public class PACEProtocol extends Object
Constructor and Description |
---|
PACEProtocol(PassportService service,
SecureMessagingWrapper wrapper)
Constructs a PACE protocol instance.
|
Modifier and Type | Method and Description |
---|---|
static byte[] |
computeKeySeedForPACE(KeySpec accessKey) |
static byte[] |
computeKeySeedForPACE(String cardAccessNumber) |
static SecretKey |
deriveStaticPACEKey(KeySpec keySpec,
String oid)
Derives the static key K_pi.
|
PACEResult |
doPACE(AccessKeySpec accessKey,
String oid,
AlgorithmParameterSpec params)
Performs the PACE 2.0 / SAC protocol.
|
PACEResult |
doPACE(KeySpec accessKey,
String oid,
AlgorithmParameterSpec params)
Deprecated.
Use the variant of this method that takes an AccessKeySpec
|
byte[] |
doPACEStep1(SecretKey staticPACEKey,
Cipher staticPACECipher)
The first step in the PACE protocol receives an encrypted nonce from the PICC
and decrypts it.
|
PACEResult.PACEMappingResult |
doPACEStep2(PACEInfo.MappingType mappingType,
String agreementAlg,
AlgorithmParameterSpec params,
byte[] piccNonce,
Cipher staticPACECipher)
The second step in the PACE protocol computes ephemeral domain parameters
by mapping the PICC generated nonce (and optionally the PCD generated nonce,
which will be exchanged, in case of Integrated Mapping).
|
PACEResult.PACEGMMappingResult |
doPACEStep2GM(String agreementAlg,
AlgorithmParameterSpec params,
byte[] piccNonce)
The second step in the PACE protocol (GM case) computes ephemeral domain parameters
by performing a key agreement protocol with the PICC nonce as
input.
|
PACEResult.PACEIMMappingResult |
doPACEStep2IM(String agreementAlg,
AlgorithmParameterSpec params,
byte[] piccNonce,
Cipher staticPACECipher)
The second step in the PACE protocol computes ephemeral domain parameters
by performing a key agreement protocol with the PICC and PCD nonces as
input.
|
PublicKey |
doPACEStep3ExchangePublicKeys(PublicKey pcdPublicKey,
AlgorithmParameterSpec ephemeralParams) |
KeyPair |
doPACEStep3GenerateKeyPair(String agreementAlg,
AlgorithmParameterSpec ephemeralParams) |
byte[] |
doPACEStep3KeyAgreement(String agreementAlg,
PrivateKey pcdPrivateKey,
PublicKey piccPublicKey) |
byte[] |
doPACEStep4(String oid,
PACEInfo.MappingType mappingType,
KeyPair pcdKeyPair,
PublicKey piccPublicKey,
SecretKey macKey) |
static byte[] |
generateAuthenticationToken(String oid,
SecretKey macKey,
PublicKey publicKey)
The authentication token SHALL be computed over a public key data object (cf.
|
static ECPoint |
icartPointEncode(BigInteger t,
ECParameterSpec params)
Icart's point encoding for Elliptic Curve over a prime field.
|
static DHParameterSpec |
mapNonceGMWithDH(byte[] nonceS,
BigInteger sharedSecretH,
DHParameterSpec params) |
static ECParameterSpec |
mapNonceGMWithECDH(byte[] nonceS,
ECPoint sharedSecretPointH,
ECParameterSpec staticParameters) |
static AlgorithmParameterSpec |
mapNonceIMWithDH(byte[] nonceS,
byte[] nonceT,
String cipherAlgorithm,
DHParameterSpec params)
Transforms the nonces using a pseudo random number function and maps the resulting value to a field element.
|
static AlgorithmParameterSpec |
mapNonceIMWithECDH(byte[] nonceS,
byte[] nonceT,
String cipherAlgorithm,
ECParameterSpec params)
Transforms the nonces using a pseudo random number function and maps the resulting value to a point on the curve.
|
static byte[] |
pseudoRandomFunction(byte[] s,
byte[] t,
BigInteger p,
String algorithm)
Pseudo random number function as specified in Doc 9303 - Part 11, 4.4.3.3.2.
|
static PublicKey |
updateParameterSpec(PublicKey publicKey,
PrivateKey privateKey)
Updates the parameters of the given public key to match the parameters of the given private key.
|
public PACEProtocol(PassportService service, SecureMessagingWrapper wrapper)
service
- the service for sending APDUswrapper
- the already established secure messaging channel (or null
)@Deprecated public PACEResult doPACE(KeySpec accessKey, String oid, AlgorithmParameterSpec params) throws PACEException
accessKey
- the MRZ or CAN based access keyoid
- as specified in the PACEInfo, indicates GM or IM or CAM, DH or ECDH, cipher, digest, lengthparams
- explicit static domain parameters the domain params for DH or ECDHPACEException
- on errorpublic PACEResult doPACE(AccessKeySpec accessKey, String oid, AlgorithmParameterSpec params) throws PACEException
accessKey
- the MRZ or CAN based access keyoid
- as specified in the PACEInfo, indicates GM or IM or CAM, DH or ECDH, cipher, digest, lengthparams
- explicit static domain parameters the domain params for DH or ECDHPACEException
- on errorpublic byte[] doPACEStep1(SecretKey staticPACEKey, Cipher staticPACECipher) throws PACEException
staticPACEKey
- the static PACE keystaticPACECipher
- the cipher to reusePACEException
- on errorpublic PACEResult.PACEMappingResult doPACEStep2(PACEInfo.MappingType mappingType, String agreementAlg, AlgorithmParameterSpec params, byte[] piccNonce, Cipher staticPACECipher) throws PACEException
mappingType
- either CAM, GM, or IMagreementAlg
- the agreement algorithm, either DH or ECDHparams
- the static domain parameterspiccNonce
- the nonce received from the PICCstaticPACECipher
- the cipher to use in IMPACEException
- on errorpublic PACEResult.PACEGMMappingResult doPACEStep2GM(String agreementAlg, AlgorithmParameterSpec params, byte[] piccNonce) throws PACEException
agreementAlg
- the agreement algorithm, either DH or ECDHparams
- the static domain parameterspiccNonce
- the received nonce from the PICCPACEException
- on errorpublic PACEResult.PACEIMMappingResult doPACEStep2IM(String agreementAlg, AlgorithmParameterSpec params, byte[] piccNonce, Cipher staticPACECipher) throws PACEException
agreementAlg
- the agreement algorithm, either DH or ECDHparams
- the static domain parameterspiccNonce
- the received nonce from the PICCstaticPACECipher
- the cipher to use for IMPACEException
- on errorpublic KeyPair doPACEStep3GenerateKeyPair(String agreementAlg, AlgorithmParameterSpec ephemeralParams) throws PACEException
PACEException
public PublicKey doPACEStep3ExchangePublicKeys(PublicKey pcdPublicKey, AlgorithmParameterSpec ephemeralParams) throws PACEException
PACEException
public byte[] doPACEStep3KeyAgreement(String agreementAlg, PrivateKey pcdPrivateKey, PublicKey piccPublicKey) throws PACEException
PACEException
public byte[] doPACEStep4(String oid, PACEInfo.MappingType mappingType, KeyPair pcdKeyPair, PublicKey piccPublicKey, SecretKey macKey) throws PACEException
PACEException
public static SecretKey deriveStaticPACEKey(KeySpec keySpec, String oid) throws GeneralSecurityException
keySpec
- the key material from the MRZoid
- the PACE object identifier is needed to determine the cipher algorithm and the key lengthGeneralSecurityException
- on errorpublic static byte[] computeKeySeedForPACE(KeySpec accessKey) throws GeneralSecurityException
GeneralSecurityException
public static ECParameterSpec mapNonceGMWithECDH(byte[] nonceS, ECPoint sharedSecretPointH, ECParameterSpec staticParameters)
public static DHParameterSpec mapNonceGMWithDH(byte[] nonceS, BigInteger sharedSecretH, DHParameterSpec params)
public static AlgorithmParameterSpec mapNonceIMWithECDH(byte[] nonceS, byte[] nonceT, String cipherAlgorithm, ECParameterSpec params) throws GeneralSecurityException
nonceS
- the nonce from the PICCnonceT
- the nonce from the PCDcipherAlgorithm
- the cipher algorithm to be used by the pseudo random function (either "AES"
or "DESede"
)params
- the static domain parametersGeneralSecurityException
- on errorpublic static AlgorithmParameterSpec mapNonceIMWithDH(byte[] nonceS, byte[] nonceT, String cipherAlgorithm, DHParameterSpec params) throws GeneralSecurityException
nonceS
- the nonce from the PICCnonceT
- the nonce from the PCDcipherAlgorithm
- the cipher algorithm to be used by the pseudo random function (either "AES"
or "DESede"
)params
- the static domain parametersGeneralSecurityException
- on errorpublic static byte[] pseudoRandomFunction(byte[] s, byte[] t, BigInteger p, String algorithm) throws GeneralSecurityException
s
- the nonce that was sent by the ICCt
- the nonce that was generated by the PCDp
- the order of the prime fieldalgorithm
- the algorithm for block cipher E (either "AES"
or "DESede"
)GeneralSecurityException
- on cryptographic errorpublic static ECPoint icartPointEncode(BigInteger t, ECParameterSpec params)
t
- the field element to encodeparams
- the parameters describing the curve and fieldpublic static PublicKey updateParameterSpec(PublicKey publicKey, PrivateKey privateKey) throws GeneralSecurityException
publicKey
- the public key, should be an EC public keyprivateKey
- the private key, should be an EC private keyGeneralSecurityException
- on security error, or when keys are not ECpublic static byte[] generateAuthenticationToken(String oid, SecretKey macKey, PublicKey publicKey) throws GeneralSecurityException
oid
- the object identifier as indicated in MSE Set ATmacKey
- the KS MAC key derived from the key agreementpublicKey
- the received public keyGeneralSecurityException
- on error while performing the MAC operationpublic static byte[] computeKeySeedForPACE(String cardAccessNumber) throws GeneralSecurityException
GeneralSecurityException
Copyright © 2017. All rights reserved.