|
OpenPACE
|
Interface for Extended Access Control. More...
#include <eac/cv_cert.h>#include <eac/objects.h>#include <openssl/asn1.h>#include <openssl/buffer.h>#include <openssl/cmac.h>#include <openssl/ec.h>#include <openssl/evp.h>Go to the source code of this file.
Data Structures | |
| struct | ka_ctx |
| Context for a key agreement and subsequent derivation of session keys. More... | |
| struct | pace_ctx |
| Context for the Password Authenticated Connection Establishment protocol. More... | |
| struct | ri_ctx |
| Context for the Restricted Identification protocol. More... | |
| struct | ta_ctx |
| Context for the Terminal Authentication protocol. More... | |
| struct | ca_ctx |
| Context for the Chip Authentication protocol. More... | |
| struct | eac_ctx |
| Context for the Extended Access Control protocol. More... | |
Macros | |
| #define | EAC_AES_MAC_LENGTH 8 |
| TR-03110 always uses CMAC of 8 bytes length for AES MAC. | |
| #define | EAC_ID_PACE 0 |
| Identifies the PACE context. | |
| #define | EAC_ID_CA 1 |
| Identifies the CA context. | |
| #define | EAC_ID_TA 2 |
| Identifies the TA context. | |
| #define | EAC_ID_EAC 3 |
| Identifies the currently used channel for encryption/decryption. | |
Typedefs | |
| typedef struct ka_ctx | KA_CTX |
| Context for a key agreement and subsequent derivation of session keys. More... | |
| typedef struct pace_ctx | PACE_CTX |
| Context for the Password Authenticated Connection Establishment protocol. | |
| typedef struct ri_ctx | RI_CTX |
| Context for the Restricted Identification protocol. | |
| typedef CVC_CERT *(* | CVC_lookup_cvca_cert) (const unsigned char *chr, size_t car_len) |
| callback for finding the CVCA trust anchor | |
| typedef struct ta_ctx | TA_CTX |
| Context for the Terminal Authentication protocol. | |
| typedef X509_STORE *(* | X509_lookup_csca_cert) (unsigned long issuer_name_hash) |
| callback for finding the X.509 trust anchor | |
| typedef struct ca_ctx | CA_CTX |
| Context for the Chip Authentication protocol. | |
| typedef struct eac_ctx | EAC_CTX |
| Context for the Extended Access Control protocol. | |
Enumerations | |
| enum | eac_tr_version { EAC_TR_VERSION = 0, EAC_TR_VERSION_2_01, EAC_TR_VERSION_2_02 } |
| Identification of the specifications to use. More... | |
Functions | |
| void | EAC_init (void) |
| Initializes OpenSSL and the EAC identifier. More... | |
| void | EAC_cleanup (void) |
Wrapper to EVP_cleanup() | |
| EAC_CTX * | EAC_CTX_new (void) |
| Create a new EAC context. More... | |
| void | EAC_CTX_clear_free (EAC_CTX *ctx) |
| Free an EAC context. More... | |
| int | EAC_CTX_init_pace (EAC_CTX *ctx, int protocol, int curve) |
| Initialize an EAC context for PACE. More... | |
| int | EAC_CTX_init_ta (const EAC_CTX *ctx, const unsigned char *privkey, size_t privkey_len, const unsigned char *cvca, size_t cvca_len) |
| Initialize an EAC context for TA with the terminal's PKI data. Use either a CV certificate or a known CAR for initialization. More... | |
| int | EAC_CTX_init_ca (EAC_CTX *ctx, int protocol, int curve) |
| Initialize an EAC context for Chip Authentication. More... | |
| int | EAC_CTX_init_ri (EAC_CTX *ctx, int protocol, int stnd_dp) |
| Initialize an EAC context for Restricted Identification. More... | |
| int | EAC_CTX_init_ef_cardaccess (unsigned const char *in, size_t in_len, EAC_CTX *ctx) |
Initialize an EAC context for PACE, TA and CA from the data given in an EF.CardAccess. More... | |
| int | EAC_CTX_init_ef_cardsecurity (const unsigned char *ef_cardsecurity, size_t ef_cardsecurity_len, EAC_CTX *ctx) |
