Menu
▾
▴
Re: [Globalplatform-developers] [Globalplatform-users] Re: GlobalPlatform2.1.1 and OpenSSL
|
From: Iain M. <mu...@ds...> - 2006-10-18 22:41:14
|
So I think the Cosmo52 cards I was trying to use before had had their
keys swapped without my knowledge. Trying again, with cards that I know
are new, and I can establish a secure channel, and load and instantiate
the MCardApplet .... but I can't seem to delete it!! Am I missing
something? I've tried various combinations of scp/scpimpl/security and
sdAIDs of a000000003000000 and a0000000030000 - the result is always
6985...
mode_211
establish_context
card_connect
enable_trace
select -AID a000000003000000
--> 00A4040008A000000003000000
<--
6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000
open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key
404142434445464748494a4b4c4d4e4f -mac_key 404142434445464748494a4b4c4d4e4f
--> 8050000008D6C5DC4AD8A949EE00
<-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000
--> 848201001007037657966B46ED92B673CE885CA553
<-- 9000
get_status -element e0
--> 80F2E000024F0000
<--
08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000
List of applets (AID state privileges)
a000000003000000 1 9e
a0000000035350 1 0
a000000001 1 0
a00000000101 7 2
delete -AID a00000000101
--> 80E40000084F06A0000000010100
<-- 6985
delete_applet() returns 0x80206985 (6985: Command not allowed -
Conditions of use not satisfied.)
TIA,
~Iain
Snit Mo wrote on 03/27/06 06:07 PM:
> I have to assume that your card doesn't have the usual test key
> (4041..4f). Where did you get the card from? Can you ask them what
> the key is?
>
> Also, you may want to try Oberthur AppLoader.
>
> Thanks,
>
> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote:
>>
>> Snit Mo wrote on 03/27/06 05:45 PM:
>>> Hello, Iain,
>> Hi :)
>>
>>
>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo 5.2. The
>>> default key is 404142...4f. See the result at the end of this file.
>> Doesn't work for me - I wonder why...
>>
>> mode_211
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a000000003000000
>> --> 00A4040008A000000003000000
>> <--
>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000
>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>> 404142434445464748494a4b4c4d4e4f -enc_key
>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>> --> 00CA006600
>> <--
>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000
>> --> 8050000008C13CAC00B446633A00
>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
>> mutual_authentication() returns 0x80302000 (The verification of the card
>> cryptogram failed.)
>>
>> ~Iain
>>
>>
>>
>>
>>> For changing keys, use attached files. replacekey-cosmo-gp211 changes
>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it
>>> back to 4041...4f. Perhaps I should include these in later releases
>>> ...
>>>
>>> $ ./Release/GPShell.exe listgp211.txt
>>> mode_211
>>> enable_trace
>>> establish_context
>>> card_connect
>>> select -AID a000000003000000
>>> --> 00A4040008A000000003000000
>>> <-- 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291
>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000
>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>> --> 00CA006600
>>> <-- 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03
>>> 640B06092A864886FC6B0401059000
>>> --> 8050000008B7070A7E2C84570000
>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
>>> <-- 9000
>>> get_status -element 20
>>> --> 80F22000024F0000
>>> <-- 07A0000000035350010009A00000006203010C01010006A0000000010101009000
>>>
>>> List of applets (AID state privileges)
>>> a0000000035350 1 0
>>> a00000006203010c01 1 0
>>> a00000000101 1 0
>>> card_disconnect
>>> release_context
>>>
>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
>>>> Iain MacDonnell wrote:
>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM:
>>>>>
>>>>>> Karsten Ohme wrote:
>>>>>>
>>>>>>> Karsten Ohme wrote:
>>>>>>>
>>>>>>>> Karsten Ohme wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Iain MacDonnell wrote:
>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem - have you
>>>>>>>>>>> ever
>>>>>>>>>>> tried this stuff on a big-endian machine?
>>>>>> I have run some big endian tests on a Solaris system running on a Sparc.
>>>>>>
>>>>>> For some reason the following happens:
>>>>>>
>>>>>> char *test = "EE";
>>>>>> sscanf (test, "%02x", &temp);
>>>>>>
>>>>>> if temp is a char the conversion is always 00, if temp is an int, it
>>>>>> works.
>>>>>>
>>>>>> Please try out the GPShell version in CVS. I have fixed probably all
>>>>>> conversions, but I have no possibility to test it.
>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
>>>>> exercised all functions, but it's able to 'select' and 'open_sc' OK.
>>>>> I'll let you know, of course, if I run into any further problems.
>>>>>
>>>>> Side question: do you happen to have the developer keys for Oberthur
>>>>> Cosmo v5.2 handy and/or is there something else I need to change
>>>>> in the example GPShell scripts to establish a secure channel?
>>>> For for for a Oberthur card it works with the default 0x40 ... 0x4F key.
>>>>
>>>> I executed the list.txt file:
>>>>
>>>> mode_201
>>>> enable_trace
>>>> establish_context
>>>> card_connect
>>>> select -AID a0000000030000
>>>> --> 00A4040007A0000000030000
>>>> <--
>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000
>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>> 404142434445464748494a4b4c4d4e4
>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>> --> 805000000803AF9CAB5BC9A73A00
>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
>>>> <-- 9000
>>>> get_status -element e0
>>>> --> 80F2E000024F0000
>>>> <-- 6A86
>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
>>>>
>>>> Obviously the card has problem to list the applications. Don't know way.
>>>>
>>>> By the way. I have problems with my Oberthur Cosmo card, that it can not
>>>> treat the GET RESPONSE command. Is this a usual feature? I cannot use
>>>> the card.
>>>>
>>>>> I'm
>>>>> getting mutual_authentication() returns 0x80302000. I read about the
>>>>> need to specify a sdAID, but that seems to apply only to
>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example
>>>>> doesn't seem to exist...?
>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
>>>> CFlex card works with the mentioned change.
>>>>
>>>> Karsten
>>>>
>>>>> Thanks!
>>>>>
>>>>> ~Iain
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>> mode_201
>>>>>>>>>>> enable_trace
>>>>>>>>>>> establish_context
>>>>>>>>>>> card_connect
>>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>>> --> 00A404000700000000000000
>>>>>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>>>>>> below....
>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>>>>>> routines, if something like this is used, I'm not sure.
>>>>>>> This could be the guilty routine (?):
>>>>>>>
>>>>>>> It scans two bytes interpreted as a hex byte:
>>>>>>>
>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>>>>> i++;
>>>>>>> }
>>>>>>>
>>>>>>> I will see.
>>>>>>>
>>>>>>> Karsten
>>>>>>>
>>>>>>>
>>>>>>>>> Thanks, Karsten
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>> <-- 6A82
>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>>>>>> selected could not be found.)
>>>>>>>>>>> # uname -a
>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>>>>>> #
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>>>>>> successfully used
>>>>>>>>>>> this stuff on Solaris x86...
>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>>>>>>> effect endianess. I will look into GPShell.
>>>>>>>>
>>>>>>>> Karsten
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>> mode_201
>>>>>>>>>> enable_trace
>>>>>>>>>> establish_context
>>>>>>>>>> card_connect
>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>>>>> <-- 9000
>>>>>>>>>> get_status -element e0
>>>>>>>>>> --> 80F2E000024F0000
>>>>>>>>>> <--
>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> List of applets (AID state privileges)
>>>>>>>>>> a0000000030000 7 0
>>>>>>>>>> a0000000620001 1 0
>>>>>>>>>> a0000000620101 1 0
>>>>>>>>>> a0000000620102 1 0
>>>>>>>>>> a0000000620201 1 0
>>>>>>>>>> a0000000030000 1 0
>>>>>>>>>> a000000001 1 0
>>>>>>>>>> a00000000101 7 0
>>>>>>>>>> card_disconnect
>>>>>>>>>> release_context
>>>>>>>>>> #
>>>>>>>>>>
>>>>>>>>>> ~Iain
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>>> language
>>>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>>>> webcast
>>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>>> territory!
>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>>> Glo...@li...
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------
>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>> language
>>>>>>>>> that extends applications into web and mobile media. Attend the
>>>>>>>>> live webcast
>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>> territory!
>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>> Glo...@li...
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>
>>>>>>>>
>>>>>>>> -------------------------------------------------------
>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>> language
>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>> webcast
>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>> territory!
>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Globalplatform-developers mailing list
>>>>>>>> Glo...@li...
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>> language
>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>> webcast
>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>> territory!
>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>> _______________________________________________
>>>>>>> Globalplatform-developers mailing list
>>>>>>> Glo...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> mode_211
>>>> enable_trace
>>>> establish_context
>>>> card_connect
>>>> select -AID a0000000030000
>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Put secure channel keys
>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>> card_disconnect
>>>> release_context
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> mode_211
>>>> enable_trace
>>>> establish_context
>>>> card_connect
>>>> select -AID a0000000030000
>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Open secure channel
>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>> card_disconnect
>>>> release_context
|
