JavaCard OS

JavaCardOS - JavaCardForum
https://javacardos.com/javacardforum/

Change the cipher length to 8

https://javacardos.com/javacardforum/viewtopic.php?f=12&t=534

Page 1 of 1

Change the cipher length to 8

Posted: Mon Jan 25, 2016 11:53 pm
by gorgekin
I'm trying to encrypt a byte array of size 8. The size of cipher obtained is 16, But I need the cipher length to be 8 for further processing.

Code: Select all

Cipher cipherinstance = Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M2, false);
DESKey deskey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES, false);
deskey.setKey(KEY_8_BYTES, (short)0);
outlength = cipherinstance.doFinal(temp, (short)0, (short)temp.length, res, (short)0);


Size of 'temp' is 8. But 'outlength' is 16. I was expecting this to be 8.
How should I do? Thanks in advance.

Re: Change the cipher length to 8

Posted: Tue Jan 26, 2016 1:51 am
by UNKNwYSHSA
You can use the signature instead.
Here's my test code:

Code: Select all

package testDES;

import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.*;

public class testDES extends Applet
{
   private Signature signatureInstance;
   private Cipher cipherInstance;
   private DESKey desKey;
   private byte[] tempBuf;
   
   public testDES() {
      signatureInstance = Signature.getInstance(Signature.ALG_DES_MAC8_ISO9797_M1, false);
      cipherInstance = Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M1, false);
      desKey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
      tempBuf = JCSystem.makeTransientByteArray((short) 0x100, JCSystem.CLEAR_ON_DESELECT);
   }
   
   public static void install(byte[] bArray, short bOffset, byte bLength) 
   {
      new testDES().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
   }

   public void process(APDU apdu)
   {
      if (selectingApplet())
      {
         return;
      }

      byte[] buf = apdu.getBuffer();
      switch (buf[ISO7816.OFFSET_INS])
      {
      case (byte)0x00:
         desKey.setKey(buf, ISO7816.OFFSET_CDATA);
         break;
      case (byte)0x01:
         signatureInstance.init(desKey, Signature.MODE_SIGN);
         short signatureLength = signatureInstance.sign(buf, ISO7816.OFFSET_CDATA, Util.makeShort((byte) 0, buf[ISO7816.OFFSET_LC]), tempBuf, (short) 0);
         apdu.setOutgoing();
         apdu.setOutgoingLength(signatureLength);
         apdu.sendBytesLong(tempBuf, (short) 0, signatureLength);
         break;
      case (byte)0x02:
         cipherInstance.init(desKey, Cipher.MODE_ENCRYPT);
         short resultLength = cipherInstance.doFinal(buf, ISO7816.OFFSET_CDATA, Util.makeShort((byte) 0, buf[ISO7816.OFFSET_LC]), tempBuf, (short) 0);
         apdu.setOutgoing();
         apdu.setOutgoingLength(resultLength);
         apdu.sendBytesLong(tempBuf, (short) 0, resultLength);
         break;
      default:
         ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
      }
   }

}

And the test script:

Code: Select all

00A40400 06 112233445500;
00000000 10 000102030405060708090A0B0C0D0E0F;
00010000 01 00;
00020000 01 00;
00010000 10 000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F;
00020000 10 000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F;
00010000 20 000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F;
00020000 20 000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F;

test result:
No.1
Send: 00 A4 04 00 06 11 22 33 44 55 00
Expt: 90 00 [IGNORE DATA]
Recv: 90 00 [SW: No Error]
Time used: 12.000 ms

No.2
Send: 00 00 00 00 10 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Expt: 90 00 [IGNORE DATA]
Recv: 90 00 [SW: No Error]
Time used: 16.000 ms

No.3
Send: 00 01 00 00 01 00
Expt: 90 00 [IGNORE DATA]
Recv: DD AD A1 61 E8 D7 96 73 90 00 [SW: No Error]
Time used: 14.000 ms

No.4
Send: 00 02 00 00 01 00
Expt: 90 00 [IGNORE DATA]
Recv: DD AD A1 61 E8 D7 96 73 90 00 [SW: No Error]
Time used: 15.000 ms

No.5
Send: 00 01 00 00 10 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Expt: 90 00 [IGNORE DATA]
Recv: EE B3 0A 81 67 1A 4F 49 90 00 [SW: No Error]
Time used: 13.000 ms

No.6
Send: 00 02 00 00 10 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Expt: 90 00 [IGNORE DATA]
Recv: DF 0B 6C 9C 31 CD 0C E4 EE B3 0A 81 67 1A 4F 49 90 00 [SW: No Error]
Time used: 15.000 ms

No.7
Send: 00 01 00 00 20 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Expt: 90 00 [IGNORE DATA]
Recv: B7 61 A1 9E 6F F9 4C 6B 90 00 [SW: No Error]
Time used: 18.000 ms

No.8
Send: 00 02 00 00 20 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Expt: 90 00 [IGNORE DATA]
Recv: DF 0B 6C 9C 31 CD 0C E4 EE B3 0A 81 67 1A 4F 49 54 DD 42 F3 9B D0 80 22 B7 61 A1 9E 6F F9 4C 6B 90 00 [SW: No Error]
Time used: 20.000 ms

Re: Change the cipher length to 8

Posted: Tue Jan 26, 2016 10:07 pm
by btwtiger
That is because of the padding method of that cipher. That cipher padding mode pads input data according to the ISO 9797 method 2. The data will be padded even if it is already on a block size boundary.
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/