Applications & SmartCard : JavaCard - Identification - LIFL
Applications & SmartCard : JavaCard - Identification - LIFL
Applications & SmartCard : JavaCard - Identification - LIFL
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Recherche & Développement<br />
sur les Dossiers Portables.<br />
<strong>Applications</strong> &<br />
<strong>SmartCard</strong> : <strong>JavaCard</strong><br />
Gilles Grimaud<br />
Université des Sciences et<br />
Technologies de Lille<br />
Inspired by Jean-Jacques Vandewalle<br />
lecture notes, Gemplus Research Labs.<br />
<strong>SmartCard</strong> : Remainder<br />
« Chaque fois qu’un Gonda désirait quelque chose de nouveau, des vêtements,<br />
un bagage, des objets, il payait avec sa clef. Il pliait le majeur, enfonçait sa<br />
clef dans un emplacement prévu à cet effet, et son compte, à l’ordinateur<br />
central était aussitôt diminué de la valeur de la marchandise ou du service<br />
demandé. »<br />
la nuit des temps, R. BARJAVEL<br />
Vdd<br />
RST<br />
CLK<br />
RFU<br />
Rolland Moreno<br />
GND<br />
Vpp<br />
I/O<br />
RFU<br />
< 4,17mm<br />
RAM<br />
CPU<br />
I/O<br />
< 6,45mm<br />
ROM<br />
E²PROM<br />
http://www.lifl.fr/~grimaud/Cours/<br />
5/28/2005<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 2<br />
<strong>JavaCard</strong> Architecture<br />
<strong>JavaCard</strong> Architecture<br />
<strong>JavaCard</strong> Applet 1<br />
<strong>JavaCard</strong> Applet 2<br />
Framework APIs<br />
(V)OP APIs<br />
&<br />
Applet Manager<br />
JCVM<br />
Memory spaces<br />
Java Card Virtual Machine<br />
Natives Layers<br />
Hardware : CPU + Memories + IO<br />
Transient Heap<br />
JStack<br />
Persistent Heap<br />
Bytecodes &<br />
Applets structs<br />
Romized<br />
Applets<br />
Framework APIs<br />
Natives Layer<br />
& JCVM<br />
RAM (~1Kb) EEPROM (~32Kb) ROM (~64Kb)<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 3<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 4
<strong>JavaCard</strong> Applet life cycle<br />
APDUs in <strong>JavaCard</strong><br />
JCVM<br />
• Terminal command<br />
Applet<br />
sources<br />
Applet<br />
class files<br />
remove<br />
remove<br />
Applet<br />
cap file<br />
load<br />
Applet<br />
Loaded<br />
Applet<br />
Activited<br />
Install / Register<br />
Select →<br />
← Deselect<br />
Applet<br />
Selected<br />
Process →<br />
← return<br />
Applet<br />
Processing<br />
Off-card<br />
On-card<br />
Header Bytes<br />
data<br />
CLA INS P1 P2 P3<br />
P3 indicates either data length sent or length expected<br />
• Card response<br />
Outgoing data Status word<br />
SW1 SW2<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 5<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 6<br />
APDUs in <strong>JavaCard</strong><br />
• According to ISO 7816 standards<br />
Case Command Response P3<br />
data<br />
data parameter<br />
Case 1 --- --- 0<br />
Case 2 --- Data Lsent<br />
Case 3 Data --- Lexpected<br />
Case 4<br />
2 APDU<br />
exchanges<br />
Data Data (i) Lsent<br />
(ii) Lexpected<br />
<strong>JavaCard</strong> limitations...<br />
• Byte<br />
[-128, +127]<br />
• short<br />
Signed values only !<br />
[-32768, +32767]<br />
• boolean<br />
byte: TRUE or FALSE<br />
• objects (including arrays...)<br />
• int (optional)<br />
No support for "int" in GemXpresso<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 7<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 8
<strong>JavaCard</strong> limitations<br />
<strong>JavaCard</strong> limitations<br />
• A garbage collector implies multithreading<br />
What is cloning<br />
Executing: b = a<br />
gives:<br />
Executing: b = a.clone()<br />
gives:<br />
• Not fully implemented on GemXpresso cards<br />
Started manually on card reset<br />
a<br />
H E L L O<br />
a<br />
H E L L O<br />
b<br />
a<br />
H E L L O<br />
H E L L O<br />
b<br />
• No explicit or implicit object de-allocation commands<br />
(Java innate pointer-safe philosophy)<br />
A proprietary Garbage collector is sometime supported<br />
• No clone() method in class Object<br />
Use Util.arrayCopy() instead (for array only)<br />
• Clonable interface not provided<br />
• Space efficiency is paramount<br />
⇒ creating copies of objects is critical<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 9<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 10<br />
<strong>JavaCard</strong> APIs<br />
<strong>JavaCard</strong> APIs<br />
• 1. java.lang<br />
<br />
Classes : Object , Throwable<br />
• java.lang<br />
• javacard.framework<br />
• javacard.security<br />
• javacardx.crypto<br />
Exceptions<br />
Provides classes that are fundamental to the design of the<br />
Java Card technology, subset of the Java programming<br />
language.<br />
• 2. javacard.framework<br />
• 3. javacard.security<br />
• 4. javacardx.crypto<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 11<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 12
<strong>JavaCard</strong> APIs<br />
<strong>JavaCard</strong> APIs<br />
• Every exception has an associated reason<br />
A short value<br />
Forwarded to the JCVM using<br />
http://www.lifl.fr/~grimaud/Cours<br />
xxxException.throwIt(short reason)<br />
Rather than<br />
throw new xxxException(short reason)<br />
• Card returns the reason for ISOException exceptions<br />
only.<br />
For otherException, reason is always “6F00” code (JCVM<br />
terminated).<br />
<strong>JavaCard</strong> System & Framework 13<br />
• How can you customize your exceptions : example<br />
<br />
<br />
<br />
http://www.lifl.fr/~grimaud/Cours<br />
define an exception<br />
APDUException a<br />
associate a reason to this exception and throw it<br />
a.throwIt(BAD_LENGTH)<br />
catch it and convert it into a ISOException with a customized reason,<br />
then throw it<br />
ISOException.throwIt(SW_UNKNOWN+0x30+a.getReason())<br />
ISOException reasons are always returned :<br />
SW1 SW2 =<br />
SW1 SW2 = 6F 33<br />
6F 00 (SW_UNKNOWN:defined in ISO7816 interface)<br />
+ 0x30 (customized convention)<br />
+ 0x03 (BAD_LENGTH:defined in APDUException class)<br />
<strong>JavaCard</strong> System & Framework 14<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> APIs<br />
• 1. java.lang<br />
• 2. javacard.framework<br />
Interfaces ISO7816 PIN Shareable<br />
Classes AID APDU Applet JCSystem OwnerPIN Util<br />
Exceptions<br />
Provides framework of classes and interfaces for the core<br />
functionality of a Java Card applet.<br />
• 3. javacard.security<br />
• 4. javacardx.crypto<br />
<strong>JavaCard</strong> System & Framework 15<br />
<strong>JavaCard</strong>.Framework APIs<br />
° class java.lang.Object<br />
° class javacard.framework.AID<br />
° class javacard.framework.APDU<br />
° class javacard.framework.Applet<br />
° class javacard.framework.JCSystem<br />
° class javacard.framework.OwnerPIN (implements javacard.framework.PIN)<br />
° class java.lang.Throwable<br />
° class java.lang.Exception<br />
° class javacard.framework.CardException<br />
° class javacard.framework.UserException<br />
° class java.lang.RuntimeException<br />
° class javacard.framework.CardRuntimeException<br />
° class javacard.framework.APDUException<br />
° class javacard.framework.ISOException<br />
° class javacard.framework.PINException<br />
° class javacard.framework.SystemException<br />
° class javacard.framework.TransactionException<br />
° class javacard.framework.Util<br />
° interface javacard.framework.ISO7816<br />
Optionally used by the<br />
° interface javacard.framework.PIN<br />
developer...<br />
° interface javacard.framework.Shareable<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 16
<strong>JavaCard</strong>.Framework APIs<br />
• AID<br />
• APDU<br />
• Applet<br />
• OwnerPIN<br />
• Util<br />
• JCSystem<br />
<strong>JavaCard</strong>.Framework APIs<br />
• AID<br />
This class encapsulates the Application<br />
Identifier(AID) associated with an applet.<br />
• APDU<br />
• Applet<br />
• OwnerPIN<br />
• Util<br />
• JCSystem<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 17<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 18<br />
<strong>JavaCard</strong>.Framework.AID<br />
<strong>JavaCard</strong>.Framework APIs<br />
• AID<br />
• Encapsulates 7816-5 application identifier<br />
(AID) in a byte array (5 to 16 bytes)<br />
• Uniquely identifies an applet object<br />
• APDU<br />
Application Protocol Data Unit (APDU) is the<br />
communication format between the card and the offcard<br />
applications. The format of the APDU is defined<br />
in ISO specification 7816-4.<br />
• JCRE creates the applets’ AID objects at<br />
installation time<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 19<br />
• Applet<br />
• OwnerPIN<br />
• Util<br />
• JCSystem<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 20
<strong>JavaCard</strong>.Framework.APDU<br />
• Encapsulates 7816-4 APDU elements in pre-created I/O<br />
<strong>JavaCard</strong>.Framework.APDU<br />
• APDU buffer is handled by the JCRE as a global array<br />
buffer<br />
• APDU = communication packet between on-card and<br />
off-card applications<br />
Incoming APDU<br />
ISO standards<br />
APDU Buffer<br />
CLA INS P1 P2 P3<br />
• Contains methods for sending and receiving data<br />
• Hides the low level details of the protocol used<br />
• APDU objects are owned by the JCRE<br />
• To have a reference on the APDU buffer in the applet<br />
getBuffer()<br />
Return the APDU buffer byte array, filled with APDU<br />
header<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 21<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 22<br />
<strong>JavaCard</strong>.Framework.APDU<br />
• process() method is called<br />
• getBuffer()<br />
• INS is examined<br />
CLA INS P1 P2 L<br />
Process( )<br />
INS = V1<br />
INS = Vx<br />
INS =V2<br />
Method1( )<br />
Methodx( )<br />
Method2( )<br />
<strong>JavaCard</strong>.Framework.APDU<br />
Buffer<br />
• To retrieve incoming data (for ISO cases 2 and 4)<br />
setIncomingAndReceive()<br />
Sets the transfer direction to inbound<br />
Receives the incoming data in the APDU buffer at offset = 4<br />
byte bLength = (byte)_apdu.setIncomingAndReceive();<br />
byte bData = baBuffer[ISO7816.OFFSET_CDATA];<br />
OR<br />
receiveBytes(short offset)<br />
Sets the transfer direction to inbound<br />
Receives the incoming data in the APDU buffer at user offset<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 23<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 24
<strong>JavaCard</strong>.Framework.APDU<br />
Buffer<br />
APDU Buffer<br />
<strong>JavaCard</strong>.Framework.APDU<br />
• To send back data (for ISO cases 3 and 4)<br />
User manages the APDU buffer<br />
setOutgoing()<br />
<br />
<br />
Sets the transfer direction to outbound<br />
Obtains the expected length<br />
setOutgoingLength(short length)<br />
<br />
Sets the expected length<br />
sendBytes(short offset, short length)<br />
APDU Buffer<br />
• To send back data for cases 3 and 4<br />
User manages the APDU buffer and send in a very nice way<br />
setOutgoingAndSend(short offset, short length)<br />
= setOutgoing() + setOutgoingLength() + sendBytes()<br />
<br />
Sends length bytes from the APDU buffer starting at offset<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 25<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 26<br />
