VISA2 diversification is not working properly

[jlanza]

Describe the bug

VISA2 diversification is not properly working in GlobalPlatformPro 325fe84

Information about your card

As much information as you have:

1. Vendor: Gemalto
2. Product: Optelio
3. Version

Expected behavior

Properly authenticate using Gemalto Keys

Full log

• Working with old gp version

gp -d -visa2 -key 47454D5850524553534F53414D504C45 -sdaid A000000004000000 -list
GlobalPlatformPro v20.01.23-0-g5ad373b
Running on Windows 10 10.0 amd64, Java 1.8.0_301 by Oracle Corporation
# Detected readers from JNA2PCSC
[ ] Microsoft IFD 0
[ ] NXP NXP's Proximity based PCSC Reader 0
[*] SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0
SCardConnect("SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0", T=*) -> T=0, 3B6F00008066B0070101070753023110829000
SCardBeginTransaction("SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0")
[DEBUG] GPSession - (I)SD AID: A000000004000000
A>> T=0 (4+0008) 00A40400 08 A000000004000000 00
A<< (0103+2) (172ms) 6F658408A000000004000000A559734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029F6E061981331001079F6501FF 9000
[TRACE] GPSession -  [6F]
[TRACE] GPSession -      [84] A000000004000000
[TRACE] GPSession -      [A5]
[TRACE] GPSession -          [73]
[TRACE] GPSession -              [06] 2A864886FC6B01
[TRACE] GPSession -              [60]
[TRACE] GPSession -                  [06] 2A864886FC6B02020101
[TRACE] GPSession -              [63]
[TRACE] GPSession -                  [06] 2A864886FC6B03
[TRACE] GPSession -              [64]
[TRACE] GPSession -                  [06] 2A864886FC6B040255
[TRACE] GPSession -              [65]
[TRACE] GPSession -                  [06] 2B8510864864020103
[TRACE] GPSession -              [66]
[TRACE] GPSession -                  [06] 2B060104012A026E0102
[TRACE] GPSession -          [9F6E] 198133100107
[TRACE] GPSession -          [9F65] FF
[DEBUG] GPSession - Auto-detected GP version: GP211
[DEBUG] GPSession - Lifecycle data (ignored): 198133100107
[DEBUG] GPSession - Auto-detected block size: 255
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[INFO] GPSession - Using card master keys: ENC=47454D5850524553534F53414D504C45 (KCV: E2573C) MAC=47454D5850524553534F53414D504C45 (KCV: E2573C) DEK=47454D5850524553534F53414D504C45 (KCV: E2573C) for null
[TRACE] GPSession - Generated host challenge: D1DEBD13C620B3D6
A>> T=0 (4+0008) 80500000 08 D1DEBD13C620B3D6 00
A<< (0028+2) (186ms) 0000610600045C64043CFF020187E187C891BBD716BF52C05F5D7DB4 9000
[DEBUG] GPSession - Host challenge: D1DEBD13C620B3D6
[DEBUG] GPSession - Card challenge: 0187E187C891BBD7
[DEBUG] GPSession - Card reports SCP02 with key version 255 (0xFF)
[INFO] GPSession - Diversified card keys: ENC=5D1525C806E0E824B7A1B5BFE9D1AD5E (KCV: AA3CC8) MAC=0863EFF679C76A3B6C1D36D2B7E28EE9 (KCV: 8D1176) DEK=0E68EEE3BFDEF560C9EE4689224FC2A9 (KCV: 807A68) for SCP02
[INFO] GPSession - Session keys: ENC=E5A84044AD1A0729AED541FCC87A1F05 MAC=7AA1C6452B6445BE46D86BC081D9C054 RMAC=E195D95E73049883A1B82D33DD99167E, card keys=ENC=5D1525C806E0E824B7A1B5BFE9D1AD5E (KCV: AA3CC8) MAC=0863EFF679C76A3B6C1D36D2B7E28EE9 (KCV: 8D1176) DEK=0E68EEE3BFDEF560C9EE4689224FC2A9 (KCV: 807A68) for SCP02
[DEBUG] GPSession - Verified card cryptogram: 16BF52C05F5D7DB4
[DEBUG] GPSession - Calculated host cryptogram: 762CE22DCE8814F1
[TRACE] SCP02Wrapper - MAC input: 8482010010762CE22DCE8814F1
A>> T=0 (4+0016) 84820100 10 762CE22DCE8814F14F75636A48AD28C5
A<< (0000+2) (85ms) 9000
...

• Same card not working with latest pre-release version

gp -d --visa2 --key 47454D5850524553534F53414D504C45 -c A000000004000000 --list
SCardConnect("SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0", T=*) -> T=0, 3B6F00008066B0070101070753023110829000
# GlobalPlatformPro 325fe84
# Running on Windows 10 10.0 amd64, Java 1.8.0_301 by Oracle Corporation
A>> T=0 (4+0008) 00A40400 08 A000000004000000 00
A<< (0103+2) (171ms) 6F658408A000000004000000A559734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029F6E061981331001079F6501FF 9000
A>> T=0 (4+0008) 80500000 08 3A9F5A08E8AC6E3D 00
A<< (0028+2) (184ms) 0000610600045C64043CFF0201855562A92DF5F2AB4F37355BD97506 9000
Failed to open secure channel: Card cryptogram invalid!
Received: AB4F37355BD97506
Expected: C66F60D71FAC361B
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys
SCardDisconnect("SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0", true) tx:28/rx:135

Additional context

I'm sorry currently I don't have time to look at the code to check :(

[martinpaljak]

I don't see difference in diversified key for next branch and the mentioned version.

[antonio-fr]

I can confirm that "visa2" is broken in GlobalPlatformPro version 325fe84.

[martinpaljak]

Can you give a working version number?

[antonio-fr]

I spent some time to investigate, to provide to you a detailed answer. I setup a card with a visa2 key and trial many last releadse versions.

GPpro200123 : 🆗 ✅
GPpro200414 : 🆗 ✅
GPpro200704 : 🐛 ❌
GPpro200812 : 🐛 ❌

From the logs, it seems the keys are not diversified, the key used are the master one. Like it skips the diversification step.

Card is setup : KeyVersion=01 MasterKey=303132333435363738393A3B3C3D3E3F with "visa2" derivation.

Logs :

$ gp200123-STABLE.exe -l -visa2 -key 303132333435363738393A3B3C3D3E3F -v -d
GlobalPlatformPro v20.01.23-0-g5ad373b
Running on Windows 10 10.0 amd64, Java 1.8.0_241 by Oracle Corporation
# Detected readers from JNA2PCSC
[*] Identiv uTrust 3700 F CL Reader 0
SCardConnect("Identiv uTrust 3700 F CL Reader 0", T=*) -> T=1, XXXX
SCardBeginTransaction("Identiv uTrust 3700 F CL Reader 0")
Reader: Identiv uTrust 3700 F CL Reader 0
ATR: XXXX
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (17ms) 6F108408A000000151000000A5049F6501FF 9000
[TRACE] GPSession -  [6F]
[TRACE] GPSession -      [84] A000000151000000
[TRACE] GPSession -      [A5]
[TRACE] GPSession -          [9F65] FF
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[INFO] GPSession - Using card master keys: ENC=303132333435363738393A3B3C3D3E3F (KCV: B73D56) MAC=303132333435363738393A3B3C3D3E3F (KCV: B73D56) DEK=303132333435363738393A3B3C3D3E3F (KCV: B73D56) for null
[TRACE] GPSession - Generated host challenge: 9D2060FE9DCB0706
A>> T=1 (4+0008) 80500000 08 9D2060FE9DCB0706 00
A<< (0028+2) (46ms) 00009326522854994079010200033CAD56063D650FBA6A3115F73A07 9000
[DEBUG] GPSession - Host challenge: 9D2060FE9DCB0706
[DEBUG] GPSession - Card challenge: 00033CAD56063D65
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=FE59CD146F317CE3B554F57D07C90EA7 (KCV: 4F46A6) MAC=7DB0530B9CFC73499FFAF2507CC9D1F0 (KCV: 525472) DEK=EFB56F5E08C0298A7F81515C58AABCF1 (KCV: 1726DA) for SCP02
[INFO] GPSession - Session keys: ENC=7A93C31F071E7081C17A5368948CA8F5 MAC=3C45CBFFA4A2A102A7F2DB7AFEA8F427 RMAC=2FACE6F407D2070BC97C9D1D849002F1, card keys=ENC=FE59CD146F317CE3B554F57D07C90EA7 (KCV: 4F46A6) MAC=7DB0530B9CFC73499FFAF2507CC9D1F0 (KCV: 525472) DEK=EFB56F5E08C0298A7F81515C58AABCF1 (KCV: 1726DA) for SCP02
[DEBUG] GPSession - Verified card cryptogram: 0FBA6A3115F73A07
[DEBUG] GPSession - Calculated host cryptogram: 9025D9B24AD10517
[TRACE] SCP02Wrapper - MAC input: 84820100109025D9B24AD10517
A>> T=1 (4+0016) 84820100 10 9025D9B24AD105174C9495F11D1144A4
A<< (0000+2) (25ms) 9000
[TRACE] SCP02Wrapper - MAC input: 84F280020A4F00
A>> T=1 (4+0010) 84F28002 0A 4F0033BA1B8F72E0FE17 00
A<< (0040+2) (21ms) E3264F08A0000001510000009F700101C5039EFE80C407A0000001515350CC08A000000151000000 9000
[TRACE] GPRegistry -  [E3]
[TRACE] GPRegistry -      [4F] A000000151000000
[TRACE] GPRegistry -      [9F70] 01
[TRACE] GPRegistry -      [C5] 9EFE80
[TRACE] GPRegistry -      [C4] A0000001515350
[TRACE] GPRegistry -      [CC] A000000151000000
...


$ gp200414.exe -l -visa2 -key 303132333435363738393A3B3C3D3E3F -v -d
SCardConnect("Identiv uTrust 3700 F CL Reader 0", T=*) -> T=1, XXXX
GlobalPlatformPro v20.04.14-0-geaee04c
Running on Windows 10 10.0 amd64, Java 1.8.0_241 by Oracle Corporation
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (19ms) 6F108408A000000151000000A5049F6501FF 9000
[main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[main] INFO pro.javacard.gp.GPSession - Using card master keys: ENC=303132333435363738393A3B3C3D3E3F (KCV: B73D56) MAC=303132333435363738393A3B3C3D3E3F (KCV: B73D56) DEK=303132333435363738393A3B3C3D3E3F (KCV: B73D56) for null
A>> T=1 (4+0008) 80500000 08 374D1D807BDB5C00 00
A<< (0028+2) (46ms) 0000932652285499407901020004C1BD78FEE76E2FB047C532B643AD 9000
[main] INFO pro.javacard.gp.GPSession - Diversified card keys: ENC=FE59CD146F317CE3B554F57D07C90EA7 (KCV: 4F46A6) MAC=7DB0530B9CFC73499FFAF2507CC9D1F0 (KCV: 525472) DEK=EFB56F5E08C0298A7F81515C58AABCF1 (KCV: 1726DA) for SCP02
[main] INFO pro.javacard.gp.GPSession - Session keys: ENC=2BFF5259CB2BA80D2F22EE28E128BD9A MAC=6AE6663FE6CF71B2CA21FEDBFCA1ED2C RMAC=644BF78C7A86A50D68C84626E1305864, card keys=ENC=FE59CD146F317CE3B554F57D07C90EA7 (KCV: 4F46A6) MAC=7DB0530B9CFC73499FFAF2507CC9D1F0 (KCV: 525472) DEK=EFB56F5E08C0298A7F81515C58AABCF1 (KCV: 1726DA) for SCP02
A>> T=1 (4+0016) 84820100 10 9A37228EC5D682E6AE044CD677DCCD89
A<< (0000+2) (25ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F00CD99A42AB85AB4BF 00
A<< (0040+2) (21ms) E3264F08A0000001510000009F700101C5039EFE80C407A0000001515350CC08A000000151000000 9000
...


$ gp200704.exe -l -visa2 -key 303132333435363738393A3B3C3D3E3F -v -d
#
# gp -l -visa2 -key 303132333435363738393A3B3C3D3E3F -v -d
SCardConnect("Identiv uTrust 3700 F CL Reader 0", T=*) -> T=1, XXXX
# GlobalPlatformPro v20.07.04-0-gc48cdec
# Running on Windows 10 10.0 amd64, Java 1.8.0_241 by Oracle Corporation
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (17ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[INFO] GPSession - Using card master keys with version 0 for setting up session [MAC]
A>> T=1 (4+0008) 80500000 08 B506A751696CBD68 00
A<< (0028+2) (46ms) 00009326522854994079010200064E9579614347FA56DEBD5A46D953 9000
[DEBUG] GPSession - Host challenge: B506A751696CBD68
[DEBUG] GPSession - Card challenge: 00064E9579614347
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=303132333435363738393A3B3C3D3E3F (KCV: B73D56) MAC=303132333435363738393A3B3C3D3E3F (KCV: B73D56) DEK=303132333435363738393A3B3C3D3E3F (KCV: B73D56) for SCP02
[INFO] GPSession - Session keys: ENC=4594BDF2CCB901B405C93654D810531B MAC=7A4EB18E66A32E2F39632775132EB8D2 RMAC=93D847B11D536E4060958733C37DBFC7
Failed to open secure channel: Card cryptogram invalid!
Received: FA56DEBD5A46D953
Expected: 190D64D93FAD39EE


