From 712946eddb9eedce30b44276d7bd75f40c9a69b9 Mon Sep 17 00:00:00 2001
From: Philipp Maier <pmaier@sysmocom.de>
Date: Thu, 19 Dec 2024 17:59:51 +0100
Subject: [PATCH] javacard: add parser for JAVA-card CAP file format

To install JAVA-card applets we need to be able to extract the executeable
loadfile and the AIDs of the applet and the loadfile. This patch adds the
parser and related unittests.

Related: OS#6679
Change-Id: I581483ccb9d8a254fcecc995fec3c811c5cf38eb
---
 pySim/javacard.py                 | 123 +++++++++++++++++++++++++++++-
 tests/unittests/test_javacard.cap | Bin 0 -> 6173 bytes
 tests/unittests/test_javacard.py  |  18 +++++
 3 files changed, 140 insertions(+), 1 deletion(-)
 create mode 100644 tests/unittests/test_javacard.cap
 create mode 100755 tests/unittests/test_javacard.py

diff --git a/pySim/javacard.py b/pySim/javacard.py
index 07b0f399..6005ab4b 100644
--- a/pySim/javacard.py
+++ b/pySim/javacard.py
@@ -1,9 +1,30 @@
 # JavaCard related utilities
-
+#
+# (C) 2024 by Sysmocom s.f.m.c. GmbH
+# All Rights Reserved
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
 import zipfile
 import struct
 import sys
 import io
+from osmocom.utils import b2h, Hexstr
+from construct import Struct, Array, this, Int32ub, Int16ub, Int8ub
+from osmocom.construct import *
+from osmocom.tlv import *
+from construct import Optional as COptional
 
 def ijc_to_cap(in_file: io.IOBase, out_zip: zipfile.ZipFile, p : str = "foo"):
     """Convert an ICJ (Interoperable Java Card) file [back] to a CAP file.
@@ -19,3 +40,103 @@ def ijc_to_cap(in_file: io.IOBase, out_zip: zipfile.ZipFile, p : str = "foo"):
         out_zip.writestr(p+"/javacard/"+TAGS[tag-1]+".cap", b[0:3+size])
         b = b[3+size:]
 
+class CapFile():
+
+    # Java Card Platform Virtual Machine Specification, v3.2, section 6.4
+    __header_component_compact = Struct('tag'/Int8ub,
+                                        'size'/Int16ub,
+                                        'magic'/Int32ub,
+                                        'minor_version'/Int8ub,
+                                        'major_version'/Int8ub,
+                                        'flags'/Int8ub,
+                                        'package'/Struct('minor_version'/Int8ub,
+                                                         'major_version'/Int8ub,
+                                                         'AID'/LV),
+                                        'package_name'/COptional(LV)) #since CAP format 2.2
+
+    # Java Card Platform Virtual Machine Specification, v3.2, section 6.6
+    __applet_component_compact = Struct('tag'/Int8ub,
+                                        'size'/Int16ub,
+                                        'count'/Int8ub,
+                                        'applets'/Array(this.count, Struct('AID'/LV,
+                                                                           'install_method_offset'/Int16ub)),
+                                       )
+
+    def __init__(self, filename:str):
+
+        # In this dictionary we will keep all nested .cap file components by their file names (without .cap suffix)
+        # See also: Java Card Platform Virtual Machine Specification, v3.2, section 6.2.1
+        self.__component = {}
+
+        # Extract the nested .cap components from the .cap file
+        # See also: Java Card Platform Virtual Machine Specification, v3.2, section 6.2.1
+        cap = zipfile.ZipFile(filename)
+        cap_namelist = cap.namelist()
+        for i, filename in enumerate(cap_namelist):
+            if filename.lower().endswith('.capx') and not filename.lower().endswith('.capx'):
+                #TODO: At the moment we only support the compact .cap format, add support for the extended .cap format.
+                raise ValueError("incompatible .cap file, extended .cap format not supported!")
