| OpenPACE
    | 
| Macros | |
| #define | CVC_CERT_dup(x) ASN1_dup_of(CVC_CERT, i2d_CVC_CERT, CVC_d2i_CVC_CERT, x) | 
| Duplicate a CV certificate.  More... | |
| #define | CVC_PUBKEY_dup(x) ASN1_dup_of(CVC_PUBKEY, i2d_CVC_PUBKEY, d2i_CVC_PUBKEY, x) | 
| Duplicate a CVC public key.  More... | |
| #define | CVC_CHAT_dup(x) ASN1_dup_of(CVC_CHAT, i2d_CVC_CHAT, d2i_CVC_CHAT, x) | 
| Duplicate a CHAT.  More... | |
| Functions | |
| void | CA_disable_passive_authentication (EAC_CTX *ctx) | 
| Disable passive authentication for this EAC_CTX.  More... | |
| CVC_CERT * | CVC_d2i_CVC_CERT (CVC_CERT **cert, const unsigned char **in, long len) | 
| Convert ASN1 formatted CV certificate to the internal structure.  More... | |
| int | i2d_CVC_CERT (CVC_CERT *a, unsigned char **out) | 
| Convert a CV certificate description to its ASN1 representation.  More... | |
| CVC_CERT * | CVC_CERT_new (void) | 
| Allocate memory for a CV certificate.  More... | |
| void | CVC_CERT_free (CVC_CERT *a) | 
| Free a CV certificate.  More... | |
| CVC_CERT * | d2i_CVC_CERT_bio (BIO *bp, CVC_CERT **cvc) | 
| Load a CV certificate from a BIO object.  More... | |
| EVP_PKEY * | CVC_pubkey2pkey (const CVC_CERT *cert, BN_CTX *bn_ctx, EVP_PKEY *out) | 
| Extract the public key from a CV certificate. Since EC domain parameters are only included in CVCA certificates, they must be passed as parameters for DV and terminal certificates.  More... | |
| CVC_PUBKEY * | CVC_pkey2pubkey (int all_parameters, int protocol, EVP_PKEY *key, BN_CTX *bn_ctx, CVC_PUBKEY *out) | 
| void | EAC_init (void) | 
| Initializes OpenSSL and the EAC identifier.  More... | |
| void | EAC_cleanup (void) | 
| Wrapper to EVP_cleanup() | |
| EAC_CTX * | EAC_CTX_new (void) | 
| Create a new EAC context.  More... | |
| void | EAC_CTX_clear_free (EAC_CTX *ctx) | 
| Free an EAC context.  More... | |
| int | EAC_CTX_init_pace (EAC_CTX *ctx, int protocol, int curve) | 
| Initialize an EAC context for PACE.  More... | |
| int | EAC_CTX_init_ta (const EAC_CTX *ctx, const unsigned char *privkey, size_t privkey_len, const unsigned char *cvca, size_t cvca_len) | 
| Initialize an EAC context for TA with the terminal's PKI data. Use either a CV certificate or a known CAR for initialization.  More... | |
| int | EAC_CTX_init_ca (EAC_CTX *ctx, int protocol, int curve) | 
| Initialize an EAC context for Chip Authentication.  More... | |
| int | EAC_CTX_init_ri (EAC_CTX *ctx, int protocol, int stnd_dp) | 
| Initialize an EAC context for Restricted Identification.  More... | |
| int | EAC_CTX_init_ef_cardaccess (unsigned const char *in, size_t in_len, EAC_CTX *ctx) | 
| Initialize an EAC context for PACE, TA and CA from the data given in an EF.CardAccess.  More... | |
| int | EAC_CTX_init_ef_cardsecurity (const unsigned char *ef_cardsecurity, size_t ef_cardsecurity_len, EAC_CTX *ctx) | 
| Initialize an EAC context for PACE, TA and CA from the data given in an EF.CardSecurity.  More... | |
| int | EAC_CTX_get_cvca_lookup (const EAC_CTX *ctx, CVC_lookup_cvca_cert *lookup_cvca_cert) | 
