Class JCESecurityModule
- All Implemented Interfaces:
Configurable, SMAdapter<SecureDESKey>, LogSource
JCESecurityModule is an implementation of a security module in software.
It doesn't require any hardware device to work.
JCESecurityModule also implements the SMAdapter, so you can view it: either
as a self contained security module adapter that doesn't need a security module
or a security module that plugs directly to jpos, so doesn't need
a separate adapter.
It relies on Java(tm) Cryptography Extension (JCE), hence its name.
JCESecurityModule relies on the JCEHandler class to do the low level JCE work.
WARNING: This version of JCESecurityModule is meant for testing purposes and NOT for life operation, since the Local Master Keys are stored in CLEAR on the system's disk. Comming versions of JCESecurity Module will rely on java.security.KeyStore for a better protection of the Local Master Keys.
-
Field Summary
FieldsFields inherited from class BaseSMAdapter
cfg, logger, realmFields inherited from interface SMAdapter
FORMAT00, FORMAT01, FORMAT02, FORMAT03, FORMAT04, FORMAT05, FORMAT34, FORMAT35, FORMAT41, FORMAT42, LENGTH_DES, LENGTH_DES3_2KEY, LENGTH_DES3_3KEY, TYPE_BDK, TYPE_CVK, TYPE_DEK, TYPE_HMAC, TYPE_MK_AC, TYPE_MK_CVC3, TYPE_MK_DAC, TYPE_MK_DN, TYPE_MK_SMC, TYPE_MK_SMI, TYPE_PVK, TYPE_RSA_PK, TYPE_RSA_SK, TYPE_TAK, TYPE_TMK, TYPE_TPK, TYPE_ZAK, TYPE_ZEK, TYPE_ZMK, TYPE_ZPK -
Constructor Summary
ConstructorsConstructorDescriptionCreates an uninitialized JCE Security Module, you need to setConfiguration to initialize itJCESecurityModule(String lmkFile) JCESecurityModule(String lmkFile, String jceProviderClassName) JCESecurityModule(Configuration cfg, Logger logger, String realm) -
Method Summary
Modifier and TypeMethodDescriptionprotected byte[]calculateARPC(Key skarpc, byte[] arqc, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) Calculate ARPC.protected byte[]calculateARQC(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imkac, String accountNo, String accntSeqNo, byte[] atc, byte[] upn, byte[] transData) Calculate ARQC.protected StringcalculateCAVVImpl(String accountNo, SecureDESKey cvk, String upn, String authrc, String sfarc) Your SMAdapter should override this method if it has this functionalityprotected StringcalculateCVC3(SecureDESKey imkcvc3, String accountNo, String acctSeqNo, byte[] atc, byte[] upn, byte[] data, MKDMethod mkdm) protected StringcalculateCVD(String accountNo, Key cvk, String expDate, String serviceCode) protected StringcalculateCVDImpl(String accountNo, SecureDESKey cvkA, SecureDESKey cvkB, String expDate, String serviceCode) Your SMAdapter should override this method if it has this functionalityprotected StringcalculateCVV(String accountNo, Key cvk, Date expDate, String serviceCode) protected StringcalculateCVVImpl(String accountNo, SecureDESKey cvkA, SecureDESKey cvkB, Date expDate, String serviceCode) Your SMAdapter should override this method if it has this functionalityprotected StringcalculatedCVV(String accountNo, SecureDESKey imkac, String expDate, String serviceCode, byte[] atc, MKDMethod mkdm) protected byte[]calculateDerivedKey(KeySerialNumber ksn, SecureDESKey bdk, boolean tdes, boolean dataEncryption) protected byte[]Calculates a key check value over a clear keyprotected StringcalculatePIN(byte[] pinBlock, byte pinBlockFormat, String accountNumber) Calculates the clear pin (as entered by card holder on the pin entry device) givin the clear PIN blockprotected byte[]calculatePINBlock(String pin, byte pinBlockFormat, String accountNumber) Calculates the clear PIN Blockprotected StringcalculatePVV(EncryptedPIN pinUnderLmk, Key key, int keyIdx, List<String> excludes) protected StringcalculatePVVImpl(EncryptedPIN pinUnderLmk, SecureDESKey pvkA, SecureDESKey pvkB, int pvkIdx, List<String> excludes) Your SMAdapter should override this method if it has this functionalityprotected StringcalculatePVVImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1, SecureDESKey