| Code with Finding: |
class PassportApduService {
/**
* Sends an <code>EXTERNAL AUTHENTICATE</code> command to the passport.
* The resulting byte array has length 32 and contains <code>rndICC</code>
* (first 8 bytes), <code>rndIFD</code> (next 8 bytes), their key
* material "<code>kICC</code>" (last 16 bytes).
*
* @param rndIFD our challenge.
* @param rndICC their challenge.
* @param kIFD our key material.
* @param kEnc the static encryption key.
* @param kMac the static mac key.
*
* @return a byte array of length 32 containing the response that was
* sent by the passport, decrypted (using <code>kEnc</code>)
* and verified (using <code>kMac</code>).
*/
public byte[] sendMutualAuth(byte[] rndIFD, byte[] rndICC, byte[] kIFD,
SecretKey kEnc, SecretKey kMac) throws GeneralSecurityException {
byte[] rapdu = sendAPDU(createMututalAuthAPDU(rndIFD, rndICC, kIFD, kEnc,
kMac));
if (rapdu.length != 42) {
throw new IllegalStateException("Response wrong length: "
+ rapdu.length + "!=" + 42);
}
/*
byte[] eICC = new byte[32];
System.arraycopy(rapdu, 0, eICC, 0, 32);
byte[] mICC = new byte[8];
System.arraycopy(rapdu, 32, mICC, 0, 8);
*/
/* Decrypt the response. */
cipher.init(Cipher.DECRYPT_MODE, kEnc, ZERO_IV_PARAM_SPEC);
byte[] result = cipher.doFinal(rapdu, 0, rapdu.length - 8 - 2);
if (result.length != 32) {
throw new IllegalStateException("Cryptogram wrong length "
+ result.length);
}
return result;
}
}
|
