-
-
Notifications
You must be signed in to change notification settings - Fork 216
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Sanitize key handling, splitting card keys and session keys - Merge registry elements into single class - Rename things to be more uniform - Remove a lot of rot - Release a snapshot with updated dependencies closes #118 #165 #153 #9
- Loading branch information
1 parent
c8dad37
commit 0014bda
Showing
44 changed files
with
1,861 additions
and
1,883 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<parent> | ||
<groupId>com.github.martinpaljak</groupId> | ||
<artifactId>gppro</artifactId> | ||
<version>19.05.16</version> | ||
</parent> | ||
|
||
<artifactId>globalplatformpro</artifactId> | ||
<name>GlobalPlatformPro library</name> | ||
|
||
<dependencies> | ||
<!-- For APDU construction and parsing --> | ||
<dependency> | ||
<groupId>com.github.martinpaljak</groupId> | ||
<artifactId>apdu4j-core</artifactId> | ||
<version>19.05.08</version> | ||
</dependency> | ||
<!-- For CAP file parsing --> | ||
<dependency> | ||
<groupId>com.github.martinpaljak</groupId> | ||
<artifactId>capfile</artifactId> | ||
<version>19.03.04</version> | ||
</dependency> | ||
<!-- For logging --> | ||
<dependency> | ||
<groupId>org.slf4j</groupId> | ||
<artifactId>slf4j-api</artifactId> | ||
<version>1.7.25</version> | ||
</dependency> | ||
<!-- For JSON handling --> | ||
<dependency> | ||
<groupId>com.google.code.gson</groupId> | ||
<artifactId>gson</artifactId> | ||
<version>2.8.4</version> | ||
</dependency> | ||
<!-- For crypto in SCP03 --> | ||
<dependency> | ||
<groupId>org.bouncycastle</groupId> | ||
<artifactId>bcpkix-jdk15on</artifactId> | ||
<version>1.61</version> | ||
</dependency> | ||
<!-- For TLV handling --> | ||
<dependency> | ||
<groupId>com.payneteasy</groupId> | ||
<artifactId>ber-tlv</artifactId> | ||
<version>1.0-9</version> | ||
</dependency> | ||
<!-- For tests --> | ||
<dependency> | ||
<groupId>org.testng</groupId> | ||
<artifactId>testng</artifactId> | ||
<version>6.14.3</version> | ||
<scope>test</scope> | ||
</dependency> | ||
</dependencies> | ||
</project> |
89 changes: 89 additions & 0 deletions
89
library/src/main/java/pro/javacard/gp/DMTokenGenerator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
package pro.javacard.gp; | ||
|
||
import apdu4j.CommandAPDU; | ||
import apdu4j.HexUtils; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
import java.io.ByteArrayOutputStream; | ||
import java.io.IOException; | ||
import java.security.GeneralSecurityException; | ||
import java.security.PrivateKey; | ||
import java.security.Signature; | ||
|
||
import static pro.javacard.gp.GPSession.INS_DELETE; | ||
|
||
public class DMTokenGenerator { | ||
private static final Logger logger = LoggerFactory.getLogger(DMTokenGenerator.class); | ||
|
||
private static final String defaultAlgorithm = "SHA1withRSA"; | ||
private final String algorithm; | ||
|
||
private PrivateKey key; | ||
private byte[] token; // Token to use | ||
|
||
public DMTokenGenerator(PrivateKey key, String algorithm) { | ||
this.key = key; | ||
this.algorithm = algorithm; | ||
} | ||
|
||
public DMTokenGenerator(PrivateKey key) { | ||
this(key, defaultAlgorithm); | ||
} | ||
|
||
CommandAPDU applyToken(CommandAPDU apdu) throws GeneralSecurityException { | ||
ByteArrayOutputStream newData = new ByteArrayOutputStream(); | ||
try { | ||
newData.write(apdu.getData()); | ||
|
||
if (key == null) { | ||
logger.trace("No private key for token generation provided"); | ||
if (apdu.getINS() != (INS_DELETE & 0xFF)) | ||
newData.write(0); // No token | ||
} else { | ||
if (apdu.getINS() == (INS_DELETE & 0xFF)) { | ||
// See GP 2.3.1 Table 11-23 | ||
logger.trace("Adding tag 0x9E before Delete Token"); | ||
newData.write(0x9E); | ||
} | ||
logger.trace("Using private key for token generation (" + algorithm + ")"); | ||
byte[] token = calculateToken(apdu, key); | ||
newData.write(token.length); | ||
newData.write(token); | ||
} | ||
} catch (IOException e) { | ||
throw new RuntimeException("Could not apply DM token", e); | ||
} | ||
return new CommandAPDU(apdu.getCLA(), apdu.getINS(), apdu.getP1(), apdu.getP2(), newData.toByteArray()); // FIXME: Le handling | ||
} | ||
|
||
private byte[] calculateToken(CommandAPDU apdu, PrivateKey key) throws GeneralSecurityException { | ||
return signData(key, getTokenData(apdu)); | ||
} | ||
|
||
private static byte[] getTokenData(CommandAPDU apdu) { | ||
try { | ||
ByteArrayOutputStream bo = new ByteArrayOutputStream(); | ||
bo.write(apdu.getP1()); | ||
bo.write(apdu.getP2()); | ||
bo.write(apdu.getData().length); // FIXME: length handling for > 255 bytes | ||
bo.write(apdu.getData()); | ||
return bo.toByteArray(); | ||
} catch (IOException e) { | ||
throw new RuntimeException("Could not get P1/P2 or data for token calculation", e); | ||
} | ||
} | ||
|
||
private byte[] signData(PrivateKey privateKey, byte[] apduData) throws GeneralSecurityException { | ||
Signature signer = Signature.getInstance(algorithm); | ||
signer.initSign(privateKey); | ||
signer.update(apduData); | ||
byte[] signature = signer.sign(); | ||
logger.info("Generated DM token: {}" + HexUtils.bin2hex(signature)); | ||
return signature; | ||
} | ||
|
||
public boolean hasKey() { | ||
return key != null; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
package pro.javacard.gp; | ||
|
||
public class GPCardProfile { | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.