Re: [Muscle] PIV II (SP800-73) Applets (open source)

Thu, 29 Sep 2005 11:23:58 -0700 

David Corcoran wrote:


Hi,
We are happy to release some open source PIV-II like applets produced by Michigan State University Computer Science Students under the direction of Identity Alliance. They can be downloaded under a BSD license at the following link: 

http://www.identityalliance.com/downloads/PIV-II-MSU.zip
There are some subtle differences between these applets and the final PIV specification as they were working on this early in the semester while PIV-II was still in transition. Nevertheless you will hopefully find these to be of use as you are looking at PIV-II implementations .... 



Yes, these look interesting.  I got the MSU PIV applet to load on a
Oberthur Java card using their Id-One CosmopolIC Dev kit. The card is
a Java 2.2 card with Global Platform 2.1.1 installed.

I understand that this applet was done early on, and it is not
complete. I have some comments anyway in case any one is planing on
further improvements:

 o The program and applet use an AID of: 11 22 33 44 55 66
   but SP800-73 says it should be A0 00 00 xx xx ...
   This is a minor problem, and might be override able using the
   application loading tool.

 o SP800-73 says the SELECT card command says it should return
   "application property template", which looks like an FCI to me.
   The applet returns no data, only 90 00.

 o The code does not yet know about OIDs, as stated in the
   "Implementation Notes.txt" file. So it make it hard to
   do any real testing.

 o The General Authenticate only uses single DES, as indicated
   in the code, as cards used for test did not have triple des.
   I used the application defined 0xAD command to get a des key.
   I can ask for the challenge, encrypt it and send to the card,
   which appears to work as the command return 90 00.

o  But when trying the GENERATE ASYMMETRIC KEY PAIR it is returning
   6A 86. It looks like the GenerateKeyPairRSA routine is
   expecting the keyReference to be between 0 and 32. SP800-73
   lists in Table 12 Key Reference Values and I was trying to use 9A
   to match the "X.509 Certificate for PIV Authentication.
Special thanks to: Ben Aiken, Kevin Edwards, Archit Gulati, Steven Hemingray, Lawrence Judd, Brett Reidsma for their hard work this semester. 



Yes, thanks, as this looks like it was a lot of work, based on an
incomplete specification. I would hope that a follow on project could
address some of the above issues, and add the additional OID and
chaining features.
There is also a nice demo which uses these applets that is written in Java on top of the Axalto (formerly Schlumberger) toolkit (IOP) demonstrating different Access Control conditions (in a nice GUI showing physical access). You must have the Axalto toolkit to make this work (I can send the additional MSU code if you contact me directly ....) 

Thanks,
Dave


Below is the license:

Copyright (c) 2005 Identity Alliance, Ben Aiken,
Kevin Edwards, Archit Gulati, Steven Hemingray,
Lawrence Judd, Brett Reidsma

All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products
   derived from this software without specific prior written  permission.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED  WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF  USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
------------------------------------------------------------------------ ------------ 
David Corcoran        [EMAIL PROTECTED]
  Identity Alliance        http://www.identityalliance.com
  phone: 260-488-3099   fax: 260-488-2455

  Smart Cards, Biometrics, Training, Identity Management
------------------------------------------------------------------------ ------------- 


_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle





--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to