diff --git a/scripts/statuswallet_install.gpshell b/scripts/statuswallet_install.gpshell index 5cdb4d8..fe76600 100644 --- a/scripts/statuswallet_install.gpshell +++ b/scripts/statuswallet_install.gpshell @@ -5,6 +5,6 @@ card_connect select -AID A000000003000000 open_sc -security 1 -keyind 0 -keyver 2 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f send_apdu_nostop -sc 1 -APDU 80E400800E4F0C53746174757357616C6C6574 -install -file ../build/javacard/im/status/wallet/javacard/wallet.cap -AID 53746174757357616C6C6574417070 -instAID 53746174757357616C6C6574417070 +install -file ../build/javacard/im/status/wallet/javacard/wallet.cap -AID 53746174757357616C6C6574417070 -instAID 53746174757357616C6C6574417070 -instParam 313232343536373839303132 card_disconnect release_context \ No newline at end of file diff --git a/src/main/java/im/status/wallet/WalletApplet.java b/src/main/java/im/status/wallet/WalletApplet.java index d020aff..f586221 100644 --- a/src/main/java/im/status/wallet/WalletApplet.java +++ b/src/main/java/im/status/wallet/WalletApplet.java @@ -11,27 +11,34 @@ public class WalletApplet extends Applet { static final byte INS_LOAD_KEY = (byte) 0xD0; static final byte INS_SIGN = (byte) 0xC0; + static final byte PUK_LENGTH = 12; + static final byte PUK_MAX_RETRIES = 5; static final byte PIN_LENGTH = 6; static final byte PIN_MAX_RETRIES = 3; + static final short TMP_BUFFER_LENGTH = PIN_LENGTH; - public static final short EC_KEY_SIZE = 256; + static final short EC_KEY_SIZE = 256; - private OwnerPIN ownerPIN; + private OwnerPIN pin; + private OwnerPIN puk; private SecureChannel secureChannel; private KeyPair keypair; - private byte[] tmp; public static void install(byte[] bArray, short bOffset, byte bLength) { new WalletApplet(bArray, bOffset, bLength); } public WalletApplet(byte[] bArray, short bOffset, byte bLength) { - tmp = JCSystem.makeTransientByteArray(TMP_BUFFER_LENGTH, JCSystem.CLEAR_ON_DESELECT); + short c9Off = (short)(bOffset + bArray[bOffset] + 1); + c9Off += (short)(bArray[bOffset] + 1 + 2); - Util.arrayFillNonAtomic(tmp, (short) 0, PIN_LENGTH, (byte) 0x30); - ownerPIN = new OwnerPIN(PIN_MAX_RETRIES, PIN_LENGTH); - ownerPIN.update(tmp, (short) 0, PIN_LENGTH); + puk = new OwnerPIN(PUK_MAX_RETRIES, PUK_LENGTH); + puk.update(bArray, c9Off, PUK_LENGTH); + + Util.arrayFillNonAtomic(bArray, c9Off, PIN_LENGTH, (byte) 0x30); + pin = new OwnerPIN(PIN_MAX_RETRIES, PIN_LENGTH); + pin.update(bArray, c9Off, PIN_LENGTH); secureChannel = new SecureChannel(); keypair = new KeyPair(KeyPair.ALG_EC_FP, EC_KEY_SIZE); @@ -90,15 +97,15 @@ public class WalletApplet extends Applet { byte[] apduBuffer = apdu.getBuffer(); byte len = secureChannel.decryptAPDU(apduBuffer); - if (!ownerPIN.check(apduBuffer, ISO7816.OFFSET_CDATA, len)) { - ISOException.throwIt((short)((short) 0x63c0 | (short) ownerPIN.getTriesRemaining())); + if (!pin.check(apduBuffer, ISO7816.OFFSET_CDATA, len)) { + ISOException.throwIt((short)((short) 0x63c0 | (short) pin.getTriesRemaining())); } } private void changePIN(APDU apdu) { apdu.setIncomingAndReceive(); - if (!(secureChannel.isOpen() && ownerPIN.isValidated())) { + if (!(secureChannel.isOpen() && pin.isValidated())) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -109,14 +116,14 @@ public class WalletApplet extends Applet { ISOException.throwIt(ISO7816.SW_WRONG_DATA); } - ownerPIN.update(apduBuffer, ISO7816.OFFSET_CDATA, len); - ownerPIN.check(apduBuffer, ISO7816.OFFSET_CDATA, len); + pin.update(apduBuffer, ISO7816.OFFSET_CDATA, len); + pin.check(apduBuffer, ISO7816.OFFSET_CDATA, len); } private void unblockPIN(APDU apdu) { apdu.setIncomingAndReceive(); - if (!(secureChannel.isOpen() && ownerPIN.getTriesRemaining() == 0)) { + if (!(secureChannel.isOpen() && pin.getTriesRemaining() == 0)) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } } @@ -124,7 +131,7 @@ public class WalletApplet extends Applet { private void loadKey(APDU apdu) { apdu.setIncomingAndReceive(); - if (!(secureChannel.isOpen() && ownerPIN.isValidated())) { + if (!(secureChannel.isOpen() && pin.isValidated())) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } } @@ -132,7 +139,7 @@ public class WalletApplet extends Applet { private void sign(APDU apdu) { apdu.setIncomingAndReceive(); - if (!(secureChannel.isOpen() && ownerPIN.isValidated() && keypair.getPrivate().isInitialized())) { + if (!(secureChannel.isOpen() && pin.isValidated() && keypair.getPrivate().isInitialized())) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } }