Skip to content

Commit

Permalink
probe RSA PSS signatures for API_FEATURES
Browse files Browse the repository at this point in the history
  • Loading branch information
@philipWendland
philipWendland committed May 26, 2020
1 parent c9ff411 commit f7fd179
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions src/net/pwendland/javacard/pki/isoapplet/IsoApplet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@ public class IsoApplet extends Applet implements ExtendedLength {
private static final byte API_FEATURE_EXT_APDU = (byte) 0x01;
private static final byte API_FEATURE_SECURE_RANDOM = (byte) 0x02;
private static final byte API_FEATURE_ECC = (byte) 0x04;
private static final byte API_FEATURE_RSA_SHA256_PSS = (byte) 0x08;
private static final byte API_FEATURE_RSA_SHA512_PSS = (byte) 0x10;

/* Other constants */
// "ram_buf" is used for:
Expand Down Expand Up @@ -150,6 +152,8 @@ public class IsoApplet extends Applet implements ExtendedLength {
private short[] ram_chaining_cache = null;
private Cipher rsaPkcs1Cipher = null;
private Signature ecdsaSignature = null;
private Signature rsaPss256Signature = null;
private Signature rsaPss512Signature = null;
private RandomData randomData = null;
private byte api_features;

Expand Down Expand Up @@ -199,6 +203,36 @@ protected IsoApplet() {
}
}

try {
rsaPss256Signature = Signature.getInstance(Signature.ALG_RSA_SHA_256_PKCS1_PSS, false);
api_features |= API_FEATURE_RSA_SHA256_PSS;
} catch (CryptoException e) {
if(e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {
/* Few Java Cards do not support ECDSA at all.
* We should not throw an exception in this cases
* as this would prevent installation. */
ecdsaSignature = null;
api_features &= ~API_FEATURE_RSA_SHA256_PSS;
} else {
throw e;
}
}

try {
rsaPss256Signature = Signature.getInstance(Signature.ALG_RSA_SHA_512_PKCS1_PSS, false);
api_features |= API_FEATURE_RSA_SHA512_PSS;
} catch (CryptoException e) {
if(e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {
/* Few Java Cards do not support ECDSA at all.
* We should not throw an exception in this cases
* as this would prevent installation. */
ecdsaSignature = null;
api_features &= ~API_FEATURE_RSA_SHA512_PSS;
} else {
throw e;
}
}

try {
randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
api_features |= API_FEATURE_SECURE_RANDOM;
Expand Down

0 comments on commit f7fd179

Please sign in to comment.