GIDS cards => need to add a new file type

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

GIDS cards => need to add a new file type

Vincent Le Toux
Hi,

I'm working on adding GIDS cards. This card is defined in a Microsoft specification.
https://msdn.microsoft.com/en-us/library/windows/hardware/dn642100%28v=vs.85%29.aspx

The main advantage of this card is that it is the only card (except PIV cards) coming with a native minidriver (it do not need anything to be used immediately) and it is read/write with the minidriver.
What is unusual is that it is not a PKCS#15 card and it uses BER TLV files defined in the iso 7816-4:2013.

The BER TLV file is not known / defined in OpenSC.
This is a new value of the file descriptor byte (added in iso 7816-4:2013 7.4.5) whose value is: 0x39 (111001). (the second file type added is SIMPLE TLV structure)
Then each data is stored in a DO of this BER TLV file and is accessed with a GET DATA / PUT DATA ADPU.

I would like to modify the sc_path_t structure to add a new type named SC_PATH_TYPE_FILE_ID_DO and modify the sc_pkcs15_read_file like functions to use getdata instead of read binary / read record when accessing data.
=> is it ok for you or do you have any comment ?

Thanks in advance for your attention

regards,
--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com

------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: GIDS cards => need to add a new file type

Frank Morgner
On Monday, November 30 at 10:57PM, Vincent Le Toux wrote:

> Hi,
>
> I'm working on adding GIDS cards. This card is defined in a Microsoft
> specification.
> https://msdn.microsoft.com/en-us/library/windows/hardware/dn642100%28v=vs.85%29.aspx
>
> The main advantage of this card is that it is the only card (except PIV
> cards) coming with a native minidriver (it do not need anything to be used
> immediately) and it is read/write with the minidriver.
> What is unusual is that it is not a PKCS#15 card and it uses BER TLV files
> defined in the iso 7816-4:2013.
>
> The BER TLV file is not known / defined in OpenSC.
> This is a new value of the file descriptor byte (added in iso 7816-4:2013
> 7.4.5) whose value is: 0x39 (111001). (the second file type added is SIMPLE
> TLV structure)
> Then each data is stored in a DO of this BER TLV file and is accessed with
> a GET DATA / PUT DATA ADPU.
>
> I would like to modify the sc_path_t structure to add a new type named
> SC_PATH_TYPE_FILE_ID_DO and modify the sc_pkcs15_read_file like functions
> to use getdata instead of read binary / read record when accessing data.
> => is it ok for you or do you have any comment ?
If I understand correctly, you are talking about the DOs that are by
definition (ISO 7816-4 2013) selectable objects. Generally speaking,
this would be a good improvement to have in OpenSC. I hope I find time
to check against a recent version of ISO 7816-15 if this is also a Path
object which can be used in EF.CIA, for example.

Anyway, I am not sure if this would be the easiest path for you to go.
Historically, all cards that don't have a filesystem (e.g. PIV, OpenPGP)
emulate a PKCS#15 like structure. This is because the OpenSC PKCS#15
framework assumes transparent EFs for historical reasons. You should
especially look at the OpenPGP implementation, because the card you
describe sounds very similar.

Note that in OpenSC there is already sc_get/put_data. And there are
several BER-TLV implementations (I know of): One in cwa14890.c and one
in card-openpgp.c that uses sc_asn1_read_tag. *Please* do not add yet an
other one...

If there is a native minidriver, why do you want to add this card to
OpenSC? Who uses this card and for what purpose?

--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

attachment0 (985 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: GIDS cards => need to add a new file type

Douglas E Engert
In reply to this post by Vincent Le Toux


On 11/30/2015 3:57 PM, Vincent Le Toux wrote:
> Hi,
>
> I'm working on adding GIDS cards. This card is defined in a Microsoft specification.
> https://msdn.microsoft.com/en-us/library/windows/hardware/dn642100%28v=vs.85%29.aspx
>
> The main advantage of this card is that it is the only card (except PIV cards) coming with a native minidriver (it do not need anything to be used immediately) and it is read/write with the minidriver.
> What is unusual is that it is not a PKCS#15 card and it uses BER TLV files defined in the iso 7816-4:2013.

The NIST PIV is not PKCS#15 either and uses a command called GET DATA but the command is 00:CB:3F:FF and it returns BER-TLV.

NIST 800-73 does not define read/write APDUs. All access to objects is to be via GET DATA.
pkcs15-piv.c emulate a PKCS#15 card providing file paths. card-piv.c has  piv_select_file, piv_read_binary and piv_write_binary
to override the normal select_file, read_binary and write_binary.

piv_select_file takes the path and maps it to a container_id. The first piv_read_binary then uses the container_id with a GET DATA
to read the whole object, and cache it. Subsequent read_binary will then return parts of the cached object.
So as part of writing the emulation, the card driver gets control and can do whatever it need to do to read/write the data.

