- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- Identification and Security
- :
- Secure Authentication
- :
- AES key session authentication
AES key session authentication
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
AES key session authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am using msp430f5994 and se050. I want to create a AES key on the smart card.
I first created an AESKey using WriteSymmKey command from se050 APDU specification document. But for session authentication I have to follow global platform authentication steps.
1. Initialize Update command
2. External authenticate command
In initialize update command, I have to send host challenge to the smartcard and the card will create its own card challenge, internal session keys and card cryptogram, and send it back to microcontroller. Now, I have to generate also the same session keys on the microcontroller for comparison.
According to the global platform SCP document, I have to do 3DES encryption technique in ECB mode to generate those keys. I don't know how to implement this.
If anyone of you has some experience in this, I would be really thankful for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://github.com/martinpaljak/GlobalPlatformPro
Martin Paljak has written a pretty good Global Platform library that includes (in the source) the various key expansion/derivation steps necessary to derive a session key set from a static key set.
Also the se050 middleware package has an implementation. Near as i can tell, api>src>ax_scp.c may be where you want to start.
Re AES key vs SCP - you want to take a look at the SCP03 documentation, not the SCP02 doc. SCP03 does not use DES for anything and SCP02 does not use AES for anything.
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much for your reply.
I have already sent the INITIALIZEUPDATE command to se050 and it gave the following as a response
1. key diversification data
2. key information
3. card challenge
4. card cryptogram
Now, I need to know the following:
1. what static K-ENC key is used by the card to generate the card cryptogram?
2. How can I generate the card cryptogram, session S-ENC key and finally the host cryptogram that will be sent to the se050 in EXTERNAL AUTHENTICATE command?
3. I have a C code in code composer studio to send APDUs from msp430 to se050. How can I generate the above mentioned things in C, so that I can formulate the EXTERNAL AUTHENTICATE command?
Kan_Li
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Raza ,
The Platform SCP03 keys provisioned in SE050 are as follows:
-
ENC is
35C29245895EA34F6136155F8209D6CD -
MAC is
AF172D5D54F7C0D5C10A05B9F1207F78 -
DEK is
A2BC8438BF77015B361A4425F239FA29
and we have provide source code for platform SCP communication in the MW, which contains APIS, for example, SCP_HostLocal_CalculateSessionKeys(), SCP_HostLocal_CalculateHostCryptogram(), and you may find them in the folder of "simw-top\hostlib\hostLib\api\src", in the file of "ax_scp.c", just as mentioned by @msjcard . You may use them as a reference for your own application.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
