summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2011-08-30 10:30:26 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2011-08-30 10:30:26 +0000
commitf1cba2de17ba136292291f38021dd8c9f10de740 (patch)
tree261d2e93486177b034b77fd6bd9c930ef699f2d6
parent129f553d078f7c264fdaec2fa6e6c370a95a4cef (diff)
downloadmocca-f1cba2de17ba136292291f38021dd8c9f10de740.tar.gz
mocca-f1cba2de17ba136292291f38021dd8c9f10de740.tar.bz2
mocca-f1cba2de17ba136292291f38021dd8c9f10de740.zip
smcc update for ECDSA/RIPEMD160
* RIPEMD160 support for old cards which don't support SHA-256 yet * Rename CERITIFIED_KEYPAIR -> CERTIFIED_KEYPAIR git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@960 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java12
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java31
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SWCard.java6
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java6
-rw-r--r--smcc/src/test/java/at/gv/egiz/smcc/test/AbstractCardTest.java14
-rw-r--r--smcc/src/test/java/at/gv/egiz/smcc/test/AbstractInvalidCardTest.java2
-rw-r--r--smcc/src/test/java/at/gv/egiz/smcc/test/AbstractNotActivatedCardTest.java2
-rw-r--r--smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java4
-rw-r--r--smccTest/pom.xml4
-rw-r--r--smccTest/src/main/java/at/gv/egiz/smcctest/CardTest.java2
10 files changed, 53 insertions, 30 deletions
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
index 70a1e06c..6af5aac8 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
@@ -224,7 +224,7 @@ PINMgmtSignatureCard {
if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
aid = AID_SIG;
fid = EF_C_CH_DS;
- } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ } else if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
aid = AID_DEC;
fid = EF_C_CH_EKEY;
} else {
@@ -286,7 +286,7 @@ PINMgmtSignatureCard {
&& (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg))) {
dst.write((byte) 0x14); // SHA-1/ECC
md = MessageDigest.getInstance("SHA-1");
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)
&& (alg == null || "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg))) {
dst.write((byte) 0x12); // SHA-1 with padding according to PKCS#1 block type 01
md = MessageDigest.getInstance("SHA-1");
@@ -295,11 +295,15 @@ PINMgmtSignatureCard {
&& "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(alg)) {
dst.write((byte) 0x44); // SHA-256/ECC
md = MessageDigest.getInstance("SHA256");
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)
&& appVersion >= 2
&& "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(alg)) {
dst.write((byte) 0x41); // SHA-256 with padding according to PKCS#1
md = MessageDigest.getInstance("SHA256");
+ } else if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)
+ && "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160".equals(alg)) {
+ dst.write((byte) 0x14); // No RIPEMD support - use SHA-1/ECC
+ md = MessageDigest.getInstance("RIPEMD160");
} else {
throw new SignatureCardException("Card does not support signature algorithm " + alg + ".");
}
@@ -331,7 +335,7 @@ PINMgmtSignatureCard {
// PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATRE
return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel);
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)) {
// SELECT application
execSELECT_AID(channel, AID_DEC);
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
index da016d29..1de5c75c 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
@@ -194,7 +194,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
aid = AID_DF_SS;
fid = EF_C_X509_CH_DS;
- } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ } else if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
aid = AID_DF_GS;
fid = EF_C_X509_CH_AUT;
} else {
@@ -357,10 +357,12 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
byte[] ht = null;
MessageDigest md = null;
+
+ dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80});
try {
if (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg)) {
// local key ID '02' version '00'
- dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x02, (byte) 0x00});
+ dst.write(new byte[] {(byte) 0x02, (byte) 0x00});
if (version < 1.2) {
// algorithm ID ECDSA with SHA-1
dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10});
@@ -373,7 +375,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
md = MessageDigest.getInstance("SHA-1");
} else if (version >= 1.2 && "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg)) {
// local key ID '03' version '00'
- dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x03, (byte) 0x00});
+ dst.write(new byte[] {(byte) 0x03, (byte) 0x00});
// portable algorithm reference
dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x02});
// hash template
@@ -381,7 +383,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
md = MessageDigest.getInstance("SHA-1");
} else if (version >= 1.2 && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(alg)) {
// local key ID '02' version '00'
- dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x02, (byte) 0x00});
+ dst.write(new byte[] {(byte) 0x02, (byte) 0x00});
// portable algorithm reference
dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04});
// hash template
@@ -389,12 +391,29 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
md = MessageDigest.getInstance("SHA256");
} else if (version >= 1.2 && "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(alg)) {
// local key ID '03' version '00'
- dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x03, (byte) 0x00});
+ dst.write(new byte[] {(byte) 0x03, (byte) 0x00});
// portable algorithm reference
dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x02});
// hash template
ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x40};
md = MessageDigest.getInstance("SHA256");
+ } else if ("http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160".equals(alg)) {
+ // local key ID '02' version '00'
+ dst.write(new byte[] {(byte) 0x02, (byte) 0x00});
+ if (version < 1.2) {
+ // algorithm ID ECDSA with RIPEMD160 doesn't work
+ //dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x20});
+ // algorithm ID ECDSA with SHA-1
+ dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10});
+ } else {
+ // portable algorithm reference
+ dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04});
+ // hash template (SHA-1 - no EF_ALIAS for RIPEMD160)
+ //ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x10};
+ // hash template for RIPEMD160
+ ht = new byte[] {(byte) 0x89, (byte) 0x02, (byte) 0x14, (byte) 0x30};
+ }
+ md = MessageDigest.getInstance("RIPEMD160");
} else {
throw new SignatureCardException("e-card version " + version + " does not support signature algorithm " + alg + ".");
}
@@ -439,7 +458,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
}
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)) {
// SELECT application
execSELECT_AID(channel, AID_DF_GS);
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
index a0a7523d..273fb779 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
@@ -227,7 +227,7 @@ public class SWCard implements SignatureCard {
private KeyStore getKeyStore(KeyboxName keyboxName, char[] password) throws SignatureCardException {
- if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
if (certifiedKeyStore == null) {
certifiedKeyStore = loadKeyStore(KEYSTORE_CERTIFIED_KEYPAIR, password);
}
@@ -245,7 +245,7 @@ public class SWCard implements SignatureCard {
private char[] getPassword(KeyboxName keyboxName) throws SignatureCardException {
- if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
if (certifiedKeyStorePassword == null) {
certifiedKeyStorePassword = loadKeyStorePassword(KEYSTORE_PASSWORD_CERTIFIED_KEYPAIR);
}
@@ -265,7 +265,7 @@ public class SWCard implements SignatureCard {
throws SignatureCardException {
try {
- if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
if (certifiedCertificate == null) {
certifiedCertificate = loadCertificate(CERTIFICATE_CERTIFIED_KEYPAIR);
}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
index ea389d41..56ae7b74 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
@@ -39,7 +39,7 @@ public interface SignatureCard {
public static KeyboxName SECURE_SIGNATURE_KEYPAIR = new KeyboxName(
"SecureSignatureKeypair");
- public static KeyboxName CERITIFIED_KEYPAIR = new KeyboxName(
+ public static KeyboxName CERTIFIED_KEYPAIR = new KeyboxName(
"CertifiedKeypair");
private String keyboxName_;
@@ -51,8 +51,8 @@ public interface SignatureCard {
public static KeyboxName getKeyboxName(String keyBox) {
if (SECURE_SIGNATURE_KEYPAIR.equals(keyBox)) {
return SECURE_SIGNATURE_KEYPAIR;
- } else if (CERITIFIED_KEYPAIR.equals(keyBox)) {
- return CERITIFIED_KEYPAIR;
+ } else if (CERTIFIED_KEYPAIR.equals(keyBox)) {
+ return CERTIFIED_KEYPAIR;
} else {
return new KeyboxName(keyBox);
}
diff --git a/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractCardTest.java
index f47afcfa..28ad9090 100644
--- a/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractCardTest.java
+++ b/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractCardTest.java
@@ -62,7 +62,7 @@ public abstract class AbstractCardTest extends AbstractCardTestBase {
byte[] certificateGSRef = (byte[]) applicationContext.getBean("certificateGS", byte[].class);
- byte[] certificateGS = signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR, null);
+ byte[] certificateGS = signatureCard.getCertificate(KeyboxName.CERTIFIED_KEYPAIR, null);
assertArrayEquals(certificateGSRef, certificateGS);
@@ -113,7 +113,7 @@ public abstract class AbstractCardTest extends AbstractCardTestBase {
byte[] signature = signatureCard.createSignature(new ByteArrayInputStream("MOCCA"
.getBytes("ASCII")),
- KeyboxName.CERITIFIED_KEYPAIR, new SMCCTestPINProvider(pin), null);
+ KeyboxName.CERTIFIED_KEYPAIR, new SMCCTestPINProvider(pin), null);
assertNotNull(signature);
