001/* 002 * =========================================================================================== 003 * = COPYRIGHT 004 * PAX Computer Technology (Shenzhen) Co., Ltd. PROPRIETARY INFORMATION 005 * This software is supplied under the terms of a license agreement or nondisclosure 006 * agreement with PAX Computer Technology (Shenzhen) Co., Ltd. and may not be copied or 007 * disclosed except in accordance with the terms in that agreement. 008 * Copyright (C) 2017-2023 PAX Computer Technology (Shenzhen) Co., Ltd. All rights reserved. 009 * Description: // Detail description about the function of this module, 010 * // interfaces with the other modules, and dependencies. 011 * Revision History: 012 * Date Author Action 013 * 2017/04/01 PAX Create/Add/Modify/Delete 014 * =========================================================================================== 015 */ 016 017package com.pax.dal; 018 019 020import com.pax.dal.entity.DUKPTResult; 021import com.pax.dal.entity.EAesCheckMode; 022import com.pax.dal.entity.EAlgorithmType; 023import com.pax.dal.entity.ECheckMode; 024import com.pax.dal.entity.EKeyCode; 025import com.pax.dal.entity.EPedKeyType; 026import com.pax.dal.entity.EPedMacMode; 027import com.pax.dal.entity.EPedType; 028import com.pax.dal.entity.RSAKeyInfo; 029import com.pax.dal.entity.RSARecoverInfo; 030import com.pax.dal.exceptions.EPedDevException; 031import com.pax.dal.exceptions.PedDevException; 032 033 034/** 035 * <div class="zh">PED密钥隔离混合管理模块。</div> 036 * <div class="en">The PED key isolation mixed manager module. </div> 037 */ 038public interface IPedKeyIsolationMixedManager { 039 040 /** 041 * <div class="zh"> 设置输入PIN监听器。 </div> 042 * <div class="en"> Set the input PIN listener. </div> 043 * @param listener 044 * {@link IPed.IPedInputPinListener} 045 * 046 */ 047 void setInputPinListener(IPed.IPedInputPinListener listener); 048 049 050 051 /** 052 * <div class="zh">使用 AES DUKPT 的数据加解密密钥,对输入缓存内数据进行加密或解密。</div> 053 * <div class="en">Use the AES DUKPT data encryption and decryption key to encrypt or decrypt the data in the input buffer.</div> 054 * 055 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 056 * @param keyVarType <div class="zh"> 057 * <ul> 058 * <li>0x01: 用 AES DUKPT 数据加解密密钥运算。</li> 059 * <li>0x04: 使用应答数据密钥,仅支持加密模式,即mode 值只能为 0x01、0x03。</li> 060 * <li>0x05: 使用请求数据密钥,仅支持解密模式,即mode 值只能为 0x00、0x02。</li> 061 * </ul> 062 * </div> <div class="en"> 063 * <ul> 064 * <li>0x01: Use AES DUKPT data encryption and decryption key operations.</li> 065 * <li>0x04: Using the response data key, only supports the encryption mode, that is, the mode value can only be 0x01, 0x03.</li> 066 * <li>0x05: When using the requested data key, only the decryption mode is supported, that is, the mode value can only be 0x00, 0x02.</li> 067 * </ul> 068 * </div> 069 * @param iv <div class="zh"> 8/16字节初始向量,CBC加解密时需要,如果传入NULL,将默认用“\x00\x00\x00\x00\x00\x00\x00\x00”或 070 * “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00”作为初始向量 </div> 071 * <div class="en"> 8/16 bytes initialization vector, used for CBC encryption or decryption. If set it to NULL, 072 * it will use “\x00\x00\x00\x00\x00\x00\x00\x00” or “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00” 073 * as the initialization vector by default. </div> 074 * @param dataIn <div class="zh">需要进行运算的数据。数据长度<=8192,8(TDES)/16(AES)整除。</div> <div class="en">The data to be calculated. Data length<=8192, evenly divided by 8(TDES)/16(AES).</div> 075 * @param algorithmType <div class="zh"> 076 * <ul> 077 * <li>为{@link EAlgorithmType#_2TDEA_}或{@link EAlgorithmType#_3TDEA_}时,使用TDES算法计算。</li> 078 * <li>为{@link EAlgorithmType#_AES128_}或{@link EAlgorithmType#_AES192_}或{@link EAlgorithmType#_AES256_}时,使用AES算法计算。</li> 079 * </ul> 080 * </div> <div class="en"> 081 * <ul> 082 * <li>When it is {@link EAlgorithmType#_2TDEA_} or {@link EAlgorithmType#_3TDEA_}, use the TDES algorithm for calculation.</li> 083 * <li>When it is {@link EAlgorithmType#_AES128_} or {@link EAlgorithmType#_AES192_} or {@link EAlgorithmType#_AES256_}, use the AES algorithm for calculation.</li> 084 * </ul> 085 * </div> 086 * @param mode <div class="zh"> 087 * <ul> 088 * <li>0x00: ECB 解密</li> 089 * <li>0x01: ECB 加密</li> 090 * <li>0x02: CBC 解密</li> 091 * <li>0x03: CBC 加密</li> 092 * </ul> 093 * </div> <div class="en"> 094 * <ul> 095 * <li>0x00: ECB decryption.</li> 096 * <li>0x01: ECB encryption.</li> 097 * <li>0x02: CBC decryption.</li> 098 * <li>0x03: CBC encryption.</li> 099 * </ul> 100 * </div> 101 * @return {@link DUKPTResult} 102 * @throws PedDevException PedDevException 103 * @since V4.00.00 104 */ 105 DUKPTResult calcAesDUKPTData(byte groupIndex, byte keyVarType, byte[] iv, byte[] dataIn, 106 EAlgorithmType algorithmType, byte mode) throws PedDevException; 107 108 109 110 /** 111 * <div class="zh">使用 AES DUKPT 的 MAC 密钥计算 MAC。</div> <div class="en">Use AES DUKPT's MAC key to calculate MAC.</div> 112 * 113 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 114 * @param dataIn <div class="zh">要进行 MAC 运算的数据内容。数据的长度<=2048,长度不能被 8(TDES)/16(AES)整除,则自动补 0x00。</div> 115 * <div class="en">The data content to be MAC operation. The length of the data <=2048, and the length cannot be divisible by 8(TDES)/16(AES), then 0x00 will be automatically added.</div> 116 * @param algorithmType <div class="zh"> 117 * <ul> 118 * <li>为{@link EAlgorithmType#_2TDEA_}或{@link EAlgorithmType#_3TDEA_}时,使用TDES算法计算。</li> 119 * <li>为{@link EAlgorithmType#_AES128_}或{@link EAlgorithmType#_AES192_}或{@link EAlgorithmType#_AES256_}时,使用AES算法计算。</li> 120 * <li>为{@link EAlgorithmType#_HMAC128_}或{@link EAlgorithmType#_HMAC192_}或{@link EAlgorithmType#_HMAC256_}时,仅支持HMAC-SHA256算法计算。即mode为0x25/0x45/0x65。</li> 121 * </ul> 122 * </div> <div class="en"> 123 * <ul> 124 * <li>When it is {@link EAlgorithmType#_2TDEA_} or {@link EAlgorithmType#_3TDEA_}, use the TDES algorithm for calculation.</li> 125 * <li>When it is {@link EAlgorithmType#_AES128_} or {@link EAlgorithmType#_AES192_} or {@link EAlgorithmType#_AES256_}, use the AES algorithm for calculation.</li> 126 * <li>When it is {@link EAlgorithmType#_HMAC128_} or {@link EAlgorithmType#_HMAC192_} or {@link EAlgorithmType#_HMAC256_}, only HMAC-SHA256 algorithm calculation is supported. That is, the mode is 0x25/0x45/0x65.</li> 127 * </ul> 128 * </div> 129 * @param mode <div class="zh"> 130 * <ul> 131 * <li>0x20: 根据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。</li> 132 * <li>0x21: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1。</li> 133 * <li>0x22: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。)</li> 134 * <li>0x23: CMAC算法。 KSN不自动加1。其它值保留扩展MAC算法。</li> 135 * <li>0x25: HMAC-SHA256算法。 KSN不自动加1。</li> 136 * <li>0x40: 根据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。</li> 137 * <li>0x41: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1 。</li> 138 * <li>0x42: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。) </li> 139 * <li>0x43: CMAC算法。 KSN不自动加1。其它值保留扩展MAC算法。</li> 140 * <li>0x45: HMAC-SHA256算法。 KSN不自动加1。</li> 141 * <li>0x60: 据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。</li> 142 * <li>0x61: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1。</li> 143 * <li>0x62: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。) </li> 144 * <li>0x63: CMAC算法。KSN不自动加1。 其它值保留扩展MAC算法。</li> 145 * <li>0x65: HMAC-SHA256算法。 KSN不自动加1。</li> 146 * </ul> 147 * </div> <div class="en"> 148 * <ul> 149 * <li>0x20: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.</li> 150 * <li>0x21: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.</li> 151 * <li>0x22: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)</li> 152 * <li>0x23: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.</li> 153 * <li>0x25: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.</li> 154 * <li>0x40: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.</li> 155 * <li>0x41: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.</li> 156 * <li>0x42: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)</li> 157 * <li>0x43: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.</li> 158 * <li>0x45: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.</li> 159 * <li>0x60: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.</li> 160 * <li>0x61: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.</li> 161 * <li>0x62: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)</li> 162 * <li>0x63: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.</li> 163 * <li>0x65: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.</li> 164 * </ul> 165 * </div> 166 * @return {@link DUKPTResult} <div class="zh">当mode等于HMAC-SHA256算法是,输出长度为32字节。</div> 167 * <div class="en">When the mode is equal to the HMAC-SHA256 algorithm, the output length is 32 bytes.</div> 168 * @throws PedDevException PedDevException 169 * @since V4.00.00 170 */ 171 DUKPTResult getAesDUKPTMac(byte groupIndex, byte[] dataIn, EAlgorithmType algorithmType, byte mode) throws PedDevException; 172 173 174 /** 175 * <div class="zh">在 PED 上输入 PIN,并使 AES DUKPT 的 PIN 密钥计算 PINBlock。</div> 176 * <div class="en">Enter the PIN on the PED, and use the PIN key of AES DUKPT to calculate the PINBlock.</div> 177 * 178 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 179 * @param exPinLen <div class="zh">可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 180 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。</div> <div class="en">The valid password length string that can be entered, the application enumerates all the allowable password lengths, 181 * and separates each length with a "," sign. The valid value of the password length is 0, 4~12. If 4 or 6-digit passwords are allowed and you can press confirm without a password, the character string should be set to "0, 4, 6". 182 * If the length of the enumeration is 0, it means that you can directly press the enter key to return without entering any number. If there are invalid values of length in the enumerated string, such as "2, 6, 7, 10", the invalid value will be ignored.</div> 183 * @param dataIn <div class="zh"> 184 * <ul> 185 * <li>当mode=0x20时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。</li> 186 * <li>当mode=0x21时,dataIn未使用,但是不能为NULL。 </li> 187 * <li>当mode=0x22时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。</li> 188 * <li>当mode=0x23时,为交易流水号ISN [6 Bytes,ASCII码]。</li> 189 * <li>当mode=0x24时,dataIn为主账号。</li> 190 * </ul></div> 191 * <div class="en"> 192 * <ul> 193 * <li>When mode=0x20, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.</li> 194 * <li>When mode=0x21, dataIn is not in use, but cannot be NULL.</li> 195 * <li>When mode=0x22, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.</li> 196 * <li>When mode=0x23, is the transaction current number [6 Bytes,ASCII code].</li> 197 * <li>When mode=0x24, dataIn is primary account.</li> 198 * </ul></div> 199 * @param algorithmType {@link EAlgorithmType} <div class="zh"> 200 * <ul> 201 * <li>为{@link EAlgorithmType#_2TDEA_}或者{@link EAlgorithmType#_3TDEA_}时,使用 TDES算法计算(mode不能为0x24)。</li> 202 * <li>为{@link EAlgorithmType#_AES128_}或者{@link EAlgorithmType#_AES192_}或者{@link EAlgorithmType#_AES256_}时,使用 AES 算法计算(mode只能为0x24)。</li> 203 * </ul> 204 * </div> <div class="en"> 205 * <ul> 206 * <li>When it is {@link EAlgorithmType#_2TDEA_} or {@link EAlgorithmType#_3TDEA_}, use the TDES algorithm for calculation (mode cannot be 0x24).</li> 207 * <li>When it is {@link EAlgorithmType#_AES128_} or {@link EAlgorithmType#_AES192_} or {@link EAlgorithmType#_AES256_}, use the AES algorithm for calculation (mode can only be 0x24).</li> 208 * </ul> 209 * </div> 210 * @param mode <div class="zh"> 211 * <ul> 212 * <li>0x20:ISO9564 格式0,KSN不自动加1。</li> 213 * <li>0x21:ISO9564 格式1,KSN不自动加1。</li> 214 * <li>0x22:ISO9564 格式3,KSN不自动加1。</li> 215 * <li>0x23:HK EPS格式, KSN不自动加1。</li> 216 * <li>0x24:ISO9564 格式4,KSN不自动加1。</li> 217 * </ul></div> 218 * <div class="en"> 219 * <ul> 220 * <li>0x20:ISO9564 format 0,KSN doesn't automatically add 1。</li> 221 * <li>0x21:ISO9564 format 1,KSN doesn't automatically add 1。</li> 222 * <li>0x22:ISO9564 format 3,KSN doesn't automatically add 1。</li> 223 * <li>0x23:HK EPS format, KSN doesn't automatically add 1。</li> 224 * <li>0x24:ISO9564 format 4,KSN doesn't automatically add 1。</li> 225 * </ul></div> 226 * @param timeoutMs <div class="zh"></div> <div class="en"></div> 227 * @return <div class="zh">输入 PIN 的超时时间。单位:毫秒,最大值为 300000ms。0表示没有超时时间,PED 不做超时控制。</div> 228 * <div class="en">Enter the PIN timeout period. Unit: milliseconds, the maximum value is 300000ms. 0 means there is no timeout period, and PED does not do timeout control.</div> 229 * @throws PedDevException PedDevException 230 * @since V4.00.00 231 */ 232 DUKPTResult getAesDUKPTPin(byte groupIndex, String exPinLen, byte[] dataIn, EAlgorithmType algorithmType, byte mode, 233 long timeoutMs) throws PedDevException; 234 235 236 /** 237 * <div class="zh">写入 AES DUKPT 初始密钥 AESTIK,并可以选择使用 KCV 验证密钥正确性。</div> 238 * <div class="en">Write the AES DUKPT initial key AESTIK, and you can choose to use KCV to verify the correctness of the key.</div> 239 * 240 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 241 * @param srcKeyIndex <div class="zh">用于分散的密钥的密钥索引。范围0~1。目前仅支持明文写入,索引仅支持0。</div> <div class="en">The key index for the decentralized key. The range is 0~1. Currently, only plaintext writing is supported, and the index only supports 0.</div> 242 * @param keyValue <div class="zh">AESTIK 的明文。目前AES DUKPT 算法支持 16/24/32 字节长度的密钥。</div> <div class="en">The plain text of AESTIK. Currently, the AES DUKPT algorithm supports keys with a length of 16/24/32 bytes.</div> 243 * @param ksn <div class="zh">初始化 KSN。长度10/12 字节,只有在兼容模式才会是 10 字节。</div> <div class="en">Initialize KSN. The length is 10/12 bytes, only in compatibility mode will it be 10 bytes.</div> 244 * @param checkMode <div class="zh">验证模式。 245 * <ul> 246 * <li>0x00:无校验。</li> 247 * <li>0x05:对16个字节的 0x00进行AES加密,得到的密文的前3个字节即为KCV。</li> 248 * <li>0x06:对16个字节的 0x00进行AES CMAC加密,得到的密文的前3个字节即为KCV。</li> 249 * </ul> 250 * </div> <div class="en">Check mode. 251 * <ul> 252 * <li>0x00: No check.</li> 253 * <li>0x05:Perform AES encryption on the 16 bytes of 0x00, and the first 3 bytes of the ciphertext obtained are KCV.</li> 254 * <li>0x06:Perform AES CMAC encryption on the 16 bytes of 0x00, and the first 3 bytes of the ciphertext obtained are KCV.</li> 255 * </ul> </div> 256 * @param checkBuf <div class="zh"> 257 * <ul> 258 * <li>当checkMode=0x00时,checkBuf的值无效,系统认为不验证KCV。</li> 259 * <li>当checkMode=0x05/0x06时,checkBuf[0]=KCV的长度,checkBuf[1]开始是KCV的值。</li> 260 * </ul> 261 * </div> <div class="en"> 262 * <ul> 263 * <li>When checkMode=0x00, the value of checkBuf is invalid, and the system considers that KCV is not verified.</li> 264 * <li>When checkMode=0x05/0x06, checkBuf[0]=KCV length, checkBuf[1] starts with the value of KCV.</li> 265 * </ul> 266 * </div> 267 * @throws PedDevException PedDevException 268 * @since V4.00.00 269 */ 270 void writeAesDUKPTTIK(byte groupIndex, byte srcKeyIndex, byte[] keyValue, byte[] ksn, byte checkMode, 271 byte[] checkBuf) throws PedDevException; 272 273 274 /** 275 * <div class="zh"> 使用AES算法进行加密和解密</div> 276 * <div class="en"> Use AES algorithm for encryption and decryption. </div> 277 * 278 * @param keyIndex 279 * <div class="zh">AES_TDK密钥序号: 1~100 </div> <div class="en"> [1~100] AES_TDK index </div> 280 * 281 * @param initVector 282 * <div class="zh">ECB模式: 初始向量为空。 CBC/OFB模式: 初始向量, 16字节。 </div> 283 * <div class="en"> ECB mode: init vector is null .CBC/OFB mode: init vector, 16 bytes. </div> 284 * 285 * @param dataIn 286 * <div class="zh">用于加密或解密的数据,最大长度 <= 1024, 且为16的倍数。 </div> 287 * <div class="en"> the data to be calculated. The maximum length is <= 1024, and is a multiple of 16. </div> 288 * 289 * @param mode 290 * <div class="zh"> 291 * <ul> 292 * <li>0x00: ECB模式解密</li> 293 * <li>0x01: ECB模式加密</li> 294 * <li>0x02: CBC模式解密</li> 295 * <li>0x03: CBC模式加密</li> 296 * <li>0x04: OFB模式解密</li> 297 * <li>0x05: OFB模式加密</li> 298 * </ul> 299 * </div> <div class="en"> 300 * <ul> 301 * <li>0x00: DECRYPT#ECB</li> 302 * <li>0x01: ENCRYPT#ECB</li> 303 * <li>0x02: DECRYPT#CBC</li> 304 * <li>0x03: ENCRYPT#CBC</li> 305 * <li>0x04: DECRYPT#OFB</li> 306 * <li>0x05: ENCRYPT#OFB</li> 307 * </ul> 308 * </div> 309 * 310 * @return <div class="zh"> 返回运算后的数据 </div> <div class="en"> the data after calculation. </div> 311 * 312 * @throws PedDevException 313 * @since V4.00.00 314 */ 315 byte[] calcAes(byte keyIndex, byte[] initVector, byte[] dataIn, byte mode) throws PedDevException; 316 317 318 /** 319 * <div class="zh"> 使用TDK对dataIn数据进行DES/TDES运算,使用DES或TDES根据密钥的长度而定。除0,1模式没有向量外,其他模式有向量但默认为NULL。</div> 320 * <div class="en"> To use TDK encrypt or decrypt data by DES/TDES. Using DES or TDES depends on the key length. 321 * Except for 0, 1 mode which does not have a vector, other modes have a vector but default to NULL.</div> 322 * 323 * @param keyIndex 324 * <div class="zh"> [1~100] TDK的索引 。</div> <div class="en"> [1~100] TDK index.</div> 325 * 326 * @param dataIn 327 * <div class="zh"> 用于运算的数据.除ECB和CBC最大支持8K bytes,其他模式的输入长度最大支持2048。</div> 328 * <div class="en"> Data used for calculation. Except for ECB and CBC, which support a maximum of 8K bytes, other modes supports a maximum of 2048.</div> 329 * 330 * @param mode 331 * <div class="zh"> 332 * <ul> 333 * <li>0x00: ECB模式解密</li> 334 * <li>0x01: ECB模式加密</li> 335 * <li>0x02: CBC模式解密</li> 336 * <li>0x03: CBC模式加密</li> 337 * <li>0x04: OFB模式解密</li> 338 * <li>0x05: OFB模式加密</li> 339 * <li>0x06: CFB8模式解密</li> 340 * <li>0x07: CFB8模式加密</li> 341 * </ul> 342 * </div> <div class="en"> 343 * <ul> 344 * <li>0x00: DECRYPT#ECB</li> 345 * <li>0x01: ENCRYPT#ECB</li> 346 * <li>0x02: DECRYPT#CBC</li> 347 * <li>0x03: ENCRYPT#CBC</li> 348 * <li>0x04: DECRYPT#OFB</li> 349 * <li>0x05: ENCRYPT#OFB</li> 350 * <li>0x06: DECRYPT#CFB8</li> 351 * <li>0x07: ENCRYPT#CFB8</li> 352 * </ul> 353 * </div> 354 * 355 * @return <div class="zh"> 运算后的数据 。</div> <div class="en"> The data which have been calculated. </div> 356 * 357 * @throws PedDevException 358 */ 359 byte[] calcDes(byte keyIndex, byte[] dataIn, byte mode) throws PedDevException; 360 361 362 /** 363 * <div class="zh"> 使用TDK对数据进行DES/TDES解密或加密运算,输出明文或密文;一个指定的 TDK,只能用于加密或解密运算。</div> 364 * <div class="en"> Use TDK to perform DES/TDES decryption or encryption operations on data, and output plaintext or ciphertext; 365 * a specified TDK can only be used for encryption or decryption operations</div> 366 * 367 * @param keyIndex 368 * <div class="zh"> [1~100] TDK的索引 </div> <div class="en"> [1~100] TDK index </div> 369 * 370 * @param initVector 371 * <div class="zh">加解密运算的初始向量,长度为8字节,无论长度多少,只有前8字节有效。 </div> 372 * <diV class="en">The initial vector for encryption and decryption operations, the length is 8 bytes, no matter how long it is, only the first 8 bytes are valid.</div> 373 * 374 * @param dataIn 375 * <div class="zh"> 需要进行运算的数据,以字节为单位, 除0,1模式最大支持8K之外,其他模式最大支持1024 </div> 376 * <div class="en"> The data that needs to be calculated, in bytes, except for the 0,1 mode that supports a maximum of 8K, other modes support a maximum of 1024.</div> 377 * 378 * @param mode 379 * <div class="zh"> 380 * <ul> 381 * <li>0x00: CBC模式解密</li> 382 * <li>0x01: CBC模式加密</li> 383 * <li>0x04: OFB模式解密</li> 384 * <li>0x05: OFB模式加密</li> 385 * <li>0x06: CFB8模式解密</li> 386 * <li>0x07: CFB8模式加密</li> 387 * </ul> 388 * </div> <div class="en"> 389 * <ul> 390 * <li>0x00: DECRYPT#CBC</li> 391 * <li>0x01: ENCRYPT#CBC</li> 392 * <li>0x04: DECRYPT#OFB</li> 393 * <li>0x05: ENCRYPT#OFB</li> 394 * <li>0x06: DECRYPT#CFB8</li> 395 * <li>0x07: ENCRYPT#CFB8</li> 396 * </ul> 397 * </div> 398 * 399 * @return <div class="zh"> 返回运算后的数据 </div> <div class="en"> the data after calculation. </div> 400 * 401 * @throws PedDevException 402 * @since V4.00.00 403 */ 404 byte[] calcDesExMode(byte keyIndex, byte[] initVector, byte[] dataIn, byte mode) throws PedDevException; 405 406 407 /** 408 * <div class="zh"> 使用DUKPT的MAC密钥或DES密钥,对输入缓存内数据进行加密或解密。</div> 409 * <div class="en"> Use MAC key or DES key of DUKPT to encrypt or decrypt the data in the input buffer.</div> 410 * 411 * @param groupIndex 412 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT group ID </div> 413 * 414 * @param keyVarType 415 * <div class="zh"> 416 * <ul> 417 * <li>0x00: 使用请求和应答MAC密钥。</li> 418 * <li>0x01: 使用DUKPT DES密钥运算。</li> 419 * <li>0x02: 使用DUKPT PIN密钥做ECB加密。Mode 只能取值 0x01:ECB 加密。</li> 420 * <li>0x03: 使用应答 MAC 密钥。仅支持加密模式,mode只能是0x01、0x03、0x05。</li> 421 * <li>0x04: 使用应答 DES 密钥。仅支持加密模式,mode只能是0x01、0x03、0x05。</li> 422 * </ul> 423 * </div> 424 * <div class="en"> 425 * <ul> 426 * <li>0x00: Use request and response MAC key.</li> 427 * <li>0x01: Use DUKPT DES key operation.</li> 428 * <li>0x02: Use DUKPT PIN key to do the ECB encryption. mode can only be 0x01:ENCRYPT#ECB.</li> 429 * <li>0x03: Use the response MAC key. Only encryption mode is supported, mode can only be 0x01、0x03、0x05.