Command 0xF017 - Establish Ephemeral KBPK

The host uses this command to complete the ECDHE-ECDSA Key Exchange protocol, which enables the host and the device to generate the same TEMP KBPK key to use with Command 0xEF01 - Load Key Using TR-31 to load the Master Transport Key (MTK).

The sequence of events is as follows:

The host uses Command 0xE001 - Get Challenge to establish a secure session with the device.

The host constructs Command 0xF017 - Establish Ephemeral KBPK per the request table below.

The host constructs Command 0xEEEE - Send Secured Command to Device using the previously constructed command request as the payload, and sends that command request to the device as a Request Message.

Because this command is secured using a signature, read Property 2.1.2.2.2.6 Key Type to determine which fixed key to use to generate the signature.
Build the Security Parameters Type portion of the wrapper with:
- Table 46 - Encrypted Signature Capture File Type Operation Type = Command Authorization Using Signature
- Operation Algorithm = ECDSA (indeterministic)
- Operation Hash = SHA-256
- Operation Curve = P521

The device does the following:

Validates the secure wrapper around the command, and terminates if the signature is invalid.
Determines if the Master Transport Key (MTK) has already been loaded. If it has, the device rejects the command request.
Generates a pair of keys, saves the Device Private Key for calculation.
Generates and saves 8 bytes of Device Random Token for calculation.
Calculates the TEMP KBPK based on Host Public Key and Host Random Token passed in with the command request, and the Device Private Key and Device Random Token the device generated.

The device sends a Response Message to the host to indicate the result. The response message includes Device Random Token and Device Public Key.

The host calculates a matching TEMP KBPK as defined in NIST SP800-56A, using the Host Private Key, Host Random Token, Device Public Key, and Device Random Token. It can then use this key to perform encryption operations on secret data in the Master Transport Key (MTK).

The device uses its copy of the matching TEMP KBPK to decrypt the secret information encrypted by the host using the same key. On successful MTK load, the device erases the TEMP KBPK. It also erases the TEMP KBPK if the device is power cycled or reset, and the host would need to restart the process with a new TEMP KBPK.

Table - Request Data for Command 0xF017 - Establish Ephemeral KBPK

Tag

Len

Value / Description

Typ

Req

Default

Beginning of any wrappers, at minimum including Request Message

F017 = Command 0xF017 - Establish Ephemeral KBPK

var

Security Parameters — This contains a Security Parameters Type TLV data object with only the first parameter populated with:

01 = Key Agreement

01 = ECDHE

05 = Curve P521

01 = SP800-56A

var

Host Ephemeral Public Key — This parameter is in ASN.1 format. The information of the cipher and key size are included in the ASN.1 Public Key file (PKCS#8).

Host Random Token

This contains an 8 byte random number generated by the host.

Table - Response Data for Command 0xF017 - Establish Ephemeral KBPK

Tag

Len

Value / Description

Typ

Req

Default

Beginning of any wrappers, at minimum including Response Message

F017 = Command 0xF017 - Establish Ephemeral KBPK

var

Security Parameters — This contains a Security Parameters Type TLV data object populated entirely with 0x00 padding to indicate that all values are the same as the corresponding values in the Request.

var

Device Ephemeral Public Key — This parameter is in ASN.1 format. The information of the cipher and key size are included in the ASN.1 key file.

Device Random Token — This contains an 8 byte random number generated by the device.

End of any wrappers, at minimum including Response Message found

Table - Request Example

Example (hex)

AA 00
81 04 01 10 F0 17
84 82 01 8C
EE EE	// Secure Wrapper
A1 24
81 04 02 01 04 05
84 00 85 00
A8 16
81 02 00 00
82 07 45 43 43 53 49 47 4E
86 05 45 43 44 53 41
88 00 A9 00
82 04 B5 03 3D A0
83 08 ED B0 79 E6 E3 F1 83 AE
84 81 C3	// payload is 0xF017 command body F0 17
A1 14	// Security parameters 81 04 01 01 05 01
84 00
A8 0A
81 02 00 00
82 00
86 00
88 00
83 81 9E	// TL of PKCS8 public key
30 81 9B	// V of PKCS8 public key 30 10
06 07 2A 86 48 CE 3D 02 01
06 05 2B 81 04 00 23
03 81 86
00
04
01 64 1C DA 45 C5 56 B3 8B 31 29 8C 94 A1 E7 95
C9 D3 85 C0 4D F3 15 13 D9 91 43 84 58 15 CD 45
6B 67 F6 AC 7C 56 DF F8 0C 65 A7 CF 81 F1 13 2F
AA E5 22 10 78 23 C9 4F 1D CD 24 42 EC 1A 3F A4
75 58
00 97 59 96 9E 01 D0 62 47 B7 EF 5F 0B D0 8B E6
CA 12 F0 3C 13 43 AF 15 21 92 3D 6B FE 47 74 68 38 3F DD 1E 90 2B FD 0F D6 DA 7A A1 E9 A1 98 85
3A DA 93 6D EE 05 61 87 8B 81 BF 6A 78 2F 40 A5
E8 66
84 08 BD E3 77 88 83 0C F6 37	// TLV of 8-byte random # for TEMP-KBPK
// end of 0xF017 command body
9E 81 8B
30 81 88
02 42
00 C4 13 1D C2 13 7A F6 FD F0 F1 BB BD 14 C2 4A FE D7 6F BC 80 91 84 26 43 85 40 B6 5D BE 1D 9C
74 90 77 B6 41 62 69 52 04 72 93 C0 9C 59 2A DB
03 31 0F 8A 28 C0 DB 1A B7 1B 51 B3 E6 BD FF 50
77 CA
02 42
01 EE D8 2D 9F A3 D1 98 4E 74 C8 85 11 52 93 15
FF 9D 7D 5A 03 FD 84 B8 B9 09 20 8B 15 98 7A 5E 56 A5 61 71 9A 0A B9 D1 DA 1C 96 1D 0C EF F0 D2 E3 A4 22 84 60 E2 AA 8C AA 2B 8B AE 02 50 D8 B3
CF 84

Table - Response Example

Example (hex)

AA 00
81 04 82 10 F0 17
82 04 00 00 00 00
84 81 B5	// Response Payload
F0 17
A1 06
81 01 00
82 01 00
83 81 9E	// TL of PKCS8 public key
30 81 9B	// V of PKCS8 public key 30 10
06 07 2A 86 48 CE 3D 02 01
06 05 2B 81 04 00 23
03 81 86
00
04
01 77 CD 91 56 96 34 2B C6 5A 6C EC 5D 74 96 41
B3 F9 2B 12 85 19 90 F8 73 BF FF 3C 10 44 E3 CB
21 4E CA F6 CE FC F8 C8 80 52 44 13 FA B1 97 A1
8C 44 FE 95 A2 0A F3 3D A4 3A 8F 2E 39 41 23 22 B1 AB
01 29 26 4F CC 0E 86 11 16 92 FF BC E1 BF DA FC
21 BA B1 5A C4 DE 7B C1 6F A9 17 F8 4B 1E B2 1F
5F 21 7D 54 00 15 41 C3 21 75 0D 21 DC 95 13 A7
2C 8C 11 77 96 38 87 51 08 7A 1F 63 EC A8 8F C4 AB B3
84 08 4C 4A EC 0B 47 E4 53 EB	// TLV of 8-byte random # for TEMP-KBPK

Last updated 12 days ago