JavaCard OS

Posted: **Wed May 23, 2018 1:08 am**

Sir,
how to AUTHENTICATED in secure channel.
Any help.

Regards,
Naresh.

Posted: **Wed May 23, 2018 1:18 am**

You can refer to appendix D/E/F in the attachment.

Posted: **Wed May 23, 2018 1:28 am**

Use snooper to execute this script line by line to familiarize yourself with the gp authentication process

clear
? "--------------------------------gp auth----------------------"
// send 80 50 00 00 08 8070605040302010
host_challenge = 8070605040302010
// receive 00005252A50838508CA5200200072637B433A844984F6E93030467AA + 9000
resp = 00005252A50838508CA5200200072637B433A844984F6E93030467AA

// input
maclength = 08
auth_level = 03
static_key = 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f

Key_diversification_data = mid( $resp, 0, 10 ) //Key diversification data
Key_information = mid( $resp, 10, 2 ) //Keyinformation
Sequence_counter = mid( $resp, 12, 2 ) //Sequencecounter
Card_challenge = mid( $resp, 14, 6 ) //Cardchallenge
Card_cryptogram = mid( $resp, 20, 8 ) //Card cryptogram
? "Keydiversification data " $Key_diversification_data
? "Keyinformation " $Key_information
? "Sequencecounter " $Sequence_counter
? "Cardchallenge " $Card_challenge
? "Cardcryptogram " $Card_cryptogram
? "S-ENC = 2 byteconstant + 2 byte sequence counter+ 12 byte 00"
SENC_plain = 01 82 $Sequence_counter 00000000 00000000 00000000
? "S-ENC " $SENC_plain
? "C-MAC = 2 byteconstant + 2 byte sequencecounter + 12 byte 00"
CMAC_plain = 01 01 $Sequence_counter 00000000 00000000 00000000
? "C-MAC " $CMAC_plain
? "C-DEK = 2 byte constant + 2 byte sequence counter+ 12 byte 00"
CDEK_plain = 01 81 $Sequence_counter 00000000 00000000 00000000
? "C-DEK " $CDEK_plain
SENC_cipher = 3des_encode_cbc( 0000000000000000, $SENC_plain, $static_key )
? "session key " $SENC_cipher
CMAC_cipher = 3des_encode_cbc( 0000000000000000, $CMAC_plain, $static_key )
? "c-mac key " $CMAC_cipher
SDEK_cipher = 3des_encode_cbc( 0000000000000000, $CDEK_plain, $static_key )
? "dek " $SDEK_cipher
? "Host Authenticate Cryptogram =sequencecounter(2Byte) + card challenge(6) + host challenge(8) +8000000000000000"
host_cryptogram = $Sequence_counter $Card_challenge $host_challenge 80000000 00000000
? "host authenticate cryptogram " $host_cryptogram
host_cryptogram_cipher = 3des_encode_cbc( 00000000, $host_cryptogram, $SENC_cipher )
? $host_cryptogram_cipher
host_cryptogramMAC = mid( $host_cryptogram_cipher, 16, 8 )
? "auth command datafield " $host_cryptogramMAC
? "auth command"
auth_command = 84 82 $auth_level 00 < $host_cryptogramMAC >
auth_command_80 = fixed80( $auth_command )
? "auth command " $auth_command
auth_command_mac = des_3des_mac( 0000000000000000, $auth_command_80, $CMAC_cipher )
? "auth command mac " $auth_command_mac
? "final auth command " $auth_command $auth_command_mac
final_command = $auth_command $auth_command_mac

result is

//[]===================================================================[]
//[] --------------------------------gp auth---------------------- []
//[]===================================================================[]
//--// send 80 50 00 00 08 8070605040302010
//host_challenge = 8070605040302010
//--// receive 00005252A50838508CA5200200072637B433A844984F6E93030467AA + 9000
//resp = 00005252A50838508CA5200200072637B433A844984F6E93030467AA
//--// input
//auth_level = 03
//static_key = 404142434445464748494A4B4C4D4E4F
//key_diversification_data = 00005252A50838508CA5
//key_information = 2002
//sequence_counter = 0007
//card_challenge = 2637B433A844
//card_cryptogram = 984F6E93030467AA

//[]==================================================================[]
//[] Keydiversification data 00005252A50838508CA5 []
//[] Keyinformation 2002 []
//[] Sequencecounter 0007 []
//[] Cardchallenge 2637B433A844 []
//[] Cardcryptogram 984F6E93030467AA []
//[] S-ENC = 2 byteconstant + 2 byte sequence counter+ 12 byte 00 []
//[]==================================================================[]
//senc_plain = 01820007000000000000000000000000

//[]=====================================================================[]
//[] S-ENC 01820007000000000000000000000000 []
//[] C-MAC = 2 byteconstant + 2 byte sequencecounter + 12 byte 00 []
//[]=====================================================================[]
//cmac_plain = 01010007000000000000000000000000

//[]=====================================================================[]
//[] C-MAC 01010007000000000000000000000000 []
//[] C-DEK = 2 byte constant + 2 byte sequence counter+ 12 byte 00 []
//[]=====================================================================[]
//cdek_plain = 01810007000000000000000000000000

