First off, thank you for you patience while we did some research.
I was unable to find v4.2 of Book 2, so I was not able to see that particular version of the book. I can see the branch method in V4.1 that matches ICSF's behavior for EMV rule (both TDESEMV2 [default] and TDESEMV4). I don't see any way to achieve the common session key derivation described in v4.3 at this time. So, I would ask you to open an RFE.
It does appear that Diversified Key Generate (CSNBDKG) does support the TDES-ENC rule (the correct building block for the common session key derivation) but EMV Transaction (ARQC/ARPC) Service (CSNBEAC) does not permit that rule. CSNBEAC uses CSNBDKG to perform the actual derivation.
------------------------------
Eric Rossman
------------------------------
Original Message:
Sent: Mon March 07, 2022 03:05 PM
From: Fernando Pellisario
Subject: EMV - CSNBEAC - Mastercard CVN 14
Can CSNBEAC validate Mastercard MCHIP/4 CVN 14 ARQC and generate the ARPC?
Mastercard MCHIP/4 uses EMV Common Session Key Derivation algorithm, according EMV 4.2 book 2 - Annex A1.3.1
I've tried to call CSNBEAC informing 'TDES VERGEN EMV APPANSEQ' rule array.
According to ICSF Application Programmers Guide (HCR77D1), the "EMV" rule array "Specifies to use the session key derivation as described in EMV
Integrated Circuit Card Specification for Payment Systems Version 4.2 (EMV4.2) Book 2, Annex A1.3. Use this key mode for Visa Cryptogram Version 14 and MasterCard M/CHIP 4. EMV padding rules apply".
However, after testing, I've realized that CSNBEAC is applying the EMV 4.1 algorithm for session key derivation (branch 2 and height 16), instead of EMV 4.2 Common Session Key Derivation.
Should I use a different rule array?
Thanks.
------------------------------
Fernando Pellisario
------------------------------