javapursecrypto.java

一个javacard的身份验证程序

/*
 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 */

/*
 * @(#)JavaPurseCrypto.java	1.8 06/01/04
 */

package	com.sun.javacard.samples.JavaPurseCrypto;

import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.*;
import com.sun.javacard.samples.SampleLibrary.JavaLoyaltyInterface;

/**
 * This class is intended to demonstrate how an electronic cash application
 * might be developed using Java Card
 * <p>See <em>Java Card(TM) Reference Implementation User's Guide</em> 
 * for details.
 *
 * @author Vadim Temkin, Modified to include cryptographic signatures by M. Saltz
 */
public class JavaPurseCrypto extends Applet  {
    /*
     *
     * Constants
     *
     */
    final static byte  VERIFY = (byte)0x20; //INS value for ISO 7816-4 VERIFY command
    final static byte  READ = (byte)0xB2;	//INS value for ISO 7816-4 READ RECORD command
    final static byte  INITIALIZE_TRANSACTION = (byte)0x20; //INS byte for Initialize Transaction
    final static byte  COMPLETE_TRANSACTION = (byte)0x22; //INS byte for Complete Transaction
    final static byte  INITIALIZE_UPDATE = (byte)0x24; //INS byte for Initialize Parameter Update
    final static byte  COMPLETE_UPDATE = (byte)0x26; //INS byte for Complete Parameter Update
    final static byte  CREDIT = (byte)0x01;	//P1 byte for Credit in Initialize Transaction
    final static byte  DEBIT = (byte)0x02;	//P1 byte for Debit in Initialize Transaction
    final static byte  MASTER_PIN = (byte)0x81; //P2 byte for Master PIN in Verify
    final static byte  USER_PIN = (byte)0x82; //P2 byte for User PIN in Verify
    
    final static short    MAX_MAC_DATA = (short) 0x001E; //maximimum length of data used in MAC
    final static short	SW_CREDIT_TOO_HIGH = (short)0x9101;//SW bytes for Credit Too High condition
    final static short	SW_NOT_ENOUGH_FUNDS = (short)0x9102;//SW bytes for Not Enough Funds	condition
    final static short	SW_AMOUNT_TOO_HIGH = (short)0x9103;//SW bytes for Amount Too High condition
    final static short	SW_COMMAND_OUT_OF_SEQUENCE = (short)0x9104;//SW bytes for Command out of Sequence
    final static short	SW_WRONG_SIGNATURE = (short)0x9105;//SW bytes for Wrong Signature condition
    final static short 	SW_PIN_FAILED = (short)0x69C0;//SW bytes for PIN Failed condition
    final static short 	SW_SUCCESS = (short)0x9000;//SW bytes for success, used in MAC.
    //The last nibble is replaced with the
    //number of remaining tries
    
    final static byte  	LC_IT	 	= 10;	//Lc byte for Initialize Transaction
    final static byte  	LC_CT	 	= 13;	//Lc byte for Complete Transaction
    final static byte  	LC_CU_MIN 	= 18;	//Lc byte for Complete Update
    final static byte 	CAD_ID_OFFSET   = 7;	//Offset for CAD ID in Process Initialize Transaction
    final static short	DATE_LENGTH = 3;	//Length of ExpDate array
    final static short	DATETIME_LENGTH = 5;//Length of DateTime array
    final static short	ID_LENGTH	= 4;	//Length for CAD ID and Purse ID arrays
    final static short	SHORT_LENGTH= 2;	//Length of a short value for offset computations
    final static short	START		= 0;	//For offset computations
    final static short	SIGNATURE_LENGTH
    = 8;	//Length of signatures
    final static short	MAX_LOYALTY = 4;	//Max number of loyalty applets
    
    // transientShorts array indices
    final static byte  	TN_IX = 0;
    final static byte  	NEW_BALANCE_IX=(byte)TN_IX+1;
    final static byte 	CURRENT_BALANCE_IX=(byte)NEW_BALANCE_IX+1;
    final static byte 	AMOUNT_IX=(byte)CURRENT_BALANCE_IX+1;
    final static byte   TRANSACTION_TYPE_IX=(byte)AMOUNT_IX+1;
    final static byte	SELECTED_FILE_IX=(byte)TRANSACTION_TYPE_IX+1;
    final static byte   NUM_TRANSIENT_SHORTS=(byte)SELECTED_FILE_IX+1;
    
    // transientBools array indices
    final static byte  	TRANSACTION_INITIALIZED=0;
    final static byte  	UPDATE_INITIALIZED=(byte)TRANSACTION_INITIALIZED+1;
    final static byte   NUM_TRANSIENT_BOOLS=(byte)UPDATE_INITIALIZED+1;
    
