SCP03卡密码计算

SCP03 card cryptogram calculation

根据 GlobalPlatform Secure Channel Protocol '03' Card Specification v2.3 – amendment DVersion 1.1.2,我正在尝试验证从 eUICC 收到的密码,以便建立一个 SCP03 到目标 ISD-P。我可以手动生成并验证卡片质询,但无法生成卡片密码。我错过了什么?

Host challenge: AF6B2B0E174BA140
Card challenge: E7359F8EEC577E51
Card cryptogram: 86B91FBEA0E67D33
Sequence Number: 000007

keyMAC = keyENC = AA75D7A83CF20FE79C606FF1B7E2CEB4

L = 0040
derviationConstant = 00
Label = 11 x '00' + derviationConstant
context = host challenge + card challenge

input data for CMAC = Label + '00' + L + '01' + context

S-MAC = CMAC('00000000000000000000000600008001AF6B2B0E174BA140E7359F8EEC577E51', keyENC)
(which is S-MAC: D8CA1E32C16EC4528E4BAC561F029DE3)

cardCryptogram = CMAC('00000000000000000000000000004001AF6B2B0E174BA140E7359F8EEC577E51', S-MAC)
(which gives EE97D403A7508CF2D6D0E6002C0FE126 that its 8 most left bytes are not as same as what I got from the eUICC)

我验证了密码。根据eUICC的烧录模板,我认为keyENC和keyMAC是一样的。另一方面,在基于X9.63方法提取静态密钥时,我将长度设置为32(16字节用于收据验证,其余为keyENC和keyMAC)。我将长度设置为 48,得到键 MAC,从键 MAC 生成 S-MAC,然后 CMAC(fixedInputData, S-MAC ) == cardCryptogram.