Merge pull request #62 from demsey/security

Security: Initial support for types ZEK, DEK, MK-DAC, MK-DN
jpos · Jul 20, 2014 · d8190bf · d8190bf
2 parents 4b848a8 + af07f34
commit d8190bf
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 17 deletions.
diff --git a/jpos/src/dist/cfg/secret.lmk b/jpos/src/dist/cfg/secret.lmk
@@ -1,16 +1,18 @@
 # Standard Test LMK Set
-LMK0x00=40404040404040405151515151515151
-LMK0x01=61616161616161617070707070707070
-LMK0x02=E0E0010101010101F1F1010101010101
-LMK0x03=1C587F1C13924FEF0101010101010101
-LMK0x04=20202020202020203131313131313131
-LMK0x05=3EE0010101010101F1F1010101010101
-LMK0x06=C2B067F88A2F23EF731CE5D08F0B62A7
-LMK0x07=197FFD07764CE30B79C87A4625199283
-LMK0x08=16161616161616161919191919191919
-LMK0x09=1A1A1A1A1A1A1A1A1C1C1C1C1C1C1C1C
-LMK0x0a=ABAD37E64FAEABBA61F15D6D0B085EEC
-LMK0x0b=DC8CDFAB4525019B40583DE6FB89FE29
-LMK0x0c=08320DC497791C57198A26FB527358AB
-LMK0x0d=9D972032253801ABA8D983B5E349F254
-LMK0x0e=61E689C4E343CEB3FE798AEA8ABC6829
+LMK0x00=40404040404040405151515151515151 #04-05 Encrypts Zone Master Keys and double-length ZMKs.
+                                         #04-05 Encrypts Zone Master Key components under a Variant.
+LMK0x01=61616161616161617070707070707070 #06-07 Encrypts the Zone PIN keys for interchange transactions.
+LMK0x02=E0E0010101010101F1F1010101010101 #14-15 Encrypts Terminal Master Keys, Terminal PIN Keys, and PIN Verification Keys.
+                                         #14-15 Encrypts Card Verification Keys under a Variant.
+LMK0x03=1C587F1C13924FEF0101010101010101 #16-17 Encrypts Terminal Authentication Keys.
+LMK0x04=01010101010101010101010101010101 #18-19 Encrypts reference numbers for solicitation mailers.
+LMK0x05=02020202020202020404040404040404 #20-21 Encrypts 'not on us' PIN Verification Keys and Card Verification Keys under a Variant.
+LMK0x06=07070707070707071010101010101010 #22-23 Encrypts Watchword Keys.
+LMK0x07=13131313131313131515151515151515 #24-25 Encrypts Zone Transport Keys.
+LMK0x08=16161616161616161919191919191919 #26-27 Encrypts Zone Authentication Keys.
+LMK0x09=1A1A1A1A1A1A1A1A1C1C1C1C1C1C1C1C #28-29 Encrypts Terminal Derivation Keys.
+LMK0x0a=23232323232323232525252525252525 #30-31 Encrypts Zone Encryption Keys.
+LMK0x0b=26262626262626262929292929292929 #32-33 Encrypts Terminal Encryption Keys.
+LMK0x0c=2A2A2A2A2A2A2A2A2C2C2C2C2C2C2C2C #34-35 Encrypts RSA Keys.
+LMK0x0d=2F2F2F2F2F2F2F2F3131313131313131 #36-37
+LMK0x0e=01010101010101010101010101010101 #38-39
diff --git a/jpos/src/main/java/org/jpos/security/SMAdapter.java b/jpos/src/main/java/org/jpos/security/SMAdapter.java
@@ -156,6 +156,28 @@ public interface SMAdapter {
      */
     public static final String TYPE_MK_CVC3 = "MK-CVC3";
 
+    /**
+     * MK-DAC Issuer Master Key for generating and verifying
+     * Data Authentication Codes.
+     */
+    public static final String TYPE_MK_DAC = "MK-DAC";
+
+    /**
+     * MK-DN: Issuer Master Key for generating and verifying
+     * Dynamic Numbers.
+     */
+    public static final String TYPE_MK_DN = "MK-DN";
+
+    /**
+     * ZEK: Zone Encryption Key.
+     */
+    public static final String TYPE_ZEK = "ZEK";
+
+    /**
+     * DEK: Data Encryption Key.
+     */
+    public static final String TYPE_DEK = "DEK";
+
     /**
      * PIN Block Format adopted by ANSI (ANSI X9.8) and is one of
      * two formats supported by the ISO (ISO 95641 - format 0).

diff --git a/jpos/src/main/java/org/jpos/security/jceadapter/JCESecurityModule.java b/jpos/src/main/java/org/jpos/security/jceadapter/JCESecurityModule.java
@@ -1368,7 +1368,11 @@ private void init (String jceProviderClassName, String lmkFile, boolean lmkRebui
             keyTypeToLMKIndex.put(SMAdapter.TYPE_MK_AC, 0x109);
             keyTypeToLMKIndex.put(SMAdapter.TYPE_MK_SMI,  0x209);
             keyTypeToLMKIndex.put(SMAdapter.TYPE_MK_SMC,  0x309);
+            keyTypeToLMKIndex.put(SMAdapter.TYPE_MK_DAC,  0x409);
+            keyTypeToLMKIndex.put(SMAdapter.TYPE_MK_DN,   0x509);
             keyTypeToLMKIndex.put(SMAdapter.TYPE_MK_CVC3, 0x709);
+            keyTypeToLMKIndex.put(SMAdapter.TYPE_ZEK, 0x00A);
+            keyTypeToLMKIndex.put(SMAdapter.TYPE_DEK, 0x00B);
             Provider provider = null;
             LogEvent evt = new LogEvent(this, "jce-provider");
             try {

diff --git a/jpos/src/test/java/org/jpos/security/jceadapter/JCESecurityModuleTest.java b/jpos/src/test/java/org/jpos/security/jceadapter/JCESecurityModuleTest.java
@@ -287,7 +287,7 @@ public void testDecryptPINImplThrowsNullPointerException1() throws Throwable {
 
     @Test
     public void testDecryptPINImpl() throws Throwable {
-        EncryptedPIN ep  =  new EncryptedPIN("E0F7E27FF5DA09A9",(byte)0, "12Characters");
+        EncryptedPIN ep  =  new EncryptedPIN("B7D085B0EB9E0956",(byte)0, "12Characters");
         ep.setAccountNumber("12Characters");
         String pin = jcesecmod.decryptPINImpl(ep);
         String expected = "123456789012";
@@ -368,7 +368,7 @@ public void testEncryptPINImplThrowsSMException4() throws Throwable {
     @Test
     public void testEncryptPINImpl1() throws Throwable {
         EncryptedPIN ep = jcesecmod.encryptPINImpl("123456789012", "12Characters");
-        byte[] expected = ISOUtil.hex2byte("E0F7E27FF5DA09A9");
+        byte[] expected = ISOUtil.hex2byte("B7D085B0EB9E0956");
         assertArrayEquals(expected, ep.getPINBlock());
         assertEquals(SMAdapter.FORMAT00, ep.getPINBlockFormat());
     }