Avoid dynamic instances creation

2021-02-21 15:09:32 +01:00 · 2021-02-21 15:09:32 +01:00 · 6952d4e03d
parent cfdcb943c3
commit 6952d4e03d
3 changed files with 35 additions and 28 deletions
--- a/src/fr/anssi/smartpgp/Common.java
+++ b/src/fr/anssi/smartpgp/Common.java
@ -21,8 +21,21 @@
 package fr.anssi.smartpgp;

 import javacard.framework.*;
+import javacard.security.*;
+import javacardx.crypto.*;

 public final class Common {
+    protected final Cipher cipher_aes_cbc_nopad;
+    protected final Cipher cipher_rsa_pkcs1;
+
+    protected final RandomData random;
+
+    protected Common() {
+        cipher_aes_cbc_nopad = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
+        cipher_rsa_pkcs1 = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
+
+        random = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
+    }

    protected static final void beginTransaction(final boolean isRegistering) {
        if(!isRegistering) {
--- a/src/fr/anssi/smartpgp/PGPKey.java
+++ b/src/fr/anssi/smartpgp/PGPKey.java
@ -40,12 +40,7 @@ public final class PGPKey {

    private KeyPair keys;

-    private final Cipher cipher_rsa_pkcs1;
-
    protected PGPKey() {
-
-        cipher_rsa_pkcs1 = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
-
        fingerprint = new Fingerprint();
        generation_date = new byte[Constants.GENERATION_DATE_SIZE];

@ -447,7 +442,8 @@ public final class PGPKey {



-    protected final short sign(final byte[] buf, final short lc,
+    protected final short sign(final Common common,
+                               final byte[] buf, final short lc,
                               final boolean forAuth) {

        if(!isInitialized()) {
@ -486,10 +482,10 @@ public final class PGPKey {
                return 0;
            }

-            cipher_rsa_pkcs1.init(priv, Cipher.MODE_ENCRYPT);
+            common.cipher_rsa_pkcs1.init(priv, Cipher.MODE_ENCRYPT);

-            off = cipher_rsa_pkcs1.doFinal(buf, (short)0, lc,
-                                           buf, lc);
+            off = common.cipher_rsa_pkcs1.doFinal(buf, (short)0, lc,
+                                                  buf, lc);

            return Util.arrayCopyNonAtomic(buf, lc,
                                           buf, (short)0,
@ -502,7 +498,8 @@ public final class PGPKey {
    }


-    protected final short decipher(final byte[] buf, final short lc) {
+    protected final short decipher(final Common common,
+                                   final byte[] buf, final short lc) {

        if(!isInitialized()) {
            ISOException.throwIt(Constants.SW_REFERENCE_DATA_NOT_FOUND);
@ -526,10 +523,10 @@ public final class PGPKey {
                return 0;
            }

-            cipher_rsa_pkcs1.init(priv, Cipher.MODE_DECRYPT);
+            common.cipher_rsa_pkcs1.init(priv, Cipher.MODE_DECRYPT);

-            final short len = cipher_rsa_pkcs1.doFinal(buf, (short)1, (short)(lc - 1),
-                                                       buf, lc);
+            final short len = common.cipher_rsa_pkcs1.doFinal(buf, (short)1, (short)(lc - 1),
+                                                              buf, lc);

            off = Util.arrayCopyNonAtomic(buf, lc,
                                          buf, (short)0,
--- a/src/fr/anssi/smartpgp/SmartPGPApplet.java
+++ b/src/fr/anssi/smartpgp/SmartPGPApplet.java
@ -26,16 +26,13 @@ import javacardx.crypto.*;

 public final class SmartPGPApplet extends Applet {

+    private final Common common;
    private final Persistent data;

    private final Transients transients;

-    private final Cipher cipher_aes_cbc_nopad;
-    private final RandomData random_data;
-
    public SmartPGPApplet() {
-        cipher_aes_cbc_nopad = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
-        random_data = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
+        common = new Common();
        data = new Persistent();
        transients = new Transients();
    }
@ -1287,7 +1284,7 @@ public final class SmartPGPApplet extends Applet {
            }
            JCSystem.commitTransaction();

-            return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_SIG].sign(transients.buffer, lc, false);
+            return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_SIG].sign(common, transients.buffer, lc, false);
        }

        /* PSO : DECIPHER */
@ -1312,10 +1309,10 @@ public final class SmartPGPApplet extends Applet {
                    return 0;
                }

-                cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_DECRYPT);
+                common.cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_DECRYPT);

-                final short res = cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)1, (short)(lc - 1),
-                                                               transients.buffer, lc);
+                final short res = common.cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)1, (short)(lc - 1),
+                                                                      transients.buffer, lc);

                Util.arrayCopyNonAtomic(transients.buffer, lc,
                                        transients.buffer, (short)0, res);
@ -1325,7 +1322,7 @@ public final class SmartPGPApplet extends Applet {
                return res;
            }

-            return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_DEC].decipher(transients.buffer, lc);
+            return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_DEC].decipher(common, transients.buffer, lc);
        }

        /* PSO : ENCIPHER */
@ -1343,10 +1340,10 @@ public final class SmartPGPApplet extends Applet {
                return 0;
            }

-            cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_ENCRYPT);
+            common.cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_ENCRYPT);

-            final short res = cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)0, lc,
-                                                           transients.buffer, (short)(lc + 1));
+            final short res = common.cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)0, lc,
+                                                                  transients.buffer, (short)(lc + 1));

            transients.buffer[lc] = (byte)0x02;
            Util.arrayCopyNonAtomic(transients.buffer, lc,
@ -1369,7 +1366,7 @@ public final class SmartPGPApplet extends Applet {
            case (byte)0x00:
                sensitiveData();
                assertUserMode82();
-                return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_AUT].sign(transients.buffer, lc, true);
+                return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_AUT].sign(common, transients.buffer, lc, true);

            default:
                break;
@ -1397,7 +1394,7 @@ public final class SmartPGPApplet extends Applet {
        }

        if(le != 0) {
-            random_data.generateData(transients.buffer, (short)0, le);
+            common.random.generateData(transients.buffer, (short)0, le);
        }

        return le;