globalplatform
crypto.h
Go to the documentation of this file.
1 /* Copyright (c) 2009, Karsten Ohme
2  * This file is part of GlobalPlatform.
3  *
4  * GlobalPlatform is free software: you can redistribute it and/or modify
5  * it under the terms of the GNU Lesser General Public License as published by
6  * the Free Software Foundation, either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * GlobalPlatform is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public License
15  * along with GlobalPlatform. If not, see <http://www.gnu.org/licenses/>.
16  */
17 
22 #ifndef OPGP_CRYPTO_H
23 #define OPGP_CRYPTO_H
24 
25 #ifdef __cplusplus
26 extern "C"
27 {
28 #endif
29 
30 #ifdef WIN32
31 #include "stdafx.h"
32 #endif
33 
34 #include "globalplatform/types.h"
35 #include "globalplatform/library.h"
36 #include "globalplatform/unicode.h"
37 #include "globalplatform/error.h"
38 #include "globalplatform/security.h"
39 
40 static const BYTE ICV[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
41 static const BYTE SCP03_ICV[16] = {0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00};
42 
43 OPGP_NO_API
44 OPGP_ERROR_STATUS calculate_CMAC_aes(BYTE sMacKey[16], BYTE *message,
45  int messageLength, BYTE chainingValue[16],
46  BYTE mac[16]);
47 
48 OPGP_NO_API
49 OPGP_ERROR_STATUS get_key_data_field(GP211_SECURITY_INFO *secInfo,
50  PBYTE keyData,
51  DWORD keyDataLength,
52  BYTE keyType,
53  BYTE isSensitive,
54  PBYTE keyDataField,
55  PDWORD keyDataFieldLength,
56  BYTE keyCheckValue[3]);
57 
58 OPGP_NO_API
59 OPGP_ERROR_STATUS create_session_key_SCP01(BYTE key[16], BYTE cardChallenge[8],
60  BYTE hostChallenge[8], BYTE sessionKey[16]);
61 
62 OPGP_NO_API
63 OPGP_ERROR_STATUS create_session_key_SCP02(BYTE key[16], BYTE constant[2],
64  BYTE sequenceCounter[2], BYTE sessionKey[16]);
65 
66 OPGP_NO_API
67 OPGP_ERROR_STATUS calculate_rsa_signature(PBYTE message, DWORD messageLength, OPGP_STRING PEMKeyFileName,
68  char *passPhrase, BYTE signature[128]);
69 
70 OPGP_NO_API
71 OPGP_ERROR_STATUS calculate_MAC(BYTE sessionKey[16], BYTE *message, int messageLength,
72  BYTE icv[8], BYTE mac[8]);
73 
74 OPGP_NO_API
75 OPGP_ERROR_STATUS calculate_card_cryptogram_SCP01(BYTE S_ENCSessionKey[16],
76  BYTE cardChallenge[8],
77  BYTE hostChallenge[8],
78  BYTE cardCryptogram[8]);
79 
80 OPGP_NO_API
81 OPGP_ERROR_STATUS calculate_card_cryptogram_SCP02(BYTE S_ENCSessionKey[16],
82  BYTE sequenceCounter[2],
83  BYTE cardChallenge[6],
84  BYTE hostChallenge[8],
85  BYTE cardCryptogram[8]);
86 
87 OPGP_NO_API
88 OPGP_ERROR_STATUS calculate_host_cryptogram_SCP01(BYTE S_ENCSessionKey[16],
89  BYTE cardChallenge[8],
90  BYTE hostChallenge[8],
91  BYTE hostCryptogram[8]);
92 
93 OPGP_NO_API
94 OPGP_ERROR_STATUS calculate_host_cryptogram_SCP02(BYTE S_ENCSessionKey[16],
95  BYTE sequenceCounter[2],
96  BYTE cardChallenge[6],
97  BYTE hostChallenge[8],
98  BYTE hostCryptogram[8]);
99 
100 OPGP_NO_API
101 OPGP_ERROR_STATUS create_session_key_SCP03(BYTE key[16], BYTE derivationConstant, BYTE cardChallenge[8],
102  BYTE hostChallenge[8], BYTE sessionKey[16]);
103 
104 OPGP_NO_API
105 OPGP_ERROR_STATUS calculate_card_challenge_SCP03(BYTE S_ENC[16],
106  BYTE sequenceCounter[3],
107  PBYTE invokingAID,
108  DWORD invokingAIDLength,
109  BYTE cardChallenge[8]);
110 
111 OPGP_NO_API
112 OPGP_ERROR_STATUS calculate_card_cryptogram_SCP03(BYTE S_MACSessionKey[16],
113  BYTE cardChallenge[8],
114  BYTE hostChallenge[8],
115  BYTE cardCryptogram[8]);
116 
117 OPGP_NO_API
118 OPGP_ERROR_STATUS calculate_host_cryptogram_SCP03(BYTE S_MACSessionKey[16],
119  BYTE cardChallenge[8],
120  BYTE hostChallenge[8],
121  BYTE hostCryptogram[8]);
122 
124 OPGP_NO_API
125 OPGP_ERROR_STATUS wrap_command(PBYTE apduCommand, DWORD apduCommandLength, PBYTE wrappedApduCommand,
126  PDWORD wrappedApduCommandLength, GP211_SECURITY_INFO *secInfo);
127 
129 OPGP_NO_API
130 OPGP_ERROR_STATUS unwrap_command(PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData,
131  DWORD responseDataLength, PBYTE unwrappedResponseData,
132  PDWORD unwrappedResponseDataLength, GP211_SECURITY_INFO *secInfo);
133 
135 OPGP_NO_API
136 OPGP_ERROR_STATUS GP211_check_R_MAC(PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData,
137  DWORD responseDataLength, PBYTE unwrappedResponseApdu, PDWORD unwrappedResponseApduLength, GP211_SECURITY_INFO *secInfo);
138 
139 OPGP_NO_API
140 OPGP_ERROR_STATUS calculate_enc_ecb_two_key_triple_des(BYTE key[16], BYTE *message,
141  int messageLength, BYTE *encryption,
142  int *encryptionLength);
143 
144 OPGP_NO_API
145 OPGP_ERROR_STATUS validate_receipt(PBYTE validationData, DWORD validationDataLength,
146  BYTE receipt[16], BYTE receiptKey[16], BYTE secureChannelProtocol);
147 
148 OPGP_NO_API
149 OPGP_ERROR_STATUS calculate_MAC_des_3des(BYTE _3des_key[16], BYTE *message, int messageLength,
150  BYTE initialICV[8], BYTE mac[8]);
151 
152 OPGP_NO_API
153 OPGP_ERROR_STATUS validate_install_receipt(DWORD confirmationCounter, PBYTE cardUniqueData,
154  DWORD cardUniqueDataLength,
155  BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData,
156  PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength,
157  PBYTE applicationAID, DWORD applicationAIDLength, BYTE secureChannelProtocol);
158 
159 OPGP_NO_API
160 OPGP_ERROR_STATUS validate_delete_receipt(DWORD confirmationCounter, PBYTE cardUniqueData,
161  DWORD cardUniqueDataLength,
162  BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData,
163  PBYTE AID, DWORD AIDLengthv, BYTE secureChannelProtocol);
164 
165 OPGP_NO_API
166 OPGP_ERROR_STATUS validate_load_receipt(DWORD confirmationCounter, PBYTE cardUniqueData,
167  DWORD cardUniqueDataLength,
168  BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData,
169  PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength,
170  PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE secureChannelProtocol);
171 
173 OPGP_NO_API
174 OPGP_ERROR_STATUS read_public_rsa_key(OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE rsaModulus[128], LONG *rsaExponent);
175 
177 OPGP_NO_API
178 OPGP_ERROR_STATUS calculate_sha256_hash(PBYTE message, DWORD messageLength, BYTE hash[32]);
179 
181 OPGP_NO_API
182 OPGP_ERROR_STATUS calculate_sha1_hash(PBYTE message, DWORD messageLength, BYTE hash[20]);
183 
185 OPGP_NO_API
186 OPGP_ERROR_STATUS calculate_MAC_right_des_3des(BYTE key[16], BYTE *message, int messageLength, BYTE mac[8]);
187 
188 OPGP_NO_API
189 OPGP_ERROR_STATUS get_random(BYTE *random, int randomLength);
190 
191 #ifdef __cplusplus
192 }
193 #endif
194 
195 #endif
PDWORD
unsigned long * PDWORD
A Microsoft LPDWORD/Muscle pointer to a DWORD.
Definition: types.h:50
calculate_rsa_signature
OPGP_NO_API OPGP_ERROR_STATUS calculate_rsa_signature(PBYTE message, DWORD messageLength, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE signature[128])
Definition: crypto.c:1070
PBYTE
unsigned char * PBYTE
A Microsoft/Muscle LPBYTE, pointer to unsigned char.
Definition: types.h:48
calculate_card_cryptogram_SCP03
OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP03(BYTE S_MACSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE cardCryptogram[8])
Definition: crypto.c:555
get_random
OPGP_NO_API OPGP_ERROR_STATUS get_random(BYTE *random, int randomLength)
Definition: crypto.c:2109
calculate_card_cryptogram_SCP01
OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP01(BYTE S_ENCSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE cardCryptogram[8])
Definition: crypto.c:498
types.h
calculate_sha256_hash
OPGP_NO_API OPGP_ERROR_STATUS calculate_sha256_hash(PBYTE message, DWORD messageLength, BYTE hash[32])
Calculates a SHA-256 hash.
Definition: crypto.c:2015
BYTE
unsigned char BYTE
A Microsoft/Muscle BYTE definition.
Definition: types.h:51
read_public_rsa_key
OPGP_NO_API OPGP_ERROR_STATUS read_public_rsa_key(OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE rsaModulus[128], LONG *rsaExponent)
Reads a public RSA key from a file.
Definition: crypto.c:1922
validate_receipt
OPGP_NO_API OPGP_ERROR_STATUS validate_receipt(PBYTE validationData, DWORD validationDataLength, BYTE receipt[16], BYTE receiptKey[16], BYTE secureChannelProtocol)
Definition: crypto.c:1215
calculate_host_cryptogram_SCP01
OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP01(BYTE S_ENCSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE hostCryptogram[8])
Definition: crypto.c:611
unwrap_command
OPGP_NO_API OPGP_ERROR_STATUS unwrap_command(PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData, DWORD responseDataLength, PBYTE unwrappedResponseData, PDWORD unwrappedResponseDataLength, GP211_SECURITY_INFO *secInfo)
Unwraps a response, i.e. decrypts and checks the R-MAC of a response APDU with the necessary security...
Definition: crypto.c:1797
LONG
long LONG
A long value.
Definition: types.h:53
GP211_check_R_MAC
OPGP_NO_API OPGP_ERROR_STATUS GP211_check_R_MAC(PBYTE apduCommand, DWORD apduCommandLength, PBYTE responseData, DWORD responseDataLength, PBYTE unwrappedResponseApdu, PDWORD unwrappedResponseApduLength, GP211_SECURITY_INFO *secInfo)
Checks the R-MAC of an APDU with the necessary security information according to secInfo.
Definition: crypto.c:1855
create_session_key_SCP03
OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP03(BYTE key[16], BYTE derivationConstant, BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE sessionKey[16])
Definition: crypto.c:765
GP211_SECURITY_INFO
Definition: security.h:203
calculate_card_cryptogram_SCP02
OPGP_NO_API OPGP_ERROR_STATUS calculate_card_cryptogram_SCP02(BYTE S_ENCSessionKey[16], BYTE sequenceCounter[2], BYTE cardChallenge[6], BYTE hostChallenge[8], BYTE cardCryptogram[8])
Definition: crypto.c:525
security.h
OPGP_ERROR_STATUS
Definition: error.h:45
DWORD
unsigned long DWORD
A Microsoft/Muscle DWORD definition.
