ISO 7816-4: Annex A: Transportation of APDU messages by T=0

http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-a.aspx

Annex A: Transportation of APDU messages by T=0

• A.1 Case 1
• A.2 Case 2 Short
• A.2S.1 Le accepted
• A.2S.2 Le definitely accepted
• A.2S.3 Le not accepted, La indicated
• A.2S.4 SW1-SW2='9XYZ', except '9000'
• A.3 Case 3 Short
• A.4 Case 4 Short
• A.4S.1 Command not accepted
• A.4S.2 Command accepted
• A.4S.3 Command accepted with information added
• A.4S.4 SW1-SW2='9XYZ', except '9000'
• A.5 Case 2 Extended
• A.2E.1 Le<=256, B1='00', B2B3 from '0001' to '0100'
• A.2E.2 Le>256, B1='00', B2B3=either '0000' or from '0101' to 'FFFF'
• A.6 Case 3 Extended
• A.3E.1 0<Lc<256, B1='00', B2='00', B3!='00'
• A.3E.2 Lc>255, B1='00', B2!='00', B3=any value
• A.7 Case 4 Extended
• A.4E.1 Lc<256, B1='00', B2='00', B3!='00'
• A.4E.2 Lc>255, B1='00', B2!='00', B3=any value

A.1 Case 1

The command APDU is mapped onto the T=0 command TPDU by assigning the value '00' to P3.

Command APDU

CLA INS P1 P2

Command TPDU

CLA INS P1 P2

P3='00'

The response TPDU is mapped onto the response APDU without any change.

Response APDU	SW1 SW2
Response TPDU	SW1 SW2

A.2 Case 2 Short

It this case, Le is valued from 1 to 256 and coded on byte B1 (B1='00' means maximum, i.e. Le=256).

The command APDU is mapped onto the T=0 command TPDU without any change.

C-APDU

CLA INS P1 P2

Le=B1

C-TPDU

CLA INS P1 P2

P3=B1

The response TPDU is mapped onto the response APDU according to the acceptance of Le and according to the processing of the command.

• Case 2S.1 - Le accepted

  The response TPDU is mapped onto the the response APDU without any change.

  R-APDU

  Le bytes

  SW1 SW2

  R-TPDU

  Le bytes

  SW1 SW2

• Case 2S.2 - Le definitely not accepted

  Le is not accepted be the card which does not support the service of providing data if the length is wrong.

  The response TPDU from the card indicates that the card aborts the command because of wrong length (SW1='67'). The response TPDU is mapped onto the response APDU without any change.

  R-APDU	SW1='67' SW2
  R-TPDU	SW1='67' SW2

• Case 2S.3 - Le not accepted, La indicated

  Le is not accepted by the card and the card indicates the available length La.

  The response TPDU from the card indicates that the command is aborted due to a wrong length and that the right length is La: (SW1='6C' and SW2 codes La).

  If the transmission system does not support the service of re-issuing the same command, it shall map the response TPDU onto the response APDU without any change.

  R-APDU	SW1='6C' SW2=La
  R-TPDU	SW1='6C' SW2=La

  If the transmission system supports the service of reissuing the same command, it shall re-issue the same command TPDU assigning the value La to parameter P3.

  C-TPDU

  CLA INS P1 P2

  P3=SW2

  The response TPDU consists of La bytes followed by two status bytes.

  If La is smaller that or equal to Le, then the response TPDU is mapped onto the response APDU without any change.

  R-APDU

  La bytes

  SW1 SW2

  R-TPDU

  La bytes

  SW1 SW2

  If La is greater that Le, then the response TPDU is mapped onto the response APDU by keeping only the first Le bytes of the body and the status bytes SW1-SW2.

  R-APDU

  Le (< La) bytes

  SW1 SW2

  R-TPDU

  La bytes

  SW1 SW2

• Case 2S.4 - SW1-SW2='9XYZ', expect '9000'

  The response TPDU is mapped on the response APDU without any change.

A.3 Case 3 Short

In this case, Lc is valued from 1 to 255 and coded on byte B1 (='00').

The command APDU is mapped onto the T=0 command TPDU without any change.

C-APDU

CLA INS P1 P2

Lc=B1

Lc bytes

C-TPDU

CLA INS P1 P2

P3=B1

Lc bytes

The response TPDU is mapped onto the response APDU without any change.

R-APDU	SW1 SW2
R-TPDU	SW1 SW2

A.4 Case 4 Short

In this case, Lc is valued from 1 to 255 and coded on byte B1. Le is valued from 1 to 256 and coded on byte Bl (Bl='00' means maximum i.e. Le=256).

The command APDU is mapped onto the T=0 command TPDU by cutting the last byte of the body.

C-APDU

CLA INS P1 P2

Lc=B1

Lc bytes

Bl

C-TPDU

CLA INS P1 P2

P3=B1

Lc bytes

• Case 4S.1 - Command not accepted

  The first response TPDU from the card indicates that the card aborted the command: SW1='6X', except '61'.

  The response TPDU is mapped onto the response APDU without any change.

  R-APDU	SW1='6X' SW2
  R-TPDU	SW1='6X' SW2

• Case 4S.2 - Command accepted

  The first response TPDU from the card indicates that the card performed the command: SW1-SW2='9000'.

  R-TPDU

  SW1='90' SW2='00'

  The transmission system shall issue a GET RESPONSE command TPDU to the card by assigning the value Le to parameter P3.

  C-TPDU

  CLA INS=GET_RESPONSE P1 P2

  P3=Bl

  Depending on the second response TPDU from the card, the transmission system shall react as described in cases 2S.1, 2S.2 and 2S.4 above.

• Case 4S.3 - Command accepted with information added

  The first response TPDU from the card indicates that the card perfomed the command and gives information on the length of data bytes available: SW1='61' and SW2 codes Lx.

  R-TPDU

  SW1='61' SW2=Lx

  The transmission system shall issue a GET RESPONSE command TPDU to the card by assigning the minimum of Lx and Le to parameter P3.

  TPDU

  CLA INS=GET_REPONSE P1 P2

  P3=min(Le,Lx)

  The second response TPDU is mapped onto the response APDU without any change.

  R-APDU

  P3 bytes

  SW1 SW2

  R-TPDU

  P3 bytes

  SW1 SW2

• Case 4S.4 - SW1-SW2='9XYZ', except '9000'

  The response TPDU is mapped onto the response APDU without any change.

A.5 Case 2 Extended

In this case, Le is valued from 1 to 65536 and coded in 3 bytes (B1)='00', (B2||B3)=any value (B2 and B3 valued to '0000' means maximum, i.e. Le=65536).

C-APDU

CLA INS P1 P2

B1='00' B2B3=Le

• Case 2E.1 - Le<=256, B1='00', B2B3 from '0001'-'0100'

  The command APDU shall be mapped onto the command TPDU by assigning the value of B3 to parameter P3.
  The processing by the transmission system shall be according to case 2S. <1..256 Bytes>

  C-TPDU

  CLA INS P1 P2

  P3=B3

• Case 2E.2 - Le>256, B1='00', B2B3=either '0000' or from '0101' to 'FFFF'

  The command APDU shall be mapped onto the command TPDU by assigning the value of '00' to parameter P3.

  C-TPDU

  CLA INS P1 P2

  P3='00'

  • if the first response TPDU from the card indicates that the command is aborted due to a wrong length
    and that the right length is La (SW1='6C' and SW2=La),
    then the transmission system shall complete the processing as described in case 2S.3.
  • If the first response TPDU is 256 bytes of data followed by SW1-SW2='9000',
    this means that the card has no more that 256 bytes of data,
    and/or does not support the GET REPONSE command.
    The transmission system shall then map the response TPDU onto the response APDU without any change. 
    

    R-APDU

    256 bytes

    SW1='90' SW2='00'

    R-TPDU

    256 bytes

    SW1='90' SW2='00'

  • If the first or subsequent response TPDU from the card is SW1='61', then SW2 codes Lx
    which is the extra amount of bytes available from the card (SW2 valued to '00' indicates 256 extra bytes or more),
    the transmission system shall compute Lm=Le (sum of the lengths of the bodies of the prviously received response TPDU(s)) to obtain the amount of remaining bytes to be retrieved from the card.

    If Lm=0, then the transmission system shall concatenate the bodies of all received response TPDUs
    together with the trailer of the last received response TPDU into the response APDU.

    If Lm>0, then the transmission system shall issue a GET RESPONSE command TPDU by assigning the minimum of Lx and Lm to parameter P3.
    The corresponding response TPDU from the card shall be processed

    • according to case d), if SW1='61'
    • as above when Lm=0, if SW1='9X'

A.6 Case 3 Extended

In this case Lc is valued from 1 to 65535 and coded on 3 bytes: (B1)='00', (B2||B3)!='0000'.

C-APDU

CLA INS P1 P2

B1='00' B2B3=Lc

Lc bytes

• Case 3E.1 - 0<Lc<256, B1='00', B2='00', B3!='00'

  The command APDU is mapped onto the command TPDU by assigning the value of B3 to parameter P3.

  C-TPDU

  CLA INS P1 P2

  P3=B3

  Lc bytes

  In this case Lc is valued from 1 to 255 and codes on 1 byte. == Case 3 Short

  The response TPDU is mapped onto the response APDU without any change.

• Case 3E.2 - Lc>255, B1='00', B2!='00', B3=any value 
  If the transmission system does not support the ENVELOPE command, it shall return an error response APDU meaning that the length is wrong: SW1='67'. 
  

  R-APDU	SW1='67' SW2
  R-TPDU	SW1='67' SW2

  If the transmission system supports the ENVELOPE command, it shall split the APDU into segments of length less than 256, CLA INS P1 P2 00 B2 B3 [ ------ ]
  and send those successive segments into the bodies of consecutive ENVELOPE command TPDUs.

  C-TPDU

  CLA INS=ENVELOPE P1 P2

  P3

  P3 bytes

  If the first response TPDU from the card indicates that the card does not support the ENVELOPE command (SW1='6D'), Instruction Wrong
  the TPDU shall be mapped onto the response TPDU without any change.

  R-APDU	SW1='6D' SW2
  R-TPDU	SW1='6D' SW2

  If the first response TPDU from the card indicates that the card does support eh ENVLEOPE command (SW1-SW2='9000'),
  the transmission system shall send further ENVELOPE commands as needed.

  When the ENVELOPE command is used under T=0 for transmitting data strings,
  An empty data field in an ENVELOPE command APDU means end of data string. 
  http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_7_transmission_interindustry_commands.aspx[ 00 C2 00 00 00 ] : Last ENVELOPE TPDU

  R-TPDU

  SW1-SW2='9000'

  C-TPDU

  CLA INS=ENVELOPE P1 P2

  P3

  P3 bytes

  The resource TPDU corresponding to the last ENVELOPE command is mapped onto the response APDU without any change.

  R-APDU	SW1 SW2
  R-TPDU	SW1 SW2

A.7 Case 4 Extended

In this case Lc is valued from 1 to 65535 and coded on 3 bytes: (B1)='00', (B2||B3)!='0000', and Le is valued from 1 to 65536 and coded on 2 bytes (Bl-1||Bl)=any value (Bl-1 and Bl valued to '0000' means maximum, i.e. Le=65536).

C-APDU

CLA INS P1 P2

B1='00' B2B3=Lc

Lc bytes

Bl-1Bl=Le

• Case 4E.1 - Lc<256, B1='00', B2='00', B3!='00'

  The command APDU is mapped onto the command TPDU by cutting off the last two bytes Bl-1 and Bl and by assigning the value of B3 to parameter P3.

  C-TPDU

  CLA INS P1 P2

  P3=B3

  Lc bytes

  In this case Lc is valued from 1 to 255 bytes and coded on 1 byte.

  • If SW1='6X' in the first response TPDU from the card, then the response TPDU is mapped onto the response APDU without any change.

    R-APDU	SW1='6X' SW2
    R-TPDU	SW1='6X' SW2

  • If SW1='90' in first response TPDU from the card then

    If Le<257 (Bl-1 Bl valued from '0001' to '0100'), then the transmission system shall issue a GET RESPONSE command TPDU by assigning the value of Bl to parameter P3. The subsequent processing by the transmission system shall be according to access 2S.1, 2S.2, 2S.3 and 2S.4 above.

    If Le>256 (Bl-1 Bl valued to '0000' or more then '0100'), then the transmission system shall issue a GET RESPONSE command TPDU by assigning the value '00' to parameter P3. The subsequent processing by the transmission system shall be according to case 2E.2 above.

  • If SW1='61' in the first response TPDU from the card, then the transmission system shall proceed as specified in case 2E.2 d) above.
• Case 4E.2 - Lc>255, B1='00', B2!='00', B3=any value

  The transmission system shall go on according to case 3E.2 described above until the command APDU has been sent completely to the card. It shall then go on as described in case 4E.1 a), b) and c) described above.