| Return the EAC context's CVCA lookup callback.  More... | |
| int | EAC_CTX_set_cvca_lookup (EAC_CTX *ctx, CVC_lookup_cvca_cert lookup_cvca_cert) | 
| Set the CVCA lookup callback.  More... | |
| CVC_lookup_cvca_cert | EAC_get_default_cvca_lookup (void) | 
| Return the default lookup of the country verifying CA.  More... | |
| void | EAC_set_cvc_default_dir (const char *default_dir) | 
| Set directory for EAC_get_default_cvca_lookup()More... | |
| int | EAC_CTX_get_csca_lookup_cert (const EAC_CTX *ctx, X509_lookup_csca_cert *lookup_cvca_cert) | 
| Get the CSCA lookup callback.  More... | |
| int | EAC_CTX_set_csca_lookup_cert (EAC_CTX *ctx, X509_lookup_csca_cert lookup_cvca_cert) | 
| Set the CSCA lookup callback.  More... | |
| X509_lookup_csca_cert | EAC_get_default_csca_lookup (void) | 
| Return the default lookup of the country signing CA.  More... | |
| void | EAC_set_x509_default_dir (const char *default_dir) | 
| Set directory for EAC_get_default_csca_lookup()More... | |
| void | PACE_SEC_clear_free (PACE_SEC *s) | 
| Free a PACE secret.  More... | |
| PACE_SEC * | PACE_SEC_new (const char *sec, size_t sec_len, enum s_type type) | 
| Create and initialize a new PACE secret.  More... | |
| int | PACE_SEC_print_private (BIO *out, const PACE_SEC *sec, int indent) | 
| Print PACE_SEC object including private secret.  More... | |
| void | RI_CTX_clear_free (RI_CTX *s) | 
| Frees a RI_CTXobject and all its components.  More... | |
| RI_CTX * | RI_CTX_new (void) | 
| Creates a new RI_CTXobject.  More... | |
| int | RI_CTX_set_protocol (RI_CTX *ctx, int protocol) | 
| Initializes a RI_CTXobject using the protocol OID. This parameter can be found in the RIInfo part of an EF.CardSecurity.  More... | |
| #define CVC_CERT_dup | ( | x | ) | ASN1_dup_of(CVC_CERT, i2d_CVC_CERT, CVC_d2i_CVC_CERT, x) | 
| #define CVC_CHAT_dup | ( | x | ) | ASN1_dup_of(CVC_CHAT, i2d_CVC_CHAT, d2i_CVC_CHAT, x) | 
| #define CVC_PUBKEY_dup | ( | x | ) | ASN1_dup_of(CVC_PUBKEY, i2d_CVC_PUBKEY, d2i_CVC_PUBKEY, x) | 
| void CA_disable_passive_authentication | ( | EAC_CTX * | ctx | ) | 
Disable passive authentication for this EAC_CTX.
| ctx | EAC context | 
| void CVC_CERT_free | ( | CVC_CERT * | a | ) | 
Free a CV certificate.
| [in] | a | CV certificate to free | 
| CVC_CERT* CVC_CERT_new | ( | void | ) | 
Allocate memory for a CV certificate.
Convert ASN1 formatted CV certificate to the internal structure.
| [in,out] | cert | (optional) Where to save the CV certificate | 
| [in] | in | ASN1 formatted CV certificate | 
| [in] | len | Length of in | 
| EVP_PKEY* CVC_pubkey2pkey | ( | const CVC_CERT * | cert, | 
| BN_CTX * | bn_ctx, | ||
| EVP_PKEY * | out | ||
| ) | 
Extract the public key from a CV certificate. Since EC domain parameters are only included in CVCA certificates, they must be passed as parameters for DV and terminal certificates.
| [in] | cert | the certificate containing the public key | 
| [in] | bn_ctx | |
| [in,out] | out | (optional) where to save the extracted key. May contain domain parameters. | 
Load a CV certificate from a BIO object.
This function seeks the BIO so that subsequent reads of multiple certificates are possible.
| [in,out] | bp | bio object where to read from | 
| [in,out] | cvc | (optional) CV certificate to use | 
| void EAC_CTX_clear_free | ( | EAC_CTX * | ctx | ) | 
Free an EAC context.
Sensitive memory is cleared with OPENSSL_cleanse().
| [in] | ctx | EAC context to free | 
| int EAC_CTX_get_csca_lookup_cert | ( | const EAC_CTX * | ctx, | 
| X509_lookup_csca_cert * | lookup_cvca_cert | ||
| ) | 
Get the CSCA lookup callback.
| [in] | ctx | EAC context | 
| [in,out] | lookup_cvca_cert | lookup callback | 
| int EAC_CTX_get_cvca_lookup | ( | const EAC_CTX * | ctx, | 
| CVC_lookup_cvca_cert * | lookup_cvca_cert | ||
| ) | 
Return the EAC context's CVCA lookup callback.
| [in] | ctx | EAC context | 
| [in,out] | lookup_cvca_cert | lookup callback | 
| int EAC_CTX_init_ca | ( | EAC_CTX * | ctx, | 
| int | protocol, | ||
| int | curve | ||
| ) | 
Initialize an EAC context for Chip Authentication.
| [in,out] | ctx | EAC context | 
| [in] | protocol | Identifier of the protocol's OID specifying the exact CA parameters to use | 
| [in] | curve | Standardized domain parameter identifier | 
| int EAC_CTX_init_ef_cardaccess | ( | unsigned const char * | in, | 
| size_t | in_len, | ||
| EAC_CTX * | ctx | ||
| ) | 
Initialize an EAC context for PACE, TA and CA from the data given in an EF.CardAccess. 
| [in] | in | EF.CardAccess | 
| [in] | in_len | Length of in | 
| [in,out] | ctx | EAC context to initialize | 
| int EAC_CTX_init_ef_cardsecurity | ( | const unsigned char * | ef_cardsecurity, | 
| size_t | ef_cardsecurity_len, | ||
| EAC_CTX * | ctx | ||
| ) | 
Initialize an EAC context for PACE, TA and CA from the data given in an EF.CardSecurity. 
Performs passive authentication if required.
| [in] | ef_cardsecurity | buffer containing the ASN.1 encoded EF.CardSecurity | 
| [in] | ef_cardsecurity_len | length of ef_cardsecurity | 
| [in,out] | ctx | EAC context to initialize | 
| int EAC_CTX_init_pace | ( | EAC_CTX * | ctx, | 
| int | protocol, | ||
| int | curve | ||
| ) | 
Initialize an EAC context for PACE.
| [in,out] | ctx | EAC context to initialize | 
| [in] | protocol | Identifier of the protocol's OID specifying the exact PACE parameters | 
| [in] | curve | Standardized domain parameter identifier | 
| int EAC_CTX_init_ri | ( | EAC_CTX * | ctx, | 
| int | protocol, | ||
| int | stnd_dp | ||
| ) | 
Initialize an EAC context for Restricted Identification.
| [in,out] | ctx | EAC context | 
| [in] | protocol | protocol Identifier of the protocol's OID specifying the exact RI parameters to use | 
| [in] | stnd_dp | Standardized domain parameter identifier | 
| int EAC_CTX_init_ta | ( | const EAC_CTX * | ctx, | 
| const unsigned char * | privkey, | ||
| size_t | privkey_len, | ||
| const unsigned char * | cvca, | ||
| size_t | cvca_len | ||
| ) | 
Initialize an EAC context for TA with the terminal's PKI data. Use either a CV certificate or a known CAR for initialization.
