Avoid dynamic instances creation

This commit is contained in:
Arnaud Fontaine 2021-02-21 15:09:32 +01:00
parent cfdcb943c3
commit 6952d4e03d
3 changed files with 35 additions and 28 deletions

View File

@ -21,8 +21,21 @@
package fr.anssi.smartpgp;
import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.*;
public final class Common {
protected final Cipher cipher_aes_cbc_nopad;
protected final Cipher cipher_rsa_pkcs1;
protected final RandomData random;
protected Common() {
cipher_aes_cbc_nopad = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
cipher_rsa_pkcs1 = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
random = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
}
protected static final void beginTransaction(final boolean isRegistering) {
if(!isRegistering) {

View File

@ -40,12 +40,7 @@ public final class PGPKey {
private KeyPair keys;
private final Cipher cipher_rsa_pkcs1;
protected PGPKey() {
cipher_rsa_pkcs1 = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
fingerprint = new Fingerprint();
generation_date = new byte[Constants.GENERATION_DATE_SIZE];
@ -447,7 +442,8 @@ public final class PGPKey {
protected final short sign(final byte[] buf, final short lc,
protected final short sign(final Common common,
final byte[] buf, final short lc,
final boolean forAuth) {
if(!isInitialized()) {
@ -486,10 +482,10 @@ public final class PGPKey {
return 0;
}
cipher_rsa_pkcs1.init(priv, Cipher.MODE_ENCRYPT);
common.cipher_rsa_pkcs1.init(priv, Cipher.MODE_ENCRYPT);
off = cipher_rsa_pkcs1.doFinal(buf, (short)0, lc,
buf, lc);
off = common.cipher_rsa_pkcs1.doFinal(buf, (short)0, lc,
buf, lc);
return Util.arrayCopyNonAtomic(buf, lc,
buf, (short)0,
@ -502,7 +498,8 @@ public final class PGPKey {
}
protected final short decipher(final byte[] buf, final short lc) {
protected final short decipher(final Common common,
final byte[] buf, final short lc) {
if(!isInitialized()) {
ISOException.throwIt(Constants.SW_REFERENCE_DATA_NOT_FOUND);
@ -526,10 +523,10 @@ public final class PGPKey {
return 0;
}
cipher_rsa_pkcs1.init(priv, Cipher.MODE_DECRYPT);
common.cipher_rsa_pkcs1.init(priv, Cipher.MODE_DECRYPT);
final short len = cipher_rsa_pkcs1.doFinal(buf, (short)1, (short)(lc - 1),
buf, lc);
final short len = common.cipher_rsa_pkcs1.doFinal(buf, (short)1, (short)(lc - 1),
buf, lc);
off = Util.arrayCopyNonAtomic(buf, lc,
buf, (short)0,

View File

@ -26,16 +26,13 @@ import javacardx.crypto.*;
public final class SmartPGPApplet extends Applet {
private final Common common;
private final Persistent data;
private final Transients transients;
private final Cipher cipher_aes_cbc_nopad;
private final RandomData random_data;
public SmartPGPApplet() {
cipher_aes_cbc_nopad = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
random_data = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
common = new Common();
data = new Persistent();
transients = new Transients();
}
@ -1287,7 +1284,7 @@ public final class SmartPGPApplet extends Applet {
}
JCSystem.commitTransaction();
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_SIG].sign(transients.buffer, lc, false);
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_SIG].sign(common, transients.buffer, lc, false);
}
/* PSO : DECIPHER */
@ -1312,10 +1309,10 @@ public final class SmartPGPApplet extends Applet {
return 0;
}
cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_DECRYPT);
common.cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_DECRYPT);
final short res = cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)1, (short)(lc - 1),
transients.buffer, lc);
final short res = common.cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)1, (short)(lc - 1),
transients.buffer, lc);
Util.arrayCopyNonAtomic(transients.buffer, lc,
transients.buffer, (short)0, res);
@ -1325,7 +1322,7 @@ public final class SmartPGPApplet extends Applet {
return res;
}
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_DEC].decipher(transients.buffer, lc);
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_DEC].decipher(common, transients.buffer, lc);
}
/* PSO : ENCIPHER */
@ -1343,10 +1340,10 @@ public final class SmartPGPApplet extends Applet {
return 0;
}
cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_ENCRYPT);
common.cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_ENCRYPT);
final short res = cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)0, lc,
transients.buffer, (short)(lc + 1));
final short res = common.cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)0, lc,
transients.buffer, (short)(lc + 1));
transients.buffer[lc] = (byte)0x02;
Util.arrayCopyNonAtomic(transients.buffer, lc,
@ -1369,7 +1366,7 @@ public final class SmartPGPApplet extends Applet {
case (byte)0x00:
sensitiveData();
assertUserMode82();
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_AUT].sign(transients.buffer, lc, true);
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_AUT].sign(common, transients.buffer, lc, true);
default:
break;
@ -1397,7 +1394,7 @@ public final class SmartPGPApplet extends Applet {
}
if(le != 0) {
random_data.generateData(transients.buffer, (short)0, le);
common.random.generateData(transients.buffer, (short)0, le);
}
return le;