001/* 002 * =========================================================================================== 003 * = COPYRIGHT 004 * PAX Computer Technology (Shenzhen) Co., Ltd. PROPRIETARY INFORMATION 005 * This software is supplied under the terms of a license agreement or nondisclosure 006 * agreement with PAX Computer Technology (Shenzhen) Co., Ltd. and may not be copied or 007 * disclosed except in accordance with the terms in that agreement. 008 * Copyright (C) 2017-2023 PAX Computer Technology (Shenzhen) Co., Ltd. All rights reserved. 009 * Description: // Detail description about the function of this module, 010 * // interfaces with the other modules, and dependencies. 011 * Revision History: 012 * Date Author Action 013 * 2017/04/01 PAX Create/Add/Modify/Delete 014 * =========================================================================================== 015 */ 016package com.pax.dal; 017 018import com.pax.dal.exceptions.PedDevException; 019 020/** 021 * <div class="zh">PED密钥隔离管理模块。</div> 022 * <div class="en">The PED key isolation manager module. </div> 023 */ 024public interface IPedKeyIsolationManager extends IPed { 025 026 /** 027 * <div class="zh">将应用自身的一个密钥属主更改为别的应用属主。根据keyType, srcKeyIndex找到密钥,改变密钥的属性。 028 * 如果目标应用对应的密钥已经存在,返回出错,避免密钥被覆盖。</div> 029 * <div class="en">Change the owner of one key of the application to another application. 030 * Find the key according to keyType, srcKeyIndex, and change the properties of the key. 031 * If the key corresponding to the target application already exists, return an error to prevent the key from being overwritten.</div> 032 * 033 * @param keyType <div class="zh">密钥类型。 034 * <ul> 035 * <li>{@link com.pax.dal.entity.EPedKeyType#TMK}</li> 036 * <li>PED_PPAD_TMK:0x43</li> 037 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TMK}</li> 038 * <li>PED_TWK:0x0A</li> 039 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 040 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 041 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 042 * <li>PED_FACE_TDK:0x11</li> 043 * <li>PED_PPAD_TPK:0x44</li> 044 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TPK}</li> 045 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TAK}</li> 046 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TDK}</li> 047 * <li>PED_SM4_FACE_TDK:0x37</li> 048 * <li>PED_TSK:0x40</li> 049 * <li>PED_TSD:0x41</li> 050 * <li>PED_TM1K:0x49</li> 051 * <li>PED_RSA:0x0B</li> 052 * <li>{@link com.pax.dal.entity.EPedKeyType#TIK}</li> 053 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 054 * <li>PED_AES_TPK:0x23</li> 055 * <li>PED_AES_TIK:0x51</li> 056 * </ul> 057 * </div> 058 * <div class="en">Key type. 059 * <ul> 060 * <li>{@link com.pax.dal.entity.EPedKeyType#TMK}</li> 061 * <li>PED_PPAD_TMK:0x43</li> 062 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TMK}</li> 063 * <li>PED_TWK:0x0A</li> 064 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 065 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 066 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 067 * <li>PED_FACE_TDK:0x11</li> 068 * <li>PED_PPAD_TPK:0x44</li> 069 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TPK}</li> 070 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TAK}</li> 071 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TDK}</li> 072 * <li>PED_SM4_FACE_TDK:0x37</li> 073 * <li>PED_TSK:0x40</li> 074 * <li>PED_TSD:0x41</li> 075 * <li>PED_TM1K:0x49</li> 076 * <li>PED_RSA:0x0B</li> 077 * <li>{@link com.pax.dal.entity.EPedKeyType#TIK}</li> 078 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 079 * <li>PED_AES_TPK:0x23</li> 080 * <li>PED_AES_TIK:0x51</li> 081 * </ul> 082 * </div> 083 * @param srcKeyIndex <div class="zh">原属主的密钥索引。</div> <div class="en">The key index of the original owner.</div> 084 * @param dstPkg <div class="zh">目的属主的包名。