Source code

001/*
002 * ===========================================================================================
003 * = COPYRIGHT
004 *          PAX Computer Technology (Shenzhen) Co., Ltd. PROPRIETARY INFORMATION
005 *   This software is supplied under the terms of a license agreement or nondisclosure
006 *   agreement with PAX Computer Technology (Shenzhen) Co., Ltd. and may not be copied or
007 *   disclosed except in accordance with the terms in that agreement.
008 *     Copyright (C) 2017-2023 PAX Computer Technology (Shenzhen) Co., Ltd. All rights reserved.
009 * Description: // Detail description about the function of this module,
010 *             // interfaces with the other modules, and dependencies.
011 * Revision History:
012 * Date                         Author                        Action
013 * 2017/04/01                   PAX                     Create/Add/Modify/Delete
014 * ===========================================================================================
015 */
016
017package com.pax.dal;
018
019
020import com.pax.dal.entity.AuthData;
021import com.pax.dal.entity.EPedType;
022import com.pax.dal.entity.EPinBlockMode;
023import com.pax.dal.exceptions.PedDevException;
024
025public interface IPedAuthManager {
026
027
028    /**
029     * <div class="zh"> 打开一个设备间安全传输的功能，用sessionID作为标记。</div>
030     * <div class="en"> Enable a secure transfer between devices, marked with sessionID.</div>
031     * @param sessionID <div class="zh"> 16 bytes session number </div>
032     *                  <div class="en"> 16 bytes session number </div>
033     * @throws PedDevException
034     * @since V3.29.00
035     */
036    void authOpen(byte[] sessionID) throws PedDevException;
037
038
039    /**
040     * <div class="zh"> 关闭sessionID对应的设备间安全传输的功能。</div>
041     * <div class="en"> Disable a secure transfer between devices according to sessionID.</div>
042     * @param sessionID <div class="zh"> 16 bytes session number </div>
043     *                  <div class="en"> 16 bytes session number </div>
044     * @throws PedDevException
045     * @since V3.29.00
046     */
047    void authClose(byte[] sessionID) throws PedDevException;
048
049
050    /**
051     * <div class="zh"> 关闭所有传输通道。</div>
052     * <div class="en"> Close all transfers between devices.</div>
053
054     * @throws PedDevException
055     * @since V3.29.00
056     */
057    void authCloseAll() throws PedDevException;
058
059
060    /**
061     * <div class="zh"> 根据设备自身的公私钥，导出一个ECDHE的随机公钥。</div>
062     * <div class="en"> According to the public and private keys of the device itself, a random public key of ECDHE is derived.</div>
063     *
064     * @param sessionID <div class="zh"> 16 bytes session number </div>
065     *                  <div class="en"> 16 bytes session number </div>
066     * @return {@link AuthData}
067     * @throws PedDevException
068     * @since V3.29.00
069     */
070    AuthData authEcdhPublicKey(byte[] sessionID) throws PedDevException;
071
072
073    /**
074     * <div class="zh"> 根据peer设备自身的本地公钥和ECDHE公钥，产生一个ECDHE的共享密钥,并存储在SP内部。</div>
075     * <div class="en"> According to the local public key and the ECDHE public key of the peer device, an ECDHE shared key is generated and stored in the SP.</div>
076     *
077     * @param sessionID <div class="zh"> 16 bytes session number </div>
078     *                  <div class="en"> 16 bytes session number </div>
079     * @param peerPubKey <div class="zh">对端ECDHE公钥</div>
080     *                   <div class="en">Peer ECDHE public key</div>
081     * @param peerCertData <div class="zh">对端证书</div>
082     *                     <div class="en">Peer certificate</div>
083     * @throws PedDevException
084     * @since V3.29.00
085     */
086    void authEcdhShareKey(byte[] sessionID, byte[] peerPubKey, byte[] peerCertData) throws PedDevException;
087
088    /**
089     * <div class="zh"> 根据ECDHE的共享密钥发散出工作密钥，类型由keyType指定。</div>
090     * <div class="en"> Diverging a working key based on ECDHE's shared key, the type is specified by keyType.</div>
091     *
092     * @param sessionID <div class="zh"> 16 bytes session number </div>
093     *                  <div class="en"> 16 bytes session number </div>
094     * @param keyType <ul>
095     *                <li>{@link com.pax.dal.entity.EPedKeyType#TAESK }</li>
096     *                <li> {@link com.pax.dal.entity.EPedKeyType#TPK}</li>
097     *
098     * @throws PedDevException
099     * @since V3.29.00
100     */
101    void authDeriveWorkKey(byte[] sessionID, byte keyType) throws PedDevException;
102
103
104    /**
105     * <div class="zh"> 与PedGetPinBlock一样，但密钥是sessionID指定的PED_TPK。</div>
106     * <div class="en"> Same as PedGetPinBlock, but key is PED_TPK specified by sessionID.</div>
107     *
108     * @param sessionID <div class="zh"> 16 bytes session number </div>
109     *                  <div class="en"> 16 bytes session number </div>
110     * @param expPinLen
111     *            <div class="zh"> <p>当IPed为{@link EPedType#INTERNAL}:可输入的合法密码长度字符串，应用程序把允许的密码长度全部枚举出来，并且用","号隔开每个长度，密码长度的有效取值为：0，4~12。若允许输入 4、6 位密码并且允许无密码直接按确认，则该字符串应该设置为"0，4，6"。
112     *            若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值，比如"2，6，7，10"，无效值将被忽略。</p> <p>当IPed为{@link EPedType#EXTERNAL_TYPEA}:PIN长度在expPinLen中的最小值和最大值区间。如果mode = EPinBlockMode.ISO9564_0时,当最小长度不为0时,允许按"确认"退出 。</p> </div>
113     *            <div class="en"><p>When IPed is {@link EPedType#INTERNAL}:The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6".