pvkA, SecureDESKey pvkB, int pvkIdx, List<String> excludes) Your SMAdapter should override this method if it has this functionalityprotected voidcheckCAVVArgs(String upn, String authrc, String sfarc) protected KeyconcatKeys(SecureDESKey keyA, SecureDESKey keyB) byte[]dataDecrypt(SecureDESKey bdk, byte[] cypherText) Decrypt Databyte[]dataEncrypt(SecureDESKey bdk, byte[] clearText) Encrypt Databyte[]decryptDataImpl(CipherMode cipherMode, SecureDESKey kd, byte[] data, byte[] iv) Your SMAdapter should override this method if it has this functionalityprotected KeydecryptFromLMK(SecureDESKey secureDESKey) Decrypts a secure DES key from encryption under LMKdecryptPINImpl(EncryptedPIN pinUnderLmk) Your SMAdapter should override this method if it has this functionalityprotected KeyderiveICCMasterKey(Key imk, byte[] panpsn) Derive ICC Master Key from Issuer Master Key and preformated PAN/PANSeqNo Compute two 8-byte numbers: left part is a result of Tripple-DES encriptionpanpsnwithimkas the key right part is a result of Tripple-DES binary invertedpanpsnwithimkas the key concatenate left and right parts
Described in EMV v4.2 Book 2, Annex A1.4.1 Master Key Derivation point 2byte[]encryptDataImpl(CipherMode cipherMode, SecureDESKey kd, byte[] data, byte[] iv) Your SMAdapter should override this method if it has this functionalityencryptPINImpl(String pin, String accountNumber) Your SMAdapter should override this method if it has this functionalityprotected EncryptedPINencryptPINImpl(String pin, String accountNumber, SecureDESKey pek) Your SMAdapter should override this method if it has this functionality.protected SecureDESKeyencryptToLMK(short keyLength, String keyType, Key clearDESKey) Encrypts a clear DES Key under LMK to form a SecureKeybyte[]exportKeyImpl(SecureDESKey key, SecureDESKey kek) Your SMAdapter should override this method if it has this functionalityexportPIN(EncryptedPIN pinUnderLmk, KeySerialNumber ksn, SecureDESKey bdk, boolean tdes, byte destinationPINBlockFormat) Exports PIN to DUKPT Encryption.exportPINImpl(EncryptedPIN pinUnderLmk, SecureDESKey kd2, byte destinationPINBlockFormat) Your SMAdapter should override this method if it has this functionalityformKEYfromClearComponents(short keyLength, String keyType, String... components) Forms a key from 3 clear components and returns it encrypted under its corresponding LMK The corresponding LMK is determined from the keyTypeformKEYfromThreeClearComponents(short keyLength, String keyType, String clearComponent1HexString, String clearComponent2HexString, String clearComponent3HexString) Forms a key from 3 clear components and returns it encrypted under its corresponding LMK The corresponding LMK is determined from the keyTypebyte[]generateARPCImpl(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imkac, String accountNo, String accntSeqNo, byte[] arqc, byte[] atc, byte[] upn, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) Your SMAdapter should override this method if it has this functionalityprotected byte[]generateCBC_MACImpl(byte[] data, SecureDESKey kd) Generates CBC-MAC (Cipher Block Chaining Message Authentication Code) for some data.generateClearKeyComponent(short keyLength) Generates a random clear key component.protected byte[]generateEDE_MACImpl(byte[] data, SecureDESKey kd) Generates EDE-MAC (Encrypt Decrypt Encrypt Message Authentication Code) for some data.protected byte[]generateKeyCheckValueImpl(SecureDESKey secureDESKey) Generates key check value.generateKeyImpl(short keyLength, String keyType) Your SMAdapter should override this method if it has this functionalitygeneratePINImpl(String accountNumber, int pinLen, List<String> excludes) Your SMAdapter should override this method if it has this functionalityprotected byte[]generateSM_MACImpl(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imksmi, String accountNo, String accntSeqNo, byte[] atc, byte[] arqc, byte[] data) Your SMAdapter should override this method if it has this