MAC verification fails

I am having the problem with mac verification on card. I am not sure where to find an error. The story goes like this. The card and terminal know DH parameters P, Q and G. Card calculates KICC = GˇPrK.ICC.DH mod P where PrK.ICC.Dh is the random number between 0 and Q-1. That number is sent to the terminal. From the terminal the card receives the KIFD number. Then card calculates the KSEED=PuK.IFD.DHˇPrK.ICC.DH mod P. Then this calculation is performed:
KENC = SHA-1(KSEED || 0001)
KMAC= SHA-1(KSEED || 0002)
These two keys are used for the encryption and for the mac calculation. At the bottom you can find how I make KSEED. At this part of the code the KSEED is stored in the crypto.tmpBytes variable. After that the secure messaging channel is established and the card receives the message. First the MAC is checked. The MAC check failed. Then, only for the test purpose I uncomment that. Then MAC is not checked and the decryption is performed. The decrypted message was well formed and the decrypted message had correct value. What conclusion can I make. I believe that the keys are correctly defined because if it is not done properly, then the decryption would not result with the expected value. Right? If that is so, why the MAC calculation failed on my side. There could be several reasons. The first is that the MAC key on both side is not the same. But if we assume that we define the keys properly we could eliminate this as a problem. The next thing that can influence the MAC check fails is that the MAC is done differently on both side.
Can I really eliminate the key definition as the cause of the problem.
// Calculation of the KSEED
crypto.randomData.generateData(buffer, (byte)0, (short) (dh.q.length - 1));
          ((RSAPublicKey)crypto.publicKeys[5].key).setExponent(buffer, (short) 0, (short) (dh.q.length - 1));
          ((RSAPublicKey)crypto.publicKeys[5].key).setModulus(dh.p, (short) 0, (short)dh.p.length);
        Cipher c = crypto.publicKeys[5].getCipher(Cipher.ALG_RSA_NOPAD);
        c.init((RSAPublicKey)crypto.publicKeys[5].key, Cipher.MODE_ENCRYPT);
        short encLen = c.doFinal(crypto.ifdMaterialKeyAsym, (short)0, (short) crypto.ifdMaterialKeyAsym.length, crypto.tmpBytes, (short)0);
//Calculation of the session keys
crypto.secureMessagingAsym(algorithm);
//Calculation of the KICC (The terminal uses it to generate KSEED) 
          encLen = c.doFinal(dh.g, (short)0, (short) dh.g.length, crypto.tmpBytes, (short) 6);
          Util.arrayCopy(crypto.tmpBytes, (short) 6, crypto.iccMaterialKeyAsym, (short) 0, (short) encLen);
public void secureMessagingAsym(byte algorithm) {
         // calculate session keys
        short keysPos = SM_ASYM_TRANSPORT_KEY_LENGTH;
        deriveKey(tmpBytes, (short)0, SM_ASYM_TRANSPORT_KEY_LENGTH, MAC_MODE, keysPos, algorithm);
        short macKeyPos = keysPos;
        keysPos += SESSION_KEY_LENGTH;
        deriveKey(tmpBytes, (short)0, SM_ASYM_TRANSPORT_KEY_LENGTH, ENC_MODE, keysPos, algorithm);
        short encKeyPos = keysPos;
        keysPos += SESSION_KEY_LENGTH;
        setSecureMessagingKeys(tmpBytes, macKeyPos, tmpBytes, encKeyPos);
public void deriveKey(byte[] buffer, short keySeedOffset, short keySeedLength, byte mode, short keyOffset, byte alg)
         throws CryptoException {
        // only key_offset is a write pointer
        // sanity checks
        if ((short)buffer.length < (short)((short)(keyOffset + keySeedLength) + c.length)) {
            ISOException.throwIt((short)0x6d66);
        if(keySeedOffset > keyOffset) {
            ISOException.throwIt((short)0x6d66);
        c[(short)(c.length-1)] = mode;
        // copy seed || c to key_offset
        Util.arrayCopyNonAtomic(buffer, keySeedOffset, buffer, keyOffset, keySeedLength);
        Util.arrayCopyNonAtomic(c, (short) 0, buffer, (short)(keyOffset + keySeedLength), (short)c.length);
        // compute hash on key_offset (+seed len +c len)
        short length = 0;
        if(alg == ALG_MUTUAL_AUTH_SHA1 || alg == ALG_ASYM_AUTH_SHA1) {
             messageDigest1.doFinal(buffer, keyOffset, (short)(keySeedLength + c.length), buffer, keyOffset);
             messageDigest1.reset();
             length = 56;
        else if(alg == ALG_MUTUAL_AUTH_SHA256 || alg == ALG_ASYM_AUTH_SHA256) {
             messageDigest256.doFinal(buffer, keyOffset, (short)(keySeedLength + c.length), buffer, keyOffset);
             messageDigest256.reset();
             length = 80;
        // parity bits
        for (short i = keyOffset; i < (short)(keyOffset + length); i++) {
            if (PKIUtil.evenBits(buffer) == 0)
buffer[i] = (byte) (buffer[i] ^ 1);

Hi,
The first step I would take is to eliminate the keys as the issue. Can you use the MAC key pair for an encryption/decryption operation as you did for the other keys? If this works then you can be sure the key pair is correct. There is a good chance there is an issue with the MAC calculation and the keys are correct but first you should be sure.
Cheers,
Shane

Similar Messages

  • The verification fails everytime I download Firefox to my mac. How can I fix?

    I've tried to download Firefox twice and I keep getting the error message "verification failed". Same thing with Thunderbird. I have Mac osx

    You can find the latest Firefox release in all languages and for all Operating Systems here:
    *Firefox 19.0.x: http://www.mozilla.org/en-US/firefox/all.html
    Try to repair the disk permissions:
    *http://thexlab.com/faqs/repairprocess.html

  • I have a Mac 10.4.11. When downloading Flash 10.1, got a verification failed message.

    My Mac is a 10.4.11.  I installed the flash player 10.1 through a website called Jibjab.com. once installed and on that site, my computer started going through a "refresh loop", so to speak.  Wasn't sure if it was the site or the new FP version, so uninstalled and tried to re-install Flash...now, when trying to download, I get a "verification failed" message on my download page.  Any ideas on how to resolve this?  Thanks in advance for any help I can receive on this issue!

    Hi, You should only use Adobe sites and links to Install Flash Player.
    Download and SAVE the Adobe Uninstaller to your Desktop:
    http://kb2.adobe.com/cps/141/tn_14157.html
    Then go to this Adobe site and download and SAVE to your Desktop the Installer for Mac:
    http://www.adobe.com/products/flashplayer/fp_distribution3.html
    Then close all browsers, run the Uninstaller and then Reboot(restart) your computer. Then run the Installer and then Reboot.
    When that is completed check to make sure the Shockwave Flash plugin is Installed and Enabled.
    Hope that helps,
    eidnolb

  • Various Software Updates (Intel)" Can't be Installed (verification failed!)

    This is essentially a repost of a problem unsolved, but with a new wrinkle:
    When I first reported this two months ago, it was just happening on an Intel iMac. Now, someone else in the office just purchased a MacBook Pro, and from the SAME NETWORK, is have the exact same problem!
    The process is to run Software Update. Select an update. Downloading begins. But when it gets to the end, Software Update reports:
    The update "<whatever the update is named>" Can't be Installed
    The digital signature for this package is incorrect. The package may have been tampered with or correupted since being signed by "Apple".
    Tried this several times, same message.
    So, in the case of the 10.4.8 update, I tried downloading the stand-alone installers (MacOSXUpd10.4.8Intel.dmg and then MacOSXUpd10-1.4.8Intel.dmg).
    Both stand-alone packages downloaded, but got a "verification failed" message in the Safari DOWNLOADS window.
    Plenty of hard disk space. Permissions Repaired.
    I SUSPECT the problem has something to do with either 1) the NetGear router (which connects to the DSL modem) or the Airport Base Station (which connects to the physical network, which connects to the NetGear Router).
    Both Macs (iMac & MacBook Pro) are connected via the AIrport base station.
    I'm pretty sure I have a good network connection, because I am able to use Apple Remote Desktop to see into the network and connect to the iMac with no connection errors.
    Any ideas from all you gurus out there?

    I am having the same problems on my wifes iMac. Any large updates just won't come down. Someone had suggested memory problems, but I have done a full hardware check and all is cool. My G5 on the same network get's it's updates OK.
    However, when I try to download the combined 10.4.8 update (149Mb) for my wife (via my machine) I still get a verification error! I don't know what to do next. The problems started with the 10.4.8 update, so maybe it's 10.4.7 related?

  • Signature verification failed

    Hi all,
    I've been seeing a really weird problem with signing my HTML5 extension for Illustrator. I'm using the ZXPSignCmd tool to create a .zxp bundle and sign my extension from the command line. I'm able to install the extension using the Extension Manager, and I've also been able to distribute it to a private group through Adobe Exchange. It installs just fine, and runs great the first time, but after closing Illustrator and reopening it the extension often fails to load and just shows a blank window. I'm on a Mac, and looking at the log file here shows the following error when it happens:
    /Users/<<userName>>/Library/Logs/CSXS/csxs-ILST.log
    2014-12-17 10:18:02 : ERROR Signature verification failed for <<extensionID>>
    This is the only indication I have that it is a problem with the certificate. It seems really strange that it installs without errors and works once, but then fails when trying to load again. I was using a self-signed certificate, but I just bought a certificate from DigiCert to see if that would help, but I'm still having the same problem.
    This actually happens very rarely on my machine, but happens frequently to my other users. I assume this is somehow because I have been doing the development on this computer, so something is different about my extension environment.
    Has anyone else seen this issue at all? Does anyone have any tips that might help me to debug this? Other log files to look at, potential problems with the certificate or manifest file? I've tried about everything I could think of, so any help would be greatly appreciated!
    Thanks,
    James

    Nailed :-)
    For the folder you might save files into, there are few tokens in CEP:
    /* Identifies the path to user data.  */
    SystemPath.USER_DATA = "userData";
    /* Identifies the path to common files for Adobe applications.  */
    SystemPath.COMMON_FILES = "commonFiles";
    /* Identifies the path to the user's default document folder.  */
    SystemPath.MY_DOCUMENTS = "myDocuments";
    /* Identifies the path to current extension.  */
    /* DEPRECATED, PLEASE USE EXTENSION INSTEAD.  */
    SystemPath.APPLICATION = "application";
    /* Identifies the path to current extension.  */
    SystemPath.EXTENSION = "extension";
    /* Identifies the path to hosting application's executable.  */
    SystemPath.HOST_APPLICATION = "hostApplication";
    Otherwise you can rely on JSX folder tokens such as Folder.appData, Folder.userData etc (see a complete list on pages 56-57 of the JavaScript Tools Guide pdf) and create your extension's own folder.
    Mind you, CEP extensions should support both indexedDB and localStorage - one of them might fit your needs.
    Best
    Davide Barranca
    www.davidebarranca.com
    www.cs-extensions.com

  • "extension cannot be installed because licensing verification failed"

    Hi everyone,
         I have the Adobe Photography plan for Photoshop CC, and it works perfectly fine, it will open and close normally, but when i try to install an extension, it will give me this error message: "extension cannot be installed because licensing verification failed". Please help. Much appreciated!!

    Is your extension directly downloaded from https://creative.adobe.com/addons
    If yes, Please click "Tools"->"Preferences" menu item in Extension Manager, check "Enable detailed logging" option. Restart Extension Manager. Try to install the extension. After error message promopt, send the log files under "C:\Users\<YourUserName>\AppData\Roaming\Adobe\Extension Manager CC\Log" (Windows) or "/Users/<YourUserName>/Library/Application Support/Adobe/Extension Manager CC/Log" (Mac) folder  to [email protected]

  • This extension cannot be installed because licensing verification failed

    I'm logged into CC, but when trying to install an extension I get the error "This extension cannot be installed because licensing verification failed."
    I can log in to Adobe.com, but when I use the SAME credentials in extension manager it fails. This just started happening today.
    Mac OS X Mavericks
    Adobe CC Suite
    Any ideas?

    Would you please try follow steps:
    1. Quit Adobe Creative Cloud , Extension Manager and all Adobe products.
    2. Rename opm.db to opm.db.bak in
    Windows: c:\Users\<yourname>\AppData\Local\Adobe\OOBE
    MAC: /Users/<yourname>/Library/Application Support/Adobe/OOBE
    3. Launch Extension Manager CC.
    4. Install your extensions.
    Please let me know if it does not help.

  • Verification failed! codec overrun!

    So this is a brand new MacBook given to me yesterday as a Graduation present. I haven't been able to download anything (such as MSN messenger for Mac and Firefox for MAC, both of which have been downloaded from Apple website). I have tried probably fifty times. Each time I get the same error message 'verification failed' and then 'codec overrun'. I've called Apple three times today, and had to reinstall my software three times. Nothing has worked.
    The Mac people don't know how to fix it.
    Help anyone???

    I'm getting this same error, from Firefox AND Safari. I'm using a TiPB/867MHz with a gig of RAM. I did the archive install (which mucked up my Apache2/PHP install, but that's another story), I did AppleJack.
    Once I did the "downgrade" from 10.4.11 to 10.4.6, I was able to download the two Java updates (20 and 36MB - ????) but I can't download the 10.4.11 update at 186MB.
    I also can't download things like Plone, iWork '08 demo, and a lot of other things. BUT I went to my Intel Macbook and the same links download fine.
    I thought it was bad RAM, but I ran Techtool and everything checked out OK. Applejack didn't find any problems either.

