diff options
author | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-11-13 10:28:00 +0000 |
---|---|---|
committer | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-11-13 10:28:00 +0000 |
commit | 5406f90edc47fecff0ff9a00b64b8740b6ac02f8 (patch) | |
tree | f1d19b816ee63cf4d845ea96524f775fb86a9f63 /smcc/src/main/java/at/gv/egiz | |
parent | 68651bf67987905980734f5c2199f337a232f427 (diff) | |
download | mocca-5406f90edc47fecff0ff9a00b64b8740b6ac02f8.tar.gz mocca-5406f90edc47fecff0ff9a00b64b8740b6ac02f8.tar.bz2 mocca-5406f90edc47fecff0ff9a00b64b8740b6ac02f8.zip |
SHA-2 disabled for the moment.
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@542 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'smcc/src/main/java/at/gv/egiz')
-rw-r--r-- | smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index 880cab4b..9047fa54 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -308,11 +308,26 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu MessageDigest md = null; try { - if (version < 1.2 && (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg))) { + if (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg)) { // local key ID '02' version '00' dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x02, (byte) 0x00}); - // algorithm ID ECDSA with SHA-1 - dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10}); + if (version < 1.2) { + // algorithm ID ECDSA with SHA-1 + dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10}); + } else { + // portable algorithm reference + dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04}); + // hash template + ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x10}; + } + md = MessageDigest.getInstance("SHA-1"); + } else if (version >= 1.2 && "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg)) { + // local key ID '03' version '00' + dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x03, (byte) 0x00}); + // portable algorithm reference + dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x02}); + // hash template + ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x10}; md = MessageDigest.getInstance("SHA-1"); } else if (version >= 1.2 && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(alg)) { // local key ID '02' version '00' @@ -331,7 +346,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x40}; md = MessageDigest.getInstance("SHA256"); } else { - throw new SignatureCardException("e-card versio " + version + " does not support signature algorithm " + alg + "."); + throw new SignatureCardException("e-card version " + version + " does not support signature algorithm " + alg + "."); } } catch (NoSuchAlgorithmException e) { log.error("Failed to get MessageDigest.", e); @@ -361,16 +376,16 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu verifyPINLoop(channel, spec, provider); // MANAGE SECURITY ENVIRONMENT : SET DST execMSE(channel, 0x41, 0xb6, dst.toByteArray()); - if (ht != null) { - // PERFORM SECURITY OPERATION : SET HT - execMSE(channel, 0x41, 0xaa, ht); - } if (version < 1.2) { // PERFORM SECURITY OPERATION : HASH execPSO_HASH(channel, digest); // PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATURE return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel, null); } else { + if (ht != null) { + // PERFORM SECURITY OPERATION : SET HT + execMSE(channel, 0x41, 0xaa, ht); + } // PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATURE return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel, digest); } @@ -384,7 +399,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu execSELECT_AID(channel, AID_DF_GS); // MANAGE SECURITY ENVIRONMENT : SET DST execMSE(channel, 0x41, 0xb6, dst.toByteArray()); - if (ht != null) { + if (version >= 1.2 && ht != null) { // PERFORM SECURITY OPERATION : SET HT execMSE(channel, 0x41, 0xaa, ht); } |