What exactly is the class byte in JavaCard?

孤街醉人 提交于 2020-01-02 07:06:29

问题


I've started to work with the JavaCards and trying to grasp the sense of CLA byte.

If to read RFC 5.4.1 Class byte

5.4.1 Class byte

According to table 8 used in conjunction with table 9, the class byte CLA of a command is used to indicate to what extent the command and the response comply with this part of ISO/IEC 7816 and when applicable (see table 9), the format of secure messaging and the logical channel number.

So... CLA flag is used for the indication, but what exact? Because, the table and description as for the beginner is rather difficult, I understand that usually are used the next CLA bytes: 0x00, 0x80, 0x84.

For e.g. if to read the content from table:

  • 0X' Structure and coding of command and response according to this part of ISO/IEC 7816 (for coding of 'X' see table 9)

  • 10 to 7F RFU

  • Reserved for PTS

I understand that for the fine developing - I should read GlobalPlatform specification, the specification about the exact card (mine is NXP one) and other related materials, but I want to admit, that it's difficult to understand the content.

I've expected the following (pseudo-table):

  • 0x00 -> for reading streams from file system
  • 0x01 -> for writing byte buffer to memory blocks
  • 0x02 -> call AES/RSA methods

回答1:


The CLASS byte is defined in ISO 7816-4. The first bit indicates the interindustry class. Java Card applets shall operate in this interindustry standard. Global Platform is another specification to manage and maintain the card and all commands will have class byte 0x80 - 0x8F. Class byte 0xFF is used for communication with the card reader in some cases and is otherwise invalid for a card.

The interindustry meaning for the CLA serves 3 major functions:

Function 1: Chaining
bit5 = 1 signalizes that the current command is not the last command of a chain, meaning that multiple APDUs all belong together and the card may therefore do additional things

Function 2: Secure Messaging
bit4+3 serve to signalize the secure messaging status of the current command. This means that the APDU is authenticated(e.g. MACed) and the data is encrypted(e.g. block cipher). The command header is never encrypted.

Function 3: Logical Channel
bit2+1 serve to identify the logical channel number. Logical channels are parallel communication interfaces through the card, therefore an applet A can be selected on Channel 0 and an applet B can be selected on Channel 1 while both applets remain in their internal state(no RAM is reset). Most cards do not support logical channels or you have to enable them explicitly.

CLA byte is a typical trap for Java Card beginners and its usually best that you leave at 0x00 for the start.



来源:https://stackoverflow.com/questions/34929164/what-exactly-is-the-class-byte-in-javacard

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!