    // constants for response to applet SELECT command
    private final static byte FCI_TEMPLATE_TAG = (byte)0x6F;
    private final static byte FCI_AID_TAG = (byte)0x84;
    private static byte[] FCI_PROPERIETARY = {
        (byte)0xA5,   // tag
        (byte)0x01,   // length
        (byte)0x42 }; // value 
    
    private ParametersFile 		parametersFile;
    private CyclicFile 			transactionLogFile;
    private short 	TN;
    private short 	PUN;
    private boolean isPersonalized; //set to true when Master PIN is updated first time
    /*
     * File System emulation constants
     */
    final static short PARAMETERS_FID =	(short) 0x9102;
    final static short TRANSACTION_LOG_FID = (short) 0x9103;
    final static short BALANCES_FID	= (short) 0x9104;
    final static byte  FID_BYTE = (byte) 0x91;
    final static byte  TRANSACTION_RECORD_LENGTH = 18;
    final static byte  TRANSACTION_RECORD_NUMBER = 10;
    final static byte  BALANCES_RECORD_LENGTH = 6;
    final static byte  BALANCES_RECORD_NUMBER = 1;
    final static byte  PARAMETERS_RECORD_NUMBER = 11;
    final static byte  OFFSET_BAL_CURRENT =	0;
    final static byte  OFFSET_BAL_MAX =	2;
    final static byte  OFFSET_AMOUNT_MAX = 4;
    final static byte  NUMBER_OF_FILES = 3;
    
    
    private OwnerPIN masterPIN;
    private OwnerPIN userPIN;
    
    /*
     * Tags for TLV records in Complete Parameter Update C-APDU.
     */
    final static byte MASTER_PIN_UPDATE 	= (byte)0xC1;
    final static byte USER_PIN_UPDATE 		= (byte)0xC2;
    final static byte EXP_DATE_UPDATE 		= (byte)0xC5;
    final static byte PURSE_ID_UPDATE 		= (byte)0xC6;
    final static byte MAX_BAL_UPDATE 		= (byte)0xC7;
    final static byte MAX_M_UPDATE 			= (byte)0xC8;
    final static byte VERSION_UPDATE 		= (byte)0xC9;
    final static byte LOYALTY1_UPDATE 		= (byte)0xCA;
    final static byte LOYALTY2_UPDATE 		= (byte)0xCB;
    final static byte LOYALTY3_UPDATE 		= (byte)0xCC;
    final static byte LOYALTY4_UPDATE 		= (byte)0xCD;
    
    final static short TLV_OFFSET = 13; //Offset of TLV in Complete Parameter Update
    
    /*
     * The DES key used for DES MAC calculations. The keyData should be gotten via an update
     * method call in a real application.
     */
    byte[] keyData   = {(byte)0x11, (byte)0x33, (byte)0x22, (byte)0x05, (byte)0x44,
        (byte)0x77, (byte)0x06, (byte)0x08};
    
    /*
     *
     * Various and sundry byte arrays
     *
     */
    
    private byte[] CAD_ID_array;
    private byte[] byteArray8;			// Signature work array
    private short[] transientShorts;
    private boolean[] transientBools;
    private byte[] ID_Purse;
    private byte[] ExpDate;
    private byte[] balancesRecord;
    private byte[] MAC_buffer;
    
    /*
     * The two associated arrays to represent Loyalty Applets.
     * If value of loyaltyCAD matches first 2 bytes of CAD ID for transaction
     * the grantPoints method of corresponding loyalty Shareable Interface Object
     * is called. These arrays are populated by Parameter Update APDU commands.
     */
    private short[] loyaltyCAD;
    private JavaLoyaltyInterface[] loyaltySIO;
    
    /*
    * signature/key objects 
    */
    private DESKey deskey;
    private Signature sig;
    
    
    /**
    * Installs Java Purse applet.
    * @param bArray install parameter array.
    * @param bOffset where install data begins.
    * @param bLength install parameter data length.
    */
    public static void install( byte[] bArray, short bOffset, byte bLength ) {
        new JavaPurseCrypto(bArray, bOffset, bLength);
    }
    
    /**
    * Performs memory allocations, initialization, and applet registration.
    *
    * @param bArray received by install.
    * @param bOffset received by install.
    * @param bLength received by install.
    */
    protected JavaPurseCrypto(byte[] bArray, short bOffset, byte bLength) {        
        ID_Purse = new byte[ID_LENGTH];
        ExpDate = new byte[DATE_LENGTH];
        ExpDate[0] = (byte)12; ExpDate[1] = (byte)31; ExpDate[2] = (byte)99;
        balancesRecord = new byte[BALANCES_RECORD_LENGTH];
        loyaltyCAD = new short[MAX_LOYALTY];
        loyaltySIO = new JavaLoyaltyInterface[MAX_LOYALTY];
        
        TN = 0;
        PUN = 0;
        isPersonalized = false;
        
        //Create transient objects.
        transientShorts = JCSystem.makeTransientShortArray( NUM_TRANSIENT_SHORTS,
            JCSystem.CLEAR_ON_DESELECT);
        transientBools = JCSystem.makeTransientBooleanArray( NUM_TRANSIENT_BOOLS,
            JCSystem.CLEAR_ON_DESELECT);
        
        CAD_ID_array = JCSystem.makeTransientByteArray( (short)4,
            JCSystem.CLEAR_ON_DESELECT);
        
        // initialize crypto key/signature objects and work array.
        byteArray8 = JCSystem.makeTransientByteArray( (short)8,
            JCSystem.CLEAR_ON_DESELECT);
        deskey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_DESELECT, 
            KeyBuilder.LENGTH_DES, false);
        MAC_buffer = JCSystem.makeTransientByteArray( MAX_MAC_DATA,
            JCSystem.CLEAR_ON_DESELECT);
        deskey.setKey(keyData, (short)0);
        sig = Signature.getInstance(Signature.ALG_DES_MAC8_ISO9797_M2, false);
        
        masterPIN = new OwnerPIN ((byte)1, (byte)8);
        //There is only one try - it's not supposed to be done by human operator
        userPIN = new OwnerPIN ((byte)5, (byte)8);
        
        parametersFile = new ParametersFile(PARAMETERS_RECORD_NUMBER);
        
        transactionLogFile = new CyclicFile(TRANSACTION_RECORD_NUMBER,
            TRANSACTION_RECORD_LENGTH);
        Util.setShort(balancesRecord, OFFSET_BAL_CURRENT, (short)0);
        
        /*
         * if AID length is not zero register Java Loyalty
         * applet with specified AID
         *
         * NOTE: all the memory allocations should be performed before register()
         */
        
        byte aidLen = bArray[bOffset];
        if (aidLen== (byte)0){
            register();
        } else {
            register(bArray, (short)(bOffset+1), aidLen);
        }
    }
    
    
    /**
     * Performs the session finalization.
     */
    public void deselect() {
        userPIN.reset();
        masterPIN.reset();
    }
    
    
    /**
     * Dispatches APDU commands.
     * @param apdu APDU object
     */
    public void process(APDU apdu) {
        byte[] buffer = apdu.getBuffer();
        
        if (!apdu.isISOInterindustryCLA()) {
            switch (buffer[ISO7816.OFFSET_INS]) {
            case INITIALIZE_TRANSACTION:
                processInitializeTransaction(apdu); break;
            case COMPLETE_TRANSACTION:
                processCompleteTransaction(apdu); break;
            case INITIALIZE_UPDATE:
                processInitializeUpdate(apdu);	break;
            case COMPLETE_UPDATE:
                processCompleteUpdate(apdu); break;
            default:
                ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
            }
        } else {
            if (buffer[ISO7816.OFFSET_INS] == VERIFY){
                processVerifyPIN(apdu);
            } else if (buffer[ISO7816.OFFSET_INS] == ISO7816.INS_SELECT) {
                if (selectingApplet())
                    processSelectPurse(apdu);
                else 
                    processSelectFile(apdu);
            } else if (buffer[ISO7816.OFFSET_INS] == READ) {
                processReadRecord(apdu);
            } else 
                ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
        }
    }
    
    /**
     * Handles Select Purse APDU.
     * @param apdu APDU object
     */
    private void processSelectPurse(APDU apdu) {
        //
        // There might be multiple instances of Java Purse on the card with
        // different AID values. This method returns the FCI here identifying its 
        // particular instance.
        //
        
        // Format of response data
        //  FCI tag, FCI length,
        //     AID tag, length, value,
        //     PROPRIETARY tag, value.
        //
        
        // TEMPLATE
        byte[] buffer = apdu.getBuffer();
        buffer[0] = FCI_TEMPLATE_TAG;
        // buffer[1] set later
        
        // AID
        buffer[2] = FCI_AID_TAG;
        buffer[3] = JCSystem.getAID().getBytes(buffer, (short)4);
        short offset=(short)(3+buffer[3]);
        
        // PROPRIETARY DATA 
        buffer[offset++] = (byte)FCI_PROPERIETARY.length; 
        offset = Util.arrayCopyNonAtomic(FCI_PROPERIETARY, (short)0, buffer, 
            offset, (short)FCI_PROPERIETARY.length);
        
        // FCI template length
        buffer[1] = (byte)(offset-(short)2);