From a4af2f7f5c4ec9c4d4fe8fe6a251d50b75379cf4 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Fri, 13 Oct 2017 16:57:12 +0200 Subject: [PATCH] rewrite ResponseApdu --- .../java/javax/smartcardio/CommandAPDU.java | 5 +- .../java/javax/smartcardio/ResponseAPDU.java | 184 ------------------ .../keychain/securitytoken/NfcTransport.java | 5 +- .../keychain/securitytoken/ResponseApdu.java | 62 ++++++ .../securitytoken/SCP11bSecureMessaging.java | 36 ++-- .../securitytoken/SecureMessaging.java | 6 +- .../SecurityTokenConnection.java | 122 ++++++------ .../keychain/securitytoken/Transport.java | 3 +- .../securitytoken/usb/UsbTransport.java | 6 +- 9 files changed, 151 insertions(+), 278 deletions(-) delete mode 100644 OpenKeychain/src/main/java/javax/smartcardio/ResponseAPDU.java create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/ResponseApdu.java diff --git a/OpenKeychain/src/main/java/javax/smartcardio/CommandAPDU.java b/OpenKeychain/src/main/java/javax/smartcardio/CommandAPDU.java index 936d450d0..30e8331cd 100644 --- a/OpenKeychain/src/main/java/javax/smartcardio/CommandAPDU.java +++ b/OpenKeychain/src/main/java/javax/smartcardio/CommandAPDU.java @@ -29,6 +29,9 @@ import java.util.Arrays; import java.nio.ByteBuffer; +import org.sufficientlysecure.keychain.securitytoken.ResponseApdu; + + /** * A command APDU following the structure defined in ISO/IEC 7816-4. * It consists of a four byte header and a conditional body of variable length. @@ -55,7 +58,7 @@ import java.nio.ByteBuffer; *

Instances of this class are immutable. Where data is passed in or out * via byte arrays, defensive cloning is performed. * - * @see ResponseAPDU + * @see ResponseApdu * * @since 1.6 * @author Andreas Sterbenz diff --git a/OpenKeychain/src/main/java/javax/smartcardio/ResponseAPDU.java b/OpenKeychain/src/main/java/javax/smartcardio/ResponseAPDU.java deleted file mode 100644 index b135a2e82..000000000 --- a/OpenKeychain/src/main/java/javax/smartcardio/ResponseAPDU.java +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package javax.smartcardio; - -import java.util.Arrays; - -/** - * A response APDU as defined in ISO/IEC 7816-4. It consists of a conditional - * body and a two byte trailer. - * This class does not attempt to verify that the APDU encodes a semantically - * valid response. - * - *

Instances of this class are immutable. Where data is passed in or out - * via byte arrays, defensive cloning is performed. - * - * @see CommandAPDU - * - * @since 1.6 - * @author Andreas Sterbenz - * @author JSR 268 Expert Group - */ -public final class ResponseAPDU implements java.io.Serializable { - - private static final long serialVersionUID = 6962744978375594225L; - - /** @serial */ - private byte[] apdu; - - /** - * Constructs a ResponseAPDU from a byte array containing the complete - * APDU contents (conditional body and trailed). - * - *

Note that the byte array is cloned to protect against subsequent - * modification. - * - * @param apdu the complete response APDU - * - * @throws NullPointerException if apdu is null - * @throws IllegalArgumentException if apdu.length is less than 2 - */ - public ResponseAPDU(byte[] apdu) { - apdu = apdu.clone(); - check(apdu); - this.apdu = apdu; - } - - private static void check(byte[] apdu) { - if (apdu.length < 2) { - throw new IllegalArgumentException("apdu must be at least 2 bytes long"); - } - } - - /** - * Returns the number of data bytes in the response body (Nr) or 0 if this - * APDU has no body. This call is equivalent to - * getData().length. - * - * @return the number of data bytes in the response body or 0 if this APDU - * has no body. - */ - public int getNr() { - return apdu.length - 2; - } - - /** - * Returns a copy of the data bytes in the response body. If this APDU as - * no body, this method returns a byte array with a length of