在JavaCard中获取CryptoException的原因

时间:2015-04-06 12:26:37

标签: smartcard javacard ecdsa

我正在尝试在JavaCard中实现ECDSA(Eclipse 4.4.2,JC 2.2.1)。我的卡是金雅拓IDCore 3010,或者至少它应该是(在检查ATR代码之后看起来像是WM GX4 72 DHS TSA ......)。

无论如何,如果我没有用try和catch包围 objECDSAKeyPair = new KeyPair(KeyPair.ALG_EC_FP,KeyBuilder.LENGTH_EC_FP_192)行,我会收到一个未知错误( send_APDU( )返回0x80206F00(未知的ISO7816错误:0x6F00)),但是当我将它包围时,它不会返回错误( send_APDU()返回0x80209000(9000:成功。没有错误。)) 。但是它必须转到catch块,因为try块中的其他三行不会被执行。

如何可视化错误消息?如果我使用 ISOException.throwIt(reason),我会在智能卡上遇到通信错误。请再试一次。多次。

this线程中,它建议字节reason = c.getReason()代码,但它不会工作,即使我将右侧转换为字节也不行。

谢谢!

这是我的代码的相关部分。

public class ECDSATestApplet extends Applet {

    private final static byte CLS = (byte) 0xE0;
    private final static byte NOOP = (byte) 0x00;
    private final static byte GEN = (byte) 0x01;

    ...

    private final static byte[] HELLO_WORLD = new byte[] { 'H', 'e', 'l', 'l', 'o', ' ', 'W', 'o', 'r', 'l', 'd', '!' };

    private ECPrivateKey objECDSAPriKey = null;
    private ECPublicKey objECDSAPubKey = null;
    private KeyPair objECDSAKeyPair = null;
    private Signature objECDSASign = null;

    final static short BAS = 0;

    private ECDSATestApplet() {
    }

    public static void install(byte[] bArray, short bOffset, byte bLength) {
        new ECDSATestApplet().register();
    }

    public void process(APDU apdu) {
        if (this.selectingApplet())
            return;

        byte buffer[] = apdu.getBuffer();

        if (buffer[ISO7816.OFFSET_CLA] != CLS)
            ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);

        switch (buffer[ISO7816.OFFSET_INS]) {
        case NOOP:
            break;

        case GEN:
            try {
                // ------- ERROR LINE -------
                objECDSAKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_192);
//              objECDSASign = Signature.getInstance(Signature.ALG_ECDSA_SHA, false);
//              objECDSAKeyPair.genKeyPair();
//              objECDSAPriKey = (ECPrivateKey) objECDSAKeyPair.getPrivate();
//              objECDSAPubKey = (ECPublicKey) objECDSAKeyPair.getPublic();
                apdu.setIncomingAndReceive();
                Util.arrayCopyNonAtomic(HELLO_WORLD, (short) 0, buffer, (short) 0, (short) HELLO_WORLD.length);
                apdu.setOutgoingAndSend((short) 0, (short) HELLO_WORLD.length);
            } catch (CryptoException c) {
                short reason = c.getReason();
//              ISOException.throwIt(reason);
            }

            break;
        }
        return;
    }
}

1 个答案:

答案 0 :(得分:3)

你的麻烦有两个可能的原因:

  1. 您的状态字不符合ISO7816推荐的状态字。尝试

    ISOException.throwIt((short) ((short) (0x9C00) | reason));

    而不是

    ISOException.throwIt(reason);

  2. 在生成新密钥对之前,您忘记设置椭圆曲线的参数。您应该以这种方式生成EC密钥对:

    KeyPair keyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_192);
ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
initDomainParams(pubKey);
initDomainParams(privKey);
keyPair.genKeyPair();

    ,其中

    private void initDomainParams(ECKey key) {
    key.setFieldFP(F, (short)0, (short)F.length);
    key.setA(A, (short)0, (short)A.length);
    key.setB(B, (short)0, (short)B.length);
    key.setG(G, (short)0, (short)G.length);
    key.setR(R, (short)0, (short)R.length);
}

    包含您为签名选择的椭圆曲线的FABGR个参数。请在此处查看推荐曲线列表:http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf

相关问题
最新问题