| [in,out] | ctx | EAC context | 
| [in] | privkey | (optional) Private key to the given CV certificate | 
| [in] | privkey_len | Length of privkey | 
| [in] | cvca | (optional) CV certificate to use as trust anchor for verification of other CV certificates | 
| [in] | cvca_len | (optional) Length of cvca | 
| EAC_CTX* EAC_CTX_new | ( | void | ) | 
Create a new EAC context.
| int EAC_CTX_set_csca_lookup_cert | ( | EAC_CTX * | ctx, | 
| X509_lookup_csca_cert | lookup_cvca_cert | ||
| ) | 
Set the CSCA lookup callback.
| [in] | ctx | EAC context | 
| [in] | lookup_cvca_cert | lookup callback | 
| int EAC_CTX_set_cvca_lookup | ( | EAC_CTX * | ctx, | 
| CVC_lookup_cvca_cert | lookup_cvca_cert | ||
| ) | 
Set the CVCA lookup callback.
| [in] | ctx | EAC context | 
| [in] | lookup_cvca_cert | lookup callback | 
| X509_lookup_csca_cert EAC_get_default_csca_lookup | ( | void | ) | 
Return the default lookup of the country signing CA.
The default callback looks at /etc/eac/$chr for the CVCA certificate, where $chr is the card holder reference of the CVCA.
| CVC_lookup_cvca_cert EAC_get_default_cvca_lookup | ( | void | ) | 
Return the default lookup of the country verifying CA.
The default callback looks at /etc/eac/$issuer_name_hash.cer for the CSCA certificate, where $issuer_name_hash is an eight character lower hex value of the CSCA subject name.
openssl x509 -in CERTIFICATE.cer -inform DER -hash -noout to obtain the hash value. | void EAC_init | ( | void | ) | 
Initializes OpenSSL and the EAC identifier.
OpenSSL_add_all_algorithms() | void EAC_set_cvc_default_dir | ( | const char * | default_dir | ) | 
Set directory for EAC_get_default_cvca_lookup() 
| cvc_default_dir | 
| void EAC_set_x509_default_dir | ( | const char * | default_dir | ) | 
Set directory for EAC_get_default_csca_lookup() 
| x509_default_dir | 
| int i2d_CVC_CERT | ( | CVC_CERT * | a, | 
| unsigned char ** | out | ||
| ) | 
Convert a CV certificate description to its ASN1 representation.
| [in] | a | CV certificate description | 
| [out] | out | Where to write the ASN1 representation of a | 
| void PACE_SEC_clear_free | ( | PACE_SEC * | s | ) | 
Free a PACE secret.
Sensitive memory is cleared with OPENSSL_cleanse().
| [in] | s | (optional) Object to free | 
Create and initialize a new PACE secret.
| [in] | sec | Raw secret | 
| [in] | sec_len | Length of sec | 
| [in] | type | Type of secret | 
| int PACE_SEC_print_private | ( | BIO * | out, | 
| const PACE_SEC * | sec, | ||
| int | indent | ||
| ) | 
Print PACE_SEC object including private secret.
| [in] | out | Where to print the data | 
| [in] | sec | EAC context to be printed | 
| [in] | indent | Number of whitespaces used for indenting the output | 
| void RI_CTX_clear_free | ( | RI_CTX * | s | ) | 
Frees a RI_CTX object and all its components. 
| [in] | s | Object to free (optional) | 
| RI_CTX* RI_CTX_new | ( | void | ) | 
Creates a new RI_CTX object. 
| int RI_CTX_set_protocol | ( | RI_CTX * | ctx, | 
| int | protocol | ||
| ) | 
Initializes a RI_CTX object using the protocol OID. This parameter can be found in the RIInfo part of an EF.CardSecurity. 
| [in,out] | ctx | The RI_CTXobject to initialize | 
| [in] | protocol | The NID of the OID | 
 1.8.17
 1.8.17