From 6855e4697579526d7e75259374caf8800fbb90bf Mon Sep 17 00:00:00 2001 From: Nick Johnson Date: Wed, 17 Jan 2018 13:27:33 +0000 Subject: [PATCH 1/3] Replace context-specific tags on GET_STATUS with type tags, and fix length --- src/main/java/im/status/wallet/WalletApplet.java | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/main/java/im/status/wallet/WalletApplet.java b/src/main/java/im/status/wallet/WalletApplet.java index 632059d..e1d827d 100644 --- a/src/main/java/im/status/wallet/WalletApplet.java +++ b/src/main/java/im/status/wallet/WalletApplet.java @@ -66,10 +66,8 @@ public class WalletApplet extends Applet { static final byte TLV_PUB_X = (byte) 0x83; static final byte TLV_APPLICATION_STATUS_TEMPLATE = (byte) 0xA3; - static final byte TLV_PIN_RETRY_COUNT = (byte) 0x80; - static final byte TLV_PUK_RETRY_COUNT = (byte) 0x81; - static final byte TLV_KEY_INITIALIZATION_STATUS = (byte) 0x82; - static final byte TLV_PUBLIC_KEY_DERIVATION = (byte) 0x83; + static final byte TLV_INT = (byte) 0x02; + static final byte TLV_BOOL = (byte) 0x01; static final byte TLV_APPLICATION_INFO_TEMPLATE = (byte) 0xA4; static final byte TLV_UID = (byte) 0x8F; @@ -324,17 +322,17 @@ public class WalletApplet extends Applet { */ private short getApplicationStatus(byte[] apduBuffer, short off) { apduBuffer[off++] = TLV_APPLICATION_STATUS_TEMPLATE; - apduBuffer[off++] = 9; - apduBuffer[off++] = TLV_PIN_RETRY_COUNT; + apduBuffer[off++] = 12; + apduBuffer[off++] = TLV_INT; apduBuffer[off++] = 1; apduBuffer[off++] = pin.getTriesRemaining(); - apduBuffer[off++] = TLV_PUK_RETRY_COUNT; + apduBuffer[off++] = TLV_INT; apduBuffer[off++] = 1; apduBuffer[off++] = puk.getTriesRemaining(); - apduBuffer[off++] = TLV_KEY_INITIALIZATION_STATUS; + apduBuffer[off++] = TLV_BOOL; apduBuffer[off++] = 1; apduBuffer[off++] = privateKey.isInitialized() ? (byte) 0x01 : (byte) 0x00; - apduBuffer[off++] = TLV_PUBLIC_KEY_DERIVATION; + apduBuffer[off++] = TLV_BOOL; apduBuffer[off++] = 1; apduBuffer[off++] = SECP256k1.hasECPointMultiplication() ? (byte) 0x01 : (byte) 0x00; From b68e7a55ea99d29ba35244b582cca89883f6b78e Mon Sep 17 00:00:00 2001 From: Nick Johnson Date: Wed, 17 Jan 2018 13:29:38 +0000 Subject: [PATCH 2/3] Update APPLICATION.MD --- APPLICATION.MD | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/APPLICATION.MD b/APPLICATION.MD index 85a987c..4db7602 100644 --- a/APPLICATION.MD +++ b/APPLICATION.MD @@ -92,10 +92,10 @@ derivation session Response Data format: if P1 = 0x00: - Tag 0xA3 = Application Status Template - - Tag 0x80 = PIN retry count (1 byte) - - Tag 0x81 = PUK retry count (1 byte) - - Tag 0x82 = 0 if key is not initialized, 1 otherwise - - Tag 0x83 = 1 if public key derivation is supported, 0 otherwise + - Tag 0x02 = PIN retry count (1 byte) + - Tag 0x02 = PUK retry count (1 byte) + - Tag 0x01 = 0 if key is not initialized, 1 otherwise + - Tag 0x01 = 1 if public key derivation is supported, 0 otherwise if P1 = 0x01 - a sequence of 32-bit numbers indicating the current key path. Empty if master key is selected. @@ -317,4 +317,4 @@ This command exports the current public and private key if and only if the curre selected by P1. P1 is only an index, the actual key path is stored immutably in the applet itself. At the moment only the Whisper key (P1=0x01) can be exported and its key path is m/1/1. Other key paths could be added in the future, but the last should remain as short as possible because of the security implications of revealing private keys to a possibly -compromised device. The current chain code is never exported to make it impossible to further derive keys off-card. \ No newline at end of file +compromised device. The current chain code is never exported to make it impossible to further derive keys off-card. From 07c1f9cc42fc3bc572043051df9c9a8a62568ad0 Mon Sep 17 00:00:00 2001 From: Nick Johnson Date: Wed, 17 Jan 2018 15:29:16 +0000 Subject: [PATCH 3/3] Make boolean true 0xFF, not 0x01 --- src/main/java/im/status/wallet/WalletApplet.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/im/status/wallet/WalletApplet.java b/src/main/java/im/status/wallet/WalletApplet.java index e1d827d..0ff342a 100644 --- a/src/main/java/im/status/wallet/WalletApplet.java +++ b/src/main/java/im/status/wallet/WalletApplet.java @@ -331,10 +331,10 @@ public class WalletApplet extends Applet { apduBuffer[off++] = puk.getTriesRemaining(); apduBuffer[off++] = TLV_BOOL; apduBuffer[off++] = 1; - apduBuffer[off++] = privateKey.isInitialized() ? (byte) 0x01 : (byte) 0x00; + apduBuffer[off++] = privateKey.isInitialized() ? (byte) 0xFF : (byte) 0x00; apduBuffer[off++] = TLV_BOOL; apduBuffer[off++] = 1; - apduBuffer[off++] = SECP256k1.hasECPointMultiplication() ? (byte) 0x01 : (byte) 0x00; + apduBuffer[off++] = SECP256k1.hasECPointMultiplication() ? (byte) 0xFF : (byte) 0x00; return (short) (off - SecureChannel.SC_OUT_OFFSET); }