[Muscle] GlobalPlatform component

Peter Williams home_pw at msn.com
Tue Mar 25 23:06:04 PDT 2008 

Running the script below, I do seemed to have now run putkey against a 201 
card, and created a new keyver (2). It required mapping  OP201 to OP_201 in 
GlobalPLatform.c.  I did complete mutual auth, but only after fiddling 
around, including putting OP201 back to its original value.


We need to look carefully at  the issue of the #defines in the .h versus the 
.c, and understand their impact on 201 mutual auth, vs 201 putkey.

mode_201
enable_trace
establish_context
card_connect
#
##select -AID a0000000638653494401

select -AID a0000000030000

## after an mutual auth, putkey DOES now work on DoD/martsoft OS card when 
OP201 == OP_201

##open_sc -security 1 -keyind 0 -keyver 0 -mac_key 
49213ee9550805fc90b1a75324407347 -enc_key 
2e5e246c2c357a545c42e838556cd21e -kek_key 89d3e84f67ecacabb7f70a23cb146d25 
// Open secure channel

##put_sc_key -keyver 1 -newkeyver 2 -mac_key 
404142434445464748494a4b4c4d4e4f -enc_key 
404142434445464748494a4b4c4d4e4f -kek_key 
404142434445464748494a4b4c4d4e4f -current_kek 
89d3e84f67ecacabb7f70a23cb146d25 // Put secure channel keys




## one can now mutual auth using keyver 2, but possibly only when OP201 == 
1. Need to test more. (Was getting worried about card lockup! Happy to just 
get a 9000!)

open_sc -security 1 -keyind 1 -keyver 2 -mac_key 
404142434445464748494a4b4c4d4e4f -enc_key 
404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f

card_disconnect
release_context

--------------------------------------------------
From: "Peter Williams" <home_pw at msn.com>
Sent: Tuesday, March 25, 2008 10:32 PM
To: "MUSCLE" <muscle at lists.musclecard.com>
Subject: Re: [Muscle] GlobalPlatform component

> the only "testing" to date is that it links, and the binary loads: it 
> debugs fine in visual studio 2005, now.
>
> ---------
>
> I am getting confused over the following lines in GlobalPlatform.c
>
> #define OP201 0x01 //!< Operation mode for OpenPlatform 2.0.1'
> #define GP211 0x02 //!< Operation mode for GlobalPlatform 2.1.1
>
> These #defined symbols are also defined in an .h file.
>
> As the card mode and the platform mode interact , when used with GPShell, 
> the library will not put the OP201 DES algid into the putkey APDU when the 
> shell is using the .h value for OP201 (201) whilst the library is testing 
> casd mode against the symbol whose value is defined in the .c file(1). 
> Obviously, 201 != 1.
>
> It happens to work for the default case, GP211, and thus logic seems to 
> always force the default case. This may explain why I get (key) algorithm 
> not supported errors back from my 6464C/Martsoft and Phillips/JCOP21 
> 201-era cards, when doing usig GPshells putkey command.
>
> Analysis and testing on still ongoing, note.
>
>
>
> --------------------------------------------------
> From: "Karsten Ohme" <widerstand at t-online.de>
> Sent: Tuesday, March 25, 2008 4:15 PM
> To: "MUSCLE" <muscle at lists.musclecard.com>
> Subject: Re: [Muscle] GlobalPlatform component
>
>> Peter Williams schrieb:
>>>  Recommend adding !defined(OPGP_LIB) to GlobalPlatform.h, to allow 
>>> static library build, as in following suggested change
>>
>> Have you already tested this? Is there anything more necessary when 
>> linking an application against the static library?
>>
>> Karsten
>>
>>>  #if defined(WIN32)&& !defined(OPGP_LIB)
>>>  #ifdef OPGP_EXPORTS
>>>  #define OPGP_API __declspec(dllexport)
>>>  #else
>>>  #define OPGP_API __declspec(dllimport)
>>>  #endif
>>> #else
>>>  #define OPGP_API
>>> #endif
>>>
>>> ------------------------------------------------------------------------
>>> In a rush? Get real-time answers with Windows Live Messenger. 
>>> <http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_realtime_042008>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Muscle mailing list
>>> Muscle at lists.musclecard.com
>>> http://lists.drizzle.com/mailman/listinfo/muscle
>>
>> _______________________________________________
>> Muscle mailing list
>> Muscle at lists.musclecard.com
>> http://lists.drizzle.com/mailman/listinfo/muscle
>>
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
>

More information about the Muscle mailing list