Commit c9d5db1a authored by berge's avatar berge
Browse files

[Unstable] Authentication functions changed + various updates

parent 72c6aff7
Loading
Loading
Loading
Loading
+326 −311
Original line number Diff line number Diff line
@@ -17,30 +17,26 @@
	import from ePassport_Types all;
	import from ePassport_Values all;
	import from ePassport_Templates all;



	const octetstring c_rnd_icc:='81d989f97303f9c6'O;

	import from ePassport_Pixits all;

	group externalFunctions {

		group securityExternalFunctions {

            external function fx_bacauth ( inout octetstring p_rnd_ifd, in octetstring p_rnd_icc, inout octetstring p_kicc  ) return octetstring;
            external function fx_bacAuth ( inout octetstring p_rnd_ifd, in octetstring p_rnd_icc, inout octetstring p_kicc  ) return octetstring;
            
            external function fx_activeauth ( inout octetstring p_rnd_ifd ) return octetstring;
            external function fx_activeAuth ( inout octetstring p_rnd_ifd ) return octetstring;
            
            external function fx_verify_Certificate( in octetstring p_psodata ) return boolean;
            external function fx_verifyCertificate( in octetstring p_psodata ) return boolean;
            	
            external function fx_verify_Signature( in octetstring p_signature ) return boolean;
            external function fx_verifySignature( in octetstring p_signature ) return boolean;
			
		} // end securityExternalFunctions
		
		group fileExternalFunctions {
			
			external function fx_loadPassportConfiguration(in charstring p_configurationID) return charstring;
			
			// fx_unloadPassportConfiguration()
			
			
			 
@@ -84,6 +80,177 @@
		
	} // end classFunctions 

	group securityFunctions {
		
		function f_generateRandomOctetstring(integer p_stringSize) return octetstring {
			
			// FIXME: use an xf to generate a true random nonce 
			return c_rndIcc;	
			
		} // end f_generateRandomOctetstring

    	function f_deriveKeys(
    		in octetstring p_keySeed, 
    		out octetstring p_keyEnc, 
    		out octetstring p_keyMac) {
    		// TODO
    	} // end f_deriveKeys
    	
    	// ISO/IEC 9797-1 MAC Algorithm 3 
	    function f_cryptographicChecksum(in octetstring p_key, in octetstring p_data) 
	    return octetstring {
	    	// TODO
	    	return ''O; 
    	} // end f_cryptographicChecksum
    	
    	// TDES Encryption
    	function f_encrypt(in octetstring p_key, in octetstring p_data) 
    	return octetstring {
    		// TODO
	    	return ''O; 
    	} // end f_encrypt
    	
    	// TDES Decryption
    	function f_decrypt(in octetstring p_key, in octetstring p_data)
    	return octetstring  {
    		// TODO
	    	return ''O; 
    	} // end f_decrypt
    	
    	function f_verifySignature(in octetstring p_signature, in octetstring p_car) 
    	return boolean {
    		// TODO
    		return true;
    	} // end f_verifySignature
    	
    	function f_digest(in HashAlgorithm p_algorithm, in octetstring p_data) return octetstring{
    		// FIXME
    		return '0001020304050607'O; 
    	} //end f_digest
    	
    	function f_getHashLength(in HashAlgorithm p_algorithm) return integer {
    		if(p_algorithm == e_sha1) {
    			return 8;
    		}
    		else {
    			return 0;
    		} 
    	} // end f_getHashLength
    	
    	function f_computeSharedSecret(
    		in octetstring p_privateKeyPicc, 
    		in octetstring p_publicKeyPcd)
    	return octetstring {
    		// FIXME
    		return '01020304050607'O;
    	} // end f_computeSharedSecret
    	
    	function f_basicAccessControl(in octetstring p_rndIcc, in octetstring p_challengeResponse) 
    	runs on MRTD
    	return octetstring {
		    var integer v_encryptedIfdLength;
        	var octetstring v_encryptedIfd, v_encryptedIcc;
        	var octetstring v_macIfd, v_macIcc;
        	var octetstring v_s, v_r;
        	var octetstring v_rndIfd;
        	var octetstring v_keyIfd, v_keyIcc;
        	var octetstring v_receivedRndIcc, v_computedMacIcc;
    		
	        v_encryptedIfdLength := lengthof(p_challengeResponse) - c_bacMacSize;
			v_encryptedIfd := substr(p_challengeResponse, 0, v_encryptedIfdLength);
    		v_macIfd := substr(p_challengeResponse, v_encryptedIfdLength, c_bacMacSize);
			
			// a) Check the checksum M_IFD of the cryptogram E_IFD.
			v_computedMacIcc := f_cryptographicChecksum(vc_simu.kMac, v_encryptedIcc);
			// TODO: if()
			
    		// b) Decrypt the cryptogram E_IFD.
			v_s := f_decrypt(vc_simu.kEnc, v_encryptedIfd);	

    		// c) Extract RND.ICC from S and check if IFD returned the correct value.
    		v_rndIfd := substr(v_s, 0, c_bacNonceSize);
    		v_receivedRndIcc := substr(v_s, c_bacNonceSize, c_bacNonceSize); 
    		v_keyIfd := substr(v_s, 2*c_bacNonceSize, c_bacKeySize); 
    		// TODO: if()
    		
    		// d) Generate keying material K.ICC.
    		v_keyIcc := f_generateRandomOctetstring(c_bacKeySize);
    		
    		// e) Generate the concatenation R = RND.ICC || RND.IFD || K.ICC
    		v_r := p_rndIcc & v_rndIfd & v_keyIcc;
    		
    		// f) Compute the cryptogram E_ICC = E[K_ENC](R).
    		v_encryptedIcc := f_encrypt(vc_simu.kEnc, v_r);
    		
    		// g) Compute the checksum M_ICC = MAC[K_MAC](E_ICC).
    		v_macIcc := f_cryptographicChecksum(vc_simu.kMac, v_encryptedIcc);
    		
    		// h) Send the response using the data E_ICC || M_ICC.
    		return v_encryptedIcc & v_macIcc;
    		
    		//TODO
  			// calulating KSenc, KSmac and SSC used for Secure Message
			// v_sm:=fx_SM(Kicc,v_ifd);   v_sm is here a record of 3 octetstring KSenc, KSmac and SSC
 
    	} // end f_basicAccessControl
    	
    	function f_activeAuthentication(in octetstring p_rndIfd) runs on MRTD 
    	return octetstring {
    		var integer v_c;
		    var octetstring v_m, v_m1;
    		var octetstring v_f, v_h;
    		var octetstring v_trailer;
    		var integer v_m1Length;
    		
	    	// create trailer (SHA1)
			v_trailer := 'BC'O; 
			// FIXME 
			
			// determine lengths
			v_c := PXT_ACTIVE_AUTH_MODULUS_LENGTH 
					- f_getHashLength(PXT_ACTIVE_AUTH_HASH_ALGORITHM) 
					- 8*lengthof(v_trailer) - 4; 
			v_m1Length := v_c - 4;
			
			// generate M1
			v_m1 := f_generateRandomOctetstring(v_m1Length / 8);
			
			// create M
			v_m := v_m1 & p_rndIfd;
			
			// calculate digest
			v_h := f_digest(PXT_ACTIVE_AUTH_HASH_ALGORITHM, v_m);
			
			// construct message representative    				
			v_f := '6A'O & v_m1 & v_h & v_trailer; 
			//FIXME
			
			// encrypt message representative
			return f_encrypt(vc_simu.kEnc, v_f);
	   	}
    	
    	function f_chipAuthentication(in octetstring p_publicKeyPcd) runs on MRTD {
			
			var octetstring v_k;
			var octetstring v_kEnc, v_kMac;
			var octetstring v_h;
			
			// a) The shared secret K = KA(SKPICC;^PKPCD;DPICC) = KA(^SKPCD;PKPICC;DPICC)
			v_k := f_computeSharedSecret(vc_simu.privateKey, p_publicKeyPcd);
								
			// b) The session keys KMAC and KEnc derived from K for Secure Messaging.
			f_deriveKeys(v_k, v_kEnc, v_kMac);
			
			// c) The hash of the inspection system's ephemeral public key H(^PKPCD) for Terminal Authentication.
			v_h := f_digest(e_sha1, p_publicKeyPcd); // FIXME
			
    	} // end f_chipAuthentication
    	
    	function f_terminalAuthentication() {
    			
    	} // end f_terminalAuthentication
	}

	group fileFunctions {
		
		function f_loadPassportConfiguration(in charstring p_configurationID) 
@@ -163,10 +330,14 @@
			if(p_longFileId == c_longFileIdCOM) {
				return c_shortFileIdCOM;
			}
			
			return '00'O;
			