<strong>JavaCard</strong>.Framework APIs<br />
• AID<br />
• APDU<br />
• Applet<br />
This abstract class defines an applet in Java Card.<br />
The Applet class should be extended by any applet<br />
that is intended to be loaded onto, installed into and<br />
executed on a Java Card compliant smart card.<br />
OwnerPIN<br />
• Util<br />
• JCSystem<br />
<strong>JavaCard</strong>.Framework.Applet<br />
• "Super class" of all Java Card applets<br />
• No relationship with java.applet.Applet<br />
• Contains lifecycle methods<br />
• Abstract class, but none of its methods are abstract<br />
Must subclass, but not programmatically required to override any<br />
particular methods<br />
Must implement process() methods in order to interact with<br />
JCRE<br />
Shall implement install() method to allow multiple instances<br />
May override the select()and deselect() methods<br />
Common behavior of all <strong>JavaCard</strong> applets<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 27<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 28
<strong>JavaCard</strong>.Framework.Applet<br />
<strong>JavaCard</strong>.Framework.Applet<br />
• 0. Applet design and download<br />
• 1. Install ()<br />
• 2. Register ()<br />
• 3. Select ()<br />
• 4. Process ()<br />
• 5. Deselect ()<br />
• 6. Power loss<br />
• 0. Applet design and download<br />
• 1. Install ()<br />
• 2. Register ()<br />
• 3. Select ()<br />
• 4. Process ()<br />
• 5. Deselect ()<br />
• 6. Power loss<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 29<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 30<br />
<strong>JavaCard</strong>.Framework.Applet<br />
<strong>JavaCard</strong>.Framework.Applet<br />
JCVM<br />
Applet<br />
sources<br />
Applet<br />
class files<br />
remove<br />
remove<br />
Applet<br />
cap file<br />
load<br />
Applet<br />
Loaded<br />
Applet<br />
Activited<br />
Install / Register<br />
Select →<br />
← Deselect<br />
Applet<br />
Selected<br />
Process →<br />
← return<br />
Applet<br />
Processing<br />
Off-card<br />
On-card<br />
• 0. Applet design and download<br />
• 1. Install ()<br />
• 2. Register ()<br />
• 3. Select ()<br />
• 4. Process ()<br />
• 5. Deselect ()<br />
• 6. Power loss<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 31<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 32
<strong>JavaCard</strong>.Framework.Applet<br />
<strong>JavaCard</strong>.Framework.Applet.install()<br />
JCVM<br />
Applet<br />
sources<br />
Applet<br />
class files<br />
remove<br />
Applet<br />
cap file<br />
load<br />
Applet<br />
Loaded<br />
Off-card<br />
On-card<br />
CLA Install P1 P2 Lc Install Parameters<br />
SW1 SW2<br />
Initialize / customize fields<br />
• Instanciation and initialization of the AID<br />
and Applet objects<br />
remove<br />
Applet<br />
Activited<br />
Install / Register<br />
Select →<br />
← Deselect<br />
Applet<br />
Selected<br />
Process →<br />
← return<br />
Applet<br />
Processing<br />
• Static method (called once by the JCRE) in<br />
which the applet object is allocated and<br />
partly initialized<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 33<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 34<br />
<strong>JavaCard</strong>.Framework.Applet<br />
<strong>JavaCard</strong>.Framework.Applet.register()<br />
JCVM<br />
• 0. Applet design and download<br />
• 1. Install ()<br />
• 2. Register ()<br />
• 3. Select ()<br />
• 4. Process ()<br />
• 5. Deselect ()<br />
• 6. Power loss<br />
Applet<br />
sources<br />
Applet<br />
class files<br />
remove<br />
remove<br />
Applet<br />
cap file<br />
load<br />
Applet<br />
Loaded<br />
Applet<br />
Activited<br />
Install / Register<br />
Select →<br />
← Deselect<br />
