From 3d1d26899707e453147e3c1b27894d367516b23b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 8 Mar 2016 02:27:56 +0100
Subject: Add nfcGenerateOnCardKey by Joey Castillo before it gets lost

---
 .../ui/base/BaseSecurityTokenNfcActivity.java      | 42 ++++++++++++++++++++++
 1 file changed, 42 insertions(+)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java
index c3352363a..dc5e583af 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java
@@ -933,6 +933,48 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen
         Arrays.fill(dataToSend, (byte) 0);
     }
 
+    /**
+     * Generates a key on the card in the given slot. If the slot is 0xB6 (the signature key),
+     * this command also has the effect of resetting the digital signature counter.
+     * NOTE: This does not set the key fingerprint data object! After calling this command, you
+     * must construct a public key packet using the returned public key data objects, compute the
+     * key fingerprint, and store it on the card using the nfcSetFingerprint method.
+     *
+     * @param slot The slot on the card where the key should be generated:
+     *             0xB6: Signature Key
+     *             0xB8: Decipherment Key
+     *             0xA4: Authentication Key
+     * @return the public key data objects, in TLV format. For RSA this will be the public modulus
+     * (0x81) and exponent (0x82). These may come out of order; proper TLV parsing is required.
+     *
+     * TODO: nfcSetFingerprint missing.
+     */
+    public byte[] nfcGenerateOnCardKey(int slot) throws IOException {
+        if (slot != 0xB6 && slot != 0xB8 && slot != 0xA4) {
+            throw new IOException("Invalid key slot");
+        }
+
+        if (!mPw3Validated) {
+            nfcVerifyPIN(0x83); // (Verify PW1 with mode 82 for decryption)
+        }
+
+        String generateKeyApdu = "0047800002" + String.format("%02x", slot) + "0000";
+        String getResponseApdu = "00C00000";
+
+        String first = nfcCommunicate(generateKeyApdu);
+        String second = nfcCommunicate(getResponseApdu);
+
+        if (!second.endsWith("9000")) {
+            throw new IOException("On-card key generation failed");
+        }
+
+        String publicKeyData = nfcGetDataField(first) + nfcGetDataField(second);
+
+        Log.d(Constants.TAG, "Public Key Data Objects: " + publicKeyData);
+
+        return Hex.decode(publicKeyData);
+    }
+
     /**
      * Parses out the status word from a JavaCard response string.
      *
-- 
cgit v1.2.3