Christmas is coming soon! To thank for the support from all our dear customers, Christmas promotional activity is going on in JavaCardOS online store. For more activities details, please check this post.

The incoming Data Parsing in importKey() function

This project implement the OpenPGP card functionality

Moderator: Ellisun

User avatar
Ellisun
Posts: 47
Joined: Wed May 20, 2015 3:47 am
Points :440
Contact:

The incoming Data Parsing in importKey() function

Post by Ellisun » Sat Nov 28, 2015 5:35 am

In OpenPGP project, the incoming Data in importKey() function is very long and very difficult.
First, according to the understanding of the function, the incoming data is the TLV format, but but the TLV format is custom in here.

The format is:

Code: Select all

4D + Length of 4D + Key Types + 00 + tag 7F48 + length of tag 7F48 + (Tag 91 + length of tag91)~ (Tag 97 + length of tag97) + Tag 5F48 + The data of Tag 91~ The data of Tag97


And:
1. the Tag91 ~ Tag97 respectively are parameters of RSA , such as Exponent, P, Q, PQ, DP, DQ, and Modulus.
2. The lengths of these parameters, except Modulus is 512 bytes and Exponent is 4 bytes , the other is 256 bytes.

The import auth_key data of incoming can be:

Code: Select all

4D8203A2A4007F48159104928180938180948180958180968180978201005F480000010001DB99BAA1C9820DC73596CFABEC88558A5C876C78A151724F2C75D5B933B49B459DD3FDB4DA5350C8A51647B6FEDF3E69C2FDBC4B43441E1FA62A7615133CFAC43574D9CF0D49CC1B08A955A902E54389101A48661E2CC9D0FE32B2008912D0FD327926A6BEFC282981BB863106F6256778AEEE5DC3C90CA1E517C16BFAB53DDB3B75B0E81EBB1F76BFE44B7919B350EA3FFFC1747B58E5343D2C3A55BF4E4092C2D1CEF3D562AD2D650CE3254010B159C3C28DF51E2BB4E3FA5B219479EF4A49934F048C720C1586C5B5272E9402FC84BEB536CC11C4D8F0CEB6CA18FA8EDC807A5F46A143944226F66345A629DD59C62C931E128CA9C1754BC5E3B9B88BAF...


Note:
1, The Key Types contains sig_key, dec_key and auth_key
2, In this applet, it does not support Extend APDU command, so the data to be sent separately.
3, The bytes of 'Length' is based on the length itself and has a special identifier, you can see the getLength() and getLengthBytes() functions.
4. The imported keys can also be replace with "047800001a4" command(GENERATE ASYMMETRIC KEY PAIR command).

The import auth_key APDU command can be :

Code: Select all

//import auth_key
10DB3FFFA44D8203A2A4007F48159104928180938180948180958180968180978201005F480000010001DB99BAA1C9820DC73596CFABEC88558A5C876C78A151724F2C75D5B933B49B459DD3FDB4DA5350C8A51647B6FEDF3E69C2FDBC4B43441E1FA62A7615133CFAC43574D9CF0D49CC1B08A955A902E54389101A48661E2CC9D0FE32B2008912D0FD327926A6BEFC282981BB863106F6256778AEEE5DC3C90CA1E517C16BFAB53D;

10DB3FFF80DB3B75B0E81EBB1F76BFE44B7919B350EA3FFFC1747B58E5343D2C3A55BF4E4092C2D1CEF3D562AD2D650CE3254010B159C3C28DF51E2BB4E3FA5B219479EF4A49934F048C720C1586C5B5272E9402FC84BEB536CC11C4D8F0CEB6CA18FA8EDC807A5F46A143944226F66345A629DD59C62C931E128CA9C1754BC5E3B9B88BAF;

10DB3FFF80988E90E1AE83B84A35F23DE7A76C0F2F4F3D33EA4A659473C70BD91FBA17330AAD5AC4BEE94E302F7D613E648629D38FAC937F97DC63E7D129DEEEB29BCFFE396DFD0BC000F181700337002AC8D14301C2A85C8FC37FAE391D87E3345BE9DDD1A95E5F8CD41E5B632A7DF7F83CC291835F4A1A34DF48E92EF869CB3AEE2136F3;

10DB3FFF80CD409F9F2E601F8EADB8FAFC1F85C226239BF437BFD807769700C0356D6D869F8808279F0D5D4829719C2485972D8401885E6ECB0DE13222B4C6053E678FDC76DDDC0CE4A8EFEC14EC80916EFA24DD7DD38E2D533D2AF1AB249CAFA12E7D66D6F181292E3B5E260FBD914FB8AD600DCFEB8DDD7FC84A37436E8448A62B5B90FD;

10DB3FFF8091F31DC0EE67371015505EBDD81B4203864FA106BB733A952C97E50FD8F2093877FBF70D9DCADB6C8B2210D84F7E3D1EB4B1DC9E01275AD58C48A9CECB37FA142CB34311B6265EE11DDE1561C662873271753CD3043C781E2D0291322E3AF04CDFC398163F59EC23B628A5A242A2F057C9D4F704383928F2401277E5C94890C5;

10DB3FFF80BC0F840B6DC5A0C057D99AEEBB0465565C8F3154D9C4BD7FCDB80DDF0EED82E2A0405DCF477462BD88FE81BFC587EA6E85F94D98CEE64C0F61E451953DAA01311BD1032527F4AE62FB0BC4C29810BC6DE8AB3E7CC2032A3E3892FC0EBAA8212A111828B16177097505F0F267B5183B6338E42972CA3E6F9318F660CC36A50AA5;

10DB3FFF82EBB90FE1E3236513B92AFB85897C8F3EF3F672A7A5EB927FD4CC5BADE565417DA038FD4A8DD4A35AA55E0A1006150276A491305707D13F8E692C6C715D78E45C1C44A599DA87F0B3369ED88D5CEBF16370201FFAF121B41DA475D489960AAC99284EC4101853D890791942A6A73E2987EBFFFDE83592C68628A5B63379AFE34B5F48;

80DB3FFF00;

User avatar
Tolice
Posts: 31
Joined: Wed May 20, 2015 2:41 am
Points :188
Contact:

Re: The incoming Data Parsing in importKey() function

Post by Tolice » Mon Nov 30, 2015 11:35 pm

A very detailed description. 8-) :lol: :lol: :lol:

Berlin
Posts: 4
Joined: Tue Dec 01, 2015 10:01 pm
Points :0
Contact:

Re: The incoming Data Parsing in importKey() function

Post by Berlin » Fri Dec 04, 2015 6:17 am

Is the CLA can be other value? such as 0x00, 0x20, 0x30...

User avatar
Ellisun
Posts: 47
Joined: Wed May 20, 2015 3:47 am
Points :440
Contact:

Re: The incoming Data Parsing in importKey() function

Post by Ellisun » Fri Dec 04, 2015 10:52 pm

This applet not support extend APDU, while import Key to card, the length of key is larger than 255, it is necessary to send many times.
In this applet , the CLA of import key command must be 0x10. You can refer to the applet code.

Berlin
Posts: 4
Joined: Tue Dec 01, 2015 10:01 pm
Points :0
Contact:

Re: The incoming Data Parsing in importKey() function

Post by Berlin » Sat Dec 05, 2015 6:21 am

Ellisun wrote:This applet not support extend APDU, while import Key to card, the length of key is larger than 255, it is necessary to send many times.
In this applet , the CLA of import key command must be 0x10. You can refer to the applet code.


You determine the value of CLA is 0x10, is from the commandChaining() function
This applet is so strange, before processing each APDU command , it have to do many operations.

User avatar
Ellisun
Posts: 47
Joined: Wed May 20, 2015 3:47 am
Points :440
Contact:

Re: The incoming Data Parsing in importKey() function

Post by Ellisun » Sun Dec 06, 2015 11:13 pm

Yeah, It's in the commandChaining() function,

Code: Select all

if ((byte) (buf[OFFSET_CLA] & (byte) 0x10) == (byte) 0x10) {
         // If chaining was already initiated, INS and P1P2 should match
         if (chain && (buf[OFFSET_INS] != chain_ins && p1p2 != chain_p1p2)) {
            resetChaining();
            ISOException.throwIt(SW_CONDITIONS_NOT_SATISFIED);
         }

         // Check whether data to be received is larger than size of the
         // buffer
         if ((short) (in_received + len) > BUFFER_MAX_LENGTH) {
            resetChaining();
            ISOException.throwIt(SW_WRONG_DATA);
         }

         // Store received data in buffer
         in_received = Util.arrayCopyNonAtomic(buf, OFFSET_CDATA,
               buffer, in_received, len);

         chain = true;
         chain_ins = buf[OFFSET_INS];
         chain_p1p2 = p1p2;

         ISOException.throwIt(SW_NO_ERROR);
      }


It shows the CLA == 0x10, and the value of INS, P1P2 must be the same as the previous. It can be sequentially store the data to buffer.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 1 guest

JavaCard OS : Disclaimer