Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Javaカードの世界 / The world of Java Card

moznion
September 07, 2018
9
13k

Javaカードの世界 / The world of Java Card

slides for #builderscon tokyo 2018

moznion

September 07, 2018
Tweet

More Decks by moznion

See All by moznion
Develop to Survive - YAPC::Hakodate 2024 Keynote
moznion
9
13k
これはPerl? それともRuby? クイズ〜〜〜〜〜!!!- Perl or Ruby Quiz
moznion
3
2.3k
Perl 5 OOP機構30年史 - Perl 5's OOP Mechanism over the past 30 years
moznion
1
890
RuboCopのカスタムCopを書いてContributionしてみる - Contributing a Custom Cop to RuboCop: A Hands-on Experience
moznion
0
60
AWS上に構築する メンテ容易なElasticsearch System / Maintainable Elasticsearch system on AWS
moznion
2
3.9k
PROXY Protocol aware Proxy Server on Node.js
moznion
2
2.4k
Perl meets AWS Lambda
moznion
0
4.7k
ソフトウェア開発における 「設計」と「パフォーマンス」の相互作用 / Interaction Between Design and Performance on
Software Development
moznion
12
6.9k
無限にスケールする上に自律的なJenkinsに見る夢~AWS篇~ / Dream of autonomous and infinite scalable Jenkins with AWS
moznion
21
7k

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
Happy Clients
brianwarren
98
6.7k
KATA
mclloyd
29
14k
Imperfection Machines: The Place of Print at Facebook
scottboms
264
13k
How to Ace a Technical Interview
jacobian
276
23k
Writing Fast Ruby
sferik
627
61k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
43
2.2k
The Language of Interfaces
destraynor
154
24k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
The Cult of Friendly URLs
andyhume
78
6k

Transcript

  1. The world of Java Card builderscon tokyo 2018 @moznion

  2. @moznion Software engineer Favorite Java's class: CompletableFuture

  3. GOAL: օ͞ΜJava Card Applet͕ॻ͚ΔΑ͏ʹͳΔ

  4. None
  5. None
  6. None

  7. ਎ۙͳJava Card - ΫϨδοτΧʔυ - SIMΧʔυ - ͳͲͳͲ

  8. ਎ۙͳJava Card - ΫϨδοτΧʔυ - SIMΧʔυ - ͳͲͳͲ

  9. The world of Java Card The world of SIM Card?

    builderscon tokyo 2018 @moznion

  10. ͨͷ͍͠Java (Card) or Not JavaΫΠζ

  11. None

  12. C

  13. None

  14. Java Card

  15. ؆୯Ͱ͢Ͷʁ

  16. None

  17. Not Java Card (C)

  18. Not Java Card (C) Java Card͸floatΛѻ͑·ͤΜ

  19. None

  20. Not Java Card (C)

  21. Not Java Card (C) Java Card͸charΛѻ͑·ͤΜ

  22. None

  23. Java Card

  24. Java Card Java Card͸byteͩͬͨΒѻ͑Δ

  25. None

  26. Θ͔Γ·͔ͨ͠ʁ

  27. Θ͔Γ·ͨ͠Ͷ

  28. Smart Card

  29. Smart Card - ISO 7816 Ͱఆٛ͞Ε͍ͯΔ - λΠϓ͸2छྨ - Intelligent

    Smart Card - Memory Card - Java Card ͸ Intelligent Smart Card

  30. Smart Card Memory - Card্ʹ͸3λΠϓͷϝϞϦ͕৐͍ͬͯΔ - Persistent Immutable Memory: ROM

    - Persistent Mutable Memory: EPROM - Non-Persistent Mutable Memory: RAM

  31. Smart Card Interface - ֎քͱ͸Card Acceptance Device (CAD) ͱ
 Card্ͷContact

    PointsΛհͯ͠ߦ͏ - Card͸֎ͷੈքͱ͸ಠࣗͷϓϩτίϧʹ
 ΑΓσʔλͷ΍ΓऔΓΛߦ͏ => APDU

  32. APDU

  33. APDU - APDU: Application Protocol Data Units - Smart Card͸APDUʹΑͬͯ


    ίϛϡχέʔγϣϯΛ
 ߦ͏͜ͱ͕Ͱ͖Δ OFCOM: Reprogrammable SIMs: Technology, Evolution and Implications

