Keyple C++
0.9.0
Keyple, an Open Source SDK for Ticketing
|
#include <SamCommandProcessor.h>
Public Member Functions | |
SamCommandProcessor (const std::shared_ptr< SeResource< CalypsoPo >> poResource, const std::shared_ptr< PoSecuritySettings > poSecuritySettings) | |
const std::vector< uint8_t > | getSessionTerminalChallenge () |
void | initializeDigester (const AccessLevel &accessLevel, const bool sessionEncryption, const bool verificationMode, const uint8_t poKif, const uint8_t poKVC, const std::vector< uint8_t > &digestData) |
void | pushPoExchangeDataList (const std::vector< std::shared_ptr< ApduRequest >> &requests, const std::vector< std::shared_ptr< ApduResponse >> &responses, const int startIndex) |
const std::vector< uint8_t > | getTerminalSignature () |
void | authenticatePoSignature (const std::vector< uint8_t > &poSignatureLo) |
const std::vector< uint8_t > | getCipheredPinData (const std::vector< uint8_t > &poChallenge, const std::vector< uint8_t > ¤tPin, const std::vector< uint8_t > &newPin) |
const std::vector< uint8_t > | getSvReloadComplementaryData (std::shared_ptr< SvReloadCmdBuild > svReloadCmdBuild, const std::vector< uint8_t > &svGetHeader, const std::vector< uint8_t > &svGetData) |
const std::vector< uint8_t > | getSvDebitComplementaryData (std::shared_ptr< SvDebitCmdBuild > svDebitCmdBuild, const std::vector< uint8_t > &svGetHeader, const std::vector< uint8_t > &svGetData) |
const std::vector< uint8_t > | getSvUndebitComplementaryData (std::shared_ptr< SvUndebitCmdBuild > svUndebitCmdBuild, const std::vector< uint8_t > &svGetHeader, const std::vector< uint8_t > &svGetData) |
void | checkSvStatus (const std::vector< uint8_t > &svOperationResponseData) |
The SamCommandProcessor class is dedicated to the management of commands sent to the SAM.
In particular, it manages the cryptographic computations related to the secure session (digest computation).
It also will integrate the SAM commands used for Stored Value and PIN/key management. In session, these commands need to be carefully synchronized with the digest calculation.
keyple::calypso::transaction::SamCommandProcessor::SamCommandProcessor | ( | const std::shared_ptr< SeResource< CalypsoPo >> | poResource, |
const std::shared_ptr< PoSecuritySettings > | poSecuritySettings | ||
) |
Constructor
poResource | the PO resource containing the PO reader and the Calypso PO information |
poSecuritySettings | the security settings from the application layer |
void keyple::calypso::transaction::SamCommandProcessor::authenticatePoSignature | ( | const std::vector< uint8_t > & | poSignatureLo | ) |
Authenticates the signature part from the PO
Executes the Digest Authenticate command with the PO part of the signature.
poSignatureLo | the PO part of the signature |
CalypsoSamIOException | if the communication with the SAM has failed. |
CalypsoDesynchronizedExchangesException | if the APDU SAM exchanges are out of sync |
CalypsoSamCommandException | if the SAM has responded with an error status |
void keyple::calypso::transaction::SamCommandProcessor::checkSvStatus | ( | const std::vector< uint8_t > & | svOperationResponseData | ) |
Checks the status of the last SV operation
The PO signature is compared by the SAM with the one it has computed on its side.
svOperationResponseData | the data of the SV operation performed |
CalypsoSamIOException | if the communication with the SAM has failed. |
CalypsoSamCommandException | if the SAM has responded with an error status |
const std::vector< uint8_t > keyple::calypso::transaction::SamCommandProcessor::getCipheredPinData | ( | const std::vector< uint8_t > & | poChallenge, |
const std::vector< uint8_t > & | currentPin, | ||
const std::vector< uint8_t > & | newPin | ||
) |
Compute the PIN ciphered data for the encrypted PIN verification or PIN update commands
poChallenge | the challenge from the PO |
currentPin | the current PIN value |
newPin | the new PIN value (set to null if the operation is a PIN presentation) |
CalypsoSamIOException | if the communication with the SAM has failed. |
CalypsoDesynchronizedExchangesException | if the APDU SAM exchanges are out of sync |
CalypsoSamCommandException | if the SAM has responded with an error status |
const std::vector< uint8_t > keyple::calypso::transaction::SamCommandProcessor::getSessionTerminalChallenge | ( | ) |
Gets the terminal challenge
Performs key diversification if necessary by sending the SAM Select Diversifier command prior to the Get Challenge command. The diversification flag is set to avoid further unnecessary diversification operations.
If the key diversification is already done, the Select Diversifier command is omitted.
The length of the challenge varies from one PO revision to another. This information can be found in the SeResource class field.
CalypsoSamIOException | if the communication with the SAM has failed. |
CalypsoDesynchronizedExchangesException | if the APDU SAM exchanges are out of sync |
CalypsoSamCommandException | if the SAM has responded with an error status |
const std::vector< uint8_t > keyple::calypso::transaction::SamCommandProcessor::getSvDebitComplementaryData | ( | std::shared_ptr< SvDebitCmdBuild > | svDebitCmdBuild, |
const std::vector< uint8_t > & | svGetHeader, | ||
const std::vector< uint8_t > & | svGetData | ||
) |
Computes the cryptographic data required for the SvDebit command.
Use the data from the SvGet command and the partial data from the SvDebit command for this purpose.
The returned data will be used to finalize the PO SvDebit command.
svDebitCmdBuild | the SV Debit command builder |
svGetHeader | the SV Get command header |
svGetData | the SV Get command response data |
CalypsoSamIOException | if the communication with the SAM has failed. |
const std::vector< uint8_t > keyple::calypso::transaction::SamCommandProcessor::getSvReloadComplementaryData | ( | std::shared_ptr< SvReloadCmdBuild > | svReloadCmdBuild, |
const std::vector< uint8_t > & | svGetHeader, | ||
const std::vector< uint8_t > & | svGetData | ||
) |
Computes the cryptographic data required for the SvReload command.
Use the data from the SvGet command and the partial data from the SvReload command for this purpose.
The returned data will be used to finalize the PO SvReload command.
svReloadCmdBuild | the SvDebit builder providing the SvReload partial data |
svGetHeader | the SV Get command header |
svGetData | the SV Get command response data |
CalypsoSamIOException | if the communication with the SAM has failed. |
const std::vector< uint8_t > keyple::calypso::transaction::SamCommandProcessor::getSvUndebitComplementaryData | ( | std::shared_ptr< SvUndebitCmdBuild > | svUndebitCmdBuild, |
const std::vector< uint8_t > & | svGetHeader, | ||
const std::vector< uint8_t > & | svGetData | ||
) |
Computes the cryptographic data required for the SvUndebit command.
Use the data from the SvGet command and the partial data from the SvUndebit command for this purpose.
The returned data will be used to finalize the PO SvUndebit command.
svUndebitCmdBuild | the SV Undebit command builder |
svGetHeader | the SV Get command header |
svGetData | the SV Get command response data |
CalypsoSamIOException | if the communication with the SAM has failed. |
const std::vector< uint8_t > keyple::calypso::transaction::SamCommandProcessor::getTerminalSignature | ( | ) |
Gets the terminal signature from the SAM
All remaining data in the digest cache is sent to the SAM and the Digest Close command is executed.
CalypsoSamIOException | if the communication with the SAM has failed. |
CalypsoDesynchronizedExchangesException | if the APDU SAM exchanges are out of sync |
CalypsoSamCommandException | if the SAM has responded with an error status |
void keyple::calypso::transaction::SamCommandProcessor::initializeDigester | ( | const AccessLevel & | accessLevel, |
const bool | sessionEncryption, | ||
const bool | verificationMode, | ||
const uint8_t | poKif, | ||
const uint8_t | poKVC, | ||
const std::vector< uint8_t > & | digestData | ||
) |
Initializes the digest computation process
Resets the digest data cache, then fills a first packet with the provided data (from open secure session).
Keeps the session parameters, sets the KIF if not defined
Note: there is no communication with the SAM here.
accessLevel | the Acces Level |
sessionEncryption | true if the session is encrypted |
verificationMode | true if the verification mode is active |
poKif | the PO KIF |
poKVC | the PO KVC |
digestData | a first packet of data to digest. |
void keyple::calypso::transaction::SamCommandProcessor::pushPoExchangeDataList | ( | const std::vector< std::shared_ptr< ApduRequest >> & | requests, |
const std::vector< std::shared_ptr< ApduResponse >> & | responses, | ||
const int | startIndex | ||
) |
Appends a list full PO exchange (request and response) to the digest data cache.
The startIndex argument makes it possible not to include the beginning of the list when necessary.
requests | PO request list |
responses | PO response list |
startIndex | starting point in the list |