[Globalplatform-users] Problem after loading applet - error code: 0x8010002F

[Carlitos <pok...@gm...>]

I am developing a program in c++ for loading Java Card applets on the card,
using GlobalPlatform library.

I am working with Axalto's Palmera swift 16k cards, compliant with ISO 7816,
EMV 3.1.1, Java Card 2.1, Open Platform 2.0.1.

I have an applet, that is already tested and in use with these cards.

I made a .bin file, like in a GPShell example, and I tried to load it on the
card with application that I developed.

I have the following problem:
In my application, the process of loading applet finishes without any error,
all the methods that I call return OPGP_ERROR_SUCCESS.
After that, next time I try to communicate with the card, after
SCardTransmit I get the following error code: 0x8010002F.
Call to the method stingify_error returns the following text:
"A communications error with the smart card has been detected. Retry the
operation."

During execution, program makes calls to methods in following order:
establish_context
card_connect
select_application (card manager)
OP201_mutual_authentication
OP201_install_for_load
OP201_load
OP201_install_for_install_and_make_selectable
card_disconnect
release_context

All of above steps are working. I have noticed that execution of
card_disconnect lasts longer than usual (I tried putting pop-up MessageBox
before and after the call to method), but it reports that the execution
ended successfully.

After loading of the applet, no SCardTransmit method can be successfully
executed with a card. I tried the process with several cards already and the
result is always the same.
I am working with cards whose keyset is modified for SECURE CHANNEL MAC, and
whose state is set to SECURED.

I have made changes to methods in GlobalPlatform library, that are called
after mutual_authentication method according to Palmera's documentation
("CLA coding is set to '84' for all commands issued within a Secure Channel
with MAC or MAC+ENC level ; using a CLA set to '80' will be rejected by the
card.").

Mutual authentication is executed successfully, so it is not the reason why
the cards cannot be accessed.


I tried loading this applet to these cards with *another software*,
developed in Java using IBM's JCOP tool's libraries.

I have compared ADPU messages that are exchanged between the card and the
offline application, in my project and using this Java application.

APDUs for install_for_load and install_for_install_and_make_selectable are
identical (except the bytes representing cryptogram for SECURE CHANNEL MAC),
and APDUs for load method differ in byte representation of the file that's
loaded as well as the cryptogram.

Applet is successfully loaded with Java application, and after that those
cards have been personalized and used without any problem.

However, there is one error that the Java application reports at the end of
loading:

com.ibm.jc.JCException:
  Error: -4
  APDU:  00C7020003C80207739000
  Msg:   Invalid response length. Expecting delegated operation response
        at com.ibm.jc.SecurityDomain.do(Unknown Source)
        at com.ibm.jc.SecurityDomain.handleInstall(Unknown Source)
        at com.ibm.jc.SecurityDomain.installForInstallAndMakeSelectable
(Unknown
Source)
        at yu.co.blue.loader.LoaderThread.run(LoaderThread.java:116)

This could mean that the cards have some bug.
We tested this Java application with some other card types and it did not
report any error.

In spite of that, reported error does not, in any way, effect the card, or
the applet that is loaded.
Applets that are loaded this way, are in use without any problem (for over
two years).


To conclude:

   - Java application reports error, but the card and the loaded applet
   are operational
   - my c++ application does not report any error, but cards are blocked


Can anyone help me with this problem?
Is there anything that I could do to unblock the cards that are blocked (the
0x8010002F error)?

Regards,
Carlitos