globalplatform/api/security_8h_source.html

/*  Copyright (c) 2009, Karsten Ohme

 *  This file is part of GlobalPlatform.

 *

 *  GlobalPlatform is free software: you can redistribute it and/or modify

 *  it under the terms of the GNU Lesser General Public License as published by

 *  the Free Software Foundation, either version 3 of the License, or

 *  (at your option) any later version.

 *

 *  GlobalPlatform is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU Lesser General Public License for more details.

 *

 *  You should have received a copy of the GNU Lesser General Public License

 *  along with GlobalPlatform.  If not, see <http://www.gnu.org/licenses/>.

 */


#ifndef SECURITY_H_

#define SECURITY_H_


#ifdef __cplusplus

extern "C"

{

#endif


#include "types.h"


#define OP_201 201

#define GP_211 211


/* Secure Channel stuff */


#define GP211_SCP01 0x01

#define GP211_SCP02 0x02

#define GP211_SCP03 0x03


#define GP211_SCP01_IMPL_i05 0x05


#define GP211_SCP01_IMPL_i15 0x15


#define GP211_SCP02_IMPL_i44 0x44


#define GP211_SCP02_IMPL_i45 0x45


#define GP211_SCP02_IMPL_i54 0x54


#define GP211_SCP02_IMPL_i55 0x55


#define GP211_SCP02_IMPL_i04 0x04


#define GP211_SCP02_IMPL_i05 0x05


#define GP211_SCP02_IMPL_i0A 0x0A


#define GP211_SCP02_IMPL_i0B 0x0B


#define GP211_SCP02_IMPL_i14 0x14


#define GP211_SCP02_IMPL_i15 0x15


#define GP211_SCP02_IMPL_i1A 0x1A


#define GP211_SCP02_IMPL_i1B 0x1B


#define GP211_SCP03_IMPL_i00 0x00


#define GP211_SCP03_IMPL_i10 0x10


#define GP211_SCP03_IMPL_i30 0x30


#define GP211_SCP03_IMPL_i20 0x20


#define GP211_SCP03_IMPL_i60 0x60


#define GP211_SCP03_IMPL_i70 0x70


#define GP211_SCP01_SECURITY_LEVEL_C_DEC_C_MAC 0x03

#define GP211_SCP01_SECURITY_LEVEL_C_MAC 0x01

#define GP211_SCP01_SECURITY_LEVEL_NO_SECURE_MESSAGING 0x00


#define GP211_SCP02_SECURITY_LEVEL_C_DEC_C_MAC_R_MAC 0x13

#define GP211_SCP02_SECURITY_LEVEL_C_MAC_R_MAC 0x11

#define GP211_SCP02_SECURITY_LEVEL_R_MAC 0x10

#define GP211_SCP02_SECURITY_LEVEL_C_DEC_C_MAC 0x03

#define GP211_SCP02_SECURITY_LEVEL_C_MAC 0x01

#define GP211_SCP02_SECURITY_LEVEL_NO_SECURE_MESSAGING 0x00


// Philip Wendland: added SCP03 security level identifiers

#define GP211_SCP03_SECURITY_LEVEL_C_DEC_C_MAC 0x03

#define GP211_SCP03_SECURITY_LEVEL_C_MAC 0x01

#define GP211_SCP03_SECURITY_LEVEL_NO_SECURE_MESSAGING 0x00

#define GP211_SCP03_SECURITY_LEVEL_C_DEC_R_ENC_C_MAC_R_MAC 0x33

#define GP211_SCP03_SECURITY_LEVEL_C_DEC_C_MAC_R_MAC 0x13

#define GP211_SCP03_SECURITY_LEVEL_C_DEC_C_MAC_R_ENC_R_MAC 0x33

#define GP211_SCP03_SECURITY_LEVEL_C_MAC_R_MAC 0x11

#define GP211_SCP03_SECURITY_LEVEL_R_MAC 0x10

#define GP211_SCP03_SECURITY_LEVEL_R_ENC_R_MAC 0x30


#define GP211_KEY_TYPE_RSA_PUB_N 0xA1

#define GP211_KEY_TYPE_RSA_PUB_E 0xA0

#define GP211_KEY_TYPE_RSA_PRIV_N 0xA2

#define GP211_KEY_TYPE_RSA_PRIV_D 0xA3

#define GP211_KEY_TYPE_RSA_PRIV_P 0xA4

#define GP211_KEY_TYPE_RSA_PRIV_Q 0xA5

#define GP211_KEY_TYPE_RSA_PRIV_PQ 0xA6

#define GP211_KEY_TYPE_RSA_PRIV_DP1 0xA7

#define GP211_KEY_TYPE_RSA_PRIV_DQ1 0xA8


#define GP211_KEY_TYPE_3DES 0x81

#define GP211_KEY_TYPE_DES 0x80

#define GP211_KEY_TYPE_3DES_CBC 0x82

#define GP211_KEY_TYPE_DES_ECB 0x83

#define GP211_KEY_TYPE_DES_CBC 0x84

#define GP211_KEY_TYPE_PSK_TLS 0x85

#define GP211_KEY_TYPE_AES 0x88


#define OP201_SECURITY_LEVEL_ENC_MAC 0x03

#define OP201_SECURITY_LEVEL_MAC 0x01

#define OP201_SECURITY_LEVEL_PLAIN 0x00


#define OP201_KEY_TYPE_RSA_PUP_N 0xA1

#define OP201_KEY_TYPE_RSA_PUP_E 0xA0

#define OP201_KEY_TYPE_DES 0x80

#define OP201_KEY_TYPE_DES_ECB 0x81

#define OP201_KEY_TYPE_DES_CBC 0x82


typedef struct {

        BYTE securityLevel;

        BYTE sessionMacKey[16];

        BYTE sessionEncKey[16];

        BYTE lastMac[8];

        /* Augusto: added two more attributes for key information */

        BYTE keySetVersion;

        BYTE keyIndex;

        /* end */

} OP201_SECURITY_INFO;


typedef struct {

        BYTE securityLevel;

        BYTE secureChannelProtocol;

        BYTE secureChannelProtocolImpl;

        BYTE C_MACSessionKey[16];

        BYTE R_MACSessionKey[16];

        BYTE encryptionSessionKey[16];

        BYTE dataEncryptionSessionKey[16];

    /*

     * Philip Wendland: lastC_MAC must be 16 Bytes for SCP03 because the MAC chaining value

     * for MAC code generation is 16 Bytes (according to GP 2.2 Amendment D), not 8.

     * TODO This probably affects R_MAC too.

     */

    BYTE lastC_MAC[16];

        BYTE lastR_MAC[8];

        /* Augusto: added two more attributes for key information */

        BYTE keySetVersion;

        BYTE keyIndex;

        BYTE invokingAid[16];

        DWORD invokingAidLength;

        LONG sessionEncryptionCounter;

} GP211_SECURITY_INFO;


typedef struct {

        BYTE securityDomainAIDLength;

        BYTE securityDomainAID[16];

        BYTE signatureLength;

        BYTE signature[128];

} OP201_DAP_BLOCK, OP201_RSA_DAP_BLOCK, OP201_3DES_DAP_BLOCK;


typedef struct {

        BYTE receiptLength;

        BYTE receipt[8];

        BYTE confirmationCounterLength;

        BYTE confirmationCounter[2];

        BYTE cardUniqueDataLength;

        BYTE cardUniqueData[10];

} OP201_RECEIPT_DATA;


typedef struct {

        BYTE keySetVersion;

        BYTE keyIndex;

        BYTE keyType;

        BYTE keyLength;

} OP201_KEY_INFORMATION;


typedef struct {

        BYTE securityDomainAIDLength;

        BYTE securityDomainAID[16];

        BYTE signatureLength;

        BYTE signature[128];

} GP211_DAP_BLOCK, GP211_RSA_DAP_BLOCK, GP211_3DES_DAP_BLOCK;


typedef struct {

        BYTE receiptLength;

        BYTE receipt[8];

        BYTE confirmationCounterLength;

        BYTE confirmationCounter[2];

        BYTE cardUniqueDataLength;

        BYTE cardUniqueData[10];

} GP211_RECEIPT_DATA;


typedef struct {

        BYTE keySetVersion;

        BYTE keyIndex;

        BYTE keyType;

        USHORT keyLength;

        BYTE keyUsage;

        BYTE keyAccess;

} GP211_KEY_INFORMATION;


#ifdef __cplusplus

}

#endif

#endif /* SECURITY_H_ */