Package de.cardcontact.opencard.security
Class GPSCP02SecureChannel
- java.lang.Object
-
- de.cardcontact.opencard.security.GPSCP02SecureChannel
-
- All Implemented Interfaces:
SecureChannel
public class GPSCP02SecureChannel extends java.lang.Object implements SecureChannel
Basic implementation for SCP 02 secure channel according to GP 2.1.1 This implementation supports the following implementation options: "i" = '15': Initiation mode explicit, C-MAC on modified APDU, ICV set to zero, ICV encryption for C-MAC session, 3 Secure Channel Keys, unspecified card challenge generation method, no R-MAC; "i" = '55': Initiation mode explicit, C-MAC on modified APDU, ICV set to zero, ICV encryption for C-MAC session, 3 Secure Channel Keys, well-known pseudo-random algorithm (card challenge), no R-MAC- Author:
- Frank Thater
-
-
Field Summary
Fields Modifier and Type Field Description static byte
C_MAC
static byte
C_MAC_AND_C_ENC
static byte
CMAC_ON_MODIFIED_APDU
static byte
ICV_ENCRYPTION_FOR_CMAC_SESSION
static byte
ICV_SET_TO_ZERO
static byte
INITIATION_MODE_EXPLICIT
static byte
NO_RMAC_SUPPORT
static byte
NONE
Supported security levelsprotected java.lang.String
provider
static byte
THREE_SECURE_CHANNEL_BASE_KEYS
Supported values for the "i" parameter ("i" = '15' and "i" = '55')static byte
UNSPECIFIED_CARD_CHALLENGE_GENERATION
static byte
WELL_KNOWN_PSEUDO_RANDOM_ALGORITHM
-
Constructor Summary
Constructors Constructor Description GPSCP02SecureChannel(java.security.Key senc, java.security.Key smac, java.security.Key dek, byte[] iv, byte securityLevel, java.lang.String provider)
Create initialized secure channel object
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static boolean
scpOptionsSupported(byte options)
ResponseAPDU
unwrap(ResponseAPDU apduToUnwrap, int usageQualifier)
Unwrap a CommandAPDUCommandAPDU
wrap(CommandAPDU apduToWrap, int usageQualifier)
Wrap a CommandAPDU
-
-
-
Field Detail
-
THREE_SECURE_CHANNEL_BASE_KEYS
public static final byte THREE_SECURE_CHANNEL_BASE_KEYS
Supported values for the "i" parameter ("i" = '15' and "i" = '55')- See Also:
- Constant Field Values
-
CMAC_ON_MODIFIED_APDU
public static final byte CMAC_ON_MODIFIED_APDU
- See Also:
- Constant Field Values
-
INITIATION_MODE_EXPLICIT
public static final byte INITIATION_MODE_EXPLICIT
- See Also:
- Constant Field Values
-
ICV_SET_TO_ZERO
public static final byte ICV_SET_TO_ZERO
- See Also:
- Constant Field Values
-
ICV_ENCRYPTION_FOR_CMAC_SESSION
public static final byte ICV_ENCRYPTION_FOR_CMAC_SESSION
- See Also:
- Constant Field Values
-
NO_RMAC_SUPPORT
public static final byte NO_RMAC_SUPPORT
- See Also:
- Constant Field Values
-
WELL_KNOWN_PSEUDO_RANDOM_ALGORITHM
public static final byte WELL_KNOWN_PSEUDO_RANDOM_ALGORITHM
- See Also:
- Constant Field Values
-
UNSPECIFIED_CARD_CHALLENGE_GENERATION
public static final byte UNSPECIFIED_CARD_CHALLENGE_GENERATION
- See Also:
- Constant Field Values
-
NONE
public static final byte NONE
Supported security levels- See Also:
- Constant Field Values
-
C_MAC
public static final byte C_MAC
- See Also:
- Constant Field Values
-
C_MAC_AND_C_ENC
public static final byte C_MAC_AND_C_ENC
- See Also:
- Constant Field Values
-
provider
protected java.lang.String provider
-
-
Constructor Detail
-
GPSCP02SecureChannel
public GPSCP02SecureChannel(java.security.Key senc, java.security.Key smac, java.security.Key dek, byte[] iv, byte securityLevel, java.lang.String provider) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, javax.crypto.NoSuchPaddingException
Create initialized secure channel object- Parameters:
provider
- Cryptographic service provider for JCE- Throws:
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
-
-
Method Detail
-
unwrap
public ResponseAPDU unwrap(ResponseAPDU apduToUnwrap, int usageQualifier)
Description copied from interface:SecureChannel
Unwrap a CommandAPDU- Specified by:
unwrap
in interfaceSecureChannel
- Parameters:
apduToUnwrap
- Response APDU to be unwrappedusageQualifier
- Qualifier to control the transformation process- Returns:
- Wrapped APDU
-
wrap
public CommandAPDU wrap(CommandAPDU apduToWrap, int usageQualifier)
Description copied from interface:SecureChannel
Wrap a CommandAPDU- Specified by:
wrap
in interfaceSecureChannel
- Parameters:
apduToWrap
- Command APDU to be wrappedusageQualifier
- Qualifier to control the transformation process- Returns:
- Wrapped APDU
-
scpOptionsSupported
public static boolean scpOptionsSupported(byte options)
-
-