fix api scheme

app/src/main/cpp/api.cpp

@@ -5,6 +5,8 @@
 #include <vector>
 #include <stdint.h>
 #include <functional>
+#include <string>
+#include <regex>
 
 #include <android/log.h>
 #include <jni.h>
@@ -238,10 +240,12 @@ void Connector::initBAC() {
     // mrz.padRight(9, '<') + mrz_check_digit
     // + birth yymmdd + birth_check_digit
     // + expiry yymmdd + expiry_check_digit
-    const unsigned char dbaKeys[] = "098002079798112232311229";
     const int dbaKeysSize = 9 + 1 + 6 + 1 + 6 + 1;
+    if (passcode.size() != dbaKeysSize) {
+        throw "Passcode length is wrong";
+    }
     bytes dbaKeysSeed(20);
-    SHA1(dbaKeys, dbaKeysSize, dbaKeysSeed.data());
+    SHA1((const unsigned char*)passcode.c_str(), passcode.size(), dbaKeysSeed.data());
     dbaKeysSeed.resize(16);
 
     const bytes Kenc = deriveKeyDesEDE(dbaKeysSeed);
@@ -658,7 +662,7 @@ void Connector::readEFSOD() {
     }
 }
 
-void Connector::activeAuthentication() {
+void Connector::activeAuthentication(bytes m2) {
     const unsigned char* dg15ptr = dg15.data();
     auto pubkey = d2i_RSA_PUBKEY(nullptr, &dg15ptr, dg15.size());
 
@@ -666,8 +670,6 @@ void Connector::activeAuthentication() {
         throw "Cannot read pubkey";
     }
 
-    bytes m2 = randomBytes(8);
-
     // 256 is hardcoded
     // MRTD returns signature of size [sigLength] or of arbitrarily size if [sigLength] is 256.
     auto response = internalAuthenticate(m2, 256);

app/src/main/cpp/api.h

@@ -251,7 +251,6 @@ private:
     // chip's public key
     bytes dg15;
 
-public:
     transceive_type transceive;
     SecureMessaging* sm = nullptr;
 
@@ -276,7 +275,7 @@ public:
     void readEFDG15();
     void readEFSOD();
 
-    void activeAuthentication();
+    void activeAuthentication(bytes challenge);
 };
 
 #endif //CCCC_API_H