All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jmrtd.protocol.EACTAProtocol Maven / Gradle / Ivy

There is a newer version: 0.7.42
Show newest version
/*
 * JMRTD - A Java API for accessing machine readable travel documents.
 *
 * Copyright (C) 2006 - 2017  The JMRTD team
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 *
 * $Id: EACTAProtocol.java 1802 2018-11-06 16:29:28Z martijno $
 */

package org.jmrtd.protocol;

import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.util.List;

import javax.crypto.interfaces.DHPublicKey;

import org.jmrtd.APDULevelEACTACapable;
import org.jmrtd.Util;
import org.jmrtd.cert.CVCAuthorizationTemplate.Role;
import org.jmrtd.cert.CVCPrincipal;
import org.jmrtd.cert.CardVerifiableCertificate;
import org.jmrtd.lds.icao.MRZInfo;

import net.sf.scuba.smartcards.CardServiceException;
import net.sf.scuba.tlv.TLVOutputStream;
import net.sf.scuba.tlv.TLVUtil;

/**
 * The EAC Terminal Authentication protocol.
 *
 * @author The JMRTD team ([email protected])
 *
 * @version $Revision: 1802 $
 *
 * @since 0.5.6
 */
public class EACTAProtocol {

  private static final int TAG_CVCERTIFICATE_SIGNATURE = 0x5F37;

  private static final Provider BC_PROVIDER = Util.getBouncyCastleProvider();

  private APDULevelEACTACapable service;

  private SecureMessagingWrapper wrapper;

  /**
   * Creates a protocol instance.
   *
   * @param service the card service for APDU communication
   * @param wrapper the secure messaging wrapper
   */
  public EACTAProtocol(APDULevelEACTACapable service, SecureMessagingWrapper wrapper) {
    this.service = service;
    this.wrapper = wrapper;
  }

  /*
   * From BSI-03110 v1.1, B.2:
   *
   * 
   * The following sequence of commands SHALL be used to implement Terminal
   * Authentication:
   *    1. MSE:Set DST
   *    2. PSO:Verify Certificate
   *    3. MSE:Set AT
   *    4. Get Challenge
   *    5. External Authenticate
   *
   * Steps 1 and 2 are repeated for every CV certificate to be verified
   * (CVCA Link Certificates, DV Certificate, IS Certificate).
   * 
*/ /** * Perform the EAC-TA (Terminal Authentication) part of EAC (version 1). * For details see TR-03110 ver. 1.11. In short, we feed the sequence of * terminal certificates to the card for verification, get a challenge * from the card, sign it with terminal private key, and send back to * the card for verification. * * @param caReference a reference to the issuer * @param terminalCertificates the terminal certificate chain * @param terminalKey the terminal private key * @param taAlg the algorithm * @param chipAuthenticationResult the chip authentication result * @param documentNumber the document number from which the chip key hash will be derived * * @return the Terminal Authentication result * * @throws CardServiceException on error */ public synchronized EACTAResult doEACTA(CVCPrincipal caReference, List terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, String documentNumber) throws CardServiceException { byte[] idPICC = deriveIdentifier(documentNumber); return doTA(caReference, terminalCertificates, terminalKey, taAlg, chipAuthenticationResult, idPICC); } /** * Perform TA (Terminal Authentication) part of EAC (version 1). For details see * TR-03110 ver. 1.11. In short, we feed the sequence of terminal certificates * to the card for verification, get a challenge from the card, sign it with * terminal private key, and send back to the card for verification. * * @param caReference reference issuer * @param terminalCertificates terminal certificate chain * @param terminalKey terminal private key * @param taAlg the algorithm * @param chipAuthenticationResult the chip authentication result * @param paceResult the PACE result from which the chip key hash will be derived * * @return the Terminal Authentication result * * @throws CardServiceException on error */ public synchronized EACTAResult doTA(CVCPrincipal caReference, List terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, PACEResult paceResult) throws CardServiceException { try { byte[] idPICC = deriveIdentifier(paceResult); return doTA(caReference, terminalCertificates, terminalKey, taAlg, chipAuthenticationResult, idPICC); } catch (NoSuchAlgorithmException e) { throw new CardServiceException("No such algorithm", e); } } /** * Executes the Terminal Authentication protocol. * * @param caReference the certificate authority * @param terminalCertificates the chain of certificates to send * @param terminalKey the inspection system's private key * @param taAlg the algorithm * @param chipAuthenticationResult the result of the Chip Authentication protocol execution * @param idPICC the chip identifier * * @return the result of Terminal Authentication * * @throws CardServiceException on error */ public synchronized EACTAResult doTA(CVCPrincipal caReference, List terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, byte[] idPICC) throws CardServiceException { try { if (terminalCertificates == null || terminalCertificates.isEmpty()) { throw new IllegalArgumentException("Need at least 1 certificate to perform TA, found: " + terminalCertificates); } byte[] caKeyHash = chipAuthenticationResult.getKeyHash(); /* The key hash that resulted from CA. */ if (caKeyHash == null) { throw new IllegalArgumentException("CA key hash is null"); } /* * FIXME: check that terminalCertificates holds a (inverted, i.e. issuer before * subject) chain. */ /* * Check if first cert is/has the expected CVCA, and remove it from chain if it * is the CVCA. */ CardVerifiableCertificate firstCert = terminalCertificates.get(0); Role firstCertRole = firstCert.getAuthorizationTemplate().getRole(); if (Role.CVCA.equals(firstCertRole)) { CVCPrincipal firstCertHolderReference = firstCert.getHolderReference(); if (caReference != null && !caReference.equals(firstCertHolderReference)) { throw new CardServiceException("First certificate holds wrong authority, found \"" + firstCertHolderReference.getName() + "\", expected \"" + caReference.getName() + "\""); } if (caReference == null) { caReference = firstCertHolderReference; } terminalCertificates.remove(0); } CVCPrincipal firstCertAuthorityReference = firstCert.getAuthorityReference(); if (caReference != null && !caReference.equals(firstCertAuthorityReference)) { throw new CardServiceException("First certificate not signed by expected CA, found " + firstCertAuthorityReference.getName() + ", expected " + caReference.getName()); } if (caReference == null) { caReference = firstCertAuthorityReference; } /* Check if the last cert is an IS cert. */ CardVerifiableCertificate lastCert = terminalCertificates.get(terminalCertificates.size() - 1); Role lastCertRole = lastCert.getAuthorizationTemplate().getRole(); if (!Role.IS.equals(lastCertRole)) { throw new CardServiceException("Last certificate in chain (" + lastCert.getHolderReference().getName() + ") does not have role IS, but has role " + lastCertRole); } CardVerifiableCertificate terminalCert = lastCert; /* Have the MRTD check our chain. */ for (CardVerifiableCertificate cert: terminalCertificates) { try { CVCPrincipal authorityReference = cert.getAuthorityReference(); /* Step 1: MSE:SetDST */ /* * Manage Security Environment: Set for verification: Digital Signature * Template, indicate authority of cert to check. */ byte[] authorityRefBytes = TLVUtil.wrapDO(0x83, authorityReference.getName().getBytes("ISO-8859-1")); service.sendMSESetDST(wrapper, authorityRefBytes); /* Cert body is already in TLV format. */ byte[] body = cert.getCertBodyData(); /* Signature not yet in TLV format, prefix it with tag and length. */ byte[] signature = cert.getSignature(); ByteArrayOutputStream sigOut = new ByteArrayOutputStream(); TLVOutputStream tlvSigOut = new TLVOutputStream(sigOut); tlvSigOut.writeTag(TAG_CVCERTIFICATE_SIGNATURE); tlvSigOut.writeValue(signature); tlvSigOut.close(); signature = sigOut.toByteArray(); /* Step 2: PSO:Verify Certificate */ service.sendPSOExtendedLengthMode(wrapper, body, signature); } catch (CardServiceException cse) { throw cse; } catch (Exception e) { /* FIXME: Does this mean we failed to authenticate? -- MO */ throw new CardServiceException("Exception", e); } } if (terminalKey == null) { throw new CardServiceException("No terminal key"); } /* Step 3: MSE Set AT */ CVCPrincipal holderRef = terminalCert.getHolderReference(); byte[] holderRefBytes = TLVUtil.wrapDO(0x83, holderRef.getName().getBytes("ISO-8859-1")); /* * Manage Security Environment: Set for external authentication: Authentication * Template */ service.sendMSESetATExtAuth(wrapper, holderRefBytes); /* Step 4: send get challenge */ byte[] rPICC = service.sendGetChallenge(wrapper); /* Step 5: external authenticate. */ ByteArrayOutputStream dtbs = new ByteArrayOutputStream(); dtbs.write(idPICC); dtbs.write(rPICC); dtbs.write(caKeyHash); dtbs.close(); byte[] dtbsBytes = dtbs.toByteArray(); String sigAlg = terminalCert.getSigAlgName(); if (sigAlg == null) { throw new IllegalStateException("Could not determine signature algorithm for terminal certificate " + terminalCert.getHolderReference().getName()); } Signature sig = Signature.getInstance(sigAlg, BC_PROVIDER); sig.initSign(terminalKey); sig.update(dtbsBytes); byte[] signedData = sig.sign(); if (sigAlg.toUpperCase().endsWith("ECDSA")) { int keySize = (int)Math.ceil(((org.bouncycastle.jce.interfaces.ECPrivateKey)terminalKey).getParameters().getCurve().getFieldSize() / 8.0); //TODO: Interop Ispra 20170925 signedData = Util.getRawECDSASignature(signedData, keySize); } service.sendMutualAuthenticate(wrapper, signedData); return new EACTAResult(chipAuthenticationResult, caReference, terminalCertificates, terminalKey, null, rPICC); } catch (CardServiceException cse) { throw cse; } catch (Exception e) { throw new CardServiceException("Exception", e); } } /** * Derives a chip identifier from the document number (BAC MRZ based case). * * @param documentNumber the document number that was used for primary access control (typically BAC) * * @return the chip identifier */ private static byte[] deriveIdentifier(String documentNumber) { int documentNumberLength = documentNumber.length(); byte[] idPICC = new byte[documentNumberLength + 1]; try { System.arraycopy(documentNumber.getBytes("ISO-8859-1"), 0, idPICC, 0, documentNumberLength); idPICC[documentNumberLength] = (byte)MRZInfo.checkDigit(documentNumber); return idPICC; } catch (UnsupportedEncodingException e) { /* NOTE: Never happens, ISO-8859-1 is always supported. */ throw new IllegalStateException("Unsupported encoding", e); } } /** * Derives a chip identifier from a PACE result (PACE case). * * @param paceResult the PACE result * * @return the chip identifier * * @throws NoSuchAlgorithmException on error */ private static byte[] deriveIdentifier(PACEResult paceResult) throws NoSuchAlgorithmException { String agreementAlg = paceResult.getAgreementAlg(); PublicKey pcdPublicKey = paceResult.getPICCPublicKey(); if ("DH".equals(agreementAlg)) { /* TODO: this is probably wrong, what should be hashed? */ MessageDigest md = MessageDigest.getInstance("SHA-1"); return md.digest(getKeyData(agreementAlg, pcdPublicKey)); } else if ("ECDH".equals(agreementAlg)) { org.bouncycastle.jce.interfaces.ECPublicKey pcdECPublicKey = (org.bouncycastle.jce.interfaces.ECPublicKey)pcdPublicKey; byte[] t = Util.i2os(pcdECPublicKey.getQ().getAffineXCoord().toBigInteger()); return Util.alignKeyDataToSize(t, (int)Math.ceil(pcdECPublicKey.getParameters().getCurve().getFieldSize() / 8.0)); // TODO: Interop Ispra for SecP521r1 20170925. } throw new NoSuchAlgorithmException("Unsupported agreement algorithm " + agreementAlg); } /** * Returns the encoded public key data to be sent. * * @param agreementAlg the agreement algorithm, either {@code "DH"} or {@code "ECDH"} * @param pcdPublicKey the inspection system's public key * * @return the key data */ private static byte[] getKeyData(String agreementAlg, PublicKey pcdPublicKey) { if ("DH".equals(agreementAlg)) { DHPublicKey pcdDHPublicKey = (DHPublicKey)pcdPublicKey; return Util.i2os(pcdDHPublicKey.getY()); } else if ("ECDH".equals(agreementAlg)) { /* NOTE: Why are we not relying on JCE here, but on Bouncy instead? */ org.bouncycastle.jce.interfaces.ECPublicKey pcdECPublicKey = (org.bouncycastle.jce.interfaces.ECPublicKey)pcdPublicKey; return pcdECPublicKey.getQ().getEncoded(false); } throw new IllegalArgumentException("Unsupported agreement algorithm " + agreementAlg); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy