1 2 Previous Next 25 Replies Latest reply: Mar 9, 2012 11:47 PM by 921673 RSS

    Extended APDU through T0

    921673
      I tried to send following extended APDU command to my applet:
      CLA: 00 INS: 20 P1: 00 P2: 00 LC: 00 03 10 LE: 00 03 
      Data: 30 82 03 0C 30 82 01 F4 A0 03 02 01 02 02 03 01 00 20 30 0D 06 09 2A 86 48 86 F7 0D
      01 01 05 05 00 30 3E 31 0B 30 09 06 03 55 04 06 13 02 50 4C 31 1B 30 19 06 03 55 04 0A 13
      12 55 6E 69 7A 65 74 6F 20 53 70 2E 20 7A 20 6F 2E 6F 2E 31 12 30 10 06 03 55 04 03 13 09
      43 65 72 74 75 6D 20 43 41 30 1E 17 0D 30 32 30 36 31 31 31 30 34 36 33 39 5A 17 0D 32 37
      30 36 31 31 31 30 34 36 33 39 5A 30 3E 31 0B 30 09 06 03 55 04 06 13 02 50 4C 31 1B 30 19
      06 03 55 04 0A 13 12 55 6E 69 7A 65 74 6F 20 53 70 2E 20 7A 20 6F 2E 6F 2E 31 12 30 10 06
      03 55 04 03 13 09 43 65 72 74 75 6D 20 43 41 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01
      01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 CE B1 C1 2E D3 4F 7C CD 25 CE 18 3E
      4F C4 8C 6F 80 6A 73 C8 5B 51 F8 9B D2 DC BB 00 5C B1 A0 FC 75 03 EE 81 F0 88 EE 23 52 E9
      E6 15 33 8D AC 2D 09 C5 76 F9 2B 39 80 89 E4 97 4B 90 A5 A8 78 F8 73 43 7B A4 61 B0 D8 58
      CC E1 6C 66 7E 9C F3 09 5E 55 63 84 D5 A8 EF F3 B1 2E 30 68 B3 C4 3C D8 AC 6E 8D 99 5A 90
      4E 34 DC 36 9A 8F 81 88 50 B7 6D 96 42 09 F3 D7 95 83 0D 41 4B B0 6A 6B F8 FC 0F 7E 62 9F
      67 C4 ED 26 5F 10 26 0F 08 4F F0 A4 57 28 CE 8F B8 ED 45 F6 6E EE 25 5D AA 6E 39 BE E4 93
      2F D9 47 A0 72 EB FA A6 5B AF CA 53 3F E2 0E C6 96 56 11 6E F7 E9 66 A9 26 D8 7F 95 53 ED
      0A 85 88 BA 4F 29 A5 42 8C 5E B6 FC 85 20 00 AA 68 0B A1 1A 85 01 9C C4 46 63 82 88 B6 22
      B1 EE FE AA 46 59 7E CF 35 2C D5 B6 DA 5D F7 48 33 14 54 B6 EB D9 6F CE CD 88 D6 AB 1B DA
      96 3B 1D 59 02 03 01 00 01 A3 13 30 11 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF
      30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 B8 8D CE EF E7 14 BA CF EE B0
      44 92 6C B4 39 3E A2 84 6E AD B8 21 77 D2 D4 77 82 87 E6 20 41 81 EE E2 F8 11 B7 63 D1 17
      37 BE 19 76 24 1C 04 1A 4C EB 3D AA 67 6F 2D D4 CD FE 65 31 70 C5 1B A6 02 0A BA 60 7B 6D
      58 C2 9A 49 FE 63 32 0B 6B E3 3A C0 AC AB 3B B0 E8 D3 09 51 8C 10 83 C6 34 E0 C5 2B E0 1A
      B6 60 14 27 6C 32 77 8C BC B2 72 98 CF CD CC 3F B9 C8 24 42 14 D6 57 FC E6 26 43 A9 1D E5
      80 90 CE 03 54 28 3E F7 3F D3 F8 4D ED 6A 0A 3A 93 13 9B 3B 14 23 13 63 9C 3F D1 87 27 79
      E5 4C 51 E3 01 AD 85 5D 1A 3B B1 D5 73 10 A4 D3 F2 BC 6E 64 F5 5A 56 90 A8 C7 0E 4C 74 0F
      2E 71 3B F7 C8 47 F4 69 6F 15 F2 11 5E 83 1E 9C 7C 52 AE FD 02 DA 12 A8 59 67 18 DB BC 70
      DD 9B B1 69 ED 80 CE 89 40 48 6A 0E 35 CA 29 66 15 21 94 2C E8 60 2A 9B 85 4A 40 F3 6B 8A
      24 EC 06 16 2C 73
      which is:
      00 20 00 00 00 03 10 30 82 03 0C 30 82 01 F4 A0 03 02 01 02 02 03 01 00 20 30 0D 06 09 2A
      86 48 86 F7 0D 01 01 05 05 00 30 3E 31 0B 30 09 06 03 55 04 06 13 02 50 4C 31 1B 30 19 06
      03 55 04 0A 13 12 55 6E 69 7A 65 74 6F 20 53 70 2E 20 7A 20 6F 2E 6F 2E 31 12 30 10 06 03
      55 04 03 13 09 43 65 72 74 75 6D 20 43 41 30 1E 17 0D 30 32 30 36 31 31 31 30 34 36 33 39
      5A 17 0D 32 37 30 36 31 31 31 30 34 36 33 39 5A 30 3E 31 0B 30 09 06 03 55 04 06 13 02 50
      4C 31 1B 30 19 06 03 55 04 0A 13 12 55 6E 69 7A 65 74 6F 20 53 70 2E 20 7A 20 6F 2E 6F 2E
      31 12 30 10 06 03 55 04 03 13 09 43 65 72 74 75 6D 20 43 41 30 82 01 22 30 0D 06 09 2A 86
      48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 CE B1 C1 2E D3 4F 7C
      CD 25 CE 18 3E 4F C4 8C 6F 80 6A 73 C8 5B 51 F8 9B D2 DC BB 00 5C B1 A0 FC 75 03 EE 81 F0
      88 EE 23 52 E9 E6 15 33 8D AC 2D 09 C5 76 F9 2B 39 80 89 E4 97 4B 90 A5 A8 78 F8 73 43 7B
      A4 61 B0 D8 58 CC E1 6C 66 7E 9C F3 09 5E 55 63 84 D5 A8 EF F3 B1 2E 30 68 B3 C4 3C D8 AC
      6E 8D 99 5A 90 4E 34 DC 36 9A 8F 81 88 50 B7 6D 96 42 09 F3 D7 95 83 0D 41 4B B0 6A 6B F8
      FC 0F 7E 62 9F 67 C4 ED 26 5F 10 26 0F 08 4F F0 A4 57 28 CE 8F B8 ED 45 F6 6E EE 25 5D AA
      6E 39 BE E4 93 2F D9 47 A0 72 EB FA A6 5B AF CA 53 3F E2 0E C6 96 56 11 6E F7 E9 66 A9 26
      D8 7F 95 53 ED 0A 85 88 BA 4F 29 A5 42 8C 5E B6 FC 85 20 00 AA 68 0B A1 1A 85 01 9C C4 46
      63 82 88 B6 22 B1 EE FE AA 46 59 7E CF 35 2C D5 B6 DA 5D F7 48 33 14 54 B6 EB D9 6F CE CD
      88 D6 AB 1B DA 96 3B 1D 59 02 03 01 00 01 A3 13 30 11 30 0F 06 03 55 1D 13 01 01 FF 04 05
      30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 B8 8D CE EF E7
      14 BA CF EE B0 44 92 6C B4 39 3E A2 84 6E AD B8 21 77 D2 D4 77 82 87 E6 20 41 81 EE E2 F8
      11 B7 63 D1 17 37 BE 19 76 24 1C 04 1A 4C EB 3D AA 67 6F 2D D4 CD FE 65 31 70 C5 1B A6 02
      0A BA 60 7B 6D 58 C2 9A 49 FE 63 32 0B 6B E3 3A C0 AC AB 3B B0 E8 D3 09 51 8C 10 83 C6 34
      E0 C5 2B E0 1A B6 60 14 27 6C 32 77 8C BC B2 72 98 CF CD CC 3F B9 C8 24 42 14 D6 57 FC E6
      26 43 A9 1D E5 80 90 CE 03 54 28 3E F7 3F D3 F8 4D ED 6A 0A 3A 93 13 9B 3B 14 23 13 63 9C
      3F D1 87 27 79 E5 4C 51 E3 01 AD 85 5D 1A 3B B1 D5 73 10 A4 D3 F2 BC 6E 64 F5 5A 56 90 A8
      C7 0E 4C 74 0F 2E 71 3B F7 C8 47 F4 69 6F 15 F2 11 5E 83 1E 9C 7C 52 AE FD 02 DA 12 A8 59
      67 18 DB BC 70 DD 9B B1 69 ED 80 CE 89 40 48 6A 0E 35 CA 29 66 15 21 94 2C E8 60 2A 9B 85
      4A 40 F3 6B 8A 24 EC 06 16 2C 73 00 03
      through T0. I used following GPShell script to send the command:
      mode_211
      enable_trace
      enable_timer
      
      establish_context
      card_connect
      select -AID 6768696A6B01
      
      // Get card status
      send_apdu -sc 0 -APDU 0010000003
      
      // Initialize card
      send_apdu -sc 0 -APDU 002000000003103082030c308201f4a0030201020203010020300d06092a864886f
      70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e20
      7a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170
      d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65
      746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a86488
      6f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f8
      9bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba
      461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b7
      6d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255da
      a6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c
      5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fc
      ecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886
      f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181e
      ee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe6332
      0b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d
      657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad
      855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd0
      2da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c
      730003
      GPShell failed to send the command as follows:
      send_apdu -sc 0 -APDU 002000000003103082030c308201f4a0030201020203010020300d0609
      2a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e69
      7a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d30
      32303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302
      504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403
      130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a02
      82010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81
      f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c66
      7e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209
      f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255d
      aa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba
      4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5d
      f748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0Command --> 00200
      0000003103082030C308201F4A0030201020203010020300D06092A864886F70D0101050500303E3
      10B300906035504061302504C311B3019060355040A1312556E697A65746F2053702E207A206F2E6
      F2E311230100603550403130943657274756D204341301E170D3032303631313130343633395A170
      D3237303631313130343633395A303E310B300906035504061302504C311B3019060355040A13125
      56E697A65746F2053702E207A206F2E6F2E311230100603550403130943657274756D20434130820
      122300D06092A864886F70D01010105000382010F003082010A0282010100CEB1C12ED34F7CCD25C
      E183E4FC48C6F806A73C85B51F89BD2DCBB00
      Wrapped command --> 002000000003103082030C308201F4A0030201020203010020300D06092A
      864886F70D0101050500303E310B300906035504061302504C311B3019060355040A1312556E697A
      65746F2053702E207A206F2E6F2E311230100603550403130943657274756D204341301E170D3032
      303631313130343633395A170D3237303631313130343633395A303E310B30090603550406130250
      4C311B3019060355040A1312556E697A65746F2053702E207A206F2E6F2E31123010060355040313
      0943657274756D20434130820122300D06092A864886F70D01010105000382010F003082010A0282
      010100CEB1C12ED34F7CCD25CE183E4FC48C6F806A73C85B51F89BD2DCBB00
      send_APDU() returns 0x00000057 (The parameter is incorrect.
      )
      Then used another tool to send the command and this time get
      6D 00
      from card.

      This is a simplified version of the applet:
      public class RCSApplet extends Applet implements ExtendedLength {
      
          // Card status
          private final static byte ST_UNINITIALIZED     = (byte) 0x01;
          private final static byte ST_INITIALIZED       = (byte) 0x02;
      
          // Instructions
          private final static byte INS_INIT_UPDATE      = (byte) 0x50;
          private final static byte INS_EXT_AUTH         = (byte) 0x82;
      
          private final static byte INS_INITIALIZE       = (byte) 0x20;
      
          // Card is not initialized
          private final static short SW_CARD_ALREADY_INITIALIZED   = (short) 0x9102;
      
          private Data content;
          private short cardStatus;
      
           public static void install(byte[] bArray, short bOffset, byte bLength) {
                new RECSApplet( bArray, bOffset, bLength);
           }
      
          public RECSApplet(byte[] bArray, short bOffset, byte bLength) {
              cardStatus = ST_UNINITIALIZED;
              content = new Data();
              
              byte aidLen = bArray[bOffset];
              if (aidLen== (byte)0){
                  register();
              } else {
                  register(bArray, (short)(bOffset+1), aidLen);
              }
          }
      
          public void process(APDU apdu) {
                if (selectingApplet()) {
                     return;
                }
              byte[] buffer = apdu.getBuffer();
      
              byte cla = buffer[ISO7816.OFFSET_CLA];
              byte ins = buffer[ISO7816.OFFSET_INS];
              SecureChannel sc = GPSystem.getSecureChannel();
              if ((byte) (cla & 0x80) == (byte) 0x80) {
                  switch (ins) {
                      case INS_INIT_UPDATE:
                      case INS_EXT_AUTH:
                          apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, sc.processSecurity(apdu));
                          return;
                  default:
                      ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
                  }
              } else
                  switch (ins) {
                      case INS_INITIALIZE:
                          processInitialize(apdu);
                          break;
                      default:
                          ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
                  }
           }
      
          private void processInitialize(APDU apdu) {
              if(cardStatus == ST_INITIALIZED)
                  ISOException.throwIt(SW_CARD_ALREADY_INITIALIZED);
              byte[] buffer = apdu.getBuffer();
              short lc = apdu.getIncomingLength();
              short rcvLen = apdu.setIncomingAndReceive();
      
              byte[] data = new byte[lc];
              short destOffset = 0;
              while (rcvLen > 0) {
                  short dataOffset = apdu.getOffsetCdata();
                  Util.arrayCopy(buffer, dataOffset, data, destOffset, rcvLen);
                  destOffset += rcvLen;
                  rcvLen = apdu.receiveBytes(dataOffset);
              }
              content.setData(data);
              cardStatus = ST_INITIALIZED;
          }
      
      }
      It works well with ordinary APDU. Any idea?

      Regards
      Mehdi
        • 1. Re: Extended APDU through T0
          Umer
          Hi,

          With the protocol T=0, you will be able to send up to *255 bytes* of data only.
          So try to modify your apdu and send it again.

          As you already mentioned:
          It works well with ordinary APDU.
          Exented APDUS are supported with T=1
          • 2. Re: Extended APDU through T0
            Umer
            And if you need to send data which is more than 255 bytes, then you will need to send it by command chaining.
            • 3. Re: Extended APDU through T0
              921673
              Hi Umer,

              I think you are wrong about extended APDU wiht T0. ISO 7816-4 says that extended APDU can be used by T=0. Take a look at http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-a.aspx.

              Regards
              Mehdi
              • 4. Re: Extended APDU through T0
                Umer
                Hi,

                Please read ISO7816-3. And for a quick link read here: http://askra.de/software/jcdocs/app-notes-2.2.2/extapdu.html.
                You can't use extended length APDUs with T=0.
                • 5. Re: Extended APDU through T0
                  921673
                  Hi Umer,

                  "+Application Programming Notes, Java Card Platform, Version 2.2.2/Chapter 5+" (the link you've given) also says that it is feasible to send extended APDU by T=0. Just some minor differences exist for example when T=0 Java Card RE can not distinguish between 2E and 2S.

                  Regards
                  Mehdi
                  • 6. Re: Extended APDU through T0
                    Umer
                    Please read out the 2nd paragraph:
                    "Extended APDU can be beneficial when dealing with large amounts of information. For example, applications such as signature verification, biometrics >verification and image storage and retrieval could greatly benefit from this feature. Extended APDU implementations can easily be implemented if the >underlying transport protocol is T=1, while applets developed for T=0 cards would need special logic and care to work correctly. "
                    • 7. Re: Extended APDU through T0
                      921673
                      Hi,

                      I see you've misinterpreted it. It says that T=1 is straightforward but T=0 although works but needs some special care to work correctly.

                      Regards
                      Mehdi
                      • 8. Re: Extended APDU through T0
                        Umer
                        Yes :-)

                        The special care is APDU command chaining. If you want to send more than 255 bytes of data then you must implement command chaining.
                        • 9. Re: Extended APDU through T0
                          921673
                          If it can not be sent over T=0, what does this mean then:
                          Specifically, a case 2E APDU sent over T=0 transport will not show its extended LE value in the APDU buffer.
                          where 2E is an extended case.
                          • 10. Re: Extended APDU through T0
                            921673
                            Also this:
                            The APDU buffer in Java Card technology applications will reflect the structure of the extended APDU as defined in ISO. In T=1, this representation is straightforward and precise; whereas in T=0, there need to be some adaptations for some cases.
                            • 11. Re: Extended APDU through T0
                              Umer
                              I don't know why you are so confuse.
                              Let me try to clear. With T=1 you can send large data of some 65535 bytes of in a single APDU. But if want to send that amount of data with T=0 then you will need more than 1 APDUs. I was not saying that you can't send large data with T=0 but in a single APDU you will able to send only up to 255 bytes of data and so on.
                              • 12. Re: Extended APDU through T0
                                921673
                                I got the point. I think I should use ENVELOPE command.

                                Edited by: Mehdi on Mar 6, 2012 6:33 AM
                                • 13. Re: Extended APDU through T0
                                  Umer
                                  user5152978 wrote:
                                  I got the point.
                                  No, you din't
                                  I think I should use ENVELOPE command.
                                  Why u think so ?
                                  • 14. Re: Extended APDU through T0
                                    921673
                                    OK. Data that I tried to send in this case is 784 bytes in length so it should be split into 4 APDU commands. Should I handle everything by myself? Should the applet be aware of this and handle T0 and T1 in different way?
                                    1 2 Previous Next