/*
 * copyright 1997, 2000
 * the regents of the university of michigan
 * all rights reserved
 *
 * permission is granted to use, copy, create derivative works 
 * and redistribute this software and such derivative works 
 * for any purpose, so long as the name of the university of 
 * michigan is not used in any advertising or publicity 
 * pertaining to the use or distribution of this software 
 * without specific, written prior authorization.  if the 
 * above copyright notice or any other identification of the 
 * university of michigan is included in any copy of any 
 * portion of this software, then the disclaimer below must 
 * also be included.
 * 
 * this software is provided as is, without representation 
 * from the university of michigan as to its fitness for any 
 * purpose, and without warranty by the university of 
 * michigan of any kind, either express or implied, including 
 * without limitation the implied warranties of 
 * merchantability and fitness for a particular purpose. the 
 * regents of the university of michigan shall not be liable 
 * for any damages, including special, indirect, incidental, or 
 * consequential damages, with respect to any claim arising 
 * out of or in connection with the use of the software, even 
 * if it has been or is hereafter advised of the possibility of 
 * such damages.
 *
 * SSH / smartcard integration project, smartcard side 
 *
 * Tomoko Fukuzawa, created, Feb., 2000
 * Naomaru Itoi, modified, Apr., 2000
 */

import javacard.framework.*;
import javacardx.framework.*;
import javacardx.crypto.*;

public class Ssh extends javacard.framework.Applet
{ 
    /* constants declaration */ 
    // code of CLA byte in the command APDU header 
    private final byte Ssh_CLA =(byte)0x05;
    
    // codes of INS byte in the command APDU header
    private final byte DECRYPT = (byte) 0x10;
    private final byte GET_KEYLENGTH = (byte) 0x20;
    private final byte GET_PUBKEY = (byte) 0x30;
    private final byte GET_RESPONSE = (byte) 0xc0;

    /* instance variables declaration */
    private final short keysize = 1024;

    //RSA_CRT_PrivateKey rsakey;
    AsymKey rsakey;
    CyberflexFile file;
    CyberflexOS os;
    
    byte buffer[];
    //byte pubkey[];

    static byte[] keyHdr = {(byte)0xC2, (byte)0x01, (byte)0x05};

    private Ssh()
    {
	file = new CyberflexFile();
	os = new CyberflexOS();
	
	rsakey = new RSA_CRT_PrivateKey (keysize);
	rsakey.setKeyInstance ((short)0xc8, (short)0x10);

	if ( ! rsakey.isSupportedLength (keysize) )
	    ISOException.throwIt (ISO.SW_WRONG_LENGTH);

	/*
	pubkey = new byte[keysize/8];
	file.selectFile((short)(0x3f<<8)); // select root
	file.selectFile((short)(('s'<<8)|'h')); // select public key file
	os.readBinaryFile (pubkey, (short)0, (short)0, (short)(keysize/8));
	*/
	register(); 
    } // end of the constructor 

    public static void install(APDU apdu)
    {
	new Ssh();	// create a Ssh applet instance (card) 
    } // end of install method

    public void process(APDU apdu)
    { 
	// APDU object carries a byte array (buffer) to 
	// transfer incoming and outgoing APDU header 
	// and data bytes between card and CAD
	buffer = apdu.getBuffer(); 

	// verify that if the applet can accept this
	// APDU message 
	// NI: change suggested by Wayne Dyksen, Purdue
	if (buffer[ISO.OFFSET_INS] == ISO.INS_SELECT)
	    ISOException.throwIt(ISO.SW_NO_ERROR);
		
	switch (buffer[ISO.OFFSET_INS]) {
	case DECRYPT:
	    if (buffer[ISO.OFFSET_CLA] != Ssh_CLA)
		ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
	    //decrypt (apdu);
	    short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
	    
	    if (apdu.setIncomingAndReceive() != size)
		ISOException.throwIt (ISO.SW_WRONG_LENGTH);
	    
	    rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size,
				 buffer, (short) ISO.OFFSET_CDATA);
	    apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
	    return;
	case GET_PUBKEY:
	    file.selectFile((short)(0x3f<<8)); // select root
	    file.selectFile((short)(('s'<<8)|'h')); // select public key file
	    os.readBinaryFile (buffer, (short)0, (short)0, (short)(keysize/8));
	    apdu.setOutgoingAndSend((short)0, (short)(keysize/8)); 
	    /*
	    apdu.setOutgoing();
	    apdu.setOutgoingLength((short)(keysize/8)); 
	    apdu.sendBytesLong(pubkey, (short)0, (short)(keysize/8));
	    */
	    return;
	case GET_KEYLENGTH:
	    buffer[0] = (byte)((keysize >> 8) & 0xff);
	    buffer[1] = (byte)(keysize & 0xff);
	    apdu.setOutgoingAndSend ((short)0, (short)2);
	    return;
	case GET_RESPONSE:
	    return;
	default:
	    ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED); 
	} 

    } // end of process method

    /*
    private void decrypt (APDU apdu)
    {
 	short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);

	if (apdu.setIncomingAndReceive() != size)
	    ISOException.throwIt (ISO.SW_WRONG_LENGTH);

	//short offset = (short) ISO.OFFSET_CDATA;

	rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size, buffer,
			     (short) ISO.OFFSET_CDATA);
	apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
    }
    */
} // end of class Ssh