</div> <div class="en">The package name of the destination owner.</div> 085 * @param dstKeyIndex <div class="zh">目的属主密钥索引。</div> <div class="en">The key index of the destination owner.</div> 086 * @throws PedDevException 087 */ 088 void changeKeyOwner(byte keyType, int srcKeyIndex, String dstPkg, int dstKeyIndex) throws PedDevException; 089 090 /** 091 * <div class="zh">迁移旧的隔离密钥。</div> <div class="en">Migrate the old isolation key.</div> 092 * 093 * @throws PedDevException 094 */ 095 void migratePedKeys() throws PedDevException; 096 097 098 /** 099 * <div class="zh">将应用的一个密钥的的使用、更新和删除权限共享给其他应用。根据keyType, srcKeyIndex找到密钥,改变密钥的属性。 100 * 如果目标应用对应的密钥已经存在,返回出错,避免密钥被覆盖。</div> 101 * <div class="en">Share the use, update, and delete permissions of a key of an application to other applications. 102 * Find the key according to keyType, srcKeyIndex, and change the properties of the key. 103 * If the key corresponding to the target application already exists, return an error to prevent the key from being overwritten.</div> 104 * 105 * @param keyType <div class="zh">密钥类型。 106 * <ul> 107 * <li>{@link com.pax.dal.entity.EPedKeyType#TMK}</li> 108 * <li>PED_PPAD_TMK:0x43</li> 109 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TMK}</li> 110 * <li>PED_TWK:0x0A</li> 111 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 112 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 113 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 114 * <li>PED_FACE_TDK:0x11</li> 115 * <li>PED_PPAD_TPK:0x44</li> 116 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TPK}</li> 117 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TAK}</li> 118 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TDK}</li> 119 * <li>PED_SM4_FACE_TDK:0x37</li> 120 * <li>PED_TSK:0x40</li> 121 * <li>PED_TSD:0x41</li> 122 * <li>PED_TM1K:0x49</li> 123 * <li>PED_RSA:0x0B</li> 124 * <li>{@link com.pax.dal.entity.EPedKeyType#TIK}</li> 125 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 126 * <li>PED_AES_TPK:0x23</li> 127 * <li>PED_AES_TIK:0x51</li> 128 * </ul> 129 * </div> 130 * <div class="en">Key type. 131 * <ul> 132 * <li>{@link com.pax.dal.entity.EPedKeyType#TMK}</li> 133 * <li>PED_PPAD_TMK:0x43</li> 134 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TMK}</li> 135 * <li>PED_TWK:0x0A</li> 136 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 137 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 138 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 139 * <li>PED_FACE_TDK:0x11</li> 140 * <li>PED_PPAD_TPK:0x44</li> 141 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TPK}</li> 142 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TAK}</li> 143 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TDK}</li> 144 * <li>PED_SM4_FACE_TDK:0x37</li> 145 * <li>PED_TSK:0x40</li> 146 * <li>PED_TSD:0x41</li> 147 * <li>PED_TM1K:0x49</li> 148 * <li>PED_RSA:0x0B</li> 149 * <li>{@link com.pax.dal.entity.EPedKeyType#TIK}</li> 150 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 151 * <li>PED_AES_TPK:0x23</li> 152 * <li>PED_AES_TIK:0x51</li> 153 * </ul> 154 * </div> 155 * @param srcKeyIndex <div class="zh">原属主的密钥索引。</div> <div class="en">The key index of the original owner.</div> 156 * @param dstPkg <div class="zh">目的应用包名。</div> <div class="en">The package name of the destination application.</div> 157 * @param dstKeyIndex <div class="zh">目的应用的密钥索引。</div> <div class="en">The key index of the destination application.</div> 158 * @throws PedDevException 159 */ 160 void shareKey(byte keyType, int srcKeyIndex, String dstPkg, int dstKeyIndex) throws PedDevException; 161 162 163 /** 164 * <div class="zh">清除该应用的一个密钥信息(逻辑ID与物理卡槽的对应关系)。</div> 165 * <div class="en">Erases one of the key information for the application (mapping between logical ID and physical card slot)</div> 166 * 167 * @param keyType <div class="zh">密钥类型。 168 * <ul> 169 * <li>{@link com.pax.dal.entity.EPedKeyType#AES_TPK}</li> 170 * <li>{@link com.pax.dal.entity.EPedKeyType#AES_TIK}</li> 171 * <li>{@link com.pax.dal.entity.EPedKeyType#TIK}</li> 172 * <li>{@link com.pax.dal.entity.EPedKeyType#TMK}</li> 173 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 174 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 175 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 176 * <li>PED_TWK:0x0A</li> 177 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TMK}</li> 178 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TPK}</li> 179 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TAK}</li> 180 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TDK}</li> 181 * <li>PED_RSA:0x0B</li> 182 * </ul> 183 * </div> 184 * <div class="en">IKey type. 185 * <ul> 186 * <li>{@link com.pax.dal.entity.EPedKeyType#AES_TPK}</li> 187 * <li>{@link com.pax.dal.entity.EPedKeyType#AES_TIK}</li> 188 * <li>{@link com.pax.dal.entity.EPedKeyType#TIK}</li> 189 * <li>{@link com.pax.dal.entity.EPedKeyType#TMK}</li> 190 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 191 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 192 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 193 * <li>PED_TWK:0x0A</li> 194 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TMK}</li> 195 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TPK}</li> 196 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TAK}</li> 197 * <li>{@link com.pax.dal.entity.EPedKeyType#SM4_TDK}</li> 198 * <li>PED_RSA:0x0B</li> 199 * </ul> 200 * </div> 201 * 202 * @param keyIdx <div class="zh">密钥逻辑索引</div> <div class="en">Key logical index</div> 203 * 204 * @throws PedDevException 205 * @since V4.00.00 206 */ 207 void eraseKey(byte keyType, byte keyIdx) throws PedDevException; 208 209 /** 210 * <div class="zh">将session TPK转为online TPK。</div> 211 * <div class="en">Translate a session TPK to online TPK.</div> 212 * 213 * @param pinpadTPKIndex <div class="zh">上位机与PINPAD的约定秘钥PED_PPAD_TPK,取值范围:1~100。</div> 214 * <div class="en">Session TPK(type is PED_PPAD_TPK).Value range:1~100</div> 215 * 216 * @param pinpadTPKType <div class="zh">pinpadTPKindex的类型(PED_PPAD_TPK\PED_AES_PPAD_TPK) </div> 217 * <div class="en">Type of pinpadTPKindex (PED_PPAD_TPK\PED_AES_PPAD_TPK)</div> 218 * 219 * @param pinpadPinBlock <div class="zh">8字节,从pinpad转换的pinblock,必须使用ISO9564 格式 1。 220 * </div> <div class="en">8 bytes, pinblock converted from pinpad, must use ISO9564 format 1</div> 221 * 222 * @param dstTPKIndex <div class="zh">必须是online TPK。类型是PED_TPK或PED_TIK,索引1-100 。</div> 223 * <div class="en">Must be an online TPK. Type is PED_TPK or PED_TIK, index 1-100.</div> 224 * 225 * @param dstKeyType 226 * <div class="zh"> 227 * <ul> 228 * <li>0x03:TPK</li> 229 * <li>0x07:TIK</li> 230 * <li>0x23:AES_TPK</li> 231 * <li>0x51:AES_TIK</li> 232 * </ul> 233 * </div> 234 * <div class="en"> 235 * <ul> 236 * <li>0x03:TPK</li> 237 * <li>0x07:TIK</li> 238 * <li>0x23:AES_TPK</li> 239 * <li>0x51:AES_TIK</li> 240 * </ul> 241 * </div> 242 * 243 * @param dataIn <div class="zh"> 244 * <ul> 245 * <li>当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。</li> 246 * <li>当mode=0x01时, 参考 ISO9564规范。</li> 247 * <li>当mode=0x02时, 参考 ISO9564规范</li> 248 * <li>当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 249 * </ul> 250 * </div> 251 * <div class="en"> 252 * <ul> 253 * <li>When mode=0x00, DataIn is the 16 bytes primary account number after shifting.</li> 254 * <li>When mode=0x01, Reference ISO9564 specification.</li> 255 * <li>When mode=0x02, Reference ISO9564 specification.</li> 256 * <li>When mode=0x03, dataIn is ISN [6 Bytes, ASCII code].</li> 257 * </ul> 258 * </div> 259 * 260 * @param mode <div class="zh">PIN Block的格式。 261 * <ul> 262 * <li>0x00:ISO9564 格式 0</li> 263 * <li>0x01:ISO9564 格式 1</li> 264 * <li>0x02:ISO9564 格式 3</li> 265 * <li>0x03:HK EPS 专用格式</li> 266 * </ul> 267 * </div> 268 * <div class="en"> PIN Block format. 269 * <ul> 270 * <li>0x00:ISO9564 format 0</li> 271 * <li>0x01:ISO9564 format 1</li> 272 * <li>0x02:ISO9564 format 3</li> 273 * <li>0x03:HK EPS -EPS PINBLOCK Format</li> 274 * </ul> 275 * </div> 276 * 277 * @return <div class="zh">16字节的目的PINBlock。</div> <div class="en">16-bytes pin block.</div> 278 * 279 * @throws PedDevException 280 * @since V4.03.00 281 */ 282 byte[] convertPinBlock(byte pinpadTPKIndex, byte pinpadTPKType, byte[] pinpadPinBlock, byte dstTPKIndex, byte dstKeyType, byte[] dataIn, byte mode) throws PedDevException; 283 284 /** 285 * <div class="zh"> 生成一个随机密钥 </div> <div class="en"> Generate a random key. </div> 286 * 287 * @param keyIdx 288 * <div class="zh">密钥索引[1~100]</div> <div class="en"> 1~100: Index of key. </div> 289 * @param keyType 290 * <div class="zh"> PED_TSK(0x40):用于发散的密钥种子</div> <div class="en"> PED_TSK(0x40):Seed key for diversification </div> 291 * @param keyLen 292 * <div class="zh"> 8/16/24 </div> <div class="en"> 8/16/24 </div> 293 * @throws PedDevException 294 */ 295 void genRandomKeyForNP(int keyIdx, int keyType, int keyLen) throws PedDevException; 296 297 /** 298 * <div class="zh">将srcKeyType指定的源密钥与keyVar异或生成一个新的dstKeyIdx类型的密钥,并将新的密钥保存到dstKeyType。</div> <div class="en"> Generate 299 * a new dstKeyType key by XOR-ing keyVar using the source key specified by srcKeyType and store the new key to 300 * dstKeyIdx. </div> 301 * 302 * @param srcKeyType 303 * <div class="zh"> 源密钥类型。PED_TSK(0x40)。 </div> <div class="en"> The source key type. PED_TSK(0x40).</div> 304 * @param srcKeyIdx 305 * <div class="zh"> 源密钥索引[1~100] </div> <div class="en"> The source key index, the valid range is 1~100. 306 * </div> 307 * @param dstKeyType 308 * <div class="zh"> 目的密钥类型。 309 * <ul> 310 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 311 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 312 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 313 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 314 * </ul> 315 * </div> 316 * <div class="en"> The destination key. 317 * <ul> 318 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 319 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 320 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 321 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 322 * </ul> 323 * </div> 324 * @param dstKeyIdx 325 * <div class="zh"> 目的密钥索引[1~100] </div> <div class="en"> The destination key index, the valid range is 326 * 1~100. </div> 327 * @param keyVar 328 * <div class="zh"> 与PED_TSK异或的常量值,长度与PED_TSK相同。 329 * <ul> 330 * <li>当dstKeyType为{@link com.pax.dal.entity.EPedKeyType#TAESK}时,PED_TSK的长度为16或者24字节。</li> 331 * <li>否则,PED_TSK的长度为24字节。</li> 332 * </ul> 333 * </div> 334 * <div class="en"> The constant value to be XORed by PED_TSK. and length is the same as PED_TSK. 335 * <ul> 336 * <li>When dstKeyType {@link com.pax.dal.entity.EPedKeyType#TAESK}, PED_TSK length is 16 or 24 bytes.</li> 337 * <li>Otherwise, PED_TSK length is 24 bytes.</li> 338 * </ul> 339 * </div> 340 * @throws PedDevException 341 */ 342 void writeKeyVarForNP(int srcKeyType, int srcKeyIdx, int dstKeyType, int dstKeyIdx, byte[] keyVar) 343 throws PedDevException; 344 345 /** 346 * <div class="zh">KSN 加 1</div> <div class="en">KSN plus 1</div> 347 * @param groupIdx 348 * <div class="zh"> [1~40]AES DUKPT密钥组索引号。每个 KSN 对应的 AES DUKPT 密钥, 每次使用DUKPT后,建议调用该接口,给ksn加1,保证一次一密 </div> 349 * <div class="en"> [1~40]AES DUKPT key group index. AES DUKPT key corresponding to each KSN. After each DUKPT is used, you are advised to call this interface and add 1 to the ksn to ensure one password at a time </div> 350 * 351 * @throws PedDevException 352 */ 353 void increaseAesDukptKsn(byte groupIdx) throws PedDevException; 354}