×

Discussion Board

Results 1 to 1 of 1
  1. #1
    Registered User
    Join Date
    May 2008
    Posts
    3

    Opening secure channel from the applet doesnot work with Nokia 6131

    Hi all,

    I want to create an applet, which should be authenticated before selecting it or before sending any of my applet's command to it.For that, i need to open the secure channel from the applet, asking the associated Security Domain for the SecureChannel service. Then i can check before the applet command if the SecureChannel is set up, even what the security level is at the moment (AUTHENTICATED, C_MAC, C_ENCRYPTION) etc.
    I got the idea from the following thread- http://forum.java.sun.com/thread.jsp...readID=5282925
    My applet ( SecChannelExample) is also from the same link.
    The applet code is shown below:,
    Code:
    package com.test.example;
     
    import javacard.framework.APDU;
    import javacard.framework.Applet;
    import javacard.framework.ISO7816;
    import javacard.framework.ISOException;
    import javacard.framework.Util;
     
    import org.globalplatform.GPSystem;
    import org.globalplatform.SecureChannel;
     
    public class SecChannelExample extends Applet {
    	private static final byte CLA_DO_TEST = (byte) 0x80;
    	private static final byte CLA_SEC_AUTH = (byte) 0x80;
    	private static final byte CLA_SEC_MAC_ENC = (byte) 0x84;
    	private static final byte INS_DO_TESTS = (byte) 0x20;
    	private static final byte P1_PROCESS_SECURITY = 1;
    	private static final byte P1_WRAP = 2;
    	private static final byte P1_UNWRAP = 3;
    	private static final byte P1_DECRYPT_DATA = 4;
    	private static final byte P1_ENCRYPT_DATA = 5;
    	private static final byte P1_RESET_SECURITY = 6;
    	private static final byte P1_GET_SECURITY_LEVEL = 7;
    	private static final byte INS_INIT_UPD = (byte) 0x50;
    	private static final byte INS_EXT_AUTH = (byte) 0x82;
    	private static final byte INS_PUT_KEY = (byte) 0xD8; 
     
    	protected SecChannelExample(byte bArray[], short bOffset, byte bLength) {
    		register();
    	}
     
    	public static void install(byte[] bArray, short bOffset, byte bLength) {
    		new SecChannelExample(bArray, bOffset, bLength);
    	}
     
    	public void process(APDU apdu) {
    		if (selectingApplet())
    			return;
     
    		byte[] buffer = apdu.getBuffer();
    		short len = 0;
     
    		if ((buffer[ISO7816.OFFSET_CLA] == CLA_DO_TEST)
    				|| (buffer[ISO7816.OFFSET_CLA] == ISO7816.CLA_ISO7816)
    				|| (buffer[ISO7816.OFFSET_CLA] == CLA_SEC_AUTH)
    				|| (buffer[ISO7816.OFFSET_CLA] == CLA_SEC_MAC_ENC)) {
     
    			short bytesReceived = apdu.setIncomingAndReceive();
    			SecureChannel secCh = GPSystem.getSecureChannel();
     
