JavaCard T=0 handing of case 2 APDUs (0x61XX (GET RESPONSE) vs 0x6CXX) -


i have tested several javacards (feitian d11cr, infineon jtop, g&d smart cafe) on t=0 , here have observed.

if applet returns data in case 4 apdu, jcre signals sw 0x61xx there data available terminal should retrieve using response apdu.

however, if applet returns data in case 2 apdu , le not match number of bytes returned, jcre signals error sw 0x6cxx, instructing same c-apdu has resent correct le.

for legacy reasons there terminals know how handle 0x61xx, fail handle 0x6cxx response. there way how force jcre handle case 2 apdus using 0x61xx (get response) method?

this behavior given t=0 protocol length of data bytes transmitted must fixed beginning of tpdu exchange (i.e. interface device decides it) -- in contrast t=1/t=cl response length left open card decide.

which causes trouble when interface device sends unacceptable value data bytes length case 2 command -- card can not transmit different number of data bytes , has send special status word instead.

in t=0 command cases transmitted way (very simplified):

  • case 1:

    • cla ins p1 p2 00, card responds with: sw1 sw2

  • case 2:

    • cla ins p1 p2 p3,
    • card responds with:
      • [ p3 bytes of response data ] sw1 sw2 if actual length of response data equals p3
      • 6c xx if value of p3 unacceptable

  • case 3:

    • cla ins p1 p2 p3 [p3 bytes of command data], card responds with: sw1 sw2

  • case 4:

    • cla ins p1 p2 p3 [p3 bytes of command data], card responds with: 61 yy
    • cla c0 00 00 yy card responds with: [yy bytes of response data] sw1 sw2

see iso 7816-3, section "command-response pair transmission t=0" exact details.

(in theory,) workaround (i.e. prevent jcre sending 6c xx status word), have implement case 2 commands case 1 commands (i.e. not call apdu.setoutgoing()), return 61 xx status word , implement get response command (jcre should pass command process() method if not have it's own response data).

this brings unnecessary overhead terminal supporting 6c xx.

some additional (random) notes:

  • user-level processing of get response command in process() method worked me. did not check jc specifications regarding this, ymmv.

  • it pity can't use t=1

  • the workaround proposed above theory. i've never implemented approach (but interested in results might get)

hope answer makes sense...good luck!


Comments

Post a Comment