		} // end f_longFileIdToShortFileId
		
	} // end fileFunctions

	group initializationFunctions {
		
    	function f_initializeMRTD(in charstring p_configurationId) runs on MRTD {
    		
@@ -216,6 +387,8 @@
        
        }
	
	} // end initializationFunctions

	group altsteps {

		group defaults {
@@ -273,42 +446,26 @@
			// Start the MRTD Test sequence :  Standard Inspection Procedure (SIP)
        	altstep a_standardInspectionProcedure() runs on MRTD {
        	
        		var boolean DG15:=true;   //AA optional should be defibed in a PIXIT
        
        		[] a_waitApplication();
        		
        		[] a_bac();
        		
        		[DG15] a_activeAuthentication();
        	
//        		[] a_waitRead(v_cfg.dg1);
        		[vc_simu.securityStatus > e_noApplication] a_bac();
        		
//        		[] a_waitRead(v_cfg.dg2);
        		[vc_simu.securityStatus >= e_basicAccessControl] a_activeAuthentication();
        	
	        } // end a_standardInspectionProcedure
            
            // Start the MRTD Test sequence : Advanced Inspection Procedure (AIP) including EAC
            altstep a_advancedInspectionProcedure() runs on MRTD {
            	
            	var boolean DG15:=true;   //AA optional should be defibed in a PIXIT
            	
            	[] a_waitApplication();
        		
        		[] a_bac();

				[] a_chipAuthentication();

        		[DG15] a_activeAuthentication();
        		[vc_simu.securityStatus > e_noApplication] a_bac();

//        		[] a_waitRead(v_cfg.dg1);
				[vc_simu.securityStatus >= e_basicAccessControl] a_chipAuthentication();

//        		[] a_waitRead(v_cfg.dg2);
        		[vc_simu.securityStatus >= e_basicAccessControl] a_activeAuthentication();
	
				[] a_terminalAuthentication();

//        		[] a_waitRead(v_cfg.dg3);
        		
//        		[] a_waitRead(v_cfg.dg4);
				[vc_simu.securityStatus >= e_chipAuthenticated] a_terminalAuthentication();
		
            } // end a_standardInspectionProcedure
        			
@@ -318,29 +475,14 @@
			
        	altstep a_activeAuthentication () runs on MRTD {
        		
        		//var EFfile v_file:=valueof(p_file);
        		var Command v_command;
        		var Oct2 w1w2:='6300'O;
        		var octetstring v_rnd_ifd;
        		var PlainTextResponseData v_data;
        
        	//	f_waitRead(v_file); // here a template of EF.DG15
        		var octetstring v_rndIfd;
        		var octetstring v_response;
        
    			[] mrtdport.receive(mw_intauthenticate) -> value v_command {
        					v_rnd_ifd:=v_command.payload.plainText.commandData;
        					
        					// see Supplement 9303 Annex B for a worked example of MRTD signature calculation
        					v_data:= fx_activeauth (v_rnd_ifd);
        					mrtdport.send(m_response_read(v_data));
        
        					// here we could check if the IS sends a error message following the verification 
        					// of MRTD signature.
        					
        					// if (no error message)=> setverdict(pass) meaning Active Authentication successful
        					}
        
        				[] mrtdport.receive {
        					f_error(w1w2);
       				v_rndIfd := v_command.payload.plainText.commandData;
    				v_response := f_activeAuthentication(v_rndIfd);
    				mrtdport.send(m_response_read(v_response));
    			}
        	} // end a_activeAuthentication
        	
@@ -348,120 +490,78 @@

        		//var EFfile v_file:=valueof(p_file);
        		var Command v_command;
        		var octetstring v_keyreference;
        		var Oct2 w1w2:='6300'O;

                // The MRTD chip sends its static Diffie-Hellman public key PKPICC, and the domain parameters
                // DPICC to the inspection system. These infos are contained in DG14.
                //	f_waitRead(v_file);  // here a template of EF.DG14
                
                
                // The inspection system generates an ephemeral Diffie-Hellman key pair (^SKPCD;^PKPCD;DPICC),
                // and sends the ephemeral public key^PKPCD to the MRTD chip, via the MSE:SetKAT message.
        		var octetstring v_publicKeyPcd;

				[] mrtdport.receive(mw_mse_setKAT) -> value v_command {
					v_keyreference:=v_command.payload.plainText.commandData;
					
					// Both the MRTD chip and the inspection system compute the following:
					// a) The shared secret K = KA(SKPICC;^PKPCD;DPICC) = KA(^SKPCD;PKPICC;DPICC)
					// b) The session keys KMAC and KEnc derived from K for Secure Messaging.
					// c) The hash of the inspection system�s ephemeral public key H(^PKPCD) for Terminal Authentication.
					
