summaryrefslogtreecommitdiffstatsabout
path: root/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
diff options
context:
space:
mode:
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java31
1 files changed, 23 insertions, 8 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
index bc1c42f..deee636 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
@@ -513,9 +513,11 @@ public class SecurityTokenHelper {
* @param hash the hash for signing
* @return a big integer representing the MPI for the given hash
*/
- public byte[] calculateSignature(byte[] hash, int hashAlgo) throws IOException {
+ public byte[] calculateSignature(byte[] hash, int hashAlgo, boolean useAuthKey) throws IOException {
if (!mPw1ValidatedForSignature) {
- verifyPin(0x81); // (Verify PW1 with mode 81 for signing)
+ // (Verify PW1 with mode 81 for signing)
+ // (Verify PW1 with mode 82 for auth)
+ verifyPin(useAuthKey ? 0x82 : 0x81);
}
// dsi, including Lc
@@ -525,7 +527,7 @@ public class SecurityTokenHelper {
switch (hashAlgo) {
case HashAlgorithmTags.SHA1:
if (hash.length != 20) {
- throw new IOException("Bad hash length (" + hash.length + ", expected 10!");
+ throw new IOException("Bad hash length (" + hash.length + ", expected 20!");
}
dsi = "23" // Lc
+ "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
@@ -568,11 +570,24 @@ public class SecurityTokenHelper {
throw new IOException("Not supported hash algo!");
}
- // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
- String apdu =
- "002A9E9A" // CLA, INS, P1, P2
- + dsi // digital signature input
- + "00"; // Le
+ String apdu;
+
+ if (!useAuthKey) {
+ // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
+ apdu =
+ "002A9E9A" // CLA, INS, P1, P2
+ + dsi // digital signature input
+ + "00"; // Le
+
+ } else {
+ // Command APDU for INTERNAL AUTHENTICATE (page 55)
+ // This command doesn't take /
+ apdu =
+ "00880000" // CLA, INS, P1, P2
+ + dsi // digital signature input, card does PKCS#1
+ + "00"; // Le
+
+ }
String response = communicate(apdu);