AusweisApp2
KeyAgreement.h
gehe zur Dokumentation dieser Datei
1 
7 #pragma once
8 
9 #include "CardConnectionWorker.h"
12 
13 #include <QSharedPointer>
14 
15 namespace governikus
16 {
17 
19 {
20  SUCCESS,
21  RETRY_ALLOWED,
22  COMMUNICATION_ERROR,
23  FAILED,
25 };
26 
28 {
29  protected:
30  struct CardResult
31  {
32  CardReturnCode mReturnCode = CardReturnCode::UNDEFINED;
33  QByteArray mData = QByteArray();
34  };
35 
36  private:
37  const QSharedPointer<CardConnectionWorker> mCardConnectionWorker;
38  QByteArray mEncryptionKey;
39  QByteArray mMacKey;
40  QByteArray mCarCurr, mCarPrev;
41 
42 
43  CardResult createTransmitResult(CardReturnCode pReturnCode,
44  StatusCode pResponseReturnCode,
45  const QByteArray& pResultData,
46  const char* pLogMessage) const;
47 
54  CardResult determineNonce(const QByteArray& pPin);
55 
62  virtual CardResult determineSharedSecret(const QByteArray& pNonce) = 0;
63 
69  virtual QByteArray getUncompressedTerminalPublicKey() = 0;
70 
75  CardResult transmitGAEncryptedNonce();
76 
82  KeyAgreementStatus performMutualAuthenticate();
83 
84  protected:
85  const QSharedPointer<const PaceInfo> mPaceInfo;
87 
88  KeyAgreement(const QSharedPointer<const PaceInfo>& pPaceInfo, const QSharedPointer<CardConnectionWorker>& pCardConnectionWorker);
89 
95  [[nodiscard]] CardResult transmitGAMappingData(const QByteArray& pMappingData) const;
96 
102  CardResult transmitGAEphemeralPublicKey(const QByteArray& pEphemeralPublicKey);
103 
109  GAMutualAuthenticationResponse transmitGAMutualAuthentication(const QByteArray& pMutualAuthenticationData);
110 
111  public:
117  virtual QByteArray getUncompressedCardPublicKey() = 0;
118 
124  virtual QByteArray getCompressedCardPublicKey() = 0;
125 
132  static QSharedPointer<KeyAgreement> create(const QSharedPointer<const PaceInfo>& pPaceInfo,
133  QSharedPointer<CardConnectionWorker> pCardConnectionWorker);
134  virtual ~KeyAgreement();
135 
141  KeyAgreementStatus perform(const QByteArray& pPin);
142 
148  [[nodiscard]] const QByteArray& getEncryptionKey() const;
149 
155  [[nodiscard]] const QByteArray& getMacKey() const;
156 
161  [[nodiscard]] const QByteArray& getCarCurr() const;
162 
167  [[nodiscard]] const QByteArray& getCarPrev() const;
168 };
169 
170 } // namespace governikus
governikus::KeyAgreementStatus::SUCCESS
@ SUCCESS
governikus::GABuilder::build
CommandApdu build() override
Definition: GABuilder.cpp:58
CipherMac.h
CardConnectionWorker.h
governikus::EcdhKeyAgreement::create
static QSharedPointer< EcdhKeyAgreement > create(const QSharedPointer< const PaceInfo > &pPaceInfo, const QSharedPointer< CardConnectionWorker > &pCardConnectionWorker)
Definition: EcdhKeyAgreement.cpp:53
governikus::KeyAgreement::~KeyAgreement
virtual ~KeyAgreement()
Definition: KeyAgreement.cpp:83
governikus::GAMutualAuthenticationResponse::getAuthenticationToken
const QByteArray & getAuthenticationToken() const
Definition: GeneralAuthenticateResponse.cpp:236
governikus::GAMapNonceResponse
Definition: GeneralAuthenticateResponse.h:70
governikus::KeyDerivationFunction
Definition: KeyDerivationFunction.h:16
governikus::SymmetricCipher
Definition: SymmetricCipher.h:16
governikus::GAEncryptedNonceResponse
Definition: GeneralAuthenticateResponse.h:44
governikus::KeyAgreement::transmitGAMappingData
CardResult transmitGAMappingData(const QByteArray &pMappingData) const
Transmit the General Authenticate (Mapping Data) command to the card.
Definition: KeyAgreement.cpp:207
governikus::KeyAgreement::transmitGAEphemeralPublicKey
CardResult transmitGAEphemeralPublicKey(const QByteArray &pEphemeralPublicKey)
Transmit the General Authenticate (Ephemeral Public Key) command to the card.
Definition: KeyAgreement.cpp:196
governikus::mCarCurr
ASN1_OCTET_STRING * mCarCurr
Definition: GeneralAuthenticateResponse.h:118
governikus::GAMapNonceResponse::getMappingData
const QByteArray & getMappingData() const
Definition: GeneralAuthenticateResponse.cpp:129
governikus::KeyAgreement::getCompressedCardPublicKey
virtual QByteArray getCompressedCardPublicKey()=0
Returns the compressed card's ephemeral public key calculated during key agreement.
governikus::KeyAgreement::CardResult
Definition: KeyAgreement.h:31
governikus::GABuilder
Definition: GABuilder.h:16
governikus::CommandApdu::CLA
static const char CLA
Definition: CommandApdu.h:26
returnCode
#define returnCode(x)
toString method for PCSC_RETURNCODE and platform dependent typedefs for PCSC types.
Definition: PcscUtils.h:51
governikus::SUCCESS
SUCCESS
Definition: ResponseApdu.h:79
governikus::KeyAgreement::mPaceInfo
const QSharedPointer< const PaceInfo > mPaceInfo
Definition: KeyAgreement.h:85
KeyDerivationFunction.h
governikus::GAPerformKeyAgreementResponse
Definition: GeneralAuthenticateResponse.h:96
governikus::GABuilder::setPaceAuthenticationToken
void setPaceAuthenticationToken(const QByteArray &pData)
Definition: GABuilder.cpp:51
SymmetricCipher.h
governikus::KeyAgreement::mKeyDerivationFunction
KeyDerivationFunction mKeyDerivationFunction
Definition: KeyAgreement.h:86
governikus::KeyDerivationFunction::enc
QByteArray enc(const QByteArray &pSecret)
Derive the encryption key.
Definition: KeyDerivationFunction.cpp:60
governikus::KeyAgreement::CardResult::mData
QByteArray mData
Definition: KeyAgreement.h:33
governikus::KeyAgreement
Definition: KeyAgreement.h:28
governikus::mCarPrev
ASN1_OCTET_STRING * mCarPrev
Definition: GeneralAuthenticateResponse.h:119
GeneralAuthenticateResponse.h
GlobalStatus.h
governikus::KeyAgreement::getMacKey
const QByteArray & getMacKey() const
Subsequent to the key agreement a MAC key is determined.
Definition: KeyAgreement.cpp:251
governikus
Implementation of ActivationContext for Intent based activation on Android systems.
Definition: ActivationContext.h:15
governikus::CipherMac
Definition: CipherMac.h:16
governikus::KeyAgreement::KeyAgreement
KeyAgreement(const QSharedPointer< const PaceInfo > &pPaceInfo, const QSharedPointer< CardConnectionWorker > &pCardConnectionWorker)
Definition: KeyAgreement.cpp:71
governikus::GAMutualAuthenticationResponse::getCarCurr
const QByteArray & getCarCurr() const
Definition: GeneralAuthenticateResponse.cpp:242
governikus::KeyAgreement::create
static QSharedPointer< KeyAgreement > create(const QSharedPointer< const PaceInfo > &pPaceInfo, QSharedPointer< CardConnectionWorker > pCardConnectionWorker)
Factory method to create an instance of KeyAgreement.
Definition: KeyAgreement.cpp:56
governikus::GAMutualAuthenticationResponse::getCarPrev
const QByteArray & getCarPrev() const
Definition: GeneralAuthenticateResponse.cpp:248
governikus::GAResponseApdu::getReturnCode
StatusCode getReturnCode() const
Definition: GeneralAuthenticateResponse.cpp:31
GABuilder.h
governikus::KeyAgreement::getUncompressedCardPublicKey
virtual QByteArray getUncompressedCardPublicKey()=0
Returns the uncompressed card's ephemeral public key calculated during key agreement.
governikus::GABuilder::setPaceMappingData
void setPaceMappingData(const QByteArray &pData)
Definition: GABuilder.cpp:37
governikus::KeyAgreementStatus
KeyAgreementStatus
Definition: KeyAgreement.h:19
governikus::CommandApdu::CLA_COMMAND_CHAINING
static const char CLA_COMMAND_CHAINING
Definition: CommandApdu.h:27
governikus::KeyAgreement::getCarPrev
const QByteArray & getCarPrev() const
Subsequent to the key agreement a certificate authority reference (CAR) may be determined.
Definition: KeyAgreement.cpp:245
governikus::KeyAgreement::perform
KeyAgreementStatus perform(const QByteArray &pPin)
Perform the key agreement.
Definition: KeyAgreement.cpp:88
governikus::KeyAgreement::transmitGAMutualAuthentication
GAMutualAuthenticationResponse transmitGAMutualAuthentication(const QByteArray &pMutualAuthenticationData)
Transmit the General Authenticate (Mutual Authentication) command to the card.
Definition: KeyAgreement.cpp:219
KeyAgreement.h
governikus::GAMutualAuthenticationResponse
Definition: GeneralAuthenticateResponse.h:126
governikus::GAPerformKeyAgreementResponse::getEphemeralPublicKey
const QByteArray & getEphemeralPublicKey() const
Definition: GeneralAuthenticateResponse.cpp:178
EcdhKeyAgreement.h
governikus::KeyAgreement::CardResult::mReturnCode
CardReturnCode mReturnCode
Definition: KeyAgreement.h:32
governikus::KeyDerivationFunction::pi
QByteArray pi(const QByteArray &pSecret)
Derive the password key.
Definition: KeyDerivationFunction.cpp:72
governikus::KeyAgreement::getCarCurr
const QByteArray & getCarCurr() const
Subsequent to the key agreement a certificate authority reference (CAR) may be determined.
Definition: KeyAgreement.cpp:239
governikus::KnownOIDs::id_PACE::ECDH
ECDH
Definition: KnownOIDs.h:104
governikus::KeyDerivationFunction::mac
QByteArray mac(const QByteArray &pSecret)
Derive the MAC key.
Definition: KeyDerivationFunction.cpp:66
governikus::GABuilder::setPaceEphemeralPublicKey
void setPaceEphemeralPublicKey(const QByteArray &pData)
Definition: GABuilder.cpp:44
PaceInfo.h
governikus::KeyAgreement::getEncryptionKey
const QByteArray & getEncryptionKey() const
Subsequent to the key agreement an encryption key is determined.
Definition: KeyAgreement.cpp:233