You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/SecureApplet.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ Example: `B0B20000` -> returns 65 bytes with static public key of the card, for
40
40
41
41
## Establish secure channel
42
42
43
-
For secure communication we need to establish shared secrets. For this we use ECDH key agreement. We use `AES_CBC` for encryption with `M2` padding (add `0x8000..00` to round to 16-byte blocks). HMAC-SHA256 is used for authentication and applied to the ciphertext (encrypt-then-hmac).
43
+
For secure communication we need to establish shared secrets. For this we use ECDH key agreement. We use `AES_CBC` for encryption with `M2` padding (add `0x8000..00` to round to 16-byte blocks). Truncated to 14 bytes HMAC-SHA256 is used for authentication and applied to the ciphertext (encrypt-then-hmac).
44
44
45
45
There are 3 different modes you can use - `ss`, `es` and `ee`.
46
46
- In `ss` mode both card and host use static public keys and 32-byte random nonces. Shared secret is derived as `sha256(ecdh(s,s) | host_nonce | card_nonce)`.
@@ -60,39 +60,39 @@ If you are out of sync for some reason just re-establish secure channel. If `iv`
| P0, P1 | ignored, use for example `0x00` for both |
94
94
| DATA | 65-byte public key of the host serialized in uncompressed form |
95
-
| RETURN |`SW`: `0x9000`, `DATA`: 65-byte cards fresh pubkey followed by `HMAC-SHA256(card_key, data)`, then ECDSA signature signing all previous data |
95
+
| RETURN |`SW`: `0x9000`, `DATA`: 65-byte cards fresh pubkey followed by `HMAC-SHA256(card_key, data)` (first 14 bytes), then ECDSA signature signing all previous data |
96
96
97
97
## Secure message
98
98
@@ -112,7 +112,7 @@ Message is formed as follows:
112
112
- All messages coming from the host should be encrypted using `host_aes_key` and authenticated with `host_mac_key`
113
113
- All responces from card are encrypted with `card_aes_key` and authenticated with `card_mac_key`
114
114
-`AES-CBC` with `M2` padding (`0x8000...00`) is used to round data to 16-byte AES blocks.
115
-
- For authentication we use first `15` bytes of `HMAC-SHA256(key, iv | ciphertext)`
115
+
- For authentication we use first `14` bytes of `HMAC-SHA256(key, iv | ciphertext)`
116
116
- You need to increase `iv` after every request to the card.
0 commit comments