Menu
▾
▴
Re: [Globalplatform-developers] Re: [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL
|
From: Iain M. <mu...@ds...> - 2006-03-28 01:58:52
|
Snit Mo wrote on 03/27/06 05:45 PM:
> Hello, Iain,
Hi :)
> Use listgp211.txt. It works fine for me with Oberthur Cosmo 5.2. The
> default key is 404142...4f. See the result at the end of this file.
Doesn't work for me - I wonder why...
mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
--> 00A4040008A000000003000000
<--
6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key
404142434445464748494a4b4c4d4e4f -enc_key
404142434445464748494a4b4c4d4e4f // Open secure channel
--> 00CA006600
<--
6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000
--> 8050000008C13CAC00B446633A00
<-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
mutual_authentication() returns 0x80302000 (The verification of the card
cryptogram failed.)
~Iain
> For changing keys, use attached files. replacekey-cosmo-gp211 changes
> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it
> back to 4041...4f. Perhaps I should include these in later releases
> ...
>
> $ ./Release/GPShell.exe listgp211.txt
> mode_211
> enable_trace
> establish_context
> card_connect
> select -AID a000000003000000
> --> 00A4040008A000000003000000
> <-- 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291
> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000
> open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
> --> 00CA006600
> <-- 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03
> 640B06092A864886FC6B0401059000
> --> 8050000008B7070A7E2C84570000
> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
> <-- 9000
> get_status -element 20
> --> 80F22000024F0000
> <-- 07A0000000035350010009A00000006203010C01010006A0000000010101009000
>
> List of applets (AID state privileges)
> a0000000035350 1 0
> a00000006203010c01 1 0
> a00000000101 1 0
> card_disconnect
> release_context
>
> On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
>> Iain MacDonnell wrote:
>>>
>>> Karsten Ohme wrote on 03/26/06 01:00 PM:
>>>
>>>> Karsten Ohme wrote:
>>>>
>>>>> Karsten Ohme wrote:
>>>>>
>>>>>> Karsten Ohme wrote:
>>>>>>
>>>>>>
>>>>>>> Iain MacDonnell wrote:
>>>>>>
>>>>>>>>> BTW, I've run into what appears to be a bigger problem - have you
>>>>>>>>> ever
>>>>>>>>> tried this stuff on a big-endian machine?
>>>>
>>>> I have run some big endian tests on a Solaris system running on a Sparc.
>>>>
>>>> For some reason the following happens:
>>>>
>>>> char *test = "EE";
>>>> sscanf (test, "%02x", &temp);
>>>>
>>>> if temp is a char the conversion is always 00, if temp is an int, it
>>>> works.
>>>>
>>>> Please try out the GPShell version in CVS. I have fixed probably all
>>>> conversions, but I have no possibility to test it.
>>>
>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
>>> exercised all functions, but it's able to 'select' and 'open_sc' OK.
>>> I'll let you know, of course, if I run into any further problems.
>>>
>>> Side question: do you happen to have the developer keys for Oberthur
>>> Cosmo v5.2 handy and/or is there something else I need to change
>>> in the example GPShell scripts to establish a secure channel?
>> For for for a Oberthur card it works with the default 0x40 ... 0x4F key.
>>
>> I executed the list.txt file:
>>
>> mode_201
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a0000000030000
>> --> 00A4040007A0000000030000
>> <--
>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000
>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>> 404142434445464748494a4b4c4d4e4
>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>> --> 805000000803AF9CAB5BC9A73A00
>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
>> <-- 9000
>> get_status -element e0
>> --> 80F2E000024F0000
>> <-- 6A86
>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
>>
>> Obviously the card has problem to list the applications. Don't know way.
>>
>> By the way. I have problems with my Oberthur Cosmo card, that it can not
>> treat the GET RESPONSE command. Is this a usual feature? I cannot use
>> the card.
>>
>>> I'm
>>> getting mutual_authentication() returns 0x80302000. I read about the
>>> need to specify a sdAID, but that seems to apply only to
>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example
>>> doesn't seem to exist...?
>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
>> CFlex card works with the mentioned change.
>>
>> Karsten
>>
>>> Thanks!
>>>
>>> ~Iain
>>>
>>>
>>>
>>>
>>>
>>>
>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>> mode_201
>>>>>>>>> enable_trace
>>>>>>>>> establish_context
>>>>>>>>> card_connect
>>>>>>>>> select -AID a0000000030000
>>>>>>>>> --> 00A404000700000000000000
>>>>>>>>
>>>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>>>> below....
>>>>>>>
>>>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>>>> routines, if something like this is used, I'm not sure.
>>>>>
>>>>> This could be the guilty routine (?):
>>>>>
>>>>> It scans two bytes interpreted as a hex byte:
>>>>>
>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>>> i++;
>>>>> }
>>>>>
>>>>> I will see.
>>>>>
>>>>> Karsten
>>>>>
>>>>>
>>>>>>> Thanks, Karsten
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>> <-- 6A82
>>>>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>>>> selected could not be found.)
>>>>>>>>> # uname -a
>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>>>> #
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>>>> successfully used
>>>>>>>>> this stuff on Solaris x86...
>>>>>>
>>>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>>>>> effect endianess. I will look into GPShell.
>>>>>>
>>>>>> Karsten
>>>>>>
>>>>>>
>>>>>>
>>>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>>>
>>>>>>>>
>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>> mode_201
>>>>>>>> enable_trace
>>>>>>>> establish_context
>>>>>>>> card_connect
>>>>>>>> select -AID a0000000030000
>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>>> <-- 9000
>>>>>>>> get_status -element e0
>>>>>>>> --> 80F2E000024F0000
>>>>>>>> <--
>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> List of applets (AID state privileges)
>>>>>>>> a0000000030000 7 0
>>>>>>>> a0000000620001 1 0
>>>>>>>> a0000000620101 1 0
>>>>>>>> a0000000620102 1 0
>>>>>>>> a0000000620201 1 0
>>>>>>>> a0000000030000 1 0
>>>>>>>> a000000001 1 0
>>>>>>>> a00000000101 7 0
>>>>>>>> card_disconnect
>>>>>>>> release_context
>>>>>>>> #
>>>>>>>>
>>>>>>>> ~Iain
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> -------------------------------------------------------
>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>> language
>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>> webcast
>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>> territory!
>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Globalplatform-users mailing list
>>>>>>>> Glo...@li...
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>> language
>>>>>>> that extends applications into web and mobile media. Attend the
>>>>>>> live webcast
>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>> territory!
>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Globalplatform-users mailing list
>>>>>>> Glo...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>
>>>>>>
>>>>>>
>>>>>> -------------------------------------------------------
>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>> language
>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>> webcast
>>>>>> and join the prime developer group breaking into this new coding
>>>>>> territory!
>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>
>>>>>> _______________________________________________
>>>>>> Globalplatform-developers mailing list
>>>>>> Glo...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>> language
>>>>> that extends applications into web and mobile media. Attend the live
>>>>> webcast
>>>>> and join the prime developer group breaking into this new coding
>>>>> territory!
>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>> _______________________________________________
>>>>> Globalplatform-developers mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> mode_211
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a0000000030000
>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Put secure channel keys
>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>> card_disconnect
>> release_context
>>
>> ------------------------------------------------------------------------
>>
>> mode_211
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a0000000030000
>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Open secure channel
>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>> card_disconnect
>> release_context
|
