From 59dae9239853b4ffc5b04d17237b3a7fc5cf82a2 Mon Sep 17 00:00:00 2001
From: Christina Quast <chrysh.ng+git@gmail.com>
Date: Thu, 14 May 2015 16:58:37 +0200
Subject: [PATCH] apdu_split.py: Fixed off by one err in parsing

Parsing failed like in this dump:
('PTS: ', [255, 0])
('PTS: ', [255, 0, 255])
('APDU:', 'c0', 'a0 c0 00 00 16 c0 00 00 00 00 7f 20 02 00 00 00 00 00 09 91 00 17 04 00 00 00 83 8a 90')
ACK
('APDU:', 'a4', '00 a0 a4 00 00 02 7f 20 9f 16')
('APDU:', 'c0', 'a0 c0 00 00 16 c0 00 00 00 00 7f 20 02 00 00 00 00 00 09 91 00 17 04 00 83 8a 83 8a 90')

a0 c0 00 00 16 c0 00 00 00 00 7f 20 02 00 00 00 00 00 09 91 00 17 04 00 00 00 83 8a 90
00 a0 a4 00 00 02 7f 20 9f 16
a0 c0 00 00 16 c0 00 00 00 00 7f 20 02 00 00 00 00 00 09 91 00 17 04 00 83 8a 83 8a 90

So when data was sent, the next packet would always begin with the SW2 byte
(e.g. 00 a0 ..) instead of the instruction byte a0.
The problem was a wrong state change (to APDU_S_DATA instead of APDU_S_SW1)
---
 usb_application/apdu_split.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/usb_application/apdu_split.py b/usb_application/apdu_split.py
index f813b8d1..6225beef 100755
--- a/usb_application/apdu_split.py
+++ b/usb_application/apdu_split.py
@@ -63,10 +63,7 @@ class Apdu_splitter:
     def func_APDU_S_P3(self, c):
         self.buf.append(c)
         self.data_remaining = 256 if c == 0  else c
-        if self.ins in self.INS_data_expected:
-            self.state = apdu_states.APDU_S_SEND_DATA
-        else:
-            self.state = apdu_states.APDU_S_SW1
+        self.state = apdu_states.APDU_S_SW1
 
     def func_APDU_S_DATA(self, c):
         self.buf.append(c)
@@ -87,8 +84,11 @@ class Apdu_splitter:
             # check for 'all remaining' type ACK
             if c == self.ins or c == self.ins + 1 or c == ~(self.ins+1):
                 print("ACK")
-                self.state = apdu_states.APDU_S_DATA
                 self.data = []
+                if self.ins in self.INS_data_expected:
+                    self.state = apdu_states.APDU_S_SEND_DATA
+                else:
+                    self.state = apdu_states.APDU_S_DATA
             else:
                 # check for 'only next byte' type ACK */
                 if c == ~(self.ins):
@@ -134,10 +134,14 @@ if __name__ == '__main__':
             0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x09, 0x91, 0x00, 0x17, 0x04, 0x00, 0x00, 0x00,
             0x83, 0x8A, 0x90, 0x00]
+    msg3 = [0xa0, 0xc0, 0x00, 0x00, 0x16, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x7f,
+            0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x91, 0x00, 0x17,
+            0x04, 0x00, 0x83, 0x8a, 0x83, 0x8a, 0x90]
+
     pts = [0xff, 0x00, 0xff]
     apdus = []
     apdu = Apdu_splitter()
-    for c in pts + msg2 + msg1:
+    for c in pts + msg2 + msg1 + msg3:
         apdu.split(c)
         if apdu.state == apdu_states.APDU_S_FIN:
             apdus.append(apdu)