diff --git a/build.gradle b/build.gradle index 9e46cce..9e6e663 100644 --- a/build.gradle +++ b/build.gradle @@ -9,7 +9,7 @@ buildscript { dependencies { classpath 'com.fidesmo:gradle-javacard:0.2.7' - classpath 'com.github.status-im.status-keycard-java:desktop:7d968cf' + classpath 'com.github.status-im.status-keycard-java:desktop:64aece4' } } @@ -59,7 +59,7 @@ dependencies { testCompile(files("../jcardsim/jcardsim-3.0.5-SNAPSHOT.jar")) testCompile('org.web3j:core:2.3.1') testCompile('org.bitcoinj:bitcoinj-core:0.14.5') - testCompile('com.github.status-im.status-keycard-java:desktop:7d968cf') + testCompile('com.github.status-im.status-keycard-java:desktop:64aece4') testCompile('org.bouncycastle:bcprov-jdk15on:1.65') testCompile("org.junit.jupiter:junit-jupiter-api:5.1.1") testRuntime("org.junit.jupiter:junit-jupiter-engine:5.1.1") diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index ebe1c9a..ec33a25 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -4,5 +4,5 @@ repositories { } dependencies { - compile 'com.github.status-im.status-keycard-java:desktop:7d968cf' + compile 'com.github.status-im.status-keycard-java:desktop:64aece4' } \ No newline at end of file diff --git a/src/main/java/im/status/keycard/KeycardApplet.java b/src/main/java/im/status/keycard/KeycardApplet.java index 4eefd70..fd8b92f 100644 --- a/src/main/java/im/status/keycard/KeycardApplet.java +++ b/src/main/java/im/status/keycard/KeycardApplet.java @@ -325,21 +325,27 @@ public class KeycardApplet extends Applet { byte defaultLimitsLen = (byte)(PIN_LENGTH + PUK_LENGTH + SecureChannel.SC_SECRET_LENGTH); byte withLimitsLen = (byte) (defaultLimitsLen + 2); + byte withAltPIN = (byte) (withLimitsLen + 6); - if (((apduBuffer[ISO7816.OFFSET_LC] != defaultLimitsLen) && (apduBuffer[ISO7816.OFFSET_LC] != withLimitsLen)) || !allDigits(apduBuffer, ISO7816.OFFSET_CDATA, (short)(PIN_LENGTH + PUK_LENGTH))) { + if (((apduBuffer[ISO7816.OFFSET_LC] != defaultLimitsLen) && (apduBuffer[ISO7816.OFFSET_LC] != withLimitsLen) && (apduBuffer[ISO7816.OFFSET_LC] != withAltPIN)) || !allDigits(apduBuffer, ISO7816.OFFSET_CDATA, (short)(PIN_LENGTH + PUK_LENGTH))) { ISOException.throwIt(ISO7816.SW_WRONG_DATA); } byte pinLimit; byte pukLimit; + short altPinOff = (short)(ISO7816.OFFSET_CDATA + PIN_LENGTH); - if (apduBuffer[ISO7816.OFFSET_LC] == withLimitsLen) { + if (apduBuffer[ISO7816.OFFSET_LC] >= withLimitsLen) { pinLimit = apduBuffer[(short) (ISO7816.OFFSET_CDATA + defaultLimitsLen)]; pukLimit = apduBuffer[(short) (ISO7816.OFFSET_CDATA + defaultLimitsLen + 1)]; if (pinLimit < PIN_MIN_RETRIES || pinLimit > PIN_MAX_RETRIES || pukLimit < PUK_MIN_RETRIES || pukLimit > PUK_MAX_RETRIES) { ISOException.throwIt(ISO7816.SW_WRONG_DATA); } + + if (apduBuffer[ISO7816.OFFSET_LC] == withAltPIN) { + altPinOff = (short)(ISO7816.OFFSET_CDATA + withLimitsLen); + } } else { pinLimit = DEFAULT_PIN_MAX_RETRIES; pukLimit = DEFAULT_PUK_MAX_RETRIES; @@ -351,7 +357,7 @@ public class KeycardApplet extends Applet { mainPIN.update(apduBuffer, ISO7816.OFFSET_CDATA, PIN_LENGTH); altPIN = new OwnerPIN(pinLimit, PIN_LENGTH); - altPIN.update(apduBuffer, (short)(ISO7816.OFFSET_CDATA + PIN_LENGTH), PIN_LENGTH); + altPIN.update(apduBuffer, altPinOff, PIN_LENGTH); puk = new OwnerPIN(pukLimit, PUK_LENGTH); puk.update(apduBuffer, (short)(ISO7816.OFFSET_CDATA + PIN_LENGTH), PUK_LENGTH); diff --git a/src/test/java/im/status/keycard/KeycardTest.java b/src/test/java/im/status/keycard/KeycardTest.java index f5a4100..9759318 100644 --- a/src/test/java/im/status/keycard/KeycardTest.java +++ b/src/test/java/im/status/keycard/KeycardTest.java @@ -225,7 +225,7 @@ public class KeycardTest { sharedSecret = cmdSet.pairingPasswordToSecret(System.getProperty("im.status.keycard.test.pairing", "KeycardDefaultPairing")); if (!cmdSet.getApplicationInfo().isInitializedCard()) { - assertEquals(0x9000, cmdSet.init("000000", "012345678901", sharedSecret).getSw()); + assertEquals(0x9000, cmdSet.init("000000", "024680", "012345678901", sharedSecret, (byte) 3, (byte) 5).getSw()); cmdSet.select().checkOK(); initCapabilities(cmdSet.getApplicationInfo()); } @@ -568,7 +568,7 @@ public class KeycardTest { assertEquals(0x9000, response.getSw()); // Alt PIN - response = cmdSet.verifyPIN("012345"); + response = cmdSet.verifyPIN("024680"); assertEquals(0x9000, response.getSw()); // Check max retry counter @@ -584,11 +584,11 @@ public class KeycardTest { response = cmdSet.verifyPIN("000000"); assertEquals(0x63C0, response.getSw()); - response = cmdSet.verifyPIN("012345"); + response = cmdSet.verifyPIN("024680"); assertEquals(0x63C0, response.getSw()); // Unblock PIN to make further tests possible - response = cmdSet.unblockPIN("012345678901", "012345"); + response = cmdSet.unblockPIN("012345678901", "024680"); assertEquals(0x9000, response.getSw()); } @@ -696,7 +696,7 @@ public class KeycardTest { assertEquals(0x9000, response.getSw()); // Alt PIN - response = cmdSet.verifyPIN("012345"); + response = cmdSet.verifyPIN("024680"); assertEquals(0x9000, response.getSw()); response = cmdSet.changePIN(KeycardApplet.CHANGE_PIN_P1_USER_PIN, "123456"); @@ -707,7 +707,7 @@ public class KeycardTest { response = cmdSet.verifyPIN("123456"); assertEquals(0x9000, response.getSw()); - response = cmdSet.changePIN(KeycardApplet.CHANGE_PIN_P1_USER_PIN, "012345"); + response = cmdSet.changePIN(KeycardApplet.CHANGE_PIN_P1_USER_PIN, "024680"); assertEquals(0x9000, response.getSw()); resetAndSelectAndOpenSC(); @@ -1129,7 +1129,7 @@ public class KeycardTest { assertEquals(0x6A88, response.getSw()); // Alt PIN - response = cmdSet.verifyPIN("012345"); + response = cmdSet.verifyPIN("024680"); assertEquals(0x9000, response.getSw()); response = cmdSet.signWithPath(hash, updatedPath, false); @@ -1352,7 +1352,7 @@ public class KeycardTest { assertEquals(0x9000, response.getSw()); // Alt PIN - response = cmdSet.verifyPIN("012345"); + response = cmdSet.verifyPIN("024680"); assertEquals(0x9000, response.getSw()); response = cmdSet.exportKey(new byte[] {(byte) 0x80, 0x00, 0x00, 0x2B, (byte) 0x80, 0x00, 0x00, 0x3C, (byte) 0x80, 0x00, 0x06, 0x2c, (byte) 0x00, 0x00, 0x00, 0x00}, KeycardApplet.DERIVE_P1_SOURCE_MASTER, false, KeycardCommandSet.EXPORT_KEY_P2_EXTENDED_PUBLIC);