public static byte[] VerifyCardSignature(TLV tlv) { CryptoMetaData cryptoMetaData = EMVDESSecurity.BuildCryptoMeta(tlv); //fire up HSM if (jcesecmod == null) { jcesecmod = new EMVDESSecurity(lmkFilePath); } TLV _8A; bool isApproved = true; if (isApproved) { _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcApproved); } else { _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcDeclined); } byte[] arpc = jcesecmod.VerifyCryptogramGenARPC(tlv, cryptoMetaData, _8A.Value, mkACEncrypted, mkACEncryptedCV); return(arpc); }
public static byte[] CalculateVISLegacyPinBlockCVN_10_18(String newPin, IKey deaKey) { byte[] block1 = Formatting.HexStringToByteArray(new String(FormatPINBlock(newPin, 0x0))); byte[] block2 = new byte[8]; Array.Copy(deaKey.GetEncoded(), 4, block2, 4, 4); byte[] pinBlock = Formatting.Xor(block1, block2); byte length = (byte)pinBlock.Length; pinBlock = Formatting.ConcatArrays(new byte[] { length }, pinBlock); pinBlock = EMVDESSecurity.PaddingISO9797Method2(pinBlock); return(pinBlock); }
private ApproverResponseBase DoEMVAuth(ApproverRequestBase requestIn) { EMVApproverRequest request = ((EMVApproverRequest)requestIn); CryptoMetaData cryptoMetaData = EMVDESSecurity.BuildCryptoMeta(request.EMV_Data); //Do additional checking here, e.g. customer balances etc //if decline set isApproved to false bool isApproved = true; //do we want to send back a pin change script, string newPin = "";// = "4315"; //decide whether to send 71 or 72 script template, 71 scripts applied before 2nd gen ac , 72 scripts applied after 2nd gen ac bool doPinChangeBefore = false; TLV _8A; string responseMessage; if (isApproved) { _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcApproved); responseMessage = "Approved"; } else { _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcDeclined); responseMessage = "Declined"; } TLV _91; byte[] arpc; //returns null if arqc cannot be verified if (cryptoMetaData.CryptoVersion == CrptoVersionEnum._18) { arpc = EMVDESSecurity.VerifyCryptogramGenARPC(request.EMV_Data, cryptoMetaData, PackCSU()); } else { arpc = EMVDESSecurity.VerifyCryptogramGenARPC(request.EMV_Data, cryptoMetaData, _8A.Value); } if (arpc != null) { _91 = Pack91(cryptoMetaData, arpc, _8A);// TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, Formatting.ConcatArrays(arpc, _8A.Value)); Logger.Log("Tx approved: " + isApproved + " ARQC passed, ARPC is " + Formatting.ByteArrayToHexString(arpc)); } else { isApproved = false; responseMessage = "Tx Declined: ARQC Failure"; _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, new byte[] { 0x20, 0x20 }); _91 = Pack91(cryptoMetaData, arpc, _8A); //TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, new byte[8]); Logger.Log("ARQC failed"); } byte[] _86 = new byte[0]; //don't allow pin change if arqc could not be validated if (!string.IsNullOrWhiteSpace(newPin) && arpc != null) { try { TLV _9F26 = request.EMV_Data.Children.Get(EMVTagsEnum.APPLICATION_CRYPTOGRAM_9F26_KRN.Tag); if (_9F26 == null) { throw new Exception("No Cryptogram found"); } //TODO: for mchip we must increment the arqc by one for each subsequent command created _86 = EMVDESSecurity.CalculatePinChangeScript(request.EMV_Data, cryptoMetaData, newPin, _9F26.Value); } catch { _86 = new byte[0]; } } TLV _71TLV; TLV _72TLV; if (doPinChangeBefore) { _71TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_1_71_KRN.Tag); _71TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x71, (byte)_86.Length }, _86), 0); _72TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_2_72_KRN.Tag); _72TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x72, 0x00 }, new byte[0]), 0); } else { _72TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_2_72_KRN.Tag); _72TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x72, (byte)_86.Length }, _86), 0); _71TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_1_71_KRN.Tag); _71TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x71, 0x00 }, new byte[0]), 0); } return(new EMVApproverResponse() { IsApproved = isApproved, ResponseMessage = responseMessage, AuthCode_8A = _8A, IssuerAuthData_91 = _91, IssuerScriptTemplate_72 = _72TLV, IssuerScriptTemplate_71 = _71TLV, }); }
public static byte[] generateCryptogram17(byte[] iccACMasterKey, byte[] data) { IKey mcAC = JCEHandler.FormDESKey(SMAdapter.LENGTH_DES3_2KEY, iccACMasterKey); return(EMVDESSecurity.CalculateMACISO9797Alg3(mcAC, data)); }