#include "globalplatform/types.h"#include "globalplatform/library.h"#include "globalplatform/unicode.h"#include "globalplatform/error.h"#include "globalplatform/security.h"
Include dependency graph for crypto.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Functions | |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_CMAC_aes (BYTE sMacKey[16], BYTE *message, int messageLength, BYTE chainingValue[16], BYTE mac[16]) |
| Creates a MAC for commands (APDUs) using CMAC AES. This is used by SCP03. The MAC for the message are the first 8 Bytes of mac. The next chainingValue are the full 16 Bytes of mac. Save this value for the next command MAC calculation. More... | |
| OPGP_NO_API OPGP_ERROR_STATUS | get_key_data_field (GP211_SECURITY_INFO *secInfo, PBYTE keyData, DWORD keyDataLength, BYTE keyType, BYTE isSensitive, PBYTE keyDataField, PDWORD keyDataFieldLength, BYTE keyCheckValue[3]) |
| OPGP_NO_API OPGP_ERROR_STATUS | create_session_key_SCP01 (BYTE key[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE sessionKey[16]) |
| OPGP_NO_API OPGP_ERROR_STATUS | create_session_key_SCP02 (BYTE key[16], BYTE constant[2], BYTE sequenceCounter[2], BYTE sessionKey[16]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_rsa_signature (PBYTE message, DWORD messageLength, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE signature[128]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_MAC (BYTE sessionKey[16], BYTE *message, int messageLength, BYTE icv[8], BYTE mac[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_card_cryptogram_SCP01 (BYTE S_ENCSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE cardCryptogram[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_card_cryptogram_SCP02 (BYTE S_ENCSessionKey[16], BYTE sequenceCounter[2], BYTE cardChallenge[6], BYTE hostChallenge[8], BYTE cardCryptogram[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_host_cryptogram_SCP01 (BYTE S_ENCSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE hostCryptogram[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_host_cryptogram_SCP02 (BYTE S_ENCSessionKey[16], BYTE sequenceCounter[2], BYTE cardChallenge[6], BYTE hostChallenge[8], BYTE hostCryptogram[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | create_session_key_SCP03 (BYTE key[16], BYTE derivationConstant, BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE sessionKey[16]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_card_challenge_SCP03 (BYTE S_ENC[16], BYTE sequenceCounter[3], PBYTE invokingAID, DWORD invokingAIDLength, BYTE cardChallenge[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_card_cryptogram_SCP03 (BYTE S_MACSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE cardCryptogram[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_host_cryptogram_SCP03 (BYTE S_MACSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE hostCryptogram[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | wrap_command (PBYTE apduCommand, DWORD apduCommandLength, PBYTE wrappedApduCommand, PDWORD wrappedApduCommandLength, GP211_SECURITY_INFO *secInfo) |
| Wraps a command, i.e. encrypts and add the MAC to the APDU with the necessary security information according to secInfo. More... | |
| OPGP_NO_API OPGP_ERROR_STATUS | unwrap_command (PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData, DWORD responseDataLength, PBYTE unwrappedResponseData, PDWORD unwrappedResponseDataLength, GP211_SECURITY_INFO *secInfo) |
| Unwraps a response, i.e. decrypts and checks the R-MAC of a response APDU with the necessary security information according to secInfo. More... | |
| OPGP_NO_API OPGP_ERROR_STATUS | GP211_check_R_MAC (PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData, DWORD responseDataLength, PBYTE unwrappedResponseApdu, PDWORD unwrappedResponseApduLength, GP211_SECURITY_INFO *secInfo) |
| Checks the R-MAC of an APDU with the necessary security information according to secInfo. More... | |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_enc_ecb_two_key_triple_des (BYTE key[16], BYTE *message, int messageLength, BYTE *encryption, int *encryptionLength) |
| OPGP_NO_API OPGP_ERROR_STATUS | validate_receipt (PBYTE validationData, DWORD validationDataLength, BYTE receipt[16], BYTE receiptKey[16], BYTE secureChannelProtocol) |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_MAC_des_3des (BYTE _3des_key[16], BYTE *message, int messageLength, BYTE initialICV[8], BYTE mac[8]) |
| OPGP_NO_API OPGP_ERROR_STATUS | validate_install_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE secureChannelProtocol) |
| OPGP_NO_API OPGP_ERROR_STATUS | validate_delete_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE AID, DWORD AIDLengthv, BYTE secureChannelProtocol) |
| OPGP_NO_API OPGP_ERROR_STATUS | validate_load_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE secureChannelProtocol) |
| OPGP_NO_API OPGP_ERROR_STATUS | read_public_rsa_key (OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE rsaModulus[128], LONG *rsaExponent) |
| Reads a public RSA key from a file. More... | |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_sha256_hash (PBYTE message, DWORD messageLength, BYTE hash[32]) |
| Calculates a SHA-256 hash. More... | |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_sha1_hash (PBYTE message, DWORD messageLength, BYTE hash[20]) |
| Calculates a SHA-1 hash. More... | |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_MAC_right_des_3des (BYTE key[16], BYTE *message, int messageLength, BYTE mac[8]) |
| Calculates a MAC using first DES and 3DES for the final round when the padding is applied. More... | |
| OPGP_NO_API OPGP_ERROR_STATUS | get_random (BYTE *random, int randomLength) |
Detailed Description
This file contains internally used cryptographic related functionality.
