Merge branch 'javacard-3.0.1' into javacard-3.0.4-without-secure-messaging

github-af · github-af · commit e534408f3dec · 2025-09-04T22:25:16.000+02:00
diff --git a/build.xml b/build.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <project name="smartpgp" default="convert" basedir=".">
   <description>Ant build for SmartPGP applet</description>
-  <get src="https://github.com/martinpaljak/ant-javacard/releases/download/v20.03.25/ant-javacard.jar" dest="." skipexisting="true"/>
+  <get src="https://github.com/martinpaljak/ant-javacard/releases/download/v25.08.21/ant-javacard.jar" dest="." skipexisting="true"/>
   <taskdef name="javacard" classname="pro.javacard.ant.JavaCard" classpath="ant-javacard.jar"/>
   <target name="convert">
     <javacard>
diff --git a/src/fr/anssi/smartpgp/Common.java b/src/fr/anssi/smartpgp/Common.java
@@ -82,7 +82,6 @@ protected static final short writeLength(final byte[] buf, short off, final shor
     }
 
     protected static final short skipLength(final byte[] buf, final short off, final short len) {
-
         if(len < 1) {
             ISOException.throwIt(ISO7816.SW_WRONG_DATA);
             return off;
@@ -114,7 +113,6 @@ protected static final short skipLength(final byte[] buf, final short off, final
     }
 
     protected static final short readLength(final byte[] buf, final short off, final short len) {
-
         if(len < 1) {
             ISOException.throwIt(ISO7816.SW_WRONG_DATA);
             return (short)0;
@@ -200,4 +198,10 @@ protected static final short writeAlgorithmInformation(final ECCurves ec,
 
         return off;
     }
+
+    protected static final void requestDeletion() {
+        if(JCSystem.isObjectDeletionSupported()) {
+            JCSystem.requestObjectDeletion();
+        }
+    }
 }
diff --git a/src/fr/anssi/smartpgp/PGPKey.java b/src/fr/anssi/smartpgp/PGPKey.java
@@ -58,6 +58,9 @@ private final void resetKeys(final boolean isRegistering) {
             keys.getPrivate().clearKey();
             keys.getPublic().clearKey();
             keys = null;
+            if(!isRegistering) {
+                Common.requestDeletion();
+            }
         }
 
         if(certificate_length > 0) {
@@ -205,10 +208,13 @@ protected final ECParams ecParams(final ECCurves ec) {
 
 
     private final KeyPair generateRSA() {
-        final PrivateKey priv = (PrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, rsaModulusBitSize(), false);
-        final RSAPublicKey pub = (RSAPublicKey)KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, rsaModulusBitSize(), false);
+        PrivateKey priv = (PrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, rsaModulusBitSize(), false);
+        RSAPublicKey pub = (RSAPublicKey)KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, rsaModulusBitSize(), false);
 
         if((priv == null) || (pub == null)) {
+            priv = null;
+            pub = null;
+            Common.requestDeletion();
             return null;
         }
 
@@ -219,13 +225,16 @@ private final KeyPair generateRSA() {
 
 
     private final KeyPair generateEC(final ECCurves ec) {
+        ECParams params = ecParams(ec);
 
-        final ECParams params = ecParams(ec);
-
-        final ECPrivateKey priv = (ECPrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, params.nb_bits, false);
-        final ECPublicKey pub = (ECPublicKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC, params.nb_bits, false);
+        ECPrivateKey priv = (ECPrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, params.nb_bits, false);
+        ECPublicKey pub = (ECPublicKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC, params.nb_bits, false);
 
         if((priv == null) || (pub == null)) {
+            params = null;
+            priv = null;
+            pub = null;
+            Common.requestDeletion();
             return null;
         }
 
@@ -237,30 +246,29 @@ private final KeyPair generateEC(final ECCurves ec) {
 
 
     protected final void generate(final ECCurves ec) {
-
-        KeyPair nkeys = null;
+        resetKeys(false);
 
         if(isRsa()) {
-            nkeys = generateRSA();
+            keys = generateRSA();
         } else if(isEc()) {
-            nkeys = generateEC(ec);
+            keys = generateEC(ec);
         }
 
-        if(nkeys == null) {
+        if(keys == null) {
             ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
             return;
         }
 
-        nkeys.genKeyPair();
+        keys.genKeyPair();
 
-        if(!nkeys.getPublic().isInitialized() || !nkeys.getPrivate().isInitialized()) {
+        if(!keys.getPublic().isInitialized() || !keys.getPrivate().isInitialized()) {
+            keys = null;
+            Common.requestDeletion();
             ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
             return;
         }
 
-        resetKeys(false);
         has_been_generated = true;
-        keys = nkeys;
     }
 
 
@@ -416,7 +424,6 @@ private final KeyPair importECKey(final ECCurves ec,
 
     protected final void importKey(final ECCurves ec,
                                    final byte[] buf, final short boff, final short len) {
-
         short off = boff;
 
         short template_len = 0;
@@ -486,30 +493,28 @@ protected final void importKey(final ECCurves ec,
             }
         }
 
-        KeyPair nkeys = null;
+        resetKeys(false);
 
         if(isRsa()) {
-            nkeys = importRSAKey(buf, data_off, data_len, data_tag_count, data_tag_val, data_tag_len);
+            keys = importRSAKey(buf, data_off, data_len, data_tag_count, data_tag_val, data_tag_len);
         } else if(isEc()) {
-            nkeys = importECKey(ec, buf, data_off, data_len, data_tag_count, data_tag_val, data_tag_len);
+            keys = importECKey(ec, buf, data_off, data_len, data_tag_count, data_tag_val, data_tag_len);
         }
 
-        if(nkeys == null) {
+        if(keys == null) {
             ISOException.throwIt(ISO7816.SW_WRONG_DATA);
             return;
         }
 
-        if(!nkeys.getPrivate().isInitialized() || !nkeys.getPublic().isInitialized()) {
+        if(!keys.getPrivate().isInitialized() || !keys.getPublic().isInitialized()) {
+            keys = null;
+            Common.requestDeletion();
             return;
         }
-
-        resetKeys(false);
-        keys = nkeys;
     }
 
 
     protected final short writePublicKeyDo(final byte[] buf, short off) {
-
         if(!isInitialized()) {
             ISOException.throwIt(Constants.SW_REFERENCE_DATA_NOT_FOUND);
             return 0;
@@ -520,7 +525,6 @@ protected final short writePublicKeyDo(final byte[] buf, short off) {
         off = Util.setShort(buf, off, (short)0x7f49);
 
         if(isRsa()) {
-
             final RSAPublicKey rsapub = (RSAPublicKey)pub;
             final short modulus_size = Common.bitsToBytes(rsaModulusBitSize());
             final short exponent_size = Common.bitsToBytes(rsaExponentBitSize());
@@ -542,9 +546,7 @@ protected final short writePublicKeyDo(final byte[] buf, short off) {
             off += rsapub.getExponent(buf, off);
 
             return off;
-
         } else if(isEc()) {
-
             final ECPublicKey ecpub = (ECPublicKey)pub;
             final short qsize = (short)(1 + 2 * (short)((ecpub.getSize() / 8) + (((ecpub.getSize() % 8) == 0) ? 0 : 1)));
             short rsize = (short)(1 + qsize);
@@ -564,7 +566,6 @@ protected final short writePublicKeyDo(final byte[] buf, short off) {
             off += ecpub.getW(buf, off);
 
             return off;
-
         }
 
         ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
@@ -577,7 +578,6 @@ protected final short writePublicKeyDo(final byte[] buf, short off) {
     protected final short sign(final Common common,
                                final byte[] buf, final short lc,
                                final boolean forAuth) {
-
         if(!isInitialized()) {
             ISOException.throwIt(Constants.SW_REFERENCE_DATA_NOT_FOUND);
             return 0;
@@ -590,7 +590,6 @@ protected final short sign(final Common common,
         byte[] sha_header = null;
 
         if(isRsa()) {
-
             if(!forAuth) {
                 if(lc == (short)(2 + Constants.DSI_SHA256_HEADER[1])) {
                     sha_header = Constants.DSI_SHA256_HEADER;

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,6 @@ protected static final short writeLength(final byte[] buf, short off, final shor`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`protected static final short skipLength(final byte[] buf, final short off, final short len) {`
`85`		`-`
`86`	`85`	`if(len < 1) {`
`87`	`86`	`ISOException.throwIt(ISO7816.SW_WRONG_DATA);`
`88`	`87`	`return off;`
`@@ -114,7 +113,6 @@ protected static final short skipLength(final byte[] buf, final short off, final`
`114`	`113`	`}`
`115`	`114`
`116`	`115`	`protected static final short readLength(final byte[] buf, final short off, final short len) {`
`117`		`-`
`118`	`116`	`if(len < 1) {`
`119`	`117`	`ISOException.throwIt(ISO7816.SW_WRONG_DATA);`
`120`	`118`	`return (short)0;`
`@@ -200,4 +198,10 @@ protected static final short writeAlgorithmInformation(final ECCurves ec,`
`200`	`198`
`201`	`199`	`return off;`
`202`	`200`	`}`
	`201`	`+`
	`202`	`+ protected static final void requestDeletion() {`
	`203`	`+ if(JCSystem.isObjectDeletionSupported()) {`
	`204`	`+ JCSystem.requestObjectDeletion();`
	`205`	`+ }`
	`206`	`+ }`
`203`	`207`	`}`