List of usage examples for org.bouncycastle.util Arrays areEqual
public static boolean areEqual(short[] a, short[] b)
From source file:de.fraunhofer.fokus.openeid.pace.PaceECDH.java
License:Open Source License
private boolean verifyAuthToken(MAC mac, byte[] authToken) { byte[] expectedMac = AuthenticationToken.computeMAC(mac, keyMAC, protocolParameters, ephemeralKeyPair.getPublicKey()); return Arrays.areEqual(expectedMac, authToken); }
From source file:de.fraunhofer.fokus.openeid.pace.test.TerminalAuthenticationECDHTest.java
License:Open Source License
@Test public void testChainVerificationStep1Plain() throws CryptoException, InvalidInterindustryClassException { /* prepare trusted PK reference for verification */ MSE_SetDst setTrustVerifiablePK = new MSE_SetDst(null, EAC2WorkedExampleData.CAR); CommandAPDU apdu = setTrustVerifiablePK.buildAPDU(); Byte[] plainApdu = apdu.buildPacket(); byte[] plainObjective = new byte[] { 0x00, 0x22, (byte) 0x81, (byte) 0xB6, 0x0F, (byte) 0x83, 0x0D, 0x44, 0x45, 0x43, 0x56, 0x43, 0x41, 0x41, 0x54, 0x30, 0x30, 0x30, 0x30, 0x31 }; Assert.assertTrue(Arrays.areEqual(Utils.convert(plainApdu), plainObjective)); }
From source file:de.fraunhofer.fokus.openeid.pace.test.TerminalAuthenticationECDHTest.java
License:Open Source License
@Test public void testChainVerificationStep1SecureMessaging() throws CryptoException, InvalidInterindustryClassException { /* prepare trusted PK reference for verification */ MSE_SetDst apdu = new MSE_SetDst(null, EAC2WorkedExampleData.CAR); CommandManager manager = new CommandManager(null); // Life Cycle step 1: CommandAPDU construction CommandAPDU command = apdu.buildAPDU(); // @see F.3. Send Sequence Counter in TR03110 / SSC is increased before a command is generated int ssc = manager.increaseCounter(); // creating secured CommandAPDU MAC macAlgorithm = protocol.getMACAlgorithm(); byte[] key = keyMAC.getKey(); SecuredCommandAPDU securedApdu = new SecuredCommandAPDU(command, keyENC, macAlgorithm, key, ssc, 16); command = securedApdu.getSecured();//from w w w.j a va2 s. co m byte[] expectedCoded = new byte[] { 0x0C, (byte) 0x22, (byte) 0x81, (byte) 0xB6, (byte) 0x1D, (byte) 0x87, (byte) 0x11, (byte) 0x01, (byte) 0xBE, (byte) 0x90, 0x23, 0x7E, (byte) 0xEB, 0x4B, (byte) 0xA0, (byte) 0xFF, 0x25, 0x3E, (byte) 0xA2, 0x46, (byte) 0xAE, 0x31, (byte) 0xC8, (byte) 0xB8, (byte) 0x8E, 0x08, (byte) 0x92, (byte) 0xD2, 0x1C, 0x73, (byte) 0xA1, (byte) 0xDF, (byte) 0xE9, (byte) 0x99, 0x00 }; byte[] builtCoded = Utils.convert(command.buildPacket()); Assert.assertTrue(Arrays.areEqual(builtCoded, expectedCoded)); }
From source file:de.tsenger.animamea.ca.CAOperator.java
License:Open Source License
public SecureMessaging performCA() throws SecureMessagingException, CardException, CAException { //send MSE:Set AT MSESetAT mse = new MSESetAT(); mse.setAT(MSESetAT.setAT_CA);/* ww w . j a v a 2 s . c o m*/ mse.setProtocol(protocol); mse.setPrivateKeyReference(caPKref); ch.transceive(mse.getCommandAPDU()); // General Authenticate DynamicAuthenticationData dad = sendGA(); //TODO Rckgabe der Karte prfen (z.B. SW != 9000) //Schlssel fr Secure Messaging berechnen byte[] rnd_picc = dad.getDataObject(1); byte[] K = ca.getSharedSecret_K(ephSKPCD, caPK); byte[] kenc = null; byte[] kmac = null; switch (keyLength) { case 112: kenc = new KeyDerivationFunction(K, rnd_picc, 1).getDESedeKey(); kmac = new KeyDerivationFunction(K, rnd_picc, 2).getDESedeKey(); break; case 128: kenc = new KeyDerivationFunction(K, rnd_picc, 1).getAES128Key(); kmac = new KeyDerivationFunction(K, rnd_picc, 2).getAES128Key(); break; case 192: kenc = new KeyDerivationFunction(K, rnd_picc, 1).getAES192Key(); kmac = new KeyDerivationFunction(K, rnd_picc, 2).getAES192Key(); break; case 256: kenc = new KeyDerivationFunction(K, rnd_picc, 1).getAES256Key(); kmac = new KeyDerivationFunction(K, rnd_picc, 2).getAES256Key(); break; } //Authentication Token vergleichen byte[] tpcd = calcToken(kmac, ephPKPCD); if (!Arrays.areEqual(tpcd, dad.getDataObject(2))) throw new CAException("Authentication Tokens are different. Cards Token:\n" + HexString.bufferToHex(dad.getDataObject(2)) + "calculated Token:\n" + HexString.bufferToHex(tpcd)); return new SecureMessaging(crypto, kenc, kmac, new byte[crypto.getBlockSize()]); }
