Difference between revisions of "JavaCard"

From YobiWiki
Jump to navigation Jump to search
 
(17 intermediate revisions by the same user not shown)
Line 17: Line 17:
 
** GlobalPlatform 2.2
 
** GlobalPlatform 2.2
 
==JCOP Tools==
 
==JCOP Tools==
Tools can be obtained by contacting jcop.tools@nxp.com
+
Tools can be obtained by contacting tools.jcop@nxp.com
 
<br>Current version: NXP JCOP Plugins Generic v3.3.6 & Target v1.3.6
 
<br>Current version: NXP JCOP Plugins Generic v3.3.6 & Target v1.3.6
 
<br>Current requirements are WinXP SP3, Win7 32bit or Win7 64bit, and Eclipse 3.6 or 3.7
 
<br>Current requirements are WinXP SP3, Win7 32bit or Win7 64bit, and Eclipse 3.6 or 3.7
<br>Goal is to get everything running under Linux 64bit too.
+
<br>So as you can see this is a Windows-only release, goal of this page is to get everything running under Linux 64bit too until the next official release supporting again Linux.
 
<br>Thanks to Bastiaan for his help!
 
<br>Thanks to Bastiaan for his help!
   
Line 51: Line 51:
 
A couple of scripts to ease usage of the various simulator versions:
 
A couple of scripts to ease usage of the various simulator versions:
   
simulators/template:
+
[{{#file: template}} simulators/template] (you can download it by using this link):
 
<source lang=bash>
 
<source lang=bash>
 
#!/bin/bash
 
#!/bin/bash
Line 62: Line 62:
 
</source>
 
</source>
 
chmod 755 template
 
chmod 755 template
simulators/populate:
+
[{{#file: populate}} simulators/populate] (you can download it by using this link):
 
<source lang=bash>
 
<source lang=bash>
 
$ cat populate
 
$ cat populate
Line 92: Line 92:
   
 
===JCShell===
 
===JCShell===
  +
Eclipse plugin contains also a standalone jcshell version but the Bash script provided with it (~/.eclipse/org.eclipse.platform_3.7.0_155965261/plugins/com.ibm.bluez.jcop.eclipse_3.3.6/jcshell.sh) can be improved, e.g. by replacing it at the same location by the following [{{#file: template}} jcshell.sh] (you can download it by using this link):
From the setup executable:
 
  +
<source lang=bash>
7z -y x nxp-offcard-2.3.0.0_Setup_NXP-JCShell.exe
 
  +
#!/bin/sh
You'll get a /scripts directory in which we'll only consider a few jar files.
 
  +
# ==========================================================================
<br>The tool can then be used with the following helper script:
 
  +
# jcshell.sh
#!/bin/bash
 
  +
# This file launches the NXP JCShell for command line usage
java -cp "lib/offcard.jar:lib/crypto.jar" com.ibm.jc.tools.JCShell $*
 
  +
# ==========================================================================
And connect to a standalone JCOP simulator:
 
  +
  +
# --------------------------------------------------------------------------
  +
# Check for java
  +
# --------------------------------------------------------------------------
  +
if [ "$JAVA_HOME" != "" ]; then
  +
if [ -x "$JAVA_HOME/bin/java" ] ; then
  +
JAVA="$JAVA_HOME/bin/java"
  +
else
  +
echo "ERROR : JAVA_HOME not properly defined. Could not find java."
  +
exit 1
  +
fi
  +
else
  +
JAVA="$(which java)"
  +
if [ "$JAVA" = "" ]; then
  +
echo "ERROR : Could not find java in PATH. Please define JAVA_HOME."
  +
exit 1
  +
fi
  +
fi
  +
  +
# --------------------------------------------------------------------------
  +
# Extract jcshell absolute path no matter from where it's called
  +
# --------------------------------------------------------------------------
  +
JCSHELL_PATH="$(dirname $(readlink -f $0))"
  +
  +
# --------------------------------------------------------------------------
  +
# Include the JAR files from lib folder in CLASSPATH for JVM
  +
# --------------------------------------------------------------------------
  +
CLASSPATH_JCSHELL="$JCSHELL_PATH/lib/offcard.jar"
  +
#CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/JNISCCommWrapper.jar"
  +
CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/crypto.jar"
  +
CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/jpcsc.jar"
  +
  +
# --------------------------------------------------------------------------
  +
# Launch the JVM with jcshell as main application and pass in the command
  +
# line from the call to this script file.
  +
# --------------------------------------------------------------------------
  +
echo
  +
echo Welcome to NXP JCShell!
  +
echo "(c) 2012 NXP Semiconductors Germany GmbH"
  +
echo ------------------------------------------------------------------------------
  +
echo
  +
if [ "$(which socat)" != "" ]; then
  +
socat READLINE,history=$HOME/.jcshell_history EXEC:"\"$JAVA\" -cp \"$CLASSPATH_JCSHELL\" com.ibm.jc.tools.JCShell $*"
  +
else
  +
"$JAVA" -cp "$CLASSPATH_JCSHELL" com.ibm.jc.tools.JCShell $@
  +
fi
  +
</source>
  +
In case you want to use only the simulators and you don't have JPCSC (see below), comment the line
  +
# CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/jpcsc.jar"
  +
Now you can create a symlink at your convenience, e.g.
  +
ln -s ~/.eclipse/org.eclipse.platform_3.7.0_155965261/plugins/com.ibm.bluez.jcop.eclipse_3.3.6/jcshell.sh /usr/local/bin/jcshell
  +
Note that to use a jcshell.rc file, it needs to be present in the local directory (pwd).
  +
  +
And connecting to a standalone JCOP simulator:
 
- /term Remote
 
- /term Remote
 
> /atr
 
> /atr
 
> /identify
 
> /identify
  +
  +
In the script above, we look for ''socat'' and it present, we use it to add current line edition capability in a bash like manner (READLINE) and use of a history file .jcshell_history.
  +
  +
It's also possible to get JCShell from the standalone version, using the setup executable:
  +
7z -y x nxp-offcard-2.3.0.0_Setup_NXP-JCShell.exe
  +
You'll get a /scripts directory in which we'll only consider a few jar files.
  +
<br>The same jcshell.sh script can be used in this setup.
   
 
===JPCSC===
 
===JPCSC===
Line 115: Line 176:
 
<br>Get it, extract libpcsclite1_1.8.3-3_i386.deb and copy libpcsclite.so.1.0.0 and symlink libpcsclite.so.1 to /usr/lib32
 
<br>Get it, extract libpcsclite1_1.8.3-3_i386.deb and copy libpcsclite.so.1.0.0 and symlink libpcsclite.so.1 to /usr/lib32
   
Now PCSC readers can be used undes JCShell:
+
Now PCSC readers can be used under JCShell if you add jpcsc.jar to the helper script:
  +
<source lang=bash>
  +
#!/bin/bash
  +
java -cp "lib/offcard.jar:lib/crypto.jar:lib/jpcsc.jar" com.ibm.jc.tools.JCShell $*
  +
</source>
  +
 
- term PCSC
 
- term PCSC
 
> /atr
 
> /atr
Line 124: Line 190:
   
 
===ifdhandler===
 
===ifdhandler===
pcsc-lite API for ifhandlers changed slightly since release of jpcsc binaries so we've to recompile it from sources [http://www.linuxnet.com/middleware/files/jpcsc-0.8.0-src.zip jpcsc-0.8.0-src.zip]
+
Ifdhandler in release of jpcsc binaries is 32-bit so we've to recompile it from sources [http://www.linuxnet.com/middleware/files/jpcsc-0.8.0-src.zip jpcsc-0.8.0-src.zip]
   
Patch to add the missing function, downloadable as [{{#file: jcop_simul_handler.diff}} jcop_simul_handler.diff]:
 
<source lang=diff>
 
diff -Naur jcop_simul_ifdhandler/ifdhandler.c jcop_simul_ifdhandler-new/ifdhandler.c
 
--- jcop_simul_ifdhandler/ifdhandler.c 2004-07-21 16:33:16.000000000 +0200
 
+++ jcop_simul_ifdhandler/ifdhandler.c 2012-05-26 01:38:51.000000000 +0200
 
@@ -37,9 +37,9 @@
 
 
 
 
-
 
-RESPONSECODE IFDHCreateChannel ( DWORD Lun, DWORD Channel ) {
 
-
 
+RESPONSECODE
 
+IFDHCreateChannelByName(DWORD Lun, LPSTR DeviceName)
 
+{
 
/* Lun - Logical Unit Number, use this for multiple card slots
 
or multiple readers. 0xXXXXYYYY - XXXX multiple readers,
 
YYYY multiple slots. The resource manager will set these
 
@@ -77,13 +77,21 @@
 
/**
 
* Connection to JCOP is setup later.
 
*/
 
- dbg_log("JCOP.CreateChanenel(): Lun 0x%x, Channel 0x%x\n", Lun, Channel);
 
+ dbg_log("JCOP.CreateChanenel(): Lun 0x%x, Device %s\n", Lun, DeviceName);
 
 
jcop_power_up();
 
 
return IFD_SUCCESS;
 
}
 
 
+
 
+RESPONSECODE IFDHCreateChannel ( DWORD Lun, DWORD Channel ) {
 
+ char str[16];
 
+ snprintf(str, sizeof str, "/dev/pcsc/%lu", (unsigned long) Channel);
 
+
 
+ return IFDHCreateChannelByName(Lun, str);
 
+}
 
+
 
RESPONSECODE IFDHCloseChannel ( DWORD Lun ) {
 
 
/* This function should close the reader communication channel
 
diff -Naur jcop_simul_ifdhandler/ifdhandler.h jcop_simul_ifdhandler-new/ifdhandler.h
 
--- jcop_simul_ifdhandler/ifdhandler.h 2004-07-21 16:33:16.000000000 +0200
 
+++ jcop_simul_ifdhandler/ifdhandler.h 2012-05-26 01:35:20.000000000 +0200
 
@@ -118,6 +118,7 @@
 
 
/* List of Defined Functions Available to IFD_Handler */
 
 
+ RESPONSECODE IFDHCreateChannelByName ( DWORD, LPSTR );
 
RESPONSECODE IFDHCreateChannel ( DWORD, DWORD );
 
RESPONSECODE IFDHCloseChannel ( DWORD );
 
RESPONSECODE IFDHGetCapabilities ( DWORD, DWORD, PDWORD,
 
</source>
 
 
cd jpcsc/misc/jcop_simul_ifdhandler
 
cd jpcsc/misc/jcop_simul_ifdhandler
patch -p1 < jcop_simul_ifdhandler.diff
 
 
gcc -g -fpic -w -c ifdhandler.c -I.
 
gcc -g -fpic -w -c ifdhandler.c -I.
 
gcc -g -fpic -w -shared ifdhandler.o -o libjcop_remote.so
 
gcc -g -fpic -w -shared ifdhandler.o -o libjcop_remote.so
Line 186: Line 198:
 
Then install libjcop_remote.so in /usr/lib/pcsc/drivers/serial/ and create a conf file /etc/reader.conf.d/jcopsimul:
 
Then install libjcop_remote.so in /usr/lib/pcsc/drivers/serial/ and create a conf file /etc/reader.conf.d/jcopsimul:
 
FRIENDLYNAME "JCOPSimulReader"
 
FRIENDLYNAME "JCOPSimulReader"
DEVICENAME /dev/null
 
 
LIBPATH /usr/lib/pcsc/drivers/serial/libjcop_remote.so
 
LIBPATH /usr/lib/pcsc/drivers/serial/libjcop_remote.so
 
CHANNELID 0x0103F8
 
CHANNELID 0x0103F8
  +
Note the difference with original instructions from README: since pcsc-lite 1.6.5 you shouldn't use DEVICENAME if the driver does not provide IFDHCreateChannelByName()
Finally restart pcscd
 
  +
<br>Finally restart pcscd
 
<br>Every time a simulator will be run, a "card" will be inserted in pcscd
 
<br>Every time a simulator will be run, a "card" will be inserted in pcscd
 
<br>The virtual card can be used with any PCSC-compatible application, including Eclipse.
 
<br>The virtual card can be used with any PCSC-compatible application, including Eclipse.
  +
  +
'''Beware that once pcscd is running and using ifdhandler JCOPSimulReader, simulator cannot be accessed anymore via'''
  +
/term Remote
  +
'''but exclusively via'''
  +
/term PCSC
   
 
===[http://rfidiot.org/ RFIDIOt]===
 
===[http://rfidiot.org/ RFIDIOt]===
Line 198: Line 215:
 
==GPShell==
 
==GPShell==
 
http://sourceforge.net/projects/globalplatform/
 
http://sourceforge.net/projects/globalplatform/
  +
<br>Could never get it working properly
  +
==GlobalPlatformPro==
  +
[https://github.com/martinpaljak/GlobalPlatformPro GlobalPlatform tool] intends to replace outdated gpshell.
  +
<br>To compile it you need openjdk-7-jdk which at the moment seems hard to get on my Debian (old dependencies problem), so I'll stick to openjdk-8 and fetch a pre-built version [https://github.com/martinpaljak/GlobalPlatformPro/releases here].
  +
<br>Usage:
  +
<source lang=bash>
  +
java -jar gp.jar --help
  +
</source>
  +
==Comparison==
  +
* [https://www.fi.muni.cz/~xsvenda/jcalgtest/index.html JCAlgTest]
  +
  +
==Shopping==
  +
* https://github.com/martinpaljak/GlobalPlatformPro/tree/master/docs/JavaCardBuyersGuide

Latest revision as of 18:41, 3 December 2017

Standards & Documents

JCOP

Generally speaking JCOP-specific detailed information can only be obtained at NXP.
This page does not contain any sensitive information, only tips & tricks for people having already obtained such info & tools in adequate way.
Current versions:

  • JCOP v2.4.1 R3
    • JavaCard 2.2.2
    • GlobalPlatform 2.1.1
  • JCOP v2.4.2 R2
    • JavaCard 3.0.1 Classic
    • GlobalPlatform 2.2

JCOP Tools

Tools can be obtained by contacting tools.jcop@nxp.com
Current version: NXP JCOP Plugins Generic v3.3.6 & Target v1.3.6
Current requirements are WinXP SP3, Win7 32bit or Win7 64bit, and Eclipse 3.6 or 3.7
So as you can see this is a Windows-only release, goal of this page is to get everything running under Linux 64bit too until the next official release supporting again Linux.
Thanks to Bastiaan for his help!

Eclipse

You first need Java. I'm using OpenJDK 1.6

apt-get install openjdk-6-jre

Needed components are eclipse-platform & eclipse-jdt

apt-get install eclipse

Follow tools instructions to install JCOP plugins

Eclipse activation:
We'll see later how to use a real reader via jpcsc but for activation it doesn't work so better to use one of the other activation methods for now.

Configuration:

  • Windows / Preferences / Java / Compiler / Compliance Level: 1.5
  • Windows / Preferences / Java / Debug / Unselect "Suspend Execution on uncaught exceptions"

Simulators

There are still a couple of linux simulators available in the tools but not much.
You can see them in Debug/Run Configurations... / JavaCard Application / JavaCard Simulation / Configure. At time of writing, only v2.3.1 and v2.4.1R3 are available.
But... the other simulators for Windows work fine through wine.
So you can create in all ~/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/simul/mask*/linux/ a script jcop to use the Windows version:

#!/bin/bash
wine $(dirname $0)/../win32/jcop.exe $*

So corresponding versions will appear in JavaCard Simulation configuration.

