feat: does secret policies now

jan-sekanina · Mar 30, 2023 · fe91a00 · fe91a00
1 parent 638aad8
commit fe91a00
Show file tree

Hide file tree

Showing 12 changed files with 431 additions and 76 deletions.
diff --git a/applet/src/main/java/applet/AppletInstructions.java b/applet/src/main/java/applet/AppletInstructions.java
@@ -16,6 +16,7 @@
 public class AppletInstructions {
 
 
+
     public AppletInstructions() {
     }
 
@@ -37,8 +38,11 @@ public AppletInstructions() {
     public static final short CLASS_POLICY_UPLOAD = 1;
     // simple scenario where applet returns "HAND SHAKE" in bytes
     public static final short CLASS_HAND_SHAKE = 3;
-    public static final short CLASS_SECRETandTIME_UPLOAD = 2; // p1 will determine reference, where to store it
-    public static final short CLASS_DEBUG_DOWNLOAD = 4;
+    public static final short CLASS_ADDITIONAL_DATA_UPLOAD = 2; // p1 will determine reference, where to store it
+    public static final short CLASS_DOWNLOAD_PSBT_ARRAY = 4;
+
+    public static final short CLASS_SET_MODE_SECRET = 14;
+    public static final short CLASS_SET_MODE_TIME = 15;
 
     /**
      * Below are debug classes
@@ -57,6 +61,9 @@ public AppletInstructions() {
     public static final short CLASS_DOWNLOAD_INPUT_ALL = 9;
     public static final short CLASS_DOWNLOAD_OUTPUT_ALL = 10;
     public static final short CLASS_DOWNLOAD_GLOBAL_MAP_KEYPAIR = 11;
+    public static final short CLASS_DOWNLOAD_POLICY_SIZE = 14;
+    public static final short CLASS_DOWNLOAD_POLICY = 15;
+    public static final short CLASS_VALIDATE_POLICY = 16;
 
 
     public static final short CLASS_PSBT_UPLOAD_AND_BACK = 4;

diff --git a/applet/src/main/java/applet/GeneralMap.java b/applet/src/main/java/applet/GeneralMap.java
@@ -26,4 +26,15 @@ public void fill(short arrayIndex) {
             map_size += key_pairs[current_key_pair].getSize();
         }
     }
+
+    public void reset() {
+        short i = 0;
+        while (i < NUM_OF_KEYPAIR) {
+            key_pairs[i].reset();
+            i++;
+        }
+        map_start = -1;
+        current_key_pair = -1;
+        map_size = 0;
+    }
 }
diff --git a/applet/src/main/java/applet/Key.java b/applet/src/main/java/applet/Key.java
@@ -21,4 +21,11 @@ public short getSize() {
         return (short) (key_len_bytes + key_len);
     }
 
+    public void reset() {
+        start = -1;
+        key_len = -1;
+        key_len_bytes = 1;
+        key_type = -1;
+    }
+
 }
diff --git a/applet/src/main/java/applet/KeyPair.java b/applet/src/main/java/applet/KeyPair.java
@@ -16,4 +16,10 @@ public short getSize() {
         // TODO: find an easy!! way to check overflow
 
     }
+
+    public void reset() {
+        key.reset();
+        value.reset();
+        start = -1;
+    }
 }
diff --git a/applet/src/main/java/applet/MainApplet.java b/applet/src/main/java/applet/MainApplet.java
@@ -3,19 +3,29 @@
 import javacard.framework.*;
 import javacard.security.RandomData;
 
+import java.util.Arrays;
+
 
 public class MainApplet extends Applet implements MultiSelectable {
     public static final short MAX_SIZE_OF_PSBT = 1024 * 6;
+    public static final short MAX_SIZE_OF_POLICY = 256;
+    public static final short STORAGE_AMOUNT = 16;
+    public static final short STORAGE_SIZE = 32;
     /**
      * class of all instructions and other hardcoded information
      */
 
     public PSBT psbt;
+    public static byte[][] additionalDataStorage;
+    public static short[] dataStorageOffsets;
+    public static byte[][] checkAgainstDataStorage;
+    public static short[] checkAgainstDataStorageOffsets;
     public static byte[] PSBTdata;
     public static byte[] controlArray;
     public static byte [] policy;
-    short offset;
-    short locked = 0; // 0 locked, 1 - opened
+    short transactionOffset;
+    short policyOffset;
+    short policyUploadLocked; // 0 locked, 1 - opened
 
     //private byte[] data = JCSystem.makeTransientByteArray((short) (1024 * 10),
     //		JCSystem.CLEAR_ON_DESELECT);
@@ -28,7 +38,12 @@ public static void install(byte[] bArray, short bOffset, byte bLength) {
 
     public MainApplet(byte[] buffer, short offset, byte length) {
         psbt = new PSBT();
+        additionalDataStorage = new byte[STORAGE_AMOUNT][STORAGE_SIZE];
+        dataStorageOffsets = new short[STORAGE_AMOUNT];
+        checkAgainstDataStorage = new byte[STORAGE_AMOUNT][STORAGE_SIZE];
+        checkAgainstDataStorageOffsets = new short[STORAGE_AMOUNT];
         PSBTdata = new byte[MAX_SIZE_OF_PSBT];  // to change PSBT max size change this constant
+        policy = new byte[MAX_SIZE_OF_POLICY];
         controlArray = new byte[AppletInstructions.PACKET_BUFFER_SIZE]; // array that is sent back to computer as confirmation
         controlArray[0] = 0;
         controlArray[1] = 1;
@@ -38,7 +53,9 @@ public MainApplet(byte[] buffer, short offset, byte length) {
         controlArray[5] = 5;
         controlArray[6] = 6;
         controlArray[7] = 7;
-        this.offset = 0;
+        this.transactionOffset = 0;
+        this.policyOffset = 0;
+        this.policyUploadLocked = 0;
 
         random = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
 
@@ -60,16 +77,19 @@ public void process(APDU apdu) {
         if (cla == AppletInstructions.CLASS_PSBT_UPLOAD) {
             if (ins == AppletInstructions.INS_REQUEST) {
                 // TODO: return array size
+                transactionOffset = 0;
+                psbt.reset(); // maybe arbitrary
             }
             if (ins == AppletInstructions.INS_UPLOAD) {
 
-                Util.arrayCopyNonAtomic(apduBuffer, ISO7816.OFFSET_CDATA, PSBTdata, offset, (short) (lc & 0xff));
-                offset += (short) (lc & 0xff);
+                Util.arrayCopyNonAtomic(apduBuffer, ISO7816.OFFSET_CDATA, PSBTdata, transactionOffset, (short) (lc & 0xff));
+                transactionOffset += (short) (lc & 0xff);
             }
 
             if (ins == AppletInstructions.INS_FINISH) {
 
                 try {
+                    psbt.reset();
                     psbt.fill();
                 } catch (Exception e) {
                     //DO NOTHING
@@ -81,33 +101,49 @@ public void process(APDU apdu) {
         /**
          * this uploads Policy represented as array of bytes
          */
-        if (cla == AppletInstructions.CLASS_POLICY_UPLOAD) {
+        if (cla == AppletInstructions.CLASS_POLICY_UPLOAD && policyUploadLocked == 0) {
             if (ins == AppletInstructions.INS_REQUEST) {
-                //do smth here
             }
             if (ins == AppletInstructions.INS_UPLOAD) {
-                //do smth here
+                Util.arrayCopyNonAtomic(apduBuffer, ISO7816.OFFSET_CDATA, policy, policyOffset, (short) (lc & 0xff));
+                policyOffset += (short) (lc & 0xff);
             }
             if (ins == AppletInstructions.INS_FINISH) {
-                //do smth here
+                policyUploadLocked = 1;
             }
         }
         /**
          * this uploads data(secrets and time signed by authority) for Policy
          */
-        if (cla == AppletInstructions.CLASS_SECRETandTIME_UPLOAD) {
+        if (cla == AppletInstructions.CLASS_ADDITIONAL_DATA_UPLOAD && policyUploadLocked == 0) {
+            if (ins == AppletInstructions.INS_REQUEST) {
+                dataStorageOffsets[p1] = 0;
+            }
+            if (ins == AppletInstructions.INS_UPLOAD) {
+                Util.arrayCopyNonAtomic(apduBuffer, ISO7816.OFFSET_CDATA, additionalDataStorage[p1], dataStorageOffsets[p1], (short) (lc & 0xff));
+                System.out.print("SHit coppiedd" + System.lineSeparator());
+                System.out.print("SHit coppiedd: "+ Arrays.toString(additionalDataStorage[p1]) + System.lineSeparator());
+                dataStorageOffsets[p1] += (short) (lc & 0xff);
+            }
+            if (ins == AppletInstructions.INS_FINISH) {
+            }
+        }
+
+        if (cla == AppletInstructions.CLASS_ADDITIONAL_DATA_UPLOAD && policyUploadLocked == 1) {
             if (ins == AppletInstructions.INS_REQUEST) {
-                //do smth here
+                checkAgainstDataStorageOffsets[p1] = 0;
             }
             if (ins == AppletInstructions.INS_UPLOAD) {
-                //do smth here
+                Util.arrayCopyNonAtomic(apduBuffer, ISO7816.OFFSET_CDATA, checkAgainstDataStorage[p1], checkAgainstDataStorageOffsets[p1], (short) (lc & 0xff));
+                System.out.print("SH coppiedd" + System.lineSeparator());
+                System.out.print("SH coppiedd: "+ Arrays.toString(checkAgainstDataStorage[p1]) + System.lineSeparator());
+                checkAgainstDataStorageOffsets[p1] += (short) (lc & 0xff);
             }
             if (ins == AppletInstructions.INS_FINISH) {
-                //do smth here
             }
         }
 
-        if (cla == AppletInstructions.CLASS_DEBUG_DOWNLOAD && ins == AppletInstructions.INS_DOWNLOAD_ARRAY) {
+        if (cla == AppletInstructions.CLASS_DOWNLOAD_PSBT_ARRAY && ins == AppletInstructions.INS_DOWNLOAD_ARRAY) {
             short from = (short) ((apduBuffer[ISO7816.OFFSET_CDATA] & 0xff) << 8 | (apduBuffer[ISO7816.OFFSET_CDATA + 1] & 0xff));
             short to = (short) ((apduBuffer[ISO7816.OFFSET_CDATA + 2] & 0xff) << 8 | (apduBuffer[ISO7816.OFFSET_CDATA + 3] & 0xff));
             if (from < 0 || to > PSBTdata.length) {
@@ -146,7 +182,7 @@ public void process(APDU apdu) {
             }
         }
 
-        if (cla == AppletInstructions.CLASS_DOWNLOAD_GLOBAL_MAP && ins == AppletInstructions.INS_DOWNLOAD_NUM_OUTPUT_V0){
+        if (cla == AppletInstructions.CLASS_DOWNLOAD_GLOBAL_MAP && ins == AppletInstructions.INS_DOWNLOAD_NUM_OUTPUT_V0) {
             if (GlobalMap.PSBTversion == 0) {
                 FromApplet.send_data(apdu, psbt.global_map.globalUnsignedTX.output_count);
             }
@@ -155,6 +191,20 @@ public void process(APDU apdu) {
             }
         }
 
+        if (cla == AppletInstructions.CLASS_DOWNLOAD_POLICY_SIZE && ins == AppletInstructions.INS_REQUEST) {
+            FromApplet.send_data(apdu, policyOffset);
+        }
+
+        if (cla == AppletInstructions.CLASS_DOWNLOAD_POLICY) {
+            short from = (short) ((apduBuffer[ISO7816.OFFSET_CDATA] & 0xff) << 8 | (apduBuffer[ISO7816.OFFSET_CDATA + 1] & 0xff));
+            short to = (short) ((apduBuffer[ISO7816.OFFSET_CDATA + 2] & 0xff) << 8 | (apduBuffer[ISO7816.OFFSET_CDATA + 3] & 0xff));
+            FromApplet.send_data(apdu, policy, from, to);
+        }
+
+        if (cla == AppletInstructions.CLASS_VALIDATE_POLICY) {
+            FromApplet.send_data(apdu, validatePolicy());
+        }
+
         if (cla == AppletInstructions.CLASS_DOWNLOAD_INPUT){
             if (GlobalMap.PSBTversion == 0) {
                 FromApplet.send_data(apdu, psbt.global_map.globalUnsignedTX.inputs[p1]);
@@ -197,6 +247,48 @@ public void process(APDU apdu) {
         }
     }
 
+    short validatePolicy(){
+        short stepCounter = 0;
+        short orSection = 0;
+        if (policyOffset == 0) { //  empty policy is valid policy
+            return 1;
+        }
+        while (stepCounter < policyOffset) {
+            System.out.print("policy[stepcounter]: " + policy[stepCounter] + System.lineSeparator());
+            switch (policy[stepCounter]) {
+                case PolicyInstruction.checkSecret:
+                    if (equals(additionalDataStorage[policy[stepCounter + 1]], checkAgainstDataStorage[policy[stepCounter + 1]])) {
+                        orSection = 1;
+                    }
+                    stepCounter += 2;
+                    break;
+                case PolicyInstruction.policyAnd:
+                    if (orSection == 0) {
+                        return 0;
+                    }
+                    orSection = 0;
+                    stepCounter++;
+                    break;
+                default:
+                    return 0; //  unknown instruction
+            }
+        }
+        System.out.print("policy[stepcounter]: " + policy[stepCounter] + System.lineSeparator());
+        System.out.print("validating 1" + System.lineSeparator());
+        return orSection;
+    }
+
+    private boolean equals(byte[] bytes, byte[] bytes2) { // checks two byte[] with size of STORAGE_SIZE
+        short j = 0;
+        while (j < STORAGE_SIZE) {
+            if (bytes[j] != bytes2[j]) {
+                    return false;
+            }
+            j++;
+        }
+        return true;
+    }
+
     public boolean select(boolean b) {
         return true;
     }

diff --git a/applet/src/main/java/applet/PSBT.java b/applet/src/main/java/applet/PSBT.java
@@ -56,4 +56,9 @@ public void fill() throws Exception {
         }
 
     }
+
+    public void reset() {
+
+        byte_size = 0;
+    }
 }
diff --git a/applet/src/main/java/applet/PolicyInstruction.java b/applet/src/main/java/applet/PolicyInstruction.java
@@ -0,0 +1,6 @@
+package applet;
+
+public class PolicyInstruction {
+    public static final byte checkSecret = 10;
+    public static final byte policyAnd = 11;
+}
diff --git a/applet/src/main/java/applet/Value.java b/applet/src/main/java/applet/Value.java
@@ -22,4 +22,10 @@ public short getSize() {
     public byte getByte(short index) {
         return PSBTdata[(short) (start + value_len_bytes + index)];
     }
+
+    public void reset() {
+        start = -1;
+        value_len = -1;
+        value_len_bytes = 1;
+    }
 }
diff --git a/applet/src/main/java/main/Download.java b/applet/src/main/java/main/Download.java
@@ -85,7 +85,7 @@ public byte[] download(CardSimulator simulator, short from, short to) {
             communicationArray[1] = (byte) (from + offset);
             communicationArray[2] = (byte) ((from + offset + AppletInstructions.PACKET_BUFFER_SIZE) >> 8);
             communicationArray[3] = (byte) (from + offset + AppletInstructions.PACKET_BUFFER_SIZE);
-            cmd = new CommandAPDU(AppletInstructions.CLASS_DEBUG_DOWNLOAD, AppletInstructions.INS_DOWNLOAD_ARRAY, 0, 0, communicationArray, communicationArray.length);
+            cmd = new CommandAPDU(AppletInstructions.CLASS_DOWNLOAD_PSBT_ARRAY, AppletInstructions.INS_DOWNLOAD_ARRAY, 0, 0, communicationArray, communicationArray.length);
             rsp = simulator.transmitCommand(cmd);
             assert rsp.getSW() == 0x9000;
             System.arraycopy(rsp.getData(), (short) 0, res, offset, AppletInstructions.PACKET_BUFFER_SIZE);
@@ -97,7 +97,7 @@ public byte[] download(CardSimulator simulator, short from, short to) {
             communicationArray[1] = (byte) (from + offset);
             communicationArray[2] = (byte) (to >> 8);
             communicationArray[3] = (byte) to;
-            cmd = new CommandAPDU(AppletInstructions.CLASS_DEBUG_DOWNLOAD, AppletInstructions.INS_DOWNLOAD_ARRAY, 0, 0, communicationArray, communicationArray.length);
+            cmd = new CommandAPDU(AppletInstructions.CLASS_DOWNLOAD_PSBT_ARRAY, AppletInstructions.INS_DOWNLOAD_ARRAY, 0, 0, communicationArray, communicationArray.length);
             rsp = simulator.transmitCommand(cmd);
             assert rsp.getSW() == 0x9000;
             System.arraycopy(rsp.getData(), (short) 0, res,  offset, to - (offset + from));
-Original file line number
+Diff line change
@@ Expand Up / @@ -56,4 +56,9 @@ public void fill() throws Exception { @@
             }
         }
+        public void reset() {
+            byte_size = 0;
+        }
     }