  • The PyramidVille game in Facebook is not loading.I have no problems with the other games.I'm receiving the message" Forbidden 403" CSRF Verification failed.Request aborted. More information is available with Debug= True

    The PyramidVille game in Facebook is not loading.I have no problems with the other games.I'm receiving the message" Forbidden 403" CSRF Verification failed.Request aborted. More information is available with Debug= True edit

    Clear the cache and the cookies from sites that cause problems.
    "Clear the Cache":
    * Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
    "Remove the Cookies" from sites causing problems:
    * Tools > Options > Privacy > Cookies: "Show Cookies"
    Reload web page(s) and bypass the cache.
    * Press and hold Shift and left-click the Reload button.
    * Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
    * Press "Cmd + Shift + R" (MAC)

  • When I try to download iOS 6 to my iPhone 4 it says " Verification Failed. Request has timed out". What do I do?

    How to download iOS 6 on iPhone 4??. Keeps saying "verification fAiled. Request has timed out"

    Try try again. Thre server are heavily loaded. The connection dropped becasue the computer thinks it waited to long. Disabling your security software on the computer can help resolve this too.

  • Exception in thread "main" java.lang.VerifyError: verification failed!!

    DB:11.1.0.7
    Oracle Apps:12.1.1
    OS:RHEL Linux 4 86x64
    Hi All,
    On executing the following command on node 2 of TEST instance, we received the following error but did not find any such error messages in node 1
    Notes: (1) Node 1 has java version:
    java -version
    java version "1.6.0_10"
    Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
    Java HotSpot(TM) Server VM (build 11.0-b15, mixed mode)
    (2) Node 2 has java version:
    java -version
    java version "1.4.2"
    gcj (GCC) 3.4.6 20060404 (Red Hat 3.4.6-9)
    Copyright (C) 2006 Free Software Foundation, Inc.
    This is free software; see the source for copying conditions. There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    Error message in node2:
    On executing the following command on node 2 of TEST instance, we received the following error:
    java oracle.jrad.tools.xml.importer.XMLImporter /tmp/custdocs/oracle/apps/pos/home/webui/customizations/site/0/PosHpgOrders.xml ....
    /usr/bin/java: line 36: [: `)' expected, found -
    Exception in thread "main" java.lang.VerifyError: verification failed at PC 152 in oracle.jdbc.driver.OracleDriver:registerMBeans(()V): String, int, or float constant expected
    at JvBytecodeVerifier.verify_fail(byte, int) (/usr/lib64/libgcj.so.5.0.0)
    at JvBytecodeVerifier.verify_instructions_0() (/usr/lib64/libgcj.so.5.0.0)
    at JvVerifyMethod(_Jv_InterpMethod) (/usr/lib64/libgcj.so.5.0.0)
    at JvPrepareClass(java.lang.Class) (/usr/lib64/libgcj.so.5.0.0)
    at JvWaitForState(java.lang.Class, int) (/usr/lib64/libgcj.so.5.0.0)
    at java.lang.VMClassLoader.linkClass0(java.lang.Class) (/usr/lib64/libgcj.so.5.0.0)
    at java.lang.VMClassLoader.resolveClass(java.lang.Class) (/usr/lib64/libgcj.so.5.0.0)
    at java.lang.Class.initializeClass() (/usr/lib64/libgcj.so.5.0.0)
    at java.lang.Class.forName(java.lang.String, boolean, java.lang.ClassLoader) (/usr/lib64/libgcj.so.5.0.0)
    at oracle.adf.mds.tools.util.ConnectUtils.getDBConnection(java.lang.String) (Unknown Source)
    at oracle.jrad.tools.xml.importer.XMLImporter.importDocuments(java.lang.String[], java.sql.Connection) (Unknown Source)
    at oracle.jrad.tools.xml.importer.XMLImporter.main(java.lang.String[]) (Unknown Source)
    Could anyone please share such an issue faced before and provide resolution as to what's wrong in here in node 2?
    Thanks for your time!
    Regards,

    Hi,
    (2) Node 2 has java version:
    java -version
    java version "1.4.2"Do you run this command as applmgr user? If yes, did you source the application env file?
    Could anyone please share such an issue faced before and provide resolution as to what's wrong in here in node 2?Why the java version is different on the both nodes?
    Thanks,
    Hussein

  • Verification Failed. The certificate for this server is invalid

    I am trying to backup my iPad to iCloud.  I get:
    Verification Failed.  The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk.
    I am logged onto the wifi at work and I can surf the Internet so the connection is OK.
    How do I begin to debug this issue?

    Hey everyone,
    I had this issue for few months already! I have a @me.com mail address, theoretically should be compatible with iCloud, just for some reason, it's not working!!
    The mail all work fine on my macbook and iPhone, just the ipad kept showing the error message, the "verification failed".
    The internet is wi-fi and it all working fine.
    Now here is the solution.
    Make sure you got internet connected fine.
    Go Setting --> Mail, Contacts, Calendars --> Add Account --> Other
    --> Add Mail Address -->
    in the description, it will auto showing "Me", don't change it!
    Go "Next" -->
    in the Incoming Mail Server
    Host Name --> Type "imap.mail.me.com"
    Then your user name and password
    in the Outgoing Mail Server
    Host Name --> Type "smtp.mail.me.com"
    Then your user name and password
    Then next and save it.
    This should work, it works for me,
    Hope this helps!!

  • Verification failed certificate for this server is invalid

    I attempt to log into the iCloud on my iPod over a WiFi connection and it gives me the Verification Failed. The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk.
    Why am I getting this and how can I access the iCloud to backup my files?

    This happened to me because my router was configured to use Open DNS servers (Primary 208.67.222.222, Secondary 208.67.220.220). Temporarily adjusting the DNS settings on the router to 4.2.2.1 and 4.2.2.2 did the trick. Open DNS does weird things with certain certificates. Even if your router is configured to used something else, try the ones listed above to see if it makes a difference.

  • Mobile Me Verification Failed - it says the certificate for this server is invalid.  What does that mean?

    Trying to set up a 2nd device on Mobile Me and it's telling me "Verification Failed, Certificate for this server is invalid, I might be connecting to a server that is pretending to be setup.me.com which can put my confidential information at risk."   Please tell me what this means and how to correct it.  My 1st device set up with Mobile Me just fine. 

    Check your date/time settings if correct.
    Happened to me when I changed the battery then I found out that the settings is not yet set.
    Works flawless now!
    Good luck!

  • Help!!! T61 Blue Screen--unmountable boot volume-- error code 0000: Read verification failed

    My computer is T61 (8891CT), but Blue Screen came out and reported--unmountable boot volume.  I ran the diagnostic program and got the error code 0000: Read verification failed. I can’t run anything now including the restore and rescue.  Has the hard drive died?
    If the hard drive has died, I have to change the hard drive, but how to transfer the system (I don’t have any CD) and think vantage software? Thank you very much for you help.

    Hi equalefk,
    Yes, definitely sounds like it's time to replace the HDD.
    Hope it helps.
    Maliha (I don't work for lenovo)
    ThinkPads:- T400[Win 7], T60[Win 7], IBM 240[Win XP]
    IdeaPad: U350
    Apple:- Macbook Air [Snow Leopard]
    Did someone help you today? Compliment them with a Kudos!
    Was your question answered today? Mark it as an Accepted Solution! 
      Lenovo Deutsche Community     Lenovo Comunidad en Español 
    Visit my YouTube Channel

Maybe you are looking for

  • Unable to Open Process Route Tab in DIR (PLM webUI page)

    Hello PLM Guru's I am unable to open the Process Route Tab in the DIR Web UI page.I get an error message for "Name: AcfApplet, Publisher : SAP AG , Location :http://..../com_sap_acf_updown.jar".When I click run it keeps running but not opening the Pr

  • DB Link between 8i and 10g : INSERT query parse once for every execution ?

    Hi, All Wonder if there is anyone out there who has processes that work among 8i x 10g databases through DB Link, and could enlight this. I have the following INSERT statement : INSERT INTO SAFX01 (COD_EMPRESA, COD_ESTAB, DATA_OPERACAO, CONTA_DEB_CRE

  • LSMW-DIRECT INPUT PERMISSION ERROR

    Hi I am creating lsmw program for classification, it showing one error like 'no logical path has been specified' in specify files step. But i created logical path & file and when ever run the last step there have showing error like that " Logical fil

  • Importing keywords from non-Bridge file

    I've just received the CS3 Suite. Prior to this, photos, where I work, had keywords added to the XP file preference (right clicking on a photo and choosing preferences). I need a way to get those keywords into Bridge. I've hundreds of photos and know

  • I can't download adobe flash player  ( safari win )

    i can't download adobe flash player on safari windows , it's started at 7 % and suddenly turn to 47% and give me massage ( download time out )