					// fx_chipAuth();
					v_publicKeyPcd := v_command.payload.plainText.commandData;
					f_chipAuthentication(v_publicKeyPcd);
					mrtdport.send(m_responseOK);
				
					// to be continue till end of Chip authentication ...
					}
	

				[] mrtdport.receive {
					f_error(w1w2);
					vc_simu.securityStatus := e_chipAuthenticated;
				}

    
            	// In the EAc spec, the ChipAuth MUST be directly followed by PassiveAuth
            	// However in the trace , the SM is checked by reading the EF.COM a seocnd time
            
            	//	f_waitRead(m_EF_COM);  
            	// or any read or command
            	// the purpose is th verify the SM
            	// mrtdport.receive (mw_readbinary or mw_select)
            	//if SM is correct, then 	mrtdport.send(m_responseOK); else error		

        	} // end a_chipAuthentication
        	
        	// Terminal Authentication triggered by reading of EF.CVCA
        	altstep a_terminalAuthentication () runs on MRTD {

        		var Command v_command;
        		var PlainTextResponseData v_data;
        		var octetstring v_keyreference;
        		var Oct2 w1w2:='6300'O;
        		var octetstring v_signature;

                //	f_waitRead(v_file);  // here a template of EF.CVCA

            	// ?? to make a for or while in order to perform Certificate verification (steps MSE_SetDST + PSO)  for 
            	// every CV certificate to be verified
            
        		var octetstring v_rndIcc;
        		var octetstring v_dstCAR, v_atCAR;
        		var octetstring v_certificate, v_signature;

               	// reading of the certificate chain
            	//f_mse_SetDST();   // here we need to use a template for CVCA link certificate
            	//f_mse_SetDST();	// here we need to use a template for DV certificate
            	//f_mse_SetDST(); // here we need to use a template for IS  certificate
				[] mrtdport.receive(mw_mse_setDST) -> value v_command {
					v_dstCAR := v_command.payload.plainText.commandData;
					// TODO: check CAR exists
					

				// The MRTD is waiting a MSE:SetAT message with a key reference
        				[] mrtdport.receive(mw_mse_setAT) -> value v_command 
        					{
        					v_keyreference:=v_command.payload.plainText.commandData;
					mrtdport.send(m_responseOK);
					repeat;					
				}

        					}// end of mse_SetAT
				// The MRTD is waiting for a PSO:Verify Certificate
				[] mrtdport.receive(mw_pso_verifyCertificate) -> value v_command {
							 
					// if the Certificate Body and the Signature are OK then the certificate was successfully validated
					// and the public key has been imported
					// see TR-03110 EAC spec B.2.2
						
        					[] mrtdport.receive
        						{
        						f_error(w1w2);
					// the correct Certificate must be passed as parameter in the external function
					// in order to verify IS and DV and link CAVA certificates.
					v_certificate := f_getCertificate(v_command.payload.plainText.commandData); 
					v_signature := f_getSignature(v_command.payload.plainText.commandData);
					if (f_verifySignature(v_signature, v_dstCAR)) {
						//TODO store certificate and CAR						
			 			mrtdport.send(m_responseOK);
			 		}
			 		else {
						//TODO: error
			 		}
			 		repeat;
				}


				// The MRTD is waiting a MSE:SetAT message with a key reference
				[] mrtdport.receive(mw_mse_setAT) -> value v_command {
					v_atCAR := v_command.payload.plainText.commandData;
					mrtdport.send(m_responseOK);
				}

				// The MRTD is waiting a Get_Challenge message in order that the IS requests the RpIcc RND key
        				[] mrtdport.receive(mw_getchallenge) -> value v_command 
        					{
        					v_data := c_rnd_icc; // need to anwser the right data RpIcc
        					mrtdport.send(m_response_read(v_data));
        		
        					}
        				[] mrtdport.receive
        					{
        					f_error(w1w2);
				[] mrtdport.receive(mw_getChallenge) -> value v_command {
					v_rndIcc := f_generateRandomOctetstring(c_atNonceSize); 
					mrtdport.send(m_response_read(v_rndIcc));		
				}


				// The MRTD is waiting an External Authenticate message including the signature of the IS
        				[] mrtdport.receive(mw_extauthenticate) -> value v_command 
        					{ 
        						// External Authenticate in the data field , the signature generated by the IS		
        		
        						// if the signature generated by the IS is valid then the Authentication is successfull
        						// the correct Certificate must be passed as parameter in the external function
        						// in order to verify signature. 
        
        								if (fx_verify_Signature(v_command.payload.plainText.commandData))
        						
        									{mrtdport.send(m_responseOK);}  
        						
        								else {f_error(w1w2);}
				[] mrtdport.receive(mw_extAuthenticate) -> value v_command { 
					v_signature := v_command.payload.plainText.commandData;
					if(f_verifySignature(v_signature, v_atCAR)) {
						mrtdport.send(m_responseOK);
					}
        								
        				[] mrtdport.receive
        					{
        					f_error(w1w2);
					else {
						//TODO
					}
					

					vc_simu.securityStatus := e_terminalAuthenticated;
				}
        		
        	} // end a_terminalAuthentication
        			
@@ -474,44 +574,34 @@
        
        		[] mrtdport.receive(mw_application) {
        			mrtdport.send(m_responseOK);
        				vc_simu.securityStatus := e_noSecurity;
        		}
        		
        	} //end a_waitApplication
        			
        	altstep a_bac() runs on MRTD {
    	
            	var PlainTextResponseData v_data;
            	var octetstring v_ifd;
            	var Command v_command;
            	var Oct16 v_kicc:='000102030405060708090a0b0c0d0e0f'O;  // Keying material of MRTD
        			
            	[] mrtdport.receive(mw_getchallenge) {
            		v_data := c_rnd_icc;						
        			mrtdport.send(m_response_read(v_data));				// the MRTD sends its random challenge to IS
            	}

        		[] mrtdport.receive(mw_extauthenticate) -> value v_command {
        			// the IS sends the encrypted challenge generated with its keying material
        			// Kpcd and RND of IS and the rnd of the mrtd,then derived form Kenc and Kmac
        			
        			v_ifd := v_command.payload.plainText.commandData;
        	altstep a_bac() runs on MRTD {
    	
            		// The ICC performs the following operations:
            		// a) Check the checksum M_IFD of the cryptogram E_IFD.
            		// b) Decrypt the cryptogram E_IFD.
            		// c) Extract RND.ICC from S and check if IFD returned the correct value.
            		// d) Generate keying material K.ICC.
            		// e) Generate the concatenation R = RND.ICC || RND.IFD || K.ICC
            		// f) Compute the cryptogram E_ICC = E[K_ENC](R).
            		// g) Compute the checksum M_ICC = MAC[K_MAC](E_ICC).
            		// h) Send the response using the data E_ICC || M_ICC.
            	var Command v_command;
            	var CommandData v_data;
            	var octetstring v_rndIcc;
            	var octetstring v_response;
            	var octetstring v_challengeResponse;
            	
        			v_data:= fx_bacauth(v_ifd, c_rnd_icc, v_kicc);  	// the MRTD decrypts the encrypted challenge of IS, and send back its encrypted
            	[] mrtdport.receive(mw_getChallenge) {            		
            		// MRTD sends its random challenge to IS
            		v_rndIcc := f_generateRandomOctetstring(c_bacNonceSize);
        			mrtdport.send(m_response_read(v_rndIcc));				
            	}
            	
        			// calulating KSenc, KSmac and SSC used for Secure Message
        			// v_sm:=fx_SM(Kicc,v_ifd);   v_sm is here a record of 3 octetstring KSenc, KSmac and SSC
        		[] mrtdport.receive(mw_extAuthenticate) -> value v_command {        				
        			v_challengeResponse := v_command.payload.plainText.commandData;
            		
        			mrtdport.send(m_response_read(v_data));				
            		v_response := f_basicAccessControl(v_rndIcc, v_challengeResponse);
            		mrtdport.send(m_response_read(v_response));
            		vc_simu.securityStatus := e_basicAccessControl;
        		}
        			
            } // end a_bac
@@ -533,9 +623,6 @@
            		v_logicalChannel := f_getLogicalChannel(v_command.class);
            		vc_simu.currentFiles[v_logicalChannel] := v_command.payload.plainText.commandData;
            				
            		// TODO: reset offset ?
            		// TODO: re-check security ?
            				
            		mrtdport.send(m_responseOK);
            		repeat;
            	}
@@ -553,7 +640,6 @@
            		v_result := f_readFileData(v_logicalChannel, v_offset, v_dataLength, v_data);
            		mrtdport.send(m_responseRead(v_data, v_result));

        			//TODO: repeat only if transfer is incomplete
        			repeat;
        		}
        
@@ -573,7 +659,6 @@
        			v_result := f_readFileData(v_logicalChannel, v_offset, v_dataLength, v_data);
            		mrtdport.send(m_responseRead(v_data, v_result));
        			 
        			//TODO: repeat only if transfer is incomplete
        			repeat;			
        		}
        				
@@ -599,9 +684,6 @@
            		v_logicalChannel := f_getLogicalChannel(v_command.class);
            		vc_simu.currentFiles[v_logicalChannel] := v_command.payload.plainText.commandData;
            				
            		// TODO: reset offset ?
            		// TODO: re-check security ?
            				
            		mrtdport.send(m_responseOK);
            		repeat;
            	}
@@ -619,7 +701,6 @@
            		v_result := f_readFileData(v_logicalChannel, v_offset, v_dataLength, v_data);
            		mrtdport.send(m_responseRead(v_data, v_result));
        			
        			//TODO: repeat only if transfer is incomplete
        			repeat;
        		}
        
@@ -639,7 +720,6 @@
        			v_result := f_readFileData(v_logicalChannel, v_offset, v_dataLength, v_data);
            		mrtdport.send(m_responseRead(v_data, v_result));
        			 
        			//TODO: repeat only if transfer is incomplete
        			repeat;			
        		}
        				
@@ -700,82 +780,17 @@

	} // end altsteps

	function f_getCertificate(in octetstring p_data) return octetstring {
		// TODO: refine...
		return ''O;
	} // end f_getCertificate

	function f_getSignature(in octetstring p_data) return octetstring {
		// TODO: refine...
		return ''O;					
	} // end f_getCertificate

// Generic function for sending error message
function f_error (in W1W2Status w1w2) runs on MRTD
{
	mrtdport.send(m_responseNOK(w1w2));
	setverdict (inconc);
	stop;

}// end of function f_error


 



// Perform Security Operation : Verify Certificate. Part of the Terminal Authentication
// see TR-03110 EAC spec B.2.2

function f_mse_SetDST() runs on MRTD
	{
	
		var Command v_command;
		var octetstring v_keyreference;
		var Oct2 w1w2:='6300'O;



// The MRTD is waiting for a MSE:SetDST message including the IS key reference
			alt	
				{
				[] mrtdport.receive(mw_mse_setDST) -> value v_command 
					{
					v_keyreference:=v_command.payload.plainText.commandData;
					mrtdport.send(m_responseOK);
					
					}

				[] mrtdport.receive 
					{
					f_error(w1w2);
					}

				}


// The MRTD is waiting for a PSO:Verify Certificate
			alt {
				[] mrtdport.receive(mw_pso_verifyCertificate) -> value v_command 
					{
							 
					// if the Certificate Body and the Signature are OK then the certificate was successfully validated
					// and the public key has been imported
					// see TR-03110 EAC spec B.2.2
						
					 // the correct Certificate must be passed as parameter in the external function
					// in order to verify IS and DV and link CAVA certificates. 
						if (fx_verify_Certificate(v_command.payload.plainText.commandData))
				 			{mrtdport.send(m_responseOK);}
						else {f_error(w1w2);}
							}
								
																						
				[] mrtdport.receive {
					f_error(w1w2);
					}
				}


		
	} // end of function f_mse_SetDST



// end of module 
}
} // end ePassport_Functions

 
+10 −1
Original line number Diff line number Diff line
@@ -11,6 +11,9 @@

module ePassport_Pixits {

	// ATS
	import from ePassport_Types all;

	/** 
	@desc 	Definition of Pixits which apply to all ePassport devices
	*/
@@ -59,6 +62,12 @@ module ePassport_Pixits {
		}//end commonTimerPixits
	}//end commonPixits

	group securityPixits {
		
		modulepar {integer PXT_ACTIVE_AUTH_MODULUS_LENGTH := 1024}
		modulepar {HashAlgorithm PXT_ACTIVE_AUTH_HASH_ALGORITHM := e_sha1}
		
	} // end securityPixits
	
	modulepar {charstring PXT_MRZ := "P<D<<MUSTERMANN<<ERIKA<<<<<<<<<<<<<<<<<<<<<<C11T002JM4D<<9608122F1310317<<<<<<<<<<<<<<<6"}

+2 −2

File changed.

Preview size limit exceeded, changes collapsed.

+4 −1

File changed.

Preview size limit exceeded, changes collapsed.

+12 −3

File changed.

Preview size limit exceeded, changes collapsed.

Loading