github-af / SmartPGP

SmartPGP is a JavaCard implementation of the OpenPGP card specifications
GNU General Public License v2.0
229 stars 48 forks source link

Error 6F00 on NXP JCOP3 J3H082 Java Card 3.0.4 Dual-Interface (Cardlogix) #46

Closed sundarnagarajan closed 1 year ago

sundarnagarajan commented 1 year ago

I have a NXP JCOP3 J3H082 Java Card 3.0.4 Dual-Interface card from Cardlogix.

I am trying using Global Platform Pro compiled from source. Operating environment:

I have compiled SmartPGPApplet.cap using JCDK 3.0.4 from oracle_javacard_sdks

When I try to install SmartPGPApplet.cap using the command `java -jar gpp/gp.jar -v --install applets/SmartPGPApplet.cap I get the following error:

# gp -v --install applets/SmartPGPApplet.cap
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=A20B8FA09AFD35B39DFE0B34CA8DE2FA MAC=9D4463211100B9AB603284160CAD4FE4 RMAC=E2900928CC240A7D6567E2560770ADC9
CAP file (v2.1), contains: applets for JavaCard 3.0.4
Package: fr.anssi.smartpgp D27600012401 v1.0
Applet:  fr.anssi.smartpgp.SmartPGPApplet D276000124010304AFAF000000000000
Import:  A0000000620001                   v1.0 java.lang
Import:  A0000000620201                   v1.5 javacardx.crypto
Import:  A0000000620102                   v1.5 javacard.security
Import:  A0000000620101                   v1.5 javacard.framework
Import:  A0000000620209                   v1.0 javacardx.apdu
Generated by Oracle Corporation converter  [v3.0.4]
On Tue Mar 21 03:37:07 GMT 2023 with JDK 11.0.18 (Ubuntu)
Code size 13092 bytes (15386 with debug)
SHA-256 10ad943ad0966b53334a703cb06ee4f2cce09bd5cb4f899dfbeff98a67fecfbc
SHA-1   d7bb9f891b49b47da352e1f808e46586cd31e337
CAP loaded
Error: INSTALL [for install and make selectable] failed: 0x6F00

What have I tried:

All the above cases gave the same error

Error: INSTALL [for install and make selectable] failed: 0x6F00

Any help is appreciated.

af-anssi commented 1 year ago

I think this card is a bit low on available memory. Could you list installed applets with gp -list and post the output?

If you do not plan to attach X509 certificates to your keys, you can reduce the amount of reserved memory for them; see the second item about Constants.EXTENDED_CAPABILITIES at https://github.com/ANSSI-FR/SmartPGP#reducing-flash-andor-ram-consumption. The default amount per certificate is 0x0480, you can try to lower it to 0x0002 and see if the applet installation works.

sundarnagarajan commented 1 year ago

Thanks for your help!

The output of 'gp -list' is below. I am trying recompilation with changes to Constants.EXTENDED_CAPABILITIES

# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (INITIALIZED)
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

APP: A0000003965454000000010101 (SELECTABLE)
     Privs:    GlobalRegistry

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  2.2
     Applet:   A000000151535041

PKG: A0000001644C504B4900 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   A0000001644C504B490001

PKG: A00000039654530000000100030600 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   A0000003965453000000010003000000
     Applet:   A0000003965453000000010003000010
     Applet:   A0000003965453000000010003000020

PKG: D04000011820 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   D0400001182000
     Applet:   D0400001182001

PKG: A00000039654530000000100060500 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   A0000003965453000000010006000000
     Applet:   A0000003965453000000010006000010

PKG: A00000039654530000000100040400 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   A0000003965453000000010004040000

PKG: A000000396545400000001 (LOADED)
     Parent:   A000000151000000
     Version:  1.2
     Applet:   A00000039654540000000101
sundarnagarajan commented 1 year ago

I made the changes to Constants.EXTENDED_CAPABILITIES and tried installation after recompile, but I still get the same error:

# gp -v --install applets/SmartPGPApplet.cap
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=CA6E2792A12108A8D9F789C52E0A86D5 MAC=5F3F277DED4839E87A4CEDF32B44052F RMAC=15E580F5289B40086AA83BB230D155FD
CAP file (v2.1), contains: applets for JavaCard 3.0.4
Package: fr.anssi.smartpgp D27600012401 v1.0
Applet:  fr.anssi.smartpgp.SmartPGPApplet D276000124010304AFAF000000000000
Import:  A0000000620001                   v1.0 java.lang
Import:  A0000000620201                   v1.5 javacardx.crypto
Import:  A0000000620102                   v1.5 javacard.security
Import:  A0000000620101                   v1.5 javacard.framework
Import:  A0000000620209                   v1.0 javacardx.apdu
Generated by Oracle Corporation converter  [v3.0.4]
On Tue Mar 21 17:35:43 GMT 2023 with JDK 11.0.18 (Ubuntu)
Code size 13092 bytes (15386 with debug)
SHA-256 3dcdd1b4c7f697803008c08eb56d1b08274e28ce51404771abef94b7ffb2cfee
SHA-1   3a69a5c6ff0f39c6b9f5ec39868cccad1c2e38be
CAP loaded
Error: INSTALL [for install and make selectable] failed: 0x6F00
af-anssi commented 1 year ago

This card already has several loaded packages. Maybe @martinpaljak can help us determine which one could be removed safely if you plan to use this card for SmartPGP only?

martinpaljak commented 1 year ago

You can make a small applet to query available EEPROM sizes (or use JCOP proprietary APDU-s for that). Without knowing anything about the card or what is supposed to be on it, I'd remove everything except the SSD creation packages for development purposes. But do ask the card vendor first.

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  2.2
     Applet:   A000000151535041
af-anssi commented 1 year ago

Thank you @martinpaljak ! @sundarnagarajan Have you been able to test the installation of the SmartPGP applet after the removal of some packages/applets loaded/installed on your card ?

sundarnagarajan commented 1 year ago

Thanks for your help.

My question about which applets can be removed to the vendor did not elicit any response. Muddling through myself like a noob, I was able to use --delete to delete applets till I was left with:

java -jar gpp/gp.jar -list
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (INITIALIZED)
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

APP: A0000003965454000000010101 (SELECTABLE)
     Privs:    GlobalRegistry

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  2.2
     Applet:   A000000151535041

PKG: A000000396545400000001 (LOADED)
     Parent:   A000000151000000
     Version:  1.2
     Applet:   A00000039654540000000101

The remaining applets cannot be deleted (checked using trial and error).

In response to another query, the vendor replied to me saying:

The J3H082’s we sent you only support up to RSA 2048-bit, the chip is capable of supporting up to 4096-bit but is not default and has to be enabled during pre-personalization. The reason that RSA 2048-bit is the default setting is because enabling 4096 uses up extra HEAP memory. Unfortunately, all of our J3H082’s we have on the shelf have already been pre-personalized and 4096 can’t be enabled.

In response to this, I tried a pre-built SmartPGP-v1.22.1-jc304-without_sm-rsa_up_to_2048.cap file from this url.

Installation of that applet also gave me the error below:

java -jar gpp/gp.jar -v --install test/SmartPGP-v1.22.1-jc304-without_sm-rsa_up_to_2048.cap
# gp -v --install test/SmartPGP-v1.22.1-jc304-without_sm-rsa_up_to_2048.cap
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=4AAE4DB8E5BC572B952C9896727B46AA MAC=361A24F1ECC7C3024847EB474AA0FE48 RMAC=7F67995EC52A01D17CBEC718F193FA95
CAP file (v2.1), contains: applets for JavaCard 3.0.4
Package: fr.anssi.smartpgp D27600012401 v1.0
Applet:  fr.anssi.smartpgp.SmartPGPApplet D276000124010304AFAF000000000000
Import:  A0000000620001                   v1.0 java.lang
Import:  A0000000620201                   v1.5 javacardx.crypto
Import:  A0000000620102                   v1.5 javacard.security
Import:  A0000000620101                   v1.5 javacard.framework
Import:  A0000000620209                   v1.0 javacardx.apdu
Generated by Oracle Corporation converter  [v3.0.4]
On Mon Feb 28 16:54:16 CET 2022 with JDK 1.8.0_332 (Oracle Corporation)
Code size 17376 bytes (20402 with debug)
SHA-256 981752412ebb299f43a87dd3bc361cc736961b8a0736f96a671fb20debf89c17
SHA-1   e1d69b33cfafa19b6e070ec4d21df498fc341550
CAP loaded
Error: INSTALL [for install and make selectable] failed: 0x6F00

In further noob-like experimentation, I modified Constants.INTERNAL_BUFFER_MAX_LENGTH, to set the byte defining support for RSA 2048 / 4096 from: (short)0x500 to (short)0x0b0. Compiling with this (obviously wrong) option, allowed the applet to be installed, but (perhaps predictaby) ``gpg --card-edit fails on the card with following error:

gpg --card-edit

gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

gpg/card>

All in all, I am feeling out of my depth in this technology, with very limited knowledge of JCOP, smart card applets etc. I have been left with 10 J3H082 cards which are looking like expensive paperweights! I had buy 10, because that was the minimum order quantity.

Not supporting RSA4096 is not an issue for me - I primarily wanted to use ECC NIST P-256, but just installing and getting the card recognized by gpg has proved to be a very high obstacle for me.

