c# - 尝试建立安全消息传递时返回 6988 响应
问题描述
我正在尝试根据 ISO 7816-4 在接口设备和 Java 智能卡之间建立 ISO 安全消息传递,这是身份验证个性化的要求。
该卡支持Java card 3.0.5 / Global platform 2.3 with SCP02。我能够通过 GP 身份验证并尝试建立 ISO 安全消息传递来使用 ISD 进行身份验证,但不幸的是,由于卡不断返回 6988(SM-DO 不正确),因此没有运气。
以下是我目前正在做的逐步跟踪日志,也许有人可以帮助我检测我做错了什么或告诉我需要做什么谢谢。
Set Security Environment - MSE Perso OID
[TRACE] APDU Buffer[0022C1A406800109830108] => Response[9000]
AUTHENTICATION AND ESTABLISHMENT OF SESSION KEYS Start.
[TRACE] 1. Request an 8 byte random number IC
[TRACE] APDU Buffer[0084000008] => Response[6A0D494142B1E1319000]
[TRACE] RND.IC = 6A0D494142B1E131
[TRACE] 2. Generate an 8 byte random and a 16 byte random
[TRACE] RND.IFD = 0D851519BAD4164D
[TRACE] KIFD = 40C60DA70EE38D09A892DEB496E892ED
[TRACE] 3. Concatenate RND.IFD, RND.IC and KIFD
[TRACE] S = 0D851519BAD4164D6A0D494142B1E13140C60DA70EE38D09A892DEB496E892ED
[TRACE] 4. Encrypt S with 3DES key KEnc
[TRACE] EIFD = 6919119AA8695E134B51D3BBF74220B07DA63F641523BCDB77817DCB0209F6D5
[TRACE] 5. Compute MAC over EIFD with 3DES key KMAC
[TRACE] MIFD = FD2F7F08A9386738
[TRACE] 6. Construct and send command data for EXTERNAL AUTHENTICATE
[TRACE] cmd_data = 6919119AA8695E134B51D3BBF74220B07DA63F641523BCDB77817DCB0209F6D5FD2F7F08A9386738
[TRACE] APDU Buffer[00820000286919119AA8695E134B51D3BBF74220B07DA63F641523BCDB77817DCB0209F6D5FD2F7F08A938673800] => Response[31A0CD97BAFFB04679E88CF797ABDB5FD00D0C5D98153A9935F2AD65B020957CE4537D9F87879BA49000]
[TRACE] Recived Data = 31A0CD97BAFFB04679E88CF797ABDB5FD00D0C5D98153A9935F2AD65B020957CE4537D9F87879BA4
[TRACE] 7. Verify MAC
[TRACE] - Recived MAC E4537D9F87879BA4
[TRACE] - Calculated MAC E4537D9F87879BA4
[TRACE] Verify MAC Succesfully.
[TRACE] 8. Decrypt and compare received data
[TRACE] Decrypted Data = 6A0D494142B1E1310D851519BAD4164DA8F85FAE9698174CA2BE68608CF0FBE1
[TRACE] - Card Challenge (RIC) 6A0D494142B1E131
[TRACE] - Received HostChallenge 0D851519BAD4164D
[TRACE] - Received Card Key (KIC) A8F85FAE9698174CA2BE68608CF0FBE1
[TRACE] 9. Verify Recived RND.IFD with generated RND.IFD
[TRACE] - Recived RND.IFD 0D851519BAD4164D
[TRACE] - Generated RND.IFD 0D851519BAD4164D
[TRACE] Verified Succesfully..
Key Derivation Process Start..
[TRACE] 10. Calculate XOR of KIFD and KIC
[TRACE] - KIFD Key = 40C60DA70EE38D09A892DEB496E892ED
[TRACE] - KIC Key = A8F85FAE9698174CA2BE68608CF0FBE1
[TRACE] XOR Keys (Seed) = E83E5209987B9A450A2CB6D41A18690C
[TRACE] 11. Compute encryption key (c = 00000001)
[TRACE] Concatenate Kseed and c (D) = E83E5209987B9A450A2CB6D41A18690C00000001
[TRACE] 12. Calculate the SHA-1 hash of D
[TRACE] HSHA-1(D) = 0A30A42CCCB2ED7BFF1A27D3A33BEF615140F85E
[TRACE] 13. Get 16 byte of Hash as a Session Key for Encryption
[TRACE] SKeyEnc = 0A30A42CCCB2ED7BFF1A27D3A33BEF61
[TRACE] 14. Derive Ka and Kb from SKeyEnc
[TRACE] SKeyEnc - Ka = 0A30A42CCCB2ED7B
[TRACE] SKeyEnc - Kb = FF1A27D3A33BEF61
[TRACE] 15. Adjust parity bits
[TRACE] SKeyEnc - Ka Adjusted = 0B31A42CCDB3EC7A
[TRACE] SKeyEnc - Kb Adjusted = FE1A26D3A23BEF61
[TRACE] 16. Compute MAC computation key (c = 00000002)
[TRACE] Concatenate Kseed and c (D) = E83E5209987B9A450A2CB6D41A18690C00000002
[TRACE] 17. Calculate the SHA-1 hash of D
[TRACE] HSHA-1(D) = 1003F1D52F09105A7C85D88590B6473673C2BEE1
[TRACE] 18. Get 16 byte of Hash as a Session Key for MAC
[TRACE] Skeymac = 1003F1D52F09105A7C85D88590B64736
[TRACE] 19. Derive Ka and Kb from SKeyEnc
[TRACE] SMackey - Ka = 1003F1D52F09105A
[TRACE] Skeymac - Kb = 7C85D88590B64736
[TRACE] 20. Adjust parity bits
[TRACE] SMackey - Ka Adjusted = 1002F1D52F08105B
[TRACE] SMackey - Kb Adjusted = 7C85D98591B64637
Generate Sequence Counter
[TRACE] Card Challenge is 6A0D494142B1E131
[TRACE] HostChallenege is 0D851519BAD4164D
[TRACE] SSC = 42B1E131BAD4164D
Start Secure Channel..
PutErrorsMap - MapIsoError
[TRACE] PLAIN APDU COMMAND [00DA01B60A6A86628269836983698400]
Constructing Protected APDU....
[TRACE] 1. Add Mask to CLA and add header Padding.
[TRACE] CmdHeader = 0CDA01B680000000
[TRACE] 2. Pad Data
[TRACE] Data = 6A866282698369836984800000000000
[TRACE] 3. Encrypt data with KSEnc (0A30A42CCCB2ED7BFF1A27D3A33BEF61)
[TRACE] EncryptedData = A7448FC08AD1B16F1DDC32E5E30031A2
[TRACE] 4. Build DO‘87’
[TRACE] DO87 = 871101A7448FC08AD1B16F1DDC32E5E30031A2
[TRACE] 5. Concatenate CmdHeader and DO‘87’
[TRACE] M = 0CDA01B680000000871101A7448FC08AD1B16F1DDC32E5E30031A2
[TRACE] 6. Increase Sequence Counter, New Value is : 42B1E131BAD4164E
[TRACE] 7. Build DO‘97’
[TRACE] DO97 = 970100
[TRACE] 8. Concatenate SSC and M and DO97
[TRACE] N = 42B1E131BAD4164E0CDA01B680000000871101A7448FC08AD1B16F1DDC32E5E30031A2970100
[TRACE] 9. add padding
[TRACE] N = 42B1E131BAD4164E0CDA01B680000000871101A7448FC08AD1B16F1DDC32E5E30031A29701008000
[TRACE] 10. Compute MAC over N with KSMAC (1003F1D52F09105A7C85D88590B64736)
[TRACE] CC = 4F1AE0D9B18340E5
[TRACE] 11. Build DO‘8E’
[TRACE] DO8E = 8E084F1AE0D9B18340E5
[TRACE] 12. Construct and send protected APDU
[TRACE] ProtectedAPDU = 0CDA01B620871101A7448FC08AD1B16F1DDC32E5E30031A29701008E084F1AE0D9B18340E500
[TRACE] APDU Buffer[0CDA01B620871101A7448FC08AD1B16F1DDC32E5E30031A29701008E084F1AE0D9B18340E500] => Response[6988]
任何帮助将不胜感激。
谢谢
解决方案
推荐阅读
- c++ - 如何在 C++ 中将指针指定为“thread_local”存储?
- python - 我无法使用我的 jupyter notebook/jupyter lab,它是空白的
- ruby-on-rails - Ransacker:不支持的参数类型:字符串。改为构造一个 Arel 节点
- java - 使用 Hibernate 将 CSV 文件动态映射到数据库表
- sql - PowerPivot 导入中的 SQL 查询,使用单词“flag”作为列别名会破坏工作簿
- azure - Azure SQL 托管实例路由表
- protractor - 无法通过量角器关注 iframe 下的文本字段
- elasticsearch - 我的 MATCH 查询没有返回所有匹配的文档 Elastic
- angular - Angular 7:一个组件的测试失败与另一个组件有关
- swift - 如何处理 mouseEntered:带有圆角的 NSView 上的事件