globalplatform icon indicating copy to clipboard operation
globalplatform copied to clipboard

Published 20 hours ago verified publisher icon kaoh

Large STORE DATA impossible to send

Open antonio-fr opened this issue 1 year ago • 5 comments

Since a line is limited to 1024, and data is hex encoded, it is not possible to send data larger than ~490 bytes. The buffer size is defined at compile time, and hardcoded.

One of our own applet uses direct personalization and STORE DATA to setup a x509 certificate, which is around 600 bytes large. This is not possible to use a store_data command line to upload it using this software. This is sad, as this software correctly -and automatically- performs the commands chaining to send multiple data blocks. Also, the data buffer is set to 4096 bytes. But this is limited by this hard limit of 1024 bytes per command line.

We are using the standard input to send command lines to the binary exe. The issue is that it cuts the lines which are greater to 1024 bytes. What is after 1024 bytes, is seen as new line.

I think of several ways to solve this issue:

  • Add some note in the documentation to tell about this limitation
  • Increase the buffer size to a value large enough for smartcards = 16384 bytes ?
  • Only enlarge the buffer for data and a command line
  • Make the BUFLEN a customizable parameter for the user : CLI argument, env var, ... So this value would be defined at startup.

Technically, the main culprit seems to be here: https://github.com/kaoh/globalplatform/blob/4f26a8e30058d059aa6b7e7c8c65b07346f04494/gpshell/src/gpshell.c#L276 This is used in handleCommands, and also in handleOptions.

antonio-fr avatar Apr 11 '24 01:04 antonio-fr

It may also come from this part: https://github.com/kaoh/globalplatform/blob/4f26a8e30058d059aa6b7e7c8c65b07346f04494/gpshell/src/gpshell.c#L991 The parsed buffer "buf" is limited in size.

antonio-fr avatar Apr 11 '24 01:04 antonio-fr

Hi Antonio, you are using the install_for_personalization and store_data -dataFormat format -dataEncryption encryption -data data command? I can look into increasing the buffer size then. Can you try to make your suggested changes (increase BUFLEN) and give it a try?

koh-osug avatar Apr 11 '24 10:04 koh-osug

No. I'm using direct perso store_data. More precisely, after selecting the applet (not SD), and opening a secure channel with it: store_data -dataFormat 0x08 -data xxxx

I didn't want to spend time to compile, I can give a quick try bc I have the VC tools and cmake already.

antonio-fr avatar Apr 11 '24 13:04 antonio-fr

I modified to #define BUFLEN 8192 and compiled (was not so hard). And store_data works with the 550 bytes payload (1200 bytes command line).

antonio-fr avatar Apr 11 '24 13:04 antonio-fr

Great! I have pushed an update to main and the next release will contain the enhancement.

koh-osug avatar Apr 11 '24 17:04 koh-osug