use of org.openecard.ifd.protocol.pace.crypto.AuthenticationToken in project open-ecard by ecsec.
the class PACEImplementation method generalAuthenticateMutualAuthentication.
/**
* Step 5: Mutual authentication
*/
private void generalAuthenticateMutualAuthentication() throws Exception {
// Calculate shared key k
byte[] k = cryptoSuite.generateSharedSecret(keyPCD.getEncodedPrivateKey(), keyPICC.getEncodedPublicKey());
// Derive key MAC
keyMAC = kdf.deriveMAC(k);
// Derive key ENC
keyENC = kdf.deriveENC(k);
// Calculate token T_PCD
AuthenticationToken tokenPCD = new AuthenticationToken(psip.getPACEInfo());
tokenPCD.generateToken(keyMAC, keyPICC.getEncodedPublicKey());
CardCommandAPDU gaMutualAuth = new GeneralAuthenticate((byte) 0x85, tokenPCD.toByteArray());
// Calculate token T_PICC
AuthenticationToken tokenPICC = new AuthenticationToken(psip.getPACEInfo());
tokenPICC.generateToken(keyMAC, keyPCD.getEncodedPublicKey());
try {
response = gaMutualAuth.transmit(dispatcher, slotHandle);
if (tokenPICC.verifyToken(response.getData(), specifiedCHAT)) {
currentCAR = tokenPICC.getCurrentCAR();
previousCAR = tokenPICC.getPreviousCAR();
} else {
throw new GeneralSecurityException("Cannot verify authentication token.");
}
} catch (APDUException e) {
if (e.getResponseAPDU() == null) {
if (e.getCause() instanceof Exception) {
throw (Exception) e.getCause();
} else {
throw new ProtocolException(ECardConstants.Minor.IFD.UNKNOWN_ERROR, e.getMessage());
}
}
LOG.error(e.getMessage(), e);
int sw = e.getResponseAPDU().getSW();
if ((sw & (short) 0xFFF0) == (short) 0x63C0) {
retryCounter = (byte) (sw & (short) 0x000F);
if (retryCounter == (byte) 0x00) {
// The password is blocked.
LOG.warn("The password is blocked. The password MUST be unblocked.");
throw new ProtocolException(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, "The password is blocked. The password MUST be unblocked.");
} else if (retryCounter == (byte) 0x01) {
// The password is suspended.
LOG.warn("The password is suspended. The password MUST be resumed.");
throw new ProtocolException(ECardConstants.Minor.IFD.PASSWORD_SUSPENDED, "The password is suspended. The password MUST be resumed.");
} else if (retryCounter == (byte) 0x02) {
// The password is wrong.
LOG.warn("The password is wrong.");
throw new ProtocolException(ECardConstants.Minor.IFD.PASSWORD_ERROR, "The password is wrong.");
}
} else {
throw new ProtocolException(ECardConstants.Minor.IFD.AUTHENTICATION_FAILED, "Authentication failed.");
}
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw new ProtocolException(ECardConstants.Minor.IFD.UNKNOWN_ERROR, e.getMessage());
}
}
Aggregations