From 5b231fb7116d410973dfc8600d64f434b048606c Mon Sep 17 00:00:00 2001 From: Michele Balistreri Date: Wed, 27 Sep 2017 20:04:26 +0300 Subject: [PATCH] move installation script to gradle with configurable parameters --- README.md | 33 ++++++++++++++++++++++++---- build.gradle | 24 ++++++++++++++++++++ install_applet.sh | 5 ----- scripts/statuswallet_install.gpshell | 10 --------- 4 files changed, 53 insertions(+), 19 deletions(-) delete mode 100755 install_applet.sh delete mode 100644 scripts/statuswallet_install.gpshell diff --git a/README.md b/README.md index 356d21f..25b7a76 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,39 @@ # JavaCard Hardware Wallet -Currently just a skeleton for the hardware wallet. - -The .gpshell files are meant to be fed to GPShell. The statuswallet_install.gpshell file is actually dependent on the -target hw. Currently it assumes that the default VISA AID and keys for the ISD are used, but the version number is 2. +The status.im Hardware Wallet. At the moment Secure Channel and PIN management/verification are implemented. The project is built using Gradle with the [Fidesmo Javacard Gradle plugin](https://github.com/fidesmo/gradle-javacard). You can set the JavaCard HOME not only through the environment but also creating a gradle.properties file with the property "com.fidesmo.gradle.javacard.home" set to the correct path. +Loading and installing the applet requires [gpshell](https://sourceforge.net/p/globalplatform/wiki/GPShell/) to be +installed on the system. The gradle.properties file must contain the following properties + +* im.status.gradle.gpshell = the path to the gpshell executable +* im.status.gradle.gpshell.isd = the AID of the issuer security domain +* im.status.gradle.gpshell.mac_key = the MAC key for the ISD +* im.status.gradle.gpshell.enc_key = the ENC key for the ISD +* im.status.gradle.gpshell.kek_key = the KEK key for the ISD +* im.status.gradle.gpshell.kvn = the Key Version Number for the ISD + +Testing is done with JUnit and performed on a real card. Although the tests are comprehensive, debugging is not easy +because raw APDUs are not shown in the test log and there is no way to set breakpoints in the applet. Using a simulator +like [jCardSim](https://github.com/licel/jcardsim) would make debugging easier but only a subset of bugs can be reliably +found with this system. Code changes would be needed for tests to support jCardSim. The tests are run with the test task +in gradle. + +## Example gradle.properties file + +``` +com.fidesmo.gradle.javacard.home=/home/username/javacard-2_2_2 +im.status.gradle.gpshell=/usr/local/bin/gpshell +im.status.gradle.gpshell.isd=A000000003000000 +im.status.gradle.gpshell.mac_key=404142434445464748494a4b4c4d4e4f +im.status.gradle.gpshell.enc_key=404142434445464748494a4b4c4d4e4f +im.status.gradle.gpshell.kek_key=404142434445464748494a4b4c4d4e4f +im.status.gradle.gpshell.kvn=2 +``` + ## Implementation notes * This implementation will try to use only features available in JavaCard 2.2.2 for broader compatibility with existing diff --git a/build.gradle b/build.gradle index 9aa3138..a286660 100644 --- a/build.gradle +++ b/build.gradle @@ -1,12 +1,15 @@ apply plugin: 'javacard' +apply plugin: 'org.junit.platform.gradle.plugin' buildscript { repositories { maven { url 'http://releases.marmeladburk.fidesmo.com/' } + mavenCentral() } dependencies { classpath 'com.fidesmo:gradle-javacard:0.2.7' + classpath 'org.junit.platform:junit-platform-gradle-plugin:1.0.0' } } @@ -41,6 +44,27 @@ task wrapper(type: Wrapper) { gradleVersion = '2.10' } +task install(type: Exec) { + def gpShellScript = """ + mode_211 + enable_trace + establish_context + card_connect + select -AID ${project.properties['im.status.gradle.gpshell.isd']} + open_sc -security 1 -keyind 0 -keyver ${project.properties['im.status.gradle.gpshell.kvn']} -mac_key ${project.properties['im.status.gradle.gpshell.mac_key']} -enc_key ${project.properties['im.status.gradle.gpshell.enc_key']} -kek_key ${project.properties['im.status.gradle.gpshell.kek_key']} + send_apdu_nostop -sc 1 -APDU 80E400800E4F0C53746174757357616C6C6574 + install -file build/javacard/im/status/wallet/javacard/wallet.cap -AID 53746174757357616C6C6574417070 -instAID 53746174757357616C6C6574417070 -instParam 313233343536373839303132 + card_disconnect + release_context + """ + + executable project.properties['im.status.gradle.gpshell'] + standardInput new ByteArrayInputStream(gpShellScript.getBytes("UTF-8")) +} + +tasks.install.dependsOn(convertJavacard) +tasks.test.dependsOn(install) + compileTestJava { sourceCompatibility = 1.8 targetCompatibility = 1.8 diff --git a/install_applet.sh b/install_applet.sh deleted file mode 100755 index b89b8c5..0000000 --- a/install_applet.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -pushd scripts -gpshell