|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--javacard.framework.service.BasicService | +--jason.server.Session
Title: Javacards As Secure Object Store
Description: Session class containing methods to set up a secure session between client and server.
Copyright: Copyright (c) 2002
Company: University of Twente
Field Summary | |
private Cipher |
cipher
|
private byte[] |
clientRandom
|
private boolean |
failure
|
static byte |
INS_INVOKE
INS used for a method invocation |
static byte |
INS_LOGIN
INS used for loggin in |
static byte |
INS_PUT_KEY
INS used for personalization |
private boolean |
isInvoking
|
private boolean |
isLoggingIn
|
private byte[] |
jdf
The jdf array contains all information from the Jason Definition File. |
private KeyStore |
keyStore
|
private short |
methodOffset
Set by decrypt(javacard.framework.APDU) to the index within the jdf array where
the invoked method starts |
private RandomData |
randomData
|
private byte |
role
|
static byte |
ROLE_CARD
|
private byte[] |
serverRandom
|
private XORKey |
sessionKey
|
private Signature |
signature
|
Fields inherited from class javacard.framework.service.BasicService |
|
Fields inherited from interface jason.Constants |
ANYBODY, APPLICATION_DATA_TAG, FCI_TAG, JC_RMI_DATA_TAG, JDF_TAG, NORMAL_TAG, SECURITY_AUTHENTIC, SECURITY_CONFIDENTIAL, SECURITY_CONFIDENTIAL_AUTHENTIC, SECURITY_PLAIN, TYPE_ARRAY, TYPE_BOOLEAN, TYPE_BOOLEAN_ARRAY, TYPE_BYTE, TYPE_BYTE_ARRAY, TYPE_INT, TYPE_INT_ARRAY, TYPE_OBJECT, TYPE_OBJECT_ARRAY, TYPE_SHORT, TYPE_SHORT_ARRAY, TYPE_VOID |
Constructor Summary | |
Session(KeyStore keyStore,
byte[] jdf)
Default constructor |
Method Summary | |
private boolean |
decrypt(javacard.framework.APDU apdu)
Decrypts the apdu buffer when necessary. |
private boolean |
encrypt(javacard.framework.APDU apdu)
Encrypts or signs the return value when necessary. |
private boolean |
login(javacard.framework.APDU apdu)
For each login procedure the login method will be invoked
twice. |
boolean |
processCommand(javacard.framework.APDU apdu)
The Session object itself can also process some commands. |
boolean |
processDataIn(javacard.framework.APDU apdu)
Remembers if the apdu is an invoke APDU. |
boolean |
processDataOut(javacard.framework.APDU apdu)
A select APDU will be expanded by the JDF array. |
private boolean |
putKey(javacard.framework.APDU apdu)
|
Methods inherited from class javacard.framework.service.BasicService |
fail, getCLA, getINS, getOutputLength, getP1, getP2, getStatusWord, isProcessed, receiveInData, selectingApplet, setOutputLength, setProcessed, setStatusWord, succeed, succeedWithStatusWord |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final byte INS_INVOKE
public static final byte INS_LOGIN
public static final byte INS_PUT_KEY
public static final byte ROLE_CARD
private RandomData randomData
private byte[] clientRandom
private byte[] serverRandom
private byte role
private boolean failure
private KeyStore keyStore
private Cipher cipher
private Signature signature
private XORKey sessionKey
private byte[] jdf
jdf {
u1
method[] methods
}
method {
u2
u1
u1[] roles
u1
u1
u1[] modifier
}
private short methodOffset
decrypt(javacard.framework.APDU)
to the index within the jdf
array where
the invoked method starts
private boolean isInvoking
private boolean isLoggingIn
Constructor Detail |
public Session(KeyStore keyStore, byte[] jdf)
keyStore
- The KeyStore that will be used with this Session objectjdf
- The specific security requirements for a single ObjectMethod Detail |
public boolean processDataIn(javacard.framework.APDU apdu)
isInvoking
is
used in the processDataOut(javacard.framework.APDU)
method to decide if the outgoing APDU
should be encrypted or not. If it is an invoke APDU the decrypt(javacard.framework.APDU)
method is invoked
processDataIn
in interface javacard.framework.service.Service
processDataIn
in class javacard.framework.service.BasicService
apdu
- The unprocessed APDU
decrypt(javacard.framework.APDU)
public boolean processCommand(javacard.framework.APDU apdu)
INS_LOGIN
the
login
method is called. While encountering an
INS_PUT_KEY
the putKey
is called. All
other INS values will keep the apdu
unprocessed.
processCommand
in interface javacard.framework.service.Service
processCommand
in class javacard.framework.service.BasicService
apdu
-
private boolean login(javacard.framework.APDU apdu)
login
method will be invoked
twice. The first time (when isLoggingIn
is false) it will receive
an APDU in the following format:
CLA | INS | P1 | P2 | Lc | Role byte |
ClientRandom length |
ClientRandom |
SW1 | SW2 | ServerRandom length |
ServerRandom | SignedClientRandom length |
SignedClientRandom |
login
method is invoked, it expects an
APDU of the following format:
CLA | INS | P1 | P2 | Lc | SignedServerRandom length |
SignedServerRandom |
SW1 | SW2 | EncryptedSessionKey length |
EncryptedSessionKey |
apdu
- unprocessed APDU
private boolean putKey(javacard.framework.APDU apdu)
private boolean decrypt(javacard.framework.APDU apdu)
apdu
- The unencrypted apdu
private boolean encrypt(javacard.framework.APDU apdu)
methodOffset
has already been set by the decrypt(javacard.framework.APDU)
method.
apdu
- The plain result APDU
public boolean processDataOut(javacard.framework.APDU apdu)
processDataOut
in interface javacard.framework.service.Service
processDataOut
in class javacard.framework.service.BasicService
apdu
- The APDU
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |