This implements all crypto functions. More...
#include "crypto.h"#include "globalplatform/stringify.h"#include "globalplatform/errorcodes.h"#include "globalplatform/error.h"#include "globalplatform/debug.h"#include "util.h"#include <string.h>#include <openssl/err.h>#include <openssl/rand.h>#include <openssl/evp.h>#include <openssl/pem.h>#include <openssl/aes.h>#include <openssl/cmac.h>#include <openssl/bn.h>
Include dependency graph for crypto.c:
Macros | |
| #define | EVP_CIPHER_CTX_define EVP_CIPHER_CTX *ctx; EVP_CIPHER_CTX _ctx |
| #define | EVP_CIPHER_CTX_create &_ctx |
| #define | EVP_CIPHER_CTX_free EVP_CIPHER_CTX_cleanup |
Functions | |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_enc_cbc (BYTE key[16], BYTE *message, int messageLength, BYTE *encryption, int *encryptionLength) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_MAC_aes (BYTE key[16], BYTE *message, int messageLength, BYTE mac[16]) |
| OPGP_ERROR_STATUS | calculate_cryptogram_SCP03 (BYTE key[16], const BYTE derivationConstant, PBYTE context1, DWORD context1Length, PBYTE context2, DWORD context2Length, PBYTE cryptogram, DWORD cryptogramSize) |
| OPGP_ERROR_STATUS | calculate_CMAC_aes (BYTE sMacKey[16], BYTE *message, int messageLength, BYTE chainingValue[16], BYTE mac[16]) |
| Creates a MAC for commands (APDUs) using CMAC AES. This is used by SCP03. The MAC for the message are the first 8 Bytes of mac. The next chainingValue are the full 16 Bytes of mac. Save this value for the next command MAC calculation. More... | |
| OPGP_ERROR_STATUS | calculate_enc_ecb_SCP03 (BYTE key[16], BYTE *message, int messageLength, BYTE *encryption, int *encryptionLength) |
| OPGP_ERROR_STATUS | calculate_enc_cbc_SCP03_min_padding (BYTE key[16], BYTE *message, int messageLength, BYTE icv[16], BYTE *encryption, int *encryptionLength) |
| OPGP_ERROR_STATUS | calculate_enc_cbc_SCP03 (BYTE key[16], BYTE *message, int messageLength, BYTE icv[16], BYTE *encryption, int *encryptionLength) |
| OPGP_ERROR_STATUS | calculate_dec_cbc_SCP03 (BYTE key[16], BYTE *message, DWORD messageLength, BYTE icv[16], BYTE *decryption, DWORD *decryptionLength) |
| OPGP_ERROR_STATUS | calculate_enc_icv_SCP03 (BYTE key[16], LONG sessionEncryptionCounter, BYTE *icv, BOOL forResponse) |
| OPGP_ERROR_STATUS | calculate_enc_cbc_SCP02 (BYTE key[16], BYTE *message, int messageLength, BYTE *encryption, int *encryptionLength) |
| OPGP_ERROR_STATUS | calculate_card_cryptogram_SCP01 (BYTE S_ENCSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE cardCryptogram[8]) |
| OPGP_ERROR_STATUS | calculate_card_cryptogram_SCP02 (BYTE S_ENCSessionKey[16], BYTE sequenceCounter[2], BYTE cardChallenge[6], BYTE hostChallenge[8], BYTE cardCryptogram[8]) |
| OPGP_ERROR_STATUS | calculate_card_cryptogram_SCP03 (BYTE S_MACSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE cardCryptogram[8]) |
| OPGP_ERROR_STATUS | calculate_card_challenge_SCP03 (BYTE S_ENC[16], BYTE sequenceCounter[3], PBYTE invokingAID, DWORD invokingAIDLength, BYTE cardChallenge[8]) |
| OPGP_ERROR_STATUS | calculate_host_cryptogram_SCP01 (BYTE S_ENCSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE hostCryptogram[8]) |
| OPGP_ERROR_STATUS | calculate_host_cryptogram_SCP02 (BYTE S_ENCSessionKey[16], BYTE sequenceCounter[2], BYTE cardChallenge[6], BYTE hostChallenge[8], BYTE hostCryptogram[8]) |
| OPGP_ERROR_STATUS | calculate_host_cryptogram_SCP03 (BYTE S_MACSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE hostCryptogram[8]) |
| OPGP_ERROR_STATUS | create_session_key_SCP01 (BYTE key[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE sessionKey[16]) |
| OPGP_ERROR_STATUS | create_session_key_SCP02 (BYTE key[16], BYTE constant[2], BYTE sequenceCounter[2], BYTE sessionKey[16]) |
