Squashed commit of the following:

commit 5b37efd
Author: Kim O'Sullivan <[email protected]>
Date:   Sun Aug 28 17:49:55 2022 +1000

    Make OpenFIPS201 class public (Fix for GitHub issue #47)

commit 7f9fd23
Author: Kim O'Sullivan <[email protected]>
Date:   Fri Aug 26 13:03:41 2022 +1000

    Permitting PUK_RETRIES_CONTACTLESS to be equal to the CONTACT value

    This change is in line with the recent policy change to PIN_RETRIES_CONTACTLESS

commit 3dcc0e5
Author: Kim O'Sullivan <[email protected]>
Date:   Fri Aug 26 12:39:53 2022 +1000

    Added ECC parameter destruction to applet uninstall event

commit 83a0a3c
Author: Kim O'Sullivan <[email protected]>
Date:   Fri Aug 26 00:56:05 2022 +1000

    Applied google formatting tool

commit b162dca
Author: Kim O'Sullivan <[email protected]>
Date:   Fri Aug 26 00:52:56 2022 +1000

    Updated applet version to 1.10.2

commit 7d3f699
Author: Kim O'Sullivan <[email protected]>
Date:   Fri Aug 26 00:52:36 2022 +1000

    Comment fix

commit a597ab8
Author: Kim O'Sullivan <[email protected]>
Date:   Fri Aug 26 00:52:23 2022 +1000

    Cleanup error response value

commit e583d3a
Author: Kim O'Sullivan <[email protected]>
Date:   Fri Aug 26 00:51:52 2022 +1000

    Comment fix

commit ea36c7a
Author: Kim O'Sullivan <[email protected]>
Date:   Fri Aug 26 00:51:35 2022 +1000

    Fixed soft-retry evaluation

commit b14f6c2
Author: Kim O'Sullivan <[email protected]>
Date:   Thu Aug 25 00:03:24 2022 +1000

    OF118, OF119, OF122, OF127, OF130 fixes

build/build.xml

@@ -3,7 +3,7 @@
 
   <property name="VERSION_MAJOR" value="1"/>
   <property name="VERSION_MINOR" value="10"/>
-  <property name="VERSION_REVISION" value="1"/>
+  <property name="VERSION_REVISION" value="2"/>
   <property name="SDK_BASE" value="tools/sdk"/>
   <property name="BUILD_SDK" value="${SDK_BASE}/jc310"/>
   <property name="TARGET_SDK" value="${SDK_BASE}/jc304"/>

doc/asn1/OpenFIPS201-PUT-DATA.asn

@@ -199,8 +199,8 @@ PinPolicyParameter ::= SEQUENCE {
 	permitContactless 		[3] BOOLEAN OPTIONAL,
 	minLength				[4] INTEGER (4..32) OPTIONAL,
 	maxLength				[5] INTEGER (4..32) OPTIONAL,
-	maxRetriesContact 		[6] INTEGER (1..127) OPTIONAL,
-	maxRetriesContactless 	[7] INTEGER (1..127) OPTIONAL,	
+	maxRetriesContact 		[6] INTEGER (1..15) OPTIONAL,
+	maxRetriesContactless 	[7] INTEGER (1..15) OPTIONAL,	
 	charset					[8] PinCharSet OPTIONAL,
 	history					[9] INTEGER (0..12) OPTIONAL,
 	ruleSequence			[10] INTEGER (0..32) OPTIONAL,
@@ -211,8 +211,8 @@ PukPolicyParameter ::= SEQUENCE {
 	enabled				[0] BOOLEAN OPTIONAL,
 	permitContactless 	[1] BOOLEAN OPTIONAL,
 	length				[2]	INTEGER (4..32) OPTIONAL,
-	retriesContact		[3] INTEGER (1..127) OPTIONAL,
-	retriesContactless	[4] INTEGER (1..127) OPTIONAL,
+	retriesContact		[3] INTEGER (1..15) OPTIONAL,
+	retriesContactless	[4] INTEGER (1..15) OPTIONAL,
 	restrictUpdate		[5] BOOLEAN OPTIONAL
 }
 

src/com/makina/security/openfips201/Config.java

@@ -46,7 +46,7 @@ final class Config {
   static final short LENGTH_APPLICATION_NAME = (short) 11;
   static final byte VERSION_MAJOR = (byte) 1;
   static final byte VERSION_MINOR = (byte) 10;
-  static final byte VERSION_REVISION = (byte) 1;
+  static final byte VERSION_REVISION = (byte) 2;
   static final byte VERSION_DEBUG = (byte) 0; // If set to 1, this build is considered DEBUG
 
   ///////////////////////////////////////////////////////////////////////////
@@ -319,12 +319,12 @@ final class Config {
   //
   static final byte LIMIT_PIN_MIN_LENGTH = (byte) 4;
   static final byte LIMIT_PIN_MAX_LENGTH = (byte) 16;
-  static final byte LIMIT_PIN_MAX_RETRIES = (byte) 127;
+  static final byte LIMIT_PIN_MAX_RETRIES = (byte) 15;
   static final byte LIMIT_PIN_HISTORY = (byte) 12;
 
   static final byte LIMIT_PUK_MIN_LENGTH = (byte) 6;
   static final byte LIMIT_PUK_MAX_LENGTH = (byte) 16;
-  static final byte LIMIT_PUK_MAX_RETRIES = (byte) 127;
+  static final byte LIMIT_PUK_MAX_RETRIES = (byte) 15;
 
   private static final byte DEFAULT_PIN_ENABLE_LOCAL = TLV.TRUE;
   private static final byte DEFAULT_PIN_MIN_LENGTH = (byte) 6;
@@ -450,11 +450,11 @@ boolean readFlag(byte address) {
     return (config[address] != (byte) 0);
   }
 
-  byte getIntermediatePIN() {
+  byte getIntermediatePINRetries() {
     return (byte) (config[CONFIG_PIN_RETRIES_CONTACT] - config[CONFIG_PIN_RETRIES_CONTACTLESS]);
   }
 
-  byte getIntermediatePUK() {
+  byte getIntermediatePUKRetries() {
     return (byte) (config[CONFIG_PUK_RETRIES_CONTACT] - config[CONFIG_PUK_RETRIES_CONTACTLESS]);
   }
 
@@ -562,8 +562,8 @@ void update(TLVReader reader) {
         if (value < (byte) 0 || value > LIMIT_PIN_MAX_RETRIES) {
           ISOException.throwIt(ISO7816.SW_DATA_INVALID);
         }
-        // Pre-condition - Must be less than RETRIES_CONTACT
-        if (value >= config[CONFIG_PIN_RETRIES_CONTACT]) {
+        // Pre-condition - Cannot be greater than RETRIES_CONTACT
+        if (value > config[CONFIG_PIN_RETRIES_CONTACT]) {
           ISOException.throwIt(ISO7816.SW_DATA_INVALID);
         }
         config[CONFIG_PIN_RETRIES_CONTACTLESS] = value;
@@ -661,8 +661,8 @@ void update(TLVReader reader) {
         if (value < (byte) 0 || value > LIMIT_PUK_MAX_RETRIES) {
           ISOException.throwIt(ISO7816.SW_DATA_INVALID);
         }
-        // Pre-condition - Must be less than PUK_RETRIES_CONTACT
-        if (value >= config[CONFIG_PUK_RETRIES_CONTACT]) {
+        // Pre-condition - Must not be more than PUK_RETRIES_CONTACT
+        if (value > config[CONFIG_PUK_RETRIES_CONTACT]) {
           ISOException.throwIt(ISO7816.SW_DATA_INVALID);
         }
         config[CONFIG_PUK_RETRIES_CONTACTLESS] = value;

src/com/makina/security/openfips201/ECParamsP256.java

@@ -111,6 +111,11 @@ static ECParams getInstance() {
     }
     return instance;
   }
+
+  static void terminate() {
+	// NOTE: It is the responsibility of the caller to perform garbage collection
+	instance = null;
+  }
 
   @Override
   protected byte[] getA() {

src/com/makina/security/openfips201/ECParamsP384.java

@@ -42,6 +42,11 @@ static ECParams getInstance() {
     }
     return instance;
   }
+
+  static void terminate() {
+	// NOTE: It is the responsibility of the caller to perform garbage collection
+	instance = null;
+  }
 
   // Curve polynomial element a
   protected static final byte[] a = {

src/com/makina/security/openfips201/OpenFIPS201.java

@@ -28,6 +28,7 @@
 
 import javacard.framework.APDU;
 import javacard.framework.Applet;
+import javacard.framework.AppletEvent;
 import javacard.framework.ISO7816;
 import javacard.framework.ISOException;
 import org.globalplatform.GPSystem;
@@ -37,7 +38,7 @@
  * The main applet class, which is responsible for handling APDU's and dispatching them to the PIV
  * provider.
  */
-final class OpenFIPS201 extends Applet {
+public final class OpenFIPS201 extends Applet implements AppletEvent {
   /*
    * PERSISTENT applet variables (EEPROM)
    */
@@ -130,6 +131,21 @@ public void deselect() {
     }
   }
 
+  @Override
+  public void uninstall() {
+  	//
+  	// NOTE:
+  	// - Get rid of all static instances that would prevent GP from deleting the applet instance 
+  	//   without also deleting the corresponding package
+  	// - TODO: Change TLVReader and TLVWriter to an instance
+  	// - TODO: Change ECParams to public final const arrays, there's no need to instantiate.
+    TLVReader.terminate();
+    TLVWriter.terminate();
+    PIVCrypto.terminate();
+    ECParamsP256.terminate();
+    ECParamsP384.terminate();
+  }
+
   @Override
   public void process(APDU apdu) {
 
@@ -247,7 +263,7 @@ public void process(APDU apdu) {
         processPIV_PUT_DATA(apdu);
         break;
 
-      case INS_PIV_GENERATE_ASYMMETRIC_KEYPAIR:
+      case INS_PIV_GENERATE_ASYMMETRIC_KEYPAIR: // Case 2
         processPIV_GENERATE_ASYMMETRIC_KEYPAIR(apdu);
         break;