</li> 430 * <li>0x04: Use the response DES key. Only encryption mode is supported, mode can only be 0x01、0x03、0x05.</li> 431 * </ul> 432 * </div> 433 * 434 * @param iv 435 * <div class="zh"> 8字节初始向量,CBC加解密时需要,如果传入NULL,将默认用“\x00\x00\x00\x00\x00\x00\x00\x00”作为初始向量 </div> <div 436 * class="en"> 8 bytes initialization vector, used for CBC encryption or decryption. If set it to NULL, 437 * it will use “\x00\x00\x00\x00\x00\x00\x00\x00” as the initialization vector by default. </div> 438 * 439 * @param dataIn 440 * <div class="zh"> 指向需要进行运算的数据, 数据长度<=8192,8整除 </div> <div class="en"> Point to the data which need to 441 * be computed.Data length less than or equal to 8192, it is divisible by 8. </div> 442 * 443 * @param mode 444 * <div class="zh"> 445 * <ul> 446 * <li>0x00: ECB模式解密</li> 447 * <li>0x01: ECB模式加密</li> 448 * <li>0x02: CBC模式解密</li> 449 * <li>0x03: CBC模式加密</li> 450 * <li>0x04: OFB模式解密</li> 451 * <li>0x05: OFB模式加密</li> 452 * </ul> 453 * </div> <div class="en"> 454 * <ul> 455 * <li>0x00: DECRYPT#ECB</li> 456 * <li>0x01: ENCRYPT#ECB</li> 457 * <li>0x02: DECRYPT#CBC</li> 458 * <li>0x03: ENCRYPT#CBC</li> 459 * <li>0x04: DECRYPT#OFB</li> 460 * <li>0x05: ENCRYPT#OFB</li> 461 * </ul> 462 * </div> 463 * @return {@link DUKPTResult} 464 * @throws PedDevException 465 * @since V4.00.00 466 */ 467 DUKPTResult calcDUKPTDes(byte groupIndex, byte keyVarType, byte[] iv, byte[] dataIn, byte mode) throws PedDevException; 468 469 470 /** 471 * <div class="zh">扫描键盘上输入的PIN并输出由 Mode指定算法加密的 PIN BLOCK。 </div> 472 * <div class="en">Scan the PIN entered on the keyboard and output the PIN BLOCK encrypted by the algorithm specified by Mode.</div> 473 * 474 * 475 * @param keyIdx 476 * <div class="zh"> [1~100] TPK的索引 </div> <div class="en"> [1~100] TPK index </div> 477 * 478 * @param expPinLen 479 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 480 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。 481 * <p> 482 * 当mode=0x05的时候,该参数为"5" 483 * </p> 484 * </div> <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 485 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored. 486 * <p> 487 * When mode=0x05,it should be "5" 488 * </p> 489 * </div> 490 * 491 * @param dataIn 492 * <div class="zh"> 493 * <ul> 494 * <li>当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。</li> 495 * <li>当mode=0x01时, 输入参数为参与PinBlock的格式化,8字节数据(根据ISO9564的规范,该数据可以是随机数、交易流水号或时间戳等)。</li> 496 * <li>当mode=0x02时, DataIn指向卡号移位后生成的16位主帐号,DataIn+16指向参与PinBlock格式化的8字节数据(根据ISO9564的规范 497 * ,该数据可以是随机数、交易流水号或时间戳等,但是每个字节的高4位和低4位,均必须在0xA~0xF之间,所以当Mode为0x02时,应用需要将该8字节的数据做此检查,如果不满足要求将返回错误)</li> 498 * <li>当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 499 * <li>当Mode=0x05时, DataIn包含卡账号和CCS数据,格式为PANlen(1个字节) + CCSlen(1个字节) + PAN(PANlen个字节) + 500 * CCS(CCSlen个字节)。其中PAN为卡账号(ASCII码),目前限定PANlen必须为18,CCSlen必须为0或者8,CCS为ASCII码格式。</li> 501 * <li>当mode=0x14时,DataIn为原始主帐号。</li> 502 * </ul> 503 * </div> <div class="en"> 504 * <ul> 505 * <li>When mode=0x00, DataIn is the 16 bytes primary account number after shifting.</li> 506 * <li>When mode=0x01, Input parameters for participation in PinBlock formatting, 8 bytes data. (refer to 507 * ISO9564 standard, this data can be Random number, the transaction serial number or time stamp, etc.)</li> 508 * <li>When mode=0x02, DataIn is the 16 bytes primary account number after shifting. DataIn+16 point to 509 * the 8 bytes data which has participated in PinBlock formatting. (refer to ISO9564 standard, this data 510 * can be Random number, the transaction serial number or time stamp,etc. But the higher 4 bits and lower 511 * 4 bits of each byte should between 0xA~0xF. So, if the Mode=0x02, the bottom level will do this check 512 * for the 8 bytes data, it will return an error if does not meet the requirement.).</li> 513 * <li>When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]</li> 514 * <li>When Mode=0x05, DataIn contains card account and CCS data. The format is PANlen (1 bytes) + CCSlen 515 * (1 bytes) + PAN (PANlen byte) + CCS (CCSlen byte). In which PAN is a card account (ASCII code), the 516 * current limited PANlen must be 18, CCSlen must be 0 or 8, CCS is ASCII code format.</li> 517 * <li>When mode=0x14, DataIn is the original primary account.</li> 518 * </ul> 519 * </div> 520 * 521 * @param mode 522 * <div class="zh"> PIN BLOCK的格式 523 * <ul> 524 * <li>0x00:ISO9564_0</li> 525 * <li>0x01:ISO9564_1</li> 526 * <li>0x02:ISO9564_3</li> 527 * <li>0x03:HK EPS</li> 528 * <li>0x04:预留</li> 529 * <li>0x05:Italy 专用模式</li> 530 * <li>0x06:AS2805 zero length PIN block mode。不会要求输入PIN,不会弹出输PIN窗口,expPinLen必须为0。</li> 531 * <li>0x11:使用AES_TPK加密,pinblock是日本的hit特殊模式</li> 532 * <li>0x12:使用AES_TPK加密,pinblock是日本的PKCS7模式</li> 533 * <li>0x14:使用AES_TPK加密,pinblock是ISO9564 格式4</li> 534 * <li>0x50:3DES-CBC</li> 535 * </ul> 536 * </div> <div class="en"> PIN BLOCK Format 537 * <ul> 538 * <li>0x00:ISO9564_0</li> 539 * <li>0x01:ISO9564_1</li> 540 * <li>0x02:ISO9564_3</li> 541 * <li>0x03:HK EPS -EPS PINBLOCK Format</li> 542 * <li>0x04:Reserved</li> 543 * <li>0x05:Italy special mode</li> 544 * <li>0x06:AS2805 zero length PIN block mode。The pin input window will not pop up. expPinLen must be 0.</li> 545 * <li>0x11:Using AES_TPK encryption, pinblock is Japan's hit special mode</li> 546 * <li>0x12:Using AES_TPK encryption, pinblock is Japan's PKCS7 mode</li> 547 * <li>0x14:Using AES_TPK encryption, pinblock is in ISO9564 format 4</li> 548 * <li>0x50:3DES-CBC</li> 549 * </ul> 550 * </div> 551 * 552 * @param timeoutMs 553 * <div class="zh"> 554 * <p> 555 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 556 * </p> 557 * </div> 558 * <div class="en"> 559 * <p> 560 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 561 * </p> 562 * </div> 563 * 564 * @return <div class="zh"> 8/16字节的PINBlock(Mode是0x11/0x12/0x14是16字节) </div> 565 * <div class="en">8/16 bytes of PINBlock (16 bytes when Mode is 0x11/0x12/0x14).</div> 566 * 567 * @throws PedDevException 568 * @since V4.00.00 569 */ 570 byte[] getPinBlock(byte keyIdx, String expPinLen, byte[] dataIn, byte mode, int timeoutMs) throws PedDevException; 571 572 573 /** 574 * <div class="zh">扫描键盘上输入的PIN并输出由 Mode指定算法加密的 PIN BLOCK。 </div> 575 * <div class="en">Scan the PIN entered on the keyboard and output the PIN BLOCK encrypted by the algorithm specified by Mode.</div> 576 * 577 * 578 * @param keyIdx 579 * <div class="zh"> [1~100] TPK的索引 </div> <div class="en"> [1~100] TPK index </div> 580 * 581 * @param expPinLen 582 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 583 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。 584 * <p> 585 * 当mode=0x05的时候,该参数为"5" 586 * </p> 587 * </div> <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 588 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored. 589 * <p> 590 * When mode=0x05,it should be "5" 591 * </p> 592 * </div> 593 * 594 * @param dataIn 595 * <div class="zh"> 596 * <ul> 597 * <li>当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。</li> 598 * <li>当mode=0x01时, 输入参数为参与PinBlock的格式化,8字节数据(根据ISO9564的规范,该数据可以是随机数、交易流水号或时间戳等)。</li> 599 * <li>当mode=0x02时, DataIn指向卡号移位后生成的16位主帐号,DataIn+16指向参与PinBlock格式化的8字节数据(根据ISO9564的规范 600 * ,该数据可以是随机数、交易流水号或时间戳等,但是每个字节的高4位和低4位,均必须在0xA~0xF之间,所以当Mode为0x02时,应用需要将该8字节的数据做此检查,如果不满足要求将返回错误)</li> 601 * <li>当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 602 * <li>当Mode=0x05时, DataIn包含卡账号和CCS数据,格式为PANlen(1个字节) + CCSlen(1个字节) + PAN(PANlen个字节) + 603 * CCS(CCSlen个字节)。其中PAN为卡账号(ASCII码),目前限定PANlen必须为18,CCSlen必须为0或者8,CCS为ASCII码格式。</li> 604 * <li>当mode=0x14时,DataIn为原始主帐号。</li> 605 * </ul> 606 * </div> <div class="en"> 607 * <ul> 608 * <li>When mode=0x00, DataIn is the 16 bytes primary account number after shifting.</li> 609 * <li>When mode=0x01, Input parameters for participation in PinBlock formatting, 8 bytes data. (refer to 610 * ISO9564 standard, this data can be Random number, the transaction serial number or time stamp, etc.)</li> 611 * <li>When mode=0x02, DataIn is the 16 bytes primary account number after shifting. DataIn+16 point to 612 * the 8 bytes data which has participated in PinBlock formatting. (refer to ISO9564 standard, this data 613 * can be Random number, the transaction serial number or time stamp,etc. But the higher 4 bits and lower 614 * 4 bits of each byte should between 0xA~0xF. So, if the Mode=0x02, the bottom level will do this check 615 * for the 8 bytes data, it will return an error if does not meet the requirement.).</li> 616 * <li>When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]</li> 617 * <li>When Mode=0x05, DataIn contains card account and CCS data. The format is PANlen (1 bytes) + CCSlen 618 * (1 bytes) + PAN (PANlen byte) + CCS (CCSlen byte). In which PAN is a card account (ASCII code), the 619 * current limited PANlen must be 18, CCSlen must be 0 or 8, CCS is ASCII code format.</li> 620 * <li>When mode=0x14, DataIn is the original primary account.</li> 621 * </ul> 622 * </div> 623 * 624 * @param mode 625 * <div class="zh"> PIN BLOCK的格式 626 * <ul> 627 * <li>0x00:ISO9564_0</li> 628 * <li>0x01:ISO9564_1</li> 629 * <li>0x02:ISO9564_3</li> 630 * <li>0x03:HK EPS</li> 631 * <li>0x04:预留</li> 632 * <li>0x05:Italy 专用模式</li> 633 * <li>0x11:使用AES_TPK加密,pinblock是日本的hit特殊模式</li> 634 * <li>0x12:使用AES_TPK加密,pinblock是日本的PKCS7模式</li> 635 * <li>0x14:使用AES_TPK加密,pinblock是ISO9564 格式4</li> 636 * <li>0x50:3DES-CBC</li> 637 * </ul> 638 * </div> <div class="en"> PIN BLOCK Format 639 * <ul> 640 * <li>0x00:ISO9564_0</li> 641 * <li>0x01:ISO9564_1</li> 642 * <li>0x02:ISO9564_3</li> 643 * <li>0x03:HK EPS -EPS PINBLOCK Format</li> 644 * <li>0x04:Reserved</li> 645 * <li>0x05:Italy special mode</li> 646 * <li>0x11:Using AES_TPK encryption, pinblock is Japan's hit special mode</li> 647 * <li>0x12:Using AES_TPK encryption, pinblock is Japan's PKCS7 mode</li> 648 * <li>0x14:Using AES_TPK encryption, pinblock is in ISO9564 format 4</li> 649 * <li>0x50:3DES-CBC</li> 650 * </ul> 651 * </div> 652 * 653 * @param timeoutMs 654 * <div class="zh"> 655 * <p> 656 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 657 * </p> 658 * </div> 659 * <div class="en"> 660 * <p> 661 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 662 * </p> 663 * </div> 664 * 665 * @param controlTime <div class="zh"> 等待第二个及之后的按键的超时时间,单位:毫秒(超过30s的为30s) </div> 666 * <div class="en"> The time-out for waiting for the second and subsequent keys in milliseconds (30 seconds for more than 30 seconds) </div> 667 * 668 * @return <div class="zh"> 8/16字节的PINBlock(Mode是0x11/0x12/0x14是16字节) </div> 669 * <div class="en">8/16 bytes of PINBlock (16 bytes when Mode is 0x11/0x12/0x14).</div> 670 * 671 * @throws PedDevException 672 * @since V4.00.00 673 */ 674 byte[] getPinBlock(byte keyIdx, String expPinLen, byte[] dataIn, byte mode, int timeoutMs, int controlTime)throws PedDevException; 675 676 677 /** 678 * <div class="zh"> 用KeyIdx指定的MAC密钥对DataIn进行mode指定的算法进行MAC运算,将MAC结果返回。</div> 679 * <div class="en"> To use KeyIdx MAC key calculate the DataIn following the specified Mode algorithm, return the MAC result.</div> 680 * 681 * @param keyIndex 682 * <div class="zh"> [1~100] TAK的索引 </div> <div class="en"> [1~100] TAK index </div> 683 * 684 * @param dataIn 685 * <div class="zh"> 需进行 MAC 运算的数据包.DataIn在mode=0和2时最大支持8K bytes,其他模式最大2048 bytes, 长度不为8字节整除,则自动补"\x00"。 </div> 686 * <div class="en"> The data packets that need to perform MAC operations. DataIn supports a maximum of 8K bytes when mode=0 and 2, and a maximum of 2048 bytes in other modes. 687 * If the length is not divisible by 8 bytes, "\x00" will be automatically filled.</div> 688 * 689 * @param mode 690 * <div class="zh"> 691 * <ul> 692 * <li>0x00:将BLOCK1用MAC密钥做DES/TDES加密,加密结果与BLOCK2进行逐位异或后再用TAK做DES/TDES加密,依次进行得到8字节的加密结果。</li> 693 * <li>0x01:将BLOCK1和BLOCK2进行逐位异或,异或结果与BLOCK3进行逐位异或,依次进行,最后得到8字节的异或结果,将该结果用TAK进行DES/TDES加密运算。</li> 694 * <li>0x02:ANSIX9.19规范,将BLOCK1用TAK做DES加密(只取前8个字节的key),加密结果与BLOCK2进行逐位异或后再用TAK做DES加密,依次进行得到8字节的加密结果,直到最后一次采用DES/TDES加密。</li> 695 * <li>0x03:CMAC算法。</li> 696 * <li>0x05: hmac-sha256算法。</li> 697 * </ul> 698 * </div> <div class="en"> 699 * <ul> 700 * <li>0x00: Doing DES/TDES encryption for BLOCK1 by usingMAC key. Doing DES/TDES encryption again by 701 * using TAK when and after bitwise XOR the previous encryption result with BLOCK2. Processing in turn to 702 * get the 8 bytes encryption result.</li> 703 * <li>0x01: Doing bitwise XOR for BLOCK1 and BLOCK2; Do bitwise XOR again by using previous XOR 704 * result with BLOCK3. Do it in turn and finally get the 8 bytes XOR result. Using TAK to process 705 * DES/TDES encryption for the result</li> 706 * <li>0x02: ANSIX9.19 standard, Do DES encryption for BLOCK1 by using TAK (only take the first 8 707 * bytes of key). The encryption result wills bitwise XOR with BLOCK2,and then doing DES encryption by 708 * using TAK again. Do it in turn and get the 8 bytes encryption result. Using DES/TDES to encrypt in the 709 * last time.</li> 710 * <li>0x03: CMAC algorithm.</li> 711 * <li>0x05: HMAC-SHA256 algorithm.</li> 712 * </ul> 713 * </div> 714 * 715 * @return <div class="zh"> 返回MAC结果。当mode等于0x05,输出长度为32字节。其他为8字节。</div> 716 * <div class="en"> return the MAC data。When the mode is 0x05, the output length is 32 bytes. Others are 8 bytes.</div> 717 * 718 * @throws PedDevException 719 * @since V4.00.00 720 */ 721 722 byte[] getMac(byte keyIndex, byte[] dataIn, byte mode) throws PedDevException; 723 724 725 /** 726 * <div class="zh"> 在PED上输入PIN,并使DUKPT的PIN密钥计算PINBlock。</div> 727 * <div class="en"> PINBlock Input the PIN on PED,and use the PINkey of DUKPT to calculate the PINBlock.</div> 728 * 729 * @param groupIndex 730 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT key group id </div> 731 * 732 * @param expPinLen 733 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 734 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。</div> 735 * <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 736 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.</div> 737 * 738 * @param dataIn 739 * <div class="zh"> 740 * <ul> 741 * <li>当mode=0时, DataIn指向卡号移位后生成的16位主帐号。</li> 742 * <li>当mode=1时, 743 * 输入参数为参与PinBlock的格式化,8字节数据(根据ISO9564的规范,该数据可以是随机数、交易流水号或时间戳等)。</li> 744 * <li>当mode=2时, 745 * DataIn指向卡号移位后生成的16位主帐号,DataIn+16指向参与PinBlock格式化的8字节数据(根据ISO9564的规范 746 * ,该数据可以是随机数、交易流水号或时间戳等,但是每个字节的高4位和低4位,均必须在0xA~0xF之间,所以当Mode为0x02时,应用需要将该8字节的数据做此检查,如果不满足要求将返回错误)</li> 747 * <li>当mode=3时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 748 * </ul> 749 * </div> <div class="en"> 750 * <ul> 751 * <li>When mode=0, DataIn is the 16 bytes primary account number after shifting.</li> 752 * <li>When mode=1, Input parameters for participation in PinBlock formatting, 8 bytes data. 753 * (refer to ISO9564 standard, this data can be Random number, the transaction serial number or time 754 * stamp, etc.)</li> 755 * <li>When mode=2, DataIn is the 16 bytes primary account number after shifting. DataIn+16 point 756 * to the 8 bytes data which has participated in PinBlock formatting. (refer to ISO9564 standard, this 757 * data can be Random number, the transaction serial number or time stamp,etc. But the higher 4 bits and 758 * lower 4 bits of each byte should between 0xA~0xF. So, if the Mode=0x02, the bottom level will do this 759 * check for the 8 bytes data, it will return an error if does not meet the requirement.).</li> 760 * <li>When mode=3, dataIn is ISN [6 Bytes, ASCII code]</li> 761 * </ul> 762 * </div> 763 * 764 * @param mode 765 * <div class="zh"> 766 * <ul> 767 * <li>0: ISO9564 格式 0 KSN 自动加 1</li> 768 * <li>1: ISO9564 格式 1 KSN 自动加 1 </li> 769 * <li>2: ISO9564 格式 3 KSN 自动加 1 </li> 770 * <li>3: HK EPS 格式 KSN 自动加 1</li> 771 * <li>6: AS2805 zero length PIN block mode。该模式不会要求输入PIN,不会弹出输PIN窗口。KSN 自动加1 </li> 772 * <li>20: ISO9564 格式 0 KSN 不自动加 1 </li> 773 * <li>21: ISO9564 格式 1 KSN 不自动加 1</li> 774 * <li>22: ISO9564 格式 3 KSN 不自动加 1</li> 775 * <li>23: HK EPS 格式 KSN 不自动加 1</li> 776 * <li>26:AS2805 zero length PIN block mode。该模式不会要求输入PIN,不会弹出输PIN窗口。KSN 不自动加1</li> 777 * </ul></div> 778 * <div class="en"> 779 * <ul> 780 * <li>0: ISO9564_0, KSN automatically incremented by 1</li> 781 * <li>1: ISO9564_1, KSN automatically incremented by 1</li> 782 * <li>2: ISO9564_3, KSN automatically incremented by 1</li> 783 * <li>3: HK EPS,KSN automatically incremented by 1</li> 784 * <li>6: AS2805 zero length PIN block mode. This mode will not ask for a PIN, and will not pop up a PIN input window. KSN automatically incremented by 1 </li> 785 * <li>20: ISO9564_0, KSN does not automatically increase by 1 </li> 786 * <li>21: ISO9564_1, KSN does not automatically increase by 1</li> 787 * <li>22: ISO9564_3, KSN does not automatically increase by 1</li> 788 * <li>23: HK EPS, KSN does not automatically increase by 1</li> 789 * <li>26: AS2805 zero length PIN block mode. This mode will not ask for a PIN, and will not pop up a PIN input window. KSN does not automatically incremented by 1 </li> 790 * </ul></div> 791 * @param timeoutMs 792 * <div class="zh"> 793 * <p> 794 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 795 * </p> 796 * </div> <div class="en"> 797 * <p> 798 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 799 * </p> 800 * </div> 801 * 802 * @return DUKPTResult {@link DUKPTResult} 803 * @throws PedDevException 804 * @since V4.00.00 805 */ 806 DUKPTResult getDUKPTPin(byte groupIndex, String expPinLen, byte[] dataIn, byte mode, int timeoutMs) throws PedDevException; 807 808 809 /** 810 * <div class="zh"> 使用DUKPT的MAC密钥计算MAC。</div> 811 * <div class="en"> Use MAC Key to calculate MAC.</div> 812 * 813 * @param groupIndex 814 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT key group index id </div> 815 * 816 * @param dataIn 817 * <div class="zh"> 指向需要计算MAC的数据内容 </div> <div class="en"> The MAC data content needs to be calculated</div> 818 * 819 * @param mode <div class="zh"> 820 * <ul> 821 * <li>0:将 BLOCK1 用 MAC 密钥做 TDES 加密,加密结果与 BLOCK2 进行逐位异或后再用 MAC 密钥 做 TDES 加密,依次进行得到 8 字节的加密结果。 KSN 自动加 1 </li> 822 * <li>1:将 BLOCK1 和 BLOCK2 进行逐位异或,异或结果与 BLOCK3 进行逐位异或,依次进行,最后得 到 8 字节的异或结果,将该结果用 MAC 密钥进行TDES 加密运算。 KSN 自动加 1 </li> 823 * <li>2: ANSIX9.19 规范,将 BLOCK1 用 MAC 密钥做DES 加密(只取前 8 个字节的 key), 加密结果与BLOCK2进行逐位异或后再用 MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果, 直到最后一次采用TDES 加密。 KSN 自动加 1</li> 824 * <li>5: hmac-sha256模式。将MAC密钥作为hmac 密钥。使用DUKPT_MAC_BOTH_KEY(request and response MAC密钥),KSN 自动加 1</li> 825 * <li>20:将 BLOCK1 用 MAC 密钥做 TDES 加密,加密结果与 BLOCK2 进行逐位异或后再用 MAC 密钥 做 TDES 加密,依次进行得到 8 字节的加密结果。 KSN 不自动加1</li> 826 * <li>21:将 BLOCK1 和 BLOCK2 进行逐位异或,异或结果与 BLOCK3 进行逐位异或,依次进行,最后得 到 8 字节的异或结果,将该结果用 MAC 密钥进行TDES 加密运算。 KSN 不自动加 1</li> 827 * <li>22:ANSIX9.19 规范,将 BLOCK1 用 MAC 密钥做DES加密(只取前 8个字节的 key), 加密结果与 BLOCK2 进行逐位异或后再用 MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果, 直到最后一次采用TDES 加密。 KSN 不自动加 1其它值保留扩展 MAC 算法。</li> 828 * <li>25: hmac-sha256模式。将MAC密钥作为hmac 密钥。使用DUKPT_MAC_BOTH_KEY(request and response MAC密钥),KSN 不自动加1</li> 829 * <li>40: 将 BLOCK1 用 MAC 密钥做 TDES 加密,加密结果与 BLOCK2 进行逐位异或后再用 MAC 密钥 做 TDES 加密,依次进行得到 8 字节的加密结果。 KSN 不自动加 1</li> 830 * <li>41:将 BLOCK1 和 BLOCK2 进行逐位异或,异或结果与 BLOCK3 进行逐位异或,依次进行,最后得 到 8 字节的异或结果,将该结果用 MAC 密钥进行TDES 加密运算。 KSN 不自动加 1</li> 831 * <li>42:ANSIX9.19 规范,将 BLOCK1 用 MAC 密钥做DES加密(只取前 8个字节的 key),加密结果与 BLOCK2 进行逐位异或后再用 TAK 做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES加密。 KSN 不自动加 1 其它值保留扩展 MAC 算法。</li> 832 * <li>45:hmac-sha256模式。将MAC密钥作为hmac 密钥。使用DUKPT_MAC_RSP_KEY(response MAC密钥),KSN 不自动加1</li> 833 * </ul> 834 * </div> 835 * <div class="en"> 836 * <ul> 837 * <li>0:Doing TDES encryption for BLOCK1 by using MAC key. Doing TDES encryption again by using MAC key when 838 * and after bitwise XOR the previous encryption result with BLOCK2. Processing in turn to get the 8 bytes 839 * encryption result.KSN auto-add 1 </li> 840 * <li>1:Doing bitwise XOR for BLOCK1 and BLOCK2; Do bitwise XOR again by using previous XOR result with 841 * BLOCK3. Do it in turn and finally get the 8 bytes XOR result. Using MAC key to process TDES encryption for the 842 * result.KSN auto-add 1 </li> 843 * <li>2:ANSIX9.19 standard, Do DES encryption for BLOCK1 by using MAC key (only take the 844 * first 8 bytes of key). The encryption result wills bitwise XOR with BLOCK2,and then doing DES encryption by using 845 * MAC key again. Do it in turn and get the 8 bytes encryption result. Using TDES to encrypt in the last time.KSN 846 * auto-add 1 </li> 847 * <li>5:hmac-sha256 mode. Use the MAC key as the hmac key. Using DUKPT_MAC_BOTH_KEY (request and response MAC key), KSN is automatically incremented by 1</li> 848 * <li>20: Doing TDES encryption for BLOCK1 by using MAC key. Doing TDES encryption again by using MAC key when 849 * and after bitwise XOR the previous encryption result with BLOCK2. Processing in turn to get the 8 bytes 850 * encryption result.KSN won't auto-add 1</li> 851 * <li>21:Doing bitwise XOR for BLOCK1 and BLOCK2; Do bitwise XOR again by using previous XOR result with 852 * BLOCK3. Do it in turn and finally get the 8 bytes XOR result. Using MAC key to process TDES encryption for the 853 * result.KSN won't auto-add 1</li> 854 * <li>22: ANSIX9.19 standard, Do DES encryption for BLOCK1 by using MAC 855 * key (only take the first 8 bytes of key). The encryption result wills bitwise XOR with BLOCK2,and then doing DES 856 * encryption by using MAC key again. Do it in turn and get the 8 bytes encryption result. Using TDES to encrypt in 857 * the last time.KSN won't auto-add 1</li> 858 * <li>25:hmac-sha256 mode. Use the MAC key as the hmac key. With DUKPT_MAC_BOTH_KEY (request and response MAC key), KSN is not automatically incremented by 1</li> 859 * <li>40:Doing TDES encryption for BLOCK1 by using MAC key. Doing TDES encryption again by using MAC key when 860 * and after bitwise XOR the previous encryption result with BLOCK2. Processing in turn to get the 8 bytes 861 * encryption result.KSN won't auto-add 1 </li> 862 * <li>41: Doing bitwise XOR for BLOCK1 and BLOCK2; Do bitwise XOR again by using previous XOR result with 863 * BLOCK3. Do it in turn and finally get the 8 bytes XOR result. Using MAC key to process TDES encryption for the 864 * result.KSN won't auto-add 1 </li> 865 * <li>42:ANSIX9.19 standard, Do DES encryption for BLOCK1 by using MAC key (only take 866 * the first 8 bytes of key). The encryption result wills bitwise XOR with BLOCK2,and then doing DES encryption by 867 * using MAC key again. Do it in turn and get the 8 bytes encryption result. Using TDES to encrypt in the last 868 * time.KSN won't auto-add 1</li> 869 * <li>45:hmac-sha256 mode. Use the MAC key as the hmac key. If DUKPT_MAC_RSP_KEY (response MAC key) is used, KSN is not automatically incremented by 1</li> 870 * </ul> 871 * </div> 872 * 873 * @return {@link DUKPTResult} 874 * @throws PedDevException 875 * @since V4.00.00 876 */ 877 DUKPTResult getDUKPTMac(byte groupIndex, byte[] dataIn, byte mode) throws PedDevException; 878 879 880 /** 881 * <div class="zh"> 获取密钥的KCV值,以供对话双方进行密钥验证,用指定的密钥及算法对一段数据进行加密,</div> 882 * <div class="en"> Getting value of KCV for key verification of to side, using specific key and algorithm to encrypt data, and then return part of cryptograph.</div> 883 * 884 * @param type 885 * <div><ul> 886 * <li>0x01:TLK</li> 887 * <li>0x02:TMK</li> 888 * <li>0x03:TPK</li> 889 * <li>0x04:TAK</li> 890 * <li>0x05:TDK</li> 891 * <li>0x07:TIK</li> 892 * <li>0x32:SM4_TMK</li> 893 * <li>0x33:SM4_TPK</li> 894 * <li>0x34:SM4_TAK</li> 895 * <li>0x35:SM4_TDK</li> 896 * <li>0x44:PPAD_TPK</li> 897 * <li>0x45:TIDK</li> 898 * <li>0x22:AES_TMK</li> 899 * <li>0x23:AES_TPK</li> 900 * <li>0x24:AES_TAK</li> 901 * <li>0x20:AES_TDK</li> 902 * <li>0x51:AES_TIK</li> 903 * </ul></div> 904 * @param keyIndex 905 * <div class="zh"> 密钥的索引号 906 * <ul> 907 * <li>TLK, keyIndex只能为1</li> 908 * <li>TMK, 取值[1~100]</li> 909 * <li>TWK,取值[1~100]</li> 910 * <li>TIK,取值[1~100]</li> 911 * </ul> 912 * </div> <div class="en"> key index 913 * <ul> 914 * <li>TLK, keyIndex can only be 1.</li> 915 * <li>TMK, can select from [1~100].</li> 916 * <li>TWK, can select from [1~100].</li> 917 * <li>TIK, can select from [1~100].</li> 918 * </ul> 919 * </div> 920 * 921 * @param checkMode 922 * <div class="zh"> 923 * <ul> 924 * <li>checkMode=0x00时, 使用该密钥对一段数据进行DES/TDES加密运算,生成的密文的前4个字节即为KCV,该模式适用于TLK/TMK/TAK/TPK/TDK/PPAD_TXK。</li> 925 * <li>checkMode=0x00时, 返回注入密钥时写入的KCV值。该模式适用于TIK/AES_TIK。</li> 926 * <li>checkMode=0x03时, 使用该密钥对一段数据进行CMAC加密运算,生成的密文的前5个字节即为KCV。该模式适用于TLK/TMK/TAK/TPK/TDK/PPAD_TXK/AES_TLK/AES_TMK/AES_TAK/AES_TPK/AES_TDK。</li> 927 * <li>checkMode=0x04时, 使用该密钥对一段数据进行SM4加密运算,生成的密文的前4个字节即为KCV。该模式适用于SM4_TMK/SM4_TAK/SM4_TPK/SM4_TDK。</li> 928 * </ul> 929 * </div> <div class="en"> 930 * <ul> 931 * <li>When checkMode=0x00, use this key pair to do DES/TDES entryption for a block of data, the first 4 932 * bytes of the generated ciphertext is KCV.This mode is suitable for TLK/TMK/TAK/TPK/TDK/PPAD_TXK.</li> 933 * <li>When checkMode=0x00, the KCV value written during key injection is returned. This mode is suitable 934 * for TIK/AES_TIK.</li> 935 * <li>When checkMode=0x03, use this key to do CMAC encryption operation for a block of data, and the first 936 * 5 bytes of the generated ciphertext are KCV. This mode is suitable for TLK/ TMK/ TAK/ TPK/ 937 * TDK/ PPAD_TXK/ AES_TLK/ AES_TMK/ AES_TAK/ AES_TPK/ AES_TDK.</li> 938 * <li>When checkMode=0x04, use this key to do SM4 encryption operation for a block of data, and the first 939 * 4 bytes of the generated ciphertext are KCV. This mode is suitable for SM4_TMK/ SM4_TAK/ SM4_TPK/ SM4_TDK.</li> 940 * </ul> 941 * </div> 942 * 943 * @param checkBuf 944 * <div class="zh"> 945 * <ul> 946 * <li>当checkMode =0x00/0x04时, 指向需运算的数据,进行运算的数据必须是8/16的倍数</li> 947 * </ul> 948 * </div> <div class="en"> 949 * <ul> 950 * <li>When checkMode=0x00/0x04, The data needing to compute must be a multiple of 8/16.</li> 951 * </ul> 952 * </div> 953 * 954 * @return <div class="zh">Kcv 信息(4 字节) </div> <div class="en">Kcv information (4 bytes)</div> 955 * 956 * @throws PedDevException 957 * @since V4.00.00 958 */ 959 byte[] getKCV(byte type, byte keyIndex, byte checkMode, byte[] checkBuf) throws PedDevException; 960 961 962 963 /** 964 * <div class="zh"> 读取下一次计算的KSN。</div> 965 * <div class="en"> KSN Reading the KSN which will be computed at next time.</div> 966 * 967 * @param groupIndex 968 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT group index ID </div> 969 * 970 * @return <div class="zh"> 当前的KSN </div> <div class="en"> KSN currently. </div> 971 * 972 * @throws PedDevException 973 * @since V4.00.00 974 */ 975 byte[] getDUKPTKsn(byte groupIndex) throws PedDevException; 976 977 /** 978 * <div class="zh"> 每个KSN对应的DUKPT密钥,最多只能使用256次,当单个密钥使用 256次后,将返回{@link EPedDevException#PED_ERR_DUKPT_NEED_INC_KSN}异常, 979 * 需要调用该接口,给 KSN加1。 </div> 980 * <div class="en"> The DUKPT key corresponding to each KSN can only be used up to 256 times. When a single key is used 256 times, it will return {@link EPedDevException#PED_ERR_DUKPT_NEED_INC_KSN} exception, 981 * To call this interface, increment KSN by 1.</div> 982 * 983 * @param groupIndex 984 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT group ID </div> 985 * 986 * @throws PedDevException 987 * @since V4.00.00 988 */ 989 void incDUKPTKsn(byte groupIndex) throws PedDevException; 990 991 /** 992 * <div class="zh"> 读取RSA公钥密钥。</div> <div class="en"> Read rsa public key.</div> 993 * 994 * @param rsaKeyIndex 995 * <div class="zh"> RSA密钥索引[1-10] </div> <div class="en"> RSA key index [1-10] </div> 996 * @return <div class="zh"> {@link RSAKeyInfo} </div> <div class="en"> {@link RSAKeyInfo}</div> 997 * @throws PedDevException 998 * @since V4.00.00 999 */ 1000 RSAKeyInfo readRSAKey(byte rsaKeyIndex) throws PedDevException; 1001 1002 1003 /** 1004 * <div class="zh"> 用存储在PED的RSA密钥进行数据RSA数据运算。 1005 * <br>注意: 1.该函数对dataIn进行RSA加解密运算,运算结果输出到RSARecoverInfo 1006 * <br>2.当rsaKeyIndex指定的密钥为私钥时,如果dataIn是对应公钥的加密密文,则RSARecoverInfo为dataIn的明文,否则RSARecoverInfo为dataIn的RSA密文; 1007 * <br>3.当rsaKeyIndex指定的密钥为公钥时,如果dataIn是对应私钥的加密密文,则RSARecoverInfo为dataIn的明文,否则RSARecoverInfo为dataIn的RSA密文; 1008 * <br>4.该方法可实现长度不超过4096bits的RSA运算。</div> 1009 * <div class="en"> Using the RSA key stored in PED to do the RSA data operation. 1010 * <br>Note: 1. This function performs RSA encryption and decryption operation on dataIn, and the operation result is output to RSARecoverInfo 1011 * <br>2. When the key specified by rsaKeyIndex is a private key, if dataIn is the encrypted ciphertext corresponding to the public key, then RSARecoverInfo is the plaintext of dataIn, otherwise RSARecoverInfo is the RSA ciphertext of dataIn; 1012 * <br>3. When the key specified by rsaKeyIndex is a public key, if dataIn is the encrypted ciphertext corresponding to the private key, then RSARecoverInfo is the plaintext of dataIn, otherwise RSARecoverInfo is the RSA ciphertext of dataIn; 1013 * <br>4. This method can realize the RSA operation whose length does not exceed 4096bits.</div> 1014 * 1015 * @param rsaKeyIndex 1016 * <div class="zh"> 密钥索引[1~10] </div> <div class="en"> Key Index [1~10] </div> 1017 * 1018 * @param dataIn 1019 * <div class="zh"> 被加解密的数据,和模等长 </div> <div class="en"> The encrypted/decrypted data, which has the same 1020 * length as the modulus. </div> 1021 * 1022 * @return {@link RSARecoverInfo} 1023 * @throws PedDevException 1024 * @since V4.00.00 1025 */ 1026 RSARecoverInfo RSARecover(byte rsaKeyIndex, byte[] dataIn) throws PedDevException; 1027 1028 1029 /** 1030 * <div class="zh"> 写入一个密钥,包括TLK,TMK和TWK的写入、发散,并可以选择使用KCV验证密钥正确性。 1031 * <p> 1032 * 当写入PED_TLK时,PED首先格式化,清除所有已经下载的密钥,再写入PED_TLK。 当明文写入密钥时,srcKeyIndex=0。 1033 * </p> 1034 * </div> 1035 * <div class="en"> Write in one key includes write in and divergent of TLK, TMK and TWK. And use KCV to check the 1036 * key correction. 1037 * <p> 1038 * When write PED_TLK,PED will format ,clear all the key has been downloaded,then write in PED_TLK. 1039 * When srckeyindex = 0, the plaintext key is written. 1040 * </p> 1041 * </div> 1042 * 1043 * @param srcKeyType 1044 * <div class="zh"> 1045 * <p> 1046 * 源密钥类型,它的级别不能低于destKeyType, SM4类型秘钥只能用TLK和SM4_TMK发散。 1047 * </p> 1048 * <ul> 1049 * <li>0x01:TLK</li> 1050 * <li>0x02:TMK</li> 1051 * <li>0x03:TPK</li> 1052 * <li>0x04:TAK</li> 1053 * <li>0x05:TDK</li> 1054 * <li>0x11:FACE_TDK</li> 1055 * <li>0x32:SM4_TMK</li> 1056 * </ul> 1057 * </div> <div class="en"> 1058 * <p> 1059 * Source Key Type,its level cannot be lower than destKeyType, SM4 type keys can only be diverged with TLK and SM4_TMK. 1060 * </p> 1061 * <ul> 1062 * <li>0x01:TLK</li> 1063 * <li>0x02:TMK</li> 1064 * <li>0x03:TPK</li> 1065 * <li>0x04:TAK</li> 1066 * <li>0x05:TDK</li> 1067 * <li>0x11:FACE_TDK</li> 1068 * <li>0x32:SM4_TMK</li> 1069 * </ul> 1070 * </div> 1071 * 1072 * 1073 * @param srcKeyIndex 1074 * <div class="zh"> 1075 * <p> 1076 * 源密钥索引 1077 * </p> 1078 * </div> <div class="en"> 1079 * <p> 1080 * Source Key Index 1081 * </p> 1082 * </div> 1083 * 1084 * @param dstKeyType 1085 * <div class="zh"> 1086 * <p> 1087 * 目的密钥类型 1088 * </p> 1089 * <ul> 1090 * <li>0x01:TLK</li> 1091 * <li>0x02:TMK</li> 1092 * <li>0x03:TPK</li> 1093 * <li>0x04:TAK</li> 1094 * <li>0x05:TDK</li> 1095 * <li>0x11:FACE_TDK</li> 1096 * <li>0x32:SM4_TMK</li> 1097 * <li>0x33:SM4_TPK</li> 1098 * <li>0x34:SM4_TAK</li> 1099 * <li>0x35:SM4_TDK</li> 1100 * <li>0x36:SM4_TCHDK</li> 1101 * <li>0x37:SM4_FACE_TDK</li> 1102 * </ul> 1103 * </div> <div class="en"> 1104 * <p> 1105 * Destination Key Type 1106 * </p> 1107 * <ul> 1108 * <li>0x01:TLK</li> 1109 * <li>0x02:TMK</li> 1110 * <li>0x03:TPK</li> 1111 * <li>0x04:TAK</li> 1112 * <li>0x05:TDK</li> 1113 * <li>0x11:FACE_TDK</li> 1114 * <li>0x32:SM4_TMK</li> 1115 * <li>0x33:SM4_TPK</li> 1116 * <li>0x34:SM4_TAK</li> 1117 * <li>0x35:SM4_TDK</li> 1118 * <li>0x36:SM4_TCHDK</li> 1119 * <li>0x37:SM4_FACE_TDK</li> 1120 * </ul> 1121 * </div> 1122 * 1123 * @param dstKeyIndex 1124 * <div class="zh"> 1125 * <p> 1126 * 目的密钥索引 1127 * </p> 1128 * </div> <div class="en"> 1129 * <p> 1130 * Destination Key Index 1131 * </p> 1132 * </div> 1133 * 1134 * @param destKeyValue 1135 * <div class="zh"> 1136 * <p> 1137 * 密钥明文或密文,长度可为8,16,24 1138 * </p> 1139 * </div> <div class="en"> 1140 * <p> 1141 * Plaintext or ciphertext key, the length can be 8, 16, 24 1142 * </p> 1143 * </div> 1144 * 1145 * @param checkMode 1146 * {@link ECheckMode} <div class="zh"> 1147 * <p> 1148 * 校验模式 1149 * </p> 1150 * <ul> 1151 * <li>{@link ECheckMode#KCV_NONE}</li> 1152 * <li>{@link ECheckMode#KCV_ENCRYPT_0}</li> 1153 * <li>{@link ECheckMode#KCV_ENCRYPT_FIX_DATA}</li> 1154 * <li>{@link ECheckMode#KCV_MAC_INPUT_DATA}</li> 1155 * <li>{@link ECheckMode#KCV_SM4_ENCRYPT_0}</li> 1156 * </ul> 1157 * </div> <div class="en"> 1158 * <p> 1159 * Check Mode 1160 * </p> 1161 * <ul> 1162 * <li>When checkMode=KCV_NONE -No Check</li> 1163 * <li>When checkMode=KCV_ENCRYPT_0 -Perform DES/TDES encryption on 8 bytes 0x00, and use first 4 bytes 1164 * as KCV.</li> 1165 * 1166 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform DES/TDES encryption 1167 * on 8 bytes―\x12\x34\x56\x78\x90\x12\x34\x56, and use first 4 bytes as KCV.</li> 1168 * 1169 * <li>When iCheckMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode 1170 * of MAC on [aucDesKeyValue +KcvData], and use the 8 bytes result as KCV.</li> 1171 * 1172 * <li>When iCheckMode=KCV_SM4_ENCRYPT_0 -Perform TDES encryption on 16 bytes 0x00 by SM4, and use first 1173 * 4 bytes as KCV.</li> </ul> </div> 1174 * 1175 * @param checkBuf 1176 * <div class="zh"> 1177 * <p> 1178 * 校验数据缓冲区 1179 * </p> 1180 * <ul> 1181 * <li>当checkMode={@link ECheckMode#KCV_NONE}时 checkBuf的值无效,系统认为不验证KCV,可以为null</li> 1182 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_0},4字节的kcv</li> 1183 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_FIX_DATA},4字节的kcv</li> 1184 * <li>当iCheckMode={@link ECheckMode#KCV_MAC_INPUT_DATA}时按以下规则提供checkBuf: 1185 * <p> 1186 * checkBuf[0]= KcvData长度(KcvDataLen) 1187 * </p> 1188 * <p> 1189 * checkBuf+1: KcvData 1190 * </p> 1191 * <p> 1192 * checkBuf[1+KcvDataLen]=MAC运算模式,参考{@link #getMac(byte, byte[], byte)}中的mode参数 1193 * </p> 1194 * <p> 1195 * checkBuf[2+KcvDataLen]=KCV长度 1196 * </p> 1197 * <p> 1198 * checkBuf[3+KcvDataLen]是KCV的值 1199 * </p> 1200 * </li> 1201 * <li>当checkMode={@link ECheckMode#KCV_SM4_ENCRYPT_0},4字节的kcv</li> 1202 * </ul> 1203 * </div> <div class="en"> 1204 * <p> 1205 * Check Data Buffer 1206 * </p> 1207 * <ul> 1208 * <li>When checkMode=KCV_NONE -PED wont check KCV, this data is no meaning.</li> 1209 * <li>When checkMode=KCV_ENCRYPT_0 -4 bytes key check value</li> 1210 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value</li> 1211 * <li>When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData 1212 * checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode 1213 * {@link #getMac(byte, byte[], byte)} checkBuf[2+kcvDataLen]:KCV length 1214 * checkBuf[3+kcvDataLen]:KCV Value</li> 1215 * <li>When checkMode=KCV_SM4_ENCRYPT_0 -4 bytes key check value</li> 1216 * </ul> 1217 * </div> 1218 * 1219 * @throws PedDevException 1220 * @since V4.00.00 1221 */ 1222 void writeKey(byte srcKeyType, byte srcKeyIndex, byte dstKeyType, byte dstKeyIndex, 1223 byte[] destKeyValue, ECheckMode checkMode, byte[] checkBuf) throws PedDevException; 1224 1225 1226 /** 1227 * <div class="zh">写入一个AES密钥,并可以选择使用KCV验证密钥正确性。</div> <div class="en"> To write Aes key to PED, and use KCV to check the 1228 * key correction.</div> 1229 * 1230 * @param srcKeyType 1231 * <div class="zh"> 1232 * <p> 1233 * 源密钥类型。不得低于destKeyType所在的密钥级别。 1234 * </p> 1235 * <ul> 1236 * <li>0x01:TLK</li> 1237 * <li>0x02:TMK</li> 1238 * <li>0x03:TPK</li> 1239 * <li>0x04:TAK</li> 1240 * <li>0x05:TDK</li> 1241 * <li>0x20:TAESK</li> 1242 * </ul> 1243 * </div> <div class="en"> 1244 * <p> 1245 * Source Key Type. Must not be lower than the key level of destKeyType. 1246 * </p> 1247 * <ul> 1248 * <li>0x01:TLK</li> 1249 * <li>0x02:TMK</li> 1250 * <li>0x03:TPK</li> 1251 * <li>0x04:TAK</li> 1252 * <li>0x05:TDK</li> 1253 * <li>0x20:TAESK</li> 1254 * </ul> 1255 * </div> 1256 * 1257 * 1258 * @param srcKeyIndex 1259 * <div class="zh"> 1260 * <p> 1261 * 原密钥索引。 1262 * </p> 1263 * 当srcKeyIndex = 0,密钥将以明文形式写入PED。 </div> <div class="en"> 1264 * <p> 1265 * Source Key Index. 1266 * </p> 1267 * when srcKeyIndex = 0,The key will be written to PED in clear text. </div> 1268 * 1269 * @param destKeyType <div class="zh"> 1270 * <p> 1271 * 目的密钥类型。 1272 * </p> 1273 * <ul> 1274 * <li>0x20:TAESK(AES_TDK).</li> 1275 * <li>0x23:AES_TPK.</li> 1276 * </ul> 1277 * </div> <div class="en"> 1278 * <p> 1279 * Destination Key Type. 1280 * </p> 1281 * <ul> 1282 * <li>0x20:TAESK(AES_TDK).</li> 1283 * <li>0x23:AES_TPK.</li> 1284 * </ul> </div> 1285 * 1286 * @param destKeyIndex 1287 * <div class="zh"> 1288 * <p> 1289 * 目的密钥索引 1290 * </p> 1291 * </div> <div class="en"> 1292 * <p> 1293 * Destination Key Index 1294 * </p> 1295 * </div> 1296 * 1297 * @param destKeyValue 1298 * <div class="zh"> 1299 * <p> 1300 * 密钥明文或密文,16/24/32 bytes 1301 * </p> 1302 * </div> <div class="en"> 1303 * <p> 1304 * Plaintext or ciphertext key, the length can be 16/24/32bytes 1305 * </p> 1306 * </div> 1307 * 1308 * @param checkMode 1309 * <div class="zh"> 1310 * <p> 1311 * 校验模式 1312 * </p> 1313 * <ul> 1314 * <li>checkMode=0x00 -无验证.</li> 1315 * <li>checkMode=0x01 -对16个字节的0x00进行AES ECB模式加密运算,得到的密文的前4个字节即为KCV值。</li> 1316 * <li>checkMode=0x02 -对16字节长度 1317 * ―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56 进行AES ECB模式的加密运算,得到的密文的前4个字节即为KCV值。</li> 1318 * <li>checkMode=0x03 -传入一串数据KcvData,使用源密钥对[destKeyValue(密文)+ 1319 * KcvData]进行指定模式的MAC运算,得到的8个字节的MAC值即为KCV值。</li> 1320 * </ul> 1321 * </div> <div class="en"> 1322 * <p> 1323 * Check Mode 1324 * </p> 1325 * <ul> 1326 * <li>When checkMode=0x00 -No Check</li> 1327 * <li>When checkMode=0x01 -Perform AES ECB mode encryption on 16 bytes 0x00, and use first 4 1328 * bytes as KCV.</li> 1329 * 1330 * <li>When checkMode=0x02 -Perform AES ECB mode 1331 * encryption on 16 bytes―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56, and use 1332 * first 4 bytes as KCV.</li> 1333 * 1334 * <li>When checkMode=0x03 -Send in data KcvData, use source key to perform specified mode 1335 * of MAC on [destKeyValue(ciphertext) +KcvData], and use the 8 bytes result as KCV.</li> 1336 * </ul> 1337 * </div> 1338 * 1339 * @param checkBuf 1340 * <div class="zh"> 1341 * <p> 1342 * 校验数据缓冲区 1343 * </p> 1344 * <ul> 1345 * <li>当checkMode=0x00时,checkBuf的值无效,系统认为不验证KCV</li> 1346 * <li>当checkMode=0x01时,checkBuf[0]= KCV的长度(4),checkBuf + 1指向KCV的值。/li> 1347 * <li>当checkMode=0x02时,checkBuf[0]= KCV的长度(4),checkBuf + 1指向KCV的值。</li> 1348 * <li>当checkMode=0x03时按以下规则提供checkBuf: 1349 * <p> 1350 * checkBuf[0]= KcvData长度(KcvDataLen) 1351 * </p> 1352 * <p> 1353 * checkBuf+1: KcvData 1354 * </p> 1355 * <p> 1356 * checkBuf[1+KcvDataLen]=MAC运算模式,参考{@link #getMacAes(byte, byte[], byte)}中的mode参数 1357 * </p> 1358 * <p> 1359 * checkBuf[2+KcvDataLen]=KCV长度 1360 * </p> 1361 * <p> 1362 * checkBuf[3+KcvDataLen]是KCV的值 1363 * </p> 1364 * </li> 1365 * </ul> 1366 * </div> <div class="en"> 1367 * <p> 1368 * Check Data Buffer 1369 * </p> 1370 * <ul> 1371 * <li>When checkMode=0x00 -PED won't check KCV, this data is no meaning.</li> 1372 * <li>When checkMode=0x01 -checkBuf[0] = length of KCV (4), checkBuf + 1 points to the value of KCV.</li> 1373 * <li>When checkMode=0x02 -checkBuf[0] = length of KCV (4), checkBuf + 1 points to the value of KCV.</li> 1374 * <li>When checkMode=0x03 - checkBuf as follows: checkBuf[0] = length of KcvData 1375 * checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode 1376 * {@link #getMacAes(byte, byte[], byte)} checkBuf[2+kcvDataLen]:KCV length 1377 * checkBuf[3+kcvDataLen]:KCV Value</li> 1378 * </ul> 1379 * </div> 1380 * 1381 * @throws PedDevException 1382 * @since V4.00.00 1383 */ 1384 void writeAesKey(byte srcKeyType, byte srcKeyIndex, byte destKeyType, byte destKeyIndex, byte[] destKeyValue, 1385 byte checkMode, byte[] checkBuf) throws PedDevException; 1386 1387 1388 /** 1389 * <div class="zh"> 1.注入RSA密钥到PED <br/> 1390 * 2.PED最多支持10组RSA密钥,目前最长只支持256字节长的RSA密钥。 <br/> 1391 * 3.存储的RSA密钥是公钥还是私钥由密钥的指数长度决定,当密钥指数和模等长时,是私钥。 <br/> 1392 * 4.PED通过writeRSAKey注入RSA密钥。 <br/> 1393 * 5.通过RSARecover使用已注入的密钥进行RSA运算。 <br/> 1394 * 6.任何时候,RSA密钥可以进行重写。 <br/> 1395 * </div> <div class="en"> 1396 * <p> 1397 * 1. Import RSA to the PED 1398 * </p> 1399 * <p> 1400 * 2. PED can support 10 sets of RSA Key at most, current can supports a maximum length of 256 bytes RSA key. 1401 * </p> 1402 * <p> 1403 * 3. Whether the stored RSA is the public key or private key will be determined by the exponent length. If the 1404 * length of key exponent is equal to modulus, it is a private key. 1405 * </p> 1406 * <p> 1407 * 4. PED uses writeRsaKey to Import RSA key. 1408 * </p> 1409 * <p> 1410 * 5. Use the imported key to do the RSA operation by calling PedRsaRecover. 1411 * </p> 1412 * <p> 1413 * 6. RSA key can be rewritten at any time 1414 * </p> 1415 * </div> 1416 * 1417 * @param rsaKeyIndex 1418 * <div class="zh"> RSA密钥索引[1~10] </div> <div class="en"> RSA Key Index [1~10] </div> 1419 * 1420 * @param info 1421 * {@link RSAKeyInfo} 1422 * @throws PedDevException 1423 * @since V4.00.00 1424 */ 1425 void writeRSAKey(byte rsaKeyIndex, RSAKeyInfo info) throws PedDevException; 1426 1427 1428 /** 1429 * <div class="zh"> 写入TIK,并可以选择使用KCV验证密钥正确性。</div> 1430 * <div class="en"> Write in TIK, and can check the key correction by using KCV.