Our Online Store have the new products: RFID antenna board. Currently it can work with JC10M24R and JCOP4 card chips.
Compared with normal cards, the antenna board module has a smaller size and fixed holes, which is easy to integrate in the IOT(Internet Of Things) project.

AES-CMAC calculation

Algorithm School

Moderator: UNKNwYSHSA

ymitsui
Posts: 12
Joined: Wed Jun 17, 2020 9:34 pm
Points :162
Contact:

AES-CMAC calculation

Post by ymitsui » Mon Oct 19, 2020 11:10 pm

Hi, I want to calculate Cryptographic Checksum for SCP-80 / AES in cbc-mode.
but, when I use Signature.ALG_AES_MAC_128_NOPAD, I got different result as I expected. Expected data is calculated by another tool. it is same by calculated by software implementation.

Is Signature.ALG_AES_MAC_128_NOPAD not for that ?
if so, how to calculate CC for SCP-80 by AES cbc-mode ?

1) software implementation I tried is described this topic
https://javacardos.com/javacardforum/vi ... php?t=1114

2) the code for Signature.ALG_AES_MAC_128_NOPAD.

// CREATE SIGNATURE OBJECT
m_sessionAesCMAC = Signature.getInstance(Signature.ALG_AES_MAC_128_NOPAD , false);
// CREATE KEY USED IN MAC
m_sessionAesKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false);
// INITIALIZE SIGNATURE AES KEY
m_sessionAesKey.setKey(aesKey, (short) 0);
// SET KEY INTO SIGNATURE OBJECT
m_sessionAesCMAC.init(m_sessionAesKey, Signature.MODE_SIGN);
// GENERATE SIGNATURE OF buff ARRAY, STORE INTO cMAC ARRAY
m_sessionAesCMAC.sign(buffer, (short) 0, len, cMAC, (short) 0);

My test condition is as below.

Java Card 2.2.2

Key : 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10
Input data : 00 26 15 12 21 52 52 00 00 00 75 1F AD C5 79 07 AA 07 22 05 80 CA FF 21 00 00 00 00 00 00 00 00

Result
1) : 46 20 F0 A0 4C 30 74 0F 50 A9 BF 04 8C 7F A3 F5
2) : EC B5 1F 1C 6E CE 63 35 40 48 C3 7D 1D 81 4E 6E

by calculate another tool, the result is same as 1).

JCOS VM.

Best Regards
Yasuhiro Mitsui

Classicni
Posts: 15
Joined: Tue Sep 06, 2016 3:00 am
Points :188
Contact:

Re: AES-CMAC calculation

Post by Classicni » Thu Jun 17, 2021 12:01 am

I'm also a beginner,
I saw your code, maybe there is no dofinal() function after the init() function.
you can refer to the tool page: https://javacardos.com/tools
and the Wikipedia page: https://www.javacardos.com/wiki/
it have the online tools and some demo Samples of Algorithm.
I have learned a lot from this website.

tay00000
Posts: 160
Joined: Tue Sep 27, 2016 10:58 am
Points :2248
Contact:

Re: AES-CMAC calculation

Post by tay00000 » Sat Oct 09, 2021 5:53 am

Signature.ALG_AES_MAC_128_NOPAD is NOT AES-CMAC.

Signature.ALG_AES_MAC_128_NOPAD is available since JavaCard version 2.2.0. This can be glimpsed from the Oracle JavaCard PP documentation on page 146.

What you are looking for is Signature. ALG_AES_CMAC_128 which is available since JavaCard version 3.0.5. This can be glimpsed from the Oracle JavaCard PP documentation on page 149.

The former is most probably AES CBC-MAC while the later is definitely AES-CMAC. They are two different MAC algorithms and thus you will find different results.

If you are using JavaCard version 3.0.5 and above, you may ask the card supplier if Signature. ALG_AES_CMAC_128 is available on JC 3.0.5 and above cards.

If you are using versions of JavaCard below 3.0.5, it is highly unlikely to find them included unless they are offered as special proprietary packages customized by the card manufacturer or JCOS developer.

The answer for your question would be to develop AES-CMAC algorithm using the AES Cipher in Java codes from scratch or ask your card manufacturer or JCOS developer to see if they can add a AES-CMAC engine inside for you to use. I would prefer you learn to understand cryptographic algorithms and learn to code raw cryptography if they are not used in real life business cases until you are confident enough to code them for business use cases.

References:

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 3 guests

JavaCard OS : Disclaimer