functionalityimportBDK(String clearComponent1HexString, String clearComponent2HexString, String clearComponent3HexString) importKeyImpl(short keyLength, String keyType, byte[] encryptedKey, SecureDESKey kek, boolean checkParity) Your SMAdapter should override this method if it has this functionalityprotected EncryptedPINimportPINImpl(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, SecureDESKey bdk, boolean tdes) Your SMAdapter should override this method if it has this functionalityimportPINImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1) Your SMAdapter should override this method if it has this functionalityvoidConfigures a JCESecurityModuleprotected byte[]specialDecrypt(byte[] data, byte[] key) protected byte[]specialEncrypt(byte[] data, byte[] key) translateKeySchemeImpl(SecureDESKey key, KeyScheme keyScheme) Your SMAdapter should override this method if it has this functionalityprotected org.javatuples.Pair<EncryptedPIN, byte[]> translatePINGenerateSM_MACImpl(MKDMethod mkdm, SKDMethod skdm, PaddingMethod padm, SecureDESKey imksmi, String accountNo, String accntSeqNo, byte[] atc, byte[] arqc, byte[] data, EncryptedPIN currentPIN, EncryptedPIN newPIN, SecureDESKey kd1, SecureDESKey imksmc, SecureDESKey imkac, byte destinationPINBlockFormat) Your SMAdapter should override this method if it has this functionalityprotected EncryptedPINtranslatePINImpl(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, SecureDESKey bdk, SecureDESKey kd2, byte destinationPINBlockFormat, boolean tdes) Your SMAdapter should override this method if it has this functionalitytranslatePINImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1, SecureDESKey kd2, byte destinationPINBlockFormat) Your SMAdapter should override this method if it has this functionalitybyte[]verifyARQCGenerateARPCImpl(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imkac, String accountNo, String accntSeqNo, byte[] arqc, byte[] atc, byte[] upn, byte[] transData, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) Your SMAdapter should override this method if it has this functionalityprotected booleanverifyARQCImpl(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imkac, String accountNo, String accntSeqNo, byte[] arqc, byte[] atc, byte[] upn, byte[] transData) Your SMAdapter should override this method if it has this functionalityprotected booleanverifyCAVVImpl(String accountNo, SecureDESKey cvk, String cavv, String upn, String authrc, String sfarc) Your SMAdapter should override this method if it has this functionalityprotected booleanverifyCVC3Impl(SecureDESKey imkcvc3, String accountNo, String acctSeqNo, byte[] atc, byte[] upn, byte[] data, MKDMethod mkdm, String cvc3) Your SMAdapter should override this method if it has this functionalityprotected booleanverifyCVVImpl(String accountNo, SecureDESKey cvkA, SecureDESKey cvkB, String cvv, String expDate, String serviceCode) Your SMAdapter should override this method if it has this functionalityprotected booleanverifyCVVImpl(String accountNo, SecureDESKey cvkA, SecureDESKey cvkB, String cvv, Date expDate, String serviceCode) Your SMAdapter should override this method if it has this functionalityprotected booleanverifydCVVImpl(String accountNo, SecureDESKey imkac, String dcvv, String expDate, String serviceCode, byte[] atc, MKDMethod mkdm) Your SMAdapter should override this method if it has this functionalityprotected booleanverifydCVVImpl(String accountNo, SecureDESKey imkac, String dcvv, Date expDate, String serviceCode, byte[] atc, MKDMethod mkdm) Your SMAdapter should override this method if it has this functionalitybooleanverifyPVVImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1, SecureDESKey pvkA, SecureDESKey pvkB, int pvki, String pvv) Your SMAdapter should override this method if it has this functionalityMethods inherited from class BaseSMAdapter
