private ByteArray GenerateExAuthMAC2(ByteArray command, ByteArray terminalCryptogram)
{
ByteArray input = command.Extract(0, 5) + terminalCryptogram + new ByteArray("80 00 00");
ByteArray mac_key_left = _sessionKeys.SignKey.MSB(8); //MSB mac key
ByteArray mac_key_right = _sessionKeys.SignKey.LSB(8);
ByteArray iv = new ByteArray(8, 0x00);
//ByteArray result = input.EncodeAsData(SessionKeys.SignKey, new ByteArray(8), PaddingMode.None, CipherMode.CBC);
//ByteArray result = input.EncodeAsData(mac_key_left + mac_key_right, iv, PaddingMode.None, CipherMode.CBC);
//ByteArray result_comp = result.LSB(8);
ByteArray apdu_left = input.MSB(8);
ByteArray apdu_right = input.LSB(8);
ByteArray result1 = apdu_left.SimpleEncodeAsData(mac_key_left, iv, PaddingMode.None, CipherMode.CBC);
ByteArray result2 = result1.XOR(apdu_right);
ByteArray result3 = result2.SimpleEncodeAsData(mac_key_left, iv, PaddingMode.None, CipherMode.CBC);
ByteArray result4 = result3.SimpleDecodeAsData(mac_key_right, iv, PaddingMode.None, CipherMode.CBC);
ByteArray result5 = result4.SimpleEncodeAsData(mac_key_left, iv, PaddingMode.None, CipherMode.CBC);
Logger.Log("[JavaCard] Wyliczanie MAC dla APDU {0} (kolejne wyniki algorytmu DES)\n{1}\n{2}\n{3}\n{4}\n{5}", input, result1, result2, result3, result4, result5);
return(result5);
}
private ByteArray GenerateExAuthMAC(ByteArray command, ByteArray terminalCryptogram)
{
ByteArray input = command.Extract(0, 5) + terminalCryptogram + new ByteArray("80 00 00");
ByteArray result = input.EncodeAsData(_sessionKeys.SignKey, new ByteArray(8), PaddingMode.None, CipherMode.CBC);
return(result.LSB(8));
}
private void ComputeSessionKeys(JavaCardKeys keys, ByteArray terminalRandom, ByteArray cardRandom)
{
//scp01
ByteArray dataDiversifier = cardRandom.LSB(4) + terminalRandom.MSB(4) + cardRandom.MSB(4) + terminalRandom.LSB(4);
_sessionKeys = new JavaCardKeys();
_sessionKeys.AuthEncKey = dataDiversifier.EncodeAsData(keys.AuthEncKey, new ByteArray(8), PaddingMode.None, CipherMode.ECB);
_sessionKeys.SignKey = dataDiversifier.EncodeAsData(keys.SignKey, new ByteArray(8), PaddingMode.None, CipherMode.ECB);
_sessionKeys.KEKKey = keys.KEKKey;
Logger.Log("[JavaCard] Liczenie kluczy sesyjnych\n{0}:\t{1}\n{2}:\t{3}\n{4}:\t{5}", "Auth/Enc", _sessionKeys.AuthEncKey, "Mac", _sessionKeys.SignKey, "Kek", _sessionKeys.KEKKey);
}
/// <summary>
/// Wysyła polecenie apdu bezpiecznym kanałem
/// </summary>
/// <param name="command">apdu</param>
/// <returns></returns>
public ByteArray SendSecuredCommand(ByteArray command)
{
byte CLA, INS, P1, P2, Lc, Le;
Boolean hasLe = false;
ByteArray data = new ByteArray();
Logger.Log("[JavaCard] +> " + command);
//rozbijamy APDU na części składowe
CLA = command[0];
INS = command[1];
P1 = command[2];
P2 = command[3];
Lc = 0x00;
Le = 0x00;
if (command.Length == 5)
{
Le = command[4];
hasLe = true;
}
else if (command.Length > 5)
{
Lc = command[4];
data = command.Extract(5, Lc);
if (command.Length > Lc + 5)
{
Le = command[command.Length - 1];
hasLe = true;
}
}
ByteArray commandToSend = new ByteArray(command.ByteData);
if (_securityMode == SecurityControlMode.MAC)
{
ByteArray toMac = new ByteArray(new byte[] { (byte)(CLA | 0x04), INS, P1, P2, (byte)(Lc + 8) }) + data; //Lc zwiększamy o 8 - długość MACa
commandToSend = new ByteArray(toMac.StringData);
//macujemy
ByteArray macData = MacData(toMac);
_lastMAC = macData.LSB(8);
commandToSend += _lastMAC;
if (hasLe)
{
commandToSend += Le;
}
}
else if (_securityMode == SecurityControlMode.MACAndEncryption)
{
//szyfrujemy
ByteArray toEncrypt = data;
ByteArray encryptedData = EncryptData(toEncrypt);
//macujemy
ByteArray toMac = new ByteArray(new byte[] { (byte)(CLA | 0x04), INS, P1, P2, (byte)(Lc + 8) }) + data;
ByteArray macData = MacData(toMac);
_lastMAC = macData.LSB(8);
commandToSend = new ByteArray(new byte[] { (byte)(CLA | 0x04), INS, P1, P2, (byte)(encryptedData.Length + _lastMAC.Length) }) + encryptedData + _lastMAC;
if (hasLe)
{
commandToSend += Le;
}
}
return(Encoder.SendCommand(commandToSend));
}