Java Code Examples for javacard.framework.Util#arrayCopy()

/**
 * Store the incoming APDU data in a fixed buffer, the first byte will contain the data length.
 *
 * @param pin_type indicates which PIN should be checked.
 */
void storeVariableLength(APDU apdu, byte[] destination, short pin_type) {
  byte[] buffer = apdu.getBuffer();
  // When writing DOs, PW1 really means PW1 submitted as PW2.
  if (!pins[pin_type].isValidated() ||
      ((pin_type == PIN_INDEX_PW1) && !pinSubmitted[1])) {
    ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
  }
  short length = (short) (buffer[ISO7816.OFFSET_LC] & 0x00FF);
  if ((short) (length + 1) > destination.length || length > (short) 255 ||
      apdu.setIncomingAndReceive() != length) {
    ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
  }
  JCSystem.beginTransaction();
  destination[0] = (byte) length;
  Util.arrayCopy(buffer, ISO7816.OFFSET_CDATA, destination, (short) 1, length);
  JCSystem.commitTransaction();
}
 

/**
 * Generates the session key derivation data from the passed-in host
 * challenge and the card challenge.
 * 
 * @param buffer
 *            The APDU buffer
 */
private void generateKeyDerivationData(byte[] buffer) {
    byte numBytes = buffer[ISO7816.OFFSET_LC];

    if (numBytes < CHALLENGE_LENGTH) {
        ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
    }

    // Derivation data: [[8-bytes host challenge], [8-bytes card challenge]]

    // Append host challenge (from buffer) to derivation data
    Util.arrayCopy(buffer, ISO7816.OFFSET_CDATA, keyDerivationData,
            (short) 0, CHALLENGE_LENGTH);
    // Append card challenge to derivation data
    Util.arrayCopy(cardChallenge, (short) 0, keyDerivationData,
            CHALLENGE_LENGTH, CHALLENGE_LENGTH);
}
 

/**
 * Store the fixed length incoming APDU data in a buffer. If the APDU data length is less than the
 * maximum length, the data will be padded with zeroes.
 */
void storeFixedLength(APDU apdu, byte[] destination, short offset, short maximum_length) {
  byte[] buffer = apdu.getBuffer();
  // When writing DOs, PW1 really means PW1 submitted as PW2.
  if (!pins[PIN_INDEX_PW3].isValidated()) {
    ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
  }
  short length = (short) (buffer[ISO7816.OFFSET_LC] & 0x00FF);
  if (length > maximum_length || apdu.setIncomingAndReceive() != length) {
    ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
  }
  Util.arrayCopy(buffer, ISO7816.OFFSET_CDATA, destination, offset, length);
  if (maximum_length > length) {
    Util.arrayFillNonAtomic(destination, (short) (offset + length),
                            (short) (maximum_length - length), (byte) 0);
  }
}
 

private void handleSetAttestationCert(APDU apdu) throws ISOException {
    byte[] buffer = apdu.getBuffer();
    short len = apdu.setIncomingAndReceive();
    short dataOffset = apdu.getOffsetCdata();
    short copyOffset = Util.makeShort(buffer[ISO7816.OFFSET_P1], buffer[ISO7816.OFFSET_P2]);
    if ((short)(copyOffset + len) > (short)attestationCertificate.length) {
        ISOException.throwIt(ISO7816.SW_WRONG_DATA);
    }
    Util.arrayCopy(buffer, dataOffset, attestationCertificate, copyOffset, len);
    if ((short)(copyOffset + len) == (short)attestationCertificate.length) {
        attestationCertificateSet = true;
    }
}
 

private void generatePrivateKey(byte[] applicationParameter, short applicationParameterOffset, byte[] nonceBuffer, short nonceBufferOffset) {
	Util.arrayCopy(applicationParameter, applicationParameterOffset, scratch, (short) 0, (short)  32);
	Util.arrayCopy(nonceBuffer, nonceBufferOffset, scratch, (short) 32, (short) 32); // we use only 32 byte of the nonce to avoid that message length gets bigger then blocksize (64 Byte)
	drngSeed1.getKey(scratch, (short) 64);
	drngSeed2.getKey(scratch, (short) 96);
	computeHmacSha256(scratch, (short) 64, (short) 64, scratch, (short) 0, (short) 64, scratch, (short) 0);


}
 

/**
 * Process an UPDATE BINARY command
 *
 * Supports simple writes at any offset.
 *
 * The amount of data that can be written in one
 * operation is limited both by maximum C-APDU
 * length and the maximum write size NDEF_MAX_WRITE.
 *
 * @param apdu to process
 * @throws ISOException on error
 */
private void processUpdateBinary(APDU apdu) throws ISOException {
    byte[] buffer = apdu.getBuffer();

    // access the file
    byte[] file = accessFileForWrite(vars[VAR_SELECTED_FILE]);

    // get and check the write offset
    short offset = Util.getShort(buffer, ISO7816.OFFSET_P1);
    if(offset < 0 || offset >= file.length) {
        ISOException.throwIt(ISO7816.SW_WRONG_P1P2);
    }

    // receive data
    short lc = apdu.setIncomingAndReceive();

    // check the input size
    if(lc > NDEF_MAX_WRITE) {
        ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
    }

    // file limit checks
    short limit = (short)(offset + lc);
    if(limit < 0 || limit >= file.length) {
        ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
    }

    // perform the update
    Util.arrayCopy(buffer, ISO7816.OFFSET_CDATA, file, offset, lc);
}
 

private static void handleSetContactlessLimit(APDU apdu) throws ISOException {
    byte[] buffer = apdu.getBuffer();
    apdu.setIncomingAndReceive();
    if (isContactless()) {
        ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
    }
    if (buffer[ISO7816.OFFSET_LC] != LIMIT_LAST) {
        ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
    }
    Util.arrayCopy(buffer, ISO7816.OFFSET_CDATA, limits, (short)0, LIMIT_LAST);
    if (limitsSet != TC.TRUE) {
        limitsSet = TC.TRUE;
    }
}
 

private static void handleSetAttestationPublic(APDU apdu) throws ISOException {
    byte[] buffer = apdu.getBuffer();
    apdu.setIncomingAndReceive();
    checkAirgapPersonalizationAvailable();
    if (buffer[ISO7816.OFFSET_LC] != (byte)attestationPublic.length) {
        ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
    }
    Util.arrayCopy(buffer, ISO7816.OFFSET_CDATA, attestationPublic, (short)0, (short)attestationPublic.length);
}
 

public LedgerWalletApplet(byte[] parameters, short parametersOffset, byte parametersLength) {
    BCDUtils.init();
    TC.init();
    Crypto.init();
    Transaction.init();
    Bip32Cache.init();
    Keycard.init();
    limits = new byte[LIMIT_LAST];
    scratch256 = JCSystem.makeTransientByteArray((short)256, JCSystem.CLEAR_ON_DESELECT);
    transactionPin = new OwnerPIN(TRANSACTION_PIN_ATTEMPTS, TRANSACTION_PIN_SIZE);
    walletPin = new OwnerPIN(WALLET_PIN_ATTEMPTS, WALLET_PIN_SIZE);
    secondaryPin = new OwnerPIN(SECONDARY_PIN_ATTEMPTS, SECONDARY_PIN_SIZE);
    masterDerived = new byte[64];
    chipKey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
    trustedInputKey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
    developerKey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
    try {
        pairingKey = (AESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false);
    }
    catch(Exception e) {
    }
    reset();
    if (parametersLength != 0) {
        attestationPrivate = (ECPrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_256, false);
        attestationPublic = new byte[65];
        Secp256k1.setCommonCurveParameters(attestationPrivate);
        attestationPrivate.setS(parameters, parametersOffset, (short)32);
        parametersOffset += (short)32;
        attestationSignature = new byte[parameters[(short)(parametersOffset + 1)] + 2];
        Util.arrayCopy(parameters, parametersOffset, attestationSignature, (short)0, (short)attestationSignature.length);
    }
}
 

public static void storePublic(byte[] path, short pathOffset, byte pathLength, byte[] publicComponent, short publicComponentOffset) {
	Bip32Cache cache = findPath(path, pathOffset, pathLength, false);
	if (!((cache != null) && cache.hasPublic)) {
		if (cache == null) {
			cache = findFree();
			cache.pathLength = pathLength;
			Util.arrayCopy(path, pathOffset, cache.path, (short)0, (short)(pathLength * 4));				
		}
		Util.arrayCopy(publicComponent, publicComponentOffset, cache.publicComponent, (short)0, (short)65);
		cache.hasPublic = true;
	}		
}
 

public static void storePrivate(byte[] path, short pathOffset, byte pathLength, byte[] privateComponent) {
	Bip32Cache cache = findPath(path, pathOffset, pathLength, false);
	if (!((cache != null) && cache.hasPrivate)) {
		if (cache == null) {
			cache = findFree();
			cache.pathLength = pathLength;
			Util.arrayCopy(path, pathOffset, cache.path, (short)0, (short)(pathLength * 4));				
		}
        Crypto.initCipher(LedgerWalletApplet.chipKey, true);			
        Crypto.blobEncryptDecrypt.doFinal(privateComponent, (short)0, (short)64, cache.privateComponent, (short)0);			
		cache.hasPrivate = true;		
	}
}
 

public void setAccountNumber(byte[] number) throws RemoteException, UserException {
    
    if( !security.isCommandSecure(SecurityService.PROPERTY_INPUT_INTEGRITY)){
        UserException.throwIt(CORRUPTED_DATA);
    }
        
    if(!security.isAuthenticated(SecurityService.PRINCIPAL_APP_PROVIDER)) {
        UserException.throwIt(REQUEST_DENIED);
    }
    
    
    
    
    if(number.length != 5) UserException.throwIt(BAD_ARGUMENT);
    Util.arrayCopy(number, (short)0, this.number, (short)0, (short)5);
}
 

public void setAccountNumber(byte[] number) throws RemoteException, UserException {
    if(number.length != 5) UserException.throwIt(BAD_ARGUMENT);
    Util.arrayCopy(number, (short)0, this.number, (short)0, (short)5);
}
 

/**
 * Processes a transit entry event. The passed-in entry station ID is
 * recorded and the correlation ID is incremented. The UID and the
 * correlation ID are returned in the response message.
 * 
 * Request Message: [2-bytes Entry Station ID]
 * 
 * Response Message: [[2-bytes UID], [2-bytes Correlation ID]]
 * 
 * @param buffer
 *            The APDU buffer
 * @param messageOffset
 *            The offset of the request message content in the APDU buffer
 * @param messageLength
 *            The length of the request message content.
 * @return The offset at which content can be appended to the response
 *         message
 */
private short processEntry(byte[] buffer, short messageOffset,
        short messageLength) {

    // Request Message: [2-bytes Entry Station ID]

    if (messageLength != 2) {
        ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
    }

    // Check minimum balance
    if (balance < MIN_TRANSIT_BALANCE) {
        ISOException.throwIt(SW_MIN_TRANSIT_BALANCE);
    }

    // Check consistent transit state: should not currently be in transit
    if (entryStationId >= 0) {
        ISOException.throwIt(SW_INVALID_TRANSIT_STATE);
    }

    JCSystem.beginTransaction();

    // Get/assign entry station ID from request message
    entryStationId = Util.getShort(buffer, messageOffset);

    // Increment correlation ID
    correlationId++;

    JCSystem.commitTransaction();

    // Response Message: [[8-bytes UID], [2-bytes Correlation ID]]

    short offset = 0;

    // Append UID to response message
    offset = Util.arrayCopy(uid, (short) 0, buffer, offset, UID_LENGTH);

    // Append correlation ID to response message
    offset = Util.setShort(buffer, offset, correlationId);

    return offset;
}
 

private PasswordManagerApplet(byte[] bArray, short bOffset, byte bLength) {
    keyBytes = new byte[KEY_LENGTH];
    // XXX sample values for easier testing
    // always initialize from install parameters!
    prngKey = new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8,
            0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf };
    prngNonce = new byte[] { 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa,
            0xb, 0xc, 0xd, 0xe, 0xf };
    if (bArray != null) {
        short Li = bArray[bOffset];
        short Lc = bArray[(short) (bOffset + Li + 1)];
        short seedLength = bArray[(short) (bOffset + Li + Lc + 2)];
        if (seedLength > 0) {
            if (seedLength != (KEY_LENGTH + PRNG_NONCE_LEN)) {
                ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
            }

            short seedOffset = (short) (bOffset + Li + Lc + 3);
            Util.arrayCopy(bArray, seedOffset, prngKey, OFFSET_ZERO,
                    KEY_LENGTH);
            Util.arrayCopy(bArray, (short) (seedOffset + KEY_LENGTH),
                    prngNonce, OFFSET_ZERO, PRNG_NONCE_LEN);
        }
    }
    prngCounter = 0;

    iv = JCSystem.makeTransientByteArray(AES_BLOCK_LEN,
            JCSystem.CLEAR_ON_DESELECT);
    cbcV = JCSystem.makeTransientByteArray(AES_BLOCK_LEN,
            JCSystem.CLEAR_ON_DESELECT);
    cbcNextV = JCSystem.makeTransientByteArray(AES_BLOCK_LEN,
            JCSystem.CLEAR_ON_DESELECT);
    // account for padding
    cipherBuff = JCSystem.makeTransientByteArray(
            (short) (MAX_DATA_LEN + AES_BLOCK_LEN),
            JCSystem.CLEAR_ON_DESELECT);
    roundKeysBuff = JCSystem.makeTransientByteArray(
            (short) (AES_BLOCK_LEN * 11), JCSystem.CLEAR_ON_DESELECT);

    aesCipher = new JavaCardAES();
}
 

/**
 * This function allows to decrypt a secure channel message
 *  
 *  ins: 0x82
 *  
 *  p1: 0x00 (RFU)
 *  p2: 0x00 (RFU)
 *  data: [IV(16b) | data_size(2b) | encrypted_command | mac_size(2b) | mac]
    *  
    *  return: [decrypted command]
    *   
 */
private short ProcessSecureChannel(APDU apdu, byte[] buffer){
	
       short bytesLeft = Util.makeShort((byte) 0x00, buffer[ISO7816.OFFSET_LC]);
       short offset = ISO7816.OFFSET_CDATA;
       
       if (!initialized_secure_channel){
       	ISOException.throwIt(SW_SECURE_CHANNEL_UNINITIALIZED);
       }
       
       // check hmac
       if (bytesLeft<18)
       	ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
       short sizein = Util.getShort(buffer, (short) (offset+SIZE_SC_IV));
       if (bytesLeft<(short)(SIZE_SC_IV+2+sizein+2))
       	ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
       short sizemac= Util.getShort(buffer, (short) (offset+SIZE_SC_IV+2+sizein));
       if (sizemac != (short)20)
       	ISOException.throwIt(SW_SECURE_CHANNEL_WRONG_MAC);
       if (bytesLeft<(short)(SIZE_SC_IV+2+sizein+2+sizemac))
       	ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
       HmacSha160.computeHmacSha160(sc_buffer, OFFSET_SC_MACKEY, SIZE_SC_MACKEY, buffer, offset, (short)(SIZE_SC_IV+2+sizein), recvBuffer, (short)0);
       if ( Util.arrayCompare(recvBuffer, (short)0, buffer, (short)(offset+SIZE_SC_IV+2+sizein+2), (short)20) != (byte)0 )
       	ISOException.throwIt(SW_SECURE_CHANNEL_WRONG_MAC);
       
       // process IV
       // IV received from client should be odd and strictly greater than locally saved IV
       // IV should be random (the 12 first bytes), never reused (the last 4 bytes counter) and different for send and receive
       if ((buffer[(short)(offset+SIZE_SC_IV-(short)1)] & (byte)0x01)==0x00)// should be odd
       	ISOException.throwIt(SW_SECURE_CHANNEL_WRONG_IV);
       if ( !Biginteger.lessThan(sc_buffer, OFFSET_SC_IV_COUNTER, buffer, (short)(offset+SIZE_SC_IV_RANDOM), SIZE_SC_IV_COUNTER ) ) //and greater than local IV
       	ISOException.throwIt(SW_SECURE_CHANNEL_WRONG_IV);
       // update local IV
       Util.arrayCopy(buffer, (short)(offset+SIZE_SC_IV_RANDOM), sc_buffer, OFFSET_SC_IV_COUNTER, SIZE_SC_IV_COUNTER);
       Biginteger.add1_carry(sc_buffer, OFFSET_SC_IV_COUNTER, SIZE_SC_IV_COUNTER);
    	randomData.generateData(sc_buffer, OFFSET_SC_IV_RANDOM, SIZE_SC_IV_RANDOM);
    	sc_aes128_cbc.init(sc_sessionkey, Cipher.MODE_DECRYPT, buffer, offset, SIZE_SC_IV);
       offset+=SIZE_SC_IV;
       bytesLeft-=SIZE_SC_IV;
       
       //decrypt command
       offset+=2;
       bytesLeft-=2;
       if (bytesLeft<sizein)
       	ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
       short sizeout=sc_aes128_cbc.doFinal(buffer, offset, sizein, buffer, (short) (0));
       return sizeout;
}
 

/** 
 * This function allows to reset a private ECkey stored in the card.
 * If 2FA is enabled, a hmac code must be provided to reset the key.
 * 
 * ins: 0x33
 * p1: private key number (0x00-0x0F)
 * p2: 0x00
 * data: [ (option)HMAC-2FA(20b)] 
 * return: none
 */
private short ResetKey(APDU apdu, byte[] buffer) {
	// check that PIN[0] has been entered previously
	if (!pins[0].isValidated())
		ISOException.throwIt(SW_UNAUTHORIZED);
	
	if (buffer[ISO7816.OFFSET_P2] != (byte) 0x00)
		ISOException.throwIt(SW_INCORRECT_P2);
	byte key_nb = buffer[ISO7816.OFFSET_P1];
	if ((key_nb < 0) || (key_nb >= MAX_NUM_KEYS))
		ISOException.throwIt(SW_INCORRECT_P1);
	
	Key key = eckeys[key_nb];
	// check type and size
	if ((key == null) || !key.isInitialized())
		ISOException.throwIt(SW_INCORRECT_P1);
	
	// check 2FA if required
	if (needs_2FA){
		short bytesLeft = Util.makeShort((byte) 0x00, buffer[ISO7816.OFFSET_LC]);
		
		if (bytesLeft < (short)20)
			ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
		
		// compute the corresponding partial public key...
		keyAgreement.init((ECPrivateKey)key);
		keyAgreement.generateSecret(Secp256k1.SECP256K1, Secp256k1.OFFSET_SECP256K1_G, (short) 65, tmpBuffer, (short)0); //pubkey in uncompressed form
		Util.arrayCopy(tmpBuffer, (short)1, recvBuffer, (short)0, (short)32);
		// hmac of 64-bytes msg: (pubkey-x | 32bytes (0x20^key_nb)-padding)
		Util.arrayFillNonAtomic(recvBuffer, (short)32, (short)32, (byte) (0x20^key_nb));
		HmacSha160.computeHmacSha160(data2FA, OFFSET_2FA_HMACKEY, (short)20, recvBuffer, (short)0, (short)64, recvBuffer, (short)64);
		if (Util.arrayCompare(buffer, ISO7816.OFFSET_CDATA, recvBuffer, (short)64, (short)20)!=0)
			ISOException.throwIt(SW_SIGNATURE_INVALID);			
	}
	
	// clear key & reset flag
	key.clearKey();
	eckeys_flag &= (short) ~(0x0001 << key_nb);// reset corresponding bit flag;
	
	return (short)0;
}
 

/**
 * Processes a transit exit event. The passed-in transit fee is debited from
 * the account. The UID and the correlation ID are returned in the response
 * message.
 * 
 * Request Message: [1-byte Transit Fee]
 * 
 * Response Message: [[2-bytes UID], [2-bytes Correlation ID]]
 * 
 * @param buffer
 *            The APDU buffer
 * @param messageOffset
 *            The offset of the request message content in the APDU buffer
 * @param messageLength
 *            The length of the request message content.
 * @return The offset at which content can be appended to the response
 *         message
 */
private short processExit(byte[] buffer, short messageOffset,
        short messageLength) {

    // Request Message: [1-byte Transit Fee]

    if (messageLength != 1) {
        ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
    }

    // Check minimum balance
    if (balance < MIN_TRANSIT_BALANCE) {
        ISOException.throwIt(SW_MIN_TRANSIT_BALANCE);
    }

    // Check consistent transit state: should be currently in transit
    if (entryStationId < 0) {
        ISOException.throwIt(SW_INVALID_TRANSIT_STATE);
    }

    // Get transit fee from request message
    byte transitFee = buffer[messageOffset];

    // Check potential negative balance
    if (balance < transitFee) {
        ISOException.throwIt(SW_NEGATIVE_BALANCE);
    }

    JCSystem.beginTransaction();

    // Debit transit fee
    balance -= transitFee;

    // Reset entry station ID
    entryStationId = -1;

    JCSystem.commitTransaction();

    // Response Message: [[8-bytes UID], [2-bytes Correlation ID]]

    short offset = 0;

    // Append UID to response message
    offset = Util.arrayCopy(uid, (short) 0, buffer, offset, UID_LENGTH);

    // Append correlation ID to response message
    offset = Util.setShort(buffer, offset, correlationId);

    return offset;
}
 

/**
 * Copy a byte sequence from memory
 * 
 * @param dst_bytes
 *            The destination byte array
 * @param dst_offset
 *            The offset at which the sequence will be copied in dst_bytes[]
 * @param src_base
 *            The base memory location (offset) of the source byte sequence
 * @param src_offset
 *            The offset of the source byte sequence (is added to the
 *            src_base parameter)
 * @param size
 *            The number of bytes to be copied
 */
public void getBytes(byte[] dst_bytes, short dst_offset, short src_base, short src_offset, short size) {
	Util.arrayCopy(ptr, (short) (src_base + src_offset), dst_bytes, dst_offset, size);
}
 

/**
 * Set the SSC
 * 
 * @param buffer byte array containing the SSC
 * @param offset location of the data in the buffer
 */
public void setSSC(byte[] buffer, short offset) {
	Util.arrayCopy(buffer, offset, ssc, (short)0, SSC_SIZE);
	ssc_set[0] = true;
}