This project is read-only.
3
Vote

Verify a Dynamic CVV Command (PM)

description

I've tried to compute CVC3 (schema = 1, version = 2) with simulator, but the result returned is different from that returned by the HSM (with the same standard LMK test set).
 
Follow the command sent:
PM12U2E774AEF908AFBA19D44D4A29AD7BD61A5338830099990279;010385338830099990279D14052216323014001072F001122330011200000
 
the response obtained by the HSM is:
PN0134493
 
that obtained with simulator is:
PN0162694

comments

nickntg wrote Dec 21, 2010 at 9:40 PM

I will look into this after Christmas ;-) Have a nice holiday.

nickntg wrote Dec 27, 2010 at 9:44 AM

The standard LMK test set may not be implemented in the same way as in the real HSM - I had no chance of actually checking it out. The only way to be sure that the key you provide to the command is interpreted by the simulator in the same way as the real HSM is to post the clear key value. Alternatively you can post the check value of the key. Please provide one of these pieces of info and I'll check the key.

Fabrizio73 wrote Dec 28, 2010 at 4:20 PM

The clear value of the MK-CVC3 used is: 01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10

nickntg wrote Dec 28, 2010 at 6:05 PM

The encrypted key you provide to the command corresponds to the clear key you posted, so that's not the problem.

One glaring difference I see in the PM test cases versus the command you're sending is that the command expects the track data to be in binary, but you're posting the command using hex. In essence, the command would expect a track data length of 19 (instead of 38) and the track data encoded in binary (internally the command unwraps that in hex). Is this intentional and the way you would expect PM to work?

Fabrizio73 wrote Dec 29, 2010 at 1:42 PM

Yes, is intentional, because when I try to send track2 in binary:

PM12U2E774AEF908AFBA19D44D4A29AD7BD61A5338830099990279;01019 { 0x53, 0x38, 0x83, 0x00, 0x99, 0x99, 0x02, 0x79, 0xD1, 0x40, 0x52, 0x21, 0x63, 0x23, 0x01, 0x40, 0x01, 0x07, 0x2F } 001122330011200000

the HSM respond with error code 15 (Invalid input data).

nickntg wrote Dec 29, 2010 at 3:13 PM

Just so I get on the same page, can you please let me know the version of your HSM command reference manual?

Fabrizio73 wrote Dec 29, 2010 at 4:13 PM

HOST SECURITY MODULE 8000
HOST COMMAND REFERENCE MANUAL
1270A351 Issue 6.1

nickntg wrote Dec 29, 2010 at 5:46 PM

I'm on the same page now but I remain confused because in that issue PM describes track 2 data as having an "n B" format, which is binary. I'm also puzzled because I originally developed PM for a user that had requested it - that user also verified the command against a real HSM.

I obviously do not dispute your report because it's based on a real HSM, but I don't readily know what to make of this. I will change the command in my test environment to accept your command data (or possibly change your command data so it adheres to the command format the way I've now coded it) and see what it reports back.

nickntg wrote Dec 30, 2010 at 9:59 AM

With binary data, the result is 0143981, which is again different than your own. I want to review the code and data a bit, so please allow me some time to think this over.

nickntg wrote Jan 9, 2011 at 9:38 PM

I'm sorry to say that I cannot in any way replicate your result. That obviously means that I've got the command wrong somewhere. While this might not be a big problem in a testing-only scenario, I'm not exactly happy about it but I've run out of ideas of where the problem may lie so I'm open to suggestions.

One thing I can think of though is the following. If you have access to an actual HSM, would you consider sending it a PM command with data taken from one of the simulator's unit tests?

wrote Jan 9, 2011 at 9:39 PM

grey_zz wrote Sep 20, 2011 at 3:59 PM

Hi guys.
Let me join this issue discussion.
Regarding binary data for Track 2. I suppose it should be binary for Track 2 and not binary for Track 1 since some of the characters of Track 1 cannot be converted to binary. So the Thales Spec(Issue 8) looks ambiguous.
So I'm using version 0.9.3 of simulator since 0.9.4 doesn't accept the binary data :(
Unfortunately I don't have an opportunity to test with real HSM.

wrote Sep 20, 2011 at 3:59 PM

grey_zz wrote Sep 21, 2011 at 7:58 AM

Further to the below comment I have one concern regarding the following peace of code: VerifyDynamicCVV_PM.vb, function GetIVMac:

Dim DIndex As Integer = data.IndexOf("D")
data = data.Substring(0, DIndex + 1 + 8) + "000" + data.Substring(DIndex + 12, 2) + "0000000" + data.Substring(DIndex + 21, 1)

Not sure why we need to reformat Static Track data since it is up to the issuer to decide how to format it.

