在SCP02的规则下打开安全通道的流程大致如下:
显式打开安全通道由两条命令来完成:
1,INITIALIZE UPDATE
2,EXTERNAL AUTHENTICATE
具体命令解释如下:
1,INITIALIZ E UPDATE:80 50 00 00 08 XX XX XX XX XX XX XX XX
解释下这条命令,这条命令实际上就是向智能卡送入一个随机数(8个XX),这个随机数产生的规则由主机程序自己定义。GP规范中称其为Host Challange
智能卡收到这条命令之后就会返回28个字节的响应数据,返回的数据包括:Key diversification(10Bytes)|key information(2Bytes)|
sequence Counter(2Bytes)|card challenge(6bytes)|card cryptogram(8BYtes),参考下面的实例。
====================================================================================================================
exchangeapdu "0x80 0x50 0x00 0x00 0x08 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08"
SEND -> HEADER: 80 50 00 00 Lc = 008d
0 1 2 3 4 5 6 7 8 9 A B C D E F
------------------------------------------------
00| 01 02 03 04 05 06 07 08
//host challenge: 01 02 03 04 05 06 07 08
RECEIVE -> STATUS: 611C
SEND -> GET RESPONSE
HEADER: 80 C0 00 00 Le = 028d
RECEIVE -> STATUS: 9000
0 1 2 3 4 5 6 7 8 9 A B C D E F
------------------------------------------------
00| 00 00 72 95 71 32 36 00 68 68 FF 02 00 08 8B 32
01| 0E C6 0E 9B F5 A6 DB F1 B3 FE B8 75
//以上这段是智能卡在收到Host Challenge之后的Response。
//Key diversification: 00 00 72 95 71 32 36 00 68 68
//key information: FF 02
//sequence Counter: 00 08
//card challenge: 8B 32 0E C6 0E 9B
//card cryptogram: F5 A6 DB F1 B3 FE B8 75
========================================================================================================================
首先外部应用程序需要认证智能卡,也就是根据智能卡传回的数据和自己产生的Host Challenge以及应用程序事先应该知道的静态KEY
按照一定的规则计算出一个密文出来和卡返回的card cryptogram,进行比较,如果一致的那说明卡通过了外部应用程序的认证。
Host根据卡返回的数据校验card cryptogram的过程如下:
首先需要根据静态的Key(下面计算过程中的静态Key全部是0x40 0x41 0x42 0x43 0x44 0x45 0x46 0x47 0x48 0x49 0x4a 0x4b 0x4c 0x4d 0x4e 0x4f)
产生一套SessionKey,包括C-MAC Session Key,R-MAC Session Key,S-ENC Session Key,S-DEK Session Key
这4种SessionKey。
按照SCP02的规则产生Session Keys的过程如下:
step1: Generating the Secure Channel C-MAC session keys
Derivation Data = Constant(2bytes) | Sequence Counter(2bytes) | 00 00...00(12bytes)
= 01 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00
C-MAC Session Key = 3DES-CBC[S-MAC](Derivation Data) = 01 5a 6c 21 17 aa ae 94 57 61 4e 5d af 04 29 b9
step2: Generating the Secure Channel R-MAC session keys
Derivation Data = Constant(2bytes) | Sequence Counter(2bytes) | 00 00...00(12bytes)
= 01 02 00 08 00 00 00 00 00 00 00 00 00 00 00 00
R-MAC Session Key = 3DES-CBC[S-MAC](Derivation Data) = a4 82 e6 d5 a5 d3 83 13 0b b2 71 a8 57 8f 3b 16
step3: Generating the Secure Channel encryption session keys
Derivation Data = Constant(2bytes) | Sequence Counter(2bytes) | 00 00...00(12bytes)
= 01 82 00 08 00 00 00 00 00 00 00 00 00 00 00 00
S-ENC Session Key = 3DES-CBC[S-MAC](Derivation Data) = 64 0d 58 ca 61 ad 53 ba bb e5 48 36 8d 81 da 20
step4: Generating the Secure Channel data encryption session keys
Derivation Data = Constant(2bytes) | Sequence Counter(2bytes) | 00 00...00(12bytes)
= 01 81 00 08 00 00 00 00 00 00 00 00 00 00 00 00
S-DEK Session Key = 3DES-CBC[S-MAC](Derivation Data) = b4 f7 5c e0 a9 5e a3 f8 6b bd 05 1c b7 7c 0f ae
在SCP02规则下计算Card Authentication Cryptogram的过程如下:
ICV = 00 00 00 00 00 00 00 00
Derivation Data = 8bytes Host Challange | 2bytes Sequence Counter | 6bytes Card Challange | 80 00 00 00 00 00 00 00
= 01 02 03 04 05 06 07 08 00 08 8B 32 0E C6 0E 9B 80 00 00 00 00 00 00 00
Card Cryptogram = 3DES-CBC[S-ENC Session Key | ICV](Derivation Data)
= F5 A6 DB F1 B3 FE B8 75
//Host 计算出来自己的Card Cryptogram再去和卡传回来的比较,就完成了外部程序认证卡的过程。
Host计算出来的Card Cryptogram和卡传回来的是一致的,第一步完成了!
接下来卡还要认证外部应用程序,外部应用程序同样根据卡传回来的数据和Host Challenge计算一个Host Cryptogram传给卡,卡内部
会来校验传给卡的数据的合法性的
看看怎样来计算Host Authentication Cryptogram,其过程如下:
ICV = 00 00 00 00 00 00 00 00
Derivation Data = 2bytes Sequence Counter | 6bytes Card Challange | 8bytes Host Challange | 80 00 00 00 00 00 00 00
= 00 08 8B 32 0E C6 0E 9B 01 02 03 04 05 06 07 08 80 00 00 00 00 00 00 00
Host Cryptogram = 3DES-CBC[S-ENC Session Key | ICV](Derivation Data)
= b9 8d e2 87 b7 7f 7d 30
计算好了Host Cryptogram之后,由于传给卡的数据需要带MAC校验值,下面看看C-MAC的计算规则。
HOST把Host Cryptogram传送给智能卡是通过命令EXTERNAL AUTHENTICATE来实现的。
其命令结构是:APDU Header | Host Cryptogram(8Bytes) | MAC(8Bytes)
其中APDU Header = 84 82 00 00 10
接着就需要计算C-MAC值了,其过程如下:
ICV = 00 00 00 00 00 00 00 00
Derivation Data = APDU Header | Host Cryptogram(Data Filed) | (padding value)
= 84 82 00 00 10 b9 8d e2 87 b7 7f 7d 30 80 00 00
把Derivation Data分割为2个部分:DerivationData_lefthalf = 84 82 00 00 10 b9 8d e2
DerivationData_righthalf= 87 b7 7f 7d 30 80 00 00
ICV1 = DES-CBC[first half of C-MAC Session Key | ICV](DerivationData_lefthalf)
= B8 01 83 80 5F 24 DF 56
MAC = 3DES-CBC[C-MAC Session Key | ICV1](DerivationData_righthalf)
= 33 7B 1E E8 E3 C8 9A DA
计算好了MAC值,就可以把Host Challenge 和 MAC一起通过如下命令发送到智能卡验证是否成功!
=======================================================================================================================
exchangeapdu "0x84 0x82 0x00 0x00 0x10 0xb9 0x8d 0xe2 0x87 0xb7 0x7f 0x7d 0x30 0x33 0x7B 0x1E 0xE8 0xE3 0xC8 0x9A 0xDA"
SEND -> HEADER: 84 82 00 00 Lc = 016d
0 1 2 3 4 5 6 7 8 9 A B C D E F
------------------------------------------------
00| B9 E2 87 B7 7F 7D 30 33 7B 1E E8 E3 C8 9A DA
RECEIVE -> STATUS: 9000
=======================================================================================================================
打开安全通道成功
显式打开安全通道由两条命令来完成:
1,INITIALIZE UPDATE
2,EXTERNAL AUTHENTICATE
具体命令解释如下:
1,INITIALIZ E UPDATE:80 50 00 00 08 XX XX XX XX XX XX XX XX
解释下这条命令,这条命令实际上就是向智能卡送入一个随机数(8个XX),这个随机数产生的规则由主机程序自己定义。GP规范中称其为Host Challange
智能卡收到这条命令之后就会返回28个字节的响应数据,返回的数据包括:Key diversification(10Bytes)|key information(2Bytes)|
sequence Counter(2Bytes)|card challenge(6bytes)|card cryptogram(8BYtes),参考下面的实例。
====================================================================================================================
exchangeapdu "0x80 0x50 0x00 0x00 0x08 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08"
SEND -> HEADER: 80 50 00 00 Lc = 008d
0 1 2 3 4 5 6 7 8 9 A B C D E F
------------------------------------------------
00| 01 02 03 04 05 06 07 08
//host challenge: 01 02 03 04 05 06 07 08
RECEIVE -> STATUS: 611C
SEND -> GET RESPONSE
HEADER: 80 C0 00 00 Le = 028d
RECEIVE -> STATUS: 9000
0 1 2 3 4 5 6 7 8 9 A B C D E F
------------------------------------------------
00| 00 00 72 95 71 32 36 00 68 68 FF 02 00 08 8B 32
01| 0E C6 0E 9B F5 A6 DB F1 B3 FE B8 75
//以上这段是智能卡在收到Host Challenge之后的Response。
//Key diversification: 00 00 72 95 71 32 36 00 68 68
//key information: FF 02
//sequence Counter: 00 08
//card challenge: 8B 32 0E C6 0E 9B
//card cryptogram: F5 A6 DB F1 B3 FE B8 75
========================================================================================================================
首先外部应用程序需要认证智能卡,也就是根据智能卡传回的数据和自己产生的Host Challenge以及应用程序事先应该知道的静态KEY
按照一定的规则计算出一个密文出来和卡返回的card cryptogram,进行比较,如果一致的那说明卡通过了外部应用程序的认证。
Host根据卡返回的数据校验card cryptogram的过程如下:
首先需要根据静态的Key(下面计算过程中的静态Key全部是0x40 0x41 0x42 0x43 0x44 0x45 0x46 0x47 0x48 0x49 0x4a 0x4b 0x4c 0x4d 0x4e 0x4f)
产生一套SessionKey,包括C-MAC Session Key,R-MAC Session Key,S-ENC Session Key,S-DEK Session Key
这4种SessionKey。
按照SCP02的规则产生Session Keys的过程如下:
step1: Generating the Secure Channel C-MAC session keys
Derivation Data = Constant(2bytes) | Sequence Counter(2bytes) | 00 00...00(12bytes)
= 01 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00
C-MAC Session Key = 3DES-CBC[S-MAC](Derivation Data) = 01 5a 6c 21 17 aa ae 94 57 61 4e 5d af 04 29 b9
step2: Generating the Secure Channel R-MAC session keys
Derivation Data = Constant(2bytes) | Sequence Counter(2bytes) | 00 00...00(12bytes)
= 01 02 00 08 00 00 00 00 00 00 00 00 00 00 00 00
R-MAC Session Key = 3DES-CBC[S-MAC](Derivation Data) = a4 82 e6 d5 a5 d3 83 13 0b b2 71 a8 57 8f 3b 16
step3: Generating the Secure Channel encryption session keys
Derivation Data = Constant(2bytes) | Sequence Counter(2bytes) | 00 00...00(12bytes)
= 01 82 00 08 00 00 00 00 00 00 00 00 00 00 00 00
S-ENC Session Key = 3DES-CBC[S-MAC](Derivation Data) = 64 0d 58 ca 61 ad 53 ba bb e5 48 36 8d 81 da 20
step4: Generating the Secure Channel data encryption session keys
Derivation Data = Constant(2bytes) | Sequence Counter(2bytes) | 00 00...00(12bytes)
= 01 81 00 08 00 00 00 00 00 00 00 00 00 00 00 00
S-DEK Session Key = 3DES-CBC[S-MAC](Derivation Data) = b4 f7 5c e0 a9 5e a3 f8 6b bd 05 1c b7 7c 0f ae
在SCP02规则下计算Card Authentication Cryptogram的过程如下:
ICV = 00 00 00 00 00 00 00 00
Derivation Data = 8bytes Host Challange | 2bytes Sequence Counter | 6bytes Card Challange | 80 00 00 00 00 00 00 00
= 01 02 03 04 05 06 07 08 00 08 8B 32 0E C6 0E 9B 80 00 00 00 00 00 00 00
Card Cryptogram = 3DES-CBC[S-ENC Session Key | ICV](Derivation Data)
= F5 A6 DB F1 B3 FE B8 75
//Host 计算出来自己的Card Cryptogram再去和卡传回来的比较,就完成了外部程序认证卡的过程。
Host计算出来的Card Cryptogram和卡传回来的是一致的,第一步完成了!
接下来卡还要认证外部应用程序,外部应用程序同样根据卡传回来的数据和Host Challenge计算一个Host Cryptogram传给卡,卡内部
会来校验传给卡的数据的合法性的
看看怎样来计算Host Authentication Cryptogram,其过程如下:
ICV = 00 00 00 00 00 00 00 00
Derivation Data = 2bytes Sequence Counter | 6bytes Card Challange | 8bytes Host Challange | 80 00 00 00 00 00 00 00
= 00 08 8B 32 0E C6 0E 9B 01 02 03 04 05 06 07 08 80 00 00 00 00 00 00 00
Host Cryptogram = 3DES-CBC[S-ENC Session Key | ICV](Derivation Data)
= b9 8d e2 87 b7 7f 7d 30
计算好了Host Cryptogram之后,由于传给卡的数据需要带MAC校验值,下面看看C-MAC的计算规则。
HOST把Host Cryptogram传送给智能卡是通过命令EXTERNAL AUTHENTICATE来实现的。
其命令结构是:APDU Header | Host Cryptogram(8Bytes) | MAC(8Bytes)
其中APDU Header = 84 82 00 00 10
接着就需要计算C-MAC值了,其过程如下:
ICV = 00 00 00 00 00 00 00 00
Derivation Data = APDU Header | Host Cryptogram(Data Filed) | (padding value)
= 84 82 00 00 10 b9 8d e2 87 b7 7f 7d 30 80 00 00
把Derivation Data分割为2个部分:DerivationData_lefthalf = 84 82 00 00 10 b9 8d e2
DerivationData_righthalf= 87 b7 7f 7d 30 80 00 00
ICV1 = DES-CBC[first half of C-MAC Session Key | ICV](DerivationData_lefthalf)
= B8 01 83 80 5F 24 DF 56
MAC = 3DES-CBC[C-MAC Session Key | ICV1](DerivationData_righthalf)
= 33 7B 1E E8 E3 C8 9A DA
计算好了MAC值,就可以把Host Challenge 和 MAC一起通过如下命令发送到智能卡验证是否成功!
=======================================================================================================================
exchangeapdu "0x84 0x82 0x00 0x00 0x10 0xb9 0x8d 0xe2 0x87 0xb7 0x7f 0x7d 0x30 0x33 0x7B 0x1E 0xE8 0xE3 0xC8 0x9A 0xDA"
SEND -> HEADER: 84 82 00 00 Lc = 016d
0 1 2 3 4 5 6 7 8 9 A B C D E F
------------------------------------------------
00| B9 E2 87 B7 7F 7D 30 33 7B 1E E8 E3 C8 9A DA
RECEIVE -> STATUS: 9000
=======================================================================================================================
打开安全通道成功