Applet<br />
Selected<br />
Process →<br />
← return<br />
Applet<br />
Processing<br />
Off-card<br />
On-card<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 35<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 36
<strong>JavaCard</strong>.Framework.Applet.register()<br />
<strong>JavaCard</strong>.Framework.Applet<br />
• Updates the applet table<br />
AID<br />
Registers the applet within the JCRE<br />
Located in the install() method<br />
• Two protected methods<br />
register() uses applet’s AID for the instance’s AID<br />
register(array offset length) allows to define<br />
an AID for an instance, and multiple-instanciation.<br />
• 0. Applet design and download<br />
• 1. Install ()<br />
• 2. Register ()<br />
• 3. Select ()<br />
• 4. Process ()<br />
• 5. Deselect ()<br />
• 6. Power loss<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 37<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 38<br />
<strong>JavaCard</strong>.Framework.Applet.select()<br />
<strong>JavaCard</strong>.Framework.Applet.select()<br />
Applet<br />
sources<br />
Applet<br />
class files<br />
remove<br />
remove<br />
Applet<br />
cap file<br />
load<br />
Applet<br />
Loaded<br />
Applet<br />
Activited<br />
Install / Register<br />
Applet<br />
Selected<br />
JCVM<br />
Applet<br />
Processing<br />
Off-card<br />
On-card<br />
CLA Select P1 P2 Lc AID<br />
SW1<br />
SW2<br />
Please select Applet which AID is...<br />
OK, selection accepted<br />
• Called by the JCRE to inform an applet that it has<br />
been selected<br />
• Indicates the applet is ready to accept incoming<br />
APDUs<br />
• Once the applet has been selected, commands that<br />
cannot be interpreted by the JCRE are sent to the<br />
process() method<br />
Select →<br />
← Deselect<br />
Process →<br />
← return<br />
Use selectingApplet() for filtering out the applet selection<br />
APDU (returns TRUE if the applet is being selected)<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 39<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 40
<strong>JavaCard</strong>.Framework.Applet<br />
<strong>JavaCard</strong>.Framework.process()<br />
JCVM<br />
• 0. Applet design and download<br />
• 1. Install ()<br />
• 2. Register ()<br />
• 3. Select ()<br />
Applet<br />
sources<br />
Applet<br />
class files<br />
remove<br />
Applet<br />
cap file<br />
load<br />
Applet<br />
Loaded<br />
Off-card<br />
On-card<br />
• 4. Process ()<br />
Install / Register<br />
• 5. Deselect ()<br />
remove<br />
Applet<br />
Activited<br />
Applet<br />
Selected<br />
Applet<br />
Processing<br />
• 6. Power loss<br />
Select →<br />
← Deselect<br />
Process →<br />
← return<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 41<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 42<br />
<strong>JavaCard</strong>.Framework.process()<br />
<strong>JavaCard</strong>.Framework.Applet<br />
• Contains the core application code of the<br />
applet<br />
• 0. Applet design and download<br />
• 1. Install ()<br />
Incoming<br />
APDUs<br />
• Handles all the incoming APDU messages<br />
for the applet<br />
JCRE<br />
Selected Applet<br />
Method_1( )<br />
process( )<br />
deselect( )<br />
Method_2( )<br />
Method_i( )<br />
• 2. Register ()<br />
• 3. Select ()<br />
• 4. Process ()<br />
• 5. Deselect ()<br />
• 6. Power loss<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 43<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 44
<strong>JavaCard</strong>.Framework.Applet.deselect()<br />
<strong>JavaCard</strong>.Framework.Applet.deselect()<br />
Applet<br />
sources<br />
Applet<br />
class files<br />
remove<br />
remove<br />
Applet<br />
cap file<br />
load<br />
Applet<br />
Loaded<br />
Applet<br />
Activited<br />
Install / Register<br />
Applet<br />
Selected<br />
JCVM<br />
Applet<br />
Processing<br />
Off-card<br />
On-card<br />
• Automatically called by the JCRE<br />
upon selection of another applet<br />
• Informs the current applet that<br />
another applet has been selected<br />
• Not called in case of power loss<br />
process( )( )<br />
Applet 1 Applet 2<br />
Process( )<br />
Select →<br />
← Deselect<br />
Process →<br />
← return<br />
OK, I am no<br />
longer selected<br />
deselect( ) select( )<br />
JCRE<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 45<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 46<br />
Applet Example<br />
package com.gemplus.training.code... ;<br />
import javacard.framework.* ;<br />
public class MyApplet extends javacard.framework.Applet {<br />
private final static byte CONSTANT = 0x.. ;<br />
private static final int myVariable = ... ;<br />
private int counterValue ;<br />
MyBaseApplet() { super() ; counterValue = ... ; }<br />
public static void install(byte[] param,short offs,byte ln)<br />
{<br />
MyBaseApplet myApplet = new MyBaseApplet() ;<br />
myApplet.register() ; }<br />
public boolean select() { return true ; }<br />
public void process( APDU apdu ) {<br />
switch ( INS... ) {<br />
case COMMAND_1 : command_1( _apdu) ; break ;<br />
case COMMAND_2 : command_2( _apdu) ; break ;<br />
default ...<br />
break ;<br />
}}<br />
private void command_1( APDU _apdu ) { ... }<br />
private void command_2( APDU _apdu ) { ... }<br />
private void utilityMethod( ... ) { ... }<br />
http://www.lifl.fr/~grimaud/Cours<br />
}<br />
Initialization Command<br />
declaration selection dispaching<br />
<strong>JavaCard</strong> System & Framework 47<br />
<strong>JavaCard</strong>.Framework.Applet<br />
• 0. Applet design and download<br />
• 1. Install ()<br />
• 2. Register ()<br />
• 3. Select ()<br />
• 4. Process ()<br />
• 5. Deselect ()<br />
• 6. Power loss<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 48
<strong>JavaCard</strong>.Framework.Applet<br />
Power loss<br />
JCVM<br />
<strong>JavaCard</strong>.Framework.Applet<br />
Power loss<br />
Applet<br />
sources<br />
Applet<br />
class files<br />
remove<br />
Applet<br />
cap file<br />
load<br />
Applet<br />
Loaded<br />
Install / Register<br />
Off-card<br />
On-card<br />
• Transient object fields -> reset<br />
• Transactions in progress -> aborted<br />
• “Current” applet deselected<br />
remove<br />
Applet<br />
Activited<br />
Applet<br />
Selected<br />
Applet<br />
Processing<br />
Select →<br />
← Deselect<br />
Process →<br />
← return<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 49<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 50<br />
<strong>JavaCard</strong>.Framework APIs<br />
• AID<br />
• APDU<br />
• Applet<br />
• OwnerPIN<br />
This class represents an Owner PIN. It implements<br />
Personal <strong>Identification</strong> Number functionality as<br />
defined in the PIN interface. It provides the ability to<br />
update the PIN and thus owner functionality.<br />
• Util<br />
• JCSystem<br />
<strong>JavaCard</strong>.Framework APIs<br />
• AID<br />
• APDU<br />
• Applet<br />
• OwnerPIN<br />
• Util<br />
The Util class contains common utility functions.<br />
• JCSystem<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 51<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 52
<strong>JavaCard</strong>.Framework.Utils<br />
• Functions for byte array manipulation & comparison<br />
<br />
<br />
<br />
<br />
byte arrayCompare() ; Compares 2 arrays<br />
arrayCopy() ; Copies 1 array into another atomically<br />
arrayCopyNonAtomic() ; Copies 1 array into another<br />
non-atomically<br />
arrayFillNonAtomic() ; Fills an array non-atomically<br />
• Functions for type conversion (short / byte)<br />
short getShort() ;<br />
short makeShort() ;<br />
setShort() ;<br />
,<br />
[ 0E 06 ] 0E 06<br />
0E 06 0E 06<br />
0E 06<br />
0E 06<br />
<strong>JavaCard</strong>.Framework APIs<br />
• AID<br />
• APDU<br />
• Applet<br />
• OwnerPIN<br />
• Util<br />
• JCSystem<br />
The JCSystem class includes a collection of<br />
methods to control applet execution, resource<br />
management, atomic transaction management and<br />
inter-applet object sharing in Java Card.<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 53<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 54<br />
<strong>JavaCard</strong>.Framework.JCSystem<br />
• 1. Object sharing<br />
• 2. Persistence / transience<br />
• 3. Transaction atomicity<br />
<strong>JavaCard</strong>.Framework.JCSystem<br />
1. Sharing<br />
• Applets can share individual objects with each other<br />
• Once an object is shared, it cannot be unshared<br />
• JCRE Privilege<br />
JCRE has access to all objects regardless if they are shared or not<br />
• getAppletShareableInterfaceObject(AID, byte)<br />
Called by a ‘ client ’ applet to get a ‘ server ’ applet's shareable<br />
interface object.<br />
A ‘ server ’ applet can not be deleted<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 55<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 56
<strong>JavaCard</strong>.Framework.JCSystem<br />
1. Sharing<br />
<strong>JavaCard</strong>.Framework.JCSystem<br />
1. Sharing<br />
• <strong>Identification</strong> of the shared objects<br />
><br />
Shareable<br />
Applet<br />
• All objects that want to be shared have to implement<br />
this interface<br />
extends<br />
extends<br />
Declare which method will go through the firewall<br />
><br />
JavaLoyaltyInterface<br />
grantPoints()<br />
Shared methods<br />
Non shared method<br />
implements<br />
JavaLoyalty<br />
Install()<br />
JavaLoyalty()<br />
getShareableInterfaceObject()<br />
grantPoints()<br />
process()<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 57<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 58<br />
<strong>JavaCard</strong>.Framework.JCSystem<br />
2. Persistence<br />
<strong>JavaCard</strong>.Framework.JCSystem<br />
2. Persistence<br />
JCVM<br />
• A persistent object’s fields retain their values between<br />
CAD sessions<br />
Memory spaces<br />
Object instances are persistent by default since they are<br />
stored in the heap<br />
• A transient object’s fields are reset between CAD<br />
sessions<br />
Transient Heap<br />
JStack<br />
Persistent Heap<br />
Bytecodes &<br />
Applets structs<br />
Romized<br />
Applets<br />
Framework APIs<br />
Natives Layer<br />
& JCVM<br />
RAM (~1Kb) EEPROM (~32Kb) ROM (~64Kb)<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 59<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 60
<strong>JavaCard</strong>.Framework.JCSystem<br />
2. Persistence<br />
• An object is created and made transient by calling<br />
JCsystem.makeTransientXX(short, byte)<br />
<br />
<br />
CLEAR_ON_DESELECT<br />
• Reset when the owning applet is deselected<br />
CLEAR_ON_RESET<br />
• Reset at the end of each CAD session<br />
• Default<br />
• XX being:<br />
<br />
<br />
<br />
<br />
BooleanArray<br />
ByteArray<br />
ObjectArray<br />
ShortArray<br />
<strong>JavaCard</strong>.Framework.JCSystem<br />
3. Atomicity<br />
• Transaction = set of operations<br />
• Atomicity = if the transaction does not<br />
complete, the modified object fields<br />
will be restored to their original values.<br />
• Atomicity guaranteed for persistent<br />
fields only<br />
Transaction<br />
Initial State<br />
Instr. 1<br />
Instr. 2<br />
Instr. 3<br />
Instr. 4<br />
Final State<br />
Rollback !<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 61<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 62<br />
