Error on initializing Applet

frankmorgner commented 9 years ago

I have the Applet up and running in jSimCard and as described here, I use src/tools/pkcs15-init --create-pkcs15 --profile src/pkcs15init/isoApplet.profile -vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv to initialize the Applet. However, I get the following error:

0xb71bd700 22:54:59.272 [pkcs15-init] card.c:211:sc_connect_card: trying driver 'isoApplet'
Outgoing APDU data [   17 bytes] =====================================
00 A4 04 00 0C F2 76 A2 88 BC FB A6 9D 34 F3 10 ......v......4..
01                                              .
======================================================================
Incoming APDU data [    5 bytes] =====================================
00 05 00 90 00 .....
======================================================================
Outgoing APDU data [   10 bytes] =====================================
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
======================================================================
Incoming APDU data [    2 bytes] =====================================
6A 82 j.
======================================================================
Couldn't bind to the card: File not found

It seems that some initialization of DFs and EFs is required before using pkcs15-init. Do you have these steps documented somewhere?

philipWendland commented 9 years ago

No, normally pkcs15-init --create-pkcs15 should be called directly after installing the applet. (The isoApplet.profile should also be selected without specifying it on the cmdline.)

In the process of creating all the PKCS#15 files it is common that a file is tried to be selected, and if that did not succeed, it is created. Do you have a full log? It would be interesting to see if a CREATE FILE command succeeded earlier.

With real cards, the current OpenSC/master and IsoApplet/master, this is not happening:

Outgoing APDU data [   17 bytes] =====================================
00 A4 04 00 0C F2 76 A2 88 BC FB A6 9D 34 F3 10 ......v......4..
01                                              .
======================================================================
0x7f8341f2b700 23:24:10.130 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7f8341f2b700 23:24:10.138 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    5 bytes] =====================================
00 05 01 90 00 .....
======================================================================
0x7f8341f2b700 23:24:10.138 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.138 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.138 [pkcs15-init] card.c:386:sc_unlock: called
0x7f8341f2b700 23:24:10.138 [pkcs15-init] reader-pcsc.c:554:pcsc_unlock: called
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card-isoApplet.c:113:isoApplet_select_applet: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card.c:224:sc_connect_card: matched: Javacard with IsoApplet
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card-isoApplet.c:193:isoApplet_init: called
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card-isoApplet.c:251:isoApplet_init: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card.c:259:sc_connect_card: card info name:'Javacard with IsoApplet', type:-1, flags:0x0, max_send/recv_size:0/0
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card.c:1284:sc_card_sm_check: called
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card.c:1285:sc_card_sm_check: card->sm_ctx.ops.open (nil)
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card.c:1290:sc_card_sm_check: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card.c:271:sc_connect_card: returning with: 0 (Success)
Using card driver Javacard with IsoApplet.
0x7f8341f2b700 23:24:10.148 [pkcs15-init] card.c:346:sc_lock: called
0x7f8341f2b700 23:24:10.148 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0x7f8341f2b700 23:24:10.148 [pkcs15-init] pkcs15-lib.c:300:sc_pkcs15init_bind: called
0x7f8341f2b700 23:24:10.149 [pkcs15-init] card.c:795:sc_card_ctl: called
0x7f8341f2b700 23:24:10.149 [pkcs15-init] card-isoApplet.c:1038:isoApplet_card_ctl: called
0x7f8341f2b700 23:24:10.149 [pkcs15-init] card-isoApplet.c:1052:isoApplet_card_ctl: returning with: -1408 (Not supported)
0x7f8341f2b700 23:24:10.149 [pkcs15-init] card.c:802:sc_card_ctl: card_ctl(4) not supported
0x7f8341f2b700 23:24:10.149 [pkcs15-init] card.c:644:sc_select_file: called; type=2, path=3f0050154946
0x7f8341f2b700 23:24:10.149 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0x7f8341f2b700 23:24:10.149 [pkcs15-init] card.c:346:sc_lock: called
0x7f8341f2b700 23:24:10.149 [pkcs15-init] apdu.c:528:sc_transmit: called
0x7f8341f2b700 23:24:10.149 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0x7f8341f2b700 23:24:10.149 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:A4, P1:8, P2:0, data(4) 0x7fff7dea0cf2
0x7f8341f2b700 23:24:10.149 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'Cherry GmbH SmartTerminal ST-2xxx [Vendor Interface] (21121440179920) 01 00'
0x7f8341f2b700 23:24:10.149 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [   10 bytes] =====================================
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
======================================================================
0x7f8341f2b700 23:24:10.149 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7f8341f2b700 23:24:10.157 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    2 bytes] =====================================
6A 82 j.
======================================================================
0x7f8341f2b700 23:24:10.157 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.157 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.157 [pkcs15-init] card.c:386:sc_unlock: called
0x7f8341f2b700 23:24:10.157 [pkcs15-init] iso7816.c:139:iso7816_check_sw: File not found
0x7f8341f2b700 23:24:10.157 [pkcs15-init] iso7816.c:555:iso7816_select_file: returning with: -1201 (File not found)
0x7f8341f2b700 23:24:10.157 [pkcs15-init] card.c:666:sc_select_file: 'SELECT' error: -1201 (File not found)
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:338:sc_profile_load: called
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:368:sc_profile_load: Using profile directory '/usr/local/share/opensc'.
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:376:sc_profile_load: Trying profile file /usr/local/share/opensc/pkcs15.profile
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:381:sc_profile_load: profile /usr/local/share/opensc/pkcs15.profile loaded ok
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:391:sc_profile_load: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:338:sc_profile_load: called
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:368:sc_profile_load: Using profile directory '/usr/local/share/opensc'.
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:376:sc_profile_load: Trying profile file /usr/local/share/opensc/isoApplet.profile
0x7f8341f2b700 23:24:10.157 [pkcs15-init] profile.c:381:sc_profile_load: profile /usr/local/share/opensc/isoApplet.profile loaded ok
0x7f8341f2b700 23:24:10.158 [pkcs15-init] profile.c:391:sc_profile_load: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.158 [pkcs15-init] profile.c:403:sc_profile_finish: called
0x7f8341f2b700 23:24:10.158 [pkcs15-init] profile.c:446:sc_profile_finish: returning with: 0 (Success)
0x7f8341f2b700 23:24:10.158 [pkcs15-init] pkcs15-lib.c:407:sc_pkcs15init_bind: returning with: 0 (Success)
About to create PKCS #15 meta structure.
New User PIN.
Please enter User PIN: 
Please type again to verify: 
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK): 
Please type again to verify: 
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:765:sc_pkcs15init_add_app: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:3759:sc_pkcs15init_qualify_pin: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:3774:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-isoApplet.c:181:isoApplet_select_pin_reference: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-isoApplet.c:214:isoApplet_select_pin_reference: returning with: 0 (Success)
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:3759:sc_pkcs15init_qualify_pin: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:3774:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:817:sc_pkcs15init_add_app: Add virtual SO_PIN('User PIN',flags:21,reference:1,path:'')
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-isoApplet.c:154:isoApplet_create_dir: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:3474:sc_pkcs15init_create_file: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:3475:sc_pkcs15init_create_file: create file '3f005015'
0x7f8341f2b700 23:24:25.639 [pkcs15-init] pkcs15-lib.c:3425:do_select_parent: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] card.c:644:sc_select_file: called; type=2, path=3f00
0x7f8341f2b700 23:24:25.639 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] card.c:346:sc_lock: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] apdu.c:528:sc_transmit: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0x7f8341f2b700 23:24:25.639 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:A4, P1:0, P2:0, data(2) 0x7fff7dea13d0
0x7f8341f2b700 23:24:25.639 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'Cherry GmbH SmartTerminal ST-2xxx [Vendor Interface] (21121440179920) 01 00'
0x7f8341f2b700 23:24:25.639 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [    8 bytes] =====================================
00 A4 00 00 02 3F 00 00 .....?..
======================================================================
0x7f8341f2b700 23:24:25.639 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7f8341f2b700 23:24:25.647 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [   11 bytes] =====================================
6F 07 82 01 38 83 02 3F 00 90 00 o...8..?...
======================================================================
(and continuing..)

It is interesting that the PIN and PUK is asked after the last APDU command you showed. My current guess would be: 1) A failure to ask for the PIN (Is this called normally on the command line?) 2) the --profile src/pkcs15init/isoApplet.profile does not work. Can you try without the option?

I will try to reproduce this in jcardsim tomorrow evening.

philipWendland commented 9 years ago

If I try to pkcs15-init -C --profile src/pkcs15init/isoApplet.profile -vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv (in the OpenSC dir obviously) I get this:

Outgoing APDU data [   10 bytes] =====================================
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
======================================================================
0x7ffa94938700 23:34:17.000 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7ffa94938700 23:34:17.008 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    2 bytes] =====================================
6A 82 j.
======================================================================
0x7ffa94938700 23:34:17.008 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0x7ffa94938700 23:34:17.008 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0x7ffa94938700 23:34:17.008 [pkcs15-init] card.c:386:sc_unlock: called
0x7ffa94938700 23:34:17.008 [pkcs15-init] iso7816.c:139:iso7816_check_sw: File not found
0x7ffa94938700 23:34:17.008 [pkcs15-init] iso7816.c:555:iso7816_select_file: returning with: -1201 (File not found)
0x7ffa94938700 23:34:17.008 [pkcs15-init] card.c:666:sc_select_file: 'SELECT' error: -1201 (File not found)
0x7ffa94938700 23:34:17.008 [pkcs15-init] profile.c:338:sc_profile_load: called
0x7ffa94938700 23:34:17.008 [pkcs15-init] profile.c:368:sc_profile_load: Using profile directory '/usr/local/share/opensc'.
0x7ffa94938700 23:34:17.008 [pkcs15-init] profile.c:376:sc_profile_load: Trying profile file /usr/local/share/opensc/src/pkcs15init/isoApplet.profile.profile
0x7ffa94938700 23:34:17.008 [pkcs15-init] profile.c:381:sc_profile_load: profile /usr/local/share/opensc/src/pkcs15init/isoApplet.profile.profile loaded ok
0x7ffa94938700 23:34:17.008 [pkcs15-init] profile.c:384:sc_profile_load: returning with: -1201 (File not found)
0x7ffa94938700 23:34:17.008 [pkcs15-init] pkcs15-lib.c:361:sc_pkcs15init_bind: Failed to load profile 'src/pkcs15init/isoApplet.profile': File not found
0x7ffa94938700 23:34:17.008 [pkcs15-init] pkcs15-lib.c:378:sc_pkcs15init_bind: Load profile error: -1201 (File not found)
Couldn't bind to the card: File not found

I think it was the second guess in my earlier post.

Note the 3rd-last line:

0x7ffa94938700 23:34:17.008 [pkcs15-init] pkcs15-lib.c:361:sc_pkcs15init_bind: Failed to load profile 'src/pkcs15init/isoApplet.profile': File not found

frankmorgner commented 9 years ago

removing --profile brings me further, but does not succeed in the end. Setting the PIN does not seem to work...

0xb7250700 00:54:27.281 [pkcs15-init] card.c:211:sc_connect_card: trying driver 'isoApplet'
0xb7250700 00:54:27.281 [pkcs15-init] card-isoApplet.c:92:isoApplet_select_applet: called
0xb7250700 00:54:27.281 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0xb7250700 00:54:27.281 [pkcs15-init] card.c:346:sc_lock: called
0xb7250700 00:54:27.281 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0xb7250700 00:54:27.281 [pkcs15-init] apdu.c:528:sc_transmit: called
0xb7250700 00:54:27.281 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0xb7250700 00:54:27.281 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:0, data(12) 0xb75cef60
0xb7250700 00:54:27.281 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack RFID basis 00 00'
0xb7250700 00:54:27.281 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [   17 bytes] =====================================
00 A4 04 00 0C F2 76 A2 88 BC FB A6 9D 34 F3 10 ......v......4..
01                                              .
======================================================================
0xb7250700 00:54:27.281 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb7250700 00:54:27.392 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    5 bytes] =====================================
00 05 00 90 00 .....
======================================================================
0xb7250700 00:54:27.392 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0xb7250700 00:54:27.392 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0xb7250700 00:54:27.392 [pkcs15-init] card.c:386:sc_unlock: called
0xb7250700 00:54:27.392 [pkcs15-init] reader-pcsc.c:554:pcsc_unlock: called
0xb7250700 00:54:27.402 [pkcs15-init] card-isoApplet.c:112:isoApplet_select_applet: returning with: 0 (Success)
0xb7250700 00:54:27.402 [pkcs15-init] card.c:224:sc_connect_card: matched: Javacard with IsoApplet
0xb7250700 00:54:27.402 [pkcs15-init] card-isoApplet.c:192:isoApplet_init: called
0xb7250700 00:54:27.402 [pkcs15-init] card-isoApplet.c:252:isoApplet_init: returning with: 0 (Success)
0xb7250700 00:54:27.402 [pkcs15-init] card.c:259:sc_connect_card: card info name:'Javacard with IsoApplet', type:-1, flags:0x0, max_send/recv_size:0/0
0xb7250700 00:54:27.402 [pkcs15-init] card.c:1284:sc_card_sm_check: called
0xb7250700 00:54:27.402 [pkcs15-init] card.c:1285:sc_card_sm_check: card->sm_ctx.ops.open (nil)
0xb7250700 00:54:27.402 [pkcs15-init] card.c:1290:sc_card_sm_check: returning with: 0 (Success)
0xb7250700 00:54:27.402 [pkcs15-init] card.c:271:sc_connect_card: returning with: 0 (Success)
Using card driver Javacard with IsoApplet.
0xb7250700 00:54:27.402 [pkcs15-init] card.c:346:sc_lock: called
0xb7250700 00:54:27.402 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0xb7250700 00:54:27.402 [pkcs15-init] pkcs15-lib.c:300:sc_pkcs15init_bind: called
0xb7250700 00:54:27.402 [pkcs15-init] card.c:795:sc_card_ctl: called
0xb7250700 00:54:27.402 [pkcs15-init] card-isoApplet.c:1039:isoApplet_card_ctl: called
0xb7250700 00:54:27.402 [pkcs15-init] card-isoApplet.c:1053:isoApplet_card_ctl: returning with: -1408 (Not supported)
0xb7250700 00:54:27.402 [pkcs15-init] card.c:802:sc_card_ctl: card_ctl(4) not supported
0xb7250700 00:54:27.402 [pkcs15-init] card.c:644:sc_select_file: called; type=2, path=3f0050154946
0xb7250700 00:54:27.402 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0xb7250700 00:54:27.402 [pkcs15-init] card.c:346:sc_lock: called
0xb7250700 00:54:27.402 [pkcs15-init] apdu.c:528:sc_transmit: called
0xb7250700 00:54:27.402 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0xb7250700 00:54:27.402 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:A4, P1:8, P2:0, data(4) 0xbfc789b5
0xb7250700 00:54:27.403 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack RFID basis 00 00'
0xb7250700 00:54:27.403 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [   10 bytes] =====================================
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
======================================================================
0xb7250700 00:54:27.403 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb7250700 00:54:27.436 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    2 bytes] =====================================
6A 82 j.
======================================================================
0xb7250700 00:54:27.436 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0xb7250700 00:54:27.436 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0xb7250700 00:54:27.436 [pkcs15-init] card.c:386:sc_unlock: called
0xb7250700 00:54:27.436 [pkcs15-init] iso7816.c:139:iso7816_check_sw: File not found
0xb7250700 00:54:27.436 [pkcs15-init] iso7816.c:555:iso7816_select_file: returning with: -1201 (File not found)
0xb7250700 00:54:27.436 [pkcs15-init] card.c:666:sc_select_file: 'SELECT' error: -1201 (File not found)
0xb7250700 00:54:27.436 [pkcs15-init] profile.c:338:sc_profile_load: called
0xb7250700 00:54:27.436 [pkcs15-init] profile.c:368:sc_profile_load: Using profile directory '/home/fm/.local/share/opensc'.
0xb7250700 00:54:27.436 [pkcs15-init] profile.c:376:sc_profile_load: Trying profile file /home/fm/.local/share/opensc/pkcs15.profile
0xb7250700 00:54:27.436 [pkcs15-init] profile.c:381:sc_profile_load: profile /home/fm/.local/share/opensc/pkcs15.profile loaded ok
0xb7250700 00:54:27.437 [pkcs15-init] profile.c:391:sc_profile_load: returning with: 0 (Success)
0xb7250700 00:54:27.437 [pkcs15-init] profile.c:338:sc_profile_load: called
0xb7250700 00:54:27.437 [pkcs15-init] profile.c:368:sc_profile_load: Using profile directory '/home/fm/.local/share/opensc'.
0xb7250700 00:54:27.437 [pkcs15-init] profile.c:376:sc_profile_load: Trying profile file /home/fm/.local/share/opensc/isoApplet.profile
0xb7250700 00:54:27.437 [pkcs15-init] profile.c:381:sc_profile_load: profile /home/fm/.local/share/opensc/isoApplet.profile loaded ok
0xb7250700 00:54:27.437 [pkcs15-init] profile.c:391:sc_profile_load: returning with: 0 (Success)
0xb7250700 00:54:27.437 [pkcs15-init] profile.c:403:sc_profile_finish: called
0xb7250700 00:54:27.437 [pkcs15-init] profile.c:446:sc_profile_finish: returning with: 0 (Success)
0xb7250700 00:54:27.437 [pkcs15-init] pkcs15-lib.c:407:sc_pkcs15init_bind: returning with: 0 (Success)
About to create PKCS #15 meta structure.
New User PIN.
Please enter User PIN: 
Please type again to verify: 
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK): 
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:765:sc_pkcs15init_add_app: called
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:3759:sc_pkcs15init_qualify_pin: called
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:3774:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-isoApplet.c:181:isoApplet_select_pin_reference: called
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-isoApplet.c:214:isoApplet_select_pin_reference: returning with: 0 (Success)
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:3759:sc_pkcs15init_qualify_pin: called
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:3761:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:817:sc_pkcs15init_add_app: Add virtual SO_PIN('User PIN',flags:29,reference:1,path:'')
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-isoApplet.c:154:isoApplet_create_dir: called
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:3474:sc_pkcs15init_create_file: called
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:3475:sc_pkcs15init_create_file: create file '3f005015'
0xb7250700 00:54:35.738 [pkcs15-init] pkcs15-lib.c:3425:do_select_parent: called
0xb7250700 00:54:35.738 [pkcs15-init] card.c:644:sc_select_file: called; type=2, path=3f00
0xb7250700 00:54:35.738 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0xb7250700 00:54:35.738 [pkcs15-init] card.c:346:sc_lock: called
0xb7250700 00:54:35.738 [pkcs15-init] apdu.c:528:sc_transmit: called
0xb7250700 00:54:35.738 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0xb7250700 00:54:35.738 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:A4, P1:0, P2:0, data(2) 0xbfc79173
0xb7250700 00:54:35.738 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack RFID basis 00 00'
0xb7250700 00:54:35.738 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [    8 bytes] =====================================
00 A4 00 00 02 3F 00 00 .....?..
======================================================================
0xb7250700 00:54:35.738 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb7250700 00:54:35.769 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [   11 bytes] =====================================
6F 07 82 01 38 83 02 3F 00 90 00 o...8..?...
======================================================================
0xb7250700 00:54:35.769 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0xb7250700 00:54:35.769 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0xb7250700 00:54:35.769 [pkcs15-init] card.c:386:sc_unlock: called
0xb7250700 00:54:35.769 [pkcs15-init] card-isoApplet.c:420:isoApplet_process_fci: called
0xb7250700 00:54:35.769 [pkcs15-init] iso7816.c:355:iso7816_process_fci: processing FCI bytes
0xb7250700 00:54:35.769 [pkcs15-init] iso7816.c:359:iso7816_process_fci:   file identifier: 0x3F00
0xb7250700 00:54:35.769 [pkcs15-init] iso7816.c:382:iso7816_process_fci:   shareable: no
0xb7250700 00:54:35.769 [pkcs15-init] iso7816.c:401:iso7816_process_fci:   type: DF
0xb7250700 00:54:35.769 [pkcs15-init] iso7816.c:402:iso7816_process_fci:   EF structure: 0
0xb7250700 00:54:35.769 [pkcs15-init] card-isoApplet.c:471:isoApplet_process_fci: returning with: 0 (Success)
0xb7250700 00:54:35.769 [pkcs15-init] card.c:672:sc_select_file: returning with: 0 (Success)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3462:do_select_parent: returning with: 0 (Success)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3380:sc_pkcs15init_authenticate: called
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3381:sc_pkcs15init_authenticate: path '3f00', op=3
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3392:sc_pkcs15init_authenticate: acl (nil)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3413:sc_pkcs15init_authenticate: returning with: 0 (Success)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3642:sc_pkcs15init_fixup_file: called
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:1793:sc_pkcs15init_get_pin_reference: called
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:1803:sc_pkcs15init_get_pin_reference: found 1 auth objects; looking for AUTH object(auth_method:16,reference:0)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:1810:sc_pkcs15init_get_pin_reference: check PIN(User PIN,auth_method:1,type:1,reference:1,flags:29)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:1859:sc_pkcs15init_get_pin_reference: returning with: 1
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:1793:sc_pkcs15init_get_pin_reference: called
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:1803:sc_pkcs15init_get_pin_reference: found 1 auth objects; looking for AUTH object(auth_method:16,reference:2)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:1810:sc_pkcs15init_get_pin_reference: check PIN(User PIN,auth_method:1,type:1,reference:1,flags:29)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:1849:sc_pkcs15init_get_pin_reference: returning with: 1
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3678:sc_pkcs15init_fixup_file: so_acl(method:1,ref:1), user_acl(method:1,ref:1)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3578:sc_pkcs15init_fixup_acls: called
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3626:sc_pkcs15init_fixup_acls: returning with: 0 (Success)
0xb7250700 00:54:35.769 [pkcs15-init] pkcs15-lib.c:3682:sc_pkcs15init_fixup_file: returning with: 0 (Success)
0xb7250700 00:54:35.769 [pkcs15-init] card.c:795:sc_card_ctl: called
0xb7250700 00:54:35.769 [pkcs15-init] card-isoApplet.c:1039:isoApplet_card_ctl: called
0xb7250700 00:54:35.769 [pkcs15-init] card-isoApplet.c:1053:isoApplet_card_ctl: returning with: -1408 (Not supported)
0xb7250700 00:54:35.769 [pkcs15-init] card.c:802:sc_card_ctl: card_ctl(4) not supported
0xb7250700 00:54:35.769 [pkcs15-init] card.c:440:sc_create_file: called; type=2, path=3f005015, size=5000
0xb7250700 00:54:35.769 [pkcs15-init] card-isoApplet.c:307:isoApplet_create_file: called
0xb7250700 00:54:35.769 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0xb7250700 00:54:35.769 [pkcs15-init] card.c:346:sc_lock: called
0xb7250700 00:54:35.769 [pkcs15-init] apdu.c:528:sc_transmit: called
0xb7250700 00:54:35.769 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0xb7250700 00:54:35.769 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:E0, P1:0, P2:0, data(23) 0xbfc79203
0xb7250700 00:54:35.769 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack RFID basis 00 00'
0xb7250700 00:54:35.769 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [   28 bytes] =====================================
00 E0 00 00 17 6F 15 81 02 13 88 82 01 38 83 02 .....o.......8..
50 15 86 08 FF 00 00 00 00 00 00 90             P...........
======================================================================
0xb7250700 00:54:35.769 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb7250700 00:54:35.791 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    2 bytes] =====================================
90 00 ..
======================================================================
0xb7250700 00:54:35.791 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0xb7250700 00:54:35.791 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0xb7250700 00:54:35.791 [pkcs15-init] card.c:386:sc_unlock: called
0xb7250700 00:54:35.791 [pkcs15-init] card-isoApplet.c:365:isoApplet_create_file: returning with: 0 (Success)
0xb7250700 00:54:35.791 [pkcs15-init] card.c:450:sc_create_file: returning with: 0 (Success)
0xb7250700 00:54:35.791 [pkcs15-init] pkcs15-lib.c:3497:sc_pkcs15init_create_file: returning with: 0 (Success)
0xb7250700 00:54:35.791 [pkcs15-init] pkcs15-isoApplet.c:161:isoApplet_create_dir: returning with: 0 (Success)
0xb7250700 00:54:35.791 [pkcs15-init] pkcs15-isoApplet.c:233:isoApplet_create_pin: called
0xb7250700 00:54:35.791 [pkcs15-init] sec.c:157:sc_pin_cmd: called
0xb7250700 00:54:35.791 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0xb7250700 00:54:35.791 [pkcs15-init] card.c:346:sc_lock: called
0xb7250700 00:54:35.791 [pkcs15-init] apdu.c:528:sc_transmit: called
0xb7250700 00:54:35.791 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0xb7250700 00:54:35.791 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:24, P1:1, P2:1, data(4) 0xbfc7701b
0xb7250700 00:54:35.791 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack RFID basis 00 00'
0xb7250700 00:54:35.791 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [    9 bytes] =====================================
00 24 01 01 04 31 31 31 31 .$...1111
======================================================================
0xb7250700 00:54:35.791 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb7250700 00:54:35.812 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    2 bytes] =====================================
69 86 i.
======================================================================
0xb7250700 00:54:35.812 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0xb7250700 00:54:35.812 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0xb7250700 00:54:35.812 [pkcs15-init] card.c:386:sc_unlock: called
0xb7250700 00:54:35.812 [pkcs15-init] iso7816.c:139:iso7816_check_sw: Command not allowed (no current EF)
0xb7250700 00:54:35.812 [pkcs15-init] sec.c:204:sc_pin_cmd: returning with: -1209 (Not allowed)
0xb7250700 00:54:35.812 [pkcs15-init] pkcs15-isoApplet.c:266:isoApplet_create_pin: returning with: -1209 (Not allowed)
0xb7250700 00:54:35.812 [pkcs15-init] pkcs15-lib.c:849:sc_pkcs15init_add_app: Card specific create application DF failed: -1209 (Not allowed)
Failed to create PKCS #15 meta structure: Not allowed
0xb7250700 00:54:35.812 [pkcs15-init] pkcs15-lib.c:417:sc_pkcs15init_unbind: called
0xb7250700 00:54:35.812 [pkcs15-init] pkcs15-lib.c:418:sc_pkcs15init_unbind: Pksc15init Unbind: 0:(nil):1
0xb7250700 00:54:35.812 [pkcs15-init] card.c:386:sc_unlock: called
0xb7250700 00:54:35.812 [pkcs15-init] reader-pcsc.c:554:pcsc_unlock: called
0xb7250700 00:54:35.814 [pkcs15-init] card.c:288:sc_disconnect_card: called
0xb7250700 00:54:35.814 [pkcs15-init] card-isoApplet.c:120:isoApplet_finish: called
0xb7250700 00:54:35.814 [pkcs15-init] card-isoApplet.c:126:isoApplet_finish: returning with: 0 (Success)
0xb7250700 00:54:35.814 [pkcs15-init] reader-pcsc.c:504:pcsc_disconnect: called
0xb7250700 00:54:35.861 [pkcs15-init] card.c:309:sc_disconnect_card: returning with: 0 (Success)
0xb7250700 00:54:35.861 [pkcs15-init] ctx.c:796:sc_release_context: called
0xb7250700 00:54:35.861 [pkcs15-init] reader-pcsc.c:745:pcsc_finish: called

philipWendland commented 9 years ago

In normal configuration, the PUK must be set. You made me rethink this - it is misleading and not necessary in normal use cases. I changed the default configuration.

e84b71dfbc82566a656ddc172431671e4bd30960

frankmorgner commented 9 years ago

OpenSC said it would be optional and I left it blank. Does the OpenSC configuration need to be changed, too, to fix the initialization?

philipWendland commented 9 years ago

No need to change it.

The PUK being labeled as "optional" is hard coded in OpenSC: https://github.com/OpenSC/OpenSC/blob/master/src/tools/pkcs15-init.c#L855

frankmorgner commented 9 years ago

Initializing the applet works with setting PIN and PUK, thanks. You may want to add the mandatory PUK to your webpage (or maybe submit a patch to OpenSC)...

Now, i get the next error with pkcs15-init --generate-key "rsa/2048" --auth-id "FF" --label "myKey" --id "1" -vvvvvvvvvvvvvvvvvvvvvvvvvv:

0xb71c1700 14:26:52.185 [pkcs15-init] card.c:211:sc_connect_card: trying driver 'isoApplet'
0xb71c1700 14:26:52.185 [pkcs15-init] card-isoApplet.c:92:isoApplet_select_applet: called
0xb71c1700 14:26:52.185 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0xb71c1700 14:26:52.185 [pkcs15-init] card.c:346:sc_lock: called
0xb71c1700 14:26:52.185 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0xb71c1700 14:26:52.185 [pkcs15-init] apdu.c:528:sc_transmit: called
0xb71c1700 14:26:52.185 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0xb71c1700 14:26:52.185 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:0, data(12) 0xb753ff60
0xb71c1700 14:26:52.185 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack RFID basis 00 00'
0xb71c1700 14:26:52.185 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [   17 bytes] =====================================
00 A4 04 00 0C F2 76 A2 88 BC FB A6 9D 34 F3 10 ......v......4..
01                                              .
======================================================================
0xb71c1700 14:26:52.185 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb71c1700 14:26:52.205 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    5 bytes] =====================================
00 05 00 90 00 .....
======================================================================
0xb71c1700 14:26:52.206 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0xb71c1700 14:26:52.206 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0xb71c1700 14:26:52.206 [pkcs15-init] card.c:386:sc_unlock: called
0xb71c1700 14:26:52.206 [pkcs15-init] reader-pcsc.c:554:pcsc_unlock: called
0xb71c1700 14:26:52.208 [pkcs15-init] card-isoApplet.c:112:isoApplet_select_applet: returning with: 0 (Success)
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:224:sc_connect_card: matched: Javacard with IsoApplet
0xb71c1700 14:26:52.208 [pkcs15-init] card-isoApplet.c:192:isoApplet_init: called
0xb71c1700 14:26:52.208 [pkcs15-init] card-isoApplet.c:252:isoApplet_init: returning with: 0 (Success)
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:259:sc_connect_card: card info name:'Javacard with IsoApplet', type:-1, flags:0x0, max_send/recv_size:0/0
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:1284:sc_card_sm_check: called
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:1285:sc_card_sm_check: card->sm_ctx.ops.open (nil)
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:1290:sc_card_sm_check: returning with: 0 (Success)
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:271:sc_connect_card: returning with: 0 (Success)
Using card driver Javacard with IsoApplet.
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:346:sc_lock: called
0xb71c1700 14:26:52.208 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0xb71c1700 14:26:52.208 [pkcs15-init] pkcs15-lib.c:300:sc_pkcs15init_bind: called
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:795:sc_card_ctl: called
0xb71c1700 14:26:52.208 [pkcs15-init] card-isoApplet.c:1039:isoApplet_card_ctl: called
0xb71c1700 14:26:52.208 [pkcs15-init] card-isoApplet.c:1053:isoApplet_card_ctl: returning with: -1408 (Not supported)
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:802:sc_card_ctl: card_ctl(4) not supported
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:644:sc_select_file: called; type=2, path=3f0050154946
0xb71c1700 14:26:52.208 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0xb71c1700 14:26:52.208 [pkcs15-init] card.c:346:sc_lock: called
0xb71c1700 14:26:52.208 [pkcs15-init] apdu.c:528:sc_transmit: called
0xb71c1700 14:26:52.208 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0xb71c1700 14:26:52.208 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:A4, P1:8, P2:0, data(4) 0xbfd40d85
0xb71c1700 14:26:52.208 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack RFID basis 00 00'
0xb71c1700 14:26:52.208 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [   10 bytes] =====================================
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
======================================================================
0xb71c1700 14:26:52.208 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb71c1700 14:26:52.240 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [   25 bytes] =====================================
6F 15 81 02 00 80 82 01 01 83 02 49 46 86 08 FF o..........IF...
90 90 90 90 90 90 00 90 00                      .........
======================================================================
0xb71c1700 14:26:52.240 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0xb71c1700 14:26:52.240 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0xb71c1700 14:26:52.240 [pkcs15-init] card.c:386:sc_unlock: called
0xb71c1700 14:26:52.240 [pkcs15-init] card-isoApplet.c:420:isoApplet_process_fci: called
0xb71c1700 14:26:52.240 [pkcs15-init] iso7816.c:355:iso7816_process_fci: processing FCI bytes
0xb71c1700 14:26:52.240 [pkcs15-init] iso7816.c:359:iso7816_process_fci:   file identifier: 0x4946
0xb71c1700 14:26:52.240 [pkcs15-init] iso7816.c:370:iso7816_process_fci:   bytes in file: 128
0xb71c1700 14:26:52.240 [pkcs15-init] iso7816.c:382:iso7816_process_fci:   shareable: no
0xb71c1700 14:26:52.240 [pkcs15-init] iso7816.c:401:iso7816_process_fci:   type: working EF
0xb71c1700 14:26:52.240 [pkcs15-init] iso7816.c:402:iso7816_process_fci:   EF structure: 1
0xb71c1700 14:26:52.240 [pkcs15-init] card-isoApplet.c:471:isoApplet_process_fci: returning with: 0 (Success)
0xb71c1700 14:26:52.240 [pkcs15-init] card.c:672:sc_select_file: returning with: 0 (Success)
0xb71c1700 14:26:52.240 [pkcs15-init] card.c:479:sc_read_binary: called; 128 bytes at index 0
0xb71c1700 14:26:52.240 [pkcs15-init] apdu.c:561:sc_transmit_apdu: called
0xb71c1700 14:26:52.240 [pkcs15-init] card.c:346:sc_lock: called
0xb71c1700 14:26:52.240 [pkcs15-init] apdu.c:528:sc_transmit: called
0xb71c1700 14:26:52.240 [pkcs15-init] apdu.c:382:sc_single_transmit: called
0xb71c1700 14:26:52.240 [pkcs15-init] apdu.c:387:sc_single_transmit: CLA:0, INS:B0, P1:0, P2:0, data(0) (nil)
0xb71c1700 14:26:52.240 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack RFID basis 00 00'
0xb71c1700 14:26:52.240 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Outgoing APDU data [    5 bytes] =====================================
00 B0 00 00 80 .....
======================================================================
0xb71c1700 14:26:52.240 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb71c1700 14:26:52.264 [pkcs15-init] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    2 bytes] =====================================
67 00 g.
======================================================================
0xb71c1700 14:26:52.265 [pkcs15-init] apdu.c:397:sc_single_transmit: returning with: 0 (Success)
0xb71c1700 14:26:52.265 [pkcs15-init] apdu.c:550:sc_transmit: returning with: 0 (Success)
0xb71c1700 14:26:52.265 [pkcs15-init] card.c:386:sc_unlock: called
0xb71c1700 14:26:52.265 [pkcs15-init] iso7816.c:139:iso7816_check_sw: Wrong length
0xb71c1700 14:26:52.265 [pkcs15-init] iso7816.c:170:iso7816_read_binary: returning with: -1206 (Wrong length)
0xb71c1700 14:26:52.265 [pkcs15-init] card.c:519:sc_read_binary: returning with: -1206 (Wrong length)
0xb71c1700 14:26:52.265 [pkcs15-init] pkcs15-lib.c:347:sc_pkcs15init_bind: Read info error: -1206 (Wrong length)
Couldn't bind to the card: Wrong length

philipWendland commented 9 years ago

It is on the website: "It will ask for a PIN and a PUK. If the PUK must be set (see Configuration), you can not skip by pressing enter." Maybe I should make things clearer though.

As for your "Wrong length" error: This should not happen. The only place the applet returns "wrong length" for READ BINARY is here: https://github.com/philipWendland/IsoApplet/blob/master/src/net/pwendland/javacard/pki/isoapplet/IsoFileSystem.java#L658

However, apdu.setIncomingAndReceive() should return zero as 00 B0 00 00 80 is a case 2 apdu without Lc or data. Can you check whether your simulator behaves correctly according to the JC 2.2.2 specification? http://www.win.tue.nl/pinpasjc/docs/apis/jc222/javacard/framework/APDU.html

setIncominAndReceive
(...)
Returns:
    number of data bytes read. The Le byte, if any, is not included in the count. Returns 0 if no bytes are available.

philipWendland commented 9 years ago

No, sorry, actually the applet's implementation is wrong. I did not see this:

This method should only be called on a case 3 or case 4 command, otherwise erroneous behavior may result.

I will try to find out how to actually get the case of an apdu. Maybe this needs to be fixed on other places as well.

frankmorgner commented 9 years ago

You can have a look at this C based implementation for hints: https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/apdu.c#L649

philipWendland commented 9 years ago

jCardSim interprets the Le as Lc in case 2 apdus: https://github.com/licel/jcardsim/blob/master/src/main/java/javacard/framework/APDU.java#L565 All of my real cards return 0 in case 2 apdus. Nevertheless, I should not call it with case 2..

Obtaining the case is easy when the length is known (as its done in apdu.c). However, the apdu arrives in STATE_INITIAL and only the header is valid. I can read P3 [1], but is it Le or Lc? In case 1 apdus, there is no P3 - how is this defined?

APDU.getIncomingLength() may only be called with case 1,3,4 apdus. (Why with case 1??) Additionally, setIncomingAndReceive() must be called earlier:

APDUException.ILLEGAL_USE if setIncomingAndReceive() not called or if setOutgoing() or setOutgoingNoChaining() previously invoked.

As we know, setIncomingAndReceive() may only be called with case 3,4......

My next guess would have been to try and replace the check apdu.setIncomingAndReceive() != (short) 0 with apdu.getCurrentState != APDU.STATE_FULL_INCOMING, but that does not work; The apdu state is only advanced from STATE_INITIAL when calling setIncomingAndReceive()..
I don't see any other method of obtaining the actual length of the apdu. The more I look at it, the more it looks like a quirk of the JC API...

I am somewhat stranded. Did I miss something obvious? The last option would be to just assume that there is no data available. This might work in the READ BINARY INS=B0 case, however, does it work in every other case?

[1] http://www.win.tue.nl/pinpasjc/docs/apis/jc222/javacard/framework/APDU.html "The applet receives the APDU instance to process from the Java Card runtime environment in the Applet.process(APDU) method, and the first five header bytes [ CLA, INS, P1, P2, P3 ] are available in the APDU buffer."

frankmorgner commented 9 years ago

I don't know either. Maybe a jCardSim developer can help... @licel @robertbachmann

philipWendland commented 9 years ago

I don't think there is another way other than assuming whether the incoming apdu has data or not, based on the INS, P1P2 combination. I will investigate this week whether this is possible in every instruction.

robertbachmann commented 9 years ago

jCardSim interprets the Le as Lc in case 2 apdus: https://github.com/licel/jcardsim/blob/master/src/main/java/javacard/framework/APDU.java#L565

I'll try to fix this on the weekend.

philipWendland commented 9 years ago

@frankmorgner I identified one more of those statements and removed them. See b6bb1e6643b8911661f9f78e32d66c25c4d383c5 if you want. I will try to test your HCE app myself when I have time. Is there an easier way to test this without an NFC reader other than with a seperate remote smartcard reader?

@robertbachmann Thank you. Note that jCardSim is not necessarily incorrect about it: "This method should only be called on a case 3 or case 4 command, otherwise erroneous behavior may result. " However, I think it is not bad if both sides are defensive about it.

frankmorgner commented 9 years ago

yes, remote smart card reader + smart card emulator should work. You need two nfc phones, however.

philipWendland commented 9 years ago

Hello Frank,

do you have any remaining issues with your setup since the update of jcardsim?

frankmorgner commented 9 years ago

yes, the most recent commits of jcardsim were enough to fix the issue. i tested acardemulator + standard contact-less reader with the following commands:

pkcs15-init --create-pkcs15
pkcs15-init --generate-key "rsa/2048" --auth-id "FF" --label "myKey" --id "1"
pkcs15-tool --dump

philipWendland / IsoApplet

Error on initializing Applet #6