Search code examples
javacardglobalplatform

What is the functionality of selectingApplet() method in JAVACARD2.2

As mentioned in JavaCard 2.2 APIs documents here, selectingApplet() is a method that is used by the applet process() method to distinguish the SELECT APDU command which selected this applet, from all other SELECT APDU commands which may relate to file or internal applet state selection and it returns true if this applet is being selected.

My question is that Why we need this method? and even more general : Why the selected applet need to receive SELECT-applet commands? I think the only entity that need to know SELECT-applet APDUs is JCRE.

I suggest the below scenario :

  1. JCRE receive the APDU command from the CAD
  2. Check it to see if it is a SELECT APDU command or not.
  3. If it is not a SELECT APDU command, It sends the received APDU to the process() method of selected Applet. and the selected applet interpret and execute it (using switches and if expressions and no need to use selectingApplet() method)
  4. if it is a SELECT APDU command, check the length of the Data Field of the command to see if it is a SELECT File or it is a SELECT Applet.
  5. if it is SELECT File command, JCRE send it to the process() method of selected applet again. but if it is a SELECT Applet coomand, JCRE invoke deselet() method of currently selected applet and then invoke select() method of the new requested applet. and after receiving True, make it selected and wait for next APDU command.(and even no need to send the previous SELECT-Applet APDU command to process() method of this new selected applet)

What is wrong with the above implementation? and what is the advantages of current implementation in JC 2.2 (that sends all the receive APDUs to the process() method of currently selected applet and the selectingApplet() distinguish different SELECT commands)

I think the current implementation providing a vulnerability! if a programmer implement his/her applet in a way that its process() method writes all of received APDUs in EEPROM, the he/she can retrieve AID of some other installed applets on the card. is this right?

Solution

  • You can use SELECT to distinguish between default selection after an ATR (a Global Platform option) and normal selection though SELECT. In other words, distinguish between being in the MF or application DF. The method select() will be called in both cases.

    Furthermore, SELECT where P1 is different from 04 may return (FCI/FCP) data to the terminal. The runtime would not know what to return, as that is application specific.

    selectingApplet() is very useful as you can immediately see that the Applet actually got (re-)selected with this method. If the applet gets reselected you may want to do some internal housekeeping, but you certainly don't want to return a status word indicating an error. An error would indicate that the APDU failed and this is inconsistent with the fact that the applet was selected by the runtime.