001/* 002 * =========================================================================================== 003 * = COPYRIGHT 004 * PAX Computer Technology (Shenzhen) Co., Ltd. PROPRIETARY INFORMATION 005 * This software is supplied under the terms of a license agreement or nondisclosure 006 * agreement with PAX Computer Technology (Shenzhen) Co., Ltd. and may not be copied or 007 * disclosed except in accordance with the terms in that agreement. 008 * Copyright (C) 2017-2023 PAX Computer Technology (Shenzhen) Co., Ltd. All rights reserved. 009 * Description: // Detail description about the function of this module, 010 * // interfaces with the other modules, and dependencies. 011 * Revision History: 012 * Date Author Action 013 * 2017/04/01 PAX Create/Add/Modify/Delete 014 * =========================================================================================== 015 */ 016 017package com.pax.dal; 018 019import com.pax.dal.entity.ECheckMode; 020import com.pax.dal.entity.EPedMacMode; 021import com.pax.dal.entity.RSAKeyInfo; 022import com.pax.dal.exceptions.PedDevException; 023 024/** 025 * <pre> 026 * <div class="zh"> 获取途径:NeptuneLiteUser.getInstance().getDal(getApplicationContext()).getPedNp()</div> 027 * 028 * <pre> 029 * <div class="en"> Acquisition approach:NeptuneLiteUser.getInstance().getDal(getApplicationContext()).getPedNp()</div> 030 * 031 */ 032public interface IPedNp { 033 /** 034 * <div class="zh"> 种子密钥</div> <div class="en"> Seed Key </div> 035 */ 036 public static final int PED_TSK = 0x40; 037 /** 038 * <div class="zh"> 私密数据 </div> <div class="en"> Secret Data </div> 039 */ 040 public static final int PED_TSD = 0x41; 041 042 /** 043 * <div class="zh"> 使用RsaKey加密指定的数据,数据格式如下: [Header data +TSK+ TSD + Random padded 044 * data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为null </div> <div class="en"> Uses public key RsaKey to encrypt 045 * specified data. The specified data format is as followed: [Header data + TSK + TSD + Random padded data]; The 046 * specified data to be encrypted should be less than public key modulus; otherwise, the encryption may fail. So the 047 * Header data is suggested to be null.</div> 048 * 049 * @param rsaKey 050 * <div class="zh"> Rsa 公钥</div> <div class="en"> RSA public key </div> 051 * @param header 052 * <div class="zh"> 头部数据 </div> <div class="en">The header data </div> 053 * @param TskIdx 054 * <div class="zh"> Tsk索引 </div> <div class="en"> Tsk slot </div> 055 * @param TsdIdx 056 * <div class="zh"> Tsd索引 </div> <div class="en"> Tsd slot </div> 057 * @return <div class="zh"> 待输出密文密钥,缓冲区大小为RsaKey的模长 </div> <div class="en"> return the cipher key, the buffer size 058 * is the modulus length of RsaKey </div> 059 * @throws PedDevException 060 */ 061 byte[] exportKey(RSAKeyInfo rsaKey, String header, int TskIdx, int TsdIdx) throws PedDevException; 062 063 /** 064 * <div class="zh"> 生成一个随机密钥 </div> <div class="en"> Generate a random key. </div> 065 * 066 * @param keyIdx 067 * <div class="zh">密钥索引[1~100]</div> <div class="en"> 1~100: Index of key. </div> 068 * @param keyType 069 * <div class="zh"> PED_TSK:用于发散的密钥种子</div> <div class="en"> PED_TSK:Seed key for diversification </div> 070 * @param keyLen 071 * <div class="zh"> 8/16/24 </div> <div class="en"> 8/16/24 </div> 072 * @throws PedDevException 073 */ 074 void genRandomKey(int keyIdx, int keyType, int keyLen) throws PedDevException; 075 076 /** 077 * <div class="zh"> 写入一个由PED_TDK或PED_TAESK派生出的PED_TSD、PED_TDK、PED_TAESK、PED_TIK密钥。 </div> 078 * <div class="en"> Write a PED_TSD, PED_TDK, PED_TAESK, PED_TIK derived by PED_TDK or PED_TAESK. </div> 079 * 080 * @param srcKeyType 081 * <div class="zh">源秘钥类型。 082 * <ul> 083 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 084 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 085 * <li>{@link #PED_TSK}</li> 086 * </ul> 087 * 088 * </div> 089 * <div class="en"> Source key type. 090 * <ul> 091 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 092 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 093 * <li>{@link #PED_TSK}</li> 094 * </ul> 095 * </div> 096 * @param scrKeyIdx 097 * <div class="zh"> 源秘钥索引[1-100] </div> <div class="en"> Source key index, the valid range is 1~100. 098 * </div> 099 * @param dstKeyType 100 * <div class="zh"> 目的密钥类型。 