| /* |
| * |
| * Copyright 2019,2020 NXP |
| * SPDX-License-Identifier: Apache-2.0 |
| */ |
| |
| #ifndef FSL_SSS_SE05X_CONST_H |
| #define FSL_SSS_SE05X_CONST_H |
| |
| #if defined(SSS_USE_FTR_FILE) |
| #include "fsl_sss_ftr.h" |
| #else |
| #include "fsl_sss_ftr_default.h" |
| #endif |
| |
| #if SSS_HAVE_APPLET_SE05X_IOT |
| |
| #include <se05x_ftr.h> |
| |
| #define SE05X_SESSIONID_LEN (8) |
| |
| /* See MAX_APDU_PAYLOAD_LENGTH in SE05x APDU Specifications. |
| * |
| * Using 892 so that buffer boundaries are potentially word aligned for Se050. |
| * Using 1024 for Se051. |
| * And expecting a failure from OnCard in case host sends a |
| * larger than expected buffer. |
| * Please note, depending on choice of: |
| * {No Auth | UserID Auth | Applet SCP | Fast SCP } |
| * and combination of either of above along with Platform SCP, |
| * there is no easy way how many Exact bytes the host can |
| * send to SE05x. |
| */ |
| #if SSS_HAVE_SE05X_VER_GTE_06_00 |
| /* SE051 MAX_APDU_PAYLOAD_LENGTH 1024 */ |
| #define SE05X_MAX_BUF_SIZE_CMD (1024) |
| #define SE05X_MAX_BUF_SIZE_RSP (1024) |
| #else |
| /* SE050 MAX_APDU_PAYLOAD_LENGTH 892 */ |
| #define SE05X_MAX_BUF_SIZE_CMD (892) |
| #define SE05X_MAX_BUF_SIZE_RSP (892) |
| #endif |
| |
| #define SE050_MODULE_UNIQUE_ID_LEN 18 |
| |
| #define SE05X_I2CM_MAX_BUF_SIZE_CMD (271) |
| #define SE05X_I2CM_MAX_BUF_SIZE_RSP (271) |
| #define SE05X_I2CM_MAX_TIMESTAMP_SIZE (12) |
| #define SE05X_I2CM_MAX_FRESHNESS_SIZE (16) |
| #define SE05X_I2CM_MAX_CHIP_ID_SIZE (18) |
| |
| /** How many attestation records |
| * |
| * Whle reading RSA Objects, modulus and public exporent get attested separately, */ |
| |
| #define SE05X_MAX_ATTST_DATA 2 |
| |
| #if SE05X_FTR_32BIT_CURVE_ID |
| #define START_SE05X_ID_CURVE_START (0x7E000000) |
| #else |
| #define START_SE05X_ID_CURVE_START (0) |
| #endif |
| |
| #define CIPHER_BLOCK_SIZE 16 |
| #define AEAD_BLOCK_SIZE 16 |
| #define BINARY_WRITE_MAX_LEN 500 |
| |
| enum Se05x_SYMM_CIPHER_MODES |
| { |
| Se05x_SYMM_MODE_NONE = 0x00, |
| Se05x_SYMM_CBC = 0x01, |
| Se05x_SYMM_EBC = 0x02, |
| Se05x_SYMM_CTR = 0x08, /* For AES */ |
| }; |
| |
| enum Se05x_AES_PADDING |
| { |
| Se05x_AES_PADDING_NONE = 0x00, |
| Se05x_AES_PAD_NOPAD = 0x01, |
| Se05x_AES_PAD_ISO9797_M1 = 0x02, |
| Se05x_AES_PAD_ISO9797_M2 = 0x03, |
| }; |
| |
| enum Se05x_SHA_TYPE |
| { |
| Se05x_SHA_1 = 0x00, |
| Se05x_SHA_256 = 0x04, |
| Se05x_SHA_384 = 0x05, |
| Se05x_SHA_512 = 0x06, |
| }; |
| |
| enum Se05x_MAC_TYPE |
| { |
| Se05x_CMAC = 0x0A, |
| }; |
| |
| enum Se05x_MAC_Sign_verify |
| { |
| Se05x_MAC_Sign = 0x00, |
| Se05x_MAC_Verify = 0x01, |
| }; |
| |
| enum Se05x_I2CM_RESULT_TYPE |
| { |
| Se05x_I2CM_RESULT_SUCCESS = 0xA5, |
| Se05x_I2CM_RESULT_FAILURE = 0x96 // The APDU spec defines this as 0x5A, implementation deviates! |
| }; |
| |
| #define MAX_OBJ_PCR_VALUE_SIZE 32 |
| #define MAX_POLICY_BUFFER_SIZE 256 |
| #define MAX_OBJ_POLICY_SIZE 47 |
| #define MAX_OBJ_POLICY_TYPES 6 |
| #define DEFAULT_OBJECT_POLICY_SIZE 8 |
| #define OBJ_POLICY_HEADER_OFFSET 5 |
| #define OBJ_POLICY_LENGTH_OFFSET 0 |
| #define OBJ_POLICY_AUTHID_OFFSET 1 |
| #define OBJ_POLICY_EXT_OFFSET 9 |
| #define OBJ_POLICY_PCR_DATA_SIZE (4 + MAX_OBJ_PCR_VALUE_SIZE) /*4 bytes PCR Obj id + 32 bytes PCR value*/ |
| #define OBJ_POLICY_AUTH_DATA_SIZE 2 |
| |
| #define SESSION_POLICY_LENGTH_OFFSET 0 |
| #define SESSION_POLICY_AR_HEADER_OFFSET 1 |
| #define DEFAULT_SESSION_POLICY_SIZE 3 |
| |
| |
| /*below bitmaps are set according to Se050 Applet implementation |
| Byte Ordering for Policy header:B1 B2 B3 B4 |
| bits ordering |
| b8 b7 b6 b5 b4 b3 b2 b1 |
| example : B1b8 : 0x80000000 |
| */ |
| |
| /* Access Rules for Object Policy*/ |
| #define POLICY_OBJ_FORBID_ALL 0x20000000 |
| #define POLICY_OBJ_ALLOW_SIGN 0x10000000 |
| #define POLICY_OBJ_ALLOW_VERIFY 0x08000000 |
| #define POLICY_OBJ_ALLOW_KA 0x04000000 |
| #define POLICY_OBJ_ALLOW_ENC 0x02000000 |
| #define POLICY_OBJ_ALLOW_DEC 0x01000000 |
| #define POLICY_OBJ_ALLOW_KDF 0x00800000 |
| #define POLICY_OBJ_ALLOW_WRAP 0x00400000 |
| #define POLICY_OBJ_ALLOW_READ 0x00200000 |
| #define POLICY_OBJ_ALLOW_WRITE 0x00100000 |
| #define POLICY_OBJ_ALLOW_GEN 0x00080000 |
| #define POLICY_OBJ_ALLOW_DELETE 0x00040000 |
| #define POLICY_OBJ_REQUIRE_SM 0x00020000 |
| #define POLICY_OBJ_REQUIRE_PCR_VALUE 0x00010000 |
| #define POLICY_OBJ_ALLOW_ATTESTATION 0x00008000 |
| #define POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION 0x00004000 |
| #define POLICY_OBJ_ALLOW_DESFIRE_DUMP_SESSION_KEYS 0x00002000 |
| #define POLICY_OBJ_ALLOW_IMPORT_EXPORT 0x00001000 |
| #if SSS_HAVE_SE05X_VER_GTE_06_00 // 4.4 |
| #define POLICY_OBJ_FORBID_DERIVED_OUTPUT 0x00000800 |
| #endif |
| #if SSS_HAVE_SE05X_VER_GTE_06_00 // 5.4 |
| #define POLICY_OBJ_ALLOW_KDF_EXT_RANDOM 0x00000400 |
| #endif |
| |
| /* Access Rules for Session Policy*/ |
| #define POLICY_SESSION_MAX_APDU 0x8000 |
| #define POLICY_SESSION_MAX_TIME 0x4000 |
| #define POLICY_SESSION_ALLOW_REFRESH 0x2000 |
| /**/ |
| |
| #endif /* SSS_HAVE_APPLET_SE05X_IOT */ |
| |
| #endif /* FSL_SSS_SE05X_CONST_H */ |