<strong>JavaCard</strong>.Framework.JCSystem<br />
3. Atomicity<br />
• Transaction lifecycle<br />
<br />
<br />
<br />
JCsystem.beginTransaction()<br />
• All subsequent updates are conditional<br />
JCsystem.abortTransaction()<br />
• Undo conditional updates<br />
JCsystem.commitTransaction()<br />
• Commit conditional updates<br />
Memo...<br />
Initial State<br />
Instr. 1<br />
Instr. 2<br />
Instr. 3<br />
Instr. 4<br />
Final State<br />
<strong>JavaCard</strong>.Framework.JCSystem<br />
3. Atomicity<br />
• JCRE manages a commit buffer<br />
• Conditional updates written to the<br />
commit buffer<br />
• Commit buffer capacity is limited<br />
due to limited system resources<br />
Memo...<br />
Initial State<br />
Instr. 1<br />
Instr. 2<br />
Instr. 3<br />
Instr. 4<br />
Final State<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 63<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 64
<strong>JavaCard</strong> APIs<br />
Javacard.Security<br />
Key<br />
• 1. java.lang<br />
• 2. javacard.framework<br />
• 3. javacard.security<br />
PublicKey<br />
PrivateKey<br />
SecretKey<br />
<br />
<br />
Classes : KeyBuilder, Signature, MessageDigest,<br />
RandomData, CryptoException<br />
Interfaces : Key, SecretKey, DESKey, PublicKey,<br />
RSAPublicKey, DSAPublicKey, PrivateKey,<br />
DSAPrivateKey, RSAPrivateKey, RSAPrivateCrtKey<br />
• 4. javacardx.crypto<br />
DSAPublicKey RSAPublicKey<br />
DESKey<br />
DSAPrivateKey RSAPrivateKey RSACrtPrivateKey<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 65<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 66<br />
Javacard.Security<br />
• KeyBuilder = Key object factory<br />
Creates cryptographic keys<br />
• Used by signature and ciphering algorithms<br />
• Returned object must be cast to the appropriate key type interface<br />
Mandatory objects for Signature and Cipher<br />
initialisation<br />
Javacard.Security<br />
• MessageDigest<br />
Base class for hashing algorithms<br />
Algorithm MD5, SHA, MD-160<br />
• RandomData<br />
Pseudo-random seed data set to default<br />
Secure-random algorithm allows user seeding<br />
• Signature<br />
Several schemes for RSA or DES padding<br />
Several algorithms support (e.g. DES-CBC, DES-ECB)<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 67<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 68
Javacard.Security<br />
• Key<br />
Base interface for all keys<br />
• DESKey<br />
Contains an 8/16/24 byte key<br />
• single / 2 keys triple DES / 3 keys triple DES operations<br />
Declaration :<br />
Javacard.Security<br />
Example<br />
private Cipher myDESAlgo;<br />
private DESKey myDESKey;<br />
• DSAKey<br />
Base interface for the DSA algorithms<br />
• private and public key implementations<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 69<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 70<br />
Initialisation :<br />
Javacard.Security<br />
Example<br />
// produce/select the algo<br />
myDESAlgo = Cipher.getInstance(<br />
Cipher.ALG_DES_ECB_NOPAD,<br />
false);<br />
// produce the key<br />
myDESKey = (DESKey)KeyBuilder.buildKey(<br />
KeyBuilder.TYPE_DES,<br />
KeyBuilder.LENGTH_DES3_2KEY,<br />
false);<br />
// init the key<br />
myDESKey.setKey(<br />
buffer,<br />
dataOffset);<br />
Use :<br />
Javacard.Security<br />
Example<br />
// DES encryption<br />
// initialize algorithm with default key<br />
myDESAlgo.init(<br />
myDESKey,<br />
Cipher.MODE_ENCRYPT);<br />
// compute DES on data<br />
myDESAlgo.doFinal(<br />
buffer,<br />
(short)ISO7816.OFFSET_CDATA,<br />
count,<br />
buffer,<br />
(short)0);<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 71<br />
http://www.lifl.fr/~grimaud/Cours<br />
<strong>JavaCard</strong> System & Framework 72