To active the SAM AV3, I receive a random number Rnd2 (12) bytes in length, returned from the SAM_LockUnlock() command with P1 set to ‘011.’ I now need to send SAM_LockUnlockPart2 with Rnd1 (which I generate) along with MACHost. MACHost is 8 bytes, defined by MACt() of Kx, Rnd1, P1_Part1, plus 3 additional parameters and ZeroPad.
MACt(key,message) is the even numbered matrix state array elements of an AES computation, defined in section 10 of ds323531. MACing references NIST Special Publication 800-38B, which I’m looking at. Somehow, the definition of MACt() tosses out the 4 parameters and ZeroPad and introduces a 16 byte state array from AES128.
I don’t know how we make this leap. I assume Kx is the default key of the SAM, I generate Rnd1,… then [something happens] and I’m taking 8 of the 16 byte transformed state array of AES128. I’m missing the remaining steps to generate MACt(). I’m putting in 4 parameters, what I assume is the default SAM key, but this does not line up with the state array of AES… unless I run the AES128 encryption on… [something]?
Is there any way to activate the SAM without AES encryption and MACt generation? If not, can someone tell me the missing steps? (assuming I'm a newb without much AES128 encryption experience)
Thanks
