KQ exemple

May 23, 2011 at 11:49 AM

Hello,

i'd like to send a KQ Command to the HSM , but the answer is input Data error please can you help me?

my Data is:

the generate AC answer is:
----------------------------------------------------------------------
tag|L  |CID |ATC   | Application cryptogram   |issuer Application Data
_______________________________________________________________________
80 | 12| 00 | 00 03|  42 85 D2 9A B5 C9 D1 25 | 06 01 0A 03 84 10 00


CDOL1 (legnth=29) :0000000001230000000000000250000000000008260101050012345678

UDK : 104497E5A5A6A77309FA2F6304806820

pan+panS : 6173900101001001

Mode Flag: 1

Scheme ID : 0

thank you.

 

 

 

 

May 23, 2011 at 2:33 PM
Edited May 23, 2011 at 2:40 PM

un exemple for Flag Mode=0:

 


header|CMD|mode flag|VSDC|   UDK                          |PAN/PAN Sequence No|ATC |UN      |Transaction Data Length|
_______________________________________________________________________________________________________________________________________+
0000  |KQ |0        |0   |104497E5A5A6A77309FA2F6304806820|4761739001010010   |0003|12345678|29                     |


Transaction Data                                                                              |Delimiter|AAC
_______________________________________________________________________________________________

0000000001230000000000000250000000000008260101050012345678|;             |4285D29AB5C9D125
                   

the message is: 0000KQ00104497E5A5A6A77309FA2F63048068204761739001010010000312345678290000000001230000000000000250000000000008260101050012345678;4285D29AB5C9D125

 

the HSM answer is:

Application events:

Client from 127.0.0.1:1878 is connected
Client: 127.0.0.1:1878
Request: 0000KQ00104497E5A5A6A77309FA2F63048068204761739001010010000312345678290000000001230000000000000250000000000008260101050012345678;4285D29AB5C9D125
Parsing header and code of message 0000KQ00104497E5A5A6A77309FA2F63048068204761739001010010000312345678290000000001230000000000000250000000000008260101050012345678;4285D29AB5C9D125...
Searching for implementor of KQ...
Found implementor ThalesSim.Core.HostCommands.BuildIn.VerifyARQCAndOrGenerateARPC_KQ, instantiating...
Calling AcceptMessage()...
Error condition encountered during message parsing.
Error code 15 will be returned without calling ConstructResponse().
Attaching header/response code to response...
Sending: 0000KR15
Calling Terminate()...
Implementor to Nothing
Client disconnected.

Command Events:

=== [KQ], starts 14:36:56.212 =======
Invalid value detected for field [Delimiter].
Received [0] but can be one of [;].
[Key,Value]=[ATC,01]
[Key,Value]=[MK-AC,104497E5A5A6A77309FA2F6304806820]
[Key,Value]=[Mode,0]
[Key,Value]=[PAN,47617390]
[Key,Value]=[Scheme ID,0]
[Key,Value]=[Transaction Data,0003123456782900]
[Key,Value]=[Transaction Data Length,10]
[Key,Value]=[UN,0100]

=== [KQ],   ends 14:36:56.228 =======

 

 

 

May 23, 2011 at 2:55 PM
Edited May 23, 2011 at 2:56 PM

in the Thales DOC the PAN/PAN Sequence No is 8 Bytes, the Application Transaction Counter is 2 Bytes and the Unpredictable Number is 4 Bytes no?

becouse the results form the HSM (the Command Events) telling us that it is Digits not Bytes, no!

Coordinator
May 23, 2011 at 4:03 PM

Before anything, I want to let you know that the KQ command was contributed by a user so my understanding of it may be limited. Please bear with me if I don't understand the problem soon.

The parsing indeed assumes that PAN, ATC and UN are digits and not bytes. Are you suggesting that's wrong? Can you break down your request for me?

0000KQ00104497E5A5A6A77309FA2F63048068204761739001010010000312345678290000000001230000000000000250000000000008260101050012345678;4285D29AB5C9D125

Header: 0000

Host command: KQ

Mode: 0

Scheme ID: 0

MK-AC: 104497E5A5A6A77309FA2F6304806820

Can you continue?

