001 /* 002 * =========================================================================================== 003 * = COPYRIGHT 004 * PAX Computer Technology (Shenzhen) Co., Ltd. PROPRIETARY INFORMATION 005 * This software is supplied under the terms of a license agreement or nondisclosure 006 * agreement with PAX Computer Technology (Shenzhen) Co., Ltd. and may not be copied or 007 * disclosed except in accordance with the terms in that agreement. 008 * Copyright (C) 2017-2023 PAX Computer Technology (Shenzhen) Co., Ltd. All rights reserved. 009 * Description: // Detail description about the function of this module, 010 * // interfaces with the other modules, and dependencies. 011 * Revision History: 012 * Date Author Action 013 * 2017/04/01 PAX Create/Add/Modify/Delete 014 * =========================================================================================== 015 */ 016 017package com.pax.dal; 018 019import com.pax.dal.entity.RSAKeyInfo; 020import com.pax.dal.exceptions.PedDevException; 021/** 022 * AS2805 key area distribution table. 023 * 024 * <table border="1"> 025 * <tr> 026 * <th>Name</th> 027 * <th>Index area</th> 028 * <th>Description</th> 029 * </tr> 030 * <tr> 031 * <td>AS2805 KTM ZONE</td> 032 * <td>NUM 1-10</td> 033 * <td>kia, kca</td> 034 * </tr> 035 * <tr> 036 * <td>AS2805 KEK ZONE</td> 037 * <td>NUM 1-10</td> 038 * <td>kek</td> 039 * </tr> 040 * <tr> 041 * <td>AS2805 TWK ZONE</td> 042 * <td>NUM 1-30</td> 043 * <td>mach, macr, macs, kdr, kds, kpp, kpe</td> 044 * </tr> 045 * <tr> 046 * <td>AS2805 PPID ZONE</td> 047 * <td>NUM 1-5</td> 048 * <td>ppid</td> 049 * </tr> 050 * <tr> 051 * <td>AS2805 PPASN ZONE</td> 052 * <td>NUM 1-5</td> 053 * <td>ppasn</td> 054 * </tr> 055 * </table> 056 */ 057public interface IPedBg { 058 059 /** 060 * <div class="zh">KDr/KDs来自PED查询,KDr只能用于数据解密,KDs只能用于数据加密 </div> <div class="en">KDr/KDs comes from PED query, KDr 061 * can only be used for data decryption, KDs can only be used for data encryption. </div> 062 * 063 * @param kdIndex 064 * <div class="zh">KDr/KDs的索引,1~30 </div> <div class="en"> The index of KDr/KDs, 1~30 </div> 065 * @param dataIn 066 * <div class="zh">将要被加密/解密的数据,DataInLen≤2048 && DataInLen%8==0 </div> <div class="en">Data to be 067 * encrypted / decrypted, DataInLen < 2048 & & DataInLen%8==0 </div> 068 * @param mode 069 * <div class="zh"> 070 * <ul> 071 * <li>0x00:ECB解密</li> 072 * <li>0x01:ECB加密</li> 073 * <li>0x02:CBC解密</li> 074 * <li>0x03:CBC加密</li> 075 * <li>0x04:OFB解密</li> 076 * <li>0x05:OFB加密</li> 077 * </ul> 078 * </div> <div class="en"> 079 * <ul> 080 * <li>0x00:ECB decrypt</li> 081 * <li>0x01:ECB encrypt</li> 082 * <li>0x02:CBC decrypt</li> 083 * <li>0x03:CBC encrypt</li> 084 * <li>0x04:OFB decrypt</li> 085 * <li>0x05:OFB encrypt</li> 086 * </ul> 087 * </div> 088 * @param iv 089 * <div class="zh"> 初始向量,8字节。IV不用于ECB加解密,在ECB加解密中可以设置为NULL。 090 * 如果IV为NULL,CBC/OFB加解密中IV默认为"\x00\x00\x00\x00\x00\x00\x00\x00" </div> <div class="en"> Initial vector, 8 091 * bytes.IV is not used for ECB encryption and decryption. It can be set to NULL in ECB encryption and 092 * decryption.If IV is NULL, in CBC/OFB encryption and decryption, IV acquiescence is 093 * "\x00\x00\x00\x00\x00\x00\x00\x00".</div> 094 * @return <div class="zh">输出数据 </div> <div class="en">output data </div> 095 * @throws PedDevException 096 */ 097 byte[] des(byte kdIndex, byte[] dataIn, byte mode, byte[] iv) throws PedDevException; 098 099 /** 100 * <div class="zh"> 从ucKcaIndex指定的KCA生成一个KIA </div> <div class="en"> Generate a KIA from the KCA specified by 101 * ucKcaIndex </div> 102 * 103 * @param kcaIndex 104 * <div class="zh"> KCA索引,1~10 </div> <div class="en"> KCA index, 1~10 </div> 105 * @param kiaIndex 106 * <div class="zh"> KIA索引,1~10 </div> <div class="en"> KIA index, 1~10 </div> 107 * @param fmtAiicBlk 108 * <div class="zh"> 16字节AIIC </div> <div class="en"> 16 bytes AIIC </div> 109 * @return <div class="zh"> KIA中3字节的KVC </div> <div class="en"> 3 bytes of KVC in KIA </div> 110 * @throws PedDevException 111 */ 112 byte[] generateKia(byte kcaIndex, byte kiaIndex, byte[] fmtAiicBlk) throws PedDevException; 113 114 /** 115 * <div class="zh"> 从KPPIndex指定的KPP生成KPE </div> <div class="en"> Generating KPE from the KPP specified by KPPIndex 116 * </div> 117 * 118 * @param KPPIndex 119 * <div class="zh"> KPP索引,1~30 </div> <div class="en"> KPP index, 1~30 </div> 120 * @param KPEIndex 121 * <div class="zh"> KPE索引,1~30 </div> <div class="en"> KPE index, 1~30 </div> 122 * @param STAN 123 * <div class="zh"> 3字节审核跟踪数字 </div> <div class="en"> 3 byte audit tracking number </div> 124 * @param amount 125 * <div class="zh"> 6字节交易数 </div> <div class="en"> 6 byte transaction number </div> 126 * @throws PedDevException 127 */ 128 void generateKPE(byte KPPIndex, byte KPEIndex, byte[] STAN, byte[] amount) throws PedDevException; 129 130 /** 131 * <div class="zh"> 获得密钥验证码 </div> <div class="en"> Obtaining key authentication code </div> 132 * 133 * @param keyType 134 * <div class="zh"> 135 * <ul> 136 * <li>BG_TYPE_KTM 0x01</li> 137 * <li>BG_TYPE_KEK 0x02</li> 138 * <li>BG_TYPE_KMACS 0x03</li> 139 * <li>BG_TYPE_KMACR 0x04</li> 140 * <li>BG_TYPE_KDR 0x05</li> 141 * <li>BG_TYPE_KDS 0x06</li> 142 * <li>BG_TYPE_KPP 0x07</li> 143 * <li>BG_TYPE_KPE 0x08</li> 144 * <li>BG_TYPE_KHASH 0x09</li> 145 * </ul> 146 * </div> <div class="en"> 147 * <ul> 148 * <li>BG_TYPE_KTM 0x01</li> 149 * <li>BG_TYPE_KEK 0x02</li> 150 * <li>BG_TYPE_KMACS 0x03</li> 151 * <li>BG_TYPE_KMACR 0x04</li> 152 * <li>BG_TYPE_KDR 0x05</li> 153 * <li>BG_TYPE_KDS 0x06</li> 154 * <li>BG_TYPE_KPP 0x07</li> 155 * <li>BG_TYPE_KPE 0x08</li> 156 * <li>BG_TYPE_KHASH 0x09</li> 157 * </ul> 158 * </div> 159 * @param keyIdx 160 * <div class="zh">密钥索引 161 * <ul> 162 * <li>KTM[1-10]</li> 163 * <li>KEK[1-10]</li> 164 * <li>KMACS/KMACR/KDR/KDS/KPP/KPE[1-30]</li> 165 * <li>KHASH[1-5]</li> 166 * </ul> 167 * </div> <div class="en">密钥索引 168 * <ul> 169 * <li>KTM[1-10]</li> 170 * <li>KEK[1-10]</li> 171 * <li>KMACS/KMACR/KDR/KDS/KPP/KPE[1-30]</li> 172 * <li>KHASH[1-5]</li> 173 * </ul> 174 * </div> 175 * @return <div class="zh">密钥验证码,3字节 </div> <div class="en"> Key verification code, 3 bytes </div> 176 * @throws PedDevException 177 */ 178 byte[] getKeyKvc(byte keyType, byte keyIdx) throws PedDevException; 179 180 /** 181 * <div class="zh">使用PKsp生成一个KI和加密KI双倍长度的随机密钥 </div> <div class="en"> Generate a random double length Key as KI and 182 * encrypt KI with PKsp </div> 183 * 184 * @param pstPKsp 185 * <div class="zh">RSA公钥,用来加密KiKey </div> <div class="en">The RSA public key, which is used to encrypt 186 * the KiKey. </div> 187 * @param random 188 * <div class="zh">交换机的随机数 </div> <div class="en"> Random number from the switch. </div> 189 * @param userData 190 * <div class="zh"> 用户数据 </div> <div class="en"> User data </div> 191 * @param ppid 192 * <div class="zh"> 8字节PPID </div> <div class="en"> 8 Bytes PPID </div> 193 * @return <div class="zh">KiKey,长度为16字节 <br/> 194 * <table border="1"> 195 * <tr> 196 * <th>Contents</th> 197 * <th>Length</th> 198 * <th>Attribute</th> 199 * <th>Bytes</th> 200 * </tr> 201 * <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" /> 202 * <tr> 203 * <th>在PKsp加密之前,以下数据字段将会优先被使用DFormat 1数据块进行编码。最终的密码将会被格式化为一个DFormat1数据块</th> 204 * <th></th> 205 * <th>b</th> 206 * <th>var</th> 207 * </tr> 208 * <tr> 209 * <th>00-15 KI(奇数位校验调整)</th> 210 * <th>16</th> 211 * <th>B</th> 212 * <th>16</th> 213 * <tr> 214 * <th>16-23 PPID</th> 215 * <th>8</th> 216 * <th>B</th> 217 * <th>8</th> 218 * </tr> 219 * <tr> 220 * <th>24-28 MMDDHHMMSS</th> 221 * <th>10</th> 222 * <th>N</th> 223 * <th>5</th> 224 * </tr> 225 * <tr> 226 * <th>29-(29+n-1) 来自交换机的随机数</th> 227 * <th>N</th> 228 * <th>B</th> 229 * <th>var</th> 230 * </tr> 231 * </tr> 232 * <tr> 233 * <th>29+n 用户数据</th> 234 * <th>M</th> 235 * <th>B</th> 236 * <th>var</th> 237 * </tr> 238 * </tr> 239 * </table> 240 * 241 * ucKiKeyLen+8+5+usRandomLen+usUserDataLen必须小于PKsp’s 模长-5的字节长度 </div> <div class="en">KiKey, with a length 242 * of 16 bytes<br/> 243 * <table border="1"> 244 * <tr> 245 * <th>Contents</th> 246 * <th>Length</th> 247 * <th>Attribute</th> 248 * <th>Bytes</th> 249 * </tr> 250 * <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" /> 251 * <tr> 252 * <th>Before PKsp is encrypted, the following data fields will be encoded first by using DFormat 1 data 253 * blocks. The final password will be formatted as a DFormat1 block.</th> 254 * <th></th> 255 * <th>b</th> 256 * <th>var</th> 257 * </tr> 258 * <tr> 259 * <th>00-15 KI(odd parity adjusted)</th> 260 * <th>16</th> 261 * <th>B</th> 262 * <th>16</th> 263 * <tr> 264 * <th>16-23 PPID</th> 265 * <th>8</th> 266 * <th>B</th> 267 * <th>8</th> 268 * </tr> 269 * <tr> 270 * <th>24-28 MMDDHHMMSS</th> 271 * <th>10</th> 272 * <th>N</th> 273 * <th>5</th> 274 * </tr> 275 * <tr> 276 * <th>29-(29+n-1) Random number from the Switch</th> 277 * <th>N</th> 278 * <th>B</th> 279 * <th>var</th> 280 * </tr> 281 * </tr> 282 * <tr> 283 * <th>29+n User Data</th> 284 * <th>M</th> 285 * <th>B</th> 286 * <th>var</th> 287 * </tr> 288 * </tr> 289 * </table> 290 * 291 * ucKiKeyLen+8+5+usRandomLen+usUserDataLen must be less than the bytes length of PKsp’s modulus-5 </div> 292 * @throws PedDevException 293 */ 294 byte[] getKi(RSAKeyInfo pstPKsp, byte[] random, byte[] userData, byte[] ppid) throws PedDevException; 295 296 /** 297 * <div class="zh">用ucKmacrIndex指定的KMACs来执行MAC运算,这个8字节的MAC结构将被返回。 KMACs来自于PED查询,被PED用来生成MAC,被应用用来验证MAC </div> <div 298 * class="en">Use KMACs specified by ucKmacsIndex to perform MAC calculation, the 8bytes MAC result will be ouput to 299 * pucMacOut. KMACs is from the PED’s view. It is used to generate MAC by PED and used to verify MAC by acquirer’s 300 * application. </div> 301 * 302 * @param kmacsIndex 303 * <div class="zh">KMACs的索引,1~30 </div> <div class="en"> The index of KMACs[1-30] </div> 304 * @param data 305 * <div class="zh"> MAC data,长度≤1024. </div> <div class="en">MAC data. Length of MACdata(<=1024) </div> 306 * @param mode 307 * <div class="zh"> 0x00: 输入数据被分解成长度均为8字节的P1, P2 … Pm。如果Pm长度小于8字节,在右侧用0x00填充 输出数据:C1, C2,…,Cm;每一个都是8字节长 308 * C0={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00} FOR i=1,2,…n,do Ci = TDEAmackey(Pi⊕Ci-1); Output Ci Cn is 309 * the MAC result. X⊕Y是X和Y的异或操作 </div> <div class="en"> MAC algorithm 0x00: Algorithm description: Input 310 * data is divided into P1, P2 … Pm which are of the same length of 8 bytes.If Pm is less then 8 bytes, 311 * It is padded with 0x00 on the right. Output data: C1, C2,…,Cm; each one is 8-byte long. 312 * C0={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00} FOR i=1,2,…n,do Ci = TDEAmackey(Pi⊕Ci-1); Output Ci; Cn 313 * is the MAC result. X⊕Y is “exclusive or” operation of X and Y. </div> 314 * @return <div class="zh">8字节MAC结果 </div> <div class="en">8Bytes MAC result </div> 315 * @throws PedDevException 316 */ 317 byte[] getMac(byte kmacsIndex, byte[] data, byte mode) throws PedDevException; 318 319 /** 320 * <div class="zh">从keypad获得PIN,然后生成PINBLOCK </div> <div class="en"> Get PIN from keypad and generate 321 * PINBLOCK.</div> 322 * 323 * @param KPEIndex 324 * <div class="zh">KPE索引,1~30 </div> <div class="en">KPE index[1-30] </div> 325 * @param expPinLen 326 * <div class="zh">可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 327 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。</div> 328 * <div class="en">The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 329 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.</div> 330 * @param dataIn 331 * <div class="zh">PucDataIn的长度 332 * <ul> 333 * <li>当Mode=0x00,DataIn指向位移后的16位PAN</li> 334 * <li>当Mode=0x01,DataIn被忽略,接口内部采用随机数填充PINBlock。</li> 335 * <li>当Mode=0x02,DataIn指向位移后的16位PAN。</li> 336 * </ul> 337 * </div> <div class="en"> 338 * <ul> 339 * <li>When Mode=0x00, DataIn points to shifted 16 bits primary account number(PAN).</li> 340 * <li>When Mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.</li> 341 * <li>When Mode=0x02, DataIn is the 16 bytes primary account number after shifting.</li> 342 * </ul> 343 * </div> 344 * @param mode 345 * <div class="zh">PINBLOCK格式 346 * <ul> 347 * <li>0x00: ISO9564 PIN block格式0</li> 348 * <li>0x01: ISO9564 PIN block格式1</li> 349 * <li>0x02: ISO9564 PIN block格式3</li> 350 * <li>0x06:AS2805 zero length PIN block mode。不会要求输入PIN,不会弹出输PIN窗口,expPinLen必须为0。</li> 351 * </ul> 352 * </div> <div class="en"> 353 * <ul> 354 * <li>0x00: ISO9564 PIN block format0</li> 355 * <li>0x01: ISO9564 PIN block format1</li> 356 * <li>0x02: ISO9564 PIN block format3</li> 357 * <li>0x06:AS2805 zero length PIN block mode。The pin input window will not pop up. expPinLen must be 0.</li> 358 * </ul> 359 * </div> 360 * @param timeOut 361 * <div class="zh">PIN数据超时时长,单位:MS。最大值为300000Ms </div> <div class="en">Timeout for PIN input, unit: MS. 362 * Most significant bit comes first. Maximum value is 300000Ms </div> 363 * @return <div class="zh">8字节PINBLOCK </div> <div class="en">8 bytes PINBLOCK </div> 364 * @throws PedDevException 365 */ 366 byte[] getPinblock(byte KPEIndex, String expPinLen, byte[] dataIn, byte mode, int timeOut) throws PedDevException; 367 368 /** 369 * <div class="zh">将KCA加载到PED,KCA被KI(Initialization Key)的变量44加密. 这个函数必须getKi后被调用 </div> <div class="en">Load KCA to 370 * PED,KCA is encrypted by variant 44 of the Initialization key(KI). This function must be called following getKi(). 371 * </div> 372 * 373 * @param kcaIndex 374 * <div class="zh">KCA索引,1~10 </div> <div class="en">KCA index[1-10] </div> 375 * @param kca 376 * <div class="zh">TCBC被KI v44c0加密的KCA的密文,长度只能是16 </div> <div class="en">The cipher text of KCA which is 377 * TCBC encrypted by KI v44c0.The length of KCA, 16 only. </div> 378 * @return <div class="zh">KCA的密钥验证码,如果不为NULL,KCA的KVC将被返回 </div> <div class="en">The key verification code of KCA, 379 * If it is not NULL, the KVC of KCA will output to pucKcaKvc </div> 380 * @throws PedDevException 381 */ 382 byte[] loadKca(byte kcaIndex, byte[] kca) throws PedDevException; 383 384 /** 385 * <div class="zh">将KEK1/KEK2加载到PED </div> <div class="en">Load KEK1/KEK2 to PED. </div> 386 * 387 * @param kiaIndex 388 * <div class="zh">KIA索引,1~10 </div> <div class="en">The index[1~10] of KIA </div> 389 * @param kek1Index 390 * <div class="zh">保存KEK1的索引,1~10 </div> <div class="en">The index[1~10] to store KEK1 </div> 391 * @param kek2Index 392 * <div class="zh">保存KEK2的索引,1~10 </div> <div class="en">The index[1~10] to store KEK2 </div> 393 * @param keyVar 394 * <div class="zh">用于生成KIA变量密钥的变量,这个变量用于解密PPASN </div> <div class="en">The variant (16Bytes) to generate 395 * KIA variant key for decrypting PPASN </div> 396 * @param fmtAiicBlk 397 * <div class="zh">16字节的AIIC </div> <div class="en">16 bytesAIIC </div> 398 * @param cipherKey 399 * <div class="zh">密文格式<br/> 400 * <table border="1"> 401 * <tr> 402 * <th>Name</th> 403 * <th>Contents</th> 404 * <th>Length</th> 405 * <th>Attribute</th> 406 * <th>Bytes</th> 407 * </tr> 408 * <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" 409 * /> 410 * <tr> 411 * <th>eKIA(KEK1)</th> 412 * <th>Terminal master key 1 encrypted by Acquirer Initialisation key</th> 413 * <th>128</th> 414 * <th>B</th> 415 * <th>16</th> 416 * </tr> 417 * <tr> 418 * <th>eKIA(KEK2)</th> 419 * <th>Terminal master key 2 encrypted by Acquirer Initialisation key</th> 420 * <th>128</th> 421 * <th>b</th> 422 * <th>16</th> 423 * </tr> 424 * <tr> 425 * <th>eKIA(PPASN)</th> 426 * <th>PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key</th> 427 * <th>64</th> 428 * <th>b</th> 429 * <th>8</th> 430 * <tr> 431 * <th>MAC</th> 432 * <th>MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN) using the acquiers KMACi.</th> 433 * <th>8</th> 434 * <th>n</th> 435 * <th>4</th> 436 * <tr> 437 * <th>KCV(KEK1)</th> 438 * <th>KEK1 check value</th> 439 * <th>3</th> 440 * <th>b</th> 441 * <th>3</th> 442 * </tr> 443 * </table> 444 * </div> <div class="en">密文格式<br/> 445 * <table border="1"> 446 * <tr> 447 * <th>Name</th> 448 * <th>Contents</th> 449 * <th>Length</th> 450 * <th>Attribute</th> 451 * <th>Bytes</th> 452 * </tr> 453 * <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" 454 * /> 455 * <tr> 456 * <th>eKIA(KEK1)</th> 457 * <th>Terminal master key 1 encrypted by Acquirer Initialisation key</th> 458 * <th>128</th> 459 * <th>B</th> 460 * <th>16</th> 461 * </tr> 462 * <tr> 463 * <th>eKIA(KEK2)</th> 464 * <th>Terminal master key 2 encrypted by Acquirer Initialisation key</th> 465 * <th>128</th> 466 * <th>b</th> 467 * <th>16</th> 468 * </tr> 469 * <tr> 470 * <th>eKIA(PPASN)</th> 471 * <th>PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key</th> 472 * <th>64</th> 473 * <th>b</th> 474 * <th>8</th> 475 * <tr> 476 * <th>MAC</th> 477 * <th>MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN) using the acquiers KMACi.</th> 478 * <th>8</th> 479 * <th>n</th> 480 * <th>4</th> 481 * <tr> 482 * <th>KCV(KEK1)</th> 483 * <th>KEK1 check value</th> 484 * <th>3</th> 485 * <th>b</th> 486 * <th>3</th> 487 * </tr> 488 * </table> 489 * </div> 490 * @return <div class="zh">PPASN的普通文本 </div> <div class="en">The plain text of PPASN </div> 491 * @throws PedDevException 492 */ 493 byte[] loadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKey) 494 throws PedDevException; 495 496 /** 497 * <div class="zh">将会话密钥加载到PED </div> <div class="en">Load session keys into PED. </div> 498 * 499 * @param keyIndexList 500 * <div class="zh"> pucKeyIndexList[0]:KMACr保存KMACr的索引,1~30 </br> pucKeyIndexList[1]:保存KDr的索引,1~30</br> 501 * pucKeyIndexList[2]:KMACs保存KMACs的索引,1~30 </br> pucKeyIndexList[3]:保存KDs的索引,1~30</br> 502 * pucKeyIndexList[4]:保存KPP的索引,1~30 </br> pucKeyIndexList[5]:保存KEK1的索引</br> </div> <div class="en"> 503 * pucKeyIndexList[0]: The index[1~30] to store KMACr </br> pucKeyIndexList[1]: The index[1~30] to store 504 * KDr </br> pucKeyIndexList[2]: The index[1~30] to store KMACs </br> pucKeyIndexList[3]: The index[1~30] 505 * to store KDs </br> pucKeyIndexList[4]: The index[1~30] to store KPP </br> pucKeyIndexList[5]: The 506 * index[1~10] of KEK1</br> </div> 507 * @param keyVarList 508 * <div class="zh">ppucKeyVarList[0]:一个用于生成用于KEK1变量关键字的变量,KEK1变量关键字用于解密KMACr </br> 509 * ppucKeyVarList[1]:一个用于生成用于KEK1变量关键字的变量,KEK1变量关键字用于解密KDr </br> 510 * ppucKeyVarList[2]:一个用于生成用于KEK1变量关键字的变量,KEK1变量关键字用于解密KMACs </br> 511 * ppucKeyVarList[3]:一个用于生成用于KEK1变量关键字的变量,KDs变量关键字用于解密KDs </br> 512 * ppucKeyVarList[4]:一个用于生成用于KEK1变量关键字的变量,KEK1变量关键字用于解密KPP </br> </div> <div 513 * class="en">ppucKeyVarList[0]: The variant which is used to generate the KEK1 variant key to decrypt 514 * KMACr</br> ppucKeyVarList[1]: The variant which is used to generate the KEK1 variant key to decrypt 515 * KDr</br> ppucKeyVarList[2]: The variant which is used to generate the KEK1 variant key to decrypt 516 * KMACs</br> ppucKeyVarList[3]: The variant which is used to generate the KEK1 variant key to decrypt 517 * KDs</br> ppucKeyVarList[4]: The variant which is used to generate the KEK1 variant key to decrypt 518 * KPP</br> </div> 519 * @param cipherKeyIn 520 * <div class="zh">密文密钥的格式 <br/> 521 * <table border="1"> 522 * <tr> 523 * <th></th> 524 * <th>Format</th> 525 * <th>Length</th> 526 * <th>Description</th> 527 * </tr> 528 * <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" /> 529 * <tr> 530 * <th>KEK1 check value</th> 531 * <th>B24</th> 532 * <th>3</th> 533 * <th></th> 534 * </tr> 535 * <tr> 536 * <th>Encrypted MAC Receive Key (from PED’s view)</th> 537 * <th>B128</th> 538 * <th>16</th> 539 * <th>Encrypted using KEK1v24c0</th> 540 * </tr> 541 * <tr> 542 * <th>Encrypted Data Receive Key(from PED’s view)</th> 543 * <th>B128</th> 544 * <th>16</th> 545 * <th>Encrypted using KEK1v22c0 546 * </tr> 547 * <tr> 548 * <th>Encrypted MAC Send Key(from PED’s view)</th> 549 * <th>B128</th> 550 * <th>16</th> 551 * <th>Encrypted using KEK1v48c0</th> 552 * </tr> 553 * <tr> 554 * <th>Encrypted Data Send Key(from PED’s view)</th> 555 * <th>B128</th> 556 * <th>16</th> 557 * <th>Encrypted using KEK1v44c0 558 * </tr> 559 * </tr> 560 * <tr> 561 * <th>Encrypted PIN Key(from PED’s view)</th> 562 * <th>B128</th> 563 * <th>16</th> 564 * <th>Encrypted using KEK1v28c0</th> 565 * </tr> 566 * </table> 567 * </div> <div class="en">The format of cipher key<br/> 568 * <table border="1"> 569 * <tr> 570 * <th></th> 571 * <th>Format</th> 572 * <th>Length</th> 573 * <th>Description</th> 574 * </tr> 575 * <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" /> 576 * <tr> 577 * <th>KEK1 check value</th> 578 * <th>B24</th> 579 * <th>3</th> 580 * <th></th> 581 * </tr> 582 * <tr> 583 * <th>Encrypted MAC Receive Key (from PED’s view)</th> 584 * <th>B128</th> 585 * <th>16</th> 586 * <th>Encrypted using KEK1v24c0</th> 587 * </tr> 588 * <tr> 589 * <th>Encrypted Data Receive Key(from PED’s view)</th> 590 * <th>B128</th> 591 * <th>16</th> 592 * <th>Encrypted using KEK1v22c0 593 * </tr> 594 * <tr> 595 * <th>Encrypted MAC Send Key(from PED’s view)</th> 596 * <th>B128</th> 597 * <th>16</th> 598 * <th>Encrypted using KEK1v48c0</th> 599 * </tr> 600 * <tr> 601 * <th>Encrypted Data Send Key(from PED’s view)</th> 602 * <th>B128</th> 603 * <th>16</th> 604 * <th>Encrypted using KEK1v44c0 605 * </tr> 606 * </tr> 607 * <tr> 608 * <th>Encrypted PIN Key(from PED’s view)</th> 609 * <th>B128</th> 610 * <th>16</th> 611 * <th>Encrypted using KEK1v28c0</th> 612 * </tr> 613 * </table> 614 * </div> 615 * @throws PedDevException 616 */ 617 void loadSessionKeys(byte[] keyIndexList, byte[][] keyVarList, byte[] cipherKeyIn) throws PedDevException; 618 619 /** 620 * <div class="zh">读取SKman(PKtcu),使用SKman签名后的PKtcu密文 </div> <div class="en">Read SKman(PKtcu), the cipher of PKtcu 621 * which signed by SKman </div> 622 * 623 * @param RSAKeyIndex 624 * <div class="zh">RSA密钥的索引[1~10] </div> <div class="en">the index of RSAKEY, [1~10] </div> 625 * @return <div class="zh">输出密文PKtcu的缓存 </div> <div class="en">The buffer to output the cipher PKtcu. </div> 626 * @throws PedDevException 627 */ 628 byte[] readCipherPKtcu(byte RSAKeyIndex) throws PedDevException; 629 630 /** 631 * <div class="zh">从PED读取PPASN </div> <div class="en">Read PPASN from PED. </div> 632 * 633 * @param kek1Index 634 * <div class="zh">用于加密PPASN的KEK1索引,0~10.如果ucKek1Index为0,则返回的为PPASN的普通文本。当返回的是PPASN的密文时,是KEK1加密后的ECB 635 * </div> <div class="en">[0-10] the KEK1 index to encrypted PPASN. If ucKek1Index is 0, pucPpasnOut is 636 * the plain text of PPASN, while the pucPpasnOut is the cihper text of PPASN which is ECB encrypted with 637 * KEK1 </div> 638 * @param ppasnIndex 639 * <div class="zh">PPASN的索引,1~5 </div> <div class="en">The index[1-5] of PPASN </div> 640 * @return <div class="zh">用于存储PED读取到的PPASN的缓存 </div> <div class="en">The buffer to store in PPASN read from PED 641 * </div> 642 * @throws PedDevException 643 */ 644 byte[] readPpasn(byte kek1Index, byte ppasnIndex) throws PedDevException; 645 646 /** 647 * <div class="zh">从PED读取PPID </div> <div class="en">Read PPID from PED. </div> 648 * 649 * @param ppidIndex 650 * <div class="zh">PPID的索引,1~5 </div> <div class="en"> The index[1-5] of PPID</div> 651 * @return <div class="zh">用于存储PED中读取到的PPID的缓存 </div> <div class="en">The buffer to store the PPID read from PED 652 * </div> 653 * @throws PedDevException 654 */ 655 byte[] readPpid(byte ppidIndex) throws PedDevException; 656 657 /** 658 * <div class="zh">从PED读取RSA公钥,只能读取公钥 </div> <div class="en">Read RSA public key from the PED Only the public key 659 * can be read. </div> 660 * 661 * @param RSAKeyIndex 662 * <div class="zh">RSA密钥的索引[1~10] </div> <div class="en">the index of RSAKEY, [1~10] </div> 663 * @return <div class="zh"> RSA密钥</div> <div class="en"> RSA key</div> 664 * @throws PedDevException 665 */ 666 RSAKeyInfo readRsaKey(byte RSAKeyIndex) throws PedDevException; 667 668 /** 669 * <div class="zh">Roll over KEK1/KEK2. </div> <div class="en">Roll over KEK1/KEK2. </div> 670 * 671 * @param kekFlag 672 * <div class="zh">‘1’ for KEK1; ‘2’ for KEK2; </div> <div class="en"> '1' for KEK1; '2' for KEK2;</div> 673 * @param kek1Index 674 * <div class="zh">保存KEK1的索引,1~10 </div> <div class="en">The index[1~10] to store KEK1 </div> 675 * @param kek2Index 676 * <div class="zh">保存KEK2的索引,1~10 </div> <div class="en">The index[1~10] to store KEK2 </div> 677 * @param ppasn 678 * <div class="zh">8字节的PPASN </div> <div class="en">8Bytes PPASN </div> 679 * @throws PedDevException 680 */ 681 void rollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte[] ppasn) throws PedDevException; 682 683 /** 684 * <div class="zh">KMACr来自于PED查询,被PED用来验证MAC,被应用用来生成MAC。 用ucKmacrIndex指定的KMACr来验证MAC </div> <div class="en">KMACr is 685 * from the PED’s view. It is used to verify MAC by PED and used to generate MAC by acquirer’s application. Use 686 * KMACr specified by ucKmacrIndex to verify MAC. </div> 687 * 688 * @param kmacrIndex 689 * <div class="zh">KMACr的索引,1~30 </div> <div class="en">The index of KMACr[1-30]. </div> 690 * @param data 691 * <div class="zh">MAC data,长度≤2048 </div> <div class="en">MAC data.Length of MACdata(<=2048) </div> 692 * @param mode 693 * <div class="zh">{@link IPedBg#getMac(byte, byte[], byte)} </div> <div class="en"> 694 * {@link IPedBg#getMac(byte, byte[], byte)} </div> 695 * @param mac 696 * <div class="zh">8字节用于验证的MAC结果 如果MAC结果来自主机,可能为8字节或4字节。