1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
package org.sufficientlysecure.keychain.javacard;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.util.Passphrase;
import java.io.IOException;
public interface JavacardDevice {
Passphrase getPin();
void setPin(final Passphrase pin);
Passphrase getAdminPin();
void setAdminPin(final Passphrase adminPin);
void changeKey(CanonicalizedSecretKey secretKey, Passphrase passphrase) throws IOException;
boolean containsKey(KeyType keyType) throws IOException;
boolean keyMatchesFingerPrint(KeyType keyType, byte[] fingerprint) throws IOException;
void connectToDevice() throws IOException;
/**
* Modifies the user's PW1 or PW3. Before sending, the new PIN will be validated for
* conformance to the card's requirements for key length.
*
* @param pinType For PW1, this is 0x81. For PW3 (Admin PIN), mode is 0x83.
* @param newPin The new PW1 or PW3.
*/
void modifyPin(int pinType, byte[] newPin) throws IOException;
/**
* Calls to calculate the signature and returns the MPI value
*
* @param encryptedSessionKey the encoded session key
* @return the decoded session key
*/
byte[] decryptSessionKey(byte[] encryptedSessionKey) throws IOException;
/**
* Return fingerprints of all keys from application specific data stored
* on tag, or null if data not available.
*
* @return The fingerprints of all subkeys in a contiguous byte array.
*/
byte[] getFingerprints() throws IOException;
byte[] getAid() throws IOException;
String getUserId() throws IOException;
boolean isConnected();
/**
* Calls to calculate the signature and returns the MPI value
*
* @param hash the hash for signing
* @return a big integer representing the MPI for the given hash
*/
byte[] calculateSignature(byte[] hash, int hashAlgo) throws IOException;
boolean isFidesmoToken();
/**
* Return the fingerprint from application specific data stored on tag, or
* null if it doesn't exist.
*
* @param idx Index of the key to return the fingerprint from.
* @return The fingerprint of the requested key, or null if not found.
*/
byte[] getMasterKeyFingerprint(int idx) throws IOException;
/**
* Resets security token, which deletes all keys and data objects.
* This works by entering a wrong PIN and then Admin PIN 4 times respectively.
* Afterwards, the token is reactivated.
*/
void resetAndWipeToken() throws IOException;
/**
* Puts a key on the token in the given slot.
*
* @param slot The slot on the token where the key should be stored:
* 0xB6: Signature Key
* 0xB8: Decipherment Key
* 0xA4: Authentication Key
*/
void putKey(int slot, CanonicalizedSecretKey secretKey, Passphrase passphrase) throws IOException;
/**
* Stores a data object on the token. Automatically validates the proper PIN for the operation.
* Supported for all data objects < 255 bytes in length. Only the cardholder certificate
* (0x7F21) can exceed this length.
*
* @param dataObject The data object to be stored.
* @param data The data to store in the object
*/
void putData(int dataObject, byte[] data) throws IOException;
void setTransport(Transport mTransport);
}
|