May 23, 2011 at 4:12 PM

here is an exemple for a Flag Mode=0:

 


header|CMD|mode flag|VSDC|   UDK                          |PAN/PAN Sequence No|ATC |UN      |Transaction Data Length|
_______________________________________________________________________________________________________________________________________+
0000  |KQ |0        |0   |104497E5A5A6A77309FA2F6304806820|4761739001010010   |0003|12345678|29                     |


Transaction Data                                                                              |Delimiter|AAC
_______________________________________________________________________________________________

0000000001230000000000000250000000000008260101050012345678|;             |4285D29AB5C9D125



the message is: 0000KQ00104497E5A5A6A77309FA2F63048068204761739001010010000312345678290000000001230000000000000250000000000008260101050012345678;4285D29AB5C9D125

 

Header: 0000

Host command: KQ

Mode: 0

Scheme ID: 0

MK-AC: 104497E5A5A6A77309FA2F6304806820

PAN/PAN Sequence No: 4761739001010010

ATC : 0003

UN : 12345678

Transaction Data Length: 29

 

Transaction Data    :      0000000001230000000000000250000000000008260101050012345678

Delimiter : ;

AAC: 4285D29AB5C9D125

and the HSM answer is:

Application events:

Client from 127.0.0.1:1878 is connected
Client: 127.0.0.1:1878
Request: 0000KQ00104497E5A5A6A77309FA2F63048068204761739001010010000312345678290000000001230000000000000250000000000008260101050012345678;4285D29AB5C9D125
Parsing header and code of message 0000KQ00104497E5A5A6A77309FA2F63048068204761739001010010000312345678290000000001230000000000000250000000000008260101050012345678;4285D29AB5C9D125...
Searching for implementor of KQ...
Found implementor ThalesSim.Core.HostCommands.BuildIn.VerifyARQCAndOrGenerateARPC_KQ, instantiating...
Calling AcceptMessage()...
Error condition encountered during message parsing.
Error code 15 will be returned without calling ConstructResponse().
Attaching header/response code to response...
Sending: 0000KR15
Calling Terminate()...
Implementor to Nothing
Client disconnected.

Command Events:

=== [KQ], starts 14:36:56.212 =======
Invalid value detected for field [Delimiter].
Received [0] but can be one of [;].
[Key,Value]=[ATC,01]
[Key,Value]=[MK-AC,104497E5A5A6A77309FA2F6304806820]
[Key,Value]=[Mode,0]
[Key,Value]=[PAN,47617390]
[Key,Value]=[Scheme ID,0]
[Key,Value]=[Transaction Data,0003123456782900]
[Key,Value]=[Transaction Data Length,10]
[Key,Value]=[UN,0100]

=== [KQ],   ends 14:36:56.228 =======

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Coordinator
May 23, 2011 at 4:35 PM

I see. So you're saying that whenever a field of the format "n B" is specified, we should be expecting two characters for each byte instead of 1, correct?

Coordinator
May 23, 2011 at 6:20 PM

I've made a fix for this, you can download from the latest dev build or directly from the relevant changeset.

One thing though: If the transaction data length is 29hex, the simulator now expects 41 bytes (81 characters). The transaction data you've specified is 58 characters (29 / 2).

May 24, 2011 at 11:11 AM
Edited May 24, 2011 at 11:28 AM

thank you very much

 

 

May 24, 2011 at 11:32 AM

 please i have an other question: how can i do to introduce the MK-AC(LMK) encrypted under Variant 1 of LMK pair 28-29 int the command?

my MK-AC: 104497E5A5A6A77309FA2F6304806820 is in the clear format

thanks

 

 

Coordinator
May 24, 2011 at 12:17 PM

The problem is in the transaction data length. From what I know, the format of the transaction data length is 2H (if you know different, please let me know). In that field, you're sending the value 41. Since the simulator expects this to be hex, it interprets this as 65 decimal. It therefore expects the transaction data (format n Binary) to be 65 bytes. After the change I've made, the simulator expects to receive 65*2 = 130 hexadecimal characters. What you provide is 82 = 41*2 hexadecimal characters. Therefore, my understanding is that instead of sending 41 you should sent 29.

If that doesn't make sense, please indicate why.

Coordinator
May 24, 2011 at 12:20 PM

From your edit I take it that the previous problem was resolved.

My understanding is that you want to encrypt 104497E5A5A6A77309FA2F6304806820 as an MK-AC under the simulator, is that correct?

May 24, 2011 at 12:28 PM

thank you again, yes i'd like to encrypt 104497E5A5A6A77309FA2F6304806820 as an MK-AC under the simulator

Coordinator
May 24, 2011 at 12:30 PM

The encrypted value is U6426034E698A68086FAF438FF0D187B6 (check value is 538B0EE72452E989). You can create that yourself if you want by using the Thales Key Manager project.

May 24, 2011 at 12:33 PM

how can i get the Thales Key Manager project?

Coordinator
May 24, 2011 at 12:36 PM

It's included in the source code for the simulator.

May 24, 2011 at 12:42 PM

thanks for all

Coordinator
May 24, 2011 at 12:44 PM

You're welcome.

May 25, 2011 at 3:43 PM
Edited May 25, 2011 at 3:43 PM

hello, i've another problem we can see in the exemple below that the cryptogram calculated by the program for diffrent data is the same!



exemple 1 pour mode 0:

the CMD to the program:

0000KQ00U6426034E698A68086FAF438FF0D187B661739001010010010004123456781D0000000001230000000000000250000000000008260101050012345678;A40EE526EA4EB5F2

the result:


=== [KQ], starts 15:19:58.507 =======
[Key,Value]=[ARQCTCAAC,A40EE526EA4EB5F2]
[Key,Value]=[ATC,0004]
[Key,Value]=[Delimiter,;]
[Key,Value]=[MK-AC,6426034E698A68086FAF438FF0D187B6]
[Key,Value]=[MK-AC Scheme,U]
[Key,Value]=[Mode,0]
[Key,Value]=[PAN,6173900101001001]
[Key,Value]=[Scheme ID,0]
[Key,Value]=[Transaction Data,0000000001230000000000000250000000000008260101050012345678]
[Key,Value]=[Transaction Data Length,1D]
[Key,Value]=[UN,12345678]

Result: 4B4F76B340B6B3AE.........................................................the cryptogram result
Transaction Data: 0000000001230000000000000250000000000008260101050012345678
ARQC: A40EE526EA4EB5F2
=== [KQ],   ends 15:19:58.554 =======



exemple 2 pour mode 0:

the CMD to the program:

0000KQ00U6426034E698A68086FAF438FF0D187B661739001010010010003123456781D0000000001230000000000000250000000000008260101050012345678;4285D29AB5C9D125


the result:

[Key,Value]=[ARQCTCAAC,4285D29AB5C9D125]
[Key,Value]=[ATC,0003]
[Key,Value]=[Delimiter,;]
[Key,Value]=[MK-AC,6426034E698A68086FAF438FF0D187B6]
[Key,Value]=[MK-AC Scheme,U]
[Key,Value]=[Mode,0]
[Key,Value]=[PAN,6173900101001001]
[Key,Value]=[Scheme ID,0]
[Key,Value]=[Transaction Data,0000000001230000000000000250000000000008260101050012345678]
[Key,Value]=[Transaction Data Length,1D]
[Key,Value]=[UN,12345678]

Result: 4B4F76B340B6B3AE......................................................the cryptogram camculated with diffrent data is the same with the first exempe!
Transaction Data: 0000000001230000000000000250000000000008260101050012345678
ARQC: 4285D29AB5C9D125
=== [KQ],   ends 15:12:41.549 =======

i noticed that the program use in it's calculation just the Transaction data!

Coordinator
May 26, 2011 at 10:34 AM

You're right, ATC isn't being used by the code.

Here's the problem. Like I indicated in a previous post, this code was added by a contributing member that was kind enough to provide the command. I've no clear understanding of the algorithm and how it should be coded in order to make a change.

What I can do, however, is make changes according to a spec. If you know in detail how KQ should internally work, I'd be more than willing to make a change that improves the current KQ implementation.