private TLV Pack91(CryptoMetaData cryptoMetaData, byte[] arpc, TLV _8A) { TLV _91; if (arpc == null) { arpc = new byte[8]; } switch (cryptoMetaData.SKDMethod) { case SKDMethod.VSDC: _91 = TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, Formatting.ConcatArrays(arpc, _8A.Value)); break; case SKDMethod.MCHIP: _91 = TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, Formatting.ConcatArrays(arpc, _8A.Value)); break; case SKDMethod.EMV_CSKD: _91 = TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, Formatting.ConcatArrays(arpc, PackCSU())); break; default: throw new SimulatedPaymentProviderException("Pack91: SKDMethod not supported:" + cryptoMetaData.SKDMethod); } return(_91); }
public static byte[] VerifyCardSignature(TLV tlv) { CryptoMetaData cryptoMetaData = EMVDESSecurity.BuildCryptoMeta(tlv); //fire up HSM if (jcesecmod == null) { jcesecmod = new EMVDESSecurity(lmkFilePath); } TLV _8A; bool isApproved = true; if (isApproved) { _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcApproved); } else { _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcDeclined); } byte[] arpc = jcesecmod.VerifyCryptogramGenARPC(tlv, cryptoMetaData, _8A.Value, mkACEncrypted, mkACEncryptedCV); return(arpc); }
private ApproverResponseBase DoEMVAuth(ApproverRequestBase requestIn) { EMVApproverRequest request = ((EMVApproverRequest)requestIn); CryptoMetaData cryptoMetaData = EMVDESSecurity.BuildCryptoMeta(request.EMV_Data); //Do additional checking here, e.g. customer balances etc //if decline set isApproved to false bool isApproved = true; //do we want to send back a pin change script, string newPin = "";// = "4315"; //decide whether to send 71 or 72 script template, 71 scripts applied before 2nd gen ac , 72 scripts applied after 2nd gen ac bool doPinChangeBefore = false; TLV _8A; string responseMessage; if (isApproved) { _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcApproved); responseMessage = "Approved"; } else { _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcDeclined); responseMessage = "Declined"; } TLV _91; byte[] arpc; //returns null if arqc cannot be verified if (cryptoMetaData.CryptoVersion == CrptoVersionEnum._18) { arpc = EMVDESSecurity.VerifyCryptogramGenARPC(request.EMV_Data, cryptoMetaData, PackCSU()); } else { arpc = EMVDESSecurity.VerifyCryptogramGenARPC(request.EMV_Data, cryptoMetaData, _8A.Value); } if (arpc != null) { _91 = Pack91(cryptoMetaData, arpc, _8A);// TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, Formatting.ConcatArrays(arpc, _8A.Value)); Logger.Log("Tx approved: " + isApproved + " ARQC passed, ARPC is " + Formatting.ByteArrayToHexString(arpc)); } else { isApproved = false; responseMessage = "Tx Declined: ARQC Failure"; _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, new byte[] { 0x20, 0x20 }); _91 = Pack91(cryptoMetaData, arpc, _8A); //TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, new byte[8]); Logger.Log("ARQC failed"); } byte[] _86 = new byte[0]; //don't allow pin change if arqc could not be validated if (!string.IsNullOrWhiteSpace(newPin) && arpc != null) { try { TLV _9F26 = request.EMV_Data.Children.Get(EMVTagsEnum.APPLICATION_CRYPTOGRAM_9F26_KRN.Tag); if (_9F26 == null) { throw new Exception("No Cryptogram found"); } //TODO: for mchip we must increment the arqc by one for each subsequent command created _86 = EMVDESSecurity.CalculatePinChangeScript(request.EMV_Data, cryptoMetaData, newPin, _9F26.Value); } catch { _86 = new byte[0]; } } TLV _71TLV; TLV _72TLV; if (doPinChangeBefore) { _71TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_1_71_KRN.Tag); _71TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x71, (byte)_86.Length }, _86), 0); _72TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_2_72_KRN.Tag); _72TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x72, 0x00 }, new byte[0]), 0); } else { _72TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_2_72_KRN.Tag); _72TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x72, (byte)_86.Length }, _86), 0); _71TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_1_71_KRN.Tag); _71TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x71, 0x00 }, new byte[0]), 0); } return(new EMVApproverResponse() { IsApproved = isApproved, ResponseMessage = responseMessage, AuthCode_8A = _8A, IssuerAuthData_91 = _91, IssuerScriptTemplate_72 = _72TLV, IssuerScriptTemplate_71 = _71TLV, }); }