Android HCE: are there rules for AID?

人走茶凉 提交于 2019-12-18 02:57:54

问题


I'm trying to use an ACR122 NFC reader to select an application emulated in one Nexus 5 using Android Host Card Emulation. However, small AIDs are not recognized.

My goal is to use a three byte long AID, as I do in a DESfire card. My first goal is only to be able to do a SELECT command.

My test app uses the following configuration for AIDs:

<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android"
android:description="@string/service_descr"
android:requireDeviceUnlock="false" >

    <aid-group
        android:category="other"
        android:description="@string/aid_descr" >
            <aid-filter android:name="A0A1A2" />
            <aid-filter android:name="B0B1B2B3" />
            <aid-filter android:name="C0C1C2C3C4" />
            <aid-filter android:name="D0D1D2D3D4D5" />
            <aid-filter android:name="E0E1E2E3E4E5E6" />
    </aid-group>

</host-apdu-service>

If I run the following APDUs:

00 a4 04 00 03 a0 a1 a2 00
00 a4 04 00 04 b0 b1 b2 b3 00
00 a4 04 00 05 c0 c1 c2 c3 c4 00
00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00
00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00

I always get the following responses:

=> 00 a4 04 00 03 a0 a1 a2 00 
<= 6f 00 
=> 00 a4 04 00 04 b0 b1 b2 b3 00 
<= 6a 82 
=> 00 a4 04 00 05 c0 c1 c2 c3 c4 00 
<= 90 00 
=> 00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00 
<= 90 00 
=> 00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00 
<= 90 00 

So, only AIDs with length greater than 5 bytes will work with Android? Or am I doing something really wrong?


回答1:


The rules for smartcard application identifiers (AIDs) are defined in ISO/IEC 7816-4. An AID may consist of up to 16 bytes. Based on the first 4 bits, AIDs are divided into different groups. The most relevant groups defined in ISO/IEC 7816-4 are:

  • AIDs starting with 'A': internationally registered AIDs
  • AIDs starting with 'D': nationally registered AIDs
  • AIDs starting with 'F': proprietary AIDs (no registration)

For (inter)nationally registered AIDs, the AID is split into two parts, a 5-byte mandatory RID (registered application provider identifier), and an optional PIX (proprietary application identifier extension) of up to 11 bytes.

For proprietary AIDs (F...) ISO/IEC 7816-4 does not clearly mandate any minimum length requirements.

In addition to this, when it comes to HCE and routing of card emulation communication from the NFC controller to secure elements or the application processor, there is the NFC Forum NCI specification. This specification mandates an AID (used in AID-based routing entries) to be between 5 and 16 bytes. Btw. the same limitation applies to smartcards following the Java Card specifications.

When it comes to Android, there is a hard-coded requirement that AIDs received in a SELECT command consist of at least 5 bytes:

  • In method resolveAid() in RegisteredAidCache.java on line 142
  • In method findSelectAid() in HostEmulationManager.java on line 390 (which actually causes the odd behavior that the 4 byte AID is rejected with a "File or application not found" (6A82) status word as the check does not properly account for the Le byte)



回答2:


According to EMV standards, an AID is made up of a Registered Application Provider Identifier (RID) having a minimum of 5 bytes, and an optional Application Identifier Extension (PIX) or proprietary Application Identifier having a maximum length of 11 bytes, which together make up the Application ID (AID), thus, the application ID can never be less than 5 bytes in length. If there are several applications present in the card, the AIDs will have the optional app identifiers appended to the RID to differentiate between the applications present in the card. Please read up on EMV standards on their site: EMVCO, and especially their books, Book 1 to Book 4, to understand more in this.



来源:https://stackoverflow.com/questions/27533193/android-hce-are-there-rules-for-aid

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!