| OPGP_ERROR_STATUS | create_session_key_SCP03 (BYTE key[16], BYTE derivationConstant, BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE sessionKey[16]) |
| OPGP_ERROR_STATUS | calculate_enc_ecb_two_key_triple_des (BYTE key[16], BYTE *message, int messageLength, BYTE *encryption, int *encryptionLength) |
| OPGP_ERROR_STATUS | calculate_enc_ecb_single_des (BYTE key[8], BYTE *message, int messageLength, BYTE *encryption, int *encryptionLength) |
| OPGP_ERROR_STATUS | calculate_MAC (BYTE sessionKey[16], BYTE *message, int messageLength, BYTE icv[8], BYTE mac[8]) |
| OPGP_ERROR_STATUS | calculate_rsa_signature (PBYTE message, DWORD messageLength, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE signature[128]) |
| OPGP_ERROR_STATUS | calculate_MAC_des_3des (BYTE _3des_key[16], BYTE *message, int messageLength, BYTE initialICV[8], BYTE mac[8]) |
| OPGP_ERROR_STATUS | validate_receipt (PBYTE validationData, DWORD validationDataLength, BYTE receipt[16], BYTE receiptKey[16], BYTE secureChannelProtocol) |
| OPGP_ERROR_STATUS | validate_delete_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE AID, DWORD AIDLength, BYTE secureChannelProtocol) |
| OPGP_ERROR_STATUS | get_key_data_field (GP211_SECURITY_INFO *secInfo, PBYTE keyData, DWORD keyDataLength, BYTE keyType, BYTE isSensitive, PBYTE keyDataField, PDWORD keyDataFieldLength, BYTE keyCheckValue[3]) |
| OPGP_ERROR_STATUS | wrap_command (PBYTE apduCommand, DWORD apduCommandLength, PBYTE wrappedApduCommand, PDWORD wrappedApduCommandLength, GP211_SECURITY_INFO *secInfo) |
| Wraps a command, i.e. encrypts and add the MAC to the APDU with the necessary security information according to secInfo. More... | |
| OPGP_ERROR_STATUS | validate_install_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE secureChannelProtocol) |
| OPGP_ERROR_STATUS | validate_load_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE secureChannelProtocol) |
| OPGP_ERROR_STATUS | GP211_calculate_R_MAC (PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseApdu, DWORD responseApduLength, GP211_SECURITY_INFO *secInfo, BYTE mac[8]) |
| Calculates a R-MAC. More... | |
| OPGP_ERROR_STATUS | unwrap_command (PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseApdu, DWORD responseApduLength, PBYTE unwrappedResponseApdu, PDWORD unwrappedResponseApduLength, GP211_SECURITY_INFO *secInfo) |
| Unwraps a response, i.e. decrypts and checks the R-MAC of a response APDU with the necessary security information according to secInfo. More... | |
| OPGP_ERROR_STATUS | GP211_check_R_MAC (PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseApdu, DWORD responseApduLength, PBYTE unwrappedResponseApdu, PDWORD unwrappedResponseApduLength, GP211_SECURITY_INFO *secInfo) |
| Checks the R-MAC of an APDU with the necessary security information according to secInfo. More... | |
| OPGP_ERROR_STATUS | read_public_rsa_key (OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE rsaModulus[128], LONG *rsaExponent) |
| Reads a public RSA key from a file. More... | |
| OPGP_ERROR_STATUS | calculate_hash (PBYTE message, DWORD messageLength, BYTE hash[32], const EVP_MD *md) |
| OPGP_ERROR_STATUS | calculate_sha256_hash (PBYTE message, DWORD messageLength, BYTE hash[32]) |
| Calculates a SHA-256 hash. More... | |
| OPGP_ERROR_STATUS | calculate_sha1_hash (PBYTE message, DWORD messageLength, BYTE hash[20]) |
| Calculates a SHA-1 hash. More... | |
| OPGP_ERROR_STATUS | calculate_MAC_right_des_3des (BYTE key[16], BYTE *message, int messageLength, BYTE mac[8]) |
| Calculates a MAC using first DES and 3DES for the final round when the padding is applied. More... | |
| OPGP_ERROR_STATUS | get_random (BYTE *random, int randomLength) |
Detailed Description
This implements all crypto functions.
Function Documentation
◆ calculate_card_challenge_SCP03()
| OPGP_ERROR_STATUS calculate_card_challenge_SCP03 | ( | BYTE | S_ENC[16], |
| BYTE | sequenceCounter[3], | ||
| PBYTE | invokingAID, | ||
| DWORD | invokingAIDLength, | ||
| BYTE | cardChallenge[8] | ||
| ) |
Calculates the card challenge when using pseudo-random challenge generation for SCP03.
- Parameters
-
S_ENC [in] The static S-ENC Key. sequenceCounter [in] The sequence counter. invokingAID The invoking AID byte buffer. invokingAIDLength The length of the invoking AID byte buffer. cardChallenge [out] The calculated challenge.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_card_cryptogram_SCP01()
| OPGP_ERROR_STATUS calculate_card_cryptogram_SCP01 | ( | BYTE | S_ENCSessionKey[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | cardCryptogram[8] | ||
| ) |
Calculates the card cryptogram for SCP01.
- Parameters
-
S_ENCSessionKey [in] The S-ENC Session Key for calculating the card cryptogram. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. cardCryptogram [out] The calculated card cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_card_cryptogram_SCP02()
| OPGP_ERROR_STATUS calculate_card_cryptogram_SCP02 | ( | BYTE | S_ENCSessionKey[16], |
| BYTE | sequenceCounter[2], | ||
| BYTE | cardChallenge[6], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | cardCryptogram[8] | ||
| ) |
Calculates the card cryptogram for SCP02.
- Parameters
-
S_ENCSessionKey [in] The S-ENC Session Key for calculating the card cryptogram. sequenceCounter [in] The sequence counter. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. cardCryptogram [out] The calculated card cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_card_cryptogram_SCP03()
| OPGP_ERROR_STATUS calculate_card_cryptogram_SCP03 | ( | BYTE | S_MACSessionKey[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | cardCryptogram[8] | ||
| ) |
Calculates the card cryptogram for SCP03.
- Parameters
-
S_MACSessionKey [in] The S-MAC Session Key for calculating the card cryptogram. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. cardCryptogram [out] The calculated host cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_CMAC_aes()
| OPGP_ERROR_STATUS calculate_CMAC_aes | ( | BYTE | sMacKey[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | chainingValue[16], | ||
| BYTE | mac[16] | ||
| ) |
Creates a MAC for commands (APDUs) using CMAC AES. This is used by SCP03. The MAC for the message are the first 8 Bytes of mac. The next chainingValue are the full 16 Bytes of mac. Save this value for the next command MAC calculation.
- Parameters
-
sMacKey [in] The S-MAC key (session MAC key) to use for MAC generation. message [in] The message to generate the MAC for. messageLength [in] The length of the message. chainingValue [in] The chaining value to use for the MAC generation. This is usually the full 16 Byte MAC generated for the last command or 16 bytes 0x00 for the first one (i.e. EXTERNAL AUTHENTICATE). mac [out] The full 16 Byte MAC. Append the first 8 Bytes to the message. Save the full 16 Bytes for further MAC generation if needed.
◆ calculate_cryptogram_SCP03()
| OPGP_ERROR_STATUS calculate_cryptogram_SCP03 | ( | BYTE | key[16], |
| const BYTE | derivationConstant, | ||
| PBYTE | context1, | ||
| DWORD | context1Length, | ||
| PBYTE | context2, | ||
| DWORD | context2Length, | ||
| PBYTE | cryptogram, | ||
| DWORD | cryptogramSize | ||
| ) |
Calculates the a cryptogram for multiple SCP03 operation like host cryptogram, card cryptogram and card challenge calculation.
- Parameters
-
key The AES key to use for the calculation. derivationConstant The derivation constant for the key derivation function. context1 The context1 for the internal key derivation. context1Length The length of the context1 buffer. context2 The context2 for the internal key derivation. context2Length The length of the context3 buffer. cryptogram [out] The calculated cryptogram. Must be large enough to hold the result. For session keys this is 128 bits, 64 bits otherwise. cryptogramSize [in] The result size in bits of the cryptogram. Must be a multiple of 8.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_dec_cbc_SCP03()
| OPGP_ERROR_STATUS calculate_dec_cbc_SCP03 | ( | BYTE | key[16], |
| BYTE * | message, | ||
| DWORD | messageLength, | ||
| BYTE | icv[16], | ||
| BYTE * | decryption, | ||
| DWORD * | decryptionLength | ||
| ) |
Calculates the decryption of a message in CBC mode for SCP03 using AES. Pads the message with 0x80 and additional 0x00 until message length is a multiple of 16.
- Parameters
-
key [in] An AES key used to decrypt. *message [in] The message to decrypt. messageLength [in] The length of the message. icv [in] The ICV to use. *decryption [out] The encryption. *decryptionLength [out] The length of the encryption.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_enc_cbc()
| OPGP_ERROR_STATUS calculate_enc_cbc | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE * | encryption, | ||
| int * | encryptionLength | ||
| ) |
Calculates the encryption of a message in CBC mode. Pads the message with 0x80 and additional 0x00 if message length is not a multiple of 8.
- Parameters
-
key [in] A 3DES key used to encrypt. *message [in] The message to encrypt. messageLength [in] The length of the message. *encryption [out] The encryption. *encryptionLength [out] The length of the encryption.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_enc_cbc_SCP02()
| OPGP_ERROR_STATUS calculate_enc_cbc_SCP02 | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE * | encryption, | ||
| int * | encryptionLength | ||
| ) |
Calculates the encryption of a message in CBC mode for SCP02. Pads the message with 0x80 and additional 0x00 until message length is a multiple of 8.
- Parameters
-
key [in] A 3DES key used to encrypt. *message [in] The message to encrypt. messageLength [in] The length of the message. *encryption [out] The encryption. *encryptionLength [out] The length of the encryption.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_enc_cbc_SCP03()
| OPGP_ERROR_STATUS calculate_enc_cbc_SCP03 | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | icv[16], | ||
| BYTE * | encryption, | ||
| int * | encryptionLength | ||
| ) |
Calculates the encryption of a message in CBC mode for SCP03 using AES. Pads the message with 0x80 and additional 0x00 until message length is a multiple of 16.
- Parameters
-
key [in] An AES key used to encrypt. *message [in] The message to encrypt. messageLength [in] The length of the message. icv [in] The ICV to use. *encryption [out] The encryption. *encryptionLength [out] The length of the encryption.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_enc_cbc_SCP03_min_padding()
| OPGP_ERROR_STATUS calculate_enc_cbc_SCP03_min_padding | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | icv[16], | ||
| BYTE * | encryption, | ||
| int * | encryptionLength | ||
| ) |
Calculates the encryption of a message in CBC mode for SCP03 using AES with no padding if not needed.
- Parameters
-
key [in] An AES key used to encrypt. *message [in] The message to encrypt. messageLength [in] The length of the message. icv [in] The ICV to use. *encryption [out] The encryption. *encryptionLength [out] The length of the encryption.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_enc_ecb_single_des()
| OPGP_ERROR_STATUS calculate_enc_ecb_single_des | ( | BYTE | key[8], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE * | encryption, | ||
| int * | encryptionLength | ||
| ) |
Calculates the encryption of a message in ECB mode with single DES. Pads the message with 0x80 and additional 0x00 if message length is not a multiple of 8.
- Parameters
-
key [in] A DES key used to encrypt. *message [in] The message to encrypt. messageLength [in] The length of the message. *encryption [out] The encryption. *encryptionLength [out] The length of the encryption.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_enc_ecb_two_key_triple_des()
| OPGP_ERROR_STATUS calculate_enc_ecb_two_key_triple_des | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE * | encryption, | ||
| int * | encryptionLength | ||
| ) |
Calculates the encryption of a message in ECB mode with two key triple DES. Pads the message with 0x80 and additional 0x00 if message length is not a multiple of 8.
