use of org.openecard.ifd.protocol.pace.crypto.PACEKey in project open-ecard by ecsec.
the class PACEImplementation method generalAuthenticateMapNonce.
/**
* Step 3: Mapping nonce
*/
private void generalAuthenticateMapNonce() throws Exception {
byte[] pkMapPCD = null;
PACEMapping mapping = cryptoSuite.getMapping();
if (mapping instanceof PACEGenericMapping) {
PACEGenericMapping gm = (PACEGenericMapping) mapping;
pkMapPCD = gm.getMappingKey().getEncodedPublicKey();
} else if (mapping instanceof PACEIntegratedMapping) {
throw new UnsupportedOperationException("Not implemented yet.");
}
CardCommandAPDU gaMapNonce = new GeneralAuthenticate((byte) 0x81, pkMapPCD);
gaMapNonce.setChaining();
try {
response = gaMapNonce.transmit(dispatcher, slotHandle);
} catch (APDUException e) {
LOG.error(e.getMessage(), e);
throw new ProtocolException(e.getResult());
}
if (mapping instanceof PACEGenericMapping) {
PACEGenericMapping gm = (PACEGenericMapping) mapping;
PACEKey keyMapPICC = new PACEKey(domainParameter);
keyMapPICC.decodePublicKey(response.getData());
byte[] pkMapPICC = keyMapPICC.getEncodedPublicKey();
if (ByteUtils.compare(pkMapPICC, pkMapPCD)) {
throw new GeneralSecurityException("PACE security violation: equal keys");
}
domainParameter = gm.map(pkMapPICC, s);
} else if (mapping instanceof PACEIntegratedMapping) {
throw new UnsupportedOperationException("Not implemented yet.");
}
// Continue with Step 4
generalAuthenticateKeyAgreement();
}
use of org.openecard.ifd.protocol.pace.crypto.PACEKey in project open-ecard by ecsec.
the class PACEImplementation method generalAuthenticateKeyAgreement.
/**
* Step 4: Key agreement
*
* @param mapPK_PICC
*/
private void generalAuthenticateKeyAgreement() throws Exception {
keyPCD = new PACEKey(domainParameter);
keyPCD.generateKeyPair();
byte[] keyPKPCD = keyPCD.getEncodedPublicKey();
CardCommandAPDU gaKeyAgreement = new GeneralAuthenticate((byte) 0x83, keyPKPCD);
gaKeyAgreement.setChaining();
try {
response = gaKeyAgreement.transmit(dispatcher, slotHandle);
keyPICC = new PACEKey(domainParameter);
byte[] keyPKPICC = keyPICC.decodePublicKey(response.getData());
if (!ByteUtils.compare(keyPKPCD, keyPKPICC)) {
// Continue with Step 5
generalAuthenticateMutualAuthentication();
} else {
throw new GeneralSecurityException("PACE security violation: equal keys");
}
} catch (APDUException e) {
LOG.error(e.getMessage(), e);
throw new ProtocolException(e.getResult());
} catch (GeneralSecurityException e) {
LOG.error(e.getMessage(), e);
throw new ProtocolException(e.getMessage());
}
}
Aggregations