martinpaljak / ant-javacard

Easy to use Ant task for building JavaCard applets (2.1.1 to 3.2.0)
https://javacard.pro
MIT License
202 stars 53 forks source link

error on static array initialization in package #74

Closed huckym closed 2 years ago

huckym commented 2 years ago

I have the following toy code for a library package with a static array:

package testapplets.library;
import javacard.security.RandomData;

public class SomeLibrary {
    public static final short TRUE = (short) 0x5AA5;
    public static final short FALSE = (short) 0xA55A;

    public static final byte[] test = { 'a', 'b', 'c'};

    public static short booleantest(boolean b) {
            return b ? TRUE : FALSE;
    }

    public static RandomData getRandom() {
        return RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
    }
}

and the following ant task to build the library package:

  <target name="libtest" depends="prepare">
    <javacard jckit="${converter.sdk}">
      <cap targetsdk="${target.sdk}" sources="src/library" package="testapplets.library" aid="11:22:33:44:55" export="lib" output="build/libtest.cap" version="1.0"/>
    </javacard>
  </target>

but I am getting the following error message:

  [convert] [ INFO: ] Converter [v3.1.0]
  [convert] [ INFO: ]     Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
  [convert]     
  [convert]     
  [convert] [ INFO: ] conversion completed with 1 errors and 0 warnings.
  [convert] error:  Static array initialization in class testapplets/library/SomeLibrary in library package not allowed.

Why is static array in a library problematic? builds fine if I remove the static array

mistial-dev commented 2 years ago

This seems to be a JavaCard issue, not an ant-javacard issue specifically.

Looking through the JavaCard Runtime Environment Docs, the JavaCard Installer seems to be responsible for allocating the statically configured arrays and initializing them.

If a library can be shared between applets, would it not be a security risk to have it be static? As far as I understand it, they want it so anything that makes it through the firewall needs to implement the Shareable interface.

huckym commented 2 years ago

Thanks for pointing me in the right direction. Closing this ticket