AES encryption

[irvinmags]

Hi everyone. I'm new to javacard development and one of my goals is to learn how to encrypt or at least know how to using AES.

I created a java applet that installs "Hello World" inside a java card and it's already working. Now I would like to encrypt that string for training and learning purposes. Anyone knows a good tutorial or an example applet that I can learn from? Also, from what I've seen from my research, is it possible to hard code a key to encrypt a string for example?

[bigWhite]

You can refer to the following code

Code: Select all

private void doAesCipher(APDU apdu, short len)
 {
        private Cipher aesEcbCipher;
        Key key;
        private byte[] aesKey;
        aesKey = new byte[32];
        key.setKey(aesKey, (short)0); 
        if (len <= 0 || len % 16 != 0)
        {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }

        aesEcbCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, false);
        aesEcbCipher.init(key, Cipher.MODE_ENCRYPT);
        cipher.doFinal(inBuffer, ISO7816.OFFSET_CDATA, len, outBuffer, (short)0);
        ......
}

[irvinmags]

Hello there bigwhite, thanks for replying. I tried to follow your code and somehow I am able to progress on learning.
I'll post my sample code here and is it alright if take a look at it? Here's the method wherein I need to encrypt the data being installed in the card. The byte[] input line is the input that I need to encrypt with AES.

Code: Select all

private void SendData(APDU apdu) 
   {
      Cipher aesCipher;
      AESKey aesKeyTrial;
      aesKeyTrial= (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false);
      byte[] aesKey;
      byte[] outBuffer;
      outBuffer = new byte[16];
      aesKey = new byte[16];
      byte[] input = {(byte)0x11,(byte)0x22,(byte)0x33,(byte)0x44,(byte)0x55,(byte)0x66,(byte)0x77,(byte)0x88,(byte)0x99,0x10,(byte)0xA2, 0x35, (byte)0x5E,0x15,0x16,0x14};
      byte[] key = {0x2d, 0x2a, 0x2d, 0x42, 0x55, 0x49, 0x4c, 0x44, 0x41, 0x43, 0x4f, 0x44, 0x45, 0x2d, 0x2a, 0x2d};
      byte[] buffer = apdu.getBuffer();
      short len = (short) input.length;
      aesKeyTrial.setKey(key,(short)0);
      
      if(len<=0||len%16!=0)
      {
         ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
      }
      aesCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, false);
        aesCipher.init(aesKeyTrial, Cipher.MODE_ENCRYPT);
        aesCipher.doFinal(input, ISO7816.OFFSET_CDATA, len, outBuffer, (short)0);
      
      Util.arrayCopyNonAtomic(outBuffer, (short)0, buffer, (short)0, (short)len);
      apdu.setOutgoing();
      len = (short) outBuffer.length;
      apdu.setOutgoingLength(len);
      apdu.sendBytes((short) 0, (short)len);
   }

Installing the applet is fine but when I check if I was able to encrypt the message, it returns 6F00

[bigWhite]

In the function

Code: Select all

public short doFinal(byte[] inBuff, short inOffset,
         short inLength, byte[] outBuff, short outOffset)
         throws CryptoException;

The third param 'inLength' is not the length of key , it's the length of you want to encrypted string.

[irvinmags]

Yeah, it's in my code that short len = (short) input.length.
doFinal(input, ISO7816.OFFSET_CDATA, len, outBuffer, (short)0);

Since I want the byte[] input to be encrypted.

[bigWhite]

Yeah, it's in my code that short len = (short) input.length.
doFinal(input, ISO7816.OFFSET_CDATA, len, outBuffer, (short)0);

Since I want the byte[] input to be encrypted.

You can carefully look at the introduction of doFinal function, These parameters : "byte [] inBuff", "short inOffset" and "short inLength" do not match.

If you want the byte[] input to be encrypted. This function should be like this:

Code: Select all

aesCipher.doFinal(input, (short)0, len, buffer, (short)0);

[bigWhite]

You can write your code as follows:

Code: Select all

private void SendData(APDU apdu) 
   {
      byte[] buffer = apdu.getBuffer();
      Cipher aesCipher;
      AESKey aesKeyTrial;
      aesKeyTrial= (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES_TRANSIENT_DESELECT, KeyBuilder.LENGTH_AES_128, false);
      byte[] aesKey;
      byte[] outBuffer;
      outBuffer = new byte[256];
      aesKey = new byte[16];
      byte[] input = {(byte)0x11,(byte)0x22,(byte)0x33,(byte)0x44,(byte)0x55,(byte)0x66,(byte)0x77,(byte)0x88,(byte)0x99,0x10,(byte)0xA2, 0x35, (byte)0x5E,0x15,0x16,0x14};
      byte[] key = {0x2d, 0x2a, 0x2d, 0x42, 0x55, 0x49, 0x4c, 0x44, 0x41, 0x43, 0x4f, 0x44, 0x45, 0x2d, 0x2a, 0x2d};
      
      short len = (short) input.length;
      if (len <= 0 || len % 16 != 0)
        {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }
        
      aesKeyTrial.setKey(key,(short)0);
      aesCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, false);
      aesCipher.init(aesKeyTrial, Cipher.MODE_ENCRYPT); 
      aesCipher.doFinal(input, (short)0, len, buffer, (short)0);
      apdu.setOutgoingAndSend((short)0, len);

   }

[irvinmags]

Thank you very much bigWhite for answering my questions and helping me out. You pointed out my mistake and actually helped me learn why my code is not working. Cheers for you! Thank you very much!

[irvinmags]

Hello, this time around is there a proper way of doing an AES CMAC encryption? After researching I've hit a roadblock wherein I cannot find any example or samples of Java card that has AES CMAC encryption. Is there any way or at least is it possible to do an AES CMAC encryption on a java card?

[UNKNwYSHSA]

There's 2 methods for you to calculate CMAC:
1 You can implement it yourself with the Cipher AES algorithm;
2 The javacard API class javacard.security.Signature can calculate MAC, you can use it with algorithm ALG_AES_MAC_128_NOPAD;

Note:
You need to know, that CMAC means MAC of command, the input data is command data bytes.

By the way, which applet you implementing needs this calculation?