globalplatform-users — Mailinglist for GlobalPlatform Users

Re: [Globalplatform-users] Relation between this project and www.globalplatform.org

[Karsten O. <wid...@t-...>]

Slobodan Milnovic wrote:
> Hi,
> 
> I was wondering, what is the relation (if any) between this project and
> the globalplatform organization, because I was unable to find any
> information about this project on www.globalplatform.org, and also the
> homepage of this project is just an empty directory?

This project is free software and has nothing to do with the
GlobalPlatform organization aprt from that it implements the GP
standard. (At least up to GP 2.1.1)

Yes, the homepage is empty. With some time (missing), this could be
done. You can find necessary information at the sorceforge page under
Docs and within the API documentation. Or aks.

Karsten
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users

[Globalplatform-users] Relation between this project and www.globalplatform.org

[Slobodan M. <Slo...@pb...>]

Hi,

I was wondering, what is the relation (if any) between this project and
the globalplatform organization, because I was unable to find any
information about this project on www.globalplatform.org, and also the
homepage of this project is just an empty directory?

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Snit M. <sn...@gm...>]

I have to assume that your card doesn't have the usual test key
(4041..4f).  Where did you get the card from?  Can you ask them what
the key is?

Also, you may want to try Oberthur AppLoader.

Thanks,

On 3/27/06, Iain MacDonnell <mu...@ds...> wrote:
>
>
> Snit Mo wrote on 03/27/06 05:45 PM:
> > Hello, Iain,
>
> Hi :)
>
>
> > Use listgp211.txt.  It works fine for me with Oberthur Cosmo 5.2.  The
> > default key is 404142...4f. See the result at the end of this file.
>
> Doesn't work for me - I wonder why...
>
> mode_211
> enable_trace
> establish_context
> card_connect
> select -AID a000000003000000
> --> 00A4040008A000000003000000
> <--
> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020=
20001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091=
005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501F=
F9000
> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
> 404142434445464748494a4b4c4d4e4f -enc_key
> 404142434445464748494a4b4c4d4e4f // Open secure channel
> --> 00CA006600
> <--
> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6=
B03640B06092A864886FC6B0401059000
> --> 8050000008C13CAC00B446633A00
> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
> mutual_authentication() returns 0x80302000 (The verification of the card
> cryptogram failed.)
>
>     ~Iain
>
>
>
>
> > For changing keys, use attached files.  replacekey-cosmo-gp211 changes
> > key from 4041...4f to 5051...5f.  recyclekey-cosmo-gp211.txt puts it
> > back to 4041...4f.  Perhaps I should include these in later releases
> > ...
> >
> > $ ./Release/GPShell.exe listgp211.txt
> > mode_211
> > enable_trace
> > establish_context
> > card_connect
> > select -AID a000000003000000
> > --> 00A4040008A000000003000000
> > <-- 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886F=
C6B020201
> > 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A205050004041409=
1005F5291
> > 0000000300001912529119135291000000000000000000000000000000009F6501FF900=
0
> > open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a=
4b4c4d4e4
> > f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
> > --> 00CA006600
> > <-- 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864=
886FC6B03
> > 640B06092A864886FC6B0401059000
> > --> 8050000008B7070A7E2C84570000
> > <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
> > --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
> > <-- 9000
> > get_status -element 20
> > --> 80F22000024F0000
> > <-- 07A0000000035350010009A00000006203010C01010006A0000000010101009000
> >
> > List of applets (AID state privileges)
> > a0000000035350  1       0
> > a00000006203010c01      1       0
> > a00000000101    1       0
> > card_disconnect
> > release_context
> >
> > On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
> >> Iain MacDonnell wrote:
> >>>
> >>> Karsten Ohme wrote on 03/26/06 01:00 PM:
> >>>
> >>>> Karsten Ohme wrote:
> >>>>
> >>>>> Karsten Ohme wrote:
> >>>>>
> >>>>>> Karsten Ohme wrote:
> >>>>>>
> >>>>>>
> >>>>>>> Iain MacDonnell wrote:
> >>>>>>
> >>>>>>>>> BTW, I've run into what appears to be a bigger problem - have y=
ou
> >>>>>>>>> ever
> >>>>>>>>> tried this stuff on a big-endian machine?
> >>>>
> >>>> I have run some big endian tests on a Solaris system running on a Sp=
arc.
> >>>>
> >>>> For some reason the following happens:
> >>>>
> >>>> char *test =3D "EE";
> >>>> sscanf (test, "%02x", &temp);
> >>>>
> >>>> if temp is a char the conversion is always 00, if temp is an int, it
> >>>> works.
> >>>>
> >>>> Please try out the GPShell version in CVS. I have fixed probably all
> >>>> conversions, but I have no possibility to test it.
> >>>
> >>> Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
> >>> exercised all functions, but it's able to 'select' and 'open_sc' OK.
> >>> I'll let you know, of course, if I run into any further problems.
> >>>
> >>> Side question: do you happen to have the developer keys for Oberthur
> >>> Cosmo v5.2 handy and/or is there something else I need to change
> >>> in the example GPShell scripts to establish a secure channel?
> >> For for for a Oberthur card it works with the default 0x40 ... 0x4F ke=
y.
> >>
> >> I executed the list.txt file:
> >>
> >> mode_201
> >> enable_trace
> >> establish_context
> >> card_connect
> >> select -AID a0000000030000
> >> --> 00A4040007A0000000030000
> >> <--
> >> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B=
020201
> >> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A20505000404140=
91005F5237
> >> 0000004600001912523719135237000000000000000000000000000000009F6501FF90=
00
> >> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
> >> 404142434445464748494a4b4c4d4e4
> >> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
> >> --> 805000000803AF9CAB5BC9A73A00
> >> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
> >> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
> >> <-- 9000
> >> get_status -element e0
> >> --> 80F2E000024F0000
> >> <-- 6A86
> >> OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1,=
 P2).)
> >>
> >> Obviously the card has problem to list the applications. Don't know wa=
y.
> >>
> >> By the way. I have problems with my Oberthur Cosmo card, that it can n=
ot
> >> treat the GET RESPONSE command. Is this a usual feature? I cannot use
> >> the card.
> >>
> >>> I'm
> >>> getting mutual_authentication() returns 0x80302000. I read about the
> >>> need to specify a sdAID, but that seems to apply only to
> >>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example
> >>> doesn't seem to exist...?
> >> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
> >> CFlex card works with the mentioned change.
> >>
> >> Karsten
> >>
> >>> Thanks!
> >>>
> >>>     ~Iain
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
> >>>>>>>>> mode_201
> >>>>>>>>> enable_trace
> >>>>>>>>> establish_context
> >>>>>>>>> card_connect
> >>>>>>>>> select -AID a0000000030000
> >>>>>>>>> --> 00A404000700000000000000
> >>>>>>>>
> >>>>>>>> Note that the AID is not showing in this APDU... compared to
> >>>>>>>> below....
> >>>>>>>
> >>>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
> >>>>>>> routines, if something like this is used, I'm not sure.
> >>>>>
> >>>>> This could be the guilty routine (?):
> >>>>>
> >>>>> It scans two bytes interpreted as a hex byte:
> >>>>>
> >>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
> >>>>>     i++;
> >>>>> }
> >>>>>
> >>>>> I will see.
> >>>>>
> >>>>> Karsten
> >>>>>
> >>>>>
> >>>>>>> Thanks, Karsten
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>> <-- 6A82
> >>>>>>>>> select_application() returns 0x80216A82 (6A82: The application =
to be
> >>>>>>>>> selected could not be found.)
> >>>>>>>>> # uname -a
> >>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-1=
00
> >>>>>>>>> #
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Maybe the endianess is a red herring too ... but I've
> >>>>>>>>> successfully used
> >>>>>>>>> this stuff on Solaris x86...
> >>>>>>
> >>>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
> >>>>>> effect endianess. I will look into GPShell.
> >>>>>>
> >>>>>> Karsten
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> Same card, same reader, same sources, but on Solaris x86:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
> >>>>>>>> mode_201
> >>>>>>>> enable_trace
> >>>>>>>> establish_context
> >>>>>>>> card_connect
> >>>>>>>> select -AID a0000000030000
> >>>>>>>> --> 00A4040007A0000000030000
> >>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
> >>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
> >>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
> >>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
> >>>>>>>> --> 80500000088409FFE1A2E28B4600
> >>>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
> >>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
> >>>>>>>> <-- 9000
> >>>>>>>> get_status -element e0
> >>>>>>>> --> 80F2E000024F0000
> >>>>>>>> <--
> >>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0=
000000620102010007A0000000620201010007A0000000030000010005A000000001010006A=
0000000010107009000
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> List of applets (AID state privileges)
> >>>>>>>> a0000000030000  7       0
> >>>>>>>> a0000000620001  1       0
> >>>>>>>> a0000000620101  1       0
> >>>>>>>> a0000000620102  1       0
> >>>>>>>> a0000000620201  1       0
> >>>>>>>> a0000000030000  1       0
> >>>>>>>> a000000001      1       0
> >>>>>>>> a00000000101    7       0
> >>>>>>>> card_disconnect
> >>>>>>>> release_context
> >>>>>>>> #
> >>>>>>>>
> >>>>>>>>  ~Iain
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> -------------------------------------------------------
> >>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripti=
ng
> >>>>>>>> language
> >>>>>>>> that extends applications into web and mobile media. Attend the =
live
> >>>>>>>> webcast
> >>>>>>>> and join the prime developer group breaking into this new coding
> >>>>>>>> territory!
> >>>>>>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241=
720&dat=3D121642
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> Globalplatform-users mailing list
> >>>>>>>> Glo...@li...
> >>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-user=
s
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> -------------------------------------------------------
> >>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scriptin=
g
> >>>>>>> language
> >>>>>>> that extends applications into web and mobile media. Attend the
> >>>>>>> live webcast
> >>>>>>> and join the prime developer group breaking into this new coding
> >>>>>>> territory!
> >>>>>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D2417=
20&dat=3D121642
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> Globalplatform-users mailing list
> >>>>>>> Glo...@li...
> >>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> -------------------------------------------------------
> >>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> >>>>>> language
> >>>>>> that extends applications into web and mobile media. Attend the li=
ve
> >>>>>> webcast
> >>>>>> and join the prime developer group breaking into this new coding
> >>>>>> territory!
> >>>>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D24172=
0&dat=3D121642
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Globalplatform-developers mailing list
> >>>>>> Glo...@li...
> >>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-develo=
pers
> >>>>>
> >>>>>
> >>>>>
> >>>>> -------------------------------------------------------
> >>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> >>>>> language
> >>>>> that extends applications into web and mobile media. Attend the liv=
e
> >>>>> webcast
> >>>>> and join the prime developer group breaking into this new coding
> >>>>> territory!
> >>>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720=
&dat=3D121642
> >>>>> _______________________________________________
> >>>>> Globalplatform-developers mailing list
> >>>>> Glo...@li...
> >>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-develop=
ers
> >>>>
> >>
> >>
> >> ----------------------------------------------------------------------=
--
> >>
> >> mode_211
> >> enable_trace
> >> establish_context
> >> card_connect
> >> select -AID a0000000030000
> >> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 404=
142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -ke=
k_key 404142434445464748494a4b4c4d4e4f // Open secure channel
> >> put_sc_key -keyver 1 -newkeyver 1 -mac_key 505152535455565758595a5b5c5=
d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758=
595a5b5c5d5e5f // Put secure channel keys
> >> #put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c=
4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 40414243444546474=
8494a4b4c4d4e4f // Put secure channel keys
> >> card_disconnect
> >> release_context
> >>
> >> ----------------------------------------------------------------------=
--
> >>
> >> mode_211
> >> enable_trace
> >> establish_context
> >> card_connect
> >> select -AID a0000000030000
> >> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 505=
152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -ke=
k_key 505152535455565758595a5b5c5d5e5f // Open secure channel
> >> put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4=
d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748=
494a4b4c4d4e4f // Put secure channel keys
> >> card_disconnect
> >> release_context
>

