In order to thank you for all members' support of our website, we are holding new events - Getting Free Samples by Paying Freight only.
Want to get free samples? Please check this post for more details.

The pain of using A22CR's RSA function

Card Products

Moderator: horse dream

tay00000
Posts: 112
Joined: Tue Sep 27, 2016 10:58 am
Points :1498
Contact:

The pain of using A22CR's RSA function

Post by tay00000 » Tue Nov 01, 2016 5:02 am

We know that Feitian's A22CR only recently added ALG_RSA_SHA256_PKCS1 function but if you want to be compatible with all card varieties or with older A22CR that do not come with ALG_RSA_SHA256_PKCS1, you have to code your own function.

So I have decided to hand code my own ALG_RSA_SHA256_PKCS1 function below:

Code: Select all


public final static byte[] SIGN_SHA256_ASN_TAG = new byte[]{
        (byte) 0x30, (byte) 0x31, (byte) 0x30, (byte) 0x0D, (byte) 0x06,
        (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01,
        (byte) 0x65, (byte) 0x03, (byte) 0x04, (byte) 0x02, (byte) 0x01,
        (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x20};

public boolean rsaSha256PKCS1Signature(Key rsaKey, byte[] data, short offset,
            short length, byte[] data1, short offset1, short length1,
            byte[] verifier, short vOffset, short vLength,
            byte[] workBuff, short workBuffOffset, byte[] output,
            short outputOffset, byte mode) {
    // Calculate SHA256 of data with result offset to allow SHA256 ASN Tag to be added in front later
    sha256.reset();
    if (data != null && data1 != null) {
        sha256.update(data1, offset1, length1);
        sha256.doFinal(data, offset, length, workBuff, (short) (workBuffOffset + SIGN_SHA256_ASN_TAG.length));
    } else {
        sha256.doFinal(data, offset, length, workBuff, (short) (workBuffOffset + SIGN_SHA256_ASN_TAG.length));
    }

    // Get SHA256 ASN Tag and append to front of SHA256 result
    Util.arrayCopyNonAtomic(SIGN_SHA256_ASN_TAG, (short) 0, workBuff, workBuffOffset, (short) SIGN_SHA256_ASN_TAG.length);

    if (mode == Signature.MODE_SIGN) {
        // Set RSA Cipher to Encrypt mode.
        rsaCipher.init(rsaKey, Cipher.MODE_ENCRYPT);

        // RSA Private Key encrypt ASN.1 tag + SHA256 result
        rsaCipher.doFinal(workBuff, workBuffOffset, (short) 51, output, (short) outputOffset);

        return true;
    } else if (mode == Signature.MODE_VERIFY) {
        // Set RSA Cipher to Decrypt Mode.
        rsaCipher.init(rsaKey, Cipher.MODE_DECRYPT);

        // RSA Public Key decrypt received ASN.1 tag + SHA256 result and put it behind the above calculated ASN.1 tag + SHA256 result
        rsaCipher.doFinal(verifier, vOffset, vLength, workBuff, (short) (workBuffOffset + 51));

        // Compare 51 bytes (19 bytes ASN Tag, 32 bytes SHA256 hash) from generated result and decrypted result
        if (Util.arrayCompare(workBuff, workBuffOffset, workBuff, (short) (workBuffOffset + 51), (short) 51) == 0) {
            return true;
        }
    }

    return false;
}


When executed on Feitian's C21C and NXP JCOP 2.4.2 R3 J3E081_M64 smart card chips, they both work when using a Java desktop JCE to read the signature and verify.

Anyone can replicate the above problem on their A22CR cards ?

mose05
Posts: 18
Joined: Mon Jan 25, 2016 3:11 am
Points :166
Contact:

Re: The pain of using A22CR's RSA function

Post by mose05 » Wed Nov 02, 2016 5:22 am

I did a test with my java card. The result of using private key to sign is the same with the signature result of using your own ALG_RSA_SHA256_PKCS1 function code. :D

tay00000
Posts: 112
Joined: Tue Sep 27, 2016 10:58 am
Points :1498
Contact:

Re: The pain of using A22CR's RSA function

Post by tay00000 » Wed Nov 02, 2016 5:36 am

I am not sure what you meant. Do you mean that my ALG_RSA_SHA_256 works on your A22CR without giving problems ?

Did you export the public key from the card to the desktop JCE for verification ?

What is your version of A22CR ?