  34. APDU - APDU͸جຊతʹରʹͳ͍ͬͯΔ - Command (Request) APDU - Response APDU

    - Command͸ResponseͷৄࡉΛ஌͍ͬͯΔඞཁ͕͋Δ

  35. Command APDU Mandatory Header Optional body CLA INS P1 P2

    Lc Data field Le - CLA (1 byte): class (application) ͷࣝผࢠ - INS (1 byte): ໋ྩίʔυɽ͜ΕͰಈ࡞Λ੾ସ - P1/P2 (1 byte/1 byte): ໋ྩύϥϝʔλ - Lc (1 byte): Data fieldͷόΠτ௕ - Data field (Lc byte): ೚ҙͷόΠτྻ - Le (1 byte): ϨεϙϯεͷData fieldʹڐ͞ΕΔ࠷େόΠτ௕

  36. Response APDU Optional body Mandatory trailer Data field SW1 SW2

    - Data field(Le bytes): ϨεϙϯεσʔλͷόΠτྻ - SW1/SW2 (1 byte/1 byte): εςʔλεϫʔυ

  37. UICC (Universal Integrated Circuit Card)

  38. UICC (Universal Integrated Circuit Card) - Intelligent Smart CardͷҰछ -

    ͋Δఔ౓ͷԋࢉॲཧ͕Մೳ - Java Card (3.0.1Ҏ߱) ͷ࣮ߦج൫

  39. UICC (Universal Integrated Circuit Card) - CPU 32bit - ిؾಛੑ:

    1.8 / 3 / 5V - ΫϩοΫ: 1~5MHz - ROM: 16KB~ - EEPROM 8KB~ - RAM: 256B~

  40. UICC Architecture OFCOM: Reprogrammable SIMs: Technology, Evolution and Implications

  41. Core O.S UICC Card Manager and Security domains Remote Applet

    Management Core Applications (USIM) File System servers Toolkit and Javacard runtime environment Javacard packages Javacard Applet UICC API and USIM API Javacard Toolkit Applet UICC Architecture

  42. Java Card

  43. Java Card ∈ Smart Card

  44. Java Cardͷྺ࢙ https://en.wikipedia.org/wiki/Java_Card Version 2.1 (07.06.1999) Version 2.1.1 (18.05.2000) Version

    2.2 (11.2002) Version 2.2.1 (10.2003) Version 2.2.2 (03.2006) Version 3.0.1 (15.06.2009) Version 3.0.4 (06.08.2011) Version 3.0.5 (03.06.2015) -RSA without padding. -AES cryptography key encapsulation -CRC algorithms, -ECC key encapsulation, -Diffie-Hellman key exchange - Improved Logical Channels support (20) - SHA-256, SHA-384, SHA-512 - ISO9796-2, - HMAC, - Korean SEED MAC NOPAD, - Korean SEED NOPAD -Classic and Connected editions -SHA-224, SHA-2 for all signature algorithms -DES MAC8 ISO9797. - Diffie-Hellman modular exponentiation - Domain Data Conservation for Diffie- Hellman - Elliptic Curve and DSA keys, - RSA-3072 - SHA3 - plain ECDSA - AES CMAC - AES CTR. - Added the AppletEvent interface with the uninstall method. - Added the isAppletActive method to the JCSystem class