I am open to any suggestions / things to explore. Is there any way to completely disable RSA and only support ECC P-256, P-521 in SmartPGP? Will gpg work ?

thotheolh commented 1 year ago

You can check the available memory on your card using a test applet I have created. Instructions of installation and use are included in this repo. Delete ALL applets that can be deleted first including the SmartPGP applet. Install this applet and run it to get the memory sizes of your cards and then you may install the SmartPGP applet afterwards.

Optionally, you may want to delete this applet before installing SmartPGP to squeeze out as much userspace memory on card but I doubt it matters as this applet I created is really small.

https://github.com/thotheolh/MemTest

sundarnagarajan commented 1 year ago

@thotheolh Thank you! I ran your applet with the APDU you provided and got the following output:

java -jar gpp/gp.jar --apdu 00A40400055555555555 --apdu 0000000000 --debug
# gp --apdu 00A40400055555555555 --apdu 0000000000 --debug
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
SCardConnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", T=*) -> T=1, 3BFA1800008131FE4550564A434F5033454D5694
A>> T=1 (4+0005) 00A40400 05 5555555555
A<< (0000+2) (24ms) 9000
A>> T=1 (4+0000) 00000000 00 
A<< (0012+2) (11ms) 00008184000003C1000003C0 9000
A>> T=1 (4+0000) 00A40400 00 
A<< (0018+2) (12ms) 6F108408A000000151000000A5049F6501FF 9000
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
SCardDisconnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", false) tx:20/rx:36 in 83ms

The memory result was 6F108408A000000151000000A5049F6501FF

The sizes seem to be too LARGE? Card is supposed to have 80K bytes user memory.

sundarnagarajan commented 1 year ago

@thotheolh I also notice that the length of the memory result that I get (6F108408A000000151000000A5049F6501FF) is 36 (18 hex bytes), while your example in yout MemTest repository gives a result (000333690000060800000608) of length 24 (12 hex bytes).

thotheolh commented 1 year ago

This is your correct result from your above output:

A>> T=1 (4+0000) 00000000 00 
A<< (0012+2) (11ms) 00008184000003C1000003C0 9000

Your card memory is 00008184000003C1000003C0 which if you break down:

00008184 <--- Persistent Memory (EEPROM) is 33156 bytes 000003C1 <--- Resettable RAM memory is 961 bytes 000003C0 <--- Deselectable RAM memory is 960 bytes

Your RAM memory is very low (960 bytes).

Did you delete the SmartPGP applet before running my MemTest applet ?

Can you do a java -jar gp.jar -l command to list all the applets on your card to view all the installed and loaded applets on your card currently ?

thotheolh commented 1 year ago

A>> T=1 (4+0000) 00A40400 00 A<< (0018+2) (12ms) 6F108408A000000151000000A5049F6501FF 9000

This is simply the select card manager APDU and not the MemTest result.

You should pick out the 0000000000 00 pattern for the MemTest result as shown below:

A>> T=1 (4+0000) 00000000 00 
A<< (0012+2) (11ms) 00008184000003C1000003C0 9000
sundarnagarajan commented 1 year ago

Sorry for the elementary mistake. Yes, I had deleted all applets that were deletable before istalling and running your applet.

The output of java -jar gp.jar -l is:

# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (INITIALIZED)
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

APP: A0000003965454000000010101 (SELECTABLE)
     Privs:    GlobalRegistry

APP: 555555555500 (SELECTABLE)

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  2.2
     Applet:   A000000151535041

PKG: A000000396545400000001 (LOADED)
     Parent:   A000000151000000
     Version:  1.2
     Applet:   A00000039654540000000101

PKG: 5555555555 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   555555555500
sundarnagarajan commented 1 year ago

Running java -jar gp.jar -l on a different unused identical card WITHOUT deleting any applet gives:

# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (INITIALIZED)
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

APP: A0000003965454000000010101 (SELECTABLE)
     Privs:    GlobalRegistry

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  2.2
     Applet:   A000000151535041

PKG: A0000001644C504B4900 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   A0000001644C504B490001

PKG: A00000039654530000000100030600 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   A0000003965453000000010003000000
     Applet:   A0000003965453000000010003000010
     Applet:   A0000003965453000000010003000020

PKG: D04000011820 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   D0400001182000
     Applet:   D0400001182001

PKG: A00000039654530000000100060500 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   A0000003965453000000010006000000
     Applet:   A0000003965453000000010006000010

PKG: A00000039654530000000100040400 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   A0000003965453000000010004040000

PKG: A000000396545400000001 (LOADED)
     Parent:   A000000151000000
     Version:  1.2
     Applet:   A00000039654540000000101

Installing your applet and running the APDU you provided on that card where no applets have been deleted gives:

java -jar gpp/gp.jar -v --install test/memtest.cap 
# gp -v --install test/memtest.cap
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=3359D88B08CF080BCC7C233016AB9535 MAC=3780B42F985E5E079E92A5582FB9D057 RMAC=7CA23F77C7E9AB44A3F6A3A7C76A9724
CAP file (v2.1), contains: applets for JavaCard 3.0.4
Package: memtest 5555555555 v1.0
Applet:  memtest.MemApplet 555555555500
Import:  A0000000620101                   v1.5 javacard.framework
Import:  A0000000620001                   v1.0 java.lang
Generated by Oracle Corporation converter  [v3.0.5]
On Sun Apr 02 14:38:26 CST 2023 with JDK 11.0.9 (AdoptOpenJDK)
Code size 375 bytes (490 with debug)
SHA-256 b79de358ab063ed4de2c11a8c6fae9d70a5e897ff05e508f4a9d5e362ddc3a30
SHA-1   9237fa79835702f7492c7503e3ab1b05d39ff9bb
CAP loaded

java -jar gpp/gp.jar --apdu 00A40400055555555555 --apdu 0000000000 --debug
# gp --apdu 00A40400055555555555 --apdu 0000000000 --debug
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
SCardConnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", T=*) -> T=1, 3BFA1800008131FE4550564A434F5033454D5694
A>> T=1 (4+0005) 00A40400 05 5555555555
A<< (0000+2) (25ms) 9000
A>> T=1 (4+0000) 00000000 00 
A<< (0012+2) (13ms) 00006AAC000003C1000003C0 9000
A>> T=1 (4+0000) 00A40400 00 
A<< (0018+2) (13ms) 6F108408A000000151000000A5049F6501FF 9000
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
SCardDisconnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", false) tx:20/rx:36 in 84ms

Interpreting the result compared to previous resule after deleting applets:

After deleting apps:

00008184 <--- Persistent Memory (EEPROM) is 33156 bytes
000003C1 <--- Resettable RAM memory is 961 bytes
000003C0 <--- Deselectable RAM memory is 960 bytes

Without deleting apps:

00006AAC <--- Persistent memory (EEPROM) is 27,308 bytes
000003C1 <--- Resettable RAM memory : 961
000003C0 <--- Deselectable RAM memory : 961
thotheolh commented 1 year ago

Also I note that your card is in INITIALIZED mode ... this is very usual.

I also have a card I purchased from CardLogix too but mine is the JCOP4 J3R110 variant for development which is a different NXP JavaCard model.

(base) admin@admin:~/Desktop$ java -jar gp.jar -l
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (OP_READY)
     Parent:  A000000151000000
     From:    A0000001515350
     Privs:   SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

APP: 3535353535353535353500 (SELECTABLE)
     Parent:  A000000151000000
     From:    35353535353535353535
     Privs:   

APP: 5454435253FF (SELECTABLE)
     Parent:  A000000151000000
     From:    5454435253
     Privs:   

APP: D276000124010303AFAF000000000000 (SELECTABLE)
     Parent:  A000000151000000
     From:    D27600012401
     Privs:   

PKG: A0000001515350 (LOADED)
     Parent:  A000000151000000
     Version: 255.255
     Applet:  A000000151535041

PKG: A0000000620204 (LOADED)
     Parent:  A000000151000000
     Version: 1.0

PKG: A0000000620202 (LOADED)
     Parent:  A000000151000000
     Version: 1.3

PKG: 35353535353535353535 (LOADED)
     Parent:  A000000151000000
     Version: 1.0
     Applet:  3535353535353535353500

PKG: 5454435253 (LOADED)
     Parent:  A000000151000000
     Version: 1.0
     Applet:  5454435253FF

PKG: D27600012401 (LOADED)
     Parent:  A000000151000000
     Version: 1.0
     Applet:  D276000124010303AFAF000000000000

You will notice that it's in OP_READY state instead of INITIALIZED state. Of course you could still upload applets in INITIALIZED state ... but this is very odd and for a developer card, it should typically be in OP_READY instead. Not sure what happened.

In regards to RAM size, 900+ bytes of RAM is simply insufficient for SmartPGP from my experience using them.

In essence, after deleting all the applets that can be deleted you get 900++ bytes RAM ??? and without deleting any applets that was purchased you also have 900++ bytes of RAM, this isn't very ideal.

I wonder if SmartPGP can shrink down the sizes.

Also look inside the Constants class. It has protected static final short INTERNAL_BUFFER_MAX_LENGTH = (short)0x500;

That means its already requesting for 1280 bytes and on top of that it still wants and it wants 5x of SHORT types (~ 10 bytes), 5x BOOLEANS (~ 5 bytes), 4 additional BYTES types (~ 4 bytes). This is not accurate calculation because there are other assignments of variables not counted. You effectively should require a safe amount around 2000 bytes or more just to be safe at least.

Hopefully a variant of SmartPGP with ECC_P256 + RSA_2048 - Secure_Messaging and a shrinked down footprint could be available otherwise just 900+ bytes of RAM is unusable.

sundarnagarajan commented 1 year ago

Regarding OP_READY state, I saw the following in Global Platform Pro TestedCards.

NOTICE: a JavaCard shall be listed here as "supported" if and only if:

Not knowing a lot about this field, I specifically confirmed with Cardlogix before I bought the cards that the cards would come with the default keys and in OP_READY state.

What exactly is the difference between OP_READY and INITIALIZED state? I tried googling, but could not find much information.

martinpaljak commented 1 year ago

Certain pre-personalization steps are not possible in INITIALIZED state. From simple JavaCard application POV you should see no difference.

sundarnagarajan commented 1 year ago

Thanks @martinpaljak The cardlogix cards I bought were already 'pre-personalized' as per a reply I got from cardlogix:

The J3H082’s we sent you only support up to RSA 2048-bit, the chip is capable of supporting up to 4096-bit but is not default and has to be enabled during pre-personalization. The reason that RSA 2048-bit is the default setting is because enabling 4096 uses up extra HEAP memory. Unfortunately, all of our J3H082’s we have on the shelf have already been pre-personalized and 4096 can’t be enabled.

martinpaljak commented 1 year ago

Sure, there are different phases of the "pre-personalization" buzzword - chip/"firmware" level (what nxp/cardlogix does) and "logical" global platform level (which you can do yourself).

Your question now is why the 2k rsa applet does not install.

Some googling tells me A0000003965454000000010101 is desfire emulation, which would eat everything on the chip. Have you deleted it? Not sure if the logical deletion of related applets removes the underlying chip configuration tho.

sundarnagarajan commented 1 year ago

I was unable to delete that applet. I get the following error message:

Could not delete A0000003965454000000010101. Some app still active?
martinpaljak commented 1 year ago

What if trying to delete A000000396545400000001 ?

sundarnagarajan commented 1 year ago

Cannot delete any of the remaining applets:

java -jar gpp/gp.jar -list
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (INITIALIZED)
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

APP: A0000003965454000000010101 (SELECTABLE)
     Privs:    GlobalRegistry

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  2.2
     Applet:   A000000151535041

PKG: A000000396545400000001 (LOADED)
     Parent:   A000000151000000
     Version:  1.2
     Applet:   A00000039654540000000101

java -jar gpp/gp.jar --delete A000000396545400000001
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Could not delete A000000396545400000001. Some app still active?

java -jar gpp/gp.jar --delete A0000003965454000000010101
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Could not delete A0000003965454000000010101. Some app still active?

java -jar gpp/gp.jar --delete A0000001515350
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Could not delete A0000001515350. Some app still active?
thotheolh commented 1 year ago

@sundarnagarajan can you add --verbose --debug behind your --delete so that we can see the APDU command exchanges between card and terminal during your deletion of applet and to try to figure out why the applet could not be deleted.

martinpaljak commented 1 year ago

java -jar gpp/gp.jar --delete A0000001515350 do NOT delete this, as per https://github.com/ANSSI-FR/SmartPGP/issues/46#issuecomment-1480794273

martinpaljak commented 1 year ago

A0000003965454000000010101 is some NXP package, that I suspect but can't confirm is related to Mifare. Can you ask your card vendor for a new card, without any NXP add-ons?

sundarnagarajan commented 1 year ago

@sundarnagarajan can you add --verbose --debug behind your --delete so that we can see the APDU command exchanges between card and terminal during your deletion of applet and to try to figure out why the applet could not be deleted.

@thotheolh Trying to deleteA000000151000000 with --verbose --debug

java -jar gpp/gp.jar --delete A000000151000000 --verbose --debug
# gp --delete A000000151000000 --verbose --debug
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
[DEBUG] TerminalManager - Processing 1 readers with null as preferred and null as ignored
SCardConnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", T=*) -> T=1, 3BFA1800008131FE4550564A434F5033454D5694
A>> T=1 (4+0000) 00A40400 00 
A<< (0018+2) (27ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
A>> T=1 (4+0008) 80500000 08 71E1D3B225498E51 00
A<< (0028+2) (105ms) 000000000000000000000102010E24AD27DD59B8113C0EE4999DF120 9000
[DEBUG] GPSession - KDD: 00000000000000000000
[DEBUG] GPSession - SSC: 010E
[DEBUG] GPSession - Host challenge: 71E1D3B225498E51
[DEBUG] GPSession - Card challenge: 010E24AD27DD59B8
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=2F3D1102B87EC8558B544B3A13F1F5EC MAC=8D857C17A9A6FDF496B52817B6F5CA86 RMAC=8C8654A95DE4E1C209B901AA03D0D683
[DEBUG] GPSession - Verified card cryptogram: 113C0EE4999DF120
[DEBUG] GPSession - Calculated host cryptogram: 1D003BE19F2D7887
A>> T=1 (4+0016) 84820100 10 1D003BE19F2D78877CF32C22D50631AB
A<< (0000+2) (67ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F009502B900BFA5F77A 00
A<< (0021+2) (35ms) E3134F08A0000001510000009F700107C5039EFE80 9000
A>> T=1 (4+0010) 84F24002 0A 4F00788D95B7D615A757 00
A<< (0026+2) (36ms) E3184F0DA00000039654540000000101019F700107C503000400 9000
A>> T=1 (4+0010) 84F21002 0A 4F001C833DC032E7BE08 00
A<< (0086+2) (49ms) E3254F07A00000015153509F700101CE0202028408A000000151535041CC08A000000151000000E32D4F0BA0000003965454000000019F700101CE020102840CA00000039654540000000101CC08A000000151000000 9000
A>> T=1 (4+0010) 84F22002 0A 4F00AE486BAFE8EE68C4 00
A<< (0062+2) (42ms) E31B4F07A00000015153509F700101CE020202CC08A000000151000000E31F4F0BA0000003965454000000019F700101CE020102CC08A000000151000000 9000
A>> T=1 (4+0018) 84E40000 12 4F08A00000015100000029870D54A437103B
A<< (0000+2) (45ms) 6A88
Could not delete AID A000000151000000: 0x6A88 (Referenced data not found)
SCardDisconnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", false) tx:127/rx:257 in 488ms

Trying to delete A000000396545400000001 with --verbose --debug:

java -jar gpp/gp.jar --delete A000000396545400000001 --verbose --debug
# gp --delete A000000396545400000001 --verbose --debug
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
[DEBUG] TerminalManager - Processing 1 readers with null as preferred and null as ignored
SCardConnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", T=*) -> T=1, 3BFA1800008131FE4550564A434F5033454D5694
A>> T=1 (4+0000) 00A40400 00 
A<< (0018+2) (26ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
A>> T=1 (4+0008) 80500000 08 6579D34640CAD67B 00
A<< (0028+2) (105ms) 000000000000000000000102011138EAD1A91AC5876E122204FA5F5B 9000
[DEBUG] GPSession - KDD: 00000000000000000000
[DEBUG] GPSession - SSC: 0111
[DEBUG] GPSession - Host challenge: 6579D34640CAD67B
[DEBUG] GPSession - Card challenge: 011138EAD1A91AC5
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=3752DD83E4C4E946BCD379EF6C1B2052 MAC=F0222C31B6FEC6E697B23EB9B08BB9E1 RMAC=27E639E8E82D5E38F3058E06753E9C3D
[DEBUG] GPSession - Verified card cryptogram: 876E122204FA5F5B
[DEBUG] GPSession - Calculated host cryptogram: 818EC412EC169BE3
A>> T=1 (4+0016) 84820100 10 818EC412EC169BE3DA839CB422545F90
A<< (0000+2) (67ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F003AFC6D8ED22921B9 00
A<< (0021+2) (34ms) E3134F08A0000001510000009F700107C5039EFE80 9000
A>> T=1 (4+0010) 84F24002 0A 4F0084248C8576C72E59 00
A<< (0026+2) (36ms) E3184F0DA00000039654540000000101019F700107C503000400 9000
A>> T=1 (4+0010) 84F21002 0A 4F00DCBA20B18538908B 00
A<< (0086+2) (48ms) E3254F07A00000015153509F700101CE0202028408A000000151535041CC08A000000151000000E32D4F0BA0000003965454000000019F700101CE020102840CA00000039654540000000101CC08A000000151000000 9000
A>> T=1 (4+0010) 84F22002 0A 4F0013EF610DD545ED18 00
A<< (0062+2) (43ms) E31B4F07A00000015153509F700101CE020202CC08A000000151000000E31F4F0BA0000003965454000000019F700101CE020102CC08A000000151000000 9000
A>> T=1 (4+0021) 84E40000 15 4F0BA0000003965454000000013508FDD32873AD7A
A<< (0000+2) (47ms) 6985
Could not delete A000000396545400000001. Some app still active?
SCardDisconnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", false) tx:130/rx:257 in 496ms

Trying to delete A0000003965454000000010101 with --verbose --debug

java -jar gpp/gp.jar --delete A0000003965454000000010101 --verbose --debug
# gp --delete A0000003965454000000010101 --verbose --debug
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
[DEBUG] TerminalManager - Processing 1 readers with null as preferred and null as ignored
SCardConnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", T=*) -> T=1, 3BFA1800008131FE4550564A434F5033454D5694
A>> T=1 (4+0000) 00A40400 00 
A<< (0018+2) (27ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
A>> T=1 (4+0008) 80500000 08 76183D79CCCC847E 00
A<< (0028+2) (105ms) 0000000000000000000001020113904BB43C7479B0562D21440B840F 9000
[DEBUG] GPSession - KDD: 00000000000000000000
[DEBUG] GPSession - SSC: 0113
[DEBUG] GPSession - Host challenge: 76183D79CCCC847E
[DEBUG] GPSession - Card challenge: 0113904BB43C7479
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=96471EC4EC66752D260948EB6FE68624 MAC=29FE4853A9A2A0E6D474157C3B04C432 RMAC=A7D74DE37E59E4933B0F6FD466D98B7E
[DEBUG] GPSession - Verified card cryptogram: B0562D21440B840F
[DEBUG] GPSession - Calculated host cryptogram: E58516F609FBA1DC
A>> T=1 (4+0016) 84820100 10 E58516F609FBA1DC2C4BAE71E6AC6525
A<< (0000+2) (67ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F00C67A4C57A15A6860 00
A<< (0021+2) (35ms) E3134F08A0000001510000009F700107C5039EFE80 9000
A>> T=1 (4+0010) 84F24002 0A 4F0001ED0F98DF39F99B 00
A<< (0026+2) (36ms) E3184F0DA00000039654540000000101019F700107C503000400 9000
A>> T=1 (4+0010) 84F21002 0A 4F00E41B8127195878C8 00
A<< (0086+2) (48ms) E3254F07A00000015153509F700101CE0202028408A000000151535041CC08A000000151000000E32D4F0BA0000003965454000000019F700101CE020102840CA00000039654540000000101CC08A000000151000000 9000
A>> T=1 (4+0010) 84F22002 0A 4F008F56EF1B9D6257B8 00
A<< (0062+2) (42ms) E31B4F07A00000015153509F700101CE020202CC08A000000151000000E31F4F0BA0000003965454000000019F700101CE020102CC08A000000151000000 9000
A>> T=1 (4+0023) 84E40000 17 4F0DA0000003965454000000010101B3DA9533B8260263
A<< (0000+2) (55ms) 6985
Could not delete A0000003965454000000010101. Some app still active?
SCardDisconnect("SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00", false) tx:132/rx:257 in 490ms
sundarnagarajan commented 1 year ago

A0000003965454000000010101 is some NXP package, that I suspect but can't confirm is related to Mifare. Can you ask your card vendor for a new card, without any NXP add-ons?

I am trying to do this. Hopefully should get replacement cards by Friday. Thanks to all of you for your knowledge and help.

sundarnagarajan commented 1 year ago

Thank you for your help.

Good news: I received replacement cards yesterday. The new cards are Cardlogix NXP JCOP 4 Java Card 3.0.5 Classic J3R180. Long story short, installing pre-built SmartPGP-v1.22.1-jc304-without_sm-rsa_up_to_4096.cap as well as compiling SmartPGP from source and installing works.

gpg sees the card, and I was able to generate RSA4096 keys on the card and use them. I could also generate and use NIST P-384 keys on the card and use them. For generating NIST P-521 keys on the card, I needed this patch and the following patch to set Constants.INTERNAL_BUFFER_MAX_LENGTH to 0x730:

diff --git a/src/fr/anssi/smartpgp/Constants.java b/src/fr/anssi/smartpgp/Constants.java
index 1cdd733..a087440 100644
--- a/src/fr/anssi/smartpgp/Constants.java
+++ b/src/fr/anssi/smartpgp/Constants.java
@@ -25,7 +25,7 @@ import javacard.framework.*;
 public final class Constants {

     protected static final short INTERNAL_BUFFER_MAX_LENGTH =
-        (short)0x500;
+        (short)0x730;

     protected static final short APDU_MAX_LENGTH = (short)0x400;

I used branch javacard-3.0.4 with JCDK 3.0.4 from oracle_javacard_sdks.

I also learned how to set the manufacturer ID and card-specific serial number in the AID by editing build.xml - setting aid="d2760001240103044790000000010000"

Recompiling the SmartPGP applet with these patches, I was able to:

The manufacturer (4790) and serial number (00000001) are seen within gpg.

Thank you for all your help !

