Skip to content

Commit

Permalink
Satochip applet v0.10-0.4: Cleanup: optimised code only, removed lega…
Browse files Browse the repository at this point in the history 
…cy sha512 implementation and slow pubkey recovery

* Supports only native sha512 (removed java implementation for older cards)
* Supports pubkey recovery using keyAgreement with ALG_EC_SVDP_DH_PLAIN_XY (removed ALG_EC_SVDP_DH_PLAIN for older cards)

This results in faster, simpler and cleaner code...
This version should be protocol-compatible with previous v0.10 releases.
  • Loading branch information
@Toporin
Toporin committed May 10, 2020
1 parent 8f14ecc commit 07c0038
Show file tree
Hide file tree
Showing 7 changed files with 41 additions and 2,203 deletions.
239 changes: 35 additions & 204 deletions src/org/satochip/applet/CardEdge.java
View file

Large diffs are not rendered by default.

241 changes: 0 additions & 241 deletions src/org/satochip/applet/EccComputation.java
View file

This file was deleted.

24 changes: 6 additions & 18 deletions src/org/satochip/applet/HmacSha512.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,21 +33,17 @@ public class HmacSha512 {
public static final short HASHSIZE=64;
private static final short SW_UNSUPPORTED_KEYSIZE = (short) 0x9c0E;
private static final short SW_UNSUPPORTED_MSGSIZE = (short) 0x9c0F;
private static final short SW_UNSUPPORTED_FEATURE = (short) 0x9c05;
private static byte[] data;

private static MessageDigest sha512;
private static boolean nativeSha512= false;

public static void init(byte[] tmp){
data= tmp;

try {
sha512 = MessageDigest.getInstance(MessageDigest.ALG_SHA_512, false);
nativeSha512= true;
} catch (CryptoException e) {
ISOException.throwIt((short)0x9C05);// debug: ensure that we use native sha512
nativeSha512= false;
Sha512.init();
ISOException.throwIt(SW_UNSUPPORTED_FEATURE);// unsupported feature => use a more recent card!
}
}

Expand All @@ -68,25 +64,17 @@ public static short computeHmacSha512(byte[] key, short key_offset, short key_le
}
Util.arrayFillNonAtomic(data, key_length, (short)(BLOCKSIZE-key_length), (byte)0x36);
Util.arrayCopyNonAtomic(message, message_offset, data, BLOCKSIZE, message_length);
if (nativeSha512){
sha512.reset();
sha512.doFinal(data, (short)0, (short)(BLOCKSIZE+message_length), data, BLOCKSIZE); // copy hash result to data buffer!
} else{
Sha512.resetUpdateDoFinal(data, (short)0, (short)(BLOCKSIZE+message_length), data, BLOCKSIZE); // copy hash result to data buffer!
}
sha512.reset();
sha512.doFinal(data, (short)0, (short)(BLOCKSIZE+message_length), data, BLOCKSIZE); // copy hash result to data buffer!

// compute outer hash
for (short i=0; i<key_length; i++){
data[i]= (byte) (key[(short)(key_offset+i)] ^ (0x5c));
}
Util.arrayFillNonAtomic(data, key_length, (short)(BLOCKSIZE-key_length), (byte)0x5c);
// previous hash already copied to correct offset in data
if (nativeSha512){
sha512.reset();
sha512.doFinal(data, (short)0, (short)(BLOCKSIZE+HASHSIZE), mac, mac_offset);
} else{
Sha512.resetUpdateDoFinal(data, (short)0, (short)(BLOCKSIZE+HASHSIZE), mac, mac_offset);
}
sha512.reset();
sha512.doFinal(data, (short)0, (short)(BLOCKSIZE+HASHSIZE), mac, mac_offset);

return HASHSIZE;
}
Expand Down
Loading

0 comments on commit 07c0038

Please sign in to comment.