114     *            If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.<p>
115     *            <p>When IPed is {@link EPedType#EXTERNAL_TYPEA}:The PIN length is between the minimum and maximum values in expPinLen. If mode = EPinBlockMode.ISO9564_0, press "ok" to exit when the minimum length is not 0.</p> </div>
116     * @param dataIn <div class="zh">当mode= 0x01时,输入参数为参与PinBlock的格式化,8字节数据(根据ISO9564的规范,该数据可以是随机数、交易流水号或时间戳等)。</div>
117     *               <div class="en">When mode=0x01, Input parameters for participation in PinBlock formatting, 8 bytes data.(refer to ISO9564 standard, this data can be Random number, the transaction serial number or time stamp, etc.)</div>
118     * @param mode <div class="zh">0x01， ISO9564 格式 1 </div> <div class="en">0x01, ISO9564 format 1</div>
119     * @param timeoutMs <div class="zh">输入 PIN 的超时时间,单位：毫秒 最大值为 300000ms </div>
120     *                  <div class="en">Timeout time for entering PIN, unit: milliseconds, the maximum value is 300000ms</div>
121     * @return <div class="zh">8字节的PINBlock</div> <div class="en">8-byte PINBlock</div>
122     * @throws PedDevException
123     * @since V3.29.00
124     */
125    byte[] getPinBlockSession(byte[] sessionID, String expPinLen, byte[] dataIn, byte mode, int timeoutMs) throws PedDevException;
126
127    /**
128     * <div class="zh"> 与PedSetOfflinePinMode一样，但密钥是sessionID指定的PED_TPK。</div>
129     * <div class="en"> Same as PedSetOfflinePinMode, but key is PED_TPK specified by sessionID.</div>
130     *
131     * @param mode <div class="zh">
132     *                <ul>
133     *                 <li>0x00:内部PINPAD，默认模式。</li>
134     *                 <li>0x01:外部PINPAD。</li>
135     *                </ul>
136     *               </div>
137     *               <div class="en">
138     *                <ul>
139     *                 <li>0x00:Built-in PINPAD, default mode.</li>
140     *                 <li>0x01:External PINPAD.</li>
141     *                </ul>
142     *               </div>
143     * @param sessionID <div class="zh"> 16 bytes session number </div>
144     *                  <div class="en"> 16 bytes session number </div>
145     * @param pinBlock <div class="zh">8-byte Cipher PINBLOCK with ISO9564 Format 1 </div>
146     *                 <div class="en">8-byte Cipher PINBLOCK with ISO9564 Format 1 </div>
147     * @throws PedDevException
148     * @since V3.29.00
149     */
150    void setOfflinePinModeSession(byte mode, byte[] sessionID, byte[] pinBlock) throws PedDevException;
151
152    /**
153     * <div class="zh"> 与PedAesDataCalc一样，但密钥是sessionID指定的AES_TDK。</div>
154     * <div class="en"> Same as PedAesDataCalc, but key is AES_TDK specified by sessionID.</div>
155     *
156     * @param sessionID <div class="zh"> 16 bytes session number </div>
157     *                  <div class="en"> 16 bytes session number </div>
158     * @param initVector <div class="zh">ECB模式: 初始向量为空
159     *                   <br> CBC模式: 初始向量, 16字节</div>
160     *                   <div class="en">ECB mode: initial vector is empty
161     *                   <br> CBC mode: initial vector, 16 bytes</div>
162     * @param dataIn <div class="zh">用于加密或解密的数据 最大长度 <= 1024, 且为16的倍数。</div>
163     *               <div class="en">data for encryption or decryption, maximum length <= 1024, and is a multiple of 16</div>
164     * @param mode <div class="zh"> <ul>
165     *             <li>0x00: ECB解密</li>
166     *             <li>0x01: ECB加密</li>
167     *             <li>0x02: CBC解密</li>
168     *             <li>0x03: CBC加密</li></ul> </div>
169     *             <div class="en"><ul>
170     *             <li>0x00: ECB decryption</li>
171     *             <li>0x01: ECB encryption</li>
172     *             <li>0x02: CBC decryption</li>
173     *             <li>0x03: CBC encryption</li></ul> </div>
174     * @return <div class="zh">加密或解密后的数据</div> <div class="en">encrypted or decrypted data</div>
175     * @throws PedDevException
176     * @since V3.29.00
177     */
178    byte[] getAesDataCalcSession(byte[] sessionID, byte[] initVector, byte[] dataIn, byte mode) throws PedDevException;
179
180}