globalplatform
crypto.h
Go to the documentation of this file.
1 /* Copyright (c) 2009, Karsten Ohme
2  * This file is part of GlobalPlatform.
3  *
4  * GlobalPlatform is free software: you can redistribute it and/or modify
5  * it under the terms of the GNU Lesser General Public License as published by
6  * the Free Software Foundation, either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * GlobalPlatform is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public License
15  * along with GlobalPlatform. If not, see <http://www.gnu.org/licenses/>.
16  *
17  * In addition, as a special exception, the copyright holders give
18  * permission to link the code of portions of this program with the
19  * OpenSSL library under certain conditions as described in each
20  * individual source file, and distribute linked combinations
21  * including the two.
22  * You must obey the GNU Lesser General Public License in all respects
23  * for all of the code used other than OpenSSL. If you modify
24  * file(s) with this exception, you may extend this exception to your
25  * version of the file(s), but you are not obligated to do so. If you
26  * do not wish to do so, delete this exception statement from your
27  * version. If you delete this exception statement from all source
28  * files in the program, then also delete it here.
29  */
30 
35 #ifndef OPGP_CRYPTO_H
36 #define OPGP_CRYPTO_H
37 
38 #ifdef __cplusplus
39 extern "C"
40 {
41 #endif
42 
43 #ifdef WIN32
44 #include "stdafx.h"
45 #endif
46 
47 #include "globalplatform/types.h"
48 #include "globalplatform/library.h"
49 #include "globalplatform/unicode.h"
50 #include "globalplatform/error.h"
52 
53 static const BYTE ICV[8] = {0};
54 static const BYTE SCP03_ICV[32] = {0};
55 
56 OPGP_NO_API
57 OPGP_ERROR_STATUS calculate_CMAC_aes(BYTE sMacKey[32], DWORD keyLength, BYTE *message,
58  DWORD messageLength, BYTE chainingValue[16],
59  BYTE mac[16]);
60 
61 OPGP_NO_API
63  BYTE keyType,
64  PBYTE keyData,
65  DWORD keyDataLength,
66  BYTE keyCheckValue[3]);
67 
68 OPGP_NO_API
70  PBYTE data,
71  DWORD dataLength,
72  PBYTE encryptedData,
73  PDWORD encryptedDataLength);
74 
75 OPGP_NO_API
76 OPGP_ERROR_STATUS get_key_data_field(GP211_SECURITY_INFO *secInfo,
77  PBYTE keyData,
78  DWORD keyDataLength,
79  BYTE keyType,
80  BYTE isSensitive,
81  PBYTE keyDataField,
82  PDWORD keyDataFieldLength,
83  BYTE keyCheckValue[3]);
84 
85 OPGP_NO_API
86 OPGP_ERROR_STATUS create_session_key_SCP01(BYTE key[16], BYTE cardChallenge[8],
87  BYTE hostChallenge[8], BYTE sessionKey[16]);
88 
89 OPGP_NO_API
91  BYTE sequenceCounter[2], BYTE sessionKey[16]);
92 
93 OPGP_NO_API
94 OPGP_ERROR_STATUS calculate_rsa_signature(PBYTE message, DWORD messageLength, OPGP_STRING PEMKeyFileName,
95  char *passPhrase, BYTE signature[128]);
96 
97 OPGP_NO_API
98 OPGP_ERROR_STATUS calculate_MAC(BYTE sessionKey[16], BYTE *message, DWORD messageLength,
99  BYTE icv[8], BYTE mac[8]);
100 
101 OPGP_NO_API
103  BYTE cardChallenge[8],
104  BYTE hostChallenge[8],
105  BYTE cardCryptogram[8]);
106 
107 OPGP_NO_API
109  BYTE sequenceCounter[2],
110  BYTE cardChallenge[6],
111  BYTE hostChallenge[8],
112  BYTE cardCryptogram[8]);
113 
114 OPGP_NO_API
116  BYTE cardChallenge[8],
117  BYTE hostChallenge[8],
118  BYTE hostCryptogram[8]);
119 
120 OPGP_NO_API
122  BYTE sequenceCounter[2],
123  BYTE cardChallenge[6],
124  BYTE hostChallenge[8],
125  BYTE hostCryptogram[8]);
126 
127 OPGP_NO_API
128 OPGP_ERROR_STATUS create_session_key_SCP03(BYTE key[32], DWORD keyLength, BYTE derivationConstant, BYTE cardChallenge[8],
129  BYTE hostChallenge[8], BYTE sessionKey[32]);
130 
131 OPGP_NO_API
133  DWORD keyLength,
134  BYTE sequenceCounter[3],
135  PBYTE invokingAID,
136  DWORD invokingAIDLength,
137  BYTE cardChallenge[8]);
138 
139 OPGP_NO_API
141  DWORD keyLength,
142  BYTE cardChallenge[8],
143  BYTE hostChallenge[8],
144  BYTE cardCryptogram[8]);
145 
146 OPGP_NO_API
148  DWORD keyLength,
149  BYTE cardChallenge[8],
150  BYTE hostChallenge[8],
151  BYTE hostCryptogram[8]);
152 
154 OPGP_NO_API
155 OPGP_ERROR_STATUS wrap_command(PBYTE apduCommand, DWORD apduCommandLength, PBYTE wrappedApduCommand,
156  PDWORD wrappedApduCommandLength, GP211_SECURITY_INFO *secInfo);
157 
159 OPGP_NO_API
160 OPGP_ERROR_STATUS unwrap_command(PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData,
161  DWORD responseDataLength, PBYTE unwrappedResponseData,
162  PDWORD unwrappedResponseDataLength, GP211_SECURITY_INFO *secInfo);
163 
165 OPGP_NO_API
166 OPGP_ERROR_STATUS GP211_check_R_MAC(PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData,
167  DWORD responseDataLength, PBYTE unwrappedResponseApdu, PDWORD unwrappedResponseApduLength, GP211_SECURITY_INFO *secInfo);
168 
169 OPGP_NO_API
171  DWORD messageLength, BYTE *encryption,
172  DWORD *encryptionLength);
173 
174 OPGP_NO_API
175 OPGP_ERROR_STATUS validate_receipt(PBYTE validationData, DWORD validationDataLength,
176  BYTE receipt[16], BYTE receiptKey[32], DWORD keyLength, BYTE secureChannelProtocol);
177 
178 OPGP_NO_API
179 OPGP_ERROR_STATUS calculate_MAC_des_3des(BYTE _3des_key[16], BYTE *message, DWORD messageLength,
180  BYTE initialICV[8], BYTE mac[8]);
181 
182 OPGP_NO_API
183 OPGP_ERROR_STATUS validate_install_receipt(DWORD confirmationCounter, PBYTE cardUniqueData,
184  DWORD cardUniqueDataLength,
185  BYTE receiptKey[32], DWORD keyLength, GP211_RECEIPT_DATA receiptData,
186  PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength,
187  PBYTE applicationAID, DWORD applicationAIDLength, BYTE secureChannelProtocol);
188 
189 OPGP_NO_API
190 OPGP_ERROR_STATUS validate_delete_receipt(DWORD confirmationCounter, PBYTE cardUniqueData,
191  DWORD cardUniqueDataLength,
192  BYTE receiptKey[32], DWORD keyLength, GP211_RECEIPT_DATA receiptData,
193  PBYTE AID, DWORD AIDLengthv, BYTE secureChannelProtocol);
194 
195 OPGP_NO_API
196 OPGP_ERROR_STATUS validate_load_receipt(DWORD confirmationCounter, PBYTE cardUniqueData,
197  DWORD cardUniqueDataLength,
198  BYTE receiptKey[32], DWORD keyLength, GP211_RECEIPT_DATA receiptData,
199  PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength,
200  PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE secureChannelProtocol);
201 
203 OPGP_NO_API
204 OPGP_ERROR_STATUS read_public_rsa_key(OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE rsaModulus[128], LONG *rsaExponent);
205 
207 OPGP_NO_API
208 OPGP_ERROR_STATUS calculate_sha2_hash(PBYTE message, DWORD messageLength, BYTE hash[64], DWORD hashLength);
209 
211 OPGP_NO_API
212 OPGP_ERROR_STATUS calculate_sha1_hash(PBYTE message, DWORD messageLength, BYTE hash[20]);
213 
215 OPGP_NO_API
216 OPGP_ERROR_STATUS calculate_MAC_right_des_3des(BYTE key[16], BYTE *message, DWORD messageLength, BYTE mac[8]);
217 
218 OPGP_NO_API
219 OPGP_ERROR_STATUS get_random(BYTE *random, int randomLength);
220 
221 #ifdef __cplusplus
222 }
223 #endif
224 
225 #endif
OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC(BYTE sessionKey[16], BYTE *message, DWORD messageLength, BYTE icv[8], BYTE mac[8])
Definition: crypto.c:980
OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP02(BYTE S_ENCSessionKey[16], BYTE sequenceCounter[2], BYTE cardChallenge[6], BYTE hostChallenge[8], BYTE cardCryptogram[8])
Definition: crypto.c:579
OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP01(BYTE S_ENCSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE hostCryptogram[8])
Definition: crypto.c:669
OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC_right_des_3des(BYTE key[16], BYTE *message, DWORD messageLength, BYTE mac[8])
Calculates a MAC using first DES and 3DES for the final round when the padding is applied.
Definition: crypto.c:2192
OPGP_NO_API OPGP_ERROR_STATUS calculate_key_check_value(GP211_SECURITY_INFO *secInfo, BYTE keyType, PBYTE keyData, DWORD keyDataLength, BYTE keyCheckValue[3])
Definition: crypto.c:1364
OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP03(BYTE key[32], DWORD keyLength, BYTE derivationConstant, BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE sessionKey[32])
Definition: crypto.c:826
OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP03(BYTE S_MACSessionKey[32], DWORD keyLength, BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE cardCryptogram[8])
Definition: crypto.c:610
OPGP_NO_API OPGP_ERROR_STATUS calculate_rsa_signature(PBYTE message, DWORD messageLength, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE signature[128])
Definition: crypto.c:1098
OPGP_NO_API OPGP_ERROR_STATUS read_public_rsa_key(OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE rsaModulus[128], LONG *rsaExponent)
Reads a public RSA key from a file.
Definition: crypto.c:2017
OPGP_NO_API OPGP_ERROR_STATUS calculate_sha1_hash(PBYTE message, DWORD messageLength, BYTE hash[20])
Calculates a SHA-1 hash.
Definition: crypto.c:2181
OPGP_NO_API OPGP_ERROR_STATUS GP211_check_R_MAC(PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData, DWORD responseDataLength, PBYTE unwrappedResponseApdu, PDWORD unwrappedResponseApduLength, GP211_SECURITY_INFO *secInfo)
Checks the R-MAC of an APDU with the necessary security information according to secInfo.
Definition: crypto.c:1950
OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP02(BYTE S_ENCSessionKey[16], BYTE sequenceCounter[2], BYTE cardChallenge[6], BYTE hostChallenge[8], BYTE hostCryptogram[8])
Definition: crypto.c:698
OPGP_NO_API OPGP_ERROR_STATUS get_random(BYTE *random, int randomLength)
Definition: crypto.c:2266
OPGP_NO_API OPGP_ERROR_STATUS unwrap_command(PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData, DWORD responseDataLength, PBYTE unwrappedResponseData, PDWORD unwrappedResponseDataLength, GP211_SECURITY_INFO *secInfo)
Unwraps a response, i.e. decrypt and check the R-MAC of a response APDU with the necessary security i...
Definition: crypto.c:1892
OPGP_NO_API OPGP_ERROR_STATUS wrap_command(PBYTE apduCommand, DWORD apduCommandLength, PBYTE wrappedApduCommand, PDWORD wrappedApduCommandLength, GP211_SECURITY_INFO *secInfo)
Wraps a command, i.e. encrypts and add the MAC to the APDU with the necessary security information ac...
Definition: crypto.c:1474
OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP02(BYTE key[16], BYTE constant[2], BYTE sequenceCounter[2], BYTE sessionKey[16])
Definition: crypto.c:790
OPGP_NO_API OPGP_ERROR_STATUS encrypt_sensitive_data(GP211_SECURITY_INFO *secInfo, PBYTE data, DWORD dataLength, PBYTE encryptedData, PDWORD encryptedDataLength)
Definition: crypto.c:1324
OPGP_NO_API OPGP_ERROR_STATUS calculate_sha2_hash(PBYTE message, DWORD messageLength, BYTE hash[64], DWORD hashLength)
Calculates a SHA-256 hash.
Definition: crypto.c:2170
OPGP_NO_API OPGP_ERROR_STATUS calculate_CMAC_aes(BYTE sMacKey[32], DWORD keyLength, BYTE *message, DWORD messageLength, BYTE chainingValue[16], BYTE mac[16])
Creates a MAC for commands (APDUs) using CMAC AES. This is used by SCP03. The MAC for the message are...
Definition: crypto.c:164
OPGP_NO_API OPGP_ERROR_STATUS calculate_enc_ecb_two_key_triple_des(BYTE key[16], BYTE *message, DWORD messageLength, BYTE *encryption, DWORD *encryptionLength)
Definition: crypto.c:855
OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP01(BYTE S_ENCSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE cardCryptogram[8])
Definition: crypto.c:552
OPGP_NO_API OPGP_ERROR_STATUS validate_receipt(PBYTE validationData, DWORD validationDataLength, BYTE receipt[16], BYTE receiptKey[32], DWORD keyLength, BYTE secureChannelProtocol)
Definition: crypto.c:1244
OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP03(BYTE S_MACSessionKey[32], DWORD keyLength, BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE hostCryptogram[8])
Definition: crypto.c:729
OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC_des_3des(BYTE _3des_key[16], BYTE *message, DWORD messageLength, BYTE initialICV[8], BYTE mac[8])
Definition: crypto.c:1161
OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP01(BYTE key[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE sessionKey[16])
Definition: crypto.c:758
OPGP_NO_API OPGP_ERROR_STATUS calculate_card_challenge_SCP03(BYTE S_ENC[32], DWORD keyLength, BYTE sequenceCounter[3], PBYTE invokingAID, DWORD invokingAIDLength, BYTE cardChallenge[8])
Definition: crypto.c:640
Definition: security.h:280
Definition: security.h:203
Definition: error.h:45
long LONG
A long value.
Definition: types.h:53
unsigned char BYTE
A Microsoft/Muscle BYTE definition.
Definition: types.h:51
unsigned char * PBYTE
A Microsoft/Muscle LPBYTE, pointer to unsigned char.
Definition: types.h:48
unsigned long * PDWORD
A Microsoft LPDWORD/Muscle pointer to a DWORD.
Definition: types.h:50
char * OPGP_STRING
A Microsoft/Muscle LPTSTR.
Definition: types.h:46
unsigned long DWORD
A Microsoft/Muscle DWORD definition.
Definition: types.h:52