@Override public byte[] process(byte[] challenge, SecuritySuite securitySuite, byte[] systemTitle, int frameCounter) throws IOException, UnsupportedOperationException { final byte[] encryptionKey = securitySuite.getGlobalUnicastEncryptionKey(); final byte[] authenticationKey = securitySuite.getAuthenticationKey(); final byte sc = SecurityControl.AUTHENTICATION.getSecurityControlByte(); byte[] frameCounterBytes = ByteBuffer.allocate(4).putInt(frameCounter).array(); byte[] iv = ByteBuffer.allocate(systemTitle.length + frameCounterBytes.length) .put(systemTitle) .put(frameCounterBytes) .array(); CipherParameters cipherParameters = new KeyParameter(encryptionKey); ParametersWithIV parameterWithIV = new ParametersWithIV(cipherParameters, iv); GMac mac = new GMac(new GCMBlockCipher(new AESEngine()), 96); mac.init(parameterWithIV); byte[] input = ByteBuffer.allocate(1 + authenticationKey.length + challenge.length) .put(sc) .put(authenticationKey) .put(challenge) .array(); mac.update(input, 0, input.length); final byte[] generatedMac = new byte[mac.getMacSize()]; mac.doFinal(generatedMac, 0); return ByteBuffer.allocate(1 + frameCounterBytes.length + generatedMac.length) .put(sc) .put(frameCounterBytes) .put(generatedMac) .array(); }
private byte[] aesGmac(P11Params params, byte[] contentToSign) throws P11TokenException { if (params == null) { throw new P11TokenException("iv may not be null"); } byte[] iv; if (params instanceof P11Params.P11IVParams) { iv = ((P11Params.P11IVParams) params).getIV(); } else { throw new P11TokenException("params must be instanceof P11IVParams"); } GMac gmac = new GMac(new GCMBlockCipher(new AESEngine())); ParametersWithIV paramsWithIv = new ParametersWithIV(new KeyParameter(signingKey.getEncoded()), iv); gmac.init(paramsWithIv); gmac.update(contentToSign, 0, contentToSign.length); byte[] signature = new byte[gmac.getMacSize()]; gmac.doFinal(signature, 0); return signature; }