martinpaljak#153: Include required LFDB hash calculation for load if…

… token-key exists (as per specification). Respect SHA256 option for load if DAP not required.
gregorjohannson · Mar 27, 2019 · 53b9781 · 53b9781
1 parent 11e6b9d
commit 53b9781
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/src/main/java/pro/javacard/gp/DMTokenGenerator.java b/src/main/java/pro/javacard/gp/DMTokenGenerator.java
@@ -27,7 +27,7 @@ public CommandAPDU applyToken(CommandAPDU apdu) {
                 logger.debug("No private key for token generation provided");
                 newData.write(0); //Token length
             } else {
-                logger.debug("Using private key for token generation");
+                logger.debug("Using private key for token generation (" + acceptedSignatureAlgorithm + ")");
                 byte[] token = calculateToken(apdu, key);
                 newData.write(token.length);
                 newData.write(token);

diff --git a/src/main/java/pro/javacard/gp/GPTool.java b/src/main/java/pro/javacard/gp/GPTool.java
@@ -871,9 +871,9 @@ private static void loadCapAccordingToDapRequirement(OptionSet args, GlobalPlatf
         // XXX: figure out right signature type in a better way
         if (dapRequired) {
             byte[] dap = args.has(OPT_SHA256) ? cap.getMetaInfEntry(CAPFile.DAP_RSA_V1_SHA256_FILE) : cap.getMetaInfEntry(CAPFile.DAP_RSA_V1_SHA1_FILE);
-            gp.loadCapFile(cap, targetDomain, dapDomain == null ? targetDomain : dapDomain, dap, args.has(OPT_SHA256) ? "SHA-256" : "SHA1");
+            gp.loadCapFile(cap, targetDomain, dapDomain == null ? targetDomain : dapDomain, dap, args.has(OPT_SHA256) ? "SHA-256" : "SHA-1");
         } else {
-            gp.loadCapFile(cap, targetDomain);
+            gp.loadCapFile(cap, targetDomain, args.has(OPT_SHA256) ? "SHA-256" : "SHA-1");
         }
     }
 

diff --git a/src/main/java/pro/javacard/gp/GlobalPlatform.java b/src/main/java/pro/javacard/gp/GlobalPlatform.java
@@ -569,6 +569,12 @@ public void loadCapFile(CAPFile cap, AID targetDomain) throws CardException, GPE
         loadCapFile(cap, targetDomain, false, false, null, null, LFDBH_SHA1);
     }
 
+    public void loadCapFile(CAPFile cap, AID targetDomain, String hashFunction) throws CardException, GPException {
+        if (targetDomain == null)
+            targetDomain = sdAID;
+        loadCapFile(cap, targetDomain, false, false, null, null, hashFunction);
+    }
+
     public void loadCapFile(CAPFile cap, AID targetDomain, byte[] dap, String hash) throws CardException, GPException {
         if (targetDomain == null)
             targetDomain = sdAID;
@@ -589,7 +595,8 @@ private void loadCapFile(CAPFile cap, AID targetDomain, boolean includeDebug, bo
         }
 
         // FIXME: hash type handling needs to be sensible.
-        byte[] hash = dap != null ? cap.getLoadFileDataHash(hashFunction, includeDebug) : new byte[0];
+        boolean isHashRequired = dap != null || tokenGenerator.hasKey();
+        byte[] hash = isHashRequired ? cap.getLoadFileDataHash(hashFunction, includeDebug) : new byte[0];
         byte[] code = cap.getCode(includeDebug);
         // FIXME: parameters are optional for load
         byte[] loadParams = getLoadParams(loadParam, code);