JavacardOS will not accept order any more, please contact our partner Feitian online Store:
https://ftsafe.en.alibaba.com/index.html
https://ftsafe.en.alibaba.com/index.html
AES-CMAC calculation
Moderator: UNKNwYSHSA
AES-CMAC calculation
Hi, I want to calculate Cryptographic Checksum for SCP-80 / AES in cbc-mode.
but, when I use Signature.ALG_AES_MAC_128_NOPAD, I got different result as I expected. Expected data is calculated by another tool. it is same by calculated by software implementation.
Is Signature.ALG_AES_MAC_128_NOPAD not for that ?
if so, how to calculate CC for SCP-80 by AES cbc-mode ?
1) software implementation I tried is described this topic
https://javacardos.com/javacardforum/vi ... php?t=1114
2) the code for Signature.ALG_AES_MAC_128_NOPAD.
// CREATE SIGNATURE OBJECT
m_sessionAesCMAC = Signature.getInstance(Signature.ALG_AES_MAC_128_NOPAD , false);
// CREATE KEY USED IN MAC
m_sessionAesKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false);
// INITIALIZE SIGNATURE AES KEY
m_sessionAesKey.setKey(aesKey, (short) 0);
// SET KEY INTO SIGNATURE OBJECT
m_sessionAesCMAC.init(m_sessionAesKey, Signature.MODE_SIGN);
// GENERATE SIGNATURE OF buff ARRAY, STORE INTO cMAC ARRAY
m_sessionAesCMAC.sign(buffer, (short) 0, len, cMAC, (short) 0);
My test condition is as below.
Java Card 2.2.2
Key : 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10
Input data : 00 26 15 12 21 52 52 00 00 00 75 1F AD C5 79 07 AA 07 22 05 80 CA FF 21 00 00 00 00 00 00 00 00
Result
1) : 46 20 F0 A0 4C 30 74 0F 50 A9 BF 04 8C 7F A3 F5
2) : EC B5 1F 1C 6E CE 63 35 40 48 C3 7D 1D 81 4E 6E
by calculate another tool, the result is same as 1).
JCOS VM.
Best Regards
Yasuhiro Mitsui
but, when I use Signature.ALG_AES_MAC_128_NOPAD, I got different result as I expected. Expected data is calculated by another tool. it is same by calculated by software implementation.
Is Signature.ALG_AES_MAC_128_NOPAD not for that ?
if so, how to calculate CC for SCP-80 by AES cbc-mode ?
1) software implementation I tried is described this topic
https://javacardos.com/javacardforum/vi ... php?t=1114
2) the code for Signature.ALG_AES_MAC_128_NOPAD.
// CREATE SIGNATURE OBJECT
m_sessionAesCMAC = Signature.getInstance(Signature.ALG_AES_MAC_128_NOPAD , false);
// CREATE KEY USED IN MAC
m_sessionAesKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false);
// INITIALIZE SIGNATURE AES KEY
m_sessionAesKey.setKey(aesKey, (short) 0);
// SET KEY INTO SIGNATURE OBJECT
m_sessionAesCMAC.init(m_sessionAesKey, Signature.MODE_SIGN);
// GENERATE SIGNATURE OF buff ARRAY, STORE INTO cMAC ARRAY
m_sessionAesCMAC.sign(buffer, (short) 0, len, cMAC, (short) 0);
My test condition is as below.
Java Card 2.2.2
Key : 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10
Input data : 00 26 15 12 21 52 52 00 00 00 75 1F AD C5 79 07 AA 07 22 05 80 CA FF 21 00 00 00 00 00 00 00 00
Result
1) : 46 20 F0 A0 4C 30 74 0F 50 A9 BF 04 8C 7F A3 F5
2) : EC B5 1F 1C 6E CE 63 35 40 48 C3 7D 1D 81 4E 6E
by calculate another tool, the result is same as 1).
JCOS VM.
Best Regards
Yasuhiro Mitsui
Re: AES-CMAC calculation
I'm also a beginner,
I saw your code, maybe there is no dofinal() function after the init() function.
you can refer to the tool page: https://javacardos.com/tools
and the Wikipedia page: https://www.javacardos.com/wiki/
it have the online tools and some demo Samples of Algorithm.
I have learned a lot from this website.
I saw your code, maybe there is no dofinal() function after the init() function.
you can refer to the tool page: https://javacardos.com/tools
and the Wikipedia page: https://www.javacardos.com/wiki/
it have the online tools and some demo Samples of Algorithm.
I have learned a lot from this website.
Re: AES-CMAC calculation
Signature.ALG_AES_MAC_128_NOPAD is NOT AES-CMAC.
Signature.ALG_AES_MAC_128_NOPAD is available since JavaCard version 2.2.0. This can be glimpsed from the Oracle JavaCard PP documentation on page 146.
What you are looking for is Signature. ALG_AES_CMAC_128 which is available since JavaCard version 3.0.5. This can be glimpsed from the Oracle JavaCard PP documentation on page 149.
The former is most probably AES CBC-MAC while the later is definitely AES-CMAC. They are two different MAC algorithms and thus you will find different results.
If you are using JavaCard version 3.0.5 and above, you may ask the card supplier if Signature. ALG_AES_CMAC_128 is available on JC 3.0.5 and above cards.
If you are using versions of JavaCard below 3.0.5, it is highly unlikely to find them included unless they are offered as special proprietary packages customized by the card manufacturer or JCOS developer.
The answer for your question would be to develop AES-CMAC algorithm using the AES Cipher in Java codes from scratch or ask your card manufacturer or JCOS developer to see if they can add a AES-CMAC engine inside for you to use. I would prefer you learn to understand cryptographic algorithms and learn to code raw cryptography if they are not used in real life business cases until you are confident enough to code them for business use cases.
References:
Signature.ALG_AES_MAC_128_NOPAD is available since JavaCard version 2.2.0. This can be glimpsed from the Oracle JavaCard PP documentation on page 146.
What you are looking for is Signature. ALG_AES_CMAC_128 which is available since JavaCard version 3.0.5. This can be glimpsed from the Oracle JavaCard PP documentation on page 149.
The former is most probably AES CBC-MAC while the later is definitely AES-CMAC. They are two different MAC algorithms and thus you will find different results.
If you are using JavaCard version 3.0.5 and above, you may ask the card supplier if Signature. ALG_AES_CMAC_128 is available on JC 3.0.5 and above cards.
If you are using versions of JavaCard below 3.0.5, it is highly unlikely to find them included unless they are offered as special proprietary packages customized by the card manufacturer or JCOS developer.
The answer for your question would be to develop AES-CMAC algorithm using the AES Cipher in Java codes from scratch or ask your card manufacturer or JCOS developer to see if they can add a AES-CMAC engine inside for you to use. I would prefer you learn to understand cryptographic algorithms and learn to code raw cryptography if they are not used in real life business cases until you are confident enough to code them for business use cases.
References:
Who is online
Users browsing this forum: No registered users and 2 guests