Lock fails for Fetian Java Token

[blschatz]

Trying to lock the card appears to fail at getKeyInfoTemplate(), which returns an empty array. Please see trace below:

$ java -jar gp.jar -d -v -lock B4F75CE0A95EA3F86BBD051CB77C0FAE

Version 0 ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE Detected readers from JNA2PCSC [] Fetian Java Token SCardConnect("Fetian Java Token", T=) -> T=1, 3BFC180000813180459067464A01642F70C172FEE0FD SCardBeginTransaction("Fetian Java Token") Reader: Fetian Java Token ATR: 3BFC180000813180459067464A01642F70C172FEE0FD More information about your card: http://smartcard-atr.appspot.com/parse?ATR=3BFC180000813180459067464A01642F70C172FEE0FD

A>> T=1 (4+0000) 00A40400 00 A<< (0018+2) (15ms) 6F108408A000000003000000A5049F6501FF 9000 Auto-detected ISD AID: A000000003000000 A>> T=1 (4+0008) 80500000 08 11EA1AE10497AFA4 00 A<< (0028+2) (7ms) 00000000000000000000FF020014C343BDBA954492BDA0038AD4C5EC 9000 Host challenge: 11EA1AE10497AFA4 Card challenge: 0014C343BDBA9544 Card reports SCP02 with version 255 keys Master keys: Version 0 ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F Sequnce counter: 0014 Derived session keys: Version 0 ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:8BE20F81214CBDEF0930B4CA867AEEE8 MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:C41B70EFC062D8C4AD086FEDB2B9763D KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:FB820F201C9C5654E05EE1AD5F5CB2B4 Verified card cryptogram: 92BDA0038AD4C5EC Calculated host cryptogram: 4BF7B4F5083454FD A>> T=1 (4+0016) 84820100 10 4BF7B4F5083454FD7583517BD2D9CCA7 A<< (0000+2) (38ms) 9000

Version 0 ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE Replace: true PUT KEY:Ver:1 ID:1 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE PUT KEY:Ver:1 ID:2 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE PUT KEY:Ver:1 ID:3 Type:DES3 Len:16 Value:B4F75CE0A95EA3F86BBD051CB77C0FAE A>> T=1 (4+0008) 84CA00E0 08 8390C915386EDC4C 00 A<< (0002+2) (6ms) 9000 SCardEndTransaction() SCardDisconnect("Fetian Java Token", true) Exception in thread "main" java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.rangeCheck(ArrayList.java:653) at java.util.ArrayList.get(ArrayList.java:429) at pro.javacard.gp.GlobalPlatform.putKeys(GlobalPlatform.java:945) at pro.javacard.gp.GPTool.main(GPTool.java:592)

[martinpaljak]

Please follow the CONTRIBUTING guide and send issues with --debug flag added to any failing commands

[blschatz]

Dear Martin,

Thanks for the response. I can do one better. Please see the patch below fixing the issue.

Kind regards, Bradley

diff --git a/src/pro/javacard/gp/GlobalPlatform.java b/src/pro/javacard/gp/GlobalPlatform.java index 4a389c6..f2e1645 100644 --- a/src/pro/javacard/gp/GlobalPlatform.java +++ b/src/pro/javacard/gp/GlobalPlatform.java @@ -942,22 +942,27 @@

// Check if factory keys List tmpl = getKeyInfoTemplate();

• if ((tmpl.get(0).getVersion() < 1 || tmpl.get(0).getVersion() > 0x7F) && replace) {
• printStrictWarning("Trying to replace factory keys, when you need to add new ones? Is this a virgin card? (use --virgin)");
• }
• if (tmpl.size() > 0) {
• // Only do the following if we actually have key info templates.
• // Feitian eJava cards are shipped without keys using the FF version. No keys, no key info templates.
• // Check if key types and lengths are the same when replacing
• if (replace && (keys.get(0).getType() != tmpl.get(0).getType() || keys.get(0).getLength() != tmpl.get(0).getLength())) {
• throw new IllegalArgumentException("Can not replace keys of different type or size.");
• }
• if ((tmpl.get(0).getVersion() < 1 || tmpl.get(0).getVersion() > 0x7F) && replace) {
• printStrictWarning("Trying to replace factory keys, when you need to add new ones? Is this a virgin card? (use --virgin)");
• }
• // Check for matching version numbers if replacing and vice versa
• if (!replace && (keys.get(0).getVersion() == tmpl.get(0).getVersion())) {
• throw new IllegalArgumentException("Not adding keys and version matches existing?");
• }
• // Check if key types and lengths are the same when replacing
• if (replace && (keys.get(0).getType() != tmpl.get(0).getType() || keys.get(0).getLength() != tmpl.get(0).getLength())) {
• throw new IllegalArgumentException("Can not replace keys of different type or size.");
• }
• if (replace && (keys.get(0).getVersion() != tmpl.get(0).getVersion())) {
• throw new IllegalArgumentException("Replacing keys and versions don't match existing?");
• // Check for matching version numbers if replacing and vice versa
• if (!replace && (keys.get(0).getVersion() == tmpl.get(0).getVersion())) {
• throw new IllegalArgumentException("Not adding keys and version matches existing?");
• } +
• if (replace && (keys.get(0).getVersion() != tmpl.get(0).getVersion())) {
• throw new IllegalArgumentException("Replacing keys and versions don't match existing?");

• } }

  // Construct APDU

Dr Bradley Schatz | Forensic computer scientist PhD (Digital Forensics), BSc (Computer Science) Director, Schatz Forensic Pty. Ltd.

p: 1 300 364 101 | f: +61 7 3301 1843 | m: +61 422 949 039 | direct: +61 7 3613 0082 e: bradley@schatzforensic.com.au | p: PO Box 15972, City East, Brisbane, QLD 4002 w: www.schatzforensic.com.au

pgp key id: 0x90CD5BCB pgp fingerprint:0x04032D097976A32C74709246DC0B21CC90CD5BCB

This email message and any attached files may contain information that is confidential and subject of legal privilege intended only for use by the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient be advised that you have received this message in error and that any use, copying, circulation, forwarding, printing or publication of this message or attached files is strictly forbidden, as is the disclosure of the information contained therein. If you have received this message in error, please notify the sender immediately and delete it from your Inbox.

When communicating by email you consent to the monitoring and recording of that correspondence. We employ anti-virus software, however we cannot guarantee that this communication is virus free and recommend you test it before opening. The content expressed in this email is general comment only and is not legally binding until presented in a proper written format with relevant letterhead and other information.

From: Martin Paljak notifications@github.com<mailto:notifications@github.com> Reply-To: martinpaljak/GlobalPlatformPro reply@reply.github.com<mailto:reply@reply.github.com> Date: Friday, 31 July 2015 2:53 am To: martinpaljak/GlobalPlatformPro GlobalPlatformPro@noreply.github.com<mailto:GlobalPlatformPro@noreply.github.com> Cc: Bradley Schatz bradley@schatzforensic.com.au<mailto:bradley@schatzforensic.com.au> Subject: Re: [GlobalPlatformPro] Lock fails for Fetian Java Token (#26)

Please follow the CONTRIBUTING guide and send issues with --debug flag added to any failing commands

— Reply to this email directly or view it on GitHubhttps://github.com/martinpaljak/GlobalPlatformPro/issues/26#issuecomment-126400371.

[martinpaljak]

Please file a proper pull request and mark the "strange" part with XXX. The way I read GP specs those cards are misbehaving - you do authenticate to the card and thus there must be keys (and key templates) on the card.

[martinpaljak]

Also, I don't have the issue with my eJava token, as that does have key template information. What device exactly are you using ?

[martinpaljak]

Anyway, the current trunk should work without key tempates (like afresh SSD)