OpenPACE
Data Structures | Typedefs | Enumerations | Functions
pace.h File Reference

Interface for Password Authenticated Connection Establishment. More...

#include "eac.h"
#include <openssl/bn.h>
#include <openssl/buffer.h>

Go to the source code of this file.

Data Structures

struct  pace_sec
 Shared secret for PACE. More...
 

Typedefs

typedef struct pace_sec PACE_SEC
 Shared secret for PACE.
 

Enumerations

enum  s_type {
  PACE_MRZ = 1, PACE_CAN, PACE_PIN, PACE_PUK,
  PACE_RAW, PACE_SEC_UNDEF
}
 Type of the secret. More...
 

Functions

void PACE_SEC_clear_free (PACE_SEC *s)
 Free a PACE secret. More...
 
PACE_SECPACE_SEC_new (const char *sec, size_t sec_len, enum s_type type)
 Create and initialize a new PACE secret. More...
 
int PACE_SEC_print_private (BIO *out, const PACE_SEC *sec, int indent)
 Print PACE_SEC object including private secret. More...
 
BUF_MEM * PACE_STEP1_enc_nonce (const EAC_CTX *ctx, const PACE_SEC *pi)
 Generates and encrypts a nonce. More...
 
int PACE_STEP2_dec_nonce (const EAC_CTX *ctx, const PACE_SEC *pi, const BUF_MEM *enc_nonce)
 Decrypt the nonce from the other party. More...
 
BUF_MEM * PACE_STEP3A_generate_mapping_data (const EAC_CTX *ctx)
 Generate a mapping data to perform the mapping to ephemeral domain parameters. More...
 
int PACE_STEP3A_map_generator (const EAC_CTX *ctx, const BUF_MEM *in)
 Map to the ephemeral domain parameters. More...
 
BUF_MEM * PACE_STEP3B_generate_ephemeral_key (EAC_CTX *ctx)
 Generate a keypair for key agreement. More...
 
int PACE_STEP3B_compute_shared_secret (const EAC_CTX *ctx, const BUF_MEM *in)
 Compute the shared secret for key agreement. More...
 
int PACE_STEP3C_derive_keys (const EAC_CTX *ctx)
 Derives encryption and authentication keys. More...
 
BUF_MEM * PACE_STEP3D_compute_authentication_token (const EAC_CTX *ctx, const BUF_MEM *pub)
 Compute the authentication token from domain parameters and public key. More...
 
int PACE_STEP3D_verify_authentication_token (const EAC_CTX *ctx, const BUF_MEM *token)
 Verifies an authentication token. More...
 

Detailed Description

Interface for Password Authenticated Connection Establishment.

PACE is a protocol used to establish strong session keys based on a weak shared secret (password). The result of a PACE run are two symmetric keys, one for MAC computation and one for encryption. It was specified for Extended Access Control (EAC) in Machine Readable Travel Documents (MRTD), but can also be used for securing any other communication channel. PACE can be used with different suites of algorithms and is not subject to any patents.

Author
Frank Morgner frank.nosp@m.morg.nosp@m.ner@g.nosp@m.mail.nosp@m..com
Dominik Oepen oepen.nosp@m.@inf.nosp@m.ormat.nosp@m.ik.h.nosp@m.u-ber.nosp@m.lin..nosp@m.de

Definition in file pace.h.

Enumeration Type Documentation

◆ s_type

enum s_type

Type of the secret.

Enumerator
PACE_MRZ 

MRZ is the Machine Readable Zone, printed on the card, encoding the personal information of the user.

PACE_CAN 

CAN is the Card access number printed on the card.

PACE_PIN 

PIN is the Personal Identification Number, a secret known only to the user and not printed on the card.

PACE_PUK 

PUK is the Personal Unblocking key. This type of secret is used when the card is suspended due to too many incorrect PACE runs.

PACE_RAW 

This type of secret is not defined in BSI TR-03110. We use it as a generic type, so we can use PACE independent from a ID card.

PACE_SEC_UNDEF 

Undefined type, if nothing else matches.

Definition at line 67 of file pace.h.

Generated by   doxygen 1.8.17