ssh authentication supportHEAD master

author: hsm <hsm@lamia.panaceas.james.local> 2016-05-29 03:12:09 +0100
committer: hsm <hsm@lamia.panaceas.james.local> 2016-05-29 04:47:15 +0100
commit: 5aa36b089f09346787e44f9850924faae1fda363 (patch)
tree: 0f14297dedecb42af771743241a0ed7ee78f308c /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken
parent: 24b92172be818c7ee67a235ad8403f01a4495987 (diff)
download: open-keychain-master.tar.gz
open-keychain-master.tar.bz2
open-keychain-master.zip
1 files changed, 23 insertions, 8 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
index bc1c42f7f..deee6366f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
@@ -513,9 +513,11 @@ public class SecurityTokenHelper {
      * @param hash the hash for signing
      * @return a big integer representing the MPI for the given hash
      */
-    public byte[] calculateSignature(byte[] hash, int hashAlgo) throws IOException {
+    public byte[] calculateSignature(byte[] hash, int hashAlgo, boolean useAuthKey) throws IOException {
         if (!mPw1ValidatedForSignature) {
-            verifyPin(0x81); // (Verify PW1 with mode 81 for signing)
+            // (Verify PW1 with mode 81 for signing)
+            // (Verify PW1 with mode 82 for auth)
+            verifyPin(useAuthKey ? 0x82 : 0x81); 
         }
 
         // dsi, including Lc
@@ -525,7 +527,7 @@ public class SecurityTokenHelper {
         switch (hashAlgo) {
             case HashAlgorithmTags.SHA1:
                 if (hash.length != 20) {
-                    throw new IOException("Bad hash length (" + hash.length + ", expected 10!");
+                    throw new IOException("Bad hash length (" + hash.length + ", expected 20!");
                 }
                 dsi = "23" // Lc
                         + "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
@@ -568,11 +570,24 @@ public class SecurityTokenHelper {
                 throw new IOException("Not supported hash algo!");
         }
 
-        // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
-        String apdu =
-                "002A9E9A" // CLA, INS, P1, P2
-                        + dsi // digital signature input
-                        + "00"; // Le
+        String apdu;
+
+        if (!useAuthKey) {
+            // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
+            apdu =
+                    "002A9E9A" // CLA, INS, P1, P2
+                            + dsi // digital signature input
+                            + "00"; // Le
+
+        } else {
+            // Command APDU for INTERNAL AUTHENTICATE (page 55)
+            // This command doesn't take /
+            apdu =
+                    "00880000" // CLA, INS, P1, P2
+                            + dsi  // digital signature input, card does PKCS#1
+                            + "00"; // Le
+
+        }
 
         String response = communicate(apdu);
author	hsm <hsm@lamia.panaceas.james.local>	2016-05-29 03:12:09 +0100
committer	hsm <hsm@lamia.panaceas.james.local>	2016-05-29 04:47:15 +0100
commit	5aa36b089f09346787e44f9850924faae1fda363 (patch)
tree	0f14297dedecb42af771743241a0ed7ee78f308c /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken
parent	24b92172be818c7ee67a235ad8403f01a4495987 (diff)
download	open-keychain-master.tar.gz open-keychain-master.tar.bz2 open-keychain-master.zip