From 3c5764d120dd32d73d9561974cf1ca61f0cc26dd Mon Sep 17 00:00:00 2001
From: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Tue, 3 Sep 2013 15:39:07 +0000
Subject: Fixed error in PKCS1 Padding for Gemalto NET 2

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1203 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/smcc/GemaltoNetV2_0Card.java   | 31 ++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

(limited to 'smcc/src')

diff --git a/smcc/src/main/java/at/gv/egiz/smcc/GemaltoNetV2_0Card.java b/smcc/src/main/java/at/gv/egiz/smcc/GemaltoNetV2_0Card.java
index 3bea0753..daa391b4 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/GemaltoNetV2_0Card.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/GemaltoNetV2_0Card.java
@@ -4,6 +4,7 @@ import iaik.me.security.CryptoBag;
 import iaik.me.security.CryptoException;
 import iaik.me.security.MessageDigest;
 import iaik.me.security.cipher.TripleDES;
+import iaik.pkcs.pkcs7.DigestInfo;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -39,6 +40,19 @@ public class GemaltoNetV2_0Card extends AbstractSignatureCard implements
 
 	PinInfo pinPinInfo;
 	PinInfo pukPinInfo;
+	
+	private final byte[] SHA1_PADDING = new byte[] {
+
+			(byte) 0x30, (byte) 0x21, (byte) 0x30, (byte) 0x09, (byte) 0x06,
+					(byte) 0x05, (byte) 0x2B, (byte) 0x0E, (byte) 0x03, (byte) 0x02,
+					(byte) 0x1A, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x14 };
+	
+	private final byte[] SHA256_PADDING = new byte[] {
+
+			(byte) 0x30, (byte) 0x31, (byte) 0x30, (byte) 0x0d, (byte) 0x06,
+					(byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01,
+					(byte) 0x65, (byte) 0x03, (byte) 0x04, (byte) 0x02, (byte) 0x01,
+					(byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x20 };
 
 	public void init(Card card, CardTerminal cardTerminal) {
 		super.init(card, cardTerminal);
@@ -111,12 +125,14 @@ public class GemaltoNetV2_0Card extends AbstractSignatureCard implements
 			PINGUI pinGUI, String alg) throws SignatureCardException,
 			InterruptedException, IOException {
 
+		boolean sha1 = false;
 		MessageDigest md;
 		try {
 			if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)
 					&& (alg == null || "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
 							.equals(alg))) {
 				md = MessageDigest.getInstance("SHA-1");
+				sha1 = true;
 			} else if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)
 					&& ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
 							.equals(alg))) {
@@ -145,8 +161,19 @@ public class GemaltoNetV2_0Card extends AbstractSignatureCard implements
 			MSCMService service = new MSCMService(channel);
 
 			verifyPINLoop(channel, pinPinInfo, pinGUI);
-
-			byte[] paded = padding.pad(digest);
+			
+			ByteArrayOutputStream fdata = new ByteArrayOutputStream();
+			
+			
+			if(sha1) {
+				fdata.write(SHA1_PADDING);
+			} else {
+				fdata.write(SHA256_PADDING);
+			}
+			fdata.write(digest);
+			fdata.close();
+			byte[] msg = fdata.toByteArray();
+			byte[] paded = padding.pad(msg);
 			byte[] sign = service.privateKeyDecrypt((byte) 0, (byte) 2, paded);
 			return sign;
 		} catch (Throwable e) {
-- 
cgit v1.2.3