OpenPACE
Macros | Functions
ca.h File Reference

Interface for Chip Authentication. More...

#include "eac.h"
#include <openssl/buffer.h>

Go to the source code of this file.

Macros

#define CA_FLAG_DISABLE_PASSIVE_AUTH   1
 Skip the passive authentication.
 

Functions

void CA_disable_passive_authentication (EAC_CTX *ctx)
 Disable passive authentication for this EAC_CTX. More...
 
BUF_MEM * CA_get_pubkey (const EAC_CTX *ctx, const unsigned char *ef_cardsecurity, size_t ef_cardsecurity_len)
 Extract the public key from a EF.CardSecurity file. More...
 
int CA_set_key (const EAC_CTX *ctx, const unsigned char *priv, size_t priv_len, const unsigned char *pub, size_t pub_len)
 Initialize the CA context with keys. More...
 
BUF_MEM * CA_STEP1_get_pubkey (const EAC_CTX *ctx)
 Get the PICC's encoded public key. More...
 
BUF_MEM * CA_STEP2_get_eph_pubkey (const EAC_CTX *ctx)
 Get the PCD's ephemeral public key (generated in TA step 3) More...
 
int CA_STEP3_check_pcd_pubkey (const EAC_CTX *ctx, const BUF_MEM *comp_pubkey, const BUF_MEM *pubkey)
 Check whether the public key matches the compressed public key previously received in TA. More...
 
int CA_STEP4_compute_shared_secret (const EAC_CTX *ctx, const BUF_MEM *pubkey)
 Compute the shared secret using the PICC's static key pair and the PCD's ephemeral key pair. More...
 
int CA_STEP5_derive_keys (const EAC_CTX *ctx, const BUF_MEM *pub, BUF_MEM **nonce, BUF_MEM **token)
 Derives the PICC's encryption and authentication keys. More...
 
int CA_STEP6_derive_keys (EAC_CTX *ctx, const BUF_MEM *nonce, const BUF_MEM *token)
 Derives the PCD's encryption and authentication keys. More...
 

Detailed Description

Interface for Chip Authentication.

Chip Authentication (CA) is a protocol which is used to check the authenticity of a MRTD chip and establish a secure channel for further communication. The chip contains one or more key pairs used for key agreement. After successful key agreement symmetric keys are derived from the shared secret. OpenPACE implements CA version 2.

Author
Frank Morgner frank.nosp@m.morg.nosp@m.ner@g.nosp@m.mail.nosp@m..com
Dominik Oepen oepen.nosp@m.@inf.nosp@m.ormat.nosp@m.ik.h.nosp@m.u-ber.nosp@m.lin..nosp@m.de

Definition in file ca.h.

Function Documentation

◆ CA_get_pubkey()

BUF_MEM* CA_get_pubkey ( const EAC_CTX ctx,
const unsigned char *  ef_cardsecurity,
size_t  ef_cardsecurity_len 
)

Extract the public key from a EF.CardSecurity file.

Perform passive authentication if required.

Parameters
[in]ctxEAC context
[in]ef_cardsecuritybuffer containing the ASN.1 encoded EF.CardSecurity
[in]ef_cardsecurity_lenlength of ef_cardsecurity
Returns
The public key or NULL in case of an error

◆ CA_set_key()

int CA_set_key ( const EAC_CTX ctx,
const unsigned char *  priv,
size_t  priv_len,
const unsigned char *  pub,
size_t  pub_len 
)

Initialize the CA context with keys.

Parameters
[in]ctxEAC context
[in]priv(optional) Private CA key. Can be an encoded key or a raw point/integer.
[in]priv_lenLength of priv
[in]pub(optional) Public CA key
[in]pub_lenLength of pub
See also
See d2i_AutoPrivateKey() for supported encodings of priv
Returns
1 on success or 0 in case of an error
Generated by   doxygen 1.8.17