JWorld@TW the best professional Java site in Taiwan
      註冊 | 登入 | 全文檢索 | 排行榜  

» JWorld@TW » Java ME、Google Android 平台與 JavaCard 討論區 » Java Card  

按列印兼容模式列印這個話題 列印話題    把這個話題寄給朋友 寄給朋友    訂閱主題
reply to topicthreaded modego to previous topicgo to next topic
本主題所含的標籤
作者 请教PBOC中的MAC计算问题!谢谢!
ngoahead





發文: 16
積分: 0
於 2009-04-10 10:28 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我在做PBOC相关的项目,想验证密文+MAC的APDU中的MAC,
自己用DES写的MAC计算验证没问题,只是感觉速度慢,所以想用Signature的方法来实现,希望能改善速度,但用Signature的MAC4模式总是出问题,返6F00,请问一下原因是什么,该怎么改,先谢谢了,代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
DESKey     MacKey;
Signature     MacSig;
MacSig = Signature.getInstance(Signature.ALG_DES_MAC4_ISO9797_M2, true);
 
...
 
MacKey.setKey(myKeyBuf, (short)0);    
MacSig.init(MacKey, Signature.MODE_VERIFY);
    
if( !MacSig.verify(buf, offset, len, mac, macOffset, (short)4) )
{
  API.Wrong_6988();
}


andyhua edited on 2009-04-30 09:09
reply to postreply to post
作者 Re:请教PBOC中的MAC计算问题!谢谢! [Re:ngoahead]
ngoahead





發文: 16
積分: 0
於 2009-04-10 10:30 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
这事较急,在线等,希望版主能帮忙,多谢啦!

reply to postreply to post
作者 Re:请教PBOC中的MAC计算问题!谢谢! [Re:ngoahead]
andyhua



版主

發文: 624
積分: 1
於 2009-04-13 11:25 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
ngoahead wrote:
这事较急,在线等,希望版主能帮忙,多谢啦!


http://www.javaworld.com.tw/jute/post/view?bid=26&id=107490&tpg=1&ppg=1&sty=1&age=0#107490

請參考這段敘述,可能你遇到一樣的問題:

有可能你用的 java card 並不支援 ALG_DES_MAC8_ISO9797_M2,
可以試試其他6種的簽章法:
ALG_DES_MAC4_ISO9797_M1
ALG_DES_MAC4_NOPAD
ALG_DES_MAC4_PKCS5

ALG_DES_MAC8_ISO9797_M1
ALG_DES_MAC8_NOPAD
ALG_DES_MAC8_PKCS5


reply to postreply to post
作者 Re:请教PBOC中的MAC计算问题!谢谢! [Re:ngoahead]
calvinxie





發文: 11
積分: 0
於 2009-04-13 12:08 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
首先要确认你的卡是否支付ALG_DES_MAC4_ISO9797_M2。不是每张卡片都支持。

reply to postreply to post
作者 Re:请教PBOC中的MAC计算问题!谢谢! [Re:ngoahead]
ngoahead





發文: 16
積分: 0
於 2009-04-13 15:10 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
谢谢楼上的两位热心人!

我用的是JCOP4.1的卡,
声称支持
ALG_DES_MAC8_ISO9797_1_M2_ALG3
ALG_DES_MAC8_ISO9797_M1
ALG_DES_MAC8_ISO9797_M2
ALG_DES_MAC8_NOPAD
ALG_DES_MAC8_PKCS5

现在我的代码如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
MacKey16 = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_DESELECT, (short)128, false);
    MacKey8 = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_DESELECT, (short)64, false);
    MacSig = Signature.getInstance(Signature.ALG_DES_MAC8_ISO9797_1_M2_ALG3, false);
    MacSig8 = Signature.getInstance(Signature.ALG_DES_MAC8_ISO9797_M2, false);
 
。。。。。。
 
  void CalMAC(byte byKey[], short keyoffset, byte initvalue[], short initValOffset, byte datain[], short offset, short byLen, byte MAC[], short macOffset, byte desType)
  {
    if(desType == (byte)1)
    {
      MacKey8.setKey(byKey, (short)keyoffset);
      MacSig8.init(MacKey8, Signature.MODE_SIGN, initvalue, initValOffset, (short)8);
      MacSig8.sign(datain, offset, byLen, MAC, macOffset);
    }
    else
    {
      MacKey16.setKey(byKey, (short)keyoffset);
      MacSig.init(MacKey16, Signature.MODE_SIGN, initvalue, initValOffset, (short)8);
      MacSig.sign(datain, offset, byLen, MAC, macOffset);
    }

