| Code with Misuse: |
class PassportAuthService { /** * Performs the <i>Active Authentication</i> protocol. * * @param pubkey the public key to use (usually read from the card) * * @return a boolean indicating whether the card was authenticated * * @throws GeneralSecurityException if something goes wrong */ public boolean doAA(PublicKey pubkey) throws GeneralSecurityException { aaCipher.init(Cipher.ENCRYPT_MODE, pubkey); aaSignature.initVerify(pubkey); byte[] m2 = new byte[8]; /* TODO: random rndIFD */ byte[] response = service.sendInternalAuthenticate(wrapper, m2); System.out.println("DEBUG: response.length = " + response.length); System.out.println("DEBUG: response = " + Hex.bytesToHexString(response)); int digestLength = aaDigest.getDigestLength(); /* should always be 20 */ byte[] plaintext = aaCipher.doFinal(response); byte[] m1 = Util.recoverMessage(digestLength, plaintext); // System.out.println("DEBUG: m1 = " + Hex.bytesToHexString(m1)); aaSignature.update(m1); aaSignature.update(m2); boolean success = aaSignature.verify(response); notifyAAPerformed(pubkey, m1, m2, success); if (success) { state = AA_AUTHENTICATED_STATE; } return success; }}
|