Function Documentation
◆ calculate_card_challenge_SCP03()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_card_challenge_SCP03 | ( | BYTE | S_ENC[16], |
| BYTE | sequenceCounter[3], | ||
| PBYTE | invokingAID, | ||
| DWORD | invokingAIDLength, | ||
| BYTE | cardChallenge[8] | ||
| ) |
Calculates the card challenge when using pseudo-random challenge generation for SCP03.
- Parameters
-
S_ENC [in] The static S-ENC Key. sequenceCounter [in] The sequence counter. invokingAID The invoking AID byte buffer. invokingAIDLength The length of the invoking AID byte buffer. cardChallenge [out] The calculated challenge.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_card_cryptogram_SCP01()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP01 | ( | BYTE | S_ENCSessionKey[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | cardCryptogram[8] | ||
| ) |
Calculates the card cryptogram for SCP01.
- Parameters
-
S_ENCSessionKey [in] The S-ENC Session Key for calculating the card cryptogram. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. cardCryptogram [out] The calculated card cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_card_cryptogram_SCP02()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP02 | ( | BYTE | S_ENCSessionKey[16], |
| BYTE | sequenceCounter[2], | ||
| BYTE | cardChallenge[6], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | cardCryptogram[8] | ||
| ) |
Calculates the card cryptogram for SCP02.
- Parameters
-
S_ENCSessionKey [in] The S-ENC Session Key for calculating the card cryptogram. sequenceCounter [in] The sequence counter. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. cardCryptogram [out] The calculated card cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_card_cryptogram_SCP03()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP03 | ( | BYTE | S_MACSessionKey[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | cardCryptogram[8] | ||
| ) |
Calculates the card cryptogram for SCP03.
- Parameters
-
S_MACSessionKey [in] The S-MAC Session Key for calculating the card cryptogram. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. cardCryptogram [out] The calculated host cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_CMAC_aes()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_CMAC_aes | ( | BYTE | sMacKey[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | chainingValue[16], | ||
| BYTE | mac[16] | ||
| ) |
Creates a MAC for commands (APDUs) using CMAC AES. This is used by SCP03. The MAC for the message are the first 8 Bytes of mac. The next chainingValue are the full 16 Bytes of mac. Save this value for the next command MAC calculation.
- Parameters
-
sMacKey [in] The S-MAC key (session MAC key) to use for MAC generation. message [in] The message to generate the MAC for. messageLength [in] The length of the message. chainingValue [in] The chaining value to use for the MAC generation. This is usually the full 16 Byte MAC generated for the last command or 16 bytes 0x00 for the first one (i.e. EXTERNAL AUTHENTICATE). mac [out] The full 16 Byte MAC. Append the first 8 Bytes to the message. Save the full 16 Bytes for further MAC generation if needed.
◆ calculate_enc_ecb_two_key_triple_des()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_enc_ecb_two_key_triple_des | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE * | encryption, | ||
| int * | encryptionLength | ||
| ) |
Calculates the encryption of a message in ECB mode with two key triple DES. Pads the message with 0x80 and additional 0x00 if message length is not a multiple of 8.
- Parameters
-
key [in] A 3DES key used to encrypt. *message [in] The message to encrypt. messageLength [in] The length of the message. *encryption [out] The encryption. *encryptionLength [out] The length of the encryption.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STALTUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_host_cryptogram_SCP01()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP01 | ( | BYTE | S_ENCSessionKey[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | hostCryptogram[8] | ||
| ) |
Calculates the host cryptogram for SCP01.
- Parameters
-
S_ENCSessionKey [in] The S-ENC Session Key for calculating the card cryptogram. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. hostCryptogram [out] The calculated host cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_host_cryptogram_SCP02()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP02 | ( | BYTE | S_ENCSessionKey[16], |
| BYTE | sequenceCounter[2], | ||
| BYTE | cardChallenge[6], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | hostCryptogram[8] | ||
| ) |
Calculates the host cryptogram for SCP02.
- Parameters
-
S_ENCSessionKey [in] The S-ENC Session Key for calculating the card cryptogram. sequenceCounter [in] The sequence counter. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. hostCryptogram [out] The calculated host cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_host_cryptogram_SCP03()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP03 | ( | BYTE | S_MACSessionKey[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | hostCryptogram[8] | ||
| ) |
Calculates the host cryptogram for SCP03.
- Parameters
-
S_MACSessionKey [in] The S-MAC Session Key for calculating the card cryptogram. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. hostCryptogram [out] The calculated host cryptogram.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_MAC()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC | ( | BYTE | sessionKey[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | icv[8], | ||
| BYTE | mac[8] | ||
| ) |
Calculates a message authentication code. Pads the message always with 0x80 and additional 0x00 until message length is a multiple of 8.
- Parameters
-
sessionKey [in] A 3DES key used to sign. *message [in] The message to authenticate. messageLength [in] The message length. icv [in] The initial chaining vector. mac [out] The calculated MAC.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_MAC_des_3des()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC_des_3des | ( | BYTE | _3des_key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | initialICV[8], | ||
| BYTE | mac[8] | ||
| ) |
Calculates a message authentication code using the left half key of a two key 3DES key and the the full key for the final operation. Pads the message always with 0x80 and additional 0x00 until message length is a multiple of 8.
- Parameters
-
_3des_key [in] A 3DES key used to sign. *message [in] The message to authenticate. messageLength [in] The message length. initialICV [in] The initial chaining vector. mac [out] The calculated MAC.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_MAC_right_des_3des()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC_right_des_3des | ( | BYTE | key[16], |
| BYTE * | message, | ||
| int | messageLength, | ||
| BYTE | mac[8] | ||
| ) |
Calculates a MAC using first DES and 3DES for the final round when the padding is applied.
- Parameters
-
key [in] A 3DES key used to sign. For DES the right half of the key is used. *message [in] The message to authenticate. messageLength [in] The message length. mac [out] The calculated MAC.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ calculate_rsa_signature()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_rsa_signature | ( | PBYTE | message, |
| DWORD | messageLength, | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase, | ||
| BYTE | signature[128] | ||
| ) |
Calculates a RSA signature using SHA-1 and PKCS#1.
- Parameters
-
message [in] The message to generate the signature for. messageLength [in] The length of the message buffer. PEMKeyFileName [in] A PEM file name with the private RSA key. *passPhrase [in] The passphrase. Must be an ASCII string. signature The calculated signature.
◆ calculate_sha1_hash()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_sha1_hash | ( | PBYTE | message, |
| DWORD | messageLength, | ||
| BYTE | hash[20] | ||
| ) |
Calculates a SHA-1 hash.
- Parameters
-
message [in] The message to generate the hash for. messageLength [in] The length of the message buffer. hash [out] The calculated hash.
◆ calculate_sha256_hash()
| OPGP_NO_API OPGP_ERROR_STATUS calculate_sha256_hash | ( | PBYTE | message, |
| DWORD | messageLength, | ||
| BYTE | hash[32] | ||
| ) |
Calculates a SHA-256 hash.
- Parameters
-
message [in] The message to generate the hash for. messageLength [in] The length of the message buffer. hash [out] The calculated hash.
◆ create_session_key_SCP01()
| OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP01 | ( | BYTE | key[16], |
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | sessionKey[16] | ||
| ) |
Creates the session key for SCP01.
- Parameters
-
key [in] The Secure Channel Encryption Key or Secure Channel Message Authentication Code Key for calculating the corresponding session key. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. sessionKey [out] The calculated 3DES session key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ create_session_key_SCP02()
| OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP02 | ( | BYTE | key[16], |
| BYTE | constant[2], | ||
| BYTE | sequenceCounter[2], | ||
| BYTE | sessionKey[16] | ||
| ) |
Creates the session key for SCP02.
- Parameters
-
key [in] The Secure Channel Encryption Key or Secure Channel Message Authentication Code Key or Data Encryption Key for calculating the corresponding session key. constant [in] The constant for the corresponding session key. sequenceCounter [in] The sequence counter. sessionKey [out] The calculated 3DES session key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ create_session_key_SCP03()
| OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP03 | ( | BYTE | key[16], |
| BYTE | derivationConstant, | ||
| BYTE | cardChallenge[8], | ||
| BYTE | hostChallenge[8], | ||
| BYTE | sessionKey[16] | ||
| ) |
Creates an AES-128 session key for SCP03.