MAC8_ISO9797_1_M2_ALG3模式对8字节KEY不行(返6f00),所以我才定义了ALG_DES_MAC8_ISO9797_M2的MacSig8

但仍有问题,8字节KEY和16字节KEY的MAC计算都是,有时可以,有时不行,
public abstract void init (Key theKey, byte theMode, byte[] bArray,
      short bOff, short bLen) throws CryptoException;
中的 byte[] bArray, short bOff, short bLen
我的理解是传初始向量,不知是否有误?


andyhua edited on 2009-04-30 09:08
reply to postreply to post
作者 Re:请教PBOC中的MAC计算问题!谢谢! [Re:ngoahead]
ngoahead





發文: 16
積分: 0
於 2009-04-13 15:12 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
上面说的有时可以,有时不行是指调用CalMAC()函数有时MAC结果正确,有时错误

reply to postreply to post
作者 Re:请教PBOC中的MAC计算问题!谢谢! [Re:ngoahead]
andyhua



版主

發文: 624
積分: 1
於 2009-04-30 09:25 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
提供以下程式供參考:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
  /* SW */
  final static short SW_NO_ALGORITHM     = 0x6A83;
  final static short SW_ILLEGAL_USE      = 0x6A84;
  final static short SW_ILLEGAL_VALUE    = 0x6A85;
  final static short SW_INVALID_INIT     = 0x6A86;
  final static short SW_UNINITIALIZED_KEY = 0x6A87;
  
  
  ...
  
  
    try{
      MacSig.sign(datain, offset, byLen, MAC, macOffset);    }
    catch(CryptoException e){
      explainCryptoExceptions(e);      
    }
    
    ...
    
  private void explainCryptoExceptions(CryptoException e)
  {
    if(e.getReason() == CryptoException.NO_SUCH_ALGORITHM)
      ISOException.throwIt(SW_NO_ALGORITHM);
    else if(e.getReason() == CryptoException.ILLEGAL_USE)
      ISOException.throwIt(SW_ILLEGAL_USE);
    else if(e.getReason() == CryptoException.ILLEGAL_VALUE)
      ISOException.throwIt(SW_ILLEGAL_VALUE);
    else if(e.getReason() == CryptoException.INVALID_INIT)
      ISOException.throwIt(SW_INVALID_INIT);
    else if(e.getReason() == CryptoException.UNINITIALIZED_KEY)
      ISOException.throwIt(SW_UNINITIALIZED_KEY);
    else
      ISOException.throwIt(ISO7816.SW_UNKNOWN);    
  }


紅色部分是你的code,加上定義與exception判斷錯誤的原因,來找出妳的bug~


andyhua edited on 2009-04-30 09:27
reply to postreply to post
作者 Re:请教PBOC中的MAC计算问题!谢谢! [Re:ngoahead]
andyhua



版主

發文: 624
積分: 1
於 2009-04-30 09:31 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
ngoahead wrote:
上面说的有时可以,有时不行是指调用CalMAC()函数有时MAC结果正确,有时错误


另外一問:
這種錯誤是在real card上出現,還是card simulator 上出現?


reply to postreply to post
作者 Re:请教PBOC中的MAC计算问题!谢谢! [Re:ngoahead]
calvinxie





發文: 11
積分: 0
於 2009-05-20 14:18 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我在JCOP4.1上用下面代码测试没有任何没有问题

macSign=Signature.getInstance(Signature.ALG_DES_MAC8_ISO9797_M2,false);
然后用sessionkey生成一个SingleDESKey(Session Key你要自己先计算)

singleDESkey.setKey(keyBytes, (short) 0);
计算
macSign.init(singleDESkey, Signature.MODE_SIGN);
macSign.sign(input, inputOffset, inputLen, mac8, (short)0);    
//put most left 4 bytes as pboc2 mac
Util.arrayCopyNonAtomic(mac8,(short)0,output,outputOffset,(short)4);

希望能帮到你。


reply to postreply to post
» JWorld@TW »  Java ME、Google Android 平台與 JavaCard 討論區 » Java Card

reply to topicthreaded modego to previous topicgo to next topic
  已讀文章
  新的文章
  被刪除的文章
Jump to the top of page

JWorld@TW 本站商標資訊

Powered by Powerful JuteForum® Version Jute 1.5.8