应用协议数据单元(APDU)命令和响应的结构是什么? [英] What is the structure of an application protocol data unit (APDU) command and response?

问题描述

我正在尝试学习 Java卡.我才刚刚开始，还没有找到很多资源.我的第一个问题是如何理解APDU命令. (例如ISO/IEC 7816-4中定义的内容)

I am trying to learn Java Card. I have just started and have not found many resources. My first question is how to understand APDU commands. (such as those defined in ISO/IEC 7816-4)

例如，如果我看到诸如 10101010 之类的字节模式，该如何理解其含义，特别是确定 CLA 或<例如，strong> INS ?

For example, if I see a byte pattern such as 10101010 how can I understand the meaning of this, and in particular determine the CLA or INS, for example?

推荐答案

APDU命令是一列二进制数字，格式如下:

APDU commands are a queue of binary numbers in the following form:

CLA | INS | P1 | P2 | Lc | CData |

CLA | INS | P1 | P2 | Lc | CData | Le

在所有APDU命令中，前四个部分(即 CLA ， INS ， P1 和 P2 是必需的)并且每个都有一个字节的长度.这些1字节长的段分别代表Class，Instruction，Parameter1和Parameter2.

The first four sections, i.e CLA , INS , P1 and P2 are mandatory in all APDU commands and each one has one byte length. These one-byte-length sections stand for Class, Instruction, Parameter1 and Parameter2 respectively.

最后三个部分，即 Lc ， CData 和 Le 是可选的.Lc是Nc的编码，是Nc的编码CDATA字段的长度. Le是Ne的编码，然后是可能发送的最大响应数据的编码.根据这些部分的存在与否，我们对APDU命令有4种情况，如下所示:

The last three sections, i.e Lc , CData and Le are optional.Lc is the encoding of Nc, which is the encoding of the length of the CDATA field. Le is the encoding of Ne, then encoding of the maximum response data that may be send. Based on presence or absence of these sections, we have 4 case for APDU commands, as below:

• 案例1:CLA | INS | P1 | P2
• 案例2:CLA | INS | P1 | P2 | Le
• 案例3:CLA | INS | P1 | P2 | Lc | Data
• 案例4:CLA | INS | P1 | P2 | Lc | Data | Le

• Case1: CLA | INS | P1 | P2
• Case2: CLA | INS | P1 | P2 | Le
• Case3: CLA | INS | P1 | P2 | Lc | Data
• Case4: CLA | INS | P1 | P2 | Lc | Data | Le

对于不同的命令和不同的小程序，CData的长度是不同的.根据CData的长度(即Lc)和可能发送的最大响应数据的长度(即Le)，我们必须输入APDU命令的类型:

The length of CData is different for different commands and different applets. based on the length of CData (i.e Lc) and the length of maximum response data that may send (i.e Le), we have to type of APDU commands:

• 正常/短APDU 命令，当 Lc 和 Le 小于0xFF
• 扩展长度APDU 命令，当 Lc 和/或 Le 大于0xFF时.

• Normal/Short APDU commands, when Lc and Le are smaller than 0xFF
• Extended length APDU commands, when Lc and/or Le are greater than 0xFF.

所以对于这些部分的长度，我们有:

So for the length of these sections we have:

Lc :用于APDU短命令的字节为1个字节，对于APDU扩展命令的字节为3个字节(它们指定此长度，因为它足够长).

Lc : 1 byte for Short APDU commands and 3 byte (they specify this length, because its enough) for Extended APDU commands.

数据:长度不同.

Le :与 Lc 相同.

我如何理解APDU命令?

答案:

编写小程序时，可以指定小程序对将来将收到的不同APDU命令的响应.卡管理器也是一个applet.它支持的命令在卡的规格/数据表中定义.通常，几乎所有卡都是 GlobalPlatform 和

When you write an applet, you specify the response of your applet to different APDU commands that it will receive in the future. Card Manager is an applet also. The commands that it support is defined in your card's specifications/datasheet. Normally almost all cards are GlobalPlatform and ISO7816 compliant, so they must support those mandatory APDU commands that is defined in these documents. For example, as 0xA4 is defined as SELECT FILE command in ISO7816-4 standard, If you see an APDU like xx A4 xx xx is sending to Card Manager, you can conclude that it is related with SELECT FILE.

请注意，您可以为不同小程序中的不同功能选择一个值.例如，在下面的示例中，Applet1将在接收00 B0 xx xx APDU命令时返回0x6990，而Applet2将在接收同一命令时返回0x6991:

Note that you can choose one value for different functions in your different applets. For example in the following, Applet1 will return 0x6990 in the reception of 00 B0 xx xx APDU commands, while Applet2 will return 0x6991 in the reception of the same command:

Applet1:

public class SOQ extends Applet {

    private SOQ() {
    }

    public static void install(byte bArray[], short bOffset, byte bLength)
            throws ISOException {
        new SOQ().register();
    }

    public void process(APDU arg0) throws ISOException {
        byte buffer[] = arg0.getBuffer();
        
        if(buffer[ISO7816.OFFSET_CLA] == (byte) 0x00 &&buffer[ISO7816.OFFSET_INS] == (byte) 0xB0){
            ISOException.throwIt((short)0x6990);
        }

    }

}

输出:

OpenSC: opensc-tool.exe -s 00a404000b0102030405060708090000 -s 00B00000 -s 00B00
100
Using reader with a card: ACS CCID USB Reader 0
Sending: 00 A4 04 00 0B 01 02 03 04 05 06 07 08 09 00 00
Received (SW1=0x90, SW2=0x90)
Sending: 00 B0 00 00
Received (SW1=0x69, SW2=0x90)
Sending: 00 B0 01 00
Received (SW1=0x69, SW2=0x90)

Applet2:

public class SOQ extends Applet {

    private SOQ() {
    }

    public static void install(byte bArray[], short bOffset, byte bLength)
            throws ISOException {
        new SOQ().register();
    }

    public void process(APDU arg0) throws ISOException {
        byte buffer[] = arg0.getBuffer();
        
        if(buffer[ISO7816.OFFSET_CLA] == (byte) 0x00 && buffer[ISO7816.OFFSET_INS] == (byte) 0xB0){
            ISOException.throwIt((short)0x6991);
        }

    }

}

输出:

OpenSC: opensc-tool.exe -s 00a404000b0102030405060708090000 -s 00B00000 -s 00B00
100
Using reader with a card: ACS CCID USB Reader 0
Sending: 00 A4 04 00 0B 01 02 03 04 05 06 07 08 09 00 00
Received (SW1=0x90, SW2=0x00)
Sending: 00 B0 00 00
Received (SW1=0x69, SW2=0x91)
Sending: 00 B0 01 00
Received (SW1=0x69, SW2=0x91)

因此，对您的问题(我如何理解APDU命令?)的最终答案是

So the final and short answer to your question (How can I understand APDU commands?) is:

• 您正在处理小程序?

您自己定义了受支持的命令及其格式！

You defined the supported commands and their forms, yourself!

您要处理另一个applet(例如Card Manager)吗?

您需要该小程序的源代码或其有关受支持的命令及其格式的文件，或者该小程序所遵循的标准/规范(例如，用于卡管理器的全球平台).

You need the source code of that applet or its documentation about its supported commands and their forms or the standard/specification that that applet is compliant with (Global Platform for Card Managers for example).

注意:APDU响应几乎相同.

这篇关于应用协议数据单元(APDU)命令和响应的结构是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！