def external_authenticate(self, p1, p2, data):
"""
Authenticate the terminal to the card. Check whether Terminal correctly
encrypted the given challenge or not
"""
if self.dst.keyref_public_key: # TODO check if this is the correct CAR
id_picc = eac.EAC_Comp(self.eac_ctx, eac.EAC_ID_PACE,
self.my_pace_eph_pubkey)
# FIXME auxiliary_data might be from an older run of PACE
if hasattr(self.at, "auxiliary_data"):
auxiliary_data = self.at.auxiliary_data
else:
auxiliary_data = None
if 1 != eac.TA_STEP6_verify(self.eac_ctx, self.at.iv, id_picc,
auxiliary_data, data):
eac.print_ossl_err()
print("Could not verify Terminal's signature")
raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
print("Terminal's signature verified")
self.eac_step += 1
return 0x9000, b""
raise SwError(SW["ERR_CONDITIONNOTSATISFIED"])
def EAC_Comp(self):
return eac.EAC_Comp(self.ctx, eac.EAC_ID_PACE, self._ephemeral_pubkey)