/* * * Copyright 2016,2020 NXP * SPDX-License-Identifier: Apache-2.0 */ /** * @par Description * This file defines the interface to an APDU transfer function supporting both * communication in the clear and channel encryption. * @par History * */ #ifndef SCP_H #define SCP_H #ifdef __cplusplus extern "C" { #endif #include "smCom.h" /// @cond #define HOST_CHANNEL_STATE_IDX 0 #define ADMIN_CHANNEL_STATE_IDX 1 /* Sizes used in SCP */ #define AES_KEY_LEN_nBYTE (16) #define DES_KEY_LEN_nBYTE (16) #define SCP_CRYPTOGRAM_SIZE (16) #define SCP_CHALLENGE_SIZE (8) #define SCP_KEY_SIZE (16) #define SCP_CMAC_SIZE (16) // length of the CMAC calculated (and used as MAC chaining value) #define SCP_COMMAND_MAC_SIZE (8) // length of the MAC appended in the APDU payload (8 'MSB's) /* defines used to indicate the command type */ #define C_MAC (0x01) #define C_ENC (0x02) #define R_MAC (0x10) #define R_ENC (0x20) #define SECLVL_CDEC_RENC_CMAC_RMAC (0x33) #define SCP02_SECLVL_CMAC (0x01) #define SCP02_SECLVL_CDEC_CMAC (0x03) #define SCP02_SECLVL_CDEC_CMAC_RMAC (0x13) #define SCP03_KEY_ID (0x01) #define PUT_KEYS_MULTIPLE_KEYS (0x80) #define PUT_KEYS_KEY_TYPE_CODING_AES (0x88) #define PUT_KEYS_KEY_IDENTIFIER ((PUT_KEYS_MULTIPLE_KEYS) | (SCP03_KEY_ID)) /* security levels, matching the CLA bytes for each level */ #define SECLVL_OFF (0x80) #define SECLVL_MAC (0xC0) #define SECLVL_ENC (0xE0) #define DD_INPUT_SIZE (32) #define DD_OFFSET_SESSION_COUNTER (10) #define DD_OFFSET_DD_CONSTANT (11) #define DD_OFFSET_L_MSB (13) #define DD_OFFSET_L_LSB (14) #define DD_OFFSET_I (15) #define DD_OFFSET_HOST_CHALLENGE (16) #define DD_OFFSET_CARD_CHALLENGE (24) #define DATA_CARD_CRYPTOGRAM (0x00) #define DATA_HOST_CRYPTOGRAM (0x01) #define DATA_DERIVATION_SENC (0x04) #define DATA_DERIVATION_SMAC (0x06) #define DATA_DERIVATION_SRMAC (0x07) #define DATA_DERIVATION_L_64BIT (0x0040) #define DATA_DERIVATION_L_128BIT (0x0080) #define DATA_DERIVATION_KDF_CTR (0x01) #define DD_LABEL_LEN 12 #define SCP_GP_IU_KEY_DIV_DATA_LEN 10 #define SCP_GP_IU_KEY_INFO_LEN 3 #define SCP02_GP_IU_KEY_INFO_LEN 2 #define SCP_GP_CARD_CHALLENGE_LEN 8 #define SCP02_GP_CARD_CHALLENGE_LEN 6 #define SCP_GP_HOST_CHALLENGE_LEN 8 #define SCP_GP_IU_CARD_CRYPTOGRAM_LEN 8 #define SCP_GP_IU_SEQ_COUNTER_LEN 3 #define SCP02_GP_IU_SEQ_COUNTER_LEN 2 #define SCP_GP_SW_LEN 2 #define CRYPTO_KEY_CHECK_LEN (3) #define SCP_MCV_LEN 16 // MAC Chaining Length /// @endcond /** * Enumerated type encoding the security level requested to be applied to the APDU. */ typedef enum { NO_C_MAC_NO_C_ENC_NO_R_MAC_NO_R_ENC = 0, //!< No security requested C_MAC_NO_C_ENC_R_MAC_NO_R_ENC = (C_MAC | R_MAC), //!< One apply MAC'ing (Not implemented) C_MAC_C_ENC_R_MAC_R_ENC = (C_MAC | C_ENC | R_MAC | R_ENC) //!< Apply full security } scp_CommandType_t; /** * Exchanges APDU, applies SCP03 encryption depending on \p type parameter and on the * authentication status of the SCP03 channel. * * @param[in] conn_ctx connection context * @param[in,out] pApdu apdu_t datastructure * @param[in] type encryption/mac request * * @retval ::SMCOM_OK Operation successful * @retval ::SMCOM_SND_FAILED Send Failed * @retval ::SMCOM_RCV_FAILED Receive Failed * @retval ::ERR_CRYPTO_ENGINE_FAILED Failure in crypto engine * @retval ::SCP_RSP_MAC_FAIL MAC on response failed to verify * @retval ::SCP_DECODE_FAIL Encrypted Response did not decode to correctly padded plaintext */ U32 scp_Transceive(void *conn_ctx, apdu_t * pApdu, scp_CommandType_t type); #ifdef __cplusplus } #endif #endif /* _SCP_H_ */