| Code with Misuse: |
class BACPanel.ChallengePanel {
public void actionPerformed(ActionEvent ae) {
rndICC = apduService.sendGetChallenge();
challengeField.setValue(rndICC);
}
}
class BACPanel.MRZPanel {
public void actionPerformed(ActionEvent ae) {
try {
byte[] keySeed = Util.computeKeySeed(docNrTF.getText(), dateOfBirthTF
.getText(), dateOfExpiryTF.getText());
kEnc = Util.deriveKey(keySeed, Util.ENC_MODE);
kMac = Util.deriveKey(keySeed, Util.MAC_MODE);
kEncTF.setValue(kEnc.getEncoded());
kMacTF.setValue(kMac.getEncoded());
} catch (Exception e) {
kEnc = null;
kMac = null;
kEncTF.clearText();
kMacTF.clearText();
}
}
}
class BACPanel.MutualAuthPanel {
/**
* FIXME:
* preallocate kIFD, kICC, rndIFD, rndICC and copy here from TFs
* to prevent allocate & gc.
*/
public void actionPerformed(ActionEvent ae) {
try {
rndIFD = challengeField.getValue();
kIFD = keyField.getValue();
byte[] plaintext = apduService.sendMutualAuth(rndIFD, rndICC, kIFD, kEnc,
kMac);
plaintextField.setValue(plaintext);
if (kICC == null || kICC.length < 16) {
kICC = new byte[16];
}
System.arraycopy(plaintext, 16, kICC, 0, 16);
byte[] keySeed = new byte[16];
for (int i = 0; i < 16; i++) {
keySeed[i] = (byte) ((kIFD[i] & 0x000000FF) ^ (kICC[i] & 0x000000FF));
}
ksEnc = Util.deriveKey(keySeed, Util.ENC_MODE);
ksMac = Util.deriveKey(keySeed, Util.MAC_MODE);
ksEncTF.setValue(ksEnc.getEncoded());
ksMacTF.setValue(ksMac.getEncoded());
ssc = Util.computeSendSequenceCounter(rndICC, rndIFD);
sscTF.setValue(ssc);
SecureMessagingWrapper wrapper = new SecureMessagingWrapper(ksEnc, ksMac, ssc);
authService.setWrapper(wrapper);
} catch (Exception e) {
e.printStackTrace();
}
}
}
|
