├── .github ├── build.sh ├── openssl_getrandom.diff └── workflows │ ├── coverity.yml │ ├── macos.yml │ ├── scorecard.yml │ └── ubuntu.yml ├── .gitignore ├── COPYING ├── ISSUE_TEMPLATE.md ├── Makefile.am ├── NEWS.md ├── README.md ├── SECURITY.md ├── Vagrantfile ├── appveyor.yml ├── bindings ├── Makefile.am ├── ca.i ├── cvc.i ├── eac.i ├── go │ ├── Makefile.am │ └── example.go ├── java │ ├── EAC_Example.java │ └── Makefile.am ├── objects.i ├── pace.i ├── python │ ├── Makefile.am │ ├── chat.py │ ├── cvc_rehash.in │ ├── example.py │ ├── pace_entity.py │ ├── setup.py.in │ └── test.py ├── ruby │ ├── Makefile.am │ ├── example.rb │ └── extconf.rb.in ├── ta.i ├── util.i └── win32 │ ├── eac.sln │ ├── eac.vcxproj │ └── eac.vcxproj.filters ├── bootstrap ├── configure.ac ├── cv_cert ├── at_cert_19a.cvcert ├── at_cert_19a_ecdh.cvcert ├── cvca-eid.cv ├── dv_cert_19.cvcert └── dv_cert_19_ecdh.cvcert ├── docs ├── .nojekyll ├── _sources │ ├── index.txt │ ├── install.txt │ ├── programming.txt │ ├── protocols.txt │ └── usage.txt ├── _static │ ├── Makefile.am │ ├── basic.css │ ├── bootstrap-2.3.2 │ │ ├── css │ │ │ ├── bootstrap-responsive.css │ │ │ ├── bootstrap-responsive.min.css │ │ │ ├── bootstrap.css │ │ │ └── bootstrap.min.css │ │ ├── img │ │ │ ├── glyphicons-halflings-white.png │ │ │ └── glyphicons-halflings.png │ │ └── js │ │ │ ├── bootstrap.js │ │ │ └── bootstrap.min.js │ ├── bootstrap-3.3.7 │ │ ├── css │ │ │ ├── bootstrap-theme.css │ │ │ ├── bootstrap-theme.css.map │ │ │ ├── bootstrap-theme.min.css │ │ │ ├── bootstrap-theme.min.css.map │ │ │ ├── bootstrap.css │ │ │ ├── bootstrap.css.map │ │ │ ├── bootstrap.min.css │ │ │ └── bootstrap.min.css.map │ │ ├── fonts │ │ │ ├── glyphicons-halflings-regular.eot │ │ │ ├── glyphicons-halflings-regular.svg │ │ │ ├── glyphicons-halflings-regular.ttf │ │ │ ├── glyphicons-halflings-regular.woff │ │ │ └── glyphicons-halflings-regular.woff2 │ │ └── js │ │ │ ├── bootstrap.js │ │ │ ├── bootstrap.min.js │ │ │ └── npm.js │ ├── bootstrap-sphinx.css │ ├── bootstrap-sphinx.js │ ├── bootswatch-2.3.2 │ │ ├── amelia │ │ │ └── bootstrap.min.css │ │ ├── cerulean │ │ │ └── bootstrap.min.css │ │ ├── cosmo │ │ │ └── bootstrap.min.css │ │ ├── cyborg │ │ │ └── bootstrap.min.css │ │ ├── flatly │ │ │ └── bootstrap.min.css │ │ ├── img │ │ │ ├── glyphicons-halflings-white.png │ │ │ └── glyphicons-halflings.png │ │ ├── journal │ │ │ └── bootstrap.min.css │ │ ├── readable │ │ │ └── bootstrap.min.css │ │ ├── simplex │ │ │ └── bootstrap.min.css │ │ ├── slate │ │ │ └── bootstrap.min.css │ │ ├── spacelab │ │ │ └── bootstrap.min.css │ │ ├── spruce │ │ │ └── bootstrap.min.css │ │ ├── superhero │ │ │ └── bootstrap.min.css │ │ └── united │ │ │ └── bootstrap.min.css │ ├── bootswatch-3.3.7 │ │ ├── cerulean │ │ │ └── bootstrap.min.css │ │ ├── cosmo │ │ │ └── bootstrap.min.css │ │ ├── cyborg │ │ │ └── bootstrap.min.css │ │ ├── darkly │ │ │ └── bootstrap.min.css │ │ ├── flatly │ │ │ └── bootstrap.min.css │ │ ├── fonts │ │ │ ├── glyphicons-halflings-regular.eot │ │ │ ├── glyphicons-halflings-regular.svg │ │ │ ├── glyphicons-halflings-regular.ttf │ │ │ ├── glyphicons-halflings-regular.woff │ │ │ └── glyphicons-halflings-regular.woff2 │ │ ├── journal │ │ │ └── bootstrap.min.css │ │ ├── lumen │ │ │ └── bootstrap.min.css │ │ ├── paper │ │ │ └── bootstrap.min.css │ │ ├── readable │ │ │ └── bootstrap.min.css │ │ ├── sandstone │ │ │ └── bootstrap.min.css │ │ ├── simplex │ │ │ └── bootstrap.min.css │ │ ├── slate │ │ │ └── bootstrap.min.css │ │ ├── solar │ │ │ └── bootstrap.min.css │ │ ├── spacelab │ │ │ └── bootstrap.min.css │ │ ├── superhero │ │ │ └── bootstrap.min.css │ │ ├── united │ │ │ └── bootstrap.min.css │ │ └── yeti │ │ │ └── bootstrap.min.css │ ├── doctools.js │ ├── documentation_options.js │ ├── doxygen │ │ ├── annotated.html │ │ ├── bc_s.png │ │ ├── bdwn.png │ │ ├── ca_8h.html │ │ ├── ca_8h_source.html │ │ ├── classes.html │ │ ├── closed.png │ │ ├── cv__cert_8h.html │ │ ├── cv__cert_8h_source.html │ │ ├── dir_2beb2c8fad66f6564e9cdda73fb11327.html │ │ ├── doc.png │ │ ├── doxygen.css │ │ ├── doxygen.png │ │ ├── dynsections.js │ │ ├── eac_8h.html │ │ ├── eac_8h_source.html │ │ ├── files.html │ │ ├── folderclosed.png │ │ ├── folderopen.png │ │ ├── functions.html │ │ ├── functions_func.html │ │ ├── functions_vars.html │ │ ├── globals.html │ │ ├── globals_defs.html │ │ ├── globals_enum.html │ │ ├── globals_eval.html │ │ ├── globals_func.html │ │ ├── globals_type.html │ │ ├── group__caproto.html │ │ ├── group__eacproto.html │ │ ├── group__management.html │ │ ├── group__paceproto.html │ │ ├── group__printing.html │ │ ├── group__riproto.html │ │ ├── group__sm.html │ │ ├── group__taproto.html │ │ ├── index.html │ │ ├── jquery.js │ │ ├── menu.js │ │ ├── menudata.js │ │ ├── modules.html │ │ ├── nav_f.png │ │ ├── nav_g.png │ │ ├── nav_h.png │ │ ├── objects_8h.html │ │ ├── objects_8h_source.html │ │ ├── open.png │ │ ├── pace_8h.html │ │ ├── pace_8h_source.html │ │ ├── ri_8h.html │ │ ├── ri_8h_source.html │ │ ├── splitbar.png │ │ ├── structca__ctx.html │ │ ├── structcvc__cert__authentication__request__seq__st.html │ │ ├── structcvc__cert__body__seq__st.html │ │ ├── structcvc__cert__request__body__seq__st.html │ │ ├── structcvc__cert__request__seq__st.html │ │ ├── structcvc__cert__seq__st.html │ │ ├── structcvc__certificate__description__st.html │ │ ├── structcvc__chat__seq__st.html │ │ ├── structcvc__commcert__seq__st.html │ │ ├── structcvc__discretionary__data__template__seq__st.html │ │ ├── structcvc__pubkey__st.html │ │ ├── structeac__ctx.html │ │ ├── structka__ctx.html │ │ ├── structpace__ctx.html │ │ ├── structpace__sec.html │ │ ├── structri__ctx.html │ │ ├── structta__ctx.html │ │ ├── sync_off.png │ │ ├── sync_on.png │ │ ├── ta_8h.html │ │ ├── ta_8h_source.html │ │ ├── tab_a.png │ │ ├── tab_b.png │ │ ├── tab_h.png │ │ ├── tab_s.png │ │ └── tabs.css │ ├── eactest.html │ ├── eactest.html.mem │ ├── eactest.js │ ├── file.png │ ├── jquery-3.5.1.js │ ├── jquery.js │ ├── js │ │ ├── jquery-1.11.0.min.js │ │ └── jquery-fix.js │ ├── language_data.js │ ├── logo_132.png │ ├── minus.png │ ├── plus.png │ ├── pygments.css │ ├── searchtools.js │ ├── underscore-1.12.0.js │ └── underscore.js ├── index.html ├── install.html ├── objects.inv ├── programming.html ├── protocols.html ├── search.html ├── searchindex.js └── usage.html ├── generate-eac-pki.sh ├── libeac.pc.in ├── m4 ├── .gitignore ├── ac_jni_include_dir.m4 ├── ac_prog_java.m4 ├── ac_prog_java_works.m4 ├── ac_prog_javac.m4 ├── ac_prog_javac_works.m4 ├── as-ac-expand.m4 └── ax_pkg_swig.m4 └── src ├── Makefile.am ├── bsi_objects.txt ├── ca_lib.c ├── ca_lib.h ├── certs ├── DECVCAEPASS00102 ├── DECVCAeID00102 ├── DECVCAeSign00102 ├── Makefile.am ├── csca-germany_013_self_signed_cer.cer ├── cvca-eid.cv ├── cvca-epass.cv ├── cvca-esign.cv └── ff3d20d2 ├── cv_cert.c ├── cvc-create.c ├── cvc-create.ggo.in ├── cvc-print.c ├── cvc-print.ggo.in ├── cvc_lookup.c ├── docs ├── Doxyfile.in ├── Makefile.am ├── Makefile.sphinx ├── _static │ ├── Makefile.am │ ├── eactest.html │ ├── eactest.html.mem │ ├── eactest.js │ └── logo_132.png ├── _templates │ └── layout.html ├── conf.py.in ├── efcardaccess_asn1.conf ├── efcardsecurity_templ_asn1.conf ├── index.txt.in ├── install.txt.in ├── programming.txt.in ├── protocols.txt.in ├── requirements.txt └── usage.txt.in ├── eac.c ├── eac ├── ca.h ├── cv_cert.h ├── eac.h ├── objects.h ├── pace.h ├── ri.h └── ta.h ├── eac_asn1.c ├── eac_asn1.h ├── eac_ca.c ├── eac_dh.c ├── eac_dh.h ├── eac_ecdh.c ├── eac_ecdh.h ├── eac_err.h ├── eac_kdf.c ├── eac_kdf.h ├── eac_lib.c ├── eac_lib.h ├── eac_print.c ├── eac_util.c ├── eac_util.h ├── eactest.c ├── example.c ├── misc.c ├── misc.h ├── objects.c ├── pace.c ├── pace_lib.c ├── pace_lib.h ├── pace_mappings.c ├── pace_mappings.h ├── read_file.c ├── read_file.h ├── ri.c ├── ri_lib.c ├── ssl_compat.c ├── ssl_compat.h ├── ta.c ├── ta_lib.c ├── ta_lib.h ├── vc.c └── x509_lookup.c /.github/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # CI script to build for "ubuntu", "macos", "ape", "coverity" 4 | 5 | set -ex -o xtrace 6 | 7 | DEPS="gengetopt help2man automake libtool" 8 | 9 | case "$1" in 10 | ubuntu|coverity) 11 | DEPS="$DEPS openjdk-8-jdk openjdk-8-jre-headless python3-dev ruby-dev swig xutils-dev doxygen" 12 | ;; 13 | macos) 14 | DEPS="$DEPS openssl" 15 | ;; 16 | esac 17 | 18 | case "$1" in 19 | ubuntu|coverity|ape) 20 | sudo apt-get update 21 | sudo apt-get install -y $DEPS 22 | ;; 23 | macos) 24 | brew install $DEPS 25 | ;; 26 | esac 27 | 28 | case "$1" in 29 | ubuntu) 30 | # full documentation is only built on ubuntu 31 | #pip install -r sphinx sphinx-bootstrap-theme breathe sphinxcontrib-programoutput 32 | pip install -r src/docs/requirements.txt 33 | ;; 34 | esac 35 | 36 | case "$1" in 37 | ape) 38 | sudo sh -c "echo ':APE:M::MZqFpD::/bin/sh:' >/proc/sys/fs/binfmt_misc/register" 39 | sudo mkdir -p /opt 40 | sudo chmod 1777 /opt 41 | test -d /opt/cosmo || (wget https://cosmo.zip/pub/cosmocc/cosmocc-3.3.1.zip && sudo unzip cosmocc-3.3.1.zip -d /opt/cosmo) 42 | test -d openssl || git clone --depth=1 https://github.com/openssl/openssl.git -b openssl-3.0 openssl 43 | # see also https://github.com/ahgamut/superconfigure/blob/main/lib/openssl/BUILD.mk 44 | cd openssl 45 | git apply ../.github/openssl_getrandom.diff 46 | ./Configure linux-aarch64 --with-rand-seed=getrandom no-asm no-shared no-dso no-engine no-dynamic-engine no-pic no-autoalginit no-autoerrinit no-tests -DPURIFY CC="/opt/cosmo/bin/cosmocc -I/opt/cosmo/include -L/opt/cosmo/lib" AR=/opt/cosmo/bin/cosmoar 47 | make 48 | cd - 49 | ;; 50 | esac 51 | 52 | autoreconf -vis 53 | 54 | case "$1" in 55 | ubuntu|coverity) 56 | ./configure --enable-python --enable-java --enable-ruby 57 | ;; 58 | ape) 59 | ./configure CC=/opt/cosmo/bin/cosmocc INSTALL="/opt/cosmo/bin/cosmoinstall" AR="/opt/cosmo/bin/cosmoar" CRYPTO_CFLAGS="-I$PWD/openssl/include" CRYPTO_LIBS="-L$PWD/openssl -lcrypto" --disable-shared 60 | ;; 61 | macos) 62 | ./configure 63 | ;; 64 | esac 65 | 66 | case "$1" in 67 | ubuntu) 68 | make 69 | make check 70 | sudo make install 71 | make distcheck 72 | sudo make uninstall 73 | ;; 74 | ape|macos) 75 | make 76 | ;; 77 | esac 78 | 79 | case "$1" in 80 | ape) 81 | mkdir -p openpace-bin 82 | for file in src/eactest src/cvc-create src/cvc-print 83 | do 84 | #objcopy -SO binary $file openpace-bin/${file##*/}.com 85 | cp $file openpace-bin/${file##*/}.com 86 | done 87 | cp -r docs openpace-bin 88 | ;; 89 | esac 90 | -------------------------------------------------------------------------------- /.github/openssl_getrandom.diff: -------------------------------------------------------------------------------- 1 | diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c 2 | index 750afca5..15e1bbec 100644 3 | --- a/providers/implementations/rands/seeding/rand_unix.c 4 | +++ b/providers/implementations/rands/seeding/rand_unix.c 5 | @@ -333,75 +333,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen) 6 | */ 7 | static ssize_t syscall_random(void *buf, size_t buflen) 8 | { 9 | - /* 10 | - * Note: 'buflen' equals the size of the buffer which is used by the 11 | - * get_entropy() callback of the RAND_DRBG. It is roughly bounded by 12 | - * 13 | - * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14 14 | - * 15 | - * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion 16 | - * between size_t and ssize_t is safe even without a range check. 17 | - */ 18 | - 19 | - /* 20 | - * Do runtime detection to find getentropy(). 21 | - * 22 | - * Known OSs that should support this: 23 | - * - Darwin since 16 (OSX 10.12, IOS 10.0). 24 | - * - Solaris since 11.3 25 | - * - OpenBSD since 5.6 26 | - * - Linux since 3.17 with glibc 2.25 27 | - * - FreeBSD since 12.0 (1200061) 28 | - * 29 | - * Note: Sometimes getentropy() can be provided but not implemented 30 | - * internally. So we need to check errno for ENOSYS 31 | - */ 32 | -# if !defined(__DragonFly__) && !defined(__NetBSD__) 33 | -# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) 34 | - extern int getentropy(void *buffer, size_t length) __attribute__((weak)); 35 | - 36 | - if (getentropy != NULL) { 37 | - if (getentropy(buf, buflen) == 0) 38 | - return (ssize_t)buflen; 39 | - if (errno != ENOSYS) 40 | - return -1; 41 | - } 42 | -# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) 43 | - 44 | - if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) 45 | - return (ssize_t)buflen; 46 | - 47 | - return -1; 48 | -# else 49 | - union { 50 | - void *p; 51 | - int (*f)(void *buffer, size_t length); 52 | - } p_getentropy; 53 | - 54 | - /* 55 | - * We could cache the result of the lookup, but we normally don't 56 | - * call this function often. 57 | - */ 58 | - ERR_set_mark(); 59 | - p_getentropy.p = DSO_global_lookup("getentropy"); 60 | - ERR_pop_to_mark(); 61 | - if (p_getentropy.p != NULL) 62 | - return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; 63 | -# endif 64 | -# endif /* !__DragonFly__ */ 65 | - 66 | - /* Linux supports this since version 3.17 */ 67 | -# if defined(__linux) && defined(__NR_getrandom) 68 | - return syscall(__NR_getrandom, buf, buflen, 0); 69 | -# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) 70 | - return sysctl_random(buf, buflen); 71 | -# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ 72 | - || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) 73 | return getrandom(buf, buflen, 0); 74 | -# else 75 | - errno = ENOSYS; 76 | - return -1; 77 | -# endif 78 | } 79 | # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ 80 | 81 | -------------------------------------------------------------------------------- /.github/workflows/coverity.yml: -------------------------------------------------------------------------------- 1 | name: Coverity CI 2 | 3 | # We only want to test master or explicitly via coverity branch 4 | on: 5 | push: 6 | branches: [master, coverity] 7 | 8 | 9 | permissions: 10 | contents: read 11 | 12 | jobs: 13 | build: 14 | runs-on: ubuntu-24.04 15 | steps: 16 | - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 17 | - run: .github/build.sh coverity 18 | - uses: vapier/coverity-scan-action@2dd9b03b1987669de7a6db4203ba44b76a636ce4 # v0.0.1 19 | with: 20 | project: frankmorgner%2Fopenpace 21 | token: ${{ secrets.COVERITY_SCAN_TOKEN }} 22 | email: 'frankmorgner@gmail.com' 23 | command: 'make' 24 | -------------------------------------------------------------------------------- /.github/workflows/macos.yml: -------------------------------------------------------------------------------- 1 | name: macOS CI 2 | 3 | on: 4 | pull_request: 5 | paths: 6 | - '**.c' 7 | - '**.h' 8 | - '**.i' 9 | - '**.in' 10 | - '**.sh' 11 | - '**.py' 12 | - '**.go' 13 | - '**.java' 14 | - '**.rb' 15 | - .github/workflows/macos.yml 16 | push: 17 | 18 | 19 | permissions: # added using https://github.com/step-security/secure-repo 20 | contents: read 21 | 22 | jobs: 23 | build: 24 | runs-on: macos-14 25 | steps: 26 | - uses: actions/checkout@v4 27 | - run: .github/build.sh macos 28 | - uses: actions/upload-artifact@v4 29 | with: 30 | name: openpace-dmg 31 | path: 32 | openpace*.dmg 33 | -------------------------------------------------------------------------------- /.github/workflows/scorecard.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. They are provided 2 | # by a third-party and are governed by separate terms of service, privacy 3 | # policy, and support documentation. 4 | 5 | name: Scorecard supply-chain security 6 | on: 7 | # For Branch-Protection check. Only the default branch is supported. See 8 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection 9 | branch_protection_rule: 10 | # To guarantee Maintained check is occasionally updated. See 11 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained 12 | schedule: 13 | - cron: '43 9 * * 4' 14 | push: 15 | branches: [ "master" ] 16 | 17 | # Declare default permissions as read only. 18 | permissions: read-all 19 | 20 | jobs: 21 | analysis: 22 | name: Scorecard analysis 23 | runs-on: ubuntu-latest 24 | permissions: 25 | # Needed to upload the results to code-scanning dashboard. 26 | security-events: write 27 | # Needed to publish results and get a badge (see publish_results below). 28 | id-token: write 29 | # Uncomment the permissions below if installing in a private repository. 30 | # contents: read 31 | # actions: read 32 | 33 | steps: 34 | - name: "Checkout code" 35 | uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 36 | with: 37 | persist-credentials: false 38 | 39 | - name: "Run analysis" 40 | uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 41 | with: 42 | results_file: results.sarif 43 | results_format: sarif 44 | # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: 45 | # - you want to enable the Branch-Protection check on a *public* repository, or 46 | # - you are installing Scorecard on a *private* repository 47 | # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. 48 | # repo_token: ${{ secrets.SCORECARD_TOKEN }} 49 | 50 | # Public repositories: 51 | # - Publish results to OpenSSF REST API for easy access by consumers 52 | # - Allows the repository to include the Scorecard badge. 53 | # - See https://github.com/ossf/scorecard-action#publishing-results. 54 | # For private repositories: 55 | # - `publish_results` will always be set to `false`, regardless 56 | # of the value entered here. 57 | publish_results: true 58 | 59 | # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF 60 | # format to the repository Actions tab. 61 | - name: "Upload artifact" 62 | uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 63 | with: 64 | name: SARIF file 65 | path: results.sarif 66 | retention-days: 5 67 | 68 | # Upload the results to GitHub's code scanning dashboard (optional). 69 | # Commenting out will disable upload of results to your repo's Code Scanning dashboard 70 | - name: "Upload to code-scanning" 71 | uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 72 | with: 73 | sarif_file: results.sarif 74 | -------------------------------------------------------------------------------- /.github/workflows/ubuntu.yml: -------------------------------------------------------------------------------- 1 | name: Ubuntu CI 2 | 3 | on: 4 | pull_request: 5 | paths: 6 | - '**.c' 7 | - '**.h' 8 | - '**.i' 9 | - '**.in' 10 | - '**.sh' 11 | - '**.py' 12 | - '**.go' 13 | - '**.java' 14 | - '**.rb' 15 | - .github/workflows/ubuntu.yml 16 | push: 17 | 18 | 19 | permissions: # added using https://github.com/step-security/secure-repo 20 | contents: read 21 | 22 | jobs: 23 | build: 24 | runs-on: ubuntu-24.04 25 | steps: 26 | - uses: actions/checkout@v4 27 | - run: .github/build.sh ubuntu 28 | - uses: actions/upload-artifact@v4 29 | with: 30 | name: openpace 31 | path: 32 | openpace*.tar.gz 33 | 34 | build-ape: 35 | runs-on: ubuntu-24.04 36 | steps: 37 | - uses: actions/checkout@v4 38 | - run: .github/build.sh ape 39 | - uses: actions/upload-artifact@v4 40 | with: 41 | name: openpace-bin 42 | path: 43 | openpace-bin 44 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.sln.docstates 8 | 9 | # Build results 10 | 11 | [Dd]ebug/ 12 | [Rr]elease/ 13 | x64/ 14 | build/ 15 | [Bb]in/ 16 | [Oo]bj/ 17 | 18 | # Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets 19 | !packages/*/build/ 20 | 21 | # MSTest test Results 22 | [Tt]est[Rr]esult*/ 23 | [Bb]uild[Ll]og.* 24 | 25 | *_i.c 26 | *_p.c 27 | *.ilk 28 | *.meta 29 | *.obj 30 | *.pch 31 | *.pdb 32 | *.pgc 33 | *.pgd 34 | *.rsp 35 | *.sbr 36 | *.tlb 37 | *.tli 38 | *.tlh 39 | *.tmp 40 | *.tmp_proj 41 | *.log 42 | *.vspscc 43 | *.vssscc 44 | .builds 45 | *.pidb 46 | *.log 47 | *.scc 48 | 49 | # Visual C++ cache files 50 | ipch/ 51 | *.aps 52 | *.ncb 53 | *.opensdf 54 | *.sdf 55 | *.cachefile 56 | 57 | # Visual Studio profiler 58 | *.psess 59 | *.vsp 60 | *.vspx 61 | 62 | # Guidance Automation Toolkit 63 | *.gpState 64 | 65 | # ReSharper is a .NET coding add-in 66 | _ReSharper*/ 67 | *.[Rr]e[Ss]harper 68 | 69 | # TeamCity is a build add-in 70 | _TeamCity* 71 | 72 | # DotCover is a Code Coverage Tool 73 | *.dotCover 74 | 75 | # NCrunch 76 | *.ncrunch* 77 | .*crunch*.local.xml 78 | 79 | # Installshield output folder 80 | [Ee]xpress/ 81 | 82 | # DocProject is a documentation generator add-in 83 | DocProject/buildhelp/ 84 | DocProject/Help/*.HxT 85 | DocProject/Help/*.HxC 86 | DocProject/Help/*.hhc 87 | DocProject/Help/*.hhk 88 | DocProject/Help/*.hhp 89 | DocProject/Help/Html2 90 | DocProject/Help/html 91 | 92 | # Click-Once directory 93 | publish/ 94 | 95 | # Publish Web Output 96 | *.Publish.xml 97 | 98 | # NuGet Packages Directory 99 | ## TODO: If you have NuGet Package Restore enabled, uncomment the next line 100 | #packages/ 101 | 102 | # Windows Azure Build Output 103 | csx 104 | *.build.csdef 105 | 106 | # Windows Store app package directory 107 | AppPackages/ 108 | 109 | # Others 110 | sql/ 111 | *.Cache 112 | ClientBin/ 113 | [Ss]tyle[Cc]op.* 114 | ~$* 115 | *~ 116 | *.dbmdl 117 | *.[Pp]ublish.xml 118 | *.pfx 119 | *.publishsettings 120 | 121 | # RIA/Silverlight projects 122 | Generated_Code/ 123 | 124 | # Backup & report files from converting an old project file to a newer 125 | # Visual Studio version. Backup files are not needed, because we have git ;-) 126 | _UpgradeReport_Files/ 127 | Backup*/ 128 | UpgradeLog*.XML 129 | UpgradeLog*.htm 130 | 131 | # SQL Server files 132 | App_Data/*.mdf 133 | App_Data/*.ldf 134 | 135 | 136 | #LightSwitch generated files 137 | GeneratedArtifacts/ 138 | _Pvt_Extensions/ 139 | ModelManifest.xml 140 | 141 | # ========================= 142 | # Windows detritus 143 | # ========================= 144 | 145 | # Windows image file caches 146 | Thumbs.db 147 | ehthumbs.db 148 | 149 | # Folder config file 150 | Desktop.ini 151 | 152 | # Recycle Bin used on file shares 153 | $RECYCLE.BIN/ 154 | 155 | # Mac desktop service store files 156 | .DS_Store 157 | bindings/eac_wrap.c 158 | 159 | 160 | # Object files 161 | *.o 162 | *.ko 163 | *.obj 164 | *.elf 165 | # Precompiled Headers 166 | *.gch 167 | *.pch 168 | # Libraries 169 | *.lib 170 | *.a 171 | *.la 172 | *.lo 173 | # Shared objects (inc. Windows DLLs) 174 | *.dll 175 | *.so 176 | *.so.* 177 | *.dylib 178 | # Executables 179 | *.exe 180 | *.out 181 | *.app 182 | *.i*86 183 | *.x86_64 184 | *.hex 185 | 186 | INSTALL 187 | Makefile.in 188 | Makefile 189 | ltmain.sh 190 | stamp-h1 191 | libtool 192 | autom4te.cache 193 | aclocal.m4 194 | compile 195 | configure 196 | depcomp 197 | install-sh 198 | missing 199 | config.guess 200 | config.h 201 | config.h.in 202 | config.log 203 | config.status 204 | config.sub 205 | .libs 206 | .deps 207 | 208 | .*.swp 209 | .*.swo 210 | *-cmdline.c 211 | *-cmdline.h 212 | *.1 213 | *.ggo 214 | tags 215 | src/openssl/ 216 | src/cvc-create 217 | src/eactest 218 | src/example 219 | src/cvc-print 220 | src/cvcprint 221 | bindings/python/cvc_rehash 222 | bindings/python/*.i 223 | bindings/python/OpenPACE.egg-info 224 | bindings/python/dist 225 | eac_wrap.c 226 | SWIGTYPE_p_* 227 | eac.go 228 | eac.java 229 | eac.py 230 | *.pyc 231 | installed_files.txt 232 | setup.py 233 | libeac.pc 234 | _build 235 | Doxyfile 236 | src/docs/conf.py 237 | s_type.java 238 | eacJNI.java 239 | eacConstants.java 240 | efcardsecurity_asn1.conf 241 | openpace-*.tar.gz 242 | openpace-*_win32.zip 243 | 244 | openpace-*.*/ 245 | eac-pki_*/ 246 | bindings/go/example 247 | bindings/java/*.class 248 | bindings/ruby/ext/ 249 | docs/.buildinfo 250 | src/docs/_static/doxygen/ 251 | src/docs/*.txt 252 | -------------------------------------------------------------------------------- /ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ### Expected behaviour 2 | 3 | What should happen? 4 | 5 | 6 | ### Actual behaviour 7 | 8 | What happens instead? 9 | 10 | 11 | ### Steps to reproduce 12 | 13 | 1. 14 | 2. 15 | 3. 16 | 17 | 18 | ### Logs 19 | 20 | Please use Gist (https://gist.github.com/) or a similar code paster for longer 21 | logs. 22 | 23 | ```Paste Log output with less than 10 lines here``` 24 | -------------------------------------------------------------------------------- /NEWS.md: -------------------------------------------------------------------------------- 1 | # OpenPACE X.X.X 2 | 3 | ## Enhancements 4 | 5 | * Improved documentation to match OpenSSF best practices 6 | 7 | ## Bug fixes 8 | 9 | * Added handling of memory errors in language bindings (`get_buf()`) 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OpenPACE *- Cryptographic library for EAC version 2* 2 | 3 | OpenPACE implements Extended Access Control (EAC) version 2 as specified in 4 | BSI TR-03110. OpenPACE comprises support for the following protocols: 5 | 6 | - **Password Authenticated Connection Establishment (PACE)** Establish a secure 7 | channel with a strong key between two parties that only share a weak secret. 8 | - **Terminal Authentication (TA)** Verify/prove the terminal's certificate (or 9 | rather certificate chain) and secret key. 10 | - **Chip Authentication (CA)** Establish a secure channel based on the chip's 11 | static key pair proving its authenticy. 12 | 13 | Furthermore, OpenPACE also supports Card Verifiable Certificates (CV 14 | Certificates) as well as easy to use wrappers for using the established secure 15 | channels. 16 | 17 | The handlers for looking up trust anchors during TA and CA (i.e. the CVCA 18 | and the CSCA certificates) can be customized. By default, the appropriate 19 | certificates will be looked up in the file system. 20 | 21 | OpenPACE supports all variants of PACE (DH/ECDH, GM/IM), TA 22 | (RSASSA-PKCS1-v1_5/RSASSA-PSS/ECDSA), CA (DH/ECDH) and all standardized 23 | domain parameters (GFP/ECP). 24 | 25 | 26 | OpenPACE is implemented as C-library and comes with native language wrappers 27 | for: 28 | 29 | - Python 30 | - Ruby 31 | - Javascript 32 | - Java 33 | - Go 34 | 35 | [![GitHub Ubuntu CI status](https://img.shields.io/github/actions/workflow/status/frankmorgner/openpace/ubuntu.yml?branch=master&label=Ubuntu&logo=github)](https://github.com/frankmorgner/openpace/actions/workflows/ubuntu.yml?branch=master) [![GitHub macOS CI status](https://img.shields.io/github/actions/workflow/status/frankmorgner/openpace/macos.yml?branch=master&label=macOS&logo=github)](https://github.com/frankmorgner/openpace/actions/workflows/macos.yml?branch=master) [![AppVeyor Windows CI status](https://img.shields.io/appveyor/ci/frankmorgner/openpace/master.svg?label=Windows&logo=appveyor)](https://ci.appveyor.com/project/frankmorgner/openpace) [![Coverity Scan CI status](https://img.shields.io/coverity/scan/1789.svg?label=Coverity%20Scan)](https://scan.coverity.com/projects/1789) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9479/badge)](https://www.bestpractices.dev/projects/9479) 36 | 37 | Please refer to [our project's website](http://frankmorgner.github.io/openpace/) for more information. 38 | 39 | ## License 40 | 41 | [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](http://www.gnu.org/licenses/gpl-3.0) 42 | 43 | Proprietary licensing is possible [on request](mailto:frankmorgner@gmail.com?subject=OpenPACE%20proprietary%20license). 44 | 45 | ## Tested Platforms 46 | 47 | - Windows 48 | - Linux (Debian, Ubuntu, SUSE, OpenMoko) 49 | - FreeBSD 50 | - Mac OS 51 | - Solaris 52 | - Android 53 | - Javascript 54 | 55 | ## Dependencies 56 | 57 | - Openssl version 1.0.2 or later 58 | 59 | See the detailled instructions for [building and installing OpenPACE](https://frankmorgner.github.io/openpace/install.html) 60 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | | Version | Supported | 6 | | ---------------------------------------------------------- | ------------------ | 7 | | https://github.com/frankmorgner/openpace/releases/latest | :white_check_mark: | 8 | | < latest release version | :x: | 9 | 10 | ## Reporting a Vulnerability 11 | 12 | Please report vulnerabilities to frankmorgner@gmail.com; you can expect a response within one week. 13 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # All Vagrant configuration is done below. The "2" in Vagrant.configure 5 | # configures the configuration version (we support older styles for 6 | # backwards compatibility). Please don't change it unless you know what 7 | # you're doing. 8 | Vagrant.configure(2) do |config| 9 | config.vm.box = "ubuntu/trusty64" 10 | 11 | # Enable provisioning with a shell script. Additional provisioners such as 12 | # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the 13 | # documentation for more information about their specific syntax and use. 14 | config.vm.provision "shell", inline: <<-SHELL 15 | sudo apt-get update 16 | sudo apt-get install -y build-essential autotools-dev autoconf libtool pkg-config git xutils-dev gengetopt help2man swig python-dev openjdk-7-jdk openjdk-7-jre-headless ruby-dev golang-go gccgo 17 | ln -s /vagrant /home/vagrant/openpace 18 | cd /home/vagrant/openpace 19 | autoreconf -vis 20 | ./configure --enable-openssl-install --enable-python --enable-java --enable-ruby --enable-go GCCGOFLAGS="-static-libgcc -static-libgo" 21 | make 22 | SHELL 23 | end 24 | -------------------------------------------------------------------------------- /bindings/Makefile.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST = ca.i cvc.i eac.i pace.i ta.i util.i objects.i 2 | SUBDIRS = 3 | 4 | if PYTHON_ENABLED 5 | SUBDIRS += python 6 | endif 7 | 8 | if JAVA_ENABLED 9 | SUBDIRS += java 10 | endif 11 | 12 | if RUBY_ENABLED 13 | SUBDIRS += ruby 14 | endif 15 | 16 | if GO_ENABLED 17 | SUBDIRS += go 18 | endif 19 | -------------------------------------------------------------------------------- /bindings/go/Makefile.am: -------------------------------------------------------------------------------- 1 | INTERFACES = $(srcdir)/../ca.i \ 2 | $(srcdir)/../cvc.i \ 3 | $(srcdir)/../eac.i \ 4 | $(srcdir)/../pace.i \ 5 | $(srcdir)/../ta.i \ 6 | $(srcdir)/../objects.i \ 7 | $(srcdir)/../util.i 8 | 9 | EXTRA_DIST = example.go 10 | 11 | lib_LTLIBRARIES = libgeac.la 12 | 13 | nodist_libgeac_la_SOURCES = eac_wrap.c 14 | libgeac_la_CFLAGS = -I$(top_srcdir)/src $(CRYPTO_CFLAGS) 15 | libgeac_la_LDFLAGS = $(top_builddir)/src/libeac.la $(CRYPTO_LIBS) 16 | 17 | eac_wrap.c: $(INTERFACES) 18 | $(SWIG) $(SWIGGOPARAMS) -go -no-cgo -gccgo -outdir $(builddir) -o eac_wrap.c -I$(srcdir)/.. $(srcdir)/../eac.i 19 | 20 | eac.o: eac_wrap.c 21 | $(GCCGO) -c eac.go $(GCCGOFLAGS) 22 | 23 | example.o: libgeac.la $(srcdir)/example.go 24 | $(GCCGO) -c $(srcdir)/example.go $(GCCGOFLAGS) 25 | 26 | example: example.o eac.o 27 | $(GCCGO) example.o eac.o libgeac_la-eac_wrap.o $(top_builddir)/src/.libs/libeac.a $(CRYPTO_LIBS) $(GCCGOFLAGS) -o example 28 | 29 | libgeac_la-local: eac_wrap.c 30 | 31 | all-local: eac.o example 32 | 33 | clean-local: 34 | rm -f eac_wrap.c eac.go 35 | rm -f example example.o 36 | rm -f eac.o 37 | -------------------------------------------------------------------------------- /bindings/go/example.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "eac" 7 | ) 8 | 9 | func main() { 10 | 11 | EF_CARDACCESS := "\x31\x81\x82\x30\x0D\x06\x08\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x01\x02\x30\x12\x06\x0A\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x02\x02\x01\x02\x02\x01\x41\x30\x12\x06\x0A\x04\x00\x7F\x00\x07\x02\x02\x04\x02\x02\x02\x01\x02\x02\x01\x0D\x30\x1C\x06\x09\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x30\x0C\x06\x07\x04\x00\x7F\x00\x07\x01\x02\x02\x01\x0D\x02\x01\x41\x30\x2B\x06\x08\x04\x00\x7F\x00\x07\x02\x02\x06\x16\x1F\x65\x50\x41\x20\x2D\x20\x42\x44\x72\x20\x47\x6D\x62\x48\x20\x2D\x20\x54\x65\x73\x74\x6B\x61\x72\x74\x65\x20\x76\x32\x2E\x30\x04\x49\x17\x15\x41\x19\x28\x80\x0A\x01\xB4\x21\xFA\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x10\x10\x29\x10\x10" 12 | PIN := "123456" 13 | 14 | eac.EAC_init() 15 | 16 | secret := eac.PACE_SEC_new(PIN, eac.PACE_PIN) 17 | 18 | buf := eac.Get_buf(EF_CARDACCESS) 19 | eac.Hexdump("EF.CardAccess", buf) 20 | 21 | /*fmt.Println("Secret:")*/ 22 | /*eac.PACE_SEC_print_private(secret, 4)*/ 23 | 24 | picc_ctx := eac.EAC_CTX_new() 25 | pcd_ctx := eac.EAC_CTX_new() 26 | eac.EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, pcd_ctx) 27 | eac.EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, picc_ctx) 28 | 29 | fmt.Println("PACE step 1") 30 | enc_nonce := eac.PACE_STEP1_enc_nonce(picc_ctx, secret) 31 | 32 | fmt.Println("PACE step 2") 33 | eac.PACE_STEP2_dec_nonce(pcd_ctx, secret, enc_nonce) 34 | 35 | fmt.Println("PACE step 3A") 36 | pcd_mapping_data := eac.PACE_STEP3A_generate_mapping_data(pcd_ctx) 37 | picc_mapping_data := eac.PACE_STEP3A_generate_mapping_data(picc_ctx) 38 | 39 | eac.PACE_STEP3A_map_generator(pcd_ctx, picc_mapping_data) 40 | eac.PACE_STEP3A_map_generator(picc_ctx, pcd_mapping_data) 41 | 42 | fmt.Println("PACE step 3B") 43 | pcd_ephemeral_pubkey := eac.PACE_STEP3B_generate_ephemeral_key(pcd_ctx) 44 | picc_ephemeral_pubkey := eac.PACE_STEP3B_generate_ephemeral_key(picc_ctx) 45 | 46 | eac.PACE_STEP3B_compute_shared_secret(pcd_ctx, picc_ephemeral_pubkey) 47 | eac.PACE_STEP3B_compute_shared_secret(picc_ctx, pcd_ephemeral_pubkey) 48 | 49 | fmt.Println("PACE step 3C") 50 | eac.PACE_STEP3C_derive_keys(pcd_ctx) 51 | eac.PACE_STEP3C_derive_keys(picc_ctx) 52 | 53 | fmt.Println("PACE step 3D") 54 | pcd_token := eac.PACE_STEP3D_compute_authentication_token(pcd_ctx, picc_ephemeral_pubkey) 55 | picc_token := eac.PACE_STEP3D_compute_authentication_token(picc_ctx, pcd_ephemeral_pubkey) 56 | 57 | eac.PACE_STEP3D_verify_authentication_token(pcd_ctx, picc_token) 58 | r := eac.PACE_STEP3D_verify_authentication_token(picc_ctx, pcd_token) 59 | 60 | /*fmt.Println("PICC's EAC_CTX:")*/ 61 | /*eac.EAC_CTX_print_private(picc_ctx, 4)*/ 62 | /*fmt.Println("PCD's EAC_CTX:")*/ 63 | /*eac.EAC_CTX_print_private(pcd_ctx, 4)*/ 64 | 65 | eac.EAC_CTX_clear_free(pcd_ctx) 66 | eac.EAC_CTX_clear_free(picc_ctx) 67 | eac.PACE_SEC_clear_free(secret) 68 | 69 | eac.EAC_cleanup() 70 | 71 | if r != 1 { 72 | os.Exit(1) 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /bindings/java/EAC_Example.java: -------------------------------------------------------------------------------- 1 | import java.io.UnsupportedEncodingException; 2 | import java.math.BigInteger; 3 | 4 | public class EAC_Example { 5 | static { 6 | System.loadLibrary("jeac"); 7 | } 8 | 9 | public static void main(String argv[]) { 10 | final byte[] EF_CARDACCESS = new BigInteger("318182300D060804007F00070202020201023012060A04007F000702020302020201020201413012060A04007F0007020204020202010202010D301C060904007F000702020302300C060704007F0007010202010D020141302B060804007F0007020206161F655041202D2042447220476D6248202D20546573746B617274652076322E3004491715411928800A01B421FA07000000000000000000000000000000000000201010291010", 16).toByteArray(); 11 | final String pin = "123456"; 12 | byte[] PIN = null; 13 | try { 14 | PIN = pin.getBytes("ISO-8859-1"); 15 | } catch (UnsupportedEncodingException ex) { 16 | } 17 | 18 | eac.EAC_init(); 19 | 20 | SWIGTYPE_p_PACE_SEC secret = eac.PACE_SEC_new(PIN, s_type.PACE_PIN); 21 | 22 | SWIGTYPE_p_BUF_MEM buf = eac.get_buf(EF_CARDACCESS); 23 | eac.hexdump("EF.CardAccess", buf); 24 | 25 | //System.out.println("Secret:"); 26 | //System.out.println(eac.PACE_SEC_print_private(secret, 4)); 27 | 28 | SWIGTYPE_p_EAC_CTX picc_ctx = eac.EAC_CTX_new(); 29 | SWIGTYPE_p_EAC_CTX pcd_ctx = eac.EAC_CTX_new(); 30 | eac.EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, pcd_ctx); 31 | eac.EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, picc_ctx); 32 | 33 | System.out.println("PACE step 1"); 34 | SWIGTYPE_p_BUF_MEM enc_nonce = eac.PACE_STEP1_enc_nonce(picc_ctx, secret); 35 | 36 | System.out.println("PACE step 2"); 37 | eac.PACE_STEP2_dec_nonce(pcd_ctx, secret, enc_nonce); 38 | 39 | System.out.println("PACE step 3A"); 40 | SWIGTYPE_p_BUF_MEM pcd_mapping_data = eac.PACE_STEP3A_generate_mapping_data(pcd_ctx); 41 | SWIGTYPE_p_BUF_MEM picc_mapping_data = eac.PACE_STEP3A_generate_mapping_data(picc_ctx); 42 | 43 | eac.PACE_STEP3A_map_generator(pcd_ctx, picc_mapping_data); 44 | eac.PACE_STEP3A_map_generator(picc_ctx, pcd_mapping_data); 45 | 46 | System.out.println("PACE step 3B"); 47 | SWIGTYPE_p_BUF_MEM pcd_ephemeral_pubkey = eac.PACE_STEP3B_generate_ephemeral_key(pcd_ctx); 48 | SWIGTYPE_p_BUF_MEM picc_ephemeral_pubkey = eac.PACE_STEP3B_generate_ephemeral_key(picc_ctx); 49 | 50 | eac.PACE_STEP3B_compute_shared_secret(pcd_ctx, picc_ephemeral_pubkey); 51 | eac.PACE_STEP3B_compute_shared_secret(picc_ctx, pcd_ephemeral_pubkey); 52 | 53 | System.out.println("PACE step 3C"); 54 | eac.PACE_STEP3C_derive_keys(pcd_ctx); 55 | eac.PACE_STEP3C_derive_keys(picc_ctx); 56 | 57 | System.out.println("PACE step 3D"); 58 | SWIGTYPE_p_BUF_MEM pcd_token = eac.PACE_STEP3D_compute_authentication_token(pcd_ctx, picc_ephemeral_pubkey); 59 | SWIGTYPE_p_BUF_MEM picc_token = eac.PACE_STEP3D_compute_authentication_token(picc_ctx, pcd_ephemeral_pubkey); 60 | 61 | eac.PACE_STEP3D_verify_authentication_token(pcd_ctx, picc_token); 62 | int r = eac.PACE_STEP3D_verify_authentication_token(picc_ctx, pcd_token); 63 | 64 | //System.out.println("PICC's EAC_CTX:"); 65 | //System.out.println(eac.EAC_CTX_print_private(picc_ctx, 4)); 66 | //System.out.println("PCD's EAC_CTX:"); 67 | //System.out.println(eac.EAC_CTX_print_private(pcd_ctx, 4)); 68 | 69 | eac.EAC_CTX_clear_free(pcd_ctx); 70 | eac.EAC_CTX_clear_free(picc_ctx); 71 | eac.PACE_SEC_clear_free(secret); 72 | 73 | eac.EAC_cleanup(); 74 | 75 | if (r != 1) 76 | System.out.println("Result was: " + r); 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /bindings/java/Makefile.am: -------------------------------------------------------------------------------- 1 | INTERFACES = $(srcdir)/../ca.i \ 2 | $(srcdir)/../cvc.i \ 3 | $(srcdir)/../eac.i \ 4 | $(srcdir)/../pace.i \ 5 | $(srcdir)/../ta.i \ 6 | $(srcdir)/../objects.i \ 7 | $(srcdir)/../util.i 8 | 9 | BUILT_SOURCES_SWIG = eacConstants.java \ 10 | eac.java \ 11 | eacJNI.java \ 12 | s_type.java \ 13 | SWIGTYPE_p_BUF_MEM.java \ 14 | SWIGTYPE_p_CVC_CERTIFICATE_DESCRIPTION.java \ 15 | SWIGTYPE_p_CVC_CERT.java \ 16 | SWIGTYPE_p_CVC_CHAT.java \ 17 | SWIGTYPE_p_EAC_CTX.java \ 18 | SWIGTYPE_p_PACE_SEC.java \ 19 | SWIGTYPE_p_p_BUF_MEM.java \ 20 | SWIGTYPE_p_p_char.java \ 21 | SWIGTYPE_p_size_t.java \ 22 | SWIGTYPE_p_unsigned_char.java \ 23 | eac_wrap.c 24 | 25 | CLASSES_SWIG = SWIGTYPE_p_BUF_MEM.class \ 26 | SWIGTYPE_p_CVC_CERT.class \ 27 | SWIGTYPE_p_CVC_CERTIFICATE_DESCRIPTION.class \ 28 | SWIGTYPE_p_CVC_CHAT.class \ 29 | SWIGTYPE_p_EAC_CTX.class \ 30 | SWIGTYPE_p_PACE_SEC.class \ 31 | SWIGTYPE_p_p_BUF_MEM.class \ 32 | SWIGTYPE_p_p_char.class \ 33 | SWIGTYPE_p_size_t.class \ 34 | SWIGTYPE_p_unsigned_char.class \ 35 | eacConstants.class \ 36 | eacJNI.class \ 37 | s_type.class \ 38 | eac.class 39 | 40 | CLASSES_EXAMPLE = EAC_Example.class 41 | 42 | EXTRA_DIST = EAC_Example.java 43 | CLEANFILES = $(CLASSES_SWIG) $(CLASSES_EXAMPLE) $(BUILT_SOURCES_SWIG) 44 | 45 | lib_LTLIBRARIES = libjeac.la 46 | 47 | openpace_javadir = $(pkgdatadir)/java 48 | openpace_java_DATA = EAC_Example.java $(CLASSES_EXAMPLE) $(CLASSES_SWIG) 49 | 50 | nodist_libjeac_la_SOURCES = eac_wrap.c 51 | libjeac_la_CFLAGS = -I$(top_srcdir)/src $(CRYPTO_CFLAGS) $(JAVA_CFLAGS) 52 | libjeac_la_LDFLAGS = $(top_builddir)/src/libeac.la $(CRYPTO_LIBS) 53 | 54 | $(BUILT_SOURCES_SWIG): $(INTERFACES) 55 | $(SWIG) -java -outdir $(builddir) -o eac_wrap.c -I$(srcdir)/.. $(srcdir)/../eac.i 56 | 57 | libjeac_la-local: $(BUILT_SOURCES_SWIG) 58 | 59 | all-local: $(CLASSES_EXAMPLE) 60 | 61 | $(CLASSES_EXAMPLE): $(srcdir)/EAC_Example.java $(BUILT_SOURCES_SWIG) 62 | $(JAVAC) $(JAVACFLAGS) -d $(builddir) -sourcepath $(builddir) $(srcdir)/EAC_Example.java 63 | 64 | %.class: %.java 65 | $(JAVAC) $(JAVACFLAGS) -d $(builddir) -sourcepath $(builddir) $*.java 66 | -------------------------------------------------------------------------------- /bindings/python/Makefile.am: -------------------------------------------------------------------------------- 1 | INTERFACES = $(srcdir)/../ca.i \ 2 | $(srcdir)/../cvc.i \ 3 | $(srcdir)/../eac.i \ 4 | $(srcdir)/../pace.i \ 5 | $(srcdir)/../ta.i \ 6 | $(srcdir)/../objects.i \ 7 | $(srcdir)/../util.i 8 | 9 | EXTRA_DIST = setup.py.in cvc_rehash.in test.py chat.py example.py pace_entity.py 10 | CLEANFILES = setup.py 11 | bin_SCRIPTS = cvc_rehash 12 | 13 | do_subst=$(SED)\ 14 | -e's,[@]CFLAGS[@],$(CFLAGS),g'\ 15 | -e's,[@]CPPFLAGS[@],$(CPPFLAGS),g'\ 16 | -e's,[@]CRYPTO_CFLAGS[@],$(CRYPTO_CFLAGS),g'\ 17 | -e's,[@]CRYPTO_LIBS[@],'"$(CRYPTO_LIBS)"',g'\ 18 | -e's,[@]LIBS[@],$(LIBS),g'\ 19 | -e's,[@]OPENPACE_CFLAGS[@],-I$(top_srcdir)/src,g'\ 20 | -e's,[@]OPENPACE_LIBS[@],-L$(top_builddir)/src/.libs -leac,g'\ 21 | -e's,[@]PACKAGE_NAME[@],$(PACKAGE_NAME),g'\ 22 | -e's,[@]PACKAGE_NAME[@],$(PACKAGE_NAME),g'\ 23 | -e's,[@]PACKAGE_URL[@],$(PACKAGE_URL),g'\ 24 | -e's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'\ 25 | -e's,[@]PYTHON[@],$(PYTHON),g'\ 26 | -e's,[@]builddir[@],$(builddir),g'\ 27 | -e's,[@]sysconfdir[@],$(sysconfdir),g'\ 28 | -e's,[@]srcdir[@],$(srcdir),g' 29 | 30 | 31 | all-local: eac.py 32 | 33 | $(top_builddir)/src/libeac.la: 34 | $(MAKE) -C $(top_builddir)/src libeac.la 35 | 36 | setup.py: setup.py.in $(top_builddir)/src/libeac.la 37 | @$(do_subst) < $(srcdir)/setup.py.in > setup.py 38 | 39 | cvc_rehash: cvc_rehash.in 40 | @$(do_subst) < $(srcdir)/cvc_rehash.in > cvc_rehash 41 | 42 | eac.py: $(INTERFACES) setup.py 43 | for f in $(INTERFACES); do cp $$f .; done 44 | env CC="$(CC)" $(PYTHON) setup.py build_ext --swig=$(SWIG) 45 | 46 | # Androids implementation does not honour --root=$(DESTDIR) so we change the prefix 47 | install-exec-local: 48 | env CC="$(CC)" $(PYTHON) setup.py install --prefix=$(DESTDIR)$(prefix) --exec-prefix=$(DESTDIR)$(exec_prefix) --record installed_files.txt 49 | 50 | uninstall-local: 51 | cat installed_files.txt | xargs rm -rf 52 | 53 | clean-local: 54 | rm -rf build eac_wrap.c eac.py 55 | rm -f *.pyc setup.inc 56 | rm -f *.i 57 | rm -rf OpenPACE.egg-info dist installed_files.txt 58 | 59 | distclean-local: 60 | rm -f cvc_rehash setup 61 | -------------------------------------------------------------------------------- /bindings/python/cvc_rehash.in: -------------------------------------------------------------------------------- 1 | #! @PYTHON@ 2 | """ 3 | Copyright (c) 2010-2012 Dominik Oepen and Frank Morgner 4 | 5 | This file is part of OpenPACE. 6 | 7 | OpenPACE is free software: you can redistribute it and/or modify it under 8 | the terms of the GNU General Public License as published by the Free 9 | Software Foundation, either version 3 of the License, or (at your option) 10 | any later version. 11 | 12 | OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 13 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 14 | FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 15 | details. 16 | 17 | You should have received a copy of the GNU General Public License along with 18 | OpenPACE. If not, see . 19 | 20 | Additional permission under GNU GPL version 3 section 7 21 | 22 | If you modify this Program, or any covered work, by linking or combining it 23 | with OpenSSL (or a modified version of that library), containing 24 | parts covered by the terms of OpenSSL's license, the licensors of 25 | this Program grant you additional permission to convey the resulting work. 26 | Corresponding Source for a non-source form of such a combination shall include 27 | the source code for the parts of OpenSSL used as well as that of the 28 | covered work. 29 | 30 | If you modify this Program, or any covered work, by linking or combining it 31 | with OpenSC (or a modified version of that library), containing 32 | parts covered by the terms of OpenSC's license, the licensors of 33 | this Program grant you additional permission to convey the resulting work. 34 | Corresponding Source for a non-source form of such a combination shall include 35 | the source code for the parts of OpenSC used as well as that of the 36 | covered work. 37 | """ 38 | 39 | import os 40 | import sys 41 | import platform 42 | import shutil 43 | 44 | try: 45 | from chat import CVC 46 | except ImportError: 47 | print("Failed to load OpenPACE python bindings.") 48 | print("Make sure you have the bindings installed and have PYTHONPATH and LD_LIBRARY_PATH setup correctly.") 49 | sys.exit(1) 50 | 51 | def hash_dir(dir): 52 | files = os.listdir(dir) 53 | os.chdir(dir) 54 | for file in files: 55 | try: 56 | cvc = CVC(open(file).read()) 57 | if platform.system() == 'Windows': 58 | print "Copying " + file + " to " + cvc.get_chr() 59 | shutil.copyfile(file, cvc.get_chr()) 60 | else: 61 | print "Linking " + cvc.get_chr() + " to " + file 62 | os.symlink(file, cvc.get_chr()) 63 | except Exception: 64 | pass 65 | 66 | if __name__ == "__main__": 67 | dir = "@sysconfdir@/eac" 68 | 69 | if len(sys.argv) > 1: 70 | dirlist = sys.argv[1:] 71 | elif os.environ.has_key('CVC_CERT_DIR'): 72 | dirlist = os.environ['CVC_CERT_DIR'].split(':') 73 | else: 74 | dirlist = [dir] 75 | 76 | for d in dirlist: 77 | if os.path.isdir(d) and os.access(d, os.W_OK): 78 | hash_dir(d) 79 | -------------------------------------------------------------------------------- /bindings/python/example.py: -------------------------------------------------------------------------------- 1 | EF_CARDACCESS = b"\x31\x81\x82\x30\x0D\x06\x08\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x01\x02\x30\x12\x06\x0A\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x02\x02\x01\x02\x02\x01\x41\x30\x12\x06\x0A\x04\x00\x7F\x00\x07\x02\x02\x04\x02\x02\x02\x01\x02\x02\x01\x0D\x30\x1C\x06\x09\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x30\x0C\x06\x07\x04\x00\x7F\x00\x07\x01\x02\x02\x01\x0D\x02\x01\x41\x30\x2B\x06\x08\x04\x00\x7F\x00\x07\x02\x02\x06\x16\x1F\x65\x50\x41\x20\x2D\x20\x42\x44\x72\x20\x47\x6D\x62\x48\x20\x2D\x20\x54\x65\x73\x74\x6B\x61\x72\x74\x65\x20\x76\x32\x2E\x30\x04\x49\x17\x15\x41\x19\x28\x80\x0A\x01\xB4\x21\xFA\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x10\x10\x29\x10\x10" 2 | PIN = b"123456" 3 | 4 | import eac 5 | eac.EAC_init() 6 | 7 | secret = eac.PACE_SEC_new(PIN, eac.PACE_PIN) 8 | 9 | buf = eac.get_buf(EF_CARDACCESS) 10 | eac.hexdump(b"EF.CardAccess", buf) 11 | 12 | print("Secret:") 13 | print(eac.PACE_SEC_print_private(secret, 4)) 14 | 15 | picc_ctx = eac.EAC_CTX_new() 16 | pcd_ctx = eac.EAC_CTX_new() 17 | eac.EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, pcd_ctx) 18 | eac.EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, picc_ctx) 19 | 20 | print("PACE step 1") 21 | enc_nonce = eac.PACE_STEP1_enc_nonce(picc_ctx, secret) 22 | 23 | print("PACE step 2") 24 | eac.PACE_STEP2_dec_nonce(pcd_ctx, secret, enc_nonce) 25 | 26 | print("PACE step 3A") 27 | pcd_mapping_data = eac.PACE_STEP3A_generate_mapping_data(pcd_ctx) 28 | picc_mapping_data = eac.PACE_STEP3A_generate_mapping_data(picc_ctx) 29 | 30 | eac.PACE_STEP3A_map_generator(pcd_ctx, picc_mapping_data) 31 | eac.PACE_STEP3A_map_generator(picc_ctx, pcd_mapping_data) 32 | 33 | print("PACE step 3B") 34 | pcd_ephemeral_pubkey = eac.PACE_STEP3B_generate_ephemeral_key(pcd_ctx) 35 | picc_ephemeral_pubkey = eac.PACE_STEP3B_generate_ephemeral_key(picc_ctx) 36 | 37 | eac.PACE_STEP3B_compute_shared_secret(pcd_ctx, picc_ephemeral_pubkey) 38 | eac.PACE_STEP3B_compute_shared_secret(picc_ctx, pcd_ephemeral_pubkey) 39 | 40 | print("PACE step 3C") 41 | eac.PACE_STEP3C_derive_keys(pcd_ctx) 42 | eac.PACE_STEP3C_derive_keys(picc_ctx) 43 | 44 | print("PACE step 3D") 45 | pcd_token = eac.PACE_STEP3D_compute_authentication_token(pcd_ctx, picc_ephemeral_pubkey) 46 | picc_token = eac.PACE_STEP3D_compute_authentication_token(picc_ctx, pcd_ephemeral_pubkey) 47 | 48 | eac.PACE_STEP3D_verify_authentication_token(pcd_ctx, picc_token) 49 | r = eac.PACE_STEP3D_verify_authentication_token(picc_ctx, pcd_token) 50 | 51 | print("PICC's EAC_CTX:") 52 | print(eac.EAC_CTX_print_private(picc_ctx, 4)) 53 | print("PCD's EAC_CTX:") 54 | print(eac.EAC_CTX_print_private(pcd_ctx, 4)) 55 | 56 | eac.EAC_CTX_clear_free(pcd_ctx) 57 | eac.EAC_CTX_clear_free(picc_ctx) 58 | eac.PACE_SEC_clear_free(secret) 59 | 60 | eac.EAC_cleanup() 61 | 62 | if r != 1: 63 | sys.exit(1) 64 | -------------------------------------------------------------------------------- /bindings/python/setup.py.in: -------------------------------------------------------------------------------- 1 | #!@PYTHON@ 2 | 3 | """ 4 | setup.py file for OpenPACE wrapper 5 | """ 6 | from setuptools import setup, Extension 7 | import shlex 8 | 9 | #The following variables are set by autotools at build-time 10 | OPENPACE_LIBS = '@OPENPACE_LIBS@' 11 | OPENPACE_CFLAGS = '@OPENPACE_CFLAGS@' 12 | CRYPTO_LIBS = '@CRYPTO_LIBS@' 13 | CRYPTO_CFLAGS = '@CRYPTO_CFLAGS@' 14 | CFLAGS = '@CFLAGS@' 15 | CPPFLAGS = '@CPPFLAGS@' 16 | LIBS = '@LIBS@' 17 | 18 | all_libs = shlex.split(LIBS + ' ' + OPENPACE_LIBS + ' ' + CRYPTO_LIBS) 19 | all_cflags = shlex.split(CPPFLAGS + ' ' + CFLAGS + ' ' + OPENPACE_CFLAGS + ' ' + CRYPTO_CFLAGS) 20 | 21 | #Prepare the external module that we want to build 22 | eac_module = Extension('_eac', 23 | sources=['eac.i'], 24 | extra_compile_args=all_cflags, 25 | extra_link_args=all_libs) 26 | 27 | #Setup Distutils 28 | setup (name = '@PACKAGE_NAME@', 29 | version = '@PACKAGE_VERSION@', 30 | author = "Dominik Oepen", 31 | author_email = "oepen@informatik.hu-berlin.de", 32 | url = "@PACKAGE_URL@", 33 | description = """Python wrapper for @PACKAGE_NAME@""", 34 | classifiers = [ 'Intended Audience :: Developers', 35 | 'Operating System :: POSIX', 36 | 'License :: OSI Approved :: GNU General Public License (GPL)', 37 | 'Operating System :: POSIX :: Linux', 38 | ], 39 | ext_modules = [eac_module], 40 | py_modules = ['eac', 'chat', 'pace_entity'], 41 | ) 42 | -------------------------------------------------------------------------------- /bindings/ruby/Makefile.am: -------------------------------------------------------------------------------- 1 | INTERFACES = $(srcdir)/../ca.i \ 2 | $(srcdir)/../cvc.i \ 3 | $(srcdir)/../eac.i \ 4 | $(srcdir)/../ta.i \ 5 | $(srcdir)/../objects.i \ 6 | $(srcdir)/../util.i 7 | 8 | BUILT_SOURCES_RUBY = eac_wrap.c 9 | 10 | EXTRA_DIST = example.rb extconf.rb.in 11 | CLEANFILES = $(BUILT_SOURCES_RUBY) 12 | 13 | do_subst=$(SED)\ 14 | -e's,[@]prefix[@],$(prefix),g'\ 15 | -e's,[@]CFLAGS[@],$(CFLAGS),g'\ 16 | -e's,[@]LDFLAGS[@],$(LDFLAGS),g'\ 17 | -e's,[@]CPPFLAGS[@],$(CPPFLAGS),g'\ 18 | -e's,[@]CRYPTO_CFLAGS[@],$(CRYPTO_CFLAGS),g'\ 19 | -e's,[@]CRYPTO_LIBS[@],'"$(CRYPTO_LIBS)"',g'\ 20 | -e's,[@]OPENPACE_CFLAGS[@],-I$(abs_top_srcdir)/src,g'\ 21 | -e's,[@]OPENPACE_LIBS[@],$(abs_top_builddir)/src/.libs/libeac.so,g' 22 | 23 | $(BUILT_SOURCES_RUBY): $(INTERFACES) 24 | 25 | ext/extconf.rb: $(srcdir)/extconf.rb.in 26 | mkdir -p ext 27 | @$(do_subst) < $(srcdir)/extconf.rb.in > ext/extconf.rb 28 | 29 | eac_wrap.c: 30 | $(SWIG) -ruby -outdir $(builddir) -o eac_wrap.c -I$(srcdir)/.. $(srcdir)/../eac.i 31 | 32 | ext/Makefile: ext/extconf.rb eac_wrap.c $(top_builddir)/src/libeac.la 33 | cd ext && $(RUBY) extconf.rb 34 | echo '' >> ext/Makefile 35 | echo 'uninstall:' >> ext/Makefile 36 | echo ' $$(RM) $$(RUBYARCHDIR)/$$(DLLIB)' >> ext/Makefile 37 | 38 | ext/eac.so: ext/Makefile 39 | $(MAKE) -C ext 40 | 41 | all-local: ext/eac.so 42 | 43 | clean-local: 44 | $(MAKE) clean -C ext || true 45 | 46 | distclean-local: 47 | rm -rf ext 48 | 49 | install-exec-local: 50 | rm -f ext/.RUBYARCHDIR.time 51 | (test -z "$(DESTDIR)" \ 52 | && $(MAKE) install -C ext DESTDIR=$(prefix)) \ 53 | || $(MAKE) install -C ext DESTDIR=$(DESTDIR) 54 | 55 | uninstall-local: 56 | (test -z "$(DESTDIR)" \ 57 | && $(MAKE) uninstall -C ext DESTDIR=$(prefix)) \ 58 | || $(MAKE) uninstall -C ext DESTDIR=$(DESTDIR) 59 | -------------------------------------------------------------------------------- /bindings/ruby/example.rb: -------------------------------------------------------------------------------- 1 | EF_CARDACCESS = ["318182300D060804007F00070202020201023012060A04007F000702020302020201020201413012060A04007F0007020204020202010202010D301C060904007F000702020302300C060704007F0007010202010D020141302B060804007F0007020206161F655041202D2042447220476D6248202D20546573746B617274652076322E3004491715411928800A01B421FA07000000000000000000000000000000000000201010291010"].pack('H*') 2 | PIN = "123456" 3 | 4 | require 'eac' 5 | Eac.EAC_init() 6 | 7 | secret = Eac.PACE_SEC_new(PIN, Eac::PACE_PIN) 8 | 9 | buf = Eac.get_buf(EF_CARDACCESS) 10 | Eac.hexdump("EF.CardAccess", buf) 11 | 12 | puts "Secret:" 13 | puts Eac.PACE_SEC_print_private(secret, 4) 14 | 15 | picc_ctx = Eac.EAC_CTX_new() 16 | pcd_ctx = Eac.EAC_CTX_new() 17 | Eac.EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, pcd_ctx) 18 | Eac.EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, picc_ctx) 19 | 20 | puts "PACE step 1" 21 | enc_nonce = Eac.PACE_STEP1_enc_nonce(picc_ctx, secret) 22 | 23 | puts "PACE step 2" 24 | Eac.PACE_STEP2_dec_nonce(pcd_ctx, secret, enc_nonce) 25 | 26 | puts "PACE step 3A" 27 | pcd_mapping_data = Eac.PACE_STEP3A_generate_mapping_data(pcd_ctx) 28 | picc_mapping_data = Eac.PACE_STEP3A_generate_mapping_data(picc_ctx) 29 | 30 | Eac.PACE_STEP3A_map_generator(pcd_ctx, picc_mapping_data) 31 | Eac.PACE_STEP3A_map_generator(picc_ctx, pcd_mapping_data) 32 | 33 | puts "PACE step 3B" 34 | pcd_ephemeral_pubkey = Eac.PACE_STEP3B_generate_ephemeral_key(pcd_ctx) 35 | picc_ephemeral_pubkey = Eac.PACE_STEP3B_generate_ephemeral_key(picc_ctx) 36 | 37 | Eac.PACE_STEP3B_compute_shared_secret(pcd_ctx, picc_ephemeral_pubkey) 38 | Eac.PACE_STEP3B_compute_shared_secret(picc_ctx, pcd_ephemeral_pubkey) 39 | 40 | puts "PACE step 3C" 41 | Eac.PACE_STEP3C_derive_keys(pcd_ctx) 42 | Eac.PACE_STEP3C_derive_keys(picc_ctx) 43 | 44 | puts "PACE step 3D" 45 | pcd_token = Eac.PACE_STEP3D_compute_authentication_token(pcd_ctx, picc_ephemeral_pubkey) 46 | picc_token = Eac.PACE_STEP3D_compute_authentication_token(picc_ctx, pcd_ephemeral_pubkey) 47 | 48 | Eac.PACE_STEP3D_verify_authentication_token(pcd_ctx, picc_token) 49 | r = Eac.PACE_STEP3D_verify_authentication_token(picc_ctx, pcd_token) 50 | 51 | puts "PICC's EAC_CTX:" 52 | puts Eac.EAC_CTX_print_private(picc_ctx, 4) 53 | puts "PCD's EAC_CTX:" 54 | puts Eac.EAC_CTX_print_private(pcd_ctx, 4) 55 | 56 | Eac.EAC_CTX_clear_free(pcd_ctx) 57 | Eac.EAC_CTX_clear_free(picc_ctx) 58 | Eac.PACE_SEC_clear_free(secret) 59 | 60 | Eac.EAC_cleanup() 61 | 62 | if r != 1 63 | exit 1 64 | end 65 | -------------------------------------------------------------------------------- /bindings/ruby/extconf.rb.in: -------------------------------------------------------------------------------- 1 | require 'mkmf' 2 | $CFLAGS = '@OPENPACE_CFLAGS@ @CRYPTO_CFLAGS@ @CFLAGS@' 3 | $LDFLAGS = '@OPENPACE_LIBS@ @CRYPTO_LIBS@ @LDFLAGS@' 4 | $CPPFLAGS = '@CPPFLAGS@' 5 | $prefix = '@prefix@' 6 | create_makefile('eac', '..') 7 | -------------------------------------------------------------------------------- /bindings/win32/eac.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.21005.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eac", "eac.vcxproj", "{2C1E517E-B31E-4AAE-A0F0-6F81F19328C4}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Release|Win32 = Release|Win32 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {2C1E517E-B31E-4AAE-A0F0-6F81F19328C4}.Debug|Win32.ActiveCfg = Release|Win32 15 | {2C1E517E-B31E-4AAE-A0F0-6F81F19328C4}.Debug|Win32.Build.0 = Release|Win32 16 | {2C1E517E-B31E-4AAE-A0F0-6F81F19328C4}.Release|Win32.ActiveCfg = Release|Win32 17 | {2C1E517E-B31E-4AAE-A0F0-6F81F19328C4}.Release|Win32.Build.0 = Release|Win32 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | EndGlobal 23 | -------------------------------------------------------------------------------- /bindings/win32/eac.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav 15 | 16 | 17 | {3e739669-f349-4290-8263-0476637111a6} 18 | False 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | Generated Files 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /bootstrap: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | AUTORECONF=${AUTORECONF:-autoreconf} 4 | MAKE=${MAKE:-make} 5 | 6 | if ! test -d ${WD} 7 | then 8 | mkdir -p ${WD} && cd ${WD} \ 9 | || exit $? 10 | fi 11 | 12 | # Create autoconf files 13 | if ! test -x configure 14 | then 15 | ${AUTORECONF} --verbose --install --symlink \ 16 | || exit $? 17 | fi 18 | 19 | # Configure OpenPACE 20 | if ! test -r Makefile 21 | then 22 | ./configure \ 23 | || exit $? 24 | fi 25 | 26 | # Build OpenPACE 27 | if ! test -x src/eactest 28 | then 29 | ${MAKE} \ 30 | || exit $? 31 | fi 32 | 33 | src/eactest \ 34 | || exit $? 35 | -------------------------------------------------------------------------------- /cv_cert/at_cert_19a.cvcert: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/cv_cert/at_cert_19a.cvcert -------------------------------------------------------------------------------- /cv_cert/at_cert_19a_ecdh.cvcert: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/cv_cert/at_cert_19a_ecdh.cvcert -------------------------------------------------------------------------------- /cv_cert/cvca-eid.cv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/cv_cert/cvca-eid.cv -------------------------------------------------------------------------------- /cv_cert/dv_cert_19.cvcert: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/cv_cert/dv_cert_19.cvcert -------------------------------------------------------------------------------- /cv_cert/dv_cert_19_ecdh.cvcert: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/cv_cert/dv_cert_19_ecdh.cvcert -------------------------------------------------------------------------------- /docs/.nojekyll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/.nojekyll -------------------------------------------------------------------------------- /docs/_sources/programming.txt: -------------------------------------------------------------------------------- 1 | .. highlight:: sh 2 | 3 | .. _bindings: 4 | 5 | 6 | ############################################################################### 7 | Programming with OpenPACE 8 | ############################################################################### 9 | 10 | 11 | ******************************************************************************* 12 | Using OpenPACE in C/C++ 13 | ******************************************************************************* 14 | 15 | .. seealso:: 16 | 17 | The `OpenPACE API documentation <_static/doxygen/modules.html>`_ 18 | has all details of the native C/C++ interface. 19 | 20 | Here we have a small example in C: 21 | 22 | .. literalinclude:: ./../../src/example.c 23 | :language: c 24 | 25 | .. seealso:: 26 | Have a look at the `OpenSC Project`_ for a more complex project 27 | that uses the C Interface from OpenPACE. 28 | 29 | 30 | ******************************************************************************* 31 | Using OpenPACE in Python 32 | ******************************************************************************* 33 | 34 | Python bindings must be configured with :option:`--enable-python`. They depend 35 | on SWIG and Python. 36 | 37 | In case of a non-standard installation of OpenPACE you might -- in addition to 38 | :envvar:`LD_LIBRARY_PATH` -- also need to setup the :envvar:`PYTHONPATH` 39 | environment variable. 40 | 41 | Here is a sample script that shows how OpenPACE is accessed from Python: 42 | 43 | .. literalinclude:: ./../../bindings/python/example.py 44 | :language: python 45 | 46 | .. seealso:: 47 | Have a look at the `Emulator for the German Identity Card`_ for a more 48 | complex project that uses the Python Interface from OpenPACE. 49 | 50 | Unfortunately, OpenPACE's Python bindings are currently poorly documented. 51 | 52 | .. versionadded:: 0.8 53 | The SWIG bindings from `pyPACE`_ have been integrated into OpenPACE. 54 | 55 | 56 | ******************************************************************************* 57 | Using OpenPACE in Ruby 58 | ******************************************************************************* 59 | 60 | Ruby bindings must be configured with :option:`--enable-ruby`. They depend on 61 | SWIG and Ruby. 62 | 63 | Here is a sample script that shows how OpenPACE is accessed from Ruby: 64 | 65 | .. literalinclude:: ./../../bindings/ruby/example.rb 66 | :language: ruby 67 | 68 | .. versionadded:: 0.9 69 | Added Ruby bindings. 70 | 71 | 72 | ******************************************************************************* 73 | Using OpenPACE in Go 74 | ******************************************************************************* 75 | 76 | Go bindings must be configured with :option:`--enable-go`. They depend on SWIG 77 | and ``gccgo``. 78 | 79 | Here is a sample program that shows how OpenPACE is accessed from Go: 80 | 81 | .. literalinclude:: ./../../bindings/go/example.go 82 | :language: go 83 | 84 | .. versionadded:: 0.9 85 | Added Go bindings. 86 | 87 | 88 | ******************************************************************************* 89 | Using OpenPACE in Java 90 | ******************************************************************************* 91 | 92 | Ruby bindings must be configured with :option:`--enable-java`. They depend on 93 | SWIG, a java compiler and the JNI developement headers. You may set the 94 | :envvar:`JAVAC` environment variable to your preferred Java compiler. 95 | 96 | Here is a sample program that shows how OpenPACE is accessed from Java: 97 | 98 | .. literalinclude:: ./../../bindings/java/Example.java 99 | :language: java 100 | 101 | 102 | .. target-notes:: 103 | 104 | .. _`SWIG`: http://swig.org 105 | .. _`pyPACE`: http://pypace.sourceforge.net 106 | .. _`OpenSC Project`: https://github.com/OpenSC/OpenSC/blob/master/src/sm/sm-eac.c 107 | .. _`Emulator for the German Identity Card`: https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html 108 | -------------------------------------------------------------------------------- /docs/_static/Makefile.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST = eactest.html eactest.html.mem eactest.js logo_132.png 2 | -------------------------------------------------------------------------------- /docs/_static/bootstrap-2.3.2/img/glyphicons-halflings-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootstrap-2.3.2/img/glyphicons-halflings-white.png -------------------------------------------------------------------------------- /docs/_static/bootstrap-2.3.2/img/glyphicons-halflings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootstrap-2.3.2/img/glyphicons-halflings.png -------------------------------------------------------------------------------- /docs/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /docs/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /docs/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /docs/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootstrap-3.3.7/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /docs/_static/bootstrap-3.3.7/js/npm.js: -------------------------------------------------------------------------------- 1 | // This file is autogenerated via the `commonjs` Grunt task. You can require() this file in a CommonJS environment. 2 | require('../../js/transition.js') 3 | require('../../js/alert.js') 4 | require('../../js/button.js') 5 | require('../../js/carousel.js') 6 | require('../../js/collapse.js') 7 | require('../../js/dropdown.js') 8 | require('../../js/modal.js') 9 | require('../../js/tooltip.js') 10 | require('../../js/popover.js') 11 | require('../../js/scrollspy.js') 12 | require('../../js/tab.js') 13 | require('../../js/affix.js') -------------------------------------------------------------------------------- /docs/_static/bootstrap-sphinx.css: -------------------------------------------------------------------------------- 1 | /* 2 | * bootstrap-sphinx.css 3 | * ~~~~~~~~~~~~~~~~~~~~ 4 | * 5 | * Sphinx stylesheet -- Bootstrap theme. 6 | */ 7 | 8 | /* 9 | * Imports to aggregate everything together. 10 | */ 11 | 12 | @import url("./basic.css"); 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | @import url("./bootswatch-3.3.7/flatly/bootstrap.min.css"); 22 | 23 | 24 | 25 | /* 26 | * Styles 27 | */ 28 | 29 | .navbar-inverse .brand { 30 | color: #FFF; 31 | } 32 | 33 | /* 34 | * Reset navbar styles from overrides in: 35 | * https://bitbucket.org/birkenfeld/sphinx/commits/78d8ebf76b630ab4073a7328af9d91e8123b8d96 36 | */ 37 | .navbar .container { 38 | padding-top: 0; 39 | } 40 | 41 | /* 42 | * Reset the logo image dimensions. Sites like RTD can override with bad 43 | * results on mobile (mega-huge logo...) 44 | * 45 | * https://github.com/ryan-roemer/sphinx-bootstrap-theme/issues/142 46 | */ 47 | .navbar-brand img { 48 | width: auto; 49 | height: 100%; 50 | } 51 | 52 | .page-top { 53 | top: 0px; 54 | } 55 | 56 | 57 | 58 | 59 | 60 | table { 61 | border: 0; 62 | } 63 | 64 | .highlighttable .code pre { 65 | font-size: 12px; 66 | } 67 | 68 | .highlighttable .linenos pre { 69 | word-break: normal; 70 | font-size: 12px; 71 | } 72 | 73 | div.highlight { 74 | background: none; 75 | } 76 | 77 | a.headerlink { 78 | margin-left: 0.25em; 79 | } 80 | 81 | a.footnote-reference { 82 | vertical-align: super; 83 | font-size: 75%; 84 | } 85 | 86 | table.footnote td.label { 87 | color: inherit; 88 | font-size: 100%; 89 | display: block; 90 | line-height: normal; 91 | background: inherit; 92 | } 93 | 94 | table.footnote { 95 | width: auto; 96 | margin-bottom: 0px; 97 | } 98 | 99 | table.field-list { 100 | width: auto; 101 | } 102 | 103 | .footer { 104 | width: 100%; 105 | border-top: 1px solid #ccc; 106 | padding-top: 10px; 107 | } 108 | 109 | .bs-sidenav form, .bs-sidenav #sourcelink { 110 | padding: 5px 20px; 111 | } 112 | 113 | 114 | 115 | /* The code below is based on the bootstrap website sidebar */ 116 | 117 | .bs-sidenav.affix { 118 | position: static; 119 | } 120 | 121 | /* First level of nav */ 122 | .bs-sidenav { 123 | margin-top: 30px; 124 | margin-bottom: 30px; 125 | padding-top: 10px; 126 | padding-bottom: 10px; 127 | text-shadow: 0 1px 0 #fff; 128 | background-color: #f7f5fa; 129 | border-radius: 5px; 130 | } 131 | 132 | /* All levels of nav */ 133 | .bs-sidenav .nav > li > a { 134 | display: block; 135 | color: #716b7a; 136 | padding: 5px 20px; 137 | } 138 | .bs-sidenav .nav > li > a:hover, 139 | .bs-sidenav .nav > li > a:focus { 140 | text-decoration: none; 141 | background-color: #e5e3e9; 142 | border-right: 1px solid #dbd8e0; 143 | } 144 | .bs-sidenav .nav > .active > a, 145 | .bs-sidenav .nav > .active:hover > a, 146 | .bs-sidenav .nav > .active:focus > a { 147 | font-weight: bold; 148 | color: #563d7c; 149 | background-color: transparent; 150 | border-right: 1px solid #563d7c; 151 | } 152 | 153 | .bs-sidenav .nav .nav > li > a { 154 | padding-top: 3px; 155 | padding-bottom: 3px; 156 | padding-left: 30px; 157 | font-size: 90%; 158 | } 159 | 160 | .bs-sidenav .nav .nav .nav > li > a { 161 | padding-top: 3px; 162 | padding-bottom: 3px; 163 | padding-left: 40px; 164 | font-size: 90%; 165 | } 166 | 167 | .bs-sidenav .nav .nav .nav .nav > li > a { 168 | padding-top: 3px; 169 | padding-bottom: 3px; 170 | padding-left: 50px; 171 | font-size: 90%; 172 | } 173 | 174 | /* Show and affix the side nav when space allows it */ 175 | @media screen and (min-width: 992px) { 176 | .bs-sidenav .nav > .active > ul { 177 | display: block; 178 | } 179 | /* Widen the fixed sidenav */ 180 | .bs-sidenav.affix, 181 | .bs-sidenav.affix-bottom { 182 | width: 213px; 183 | } 184 | .bs-sidenav.affix { 185 | position: fixed; /* Undo the static from mobile first approach */ 186 | } 187 | .bs-sidenav.affix-bottom { 188 | position: absolute; /* Undo the static from mobile first approach */ 189 | } 190 | .bs-sidenav.affix-bottom .bs-sidenav, 191 | .bs-sidenav.affix .bs-sidenav { 192 | margin-top: 0; 193 | margin-bottom: 0; 194 | } 195 | } 196 | @media screen and (min-width: 1200px) { 197 | /* Widen the fixed sidenav again */ 198 | .bs-sidenav.affix-bottom, 199 | .bs-sidenav.affix { 200 | width: 263px; 201 | } 202 | } 203 | 204 | 205 | -------------------------------------------------------------------------------- /docs/_static/bootswatch-2.3.2/img/glyphicons-halflings-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootswatch-2.3.2/img/glyphicons-halflings-white.png -------------------------------------------------------------------------------- /docs/_static/bootswatch-2.3.2/img/glyphicons-halflings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootswatch-2.3.2/img/glyphicons-halflings.png -------------------------------------------------------------------------------- /docs/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /docs/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /docs/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /docs/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/bootswatch-3.3.7/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /docs/_static/documentation_options.js: -------------------------------------------------------------------------------- 1 | var DOCUMENTATION_OPTIONS = { 2 | URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), 3 | VERSION: '1.1.3', 4 | LANGUAGE: 'None', 5 | COLLAPSE_INDEX: false, 6 | BUILDER: 'html', 7 | FILE_SUFFIX: '.html', 8 | LINK_SUFFIX: '.html', 9 | HAS_SOURCE: true, 10 | SOURCELINK_SUFFIX: '.txt', 11 | NAVIGATION_WITH_KEYS: false 12 | }; -------------------------------------------------------------------------------- /docs/_static/doxygen/bc_s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/bc_s.png -------------------------------------------------------------------------------- /docs/_static/doxygen/bdwn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/bdwn.png -------------------------------------------------------------------------------- /docs/_static/doxygen/closed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/closed.png -------------------------------------------------------------------------------- /docs/_static/doxygen/doc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/doc.png -------------------------------------------------------------------------------- /docs/_static/doxygen/doxygen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/doxygen.png -------------------------------------------------------------------------------- /docs/_static/doxygen/folderclosed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/folderclosed.png -------------------------------------------------------------------------------- /docs/_static/doxygen/folderopen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/folderopen.png -------------------------------------------------------------------------------- /docs/_static/doxygen/functions_func.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: Data Fields - Functions 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 | 18 | 19 | 20 | 24 | 25 | 26 |
21 |
OpenPACE 22 |
23 |
27 |
28 | 29 | 30 | 31 | 32 | 38 | 39 |
40 |
41 |   49 |
50 | 51 |
52 | Generated by   53 | doxygen 54 | 1.8.17 55 |
56 | 57 | 58 | -------------------------------------------------------------------------------- /docs/_static/doxygen/globals_defs.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: Globals 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 | 18 | 19 | 20 | 24 | 25 | 26 |
21 |
OpenPACE 22 |
23 |
27 |
28 | 29 | 30 | 31 | 32 | 38 | 39 |
40 |
41 |   82 |
83 | 84 |
85 | Generated by   86 | doxygen 87 | 1.8.17 88 |
89 | 90 | 91 | -------------------------------------------------------------------------------- /docs/_static/doxygen/globals_enum.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: Globals 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 | 18 | 19 | 20 | 24 | 25 | 26 |
21 |
OpenPACE 22 |
23 |
27 |
28 | 29 | 30 | 31 | 32 | 38 | 39 |
40 |
41 |   52 |
53 | 54 |
55 | Generated by   56 | doxygen 57 | 1.8.17 58 |
59 | 60 | 61 | -------------------------------------------------------------------------------- /docs/_static/doxygen/globals_eval.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: Globals 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 | 18 | 19 | 20 | 24 | 25 | 26 |
21 |
OpenPACE 22 |
23 |
27 |
28 | 29 | 30 | 31 | 32 | 38 | 39 |
40 |
41 |   82 |
83 | 84 |
85 | Generated by   86 | doxygen 87 | 1.8.17 88 |
89 | 90 | 91 | -------------------------------------------------------------------------------- /docs/_static/doxygen/group__eacproto.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: Protocol Steps for Extended Access Control 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 | 18 | 19 | 20 | 24 | 25 | 26 |
21 |
OpenPACE 22 |
23 |
27 |
28 | 29 | 30 | 31 | 32 | 38 | 39 |
40 |
41 |
42 | Modules
43 |
44 |
Protocol Steps for Extended Access Control
45 |
46 |
47 | 48 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 |

49 | Modules

 Protocol Steps for Password Authenticated Connection Establishment
 
 Protocol Steps for Terminal Authentication
 
 Protocol Steps for Chip Authentication
 
 Protocol Steps for Restricted Authentication
 
59 |

Detailed Description

60 |
61 | 62 |
63 | Generated by   64 | doxygen 65 | 1.8.17 66 |
67 | 68 | 69 | -------------------------------------------------------------------------------- /docs/_static/doxygen/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: Main Page 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 | 18 | 19 | 20 | 24 | 25 | 26 |
21 |
OpenPACE 22 |
23 |
27 |
28 | 29 | 30 | 31 | 32 | 38 | 39 |
40 |
41 |
42 |
OpenPACE Documentation
43 |
44 |
45 |
46 | 47 |
48 | Generated by   49 | doxygen 50 | 1.8.17 51 |
52 | 53 | 54 | -------------------------------------------------------------------------------- /docs/_static/doxygen/menu.js: -------------------------------------------------------------------------------- 1 | /* 2 | @licstart The following is the entire license notice for the 3 | JavaScript code in this file. 4 | 5 | Copyright (C) 1997-2017 by Dimitri van Heesch 6 | 7 | This program is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | This program is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License along 18 | with this program; if not, write to the Free Software Foundation, Inc., 19 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 20 | 21 | @licend The above is the entire license notice 22 | for the JavaScript code in this file 23 | */ 24 | function initMenu(relPath,searchEnabled,serverSide,searchPage,search) { 25 | function makeTree(data,relPath) { 26 | var result=''; 27 | if ('children' in data) { 28 | result+=''; 35 | } 36 | return result; 37 | } 38 | 39 | $('#main-nav').append(makeTree(menudata,relPath)); 40 | $('#main-nav').children(':first').addClass('sm sm-dox').attr('id','main-menu'); 41 | if (searchEnabled) { 42 | if (serverSide) { 43 | $('#main-menu').append('
    • '); 44 | } else { 45 | $('#main-menu').append('
    • '); 46 | } 47 | } 48 | $('#main-menu').smartmenus(); 49 | } 50 | /* @license-end */ 51 | -------------------------------------------------------------------------------- /docs/_static/doxygen/menudata.js: -------------------------------------------------------------------------------- 1 | /* 2 | @licstart The following is the entire license notice for the 3 | JavaScript code in this file. 4 | 5 | Copyright (C) 1997-2019 by Dimitri van Heesch 6 | 7 | This program is free software; you can redistribute it and/or modify 8 | it under the terms of version 2 of the GNU General Public License as published by 9 | the Free Software Foundation 10 | 11 | This program is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License along 17 | with this program; if not, write to the Free Software Foundation, Inc., 18 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | @licend The above is the entire license notice 21 | for the JavaScript code in this file 22 | */ 23 | var menudata={children:[ 24 | {text:"Main Page",url:"index.html"}, 25 | {text:"Modules",url:"modules.html"}, 26 | {text:"Data Structures",url:"annotated.html",children:[ 27 | {text:"Data Structures",url:"annotated.html"}, 28 | {text:"Data Fields",url:"functions.html",children:[ 29 | {text:"All",url:"functions.html",children:[ 30 | {text:"b",url:"functions.html#index_b"}, 31 | {text:"c",url:"functions.html#index_c"}, 32 | {text:"d",url:"functions.html#index_d"}, 33 | {text:"e",url:"functions.html#index_e"}, 34 | {text:"f",url:"functions.html#index_f"}, 35 | {text:"g",url:"functions.html#index_g"}, 36 | {text:"i",url:"functions.html#index_i"}, 37 | {text:"k",url:"functions.html#index_k"}, 38 | {text:"l",url:"functions.html#index_l"}, 39 | {text:"m",url:"functions.html#index_m"}, 40 | {text:"n",url:"functions.html#index_n"}, 41 | {text:"o",url:"functions.html#index_o"}, 42 | {text:"p",url:"functions.html#index_p"}, 43 | {text:"r",url:"functions.html#index_r"}, 44 | {text:"s",url:"functions.html#index_s"}, 45 | {text:"t",url:"functions.html#index_t"}, 46 | {text:"v",url:"functions.html#index_v"}]}, 47 | {text:"Functions",url:"functions_func.html"}, 48 | {text:"Variables",url:"functions_vars.html",children:[ 49 | {text:"b",url:"functions_vars.html#index_b"}, 50 | {text:"c",url:"functions_vars.html#index_c"}, 51 | {text:"d",url:"functions_vars.html#index_d"}, 52 | {text:"e",url:"functions_vars.html#index_e"}, 53 | {text:"f",url:"functions_vars.html#index_f"}, 54 | {text:"g",url:"functions_vars.html#index_g"}, 55 | {text:"i",url:"functions_vars.html#index_i"}, 56 | {text:"k",url:"functions_vars.html#index_k"}, 57 | {text:"l",url:"functions_vars.html#index_l"}, 58 | {text:"m",url:"functions_vars.html#index_m"}, 59 | {text:"n",url:"functions_vars.html#index_n"}, 60 | {text:"o",url:"functions_vars.html#index_o"}, 61 | {text:"p",url:"functions_vars.html#index_p"}, 62 | {text:"r",url:"functions_vars.html#index_r"}, 63 | {text:"s",url:"functions_vars.html#index_s"}, 64 | {text:"t",url:"functions_vars.html#index_t"}, 65 | {text:"v",url:"functions_vars.html#index_v"}]}]}]}, 66 | {text:"Files",url:"files.html",children:[ 67 | {text:"File List",url:"files.html"}, 68 | {text:"Globals",url:"globals.html",children:[ 69 | {text:"All",url:"globals.html",children:[ 70 | {text:"a",url:"globals.html#index_a"}, 71 | {text:"b",url:"globals.html#index_b"}, 72 | {text:"c",url:"globals.html#index_c"}, 73 | {text:"d",url:"globals.html#index_d"}, 74 | {text:"e",url:"globals.html#index_e"}, 75 | {text:"i",url:"globals.html#index_i"}, 76 | {text:"k",url:"globals.html#index_k"}, 77 | {text:"p",url:"globals.html#index_p"}, 78 | {text:"r",url:"globals.html#index_r"}, 79 | {text:"s",url:"globals.html#index_s"}, 80 | {text:"t",url:"globals.html#index_t"}, 81 | {text:"x",url:"globals.html#index_x"}]}, 82 | {text:"Functions",url:"globals_func.html",children:[ 83 | {text:"b",url:"globals_func.html#index_b"}, 84 | {text:"c",url:"globals_func.html#index_c"}, 85 | {text:"d",url:"globals_func.html#index_d"}, 86 | {text:"e",url:"globals_func.html#index_e"}, 87 | {text:"i",url:"globals_func.html#index_i"}, 88 | {text:"p",url:"globals_func.html#index_p"}, 89 | {text:"r",url:"globals_func.html#index_r"}, 90 | {text:"t",url:"globals_func.html#index_t"}]}, 91 | {text:"Typedefs",url:"globals_type.html"}, 92 | {text:"Enumerations",url:"globals_enum.html"}, 93 | {text:"Enumerator",url:"globals_eval.html"}, 94 | {text:"Macros",url:"globals_defs.html"}]}]}]} 95 | -------------------------------------------------------------------------------- /docs/_static/doxygen/modules.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: Modules 9 | 10 | 11 | 12 | 13 | 14 | 15 |
    16 |
    17 | 18 | 19 | 20 | 24 | 25 | 26 |
    21 |
    OpenPACE 22 |
    23 |
    27 |
    28 | 29 | 30 | 31 | 32 | 38 | 39 |
    40 |
    41 |
    42 |
    Modules
    43 |
    44 |
    45 |
    Here is a list of all modules:
    46 |
    [detail level 12]
    47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 |
     Data Management and Initialization
     Data Printing
     Protocol Steps for Extended Access Control
     Protocol Steps for Password Authenticated Connection Establishment
     Protocol Steps for Terminal Authentication
     Protocol Steps for Chip Authentication
     Protocol Steps for Restricted Authentication
     Cryptographic Wrappers for Secure Messaging
    56 |
    57 |
    58 | 59 |
    60 | Generated by   61 | doxygen 62 | 1.8.17 63 |
    64 | 65 | 66 | -------------------------------------------------------------------------------- /docs/_static/doxygen/nav_f.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/nav_f.png -------------------------------------------------------------------------------- /docs/_static/doxygen/nav_g.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/nav_g.png -------------------------------------------------------------------------------- /docs/_static/doxygen/nav_h.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/nav_h.png -------------------------------------------------------------------------------- /docs/_static/doxygen/open.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/open.png -------------------------------------------------------------------------------- /docs/_static/doxygen/splitbar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/splitbar.png -------------------------------------------------------------------------------- /docs/_static/doxygen/structcvc__cert__request__seq__st.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: cvc_cert_request_seq_st Struct Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 |
    16 |
    17 | 18 | 19 | 20 | 24 | 25 | 26 |
    21 |
    OpenPACE 22 |
    23 |
    27 |
    28 | 29 | 30 | 31 | 32 | 38 | 39 |
    40 |
    41 |
    42 | Data Fields
    43 |
    44 |
    cvc_cert_request_seq_st Struct Reference
    45 |
    46 |
    47 | 48 |

    The actual certifcate request, consisting of the body and inner signature. 49 | More...

    50 | 51 |

    #include <cv_cert.h>

    52 | 53 | 55 | 57 | 58 | 59 | 61 | 62 | 63 |

    54 | Data Fields

    56 | CVC_CERT_REQUEST_BODYbody
     Body of the certificate request.
     
    60 | ASN1_OCTET_STRING * inner_signature
     Signature calculated over the hash of the certificate request body.
     
    64 |

    Detailed Description

    65 |

    The actual certifcate request, consisting of the body and inner signature.

    66 |
    See also
    TR-03110 C.2.
    67 | 68 |

    Definition at line 292 of file cv_cert.h.

    69 |
    The documentation for this struct was generated from the following file: 72 |
    73 | 74 |
    75 | Generated by   76 | doxygen 77 | 1.8.17 78 |
    79 | 80 | 81 | -------------------------------------------------------------------------------- /docs/_static/doxygen/structcvc__cert__seq__st.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: cvc_cert_seq_st Struct Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 |
    16 |
    17 | 18 | 19 | 20 | 24 | 25 | 26 |
    21 |
    OpenPACE 22 |
    23 |
    27 |
    28 | 29 | 30 | 31 | 32 | 38 | 39 |
    40 |
    41 |
    42 | Data Fields
    43 |
    44 |
    cvc_cert_seq_st Struct Reference
    45 |
    46 |
    47 | 48 |

    The actual certifcate, consisting of the body and a signature. 49 | More...

    50 | 51 |

    #include <cv_cert.h>

    52 | 53 | 55 | 57 | 58 | 59 | 61 | 62 | 63 |

    54 | Data Fields

    56 | CVC_CERT_BODYbody
     Body of the certificate.
     
    60 | ASN1_OCTET_STRING * signature
     Signature calculated over the hash of the certificate body.
     
    64 |

    Detailed Description

    65 |

    The actual certifcate, consisting of the body and a signature.

    66 |
    See also
    TR-03110 C.1.
    67 | 68 |

    Definition at line 209 of file cv_cert.h.

    69 |
    The documentation for this struct was generated from the following file: 72 |
    73 | 74 |
    75 | Generated by   76 | doxygen 77 | 1.8.17 78 |
    79 | 80 | 81 | -------------------------------------------------------------------------------- /docs/_static/doxygen/structcvc__chat__seq__st.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: cvc_chat_seq_st Struct Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 |
    16 |
    17 | 18 | 19 | 20 | 24 | 25 | 26 |
    21 |
    OpenPACE 22 |
    23 |
    27 |
    28 | 29 | 30 | 31 | 32 | 38 | 39 |
    40 |
    41 |
    42 | Data Fields
    43 |
    44 |
    cvc_chat_seq_st Struct Reference
    45 |
    46 |
    47 | 48 |

    Certificate Holder Authentication Template. 49 | More...

    50 | 51 |

    #include <cv_cert.h>

    52 | 53 | 55 | 57 | 58 | 59 | 61 | 62 | 63 |

    54 | Data Fields

    56 | ASN1_OBJECT * terminal_type
     Role of terminal to which this certificate belongs (Inspection System, Authentication Terminal or Signature Terminal)
     
    60 | ASN1_OCTET_STRING * relative_authorization
     Access rights of the terminal to which this certificate belongs.
     
    64 |

    Detailed Description

    65 |

    Certificate Holder Authentication Template.

    66 |
    See also
    TR-03110 C.1.5.
    67 | 68 |

    Definition at line 101 of file cv_cert.h.

    69 |
    The documentation for this struct was generated from the following file: 72 |
    73 | 74 |
    75 | Generated by   76 | doxygen 77 | 1.8.17 78 |
    79 | 80 | 81 | -------------------------------------------------------------------------------- /docs/_static/doxygen/structcvc__commcert__seq__st.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | OpenPACE: cvc_commcert_seq_st Struct Reference 9 | 10 | 11 | 12 | 13 | 14 | 15 |
    16 |
    17 | 18 | 19 | 20 | 24 | 25 | 26 |
    21 |
    OpenPACE 22 |
    23 |
    27 |
    28 | 29 | 30 | 31 | 32 | 38 | 39 |
    40 |
    41 |
    42 | Public Member Functions
    43 |
    44 |
    cvc_commcert_seq_st Struct Reference
    45 |
    46 |
    47 | 48 | 50 | 52 | 53 | 54 |

    49 | Public Member Functions

    51 |  STACK_OF (ASN1_OCTET_STRING) *values
     Contains hash values of admissible X.509 certificates of the remote terminal (optional)
     
    55 |

    Detailed Description

    56 |
    57 |

    Definition at line 218 of file cv_cert.h.

    58 |
    The documentation for this struct was generated from the following file: 61 |
    62 | 63 |
    64 | Generated by   65 | doxygen 66 | 1.8.17 67 |
    68 | 69 | 70 | -------------------------------------------------------------------------------- /docs/_static/doxygen/sync_off.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/sync_off.png -------------------------------------------------------------------------------- /docs/_static/doxygen/sync_on.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/sync_on.png -------------------------------------------------------------------------------- /docs/_static/doxygen/tab_a.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/tab_a.png -------------------------------------------------------------------------------- /docs/_static/doxygen/tab_b.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/tab_b.png -------------------------------------------------------------------------------- /docs/_static/doxygen/tab_h.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/tab_h.png -------------------------------------------------------------------------------- /docs/_static/doxygen/tab_s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/doxygen/tab_s.png -------------------------------------------------------------------------------- /docs/_static/eactest.html.mem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/eactest.html.mem -------------------------------------------------------------------------------- /docs/_static/file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/file.png -------------------------------------------------------------------------------- /docs/_static/js/jquery-fix.js: -------------------------------------------------------------------------------- 1 | // No Conflict in later (our) version of jQuery 2 | window.$jqTheme = jQuery.noConflict(true); -------------------------------------------------------------------------------- /docs/_static/logo_132.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/logo_132.png -------------------------------------------------------------------------------- /docs/_static/minus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/minus.png -------------------------------------------------------------------------------- /docs/_static/plus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/_static/plus.png -------------------------------------------------------------------------------- /docs/_static/pygments.css: -------------------------------------------------------------------------------- 1 | .highlight .hll { background-color: #ffffcc } 2 | .highlight { background: #eeffcc; } 3 | .highlight .c { color: #408090; font-style: italic } /* Comment */ 4 | .highlight .err { border: 1px solid #FF0000 } /* Error */ 5 | .highlight .k { color: #007020; font-weight: bold } /* Keyword */ 6 | .highlight .o { color: #666666 } /* Operator */ 7 | .highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */ 8 | .highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */ 9 | .highlight .cp { color: #007020 } /* Comment.Preproc */ 10 | .highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */ 11 | .highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */ 12 | .highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */ 13 | .highlight .gd { color: #A00000 } /* Generic.Deleted */ 14 | .highlight .ge { font-style: italic } /* Generic.Emph */ 15 | .highlight .gr { color: #FF0000 } /* Generic.Error */ 16 | .highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */ 17 | .highlight .gi { color: #00A000 } /* Generic.Inserted */ 18 | .highlight .go { color: #333333 } /* Generic.Output */ 19 | .highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */ 20 | .highlight .gs { font-weight: bold } /* Generic.Strong */ 21 | .highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */ 22 | .highlight .gt { color: #0044DD } /* Generic.Traceback */ 23 | .highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */ 24 | .highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */ 25 | .highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */ 26 | .highlight .kp { color: #007020 } /* Keyword.Pseudo */ 27 | .highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */ 28 | .highlight .kt { color: #902000 } /* Keyword.Type */ 29 | .highlight .m { color: #208050 } /* Literal.Number */ 30 | .highlight .s { color: #4070a0 } /* Literal.String */ 31 | .highlight .na { color: #4070a0 } /* Name.Attribute */ 32 | .highlight .nb { color: #007020 } /* Name.Builtin */ 33 | .highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */ 34 | .highlight .no { color: #60add5 } /* Name.Constant */ 35 | .highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */ 36 | .highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */ 37 | .highlight .ne { color: #007020 } /* Name.Exception */ 38 | .highlight .nf { color: #06287e } /* Name.Function */ 39 | .highlight .nl { color: #002070; font-weight: bold } /* Name.Label */ 40 | .highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */ 41 | .highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */ 42 | .highlight .nv { color: #bb60d5 } /* Name.Variable */ 43 | .highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */ 44 | .highlight .w { color: #bbbbbb } /* Text.Whitespace */ 45 | .highlight .mb { color: #208050 } /* Literal.Number.Bin */ 46 | .highlight .mf { color: #208050 } /* Literal.Number.Float */ 47 | .highlight .mh { color: #208050 } /* Literal.Number.Hex */ 48 | .highlight .mi { color: #208050 } /* Literal.Number.Integer */ 49 | .highlight .mo { color: #208050 } /* Literal.Number.Oct */ 50 | .highlight .sa { color: #4070a0 } /* Literal.String.Affix */ 51 | .highlight .sb { color: #4070a0 } /* Literal.String.Backtick */ 52 | .highlight .sc { color: #4070a0 } /* Literal.String.Char */ 53 | .highlight .dl { color: #4070a0 } /* Literal.String.Delimiter */ 54 | .highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */ 55 | .highlight .s2 { color: #4070a0 } /* Literal.String.Double */ 56 | .highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */ 57 | .highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */ 58 | .highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */ 59 | .highlight .sx { color: #c65d09 } /* Literal.String.Other */ 60 | .highlight .sr { color: #235388 } /* Literal.String.Regex */ 61 | .highlight .s1 { color: #4070a0 } /* Literal.String.Single */ 62 | .highlight .ss { color: #517918 } /* Literal.String.Symbol */ 63 | .highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */ 64 | .highlight .fm { color: #06287e } /* Name.Function.Magic */ 65 | .highlight .vc { color: #bb60d5 } /* Name.Variable.Class */ 66 | .highlight .vg { color: #bb60d5 } /* Name.Variable.Global */ 67 | .highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */ 68 | .highlight .vm { color: #bb60d5 } /* Name.Variable.Magic */ 69 | .highlight .il { color: #208050 } /* Literal.Number.Integer.Long */ -------------------------------------------------------------------------------- /docs/objects.inv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/docs/objects.inv -------------------------------------------------------------------------------- /libeac.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | cvcdir=@CVCDIR@ 6 | x509dir=@X509DIR@ 7 | 8 | Name: @PACKAGE_NAME@ 9 | Description: @PACKAGE_SUMMARY@ 10 | Version: @VERSION@ 11 | Requires: libcrypto 12 | Libs: -L${libdir} -leac @WS2_32@ 13 | Cflags: -I${includedir} 14 | -------------------------------------------------------------------------------- /m4/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | -------------------------------------------------------------------------------- /m4/ac_jni_include_dir.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_JNI_INCLUDE_DIR 2 | dnl 3 | dnl AC_JNI_INCLUDE_DIR finds include directories needed for compiling 4 | dnl programs using the JNI interface. 5 | dnl 6 | dnl JNI include directories are usually in the java distribution This 7 | dnl is deduced from the value of JAVAC. When this macro completes, a 8 | dnl list of directories is left in the variable JNI_INCLUDE_DIRS. 9 | dnl 10 | dnl Example usage follows: 11 | dnl 12 | dnl AC_JNI_INCLUDE_DIR 13 | dnl 14 | dnl for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS 15 | dnl do 16 | dnl CPPFLAGS="$CPPFLAGS -I$JNI_INCLUDE_DIR" 17 | dnl done 18 | dnl 19 | dnl If you want to force a specific compiler: 20 | dnl 21 | dnl - at the configure.in level, set JAVAC=yourcompiler before calling 22 | dnl AC_JNI_INCLUDE_DIR 23 | dnl 24 | dnl - at the configure level, setenv JAVAC 25 | dnl 26 | dnl Note: This macro can work with the autoconf M4 macros for Java 27 | dnl programs. This particular macro is not part of the original set of 28 | dnl macros. 29 | dnl 30 | dnl @category InstalledPackages 31 | dnl @author Don Anderson 32 | dnl @version 2006-05-27 33 | dnl @license AllPermissive 34 | 35 | AC_DEFUN([AC_JNI_INCLUDE_DIR],[ 36 | 37 | JNI_INCLUDE_DIRS="" 38 | 39 | test "x$JAVAC" = x && AC_MSG_ERROR(['\$JAVAC' undefined]) 40 | AC_PATH_PROG(_ACJNI_JAVAC, $JAVAC, no) 41 | test "x$_ACJNI_JAVAC" = xno && AC_MSG_ERROR([$JAVAC could not be found in path]) 42 | 43 | _ACJNI_FOLLOW_SYMLINKS("$_ACJNI_JAVAC") 44 | _JTOPDIR=`echo "$_ACJNI_FOLLOWED" | sed -e 's://*:/:g' -e 's:/[[^/]]*$::'` 45 | case "$host_os" in 46 | darwin*) _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'` 47 | _JINC="$_JTOPDIR/Headers";; 48 | *) _JINC="$_JTOPDIR/include";; 49 | esac 50 | if test -f "$_JINC/jni.h"; then 51 | JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JINC" 52 | else 53 | _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'` 54 | if test -f "$_JTOPDIR/include/jni.h"; then 55 | JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include" 56 | else 57 | AC_MSG_ERROR([cannot find java include files]) 58 | fi 59 | fi 60 | 61 | # get the likely subdirectories for system specific java includes 62 | case "$host_os" in 63 | bsdi*) _JNI_INC_SUBDIRS="bsdos";; 64 | linux*) _JNI_INC_SUBDIRS="linux genunix";; 65 | osf*) _JNI_INC_SUBDIRS="alpha";; 66 | solaris*) _JNI_INC_SUBDIRS="solaris";; 67 | mingw*) _JNI_INC_SUBDIRS="win32";; 68 | cygwin*) _JNI_INC_SUBDIRS="win32";; 69 | *) _JNI_INC_SUBDIRS="genunix";; 70 | esac 71 | 72 | # add any subdirectories that are present 73 | for JINCSUBDIR in $_JNI_INC_SUBDIRS 74 | do 75 | if test -d "$_JTOPDIR/include/$JINCSUBDIR"; then 76 | JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include/$JINCSUBDIR" 77 | fi 78 | done 79 | ]) 80 | 81 | # _ACJNI_FOLLOW_SYMLINKS 82 | # Follows symbolic links on , 83 | # finally setting variable _ACJNI_FOLLOWED 84 | # -------------------- 85 | AC_DEFUN([_ACJNI_FOLLOW_SYMLINKS],[ 86 | # find the include directory relative to the javac executable 87 | _cur="$1" 88 | while ls -ld "$_cur" 2>/dev/null | grep " -> " >/dev/null; do 89 | AC_MSG_CHECKING(symlink for $_cur) 90 | _slink=`ls -ld "$_cur" | sed 's/.* -> //'` 91 | case "$_slink" in 92 | /*) _cur="$_slink";; 93 | # 'X' avoids triggering unwanted echo options. 94 | *) _cur=`echo "X$_cur" | sed -e 's/^X//' -e 's:[[^/]]*$::'`"$_slink";; 95 | esac 96 | AC_MSG_RESULT($_cur) 97 | done 98 | _ACJNI_FOLLOWED="$_cur" 99 | ])# _ACJNI 100 | -------------------------------------------------------------------------------- /m4/ac_prog_java.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVA 2 | dnl 3 | dnl Here is a summary of the main macros: 4 | dnl 5 | dnl AC_PROG_JAVAC: finds a Java compiler. 6 | dnl 7 | dnl AC_PROG_JAVA: finds a Java virtual machine. 8 | dnl 9 | dnl AC_CHECK_CLASS: finds if we have the given class (beware of 10 | dnl CLASSPATH!). 11 | dnl 12 | dnl AC_CHECK_RQRD_CLASS: finds if we have the given class and stops 13 | dnl otherwise. 14 | dnl 15 | dnl AC_TRY_COMPILE_JAVA: attempt to compile user given source. 16 | dnl 17 | dnl AC_TRY_RUN_JAVA: attempt to compile and run user given source. 18 | dnl 19 | dnl AC_JAVA_OPTIONS: adds Java configure options. 20 | dnl 21 | dnl AC_PROG_JAVA tests an existing Java virtual machine. It uses the 22 | dnl environment variable JAVA then tests in sequence various common 23 | dnl Java virtual machines. For political reasons, it starts with the 24 | dnl free ones. You *must* call [AC_PROG_JAVAC] before. 25 | dnl 26 | dnl If you want to force a specific VM: 27 | dnl 28 | dnl - at the configure.in level, set JAVA=yourvm before calling 29 | dnl AC_PROG_JAVA 30 | dnl 31 | dnl (but after AC_INIT) 32 | dnl 33 | dnl - at the configure level, setenv JAVA 34 | dnl 35 | dnl You can use the JAVA variable in your Makefile.in, with @JAVA@. 36 | dnl 37 | dnl *Warning*: its success or failure can depend on a proper setting of 38 | dnl the CLASSPATH env. variable. 39 | dnl 40 | dnl TODO: allow to exclude virtual machines (rationale: most Java 41 | dnl programs cannot run with some VM like kaffe). 42 | dnl 43 | dnl Note: This is part of the set of autoconf M4 macros for Java 44 | dnl programs. It is VERY IMPORTANT that you download the whole set, 45 | dnl some macros depend on other. Unfortunately, the autoconf archive 46 | dnl does not support the concept of set of macros, so I had to break it 47 | dnl for submission. 48 | dnl 49 | dnl A Web page, with a link to the latest CVS snapshot is at 50 | dnl . 51 | dnl 52 | dnl This is a sample configure.in Process this file with autoconf to 53 | dnl produce a configure script. 54 | dnl 55 | dnl AC_INIT(UnTag.java) 56 | dnl 57 | dnl dnl Checks for programs. 58 | dnl AC_CHECK_CLASSPATH 59 | dnl AC_PROG_JAVAC 60 | dnl AC_PROG_JAVA 61 | dnl 62 | dnl dnl Checks for classes 63 | dnl AC_CHECK_RQRD_CLASS(org.xml.sax.Parser) 64 | dnl AC_CHECK_RQRD_CLASS(com.jclark.xml.sax.Driver) 65 | dnl 66 | dnl AC_OUTPUT(Makefile) 67 | dnl 68 | dnl @category Java 69 | dnl @author Stephane Bortzmeyer 70 | dnl @version 2000-07-19 71 | dnl @license GPLWithACException 72 | 73 | AC_DEFUN([AC_PROG_JAVA],[ 74 | AC_REQUIRE([AC_EXEEXT])dnl 75 | if test x$JAVAPREFIX = x; then 76 | test x$JAVA = x && AC_CHECK_PROGS(JAVA, kaffe$EXEEXT java$EXEEXT) 77 | else 78 | test x$JAVA = x && AC_CHECK_PROGS(JAVA, kaffe$EXEEXT java$EXEEXT, $JAVAPREFIX) 79 | fi 80 | test x$JAVA = x && AC_MSG_ERROR([no acceptable Java virtual machine found in \$PATH]) 81 | AC_PROG_JAVA_WORKS 82 | AC_PROVIDE([$0])dnl 83 | ]) 84 | -------------------------------------------------------------------------------- /m4/ac_prog_java_works.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVA_WORKS 2 | dnl 3 | dnl Internal use ONLY. 4 | dnl 5 | dnl Note: This is part of the set of autoconf M4 macros for Java 6 | dnl programs. It is VERY IMPORTANT that you download the whole set, 7 | dnl some macros depend on other. Unfortunately, the autoconf archive 8 | dnl does not support the concept of set of macros, so I had to break it 9 | dnl for submission. The general documentation, as well as the sample 10 | dnl configure.in, is included in the AC_PROG_JAVA macro. 11 | dnl 12 | dnl @category Java 13 | dnl @author Stephane Bortzmeyer 14 | dnl @version 2000-07-19 15 | dnl @license GPLWithACException 16 | 17 | AC_DEFUN([AC_PROG_JAVA_WORKS], [ 18 | AC_CHECK_PROG(uudecode, uudecode$EXEEXT, yes) 19 | if test x$uudecode = xyes; then 20 | AC_CACHE_CHECK([if uudecode can decode base 64 file], ac_cv_prog_uudecode_base64, [ 21 | dnl /** 22 | dnl * Test.java: used to test if java compiler works. 23 | dnl */ 24 | dnl public class Test 25 | dnl { 26 | dnl 27 | dnl public static void 28 | dnl main( String[] argv ) 29 | dnl { 30 | dnl System.exit (0); 31 | dnl } 32 | dnl 33 | dnl } 34 | cat << \EOF > Test.uue 35 | begin-base64 644 Test.class 36 | yv66vgADAC0AFQcAAgEABFRlc3QHAAQBABBqYXZhL2xhbmcvT2JqZWN0AQAE 37 | bWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARDb2RlAQAPTGluZU51 38 | bWJlclRhYmxlDAAKAAsBAARleGl0AQAEKEkpVgoADQAJBwAOAQAQamF2YS9s 39 | YW5nL1N5c3RlbQEABjxpbml0PgEAAygpVgwADwAQCgADABEBAApTb3VyY2VG 40 | aWxlAQAJVGVzdC5qYXZhACEAAQADAAAAAAACAAkABQAGAAEABwAAACEAAQAB 41 | AAAABQO4AAyxAAAAAQAIAAAACgACAAAACgAEAAsAAQAPABAAAQAHAAAAIQAB 42 | AAEAAAAFKrcAErEAAAABAAgAAAAKAAIAAAAEAAQABAABABMAAAACABQ= 43 | ==== 44 | EOF 45 | if uudecode$EXEEXT Test.uue; then 46 | ac_cv_prog_uudecode_base64=yes 47 | else 48 | echo "configure: __oline__: uudecode had trouble decoding base 64 file 'Test.uue'" >&AC_FD_CC 49 | echo "configure: failed file was:" >&AC_FD_CC 50 | cat Test.uue >&AC_FD_CC 51 | ac_cv_prog_uudecode_base64=no 52 | fi 53 | rm -f Test.uue]) 54 | fi 55 | if test x$ac_cv_prog_uudecode_base64 != xyes; then 56 | rm -f Test.class 57 | AC_MSG_WARN([I have to compile Test.class from scratch]) 58 | if test x$ac_cv_prog_javac_works = xno; then 59 | AC_MSG_ERROR([Cannot compile java source. $JAVAC does not work properly]) 60 | fi 61 | if test x$ac_cv_prog_javac_works = x; then 62 | AC_PROG_JAVAC 63 | fi 64 | fi 65 | AC_CACHE_CHECK(if $JAVA works, ac_cv_prog_java_works, [ 66 | JAVA_TEST=Test.java 67 | CLASS_TEST=Test.class 68 | TEST=Test 69 | changequote(, )dnl 70 | cat << \EOF > $JAVA_TEST 71 | /* [#]line __oline__ "configure" */ 72 | public class Test { 73 | public static void main (String args[]) { 74 | System.exit (0); 75 | } } 76 | EOF 77 | changequote([, ])dnl 78 | if test x$ac_cv_prog_uudecode_base64 != xyes; then 79 | if AC_TRY_COMMAND($JAVAC $JAVACFLAGS $JAVA_TEST) && test -s $CLASS_TEST; then 80 | : 81 | else 82 | echo "configure: failed program was:" >&AC_FD_CC 83 | cat $JAVA_TEST >&AC_FD_CC 84 | AC_MSG_ERROR(The Java compiler $JAVAC failed (see config.log, check the CLASSPATH?)) 85 | fi 86 | fi 87 | if AC_TRY_COMMAND($JAVA $JAVAFLAGS $TEST) >/dev/null 2>&1; then 88 | ac_cv_prog_java_works=yes 89 | else 90 | echo "configure: failed program was:" >&AC_FD_CC 91 | cat $JAVA_TEST >&AC_FD_CC 92 | AC_MSG_ERROR(The Java VM $JAVA failed (see config.log, check the CLASSPATH?)) 93 | fi 94 | rm -fr $JAVA_TEST $CLASS_TEST Test.uue 95 | ]) 96 | AC_PROVIDE([$0])dnl 97 | ] 98 | ) 99 | -------------------------------------------------------------------------------- /m4/ac_prog_javac.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVAC 2 | dnl 3 | dnl AC_PROG_JAVAC tests an existing Java compiler. It uses the 4 | dnl environment variable JAVAC then tests in sequence various common 5 | dnl Java compilers. For political reasons, it starts with the free 6 | dnl ones. 7 | dnl 8 | dnl If you want to force a specific compiler: 9 | dnl 10 | dnl - at the configure.in level, set JAVAC=yourcompiler before calling 11 | dnl AC_PROG_JAVAC 12 | dnl 13 | dnl - at the configure level, setenv JAVAC 14 | dnl 15 | dnl You can use the JAVAC variable in your Makefile.in, with @JAVAC@. 16 | dnl 17 | dnl *Warning*: its success or failure can depend on a proper setting of 18 | dnl the CLASSPATH env. variable. 19 | dnl 20 | dnl TODO: allow to exclude compilers (rationale: most Java programs 21 | dnl cannot compile with some compilers like guavac). 22 | dnl 23 | dnl Note: This is part of the set of autoconf M4 macros for Java 24 | dnl programs. It is VERY IMPORTANT that you download the whole set, 25 | dnl some macros depend on other. Unfortunately, the autoconf archive 26 | dnl does not support the concept of set of macros, so I had to break it 27 | dnl for submission. The general documentation, as well as the sample 28 | dnl configure.in, is included in the AC_PROG_JAVA macro. 29 | dnl 30 | dnl @category Java 31 | dnl @author Stephane Bortzmeyer 32 | dnl @version 2000-07-19 33 | dnl @license GPLWithACException 34 | 35 | AC_DEFUN([AC_PROG_JAVAC],[ 36 | AC_REQUIRE([AC_EXEEXT])dnl 37 | if test "x$JAVAPREFIX" = x; then 38 | test "x$JAVAC" = x && AC_CHECK_PROGS(JAVAC, "gcj$EXEEXT -C" guavac$EXEEXT jikes$EXEEXT javac$EXEEXT) 39 | else 40 | test "x$JAVAC" = x && AC_CHECK_PROGS(JAVAC, "gcj$EXEEXT -C" guavac$EXEEXT jikes$EXEEXT javac$EXEEXT, $JAVAPREFIX) 41 | fi 42 | test "x$JAVAC" = x && AC_MSG_ERROR([no acceptable Java compiler found in \$PATH]) 43 | AC_PROG_JAVAC_WORKS 44 | AC_PROVIDE([$0])dnl 45 | ]) 46 | -------------------------------------------------------------------------------- /m4/ac_prog_javac_works.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVAC_WORKS 2 | dnl 3 | dnl Internal use ONLY. 4 | dnl 5 | dnl Note: This is part of the set of autoconf M4 macros for Java 6 | dnl programs. It is VERY IMPORTANT that you download the whole set, 7 | dnl some macros depend on other. Unfortunately, the autoconf archive 8 | dnl does not support the concept of set of macros, so I had to break it 9 | dnl for submission. The general documentation, as well as the sample 10 | dnl configure.in, is included in the AC_PROG_JAVA macro. 11 | dnl 12 | dnl @category Java 13 | dnl @author Stephane Bortzmeyer 14 | dnl @version 2000-07-19 15 | dnl @license GPLWithACException 16 | 17 | AC_DEFUN([AC_PROG_JAVAC_WORKS],[ 18 | AC_CACHE_CHECK([if $JAVAC works], ac_cv_prog_javac_works, [ 19 | JAVA_TEST=Test.java 20 | CLASS_TEST=Test.class 21 | cat << \EOF > $JAVA_TEST 22 | /* [#]line __oline__ "configure" */ 23 | public class Test { 24 | } 25 | EOF 26 | if AC_TRY_COMMAND($JAVAC $JAVACFLAGS $JAVA_TEST) >/dev/null 2>&1; then 27 | ac_cv_prog_javac_works=yes 28 | else 29 | AC_MSG_ERROR([The Java compiler $JAVAC failed (see config.log, check the CLASSPATH?)]) 30 | echo "configure: failed program was:" >&AC_FD_CC 31 | cat $JAVA_TEST >&AC_FD_CC 32 | fi 33 | rm -f $JAVA_TEST $CLASS_TEST 34 | ]) 35 | AC_PROVIDE([$0])dnl 36 | ]) 37 | -------------------------------------------------------------------------------- /m4/as-ac-expand.m4: -------------------------------------------------------------------------------- 1 | dnl as-ac-expand.m4 0.2.0 2 | dnl autostars m4 macro for expanding directories using configure's prefix 3 | dnl thomas@apestaart.org 4 | 5 | dnl AS_AC_EXPAND(VAR, CONFIGURE_VAR) 6 | dnl example 7 | dnl AS_AC_EXPAND(SYSCONFDIR, $sysconfdir) 8 | dnl will set SYSCONFDIR to /usr/local/etc if prefix=/usr/local 9 | 10 | AC_DEFUN([AS_AC_EXPAND], 11 | [ 12 | EXP_VAR=[$1] 13 | FROM_VAR=[$2] 14 | 15 | dnl first expand prefix and exec_prefix if necessary 16 | prefix_save=$prefix 17 | exec_prefix_save=$exec_prefix 18 | 19 | dnl if no prefix given, then use /usr/local, the default prefix 20 | if test "x$prefix" = "xNONE"; then 21 | prefix="$ac_default_prefix" 22 | fi 23 | dnl if no exec_prefix given, then use prefix 24 | if test "x$exec_prefix" = "xNONE"; then 25 | exec_prefix=$prefix 26 | fi 27 | 28 | full_var="$FROM_VAR" 29 | dnl loop until it doesn't change anymore 30 | while true; do 31 | new_full_var="`eval echo $full_var`" 32 | if test "x$new_full_var" = "x$full_var"; then break; fi 33 | full_var=$new_full_var 34 | done 35 | 36 | dnl clean up 37 | full_var=$new_full_var 38 | AC_SUBST([$1], "$full_var") 39 | 40 | dnl restore prefix and exec_prefix 41 | prefix=$prefix_save 42 | exec_prefix=$exec_prefix_save 43 | ]) 44 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = docs certs 2 | 3 | BUILT_SOURCES = cvc-create-cmdline.c cvc-create-cmdline.h cvc-print-cmdline.c cvc-print-cmdline.h 4 | 5 | EXTRA_DIST = bsi_objects.txt cvc-print.ggo.in cvc-create.ggo.in cvc-create.ggo cvc-print.ggo $(BUILT_SOURCES) 6 | 7 | do_subst = $(SED) \ 8 | -e 's,[@]PACKAGE_BUGREPORT[@],$(PACKAGE_BUGREPORT),g' 9 | 10 | dist_man1_MANS = cvc-create.1 cvc-print.1 11 | 12 | MAINTAINERCLEANFILES = $(BUILT_SOURCES) cvc-create.ggo cvc-print.ggo $(dist_man1_MANS) 13 | 14 | nobase_include_HEADERS = eac/ca.h \ 15 | eac/cv_cert.h \ 16 | eac/eac.h \ 17 | eac/pace.h \ 18 | eac/ri.h \ 19 | eac/objects.h \ 20 | eac/ta.h 21 | noinst_HEADERS = ca_lib.h \ 22 | eac_asn1.h \ 23 | eac_dh.h \ 24 | eac_ecdh.h \ 25 | eac_err.h \ 26 | eac_kdf.h \ 27 | eac_lib.h \ 28 | eac_util.h \ 29 | misc.h \ 30 | pace_lib.h \ 31 | pace_mappings.h \ 32 | read_file.h \ 33 | ssl_compat.h \ 34 | ta_lib.h 35 | 36 | 37 | lib_LTLIBRARIES = libeac.la 38 | noinst_LTLIBRARIES = libvc.la 39 | 40 | libeac_la_SOURCES = ca_lib.c cv_cert.c cvc_lookup.c x509_lookup.c eac_asn1.c eac.c eac_ca.c eac_dh.c eac_ecdh.c eac_kdf.c eac_lib.c eac_print.c eac_util.c misc.c pace.c pace_lib.c pace_mappings.c ri.c ri_lib.c ta.c ta_lib.c objects.c ssl_compat.c 41 | libeac_la_CPPFLAGS = $(CRYPTO_CFLAGS) -DCVCDIR=\"@CVCDIR@\" -DX509DIR=\"@X509DIR@\" 42 | libeac_la_LDFLAGS = -no-undefined -version-info 4:0:1 43 | libeac_la_LIBADD = $(CRYPTO_LIBS) 44 | if WIN32 45 | AM_CPPFLAGS = -DWIN32_LEAN_AND_MEAN 46 | libeac_la_LIBADD += -lws2_32 47 | endif 48 | 49 | libvc_la_SOURCES = vc.c 50 | 51 | 52 | bin_PROGRAMS = eactest cvc-print cvc-create example 53 | 54 | EAC_LIBS = libeac.la libvc.la $(CRYPTO_LIBS) 55 | EAC_CFLAGS = $(CRYPTO_CFLAGS) 56 | 57 | eactest_SOURCES = eactest.c ssl_compat.c 58 | eactest_LDADD = $(EAC_LIBS) 59 | eactest_CFLAGS = $(EAC_CFLAGS) 60 | 61 | cvc_print_SOURCES = cvc-print.c read_file.c cvc-print-cmdline.c 62 | cvc_print_LDADD = $(EAC_LIBS) 63 | cvc_print_CFLAGS = $(EAC_CFLAGS) 64 | 65 | cvc_create_SOURCES = cvc-create.c read_file.c cvc-create-cmdline.c 66 | cvc_create_LDADD = $(EAC_LIBS) 67 | cvc_create_CFLAGS = $(EAC_CFLAGS) 68 | 69 | example_SOURCES = example.c 70 | example_LDADD = $(EAC_LIBS) 71 | example_CFLAGS = $(EAC_CFLAGS) 72 | 73 | 74 | cvc-create-cmdline.c cvc-create-cmdline.h: cvc-create.ggo 75 | $(GENGETOPT) --file-name=cvc-create-cmdline --output-dir=$(builddir) < $< 76 | 77 | cvc-print-cmdline.c cvc-print-cmdline.h: cvc-print.ggo 78 | $(GENGETOPT) --file-name=cvc-print-cmdline --output-dir=$(builddir) < $< 79 | 80 | cvc-create.ggo: cvc-create.ggo.in 81 | @$(do_subst) < $< > $(builddir)/$@ 82 | 83 | cvc-print.ggo: cvc-print.ggo.in 84 | @$(do_subst) < $< > $(builddir)/$@ 85 | 86 | 87 | cvc-create.1: cvc-create.ggo.in 88 | $(ENV) $(HELP2MAN) \ 89 | --output=$(builddir)/$@ \ 90 | --no-info \ 91 | --source='$(PACKAGE_STRING)' \ 92 | $(builddir)/cvc-create$(EXEEXT) 93 | 94 | cvc-print.1: cvc-print.ggo.in 95 | $(ENV) $(HELP2MAN) \ 96 | --output=$(builddir)/$@ \ 97 | --no-info \ 98 | --source='$(PACKAGE_STRING)' \ 99 | $(builddir)/cvc-print$(EXEEXT) 100 | -------------------------------------------------------------------------------- /src/bsi_objects.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | # BSI Extensions TR 3110 Version 2.01 4 | !Alias bsi-de 0 4 0 127 0 7 5 | bsi-de 1 2 : standardizedDomainParameters 6 | 7 | !Alias id-PK bsi-de 2 2 1 8 | id-PK 1 : id-PK-DH 9 | id-PK 2 : id-PK-ECDH 10 | 11 | bsi-de 2 2 2 : id-TA 12 | id-TA 1 : id-TA-RSA 13 | id-TA-RSA 1 : id-TA-RSA-v1-5-SHA-1 14 | id-TA-RSA 2 : id-TA-RSA-v1-5-SHA-256 15 | id-TA-RSA 3 : id-TA-RSA-PSS-SHA-1 16 | id-TA-RSA 4 : id-TA-RSA-PSS-SHA-256 17 | id-TA-RSA 5 : id-TA-RSA-v1-5-SHA-512 18 | id-TA-RSA 6 : id-TA-RSA-PSS-SHA-512 19 | id-TA 2 : id-TA-ECDSA 20 | id-TA-ECDSA 1 : id-TA-ECDSA-SHA-1 21 | id-TA-ECDSA 2 : id-TA-ECDSA-SHA-224 22 | id-TA-ECDSA 3 : id-TA-ECDSA-SHA-256 23 | id-TA-ECDSA 4 : id-TA-ECDSA-SHA-384 24 | id-TA-ECDSA 5 : id-TA-ECDSA-SHA-512 25 | 26 | !Alias id-CA bsi-de 2 2 3 27 | id-CA 1 : id-CA-DH 28 | id-CA-DH 1 : id-CA-DH-3DES-CBC-CBC 29 | id-CA-DH 2 : id-CA-DH-AES-CBC-CMAC-128 30 | id-CA-DH 3 : id-CA-DH-AES-CBC-CMAC-192 31 | id-CA-DH 4 : id-CA-DH-AES-CBC-CMAC-256 32 | id-CA 2 : id-CA-ECDH 33 | id-CA-ECDH 1 : id-CA-ECDH-3DES-CBC-CBC 34 | id-CA-ECDH 2 : id-CA-ECDH-AES-CBC-CMAC-128 35 | id-CA-ECDH 3 : id-CA-ECDH-AES-CBC-CMAC-192 36 | id-CA-ECDH 4 : id-CA-ECDH-AES-CBC-CMAC-256 37 | 38 | !Alias id-PACE bsi-de 2 2 4 39 | id-PACE 1 : id-PACE-DH-GM 40 | id-PACE-DH-GM 1 : id-PACE-DH-GM-3DES-CBC-CBC 41 | id-PACE-DH-GM 2 : id-PACE-DH-GM-AES-CBC-CMAC-128 42 | id-PACE-DH-GM 3 : id-PACE-DH-GM-AES-CBC-CMAC-192 43 | id-PACE-DH-GM 4 : id-PACE-DH-GM-AES-CBC-CMAC-256 44 | id-PACE 2 : id-PACE-ECDH-GM 45 | id-PACE-ECDH-GM 1 : id-PACE-ECDH-GM-3DES-CBC-CBC 46 | id-PACE-ECDH-GM 2 : id-PACE-ECDH-GM-AES-CBC-CMAC-128 47 | id-PACE-ECDH-GM 3 : id-PACE-ECDH-GM-AES-CBC-CMAC-192 48 | id-PACE-ECDH-GM 4 : id-PACE-ECDH-GM-AES-CBC-CMAC-256 49 | id-PACE 3 : id-PACE-DH-IM 50 | id-PACE-DH-IM 1 : id-PACE-DH-IM-3DES-CBC-CBC 51 | id-PACE-DH-IM 2 : id-PACE-DH-IM-AES-CBC-CMAC-128 52 | id-PACE-DH-IM 3 : id-PACE-DH-IM-AES-CBC-CMAC-192 53 | id-PACE-DH-IM 4 : id-PACE-DH-IM-AES-CBC-CMAC-256 54 | id-PACE 4 : id-PACE-ECDH-IM 55 | id-PACE-ECDH-IM 1 : id-PACE-ECDH-IM-3DES-CBC-CBC 56 | id-PACE-ECDH-IM 2 : id-PACE-ECDH-IM-AES-CBC-CMAC-128 57 | id-PACE-ECDH-IM 3 : id-PACE-ECDH-IM-AES-CBC-CMAC-192 58 | id-PACE-ECDH-IM 4 : id-PACE-ECDH-IM-AES-CBC-CMAC-256 59 | 60 | !Alias id-RI bsi-de 2 2 5 61 | id-RI 1 : id-RI-DH 62 | id-RI-DH 1 : id-RI-DH-SHA-1 63 | id-RI-DH 2 : id-RI-DH-SHA-224 64 | id-RI-DH 3 : id-RI-DH-SHA-256 65 | id-RI-DH 4 : id-RI-DH-SHA-384 66 | id-RI-DH 5 : id-RI-DH-SHA-512 67 | id-RI 2 : id-RI-ECDH 68 | id-RI-ECDH 1 : id-RI-ECDH-SHA-1 69 | id-RI-ECDH 2 : id-RI-ECDH-SHA-224 70 | id-RI-ECDH 3 : id-RI-ECDH-SHA-256 71 | id-RI-ECDH 4 : id-RI-ECDH-SHA-384 72 | id-RI-ECDH 5 : id-RI-ECDH-SHA-512 73 | 74 | bsi-de 2 2 6 : id-CI 75 | bsi-de 2 2 7 : id-eIDSecurity 76 | bsi-de 2 2 8 : id-PT 77 | 78 | # BSI extensions TR-03111 79 | !Alias id-ecc bsi-de 1 1 80 | !Alias ecka-dh id-ecc 5 2 81 | ecka-dh 2 : ecka-dh-SessionKDF 82 | ecka-dh 2 1 : ecka-dh-SessionKDF-DES3 83 | ecka-dh 2 2 : ecka-dh-SessionKDF-AES128 84 | ecka-dh 2 3 : ecka-dh-SessionKDF-AES192 85 | ecka-dh 2 4 : ecka-dh-SessionKDF-AES256 86 | 87 | # Role OIDs for CV certificates according to 03110 88 | !Alias id-roles bsi-de 3 1 2 89 | id-roles 1 : id-IS 90 | id-roles 2 : id-AT 91 | id-roles 3 : id-ST 92 | 93 | # Description and extension OIDs from TR-03110 94 | !Alias id-extensions bsi-de 3 1 3 95 | id-extensions 1 : id-description 96 | id-description 1 : id-plainFormat 97 | id-description 2 : id-htmlFormat 98 | id-description 3 : id-pdfFormat 99 | id-extensions 2 : id-sector 100 | 101 | !Alias id-eID bsi-de 3 2 102 | id-eID 1 : id-SecurityObject 103 | 104 | #Auxiliary Data OIDS 105 | !Alias id-AuxiliaryData bsi-de 3 1 4 106 | id-AuxiliaryData 1 : id-DateOfBirth 107 | id-AuxiliaryData 2 : id-DateOfExpiry 108 | id-AuxiliaryData 3 : id-CommunityID 109 | -------------------------------------------------------------------------------- /src/ca_lib.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file 40 | * 41 | * @author Frank Morgner 42 | * @author Dominik Oepen 43 | */ 44 | 45 | #ifdef HAVE_CONFIG_H 46 | #include "config.h" 47 | #endif 48 | 49 | #include "eac_err.h" 50 | #include "eac_lib.h" 51 | #include "ssl_compat.h" 52 | 53 | CA_CTX * 54 | CA_CTX_new(void) 55 | { 56 | CA_CTX *ctx = OPENSSL_zalloc(sizeof(CA_CTX)); 57 | if (!ctx) 58 | return NULL; 59 | 60 | ctx->ka_ctx = KA_CTX_new(); 61 | if (!ctx->ka_ctx) { 62 | OPENSSL_free(ctx); 63 | return NULL; 64 | } 65 | ctx->lookup_csca_cert = EAC_get_default_csca_lookup(); 66 | 67 | return ctx; 68 | } 69 | 70 | void 71 | CA_CTX_clear_free(CA_CTX *ctx) 72 | { 73 | if (ctx) { 74 | KA_CTX_clear_free(ctx->ka_ctx); 75 | OPENSSL_free(ctx); 76 | } 77 | } 78 | 79 | int 80 | CA_CTX_set_protocol(CA_CTX * ctx, int protocol) 81 | { 82 | if (!ctx) { 83 | log_err("Invalid arguments"); 84 | return 0; 85 | } 86 | 87 | if (!KA_CTX_set_protocol(ctx->ka_ctx, protocol)) 88 | return 0; 89 | 90 | ctx->protocol = protocol; 91 | 92 | return 1; 93 | } 94 | -------------------------------------------------------------------------------- /src/ca_lib.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file 40 | * @brief Interface for Chip Authentication library functions 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef CA_LIB_H_ 47 | #define CA_LIB_H_ 48 | 49 | #include 50 | 51 | #ifdef __cplusplus 52 | extern "C" { 53 | #endif 54 | 55 | int 56 | CA_CTX_set_protocol(CA_CTX * ctx, int protocol); 57 | 58 | /** 59 | * @brief Create a new \CA_CTX structure 60 | * @return The new structure or NULL in case of an error 61 | */ 62 | CA_CTX * 63 | CA_CTX_new(void); 64 | 65 | /** 66 | * @brief Free a \c CA_CTX object and all its components. 67 | * 68 | * Sensitive memory is cleared with OPENSSL_cleanse(). 69 | * 70 | * @param ctx The \c CA_CTX to free 71 | */ 72 | void 73 | CA_CTX_clear_free(CA_CTX *ctx); 74 | 75 | #ifdef __cplusplus 76 | } 77 | #endif 78 | #endif 79 | -------------------------------------------------------------------------------- /src/certs/DECVCAEPASS00102: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/src/certs/DECVCAEPASS00102 -------------------------------------------------------------------------------- /src/certs/DECVCAeID00102: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/src/certs/DECVCAeID00102 -------------------------------------------------------------------------------- /src/certs/DECVCAeSign00102: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/src/certs/DECVCAeSign00102 -------------------------------------------------------------------------------- /src/certs/Makefile.am: -------------------------------------------------------------------------------- 1 | CV_CERTS = DECVCAeID00102 DECVCAEPASS00102 DECVCAeSign00102 2 | X509_CERTS = ff3d20d2 3 | 4 | EXTRA_DIST = $(CV_CERTS) $(X509_CERTS) 5 | 6 | install-data-local: 7 | $(MKDIR_P) "$(DESTDIR)$(X509DIR)" 8 | for cert in $(X509_CERTS); do $(INSTALL_DATA) $(srcdir)/$${cert} "$(DESTDIR)$(X509DIR)"; done 9 | $(MKDIR_P) "$(DESTDIR)$(CVCDIR)" 10 | for cert in $(CV_CERTS); do $(INSTALL_DATA) $(srcdir)/$${cert} "$(DESTDIR)$(CVCDIR)"; done 11 | 12 | uninstall-local: 13 | for cert in $(X509_CERTS); do rm -f "$(DESTDIR)$(X509DIR)/$${cert}"; done 14 | for cert in $(CV_CERTS); do rm -f "$(DESTDIR)$(CVCDIR)/$${cert}"; done 15 | -------------------------------------------------------------------------------- /src/certs/csca-germany_013_self_signed_cer.cer: -------------------------------------------------------------------------------- 1 | ff3d20d2 -------------------------------------------------------------------------------- /src/certs/cvca-eid.cv: -------------------------------------------------------------------------------- 1 | DECVCAeID00102 -------------------------------------------------------------------------------- /src/certs/cvca-epass.cv: -------------------------------------------------------------------------------- 1 | DECVCAEPASS00102 -------------------------------------------------------------------------------- /src/certs/cvca-esign.cv: -------------------------------------------------------------------------------- 1 | DECVCAeSign00102 -------------------------------------------------------------------------------- /src/certs/ff3d20d2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/src/certs/ff3d20d2 -------------------------------------------------------------------------------- /src/cvc-print.ggo.in: -------------------------------------------------------------------------------- 1 | package "cvc-print" 2 | purpose "Prints card verifiable certificate and its description" 3 | 4 | option "cvc" c 5 | "Card Verifiable Certificate" 6 | string 7 | typestr="FILENAME" 8 | optional 9 | 10 | option "description" d 11 | "Certificate description" 12 | string 13 | typestr="FILENAME" 14 | optional 15 | 16 | option "csr" r 17 | "Certificate request" 18 | string 19 | typestr="FILENAME" 20 | optional 21 | 22 | option "cvc-dir" - 23 | "Directory of trusted CVCs" 24 | string 25 | typestr="DIRECTORY" 26 | optional 27 | 28 | option "disable-cvc-verification" - 29 | "Disable verification of CV certificates" 30 | flag off 31 | 32 | text " 33 | Report bugs to @PACKAGE_BUGREPORT@ 34 | 35 | Written by Frank Morgner and Dominik Oepen" 36 | -------------------------------------------------------------------------------- /src/docs/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = _static 2 | 3 | EXTRA_DIST = Doxyfile.in conf.py.in index.txt.in index.txt protocols.txt.in protocols.txt programming.txt.in programming.txt install.txt install.txt.in usage.txt.in efcardaccess_asn1.conf efcardsecurity_templ_asn1.conf Makefile.sphinx requirements.txt 4 | 5 | do_subst = $(SED) \ 6 | -e 's,[@]PACKAGE_BUGREPORT[@],$(PACKAGE_BUGREPORT),g' \ 7 | -e 's,[@]PACKAGE_NAME[@],$(PACKAGE_NAME),g' \ 8 | -e 's,[@]PACKAGE_TARNAME[@],$(PACKAGE_TARNAME),g' \ 9 | -e 's,[@]PACKAGE_SUMMARY[@],$(PACKAGE_SUMMARY),g' \ 10 | -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' \ 11 | -e 's,[@]srcdir[@],$(srcdir),g' \ 12 | -e 's,[@]builddir[@],$(srcdir),g' 13 | 14 | DOXYGEN_HTML = doxygen/index.html 15 | 16 | docs: $(DOXYGEN_HTML) $(srcdir)/*.in $(srcdir)/*.txt.in 17 | @$(do_subst) < $(srcdir)/conf.py.in > conf.py 18 | @$(do_subst) < $(srcdir)/index.txt.in > index.txt 19 | @$(do_subst) < $(srcdir)/programming.txt.in > programming.txt 20 | @$(do_subst) < $(srcdir)/install.txt.in > install.txt 21 | @$(do_subst) < $(srcdir)/usage.txt.in > usage.txt 22 | @$(do_subst) < $(srcdir)/protocols.txt.in > protocols.txt 23 | env LD_LIBRARY_PATH=${abs_top_builddir}/bindings/python:$(abs_top_builddir)/src/.libs:$(abs_top_builddir)/src/openssl \ 24 | DYLD_LIBRARY_PATH=$${LD_LIBRARY_PATH} SHLIB_PATH=$${LD_LIBRARY_PATH} LIBPATH=$${LD_LIBRARY_PATH} \ 25 | $(MAKE) -f $(srcdir)/Makefile.sphinx html 26 | mkdir -p $(top_builddir)/docs 27 | rm -rf $(top_builddir)/docs/* 28 | mv _build/html/* $(top_builddir)/docs 29 | mv doxygen $(top_builddir)/docs/_static 30 | 31 | $(DOXYGEN_HTML): $(top_srcdir)/src/eac/*.h $(srcdir)/Doxyfile.in 32 | @$(do_subst) < $(srcdir)/Doxyfile.in > Doxyfile 33 | doxygen Doxyfile 34 | 35 | 36 | clean-local: 37 | rm -rf _build doxygen conf.py index.txt programming.txt install.txt usage.txt protocols.txt Doxyfile 38 | -------------------------------------------------------------------------------- /src/docs/_static/Makefile.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST = eactest.html eactest.html.mem eactest.js logo_132.png 2 | -------------------------------------------------------------------------------- /src/docs/_static/eactest.html.mem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/src/docs/_static/eactest.html.mem -------------------------------------------------------------------------------- /src/docs/_static/logo_132.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frankmorgner/openpace/ecafc3d5854cc5fb8380346bcc638a70a7ef4346/src/docs/_static/logo_132.png -------------------------------------------------------------------------------- /src/docs/_templates/layout.html: -------------------------------------------------------------------------------- 1 | {% extends "!layout.html" %} 2 | 3 | {# Custom CSS overrides #} 4 | {# set bootswatch_css_custom = ['_static/my-styles.css'] #} 5 | 6 | {# Add github banner (from: https://github.com/blog/273-github-ribbons). #} 7 | {% block header %} 8 | {{ super() }} 9 | 15 | 22 | {% endblock %} 23 | 24 | 25 | -------------------------------------------------------------------------------- /src/docs/efcardaccess_asn1.conf: -------------------------------------------------------------------------------- 1 | asn1=SET:SecurityInfos 2 | 3 | [SecurityInfos] 4 | tainfo=SEQUENCE:TerminalAuthenticationInfo 5 | cainfo=SEQUENCE:ChipAuthenticationInfo 6 | chipauthenticationdomainparameterinfo=SEQUENCE:ChipAuthenticationDomainParameterInfo 7 | 8 | [TerminalAuthenticationInfo] 9 | # id-TA 10 | protocol=OID:0.4.0.127.0.7.2.2.2 11 | version=INTEGER:0x02 12 | 13 | [ChipAuthenticationInfo] 14 | # id-CA-ECDH-AES-CBC-CMAC-128 15 | protocol=OID:0.4.0.127.0.7.2.2.3.2.2 16 | version=INTEGER:0x02 17 | 18 | [ChipAuthenticationDomainParameterInfo] 19 | # id-CA-ECDH 20 | protocol=OID:0.4.0.127.0.7.2.2.3.2 21 | aid=SEQUENCE:AlgorithmIdentifier 22 | 23 | [AlgorithmIdentifier] 24 | # standardizedDomainParameters 25 | algorithm=OID:0.4.0.127.0.7.1.2 26 | # brainpoolP256r1 27 | parameter=INTEGER:0x0D 28 | -------------------------------------------------------------------------------- /src/docs/efcardsecurity_templ_asn1.conf: -------------------------------------------------------------------------------- 1 | asn1=SET:SecurityInfos 2 | 3 | [SecurityInfos] 4 | tainfo=SEQUENCE:TerminalAuthenticationInfo 5 | cainfo=SEQUENCE:ChipAuthenticationInfo 6 | chipauthenticationdomainparameterinfo=SEQUENCE:ChipAuthenticationDomainParameterInfo 7 | chipauthenticationpublickeyinfo=SEQUENCE:ChipAuthenticationPublicKeyInfo 8 | 9 | [TerminalAuthenticationInfo] 10 | # id-TA 11 | protocol=OID:0.4.0.127.0.7.2.2.2 12 | version=INTEGER:0x02 13 | 14 | [ChipAuthenticationInfo] 15 | # id-CA-ECDH-AES-CBC-CMAC-128 16 | protocol=OID:0.4.0.127.0.7.2.2.3.2.2 17 | version=INTEGER:0x02 18 | 19 | [ChipAuthenticationDomainParameterInfo] 20 | # id-CA-ECDH 21 | protocol=OID:0.4.0.127.0.7.2.2.3.2 22 | aid=SEQUENCE:AlgorithmIdentifier 23 | 24 | [AlgorithmIdentifier] 25 | # standardizedDomainParameters 26 | algorithm=OID:0.4.0.127.0.7.1.2 27 | # brainpoolP256r1 28 | parameter=INTEGER:0x0D 29 | 30 | [ChipAuthenticationPublicKeyInfo] 31 | # id-PK-ECDH 32 | protocol=OID:0.4.0.127.0.7.2.2.1.2 33 | # same as above for ChipAuthenticationDomainParameterInfo 34 | aid=SEQUENCE:AlgorithmIdentifier 35 | # *YOU* need to append the actual hex value of the public key! 36 | subjectPublicKey=FORMAT:HEX,BITSTR:YOUR_HEX_PUBKEY_HERE 37 | -------------------------------------------------------------------------------- /src/docs/programming.txt.in: -------------------------------------------------------------------------------- 1 | .. highlight:: sh 2 | 3 | .. _bindings: 4 | 5 | 6 | ############################################################################### 7 | Programming with @PACKAGE_NAME@ 8 | ############################################################################### 9 | 10 | 11 | ******************************************************************************* 12 | Using OpenPACE in C/C++ 13 | ******************************************************************************* 14 | 15 | .. seealso:: 16 | 17 | The `OpenPACE API documentation <_static/doxygen/modules.html>`_ 18 | has all details of the native C/C++ interface. 19 | 20 | Here we have a small example in C: 21 | 22 | .. literalinclude:: @srcdir@/../../src/example.c 23 | :language: c 24 | 25 | .. seealso:: 26 | Have a look at the `OpenSC Project`_ for a more complex project 27 | that uses the C Interface from OpenPACE. 28 | 29 | 30 | ******************************************************************************* 31 | Using OpenPACE in Python 32 | ******************************************************************************* 33 | 34 | Python bindings must be configured with :option:`--enable-python`. They depend 35 | on SWIG and Python. 36 | 37 | In case of a non-standard installation of OpenPACE you might -- in addition to 38 | :envvar:`LD_LIBRARY_PATH` -- also need to setup the :envvar:`PYTHONPATH` 39 | environment variable. 40 | 41 | Here is a sample script that shows how OpenPACE is accessed from Python: 42 | 43 | .. literalinclude:: @srcdir@/../../bindings/python/example.py 44 | :language: python 45 | 46 | .. seealso:: 47 | Have a look at the `Emulator for the German Identity Card`_ for a more 48 | complex project that uses the Python Interface from OpenPACE. 49 | 50 | Unfortunately, OpenPACE's Python bindings are currently poorly documented. 51 | 52 | .. versionadded:: 0.8 53 | The SWIG bindings from `pyPACE`_ have been integrated into OpenPACE. 54 | 55 | 56 | ******************************************************************************* 57 | Using OpenPACE in Ruby 58 | ******************************************************************************* 59 | 60 | Ruby bindings must be configured with :option:`--enable-ruby`. They depend on 61 | SWIG and Ruby. 62 | 63 | Here is a sample script that shows how OpenPACE is accessed from Ruby: 64 | 65 | .. literalinclude:: @srcdir@/../../bindings/ruby/example.rb 66 | :language: ruby 67 | 68 | .. versionadded:: 0.9 69 | Added Ruby bindings. 70 | 71 | 72 | ******************************************************************************* 73 | Using OpenPACE in Go 74 | ******************************************************************************* 75 | 76 | Go bindings must be configured with :option:`--enable-go`. They depend on SWIG 77 | and ``gccgo``. 78 | 79 | Here is a sample program that shows how OpenPACE is accessed from Go: 80 | 81 | .. literalinclude:: @srcdir@/../../bindings/go/example.go 82 | :language: go 83 | 84 | .. versionadded:: 0.9 85 | Added Go bindings. 86 | 87 | 88 | ******************************************************************************* 89 | Using OpenPACE in Java 90 | ******************************************************************************* 91 | 92 | Ruby bindings must be configured with :option:`--enable-java`. They depend on 93 | SWIG, a java compiler and the JNI developement headers. You may set the 94 | :envvar:`JAVAC` environment variable to your preferred Java compiler. 95 | 96 | Here is a sample program that shows how OpenPACE is accessed from Java: 97 | 98 | .. literalinclude:: @srcdir@/../../bindings/java/EAC_Example.java 99 | :language: java 100 | 101 | 102 | .. target-notes:: 103 | 104 | .. _`SWIG`: http://swig.org 105 | .. _`pyPACE`: http://pypace.sourceforge.net 106 | .. _`OpenSC Project`: https://github.com/OpenSC/OpenSC/blob/master/src/sm/sm-eac.c 107 | .. _`Emulator for the German Identity Card`: https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html 108 | -------------------------------------------------------------------------------- /src/docs/requirements.txt: -------------------------------------------------------------------------------- 1 | breathe>=4.35.0 2 | sphinx>=7.1.2 3 | sphinx-bootstrap-theme>=0.8.1 4 | sphinxcontrib-programoutput>=0.17 5 | -------------------------------------------------------------------------------- /src/eac/ri.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Dominik Oepen, Frank Morgner and Paul Wilhelm 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file ri.h 40 | * @brief Interface for Restricted Identification 41 | * 42 | * Restricted Identification is a protocol to generate 43 | * pseudonym identifier based on key agreement protocol. 44 | * The protocol use a secret key of an asymetric 45 | * key pair and the public key of a second asymetric key pair. 46 | * For every two diffrent secret keys with same public key the 47 | * identifier is diffrent. 48 | * For any two diffrent public keys it is computational infeasible 49 | * to link two identifiers with the same secret key. 50 | * 51 | * @author Dominik Oepen 52 | * @author Frank Morgner 53 | * @author Paul Wilhelm 54 | */ 55 | 56 | #ifndef RI_H_ 57 | #define RI_H_ 58 | 59 | #include 60 | #include 61 | #include 62 | 63 | #ifdef __cplusplus 64 | extern "C" { 65 | #endif 66 | 67 | /** 68 | * @addtogroup management 69 | * 70 | * @{ ************************************************************************/ 71 | 72 | /** 73 | * @brief Frees a \c RI_CTX object and all its components 74 | * 75 | * @param[in] s Object to free (optional) 76 | */ 77 | void RI_CTX_clear_free(RI_CTX * s); 78 | /** 79 | * @brief Creates a new \c RI_CTX object 80 | * 81 | * @return The new object or NULL if an error occurred 82 | */ 83 | RI_CTX * RI_CTX_new(void); 84 | /** 85 | * @brief Initializes a \c RI_CTX object using the protocol OID. This 86 | * parameter can be found in the RIInfo part of an EF.CardSecurity. 87 | * 88 | * @param[in,out] ctx The \c RI_CTX object to initialize 89 | * @param[in] protocol The NID of the OID 90 | * 91 | * @return 1 in case of success, 0 otherwise 92 | */ 93 | int RI_CTX_set_protocol(RI_CTX * ctx, int protocol); 94 | /** @} ***********************************************************************/ 95 | 96 | /** 97 | * @addtogroup riproto 98 | * 99 | * @{ ************************************************************************/ 100 | 101 | /** 102 | * @brief Compute a sector specific identifier for a card within a given sector. 103 | * 104 | * @param[in] ctx The EAC context of the card 105 | * @param[in] sector_pubkey the sector public key 106 | * 107 | * @return The sector identifier or NULL in case of an error 108 | */ 109 | BUF_MEM * RI_STEP2_compute_identifier(EAC_CTX *ctx, BUF_MEM *sector_pubkey); 110 | 111 | /** @} ***********************************************************************/ 112 | 113 | #ifdef __cplusplus 114 | } 115 | #endif 116 | #endif 117 | -------------------------------------------------------------------------------- /src/eac_asn1.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file eac_asn1.h 40 | * @brief Interface to ASN.1 structures related to PACE 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef PACE_ASN1_H_ 47 | #define PACE_ASN1_H_ 48 | 49 | #include 50 | #include 51 | #include 52 | 53 | /** 54 | * @brief Encodes public key data objects of the domain parameters in ASN.1 55 | * (see TR-3110 D.3.2 and D.3.3) 56 | * 57 | * @return ASN.1 encoded public key data objects or NULL if an error occurred 58 | */ 59 | BUF_MEM * 60 | asn1_pubkey(int protocol, EVP_PKEY *key, BN_CTX *bn_ctx, enum eac_tr_version tr_version); 61 | 62 | #endif /* PACE_ASN1_H_ */ 63 | -------------------------------------------------------------------------------- /src/eac_dh.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file eac_dh.h 40 | * @brief Interface to Diffie Hellman helper functions 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef PACE_DH_H_ 47 | #define PACE_DH_H_ 48 | 49 | #include 50 | #include 51 | #include 52 | 53 | /** 54 | * @brief initializes a DH key structure. If the structure is already initialized, 55 | * nothing is done 56 | * 57 | * @param[in/out] dh DH object to use 58 | * @param[in] standardizedDomainParameters specifies which parameters to use 59 | * (see TR-03110, p. 52) 60 | * 61 | * @return 1 on success or 0 if an error occurred 62 | */ 63 | int 64 | init_dh(DH ** dh, int standardizedDomainParameters); 65 | /** 66 | * @brief Computes the prime on which the modulus is based. 67 | * 68 | * If DH->q does not exist, tries to guess a Sophie Germain prime matching the 69 | * DH's modulus. 70 | * 71 | * @param[in] dh DH object to use 72 | * @param[in] ctx BN_CTX object 73 | * 74 | * @return q or NULL if an error occurred 75 | */ 76 | BIGNUM * 77 | DH_get_q(const DH *dh, BN_CTX *ctx); 78 | /** 79 | * @brief Computes the order of the DH's generator. 80 | * 81 | * @param[in] dh DH object to use 82 | * @param[in] ctx BN_CTX object (optional) 83 | * 84 | * @return order of g or NULL if an error occurred 85 | * 86 | * @note This calculation is for DHs using a safe prime, which will generate 87 | * either an order-q or an order-2q group (see crypto/dh/dh_gen.c:151). 88 | */ 89 | BIGNUM * 90 | DH_get_order(const DH *dh, BN_CTX *ctx); 91 | /** 92 | * @brief Generates a DH key pair 93 | * 94 | * @param[in] key 95 | * @param[in] bn_ctx BIGNUM context 96 | * 97 | * @return public key of the generated key pair or NULL if an error occurred 98 | */ 99 | BUF_MEM * 100 | dh_generate_key(EVP_PKEY *key, BN_CTX *bn_ctx); 101 | /** 102 | * @brief Computes a DH key 103 | * 104 | * @see PACE_STEP3B_dh_compute_key() 105 | */ 106 | BUF_MEM * 107 | dh_compute_key(EVP_PKEY *key, const BUF_MEM * in, BN_CTX *bn_ctx); 108 | 109 | /** 110 | * @brief Duplicate Diffie-Hellman-Parameters including parameter q. 111 | * 112 | * DHparams_dup creates a duplicated object copying only p, g and optionally 113 | * the length. This object is used to also copy the parameter q. 114 | * 115 | * @param dh Diffie-Hellman-Parameters 116 | * 117 | * @return Duplicate object or NULL in case of an error 118 | */ 119 | DH * 120 | DHparams_dup_with_q(DH *dh); 121 | 122 | #endif /*PACE_DH_H_*/ 123 | -------------------------------------------------------------------------------- /src/eac_ecdh.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file eac_ecdh.h 40 | * @brief Interface to elliptic curve Diffie Hellman helper functions 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef PACE_ECDH_H_ 47 | #define PACE_ECDH_H_ 48 | 49 | #include 50 | #include 51 | #include 52 | #include 53 | /** 54 | * @brief initializes a key for ECDH. If the object is already initialised, 55 | * nothing is don 56 | * 57 | * @param[in/out] ecdh elliptic curve object to use 58 | * @param[in] standardizedDomainParameters specifies which parameters to use 59 | * (see TR-03110, p. 52) 60 | * 61 | * @return 1 on success or 0 if an error occurred 62 | */ 63 | int 64 | init_ecdh(EC_KEY ** ecdh, int standardizedDomainParameters); 65 | /** 66 | * @brief Generates an ECDH keypair 67 | * 68 | * @param[in] key 69 | * @param[in] bn_ctx BIGNUM context 70 | * 71 | * @return public key of the generated keypair or NULL if an error occurred 72 | */ 73 | BUF_MEM * 74 | ecdh_generate_key(EVP_PKEY *key, BN_CTX *bn_ctx); 75 | /** 76 | * @brief Computes an ECDH key 77 | * 78 | * @see PACE_STEP3B_dh_compute_key() 79 | */ 80 | BUF_MEM * 81 | ecdh_compute_key(EVP_PKEY *key, const BUF_MEM * in, BN_CTX *bn_ctx); 82 | 83 | #endif /*PACE_ECDH_H_*/ 84 | -------------------------------------------------------------------------------- /src/eac_err.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2012 Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file eac_err.h 40 | * @brief Error handling macros 41 | * 42 | * @author Dominik Oepen 43 | */ 44 | 45 | #ifndef EAC_ERR_H 46 | #define EAC_ERR_H 47 | 48 | #include 49 | #include 50 | #include 51 | #include 52 | 53 | #ifdef DEBUG 54 | #define debug(M, ...) fprintf(stderr, "DEBUG %s:%d: " M "\n", __FILE__, __LINE__, ##__VA_ARGS__) 55 | #else 56 | #define debug(M, ...) 57 | #endif 58 | 59 | /* TODO: Make sure that ERR_load_crypto_strings() has been called */ 60 | #define ossl_errors() ERR_print_errors_fp(stderr) 61 | #define log_err(M, ...) {fprintf(stderr, "[ERROR] (%s:%d ) " M "\n", __FILE__, __LINE__, ##__VA_ARGS__); ossl_errors();} 62 | #define check(A, M, ...) {if(!(A)) { log_err(M, ##__VA_ARGS__); goto err; }} 63 | #define check_return(A, M, ...) {if(!(A)) { log_err(M, ##__VA_ARGS__); errno=0; return NULL;}} 64 | 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /src/eac_kdf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file eac_kdf.h 40 | * @brief Interface to key derivation functions 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef PACE_KDF_H_ 47 | #define PACE_KDF_H_ 48 | 49 | #include 50 | #include 51 | #include 52 | #include 53 | 54 | /** 55 | * @defgroup kdf Key Derivation Functions 56 | * @{ ************************************************************************/ 57 | 58 | /** 59 | * @brief General key derivation function according to TR-3110 F.3.1 60 | * 61 | * @param[in] key Shared secret 62 | * @param[in] nonce (optional) 63 | * @param[in] counter Formatted in big endian 64 | * @param[in] ctx 65 | * 66 | * @return derivated key or NULL if an error occurred 67 | */ 68 | BUF_MEM * 69 | kdf(const BUF_MEM *key, const BUF_MEM *nonce, const uint32_t counter, 70 | const KA_CTX *ctx, EVP_MD_CTX *md_ctx); 71 | #define KDF_ENC_COUNTER 1 72 | #define KDF_MAC_COUNTER 2 73 | #define KDF_PI_COUNTER 3 74 | /** 75 | * @brief Key derivation function to derive encryption key 76 | * 77 | * @see kdf() 78 | */ 79 | BUF_MEM * 80 | kdf_enc(const BUF_MEM *nonce, const KA_CTX *ctx, EVP_MD_CTX *md_ctx); 81 | /** 82 | * @brief Key derivation function to derive authentication key 83 | * 84 | * @see kdf() 85 | */ 86 | BUF_MEM * 87 | kdf_mac(const BUF_MEM *nonce, const KA_CTX *ctx, EVP_MD_CTX *md_ctx); 88 | /** 89 | * @brief Key derivation function from a password pi 90 | * 91 | * @see kdf() 92 | */ 93 | BUF_MEM * 94 | kdf_pi(const PACE_SEC *pi, const BUF_MEM *nonce, const KA_CTX *ctx, EVP_MD_CTX *md_ctx); 95 | /** @} ***********************************************************************/ 96 | 97 | #endif /*PACE_KDF_H_*/ 98 | -------------------------------------------------------------------------------- /src/eac_lib.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file eac_lib.h 40 | * @brief Interface for EAC library functions 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef EAC_LIB_H_ 47 | #define EAC_LIB_H_ 48 | 49 | #include 50 | #include 51 | #include 52 | 53 | #ifdef __cplusplus 54 | extern "C" { 55 | #endif 56 | 57 | BUF_MEM * 58 | KA_CTX_generate_key(const KA_CTX *ctx, BN_CTX *bn_ctx); 59 | int 60 | KA_CTX_compute_key(KA_CTX *ctx, const BUF_MEM *in, BN_CTX *bn_ctx); 61 | int 62 | KA_CTX_derive_keys(KA_CTX *ka_ctx, const BUF_MEM *nonce, EVP_MD_CTX *md_ctx); 63 | 64 | void KA_CTX_clear_free(KA_CTX *ctx); 65 | KA_CTX *KA_CTX_new(void); 66 | KA_CTX *KA_CTX_dup(const KA_CTX *ka_ctx); 67 | int KA_CTX_set_protocol(KA_CTX *ctx, int protocol); 68 | 69 | #ifdef __cplusplus 70 | } 71 | #endif 72 | #endif 73 | -------------------------------------------------------------------------------- /src/example.c: -------------------------------------------------------------------------------- 1 | #ifdef HAVE_CONFIG_H 2 | #include "config.h" 3 | #endif 4 | 5 | const unsigned char EF_CARDACCESS[] = { 0x31, 0x81, 0x82, 0x30, 0x0D, 0x06, 0x08, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x01, 0x02, 0x30, 0x12, 0x06, 0x0A, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x03, 0x02, 0x02, 0x02, 0x01, 0x02, 0x02, 0x01, 0x41, 0x30, 0x12, 0x06, 0x0A, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x04, 0x02, 0x02, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0D, 0x30, 0x1C, 0x06, 0x09, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x03, 0x02, 0x30, 0x0C, 0x06, 0x07, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x01, 0x02, 0x02, 0x01, 0x0D, 0x02, 0x01, 0x41, 0x30, 0x2B, 0x06, 0x08, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x06, 0x16, 0x1F, 0x65, 0x50, 0x41, 0x20, 0x2D, 0x20, 0x42, 0x44, 0x72, 0x20, 0x47, 0x6D, 0x62, 0x48, 0x20, 0x2D, 0x20, 0x54, 0x65, 0x73, 0x74, 0x6B, 0x61, 0x72, 0x74, 0x65, 0x20, 0x76, 0x32, 0x2E, 0x30, 0x04, 0x49, 0x17, 0x15, 0x41, 0x19, 0x28, 0x80, 0x0A, 0x01, 0xB4, 0x21, 0xFA, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x10, 0x10, 0x29, 0x10, 0x10, }; 6 | const char PIN[] = "123456"; 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | int main(int argc, char *argv[]) 14 | { 15 | int r; 16 | BIO *bio = NULL; 17 | PACE_SEC *secret = NULL; 18 | EAC_CTX *picc_ctx = NULL, *pcd_ctx = NULL; 19 | BUF_MEM *enc_nonce = NULL, *pcd_mapping_data = NULL, 20 | *picc_mapping_data = NULL, *pcd_ephemeral_pubkey = NULL, 21 | *picc_ephemeral_pubkey = NULL, *pcd_token = NULL, 22 | *picc_token = NULL; 23 | 24 | EAC_init(); 25 | 26 | puts("EF.CardAccess:"); 27 | bio = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT); 28 | BIO_dump_indent(bio, (char *) EF_CARDACCESS, sizeof EF_CARDACCESS, 4); 29 | 30 | secret = PACE_SEC_new(PIN, strlen(PIN), PACE_PIN); 31 | 32 | puts("Secret:"); 33 | PACE_SEC_print_private(bio, secret, 4); 34 | 35 | picc_ctx = EAC_CTX_new(); 36 | pcd_ctx = EAC_CTX_new(); 37 | EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, sizeof EF_CARDACCESS, pcd_ctx); 38 | EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, sizeof EF_CARDACCESS, picc_ctx); 39 | 40 | puts("PACE step 1"); 41 | enc_nonce = PACE_STEP1_enc_nonce(picc_ctx, secret); 42 | 43 | puts("PACE step 2"); 44 | PACE_STEP2_dec_nonce(pcd_ctx, secret, enc_nonce); 45 | 46 | puts("PACE step 3A"); 47 | pcd_mapping_data = PACE_STEP3A_generate_mapping_data(pcd_ctx); 48 | picc_mapping_data = PACE_STEP3A_generate_mapping_data(picc_ctx); 49 | 50 | PACE_STEP3A_map_generator(pcd_ctx, picc_mapping_data); 51 | PACE_STEP3A_map_generator(picc_ctx, pcd_mapping_data); 52 | 53 | puts("PACE step 3B"); 54 | pcd_ephemeral_pubkey = PACE_STEP3B_generate_ephemeral_key(pcd_ctx); 55 | picc_ephemeral_pubkey = PACE_STEP3B_generate_ephemeral_key(picc_ctx); 56 | 57 | PACE_STEP3B_compute_shared_secret(pcd_ctx, picc_ephemeral_pubkey); 58 | PACE_STEP3B_compute_shared_secret(picc_ctx, pcd_ephemeral_pubkey); 59 | 60 | puts("PACE step 3C"); 61 | PACE_STEP3C_derive_keys(pcd_ctx); 62 | PACE_STEP3C_derive_keys(picc_ctx); 63 | 64 | puts("PACE step 3D"); 65 | pcd_token = PACE_STEP3D_compute_authentication_token(pcd_ctx, picc_ephemeral_pubkey); 66 | picc_token = PACE_STEP3D_compute_authentication_token(picc_ctx, pcd_ephemeral_pubkey); 67 | 68 | r = PACE_STEP3D_verify_authentication_token(pcd_ctx, picc_token); 69 | if (r == 1) 70 | r = PACE_STEP3D_verify_authentication_token(picc_ctx, pcd_token); 71 | 72 | puts("PICC's EAC_CTX:"); 73 | EAC_CTX_print_private(bio, picc_ctx, 4); 74 | puts("PCD's EAC_CTX:"); 75 | EAC_CTX_print_private(bio, pcd_ctx, 4); 76 | 77 | EAC_CTX_clear_free(pcd_ctx); 78 | EAC_CTX_clear_free(picc_ctx); 79 | PACE_SEC_clear_free(secret); 80 | 81 | EAC_cleanup(); 82 | 83 | if (bio) 84 | BIO_free_all(bio); 85 | if (enc_nonce) 86 | BUF_MEM_free(enc_nonce); 87 | if (pcd_mapping_data) 88 | BUF_MEM_free(pcd_mapping_data); 89 | if (picc_mapping_data) 90 | BUF_MEM_free(picc_mapping_data); 91 | if (pcd_ephemeral_pubkey) 92 | BUF_MEM_free(pcd_ephemeral_pubkey); 93 | if (picc_ephemeral_pubkey) 94 | BUF_MEM_free(picc_ephemeral_pubkey); 95 | if (pcd_token) 96 | BUF_MEM_free(pcd_token); 97 | if (picc_token) 98 | BUF_MEM_free(picc_token); 99 | 100 | if (r != 1) 101 | return 1; 102 | 103 | return 0; 104 | } 105 | -------------------------------------------------------------------------------- /src/misc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file misc.h 40 | * @brief Miscellaneous functions used in OpenPACE 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef MISC_H 47 | #define MISC_H 48 | 49 | #ifdef HAVE_CONFIG_H 50 | #include "config.h" 51 | #endif 52 | 53 | #include 54 | #include 55 | #include 56 | 57 | /** 58 | * @brief Creates a BUF_MEM object 59 | * 60 | * @param len required length of the buffer 61 | * 62 | * @return Initialized BUF_MEM object or NULL if an error occurred 63 | */ 64 | BUF_MEM * 65 | BUF_MEM_create(size_t len); 66 | /** 67 | * @brief Creates and initializes a BUF_MEM object 68 | * 69 | * @param buf Initial data 70 | * @param len Length of buf 71 | * 72 | * @return Initialized BUF_MEM object or NULL if an error occurred 73 | */ 74 | BUF_MEM * 75 | BUF_MEM_create_init(const void *buf, size_t len); 76 | /** 77 | * @brief duplicates a BUF_MEM structure 78 | * 79 | * @param in BUF_MEM to duplicate 80 | * 81 | * @return pointer to the new BUF_MEM or NULL in case of error 82 | */ 83 | BUF_MEM * 84 | BUF_MEM_dup(const BUF_MEM * in); 85 | 86 | /** 87 | * @brief converts an BIGNUM object to a BUF_MEM object 88 | * 89 | * @param bn bignumber to convert 90 | * 91 | * @return converted bignumber or NULL if an error occurred 92 | */ 93 | BUF_MEM * 94 | BN_bn2buf(const BIGNUM *bn); 95 | 96 | /** 97 | * @brief converts an EC_POINT object to a BUF_MEM object 98 | * 99 | * @param ecdh EC_KEY object 100 | * @param bn_ctx object (optional) 101 | * @param ecp elliptic curve point to convert 102 | * 103 | * @return converted elliptic curve point or NULL if an error occurred 104 | */ 105 | BUF_MEM * 106 | EC_POINT_point2mem(const EC_KEY * ecdh, BN_CTX * bn_ctx, const EC_POINT * ecp); 107 | 108 | #ifdef HAVE_EC_KEY_METHOD 109 | const EC_KEY_METHOD *EC_KEY_OpenSSL_Point(void); 110 | #else 111 | const ECDH_METHOD *ECDH_OpenSSL_Point(void); 112 | #endif 113 | 114 | void 115 | EAC_add_all_objects(void); 116 | void 117 | EAC_remove_all_objects(void); 118 | #endif 119 | -------------------------------------------------------------------------------- /src/pace_lib.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file pace_lib.h 40 | * @brief Interface to PACE library functions 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef PACE_LIB_H_ 47 | #define PACE_LIB_H_ 48 | 49 | #include 50 | /** 51 | * @brief Frees a \c PACE_CTX object and all its components 52 | * 53 | * @param[in] s Object to free (optional) 54 | */ 55 | void PACE_CTX_clear_free(PACE_CTX * s); 56 | /** 57 | * @brief Creates a new \c PACE_CTX object 58 | * 59 | * @return The new object or NULL if an error occurred 60 | */ 61 | PACE_CTX * PACE_CTX_new(void); 62 | /** 63 | * @brief Initializes a \c PACE_CTX object using the protocol OID. This 64 | * parameter can be found in the PACEInfo part of an EF.CardAccess. 65 | * 66 | * @param[in,out] ctx The \c PACE_CTX object to initialize 67 | * @param[in] protocol The NID of the OID 68 | * @param[in] tr_version 69 | * 70 | * @return 1 in case of success, 0 otherwise 71 | */ 72 | int PACE_CTX_set_protocol(PACE_CTX * ctx, int protocol, enum eac_tr_version tr_version); 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /src/pace_mappings.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file pace_mappings.h 40 | * @brief Interface to functions for domain parameter mappings 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | */ 45 | 46 | #ifndef PACE_MAPPINGS_H_ 47 | #define PACE_MAPPINGS_H_ 48 | 49 | #include 50 | #include 51 | #include 52 | 53 | /** 54 | * @defgroup encoding Mapping 55 | * @{ ************************************************************************/ 56 | 57 | BUF_MEM * 58 | dh_gm_generate_key(const PACE_CTX * ctx, BN_CTX *bn_ctx); 59 | /** 60 | * @brief Computes a key for DH Generic Mapping (see TR-3110 A.3.5.1) 61 | * 62 | * @see PACE_STEP3A_map_compute_key() 63 | */ 64 | int 65 | dh_gm_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in, 66 | BN_CTX *bn_ctx); 67 | /** 68 | * @brief Generates a key for DH Integrated Mapping (see TR-3110 A.3.5.2) 69 | * 70 | * @see PACE_STEP3A_map_compute_key() 71 | */ 72 | BUF_MEM * 73 | dh_im_generate_key(const PACE_CTX *ctx, BN_CTX *bn_ctx); 74 | /** 75 | * @brief Computes a key for DH Integrated Mapping (see TR-3110 A.3.5.2) 76 | * 77 | * @see PACE_STEP3A_map_compute_key() 78 | */ 79 | int 80 | dh_im_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in, 81 | BN_CTX *bn_ctx); 82 | BUF_MEM * 83 | ecdh_gm_generate_key(const PACE_CTX * ctx, BN_CTX *bn_ctx); 84 | /** 85 | * @brief Computes a key for ECDH Generic Mapping (see TR-3110 A.3.4.1) 86 | * 87 | * @see PACE_STEP3A_map_compute_key() 88 | */ 89 | int 90 | ecdh_gm_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in, 91 | BN_CTX *bn_ctx); 92 | /** 93 | * @brief Generates a key for ECDH Integrated Mapping (see TR-3110 A.3.4.2) 94 | * 95 | * @see PACE_STEP3A_map_compute_key() 96 | */ 97 | BUF_MEM * 98 | ecdh_im_generate_key(const PACE_CTX *ctx, BN_CTX *bn_ctx); 99 | /** 100 | * @brief Computes a key for ECDH Integrated Mapping (see TR-3110 A.3.4.2) 101 | * 102 | * @see PACE_STEP3A_map_compute_key() 103 | */ 104 | int 105 | ecdh_im_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in, 106 | BN_CTX *bn_ctx); 107 | 108 | /** @} ***********************************************************************/ 109 | 110 | #endif /*PACE_MAPPINGS_H_*/ 111 | -------------------------------------------------------------------------------- /src/read_file.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014 Frank Morgner 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file read_file.c 40 | * 41 | * @author Frank Morgner 42 | */ 43 | 44 | #ifdef HAVE_CONFIG_H 45 | #include "config.h" 46 | #endif 47 | 48 | #include 49 | #include 50 | #include 51 | 52 | int read_file(const char *filename, unsigned char **out, size_t *outlen) 53 | { 54 | FILE *fp = NULL; 55 | int fail = 1; 56 | int filesize; 57 | unsigned char *p; 58 | 59 | fp = fopen(filename, "rb"); 60 | if (!fp) { 61 | perror("Could not open file"); 62 | goto err; 63 | } 64 | 65 | if (0 > fseek(fp, 0L, SEEK_END)) { 66 | perror("count not seek file"); 67 | goto err; 68 | } 69 | filesize = ftell(fp); 70 | if (0 > filesize) { 71 | perror("count not tell file"); 72 | goto err; 73 | } 74 | fseek(fp, 0L, SEEK_SET); 75 | 76 | if (0 != filesize) { 77 | p = (unsigned char*) realloc(*out, filesize); 78 | if (!p) { 79 | puts("Failed to allocate memory"); 80 | goto err; 81 | } 82 | *out = p; 83 | 84 | if (filesize != fread(p, sizeof(unsigned char), filesize, fp)) { 85 | perror("Failed to read file"); 86 | goto err; 87 | } 88 | } 89 | *outlen = filesize; 90 | 91 | fail = 0; 92 | 93 | err: 94 | if (fp) 95 | fclose(fp); 96 | 97 | return fail; 98 | } 99 | -------------------------------------------------------------------------------- /src/read_file.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014 Frank Morgner 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file read_file.h 40 | * 41 | * @author Frank Morgner 42 | */ 43 | 44 | #ifndef READ_FILE_H_ 45 | #define READ_FILE_H_ 46 | 47 | #include 48 | 49 | int read_file(const char *filename, unsigned char **out, size_t *outlen); 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /src/ri.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011-2012 Dominik Oepen, Frank Morgner and Paul Wilhelm 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file ri.c 40 | * @brief Restricted Identification implementation 41 | * 42 | * @author Frank Morgner 43 | * @author Dominik Oepen 44 | * @author Paul Wilhelm 45 | */ 46 | 47 | #ifdef HAVE_CONFIG_H 48 | #include "config.h" 49 | #endif 50 | 51 | #include "eac_err.h" 52 | #include "eac_lib.h" 53 | #include "eac_util.h" 54 | #include 55 | #include 56 | #include 57 | #include 58 | #include 59 | #include 60 | 61 | BUF_MEM * 62 | RI_STEP2_compute_identifier(EAC_CTX *ctx, BUF_MEM *sector_pubkey) 63 | { 64 | 65 | BUF_MEM *sector_identifier = NULL, *shared_secret = NULL; 66 | 67 | check((ctx && sector_pubkey && ctx->bn_ctx && ctx->ri_ctx 68 | && ctx->ri_ctx->compute_key 69 | && ctx->ri_ctx->static_key), 70 | "Invalid arguments"); 71 | 72 | /* Perform the key agreement */ 73 | shared_secret = ctx->ri_ctx->compute_key(ctx->ri_ctx->static_key, 74 | sector_pubkey, ctx->bn_ctx); 75 | check(shared_secret, "Failed to compute shared secret"); 76 | 77 | /* Compute the hash of the shared secret (which is the sector identifier) */ 78 | sector_identifier = hash(ctx->ri_ctx->md, ctx->md_ctx, NULL, shared_secret); 79 | 80 | err: 81 | if (shared_secret) 82 | BUF_MEM_clear_free(shared_secret); 83 | 84 | return sector_identifier; 85 | } 86 | 87 | -------------------------------------------------------------------------------- /src/ssl_compat.h: -------------------------------------------------------------------------------- 1 | #ifdef HAVE_CONFIG_H 2 | #include "config.h" 3 | #endif 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #ifndef HAVE_DH_SET0_KEY 12 | int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); 13 | #endif 14 | 15 | #ifndef HAVE_DH_GET0_KEY 16 | void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); 17 | #endif 18 | 19 | #ifndef HAVE_DH_GET0_PQG 20 | void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); 21 | #endif 22 | 23 | #ifndef HAVE_DH_SET0_PQG 24 | int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); 25 | #endif 26 | 27 | #ifndef HAVE_RSA_SET0_KEY 28 | int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); 29 | #endif 30 | 31 | #ifndef HAVE_RSA_GET0_KEY 32 | void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); 33 | #endif 34 | 35 | #ifndef HAVE_BN_IS_PRIME_EX 36 | int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb); 37 | #endif 38 | 39 | #ifndef HAVE_ECDSA_SIG_SET0 40 | int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); 41 | #endif 42 | 43 | #ifndef HAVE_ECDSA_SIG_GET0 44 | void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); 45 | #endif 46 | 47 | #ifndef HAVE_ASN1_STRING_GET0_DATA 48 | const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); 49 | #endif 50 | 51 | #if !defined(HAVE_DECL_OPENSSL_ZALLOC) || HAVE_DECL_OPENSSL_ZALLOC == 0 52 | void *OPENSSL_zalloc(size_t num); 53 | #endif 54 | 55 | #ifndef HAVE_EC_POINT_GET_AFFINE_COORDINATES 56 | int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); 57 | #endif 58 | 59 | #ifndef HAVE_EC_POINT_SET_AFFINE_COORDINATES 60 | int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); 61 | #endif 62 | 63 | #ifndef HAVE_EVP_PKEY_DUP 64 | EVP_PKEY * 65 | EVP_PKEY_dup(EVP_PKEY *key); 66 | #endif 67 | -------------------------------------------------------------------------------- /src/ta_lib.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file ta_lib.h 40 | * 41 | * @author Frank Morgner 42 | * @author Dominik Oepen 43 | */ 44 | 45 | #ifndef TA_LIB_H_ 46 | #define TA_LIB_H_ 47 | 48 | #include 49 | #include 50 | #include 51 | 52 | /** 53 | * @brief Import the parameters and public key from a card verifiable 54 | * certificate into a TA_CTX structure. This function is used to verify 55 | * certificate chains by subsequently importing all the certificates, starting 56 | * with the DVCA or link certificate. 57 | * @param ctx The TA_CTX structure to initialize 58 | * @param next_cert The card verifiable certificate to be imported 59 | * @param bn_ctx (optional) 60 | * @return 1 on success or 0 in case of an error 61 | */ 62 | int 63 | TA_CTX_import_certificate(TA_CTX *ctx, const CVC_CERT *next_cert, 64 | BN_CTX *bn_ctx); 65 | 66 | /** 67 | * @brief Import the parameters and public key from a card verifiable 68 | * certificate into a TA_CTX structure. This function is used to set the trust 69 | * anchor (the CVCA certificate). 70 | * @param ctx The TA_CTX structure to initialize 71 | * @param trust_anchor The card verifiable certificate to be imported 72 | * @param bn_ctx (optional) 73 | * @return 1 on success or 0 in case of an error 74 | */ 75 | int 76 | TA_CTX_set_trust_anchor(TA_CTX *ctx, const CVC_CERT *trust_anchor, 77 | BN_CTX *bn_ctx); 78 | 79 | /** 80 | * @brief Create a new \TA_CTX structure 81 | * @return The new structure or NULL in case of an error 82 | */ 83 | TA_CTX * 84 | TA_CTX_new(void); 85 | 86 | /** 87 | * @brief Free a \c TA_CTX object and all its components. 88 | * 89 | * Sensitive memory is cleared with OPENSSL_cleanse(). 90 | * 91 | * @param ctx The \c TA_CTX to free 92 | */ 93 | void 94 | TA_CTX_clear_free(TA_CTX *ctx); 95 | 96 | #endif 97 | -------------------------------------------------------------------------------- /src/vc.c: -------------------------------------------------------------------------------- 1 | #ifdef HAVE_CONFIG_H 2 | #include "config.h" 3 | #endif 4 | 5 | #ifdef _WIN32 6 | #if defined(_MSC_VER) && (_MSC_VER >= 1900) 7 | // needed for OpenSSL static link 8 | // only for vs 2015 or later 9 | #pragma comment(lib, "legacy_stdio_definitions.lib") 10 | #include 11 | FILE * __cdecl __iob_func(void) 12 | { 13 | static FILE *my_iob[3]; 14 | my_iob[0] = stdin; 15 | my_iob[1] = stdout; 16 | my_iob[2] = stderr; 17 | return my_iob; 18 | } 19 | #endif 20 | 21 | #if defined(_MSC_VER) && (_MSC_VER < 1700) 22 | // only for vs 2012 or later 23 | #include 24 | __declspec(noreturn) void __cdecl __report_rangecheckfailure() 25 | { 26 | ExitProcess(1); 27 | } 28 | #endif 29 | #endif 30 | -------------------------------------------------------------------------------- /src/x509_lookup.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen 3 | * 4 | * This file is part of OpenPACE. 5 | * 6 | * OpenPACE is free software: you can redistribute it and/or modify it under 7 | * the terms of the GNU General Public License as published by the Free 8 | * Software Foundation, either version 3 of the License, or (at your option) 9 | * any later version. 10 | * 11 | * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 14 | * details. 15 | * 16 | * You should have received a copy of the GNU General Public License along with 17 | * OpenPACE. If not, see . 18 | * 19 | * Additional permission under GNU GPL version 3 section 7 20 | * 21 | * If you modify this Program, or any covered work, by linking or combining it 22 | * with OpenSSL (or a modified version of that library), containing 23 | * parts covered by the terms of OpenSSL's license, the licensors of 24 | * this Program grant you additional permission to convey the resulting work. 25 | * Corresponding Source for a non-source form of such a combination shall include 26 | * the source code for the parts of OpenSSL used as well as that of the 27 | * covered work. 28 | * 29 | * If you modify this Program, or any covered work, by linking or combining it 30 | * with OpenSC (or a modified version of that library), containing 31 | * parts covered by the terms of OpenSC's license, the licensors of 32 | * this Program grant you additional permission to convey the resulting work. 33 | * Corresponding Source for a non-source form of such a combination shall include 34 | * the source code for the parts of OpenSC used as well as that of the 35 | * covered work. 36 | */ 37 | 38 | /** 39 | * @file x509_lookup.c 40 | * @brief 41 | * 42 | * @author Frank Morgner 43 | */ 44 | 45 | #ifdef HAVE_CONFIG_H 46 | #include "config.h" 47 | #endif 48 | 49 | #include "eac_err.h" 50 | #include 51 | #include 52 | #include 53 | #include 54 | 55 | #ifndef PATH_MAX 56 | #define PATH_MAX 1024 /* # chars in a path name including nul */ 57 | #endif 58 | 59 | /** @brief Directory for \c EAC_get_default_csca_lookup() */ 60 | static char x509_default_dir[PATH_MAX]; 61 | 62 | void EAC_set_x509_default_dir(const char *default_dir) 63 | { 64 | if (default_dir) { 65 | strncpy(x509_default_dir, default_dir, (sizeof x509_default_dir) - 1); 66 | x509_default_dir[(sizeof x509_default_dir) - 1] = '\0'; 67 | } 68 | } 69 | 70 | static X509_STORE *X509_default_lookup(unsigned long issuer_name_hash) 71 | { 72 | static X509_STORE *store = NULL; 73 | 74 | if (!store) 75 | store = X509_STORE_new(); 76 | check(store, "Failed to create trust store"); 77 | 78 | if (!X509_STORE_load_locations(store, NULL, x509_default_dir)) { 79 | log_err("Failed to load trusted certificates"); 80 | X509_STORE_free(store); 81 | store = NULL; 82 | } 83 | 84 | err: 85 | return store; 86 | } 87 | 88 | X509_lookup_csca_cert EAC_get_default_csca_lookup(void) 89 | { 90 | return X509_default_lookup; 91 | } 92 | 93 | int EAC_CTX_set_csca_lookup(EAC_CTX *ctx, X509_lookup_csca_cert lookup_csca_cert) 94 | { 95 | int ok = 0; 96 | 97 | check (ctx && ctx->ca_ctx, "Invalid EAC context"); 98 | ctx->ca_ctx->lookup_csca_cert = lookup_csca_cert; 99 | ok = 1; 100 | 101 | err: 102 | return ok; 103 | } 104 | 105 | int EAC_CTX_get_csca_lookup(const EAC_CTX *ctx, X509_lookup_csca_cert *lookup_csca_cert) 106 | { 107 | int ok = 0; 108 | 109 | check (lookup_csca_cert && ctx && ctx->ca_ctx, "Invalid parameters"); 110 | *lookup_csca_cert = ctx->ca_ctx->lookup_csca_cert; 111 | ok = 1; 112 | 113 | err: 114 | return ok; 115 | } 116 | --------------------------------------------------------------------------------