101 * <ul> 102 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 103 * <li>{@link #PED_TSD}</li> 104 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 105 * <li>{@link com.pax.dal.entity.EPedKeyType#TIK}</li> 106 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 107 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 108 * </ul> 109 * </div> 110 * <div class="en"> Destination key type. 111 * <ul> 112 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 113 * <li>{@link #PED_TSD}</li> 114 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 115 * <li>{@link com.pax.dal.entity.EPedKeyType#TIK}</li> 116 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 117 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 118 * </ul> 119 * </div> 120 * @param dstKeyIdx 121 * <div class="zh"> 目的密钥索引[1-100] </div> <div class="en"> Destination key index, the valid range is 122 * 1~100. </div> 123 * @param dstKeyLen 124 * <div class="zh"> 目的密钥长度,16/24 </div> <div class="en"> Destination key length,16/24 </div> 125 * @param dataIn 126 * <div class="zh"> 127 * <ul> 128 * <li>当srcKeyType为{@link com.pax.dal.entity.EPedKeyType#TAESK}时,dataIn的长度为16或者32字节。</li> 129 * <li>当dstKeyType为{@link com.pax.dal.entity.EPedKeyType#TIK}时,dataIn必须是42字节。32字节密码密钥数据(如果密钥数据是16字节,您可以填充任何数据到32字节) + 10字节KSN。</li> 130 * <li>否则,dataIn长度为16或24字节。如果解密后数据的长度大于dstKeyLen,解密数据前dstKeyLen字节被用作密钥值。</li> 131 * </ul> 132 * </div> 133 * <div class="en"> 134 * <ul> 135 * <li>When srcKeyType {@link com.pax.dal.entity.EPedKeyType#TAESK}, the length of the dataIn is 16 or 32 bytes.</li> 136 * <li>When dstKeyType {@link com.pax.dal.entity.EPedKeyType#TIK}, dataIn byte must be 42 bytes. 32 bytes of key value (if the key value is 16 bytes, you can populate any data up to 32 bytes) + 10 bytes of KSN.</li> 137 * <li>Otherwise, the dataIn is 16 or 24 bytes, if the length of decrypted data is larger than dstKeyLen, only the first dstKeyLen of decrypted data will be used as key value.</li> 138 * </ul> 139 * </div> 140 * @param encType 141 * <div class="zh"> 142 * <ul> 143 * <li>如果encType=0,CBC TDES/AES算法使用源密钥解密密文文本数据,并储存为目的密钥。</li> 144 * <li>如果encType=1,则CBC TDES/AES算法使用指定源密钥对普通文本数据进行加密,并将结果储存为目的密钥。</li> 145 * <li>如果encType=2,ECB TDES/AES算法使用源密钥解密密文文本数据,并储存为目的密钥。</li> 146 * <li>如果encType=3,则ECB TDES/AES算法使用指定源密钥对普通文本数据进行加密,并将结果储存为目的密钥。</li> 147 * </ul> 148 * </div> 149 * <div class="en"> 150 * <ul> 151 * <li>If EncType=0,it is the cipher text data which will be decrypted with CBC TDES/AES algorithm by the source key and stored as destination key.</li> 152 * <li>If EncType=1, it is the plain text data which will be encrypted with CBC TDES/AES algorithm by a specified source key and stored as destination key.</li> 153 * <li>If EncType=2, it is the cipher text data which will be decrypted with ECB TDES/AES algorithm by the source key and stored as destination key.</li> 154 * <li>If EncType=3, it is the plain text data which will be encrypted with ECB TDES/AES algorithm by a specified source key and stored as destination key.</li> 155 * </ul> 156 * </div> 157 * @param vector 158 * <div class="zh"> 159 * <ul> 160 * <li>当srcKeyType为{@link com.pax.dal.entity.EPedKeyType#TAESK}时,16字节CBC初始化向量。</li> 161 * <li>否则,vector为8字节CBC初始化向量。如果vector被设置为NULL,CBC算法将“\x00\x00\x00\x00\x00\x00\x00\x00”当做初始化向量。</li> 162 * </ul> 163 * </div> 164 * <div class="en"> 165 * <ul> 166 * <li>When srcKeyType {@link com.pax.dal.entity.EPedKeyType#TAESK}, vector is 16 bytes CBC initialization vector.</li> 167 * <li>Otherwise, the vector is 8 bytes CBC init vector. If the Vector is set to NULL, the CBC algorithm treats "\x00\x00\x00\x00\x00\x00\x00\x00" as the initialization vector.</li> 168 * </ul> 169 * </div> 170 * @throws PedDevException 171 */ 172 void writeKey(byte srcKeyType, byte scrKeyIdx, byte dstKeyType, byte dstKeyIdx, byte dstKeyLen, byte[] dataIn, 173 byte encType, byte[] vector) throws PedDevException; 174 175 /** 176 * <div class="zh">将srcKeyType指定的源密钥与keyVar异或生成一个新的dstKeyIdx类型的密钥,并将新的密钥保存到dstKeyType。</div> <div class="en"> Generate 177 * a new dstKeyType key by XOR-ing keyVar using the source key specified by srcKeyType and store the new key to 178 * dstKeyIdx. </div> 179 * 180 * @param srcKeyType 181 * <div class="zh"> 源密钥类型。{@link #PED_TSK}。 </div> <div class="en"> The source key type. {@link #PED_TSK}.</div> 182 * @param srcKeyIdx 183 * <div class="zh"> 源密钥索引[1~100] </div> <div class="en"> The source key index, the valid range is 1~100. 184 * </div> 185 * @param dstKeyType 186 * <div class="zh"> 目的密钥类型。 187 * <ul> 188 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 189 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 190 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 191 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 192 * </ul> 193 * </div> 194 * <div class="en"> The destination key. 195 * <ul> 196 * <li>{@link com.pax.dal.entity.EPedKeyType#TAK}</li> 197 * <li>{@link com.pax.dal.entity.EPedKeyType#TAESK}</li> 198 * <li>{@link com.pax.dal.entity.EPedKeyType#TDK}</li> 199 * <li>{@link com.pax.dal.entity.EPedKeyType#TPK}</li> 200 * </ul> 201 * </div> 202 * @param dstKeyIdx 203 * <div class="zh"> 目的密钥索引[1~100] </div> <div class="en"> The destination key index, the valid range is 204 * 1~100. </div> 205 * @param keyVar 206 * <div class="zh"> 与{@link #PED_TSK}异或的常量值,长度与{@link #PED_TSK}相同。 207 * <ul> 208 * <li>当dstKeyType为{@link com.pax.dal.entity.EPedKeyType#TAESK}时,{@link #PED_TSK}的长度为16或者24字节。</li> 209 * <li>否则,{@link #PED_TSK}的长度为24字节。</li> 210 * </ul> 211 * </div> 212 * <div class="en"> The constant value to be XORed by {@link #PED_TSK}. and length is the same as {@link #PED_TSK}. 213 * <ul> 214 * <li>When dstKeyType {@link com.pax.dal.entity.EPedKeyType#TAESK}, {@link #PED_TSK} length is 16 or 24 bytes.</li> 215 * <li>Otherwise, {@link #PED_TSK} length is 24 bytes.</li> 216 * </ul> 217 * </div> 218 * @throws PedDevException 219 */ 220 void writeKeyVar(int srcKeyType, int srcKeyIdx, int dstKeyType, int dstKeyIdx, byte[] keyVar) 221 throws PedDevException; 222 223 /** 224 * <div class="zh"> 通过使用公钥加密密钥来导出密钥 </div> <div class="en"> export the key encrypt by RSA public key </div> 225 * 226 * @param pubKeyIdx 227 * <div class="zh"> RSA公钥索引, 1~10 </div> <div class="en"> RSA public key index, 1~10 </div> 228 * @param keyType 229 * <div class="zh"> 导出秘钥类型,只能是PED_TSK </div> <div class="en"> export key type,only PED_TSK </div> 230 * @param keyIdx 231 * <div class="zh"> 导出秘钥的索引,1~100 </div> <div class="en"> export key index,1-100</div> 232 * @param dataOutFormat 233 * <div class="zh"> 只能是0x00 </div> <div class="en"> only can be 0x00</div> 234 * @return <div class="zh"> format: '0x00' + key length (1 bytes)+ key value + (modulus len - 2 - key length) bytes 235 * padding </div> <div class="en"> format: '0x00' + key length (1 bytes)+ key value + (modulus len - 2 - key 236 * length) bytes padding </div> 237 * @throws PedDevException 238 */ 239 byte[] exportKeyEncByRsa(int pubKeyIdx, int keyType, int keyIdx, byte dataOutFormat) throws PedDevException; 240 241 242 /** 243 * <div class="zh"> 生成RSA密钥对并注入PED </div> <div class="en"> Generate RSA key pairs then inject into PED </div> 244 * 245 * @param prvKeyIdx 246 * <div class="zh">私钥索引1-10</div> <div class="en"> Private key index 1-10 </div> 247 * @param pubKeyIdx 248 * <div class="zh">公钥索引1-10</div> <div class="en">Public key index 1-10</div> 249 * @param modLenBit 250 * <div class="zh"> 模长,支持512,1024,2048。 </div> <div class="en"> Modulus len,support 512,1024,2048. </div> 251 * @param pubExpType 252 * <div class="zh"> 公共指数类型:0:3 1:65537 </div> <div class="en"> Public exponent type: 0:3 1:65537 </div> 253 * @throws PedDevException 254 * 255 * @since V3.06.00 256 */ 257 void genRsaKey(byte prvKeyIdx, byte pubKeyIdx, int modLenBit, int pubExpType ) throws PedDevException; 258 259 /** 260 * <div class = "zh">注入由RSA公钥加密的密钥。</div> <div class = "en">Inject the key which is encrypted by RSA public key.</div> 261 * 262 * @param dataIn <div class = "zh">由RSA公钥加密的密文,长度为64,128或256 bytes </div> 263 * <div class = "en">The ciphertext encrypted with RSA public key is 64,128 or 256 bytes</div> 264 * 265 * @param prvKeyIdx <div class = "zh">RSA私钥索引。取值范围: 1~10。</div> <div class = "en">The index of RSA private key. value Range:1~10</div> 266 * 267 * @param dstKeyType <div class = "zh">目的密钥类型。{@link #PED_TSK} </div> 268 * <div class = "en">Destination key type. {@link #PED_TSK} </div> 269 * 270 * @param dstKeyIdx <div class = "zh">目的密钥索引。</div> <div class = "en">The destination key index.</div> 271 * 272 * @param ksnIn <div class = "zh">预留。 </div> 273 * <div class = "en">Reserve.</div> 274 * 275 * @param checkMode {@link ECheckMode} <div class="zh"> 276 * <p>校验模式</> 277 * <ul> 278 * <li>{@link ECheckMode#KCV_NONE}</li> 279 * <li>{@link ECheckMode#KCV_ENCRYPT_0}</li> 280 * <li>{@link ECheckMode#KCV_ENCRYPT_FIX_DATA}</li> 281 * <li>{@link ECheckMode#KCV_MAC_INPUT_DATA}</li> 282 * <li>{@link ECheckMode#KCV_SM4_ENCRYPT_0}</li> 283 * </ul> 284 * </div> 285 * <div class="en"> 286 * <p>Check Mode</p> 287 * <ul> 288 * <li>When checkMode=KCV_NONE -No Check</li> 289 * <li>When checkMode=KCV_ENCRYPT_0 -Perform DES/TDES encryption on 8 bytes 0x00, and use first 4 bytes 290 * as KCV.</li> 291 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform DES/TDES encryption 292 * on 8 bytes―\x12\x34\x56\x78\x90\x12\x34\x56, and use first 4 bytes as KCV.</li> 293 * <li>When iCheckMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode 294 * of MAC on [aucDesKeyValue +KcvData], and use the 8 bytes result as KCV.</li> 295 * <li>When iCheckMode=KCV_SM4_ENCRYPT_0 -Perform TDES encryption on 16 bytes 0x00 by SM4, and use first 296 * 4 bytes as KCV.