manuth/HWBTutorials
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow sensitive commands only with PIN

Browse source
This commit is contained in:
Manuel Thalmann 2023-10-24 23:09:30 +02:00
parent de7ada08c9
commit 551ac64fa7
1 changed files with 65 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
hwb1/src/hwb1/MyApplet.java
View file

@ -6,27 +6,37 @@
package hwb1; package hwb1;
import javacard.framework.*; import javacard.framework.*;
/** /**
* Applet class * Applet class
* *
* @author <user> * @author <user>
*/ */
public class MyApplet extends Applet { public class MyApplet extends Applet {
final static short SW_PIN_VERIFICATION_REQUIRED = 0x6301;
final static byte PIN_TRY_LIMIT =(byte)0x03; final static byte PIN_TRY_LIMIT =(byte)0x03;
final static byte MAX_PIN_SIZE =(byte)0x08; final static byte MAX_PIN_SIZE =(byte)0x08;
private byte[] authorName = new byte[] { 'M', 'a', 'n', 'u', 'e', 'l' }; private byte[] authorName = new byte[] { 'M', 'a', 'n', 'u', 'e', 'l' };
private byte[] storage = new byte[] {}; private byte[] storage = new byte[] {};
OwnerPIN pin; private OwnerPIN pin;
/** /**
* Installs this applet. * Installs this applet.
* *
* @param bArray the array containing installation parameters * @param buffer the array containing installation parameters
* @param bOffset the starting offset in bArray * @param bOffset the starting offset in bArray
* @param bLength the length in bytes of the parameter data in bArray * @param bLength the length in bytes of the parameter data in bArray
*/ */
public static void install(byte[] bArray, short bOffset, byte bLength) { public static void install(byte[] buffer, short offset, byte length) {
new MyApplet(bArray, bOffset, bLength); byte aidLength = buffer[offset];
short controlInfoOffset = (short)(offset + 1 + aidLength);
byte controlInfoLength = buffer[controlInfoOffset];
short dataOffset = (short)(controlInfoOffset + 1 + controlInfoLength);
byte dataLength = buffer[dataOffset];
new MyApplet(buffer, (short)(dataOffset + 1), dataLength);
} }
/** /**
@ -36,9 +46,9 @@ public class MyApplet extends Applet {
* @param bOffset the starting offset in bArray * @param bOffset the starting offset in bArray
* @param bLength the length in bytes of the parameter data in bArray * @param bLength the length in bytes of the parameter data in bArray
*/ */
protected MyApplet(byte[] bArray, short bOffset, byte bLength) { protected MyApplet(byte[] appletData, short dataOffset, byte dataLength) {
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE); pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
pin.update(bArray, bOffset, bLength); pin.update(appletData, dataOffset, dataLength);
register(); register();
} }
@ -50,6 +60,11 @@ public class MyApplet extends Applet {
} }
} }
public void deselect() {
super.deselect();
pin.reset();
}
/** /**
* Processes an incoming APDU. * Processes an incoming APDU.
* *
@ -66,8 +81,20 @@ public class MyApplet extends Applet {
if (buffer[ISO7816.OFFSET_CLA] != (byte)0x80) { if (buffer[ISO7816.OFFSET_CLA] != (byte)0x80) {
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
} else { } else {
boolean authenticationRequired = false;
byte instruction = buffer[ISO7816.OFFSET_INS]; byte instruction = buffer[ISO7816.OFFSET_INS];
switch (instruction) {
case 0x04:
case 0x02:
authenticationRequired = !pin.isValidated();
break;
}
if (authenticationRequired) {
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
}
else {
switch (instruction) { switch (instruction) {
case 0x00: case 0x00:
case 0x04: case 0x04:
@ -105,6 +132,7 @@ public class MyApplet extends Applet {
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
break; break;
} }
}
ISOException.throwIt(ISO7816.SW_NO_ERROR); ISOException.throwIt(ISO7816.SW_NO_ERROR);
} }