martinpaljak / GlobalPlatformPro

🌐 🔐 Manage applets and keys on JavaCard-s like a pro
https://javacard.pro/globalplatform
GNU Lesser General Public License v3.0
699 stars 212 forks source link

Incorrect length in install for install #241

Closed xavo95 closed 3 years ago

xavo95 commented 4 years ago

I was trying that installAndMakeSelectable command and seems that the length of install params is not correctly encoded, per spec (GPC_CardSpecification_v2.3.1_PublicRelease_CC) should be encoded as normal tlv without tag so:

https://github.com/martinpaljak/GlobalPlatformPro/blob/847f91f7a3aab5d7e0c5fe9b7f5b620fa55119ae/library/src/main/java/pro/javacard/gp/GPSession.java#L659

Instead of:

bo.write(installParams.length);

Shoulde be:

bo.write(GPUtils.encodeLength(installParams.length));

By this logic loadCap might have the same issue but I didnt check either the specs nor tested the command.

One more thing, I realized that while version keeps bumping, its not getting pushed to maven central, is this okay?

Regards

martinpaljak commented 4 years ago

Indeed, GP 2.1.1 has it on one byte, GP 2.2 increases the length to 1..2 bytes and 2.3 even further to 3 bytes. Fixing this will fit nicely with the profiles support currently half-baked.

I intend to publish on Maven Central only occasionally (1..2 times a year) while in-between releases are pushed to the private repository (if you click the "pro version" badge in the readme, you end up at https://gist.github.com/martinpaljak/c77d11d671260e24eef6c39123345cae)

xavo95 commented 4 years ago

Okay I will try to look at it then.

I will check and depending on GP version I will try to decide what to do.

I didnt see the pro version thing, I just asked because last version on Maven Central lacks a very important patch at the end of openSecureChannel that makes it fallback to CMAC even though you selected another one.

Regards

xavo95 commented 4 years ago

Alright, I made some changes let me know if you would like it in a different way

martinpaljak commented 3 years ago

Fixed in #246