Search in sources :

Example 1 with AuthenticationToken

use of org.openecard.ifd.protocol.pace.crypto.AuthenticationToken in project open-ecard by ecsec.

the class PACEImplementation method generalAuthenticateMutualAuthentication.

/**
 * Step 5: Mutual authentication
 */
private void generalAuthenticateMutualAuthentication() throws Exception {
    // Calculate shared key k
    byte[] k = cryptoSuite.generateSharedSecret(keyPCD.getEncodedPrivateKey(), keyPICC.getEncodedPublicKey());
    // Derive key MAC
    keyMAC = kdf.deriveMAC(k);
    // Derive key ENC
    keyENC = kdf.deriveENC(k);
    // Calculate token T_PCD
    AuthenticationToken tokenPCD = new AuthenticationToken(psip.getPACEInfo());
    tokenPCD.generateToken(keyMAC, keyPICC.getEncodedPublicKey());
    CardCommandAPDU gaMutualAuth = new GeneralAuthenticate((byte) 0x85, tokenPCD.toByteArray());
    // Calculate token T_PICC
    AuthenticationToken tokenPICC = new AuthenticationToken(psip.getPACEInfo());
    tokenPICC.generateToken(keyMAC, keyPCD.getEncodedPublicKey());
    try {
        response = gaMutualAuth.transmit(dispatcher, slotHandle);
        if (tokenPICC.verifyToken(response.getData(), specifiedCHAT)) {
            currentCAR = tokenPICC.getCurrentCAR();
            previousCAR = tokenPICC.getPreviousCAR();
        } else {
            throw new GeneralSecurityException("Cannot verify authentication token.");
        }
    } catch (APDUException e) {
        if (e.getResponseAPDU() == null) {
            if (e.getCause() instanceof Exception) {
                throw (Exception) e.getCause();
            } else {
                throw new ProtocolException(ECardConstants.Minor.IFD.UNKNOWN_ERROR, e.getMessage());
            }
        }
        LOG.error(e.getMessage(), e);
        int sw = e.getResponseAPDU().getSW();
        if ((sw & (short) 0xFFF0) == (short) 0x63C0) {
            retryCounter = (byte) (sw & (short) 0x000F);
            if (retryCounter == (byte) 0x00) {
                // The password is blocked.
                LOG.warn("The password is blocked. The password MUST be unblocked.");
                throw new ProtocolException(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, "The password is blocked. The password MUST be unblocked.");
            } else if (retryCounter == (byte) 0x01) {
                // The password is suspended.
                LOG.warn("The password is suspended. The password MUST be resumed.");
                throw new ProtocolException(ECardConstants.Minor.IFD.PASSWORD_SUSPENDED, "The password is suspended. The password MUST be resumed.");
            } else if (retryCounter == (byte) 0x02) {
                // The password is wrong.
                LOG.warn("The password is wrong.");
                throw new ProtocolException(ECardConstants.Minor.IFD.PASSWORD_ERROR, "The password is wrong.");
            }
        } else {
            throw new ProtocolException(ECardConstants.Minor.IFD.AUTHENTICATION_FAILED, "Authentication failed.");
        }
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(ECardConstants.Minor.IFD.UNKNOWN_ERROR, e.getMessage());
    }
}
Also used : CardCommandAPDU(org.openecard.common.apdu.common.CardCommandAPDU) ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException) AuthenticationToken(org.openecard.ifd.protocol.pace.crypto.AuthenticationToken) APDUException(org.openecard.common.apdu.exception.APDUException) GeneralSecurityException(java.security.GeneralSecurityException) GeneralAuthenticate(org.openecard.common.apdu.GeneralAuthenticate) APDUException(org.openecard.common.apdu.exception.APDUException) GeneralSecurityException(java.security.GeneralSecurityException) ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException)

Aggregations

GeneralSecurityException (java.security.GeneralSecurityException)1 GeneralAuthenticate (org.openecard.common.apdu.GeneralAuthenticate)1 CardCommandAPDU (org.openecard.common.apdu.common.CardCommandAPDU)1 APDUException (org.openecard.common.apdu.exception.APDUException)1 ProtocolException (org.openecard.common.ifd.protocol.exception.ProtocolException)1 AuthenticationToken (org.openecard.ifd.protocol.pace.crypto.AuthenticationToken)1