@@ -126,7 +126,7 @@ public abstract class AbstractCardTest extends AbstractCardTestBase {
byte[] signature = signatureCard.createSignature(new ByteArrayInputStream("MOCCA"
.getBytes("ASCII")),
- KeyboxName.CERITIFIED_KEYPAIR, new SMCCTestPINProvider(pin), null);
+ KeyboxName.CERTIFIED_KEYPAIR, new SMCCTestPINProvider(pin), null);
assertNotNull(signature);
@@ -140,7 +140,7 @@ public abstract class AbstractCardTest extends AbstractCardTestBase {
PINGUI pinProvider = new CancelPINProvider();
signatureCard.createSignature(new ByteArrayInputStream(MOCCA),
- KeyboxName.CERITIFIED_KEYPAIR, pinProvider, null);
+ KeyboxName.CERTIFIED_KEYPAIR, pinProvider, null);
}
@@ -164,7 +164,7 @@ public abstract class AbstractCardTest extends AbstractCardTestBase {
PINGUI pinProvider = new InterruptPINProvider();
signatureCard.createSignature(new ByteArrayInputStream(MOCCA),
- KeyboxName.CERITIFIED_KEYPAIR, pinProvider, null);
+ KeyboxName.CERTIFIED_KEYPAIR, pinProvider, null);
}
@@ -206,7 +206,7 @@ public abstract class AbstractCardTest extends AbstractCardTestBase {
throws CancelledException, InterruptedException {
try {
- signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR, null);
+ signatureCard.getCertificate(KeyboxName.CERTIFIED_KEYPAIR, null);
assertTrue(false);
return null;
} catch (SignatureCardException e) {
@@ -217,7 +217,7 @@ public abstract class AbstractCardTest extends AbstractCardTestBase {
};
signatureCard.createSignature(new ByteArrayInputStream(MOCCA),
- KeyboxName.CERITIFIED_KEYPAIR, pinProvider, null);
+ KeyboxName.CERTIFIED_KEYPAIR, pinProvider, null);
}
diff --git a/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractInvalidCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractInvalidCardTest.java
index d9aa4b87..e586f951 100644
--- a/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractInvalidCardTest.java
+++ b/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractInvalidCardTest.java
@@ -50,7 +50,7 @@ public abstract class AbstractInvalidCardTest extends AbstractCardTestBase {
}
try {
- signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR, null);
+ signatureCard.getCertificate(KeyboxName.CERTIFIED_KEYPAIR, null);
fail();
} catch (SignatureCardException e) {
// expected
diff --git a/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractNotActivatedCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractNotActivatedCardTest.java
index 53eb6692..fb86a773 100644
--- a/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractNotActivatedCardTest.java
+++ b/smcc/src/test/java/at/gv/egiz/smcc/test/AbstractNotActivatedCardTest.java
@@ -56,7 +56,7 @@ public abstract class AbstractNotActivatedCardTest extends AbstractCardTestBase
}
try {
- signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR, null);
+ signatureCard.getCertificate(KeyboxName.CERTIFIED_KEYPAIR, null);
fail();
} catch (NotActivatedException e) {
// expected
diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
index 94de392e..7e1b42fe 100644
--- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
+++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java
@@ -72,11 +72,11 @@ public class InfoBoxReadRequestHandler extends AbstractRequestHandler {
InfoboxReadResponse stalResp = new InfoboxReadResponse();
stalResp.setInfoboxValue(resp);
return stalResp;
- } else if (SignatureCard.KeyboxName.CERITIFIED_KEYPAIR.equals(infoBox
+ } else if (SignatureCard.KeyboxName.CERTIFIED_KEYPAIR.equals(infoBox
.getInfoboxIdentifier())) {
log.debug("Handling certified keypair infobox.");
byte[] resp = card
- .getCertificate(SignatureCard.KeyboxName.CERITIFIED_KEYPAIR, new VerifyPINGUI(gui));
+ .getCertificate(SignatureCard.KeyboxName.CERTIFIED_KEYPAIR, new VerifyPINGUI(gui));
if (resp == null) {
return new ErrorResponse(6001);
}
diff --git a/smccTest/pom.xml b/smccTest/pom.xml
index fc4ceaa4..a7d2df92 100644
--- a/smccTest/pom.xml
+++ b/smccTest/pom.xml
@@ -3,11 +3,11 @@
<parent>
<artifactId>mocca</artifactId>
<groupId>at.gv.egiz</groupId>
- <version>1.3.5-SNAPSHOT</version>
+ <version>1.3.6-SNAPSHOT</version>
</parent>
<groupId>at.gv.egiz</groupId>
<artifactId>smccTest</artifactId>
- <version>1.3.5-SNAPSHOT</version>
+ <version>1.3.6-SNAPSHOT</version>
<name>SMCC Test</name>
<description>Card Terminal and Smart Card Tests</description>
<build>
diff --git a/smccTest/src/main/java/at/gv/egiz/smcctest/CardTest.java b/smccTest/src/main/java/at/gv/egiz/smcctest/CardTest.java
index 1f079528..b25370a4 100644
--- a/smccTest/src/main/java/at/gv/egiz/smcctest/CardTest.java
+++ b/smccTest/src/main/java/at/gv/egiz/smcctest/CardTest.java
@@ -47,7 +47,7 @@ import at.gv.egiz.smcc.util.SMCCHelper;
public class CardTest {
- private static KeyboxName[] keyboxNames = { KeyboxName.SECURE_SIGNATURE_KEYPAIR, KeyboxName.CERITIFIED_KEYPAIR };
+ private static KeyboxName[] keyboxNames = { KeyboxName.SECURE_SIGNATURE_KEYPAIR, KeyboxName.CERTIFIED_KEYPAIR };
private static String[] infoboxes = { "IdentityLink" };