def get_authentication_token(self):
ret = eac.PACE_STEP3D_compute_authentication_token(
self.ctx, self._opp_pubkey)
if (not ret):
raise PACEException("Failed to compute authentication token")
if (eac.EAC_CTX_set_encryption_ctx(self.ctx, eac.EAC_ID_PACE) == 0):
raise PACEException(
"Failed to initialize Secure Messaging context")
return ret
def __eac_pace_step4(self, data):
tlv_data = nPA_SE.__unpack_general_authenticate(data)
eac.PACE_STEP3C_derive_keys(self.eac_ctx)
my_token = \
eac.PACE_STEP3D_compute_authentication_token(self.eac_ctx,
self.pace_opp_pub_key)
token = b""
for tag, length, value in tlv_data:
if tag == 0x85:
token = value
else:
raise SwError(SW["ERR_INCORRECTPARAMETERS"])
ver = eac.PACE_STEP3D_verify_authentication_token(self.eac_ctx, token)
if not my_token or ver != 1:
eac.print_ossl_err()
raise SwError(SW["WARN_NOINFO63"])
print("Established PACE channel")
if self.at.keyref_is_can():
if (self.sam.counter == 1):
self.sam.active = True
print("PIN resumed")
elif self.at.keyref_is_pin():
self.sam.active = True
self.sam.counter = 3
elif self.at.keyref_is_puk():
self.sam.active = True
self.sam.counter = 3
print("PIN unblocked")
self.eac_step += 1
self.at.algorithm = "TA"
self.new_encryption_ctx = eac.EAC_ID_PACE
result = [[0x86, len(my_token), my_token]]
if self.at.chat:
if self.cvca:
self.car = CVC(self.cvca).get_chr()
result.append([0x87, len(self.car), self.car])
if (self.disable_checks):
eac.TA_disable_checks(self.eac_ctx)
if not eac.EAC_CTX_init_ta(self.eac_ctx, None, self.cvca):
eac.print_ossl_err()
raise SwError(SW["WARN_NOINFO63"])
return 0x9000, nPA_SE.__pack_general_authenticate(result)
eac.PACE_STEP3A_map_generator(pcd_ctx, picc_mapping_data)
eac.PACE_STEP3A_map_generator(picc_ctx, pcd_mapping_data)
print("PACE step 3B")
pcd_ephemeral_pubkey = eac.PACE_STEP3B_generate_ephemeral_key(pcd_ctx)
picc_ephemeral_pubkey = eac.PACE_STEP3B_generate_ephemeral_key(picc_ctx)
eac.PACE_STEP3B_compute_shared_secret(pcd_ctx, picc_ephemeral_pubkey)
eac.PACE_STEP3B_compute_shared_secret(picc_ctx, pcd_ephemeral_pubkey)
print("PACE step 3C")
eac.PACE_STEP3C_derive_keys(pcd_ctx)
eac.PACE_STEP3C_derive_keys(picc_ctx)
print("PACE step 3D")
pcd_token = eac.PACE_STEP3D_compute_authentication_token(
pcd_ctx, picc_ephemeral_pubkey)
picc_token = eac.PACE_STEP3D_compute_authentication_token(
picc_ctx, pcd_ephemeral_pubkey)
eac.PACE_STEP3D_verify_authentication_token(pcd_ctx, picc_token)
r = eac.PACE_STEP3D_verify_authentication_token(picc_ctx, pcd_token)
print("PICC's EAC_CTX:")
print(eac.EAC_CTX_print_private(picc_ctx, 4))
print("PCD's EAC_CTX:")
print(eac.EAC_CTX_print_private(pcd_ctx, 4))
eac.EAC_CTX_clear_free(pcd_ctx)
eac.EAC_CTX_clear_free(picc_ctx)
eac.PACE_SEC_clear_free(secret)