calculateCAVV, calculateCVD, calculateCVV, calculateIBMPINOffset, calculateIBMPINOffset, calculateIBMPINOffset, calculateIBMPINOffset, calculateIBMPINOffsetImpl, calculateIBMPINOffsetImpl, calculatePVV, calculatePVV, calculatePVV, calculatePVV, calculateSignature, calculateSignatureImpl, decryptData, decryptData, decryptDataImpl, decryptPIN, deriveIBMPIN, deriveIBMPINImpl, encryptData, encryptData, encryptDataImpl, encryptPIN, encryptPIN, encryptPIN, eraseOldLMK, eraseOldLMKImpl, exportKey, exportKey, exportKeyImpl, exportPIN, generateARPC, generateCBC_MAC, generateEDE_MAC, generateKey, generateKey, generateKeyCheckValue, generateKeyImpl, generateKeyPair, generateKeyPair, generateKeyPairImpl, generateKeyPairImpl, generatePIN, generatePIN, generateSM_MAC, getLogger, getName, getRealm, getSMAdapter, importKey, importKey, importKeyImpl, importPIN, importPIN, importPIN, importPINImpl, printPIN, printPINImpl, setLogger, setName, translateKeyFromOldLMK, translateKeyFromOldLMK, translateKeyFromOldLMKImpl, translateKeyFromOldLMKImpl, translateKeyScheme, translatePIN, translatePIN, translatePIN, translatePINGenerateSM_MAC, translatePINImpl, verifyARQC, verifyARQCGenerateARPC, verifyCAVV, verifyCVC3, verifyCVD, verifyCVV, verifydCVV, verifydCVV, verifyIBMPINOffset, verifyIBMPINOffsetImpl, verifyPVV
-
Field Details
-
jceHandler
-
-
Constructor Details
-
JCESecurityModule
public JCESecurityModule()Creates an uninitialized JCE Security Module, you need to setConfiguration to initialize it -
JCESecurityModule
- Parameters:
lmkFile- Local Master Keys filename of the JCE Security Module- Throws:
SMException
-
JCESecurityModule
- Throws:
SMException
-
JCESecurityModule
public JCESecurityModule(Configuration cfg, Logger logger, String realm) throws ConfigurationException - Throws:
ConfigurationException
-
-
Method Details
-
setConfiguration
Configures a JCESecurityModule- Specified by:
setConfigurationin interfaceConfigurable- Overrides:
setConfigurationin classBaseSMAdapter<SecureDESKey>- Parameters:
cfg- The following properties are read:
lmk: Local Master Keys file (The only required parameter)
jce: JCE Provider Class Name, if not provided, it defaults to: com.sun.crypto.provider.SunJCE
rebuildlmk: (true/false), rebuilds the Local Master Keys file with new keys (WARNING: old keys will be erased)
cbc-mac: Cipher Block Chaining MAC algorithm name for given JCE Provider.
Default is ISO9797ALG3MACWITHISO7816-4PADDING from BouncyCastle provider (known as Retail-MAC)
that is suitable for most of interfaces with double length MAC key
ANSI X9.19 aka ISO/IEC 9797-1 MAC algorithm 3 padding method 2 - ISO7816
ede-mac: Encrypt Decrypt Encrypt MAC algorithm name for given JCE Provider.
Default is DESEDEMAC from BouncyCastle provider
that is suitable for BASE24 with double length MAC key
ANSI X9.19- Throws:
ConfigurationException
-
generateKeyImpl
Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
generateKeyImplin classBaseSMAdapter<SecureDESKey>- Parameters:
keyLength-keyType-- Returns:
- generated key
- Throws:
SMException
-
importKeyImpl
public SecureDESKey importKeyImpl(short keyLength, String keyType, byte[] encryptedKey, SecureDESKey kek, boolean checkParity) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
importKeyImplin classBaseSMAdapter<SecureDESKey>- Parameters:
keyLength-keyType-encryptedKey-kek-checkParity-- Returns:
- imported key
- Throws:
SMException
-
exportKeyImpl
Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
exportKeyImplin classBaseSMAdapter<SecureDESKey>- Parameters:
key-kek-- Returns:
- exported key
- Throws:
SMException
-
encryptPINImpl
Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
encryptPINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pin-accountNumber-- Returns:
- encrypted PIN under LMK
- Throws:
SMException
-
encryptPINImpl
protected EncryptedPIN encryptPINImpl(String pin, String accountNumber, SecureDESKey pek) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality.- Overrides:
encryptPINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pin-accountNumber-pek-- Returns:
- encrypted PIN under PEK.
- Throws:
SMException
-
decryptPINImpl
Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
decryptPINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderLmk-- Returns:
- clear pin as entered by card holder
- Throws:
SMException
-
importPINImpl
Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
importPINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderKd1-kd1-- Returns:
- imported pin
- Throws:
SMException
-
exportPINImpl
public EncryptedPIN exportPINImpl(EncryptedPIN pinUnderLmk, SecureDESKey kd2, byte destinationPINBlockFormat) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
exportPINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderLmk-kd2-destinationPINBlockFormat-- Returns:
- exported pin
- Throws:
SMException
-
generatePINImpl
public EncryptedPIN generatePINImpl(String accountNumber, int pinLen, List<String> excludes) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
generatePINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNumber-pinLen-excludes-- Returns:
- generated PIN under LMK
- Throws:
SMException
-
concatKeys
- Throws:
SMException
-
calculateCVV
protected String calculateCVV(String accountNo, Key cvk, Date expDate, String serviceCode) throws SMException - Throws:
SMException
-
calculateCVD
protected String calculateCVD(String accountNo, Key cvk, String expDate, String serviceCode) throws SMException - Throws:
SMException
-
calculateCVVImpl
protected String calculateCVVImpl(String accountNo, SecureDESKey cvkA, SecureDESKey cvkB, Date expDate, String serviceCode) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
calculateCVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNo-cvkA-cvkB-expDate-serviceCode-- Returns:
- Card Verification Code/Value
- Throws:
SMException
-
calculateCVDImpl
protected String calculateCVDImpl(String accountNo, SecureDESKey cvkA, SecureDESKey cvkB, String expDate, String serviceCode) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
calculateCVDImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNo-cvkA-cvkB-expDate-serviceCode-- Returns:
- Card Verification Digit (Code/Value)
- Throws:
SMException
-
checkCAVVArgs
- Throws:
SMException
-
calculateCAVVImpl
protected String calculateCAVVImpl(String accountNo, SecureDESKey cvk, String upn, String authrc, String sfarc) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
calculateCAVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNo-cvk-upn-authrc-sfarc-- Returns:
- Cardholder Authentication Verification Value
- Throws:
SMException
-
verifyCVVImpl
protected boolean verifyCVVImpl(String accountNo, SecureDESKey cvkA, SecureDESKey cvkB, String cvv, Date expDate, String serviceCode) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifyCVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNo-cvkA-cvkB-cvv-expDate-serviceCode-- Returns:
- true if CVV/CVC is falid or false if not
- Throws:
SMException
-
verifyCVVImpl
protected boolean verifyCVVImpl(String accountNo, SecureDESKey cvkA, SecureDESKey cvkB, String cvv, String expDate, String serviceCode) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifyCVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNo-cvkA-cvkB-cvv-expDate-serviceCode-- Returns:
trueif CVV/CVC is valid orfalseotherwise- Throws:
SMException
-
verifyCAVVImpl
protected boolean verifyCAVVImpl(String accountNo, SecureDESKey cvk, String cavv, String upn, String authrc, String sfarc) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifyCAVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNo-cvk-cavv-upn-authrc-sfarc-- Returns:
- Cardholder Authentication Verification Value
- Throws:
SMException
-
calculatedCVV
protected String calculatedCVV(String accountNo, SecureDESKey imkac, String expDate, String serviceCode, byte[] atc, MKDMethod mkdm) throws SMException - Throws:
SMException
-
verifydCVVImpl
protected boolean verifydCVVImpl(String accountNo, SecureDESKey imkac, String dcvv, Date expDate, String serviceCode, byte[] atc, MKDMethod mkdm) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifydCVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNo-imkac-dcvv-expDate-serviceCode-atc-mkdm-- Returns:
- true if dcvv is valid false if not
- Throws:
SMException
-
verifydCVVImpl
protected boolean verifydCVVImpl(String accountNo, SecureDESKey imkac, String dcvv, String expDate, String serviceCode, byte[] atc, MKDMethod mkdm) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifydCVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
accountNo-imkac-dcvv-expDate-serviceCode-atc-mkdm-- Returns:
- true if dcvv is valid false if not
- Throws:
SMException
-
calculateCVC3
protected String calculateCVC3(SecureDESKey imkcvc3, String accountNo, String acctSeqNo, byte[] atc, byte[] upn, byte[] data, MKDMethod mkdm) throws SMException - Throws:
SMException
-
verifyCVC3Impl
protected boolean verifyCVC3Impl(SecureDESKey imkcvc3, String accountNo, String acctSeqNo, byte[] atc, byte[] upn, byte[] data, MKDMethod mkdm, String cvc3) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifyCVC3Implin classBaseSMAdapter<SecureDESKey>- Parameters:
imkcvc3-accountNo-acctSeqNo-atc-upn-data-mkdm-cvc3-- Returns:
- true if cvc3 is valid false if not
- Throws:
SMException
-
deriveICCMasterKey
Derive ICC Master Key from Issuer Master Key and preformated PAN/PANSeqNo Compute two 8-byte numbers:- left part is a result of Tripple-DES encription
panpsnwithimkas the key- right part is a result of Tripple-DES binary inverted
panpsnwithimkas the key- concatenate left and right parts
Described in EMV v4.2 Book 2, Annex A1.4.1 Master Key Derivation point 2- Parameters:
imk- 16-bytes Issuer Master Keypanpsn- preformated PAN and PAN Sequence Number- Returns:
- derived 16-bytes ICC Master Key with adjusted DES parity
- Throws:
JCEHandlerException
- left part is a result of Tripple-DES encription
-
calculatePVV
protected String calculatePVV(EncryptedPIN pinUnderLmk, Key key, int keyIdx, List<String> excludes) throws SMException - Throws:
SMException
-
calculatePVVImpl
protected String calculatePVVImpl(EncryptedPIN pinUnderLmk, SecureDESKey pvkA, SecureDESKey pvkB, int pvkIdx, List<String> excludes) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
calculatePVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderLmk-pvkA-pvkB-pvkIdx-excludes-- Returns:
- PVV (VISA PIN Verification Value)
- Throws:
SMException
-
calculatePVVImpl
protected String calculatePVVImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1, SecureDESKey pvkA, SecureDESKey pvkB, int pvkIdx, List<String> excludes) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
calculatePVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderKd1-kd1-pvkA-pvkB-pvkIdx-excludes-- Returns:
- PVV (VISA PIN Verification Value)
- Throws:
SMException
-
verifyPVVImpl
public boolean verifyPVVImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1, SecureDESKey pvkA, SecureDESKey pvkB, int pvki, String pvv) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifyPVVImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderKd1-kd1-pvkA-pvkB-pvki-pvv-- Returns:
- true if pin is valid false if not
- Throws:
SMException
-
translatePINImpl
public EncryptedPIN translatePINImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1, SecureDESKey kd2, byte destinationPINBlockFormat) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
translatePINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderKd1-kd1-kd2-destinationPINBlockFormat-- Returns:
- translated pin
- Throws:
SMException
-
calculateARQC
protected byte[] calculateARQC(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imkac, String accountNo, String accntSeqNo, byte[] atc, byte[] upn, byte[] transData) throws SMException Calculate ARQC.Entry point e.g. for simulator systems
- Throws:
SMException
-
verifyARQCImpl
protected boolean verifyARQCImpl(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imkac, String accountNo, String accntSeqNo, byte[] arqc, byte[] atc, byte[] upn, byte[] transData) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifyARQCImplin classBaseSMAdapter<SecureDESKey>- Parameters:
mkdm-skdm-imkac-accountNo-accntSeqNo-arqc-atc-upn-transData-- Returns:
- true if ARQC/TC/AAC is valid or false if not
- Throws:
SMException
-
generateARPCImpl
public byte[] generateARPCImpl(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imkac, String accountNo, String accntSeqNo, byte[] arqc, byte[] atc, byte[] upn, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
generateARPCImplin classBaseSMAdapter<SecureDESKey>- Parameters:
mkdm-skdm-imkac-accountNo-accntSeqNo-arqc-atc-upn-arpcMethod-arc-propAuthData-- Returns:
- calculated ARPC
- Throws:
SMException
-
verifyARQCGenerateARPCImpl
