Hi Amanda,

Thanks for the clarification regarding PIN verification.
The applet is so bug-free for that sequence - the applet is NOT responsible of the incorrect result.

The error is either due to muscle-tool application or to the card-module.
According my understanding, it's certainlyt the last, ie the card-module since it's responsible of APDU building.

Are you using a downloaded binary or do you generate it yourself ?
If the later, you may want to try with an "official binary", if any.

Regards,
Sylvain.



Amanda Ortega a écrit :
Hi, Sylvain.

First of all, thank you for the analysis of the log!

Answering to your question about PIN verification, I verified the two PINs (PIN #0 and PIN #1) before the sequence that I sent to this list.

How can I know what is wrong: applet or muscle-tool? I will try to test this with another card, in order to see if is the card module that is wrong...

Amanda

2008/3/27, Sylvain Ferey <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>:

    At 12:57 21/03/2008 -0300, Amanda Ortega wrote:
    >The sequence of APDUS obtained through pcscd -fda to the same
    sequence of
    >encrypt/decrypt is:


    hereafter is the analysis of your log:


    * List Keys, reset sequence & get first entry

      > B0 3A 00 00 0B
    < 00 03 FF 04 00 00 00 00 00 00 00
    < 90 00

    key Id: 00
    key type:       03 : RSA CRT Private key
    key partner:    FF
    key size:       0400 : 1024 bits
    key ACL:        0000 0000 0000

    * List Keys, get next entry


      > B0 3A 01 00 0B
    < 01 03 FF 04 00 FF FF 00 02 00 02
    < 90 00

    * List Keys, get next entry

    key Id: 01
    key type:       03 : RSA CRT Private key
    key partner:    FF
    key size:       0400 : 1024 bits
    key ACL:        FFFF 0002 0002

    * List Keys, get next entry

      > B0 3A 01 00 0B
    < 02 01 FF 04 00 00 00 00 00 00 00
    < 90 00

    key Id: 02
    key type:       01 : RSA Public key
    key partner:    FF
    key size:       0400 : 1024 bits
    key ACL:        0000 0000 0000

    * List Keys, get next entry

      > B0 3A 01 00 0B
    < 03 01 FF 04 00 00 02 00 02 00 00
    < 90 00

    key Id: 03
    key type:       01 : RSA Public key
    key partner:    FF
    key size:       0400 : 1024 bits
    key ACL:        FFFF 0002 0002

    note: "key partner" would be set since generation was certainly
    performed
    on card, but it is undefined.
    we can assume that:
      - keys '00' & '02' are the first unprotected key-pair
      - keys '01' & '03' are the 2nd PIN-protected key-pair


    * ComputeCrypt, init cipher

      > B0 36 03 01 05 00 03 01 00 00
    < 90 00

    uses Public Key '03' (P1 = 03')

    cipher_mode:    00      the value '01' is documented for RSA_X509,
    according
                             the source code, the value '00' shall
    indeed be used.

    cipher_dir.:    03      "data encrypt" (fine)
    data_location:  01      optional init data are in the APDU
    data_length:    0000    no init data



    Enter text :
             30303030303030303030303030303030
             30303030303030303030303030303030
             30303030303030303030303030303030
             30303030303030303030303030303030
             30303030303030303030303030303030
             30303030303030303030303030303030
             30303030303030303030303030303030
             30303030303030303030303030303030

    * ComputeCrypt, process cipher

      > B0 36 03 03 83

    uses Public Key '03' (P1 = 03')

    data field:

    data_location:  01      data are in the APDU
    data_length:    0080    length of data (to be encrypted)
    data:
             01 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
             30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
             30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
             30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
             30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
             30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
             30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
             30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30

    here the first byte is invalid.
    the muscle-tool is buggy and does not transmit the right data.

    < 61 82 (response is 130 bytes long)

    * Get Response

      > 00 C0 00 00 82
    <
    response_length: 0080   (useless field, the terminal does know
                             the length of data it's just receiving)
    response_data_field: (the wrapped text)
             50 E1 01 65 72 3A DF 21 48 5A C8 0E 09 24 59 0C
             FB 13 A5 79 9D BF 60 32 9B 1E D7 DD F3 DA B4 DF
             F0 02 BB 9A B4 B7 09 B0 64 62 9E 67 9E D1 65 A8
             9D 61 B2 CD 8F 81 25 CF AC 88 4F 73 66 22 0F 5C
             92 AF E4 42 80 4F 39 D3 9E A5 97 06 A4 45 D6 8B
             97 37 65 3C 2E 2E 5C E2 B0 BC F6 1B 75 F6 D1 AF
             0D 9A 44 C3 A2 61 27 D8 9F 96 F8 60 43 D0 8E 79
             B4 5D FA F8 00 C9 6D FB F6 55 F7 68 63 EA 31 E1
    < 90 00


