Skip to content

Commit e099c75

Browse files
ToporinToporin
committed
Satochip applet v0.11-0.1: support (mandatory) secure channel
Major protocol revision with Secure Channel support based on ECDH. In addition, some code cleanup: - optimisation: support native SHA512 (since v0.10-0.4) - optimisation: support ALG_EC_SVDP_DH_PLAIN_XY (since v0.10-0.4) - cleanup: removed SHA512 java implementation for older cards (since v0.10-0.4) - cleanup: removed ALG_EC_SVDP_DH_PLAIN for older cards (since v0.10-0.4) - remove deprecated instruction (sign_short_message) - improved error message in case of wrong PIN Merge branch 'add-secure-channel'
2 parents be97481 + d8f3dd5 commit e099c75

8 files changed

+585
-2429
lines changed

src/org/satochip/applet/CardEdge.java

+569-434
Large diffs are not rendered by default.

src/org/satochip/applet/EccComputation.java

-241
This file was deleted.

src/org/satochip/applet/HmacSha160.java

+2-4
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,6 @@ public class HmacSha160 {
3131
public static final short BLOCKSIZE=64; // 64 bytes
3232
public static final short HASHSIZE=20;
3333
public static final short MAXMSGSIZE=192;
34-
private static final short SW_UNSUPPORTED_KEYSIZE = (short) 0x9c0E;
35-
private static final short SW_UNSUPPORTED_MSGSIZE = (short) 0x9c0F;
3634
private static byte[] data;
3735

3836

@@ -47,10 +45,10 @@ public static short computeHmacSha160(
4745
byte[] mac, short mac_offset){
4846

4947
if (key_length>BLOCKSIZE || key_length<0){
50-
ISOException.throwIt(SW_UNSUPPORTED_KEYSIZE); // don't accept keys bigger than block size
48+
ISOException.throwIt(CardEdge.SW_HMAC_UNSUPPORTED_KEYSIZE); // don't accept keys bigger than block size
5149
}
5250
if (message_length>MAXMSGSIZE || message_length<0){
53-
ISOException.throwIt(SW_UNSUPPORTED_MSGSIZE);
51+
ISOException.throwIt(CardEdge.SW_HMAC_UNSUPPORTED_MSGSIZE);
5452
}
5553

5654
// compute inner hash

src/org/satochip/applet/HmacSha512.java

+14-10
Original file line numberDiff line numberDiff line change
@@ -23,30 +23,36 @@
2323
import javacard.framework.ISOException;
2424
import javacard.framework.JCSystem;
2525
import javacard.framework.Util;
26+
import javacard.security.CryptoException;
27+
import javacard.security.MessageDigest;
2628

2729
// very limited Hmac-SHA512 implementation
2830
public class HmacSha512 {
2931

3032
public static final short BLOCKSIZE=128; // 128 bytes
3133
public static final short HASHSIZE=64;
32-
private static final short SW_UNSUPPORTED_KEYSIZE = (short) 0x9c0E;
33-
private static final short SW_UNSUPPORTED_MSGSIZE = (short) 0x9c0F;
3434
private static byte[] data;
3535

36+
private static MessageDigest sha512;
3637

3738
public static void init(byte[] tmp){
3839
data= tmp;
40+
try {
41+
sha512 = MessageDigest.getInstance(MessageDigest.ALG_SHA_512, false);
42+
} catch (CryptoException e) {
43+
ISOException.throwIt(CardEdge.SW_UNSUPPORTED_FEATURE); // unsupported feature => use a more recent card!
44+
}
3945
}
4046

4147
public static short computeHmacSha512(byte[] key, short key_offset, short key_length,
4248
byte[] message, short message_offset, short message_length,
4349
byte[] mac, short mac_offset){
4450

4551
if (key_length>BLOCKSIZE || key_length<0){
46-
ISOException.throwIt(SW_UNSUPPORTED_KEYSIZE); // don't accept keys bigger than block size
52+
ISOException.throwIt(CardEdge.SW_HMAC_UNSUPPORTED_KEYSIZE); // don't accept keys bigger than block size
4753
}
4854
if (message_length>HASHSIZE || message_length<0){
49-
ISOException.throwIt(SW_UNSUPPORTED_MSGSIZE); // don't accept messsage bigger than block size (should be sufficient for BIP32)
55+
ISOException.throwIt(CardEdge.SW_HMAC_UNSUPPORTED_MSGSIZE); // don't accept message bigger than block size (should be sufficient for BIP32)
5056
}
5157

5258
// compute inner hash
@@ -55,19 +61,17 @@ public static short computeHmacSha512(byte[] key, short key_offset, short key_le
5561
}
5662
Util.arrayFillNonAtomic(data, key_length, (short)(BLOCKSIZE-key_length), (byte)0x36);
5763
Util.arrayCopyNonAtomic(message, message_offset, data, BLOCKSIZE, message_length);
58-
//Sha512.reset();
59-
//Sha512.doFinal(data, (short)0, (short)(BLOCKSIZE+message_length), data, BLOCKSIZE); // copy hash result to data buffer!
60-
Sha512.resetUpdateDoFinal(data, (short)0, (short)(BLOCKSIZE+message_length), data, BLOCKSIZE); // copy hash result to data buffer!
64+
sha512.reset();
65+
sha512.doFinal(data, (short)0, (short)(BLOCKSIZE+message_length), data, BLOCKSIZE); // copy hash result to data buffer!
6166

6267
// compute outer hash
6368
for (short i=0; i<key_length; i++){
6469
data[i]= (byte) (key[(short)(key_offset+i)] ^ (0x5c));
6570
}
6671
Util.arrayFillNonAtomic(data, key_length, (short)(BLOCKSIZE-key_length), (byte)0x5c);
6772
// previous hash already copied to correct offset in data
68-
//Sha512.reset();
69-
//Sha512.doFinal(data, (short)0, (short)(BLOCKSIZE+HASHSIZE), mac, mac_offset);
70-
Sha512.resetUpdateDoFinal(data, (short)0, (short)(BLOCKSIZE+HASHSIZE), mac, mac_offset);
73+
sha512.reset();
74+
sha512.doFinal(data, (short)0, (short)(BLOCKSIZE+HASHSIZE), mac, mac_offset);
7175

7276
return HASHSIZE;
7377
}

0 commit comments

Comments
 (0)