After commenting these lines, CVC3 has been validated successfully(track data in binary since I'm using version 0.9.3)

One more thing regarding UN field of KM format. According to Spec it should be 10 N or 8 D(Random number provided to the card by the terminal during a PayPass transaction. Either format results in a 4-byte binary number being used. ).
So I assume that it should be allowed to accept either 10 bytes of UN in decimal format or 8 bytes of UN in hex format.

demsey wrote Jan 9, 2012 at 8:50 PM

I have access to "real" :)
I have tested it and I discovered:
  • in VerifyDynamicCVV_PM.vb, function GetIVMac:
    data = data.Substring(0, DIndex + 1 + 8) + "000" + data.Substring(DIndex + 12, 2) + "0000000" + data.Substring(DIndex + 21, 1)
    Isn't desired - real HSM don't make it. As mentoined @gray_zz, reformat to Static Track Data is up to issuer host application. Please remove it.
  • Is something wrong with track data length:
    real hsm accept:
    038 - track data len
    1234567890123456D12012061000110000000F - track data
    but simulator in that case throw exception (log):
    Calling AcceptMessage()...
    Exception while processing message
    System.ArgumentOutOfRangeException: startIndex + length > this.length
    Parameter name: length
    at System.String.Substring (Int32 startIndex, Int32 length) [0x00000] in <filename unknown>:0
    at ThalesSim.Core.Message.XML.MessageParser.Parse (ThalesSim.Core.Message.Message msg, ThalesSim.Core.Message.XML.MessageFields fields, ThalesSim.Core.Message.XML.MessageKeyValuePairs& KVPairs, System.String& result) [0x00000] in <filename unknown>:0
    at ThalesSim.Core.HostCommands.BuildIn.VerifyDynamicCVV_PM.AcceptMessage (ThalesSim.Core.Message.Message msg) [0x00000] in <filename unknown>:0
    at ThalesSim.Core.ThalesMain.WCMessageArrived (ThalesSim.Core.TCP.WorkerClient sender, System.Byte[]& b, Int32 len) [0x00000] in <filename unknown>:0
    Disconnecting client.
for simulator acceptable is:
019 - track data len
1234567890123456D12012061000110000000F - track data
I thing that is something wrong in:
in VerifyDynamicCVV_PM.vb, function AcceptMessage:
_TrackLength = Convert.ToInt32(kvp.Item("Track Data Length")) is wrong - should be divided by 2 (but please check it)
  • First command added by @gray_zz with result PN0134493 is that same on real HSM.
    on simulator (version 0.9.5) i have different result: PN0143981 (but length must be fixed (divided by 2))
  • Track1 and Track2 data should has that same format
Please fix two first points I thing that you should then get correct result on simulator 0.9.5

demsey wrote Jan 9, 2012 at 8:52 PM

I have access to "real" :)
I have tested it and I discovered:
  • in VerifyDynamicCVV_PM.vb, function GetIVMac:
    data = data.Substring(0, DIndex + 1 + 8) + "000" + data.Substring(DIndex + 12, 2) + "0000000" + data.Substring(DIndex + 21, 1)
    Isn't desired - real HSM don't make it. As mentoined @gray_zz, reformat to Static Track Data is up to issuer host application. Please remove it.
  • Is something wrong with track data length:
    real hsm accept:
    038 - track data len
    1234567890123456D12012061000110000000F - track data
    but simulator in that case throw exception (log):
    Calling AcceptMessage()...
    Exception while processing message
    System.ArgumentOutOfRangeException: startIndex + length > this.length
    Parameter name: length
    at System.String.Substring (Int32 startIndex, Int32 length) [0x00000] in <filename unknown>:0
    at ThalesSim.Core.Message.XML.MessageParser.Parse (ThalesSim.Core.Message.Message msg, ThalesSim.Core.Message.XML.MessageFields fields, ThalesSim.Core.Message.XML.MessageKeyValuePairs& KVPairs, System.String& result) [0x00000] in <filename unknown>:0
    at ThalesSim.Core.HostCommands.BuildIn.VerifyDynamicCVV_PM.AcceptMessage (ThalesSim.Core.Message.Message msg) [0x00000] in <filename unknown>:0
    at ThalesSim.Core.ThalesMain.WCMessageArrived (ThalesSim.Core.TCP.WorkerClient sender, System.Byte[]& b, Int32 len) [0x00000] in <filename unknown>:0
    Disconnecting client.
for simulator acceptable is:
019 - track data len
1234567890123456D12012061000110000000F - track data
I thing that is something wrong in:
in VerifyDynamicCVV_PM.vb, function AcceptMessage:
_TrackLength = Convert.ToInt32(kvp.Item("Track Data Length")) is wrong - should be divided by 2 (but please check it)
  • First command added by @gray_zz with result PN0134493 is that same on real HSM.
    on simulator (version 0.9.5) i have different result: PN0143981 (but length must be fixed (divided by 2))
  • Track1 and Track2 data should has that same format
Please fix two first points I thing that you should then get correct result on simulator 0.9.5

wrote Feb 22, 2013 at 12:13 AM

wizzkid wrote Jul 25, 2013 at 8:01 AM

Hi guys , I am not sure if anybody has had this problem or if this is the appropriate place to post (codeplex newbie) :

I've tried to compute dCVV (schema = 0, version = 0) with HSM simulator.

I keep getting back an Error Code 41 response and I am not sure what this means. Can anybody help in describing the possible causes for error code 41?


Thanks in advance,

wizzkid wrote Jul 25, 2013 at 8:01 AM

I am using the PM command to do dCVV verification

wrote Jul 25, 2013 at 8:02 AM

wizzkid wrote Jul 25, 2013 at 8:04 AM

Hi guys , I am not sure if anybody has had this problem or if this is the appropriate place to post (codeplex newbie) :

I've tried to verify dCVV using PM HSM command (schema = 0, version = 0) with HSM simulator.

I keep getting back an Error Code 41 response and I am not sure what this means. Can anybody help in describing the possible causes for error code 41?


Thanks in advance,