#include <stdio.h>
#include "types.h"
#include "unicode.h"
#include "error.h"
#include "errorcodes.h"
#include "library.h"
#include "connection.h"
#include "security.h"
#include "stringify.h"

Include dependency graph for globalplatform.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	OPGP_PROGRESS_CALLBACK_PARAMETERS

struct	OPGP_PROGRESS_CALLBACK

struct	OPGP_AID

struct	OP201_APPLICATION_DATA

struct	OPGP_LOAD_FILE_PARAMETERS

struct	GP211_APPLICATION_DATA

struct	GP211_EXECUTABLE_MODULES_DATA

struct	OPGP_EXTENDED_CARD_RESOURCE_INFORMATION

Macros
#define	max(a, b) (((a)>(b))?(a):(b))

#define	APDU_COMMAND_LEN 261
	The APDU command length: 5 bytes header + 255 body + Le.

#define	APDU_RESPONSE_LEN 258
	The APDU response length: 256 data + 2 bytes SW.

#define	GP211_LIFE_CYCLE_LOAD_FILE_LOADED 0x01
	Executable Load File is loaded.

#define	GP211_LIFE_CYCLE_CARD_OP_READY 0x01
	Card is OP ready.

#define	GP211_LIFE_CYCLE_CARD_INITIALIZED 0x07
	Card is initialized.

#define	GP211_LIFE_CYCLE_CARD_SECURED 0x0f
	Card is in secured state.

#define	GP211_LIFE_CYCLE_CARD_LOCKED 0x7f
	Card is locked.

#define	GP211_LIFE_CYCLE_CARD_TERMINATED 0xff
	Card is terminated.

#define	GP211_LIFE_CYCLE_APPLICATION_INSTALLED 0x03
	Application is installed.

#define	GP211_LIFE_CYCLE_APPLICATION_SELECTABLE 0x07
	Application is selectable.

#define	GP211_LIFE_CYCLE_APPLICATION_LOCKED 0xff
	Application is locked.

#define	GP211_LIFE_CYCLE_SECURITY_DOMAIN_INSTALLED 0x03
	Application is installed.

#define	GP211_LIFE_CYCLE_SECURITY_DOMAIN_SELECTABLE 0x07
	Application is selectable.

#define	GP211_LIFE_CYCLE_SECURITY_DOMAIN_PERSONALIZED 0xff
	Application is personalized.

#define	GP211_LIFE_CYCLE_SECURITY_DOMAIN_LOCKED 0xff
	Application is locked.

#define	GP211_MANAGE_CHANNEL_OPEN 0x00
	Open the next available Supplementary Logical Channel.

#define	GP211_MANAGE_CHANNEL_CLOSE 0x80
	Close the Supplementary Logical Channel.

#define	GP211_STATUS_APPLICATIONS 0x40
	Indicate Applications or Security Domains in GP211_get_status() (request GP211_APPLICATION_DATA) or GP211_set_status().

#define	GP211_STATUS_ISSUER_SECURITY_DOMAIN 0x80
	Indicate Issuer Security Domain in GP211_get_status() (request GP211_APPLICATION_DATA) or GP211_set_status().

#define	GP211_STATUS_LOAD_FILES 0x20
	Request GP211_APPLICATION_DATA for Executable Load Files in GP211_get_status().

#define	GP211_STATUS_LOAD_FILES_AND_EXECUTABLE_MODULES 0x10
	Request GP211_EXECUTABLE_MODULES_DATA for Executable Load Files and their Executable Modules in GP211_get_status().

#define	GP211_STATUS_FORMAT_NEW 0x02
	New GP2.1.1 GET STATUS format.

#define	GP211_STATUS_FORMAT_DEPRECATED 0x00
	New GP2.1.1 GET STATUS deprecated format.

#define	OP201_LIFE_CYCLE_LOAD_FILE_LOGICALLY_DELETED 0x00
	Executable Load File is logically deleted.

#define	OP201_LIFE_CYCLE_LOAD_FILE_LOADED 0x01
	Executable Load File is loaded.

#define	OP201_LIFE_CYCLE_CARD_MANAGER_OP_READY 0x01
	Card is OP ready.

#define	OP201_LIFE_CYCLE_CARD_MANAGER_INITIALIZED 0x07
	Card is initialized.

#define	OP201_LIFE_CYCLE_CARD_MANAGER_SECURED 0x0f
	Card is in secured state.

#define	OP201_LIFE_CYCLE_CARD_MANAGER_CM_LOCKED 0x7f
	Card is locked.

#define	OP201_LIFE_CYCLE_CARD_MANAGER_TERMINATED 0xff
	Card is terminated.

#define	OP201_LIFE_CYCLE_APPLICATION_LOGICALLY_DELETED 0x00
	Application is logically deleted.

#define	OP201_LIFE_CYCLE_APPLICATION_INSTALLED 0x03
	Application is installed.

#define	OP201_LIFE_CYCLE_APPLICATION_SELECTABLE 0x07
	Application is selectable.

#define	OP201_LIFE_CYCLE_APPLICATION_PERSONALIZED 0x0f
	Application is personalized.

#define	OP201_LIFE_CYCLE_APPLICATION_BLOCKED 0x7f
	Application is blocked.

#define	OP201_LIFE_CYCLE_APPLICATION_LOCKED 0xff
	Application is locked.

#define	OP201_STATUS_APPLICATIONS 0x40
	Indicate Applications or Security Domains in OP201_get_status() or OP201_set_status().

#define	OP201_STATUS_CARD_MANAGER 0x80
	Indicate Card Manager in OP201_get_status() or OP201_set_status().

#define	OP201_STATUS_LOAD_FILES 0x20
	Request OP201_APPLICATION_DATA for Executable Load Files in OP201_get_status().

#define	OPGP_DERIVATION_METHOD_NONE 0
	No key derivation is used during mutual authentication.

#define	OPGP_DERIVATION_METHOD_VISA2 1
	The VISA2 key derivation is used during mutual authentication.

#define	OPGP_DERIVATION_METHOD_EMV_CPS11 2
	The EMV CPS 11 derivation is used during mutual authentication.

#define	OPGP_DERIVATION_METHOD_VISA1 3
	The VISA1 key derivation is used during mutual authentication.

#define	OPGP_WORK_UNKNOWN -1
	The amount of work is not known.

#define	OPGP_TASK_FINISHED 1
	The task is finished.

#define	INIT_PROGRESS_CALLBACK_PARAMETERS(callbackParameters, callback)

Enumerations
enum	GP211_APPLICATION_PRIVILEGES { GP211_SECURITY_DOMAIN = 1u << (7 + 16), GP211_DAP_VERIFICATION = 0xC0 << 16, GP211_DELEGATED_MANAGEMENT = 0xA0 << 16, GP211_CARD_MANAGER_LOCK_PRIVILEGE = 1u << (4 + 16), GP211_CARD_MANAGER_TERMINATE_PRIVILEGE = 1u << (3 + 16), GP211_DEFAULT_SELECTED_CARD_RESET_PRIVILEGE = 1u << (2 + 16), GP211_PIN_CHANGE_PRIVILEGE = 1u << (1 + 16), GP211_MANDATED_DAP_VERIFICATION = 0xD0 << 16, GP211_TRUSTED_PATH = 1u << (7 + 8), GP211_AUTHORIZED_MANAGEMENT = 1u << (6 + 8), GP211_TOKEN_VERIFICATION = 1u << (5 + 8), GP211_GLOBAL_DELETE = 1u << (4 + 8), GP211_GLOBAL_LOCK = 1u << (3 + 8), GP211_GLOBAL_REGISTRY = 1u << (2 + 8), GP211_FINAL_APPLICATION = 1u << (1 + 8), GP211_GLOBAL_SERVICE = 1u << (0 + 8), GP211_RECEIPT_GENERATION = 1u << 7, GP211_CIPHERED_LOAD_FILE_DATA_BLOCK = 1u << 6, GP211_CONTACTLESS_ACTIVATION = 1u << 5, GP211_CONTACTLESS_SELF_ACTIVATION = 1u << 4 }
	Application privileges. More...

enum	OP201_APPLICATION_PRIVILEGES { OP201_SECURITY_DOMAIN = 1u << 7, OP201_DAP_VERIFICATION = 0xC0, OP201_DELEGATED_MANAGEMENT = 0xA0, OP201_CARD_MANAGER_LOCK_PRIVILEGE = 1u << 4, OP201_CARD_MANAGER_TERMINATE_PRIVILEGE = 1u << 3, OP201_DEFAULT_SELECTED = 1u << 2, OP201_PIN_CHANGE_PRIVILEGE = 1u << 1, OP201_MANDATED_DAP_VERIFICATION = 0xD0 }
	Application privileges. More...

Functions
OPGP_API OPGP_ERROR_STATUS	OPGP_select_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, PBYTE AID, DWORD AIDLength)
	GlobalPlatform2.1.1: Selects an application on a card by AID. More...

OPGP_API OPGP_ERROR_STATUS	OPGP_get_extended_card_resources_information (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, OPGP_EXTENDED_CARD_RESOURCE_INFORMATION extendedCardResourceInformation)
	Reads the extended card resource information (number of applications + free memory). More...

OPGP_API OPGP_ERROR_STATUS	GP211_get_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, BYTE cardElement, BYTE format, GP211_APPLICATION_DATA applData, GP211_EXECUTABLE_MODULES_DATA *executableData, PDWORD dataLength)
	GlobalPlatform2.1.1: Gets the life cycle status of Applications, the Issuer Security Domains, Security Domains and Executable Load Files and their privileges or information about Executable Modules of the Executable Load Files. More...

OPGP_API OPGP_ERROR_STATUS	GP211_set_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE cardElement, PBYTE AID, DWORD AIDLength, BYTE lifeCycleState)
	GlobalPlatform2.1.1: Sets the life cycle status of Applications, Security Domains or the Card Manager. More...

OPGP_API OPGP_ERROR_STATUS	GP211_mutual_authentication (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE baseKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16], BYTE keySetVersion, BYTE keyIndex, BYTE secureChannelProtocol, BYTE secureChannelProtocolImpl, BYTE securityLevel, BYTE derivationMethod, GP211_SECURITY_INFO *secInfo)
	GlobalPlatform2.1.1: Mutual authentication. More...

OPGP_API OPGP_ERROR_STATUS	GP211_init_implicit_secure_channel (PBYTE AID, DWORD AIDLength, BYTE baseKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16], BYTE secureChannelProtocolImpl, BYTE sequenceCounter[2], GP211_SECURITY_INFO *secInfo)
	GlobalPlatform2.1.1: Inits a Secure Channel implicitly. More...

OPGP_API OPGP_ERROR_STATUS	close_implicit_secure_channel (GP211_SECURITY_INFO *secInfo)
	GlobalPlatform2.1.1: Closes a Secure Channel implicitly.

OPGP_API OPGP_ERROR_STATUS	GP211_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength)
	GlobalPlatform2.1.1: Retrieve card data. More...

OPGP_API OPGP_ERROR_STATUS	GP211_get_data_iso7816_4 (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength)
	Retrieve card data according ISO/IEC 7816-4 command not within a secure channel. More...

OPGP_API OPGP_ERROR_STATUS	GP211_get_secure_channel_protocol_details (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE secureChannelProtocol, BYTE secureChannelProtocolImpl)
	GlobalPlatform2.1.1: This returns the Secure Channel Protocol and the Secure Channel Protocol implementation. More...

OPGP_API OPGP_ERROR_STATUS	GP211_get_sequence_counter (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE sequenceCounter[2])
	GlobalPlatform2.1.1: This returns the current Sequence Counter. More...

OPGP_API OPGP_ERROR_STATUS	GP211_put_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE dataObject, DWORD dataObjectLength)
	GlobalPlatform2.1.1: Put card data. More...

OPGP_API OPGP_ERROR_STATUS	GP211_pin_change (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE tryLimit, PBYTE newPIN, DWORD newPINLength)
	GlobalPlatform2.1.1: Changes or unblocks the global PIN. More...

OPGP_API OPGP_ERROR_STATUS	GP211_put_symmetric_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE key[16], BYTE keyType)
	GlobalPlatform2.1.1: replaces a single symmetric key in a key set or adds a new key.

OPGP_API OPGP_ERROR_STATUS	GP211_put_aes_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE aesKey[16])
	GlobalPlatform2.1.1: replaces a single AES key in a key set or adds a new AES key. More...

OPGP_API OPGP_ERROR_STATUS	GP211_put_3des_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE _3DESKey[16])
	GlobalPlatform2.1.1: replaces a single 3DES key in a key set or adds a new 3DES key. More...

OPGP_API OPGP_ERROR_STATUS	GP211_put_rsa_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char passPhrase)
	GlobalPlatform2.1.1: replaces a single public RSA key in a key set or adds a new public RSA key. More...

OPGP_API OPGP_ERROR_STATUS	GP211_put_secure_channel_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, BYTE baseKey[16], BYTE newS_ENC[16], BYTE newS_MAC[16], BYTE newDEK[16])
	GlobalPlatform2.1.1: replaces or adds a secure channel key set consisting of S-ENC, S-MAC and DEK. More...

