New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider supporting Java Card 3.0.1 cards #1
Comments
If the applet is correctly loaded (command "install for load"), but installation (command "install for install") is failing, I think the problem is that the resources of the card (RAM or non volatile) are exhausted. SmartPGP is quite greedy. To determine if this is the problem, a simple test is to comment the content of the SmartPGPApplet class constructor: the applet will be unusable if install is successful, but you will definitely know if this is the problem. If the resource consumption is the problem, please consider the instructions given in section "Reducing flash and/or RAM consumption" of the README.md. |
Thank you for the fast reply.
On Tue, Jun 06, 2017 at 12:26:16AM -0700, Arnaud Fontaine wrote:
If the applet is correctly loaded (command "install for load"), but
installation (command "install for install") is failing, I think the
problem is that the resources of the card (RAM or non volatile) are
exhausted.
According to the specs (see the other PDF) the card has 12k RAM and 80K
user memory and the SmartPGP applet is the only applet there. This seem
to be quite a lot of resources.
SmartPGP is quite greedy. To determine if this is the problem, a
simple test is to comment the content for the SmartPGPApplet class
constructor: the applet will be unusable if install is successful, but
you will definitely know if this is the problem.
I tried this already because @martinpaljak told me there might be
problem in the constructor since the install method only calls a
register() method. The problem with this approach is that javac then
starts to complain about variables not being initialized. Maybe I can
initialize them just with null, have to check it this evening.
If the resource consumption is the problem, please consider the
instructions given in section ["Reducing flash and/or RAM consumption"
of the
README.md](https://github.com/ANSSI-FR/SmartPGP#reducing-flash-andor-ram-consumption).
I will give it also a try.
|
Did you manage to install the applet successfully on your 3.0.1 card ? |
On Thu, Jun 29, 2017 at 09:36:59AM +0000, Arnaud Fontaine wrote:
Did you manage to install the applet successfully on your 3.0.1 card ?
I am sorry, I forgot to post the results here. When I can install it
when I do not create a Persistent() and SecureMessaging() object in the
constructor.
|
I created a branch javacard-3.0.1 which contains a working version (without elliptic curves and secure messaging) of the applet compatible with JavaCard 3.0.1. |
Thank you, you are great. Unfortunately it still does not work: I tried several small values with the same result, these are now the smallest I tried:
If it would be of any help I could try to send you one of the cards for testing. |
I don't have the manual of this card, but 6A80 is generally a problem of parameter (P1, P2 or wrong TLV data). |
I do not specify a AID by hand, I just use
to install the applet I use gp from here: https://github.com/martinpaljak/GlobalPlatformPro When I change
to
in
and recompile the applet, I can install it with above command. |
Sorry, I forgot this (very important) point... Could you try commenting the following line ? It will not remove memory allocations, but it works it will definitely reduce the faulty code. |
Thank you for providing me a card ! After some investigation, it appears the problem on this card comes from the use of the transaction mechanism during installation only. Can you test it and tell me if it is ok ? |
There is no need for transactions during install(), one is implicitly present. Maybe it would make sense to separate "things to initialize during install()" from "things to initialize by command later on" so that there would be no need for the "wrapping code" and an extra variable to track, that would be implicitly known from the code path otherwise ? |
If you look at commit 1dd42f5 you will see that is what I did: a "wrapping code" with a boolean parameter was introduced for transactions to determine if it is called from install (i.e. is registering) or not. |
The javacard-3.0.1 branch is working correctly, without secure messaging or ECC because of missing features from the JCDK in this version. I thus close this issue. |
We will try to also get the "Universal JCard" as we have problems with our current card "ACOSJ". @tyll How did you "compile SmartPGP for the older version"? |
You can simply checkout the |
@af-anssi Do you have a link to the 3.0.1 JCDK? I only found 3.0.3/3.0.4. https://github.com/martinpaljak/oracle_javacard_sdks is also missing this version. |
3.0.3 includes 3.0.1 API, so that is the right one. There is slight confusion in JavaCard API versions on SDK versions. |
@martinpaljak awesome, thanks for your help! |
@martinpaljak is right; I have been fooled by a symlink on my local machine ;-) |
SmartPGP requires Java Card 3.0.4 compliant cards but many cards do not support this newer version. I found three isues when trying to compile SmartPGP for the older version:
I would like to test this applet with this card https://www.usmartcards.co.uk/downloads/dl/file/id/444/product/312/universal_jcard_sales_sheet.pdf as the card might support RSA 4096 so I would not miss the ECC features. Do you have maybe any ideas what other code depends on Java Card 3.0.4?
The text was updated successfully, but these errors were encountered: