[Globalplatform-developers] Card Challenge generation on SCP93

[Sette A. <ago...@te...>]

Hi,

I am trying to develop my own SCP03 protocol and for this reason I cloned this

git clone https://git.code.sf.net/p/globalplatform/git globalplatform-git

as a starting point, first to understand how to proceed and then to check if what I did was correct.
I verified almost everything except the Card Challenge, to be clear I would like to know how it is generated.
As far a I know it should be generated as follows:

Card challenge (8 bytes) (with PRNG):

AES-CMAC (Key-ENC , 0x00 00 00 00 00 00 00 00 00 00 00 02 00 00 40 01 || context)

"context": concat. of sequence counter (3 bytes) and AID of the application invoking the SecureChannel (5 to 16 bytes).

Starting from the information on the file

globalplatform/git/ci/master/tree/globalplatform/src/scp03Test.c

I assumed that:

  1.  Key-ENC = {0xF9, 0x95, 0xD0, 0xA0, 0x69, 0x33, 0x5C, 0x7D, 0xF4, 0x2E, 0x59, 0x03, 0x17, 0xFF, 0xEA, 0x6D};
  2.  Sequence counter = {0x00, 0x00, 0x15};
  3.  AID = {0xA0, 0x01, 0x00, 0x01, 0x51, 0x41, 0x43, 0x4C};

The result card challenge, present on the same file into the  "initializeUpdateResponse" is

Card Challenge = {0xC4, 0x09, 0x32, 0xA6, 0xFE, 0xFE, 0xAE, 0xB2};

First of all, is all this correct?

If yes,
                                                                        | context
(00000000000000000000000200004001000015A00100015141434C)

And the Key-ENC is

(F995D0A069335C7DF42E590317FFEA6D)

Where I am wrong or what I have forgot?
Any help would be appreciated.

Thanks in advance

Kind Regards
Agostino Sette