</li> 297 * </ul> 298 * </div> 299 * 300 * @param checkBuf <div class="zh"> 301 * <p> 302 * 校验数据缓冲区 303 * </p> 304 * <ul> 305 * <li>当checkMode={@link ECheckMode#KCV_NONE}时 checkBuf的值无效,系统认为不验证KCV,可以为null</li> 306 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_0},4字节的kcv</li> 307 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_FIX_DATA},4字节的kcv</li> 308 * <li>当iCheckMode={@link ECheckMode#KCV_MAC_INPUT_DATA}时按以下规则提供checkBuf: 309 * <p> 310 * checkBuf[0]= KcvData长度(KcvDataLen) 311 * </p> 312 * <p> 313 * checkBuf+1: KcvData 314 * </p> 315 * <p> 316 * checkBuf[1+KcvDataLen]=MAC运算模式,参考{@link IPed#getMac(byte, byte[], EPedMacMode)}中的mode参数 317 * </p> 318 * <p> 319 * checkBuf[2+KcvDataLen]=KCV长度 320 * </p> 321 * <p> 322 * checkBuf[3+KcvDataLen]是KCV的值 323 * </p> 324 * </li> 325 * <li>当checkMode={@link ECheckMode#KCV_SM4_ENCRYPT_0},4字节的kcv</li> 326 * </ul> 327 * </div> <div class="en"> 328 * <p> 329 * Check Data Buffer 330 * </p> 331 * <ul> 332 * <li>When checkMode=KCV_NONE -PED wont check KCV, this data is no meaning.</li> 333 * <li>When checkMode=KCV_ENCRYPT_0 -4 bytes key check value</li> 334 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value</li> 335 * <li>When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData 336 * checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode 337 * {@link IPed#getMac(byte, byte[], EPedMacMode)} checkBuf[2+kcvDataLen]:KCV length 338 * checkBuf[3+kcvDataLen]:KCV Value</li> 339 * <li>When checkMode=KCV_SM4_ENCRYPT_0 -4 bytes key check value</li> 340 * </ul> 341 * </div> 342 * 343 * @throws PedDevException 344 * 345 * @since V3.06.00 346 */ 347 void writeKeyEncByRsa(byte[] dataIn, byte prvKeyIdx, byte dstKeyType, byte dstKeyIdx, byte[] ksnIn, 348 ECheckMode checkMode, byte[] checkBuf) throws PedDevException; 349 350 /** 351 * <div class="zh"> 清除PED里的所有密钥信息 </div> <div class="en"> Clear all key information of PED. </div> 352 * 353 * @return <div class="zh"> 354 * <ul> 355 * <li>true-擦除成功</li> 356 * <li>false-擦除失败</li> 357 * </ul> 358 * </div> <div class="en"> 359 * <ul> 360 * <li>true -- Clear success</li> 361 * <li>false -- Clear failure</li> 362 * </ul> 363 * </div> 364 * 365 * @throws PedDevException 366 * 367 * @since V3.06.00 368 */ 369 boolean erase() throws PedDevException; 370 371 /** 372 * <div class="zh"> 使用RsaKey加密指定的数据,数据格式如下: [Header data +TSK+ TSD + Random padded 373 * data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为null。</div> <div class="en"> Uses public key RsaKey to encrypt 374 * specified data. The specified data format is as followed: [Header data + TSK + TSD + Random padded data]; The 375 * specified data to be encrypted should be less than public key modulus; otherwise, the encryption may fail. So the 376 * Header data is suggested to be null. </div> 377 * 378 * @param rsaKeyInfo 379 * <div class="zh"> Rsa 公钥。</div> <div class="en"> RSA public key. </div> 380 * @param header 381 * <div class="zh"> 头部数据。 </div> <div class="en">The header data. </div> 382 * @param tskIndex 383 * <div class="zh"> Tsk索引。 </div> <div class="en"> Tsk slot. </div> 384 * @param tsdIndex 385 * <div class="zh"> Tsd索引 。</div> <div class="en"> Tsd slot. </div> 386 * @return <div class="zh"> 待输出密文密钥,缓冲区大小为RsaKey的模长。 </div> <div class="en"> return the cipher key, the buffer size 387 * is the modulus length of RsaKey. </div> 388 * @throws PedDevException 389 * @since V3.08.00 390 */ 391 byte[] exportKeyOAEP(RSAKeyInfo rsaKeyInfo, byte[] header, int tskIndex, int tsdIndex) throws PedDevException; 392 393 /** 394 * <div class="zh">导出事务密钥和初始mac密钥。</div> <div class="en">Export the transaction key and the original MAC key.</div> 395 * 396 * @param srcKeyType <div class="zh">源密钥类型。 397 * <ul> 398 * <li>0x01:KCA(KIA)</li> 399 * <li>0x02:KEK</li> 400 * </ul></div> 401 * <div class="en">Type of source key. 402 * <ul> 403 * <li>0x01:KCA(KIA)</li> 404 * <li>0x02:KEK</li> 405 * </ul></div> 406 * 407 * @param srcKeyIndex <div class="zh">源密钥索引。</div> <div class="en">Index of source index.</div> 408 * 409 * @param dstKeyType <div class="zh">目的密钥类型。 410 * <ul> 411 * <li>当srcKeyIndex=0x01,则dstKeyType可以为KCA(KIA)、KEK、TAK、TPK、TDK。</li> 412 * <li>当srcKeyIndex=0x02,则dstKeyType可以为KEK、TAK、TPK、TDK。</li> 413 * </ul></div> 414 * <div class="en">Type of destination key. 415 * <ul> 416 * <li>When srcKeyIndex=0x01, dstKeyType can be KCA(KIA), KEK, TAK, TPK, and TDK.</li> 417 * <li>When srcKeyIndex=0x02, dstKeyType can be KEK, TAK, TPK, and TDK.</li> 418 * </ul></div> 419 * 420 * @param dstKeyIndex <div class="zh">目的密钥索引。</div> <div class="en">Index of destination key.</div> 421 * 422 * @param dataIn <div class="zh">用于派生16字节数据。</div> <div class="en">Used to derive 16 bytes of data.</div> 423 * 424 * @param keyVar <div class="zh">16字节的xor值。如果不存在就设为null,此时无需调用{@link #writeKeyVar(int, int, int, int, byte[])}。 </div> 425 * <div class="en">A 16-byte xor value.Set it to null if it doesn't exist, and don't need to call {@link #writeKeyVar(int, int, int, int, byte[])}.</div> 426 * 427 * @param iv <div class="zh"> 428 * <ul> 429 * <li>当mode=0时:为null。</li> 430 * <li>当mode=1时:8字节的IV值。</li> 431 * </ul></div> 432 * <div class="en"> 433 * <ul> 434 * <li>When mode=0: is null.</li> 435 * <li>When mode=1: 8 bytes of IV value.</li> 436 * </ul></div> 437 * 438 * @param mode <div class="zh"> 439 * <ul> 440 * <li>0:OWF发散。</li> 441 * <li>1:CBC发散。</li> 442 * </ul></div> 443 * <div class="en"> 444 * <ul> 445 * <li>0:OWF divergence.</li> 446 * <li>1:CBC divergence.</li> 447 * </ul></div> 448 * 449 * @throws PedDevException 450 * @since V3.11.00 451 * @deprecated 452 * @see IPedBg#asDeriveKey(byte, byte, byte, byte, byte[], byte[], byte[], byte) 453 */ 454 void asDeriveKey(byte srcKeyType, byte srcKeyIndex, byte dstKeyType, byte dstKeyIndex, byte[] dataIn, byte[] keyVar, byte[] iv, byte mode) throws PedDevException; 455 456 /** 457 * <div class="zh">加载Key到PED。</div> <div class="en">Load the key into the PED.</div> 458 * 459 * @param tcuIndex <div class="zh">tcu RSA私钥索引。</div> <div class="en">Index of tcu RSA private key.</div> 460 * 461 * @param keyIndex <div class="zh">Key索引。</div> <div class="en">Index of key.</div> 462 * 463 * @param dataEncrypted <div class="zh">用tcu RSA私钥加密的输入数据(256字节)。</div> <div class="en">Input data encrypted with the tcu RSA private key (256 bytes).</div> 464 * 465 * @param mode <div class="zh"> 466 * <ul> 467 * <li>0:keyIndex为KCA索引。</li> 468 * <li>1:keyIndex为TAK索引。</li> 469 * </ul></div> 470 * <div class="en"> 471 * <ul> 472 * <li>0:keyIndex is index of KCA.</li> 473 * <li>1:keyIndex is index of TAK.</li> 474 * </ul></div> 475 * 476 * @return <div class="zh">输出RNtcu数据,8字节。</div> <div class="en">Output RNtcu data, 8 bytes.</div> 477 * 478 * @throws PedDevException 479 * @since V3.11.00 480 * @deprecated 481 * @see IPedBg#asLoadKeyAsym(byte, byte, byte[], byte) 482 */ 483 byte[] asLoadKeyAsym(byte tcuIndex, byte keyIndex, byte[] dataEncrypted, byte mode) throws PedDevException; 484 485 /** 486 * <div class="zh">将KEK1/KEK2/PPASN加载到PED。</div> <div class="en">Load KEK1/KEK2/PPASN into PED.</div> 487 * 488 * @param kiaIndex <div class="zh">KIA索引[1~10]。</div> <div class="en">Index of KIA [1~10].</div> 489 * 490 * @param kek1Index <div class="zh">KEK1索引[1~10]。</div> <div class="en">Index of KEK1 [1~10].</div> 491 * 492 * @param kek2Index <div class="zh">KEK2索引[1~10]。</div> <div class="en">Index of KEK2 [1~10].</div> 493 * 494 * @param ppasnIndex <div class="zh">PPASN索引[1~5]。</div> <div class="en">Index of PPASN [1~5].</div> 495 * 496 * @param keyVar <div class="zh">用于生成KIA变量密钥的变量,16字节,这个变量用于解密PPASN。</div> 497 * <div class="en">The variable used to generate the key for the KIA variable, 16 bytes, which is used to decrypt the PPASN.</div> 498 * 499 * @param fmtAiicBlk <div class="zh">16字节 AIIC。</div> <div class="en">AIIC, 16 bytes.</div> 500 * 501 * @param cipherKeyIn <div class="zh">密文格式。注:mode=1时才有MAC数据 502 * <table border="1"> 503 * <tr> 504 * <th>Name</th> 505 * <th>Contents</th> 506 * <th>Length</th> 507 * <th>Attribute</th> 508 * <th>Bytes</th> 509 * </tr> 510 * <tr> 511 * <td>eKIA(KEK1)</td> 512 * <td>Terminal master key 1 encrypted by Acquirer Initialisation key.</td> 513 * <td>128</td> 514 * <td>b</td> 515 * <td>16</td> 516 * </tr> 517 * <tr> 518 * <td>eKIA(KEK2)</td> 519 * <td>Terminal master key 2 encrypted by Acquirer Initialisation key.</td> 520 * <td>128</td> 521 * <td>b</td> 522 * <td>16</td> 523 * </tr> 524 * <tr> 525 * <td>eKIA(PPASN)</td> 526 * <td>PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key.</td> 527 * <td>64</td> 528 * <td>b</td> 529 * <td>8</td> 530 * </tr> 531 * <tr> 532 * <td>MAC</td> 533 * <td>MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN)using the acquiers KMACi.</td> 534 * <td>8</td> 535 * <td>n</td> 536 * <td>4</td> 537 * </tr> 538 * </table> 539 * </div> <div class="en">Ciphertext format.Note: MAC data is available only when mode=1 540 * <table border="1"> 541 * <tr> 542 * <th>Name</th> 543 * <th>Contents</th> 544 * <th>Length</th> 545 * <th>Attribute</th> 546 * <th>Bytes</th> 547 * </tr> 548 * <tr> 549 * <td>eKIA(KEK1)</td> 550 * <td>Terminal master key 1 encrypted by Acquirer Initialisation key.</td> 551 * <td>128</td> 552 * <td>b</td> 553 * <td>16</td> 554 * </tr> 555 * <tr> 556 * <td>eKIA(KEK2)</td> 557 * <td>Terminal master key 2 encrypted by Acquirer Initialisation key.</td> 558 * <td>128</td> 559 * <td>b</td> 560 * <td>16</td> 561 * </tr> 562 * <tr> 563 * <td>eKIA(PPASN)</td> 564 * <td>PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key.</td> 565 * <td>64</td> 566 * <td>b</td> 567 * <td>8</td> 568 * </tr> 569 * <tr> 570 * <td>MAC</td> 571 * <td>MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN)using the acquiers KMACi.</td> 572 * <td>8</td> 573 * <td>n</td> 574 * <td>4</td> 575 * </tr> 576 * </table> 577 * </div> 578 * 579 * @param mode <div class="zh">支持0和1。</div> <div class="en"> support 0 and 1.</div> 580 * 581 * @throws PedDevException 582 * @since V3.11.00 583 * @deprecated 584 * @see IPedBg#asLoadKEK(byte, byte, byte, byte, byte[], byte[], byte[], byte) 585 */ 586 void asLoadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte ppasnIndex, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKeyIn, byte mode) throws PedDevException; 587 588 /** 589 * <div class="zh">翻转KEK1/KEK2。