AES CMAC计算 - 主机密码输出长度不正确的长度

时间:2018-04-20 16:24:29

标签: java cryptography bouncycastle globalplatform

我有以下功能,它应该根据派生数据的长度返回8字节主机密码" L"但我得到16字节的数据。虽然密钥是128位,但我期望BC AESCMAC函数将根据派生数据中的L值返回数据。如果不是这种情况,我是否需要从输出中提取MS 8字节。以下是我的功能 -

private String scp03CalculatehostCryptogram(byte[] derivedSMACSessionKey, String hostChallenge, String cardChallenge) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, UnsupportedEncodingException {


    // Reference : GPC_2.2_D_SCP03_v1.1.1  > 6.2.2.3 Host Authentication Cryptogram - The host cryptogram (8 bytes) is calculated using the data derivation scheme defined in section 4.1.5 with the session key S-MAC and the derivation constant set to “host authentication cryptogram generation”. The length of the cryptogram shall be reflected in the parameter “L” (i.e. '0040').       The “context” parameter shall be set to the concatenation of the host challenge (8 bytes) and the card challenge (8 bytes).

     String labelForSMAC = "000000000000000000000001";
     String separationIndicator = "00"; 
     String lInteger = "0040";
     String counter = "01";
     String context = hostChallenge.concat(cardChallenge);

     String hostCryptogramDerivationData = labelForSMAC.concat(separationIndicator).concat(lInteger).concat(counter).concat(context);

     byte[] hostCryptogramDerivationDataBytes = DatatypeConverter.parseHexBinary(hostCryptogramDerivationData);

    System.out.println(" Host Cryptogram Derivation data : "+DatatypeConverter.printHexBinary(hostCryptogramDerivationDataBytes));

 Mac aescmac = Mac.getInstance("AESCMAC", "BC");
    SecretKey scpENCKeyObject = new SecretKeySpec(derivedSMACSessionKey, "AES");
    aescmac.init(scpENCKeyObject);
    aescmac.update(hostCryptogramDerivationDataBytes);
     byte[] hostCryptogram = aescmac.doFinal();
     System.out.println(" Calculated Host Cryptogram : "+DatatypeConverter.printHexBinary(hostCryptogram));
     return DatatypeConverter.printHexBinary(hostCryptogram);

    }  

输出:

主机密码衍生数据:0000000000000000000000010000400161BD435249EC20B7AA984A2D47AD4302
 计算主机密码:6F405B9FD1438A4633A4289B618A1FB5

示例 - 派生的smac会话密钥:47297387E512687FBEB37D1C1F4B8F4C

我做错了什么?

1 个答案:

答案 0 :(得分:1)

长度L包含在密码的输入中,以使密码的输出尽可能具体。

显然,MAC算法不会对输入做出任何尊重。 MAC只需一个键,输入,然后产生预定义的数据量。 您的功能应该创建密码。该密码需要输出数据L的大小作为参数。因此,如果您没有生成所需数量的输出数据,那么由您决定

是的,一般情况下,如果需要调整PRF的输出(例如你的函数),那么最左边的字节就会被采用。