Exemplo n.º 1
0
 // ------------------------------------------------
 public penCipher() {
   desEngine = Cipher.getInstance(Cipher.ALG_DES_ECB_NOPAD, false);
   desKey = KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES, false);
   des3Key = KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
   tbuf1 = JCSystem.makeTransientByteArray((short) 8, JCSystem.CLEAR_ON_DESELECT);
   tbuf2 = JCSystem.makeTransientByteArray((short) 8, JCSystem.CLEAR_ON_DESELECT);
 }
Exemplo n.º 2
0
 private PKIApplet() {
   pin = new OwnerPIN(PIN_TRIES, MAX_PIN_SIZE);
   puc = new OwnerPIN(PUC_TRIES, PUC_SIZE);
   rd = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
   pkcs1Cipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
   nopadCipher = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false);
   md = MessageDigest.getInstance(MessageDigest.ALG_SHA, false);
   tmp = JCSystem.makeTransientByteArray(TMP_SIZE, JCSystem.CLEAR_ON_DESELECT);
   state = STATE_INITIAL;
   authKeyId = new byte[KEY_ID_SIZE];
   signKeyId = new byte[KEY_ID_SIZE];
   decKeyId = new byte[KEY_ID_SIZE];
   authKeyPrivate =
       (RSAPrivateCrtKey)
           KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, KeyBuilder.LENGTH_RSA_1024, false);
   signKeyPrivate =
       (RSAPrivateCrtKey)
           KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, KeyBuilder.LENGTH_RSA_1024, false);
   decKeyPrivate =
       (RSAPrivateCrtKey)
           KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, KeyBuilder.LENGTH_RSA_1024, false);
   tempKeyPublic =
       (RSAPublicKey)
           KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_1024, false);
   currentPrivateKey = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_DESELECT);
   expectedDecipherDataLength =
       JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_DESELECT);
   fileSystem = new FileSystem((short) 16);
 }
 private ConnectionManager(byte[] bArray, short bOffset, byte bLength) {
   // The connection manager keeps track of the area where the
   // device is operating.  Since the area changes as the user moves,
   // we keep track of the area by setting a variable in Transient
   // Clear-On-Deselect memory.
   activeAreaCode = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_DESELECT);
   activeAreaCode[0] = INACTIVE_AREA;
   connectionStatus = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_DESELECT);
   register();
 }
 FileSystem() {
   files = new Object[18];
   fileSizes = new short[18];
   filePerms = new byte[18];
   currentAuthorization = JCSystem.makeTransientByteArray((short) 3, JCSystem.CLEAR_ON_DESELECT);
   // The default read authorization for all DGs is mutual authentication
   // required
   for (short i = 0; i < 18; i++) {
     filePerms[i] = SmartIDApplet.MUTUAL_AUTHENTICATED;
   }
   filePerms[EF_DG14_INDEX] = (byte) 0x00;
 }
Exemplo n.º 5
0
 /**
  * Create a new file system for maxFiles maximum number of files.
  *
  * @param maxFiles the maximum number of files.
  */
 FileSystem(short maxFiles) {
   efFiles = new Object[maxFiles];
   efPerms = new byte[maxFiles];
   fileStructureIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_DESELECT);
   fnfe = new FileNotFoundException();
 }
Exemplo n.º 6
0
  public void process(APDU apdu) {
    // Good practice: Return 9000 on SELECT
    if (selectingApplet()) {
      return;
    }

    byte[] buff = apdu.getBuffer();
    // Get the incoming APDU
    // Util.arrayCopy(apdu.getBuffer(),(short) 0, buff,(short) 0,(short) apdu.getBuffer().length);//
    // apdu.getBuffer();
    // Check the CLA

    /*
    if(buff[ISO7816.OFFSET_CLA]!=CLA){
    	ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
    }
    */
    // Switch on the instruction code INS
    switch (buff[ISO7816.OFFSET_INS]) {
        //		Create a test signature using test
      case SEND_TEST_SIGNATURE:
        // Sign the test byte and get the signature size
        size = sig.sign(test, (short) 0, (short) test.length, output, (short) 0);
        break;
        //			return modulus of public key
      case SEND_PUB_MOD:
        // Retrieve the modulus, store it in the output byte array and set the output length
        size = k.getModulus(output, (short) 0);
        break;
        //		  return exponent of public key
      case SEND_PUB_EXP:
        //			Retrieve the public exponent, store it in the output byte array and set the output
        // length
        size = k.getExponent(output, (short) 0);
        break;
        //			return exponent of private key given correct pin authentication
      case SEND_PRV_EXP:
        // Check that the user is authenticated (correct command 0x80 0x03 0x01 0x00 0x04 0x00 0x00
        // 0x00 0x00 0x00)
        if (buff[ISO7816.OFFSET_P1] == ((byte) 0x01)) {
          if (buff[ISO7816.OFFSET_LC] != (byte) 0x00) {
            if (pin.check(buff, (short) (ISO7816.OFFSET_LC + 1), buff[ISO7816.OFFSET_LC])) {
              size = k2.getExponent(output, (short) 0);
              pin.reset();
            } else {
              // wrong pin (system should have taken care of decrementing the counter and checking
              // boundary conditions)
              ISOException.throwIt(ISO7816.SW_WRONG_DATA);
            }
          } else {
            ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); // no pin was sent
          }
        } else {
          ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); // wrong command code
        }
        //			Retrieve the private exponent, store it in the output byte array and set the output
        // length
        size = k2.getExponent(output, (short) 0);
        break;
        //			return size of signature and modulus for testing purposes (they should be the same)
      case (byte) SEND_KEY_LENGTH:
        shortToByteArray(keysize);
        size = (short) 2;
        Util.arrayCopy(buff, (short) 0, output, (short) 0, size);
        break;
        //			Sign arbitrary text sent to card
      case (byte) SIGN_INPUT_DATA:
        size = (short) buff[ISO7816.OFFSET_LC];
        size = sig.sign(buff, (short) (ISO7816.OFFSET_LC + 1), size, output, (short) 0);
        break;
        //			return the modulus of public keywith a random value sent from the host
      case (byte) SEND_AUTHENTICATED_PUB_EXP:
        // Find the size of the random value
        size = (short) buff[ISO7816.OFFSET_LC];
        // If the current key is 2048 bit =256 bytes we need a big array to store all data to sign
        // TODO limit the size of the input value and do some checks on it
        bigArray =
            JCSystem.makeTransientByteArray((short) (size + keysize), JCSystem.CLEAR_ON_RESET);
        // Update the signature object with that value
        Util.arrayCopy(buff, (short) (ISO7816.OFFSET_LC + 1), bigArray, (short) 0, size);
        k.getModulus(bigArray, (short) (size));
        // Util.arrayCopy(buff, (short) 0, bigArray, (short) (ISO7816.OFFSET_LC+size+1), len);
        size = sig.sign(bigArray, (short) 0, (short) bigArray.length, output, (short) 0);
        break;

      case (byte) 0x07:
        size = (short) 2;
        output[0] = (byte) 0x09;
        output[1] = (byte) 0x08;
        break;
      case (byte) 0x08:
        short length = 256;
        // short length = (short) buff.length;
        size = (short) length;
        // output[0]=(byte) 0x08;
        // output[1]=(byte) 0x08;

        for (short i = 0; i < length; i++) {
          output[i] = (byte) buff[i];
        }
        break;
      default:
        // good practice: If you don't know the INStruction, say so:
        ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
    }

    send(apdu);
  }