</div> <div class="en">Roll KEK1/KEK2.</div> 590 * 591 * @param kekFlag <div class="zh"><ul> 592 * <li>0x31:KEK1。</li> 593 * <li>0x32:KEK2。</li></ul></div> 594 * <div class="en"><ul> 595 * <li>0x31:KEK1.</li> 596 * <li>0x32:KEK2.</li></ul></div> 597 * 598 * @param kek1Index <div class="zh">KEK1索引[1~10]。</div> <div class="en">Index of KEK1 [1~10].</div> 599 * 600 * @param kek2Index <div class="zh">KEK2索引[1~10]。</div> <div class="en">Index of KEK2 [1~10].</div> 601 * 602 * @param ppasnIndex <div class="zh">PPASN索引[1~5]。</div> <div class="en">Index of PPASN [1~10].</div> 603 * 604 * @throws PedDevException 605 * @since V3.11.00 606 * @deprecated 607 * @see IPedBg#asRollKeys(byte, byte, byte, byte) 608 */ 609 void asRollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte ppasnIndex) throws PedDevException; 610 611 /** 612 * <div class="zh">设置脱机PIN模式,并为外部PINPAD提供一些参数。</div> 613 * <div class="en">Set offline PIN mode and provide some parameters for external PINPAD.</div> 614 * 615 * @param mode <div class="zh"> 616 * <ul> 617 * <li>0x00:内部PINPAD,默认模式。</li> 618 * <li>0x01:外部PINPAD。</li> 619 * </ul> 620 * </div> 621 * <div class="en"> 622 * <ul> 623 * <li>0x00:Built-in PINPAD, default mode.</li> 624 * <li>0x01:External PINPAD.</li> 625 * </ul> 626 * </div> 627 * 628 * @param tpkIndex <div class="zh">TPK秘钥索引。 </div> <div class="en">The index of TPK.</div> 629 * 630 * @param pinBlock <div class="zh">8字节ISO9564格式1的加密 PINBLOCK。</div> <div class="en">8-byte Cipher PINBLOCK with ISO9564 Format 1.</div> 631 * 632 * @throws PedDevException 633 * @since V3.17.00 634 */ 635 void setOfflinePinMode(byte mode, byte tpkIndex, byte[] pinBlock) throws PedDevException; 636 637 /** 638 * <div class="zh">使用保护密钥加密指定的密钥并输出加密密钥。</div> 639 * <div class="en">Use key protection key to encrypt the specified key and output the cipher key block.</div> 640 * 641 * @param srcKeyIndex <div class="zh">保护密钥索引。取值范围:1~100。</div> <div class="en">The index of key protection key. Value range:1~100.</div> 642 * 643 * @param srcKeyType <div class="zh">保护密钥类型。 644 * <ul> 645 * <li>0x42:TXK</li> 646 * <li>0x43:PPAD_TMK</li> 647 * </ul> 648 * </div> 649 * <div class="en">The key type of key protection key. 650 * <ul> 651 * <li>0x42:TXK</li> 652 * <li>0x43:PPAD_TMK</li> 653 * </ul> 654 * </div> 655 * 656 * @param destkeyIndex <div class="zh">目的密钥索引。取值范围:1~100。</div> <div class="en">The destination key index.Value range:1~100.</div> 657 * 658 * @param destKeyType <div class="zh">目的密钥类型。 659 * <ul> 660 * <li>0x43:PPAD_TMK</li> 661 * <li>0x44:PPAD_TPK</li> 662 * </ul> 663 * </div> 664 * <div class="en">The destination key type. 665 * <ul> 666 * <li>0x43:PPAD_TMK</li> 667 * <li>0x44:PPAD_TPK</li> 668 * </ul> 669 * </div> 670 * 671 * @param keyLen <div class="zh">目的密钥长度。现支持8、16、24位长度。</div> <div class="en">Destination key length. 8, 16, and 24 lengths are now supported.</div> 672 * 673 * @param genMode <div class="zh"> 674 * <ul> 675 * <li>0x00:使用已经存在的目的密钥。</li> 676 * <li>0x01:生成新的目的密钥。生成一个随机密钥存储在PED中,索引为destkeyIndex。</li> 677 * </ul> 678 * </div> 679 * <div class="en"> 680 * <ul> 681 * <li>0x00:Using the existed destination key.</li> 682 * <li>0x01:Create a destination key.generate a real random key in PED on destkeyIndex.</li> 683 * </ul> 684 * </div> 685 * 686 * @param dataIn <div class="zh">输入密钥块。最长32字节。</div> 687 * <div class="en">Input Data for key block. Max 32 bytes.</div> 688 * 689 * @return <div class="zh">目标密钥的加密密钥块。最长32字节。</div> 690 * <div class="en">The cipher key block of destination key. Max 32 bytes.</div> 691 * 692 * @throws PedDevException 693 * @since V3.17.00 694 */ 695 byte[] genPinpadKeyBlock(byte srcKeyIndex, byte srcKeyType, byte destkeyIndex, byte destKeyType, byte keyLen, byte genMode, byte[] dataIn) throws PedDevException; 696 697 /** 698 * <div class="zh">将PinBlock转为online PINBlock。</div> 699 * <div class="en">Translate a pinpad session TPK pin block to online TPK pin block.</div> 700 * 701 * @param pinpadTPKIndex <div class="zh">PED_PPAD_TPK密钥索引。取值范围:1~100。</div> 702 * <div class="en">PinBlock’s TPK, must be the pinpad session TPK(type is PED_PPAD_TPK).Value range:1~100</div> 703 * 704 * @param pinpadPinBlock <div class="zh">8字节ISO9564 格式 1的PINBlock。</div> <div class="en">Pin block for Translating from pinpad, must use format 1, 8 bytes.</div> 705 * 706 * @param destTPKIndex <div class="zh">目的TPK密钥索引,必须是online TPK。取值范围:1~100。</div> <div class="en">Destination TPK index, must be the online TPK. Value range:1~100.