编程语言
首页 > 编程语言> > RSA Encrytion间歇性地在JavaCard上引发异常

RSA Encrytion间歇性地在JavaCard上引发异常

作者:互联网

我编写了一个程序,使用Java卡上的RSA公钥对10个字节的随机数进行加密.每当卡收到该APDU命令时都会生成一个随机数,并且由于我的applet中相关的密码对象块大小为2048位,因此我在此10字节随机数的末尾附加了242字节的0x00,使其变为256字节长度.

问题在于,有时响应是值为05的Crypto Exception.如您所知,并提到了JC API文档:

0x05 = ILLEGAL_USE

public static final short ILLEGAL_USE

This reason code is used to
indicate that the signature or cipher algorithm does not pad the
incoming message and the input message is not block aligned.

由于输入长度在applet中是固定的,因此我无法解决问题!

这是我的小程序的相关部分:

protected final void getEncChallenge(APDU apdu) {
        random.generateData(generatedChall, (short) 0, (short) 10);
        initAsymCipher(ENTITY_BOB, MODE_ENC);
        Util.arrayCopy(generatedChall, (short) 0, transientData, (short) 0, (short) 10);
        Util.arrayFillNonAtomic(transientData, (short) 10, (short) 246, (byte) 0x00);
        rsaCrypto(transientData, persistentData);
        apdu.setOutgoing();
        apdu.setOutgoingLength((short) 256);
        apdu.sendBytesLong(persistentData, (short) 0, (short) 256);
    }

protected final void rsaCrypto(byte[] inData, byte[] outData) {
    try{
        asymCipher.doFinal(inData, (short) 0, (short) 256, outData, (short) 0);
    }catch(CryptoException e){
        short reason = e.getReason();
        ISOException.throwIt((short)(0x6d00 | reason));
    }
}

这是响应:

transientData ---> APDU Response
---------------------------------
80 ..(Eight Random Bytes).. BD ..(246 bytes of "0x00").. ---> OK (i.e. 256 byte encrypted data)
EO ..(Eight Random Bytes).. 64 ..(246 bytes of "0x00").. ---> 6D05
02 ..(Eight Random Bytes).. B3 ..(246 bytes of "0x00").. ---> OK
CB ..(Eight Random Bytes).. 35 ..(246 bytes of "0x00").. ---> 6D05
17 ..(Eight Random Bytes).. 97 ..(246 bytes of "0x00").. ---> OK
0C ..(Eight Random Bytes).. 0C ..(246 bytes of "0x00").. ---> OK
D3 ..(Eight Random Bytes).. 91 ..(246 bytes of "0x00").. ---> 6D05
86 ..(Eight Random Bytes).. E2 ..(246 bytes of "0x00").. ---> OK
C2 ..(Eight Random Bytes).. 23 ..(246 bytes of "0x00").. ---> 6D05

有人知道我的小程序怎么了吗?

解决方法:

您在错误的一侧进行填充. RSA处理最大端序编码的数字,直到模数大小为止.通常的填充机制(通常的RSA安全性所必需)通过左填充起作用,其值严格小于模数.

因此,基本上,您的填充挑战被视为一个编码数字,并且在转换时,它有时大于模数.发生这种情况时,RSA例程将不会接受它.

将零字节填充到左侧应该可以解决此问题.或者,您可以确保将质询的最高位掩码为零(& 0x7F).

标签:cryptography,rsa,javacard,java
来源: https://codeday.me/bug/20191118/2028499.html