Skip to content

Getting the code to run

Jump to bottom
Matej Evin edited this page Dec 9, 2018 · 10 revisions

General info

First, we assume you have a JavaCard. Best would be a 2.2.2. version, but this should work on newer cards too. Second, we assume you have some means of communication with the card. If not, I recommend taking a look at Martin Paljak's GlobalPlatformPro, which works very well and is open-source. You should also have some tool to compile JavaCard source code to .cap applet files. Here I suggest JC-ant again from Martin Paljak (that guy is a genius!).

Folder structure

The code is split into several folders, where each folder contains sources to different algorithm or family of algorithms:

  • PBKDF2 - key derivation
  • TWINE - symmetric block cipher
  • Zorro - symmetric block cipher (insecure, careful!)
  • AEAD - 5 authenticated encryption with associated data algorithms
    • ACORN - very slow
    • AEGIS - pretty fast
    • ASCON - was really slow, now it is okay fast.
    • CLOC - mega fast.
    • MORUS - was really slow, now it is okay fast.
  • Sha3 - message digest
  • OpenPGP - open-source extension of PGP to compute on JavaCards

There is also one other folder named "_ext". This folder contains all necessary libraries and stuff for other code like GlobalPlatformPro to work. every build.xml file loads resources from _ext which is one folder above build.xml files. If you move _ext, dont forget to change your build.xml files as well.

Each of the algorithm folders contains:

  • src - folder with source files, usually an engine and an example applet
  • capfiles - here you can find an example .cap file. ant also creates .cap files here.
  • build.xml - contains information for ant to generate .cap file. Usually writing ant is enough. Only in the case of AEAD you should specify which alg you want to compile, for example create aegis by writing ant aegis, otherwise acorn will be selected as default. Or use the accompanied .bat files which deletes old applet, compiles the new .cap file and installs it on the card.

Installing & running the applet

For all this to work, just open a command line prompt in algorithm folder and then:

  1. Make sure JC is empty (or not, whatever). Use gp -delete 'insert-package-aid-here' to delete.
  2. Run ant by writing ant. Duh. (make sure ant is present in your %PATH% environment variable or it won't work).
  3. Install .cap file by writing gp -install capfiles/sha3.cap or whatever algorithm your soul desires.

All algorithms use the same AID for simplicity, so change them as you desire. Most of example applets have values hard-coded, so no need to send any real data. Sha3 likes some input though. The common APDU header to send in my examples is:

CLA = B0
INS = 61
P1  = 0
P2  = 0
LC  = 0

Throw some APDU to the card and watch the results! (and go get some beer from the fridge while this slowpoke actually computes the thing)

In the case of OpenPGP card, AID and PKG have to be different, because of OpenPGP standard. To use this applet with GnuPG, use this PKG and AID when building a .cap file:

PKG: D27600012401
AID: D2760001240102000000000000010000

CLA = 00, or whatever else. It is not checked.
INS = check the OpenPGPApplet.java for instruction codes.
P1  = depends on INS
P2  = depends on INS
LC  = length of input data, followed by data itself.
      PIN "123" is 0x03, 0x61, 0x62, 0x63

Profiling

If you want to profile your code, check JCProfiler. Also, you can check my YouTube tutorial on how to use it, because it may be a bit complex.

Have fun.

Clone this wiki locally