Exemplo n.º 1
0
        public static byte[] VerifyCardSignature(TLV tlv)
        {
            CryptoMetaData cryptoMetaData = EMVDESSecurity.BuildCryptoMeta(tlv);

            //fire up HSM
            if (jcesecmod == null)
            {
                jcesecmod = new EMVDESSecurity(lmkFilePath);
            }

            TLV  _8A;
            bool isApproved = true;

            if (isApproved)
            {
                _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcApproved);
            }
            else
            {
                _8A = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcDeclined);
            }

            byte[] arpc = jcesecmod.VerifyCryptogramGenARPC(tlv, cryptoMetaData, _8A.Value, mkACEncrypted, mkACEncryptedCV);

            return(arpc);
        }
Exemplo n.º 2
0
        public static byte[] CalculateVISLegacyPinBlockCVN_10_18(String newPin, IKey deaKey)
        {
            byte[] block1 = Formatting.HexStringToByteArray(new String(FormatPINBlock(newPin, 0x0)));
            byte[] block2 = new byte[8];
            Array.Copy(deaKey.GetEncoded(), 4, block2, 4, 4);
            byte[] pinBlock = Formatting.Xor(block1, block2);
            byte   length   = (byte)pinBlock.Length;

            pinBlock = Formatting.ConcatArrays(new byte[] { length }, pinBlock);
            pinBlock = EMVDESSecurity.PaddingISO9797Method2(pinBlock);
            return(pinBlock);
        }
        private ApproverResponseBase DoEMVAuth(ApproverRequestBase requestIn)
        {
            EMVApproverRequest request = ((EMVApproverRequest)requestIn);

            CryptoMetaData cryptoMetaData = EMVDESSecurity.BuildCryptoMeta(request.EMV_Data);

            //Do additional checking here, e.g. customer balances etc
            //if decline set isApproved to false
            bool isApproved = true;
            //do we want to send back a pin change script,
            string newPin = "";// = "4315";
            //decide whether to send 71 or 72 script template, 71 scripts applied before 2nd gen ac , 72 scripts applied after 2nd gen ac
            bool doPinChangeBefore = false;

            TLV    _8A;
            string responseMessage;

            if (isApproved)
            {
                _8A             = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcApproved);
                responseMessage = "Approved";
            }
            else
            {
                _8A             = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, arcDeclined);
                responseMessage = "Declined";
            }

            TLV _91;

            byte[] arpc;
            //returns null if arqc cannot be verified
            if (cryptoMetaData.CryptoVersion == CrptoVersionEnum._18)
            {
                arpc = EMVDESSecurity.VerifyCryptogramGenARPC(request.EMV_Data, cryptoMetaData, PackCSU());
            }
            else
            {
                arpc = EMVDESSecurity.VerifyCryptogramGenARPC(request.EMV_Data, cryptoMetaData, _8A.Value);
            }

            if (arpc != null)
            {
                _91 = Pack91(cryptoMetaData, arpc, _8A);// TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, Formatting.ConcatArrays(arpc, _8A.Value));
                Logger.Log("Tx approved: " + isApproved + " ARQC passed, ARPC is " + Formatting.ByteArrayToHexString(arpc));
            }
            else
            {
                isApproved      = false;
                responseMessage = "Tx Declined: ARQC Failure";
                _8A             = TLV.Create(EMVTagsEnum.AUTHORISATION_RESPONSE_CODE_8A_KRN.Tag, new byte[] { 0x20, 0x20 });
                _91             = Pack91(cryptoMetaData, arpc, _8A); //TLV.Create(EMVTagsEnum.ISSUER_AUTHENTICATION_DATA_91_KRN.Tag, new byte[8]);
                Logger.Log("ARQC failed");
            }

            byte[] _86 = new byte[0];
            //don't allow pin change if arqc could not be validated
            if (!string.IsNullOrWhiteSpace(newPin) && arpc != null)
            {
                try
                {
                    TLV _9F26 = request.EMV_Data.Children.Get(EMVTagsEnum.APPLICATION_CRYPTOGRAM_9F26_KRN.Tag);
                    if (_9F26 == null)
                    {
                        throw new Exception("No Cryptogram found");
                    }
                    //TODO: for mchip we must increment the arqc by one for each subsequent command created
                    _86 = EMVDESSecurity.CalculatePinChangeScript(request.EMV_Data, cryptoMetaData, newPin, _9F26.Value);
                }
                catch
                {
                    _86 = new byte[0];
                }
            }

            TLV _71TLV;
            TLV _72TLV;

            if (doPinChangeBefore)
            {
                _71TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_1_71_KRN.Tag);
                _71TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x71, (byte)_86.Length }, _86), 0);

                _72TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_2_72_KRN.Tag);
                _72TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x72, 0x00 }, new byte[0]), 0);
            }
            else
            {
                _72TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_2_72_KRN.Tag);
                _72TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x72, (byte)_86.Length }, _86), 0);

                _71TLV = TLV.Create(EMVTagsEnum.ISSUER_SCRIPT_TEMPLATE_1_71_KRN.Tag);
                _71TLV.Deserialize(Formatting.ConcatArrays(new byte[] { 0x71, 0x00 }, new byte[0]), 0);
            }

            return(new EMVApproverResponse()
            {
                IsApproved = isApproved,
                ResponseMessage = responseMessage,
                AuthCode_8A = _8A,
                IssuerAuthData_91 = _91,
                IssuerScriptTemplate_72 = _72TLV,
                IssuerScriptTemplate_71 = _71TLV,
            });
        }
Exemplo n.º 4
0
        public static byte[] generateCryptogram17(byte[] iccACMasterKey, byte[] data)
        {
            IKey mcAC = JCEHandler.FormDESKey(SMAdapter.LENGTH_DES3_2KEY, iccACMasterKey);

            return(EMVDESSecurity.CalculateMACISO9797Alg3(mcAC, data));
        }