  45. - UICC্Ͱಈ͘JavaͷϥϯλΠϜ: JCRE - Java Card্Ͱಈ࡞͢ΔόΠτίʔυ͸
 ͍ΘΏΔ௨ৗͷJVMόΠτίʔυͷαϒηοτ - => ͭ·Γػೳ੍͕ݶ͞Ε͍ͯΔ

    Java Card

  46. - ੍ݶ͞Ε͍ͯΔػೳͷྫ - Dynamic class loading - Security Manager -

    Thread - Object cloning - Finalization - Large primitive data types - جຊతʹ16bitΛ্ݶͱͯ͠ಈ࡞͢Δ (ྫ֎͋Γ) - primitive type - native methods Java Card Restrictions

  47. - ม਺͸ϦϑΝϨϯε͞Εͳ͘ͳͬͨΒ
 ແ͘ͳΔ (lost) ͔GC͞ΕΔ - GC͕͋Δ͔Ͳ͏͔͸Χʔυͷ࣮૷࣍ୈ Java Card Memory

    Lifecycle

  48. - αϯυϘοΫεػೳ - Java CardͷϑΝΠΞ΢Υʔϧ͸1ͭͷΧʔυ্Ͱಈ࡞͍ͯ͠ Δappletͷ؀ڥΛ෼཭͢Δ - ·ͨ͋ΔappletͷΦϒδΣΫτΛଞͷappletʹ໌ࣔతʹڞ༗ ͢Δ͜ͱ΋Ͱ͖Δ -

    capability control - εϚʔτΧʔυ্ͰͷηΩϡΞͳಈ࡞ͷͨΊ - e.g. memory, CPU Java Card Security Functions

  49. - Smart Card࢓༷Ͳ͓Γ3λΠϓͷϝϞϦ͕ ͋Δ - ROM - EEPROM - RAM

    Java Card Memory

  50. جຊతʹΠϯελϯεม਺͸͢΂ͯ EEPROMʹॻ͖ࠐ·Ε·͢ʂʂʂʂ Java Card Memory

  51. - ͭ·Γʁ - ిݯ͕੾Εͯ΋Πϯελϯεม਺ͷσʔλ͸࢒Γ·͢ʂ - ਖ਼֬ʹݴ͏ͱిݯ͕੾Εͯ΋JVM͸ࢭ·Βͳ͍ - Πϯελϯεม਺ʹॻ͖ࠐΈ·͘ΔͱΧʔυ͕
 յΕ·͢ʂʂʂʂʂ -

    (ޙड़͢ΔςΫχοΫΛ࢖ͬͯؤுΔඞཁ͕͋Δ) Java Card Memory

  52. - RAM͸ʁ - RAM͸͋Δʹ͸͋Δ͕ඇৗʹখ͍͞ - ୣ͍߹͍͕ى͜Δ (ྫ֎͕ग़Δ) - ຊ౰ʹҰ࣌తͳσʔλ΍ຊ౰ʹηϯγςΟϒͳ
 σʔλΛೖΕΔͱ͖ʹ͚ͩ࢖͏

    Java Card Memory

  53. - Java Card JVM͸͜ͷੈʹੜΛड͚ΔͱҰੜಈ͖ଓ͚Δ - shutdownͷ֓೦͕ͳ͍ - ిݯڙڅ͕ͳ͍৔߹͸ʮແݶͷΫϩοΫαΠΫϧʯͱ
 Έͳ͍ͯ͠Δ Java

    Card JVM Lifecycle

  54. - Initialization phase - Immutable memory (ROM) ྖҬʹॻ͖ࠐΉ - e.g.