- Parameters
-
key [in] The Secure Channel Encryption Key or Secure Channel Message Authentication Code Key for calculating the corresponding session key. derivationConstant [in] The derivation constant, as defined in "Table 4-1: Data derivation constants" of SCP03. cardChallenge [in] The card challenge. hostChallenge [in] The host challenge. sessionKey [out] The calculated AES session key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ get_random()
| OPGP_NO_API OPGP_ERROR_STATUS get_random | ( | BYTE * | random, |
| int | randomLength | ||
| ) |
- Parameters
-
*random [out] The random to generate. randomLength [in] The random length to generate.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_check_R_MAC()
| OPGP_NO_API OPGP_ERROR_STATUS GP211_check_R_MAC | ( | PBYTE | apduCommand, |
| DWORD | apduCommandLength, | ||
| PBYTE | responseApdu, | ||
| DWORD | responseApduLength, | ||
| PBYTE | unwrappedResponseApdu, | ||
| PDWORD | unwrappedResponseApduLength, | ||
| GP211_SECURITY_INFO * | secInfo | ||
| ) |
Checks the R-MAC of an APDU with the necessary security information according to secInfo.
- Parameters
-
apduCommand [in] The command APDU. apduCommandLength [in] The length of the command APDU. responseApdu [in] The response APDU. responseApduLength [in] The length of the response APDU. unwrappedResponseApdu [out] The buffer for the unwrapped response APDU. unwrappedResponseApduLength [in, out] The available and returned modified length of the unwrappedResponseAPDU buffer. *secInfo [in] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ read_public_rsa_key()
| OPGP_NO_API OPGP_ERROR_STATUS read_public_rsa_key | ( | OPGP_STRING | PEMKeyFileName, |
| char * | passPhrase, | ||
| BYTE | rsaModulus[128], | ||
| LONG * | rsaExponent | ||
| ) |
Reads a public RSA key from a file.
- Parameters
-
PEMKeyFileName [in] The key file. *passPhrase [in] The passphrase. Must be an ASCII string. rsaModulus [out] The RSA modulus. rsaExponent [out] The RSA exponent.
◆ unwrap_command()
| OPGP_NO_API OPGP_ERROR_STATUS unwrap_command | ( | PBYTE | apduCommand, |
| DWORD | apduCommandLength, | ||
| PBYTE | responseApdu, | ||
| DWORD | responseApduLength, | ||
| PBYTE | unwrappedResponseApdu, | ||
| PDWORD | unwrappedResponseApduLength, | ||
| GP211_SECURITY_INFO * | secInfo | ||
| ) |
Unwraps a response, i.e. decrypts and checks the R-MAC of a response APDU with the necessary security information according to secInfo.
- Parameters
-
apduCommand [in] The command APDU. apduCommandLength [in] The length of the command APDU. responseApdu [in] The response data. responseApduLength [in] The length of the response data. unwrappedResponseApdu [out] The buffer for the unwrapped response APDU. unwrappedResponseApduLength [in, out] The available and returned modified length of the unwrappedResponseAPDU buffer. *secInfo [in] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ validate_receipt()
| OPGP_NO_API OPGP_ERROR_STATUS validate_receipt | ( | PBYTE | validationData, |
| DWORD | validationDataLength, | ||
| BYTE | receipt[16], | ||
| BYTE | receiptKey[16], | ||
| BYTE | secureChannelProtocol | ||
| ) |
GlobalPlatform2.1.1: Validates a Receipt. Returns OPGP_ERROR_STATUS_SUCCESS if the receipt is valid.
- Parameters
-
validationData [in] The data used to validate the returned receipt. validationDataLength [in] The length of the validationData buffer. receipt [in] The receipt. receiptKey [in] The 3DES key to generate the receipt. secureChannelProtocol [in] The Secure Channel Protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ wrap_command()
| OPGP_NO_API OPGP_ERROR_STATUS wrap_command | ( | PBYTE | apduCommand, |
| DWORD | apduCommandLength, | ||
| PBYTE | wrappedApduCommand, | ||
| PDWORD | wrappedApduCommandLength, | ||
| GP211_SECURITY_INFO * | secInfo | ||
| ) |
Wraps a command, i.e. encrypts and add the MAC to the APDU with the necessary security information according to secInfo.
Wraps a APDU with the necessary security information according to secInfo. The wrappedapduCommand must be a buffer with enough space for the potential added padding for the encryption and the MAC. The maximum possible extra space to the apduCommandLength is 8 bytes for the MAC plus 7 bytes for padding and one Lc byte in the encryption process.
- Parameters
-
apduCommand [in] The command APDU. apduCommandLength [in] The length of the command APDU. wrappedApduCommand [out] The buffer for the wrapped APDU command. wrappedApduCommandLength [in, out] The available and returned modified length of the wrappedApduCommand buffer. *secInfo [in] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
