security.h

Go to the documentation of this file.

/*  Copyright (c) 2009, Karsten Ohme
 *  This file is part of GlobalPlatform.
 *
 *  GlobalPlatform is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Lesser General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  GlobalPlatform is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public License
 *  along with GlobalPlatform.  If not, see <http://www.gnu.org/licenses/>.
 */
 
#ifndef SECURITY_H_
#define SECURITY_H_
 
#ifdef __cplusplus
extern "C"
{
#endif
 
#include "types.h"
 
#define OP_201 201 
#define GP_211 211 
 
/* Secure Channel stuff */
 
#define GP211_SCP01 0x01 
#define GP211_SCP02 0x02 
#define GP211_SCP03 0x03 
 
#define GP211_SCP01_IMPL_i05 0x05
#define GP211_SCP01_IMPL_i15 0x15
 
#define GP211_SCP02_IMPL_i44 0x44
#define GP211_SCP02_IMPL_i45 0x45
#define GP211_SCP02_IMPL_i54 0x54
#define GP211_SCP02_IMPL_i55 0x55
#define GP211_SCP02_IMPL_i04 0x04
#define GP211_SCP02_IMPL_i05 0x05
#define GP211_SCP02_IMPL_i0A 0x0A
#define GP211_SCP02_IMPL_i0B 0x0B
#define GP211_SCP02_IMPL_i14 0x14
#define GP211_SCP02_IMPL_i15 0x15
#define GP211_SCP02_IMPL_i1A 0x1A
#define GP211_SCP02_IMPL_i1B 0x1B
 
#define GP211_SCP03_IMPL_i00 0x00
#define GP211_SCP03_IMPL_i10 0x10
 
#define GP211_SCP03_IMPL_i30 0x30
 
#define GP211_SCP03_IMPL_i20 0x20
 
#define GP211_SCP03_IMPL_i60 0x60
 
#define GP211_SCP03_IMPL_i70 0x70
 
#define GP211_SCP01_SECURITY_LEVEL_C_DEC_C_MAC 0x03 
#define GP211_SCP01_SECURITY_LEVEL_C_MAC 0x01 
#define GP211_SCP01_SECURITY_LEVEL_NO_SECURE_MESSAGING 0x00 
 
#define GP211_SCP02_SECURITY_LEVEL_C_DEC_C_MAC_R_MAC 0x13 
#define GP211_SCP02_SECURITY_LEVEL_C_MAC_R_MAC 0x11 
#define GP211_SCP02_SECURITY_LEVEL_R_MAC 0x10 
#define GP211_SCP02_SECURITY_LEVEL_C_DEC_C_MAC 0x03 
#define GP211_SCP02_SECURITY_LEVEL_C_MAC 0x01 
#define GP211_SCP02_SECURITY_LEVEL_NO_SECURE_MESSAGING 0x00 
 
// Philip Wendland: added SCP03 security level identifiers
#define GP211_SCP03_SECURITY_LEVEL_C_DEC_C_MAC 0x03 
#define GP211_SCP03_SECURITY_LEVEL_C_MAC 0x01 
#define GP211_SCP03_SECURITY_LEVEL_NO_SECURE_MESSAGING 0x00 
#define GP211_SCP03_SECURITY_LEVEL_C_DEC_R_ENC_C_MAC_R_MAC 0x33 
#define GP211_SCP03_SECURITY_LEVEL_C_DEC_C_MAC_R_MAC 0x13 
#define GP211_SCP03_SECURITY_LEVEL_C_DEC_C_MAC_R_ENC_R_MAC 0x33 
#define GP211_SCP03_SECURITY_LEVEL_C_MAC_R_MAC 0x11 
#define GP211_SCP03_SECURITY_LEVEL_R_MAC 0x10 
#define GP211_SCP03_SECURITY_LEVEL_R_ENC_R_MAC 0x30 
 
#define GP211_KEY_TYPE_RSA_PUB_N 0xA1 
#define GP211_KEY_TYPE_RSA_PUB_E 0xA0 
#define GP211_KEY_TYPE_RSA_PRIV_N 0xA2 
#define GP211_KEY_TYPE_RSA_PRIV_D 0xA3 
#define GP211_KEY_TYPE_RSA_PRIV_P 0xA4 
#define GP211_KEY_TYPE_RSA_PRIV_Q 0xA5 
#define GP211_KEY_TYPE_RSA_PRIV_PQ 0xA6 
#define GP211_KEY_TYPE_RSA_PRIV_DP1 0xA7 
#define GP211_KEY_TYPE_RSA_PRIV_DQ1 0xA8 
 
