I try to get into cipher, mutual authenticate and such and figured it might be good to see what is "on" the market. Now, cipurse states in its specifications a term like this to generate the session key:
k0 = AES (key = PAD2 (kP) XOR PAD (rT), kID) XOR kID
where k0 is the session key, kP is an on-card calculated key, rT is the response from the terminal. PAD stands for padding (leading zeroes), PAD 2 for double padding (leading zeros) and kID is the secret key from the card.
Now as far as I am aware I create a key this way:
AESKey k0_pre = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES_TRANSIENT_DESELECT, KeyBuilder.LENGTH_AES_128, false);
k0_pre.clearKey();
k0_pre.setKey(key, (short) 0);
Now the one question I have is concerning just a little comma nameingly
key = PAD2 (kP) XOR PAD (rT), kID
setKey takes a byte[]
and an offset, kID is not an offset cleary - should this comma be and "AND" or should those two expressions should be concatenated or something completely different?
The example kID in the guidelines is
53 45 43 5f 4d 45 4d 4f 52 59 20 4b 45 59 20 31
The result after for PAD2 (kP) XOR PAD (rT)
is
00 00 00 00 b7 a0 d2 cb 01 15 25 3f c4 0d 43 8f
and the k0_pre is then to be:
72 4b e3 3e 05 47 b5 99 9c 78 13 9d 8b 25 94 e6
I just don't know how this AES Key is generated out of "2" input keys