</div> 1431 * 1432 * @param groupIndex 1433 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100]DUKPT key group id </div> 1434 * 1435 * @param srcKeyIndex 1436 * <div class="zh"> [1] 用于分散的密钥的密钥索引 </div> <div class="en"> [1] The key index for diversified key. 1437 * </div> 1438 * 1439 * @param keyValue 1440 * <div class="zh"> 指向TIK的密文,现 DUKPT 算法支持 8/16 字节长度的密钥 </div> <div class="en"> Point to TIK cipher text. Now the DUKPT algorithm supports keys with a length of 8/16 bytes </div> 1441 * 1442 * @param ksn 1443 * <div class="zh"> 指向初始化KSN </div> <div class="en"> Point to KSN initialization. </div> 1444 * 1445 * @param checkMode 1446 * <div class="zh"> {@link ECheckMode} </div> <div class="en"> reference {@link #writeKey} checkMode 1447 * </div> 1448 * @param checkBuf 1449 * <div class="zh"> 参考{@link #writeKey} writeKey}关于checkBuf说明 </div> <div class="en"> reference 1450 * {@link #writeKey} the information about checkBuf </div> 1451 * 1452 * @throws PedDevException 1453 * @since V4.00.00 1454 */ 1455 void writeTIK(byte groupIndex, byte srcKeyIndex, byte[] keyValue, byte[] ksn, ECheckMode checkMode, 1456 byte[] checkBuf) throws PedDevException; 1457 1458 1459 1460 /** 1461 * <div class="zh"> 使用SecureData作为datain发散目的密钥。</div> 1462 * <div class="en"> Use SecureData as the datain divergence key.</div> 1463 * 1464 * @param srcKeyType 1465 * <div> source key type, must be TMK(0x02) in DerivationMode 0 </div> 1466 * 1467 * @param srcKeyIdx 1468 * <div> source key index, 1-100 in TMK area </div> 1469 * 1470 * @param dstKeyType 1471 * <div> destination key type, must be TMK(0x02) in DerivationMode 0 </div> 1472 * 1473 * @param dstKeyIdx 1474 * <div> destination key, 1-100 in TMK area </div> 1475 * 1476 * @param secureDataIndex 1477 * <div>SecureData Index in working key area, 1-100 </div> 1478 * @param additionalDataIn 1479 * <div> 64 bytes Additional Data, can be null if not used. DerivationMode 0: not used, can be null. </div> 1480 * @param derivationMode 1481 * <div> only support 0, GOWF algorithm </div> 1482 * 1483 * @throws PedDevException 1484 * @since V4.00.00 1485 */ 1486 void deriveKeyBySecureData(byte srcKeyType, byte srcKeyIdx, byte dstKeyType, byte dstKeyIdx, byte secureDataIndex, 1487 byte[] additionalDataIn, byte derivationMode) throws PedDevException; 1488 1489 1490 1491 /** 1492 * <div class="zh"> 删除应用密钥。</div> 1493 * <div class="en"> delete app key.</div> 1494 * 1495 1496 * @param mode 1497 * <div class="zh"> 模式 0:表示删除密钥 ,目前仅支持0 </div> 1498 * <div class="en"> Mode 0: means to delete the key, currently only supports 0</div> 1499 * 1500 * @throws PedDevException 1501 * @since V4.00.00 1502 */ 1503 void eraseAppKeys(int mode) throws PedDevException; 1504 1505 1506 /** 1507 * <div class="zh">擦除指定的密钥。</div> 1508 * <div class="en">Erases the specified key. </div> 1509 * 1510 * @param keyType <div class="zh">密钥类型。 1511 * <ul> 1512 * <li>0x02: TMK</li> 1513 * <li>0x0A: TWK</li> 1514 * <li>0x07: TIK</li> 1515 * <li>0x51: AES_TIK</li> 1516 * <li>0x61: ECC</li> 1517 * <li>0x0B: RSA</li> 1518 * <li>0x30: SM2_PVT_KEY</li> 1519 * <li>0x31: SM2_PUB_KEY</li> 1520 * </ul> 1521 * </div> 1522 * <div class="en">Key type. 1523 * <ul> 1524 * <li>0x02: TMK</li> 1525 * <li>0x0A: TWK</li> 1526 * <li>0x07: TIK</li> 1527 * <li>0x51: AES_TIK</li> 1528 * <li>0x61: ECC</li> 1529 * <li>0x0B: RSA</li> 1530 * <li>0x30: SM2_PVT_KEY</li> 1531 * <li>0x31: SM2_PUB_KEY</li> 1532 * </ul></div> 1533 * @param keyIndex <div class="zh">密钥索引。 1534 * <ul> 1535 * <li>TMK [1~100]</li> 1536 * <li>TWK [1~100]</li> 1537 * <li>TIK [1~100]</li> 1538 * <li>RSA [1~10]</li> 1539 * <li>ECC [1~20]</li> 1540 * <li>SM2_PVT_KEY [1~20]</li> 1541 * <li>SM2_PUB_KEY [1~20]</li> 1542 * </ul></div> 1543 * <div class="en">Key index. 1544 * <ul> 1545 * <li>TMK [1~100]</li> 1546 * <li>TWK [1~100]</li> 1547 * <li>TIK [1~100]</li> 1548 * <li>RSA [1~10]</li> 1549 * <li>ECC [1~20]</li> 1550 * <li>SM2_PVT_KEY [1~20]</li> 1551 * <li>SM2_PUB_KEY [1~20]</li> 1552 * </ul></div> 1553 * @throws PedDevException 1554 * @since V4.00.00 1555 */ 1556 void eraseKey(byte keyType, byte keyIndex) throws PedDevException; 1557 1558 1559 /** 1560 * <div class="zh"> 生成RSA密钥对然后注入PED。</div> 1561 * <div class="en"> Generate RSA key pair and inject into PED.</div> 1562 * 1563 * @param mode <div class="zh"> 1564 * <ul> 1565 * <li>mode = 0, 等同于{@link IPed#genRSAKey}</li> 1566 * <li>mode = 1, 等同于{@link IPedTrSys#genRsaKey}</li> 1567 * <li>mode = 2, 跟模式0一样,唯一区别是,私钥注入的是TYPE_AS2805_TCU_RSA类型的RSA。</li> 1568 * </ul></div> 1569 * <div class="en"> 1570 * <ul> 1571 * <li>mode = 0, same as {@link IPed#genRSAKey}</li> 1572 * <li>mode = 1, same as {@link IPedTrSys#genRsaKey}</li> 1573 * <li>mode = 2, same as mode 0, the only difference is that the private key is injected into RSA of type TYPE_AS2805_TCU_RSA.</li> 1574 * </ul></div> 1575 * 1576 * 1577 * @param prvKeyIdx <div class="zh"> 1578 * <ul> 1579 * <li>mode = 0, 私钥索引为 1-10 </li> 1580 * <li>mode = 1, 私钥索引只支持 1</li> 1581 * <li>mode = 2, 私钥索引为 1-10 </li> 1582 * </ul></div> 1583 * <div class="en"> 1584 * <ul> 1585 * <li>mode = 0, the private key index is 1-10</li> 1586 * <li>mode = 1, the private key index only supports 1</li> 1587 * <li>mode = 2, the private key index is 1-10</li> 1588 * </ul></div> 1589 * 1590 * 1591 * @param pubKeyIdx <div class="zh"> 1592 * <ul> 1593 * <li>mode = 0, 公钥索引为 1-10 </li> 1594 * <li>mode = 1, 公钥索引只支持 2</li> 1595 * <li>mode = 2, 公钥索引为 1-10 </li> 1596 * </ul></div> 1597 * <div class="en"> 1598 * <ul> 1599 * <li>mode = 0, the public key index is 1-10</li> 1600 * <li>mode = 1, the public key index only supports 2</li> 1601 * <li>mode = 2, the public key index is 1-10</li> 1602 * </ul></div> 1603 * 1604 * 1605 * @param modLenBit <div class="zh">Modulus 长度,支持 512,1024,2048. </div> <div class="en">Modulus length, support 512,1024,2048.</div> 1606 * 1607 * 1608 * @param pubExpType <div class="zh">公共指数类型 0x00:3 , 0x01:65537 </div><div class="en">public exponent type 0x00:3 , 0x01:65537</div> 1609 * 1610 * 1611 * @throws PedDevException 1612 * @since V4.00.00 1613 */ 1614 void genRsaKey(byte mode, byte prvKeyIdx, byte pubKeyIdx, short modLenBit, byte pubExpType) throws PedDevException; 1615 1616 1617 1618 1619 1620 /** 1621 * <div class="zh"> 写入一个密钥,包括TLK,TMK和TWK的写入、发散,并可以选择使用KCV验证密钥正确性。 1622 * <p> 1623 * 当写入PED_TLK时,PED首先格式化,清除所有已经下载的密钥,再写入PED_TLK。 明文写入密钥时,srcKeyIndex=0。 1624 * </p> 1625 * </div> 1626 * <div class="en"> Write in one key includes write in and divergent of TLK, TMK and TWK. And use KCV to check the 1627 * key correction. 1628 * <p> 1629 * When write PED_TLK,PED will format ,clear all the key has been downloaded,then write in PED_TLK. Writing the 1630 * plaintext into a key, when scrKeyIndex=0. 1631 * </p> 1632 * </div> 1633 * 1634 * @param srcKeyType 1635 * <div class="zh"> 1636 * <p> 1637 * 源密钥类型,它的级别不能低于destKeyType, SM4类型秘钥只能用TLK和SM4_TMK发散。 1638 * </p> 1639 * <ul> 1640 * <li>0x01:TLK</li> 1641 * <li>0x02:TMK</li> 1642 * <li>0x03:TPK</li> 1643 * <li>0x04:TAK</li> 1644 * <li>0x05:TDK</li> 1645 * <li>0x11:FACE_TDK</li> 1646 * <li>0x32:SM4_TMK</li> 1647 * </ul> 1648 * </div> <div class="en"> 1649 * <p> 1650 * Source Key Type,its level cannot be lower than destKeyType, SM4 type keys can only be diverged with TLK and SM4_TMK. 1651 * </p> 1652 * <ul> 1653 * <li>0x01:TLK</li> 1654 * <li>0x02:TMK</li> 1655 * <li>0x03:TPK</li> 1656 * <li>0x04:TAK</li> 1657 * <li>0x05:TDK</li> 1658 * <li>0x11:FACE_TDK</li> 1659 * <li>0x32:SM4_TMK</li> 1660 * </ul> 1661 * </div> 1662 * 1663 * 1664 * @param srcKeyIndex 1665 * <div class="zh"> 1666 * <p> 1667 * 源密钥索引 1668 * </p> 1669 * </div> <div class="en"> 1670 * <p> 1671 * Source Key Index 1672 * </p> 1673 * </div> 1674 * 1675 * @param dstKeyType 1676 * <div class="zh"> 1677 * <p> 1678 * 目的密钥类型 1679 * </p> 1680 * <ul> 1681 * <li>0x01:TLK</li> 1682 * <li>0x02:TMK</li> 1683 * <li>0x03:TPK</li> 1684 * <li>0x04:TAK</li> 1685 * <li>0x05:TDK</li> 1686 * <li>0x11:FACE_TDK</li> 1687 * <li>0x32:SM4_TMK</li> 1688 * <li>0x33:SM4_TPK</li> 1689 * <li>0x34:SM4_TAK</li> 1690 * <li>0x35:SM4_TDK</li> 1691 * <li>0x36:SM4_TCHDK</li> 1692 * <li>0x37:SM4_FACE_TDK</li> 1693 * </ul> 1694 * </div> <div class="en"> 1695 * <p> 1696 * Destination Key Type 1697 * </p> 1698 * <ul> 1699 * <li>0x01:TLK</li> 1700 * <li>0x02:TMK</li> 1701 * <li>0x03:TPK</li> 1702 * <li>0x04:TAK</li> 1703 * <li>0x05:TDK</li> 1704 * <li>0x11:FACE_TDK</li> 1705 * <li>0x32:SM4_TMK</li> 1706 * <li>0x33:SM4_TPK</li> 1707 * <li>0x34:SM4_TAK</li> 1708 * <li>0x35:SM4_TDK</li> 1709 * <li>0x36:SM4_TCHDK</li> 1710 * <li>0x37:SM4_FACE_TDK</li> 1711 * </ul> 1712 * </div> 1713 * 1714 * @param dstKeyIndex 1715 * <div class="zh"> 1716 * <p> 1717 * 目的密钥索引 1718 * </p> 1719 * </div> <div class="en"> 1720 * <p> 1721 * Destination Key Index 1722 * </p> 1723 * </div> 1724 * 1725 * @param dstKeyValue 1726 * <div class="zh"> 1727 * <p> 1728 * 密钥明文或密文,长度可为8,16,24 1729 * </p> 1730 * </div> <div class="en"> 1731 * <p> 1732 * Plaintext or ciphertext key, the length can be 8, 16, 24 1733 * </p> 1734 * </div> 1735 * 1736 * @param checkMode 1737 * {@link ECheckMode} <div class="zh"> 1738 * <p> 1739 * 校验模式 1740 * </p> 1741 * <ul> 1742 * <li>{@link ECheckMode#KCV_NONE}</li> 1743 * <li>{@link ECheckMode#KCV_ENCRYPT_0}</li> 1744 * <li>{@link ECheckMode#KCV_ENCRYPT_FIX_DATA}</li> 1745 * <li>{@link ECheckMode#KCV_MAC_INPUT_DATA}</li> 1746 * <li>{@link ECheckMode#KCV_SM4_ENCRYPT_0}</li> 1747 * </ul> 1748 * </div> <div class="en"> 1749 * <p> 1750 * Check Mode 1751 * </p> 1752 * <ul> 1753 * <li>When checkMode=KCV_NONE -No Check</li> 1754 * <li>When checkMode=KCV_ENCRYPT_0 -Perform DES/TDES encryption on 8 bytes 0x00, and use first 4 bytes 1755 * as KCV.</li> 1756 * 1757 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform DES/TDES encryption 1758 * on 8 bytes―\x12\x34\x56\x78\x90\x12\x34\x56, and use first 4 bytes as KCV.</li> 1759 * 1760 * <li>When iCheckMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode 1761 * of MAC on [aucDesKeyValue +KcvData], and use the 8 bytes result as KCV.</li> 1762 * 1763 * <li>When iCheckMode=KCV_SM4_ENCRYPT_0 -Perform TDES encryption on 16 bytes 0x00 by SM4, and use first 1764 * 4 bytes as KCV.</li> </ul> </div> 1765 * 1766 * @param checkBuf 1767 * <div class="zh"> 1768 * <p> 1769 * 校验数据缓冲区 1770 * </p> 1771 * <ul> 1772 * <li>当checkMode={@link ECheckMode#KCV_NONE}时 checkBuf的值无效,系统认为不验证KCV,可以为null</li> 1773 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_0},4字节的kcv</li> 1774 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_FIX_DATA},4字节的kcv</li> 1775 * <li>当iCheckMode={@link ECheckMode#KCV_MAC_INPUT_DATA}时按以下规则提供checkBuf: 1776 * <p> 1777 * checkBuf[0]= KcvData长度(KcvDataLen) 1778 * </p> 1779 * <p> 1780 * checkBuf+1: KcvData 1781 * </p> 1782 * <p> 1783 * checkBuf[1+KcvDataLen]=MAC运算模式,参考{@link #getMac(byte, byte[], byte)}中的mode参数 1784 * </p> 1785 * <p> 1786 * checkBuf[2+KcvDataLen]=KCV长度 1787 * </p> 1788 * <p> 1789 * checkBuf[3+KcvDataLen]是KCV的值 1790 * </p> 1791 * </li> 1792 * <li>当checkMode={@link ECheckMode#KCV_SM4_ENCRYPT_0},4字节的kcv</li> 1793 * </ul> 1794 * </div> <div class="en"> 1795 * <p> 1796 * Check Data Buffer 1797 * </p> 1798 * <ul> 1799 * <li>When checkMode=KCV_NONE -PED wont check KCV, this data is no meaning.