c0de/SmartPGP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid dynamic instances creation

Browse Source
This commit is contained in:
Arnaud Fontaine 2021-02-21 15:09:32 +01:00
parent cfdcb943c3
commit 6952d4e03d
3 changed files with 35 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/fr/anssi/smartpgp/Common.java
View File

@ -21,8 +21,21 @@
package fr.anssi.smartpgp; package fr.anssi.smartpgp;
import javacard.framework.*; import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.*;
public final class Common { public final class Common {
protected final Cipher cipher_aes_cbc_nopad;
protected final Cipher cipher_rsa_pkcs1;
protected final RandomData random;
protected Common() {
cipher_aes_cbc_nopad = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
cipher_rsa_pkcs1 = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
random = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
}
protected static final void beginTransaction(final boolean isRegistering) { protected static final void beginTransaction(final boolean isRegistering) {
if(!isRegistering) { if(!isRegistering) {

23
src/fr/anssi/smartpgp/PGPKey.java
View File

@ -40,12 +40,7 @@ public final class PGPKey {
private KeyPair keys; private KeyPair keys;
private final Cipher cipher_rsa_pkcs1;
protected PGPKey() { protected PGPKey() {
cipher_rsa_pkcs1 = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
fingerprint = new Fingerprint(); fingerprint = new Fingerprint();
generation_date = new byte[Constants.GENERATION_DATE_SIZE]; generation_date = new byte[Constants.GENERATION_DATE_SIZE];
@ -447,7 +442,8 @@ public final class PGPKey {
protected final short sign(final byte[] buf, final short lc, protected final short sign(final Common common,
final byte[] buf, final short lc,
final boolean forAuth) { final boolean forAuth) {
if(!isInitialized()) { if(!isInitialized()) {
@ -486,10 +482,10 @@ public final class PGPKey {
return 0; return 0;
} }
cipher_rsa_pkcs1.init(priv, Cipher.MODE_ENCRYPT); common.cipher_rsa_pkcs1.init(priv, Cipher.MODE_ENCRYPT);
off = cipher_rsa_pkcs1.doFinal(buf, (short)0, lc, off = common.cipher_rsa_pkcs1.doFinal(buf, (short)0, lc,
buf, lc); buf, lc);
return Util.arrayCopyNonAtomic(buf, lc, return Util.arrayCopyNonAtomic(buf, lc,
buf, (short)0, buf, (short)0,
@ -502,7 +498,8 @@ public final class PGPKey {
} }
protected final short decipher(final byte[] buf, final short lc) { protected final short decipher(final Common common,
final byte[] buf, final short lc) {
if(!isInitialized()) { if(!isInitialized()) {
ISOException.throwIt(Constants.SW_REFERENCE_DATA_NOT_FOUND); ISOException.throwIt(Constants.SW_REFERENCE_DATA_NOT_FOUND);
@ -526,10 +523,10 @@ public final class PGPKey {
return 0; return 0;
} }
cipher_rsa_pkcs1.init(priv, Cipher.MODE_DECRYPT); common.cipher_rsa_pkcs1.init(priv, Cipher.MODE_DECRYPT);
final short len = cipher_rsa_pkcs1.doFinal(buf, (short)1, (short)(lc - 1), final short len = common.cipher_rsa_pkcs1.doFinal(buf, (short)1, (short)(lc - 1),
buf, lc); buf, lc);
off = Util.arrayCopyNonAtomic(buf, lc, off = Util.arrayCopyNonAtomic(buf, lc,
buf, (short)0, buf, (short)0,

27
src/fr/anssi/smartpgp/SmartPGPApplet.java
View File

@ -26,16 +26,13 @@ import javacardx.crypto.*;
public final class SmartPGPApplet extends Applet { public final class SmartPGPApplet extends Applet {
private final Common common;
private final Persistent data; private final Persistent data;
private final Transients transients; private final Transients transients;
private final Cipher cipher_aes_cbc_nopad;
private final RandomData random_data;
public SmartPGPApplet() { public SmartPGPApplet() {
cipher_aes_cbc_nopad = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false); common = new Common();
random_data = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
data = new Persistent(); data = new Persistent();
transients = new Transients(); transients = new Transients();
} }
@ -1287,7 +1284,7 @@ public final class SmartPGPApplet extends Applet {
} }
JCSystem.commitTransaction(); JCSystem.commitTransaction();
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_SIG].sign(transients.buffer, lc, false); return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_SIG].sign(common, transients.buffer, lc, false);
} }
/* PSO : DECIPHER */ /* PSO : DECIPHER */
@ -1312,10 +1309,10 @@ public final class SmartPGPApplet extends Applet {
return 0; return 0;
} }
cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_DECRYPT); common.cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_DECRYPT);
final short res = cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)1, (short)(lc - 1), final short res = common.cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)1, (short)(lc - 1),
transients.buffer, lc); transients.buffer, lc);
Util.arrayCopyNonAtomic(transients.buffer, lc, Util.arrayCopyNonAtomic(transients.buffer, lc,
transients.buffer, (short)0, res); transients.buffer, (short)0, res);
@ -1325,7 +1322,7 @@ public final class SmartPGPApplet extends Applet {
return res; return res;
} }
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_DEC].decipher(transients.buffer, lc); return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_DEC].decipher(common, transients.buffer, lc);
} }
/* PSO : ENCIPHER */ /* PSO : ENCIPHER */
@ -1343,10 +1340,10 @@ public final class SmartPGPApplet extends Applet {
return 0; return 0;
} }
cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_ENCRYPT); common.cipher_aes_cbc_nopad.init(data.aes_key, Cipher.MODE_ENCRYPT);
final short res = cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)0, lc, final short res = common.cipher_aes_cbc_nopad.doFinal(transients.buffer, (short)0, lc,
transients.buffer, (short)(lc + 1)); transients.buffer, (short)(lc + 1));
transients.buffer[lc] = (byte)0x02; transients.buffer[lc] = (byte)0x02;
Util.arrayCopyNonAtomic(transients.buffer, lc, Util.arrayCopyNonAtomic(transients.buffer, lc,
@ -1369,7 +1366,7 @@ public final class SmartPGPApplet extends Applet {
case (byte)0x00: case (byte)0x00:
sensitiveData(); sensitiveData();
assertUserMode82(); assertUserMode82();
return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_AUT].sign(transients.buffer, lc, true); return data.pgp_keys[Persistent.PGP_KEYS_OFFSET_AUT].sign(common, transients.buffer, lc, true);
default: default:
break; break;
@ -1397,7 +1394,7 @@ public final class SmartPGPApplet extends Applet {
} }
if(le != 0) { if(le != 0) {
random_data.generateData(transients.buffer, (short)0, le); common.random.generateData(transients.buffer, (short)0, le);
} }
return le; return le;