public byte[] verifyARQCGenerateARPCImpl(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imkac, String accountNo, String accntSeqNo, byte[] arqc, byte[] atc, byte[] upn, byte[] transData, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
verifyARQCGenerateARPCImplin classBaseSMAdapter<SecureDESKey>- Parameters:
mkdm-skdm-imkac-accountNo-accntSeqNo-arqc-atc-upn-transData-arpcMethod-arc-propAuthData-- Returns:
- calculated ARPC
- Throws:
SMException
-
calculateARPC
protected byte[] calculateARPC(Key skarpc, byte[] arqc, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) throws SMException Calculate ARPC.Entry point e.g. for simulator systems
- Throws:
SMException
-
generateSM_MACImpl
protected byte[] generateSM_MACImpl(MKDMethod mkdm, SKDMethod skdm, SecureDESKey imksmi, String accountNo, String accntSeqNo, byte[] atc, byte[] arqc, byte[] data) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
generateSM_MACImplin classBaseSMAdapter<SecureDESKey>- Parameters:
mkdm-skdm-imksmi-accountNo-accntSeqNo-atc-arqc-data-- Returns:
- generated 8 bytes MAC
- Throws:
SMException
-
translatePINGenerateSM_MACImpl
protected org.javatuples.Pair<EncryptedPIN, byte[]> translatePINGenerateSM_MACImpl(MKDMethod mkdm, SKDMethod skdm, PaddingMethod padm, SecureDESKey imksmi, String accountNo, String accntSeqNo, byte[] atc, byte[] arqc, byte[] data, EncryptedPIN currentPIN, EncryptedPIN newPIN, SecureDESKey kd1, SecureDESKey imksmc, SecureDESKey imkac, byte destinationPINBlockFormat) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
translatePINGenerateSM_MACImplin classBaseSMAdapter<SecureDESKey>- Parameters:
mkdm-skdm-padm-imksmi-accountNo-accntSeqNo-atc-arqc-data-currentPIN-newPIN-kd1-imksmc-imkac-destinationPINBlockFormat-- Returns:
- Pair of values, encrypted PIN and 8 bytes MAC
- Throws:
SMException
-
encryptDataImpl
public byte[] encryptDataImpl(CipherMode cipherMode, SecureDESKey kd, byte[] data, byte[] iv) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
encryptDataImplin classBaseSMAdapter<SecureDESKey>- Parameters:
cipherMode-kd-data-iv-- Returns:
- encrypted data
- Throws:
SMException
-
decryptDataImpl
public byte[] decryptDataImpl(CipherMode cipherMode, SecureDESKey kd, byte[] data, byte[] iv) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
decryptDataImplin classBaseSMAdapter<SecureDESKey>- Parameters:
cipherMode-kd-data-iv-- Returns:
- decrypted data
- Throws:
SMException
-
generateCBC_MACImpl
Generates CBC-MAC (Cipher Block Chaining Message Authentication Code) for some data.- Overrides:
generateCBC_MACImplin classBaseSMAdapter<SecureDESKey>- Parameters:
data- the data to be MACedkd- the key used for MACing- Returns:
- generated CBC-MAC bytes
- Throws:
SMException
-
generateEDE_MACImpl
Generates EDE-MAC (Encrypt Decrypt Encrypt Message Authentication Code) for some data.- Overrides:
generateEDE_MACImplin classBaseSMAdapter<SecureDESKey>- Parameters:
data- the data to be MACedkd- the key used for MACing- Returns:
- generated EDE-MAC bytes
- Throws:
SMException
-
generateClearKeyComponent
Generates a random clear key component.- Parameters:
keyLength-- Returns:
- clear key componenet
- Throws:
SMException
-
generateKeyCheckValueImpl
Generates key check value.- Overrides:
generateKeyCheckValueImplin classBaseSMAdapter<SecureDESKey>- Parameters:
secureDESKey- SecureDESKey with untrusted or fake Key Check Value- Returns:
- generated Key Check Value
- Throws:
SMException
-
translateKeySchemeImpl
public SecureDESKey translateKeySchemeImpl(SecureDESKey key, KeyScheme keyScheme) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
translateKeySchemeImplin classBaseSMAdapter<SecureDESKey>- Parameters:
key-keyScheme-- Returns:
- translated key with
destKeySchemescheme - Throws:
SMException
-
formKEYfromThreeClearComponents
public SecureDESKey formKEYfromThreeClearComponents(short keyLength, String keyType, String clearComponent1HexString, String clearComponent2HexString, String clearComponent3HexString) throws SMException Forms a key from 3 clear components and returns it encrypted under its corresponding LMK The corresponding LMK is determined from the keyType- Parameters:
keyLength- e.g. LENGTH_DES, LENGTH_DES3_2, LENGTH_DES3_3, ..keyType- possible values are those defined in the SecurityModule inteface. e.g., ZMK, TMK,...clearComponent1HexString- HexString containing the first componentclearComponent2HexString- HexString containing the second componentclearComponent3HexString- HexString containing the second component- Returns:
