Running the script below, I do seemed to have now run putkey against a 201
card, and created a new keyver (2). It required mapping OP201 to OP_201 in
GlobalPLatform.c. I did complete mutual auth, but only after fiddling
around, including putting OP201 back to its original value.
We need to look carefully at the issue of the #defines in the .h versus the
.c, and understand their impact on 201 mutual auth, vs 201 putkey.
mode_201
enable_trace
establish_context
card_connect
#
##select -AID a0000000638653494401
select -AID a0000000030000
## after an mutual auth, putkey DOES now work on DoD/martsoft OS card when
OP201 == OP_201
##open_sc -security 1 -keyind 0 -keyver 0 -mac_key
49213ee9550805fc90b1a75324407347 -enc_key
2e5e246c2c357a545c42e838556cd21e -kek_key 89d3e84f67ecacabb7f70a23cb146d25
// Open secure channel
##put_sc_key -keyver 1 -newkeyver 2 -mac_key
404142434445464748494a4b4c4d4e4f -enc_key
404142434445464748494a4b4c4d4e4f -kek_key
404142434445464748494a4b4c4d4e4f -current_kek
89d3e84f67ecacabb7f70a23cb146d25 // Put secure channel keys
## one can now mutual auth using keyver 2, but possibly only when OP201 ==
1. Need to test more. (Was getting worried about card lockup! Happy to just
get a 9000!)
open_sc -security 1 -keyind 1 -keyver 2 -mac_key
404142434445464748494a4b4c4d4e4f -enc_key
404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
card_disconnect
release_context
--------------------------------------------------
From: "Peter Williams" <[EMAIL PROTECTED]>
Sent: Tuesday, March 25, 2008 10:32 PM
To: "MUSCLE" <muscle@lists.musclecard.com>
Subject: Re: [Muscle] GlobalPlatform component
the only "testing" to date is that it links, and the binary loads: it
debugs fine in visual studio 2005, now.
---------
I am getting confused over the following lines in GlobalPlatform.c
#define OP201 0x01 //!< Operation mode for OpenPlatform 2.0.1'
#define GP211 0x02 //!< Operation mode for GlobalPlatform 2.1.1
These #defined symbols are also defined in an .h file.
As the card mode and the platform mode interact , when used with GPShell,
the library will not put the OP201 DES algid into the putkey APDU when the
shell is using the .h value for OP201 (201) whilst the library is testing
casd mode against the symbol whose value is defined in the .c file(1).
Obviously, 201 != 1.
It happens to work for the default case, GP211, and thus logic seems to
always force the default case. This may explain why I get (key) algorithm
not supported errors back from my 6464C/Martsoft and Phillips/JCOP21
201-era cards, when doing usig GPshells putkey command.
Analysis and testing on still ongoing, note.
--------------------------------------------------
From: "Karsten Ohme" <[EMAIL PROTECTED]>
Sent: Tuesday, March 25, 2008 4:15 PM
To: "MUSCLE" <muscle@lists.musclecard.com>
Subject: Re: [Muscle] GlobalPlatform component
Peter Williams schrieb:
Recommend adding !defined(OPGP_LIB) to GlobalPlatform.h, to allow
static library build, as in following suggested change
Have you already tested this? Is there anything more necessary when
linking an application against the static library?
Karsten
#if defined(WIN32)&& !defined(OPGP_LIB)
#ifdef OPGP_EXPORTS
#define OPGP_API __declspec(dllexport)
#else
#define OPGP_API __declspec(dllimport)
#endif
#else
#define OPGP_API
#endif
------------------------------------------------------------------------
In a rush? Get real-time answers with Windows Live Messenger.
<http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_realtime_042008>
------------------------------------------------------------------------
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
