javacard.security.RSAPrivateCrtKey Java Examples

The following examples show how to use javacard.security.RSAPrivateCrtKey. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Gpg.java    From OpenPGP-Card with GNU General Public License v3.0 5 votes vote down vote up 
private short addKeyPart(byte part, byte[] data, short offset, KeyPair key) {
  short size = Util.getShort(commandChainingBuffer, TEMP_PUT_KEY_EXPECTED_CHUNK_SIZE);
  short nextSize = RSA_KEY_HALF_LENGTH_BYTES;
  switch (part) {
    case KEY_PART_E:
      ((RSAPublicKey) key.getPublic()).setExponent(data, offset, size);
      break;
    case KEY_PART_PRIME_P:
      ((RSAPrivateCrtKey) key.getPrivate()).setP(data, offset, size);
      break;
    case KEY_PART_PRIME_Q:
      ((RSAPrivateCrtKey) key.getPrivate()).setQ(data, offset, size);
      break;
    case KEY_PART_PARAM_PQ:
      ((RSAPrivateCrtKey) key.getPrivate()).setPQ(data, offset, size);
      break;
    case KEY_PART_PARAM_DP1:
      ((RSAPrivateCrtKey) key.getPrivate()).setDP1(data, offset, size);
      break;
    case KEY_PART_PARAM_DQ1:
      ((RSAPrivateCrtKey) key.getPrivate()).setDQ1(data, offset, size);
      nextSize = RSA_KEY_LENGTH_BYTES;
      break;

    case KEY_PART_N:
      ((RSAPublicKey) key.getPublic()).setModulus(data, offset, RSA_KEY_LENGTH_BYTES);
      if (!key.getPrivate().isInitialized() ||
          !key.getPublic().isInitialized()) {
        ISOException.throwIt(ISO7816.SW_DATA_INVALID);
      }
      return (short) (offset + RSA_KEY_LENGTH_BYTES);
  }
  Util.setShort(commandChainingBuffer, TEMP_PUT_KEY_EXPECTED_CHUNK_SIZE, nextSize);
  return (short) (offset + size);
}
Example #2
Source File: IsoApplet.java    From IsoApplet with GNU General Public License v3.0 4 votes vote down vote up 
/**
 * \brief Decipher the data from the apdu using the private key referenced by
 * 			an earlier MANAGE SECURITY ENVIRONMENT apdu.
 *
 * \param apdu The PERFORM SECURITY OPERATION apdu with P1=80 and P2=86.
 *
 * \throw ISOException SW_CONDITIONS_NOT_SATISFIED, SW_WRONG_LENGTH and
 *						SW_WRONG_DATA
 */
private void decipher(APDU apdu) {
    short offset_cdata;
    short lc;
    short decLen = -1;

    lc = doChainingOrExtAPDU(apdu);
    offset_cdata = 0;

    // Padding indicator should be "No further indication".
    if(ram_buf[offset_cdata] != (byte) 0x00) {
        ISOException.throwIt(ISO7816.SW_WRONG_DATA);
    }

    switch(currentAlgorithmRef[0]) {

    case ALG_RSA_PAD_PKCS1:
        // Get the key - it must be an RSA private key,
        // checks have been done in MANAGE SECURITY ENVIRONMENT.
        RSAPrivateCrtKey theKey = (RSAPrivateCrtKey) keys[currentPrivateKeyRef[0]];

        // Check the length of the cipher.
        // Note: The first byte of the data field is the padding indicator
        //		 and therefor not part of the ciphertext.
        if((short)(lc-1) !=  (short)(theKey.getSize() / 8)) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }

        rsaPkcs1Cipher.init(theKey, Cipher.MODE_DECRYPT);
        try {
            decLen = rsaPkcs1Cipher.doFinal(ram_buf, (short)(offset_cdata+1), (short)(lc-1),
                                            apdu.getBuffer(), (short) 0);
        } catch(CryptoException e) {
            ISOException.throwIt(ISO7816.SW_WRONG_DATA);
        }

        // We have to send at most 256 bytes. A short APDU can handle that - only one send operation neccessary.
        apdu.setOutgoingAndSend((short)0, decLen);
        break;

    default:
        ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED);
    }
}
Example #3
Source File: IsoApplet.java    From IsoApplet with GNU General Public License v3.0 4 votes vote down vote up 
/**
 * \brief Compute a digital signature of the data from the apdu
 * 			using the private key referenced by	an earlier
 *			MANAGE SECURITY ENVIRONMENT apdu.
 *
 * \attention The apdu should contain a hash, not raw data for RSA keys.
 * 				PKCS1 padding will be applied if neccessary.
 *
 * \param apdu The PERFORM SECURITY OPERATION apdu with P1=9E and P2=9A.
 *
 * \throw ISOException SW_CONDITIONS_NOT_SATISFIED, SW_WRONG_LENGTH
 * 						and SW_UNKNOWN.
 */
private void computeDigitalSignature(APDU apdu) throws ISOException {
    byte[] buf = apdu.getBuffer();
    short offset_cdata;
    short lc;
    short sigLen = 0;


    switch(currentAlgorithmRef[0]) {
    case ALG_RSA_PAD_PKCS1:
        // Receive.
        // Bytes received must be Lc.
        lc = apdu.setIncomingAndReceive();
        if(lc != apdu.getIncomingLength()) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }
        offset_cdata = apdu.getOffsetCdata();

        // RSA signature operation.
        RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) keys[currentPrivateKeyRef[0]];

        if(lc > (short) 247) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }

        rsaPkcs1Cipher.init(rsaKey, Cipher.MODE_ENCRYPT);
        sigLen = rsaPkcs1Cipher.doFinal(buf, offset_cdata, lc, ram_buf, (short)0);

        if(sigLen != 256) {
            ISOException.throwIt(ISO7816.SW_UNKNOWN);
        }

        // A single short APDU can handle 256 bytes - only one send operation neccessary.
        short le = apdu.setOutgoing();
        if(le < sigLen) {
            ISOException.throwIt(ISO7816.SW_CORRECT_LENGTH_00);
        }
        apdu.setOutgoingLength(sigLen);
        apdu.sendBytesLong(ram_buf, (short) 0, sigLen);
        break;

    case ALG_ECDSA_SHA1:
        // Get the key - it must be a EC private key,
        // checks have been done in MANAGE SECURITY ENVIRONMENT.
        ECPrivateKey ecKey = (ECPrivateKey) keys[currentPrivateKeyRef[0]];

        // Initialisation should be done when:
        // 	- No command chaining is performed at all.
        //	- Command chaining is performed and this is the first apdu in the chain.
        if(ram_chaining_cache[RAM_CHAINING_CACHE_OFFSET_CURRENT_POS] == (short) 0) {
            ecdsaSignature.init(ecKey, Signature.MODE_SIGN);
            if(isCommandChainingCLA(apdu)) {
                ram_chaining_cache[RAM_CHAINING_CACHE_OFFSET_CURRENT_POS] = (short) 1;
            }
        }

        short recvLen = apdu.setIncomingAndReceive();
        offset_cdata = apdu.getOffsetCdata();

        // Receive data. For extended APDUs, the data is received piecewise
        // and aggregated in the hash. When using short APDUs, command
        // chaining is performed.
        while (recvLen > 0) {
            ecdsaSignature.update(buf, offset_cdata, recvLen);
            recvLen = apdu.receiveBytes(offset_cdata);
        }

        if(!isCommandChainingCLA(apdu)) {
            sigLen = ecdsaSignature.sign(buf, (short)0, (short)0, buf, (short) 0);
            ram_chaining_cache[RAM_CHAINING_CACHE_OFFSET_CURRENT_POS] = (short) 0;
            apdu.setOutgoingAndSend((short) 0, sigLen);
        } else {
            ram_chaining_cache[RAM_CHAINING_CACHE_OFFSET_CURRENT_POS]++;
        }

        break;

    default:
        // Wrong/unknown algorithm.
        ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
    }
}