NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > MUSCLE Smartcard Development> 2008-q1

Re: [Muscle] JCOP31/Global Platform Secure Channel stuff - and GPShell

From: Michael StJohns (mstjohnscomcast.net)
Date: Fri Jan 11 2008 - 10:30:26 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 05:29 1/11/2008, Andreas Schwier wrote:
>Purpose of Byte 12 is to indicate the SCP version, so it should be used to automatically select SCP 01 or SCP 02.

Right - except that the Card Recognition Data blob says to use SCP 02. According to Section 7.4.1.2 of the GP spec, you're supposed to grab that first to avoid trial and error and that's what GlobalPlatform libraries do if you specific mode_211. In this case, the CRD says SCP 02, but the response to the INITIATE UPDATE says SCP 01.

>GPShell could leave it to the library to select the appropriate protocol, but it should report an error, if explicit protocol selection does not match the protocol supported by the card.

I think that's the right answer.

>Andreas
>
>Michael StJohns schrieb:
>>Here's a strange one. I've got two different JCOP cards - JCOP41 and JCOP31 - both NXP based. Both report EXACTLY the same global platform configuration data (e.g. a response to a "00 CA 00 60" query) and indicate support for SCP 02.
>>
>>When I use GPShell to look at the cards, mode_211 works fine for the JCOP41 card, but not for the JCOP31 card. I have to use mode_201.
>>
>>This was bothering me so I did some digging. When you send the INITIATE UPDATE command to the JCOP31 card (GP section E5.1.1) with a random challenge, you get back a blob which should have a '02' at the 12th octet (to indicate SCP 02) but instead has an '01' - indicating the card is using SCP 01???
>>
>>
>>I guess the question is whether or not this is permitted behavior for the card? The second question is what should GPShell do?(Actually, the underlying GlobalPlatform libraries) E.g. should it check and see if the SCP returned is what it thought it was and then do the right thing? Or just note a failure and punt?
>>
>>Mike
>>
>>_______________________________________________
>>Muscle mailing list
>>Musclelists.musclecard.com
>>http://lists.drizzle.com/mailman/listinfo/muscle
>>
>
>
>--
>
> --------- CardContact Software & System Consulting
> |.##> <##.| Andreas Schwier
> |# #| Schülerweg 38
> |# #| 32429 Minden, Germany
> |'##> <##'| Phone +49 171 8334920
> --------- http://www.cardcontact.de
>
>
>_______________________________________________
>Muscle mailing list
>Musclelists.musclecard.com
>http://lists.drizzle.com/mailman/listinfo/muscle

_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]