JavaCard OS

Posted: **Fri Jun 12, 2015 8:00 am**

I am trying to sign a message which contains in inBuffer byte array using my own derived key S (also byte array). I am using javacard2.2.2 library for developing javacard applet. I am using android application for sending process request. I am reciving return code '6A81' which means 'function not supported'. Now, I have no clue that how to proceed as I failed to understand that it is mentioning about HMAC_SHA256 not supported or I am making some mistake in the function. Please help.
The code is as follows:

Code: Select all

Signature m_sessionMAC = null;
    HMACKey keyType = null;
    Sign = new byte[64];

    bytesRead = apdu.setIncomingAndReceive();

    // Create HMAC Key Used in Mac
    m_sessionMAC = Signature.getInstance(Signature.ALG_HMAC_SHA_256, false);

    // Create HMAC Key Used in Mac
    keyType = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, KeyBuilder.LENGTH_HMAC_SHA_256_BLOCK_64, false); 
    keyType.setKey(S,(short) 0, (short) S.length);
    m_sessionMAC.init(keyType, Signature.MODE_SIGN);

    //Generate Signature on inBuffer (received data to sign)
    echoOffset = m_sessionMAC.sign(inBuffer, ISO7816.OFFSET_CDATA, ISO7816.OFFSET_LC, Sign , (short)0); 
    Util.arrayCopyNonAtomic(Sign, ( short ) 0, inBuffer, ( short ) 0, echoOffset); 
    apdu.setOutgoingAndSend( ( short ) 0, (short) echoOffset );

Please help me in this regards or also provide any pointers for implementing HMAC_SHA256 or HMAC_SHA1 symmetric crypto. in javacard applet.

Thanks.

Posted: **Mon Jun 22, 2015 11:36 pm**

Your card should support Signature.ALG_HMAC_SHA_256 first. In most cases, a javacard wouldn't support all the cryptographic algorithms. If your card support this algorithms,you can implement HMAC by the following way.

Code: Select all

K = HMAC key of length 32
ipad = the byte 0x36 repeated 32 times
opad = the byte 0x5C repeated 32 times.
To compute HMAC over the data `text' we perform
H(K XOR opad, H(K XOR ipad, text))

Posted: **Tue Jun 23, 2015 1:10 am**

@Larson,thanks! It is very helpful to me.

Posted: **Tue Jun 23, 2015 1:21 am**

Larson wrote:Your card should support Signature.ALG_HMAC_SHA_256 first. In most cases, a javacard wouldn't support all the cryptographic algorithms. If your card support this algorithms,you can implement HMAC by the following way.
Code: Select all
K = HMAC key of length 32
ipad = the byte 0x36 repeated 32 times
opad = the byte 0x5C repeated 32 times.
To compute HMAC over the data `text' we perform
H(K XOR opad, H(K XOR ipad, text))

Before calling getInstance() method, it would be better to check CryptoException first .

Code: Select all

try {
    Signature.getInstance(Signature.ALG_HMAC_SHA_256, false);
} catch (CryptoException e) {
    if (e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {
        // Do something to treat algorithm absebce
    }
}

Posted: **Tue Jun 23, 2015 1:37 am**

Before calling getInstance() method, it would be better to check CryptoException first .

Code: Select all

try {
    Signature.getInstance(Signature.ALG_HMAC_SHA_256, false);
} catch (CryptoException e) {
    if (e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {
        // Do something to treat algorithm absebce
    }
}

Thank you for your additional answer.

JavaCard OS

Generate HMAC_SHA256 Signature in JavaCard Applet

Generate HMAC_SHA256 Signature in JavaCard Applet

Re: Generate HMAC_SHA256 Signature in JavaCard Applet

Re: Generate HMAC_SHA256 Signature in JavaCard Applet

Re: Generate HMAC_SHA256 Signature in JavaCard Applet

Re: Generate HMAC_SHA256 Signature in JavaCard Applet