我有以下函数,它应该根据派生数据"L"的长度返回 8 字节主机密码,但我得到了 16 字节的数据。虽然 key 是 128 位,但我预计 BC AESCMAC 函数将根据派生数据中的 L 值返回数据。如果不是这种情况,我是否需要从输出中提取MS 8字节。以下是我的函数 -
private String scp03CalculatehostCryptogram(byte[] derivedSMACSessionKey, String hostChallenge, String cardChallenge) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, UnsupportedEncodingException {
// Reference : GPC_2.2_D_SCP03_v1.1.1 > 6.2.2.3 Host Authentication Cryptogram - The host cryptogram (8 bytes) is calculated using the data derivation scheme defined in section 4.1.5 with the session key S-MAC and the derivation constant set to “host authentication cryptogram generation”. The length of the cryptogram shall be reflected in the parameter “L” (i.e. '0040'). The “context” parameter shall be set to the concatenation of the host challenge (8 bytes) and the card challenge (8 bytes).
String labelForSMAC = "000000000000000000000001";
String separationIndicator = "00";
String lInteger = "0040";
String counter = "01";
String context = hostChallenge.concat(cardChallenge);
String hostCryptogramDerivationData = labelForSMAC.concat(separationIndicator).concat(lInteger).concat(counter).concat(context);
byte[] hostCryptogramDerivationDataBytes = DatatypeConverter.parseHexBinary(hostCryptogramDerivationData);
System.out.println(" Host Cryptogram Derivation data : "+DatatypeConverter.printHexBinary(hostCryptogramDerivationDataBytes));
Mac aescmac = Mac.getInstance("AESCMAC", "BC");
SecretKey scpENCKeyObject = new SecretKeySpec(derivedSMACSessionKey, "AES");
aescmac.init(scpENCKeyObject);
aescmac.update(hostCryptogramDerivationDataBytes);
byte[] hostCryptogram = aescmac.doFinal();
System.out.println(" Calculated Host Cryptogram : "+DatatypeConverter.printHexBinary(hostCryptogram));
return DatatypeConverter.printHexBinary(hostCryptogram);
}
输出:
主机密码派生数据: 000000000000000000000000000010000400161BD435249EC20B7AA984A2D47AD4302
计算主机密码:6F405B9FD1438A4633A4289B618A1FB5
示例 - 派生的 smac 会话密钥:47297387E512687FBEB37D1C1F4B8F4C
我做错了什么?
长度
L包含在密码图的输入中,以使密码的输出尽可能具体。
显然,MAC算法不会尊重输入。MAC只需获取密钥,输入,然后生成预定义的数据量。你的函数应该创建密码。此密码需要输出数据的大小 L 作为参数。因此,如果您没有生成所需数量的输出数据,那么这取决于您。
是的,一般来说,如果需要调整 PRF 的输出(例如您的函数(的大小,则取最左边的字节。