Toporin / SatochipApplet

The open source hardware wallet smartcard - Satochip.io
https://satochip.io/shop
GNU Affero General Public License v3.0
120 stars 44 forks source link

Code compilation issues (and such) #4

Closed Aiosa closed 4 years ago

Aiosa commented 4 years ago

Hello, when compiling the cap file using ant, I get one error (error: org.satochip.applet.CardEdge: unsupported int type of intermediate value, must cast intermediate value to type short or byte) - the culprits are:

offset++;
if (bytesLeft!=/*here*/(short)(5+altcoinSize))
    ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
recvBuffer[0]= (byte) (altcoinSize+17);

and

if ((bip32_depth < 0) || (bip32_depth > MAX_BIP32_DEPTH) )
        ISOException.throwIt(SW_INCORRECT_P1);
if (bytesLeft < /*here*/(short)(4*bip32_depth))
    ISOException.throwIt(SW_INVALID_PARAMETER);

// P2 option flags

Also, when searching for missing short casts, I noticed there are some lines that make no sense, would be nice to comment them out... though it looks more like bug to me

RFU = buffer[base++]; //create_object_ACL deprecated => RFU
RFU = buffer[base++]; //create_key_ACL deprecated => RFU
RFU = buffer[base++]; //create_pin_ACL deprecated => RFU

you are rewriting the value of unused RFU (it is not accessed afterwards) variable, yet increasing the value in the base variable.

Just reporting what I was forced to find out, hope it will be useful :) All the lines are from the Applet class file CardEdge.java

Toporin commented 4 years ago

Hello,

Thanks for your feedback and sorry for the long delay!

Regarding the casting errors, it depends on the compilation toolchain that is used apparently. We will try to add these casts in the next release (coming soon!).

Regarding the unused 'RFU' variable: RFU stands for 'reserved for future use'. Due to simplifications in the interface, some initialization variables were deprecated but kept to maintain backward compatibility. These unused variables could be used again in the future if needed...

Regards,

The Satochip team

Aiosa commented 4 years ago

Thanks for the clarification. I am working on a javacard applet store, needed deterministic build to be able to let others verify the source by generating the same cap output, your applet is included. You can check it out here (https://github.com/JavaCardSpot-dev/JCAppStore) and possibly include it in your readme :)