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Snit Mo wrote on 03/27/06 05:45 PM:
> Hello, Iain,

Hi :)


> Use listgp211.txt.  It works fine for me with Oberthur Cosmo 5.2.  The
> default key is 404142...4f. See the result at the end of this file.

Doesn't work for me - I wonder why...

mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
--> 00A4040008A000000003000000
<-- 
6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 
404142434445464748494a4b4c4d4e4f -enc_key 
404142434445464748494a4b4c4d4e4f // Open secure channel
--> 00CA006600
<-- 
6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000
--> 8050000008C13CAC00B446633A00
<-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
mutual_authentication() returns 0x80302000 (The verification of the card 
cryptogram failed.)

     ~Iain




> For changing keys, use attached files.  replacekey-cosmo-gp211 changes
> key from 4041...4f to 5051...5f.  recyclekey-cosmo-gp211.txt puts it
> back to 4041...4f.  Perhaps I should include these in later releases
> ...
> 
> $ ./Release/GPShell.exe listgp211.txt
> mode_211
> enable_trace
> establish_context
> card_connect
> select -AID a000000003000000
> --> 00A4040008A000000003000000
> <-- 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291
> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000
> open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
> --> 00CA006600
> <-- 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03
> 640B06092A864886FC6B0401059000
> --> 8050000008B7070A7E2C84570000
> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
> <-- 9000
> get_status -element 20
> --> 80F22000024F0000
> <-- 07A0000000035350010009A00000006203010C01010006A0000000010101009000
> 
> List of applets (AID state privileges)
> a0000000035350  1       0
> a00000006203010c01      1       0
> a00000000101    1       0
> card_disconnect
> release_context
> 
> On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
>> Iain MacDonnell wrote:
>>>
>>> Karsten Ohme wrote on 03/26/06 01:00 PM:
>>>
>>>> Karsten Ohme wrote:
>>>>
>>>>> Karsten Ohme wrote:
>>>>>
>>>>>> Karsten Ohme wrote:
>>>>>>
>>>>>>
>>>>>>> Iain MacDonnell wrote:
>>>>>>
>>>>>>>>> BTW, I've run into what appears to be a bigger problem - have you
>>>>>>>>> ever
>>>>>>>>> tried this stuff on a big-endian machine?
>>>>
>>>> I have run some big endian tests on a Solaris system running on a Sparc.
>>>>
>>>> For some reason the following happens:
>>>>
>>>> char *test = "EE";
>>>> sscanf (test, "%02x", &temp);
>>>>
>>>> if temp is a char the conversion is always 00, if temp is an int, it
>>>> works.
>>>>
>>>> Please try out the GPShell version in CVS. I have fixed probably all
>>>> conversions, but I have no possibility to test it.
>>>
>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
>>> exercised all functions, but it's able to 'select' and 'open_sc' OK.
>>> I'll let you know, of course, if I run into any further problems.
>>>
>>> Side question: do you happen to have the developer keys for Oberthur
>>> Cosmo v5.2 handy and/or is there something else I need to change
>>> in the example GPShell scripts to establish a secure channel?
>> For for for a Oberthur card it works with the default 0x40 ... 0x4F key.
>>
>> I executed the list.txt file:
>>
>> mode_201
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a0000000030000
>> --> 00A4040007A0000000030000
>> <--
>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000
>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>> 404142434445464748494a4b4c4d4e4
>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>> --> 805000000803AF9CAB5BC9A73A00
>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
>> <-- 9000
>> get_status -element e0
>> --> 80F2E000024F0000
>> <-- 6A86
>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
>>
>> Obviously the card has problem to list the applications. Don't know way.
>>
>> By the way. I have problems with my Oberthur Cosmo card, that it can not
>> treat the GET RESPONSE command. Is this a usual feature? I cannot use
>> the card.
>>
>>> I'm
>>> getting mutual_authentication() returns 0x80302000. I read about the
>>> need to specify a sdAID, but that seems to apply only to
>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example
>>> doesn't seem to exist...?
>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
>> CFlex card works with the mentioned change.
>>
>> Karsten
>>
>>> Thanks!
>>>
>>>     ~Iain
>>>
>>>
>>>
>>>
>>>
>>>
>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>> mode_201
>>>>>>>>> enable_trace
>>>>>>>>> establish_context
>>>>>>>>> card_connect
>>>>>>>>> select -AID a0000000030000
>>>>>>>>> --> 00A404000700000000000000
>>>>>>>>
>>>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>>>> below....
>>>>>>>
>>>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>>>> routines, if something like this is used, I'm not sure.
>>>>>
>>>>> This could be the guilty routine (?):
>>>>>
>>>>> It scans two bytes interpreted as a hex byte:
>>>>>
>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>>>     i++;
>>>>> }
>>>>>
>>>>> I will see.
>>>>>
>>>>> Karsten
>>>>>
>>>>>
>>>>>>> Thanks, Karsten
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>> <-- 6A82
>>>>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>>>> selected could not be found.)
>>>>>>>>> # uname -a
>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>>>> #
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>>>> successfully used
>>>>>>>>> this stuff on Solaris x86...
>>>>>>
>>>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>>>>> effect endianess. I will look into GPShell.
>>>>>>
>>>>>> Karsten
>>>>>>
>>>>>>
>>>>>>
>>>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>>>
>>>>>>>>
>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>> mode_201
>>>>>>>> enable_trace
>>>>>>>> establish_context
>>>>>>>> card_connect
>>>>>>>> select -AID a0000000030000
>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>>> <-- 9000
>>>>>>>> get_status -element e0
>>>>>>>> --> 80F2E000024F0000
>>>>>>>> <--
>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> List of applets (AID state privileges)
>>>>>>>> a0000000030000  7       0
>>>>>>>> a0000000620001  1       0
>>>>>>>> a0000000620101  1       0
>>>>>>>> a0000000620102  1       0
>>>>>>>> a0000000620201  1       0
>>>>>>>> a0000000030000  1       0
>>>>>>>> a000000001      1       0
>>>>>>>> a00000000101    7       0
>>>>>>>> card_disconnect
>>>>>>>> release_context
>>>>>>>> #
>>>>>>>>
>>>>>>>>  ~Iain
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> -------------------------------------------------------
>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>> language
>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>> webcast
>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>> territory!
>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Globalplatform-users mailing list
>>>>>>>> Glo...@li...
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>> language
>>>>>>> that extends applications into web and mobile media. Attend the
>>>>>>> live webcast
>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>> territory!
>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Globalplatform-users mailing list
>>>>>>> Glo...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>
>>>>>>
>>>>>>
>>>>>> -------------------------------------------------------
>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>> language
>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>> webcast
>>>>>> and join the prime developer group breaking into this new coding
>>>>>> territory!
>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>
>>>>>> _______________________________________________
>>>>>> Globalplatform-developers mailing list
>>>>>> Glo...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>> language
>>>>> that extends applications into web and mobile media. Attend the live
>>>>> webcast
>>>>> and join the prime developer group breaking into this new coding
>>>>> territory!
>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>> _______________________________________________
>>>>> Globalplatform-developers mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> mode_211
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a0000000030000
>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Put secure channel keys
>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>> card_disconnect
>> release_context
>>
>> ------------------------------------------------------------------------
>>
>> mode_211
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a0000000030000
>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Open secure channel
>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>> card_disconnect
>> release_context

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Snit M. <sn...@gm...>]

Hello, Iain,

Use listgp211.txt.  It works fine for me with Oberthur Cosmo 5.2.  The
default key is 404142...4f. See the result at the end of this file.

