add storage requirements

Author: StarGate01

docs/2-hardware.md

@@ -15,7 +15,7 @@ The specification of the chip used in the FlexSecure and Apex Flex (with a diffe
 - Package: MOB10 ultra-thin (chip: `5 mm * 5 mm`, total: `5 mm * 8 mm`, thickness: `0.1 mm`) punched from `35 mm` tape reels
 - Hardware interface: Contactless (NFC `13.56 MHz`, ISO/IEC 14443 Type A) only
 - Capacitance: `56 pF`
-- Configuration: "MIFARE Plus EV1 in classic mode 4K applet" removed, leaves `>= 164K` EEPROM, `>= 4KB` RAM usable
+- Configuration: "MIFARE Plus EV1 in classic mode 4K applet" removed, leaves `>= 164K` EEPROM, `>= 4KB` RAM usable (for details, see below)
 - GlobalPlatform key: `404142434445464748494a4b4c4d4e4f` (default test key)
 - Supported algorithms: RSA 4096bits, AES, SHA1/SHA224/SHA256/SHA384/SHA512, 3DES(ECB,CBC), KOREAN SEED, ECC FP 160 bits to 521 bits
 
@@ -61,15 +61,23 @@ The P71 has a few hundreds kilobytes of ROM (read-only) memory. The contents of
 
 The P71 J3R200 has about `200 KB` of EEPROM (re-writeable) nonvolatile flash memory. According to our manufacturer, the FlexSecure has at least `164 KB` of EEPROM available. The Mifare classic emulation applet was removed from the ROM mask, otherwise only about `99 KB` flash would have been available.
 
+Measurements show an available persistent (EEPROM) storage of at least `167736` bytes for the FlexSecure.
+
 The ROM is typically used for storing pre-deployed packages which will never change. The EEPROM then stores only the applet instances, as well as configuration data like e.g. secret keys. In our case, all packages are loaded during runtime into the EEPROM, and the ROM is pretty much unused expect for some cryptographic algorithms and the operating system. 
 
-The P71 J3R200 has about `8 KB / 10KB` of volatile RAM available. Some of that is used by the operating system and cryptographic algorithms. According to out manufacturer, at least `4 KB` of RAM is available for applets on the FlexSecure.
+The P71 J3R200 has about `8 KB` of volatile RAM available. Some of that is used by the operating system and cryptographic algorithms. According to our manufacturer, at least `4 KB` of RAM is available for applets on the FlexSecure.
+
+Measurements show a transient (RAM) storage size of at least `4115` / `4112` (reset / deselect) bytes for the FlexSecure.
 
 The Apex Flex uses either the `J3R200` or the `J3R180` chip, which one is unclear at the time of writing. They have the same base specs (besides the `J3R180` having a `20 KB` smaller EEPROM), and use a different ROM mask specified by Fidesmo. The ROM mask should contain the pre-loaded payment package, and the EEPROM additionally contains the instance of this payment applet. This takes quite a chunk of memory (allegedly about `100 KB`). Information on these Fidesmo-deployed chips is scarce, maybe the payment package is stored in the EEPROM as well. In any case, the remaining amount of storage and memory is significantly smaller than on the FlexSecure.
 
+Measurements show an available persistent (EEPROM) storage of at least `84336` bytes, and a transient (RAM) storage size of at least `4054` / `4160` (reset / deselect) bytes for the Apex Flex.
+
+An issue concerning the fact that Fidesmo does not actually free the card memory upon applet deletion is being investigated.
+
 ## Payments
 
-At the time of writing, it is unclear whether the payment functionality of the Apex Flex will be active. Mastercard / Visa have some ideological issues supporting implants, so although the Fidesmo payment applet works great, it might be disabled on the Apex Flex. It is unknown whether the payment applet will be loaded on the chip but refuse to function, or if it will be completely absent. In the latter case, there would be more storage and memory available, probably similar to the FlexSecure. However, it is more likely that the applet will lie dormant until Visa / Mastercard sort out their issues.
+It is unclear if and when the payment functionality of the Apex Flex will be active. Mastercard / Visa have some ideological issues supporting implants, so although the Fidesmo payment applet works great, it might be disabled on the Apex Flex. The payment applet will be loaded on the chip, but won't be enabled. The applet will lie dormant until Visa / Mastercard sort out their issues.
 
 The FlexSecure comes without a payment applet. Although there are payment applet implementations by Fidesmo and e.g. Mastercard available, the legal paperwork and security requirements (sectioned chips, private administrative keys) mean that the FlexSecure cannot and will not be able to make payments.
 
@@ -85,5 +93,6 @@ If you want full offline control over your hardware and keys, the maximum possib
 - https://www.javacardos.com/store/products/11020
 - https://fidesmo.com/
 - https://github.com/fidesmo/fdsm
+- https://github.com/StarGate01/javacard-memory
 
 Improve this document: https://github.com/StarGate01/flexsecure-applets/tree/master/docs

docs/applets/1-pgp.md

@@ -10,6 +10,10 @@ Explaining the theory of public-key cryptography is out of scope, please refer t
 - Binary name: `SmartPGPApplet-default.cap` and `SmartPGPApplet-large.cap`
 - Download: https://github.com/StarGate01/flexsecure-applets/releases
 - AID: `d2:76:00:01:24:01:03:04:00:0A:00:00:00:00:00:00` (has to be adjusted, see below), Package: `d2:76:00:01:24:01`
+- Storage requirements:
+  - Persistent: `24776` bytes (`28148` with one RSA 2048 key)
+  - Transient reset: `2118` bytes
+  - Transient deselect: `16` bytes
 
 ## Compiling the Applet Yourself
 

docs/applets/2-totp-hotp.md

@@ -10,6 +10,10 @@ These codes are preferred over e.g. SMS codes, because the process requires no c
 - Binary name: `vivokey-otp.cap`
 - Download: https://github.com/StarGate01/flexsecure-applets/releases
 - AID: `A0:00:00:05:27:21:01:01`, Package: `A0:00:00:05:27:21:01`
+- Storage requirements:
+  - Persistent: `5128` bytes (`6020` with three TOTP accounts)
+  - Transient reset: `2296` bytes (`2392`)
+  - Transient deselect: `64` bytes
 
 ## Compiling the Applet Yourself
 

docs/applets/3-hmac-sha1.md

@@ -10,6 +10,10 @@ This applet is compatible to the Yubikey-style protocol, supported by e.g. KeePa
 - Binary name: `YkHMACApplet.cap`
 - Download: https://github.com/StarGate01/flexsecure-applets/releases
 - AID: `A0:00:00:05:27:20:01`, Package: `A0:00:00:05:27:20`
+- Storage requirements:
+  - Persistent: `3204` bytes
+  - Transient reset: `240` bytes
+  - Transient deselect: `128` bytes
 
 ## Compiling the Applet Yourself
 

docs/applets/4-ndef.md

@@ -8,6 +8,10 @@ NDEF (NFC Data Exchange Format) is a data format used to store structured data.
 - Binary name: `openjavacard-ndef-full.cap` and `openjavacard-ndef-tiny.cap`
 - Download: https://github.com/StarGate01/flexsecure-applets/releases
 - AID: `D2:76:00:00:85:01:01`, Package: `D2:76:00:00:85`
+- Storage requirements:
+  - Persistent: `4372` bytes
+  - Transient reset: `16` bytes
+  - Transient deselect: `0` bytes
 
 ## Compiling the Applet Yourself
 

docs/applets/5-fido.md

@@ -18,6 +18,10 @@ The FIDO2 applet is still in development, and not completely finished. For examp
 - Binary name: `U2FApplet.cap`
 - Download: https://github.com/StarGate01/flexsecure-applets/releases
 - AID: `A0:00:00:06:47:2F:00:01`, Package: `a0:00:00:06:17:00:4f:97:a2:e9:50:01`
+- Storage requirements:
+  - Persistent: `8020` bytes
+  - Transient reset: `865` bytes
+  - Transient deselect: `0` bytes
 
 ### FIDO2 CTAP2 (in development)
 

scripts/clean/javacard-memory.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cd /app/src/applets/javacard-memory
+rm -rf target