de.fraunhofer.fokus.openeid.pace.auth.AuthenticationToken.java Source code

Java tutorial

  1. HOME
  2. Java
  3. de.fraunhofer.fokus.openeid.pace.auth.AuthenticationToken.java

Introduction

Here is the source code for de.fraunhofer.fokus.openeid.pace.auth.AuthenticationToken.java

Source

/*******************************************************************************
 * Implementation of the protocols PACE, Terminal Authentication and Chip 
 * Authentication (client side) with respect to the according BSI standards.
 * 
 * Copyright (C) 2013  Fraunhofer-Gesellschaft
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ******************************************************************************/
package de.fraunhofer.fokus.openeid.pace.auth;

import java.util.Arrays;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERApplicationSpecific;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.math.ec.ECPoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import de.fraunhofer.fokus.openeid.cryptography.Key;
import de.fraunhofer.fokus.openeid.cryptography.mac.MAC;
import de.fraunhofer.fokus.openeid.iso7816_4.Utils;
import de.fraunhofer.fokus.openeid.pace.PACEInfoProtocol;

public class AuthenticationToken {

    static final Logger logger = LoggerFactory.getLogger("PACE");

    public static byte[] computeMAC(MAC macAlgorithm, Key K_mac, PACEInfoProtocol oid, ECPoint publicKey) {
        //0x86 0x04 ...
        DERTaggedObject pcdPoint = new DERTaggedObject(false, 0x06, new DEROctetString(publicKey.getEncoded()));

        //0x06
        DERObjectIdentifier derOid = new DERObjectIdentifier(oid.getOid());

        ASN1EncodableVector outerValue = new ASN1EncodableVector();
        outerValue.add(derOid);
        outerValue.add(pcdPoint);
        //see X.690-0207 section 8.1.2.4.3
        DERApplicationSpecific outer = new DERApplicationSpecific(0x49, outerValue);

        logger.debug("mac input: " + Utils.byteArrayToHexString(outer.getDEREncoded()));

        byte[] keyMacBytes = K_mac.getKey();
        byte[] mac = macAlgorithm.compute(outer.getDEREncoded(), keyMacBytes);

        //IMPORTANT only the first 8 bytes are necessary, all following bytes are 0 anyways
        byte[] rangedMac = Arrays.copyOfRange(mac, 0, 8);
        logger.debug("mac      : " + Utils.byteArrayToHexString(mac));
        return rangedMac;
    }
}