+
+            if filename.lower().endswith('.cap'):
+                key = filename.split('/')[-1].removesuffix('.cap')
+                self.__component[key] = cap.read(filename)
+
+        # Make sure that all mandatory components are present
+        # See also: Java Card Platform Virtual Machine Specification, v3.2, section 6.2
+        required_components = {'Header' : 'COMPONENT_Header',
+                               'Directory' : 'COMPONENT_Directory',
+                               'Import' : 'COMPONENT_Import',
+                               'ConstantPool' : 'COMPONENT_ConstantPool',
+                               'Class' : 'COMPONENT_Class',
+                               'Method' : 'COMPONENT_Method',
+                               'StaticField' : 'COMPONENT_StaticField',
+                               'RefLocation' : 'COMPONENT_ReferenceLocation',
+                               'Descriptor' : 'COMPONENT_Descriptor'}
+        for component in required_components:
+            if component not in self.__component.keys():
+                raise ValueError("invalid cap file, %s missing!" % required_components[component])
+
+    def get_loadfile(self) -> bytes:
+        """Get the executeable loadfile as hexstring"""
+        # Concatenate all cap file components in the specified order
+        # see also: Java Card Platform Virtual Machine Specification, v3.2, section 6.3
+        loadfile = self.__component['Header']
+        loadfile += self.__component['Directory']
+        loadfile += self.__component['Import']
+        if 'Applet' in self.__component.keys():
+            loadfile += self.__component['Applet']
+        loadfile += self.__component['Class']
+        loadfile += self.__component['Method']
+        loadfile += self.__component['StaticField']
+        if 'Export' in self.__component.keys():
+            loadfile += self.__component['Export']
+        loadfile += self.__component['ConstantPool']
+        loadfile += self.__component['RefLocation']
+        if 'Descriptor' in self.__component.keys():
+            loadfile += self.__component['Descriptor']
+        return loadfile
+
+    def get_loadfile_aid(self) -> Hexstr:
+        """Get the loadfile AID as hexstring"""
+        header = self.__header_component_compact.parse(self.__component['Header'])
+        magic = header['magic'] or 0
+        if magic != 0xDECAFFED:
+            raise ValueError("invalid cap file, COMPONENT_Header lacks magic number (0x%08X!=0xDECAFFED)!" % magic)
+        #TODO: check cap version and make sure we are compatible with it
+        return header['package']['AID']
+
+    def get_applet_aid(self, index:int = 0) -> Hexstr:
+        """Get the applet AID as hexstring"""
+        #To get the module AID, we must look into COMPONENT_Applet. Unfortunately, even though this component should
+        #be present in any .cap file, it is defined as an optional component.
+        if 'Applet' not in self.__component.keys():
+            raise ValueError("can't get the AID, this cap file lacks the optional COMPONENT_Applet component!")
+
+        applet = self.__applet_component_compact.parse(self.__component['Applet'])
+
+        if index > applet['count']:
+            raise ValueError("can't get the AID for applet with index=%u, this .cap file only has %u applets!" %
+                             (index, applet['count']))
+
+        return applet['applets'][index]['AID']
+
diff --git a/tests/unittests/test_javacard.cap b/tests/unittests/test_javacard.cap
new file mode 100644
index 0000000000000000000000000000000000000000..f96ea240c889ee777de911cb7ff16c6b6f1d0170
GIT binary patch
literal 6173
zcmWIWW@Zs#;Nak3h-&DJWIzHU3@i-3t|5-Po_=onzK(vLZmz*0dcJP|PBAd_2K(kO
zHW1jW{87Fpho9~7g)I-=JXbH9A1M5G>8r#PwTYokD+?EWxqsb_vo+W3=4s~J`S&XB
z^~_%|g?kO}-{xJ@R{3~{7~DT?(sXc6T>VYn-NGMc%-NeEz&gq2rB|lGwAy#o>tA0w
zA$rO1n$zi18h@2d3xYC3MT1OAtp2YuP+ZioYg$v2tz+`!x7UIN<Ttp?@;k=K={%v*
zB5iulN1fis7rv))us-87tm@tOy!!lxO<7+0&WoprZCG{4T8GPYw*8NLwmA)H3yNng
z4Zd~d@*Rg=Gt@&T8FC$RQ;|~ZQ5T<+VqSbmvcG!asyhqJZmjIwlbaKH@aXTvdm*cP
z&jhMJ*&baV|0+!Ehw_=`72Y>yUwnW1{pV{f3HeS1CtBuh&zZfsC0Aee#-p2I4Xr!E
zt8SUJyX|IaH;FzK7|6XiO+Raawn1cM_MI7T^RIh33SVqj{GUIyFY}MaRC(_cZg1}&
zICSXyi9@x&3!X*<23KAA<e&Psq_$#;mBm{Q>$fK!%uhDa<kfq7=iIfa-3!<M*g5Ui
z-c7f^6qY@nchfw;o1G)i@Za_sj0_CQEDQ{w*yUni;9vm9ZjiQuybuEe0|;v}Ffim7
zrR$gE=NBa><`(FCq~_%02Zwm;XC;;;CMOo9=zF9lrlc0>B_|dzGVtF!_5Up+6AJ?)
z>xBZQQ!c0m&uYs4uEfB=0Kz(i4R*;aN=+`wFRBEY&BP$jz|SDhz{8-y;KU%okjr4i
zAkM(Ru#$m=fr&whnGwwsv$urX^D{6ofG`oBa4aauNi6|c#LU3M$N_fz1V%;%1ymob
zdv<t%HUk3#2oqtdXKq1$5!h4~1`TE=M)m~^3=Bz(jBHE-AQmSB^Z)<<|91)$GB7bf
zB^ek|ZRDMm#^K7qzyQMfgu~1^Kd-nXF|Q;bKR*ZL8&(D<1_34p1_ri9P6k#61}5f4
zPHwgaW(G!(7y|<%a|1I7GqW{vFfccA@USs31hX}Afz&cEH*yIxH*$%gy69~0MmcE)
z1_lt;Ai_mCiN(brr?4?dI5#je{%2qZxksPDvVn=Ak&%(35k387wYJL^FfcHHFcE?5
zn_7~Qp8~RhogtTjQ&6IZfu)y$QAa|unt_SAnt^GOfC@7+b2kHX2SXK;VLt<_Z4U#R
zo^&?@dljRCL^lIR0&`UrlTt4Or>?93d$xd7Hv^ZE{5pngHi;ev?kYCHUIrc=NoMwH
z243cB2Hr{C41AK^4E)wrsNs@1vs}WIfq?;p^$3Sca7kiGX0lsmY7W@#91KR_l+47;
zAQ7ILlboNMs!)=z5R#u?<eZpWpkQQRXvECG1<rmt3c(@XpduL60j>M{H%c)uFn}--
z4hTw3^T|(6EXmBz0|g!@gE#||oGybPD>EAlCkG2FJ0}+x8#@aN3#u)W*`>eMFfcHH
zur6V5x}+8-7iAWd<bz8HZibbNprpslz|6qfz|_dt$nc*7<P!}L#l)b&07@GT%>SDh
z7#Z{#WI<94oD2#K_6)orHakev2~<!qFmNz3STeXVNPxuuGcg1+=tI~H0t`wFDhwJ7
zS`7OC|1;<_=rb5H7&9m_=rfozXfRkaC@~taW(Z7R+`zHLS=pIUfKh=pL!f~*Ltp`$
z@fJsxErx6v3=5eIQN8VT-g1W}BLf2ni!v}EsytXZs8^AjV`E>Do1;*cT2!2wpJ%IN
zsAr(0keZjApOTrEZmSd;;-+h%WN*i11Jk3MSWuu)k(-lOY^#(}Qc_^04=z^qic9nK
zlJj%*D{^!6^NPV@prTfZO92AFTC6IHGvV6G%ggo3jrBl9wUL2=p?-v~PjGTZYHp%#
zCb&RIPDN-g&a^59%fX@_ZVJd<xGY!D)6<8el>FpkeTX5&`k8qpsYQ8-Ir@p<LKNhw
zc;k2jy^7)#xTWwgG1fCsvg5LW`w67ljte!c=ck{$Da^#c0K%ZKb_@vcaSZ`CFd$Zt
z64nqMAZtcsNGmAVKtjL{oOo<fp!qQ~KhF+am;{G-+vp>ULe*s!7vv;X>gFZprXnju
z7KW&V7_XZQD(CI;i_-OAZ3R7;`EZ5}EQvrAqv&_^bg|RdPs~iwcQG(GFfej<G%?Y)
zG%zqUFobIZso_#kfbl`;2x@y`K>>Oy+N--LGl7GF0ffyN7#NUJ5!m|FVtr6{fw>mZ
zvVl7rtnAdkUHcdq7>pRwxEO>O?6?^085}qn*clwz8Js{IXAsAQoxzohfgL2x&fo@O
zxpOg?F?fIoPY~COi@}@02c*;&#PS0X{_G3^><od747?ejMwM@BUa4nEYAz!KqZ1<o
zS2?5-@GVYfWMGPRVr1aSg(?V1tteq+V6(~0%Pg^DWMJ0N3}a+qan4UkWn|#@$;?aj
zE6q(xEec6Y%1LEp5CY}$oUp{AOb{O`$WoG#S<J|w;DbK|tQi@Yi&E1W8DxEmGjl<W
zz?|&N68(_;d=MR!nx0u)QdDWp$iNORWpZ*D8Q3+Vor0Y}E@De^EGkN@WMp7Z@=r@E
zPAy?%U<?NFd{Xn$OEMT4*dTGo$iQAul%JehT+GNIqu~Q8gFuCyep*ptZfbdcQMSHg
zfJ>+~$VisNqI3gB21%TX7#VnjOA?c_eG?0yKIL+)NKP#PRdU7b3_*+xd{Dcfeqdx^
z(Ez)auQ)X)HMt};1r!CIDU1xPsb#5oC5#O0sd;4{DLF;xf#8}~mYS1akm`|`my(lO
zWX;YH%+3(P$iP{gkzWo@LJ*HZ^va<GU_eoRVsc4l8C)|X1BXp=4m3i!g7Zs@l2hF>
zLD9zxHYzy8TMra4JPeWyQtS+&JPctB;XDiy4C0IoGFYMp)(kA>VTfRe<Y5qD5M^YL
z!ynl^3{ebHJPgqcF+2>h3~@XR@eBz(3>F~!5<wzKJPcwC;yet=3@JPesSF8>43Z!x
zp~n@t4#4gzPf$gXmYAH%$RLkJt7ou3JhB)Wq>;Ua7TDO0$E6t>)v)Bs$iR`FTH=~l
zQdG&vAg`f`5;JIOtr;13L9qhLn@}CxpadT56y+4G>BPvuQ3TEesYQ$o{E!rsnU@af
zOn`G{6e9y~dTL2X1}v&Etwi&iH6w#ydTI$I8K&lyWTs_;OlQ^rS%(tW=&6X2K>^J-
z=qjuk8Tdioae<WLkb;C$!^tVyDL5FM!HQG!QWz8&*cpTvm>7f^SQwZYm_VtA0n|Gb
z1NXQ%K*<i=dtd^kMg~T3PavLw6Wn%_*V@j&xPyVoM@xGX12gj`2IhT}!R_yD46Iuj
z*fugSFfcL5fP0rL3=9mC3@i*X3>*yd3~~&L;P##v#25xS26?ch;tUE5iVTbloD50~
z%23N<8JHMAx_Ngqut#oZ;PBJk#=wa%nva2*fq_AdfrCLE++PGWBeftJ7*xQ1U|`^7
zP-Rd9HANYC8Ppj>8JHM27+4uJ7~~m1eIrc<Ee0mAzx)^&!4Bfo+Qz^&lYwO;$Qov_
z4<Od)F|ae}GjK2%Ai16s>UstSP6llT9R@}QP)nJafsum&)G%iOH*Ogj3>XZdwzNS#
zB(sBo+gDnEeF1}r&Nc=fJ6WwQ3~UP+*tNDZ@FFahVqjxnU@&1|VK8IhVlZdmXRu@t
zXRu<BX0Qc20_0bI1|9|@22pTG$iST=!(hxH%D~9L!XUw5!eGk41a=q)1LGeCX?6xP
zxa-Urm_Run8r+c#Y~V1E+`+)-qs`2|iGiPa69fOg$=etNw6`$`hJ&1j9IFltEDVke
z!VJy~5)3Y2CqZIW66z2Z22ln}1}g?e1`Y;m1}UgDufb8oz;IqbVh=|ovp{%AB#S_5
zNF=L3PDmu1KypYVyFh+OB!@t5NTdK8NJfBNKp`YjfJ2}pBvODABq_iJ7U32M35gWo
z0gLd0Nj`z1kVpZ30q2lN0Re%;kVpYRusK2k1tF0F!eCt@0!AT`0-^#2A&~-N0)`=x
z0^$NjA)6Wa1-QTt@<4S^4%|UHU<ZMm!Y&XDb`Z#VP66+b%?!+-z+nU@7%p%q3NuV(
z5NBXyumNWU+W>DyCJ_e2*c$S<3}|c()V)DqTqA8DQ@9v#kKrIpxW`Dshz`23=p#4?
zW6hZe8jCWXgKjeVcn!kj#e_|U6u6*XEV{Ai12za_e-btpF?@q=Ec&Pn!q{wPg5dzG
zoMB@$=!T;YupkWoON8N|W;nKxKp#~>m>S1I(8-7~7Iep=k9r`C6=fx8EZP_dy4mOh
z8VIwe5jGobcmv&R^kEEy*?$O|jXJ1-ZZ!H(0mA6dY&ZrE(2YRv0V9lv=RoPnK$_5?
q{xG@`=-nTL5lgvHi~#p?i0ljnc(a149tJ)JK8Cd{3=C1iAY%df^){6N

literal 0
HcmV?d00001

diff --git a/tests/unittests/test_javacard.py b/tests/unittests/test_javacard.py
new file mode 100755
index 00000000..0363623c
--- /dev/null
+++ b/tests/unittests/test_javacard.py
@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+
+import os
+import unittest
+from pySim.javacard import *
+
+class TestJavacard(unittest.TestCase):
+
+    def test_CapFile(self):
+        loadfile="01000fdecaffed010204000105d07002ca4402001f000f001f000c002800420018006d00320017000000a900040002002203010004002803020107a0000000620101060210a0000000090003ffffffff8910710002000107a000000062000103000c0108d07002ca44900101002006001843800301ff0007020000002f00398002008101010881000007006d000911188c00048d00012c18197b0002037b00029210240303038b000388007a02318f00053d8c00062e1b8b00077a0120188b000860037a7a02228d00092d1d10076b101a8b000a321fae006b06188c000b7a06118d000c2c1903077b000d037b000d928b000e198b000f3b7a08003200040002000203001857656c636f6d6520746f20546f6f7243616d70203230313203000a48656c6c6f2c2053544b0000000005004200100200000006810900050000020381090b0680030001000000060000010380030103800303068108000381080c0600005306810a000500000003810a1303810a1609001700021e2d0011050306040908040507090a0a06070404040b00a901000100000300030005800281018100ff080000000028ff08000002002800020000008003ff820001002f001d0000000000090020003f000d000000000701002f0042000800000000080100390046001800000000ff020053002f0018000000000010002200240028002a002fffff002f002f003100330022002f00370028003b002201300568109001b008b44323430110012005681080056810a00633b44104b431066800a10231"
+        cap = CapFile(os.path.dirname(os.path.abspath(__file__)) + "/test_javacard.cap")
+        self.assertTrue(b2h(cap.get_loadfile()) == loadfile)
+        self.assertTrue(cap.get_loadfile_aid() == "d07002ca44")
+        self.assertTrue(cap.get_applet_aid() == "d07002ca44900101")
+
+
+if __name__ == "__main__":
+	unittest.main()