JAVA Card Application Development (ix) APDU the Mac checksum in the script command

JAVA Card Application Development (ix) APDU the Mac checksum in the script command

The terminal receives 71 or 72 scripts from the background, parses the script instructions, and sends out the cards.
The card executes the script instruction and first verifies that the Mac,mac validation passes before the script is actually executed. Because scripts typically update data, lock/unlock sensitive operations such as apps, you must have a Mac to protect them.


The approximate process for Mac data calculation is:
The issuing bank has a master key. At the time of the card issuing, the issuing bank scattered the master key according to the card number, and the card was given a decentralized key. During the transaction, the issuing bank receives the transaction data containing the card number, obtains the decentralized key according to the card number through the master key, obtains the process key according to the ATC and the decentralized key, encrypts the data using the process key, and obtains the Mac. The card itself has been stored with a decentralized key, in the course of trading, according to ATC and decentralized key, calculate the process key, use the process key to verify the correct Mac.


In my post, TC, ARQC, AAC, and ARPC check modes, you can see how the scatter key and process key are calculated.


Here are two examples:


Scatter key: 8b4f854f0831fbf2635a212e4dddb92a


Example one:
Calculate the process key by the State secret algorithm:
atc:0003
Scatter data: 0000000000000003000000000000FFFC
SM4 encryption Result: b6fa9e085b5773c1e3aa2e4738831f73 (Process key)
For example, a put data script (that is, a loop):
04da9f790a00000010009995fd68f5(four bytes later is Mac data)
Calculate Mac:
04da9f790a + 2-byte ATC + 8-byte application cipher + 17 bytes (command-following content + 80000 ...)
04da9f790a000335304180be2cbd3f0000001000998000000000000000000000 (for this string of data compute Mac, you can get Mac data:95fd68f5）


Example two:
Process key
ATC 0004
Scatter data: 0000000000000004000000000000FFFB
SM4 encryption result, i.e. process key: 836a6e56e99296e68941819eee72a7f7
Script: App Lock
841E000004Af04edd8
Calculate Mac:
841E000004 + 2 bytes ATC + 8 bytes Applied ciphertext + 17 bytes (because there is no subsequent content, directly here is filled into multiples of 16 bytes)
841E0000040004AC0494D24AF1D6B180 (Compute mac for this string of data, get Mac data:Af04edd8）。


Description: "Java Card Application Development" series of blog is I in the process of Learning Java card record, there is a wrong place, please point out.

JAVA Card Application Development (ix) APDU the Mac checksum in the script command