main.h

SOSSE,最简单的实现smart卡的教学用程序 内有电路图

	<H3>Description</H3>

	<P>The file with the specified FID is deleted from the current file,
	which must be a DF or the MF. Also the access conditions for delete
	must be satisfied and the specified file must be the last one in the
	DF/MF. Deletion of a DF, which contains EFs, is possible.</P>

	<P><EM>File header updates are protected with transactions.</EM></P>

	<H2>External Authentication.</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>82</TD>
		<TD>00</TD>
		<TD>00</TD>
		<TD>08</TD>
	</TR>
	</TABLE>

	<H3>Command data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 8</TD>
		<TD>Encrypted Challenge</TD>
		<TD>8</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>90 00</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>63 CX</TD> <TD>Verification failed, retry counter specified</TD> </TR>
	<TR> <TD>67 00</TD> <TD>Wrong Lc</TD> </TR>
	<TR> <TD>69 83</TD> <TD>Authentication method blocked</TD> </TR>
	<TR> <TD>69 85</TD> <TD>Conditions of use not satisfied</TD> </TR>
	<TR> <TD>6A 86</TD> <TD>Incorrect parameters P1-P2</TD> </TR>
	<TR> <TD>6A 88</TD> <TD>Referenced data not found</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>Directly before this command a 8 byte challenge must be fetched
	from the card with the Get Challenge command. This challenge must
	then be encrypted with the TEA algorithm and the External Authentication
	key. For authentication the resulting data must then be sent back
	via this command.</P>

	<P><EM>Warning: Currently the retry counter is not handled in
	a secure way. For more information see e.g. Rankl/Effing.</EM></P>

	<H2>Get Challenge</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>84</TD>
		<TD>00</TD>
		<TD>00</TD>
		<TD>08</TD>
	</TR>
	</TABLE>

	<H3>Response data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 8</TD>
		<TD>Random Challenge</TD>
		<TD>8</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>90 00</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>67 00</TD> <TD>Wrong Le</TD> </TR>
	<TR> <TD>6A 86</TD> <TD>Incorrect parameters P1-P2</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>Returns a challenge usable for the External Authentication command,
	which must then be the next issued command.</P>

	<P><EM>Warning: On the current hardware this challenge is produced with a
	PRNG based on TEA. It is not evaluated, if the current mechanism is
	appropriate for this task.</EM></P>

	<H2>Get Response.</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>C0</TD>
		<TD>00</TD>
		<TD>00</TD>
		<TD>Length</TD>
	</TR>
	</TABLE>

	<H3>Response data after Internal Authenticate</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 8</TD>
		<TD>Internal Authentication key encrypted challenge</TD>
		<TD>8</TD>
	</TR>
	</TABLE>

	<H3>Response data after Select</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 2</TD>
		<TD>Size</TD>
		<TD>2</TD>
	</TR>
	<TR>
		<TD>3 - 4</TD>
		<TD>FID</TD>
		<TD>2</TD>
	</TR>
	<TR>
		<TD>5</TD>
		<TD>File type (DF: 38, EF: 00)</TD>
		<TD>1</TD>
	</TR>
	<TR>
		<TD>6</TD>
		<TD>Access conditions</TD>
		<TD>1</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>90 00</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>69 85</TD> <TD>Wrong condition (No data available)</TD> </TR>
	<TR> <TD>6A 86</TD> <TD>Incorrect parameters P1-P2</TD> </TR>
	<TR> <TD>6C XX</TD> <TD>Wrong Le</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>This command fetches data from Internal Authentication and Select.
	These commands signal the availability of data with the status word
	61XX. For more details about the data returned after a Select, see
	at the Create command.</P>

	<H2>Internal Authentication.</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>88</TD>
		<TD>00</TD>
		<TD>Decrypt</TD>
		<TD>08</TD>
	</TR>
	</TABLE>

	<P>This command decrypts the data if P2 is 01. This functionality is
	only enabled when CONF_WITH_DECRYPT is set to 1.</P>

	<H3>Command data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 8</TD>
		<TD>Random Challenge</TD>
		<TD>8</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>61 08</TD> <TD>Command completed successfully (Data available)</TD> </TR>
	<TR> <TD>67 00</TD> <TD>Wrong Lc</TD> </TR>
	<TR> <TD>69 85</TD> <TD>Conditions of use not satisfied</TD> </TR>
	<TR> <TD>6A 86</TD> <TD>Incorrect parameters P1-P2</TD> </TR>
	<TR> <TD>6A 88</TD> <TD>Referenced data not found</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>Provieds a random challenge to the card. It encryptes the challenge
	with TEA and the Internal Authentication key and makes it available
	via Get Response. For the successful execution either the PIN or the
	External Authentication key must have been successfully verified
	previously.</P>

	<P>Because of possibility to decrypt data, this command can easily
	be used to implement some form of Remotely Keyed Encryption.</P>

	<H2>Read Binary.</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>B0</TD>
		<TD>Offset high</TD>
		<TD>Offest low</TD>
		<TD>Length</TD>
	</TR>
	</TABLE>

	<H3>Response data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - Length</TD>
		<TD>Data</TD>
		<TD>Length</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>90 00</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>69 82</TD> <TD>Security status not satisfied</TD> </TR>
	<TR> <TD>69 86</TD> <TD>Command not allowed (no EF selected)</TD> </TR>
	<TR> <TD>6A 82</TD> <TD>File not found</TD> </TR>
	<TR> <TD>6A 84</TD> <TD>File to short</TD> </TR>
	<TR> <TD>6B 00</TD> <TD>Wrong parameters (offset outside EF)</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>Reads <EM>Lenght</EM> bytes from <EM>Offset</EM> of the currently
	selected EF.</P>

	<H2>Select File.</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>A4</TD>
		<TD>00</TD>
		<TD>00</TD>
		<TD>02</TD>
	</TR>
	</TABLE>

	<H3>Command data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 2</TD>
		<TD>FID</TD>
		<TD>2</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>61 06</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>67 00</TD> <TD>Wrong Lc</TD> </TR>
	<TR> <TD>6A 82</TD> <TD>File not found</TD> </TR>
	<TR> <TD>6A 86</TD> <TD>Incorrect parameters P1-P2</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>It tries to select a file with the specified FID and searches
	for it in the following order:</P>

	<OL>
	<LI>EF in the current MF/DF</LI>
	<LI>DF in MF</LI>
	</OL>

	<P>If FID is 3F00, the MF is always selected.</P>

	<H2>Unblock PIN.</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>2C</TD>
		<TD>00</TD>
		<TD>00</TD>
		<TD>10</TD>
	</TR>
	</TABLE>

	<H3>Command data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 8</TD>
		<TD>PUK</TD>
		<TD>8</TD>
	</TR>
	<TR>
		<TD>9 - 16</TD>
		<TD>New PIN</TD>
		<TD>8</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>90 00</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>63 CX</TD> <TD>Verification failed, retry counter specified</TD> </TR>
	<TR> <TD>67 00</TD> <TD>Wrong Lc</TD> </TR>
	<TR> <TD>69 83</TD> <TD>Authentication method blocked</TD> </TR>
	<TR> <TD>6A 86</TD> <TD>Incorrect parameters P1-P2</TD> </TR>
	<TR> <TD>6A 88</TD> <TD>Referenced data not found</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>This command changes the PIN of the card and resets the retry
	counter of this PIN. The first eight bytes of the data is the
	PUK, which is checked for correctness.	The second four bytes
	of the data is the new PIN, which will be written. On success
	the AUTH_FLAG_PIN bit in authstate is set, on fauilure it is
	cleared.<P>

	<P><EM>Warning: Currently the retry counter is not handled in
	a secure way. For more information see e.g. Rankl/Effing.</EM></P>

	<P><EM>PIN update is protected with transactions.</EM></P>

	<H2>Update Binary.</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>D6</TD>
		<TD>Offset high</TD>
		<TD>Offset low</TD>
		<TD>Length</TD>
	</TR>
	</TABLE>

	<H3>Command data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - Length</TD>
		<TD>Data</TD>
		<TD>Length</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>90 00</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>65 00</TD> <TD>Memory failure (unsuccessful writing)</TD> </TR>
	<TR> <TD>67 00</TD> <TD>Wrong Le</TD> </TR>
	<TR> <TD>69 82</TD> <TD>Security status not satisfied</TD> </TR>
	<TR> <TD>69 86</TD> <TD>Command not allowed (no EF selected)</TD> </TR>
	<TR> <TD>6A 82</TD> <TD>File not found</TD> </TR>
	<TR> <TD>6A 84</TD> <TD>File to short</TD> </TR>
	<TR> <TD>6B 00</TD> <TD>Wrong parameters (offset outside EF)</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>Writes <EM>Lenght</EM> bytes to <EM>Offset</EM> of the currently
	selected EF.</P>

	<P><EM>Data updates are NOT protected with transactions.</EM></P>

	<H2>Verify Key</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>2A</TD>
		<TD>00</TD>
		<TD>00</TD>
		<TD>10</TD>
	</TR>
	</TABLE>

	<H3>Command data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 16</TD>
		<TD>External Authentication Key</TD>
		<TD>16</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>90 00</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>63 CX</TD> <TD>Verification failed, retry counter specified</TD> </TR>
	<TR> <TD>67 00</TD> <TD>Wrong Lc</TD> </TR>
	<TR> <TD>69 83</TD> <TD>Authentication method blocked</TD> </TR>
	<TR> <TD>6A 86</TD> <TD>Incorrect parameters P1-P2</TD> </TR>
	<TR> <TD>6A 88</TD> <TD>Referenced data not found</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>Verifies the External Authentication key as 16 byte plain text
	in the data part of the command.  On success the AUTH_FLAG_KEY
	bit in authstate is set, on failure it is cleared.</P>

	<P><EM>Warning: Currently the retry counter is not handled in
	a secure way. For more information see e.g. Rankl/Effing.</EM></P>

	<H2>Verify PIN</H2>

	<H3>Header</H3>

	<TABLE>
	<TR>
		<TD>CLA</TD>
		<TD>INS</TD>
		<TD>P1</TD>
		<TD>P2</TD>
		<TD>P3</TD>
	</TR>
	<TR>
		<TD>80</TD>
		<TD>20</TD>
		<TD>00</TD>
		<TD>00</TD>
		<TD>08</TD>
	</TR>
	</TABLE>

	<H3>Command data</H3>

	<TABLE>
	<TR>
		<TD>Byte(s)</TD>
		<TD>Description</TD>
		<TD>Length</TD>
	</TR>
	<TR>
		<TD>1 - 8</TD>
		<TD>PIN</TD>
		<TD>8</TD>
	</TR>
	</TABLE>

	<H3>Status words</H3>

	<TABLE>
	<TR> <TD>SW</TD> <TD>Description</TD> </TR>
	<TR> <TD>90 00</TD> <TD>Command completed successfully</TD> </TR>
	<TR> <TD>63 CX</TD> <TD>Verification failed, retry counter specified</TD> </TR>
	<TR> <TD>67 00</TD> <TD>Wrong Lc</TD> </TR>
	<TR> <TD>69 83</TD> <TD>Authentication method blocked</TD> </TR>
	<TR> <TD>6A 86</TD> <TD>Incorrect parameters P1-P2</TD> </TR>
	<TR> <TD>6A 88</TD> <TD>Referenced data not found</TD> </TR>
	</TABLE>

	<H3>Description</H3>

	<P>This command verifies the PIN. The four data bytes contain the
	user supplied PIN, which is checked for correctness.  On success
	the AUTH_FLAG_PIN bit in authstate is set, on fauilure it is
	cleared.<P>

	<P><EM>Warning: Currently the retry counter is not handled in
	a secure way. For more information see e.g. Rankl/Effing.</EM></P>

	<H1>Developers</H1>

	<UL>
	<LI>Matthias Bruestle <m@mbsks.franken.de></LI>
	</UL>

	<H1>License</H1>

	<P>This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License as
	published by the Free Software Foundation; either version 2 of
	the License, or (at your option) any later version.</P>

	<P>This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.</P>

	<P>You should have received a copy of the GNU General Public
	License along with this program; if not, write to the Free
	Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
	MA 02111-1307 USA</P>
*/

#ifndef SOSSE_MAIN_H
#define SOSSE_MAIN_H

#if defined(CTAPI)
void sosse_main( void );
#endif

#endif /* SOSSE_MAIN_H */