001 /* 002 * =========================================================================================== 003 * = COPYRIGHT 004 * PAX Computer Technology (Shenzhen) Co., Ltd. PROPRIETARY INFORMATION 005 * This software is supplied under the terms of a license agreement or nondisclosure 006 * agreement with PAX Computer Technology (Shenzhen) Co., Ltd. and may not be copied or 007 * disclosed except in accordance with the terms in that agreement. 008 * Copyright (C) 2017-2023 PAX Computer Technology (Shenzhen) Co., Ltd. All rights reserved. 009 * Description: // Detail description about the function of this module, 010 * // interfaces with the other modules, and dependencies. 011 * Revision History: 012 * Date Author Action 013 * 2017/04/01 PAX Create/Add/Modify/Delete 014 * =========================================================================================== 015 */ 016 017package com.pax.dal; 018 019import com.pax.dal.entity.RSAKeyInfo; 020import com.pax.dal.exceptions.PedDevException; 021 022/** 023 * <pre> 024 * <div class="zh"> 获取途径:NeptuneLiteUser.getInstance().getDal(getApplicationContext()).getPedTrSys()</div> 025 * 026 * <pre> 027 * <div class="en"> Acquisition approach:NeptuneLiteUser.getInstance().getDal(getApplicationContext()).getPedTrSys()</div> 028 * 029 * @since V2.00.01 030 */ 031public interface IPedTrSys { 032 033 /** 034 * <div class="zh"> 清除所有Trsys的对称秘钥 </div> <div class="en"> Clear all symmetrical keys of Trsys. </div> 035 * 036 * @throws PedDevException 037 * @since V2.00.01 038 */ 039 public void erase() throws PedDevException; 040 041 /** 042 * <div class="zh"> 读取Trsys公钥 </div> <div class="en"> Read trsys public key </div> 043 * 044 * @return <div class="zh"> 索引2上的RSA公钥 </div> <div class="en"> the RSA public key with index 2 </div> 045 * @throws PedDevException 046 * @since V2.00.01 047 */ 048 public RSAKeyInfo readRsaPubKey() throws PedDevException; 049 050 /** 051 * <div class="zh"> 生成RSA密钥对并注入PED </div> <div class="en"> Generate RSA key pairs then inject into PED </div> 052 * 053 * @param Mode 054 * <div class="zh"> Mode = 0,等同于PedGenRSAKey,Mode = 1,等同于PedTrsysGenRsaKey </div> <div class="en"> Mode = 055 * 0,equal to PedGenRSAKey , Mode = 1,equal to PedTrsysGenRsaKey </div> 056 * @param PrvKeyIdx 057 * <div class="zh"> 当Mode = 0,私钥索引1-10,当Mode = 1,私钥索引只支持1 </div> <div class="en"> When Mode = 0,Private 058 * key index 1-10 , When Mode = 1,Private key index only support 1 </div> 059 * @param PubKeyIdx 060 * <div class="zh"> 当Mode = 0,公钥索引1-10,当Mode = 1,公钥索引只支持2 </div> <div class="en"> When Mode = 0,Public 061 * key index 1-10 , When Mode = 1,Public key index only support 2 </div> 062 * @param ModLenBit 063 * <div class="zh"> 模长,支持512,1024,2048。 </div> <div class="en"> Modulus len,support 064 * 512,1024,2048. </div> 065 * @param PubExpType 066 * <div class="zh"> 公共指数类型:0:3 1:65537 </div> <div class="en"> Public exponent type: 0:3 1:65537 </div> 067 * @throws PedDevException 068 * @since V2.00.01 069 */ 070 public void genRsaKey(byte Mode, byte PrvKeyIdx, byte PubKeyIdx, short ModLenBit, byte PubExpType) 071 throws PedDevException; 072 073 /** 074 * <div class="zh"> 注入X509 PED证书存储证书之前,对公钥进行验证以确保公共密钥和先前存储的私钥为RSA密钥对。 </div> <div class="en"> Injection of X509 PED 075 * certificate Prior to storing the certificate, validation of the Public Key is performed in order to be sure that 076 * the Public Key and previously stored Secret Key is RSA key pair. </div> 077 * 078 * @param certData 079 * <div class="zh"> X509证书的数据缓冲区。对certdata最大大小为2048字节。 </div> <div class="en"> The X509 certificate data 080 * buffer. The maximum size of CertData is 2048 bytes. </div> 081 * @throws PedDevException 082 * @since V2.00.01 083 */ 084 public void writeRsaCert(byte[] certData) throws PedDevException; 085 086 /** 087 * <div class="zh"> 从PED中读取X509证书。 </div> <div class="en"> Read the X509 certificate from PED. </div> 088 * 089 * @return <div class="zh"> 存储的X509缓冲区数据 </div> <div class="en"> The Buffer of storage X509 certificate data </div> 090 * @throws PedDevException 091 * @since V2.00.01 092 */ 093 public byte[] readRsaCert() throws PedDevException; 094 095 /** 096 * <div class="zh"> 注入RSA私钥,秘钥保存在PED中并且不能被任何其他PED的API读取。一旦密钥被注入,它不能被覆盖。RSA私钥不能被PedErase函数擦除。 </div> <div class="en"> 097 * Inject the RSA private key, the key is protected in PED and cannot be read by any other PED APIs. Once the key 098 * was injected, it can't be overwritten.The RSA private key cannot be erased with PedErase function. </div> 099 * 100 * @param pstRsakeyIn 101 * <div class="zh"> 私钥 X509证书数据缓冲区。证书数据的最大大小为2048字节。 </div> <div class="en"> private key The X509 102 * certificate data buffer. The maximum size of CertDatais 2048 bytes. </div> 103 * @throws PedDevException 104 * @since V2.00.01 105 */ 106 public void writeRsaProtectKey(RSAKeyInfo pstRsakeyIn) throws PedDevException; 107 108 /** 109 * <div class="zh"> 注入RSA公钥加密的密钥。与{@link #writeRsaProtectKey(RSAKeyInfo)}配合使用。</div> 110 * <div class="en"> Inject the key which is encrypted by RSA public key. Use with {@link #writeRsaProtectKey(RSAKeyInfo)}.</div> 111 * 112 * @param DataIn <div class="zh">DataIn使用RSA公钥进行加密。DataIn格式:Padding(RSA公钥模长-密钥长度) + 密钥(DES密钥或者TIK)。 113 * Padding格式:0x00, 0x02, R1, R2... Rn, 0x00。其中R1 R2...Rn是从第3个字节开始至倒数第2个字节结束,非0的伪随机数。</div> 114 * <div class="en">DataIn uses RSA public key for encryption. DataIn format: Padding (RSA public key modulus length-key length) + key (DES key or TIK). 115 * Padding format: 0x00, 0x02, R1, R2... Rn, 0x00. where R1 R2...Rn are non-zero pseudo-random numbers starting from the 3rd byte to the end of the penultimate 2nd byte.</div> 116 * @param DstKeyType 117 * <div class="zh"> 目标密钥类型,它可以是一个TLK,TMK,TIK,TPK,TAK,TDK。 </div> <div class="en"> The destination key 118 * type, it can be one of TLK, TMK, TIK, TPK, TAK, TDK. </div> 119 * @param DstKeyIdx 120 * <div class="zh"> 目标密钥索引 </div> <div class="en"> The destination key index. </div> 121 * @param KcvMode 122 * <div class="zh"> 123 * <ul> 124 * <li>0x00:没验证</li> 125 * <li>0x01:与8字节0x00进行DES/TDES加密运算,用密文的前三字节作为KCV</li> 126 * <li>0x02:首先进行奇偶校验,然后用“\x12\x34\x56\x78\x90\x12\x34\x56”进行 DES/TDES 加密,用密文的前三字节作为KCV</li> 127 * <li>0x03:转化为字符串作为KcvData,用源密钥去对[DstKeyValue + KcvData]计算MAC,把结果作为KCV</li> 128 * </ul> 129 * </div> <div class="en"> 130 * <ul> 131 * <li>0x00: No authentication</li> 132 * <li>0x01: Performs DES/TDES encryption on 8-byte 0x00, and use first 3 bytes in cipher-text as KCV.</li> 133 * <li>0x02: Firstly, performs parity check, then does DES/TDES encryption 134 * on"\x12\x34\x56\x78\x90\x12\x34\x56", and uses first 3 bytes in cipher-text as KCV.</li> 135 * <li>0x03: Transfers in a string of KcvData, use source key to perform specified MAC on [DstKeyValue + 136 * KcvData], and then get the result as KCV.</li> 137 * </ul> 138 * </div> 139 * @param KcvData 140 * <div class="zh"> 141 * 当KcvMode为0x00/0x01/0x02时,它被忽视可能为NULL。当KcvMode为0x03时,KcvData的第一个字节为KCV的长度并参与计算,剩下的即为KCV数据。 142 * KCV数据之后的第一个字节作为MAC计算模式。KcvData的最大长度为124字节。 </div> <div class="en"> When KcvMode is 0x00/0x01/0x02, 143 * then it is ignored and might be NULL. When KcvMode is 0x03, the first byte of KcvData is the length of 144 * KCV data which participate in the calculation, the rest is KCV data. The first byte after the KCV data 145 * represents the MAC operation mode. The maximum size of KcvData is 124 bytes </div> 146 * @param KcvValue 147 * <div class="zh"> 当KcvMode为0x00时,它被忽视可能为NULL。当KcvMode为0x01/0x02/0x03时,KcvValues 长度为8字节,表明KCV 数据。 </div> 148 * <div class="en"> When KcvMode = 0x00, it is ignored and might be NULL. When KcvMode =0x01/0x02/0x03, 149 * KcvValue size should be 8 bytes and points to the KCV value. </div> 150 * @param pIKSN 151 * <div class="zh"> 指明IKSN或者为空如果DstKeyType不是TIK. </div> <div class="en"> Pointer to IKSNor NULL if 152 * DstKeyType is not TIK </div> 153 * @throws PedDevException 154 * @since V2.00.01 155 */ 156 public void writeKeyEncryptedRsa(byte[] DataIn, int DstKeyType, int DstKeyIdx, int KcvMode, byte[] KcvData, 157 byte[] KcvValue, byte[] pIKSN) throws PedDevException; 158}