I am trying to do the mutual authentication on eUICC, using SCP03. When I send External Authenticate command to the card, I receive this response from it: AF8023026985 which I believe the SW = 6985.
Would anyone please tell me what I am missing?
This is how I produce the external authenticate command in Python 3:
extAuthCmdBase = '8482330010'
initialStrForMac = 16 * '00' + extAuthCmdBase + hostCryptogram
C_MAC = aes.CMAC(initialStrForMac, sMAC)
extAuthAPDU = extAuthCmdBase + hostCryptogram + C_MAC[:16]
len_apdu = hex(len(extAuthAPDU))[2:].upper().zfill(2)
expExtAuthAPDU = 'AE80' + '22' + len_apdu + extAuthAPDU + '0000'
I finally got the SW = 9000 from ext. auth.
Used Script Chaining for both initialize update and ext. auth command.
All these initialize update and external authentication commands should be sent in one single session. That, depending on how eUICC's OS is programmed, could be realized via script chaining concept by which eUICC will understand that the session will be continued and further subsequent commands are to be sent by the host.
For learning about script chaining procedure please refer to ETSI TS 102 226, section Script Chaining TLV.
Tag for initialize update command: 'AE80830101' Tag for external authenicate command: 'AE80830102'
The tag regime used here is the Expanded format of Remote Management application command "secured data" - indefinite length coding.