    * List Keys, reset sequence & get first entry

      > B0 3A 00 00 0B
    < 00 03 FF 04 00 00 00 00 00 00 00
    < 90 00

    key Id: 00
    key type:       03 : RSA CRT Private key
    key partner:    FF
    key size:       0400 : 1024 bits
    key ACL:        0000 0000 0000

    * List Keys, get next entry

      > B0 3A 01 00 0B
    < 01 03 FF 04 00 FF FF 00 02 00 02
    < 90 00

    key Id: 01
    key type:       03 : RSA CRT Private key
    key partner:    FF
    key size:       0400 : 1024 bits
    key ACL:        FFFF 0002 0002


    * ComputeCrypt, init cipher

      > B0 36 01 01 05 00 04 01 00 00
    < 90 00

    uses RSA CRT Private Key '01' (P1 = 01')

    cipher_mode:    00      the value '01' is documented for RSA_X509,
    according
                             the source code, the value '00' shall
    indeed be used.

    cipher_dir.:    04      "data decrypt" (fine)
    data_location:  01      optional init data are in the APDU
    data_length:    0000    no init data

    the USE ACL of key '01' is '0002' so PIN #2 (1 based), no Verify
    PIN was
    performed in this part of script but a Verify may have been issued
    some
    (long?) time ago and no card reset has been issued - to be confirmed.

    Enter text :
             50E10165723ADF21485AC80E0924590C
             FB13A5799DBF60329B1ED7DDF3DAB4DF
             F002BB9AB4B709B064629E679ED165A8
             9D61B2CD8F8125CFAC884F7366220F5C
             92AFE442804F39D39EA59706A445D68B
             9737653C2E2E5CE2B0BCF61B75F6D1AF
             0D9A44C3A26127D89F96F86043D08E79
             B45DFAF800C96DFBF655F76863EA31E1

    * ComputeCrypt, process cipher

      > B0 36 01 03 83

    uses Private Key '01' (P1 = 01')

    data field:

    data_location:  01      data are in the APDU
    data_length:    0080    length of data (to be encrypted)
    data:
             01
             50 E1 01 65 72 3A DF 21 48 5A C8 0E 09 24 59 0C
             FB 13 A5 79 9D BF 60 32 9B 1E D7 DD F3 DA B4 DF
             F0 02 BB 9A B4 B7 09 B0 64 62 9E 67 9E D1 65 A8
             9D 61 B2 CD 8F 81 25 CF AC 88 4F 73 66 22 0F 5C
             92 AF E4 42 80 4F 39 D3 9E A5 97 06 A4 45 D6 8B
             97 37 65 3C 2E 2E 5C E2 B0 BC F6 1B 75 F6 D1 AF
             0D 9A 44 C3 A2 61 27 D8 9F 96 F8 60 43 D0 8E 79
             B4 5D FA F8 00 C9 6D FB F6 55 F7 68 63 EA 31
    < 61 82

    only the first 127 bytes of the given data are transmitted.
    a leading byte '01' is inserted and replace the last byte
    of the ciphertext - same bug of muscle-tool that does not
    transmit the right data.

    * Get Response

      > 00 C0 00 00 82
    < 00 80
             37 03 01 22 C1 35 C7 BD F9 B4 3D A9 16 B8 B5 99
             33 E5 74 1D 38 FE 9E 9C 87 84 16 C2 6A 14 B3 81
             1D 8A 54 42 12 8F AB 0D 4D 1D 31 72 56 0B 52 1A
             F0 95 C8 D7 31 FA FA 8F 7E 02 D7 4A 35 C9 F6 9F
             57 90 94 2A E8 BE BA 4E 46 17 40 02 79 24 A8 F8
             D6 C4 97 8A C3 94 C9 5A E6 91 77 1D 92 28 83 A7
             F6 F6 A9 F3 91 3F 7F 4E 32 99 73 F9 7D B2 9A 74
             B9 1D B2 F2 44 FB 2A 03 78 F9 2C 22 FC 18 92 BF
    < 90 00

    that's a signature of 01 50 E1 ... EA 31, not the unwrapping
    of the first given plain text.

    conclusions:
    - either you did transmit the PIN in a previously (not provided)
    sequence or the applet is buggy and fail to verify ACL.

    - the muscle-tool (itself or the card module you used) is buggy.

    the '01' inserted at the beginning of msg may let one thinks that
    the tool performs a PKCS#1 padding of the data but if so it shall
    insert a '02' for public key encryption, it can also be an echo of
    the menu choice figure, but if so why it is not present at the
    beginning of the data field (instead of beginning of the plain /
    cipher
    text). I did not check the muscle-tool source files to learn more.


    Sylvain.






_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to