summaryrefslogtreecommitdiff
path: root/smcc/src/main
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2011-08-30 10:30:26 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2011-08-30 10:30:26 +0000
commitf1cba2de17ba136292291f38021dd8c9f10de740 (patch)
tree261d2e93486177b034b77fd6bd9c930ef699f2d6 /smcc/src/main
parent129f553d078f7c264fdaec2fa6e6c370a95a4cef (diff)
downloadmocca-f1cba2de17ba136292291f38021dd8c9f10de740.tar.gz
mocca-f1cba2de17ba136292291f38021dd8c9f10de740.tar.bz2
mocca-f1cba2de17ba136292291f38021dd8c9f10de740.zip
smcc update for ECDSA/RIPEMD160
* RIPEMD160 support for old cards which don't support SHA-256 yet * Rename CERITIFIED_KEYPAIR -> CERTIFIED_KEYPAIR git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@960 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'smcc/src/main')
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java12
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java31
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SWCard.java6
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java6
4 files changed, 39 insertions, 16 deletions
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
index 70a1e06c..6af5aac8 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
@@ -224,7 +224,7 @@ PINMgmtSignatureCard {
if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
aid = AID_SIG;
fid = EF_C_CH_DS;
- } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ } else if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
aid = AID_DEC;
fid = EF_C_CH_EKEY;
} else {
@@ -286,7 +286,7 @@ PINMgmtSignatureCard {
&& (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg))) {
dst.write((byte) 0x14); // SHA-1/ECC
md = MessageDigest.getInstance("SHA-1");
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)
&& (alg == null || "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg))) {
dst.write((byte) 0x12); // SHA-1 with padding according to PKCS#1 block type 01
md = MessageDigest.getInstance("SHA-1");
@@ -295,11 +295,15 @@ PINMgmtSignatureCard {
&& "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(alg)) {
dst.write((byte) 0x44); // SHA-256/ECC
md = MessageDigest.getInstance("SHA256");
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)
&& appVersion >= 2
&& "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(alg)) {
dst.write((byte) 0x41); // SHA-256 with padding according to PKCS#1
md = MessageDigest.getInstance("SHA256");
+ } else if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)
+ && "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160".equals(alg)) {
+ dst.write((byte) 0x14); // No RIPEMD support - use SHA-1/ECC
+ md = MessageDigest.getInstance("RIPEMD160");
} else {
throw new SignatureCardException("Card does not support signature algorithm " + alg + ".");
}
@@ -331,7 +335,7 @@ PINMgmtSignatureCard {
// PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATRE
return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel);
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)) {
// SELECT application
execSELECT_AID(channel, AID_DEC);
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
index da016d29..1de5c75c 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
@@ -194,7 +194,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
aid = AID_DF_SS;
fid = EF_C_X509_CH_DS;
- } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ } else if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
aid = AID_DF_GS;
fid = EF_C_X509_CH_AUT;
} else {
@@ -357,10 +357,12 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
byte[] ht = null;
MessageDigest md = null;
+
+ dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80});
try {
if (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg)) {
// local key ID '02' version '00'
- dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x02, (byte) 0x00});
+ dst.write(new byte[] {(byte) 0x02, (byte) 0x00});
if (version < 1.2) {
// algorithm ID ECDSA with SHA-1
dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10});
@@ -373,7 +375,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
md = MessageDigest.getInstance("SHA-1");
} else if (version >= 1.2 && "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg)) {
// local key ID '03' version '00'
- dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x03, (byte) 0x00});
+ dst.write(new byte[] {(byte) 0x03, (byte) 0x00});
// portable algorithm reference
dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x02});
// hash template
@@ -381,7 +383,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
md = MessageDigest.getInstance("SHA-1");
} else if (version >= 1.2 && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(alg)) {
// local key ID '02' version '00'
- dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x02, (byte) 0x00});
+ dst.write(new byte[] {(byte) 0x02, (byte) 0x00});
// portable algorithm reference
dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04});
// hash template
@@ -389,12 +391,29 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
md = MessageDigest.getInstance("SHA256");
} else if (version >= 1.2 && "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(alg)) {
// local key ID '03' version '00'
- dst.write(new byte[] {(byte) 0x84, (byte) 0x03, (byte) 0x80, (byte) 0x03, (byte) 0x00});
+ dst.write(new byte[] {(byte) 0x03, (byte) 0x00});
// portable algorithm reference
dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x02});
// hash template
ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x40};
md = MessageDigest.getInstance("SHA256");
+ } else if ("http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160".equals(alg)) {
+ // local key ID '02' version '00'
+ dst.write(new byte[] {(byte) 0x02, (byte) 0x00});
+ if (version < 1.2) {
+ // algorithm ID ECDSA with RIPEMD160 doesn't work
+ //dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x20});
+ // algorithm ID ECDSA with SHA-1
+ dst.write(new byte[] {(byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10});
+ } else {
+ // portable algorithm reference
+ dst.write(new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x04});
+ // hash template (SHA-1 - no EF_ALIAS for RIPEMD160)
+ //ht = new byte[] {(byte) 0x80, (byte) 0x01, (byte) 0x10};
+ // hash template for RIPEMD160
+ ht = new byte[] {(byte) 0x89, (byte) 0x02, (byte) 0x14, (byte) 0x30};
+ }
+ md = MessageDigest.getInstance("RIPEMD160");
} else {
throw new SignatureCardException("e-card version " + version + " does not support signature algorithm " + alg + ".");
}
@@ -439,7 +458,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu
}
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
+ } else if (KeyboxName.CERTIFIED_KEYPAIR.equals(keyboxName)) {
// SELECT application
execSELECT_AID(channel, AID_DF_GS);
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
index a0a7523d..273fb779 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
@@ -227,7 +227,7 @@ public class SWCard implements SignatureCard {
private KeyStore getKeyStore(KeyboxName keyboxName, char[] password) throws SignatureCardException {
- if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
if (certifiedKeyStore == null) {
certifiedKeyStore = loadKeyStore(KEYSTORE_CERTIFIED_KEYPAIR, password);
}
@@ -245,7 +245,7 @@ public class SWCard implements SignatureCard {
private char[] getPassword(KeyboxName keyboxName) throws SignatureCardException {
- if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
if (certifiedKeyStorePassword == null) {
certifiedKeyStorePassword = loadKeyStorePassword(KEYSTORE_PASSWORD_CERTIFIED_KEYPAIR);
}
@@ -265,7 +265,7 @@ public class SWCard implements SignatureCard {
throws SignatureCardException {
try {
- if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+ if (keyboxName == KeyboxName.CERTIFIED_KEYPAIR) {
if (certifiedCertificate == null) {
certifiedCertificate = loadCertificate(CERTIFICATE_CERTIFIED_KEYPAIR);
}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
index ea389d41..56ae7b74 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
@@ -39,7 +39,7 @@ public interface SignatureCard {
public static KeyboxName SECURE_SIGNATURE_KEYPAIR = new KeyboxName(
"SecureSignatureKeypair");
- public static KeyboxName CERITIFIED_KEYPAIR = new KeyboxName(
+ public static KeyboxName CERTIFIED_KEYPAIR = new KeyboxName(
"CertifiedKeypair");
private String keyboxName_;
@@ -51,8 +51,8 @@ public interface SignatureCard {
public static KeyboxName getKeyboxName(String keyBox) {
if (SECURE_SIGNATURE_KEYPAIR.equals(keyBox)) {
return SECURE_SIGNATURE_KEYPAIR;
- } else if (CERITIFIED_KEYPAIR.equals(keyBox)) {
- return CERITIFIED_KEYPAIR;
+ } else if (CERTIFIED_KEYPAIR.equals(keyBox)) {
+ return CERTIFIED_KEYPAIR;
} else {
return new KeyboxName(keyBox);
}