I am trying to sign a message which contains in inBuffer byte array using my own derived key S (also byte array). The snippet of the function from javacard (jc) applet module is given below. I am using javacard2.2.2 library for developing jc applet. I am using android application for sending process request. I am reciving return code '6A81' which means 'function not supported'. Now, I have no clue that how to proceed as I failed to understand that it is mentioning about HMAC_SHA256 not supported or I am making some mistake in the function. Please help.
Signature m_sessionMAC = null;
HMACKey keyType = null;
Sign = new byte[64];
bytesRead = apdu.setIncomingAndReceive();
// Create HMAC Key Used in Mac
m_sessionMAC = Signature.getInstance(Signature.ALG_HMAC_SHA_256, false);
// Create HMAC Key Used in Mac
keyType = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, KeyBuilder.LENGTH_HMAC_SHA_256_BLOCK_64, false);
keyType.setKey(S,(short) 0, (short) S.length);
m_sessionMAC.init(keyType, Signature.MODE_SIGN);
//Generate Signature on inBuffer (received data to sign)
echoOffset = m_sessionMAC.sign(inBuffer, ISO7816.OFFSET_CDATA, ISO7816.OFFSET_LC, Sign , (short)0);
Util.arrayCopyNonAtomic(Sign, ( short ) 0, inBuffer, ( short ) 0, echoOffset);
apdu.setOutgoingAndSend( ( short ) 0, (short) echoOffset );
Please help me in this regards or also provide any pointers for implementing HMAC_SHA256 or HMAC_SHA1 symmetric crypto. in javacard applet.
Thank you in advance.
Most cryptographic algorithms are optional for a JavaCard. Therefore it may be that your card does not support Signature.ALG_HMAC_SHA_256. But HMAC algorithm isn't very complex therefore you should check if your card supports MessageDigest.ALG_SHA_256.
If it is supported you can follow RFC2104 and implement HMAC yourself:
K = HMAC key of length 32
ipad = the byte 0x36 repeated 32 times
opad = the byte 0x5C repeated 32 times.
To compute HMAC over the data `text' we perform
H(K XOR opad, H(K XOR ipad, text))
You can test your implementation by comparing your result with the test vectors noted in RFC 4231