Review

Passes Cipher.ENCRYPT_MODE to Cipher.init(), but uses the cipher for decryption.

Pass Ciphter.DECRYPT_MODE instead.

• missing/condition/value_or_state

sos/mrtd/PassportAuthService.java

doAA(PublicKey)

class PassportAuthService {
   /**
    * Performs the <i>Active Authentication</i> protocol.
    * 
    * @param pubkey the public key to use (usually read from the card)
    * 
    * @return a boolean indicating whether the card was authenticated
    * 
    * @throws GeneralSecurityException if something goes wrong
    */
   public boolean doAA(PublicKey pubkey) throws GeneralSecurityException {
      aaCipher.init(Cipher.ENCRYPT_MODE, pubkey);
      aaSignature.initVerify(pubkey);
      byte[] m2 = new byte[8]; /* TODO: random rndIFD */
      byte[] response = service.sendInternalAuthenticate(wrapper, m2);
      System.out.println("DEBUG: response.length = " + response.length);
      System.out.println("DEBUG: response = " + Hex.bytesToHexString(response));
      int digestLength = aaDigest.getDigestLength(); /* should always be 20 */
      byte[] plaintext = aaCipher.doFinal(response);
      byte[] m1 = Util.recoverMessage(digestLength, plaintext);
      // System.out.println("DEBUG: m1 = " + Hex.bytesToHexString(m1));
      aaSignature.update(m1);
      aaSignature.update(m2);
      boolean success = aaSignature.verify(response);
      notifyAAPerformed(pubkey, m1, m2, success);
      if (success) {
         state = AA_AUTHENTICATED_STATE;
      }
      return success;
   }

}

class UseDecryptForDecryption {
  void pattern(Cipher cipher, PublicKey pubkey, MessageDigest digest, byte[] data) throws GeneralSecurityException {
    cipher.init(Cipher.DECRYPT_MODE, pubkey);
    int digestLength = digest.getDigestLength();
    byte[] plaintext = cipher.doFinal(data);
    Util.recoverMessage(digestLength, plaintext);
  }
}