Package de.cardcontact.opencard.security

Class GPSCP02SecureChannel

  • All Implemented Interfaces:
    SecureChannel
    public class GPSCP02SecureChannel
extends java.lang.Object
implements SecureChannel
    Basic implementation for SCP 02 secure channel according to GP 2.1.1 This implementation supports the following implementation options: "i" = '15': Initiation mode explicit, C-MAC on modified APDU, ICV set to zero, ICV encryption for C-MAC session, 3 Secure Channel Keys, unspecified card challenge generation method, no R-MAC; "i" = '55': Initiation mode explicit, C-MAC on modified APDU, ICV set to zero, ICV encryption for C-MAC session, 3 Secure Channel Keys, well-known pseudo-random algorithm (card challenge), no R-MAC
    Author:
    Frank Thater

    • Field Detail

      • THREE_SECURE_CHANNEL_BASE_KEYS

        public static final byte THREE_SECURE_CHANNEL_BASE_KEYS
        Supported values for the "i" parameter ("i" = '15' and "i" = '55')
        See Also:
        Constant Field Values

      • INITIATION_MODE_EXPLICIT

        public static final byte INITIATION_MODE_EXPLICIT
        See Also:
        Constant Field Values

      • ICV_ENCRYPTION_FOR_CMAC_SESSION

        public static final byte ICV_ENCRYPTION_FOR_CMAC_SESSION
        See Also:
        Constant Field Values

      • WELL_KNOWN_PSEUDO_RANDOM_ALGORITHM

        public static final byte WELL_KNOWN_PSEUDO_RANDOM_ALGORITHM
        See Also:
        Constant Field Values

      • UNSPECIFIED_CARD_CHALLENGE_GENERATION

        public static final byte UNSPECIFIED_CARD_CHALLENGE_GENERATION
        See Also:
        Constant Field Values

      • provider

        protected java.lang.String provider

    • Constructor Detail

      • GPSCP02SecureChannel

        public GPSCP02SecureChannel​(java.security.Key senc,
                            java.security.Key smac,
                            java.security.Key dek,
                            byte[] iv,
                            byte securityLevel,
                            java.lang.String provider)
                     throws java.security.NoSuchAlgorithmException,
                            java.security.NoSuchProviderException,
                            javax.crypto.NoSuchPaddingException
        Create initialized secure channel object
        Parameters:
        provider - Cryptographic service provider for JCE
        Throws:
        java.security.NoSuchProviderException
        java.security.NoSuchAlgorithmException
        javax.crypto.NoSuchPaddingException

    • Method Detail

      • unwrap

        public ResponseAPDU unwrap​(ResponseAPDU apduToUnwrap,
                           int usageQualifier)
        Description copied from interface: SecureChannel
        Unwrap a CommandAPDU
        Specified by:
        unwrap in interface SecureChannel
        Parameters:
        apduToUnwrap - Response APDU to be unwrapped
        usageQualifier - Qualifier to control the transformation process
        Returns:
        Wrapped APDU

      • wrap

        public CommandAPDU wrap​(CommandAPDU apduToWrap,
                        int usageQualifier)
        Description copied from interface: SecureChannel
        Wrap a CommandAPDU
        Specified by:
        wrap in interface SecureChannel
        Parameters:
        apduToWrap - Command APDU to be wrapped
        usageQualifier - Qualifier to control the transformation process
        Returns:
        Wrapped APDU

      • scpOptionsSupported

        public static boolean scpOptionsSupported​(byte options)