Compare commits
No commits in common. "452e2d4716952e65045af3ae8dbd71db62df150e" and "017fd64d2fd6cf25acd5c05dbad4be59c54935ab" have entirely different histories.
452e2d4716
...
017fd64d2f
8 changed files with 6 additions and 233 deletions
24
.vscode/tasks.json
vendored
24
.vscode/tasks.json
vendored
|
@ -22,18 +22,6 @@
|
||||||
},
|
},
|
||||||
"problemMatcher": []
|
"problemMatcher": []
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"label": "Flash SecretApplet",
|
|
||||||
"type": "shell",
|
|
||||||
"command": "${workspaceFolder}/scripts/flash.cmd",
|
|
||||||
"options": {
|
|
||||||
"env": {
|
|
||||||
"PACKAGE": "hwb1",
|
|
||||||
"APPLET": "SecretApplet"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"problemMatcher": []
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"label": "Test MyApplet",
|
"label": "Test MyApplet",
|
||||||
"type": "shell",
|
"type": "shell",
|
||||||
|
@ -46,18 +34,6 @@
|
||||||
},
|
},
|
||||||
"problemMatcher": []
|
"problemMatcher": []
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"label": "Test SecretApplet",
|
|
||||||
"type": "shell",
|
|
||||||
"command": "${workspaceFolder}/scripts/test.cmd",
|
|
||||||
"options": {
|
|
||||||
"env": {
|
|
||||||
"PACKAGE": "hwb1",
|
|
||||||
"APPLET": "SecretApplet"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"problemMatcher": []
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"label": "Delete Applet",
|
"label": "Delete Applet",
|
||||||
"type": "shell",
|
"type": "shell",
|
||||||
|
|
|
@ -16,19 +16,10 @@
|
||||||
<entries>
|
<entries>
|
||||||
<key>src/hwb1/MyApplet.java</key>
|
<key>src/hwb1/MyApplet.java</key>
|
||||||
<value>
|
<value>
|
||||||
<entry>
|
|
||||||
<key xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">IsJavaCardApplet</key>
|
|
||||||
<value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">1</value>
|
|
||||||
</entry>
|
|
||||||
<entry>
|
<entry>
|
||||||
<key xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">AID</key>
|
<key xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">AID</key>
|
||||||
<value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">52C4C7C95C0420</value>
|
<value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">52C4C7C95C0420</value>
|
||||||
</entry>
|
</entry>
|
||||||
</value>
|
|
||||||
</entries>
|
|
||||||
<entries>
|
|
||||||
<key>src/hwb1/SecretApplet.java</key>
|
|
||||||
<value>
|
|
||||||
<entry>
|
<entry>
|
||||||
<key xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">IsJavaCardApplet</key>
|
<key xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">IsJavaCardApplet</key>
|
||||||
<value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">1</value>
|
<value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">1</value>
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
-i
|
-i
|
||||||
-classdir ..\bin
|
-classdir ..\bin
|
||||||
-applet 0x52:0xC4:0xC7:0xC9:0x5C:0x04:0x20 hwb1.MyApplet
|
-applet 0x52:0xC4:0xC7:0xC9:0x5C:0x04:0x20 hwb1.MyApplet
|
||||||
-applet 0x52:0xC4:0xC7:0xC9:0x5C:0x82:0x28 hwb1.SecretApplet
|
|
||||||
-out CAP JCA EXP
|
-out CAP JCA EXP
|
||||||
-d ..\deliverables\hwb1
|
-d ..\deliverables\hwb1
|
||||||
-debug
|
-debug
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
#Sat Nov 04 21:00:23 CET 2023
|
#Thu Oct 12 17:03:08 CEST 2023
|
||||||
SCRIPTGEN_NO_BEGIN_END=false
|
|
||||||
SCRIPTGEN_NO_BANNER=false
|
|
||||||
SCRIPTGEN_NO_POWER_DOWN=true
|
|
||||||
SCRIPTGEN_NO_POWER_UP=false
|
SCRIPTGEN_NO_POWER_UP=false
|
||||||
|
SCRIPTGEN_NO_POWER_DOWN=true
|
||||||
|
SCRIPTGEN_NO_BANNER=false
|
||||||
|
SCRIPTGEN_NO_BEGIN_END=false
|
||||||
|
|
|
@ -65,6 +65,7 @@ public class MyApplet extends Applet {
|
||||||
* @param apdu the incoming APDU
|
* @param apdu the incoming APDU
|
||||||
*/
|
*/
|
||||||
public void process(APDU apdu) {
|
public void process(APDU apdu) {
|
||||||
|
short length;
|
||||||
byte[] buffer = apdu.getBuffer();
|
byte[] buffer = apdu.getBuffer();
|
||||||
|
|
||||||
if (selectingApplet()) {
|
if (selectingApplet()) {
|
||||||
|
@ -91,8 +92,6 @@ public class MyApplet extends Applet {
|
||||||
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
|
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
short length;
|
|
||||||
|
|
||||||
switch (instruction) {
|
switch (instruction) {
|
||||||
case 0x00:
|
case 0x00:
|
||||||
case 0x04:
|
case 0x04:
|
||||||
|
|
|
@ -1,138 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
package hwb1;
|
|
||||||
|
|
||||||
import javacard.framework.*;
|
|
||||||
import javacard.security.AESKey;
|
|
||||||
import javacard.security.CryptoException;
|
|
||||||
import javacard.security.KeyBuilder;
|
|
||||||
import javacard.security.Signature;
|
|
||||||
import javacardx.crypto.Cipher;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Applet class
|
|
||||||
*
|
|
||||||
* @author <user>
|
|
||||||
*/
|
|
||||||
public class SecretApplet extends Applet {
|
|
||||||
private AESKey encryptionKey;
|
|
||||||
private AESKey macKey;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Installs this applet.
|
|
||||||
*
|
|
||||||
* @param bArray the array containing installation parameters
|
|
||||||
* @param bOffset the starting offset in bArray
|
|
||||||
* @param bLength the length in bytes of the parameter data in bArray
|
|
||||||
*/
|
|
||||||
public static void install(byte[] bArray, short bOffset, byte bLength) {
|
|
||||||
new SecretApplet();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Only this class's install method should create the applet object.
|
|
||||||
*/
|
|
||||||
protected SecretApplet() {
|
|
||||||
register();
|
|
||||||
encryptionKey = initializeKey(new byte[] { 0x59, (byte)0xA3, (byte)0xFA, 0x76, 0x35, 0x40, 0x01, (byte)0x82, (byte)0xA5, (byte)0xC0, (byte)0xAB, (byte)0xE0, 0x1F, 0x30, (byte)0x89, (byte)0xFA });
|
|
||||||
macKey = initializeKey(new byte[] { 0x58, (byte)0x9F, 0x61, 0x62, (byte)0xBB, 0x10, (byte)0x89, (byte)0xD8, 0x1A, 0x16, (byte)0xD3, 0x2A, 0x3F, 0x06, 0x27, (byte)0xC6 });
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Processes an incoming APDU.
