This implements all Open- and GlobalPlatform functions. More...
#include <stdio.h>#include <stdlib.h>#include "globalplatform/globalplatform.h"#include <sys/stat.h>#include <string.h>#include <errno.h>#include "globalplatform/debug.h"#include "unzip/unzip.h"#include "unzip/zip.h"#include "util.h"#include "crypto.h"#include "loadfile.h"
Include dependency graph for globalplatform.c:
Macros | |
| #define | MAX_APDU_DATA_SIZE_FOR_SECURE_MESSAGING 239 |
| #define | MAX_APDU_DATA_SIZE_FOR_SECURE_MESSAGING_SCP03 231 |
| #define | MAX_APDU_DATA_SIZE(secInfo) (secInfo->secureChannelProtocol == GP211_SCP03 ? MAX_APDU_DATA_SIZE_FOR_SECURE_MESSAGING_SCP03 : MAX_APDU_DATA_SIZE_FOR_SECURE_MESSAGING) |
| #define | MAX_PATH 257 |
| #define | CARD_DATA_APPLICATION_TAG_4 0x64 |
| #define | OID_TAG 0x06 |
| #define | CHECK_SW_9000(recvBuffer, recvBufferLength, status) |
Functions | |
| OPGP_NO_API OPGP_ERROR_STATUS | calculate_install_token (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase) |
| OPGP_NO_API OPGP_ERROR_STATUS | put_delegated_management_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE receiptKey[16]) |
| OPGP_NO_API OPGP_ERROR_STATUS | put_3des_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE _3DESKey[16]) |
| OPGP_NO_API OPGP_ERROR_STATUS | put_rsa_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase) |
| OPGP_NO_API OPGP_ERROR_STATUS | put_secure_channel_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, BYTE newBaseKey[16], BYTE newS_ENC[16], BYTE newS_MAC[16], BYTE newDEK[16]) |
| OPGP_NO_API OPGP_ERROR_STATUS | delete_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex) |
| OPGP_NO_API OPGP_ERROR_STATUS | delete_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, OPGP_AID *AIDs, DWORD AIDsLength, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataLength, DWORD mode) |
| OPGP_NO_API OPGP_ERROR_STATUS | get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength) |
| OPGP_NO_API OPGP_ERROR_STATUS | put_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE dataObject, DWORD dataObjectLength) |
| OPGP_NO_API OPGP_ERROR_STATUS | get_key_information_templates (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keyInformationTemplate, GP211_KEY_INFORMATION *keyInformation, PDWORD keyInformationLength) |
| OPGP_NO_API OPGP_ERROR_STATUS | get_extended_card_resources_information (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, OPGP_EXTENDED_CARD_RESOURCE_INFORMATION *extendedCardResourceInformation) |
| OPGP_NO_API OPGP_ERROR_STATUS | set_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE cardElement, PBYTE AID, DWORD AIDLength, BYTE lifeCycleState) |
| OPGP_NO_API OPGP_ERROR_STATUS | load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, GP211_DAP_BLOCK *loadFileDataBlockSignature, DWORD loadFileDataBlockSignatureLength, OPGP_STRING executableLoadFileName, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback) |
| OPGP_NO_API OPGP_ERROR_STATUS | install_for_install_and_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| OPGP_NO_API OPGP_ERROR_STATUS | install_for_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], BYTE loadToken[128], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit) |
| OPGP_NO_API OPGP_ERROR_STATUS | install_for_install (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| OPGP_NO_API OPGP_ERROR_STATUS | install_for_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| OPGP_NO_API OPGP_ERROR_STATUS | pin_change (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE tryLimit, PBYTE newPIN, DWORD newPINLength) |
| OPGP_NO_API OPGP_ERROR_STATUS | mutual_authentication (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE baseKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16], BYTE keySetVersion, BYTE keyIndex, BYTE secureChannelProtocol, BYTE secureChannelProtocolImpl, BYTE securityLevel, BYTE derivationMethod, GP211_SECURITY_INFO *secInfo) |
| OPGP_NO_API OPGP_ERROR_STATUS | get_install_data (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, PBYTE installData, PDWORD installDataLength) |
| OPGP_NO_API OPGP_ERROR_STATUS | load_from_buffer (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, GP211_DAP_BLOCK *loadFileDataBlockSignature, DWORD loadFileDataBlockSignatureLength, PBYTE loadFileBuf, DWORD loadFileBufSize, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback) |
| OPGP_NO_API OPGP_ERROR_STATUS | VISA2_derive_keys_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE AID, DWORD AIDLength, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| OPGP_NO_API OPGP_ERROR_STATUS | VISA1_derive_keys_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| OPGP_NO_API OPGP_ERROR_STATUS | EMV_CPS11_derive_keys_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| OPGP_NO_API void | mapOP201ToGP211SecurityInfo (OP201_SECURITY_INFO op201secInfo, GP211_SECURITY_INFO *gp211secInfo) |
| OPGP_NO_API void | mapGP211ToOP201SecurityInfo (GP211_SECURITY_INFO gp211secInfo, OP201_SECURITY_INFO *op201secInfo) |
| OPGP_NO_API void | mapOP201ToGP211DAPBlock (OP201_DAP_BLOCK op201dapBlock, GP211_DAP_BLOCK *gp211dapBlock) |
| OPGP_NO_API void | mapOP201ToGP211ReceiptData (OP201_RECEIPT_DATA op201receiptData, GP211_RECEIPT_DATA *gp211receiptData) |
| OPGP_NO_API void | mapGP211ToOP201ReceiptData (GP211_RECEIPT_DATA gp211receiptData, OP201_RECEIPT_DATA *op201receiptData) |
| OPGP_NO_API void | mapGP211ToOP201KeyInformation (GP211_KEY_INFORMATION gp211keyInformation, OP201_KEY_INFORMATION *op201keyInformation) |
| OPGP_NO_API void | mapGP211ToOP201ApplicationData (GP211_APPLICATION_DATA gp211applData, OP201_APPLICATION_DATA *op201applData) |
| OPGP_NO_API OPGP_ERROR_STATUS | readDAPBlock (PBYTE buf, PDWORD bufLength, OP201_DAP_BLOCK dapBlock) |
| OPGP_NO_API OPGP_ERROR_STATUS | parse_application_data (PBYTE data, DWORD dataLength, BYTE cardElement, BYTE format, GP211_APPLICATION_DATA *applData, PDWORD dataRead) |
| OPGP_NO_API OPGP_ERROR_STATUS | parse_executable_load_file_data (PBYTE data, DWORD dataLength, BYTE format, GP211_EXECUTABLE_MODULES_DATA *modulesData, PDWORD dataRead) |
| OPGP_NO_API DWORD | fillReceipt (PBYTE buf, GP211_RECEIPT_DATA *receiptData) |
| OPGP_ERROR_STATUS | GP211_send_APDU (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE capdu, DWORD capduLength, PBYTE rapdu, PDWORD rapduLength) |
| Sends an application protocol data unit. More... | |
| OPGP_ERROR_STATUS | OPGP_select_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, PBYTE AID, DWORD AIDLength) |
| GlobalPlatform2.1.1: Selects an application on a card by AID. More... | |
| OPGP_ERROR_STATUS | GP211_put_rsa_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase) |
| GlobalPlatform2.1.1: replaces a single public RSA key in a key set or adds a new public RSA key. More... | |
| OPGP_ERROR_STATUS | GP211_put_3des_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE _3DESKey[16]) |
| GlobalPlatform2.1.1: replaces a single 3DES key in a key set or adds a new 3DES key. More... | |
| OPGP_ERROR_STATUS | GP211_put_aes_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE aesKey[16]) |
| GlobalPlatform2.1.1: replaces a single AES key in a key set or adds a new AES key. More... | |
| OPGP_ERROR_STATUS | GP211_put_symmetric_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE key[16], BYTE keyType) |
| GlobalPlatform2.1.1: replaces a single symmetric key in a key set or adds a new key. | |
| OPGP_ERROR_STATUS | GP211_put_secure_channel_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, BYTE newBaseKey[16], BYTE newS_ENC[16], BYTE newS_MAC[16], BYTE newDEK[16]) |
| GlobalPlatform2.1.1: replaces or adds a secure channel key set consisting of S-ENC, S-MAC and DEK. More... | |
| OPGP_ERROR_STATUS | GP211_put_delegated_management_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE receiptKey[16]) |
| GlobalPlatform2.1.1: Adds a key set for Delegated Management. More... | |
| OPGP_ERROR_STATUS | GP211_delete_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex) |
| GlobalPlatform2.1.1: deletes a key or multiple keys. More... | |
| OPGP_ERROR_STATUS | GP211_delete_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, OPGP_AID *AIDs, DWORD AIDsLength, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataLength) |
| GlobalPlatform2.1.1: Deletes a Executable Load File or an application. More... | |
| OPGP_ERROR_STATUS | GP211_put_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE dataObject, DWORD dataObjectLength) |
| GlobalPlatform2.1.1: Put card data. More... | |
| OPGP_ERROR_STATUS | GP211_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength) |
| GlobalPlatform2.1.1: Retrieve card data. More... | |
| OPGP_ERROR_STATUS | GP211_begin_R_MAC (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE securityLevel, PBYTE data, DWORD dataLength) |
| Initiates a R-MAC session. More... | |
| OPGP_ERROR_STATUS | GP211_end_R_MAC (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE secureChannelProtocol) |
| Terminates a R-MAC session. More... | |
| OPGP_ERROR_STATUS | GP211_get_data_iso7816_4 (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength) |
| Retrieve card data according ISO/IEC 7816-4 command not within a secure channel. More... | |
| OPGP_ERROR_STATUS | GP211_get_secure_channel_protocol_details (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE *secureChannelProtocol, BYTE *secureChannelProtocolImpl) |
| GlobalPlatform2.1.1: This returns the Secure Channel Protocol and the Secure Channel Protocol implementation. More... | |
| OPGP_ERROR_STATUS | GP211_get_key_information_templates (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keyInformationTemplate, GP211_KEY_INFORMATION *keyInformation, PDWORD keyInformationLength) |
| GlobalPlatform2.1.1: Retrieves key information of keys on the card. More... | |
| OPGP_ERROR_STATUS | OPGP_get_extended_card_resources_information (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, OPGP_EXTENDED_CARD_RESOURCE_INFORMATION *extendedCardResourceInformation) |
| Reads the extended card resource information (number of applications + free memory). More... | |
| OPGP_ERROR_STATUS | GP211_set_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE cardElement, PBYTE AID, DWORD AIDLength, BYTE lifeCycleState) |
| GlobalPlatform2.1.1: Sets the life cycle status of Applications, Security Domains or the Card Manager. More... | |
| OPGP_ERROR_STATUS | GP211_get_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE cardElement, BYTE format, GP211_APPLICATION_DATA *applData, GP211_EXECUTABLE_MODULES_DATA *executableData, PDWORD dataLength) |
| GlobalPlatform2.1.1: Gets the life cycle status of Applications, the Issuer Security Domains, Security Domains and Executable Load Files and their privileges or information about Executable Modules of the Executable Load Files. More... | |
| OPGP_ERROR_STATUS | OPGP_extract_cap_file (OPGP_CSTRING fileName, PBYTE loadFileBuf, PDWORD loadFileBufSize) |
| Extracts a CAP file into a buffer. More... | |
| OPGP_ERROR_STATUS | OPGP_cap_to_ijc (OPGP_CSTRING capFileName, OPGP_STRING ijcFileName) |
| Converts a CAP file to an IJC file (Executable Load File). More... | |
| OPGP_ERROR_STATUS | OPGP_read_executable_load_file_parameters (OPGP_STRING loadFileName, OPGP_LOAD_FILE_PARAMETERS *loadFileParams) |
| Reads the parameters of an Executable Load File. More... | |
| OPGP_ERROR_STATUS | OPGP_read_executable_load_file_parameters_from_buffer (PBYTE loadFileBuf, DWORD loadFileBufSize, OPGP_LOAD_FILE_PARAMETERS *loadFileParams) |
| Receives Executable Load File as a buffer instead of a FILE. More... | |
| OPGP_ERROR_STATUS | GP211_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, GP211_DAP_BLOCK *loadFileDataBlockSignature, DWORD loadFileDataBlockSignatureLength, OPGP_STRING executableLoadFileName, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback) |
| GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) to the card. More... | |
| OPGP_ERROR_STATUS | GP211_load_from_buffer (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, GP211_DAP_BLOCK *loadFileDataBlockSignature, DWORD loadFileDataBlockSignatureLength, PBYTE loadFileBuf, DWORD loadFileBufSize, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback) |
| GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) from a buffer to the card. More... | |
| OPGP_ERROR_STATUS | GP211_install_for_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], BYTE loadToken[128], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit) |
| GlobalPlatform2.1.1: Prepares the card for loading an application. More... | |
| OPGP_ERROR_STATUS | GP211_install_for_install (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| GlobalPlatform2.1.1: Installs an application on the card. More... | |
| OPGP_ERROR_STATUS | GP211_install_for_install_and_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| GlobalPlatform2.1.1: Installs and makes an installed application selectable. More... | |
| OPGP_ERROR_STATUS | GP211_install_for_extradition (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE securityDomainAID, DWORD securityDomainAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE extraditionToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| GlobalPlatform2.1.1: Associates an application with another Security Domain. More... | |
| OPGP_ERROR_STATUS | GP211_install_for_personalization (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE applicationAID, DWORD applicationAIDLength) |
| GlobalPlatform2.1.1: Informs a Security Domain that a associated application will retrieve personalization data. More... | |
| OPGP_ERROR_STATUS | GP211_install_for_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| GlobalPlatform2.1.1: Makes an installed application selectable. More... | |
| OPGP_ERROR_STATUS | GP211_get_install_token_signature_data (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, PBYTE installTokenSignatureData, PDWORD installTokenSignatureDataLength) |
| GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Install Token. More... | |
| OPGP_ERROR_STATUS | GP211_get_extradition_token_signature_data (PBYTE securityDomainAID, DWORD securityDomainAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, PBYTE extraditionTokenSignatureData, PDWORD extraditionTokenSignatureDataLength) |
| GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Extradition Token. More... | |
| OPGP_ERROR_STATUS | GP211_calculate_install_token (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase) |
| GlobalPlatform2.1.1: Calculates an Install Token using PKCS#1. More... | |
| OPGP_ERROR_STATUS | GP211_get_load_token_signature_data (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE loadTokenSignatureData, PDWORD loadTokenSignatureDataLength) |
| GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in a Load Token. More... | |
| OPGP_ERROR_STATUS | GP211_calculate_load_token (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, BYTE loadToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase) |
| GlobalPlatform2.1.1: Calculates a Load Token using PKCS#1. More... | |
| OPGP_ERROR_STATUS | GP211_calculate_load_file_data_block_hash (OPGP_STRING executableLoadFileName, BYTE hash[32], BYTE secureChannelProtocol) |
| GlobalPlatform2.1.1: Calculates a Load File Data Block Hash. More... | |
| OPGP_ERROR_STATUS | GP211_calculate_3des_DAP (BYTE loadFileDataBlockHash[20], PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE DAPCalculationKey[16], GP211_DAP_BLOCK *loadFileDataBlockSignature) |
| GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using 3DES. More... | |
| OPGP_ERROR_STATUS | GP211_calculate_aes_DAP (BYTE loadFileDataBlockHash[64], BYTE hashLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE DAPCalculationKey[16], GP211_DAP_BLOCK *loadFileDataBlockSignature) |
| OPGP_ERROR_STATUS | GP211_calculate_rsa_DAP (BYTE loadFileDataBlockHash[20], PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING PEMKeyFileName, char *passPhrase, GP211_DAP_BLOCK *loadFileDataBlockSignature) |
| GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using SHA-1 and PKCS#1 (RSA). More... | |
| OPGP_ERROR_STATUS | GP211_validate_load_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE secureChannelProtocol) |
| GlobalPlatform2.1.1: Validates a Load Receipt. More... | |
| OPGP_ERROR_STATUS | GP211_validate_install_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE secureChannelProtocol) |
| GlobalPlatform2.1.1: Validates an Install Receipt. More... | |
| OPGP_ERROR_STATUS | GP211_validate_delete_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE AID, DWORD AIDLength, BYTE secureChannelProtocol) |
| GlobalPlatform2.1.1: Validates a Load Receipt. More... | |
| OPGP_ERROR_STATUS | GP211_validate_extradition_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE oldSecurityDomainAID, DWORD oldSecurityDomainAIDLength, PBYTE newSecurityDomainAID, DWORD newSecurityDomainAIDLength, PBYTE applicationOrExecutableLoadFileAID, DWORD applicationOrExecutableLoadFileAIDLength, BYTE secureChannelProtocol) |
| GlobalPlatform2.1.1: Validates an Extradition Receipt. More... | |
| OPGP_ERROR_STATUS | OP201_VISA2_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE AID, DWORD AIDLength, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the VISA 2 key derivation scheme. More... | |
| OPGP_ERROR_STATUS | GP211_VISA2_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE AID, DWORD AIDLength, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the VISA 2 key derivation scheme. More... | |
| OPGP_ERROR_STATUS | VISA2_derive_keys (BYTE baseKeyDiversificationData[10], BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the VISA 2 key derivation scheme. More... | |
| OPGP_ERROR_STATUS | OP201_VISA1_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the VISA 1 key derivation scheme. More... | |
| OPGP_ERROR_STATUS | GP211_VISA1_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the VISA 1 key derivation scheme. More... | |
| OPGP_ERROR_STATUS | VISA1_derive_keys (BYTE cardSerialNumber[8], BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the VISA 1 key derivation scheme. More... | |
| OPGP_ERROR_STATUS | OP201_EMV_CPS11_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme. More... | |
| OPGP_ERROR_STATUS | GP211_EMV_CPS11_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme. More... | |
| OPGP_ERROR_STATUS | EMV_CPS11_derive_keys (BYTE baseKeyDiversificationData[10], BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16]) |
| Derives the static keys from a master key according the EMV CPS11 derivation scheme. | |
| OPGP_ERROR_STATUS | GP211_mutual_authentication (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE baseKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16], BYTE keySetVersion, BYTE keyIndex, BYTE secureChannelProtocol, BYTE secureChannelProtocolImpl, BYTE securityLevel, BYTE derivationMethod, GP211_SECURITY_INFO *secInfo) |
| GlobalPlatform2.1.1: Mutual authentication. More... | |
| OPGP_ERROR_STATUS | GP211_init_implicit_secure_channel (PBYTE AID, DWORD AIDLength, BYTE baseKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16], BYTE secureChannelProtocolImpl, BYTE sequenceCounter[2], GP211_SECURITY_INFO *secInfo) |
| GlobalPlatform2.1.1: Inits a Secure Channel implicitly. More... | |
| OPGP_ERROR_STATUS | GP211_get_sequence_counter (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE sequenceCounter[2]) |
| GlobalPlatform2.1.1: This returns the current Sequence Counter. More... | |
| OPGP_ERROR_STATUS | GP211_close_implicit_secure_channel (GP211_SECURITY_INFO *secInfo) |
| OPGP_ERROR_STATUS | GP211_pin_change (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE tryLimit, PBYTE newPIN, DWORD newPINLength) |
| GlobalPlatform2.1.1: Changes or unblocks the global PIN. More... | |
| OPGP_ERROR_STATUS | GP211_store_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE data, DWORD dataLength) |
| GlobalPlatform2.1.1: The STORE DATA command is used to transfer data to an Application or the Security Domain processing the command. More... | |
| OPGP_ERROR_STATUS | OPGP_select_channel (OPGP_CARD_INFO *cardInfo, BYTE channelNumber) |
| ISO 7816-4 / GlobalPlatform2.1.1: If multiple Logical Channels are open or a new Logical Channel is opened with select_application(), selects the Logical Channel. More... | |
| OPGP_ERROR_STATUS | OPGP_manage_channel (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO *cardInfo, GP211_SECURITY_INFO *secInfo, BYTE openClose, BYTE channelNumberToClose, BYTE *channelNumberOpened) |
| ISO 7816-4 / GlobalPlatform2.1.1: Opens or closes a Logical Channel. More... | |
| OPGP_ERROR_STATUS | OP201_send_APDU (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE capdu, DWORD capduLength, PBYTE rapdu, PDWORD rapduLength) |
| Sends an application protocol data unit. More... | |
| OPGP_ERROR_STATUS | OP201_put_rsa_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase) |
| Open Platform: replaces a single public RSA key in a key set or adds a new public RSA key. More... | |
| OPGP_ERROR_STATUS | OP201_put_3desKey (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE _3desKey[16]) |
| Open Platform: replaces a single 3DES key in a key set or adds a new 3DES key. More... | |
| OPGP_ERROR_STATUS | OP201_put_secure_channel_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, BYTE new_encKey[16], BYTE new_macKey[16], BYTE new_KEK[16]) |
| Open Platform: replaces or adds a secure channel key set consisting of encryption key, MAC key and key encryption. More... | |
| OPGP_ERROR_STATUS | OP201_put_delegated_management_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE receiptGenerationKey[16]) |
| Open Platform: Adds a key set for Delegated Management. More... | |
| OPGP_ERROR_STATUS | OP201_delete_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex) |
| Open Platform: deletes a key or multiple keys. More... | |
| OPGP_ERROR_STATUS | OP201_delete_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, OPGP_AID *AIDs, DWORD AIDsLength, OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataLength) |
| Open Platform: Deletes a Executable Load File or an application. More... | |
| OPGP_ERROR_STATUS | OP201_put_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE dataObject, DWORD dataObjectLength) |
| Open Platform: Put card data. More... | |
| OPGP_ERROR_STATUS | OP201_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength) |
| Open Platform: Retrieve card data. More... | |
| OPGP_ERROR_STATUS | OP201_get_key_information_templates (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keyInformationTemplate, OP201_KEY_INFORMATION *keyInformation, PDWORD keyInformationLength) |
| Open Platform: Retrieves key information of keys on the card. More... | |
| OPGP_ERROR_STATUS | OP201_set_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE cardElement, PBYTE AID, DWORD AIDLength, BYTE lifeCycleState) |
| Open Platform: Sets the life cycle status of Applications, Security Domains or the Card Manager. More... | |
| OPGP_ERROR_STATUS | OP201_get_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE cardElement, OP201_APPLICATION_DATA *applData, PDWORD applDataLength) |
| Open Platform: Gets the life cycle status of Applications, the Card Manager and Executable Load Files and their privileges. More... | |
| OPGP_ERROR_STATUS | OP201_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, OP201_DAP_BLOCK *dapBlock, DWORD dapBlockLength, OPGP_STRING executableLoadFileName, OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback) |
| Open Platform: Loads a Executable Load File (containing an application) to the card. More... | |
| OPGP_ERROR_STATUS | OP201_load_from_buffer (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, OP201_DAP_BLOCK *dapBlock, DWORD dapBlockLength, PBYTE loadFileBuf, DWORD loadFileBufSize, OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback) |
| Open Platform: Loads a Executable Load File (containing an application) from a buffer to the card. More... | |
| OPGP_ERROR_STATUS | OP201_install_for_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], BYTE loadToken[128], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit) |
| Open Platform: Prepares the card for loading an application. More... | |
| OPGP_ERROR_STATUS | OP201_install_for_install (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| Open Platform: Installs an application on the card. More... | |
| OPGP_ERROR_STATUS | OP201_install_for_install_and_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| Open Platform: Installs and makes an installed application selectable. More... | |
| OPGP_ERROR_STATUS | OP201_install_for_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, BYTE installToken[128], OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable) |
| Open Platform: Makes an installed application selectable. More... | |
| OPGP_ERROR_STATUS | OP201_get_install_token_signature_data (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, PBYTE installTokenSignatureData, PDWORD installTokenSignatureDataLength) |
| Open Platform: Function to retrieve the data to sign by the Card Issuer in an Install Token. More... | |
| OPGP_ERROR_STATUS | OP201_calculate_install_token (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase) |
| Open Platform: Calculates an Install Token using PKCS#1. More... | |
| OPGP_ERROR_STATUS | OP201_get_load_token_signature_data (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE loadTokenSignatureData, PDWORD loadTokenSignatureDataLength) |
| Open Platform: Function to retrieve the data to sign by the Card Issuer in a Load Token. More... | |
| OPGP_ERROR_STATUS | OP201_calculate_load_token (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, BYTE loadToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase) |
| Open Platform: Calculates a Load Token using PKCS#1. More... | |
| OPGP_ERROR_STATUS | OP201_calculate_load_file_DAP (OP201_DAP_BLOCK *dapBlock, DWORD dapBlockLength, OPGP_STRING executableLoadFileName, BYTE hash[20]) |
| Open Platform: Calculates a Load File DAP. More... | |
| OPGP_ERROR_STATUS | OP201_calculate_3des_DAP (PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING executableLoadFileName, BYTE DAP_verification_key[16], OP201_DAP_BLOCK *dapBlock) |
| Open Platform: Calculates a Load File Data Block DAP using 3DES. More... | |
| OPGP_ERROR_STATUS | OP201_calculate_rsa_DAP (PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING executableLoadFileName, OPGP_STRING PEMKeyFileName, char *passPhrase, OP201_DAP_BLOCK *dapBlock) |
| Open Platform: Calculates a Load File Data Block DAP using SHA-1 and PKCS#1 (RSA). More... | |
| OPGP_ERROR_STATUS | OP201_validate_load_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength) |
| Open Platform: Validates a Load Receipt. More... | |
| OPGP_ERROR_STATUS | OP201_validate_install_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength) |
| Open Platform: Validates an Install Receipt. More... | |
| OPGP_ERROR_STATUS | OP201_validate_delete_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE AID, DWORD AIDLength) |
| Open Platform: Validates a Load Receipt. More... | |
| OPGP_ERROR_STATUS | OP201_pin_change (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE tryLimit, PBYTE newPIN, DWORD newPINLength, BYTE KEK[16]) |
| Open Platform: Changes or unblocks the global PIN. More... | |
| OPGP_ERROR_STATUS | OP201_mutual_authentication (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE baseKey[16], BYTE encKey[16], BYTE macKey[16], BYTE kekKey[16], BYTE keySetVersion, BYTE keyIndex, BYTE securityLevel, BYTE derivationMethod, OP201_SECURITY_INFO *secInfo) |
| Open Platform: Mutual authentication. More... | |
Detailed Description
This implements all Open- and GlobalPlatform functions.
Macro Definition Documentation
◆ CHECK_SW_9000
| #define CHECK_SW_9000 | ( | recvBuffer, | |
| recvBufferLength, | |||
| status | |||
| ) |
Value:
if (recvBuffer[recvBufferLength-2] != 0x90 || recvBuffer[recvBufferLength-1] != 0x00) {\
OPGP_ERROR_CREATE_ERROR(status, status.errorCode, OPGP_stringify_error(status.errorCode)); \
goto end; \
}
Macro to check for the status word 9000, otherwise the status is set to the error and a jump to the end mark takes place.
Function Documentation
◆ delete_application()
| OPGP_ERROR_STATUS delete_application | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| OPGP_AID * | AIDs, | ||
| DWORD | AIDsLength, | ||
| GP211_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataLength, | ||
| DWORD | mode | ||
| ) |
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). AIDs [in] A pointer to the an array of OPGP_AID structures describing the applications and load files to delete. AIDsLength [in] The number of OPGP_AID structures. *receiptData [out] A GP211_RECEIPT_DATA array. If the deletion is performed by a security domain with delegated management privilege this structure contains the according data for each deleted application or package. receiptDataLength [in, out] A pointer to the length of the receiptData array. If no receiptData is available this length is 0; mode OpenPlatform 2.0.1' or GlobalPlatform 2.1.1 delete command.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ fillReceipt()
| OPGP_NO_API DWORD fillReceipt | ( | PBYTE | buf, |
| GP211_RECEIPT_DATA * | receiptData | ||
| ) |
Reads a valid buffer containing a (delete, load, install) receipt and parses it in a GP211_RECEIPT_DATA.
- Parameters
-
buf [in] The buffer to parse. receiptData [out] The receipt data.
- Returns
- The number of bytes which were consumed while parsing the buffer.
◆ GP211_begin_R_MAC()
| OPGP_ERROR_STATUS GP211_begin_R_MAC | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | securityLevel, | ||
| PBYTE | data, | ||
| DWORD | dataLength | ||
| ) |
Initiates a R-MAC session.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). securityLevel Level of security for all subsequent commands - GP211_SCP02_SECURITY_LEVEL_R_MAC - Each APDU response contains a R-MAC during the session.
- GP211_SCP02_SECURITY_LEVEL_NO_SECURE_MESSAGING - Only the END R-MAC SESSION response message will contain a R-MAC.
- GP211_SCP03_SECURITY_LEVEL_R_MAC - Each APDU response contains a R-MAC during the session.
- GP211_SCP03_SECURITY_LEVEL_R_ENC_R_MAC - Each APDU response contains a R-MAC and R-encryption during the session.
data [in] Data for the BEGIN R-MAC SESSION command, e.g. extra challenge. dataLength [in] Length of data.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_calculate_3des_DAP()
| OPGP_ERROR_STATUS GP211_calculate_3des_DAP | ( | BYTE | loadFileDataBlockHash[20], |
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | DAPCalculationKey[16], | ||
| GP211_DAP_BLOCK * | loadFileDataBlockSignature | ||
| ) |
GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using 3DES.
This is used with SCP02. If a security domain has DAP verification privilege the security domain validates this DAP. The loadFileDataBlockHash can be calculated using calculate_load_file_data_block_hash().
- Parameters
-
loadFileDataBlockHash [in] The Load File Data Block Hash. securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. DAPCalculationKey [in] The key to calculate the DAP. *loadFileDataBlockSignature [out] A pointer to the returned GP211_DAP_BLOCK structure.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_calculate_aes_DAP()
| OPGP_ERROR_STATUS GP211_calculate_aes_DAP | ( | BYTE | loadFileDataBlockHash[64], |
| BYTE | hashLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | DAPCalculationKey[16], | ||
| GP211_DAP_BLOCK * | loadFileDataBlockSignature | ||
| ) |
This is used with SCP03. If a security domain has DAP verification privilege the security domain validates this DAP. The loadFileDataBlockHash can be calculated using calculate_load_file_data_block_hash().
- Parameters
-
loadFileDataBlockHash [in] The Load File Data Block Hash. Must be a SHA-256, SHA-384 or SHA-512 hash. hashLength [in] The length of the hash. securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. DAPCalculationKey [in] The key to calculate the DAP. *loadFileDataBlockSignature [out] A pointer to the returned GP211_DAP_BLOCK structure.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_calculate_install_token()
| OPGP_ERROR_STATUS GP211_calculate_install_token | ( | BYTE | P1, |
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | executableModuleAID, | ||
| DWORD | executableModuleAIDLength, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | installParameters, | ||
| DWORD | installParametersLength, | ||
| BYTE | installToken[128], | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase | ||
| ) |
GlobalPlatform2.1.1: Calculates an Install Token using PKCS#1.
The parameters must match the parameters of a later GP211_install_for_install(), GP211_install_for_make_selectable() and GP211_install_for_install_and_make_selectable() method.
- Parameters
-
P1 [in] The parameter P1 in the APDU command. - 0x04 for a INSTALL [for install] command
- 0x08 for an INSTALL [for make selectable] command
- 0x0C for an INSTALL [for install and make selectable]
- 0x10 for an INSTALL [for extradiction]
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. executableModuleAID [in] The AID of the application class in the package. executableModuleAIDLength [in] The length of the executableModuleAID buffer. applicationAID [in] The AID of the installed application. applicationAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. installParameters [in] Applet install parameters for the install() method of the application. installParametersLength [in] The length of the installParameters buffer. installToken [out] The calculated Install Token. A 1024 bit RSA signature. PEMKeyFileName [in] A PEM file name with the private RSA key. *passPhrase [in] The passphrase. Must be an ASCII string.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_calculate_load_file_data_block_hash()
| OPGP_ERROR_STATUS GP211_calculate_load_file_data_block_hash | ( | OPGP_STRING | executableLoadFileName, |
| BYTE | hash[32], | ||
| BYTE | secureChannelProtocol | ||
| ) |
GlobalPlatform2.1.1: Calculates a Load File Data Block Hash.
This is a hash of the Load File Data Block with SHA-1 for SCP02 or SHA-256 for SCP03.
- Parameters
-
executableLoadFileName [in] The name of the Executable Load File to hash. hash [out] The hash value. secureChannelProtocol [in] The Secure Channel Protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_calculate_load_token()
| OPGP_ERROR_STATUS GP211_calculate_load_token | ( | PBYTE | executableLoadFileAID, |
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | loadFileDataBlockHash[20], | ||
| DWORD | nonVolatileCodeSpaceLimit, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| BYTE | loadToken[128], | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase | ||
| ) |
GlobalPlatform2.1.1: Calculates a Load Token using PKCS#1.
The parameters must match the parameters of a later GP211_install_for_load() method.
- Parameters
-
executableLoadFileAID [in] A buffer containing the Executable Load File AID. executableLoadFileAIDLength [in] The length of the Executable Load File AID. securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. loadFileDataBlockHash [in] The Load File DAP. The same calculated as in GP211_install_for_load(). nonVolatileCodeSpaceLimit [in] The minimum space required to store the package. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. loadToken [out] The calculated Load Token. A 1024 bit RSA signature. PEMKeyFileName [in] A PEM file name with the private RSA key. *passPhrase [in] The passphrase. Must be an ASCII string.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_calculate_rsa_DAP()
| OPGP_ERROR_STATUS GP211_calculate_rsa_DAP | ( | BYTE | loadFileDataBlockHash[20], |
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase, | ||
| GP211_DAP_BLOCK * | loadFileDataBlockSignature | ||
| ) |
GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using SHA-1 and PKCS#1 (RSA).
If a security domain has DAP verification privilege the security domain validates this DAP. The loadFileDataBlockHash can be calculated using calculate_load_file_data_block_hash().
- Parameters
-
loadFileDataBlockHash [in] The Load File Data Block Hash. securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. PEMKeyFileName [in] A PEM file name with the DAP Verification private RSA key. *passPhrase [in] The passphrase. Must be an ASCII string. *loadFileDataBlockSignature [out] A pointer to the returned GP211_DAP_BLOCK structure.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_close_implicit_secure_channel()
| OPGP_ERROR_STATUS GP211_close_implicit_secure_channel | ( | GP211_SECURITY_INFO * | secInfo | ) |
- Parameters
-
*secInfo [out] The returned GP211_SECURITY_INFO structure.
◆ GP211_delete_application()
| OPGP_ERROR_STATUS GP211_delete_application | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| OPGP_AID * | AIDs, | ||
| DWORD | AIDsLength, | ||
| GP211_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataLength | ||
| ) |
GlobalPlatform2.1.1: Deletes a Executable Load File or an application.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). AIDs [in] A pointer to the an array of OPGP_AID structures describing the applications and load files to delete. AIDsLength [in] The number of OPGP_AID structures. *receiptData [out] A GP211_RECEIPT_DATA array. If the deletion is performed by a security domain with delegated management privilege this structure contains the according data for each deleted application or package. receiptDataLength [in, out] A pointer to the length of the receiptData array. If no receiptData is available this length is 0;
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_delete_key()
| OPGP_ERROR_STATUS GP211_delete_key | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex | ||
| ) |
GlobalPlatform2.1.1: deletes a key or multiple keys.
If keyIndex is 0xFF (=-1) all keys within a keySetVersion are deleted. If keySetVersion is 0x00 all keys with the specified keyIndex are deleted.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). keySetVersion [in] An existing key set version. keyIndex [in] An existing key index.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_EMV_CPS11_derive_keys()
| OPGP_ERROR_STATUS GP211_EMV_CPS11_derive_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | masterKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16] | ||
| ) |
Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme.
E.g. Sm@rtCafe Expert 3.0 cards use this scheme.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). masterKey [in] The master key. S_ENC [out] The static Encryption key. S_MAC [out] The static Message Authentication Code key. DEK [out] The static Key Encryption Key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_end_R_MAC()
| OPGP_ERROR_STATUS GP211_end_R_MAC | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | secureChannelProtocol | ||
| ) |
Terminates a R-MAC session.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). secureChannelProtocol [in] The security channel protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_data()
| OPGP_ERROR_STATUS GP211_get_data | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | identifier[2], | ||
| PBYTE | recvBuffer, | ||
| PDWORD | recvBufferLength | ||
| ) |
GlobalPlatform2.1.1: Retrieve card data.
Retrieves a single card data object from the card identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See GP211_GET_DATA_CPLC_WHOLE_CPLC and so on. For details about the coding of the response see the programmer's manual of your card. There is a convenience method get_key_information_templates() to get the key information template(s) containing key set version, key index, key type and key length of the keys.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). identifier [in] Two byte buffer with high and low order tag value for identifying card data object. recvBuffer [out] The buffer for the card data object. recvBufferLength [in, out] The length of the received card data object.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_data_iso7816_4()
| OPGP_ERROR_STATUS GP211_get_data_iso7816_4 | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| BYTE | identifier[2], | ||
| PBYTE | recvBuffer, | ||
| PDWORD | recvBufferLength | ||
| ) |
Retrieve card data according ISO/IEC 7816-4 command not within a secure channel.
This command is useful to return the Card Data with identifier 0x0066 containing the Card Recognition Data with tag 0x73 containing among others the Secure Channel Protocol and the eventual implementations. For getting the Secure Channel Protocol and Secure Channel Protocol implementation there is the convenience function get_secure_channel_protocol_details(). See also data objects identified in ISO 7816-6.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). identifier [in] Two byte buffer with high and low order tag value for identifying card data. recvBuffer [out] The buffer for the card data. recvBufferLength [in, out] The length of the received card data.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_extradition_token_signature_data()
| OPGP_ERROR_STATUS GP211_get_extradition_token_signature_data | ( | PBYTE | securityDomainAID, |
| DWORD | securityDomainAIDLength, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength, | ||
| PBYTE | extraditionTokenSignatureData, | ||
| PDWORD | extraditionTokenSignatureDataLength | ||
| ) |
GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Extradition Token.
If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Extradition Token. The parameters must match the parameters of a later GP211_install_for_extradition() method.
- Parameters
-
securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. applicationAID [in] The AID of the installed application. applicationAIDLength [in] The length of the application instance AID. extraditionTokenSignatureData [out] The data to sign in a Install Token. extraditionTokenSignatureDataLength [in, out] The length of the installTokenSignatureData buffer.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_install_token_signature_data()
| OPGP_ERROR_STATUS GP211_get_install_token_signature_data | ( | BYTE | P1, |
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | executableModuleAID, | ||
| DWORD | executableModuleAIDLength, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | installParameters, | ||
| DWORD | installParametersLength, | ||
| PBYTE | installTokenSignatureData, | ||
| PDWORD | installTokenSignatureDataLength | ||
| ) |
GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Install Token.
If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Install Token. volatileDataSpaceLimit can be 0, if the card does not need or support this tag. The parameters must match the parameters of a later GP211_install_for_install() and GP211_install_for_make_selectable() method.
- Parameters
-
P1 [in] The parameter P1 in the APDU command. - 0x04 for a INSTALL [for install] command
- 0x08 for an INSTALL [for make selectable] command
- 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for load]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. executableModuleAID [in] The AID of the application class in the package. executableModuleAIDLength [in] The length of the executableModuleAID buffer. applicationAID [in] The AID of the installed application. applicationAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. installParameters [in] Applet install parameters for the install() method of the application. installParametersLength [in] The length of the installParameters buffer. installTokenSignatureData [out] The data to sign in a Install Token. installTokenSignatureDataLength [in, out] The length of the installTokenSignatureData buffer.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_key_information_templates()
| OPGP_ERROR_STATUS GP211_get_key_information_templates | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | keyInformationTemplate, | ||
| GP211_KEY_INFORMATION * | keyInformation, | ||
| PDWORD | keyInformationLength | ||
| ) |
GlobalPlatform2.1.1: Retrieves key information of keys on the card.
The card must support the optional report of key information templates.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). keyInformationTemplate [in] The number of the key information template. *keyInformation [out] A pointer to an array of GP211_KEY_INFORMATION structures. keyInformationLength [in, out] The number of GP211_KEY_INFORMATION structures.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_load_token_signature_data()
| OPGP_ERROR_STATUS GP211_get_load_token_signature_data | ( | PBYTE | executableLoadFileAID, |
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | loadFileDataBlockHash[20], | ||
| DWORD | nonVolatileCodeSpaceLimit, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | loadTokenSignatureData, | ||
| PDWORD | loadTokenSignatureDataLength | ||
| ) |
GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in a Load Token.
If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Load Token. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags. The parameters must match the parameters of a later GP211_install_for_load() command.
- Parameters
-
executableLoadFileAID [in] A buffer containing the Executable Load File AID. executableLoadFileAIDLength [in] The length of the Executable Load File AID. securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. loadFileDataBlockHash [in] The Load File Data Block Hash. The same calculated as in GP211_install_for_load(). nonVolatileCodeSpaceLimit [in] The minimum space required to store the application code. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. loadTokenSignatureData [out] The data to sign in a Load Token. loadTokenSignatureDataLength [in, out] The length of the loadTokenSignatureData buffer.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_secure_channel_protocol_details()
| OPGP_ERROR_STATUS GP211_get_secure_channel_protocol_details | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| BYTE * | secureChannelProtocol, | ||
| BYTE * | secureChannelProtocolImpl | ||
| ) |
GlobalPlatform2.1.1: This returns the Secure Channel Protocol and the Secure Channel Protocol implementation.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secureChannelProtocol [out] A pointer to the Secure Channel Protocol to use. *secureChannelProtocolImpl [out] A pointer to the implementation of the Secure Channel Protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_sequence_counter()
| OPGP_ERROR_STATUS GP211_get_sequence_counter | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| BYTE | sequenceCounter[2] | ||
| ) |
GlobalPlatform2.1.1: This returns the current Sequence Counter.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). sequenceCounter [out] The sequence counter.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_get_status()
| OPGP_ERROR_STATUS GP211_get_status | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | cardElement, | ||
| BYTE | format, | ||
| GP211_APPLICATION_DATA * | applData, | ||
| GP211_EXECUTABLE_MODULES_DATA * | executableData, | ||
| PDWORD | dataLength | ||
| ) |
GlobalPlatform2.1.1: Gets the life cycle status of Applications, the Issuer Security Domains, Security Domains and Executable Load Files and their privileges or information about Executable Modules of the Executable Load Files.
It depends on the card element to retrieve if an array of GP211_APPLICATION_DATA structures or an array of GP211_EXECUTABLE_MODULES_DATA structures must be passed to this function. For the card element GP211_EXECUTABLE_MODULES_DATA executableData must not be NULL, else applData must not be NULL.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). cardElement [in] Identifier to retrieve data for Load Files, Applications or the Card Manager. format [in] The GET STATUS output format. Newer cards might not support the legacy format. See GP211_STATUS_APPLICATIONS and related. *applData [out] The GP211_APPLICATION_DATA structure. *executableData [out] The GP211_APPLICATION_DATA structure. dataLength [in, out] The number of GP211_APPLICATION_DATA or GP211_EXECUTABLE_MODULES_DATA passed and returned.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_init_implicit_secure_channel()
| OPGP_ERROR_STATUS GP211_init_implicit_secure_channel | ( | PBYTE | AID, |
| DWORD | AIDLength, | ||
| BYTE | baseKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16], | ||
| BYTE | secureChannelProtocolImpl, | ||
| BYTE | sequenceCounter[2], | ||
| GP211_SECURITY_INFO * | secInfo | ||
| ) |
GlobalPlatform2.1.1: Inits a Secure Channel implicitly.
This is only supported in SCP02. It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function GP211_get_secure_channel_protocol_details(). New cards usually use the VISA default key for all DES keys. See OPGP_VISA_DEFAULT_KEY. The current Sequence Counter can be obtained with a call to GP211_get_sequence_counter(). SCP02 is implicitly set and the security level is set to C-MAC only.
- Parameters
-
AID The AID needed for the calculation of the ICV. AIDLength The length of the AID buffer. baseKey [in] Secure Channel base key. S_ENC [in] Secure Channel Encryption Key. S_MAC [in] Secure Channel Message Authentication Code Key. DEK [in] Data Encryption Key. secureChannelProtocolImpl [in] The Secure Channel Protocol Implementation. sequenceCounter [in] The sequence counter. *secInfo [out] The returned GP211_SECURITY_INFO structure.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_install_for_extradition()
| OPGP_ERROR_STATUS GP211_install_for_extradition | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength, | ||
| BYTE | extraditionToken[128], | ||
| GP211_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable | ||
| ) |
GlobalPlatform2.1.1: Associates an application with another Security Domain.
In the case of delegated management an Extradition Token authorizing the INSTALL [for extradition] must be included. Otherwise extraditionToken must be NULL. See GP211_calculate_install_token().
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. applicationAID [in] The AID of the installed application. applicationAIDLength [in] The length of the application instance AID. GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. extraditionToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. receiptDataAvailable [out] 0 if no receiptData is available.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_install_for_install()
| OPGP_ERROR_STATUS GP211_install_for_install | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | executableModuleAID, | ||
| DWORD | executableModuleAIDLength, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | installParameters, | ||
| DWORD | installParametersLength, | ||
| BYTE | installToken[128], | ||
| GP211_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable | ||
| ) |
GlobalPlatform2.1.1: Installs an application on the card.
In the case of delegated management an Install Token authorizing the INSTALL [for install] must be included. Otherwise installToken must be NULL. See GP211_calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If executableModuleAID is NULL and executableModuleAIDLength is 0 applicationAID is assumed for executableModuleAID.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. executableModuleAID [in] The AID of the application class in the package. executableModuleAIDLength [in] The length of the executableModuleAID buffer. applicationAID [in] The AID of the installed application. applicationAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. installParameters [in] Applet install parameters for the install() method of the application. installParametersLength [in] The length of the installParameters buffer. installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. receiptDataAvailable [out] 0 if no receiptData is available.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_install_for_install_and_make_selectable()
| OPGP_ERROR_STATUS GP211_install_for_install_and_make_selectable | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | executableModuleAID, | ||
| DWORD | executableModuleAIDLength, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | installParameters, | ||
| DWORD | installParametersLength, | ||
| BYTE | installToken[128], | ||
| GP211_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable | ||
| ) |
GlobalPlatform2.1.1: Installs and makes an installed application selectable.
In the case of delegated management an Install Token authorizing the INSTALL [for install and make selectable] must be included. Otherwise installToken must be NULL. See GP211_calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If executableModuleAID is NULL and executableModuleAIDLength is 0 applicationAID is assumed for executableModuleAID.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. executableModuleAID [in] The AID of the application class in the package. executableModuleAIDLength [in] The length of the executableModuleAID buffer. applicationAID [in] The AID of the installed application. applicationAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. installParameters [in] Applet install parameters for the install() method of the application. installParametersLength [in] The length of the installParameters buffer. installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. receiptDataAvailable [out] 0 if no receiptData is available.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_install_for_load()
| OPGP_ERROR_STATUS GP211_install_for_load | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | loadFileDataBlockHash[20], | ||
| BYTE | loadToken[128], | ||
| DWORD | nonVolatileCodeSpaceLimit, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit | ||
| ) |
GlobalPlatform2.1.1: Prepares the card for loading an application.
The function assumes that the Issuer Security Domain or Security Domain uses an optional Load File Data Block Hash using the SHA-1 message digest algorithm. The loadFileDataBlockHash can be calculated using GP211_calculate_load_file_data_block_hash() or must be NULL, if the card does not need or support a Load File DAP in this situation, e.g. if you want to load a Executable Load File to the Card Manager Security Domain. In the case of delegated management a Load Token authorizing the INSTALL [for load] must be included. Otherwise loadToken must be NULL. See GP211_calculate_load_token(). The term Executable Load File is equivalent to the GlobalPlatform term Load File Data Block. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for load]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. securityDomainAID [in] A buffer containing the AID of the intended associated Security Domain. securityDomainAIDLength [in] The length of the Security Domain AID. loadFileDataBlockHash [in] The Load File Data Block Hash of the Executable Load File to INSTALL [for load]. loadToken [in] The Load Token. This is a 1024 bit (=128 byte) RSA Signature. nonVolatileCodeSpaceLimit [in] The minimum amount of space that must be available to store the package. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_install_for_make_selectable()
| OPGP_ERROR_STATUS GP211_install_for_make_selectable | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| BYTE | installToken[128], | ||
| GP211_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable | ||
| ) |
GlobalPlatform2.1.1: Makes an installed application selectable.
In the case of delegated management an Install Token authorizing the INSTALL [for make selectable] must be included. Otherwise installToken must be NULL. For Security domains look in your manual what parameters are necessary.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). applicationAID [in] The AID of the installed application or security domain. applicationAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. receiptDataAvailable [out] 0 if no receiptData is available.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_install_for_personalization()
| OPGP_ERROR_STATUS GP211_install_for_personalization | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength | ||
| ) |
GlobalPlatform2.1.1: Informs a Security Domain that a associated application will retrieve personalization data.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). applicationAID [in] The AID of the installed application. applicationAIDLength [in] The length of the application instance AID.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_load()
| OPGP_ERROR_STATUS GP211_load | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| GP211_DAP_BLOCK * | loadFileDataBlockSignature, | ||
| DWORD | loadFileDataBlockSignatureLength, | ||
| OPGP_STRING | executableLoadFileName, | ||
| GP211_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable, | ||
| OPGP_PROGRESS_CALLBACK * | callback | ||
| ) |
GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) to the card.
An GP211_install_for_load() must precede. The Load File Data Block Signature(s) must be the same block(s) and in the same order like in GP211_calculate_load_file_data_block_hash(). If no Load File Data Block Signatures are necessary the loadFileDataBlockSignature must be NULL and the loadFileDataBlockSignatureLength 0.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). *loadFileDataBlockSignature [in] A pointer to GP211_DAP_BLOCK structure(s). loadFileDataBlockSignatureLength [in] The number of GP211_DAP_BLOCK structure(s). executableLoadFileName [in] The name of the CAP or IJC file (Executable Load File) to load. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt(). receiptDataAvailable [out] 0 if no receiptData is available. *callback [in] An optional callback for measuring the progress. Can be NULL if not needed.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_load_from_buffer()
| OPGP_ERROR_STATUS GP211_load_from_buffer | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| GP211_DAP_BLOCK * | loadFileDataBlockSignature, | ||
| DWORD | loadFileDataBlockSignatureLength, | ||
| PBYTE | loadFileBuf, | ||
| DWORD | loadFileBufSize, | ||
| GP211_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable, | ||
| OPGP_PROGRESS_CALLBACK * | callback | ||
| ) |
GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) from a buffer to the card.
An GP211_install_for_load() must precede. The Load File Data Block Signature(s) must be the same block(s) and in the same order like in calculate_load_file_data_block_hash(). If no Load File Data Block Signatures are necessary the loadFileDataBlockSignature must be NULL and the loadFileDataBlockSignatureLength 0.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). *loadFileDataBlockSignature [in] A pointer to GP211_DAP_BLOCK structure(s). loadFileDataBlockSignatureLength [in] The number of GP211_DAP_BLOCK structure(s). loadFileBuf [in] buffer with the contents of a Executable Load File. loadFileBufSize [in] size of loadFileBuf. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt(). receiptDataAvailable [out] 0 if no receiptData is available. *callback [in] An optional callback for measuring the progress. Can be NULL if not needed.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_mutual_authentication()
| OPGP_ERROR_STATUS GP211_mutual_authentication | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| BYTE | baseKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16], | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex, | ||
| BYTE | secureChannelProtocol, | ||
| BYTE | secureChannelProtocolImpl, | ||
| BYTE | securityLevel, | ||
| BYTE | derivationMethod, | ||
| GP211_SECURITY_INFO * | secInfo | ||
| ) |
GlobalPlatform2.1.1: Mutual authentication.
A keySetVersion and keyIndex of 0x00 selects the first available key set version and key index. There a two Secure Channel Protocols defined be the GlobalPlatform specification. For SCP01 a secure channel key set consist always of at least three keys, from which the Secure Channel Encryption Key and the Secure Channel Message Authentication Code Key is needed for mutual authentication and the generation of session keys. The Data Encryption Key is used when transmitting key sensitive data with a PUT KEY command. For SCP02 a key set can also have only one Secure Channel base key. It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function get_secure_channel_protocol_details(). New cards usually use the VISA default key for all DES keys. See OPGP_VISA_DEFAULT_KEY. If a derivation method is used the baseKey defines the master key.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). baseKey [in] Secure Channel base key or the master key for the key derivation. S_ENC [in] Secure Channel Encryption Key. S_MAC [in] Secure Channel Message Authentication Code Key. DEK [in] Data Encryption Key. keySetVersion [in] The key set version on the card to use for mutual authentication. keyIndex [in] The key index of the encryption key in the key set version on the card to use for mutual authentication. secureChannelProtocol [in] The Secure Channel Protocol. secureChannelProtocolImpl [in] The Secure Channel Protocol Implementation. securityLevel [in] The requested security level. See GP211_SCP01_SECURITY_LEVEL_C_DEC_C_MAC and others. derivationMethod [in] The derivation method to use for. See OPGP_DERIVATION_METHOD_VISA2. *secInfo [out] The returned GP211_SECURITY_INFO structure.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_pin_change()
| OPGP_ERROR_STATUS GP211_pin_change | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | tryLimit, | ||
| PBYTE | newPIN, | ||
| DWORD | newPINLength | ||
| ) |
GlobalPlatform2.1.1: Changes or unblocks the global PIN.
The single numbers of the new PIN are encoded as single BYTEs in the newPIN buffer. The tryLimit must be in the range of 0x03 and x0A. The PIN must comprise at least 6 numbers and not exceeding 12 numbers. To unblock the PIN use tryLimit with a value of 0x00. In this case newPIN buffer and newPINLength are ignored.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). tryLimit [in] The try limit for the PIN. newPIN [in] The new PIN. newPINLength [in] The length of the new PIN.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_put_3des_key()
| OPGP_ERROR_STATUS GP211_put_3des_key | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex, | ||
| BYTE | newKeySetVersion, | ||
| BYTE | _3DESKey[16] | ||
| ) |
GlobalPlatform2.1.1: replaces a single 3DES key in a key set or adds a new 3DES key.
A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). keySetVersion [in] An existing key set version. keyIndex [in] The position of the key in the key set version. newKeySetVersion [in] The new key set version. _3DESKey [in] The new 3DES key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_put_aes_key()
| OPGP_ERROR_STATUS GP211_put_aes_key | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex, | ||
| BYTE | newKeySetVersion, | ||
| BYTE | aesKey[16] | ||
| ) |
GlobalPlatform2.1.1: replaces a single AES key in a key set or adds a new AES key.
A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). keySetVersion [in] An existing key set version. keyIndex [in] The position of the key in the key set version. newKeySetVersion [in] The new key set version. aesKey [in] The new AES key.
◆ GP211_put_data()
| OPGP_ERROR_STATUS GP211_put_data | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | identifier[2], | ||
| PBYTE | dataObject, | ||
| DWORD | dataObjectLength | ||
| ) |
GlobalPlatform2.1.1: Put card data.
Puts a single card data object identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See GP211_GET_DATA_CPLC_WHOLE_CPLC. For details about the coding of the dataObject see the programmer's manual of your card.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). identifier [in] Two byte buffer with high and low order tag value for identifying card data object. dataObject [in] The coded data object. dataObjectLength [in] The length of the data object.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_put_delegated_management_keys()
| OPGP_ERROR_STATUS GP211_put_delegated_management_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | newKeySetVersion, | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase, | ||
| BYTE | receiptKey[16] | ||
| ) |
GlobalPlatform2.1.1: Adds a key set for Delegated Management.
A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a the new secure channel keys belongs to. This can be the same key version or a new not existing key set version.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). keySetVersion [in] An existing key set version. newKeySetVersion [in] The new key set version. PEMKeyFileName [in] A PEM file name with the public RSA key. *passPhrase [in] The passphrase. Must be an ASCII string. receiptKey [in] The new Receipt Generation key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_put_rsa_key()
| OPGP_ERROR_STATUS GP211_put_rsa_key | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex, | ||
| BYTE | newKeySetVersion, | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase | ||
| ) |
GlobalPlatform2.1.1: replaces a single public RSA key in a key set or adds a new public RSA key.
A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). keySetVersion [in] An existing key set version. keyIndex [in] The position of the key in the key set version. newKeySetVersion [in] The new key set version. PEMKeyFileName [in] A PEM file name with the public RSA key. *passPhrase [in] The passphrase. Must be an ASCII string.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_put_secure_channel_keys()
| OPGP_ERROR_STATUS GP211_put_secure_channel_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | newKeySetVersion, | ||
| BYTE | newBaseKey[16], | ||
| BYTE | newS_ENC[16], | ||
| BYTE | newS_MAC[16], | ||
| BYTE | newDEK[16] | ||
| ) |
GlobalPlatform2.1.1: replaces or adds a secure channel key set consisting of S-ENC, S-MAC and DEK.
A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version the new secure channel keys belongs to. This can be the same key version or a new not existing key set version. It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function GP211_get_secure_channel_protocol_details(). Sometimes a key derivation of the put keys might be necessary so it is necessary to call GP211_EMV_CPS11_derive_keys() or any other derivation function. If this is the newBaseKey must be NULL and the derived keys are passed as the 3 Secure Channel Keys.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). keySetVersion [in] An existing key set version. newKeySetVersion [in] The new key set version. newBaseKey [in] The new Secure Channel base key. newS_ENC [in] The new S-ENC key. newS_MAC [in] The new S-MAC key. newDEK [in] The new DEK.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_send_APDU()
| OPGP_ERROR_STATUS GP211_send_APDU | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | capdu, | ||
| DWORD | capduLength, | ||
| PBYTE | rapdu, | ||
| PDWORD | rapduLength | ||
| ) |
Sends an application protocol data unit.
The secInfo pointer can also be null and so this function can be used for arbitrary cards.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). capdu [in] The command APDU. capduLength [in] The length of the command APDU. rapdu [out] The response APDU. rapduLength [in, out] The length of the the response APDU.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_set_status()
| OPGP_ERROR_STATUS GP211_set_status | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | cardElement, | ||
| PBYTE | AID, | ||
| DWORD | AIDLength, | ||
| BYTE | lifeCycleState | ||
| ) |
GlobalPlatform2.1.1: Sets the life cycle status of Applications, Security Domains or the Card Manager.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). cardElement [in] Identifier for Load Files, Applications or the Card Manager. AID [in] The AID. AIDLength [in] The length of the AID. lifeCycleState [in] The new life cycle state.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_store_data()
| OPGP_ERROR_STATUS GP211_store_data | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | data, | ||
| DWORD | dataLength | ||
| ) |
GlobalPlatform2.1.1: The STORE DATA command is used to transfer data to an Application or the Security Domain processing the command.
If STORE DATA is used for personalizing an application, a GP211_install_for_personalization().
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). *data [in] Data to send to application or Security Domain. dataLength [in] The length of the data buffer.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_validate_delete_receipt()
| OPGP_ERROR_STATUS GP211_validate_delete_receipt | ( | DWORD | confirmationCounter, |
| PBYTE | cardUniqueData, | ||
| DWORD | cardUniqueDataLength, | ||
| BYTE | receiptKey[16], | ||
| GP211_RECEIPT_DATA | receiptData, | ||
| PBYTE | AID, | ||
| DWORD | AIDLength, | ||
| BYTE | secureChannelProtocol | ||
| ) |
GlobalPlatform2.1.1: Validates a Load Receipt.
Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.
- Parameters
-
confirmationCounter [in] The confirmation counter. cardUniqueData [in] The card unique data. cardUniqueDataLength [in] The length of the card unique data buffer. receiptKey [in] The 3DES key to generate the receipt. receiptData [in] The GP211_RECEIPT_DATA structure containing the receipt returned from delete_application() to verify. AID [in] A buffer with AID of the application which was deleted. AIDLength [in] The length of the AID. secureChannelProtocol [in] The Secure Channel Protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_validate_extradition_receipt()
| OPGP_ERROR_STATUS GP211_validate_extradition_receipt | ( | DWORD | confirmationCounter, |
| PBYTE | cardUniqueData, | ||
| DWORD | cardUniqueDataLength, | ||
| BYTE | receiptKey[16], | ||
| GP211_RECEIPT_DATA | receiptData, | ||
| PBYTE | oldSecurityDomainAID, | ||
| DWORD | oldSecurityDomainAIDLength, | ||
| PBYTE | newSecurityDomainAID, | ||
| DWORD | newSecurityDomainAIDLength, | ||
| PBYTE | applicationOrExecutableLoadFileAID, | ||
| DWORD | applicationOrExecutableLoadFileAIDLength, | ||
| BYTE | secureChannelProtocol | ||
| ) |
GlobalPlatform2.1.1: Validates an Extradition Receipt.
Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.
- Parameters
-
confirmationCounter [in] The confirmation counter. cardUniqueData [in] The card unique data. cardUniqueDataLength [in] The length of the card unique data buffer. receiptKey [in] The 3DES key to generate the receipt. receiptData [in] The GP211_RECEIPT_DATA structure containing the receipt returned from GP211_install_for_extradition() to verify. oldSecurityDomainAID [in] The AID of the old associated Security Domain. oldSecurityDomainAIDLength [in] The length of the oldSecurityDomainAID buffer. newSecurityDomainAID [in] The AID of the new associated Security Domain. newSecurityDomainAIDLength [in] The length of the newSecurityDomainAID buffer. applicationOrExecutableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for install]. applicationOrExecutableLoadFileAIDLength [in] The length of the Executable Load File AID. secureChannelProtocol [in] The Secure Channel Protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_validate_install_receipt()
| OPGP_ERROR_STATUS GP211_validate_install_receipt | ( | DWORD | confirmationCounter, |
| PBYTE | cardUniqueData, | ||
| DWORD | cardUniqueDataLength, | ||
| BYTE | receiptKey[16], | ||
| GP211_RECEIPT_DATA | receiptData, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | applicationAID, | ||
| DWORD | applicationAIDLength, | ||
| BYTE | secureChannelProtocol | ||
| ) |
GlobalPlatform2.1.1: Validates an Install Receipt.
Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.
- Parameters
-
confirmationCounter [in] The confirmation counter. cardUniqueData [in] The card unique data. cardUniqueDataLength [in] The length of the card unique data buffer. receiptKey [in] The 3DES key to generate the receipt. receiptData [in] The GP211_RECEIPT_DATA structure containing the receipt returned from GP211_install_for_install() to verify. executableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for install]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. applicationAID [in] The AID of the installed application. applicationAIDLength [in] The length of the application instance AID. secureChannelProtocol [in] The Secure Channel Protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_validate_load_receipt()
| OPGP_ERROR_STATUS GP211_validate_load_receipt | ( | DWORD | confirmationCounter, |
| PBYTE | cardUniqueData, | ||
| DWORD | cardUniqueDataLength, | ||
| BYTE | receiptKey[16], | ||
| GP211_RECEIPT_DATA | receiptData, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | secureChannelProtocol | ||
| ) |
GlobalPlatform2.1.1: Validates a Load Receipt.
Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.
- Parameters
-
confirmationCounter [in] The confirmation counter. cardUniqueData [in] The card unique data. cardUniqueDataLength [in] The length of the card unique data buffer. receiptKey [in] The 3DES key to generate the receipt. receiptData [in] The GP211_RECEIPT_DATA structure containing the receipt returned from load() to verify. executableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for load]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. securityDomainAID [in] A buffer containing the AID of the associated Security Domain. securityDomainAIDLength [in] The length of the Security Domain AID. secureChannelProtocol [in] The Secure Channel Protocol.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_VISA1_derive_keys()
| OPGP_ERROR_STATUS GP211_VISA1_derive_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | masterKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16] | ||
| ) |
Derives the static keys from a master key according the VISA 1 key derivation scheme.
E.g. GemXpresso cards use this scheme.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). masterKey [in] The master key. S_ENC [out] The static Encryption key. S_MAC [out] The static Message Authentication Code key. DEK [out] The static Key Encryption Key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ GP211_VISA2_derive_keys()
| OPGP_ERROR_STATUS GP211_VISA2_derive_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| PBYTE | AID, | ||
| DWORD | AIDLength, | ||
| BYTE | masterKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16] | ||
| ) |
Derives the static keys from a master key according the VISA 2 key derivation scheme.
E.g. GemXpresso cards, JCOP-10 cards or Palmera Protect V5 cards use this scheme.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). AID [in] The AID of the Card Manager. AIDLength [in] The length of the Card Manager AID / Issuer Security Domain AID. masterKey [in] The master key. S_ENC [out] The static Encryption key. S_MAC [out] The static Message Authentication Code key. DEK [out] The static Key Encryption Key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_calculate_3des_DAP()
| OPGP_ERROR_STATUS OP201_calculate_3des_DAP | ( | PBYTE | securityDomainAID, |
| DWORD | securityDomainAIDLength, | ||
| OPGP_STRING | executableLoadFileName, | ||
| BYTE | DAP_verification_key[16], | ||
| OP201_DAP_BLOCK * | dapBlock | ||
| ) |
Open Platform: Calculates a Load File Data Block DAP using 3DES.
If a security domain has DAP verification privilege the security domain validates this DAP.
- Parameters
-
securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. executableLoadFileName [in] The name of the CAP or IJC file to calculate the DAP for. DAP_verification_key [in] The key to calculate the DAP. *dapBlock [out] A pointer to the returned OP201_DAP_BLOCK structure.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_calculate_install_token()
| OPGP_ERROR_STATUS OP201_calculate_install_token | ( | BYTE | P1, |
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | AIDWithinLoadFileAID, | ||
| DWORD | AIDWithinLoadFileAIDLength, | ||
| PBYTE | applicationInstanceAID, | ||
| DWORD | applicationInstanceAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | applicationInstallParameters, | ||
| DWORD | applicationInstallParametersLength, | ||
| BYTE | installToken[128], | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase | ||
| ) |
Open Platform: Calculates an Install Token using PKCS#1.
The parameters must match the parameters of a later install_for_install(), install_for_make_selectable() and install_for_install_and_make_selectable() method.
- Parameters
-
P1 [in] The parameter P1 in the APDU command. - 0x04 for a INSTALL [for install] command
- 0x08 for an INSTALL [for make selectable] command
- 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. AIDWithinLoadFileAID [in] The AID of the application class in the package. AIDWithinLoadFileAIDLength [in] The length of the AIDWithinLoadFileAID buffer. applicationInstanceAID [in] The AID of the installed application. applicationInstanceAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. applicationInstallParameters [in] Applet install parameters for the install() method of the application. applicationInstallParametersLength [in] The length of the applicationInstallParameters buffer. installToken [out] The calculated Install Token. A 1024 bit RSA signature. PEMKeyFileName [in] A PEM file name with the private RSA key. *passPhrase [in] The passphrase. Must be an ASCII string.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_calculate_load_file_DAP()
| OPGP_ERROR_STATUS OP201_calculate_load_file_DAP | ( | OP201_DAP_BLOCK * | dapBlock, |
| DWORD | dapBlockLength, | ||
| OPGP_STRING | executableLoadFileName, | ||
| BYTE | hash[20] | ||
| ) |
Open Platform: Calculates a Load File DAP.
This is a hash of the Load File with SHA-1. A Load File consists of 0 to n Load File Data Block DAP blocks and a mandatory Load File Data Block, e.g. a CAP file. If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0. The dapBlock(s) can be calculated using calculate_3des_dap() or calculate_rsa_dap(). If the Load File Data Block DAP block(s) are already calculated they must be parsed into a OP201_DAP_BLOCK structure. If the Load File Data Block DAP block(s) are already prefixing the CAPFile following the Open Platform Specification 2.0.1', the whole CAPFile including the Load File Data Block DAP block(s) is sufficient, the dapBlock must be NULL and the dapBlockLength 0.
- Parameters
-
*dapBlock [in] A pointer to OP201_DAP_BLOCK structure(s). dapBlockLength [in] The number of OP201_DAP_BLOCK structure(s). executableLoadFileName [in] The name of the CAP or IJC file to hash. hash [out] The hash value. This are 20 bytes.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_calculate_load_token()
| OPGP_ERROR_STATUS OP201_calculate_load_token | ( | PBYTE | executableLoadFileAID, |
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | loadFileDAP[20], | ||
| DWORD | nonVolatileCodeSpaceLimit, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| BYTE | loadToken[128], | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase | ||
| ) |
Open Platform: Calculates a Load Token using PKCS#1.
The parameters must match the parameters of a later install_for_load() method.
- Parameters
-
executableLoadFileAID [in] A buffer containing the Executable Load File AID. executableLoadFileAIDLength [in] The length of the Executable Load File AID. securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. loadFileDAP [in] The Load File DAP. The same calculated as in install_for_load(). nonVolatileCodeSpaceLimit [in] The minimum space required to store the package. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. loadToken [out] The calculated Load Token. A 1024 bit RSA signature. PEMKeyFileName [in] A PEM file name with the private RSA key. *passPhrase [in] The passphrase. Must be an ASCII string.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_calculate_rsa_DAP()
| OPGP_ERROR_STATUS OP201_calculate_rsa_DAP | ( | PBYTE | securityDomainAID, |
| DWORD | securityDomainAIDLength, | ||
| OPGP_STRING | executableLoadFileName, | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase, | ||
| OP201_DAP_BLOCK * | dapBlock | ||
| ) |
Open Platform: Calculates a Load File Data Block DAP using SHA-1 and PKCS#1 (RSA).
If a security domain has DAP verification privilege the security domain validates this DAP.
- Parameters
-
securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. executableLoadFileName [in] The name of the CAP or IJC file to calculate the DAP for. PEMKeyFileName [in] A PEM file name with the private RSA key. *passPhrase [in] The passphrase. Must be an ASCII string. *dapBlock [out] A pointer to the returned OP201_DAP_BLOCK structure.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_delete_application()
| OPGP_ERROR_STATUS OP201_delete_application | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| OPGP_AID * | AIDs, | ||
| DWORD | AIDsLength, | ||
| OP201_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataLength | ||
| ) |
Open Platform: Deletes a Executable Load File or an application.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). AIDs [in] A pointer to the an array of OPGP_AID structures describing the applications and load files to delete. AIDsLength [in] The number of OPGP_AID structures. *receiptData [out] A OP201_RECEIPT_DATA array. If the deletion is performed by a security domain with delegated management privilege this structure contains the according data for each deleted application or package. receiptDataLength [in, out] A pointer to the length of the receiptData array. If no receiptData is available this length is 0;
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_delete_key()
| OPGP_ERROR_STATUS OP201_delete_key | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex | ||
| ) |
Open Platform: deletes a key or multiple keys.
If keyIndex is 0xFF (=-1) all keys within a keySetVersion are deleted. If keySetVersion is 0x00 all keys with the specified keyIndex are deleted.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). keySetVersion [in] An existing key set version. keyIndex [in] An existing key index.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_EMV_CPS11_derive_keys()
| OPGP_ERROR_STATUS OP201_EMV_CPS11_derive_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | masterKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16] | ||
| ) |
Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme.
E.g. Sm@rtCafe Expert 3.0 and later cards use this scheme.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). masterKey [in] The master key. S_ENC [out] The static Encryption key. S_MAC [out] The static Message Authentication Code key. DEK [out] The static Key Encryption Key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_get_data()
| OPGP_ERROR_STATUS OP201_get_data | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | identifier[2], | ||
| PBYTE | recvBuffer, | ||
| PDWORD | recvBufferLength | ||
| ) |
Open Platform: Retrieve card data.
Retrieves a single card data object from the card identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See OP201_GET_DATA_ISSUER_BIN and so on. For details about the coding of the response see the programmer's manual of your card. There is a convenience method get_key_information_templates() to get the key information template(s) containing key set version, key index, key type and key length of the keys.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). identifier [in] Two byte buffer with high and low order tag value for identifying card data object. recvBuffer [in] The buffer for the card data object. recvBufferLength [in] The length of the received card data object.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_get_install_token_signature_data()
| OPGP_ERROR_STATUS OP201_get_install_token_signature_data | ( | BYTE | P1, |
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | AIDWithinLoadFileAID, | ||
| DWORD | AIDWithinLoadFileAIDLength, | ||
| PBYTE | applicationInstanceAID, | ||
| DWORD | applicationInstanceAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | applicationInstallParameters, | ||
| DWORD | applicationInstallParametersLength, | ||
| PBYTE | installTokenSignatureData, | ||
| PDWORD | installTokenSignatureDataLength | ||
| ) |
Open Platform: Function to retrieve the data to sign by the Card Issuer in an Install Token.
If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Install Token. volatileDataSpaceLimit can be 0, if the card does not need or support this tag. The parameters must match the parameters of a later install_for_install() and install_for_make_selectable() method.
- Parameters
-
P1 [in] The parameter P1 in the APDU command. - 0x04 for a INSTALL [for install] command
- 0x08 for an INSTALL [for make selectable] command
- 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for load]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. AIDWithinLoadFileAID [in] The AID of the application class in the package. AIDWithinLoadFileAIDLength [in] The length of the AIDWithinLoadFileAID buffer. applicationInstanceAID [in] The AID of the installed application. applicationInstanceAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. applicationInstallParameters [in] Applet install parameters for the install() method of the application. applicationInstallParametersLength [in] The length of the applicationInstallParameters buffer. installTokenSignatureData [out] The data to sign in a Install Token. installTokenSignatureDataLength [in, out] The length of the installTokenSignatureData buffer.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_get_key_information_templates()
| OPGP_ERROR_STATUS OP201_get_key_information_templates | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | keyInformationTemplate, | ||
| OP201_KEY_INFORMATION * | keyInformation, | ||
| PDWORD | keyInformationLength | ||
| ) |
Open Platform: Retrieves key information of keys on the card.
The card must support the optional report of key information templates.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). keyInformationTemplate [in] The number of the key information template. *keyInformation [out] A pointer to an array of OP201_KEY_INFORMATION structures. keyInformationLength [in, out] The number of OP201_KEY_INFORMATION structures.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_get_load_token_signature_data()
| OPGP_ERROR_STATUS OP201_get_load_token_signature_data | ( | PBYTE | executableLoadFileAID, |
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | loadFileDAP[20], | ||
| DWORD | nonVolatileCodeSpaceLimit, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | loadTokenSignatureData, | ||
| PDWORD | loadTokenSignatureDataLength | ||
| ) |
Open Platform: Function to retrieve the data to sign by the Card Issuer in a Load Token.
If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Load Token. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags. The parameters must match the parameters of a later install_for_load() command.
- Parameters
-
executableLoadFileAID [in] A buffer containing the Executable Load File AID. executableLoadFileAIDLength [in] The length of the Executable Load File AID. securityDomainAID [in] A buffer containing the Security Domain AID. securityDomainAIDLength [in] The length of the Security Domain AID. loadFileDAP [in] The Load File DAP. The same calculated as in install_for_load(). nonVolatileCodeSpaceLimit [in] The minimum space required to store the application code. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. loadTokenSignatureData [out] The data to sign in a Load Token. loadTokenSignatureDataLength [in, out] The length of the loadTokenSignatureData buffer.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_get_status()
| OPGP_ERROR_STATUS OP201_get_status | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | cardElement, | ||
| OP201_APPLICATION_DATA * | applData, | ||
| PDWORD | applDataLength | ||
| ) |
Open Platform: Gets the life cycle status of Applications, the Card Manager and Executable Load Files and their privileges.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). cardElement [in] Identifier to retrieve data for Load Files, Applications or the Card Manager. *applData [out] The OP201_APPLICATION_DATA structure containing AID, life cycle state and privileges. applDataLength [in, out] The number of OP201_APPLICATION_DATA passed and returned.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_install_for_install()
| OPGP_ERROR_STATUS OP201_install_for_install | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | AIDWithinLoadFileAID, | ||
| DWORD | AIDWithinLoadFileAIDLength, | ||
| PBYTE | applicationInstanceAID, | ||
| DWORD | applicationInstanceAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | applicationInstallParameters, | ||
| DWORD | applicationInstallParametersLength, | ||
| BYTE | installToken[128], | ||
| OP201_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable | ||
| ) |
Open Platform: Installs an application on the card.
In the case of delegated management an Install Token authorizing the INSTALL [for install] must be included. See OP201_calculate_install_token(). Otherwise installToken must be NULL. See calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If AIDWithinLoadFileAID is NULL and AIDWithinLoadFileAIDLength is 0 applicationInstanceAID is assumed for AIDWithinLoadFileAID
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. AIDWithinLoadFileAID [in] The AID of the application class in the package. AIDWithinLoadFileAIDLength [in] The length of the AIDWithinLoadFileAID buffer. applicationInstanceAID [in] The AID of the installed application. applicationInstanceAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. applicationInstallParameters [in] Applet install parameters for the install() method of the application. applicationInstallParametersLength [in] The length of the applicationInstallParameters buffer. installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. receiptDataAvailable [out] 0 if no receiptData is available.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_install_for_install_and_make_selectable()
| OPGP_ERROR_STATUS OP201_install_for_install_and_make_selectable | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | AIDWithinLoadFileAID, | ||
| DWORD | AIDWithinLoadFileAIDLength, | ||
| PBYTE | applicationInstanceAID, | ||
| DWORD | applicationInstanceAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit, | ||
| PBYTE | applicationInstallParameters, | ||
| DWORD | applicationInstallParametersLength, | ||
| BYTE | installToken[128], | ||
| OP201_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable | ||
| ) |
Open Platform: Installs and makes an installed application selectable.
In the case of delegated management an Install Token authorizing the INSTALL [for install and make selectable] must be included. See OP201_calculate_install_token(). Otherwise installToken must be NULL. See calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If AIDWithinLoadFileAID is NULL and AIDWithinLoadFileAIDLength is 0 applicationInstanceAID is assumed for AIDWithinLoadFileAID.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. AIDWithinLoadFileAID [in] The AID of the application class in the package. AIDWithinLoadFileAIDLength [in] The length of the AIDWithinLoadFileAID buffer. applicationInstanceAID [in] The AID of the installed application. applicationInstanceAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime. applicationInstallParameters [in] Applet install parameters for the install() method of the application. applicationInstallParametersLength [in] The length of the applicationInstallParameters buffer. installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. receiptDataAvailable [out] 0 if no receiptData is available.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_install_for_load()
| OPGP_ERROR_STATUS OP201_install_for_load | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength, | ||
| BYTE | loadFileDAP[20], | ||
| BYTE | loadToken[128], | ||
| DWORD | nonVolatileCodeSpaceLimit, | ||
| DWORD | volatileDataSpaceLimit, | ||
| DWORD | nonVolatileDataSpaceLimit | ||
| ) |
Open Platform: Prepares the card for loading an application.
The function assumes that the Card Manager or Security Domain uses an optional load file DAP using the SHA-1 message digest algorithm. The loadFileDAP can be calculated using calculate_load_file_DAP() or must be NULL, if the card does not need or support a Load File DAP in this situation, e.g. if you want to load a Executable Load File to the Card Manager Security Domain. In the case of delegated management a Load Token authorizing the INSTALL [for load] must be included. Otherwise loadToken must be NULL. See OP201_calculate_load_token(). The term Executable Load File is equivalent to the Open Platform term Load File Data Block. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for load]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. securityDomainAID [in] A buffer containing the AID of the intended associated Security Domain. securityDomainAIDLength [in] The length of the Security Domain AID. loadFileDAP [in] The load file DAP of the Executable Load File to INSTALL [for load]. loadToken [in] The Load Token. This is a 1024 bit (=128 byte) RSA Signature. nonVolatileCodeSpaceLimit [in] The minimum amount of space that must be available to store the package. volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available. nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_install_for_make_selectable()
| OPGP_ERROR_STATUS OP201_install_for_make_selectable | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| PBYTE | applicationInstanceAID, | ||
| DWORD | applicationInstanceAIDLength, | ||
| BYTE | applicationPrivileges, | ||
| BYTE | installToken[128], | ||
| OP201_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable | ||
| ) |
Open Platform: Makes an installed application selectable.
In the case of delegated management an Install Token authorizing the INSTALL [for make selectable] must be included. See OP201_calculate_install_token(). Otherwise installToken must be NULL. For Security domains look in your manual what parameters are necessary.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). applicationInstanceAID [in] The AID of the installed application or security domain. applicationInstanceAIDLength [in] The length of the application instance AID. applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN. installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. receiptDataAvailable [out] 0 if no receiptData is available.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_load()
| OPGP_ERROR_STATUS OP201_load | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| OP201_DAP_BLOCK * | dapBlock, | ||
| DWORD | dapBlockLength, | ||
| OPGP_STRING | executableLoadFileName, | ||
| OP201_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable, | ||
| OPGP_PROGRESS_CALLBACK * | callback | ||
| ) |
Open Platform: Loads a Executable Load File (containing an application) to the card.
An install_for_load() must precede. The Load File Data Block DAP block(s) must be the same block(s) and in the same order like in calculate_load_file_DAP(). If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). *dapBlock [in] A pointer to OP201_DAP_BLOCK structure(s). dapBlockLength [in] The number of OP201_DAP_BLOCK structure(s). executableLoadFileName [in] The name of the CAP or IJC file to load. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt(). receiptDataAvailable [out] 0 if no receiptData is available. *callback [in] A pointer to a OPGP_PROGRESS_CALLBACK defining the callback function and optional parameters for it.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_load_from_buffer()
| OPGP_ERROR_STATUS OP201_load_from_buffer | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| OP201_DAP_BLOCK * | dapBlock, | ||
| DWORD | dapBlockLength, | ||
| PBYTE | loadFileBuf, | ||
| DWORD | loadFileBufSize, | ||
| OP201_RECEIPT_DATA * | receiptData, | ||
| PDWORD | receiptDataAvailable, | ||
| OPGP_PROGRESS_CALLBACK * | callback | ||
| ) |
Open Platform: Loads a Executable Load File (containing an application) from a buffer to the card.
An install_for_load() must precede. The Load File Data Block DAP block(s) must be the same block(s) and in the same order like in calculate_load_file_DAP(). If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). *dapBlock [in] A pointer to OP201_DAP_BLOCK structure(s). dapBlockLength [in] The number of OP201_DAP_BLOCK structure(s). loadFileBuf [in] buffer with the contents of a Executable Load File. loadFileBufSize [in] size of loadFileBuf. *receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt(). receiptDataAvailable [out] 0 if no receiptData is available. *callback [in] A pointer to a OPGP_PROGRESS_CALLBACK defining the callback function and optional parameters for it.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_mutual_authentication()
| OPGP_ERROR_STATUS OP201_mutual_authentication | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| BYTE | baseKey[16], | ||
| BYTE | encKey[16], | ||
| BYTE | macKey[16], | ||
| BYTE | kekKey[16], | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex, | ||
| BYTE | securityLevel, | ||
| BYTE | derivationMethod, | ||
| OP201_SECURITY_INFO * | secInfo | ||
| ) |
Open Platform: Mutual authentication.
A keySetVersion and keyIndex of 0x00 selects the first available key set version and key index. If a derivation method is used the baseKey defines the master key.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). baseKey [in] The master key used for the key derivation. encKey [in] The static encryption key. macKey [in] The static MAC key. kekKey [in] The static Key Encryption key. keySetVersion [in] The key set version on the card to use for mutual authentication. keyIndex [in] The key index of the encryption key in the key set version on the card to use for mutual authentication. securityLevel [in] The requested security level. derivationMethod [in] The derivation method to use for. See OPGP_DERIVATION_METHOD_VISA2. *secInfo [out] The returned OP201_SECURITY_INFO structure.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_pin_change()
| OPGP_ERROR_STATUS OP201_pin_change | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | tryLimit, | ||
| PBYTE | newPIN, | ||
| DWORD | newPINLength, | ||
| BYTE | KEK[16] | ||
| ) |
Open Platform: Changes or unblocks the global PIN.
The single numbers of the new PIN are encoded as single BYTEs in the newPIN buffer. The tryLimit must be in the range of 0x03 and x0A. The PIN must comprise at least 6 numbers and not exceeding 12 numbers. To unblock the PIN use tryLimit with a value of 0x00. In this case newPIN buffer and newPINLength are ignored.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). tryLimit [in] The try limit for the PIN. newPIN [in] The new PIN. newPINLength [in] The length of the new PIN. KEK [in] The Key Encryption key (KEK).
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_put_3desKey()
| OPGP_ERROR_STATUS OP201_put_3desKey | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex, | ||
| BYTE | newKeySetVersion, | ||
| BYTE | _3desKey[16] | ||
| ) |
Open Platform: replaces a single 3DES key in a key set or adds a new 3DES key.
A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not yet existing key set version.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). keySetVersion [in] An existing key set version. keyIndex [in] The position of the key in the key set version. newKeySetVersion [in] The new key set version. _3desKey [in] The new 3DES key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_put_data()
| OPGP_ERROR_STATUS OP201_put_data | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | identifier[2], | ||
| PBYTE | dataObject, | ||
| DWORD | dataObjectLength | ||
| ) |
Open Platform: Put card data.
Puts a single card data object identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See OP201_GET_DATA_ISSUER_BIN. For details about the coding of the dataObject see the programmer's manual of your card.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). identifier [in] Two byte buffer with high and low order tag value for identifying card data object. dataObject [in] The coded data object. dataObjectLength [in] The length of the data object.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_put_delegated_management_keys()
| OPGP_ERROR_STATUS OP201_put_delegated_management_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | newKeySetVersion, | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase, | ||
| BYTE | receiptGenerationKey[16] | ||
| ) |
Open Platform: Adds a key set for Delegated Management.
A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a the new secure channel keys belongs to. This can be the same key version or a new not existing key set version.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). keySetVersion [in] An existing key set version. newKeySetVersion [in] The new key set version. PEMKeyFileName [in] A PEM file name with the public RSA key. *passPhrase [in] The passphrase. Must be an ASCII string. receiptGenerationKey [in] The new Receipt Generation key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_put_rsa_key()
| OPGP_ERROR_STATUS OP201_put_rsa_key | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | keyIndex, | ||
| BYTE | newKeySetVersion, | ||
| OPGP_STRING | PEMKeyFileName, | ||
| char * | passPhrase | ||
| ) |
Open Platform: replaces a single public RSA key in a key set or adds a new public RSA key.
A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). keySetVersion [in] An existing key set version. keyIndex [in] The position of the key in the key set version. newKeySetVersion [in] The new key set version. PEMKeyFileName [in] A PEM file name with the public RSA key. *passPhrase [in] The passphrase. Must be an ASCII string.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_put_secure_channel_keys()
| OPGP_ERROR_STATUS OP201_put_secure_channel_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | keySetVersion, | ||
| BYTE | newKeySetVersion, | ||
| BYTE | new_encKey[16], | ||
| BYTE | new_macKey[16], | ||
| BYTE | new_KEK[16] | ||
| ) |
Open Platform: replaces or adds a secure channel key set consisting of encryption key, MAC key and key encryption.
A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version the new secure channel keys belongs to. This can be the same key version or a new not existing key set version. Sometimes a key derivation of the put keys might be necessary so it is necessary to call OP201_EMV_CPS11_derive_keys() or any other derivation function.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). keySetVersion [in] An existing key set version. newKeySetVersion [in] The new key set version. new_encKey [in] The new Encryption key. new_macKey [in] The new MAC key. new_KEK [in] The new key encryption key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_send_APDU()
| OPGP_ERROR_STATUS OP201_send_APDU | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| PBYTE | capdu, | ||
| DWORD | capduLength, | ||
| PBYTE | rapdu, | ||
| PDWORD | rapduLength | ||
| ) |
Sends an application protocol data unit.
The secInfo pointer can also be null and so this function can be used for arbitrary cards.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). capdu [in] The command APDU. capduLength [in] The length of the command APDU. rapdu [out] The response APDU. rapduLength [in, out] The length of the the response APDU.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_set_status()
| OPGP_ERROR_STATUS OP201_set_status | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | cardElement, | ||
| PBYTE | AID, | ||
| DWORD | AIDLength, | ||
| BYTE | lifeCycleState | ||
| ) |
Open Platform: Sets the life cycle status of Applications, Security Domains or the Card Manager.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). cardElement [in] Identifier for Load Files, Applications or the Card Manager. AID [in] The AID. AIDLength [in] The length of the AID. lifeCycleState [in] The new life cycle state.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_validate_delete_receipt()
| OPGP_ERROR_STATUS OP201_validate_delete_receipt | ( | DWORD | confirmationCounter, |
| BYTE | cardUniqueData[10], | ||
| BYTE | receiptGenerationKey[16], | ||
| OP201_RECEIPT_DATA | receiptData, | ||
| PBYTE | AID, | ||
| DWORD | AIDLength | ||
| ) |
Open Platform: Validates a Load Receipt.
Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.
- Parameters
-
confirmationCounter [in] The confirmation counter. cardUniqueData [in] The card unique data (?). receiptGenerationKey [in] The 3DES key to generate the receipt. receiptData [in] The OP201_RECEIPT_DATA structure containing the receipt returned from delete_application() to verify. AID [in] A buffer with AID of the application which was deleted. AIDLength [in] The length of the AID.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_validate_install_receipt()
| OPGP_ERROR_STATUS OP201_validate_install_receipt | ( | DWORD | confirmationCounter, |
| BYTE | cardUniqueData[10], | ||
| BYTE | receiptGenerationKey[16], | ||
| OP201_RECEIPT_DATA | receiptData, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | applicationInstanceAID, | ||
| DWORD | applicationInstanceAIDLength | ||
| ) |
Open Platform: Validates an Install Receipt.
Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.
- Parameters
-
confirmationCounter [in] The confirmation counter. cardUniqueData [in] The card unique data (?). receiptGenerationKey [in] The 3DES key to generate the receipt. receiptData [in] The OP201_RECEIPT_DATA structure containing the receipt returned from install_for_install() to verify. executableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for install]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. applicationInstanceAID [in] The AID of the installed application. applicationInstanceAIDLength [in] The length of the application instance AID.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_validate_load_receipt()
| OPGP_ERROR_STATUS OP201_validate_load_receipt | ( | DWORD | confirmationCounter, |
| BYTE | cardUniqueData[10], | ||
| BYTE | receiptGenerationKey[16], | ||
| OP201_RECEIPT_DATA | receiptData, | ||
| PBYTE | executableLoadFileAID, | ||
| DWORD | executableLoadFileAIDLength, | ||
| PBYTE | securityDomainAID, | ||
| DWORD | securityDomainAIDLength | ||
| ) |
Open Platform: Validates a Load Receipt.
Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.
- Parameters
-
confirmationCounter [in] The confirmation counter. cardUniqueData [in] The card unique data (?). receiptGenerationKey [in] The 3DES key to generate the receipt. receiptData [in] The OP201_RECEIPT_DATA structure containing the receipt returned from load_application() to verify. executableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for load]. executableLoadFileAIDLength [in] The length of the Executable Load File AID. securityDomainAID [in] A buffer containing the AID of the associated Security Domain. securityDomainAIDLength [in] The length of the Security Domain AID.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_VISA1_derive_keys()
| OPGP_ERROR_STATUS OP201_VISA1_derive_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| BYTE | masterKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16] | ||
| ) |
Derives the static keys from a master key according the VISA 1 key derivation scheme.
E.g. GemXpresso cards use this scheme.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). masterKey [in] The master key. S_ENC [out] The static Encryption key. S_MAC [out] The static Message Authentication Code key. DEK [out] The static Key Encryption Key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OP201_VISA2_derive_keys()
| OPGP_ERROR_STATUS OP201_VISA2_derive_keys | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| OP201_SECURITY_INFO * | secInfo, | ||
| PBYTE | AID, | ||
| DWORD | AIDLength, | ||
| BYTE | masterKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16] | ||
| ) |
Derives the static keys from a master key according the VISA 2 key derivation scheme.
E.g. GemXpresso cards, JCOP-10 cards or Palmera Protect V5 cards use this scheme.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication(). AID [in] The AID of the Card Manager. AIDLength [in] The length of the Card Manager AID / Issuer Security Domain AID. masterKey [in] The master key. S_ENC [out] The static Encryption key. S_MAC [out] The static Message Authentication Code key. DEK [out] The static Key Encryption Key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OPGP_cap_to_ijc()
| OPGP_ERROR_STATUS OPGP_cap_to_ijc | ( | OPGP_CSTRING | capFileName, |
| OPGP_STRING | ijcFileName | ||
| ) |
Converts a CAP file to an IJC file (Executable Load File).
- Parameters
-
capFileName [in] The name of the CAP file. ijcFileName [in] The name of the destination IJC file.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OPGP_extract_cap_file()
| OPGP_ERROR_STATUS OPGP_extract_cap_file | ( | OPGP_CSTRING | fileName, |
| PBYTE | loadFileBuf, | ||
| PDWORD | loadFileBufSize | ||
| ) |
Extracts a CAP file into a buffer.
If loadFileBuf is NULL the loadFileBufSize is ignored and the necessary buffer size is returned in loadFileBufSize and the functions returns.
- Parameters
-
fileName [in] The name of the CAP file. loadFileBuf [out] The destination buffer with the Executable Load File contents. loadFileBufSize [in, out] The size of the loadFileBuf.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OPGP_get_extended_card_resources_information()
| OPGP_ERROR_STATUS OPGP_get_extended_card_resources_information | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| OPGP_EXTENDED_CARD_RESOURCE_INFORMATION * | extendedCardResourceInformation | ||
| ) |
Reads the extended card resource information (number of applications + free memory).
The ISD must support the optional report of extended card resources information. The format is defined in ETSI TS 102 226, sect. 8.2.1.7.2.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). *extendedCardResourceInformation [out] A pointer to an array of OPGP_EXTENDED_CARD_RESOURCE_INFORMATION structures.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OPGP_manage_channel()
| OPGP_ERROR_STATUS OPGP_manage_channel | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO * | cardInfo, | ||
| GP211_SECURITY_INFO * | secInfo, | ||
| BYTE | openClose, | ||
| BYTE | channelNumberToClose, | ||
| BYTE * | channelNumberOpened | ||
| ) |
ISO 7816-4 / GlobalPlatform2.1.1: Opens or closes a Logical Channel.
For an OPEN command, the channelNumberToClose is ignored. For an CLOSE command, the channelNumberOpened is returned. After closing a Logical Channel the Basic Logical Channel is assumed for the next transmissions.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() *cardInfo [in, out] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). *secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). openClose [in] Logical Channel should be opened or closed. See GP211_MANAGE_CHANNEL_OPEN. channelNumberToClose [in] The Logical Channel number to close. channelNumberOpened [out] The Logical Channel number opened.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OPGP_read_executable_load_file_parameters()
| OPGP_ERROR_STATUS OPGP_read_executable_load_file_parameters | ( | OPGP_STRING | loadFileName, |
| OPGP_LOAD_FILE_PARAMETERS * | loadFileParams | ||
| ) |
Reads the parameters of an Executable Load File.
- Parameters
-
loadFileName [in] The load file name to parse. *loadFileParams [out] The parsed parameters.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OPGP_read_executable_load_file_parameters_from_buffer()
| OPGP_ERROR_STATUS OPGP_read_executable_load_file_parameters_from_buffer | ( | PBYTE | loadFileBuf, |
| DWORD | loadFileBufSize, | ||
| OPGP_LOAD_FILE_PARAMETERS * | loadFileParams | ||
| ) |
Receives Executable Load File as a buffer instead of a FILE.
- Parameters
-
loadFileBuf [in] The load file buffer. loadFileBufSize [in] The size of the load file buffer. *loadFileParams [out] The parsed parameters.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OPGP_select_application()
| OPGP_ERROR_STATUS OPGP_select_application | ( | OPGP_CARD_CONTEXT | cardContext, |
| OPGP_CARD_INFO | cardInfo, | ||
| PBYTE | AID, | ||
| DWORD | AIDLength | ||
| ) |
GlobalPlatform2.1.1: Selects an application on a card by AID.
- Parameters
-
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context() cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). AID [in] The AID. AIDLength [in] The length of the AID.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ OPGP_select_channel()
| OPGP_ERROR_STATUS OPGP_select_channel | ( | OPGP_CARD_INFO * | cardInfo, |
| BYTE | channelNumber | ||
| ) |
ISO 7816-4 / GlobalPlatform2.1.1: If multiple Logical Channels are open or a new Logical Channel is opened with select_application(), selects the Logical Channel.
You must track on your own, what channels are open.
- Parameters
-
*cardInfo [in, out] The OPGP_CARD_INFO structure returned by OPGP_card_connect(). channelNumber [in] The Logical Channel number to select.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ readDAPBlock()
| OPGP_NO_API OPGP_ERROR_STATUS readDAPBlock | ( | PBYTE | buf, |
| PDWORD | bufLength, | ||
| OP201_DAP_BLOCK | dapBlock | ||
| ) |
Reads a DAP block and parses it to the buffer buf.
- Parameters
-
buf [out] The buffer. bufLength [in, out] The length of the buffer and the returned data. dapBlock [in] The Load File Data Block DAP block.
- Returns
- OPGP_ERROR_SUCCESS if no error, error code else
◆ VISA1_derive_keys()
| OPGP_ERROR_STATUS VISA1_derive_keys | ( | BYTE | cardSerialNumber[8], |
| BYTE | masterKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16] | ||
| ) |
Derives the static keys from a master key according the VISA 1 key derivation scheme.
E.g. GemXpresso cards use this scheme.
- Parameters
-
cardSerialNumber [in] The card serial number. masterKey [in] The master key. S_ENC [out] The static Encryption key. S_MAC [out] The static Message Authentication Code key. DEK [out] The static Key Encryption Key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
◆ VISA2_derive_keys()
| OPGP_ERROR_STATUS VISA2_derive_keys | ( | BYTE | baseKeyDiversificationData[10], |
| BYTE | masterKey[16], | ||
| BYTE | S_ENC[16], | ||
| BYTE | S_MAC[16], | ||
| BYTE | DEK[16] | ||
| ) |
Derives the static keys from a master key according the VISA 2 key derivation scheme.
E.g. GemXpresso cards, JCOP-10 cards or Palmera Protect V5 cards use this scheme. The baseKeyDiversificationData must contain the rightmost two bytes of the Card Manager AID as first 2 bytes and starting at position 4 the 4 bytes of the IC serial number.
- Parameters
-
baseKeyDiversificationData [in] The key diversification data. This is returned by INITIALIZE UPDATE or can be constructed. masterKey [in] The master key. S_ENC [out] The static Encryption key. S_MAC [out] The static Message Authentication Code key. DEK [out] The static Key Encryption Key.
- Returns
- OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
