fix and test factory reset

keycard-tech · Jun 6, 2023 · e79d84b · e79d84b
1 parent 039964e
commit e79d84b
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 6 deletions.
diff --git a/src/main/java/im/status/keycard/KeycardApplet.java b/src/main/java/im/status/keycard/KeycardApplet.java
@@ -109,8 +109,9 @@ public class KeycardApplet extends Applet {
   static final byte CAPABILITY_KEY_MANAGEMENT = (byte) 0x02;
   static final byte CAPABILITY_CREDENTIALS_MANAGEMENT = (byte) 0x04;
   static final byte CAPABILITY_NDEF = (byte) 0x08;
+  static final byte CAPABILITY_FACTORY_RESET = (byte) 0x10;
 
-  static final byte APPLICATION_CAPABILITIES = (byte)(CAPABILITY_SECURE_CHANNEL | CAPABILITY_KEY_MANAGEMENT | CAPABILITY_CREDENTIALS_MANAGEMENT | CAPABILITY_NDEF);
+  static final byte APPLICATION_CAPABILITIES = (byte)(CAPABILITY_SECURE_CHANNEL | CAPABILITY_KEY_MANAGEMENT | CAPABILITY_CREDENTIALS_MANAGEMENT | CAPABILITY_NDEF | CAPABILITY_FACTORY_RESET);
 
   static final byte[] EIP_1581_PREFIX = { (byte) 0x80, 0x00, 0x00, 0x2B, (byte) 0x80, 0x00, 0x00, 0x3C, (byte) 0x80, 0x00, 0x06, 0x2D};
 
@@ -288,7 +289,7 @@ public void process(APDU apdu) throws ISOException {
           break;
         case INS_FACTORY_RESET:
           factoryReset(apdu);
-          break;          
+          return;          
         default:
           ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
           break;
@@ -1052,7 +1053,7 @@ private void removeKey(APDU apdu) {
   private void factoryReset(APDU apdu) {
     byte[] apduBuffer = apdu.getBuffer();
 
-    if ((apduBuffer[OFFSET_P1] != FACTORY_RESET_P1_MAGIC) || (apduBuffer[OFFSET_P2] != FACTORY_RESET_P2_MAGIC)) {
+    if ((apduBuffer[OFFSET_P1] != FACTORY_RESET_P1_MAGIC) || (apduBuffer[ISO7816.OFFSET_P2] != FACTORY_RESET_P2_MAGIC)) {
       ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
     }
 
@@ -1063,7 +1064,10 @@ private void factoryReset(APDU apdu) {
     secureChannel = null;
     crypto.random.generateData(uid, (short) 0, UID_LENGTH);
     Util.arrayFillNonAtomic(data, (short) 0, (short) data.length, (byte) 0);
-    JCSystem.requestObjectDeletion();
+
+    if (JCSystem.isObjectDeletionSupported()) {
+      JCSystem.requestObjectDeletion();
+    }
   }
 
   /**

diff --git a/src/test/java/im/status/keycard/KeycardTest.java b/src/test/java/im/status/keycard/KeycardTest.java
@@ -128,6 +128,10 @@ private static void initCapabilities(ApplicationInfo info) {
       capabilities.add("ndef");
     }
 
+    //if (info.hasFactoryResetCapability()) {
+      capabilities.add("factoryReset");
+    //}
+
     CapabilityCondition.availableCapabilities = capabilities;
   }
 
@@ -210,6 +214,11 @@ public void onDisconnected() {
     usbManager.start();
   }
 
+  private static void initCard(KeycardCommandSet cmdSet) throws Exception {
+    assertEquals(0x9000, cmdSet.init("000000", "024680", "012345678901", sharedSecret, (byte) 3, (byte) 5).getSw());
+    cmdSet.select().checkOK();
+  }
+
   private static void initIfNeeded() throws Exception {
     KeyPair identKeyPair = Certificate.generateIdentKeyPair();
     Certificate cert = Certificate.createCertificate(caKeyPair, identKeyPair);
@@ -225,8 +234,7 @@ private static void initIfNeeded() throws Exception {
     sharedSecret = cmdSet.pairingPasswordToSecret(System.getProperty("im.status.keycard.test.pairing", "KeycardDefaultPairing"));
 
     if (!cmdSet.getApplicationInfo().isInitializedCard()) {
-      assertEquals(0x9000, cmdSet.init("000000", "024680", "012345678901", sharedSecret, (byte) 3, (byte) 5).getSw());
-      cmdSet.select().checkOK();
+      initCard(cmdSet);
       initCapabilities(cmdSet.getApplicationInfo());
     }
   }
@@ -932,6 +940,45 @@ void removeKeyTest() throws Exception {
     assertEquals(0, info.getKeyUID().length);
   }
 
+  @Test
+  @DisplayName("FACTORY RESET command")
+  @Capabilities("factoryReset")
+  void factoryResetTest() throws Exception {
+    KeyPairGenerator g = keypairGenerator();
+    KeyPair keyPair = g.generateKeyPair();
+
+    // Invalid P1 P2
+    APDUResponse response = sdkChannel.send(new APDUCommand(0x80, KeycardApplet.INS_FACTORY_RESET, 0, 0, new byte[0]));
+    assertEquals(0x6a86, response.getSw());
+
+    response = sdkChannel.send(new APDUCommand(0x80, KeycardApplet.INS_FACTORY_RESET, 0xAA, 0x55, new byte[0]));
+    assertEquals(0x9000, response.getSw());
+
+    response = cmdSet.getStatus(KeycardCommandSet.GET_STATUS_P1_KEY_PATH);
+    assertEquals(0x6d00, response.getSw());
+
+    response = cmdSet.select();
+    assertEquals(0x9000, response.getSw());
+    assertFalse(cmdSet.getApplicationInfo().isInitializedCard());
+
+    initCard(cmdSet);
+
+    response = cmdSet.select();
+    assertEquals(0x9000, response.getSw());
+
+    if (cmdSet.getApplicationInfo().hasSecureChannelCapability()) {
+      cmdSet.autoPair(sharedSecret);
+      cmdSet.autoOpenSecureChannel();
+    }
+
+    if (cmdSet.getApplicationInfo().hasCredentialsManagementCapability()) {
+      response = cmdSet.verifyPIN("000000");
+      assertEquals(0x9000, response.getSw());
+    }
+
+    assertFalse(cmdSet.getKeyInitializationStatus());
+  }
+
   @Test
   @DisplayName("GENERATE KEY command")
   @Capabilities("keyManagement")