public static byte[] VerifyCardSignature(TLV tlv)
{
CryptoMetaData cryptoMetaData = EMVDESSecurity.BuildCryptoMeta(tlv);
//fire up HSM
if (jcesecmod == null)
{
jcesecmod = new EMVDESSecurity(lmkFilePath);
}
TLV _8A;
bool isApproved = true;
if (isApproved)
{
_8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcApproved);
}
else
{
_8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcDeclined);
}
byte[] arpc = jcesecmod.VerifyCryptogramGenARPC(tlv, cryptoMetaData, _8A.Value, mkACEncrypted, mkACEncryptedCV);
return(arpc);
}
public static byte[] CalculateVISLegacyPinBlockCVN_10_18(String newPin, IKey deaKey)
{
byte[] block1 = Formatting.HexStringToByteArray(new String(FormatPINBlock(newPin, 0x0)));
byte[] block2 = new byte[8];
Array.Copy(deaKey.GetEncoded(), 4, block2, 4, 4);
byte[] pinBlock = Formatting.Xor(block1, block2);
byte length = (byte)pinBlock.Length;
pinBlock = Formatting.ConcatArrays(new byte[] { length }, pinBlock);
pinBlock = EMVDESSecurity.PaddingISO9797Method2(pinBlock);
return(pinBlock);
}
private ApproverResponseBase DoEMVAuth(ApproverRequestBase requestIn)
{
EMVApproverRequest request = ((EMVApproverRequest)requestIn);
CryptoMetaData cryptoMetaData = EMVDESSecurity.BuildCryptoMeta(request.EMV_Data);
//Do additional checking here, e.g. customer balances etc
//if decline set isApproved to false
bool isApproved = true;
//do we want to send back a pin change script,
string newPin = "";// = "4315";
//decide whether to send 71 or 72 script template, 71 scripts applied before 2nd gen ac , 72 scripts applied after 2nd gen ac
bool doPinChangeBefore = false;
TLV _8A;
string responseMessage;
if (isApproved)
{
_8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcApproved);
responseMessage = "Approved";
}
else
{
_8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcDeclined);
responseMessage = "Declined";
}
TLV _91;
byte[] arpc;
//returns null if arqc cannot be verified
if (cryptoMetaData.CryptoVersion == CrptoVersionEnum._18)
{
arpc = EMVDESSecurity.VerifyCryptogramGenARPC(request.EMV_Data, cryptoMetaData, PackCSU());
}
else
{
arpc = EMVDESSecurity.VerifyCryptogramGenARPC(request.EMV_Data, cryptoMetaData, _8A.Value);
}
if (arpc != null)
{
_91 = Pack91(cryptoMetaData, arpc, _8A);// TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, Formatting.ConcatArrays(arpc, _8A.Value));
Logger.Log("Tx approved: " + isApproved + " ARQC passed, ARPC is " + Formatting.ByteArrayToHexString(arpc));
}
else
{
isApproved = false;
responseMessage = "Tx Declined: ARQC Failure";
_8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, new byte[] { 0x20, 0x20 });
_91 = Pack91(cryptoMetaData, arpc, _8A); //TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, new byte[8]);
Logger.Log("ARQC failed");
}
byte[] _86 = new byte[0];
//don't allow pin change if arqc could not be validated
if (!string.IsNullOrWhiteSpace(newPin) && arpc != null)
{
try
{
TLV _9F26 = request.EMV_Data.Children.Get(EMVTagsEnum.APPLICATION_CRYPTOGRAM_9F26_KRN.Tag);
if (_9F26 == null)
{
throw new Exception("No Cryptogram found");
}
//TODO: for mchip we must increment the arqc by one for each subsequent command created
_86 = EMVDESSecurity.CalculatePinChangeScript(request.EMV_Data, cryptoMetaData, newPin, _9F26.Value);
}
catch
{
_86 = new byte[0];
}
}
TLV _71TLV;
TLV _72TLV;
if (doPinChangeBefore)
{
_71TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_1_71_KRN.Tag);
_71TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x71, (byte)_86.Length }, _86), 0);
_72TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_2_72_KRN.Tag);
_72TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x72, 0x00 }, new byte[0]), 0);
}
else
{
_72TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_2_72_KRN.Tag);
_72TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x72, (byte)_86.Length }, _86), 0);
_71TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_1_71_KRN.Tag);
_71TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x71, 0x00 }, new byte[0]), 0);
}
return(new EMVApproverResponse()
{
IsApproved = isApproved,
ResponseMessage = responseMessage,
AuthCode_8A = _8A,
IssuerAuthData_91 = _91,
IssuerScriptTemplate_72 = _72TLV,
IssuerScriptTemplate_71 = _71TLV,
});
}
public static byte[] generateCryptogram17(byte[] iccACMasterKey, byte[] data)
{
IKey mcAC = JCEHandler.FormDESKey(SMAdapter.LENGTH_DES3_2KEY, iccACMasterKey);
return(EMVDESSecurity.CalculateMACISO9797Alg3(mcAC, data));
}
