move installation script to gradle with configurable parameters

This commit is contained in:
Michele Balistreri 2017-09-27 20:04:26 +03:00
parent 91b4a96194
commit 5b231fb711
4 changed files with 53 additions and 19 deletions

View File

@ -1,14 +1,39 @@
# JavaCard Hardware Wallet
Currently just a skeleton for the hardware wallet.
The .gpshell files are meant to be fed to GPShell. The statuswallet_install.gpshell file is actually dependent on the
target hw. Currently it assumes that the default VISA AID and keys for the ISD are used, but the version number is 2.
The status.im Hardware Wallet. At the moment Secure Channel and PIN management/verification are implemented.
The project is built using Gradle with the [Fidesmo Javacard Gradle plugin](https://github.com/fidesmo/gradle-javacard).
You can set the JavaCard HOME not only through the environment but also creating a gradle.properties file with the
property "com.fidesmo.gradle.javacard.home" set to the correct path.
Loading and installing the applet requires [gpshell](https://sourceforge.net/p/globalplatform/wiki/GPShell/) to be
installed on the system. The gradle.properties file must contain the following properties
* im.status.gradle.gpshell = the path to the gpshell executable
* im.status.gradle.gpshell.isd = the AID of the issuer security domain
* im.status.gradle.gpshell.mac_key = the MAC key for the ISD
* im.status.gradle.gpshell.enc_key = the ENC key for the ISD
* im.status.gradle.gpshell.kek_key = the KEK key for the ISD
* im.status.gradle.gpshell.kvn = the Key Version Number for the ISD
Testing is done with JUnit and performed on a real card. Although the tests are comprehensive, debugging is not easy
because raw APDUs are not shown in the test log and there is no way to set breakpoints in the applet. Using a simulator
like [jCardSim](https://github.com/licel/jcardsim) would make debugging easier but only a subset of bugs can be reliably
found with this system. Code changes would be needed for tests to support jCardSim. The tests are run with the test task
in gradle.
## Example gradle.properties file
```
com.fidesmo.gradle.javacard.home=/home/username/javacard-2_2_2
im.status.gradle.gpshell=/usr/local/bin/gpshell
im.status.gradle.gpshell.isd=A000000003000000
im.status.gradle.gpshell.mac_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.enc_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.kek_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.kvn=2
```
## Implementation notes
* This implementation will try to use only features available in JavaCard 2.2.2 for broader compatibility with existing

View File

@ -1,12 +1,15 @@
apply plugin: 'javacard'
apply plugin: 'org.junit.platform.gradle.plugin'
buildscript {
repositories {
maven { url 'http://releases.marmeladburk.fidesmo.com/' }
mavenCentral()
}
dependencies {
classpath 'com.fidesmo:gradle-javacard:0.2.7'
classpath 'org.junit.platform:junit-platform-gradle-plugin:1.0.0'
}
}
@ -41,6 +44,27 @@ task wrapper(type: Wrapper) {
gradleVersion = '2.10'
}
task install(type: Exec) {
def gpShellScript = """
mode_211
enable_trace
establish_context
card_connect
select -AID ${project.properties['im.status.gradle.gpshell.isd']}
open_sc -security 1 -keyind 0 -keyver ${project.properties['im.status.gradle.gpshell.kvn']} -mac_key ${project.properties['im.status.gradle.gpshell.mac_key']} -enc_key ${project.properties['im.status.gradle.gpshell.enc_key']} -kek_key ${project.properties['im.status.gradle.gpshell.kek_key']}
send_apdu_nostop -sc 1 -APDU 80E400800E4F0C53746174757357616C6C6574
install -file build/javacard/im/status/wallet/javacard/wallet.cap -AID 53746174757357616C6C6574417070 -instAID 53746174757357616C6C6574417070 -instParam 313233343536373839303132
card_disconnect
release_context
"""
executable project.properties['im.status.gradle.gpshell']
standardInput new ByteArrayInputStream(gpShellScript.getBytes("UTF-8"))
}
tasks.install.dependsOn(convertJavacard)
tasks.test.dependsOn(install)
compileTestJava {
sourceCompatibility = 1.8
targetCompatibility = 1.8

View File

@ -1,5 +0,0 @@
#!/usr/bin/env bash
pushd scripts
gpshell <statuswallet_install.gpshell
popd

View File

@ -1,10 +0,0 @@
mode_211
enable_trace
establish_context
card_connect
select -AID A000000003000000
open_sc -security 1 -keyind 0 -keyver 2 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
send_apdu_nostop -sc 1 -APDU 80E400800E4F0C53746174757357616C6C6574
install -file ../build/javacard/im/status/wallet/javacard/wallet.cap -AID 53746174757357616C6C6574417070 -instAID 53746174757357616C6C6574417070 -instParam 313232343536373839303132
card_disconnect
release_context