Consider supporting Java Card 3.0.1 cards

[tyll]

SmartPGP requires Java Card 3.0.4 compliant cards but many cards do not support this newer version. I found three isues when trying to compile SmartPGP for the older version:

• Signature.ALG_ECDSA_SHA_224 is not defined
• Signature.signPreComputedHash() does not exist
• The applet does not install for unknown reasons when commenting above code which seems to be only required for ECC.

I would like to test this applet with this card https://www.usmartcards.co.uk/downloads/dl/file/id/444/product/312/universal_jcard_sales_sheet.pdf as the card might support RSA 4096 so I would not miss the ECC features. Do you have maybe any ideas what other code depends on Java Card 3.0.4?

[af-anssi]

If the applet is correctly loaded (command "install for load"), but installation (command "install for install") is failing, I think the problem is that the resources of the card (RAM or non volatile) are exhausted.

SmartPGP is quite greedy. To determine if this is the problem, a simple test is to comment the content of the SmartPGPApplet class constructor: the applet will be unusable if install is successful, but you will definitely know if this is the problem.

If the resource consumption is the problem, please consider the instructions given in section "Reducing flash and/or RAM consumption" of the README.md.

[tyll]

Thank you for the fast reply.

On Tue, Jun 06, 2017 at 12:26:16AM -0700, Arnaud Fontaine wrote: If the applet is correctly loaded (command "install for load"), but installation (command "install for install") is failing, I think the problem is that the resources of the card (RAM or non volatile) are exhausted.

According to the specs (see the other PDF) the card has 12k RAM and 80K user memory and the SmartPGP applet is the only applet there. This seem to be quite a lot of resources.

SmartPGP is quite greedy. To determine if this is the problem, a simple test is to comment the content for the SmartPGPApplet class constructor: the applet will be unusable if install is successful, but you will definitely know if this is the problem.

I tried this already because @martinpaljak told me there might be problem in the constructor since the install method only calls a register() method. The problem with this approach is that javac then starts to complain about variables not being initialized. Maybe I can initialize them just with null, have to check it this evening.

If the resource consumption is the problem, please consider the instructions given in section ["Reducing flash and/or RAM consumption" of the README.md](https://github.com/ANSSI-FR/SmartPGP#reducing-flash-andor-ram-consumption).

I will give it also a try.

[af-anssi]

Did you manage to install the applet successfully on your 3.0.1 card ?

[tyll]

On Thu, Jun 29, 2017 at 09:36:59AM +0000, Arnaud Fontaine wrote: Did you manage to install the applet successfully on your 3.0.1 card ?

I am sorry, I forgot to post the results here. When I can install it when I do not create a Persistent() and SecureMessaging() object in the constructor.

[af-anssi]

I created a branch javacard-3.0.1 which contains a working version (without elliptic curves and secure messaging) of the applet compatible with JavaCard 3.0.1.
Could you test this version ? If you still have a problem at install, you should first try to decrease Constants.INTERNAL_BUFFER_MAX_LENGTH, and then "max length of carholder certificate" in Constants.EXTENDED_CAPABILITIES.

[tyll]

Thank you, you are great. Unfortunately it still does not work:
Install for Install and make selectable failed SW: 6A80

I tried several small values with the same result, these are now the smallest I tried:

+++ b/src/fr/anssi/smartpgp/Constants.java
@@ -31 +31 @@ public final class Constants {
-        (short)((short)0x500);
+        (short)((short)0x0f0);
@@ -190 +190 @@ public final class Constants {
-        (byte)0x04, (byte)0x80, /* max length of carholder certificate */
+        (byte)0x00, (byte)0x10, /* max length of carholder certificate */

If it would be of any help I could try to send you one of the cards for testing.

[af-anssi]

I don't have the manual of this card, but 6A80 is generally a problem of parameter (P1, P2 or wrong TLV data).
Are you sure of the AID you specify during the install for install and make selectable ?
Does it match exactly the AID specified in the build.xml ?

[tyll]

I do not specify a AID by hand, I just use

gp -install build/fr/anssi/smartpgp/javacard/smartpgp.cap

to install the applet I use gp from here: https://github.com/martinpaljak/GlobalPlatformPro

When I change

data = new Persistent();

to

data = null;

in

src/fr/anssi/smartpgp/SmartPGPApplet.java

and recompile the applet, I can install it with above command.

[af-anssi]

Sorry, I forgot this (very important) point...
Without a sample card it is difficult to determine where the problem comes from. From the spec I read, I don't think the problem comes from available resources, but from a parameter somewhere not supported by this card. If you are still ok to send me a sample card, please contact me by email directly (finding my address is quite easy ;)).

Could you try commenting the following line ? It will not remove memory allocations, but it works it will definitely reduce the faulty code.
https://github.com/ANSSI-FR/SmartPGP/blob/javacard-3.0.1/src/fr/anssi/smartpgp/Persistent.java#L142

[af-anssi]

Thank you for providing me a card !

After some investigation, it appears the problem on this card comes from the use of the transaction mechanism during installation only.
I have updated the code not to use it during installation on both branches. It has no security impact since this mechanism protects against inconsistency when the card is powered off or teared down in the middle of some operation. If such event occurs at installation, the applet will not be installed at all.

Can you test it and tell me if it is ok ?

[martinpaljak]

There is no need for transactions during install(), one is implicitly present. Maybe it would make sense to separate "things to initialize during install()" from "things to initialize by command later on" so that there would be no need for the "wrapping code" and an extra variable to track, that would be implicitly known from the code path otherwise ?

[af-anssi]

If you look at commit 1dd42f5 you will see that is what I did: a "wrapping code" with a boolean parameter was introduced for transactions to determine if it is called from install (i.e. is registering) or not.

[af-anssi]

The javacard-3.0.1 branch is working correctly, without secure messaging or ECC because of missing features from the JCDK in this version. I thus close this issue.

[dschuermann]

We will try to also get the "Universal JCard" as we have problems with our current card "ACOSJ".

@tyll How did you "compile SmartPGP for the older version"?
Which Oracle Javacard Kit did you use?

CC @af-anssi @martinpaljak

[af-anssi]

You can simply checkout the javacard-3.0.1 branch of SmartPGP and use the 3.0.1 JCDK to compile it.

[dschuermann]

@af-anssi Do you have a link to the 3.0.1 JCDK? I only found 3.0.3/3.0.4. https://github.com/martinpaljak/oracle_javacard_sdks is also missing this version.

[martinpaljak]

3.0.3 includes 3.0.1 API, so that is the right one. There is slight confusion in JavaCard API versions on SDK versions.

[dschuermann]

@martinpaljak awesome, thanks for your help!

[af-anssi]

@martinpaljak is right; I have been fooled by a symlink on my local machine ;-)

[martinpaljak]

@dschuermann @af-anssi FYI, I added NOTES: https://github.com/martinpaljak/oracle_javacard_sdks/blob/master/README.md