Definition: types.h:52
calculate_enc_ecb_two_key_triple_des
OPGP_NO_API OPGP_ERROR_STATUS calculate_enc_ecb_two_key_triple_des(BYTE key[16], BYTE *message, int messageLength, BYTE *encryption, int *encryptionLength)
Definition: crypto.c:790
create_session_key_SCP02
OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP02(BYTE key[16], BYTE constant[2], BYTE sequenceCounter[2], BYTE sessionKey[16])
Definition: crypto.c:730
calculate_sha1_hash
OPGP_NO_API OPGP_ERROR_STATUS calculate_sha1_hash(PBYTE message, DWORD messageLength, BYTE hash[20])
Calculates a SHA-1 hash.
Definition: crypto.c:2024
calculate_MAC_des_3des
OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC_des_3des(BYTE _3des_key[16], BYTE *message, int messageLength, BYTE initialICV[8], BYTE mac[8])
Definition: crypto.c:1133
calculate_host_cryptogram_SCP02
OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP02(BYTE S_ENCSessionKey[16], BYTE sequenceCounter[2], BYTE cardChallenge[6], BYTE hostChallenge[8], BYTE hostCryptogram[8])
Definition: crypto.c:640
GP211_RECEIPT_DATA
Definition: security.h:280
calculate_host_cryptogram_SCP03
OPGP_NO_API OPGP_ERROR_STATUS calculate_host_cryptogram_SCP03(BYTE S_MACSessionKey[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE hostCryptogram[8])
Definition: crypto.c:670
error.h
library.h
create_session_key_SCP01
OPGP_NO_API OPGP_ERROR_STATUS create_session_key_SCP01(BYTE key[16], BYTE cardChallenge[8], BYTE hostChallenge[8], BYTE sessionKey[16])
Definition: crypto.c:698
OPGP_STRING
char * OPGP_STRING
A Microsoft/Muscle LPTSTR.
Definition: types.h:46
calculate_card_challenge_SCP03
OPGP_NO_API OPGP_ERROR_STATUS calculate_card_challenge_SCP03(BYTE S_ENC[16], BYTE sequenceCounter[3], PBYTE invokingAID, DWORD invokingAIDLength, BYTE cardChallenge[8])
Definition: crypto.c:583
calculate_MAC
OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC(BYTE sessionKey[16], BYTE *message, int messageLength, BYTE icv[8], BYTE mac[8])
Definition: crypto.c:915
unicode.h
calculate_MAC_right_des_3des
OPGP_NO_API OPGP_ERROR_STATUS calculate_MAC_right_des_3des(BYTE key[16], BYTE *message, int messageLength, BYTE mac[8])
Calculates a MAC using first DES and 3DES for the final round when the padding is applied.
Definition: crypto.c:2035
wrap_command
OPGP_NO_API OPGP_ERROR_STATUS wrap_command(PBYTE apduCommand, DWORD apduCommandLength, PBYTE wrappedApduCommand, PDWORD wrappedApduCommandLength, GP211_SECURITY_INFO *secInfo)
Wraps a command, i.e. encrypts and add the MAC to the APDU with the necessary security information ac...
Definition: crypto.c:1390
calculate_CMAC_aes
OPGP_NO_API OPGP_ERROR_STATUS calculate_CMAC_aes(BYTE sMacKey[16], BYTE *message, int messageLength, BYTE chainingValue[16], BYTE mac[16])
Creates a MAC for commands (APDUs) using CMAC AES. This is used by SCP03. The MAC for the message are...
Definition: crypto.c:149
Generated by   doxygen 1.8.17