1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
/*
* copyright 1997, 2000
* the regents of the university of michigan
* all rights reserved
*
* permission is granted to use, copy, create derivative works
* and redistribute this software and such derivative works
* for any purpose, so long as the name of the university of
* michigan is not used in any advertising or publicity
* pertaining to the use or distribution of this software
* without specific, written prior authorization. if the
* above copyright notice or any other identification of the
* university of michigan is included in any copy of any
* portion of this software, then the disclaimer below must
* also be included.
*
* this software is provided as is, without representation
* from the university of michigan as to its fitness for any
* purpose, and without warranty by the university of
* michigan of any kind, either express or implied, including
* without limitation the implied warranties of
* merchantability and fitness for a particular purpose. the
* regents of the university of michigan shall not be liable
* for any damages, including special, indirect, incidental, or
* consequential damages, with respect to any claim arising
* out of or in connection with the use of the software, even
* if it has been or is hereafter advised of the possibility of
* such damages.
*
* SSH / smartcard integration project, smartcard side
*
* Tomoko Fukuzawa, created, Feb., 2000
* Naomaru Itoi, modified, Apr., 2000
*/
import javacard.framework.*;
import javacardx.framework.*;
import javacardx.crypto.*;
public class Ssh extends javacard.framework.Applet
{
/* constants declaration */
// code of CLA byte in the command APDU header
private final byte Ssh_CLA =(byte)0x05;
// codes of INS byte in the command APDU header
private final byte DECRYPT = (byte) 0x10;
private final byte GET_KEYLENGTH = (byte) 0x20;
private final byte GET_PUBKEY = (byte) 0x30;
private final byte GET_RESPONSE = (byte) 0xc0;
/* instance variables declaration */
private final short keysize = 1024;
//RSA_CRT_PrivateKey rsakey;
AsymKey rsakey;
CyberflexFile file;
CyberflexOS os;
byte buffer[];
//byte pubkey[];
static byte[] keyHdr = {(byte)0xC2, (byte)0x01, (byte)0x05};
private Ssh()
{
file = new CyberflexFile();
os = new CyberflexOS();
rsakey = new RSA_CRT_PrivateKey (keysize);
rsakey.setKeyInstance ((short)0xc8, (short)0x10);
if ( ! rsakey.isSupportedLength (keysize) )
ISOException.throwIt (ISO.SW_WRONG_LENGTH);
/*
pubkey = new byte[keysize/8];
file.selectFile((short)(0x3f<<8)); // select root
file.selectFile((short)(('s'<<8)|'h')); // select public key file
os.readBinaryFile (pubkey, (short)0, (short)0, (short)(keysize/8));
*/
register();
} // end of the constructor
public static void install(APDU apdu)
{
new Ssh(); // create a Ssh applet instance (card)
} // end of install method
public void process(APDU apdu)
{
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
buffer = apdu.getBuffer();
// verify that if the applet can accept this
// APDU message
// NI: change suggested by Wayne Dyksen, Purdue
if (buffer[ISO.OFFSET_INS] == ISO.INS_SELECT)
ISOException.throwIt(ISO.SW_NO_ERROR);
switch (buffer[ISO.OFFSET_INS]) {
case DECRYPT:
if (buffer[ISO.OFFSET_CLA] != Ssh_CLA)
ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
//decrypt (apdu);
short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
if (apdu.setIncomingAndReceive() != size)
ISOException.throwIt (ISO.SW_WRONG_LENGTH);
rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size,
buffer, (short) ISO.OFFSET_CDATA);
apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
return;
case GET_PUBKEY:
file.selectFile((short)(0x3f<<8)); // select root
file.selectFile((short)(('s'<<8)|'h')); // select public key file
os.readBinaryFile (buffer, (short)0, (short)0, (short)(keysize/8));
apdu.setOutgoingAndSend((short)0, (short)(keysize/8));
/*
apdu.setOutgoing();
apdu.setOutgoingLength((short)(keysize/8));
apdu.sendBytesLong(pubkey, (short)0, (short)(keysize/8));
*/
return;
case GET_KEYLENGTH:
buffer[0] = (byte)((keysize >> 8) & 0xff);
buffer[1] = (byte)(keysize & 0xff);
apdu.setOutgoingAndSend ((short)0, (short)2);
return;
case GET_RESPONSE:
return;
default:
ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED);
}
} // end of process method
/*
private void decrypt (APDU apdu)
{
short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
if (apdu.setIncomingAndReceive() != size)
ISOException.throwIt (ISO.SW_WRONG_LENGTH);
//short offset = (short) ISO.OFFSET_CDATA;
rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size, buffer,
(short) ISO.OFFSET_CDATA);
apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
}
*/
} // end of class Ssh
|