Example 1 with CASecurityInfos
use of org.openecard.crypto.common.asn1.eac.CASecurityInfos in project open-ecard by ecsec.
the class EFCardAccess method decodeSecurityInfos.
/**
* Decode the SecurityInfos.
*/
private void decodeSecurityInfos() {
final ASN1Set securityinfos = sis.getSecurityInfos();
final int length = securityinfos.size();
psi = new PACESecurityInfos();
tsi = new TASecurityInfos();
csi = new CASecurityInfos();
for (int i = 0; i < length; i++) {
ASN1Sequence securityInfo = (ASN1Sequence) securityinfos.getObjectAt(i);
String oid = securityInfo.getObjectAt(0).toString();
// PACEInfo (REQUIRED)
if (PACEInfo.isPACEObjectIdentifer(oid)) {
_logger.debug("Found PACEInfo object identifier");
PACEInfo pi = new PACEInfo(securityInfo);
psi.addPACEInfo(pi);
} else // PACEDoaminParameterInfo (CONDITIONAL)
if (PACEDomainParameterInfo.isPACEObjectIdentifer(oid)) {
_logger.debug("Found PACEDomainParameterInfo object identifier");
PACEDomainParameterInfo pdp = new PACEDomainParameterInfo(securityInfo);
psi.addPACEDomainParameterInfo(pdp);
} else // ChipAuthenticationInfo (CONDITIONAL)
if (CAInfo.isObjectIdentifier(oid)) {
_logger.debug("Found ChipAuthenticationInfo object identifier");
CAInfo ci = new CAInfo(securityInfo);
csi.addCAInfo(ci);
} else // ChipAuthenticationDomainParameterInfo (CONDITIONAL)
if (CADomainParameterInfo.isObjectIdentifier(oid)) {
_logger.debug("Found ChipAuthenticationDomainParameterInfo object identifier");
CADomainParameterInfo cdp = new CADomainParameterInfo(securityInfo);
csi.addCADomainParameterInfo(cdp);
} else // TerminalAuthenticationInfo (CONDITIONAL)
if (EACObjectIdentifier.id_TA.equals(oid)) {
_logger.debug("Found TerminalAuthenticationInfo object identifier");
TAInfo ta = new TAInfo(securityInfo);
tsi.addTAInfo(ta);
} else // CardInfoLocator (RECOMMENDED)
if (EACObjectIdentifier.id_CI.equals(oid)) {
_logger.debug("Found CardInfoLocator object identifier");
cil = CardInfoLocator.getInstance(securityInfo);
} else // PrivilegedTerminalInfo (CONDITIONAL)
if (EACObjectIdentifier.id_PT.equals(oid)) {
_logger.debug("Found PrivilegedTerminalInfo object identifier");
pti = PrivilegedTerminalInfo.getInstance(securityInfo);
} else {
_logger.debug("Found unknown object identifier: {}", oid.toString());
}
}
}
Also used :
PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos)
ASN1Sequence(org.openecard.bouncycastle.asn1.ASN1Sequence)
ASN1Set(org.openecard.bouncycastle.asn1.ASN1Set)
TASecurityInfos(org.openecard.crypto.common.asn1.eac.TASecurityInfos)
CADomainParameterInfo(org.openecard.crypto.common.asn1.eac.CADomainParameterInfo)
TAInfo(org.openecard.crypto.common.asn1.eac.TAInfo)
PACEInfo(org.openecard.crypto.common.asn1.eac.PACEInfo)
CAInfo(org.openecard.crypto.common.asn1.eac.CAInfo)
CASecurityInfos(org.openecard.crypto.common.asn1.eac.CASecurityInfos)
PACEDomainParameterInfo(org.openecard.crypto.common.asn1.eac.PACEDomainParameterInfo)
Example 2 with CASecurityInfos
use of org.openecard.crypto.common.asn1.eac.CASecurityInfos in project open-ecard by ecsec.
the class AuthenticationHelper method performAuth.
public EAC2OutputType performAuth(EAC2OutputType eac2Output, Map<String, Object> internalData) throws ProtocolException, TLVException {
// get needed values from context
CardVerifiableCertificate terminalCertificate;
terminalCertificate = (CardVerifiableCertificate) internalData.get(EACConstants.IDATA_TERMINAL_CERTIFICATE);
byte[] key = (byte[]) internalData.get(EACConstants.IDATA_PK_PCD);
byte[] signature = (byte[]) internalData.get(EACConstants.IDATA_SIGNATURE);
SecurityInfos securityInfos = (SecurityInfos) internalData.get(EACConstants.IDATA_SECURITY_INFOS);
AuthenticatedAuxiliaryData aadObj;
aadObj = (AuthenticatedAuxiliaryData) internalData.get(EACConstants.IDATA_AUTHENTICATED_AUXILIARY_DATA);
// ///////////////////////////////////////////////////////////////////
// BEGIN TA PART
// ///////////////////////////////////////////////////////////////////
// TA: Step 2 - MSE:SET AT
byte[] oid = ObjectIdentifierUtils.getValue(terminalCertificate.getPublicKey().getObjectIdentifier());
byte[] chr = terminalCertificate.getCHR().toByteArray();
byte[] aad = aadObj.getData();
// Calculate comp(key)
EFCardAccess efca = new EFCardAccess(securityInfos);
CASecurityInfos cas = efca.getCASecurityInfos();
CADomainParameter cdp = new CADomainParameter(cas);
CAKey caKey = new CAKey(cdp);
caKey.decodePublicKey(key);
byte[] compKey = caKey.getEncodedCompressedPublicKey();
// TA: Step 4 - MSE SET AT
ta.mseSetAT(oid, chr, compKey, aad);
// TA: Step 4 - External Authentication
ta.externalAuthentication(signature);
// ///////////////////////////////////////////////////////////////////
// END TA PART
// ///////////////////////////////////////////////////////////////////
// ///////////////////////////////////////////////////////////////////
// BEGIN CA PART
// ///////////////////////////////////////////////////////////////////
// Read EF.CardSecurity
byte[] efCardSecurity = ca.readEFCardSecurity();
// CA: Step 1 - MSE:SET AT
byte[] oID = ObjectIdentifierUtils.getValue(cas.getCAInfo().getProtocol());
byte[] keyID = IntegerUtils.toByteArray(cas.getCAInfo().getKeyID());
ca.mseSetAT(oID, keyID);
// CA: Step 2 - General Authenticate
byte[] responseData = ca.generalAuthenticate(key);
TLV tlv = TLV.fromBER(responseData);
byte[] nonce = tlv.findChildTags(0x81).get(0).getValue();
byte[] token = tlv.findChildTags(0x82).get(0).getValue();
// Disable Secure Messaging
ca.destroySecureChannel();
// ///////////////////////////////////////////////////////////////////
// END CA PART
// ///////////////////////////////////////////////////////////////////
// Create response
eac2Output.setEFCardSecurity(efCardSecurity);
eac2Output.setNonce(nonce);
eac2Output.setToken(token);
return eac2Output;
}
Also used :
CADomainParameter(org.openecard.crypto.common.asn1.eac.CADomainParameter)
AuthenticatedAuxiliaryData(org.openecard.crypto.common.asn1.eac.AuthenticatedAuxiliaryData)
CardVerifiableCertificate(org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate)
EFCardAccess(org.openecard.crypto.common.asn1.eac.ef.EFCardAccess)
CASecurityInfos(org.openecard.crypto.common.asn1.eac.CASecurityInfos)
SecurityInfos(org.openecard.crypto.common.asn1.eac.SecurityInfos)
CASecurityInfos(org.openecard.crypto.common.asn1.eac.CASecurityInfos)
CAKey(org.openecard.sal.protocol.eac.crypto.CAKey)
TLV(org.openecard.common.tlv.TLV)
Aggregations
CASecurityInfos (org.openecard.crypto.common.asn1.eac.CASecurityInfos)2
ASN1Sequence (org.openecard.bouncycastle.asn1.ASN1Sequence)1
ASN1Set (org.openecard.bouncycastle.asn1.ASN1Set)1
TLV (org.openecard.common.tlv.TLV)1
CardVerifiableCertificate (org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate)1
AuthenticatedAuxiliaryData (org.openecard.crypto.common.asn1.eac.AuthenticatedAuxiliaryData)1
CADomainParameter (org.openecard.crypto.common.asn1.eac.CADomainParameter)1
CADomainParameterInfo (org.openecard.crypto.common.asn1.eac.CADomainParameterInfo)1
CAInfo (org.openecard.crypto.common.asn1.eac.CAInfo)1
PACEDomainParameterInfo (org.openecard.crypto.common.asn1.eac.PACEDomainParameterInfo)1
PACEInfo (org.openecard.crypto.common.asn1.eac.PACEInfo)1
PACESecurityInfos (org.openecard.crypto.common.asn1.eac.PACESecurityInfos)1
SecurityInfos (org.openecard.crypto.common.asn1.eac.SecurityInfos)1
TAInfo (org.openecard.crypto.common.asn1.eac.TAInfo)1
TASecurityInfos (org.openecard.crypto.common.asn1.eac.TASecurityInfos)1
EFCardAccess (org.openecard.crypto.common.asn1.eac.ef.EFCardAccess)1
CAKey (org.openecard.sal.protocol.eac.crypto.CAKey)1
