Automatic ARQC padding

Author: tilln

README.md

@@ -342,16 +342,19 @@ and the calculated ARQC value will be added as an additional subfield (tag `9F26
 
     **Note:** Changed behaviour! For v1.0 the data in this field is *appended* to the automatically extracted fields,
     whereas as of v1.1 data in this field overrides the extraction.
-- *Padding (hex)* (since v1.1): Optional, additional padding bytes to append to transaction data before ARQC calculation 
-(leave blank for zero-padding, 80 for ISO9797-1 Method 2).
 
-**Note:** Changed behaviour! Until v1.2 the input field
+**Note: Changed behaviour!**
+- Until v1.2 the input field
   *Session Key Derivation Method* (how to derive the UDK from the Master Key) had to be set explicitly.
   As of v1.3 this is obsolete as it will be determined automatically by evaluating the Issuer Application Data field (tag `9F10`). 
 
-  Likewise, as of v1.3, the JMeter properties `jmeter.iso8583.arqcInputTags` and `jmeter.iso8583.arqcFromFullIADForCVNs` have been 
+- Likewise, as of v1.3, the JMeter properties `jmeter.iso8583.arqcInputTags` and `jmeter.iso8583.arqcFromFullIADForCVNs` have been 
   removed as jPOS [handles](https://github.com/jpos/jPOS/pull/499) this cryptogram logic internally.
 
+- From v1.1 - v1.3 the field *Padding (hex)* would specify optional, additional padding bytes to append to transaction data 
+  before ARQC calculation. As of v1.4 the padding will be [handled](https://github.com/jpos/jPOS/pull/577) automatically,
+  depending on the Issuer Application Data.
+
 <h3 id="functions">Crypto Functions (since v1.1)</h3>
 
 #### __calculateCVV

pom.xml

@@ -43,16 +43,22 @@
             <artifactId>ApacheJMeter_core</artifactId>
             <version>4.0</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.jpos</groupId>
             <artifactId>jpos</artifactId>
-            <version>2.1.8</version>
+            <version>2.1.10-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.69</version>
+            <artifactId>bcprov-lts8on</artifactId>
+            <version>2.73.2</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>

src/main/java/nz/co/breakpoint/jmeter/iso8583/ISO8583Crypto.java

@@ -16,8 +16,6 @@
 import org.jpos.emv.IssuerApplicationData;
 import org.jpos.emv.cryptogram.CryptogramSpec;
 import org.jpos.iso.*;
-import org.jpos.security.MKDMethod;
-import org.jpos.security.SKDMethod;
 import org.jpos.security.jceadapter.JCEHandlerException;
 import org.jpos.tlv.ISOTaggedField;
 import org.jpos.tlv.TLVList;
@@ -45,8 +43,7 @@ public class ISO8583Crypto extends AbstractTestElement
         IMKAC = "imkac",
         PAN = "pan",
         PSN = "psn",
-        TXNDATA = "txnData",
-        PADDING= "padding";
+        TXNDATA = "txnData";
 
     static final String[] macAlgorithms = new String[]{"", "DESEDE", "ISO9797ALG3MACWITHISO7816-4PADDING"};
 
@@ -177,8 +174,7 @@ protected void encryptPINBlock(ISO8583Sampler sampler) {
     }
 
     protected void calculateARQC(ISO8583Sampler sampler) {
-        final String hexKey = getImkac(), fieldNo = getIccField(),
-            txnData = getTxnData(), padding = getPadding();
+        final String hexKey = getImkac(), fieldNo = getIccField();
         final ISOMsg msg = sampler.getRequest();
 
         if (fieldNo == null || fieldNo.isEmpty() || !msg.hasField(fieldNo)) {
@@ -216,7 +212,7 @@ else if (f.getBytes() != null && f.getBytes().length != 0)
             log.error("ARQC input extraction failed {}", e.toString(), e);
             return;
         }
-        // Then, parse IAD for cryptogram version and key derivation methods:
+        // Then, parse IAD for cryptogram spec:
         IssuerApplicationData iad;
         try {
             iad = new IssuerApplicationData(emvData.get(ISSUER_APPLICATION_DATA_0x9F10.getTagNumber()));
@@ -225,27 +221,21 @@ else if (f.getBytes() != null && f.getBytes().length != 0)
             return;
         }
         CryptogramSpec cSpec = iad.getCryptogramSpec();
-        MKDMethod mkdMethod = cSpec.getMKDMethod();
-        SKDMethod skdMethod = cSpec.getSKDMethod();
-        log.debug("Detected MKD Method {}, SKD Method {}", mkdMethod, skdMethod);
+        log.debug("Detected cryptogram {}", cSpec.getDataBuilder().getClass().getSimpleName());
 
         // Next, build input data from explicit data or message fields:
-        String transactionData = txnData;
+        String transactionData = getTxnData();
         if (transactionData == null || transactionData.isEmpty()) {
             TLVList tlvList = new TLVList();
-            emvData.entrySet().stream().forEach(e -> tlvList.append(e.getKey(), e.getValue()));
-            transactionData = cSpec.getDataBuilder().buildARQCRequest(tlvList, iad);
+            emvData.forEach(tlvList::append);
+            transactionData = cSpec.getDataBuilder().buildARQCRequest_padded(tlvList, iad);
             if (transactionData.contains("null")) {
                 log.warn("EMV data incomplete?");
             }
         }
-        // Optionally, apply custom padding:
-        if (padding != null) {
-            transactionData += padding;
-        }
 
         // Lastly, the actual calculation:
-        final String arqc = securityModule.calculateARQC(mkdMethod, skdMethod, hexKey,
+        final String arqc = securityModule.calculateARQC(cSpec.getMKDMethod(), cSpec.getSKDMethod(), hexKey,
             Optional.ofNullable(getPan())
                 .orElse(emvData.getOrDefault(APPLICATION_PRIMARY_ACCOUNT_NUMBER_0x5A.getTagNumber(), "")),
             Optional.ofNullable(getPsn())
@@ -289,7 +279,4 @@ else if (f.getBytes() != null && f.getBytes().length != 0)
 
     public String getTxnData() { return getPropertyAsString(TXNDATA); }
     public void setTxnData(String txnData) { setProperty(TXNDATA, txnData); }
-
-    public String getPadding() { return getPropertyAsString(PADDING); }
-    public void setPadding(String padding) { setProperty(PADDING, padding); }
 }

src/main/java/nz/co/breakpoint/jmeter/iso8583/ISO8583CryptoBeanInfo.java

@@ -45,7 +45,7 @@ public ISO8583CryptoBeanInfo() {
         p.setValue(DEFAULT, "");
 
         createPropertyGroup("ARQC", new String[]{
-            ICCFIELD, IMKAC, PAN, PSN, TXNDATA, PADDING,
+            ICCFIELD, IMKAC, PAN, PSN, TXNDATA,
         });
 
         p = property(ICCFIELD);
@@ -67,9 +67,5 @@ public ISO8583CryptoBeanInfo() {
         p = property(TXNDATA);
         p.setValue(NOT_UNDEFINED, Boolean.TRUE);
         p.setValue(DEFAULT, "");
-
-        p = property(PADDING);
-        p.setValue(NOT_UNDEFINED, Boolean.TRUE);
-        p.setValue(DEFAULT, "");
     }
 }

src/main/java/nz/co/breakpoint/jmeter/iso8583/SecurityModule.java

@@ -1,8 +1,5 @@
 package nz.co.breakpoint.jmeter.iso8583;
 
-import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
 import java.security.Key;
 import javax.crypto.spec.SecretKeySpec;
 import org.apache.jmeter.util.JMeterUtils;
@@ -12,7 +9,6 @@
 import org.jpos.core.SimpleConfiguration;
 import org.jpos.iso.ISOUtil;
 import org.jpos.security.*;
-import org.jpos.security.jceadapter.JCEHandler;
 import org.jpos.security.jceadapter.JCEHandlerException;
 import org.jpos.security.jceadapter.JCESecurityModule;
 import org.slf4j.Logger;
@@ -139,7 +135,7 @@ public String calculatePINBlock(String pin, String format, String pan) {
 
     public String generateDESKey(String length) {
         try {
-            Short bits = Short.parseShort(length);
+            short bits = Short.parseShort(length);
             Key key = this.jceHandler.generateDESKey(bits);
             // ensure expected key length (https://github.com/jpos/jPOS/blob/v2_1_8/jpos/src/main/java/org/jpos/security/jceadapter/JCEHandler.java#L111-L113):
             return ISOUtil.byte2hex(key.getEncoded()).substring(0, bits/4);

src/main/resources/nz/co/breakpoint/jmeter/iso8583/ISO8583CryptoResources.properties

@@ -24,5 +24,3 @@ psn.displayName=Account Sequence Number
 psn.shortDescription=Input parameter for session key derivation (2 hex digits). If left blank, it will be extracted from the ICC Data field (tag 5F34).
 txnData.displayName=Transaction Data (hex)
 txnData.shortDescription=Explicit input data for ARQC calculation. If left blank, the relevant fields will be automatically extracted from the ICC Data field.
-padding.displayName=Padding (hex)
-padding.shortDescription=Optional padding bytes to append to transaction data before ARQC calculation (leave blank for zero-padding, 80 for ISO9797-1 Method 2)

src/test/java/nz/co/breakpoint/jmeter/iso8583/ISO8583CryptoTest.java

@@ -1,10 +1,14 @@
 package nz.co.breakpoint.jmeter.iso8583;
 
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.stream.Collectors;
+import org.jpos.iso.ISOException;
 import org.jpos.iso.ISOMsg;
+import org.jpos.tlv.ISOTaggedField;
 import org.junit.Before;
 import org.junit.Test;
+import static org.jpos.emv.EMVStandardTagType.APPLICATION_CRYPTOGRAM_0x9F26;
 import static org.jpos.emv.EMVStandardTagType.ISSUER_APPLICATION_DATA_0x9F10;
 import static org.junit.Assert.*;
 
@@ -120,7 +124,7 @@ public void shouldCalculateMACInLastField() {
     }
 
     @Test
-    public void shouldCalculateARQC() {
+    public void shouldCalculateARQC() throws ISOException {
         sampler.setFields(iccData);
         instance.setImkac(DEFAULT_3DES_KEY);
         instance.setIccField("55");
@@ -129,23 +133,23 @@ public void shouldCalculateARQC() {
         ISOMsg msg = sampler.getRequest();
         assertTrue(msg.hasField("55.12"));
         assertTrue(msg.getString("55.12").matches("[0-9A-F]{16}"));
+        assertEquals(APPLICATION_CRYPTOGRAM_0x9F26.getTagNumberHex(), ((ISOTaggedField)msg.getComponent("55.12")).getTag());
     }
 
     @Test
     public void shouldOverrideARQCInputTags() {
-        sampler.setFields(iccData);
         instance.setImkac(DEFAULT_3DES_KEY);
         instance.setIccField("55");
 
+        sampler.setFields(iccData);
         instance.setTxnData(""); // automatic extraction
         instance.process();
-
         ISOMsg msg = sampler.getRequest();
         assertTrue(msg.hasField("55.12"));
         String arqc = msg.getString("55.12");
 
-        sampler.setFields(iccData);
-        instance.setTxnData(iccData.stream().map(MessageField::getContent).collect(Collectors.joining())); // should result in the same arqc
+        sampler.removeField("55.12"); // remove cryptogram field
+        instance.setTxnData(iccData.stream().map(MessageField::getContent).collect(Collectors.joining())+"80"); // hex data input
         instance.process();
         msg = sampler.getRequest();
         assertTrue(msg.hasField("55.12"));
@@ -157,17 +161,25 @@ public void shouldHandleDifferentIssuersForARQCCalculation() {
         sampler.setFields(iccData);
         instance.setImkac(DEFAULT_3DES_KEY);
         instance.setIccField("55");
-        for (String iad : new String[]{
-                "06010A03000000", // Visa CVN10
-                "06011203000000", // Visa CVN18
-                "0210A00000000000000000000000000000FF", // MCHIP CVN10
-                "0114020000044000DAC10000000000000000", // MCHIP CVN14
-        }) {
-            sampler.setFields(iccData.stream().filter(f -> !ISSUER_APPLICATION_DATA_0x9F10.getTagNumberHex().equals(f.getTag())).collect(Collectors.toList()));
-            sampler.addField("55.11", iad, ISSUER_APPLICATION_DATA_0x9F10.getTagNumberHex());
+        instance.setPan("4111111111111111");
+        instance.setPsn("01");
+
+        Arrays.asList(
+            new String[]{ "06010A03000000", "84D785136EFA29D1" }, // Visa CVN10
+            new String[]{ "06011203000000", "4576E1E877E459EC" }, // Visa CVN18
+            new String[]{ "0210A00000000000000000000000000000FF", "AC7FFD216E326F06" }, // MCHIP CVN16
+            new String[]{ "0114020000044000DAC10000000000000000", "AB2400DF6F95530B" } // MCHIP CVN22
+        ).forEach(pair -> {
+            String iad = pair[0], arqc = pair[1];
+            sampler.setFields(iccData.stream()
+                    .map(f -> ISSUER_APPLICATION_DATA_0x9F10.getTagNumberHex().equals(f.getTag()) ?
+                            new MessageField(f.getName(), iad, f.getTag()) : f)
+                    .collect(Collectors.toList())
+            );
             instance.process();
             assertTrue(sampler.getRequest().hasField("55.12"));
-        }
+            assertEquals(arqc, sampler.getRequest().getString("55.12"));
+        });
     }
 
     @Test