Search in sources :

Example 1 with CADomainParameter

use of org.openecard.crypto.common.asn1.eac.CADomainParameter in project open-ecard by ecsec.

the class AuthenticationHelper method performAuth.

public EAC2OutputType performAuth(EAC2OutputType eac2Output, Map<String, Object> internalData) throws ProtocolException, TLVException {
    // get needed values from context
    CardVerifiableCertificate terminalCertificate;
    terminalCertificate = (CardVerifiableCertificate) internalData.get(EACConstants.IDATA_TERMINAL_CERTIFICATE);
    byte[] key = (byte[]) internalData.get(EACConstants.IDATA_PK_PCD);
    byte[] signature = (byte[]) internalData.get(EACConstants.IDATA_SIGNATURE);
    SecurityInfos securityInfos = (SecurityInfos) internalData.get(EACConstants.IDATA_SECURITY_INFOS);
    AuthenticatedAuxiliaryData aadObj;
    aadObj = (AuthenticatedAuxiliaryData) internalData.get(EACConstants.IDATA_AUTHENTICATED_AUXILIARY_DATA);
    // ///////////////////////////////////////////////////////////////////
    // BEGIN TA PART
    // ///////////////////////////////////////////////////////////////////
    // TA: Step 2 - MSE:SET AT
    byte[] oid = ObjectIdentifierUtils.getValue(terminalCertificate.getPublicKey().getObjectIdentifier());
    byte[] chr = terminalCertificate.getCHR().toByteArray();
    byte[] aad = aadObj.getData();
    // Calculate comp(key)
    EFCardAccess efca = new EFCardAccess(securityInfos);
    CASecurityInfos cas = efca.getCASecurityInfos();
    CADomainParameter cdp = new CADomainParameter(cas);
    CAKey caKey = new CAKey(cdp);
    caKey.decodePublicKey(key);
    byte[] compKey = caKey.getEncodedCompressedPublicKey();
    // TA: Step 4 - MSE SET AT
    ta.mseSetAT(oid, chr, compKey, aad);
    // TA: Step 4 - External Authentication
    ta.externalAuthentication(signature);
    // ///////////////////////////////////////////////////////////////////
    // END TA PART
    // ///////////////////////////////////////////////////////////////////
    // ///////////////////////////////////////////////////////////////////
    // BEGIN CA PART
    // ///////////////////////////////////////////////////////////////////
    // Read EF.CardSecurity
    byte[] efCardSecurity = ca.readEFCardSecurity();
    // CA: Step 1 - MSE:SET AT
    byte[] oID = ObjectIdentifierUtils.getValue(cas.getCAInfo().getProtocol());
    byte[] keyID = IntegerUtils.toByteArray(cas.getCAInfo().getKeyID());
    ca.mseSetAT(oID, keyID);
    // CA: Step 2 - General Authenticate
    byte[] responseData = ca.generalAuthenticate(key);
    TLV tlv = TLV.fromBER(responseData);
    byte[] nonce = tlv.findChildTags(0x81).get(0).getValue();
    byte[] token = tlv.findChildTags(0x82).get(0).getValue();
    // Disable Secure Messaging
    ca.destroySecureChannel();
    // ///////////////////////////////////////////////////////////////////
    // END CA PART
    // ///////////////////////////////////////////////////////////////////
    // Create response
    eac2Output.setEFCardSecurity(efCardSecurity);
    eac2Output.setNonce(nonce);
    eac2Output.setToken(token);
    return eac2Output;
}
Also used : CADomainParameter(org.openecard.crypto.common.asn1.eac.CADomainParameter) AuthenticatedAuxiliaryData(org.openecard.crypto.common.asn1.eac.AuthenticatedAuxiliaryData) CardVerifiableCertificate(org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate) EFCardAccess(org.openecard.crypto.common.asn1.eac.ef.EFCardAccess) CASecurityInfos(org.openecard.crypto.common.asn1.eac.CASecurityInfos) SecurityInfos(org.openecard.crypto.common.asn1.eac.SecurityInfos) CASecurityInfos(org.openecard.crypto.common.asn1.eac.CASecurityInfos) CAKey(org.openecard.sal.protocol.eac.crypto.CAKey) TLV(org.openecard.common.tlv.TLV)

Aggregations

TLV (org.openecard.common.tlv.TLV)1 CardVerifiableCertificate (org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate)1 AuthenticatedAuxiliaryData (org.openecard.crypto.common.asn1.eac.AuthenticatedAuxiliaryData)1 CADomainParameter (org.openecard.crypto.common.asn1.eac.CADomainParameter)1 CASecurityInfos (org.openecard.crypto.common.asn1.eac.CASecurityInfos)1 SecurityInfos (org.openecard.crypto.common.asn1.eac.SecurityInfos)1 EFCardAccess (org.openecard.crypto.common.asn1.eac.ef.EFCardAccess)1 CAKey (org.openecard.sal.protocol.eac.crypto.CAKey)1