zero. - * - * @return a copy of the data bytes in the response body or the empty - * byte array if this APDU has no body. - */ - public byte[] getData() { - byte[] data = new byte[apdu.length - 2]; - System.arraycopy(apdu, 0, data, 0, data.length); - return data; - } - - /** - * Returns the value of the status byte SW1 as a value between 0 and 255. - * - * @return the value of the status byte SW1 as a value between 0 and 255. - */ - public int getSW1() { - return apdu[apdu.length - 2] & 0xff; - } - - /** - * Returns the value of the status byte SW2 as a value between 0 and 255. - * - * @return the value of the status byte SW2 as a value between 0 and 255. - */ - public int getSW2() { - return apdu[apdu.length - 1] & 0xff; - } - - /** - * Returns the value of the status bytes SW1 and SW2 as a single - * status word SW. - * It is defined as - * (getSW1() << 8) | getSW2(). - * - * @return the value of the status word SW. - */ - public int getSW() { - return (getSW1() << 8) | getSW2(); - } - - /** - * Returns a copy of the bytes in this APDU. - * - * @return a copy of the bytes in this APDU. - */ - public byte[] getBytes() { - return apdu.clone(); - } - - /** - * Returns a string representation of this response APDU. - * - * @return a String representation of this response APDU. - */ - public String toString() { - return "ResponseAPDU: " + apdu.length + " bytes, SW=" - + Integer.toHexString(getSW()); - } - - /** - * Compares the specified object with this response APDU for equality. - * Returns true if the given object is also a ResponseAPDU and its bytes are - * identical to the bytes in this ResponseAPDU. - * - * @param obj the object to be compared for equality with this response APDU - * @return true if the specified object is equal to this response APDU - */ - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj instanceof ResponseAPDU == false) { - return false; - } - ResponseAPDU other = (ResponseAPDU)obj; - return Arrays.equals(this.apdu, other.apdu); - } - - /** - * Returns the hash code value for this response APDU. - * - * @return the hash code value for this response APDU. - */ - public int hashCode() { - return Arrays.hashCode(apdu); - } - - private void readObject(java.io.ObjectInputStream in) - throws java.io.IOException, ClassNotFoundException { - apdu = (byte[])in.readUnshared(); - check(apdu); - } - -} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java index 1485754ef..ac1c653ed 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/NfcTransport.java @@ -20,7 +20,6 @@ package org.sufficientlysecure.keychain.securitytoken; import android.nfc.Tag; import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity; import java.io.IOException; @@ -45,8 +44,8 @@ public class NfcTransport implements Transport { * @throws IOException */ @Override - public ResponseAPDU transceive(final CommandAPDU data) throws IOException { - return new ResponseAPDU(mIsoCard.transceive(data.getBytes())); + public ResponseApdu transceive(final CommandAPDU data) throws IOException { + return ResponseApdu.fromBytes(mIsoCard.transceive(data.getBytes())); } /** diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/ResponseApdu.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/ResponseApdu.java new file mode 100644 index 000000000..0ace27b71 --- /dev/null +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/ResponseApdu.java @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2016 Vincent Breitmoser + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package org.sufficientlysecure.keychain.securitytoken; + +import java.util.Arrays; + +import com.google.auto.value.AutoValue; + + +/** A response APDU as defined in ISO/IEC 7816-4. */ +@AutoValue +public abstract class ResponseApdu { + private static final int APDU_SW_SUCCESS = 0x9000; + + public abstract byte[] getData(); + public abstract int getSw1(); + public abstract int getSw2(); + + public static ResponseApdu fromBytes(byte[] apdu) { + if (apdu.length < 2) { + throw new IllegalArgumentException("Response apdu must be 2 bytes or larger!"); + } + byte[] data = Arrays.copyOfRange(apdu, 0, apdu.length - 2); + int sw1 = apdu[apdu.length -2] & 0xff; + int sw2 = apdu[apdu.length -1] & 0xff; + return new AutoValue_ResponseApdu(data, sw1, sw2); + } + + public int getSw() { + return (getSw1() << 8) | getSw2(); + } + + public boolean isSuccess() { + return getSw() == APDU_SW_SUCCESS; + } + + public byte[] toBytes() { + byte[] data = getData(); + byte[] bytes = new byte[data.length + 2]; + System.arraycopy(data, 0, bytes, 0, data.length); + + bytes[bytes.length -2] = (byte) getSw1(); + bytes[bytes.length -1] = (byte) getSw2(); + + return bytes; + } +} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java index c021ad662..a135caae9 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SCP11bSecureMessaging.java @@ -67,7 +67,6 @@ import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.x9.ECNamedCurveTable; import org.bouncycastle.asn1.x9.X9ECParameters; @@ -278,7 +277,7 @@ class SCP11bSecureMessaging implements SecureMessaging { throws SecureMessagingException, IOException { CommandAPDU cmd; - ResponseAPDU resp; + ResponseApdu resp; Iso7816TLV[] tlvs; t.clearSecureMessaging(); @@ -286,7 +285,7 @@ class SCP11bSecureMessaging implements SecureMessaging { // retrieving key algorithm cmd = commandFactory.createGetDataCommand(0x00, OPENPGP_SECURE_MESSAGING_KEY_ATTRIBUTES_TAG); resp = t.communicate(cmd); - if (resp.getSW() != SecurityTokenConnection.APDU_SW_SUCCESS) { + if (!resp.isSuccess()) { throw new SecureMessagingException("failed to retrieve secure messaging key attributes"); } tlvs = Iso7816TLV.readList(resp.getData(), true); @@ -317,12 +316,12 @@ class SCP11bSecureMessaging implements SecureMessaging { // retrieving certificate cmd = commandFactory.createSelectSecureMessagingCertificateCommand(); resp = t.communicate(cmd); - if (resp.getSW() != SecurityTokenConnection.APDU_SW_SUCCESS) { + if (!resp.isSuccess()) { throw new SecureMessagingException("failed to select secure messaging certificate"); } cmd = commandFactory.createGetDataCardHolderCertCommand(); resp = t.communicate(cmd); - if (resp.getSW() != SecurityTokenConnection.APDU_SW_SUCCESS) { + if (!resp.isSuccess()) { throw new SecureMessagingException("failed to retrieve secure messaging certificate"); } @@ -331,7 +330,7 @@ class SCP11bSecureMessaging implements SecureMessaging { } else { cmd = commandFactory.createRetrieveSecureMessagingPublicKeyCommand(); resp = t.communicate(cmd); - if (resp.getSW() != SecurityTokenConnection.APDU_SW_SUCCESS) { + if (!resp.isSuccess()) { throw new SecureMessagingException("failed to retrieve secure messaging public key"); } tlvs = Iso7816TLV.readList(resp.getData(), true); @@ -391,7 +390,7 @@ class SCP11bSecureMessaging implements SecureMessaging { cmd = commandFactory.createInternalAuthForSecureMessagingCommand(pkout.toByteArray()); resp = t.communicate(cmd); - if (resp.getSW() != SecurityTokenConnection.APDU_SW_SUCCESS) { + if (!resp.isSuccess()) { throw new SecureMessagingException("failed to initiate internal authenticate"); } @@ -605,7 +604,7 @@ class SCP11bSecureMessaging implements SecureMessaging { @Override - public ResponseAPDU verifyAndDecrypt(ResponseAPDU apdu) + public ResponseApdu verifyAndDecrypt(ResponseApdu apdu) throws SecureMessagingException { if (!isEstablished()) { @@ -614,10 +613,9 @@ class SCP11bSecureMessaging implements SecureMessaging { byte[] data = apdu.getData(); - if ((data.length == 0) && - (apdu.getSW() != 0x9000) && - (apdu.getSW1() != 0x62) && - (apdu.getSW1() != 0x63)) { + if ((data.length == 0) && !apdu.isSuccess() && + (apdu.getSw1() != 0x62) && + (apdu.getSw1() != 0x63)) { return apdu; } @@ -634,8 +632,8 @@ class SCP11bSecureMessaging implements SecureMessaging { if ((data.length - SCP11_MAC_LENGTH) > 0) { mac.update(data, 0, data.length - SCP11_MAC_LENGTH); } - mac.update((byte) apdu.getSW1()); - mac.update((byte) apdu.getSW2()); + mac.update((byte) apdu.getSw1()); + mac.update((byte) apdu.getSw2()); final byte[] sig = mac.doFinal(); @@ -675,19 +673,19 @@ class SCP11bSecureMessaging implements SecureMessaging { final byte[] datasw = new byte[i + 2]; System.arraycopy(data, 0, datasw, 0, i); - datasw[datasw.length - 2] = (byte) apdu.getSW1(); - datasw[datasw.length - 1] = (byte) apdu.getSW2(); + datasw[datasw.length - 2] = (byte) apdu.getSw1(); + datasw[datasw.length - 1] = (byte) apdu.getSw2(); Arrays.fill(data, (byte) 0); data = datasw; } else { data = new byte[2]; - data[0] = (byte) apdu.getSW1(); - data[1] = (byte) apdu.getSW2(); + data[0] = (byte) apdu.getSw1(); + data[1] = (byte) apdu.getSw2(); } - apdu = new ResponseAPDU(data); + apdu = ResponseApdu.fromBytes(data); return apdu; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecureMessaging.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecureMessaging.java index 4107a3e18..a43219b2a 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecureMessaging.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecureMessaging.java @@ -17,10 +17,8 @@ package org.sufficientlysecure.keychain.securitytoken; -import java.io.IOException; - import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; + public interface SecureMessaging { @@ -30,5 +28,5 @@ public interface SecureMessaging { CommandAPDU encryptAndSign(CommandAPDU apdu) throws SecureMessagingException; - ResponseAPDU verifyAndDecrypt(ResponseAPDU apdu) throws SecureMessagingException; + ResponseApdu verifyAndDecrypt(ResponseApdu apdu) throws SecureMessagingException; } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java index dde5bc9ea..9501697e3 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java @@ -47,7 +47,6 @@ import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.SecretKeySpec; import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException; import org.sufficientlysecure.keychain.util.Log; @@ -73,7 +72,6 @@ import java.util.List; * For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf */ public class SecurityTokenConnection { - static final int APDU_SW_SUCCESS = 0x9000; private static final int APDU_SW1_RESPONSE_AVAILABLE = 0x61; // Fidesmo constants @@ -184,10 +182,10 @@ public class SecurityTokenConnection { // Connect on smartcard layer // Command APDU (page 51) for SELECT FILE command (page 29) CommandAPDU select = commandFactory.createSelectFileOpenPgpCommand(); - ResponseAPDU response = communicate(select); // activate connection + ResponseApdu response = communicate(select); // activate connection - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Initialization failed!", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Initialization failed!", response.getSw()); } mOpenPgpCapabilities = new OpenPgpCapabilities(getData(0x00, 0x6E)); @@ -221,10 +219,10 @@ public class SecurityTokenConnection { // Command APDU for RESET RETRY COUNTER command (page 33) CommandAPDU changePin = commandFactory.createResetPw1Command(newPin); - ResponseAPDU response = communicate(changePin); + ResponseApdu response = communicate(changePin); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Failed to change PIN", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Failed to change PIN", response.getSw()); } } @@ -246,10 +244,10 @@ public class SecurityTokenConnection { byte[] pin = adminPin.toStringUnsafe().getBytes(); CommandAPDU changePin = commandFactory.createChangePw3Command(pin, newAdminPin); - ResponseAPDU response = communicate(changePin); + ResponseApdu response = communicate(changePin); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Failed