Initialize an EAC context for PACE, TA and CA from the data given in an EF.CardSecurity. More... | |
| int | EAC_CTX_get_cvca_lookup (const EAC_CTX *ctx, CVC_lookup_cvca_cert *lookup_cvca_cert) |
| Return the EAC context's CVCA lookup callback. More... | |
| int | EAC_CTX_set_cvca_lookup (EAC_CTX *ctx, CVC_lookup_cvca_cert lookup_cvca_cert) |
| Set the CVCA lookup callback. More... | |
| CVC_lookup_cvca_cert | EAC_get_default_cvca_lookup (void) |
| Return the default lookup of the country verifying CA. More... | |
| void | EAC_set_cvc_default_dir (const char *default_dir) |
Set directory for EAC_get_default_cvca_lookup() More... | |
| int | EAC_CTX_get_csca_lookup_cert (const EAC_CTX *ctx, X509_lookup_csca_cert *lookup_cvca_cert) |
| Get the CSCA lookup callback. More... | |
| int | EAC_CTX_set_csca_lookup_cert (EAC_CTX *ctx, X509_lookup_csca_cert lookup_cvca_cert) |
| Set the CSCA lookup callback. More... | |
| X509_lookup_csca_cert | EAC_get_default_csca_lookup (void) |
| Return the default lookup of the country signing CA. More... | |
| void | EAC_set_x509_default_dir (const char *default_dir) |
Set directory for EAC_get_default_csca_lookup() More... | |
| BUF_MEM * | EAC_add_iso_pad (const EAC_CTX *ctx, const BUF_MEM *unpadded) |
| Pad a buffer using ISO/IEC 9797-1 padding method 2. More... | |
| BUF_MEM * | EAC_remove_iso_pad (const BUF_MEM *padded) |
| Remove ISO/IEC 9797-1 padding method 2 from a message. More... | |
| int | EAC_increment_ssc (const EAC_CTX *ctx) |
| Increment the Send Sequence Counter. More... | |
| int | EAC_reset_ssc (const EAC_CTX *ctx) |
| Reset the Send Sequence Counter. More... | |
| int | EAC_set_ssc (const EAC_CTX *ctx, unsigned long ssc) |
| Set the Send Sequence Counter. More... | |
| BUF_MEM * | EAC_encrypt (const EAC_CTX *ctx, const BUF_MEM *data) |
| Encrypts data according to TR-03110 F.2. More... | |
| BUF_MEM * | EAC_decrypt (const EAC_CTX *ctx, const BUF_MEM *data) |
| Decrypt data according to TR-03110 F.2. More... | |
| BUF_MEM * | EAC_authenticate (const EAC_CTX *ctx, const BUF_MEM *data) |
| Authenticate data according to TR-03110 F.2. More... | |
| int | EAC_verify_authentication (const EAC_CTX *ctx, const BUF_MEM *data, const BUF_MEM *mac) |
| Verify authenticated data according to TR-03110 F.2. More... | |
| BUF_MEM * | EAC_Comp (const EAC_CTX *ctx, int id, const BUF_MEM *pub) |
| Compresse a public key according to TR-03110 Table A.2. More... | |
| BUF_MEM * | EAC_hash_certificate_description (const unsigned char *cert_desc, size_t cert_desc_len) |
| Compute the hash of a CV certificate description. More... | |
| int | EAC_CTX_set_encryption_ctx (EAC_CTX *ctx, int id) |
| Set the SM context for encryption, decryption and authentication. More... | |
| int | EAC_CTX_print_private (BIO *out, const EAC_CTX *ctx, int indent) |
| Print EAC context including private data. More... | |
| int | BUF_MEM_print (BIO *out, const BUF_MEM *buf, int indent) |
| Prints buffer. More... | |
| void | BUF_MEM_clear_free (BUF_MEM *b) |
| Frees and wipes a buffer. More... | |
Interface for Extended Access Control.
Definition in file eac.h.
Context for a key agreement and subsequent derivation of session keys.
| enum eac_tr_version |
Identification of the specifications to use.
| Enumerator | |
|---|---|
| EAC_TR_VERSION | Undefined type, if nothing else matches. |
| EAC_TR_VERSION_2_01 | Perform EAC according to TR-03110 v2.01. |
| EAC_TR_VERSION_2_02 | Perform EAC according to TR-03110 v2.02 and later. |
1.8.17