Extended APDUs and T=0/1 communication protocols

Asked 4/3, 2015 at 13:39 Answered 8/3, 2015 at 12:59

Solved smartcard javacard smartcard-reader globalplatform pyscard

I have a JCOP V2.4.2 R3 java card that it is mentioned in its datasheet "The card support both T=1 and T=0 communication protocols"

I have also an ACR38 smart card reader that it support both T=0 and T=1 protocols. (I have T=0 communication with one card successfully and T=1 communication with this card successfully.)

I wrote the below program and upload it on the card to send and receive extended APDUs:

package extAPDU;

import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISOException;
import javacardx.apdu.ExtendedLength;

public class ExAPDU extends Applet implements ExtendedLength {

    private ExAPDU() {
    }


    public static void install(byte bArray[], short bOffset, byte bLength)
            throws ISOException {
        new ExAPDU().register();
    }

    public void process(APDU arg0) throws ISOException {
        short number = arg0.setIncomingAndReceive();
        arg0.setOutgoingAndSend((short)0, (short)(number+7));
    }

}

In the CAD-side I used python scripts to send different APDUs to card. The questions is:

1- Why I can't start communication with T=0 protocol(While it is mentioned that the card support this protocol):

The python script:

from smartcard.scard import *
import smartcard.util
from smartcard.System import readers
from smartcard.CardConnection import CardConnection

r=readers()
print r
connection =r[0].createConnection()
connection.connect(CardConnection.T0_protocol)

normalCommand=[0x00,0xa4,0x04,0x00,0x06,0x01,0x02,0x03,0x04,0x05,0x06]
data,sw1,sw2=connection.transmit(normalCommand)
print "SW for Normal Command:"
print data,hex(sw1),hex(sw2)

Output:

>>> ================================ RESTART ================================
>>> 
['ACS CCID USB Reader 0']

Traceback (most recent call last):
  File "C:\extAPDU.py", line 13, in <module>
    connection.connect(CardConnection.T0_protocol)
  File "D:\PythonX\Lib\site-packages\smartcard\CardConnectionDecorator.py", line 54, in connect
    self.component.connect(protocol, mode, disposition)
  File "D:\PythonX\Lib\site-packages\smartcard\pcsc\PCSCCardConnection.py", line 118, in connect
    raise CardConnectionException('Unable to connect with protocol: ' + dictProtocol[pcscprotocol] + '. ' + SCardGetErrorMessage(hresult))
CardConnectionException: Unable to connect with protocol: T0. The requested protocols are incompatible with the protocol currently in use with the smart card. 
>>>

2- Why the card doesn't work fine with the Select APDU commands in the extended form on the T=1 protocol :

The python script:

from smartcard.scard import *
import smartcard.util
from smartcard.CardConnection import CardConnection
from smartcard.System import readers

r=readers()
print r
connection =r[0].createConnection()
connection.connect(CardConnection.T1_protocol)

normalCommand=[0x00,0xa4,0x04,0x00,0x00,0x00,0x06,0x01,0x02,0x03,0x04,0x05,0x06]
data,sw1,sw2=connection.transmit(normalCommand)
print "SW for Normal Command:"
print data,hex(sw1),hex(sw2)

Output :

>>> ================================ RESTART ================================
>>> 
['ACS CCID USB Reader 0']
SW for Normal Command:
[] 0x67 0x0
>>>

I think I misunderstood this concept and I mixed up Extended APDUs with T=1 and T=0 protocols!

Every T=1 compatible smart card, can send and receive Extended APDUs? and we can't send and receive extended APDUs over T=0 protocols? If we want to send Extended SELECT APDU commands to the Security Domain, the SD must implement ExtendedLength interface?

For an Extended APDU transmission what are the requirements?

A T=1 compatible card reader
A T=1 compatible smart card
An applet that implemented ExtendedLength interface

Is it right?

I am really confused about Extended compatibility and T=0/1 compatibility in smart cards. Any light will appreciated.

Note that, I can successfully send Extended APDUs to the above applet with T=1 protocol!

Loci answered 4/3, 2015 at 13:39 Comment(0)

Q1: Changing Protocol is possible. Information which protocols are supported by hte card is transceived via ATR/ATS. The terminal then can decide which one to use. So it is dependend from your Terminal shell if protocols are selectable or not. For JCOP Shell this is /change-protocol. However is do not recommend T=0 in general.

Q2: If you start the card via sending ATR/ATS the Card Manager is active which only supports Global Platform commands. Global Platform does not support Extended Length what so ever. By sending a Select command(which must be simple length because of that) the applet gets selected and that actual Select commands is also forwarded into your Applet's process() method (and can be detected by the selectingApplet() method). Now that you are in your Applet you can send as many Extended Length commands as you want. You can bypass the initial Non-Extended-Length-Select by installing your applet as default selected.

Lettyletup answered 5/3, 2015 at 13:1 Comment(10)

And why he can't start communication with T=0 protocol? May I ask to take a look at the last comment under the other answer also? – Dreamadreamer 6/3, 2015 at 12:28

Providing the option to select communication protocol in the PySCard library, doesn't mean that protocols are selectable? (I mean : connection.connect(CardConnection.T1_protocol) or connection.connect(CardConnection.T0_protocol))? The failure in starting with T0, is related to the card reader? (ACR38) – Dreamadreamer 6/3, 2015 at 13:8

And for the last question : Must the manufacturer mention in the datasheet extended length compatibility explicitly? or the user can conclude compatibility or incompatibility based on the Java Card platform version and the T-1/0 compatibility? In the other word : Is it possible for a card to be Java Card 3 platform compatible, but not support extended length APDU transmission? Or Is it possible to be T=1 compatible, but not support extended length? Or is it possible to be Java Card 3 platform and T=1 compatible, but not support extended lentgh? What is the relation between these parameters :) – Dreamadreamer 6/3, 2015 at 13:16

well the manufacturer documents state if Extended Length is supported or not. For JCOP 242R3 im extremly certain that ExtLength is supported. I don't know PySCard and I haven't been working with ACR38(rumors say its crappy). It might be a driver issue. We do you want to run T=0 protocol? – Lettyletup 6/3, 2015 at 13:20

I want to be sure that if somewhere there was a T=1 incompatible reader, my card will work fine in T=0. So please suggest some good reader (both for contact and contactless). And appreciate if add the relation between T=0/1 compatibility and ExtendedLength compatibility in your answer.(Questions I asked in previous comment.) Really thank you :) – Dreamadreamer 6/3, 2015 at 13:28

You must read JCOP manuals, I haven't done ExtLength with T=0 so I cannot advise any reader and I don't think SO likes branding(there might be alot). Also read all the details about T=0 cases in the JC Spec(there is much to take care of) – Lettyletup 6/3, 2015 at 13:57

My question is not about JCOP only. It is a general question for all cards. I can't understand the relation between these parameters (In any!) BTW thank you . :) – Dreamadreamer 6/3, 2015 at 14:2

Well ExtendedLength is just an optional feature so you cannot make any statement in general. In general I would say there are lots ofspecifications and mostly everything is optional and in the end its upto the developpers of hardware/software what they choose to support. So you have to define some parts of your system and read the developper documents. I don't have anymore I can say about that sry :P – Lettyletup 6/3, 2015 at 14:12

Nothing about the relation between T=1/0 and ExtendedLength compatibility? :D – Dreamadreamer 6/3, 2015 at 18:39

I simply don't know of any – Lettyletup 6/3, 2015 at 18:41

It is not the case that every ISO-compatible card can send and receive extended APDUs. It is very much an optional feature. What version of JCOP does your card implement?

As for T=0 vs T=1: when a card indicates support for both protocols, it is the card reader that decides which one to use. If it's a PC/SC card reader, there is not much you can do about this.

Updated to add: Now you say that you can successfully send extended APDUs to the above applet. So it appears that the card does support extended APDUs. But perhaps the built-in SELECT command doesn't allow them if Le is absent, because there is no use case for them.

Delight answered 4/3, 2015 at 13:49 Comment(18)

I update the question. It is a JCOP V2.4.2 R3 card. and my reader is an ACR38 that is support both protocols.So both card and card reader support T=0. So why I can't start communication with T=0 protocol? – Loci 4/3, 2015 at 13:54

@Am1r: So the ACR38 reader sees that the card supports both protocols, and decides for itself to use T=1. There is not much that you can do about this. – Delight 4/3, 2015 at 13:56

Who select the transmission protocol? The programmer or the reader?! – Loci 4/3, 2015 at 13:57

@Am1r: Ha! Welcome to the world of PC/SC. All your smart cards are belong to us. – Delight 4/3, 2015 at 13:58

:D why they add the option of "protocol selecting" in the pyscard library? Would you please add more details? I am confused in this concept! – Loci 4/3, 2015 at 14:1

What is requirements for Extended APDU transmission and how select the protocol? – Loci 4/3, 2015 at 14:2

"why they add the option of "protocol selecting" in the pyscard library?" Because the spec was written by Microsoft. – Delight 4/3, 2015 at 14:3

Let us continue this discussion in chat. – Loci 4/3, 2015 at 14:3

"What is requirements for Extended APDU transmission and how select the protocol?" You don't have to. What you did looks correct to me. But the SELECT command in the card rejected it for some reason. Just be grateful that your applet can handle extended APDUs! – Delight 4/3, 2015 at 14:4

Is there any relation between Extended APDUs compatibility and T=0/1 protocols? – Loci 4/3, 2015 at 14:13

In principle, no. But it's harder to implement in T=0 protocol, so some cards might only support it in T=1 protocol. – Delight 4/3, 2015 at 14:14

Harder for card programmer or harder for card manufacturer? :D – Loci 4/3, 2015 at 14:18

Harder for the implementers of the JCOP OS (they're programmers too!) – Delight 4/3, 2015 at 14:27

@Delight Does this mean that every Java Card 3 platform cards, support extendedLength APDI transmisson? (As I understand you said there is no relation between transmission protocol and extendedLength compatibility. So, if the application programmer, implement extendedLength interface, his/her card will be able to send extended APDUs.right?) – Dreamadreamer 6/3, 2015 at 12:23

In the other word, should it be mentioned in the card's datasheet, that the card support extended APDU explicitly? Or it is enough to mention that the card is Java Card 3 platform, or the card supporting T=1 or something else ..., and based on that, the end-user can conclude that his card is extended length APDU compatible? – Dreamadreamer 6/3, 2015 at 12:25

@Abraham: I suggest you ask Paul Bastian. Judging from his answer, he knows much more about JCOP than I do! – Delight 6/3, 2015 at 12:59

All jcop cards with jc3 that I have seen supported ExtLength. I don't know if that is implicit(ask NXP and report here plz) though. You should ask for a detailed product sheet or ask your reseller to make sure. However the manual I got for my JCOP242R3 cards says that Extended Length is supported(still not giving any promises here) – Lettyletup 6/3, 2015 at 15:50

for all these questions you see that it is optimal to read JCOP User Manual – Lettyletup 6/3, 2015 at 15:51

Java Card itself already handles the T=0 specific commands, so a T=0/T=1 APDU will look pretty much the same to a programmer. There are of course differences, but those are pretty well explained in the APDU class.

T=0 is a byte based protocol while T=1 uses frames underneath. Most cards with T=0 don't support extended length. Note that to get extended length functionality that the javacardx.apdu.ExtendedLength tagging interface needs to be implemented.

JCOP cards can be configured to use T=0/T=1/T=CL and others. You need however to have access to the card (and probably the user manual) to configure the cards. The Java Card API doesn't contain any commands to change the support for protocols or the transport protocol parameters within the cold or warm ATR.

You are correct with regards to the requirements for extended length. Note that card readers not capable of T=1 will probably be hard to find by now. T=0 is an old protocol, T=1 should be preferred.

Folly answered 8/3, 2015 at 12:59 Comment(5)

Thank you dear Maarten. Do you have any idea why I can't select my applet with normal APDUs and T=0 protocol (i.e. with the first python program) while I am pretty sure that the card support T=0 communication protocol? – Loci 8/3, 2015 at 14:19

It looks like the card is configured for T=1 only. You could try and display the ATR of the card. If that is configured correctly then it should display what protocols are supported, if I remember correctly. – Folly 8/3, 2015 at 15:4

I parsed the ATR, and I think you are right. (smartcard-atr.appspot.com/…) – Loci 9/3, 2015 at 8:3

btw, did you worked with CardTool? (A tool that is for ACS company and is for ACR38 reader) – Loci 9/3, 2015 at 8:4

Nope, of all the readers I haven't personally encountered that one (which is kind of surprising with regards to the number of readers that did at one day or another end up on my desk) – Folly 9/3, 2015 at 18:13

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags