Erster Commit.

.gitignore

+
+/ZonenTuereAppletHash/bin
\ No newline at end of file

ZonenTuereAppletHash/.classpath

+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry path="src" kind="src"/>
+	<classpathentry path="com.ibm.bluez.jcop.eclipse.containers.cardconfig/com.ibm.bluez.jcop.eclipse.cardconfigs.custom;com.ibm.bluez.jcop.eclipse.cardapis.jc221" kind="con"/>
+	<classpathentry path="bin" kind="output"/>
+</classpath>

ZonenTuereAppletHash/.jcop

+<?xml version="1.0" encoding="UTF-8" standalone="no"?><jcop.project debug_comp="0" version="2"><package debug_comp="0" exportmap="false" jcop.id=""><aid jcop.id="package"/><version jcop.id="package">1.0</version></package><package debug_comp="0" exportmap="false" jcop.id="ms.warpzone.tuer"><aid jcop.id="package"/><version jcop.id="package">1.0</version></package><package debug_comp="0" exportmap="false" jcop.id="ms.warpzone"><aid jcop.id="package"/><version jcop.id="package">1.0</version></package><package debug_comp="0" exportmap="false" jcop.id="ms"><aid jcop.id="package"/><version jcop.id="package">1.0</version></package><package debug_comp="0" exportmap="false" jcop.id="ms.warpzone.tuer.applet"><aid jcop.id="package">caffeec01a</aid><cunit jcop.id="TuereApplet.java"><applet jcop.id="TuereApplet"><aid jcop.id="applet">2323004242</aid></applet></cunit><cunit jcop.id="KeyStore.java"><applet jcop.id="KeyStore"><aid jcop.id="applet">2323004243</aid></applet></cunit><version jcop.id="package">1.0</version></package></jcop.project>
\ No newline at end of file

ZonenTuereAppletHash/.project

+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>ZonenTuereAppletHash</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>com.ibm.bluez.jcop.eclipse.jcopbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>com.ibm.bluez.jcop.eclipse.jcopnature</nature>
+	</natures>
+</projectDescription>

ZonenTuereAppletHash/src/ms/warpzone/tuer/applet/TuereApplet.java

+/**
+ * 
+ */
+package ms.warpzone.tuer.applet;
+
+import javacard.framework.APDU;
+import javacard.framework.ISO7816;
+import javacard.framework.Applet;
+import javacard.framework.ISOException;
+import javacard.framework.JCSystem;
+import javacard.framework.Util;
+import javacard.security.MessageDigest;
+import javacard.security.RandomData;
+
+/**
+ * @author warpzone
+ *
+ */
+public class TuereApplet extends Applet {
+	static final byte CURRENT_VERSION = 1;
+	static final byte CHAL_LEN = 32;
+	
+	// Warnung: Alignment beachten (Vielfaches von 64 Bytes) oder SHA-Code anpassen.
+	static final byte SECRET_LEN = 64;
+	MessageDigest md_sha = MessageDigest.getInstance(MessageDigest.ALG_SHA, false);
+    RandomData devurandom = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
+	
+	// Backup-Secret wird fr trseitigen Fehler vorgehalten. secretBackup wird verwendet gdw. secretBackupActive==true
+	byte[] secret = new byte[SECRET_LEN];
+	byte[] secretBackup = new byte[SECRET_LEN]; // Backupsecret fr trseitigen Schlssel-Aktualisierungsfehler.
+	boolean[] secretBackupActive = JCSystem.makeTransientBooleanArray((short)1, JCSystem.CLEAR_ON_DESELECT);
+	
+	// Hlt das Challenge, das wir in 0x02 an die Tr gestellt haben.
+	byte[] challenge = JCSystem.makeTransientByteArray(CHAL_LEN, JCSystem.CLEAR_ON_DESELECT);
+	
+	public TuereApplet() {
+		for(byte i=0; i<SECRET_LEN; i++){
+			secret[i] = 0x00;
+			secretBackup[i] = 0x00;
+		}
+	}
+
+	public static void install(byte[] bArray, short bOffset, byte bLength) {
+		new TuereApplet().register(bArray, (short) (bOffset + 1),
+				bArray[bOffset]);
+	}
+	
+	public boolean select() {
+		secretBackupActive[0] = true;
+		return super.select();
+	}
+
+	public void process(APDU apdu) {
+		// Good practice: Return 9000 on SELECT
+		if (selectingApplet()) {
+			return;
+		}
+		
+		byte[] buf = apdu.getBuffer();
+		short recv;
+		short responseApduStartOffset;
+		short hashSize;
+		
+		// Schlssel alternieren bei Misserfolg.
+		byte[] currentSecret = secretBackupActive[0] ? secretBackup : secret;
+		
+		switch (buf[ISO7816.OFFSET_INS]) {
+		
+			/**
+			 *  Out = Versionsnummer dieses Applets
+			 * #Out =               1
+			 */ 
+			case (byte) 0x00:
+				buf[0] = CURRENT_VERSION;
+				apdu.setOutgoingAndSend((short)0, (short)1);
+				break;
+				
+			/**
+			 *   In = Neues Secret
+			 *  #In =      64
+			 *  
+			 * Die Karte wird mit dem neuen bergebenen Secret initialisiert.
+			 * Dieser Vorgang wird genau einmal zugelassen.
+			 */ 
+			case (byte) 0x01:
+				for(byte i=0; i<SECRET_LEN; i++){
+					if(secret[i] != 0x00){
+						ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
+					}
+				}
+				if(buf[ISO7816.OFFSET_LC] != SECRET_LEN){
+					ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+				}
+				
+				recv = apdu.setIncomingAndReceive();
+				
+				if(recv != SECRET_LEN){
+					ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+				}
+				
+				// Voraussetzungen erfllt.
+				JCSystem.beginTransaction();
+				Util.arrayCopy(buf, ISO7816.OFFSET_CDATA, secret, (short)0, SECRET_LEN);
+				JCSystem.commitTransaction();
+				break;
+				
+			/**
+			 *   In = Challenge fr Auth der Karte
+			 *  #In =             32
+			 *  Out = sha(secret+salt) + Challenge fr Auth der Tr
+			 * #Out =        20                     32          = 52
+			 */
+			case (byte) 0x02:
+				if(buf[ISO7816.OFFSET_LC] != CHAL_LEN){
+					ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+				}
+			
+				recv = apdu.setIncomingAndReceive();
+				
+				if(recv != CHAL_LEN){
+					ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+				}
+
+				short le = (short)((short)buf[ISO7816.OFFSET_CDATA + CHAL_LEN] & 0x00FF);
+				if(le < md_sha.getLength()){
+					ISOException.throwIt(ISO7816.SW_WRONG_DATA);
+				}
+				
+				// Voraussetzungen erfllt.
+				
+				// Schlssel alternieren bei Misserfolg.
+				secretBackupActive[0] = !secretBackupActive[0];
+				currentSecret = secretBackupActive[0] ? secretBackup : secret;
+				
+				md_sha.reset();
+				md_sha.update(currentSecret, (short)0, SECRET_LEN);
+				responseApduStartOffset = ISO7816.OFFSET_CDATA + CHAL_LEN + 1;
+				
+				// Wir werden hier gleich Platz im APDU-Puffer brauchen. Ist der da?
+				if(buf.length - responseApduStartOffset < md_sha.getLength() + CHAL_LEN){
+					ISOException.throwIt(ISO7816.SW_BYTES_REMAINING_00);
+				}
+				
+				hashSize = md_sha.doFinal(buf, ISO7816.OFFSET_CDATA, CHAL_LEN, buf, responseApduStartOffset);
+				
+				devurandom.generateData(challenge, (short)0, CHAL_LEN);
+				
+				Util.arrayCopyNonAtomic(challenge, (short)0, buf, (short)(responseApduStartOffset + hashSize), CHAL_LEN);
+				
+				apdu.setOutgoingAndSend(responseApduStartOffset, (short)(hashSize + CHAL_LEN));
+				
+				break;
+				
+			/**
+			 *   In = Neues Secret gexored mit altem + Antwort auf Challenge aus 0x02
+			 *  #In =             64                              20          = 84
+			 *  
+			 * Bei Erfolg: secret := CDATA xor secret
+			 */
+			case (byte) 0x03:
+				if(buf[ISO7816.OFFSET_LC] != SECRET_LEN + md_sha.getLength()){
+					ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+				}
+			
+				recv = apdu.setIncomingAndReceive();
+				
+				if(recv != SECRET_LEN + md_sha.getLength()){
+					ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
+				}
+				
+				responseApduStartOffset = (short)(ISO7816.OFFSET_CDATA + SECRET_LEN + md_sha.getLength());
+				
+				md_sha.reset();
+				md_sha.update(currentSecret, (short)0, SECRET_LEN);
+				md_sha.doFinal(challenge, (short)0, CHAL_LEN, buf, responseApduStartOffset);
+				
+				if(Util.arrayCompare(buf, (short)(ISO7816.OFFSET_CDATA + SECRET_LEN), buf, responseApduStartOffset, md_sha.getLength()) != 0) {
+					ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
+				}
+				
+				//Response passt; Tr authentifiziert.
+				
+				for(byte i=0; i<SECRET_LEN; i++){
+					buf[responseApduStartOffset+i] = (byte)(currentSecret[i] ^ buf[ISO7816.OFFSET_CDATA + i]);
+				}
+				
+				JCSystem.beginTransaction();
+				Util.arrayCopy(currentSecret, (short)0, secretBackup, (short)0, SECRET_LEN);
+				Util.arrayCopy(buf, responseApduStartOffset, secret, (short)0, SECRET_LEN);
+				secretBackupActive[0] = true;
+				JCSystem.commitTransaction();
+			
+				break;
+				
+			/**
+			 * Keyausgabe fr Debugzwecke.
+			 * 
+			 *  Out = Secret + Backup-Secret
+			 */
+			case (byte) 0xFE:
+				responseApduStartOffset = ISO7816.OFFSET_CDATA;
+				Util.arrayCopyNonAtomic(secret, (short)0, buf, responseApduStartOffset, SECRET_LEN);
+				Util.arrayCopyNonAtomic(secretBackup, (short)0, buf, (short)(responseApduStartOffset+SECRET_LEN), SECRET_LEN);
+				apdu.setOutgoingAndSend(responseApduStartOffset, (short)(2*SECRET_LEN));
+				break;
+				
+			/**
+			 * Secrets nullen fr Debugzwecke.
+			 */
+			case (byte) 0xFF:
+				JCSystem.beginTransaction();
+				for(byte i=0; i<SECRET_LEN; i++){
+					secret[i] = 0x00;
+					secretBackup[i] = 0x00;
+				}
+				JCSystem.commitTransaction();
+				break;
+				
+			/**
+			 * Unbekannte Instruktion (INS).
+			 */
+			default:
+				ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
+		}
+	}
+}
\ No newline at end of file