OPGP_API OPGP_ERROR_STATUS	GP211_delete_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex)
	GlobalPlatform2.1.1: deletes a key or multiple keys. More...

OPGP_API OPGP_ERROR_STATUS	GP211_get_key_information_templates (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, BYTE keyInformationTemplate, GP211_KEY_INFORMATION keyInformation, PDWORD keyInformationLength)
	GlobalPlatform2.1.1: Retrieves key information of keys on the card. More...

OPGP_API OPGP_ERROR_STATUS	GP211_delete_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, OPGP_AID AIDs, DWORD AIDsLength, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataLength)
	GlobalPlatform2.1.1: Deletes a Executable Load File or an application. More...

OPGP_API OPGP_ERROR_STATUS	GP211_install_for_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], BYTE loadToken[128], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit)
	GlobalPlatform2.1.1: Prepares the card for loading an application. More...

OPGP_API OPGP_ERROR_STATUS	GP211_get_extradition_token_signature_data (PBYTE securityDomainAID, DWORD securityDomainAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, PBYTE extraditionTokenSignatureData, PDWORD extraditionTokenSignatureDataLength)
	GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Extradition Token. More...

OPGP_API OPGP_ERROR_STATUS	GP211_get_load_token_signature_data (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE loadTokenSignatureData, PDWORD loadTokenSignatureDataLength)
	GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in a Load Token. More...

OPGP_API OPGP_ERROR_STATUS	GP211_get_install_token_signature_data (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, PBYTE installTokenSignatureData, PDWORD installTokenSignatureDataLength)
	GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Install Token. More...

OPGP_API OPGP_ERROR_STATUS	GP211_calculate_load_token (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, BYTE loadToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase)
	GlobalPlatform2.1.1: Calculates a Load Token using PKCS#1. More...

OPGP_API OPGP_ERROR_STATUS	GP211_calculate_install_token (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase)
	GlobalPlatform2.1.1: Calculates an Install Token using PKCS#1. More...

OPGP_API OPGP_ERROR_STATUS	GP211_calculate_load_file_data_block_hash (OPGP_STRING executableLoadFileName, BYTE hash[32], BYTE secureChannelProtocol)
	GlobalPlatform2.1.1: Calculates a Load File Data Block Hash. More...

OPGP_API OPGP_ERROR_STATUS	GP211_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, GP211_DAP_BLOCK dapBlock, DWORD dapBlockLength, OPGP_STRING executableLoadFileName, GP211_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK callback)
	GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) to the card. More...

OPGP_API OPGP_ERROR_STATUS	GP211_load_from_buffer (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, GP211_DAP_BLOCK dapBlock, DWORD dapBlockLength, PBYTE loadFileBuffer, DWORD loadFileBufSize, GP211_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK callback)
	GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) from a buffer to the card. More...

OPGP_API OPGP_ERROR_STATUS	GP211_install_for_install (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], GP211_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable)
	GlobalPlatform2.1.1: Installs an application on the card. More...

OPGP_API OPGP_ERROR_STATUS	GP211_install_for_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, BYTE installToken[128], GP211_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable)
	GlobalPlatform2.1.1: Makes an installed application selectable. More...

OPGP_API OPGP_ERROR_STATUS	GP211_install_for_install_and_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], GP211_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable)
	GlobalPlatform2.1.1: Installs and makes an installed application selectable. More...

OPGP_API OPGP_ERROR_STATUS	GP211_install_for_personalization (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE applicationAID, DWORD applicationAIDLength)
	GlobalPlatform2.1.1: Informs a Security Domain that a associated application will retrieve personalization data. More...

OPGP_API OPGP_ERROR_STATUS	GP211_install_for_extradition (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, PBYTE securityDomainAID, DWORD securityDomainAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE extraditionToken[128], GP211_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable)
	GlobalPlatform2.1.1: Associates an application with another Security Domain. More...

OPGP_API OPGP_ERROR_STATUS	GP211_put_delegated_management_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, BYTE keySetVersion, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char passPhrase, BYTE receiptKey[16])
	GlobalPlatform2.1.1: Adds a key set for Delegated Management. More...

OPGP_API OPGP_ERROR_STATUS	GP211_send_APDU (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE capdu, DWORD capduLength, PBYTE rapdu, PDWORD rapduLength)
	Sends an application protocol data unit. More...

OPGP_API OPGP_ERROR_STATUS	GP211_calculate_3des_DAP (BYTE loadFileDataBlockHash[20], PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE DAPVerificationKey[16], GP211_DAP_BLOCK *loadFileDataBlockSignature)
	GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using 3DES. More...

OPGP_API OPGP_ERROR_STATUS	GP211_calculate_rsa_DAP (BYTE loadFileDataBlockHash[20], PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING PEMKeyFileName, char passPhrase, GP211_DAP_BLOCK loadFileDataBlockSignature)
	GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using SHA-1 and PKCS#1 (RSA). More...

OPGP_API OPGP_ERROR_STATUS	GP211_validate_delete_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE AID, DWORD AIDLength, BYTE secureChannelProtocol)
	GlobalPlatform2.1.1: Validates a Load Receipt. More...

OPGP_API OPGP_ERROR_STATUS	GP211_validate_install_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE secureChannelProtocol)
	GlobalPlatform2.1.1: Validates an Install Receipt. More...

OPGP_API OPGP_ERROR_STATUS	GP211_validate_load_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE secureChannelProtocol)
	GlobalPlatform2.1.1: Validates a Load Receipt. More...

OPGP_ERROR_STATUS	GP211_validate_extradition_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE oldSecurityDomainAID, DWORD oldSecurityDomainAIDLength, PBYTE newSecurityDomainAID, DWORD newSecurityDomainAIDLength, PBYTE applicationOrExecutableLoadFileAID, DWORD applicationOrExecutableLoadFileAIDLength, BYTE secureChannelProtocol)
	GlobalPlatform2.1.1: Validates an Extradition Receipt. More...

OPGP_API OPGP_ERROR_STATUS	OPGP_manage_channel (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO secInfo, BYTE openClose, BYTE channelNumberToClose, BYTE *channelNumberOpened)
	ISO 7816-4 / GlobalPlatform2.1.1: Opens or closes a Logical Channel. More...

OPGP_API OPGP_ERROR_STATUS	OPGP_select_channel (OPGP_CARD_INFO *cardInfo, BYTE channelNumber)
	ISO 7816-4 / GlobalPlatform2.1.1: If multiple Logical Channels are open or a new Logical Channel is opened with select_application(), selects the Logical Channel. More...

OPGP_API OPGP_ERROR_STATUS	GP211_store_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE data, DWORD dataLength)
	GlobalPlatform2.1.1: The STORE DATA command is used to transfer data to an Application or the Security Domain processing the command. More...

OPGP_API OPGP_ERROR_STATUS	OP201_get_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, BYTE cardElement, OP201_APPLICATION_DATA applData, PDWORD applDataLength)
	Open Platform: Gets the life cycle status of Applications, the Card Manager and Executable Load Files and their privileges. More...

OPGP_API OPGP_ERROR_STATUS	OP201_set_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE cardElement, PBYTE AID, DWORD AIDLength, BYTE lifeCycleState)
	Open Platform: Sets the life cycle status of Applications, Security Domains or the Card Manager. More...

OPGP_API OPGP_ERROR_STATUS	OP201_mutual_authentication (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE baseKey[16], BYTE encKey[16], BYTE macKey[16], BYTE kekKey[16], BYTE keySetVersion, BYTE keyIndex, BYTE securityLevel, BYTE derivationMethod, OP201_SECURITY_INFO *secInfo)
	Open Platform: Mutual authentication. More...

OPGP_API OPGP_ERROR_STATUS	OP201_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength)
	Open Platform: Retrieve card data. More...

OPGP_API OPGP_ERROR_STATUS	OP201_put_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE dataObject, DWORD dataObjectLength)
	Open Platform: Put card data. More...

OPGP_API OPGP_ERROR_STATUS	OP201_pin_change (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE tryLimit, PBYTE newPIN, DWORD newPINLength, BYTE KEK[16])
	Open Platform: Changes or unblocks the global PIN. More...

OPGP_API OPGP_ERROR_STATUS	OP201_put_3desKey (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE _3desKey[16])
	Open Platform: replaces a single 3DES key in a key set or adds a new 3DES key. More...

OPGP_API OPGP_ERROR_STATUS	OP201_put_rsa_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char passPhrase)
	Open Platform: replaces a single public RSA key in a key set or adds a new public RSA key. More...

OPGP_API OPGP_ERROR_STATUS	OP201_put_secure_channel_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, BYTE new_encKey[16], BYTE new_macKey[16], BYTE new_KEK[16])
	Open Platform: replaces or adds a secure channel key set consisting of encryption key, MAC key and key encryption. More...

OPGP_API OPGP_ERROR_STATUS	OP201_delete_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex)
	Open Platform: deletes a key or multiple keys. More...

OPGP_API OPGP_ERROR_STATUS	OP201_get_key_information_templates (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, BYTE keyInformationTemplate, OP201_KEY_INFORMATION keyInformation, PDWORD keyInformationLength)
	Open Platform: Retrieves key information of keys on the card. More...

OPGP_API OPGP_ERROR_STATUS	OP201_delete_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, OPGP_AID AIDs, DWORD AIDsLength, OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataLength)
	Open Platform: Deletes a Executable Load File or an application. More...

OPGP_API OPGP_ERROR_STATUS	OP201_install_for_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], BYTE loadToken[128], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit)
	Open Platform: Prepares the card for loading an application. More...

OPGP_API OPGP_ERROR_STATUS	OP201_get_load_token_signature_data (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE loadTokenSignatureData, PDWORD loadTokenSignatureDataLength)
	Open Platform: Function to retrieve the data to sign by the Card Issuer in a Load Token. More...

OPGP_API OPGP_ERROR_STATUS	OP201_get_install_token_signature_data (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, PBYTE installTokenSignatureData, PDWORD installTokenSignatureDataLength)
	Open Platform: Function to retrieve the data to sign by the Card Issuer in an Install Token. More...

OPGP_API OPGP_ERROR_STATUS	OP201_calculate_load_token (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, BYTE loadToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase)
	Open Platform: Calculates a Load Token using PKCS#1. More...

OPGP_API OPGP_ERROR_STATUS	OP201_calculate_install_token (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase)
	Open Platform: Calculates an Install Token using PKCS#1. More...

OPGP_API OPGP_ERROR_STATUS	OP201_calculate_load_file_DAP (OP201_DAP_BLOCK *dapBlock, DWORD dapBlockLength, OPGP_STRING executableLoadFileName, unsigned char hash[20])
	Open Platform: Calculates a Load File DAP. More...

OPGP_API OPGP_ERROR_STATUS	OP201_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, OP201_DAP_BLOCK dapBlock, DWORD dapBlockLength, OPGP_STRING executableLoadFileName, OP201_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK callback)
	Open Platform: Loads a Executable Load File (containing an application) to the card. More...

OPGP_API OPGP_ERROR_STATUS	OP201_load_from_buffer (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, OP201_DAP_BLOCK dapBlock, DWORD dapBlockLength, PBYTE loadFilebuf, DWORD loadFileBufSize, OP201_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK callback)
	Open Platform: Loads a Executable Load File (containing an application) from a buffer to the card. More...

OPGP_API OPGP_ERROR_STATUS	OP201_install_for_install (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OP201_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable)
	Open Platform: Installs an application on the card. More...

OPGP_API OPGP_ERROR_STATUS	OP201_install_for_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, BYTE installToken[128], OP201_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable)
	Open Platform: Makes an installed application selectable. More...

OPGP_API OPGP_ERROR_STATUS	OP201_install_for_install_and_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OP201_RECEIPT_DATA receiptData, PDWORD receiptDataAvailable)
	Open Platform: Installs and makes an installed application selectable. More...

OPGP_API OPGP_ERROR_STATUS	OP201_put_delegated_management_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO secInfo, BYTE keySetVersion, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char passPhrase, BYTE receiptGenerationKey[16])
	Open Platform: Adds a key set for Delegated Management. More...

OPGP_API OPGP_ERROR_STATUS	OP201_send_APDU (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE capdu, DWORD capduLength, PBYTE rapdu, PDWORD rapduLength)
	Sends an application protocol data unit. More...

OPGP_API OPGP_ERROR_STATUS	OP201_calculate_3des_DAP (PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING executableLoadFileName, BYTE DAP_verification_key[16], OP201_DAP_BLOCK *dapBlock)
	Open Platform: Calculates a Load File Data Block DAP using 3DES. More...

OPGP_API OPGP_ERROR_STATUS	OP201_calculate_rsa_DAP (PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING executableLoadFileName, OPGP_STRING PEMKeyFileName, char passPhrase, OP201_DAP_BLOCK dapBlock)
	Open Platform: Calculates a Load File Data Block DAP using SHA-1 and PKCS#1 (RSA). More...

OPGP_API OPGP_ERROR_STATUS	OP201_validate_delete_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE AID, DWORD AIDLength)
	Open Platform: Validates a Load Receipt. More...

OPGP_API OPGP_ERROR_STATUS	OP201_validate_install_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength)
	Open Platform: Validates an Install Receipt. More...

OPGP_API OPGP_ERROR_STATUS	OP201_validate_load_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength)
	Open Platform: Validates a Load Receipt. More...

OPGP_API OPGP_ERROR_STATUS	GP211_begin_R_MAC (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE securityLevel, PBYTE data, DWORD dataLength)
	Initiates a R-MAC session. More...

OPGP_API OPGP_ERROR_STATUS	GP211_end_R_MAC (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE secureChannelProtocol)
	Terminates a R-MAC session. More...

OPGP_API OPGP_ERROR_STATUS	OPGP_read_executable_load_file_parameters (OPGP_STRING loadFileName, OPGP_LOAD_FILE_PARAMETERS *loadFileParams)
	Reads the parameters of an Executable Load File. More...

OPGP_API OPGP_ERROR_STATUS	OPGP_cap_to_ijc (OPGP_CSTRING capFileName, OPGP_STRING ijcFileName)
	Converts a CAP file to an IJC file (Executable Load File). More...

OPGP_API OPGP_ERROR_STATUS	OPGP_extract_cap_file (OPGP_CSTRING fileName, PBYTE loadFileBuf, PDWORD loadFileBufSize)
	Extracts a CAP file into a buffer. More...

OPGP_API OPGP_ERROR_STATUS	OPGP_read_executable_load_file_parameters_from_buffer (PBYTE loadFileBuf, DWORD loadFileBufSize, OPGP_LOAD_FILE_PARAMETERS *loadFileParams)
	Receives Executable Load File as a buffer instead of a FILE. More...

OPGP_API OPGP_ERROR_STATUS	GP211_EMV_CPS11_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme. More...

OPGP_API OPGP_ERROR_STATUS	GP211_VISA2_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE AID, DWORD AIDLength, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the VISA 2 key derivation scheme. More...

OPGP_API OPGP_ERROR_STATUS	GP211_VISA1_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the VISA 1 key derivation scheme. More...

OPGP_API OPGP_ERROR_STATUS	OP201_EMV_CPS11_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme. More...

OPGP_API OPGP_ERROR_STATUS	OP201_VISA2_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE AID, DWORD AIDLength, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the VISA 2 key derivation scheme. More...

OPGP_API OPGP_ERROR_STATUS	OP201_VISA1_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the VISA 1 key derivation scheme. More...

OPGP_API OPGP_ERROR_STATUS	VISA2_derive_keys (BYTE baseKeyDiversificationData[10], BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the VISA 2 key derivation scheme. More...

OPGP_API OPGP_ERROR_STATUS	VISA1_derive_keys (BYTE cardSerialNumber[8], BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the VISA 1 key derivation scheme. More...

OPGP_API OPGP_ERROR_STATUS	EMV_CPS11_derive_keys (BYTE baseKeyDiversificationData[10], BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
	Derives the static keys from a master key according the EMV CPS11 derivation scheme.

Detailed Description

This file contains all GlobalPlatform related functionality.

Macro Definition Documentation

◆ INIT_PROGRESS_CALLBACK_PARAMETERS

#define INIT_PROGRESS_CALLBACK_PARAMETERS	(	callbackParameters,
		callback
	)

Value:

if (callback != NULL) {callbackParameters.parameters = callback->parameters; \

callbackParameters.finished = !OPGP_TASK_FINISHED;}

Enumeration Type Documentation

◆ GP211_APPLICATION_PRIVILEGES

enum GP211_APPLICATION_PRIVILEGES

Application privileges.

Enumerator
GP211_SECURITY_DOMAIN	Application is security domain.
GP211_DAP_VERIFICATION	Application can require DAP verification for loading and installing applications.
GP211_DELEGATED_MANAGEMENT	Security domain has delegated management right.
GP211_CARD_MANAGER_LOCK_PRIVILEGE	Application can lock the Card Manager.
GP211_CARD_MANAGER_TERMINATE_PRIVILEGE	Application can terminate the card.
GP211_DEFAULT_SELECTED_CARD_RESET_PRIVILEGE	Application is default selected. In GlobalPlatform 2.3.1 this was redefined as Card Reset privilege.
GP211_PIN_CHANGE_PRIVILEGE	Application can change global PIN.
GP211_MANDATED_DAP_VERIFICATION	Security domain requires DAP verification for loading and installing applications.
GP211_TRUSTED_PATH	Application is a Trusted Path for inter-application communication.
GP211_AUTHORIZED_MANAGEMENT	Application is capable of Card Content Management; Security Domain privilege shall also be set.
GP211_TOKEN_VERIFICATION	Application is capable of verifying a token for Delegated Card Content Management.
GP211_GLOBAL_DELETE	Application may delete any Card Content.
GP211_GLOBAL_LOCK	Application may lock or unlock any Application.
GP211_GLOBAL_REGISTRY	Application may access any entry in the GlobalPlatform Registry.
GP211_FINAL_APPLICATION	The only Application selectable in card Life Cycle State CARD_LOCKED and TERMINATED.
GP211_GLOBAL_SERVICE	Application provides services to other Applications on the card.
GP211_RECEIPT_GENERATION	Application is capable of generating a receipt for Delegated Card Content Management.
GP211_CIPHERED_LOAD_FILE_DATA_BLOCK	The Security Domain requires that the Load File being associated to it is to be loaded ciphered.
GP211_CONTACTLESS_ACTIVATION	Application is capable of activating and deactivating any Application on the contactless interface.
GP211_CONTACTLESS_SELF_ACTIVATION	Application is capable of activating itself on the contactless interface without a prior request to the Application with the Contactless Activation privilege.

◆ OP201_APPLICATION_PRIVILEGES

enum OP201_APPLICATION_PRIVILEGES

Application privileges.

Enumerator
OP201_SECURITY_DOMAIN	Application is security domain.
OP201_DAP_VERIFICATION	Application can require DAP verification for loading and installing applications.
OP201_DELEGATED_MANAGEMENT	Security domain has delegated management right.
OP201_CARD_MANAGER_LOCK_PRIVILEGE	Application can lock the Card Manager.
OP201_CARD_MANAGER_TERMINATE_PRIVILEGE	Application can terminate the card.
OP201_DEFAULT_SELECTED	Application is default selected.
OP201_PIN_CHANGE_PRIVILEGE	Application can change global PIN.
OP201_MANDATED_DAP_VERIFICATION	Security domain requires DAP verification for loading and installing applications.

Function Documentation

◆ GP211_begin_R_MAC()

OPGP_API OPGP_ERROR_STATUS GP211_begin_R_MAC	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	securityLevel,
		PBYTE	data,
		DWORD	dataLength
	)

Initiates a R-MAC session.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
securityLevel	Level of security for all subsequent commands GP211_SCP02_SECURITY_LEVEL_R_MAC - Each APDU response contains a R-MAC during the session. GP211_SCP02_SECURITY_LEVEL_NO_SECURE_MESSAGING - Only the END R-MAC SESSION response message will contain a R-MAC. GP211_SCP03_SECURITY_LEVEL_R_MAC - Each APDU response contains a R-MAC during the session. GP211_SCP03_SECURITY_LEVEL_R_ENC_R_MAC - Each APDU response contains a R-MAC and R-encryption during the session.
data	[in] Data for the BEGIN R-MAC SESSION command, e.g. extra challenge.
dataLength	[in] Length of data.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_calculate_3des_DAP()

OPGP_API OPGP_ERROR_STATUS GP211_calculate_3des_DAP	(	BYTE	loadFileDataBlockHash[20],
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		BYTE	DAPCalculationKey[16],
		GP211_DAP_BLOCK *	loadFileDataBlockSignature
	)

GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using 3DES.

This is used with SCP02. If a security domain has DAP verification privilege the security domain validates this DAP. The loadFileDataBlockHash can be calculated using calculate_load_file_data_block_hash().

Parameters

loadFileDataBlockHash	[in] The Load File Data Block Hash.
securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
DAPCalculationKey	[in] The key to calculate the DAP.
*loadFileDataBlockSignature	[out] A pointer to the returned GP211_DAP_BLOCK structure.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_calculate_install_token()

OPGP_API OPGP_ERROR_STATUS GP211_calculate_install_token	(	BYTE	P1,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	executableModuleAID,
		DWORD	executableModuleAIDLength,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength,
		BYTE	applicationPrivileges,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	installParameters,
		DWORD	installParametersLength,
		BYTE	installToken[128],
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase
	)

GlobalPlatform2.1.1: Calculates an Install Token using PKCS#1.

The parameters must match the parameters of a later GP211_install_for_install(), GP211_install_for_make_selectable() and GP211_install_for_install_and_make_selectable() method.

Parameters

P1	[in] The parameter P1 in the APDU command. 0x04 for a INSTALL [for install] command 0x08 for an INSTALL [for make selectable] command 0x0C for an INSTALL [for install and make selectable] 0x10 for an INSTALL [for extradiction]
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
executableModuleAID	[in] The AID of the application class in the package.
executableModuleAIDLength	[in] The length of the executableModuleAID buffer.
applicationAID	[in] The AID of the installed application.
applicationAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
installParameters	[in] Applet install parameters for the install() method of the application.
installParametersLength	[in] The length of the installParameters buffer.
installToken	[out] The calculated Install Token. A 1024 bit RSA signature.
PEMKeyFileName	[in] A PEM file name with the private RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_calculate_load_file_data_block_hash()

OPGP_API OPGP_ERROR_STATUS GP211_calculate_load_file_data_block_hash	(	OPGP_STRING	executableLoadFileName,
		BYTE	hash[32],
		BYTE	secureChannelProtocol
	)

GlobalPlatform2.1.1: Calculates a Load File Data Block Hash.

This is a hash of the Load File Data Block with SHA-1 for SCP02 or SHA-256 for SCP03.

Parameters

executableLoadFileName	[in] The name of the Executable Load File to hash.
hash	[out] The hash value.
secureChannelProtocol	[in] The Secure Channel Protocol.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_calculate_load_token()

OPGP_API OPGP_ERROR_STATUS GP211_calculate_load_token	(	PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		BYTE	loadFileDataBlockHash[20],
		DWORD	nonVolatileCodeSpaceLimit,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		BYTE	loadToken[128],
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase
	)

GlobalPlatform2.1.1: Calculates a Load Token using PKCS#1.

The parameters must match the parameters of a later GP211_install_for_load() method.

Parameters

executableLoadFileAID	[in] A buffer containing the Executable Load File AID.
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
loadFileDataBlockHash	[in] The Load File DAP. The same calculated as in GP211_install_for_load().
nonVolatileCodeSpaceLimit	[in] The minimum space required to store the package.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
loadToken	[out] The calculated Load Token. A 1024 bit RSA signature.
PEMKeyFileName	[in] A PEM file name with the private RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_calculate_rsa_DAP()

OPGP_API OPGP_ERROR_STATUS GP211_calculate_rsa_DAP	(	BYTE	loadFileDataBlockHash[20],
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase,
		GP211_DAP_BLOCK *	loadFileDataBlockSignature
	)

GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using SHA-1 and PKCS#1 (RSA).

If a security domain has DAP verification privilege the security domain validates this DAP. The loadFileDataBlockHash can be calculated using calculate_load_file_data_block_hash().

Parameters

loadFileDataBlockHash	[in] The Load File Data Block Hash.
securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
PEMKeyFileName	[in] A PEM file name with the DAP Verification private RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.
*loadFileDataBlockSignature	[out] A pointer to the returned GP211_DAP_BLOCK structure.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_delete_application()

OPGP_API OPGP_ERROR_STATUS GP211_delete_application	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		OPGP_AID *	AIDs,
		DWORD	AIDsLength,
		GP211_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataLength
	)

GlobalPlatform2.1.1: Deletes a Executable Load File or an application.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
AIDs	[in] A pointer to the an array of OPGP_AID structures describing the applications and load files to delete.
AIDsLength	[in] The number of OPGP_AID structures.
*receiptData	[out] A GP211_RECEIPT_DATA array. If the deletion is performed by a security domain with delegated management privilege this structure contains the according data for each deleted application or package.
receiptDataLength	[in, out] A pointer to the length of the receiptData array. If no receiptData is available this length is 0;

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_delete_key()

OPGP_API OPGP_ERROR_STATUS GP211_delete_key	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	keyIndex
	)

GlobalPlatform2.1.1: deletes a key or multiple keys.

If keyIndex is 0xFF (=-1) all keys within a keySetVersion are deleted. If keySetVersion is 0x00 all keys with the specified keyIndex are deleted.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion	[in] An existing key set version.
keyIndex	[in] An existing key index.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_EMV_CPS11_derive_keys()

OPGP_API OPGP_ERROR_STATUS GP211_EMV_CPS11_derive_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	masterKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16]
	)

Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme.

E.g. Sm@rtCafe Expert 3.0 cards use this scheme.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
masterKey	[in] The master key.
S_ENC	[out] The static Encryption key.
S_MAC	[out] The static Message Authentication Code key.
DEK	[out] The static Key Encryption Key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_end_R_MAC()

OPGP_API OPGP_ERROR_STATUS GP211_end_R_MAC	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	secureChannelProtocol
	)

Terminates a R-MAC session.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
secureChannelProtocol	[in] The security channel protocol.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_data()

OPGP_API OPGP_ERROR_STATUS GP211_get_data	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	identifier[2],
		PBYTE	recvBuffer,
		PDWORD	recvBufferLength
	)

GlobalPlatform2.1.1: Retrieve card data.

Retrieves a single card data object from the card identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See GP211_GET_DATA_CPLC_WHOLE_CPLC and so on. For details about the coding of the response see the programmer's manual of your card. There is a convenience method get_key_information_templates() to get the key information template(s) containing key set version, key index, key type and key length of the keys.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
identifier	[in] Two byte buffer with high and low order tag value for identifying card data object.
recvBuffer	[out] The buffer for the card data object.
recvBufferLength	[in, out] The length of the received card data object.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_data_iso7816_4()

OPGP_API OPGP_ERROR_STATUS GP211_get_data_iso7816_4	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		BYTE	identifier[2],
		PBYTE	recvBuffer,
		PDWORD	recvBufferLength
	)

Retrieve card data according ISO/IEC 7816-4 command not within a secure channel.

This command is useful to return the Card Data with identifier 0x0066 containing the Card Recognition Data with tag 0x73 containing among others the Secure Channel Protocol and the eventual implementations. For getting the Secure Channel Protocol and Secure Channel Protocol implementation there is the convenience function get_secure_channel_protocol_details(). See also data objects identified in ISO 7816-6.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
identifier	[in] Two byte buffer with high and low order tag value for identifying card data.
recvBuffer	[out] The buffer for the card data.
recvBufferLength	[in, out] The length of the received card data.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_extradition_token_signature_data()

OPGP_API OPGP_ERROR_STATUS GP211_get_extradition_token_signature_data	(	PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength,
		PBYTE	extraditionTokenSignatureData,
		PDWORD	extraditionTokenSignatureDataLength
	)

GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Extradition Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Extradition Token. The parameters must match the parameters of a later GP211_install_for_extradition() method.

Parameters

securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
applicationAID	[in] The AID of the installed application.
applicationAIDLength	[in] The length of the application instance AID.
extraditionTokenSignatureData	[out] The data to sign in a Install Token.
extraditionTokenSignatureDataLength	[in, out] The length of the installTokenSignatureData buffer.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_install_token_signature_data()

OPGP_API OPGP_ERROR_STATUS GP211_get_install_token_signature_data	(	BYTE	P1,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	executableModuleAID,
		DWORD	executableModuleAIDLength,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength,
		BYTE	applicationPrivileges,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	installParameters,
		DWORD	installParametersLength,
		PBYTE	installTokenSignatureData,
		PDWORD	installTokenSignatureDataLength
	)

GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Install Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Install Token. volatileDataSpaceLimit can be 0, if the card does not need or support this tag. The parameters must match the parameters of a later GP211_install_for_install() and GP211_install_for_make_selectable() method.

Parameters

P1	[in] The parameter P1 in the APDU command. 0x04 for a INSTALL [for install] command 0x08 for an INSTALL [for make selectable] command 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for load].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
executableModuleAID	[in] The AID of the application class in the package.
executableModuleAIDLength	[in] The length of the executableModuleAID buffer.
applicationAID	[in] The AID of the installed application.
applicationAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
installParameters	[in] Applet install parameters for the install() method of the application.
installParametersLength	[in] The length of the installParameters buffer.
installTokenSignatureData	[out] The data to sign in a Install Token.
installTokenSignatureDataLength	[in, out] The length of the installTokenSignatureData buffer.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_key_information_templates()

OPGP_API OPGP_ERROR_STATUS GP211_get_key_information_templates	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	keyInformationTemplate,
		GP211_KEY_INFORMATION *	keyInformation,
		PDWORD	keyInformationLength
	)

GlobalPlatform2.1.1: Retrieves key information of keys on the card.

The card must support the optional report of key information templates.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keyInformationTemplate	[in] The number of the key information template.
*keyInformation	[out] A pointer to an array of GP211_KEY_INFORMATION structures.
keyInformationLength	[in, out] The number of GP211_KEY_INFORMATION structures.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_load_token_signature_data()

OPGP_API OPGP_ERROR_STATUS GP211_get_load_token_signature_data	(	PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		BYTE	loadFileDataBlockHash[20],
		DWORD	nonVolatileCodeSpaceLimit,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	loadTokenSignatureData,
		PDWORD	loadTokenSignatureDataLength
	)

GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in a Load Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Load Token. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags. The parameters must match the parameters of a later GP211_install_for_load() command.

Parameters

executableLoadFileAID	[in] A buffer containing the Executable Load File AID.
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
loadFileDataBlockHash	[in] The Load File Data Block Hash. The same calculated as in GP211_install_for_load().
nonVolatileCodeSpaceLimit	[in] The minimum space required to store the application code.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
loadTokenSignatureData	[out] The data to sign in a Load Token.
loadTokenSignatureDataLength	[in, out] The length of the loadTokenSignatureData buffer.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_secure_channel_protocol_details()

OPGP_API OPGP_ERROR_STATUS GP211_get_secure_channel_protocol_details	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		BYTE *	secureChannelProtocol,
		BYTE *	secureChannelProtocolImpl
	)

GlobalPlatform2.1.1: This returns the Secure Channel Protocol and the Secure Channel Protocol implementation.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secureChannelProtocol	[out] A pointer to the Secure Channel Protocol to use.
*secureChannelProtocolImpl	[out] A pointer to the implementation of the Secure Channel Protocol.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_sequence_counter()

OPGP_API OPGP_ERROR_STATUS GP211_get_sequence_counter	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		BYTE	sequenceCounter[2]
	)

GlobalPlatform2.1.1: This returns the current Sequence Counter.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
sequenceCounter	[out] The sequence counter.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_get_status()

OPGP_API OPGP_ERROR_STATUS GP211_get_status	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	cardElement,
		BYTE	format,
		GP211_APPLICATION_DATA *	applData,
		GP211_EXECUTABLE_MODULES_DATA *	executableData,
		PDWORD	dataLength
	)

GlobalPlatform2.1.1: Gets the life cycle status of Applications, the Issuer Security Domains, Security Domains and Executable Load Files and their privileges or information about Executable Modules of the Executable Load Files.

It depends on the card element to retrieve if an array of GP211_APPLICATION_DATA structures or an array of GP211_EXECUTABLE_MODULES_DATA structures must be passed to this function. For the card element GP211_EXECUTABLE_MODULES_DATA executableData must not be NULL, else applData must not be NULL.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
cardElement	[in] Identifier to retrieve data for Load Files, Applications or the Card Manager.
format	[in] The GET STATUS output format. Newer cards might not support the legacy format. See GP211_STATUS_APPLICATIONS and related.
*applData	[out] The GP211_APPLICATION_DATA structure.
*executableData	[out] The GP211_APPLICATION_DATA structure.
dataLength	[in, out] The number of GP211_APPLICATION_DATA or GP211_EXECUTABLE_MODULES_DATA passed and returned.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_init_implicit_secure_channel()

OPGP_API OPGP_ERROR_STATUS GP211_init_implicit_secure_channel	(	PBYTE	AID,
		DWORD	AIDLength,
		BYTE	baseKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16],
		BYTE	secureChannelProtocolImpl,
		BYTE	sequenceCounter[2],
		GP211_SECURITY_INFO *	secInfo
	)

GlobalPlatform2.1.1: Inits a Secure Channel implicitly.

This is only supported in SCP02. It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function GP211_get_secure_channel_protocol_details(). New cards usually use the VISA default key for all DES keys. See OPGP_VISA_DEFAULT_KEY. The current Sequence Counter can be obtained with a call to GP211_get_sequence_counter(). SCP02 is implicitly set and the security level is set to C-MAC only.

Parameters

AID	The AID needed for the calculation of the ICV.
AIDLength	The length of the AID buffer.
baseKey	[in] Secure Channel base key.
S_ENC	[in] Secure Channel Encryption Key.
S_MAC	[in] Secure Channel Message Authentication Code Key.
DEK	[in] Data Encryption Key.
secureChannelProtocolImpl	[in] The Secure Channel Protocol Implementation.
sequenceCounter	[in] The sequence counter.
*secInfo	[out] The returned GP211_SECURITY_INFO structure.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_install_for_extradition()

OPGP_API OPGP_ERROR_STATUS GP211_install_for_extradition	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength,
		BYTE	extraditionToken[128],
		GP211_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable
	)

GlobalPlatform2.1.1: Associates an application with another Security Domain.

In the case of delegated management an Extradition Token authorizing the INSTALL [for extradition] must be included. Otherwise extraditionToken must be NULL. See GP211_calculate_install_token().

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
applicationAID	[in] The AID of the installed application.
applicationAIDLength	[in] The length of the application instance AID. GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
extraditionToken	[in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable	[out] 0 if no receiptData is available.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_install_for_install()

OPGP_API OPGP_ERROR_STATUS GP211_install_for_install	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	executableModuleAID,
		DWORD	executableModuleAIDLength,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength,
		BYTE	applicationPrivileges,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	installParameters,
		DWORD	installParametersLength,
		BYTE	installToken[128],
		GP211_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable
	)

GlobalPlatform2.1.1: Installs an application on the card.

In the case of delegated management an Install Token authorizing the INSTALL [for install] must be included. Otherwise installToken must be NULL. See GP211_calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If executableModuleAID is NULL and executableModuleAIDLength is 0 applicationAID is assumed for executableModuleAID.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
executableModuleAID	[in] The AID of the application class in the package.
executableModuleAIDLength	[in] The length of the executableModuleAID buffer.
applicationAID	[in] The AID of the installed application.
applicationAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
installParameters	[in] Applet install parameters for the install() method of the application.
installParametersLength	[in] The length of the installParameters buffer.
installToken	[in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable	[out] 0 if no receiptData is available.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_install_for_install_and_make_selectable()

OPGP_API OPGP_ERROR_STATUS GP211_install_for_install_and_make_selectable	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	executableModuleAID,
		DWORD	executableModuleAIDLength,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength,
		BYTE	applicationPrivileges,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	installParameters,
		DWORD	installParametersLength,
		BYTE	installToken[128],
		GP211_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable
	)

GlobalPlatform2.1.1: Installs and makes an installed application selectable.

In the case of delegated management an Install Token authorizing the INSTALL [for install and make selectable] must be included. Otherwise installToken must be NULL. See GP211_calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If executableModuleAID is NULL and executableModuleAIDLength is 0 applicationAID is assumed for executableModuleAID.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
executableModuleAID	[in] The AID of the application class in the package.
executableModuleAIDLength	[in] The length of the executableModuleAID buffer.
applicationAID	[in] The AID of the installed application.
applicationAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
installParameters	[in] Applet install parameters for the install() method of the application.
installParametersLength	[in] The length of the installParameters buffer.
installToken	[in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable	[out] 0 if no receiptData is available.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_install_for_load()

OPGP_API OPGP_ERROR_STATUS GP211_install_for_load	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		BYTE	loadFileDataBlockHash[20],
		BYTE	loadToken[128],
		DWORD	nonVolatileCodeSpaceLimit,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit
	)

GlobalPlatform2.1.1: Prepares the card for loading an application.

The function assumes that the Issuer Security Domain or Security Domain uses an optional Load File Data Block Hash using the SHA-1 message digest algorithm. The loadFileDataBlockHash can be calculated using GP211_calculate_load_file_data_block_hash() or must be NULL, if the card does not need or support a Load File DAP in this situation, e.g. if you want to load a Executable Load File to the Card Manager Security Domain. In the case of delegated management a Load Token authorizing the INSTALL [for load] must be included. Otherwise loadToken must be NULL. See GP211_calculate_load_token(). The term Executable Load File is equivalent to the GlobalPlatform term Load File Data Block. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for load].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
securityDomainAID	[in] A buffer containing the AID of the intended associated Security Domain.
securityDomainAIDLength	[in] The length of the Security Domain AID.
loadFileDataBlockHash	[in] The Load File Data Block Hash of the Executable Load File to INSTALL [for load].
loadToken	[in] The Load Token. This is a 1024 bit (=128 byte) RSA Signature.
nonVolatileCodeSpaceLimit	[in] The minimum amount of space that must be available to store the package.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_install_for_make_selectable()

OPGP_API OPGP_ERROR_STATUS GP211_install_for_make_selectable	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength,
		BYTE	applicationPrivileges,
		BYTE	installToken[128],
		GP211_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable
	)

GlobalPlatform2.1.1: Makes an installed application selectable.

In the case of delegated management an Install Token authorizing the INSTALL [for make selectable] must be included. Otherwise installToken must be NULL. For Security domains look in your manual what parameters are necessary.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
applicationAID	[in] The AID of the installed application or security domain.
applicationAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
installToken	[in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable	[out] 0 if no receiptData is available.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_install_for_personalization()

OPGP_API OPGP_ERROR_STATUS GP211_install_for_personalization	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength
	)

GlobalPlatform2.1.1: Informs a Security Domain that a associated application will retrieve personalization data.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
applicationAID	[in] The AID of the installed application.
applicationAIDLength	[in] The length of the application instance AID.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_load()

OPGP_API OPGP_ERROR_STATUS GP211_load	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		GP211_DAP_BLOCK *	loadFileDataBlockSignature,
		DWORD	loadFileDataBlockSignatureLength,
		OPGP_STRING	executableLoadFileName,
		GP211_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable,
		OPGP_PROGRESS_CALLBACK *	callback
	)

GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) to the card.

An GP211_install_for_load() must precede. The Load File Data Block Signature(s) must be the same block(s) and in the same order like in GP211_calculate_load_file_data_block_hash(). If no Load File Data Block Signatures are necessary the loadFileDataBlockSignature must be NULL and the loadFileDataBlockSignatureLength 0.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
*loadFileDataBlockSignature	[in] A pointer to GP211_DAP_BLOCK structure(s).
loadFileDataBlockSignatureLength	[in] The number of GP211_DAP_BLOCK structure(s).
executableLoadFileName	[in] The name of the CAP or IJC file (Executable Load File) to load.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt().
receiptDataAvailable	[out] 0 if no receiptData is available.
*callback	[in] An optional callback for measuring the progress. Can be NULL if not needed.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_load_from_buffer()

OPGP_API OPGP_ERROR_STATUS GP211_load_from_buffer	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		GP211_DAP_BLOCK *	loadFileDataBlockSignature,
		DWORD	loadFileDataBlockSignatureLength,
		PBYTE	loadFileBuf,
		DWORD	loadFileBufSize,
		GP211_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable,
		OPGP_PROGRESS_CALLBACK *	callback
	)

GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) from a buffer to the card.

An GP211_install_for_load() must precede. The Load File Data Block Signature(s) must be the same block(s) and in the same order like in calculate_load_file_data_block_hash(). If no Load File Data Block Signatures are necessary the loadFileDataBlockSignature must be NULL and the loadFileDataBlockSignatureLength 0.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
*loadFileDataBlockSignature	[in] A pointer to GP211_DAP_BLOCK structure(s).
loadFileDataBlockSignatureLength	[in] The number of GP211_DAP_BLOCK structure(s).
loadFileBuf	[in] buffer with the contents of a Executable Load File.
loadFileBufSize	[in] size of loadFileBuf.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt().
receiptDataAvailable	[out] 0 if no receiptData is available.
*callback	[in] An optional callback for measuring the progress. Can be NULL if not needed.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_mutual_authentication()

OPGP_API OPGP_ERROR_STATUS GP211_mutual_authentication	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		BYTE	baseKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16],
		BYTE	keySetVersion,
		BYTE	keyIndex,
		BYTE	secureChannelProtocol,
		BYTE	secureChannelProtocolImpl,
		BYTE	securityLevel,
		BYTE	derivationMethod,
		GP211_SECURITY_INFO *	secInfo
	)

GlobalPlatform2.1.1: Mutual authentication.

A keySetVersion and keyIndex of 0x00 selects the first available key set version and key index. There a two Secure Channel Protocols defined be the GlobalPlatform specification. For SCP01 a secure channel key set consist always of at least three keys, from which the Secure Channel Encryption Key and the Secure Channel Message Authentication Code Key is needed for mutual authentication and the generation of session keys. The Data Encryption Key is used when transmitting key sensitive data with a PUT KEY command. For SCP02 a key set can also have only one Secure Channel base key. It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function get_secure_channel_protocol_details(). New cards usually use the VISA default key for all DES keys. See OPGP_VISA_DEFAULT_KEY. If a derivation method is used the baseKey defines the master key.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
baseKey	[in] Secure Channel base key or the master key for the key derivation.
S_ENC	[in] Secure Channel Encryption Key.
S_MAC	[in] Secure Channel Message Authentication Code Key.
DEK	[in] Data Encryption Key.
keySetVersion	[in] The key set version on the card to use for mutual authentication.
keyIndex	[in] The key index of the encryption key in the key set version on the card to use for mutual authentication.
secureChannelProtocol	[in] The Secure Channel Protocol.
secureChannelProtocolImpl	[in] The Secure Channel Protocol Implementation.
securityLevel	[in] The requested security level. See GP211_SCP01_SECURITY_LEVEL_C_DEC_C_MAC and others.
derivationMethod	[in] The derivation method to use for. See OPGP_DERIVATION_METHOD_VISA2.
*secInfo	[out] The returned GP211_SECURITY_INFO structure.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_pin_change()

OPGP_API OPGP_ERROR_STATUS GP211_pin_change	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	tryLimit,
		PBYTE	newPIN,
		DWORD	newPINLength
	)

GlobalPlatform2.1.1: Changes or unblocks the global PIN.

The single numbers of the new PIN are encoded as single BYTEs in the newPIN buffer. The tryLimit must be in the range of 0x03 and x0A. The PIN must comprise at least 6 numbers and not exceeding 12 numbers. To unblock the PIN use tryLimit with a value of 0x00. In this case newPIN buffer and newPINLength are ignored.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
tryLimit	[in] The try limit for the PIN.
newPIN	[in] The new PIN.
newPINLength	[in] The length of the new PIN.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_put_3des_key()

OPGP_API OPGP_ERROR_STATUS GP211_put_3des_key	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	keyIndex,
		BYTE	newKeySetVersion,
		BYTE	_3DESKey[16]
	)

GlobalPlatform2.1.1: replaces a single 3DES key in a key set or adds a new 3DES key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion	[in] An existing key set version.
keyIndex	[in] The position of the key in the key set version.
newKeySetVersion	[in] The new key set version.
_3DESKey	[in] The new 3DES key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_put_aes_key()

OPGP_API OPGP_ERROR_STATUS GP211_put_aes_key	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	keyIndex,
		BYTE	newKeySetVersion,
		BYTE	aesKey[16]
	)

GlobalPlatform2.1.1: replaces a single AES key in a key set or adds a new AES key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion	[in] An existing key set version.
keyIndex	[in] The position of the key in the key set version.
newKeySetVersion	[in] The new key set version.
aesKey	[in] The new AES key.

◆ GP211_put_data()

OPGP_API OPGP_ERROR_STATUS GP211_put_data	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	identifier[2],
		PBYTE	dataObject,
		DWORD	dataObjectLength
	)

GlobalPlatform2.1.1: Put card data.

Puts a single card data object identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See GP211_GET_DATA_CPLC_WHOLE_CPLC. For details about the coding of the dataObject see the programmer's manual of your card.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
identifier	[in] Two byte buffer with high and low order tag value for identifying card data object.
dataObject	[in] The coded data object.
dataObjectLength	[in] The length of the data object.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_put_delegated_management_keys()

OPGP_API OPGP_ERROR_STATUS GP211_put_delegated_management_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	newKeySetVersion,
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase,
		BYTE	receiptKey[16]
	)

GlobalPlatform2.1.1: Adds a key set for Delegated Management.

A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a the new secure channel keys belongs to. This can be the same key version or a new not existing key set version.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion	[in] An existing key set version.
newKeySetVersion	[in] The new key set version.
PEMKeyFileName	[in] A PEM file name with the public RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.
receiptKey	[in] The new Receipt Generation key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_put_rsa_key()

OPGP_API OPGP_ERROR_STATUS GP211_put_rsa_key	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	keyIndex,
		BYTE	newKeySetVersion,
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase
	)

GlobalPlatform2.1.1: replaces a single public RSA key in a key set or adds a new public RSA key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion	[in] An existing key set version.
keyIndex	[in] The position of the key in the key set version.
newKeySetVersion	[in] The new key set version.
PEMKeyFileName	[in] A PEM file name with the public RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_put_secure_channel_keys()

OPGP_API OPGP_ERROR_STATUS GP211_put_secure_channel_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	newKeySetVersion,
		BYTE	newBaseKey[16],
		BYTE	newS_ENC[16],
		BYTE	newS_MAC[16],
		BYTE	newDEK[16]
	)

GlobalPlatform2.1.1: replaces or adds a secure channel key set consisting of S-ENC, S-MAC and DEK.

A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version the new secure channel keys belongs to. This can be the same key version or a new not existing key set version. It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function GP211_get_secure_channel_protocol_details(). Sometimes a key derivation of the put keys might be necessary so it is necessary to call GP211_EMV_CPS11_derive_keys() or any other derivation function. If this is the newBaseKey must be NULL and the derived keys are passed as the 3 Secure Channel Keys.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion	[in] An existing key set version.
newKeySetVersion	[in] The new key set version.
newBaseKey	[in] The new Secure Channel base key.
newS_ENC	[in] The new S-ENC key.
newS_MAC	[in] The new S-MAC key.
newDEK	[in] The new DEK.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_send_APDU()

OPGP_API OPGP_ERROR_STATUS GP211_send_APDU	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	capdu,
		DWORD	capduLength,
		PBYTE	rapdu,
		PDWORD	rapduLength
	)

Sends an application protocol data unit.

The secInfo pointer can also be null and so this function can be used for arbitrary cards.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
capdu	[in] The command APDU.
capduLength	[in] The length of the command APDU.
rapdu	[out] The response APDU.
rapduLength	[in, out] The length of the the response APDU.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_set_status()

OPGP_API OPGP_ERROR_STATUS GP211_set_status	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	cardElement,
		PBYTE	AID,
		DWORD	AIDLength,
		BYTE	lifeCycleState
	)

GlobalPlatform2.1.1: Sets the life cycle status of Applications, Security Domains or the Card Manager.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
cardElement	[in] Identifier for Load Files, Applications or the Card Manager.
AID	[in] The AID.
AIDLength	[in] The length of the AID.
lifeCycleState	[in] The new life cycle state.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_store_data()

OPGP_API OPGP_ERROR_STATUS GP211_store_data	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	data,
		DWORD	dataLength
	)

GlobalPlatform2.1.1: The STORE DATA command is used to transfer data to an Application or the Security Domain processing the command.

If STORE DATA is used for personalizing an application, a GP211_install_for_personalization().

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
*data	[in] Data to send to application or Security Domain.
dataLength	[in] The length of the data buffer.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_validate_delete_receipt()

OPGP_API OPGP_ERROR_STATUS GP211_validate_delete_receipt	(	DWORD	confirmationCounter,
		PBYTE	cardUniqueData,
		DWORD	cardUniqueDataLength,
		BYTE	receiptKey[16],
		GP211_RECEIPT_DATA	receiptData,
		PBYTE	AID,
		DWORD	AIDLength,
		BYTE	secureChannelProtocol
	)

GlobalPlatform2.1.1: Validates a Load Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters

confirmationCounter	[in] The confirmation counter.
cardUniqueData	[in] The card unique data.
cardUniqueDataLength	[in] The length of the card unique data buffer.
receiptKey	[in] The 3DES key to generate the receipt.
receiptData	[in] The GP211_RECEIPT_DATA structure containing the receipt returned from delete_application() to verify.
AID	[in] A buffer with AID of the application which was deleted.
AIDLength	[in] The length of the AID.
secureChannelProtocol	[in] The Secure Channel Protocol.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_validate_extradition_receipt()

OPGP_ERROR_STATUS GP211_validate_extradition_receipt	(	DWORD	confirmationCounter,
		PBYTE	cardUniqueData,
		DWORD	cardUniqueDataLength,
		BYTE	receiptKey[16],
		GP211_RECEIPT_DATA	receiptData,
		PBYTE	oldSecurityDomainAID,
		DWORD	oldSecurityDomainAIDLength,
		PBYTE	newSecurityDomainAID,
		DWORD	newSecurityDomainAIDLength,
		PBYTE	applicationOrExecutableLoadFileAID,
		DWORD	applicationOrExecutableLoadFileAIDLength,
		BYTE	secureChannelProtocol
	)

GlobalPlatform2.1.1: Validates an Extradition Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters

confirmationCounter	[in] The confirmation counter.
cardUniqueData	[in] The card unique data.
cardUniqueDataLength	[in] The length of the card unique data buffer.
receiptKey	[in] The 3DES key to generate the receipt.
receiptData	[in] The GP211_RECEIPT_DATA structure containing the receipt returned from GP211_install_for_extradition() to verify.
oldSecurityDomainAID	[in] The AID of the old associated Security Domain.
oldSecurityDomainAIDLength	[in] The length of the oldSecurityDomainAID buffer.
newSecurityDomainAID	[in] The AID of the new associated Security Domain.
newSecurityDomainAIDLength	[in] The length of the newSecurityDomainAID buffer.
applicationOrExecutableLoadFileAID	[in] A buffer with AID of the Executable Load File which was INSTALL [for install].
applicationOrExecutableLoadFileAIDLength	[in] The length of the Executable Load File AID.
secureChannelProtocol	[in] The Secure Channel Protocol.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_validate_install_receipt()

OPGP_API OPGP_ERROR_STATUS GP211_validate_install_receipt	(	DWORD	confirmationCounter,
		PBYTE	cardUniqueData,
		DWORD	cardUniqueDataLength,
		BYTE	receiptKey[16],
		GP211_RECEIPT_DATA	receiptData,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	applicationAID,
		DWORD	applicationAIDLength,
		BYTE	secureChannelProtocol
	)

GlobalPlatform2.1.1: Validates an Install Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters

confirmationCounter	[in] The confirmation counter.
cardUniqueData	[in] The card unique data.
cardUniqueDataLength	[in] The length of the card unique data buffer.
receiptKey	[in] The 3DES key to generate the receipt.
receiptData	[in] The GP211_RECEIPT_DATA structure containing the receipt returned from GP211_install_for_install() to verify.
executableLoadFileAID	[in] A buffer with AID of the Executable Load File which was INSTALL [for install].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
applicationAID	[in] The AID of the installed application.
applicationAIDLength	[in] The length of the application instance AID.
secureChannelProtocol	[in] The Secure Channel Protocol.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_validate_load_receipt()

OPGP_API OPGP_ERROR_STATUS GP211_validate_load_receipt	(	DWORD	confirmationCounter,
		PBYTE	cardUniqueData,
		DWORD	cardUniqueDataLength,
		BYTE	receiptKey[16],
		GP211_RECEIPT_DATA	receiptData,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		BYTE	secureChannelProtocol
	)

GlobalPlatform2.1.1: Validates a Load Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters

confirmationCounter	[in] The confirmation counter.
cardUniqueData	[in] The card unique data.
cardUniqueDataLength	[in] The length of the card unique data buffer.
receiptKey	[in] The 3DES key to generate the receipt.
receiptData	[in] The GP211_RECEIPT_DATA structure containing the receipt returned from load() to verify.
executableLoadFileAID	[in] A buffer with AID of the Executable Load File which was INSTALL [for load].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
securityDomainAID	[in] A buffer containing the AID of the associated Security Domain.
securityDomainAIDLength	[in] The length of the Security Domain AID.
secureChannelProtocol	[in] The Secure Channel Protocol.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_VISA1_derive_keys()

OPGP_API OPGP_ERROR_STATUS GP211_VISA1_derive_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	masterKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16]
	)

Derives the static keys from a master key according the VISA 1 key derivation scheme.

E.g. GemXpresso cards use this scheme.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
masterKey	[in] The master key.
S_ENC	[out] The static Encryption key.
S_MAC	[out] The static Message Authentication Code key.
DEK	[out] The static Key Encryption Key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ GP211_VISA2_derive_keys()

OPGP_API OPGP_ERROR_STATUS GP211_VISA2_derive_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		PBYTE	AID,
		DWORD	AIDLength,
		BYTE	masterKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16]
	)

Derives the static keys from a master key according the VISA 2 key derivation scheme.

E.g. GemXpresso cards, JCOP-10 cards or Palmera Protect V5 cards use this scheme.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
AID	[in] The AID of the Card Manager.
AIDLength	[in] The length of the Card Manager AID / Issuer Security Domain AID.
masterKey	[in] The master key.
S_ENC	[out] The static Encryption key.
S_MAC	[out] The static Message Authentication Code key.
DEK	[out] The static Key Encryption Key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_calculate_3des_DAP()

OPGP_API OPGP_ERROR_STATUS OP201_calculate_3des_DAP	(	PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		OPGP_STRING	executableLoadFileName,
		BYTE	DAP_verification_key[16],
		OP201_DAP_BLOCK *	dapBlock
	)

Open Platform: Calculates a Load File Data Block DAP using 3DES.

If a security domain has DAP verification privilege the security domain validates this DAP.

Parameters

securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
executableLoadFileName	[in] The name of the CAP or IJC file to calculate the DAP for.
DAP_verification_key	[in] The key to calculate the DAP.
*dapBlock	[out] A pointer to the returned OP201_DAP_BLOCK structure.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_calculate_install_token()

OPGP_API OPGP_ERROR_STATUS OP201_calculate_install_token	(	BYTE	P1,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	AIDWithinLoadFileAID,
		DWORD	AIDWithinLoadFileAIDLength,
		PBYTE	applicationInstanceAID,
		DWORD	applicationInstanceAIDLength,
		BYTE	applicationPrivileges,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	applicationInstallParameters,
		DWORD	applicationInstallParametersLength,
		BYTE	installToken[128],
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase
	)

Open Platform: Calculates an Install Token using PKCS#1.

The parameters must match the parameters of a later install_for_install(), install_for_make_selectable() and install_for_install_and_make_selectable() method.

Parameters

P1	[in] The parameter P1 in the APDU command. 0x04 for a INSTALL [for install] command 0x08 for an INSTALL [for make selectable] command 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
AIDWithinLoadFileAID	[in] The AID of the application class in the package.
AIDWithinLoadFileAIDLength	[in] The length of the AIDWithinLoadFileAID buffer.
applicationInstanceAID	[in] The AID of the installed application.
applicationInstanceAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
applicationInstallParameters	[in] Applet install parameters for the install() method of the application.
applicationInstallParametersLength	[in] The length of the applicationInstallParameters buffer.
installToken	[out] The calculated Install Token. A 1024 bit RSA signature.
PEMKeyFileName	[in] A PEM file name with the private RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_calculate_load_file_DAP()

OPGP_API OPGP_ERROR_STATUS OP201_calculate_load_file_DAP	(	OP201_DAP_BLOCK *	dapBlock,
		DWORD	dapBlockLength,
		OPGP_STRING	executableLoadFileName,
		BYTE	hash[20]
	)

Open Platform: Calculates a Load File DAP.

This is a hash of the Load File with SHA-1. A Load File consists of 0 to n Load File Data Block DAP blocks and a mandatory Load File Data Block, e.g. a CAP file. If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0. The dapBlock(s) can be calculated using calculate_3des_dap() or calculate_rsa_dap(). If the Load File Data Block DAP block(s) are already calculated they must be parsed into a OP201_DAP_BLOCK structure. If the Load File Data Block DAP block(s) are already prefixing the CAPFile following the Open Platform Specification 2.0.1', the whole CAPFile including the Load File Data Block DAP block(s) is sufficient, the dapBlock must be NULL and the dapBlockLength 0.

Parameters

*dapBlock	[in] A pointer to OP201_DAP_BLOCK structure(s).
dapBlockLength	[in] The number of OP201_DAP_BLOCK structure(s).
executableLoadFileName	[in] The name of the CAP or IJC file to hash.
hash	[out] The hash value. This are 20 bytes.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_calculate_load_token()

OPGP_API OPGP_ERROR_STATUS OP201_calculate_load_token	(	PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		BYTE	loadFileDAP[20],
		DWORD	nonVolatileCodeSpaceLimit,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		BYTE	loadToken[128],
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase
	)

Open Platform: Calculates a Load Token using PKCS#1.

The parameters must match the parameters of a later install_for_load() method.

Parameters

executableLoadFileAID	[in] A buffer containing the Executable Load File AID.
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
loadFileDAP	[in] The Load File DAP. The same calculated as in install_for_load().
nonVolatileCodeSpaceLimit	[in] The minimum space required to store the package.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
loadToken	[out] The calculated Load Token. A 1024 bit RSA signature.
PEMKeyFileName	[in] A PEM file name with the private RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_calculate_rsa_DAP()

OPGP_API OPGP_ERROR_STATUS OP201_calculate_rsa_DAP	(	PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		OPGP_STRING	executableLoadFileName,
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase,
		OP201_DAP_BLOCK *	dapBlock
	)

Open Platform: Calculates a Load File Data Block DAP using SHA-1 and PKCS#1 (RSA).

If a security domain has DAP verification privilege the security domain validates this DAP.

Parameters

securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
executableLoadFileName	[in] The name of the CAP or IJC file to calculate the DAP for.
PEMKeyFileName	[in] A PEM file name with the private RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.
*dapBlock	[out] A pointer to the returned OP201_DAP_BLOCK structure.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_delete_application()

OPGP_API OPGP_ERROR_STATUS OP201_delete_application	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		OPGP_AID *	AIDs,
		DWORD	AIDsLength,
		OP201_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataLength
	)

Open Platform: Deletes a Executable Load File or an application.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
AIDs	[in] A pointer to the an array of OPGP_AID structures describing the applications and load files to delete.
AIDsLength	[in] The number of OPGP_AID structures.
*receiptData	[out] A OP201_RECEIPT_DATA array. If the deletion is performed by a security domain with delegated management privilege this structure contains the according data for each deleted application or package.
receiptDataLength	[in, out] A pointer to the length of the receiptData array. If no receiptData is available this length is 0;

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_delete_key()

OPGP_API OPGP_ERROR_STATUS OP201_delete_key	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	keyIndex
	)

Open Platform: deletes a key or multiple keys.

If keyIndex is 0xFF (=-1) all keys within a keySetVersion are deleted. If keySetVersion is 0x00 all keys with the specified keyIndex are deleted.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion	[in] An existing key set version.
keyIndex	[in] An existing key index.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_EMV_CPS11_derive_keys()

OPGP_API OPGP_ERROR_STATUS OP201_EMV_CPS11_derive_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	masterKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16]
	)

Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme.

E.g. Sm@rtCafe Expert 3.0 and later cards use this scheme.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
masterKey	[in] The master key.
S_ENC	[out] The static Encryption key.
S_MAC	[out] The static Message Authentication Code key.
DEK	[out] The static Key Encryption Key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_get_data()

OPGP_API OPGP_ERROR_STATUS OP201_get_data	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	identifier[2],
		PBYTE	recvBuffer,
		PDWORD	recvBufferLength
	)

Open Platform: Retrieve card data.

Retrieves a single card data object from the card identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See OP201_GET_DATA_ISSUER_BIN and so on. For details about the coding of the response see the programmer's manual of your card. There is a convenience method get_key_information_templates() to get the key information template(s) containing key set version, key index, key type and key length of the keys.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
identifier	[in] Two byte buffer with high and low order tag value for identifying card data object.
recvBuffer	[in] The buffer for the card data object.
recvBufferLength	[in] The length of the received card data object.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_get_install_token_signature_data()

OPGP_API OPGP_ERROR_STATUS OP201_get_install_token_signature_data	(	BYTE	P1,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	AIDWithinLoadFileAID,
		DWORD	AIDWithinLoadFileAIDLength,
		PBYTE	applicationInstanceAID,
		DWORD	applicationInstanceAIDLength,
		BYTE	applicationPrivileges,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	applicationInstallParameters,
		DWORD	applicationInstallParametersLength,
		PBYTE	installTokenSignatureData,
		PDWORD	installTokenSignatureDataLength
	)

Open Platform: Function to retrieve the data to sign by the Card Issuer in an Install Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Install Token. volatileDataSpaceLimit can be 0, if the card does not need or support this tag. The parameters must match the parameters of a later install_for_install() and install_for_make_selectable() method.

Parameters

P1	[in] The parameter P1 in the APDU command. 0x04 for a INSTALL [for install] command 0x08 for an INSTALL [for make selectable] command 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for load].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
AIDWithinLoadFileAID	[in] The AID of the application class in the package.
AIDWithinLoadFileAIDLength	[in] The length of the AIDWithinLoadFileAID buffer.
applicationInstanceAID	[in] The AID of the installed application.
applicationInstanceAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
applicationInstallParameters	[in] Applet install parameters for the install() method of the application.
applicationInstallParametersLength	[in] The length of the applicationInstallParameters buffer.
installTokenSignatureData	[out] The data to sign in a Install Token.
installTokenSignatureDataLength	[in, out] The length of the installTokenSignatureData buffer.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_get_key_information_templates()

OPGP_API OPGP_ERROR_STATUS OP201_get_key_information_templates	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	keyInformationTemplate,
		OP201_KEY_INFORMATION *	keyInformation,
		PDWORD	keyInformationLength
	)

Open Platform: Retrieves key information of keys on the card.

The card must support the optional report of key information templates.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keyInformationTemplate	[in] The number of the key information template.
*keyInformation	[out] A pointer to an array of OP201_KEY_INFORMATION structures.
keyInformationLength	[in, out] The number of OP201_KEY_INFORMATION structures.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_get_load_token_signature_data()

OPGP_API OPGP_ERROR_STATUS OP201_get_load_token_signature_data	(	PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		BYTE	loadFileDAP[20],
		DWORD	nonVolatileCodeSpaceLimit,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	loadTokenSignatureData,
		PDWORD	loadTokenSignatureDataLength
	)

Open Platform: Function to retrieve the data to sign by the Card Issuer in a Load Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Load Token. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags. The parameters must match the parameters of a later install_for_load() command.

Parameters

executableLoadFileAID	[in] A buffer containing the Executable Load File AID.
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
securityDomainAID	[in] A buffer containing the Security Domain AID.
securityDomainAIDLength	[in] The length of the Security Domain AID.
loadFileDAP	[in] The Load File DAP. The same calculated as in install_for_load().
nonVolatileCodeSpaceLimit	[in] The minimum space required to store the application code.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
loadTokenSignatureData	[out] The data to sign in a Load Token.
loadTokenSignatureDataLength	[in, out] The length of the loadTokenSignatureData buffer.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_get_status()

OPGP_API OPGP_ERROR_STATUS OP201_get_status	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	cardElement,
		OP201_APPLICATION_DATA *	applData,
		PDWORD	applDataLength
	)

Open Platform: Gets the life cycle status of Applications, the Card Manager and Executable Load Files and their privileges.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
cardElement	[in] Identifier to retrieve data for Load Files, Applications or the Card Manager.
*applData	[out] The OP201_APPLICATION_DATA structure containing AID, life cycle state and privileges.
applDataLength	[in, out] The number of OP201_APPLICATION_DATA passed and returned.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_install_for_install()

OPGP_API OPGP_ERROR_STATUS OP201_install_for_install	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	AIDWithinLoadFileAID,
		DWORD	AIDWithinLoadFileAIDLength,
		PBYTE	applicationInstanceAID,
		DWORD	applicationInstanceAIDLength,
		BYTE	applicationPrivileges,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	applicationInstallParameters,
		DWORD	applicationInstallParametersLength,
		BYTE	installToken[128],
		OP201_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable
	)

Open Platform: Installs an application on the card.

In the case of delegated management an Install Token authorizing the INSTALL [for install] must be included. See OP201_calculate_install_token(). Otherwise installToken must be NULL. See calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If AIDWithinLoadFileAID is NULL and AIDWithinLoadFileAIDLength is 0 applicationInstanceAID is assumed for AIDWithinLoadFileAID

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
AIDWithinLoadFileAID	[in] The AID of the application class in the package.
AIDWithinLoadFileAIDLength	[in] The length of the AIDWithinLoadFileAID buffer.
applicationInstanceAID	[in] The AID of the installed application.
applicationInstanceAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
applicationInstallParameters	[in] Applet install parameters for the install() method of the application.
applicationInstallParametersLength	[in] The length of the applicationInstallParameters buffer.
installToken	[in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable	[out] 0 if no receiptData is available.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_install_for_install_and_make_selectable()

OPGP_API OPGP_ERROR_STATUS OP201_install_for_install_and_make_selectable	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	AIDWithinLoadFileAID,
		DWORD	AIDWithinLoadFileAIDLength,
		PBYTE	applicationInstanceAID,
		DWORD	applicationInstanceAIDLength,
		BYTE	applicationPrivileges,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit,
		PBYTE	applicationInstallParameters,
		DWORD	applicationInstallParametersLength,
		BYTE	installToken[128],
		OP201_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable
	)

Open Platform: Installs and makes an installed application selectable.

In the case of delegated management an Install Token authorizing the INSTALL [for install and make selectable] must be included. See OP201_calculate_install_token(). Otherwise installToken must be NULL. See calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If AIDWithinLoadFileAID is NULL and AIDWithinLoadFileAIDLength is 0 applicationInstanceAID is assumed for AIDWithinLoadFileAID.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
AIDWithinLoadFileAID	[in] The AID of the application class in the package.
AIDWithinLoadFileAIDLength	[in] The length of the AIDWithinLoadFileAID buffer.
applicationInstanceAID	[in] The AID of the installed application.
applicationInstanceAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
applicationInstallParameters	[in] Applet install parameters for the install() method of the application.
applicationInstallParametersLength	[in] The length of the applicationInstallParameters buffer.
installToken	[in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable	[out] 0 if no receiptData is available.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_install_for_load()

OPGP_API OPGP_ERROR_STATUS OP201_install_for_load	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength,
		BYTE	loadFileDAP[20],
		BYTE	loadToken[128],
		DWORD	nonVolatileCodeSpaceLimit,
		DWORD	volatileDataSpaceLimit,
		DWORD	nonVolatileDataSpaceLimit
	)

Open Platform: Prepares the card for loading an application.

The function assumes that the Card Manager or Security Domain uses an optional load file DAP using the SHA-1 message digest algorithm. The loadFileDAP can be calculated using calculate_load_file_DAP() or must be NULL, if the card does not need or support a Load File DAP in this situation, e.g. if you want to load a Executable Load File to the Card Manager Security Domain. In the case of delegated management a Load Token authorizing the INSTALL [for load] must be included. Otherwise loadToken must be NULL. See OP201_calculate_load_token(). The term Executable Load File is equivalent to the Open Platform term Load File Data Block. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
executableLoadFileAID	[in] A buffer with AID of the Executable Load File to INSTALL [for load].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
securityDomainAID	[in] A buffer containing the AID of the intended associated Security Domain.
securityDomainAIDLength	[in] The length of the Security Domain AID.
loadFileDAP	[in] The load file DAP of the Executable Load File to INSTALL [for load].
loadToken	[in] The Load Token. This is a 1024 bit (=128 byte) RSA Signature.
nonVolatileCodeSpaceLimit	[in] The minimum amount of space that must be available to store the package.
volatileDataSpaceLimit	[in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit	[in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_install_for_make_selectable()

OPGP_API OPGP_ERROR_STATUS OP201_install_for_make_selectable	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		PBYTE	applicationInstanceAID,
		DWORD	applicationInstanceAIDLength,
		BYTE	applicationPrivileges,
		BYTE	installToken[128],
		OP201_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable
	)

Open Platform: Makes an installed application selectable.

In the case of delegated management an Install Token authorizing the INSTALL [for make selectable] must be included. See OP201_calculate_install_token(). Otherwise installToken must be NULL. For Security domains look in your manual what parameters are necessary.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
applicationInstanceAID	[in] The AID of the installed application or security domain.
applicationInstanceAIDLength	[in] The length of the application instance AID.
applicationPrivileges	[in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
installToken	[in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable	[out] 0 if no receiptData is available.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_load()

OPGP_API OPGP_ERROR_STATUS OP201_load	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		OP201_DAP_BLOCK *	dapBlock,
		DWORD	dapBlockLength,
		OPGP_STRING	executableLoadFileName,
		OP201_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable,
		OPGP_PROGRESS_CALLBACK *	callback
	)

Open Platform: Loads a Executable Load File (containing an application) to the card.

An install_for_load() must precede. The Load File Data Block DAP block(s) must be the same block(s) and in the same order like in calculate_load_file_DAP(). If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
*dapBlock	[in] A pointer to OP201_DAP_BLOCK structure(s).
dapBlockLength	[in] The number of OP201_DAP_BLOCK structure(s).
executableLoadFileName	[in] The name of the CAP or IJC file to load.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt().
receiptDataAvailable	[out] 0 if no receiptData is available.
*callback	[in] A pointer to a OPGP_PROGRESS_CALLBACK defining the callback function and optional parameters for it.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_load_from_buffer()

OPGP_API OPGP_ERROR_STATUS OP201_load_from_buffer	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		OP201_DAP_BLOCK *	dapBlock,
		DWORD	dapBlockLength,
		PBYTE	loadFileBuf,
		DWORD	loadFileBufSize,
		OP201_RECEIPT_DATA *	receiptData,
		PDWORD	receiptDataAvailable,
		OPGP_PROGRESS_CALLBACK *	callback
	)

Open Platform: Loads a Executable Load File (containing an application) from a buffer to the card.

An install_for_load() must precede. The Load File Data Block DAP block(s) must be the same block(s) and in the same order like in calculate_load_file_DAP(). If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
*dapBlock	[in] A pointer to OP201_DAP_BLOCK structure(s).
dapBlockLength	[in] The number of OP201_DAP_BLOCK structure(s).
loadFileBuf	[in] buffer with the contents of a Executable Load File.
loadFileBufSize	[in] size of loadFileBuf.
*receiptData	[out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt().
receiptDataAvailable	[out] 0 if no receiptData is available.
*callback	[in] A pointer to a OPGP_PROGRESS_CALLBACK defining the callback function and optional parameters for it.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_mutual_authentication()

OPGP_API OPGP_ERROR_STATUS OP201_mutual_authentication	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		BYTE	baseKey[16],
		BYTE	encKey[16],
		BYTE	macKey[16],
		BYTE	kekKey[16],
		BYTE	keySetVersion,
		BYTE	keyIndex,
		BYTE	securityLevel,
		BYTE	derivationMethod,
		OP201_SECURITY_INFO *	secInfo
	)

Open Platform: Mutual authentication.

A keySetVersion and keyIndex of 0x00 selects the first available key set version and key index. If a derivation method is used the baseKey defines the master key.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
baseKey	[in] The master key used for the key derivation.
encKey	[in] The static encryption key.
macKey	[in] The static MAC key.
kekKey	[in] The static Key Encryption key.
keySetVersion	[in] The key set version on the card to use for mutual authentication.
keyIndex	[in] The key index of the encryption key in the key set version on the card to use for mutual authentication.
securityLevel	[in] The requested security level.
derivationMethod	[in] The derivation method to use for. See OPGP_DERIVATION_METHOD_VISA2.
*secInfo	[out] The returned OP201_SECURITY_INFO structure.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_pin_change()

OPGP_API OPGP_ERROR_STATUS OP201_pin_change	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	tryLimit,
		PBYTE	newPIN,
		DWORD	newPINLength,
		BYTE	KEK[16]
	)

Open Platform: Changes or unblocks the global PIN.

The single numbers of the new PIN are encoded as single BYTEs in the newPIN buffer. The tryLimit must be in the range of 0x03 and x0A. The PIN must comprise at least 6 numbers and not exceeding 12 numbers. To unblock the PIN use tryLimit with a value of 0x00. In this case newPIN buffer and newPINLength are ignored.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
tryLimit	[in] The try limit for the PIN.
newPIN	[in] The new PIN.
newPINLength	[in] The length of the new PIN.
KEK	[in] The Key Encryption key (KEK).

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_put_3desKey()

OPGP_API OPGP_ERROR_STATUS OP201_put_3desKey	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	keyIndex,
		BYTE	newKeySetVersion,
		BYTE	_3desKey[16]
	)

Open Platform: replaces a single 3DES key in a key set or adds a new 3DES key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not yet existing key set version.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion	[in] An existing key set version.
keyIndex	[in] The position of the key in the key set version.
newKeySetVersion	[in] The new key set version.
_3desKey	[in] The new 3DES key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_put_data()

OPGP_API OPGP_ERROR_STATUS OP201_put_data	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	identifier[2],
		PBYTE	dataObject,
		DWORD	dataObjectLength
	)

Open Platform: Put card data.

Puts a single card data object identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See OP201_GET_DATA_ISSUER_BIN. For details about the coding of the dataObject see the programmer's manual of your card.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
identifier	[in] Two byte buffer with high and low order tag value for identifying card data object.
dataObject	[in] The coded data object.
dataObjectLength	[in] The length of the data object.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_put_delegated_management_keys()

OPGP_API OPGP_ERROR_STATUS OP201_put_delegated_management_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	newKeySetVersion,
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase,
		BYTE	receiptGenerationKey[16]
	)

Open Platform: Adds a key set for Delegated Management.

A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a the new secure channel keys belongs to. This can be the same key version or a new not existing key set version.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion	[in] An existing key set version.
newKeySetVersion	[in] The new key set version.
PEMKeyFileName	[in] A PEM file name with the public RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.
receiptGenerationKey	[in] The new Receipt Generation key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_put_rsa_key()

OPGP_API OPGP_ERROR_STATUS OP201_put_rsa_key	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	keyIndex,
		BYTE	newKeySetVersion,
		OPGP_STRING	PEMKeyFileName,
		char *	passPhrase
	)

Open Platform: replaces a single public RSA key in a key set or adds a new public RSA key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion	[in] An existing key set version.
keyIndex	[in] The position of the key in the key set version.
newKeySetVersion	[in] The new key set version.
PEMKeyFileName	[in] A PEM file name with the public RSA key.
*passPhrase	[in] The passphrase. Must be an ASCII string.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_put_secure_channel_keys()

OPGP_API OPGP_ERROR_STATUS OP201_put_secure_channel_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	keySetVersion,
		BYTE	newKeySetVersion,
		BYTE	new_encKey[16],
		BYTE	new_macKey[16],
		BYTE	new_KEK[16]
	)

Open Platform: replaces or adds a secure channel key set consisting of encryption key, MAC key and key encryption.

A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version the new secure channel keys belongs to. This can be the same key version or a new not existing key set version. Sometimes a key derivation of the put keys might be necessary so it is necessary to call OP201_EMV_CPS11_derive_keys() or any other derivation function.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion	[in] An existing key set version.
newKeySetVersion	[in] The new key set version.
new_encKey	[in] The new Encryption key.
new_macKey	[in] The new MAC key.
new_KEK	[in] The new key encryption key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_send_APDU()

OPGP_API OPGP_ERROR_STATUS OP201_send_APDU	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		PBYTE	capdu,
		DWORD	capduLength,
		PBYTE	rapdu,
		PDWORD	rapduLength
	)

Sends an application protocol data unit.

The secInfo pointer can also be null and so this function can be used for arbitrary cards.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
capdu	[in] The command APDU.
capduLength	[in] The length of the command APDU.
rapdu	[out] The response APDU.
rapduLength	[in, out] The length of the the response APDU.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_set_status()

OPGP_API OPGP_ERROR_STATUS OP201_set_status	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	cardElement,
		PBYTE	AID,
		DWORD	AIDLength,
		BYTE	lifeCycleState
	)

Open Platform: Sets the life cycle status of Applications, Security Domains or the Card Manager.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
cardElement	[in] Identifier for Load Files, Applications or the Card Manager.
AID	[in] The AID.
AIDLength	[in] The length of the AID.
lifeCycleState	[in] The new life cycle state.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_validate_delete_receipt()

OPGP_API OPGP_ERROR_STATUS OP201_validate_delete_receipt	(	DWORD	confirmationCounter,
		BYTE	cardUniqueData[10],
		BYTE	receiptGenerationKey[16],
		OP201_RECEIPT_DATA	receiptData,
		PBYTE	AID,
		DWORD	AIDLength
	)

Open Platform: Validates a Load Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters

confirmationCounter	[in] The confirmation counter.
cardUniqueData	[in] The card unique data (?).
receiptGenerationKey	[in] The 3DES key to generate the receipt.
receiptData	[in] The OP201_RECEIPT_DATA structure containing the receipt returned from delete_application() to verify.
AID	[in] A buffer with AID of the application which was deleted.
AIDLength	[in] The length of the AID.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_validate_install_receipt()

OPGP_API OPGP_ERROR_STATUS OP201_validate_install_receipt	(	DWORD	confirmationCounter,
		BYTE	cardUniqueData[10],
		BYTE	receiptGenerationKey[16],
		OP201_RECEIPT_DATA	receiptData,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	applicationInstanceAID,
		DWORD	applicationInstanceAIDLength
	)

Open Platform: Validates an Install Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters

confirmationCounter	[in] The confirmation counter.
cardUniqueData	[in] The card unique data (?).
receiptGenerationKey	[in] The 3DES key to generate the receipt.
receiptData	[in] The OP201_RECEIPT_DATA structure containing the receipt returned from install_for_install() to verify.
executableLoadFileAID	[in] A buffer with AID of the Executable Load File which was INSTALL [for install].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
applicationInstanceAID	[in] The AID of the installed application.
applicationInstanceAIDLength	[in] The length of the application instance AID.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_validate_load_receipt()

OPGP_API OPGP_ERROR_STATUS OP201_validate_load_receipt	(	DWORD	confirmationCounter,
		BYTE	cardUniqueData[10],
		BYTE	receiptGenerationKey[16],
		OP201_RECEIPT_DATA	receiptData,
		PBYTE	executableLoadFileAID,
		DWORD	executableLoadFileAIDLength,
		PBYTE	securityDomainAID,
		DWORD	securityDomainAIDLength
	)

Open Platform: Validates a Load Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters

confirmationCounter	[in] The confirmation counter.
cardUniqueData	[in] The card unique data (?).
receiptGenerationKey	[in] The 3DES key to generate the receipt.
receiptData	[in] The OP201_RECEIPT_DATA structure containing the receipt returned from load_application() to verify.
executableLoadFileAID	[in] A buffer with AID of the Executable Load File which was INSTALL [for load].
executableLoadFileAIDLength	[in] The length of the Executable Load File AID.
securityDomainAID	[in] A buffer containing the AID of the associated Security Domain.
securityDomainAIDLength	[in] The length of the Security Domain AID.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_VISA1_derive_keys()

OPGP_API OPGP_ERROR_STATUS OP201_VISA1_derive_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		BYTE	masterKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16]
	)

Derives the static keys from a master key according the VISA 1 key derivation scheme.

E.g. GemXpresso cards use this scheme.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
masterKey	[in] The master key.
S_ENC	[out] The static Encryption key.
S_MAC	[out] The static Message Authentication Code key.
DEK	[out] The static Key Encryption Key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OP201_VISA2_derive_keys()

OPGP_API OPGP_ERROR_STATUS OP201_VISA2_derive_keys	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		OP201_SECURITY_INFO *	secInfo,
		PBYTE	AID,
		DWORD	AIDLength,
		BYTE	masterKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16]
	)

Derives the static keys from a master key according the VISA 2 key derivation scheme.

E.g. GemXpresso cards, JCOP-10 cards or Palmera Protect V5 cards use this scheme.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
AID	[in] The AID of the Card Manager.
AIDLength	[in] The length of the Card Manager AID / Issuer Security Domain AID.
masterKey	[in] The master key.
S_ENC	[out] The static Encryption key.
S_MAC	[out] The static Message Authentication Code key.
DEK	[out] The static Key Encryption Key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OPGP_cap_to_ijc()

OPGP_API OPGP_ERROR_STATUS OPGP_cap_to_ijc	(	OPGP_CSTRING	capFileName,
		OPGP_STRING	ijcFileName
	)

Converts a CAP file to an IJC file (Executable Load File).

Parameters

capFileName	[in] The name of the CAP file.
ijcFileName	[in] The name of the destination IJC file.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OPGP_extract_cap_file()

OPGP_API OPGP_ERROR_STATUS OPGP_extract_cap_file	(	OPGP_CSTRING	fileName,
		PBYTE	loadFileBuf,
		PDWORD	loadFileBufSize
	)

Extracts a CAP file into a buffer.

If loadFileBuf is NULL the loadFileBufSize is ignored and the necessary buffer size is returned in loadFileBufSize and the functions returns.

Parameters

fileName	[in] The name of the CAP file.
loadFileBuf	[out] The destination buffer with the Executable Load File contents.
loadFileBufSize	[in, out] The size of the loadFileBuf.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OPGP_get_extended_card_resources_information()

OPGP_API OPGP_ERROR_STATUS OPGP_get_extended_card_resources_information	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		OPGP_EXTENDED_CARD_RESOURCE_INFORMATION *	extendedCardResourceInformation
	)

Reads the extended card resource information (number of applications + free memory).

The ISD must support the optional report of extended card resources information. The format is defined in ETSI TS 102 226, sect. 8.2.1.7.2.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
*extendedCardResourceInformation	[out] A pointer to an array of OPGP_EXTENDED_CARD_RESOURCE_INFORMATION structures.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OPGP_manage_channel()

OPGP_API OPGP_ERROR_STATUS OPGP_manage_channel	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO *	cardInfo,
		GP211_SECURITY_INFO *	secInfo,
		BYTE	openClose,
		BYTE	channelNumberToClose,
		BYTE *	channelNumberOpened
	)

ISO 7816-4 / GlobalPlatform2.1.1: Opens or closes a Logical Channel.

For an OPEN command, the channelNumberToClose is ignored. For an CLOSE command, the channelNumberOpened is returned. After closing a Logical Channel the Basic Logical Channel is assumed for the next transmissions.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
*cardInfo	[in, out] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo	[in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
openClose	[in] Logical Channel should be opened or closed. See GP211_MANAGE_CHANNEL_OPEN.
channelNumberToClose	[in] The Logical Channel number to close.
channelNumberOpened	[out] The Logical Channel number opened.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OPGP_read_executable_load_file_parameters()

OPGP_API OPGP_ERROR_STATUS OPGP_read_executable_load_file_parameters	(	OPGP_STRING	loadFileName,
		OPGP_LOAD_FILE_PARAMETERS *	loadFileParams
	)

Reads the parameters of an Executable Load File.

Parameters

loadFileName	[in] The load file name to parse.
*loadFileParams	[out] The parsed parameters.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OPGP_read_executable_load_file_parameters_from_buffer()

OPGP_API OPGP_ERROR_STATUS OPGP_read_executable_load_file_parameters_from_buffer	(	PBYTE	loadFileBuf,
		DWORD	loadFileBufSize,
		OPGP_LOAD_FILE_PARAMETERS *	loadFileParams
	)

Receives Executable Load File as a buffer instead of a FILE.

Parameters

loadFileBuf	[in] The load file buffer.
loadFileBufSize	[in] The size of the load file buffer.
*loadFileParams	[out] The parsed parameters.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OPGP_select_application()

OPGP_API OPGP_ERROR_STATUS OPGP_select_application	(	OPGP_CARD_CONTEXT	cardContext,
		OPGP_CARD_INFO	cardInfo,
		PBYTE	AID,
		DWORD	AIDLength
	)

GlobalPlatform2.1.1: Selects an application on a card by AID.

Parameters

cardContext	[in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo	[in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
AID	[in] The AID.
AIDLength	[in] The length of the AID.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ OPGP_select_channel()

OPGP_API OPGP_ERROR_STATUS OPGP_select_channel	(	OPGP_CARD_INFO *	cardInfo,
		BYTE	channelNumber
	)

ISO 7816-4 / GlobalPlatform2.1.1: If multiple Logical Channels are open or a new Logical Channel is opened with select_application(), selects the Logical Channel.

You must track on your own, what channels are open.

Parameters

*cardInfo	[in, out] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
channelNumber	[in] The Logical Channel number to select.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ VISA1_derive_keys()

OPGP_API OPGP_ERROR_STATUS VISA1_derive_keys	(	BYTE	cardSerialNumber[8],
		BYTE	masterKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16]
	)

Derives the static keys from a master key according the VISA 1 key derivation scheme.

E.g. GemXpresso cards use this scheme.

Parameters

cardSerialNumber	[in] The card serial number.
masterKey	[in] The master key.
S_ENC	[out] The static Encryption key.
S_MAC	[out] The static Message Authentication Code key.
DEK	[out] The static Key Encryption Key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

◆ VISA2_derive_keys()

OPGP_API OPGP_ERROR_STATUS VISA2_derive_keys	(	BYTE	baseKeyDiversificationData[10],
		BYTE	masterKey[16],
		BYTE	S_ENC[16],
		BYTE	S_MAC[16],
		BYTE	DEK[16]
	)

Derives the static keys from a master key according the VISA 2 key derivation scheme.

E.g. GemXpresso cards, JCOP-10 cards or Palmera Protect V5 cards use this scheme. The baseKeyDiversificationData must contain the rightmost two bytes of the Card Manager AID as first 2 bytes and starting at position 4 the 4 bytes of the IC serial number.

Parameters

baseKeyDiversificationData	[in] The key diversification data. This is returned by INITIALIZE UPDATE or can be constructed.
masterKey	[in] The master key.
S_ENC	[out] The static Encryption key.
S_MAC	[out] The static Message Authentication Code key.
DEK	[out] The static Key Encryption Key.

Returns: OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

Data Structures

Macros

Enumerations

Functions

Detailed Description

Macro Definition Documentation

◆ INIT_PROGRESS_CALLBACK_PARAMETERS

Enumeration Type Documentation

◆ GP211_APPLICATION_PRIVILEGES

◆ OP201_APPLICATION_PRIVILEGES

Function Documentation

◆ GP211_begin_R_MAC()

◆ GP211_calculate_3des_DAP()

◆ GP211_calculate_install_token()

◆ GP211_calculate_load_file_data_block_hash()

◆ GP211_calculate_load_token()

◆ GP211_calculate_rsa_DAP()

◆ GP211_delete_application()

◆ GP211_delete_key()

◆ GP211_EMV_CPS11_derive_keys()

◆ GP211_end_R_MAC()

◆ GP211_get_data()

◆ GP211_get_data_iso7816_4()

◆ GP211_get_extradition_token_signature_data()

◆ GP211_get_install_token_signature_data()

◆ GP211_get_key_information_templates()

◆ GP211_get_load_token_signature_data()

◆ GP211_get_secure_channel_protocol_details()

◆ GP211_get_sequence_counter()

◆ GP211_get_status()

◆ GP211_init_implicit_secure_channel()

◆ GP211_install_for_extradition()

◆ GP211_install_for_install()

◆ GP211_install_for_install_and_make_selectable()

◆ GP211_install_for_load()

◆ GP211_install_for_make_selectable()

◆ GP211_install_for_personalization()

◆ GP211_load()

◆ GP211_load_from_buffer()

◆ GP211_mutual_authentication()

◆ GP211_pin_change()

◆ GP211_put_3des_key()

◆ GP211_put_aes_key()

◆ GP211_put_data()

◆ GP211_put_delegated_management_keys()

◆ GP211_put_rsa_key()

◆ GP211_put_secure_channel_keys()

◆ GP211_send_APDU()

◆ GP211_set_status()

◆ GP211_store_data()

◆ GP211_validate_delete_receipt()

◆ GP211_validate_extradition_receipt()

◆ GP211_validate_install_receipt()

◆ GP211_validate_load_receipt()

◆ GP211_VISA1_derive_keys()

◆ GP211_VISA2_derive_keys()

◆ OP201_calculate_3des_DAP()

◆ OP201_calculate_install_token()

◆ OP201_calculate_load_file_DAP()

◆ OP201_calculate_load_token()

◆ OP201_calculate_rsa_DAP()

◆ OP201_delete_application()

◆ OP201_delete_key()

◆ OP201_EMV_CPS11_derive_keys()

◆ OP201_get_data()

◆ OP201_get_install_token_signature_data()

◆ OP201_get_key_information_templates()

◆ OP201_get_load_token_signature_data()

◆ OP201_get_status()

◆ OP201_install_for_install()

◆ OP201_install_for_install_and_make_selectable()

◆ OP201_install_for_load()

◆ OP201_install_for_make_selectable()

◆ OP201_load()

◆ OP201_load_from_buffer()

◆ OP201_mutual_authentication()

◆ OP201_pin_change()

◆ OP201_put_3desKey()

◆ OP201_put_data()

◆ OP201_put_delegated_management_keys()