 0) {
throw new IllegalArgumentException("Invalid APDU: length="
+ apdu.length + ", b1=" + l1 + ", b2||b3=" + l2);
}
if (apdu.length == 4 + 3 + l2) {
// case 3e
this.nc = l2;
this.dataOffset = 7;
return;
} else if (apdu.length == 4 + 5 + l2) {
// case 4e
this.nc = l2;
this.dataOffset = 7;
int leOfs = apdu.length - 2;
int l3 = ((apdu[leOfs] & 0xff) << 8) | (apdu[leOfs + 1] & 0xff);
this.ne = (l3 == 0) ? 65536 : l3;
} else {
throw new IllegalArgumentException("Invalid APDU: length="
+ apdu.length + ", b1=" + l1 + ", b2||b3=" + l2);
}
}
/**
* Constructs a CommandAPDU from the four header bytes, command data,
* and expected response data length. This is case 4 in ISO 7816,
* command data and Le present. The value Nc is taken as
* <code>dataLength</code>.
* If Ne or Nc
* are zero, the APDU is encoded as case 1, 2, or 3 per ISO 7816.
*
* <p>Note that the data bytes are copied to protect against
* subsequent modification.
*
* @param cla the class byte CLA
* @param ins the instruction byte INS
* @param p1 the parameter byte P1
* @param p2 the parameter byte P2
* @param data the byte array containing the data bytes of the command body
* @param dataOffset the offset in the byte array at which the data
* bytes of the command body begin
* @param dataLength the number of the data bytes in the command body
* @param ne the maximum number of expected data bytes in a response APDU
*
* @throws NullPointerException if data is null and dataLength is not 0
* @throws IllegalArgumentException if dataOffset or dataLength are
* negative or if dataOffset + dataLength are greater than data.length,
* or if ne is negative or greater than 65536,
* or if dataLength is greater than 65535
*/
public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data,
int dataOffset, int dataLength, int ne) {
checkArrayBounds(data, dataOffset, dataLength);
if (dataLength > 65535) {
throw new IllegalArgumentException("dataLength is too large");
}
if (ne < 0) {
throw new IllegalArgumentException("ne must not be negative");
}
if (ne > 65536) {
throw new IllegalArgumentException("ne is too large");
}
this.ne = ne;
this.nc = dataLength;
if (dataLength == 0) {
if (ne == 0) {
// case 1
this.apdu = new byte[4];
setHeader(cla, ins, p1, p2);
} else {
// case 2s or 2e
if (ne <= 256) {
// case 2s
// 256 is encoded as 0x00
byte len = (ne != 256) ? (byte)ne : 0;
this.apdu = new byte[5];
setHeader(cla, ins, p1, p2);
this.apdu[4] = len;
} else {
// case 2e
byte l1, l2;
// 65536 is encoded as 0x00 0x00
if (ne == 65536) {
l1 = 0;
l2 = 0;
} else {
l1 = (byte)(ne >> 8);
l2 = (byte)ne;
}
this.apdu = new byte[7];
setHeader(cla, ins, p1, p2);
this.apdu[5] = l1;
this.apdu[6] = l2;
}
}
} else {
if (ne == 0) {
// case 3s or 3e
if (dataLength <= 255) {
// case 3s
apdu = new byte[4 + 1 + dataLength];
setHeader(cla, ins, p1, p2);
apdu[4] = (byte)dataLength;
this.dataOffset = 5;
System.arraycopy(data, dataOffset, apdu, 5, dataLength);
} else {
// case 3e
apdu = new byte[4 + 3 + dataLength];
setHeader(cla, ins, p1, p2);
apdu[4] = 0;
apdu[5] = (byte)(dataLength >> 8);
apdu[6] = (byte)dataLength;
this.dataOffset = 7;
System.arraycopy(data, dataOffset, apdu, 7, dataLength);
}
} else {
// case 4s or 4e
if ((dataLength <= 255) && (ne <= 256)) {
// case 4s
apdu = new byte[4 + 2 + dataLength];
setHeader(cla, ins, p1, p2);
apdu[4] = (byte)dataLength;
this.dataOffset = 5;
System.arraycopy(data, dataOffset, apdu, 5, dataLength);
apdu[apdu.length - 1] = (ne != 256) ? (byte)ne : 0;
} else {
// case 4e
apdu = new byte[4 + 5 + dataLength];
setHeader(cla, ins, p1, p2);
apdu[4] = 0;
apdu[5] = (byte)(dataLength >> 8);
apdu[6] = (byte)dataLength;
this.dataOffset = 7;
System.arraycopy(data, dataOffset, apdu, 7, dataLength);
if (ne != 65536) {
int leOfs = apdu.length - 2;
apdu[leOfs] = (byte)(ne >> 8);
apdu[leOfs + 1] = (byte)ne;
} // else le == 65536: no need to fill in, encoded as 0
}
}
}
}
private void setHeader(int cla, int ins, int p1, int p2) {
apdu[0] = (byte)cla;
apdu[1] = (byte)ins;
apdu[2] = (byte)p1;
apdu[3] = (byte)p2;
}
/**
* Returns the value of the class byte CLA.
*
* @return the value of the class byte CLA.
*/
public int getCLA() {
return apdu[0] & 0xff;
}
/**
* Returns the value of the instruction byte INS.
*
* @return the value of the instruction byte INS.
*/
public int getINS() {
return apdu[1] & 0xff;
}
/**
* Returns the value of the parameter byte P1.
*
* @return the value of the parameter byte P1.
*/
public int getP1() {
return apdu[2] & 0xff;
}
/**
* Returns the value of the parameter byte P2.
*
* @return the value of the parameter byte P2.
*/
public int getP2() {
return apdu[3] & 0xff;
}
/**
* Returns the number of data bytes in the command body (Nc) or 0 if this
* APDU has no body. This call is equivalent to
* <code>getData().length</code>.
*
* @return the number of data bytes in the command body or 0 if this APDU
* has no body.
*/
public int getNc() {
return nc;
}
/**
* Returns a copy of the data bytes in the command body. If this APDU as
* no body, this method returns a byte array with length zero.
*
* @return a copy of the data bytes in the command body or the empty
* byte array if this APDU has no body.
*/
public byte[] getData() {
byte[] data = new byte[nc];
System.arraycopy(apdu, dataOffset, data, 0, nc);
return data;
}
/**
* Returns the maximum number of expected data bytes in a response
* APDU (Ne).
*
* @return the maximum number of expected data bytes in a response APDU.
*/
public int getNe() {
return ne;
}
/**
* Returns a copy of the bytes in this APDU.
*
* @return a copy of the bytes in this APDU.
*/
public byte[] getBytes() {
return apdu.clone();
}
/**
* Returns a string representation of this command APDU.
*
* @return a String representation of this command APDU.
*/
public String toString() {
return "CommmandAPDU: " + apdu.length + " bytes, nc=" + nc + ", ne=" + ne;
}
/**
* Compares the specified object with this command APDU for equality.
* Returns true if the given object is also a CommandAPDU and its bytes are
* identical to the bytes in this CommandAPDU.
*
* @param obj the object to be compared for equality with this command APDU
* @return true if the specified object is equal to this command APDU
*/
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj instanceof CommandAPDU == false) {
return false;
}
CommandAPDU other = (CommandAPDU)obj;
return Arrays.equals(this.apdu, other.apdu);
}
/**
* Returns the hash code value for this command APDU.
*
* @return the hash code value for this command APDU.
*/
public int hashCode() {
return Arrays.hashCode(apdu);
}
private void readObject(java.io.ObjectInputStream in)
throws java.io.IOException, ClassNotFoundException {
apdu = (byte[])in.readUnshared();
// initialize transient fields
parse();
}
}

245
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/CommandApdu.java Normal file
View File

@@ -0,0 +1,245 @@
/*
* Copyright (C) 2016 Vincent Breitmoser <look@my.amazin.horse>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.securitytoken;
import java.util.Arrays;
import com.google.auto.value.AutoValue;
/**
* A command APDU following the structure defined in ISO/IEC 7816-4.
* It consists of a four byte header and a conditional body of variable length.
*/
@AutoValue
public abstract class CommandApdu {
public abstract int getCLA();
public abstract int getINS();
public abstract int getP1();
public abstract int getP2();
public abstract byte[] getData();
public abstract int getNe();
public static CommandApdu create(byte[] apdu, int apduOffset, int apduLength) {
return fromBytes(Arrays.copyOfRange(apdu, apduOffset, apduOffset + apduLength));
}
public static CommandApdu create(int cla, int ins, int p1, int p2) {
return create(cla, ins, p1, p2, null, 0);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, int ne) {
return create(cla, ins, p1, p2, null, ne);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, byte[] data) {
return create(cla, ins, p1, p2, data, 0);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, byte[] data, int dataOffset, int dataLength) {
if (data != null) {
data = Arrays.copyOfRange(data, dataOffset, dataOffset + dataLength);
}
return create(cla, ins, p1, p2, data, 0);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, byte[] data, int dataOffset, int dataLength,
int ne) {
if (data != null) {
data = Arrays.copyOfRange(data, dataOffset, dataOffset + dataLength);
}
return create(cla, ins, p1, p2, data, ne);
}
public static CommandApdu create(int cla, int ins, int p1, int p2, byte[] data, int ne) {
if (ne < 0) {
throw new IllegalArgumentException("ne must not be negative");
}
if (ne > 65536) {
throw new IllegalArgumentException("ne is too large");
}
if (data == null) {
data = new byte[0];
}
return new AutoValue_CommandApdu(cla, ins, p1, p2, data, ne);
}
public static CommandApdu fromBytes(byte[] apdu, int offset, int length) {
return fromBytes(Arrays.copyOfRange(apdu, offset, offset + length));
}
/**
* Command APDU encoding options:
* <p>
* case 1: |CLA|INS|P1 |P2 | len = 4
* case 2s: |CLA|INS|P1 |P2 |LE | len = 5
* case 3s: |CLA|INS|P1 |P2 |LC |...BODY...| len = 6..260
* case 4s: |CLA|INS|P1 |P2 |LC |...BODY...|LE | len = 7..261
* case 2e: |CLA|INS|P1 |P2 |00 |LE1|LE2| len = 7
* case 3e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...| len = 8..65542
* case 4e: |CLA|INS|P1 |P2 |00 |LC1|LC2|...BODY...|LE1|LE2| len =10..65544
* <p>
* LE, LE1, LE2 may be 0x00.
* LC must not be 0x00 and LC1|LC2 must not be 0x00|0x00
*/
public static CommandApdu fromBytes(byte[] apdu) {
if (apdu.length < 4) {
throw new IllegalArgumentException("apdu must be at least 4 bytes long");
}
int cla = apdu[0] & 0xff;
int ins = apdu[1] & 0xff;
int p1 = apdu[2] & 0xff;
int p2 = apdu[3] & 0xff;
final Integer dataOffset;
final Integer dataLength;
final int ne;
if (apdu.length == 4) {
// case 1
dataOffset = null;
dataLength = null;
ne = 0;
} else if (apdu.length == 5) {
// case 2s
dataOffset = null;
dataLength = null;
ne = (apdu[4] == 0) ? 256 : (apdu[4] & 0xff);
} else if (apdu[4] != 0) {
dataOffset = 5;
dataLength = apdu[4] & 0xff;
if (apdu.length == 4 + 1 + dataLength) {
// case 3s
ne = 0;
} else {
// case 4s
int l2 = apdu[apdu.length - 1] & 0xff;
ne = (l2 == 0) ? 256 : l2;
}
} else {
int l2 = ((apdu[5] & 0xff) << 8) | (apdu[6] & 0xff);
if (apdu.length == 7) {
// case 2e
dataOffset = null;
dataLength = null;
ne = (l2 == 0) ? 65536 : l2;
} else {
dataOffset = 7;
dataLength = l2;
if (apdu.length == 4 + 3 + l2) {
// case 3e
ne = 0;
} else {
// case 4e
int leOfs = apdu.length - 2;
int le = ((apdu[leOfs] & 0xff) << 8) | (apdu[leOfs + 1] & 0xff);
ne = (le == 0) ? 65536 : le;
}
}
}
byte[] data;
if (dataOffset != null) {
data = Arrays.copyOfRange(apdu, dataOffset, dataOffset + dataLength);
} else {
data = new byte[0];
}
return new AutoValue_CommandApdu(cla, ins, p1, p2, data, ne);
}
public byte[] toBytes() {
final byte[] apdu;
byte[] data = getData();
int ne = getNe();
if (data.length == 0) {
if (ne == 0) {
// case 1
apdu = new byte[4];
} else {
// case 2s or 2e
if (ne <= 256) {
// case 2s
apdu = new byte[5];
apdu[4] = (ne != 256) ? (byte) ne : 0;
} else {
// case 2e
apdu = new byte[7];
if (ne != 65536) {
apdu[5] = (byte) (ne >> 8);
apdu[6] = (byte) ne;
} else {
apdu[5] = 0;
apdu[6] = 0;
}
}
}
} else {
if (ne == 0) {
// case 3s or 3e
if (data.length <= 255) {
// case 3s
apdu = new byte[4 + 1 + data.length];
apdu[4] = (byte) data.length;
System.arraycopy(data, 0, apdu, 5, data.length);
} else {
// case 3e
apdu = new byte[4 + 3 + data.length];
apdu[4] = 0;
apdu[5] = (byte) (data.length >> 8);
apdu[6] = (byte) data.length;
System.arraycopy(data, 0, apdu, 7, data.length);
}
} else {
if (data.length <= 255 && ne <= 256) {
// case 4s
apdu = new byte[4 + 2 + data.length];
apdu[4] = (byte) data.length;
System.arraycopy(data, 0, apdu, 5, data.length);
apdu[apdu.length - 1] = (ne != 256) ? (byte) ne : 0;
} else {
// case 4e
apdu = new byte[4 + 5 + data.length];
apdu[4] = 0;
apdu[5] = (byte) (data.length >> 8);
apdu[6] = (byte) data.length;
System.arraycopy(data, 0, apdu, 7, data.length);
if (ne != 65536) {
apdu[apdu.length - 2] = (byte) (ne >> 8);
apdu[apdu.length - 1] = (byte) ne;
} else {
apdu[apdu.length - 2] = 0;
apdu[apdu.length - 1] = 0;
}
}
}
}
apdu[0] = (byte) getCLA();
apdu[1] = (byte) getINS();
apdu[2] = (byte) getP1();
apdu[3] = (byte) getP2();
return apdu;
}
}

5
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java
View File

@@ -19,7 +19,6 @@ package org.sufficientlysecure.keychain.securitytoken;
import android.nfc.Tag; import android.nfc.Tag;
import javax.smartcardio.CommandAPDU;
import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity; import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity;
import java.io.IOException; import java.io.IOException;
@@ -44,8 +43,8 @@ public class NfcTransport implements Transport {
* @throws IOException * @throws IOException
*/ */
@Override @Override
public ResponseApdu transceive(final CommandAPDU data) throws IOException { public ResponseApdu transceive(final CommandApdu data) throws IOException {
return ResponseApdu.fromBytes(mIsoCard.transceive(data.getBytes())); return ResponseApdu.fromBytes(mIsoCard.transceive(data.toBytes()));
} }
/** /**

93
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
View File

@@ -6,7 +6,6 @@ import java.util.List;
import android.support.annotation.NonNull; import android.support.annotation.NonNull;
import javax.smartcardio.CommandAPDU;
import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.encoders.Hex;
@@ -75,126 +74,126 @@ class OpenPgpCommandApduFactory {
private static final int P2_EMPTY = 0x00; private static final int P2_EMPTY = 0x00;
@NonNull @NonNull
CommandAPDU createPutDataCommand(int dataObject, byte[] data) { CommandApdu createPutDataCommand(int dataObject, byte[] data) {
return new CommandAPDU(CLA, INS_PUT_DATA, (dataObject & 0xFF00) >> 8, dataObject & 0xFF, data); return CommandApdu.create(CLA, INS_PUT_DATA, (dataObject & 0xFF00) >> 8, dataObject & 0xFF, data);
} }
@NonNull @NonNull
CommandAPDU createPutKeyCommand(byte[] keyBytes) { CommandApdu createPutKeyCommand(byte[] keyBytes) {
// the odd PUT DATA INS is for compliance with ISO 7816-8. This is used only to put key data on the card // the odd PUT DATA INS is for compliance with ISO 7816-8. This is used only to put key data on the card
return new CommandAPDU(CLA, INS_PUT_DATA_ODD, P1_PUT_DATA_ODD_KEY, P2_PUT_DATA_ODD_KEY, keyBytes); return CommandApdu.create(CLA, INS_PUT_DATA_ODD, P1_PUT_DATA_ODD_KEY, P2_PUT_DATA_ODD_KEY, keyBytes);
} }
@NonNull @NonNull
CommandAPDU createComputeDigitalSignatureCommand(byte[] data) { CommandApdu createComputeDigitalSignatureCommand(byte[] data) {
return new CommandAPDU(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_COMPUTE_DIGITAL_SIGNATURE, return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_COMPUTE_DIGITAL_SIGNATURE,
P2_PSO_COMPUTE_DIGITAL_SIGNATURE, data, MAX_APDU_NE_EXT); P2_PSO_COMPUTE_DIGITAL_SIGNATURE, data, MAX_APDU_NE_EXT);
} }
@NonNull @NonNull
CommandAPDU createDecipherCommand(byte[] data) { CommandApdu createDecipherCommand(byte[] data) {
return new CommandAPDU(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data, return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data,
MAX_APDU_NE_EXT); MAX_APDU_NE_EXT);
} }
@NonNull @NonNull
CommandAPDU createChangePw3Command(byte[] adminPin, byte[] newAdminPin) { CommandApdu createChangePw3Command(byte[] adminPin, byte[] newAdminPin) {
return new CommandAPDU(CLA, INS_CHANGE_REFERENCE_DATA, P1_EMPTY, return CommandApdu.create(CLA, INS_CHANGE_REFERENCE_DATA, P1_EMPTY,
P2_CHANGE_REFERENCE_DATA_PW3, Arrays.concatenate(adminPin, newAdminPin)); P2_CHANGE_REFERENCE_DATA_PW3, Arrays.concatenate(adminPin, newAdminPin));
} }
@NonNull @NonNull
CommandAPDU createResetPw1Command(byte[] newPin) { CommandApdu createResetPw1Command(byte[] newPin) {
return new CommandAPDU(CLA, INS_RESET_RETRY_COUNTER, P1_RESET_RETRY_COUNTER_NEW_PW, return CommandApdu.create(CLA, INS_RESET_RETRY_COUNTER, P1_RESET_RETRY_COUNTER_NEW_PW,
P2_RESET_RETRY_COUNTER, newPin); P2_RESET_RETRY_COUNTER, newPin);
} }
@NonNull @NonNull
CommandAPDU createGetDataCommand(int p1, int p2) { CommandApdu createGetDataCommand(int p1, int p2) {
return new CommandAPDU(CLA, INS_GET_DATA, p1, p2, MAX_APDU_NE_EXT); return CommandApdu.create(CLA, INS_GET_DATA, p1, p2, MAX_APDU_NE_EXT);
} }
@NonNull @NonNull
CommandAPDU createGetResponseCommand(int lastResponseSw2) { CommandApdu createGetResponseCommand(int lastResponseSw2) {
return new CommandAPDU(CLA, INS_GET_RESPONSE, P1_EMPTY, P2_EMPTY, lastResponseSw2); return CommandApdu.create(CLA, INS_GET_RESPONSE, P1_EMPTY, P2_EMPTY, lastResponseSw2);
} }
@NonNull @NonNull
CommandAPDU createVerifyPw1ForSignatureCommand(byte[] pin) { CommandApdu createVerifyPw1ForSignatureCommand(byte[] pin) {
return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_SIGN, pin); return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_SIGN, pin);
} }
@NonNull @NonNull
CommandAPDU createVerifyPw1ForOtherCommand(byte[] pin) { CommandApdu createVerifyPw1ForOtherCommand(byte[] pin) {
return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_OTHER, pin); return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW1_OTHER, pin);
} }
@NonNull @NonNull
CommandAPDU createVerifyPw3Command(byte[] pin) { CommandApdu createVerifyPw3Command(byte[] pin) {
return new CommandAPDU(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW3, pin); return CommandApdu.create(CLA, INS_VERIFY, P1_EMPTY, P2_VERIFY_PW3, pin);
} }
@NonNull @NonNull
CommandAPDU createSelectFileOpenPgpCommand() { CommandApdu createSelectFileOpenPgpCommand() {
return new CommandAPDU(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, AID_SELECT_FILE_OPENPGP); return CommandApdu.create(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, AID_SELECT_FILE_OPENPGP);
} }
@NonNull @NonNull
CommandAPDU createSelectFileCommand(String fileAid) { CommandApdu createSelectFileCommand(String fileAid) {
return new CommandAPDU(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, Hex.decode(fileAid)); return CommandApdu.create(CLA, INS_SELECT_FILE, P1_SELECT_FILE, P2_EMPTY, Hex.decode(fileAid));
} }
@NonNull @NonNull
CommandAPDU createReactivate2Command() { CommandApdu createReactivate2Command() {
return new CommandAPDU(CLA, INS_ACTIVATE_FILE, P1_EMPTY, P2_EMPTY); return CommandApdu.create(CLA, INS_ACTIVATE_FILE, P1_EMPTY, P2_EMPTY);
} }
@NonNull @NonNull
CommandAPDU createReactivate1Command() { CommandApdu createReactivate1Command() {
return new CommandAPDU(CLA, INS_TERMINATE_DF, P1_EMPTY, P2_EMPTY); return CommandApdu.create(CLA, INS_TERMINATE_DF, P1_EMPTY, P2_EMPTY);
} }
@NonNull @NonNull
CommandAPDU createInternalAuthForSecureMessagingCommand(byte[] authData) { CommandApdu createInternalAuthForSecureMessagingCommand(byte[] authData) {
return new CommandAPDU(CLA, INS_INTERNAL_AUTHENTICATE, P1_INTERNAL_AUTH_SECURE_MESSAGING, P2_EMPTY, authData, return CommandApdu.create(CLA, INS_INTERNAL_AUTHENTICATE, P1_INTERNAL_AUTH_SECURE_MESSAGING, P2_EMPTY, authData,
MAX_APDU_NE_EXT); MAX_APDU_NE_EXT);
} }
@NonNull @NonNull
CommandAPDU createGenerateKeyCommand(int slot) { CommandApdu createGenerateKeyCommand(int slot) {
return new CommandAPDU(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR, return CommandApdu.create(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR,
P1_GAKP_GENERATE, P2_EMPTY, new byte[] { (byte) slot, 0x00 }, MAX_APDU_NE_EXT); P1_GAKP_GENERATE, P2_EMPTY, new byte[] { (byte) slot, 0x00 }, MAX_APDU_NE_EXT);
} }
@NonNull @NonNull
CommandAPDU createRetrieveSecureMessagingPublicKeyCommand() { CommandApdu createRetrieveSecureMessagingPublicKeyCommand() {
// see https://github.com/ANSSI-FR/SmartPGP/blob/master/secure_messaging/smartpgp_sm.pdf // see https://github.com/ANSSI-FR/SmartPGP/blob/master/secure_messaging/smartpgp_sm.pdf
return new CommandAPDU(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR, P1_GAKP_READ_PUBKEY_TEMPLATE, P2_EMPTY, return CommandApdu.create(CLA, INS_GENERATE_ASYMMETRIC_KEY_PAIR, P1_GAKP_READ_PUBKEY_TEMPLATE, P2_EMPTY,
CRT_GAKP_SECURE_MESSAGING, MAX_APDU_NE_EXT); CRT_GAKP_SECURE_MESSAGING, MAX_APDU_NE_EXT);
} }
@NonNull @NonNull
CommandAPDU createSelectSecureMessagingCertificateCommand() { CommandApdu createSelectSecureMessagingCertificateCommand() {
// see https://github.com/ANSSI-FR/SmartPGP/blob/master/secure_messaging/smartpgp_sm.pdf // see https://github.com/ANSSI-FR/SmartPGP/blob/master/secure_messaging/smartpgp_sm.pdf
// this command selects the fourth occurence of data tag 7F21 // this command selects the fourth occurence of data tag 7F21
return new CommandAPDU(CLA, INS_SELECT_DATA, P1_SELECT_DATA_FOURTH, P2_SELECT_DATA, return CommandApdu.create(CLA, INS_SELECT_DATA, P1_SELECT_DATA_FOURTH, P2_SELECT_DATA,
CP_SELECT_DATA_CARD_HOLDER_CERT); CP_SELECT_DATA_CARD_HOLDER_CERT);
} }
@NonNull @NonNull
CommandAPDU createGetDataCardHolderCertCommand() { CommandApdu createGetDataCardHolderCertCommand() {
return createGetDataCommand(P1_GET_DATA_CARD_HOLDER_CERT, P2_GET_DATA_CARD_HOLDER_CERT); return createGetDataCommand(P1_GET_DATA_CARD_HOLDER_CERT, P2_GET_DATA_CARD_HOLDER_CERT);
} }
@NonNull @NonNull
CommandAPDU createShortApdu(CommandAPDU apdu) { CommandApdu createShortApdu(CommandApdu apdu) {
int ne = Math.min(apdu.getNe(), MAX_APDU_NE); int ne = Math.min(apdu.getNe(), MAX_APDU_NE);
return new CommandAPDU(apdu.getCLA(), apdu.getINS(), apdu.getP1(), apdu.getP2(), apdu.getData(), ne); return CommandApdu.create(apdu.getCLA(), apdu.getINS(), apdu.getP1(), apdu.getP2(), apdu.getData(), ne);
} }
@NonNull @NonNull
List<CommandAPDU> createChainedApdus(CommandAPDU apdu) { List<CommandApdu> createChainedApdus(CommandApdu apdu) {
ArrayList<CommandAPDU> result = new ArrayList<>(); ArrayList<CommandApdu> result = new ArrayList<>();
int offset = 0; int offset = 0;
byte[] data = apdu.getData(); byte[] data = apdu.getData();
@@ -204,8 +203,8 @@ class OpenPgpCommandApduFactory {
boolean last = offset + curLen >= data.length; boolean last = offset + curLen >= data.length;
int cla = apdu.getCLA() + (last ? 0 : MASK_CLA_CHAINING); int cla = apdu.getCLA() + (last ? 0 : MASK_CLA_CHAINING);
CommandAPDU cmd = CommandApdu cmd =
new CommandAPDU(cla, apdu.getINS(), apdu.getP1(), apdu.getP2(), data, offset, curLen, ne); CommandApdu.create(cla, apdu.getINS(), apdu.getP1(), apdu.getP2(), data, offset, curLen, ne);
result.add(cmd); result.add(cmd);
offset += curLen; offset += curLen;
@@ -214,7 +213,7 @@ class OpenPgpCommandApduFactory {
return result; return result;
} }
boolean isSuitableForShortApdu(CommandAPDU apdu) { boolean isSuitableForShortApdu(CommandApdu apdu) {
return apdu.getData().length <= MAX_APDU_NC; return apdu.getData().length <= MAX_APDU_NC;
} }
} }

