Why: PACE key derivation is shipped and byte-exact vector-tested (CardAccessParser + PaceKeyDerivation + PaceAuthenticator.derivePasswordKey), but the on-card leg — MSE:Set AT + chained GENERAL AUTHENTICATE (encrypted-nonce fetch, GM EC-point mapping, mapped-key exchange, token verify) and the AES-CMAC secure-messaging channel — is unimplemented: PaceAuthenticator.run(...) returns PaceResult.NotImplemented and falls back to BAC. This also matches the inline TODO at PaceAuthenticator.kt:96 and the deferred passport-BAC-MFA planning entry (20A) in CHANGELOG.
Blocked on (operator/hardware): (1) a PACE-capable physical test document (e.g. Turkish eID/passport that rejects BAC), and (2) BSI TR-03110 / ICAO 9303-11 Appendix G GM worked-example vectors to unit-test each GM step card-free.
Done when: run(...) performs the GM+AES handshake against a real PACE card, sets PassportData.paceSuccessful, and the DG-read path uses PACE-first with BAC fallback.
source: docs/NFC_PACE_PLAN.md:33
Migrated from docs/NFC_PACE_PLAN.md:33.
Why: PACE key derivation is shipped and byte-exact vector-tested (CardAccessParser + PaceKeyDerivation + PaceAuthenticator.derivePasswordKey), but the on-card leg — MSE:Set AT + chained GENERAL AUTHENTICATE (encrypted-nonce fetch, GM EC-point mapping, mapped-key exchange, token verify) and the AES-CMAC secure-messaging channel — is unimplemented: PaceAuthenticator.run(...) returns PaceResult.NotImplemented and falls back to BAC. This also matches the inline TODO at PaceAuthenticator.kt:96 and the deferred passport-BAC-MFA planning entry (20A) in CHANGELOG.
Blocked on (operator/hardware): (1) a PACE-capable physical test document (e.g. Turkish eID/passport that rejects BAC), and (2) BSI TR-03110 / ICAO 9303-11 Appendix G GM worked-example vectors to unit-test each GM step card-free.
Done when: run(...) performs the GM+AES handshake against a real PACE card, sets PassportData.paceSuccessful, and the DG-read path uses PACE-first with BAC fallback.
source: docs/NFC_PACE_PLAN.md:33
Migrated from
docs/NFC_PACE_PLAN.md:33.