to change PIN", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Failed to change PIN", response.getSw()); } } @@ -326,10 +324,10 @@ public class SecurityTokenConnection { } CommandAPDU command = commandFactory.createDecipherCommand(data); - ResponseAPDU response = communicate(command); + ResponseApdu response = communicate(command); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Deciphering with Security token failed on receive", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Deciphering with Security token failed on receive", response.getSw()); } switch (mOpenPgpCapabilities.getFormatForKeyType(KeyType.ENCRYPT).keyFormatType()) { @@ -394,9 +392,9 @@ public class SecurityTokenConnection { private void verifyPinForSignature() throws IOException { byte[] pin = mPin.toStringUnsafe().getBytes(); - ResponseAPDU response = communicate(commandFactory.createVerifyPw1ForSignatureCommand(pin)); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Bad PIN!", response.getSW()); + ResponseApdu response = communicate(commandFactory.createVerifyPw1ForSignatureCommand(pin)); + if (!response.isSuccess()) { + throw new CardException("Bad PIN!", response.getSw()); } mPw1ValidatedForSignature = true; @@ -409,9 +407,9 @@ public class SecurityTokenConnection { byte[] pin = mPin.toStringUnsafe().getBytes(); // Command APDU for VERIFY command (page 32) - ResponseAPDU response = communicate(commandFactory.createVerifyPw1ForOtherCommand(pin)); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Bad PIN!", response.getSW()); + ResponseApdu response = communicate(commandFactory.createVerifyPw1ForOtherCommand(pin)); + if (!response.isSuccess()) { + throw new CardException("Bad PIN!", response.getSw()); } mPw1ValidatedForDecrypt = true; @@ -422,10 +420,10 @@ public class SecurityTokenConnection { */ private void verifyAdminPin(Passphrase adminPin) throws IOException { // Command APDU for VERIFY command (page 32) - ResponseAPDU response = + ResponseApdu response = communicate(commandFactory.createVerifyPw3Command(adminPin.toStringUnsafe().getBytes())); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Bad PIN!", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Bad PIN!", response.getSw()); } mPw3Validated = true; @@ -453,10 +451,10 @@ public class SecurityTokenConnection { } CommandAPDU command = commandFactory.createPutDataCommand(dataObject, data); - ResponseAPDU response = communicate(command); // put data + ResponseApdu response = communicate(command); // put data - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Failed to put data.", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Failed to put data.", response.getSw()); } } @@ -552,10 +550,10 @@ public class SecurityTokenConnection { } CommandAPDU apdu = commandFactory.createPutKeyCommand(keyBytes); - ResponseAPDU response = communicate(apdu); + ResponseApdu response = communicate(apdu); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Key export to Security Token failed", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Key export to Security Token failed", response.getSw()); } } @@ -567,10 +565,10 @@ public class SecurityTokenConnection { */ public byte[] getFingerprints() throws IOException { CommandAPDU apdu = commandFactory.createGetDataCommand(0x00, 0x6E); - ResponseAPDU response = communicate(apdu); + ResponseApdu response = communicate(apdu); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Failed to get fingerprints", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Failed to get fingerprints", response.getSw()); } Iso7816TLV[] tlvList = Iso7816TLV.readList(response.getData(), true); @@ -614,9 +612,9 @@ public class SecurityTokenConnection { } private byte[] getData(int p1, int p2) throws IOException { - ResponseAPDU response = communicate(commandFactory.createGetDataCommand(p1, p2)); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Failed to get pw status bytes", response.getSW()); + ResponseApdu response = communicate(commandFactory.createGetDataCommand(p1, p2)); + if (!response.isSuccess()) { + throw new CardException("Failed to get pw status bytes", response.getSw()); } return response.getData(); } @@ -697,10 +695,10 @@ public class SecurityTokenConnection { // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37) CommandAPDU command = commandFactory.createComputeDigitalSignatureCommand(data); - ResponseAPDU response = communicate(command); + ResponseApdu response = communicate(command); - if (response.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Failed to sign", response.getSW()); + if (!response.isSuccess()) { + throw new CardException("Failed to sign", response.getSw()); } if (!mOpenPgpCapabilities.isPw1ValidForMultipleSignatures()) { @@ -750,7 +748,7 @@ public class SecurityTokenConnection { * @return response from the card * @throws IOException */ - ResponseAPDU communicate(CommandAPDU apdu) throws IOException { + ResponseApdu communicate(CommandAPDU apdu) throws IOException { if ((mSecureMessaging != null) && mSecureMessaging.isEstablished()) { try { apdu = mSecureMessaging.encryptAndSign(apdu); @@ -760,7 +758,7 @@ public class SecurityTokenConnection { } } - ResponseAPDU lastResponse = null; + ResponseApdu lastResponse = null; // Transmit if (mCardCapabilities.hasExtended()) { lastResponse = mTransport.transceive(apdu); @@ -774,8 +772,8 @@ public class SecurityTokenConnection { lastResponse = mTransport.transceive(chainedApdu); boolean isLastCommand = i < totalCommands - 1; - if (isLastCommand && lastResponse.getSW() != APDU_SW_SUCCESS) { - throw new UsbTransportException("Failed to chain apdu (last SW: " + lastResponse.getSW() + ")"); + if (isLastCommand && !lastResponse.isSuccess()) { + throw new UsbTransportException("Failed to chain apdu (last SW: " + lastResponse.getSw() + ")"); } } } @@ -787,17 +785,17 @@ public class SecurityTokenConnection { result.write(lastResponse.getData()); // Receive - while (lastResponse.getSW1() == APDU_SW1_RESPONSE_AVAILABLE) { + while (lastResponse.getSw1() == APDU_SW1_RESPONSE_AVAILABLE) { // GET RESPONSE ISO/IEC 7816-4 par.7.6.1 - CommandAPDU getResponse = commandFactory.createGetResponseCommand(lastResponse.getSW2()); + CommandAPDU getResponse = commandFactory.createGetResponseCommand(lastResponse.getSw2()); lastResponse = mTransport.transceive(getResponse); result.write(lastResponse.getData()); } - result.write(lastResponse.getSW1()); - result.write(lastResponse.getSW2()); + result.write(lastResponse.getSw1()); + result.write(lastResponse.getSw2()); - lastResponse = new ResponseAPDU(result.toByteArray()); + lastResponse = ResponseApdu.fromBytes(result.toByteArray()); if ((mSecureMessaging != null) && mSecureMessaging.isEstablished()) { try { @@ -817,7 +815,7 @@ public class SecurityTokenConnection { // By trying to select any apps that have the Fidesmo AID prefix we can // see if it is a Fidesmo device or not CommandAPDU apdu = commandFactory.createSelectFileCommand(FIDESMO_APPS_AID_PREFIX); - return communicate(apdu).getSW() == APDU_SW_SUCCESS; + return communicate(apdu).isSuccess(); } catch (IOException e) { Log.e(Constants.TAG, "Card communication failed!", e); } @@ -849,9 +847,9 @@ public class SecurityTokenConnection { } CommandAPDU apdu = commandFactory.createGenerateKeyCommand(slot); - ResponseAPDU response = communicate(apdu); + ResponseApdu response = communicate(apdu); - if (response.getSW() != APDU_SW_SUCCESS) { + if (!response.isSuccess()) { throw new IOException("On-card key generation failed"); } @@ -868,9 +866,9 @@ public class SecurityTokenConnection { byte[] pin = "XXXXXX".getBytes(); for (int i = 0; i <= 4; i++) { // Command APDU for VERIFY command (page 32) - ResponseAPDU response = communicate(commandFactory.createVerifyPw1ForSignatureCommand(pin)); - if (response.getSW() == APDU_SW_SUCCESS) { - throw new CardException("Should never happen, XXXXXX has been accepted!", response.getSW()); + ResponseApdu response = communicate(commandFactory.createVerifyPw1ForSignatureCommand(pin)); + if (response.isSuccess()) { + throw new CardException("Should never happen, XXXXXX has been accepted!", response.getSw()); } } @@ -878,9 +876,9 @@ public class SecurityTokenConnection { byte[] adminPin = "XXXXXXXX".getBytes(); for (int i = 0; i <= 4; i++) { // Command APDU for VERIFY command (page 32) - ResponseAPDU response = communicate(commandFactory.createVerifyPw3Command(adminPin)); - if (response.getSW() == APDU_SW_SUCCESS) { // Should NOT accept! - throw new CardException("Should never happen, XXXXXXXX has been accepted", response.getSW()); + ResponseApdu response = communicate(commandFactory.createVerifyPw3Command(adminPin)); + if (response.isSuccess()) { // Should NOT accept! + throw new CardException("Should never happen, XXXXXXXX has been accepted", response.getSw()); } } @@ -892,13 +890,13 @@ public class SecurityTokenConnection { // If a token is in a bad state and reactivate1 fails, it could still be reactivated with reactivate2 CommandAPDU reactivate1 = commandFactory.createReactivate1Command(); CommandAPDU reactivate2 = commandFactory.createReactivate2Command(); - ResponseAPDU response1 = communicate(reactivate1); - ResponseAPDU response2 = communicate(reactivate2); - if (response1.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Reactivating failed!", response1.getSW()); + ResponseApdu response1 = communicate(reactivate1); + ResponseApdu response2 = communicate(reactivate2); + if (!response1.isSuccess()) { + throw new CardException("Reactivating failed!", response1.getSw()); } - if (response2.getSW() != APDU_SW_SUCCESS) { - throw new CardException("Reactivating failed!", response2.getSW()); + if (!response2.isSuccess()) { + throw new CardException("Reactivating failed!", response2.getSw()); } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/Transport.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/Transport.java index 00fb4db07..c336b4264 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/Transport.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/Transport.java @@ -18,7 +18,6 @@ package org.sufficientlysecure.keychain.securitytoken; import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; import java.io.IOException; @@ -32,7 +31,7 @@ public interface Transport { * @return received data * @throws IOException */ - ResponseAPDU transceive(CommandAPDU data) throws IOException; + ResponseApdu transceive(CommandAPDU data) throws IOException; /** * Disconnect and release connection diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java index cd6412560..a37bff476 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/usb/UsbTransport.java @@ -30,7 +30,7 @@ import android.util.Pair; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.securitytoken.Transport; import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; +import org.sufficientlysecure.keychain.securitytoken.ResponseApdu; import org.sufficientlysecure.keychain.securitytoken.usb.tpdu.T1ShortApduProtocol; import org.sufficientlysecure.keychain.securitytoken.usb.tpdu.T1TpduProtocol; import org.sufficientlysecure.keychain.util.Log; @@ -183,8 +183,8 @@ public class UsbTransport implements Transport { * @return received data */ @Override - public ResponseAPDU transceive(CommandAPDU data) throws UsbTransportException { - return new ResponseAPDU(ccidTransportProtocol.transceive(data.getBytes())); + public ResponseApdu transceive(CommandAPDU data) throws UsbTransportException { + return ResponseApdu.fromBytes(ccidTransportProtocol.transceive(data.getBytes())); } @Override