JavacardOS will not accept order any more, please contact our partner Feitian online Store:
https://ftsafe.en.alibaba.com/index.html

Generate HMAC_SHA256 Signature in JavaCard Applet

Algorithm School

Moderator: UNKNwYSHSA

User avatar
rainly
Posts: 11
Joined: Tue Jun 09, 2015 4:38 am
Points :18
Contact:

Generate HMAC_SHA256 Signature in JavaCard Applet

Post by rainly » Fri Jun 12, 2015 8:00 am

I am trying to sign a message which contains in inBuffer byte array using my own derived key S (also byte array). I am using javacard2.2.2 library for developing javacard applet. I am using android application for sending process request. I am reciving return code '6A81' which means 'function not supported'. Now, I have no clue that how to proceed as I failed to understand that it is mentioning about HMAC_SHA256 not supported or I am making some mistake in the function. Please help.
The code is as follows:

Code: Select all

Signature m_sessionMAC = null;
    HMACKey keyType = null;
    Sign = new byte[64];

    bytesRead = apdu.setIncomingAndReceive();

    // Create HMAC Key Used in Mac
    m_sessionMAC = Signature.getInstance(Signature.ALG_HMAC_SHA_256, false);

    // Create HMAC Key Used in Mac
    keyType = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, KeyBuilder.LENGTH_HMAC_SHA_256_BLOCK_64, false);
    keyType.setKey(S,(short) 0, (short) S.length);
    m_sessionMAC.init(keyType, Signature.MODE_SIGN);

    //Generate Signature on inBuffer (received data to sign)
    echoOffset = m_sessionMAC.sign(inBuffer, ISO7816.OFFSET_CDATA, ISO7816.OFFSET_LC, Sign , (short)0);
    Util.arrayCopyNonAtomic(Sign, ( short ) 0, inBuffer, ( short ) 0, echoOffset);
    apdu.setOutgoingAndSend( ( short ) 0, (short) echoOffset );

Please help me in this regards or also provide any pointers for implementing HMAC_SHA256 or HMAC_SHA1 symmetric crypto. in javacard applet.

Thanks.

User avatar
Larson
Posts: 18
Joined: Wed May 20, 2015 3:56 am
Points :30
Contact:

Re: Generate HMAC_SHA256 Signature in JavaCard Applet

Post by Larson » Mon Jun 22, 2015 11:36 pm

Your card should support Signature.ALG_HMAC_SHA_256 first. In most cases, a javacard wouldn't support all the cryptographic algorithms. If your card support this algorithms,you can implement HMAC by the following way.

Code: Select all

K = HMAC key of length 32
ipad = the byte 0x36 repeated 32 times
opad = the byte 0x5C repeated 32 times.
To compute HMAC over the data `text' we perform
H(K XOR opad, H(K XOR ipad, text))

User avatar
rainly
Posts: 11
Joined: Tue Jun 09, 2015 4:38 am
Points :18
Contact:

Re: Generate HMAC_SHA256 Signature in JavaCard Applet

Post by rainly » Tue Jun 23, 2015 1:10 am

@Larson,thanks! It is very helpful to me.

User avatar
horse dream
Posts: 76
Joined: Thu May 21, 2015 11:48 pm
Points :140
Contact:

Re: Generate HMAC_SHA256 Signature in JavaCard Applet

Post by horse dream » Tue Jun 23, 2015 1:21 am

Larson wrote:Your card should support Signature.ALG_HMAC_SHA_256 first. In most cases, a javacard wouldn't support all the cryptographic algorithms. If your card support this algorithms,you can implement HMAC by the following way.

Code: Select all

K = HMAC key of length 32
ipad = the byte 0x36 repeated 32 times
opad = the byte 0x5C repeated 32 times.
To compute HMAC over the data `text' we perform
H(K XOR opad, H(K XOR ipad, text))


Before calling getInstance() method, it would be better to check CryptoException first .

Code: Select all

try {
    Signature.getInstance(Signature.ALG_HMAC_SHA_256, false);
} catch (CryptoException e) {
    if (e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {
        // Do something to treat algorithm absebce
    }
}

User avatar
Larson
Posts: 18
Joined: Wed May 20, 2015 3:56 am
Points :30
Contact:

Re: Generate HMAC_SHA256 Signature in JavaCard Applet

Post by Larson » Tue Jun 23, 2015 1:37 am

Before calling getInstance() method, it would be better to check CryptoException first .

Code: Select all

try {
    Signature.getInstance(Signature.ALG_HMAC_SHA_256, false);
} catch (CryptoException e) {
    if (e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {
        // Do something to treat algorithm absebce
    }
}


Thank you for your additional answer.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 8 guests

JavaCard OS : Disclaimer