    			switch (buffer[ISO7816.OFFSET_INS]) {
    			case INS_INIT_UPD:
    				secCh = GPSystem.getSecureChannel();
    				len = secCh.processSecurity(apdu);
    				apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, len);
    				break;
    			case ISO7816.INS_EXTERNAL_AUTHENTICATE: 
    				secCh = GPSystem.getSecureChannel();
    				len = secCh.processSecurity(apdu);
    				apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, len);
    				break;
    			case INS_PUT_KEY:
    				len = secCh.unwrap(buffer, (short) 0,
    						(short) (bytesReceived + 5)); 
    				buffer[len] = (byte) 0xDE;
    				buffer[len + 1] = (byte) 0xCA;
    				buffer[len + 2] = (byte) 0xFF;
    				buffer[len + 3] = (byte) 0xED;
    				apdu.setOutgoingAndSend((short) 0, (short) (len + 4));
    				break;
    			case INS_DO_TESTS:
    				if((secCh.getSecurityLevel() & SecureChannel.AUTHENTICATED) == 0)
    					ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
    				switch (buffer[ISO7816.OFFSET_P1]) {
    				case P1_PROCESS_SECURITY:
    					len = secCh.processSecurity(apdu);
    					apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, len);
    					break;
    				case P1_WRAP:
    					len = secCh.wrap(buffer, (short) 0,
    							(short) (bytesReceived + 5));
    					apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA,
    							(short) (len - 5));
    					break;
    				case P1_UNWRAP:
    					len = secCh.unwrap(buffer, (short) 0,
    							(short) (bytesReceived + 5));
    					buffer[len] = (byte) 0xDE;
    					buffer[len + 1] = (byte) 0xCA;
    					buffer[len + 2] = (byte) 0xFF;
    					buffer[len + 3] = (byte) 0xED;
    					apdu.setOutgoingAndSend((short) 0, (short) (len + 4));
    					break;
    				case P1_DECRYPT_DATA:
    					len = secCh.decryptData(buffer, ISO7816.OFFSET_CDATA,
    							(short) (bytesReceived));
    					apdu.setOutgoingAndSend((short) 0, len);
    					break;
    				case P1_ENCRYPT_DATA:
    					len = secCh.encryptData(buffer, ISO7816.OFFSET_CDATA,
    							(short) (bytesReceived));
    					apdu.setOutgoingAndSend((short) 0, len);
    					break;
    				case P1_RESET_SECURITY:
    					secCh.resetSecurity();
    					break;
    				case P1_GET_SECURITY_LEVEL:
    					ISOException.throwIt(Util.makeShort((byte) 0x90, secCh
    							.getSecurityLevel()));
    					break;
    				default:
    					ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); // unsupported
    																		// P1
    					break;
    				}
    				break;
    			default: // unsupported INS
    				ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
    			}
    		} else { // unsupported CLA
    			ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
    		}
    	}
    }
    I have uploaded and installed the applet in the JCOP simulator using the script given below -
    Code:
    #select cardmanager
    /select
    set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 
    set-key 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 
    set-key 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    init-update 255
    ext-auth mac
    upload  "D:\Projects\JCOP\SecChannelExample\bin\com\test\example\javacard\example.cap"
    #installs applet with appletaid= 73747564795343  and packageaid=73747564794750 
    install -i 73747564795343  -q C900 73747564794750 73747564795343
    card-info
    Then, i try to communicate with my applet with and without authentication with the following script.
    Code:
    #select my applet
    /select 73747564795343 
    #sends apdu without authentication (will produce error message - for testing )
    send 8020030010AABBCCDDEEFFAABBCCDDEEFFAABBCCDD00
    #sends apdu to applet after authentication (will success)
    set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 
    set-key 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 
    set-key 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    init-update 255
    ext-auth enc
    send 8420030010AABBCCDDEEFFAABBCCDDEEFFAABBCCDD00
    The apdu trace for the above script is shown below:-
    Code:
    /select 73747564795343 
     => 00 A4 04 00 07 73 74 75 64 79 53 43 00             .....studySC.
     (1040 usec)
     <= 90 00                                              ..
    Status: No Error
    send 8020030010AABBCCDDEEFFAABBCCDDEEFFAABBCCDD00
     => 84 20 03 00 20 D4 44 4D 5B 57 05 32 64 E3 E7 70    . .. .DM[W.2d..p
        A5 2B AC 95 4B C7 F9 83 80 38 52 4A DB 77 99 4D    .+..K....8RJ.w.M
        21 8B 96 03 BC 00                                  !.....
     (832998 nsec)
     <= 69 82                                              i.
    Status: Security condition not satisfied
    set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 
    set-key 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 
    set-key 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    init-update 255
     => 80 50 00 00 08 A7 74 7E 62 50 4D A3 3B 00          .P....t~bPM.;.
     (1874 usec)
     <= 00 00 C6 D8 6A 1C B2 02 14 13 FF 02 00 04 E7 73    ....j..........s
        1A 4F 12 A3 D3 25 48 74 AF 8D 81 1B 90 00          .O...%Ht......
    Status: No Error
    ext-auth enc
     => 84 82 03 00 10 86 7D 5B 1F B0 39 63 CE 26 B5 43    ......}[..9c.&.C
        2C 27 80 E5 5F                                     ,'.._
     (1711 usec)
     <= 90 00                                              ..
    Status: No Error
    send 8420030010AABBCCDDEEFFAABBCCDDEEFFAABBCCDD00
     => 84 20 03 00 20 A7 34 D5 28 8A 98 0A 53 59 66 17    . .. .4.(...SYf.
        34 FE FE A7 10 FA 90 35 2E F4 E1 94 58 A1 FC 8A    4......5....X...
        21 16 D6 B4 32 00                                  !...2.
     (1588 usec)
     <= 80 20 03 00 10 AA BB CC DD EE FF AA BB CC DD EE    . ..............
        FF AA BB CC DD DE CA FF ED 90 00                   .......wf..
    Status: No Error
    It seems everything works fine with JCOP simulator.APDU fails without authentication, and succeeds after authentication.

    I used the same script files to use with my Nokia 6131 phone (the only difference i made in both script files is the key-version-number which is 42 for my unlocked 6131) . The first script works fine, means uploading and installation is OK.
    When i try the second sript in phone, it fails at line "init-update 42" . The JCOP trace is shown below:-

    Code:
    /select 73747564795343 
     => 00 A4 04 00 07 73 74 75 64 79 53 43 00             .....studySC.
     (14773 usec)
     <= 90 00                                              ..
    Status: No Error
    send 8020030010AABBCCDDEEFFAABBCCDDEEFFAABBCCDD00
     => 80 20 03 00 10 AA BB CC DD EE FF AA BB CC DD EE    . ..............
        FF AA BB CC DD 00                                  ......
     (12425 usec)
     <= 69 82                                              i.
    Status: Security condition not satisfied
    set-key 42/1/DES-ECB/404142434445464748494a4b4c4d4e4f 
    set-key 42/2/DES-ECB/404142434445464748494a4b4c4d4e4f 
    set-key 42/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    init-update 42
     => 80 50 2A 00 08 6C 40 72 B2 3F 7D AF 43 00          .P*..l@r.?}.C.
     (19931 usec)
     <= 6F 00                                              o.
    Status: No precise diagnosis
    This means, the applet is unable to access the ISD's (Issuer security Domain's) security channel..
    Can anybody tell what may be the problem?
    I have tested the same with my Samsung X-700 NFC phone, which works fine. Is it because Nokia has not fully implemented Global Platform (I dont know) ?
    Any help are always welcome,
    thanks and regards,
    Sujith
    Last edited by sujithkjoseph; 2008-06-06 at 06:08.

Similar Threads

  1. Infra-red capability
    By Symbian_Challenge_0412 in forum General Development Questions
    Replies: 1
    Last Post: 2005-08-16, 18:24

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×