def tatest():
ta = PACEEntity("123456")
assert eac.EAC_CTX_init_ca(ta.ctx, eac.OBJ_txt2nid("id-CA-ECDH-AES-CBC-CMAC-128"), 11) == 1
# our certificates aren't up to date
eac.TA_disable_checks(ta.ctx)
assert eac.EAC_CTX_init_ta(ta.ctx, None, CVCA) == 1
assert eac.TA_STEP2_import_certificate(ta.ctx, DVCA) == 1
assert eac.TA_STEP2_import_certificate(ta.ctx, CHAIN_CVC) == 1
nonce = eac.TA_STEP4_get_nonce(ta.ctx)
assert nonce is not None
def tatest():
ta = PACEEntity("123456")
assert eac.EAC_CTX_init_ca(ta.ctx, eac.id_CA_ECDH_AES_CBC_CMAC_128,
11) == 1
# our certificates aren't up to date
eac.TA_disable_checks(ta.ctx)
assert eac.EAC_CTX_init_ta(ta.ctx, None, CVCA) == 1
assert eac.TA_STEP2_import_certificate(ta.ctx, DVCA) == 1
assert eac.TA_STEP2_import_certificate(ta.ctx, CHAIN_CVC) == 1
nonce = eac.TA_STEP4_get_nonce(ta.ctx)
assert nonce is not None
def __eac_pace_step4(self, data):
tlv_data = nPA_SE.__unpack_general_authenticate(data)
eac.PACE_STEP3C_derive_keys(self.eac_ctx)
my_token = \
eac.PACE_STEP3D_compute_authentication_token(self.eac_ctx,
self.pace_opp_pub_key)
token = b""
for tag, length, value in tlv_data:
if tag == 0x85:
token = value
else:
raise SwError(SW["ERR_INCORRECTPARAMETERS"])
ver = eac.PACE_STEP3D_verify_authentication_token(self.eac_ctx, token)
if not my_token or ver != 1:
eac.print_ossl_err()
raise SwError(SW["WARN_NOINFO63"])
print("Established PACE channel")
if self.at.keyref_is_can():
if (self.sam.counter == 1):
self.sam.active = True
print("PIN resumed")
elif self.at.keyref_is_pin():
self.sam.active = True
self.sam.counter = 3
elif self.at.keyref_is_puk():
self.sam.active = True
self.sam.counter = 3
print("PIN unblocked")
self.eac_step += 1
self.at.algorithm = "TA"
self.new_encryption_ctx = eac.EAC_ID_PACE
result = [[0x86, len(my_token), my_token]]
if self.at.chat:
if self.cvca:
self.car = CVC(self.cvca).get_chr()
result.append([0x87, len(self.car), self.car])
if (self.disable_checks):
eac.TA_disable_checks(self.eac_ctx)
if not eac.EAC_CTX_init_ta(self.eac_ctx, None, self.cvca):
eac.print_ossl_err()
raise SwError(SW["WARN_NOINFO63"])
return 0x9000, nPA_SE.__pack_general_authenticate(result)