|
|
||||||
*
|
|
||||||
* @see APDU
|
|
||||||
* @param apdu the incoming APDU
|
|
||||||
*/
|
|
||||||
public void process(APDU apdu) {
|
|
||||||
short length;
|
|
||||||
byte[] buffer = apdu.getBuffer();
|
|
||||||
|
|
||||||
if (selectingApplet()) {
|
|
||||||
ISOException.throwIt(ISO7816.SW_NO_ERROR);
|
|
||||||
} else {
|
|
||||||
if (buffer[ISO7816.OFFSET_CLA] != (byte)0x80) {
|
|
||||||
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
|
|
||||||
} else {
|
|
||||||
byte instruction = buffer[ISO7816.OFFSET_INS];
|
|
||||||
|
|
||||||
try {
|
|
||||||
switch (instruction) {
|
|
||||||
case 0x42:
|
|
||||||
byte[] encrypted;
|
|
||||||
length = apdu.setIncomingAndReceive();
|
|
||||||
|
|
||||||
if (length > 64) {
|
|
||||||
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
|
|
||||||
} else {
|
|
||||||
encrypted = new byte[(short)(length + 16)];
|
|
||||||
Cipher cipher = getEncryptionCipher(Cipher.MODE_ENCRYPT);
|
|
||||||
cipher.doFinal(buffer, ISO7816.OFFSET_CDATA, length, encrypted, (short)0);
|
|
||||||
|
|
||||||
Signature signature = getMACSignature(Signature.MODE_SIGN);
|
|
||||||
short totalLength = (short)(length + signature.sign(encrypted, (short)0, length, encrypted, length));
|
|
||||||
apdu.setOutgoing();
|
|
||||||
apdu.setOutgoingLength(totalLength);
|
|
||||||
apdu.sendBytesLong(encrypted, (short)0, totalLength);
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 0x44:
|
|
||||||
length = apdu.setIncomingAndReceive();
|
|
||||||
|
|
||||||
if (length > 80) {
|
|
||||||
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
|
|
||||||
} else {
|
|
||||||
Signature signature = getMACSignature(Signature.MODE_VERIFY);
|
|
||||||
short signatureLength = 16;
|
|
||||||
short messageLength = (short)(length - signatureLength);
|
|
||||||
short signatureOffset = (short)(ISO7816.OFFSET_CDATA + messageLength);
|
|
||||||
|
|
||||||
if (!signature.verify(buffer, ISO7816.OFFSET_CDATA, messageLength, buffer, signatureOffset, signatureLength)) {
|
|
||||||
ISOException.throwIt(ISO7816.SW_WRONG_DATA);
|
|
||||||
} else {
|
|
||||||
byte[] decrypted = new byte[messageLength];
|
|
||||||
Cipher cipher = getEncryptionCipher(Cipher.MODE_DECRYPT);
|
|
||||||
cipher.doFinal(buffer, ISO7816.OFFSET_CDATA, messageLength, decrypted, (short)0);
|
|
||||||
|
|
||||||
apdu.setOutgoing();
|
|
||||||
apdu.setOutgoingLength(messageLength);
|
|
||||||
apdu.sendBytesLong(decrypted, (short)0, messageLength);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
} catch (CryptoException exception) {
|
|
||||||
ISOException.throwIt((short)(ISO7816.SW_WRONG_LENGTH | exception.getReason()));
|
|
||||||
}
|
|
||||||
|
|
||||||
ISOException.throwIt(ISO7816.SW_NO_ERROR);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
protected AESKey initializeKey(byte[] keyBytes) {
|
|
||||||
AESKey key = (AESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false);
|
|
||||||
key.setKey(keyBytes, (short)0);
|
|
||||||
return key;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected Cipher getEncryptionCipher(byte mode) {
|
|
||||||
byte[] initializationVector = new byte[] { 0x18, 0x24, 0x57, (byte)0xD6, (byte)0x97, 0x33, 0x69, (byte)0xED, 0x05, 0x4D, 0x6E, 0x14, (byte)0x93, (byte)0xE4, (byte)0xB7, 0x45 };
|
|
||||||
Cipher cipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
|
|
||||||
