def authenticate(self, data):
"""Compute a MAC for block of data using the secret established by the
PACE protocol. This method can only be used after a successful run of
eac.
"""
auth = eac.EAC_authenticate(self.ctx, data)
if not auth or not eac.EAC_increment_ssc(self.ctx):
raise PACEException("Failed to compute MAC for: " + data)
return auth
def decrypt(self, data):
"""Decrypt a block of data using the secret established by the PACE
protocol. This method can only be used after a successful run of eac.
"""
dec = eac.EAC_decrypt(self.ctx, data)
if not dec or not eac.EAC_increment_ssc(self.ctx):
raise PACEException("Failed to decrypt the following data: " +
data)
return dec
def verify_authentication_token(self, token):
ret = eac.PACE_STEP3D_verify_authentication_token(self.ctx, token)
if (not ret):
raise PACEException("Failed to verify authentication token")
if (eac.EAC_CTX_set_encryption_ctx(self.ctx, eac.EAC_ID_PACE) == 0):
raise PACEException(
"Failed to initialize Secure Messaging context")
# PICC starts with ssc = 1
if not eac.EAC_increment_ssc(self.ctx):
raise PACEException("Failed to incremement ssc")
return ret
def parse_SM_CAPDU(self, CAPDU, header_authentication):
if hasattr(self.current_SE, "new_encryption_ctx"):
if self.current_SE.new_encryption_ctx == eac.EAC_ID_PACE:
protocol = "PACE"
else:
protocol = "CA"
print "switching to new encryption context established in %s:" % protocol
print eac.EAC_CTX_print_private(self.current_SE.eac_ctx, 4)
eac.EAC_CTX_set_encryption_ctx(self.current_SE.eac_ctx,
self.current_SE.new_encryption_ctx)
delattr(self.current_SE, "new_encryption_ctx")
eac.EAC_increment_ssc(self.current_SE.eac_ctx)
return SAM.parse_SM_CAPDU(self, CAPDU, 1)
def protect_result(self, sw, unprotected_result):
eac.EAC_increment_ssc(self.current_SE.eac_ctx)
return SAM.protect_result(self, sw, unprotected_result)