//[]=====================================================================[]
//[] C-DEK 01810007000000000000000000000000 []
//[]=====================================================================[]
//senc_cipher = A2268F71917EFE0F33CC6166E1154E27

//[]=====================================================================[]
//[] session key A2268F71917EFE0F33CC6166E1154E27 []
//[]=====================================================================[]
//cmac_cipher = 7A227D376A9DBE23AB50B7DCB45B2093

//[]=====================================================================[]
//[] c-mac key 7A227D376A9DBE23AB50B7DCB45B2093 []
//[]=====================================================================[]
//sdek_cipher = F39FCFB2383B09578723B8C2E03B2729

//[]====================================================================================================================[]
//[] dek F39FCFB2383B09578723B8C2E03B2729 []
//[] Host Authenticate Cryptogram =sequencecounter(2Byte) + card challenge(6) + host challenge(8) +8000000000000000 []
//[]====================================================================================================================[]
//host_cryptogram = 00072637B433A84480706050403020108000000000000000

//[]=====================================================================================[]
//[] host authenticate cryptogram 00072637B433A84480706050403020108000000000000000 []
//[]=====================================================================================[]
//host_cryptogram_cipher = F4EE3BBC36648DC30E7C3FD8E4E9E7F5CBAB7BD6FF09FFBC

//[]======================================================[]
//[] F4EE3BBC36648DC30E7C3FD8E4E9E7F5CBAB7BD6FF09FFBC []
//[]======================================================[]
//host_cryptogrammac = CBAB7BD6FF09FFBC

//[]=========================================================[]
//[] auth command datafield CBAB7BD6FF09FFBC []
//[] auth command []
//[]=========================================================[]
//auth_command = 8482030010CBAB7BD6FF09FFBC
//auth_command_80 = 8482030010CBAB7BD6FF09FFBC800000

//[]===========================================================[]
//[] auth command 8482030010CBAB7BD6FF09FFBC []
//[]===========================================================[]
//auth_command_mac = 8A1910770BAC6865

//[]===============================================================================[]
//[] auth command mac 8A1910770BAC6865 []
//[] final auth command 8482030010CBAB7BD6FF09FFBC8A1910770BAC6865 []
//[]===============================================================================[]
//final_command = 8482030010CBAB7BD6FF09FFBC8A1910770BAC6865

Posted: **Wed May 23, 2018 1:29 am**

Code: Select all

clear
? "--------------------------------gp auth----------------------"
// send 80 50 00 00 08 8070605040302010
host_challenge            = 8070605040302010
// receive 00005252A50838508CA5200200072637B433A844984F6E93030467AA + 9000
resp                  = 00005252A50838508CA5200200072637B433A844984F6E93030467AA

// input
maclength               = 08
auth_level               = 03
static_key               = 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f

Key_diversification_data   = mid( $resp, 0, 10 )      //Key diversification data
Key_information            = mid( $resp, 10, 2 )      //Keyinformation
Sequence_counter         = mid( $resp, 12, 2 )      //Sequencecounter
Card_challenge            = mid( $resp, 14, 6 )      //Cardchallenge
Card_cryptogram            = mid( $resp, 20, 8 )      //Card cryptogram
? "Keydiversification data        " $Key_diversification_data
? "Keyinformation                 " $Key_information
? "Sequencecounter                " $Sequence_counter
? "Cardchallenge                  " $Card_challenge
? "Cardcryptogram                 " $Card_cryptogram
? "S-ENC = 2 byteconstant + 2 byte sequence counter+ 12 byte 00"
SENC_plain               = 01 82 $Sequence_counter 00000000 00000000 00000000
? "S-ENC                          " $SENC_plain
? "C-MAC = 2 byteconstant + 2 byte sequencecounter + 12 byte 00"
CMAC_plain               = 01 01 $Sequence_counter 00000000 00000000 00000000
? "C-MAC                          " $CMAC_plain
? "C-DEK  = 2 byte constant + 2 byte sequence counter+ 12 byte 00"
CDEK_plain               = 01 81 $Sequence_counter 00000000 00000000 00000000
? "C-DEK                          " $CDEK_plain
SENC_cipher               = 3des_encode_cbc( 0000000000000000, $SENC_plain, $static_key )
? "session key                    " $SENC_cipher
CMAC_cipher               = 3des_encode_cbc( 0000000000000000, $CMAC_plain, $static_key )
? "c-mac key                      " $CMAC_cipher
SDEK_cipher               = 3des_encode_cbc( 0000000000000000, $CDEK_plain, $static_key )
? "dek                            " $SDEK_cipher
? "Host Authenticate Cryptogram =sequencecounter(2Byte) + card challenge(6) + host challenge(8) +8000000000000000"
host_cryptogram            = $Sequence_counter   $Card_challenge   $host_challenge    80000000 00000000
? "host authenticate cryptogram   " $host_cryptogram
host_cryptogram_cipher      = 3des_encode_cbc( 00000000, $host_cryptogram, $SENC_cipher )
? $host_cryptogram_cipher
host_cryptogramMAC         = mid( $host_cryptogram_cipher, 16, 8 )
? "auth command datafield             " $host_cryptogramMAC
? "auth command"
auth_command            = 84 82 $auth_level 00 < $host_cryptogramMAC >
auth_command_80            = fixed80( $auth_command )
? "auth command               " $auth_command
auth_command_mac         = des_3des_mac( 0000000000000000, $auth_command_80, $CMAC_cipher )
? "auth command mac                " $auth_command_mac
? "final auth command             " $auth_command  $auth_command_mac
final_command            = $auth_command $auth_command_mac
-----------------------------------------------------



//[]===================================================================[]
//[]  --------------------------------gp auth----------------------    []
//[]===================================================================[]
//--// send 80 50 00 00 08 8070605040302010
//host_challenge = 8070605040302010
//--// receive 00005252A50838508CA5200200072637B433A844984F6E93030467AA + 9000
//resp = 00005252A50838508CA5200200072637B433A844984F6E93030467AA
//--// input
//auth_level = 03
//static_key = 404142434445464748494A4B4C4D4E4F
//key_diversification_data = 00005252A50838508CA5
//key_information = 2002
//sequence_counter = 0007
//card_challenge = 2637B433A844
//card_cryptogram = 984F6E93030467AA

//[]==================================================================[]
//[]  Keydiversification data        00005252A50838508CA5             []
//[]  Keyinformation                 2002                             []
//[]  Sequencecounter                0007                             []
//[]  Cardchallenge                  2637B433A844                     []
//[]  Cardcryptogram                 984F6E93030467AA                 []
//[]  S-ENC = 2 byteconstant + 2 byte sequence counter+ 12 byte 00    []
//[]==================================================================[]
//senc_plain = 01820007000000000000000000000000

//[]=====================================================================[]
//[]  S-ENC                          01820007000000000000000000000000    []
//[]  C-MAC = 2 byteconstant + 2 byte sequencecounter + 12 byte 00       []
//[]=====================================================================[]
//cmac_plain = 01010007000000000000000000000000

//[]=====================================================================[]
//[]  C-MAC                          01010007000000000000000000000000    []
//[]  C-DEK  = 2 byte constant + 2 byte sequence counter+ 12 byte 00     []
//[]=====================================================================[]
//cdek_plain = 01810007000000000000000000000000

//[]=====================================================================[]
//[]  C-DEK                          01810007000000000000000000000000    []
//[]=====================================================================[]
//senc_cipher = A2268F71917EFE0F33CC6166E1154E27

//[]=====================================================================[]
//[]  session key                    A2268F71917EFE0F33CC6166E1154E27    []
//[]=====================================================================[]
//cmac_cipher = 7A227D376A9DBE23AB50B7DCB45B2093

//[]=====================================================================[]
//[]  c-mac key                      7A227D376A9DBE23AB50B7DCB45B2093    []
//[]=====================================================================[]
//sdek_cipher = F39FCFB2383B09578723B8C2E03B2729

//[]====================================================================================================================[]
//[]  dek                            F39FCFB2383B09578723B8C2E03B2729                                                   []
//[]  Host Authenticate Cryptogram =sequencecounter(2Byte) + card challenge(6) + host challenge(8) +8000000000000000    []
//[]====================================================================================================================[]
//host_cryptogram = 00072637B433A84480706050403020108000000000000000

//[]=====================================================================================[]
//[]  host authenticate cryptogram   00072637B433A84480706050403020108000000000000000    []
//[]=====================================================================================[]
//host_cryptogram_cipher = F4EE3BBC36648DC30E7C3FD8E4E9E7F5CBAB7BD6FF09FFBC

//[]======================================================[]
//[]  F4EE3BBC36648DC30E7C3FD8E4E9E7F5CBAB7BD6FF09FFBC    []
//[]======================================================[]
//host_cryptogrammac = CBAB7BD6FF09FFBC

//[]=========================================================[]
//[]  auth command datafield             CBAB7BD6FF09FFBC    []
//[]  auth command                                           []
//[]=========================================================[]
//auth_command = 8482030010CBAB7BD6FF09FFBC
//auth_command_80 = 8482030010CBAB7BD6FF09FFBC800000

//[]===========================================================[]
//[]  auth command               8482030010CBAB7BD6FF09FFBC    []
//[]===========================================================[]
//auth_command_mac = 8A1910770BAC6865

//[]===============================================================================[]
//[]  auth command mac                8A1910770BAC6865                             []
//[]  final auth command             8482030010CBAB7BD6FF09FFBC8A1910770BAC6865    []
//[]===============================================================================[]
//final_command = 8482030010CBAB7BD6FF09FFBC8A1910770BAC6865

JavaCard OS

How to AUTHENTICATED in Secure channel

How to AUTHENTICATED in Secure channel

Re: How to AUTHENTICATED in Secure channel

Re: How to AUTHENTICATED in Secure channel

Re: How to AUTHENTICATED in Secure channel