Output from pcsc_scan:

 Reader 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311531706792) 00 00
  Event number: 1
  Card state: Card inserted, 
  ATR: 3B FA 18 00 00 91 01 31 FE 45 4A 33 52 31 38 30 2D 32 35 35 F5

ATR: 3B FA 18 00 00 91 01 31 FE 45 4A 33 52 31 38 30 2D 32 35 35 F5
+ TS = 3B --> Direct Convention
+ T0 = FA, Y(1): 1111, K: 10 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 91 --> Y(i+1) = 1001, Protocol T = 1 
-----
  TA(2) = 01 --> Protocol to be used in spec mode: T=1 - Capable to change - defined by interface bytes
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
+ Historical bytes: 4A 33 52 31 38 30 2D 32 35 35
  Category indicator byte: 4A (proprietary format)
+ TCK = F5 (correct checksum)

Possibly identified card (using /home/sundar/.cache/smartcard_list.txt):
    NONE

Updating /home/sundar/.cache/smartcard_list.txt using http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt

Possibly identified card (using /home/sundar/.cache/smartcard_list.txt):
    NONE

Your card is not present in the database.
Please submit your unknown card at:
https://smartcard-atr.apdu.fr/parse?ATR=3BFA180000910131FE454A33523138302D323535F5

Output of java -jar gp.jar -i:

# gp -i
# GlobalPlatformPro 2da8e65
# Running on Linux 6.2.1 amd64, Java 11.0.18 by Ubuntu
CPLC: ICFabricator=4790
      ICType=D321
      OperatingSystemID=4700
      OperatingSystemReleaseDate=0000 (invalid date format)
      OperatingSystemReleaseLevel=0000
      ICFabricationDate=2345 (2022-12-11)
      ICSerialNumber=56575120
      ICBatchIdentifier=4839
      ICModuleFabricator=0000
      ICModulePackagingDate=0000 (invalid date format)
      ICCManufacturer=0000
      ICEmbeddingDate=0000 (invalid date format)
      ICPrePersonalizer=1976
      ICPrePersonalizationEquipmentDate=2236 (2022-08-24)
      ICPrePersonalizationEquipmentID=35373531
      ICPersonalizer=0000
      ICPersonalizationDate=0000 (invalid date format)
      ICPersonalizationEquipmentID=00000000

KDD: CF0A00002345565751204839
SSC: C1020000
Card Data: 
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.3
-> GP Version: 2.3
Tag 63: 1.2.840.114283.3
-> GP card is uniquely identified by the Issuer Identification Number (IIN) and Card Image Number (CIN)
Tag 6: 1.2.840.114283.4.2.85
-> GP SCP02 i=55
Tag 66: 1.3.6.1.4.1.42.2.110.1.3
-> JavaCard v3
Card Capabilities: 
Supports SCP02 i=15 i=35 i=55 i=75
Supported DOM privileges: SecurityDomain, DAPVerification, DelegatedManagement, CardReset, MandatedDAPVerification, TrustedPath, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration, CipheredLoadFileDataBlock
Supported APP privileges: CardLock, CardTerminate, CardReset, CVMManagement, FinalApplication, GlobalService
Supported LFDB hash: SHA-256
Supported Token Verification ciphers: RSA1024_SHA1, RSAPSS_SHA256, CMAC_AES128, CMAC_AES192, CMAC_AES256, ECCP256_SHA256
Supported Receipt Generation ciphers: DES_MAC, CMAC_AES128
Supported DAP Verification ciphers: RSA1024_SHA1, RSAPSS_SHA256, CMAC_AES128, CMAC_AES192, CMAC_AES256, ECCP256_SHA256
Version:   1 (0x01) ID:   1 (0x01) type: DES3         length:  16
Version:   1 (0x01) ID:   2 (0x02) type: DES3         length:  16
Version:   1 (0x01) ID:   3 (0x03) type: DES3         length:  16

# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F

Output of java -jar gp.jar -l:

java -jar gpp/gp.jar -l
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (INITIALIZED)
     Parent:   A000000151000000
     From:     A0000001515350
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  255.255
     Applet:   A000000151535041

Output from memtest applet:

java -jar 'gpp/gp.jar' --key 404142434445464748494A4B4C4D4E4F --debug --apdu 00A40400055555555555 --apdu 0000000000
000295A400000E9600000E90 <--- Result: (000295A4, 00000E96, 00000E90)
000295A4 <--- Persistent memory (EEPROM) : 169,380 bytes
00000E96 <--- Resettable RAM memory      : 3,734 bytes
00000E90 <--- Deselectable RAM memory    : 3,728 bytes

I have run jcalgtest and I have the results of the ALGSUPPORT test.

af-anssi commented 1 year ago

Good news! If everything is OK now can you close the issue?

sundarnagarajan commented 1 year ago

Everything is OK. The issue can be closed. Thanks!

af-anssi commented 1 year ago

Please note there is an ongoing issue (47) with SmartPGP on J3R180 when KDF setup is used.