use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.
the class AndroidMarshaller method parseDIDMarkerType.
private DIDMarkerType parseDIDMarkerType(XmlPullParser parser) throws XmlPullParserException, IOException {
DIDMarkerType didMarker = new DIDMarkerType();
int eventType;
do {
parser.next();
eventType = parser.getEventType();
if (eventType == XmlPullParser.START_TAG) {
if (parser.getName().equals("PACEMarker")) {
didMarker.setPACEMarker((PACEMarkerType) this.parseMarker(parser, PACEMarkerType.class));
} else if (parser.getName().equals("TAMarker")) {
didMarker.setTAMarker((TAMarkerType) this.parseMarker(parser, TAMarkerType.class));
} else if (parser.getName().equals("CAMarker")) {
didMarker.setCAMarker((CAMarkerType) this.parseMarker(parser, CAMarkerType.class));
} else if (parser.getName().equals("RIMarker")) {
didMarker.setRIMarker((RIMarkerType) this.parseMarker(parser, RIMarkerType.class));
} else if (parser.getName().equals("CryptoMarker")) {
didMarker.setCryptoMarker((CryptoMarkerType) this.parseMarker(parser, CryptoMarkerType.class));
} else if (parser.getName().equals("PinCompareMarker")) {
didMarker.setPinCompareMarker((PinCompareMarkerType) this.parseMarker(parser, PinCompareMarkerType.class));
} else if (parser.getName().equals("RSAAuthMarker")) {
didMarker.setRSAAuthMarker((RSAAuthMarkerType) this.parseMarker(parser, RSAAuthMarkerType.class));
} else if (parser.getName().equals("MutualAuthMarker")) {
didMarker.setMutualAuthMarker((MutualAuthMarkerType) this.parseMarker(parser, MutualAuthMarkerType.class));
} else if (parser.getName().equals("EACMarker")) {
didMarker.setEACMarker((EACMarkerType) this.parseMarker(parser, EACMarkerType.class));
} else {
LOG.error(parser.getName() + " not yet implemented");
}
}
} while (!(eventType == XmlPullParser.END_TAG && parser.getName().equals("DIDMarker")));
return didMarker;
}
use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.
the class GenericCryptographyProtocolTest method testDIDGet.
@Test(enabled = TESTS_ENABLED)
public void testDIDGet() throws ParserConfigurationException {
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(cardApplication);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
CardApplicationConnect parameters = new CardApplicationConnect();
CardAppPathResultSet cardAppPathResultSet = cardApplicationPathResponse.getCardAppPathResultSet();
parameters.setCardApplicationPath(cardAppPathResultSet.getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(parameters);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
DIDList didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
DIDQualifierType didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(cardApplication);
didQualifier.setObjectIdentifier(ECardConstants.Protocol.GENERIC_CRYPTO);
didQualifier.setApplicationFunction("Compute-signature");
didList.setFilter(didQualifier);
DIDListResponse didListResponse = instance.didList(didList);
assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
DIDGet didGet = new DIDGet();
didGet.setConnectionHandle(result.getConnectionHandle());
didGet.setDIDName(didListResponse.getDIDNameList().getDIDName().get(0));
didGet.setDIDScope(DIDScopeType.LOCAL);
DIDGetResponse didGetResponse = instance.didGet(didGet);
assertEquals(ECardConstants.Major.OK, didGetResponse.getResult().getResultMajor());
org.openecard.crypto.common.sal.did.CryptoMarkerType cryptoMarker = new org.openecard.crypto.common.sal.did.CryptoMarkerType((CryptoMarkerType) didGetResponse.getDIDStructure().getDIDMarker());
assertEquals(cryptoMarker.getCertificateRefs().get(0).getDataSetName(), "EF.C.CH.AUT");
}
use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.
the class GenericCryptographyProtocolTest method testDecipher.
/**
* Test for the Decipher Step of the Generic Cryptography protocol. After we connected to the ESIGN application
* of the eGK, we use DIDList to get a List of DIDs that support the Decipher function. We then authenticate with
* PIN.home and read the contents of the DIDs certificate. With it's public key we encrypt the contents of
* plaintext.txt and finally let the card decrypt it through a call to Decipher. In the end we match the result with
* the original plaintext.
*
* @throws Exception when something in this test went unexpectedly wrong
*/
@Test(enabled = TESTS_ENABLED)
public void testDecipher() throws Exception {
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(cardApplication);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
WSHelper.checkResult(cardApplicationPathResponse);
CardApplicationConnect parameters = new CardApplicationConnect();
CardAppPathResultSet cardAppPathResultSet = cardApplicationPathResponse.getCardAppPathResultSet();
parameters.setCardApplicationPath(cardAppPathResultSet.getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(parameters);
WSHelper.checkResult(result);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
DIDList didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
DIDQualifierType didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(cardApplication);
didQualifier.setObjectIdentifier(ECardConstants.Protocol.GENERIC_CRYPTO);
didQualifier.setApplicationFunction("Decipher");
didList.setFilter(didQualifier);
DIDListResponse didListResponse = instance.didList(didList);
assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
WSHelper.checkResult(didListResponse);
DIDAuthenticate didAthenticate = new DIDAuthenticate();
didAthenticate.setDIDName("PIN.home");
PinCompareDIDAuthenticateInputType didAuthenticationData = new PinCompareDIDAuthenticateInputType();
didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
didAthenticate.setConnectionHandle(result.getConnectionHandle());
didAthenticate.getConnectionHandle().setCardApplication(cardApplication_ROOT);
didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
DIDAuthenticateResponse didAuthenticateResult = instance.didAuthenticate(didAthenticate);
WSHelper.checkResult(didAuthenticateResult);
assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getAny().size(), 0);
assertEquals(ECardConstants.Major.OK, didAuthenticateResult.getResult().getResultMajor());
byte[] plaintextBytes = plaintext.getBytes();
for (int numOfDIDs = 0; numOfDIDs < didListResponse.getDIDNameList().getDIDName().size(); numOfDIDs++) {
String didName = didListResponse.getDIDNameList().getDIDName().get(numOfDIDs);
DIDGet didGet = new DIDGet();
didGet.setDIDName(didName);
didGet.setDIDScope(DIDScopeType.LOCAL);
didGet.setConnectionHandle(result.getConnectionHandle());
didGet.getConnectionHandle().setCardApplication(cardApplication);
DIDGetResponse didGetResponse = instance.didGet(didGet);
org.openecard.crypto.common.sal.did.CryptoMarkerType cryptoMarker = new org.openecard.crypto.common.sal.did.CryptoMarkerType((CryptoMarkerType) didGetResponse.getDIDStructure().getDIDMarker());
ByteArrayOutputStream ciphertext = new ByteArrayOutputStream();
// read the certificate
DSIRead dsiRead = new DSIRead();
dsiRead.setConnectionHandle(result.getConnectionHandle());
dsiRead.getConnectionHandle().setCardApplication(cardApplication);
dsiRead.setDSIName(cryptoMarker.getCertificateRefs().get(0).getDataSetName());
DSIReadResponse dsiReadResponse = instance.dsiRead(dsiRead);
assertEquals(ECardConstants.Major.OK, dsiReadResponse.getResult().getResultMajor());
assertTrue(dsiReadResponse.getDSIContent().length > 0);
// convert the contents to a certificate
Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
Cipher cipher;
int blocksize;
String algorithmUri = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
if (algorithmUri.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, cert);
// keysize/8-pkcspadding = (2048)/8-11
blocksize = 245;
} else if (algorithmUri.equals(GenericCryptoUris.RSAES_OAEP)) {
cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, cert);
blocksize = cipher.getBlockSize();
} else {
LOG.warn("Skipping decipher for the unsupported algorithmOID: {}", algorithmUri);
continue;
}
int rest = plaintextBytes.length % blocksize;
// encrypt block for block
for (int offset = 0; offset < plaintextBytes.length; offset += blocksize) {
if ((offset + blocksize) > plaintextBytes.length) {
ciphertext.write(cipher.doFinal(plaintextBytes, offset, rest));
} else {
ciphertext.write(cipher.doFinal(plaintextBytes, offset, blocksize));
}
}
Decipher decipher = new Decipher();
decipher.setCipherText(ciphertext.toByteArray());
decipher.setConnectionHandle(result.getConnectionHandle());
decipher.getConnectionHandle().setCardApplication(cardApplication);
decipher.setDIDName(didName);
decipher.setDIDScope(DIDScopeType.LOCAL);
DecipherResponse decipherResponse = instance.decipher(decipher);
assertEquals(decipherResponse.getPlainText(), plaintextBytes);
// test invalid ciphertext length (not divisible through blocksize without rest)
decipher = new Decipher();
decipher.setCipherText(ByteUtils.concatenate((byte) 0x00, ciphertext.toByteArray()));
decipher.setConnectionHandle(result.getConnectionHandle());
decipher.getConnectionHandle().setCardApplication(cardApplication);
decipher.setDIDName(didName);
decipher.setDIDScope(DIDScopeType.LOCAL);
decipherResponse = instance.decipher(decipher);
Result res = decipherResponse.getResult();
assertEquals(res.getResultMajor(), ECardConstants.Major.ERROR);
assertEquals(res.getResultMinor(), ECardConstants.Minor.App.INCORRECT_PARM);
}
}
use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.
the class SignStep method performSignature.
/**
* This method performs the signature creation according to BSI TR-03112 part 7.
*
* @param cryptoMarker The {@link CryptoMarkerType} containing the SignatureCreationInfo for creating the signature.
* @param keyReference A byte array containing the reference of the key to use.
* @param algorithmIdentifier A byte array containing the identifier of the signing algorithm.
* @param message The message to sign.
* @param slotHandle The slotHandle identifying the card.
* @param hashRef The variable contains the reference for the hash algorithm which have to be used.
* @param hashInfo A HashGenerationInfo object which indicates how the hash computation is to perform.
* @return A {@link SignResponse} object containing the signature of the <b>message</b>.
* @throws TLVException Thrown if the TLV creation for the key identifier or algorithm identifier failed.
* @throws IncorrectParameterException Thrown if the SignatureGenerationInfo does not contain PSO_CDS or INT_AUTH
* after an MSE_KEY command.
* @throws APDUException Thrown if one of the command to create the signature failed.
* @throws org.openecard.common.WSHelper.WSException Thrown if the checkResults method of WSHelper failed.
*/
private SignResponse performSignature(CryptoMarkerType cryptoMarker, byte[] keyReference, byte[] algorithmIdentifier, byte[] message, byte[] slotHandle, byte[] hashRef, HashGenerationInfoType hashInfo) throws TLVException, IncorrectParameterException, APDUException, WSHelper.WSException {
SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
TLV tagAlgorithmIdentifier = new TLV();
tagAlgorithmIdentifier.setTagNumWithClass(CARD_ALG_REF);
tagAlgorithmIdentifier.setValue(algorithmIdentifier);
TLV tagKeyReference = new TLV();
tagKeyReference.setTagNumWithClass(KEY_REFERENCE_PRIVATE_KEY);
tagKeyReference.setValue(keyReference);
CardCommandAPDU cmdAPDU = null;
CardResponseAPDU responseAPDU = null;
String[] signatureGenerationInfo = cryptoMarker.getSignatureGenerationInfo();
for (String command : signatureGenerationInfo) {
HashSet<String> signGenInfo = new HashSet<>(java.util.Arrays.asList(signatureGenerationInfo));
if (command.equals("MSE_KEY")) {
byte[] mseData = tagKeyReference.toBER();
if (signGenInfo.contains("PSO_CDS")) {
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (signGenInfo.contains("INT_AUTH") && !signGenInfo.contains("PSO_CDS")) {
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else {
String msg = "The command 'MSE_KEY' followed by 'INT_AUTH' and 'PSO_CDS' is currently not supported.";
LOG.error(msg);
throw new IncorrectParameterException(msg);
}
} else if (command.equals("PSO_CDS")) {
cmdAPDU = new PSOComputeDigitalSignature(message, BLOCKSIZE);
} else if (command.equals("INT_AUTH")) {
cmdAPDU = new InternalAuthenticate(message, BLOCKSIZE);
} else if (command.equals("MSE_RESTORE")) {
cmdAPDU = new ManageSecurityEnvironment.Restore(ManageSecurityEnvironment.DST);
} else if (command.equals("MSE_HASH")) {
cmdAPDU = new ManageSecurityEnvironment.Set(SET_COMPUTATION, ManageSecurityEnvironment.HT);
TLV mseDataTLV = new TLV();
mseDataTLV.setTagNumWithClass((byte) 0x80);
mseDataTLV.setValue(hashRef);
cmdAPDU.setData(mseDataTLV.toBER());
} else if (command.equals("PSO_HASH")) {
if (hashInfo == HashGenerationInfoType.LAST_ROUND_ON_CARD || hashInfo == HashGenerationInfoType.NOT_ON_CARD) {
cmdAPDU = new PSOHash(PSOHash.P2_SET_HASH_OR_PART, message);
} else {
cmdAPDU = new PSOHash(PSOHash.P2_HASH_MESSAGE, message);
}
} else if (command.equals("MSE_DS")) {
byte[] mseData = tagAlgorithmIdentifier.toBER();
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (command.equals("MSE_KEY_DS")) {
byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (command.equals("MSE_INT_AUTH")) {
byte[] mseData = tagKeyReference.toBER();
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else if (command.equals("MSE_KEY_INT_AUTH")) {
byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else {
String msg = "The signature generation command '" + command + "' is unknown.";
throw new IncorrectParameterException(msg);
}
responseAPDU = cmdAPDU.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
}
byte[] signedMessage = responseAPDU.getData();
// check if further response data is available
while (responseAPDU.getTrailer()[0] == (byte) 0x61) {
GetResponse getResponseData = new GetResponse();
responseAPDU = getResponseData.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
signedMessage = Arrays.concatenate(signedMessage, responseAPDU.getData());
}
if (!Arrays.areEqual(responseAPDU.getTrailer(), new byte[] { (byte) 0x90, (byte) 0x00 })) {
String minor = SALErrorUtils.getMinor(responseAPDU.getTrailer());
response.setResult(WSHelper.makeResultError(minor, responseAPDU.getStatusMessage()));
return response;
}
response.setSignature(signedMessage);
return response;
}
use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.
the class SignStep method perform.
@Override
public SignResponse perform(Sign sign, Map<String, Object> internalData) {
SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(sign);
String didName = SALUtils.getDIDName(sign);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
DIDStructureType didStructure = SALUtils.getDIDStructure(sign, didName, cardStateEntry, connectionHandle);
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
byte[] slotHandle = connectionHandle.getSlotHandle();
byte[] applicationID = connectionHandle.getCardApplication();
Assert.securityConditionDID(cardStateEntry, applicationID, didName, CryptographicServiceActionName.SIGN);
byte[] message = sign.getMessage();
byte[] keyReference = cryptoMarker.getCryptoKeyInfo().getKeyRef().getKeyRef();
byte[] algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getCardAlgRef();
byte[] hashRef = cryptoMarker.getAlgorithmInfo().getHashAlgRef();
HashGenerationInfoType hashInfo = cryptoMarker.getHashGenerationInfo();
if (didStructure.getDIDScope() == DIDScopeType.LOCAL) {
keyReference[0] = (byte) (0x80 | keyReference[0]);
}
if (cryptoMarker.getSignatureGenerationInfo() != null) {
response = performSignature(cryptoMarker, keyReference, algorithmIdentifier, message, slotHandle, hashRef, hashInfo);
} else {
// assuming that legacySignatureInformation exists
BaseTemplateContext templateContext = new BaseTemplateContext();
templateContext.put(HASH_TO_SIGN, message);
templateContext.put(KEY_REFERENCE, keyReference);
templateContext.put(ALGORITHM_IDENTIFIER, algorithmIdentifier);
templateContext.put(HASHALGORITHM_REFERENCE, hashRef);
response = performLegacySignature(cryptoMarker, connectionHandle, templateContext);
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.warn(e.getMessage(), e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
Aggregations