public class PACEProtocol extends Object
Constructor and Description |
---|
PACEProtocol(APDULevelPACECapable service,
SecureMessagingWrapper wrapper,
int maxTranceiveLength,
boolean shouldCheckMAC)
Deprecated.
Use the other constructor with explicit max tranceive lengths for protocol and secure messaging
|
PACEProtocol(APDULevelPACECapable service,
SecureMessagingWrapper wrapper,
int maxTranceiveLengthForProtocol,
int maxTranceiveLengthForSecureMessaging,
boolean shouldCheckMAC)
Constructs a PACE protocol instance.
|
Modifier and Type | Method and Description |
---|---|
static byte[] |
computeKeySeedForPACE(AccessKeySpec accessKey)
Computes a key seed based on an access key.
|
static byte[] |
computeKeySeedForPACE(String cardAccessNumber)
Computes a key seed given a card access number (CAN).
|
static PublicKey |
decodePublicKeyFromSmartCard(byte[] encodedPublicKey,
AlgorithmParameterSpec params)
Decodes a public key received from the PICC.
|
static SecretKey |
deriveStaticPACEKey(AccessKeySpec accessKey,
String oid)
Derives the static key K_pi.
|
PACEResult |
doPACE(AccessKeySpec accessKey,
String oid,
AlgorithmParameterSpec staticParameters,
BigInteger parameterId)
Performs the PACE 2.0 / SAC protocol.
|
byte[] |
doPACEStep1(SecretKey staticPACEKey,
Cipher staticPACECipher)
The first step in the PACE protocol receives an encrypted nonce from the PICC
and decrypts it.
|
PACEMappingResult |
doPACEStep2(PACEInfo.MappingType mappingType,
String agreementAlg,
AlgorithmParameterSpec params,
byte[] piccNonce,
Cipher staticPACECipher)
The second step in the PACE protocol computes ephemeral domain parameters
by mapping the PICC generated nonce (and optionally the PCD generated nonce,
which will be exchanged, in case of Integrated Mapping).
|
PACEGMMappingResult |
doPACEStep2GM(String agreementAlg,
AlgorithmParameterSpec params,
byte[] piccNonce)
The second step in the PACE protocol (GM case) computes ephemeral domain parameters
by performing a key agreement protocol with the PICC nonce as
input.
|
PACEIMMappingResult |
doPACEStep2IM(String agreementAlg,
AlgorithmParameterSpec params,
byte[] piccNonce,
Cipher staticPACECipher)
The second step in the PACE protocol computes ephemeral domain parameters
by performing a key agreement protocol with the PICC and PCD nonces as
input.
|
PublicKey |
doPACEStep3ExchangePublicKeys(PublicKey pcdPublicKey,
AlgorithmParameterSpec ephemeralParams)
Sends the PCD's public key to the PICC and receives and interprets the PICC's public key in exchange.
|
KeyPair |
doPACEStep3GenerateKeyPair(String agreementAlg,
AlgorithmParameterSpec ephemeralParams)
Chooses a random ephemeral key pair.
|
byte[] |
doPACEStep3KeyAgreement(String agreementAlg,
PrivateKey pcdPrivateKey,
PublicKey piccPublicKey)
Performs the key agreement.
|
byte[] |
doPACEStep4(String oid,
PACEInfo.MappingType mappingType,
KeyPair pcdKeyPair,
PublicKey piccPublicKey,
SecretKey macKey)
Exchanges authentication tokens.
|
static byte[] |
encodePublicKeyDataObject(String oid,
PublicKey publicKey)
Based on TR-SAC 1.01 4.5.1 and 4.5.2.
|
static byte[] |
encodePublicKeyDataObject(String oid,
PublicKey publicKey,
boolean isContextKnown)
Based on TR-SAC 1.01 4.5.1 and 4.5.2.
|
static byte[] |
encodePublicKeyForSmartCard(PublicKey publicKey)
Write uncompressed coordinates (for EC) or public value (DH).
|
static byte[] |
generateAuthenticationToken(String oid,
SecretKey macKey,
PublicKey publicKey)
Generates an authentication token.
|
static ECPoint |
icartPointEncode(BigInteger t,
ECParameterSpec params)
Icart's point encoding for Elliptic Curve over a prime field.
|
static DHParameterSpec |
mapNonceGMWithDH(byte[] nonceS,
BigInteger sharedSecretH,
DHParameterSpec staticParameters)
Maps the nonce for the DH case using Generic Mapping
to get new parameters
(notably a new generator).
|
static ECParameterSpec |
mapNonceGMWithECDH(byte[] nonceS,
ECPoint sharedSecretPointH,
ECParameterSpec staticParameters)
Maps the nonce for the ECDH case
using Generic Mapping to get new parameters
(notably a new generator).
|
static AlgorithmParameterSpec |
mapNonceIMWithDH(byte[] nonceS,
byte[] nonceT,
String cipherAlgorithm,
DHParameterSpec params)
Transforms the nonces using a pseudo random number function and maps the resulting value to a field element.
|
static AlgorithmParameterSpec |
mapNonceIMWithECDH(byte[] nonceS,
byte[] nonceT,
String cipherAlgorithm,
ECParameterSpec params)
Transforms the nonces using a pseudo random number function and maps the resulting value to a point on the curve.
|
static byte[] |
pseudoRandomFunction(byte[] s,
byte[] t,
BigInteger p,
String algorithm)
Pseudo random number function as specified in Doc 9303 - Part 11, 4.4.3.3.2.
|
static PublicKey |
updateParameterSpec(PublicKey publicKey,
PrivateKey privateKey)
Updates the parameters of the given public key to match the parameters of the given private key.
|
@Deprecated public PACEProtocol(APDULevelPACECapable service, SecureMessagingWrapper wrapper, int maxTranceiveLength, boolean shouldCheckMAC)
service
- the service for sending APDUswrapper
- the already established secure messaging channel (or null
)maxTranceiveLength
- the maximal tranceive length (on responses to READ BINARY
)
to use in the resulting secure messaging channelshouldCheckMAC
- whether the resulting secure messaging channel should apply strict MAC
checking on response APDUspublic PACEProtocol(APDULevelPACECapable service, SecureMessagingWrapper wrapper, int maxTranceiveLengthForProtocol, int maxTranceiveLengthForSecureMessaging, boolean shouldCheckMAC)
service
- the service for sending APDUswrapper
- the already established secure messaging channel (or null
)maxTranceiveLengthForProtocol
- the maximal tranceive length PACE during protocol execution, 256
or 65536
maxTranceiveLengthForSecureMessaging
- the maximal tranceive length (on responses to READ BINARY
)
to use in the resulting secure messaging channelshouldCheckMAC
- whether the resulting secure messaging channel should apply strict MAC
checking on response APDUspublic PACEResult doPACE(AccessKeySpec accessKey, String oid, AlgorithmParameterSpec staticParameters, BigInteger parameterId) throws net.sf.scuba.smartcards.CardServiceException
accessKey
- the MRZ or CAN based access keyoid
- as specified in the PACEInfo, indicates GM or IM or CAM, DH or ECDH, cipher, digest, lengthstaticParameters
- explicit static domain parameters for DH or ECDHparameterId
- parameter identifier or null
net.sf.scuba.smartcards.CardServiceException
- if authentication failed or on some lower-level errorpublic byte[] doPACEStep1(SecretKey staticPACEKey, Cipher staticPACECipher) throws PACEException
staticPACEKey
- the static PACE keystaticPACECipher
- the cipher to reusePACEException
- on errorpublic PACEMappingResult doPACEStep2(PACEInfo.MappingType mappingType, String agreementAlg, AlgorithmParameterSpec params, byte[] piccNonce, Cipher staticPACECipher) throws PACEException
mappingType
- either CAM, GM, or IMagreementAlg
- the agreement algorithm, either DH or ECDHparams
- the static domain parameterspiccNonce
- the nonce received from the PICCstaticPACECipher
- the cipher to use in IMPACEException
- on errorpublic PACEGMMappingResult doPACEStep2GM(String agreementAlg, AlgorithmParameterSpec params, byte[] piccNonce) throws PACEException
agreementAlg
- the agreement algorithm, either DH or ECDHparams
- the static domain parameterspiccNonce
- the received nonce from the PICCPACEException
- on errorpublic PACEIMMappingResult doPACEStep2IM(String agreementAlg, AlgorithmParameterSpec params, byte[] piccNonce, Cipher staticPACECipher) throws PACEException
agreementAlg
- the agreement algorithm, either DH or ECDHparams
- the static domain parameterspiccNonce
- the received nonce from the PICCstaticPACECipher
- the cipher to use for IMPACEException
- on errorpublic KeyPair doPACEStep3GenerateKeyPair(String agreementAlg, AlgorithmParameterSpec ephemeralParams) throws PACEException
agreementAlg
- the agreement algorithmephemeralParams
- the parametersPACEException
- on errorpublic PublicKey doPACEStep3ExchangePublicKeys(PublicKey pcdPublicKey, AlgorithmParameterSpec ephemeralParams) throws PACEException
pcdPublicKey
- the PCD's public keyephemeralParams
- the ephemeral parameters to interpret the PICC's public keyPACEException
- on errorpublic byte[] doPACEStep3KeyAgreement(String agreementAlg, PrivateKey pcdPrivateKey, PublicKey piccPublicKey) throws PACEException
agreementAlg
- the agreement algorithm, either "DH"
or "ECDH"
pcdPrivateKey
- the PCD's private keypiccPublicKey
