New Card Driver and List of APDU's?

Hi,

Is there documentation of the Opensc smart card send/receive APDU's and
their implementation?

Also, I'd like to add another card driver to the project.  I didn't find any
documentation detailing how that is done and what goes into creating a new
driver.

Any help would be great.

Michael Papet


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user

Hi Michael,

the first step in writing a driver is the "card-name.c" file.
basicaly you can use the iso7816 functions, but replace each
function where your card is different from the iso standard
(or the iso code doesn't do what you want).

a typical code to send some apdu looks like this:

        sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x16, 0x02, offset);
        apdu.cla = 0x80;
        apdu.le = 256;
        apdu.resplen = 256;
        apdu.resp = rbuf;

        r = sc_transmit_apdu(card, &apdu);
        SC_TEST_RET(card->ctx, r, "APDU transmit failed");
        r = sc_check_sw(card, apdu.sw1, apdu.sw2);
        SC_TEST_RET(card->ctx, r, "DIRECTORY command returned error");

also note that opensc expects pkcs#15 structure on your card. it would be
nice to have code to create and modify such structures. or if your card
doesn't have those, to have an emulation layer. the former is implemented
in pkcs15init/pkcs15-name.c the later in libopensc/pkcs15-name.c.

> Also, I'd like to add another card driver to the project.  I didn't find
> any documentation detailing how that is done and what goes into creating a
> new driver.

good idea, so I'd like to help as good as possible.
here is a minimal driver, that does nothing but use
the iso ops. take a look at some card driver, most likely
you need to write your own function, for example to compute
a signature or list files on the card.

you also need to edit opensc.h and ctx.c and the Makefile
(look for "etoken" and enter an entry like that with "dummy"
in it).

Regards, Andreas

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user

Okay:

So, I do the following steps:
1. work on getting the APDU's mapped by making a driver file.
2. I will also need to edit opensc.h and ctx.c and the Makefile in order to
get the new card recognized and connected to my driver.
3. Check PKCS15 support on my smart cards and see if it's available.

I confused my terms with the initial post so I'll ask again.
What I need to make this easier is a list of the APDU's that OpenSC is
sending and the expected process on the card side.  I would need this for
the PKCS15 APDU's as well.  Each smart card OS, (even JavaCard) can
implement standards differently.  The Musclecard applet has excellent
documentation that makes this easier.  I'm wondering if the same is
available in OpenSC.

-----Original Message-----
From: Andreas Jellinghaus [mailto:[hidden email]]
Sent: Tuesday, May 24, 2005 1:22 AM
To: [hidden email]
Cc: [hidden email]
Subject: [not-spam] Re: [opensc-user] New Card Driver and List of
APDU's?


Hi Michael,

the first step in writing a driver is the "card-name.c" file.
basicaly you can use the iso7816 functions, but replace each
function where your card is different from the iso standard
(or the iso code doesn't do what you want).

a typical code to send some apdu looks like this:

        sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x16, 0x02,
offset);
        apdu.cla = 0x80;
        apdu.le = 256;
        apdu.resplen = 256;
        apdu.resp = rbuf;

        r = sc_transmit_apdu(card, &apdu);
        SC_TEST_RET(card->ctx, r, "APDU transmit failed");
        r = sc_check_sw(card, apdu.sw1, apdu.sw2);
        SC_TEST_RET(card->ctx, r, "DIRECTORY command returned error");

also note that opensc expects pkcs#15 structure on your card. it would be
nice to have code to create and modify such structures. or if your card
doesn't have those, to have an emulation layer. the former is implemented
in pkcs15init/pkcs15-name.c the later in libopensc/pkcs15-name.c.

> Also, I'd like to add another card driver to the project.  I didn't find
> any documentation detailing how that is done and what goes into creating a
> new driver.

good idea, so I'd like to help as good as possible.
here is a minimal driver, that does nothing but use
the iso ops. take a look at some card driver, most likely
you need to write your own function, for example to compute
a signature or list files on the card.

you also need to edit opensc.h and ctx.c and the Makefile
(look for "etoken" and enter an entry like that with "dummy"
in it).

Regards, Andreas

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user

On Tuesday 24 May 2005 19:32, mpapet wrote:
> So, I do the following steps:
> 1. work on getting the APDU's mapped by making a driver file.
> 2. I will also need to edit opensc.h and ctx.c and the Makefile in order to
> get the new card recognized and connected to my driver.
> 3. Check PKCS15 support on my smart cards and see if it's available.

a very good plan. if you run into any trouble, please contact the list
and we will try to help.

> What I need to make this easier is a list of the APDU's that OpenSC is
> sending and the expected process on the card side.

Each card driver has their own apdu functions, so I guess it is no
use to assemble such a list.

but apdu commands are always created with the sc_format_apdu function,
and that function is used:
 - in iso7816.c (generic implementation)
 - card-*.c (card specific implementation)
 - pkcs15-*.c (pkcs15 emulation specific implementation)
 - tools/cryptoflex-tool,cardos-info,opensc-tool
                card specific tools and the generic opensc-tool

the code in the card-*.c drivers (except your new one) and pkcs15-*.c (except
if you write one9 will not be used by opensc, if you write your own driver.

the rest of the code doesn't create any apdu. most important pkcs15init
does only use existing commands and not create any apdu, and pkcs15 emulations
usualy also use existing low level functions and not create their own apdus.

so if you look at iso7816.c, you can check each function if it does what you
want, and if not copy that function to your driver, rename it, add the new
name to the iso_ops structure, and change the renamend functions to fit your
card.

> I would need this for the PKCS15 APDU's as well.

that code is much more about data structures than apdu.

also note each card can define some functionality of it's own
using driver_card_ctl multiplexer, and the pkcs15*.c layer can
call those private functions. for example the etoken driver has
special functions to get and set the lifecycle. (other cards have
different security models that don't include a lifecycle at all.)

> Each smart card OS, (even JavaCard) can
> implement standards differently.  The Musclecard applet has excellent
> documentation that makes this easier.  I'm wondering if the same is
> available in OpenSC.

sorry, we don't have much documentation so far. in the svn trunk
you will find new documentation written by bert, and nils wrote a
guide to the pkcs15init stuff, available in www.opensc.org/files
(and the doc or docs). but feel free to ask on the list, we will
try to answer your questions as fast as possible.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user

I got things modified in the files as you suggested below with a new
card-sci.c file. It compiles with no errors.  This is a good start.

I'll work on getting the APDU's ported next.  Do you have some documentation
that lists the APDU's OpenSC uses? I am not a good or trained programmer,
just determined.

Maybe I'm missing something obvious?  Any APDU information would be great.

Best regards,
Michael

-----Original Message-----
From: Andreas Jellinghaus [mailto:[hidden email]]
Sent: Tuesday, May 24, 2005 1:22 AM
To: [hidden email]
Cc: [hidden email]
Subject: [not-spam] Re: [opensc-user] New Card Driver and List of
APDU's?


Hi Michael,

the first step in writing a driver is the "card-name.c" file.
basicaly you can use the iso7816 functions, but replace each
function where your card is different from the iso standard
(or the iso code doesn't do what you want).

a typical code to send some apdu looks like this:

        sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x16, 0x02,
offset);
        apdu.cla = 0x80;
        apdu.le = 256;
        apdu.resplen = 256;
        apdu.resp = rbuf;

        r = sc_transmit_apdu(card, &apdu);
        SC_TEST_RET(card->ctx, r, "APDU transmit failed");
        r = sc_check_sw(card, apdu.sw1, apdu.sw2);
        SC_TEST_RET(card->ctx, r, "DIRECTORY command returned error");

also note that opensc expects pkcs#15 structure on your card. it would be
nice to have code to create and modify such structures. or if your card
doesn't have those, to have an emulation layer. the former is implemented
in pkcs15init/pkcs15-name.c the later in libopensc/pkcs15-name.c.

> Also, I'd like to add another card driver to the project.  I didn't find
> any documentation detailing how that is done and what goes into creating a
> new driver.

good idea, so I'd like to help as good as possible.
here is a minimal driver, that does nothing but use
the iso ops. take a look at some card driver, most likely
you need to write your own function, for example to compute
a signature or list files on the card.

you also need to edit opensc.h and ctx.c and the Makefile
(look for "etoken" and enter an entry like that with "dummy"
in it).

Regards, Andreas

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user

HI Michael,

please try to read iso7816.c, it contains the default functions and the
apdu used in then, and you can see which return codes are handled,
and what kind of data structures are send / expected as return.
For each function that does what you want, you can keep that function,
for everyething else you can copy the code into your own driver, and
change it to suite your needs.

apdu's are also in the card-*.c drivers, but those won't help you,
as they do the same thing, but are for other cards. looking at iso7816
is best, I guess, but if something isn't clear it might help to look
at the same function in other card drivers and see what they do.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user