PACEInfo

internal final class PACEInfo : SecurityInfo

The PACEInfo class represents security information related to the Password Authenticated Connection Establishment (PACE) protocol used for access the IC and secure communication with an eMRTD chip.

PACE is used to protect sensitive data exchanges in electronic passports. This class provides details about the specific PACE protocol used, including version and domain parameters.

The ASN.1 data structure PACEInfo is defined as follows:

 PACEInfo ::= SEQUENCE {
    protocol OBJECT IDENTIFIER(
        id-PACE-DH-GM-3DES-CBC-CBC |
        id-PACE-DH-GM-AES-CBC-CMAC-128 |
        id-PACE-DH-GM-AES-CBC-CMAC-192 |
        id-PACE-DH-GM-AES-CBC-CMAC-256 |
        id-PACE-ECDH-GM-3DES-CBC-CBC |
        id-PACE-ECDH-GM-AES-CBC-CMAC-128 |
        id-PACE-ECDH-GM-AES-CBC-CMAC-192 |
        id-PACE-ECDH-GM-AES-CBC-CMAC-256 |
        id-PACE-DH-IM-3DES-CBC-CBC |
        id-PACE-DH-IM-AES-CBC-CMAC-128 |
        id-PACE-DH-IM-AES-CBC-CMAC-192 |
        id-PACE-DH-IM-AES-CBC-CMAC-256 |
        id-PACE-ECDH-IM-3DES-CBC-CBC |
        id-PACE-ECDH-IM-AES-CBC-CMAC-128 |
        id-PACE-ECDH-IM-AES-CBC-CMAC-192 |
        id-PACE-ECDH-IM-AES-CBC-CMAC-256 |
        id-PACE-ECDH-CAM-AES-CBC-CMAC-128 |
        id-PACE-ECDH-CAM-AES-CBC-CMAC-192 |
        id-PACE-ECDH-CAM-AES-CBC-CMAC-256),
    version INTEGER, -- MUST be 2,
    parameterId INTEGER OPTIONAL
 }

This data structure provides detailed information on an implementation of PACE and its components represent:

protocol: An object identifier that identifies the algorithms to be used (i.e. key agreement, symmetric cipher and MAC).
version: An integer that identifies the version of the protocol. Currently, only version 2 is supported by this specification.
parameterId: An integer that is used to indicate the domain parameter identifier (optional).

Important

parameterId must be used if the eMRTD chip uses StandardizedDomainParameters, provides multiple explicit domain parameters for PACE or protocol is one of the *-CAM-* OIDs.

Important

In case of PACE with Chip Authentication Mapping, the parameterId also denotes the identifier of the Chip Authentication key used, i.e. the IC must provide a ChipAuthenticationPublicKeyInfo with keyId equal to parameterId from this data structure.

Note

It inherits from the SecurityInfo class.

Declaration

Swift

private(set) var securityProtocol: PACESecurityProtocol { get }

parameters
The standardized domain parameters associated with PACE, if available.
Declaration
Swift

private(set) var parameters: StandardizedDomainParameters? { get }
version
Declaration
Swift

private(set) var version: Int? { get }


                    
                    
                    checkRequiredIdentifier(_:)

Check if the provided ObjectIdentifier (OID) is valid for PACE.

Declaration

Swift

internal static func checkRequiredIdentifier(_ oid: ObjectIdentifier) -> Bool

Parameters

oid

The OID to check.

Return Value

true if the OID is valid for PACE, false otherwise.


                    
                    
                    init(oid:data:)

Initialize a PACEInfo instance with the given OID and ASN.1 data.

Throws

An error if the security protocol cannot be determined from the provided OID.

Declaration

Swift

internal required init(oid: ObjectIdentifier, data: ASN1NodeCollection) throws

Parameters

`oid`	The `ObjectIdentifier` (OID) associated with the security information.
`data`	The ASN.1 data containing security information.


                    
                    
                    decode(_:)

Decode the ASN.1 data to extract relevant information.

Throws

An error if the data cannot be decoded successfully.

Declaration

Swift

override internal func decode(_ data: ASN1NodeCollection) throws

Parameters


                                data

The ASN.1 data to decode.