SEcube
SEcube Open Source Library - Device
se3c1def.h
Go to the documentation of this file.
1 
6 #pragma once
7 
8 #include "se3c0def.h"
9 
11 enum {
13  SE3_ERR_PIN = 101,
17  SE3_ERR_AUTH = 401
18 };
25 enum {
26  SE3_ACCESS_USER = 100,
27  SE3_ACCESS_ADMIN = 1000,
28  SE3_ACCESS_MAX = 0xFFFF
29 };
36 enum {
37  SE3_RECORD_SIZE = 32,
38  SE3_RECORD_MAX = 2
39 };
40 
42 enum {
43  SE3_RECORD_TYPE_ADMINPIN = 0,
44  SE3_RECORD_TYPE_USERPIN = 1
45 };
46 
48 enum {
49  SE3_L1_PIN_SIZE = 32,
50  SE3_L1_KEY_SIZE = 32,
51  SE3_L1_AUTH_SIZE = 16,
52  SE3_L1_CRYPTOBLOCK_SIZE = 16,
53  SE3_L1_CHALLENGE_SIZE = 32,
54  SE3_L1_CHALLENGE_ITERATIONS = 32,
55  SE3_L1_IV_SIZE = 16,
56  SE3_L1_TOKEN_SIZE = 16
57 };
58 
60 enum {
61  SE3_REQ1_OFFSET_AUTH = 0,
62  SE3_REQ1_OFFSET_IV = 16,
63  SE3_REQ1_OFFSET_TOKEN = 32,
64  SE3_REQ1_OFFSET_LEN = 48,
65  SE3_REQ1_OFFSET_CMD = 50,
66  SE3_REQ1_OFFSET_DATA = 64,
67 
68  SE3_REQ1_MAX_DATA = (SE3_REQ_MAX_DATA - SE3_REQ1_OFFSET_DATA)
69 };
70 
71 
73 enum {
74  SE3_RESP1_OFFSET_AUTH = 0,
75  SE3_RESP1_OFFSET_IV = 16,
76  SE3_RESP1_OFFSET_TOKEN = 32,
77  SE3_RESP1_OFFSET_LEN = 48,
78  SE3_RESP1_OFFSET_STATUS = 50,
79  SE3_RESP1_OFFSET_DATA = 64,
80 
81  SE3_RESP1_MAX_DATA = (SE3_RESP_MAX_DATA - SE3_RESP1_OFFSET_DATA)
82 };
83 
85 enum {
86  SE3_CMD1_CHALLENGE = 1,
87  SE3_CMD1_LOGIN = 2,
88  SE3_CMD1_LOGOUT = 3,
89  SE3_CMD1_CONFIG = 4,
90  SE3_CMD1_KEY_EDIT = 5,
91  SE3_CMD1_KEY_LIST = 6,
92  SE3_CMD1_CRYPTO_INIT = 7,
93  SE3_CMD1_CRYPTO_UPDATE = 8,
94  SE3_CMD1_CRYPTO_LIST = 9,
95  SE3_CMD1_CRYPTO_SET_TIME = 10
96 
97 };
98 
100 enum {
101  SE3_CONFIG_OP_GET = 1,
102  SE3_CONFIG_OP_SET = 2
103 };
104 
106 enum {
107  SE3_CMD1_CONFIG_REQ_OFF_ID = 0,
108  SE3_CMD1_CONFIG_REQ_OFF_OP = 2,
109  SE3_CMD1_CONFIG_REQ_OFF_VALUE = 4,
110  SE3_CMD1_CONFIG_RESP_OFF_VALUE = 0
111 };
112 
114 enum {
115  SE3_CMD1_CHALLENGE_REQ_OFF_CC1 = 0,
116  SE3_CMD1_CHALLENGE_REQ_OFF_CC2 = 32,
117  SE3_CMD1_CHALLENGE_REQ_OFF_ACCESS = 64,
118  SE3_CMD1_CHALLENGE_REQ_SIZE = 66,
119  SE3_CMD1_CHALLENGE_RESP_OFF_SC = 0,
120  SE3_CMD1_CHALLENGE_RESP_OFF_SRESP = 32,
121  SE3_CMD1_CHALLENGE_RESP_SIZE = 64
122 };
123 
125 enum {
126  SE3_CMD1_LOGIN_REQ_OFF_CRESP = 0,
127  SE3_CMD1_LOGIN_REQ_SIZE = 32,
128  SE3_CMD1_LOGIN_RESP_OFF_TOKEN = 0,
129  SE3_CMD1_LOGIN_RESP_SIZE = 16
130 };
131 
133 enum {
134  SE3_KEY_DATA_MAX = 2048,
135  SE3_KEY_NAME_MAX = 32
136 };
137 
143 enum {
147 };
153 enum {
154  SE3_CMD1_KEY_EDIT_REQ_OFF_OP = 0,
155  SE3_CMD1_KEY_EDIT_REQ_OFF_ID = 2,
156  SE3_CMD1_KEY_EDIT_REQ_OFF_VALIDITY = 6,
157  SE3_CMD1_KEY_EDIT_REQ_OFF_DATA_LEN = 10,
158  SE3_CMD1_KEY_EDIT_REQ_OFF_NAME_LEN = 12,
159  SE3_CMD1_KEY_EDIT_REQ_OFF_DATA_AND_NAME = 14
160 };
161 
162 
164 enum {
165  SE3_CMD1_KEY_LIST_REQ_SIZE = 4,
166  SE3_CMD1_KEY_LIST_REQ_OFF_SKIP = 0,
167  SE3_CMD1_KEY_LIST_REQ_OFF_NMAX = 2,
168  SE3_CMD1_KEY_LIST_RESP_OFF_COUNT = 0,
169  SE3_CMD1_KEY_LIST_RESP_OFF_KEYINFO = 2,
170 
171  SE3_CMD1_KEY_LIST_KEYINFO_OFF_ID = 0,
172  SE3_CMD1_KEY_LIST_KEYINFO_OFF_VALIDITY = 4,
173  SE3_CMD1_KEY_LIST_KEYINFO_OFF_DATA_LEN = 8,
174  SE3_CMD1_KEY_LIST_KEYINFO_OFF_NAME_LEN = 10,
175  SE3_CMD1_KEY_LIST_KEYINFO_OFF_NAME = 12
176 };
177 
179 enum {
180  SE3_ALGO_INVALID = 0xFFFF,
181  SE3_SESSION_INVALID = 0xFFFFFFFF,
182  SE3_KEY_INVALID = 0xFFFFFFFF
183 };
184 
185 
190 enum {
196 
197  SE3_ALGO_MAX = 8
198 };
204 enum {
205  SE3_CMD1_CRYPTO_INIT_REQ_SIZE = 8,
206  SE3_CMD1_CRYPTO_INIT_REQ_OFF_ALGO = 0,
207  SE3_CMD1_CRYPTO_INIT_REQ_OFF_MODE = 2,
208  SE3_CMD1_CRYPTO_INIT_REQ_OFF_KEY_ID = 4,
209  SE3_CMD1_CRYPTO_INIT_RESP_SIZE = 4,
210  SE3_CMD1_CRYPTO_INIT_RESP_OFF_SID = 0
211 };
212 
214 enum {
215  SE3_CMD1_CRYPTO_UPDATE_REQ_OFF_SID = 0,
216  SE3_CMD1_CRYPTO_UPDATE_REQ_OFF_FLAGS = 4,
217  SE3_CMD1_CRYPTO_UPDATE_REQ_OFF_DATAIN1_LEN = 6,
218  SE3_CMD1_CRYPTO_UPDATE_REQ_OFF_DATAIN2_LEN = 8,
219  SE3_CMD1_CRYPTO_UPDATE_REQ_OFF_DATA = 16,
220 
221  SE3_CMD1_CRYPTO_UPDATE_RESP_OFF_DATAOUT_LEN = 0,
222  SE3_CMD1_CRYPTO_UPDATE_RESP_OFF_DATA = 16
223 };
224 
226 enum {
227  SE3_CRYPTO_FLAG_FINIT = (1 << 15),
228  SE3_CRYPTO_FLAG_RESET = (1 << 14),
229  SE3_CRYPTO_FLAG_SETIV = SE3_CRYPTO_FLAG_RESET,
230  SE3_CRYPTO_FLAG_SETNONCE = (1 << 13),
231  SE3_CRYPTO_FLAG_AUTH = (1 << 12)
232 };
233 
235 enum {
236  SE3_CRYPTO_MAX_DATAIN = (SE3_REQ1_MAX_DATA - SE3_CMD1_CRYPTO_UPDATE_REQ_OFF_DATA),
237  SE3_CRYPTO_MAX_DATAOUT = (SE3_RESP1_MAX_DATA - SE3_CMD1_CRYPTO_UPDATE_RESP_OFF_DATA)
238 };
239 
241 enum {
242  SE3_CMD1_CRYPTO_SET_TIME_REQ_SIZE = 4,
243  SE3_CMD1_CRYPTO_SET_TIME_REQ_OFF_DEVTIME = 0
244 };
245 
247 enum {
248  SE3_CMD1_CRYPTO_LIST_REQ_SIZE = 0,
249  SE3_CMD1_CRYPTO_LIST_RESP_OFF_COUNT = 0,
250  SE3_CMD1_CRYPTO_LIST_RESP_OFF_ALGOINFO = 2,
251 
252  SE3_CMD1_CRYPTO_ALGOINFO_SIZE = 22,
253  SE3_CMD1_CRYPTO_ALGOINFO_OFF_NAME = 0,
254  SE3_CMD1_CRYPTO_ALGOINFO_OFF_TYPE = 16,
255  SE3_CMD1_CRYPTO_ALGOINFO_OFF_BLOCK_SIZE = 18,
256  SE3_CMD1_CRYPTO_ALGOINFO_OFF_KEY_SIZE = 20,
257 
258  SE3_CMD1_CRYPTO_ALGOINFO_NAME_SIZE = 16
259 };
260 
262 enum {
263  SE3_CRYPTO_TYPE_BLOCKCIPHER = 0,
264  SE3_CRYPTO_TYPE_STREAMCIPHER = 1,
265  SE3_CRYPTO_TYPE_DIGEST = 2,
266  SE3_CRYPTO_TYPE_BLOCKCIPHER_AUTH = 3,
267  SE3_CRYPTO_TYPE_OTHER = 0xFFFF
268 };
269 
270 #define SE3_DIR_SHIFT (8)
271 
278 enum {
279  SE3_FEEDBACK_ECB = 1,
280  SE3_FEEDBACK_CBC = 2,
281  SE3_FEEDBACK_OFB = 3,
282  SE3_FEEDBACK_CTR = 4,
283  SE3_FEEDBACK_CFB = 5,
284 
285  SE3_DIR_ENCRYPT = (1 << SE3_DIR_SHIFT),
286  SE3_DIR_DECRYPT = (2 << SE3_DIR_SHIFT)
287 };
288 
289 
290 // required for in-place encryption with AES
291 #if (SE3_CRYPTO_MAX_DATAIN % 16 != 0)
292 #error "SE3_CRYPTO_MAX_DATAIN is not a multiple of 16"
293 #endif
294 #if (SE3_CRYPTO_MAX_DATAOUT % 16 != 0)
295 #error "SE3_CRYPTO_MAX_DATAIN is not a multiple of 16"
296 #endif
297 #if (SE3_REQ1_MAX_DATA % 16 != 0)
298 #error "SE3_REQ1_MAX_DATA is not a multiple of 16"
299 #endif
300 #if (SE3_RESP1_MAX_DATA % 16 != 0)
301 #error "SE3_RESP1_MAX_DATA is not a multiple of 16"
302 #endif
303 #if (SE3_REQ1_OFFSET_DATA % 16 != 0)
304 #error "SE3_REQ1_OFFSET_DATA is not a multiple of 16"
305 #endif
306 #if (SE3_RESP1_OFFSET_DATA % 16 != 0)
307 #error "SE3_RESP1_OFFSET_DATA is not a multiple of 16"
308 #endif
AES.
Definition: se3c1def.h:191
SHA256.
Definition: se3c1def.h:192
resource expired
Definition: se3c1def.h:15
Definition: se3c1def.h:145
pin rejected
Definition: se3c1def.h:13
HMAC-SHA256.
Definition: se3c1def.h:193
Definition: se3c1def.h:144
resource not found
Definition: se3c1def.h:14
no more space to allocate resource
Definition: se3c1def.h:16
AES 256 + HMAC Auth TODO remove.
Definition: se3c1def.h:195
Definition: se3c1def.h:146
AES + HMAC-SHA256.
Definition: se3c1def.h:194
SHA256HMAC Authentication failed.
Definition: se3c1def.h:17
insufficient privileges
Definition: se3c1def.h:12