 
#define GP211_KEY_TYPE_3DES 0x81 
#define GP211_KEY_TYPE_DES 0x80 
#define GP211_KEY_TYPE_3DES_CBC 0x82 
#define GP211_KEY_TYPE_DES_ECB 0x83 
#define GP211_KEY_TYPE_DES_CBC 0x84 
#define GP211_KEY_TYPE_PSK_TLS 0x85 
#define GP211_KEY_TYPE_AES 0x88 
 
#define OP201_SECURITY_LEVEL_ENC_MAC 0x03 
#define OP201_SECURITY_LEVEL_MAC 0x01 
#define OP201_SECURITY_LEVEL_PLAIN 0x00 
 
#define OP201_KEY_TYPE_RSA_PUP_N 0xA1 
#define OP201_KEY_TYPE_RSA_PUP_E 0xA0 
#define OP201_KEY_TYPE_DES 0x80 
#define OP201_KEY_TYPE_DES_ECB 0x81 
#define OP201_KEY_TYPE_DES_CBC 0x82 
 
typedef struct {
        BYTE securityLevel; 
        BYTE sessionMacKey[16]; 
        BYTE sessionEncKey[16]; 
        BYTE lastMac[8]; 
        /* Augusto: added two more attributes for key information */
        BYTE keySetVersion; 
        BYTE keyIndex; 
        /* end */
} OP201_SECURITY_INFO;
 
 
typedef struct {
        BYTE securityLevel; 
        BYTE secureChannelProtocol; 
        BYTE secureChannelProtocolImpl; 
        BYTE C_MACSessionKey[32]; 
        BYTE R_MACSessionKey[32]; 
        BYTE encryptionSessionKey[32]; 
        BYTE dataEncryptionSessionKey[32]; 
    /*
     * Philip Wendland: lastC_MAC must be 16 Bytes for SCP03 because the MAC chaining value
     * for MAC code generation is 16 Bytes (according to GP 2.2 Amendment D), not 8.
     */
    BYTE lastC_MAC[16]; 
        BYTE lastR_MAC[8]; 
        /* Augusto: added two more attributes for key information */
        BYTE keySetVersion; 
        BYTE keyIndex; 
        BYTE invokingAid[16]; 
        DWORD invokingAidLength; 
        LONG sessionEncryptionCounter; 
        DWORD keyLength; 
} GP211_SECURITY_INFO;
 
typedef struct {
        BYTE securityDomainAIDLength; 
        BYTE securityDomainAID[16]; 
        BYTE signatureLength; 
        BYTE signature[128]; 
} OP201_DAP_BLOCK, OP201_RSA_DAP_BLOCK, OP201_3DES_DAP_BLOCK;
 
 
 
typedef struct {
        BYTE receiptLength; 
        BYTE receipt[8]; 
        BYTE confirmationCounterLength; 
        BYTE confirmationCounter[2]; 
        BYTE cardUniqueDataLength; 
        BYTE cardUniqueData[10]; 
} OP201_RECEIPT_DATA;
 
 
 
 
typedef struct {
        BYTE keySetVersion; 
        BYTE keyIndex; 
        BYTE keyType; 
        BYTE keyLength; 
} OP201_KEY_INFORMATION;
 
typedef struct {
        BYTE securityDomainAIDLength; 
        BYTE securityDomainAID[16]; 
        BYTE signatureLength; 
        BYTE signature[128]; 
} GP211_DAP_BLOCK, GP211_RSA_DAP_BLOCK, GP211_3DES_DAP_BLOCK;
 
 
typedef struct {
        BYTE receiptLength; 
        BYTE receipt[8]; 
        BYTE confirmationCounterLength; 
        BYTE confirmationCounter[2]; 
        BYTE cardUniqueDataLength; 
        BYTE cardUniqueData[10]; 
} GP211_RECEIPT_DATA;
 
 
typedef struct {
        BYTE keySetVersion; 
        BYTE keyIndex; 
        BYTE keyType; 
        USHORT keyLength; 
        BYTE keyUsage; 
        BYTE keyAccess; 
} GP211_KEY_INFORMATION;
 
 
#ifdef __cplusplus
}
#endif
#endif /* SECURITY_H_ */