From 0b27319bd2886fd1b79441d8cc6076b96da9425d Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Tue, 11 Jan 2011 18:23:25 +0000
Subject: establish secure channel

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@882 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../at/gv/egiz/smcc/activation/Activation.java     | 35 +++++++++++++++++-----
 1 file changed, 27 insertions(+), 8 deletions(-)

(limited to 'smccTest')

diff --git a/smccTest/src/main/java/at/gv/egiz/smcc/activation/Activation.java b/smccTest/src/main/java/at/gv/egiz/smcc/activation/Activation.java
index fce59066..8d102c80 100644
--- a/smccTest/src/main/java/at/gv/egiz/smcc/activation/Activation.java
+++ b/smccTest/src/main/java/at/gv/egiz/smcc/activation/Activation.java
@@ -521,21 +521,16 @@ public class Activation {
 //	keyinp = kicc.xor(kifd);
 //
 
+        // TDES session key negotiation according to E-Sign K [STARCOS,6.11]?
+
         byte[] kd_icc = Arrays.copyOfRange(plain, 32, 96);
         System.out.println("derive key input...");
         byte[] kinp = new byte[kd_ifd.length];
         for (int i = 0; i < kd_ifd.length; i++) {
-
-//          System.out.println(Integer.toBinaryString(kd_icc[i]));
-//          System.out.println(Integer.toBinaryString(kd_ifd[i]));
-
           kinp[i] = (byte) (kd_icc[i] ^ kd_ifd[i]);
-
-//          System.out.println(Integer.toBinaryString(kinp[i]) + "\n");
-
         }
 
-        // TODO derive key
+        System.out.println("session key negotiation key (key seed): " + toString(kinp));
 
 //	var hashin = keyinp.concat(new ByteString("00000001", HEX));
 //	var hashres = crypto.digest(Crypto.SHA_256, hashin);
@@ -547,6 +542,18 @@ public class Activation {
 //	var kenc = new Key();
 //	kenc.setComponent(Key.DES, kencval);
 //
+
+        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
+        sha256.update(kinp);
+        sha256.update(new byte[] { (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01});
+        byte[] enc_ = sha256.digest();
+
+        SecretKeySpec kenc = new SecretKeySpec(Arrays.copyOfRange(enc_, 0, 24), "3DES");
+        byte[] kencssc = Arrays.copyOfRange(enc_, 24, 32);
+
+        System.out.println("session key kenc: " + toString(kenc.getEncoded()));
+        System.out.println("send sequence counter SSC_enc: " + toString(kencssc));
+
 //	var hashin = keyinp.concat(new ByteString("00000002", HEX));
 //	var hashres = crypto.digest(Crypto.SHA_256, hashin);
 //	var kmacval = hashres.bytes(0, 24);
@@ -556,6 +563,17 @@ public class Activation {
 //	GPSystem.trace("Kmac SSC     : " + kmacssc);
 //	var kmac = new Key();
 //	kmac.setComponent(Key.DES, kmacval);
+
+        sha256.update(kinp);
+        sha256.update(new byte[] { (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x02});
+        enc_ = sha256.digest();
+
+        SecretKeySpec kmac = new SecretKeySpec(Arrays.copyOfRange(enc_, 0, 24), "3DES");
+        byte[] kmacssc = Arrays.copyOfRange(enc_, 24, 32);
+
+        System.out.println("session key kmac: " + toString(kmac.getEncoded()));
+        System.out.println("send sequence counter SSC_mac: " + toString(kmacssc));
+
 //
 //	var sc = new IsoSecureChannel(crypto);
 //	sc.setEncKey(kenc);
@@ -566,6 +584,7 @@ public class Activation {
 //	return sc;
 //}
 
+        channel = new SecureChannel(channel, kenc, kmac, kencssc, kmacssc);
 
     }
 
-- 
cgit v1.2.3