Here is my card info:

Code: Select all

+--------------------------------------+--------------------------------------+
|                 Name                 |                Value                 |
+======================================+======================================+
| COS version                          | 1. 35                                |
+--------------------------------------+--------------------------------------+
| Chip vendor                          | Infineon                             |
+--------------------------------------+--------------------------------------+
| Chip                                 | SLE78CLFX4000P(M)                    |
+--------------------------------------+--------------------------------------+
| Developer                            | R&D 8, FeiTian                       |
+--------------------------------------+--------------------------------------+
| SVN version                          | 583 (clean)                          |
+--------------------------------------+--------------------------------------+
| Build time                           | 2016-06-02 16:44:09                  |
+--------------------------------------+--------------------------------------+
| Intl-Algo vendor                     | FeiTian                              |
+--------------------------------------+--------------------------------------+
| Intl-Algo version                    | 01 02                                |
+--------------------------------------+--------------------------------------+
| Free COD size                        | 1.84K   (1883 bytes)                 |
+--------------------------------------+--------------------------------------+
| Free COR size                        | 1.84K   (1883 bytes)                 |
+--------------------------------------+--------------------------------------+
| Free NVM size                        | 134.62K   (137852 bytes)             |
+--------------------------------------+--------------------------------------+
| Cold-Reset ATR Head                  | 3B F0 18 00 00 81 31 80 45           |
+--------------------------------------+--------------------------------------+
| Cold-Reset Historical bytes          | 90 67 46 4A 01 00 35 04 00 00 00 00  |
+--------------------------------------+--------------------------------------+
| Warm-Reset ATR Head                  | 3B F0 18 00 00 81 31 80 45           |
+--------------------------------------+--------------------------------------+
| Warm-Reset Historical bytes          | 90 67 46 4A 01 00 35 04 00 00 00 00  |
+--------------------------------------+--------------------------------------+
| T0 WT FCT                            | D0                                   |
+--------------------------------------+--------------------------------------+
| T1 BWT FCT                           | D0                                   |
+--------------------------------------+--------------------------------------+
| TCL type                             | 1                                    |
+--------------------------------------+--------------------------------------+
| TCL BWT FCT                          | D0                                   |
+--------------------------------------+--------------------------------------+
| ATS Head                             | 78 80 70 02                          |
+--------------------------------------+--------------------------------------+
| ATS Historical bytes                 | 90 67 46 4A 01 00 35 04 00 00 00 00  |
+--------------------------------------+--------------------------------------+
| ATQA                                 | 02 00                                |
+--------------------------------------+--------------------------------------+
| UID                                  | 00 00 00 00 00 00 49 73 36 9A        |
+--------------------------------------+--------------------------------------+
| Mifare UID                           | 00 00 00 00 00 00 49 73 36 9A        |
+--------------------------------------+--------------------------------------+
| SAK                                  | 28                                   |
+--------------------------------------+--------------------------------------+
| ATQB                                 | 50 CF C5 9B 88 00 00 00 00 80 81 91  |
+--------------------------------------+--------------------------------------+
| PUPI TYPE                            | 1                                    |
+--------------------------------------+--------------------------------------+
| MBLI                                 | 0                                    |
+--------------------------------------+--------------------------------------+
| AFI                                  | 0                                    |
+--------------------------------------+--------------------------------------+
| MIFARE                               | 1                                    |
+--------------------------------------+--------------------------------------+

mose05
Posts: 18
Joined: Mon Jan 25, 2016 3:11 am
Points :166
Contact:

Re: The pain of using A22CR's RSA function

Post by mose05 » Wed Nov 02, 2016 6:07 am

My card is a white card so I don't know the card model. But I know that my card supports this signature algorithm ALG_RSA_SHA_512_PKCS1.

ThePhoenyx
Posts: 41
Joined: Mon Jul 20, 2015 1:08 pm
Points :376
Contact:

Re: The pain of using A22CR's RSA function

Post by ThePhoenyx » Thu Nov 17, 2016 7:11 pm

Tay00000, is there a program to get a listing like you showed?

Thanks for any help.
The world is full of stories;
And sometimes they permit themselves to be told.
~Cherokee Proverb

tay00000
Posts: 112
Joined: Tue Sep 27, 2016 10:58 am
Points :1498
Contact:

Re: The pain of using A22CR's RSA function

Post by tay00000 » Thu Nov 17, 2016 8:14 pm

The program that I am using belongs to Feitian's internal tools. They have given me a copy for testing my card. I have to ask them if there is any restriction on sharing their tools.

ThePhoenyx
Posts: 41
Joined: Mon Jul 20, 2015 1:08 pm
Points :376
Contact:

Re: The pain of using A22CR's RSA function

Post by ThePhoenyx » Thu Nov 17, 2016 10:15 pm

Ah, Ok, thanks for the information. If they allow that's good, if not that's ok. Have a good day!
The world is full of stories;
And sometimes they permit themselves to be told.
~Cherokee Proverb

User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3023
Contact:

Re: The pain of using A22CR's RSA function

Post by UNKNwYSHSA » Thu Nov 17, 2016 10:58 pm

I need one too, give me if it can be shared. Thanks.
sense and simplicity

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 2 guests

JavaCard OS : Disclaimer