Hacky workaround for #383

Author: martinpaljak

tool/src/main/java/module-info.java

@@ -1,6 +1,7 @@
 // https://stackoverflow.com/a/67895919/44289
 @SuppressWarnings({"requires-automatic"})
 module gptool {
+    uses pro.javacard.gp.CardKeysProvider;
     requires transitive pro.javacard.globalplatform;
     requires pro.javacard.pace;
     requires java.smartcardio;
@@ -14,4 +15,4 @@
     requires org.bouncycastle.provider;
     requires org.bouncycastle.pkix;
     requires org.slf4j;
-}
+}

tool/src/main/java/pro/javacard/gptool/GPTool.java

@@ -811,20 +811,30 @@ public int run(BIBO bibo, String[] argv) {
                     // By default we try to change an existing key
                     boolean replace = true;
 
+                    String kdf = PlaintextKeys.kdf_templates.getOrDefault(args.valueOf(OPT_LOCK_KDF), args.valueOf(OPT_LOCK_KDF));
+
+
+                    // XXX: remove the combined "keys or master" interfaces from PlaintextKeys
+                    final Optional<GPCardKeys> lockKey;
                     // Get new key values
-                    Optional<GPCardKeys> lockKey = keyFromPlugin(args.valueOf(OPT_LOCK));
+                    if (args.has(OPT_LOCK)) {
+                        lockKey = keyFromPlugin(args.valueOf(OPT_LOCK));
+                    } else if (args.has(OPT_LOCK_ENC) && args.has(OPT_LOCK_MAC) && args.has(OPT_LOCK_DEK)) {
+                        lockKey = Optional.of(PlaintextKeys.fromKeys(args.valueOf(OPT_LOCK_ENC).value(), args.valueOf(OPT_LOCK_MAC).value(), args.valueOf(OPT_LOCK_DEK).value()));
+                    } else {
+                        throw new IllegalArgumentException("Use either --lock or --lock-enc/mac/dek");
+                    }
 
-                    String kdf = PlaintextKeys.kdf_templates.getOrDefault(args.valueOf(OPT_LOCK_KDF), args.valueOf(OPT_LOCK_KDF));
                     // From provider
-                    newKeys = lockKey.
-                            orElseGet(() -> PlaintextKeys.fromBytes(args.valueOf(OPT_LOCK_ENC).value(), args.valueOf(OPT_LOCK_MAC).value(), args.valueOf(OPT_LOCK_DEK).value(), HexBytes.v(args.valueOf(OPT_LOCK)).v(), kdf, null, args.valueOf(OPT_NEW_KEY_VERSION)).
-                                    orElseThrow(() -> new IllegalArgumentException("Can not lock without keys :)")));
-
+                    newKeys = lockKey.orElseThrow(() -> new IllegalArgumentException("Can not lock without keys :)"));
                     if (newKeys instanceof PlaintextKeys) {
                         // Adjust the mode and version with plaintext keys
                         PlaintextKeys pk = (PlaintextKeys) newKeys;
                         List<GPKeyInfo> current = gp.getKeyInfoTemplate();
-                        // By default use key version 1
+                        if (kdf != null) {
+                            pk.setDiversifier(kdf);
+                        }
+                        // By default, use key version 1
                         final int keyver;
                         if (args.has(OPT_NEW_KEY_VERSION)) {
                             keyver = args.valueOf(OPT_NEW_KEY_VERSION);
@@ -833,7 +843,7 @@ public int run(BIBO bibo, String[] argv) {
                                 replace = false;
                             }
                         } else {
-                            if (current.size() == 0 || gp.getScpKeyVersion() == 255) {
+                            if (current.isEmpty() || gp.getScpKeyVersion() == 255) {
                                 keyver = 1;
                                 replace = false;
                             } else {