status-im/status-keycard
2
0
Fork 0
mirror of https://github.com/status-im/status-keycard.git synced 2025-01-13 15:24:53 +00:00
Code Issues Projects Releases Wiki Activity

remove software-based CMAC implementation

Browse Source
This commit is contained in:
Michele Balistreri 2018-11-07 16:18:44 +03:00
parent 97cf00d45c
commit 178395df52
2 changed files with 11 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -58,7 +58,7 @@ im.status.wallet.test.simulated=false
## Implementation notes
* The applet requires JavaCard 3.0.4 (with the addition of KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY
)or later.
) or later.
* The class byte of the APDU is not checked since there are no conflicting INS code.
The algorithms the card must support are at least:
@ -70,8 +70,8 @@ The algorithms the card must support are at least:
* MessageDigest.ALG_SHA_256
* MessageDigest.ALG_SHA_512
* RandomData.ALG_SECURE_RANDOM
* Signature.ALG_AES_MAC_128_NOPAD
* Signature.ALG_ECDSA_SHA_256
Best performance is achieved if the card supports:
* Signature.ALG_AES_MAC_128_NOPAD (if this is supported, then Cipher.ALG_AES_BLOCK_128_CBC_NOPAD is not required)
* Signature.ALG_HMAC_SHA_512

40
src/main/java/im/status/wallet/SecureChannel.java
View File

@ -29,7 +29,6 @@ public class SecureChannel {
private AESKey scMacKey;
private Cipher scCipher;
private Cipher scMacCipher;
private byte[] macCipherBuf;
private Signature scMac;
private KeyPair scKeypair;
private byte[] secret;
@ -58,12 +57,7 @@ public class SecureChannel {
scCipher = Cipher.getInstance(Cipher.ALG_AES_CBC_ISO9797_M2,false);
try {
scMac = Signature.getInstance(Signature.ALG_AES_MAC_128_NOPAD, false);
} catch (CryptoException e) {
scMacCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
macCipherBuf = JCSystem.makeTransientByteArray(MAX_MAC_APDU_SIZE, JCSystem.CLEAR_ON_DESELECT);
}
scMac = Signature.getInstance(Signature.ALG_AES_MAC_128_NOPAD, false);
scEncKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES_TRANSIENT_DESELECT, KeyBuilder.LENGTH_AES_256, false);
scMacKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES_TRANSIENT_DESELECT, KeyBuilder.LENGTH_AES_256, false);
@ -327,19 +321,11 @@ public class SecureChannel {
* @param apduLen the data len
*/
private boolean verifyAESMAC(byte[] apduBuffer, short apduLen) {
if (scMac == null) {
scMacCipher.init(scMacKey, Cipher.MODE_ENCRYPT);
short encLen = scMacCipher.update(apduBuffer, (short) 0, ISO7816.OFFSET_CDATA, macCipherBuf, (short) 0);
encLen += scMacCipher.update(secret, SC_BLOCK_SIZE, (short) (SC_BLOCK_SIZE - ISO7816.OFFSET_CDATA), macCipherBuf, encLen);
encLen += scMacCipher.doFinal(apduBuffer, (short) (ISO7816.OFFSET_CDATA + SC_BLOCK_SIZE), (short) (apduLen - SC_BLOCK_SIZE), macCipherBuf, encLen);
return Util.arrayCompare(apduBuffer, ISO7816.OFFSET_CDATA, macCipherBuf, (short)(encLen - SC_BLOCK_SIZE), SC_BLOCK_SIZE) == 0;
} else {
scMac.init(scMacKey, Signature.MODE_VERIFY);
scMac.update(apduBuffer, (short) 0, ISO7816.OFFSET_CDATA);
scMac.update(secret, SC_BLOCK_SIZE, (short) (SC_BLOCK_SIZE - ISO7816.OFFSET_CDATA));
scMac.init(scMacKey, Signature.MODE_VERIFY);
scMac.update(apduBuffer, (short) 0, ISO7816.OFFSET_CDATA);
scMac.update(secret, SC_BLOCK_SIZE, (short) (SC_BLOCK_SIZE - ISO7816.OFFSET_CDATA));
return scMac.verify(apduBuffer, (short) (ISO7816.OFFSET_CDATA + SC_BLOCK_SIZE), (short) (apduLen - SC_BLOCK_SIZE), apduBuffer, ISO7816.OFFSET_CDATA, SC_BLOCK_SIZE);
}
return scMac.verify(apduBuffer, (short) (ISO7816.OFFSET_CDATA + SC_BLOCK_SIZE), (short) (apduLen - SC_BLOCK_SIZE), apduBuffer, ISO7816.OFFSET_CDATA, SC_BLOCK_SIZE);
}
/**
@ -377,18 +363,10 @@ public class SecureChannel {
* @param apduBuffer the APDU buffer
*/
private void computeAESMAC(short len, byte[] apduBuffer) {
if (scMac == null) {
scMacCipher.init(scMacKey, Cipher.MODE_ENCRYPT);
short encLen = scMacCipher.update(apduBuffer, (short) 0, (short) 1, macCipherBuf, (short) 0);
encLen += scMacCipher.update(secret, SC_BLOCK_SIZE, (short) (SC_BLOCK_SIZE - 1), macCipherBuf, encLen);
encLen += scMacCipher.doFinal(apduBuffer, (short) (ISO7816.OFFSET_CDATA + SC_BLOCK_SIZE), len, macCipherBuf, encLen);
Util.arrayCopyNonAtomic(macCipherBuf, (short)(encLen - SC_BLOCK_SIZE), apduBuffer, ISO7816.OFFSET_CDATA, SC_BLOCK_SIZE);
} else {
scMac.init(scMacKey, Signature.MODE_SIGN);
scMac.update(apduBuffer, (short) 0, (short) 1);
scMac.update(secret, SC_BLOCK_SIZE, (short) (SC_BLOCK_SIZE - 1));
scMac.sign(apduBuffer, (short) (ISO7816.OFFSET_CDATA + SC_BLOCK_SIZE), len, apduBuffer, ISO7816.OFFSET_CDATA);
}
scMac.init(scMacKey, Signature.MODE_SIGN);
scMac.update(apduBuffer, (short) 0, (short) 1);
scMac.update(secret, SC_BLOCK_SIZE, (short) (SC_BLOCK_SIZE - 1));
scMac.sign(apduBuffer, (short) (ISO7816.OFFSET_CDATA + SC_BLOCK_SIZE), len, apduBuffer, ISO7816.OFFSET_CDATA);
}
/**