remove default data, make hmac len 14 to avoid uscard crashes

Author: stepansnigirev

src/main/java/toys/MemoryCardApplet.java

@@ -37,17 +37,7 @@ public static void install(byte[] bArray, short bOffset, byte bLength){
     }
     public MemoryCardApplet(){
         super();
-
-        // Default data
-        byte[] defaultData = { 
-            'M', 'e', 'm', 'o', 'r', 'y', ' ', 'c', 
-            'a', 'r', 'd', 's', ' ', 'a', 'r', 'e', 
-            ' ', 'n', 'o', 't', ' ', 's', 'a', 'f', 
-            'u', ' ', 's', 'o', ' ', 'w', 'h', 'a',
-            't', '?'
-        };
         secretData = new DataEntry(MAX_DATA_LENGTH);
-        secretData.put(defaultData, (short)0, (short)defaultData.length);
     }
     protected short processSecureMessage(byte[] buf, short len){
         if(buf[OFFSET_CMD] == CMD_STORAGE){

src/main/java/toys/SecureChannel.java

@@ -28,7 +28,7 @@ public class SecureChannel{
     static final public short MAX_LENGTH_KEY    = (short)32;
     /** Size of the HMAC code used in messages. 
      *  We reduce it to 15 bytes to increase data capacity. */
-    static final public short LENGTH_MAC        = (short)15;
+    static final public short LENGTH_MAC        = (short)14;
     /** Size of the IV for AES */
     static final public short LENGTH_IV         = (short)16;
     /** Maximum size of the cyphertext including MAC */

tests/tests/test_memorycard.py

@@ -0,0 +1,184 @@
+#!/usr/bin/env python3
+import unittest, os
+from util.securechannel import SecureChannel, SecureError
+
+AID = "B00B5111CB01"
+APPLET = "toys.MemoryCardApplet"
+CLASSDIR = "MemoryCard"
+
+mode = os.environ.get('TEST_MODE', "simulator")
+if mode=="simulator":
+    from util.simulator import Simulator, ISOException
+    sim = Simulator(AID, APPLET, CLASSDIR)
+elif mode=="card":
+    from util.card import Card, ISOException
+    sim = Card(AID)
+else:
+    raise RuntimeError("Not supported")
+
+def setUpModule():
+    sim.connect()
+
+def tearDownModule():
+    sim.disconnect()
+
+SELECT     = b"\x00\xA4\x04\x00"
+GET_RANDOM = b"\xB0\xB1\x00\x00"
+GET_PUBKEY = b"\xB0\xB2\x00\x00"
+
+def encode(data):
+    return bytes([len(data)])+data
+
+class SecureAppletTest(unittest.TestCase):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+    def get_secure_channel(self, open=True):
+        sc = SecureChannel(sim)
+        sc.open()
+        self.assertEqual(sc.is_open, True)
+        return sc
+
+    def test_select(self):
+        # selecting applet
+        data = SELECT+encode(bytes.fromhex(AID))
+        res = sim.request(data)
+        self.assertEqual(res, b"")
+
+    def test_random(self):
+        # test default value
+        d1 = sim.request(GET_RANDOM)
+        d2 = sim.request(GET_RANDOM)
+        self.assertNotEqual(d1, d2)
+        self.assertEqual(len(d1), 32)
+
+    def test_pubkey(self):
+        pub = sim.request(GET_PUBKEY)
+        self.assertEqual(pub[0], 0x04)
+        self.assertEqual(len(pub), 65)
+
+    def test_sc(self):
+        sc = self.get_secure_channel()
+        # echo
+        data = sc.request(b"\x00\x00ping")
+        self.assertEqual(data, b"ping")
+        # secure random
+        d1 = sc.request(b"\x01\x00")
+        d2 = sc.request(b"\x01\x00")
+        self.assertNotEqual(d1, d2)
+        self.assertEqual(len(d1), 32)
+        # close channel
+        sc.close()
+        self.assertEqual(sc.is_open, False)
+
+    def test_duplicate_sc(self):
+        # open one channel
+        sc1 = self.get_secure_channel()
+        # open another channel
+        sc2 = self.get_secure_channel()
+        # first should be invalid now
+        with self.assertRaises(ISOException) as e:
+            # trying to get random data 
+            # with outdated channel
+            sc1.request(b"\x01\x00")
+        sc2.close()
+
+    def test_pin(self):
+        sc = self.get_secure_channel()
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        self.assertEqual(left, 10)
+        self.assertEqual(total, left)
+        self.assertEqual(is_set, 0)
+        # if PIN is not set - check should raise
+        with self.assertRaises(SecureError) as e:
+            sc.request(b'\x03\x01'+b'q')
+        # set PIN
+        pin = b"My PIN code"
+        sc.request(b"\x03\x04"+pin)
+        # check if it's set and card is unlocked now
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        self.assertEqual(left, 10)
+        self.assertEqual(total, left)
+        self.assertEqual(is_set, 2)
+        # lock the card
+        sc.request(b"\x03\x02")
+        # check it's locked
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        self.assertEqual(left, 10)
+        self.assertEqual(total, left)
+        self.assertEqual(is_set, 1)
+        # check we can't unlock with wrong PIN
+        with self.assertRaises(SecureError) as e:
+            sc.request(b'\x03\x01'+pin+b'q')
+        # check that we have 9 attempts now
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        self.assertEqual(left, 9)
+        self.assertEqual(total, 10)
+        self.assertEqual(is_set, 1)
+        # check we can unlock with valid PIN
+        sc.request(b'\x03\x01'+pin)
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        # number of attempts should be 10 again
+        self.assertEqual(left, 10)
+        self.assertEqual(total, 10)
+        self.assertEqual(is_set, 2)
+
+        # check we can change PIN with valid PIN
+        pin2 = b"qqq"
+        sc.request(b'\x03\x03'+encode(pin)+encode(pin2))
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        self.assertEqual(left, 10)
+        self.assertEqual(total, 10)
+        self.assertEqual(is_set, 2)
+        pin = pin2
+        # check we can't change pin with invalid pin
+        with self.assertRaises(SecureError) as e:
+            sc.request(b'\x03\x03'+encode(pin2+b"q")+encode(pin2))
+        # card should be locked now
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        self.assertEqual(left, 9)
+        self.assertEqual(total, 10)
+        self.assertEqual(is_set, 1)
+        # check we can't unset PIN with invalid PIN
+        with self.assertRaises(SecureError) as e:
+            sc.request(b'\x03\x05'+pin+b'q')
+        # card should be locked now
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        self.assertEqual(left, 8)
+        self.assertEqual(total, 10)
+        self.assertEqual(is_set, 1)
+
+        # get random should still work 
+        # even if the card is locked
+        d = sc.request(b"\x01\x00")
+        self.assertEqual(len(d), 32)
+
+        # check we can unset with valid PIN
+        sc.request(b'\x03\x05'+pin)
+        # should be unset now
+        status = sc.request(b'\x03\x00')
+        left, total, is_set = list(status)
+        self.assertEqual(left, 10)
+        self.assertEqual(total, left)
+        self.assertEqual(is_set, 0)
+        sc.close()
+
+    def test_invalid(self):
+        with self.assertRaises(ISOException) as e:
+            # invalid INS
+            sim.request(b"\xB0\xA3\x00\x00")
+
+        with self.assertRaises(ISOException) as e:
+            # invalid CLA
+            sim.request(b"\xB1\xA1\x00\x00")
+
+if __name__ == '__main__':
+    unittest.main()

tests/tests/test_secureapplet.py

@@ -4,7 +4,7 @@
 
 AID = "B00B5111FF01"
 APPLET = "toys.SecureApplet"
-CLASSDIR = "SecureApplet"
+CLASSDIR = "Secure"
 
 mode = os.environ.get('TEST_MODE', "simulator")
 if mode=="simulator":

tests/tests/util/securechannel.py

@@ -11,6 +11,7 @@ def __init__(self, code):
         self.code = code
 
 class SecureChannel:
+    HMAC_LEN = 14
     def __init__(self, card):
         """Pass Card or Simulator instance here"""
         self.card = card
@@ -59,10 +60,10 @@ def open(self, mode=None):
             secp256k1.ec_pubkey_tweak_mul(pub, secret)
             shared_secret = hashlib.sha256(secp256k1.ec_pubkey_serialize(pub)[1:33]).digest()
             shared_fingerprint = self.derive_keys(shared_secret)
-            recv_hmac = s.read(15)
+            recv_hmac = s.read(self.HMAC_LEN)
             h = hmac.new(self.card_mac_key, digestmod='sha256')
             h.update(data)
-            expected_hmac = h.digest()[:15]
+            expected_hmac = h.digest()[:self.HMAC_LEN]
             if expected_hmac != recv_hmac:
                 raise RuntimeError("Wrong HMAC. Got %s, expected %s" % (recv_hmac.hex(),expected_hmac.hex()))
             data += recv_hmac
@@ -82,13 +83,13 @@ def open(self, mode=None):
             res = self.card.request(b"\xB0\xB4\x00\x00"+encode(data))
             s = BytesIO(res)
             nonce_card = s.read(32)
-            recv_hmac = s.read(15)
+            recv_hmac = s.read(self.HMAC_LEN)
             secret_with_nonces = hashlib.sha256(shared_secret+nonce_card).digest()
             shared_fingerprint = self.derive_keys(secret_with_nonces)
             data = nonce_card
             h = hmac.new(self.card_mac_key, digestmod='sha256')
             h.update(data)
-            expected_hmac = h.digest()[:15]
+            expected_hmac = h.digest()[:self.HMAC_LEN]
             if expected_hmac != recv_hmac:
                 raise RuntimeError("Wrong HMAC. Got %s, expected %s"%(recv_hmac.hex(),expected_hmac.hex()))
             data += recv_hmac
@@ -114,17 +115,17 @@ def encrypt(self, data):
         h = hmac.new(self.host_mac_key, digestmod='sha256')
         h.update(iv)
         h.update(ct)
-        ct += h.digest()[:15]
+        ct += h.digest()[:self.HMAC_LEN]
         return ct
 
     def decrypt(self, ct):
-        recv_hmac = ct[-15:]
-        ct = ct[:-15]
+        recv_hmac = ct[-self.HMAC_LEN:]
+        ct = ct[:-self.HMAC_LEN]
         iv = self.iv.to_bytes(16, 'big')
         h = hmac.new(self.card_mac_key, digestmod='sha256')
         h.update(iv)
         h.update(ct)
-        expected_hmac = h.digest()[:15]
+        expected_hmac = h.digest()[:self.HMAC_LEN]
         if expected_hmac != recv_hmac:
             raise RuntimeError("Wrong HMAC. Got %s, expected %s"%(recv_hmac.hex(),expected_hmac.hex()))
         backend = default_backend()

tests/tests/util/simulator.py

@@ -54,4 +54,5 @@ def request(self, apdu):
 
     def disconnect(self):
         self.s.close()
-        self.proc.kill()
+        self.proc.kill()
+        time.sleep(1)