SCP03 C-DECRYPTION process : ICV generation algorithm and mode

Question

I am trying to find out algorithm and mode to generate ICV for APDU data field encryption using SCP03.

As per "Secure Channel Protocol '03' – Public Release v1.1.1" ,
6.2.6 APDU Command C-MAC and C-DECRYPTION Generation and Verification section :

This section applies when both command confidentiality (C-DECRYPTION) and integrity (C-MAC) are required. Depending on the security level defined in the initiation of the Secure Channel, all subsequent APDU commands within the Secure Channel may require secure messaging and such as use of a C-MAC (integrity) and encryption (confidentiality).
For each APDU command sent within the secure channel session, the Off-Card Entity shall increment an encryption counter:

1. The encryption counter’s start value shall be set to 1 for the first command following a successful EXTERNAL AUTHENTICATE command.
2. The encryption counter’s binary value shall be left padded with zeroes to form a full block.
3. This block shall be encrypted with S-ENC to produce the ICV for command encryption.

NOTE: This scheme fulfils the requirements described in [NIST 800-38A] for unpredictable ICVs when using CBC mode.

My question is (point 3 in bold above) what algorithm shall i use if i have 16 byte key and 16 byte input(encryption counter padded left with zeros , example: enc counter 1 becomes 00000000000000000000000000000001)

regards

Answer 1

It's just a simple block encrypt. Using ECB mode without padding should do fine if block encryption is not directly available. Or with padding, and then only use the first block. CBC mode with a zero IV will work in similar fashion, or CTR with a starting counter value set to zero (etc. etc.).