Much of what you want to do can be done in your card driver, with little or no modifications to the common routines in OpenSC.
and you may want to look at the routines in card-piv.c and pkcs15-piv.c

If on the other hand, 7816-4:2013 use of this feature is likely to be used by other cards in the future, then a common routines make more sense.


>
> The BER TLV file is not known / defined in OpenSC.
> This is a new value of the file descriptor byte (added in iso 7816-4:2013 7.4.5) whose value is: 0x39 (111001). (the second file type added is SIMPLE TLV structure)
> Then each data is stored in a DO of this BER TLV file and is accessed with a GET DATA / PUT DATA ADPU.
>
> I would like to modify the sc_path_t structure to add a new type named SC_PATH_TYPE_FILE_ID_DO and modify the sc_pkcs15_read_file like functions to use getdata instead of read binary / read record
> when accessing data.
> => is it ok for you or do you have any comment ?
>
> Thanks in advance for your attention
>
> regards,
> --
> --
> Vincent Le Toux
>
> My Smart Logon
> www.mysmartlogon.com <http://www.mysmartlogon.com/>
>
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: GIDS cards => need to add a new file type

Vincent Le Toux
ok, I'll follow Douglas advice and I'll emulate the DO behavior as if their EF was a DF and the DO an EF.
(GIDS cards doesn't support DF)
 
@Frank: if GIDS cards can use the Embedded minidriver, they have no PKCS#11 Library, that's why I want to include them in OpenSC.
As far as I know, there is no implementation available, nor cards (except maybe the Gemalto IDPrime MD).
 
I've made with the help of Philp Webdland of isoApplet a working javacard applet.
The idea would be to publish at the same time both the javacard applet & opensc version.
 
Because it must use gzip, I'll have to fix the zlib problem on Windows x64.
Will it be possible to include the zlib-static Library in the github tree ?
It could be then downloaded by Appveyor ...
 
regards,
Vincent

------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: GIDS cards => need to add a new file type

Douglas E Engert
I don't have a copy of 7816-4:2013. As a side note, could you read and see if there is "CB" GET DATA, with p1-p2 as 3F FF?
If so, does it appear to match what NIST 800-73 is doing?

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf
  "PART 2:
   3.1.2 GET DATA Card Command
   The GET DATA card command retrieves the data content of the single data object whose tag is given in the data field.5"

On 12/1/2015 6:34 AM, Vincent Le Toux wrote:

> ok, I'll follow Douglas advice and I'll emulate the DO behavior as if their EF was a DF and the DO an EF.
> (GIDS cards doesn't support DF)
> @Frank: if GIDS cards can use the Embedded minidriver, they have no PKCS#11 Library, that's why I want to include them in OpenSC.
> As far as I know, there is no implementation available, nor cards (except maybe the Gemalto IDPrime MD).
> I've made with the help of Philp Webdland of isoApplet a working javacard applet.
> The idea would be to publish at the same time both the javacard applet & opensc version.
> Because it must use gzip, I'll have to fix the zlib problem on Windows x64.
> Will it be possible to include the zlib-static Library in the github tree ?
> It could be then downloaded by Appveyor ...
> regards,
> Vincent
>
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: GIDS cards => need to add a new file type

Vincent Le Toux
Yes, this is exactly the same except that it is not limited to the application file (3F FF).
GIDS cards set the ACL for a BER TLV EF, and then DO are stored in the EF depending on the permission requested.
 
 
regards,
Vincent

2015-12-01 14:59 GMT+01:00 Douglas E Engert <[hidden email]>:
I don't have a copy of 7816-4:2013. As a side note, could you read and see if there is "CB" GET DATA, with p1-p2 as 3F FF?
If so, does it appear to match what NIST 800-73 is doing?

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf
  "PART 2:
   3.1.2 GET DATA Card Command
   The GET DATA card command retrieves the data content of the single data object whose tag is given in the data field.5"

On 12/1/2015 6:34 AM, Vincent Le Toux wrote:
> ok, I'll follow Douglas advice and I'll emulate the DO behavior as if their EF was a DF and the DO an EF.
> (GIDS cards doesn't support DF)
> @Frank: if GIDS cards can use the Embedded minidriver, they have no PKCS#11 Library, that's why I want to include them in OpenSC.
> As far as I know, there is no implementation available, nor cards (except maybe the Gemalto IDPrime MD).
> I've made with the help of Philp Webdland of isoApplet a working javacard applet.
> The idea would be to publish at the same time both the javacard applet & opensc version.
> Because it must use gzip, I'll have to fix the zlib problem on Windows x64.
> Will it be possible to include the zlib-static Library in the github tree ?
> It could be then downloaded by Appveyor ...
> regards,
> Vincent
>
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel



--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com

------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel