Skip to content
JavaCard implementation of GlobalPlatform Access Rule Application Master Applet
Java
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.idea
aram
gradle/wrapper
oracle_javacard_sdks @ 2b36942
.gitignore
.gitmodules create repo aram-applet Sep 25, 2017
.travis.yml
LICENSE.md create repo aram-applet Sep 25, 2017
README.md
build.gradle
gradlew
gradlew.bat create repo aram-applet Sep 25, 2017
settings.gradle

README.md

ARAM Applet

Build Status Coverage Status

JavaCard implementation of Global Platform Access Rule Application Master (ARA-M) applet from Secure Element Access Control v1.0 specification.

What is this ?

ARA-M is an application (typically present on a SIM card) which manage access rules that are enforced by an Access Control Enforcer (typically present on Android device). The enforcer makes sure the rules from the ARAM are enforced. An access rule is composed of :

  • an AID
  • a certificate hash (sha1 of client application cert)
  • a set of rules

The Access Control enforcer will allow/deny a client application (for example an Android app) to send APDU to a SE applet based on these rules

More information : seek-for-android Access Control wiki

Features

Get Data

  • get all
  • get specific REF-DO
  • get refresh tag
  • get next

Store Data

  • store REF-AR-DO
  • delete AID-REF-DO
  • delete REF-DO
  • delete REF-AR-DO
  • update refresh tag

Note

  • store data can be accessed via install for personalization or via raw apdu STORE DATA
  • get data length is coded on 2 bytes max
  • get specific is not compatible with get next
  • rules are not stored as data object but as plain apdu AR-DO
  • format of APDU-AR-DO, NFC-AR-DO is not checked
  • deleting specific rules is not implemented (only aid/hash)

Setup

git clone git@github.com:bertrandmartel/aram-applet.git
cd aram-applet
git submodule update --init
  • build
./gradlew build
  • build & install (will delete existing applet before install)
./gradlew installJavaCard

Tests

  • run simulation tests
./gradlew test
  • run tests on smartcard
./gradlew test -DtestMode=smartcard

Scripts

Install for personalization

  • list rules
gp -acr-list

Use GlobalPlatformPro to send store data via the Security Domain with install comand + install for personalization :

  • add rule
gp -acr-add -acr-rule 01 -app D2760001180002FF49502589C0019B18 -acr-hash 1FA8CC6CE448894C7011E23BCF56DB9BD9097432
  • delete rule
gp -acr-delete -app D2760001180002FF49502589C0019B18 -acr-hash 1FA8CC6CE448894C7011E23BCF56DB9BD9097432

Raw APDU

  • list rules
./gradlew list

The following task send store data command raw apdu via GlobalPlatformPro (for add & delete) :

  • add rule
./gradlew store

or

./gradlew test --tests fr.bmartel.aram.AramTest.storeDataValid
  • delete rule
./gradlew delete

or

./gradlew test --tests fr.bmartel.aram.AramTest.deleteByAid

License

The MIT License (MIT) Copyright (c) 2017 Bertrand Martel

You can’t perform that action at this time.