idpass · typelogic · Jan 3, 2020 · Jan 6, 2020 · Jan 6, 2020 · Jan 6, 2020
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,7 +3,7 @@ version: 2
 jobs:
   build:
     docker:
-      - image: circleci/openjdk:8u232-jdk
+      - image: mingc/android-build-box
     steps:
       - checkout
       - run: git submodule update --init

diff --git a/.gitignore b/.gitignore
@@ -27,3 +27,5 @@ build
 
 # gradle stuff
 /.gradle
+*.swp
+libs/globalplatform-2_1_1/META-INF/
diff --git a/.gitmodules b/.gitmodules
@@ -13,3 +13,6 @@
 [submodule "datastorage"]
 	path = datastorage
 	url = ssh://[email protected]/idpass/card-storage-applet.git
+[submodule "sign"]
+	path = sign
+	url = ssh://[email protected]/idpass/card-sign-applet.git
diff --git a/auth b/auth
diff --git a/build.gradle b/build.gradle
@@ -1,7 +1,59 @@
+def getGitHash = { p ->
+    def stdout = new ByteArrayOutputStream()
+    exec {
+        if (p) workingDir p 
+        commandLine 'git','rev-parse','HEAD'
+        standardOutput = stdout
+    }
+    return stdout.toString().trim()
+}
+
+def getUri = { p ->
+    def stdout = new ByteArrayOutputStream()
+    exec {
+    if (p) workingDir p
+        commandLine 'git','remote','-v'
+        standardOutput = stdout
+    }
+    def repoUri = stdout.toString().trim().split("\n")[0].split()[1]
+    return repoUri
+}
+
+def getHostname = {
+    def stdout = new ByteArrayOutputStream()
+    exec {
+        commandLine 'hostname'
+        standardOutput = stdout
+    }
+    def x = stdout.toString().trim()
+    return x
+}
+
 subprojects {
     final def rootPath = rootDir.absolutePath
     final def libs = rootPath + '/libs'
     final def libs_gp211 = rootPath + '/libs/globalplatform-2_1_1'
+	final def libsSdk = rootPath + '/libs-sdks'
+    final def libs_classes = rootPath + '/build/javacard/tools.exp'
+
+	final def JC211   = libsSdk + '/jc211_kit'
+	final def JC212   = libsSdk + '/jc212_kit'
+	final def JC221   = libsSdk + '/jc221_kit'
+	final def JC222   = libsSdk + '/jc222_kit'
+	final def JC303   = libsSdk + '/jc303_kit'
+	final def JC304   = libsSdk + '/jc304_kit'
+	final def JC305u1 = libsSdk + '/jc305u1_kit'
+	final def JC305u2 = libsSdk + '/jc305u2_kit'
+	final def JC305u3 = libsSdk + '/jc305u3_kit'
+
+    ext {
+        _getUri = getUri
+        _getGitHash = getGitHash
+        _getHostname = getHostname
+        _sourceCompatibility = 1.7
+        _targetCompatibility = 1.7
+        _JC_SELECTED = JC304
+    }
 
     buildscript {
         repositories {
@@ -11,7 +63,7 @@ subprojects {
         }
 
         dependencies {
-            classpath 'com.fidesmo:gradle-javacard:0.2.7'
+            classpath 'com.klinec:gradle-javacard:1.6.3' 
         }
     }
 
@@ -23,14 +75,12 @@ subprojects {
         flatDir {
             dirs libs
             dirs libs_gp211
+            dirs libs_classes
         }
     }
-
-    task wrapper(type: Wrapper) {
-        gradleVersion = '4.7'
-    }
 }
 
 allprojects {
     buildDir = new File(rootProject.projectDir, "build")
 }
+
diff --git a/build.sh b/build.sh
@@ -5,10 +5,14 @@ export JC_HOME=$(pwd)/libs-sdks/jc304_kit/
 export _JAVA_OPTIONS=-Djc.home=$JC_HOME
 
 buildoutputs='
-build/javacard/org/idpass/auth/javacard/auth.cap
-build/javacard/org/idpass/tools/javacard/tools.cap
-build/javacard/org/idpass/sam/javacard/sam.cap
-build/javacard/org/idpass/datastorage/javacard/datastorage.cap'
+build/javacard/auth.cap
+build/javacard/tools.exp/org/idpass/tools/javacard/tools.cap
+build/javacard/sam.cap
+build/javacard/datastorage.cap
+build/libs/idpass_tools.jar
+build/libs/idpass_auth.jar
+build/libs/idpass_datastorage.jar
+build/libs/idpass_sam.jar'
 
 buildoutputscount=$(echo $buildoutputs | tr ' ' '\n' | wc -l)
 ./gradlew build

diff --git a/datastorage b/datastorage
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 #Mon Dec 02 10:05:57 SGT 2019
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.7-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.3-all.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStorePath=wrapper/dists

diff --git a/offcard/GPC_CardSpecification_v2.3.1_PublicRelease_CC.pdf b/offcard/GPC_CardSpecification_v2.3.1_PublicRelease_CC.pdf
diff --git a/offcard/README.md b/offcard/README.md
@@ -0,0 +1,39 @@
+# GlobalPlatform Card Spec 2.3.1
+
+As latest specification contains errata and precision of previous versions of the spec,
+therefore will use latest specification url https://globalplatform.org/specs-library/card-specification-v2-3-1/
+
+Older specification, for example, cited a dubious usage advise of `p2` in the `INITIALIZE_UPDATE` command. 
+The latest specification `v2.3.1` explicitly clarifies the value of `p2` to be always `0x00`. A mis-interpretation
+of this tiny detail would lead you to think of `p2` as an option to choose one of the key. 
+
+### Applet privileges
+- b8=1 indicates that the Application is a Security Domain.
+- b7=1 indicates that the Security Domain has DAP Verification capability.
+- b6=1 indicates that the Security Domain has Delegated Management privileges.
+- b5=1 indicates that the Application has the privilege to lock the card.
+- b4=1 indicates that the Application has the privilege to terminate the card.
+- b3=1 indicates that the Application has the Default Selected privilege.
+- b2=1 indicates that the Application has CVM management privileges.
+- b1=1 indicates that the Security Domain has mandated DAP Verification capability.
+
+### 11.1.4 Class Byte Coding (Card Specification v2.3.1)
+- 0x00 Command defined in ISO/IEC 7816
+- 0x80 Proprietary command
+- 0x84 Proprietary command with secure messaging
+
+### Key Type
+- 0x00 - 0x7F Reserved
+- 0x80 DES - mode (EBC/CBC) implicitely known
+- ...
+
+### Miscelaneous (from specs)
+- The `ISD` shall be the Default Selected Application
+- An initial key shall be available within the `ISD`
+
+### Miscelaneous (from observation)
+- Once a key is added, the default factory `kvno` of `0xFF` with default key `40 .. 4F` is forever lost. The offcard must explicitely declare a keyset.
+- One a key is added, it cannot be deleted. But only replaced with new key value
+- In the JCOP terminal, `/send` != `send`. These are the insecure and secure variations of sending an apdu
+- Once a data attempts to go out from an applet **insecurely**, it resets the applet's security level to 0x00. The JCOP terminal still thinks 0x83 though. 
+- Always first load `tools.cap`  
diff --git a/offcard/build.gradle b/offcard/build.gradle
@@ -0,0 +1,33 @@
+group 'org.idpass.offcard'
+version '0.0.1'
+
+apply plugin: 'java'
+sourceCompatibility = 1.8
+
+dependencies {
+    compile 'com.klinec:jcardsim:3.0.5.9'
+    compile 'org.testng:testng:7.0.0'
+    implementation 'org.bouncycastle:bcprov-jdk15on:1.62'
+    implementation 'org.web3j:core:2.3.1'
+    implementation 'org.bitcoinj:bitcoinj-core:0.14.5'
+
+    // Establish build order dependency of
+    // org.idpass.offcard.applet/* to org.idpass.{auth,sam,datastorage}/* 
+    compile project(':auth')
+    compile project(':sam')
+    compile project(':datastorage')
+    compile project(':sign')
+}
+
+test {
+    println "--- offcard test task ---"
+    filter {
+        includeTestsMatching "org.idpass.offcard.test.Main.*"
+    }
+
+    testLogging.showStandardStreams = true
+    outputs.upToDateWhen {false}
+    useTestNG()
+    jvmArgs '-noverify'
+}
+
+37 −33		build.gradle
+40 −39		src/main/java/org/idpass/auth/AuthApplet.java
+37 −30		build.gradle
+13 −12		src/main/java/org/idpass/datastorage/DatastorageApplet.java