验证卡认证密码

Verify Card Authentication Cryptogram

我在执行 Verify Card Authentication Cryptogram 时遇到问题,signature 的结果 不等于 the cryptogram sent by the card

select_ret: 6F108408A000000003000000A5049F6501FF9000

AID: A000000003000000

host_challenge: 1122334455667788

init_update_ret: 00000000000000000000 FF02 005CD352A259A8F2 D5DF4D69873546C3 9000
                                           card_challenge   card_cryptogram?
key_diversification_data: 00000000000000000000

key_information_data: FF02

card_challenge: 005CD352A259A8F2

card_cryptogram: D5DF4D69873546C3

enc_session:  339F1D7F5D5841EB034F5CE234557894

cmac_session: C6713F31B8DC1F8905DFECB4065CB81E

dek_session:  06E72D52EEFBD1D8DB5C230C3F2B56E9
              
cryptogram_data: 1122334455667788 005CD352A259A8F2 8000000000000000
                 host_challenge   card_challenge
                                  
cryptogram_session: A9A159B6CB28156194027554A8603DDF 59A7313E1B3293B2
                                                     signature?

验证卡认证密文: 连接 8-byte host challenge8-byte card challenge 导致 a 16-byte block。使用 enc_session 签署 数据 1122334455667788 + 005CD352A259A8F2 + 8000000000000000DES_MAC4_ISO9797_M1, ICV=0

我试过如下,但我得到签名(59A7313E1B3293B2)不等于card_cryptogram(D5DF4D69873546C3)?

我卡在了 MACEncrypt (DES_MAC4_ISO9797_M1),你觉得这个函数正确吗?谢谢。

byte[] cryptogram_iv = ToHexBytes("0000000000000000");
byte[] cryptogram_key = ToHexBytes("339F1D7F5D5841EB034F5CE234557894");
byte[] host_challenge = ToHexBytes("1122334455667788");
byte[] card_challenge = ToHexBytes("005CD352A259A8F2");

byte[] cryptogram_data = Append(host_challenge, card_challenge, ToHexBytes("8000000000000000"));
    
byte[] cryptogram_session = MACEncrypt(cryptogram_iv, cryptogram_key, cryptogram_data);
// cryptogram_session = A9A159B6CB28156194027554A8603DDF 59A7313E1B3293B2

//

// DES_MAC4_ISO9797_M1
private byte[] MACEncrypt(byte[] iv, byte[] key, byte[] data) 
{
    try
    {
        MACTripleDES mac = new MACTripleDES(key);
        TripleDES tdes = new TripleDESCryptoServiceProvider();
        tdes.Mode = CipherMode.CBC;
        tdes.Padding = PaddingMode.None;
        MemoryStream streamOut = new MemoryStream();
        CryptoStream streamCrypto = new CryptoStream(streamOut, tdes.CreateEncryptor(key, iv), CryptoStreamMode.Write);
        streamCrypto.Write(data, 0, data.Length);
        streamCrypto.FlushFinalBlock();
        return streamOut.ToArray();
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message);
    }
    return new byte[0];
}

DES_MAC4_ISO9797_M1 工作正常,我的错误是在 enc_session, cmac_session, and dek_sessioninit_updateplain 之间使用了不同的 sequence counter。在我匹配所有 sequence counter 后,一切正常。