Simulators can also be run alone, for use with JCShell or jcop_simul_ihdhandler:

sh ~/.eclipse/org.eclipse.platform_3.7.0_.../plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/simul/maskXX/linux/jcop \
   -fab=/absolute/path/to/.eclipse/org.eclipse.platform_3.7.0_.../plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/data/maskXX/maskXX_J..._R...dat

A couple of scripts to ease usage of the various simulator versions:

[{{#file: template}} simulators/template] (you can download it by using this link):

#!/bin/bash

REF=$(basename $0)
MASK=${REF/[_f]*/}
FAB=$(ls $HOME/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/data/$MASK/$REF.dat)
SIM=~/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/simul/$MASK/linux/jcop
$SIM -fab=$FAB
chmod 755 template

[{{#file: populate}} simulators/populate] (you can download it by using this link):

$ cat populate 
#!/bin/bash

rm mask*
for i in $HOME/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/data/mask*/mask??_*; do
    REF=$(basename $i)
    REF=${REF%.dat}
    ln -sf template $REF
done

for i in $HOME/.eclipse/org.eclipse.platform_3.7.0_*/plugins/com.ibm.bluez.jcop.eclipse.targetpacks.smartmx_1.3.6/simul/*; do
    cd $i
    if [ -d linux ]; then
        continue
    fi
    mkdir linux
    cat > linux/jcop << EOF
#!/bin/bash

wine \$(dirname \$0)/../win32/jcop.exe \$*
EOF
    chmod 755 linux/jcop
done
chmod 755 populate
./populate

JCShell

Eclipse plugin contains also a standalone jcshell version but the Bash script provided with it (~/.eclipse/org.eclipse.platform_3.7.0_155965261/plugins/com.ibm.bluez.jcop.eclipse_3.3.6/jcshell.sh) can be improved, e.g. by replacing it at the same location by the following [{{#file: template}} jcshell.sh] (you can download it by using this link):

#!/bin/sh
# ==========================================================================
#     jcshell.sh
#     This file launches the NXP JCShell for command line usage
# ==========================================================================

# --------------------------------------------------------------------------
# Check for java
# --------------------------------------------------------------------------
if [ "$JAVA_HOME" != "" ]; then
    if [ -x "$JAVA_HOME/bin/java" ] ; then
        JAVA="$JAVA_HOME/bin/java"
    else
	echo "ERROR : JAVA_HOME not properly defined. Could not find java."
	exit 1
    fi
else
    JAVA="$(which java)"
    if [ "$JAVA" = "" ]; then
	echo "ERROR : Could not find java in PATH. Please define JAVA_HOME."
	exit 1
    fi
fi

# --------------------------------------------------------------------------
# Extract jcshell absolute path no matter from where it's called
# --------------------------------------------------------------------------
JCSHELL_PATH="$(dirname $(readlink -f $0))"

# --------------------------------------------------------------------------
# Include the JAR files from lib folder in CLASSPATH for JVM
# --------------------------------------------------------------------------
CLASSPATH_JCSHELL="$JCSHELL_PATH/lib/offcard.jar"
#CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/JNISCCommWrapper.jar"
CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/crypto.jar"
CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/jpcsc.jar"

# --------------------------------------------------------------------------
# Launch the JVM with jcshell as main application and pass in the command
# line from the call to this script file.
# --------------------------------------------------------------------------
echo
echo Welcome to NXP JCShell!
echo "(c) 2012 NXP Semiconductors Germany GmbH"
echo ------------------------------------------------------------------------------
echo
if [ "$(which socat)" != "" ]; then
        socat READLINE,history=$HOME/.jcshell_history EXEC:"\"$JAVA\" -cp \"$CLASSPATH_JCSHELL\" com.ibm.jc.tools.JCShell $*"
else
        "$JAVA" -cp "$CLASSPATH_JCSHELL" com.ibm.jc.tools.JCShell $@
fi

In case you want to use only the simulators and you don't have JPCSC (see below), comment the line

# CLASSPATH_JCSHELL="$CLASSPATH_JCSHELL:$JCSHELL_PATH/lib/jpcsc.jar"

Now you can create a symlink at your convenience, e.g.

ln -s ~/.eclipse/org.eclipse.platform_3.7.0_155965261/plugins/com.ibm.bluez.jcop.eclipse_3.3.6/jcshell.sh /usr/local/bin/jcshell

Note that to use a jcshell.rc file, it needs to be present in the local directory (pwd).

And connecting to a standalone JCOP simulator:

- /term Remote
> /atr
> /identify

In the script above, we look for socat and it present, we use it to add current line edition capability in a bash like manner (READLINE) and use of a history file .jcshell_history.

It's also possible to get JCShell from the standalone version, using the setup executable:

7z -y x nxp-offcard-2.3.0.0_Setup_NXP-JCShell.exe

You'll get a /scripts directory in which we'll only consider a few jar files.
The same jcshell.sh script can be used in this setup.

JPCSC

Pegoda doesn't work under linux but we can use PCSC readers through JPCSC.
JPC/SC Java API (0.8.0) is available in binary form in the link Windows Binary Download Here (zip)
Yes I know... Windows... but jpcsc-0.8.0.zip contains also /jpcsc/bin/linux/libjpcsc.so, a 32 bit library.
On a 64 bit Debian, you can put libjpcsc.so under /usr/lib32

ldd /usr/lib32/libjpcsc.so
[...]
libpcsclite.so.1 => not found

Indeed libpcsclite1 is not in the ia32-libs
You can get it by retrieving the 32 bit version of libpcsclite1 which you already have on your system. For me it's libpcsclite1_1.8.3-3_i386.deb.
Get it, extract libpcsclite1_1.8.3-3_i386.deb and copy libpcsclite.so.1.0.0 and symlink libpcsclite.so.1 to /usr/lib32

Now PCSC readers can be used under JCShell if you add jpcsc.jar to the helper script:

#!/bin/bash
java -cp "lib/offcard.jar:lib/crypto.jar:lib/jpcsc.jar" com.ibm.jc.tools.JCShell $*
- term PCSC
> /atr

It will find the card, no matter in which PCSC reader it is.
And with e.g. a SCL3711 it will access contactless JCOP cards without any problem.

For Eclipse, simply choose the right PCSC reader under Debug/Run Configurations

ifdhandler

Ifdhandler in release of jpcsc binaries is 32-bit so we've to recompile it from sources jpcsc-0.8.0-src.zip

cd jpcsc/misc/jcop_simul_ifdhandler
gcc -g -fpic -w  -c ifdhandler.c -I. 
gcc -g -fpic -w -shared ifdhandler.o -o libjcop_remote.so

Then install libjcop_remote.so in /usr/lib/pcsc/drivers/serial/ and create a conf file /etc/reader.conf.d/jcopsimul:

FRIENDLYNAME     "JCOPSimulReader"
LIBPATH          /usr/lib/pcsc/drivers/serial/libjcop_remote.so
CHANNELID        0x0103F8

Note the difference with original instructions from README: since pcsc-lite 1.6.5 you shouldn't use DEVICENAME if the driver does not provide IFDHCreateChannelByName()
Finally restart pcscd
Every time a simulator will be run, a "card" will be inserted in pcscd
The virtual card can be used with any PCSC-compatible application, including Eclipse.

Beware that once pcscd is running and using ifdhandler JCOPSimulReader, simulator cannot be accessed anymore via

/term Remote

but exclusively via

/term PCSC

RFIDIOt

RFIDIOt contains a few tools linked to JCOP

GPShell

http://sourceforge.net/projects/globalplatform/
Could never get it working properly

GlobalPlatformPro

GlobalPlatform tool intends to replace outdated gpshell.
To compile it you need openjdk-7-jdk which at the moment seems hard to get on my Debian (old dependencies problem), so I'll stick to openjdk-8 and fetch a pre-built version here.
Usage:

java -jar gp.jar --help

Comparison

Shopping