OpenPGP card v3.3 : support AES ENC, improved AES DEC
This commit is contained in:
parent
d37a471067
commit
706bfb182b
@ -163,7 +163,7 @@ public final class Constants {
|
|||||||
0x10 | /* support pw status changes */
|
0x10 | /* support pw status changes */
|
||||||
0x08 | /* support private DOs (0101-0104) */
|
0x08 | /* support private DOs (0101-0104) */
|
||||||
0x04 | /* support algorithm attributes changes */
|
0x04 | /* support algorithm attributes changes */
|
||||||
0x02 | /* support PSO:DEC AES */
|
0x02 | /* support PSO:DEC/ENC AES */
|
||||||
0x01), /* support KDF-DO */
|
0x01), /* support KDF-DO */
|
||||||
(byte)0x01, /* SM 0x01 = 128 bits, 0x02 = 256 bits */
|
(byte)0x01, /* SM 0x01 = 128 bits, 0x02 = 256 bits */
|
||||||
(byte)0x00, (byte)0x20, /* max length get challenge */
|
(byte)0x00, (byte)0x20, /* max length get challenge */
|
||||||
|
@ -1124,6 +1124,7 @@ public final class SmartPGPApplet extends Applet {
|
|||||||
|
|
||||||
sensitiveData();
|
sensitiveData();
|
||||||
|
|
||||||
|
/* PSO : COMPUTE DIGITAL SIGNATURE */
|
||||||
if((p1 == (byte)0x9e) && (p2 == (byte)0x9a)) {
|
if((p1 == (byte)0x9e) && (p2 == (byte)0x9a)) {
|
||||||
|
|
||||||
assertUserMode81();
|
assertUserMode81();
|
||||||
@ -1151,12 +1152,22 @@ public final class SmartPGPApplet extends Applet {
|
|||||||
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_SIG].sign(transients.buffer, lc, false);
|
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_SIG].sign(transients.buffer, lc, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* PSO : DECIPHER */
|
||||||
if((p1 == (byte)0x80) && (p2 == (byte)0x86)) {
|
if((p1 == (byte)0x80) && (p2 == (byte)0x86)) {
|
||||||
|
|
||||||
assertUserMode82();
|
assertUserMode82();
|
||||||
|
|
||||||
if((lc == (short)(1 + Constants.aesKeyLength())) &&
|
if(lc <= 0) {
|
||||||
(transients.buffer[0] == (byte)2)) {
|
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(transients.buffer[0] == (byte)0x02) {
|
||||||
|
|
||||||
|
if(((short)(lc - 1) % Constants.aesKeyLength()) != 0) {
|
||||||
|
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if(!data.aes_key.isInitialized()) {
|
if(!data.aes_key.isInitialized()) {
|
||||||
ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
|
ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
|
||||||
@ -1180,6 +1191,36 @@ public final class SmartPGPApplet extends Applet {
|
|||||||
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_DEC].decipher(ec, transients.buffer, lc);
|
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_DEC].decipher(ec, transients.buffer, lc);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* PSO : ENCIPHER */
|
||||||
|
if((p1 == (byte)0x86) && (p2 == (byte)0x80)) {
|
||||||
|
|
||||||
|
assertUserMode82();
|
||||||
|
|
||||||
|
if((lc <= 0) || ((lc % Constants.aesKeyLength()) != 0)) {
|
||||||
|
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!data.aes_key.isInitialized()) {
|
||||||
|
ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
final Cipher cipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
|
||||||
|
cipher.init(data.aes_key, Cipher.MODE_ENCRYPT);
|
||||||
|
|
||||||
|
final short res = cipher.doFinal(transients.buffer, (short)0, lc,
|
||||||
|
transients.buffer, (short)(lc + 1));
|
||||||
|
|
||||||
|
transients.buffer[lc] = (byte)0x02;
|
||||||
|
Util.arrayCopyNonAtomic(transients.buffer, lc,
|
||||||
|
transients.buffer, (short)0, (short)(res + 1));
|
||||||
|
|
||||||
|
Util.arrayFillNonAtomic(transients.buffer, (short)(lc + 1), res, (byte)0);
|
||||||
|
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
ISOException.throwIt(ISO7816.SW_WRONG_P1P2);
|
ISOException.throwIt(ISO7816.SW_WRONG_P1P2);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user