This discussion is archived
1 2 3 4 5 Previous Next 71 Replies Latest reply: Oct 12, 2009 5:35 PM by safarmer Go to original post RSS
  • 45. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    Yes i tried but the result is wrong. It's why I need the value of the i parameterto know the ICV, if it's encrypted and the way to calcul the MAC
  • 46. Re: Global Platform- MACing MAC Retail
    safarmer Expert
    Currently Being Moderated
    But since your card is not telling you the value of i, you may just have to use trial and error for the different methods. Maybe start with an assumption of i=14 (or i=15 with all keys set to 40...4f) and go from there. There are only 4 you need to worry about with SCP02 (assuming that is the correct SCP to use, the response to INIT UPDATE will tell you) since you are using explicit mode.

    Also, from the card spec:
    Implementation options '14', '15', '1A' and '1B' are enhancements over implementation options '04', '05', '0A' and '0B' and are therefore recommended. At some point in the future implementation options '04', '05', '0A' and '0B' will no longer be listed in the GlobalPlatform Specifications.
    Maybe i=14 is your best bet.

    Cheers,
    Shane

    Edited by: safarmer on 3/09/2009 16:55

    Edited by: safarmer on 3/09/2009 16:55
  • 47. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    The way to compute the C-Mac is this that you write on a previous post? (no this to sign but the other?)
  • 48. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    I know that there is 3 keys (ENC MAC DEK set to 40 4F) and I have to use the SCP 02 in explicit mode.
  • 49. Re: Global Platform- MACing MAC Retail
    safarmer Expert
    Currently Being Moderated
    for cryptogram use the previous method cbcMac (single round of triple DES with session encryption key), for MAC use previous method cmac (retail MAC, single DES with final round of triple DES using session CMAC key).

    The methods posted previously were for i=14 and i=15. If it is i = 4 or 5, you do not encrypt the ICV after MAC for next round.

    Cheers,
    Shane
  • 50. Re: Global Platform- MACing MAC Retail
    safarmer Expert
    Currently Being Moderated
    From my understanding (may not be accurate :), i=15 with all 3 keys set to the same value is the same as i=14 with one key set to that value. I am more than happy for someone to correct this if it is not accurate.

    Cheers,
    Shane
  • 51. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    How should I encrypt the ICV?

    Thankk you.
  • 52. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    Ok i find the response on your method
  • 53. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    How do I padd my apdu to encrypt it? I just fill with 0 to have a size of 24 byte?
  • 54. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    I succeed in. Thank you very very very much. In fact the padding is 0x80 with zero to have a size of 16 byte
  • 55. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    Thank you foe helped me.

    Have you ever try to install an applet onto a card?
  • 56. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    I was trying to implement the authenticating methods on card and off card, i think that if i can make it off card i can do it on the card, but i did not managed to implement the algorithm you posted because i dont know how to get a 128bits DES key(16bytes), i could only manage to build a 64bits key. I'm doing this:
    byte[] shaneKey = {
        (byte)0x40, (byte)0x41, (byte)0x42, (byte)0x43,
        (byte)0x44, (byte)0x45, (byte)0x46, (byte)0x47,
        (byte)0x48, (byte)0x49, (byte)0x4a, (byte)0x4b,
        (byte)0x4c, (byte)0x4d, (byte)0x4e, (byte)0x4f};
                   
    SecretKeySpec shaneK = new SecretKeySpec(shaneKey, "DES");
    This always throws an error.
  • 57. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    Hi,

    The Triple DES use in Java (and in all applications) is Desede it's to say DES Encryption decryption encryption. So you have a 16 byte key because you have 8 bytes for encryption and 8 byte for decryption So you have to copy the first 8byte.

    Your key is
    <code>*byte*[] shaneKey = {
        (*byte*)0x40, (*byte*)0x41, (*byte*)0x42, (*byte*)0x43,
        (*byte*)0x44, (*byte*)0x45, (*byte*)0x46, (*byte*)0x47,
        (*byte*)0x48, (*byte*)0x49, (*byte*)0x4a, (*byte*)0x4b,
        (*byte*)0x4c, (*byte*)0x4d, (*byte*)0x4e, (*byte*)0x4f};</code>
    You have to transform your key to

    <code>byte[] shaneKey = {
    (*byte*)0x40, (*byte*)0x41, (*byte*)0x42, (*byte*)0x43,
    (*byte*)0x44, (*byte*)0x45, (*byte*)0x46, (*byte*)0x47,
    (*byte*)0x48, (*byte*)0x49, (*byte*)0x4a, (*byte*)0x4b,
    (*byte*)0x4c, (*byte*)0x4d, (*byte*)0x4e, (*byte*)0x4f,
    </code><code>(*byte*)0x40, (*byte*)0x41, (*byte*)0x42, (*byte*)0x43,
    (*byte*)0x44, (*byte*)0x45, (*byte*)0x46, (*byte*)0x47</code>
    <code>};


    Adrien
    </code>
  • 58. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    Hi Adrien, thanks for your response.

    I also tried to create a Triple DES key whith the following:
    this.sks = new SecretKeySpec(tdesKey, "TripleDES");
    now i have a 24bytes key(192bits)

    Could you explain me whats the diference between "TripleDES" and "DESede" ?
  • 59. Re: Global Platform- MACing MAC Retail
    843851 Newbie
    Currently Being Moderated
    I "reverse engineered" the safarmer code(Thank you shane) and i made a class from it, it's available here: http://intel.no.sapo.pt/ShaneCrypto.java

    rivate void calculateICVforCBC(byte[] data) throws Exception {
              Cipher icvCipher                = Cipher.getInstance("DES/CBC/NoPadding");
              SecretKeySpec singledesCMAC = getSingleDESKey(this.sessionCMAC);
              
              icvCipher.init(
                        Cipher.ENCRYPT_MODE,
                        singledesCMAC,
                        new IvParameterSpec(new byte[8]));
              
              this.icv = icvCipher.doFinal(data);
         }
    I also noticed that on the calculateICVforCBC method above she would always come with a new byte[8] to initialize the IvParameter. Is this correct?
    Shouldnt this value come from the ICV calculated for the message data(which in the case of the class i made is a global variable, and gets updated with each message encrypted)?