gopace

package module

v0.0.0-...-60900ca Latest Latest Go to latest Published: Feb 7, 2021 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ivokub/gopace

Links

Open Source Insights

README ¶

Go library for PACE protocol

This is native library for establishing a secure channel between the terminal and smart card using PACE protocol.

The library is still work-in-progress and uses hard-coded parameters for Estonian ID-cards. As such, it should only by used as a reference implementation. Let me know if there would be interest for using the library more generally.

License

MIT

Documentation ¶

Overview ¶

Package gopace allows to establish a secure channel between card and host using PACE protocol.

Index ¶

func CMAC(kmac []byte, data []byte) (mac []byte, err error)
func ComputeAuthenticationToken(deroid, msx, msy []byte) []byte
func DecryptNonce(can []byte, encNonce []byte) (decNonce []byte, err error)
func GetAPDU(header, data []byte, le []byte) (apdu []byte)
func GetNonce(card *PlainCard) (encNonce []byte, err error)
func MapNonce(card *PlainCard, x, y []byte) (x2, y2 []byte, err error)
func MappedBasePoint(decNonce []byte, sx, sy []byte) (mx, my []byte)
func MappedECDH(sk2 []byte, msx, msy []byte) (smsx, smsy []byte)
func MappedPublicKey(sk2 []byte, mx, my []byte) (msx, msy []byte)
func MarshalECPoint(x, y []byte) []byte
func MutualAuthentication(card Carder, tcmac, ccmac []byte) error
func PerformKeyAgreement(card *PlainCard, msx, msy []byte) (msx2, msy2 []byte, err error)
func ReadBinary(card Carder) (content []byte, err error)
func SelectFile(card Carder, file []byte) (err error)
func SessionKeys(smsx []byte) (kenc, kmac []byte)
func SetAuthenticationTemplate(card *PlainCard, pi *PersonalInfo) (err error)
func SharedPoint(x, y, sk []byte) (sx, sy []byte)
func TerminalKeyMap(sk []byte) (x, y []byte, err error)
func UnmarshalECPoint(m []byte) (x, y []byte)
type Carder
type PersonalInfo
- func ReadCardAccess(card *PlainCard) (pi *PersonalInfo, err error)
type PersonalInfoSET
type PlainCard
- func Connect() (pcard *PlainCard, cancel func(), err error)
- func (pcard *PlainCard) Transmit(header []byte, data []byte, le []byte) (resp []byte, err error)
- func (pcard *PlainCard) TransmitAPDU(apdu []byte) (resp []byte, err error)
type SecureCard
- func PACE(card *PlainCard, can []byte) (seccard *SecureCard, err error)
- func (sc *SecureCard) DecData(edata []byte) (data []byte, err error)
- func (sc *SecureCard) EncData(data []byte) (enced []byte, err error)
- func (sc *SecureCard) PadData(data []byte) (padded []byte)
- func (sc *SecureCard) Prepare(header, data, le []byte) (apdu []byte, err error)
- func (sc *SecureCard) Process(encresp []byte) (data []byte, sw []byte, err error)
- func (sc *SecureCard) RemovePad(data []byte) (unpadded []byte)
- func (sc *SecureCard) SSC() []byte
- func (sc *SecureCard) Transmit(header, data, le []byte) (resp []byte, err error)
- func (sc *SecureCard) TransmitAPDU(apdu []byte) (resp []byte, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CMAC ¶

func CMAC(kmac []byte, data []byte) (mac []byte, err error)

func ComputeAuthenticationToken ¶

func ComputeAuthenticationToken(deroid, msx, msy []byte) []byte

func DecryptNonce ¶

func DecryptNonce(can []byte, encNonce []byte) (decNonce []byte, err error)

func GetAPDU ¶

func GetAPDU(header, data []byte, le []byte) (apdu []byte)

func GetNonce ¶

func GetNonce(card *PlainCard) (encNonce []byte, err error)

func MapNonce ¶

func MapNonce(card *PlainCard, x, y []byte) (x2, y2 []byte, err error)

func MappedBasePoint ¶

func MappedBasePoint(decNonce []byte, sx, sy []byte) (mx, my []byte)

func MappedECDH ¶

func MappedECDH(sk2 []byte, msx, msy []byte) (smsx, smsy []byte)

func MappedPublicKey ¶

func MappedPublicKey(sk2 []byte, mx, my []byte) (msx, msy []byte)

func MarshalECPoint ¶

func MarshalECPoint(x, y []byte) []byte

func MutualAuthentication ¶

func MutualAuthentication(card Carder, tcmac, ccmac []byte) error

func PerformKeyAgreement ¶

func PerformKeyAgreement(card *PlainCard, msx, msy []byte) (msx2, msy2 []byte, err error)

func ReadBinary ¶

func ReadBinary(card Carder) (content []byte, err error)

ReadBinary reads the content of an already chosen file.

func SelectFile ¶

func SelectFile(card Carder, file []byte) (err error)

SelectFile selects a file given the file identifier and a Carder.

func SessionKeys ¶

func SessionKeys(smsx []byte) (kenc, kmac []byte)

func SetAuthenticationTemplate ¶

func SetAuthenticationTemplate(card *PlainCard, pi *PersonalInfo) (err error)

func SharedPoint ¶

func SharedPoint(x, y, sk []byte) (sx, sy []byte)

func TerminalKeyMap ¶

func TerminalKeyMap(sk []byte) (x, y []byte, err error)

func UnmarshalECPoint ¶

func UnmarshalECPoint(m []byte) (x, y []byte)

Types ¶

type Carder ¶

type Carder interface {
	Transmit(header []byte, data []byte, le []byte) (resp []byte, err error)
	TransmitAPDU(apdu []byte) (resp []byte, err error)
}

Carder abstracts communication between host and card over insecure and secure channel

type PersonalInfo ¶

type PersonalInfo struct {
	Protocol    asn1.RawValue
	Version     int
	ParameterID int
}

func ReadCardAccess ¶

func ReadCardAccess(card *PlainCard) (pi *PersonalInfo, err error)

type PersonalInfoSET ¶

type PersonalInfoSET []PersonalInfo

type PlainCard ¶

type PlainCard struct {
	// contains filtered or unexported fields
}

func Connect ¶

func Connect() (pcard *PlainCard, cancel func(), err error)

func (*PlainCard) Transmit ¶

func (pcard *PlainCard) Transmit(header []byte, data []byte, le []byte) (resp []byte, err error)

func (*PlainCard) TransmitAPDU ¶

func (pcard *PlainCard) TransmitAPDU(apdu []byte) (resp []byte, err error)

type SecureCard ¶

type SecureCard struct {
	// contains filtered or unexported fields
}

func PACE ¶

func PACE(card *PlainCard, can []byte) (seccard *SecureCard, err error)

func (*SecureCard) DecData ¶

func (sc *SecureCard) DecData(edata []byte) (data []byte, err error)

func (*SecureCard) EncData ¶

func (sc *SecureCard) EncData(data []byte) (enced []byte, err error)

func (*SecureCard) PadData ¶

func (sc *SecureCard) PadData(data []byte) (padded []byte)

func (*SecureCard) Prepare ¶

func (sc *SecureCard) Prepare(header, data, le []byte) (apdu []byte, err error)

func (*SecureCard) Process ¶

func (sc *SecureCard) Process(encresp []byte) (data []byte, sw []byte, err error)

func (*SecureCard) RemovePad ¶

func (sc *SecureCard) RemovePad(data []byte) (unpadded []byte)

func (*SecureCard) SSC ¶

func (sc *SecureCard) SSC() []byte

func (*SecureCard) Transmit ¶

func (sc *SecureCard) Transmit(header, data, le []byte) (resp []byte, err error)

func (*SecureCard) TransmitAPDU ¶

func (sc *SecureCard) TransmitAPDU(apdu []byte) (resp []byte, err error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
esteid

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL