Can't match MAC field 64 during Client-Host Communication

Babatunde Oyenekan

unread,

Feb 14, 2023, 12:56:30 PM2/14/23

to jPOS Users

I have been stuck on this problem for two days . The client app can't validate and match the MAC that is being sent with the network . I ensured that we've shared master and session keys . The client and server both use IsoAscii.xml packager descriptor and here is snippet for field 64 :

<isofield

id="64"

length="64"

name="MESSAGE AUTHENTICATION CODE FIELD"

class="org.jpos.iso.IF_CHAR"/>

<isofield

We decided to customise and change the length as the MAC being generated is of let 64 and it is Hex value.

This is the method that is setting that is used to set the MAC the getB4packager references the iso87Ascii.xml above :

public ISOMsg setMAC(ISOMsg b24msg,String sessionkey,BigFootUtility bigfootUtil) throws ISOException

{

int yy=0;

int maxfield=bigfootUtil.getLargestInt(bigfootUtil.ISOFields(b24msg));

//logger.info("largetst field: "+maxfield);

ISOMsg newIsoMessage = b24msg;

try

{

newIsoMessage.setPackager(bigfootUtil.getB4Packager());

//String dummyMAC=tlib.bytesToHex(new byte[32]);

String dummyMAC=DatatypeConverter.printHexBinary(new byte[32]);

// logger.info("dummyMAC: "+dummyMAC);

byte[] isoBytes=newIsoMessage.pack();

String isoString=new String(isoBytes);

logger.info("Iso Message After MACing:"+ ISOUtil.dumpString(newIsoMessage.pack()));

String mac=new TripDES().MessageMAC(sessionkey,isoBytes);

logger.info("MAC: "+mac);

if(maxfield>64)

{

newIsoMessage.set(128, mac);

//logger.info("new mac 128: "+mac);

}else

{

newIsoMessage.set(64, mac);

//logger.info("new mac 64: "+mac);

}

catch(Exception ex)

{

logger.error("error generaing MAC for msg: "+ex.getMessage()+"\n"+Arrays.toString(ex.getStackTrace()));

}

logger.info("Iso Message After Packing and macing :"+ ISOUtil.dumpString(newIsoMessage.pack()));

new NetworkUtils().ShowISOMessage(newIsoMessage, "Looping through ISO");

return newIsoMessage;

}

This is the inner MessageMac() Method that returns the Hash text :

public String MessageMAC(String clearSessionKey, byte[] macDataBytes) throws Exception

{

byte [] keyBytes = h2b(clearSessionKey);

MessageDigest digest = MessageDigest.getInstance("SHA-256");

digest.update(keyBytes, 0, keyBytes.length);

digest.update(macDataBytes, 0, macDataBytes.length);

byte[] hashedBytes = digest.digest();

String hashText = b2h(hashedBytes);

hashText = hashText.replace(" ", "");

if (hashText.length() < 64)

{

int numberOfZeroes = 64 - hashText.length();

String zeroes = "";

String temp = hashText.toString();

for (int i = 0; i < numberOfZeroes; i++)

zeroes = zeroes + "0";

temp = zeroes + temp;

return temp;

}

return hashText;

}

This is the. ValidateMAC() method being used by the client to check if Mac match :

boolean validateMAC(ISOMsg b24msg,String isob24msgstring,String clear_session_key,BigFootUtility bigfootUtil)

{

ISOMsg newIsoMsg=b24msg;

String originalMAC="";String mac="";originalMAC=""; boolean isMacValidated=false;

try

{

int maxfield=bigfootUtil.getLargestInt(bigfootUtil.ISOFields(b24msg));

if(maxfield>64)

{

originalMAC=newIsoMsg.getString(128);

}

else

{

originalMAC=newIsoMsg.getString(64);

}

String ismsg=isob24msgstring.substring(0, isob24msgstring.length()-64);

//logger.info("isostring: "+ismsg);

mac=new TripDES().MessageMAC(clear_session_key,ismsg.getBytes());

logger.info("msg mac: "+mac);

if(mac.toLowerCase().equals(originalMAC.toLowerCase())){isMacValidated=true;}

}

catch(Exception ex)

{

logger.error("error validating mac: "+ex.getMessage()+"\n"+Arrays.toString(ex.getStackTrace()));

}

return isMacValidated;

}

Will really appreciate help and where I am doing things wrong .

Thanks

Alejandro Revilla

unread,

Feb 16, 2023, 9:08:11 PM2/16/23

to jpos-...@googlegroups.com

Not sure if this is the case, but a very common problem when generating a MAC is the fact that the BITMAP is usually part of the MAC.

But by the time you compute the MAC, the bit for field 64 (or 128) is off.

The work around this is to set a dummy 8-byte field 64 (or 128), then pack the message, compute the MAC for the whole message excluding the last 8 bytes, and then set that last field (64/128) with the computed MAC.

BTW, it's usually a good idea to write it as an ISOFilter, so that you can enable it in an easy way.

--

@apr

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/41350260-73df-4db7-a6c6-2cf34848a220n%40googlegroups.com.

Babatunde Oyenekan

unread,

Feb 18, 2023, 8:23:41 PM2/18/23

to jPOS Users

Thanks much Sir . Truly the terminal app was calculating the bitmap wrongly . the Unset() method from ISOMsg class helped. to unset field 64 properly and the bitmap matched with the original message and Voila !! it worked .

Alejandro Revilla

unread,

Feb 19, 2023, 7:15:35 AM2/19/23

to jpos-...@googlegroups.com

Excellent. Unfortunately, different systems compute the MAC in different ways. Some keep the bit on, some others off. Glad you solved the problem!

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/b37fd0f4-eba7-4796-9396-62cc1367aba6n%40googlegroups.com.

--

@apr

Reply all

Reply to author

Forward