    ൃߦऀ໊, ੡଄ऀ໊ͳͲ - Personalization phase - Immutable memory (ROM) ྖҬʹॻ͖ࠐΉ - e.g. Ϣʔβʔ໊, 伴, PINͳͲ - ੜΧʔυΛߪೖͨ͠ࡍ͸initialization phase·ͰࡁΜͰ͍Δ͜ͱ͕ଟ͍ Java Card Lifecycle

  55. Core O.S UICC Card Manager and Security domains Remote Applet

    Management Core Applications (USIM) File System servers Toolkit and Javacard runtime environment Javacard packages Javacard Applet UICC API and USIM API Javacard Toolkit Applet UICC Architecture

  56. Core O.S UICC Card Manager and Security domains Remote Applet

    Management Core Applications (USIM) File System servers Toolkit and Javacard runtime environment Javacard packages Javacard Applet UICC API and USIM API Javacard Toolkit Applet UICC Architecture

  57. Applet!!!

  58. Applet...?

  59. Applet...? No!

  60. - ͍ΘΏΔJava AppletͰ͸ͳ͍ - Java Card RuntimeͰಈ͔͢ΞϓϦέʔγϣϯͷ୯Ґ - Java Card্ʹ͸ෳ਺ͷAppletΛ֨ೲͰ͖Δ

    - ෳ਺ͷAppletΛಉ࣌ʹ࣮ߦ͢Δ͜ͱ͸Ͱ͖ͳ͍ - select()/deselect()Ͱಈ͔͢appletΛ੾Γସ͑Δ Applet

  61. Java Card Development

  62. Extreme Environment - int͕࢖͑Δͷ͸ඇৗʹݶఆతͳঢ়گͷΈ - Java Card 3.0Ҏ߱ (ClassicͰ͸࢖͑ͳ͍) -

    ಛघͳࣄ৘͕ͳ͍ݶΓshortΛ࢖͏ - float΍double͸࢖͑·ͤΜ - String΋࢖͑·ͤΜ - (࣮͸ϞμϯͳJava Card؀ڥͩͱ࢖͑Δ) - ୅ΘΓʹόΠτ഑ྻ (byte[]) Λ࢖͏ - ଟ࣍ݩ഑ྻ΋࢖͑·ͤΜ

  63. Extreme Environment - Πϯελϯεม਺͸EEPROMʹอଘ͞ΕΔ - EEPROMͷण໋͸͍͍ͩͨ100,000 writes - ॻ͖ࠐΈ·͘ΔͱͿͬյΕ·͢ -

    ϩʔΧϧม਺͸RAMʹอଘ͞ΕΔ - ͨͩ͠native typeʹݶΔ - Ͳ͏ͯ͠΋RAMʹอଘ͍ͨ͠ͱ͖͸ʁ - transient arrayΛ࢖͏ - JCSystem.makeTransientByteArray((short)255,JCSystem.CLEAR_ON_RESET); - ͜ΕΛEEPROMʹ໭͢͜ͱ͸Ͱ͖ͳ͍

  64. Compilation and bytecode conversion class .exp COMPILE .java CONVERT .cap

    .jca

  65. Compilation and bytecode conversion class .exp COMPILE .java CONVERT .cap

    .jca ͍ΘΏΔී௨ͷJDK (1.6͕҆ఆ͍ͯ͠Δ……)

  66. Compilation and bytecode conversion class .exp COMPILE .java CONVERT .cap

    .jca Java Card Development Kit όΠτίʔυΛม׵͢Δ

  67. Tool chain - IDE: Eclipse - javacard plugin͕͋Δ།ҰͷIDE? - JDK:

    JDK 1.6 (or later?) - JCDK: Java Card Development Kit
 (JCDK͸Java Cardͷόʔδϣϯʹ߹ΘͤΔ)

  68. Tool chain - Loading onto card: Smart Card Reader Writer

    - Live testing: NomadLAB Contact Spy, etc...

