Search in sources :

Example 1 with PACEKey

use of org.openecard.ifd.protocol.pace.crypto.PACEKey in project open-ecard by ecsec.

the class PACEImplementation method generalAuthenticateMapNonce.

/**
 * Step 3: Mapping nonce
 */
private void generalAuthenticateMapNonce() throws Exception {
    byte[] pkMapPCD = null;
    PACEMapping mapping = cryptoSuite.getMapping();
    if (mapping instanceof PACEGenericMapping) {
        PACEGenericMapping gm = (PACEGenericMapping) mapping;
        pkMapPCD = gm.getMappingKey().getEncodedPublicKey();
    } else if (mapping instanceof PACEIntegratedMapping) {
        throw new UnsupportedOperationException("Not implemented yet.");
    }
    CardCommandAPDU gaMapNonce = new GeneralAuthenticate((byte) 0x81, pkMapPCD);
    gaMapNonce.setChaining();
    try {
        response = gaMapNonce.transmit(dispatcher, slotHandle);
    } catch (APDUException e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(e.getResult());
    }
    if (mapping instanceof PACEGenericMapping) {
        PACEGenericMapping gm = (PACEGenericMapping) mapping;
        PACEKey keyMapPICC = new PACEKey(domainParameter);
        keyMapPICC.decodePublicKey(response.getData());
        byte[] pkMapPICC = keyMapPICC.getEncodedPublicKey();
        if (ByteUtils.compare(pkMapPICC, pkMapPCD)) {
            throw new GeneralSecurityException("PACE security violation: equal keys");
        }
        domainParameter = gm.map(pkMapPICC, s);
    } else if (mapping instanceof PACEIntegratedMapping) {
        throw new UnsupportedOperationException("Not implemented yet.");
    }
    // Continue with Step 4
    generalAuthenticateKeyAgreement();
}
Also used : CardCommandAPDU(org.openecard.common.apdu.common.CardCommandAPDU) PACEGenericMapping(org.openecard.ifd.protocol.pace.crypto.PACEGenericMapping) ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException) PACEKey(org.openecard.ifd.protocol.pace.crypto.PACEKey) APDUException(org.openecard.common.apdu.exception.APDUException) PACEMapping(org.openecard.ifd.protocol.pace.crypto.PACEMapping) GeneralSecurityException(java.security.GeneralSecurityException) PACEIntegratedMapping(org.openecard.ifd.protocol.pace.crypto.PACEIntegratedMapping) GeneralAuthenticate(org.openecard.common.apdu.GeneralAuthenticate)

Example 2 with PACEKey

use of org.openecard.ifd.protocol.pace.crypto.PACEKey in project open-ecard by ecsec.

the class PACEImplementation method generalAuthenticateKeyAgreement.

/**
 * Step 4: Key agreement
 *
 * @param mapPK_PICC
 */
private void generalAuthenticateKeyAgreement() throws Exception {
    keyPCD = new PACEKey(domainParameter);
    keyPCD.generateKeyPair();
    byte[] keyPKPCD = keyPCD.getEncodedPublicKey();
    CardCommandAPDU gaKeyAgreement = new GeneralAuthenticate((byte) 0x83, keyPKPCD);
    gaKeyAgreement.setChaining();
    try {
        response = gaKeyAgreement.transmit(dispatcher, slotHandle);
        keyPICC = new PACEKey(domainParameter);
        byte[] keyPKPICC = keyPICC.decodePublicKey(response.getData());
        if (!ByteUtils.compare(keyPKPCD, keyPKPICC)) {
            // Continue with Step 5
            generalAuthenticateMutualAuthentication();
        } else {
            throw new GeneralSecurityException("PACE security violation: equal keys");
        }
    } catch (APDUException e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(e.getResult());
    } catch (GeneralSecurityException e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(e.getMessage());
    }
}
Also used : CardCommandAPDU(org.openecard.common.apdu.common.CardCommandAPDU) ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException) PACEKey(org.openecard.ifd.protocol.pace.crypto.PACEKey) APDUException(org.openecard.common.apdu.exception.APDUException) GeneralSecurityException(java.security.GeneralSecurityException) GeneralAuthenticate(org.openecard.common.apdu.GeneralAuthenticate)

Aggregations

GeneralSecurityException (java.security.GeneralSecurityException)2 GeneralAuthenticate (org.openecard.common.apdu.GeneralAuthenticate)2 CardCommandAPDU (org.openecard.common.apdu.common.CardCommandAPDU)2 APDUException (org.openecard.common.apdu.exception.APDUException)2 ProtocolException (org.openecard.common.ifd.protocol.exception.ProtocolException)2 PACEKey (org.openecard.ifd.protocol.pace.crypto.PACEKey)2 PACEGenericMapping (org.openecard.ifd.protocol.pace.crypto.PACEGenericMapping)1 PACEIntegratedMapping (org.openecard.ifd.protocol.pace.crypto.PACEIntegratedMapping)1 PACEMapping (org.openecard.ifd.protocol.pace.crypto.PACEMapping)1