diff options
author | tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2011-08-30 10:30:26 +0000 |
---|---|---|
committer | tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2011-08-30 10:30:26 +0000 |
commit | f1cba2de17ba136292291f38021dd8c9f10de740 (patch) | |
tree | 261d2e93486177b034b77fd6bd9c930ef699f2d6 /smcc/src/main | |
parent | 129f553d078f7c264fdaec2fa6e6c370a95a4cef (diff) | |
download | mocca-f1cba2de17ba136292291f38021dd8c9f10de740.tar.gz mocca-f1cba2de17ba136292291f38021dd8c9f10de740.tar.bz2 mocca-f1cba2de17ba136292291f38021dd8c9f10de740.zip |
smcc update for ECDSA/RIPEMD160
* RIPEMD160 support for old cards which don't support SHA-256 yet
* Rename CERITIFIED_KEYPAIR -> CERTIFIED_KEYPAIR
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@960 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'smcc/src/main')
4 files changed, 39 insertions, 16 deletions
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index 70a1e06c..6af5aac8 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -224,7 +224,7 @@ PINMgmtSignatureCard { if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
aid = AID_SIG;
fid = EF_C_CH_DS;
- } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ } else if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
aid = AID_DEC;
fid = EF_C_CH_EKEY;
} else {
@@ -286,7 +286,7 @@ PINMgmtSignatureCard { && (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg))) {
dst.write((byte) 0x14); // SHA-1/ECC
md = MessageDigest.getInstance("SHA-1");
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)
&& (alg == null || "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg))) {
dst.write((byte) 0x12); // SHA-1 with padding according to PKCS#1 block type 01
md = MessageDigest.getInstance("SHA-1");
@@ -295,11 +295,15 @@ PINMgmtSignatureCard { && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(alg)) {
dst.write((byte) 0x44); // SHA-256/ECC
md = MessageDigest.getInstance("SHA256");
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)
&& appVersion >= 2
&& "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(alg)) {
dst.write((byte) 0x41); // SHA-256 with padding according to PKCS#1
md = MessageDigest.getInstance("SHA256");
+ } else if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)
+ && "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160".equals(alg)) {
+ dst.write((byte) 0x14); // No RIPEMD support - use SHA-1/ECC
+ md = MessageDigest.getInstance("RIPEMD160");
} else {
throw new SignatureCardException("Card does not support signature algorithm " + alg + ".");
}
@@ -331,7 +335,7 @@ PINMgmtSignatureCard { // PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATRE
return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel);
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)) {
// SELECT application
execSELECT_AID(channel, AID_DEC);
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index da016d29..1de5c75c 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -194,7 +194,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { aid = AID_DF_SS; fid = EF_C_X509_CH_DS; - } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + } else if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) { aid = AID_DF_GS; fid = EF_C_X509_CH_AUT; } else { @@ -357,10 +357,12 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu byte[] ht = null; MessageDigest md = null; + + dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80}); try { if (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg)) { // local key ID '02' version '00' - dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x02, (byte) 0x00}); + dst.write(new byte[] {(byte) 0x02, (byte) 0x00}); if (version < 1.2) { // algorithm ID ECDSA with SHA-1 dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10}); @@ -373,7 +375,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu md = MessageDigest.getInstance("SHA-1"); } else if (version >= 1.2 && "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg)) { // local key ID '03' version '00' - dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x03, (byte) 0x00}); + dst.write(new byte[] {(byte) 0x03, (byte) 0x00}); // portable algorithm reference dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x02}); // hash template @@ -381,7 +383,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu md = MessageDigest.getInstance("SHA-1"); } else if (version >= 1.2 && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(alg)) { // local key ID '02' version '00' - dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x02, (byte) 0x00}); + dst.write(new byte[] {(byte) 0x02, (byte) 0x00}); // portable algorithm reference dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04}); // hash template @@ -389,12 +391,29 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu md = MessageDigest.getInstance("SHA256"); } else if (version >= 1.2 && "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(alg)) { // local key ID '03' version '00' - dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x03, (byte) 0x00}); + dst.write(new byte[] {(byte) 0x03, (byte) 0x00}); // portable algorithm reference dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x02}); // hash template ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x40}; md = MessageDigest.getInstance("SHA256"); + } else if ("http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160".equals(alg)) { + // local key ID '02' version '00' + dst.write(new byte[] {(byte) 0x02, (byte) 0x00}); + if (version < 1.2) { + // algorithm ID ECDSA with RIPEMD160 doesn't work + //dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x20}); + // algorithm ID ECDSA with SHA-1 + dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10}); + } else { + // portable algorithm reference + dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04}); + // hash template (SHA-1 - no EF_ALIAS for RIPEMD160) + //ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x10}; + // hash template for RIPEMD160 + ht = new byte[] {(byte) 0x89, (byte) 0x02, (byte) 0x14, (byte) 0x30}; + } + md = MessageDigest.getInstance("RIPEMD160"); } else { throw new SignatureCardException("e-card version " + version + " does not support signature algorithm " + alg + "."); } @@ -439,7 +458,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu } - } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { + } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)) { // SELECT application execSELECT_AID(channel, AID_DF_GS); diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index a0a7523d..273fb779 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -227,7 +227,7 @@ public class SWCard implements SignatureCard { private KeyStore getKeyStore(KeyboxName keyboxName, char[] password) throws SignatureCardException { - if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) { if (certifiedKeyStore == null) { certifiedKeyStore = loadKeyStore(KEYSTORE_CERTIFIED_KEYPAIR, password); } @@ -245,7 +245,7 @@ public class SWCard implements SignatureCard { private char[] getPassword(KeyboxName keyboxName) throws SignatureCardException { - if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) { if (certifiedKeyStorePassword == null) { certifiedKeyStorePassword = loadKeyStorePassword(KEYSTORE_PASSWORD_CERTIFIED_KEYPAIR); } @@ -265,7 +265,7 @@ public class SWCard implements SignatureCard { throws SignatureCardException { try { - if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) { if (certifiedCertificate == null) { certifiedCertificate = loadCertificate(CERTIFICATE_CERTIFIED_KEYPAIR); } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index ea389d41..56ae7b74 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -39,7 +39,7 @@ public interface SignatureCard { public static KeyboxName SECURE_SIGNATURE_KEYPAIR = new KeyboxName( "SecureSignatureKeypair"); - public static KeyboxName CERITIFIED_KEYPAIR = new KeyboxName( + public static KeyboxName CERTIFIED_KEYPAIR = new KeyboxName( "CertifiedKeypair"); private String keyboxName_; @@ -51,8 +51,8 @@ public interface SignatureCard { public static KeyboxName getKeyboxName(String keyBox) { if (SECURE_SIGNATURE_KEYPAIR.equals(keyBox)) { return SECURE_SIGNATURE_KEYPAIR; - } else if (CERITIFIED_KEYPAIR.equals(keyBox)) { - return CERITIFIED_KEYPAIR; + } else if (CERTIFIED_KEYPAIR.equals(keyBox)) { + return CERTIFIED_KEYPAIR; } else { return new KeyboxName(keyBox); } |