Client Pin not finished

.idea/codeStyles/codeStyleConfig.xml

+<component name="ProjectCodeStyleConfiguration">
+  <state>
+    <option name="PREFERRED_PROJECT_CODE_STYLE" value="Default" />
+  </state>
+</component>
\ No newline at end of file

src/main/java/com/josh/vku2f/COSEKey.java

+package com.josh.vku2f;
+
+public class COSEKey {
+    private byte[] w ;
+    COSEKey(){
+        w = new byte[64];
+    }
+
+
+    public void setW(byte[] w){
+        this.w = w;
+    }
+    public byte[] getW(){
+        return w;
+    }
+    public void encode(CBOREncoder cborEncoder){
+    }
+}

src/main/java/com/josh/vku2f/ClientPIN.java

+package com.josh.vku2f;
+
+import javacard.framework.JCSystem;
+
+public class ClientPIN {
+    private short i; // counter
+    private byte[] PIN ;
+    private boolean[] checked;
+    ClientPIN(){
+        checked = JCSystem.makeTransientBooleanArray((short)1, JCSystem.CLEAR_ON_DESELECT);
+    }
+    public boolean checkPIN(byte[] pin){
+        if(PIN.length != pin.length){
+            return false;
+        }
+        for(i = 0; i < PIN.length; i++){
+            if(PIN[i] != pin[i]) {
+                return false;
+            }
+        }
+        checked[0] = true;
+        return true;
+    }
+
+    public void setPIN(){
+
+    }
+}

src/main/java/com/josh/vku2f/ClientPINCommand.java

+package com.josh.vku2f;
+
+import javacard.framework.UserException;
+
+public class ClientPINCommand {
+    public static final byte PARAMETER_PROTOCOL = 0x01;
+    public static final byte PARAMETER_SUBCOMMAND = 0x02;
+    public static final byte PARAMETER_KEY_AGREEMENT = 0x03;
+    public static final byte PARAMETER_PIN_UV_AUTH_PARAM = 0x04;
+    public static final byte PARAMETER_NEW_PIN_ENC = 0x05;
+    public static final byte PARAMETER_PIN_HASH_ENC = 0x06;
+    public static final byte PARAMETER_PERMISSIONS = 0x09;
+    public static final byte PARAMETER_RP_ID = 0x0A;
+
+    private byte protocol; // unsigned int
+    private byte subCommandCode; // unsigned int
+    private byte[] keyAgreement; // COSE object
+    private byte[] pinUvAuthParam; // byte string
+    private byte[] newPinEnc; // byte string
+    private byte[] pinHashEnc; // byte string
+    private byte permissions; // unsigned int
+    private byte[] rpId; // text string
+
+    public void decodeCommand(CBORDecoder cborDecoder) throws UserException {
+        short commandLength = cborDecoder.readMajorType(CBORBase.TYPE_MAP);
+        do {
+            byte commandKey = cborDecoder.readInt8();
+            short valueLength;
+            switch (commandKey) {
+                case PARAMETER_PROTOCOL:
+                    protocol = cborDecoder.readInt8();
+                    break;
+                case PARAMETER_SUBCOMMAND:
+                    subCommandCode = cborDecoder.readInt8();
+                    break;
+                case PARAMETER_KEY_AGREEMENT:
+                    valueLength = cborDecoder.readLength();
+                    keyAgreement = new byte[valueLength];
+                    cborDecoder.readRawByteArray(keyAgreement, (short) 0, valueLength);
+                    break;
+                case PARAMETER_PIN_UV_AUTH_PARAM:
+                    valueLength = cborDecoder.readLength();
+                    pinUvAuthParam = new byte[valueLength];
+                    cborDecoder.readRawByteArray(pinUvAuthParam, (short) 0, valueLength);
+                    break;
+                case PARAMETER_NEW_PIN_ENC:
+                    valueLength = cborDecoder.readLength();
+                    newPinEnc = new byte[valueLength];
+                    cborDecoder.readRawByteArray(newPinEnc, (short) 0, valueLength);
+                    break;
+                case PARAMETER_PIN_HASH_ENC:
+                    valueLength = cborDecoder.readLength();
+                    pinHashEnc = new byte[valueLength];
+                    cborDecoder.readRawByteArray(pinHashEnc, (short) 0, valueLength);
+                    break;
+                case PARAMETER_PERMISSIONS:
+                    permissions = cborDecoder.readInt8();
+                    break;
+                case PARAMETER_RP_ID:
+                    valueLength = cborDecoder.readLength();
+                    rpId = new byte[valueLength];
+                    cborDecoder.readRawByteArray(rpId, (short) 0, valueLength);
+                    break;
+            }
+            commandLength--;
+        } while (commandLength >= 1);
+    }
+
+    public byte getProtocol() {
+        return protocol;
+    }
+
+    public byte getSubCommandCode() {
+        return subCommandCode;
+    }
+
+    public byte[] getKeyAgreement() {
+        return keyAgreement;
+    }
+
+    public byte[] getPinUvAuthParam() {
+        return pinUvAuthParam;
+    }
+
+    public byte[] getNewPinEnc() {
+        return newPinEnc;
+    }
+
+    public byte[] getPinHashEnc() {
+        return pinHashEnc;
+    }
+
+    public byte getPermissions() {
+        return permissions;
+    }
+
+    public byte[] getRpId() {
+        return rpId;
+    }
+}

src/main/java/com/josh/vku2f/ClientPINResponse.java

+package com.josh.vku2f;
+
+public class ClientPINResponse {
+    public static byte KEY_AGREEMENT = (byte)0x01;
+    public static byte PIN_UV_AUTH_TOKEN = (byte)0x02;
+    public static byte PIN_RETRIES = (byte)0x03;
+    public static byte POWER_CYCLE_STATE = (byte)0x04;
+    public static byte UV_RETRIES = (byte)0x05;
+}

src/main/java/com/josh/vku2f/ClientPINSubCommand.java

+package com.josh.vku2f;
+
+public class ClientPINSubCommand {
+    public static final byte SUBCOMMAND_GET_PIN_RETRIES =               (byte) 0x01;
+    public static final byte SUBCOMMAND_GET_KEY_AGREEMENT =             (byte) 0x02;
+    public static final byte SUBCOMMAND_SET_PIN =                       (byte) 0x03;
+    public static final byte SUBCOMMAND_CHANGE_PIN =                    (byte) 0x04;
+    public static final byte SUBCOMMAND_GET_PIN_TOKEN =                 (byte) 0x05;
+    public static final byte SUBCOMMAND_GET_PIN_UV_AUTH_TOKEN_UV =      (byte) 0x06;
+    public static final byte SUBCOMMAND_GET_UV_RETRIES =                (byte) 0x07;
+    // no 0x08
+    public static final byte SUBCOMMAND_GET_PIN_UV_AUTH_TOKEN_PIN =    (byte) 0x09;
+}

src/main/java/com/josh/vku2f/PinUvAuthProtocol.java

+package com.josh.vku2f;
+
+public abstract class PinUvAuthProtocol {
+
+    private PinUvAuthToken pinUvAuthToken;
+
+    public abstract void initialize();
+    public abstract void regenerate();
+    public abstract void resetPinUvAuthToken();
+    public abstract byte[] getPublicKey();
+    public abstract byte[] decapsulate(COSEKey peerCoseKey);
+    public abstract void decrypt(byte[] sharedSecret, byte[] cipherText);
+    public abstract void verify(byte[] key, byte[] message, byte[] signature);
+}

src/main/java/com/josh/vku2f/PinUvAuthProtocolOne.java

+package com.josh.vku2f;
+
+import javacard.framework.JCSystem;
+import javacard.security.*;
+
+public class PinUvAuthProtocolOne extends PinUvAuthProtocol{
+
+    private KeyPair ecDhKeyPair;
+    private boolean[] ecDhSet;
+
+    @Override
+    public void initialize() {
+        ECPublicKey ecDhPub = (ECPublicKey) KeyBuilder.buildKey(KeyBuilder.ALG_TYPE_EC_FP_PUBLIC,
+                JCSystem.MEMORY_TYPE_TRANSIENT_RESET, KeyBuilder.LENGTH_EC_FP_256, false);
+        ECPrivateKey ecDhPriv = (ECPrivateKey) KeyBuilder.buildKey(KeyBuilder.ALG_TYPE_EC_FP_PRIVATE,
+                JCSystem.MEMORY_TYPE_TRANSIENT_RESET, KeyBuilder.LENGTH_EC_FP_256, false);
+        ecDhKeyPair = new KeyPair(ecDhPub, ecDhPriv);
+        ecDhSet = JCSystem.makeTransientBooleanArray((short) 1, JCSystem.CLEAR_ON_RESET);
+    }
+
+    @Override
+    public void regenerate() {
+
+    }
+
+    @Override
+    public void resetPinUvAuthToken() {
+
+    }
+
+    @Override
+    public byte[] getPublicKey() {
+        byte[] w;
+        try {
+            w = JCSystem.makeTransientByteArray((short) 65, JCSystem.CLEAR_ON_RESET);
+        } catch (Exception e) {
+            w = new byte[65];
+        }
+
+        if (!ecDhSet[0]) {
+            // Grab the public key and set it's parameters
+            KeyParams.sec256r1params((ECKey) ecDhKeyPair.getPublic());
+            // Generate a new key-pair
+            ecDhKeyPair.genKeyPair();
+            ecDhSet[0] = true;
+        }
+
+        ((ECPublicKey) ecDhKeyPair.getPublic()).getW(w, (short) 0);
+
+        // Return the data requested
+        return w;
+    }
+
+    public byte[] encapsulate(COSEKey peerCOSEKey){
+        return null;
+    }
+
+    @Override
+    public byte[] decapsulate(COSEKey peerCOSEKey) {
+        return null;
+    }
+
+    public byte[] encrypt(byte[] key, byte[] plaintext){
+        return null;
+    }
+
+    @Override
+    public void decrypt(byte[] sharedSecret, byte[] cipherText) {
+
+    }
+
+    public byte[] authenticate(byte[] key, byte[] message){
+        return null;
+    }
+
+    @Override
+    public void verify(byte[] key, byte[] message, byte[] signature) {
+
+    }
+    private byte[] ecdh(COSEKey peerCoseKey){
+        return null;
+    }
+    private byte[] kdf(byte[] Z){
+        return null;
+    }
+}

src/main/java/com/josh/vku2f/PinUvAuthToken.java

+package com.josh.vku2f;
+
+public class PinUvAuthToken {
+    private byte[] token;
+    private byte protocol;
+    private byte permissionsRPID ;
+    private byte permissionsSet;
+    private byte usageTimer;
+    private boolean inUseFlag;
+    private byte initialUsageTimeLimit;
+    private byte userPresentTimeLimit;
+    private byte maxUsageTimePeriod;
+    private boolean userVerifiedFlag;
+    private boolean userPresentFlag;
+    PinUvAuthToken(){
+        resetTokenState();
+    }
+    public void generateNewToken(){
+
+    }
+    public void resetTokenState(){
+        permissionsRPID = 0x00;
+        permissionsSet = 0x00;
+        usageTimer = 0x00;
+        inUseFlag = false;
+        initialUsageTimeLimit = 0x00;
+        userPresentTimeLimit = 0x00;
+        maxUsageTimePeriod = 0x00;
+        userVerifiedFlag = false;
+        userPresentFlag = false;
+    }
+    public boolean isInUse(){
+        return inUseFlag;
+    }
+}