For changing keys, use attached files.  replacekey-cosmo-gp211 changes
key from 4041...4f to 5051...5f.  recyclekey-cosmo-gp211.txt puts it
back to 4041...4f.  Perhaps I should include these in later releases
...

$ ./Release/GPShell.exe listgp211.txt
mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
--> 00A4040008A000000003000000
<-- 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B0=
20201
01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005=
F5291
0000000300001912529119135291000000000000000000000000000000009F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c=
4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
--> 00CA006600
<-- 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886F=
C6B03
640B06092A864886FC6B0401059000
--> 8050000008B7070A7E2C84570000
<-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
--> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
<-- 9000
get_status -element 20
--> 80F22000024F0000
<-- 07A0000000035350010009A00000006203010C01010006A0000000010101009000

List of applets (AID state privileges)
a0000000035350  1       0
a00000006203010c01      1       0
a00000000101    1       0
card_disconnect
release_context

On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
> Iain MacDonnell wrote:
> >
> >
> > Karsten Ohme wrote on 03/26/06 01:00 PM:
> >
> >> Karsten Ohme wrote:
> >>
> >>> Karsten Ohme wrote:
> >>>
> >>>> Karsten Ohme wrote:
> >>>>
> >>>>
> >>>>> Iain MacDonnell wrote:
> >>>>
> >>>>
> >>>>>>> BTW, I've run into what appears to be a bigger problem - have you
> >>>>>>> ever
> >>>>>>> tried this stuff on a big-endian machine?
> >>
> >>
> >> I have run some big endian tests on a Solaris system running on a Spar=
c.
> >>
> >> For some reason the following happens:
> >>
> >> char *test =3D "EE";
> >> sscanf (test, "%02x", &temp);
> >>
> >> if temp is a char the conversion is always 00, if temp is an int, it
> >> works.
> >>
> >> Please try out the GPShell version in CVS. I have fixed probably all
> >> conversions, but I have no possibility to test it.
> >
> >
> > Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
> > exercised all functions, but it's able to 'select' and 'open_sc' OK.
> > I'll let you know, of course, if I run into any further problems.
> >
> > Side question: do you happen to have the developer keys for Oberthur
> > Cosmo v5.2 handy and/or is there something else I need to change
> > in the example GPShell scripts to establish a secure channel?
>
> For for for a Oberthur card it works with the default 0x40 ... 0x4F key.
>
> I executed the list.txt file:
>
> mode_201
> enable_trace
> establish_context
> card_connect
> select -AID a0000000030000
> --> 00A4040007A0000000030000
> <--
> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020=
201
> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A20505000404140910=
05F5237
> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000
> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
> 404142434445464748494a4b4c4d4e4
> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
> --> 805000000803AF9CAB5BC9A73A00
> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
> <-- 9000
> get_status -element e0
> --> 80F2E000024F0000
> <-- 6A86
> OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2=
).)
>
> Obviously the card has problem to list the applications. Don't know way.
>
> By the way. I have problems with my Oberthur Cosmo card, that it can not
> treat the GET RESPONSE command. Is this a usual feature? I cannot use
> the card.
>
> > I'm
> > getting mutual_authentication() returns 0x80302000. I read about the
> > need to specify a sdAID, but that seems to apply only to
> > 'install_for_load', and the referenced 'putkey-cosmo.txt' example
> > doesn't seem to exist...?
>
> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
> CFlex card works with the mentioned change.
>
> Karsten
>
> >
> > Thanks!
> >
> >     ~Iain
> >
> >
> >
> >
> >
> >
> >>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
> >>>>>>> mode_201
> >>>>>>> enable_trace
> >>>>>>> establish_context
> >>>>>>> card_connect
> >>>>>>> select -AID a0000000030000
> >>>>>>> --> 00A404000700000000000000
> >>>>>>
> >>>>>>
> >>>>>> Note that the AID is not showing in this APDU... compared to
> >>>>>> below....
> >>>>>
> >>>>>
> >>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
> >>>>> routines, if something like this is used, I'm not sure.
> >>>
> >>>
> >>> This could be the guilty routine (?):
> >>>
> >>> It scans two bytes interpreted as a hex byte:
> >>>
> >>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
> >>>     i++;
> >>> }
> >>>
> >>> I will see.
> >>>
> >>> Karsten
> >>>
> >>>
> >>>>> Thanks, Karsten
> >>>>>
> >>>>>
> >>>>>
> >>>>>>> <-- 6A82
> >>>>>>> select_application() returns 0x80216A82 (6A82: The application to=
 be
> >>>>>>> selected could not be found.)
> >>>>>>> # uname -a
> >>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
> >>>>>>> #
> >>>>>>>
> >>>>>>>
> >>>>>>> Maybe the endianess is a red herring too ... but I've
> >>>>>>> successfully used
> >>>>>>> this stuff on Solaris x86...
> >>>>
> >>>>
> >>>> Mmmh, actually I use only byte arrays, no numbers, this should not
> >>>> effect endianess. I will look into GPShell.
> >>>>
> >>>> Karsten
> >>>>
> >>>>
> >>>>
> >>>>>> Same card, same reader, same sources, but on Solaris x86:
> >>>>>>
> >>>>>>
> >>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
> >>>>>> mode_201
> >>>>>> enable_trace
> >>>>>> establish_context
> >>>>>> card_connect
> >>>>>> select -AID a0000000030000
> >>>>>> --> 00A4040007A0000000030000
> >>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
> >>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
> >>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
> >>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
> >>>>>> --> 80500000088409FFE1A2E28B4600
> >>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
> >>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
> >>>>>> <-- 9000
> >>>>>> get_status -element e0
> >>>>>> --> 80F2E000024F0000
> >>>>>> <--
> >>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A000=
0000620102010007A0000000620201010007A0000000030000010005A000000001010006A00=
00000010107009000
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> List of applets (AID state privileges)
> >>>>>> a0000000030000  7       0
> >>>>>> a0000000620001  1       0
> >>>>>> a0000000620101  1       0
> >>>>>> a0000000620102  1       0
> >>>>>> a0000000620201  1       0
> >>>>>> a0000000030000  1       0
> >>>>>> a000000001      1       0
> >>>>>> a00000000101    7       0
> >>>>>> card_disconnect
> >>>>>> release_context
> >>>>>> #
> >>>>>>
> >>>>>>  ~Iain
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> -------------------------------------------------------
> >>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> >>>>>> language
> >>>>>> that extends applications into web and mobile media. Attend the li=
ve
> >>>>>> webcast
> >>>>>> and join the prime developer group breaking into this new coding
> >>>>>> territory!
> >>>>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D24172=
0&dat=3D121642
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Globalplatform-users mailing list
> >>>>>> Glo...@li...
> >>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> -------------------------------------------------------
> >>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> >>>>> language
> >>>>> that extends applications into web and mobile media. Attend the
> >>>>> live webcast
> >>>>> and join the prime developer group breaking into this new coding
> >>>>> territory!
> >>>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720=
&dat=3D121642
> >>>>>
> >>>>> _______________________________________________
> >>>>> Globalplatform-users mailing list
> >>>>> Glo...@li...
> >>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> -------------------------------------------------------
> >>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> >>>> language
> >>>> that extends applications into web and mobile media. Attend the live
> >>>> webcast
> >>>> and join the prime developer group breaking into this new coding
> >>>> territory!
> >>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&=
dat=3D121642
> >>>>
> >>>> _______________________________________________
> >>>> Globalplatform-developers mailing list
> >>>> Glo...@li...
> >>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-develope=
rs
> >>>
> >>>
> >>>
> >>>
> >>> -------------------------------------------------------
> >>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> >>> language
> >>> that extends applications into web and mobile media. Attend the live
> >>> webcast
> >>> and join the prime developer group breaking into this new coding
> >>> territory!
> >>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&d=
at=3D121642
> >>> _______________________________________________
> >>> Globalplatform-developers mailing list
> >>> Glo...@li...
> >>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developer=
s
> >>
> >>
>
>

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Karsten O. <wid...@t-...>]

Iain MacDonnell wrote:
> 
> 
> Karsten Ohme wrote on 03/26/06 01:00 PM:
> 
>> Karsten Ohme wrote:
>>
>>> Karsten Ohme wrote:
>>>
>>>> Karsten Ohme wrote:
>>>>
>>>>
>>>>> Iain MacDonnell wrote:
>>>>
>>>>
>>>>>>> BTW, I've run into what appears to be a bigger problem - have you
>>>>>>> ever
>>>>>>> tried this stuff on a big-endian machine?
>>
>>
>> I have run some big endian tests on a Solaris system running on a Sparc.
>>
>> For some reason the following happens:
>>
>> char *test = "EE";
>> sscanf (test, "%02x", &temp);
>>
>> if temp is a char the conversion is always 00, if temp is an int, it
>> works.
>>
>> Please try out the GPShell version in CVS. I have fixed probably all
>> conversions, but I have no possibility to test it.
> 
> 
> Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
> exercised all functions, but it's able to 'select' and 'open_sc' OK.
> I'll let you know, of course, if I run into any further problems.
> 
> Side question: do you happen to have the developer keys for Oberthur
> Cosmo v5.2 handy and/or is there something else I need to change
> in the example GPShell scripts to establish a secure channel? 

For for for a Oberthur card it works with the default 0x40 ... 0x4F key.

I executed the list.txt file:

mode_201
enable_trace
establish_context
card_connect
select -AID a0000000030000
--> 00A4040007A0000000030000
<--
6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
0000004600001912523719135237000000000000000000000000000000009F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key
404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
--> 805000000803AF9CAB5BC9A73A00
<-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
--> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
<-- 9000
get_status -element e0
--> 80F2E000024F0000
<-- 6A86
OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)

Obviously the card has problem to list the applications. Don't know way.

By the way. I have problems with my Oberthur Cosmo card, that it can not
treat the GET RESPONSE command. Is this a usual feature? I cannot use
the card.

> I'm
> getting mutual_authentication() returns 0x80302000. I read about the
> need to specify a sdAID, but that seems to apply only to
> 'install_for_load', and the referenced 'putkey-cosmo.txt' example
> doesn't seem to exist...?

Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
CFlex card works with the mentioned change.

Karsten

> 
> Thanks!
> 
>     ~Iain
> 
> 
> 
> 
> 
> 
>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>> mode_201
>>>>>>> enable_trace
>>>>>>> establish_context
>>>>>>> card_connect
>>>>>>> select -AID a0000000030000
>>>>>>> --> 00A404000700000000000000
>>>>>>
>>>>>>
>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>> below....
>>>>>
>>>>>
>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>> routines, if something like this is used, I'm not sure.
>>>
>>>
>>> This could be the guilty routine (?):
>>>
>>> It scans two bytes interpreted as a hex byte:
>>>
>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>     i++;
>>> }
>>>
>>> I will see.
>>>
>>> Karsten
>>>
>>>
>>>>> Thanks, Karsten
>>>>>
>>>>>
>>>>>
>>>>>>> <-- 6A82
>>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>> selected could not be found.)
>>>>>>> # uname -a
>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>> #
>>>>>>>
>>>>>>>
>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>> successfully used
>>>>>>> this stuff on Solaris x86...
>>>>
>>>>
>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>>> effect endianess. I will look into GPShell.
>>>>
>>>> Karsten
>>>>
>>>>
>>>>
>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>
>>>>>>
>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>> mode_201
>>>>>> enable_trace
>>>>>> establish_context
>>>>>> card_connect
>>>>>> select -AID a0000000030000
>>>>>> --> 00A4040007A0000000030000
>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>> <-- 9000
>>>>>> get_status -element e0
>>>>>> --> 80F2E000024F0000
>>>>>> <--
>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>
>>>>>>
>>>>>>
>>>>>> List of applets (AID state privileges)
>>>>>> a0000000030000  7       0
>>>>>> a0000000620001  1       0
>>>>>> a0000000620101  1       0
>>>>>> a0000000620102  1       0
>>>>>> a0000000620201  1       0
>>>>>> a0000000030000  1       0
>>>>>> a000000001      1       0
>>>>>> a00000000101    7       0
>>>>>> card_disconnect
>>>>>> release_context
>>>>>> #
>>>>>>
>>>>>>  ~Iain
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -------------------------------------------------------
>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>> language
>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>> webcast
>>>>>> and join the prime developer group breaking into this new coding
>>>>>> territory!
>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>
>>>>>> _______________________________________________
>>>>>> Globalplatform-users mailing list
>>>>>> Glo...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>> language
>>>>> that extends applications into web and mobile media. Attend the
>>>>> live webcast
>>>>> and join the prime developer group breaking into this new coding
>>>>> territory!
>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>
>>>>> _______________________________________________
>>>>> Globalplatform-users mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>> language
>>>> that extends applications into web and mobile media. Attend the live
>>>> webcast
>>>> and join the prime developer group breaking into this new coding
>>>> territory!
>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>
>>>> _______________________________________________
>>>> Globalplatform-developers mailing list
>>>> Glo...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>> language
>>> that extends applications into web and mobile media. Attend the live
>>> webcast
>>> and join the prime developer group breaking into this new coding
>>> territory!
>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>> _______________________________________________
>>> Globalplatform-developers mailing list
>>> Glo...@li...
>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>
>>

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Karsten Ohme wrote on 03/26/06 01:00 PM:
> Karsten Ohme wrote:
>> Karsten Ohme wrote:
>>
>>> Karsten Ohme wrote:
>>>
>>>
>>>> Iain MacDonnell wrote:
>>>
>>>>>> BTW, I've run into what appears to be a bigger problem - have you ever
>>>>>> tried this stuff on a big-endian machine?
> 
> I have run some big endian tests on a Solaris system running on a Sparc.
> 
> For some reason the following happens:
> 
> char *test = "EE";
> sscanf (test, "%02x", &temp);
> 
> if temp is a char the conversion is always 00, if temp is an int, it works.
> 
> Please try out the GPShell version in CVS. I have fixed probably all
> conversions, but I have no possibility to test it.

Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
exercised all functions, but it's able to 'select' and 'open_sc' OK.
I'll let you know, of course, if I run into any further problems.

Side question: do you happen to have the developer keys for Oberthur
Cosmo v5.2 handy and/or is there something else I need to change
in the example GPShell scripts to establish a secure channel? I'm
getting mutual_authentication() returns 0x80302000. I read about the
need to specify a sdAID, but that seems to apply only to
'install_for_load', and the referenced 'putkey-cosmo.txt' example
doesn't seem to exist...?

Thanks!

     ~Iain






>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>> mode_201
>>>>>> enable_trace
>>>>>> establish_context
>>>>>> card_connect
>>>>>> select -AID a0000000030000
>>>>>> --> 00A404000700000000000000
>>>>>
>>>>> Note that the AID is not showing in this APDU... compared to below....
>>>>
>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>> routines, if something like this is used, I'm not sure.
>>
>> This could be the guilty routine (?):
>>
>> It scans two bytes interpreted as a hex byte:
>>
>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>> 	i++;
>> }
>>
>> I will see.
>>
>> Karsten
>>
>>
>>>> Thanks, Karsten
>>>>
>>>>
>>>>
>>>>>> <-- 6A82
>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>> selected could not be found.)
>>>>>> # uname -a
>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>> #
>>>>>>
>>>>>>
>>>>>> Maybe the endianess is a red herring too ... but I've successfully used
>>>>>> this stuff on Solaris x86...
>>>
>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>> effect endianess. I will look into GPShell.
>>>
>>> Karsten
>>>
>>>
>>>
>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>
>>>>>
>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>> mode_201
>>>>> enable_trace
>>>>> establish_context
>>>>> card_connect
>>>>> select -AID a0000000030000
>>>>> --> 00A4040007A0000000030000
>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>> --> 80500000088409FFE1A2E28B4600
>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>> <-- 9000
>>>>> get_status -element e0
>>>>> --> 80F2E000024F0000
>>>>> <--
>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>
>>>>>
>>>>> List of applets (AID state privileges)
>>>>> a0000000030000  7       0
>>>>> a0000000620001  1       0
>>>>> a0000000620101  1       0
>>>>> a0000000620102  1       0
>>>>> a0000000620201  1       0
>>>>> a0000000030000  1       0
>>>>> a000000001      1       0
>>>>> a00000000101    7       0
>>>>> card_disconnect
>>>>> release_context
>>>>> #
>>>>>
>>>>>  ~Iain
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>>>> that extends applications into web and mobile media. Attend the live
>>>>> webcast
>>>>> and join the prime developer group breaking into this new coding territory!
>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>> _______________________________________________
>>>>> Globalplatform-users mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>>> that extends applications into web and mobile media. Attend the live webcast
>>>> and join the prime developer group breaking into this new coding territory!
>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>> _______________________________________________
>>>> Globalplatform-users mailing list
>>>> Glo...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>> that extends applications into web and mobile media. Attend the live webcast
>>> and join the prime developer group breaking into this new coding territory!
>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>> _______________________________________________
>>> Globalplatform-developers mailing list
>>> Glo...@li...
>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>> that extends applications into web and mobile media. Attend the live webcast
>> and join the prime developer group breaking into this new coding territory!
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>> _______________________________________________
>> Globalplatform-developers mailing list
>> Glo...@li...
>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
> 

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Karsten Ohme wrote on 03/26/06 01:23 PM:
> Iain MacDonnell wrote:
>>
>> Karsten Ohme wrote on 03/26/06 01:00 PM:
>>
>>> Karsten Ohme wrote:
>>>
>>>> Karsten Ohme wrote:
>>>>
>>>>> Karsten Ohme wrote:
>>>>>
>>>>>
>>>>>> Iain MacDonnell wrote:
>>>>>
>>>>>>>> BTW, I've run into what appears to be a bigger problem - have you
>>>>>>>> ever
>>>>>>>> tried this stuff on a big-endian machine?
>>>
>>> I have run some big endian tests on a Solaris system running on a Sparc.
>>>
>>> For some reason the following happens:
>>>
>>> char *test = "EE";
>>> sscanf (test, "%02x", &temp);
>>>
>>> if temp is a char the conversion is always 00, if temp is an int, it
>>> works.
>>>
>>> Please try out the GPShell version in CVS. I have fixed probably all
>>> conversions, but I have no possibility to test it.
>>
>> I noticed that too - but when I changed AID to be int[], things broke a
>> little later (in select_application(), where the data is copied into a
>> BYTE[] buffer).
> 
> AID is still a char array.
> 
>> The 'hh' length modifier seems to be the easiest fix - what do you think
>> of it ?
> 
> In the man page of my Debian Linux system only h for short int is
> mentioned, under Solaris in the man page it is not mentioned, so I don't
> know, if it is portable.

The length modifiers are apparently part of the ISO 9899:1999 (C99)
spec. Solaris 10 has them, but Solaris 9 apparently doesn't. In Linux
world, it appears you need glibc-2.1.

I'll try out your other proposed fix ASAP.

Thx,

     ~Iain



>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>> mode_201
>>>>>>>> enable_trace
>>>>>>>> establish_context
>>>>>>>> card_connect
>>>>>>>> select -AID a0000000030000
>>>>>>>> --> 00A404000700000000000000
>>>>>>>
>>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>>> below....
>>>>>>
>>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>>> routines, if something like this is used, I'm not sure.
>>>>
>>>> This could be the guilty routine (?):
>>>>
>>>> It scans two bytes interpreted as a hex byte:
>>>>
>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>>     i++;
>>>> }
>>>>
>>>> I will see.
>>>>
>>>> Karsten
>>>>
>>>>
>>>>>> Thanks, Karsten
>>>>>>
>>>>>>
>>>>>>
>>>>>>>> <-- 6A82
>>>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>>> selected could not be found.)
>>>>>>>> # uname -a
>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>>> #
>>>>>>>>
>>>>>>>>
>>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>>> successfully used
>>>>>>>> this stuff on Solaris x86...
>>>>>
>>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>>>> effect endianess. I will look into GPShell.
>>>>>
>>>>> Karsten
>>>>>
>>>>>
>>>>>
>>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>>
>>>>>>>
>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>> mode_201
>>>>>>> enable_trace
>>>>>>> establish_context
>>>>>>> card_connect
>>>>>>> select -AID a0000000030000
>>>>>>> --> 00A4040007A0000000030000
>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>> <-- 9000
>>>>>>> get_status -element e0
>>>>>>> --> 80F2E000024F0000
>>>>>>> <--
>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> List of applets (AID state privileges)
>>>>>>> a0000000030000  7       0
>>>>>>> a0000000620001  1       0
>>>>>>> a0000000620101  1       0
>>>>>>> a0000000620102  1       0
>>>>>>> a0000000620201  1       0
>>>>>>> a0000000030000  1       0
>>>>>>> a000000001      1       0
>>>>>>> a00000000101    7       0
>>>>>>> card_disconnect
>>>>>>> release_context
>>>>>>> #
>>>>>>>
>>>>>>>  ~Iain
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>> language
>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>> webcast
>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>> territory!
>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Globalplatform-users mailing list
>>>>>>> Glo...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>
>>>>>>
>>>>>>
>>>>>> -------------------------------------------------------
>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>> language
>>>>>> that extends applications into web and mobile media. Attend the
>>>>>> live webcast
>>>>>> and join the prime developer group breaking into this new coding
>>>>>> territory!
>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>
>>>>>> _______________________________________________
>>>>>> Globalplatform-users mailing list
>>>>>> Glo...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>> language
>>>>> that extends applications into web and mobile media. Attend the live
>>>>> webcast
>>>>> and join the prime developer group breaking into this new coding
>>>>> territory!
>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>
>>>>> _______________________________________________
>>>>> Globalplatform-developers mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>> language
>>>> that extends applications into web and mobile media. Attend the live
>>>> webcast
>>>> and join the prime developer group breaking into this new coding
>>>> territory!
>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>> _______________________________________________
>>>> Globalplatform-developers mailing list
>>>> Glo...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>> that extends applications into web and mobile media. Attend the live
>> webcast
>> and join the prime developer group breaking into this new coding territory!
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>> _______________________________________________
>> Globalplatform-users mailing list
>> Glo...@li...
>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
> 

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Karsten O. <wid...@t-...>]

Iain MacDonnell wrote:
> 
> 
> Karsten Ohme wrote on 03/26/06 01:00 PM:
> 
>> Karsten Ohme wrote:
>>
>>> Karsten Ohme wrote:
>>>
>>>> Karsten Ohme wrote:
>>>>
>>>>
>>>>> Iain MacDonnell wrote:
>>>>
>>>>
>>>>>>> BTW, I've run into what appears to be a bigger problem - have you
>>>>>>> ever
>>>>>>> tried this stuff on a big-endian machine?
>>
>>
>> I have run some big endian tests on a Solaris system running on a Sparc.
>>
>> For some reason the following happens:
>>
>> char *test = "EE";
>> sscanf (test, "%02x", &temp);
>>
>> if temp is a char the conversion is always 00, if temp is an int, it
>> works.
>>
>> Please try out the GPShell version in CVS. I have fixed probably all
>> conversions, but I have no possibility to test it.
> 
> 
> I noticed that too - but when I changed AID to be int[], things broke a
> little later (in select_application(), where the data is copied into a
> BYTE[] buffer).

AID is still a char array.

> 
> The 'hh' length modifier seems to be the easiest fix - what do you think
> of it ?

In the man page of my Debian Linux system only h for short int is
mentioned, under Solaris in the man page it is not mentioned, so I don't
know, if it is portable.

Karsten

> 
> I have to go out now ... probably will return to this tomorrow...
> 
>     ~Iain
> 
> 
> 
> 
>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>> mode_201
>>>>>>> enable_trace
>>>>>>> establish_context
>>>>>>> card_connect
>>>>>>> select -AID a0000000030000
>>>>>>> --> 00A404000700000000000000
>>>>>>
>>>>>>
>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>> below....
>>>>>
>>>>>
>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>> routines, if something like this is used, I'm not sure.
>>>
>>>
>>> This could be the guilty routine (?):
>>>
>>> It scans two bytes interpreted as a hex byte:
>>>
>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>     i++;
>>> }
>>>
>>> I will see.
>>>
>>> Karsten
>>>
>>>
>>>>> Thanks, Karsten
>>>>>
>>>>>
>>>>>
>>>>>>> <-- 6A82
>>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>> selected could not be found.)
>>>>>>> # uname -a
>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>> #
>>>>>>>
>>>>>>>
>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>> successfully used
>>>>>>> this stuff on Solaris x86...
>>>>
>>>>
>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>>> effect endianess. I will look into GPShell.
>>>>
>>>> Karsten
>>>>
>>>>
>>>>
>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>
>>>>>>
>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>> mode_201
>>>>>> enable_trace
>>>>>> establish_context
>>>>>> card_connect
>>>>>> select -AID a0000000030000
>>>>>> --> 00A4040007A0000000030000
>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>> <-- 9000
>>>>>> get_status -element e0
>>>>>> --> 80F2E000024F0000
>>>>>> <--
>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>
>>>>>>
>>>>>>
>>>>>> List of applets (AID state privileges)
>>>>>> a0000000030000  7       0
>>>>>> a0000000620001  1       0
>>>>>> a0000000620101  1       0
>>>>>> a0000000620102  1       0
>>>>>> a0000000620201  1       0
>>>>>> a0000000030000  1       0
>>>>>> a000000001      1       0
>>>>>> a00000000101    7       0
>>>>>> card_disconnect
>>>>>> release_context
>>>>>> #
>>>>>>
>>>>>>  ~Iain
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -------------------------------------------------------
>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>> language
>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>> webcast
>>>>>> and join the prime developer group breaking into this new coding
>>>>>> territory!
>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>
>>>>>> _______________________________________________
>>>>>> Globalplatform-users mailing list
>>>>>> Glo...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>> language
>>>>> that extends applications into web and mobile media. Attend the
>>>>> live webcast
>>>>> and join the prime developer group breaking into this new coding
>>>>> territory!
>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>
>>>>> _______________________________________________
>>>>> Globalplatform-users mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>> language
>>>> that extends applications into web and mobile media. Attend the live
>>>> webcast
>>>> and join the prime developer group breaking into this new coding
>>>> territory!
>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>
>>>> _______________________________________________
>>>> Globalplatform-developers mailing list
>>>> Glo...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>> language
>>> that extends applications into web and mobile media. Attend the live
>>> webcast
>>> and join the prime developer group breaking into this new coding
>>> territory!
>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>> _______________________________________________
>>> Globalplatform-developers mailing list
>>> Glo...@li...
>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>
>>
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Iain MacDonnell wrote on 03/26/06 01:02 PM:
> 
> 
> Karsten Ohme wrote on 03/24/06 10:14 PM:
>> Karsten Ohme wrote:
>>> Karsten Ohme wrote:
>>>
>>>> Iain MacDonnell wrote:
>>>
>>>>>> BTW, I've run into what appears to be a bigger problem - have you 
>>>>>> ever
>>>>>> tried this stuff on a big-endian machine?
>>>>>>
>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>> mode_201
>>>>>> enable_trace
>>>>>> establish_context
>>>>>> card_connect
>>>>>> select -AID a0000000030000
>>>>>> --> 00A404000700000000000000
>>>>>
>>>>> Note that the AID is not showing in this APDU... compared to below....
>>>>
>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>> routines, if something like this is used, I'm not sure.
>>
>> This could be the guilty routine (?):
>>
>> It scans two bytes interpreted as a hex byte:
>>
>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>     i++;
>> }
> 
> I think it's a length issue - changing that to:
> 
> while (sscanf (&(dummy[i*2]), "%02hhx", &(pOptionStr->AID[i])) > 0)
> 
> seems to fix it (for 'select') - the subsequent 'open_sc' fails, but
> I'm sure the fix needs to be applied to all of the other sscanf()
> calls - eg for '-mac_key'.

PS. With all the other sscanf()s updated, it works:

# /opt/ITmuscle/bin/gpshell list-cflex.txt
mode_201
enable_trace
establish_context
card_connect
* reader name Sun Blade Internal Reader 00 00
select -AID a0000000030000
dummy contains: a0000000030000
Scanned: 0xffffffa0
Scanned: 0x00
Scanned: 0x00
Scanned: 0x00
Scanned: 0x03
Scanned: 0x00
Scanned: 0x00
before call to select_application(), AID contains:
  0xffffffa0
  0x00
  0x00
  0x00
  0x03
  0x00
  0x00
--> 00A4040007A0000000030000
<-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 
404142434445464748494a4b4c4d4e4f -enc_key 
404142434445464748494a4b4c4d4e4f // Open secure channel
--> 8050000008FD52267414E5D74B00
<-- 000012010000111401020101231A0475140D188F9ED8361696BFA3BD9000
--> 84820100100FA8513CBB26A89266FF1C959343E004
<-- 9000
get_status -element e0
--> 80F2E000024F0000
<-- 
07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
OP201_get_status() returned 8 items

List of applets (AID state privileges)
a0000000030000  7       0
a0000000620001  1       0
a0000000620101  1       0
a0000000620102  1       0
a0000000620201  1       0
a0000000030000  1       0
a000000001      1       0
a00000000101    7       0
card_disconnect
release_context
#


Really leaving now :)

     ~Iain

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Karsten Ohme wrote on 03/26/06 01:00 PM:
> Karsten Ohme wrote:
>> Karsten Ohme wrote:
>>
>>> Karsten Ohme wrote:
>>>
>>>
>>>> Iain MacDonnell wrote:
>>>
>>>>>> BTW, I've run into what appears to be a bigger problem - have you ever
>>>>>> tried this stuff on a big-endian machine?
> 
> I have run some big endian tests on a Solaris system running on a Sparc.
> 
> For some reason the following happens:
> 
> char *test = "EE";
> sscanf (test, "%02x", &temp);
> 
> if temp is a char the conversion is always 00, if temp is an int, it works.
> 
> Please try out the GPShell version in CVS. I have fixed probably all
> conversions, but I have no possibility to test it.

I noticed that too - but when I changed AID to be int[], things broke a
little later (in select_application(), where the data is copied into a
BYTE[] buffer).

The 'hh' length modifier seems to be the easiest fix - what do you think
of it ?

I have to go out now ... probably will return to this tomorrow...

     ~Iain




>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>> mode_201
>>>>>> enable_trace
>>>>>> establish_context
>>>>>> card_connect
>>>>>> select -AID a0000000030000
>>>>>> --> 00A404000700000000000000
>>>>>
>>>>> Note that the AID is not showing in this APDU... compared to below....
>>>>
>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>> routines, if something like this is used, I'm not sure.
>>
>> This could be the guilty routine (?):
>>
>> It scans two bytes interpreted as a hex byte:
>>
>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>> 	i++;
>> }
>>
>> I will see.
>>
>> Karsten
>>
>>
>>>> Thanks, Karsten
>>>>
>>>>
>>>>
>>>>>> <-- 6A82
>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>> selected could not be found.)
>>>>>> # uname -a
>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>> #
>>>>>>
>>>>>>
>>>>>> Maybe the endianess is a red herring too ... but I've successfully used
>>>>>> this stuff on Solaris x86...
>>>
>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>> effect endianess. I will look into GPShell.
>>>
>>> Karsten
>>>
>>>
>>>
>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>
>>>>>
>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>> mode_201
>>>>> enable_trace
>>>>> establish_context
>>>>> card_connect
>>>>> select -AID a0000000030000
>>>>> --> 00A4040007A0000000030000
>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>> --> 80500000088409FFE1A2E28B4600
>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>> <-- 9000
>>>>> get_status -element e0
>>>>> --> 80F2E000024F0000
>>>>> <--
>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>
>>>>>
>>>>> List of applets (AID state privileges)
>>>>> a0000000030000  7       0
>>>>> a0000000620001  1       0
>>>>> a0000000620101  1       0
>>>>> a0000000620102  1       0
>>>>> a0000000620201  1       0
>>>>> a0000000030000  1       0
>>>>> a000000001      1       0
>>>>> a00000000101    7       0
>>>>> card_disconnect
>>>>> release_context
>>>>> #
>>>>>
>>>>>  ~Iain
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>>>> that extends applications into web and mobile media. Attend the live
>>>>> webcast
>>>>> and join the prime developer group breaking into this new coding territory!
>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>> _______________________________________________
>>>>> Globalplatform-users mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>>> that extends applications into web and mobile media. Attend the live webcast
>>>> and join the prime developer group breaking into this new coding territory!
>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>> _______________________________________________
>>>> Globalplatform-users mailing list
>>>> Glo...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>> that extends applications into web and mobile media. Attend the live webcast
>>> and join the prime developer group breaking into this new coding territory!
>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>> _______________________________________________
>>> Globalplatform-developers mailing list
>>> Glo...@li...
>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>> that extends applications into web and mobile media. Attend the live webcast
>> and join the prime developer group breaking into this new coding territory!
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>> _______________________________________________
>> Globalplatform-developers mailing list
>> Glo...@li...
>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
> 

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Karsten Ohme wrote on 03/24/06 10:14 PM:
> Karsten Ohme wrote:
>> Karsten Ohme wrote:
>>
>>> Iain MacDonnell wrote:
>>
>>>>> BTW, I've run into what appears to be a bigger problem - have you ever
>>>>> tried this stuff on a big-endian machine?
>>>>>
>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>> mode_201
>>>>> enable_trace
>>>>> establish_context
>>>>> card_connect
>>>>> select -AID a0000000030000
>>>>> --> 00A404000700000000000000
>>>>
>>>> Note that the AID is not showing in this APDU... compared to below....
>>>
>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>> routines, if something like this is used, I'm not sure.
> 
> This could be the guilty routine (?):
> 
> It scans two bytes interpreted as a hex byte:
> 
> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
> 	i++;
> }

I think it's a length issue - changing that to:

while (sscanf (&(dummy[i*2]), "%02hhx", &(pOptionStr->AID[i])) > 0)

seems to fix it (for 'select') - the subsequent 'open_sc' fails, but
I'm sure the fix needs to be applied to all of the other sscanf()
calls - eg for '-mac_key'.

   Length Modifiers
      The length modifiers and their meanings are:

      hh              Specifies that a following d, i, o, u, x, X,
                      or  n  conversion  specifier  applies  to an
                      argument with type pointer to signed char or
                      unsigned char.


     ~Iain

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Karsten O. <wid...@t-...>]

Karsten Ohme wrote:
> Karsten Ohme wrote:
> 
>>Karsten Ohme wrote:
>>
>>
>>>Iain MacDonnell wrote:
>>
>>
>>>>>BTW, I've run into what appears to be a bigger problem - have you ever
>>>>>tried this stuff on a big-endian machine?

I have run some big endian tests on a Solaris system running on a Sparc.

For some reason the following happens:

char *test = "EE";
sscanf (test, "%02x", &temp);

if temp is a char the conversion is always 00, if temp is an int, it works.

Please try out the GPShell version in CVS. I have fixed probably all
conversions, but I have no possibility to test it.

Karsten

>>>>>
>>>>># /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>mode_201
>>>>>enable_trace
>>>>>establish_context
>>>>>card_connect
>>>>>select -AID a0000000030000
>>>>>--> 00A404000700000000000000
>>>>
>>>>
>>>>Note that the AID is not showing in this APDU... compared to below....
>>>
>>>
>>>Mmmh, this is a bigger problem. I will see to fix the conversion
>>>routines, if something like this is used, I'm not sure.
> 
> 
> This could be the guilty routine (?):
> 
> It scans two bytes interpreted as a hex byte:
> 
> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
> 	i++;
> }
> 
> I will see.
> 
> Karsten
> 
> 
>>>Thanks, Karsten
>>>
>>>
>>>
>>>>><-- 6A82
>>>>>select_application() returns 0x80216A82 (6A82: The application to be
>>>>>selected could not be found.)
>>>>># uname -a
>>>>>SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>#
>>>>>
>>>>>
>>>>>Maybe the endianess is a red herring too ... but I've successfully used
>>>>>this stuff on Solaris x86...
>>
>>
>>Mmmh, actually I use only byte arrays, no numbers, this should not
>>effect endianess. I will look into GPShell.
>>
>>Karsten
>>
>>
>>
>>>>Same card, same reader, same sources, but on Solaris x86:
>>>>
>>>>
>>>># /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>mode_201
>>>>enable_trace
>>>>establish_context
>>>>card_connect
>>>>select -AID a0000000030000
>>>>--> 00A4040007A0000000030000
>>>><-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>404142434445464748494a4b4c4d4e4f -enc_key
>>>>404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>--> 80500000088409FFE1A2E28B4600
>>>><-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>--> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>><-- 9000
>>>>get_status -element e0
>>>>--> 80F2E000024F0000
>>>><--
>>>>07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>
>>>>
>>>>List of applets (AID state privileges)
>>>>a0000000030000  7       0
>>>>a0000000620001  1       0
>>>>a0000000620101  1       0
>>>>a0000000620102  1       0
>>>>a0000000620201  1       0
>>>>a0000000030000  1       0
>>>>a000000001      1       0
>>>>a00000000101    7       0
>>>>card_disconnect
>>>>release_context
>>>>#
>>>>
>>>>  ~Iain
>>>>
>>>>
>>>>
>>>>
>>>>-------------------------------------------------------
>>>>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>>>that extends applications into web and mobile media. Attend the live
>>>>webcast
>>>>and join the prime developer group breaking into this new coding territory!
>>>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>_______________________________________________
>>>>Globalplatform-users mailing list
>>>>Glo...@li...
>>>>https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>
>>>
>>>
>>>
>>>-------------------------------------------------------
>>>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>>that extends applications into web and mobile media. Attend the live webcast
>>>and join the prime developer group breaking into this new coding territory!
>>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>_______________________________________________
>>>Globalplatform-users mailing list
>>>Glo...@li...
>>>https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>
>>
>>
>>
>>-------------------------------------------------------
>>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>that extends applications into web and mobile media. Attend the live webcast
>>and join the prime developer group breaking into this new coding territory!
>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>_______________________________________________
>>Globalplatform-developers mailing list
>>Glo...@li...
>>https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Globalplatform-developers mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers

Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Karsten O. <wid...@t-...>]

Karsten Ohme wrote:
> Karsten Ohme wrote:
> 
>>Iain MacDonnell wrote:
> 
> 
>>>>BTW, I've run into what appears to be a bigger problem - have you ever
>>>>tried this stuff on a big-endian machine?
>>>>
>>>># /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>mode_201
>>>>enable_trace
>>>>establish_context
>>>>card_connect
>>>>select -AID a0000000030000
>>>>--> 00A404000700000000000000
>>>
>>>
>>>Note that the AID is not showing in this APDU... compared to below....
>>
>>
>>Mmmh, this is a bigger problem. I will see to fix the conversion
>>routines, if something like this is used, I'm not sure.

This could be the guilty routine (?):

It scans two bytes interpreted as a hex byte:

while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
	i++;
}

I will see.

Karsten

>>
>>Thanks, Karsten
>>
>>
>>>><-- 6A82
>>>>select_application() returns 0x80216A82 (6A82: The application to be
>>>>selected could not be found.)
>>>># uname -a
>>>>SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>#
>>>>
>>>>
>>>>Maybe the endianess is a red herring too ... but I've successfully used
>>>>this stuff on Solaris x86...
> 
> 
> Mmmh, actually I use only byte arrays, no numbers, this should not
> effect endianess. I will look into GPShell.
> 
> Karsten
> 
> 
>>>
>>>Same card, same reader, same sources, but on Solaris x86:
>>>
>>>
>>># /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>mode_201
>>>enable_trace
>>>establish_context
>>>card_connect
>>>select -AID a0000000030000
>>>--> 00A4040007A0000000030000
>>><-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>404142434445464748494a4b4c4d4e4f -enc_key
>>>404142434445464748494a4b4c4d4e4f // Open secure channel
>>>--> 80500000088409FFE1A2E28B4600
>>><-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>--> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>><-- 9000
>>>get_status -element e0
>>>--> 80F2E000024F0000
>>><--
>>>07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>
>>>
>>>List of applets (AID state privileges)
>>>a0000000030000  7       0
>>>a0000000620001  1       0
>>>a0000000620101  1       0
>>>a0000000620102  1       0
>>>a0000000620201  1       0
>>>a0000000030000  1       0
>>>a000000001      1       0
>>>a00000000101    7       0
>>>card_disconnect
>>>release_context
>>>#
>>>
>>>   ~Iain
>>>
>>>
>>>
>>>
>>>-------------------------------------------------------
>>>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>>that extends applications into web and mobile media. Attend the live
>>>webcast
>>>and join the prime developer group breaking into this new coding territory!
>>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>_______________________________________________
>>>Globalplatform-users mailing list
>>>Glo...@li...
>>>https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>
>>
>>
>>
>>-------------------------------------------------------
>>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>that extends applications into web and mobile media. Attend the live webcast
>>and join the prime developer group breaking into this new coding territory!
>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>_______________________________________________
>>Globalplatform-users mailing list
>>Glo...@li...
>>https://lists.sourceforge.net/lists/listinfo/globalplatform-users
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Globalplatform-developers mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers

Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Karsten O. <wid...@t-...>]

Karsten Ohme wrote:
> Iain MacDonnell wrote:

>>>BTW, I've run into what appears to be a bigger problem - have you ever
>>>tried this stuff on a big-endian machine?
>>>
>>># /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>mode_201
>>>enable_trace
>>>establish_context
>>>card_connect
>>>select -AID a0000000030000
>>>--> 00A404000700000000000000
>>
>>
>>Note that the AID is not showing in this APDU... compared to below....
> 
> 
> Mmmh, this is a bigger problem. I will see to fix the conversion
> routines, if something like this is used, I'm not sure.
> 
> Thanks, Karsten
> 
>>><-- 6A82
>>>select_application() returns 0x80216A82 (6A82: The application to be
>>>selected could not be found.)
>>># uname -a
>>>SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>#
>>>
>>>
>>>Maybe the endianess is a red herring too ... but I've successfully used
>>>this stuff on Solaris x86...

Mmmh, actually I use only byte arrays, no numbers, this should not
effect endianess. I will look into GPShell.

Karsten

>>
>>
>>Same card, same reader, same sources, but on Solaris x86:
>>
>>
>># /opt/ITmuscle/bin/gpshell list-cflex.txt
>>mode_201
>>enable_trace
>>establish_context
>>card_connect
>>select -AID a0000000030000
>>--> 00A4040007A0000000030000
>><-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>404142434445464748494a4b4c4d4e4f -enc_key
>>404142434445464748494a4b4c4d4e4f // Open secure channel
>>--> 80500000088409FFE1A2E28B4600
>><-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>--> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>><-- 9000
>>get_status -element e0
>>--> 80F2E000024F0000
>><--
>>07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>
>>
>>List of applets (AID state privileges)
>>a0000000030000  7       0
>>a0000000620001  1       0
>>a0000000620101  1       0
>>a0000000620102  1       0
>>a0000000620201  1       0
>>a0000000030000  1       0
>>a000000001      1       0
>>a00000000101    7       0
>>card_disconnect
>>release_context
>>#
>>
>>    ~Iain
>>
>>
>>
>>
>>-------------------------------------------------------
>>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>>that extends applications into web and mobile media. Attend the live
>>webcast
>>and join the prime developer group breaking into this new coding territory!
>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>_______________________________________________
>>Globalplatform-users mailing list
>>Glo...@li...
>>https://lists.sourceforge.net/lists/listinfo/globalplatform-users
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users

Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Karsten O. <wid...@t-...>]

Iain MacDonnell wrote:
> 
> 
> Iain MacDonnell wrote on 03/24/06 08:33 PM:
> 
>>
>>
>> Karsten Ohme wrote on 03/24/06 08:03 PM:
>>
>>> Iain MacDonnell wrote:
>>>
>>>>
>>>> Two questions:
>>>>
>>>> 1) Is OpenSSL 0.9.7e really needed? The configure script checks for
>>>>    PEM_read_bio_PrivateKey(), but I don't see that actually used
>>>>    anywhere. Solaris 10 comes with 0.9.7d, and like to use that if
>>>>    there isn't a real need for 0.9.7e ... ?
>>>
>>>
>>> No. If the API has all needed function, it is OK. The check is only
>>> performed to make sure that the library is OK. Does this step cause a
>>> problem? I don't know if the version 0.9.7d has all needed functions, if
>>> you are successful, I can change the e to a d.
>>
>>
>> The problem was that AC_CHECK_LIB failed.

The CVS was not up to date. The release version was newer. This should
fix the crypto problems below.

>>
>>
>>> I changed it to PEM_read_PrivateKey, which is used e.g. in
>>> OP201_calculate_rsa_DAP().
>>
>>
>> Err, you changed it in the error message but not in the actual test :)
>>
>> AC_CHECK_LIB(ssl, PEM_read_bio_PrivateKey, [],
>>         [AC_MSG_ERROR([PEM_read_PrivateKey() not
>> found, install OpenSSL 0.9.7e or later])])
>>
>> but wait - that's a red herring anyway - the real problem is that you
>> need to change "ssl" to "crypto", as libcrypto, not libssl, is where
>> PEM_read_bio_PrivateKey() is visible.
>>
>> With that change, configure finishes successfully, even with 0.9.7d.
>>
>>
>>>> 2) It seems that libGlobalPlatform.so needs to be linked to libcrypto,
>>>>    but it isn't - I have to manually add '-lcrypto' when building
>>>>    anything that uses libGlobalPlatform.so (including GPShell)
>>>
>>>
>>> I changed the AC_CHECK_LIB autoconf macro to look for the crypto
>>> library.
>>>
>>> Let me know, if it works.
>>
>>
>> Ahhh, you need to do that for GlobalPlatform2.1.1 too - then both my
>> problems will be solved, I believe.
>>
>>
>>> I released at:
>>>
>>> http://sourceforge.net/project/showfiles.php?group_id=143343
>>>
>>> the current versions of GlobalPlatform and GPShell. Should be the
>>> same state as the CVS.
>>
>>
>> I'm working from CVS.
>>
>> BTW, I've run into what appears to be a bigger problem - have you ever
>> tried this stuff on a big-endian machine?
>>
>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>> mode_201
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a0000000030000
>> --> 00A404000700000000000000
> 
> 
> Note that the AID is not showing in this APDU... compared to below....

Mmmh, this is a bigger problem. I will see to fix the conversion
routines, if something like this is used, I'm not sure.

Thanks, Karsten
> 
>> <-- 6A82
>> select_application() returns 0x80216A82 (6A82: The application to be
>> selected could not be found.)
>> # uname -a
>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>> #
>>
>>
>> Maybe the endianess is a red herring too ... but I've successfully used
>> this stuff on Solaris x86...
> 
> 
> Same card, same reader, same sources, but on Solaris x86:
> 
> 
> # /opt/ITmuscle/bin/gpshell list-cflex.txt
> mode_201
> enable_trace
> establish_context
> card_connect
> select -AID a0000000030000
> --> 00A4040007A0000000030000
> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
> 404142434445464748494a4b4c4d4e4f -enc_key
> 404142434445464748494a4b4c4d4e4f // Open secure channel
> --> 80500000088409FFE1A2E28B4600
> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
> <-- 9000
> get_status -element e0
> --> 80F2E000024F0000
> <--
> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
> 
> 
> List of applets (AID state privileges)
> a0000000030000  7       0
> a0000000620001  1       0
> a0000000620101  1       0
> a0000000620102  1       0
> a0000000620201  1       0
> a0000000030000  1       0
> a000000001      1       0
> a00000000101    7       0
> card_disconnect
> release_context
> #
> 
>     ~Iain
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users

[Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Iain MacDonnell wrote on 03/24/06 08:33 PM:
> 
> 
> Karsten Ohme wrote on 03/24/06 08:03 PM:
>> Iain MacDonnell wrote:
>>>
>>> Two questions:
>>>
>>> 1) Is OpenSSL 0.9.7e really needed? The configure script checks for
>>>    PEM_read_bio_PrivateKey(), but I don't see that actually used
>>>    anywhere. Solaris 10 comes with 0.9.7d, and like to use that if
>>>    there isn't a real need for 0.9.7e ... ?
>>
>> No. If the API has all needed function, it is OK. The check is only
>> performed to make sure that the library is OK. Does this step cause a
>> problem? I don't know if the version 0.9.7d has all needed functions, if
>> you are successful, I can change the e to a d.
> 
> The problem was that AC_CHECK_LIB failed.
> 
> 
>> I changed it to PEM_read_PrivateKey, which is used e.g. in
>> OP201_calculate_rsa_DAP().
> 
> Err, you changed it in the error message but not in the actual test :)
> 
> AC_CHECK_LIB(ssl, PEM_read_bio_PrivateKey, [],
>         [AC_MSG_ERROR([PEM_read_PrivateKey() not
> found, install OpenSSL 0.9.7e or later])])
> 
> but wait - that's a red herring anyway - the real problem is that you
> need to change "ssl" to "crypto", as libcrypto, not libssl, is where
> PEM_read_bio_PrivateKey() is visible.
> 
> With that change, configure finishes successfully, even with 0.9.7d.
> 
> 
>>> 2) It seems that libGlobalPlatform.so needs to be linked to libcrypto,
>>>    but it isn't - I have to manually add '-lcrypto' when building
>>>    anything that uses libGlobalPlatform.so (including GPShell)
>>
>> I changed the AC_CHECK_LIB autoconf macro to look for the crypto library.
>>
>> Let me know, if it works.
> 
> Ahhh, you need to do that for GlobalPlatform2.1.1 too - then both my
> problems will be solved, I believe.
> 
> 
>> I released at:
>>
>> http://sourceforge.net/project/showfiles.php?group_id=143343
>>
>> the current versions of GlobalPlatform and GPShell. Should be the same 
>> state as the CVS.
> 
> I'm working from CVS.
> 
> BTW, I've run into what appears to be a bigger problem - have you ever
> tried this stuff on a big-endian machine?
> 
> # /opt/ITmuscle/bin/gpshell list-cflex.txt
> mode_201
> enable_trace
> establish_context
> card_connect
> select -AID a0000000030000
> --> 00A404000700000000000000

Note that the AID is not showing in this APDU... compared to below....

> <-- 6A82
> select_application() returns 0x80216A82 (6A82: The application to be 
> selected could not be found.)
> # uname -a
> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
> #
> 
> 
> Maybe the endianess is a red herring too ... but I've successfully used
> this stuff on Solaris x86...

Same card, same reader, same sources, but on Solaris x86:


# /opt/ITmuscle/bin/gpshell list-cflex.txt
mode_201
enable_trace
establish_context
card_connect
select -AID a0000000030000
--> 00A4040007A0000000030000
<-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 
404142434445464748494a4b4c4d4e4f -enc_key 
404142434445464748494a4b4c4d4e4f // Open secure channel
--> 80500000088409FFE1A2E28B4600
<-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
--> 8482010010C8207C7B2A3E416884B431EF23B61CD2
<-- 9000
get_status -element e0
--> 80F2E000024F0000
<-- 
07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000

List of applets (AID state privileges)
a0000000030000  7       0
a0000000620001  1       0
a0000000620101  1       0
a0000000620102  1       0
a0000000620201  1       0
a0000000030000  1       0
a000000001      1       0
a00000000101    7       0
card_disconnect
release_context
#

     ~Iain

[Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Karsten Ohme wrote on 03/24/06 08:03 PM:
> Iain MacDonnell wrote:
>>
>> Two questions:
>>
>> 1) Is OpenSSL 0.9.7e really needed? The configure script checks for
>>    PEM_read_bio_PrivateKey(), but I don't see that actually used
>>    anywhere. Solaris 10 comes with 0.9.7d, and like to use that if
>>    there isn't a real need for 0.9.7e ... ?
> 
> No. If the API has all needed function, it is OK. The check is only
> performed to make sure that the library is OK. Does this step cause a
> problem? I don't know if the version 0.9.7d has all needed functions, if
> you are successful, I can change the e to a d.

The problem was that AC_CHECK_LIB failed.


> I changed it to PEM_read_PrivateKey, which is used e.g. in
> OP201_calculate_rsa_DAP().

Err, you changed it in the error message but not in the actual test :)

AC_CHECK_LIB(ssl, PEM_read_bio_PrivateKey, [],
         [AC_MSG_ERROR([PEM_read_PrivateKey() not
found, install OpenSSL 0.9.7e or later])])

but wait - that's a red herring anyway - the real problem is that you
need to change "ssl" to "crypto", as libcrypto, not libssl, is where
PEM_read_bio_PrivateKey() is visible.

With that change, configure finishes successfully, even with 0.9.7d.


>> 2) It seems that libGlobalPlatform.so needs to be linked to libcrypto,
>>    but it isn't - I have to manually add '-lcrypto' when building
>>    anything that uses libGlobalPlatform.so (including GPShell)
> 
> I changed the AC_CHECK_LIB autoconf macro to look for the crypto library.
> 
> Let me know, if it works.

Ahhh, you need to do that for GlobalPlatform2.1.1 too - then both my
problems will be solved, I believe.


> I released at:
> 
> http://sourceforge.net/project/showfiles.php?group_id=143343
> 
> the current versions of GlobalPlatform and GPShell. Should be the same 
> state as the CVS.

I'm working from CVS.

BTW, I've run into what appears to be a bigger problem - have you ever
tried this stuff on a big-endian machine?

# /opt/ITmuscle/bin/gpshell list-cflex.txt
mode_201
enable_trace
establish_context
card_connect
select -AID a0000000030000
--> 00A404000700000000000000
<-- 6A82
select_application() returns 0x80216A82 (6A82: The application to be 
selected could not be found.)
# uname -a
SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
#


Maybe the endianess is a red herring too ... but I've successfully used
this stuff on Solaris x86...

Thanks!

     ~Iain

[Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL

[Karsten O. <ko...@in...>]

Iain MacDonnell wrote:
> 
> Two questions:
> 
> 1) Is OpenSSL 0.9.7e really needed? The configure script checks for
>    PEM_read_bio_PrivateKey(), but I don't see that actually used
>    anywhere. Solaris 10 comes with 0.9.7d, and like to use that if
>    there isn't a real need for 0.9.7e ... ?

No. If the API has all needed function, it is OK. The check is only
performed to make sure that the library is OK. Does this step cause a
problem? I don't know if the version 0.9.7d has all needed functions, if
you are successful, I can change the e to a d.

I changed it to PEM_read_PrivateKey, which is used e.g. in
OP201_calculate_rsa_DAP().

> 
> 2) It seems that libGlobalPlatform.so needs to be linked to libcrypto,
>    but it isn't - I have to manually add '-lcrypto' when building
>    anything that uses libGlobalPlatform.so (including GPShell)

I changed the AC_CHECK_LIB autoconf macro to look for the crypto library.

Let me know, if it works.

I released at:

http://sourceforge.net/project/showfiles.php?group_id=143343

the current versions of GlobalPlatform and GPShell. Should be the same 
state as the CVS.

Thanks, Karsten

> 
> muscle*iml-v240-1:/export/stuff/ws/globalplatform/GlobalPlatform2.1.1%
> ldd .libs/libGlobalPlatform.so
>         libpcsclite.so.1 =>      /opt/ITmuscle/lib/libpcsclite.so.1
>         libc.so.1 =>     /lib/libc.so.1
>         libdl.so.1 =>    /lib/libdl.so.1
>         libpthread.so.1 =>       /lib/libpthread.so.1
>         libsocket.so.1 =>        /lib/libsocket.so.1
>         libnsl.so.1 =>   /lib/libnsl.so.1
>         libmp.so.2 =>    /lib/libmp.so.2
>         libmd5.so.1 =>   /lib/libmd5.so.1
>         libscf.so.1 =>   /lib/libscf.so.1
>         libdoor.so.1 =>  /lib/libdoor.so.1
>         libuutil.so.1 =>         /lib/libuutil.so.1
>         libm.so.2 =>     /lib/libm.so.2
>         /platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1
>         /platform/SUNW,Sun-Fire-V240/lib/libmd5_psr.so.1
> muscle*iml-v240-1:/export/stuff/ws/globalplatform/GlobalPlatform2.1.1%
> 
> 
> Thx,
> 
>     ~Iain
> 
> 
> 

[Globalplatform-users] GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Two questions:

1) Is OpenSSL 0.9.7e really needed? The configure script checks for
    PEM_read_bio_PrivateKey(), but I don't see that actually used
    anywhere. Solaris 10 comes with 0.9.7d, and like to use that if
    there isn't a real need for 0.9.7e ... ?

2) It seems that libGlobalPlatform.so needs to be linked to libcrypto,
    but it isn't - I have to manually add '-lcrypto' when building
    anything that uses libGlobalPlatform.so (including GPShell)

muscle*iml-v240-1:/export/stuff/ws/globalplatform/GlobalPlatform2.1.1% 
ldd .libs/libGlobalPlatform.so
         libpcsclite.so.1 =>      /opt/ITmuscle/lib/libpcsclite.so.1
         libc.so.1 =>     /lib/libc.so.1
         libdl.so.1 =>    /lib/libdl.so.1
         libpthread.so.1 =>       /lib/libpthread.so.1
         libsocket.so.1 =>        /lib/libsocket.so.1
         libnsl.so.1 =>   /lib/libnsl.so.1
         libmp.so.2 =>    /lib/libmp.so.2
         libmd5.so.1 =>   /lib/libmd5.so.1
         libscf.so.1 =>   /lib/libscf.so.1
         libdoor.so.1 =>  /lib/libdoor.so.1
         libuutil.so.1 =>         /lib/libuutil.so.1
         libm.so.2 =>     /lib/libm.so.2
         /platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1
         /platform/SUNW,Sun-Fire-V240/lib/libmd5_psr.so.1
muscle*iml-v240-1:/export/stuff/ws/globalplatform/GlobalPlatform2.1.1%


Thx,

     ~Iain