From source file:de.tsenger.animamea.pace.PaceOperator.java
License:Open Source License
/** * Fhrt alle Schritte des PACE-Protokolls durch und liefert bei Erfolg * eine mit den ausgehandelten Schlsseln intialisierte SecureMessaging-Instanz zurck. * //from w w w . j av a2 s . co m * @return Bei Erfolg von PACE wird eine mit den ausgehandelten Schlsseln * intialisierte SecureMessaging-Instanz zurckgegeben. Anderfalls <code>null</code>. * @throws PaceException * @throws CardException * @throws SecureMessagingException */ public SecureMessaging performPace() throws PaceException, SecureMessagingException, CardException { // send MSE:SetAT int resp = sendMSESetAT(terminalType).getSW(); if (resp != 0x9000) throw new PaceException("MSE:Set AT failed. SW: " + Integer.toHexString(resp)); // send first GA and get nonce byte[] nonce_z = getNonce().getDataObject(0); logger.debug("NONCE S ENC: " + HexString.bufferToHex(nonce_z)); byte[] nonce_s = decryptNonce(nonce_z); logger.debug("NONCE S PLAIN: " + HexString.bufferToHex(nonce_s)); byte[] X1 = pace.getX1(nonce_s); // X1 zur Karte schicken und Y1 empfangen byte[] Y1 = mapNonce(X1).getDataObject(2); byte[] X2 = pace.getX2(Y1); // X2 zur Karte schicken und Y2 empfangen. byte[] Y2 = performKeyAgreement(X2).getDataObject(4); // Y2 ist PK_Picc der fr die TA bentigt wird. pk_picc = Y2.clone(); byte[] S = pace.getSharedSecret_K(Y2); byte[] kenc = getKenc(S); byte[] kmac = getKmac(S); logger.debug("K bzw S: " + HexString.bufferToHex(S)); logger.debug("Kenc: " + HexString.bufferToHex(kenc)); logger.debug("Kmac: " + HexString.bufferToHex(kmac)); // Authentication Token T_PCD berechnen byte[] tpcd = calcAuthToken(kmac, Y2); // Authentication Token T_PCD zur Karte schicken und Authentication Token T_PICC empfangen DynamicAuthenticationData dad = performMutualAuthentication(tpcd); byte[] tpicc = dad.getDataObject(6); if (dad.getDataObject(7) != null) logger.info("CAR: " + new String(dad.getDataObject(7))); if (dad.getDataObject(8) != null) logger.info("CAR2: " + new String(dad.getDataObject(8))); // Authentication Token T_PICC' berechnen byte[] tpicc_strich = calcAuthToken(kmac, X2); logger.debug("tpicc' :" + HexString.bufferToHex(tpicc_strich)); // Prfe ob T_PICC = T_PICC' if (!Arrays.areEqual(tpicc, tpicc_strich)) throw new PaceException("Authentication Tokens are different"); return new SecureMessaging(crypto, kenc, kmac, new byte[crypto.getBlockSize()]); }
From source file:de.tsenger.animamea.pace.PaceOperator.java
License:Open Source License
/** * Fhrt alle Schritte des PACE-Protokolls durch und liefert bei Erfolg * eine mit den ausgehandelten Schlsseln intialisierte SecureMessaging-Instanz zurck. * //from ww w . j a v a2s . c o m * @return Bei Erfolg von PACE wird eine mit den ausgehandelten Schlsseln * intialisierte SecureMessaging-Instanz zurckgegeben. Anderfalls <code>null</code>. * @throws PaceException * @throws CardException * @throws SecureMessagingException */ public SecureMessaging performPaceWithTrigger(String startCmd, String stopCmd) throws PaceException, SecureMessagingException, CardException { // before sending MSE:SetAT, trigger start try { logger.info("starting: " + startCmd); Runtime rt = Runtime.getRuntime(); Process proc = rt.exec(startCmd); } catch (IOException e) { // just silently fail } // send MSE:SetAT int resp = sendMSESetAT(terminalType).getSW(); if (resp != 0x9000) throw new PaceException("MSE:Set AT failed. SW: " + Integer.toHexString(resp)); // afterwards, trigger stop try { logger.info("starting: " + stopCmd); Runtime rt = Runtime.getRuntime(); Process proc = rt.exec(stopCmd); } catch (IOException e) { // just silently fail } // send first GA and get nonce byte[] nonce_z = getNonce().getDataObject(0); logger.debug("NONCE S ENC: " + HexString.bufferToHex(nonce_z)); byte[] nonce_s = decryptNonce(nonce_z); logger.debug("NONCE S PLAIN: " + HexString.bufferToHex(nonce_s)); byte[] X1 = pace.getX1(nonce_s); // X1 zur Karte schicken und Y1 empfangen byte[] Y1 = mapNonce(X1).getDataObject(2); byte[] X2 = pace.getX2(Y1); // X2 zur Karte schicken und Y2 empfangen. byte[] Y2 = performKeyAgreement(X2).getDataObject(4); // Y2 ist PK_Picc der fr die TA bentigt wird. pk_picc = Y2.clone(); byte[] S = pace.getSharedSecret_K(Y2); byte[] kenc = getKenc(S); byte[] kmac = getKmac(S); logger.debug("K bzw S: " + HexString.bufferToHex(S)); logger.debug("Kenc: " + HexString.bufferToHex(kenc)); logger.debug("Kmac: " + HexString.bufferToHex(kmac)); // Authentication Token T_PCD berechnen byte[] tpcd = calcAuthToken(kmac, Y2); // Authentication Token T_PCD zur Karte schicken und Authentication Token T_PICC empfangen DynamicAuthenticationData dad = performMutualAuthentication(tpcd); byte[] tpicc = dad.getDataObject(6); if (dad.getDataObject(7) != null) logger.info("CAR: " + new String(dad.getDataObject(7))); if (dad.getDataObject(8) != null) logger.info("CAR2: " + new String(dad.getDataObject(8))); // Authentication Token T_PICC' berechnen byte[] tpicc_strich = calcAuthToken(kmac, X2); logger.debug("tpicc' :" + HexString.bufferToHex(tpicc_strich)); // Prfe ob T_PICC = T_PICC' if (!Arrays.areEqual(tpicc, tpicc_strich)) throw new PaceException("Authentication Tokens are different"); return new SecureMessaging(crypto, kenc, kmac, new byte[crypto.getBlockSize()]); }
From source file:edu.vt.middleware.crypt.x509.types.BitString.java
License:Open Source License
/** {@inheritDoc} */ @Override//from w w w .ja v a 2s . co m public boolean equals(final Object obj) { boolean result; if (obj == this) { result = true; } else if (obj == null || obj.getClass() != getClass()) { result = false; } else { result = Arrays.areEqual(octets, ((BitString) obj).getOctets()); } return result; }
From source file:ee.ria.xroad.common.certificateprofile.impl.EjbcaCertificateProfileInfoProviderTest.java
License:Open Source License
/** * Tests whether getting expected subject fields succeeds as expected. *///from w ww .j a va 2 s. com @Test public void signProfileSubjectFields() { DnFieldDescription[] expectedFields = { new DnFieldDescriptionImpl("C", "Instance Identifier (C)", "XX").setReadOnly(true), new DnFieldDescriptionImpl("O", "Member Class (O)", "foo").setReadOnly(true), new DnFieldDescriptionImpl("CN", "Member Code (CN)", "bar").setReadOnly(true) }; assertTrue("Did not get expected fields", Arrays.areEqual(expectedFields, getSignProfile().getSubjectFields())); }
From source file:ee.ria.xroad.common.certificateprofile.impl.EjbcaCertificateProfileInfoProviderTest.java
License:Open Source License
/** * Tests whether getting expected fields of auth profile succeeds * as expected./*from w w w. j a v a2s . c o m*/ */ @Test public void authProfileSubjectFields() { DnFieldDescription[] expectedFields = { new DnFieldDescriptionImpl("C", "Instance Identifier (C)", "XX").setReadOnly(true), new DnFieldDescriptionImpl("CN", "Server Code (CN)", "server").setReadOnly(true), }; assertTrue("Did not get expected fields", Arrays.areEqual(expectedFields, getAuthProfile().getSubjectFields())); }
From source file:ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProviderTest.java
License:Open Source License
/** * Tests whether getting expected subject fields succeeds as expected. *///w w w . j a va 2 s . c o m @Test public void signProfileSubjectFields() { DnFieldDescription[] expectedFields = { new DnFieldDescriptionImpl("C", "Country code (C)", "FI").setReadOnly(true), new DnFieldDescriptionImpl("O", "Organization name (O)", "").setReadOnly(false), new DnFieldDescriptionImpl("serialNumber", "Serial number", "XX/server/Foo").setReadOnly(true), new DnFieldDescriptionImpl("CN", "Member code", "Bar").setReadOnly(true) }; assertTrue("Did not get expected fields", Arrays.areEqual(expectedFields, getSignProfile().getSubjectFields())); }