Christmas is coming soon! To thank for the support from all our dear customers, Christmas promotional activity is going on in JavaCardOS online store. For more activities details, please check this post.

The pain of using A22CR's RSA function

Card Products

Moderator: horse dream

tay00000
Posts: 123
Joined: Tue Sep 27, 2016 10:58 am
Points :1600
Contact:

The pain of using A22CR's RSA function

Post by tay00000 » Tue Nov 01, 2016 5:02 am

We know that Feitian's A22CR only recently added ALG_RSA_SHA256_PKCS1 function but if you want to be compatible with all card varieties or with older A22CR that do not come with ALG_RSA_SHA256_PKCS1, you have to code your own function.

So I have decided to hand code my own ALG_RSA_SHA256_PKCS1 function below:

Code: Select all


public final static byte[] SIGN_SHA256_ASN_TAG = new byte[]{
        (byte) 0x30, (byte) 0x31, (byte) 0x30, (byte) 0x0D, (byte) 0x06,
        (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01,
        (byte) 0x65, (byte) 0x03, (byte) 0x04, (byte) 0x02, (byte) 0x01,
        (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x20};

public boolean rsaSha256PKCS1Signature(Key rsaKey, byte[] data, short offset,
            short length, byte[] data1, short offset1, short length1,
            byte[] verifier, short vOffset, short vLength,
            byte[] workBuff, short workBuffOffset, byte[] output,
            short outputOffset, byte mode) {
    // Calculate SHA256 of data with result offset to allow SHA256 ASN Tag to be added in front later
    sha256.reset();
    if (data != null && data1 != null) {
        sha256.update(data1, offset1, length1);
        sha256.doFinal(data, offset, length, workBuff, (short) (workBuffOffset + SIGN_SHA256_ASN_TAG.length));
    } else {
        sha256.doFinal(data, offset, length, workBuff, (short) (workBuffOffset + SIGN_SHA256_ASN_TAG.length));
    }

    // Get SHA256 ASN Tag and append to front of SHA256 result
    Util.arrayCopyNonAtomic(SIGN_SHA256_ASN_TAG, (short) 0, workBuff, workBuffOffset, (short) SIGN_SHA256_ASN_TAG.length);

    if (mode == Signature.MODE_SIGN) {
        // Set RSA Cipher to Encrypt mode.
        rsaCipher.init(rsaKey, Cipher.MODE_ENCRYPT);

        // RSA Private Key encrypt ASN.1 tag + SHA256 result
        rsaCipher.doFinal(workBuff, workBuffOffset, (short) 51, output, (short) outputOffset);

        return true;
    } else if (mode == Signature.MODE_VERIFY) {
        // Set RSA Cipher to Decrypt Mode.
        rsaCipher.init(rsaKey, Cipher.MODE_DECRYPT);

        // RSA Public Key decrypt received ASN.1 tag + SHA256 result and put it behind the above calculated ASN.1 tag + SHA256 result
        rsaCipher.doFinal(verifier, vOffset, vLength, workBuff, (short) (workBuffOffset + 51));

        // Compare 51 bytes (19 bytes ASN Tag, 32 bytes SHA256 hash) from generated result and decrypted result
        if (Util.arrayCompare(workBuff, workBuffOffset, workBuff, (short) (workBuffOffset + 51), (short) 51) == 0) {
            return true;
        }
    }

    return false;
}


When executed on Feitian's C21C and NXP JCOP 2.4.2 R3 J3E081_M64 smart card chips, they both work when using a Java desktop JCE to read the signature and verify.

Anyone can replicate the above problem on their A22CR cards ?

mose05
Posts: 18
Joined: Mon Jan 25, 2016 3:11 am
Points :170
Contact:

Re: The pain of using A22CR's RSA function

Post by mose05 » Wed Nov 02, 2016 5:22 am

I did a test with my java card. The result of using private key to sign is the same with the signature result of using your own ALG_RSA_SHA256_PKCS1 function code. :D

tay00000
Posts: 123
Joined: Tue Sep 27, 2016 10:58 am
Points :1600
Contact:

Re: The pain of using A22CR's RSA function

Post by tay00000 » Wed Nov 02, 2016 5:36 am

I am not sure what you meant. Do you mean that my ALG_RSA_SHA_256 works on your A22CR without giving problems ?

Did you export the public key from the card to the desktop JCE for verification ?

What is your version of A22CR ?

Here is my card info:

Code: Select all

+--------------------------------------+--------------------------------------+
|                 Name                 |                Value                 |
+======================================+======================================+
| COS version                          | 1. 35                                |
+--------------------------------------+--------------------------------------+
| Chip vendor                          | Infineon                             |
+--------------------------------------+--------------------------------------+
| Chip                                 | SLE78CLFX4000P(M)                    |
+--------------------------------------+--------------------------------------+
| Developer                            | R&D 8, FeiTian                       |
+--------------------------------------+--------------------------------------+
| SVN version                          | 583 (clean)                          |
+--------------------------------------+--------------------------------------+
| Build time                           | 2016-06-02 16:44:09                  |
+--------------------------------------+--------------------------------------+
| Intl-Algo vendor                     | FeiTian                              |
+--------------------------------------+--------------------------------------+
| Intl-Algo version                    | 01 02                                |
+--------------------------------------+--------------------------------------+
| Free COD size                        | 1.84K   (1883 bytes)                 |
+--------------------------------------+--------------------------------------+
| Free COR size                        | 1.84K   (1883 bytes)                 |
+--------------------------------------+--------------------------------------+
| Free NVM size                        | 134.62K   (137852 bytes)             |
+--------------------------------------+--------------------------------------+
| Cold-Reset ATR Head                  | 3B F0 18 00 00 81 31 80 45           |
+--------------------------------------+--------------------------------------+
| Cold-Reset Historical bytes          | 90 67 46 4A 01 00 35 04 00 00 00 00  |
+--------------------------------------+--------------------------------------+
| Warm-Reset ATR Head                  | 3B F0 18 00 00 81 31 80 45           |
+--------------------------------------+--------------------------------------+
| Warm-Reset Historical bytes          | 90 67 46 4A 01 00 35 04 00 00 00 00  |
+--------------------------------------+--------------------------------------+
| T0 WT FCT                            | D0                                   |
+--------------------------------------+--------------------------------------+
| T1 BWT FCT                           | D0                                   |
+--------------------------------------+--------------------------------------+
| TCL type                             | 1                                    |
+--------------------------------------+--------------------------------------+
| TCL BWT FCT                          | D0                                   |
+--------------------------------------+--------------------------------------+
| ATS Head                             | 78 80 70 02                          |
+--------------------------------------+--------------------------------------+
| ATS Historical bytes                 | 90 67 46 4A 01 00 35 04 00 00 00 00  |
+--------------------------------------+--------------------------------------+
| ATQA                                 | 02 00                                |
+--------------------------------------+--------------------------------------+
| UID                                  | 00 00 00 00 00 00 49 73 36 9A        |
+--------------------------------------+--------------------------------------+
| Mifare UID                           | 00 00 00 00 00 00 49 73 36 9A        |
+--------------------------------------+--------------------------------------+
| SAK                                  | 28                                   |
+--------------------------------------+--------------------------------------+
| ATQB                                 | 50 CF C5 9B 88 00 00 00 00 80 81 91  |
+--------------------------------------+--------------------------------------+
| PUPI TYPE                            | 1                                    |
+--------------------------------------+--------------------------------------+
| MBLI                                 | 0                                    |
+--------------------------------------+--------------------------------------+
| AFI                                  | 0                                    |
+--------------------------------------+--------------------------------------+
| MIFARE                               | 1                                    |
+--------------------------------------+--------------------------------------+

mose05
Posts: 18
Joined: Mon Jan 25, 2016 3:11 am
Points :170
Contact:

Re: The pain of using A22CR's RSA function

Post by mose05 » Wed Nov 02, 2016 6:07 am

My card is a white card so I don't know the card model. But I know that my card supports this signature algorithm ALG_RSA_SHA_512_PKCS1.

ThePhoenyx
Posts: 44
Joined: Mon Jul 20, 2015 1:08 pm
Points :400
Contact:

Re: The pain of using A22CR's RSA function

Post by ThePhoenyx » Thu Nov 17, 2016 7:11 pm

Tay00000, is there a program to get a listing like you showed?

Thanks for any help.
The world is full of stories;
And sometimes they permit themselves to be told.
~Cherokee Proverb

tay00000
Posts: 123
Joined: Tue Sep 27, 2016 10:58 am
Points :1600
Contact:

Re: The pain of using A22CR's RSA function

Post by tay00000 » Thu Nov 17, 2016 8:14 pm

The program that I am using belongs to Feitian's internal tools. They have given me a copy for testing my card. I have to ask them if there is any restriction on sharing their tools.

ThePhoenyx
Posts: 44
Joined: Mon Jul 20, 2015 1:08 pm
Points :400
Contact:

Re: The pain of using A22CR's RSA function

Post by ThePhoenyx » Thu Nov 17, 2016 10:15 pm

Ah, Ok, thanks for the information. If they allow that's good, if not that's ok. Have a good day!
The world is full of stories;
And sometimes they permit themselves to be told.
~Cherokee Proverb

User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3027
Contact:

Re: The pain of using A22CR's RSA function

Post by UNKNwYSHSA » Thu Nov 17, 2016 10:58 pm

I need one too, give me if it can be shared. Thanks.
sense and simplicity

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 1 guest

JavaCard OS : Disclaimer