Package org.jmrtd.protocol

Class SecureMessagingWrapper

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      protected SecureMessagingWrapper​(SecretKey ksEnc, SecretKey ksMac, String cipherAlg, String macAlg, int maxTranceiveLength, boolean shouldCheckMAC, long ssc)
      Constructs a secure messaging wrapper based on the secure messaging session keys and the initial value of the send sequence counter.

    • Constructor Detail

      • SecureMessagingWrapper

        protected SecureMessagingWrapper​(SecretKey ksEnc,
                                 SecretKey ksMac,
                                 String cipherAlg,
                                 String macAlg,
                                 int maxTranceiveLength,
                                 boolean shouldCheckMAC,
                                 long ssc)
                          throws GeneralSecurityException
        Constructs a secure messaging wrapper based on the secure messaging session keys and the initial value of the send sequence counter.
        Parameters:
        ksEnc - the session key for encryption
        ksMac - the session key for message authenticity
        cipherAlg - the mnemonic Java string describing the cipher algorithm
        macAlg - the mnemonic Java string describing the message authenticity checking algorithm
        maxTranceiveLength - the maximum tranceive length, typical values are 256 or 65536
        shouldCheckMAC - a boolean indicating whether this wrapper will check the MAC in wrapped response APDUs
        ssc - the initial value of the send sequence counter
        Throws:
        GeneralSecurityException - when the available JCE providers cannot provide the necessary cryptographic primitives

    • Method Detail

      • getInstance

        public static SecureMessagingWrapper getInstance​(SecureMessagingWrapper wrapper)
        Returns a copy of the given wrapper, with an identical (but perhaps independent) state for known secure messaging wrapper types. If the wrapper type is not recognized the original wrapper is returned.
        Parameters:
        wrapper - the original wrapper
        Returns:
        a copy of that wrapper

      • getSendSequenceCounter

        public long getSendSequenceCounter()
        Returns the current value of the send sequence counter.
        Returns:
        the current value of the send sequence counter.

      • getEncryptionKey

        public SecretKey getEncryptionKey()
        Returns the shared key for encrypting APDU payloads.
        Returns:
        the encryption key

      • getMACKey

        public SecretKey getMACKey()
        Returns the shared key for computing message authentication codes over APDU payloads.
        Returns:
        the MAC key

      • shouldCheckMAC

        public boolean shouldCheckMAC()
        Returns a boolean indicating whether this wrapper will check the MAC in wrapped response APDUs.
        Returns:
        a boolean indicating whether this wrapper will check the MAC in wrapped response APDUs

      • getMaxTranceiveLength

        public int getMaxTranceiveLength()
        Returns the maximum tranceive length of wrapped command and response APDUs, typical values are 256 and 65536.
        Returns:
        the maximum tranceive length of wrapped command and response APDUs

      • wrap

        public net.sf.scuba.smartcards.CommandAPDU wrap​(net.sf.scuba.smartcards.CommandAPDU commandAPDU)
        Wraps the APDU buffer of a command APDU. As a side effect, this method increments the internal send sequence counter maintained by this wrapper.
        Specified by:
        wrap in interface net.sf.scuba.smartcards.APDUWrapper
        Parameters:
        commandAPDU - buffer containing the command APDU
        Returns:
        length of the command APDU after wrapping

      • unwrap

        public net.sf.scuba.smartcards.ResponseAPDU unwrap​(net.sf.scuba.smartcards.ResponseAPDU responseAPDU)
        Unwraps the APDU buffer of a response APDU.
        Specified by:
        unwrap in interface net.sf.scuba.smartcards.APDUWrapper
        Parameters:
        responseAPDU - the response APDU
        Returns:
        a new byte array containing the unwrapped buffer

      • checkMac

        protected boolean checkMac​(byte[] rapdu,
                           byte[] cc)
                    throws GeneralSecurityException
        Checks the MAC.
        Parameters:
        rapdu - the bytes of the response APDU, including the 0x8E tag, the length of the MAC, the MAC itself, and the status word
        cc - the MAC sent by the other party
        Returns:
        whether the computed MAC is identical
        Throws:
        GeneralSecurityException - on security related error

      • getPadLength

        protected abstract int getPadLength()
        Returns the length (in bytes) to use for padding.
        Returns:
        the length to use for padding

      • getEncodedSendSequenceCounter

        protected abstract byte[] getEncodedSendSequenceCounter()
        Returns the send sequence counter encoded as a byte array for inclusion in wrapped APDUs.
        Returns:
        the send sequence counter encoded as byte array

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object