support cards which only have ALG_RSA_CRT #5
Conversation
There was a problem hiding this comment.
I'm not associated with this project, but I had a look over the changes and figured I would throw in my $0.02. Take it with a grain of salt.
-
You may want to consider gating this capability by adding a feature flag.
-
Now that you added support for
RSAPrivateCrtKey, consider implementing all of the types (ELEMENT_RSA_P,ELEMENT_RSA_Q, etc.) thatRSAPrivateCrtKeyseems to support:OpenFIPS201/src/com/makina/security/OpenFIPS201/PIVKeyObjectPKI.java
Lines 108 to 133 in 8adcbcf
| @@ -146,7 +153,11 @@ public void updateElement(byte element, byte[] buffer, short offset, short lengt | |||
| */ | |||
| public void setPrivateExponent(byte[] buffer, short offset, short length) { | |||
| if (privateKey == null) allocate(); | |||
| privateKey.setExponent(buffer, offset, length); | |||
| ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); | |||
There was a problem hiding this comment.
Given the next few lines, I'm guessing this line was included in error.
| @@ -35,9 +35,10 @@ of this software and associated documentation files (the "Software"), to deal | |||
| */ | |||
| public final class PIVKeyObjectPKI extends PIVKeyObject { | |||
|
|
|||
| private RSAPrivateKey privateKey; | |||
| private Key privateKey; | |||
There was a problem hiding this comment.
Instead of Key, should this be PrivateKey?
| @@ -168,7 +179,11 @@ public void setPublicExponent(byte[] buffer, short offset, short length) { | |||
| */ | |||
| public void setModulus(byte[] buffer, short offset, short length) { | |||
| if (privateKey == null || publicKey == null) allocate(); | |||
| privateKey.setModulus(buffer, offset, length); | |||
| ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); | |||
There was a problem hiding this comment.
Same comment as that from line 156 above: I'm guessing this line was added in error.
| try { | ||
| keyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_1024); | ||
| } catch (CryptoException e) { | ||
| if (e.getReason() == CryptoException.NO_SUCH_ALGORITHM) { |
| try { | ||
| keyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); | ||
| } catch (CryptoException e) { | ||
| if (e.getReason() == CryptoException.NO_SUCH_ALGORITHM) { |
None of the smartcards I tried (various JavaCOS, NXP, SmartCafe Expert) supported KeyPair(KeyPair.ALG_RSA, ...) only KeyPair.ALG_RSA_CRT.
This patch detects that and switches to using KeyPair.ALG_RSA_CRT.