如果为4字节,右侧被删减的部分用0x00填充 </div> <div 697 * class="en">8Bytes MAC result for verification. If the MAC result from host maybe 8bytes or 4 bytes, if 698 * it is 4 bytes, the right truncated bytes are padded with 0x00. </div> 699 * @throws PedDevException 700 */ 701 void verifyMac(byte kmacrIndex, byte[] data, byte mode, byte[] mac) throws PedDevException; 702 703 /** 704 * <div class="zh">写入SKman(PKtcu),使用SKman签名后的PKtcu密文 </div> <div class="en">WriteSKman(PKtcu), the cipher of PKtcu 705 * which signed by SKman. </div> 706 * 707 * @param RSAKeyIndex 708 * <div class="zh">RSA密钥的索引[1~10] </div> <div class="en"> the index of RSAKEY, [1~10]</div> 709 * @param cipherPKtcu 710 * <div class="zh">将要保存到PED的PKtcu密文,长度≤1024 </div> <div class="en">The cipher PKtcu to be stored by 711 * PED.The length of PKtcu which signed by SKman<=1024. </div> 712 * @throws PedDevException 713 */ 714 void writeCipherPKtcu(byte RSAKeyIndex, byte[] cipherPKtcu) throws PedDevException; 715 716 /** 717 * <div class="zh"> 将PPASN写入到PED </div> <div class="en">Write PPASN to PED. </div> 718 * 719 * @param ppasnIndex 720 * <div class="zh">PPASN的索引,1~5 </div> <div class="en">The index[1-5] of PPASN </div> 721 * @param ppasn 722 * <div class="zh">将要保存到PED的PPASN </div> <div class="en">The PPASN to be stored in PED </div> 723 * @throws PedDevException 724 */ 725 void writePpasn(byte ppasnIndex, byte[] ppasn) throws PedDevException; 726 727 /** 728 * <div class="zh">写入PPID到PED </div> <div class="en">Write PPID to PED. </div> 729 * 730 * @param ppidIndex 731 * <div class="zh">PPID的索引,1~5. </div> <div class="en">The index[1-5] of PPID </div> 732 * @param ppid 733 * <div class="zh">将要保存的PED的PPID</div> <div class="en"> The PPID to be stored in PED</div> 734 * @throws PedDevException 735 */ 736 void writePpid(byte ppidIndex, byte[] ppid) throws PedDevException; 737 738 /** 739 * <div class="zh"> 设置输入PIN监听器。 </div> <div class="en"> Set the input PIN listener. </div> 740 * 741 * @param inputPinListener {@link IPed.IPedInputPinListener} 742 * @since V3.22.00 743 */ 744 void setInputPinListener(IPed.IPedInputPinListener inputPinListener); 745 746 /** 747 * <div class="zh">导出事务密钥和初始mac密钥。</div> <div class="en">Export the transaction key and the original MAC key.</div> 748 * 749 * @param srcKeyType <div class="zh">源密钥类型。 750 * <ul> 751 * <li>0x01:KCA(KIA)</li> 752 * <li>0x02:KEK</li> 753 * </ul></div> 754 * <div class="en">Type of source key. 755 * <ul> 756 * <li>0x01:KCA(KIA)</li> 757 * <li>0x02:KEK</li> 758 * </ul></div> 759 * @param srcKeyIndex <div class="zh">源密钥索引。</div> <div class="en">Index of source index.</div> 760 * @param dstKeyType <div class="zh">目的密钥类型。 761 * <ul> 762 * <li>当srcKeyIndex=0x01,则dstKeyType可以为KCA(KIA)、KEK、TAK、TPK、TDK。</li> 763 * <li>当srcKeyIndex=0x02,则dstKeyType可以为KEK、TAK、TPK、TDK。</li> 764 * </ul></div> 765 * <div class="en">Type of destination key. 766 * <ul> 767 * <li>When srcKeyIndex=0x01, dstKeyType can be KCA(KIA), KEK, TAK, TPK, and TDK.</li> 768 * <li>When srcKeyIndex=0x02, dstKeyType can be KEK, TAK, TPK, and TDK.</li> 769 * </ul></div> 770 * @param dstKeyIndex <div class="zh">目的密钥索引。</div> <div class="en">Index of destination key.</div> 771 * @param dataIn <div class="zh">用于派生16字节数据。</div> <div class="en">Used to derive 16 bytes of data.</div> 772 * @param keyVar <div class="zh">16字节的xor值。如果不存在就设为null,此时无需调用{@link IPedNp#writeKeyVar(int, int, int, int, byte[])}。 </div> 773 * <div class="en">A 16-byte xor value.Set it to null if it doesn't exist, and don't need to call {@link IPedNp#writeKeyVar(int, int, int, int, byte[])}.</div> 774 * @param iv <div class="zh"> 775 * <ul> 776 * <li>当mode=0时:为null。</li> 777 * <li>当mode=1时:8字节的IV值。</li> 778 * </ul></div> 779 * <div class="en"> 780 * <ul> 781 * <li>When mode=0: is null.</li> 782 * <li>When mode=1: 8 bytes of IV value.</li> 783 * </ul></div> 784 * @param mode <div class="zh"> 785 * <ul> 786 * <li>0:OWF发散。</li> 787 * <li>1:CBC发散。</li> 788 * </ul></div> 789 * <div class="en"> 790 * <ul> 791 * <li>0:OWF divergence.</li> 792 * <li>1:CBC divergence.</li> 793 * </ul></div> 794 * @throws PedDevException PedDevException 795 * @since V3.23.00 796 */ 797 void asDeriveKey(byte srcKeyType, byte srcKeyIndex, byte dstKeyType, byte dstKeyIndex, byte[] dataIn, byte[] keyVar, byte[] iv, byte mode) throws PedDevException; 798 799 /** 800 * <div class="zh">加载Key到PED。</div> <div class="en">Load the key into the PED.</div> 801 * 802 * @param tcuIndex <div class="zh">tcu RSA私钥索引。</div> <div class="en">Index of tcu RSA private key.</div> 803 * @param keyIndex <div class="zh">Key索引。</div> <div class="en">Index of key.</div> 804 * @param dataEncrypted <div class="zh">用tcu RSA私钥加密的输入数据(256字节)。</div> <div class="en">Input data encrypted with the tcu RSA private key (256 bytes).</div> 805 * @param mode <div class="zh"> 806 * <ul> 807 * <li>0:keyIndex为KCA索引。</li> 808 * <li>1:keyIndex为TAK索引。</li> 809 * </ul></div> 810 * <div class="en"> 811 * <ul> 812 * <li>0:keyIndex is index of KCA.</li> 813 * <li>1:keyIndex is index of TAK.</li> 814 * </ul></div> 815 * @return <div class="zh">输出RNtcu数据,8字节。</div> <div class="en">Output RNtcu data, 8 bytes.</div> 816 * @throws PedDevException PedDevException 817 * @since V3.23.00 818 */ 819 byte[] asLoadKeyAsym(byte tcuIndex, byte keyIndex, byte[] dataEncrypted, byte mode) throws PedDevException; 820 821 /** 822 * <div class="zh">将KEK1/KEK2/PPASN加载到PED。</div> <div class="en">Load KEK1/KEK2/PPASN into PED.</div> 823 * 824 * @param kiaIndex <div class="zh">KIA索引[1~10]。</div> <div class="en">Index of KIA [1~10].</div> 825 * @param kek1Index <div class="zh">KEK1索引[1~10]。</div> <div class="en">Index of KEK1 [1~10].</div> 826 * @param kek2Index <div class="zh">KEK2索引[1~10]。</div> <div class="en">Index of KEK2 [1~10].</div> 827 * @param ppasnIndex <div class="zh">PPASN索引[1~5]。</div> <div class="en">Index of PPASN [1~5].</div> 828 * @param keyVar <div class="zh">用于生成KIA变量密钥的变量,16字节,这个变量用于解密PPASN。</div> 829 * <div class="en">The variable used to generate the key for the KIA variable, 16 bytes, which is used to decrypt the PPASN.</div> 830 * @param fmtAiicBlk <div class="zh">16字节 AIIC。</div> <div class="en">AIIC, 16 bytes.</div> 831 * @param cipherKeyIn <div class="zh">密文格式。 832 * <table border="1"> 833 * <tr> 834 * <th>Name</th> 835 * <th>Contents</th> 836 * <th>Length</th> 837 * <th>Attribute</th> 838 * <th>Bytes</th> 839 * </tr> 840 * <tr> 841 * <td>eKIA(KEK1)</td> 842 * <td>Terminal master key 1 encrypted by Acquirer Initialisation key.</td> 843 * <td>128</td> 844 * <td>b</td> 845 * <td>16</td> 846 * </tr> 847 * <tr> 848 * <td>eKIA(KEK2)</td> 849 * <td>Terminal master key 2 encrypted by Acquirer Initialisation key.</td> 850 * <td>128</td> 851 * <td>b</td> 852 * <td>16</td> 853 * </tr> 854 * <tr> 855 * <td>eKIA(PPASN)</td> 856 * <td>PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key.</td> 857 * <td>64</td> 858 * <td>b</td> 859 * <td>8</td> 860 * </tr> 861 * <tr> 862 * <td>MAC</td> 863 * <td>MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN)using the acquiers KMACi.</td> 864 * <td>8</td> 865 * <td>n</td> 866 * <td>4</td> 867 * </tr> 868 * </table> 869 * </div> <div class="en">Ciphertext format. 870 * <table border="1"> 871 * <tr> 872 * <th>Name</th> 873 * <th>Contents</th> 874 * <th>Length</th> 875 * <th>Attribute</th> 876 * <th>Bytes</th> 877 * </tr> 878 * <tr> 879 * <td>eKIA(KEK1)</td> 880 * <td>Terminal master key 1 encrypted by Acquirer Initialisation key.</td> 881 * <td>128</td> 882 * <td>b</td> 883 * <td>16</td> 884 * </tr> 885 * <tr> 886 * <td>eKIA(KEK2)</td> 887 * <td>Terminal master key 2 encrypted by Acquirer Initialisation key.</td> 888 * <td>128</td> 889 * <td>b</td> 890 * <td>16</td> 891 * </tr> 892 * <tr> 893 * <td>eKIA(PPASN)</td> 894 * <td>PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key.</td> 895 * <td>64</td> 896 * <td>b</td> 897 * <td>8</td> 898 * </tr> 899 * <tr> 900 * <td>MAC</td> 901 * <td>MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN)using the acquiers KMACi.</td> 902 * <td>8</td> 903 * <td>n</td> 904 * <td>4</td> 905 * </tr> 906 * </table> 907 * </div> 908 * @param mode <div class="zh">支持0和1。</div> <div class="en"> support 0 and 1.</div> 909 * @throws PedDevException PedDevException 910 * @since V3.23.00 911 */ 912 void asLoadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte ppasnIndex, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKeyIn, byte mode) throws PedDevException; 913 914 /** 915 * <div class="zh">翻转KEK1/KEK2。</div> <div class="en">Roll KEK1/KEK2.</div> 916 * 917 * @param kekFlag <div class="zh"><ul> 918 * <li>0x31:KEK1。</li> 919 * <li>0x32:KEK2。</li></ul></div> 920 * <div class="en"><ul> 921 * <li>0x31:KEK1.</li> 922 * <li>0x32:KEK2.</li></ul></div> 923 * @param kek1Index <div class="zh">KEK1索引[1~10]。</div> <div class="en">Index of KEK1 [1~10].</div> 924 * @param kek2Index <div class="zh">KEK2索引[1~10]。</div> <div class="en">Index of KEK2 [1~10].</div> 925 * @param ppasnIndex <div class="zh">PPASN索引[1~5]。</div> <div class="en">Index of PPASN [1~10].</div> 926 * @throws PedDevException PedDevException 927 * @since V3.23.00 928 */ 929 void asRollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte ppasnIndex) throws PedDevException; 930 931 /** 932 * <div class="zh">获取验证信息, eKIA(PPID), eKEK(PPASN), OWF(KEK, PPASN).</div> 933 * <div class="en">Get verify information, eKIA(PPID), eKEK(PPASN), OWF(KEK, PPASN).</div> 934 * 935 * @param info <div class="zh">密钥索引或其它信息。2字节。 936 * <ul> 937 * <li>当mode = 0: PPID index + KIA index 。</li> 938 * <li>当mode = 1: PPASN index + KEK index 。</li> 939 * <li>当mode = 2: PPASN index + KEK index 。</li> 940 * </ul> 941 * </div> 942 * <div class="en">Key index or other information. 2 bytes. 943 * <ul> 944 * <li>When mode = 0: PPID index + KIA index .</li> 945 * <li>When mode = 1: PPASN index + KEK index .</li> 946 * <li>When mode = 2: PPASN index + KEK index .</li> 947 * </ul> 948 * </div> 949 * @param verifyInfoLen <div class="zh">验证信息的数据长度。必须是4或8。</div> 950 * <div class="en">Verify the data length of the information. It must to be 4 or 8.</div> 951 * @param mode <div class="zh"> 952 * <ul> 953 * <li>0:eKIA(PPID)</li> 954 * <li>1:eKEK(PPASN)</li> 955 * <li>2:OWF(KEK, PPASN)</li> 956 * </ul> 957 * </div> 958 * <div class="en"> 959 * <ul> 960 * <li>0:eKIA(PPID)</li> 961 * <li>1:eKEK(PPASN)</li> 962 * <li>2:OWF(KEK, PPASN)</li> 963 * </ul> 964 * </div> 965 * @return <div class="zh">验证信息, 4个或8个字节。</div> <div class="en">Verification information, 4 or 8 bytes.</div> 966 * @throws PedDevException PedDevException 967 * @since V3.23.00 968 */ 969 byte[] asGetVerifyInfo(byte[] info, byte verifyInfoLen, byte mode) throws PedDevException; 970 971 /** 972 * <div class="zh">加载由KI加密到PED的密钥。KMACH是由初始化密钥(KI)的变量24加密的。 973 * 这个函数必须在{@link IPedBg#getKi(RSAKeyInfo, byte[], byte[], byte[])}之后调用。</div> 974 * <div class="en">Load the key encrypted by KI to PED.KMACH is encrypted by variable 24, 975 * which initializes the key (KI).This function must be called after 976 * {@link IPedBg#getKi(RSAKeyInfo, byte[], byte[], byte[])}.</div> 977 * 978 * @param keyIndex <div class="zh">密钥索引。KMACH 1~30。</div> <div class="en">Key index.KMACH 1 ~ 30.</div> 979 * @param key <div class="zh">密钥的加密文本。</div> <div class="en">The encrypted text of the key.</div> 980 * @param mode <div class="zh">0:KMACH。</div> <div class="en">0:KMACH.</div> 981 * @return <div class="zh">KCA的密钥验证码。3个字节。</div> 982 * <div class="en">KCA's key verification code. 3 bytes.</div> 983 * @throws PedDevException PedDevException 984 */ 985 byte[] asLoadKeyByKi(byte keyIndex, byte[] key, byte mode) throws PedDevException; 986 987 /** 988 * <div class="zh">使用PKsp生成一个KI和加密KI双倍长度的随机密钥。</div> <div class="en"> Generate a random double length Key as KI and 989 * encrypt KI with PKsp.</div> 990 * 991 * @param pstPKsp <div class="zh">RSA公钥,用来加密KiKey。</div> <div class="en">The RSA public key, which is used to encrypt 992 * the KiKey. </div> 993 * @param random <div class="zh">交换机的随机数。 </div> <div class="en"> Random number from the switch. </div> 994 * @param userData <div class="zh"> 用户数据。 </div> <div class="en"> User data. </div> 995 * @param ppid <div class="zh"> 8字节PPID。 </div> <div class="en"> 8 Bytes PPID. </div> 996 * @param kiKeyLen <div class="zh"> KiKey长度为16。 </div> <div class="en"> The KiKey length is 16. </div> 997 * @param mode <div class="zh">必须是0。 </div> <div class="en"> It must to be 0. </div> 998 * @return <div class="zh">KiKey,长度为16字节。 <br/> 999 * <table border="1"> 1000 * <tr> 1001 * <th>Contents</th> 1002 * <th>Length</th> 1003 * <th>Attribute</th> 1004 * <th>Bytes</th> 1005 * </tr> 1006 * <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" /> 1007 * <tr> 1008 * <th>在PKsp加密之前,以下数据字段将会优先被使用DFormat 1数据块进行编码。最终的密码将会被格式化为一个DFormat1数据块</th> 1009 * <th></th> 1010 * <th>b</th> 1011 * <th>var</th> 1012 * </tr> 1013 * <tr> 1014 * <th>00-15 KI(奇数位校验调整)</th> 1015 * <th>16</th> 1016 * <th>B</th> 1017 * <th>16</th> 1018 * <tr> 1019 * <th>16-23 PPID</th> 1020 * <th>8</th> 1021 * <th>B</th> 1022 * <th>8</th> 1023 * </tr> 1024 * <tr> 1025 * <th>24-29 YYMMDDHHMMSS</th> 1026 * <th>12</th> 1027 * <th>N</th> 1028 * <th>6</th> 1029 * </tr> 1030 * <tr> 1031 * <th>30-(30+n-1) 来自交换机的随机数</th> 1032 * <th>N</th> 1033 * <th>B</th> 1034 * <th>var</th> 1035 * </tr> 1036 * <tr> 1037 * <th>30+n 用户数据</th> 1038 * <th>M</th> 1039 * <th>B</th> 1040 * <th>var</th> 1041 * </tr> 1042 * </table> 1043 * <p> 1044 * ucKiKeyLen+8+5+usRandomLen+usUserDataLen必须小于PKsp’s 模长-5的字节长度 </div> <div class="en">KiKey, with a length 1045 * of 16 bytes.<br/> 1046 * <table border="1"> 1047 * <tr> 1048 * <th>Contents</th> 1049 * <th>Length</th> 1050 * <th>Attribute</th> 1051 * <th>Bytes</th> 1052 * </tr> 1053 * <col align="left" /> <col align="left" /> <col align="left" /> <col align="left" /> 1054 * <tr> 1055 * <th>Before PKsp is encrypted, the following data fields will be encoded first by using DFormat 1 data 1056 * blocks. The final password will be formatted as a DFormat1 block.</th> 1057 * <th></th> 1058 * <th>b</th> 1059 * <th>var</th> 1060 * </tr> 1061 * <tr> 1062 * <th>00-15 KI(odd parity adjusted)</th> 1063 * <th>16</th> 1064 * <th>B</th> 1065 * <th>16</th> 1066 * <tr> 1067 * <th>16-23 PPID</th> 1068 * <th>8</th> 1069 * <th>B</th> 1070 * <th>8</th> 1071 * </tr> 1072 * <tr> 1073 * <th>24-29 YYMMDDHHMMSS</th> 1074 * <th>12</th> 1075 * <th>N</th> 1076 * <th>6</th> 1077 * </tr> 1078 * <tr> 1079 * <th>30-(30+n-1) Random number from the Switch</th> 1080 * <th>N</th> 1081 * <th>B</th> 1082 * <th>var</th> 1083 * </tr> 1084 * <tr> 1085 * <th>30+n User Data</th> 1086 * <th>M</th> 1087 * <th>B</th> 1088 * <th>var</th> 1089 * </tr> 1090 * </table> 1091 * <p> 1092 * ucKiKeyLen+8+5+usRandomLen+usUserDataLen must be less than the bytes length of PKsp’s modulus-5 </div> 1093 * @throws PedDevException PedDevException 1094 * @since V3.23.00 1095 */ 1096 byte[] asGetKi(RSAKeyInfo pstPKsp, byte[] random, byte[] userData, byte[] ppid, byte kiKeyLen, byte mode) throws PedDevException; 1097}