Bump version to 0.1.2 and refactor package structure

Backport aes fix

Author: tobias-schwerdtfeger

asn1/build.gradle.kts

@@ -60,7 +60,7 @@ kotlin {
 
 mavenPublishing {
     publishToMavenCentral(SonatypeHost.CENTRAL_PORTAL)
-    signAllPublications()
+//    signAllPublications()
 
     coordinates(group.toString(), "asn1", version.toString())
 

crypto/build.gradle.kts

@@ -104,7 +104,7 @@ kotlin {
 
 mavenPublishing {
     publishToMavenCentral(SonatypeHost.CENTRAL_PORTAL)
-    signAllPublications()
+//    signAllPublications()
 
     coordinates(group.toString(), "crypto", version.toString())
 

crypto/src/commonTest/kotlin/de/gematik/openhealth/crypto/cipher/AesTest.kt

@@ -103,6 +103,7 @@ class AesTest {
                     16.bytes,
                     "1234567890123456".encodeToByteArray(),
                     byteArrayOf(),
+                    autoPadding = false
                 ).createCipher(
                     SecretKey("1234567890123456".encodeToByteArray()),
                 )
@@ -126,6 +127,7 @@ class AesTest {
                     "0F 98 50 42 1A DA DC FF 64 5F 7E 79 79 E2 E6 8A".hexToByteArray(
                         hexSpaceFormat,
                     ),
+                    autoPadding = false
                 ).createDecipher(
                     SecretKey("1234567890123456".encodeToByteArray()),
                 )

crypto/src/jvmMain/kotlin/de/gematik/openhealth/crypto/cipher/Aes.jvm.kt

@@ -27,20 +27,20 @@ import javax.crypto.spec.IvParameterSpec
 import javax.crypto.spec.SecretKeySpec
 
 @OptIn(UnsafeCryptoApi::class)
-private fun AesCipherSpec.algorithmName(): String =
+private fun AesCipherSpec.algorithmName(autoPadding: Boolean): String =
     when (this) {
-        is AesEcbSpec -> if (autoPadding) "AES/ECB/PKCS5Padding" else "AES/ECB/NoPadding"
-        is AesCbcSpec -> if (autoPadding) "AES/CBC/PKCS5Padding" else "AES/CBC/NoPadding"
-        is AesGcmCipherSpec -> "AES/GCM/NoPadding"
-    }
+        is AesEcbSpec -> "AES/ECB/"
+        is AesCbcSpec -> "AES/CBC/"
+        is AesGcmCipherSpec -> "AES/GCM/"
+    } + if (autoPadding) "PKCS5Padding" else "NoPadding"
 
 @OptIn(UnsafeCryptoApi::class)
-private fun AesDecipherSpec.algorithmName(): String =
+private fun AesDecipherSpec.algorithmName(autoPadding: Boolean): String =
     when (this) {
-        is AesEcbSpec -> if (autoPadding) "AES/ECB/PKCS5Padding" else "AES/ECB/NoPadding"
-        is AesCbcSpec -> if (autoPadding) "AES/CBC/PKCS5Padding" else "AES/CBC/NoPadding"
-        is AesGcmDecipherSpec -> "AES/GCM/NoPadding"
-    }
+        is AesEcbSpec -> "AES/ECB/"
+        is AesCbcSpec -> "AES/CBC/"
+        is AesGcmDecipherSpec -> "AES/GCM/"
+    } + if (autoPadding) "PKCS5Padding" else "NoPadding"
 
 private class JvmAesCipher(
     override val spec: AesCipherSpec,
@@ -50,7 +50,7 @@ private class JvmAesCipher(
 
     @OptIn(UnsafeCryptoApi::class)
     private val cipher: Cipher =
-        Cipher.getInstance(spec.algorithmName()).apply {
+        Cipher.getInstance(spec.algorithmName(spec.autoPadding)).apply {
             val secretKey = SecretKeySpec(key.data, "AES")
             when (spec) {
                 is AesGcmCipherSpec -> {
@@ -59,7 +59,15 @@ private class JvmAesCipher(
                     updateAAD(spec.aad)
                 }
                 is AesCbcSpec -> {
-                    val ivSpec = IvParameterSpec(spec.iv)
+                    val iv =
+                        if (spec.iv.isEmpty()) {
+                            ByteArray(
+                                spec.tagLength.bytes,
+                            ) { 0x00 }
+                        } else {
+                            spec.iv
+                        }
+                    val ivSpec = IvParameterSpec(iv)
                     init(Cipher.ENCRYPT_MODE, secretKey, ivSpec)
                 }
                 else -> init(Cipher.ENCRYPT_MODE, secretKey)
@@ -87,7 +95,7 @@ private class JvmAesDecipher(
 ) : AesDecipher {
     @OptIn(UnsafeCryptoApi::class)
     private val cipher: Cipher =
-        Cipher.getInstance(spec.algorithmName()).apply {
+        Cipher.getInstance(spec.algorithmName(spec.autoPadding)).apply {
             val secretKey = SecretKeySpec(key.data, "AES")
             when (spec) {
                 is AesGcmDecipherSpec -> {
@@ -96,7 +104,15 @@ private class JvmAesDecipher(
                     updateAAD(spec.aad)
                 }
                 is AesCbcSpec -> {
-                    val ivSpec = IvParameterSpec(spec.iv)
+                    val iv =
+                        if (spec.iv.isEmpty()) {
+                            ByteArray(
+                                spec.tagLength.bytes,
+                            ) { 0x00 }
+                        } else {
+                            spec.iv
+                        }
+                    val ivSpec = IvParameterSpec(iv)
                     init(Cipher.DECRYPT_MODE, secretKey, ivSpec)
                 }
                 else -> init(Cipher.DECRYPT_MODE, secretKey)

gradle.properties

@@ -28,4 +28,4 @@ android.useAndroidX=true
 android.nonTransitiveRClass=true
 
 gematik.baseGroup=de.gematik.openhealth
-gematik.version=0.1.1
+gematik.version=0.1.2

smartcard/build.gradle.kts

@@ -95,7 +95,7 @@ rootProject.plugins.withType<org.jetbrains.kotlin.gradle.targets.js.yarn.YarnPlu
 
 mavenPublishing {
     publishToMavenCentral(SonatypeHost.CENTRAL_PORTAL)
-    signAllPublications()
+//    signAllPublications()
 
     coordinates(group.toString(), "smartcard", version.toString())
 

smartcard/src/commonMain/kotlin/de/gematik/openhealth/smartcard/card/HealthCardScope.kt

@@ -22,17 +22,26 @@ import de.gematik.openhealth.smartcard.command.HealthCardResponseStatus
 import de.gematik.openhealth.smartcard.command.ResponseException
 import de.gematik.openhealth.smartcard.command.commandApdu
 import de.gematik.openhealth.smartcard.command.requireSuccess
+import kotlin.jvm.JvmSynthetic
 
-interface HealthCardScope : SmartCard.CommunicationScope {
+/**
+ * Scope for communicating with the health card.
+ */
+interface HealthCardScope : SmartCardCommunicationScope {
     /**
-     * Transmits the command on the given [SmartCard.CommunicationScope] and throws a [ResponseException]
+     * Transmits the command on the given [SmartCardCommunicationScope] and throws a [ResponseException]
      * if the command was not successful.
      */
+    @JvmSynthetic
     suspend fun HealthCardCommand.transmitSuccessfully(): HealthCardResponse =
         transmit().also {
             it.requireSuccess()
         }
 
+    /**
+     * Transmits the command on the given [SmartCardCommunicationScope] and returns the response.
+     */
+    @JvmSynthetic
     suspend fun HealthCardCommand.transmit(): HealthCardResponse {
         val commandApdu = this.commandApdu(supportsExtendedLength)
         return transmit(commandApdu).let {
@@ -45,13 +54,14 @@ interface HealthCardScope : SmartCard.CommunicationScope {
 }
 
 private class HealthCardScopeImpl(
-    scope: SmartCard.CommunicationScope,
+    scope: SmartCardCommunicationScope,
 ) : HealthCardScope,
-    SmartCard.CommunicationScope by scope
-
-suspend fun <R> SmartCard.CommunicationScope.useHealthCard(
-    block: suspend HealthCardScope.() -> R,
-): R = block(HealthCardScopeImpl(this))
+    SmartCardCommunicationScope by scope
 
-fun <R> SmartCard.CommunicationScope.useHealthCardBlocking(block: HealthCardScope.() -> R): R =
-    block(HealthCardScopeImpl(this))
+/**
+ * Creates a new [HealthCardScope] for the given [SmartCardCommunicationScope].
+ *
+ * @param scope The [SmartCardCommunicationScope] to use for communication.
+ *
+ */
+fun SmartCardCommunicationScope.healthCardScope(): HealthCardScope = HealthCardScopeImpl(this)

smartcard/src/commonMain/kotlin/de/gematik/openhealth/smartcard/card/SmartCardCommunicationScope.kt

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2025 gematik GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.gematik.openhealth.smartcard.card
+
+import de.gematik.openhealth.smartcard.command.CardCommandApdu
+import de.gematik.openhealth.smartcard.command.CardResponseApdu
+import kotlin.coroutines.resume
+import kotlin.coroutines.suspendCoroutine
+import kotlin.js.JsExport
+
+/**
+ * Defines the communication scope for interacting with a specific smart card.
+ */
+interface SmartCardCommunicationScope {
+    /**
+     * Indicates whether the card supports extended length APDU commands.
+     */
+    val supportsExtendedLength: Boolean
+
+    /**
+     * Transmits a command APDU to the smart card and receives the corresponding response APDU.
+     */
+    fun transmit(
+        commandApdu: CardCommandApdu,
+        response: (responseApdu: CardResponseApdu) -> Unit,
+    )
+
+    /**
+     * Ensures extensibility for specific APDU commands.
+     */
+    @JsExport.Ignore
+    companion object
+}
+
+/**
+ * Transmits a command APDU to the smart card and receives the corresponding response APDU.
+ */
+suspend fun SmartCardCommunicationScope.transmit(commandApdu: CardCommandApdu): CardResponseApdu =
+    suspendCoroutine { cont -> transmit(commandApdu) { cont.resume(it) } }

smartcard/src/commonMain/kotlin/de/gematik/openhealth/smartcard/card/TrustedChannel.kt

@@ -60,15 +60,18 @@ internal class TrustedChannelScopeImpl(
     override val paceKey: PaceKey,
 ) : TrustedChannelScope,
     HealthCardScope {
-    override val cardIdentifier: String = scope.cardIdentifier
     override val supportsExtendedLength: Boolean = scope.supportsExtendedLength
 
     private val secureMessagingSequenceCounter: ByteArray = ByteArray(CIPHER_BLOCK_SIZE_BYTES)
 
-    override suspend fun transmit(commandApdu: CardCommandApdu): CardResponseApdu {
+    override fun transmit(
+        commandApdu: CardCommandApdu,
+        response: (responseApdu: CardResponseApdu) -> Unit,
+    ) {
         val encryptedCommandApdu = encrypt(commandApdu)
-        val encryptedResponseApdu = scope.transmit(encryptedCommandApdu)
-        return decrypt(encryptedResponseApdu)
+        scope.transmit(encryptedCommandApdu) { encryptedResponseApdu ->
+            response(decrypt(encryptedResponseApdu))
+        }
     }
 
     private fun incrementMsgSeqCounter() {

smartcard/src/commonTest/kotlin/de/gematik/openhealth/smartcard/HealthCardTestScope.kt

@@ -22,17 +22,19 @@ import de.gematik.openhealth.smartcard.command.CardResponseApdu
 import de.gematik.openhealth.smartcard.command.HealthCardCommand
 
 class HealthCardTestScope(
-    override val cardIdentifier: String = "",
     override val supportsExtendedLength: Boolean = true,
 ) : HealthCardScope {
     private var lastCardCommandAPDU: CardCommandApdu? = null
 
     val lastCommandAPDUBytes: ByteArray
         get() = lastCardCommandAPDU?.apdu ?: ByteArray(0)
 
-    override suspend fun transmit(command: CardCommandApdu): CardResponseApdu {
-        lastCardCommandAPDU = command
-        return CardResponseApdu(byteArrayOf(0x90.toByte(), 0x00))
+    override fun transmit(
+        commandApdu: CardCommandApdu,
+        response: (CardResponseApdu) -> Unit,
+    ) {
+        lastCardCommandAPDU = commandApdu
+        response(CardResponseApdu(byteArrayOf(0x90.toByte(), 0x00)))
     }
 
     suspend fun test(cmd: HealthCardCommand): ByteArray {