- Parameters
-
key [in] A 3DES key used to encrypt. *message [in] The message to encrypt. messageLength [in] The length of the message. *encryption [out] The encryption. *encryptionLength [out] The length of the encryption.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STALTUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_enc_icv_SCP03()
| OPGP_ERROR_STATUS calculate_enc_icv_SCP03 | ( | BYTE | key[16], |
| LONG | sessionEncryptionCounter, | ||
| BYTE * | icv, | ||
| BOOL | forResponse | ||
| ) |
Calculates the encryption ICV for SCP03 using AES.
- Parameters
-
key [in] An AES key used to encrypt. sessionEncryptionCounter [in] The session encryption counter. *icv [out] The ICV to use. forResponse 1 if the calculation is performed for the response.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_hash()
| OPGP_ERROR_STATUS calculate_hash | ( | PBYTE | message, |
| DWORD | messageLength, | ||
| BYTE | hash[32], | ||
| const EVP_MD * | md | ||
| ) |
- Parameters
-
message [in] The message to generate the hash for. messageLength [in] The length of the message buffer. hash [out] The calculated hash. md [in] The message digest to use.
◆ calculate_host_cryptogram_SCP01()
| OPGP_ERROR_STATUS calculate_host_cryptogram_SCP01 | ( | BYTE | S_ENCSessionKey[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | hostCryptogram[8] | ||
| ) |
Calculates the host cryptogram for SCP01.
- Parameters
-
S_ENCSessionKey [in] The S-ENC Session Key for calculating the card cryptogram. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. hostCryptogram [out] The calculated host cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_host_cryptogram_SCP02()
| OPGP_ERROR_STATUS calculate_host_cryptogram_SCP02 | ( | BYTE | S_ENCSessionKey[16], |
| BYTE | sequenceCounter[2], | ||
| BYTE | cardChallenge[6], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | hostCryptogram[8] | ||
| ) |
Calculates the host cryptogram for SCP02.
- Parameters
-
S_ENCSessionKey [in] The S-ENC Session Key for calculating the card cryptogram. sequenceCounter [in] The sequence counter. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. hostCryptogram [out] The calculated host cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_host_cryptogram_SCP03()
| OPGP_ERROR_STATUS calculate_host_cryptogram_SCP03 | ( | BYTE | S_MACSessionKey[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | hostCryptogram[8] | ||
| ) |
Calculates the host cryptogram for SCP03.
- Parameters
-
S_MACSessionKey [in] The S-MAC Session Key for calculating the card cryptogram. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. hostCryptogram [out] The calculated host cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_MAC()
| OPGP_ERROR_STATUS calculate_MAC | ( | BYTE | sessionKey[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | icv[8], | ||
| BYTE | mac[8] | ||
| ) |
Calculates a message authentication code. Pads the message always with 0x80 and additional 0x00 until message length is a multiple of 8.
- Parameters
-
sessionKey [in] A 3DES key used to sign. *message [in] The message to authenticate. messageLength [in] The message length. icv [in] The initial chaining vector. mac [out] The calculated MAC.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_MAC_aes()
| OPGP_ERROR_STATUS calculate_MAC_aes | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | mac[16] | ||
| ) |
Calculates a message authentication code, using AES-128 in CBC mode. This is the algorithm specified in NIST 800-38B.
- Parameters
-
key [in] The AES-128 key to use. *message [in] The message to calculate the MAC for. messageLength [in] The message length. mac [out] The calculated MAC.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_MAC_des_3des()
| OPGP_ERROR_STATUS calculate_MAC_des_3des | ( | BYTE | _3des_key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | initialICV[8], | ||
| BYTE | mac[8] | ||
| ) |
Calculates a message authentication code using the left half key of a two key 3DES key and the the full key for the final operation. Pads the message always with 0x80 and additional 0x00 until message length is a multiple of 8.
- Parameters
-
_3des_key [in] A 3DES key used to sign. *message [in] The message to authenticate. messageLength [in] The message length. initialICV [in] The initial chaining vector. mac [out] The calculated MAC.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_MAC_right_des_3des()
| OPGP_ERROR_STATUS calculate_MAC_right_des_3des | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | mac[8] | ||
| ) |
Calculates a MAC using first DES and 3DES for the final round when the padding is applied.
- Parameters
-
key [in] A 3DES key used to sign. For DES the right half of the key is used. *message [in] The message to authenticate. messageLength [in] The message length. mac [out] The calculated MAC.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_rsa_signature()
| OPGP_ERROR_STATUS calculate_rsa_signature | ( | PBYTE | message, |
| DWORD | messageLength, | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase, | ||
| BYTE | signature[128] | ||
| ) |
Calculates a RSA signature using SHA-1 and PKCS#1.
- Parameters
-
message [in] The message to generate the signature for. messageLength [in] The length of the message buffer. PEMKeyFileName [in] A PEM file name with the private RSA key. *passPhrase [in] The passphrase. Must be an ASCII string. signature The calculated signature.
◆ calculate_sha1_hash()
| OPGP_ERROR_STATUS calculate_sha1_hash | ( | PBYTE | message, |
| DWORD | messageLength, | ||
| BYTE | hash[20] | ||
| ) |
Calculates a SHA-1 hash.
- Parameters
-
message [in] The message to generate the hash for. messageLength [in] The length of the message buffer. hash [out] The calculated hash.
◆ calculate_sha256_hash()
| OPGP_ERROR_STATUS calculate_sha256_hash | ( | PBYTE | message, |
| DWORD | messageLength, | ||
| BYTE | hash[32] | ||
| ) |
Calculates a SHA-256 hash.
- Parameters
-
message [in] The message to generate the hash for. messageLength [in] The length of the message buffer. hash [out] The calculated hash.
◆ create_session_key_SCP01()
| OPGP_ERROR_STATUS create_session_key_SCP01 | ( | BYTE | key[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | sessionKey[16] | ||
| ) |
Creates the session key for SCP01.
- Parameters
-
key [in] The Secure Channel Encryption Key or Secure Channel Message Authentication Code Key for calculating the corresponding session key. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. sessionKey [out] The calculated 3DES session key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ create_session_key_SCP02()
| OPGP_ERROR_STATUS create_session_key_SCP02 | ( | BYTE | key[16], |
| BYTE | constant[2], | ||
| BYTE | sequenceCounter[2], | ||
| BYTE | sessionKey[16] | ||
| ) |
Creates the session key for SCP02.
- Parameters
-
key [in] The Secure Channel Encryption Key or Secure Channel Message Authentication Code Key or Data Encryption Key for calculating the corresponding session key. constant [in] The constant for the corresponding session key. sequenceCounter [in] The sequence counter. sessionKey [out] The calculated 3DES session key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ create_session_key_SCP03()
| OPGP_ERROR_STATUS create_session_key_SCP03 | ( | BYTE | key[16], |
| BYTE | derivationConstant, | ||
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | sessionKey[16] | ||
| ) |
Creates an AES-128 session key for SCP03.
- Parameters
-
key [in] The Secure Channel Encryption Key or Secure Channel Message Authentication Code Key for calculating the corresponding session key. derivationConstant [in] The derivation constant, as defined in "Table 4-1: Data derivation constants" of SCP03. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. sessionKey [out] The calculated AES session key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ get_random()
| OPGP_ERROR_STATUS get_random | ( | BYTE * | random, |
| int | randomLength | ||
| ) |
- Parameters
-
*random [out] The random to generate. randomLength [in] The random length to generate.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_calculate_R_MAC()
| OPGP_ERROR_STATUS GP211_calculate_R_MAC | ( | PBYTE | apduCommand, |
| DWORD | apduCommandLength, | ||
| PBYTE | responseApdu, | ||
| DWORD | responseApduLength, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | mac[8] | ||
| ) |
Calculates a R-MAC.
- Parameters
-
apduCommand [in] The APDU command. apduCommandLength [in] The APDU command length. responseApdu [in] The APDU response APDU. responseApduLength [in] The APDU response APDU length. *secInfo [in] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). mac [out] The R-MAC.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_check_R_MAC()
| OPGP_ERROR_STATUS GP211_check_R_MAC | ( | PBYTE | apduCommand, |
| DWORD | apduCommandLength, | ||
| PBYTE | responseApdu, | ||
| DWORD | responseApduLength, | ||
| PBYTE | unwrappedResponseApdu, | ||
| PDWORD | unwrappedResponseApduLength, | ||
| GP211_SECURITY_INFO * | secInfo | ||
| ) |
Checks the R-MAC of an APDU with the necessary security information according to secInfo.
- Parameters
-
apduCommand [in] The command APDU. apduCommandLength [in] The length of the command APDU. responseApdu [in] The response APDU. responseApduLength [in] The length of the response APDU. unwrappedResponseApdu [out] The buffer for the unwrapped response APDU. unwrappedResponseApduLength [in, out] The available and returned modified length of the unwrappedResponseAPDU buffer. *secInfo [in] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ read_public_rsa_key()
| OPGP_ERROR_STATUS read_public_rsa_key | ( | OPGP_STRING | PEMKeyFileName, |
| char * | passPhrase, | ||
| BYTE | rsaModulus[128], | ||
| LONG * | rsaExponent | ||
| ) |
Reads a public RSA key from a file.
- Parameters
-
PEMKeyFileName [in] The key file. *passPhrase [in] The passphrase. Must be an ASCII string. rsaModulus [out] The RSA modulus. rsaExponent [out] The RSA exponent.
◆ unwrap_command()
| OPGP_ERROR_STATUS unwrap_command | ( | PBYTE | apduCommand, |
| DWORD | apduCommandLength, | ||
| PBYTE | responseApdu, | ||
| DWORD | responseApduLength, | ||
| PBYTE | unwrappedResponseApdu, | ||
| PDWORD | unwrappedResponseApduLength, | ||
| GP211_SECURITY_INFO * | secInfo | ||
| ) |
Unwraps a response, i.e. decrypts and checks the R-MAC of a response APDU with the necessary security information according to secInfo.
- Parameters
-
apduCommand [in] The command APDU. apduCommandLength [in] The length of the command APDU. responseApdu [in] The response data. responseApduLength [in] The length of the response data. unwrappedResponseApdu [out] The buffer for the unwrapped response APDU. unwrappedResponseApduLength [in, out] The available and returned modified length of the unwrappedResponseAPDU buffer. *secInfo [in] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ validate_receipt()
| OPGP_ERROR_STATUS validate_receipt | ( | PBYTE | validationData, |
| DWORD | validationDataLength, | ||
| BYTE | receipt[16], | ||
| BYTE | receiptKey[16], | ||
| BYTE | secureChannelProtocol | ||
| ) |
GlobalPlatform2.1.1: Validates a Receipt. Returns OPGP_ERROR_STATUS_SUCCESS if the receipt is valid.
- Parameters
-
validationData [in] The data used to validate the returned receipt. validationDataLength [in] The length of the validationData buffer. receipt [in] The receipt. receiptKey [in] The 3DES key to generate the receipt. secureChannelProtocol [in] The Secure Channel Protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ wrap_command()
| OPGP_ERROR_STATUS wrap_command | ( | PBYTE | apduCommand, |
| DWORD | apduCommandLength, | ||
| PBYTE | wrappedApduCommand, | ||
| PDWORD | wrappedApduCommandLength, | ||
| GP211_SECURITY_INFO * | secInfo | ||
| ) |
Wraps a command, i.e. encrypts and add the MAC to the APDU with the necessary security information according to secInfo.
Wraps a APDU with the necessary security information according to secInfo. The wrappedapduCommand must be a buffer with enough space for the potential added padding for the encryption and the MAC. The maximum possible extra space to the apduCommandLength is 8 bytes for the MAC plus 7 bytes for padding and one Lc byte in the encryption process.
- Parameters
-
apduCommand [in] The command APDU. apduCommandLength [in] The length of the command APDU. wrappedApduCommand [out] The buffer for the wrapped APDU command. wrappedApduCommandLength [in, out] The available and returned modified length of the wrappedApduCommand buffer. *secInfo [in] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
