CODEWITHSUNDEEP
javacardglobalplatform
Mohsen Gorgani
Mohsen Gorgani

Reputation: 420

KDF and PRF in GlobaPlatform SCP 03

I want to implement Globalplatform SCP 03 protocol in javacard. The main problem is KDF and PRF implementation in card. I have three question:

  1. Is there any opensource implementation of KDF and PRF in javacard?
  2. I found "RandomData.getInstance(RandomData.ALG_PSEUDO_RANDOM);". there is 3 and 4 input for PRF function in NIST sp 800-108, but i can set only one parameter for RandomData in javacard (only seed). is it implementation of PRF?
  3. Does PRF with same inputs, generates same result in different execution? if answer is no, why card and host can generate same session keys by using it?

Thank you very much.

Mohsen

Upvotes: 1

Views: 1023

Answers (1)

Maarten Bodewes
Maarten Bodewes

Reputation: 94038

I want to implement Globalplatform SCP 03 protocol in javacard

That's nice, but you know that you can already use the secure messaging channel though the Global Platform API, right? So you would only do this if you would like an identical channel after personalization of the card. It may of course be that your particular card only supports the old 3DES based protocols.

Is there any opensource implementation of KDF and PRF in javacard?

Well, not a KDF, but constructing a KDF from a PRF isn't that hard. And of PRF's there are a few already included: any MAC is a PRF, including HMAC-SHA1. However, GP SCP 03 uses AES CMAC with specific input parameters as KDF.

Basically a hash function or MAC is a poor mans KDF without the input parameters explicitly specified. But for that you read the Global Platform specifications.

I found "RandomData.getInstance(RandomData.ALG_PSEUDO_RANDOM);". there is 3 and 4 input for PRF function in NIST sp 800-108, but i can set only one parameter for RandomData in javacard (only seed). is it implementation of PRF?

No, a seeded PRNG is not a PRF and you can only add seed info to most implementations, not re-seed the PRNG completely. But again, you need a specific KDF: AES-CMAC, not any kind of KDF for SCP 03.

Does PRF with same inputs, generates same result in different execution? if answer is no, why card and host can generate same session keys by using it?

Yes, of course it does, as long as it doesn't have a random state in the first place, like the random number generators. A non-determinstic PRF would be pretty useless.

Upvotes: 2

Related Questions