DoD Implementation Guide for CAC PIV End-Point - Common ...

DoD Implementation Guide for CAC PIV End-Point
Appendix H PIV Data Encoding
The data content of a BER-TLV data object may consist of other BER-TLV data objects.
The PIV End-Point Data objects are BER-TLV objects encoded as per ISO/IEC 8825-2,
except that tag values (T-values) of the PIV data object's inner tags do not conform to
generic BER-TLV requirements and are 1 byte. This is due to the need to accommodate
legacy tags inherited from the GSC-IS specification.
Thus, When the CAC End-Point responds to a PIV call for the CHUID from either the
contactless or the contact interface, the CAC will return the following:
|Tag1(Simple)|Length1(BER)|Value1 |Tag2(Simple)|Length2(BER)|Value2|...
All container data elements are stored in BER-TLV format in a unique buffer, as follows.
Each BER-TLV data object consists of a tag field (1 byte), a length field (from 1 to 3 bytes)
and an optional value field. The Value field associated to each tag is appended after the T-L
field itself, i.e. the PIV Data-Model content is seen as a list of successive BER-TLV.
The following figure shows the PIV Data-Model representation and the way data is returned
by the PIV applet on response to GET DATA APDU.
Tag1
(1 byte)
Len1
(1 byte)
Value1
(1 byte)
Figure: GET DATA APDU sample response
Tag2
(1 byte)
Len2
(3 bytes)
(0x82,lenH2,lenL2)
41
Value2
(2 byte)
Tag3
(1 byte)
Len3
(2 bytes)
(0x81, len3)
Value3
(3 bytes)
The Len bytes may be in the range of 1 to 3 bytes depending on the value buffer size.
The applet enforces a minimal encoding of length field when returning data to the
middleware. As a result, it applies the following rules on length field:
Table: BER-TLV Length Fields Encoding
Number of bytes 1st byte 2nd byte 3rd byte N (nb of bytes in
the value field)
1 ‘00’ to ‘7F’ - - 0 to 127
2 ‘81’ ‘80’ to ‘FF’ - 128 to 255
3 ‘82’ ‘0100’ to ‘FFFF’ 256 to 65535