public class EACCAProtocol extends Object
Constructor and Description |
---|
EACCAProtocol(APDULevelEACCACapable service,
SecureMessagingWrapper wrapper,
int maxTranceiveLength,
boolean shouldCheckMAC)
Constructs a protocol instance.
|
Modifier and Type | Method and Description |
---|---|
static byte[] |
computeSharedSecret(String agreementAlg,
PublicKey piccPublicKey,
PrivateKey pcdPrivateKey)
Performs the key agreement step.
|
EACCAResult |
doCA(BigInteger keyId,
String oid,
String publicKeyOID,
PublicKey piccPublicKey)
Perform EAC-CA (Chip Authentication) part of EAC (version 1).
|
static byte[] |
getKeyHash(String agreementAlg,
PublicKey pcdPublicKey)
Returns the key hash which will be used as input for Terminal Authentication.
|
SecureMessagingWrapper |
getWrapper()
Returns the secure messaging wrapper currently in use.
|
static SecureMessagingWrapper |
restartSecureMessaging(String oid,
byte[] sharedSecret,
int maxTranceiveLength,
boolean shouldCheckMAC)
Restarts secure messaging based on the shared secret.
|
static void |
sendPublicKey(APDULevelEACCACapable service,
SecureMessagingWrapper wrapper,
String oid,
BigInteger keyId,
PublicKey pcdPublicKey)
Sends the PCD's public key to the PICC.
|
public EACCAProtocol(APDULevelEACCACapable service, SecureMessagingWrapper wrapper, int maxTranceiveLength, boolean shouldCheckMAC)
service
- the card servicewrapper
- the existing secure messaging wrappermaxTranceiveLength
- the maximal tranceive length (on responses to READ BINARY
)
to use in the resulting secure messaging channelshouldCheckMAC
- whether the resulting secure messaging channel should apply strict MAC
checking on response APDUspublic EACCAResult doCA(BigInteger keyId, String oid, String publicKeyOID, PublicKey piccPublicKey) throws net.sf.scuba.smartcards.CardServiceException
keyId
- passport's public key id (stored in DG14), null
if noneoid
- the object identifier indicating the Chip Authentication protocolpublicKeyOID
- the OID indicating the type of public keypiccPublicKey
- PICC's public key (stored in DG14)net.sf.scuba.smartcards.CardServiceException
- if Chip Authentication failed or some error occurredpublic static void sendPublicKey(APDULevelEACCACapable service, SecureMessagingWrapper wrapper, String oid, BigInteger keyId, PublicKey pcdPublicKey) throws net.sf.scuba.smartcards.CardServiceException
service
- the card servicewrapper
- the existing secure messaging wrapperoid
- the Chip Authentication object identifierkeyId
- a key identifier or null
pcdPublicKey
- the public key to sendnet.sf.scuba.smartcards.CardServiceException
- on errorpublic static byte[] computeSharedSecret(String agreementAlg, PublicKey piccPublicKey, PrivateKey pcdPrivateKey) throws NoSuchAlgorithmException, InvalidKeyException
agreementAlg
- the agreement algorithmpiccPublicKey
- the PICC's public keypcdPrivateKey
- the PCD's private keyNoSuchAlgorithmException
- if the agreement algorithm is unsupportedInvalidKeyException
- if one of the keys is invalidpublic static SecureMessagingWrapper restartSecureMessaging(String oid, byte[] sharedSecret, int maxTranceiveLength, boolean shouldCheckMAC) throws GeneralSecurityException
oid
- the Chip Authentication object identifiersharedSecret
- the shared secretmaxTranceiveLength
- the maximum APDU tranceive lengthshouldCheckMAC
- whether to check MACGeneralSecurityException
- on errorpublic SecureMessagingWrapper getWrapper()
public static byte[] getKeyHash(String agreementAlg, PublicKey pcdPublicKey) throws NoSuchAlgorithmException
agreementAlg
- the agreement algorithm, either "DH"
or "ECDH"
pcdPublicKey
- the inspection system's public keyNoSuchAlgorithmException
- on errorCopyright © 2022. All rights reserved.