Creation of SSD fails with 0x6A80

[huckym]

Describe the bug

Creation of SSD with --domain $DOMAIN fails with 0x6A80

Information about your card

As much information as you have:

1. Vendor: NXP
2. Product: P71D321
3. Version: JC 3.0.5 with GPpro build on master branch head

Expected behavior

An SSD should get created

Full log

java -jar build/gp.jar -dvi --domain 0101010101010101 --allow-from --allow-to
# gp -dvi --domain 0101010101010101 --allow-from --allow-to
# GlobalPlatformPro f96fac5
# Running on Mac OS X 13.0.1 aarch64, Java 17.0.5 by Oracle Corporation
[DEBUG] TerminalManager - Processing 1 readers with null as preferred and null as ignored
SCardConnect("ACS ACR39U ICC Reader", T=*) -> T=1, 3BFA180000910131FE4550564A434F503453494482
A>> T=1 (4+0000) 00A40400 00 
A<< (0018+2) (18ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
A>> T=1 (4+0000) 80CA9F7F 00 
A<< (0045+2) (15ms) 9F7F2A4790D321470000000000103925201720050500000000000000000B996A35323031370000000000000000 9000
[DEBUG] GPData - 0x0000/0xFFFF does not represent a valid date
[DEBUG] GPData - 0x0000/0xFFFF does not represent a valid date
[DEBUG] GPData - 0x0000/0xFFFF does not represent a valid date
[WARN] GPData - Invalid CPLC date: 6A35
[DEBUG] GPData - 0x0000/0xFFFF does not represent a valid date
CPLC: ICFabricator=4790
      ICType=D321
      OperatingSystemID=4700
      OperatingSystemReleaseDate=0000 (invalid date format)
      OperatingSystemReleaseLevel=0000
      ICFabricationDate=1039 (2021-02-08)
      ICSerialNumber=25201720
      ICBatchIdentifier=0505
      ICModuleFabricator=0000
      ICModulePackagingDate=0000 (invalid date format)
      ICCManufacturer=0000
      ICEmbeddingDate=0000 (invalid date format)
      ICPrePersonalizer=0B99
      ICPrePersonalizationEquipmentDate=6A35 (invalid date format)
      ICPrePersonalizationEquipmentID=32303137
      ICPersonalizer=0000
      ICPersonalizationDate=0000 (invalid date format)
      ICPersonalizationEquipmentID=00000000

A>> T=1 (4+0000) 80CA0042 00 
A<< (0000+2) (11ms) 6A88
[DEBUG] GPData - GET DATA(IIN): N/A
A>> T=1 (4+0000) 80CA0045 00 
A<< (0000+2) (11ms) 6A88
[DEBUG] GPData - GET DATA(CIN): N/A
A>> T=1 (4+0000) 80CA00CF 00 
A<< (0012+2) (10ms) CF0A00000000000000000000 9000
KDD: CF0A00000000000000000000
A>> T=1 (4+0000) 80CA00C1 00 
A<< (0004+2) (13ms) C102013F 9000
SSC: C102013F
Card Data: 
A>> T=1 (4+0000) 80CA0066 00 
A<< (0079+2) (22ms) 664D734B06072A864886FC6B01600B06092A864886FC6B020203630906072A864886FC6B03640B06092A864886FC6B040255650D060B2A864886FC6B0507020000660C060A2B060104012A026E0103 9000
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.3
-> GP Version: 2.3
Tag 63: 1.2.840.114283.3
-> GP card is uniquely identified by the Issuer Identification Number (IIN) and Card Image Number (CIN)
Tag 6: 1.2.840.114283.4.2.85
-> GP SCP02 i=55
Tag 66: 1.3.6.1.4.1.42.2.110.1.3
-> JavaCard v3
Card Capabilities: 
A>> T=1 (4+0000) 80CA0067 00 
A<< (0038+2) (15ms) 6724A0098001028104153555758103E5BEC082031E030083010284010285017B86010C87017B 9000
Supports SCP02 i=15 i=35 i=55 i=75
Supported DOM privileges: SecurityDomain, DAPVerification, DelegatedManagement, CardReset, MandatedDAPVerification, TrustedPath, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration, CipheredLoadFileDataBlock
Supported APP privileges: CardLock, CardTerminate, CardReset, CVMManagement, FinalApplication, GlobalService
Supported LFDB hash: SHA-256
Supported Token Verification ciphers: RSA1024_SHA1, RSAPSS_SHA256, CMAC_AES128, CMAC_AES192, CMAC_AES256, ECCP256_SHA256
Supported Receipt Generation ciphers: DES_MAC, CMAC_AES128
Supported DAP Verification ciphers: RSA1024_SHA1, RSAPSS_SHA256, CMAC_AES128, CMAC_AES192, CMAC_AES256, ECCP256_SHA256
A>> T=1 (4+0000) 80CA00E0 00 
A<< (0020+2) (15ms) E012C00401018010C00402018010C00403018010 9000
Version:   1 (0x01) ID:   1 (0x01) type: DES3         length:  16
Version:   1 (0x01) ID:   2 (0x02) type: DES3         length:  16
Version:   1 (0x01) ID:   3 (0x03) type: DES3         length:  16

# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
A>> T=1 (4+0008) 80500000 08 CC4BE56C5433E963 00
A<< (0028+2) (45ms) 000010392520172005050102013F4AA28BCA299352C82A60BD15238D 9000
[DEBUG] GPSession - KDD: 00001039252017200505
[DEBUG] GPSession - SSC: 013F
[DEBUG] GPSession - Host challenge: CC4BE56C5433E963
[DEBUG] GPSession - Card challenge: 013F4AA28BCA2993
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=B3605EC31C9B34492A49959C8FEB96B6 MAC=53821AA5C1E94A79098A680972347B9C RMAC=12261BDE5B69817CA73F2282FE444C79
[DEBUG] GPSession - Verified card cryptogram: 52C82A60BD15238D
[DEBUG] GPSession - Calculated host cryptogram: AC7EF51B4E299B76
A>> T=1 (4+0016) 84820100 10 AC7EF51B4E299B76FF6BA47CED8BF37D
A<< (0000+2) (25ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F0080FC548BBE530B1B 00
A<< (0040+2) (26ms) E3264F08A0000001510000009F700107C5039EFE80C407A0000001515350CC08A000000151000000 9000
A>> T=1 (4+0010) 84F24002 0A 4F00E035214FC6FA9FD9 00
A<< (0000+2) (18ms) 6A88
A>> T=1 (4+0010) 84F21002 0A 4F00FC1968D81BC5CCA8 00
A<< (0039+2) (26ms) E3254F07A00000015153509F700101CE02FFFF8408A000000151535041CC08A000000151000000 9000
A>> T=1 (4+0010) 84F22002 0A 4F000338059EE0D22FD7 00
A<< (0029+2) (22ms) E31B4F07A00000015153509F700101CE02FFFFCC08A000000151000000 9000
# Note: using detected default AID-s for SSD instantiation: A000000151535041 from A0000001515350
# Final parameters: 810202008202202087022020
A>> T=1 (4+0052) 84E60C00 34 07A000000151535008A00000015153504108010101010101010101800EC90C810202008202202087022020007EAA92F259A8AD73
A<< (0000+2) (195ms) 6A80
Error: INSTALL [for install and make selectable] failed: 0x6A80 (Wrong data/incorrect values in data)
SCardDisconnect("ACS ACR39U ICC Reader", false) tx:201/rx:384 in 551ms

Here is the output of --list

# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (INITIALIZED)
     Parent:   A000000151000000
     From:     A0000001515350
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  255.255
     Applet:   A000000151535041

Additional context

No difference if i exclude one or both extradition flags. Same error happens even with next branch build. Also same error with SLC36 javacard 3.0.5

[martinpaljak]

Do turn off the automagic installation parameters generation with -F and do not indicate any "permissions" for the SSD (--allow-*). After what you need to provide necessary installation parameters yourself (see line # Final parameters: 810202008202202087022020)

[huckym]

Thanks @martinpaljak Tried that but still get 0x6A80

# gp -dviF --domain 0101010101010101 --params 810202008202202087022020 --key 404142434445464748494A4B4C4D4E4F
# GlobalPlatformPro 21.12.32
# Running on Mac OS X 13.0.1 aarch64, Java 17.0.5 by Oracle Corporation
[DEBUG] TerminalManager - Processing 1 readers with null as preferred and null as ignored
SCardConnect("ACS ACR39U ICC Reader", T=*) -> T=1, 3BFA180000910131FE4550564A434F503453494482
A>> T=1 (4+0000) 00A40400 00 
A<< (0018+2) (18ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
A>> T=1 (4+0000) 80CA9F7F 00 
A<< (0045+2) (15ms) 9F7F2A4790D321470000000000103925201720050500000000000000000B996A35323031370000000000000000 9000
[DEBUG] GPData - 0x0000/0xFFFF does not represent a valid date
[DEBUG] GPData - 0x0000/0xFFFF does not represent a valid date
[DEBUG] GPData - 0x0000/0xFFFF does not represent a valid date
[WARN] GPData - Invalid CPLC date: 6A35
[DEBUG] GPData - 0x0000/0xFFFF does not represent a valid date
CPLC: ICFabricator=4790
      ICType=D321
      OperatingSystemID=4700
      OperatingSystemReleaseDate=0000 (invalid date format)
      OperatingSystemReleaseLevel=0000
      ICFabricationDate=1039 (2021-02-08)
      ICSerialNumber=25201720
      ICBatchIdentifier=0505
      ICModuleFabricator=0000
      ICModulePackagingDate=0000 (invalid date format)
      ICCManufacturer=0000
      ICEmbeddingDate=0000 (invalid date format)
      ICPrePersonalizer=0B99
      ICPrePersonalizationEquipmentDate=6A35 (invalid date format)
      ICPrePersonalizationEquipmentID=32303137
      ICPersonalizer=0000
      ICPersonalizationDate=0000 (invalid date format)
      ICPersonalizationEquipmentID=00000000

A>> T=1 (4+0000) 80CA0042 00 
A<< (0000+2) (11ms) 6A88
[DEBUG] GPData - GET DATA(IIN): N/A
A>> T=1 (4+0000) 80CA0045 00 
A<< (0000+2) (20ms) 6A88
[DEBUG] GPData - GET DATA(CIN): N/A
A>> T=1 (4+0000) 80CA00CF 00 
A<< (0012+2) (14ms) CF0A00000000000000000000 9000
KDD: CF0A00000000000000000000
A>> T=1 (4+0000) 80CA00C1 00 
A<< (0004+2) (13ms) C1020152 9000
SSC: C1020152
Card Data: 
A>> T=1 (4+0000) 80CA0066 00 
A<< (0079+2) (21ms) 664D734B06072A864886FC6B01600B06092A864886FC6B020203630906072A864886FC6B03640B06092A864886FC6B040255650D060B2A864886FC6B0507020000660C060A2B060104012A026E0103 9000
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.3
-> GP Version: 2.3
Tag 63: 1.2.840.114283.3
-> GP card is uniquely identified by the Issuer Identification Number (IIN) and Card Image Number (CIN)
Tag 6: 1.2.840.114283.4.2.85
-> GP SCP02 i=55
Tag 66: 1.3.6.1.4.1.42.2.110.1.3
-> JavaCard v3
Card Capabilities: 
A>> T=1 (4+0000) 80CA0067 00 
A<< (0038+2) (15ms) 6724A0098001028104153555758103E5BEC082031E030083010284010285017B86010C87017B 9000
Supports SCP02 i=15 i=35 i=55 i=75
Supported DOM privileges: SecurityDomain, DAPVerification, DelegatedManagement, CardReset, MandatedDAPVerification, TrustedPath, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration, CipheredLoadFileDataBlock
Supported APP privileges: CardLock, CardTerminate, CardReset, CVMManagement, FinalApplication, GlobalService
Supported LFDB hash: SHA-256
Supported Token Verification ciphers: RSA1024_SHA1, RSAPSS_SHA256, CMAC_AES128, CMAC_AES192, CMAC_AES256, ECCP256_SHA256
Supported Receipt Generation ciphers: DES_MAC, CMAC_AES128
Supported DAP Verification ciphers: RSA1024_SHA1, RSAPSS_SHA256, CMAC_AES128, CMAC_AES192, CMAC_AES256, ECCP256_SHA256
A>> T=1 (4+0000) 80CA00E0 00 
A<< (0020+2) (15ms) E012C00401018010C00402018010C00403018010 9000
Version:   1 (0x01) ID:   1 (0x01) type: DES3         length:  16
Version:   1 (0x01) ID:   2 (0x02) type: DES3         length:  16
Version:   1 (0x01) ID:   3 (0x03) type: DES3         length:  16

[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
A>> T=1 (4+0008) 80500000 08 25542DB472197070 00
A<< (0028+2) (45ms) 00001039252017200505010201524EDBEED29DE782EC9FF4CAA6A2D1 9000
[DEBUG] GPSession - KDD: 00001039252017200505
[DEBUG] GPSession - SSC: 0152
[DEBUG] GPSession - Host challenge: 25542DB472197070
[DEBUG] GPSession - Card challenge: 01524EDBEED29DE7
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=0E09C18C699B5017DA8BCF3387BCB46E MAC=CC00027865EE398DB332B38088103004 RMAC=2D1DCDEBC5E3A272361860E5F60B237F
[DEBUG] GPSession - Verified card cryptogram: 82EC9FF4CAA6A2D1
[DEBUG] GPSession - Calculated host cryptogram: 81EEC8F027D4E71C
A>> T=1 (4+0016) 84820100 10 81EEC8F027D4E71C2B739AE9F74BD743
A<< (0000+2) (25ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F002D7E6B412AB8EA9D 00
A<< (0040+2) (25ms) E3264F08A0000001510000009F700107C5039EFE80C407A0000001515350CC08A000000151000000 9000
A>> T=1 (4+0010) 84F24002 0A 4F007E606D530479CE3E 00
A<< (0051+2) (27ms) E3314F0EEEFF00112233445566778899AA019F700107C503000000C40CEEFF00112233445566778899CC08A000000151000000 9000
A>> T=1 (4+0010) 84F21002 0A 4F002603EF6345EAF617 00
A<< (0089+2) (37ms) E3254F07A00000015153509F700101CE02FFFF8408A000000151535041CC08A000000151000000E3304F0CEEFF001122334455667788999F700101CE020100840EEEFF00112233445566778899AA01CC08A000000151000000 9000
A>> T=1 (4+0010) 84F22002 0A 4F0006CA36FDAD0A26E3 00
A<< (0063+2) (33ms) E31B4F07A00000015153509F700101CE02FFFFCC08A000000151000000E3204F0CEEFF001122334455667788999F700101CE020100CC08A000000151000000 9000
# Note: using detected default AID-s for SSD instantiation: A000000151535041 from A0000001515350
# Final parameters: 810202008202202087022020
A>> T=1 (4+0052) 84E60C00 34 07A000000151535008A00000015153504108010101010101010101800EC90C810202008202202087022020001CDC2B8AF3DF5DC5
A<< (0000+2) (234ms) 6A80
Error: INSTALL [for install and make selectable] failed: 0x6A80 (Wrong data/incorrect values in data)
SCardDisconnect("ACS ACR39U ICC Reader", false) tx:201/rx:519 in 632ms