- forms an SecureDESKey from two clear components
- Throws:
SMException
-
formKEYfromClearComponents
public SecureDESKey formKEYfromClearComponents(short keyLength, String keyType, String... components) throws SMException Description copied from interface:SMAdapterForms a key from 3 clear components and returns it encrypted under its corresponding LMK The corresponding LMK is determined from the keyType- Specified by:
formKEYfromClearComponentsin interfaceSMAdapter<SecureDESKey>- Overrides:
formKEYfromClearComponentsin classBaseSMAdapter<SecureDESKey>- Parameters:
keyLength- e.g. LENGTH_DES, LENGTH_DES3_2, LENGTH_DES3_3, ..keyType- possible values are those defined in the SecurityModule inteface. e.g., ZMK, TMK,...components- up to three HexStrings containing key components- Returns:
- forms an SecureDESKey from two clear components
- Throws:
SMException
-
calculateKeyCheckValue
Calculates a key check value over a clear key- Parameters:
key-- Returns:
- the key check value
- Throws:
SMException
-
encryptToLMK
protected SecureDESKey encryptToLMK(short keyLength, String keyType, Key clearDESKey) throws SMException Encrypts a clear DES Key under LMK to form a SecureKey- Parameters:
keyLength-keyType-clearDESKey-- Returns:
- secureDESKey
- Throws:
SMException
-
decryptFromLMK
Decrypts a secure DES key from encryption under LMK- Parameters:
secureDESKey- (Key under LMK)- Returns:
- clear key
- Throws:
SMException
-
calculatePINBlock
protected byte[] calculatePINBlock(String pin, byte pinBlockFormat, String accountNumber) throws SMException Calculates the clear PIN Block- Parameters:
pin- as entered by the card holder on the PIN entry devicepinBlockFormat-accountNumber- (the 12 right-most digits of the account number excluding the check digit)- Returns:
- The clear PIN Block
- Throws:
SMException
-
calculatePIN
protected String calculatePIN(byte[] pinBlock, byte pinBlockFormat, String accountNumber) throws SMException Calculates the clear pin (as entered by card holder on the pin entry device) givin the clear PIN block- Parameters:
pinBlock- clear PIN BlockpinBlockFormat-accountNumber-- Returns:
- the pin
- Throws:
SMException
-
specialEncrypt
- Throws:
JCEHandlerException
-
specialDecrypt
- Throws:
JCEHandlerException
-
dataEncrypt
Description copied from interface:SMAdapterEncrypt Data- Specified by:
dataEncryptin interfaceSMAdapter<SecureDESKey>- Overrides:
dataEncryptin classBaseSMAdapter<SecureDESKey>- Parameters:
bdk- base derivation keyclearText- clear Text- Returns:
- cyphertext
- Throws:
SMException
-
dataDecrypt
Description copied from interface:SMAdapterDecrypt Data- Specified by:
dataDecryptin interfaceSMAdapter<SecureDESKey>- Overrides:
dataDecryptin classBaseSMAdapter<SecureDESKey>- Parameters:
bdk- base derivation keycypherText- clear Text- Returns:
- cleartext
- Throws:
SMException
-
calculateDerivedKey
protected byte[] calculateDerivedKey(KeySerialNumber ksn, SecureDESKey bdk, boolean tdes, boolean dataEncryption) throws SMException - Throws:
SMException
-
importBDK
public SecureDESKey importBDK(String clearComponent1HexString, String clearComponent2HexString, String clearComponent3HexString) throws SMException - Throws:
SMException
-
translatePINImpl
protected EncryptedPIN translatePINImpl(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, SecureDESKey bdk, SecureDESKey kd2, byte destinationPINBlockFormat, boolean tdes) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
translatePINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderDuk-ksn-bdk-kd2-destinationPINBlockFormat-tdes-- Returns:
- translated pin
- Throws:
SMException
-
importPINImpl
protected EncryptedPIN importPINImpl(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, SecureDESKey bdk, boolean tdes) throws SMException Description copied from class:BaseSMAdapterYour SMAdapter should override this method if it has this functionality- Overrides:
importPINImplin classBaseSMAdapter<SecureDESKey>- Parameters:
pinUnderDuk-ksn-bdk-tdes-- Returns:
- imported pin
- Throws:
SMException
-
exportPIN
public EncryptedPIN exportPIN(EncryptedPIN pinUnderLmk, KeySerialNumber ksn, SecureDESKey bdk, boolean tdes, byte destinationPINBlockFormat) throws SMException Exports PIN to DUKPT Encryption.- Parameters:
pinUnderLmk-ksn-bdk-tdes-destinationPINBlockFormat-- Returns:
- The encrypted pin
- Throws:
SMException
-