</li> 1800 * <li>When checkMode=KCV_ENCRYPT_0 -4 bytes key check value</li> 1801 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value</li> 1802 * <li>When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData 1803 * checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode 1804 * {@link #getMac(byte, byte[], byte)} checkBuf[2+kcvDataLen]:KCV length 1805 * checkBuf[3+kcvDataLen]:KCV Value</li> 1806 * <li>When checkMode=KCV_SM4_ENCRYPT_0 -4 bytes key check value</li> 1807 * </ul> 1808 * </div> 1809 * 1810 * @param keyVarIn <div class="zh">由keyVarIn生成dstKeyValue。</div> <div class="en">dstKeyValue is generated by keyVarIn.</div> 1811 * 1812 * @param keyVarMode <div class="zh"> 1813 * <ul> 1814 * <li>0x00:同{@link #writeKey};</li> 1815 * <li>0x01:srcKeyIndex密钥和dstKeyIndex密钥的长度都必须是16字节。 1816 * srcKeyIndex对应密钥表示SrcKey, 1817 * SrcKey的左8个字节表示为SrcKey-L。SrcKey的右边8个字节表示为SrcKey-R。 1818 * keyVarIn的左8个字节表示为keyVarIn-L。右8字节的keyVarIn表示为keyVarIn-R。 1819 * K1 = SrcKey-L XOR keyVarIn-L 1820 * K2 = SrcKey-R XOR keyVarIn-L 1821 * K3 = SrcKey-L XOR keyVarIn-R 1822 * K4 = SrcKey-R XOR keyVarIn-R 1823 * 使用K1K2解密dstKeyValue的左8字节,然后使用K3K4解密dstKeyValue的右8字节;</li> 1824 * <li>0x02:使用OWF2算法对源密钥进行解密,解密结果存储为目标密钥; </li> 1825 * <li>0x03:dstKeyValue将由源密钥用CBC TDES算法解密并存储为目标密钥;</li> 1826 * <li>0x04:dstKeyValue将由指定的源密钥用CBC TDES算法加密并存储为目标密钥;</li> 1827 * <li>0x05:使用3DES ECB加密模式从destKeyValue生成普通目的密钥; </li> 1828 * <li>0x06:源密钥通过OWF2解密dstKeyValue后再异或dstKeyValue得到目的密钥;</li> 1829 * <li>0x07:源密钥通过GOWF(OWF3)模式解密dstKeyValue得到目的密钥;</li> 1830 * </ul> 1831 * </div> <div class="en"> 1832 * <ul> 1833 * <li>0x00:like {@link #writeKey};</li> 1834 * <li>0x01:Both the srcKeyIndex key and dstKeyIndex key must be 16 bytes in length. 1835 * SrcKeyIndex corresponds to the key SrcKey, and the left 8 bytes of the SrcKey are represented as Srckey-L. 1836 * The 8 bytes to the right of the SrcKey are represented as Srckey-R. 1837 * The left 8 bytes of keyVarIn are represented as keyvarin-L.The right 8-byte keyVarIn is represented as keyvarin-R. 1838 * K1 = SrcKey-L XOR keyVarIn-L 1839 * K2 = SrcKey-R XOR keyVarIn-L 1840 * K3 = SrcKey-L XOR keyVarIn-R 1841 * K4 = SrcKey-R XOR keyVarIn-R 1842 * Decrypt the left 8 bytes of dstKeyValue with K1K2, and then decrypt the right 8 bytes of dstKeyValue with K3K4;</li> 1843 * <li>0x02:The source key is decrypted using the OWF2 algorithm, and the decryption result is stored as the target key;</li> 1844 * <li>0x03:The dstKeyValue will be decrypted by the source key using the CBC TDES algorithm and stored as the target key;</li> 1845 * <li>0x04:The dstKeyValue will be encrypted by the specified source key with the CBC TDES algorithm and stored as the target key;</li> 1846 * <li>0x05:Generate the general purpose key from dstKeyValue using 3DES ECB encryption mode;</li> 1847 * <li>0x06:The source key uses OWF2 to decrypt the dstKeyValue and then xOR dstKeyValue to obtain the target key;</li> 1848 * <li>0x07:The source key uses GOWF(OWF3) mode to decrypt the dstKeyValue to obtain the target key</li> 1849 * </ul> 1850 * </div> 1851 * 1852 * @throws PedDevException 1853 * @since V4.00.00 1854 */ 1855 void writeKeyEx(byte srcKeyType, byte srcKeyIndex, byte dstKeyType, byte dstKeyIndex, 1856 byte[] dstKeyValue, ECheckMode checkMode, byte[] checkBuf, byte[] keyVarIn, byte keyVarMode) throws PedDevException; 1857 1858 1859 /** 1860 * <div class="zh">使用AES_TAK对DataIn用Mode指定的算法进行MAC运算,将16字节的MAC结果输出, MAC运算密钥是主密钥/工作密钥体系或固定密钥体系密钥或DUKPT密钥体系。 1861 * <br/>用法: 1862 * <br/>1.敏感服务授权:在此接口内部,先进行认证以获取敏感服务授权,若授权失败则退出。 1863 * <br/>2.补零规则:将报文数据分割成若干16个字节的BLOCK,最后一个BLOCK不满16个字节则后补0x00。</div> 1864 * <div class="en">Use AES_TAK to perform MAC operation on dataIn with the algorithm specified by Mode, and output the 16-byte MAC result. 1865 * The MAC operation key is the master key/working key system or fixed key system key or DUKPT key system. 1866 * <br/>usage: 1867 * <br/>1.Sensitive service authorization: In this interface, first perform authentication to obtain sensitive service authorization, 1868 * and exit if authorization fails. 1869 * <br/>2.Zero-filling rule: divide the message data into 16-byte BLOCKs, and add 0x00 after the last BLOCK is less than 16 bytes.</div> 1870 * 1871 * @param keyIdx <div class="zh">AES_TAK 1~100索引</div> 1872 * <div class="en">AES_TAK 1~100 index</div> 1873 * @param dataIn <div class="zh">需进行 MAC 运算的数据包. 长度InLen<=2048,长度不能被16整除时,则自动补0x00</div> 1874 * <div class="en">Data packet that needs MAC operation. Length<=2048, when the length is not divisible by 16, it will automatically add 0x00</div> 1875 * @param mode <div class="zh"> 1876 * <ul> 1877 * <li>0x00: 将BLOCK1用MAC密钥做AES加密,加密结果与BLOCK2进行逐位异或后再用MAC密钥做AES加密,依次进行得到16字节的加密结果, KSN不自动加1。</li> 1878 * <li>0x01: Hypercom Fast Mode,将BLOCK1和BLOCK2进行逐位异或,异或结果与BLOCK3进行逐位异或,依次进行,最后得到16字节的异或结果,将该结果用MAC密钥进行AES加密运算,KSN不自动加1。</li> 1879 * <li>0x03: CMAC算法,KSN不自动加1。</li> 1880 * <li>0x05: HMAC-SHA256算法,KSN不自动加1。</li> 1881 * </ul></div> 1882 * <div class="en"> 1883 * <ul> 1884 * <li>0x00: Use MAC key for AES encryption of BLOCK1, and perform bitwise XOR between the encrypted result and BLOCK2 and then use MAC key for AES encryption. 1885 * The 16-byte encryption result is obtained in sequence, and KSN does not automatically add 1.</li> 1886 * <li>0x01: Hypercom Fast Mode, XOR BLOCK1 and BLOCK2 bit by bit, XOR result and BLOCK3 bit by bit XOR, in turn, finally get a 16-byte XOR result, the result is encrypted with MAC key AES Operation, 1887 * KSN does not automatically increase by 1.</li> 1888 * <li>0x03: CMAC algorithm, KSN does not automatically increase by 1.</li> 1889 * <li>0x05: HMAC-SHA256 algorithm, KSN does not automatically increase by 1.</li> 1890 * </ul></div> 1891 * @return <div class="zh">MAC输出,模式5的时候是32字节输出,其他模式16字节输出</div> 1892 * <div class="en">MAC output, 32-byte output in mode 5, 16-byte output in other modes</div> 1893 * @throws PedDevException PedDevException 1894 * @since V4.00.00 1895 */ 1896 byte[] getMacAes(byte keyIdx, byte[] dataIn, byte mode) throws PedDevException; 1897 1898 1899 /** 1900 * <div class="zh">往PED中注入一个密钥</div> 1901 * <div class="en">Inject a key into the PED.</div> 1902 * 1903 * @param format <div class="zh">固定式:0x08</div> 1904 * <div class="en">Fixed: 0x08</div> 1905 * @param srcKeyType <div class="zh">源密钥类型: 1906 * <ul> 1907 * <li>0x01: TLK</li> 1908 * <li>0x02: TMK</li> 1909 * <li>0x21: AES_TLK</li> 1910 * <li>0x22: AES_TMK</li> 1911 * </ul></div> 1912 * <div class="en">source key type: 1913 * <ul> 1914 * <li>0x01: TLK</li> 1915 * <li>0x02: TMK</li> 1916 * <li>0x21: AES_TLK</li> 1917 * <li>0x22: AES_TMK</li> 1918 * </ul></div> 1919 * @param srcKeyIdx <div class="zh">源密钥索引.源密钥是TLK/PED_AES_TLK时,索引为1.源密钥是TMK/PED_AES_TMK时,索引为1-100</div> 1920 * <div class="en">Source key index. When the source key is TLK/PED_AES_TLK, the index is 1. When the source key is TMK/PED_AES_TMK, the index is 1-100</div> 1921 * 1922 * @param dstKeyIdx <div class="zh">目的密钥索引 1923 * <ul> 1924 * <li>TMK [1~100]</li> 1925 * <li>TPK [1~100]</li> 1926 * <li>TAK [1~100]</li> 1927 * <li>TDK [1~100]</li> 1928 * <li>TCHDK [1~100]</li> 1929 * <li>TIK [1~100]</li> 1930 * <li>AES_TMK [1~100]</li> 1931 * <li>AES_TPK [1~100]</li> 1932 * <li>AES_TAK [1~100]</li> 1933 * <li>AES_TDK [1~100]</li> 1934 * <li>AES_TCHDK [1~100]</li> 1935 * <li>AES_TIK [1~100]</li> 1936 * </ul></div> 1937 * <div class="en">destination key index 1938 * <ul> 1939 * <li>TMK [1~100]</li> 1940 * <li>TPK [1~100]</li> 1941 * <li>TAK [1~100]</li> 1942 * <li>TDK [1~100]</li> 1943 * <li>TCHDK [1~100]</li> 1944 * <li>TIK [1~100]</li> 1945 * <li>AES_TMK [1~100]</li> 1946 * <li>AES_TPK [1~100]</li> 1947 * <li>AES_TAK [1~100]</li> 1948 * <li>AES_TDK [1~100]</li> 1949 * <li>AES_TCHDK [1~100]</li> 1950 * <li>AES_TIK [1~100]</li> 1951 * </ul></div> 1952 * @param keyBlock <div class="zh">长度16-256,格式如下:<br> 1953 * VersionID+Length+Usage+Algorithm+Mode+VersionNumber+Exportability+Number of Optional Blocks+ Reserved+Optional Blocks+Encryption body+MAC 1954 * <ul> 1955 * <li>VersionID:密钥块版本标识,1byte,'B'-TDEA,'D'-AES</li> 1956 * <li>Length:密钥块长度,4byte,十进制ASCII表示</li> 1957 * <li>Usage:密钥类型,2byte,'P0'-PIN encryption,'B1'-DUKPT TIK,'K0'-TMK,'D0'-TDK,'Mx'-TAK,'C1'-TCHDK,'99'-TSK</li> 1958 * <li>Algorithm:密钥算法,1byte,'T'-TDEA,'A'-AES</li> 1959 * <li>Mode:密钥使用方式,1byte,忽略</li> 1960 * <li>VersionNumber:密钥版本,2byte,忽略</li> 1961 * <li>Exportability:输出,1byte,忽略</li> 1962 * <li>Number of Optional Blocks:可选块个数,2byte,00/01/02</li> 1963 * <li>Reserved:保留域.2byte,忽略</li> 1964 * <li>Optional Blocks:可选块,长度是8('B'/TDES)或者16('D'/AES)的倍数,不足时需补充填充块以满足要求</li> 1965 * <li>Encryption body:密文块,2byte+key+padding</li> 1966 * <li>MAC:TDES是16byte, AES是32byte</li> 1967 * </ul></div> 1968 * <div class="en">Length 16-256, the format is as follows:<br> 1969 * VersionID+Length+Usage+Algorithm+Mode+VersionNumber+Exportability+Number of Optional Blocks+ Reserved+Optional Blocks+Encryption body+MAC 1970 * <ul> 1971 * <li>VersionID: key block version identifier,1byte, 'B'-TDEA,'D'-AES</li> 1972 * <li>Length: key block length, 4byte,十进制ASCII表示</li> 1973 * <li>Usage: key type,2byte,'P0'-PIN encryption,'B1'-DUKPT TIK,'K0'-TMK,'D0'-TDK,'Mx'-TAK,'C1'-TCHDK,'99'-TSK</li> 1974 * <li>Algorithm: key algorithm, 1byte,'T'-TDEA,'A'-AES</li> 1975 * <li>Mode: key Usage, 1byte, ignorable</li> 1976 * <li>VersionNumber: key version,2byte, ignorable</li> 1977 * <li>Exportability: output, 1byte, ignorable</li> 1978 * <li>Number of Optional Blocks: number of optional blocks, 2byte,00/01/02</li> 1979 * <li>Reserved: reserved domain. 2byte, ignorable</li> 1980 * <li>Optional Blocks:Optional blocks, the length is a multiple of 8('B'/TDES) or 16('D'/AES), if insufficient, fill blocks are required to meet the requirements</li> 1981 * <li>Encryption body: ciphertext block,2byte+key+padding</li> 1982 * <li>MAC: TDES is 16byte, AES is 32byte</li> 1983 * </ul></div> 1984 * 1985 * 1986 * @throws PedDevException PedDevException 1987 * @since V4.00.00 1988 */ 1989 void injectKeyBlock(byte format, byte srcKeyType, byte srcKeyIdx, byte dstKeyIdx, byte[] keyBlock) throws PedDevException; 1990 1991}