cd26da75d3
|
||
|---|---|---|
| gradle/wrapper | ||
| src | ||
| testwallets | ||
| .gitignore | ||
| APPLICATION.MD | ||
| CLIENT_NOTES.md | ||
| LICENSE | ||
| README.md | ||
| SECURE_CHANNEL.MD | ||
| UX_NOTES.md | ||
| build.gradle | ||
| gradlew | ||
| gradlew.bat | ||
README.md
JavaCard Hardware Wallet
The status.im Hardware Wallet. At the moment Secure Channel and PIN management/verification are implemented.
The project is built using Gradle with the Fidesmo Javacard Gradle plugin. You can set the JavaCard HOME not only through the environment but also creating a gradle.properties file with the property "com.fidesmo.gradle.javacard.home" set to the correct path.
Loading and installing the applet requires gpshell to be installed on the system. The gradle.properties file must contain the following properties
- im.status.gradle.gpshell = the path to the gpshell executable
- im.status.gradle.gpshell.isd = the AID of the issuer security domain
- im.status.gradle.gpshell.mac_key = the MAC key for the ISD
- im.status.gradle.gpshell.enc_key = the ENC key for the ISD
- im.status.gradle.gpshell.kek_key = the KEK key for the ISD
- im.status.gradle.gpshell.kvn = the Key Version Number for the ISD
- im.status.wallet.test.simulated = true if the test should run on the simulator, false (or anything else) otherwise
Testing is done with JUnit and performed either on a real card or on jCardSim. Although the tests are comprehensive, debugging on the real card is not easy because raw APDUs are not shown in the test log and there is no way to set breakpoints in the applet.
In order to test with the simulator with an IDE, you need to pass these additional parameters to the JVM
-noverify -Dim.status.wallet.test.simulated=true
Compilation
- Download and install the JavaCard 3.0.4 SDK from Oracle
- Clone the Github repo for our fork of jCardSim
- Create a gradle.properties (see below for an example)
- Run
./gradlew convertJavacard
Installation
- Follow all steps from the Compilation phase (except the last one)
- Disconnect all card reader terminals from the system, except the one with the card where you want to install the applet
- Run
./gradlew install
Testing
- Follow all steps from the Installation phase (except the last one)
- Make sure your JRE has the JCE Unlimited Strength Jurisdiction Policy Files installed. For more information check here.
- Run
./gradlew test
Example gradle.properties file
com.fidesmo.gradle.javacard.home=/home/username/javacard-3_0_4
im.status.gradle.gpshell=/usr/local/bin/gpshell
im.status.gradle.gpshell.isd=A000000151000000
im.status.gradle.gpshell.mac_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.enc_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.kek_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.kvn=0
im.status.wallet.test.simulated=false
Implementation notes
- The applet requires JavaCard 3.0.4 (with the addition of KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY ) or later.
- The class byte of the APDU is not checked since there are no conflicting INS code.
The algorithms the card must support are at least:
- Cipher.ALG_AES_BLOCK_128_CBC_NOPAD
- Cipher.ALG_AES_CBC_ISO9797_M2
- KeyAgreement.ALG_EC_SVDP_DH_PLAIN
- KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY
- KeyPair.ALG_EC_FP (generation of 256-bit keys)
- MessageDigest.ALG_SHA_256
- MessageDigest.ALG_SHA_512
- RandomData.ALG_SECURE_RANDOM
- Signature.ALG_AES_MAC_128_NOPAD
- Signature.ALG_ECDSA_SHA_256
Best performance is achieved if the card supports:
- Signature.ALG_HMAC_SHA_512