From 5aa36b089f09346787e44f9850924faae1fda363 Mon Sep 17 00:00:00 2001
From: hsm <hsm@lamia.panaceas.james.local>
Date: Sun, 29 May 2016 03:12:09 +0100
Subject: ssh authentication support

---
 .../securitytoken/SecurityTokenHelper.java         | 31 ++++++++++++++++------
 1 file changed, 23 insertions(+), 8 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
index bc1c42f7f..deee6366f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java
@@ -513,9 +513,11 @@ public class SecurityTokenHelper {
      * @param hash the hash for signing
      * @return a big integer representing the MPI for the given hash
      */
-    public byte[] calculateSignature(byte[] hash, int hashAlgo) throws IOException {
+    public byte[] calculateSignature(byte[] hash, int hashAlgo, boolean useAuthKey) throws IOException {
         if (!mPw1ValidatedForSignature) {
-            verifyPin(0x81); // (Verify PW1 with mode 81 for signing)
+            // (Verify PW1 with mode 81 for signing)
+            // (Verify PW1 with mode 82 for auth)
+            verifyPin(useAuthKey ? 0x82 : 0x81); 
         }
 
         // dsi, including Lc
@@ -525,7 +527,7 @@ public class SecurityTokenHelper {
         switch (hashAlgo) {
             case HashAlgorithmTags.SHA1:
                 if (hash.length != 20) {
-                    throw new IOException("Bad hash length (" + hash.length + ", expected 10!");
+                    throw new IOException("Bad hash length (" + hash.length + ", expected 20!");
                 }
                 dsi = "23" // Lc
                         + "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
@@ -568,11 +570,24 @@ public class SecurityTokenHelper {
                 throw new IOException("Not supported hash algo!");
         }
 
-        // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
-        String apdu =
-                "002A9E9A" // CLA, INS, P1, P2
-                        + dsi // digital signature input
-                        + "00"; // Le
+        String apdu;
+
+        if (!useAuthKey) {
+            // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
+            apdu =
+                    "002A9E9A" // CLA, INS, P1, P2
+                            + dsi // digital signature input
+                            + "00"; // Le
+
+        } else {
+            // Command APDU for INTERNAL AUTHENTICATE (page 55)
+            // This command doesn't take /
+            apdu =
+                    "00880000" // CLA, INS, P1, P2
+                            + dsi  // digital signature input, card does PKCS#1
+                            + "00"; // Le
+
+        }
 
         String response = communicate(apdu);
 
-- 
cgit v1.2.3