  69. Appletͷجຊಈ࡞

  70. Appletͷجຊಈ࡞ ͜ΕΛ࣮૷͢Δ javacard.framework.AppletͰ ఆٛ͞Ε͍ͯΔ

  71. Source Code Sample: https://gist.github.com/moznion/ 3bfbc5121afceaebcc77964b4b94517a

  72. ·ͱΊ

  73. ·ͱΊ - Smart Card͕Θ͔Γ·ͨ͠ - APDU͕Θ͔Γ·ͨ͠ - Java Card͕Θ͔Γ·ͨ͠ -

    Java Card (JCRE) Ͱಈ࡞͢ΔAppletΛॻ͚Δ
 Α͏ʹͳΓ·ͨ͠

  74. However...

  75. Applet Write

  76. Applet Write ❌

  77. Applet Write ❌ Why????

  78. Applet Write

  79. Cardͷॻ͖ࠐΈʹ͸伴͕ඞཁ - ೝূػ͔ؔΒ෷͍ग़͞ΕΔ伴͕ඞཁ - গͳ͘ͱ΋झຯͷൣғͰ͸伴͸
 खʹೖΒͳ͍……ʢͱࢥΘΕΔʣ

  80. Applet Write AID

  81. Cardͷ࣮ߦʹ͸AID΋ඞཁ - Appletͷregisterʹ͸AID (Application Identifier) ͕ඞཁ - AIDʹ͸ISOͰ؅ཧ͞Ε͍ͯΔRIDؚ͕·Ε͍ͯΔ - झຯͷൣғͰ͸RID͸΋Β͑ͳ͍

    (ͱࢥΘΕΔ……)

  82. ॻ͖ࠐΊͳ͍͡ΌΜʂʂʂʂʂ

  83. Q?

  84. Referenced docs - ISO 7816-4 - https://www.iso.org/standard/54550.html - Java Card

    Platform Specification - https://docs.oracle.com/javacard - How to write a Java Card applet: A developer's guide - https://www.javaworld.com/article/2076450/client-side-java/ how-to-write-a-java-card-applet--a-developer-s-guide.html

  85. ͨͷ͍͠;Ζ͘ Java CardͬͯͲ͜Ͱങ͑Δͷ

  86. Java CardΛങ͏ - AmazonݟʹߦͬͨΒചͬͯͨ……

  87. Java CardΛങ͏ - AliexpressݟʹߦͬͨΒചͬͯͨ……

  88. Java CardΛങ͏ - ΋͠࢓ࣄͰങ͏ͷͰ͋Ε͹ઐ໳ͷϕϯμʔ͔Β ങ͏͜ͱʹͳΔͰ͠ΐ͏ - Gemalto - IDEMIA -

    ͳͲͳͲ

  89. ͨͷ͍͠;Ζ͘ Java CardͷςετͬͯͲ͏΍Δͷ

  90. Java Cardͷςετ - ιʔείʔυ͔ΒόΠτίʔυʹ
 ίϯύΠϧ͢Δ෦෼͸ී௨ͷJDK - ී௨ʹJavaΛॻ͍ͯςετΛ͢Ε͹ྑ͍

  91. Java Cardͷςετ - ADPUΛ࣮ࡍʹྲྀ͠ࠐΉςετ΋Ͱ͖Δ - offlineςετͱݺΜͰ͍·͢ʢҰൠతʁʣ - ΧʔυϦʔμʹͭͳ͍Ͱম͍ͯAPDUΛྲྀ͠ࠐΉ - responseͷAPDUΛςετ͢Δײ͡

  92. Java Cardͷςετ - Production ReadyͳCardͷAPDUΛԣऔΓͯ͠
 σόοά͢Δࣄ΋Ͱ͖Δ - ͋·ͭ͑͞ແઢ͕ਧ͚Δ΋ͷ΋͋Δ - NomadLAB

    Contact Spyͱ͔Λ࢖͏ - ΊͬͪΌߴ͍Ͱ͢

  93. ͨͷ͍͠;Ζ͘ Java Cardʹ͸σΟϨΫτϦߏ଄΋͋Δ

  94. Java Card಺ͷσΟϨΫτϦߏ଄ - APDUͰಡΈॻ͖Մೳ