cipher.init(encryptionKey, mode, initializationVector, (short)0, (short)initializationVector.length);
|
|
||||||
return cipher;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected Signature getMACSignature(byte mode) {
|
|
||||||
byte[] initializationVector = new byte[] { (byte)0xB6, 0x6C, (byte)0xAC, (byte)0xC7, (byte)0xD6, 0x78, (byte)0x88, 0x18, 0x07, (byte)0x88, (byte)0xA4, 0x27, 0x07, 0x55, 0x50, 0x2A };
|
|
||||||
Signature signature = Signature.getInstance(Signature.ALG_AES_MAC_128_NOPAD, false);
|
|
||||||
signature.init(macKey, mode, initializationVector, (short)0, (short)initializationVector.length);
|
|
||||||
return signature;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
// test my applet
|
|
||||||
establish_context
|
|
||||||
enable_trace
|
|
||||||
enable_timer
|
|
||||||
card_connect
|
|
||||||
// select
|
|
||||||
send_apdu -sc 0 -APDU 00A40400080102030405060809
|
|
||||||
|
|
||||||
// Triggering Unsupported CLA Error
|
|
||||||
send_apdu -sc 0 -APDU 9001000000
|
|
||||||
|
|
||||||
// Triggering Unsupported Instruction Error
|
|
||||||
send_apdu -sc 0 -APDU 8001000000
|
|
||||||
|
|
||||||
// Sending Too Much Data for Encryption
|
|
||||||
send_apdu -sc 0 -APDU 80420000410102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041
|
|
||||||
|
|
||||||
// Send Incorrectly Unpadded Data
|
|
||||||
send_apdu -sc 0 -APDU 804200000B48656C6C6F20576F726C64
|
|
||||||
|
|
||||||
// Encrypt Short Message
|
|
||||||
send_apdu -sc 0 -APDU 804200001048656C6C6F2C206D7920667269656E6420
|
|
||||||
|
|
||||||
// Answer is:
|
|
||||||
// 06031CEC546648D86AD549EDD9CB1A1AC67A3073E0A0334657DE9BF469C79BC0
|
|
||||||
|
|
||||||
// Decrypt Short Message
|
|
||||||
send_apdu -sc 0 -APDU 804400002006031CEC546648D86AD549EDD9CB1A1AC67A3073E0A0334657DE9BF469C79BC010
|
|
||||||
|
|
||||||
// Encrypt Long Message (32 Bytes)
|
|
||||||
send_apdu -sc 0 -APDU 804200002048656C6C6F206D7920667269656E642120486F7720697320776561746865723F30
|
|
||||||
|
|
||||||
// Answer is:
|
|
||||||
// A3631530E3C2E874B5CAB11416D928C1E4B63349BE3CE0CE77298AD53DD2BF0B9336BE3C5AD57471E01D22B045721D9F
|
|
||||||
|
|
||||||
// Decrypt Long Message (32 Bytes)
|
|
||||||
send_apdu -sc 0 -APDU 8044000030A3631530E3C2E874B5CAB11416D928C1E4B63349BE3CE0CE77298AD53DD2BF0B9336BE3C5AD57471E01D22B045721D9F20
|
|
||||||
|
|
||||||
// Sending Too Much Data for Decryption
|
|
||||||
send_apdu -sc 0 -APDU 80440000510102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051
|
|
||||||
|
|
||||||
// Trying to Decrypt Unpadded Data
|
|
||||||
send_apdu -sc 0 -APDU 80420000110102030405060708090A0B0C0D0E0F101101
|
|
||||||
|
|
||||||
// Trying to Decrypt Tampered Short Message
|
|
||||||
send_apdu -sc 0 -APDU 804400002006031CEC546648D86AE549EDD9CB1A1AC67A3073E0A0334657DE9BF469C79BC010
|
|
||||||
|
|
||||||
card_disconnect
|
|
||||||
release_context
|
|
|
@ -2,9 +2,4 @@ CALL %~dp0setup.cmd
|
||||||
CALL %~dp0compile.cmd
|
CALL %~dp0compile.cmd
|
||||||
|
|
||||||
:: "-f" forces overwriting old versions of the package
|
:: "-f" forces overwriting old versions of the package
|
||||||
|
gp --install %~dp0..\%PACKAGE%\javacard\%PACKAGE%.cap --params %PARAMS% -f
|
||||||
IF [%PARAMS%]==[] (
|
|
||||||
gp -f --install %~dp0..\%PACKAGE%\javacard\%PACKAGE%.cap
|
|
||||||
) ELSE (
|
|
||||||
gp -f --install %~dp0..\%PACKAGE%\javacard\%PACKAGE%.cap --params %PARAMS%
|
|
||||||
)
|
|
||||||
|
|
Loading…
Reference in a new issue