$ gp200812.exe -l -visa2 -key 303132333435363738393A3B3C3D3E3F -v -d
#
# gp -l -visa2 -key 303132333435363738393A3B3C3D3E3F -v -d
SCardConnect("Identiv uTrust 3700 F CL Reader 0", T=*) -> T=1, XXXX
# GlobalPlatformPro 325fe84
# Running on Windows 10 10.0 amd64, Java 1.8.0_241 by Oracle Corporation
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (18ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[INFO] GPSession - Using card master keys with version 0 for setting up session [MAC]
A>> T=1 (4+0008) 80500000 08 F5BA35B03381BF5A 00
A<< (0028+2) (46ms) 00009326522854994079010200064E95796143470AA595D39E4739CB 9000
[DEBUG] GPSession - SSC: 0006
[DEBUG] GPSession - Host challenge: F5BA35B03381BF5A
[DEBUG] GPSession - Card challenge: 00064E9579614347
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=303132333435363738393A3B3C3D3E3F (KCV: B73D56) MAC=303132333435363738393A3B3C3D3E3F (KCV: B73D56) DEK=303132333435363738393A3B3C3D3E3F (KCV: B73D56) for SCP02
[INFO] GPSession - Session keys: ENC=4594BDF2CCB901B405C93654D810531B MAC=7A4EB18E66A32E2F39632775132EB8D2 RMAC=93D847B11D536E4060958733C37DBFC7
Failed to open secure channel: Card cryptogram invalid!
Received: 0AA595D39E4739CB
Expected: FF809F63A82C49A2

[antonio-fr]

OK, I just see in a documentation, this is a breaking change, where the syntax changed for this derivation kind, and the "-visa2" argument is deprecated. Using the new syntax "-key visa2:303132333435363738393A3B3C3D3E3F", it works.
Too bad the documentation is not very clear about, that these "options are still supported". Well that's true if one sticks to the "stable" release and doesn't work with pre-release. The documentation could state properly an exact version number where after it is actually deprecated (not usable anymore). Also in this newest versions, a warning message catching "-visa2" and print that this is no more supported could be very helpful for users.

[martinpaljak]

Absolutely noted.

[antonio-fr]

I have to add one more thing. I tested the other way : use the new syntax with the stable release (20.01.23). And it doesn't work. So the documentation is unmatched. It says "GPPro supports a bunch of key diversification methods out of the box. To use a master key with a key derivation function, specify the KDF before the key: -key visa2:. Then the "shorthand -visa2 option is still supported, but deprecated.". From what I can see the syntax is incompatible between versions. Stable current only understands the legacy shorthand option, and newest prerelease can only understand new key syntax.

$ gp200123.exe -l -key visa2:47454D5850524553534F53414D504C45 -v -d
GlobalPlatformPro v20.01.23-0-g5ad373b
Running on Windows 10 10.0 amd64, Java 1.8.0_241 by Oracle Corporation
# Detected readers from JNA2PCSC
[*] Identiv uTrust 3700 F CL Reader 0
SCardConnect("Identiv uTrust 3700 F CL Reader 0", T=*) -> T=1, XXXX
SCardBeginTransaction("Identiv uTrust 3700 F CL Reader 0")
Reader: Identiv uTrust 3700 F CL Reader 0
ATR: XXXX

A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (17ms) 6F108408A000000151000000A5049F6501FF 9000
[TRACE] GPSession -  [6F]
[TRACE] GPSession -      [84] A000000151000000
[TRACE] GPSession -      [A5]
[TRACE] GPSession -          [9F65] FF
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
SCardEndTransaction("Identiv uTrust 3700 F CL Reader 0")
SCardDisconnect("Identiv uTrust 3700 F CL Reader 0", true) tx:5/rx:20
Exception in thread "main" java.lang.IllegalArgumentException: Odd number of characters: VISA247454D5850524553534F53414D504C45
        at apdu4j.HexUtils.decodeHexString_imp(HexUtils.java:51)
        at apdu4j.HexUtils.stringToBin(HexUtils.java:83)
        at pro.javacard.gp.GPTool.main(GPTool.java:266)

[martinpaljak]

Indeed. I'll remove the old options and bring this out better in docs.