- the PICC's public keyPACEException
- on errorpublic byte[] doPACEStep4(String oid, PACEInfo.MappingType mappingType, KeyPair pcdKeyPair, PublicKey piccPublicKey, SecretKey macKey) throws net.sf.scuba.smartcards.CardServiceException
oid
- the object identifiermappingType
- the mapping type (GM or IM)pcdKeyPair
- the PCD's key pairpiccPublicKey
- the PICC's public keymacKey
- the MAC key to usenet.sf.scuba.smartcards.CardServiceException
- on errorpublic static SecretKey deriveStaticPACEKey(AccessKeySpec accessKey, String oid) throws GeneralSecurityException
accessKey
- the key material from the MRZoid
- the PACE object identifier is needed to determine the cipher algorithm and the key lengthGeneralSecurityException
- on errorpublic static byte[] computeKeySeedForPACE(AccessKeySpec accessKey) throws GeneralSecurityException
accessKey
- the access keyGeneralSecurityException
- on errorpublic static ECParameterSpec mapNonceGMWithECDH(byte[] nonceS, ECPoint sharedSecretPointH, ECParameterSpec staticParameters)
nonceS
- the nonce received from the PICCsharedSecretPointH
- the shared secretstaticParameters
- the static parameterspublic static DHParameterSpec mapNonceGMWithDH(byte[] nonceS, BigInteger sharedSecretH, DHParameterSpec staticParameters)
nonceS
- the nonce received from the PICCsharedSecretH
- the shared secret pointstaticParameters
- the static parameterspublic static AlgorithmParameterSpec mapNonceIMWithECDH(byte[] nonceS, byte[] nonceT, String cipherAlgorithm, ECParameterSpec params) throws GeneralSecurityException
nonceS
- the nonce from the PICCnonceT
- the nonce from the PCDcipherAlgorithm
- the cipher algorithm to be used by the pseudo random function (either "AES"
or "DESede"
)params
- the static domain parametersGeneralSecurityException
- on errorpublic static AlgorithmParameterSpec mapNonceIMWithDH(byte[] nonceS, byte[] nonceT, String cipherAlgorithm, DHParameterSpec params) throws GeneralSecurityException
nonceS
- the nonce from the PICCnonceT
- the nonce from the PCDcipherAlgorithm
- the cipher algorithm to be used by the pseudo random function (either "AES"
or "DESede"
)params
- the static domain parametersGeneralSecurityException
- on errorpublic static byte[] pseudoRandomFunction(byte[] s, byte[] t, BigInteger p, String algorithm) throws GeneralSecurityException
s
- the nonce that was sent by the ICCt
- the nonce that was generated by the PCDp
- the order of the prime fieldalgorithm
- the algorithm for block cipher E (either "AES"
or "DESede"
)GeneralSecurityException
- on cryptographic errorpublic static ECPoint icartPointEncode(BigInteger t, ECParameterSpec params)
t
- the field element to encodeparams
- the parameters describing the curve and fieldpublic static PublicKey updateParameterSpec(PublicKey publicKey, PrivateKey privateKey) throws GeneralSecurityException
publicKey
- the public key, should be an EC public keyprivateKey
- the private key, should be an EC private keyGeneralSecurityException
- on security error, or when keys are not ECpublic static byte[] generateAuthenticationToken(String oid, SecretKey macKey, PublicKey publicKey) throws GeneralSecurityException
oid
- the object identifier as indicated in MSE Set ATmacKey
- the KS MAC key derived from the key agreementpublicKey
- the received public keyGeneralSecurityException
- on error while performing the MAC operationpublic static byte[] computeKeySeedForPACE(String cardAccessNumber) throws GeneralSecurityException
cardAccessNumber
- the card access numberGeneralSecurityException
- on errorpublic static byte[] encodePublicKeyDataObject(String oid, PublicKey publicKey) throws InvalidKeyException
oid
- object identifierpublicKey
- public keyInvalidKeyException
- when public key is not DH or ECpublic static byte[] encodePublicKeyDataObject(String oid, PublicKey publicKey, boolean isContextKnown) throws InvalidKeyException
oid
- object identifierpublicKey
- public keyisContextKnown
- whether context of public key is known to receiver (we will not include domain parameters in that case).InvalidKeyException
- when public key is not DH or ECpublic static byte[] encodePublicKeyForSmartCard(PublicKey publicKey) throws InvalidKeyException
publicKey
- public keyInvalidKeyException
- if the key type is not EC or DHpublic static PublicKey decodePublicKeyFromSmartCard(byte[] encodedPublicKey, AlgorithmParameterSpec params)
encodedPublicKey
- the encoded public key that was receivedparams
- the parameters used for interpreting the public keyCopyright © 2020. All rights reserved.