diff options
| author | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-04-15 09:49:09 +0200 |
|---|---|---|
| committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-04-15 09:49:09 +0200 |
| commit | 284ae594bb21c32df8741afa9464a36b150171d5 (patch) | |
| tree | b49d337a1b9d1a6901fb8c7218bb3b8bc065fbc5 | |
| parent | ddeb88e72aaddd2f2b33c9b5eb06d6f3b79729f3 (diff) | |
| parent | f85befd98284663bf58cf9eb42238e2f0f4b2459 (diff) | |
| download | open-keychain-284ae594bb21c32df8741afa9464a36b150171d5.tar.gz open-keychain-284ae594bb21c32df8741afa9464a36b150171d5.tar.bz2 open-keychain-284ae594bb21c32df8741afa9464a36b150171d5.zip | |
Merge pull request #1200 from josecastillo/development
Fix for NFC signing operations: move PIN verify inside sign/decrypt operation and set correct mode.
| -rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java index 9b10ccdb1..b36b9b89e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java @@ -185,25 +185,6 @@ public abstract class BaseNfcActivity extends BaseActivity { throw new IOException("Initialization failed!"); } - if (mPin != null) { - - byte[] pin = new String(mPin.getCharArray()).getBytes(); - - // Command APDU for VERIFY command (page 32) - String login = - "00" // CLA - + "20" // INS - + "00" // P1 - + "82" // P2 (PW1) - + String.format("%02x", pin.length) // Lc - + Hex.toHexString(pin); - if (!nfcCommunicate(login).equals(accepted)) { // login - handlePinError(); - return; - } - - } - onNfcPerform(); mIsoDep.close(); @@ -320,6 +301,7 @@ public abstract class BaseNfcActivity extends BaseActivity { * @return a big integer representing the MPI for the given hash */ public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException { + nfcVerifyPIN(0x81); // (Verify PW1 with mode 81 for signing) // dsi, including Lc String dsi; @@ -413,6 +395,8 @@ public abstract class BaseNfcActivity extends BaseActivity { * @return the decoded session key */ public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException { + nfcVerifyPIN(0x82); // (Verify PW1 with mode 82 for decryption) + String firstApdu = "102a8086fe"; String secondApdu = "002a808603"; String le = "00"; @@ -436,6 +420,32 @@ public abstract class BaseNfcActivity extends BaseActivity { return Hex.decode(decryptedSessionKey); } + /** Verifies the user's PW1 with the appropriate mode. + * + * @param mode This is 0x81 for signing, 0x82 for everything else + */ + public void nfcVerifyPIN(int mode) throws IOException { + if (mPin != null) { + byte[] pin = new String(mPin.getCharArray()).getBytes(); + // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time. + // See specification, page 51 + String accepted = "9000"; + + // Command APDU for VERIFY command (page 32) + String login = + "00" // CLA + + "20" // INS + + "00" // P1 + + String.format("%02x", mode) // P2 + + String.format("%02x", pin.length) // Lc + + Hex.toHexString(pin); + if (!nfcCommunicate(login).equals(accepted)) { // login + handlePinError(); + throw new IOException("Bad PIN!"); + } + } + } + /** * Prints a message to the screen * |