Package org.jmrtd.protocol
Class SecureMessagingWrapper
- java.lang.Object
-
- org.jmrtd.protocol.SecureMessagingWrapper
-
- All Implemented Interfaces:
Serializable
,net.sf.scuba.smartcards.APDUWrapper
- Direct Known Subclasses:
AESSecureMessagingWrapper
,DESedeSecureMessagingWrapper
public abstract class SecureMessagingWrapper extends Object implements Serializable, net.sf.scuba.smartcards.APDUWrapper
Secure messaging wrapper base class.- Version:
- $Revision: 1805 $
- Author:
- The JMRTD team
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
SecureMessagingWrapper(SecretKey ksEnc, SecretKey ksMac, String cipherAlg, String macAlg, int maxTranceiveLength, boolean shouldCheckMAC, long ssc)
Constructs a secure messaging wrapper based on the secure messaging session keys and the initial value of the send sequence counter.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected boolean
checkMac(byte[] rapdu, byte[] cc)
Checks the MAC.boolean
equals(Object obj)
protected abstract byte[]
getEncodedSendSequenceCounter()
Returns the send sequence counter encoded as a byte array for inclusion in wrapped APDUs.SecretKey
getEncryptionKey()
Returns the shared key for encrypting APDU payloads.static SecureMessagingWrapper
getInstance(SecureMessagingWrapper wrapper)
Returns a copy of the given wrapper, with an identical (but perhaps independent) state for known secure messaging wrapper types.protected abstract IvParameterSpec
getIV()
Returns the initialization vector to be used by the encryption cipher.SecretKey
getMACKey()
Returns the shared key for computing message authentication codes over APDU payloads.int
getMaxTranceiveLength()
Returns the maximum tranceive length of wrapped command and response APDUs, typical values are 256 and 65536.protected abstract int
getPadLength()
Returns the length (in bytes) to use for padding.long
getSendSequenceCounter()
Returns the current value of the send sequence counter.int
hashCode()
boolean
shouldCheckMAC()
Returns a boolean indicating whether this wrapper will check the MAC in wrapped response APDUs.String
toString()
net.sf.scuba.smartcards.ResponseAPDU
unwrap(net.sf.scuba.smartcards.ResponseAPDU responseAPDU)
Unwraps the APDU buffer of a response APDU.net.sf.scuba.smartcards.CommandAPDU
wrap(net.sf.scuba.smartcards.CommandAPDU commandAPDU)
Wraps the APDU buffer of a command APDU.
-
-
-
Constructor Detail
-
SecureMessagingWrapper
protected SecureMessagingWrapper(SecretKey ksEnc, SecretKey ksMac, String cipherAlg, String macAlg, int maxTranceiveLength, boolean shouldCheckMAC, long ssc) throws GeneralSecurityException
Constructs a secure messaging wrapper based on the secure messaging session keys and the initial value of the send sequence counter.- Parameters:
ksEnc
- the session key for encryptionksMac
- the session key for message authenticitycipherAlg
- the mnemonic Java string describing the cipher algorithmmacAlg
- the mnemonic Java string describing the message authenticity checking algorithmmaxTranceiveLength
- the maximum tranceive length, typical values are 256 or 65536shouldCheckMAC
- a boolean indicating whether this wrapper will check the MAC in wrapped response APDUsssc
- the initial value of the send sequence counter- Throws:
GeneralSecurityException
- when the available JCE providers cannot provide the necessary cryptographic primitives
-
-
Method Detail
-
getInstance
public static SecureMessagingWrapper getInstance(SecureMessagingWrapper wrapper)
Returns a copy of the given wrapper, with an identical (but perhaps independent) state for known secure messaging wrapper types. If the wrapper type is not recognized the original wrapper is returned.- Parameters:
wrapper
- the original wrapper- Returns:
- a copy of that wrapper
-
getSendSequenceCounter
public long getSendSequenceCounter()
Returns the current value of the send sequence counter.- Returns:
- the current value of the send sequence counter.
-
getEncryptionKey
public SecretKey getEncryptionKey()
Returns the shared key for encrypting APDU payloads.- Returns:
- the encryption key
-
getMACKey
public SecretKey getMACKey()
Returns the shared key for computing message authentication codes over APDU payloads.- Returns:
- the MAC key
-
shouldCheckMAC
public boolean shouldCheckMAC()
Returns a boolean indicating whether this wrapper will check the MAC in wrapped response APDUs.- Returns:
- a boolean indicating whether this wrapper will check the MAC in wrapped response APDUs
-
getMaxTranceiveLength
public int getMaxTranceiveLength()
Returns the maximum tranceive length of wrapped command and response APDUs, typical values are 256 and 65536.- Returns:
- the maximum tranceive length of wrapped command and response APDUs
-
wrap
public net.sf.scuba.smartcards.CommandAPDU wrap(net.sf.scuba.smartcards.CommandAPDU commandAPDU)
Wraps the APDU buffer of a command APDU. As a side effect, this method increments the internal send sequence counter maintained by this wrapper.- Specified by:
wrap
in interfacenet.sf.scuba.smartcards.APDUWrapper
- Parameters:
commandAPDU
- buffer containing the command APDU- Returns:
- length of the command APDU after wrapping
-
unwrap
public net.sf.scuba.smartcards.ResponseAPDU unwrap(net.sf.scuba.smartcards.ResponseAPDU responseAPDU)
Unwraps the APDU buffer of a response APDU.- Specified by:
unwrap
in interfacenet.sf.scuba.smartcards.APDUWrapper
- Parameters:
responseAPDU
- the response APDU- Returns:
- a new byte array containing the unwrapped buffer
-
checkMac
protected boolean checkMac(byte[] rapdu, byte[] cc) throws GeneralSecurityException
Checks the MAC.- Parameters:
rapdu
- the bytes of the response APDU, including the0x8E
tag, the length of the MAC, the MAC itself, and the status wordcc
- the MAC sent by the other party- Returns:
- whether the computed MAC is identical
- Throws:
GeneralSecurityException
- on security related error
-
getPadLength
protected abstract int getPadLength()
Returns the length (in bytes) to use for padding.- Returns:
- the length to use for padding
-
getIV
protected abstract IvParameterSpec getIV() throws GeneralSecurityException
Returns the initialization vector to be used by the encryption cipher.- Returns:
- the initialization vector as a paramaters specification
- Throws:
GeneralSecurityException
- on error constructing the parameter specification object
-
getEncodedSendSequenceCounter
protected abstract byte[] getEncodedSendSequenceCounter()
Returns the send sequence counter encoded as a byte array for inclusion in wrapped APDUs.- Returns:
- the send sequence counter encoded as byte array
-
-