</div> 707 * 708 * @param destKeyType 709 * <div class="zh"> 710 * <ul> 711 * <li>0x03:TPK</li> 712 * <li>0x07:TIK</li> 713 * <li>0x23:AES_TPK</li> 714 * <li>0x51:AES_TIK</li> 715 * </ul> 716 * </div> 717 * <div class="en"> 718 * <ul> 719 * <li>0x03:TPK</li> 720 * <li>0x07:TIK</li> 721 * <li>0x23:AES_TPK</li> 722 * <li>0x51:AES_TIK</li> 723 * </ul> 724 * </div> 725 * 726 * @param dataIn <div class="zh"> 727 * <ul> 728 * <li>当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。</li> 729 * <li>当mode=0x01时, 输入参数为参与PinBlock的格式化,8字节数据(根据ISO9564的规范,该数据可以是随机数、交易流水号或时间戳等)。</li> 730 * <li>当mode=0x02时, DataIn指向卡号移位后生成的16位主帐号,DataIn+16指向参与PinBlock格式化的8字节数据(根据ISO9564的规范, 731 * ,该数据可以是随机数、交易流水号或时间戳等,但是每个字节的高4位和低4位,均必须在0xA~0xF之间,所以当Mode为0x02时,应用需要将该8字节的数据做此检查,如果不满足要求将返回错误)</li> 732 * <li>当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 733 * </ul> 734 * </div> 735 * <div class="en"> 736 * <ul> 737 * <li>When mode=0x00, DataIn is the 16 bytes primary account number after shifting.</li> 738 * <li>When mode=0x01, Input parameters for participation in PinBlock formatting, 8 bytes data. (refer to 739 * ISO9564 standard, this data can be Random number, the transaction serial number or time stamp, etc.)</li> 740 * <li>When mode=0x02, DataIn is the 16 bytes primary account number after shifting. DataIn+16 point to 741 * the 8 bytes data which has participated in PinBlock formatting. (refer to ISO9564 standard, this data 742 * can be Random number, the transaction serial number or time stamp,etc. But the higher 4 bits and lower 743 * 4 bits of each byte should between 0xA~0xF. So, if the Mode=0x02, the bottom level will do this check 744 * for the 8 bytes data, it will return an error if does not meet the requirement.).</li> 745 * <li>When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]</li> 746 * </ul> 747 * </div> 748 * 749 * @param mode <div class="zh">PIN Block的格式。 750 * <ul> 751 * <li>0x00:ISO9564 格式 0</li> 752 * <li>0x01:ISO9564 格式 1</li> 753 * <li>0x02:ISO9564 格式 3</li> 754 * <li>0x03:HK EPS 专用格式</li> 755 * </ul> 756 * </div> 757 * <div class="en"> PIN Block format. 758 * <ul> 759 * <li>0x00:ISO9564 format 0</li> 760 * <li>0x01:ISO9564 format 1</li> 761 * <li>0x02:ISO9564 format 3</li> 762 * <li>0x03:HK EPS -EPS PINBLOCK Format</li> 763 * </ul> 764 * </div> 765 * 766 * @return <div class="zh">16字节的目的PINBlock。</div> <div class="en">16-bytes destination pin block.</div> 767 * 768 * @throws PedDevException 769 * @since V3.17.00 770 */ 771 byte[] convertPinBlock(byte pinpadTPKIndex, byte[] pinpadPinBlock, byte destTPKIndex, byte destKeyType, byte[] dataIn, byte mode) throws PedDevException; 772 773 /** 774 * <div class="zh">从外置PINPAD获取TXK(交换密钥)。</div> <div class="en">Get TXK (exchange key) from external PINPAD.</div> 775 * 776 * @param info <div class="zh">RSA公钥。</div> <div class="en">RSA public key.</div> 777 * 778 * @param param <div class="zh">端口通信参数。{@link UartParam}</div> <div class="en">Port communication parameters.{@link UartParam}</div> 779 * 780 * @return <div class="zh">TXK(交换密钥)。</div> <div class="en">TXK(exchange key).</div> 781 * 782 * @throws PedDevException 783 */ 784 // byte[] getTXKFromPinPad(RSAKeyInfo info, UartParam param) throws PedDevException; 785 786 /** 787 * <div class="zh">向外置PINPAD写PPAD_TMK密钥。</div> <div class="en">Write the PPAD_TMK key to the external PINPAD.</div> 788 * 789 * @param tmk <div class="zh">PPAD_TMK主密钥。</div> <div class="en">PPAD_TMK master key.</div> 790 * 791 * @param param <div class="zh">端口通信参数。{@link UartParam}</div> <div class="en">Port communication parameters.{@link UartParam}</div> 792 * 793 * @throws PedDevException 794 */ 795 // void writeTMKToPinPad(byte[] tmk, UartParam param) throws PedDevException; 796 797 /** 798 * <div class="zh">向外置PINPAD写PPAD_TPK密钥。</div> <div class="en">Write the PPAD_TPK key to the external PINPAD.</div> 799 * 800 * @param srcIndex <div class="zh">用该索引指定的主密钥对tpk进行mode方式的计算后再写入。如果srcIndex=0,不进行任何计算,直接写入。</div> 801 * <div class="en">Calculate the TPK in mode with the master key specified by the index before writing. if srcIndex = 0, no calculation, write directly.</div> 802 * 803 * @param destIndex <div class="zh">密钥写入的索引(工作密钥区)。</div> <div class="en">The index to which the key is written (the working key area).</div> 804 * 805 * @param tpk <div class="zh">PPAD_TPK密钥。</div> <div class="en">PPAD_TPK keys.</div> 806 * 807 * @param mode <div class="zh"> 808 * <ul> 809 * <p>当主密钥TMK和工作密钥TPK均为单DES 8字节密钥。</p> 810 * <li>0x01:DES加密</li> 811 * <li>0x81:DES解密</li> 812 * <p>当主密钥TMK为3DES 16字节密钥,工作密钥TPK为单DES 8字节密钥。</p> 813 * <li>0x03:3DES加密</li> 814 * <li>0x31:3DES加密</li> 815 * <li>0x83:3DES解密</li> 816 * <li>0xb1:3DES解密</li> 817 * <p>当主密钥TMK为3DES 24字节密钥,工作密钥TPK为单DES 8字节密钥。</p> 818 * <li>0x07:3DES加密</li> 819 * <li>0x87:3DES解密</li> 820 * <p>当主密钥TMK和工作密钥TPK均为3DES 16字节密钥。</p> 821 * <li>0x33:3DES加密</li> 822 * <li>0xb3:3DES解密</li> 823 * <p>当主密钥TMK为3DES 24字节密钥,工作密钥TPK为单DES 8字节密钥。</p> 824 * <li>0x71:3DES加密</li> 825 * <li>0xf1:3DES解密</li> 826 * <p>当主密钥TMK为3DES 24字节密钥,工作密钥TPK为单DES 16字节密钥。</p> 827 * <li>0x73:3DES加密</li> 828 * <li>0xf3:3DES解密</li> 829 * <p>当主密钥TMK和工作密钥TPK均为3DES 24字节密钥。</p> 830 * <li>0x77:3DES加密</li> 831 * <li>0xf7:3DES解密</li> 832 * </ul> 833 * </div> 834 * <div class="en"> 835 * <ul> 836 * <p>When the master key TMK and the working key TPK are both single DES 8-byte keys.</p> 837 * <li>0x01:DES encryption</li> 838 * <li>0x81:DES decryption</li> 839 * <p>When the master key TMK is a 3DES 16-byte key, the working key TPK is a single DES 8-byte key.</p> 840 * <li>0x03:3DES encryption</li> 841 * <li>0x31:3DES encryption</li> 842 * <li>0x83:3DES decryption</li> 843 * <li>0xb1:3DES decryption</li> 844 * <p>When the master key TMK is a 3DES 24-byte key, the working key TPK is a single DES 8-byte key.</p> 845 * <li>0x07:3DES encryption</li> 846 * <li>0x87:3DES decryption</li> 847 * <p>When the master key TMK and the working key TPK are both 3DES 16-byte keys.</p> 848 * <li>0x33:3DES encryption</li> 849 * <li>0xb3:3DES decryption</li> 850 * <p>When the master key TMK is a 3DES 24-byte key, the working key TPK is a single DES 8-byte key.</p> 851 * <li>0x71:3DES encryption</li> 852 * <li>0xf1:3DES decryption</li> 853 * <p>When the master key TMK is a 3DES 24-byte key, the working key TPK is a single DES 16-byte key.</p> 854 * <li>0x73:3DES encryption</li> 855 * <li>0xf3:3DES decryption</li> 856 * <p>When the master key TMK and the working key TPK are both 3DES 24-byte keys.</p> 857 * <li>0x77:3DES encryption</li> 858 * <li>0xf7:3DES decryption</li> 859 * </ul> 860 * </div> 861 * 862 * @param param <div class="zh">端口通信参数。{@link UartParam}</div> <div class="en">Port communication parameters.{@link UartParam}</div> 863 * 864 * @throws PedDevException 865 */ 866 // void writeTPKToPinPad(byte srcIndex, byte destIndex, byte[] tpk, byte mode, UartParam param) throws PedDevException; 867 868 /** 869 * <div class="zh"> 使用RsaKey加密指定的数据,数据格式如下: [header + TSK + TSD + Trailer + OAEP padding 870 * data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为null。</div> <div class="en"> Uses public key RsaKey to encrypt 871 * specified data. The specified data format is as followed: [header + TSK + TSD + Trailer + OAEP padding data]; The 872 * specified data to be encrypted should be less than public key modulus; otherwise, the encryption may fail. So the 873 * Header data is suggested to be null. </div> 874 * 875 * @param rsaKeyInfo 876 * <div class="zh"> Rsa 公钥。</div> <div class="en"> RSA public key. </div> 877 * @param header 878 * <div class="zh"> 头部数据。 </div> <div class="en">The header data. </div> 879 * @param trailer 880 * <div class="zh"> 用于key export的格式填充,导出的数据为header + TSK+ TSD +Trailer。 </div> 881 * <div class="en"> Format filling for key export. The exported data is header + TSK+ TSD +Trailer. </div> 882 * @param tskIndex 883 * <div class="zh"> Tsk索引。 </div> <div class="en"> Tsk slot. </div> 884 * @param tsdIndex 885 * <div class="zh"> Tsd索引 。</div> <div class="en"> Tsd slot. </div> 886 * 887 * @return <div class="zh"> 导出的密钥格式为header + TSK + TSD + Trailer + OAEP padding。 </div> 888 * <div class="en"> The exported key format is header + TSK + TSD + Trailer + OAEP padding. </div> 889 * 890 * @throws PedDevException 891 * 892 * @since V4.17.00 893 */ 894 byte[] exportKeyOAEP(RSAKeyInfo rsaKeyInfo, byte[] header, byte[] trailer, int tskIndex, int tsdIndex) throws PedDevException; 895 896 /** 897 * <div class="zh"> 从源密钥用HKDF方法派生出目的密钥。 </div> 898 * <div class="en"> Derive the destination key from the source key using the HKDF method.</div> 899 * 900 * @param srcKeyType 901 * <div class="zh">源密钥类型: PED_TSK/PED_HMAC_KDFK </div> 902 * <div class="en">Source key type: PED_TSK/PED_HMAC_KDFK</div> 903 * @param scrKeyIdx 904 * <div class="zh">源密钥索引[1-100]</div> 905 * <div class="en">Source Key Index [1-100]</div> 906 * @param dstKeyType 907 * <div class="zh">目的密钥:PED_AES_TPK/PED_AES_TAK /PED_HMAC_TAK /PED_AES_TMK/PED_HMAC_KDFK/PED_TDK/ PED_TAK/ PED_TPK /PED_TMK/PED_TSD </div> 908 * <div class="en">Destination key: PED_AES_TPK/PED_AES_TAK /PED_HMAC_TAK /PED_AES_TMK/PED_HMAC_KDFK/PED_TDK/ PED_TAK/ PED_TPK /PED_TMK/PED_TSD</div> 909 * @param dstKeyIdx 910 * <div class="zh">目的密钥索引[1-100]</div> 911 * <div class="en">Destination Key Index [1-100]</div> 912 * @param dstKeyLen 913 * <div class="zh">目的密钥长度,16/24/32 </div> 914 * <div class="en">Destination key length,16/24/32</div> 915 * @param salt 916 * <div class="zh">salt value, 用于HKDF </div> 917 * <div class="en">salt value, for HKDF</div> 918 * @param info 919 * <div class="zh">info value, 用于HKDF </div> 920 * <div class="en">info value: used for HKDF</div> 921 * 922 * @throws PedDevException 923 * 924 * @since V4.17.00 925 */ 926 void writeKeyHKDF(byte srcKeyType,byte scrKeyIdx,byte dstKeyType,byte dstKeyIdx,byte dstKeyLen,byte[] salt,byte[] info) throws PedDevException; 927}