public class Ssh extends javacard.framework.Applet
{
+ // Change this when the applet changes; hi byte is major, low byte is minor
+ static final short applet_version = (short)0x0102;
+
/* constants declaration */
// code of CLA byte in the command APDU header
static final byte Ssh_CLA =(byte)0x05;
static final byte DECRYPT = (byte) 0x10;
static final byte GET_KEYLENGTH = (byte) 0x20;
static final byte GET_PUBKEY = (byte) 0x30;
+ static final byte GET_VERSION = (byte) 0x32;
static final byte GET_RESPONSE = (byte) 0xc0;
- /* instance variables declaration */
static final short keysize = 1024;
+ static final short root_fid = (short)0x3f00;
+ static final short privkey_fid = (short)0x0012;
+ static final short pubkey_fid = (short)(('s'<<8)|'h');
- //RSA_CRT_PrivateKey rsakey;
+ /* instance variables declaration */
AsymKey rsakey;
CyberflexFile file;
CyberflexOS os;
- byte buffer[];
-
- static byte[] keyHdr = {(byte)0xC2, (byte)0x01, (byte)0x05};
-
private Ssh()
{
file = new CyberflexFile();
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
- buffer = apdu.getBuffer();
+ byte buffer[] = apdu.getBuffer();
+ short size, st;
// verify that if the applet can accept this
// APDU message
if (buffer[ISO.OFFSET_CLA] != Ssh_CLA)
ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
//decrypt (apdu);
- short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
+ size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
if (apdu.setIncomingAndReceive() != size)
ISOException.throwIt (ISO.SW_WRONG_LENGTH);
+ // check access; depends on bit 2 (x/a)
+ file.selectFile(root_fid);
+ file.selectFile(privkey_fid);
+ st = os.checkAccess(ACL.EXECUTE);
+ if (st != ST.ACCESS_CLEARED) {
+ CyberflexAPDU.prepareSW1SW2(st);
+ ISOException.throwIt(CyberflexAPDU.getSW1SW2());
+ }
+
rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size,
buffer, (short) ISO.OFFSET_CDATA);
apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
- return;
+ break;
case GET_PUBKEY:
- file.selectFile((short)(0x3f<<8)); // select root
- file.selectFile((short)(('s'<<8)|'h')); // select public key file
- os.readBinaryFile (buffer, (short)0, (short)0, (short)(keysize/8));
- apdu.setOutgoingAndSend((short)0, (short)(keysize/8));
- return;
+ file.selectFile(root_fid); // select root
+ file.selectFile(pubkey_fid); // select public key file
+ size = (short)(file.getFileSize() - 16);
+ st = os.readBinaryFile(buffer, (short)0, (short)0, size);
+ if (st == ST.SUCCESS)
+ apdu.setOutgoingAndSend((short)0, size);
+ else {
+ CyberflexAPDU.prepareSW1SW2(st);
+ ISOException.throwIt(CyberflexAPDU.getSW1SW2());
+ }
+ break;
case GET_KEYLENGTH:
- buffer[0] = (byte)((keysize >> 8) & 0xff);
- buffer[1] = (byte)(keysize & 0xff);
+ Util.setShort(buffer, (short)0, keysize);
+ apdu.setOutgoingAndSend ((short)0, (short)2);
+ break;
+ case GET_VERSION:
+ Util.setShort(buffer, (short)0, applet_version);
apdu.setOutgoingAndSend ((short)0, (short)2);
- return;
+ break;
case GET_RESPONSE:
- return;
+ break;
default:
ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED);
}
andersk / gssapi-openssh.git / blobdiff