7
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java
View File

@@ -66,7 +66,6 @@ import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import javax.smartcardio.CommandAPDU;
import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.ECNamedCurveTable; import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ECParameters;
@@ -276,7 +275,7 @@ class SCP11bSecureMessaging implements SecureMessaging {
static void establish(final SecurityTokenConnection t, final Context ctx, OpenPgpCommandApduFactory commandFactory) static void establish(final SecurityTokenConnection t, final Context ctx, OpenPgpCommandApduFactory commandFactory)
throws SecureMessagingException, IOException { throws SecureMessagingException, IOException {
CommandAPDU cmd; CommandApdu cmd;
ResponseApdu resp; ResponseApdu resp;
Iso7816TLV[] tlvs; Iso7816TLV[] tlvs;
@@ -501,7 +500,7 @@ class SCP11bSecureMessaging implements SecureMessaging {
@Override @Override
public CommandAPDU encryptAndSign(CommandAPDU apdu) public CommandApdu encryptAndSign(CommandApdu apdu)
throws SecureMessagingException { throws SecureMessagingException {
if (!isEstablished()) { if (!isEstablished()) {
@@ -579,7 +578,7 @@ class SCP11bSecureMessaging implements SecureMessaging {
} }
odata[ooff++] = (byte) 0; odata[ooff++] = (byte) 0;
apdu = new CommandAPDU(odata, 0, ooff); apdu = CommandApdu.fromBytes(odata, 0, ooff);
Arrays.fill(odata, (byte)0); Arrays.fill(odata, (byte)0);

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecureMessaging.java
View File

@@ -17,8 +17,6 @@
package org.sufficientlysecure.keychain.securitytoken; package org.sufficientlysecure.keychain.securitytoken;
import javax.smartcardio.CommandAPDU;
public interface SecureMessaging { public interface SecureMessaging {
@@ -26,7 +24,7 @@ public interface SecureMessaging {
boolean isEstablished(); boolean isEstablished();
CommandAPDU encryptAndSign(CommandAPDU apdu) throws SecureMessagingException; CommandApdu encryptAndSign(CommandApdu apdu) throws SecureMessagingException;
ResponseApdu verifyAndDecrypt(ResponseApdu apdu) throws SecureMessagingException; ResponseApdu verifyAndDecrypt(ResponseApdu apdu) throws SecureMessagingException;
} }

35
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
View File

@@ -46,7 +46,6 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException; import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import javax.smartcardio.CommandAPDU;
import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException; import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException;
import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.Log;
@@ -181,7 +180,7 @@ public class SecurityTokenConnection {
// Connect on smartcard layer // Connect on smartcard layer
// Command APDU (page 51) for SELECT FILE command (page 29) // Command APDU (page 51) for SELECT FILE command (page 29)
CommandAPDU select = commandFactory.createSelectFileOpenPgpCommand(); CommandApdu select = commandFactory.createSelectFileOpenPgpCommand();
ResponseApdu response = communicate(select); // activate connection ResponseApdu response = communicate(select); // activate connection
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -218,7 +217,7 @@ public class SecurityTokenConnection {
} }
// Command APDU for RESET RETRY COUNTER command (page 33) // Command APDU for RESET RETRY COUNTER command (page 33)
CommandAPDU changePin = commandFactory.createResetPw1Command(newPin); CommandApdu changePin = commandFactory.createResetPw1Command(newPin);
ResponseApdu response = communicate(changePin); ResponseApdu response = communicate(changePin);
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -243,7 +242,7 @@ public class SecurityTokenConnection {
byte[] pin = adminPin.toStringUnsafe().getBytes(); byte[] pin = adminPin.toStringUnsafe().getBytes();
CommandAPDU changePin = commandFactory.createChangePw3Command(pin, newAdminPin); CommandApdu changePin = commandFactory.createChangePw3Command(pin, newAdminPin);
ResponseApdu response = communicate(changePin); ResponseApdu response = communicate(changePin);
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -323,7 +322,7 @@ public class SecurityTokenConnection {
throw new CardException("Unknown encryption key type!"); throw new CardException("Unknown encryption key type!");
} }
CommandAPDU command = commandFactory.createDecipherCommand(data); CommandApdu command = commandFactory.createDecipherCommand(data);
ResponseApdu response = communicate(command); ResponseApdu response = communicate(command);
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -450,7 +449,7 @@ public class SecurityTokenConnection {
verifyAdminPin(adminPin); verifyAdminPin(adminPin);
} }
CommandAPDU command = commandFactory.createPutDataCommand(dataObject, data); CommandApdu command = commandFactory.createPutDataCommand(dataObject, data);
ResponseApdu response = communicate(command); // put data ResponseApdu response = communicate(command); // put data
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -549,7 +548,7 @@ public class SecurityTokenConnection {
throw new IOException(e.getMessage()); throw new IOException(e.getMessage());
} }
CommandAPDU apdu = commandFactory.createPutKeyCommand(keyBytes); CommandApdu apdu = commandFactory.createPutKeyCommand(keyBytes);
ResponseApdu response = communicate(apdu); ResponseApdu response = communicate(apdu);
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -564,7 +563,7 @@ public class SecurityTokenConnection {
* @return The fingerprints of all subkeys in a contiguous byte array. * @return The fingerprints of all subkeys in a contiguous byte array.
*/ */
public byte[] getFingerprints() throws IOException { public byte[] getFingerprints() throws IOException {
CommandAPDU apdu = commandFactory.createGetDataCommand(0x00, 0x6E); CommandApdu apdu = commandFactory.createGetDataCommand(0x00, 0x6E);
ResponseApdu response = communicate(apdu); ResponseApdu response = communicate(apdu);
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -694,7 +693,7 @@ public class SecurityTokenConnection {
} }
// Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37) // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
CommandAPDU command = commandFactory.createComputeDigitalSignatureCommand(data); CommandApdu command = commandFactory.createComputeDigitalSignatureCommand(data);
ResponseApdu response = communicate(command); ResponseApdu response = communicate(command);
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -748,7 +747,7 @@ public class SecurityTokenConnection {
* @return response from the card * @return response from the card
* @throws IOException * @throws IOException
*/ */
ResponseApdu communicate(CommandAPDU apdu) throws IOException { ResponseApdu communicate(CommandApdu apdu) throws IOException {
if ((mSecureMessaging != null) && mSecureMessaging.isEstablished()) { if ((mSecureMessaging != null) && mSecureMessaging.isEstablished()) {
try { try {
apdu = mSecureMessaging.encryptAndSign(apdu); apdu = mSecureMessaging.encryptAndSign(apdu);
@@ -763,12 +762,12 @@ public class SecurityTokenConnection {
if (mCardCapabilities.hasExtended()) { if (mCardCapabilities.hasExtended()) {
lastResponse = mTransport.transceive(apdu); lastResponse = mTransport.transceive(apdu);
} else if (commandFactory.isSuitableForShortApdu(apdu)) { } else if (commandFactory.isSuitableForShortApdu(apdu)) {
CommandAPDU shortApdu = commandFactory.createShortApdu(apdu); CommandApdu shortApdu = commandFactory.createShortApdu(apdu);
lastResponse = mTransport.transceive(shortApdu); lastResponse = mTransport.transceive(shortApdu);
} else if (mCardCapabilities.hasChaining()) { } else if (mCardCapabilities.hasChaining()) {
List<CommandAPDU> chainedApdus = commandFactory.createChainedApdus(apdu); List<CommandApdu> chainedApdus = commandFactory.createChainedApdus(apdu);
for (int i = 0, totalCommands = chainedApdus.size(); i < totalCommands; i++) { for (int i = 0, totalCommands = chainedApdus.size(); i < totalCommands; i++) {
CommandAPDU chainedApdu = chainedApdus.get(i); CommandApdu chainedApdu = chainedApdus.get(i);
lastResponse = mTransport.transceive(chainedApdu); lastResponse = mTransport.transceive(chainedApdu);
boolean isLastCommand = i < totalCommands - 1; boolean isLastCommand = i < totalCommands - 1;
@@ -787,7 +786,7 @@ public class SecurityTokenConnection {
// Receive // Receive
while (lastResponse.getSw1() == APDU_SW1_RESPONSE_AVAILABLE) { while (lastResponse.getSw1() == APDU_SW1_RESPONSE_AVAILABLE) {
// GET RESPONSE ISO/IEC 7816-4 par.7.6.1 // GET RESPONSE ISO/IEC 7816-4 par.7.6.1
CommandAPDU getResponse = commandFactory.createGetResponseCommand(lastResponse.getSw2()); CommandApdu getResponse = commandFactory.createGetResponseCommand(lastResponse.getSw2());
lastResponse = mTransport.transceive(getResponse); lastResponse = mTransport.transceive(getResponse);
result.write(lastResponse.getData()); result.write(lastResponse.getData());
} }
@@ -814,7 +813,7 @@ public class SecurityTokenConnection {
try { try {
// By trying to select any apps that have the Fidesmo AID prefix we can // By trying to select any apps that have the Fidesmo AID prefix we can
// see if it is a Fidesmo device or not // see if it is a Fidesmo device or not
CommandAPDU apdu = commandFactory.createSelectFileCommand(FIDESMO_APPS_AID_PREFIX); CommandApdu apdu = commandFactory.createSelectFileCommand(FIDESMO_APPS_AID_PREFIX);
return communicate(apdu).isSuccess(); return communicate(apdu).isSuccess();
} catch (IOException e) { } catch (IOException e) {
Log.e(Constants.TAG, "Card communication failed!", e); Log.e(Constants.TAG, "Card communication failed!", e);
@@ -846,7 +845,7 @@ public class SecurityTokenConnection {
verifyAdminPin(adminPin); verifyAdminPin(adminPin);
} }
CommandAPDU apdu = commandFactory.createGenerateKeyCommand(slot); CommandApdu apdu = commandFactory.createGenerateKeyCommand(slot);
ResponseApdu response = communicate(apdu); ResponseApdu response = communicate(apdu);
if (!response.isSuccess()) { if (!response.isSuccess()) {
@@ -888,8 +887,8 @@ public class SecurityTokenConnection {
// reactivate token! // reactivate token!
// NOTE: keep the order here! First execute _both_ reactivate commands. Before checking _both_ responses // NOTE: keep the order here! First execute _both_ reactivate commands. Before checking _both_ responses
// If a token is in a bad state and reactivate1 fails, it could still be reactivated with reactivate2 // If a token is in a bad state and reactivate1 fails, it could still be reactivated with reactivate2
CommandAPDU reactivate1 = commandFactory.createReactivate1Command(); CommandApdu reactivate1 = commandFactory.createReactivate1Command();
CommandAPDU reactivate2 = commandFactory.createReactivate2Command(); CommandApdu reactivate2 = commandFactory.createReactivate2Command();
ResponseApdu response1 = communicate(reactivate1); ResponseApdu response1 = communicate(reactivate1);
ResponseApdu response2 = communicate(reactivate2); ResponseApdu response2 = communicate(reactivate2);
if (!response1.isSuccess()) { if (!response1.isSuccess()) {

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/Transport.java
View File

@@ -17,8 +17,6 @@
package org.sufficientlysecure.keychain.securitytoken; package org.sufficientlysecure.keychain.securitytoken;
import javax.smartcardio.CommandAPDU;
import java.io.IOException; import java.io.IOException;
/** /**
@@ -31,7 +29,7 @@ public interface Transport {
* @return received data * @return received data
* @throws IOException * @throws IOException
*/ */
ResponseApdu transceive(CommandAPDU data) throws IOException; ResponseApdu transceive(CommandApdu data) throws IOException;
/** /**
* Disconnect and release connection * Disconnect and release connection

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java
View File

@@ -29,7 +29,7 @@ import android.util.Pair;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.securitytoken.Transport; import org.sufficientlysecure.keychain.securitytoken.Transport;
import javax.smartcardio.CommandAPDU; import org.sufficientlysecure.keychain.securitytoken.CommandApdu;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu; import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
import org.sufficientlysecure.keychain.securitytoken.usb.tpdu.T1ShortApduProtocol; import org.sufficientlysecure.keychain.securitytoken.usb.tpdu.T1ShortApduProtocol;
import org.sufficientlysecure.keychain.securitytoken.usb.tpdu.T1TpduProtocol; import org.sufficientlysecure.keychain.securitytoken.usb.tpdu.T1TpduProtocol;
@@ -183,8 +183,8 @@ public class UsbTransport implements Transport {
* @return received data * @return received data
*/ */
@Override @Override
public ResponseApdu transceive(CommandAPDU data) throws UsbTransportException { public ResponseApdu transceive(CommandApdu data) throws UsbTransportException {
return ResponseApdu.fromBytes(ccidTransportProtocol.transceive(data.getBytes())); return ResponseApdu.fromBytes(ccidTransportProtocol.transceive(data.toBytes()));
} }
@Override @Override