add PUK installation parameter

scripts/statuswallet_install.gpshell

@@ -5,6 +5,6 @@ card_connect
 select -AID A000000003000000
 open_sc -security 1 -keyind 0 -keyver 2 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
 send_apdu_nostop -sc 1 -APDU 80E400800E4F0C53746174757357616C6C6574
-install -file ../build/javacard/im/status/wallet/javacard/wallet.cap -AID 53746174757357616C6C6574417070 -instAID 53746174757357616C6C6574417070
+install -file ../build/javacard/im/status/wallet/javacard/wallet.cap -AID 53746174757357616C6C6574417070 -instAID 53746174757357616C6C6574417070 -instParam 313232343536373839303132
 card_disconnect
 release_context

src/main/java/im/status/wallet/WalletApplet.java

@@ -11,27 +11,34 @@ public class WalletApplet extends Applet {
   static final byte INS_LOAD_KEY = (byte) 0xD0;
   static final byte INS_SIGN = (byte) 0xC0;
 
+  static final byte PUK_LENGTH = 12;
+  static final byte PUK_MAX_RETRIES = 5;
   static final byte PIN_LENGTH = 6;
   static final byte PIN_MAX_RETRIES = 3;
+
   static final short TMP_BUFFER_LENGTH = PIN_LENGTH;
-  public static final short EC_KEY_SIZE = 256;
+  static final short EC_KEY_SIZE = 256;
 
 
-  private OwnerPIN ownerPIN;
+  private OwnerPIN pin;
+  private OwnerPIN puk;
   private SecureChannel secureChannel;
   private KeyPair keypair;
-  private byte[] tmp;
 
   public static void install(byte[] bArray, short bOffset, byte bLength) {
     new WalletApplet(bArray, bOffset, bLength);
   }
 
   public WalletApplet(byte[] bArray, short bOffset, byte bLength) {
-    tmp = JCSystem.makeTransientByteArray(TMP_BUFFER_LENGTH, JCSystem.CLEAR_ON_DESELECT);
+    short c9Off = (short)(bOffset + bArray[bOffset] + 1);
+    c9Off += (short)(bArray[bOffset] + 1 + 2);
 
-    Util.arrayFillNonAtomic(tmp, (short) 0, PIN_LENGTH, (byte) 0x30);
+    puk = new OwnerPIN(PUK_MAX_RETRIES, PUK_LENGTH);
-    ownerPIN = new OwnerPIN(PIN_MAX_RETRIES, PIN_LENGTH);
+    puk.update(bArray, c9Off, PUK_LENGTH);
-    ownerPIN.update(tmp, (short) 0, PIN_LENGTH);
+
+    Util.arrayFillNonAtomic(bArray, c9Off, PIN_LENGTH, (byte) 0x30);
+    pin = new OwnerPIN(PIN_MAX_RETRIES, PIN_LENGTH);
+    pin.update(bArray, c9Off, PIN_LENGTH);
 
     secureChannel = new SecureChannel();
     keypair = new KeyPair(KeyPair.ALG_EC_FP, EC_KEY_SIZE);
@@ -90,15 +97,15 @@ public class WalletApplet extends Applet {
     byte[] apduBuffer = apdu.getBuffer();
     byte len = secureChannel.decryptAPDU(apduBuffer);
 
-    if (!ownerPIN.check(apduBuffer, ISO7816.OFFSET_CDATA, len)) {
+    if (!pin.check(apduBuffer, ISO7816.OFFSET_CDATA, len)) {
-      ISOException.throwIt((short)((short) 0x63c0 | (short) ownerPIN.getTriesRemaining()));
+      ISOException.throwIt((short)((short) 0x63c0 | (short) pin.getTriesRemaining()));
     }
   }
 
   private void changePIN(APDU apdu) {
     apdu.setIncomingAndReceive();
 
-    if (!(secureChannel.isOpen() && ownerPIN.isValidated())) {
+    if (!(secureChannel.isOpen() && pin.isValidated())) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
 
@@ -109,14 +116,14 @@ public class WalletApplet extends Applet {
       ISOException.throwIt(ISO7816.SW_WRONG_DATA);
     }
 
-    ownerPIN.update(apduBuffer, ISO7816.OFFSET_CDATA, len);
+    pin.update(apduBuffer, ISO7816.OFFSET_CDATA, len);
-    ownerPIN.check(apduBuffer, ISO7816.OFFSET_CDATA, len);
+    pin.check(apduBuffer, ISO7816.OFFSET_CDATA, len);
   }
 
   private void unblockPIN(APDU apdu) {
     apdu.setIncomingAndReceive();
 
-    if (!(secureChannel.isOpen() && ownerPIN.getTriesRemaining() == 0)) {
+    if (!(secureChannel.isOpen() && pin.getTriesRemaining() == 0)) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
   }
@@ -124,7 +131,7 @@ public class WalletApplet extends Applet {
   private void loadKey(APDU apdu) {
     apdu.setIncomingAndReceive();
 
-    if (!(secureChannel.isOpen() && ownerPIN.isValidated())) {
+    if (!(secureChannel.isOpen() && pin.isValidated())) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
   }
@@ -132,7 +139,7 @@ public class WalletApplet extends Applet {
   private void sign(APDU apdu) {
     apdu.setIncomingAndReceive();
 
-    if (!(secureChannel.isOpen() && ownerPIN.isValidated() && keypair.getPrivate().isInitialized())) {
+    if (!(secureChannel.isOpen() && pin.isValidated() && keypair.getPrivate().isInitialized())) {
       ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
     }
   }