| Code with Finding: |
class PassportAuthService {
/**
* Performs the <i>Basic Access Control</i> protocol.
*
* @param docNr the document number
* @param dateOfBirth card holder's birth date
* @param dateOfExpiry document's expiry date
*/
public void doBAC(String docNr, String dateOfBirth, String dateOfExpiry)
throws GeneralSecurityException, UnsupportedEncodingException {
byte[] keySeed = Util.computeKeySeed(docNr, dateOfBirth, dateOfExpiry);
SecretKey kEnc = Util.deriveKey(keySeed, Util.ENC_MODE);
SecretKey kMac = Util.deriveKey(keySeed, Util.MAC_MODE);
byte[] rndICC = service.sendGetChallenge();
byte[] rndIFD = new byte[8]; /* random */
byte[] kIFD = new byte[16]; /* random */
byte[] response = service.sendMutualAuth(rndIFD, rndICC, kIFD, kEnc, kMac);
byte[] kICC = new byte[16];
System.arraycopy(response, 16, kICC, 0, 16);
keySeed = new byte[16];
for (int i = 0; i < 16; i++) {
keySeed[i] = (byte) ((kIFD[i] & 0x000000FF) ^ (kICC[i] & 0x000000FF));
}
SecretKey ksEnc = Util.deriveKey(keySeed, Util.ENC_MODE);
SecretKey ksMac = Util.deriveKey(keySeed, Util.MAC_MODE);
long ssc = Util.computeSendSequenceCounter(rndICC, rndIFD);
wrapper = new SecureMessagingWrapper(ksEnc, ksMac, ssc);
notifyBACPerformed(wrapper, rndICC, rndIFD, kIFD, kICC, true);
state = BAC_AUTHENTICATED_STATE;
}
}
|
