cryptnox-sdk-arduino 1.0.0
Arduino library for Cryptnox Hardware Wallet
Loading...
Searching...
No Matches
CW_Defs.h File Reference

Shared constants, error codes, and session state for the SDK. More...

#include "platform_compat.h"
#include "CW_Utils.h"
Include dependency graph for CW_Defs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  CW_SecureSession
 Holds cryptographic session state for reentrant secure channel operations. More...

Macros

#define CW_AESKEY_SIZE   (32U)
#define CW_MACKEY_SIZE   (32U)
#define CW_IV_SIZE   (16U)
#define CW_OK   (0x00U)
#define CW_NOK   (0x01U)
#define CW_INVALID_SESSION   (0x02U)
#define CW_SIGN_CURR_K1   (0x00U)
#define CW_SIGN_CURR_R1   (0x10U)
#define CW_SIGN_DERIVE_K1   (0x01U)
#define CW_SIGN_DERIVE_R1   (0x11U)
#define CW_SIGN_PINLESS_K1   (0x03U)
#define CW_SIGN_WITH_PIN   (false)
#define CW_SIGN_PINLESS   (true)
#define CW_SIGN_SIG_ECDSA_LOW_S   (0x00U)
#define CW_SIGN_SIG_ECDSA_EOSIO   (0x01U)
#define CW_SIGN_SIG_SCHNORR_BIP340   (0x02U)
#define CW_SIGN_KEY_TOO_SHORT   (0x80U)
#define CW_SIGN_NO_KEY_LOADED   (0x81U)
#define CW_SIGN_PIN_INCORRECT   (0x82U)
#define CW_SIGN_KEY_TOO_SHORT_WITH_PINLESS_MODE   (0x83U)
#define CW_RAW_SIGNATURE_SIZE   (64U)
#define CW_HASH_SIZE   (32U)
#define CW_MAX_DERIVE_PATH_LENGTH   (20U)
#define CW_MIN_PIN_LENGTH   (4U)
#define CW_MAX_PIN_LENGTH   (9U)
#define CW_USER_DATA_PAGE_SIZE   (208U)
#define CW_CONNECT_MAX_ATTEMPTS   (5U)
#define CW_SIG_R_OFFSET   (0U)
#define CW_SIG_S_OFFSET   (32U)
#define CW_DER_TAG_SEQUENCE   (0x30U)
#define CW_DER_TAG_INTEGER   (0x02U)
#define CW_CERT_NONCE_SIZE   (8U)
#define CW_CERT_OK   (0x00U)
#define CW_CERT_FORMAT_ERROR   (0x10U)
#define CW_CERT_NONCE_MISMATCH   (0x11U)
#define CW_CERT_CARD_SIG_INVALID   (0x12U)
#define CW_CERT_MANUF_SIG_INVALID   (0x13U)
#define CW_CERT_KEY_NOT_FOUND   (0x14U)
#define CW_MANUF_CERT_MAX_BYTES   (420U)
#define CW_VERIFY_CERT   1
#define CW_DEBUG_LOGGING   0

Enumerations

enum  CW_Curve { CW_CURVE_SECP256R1 = 0 , CW_CURVE_SECP256K1 = 1 }
 Portable curve identifier used throughout the SDK. More...

Detailed Description

Shared constants, error codes, and session state for the SDK.

Defines:

  • AES session key / IV sizes
  • Generic and SIGN-specific error codes (CW_OK, CW_NOK, CW_SIGN_*)
  • SIGN APDU parameter values (key types, signature types, PIN/PIN-less)
  • Buffer and protocol size limits
  • Certificate verification result codes (CW_CERT_*)
  • CW_Curve enum (portable curve identifier)
  • CW_SecureSession (encryption + MAC keys + rolling IV)
  • Compile-time security gates: CW_VERIFY_CERT, CW_DEBUG_LOGGING

Definition in file CW_Defs.h.

Macro Definition Documentation

◆ CW_AESKEY_SIZE

#define CW_AESKEY_SIZE   (32U)

AES-256 session encryption key size in bytes

Definition at line 75 of file CW_Defs.h.

Referenced by CryptnoxWallet::isSecureChannelOpen(), and CW_SecureChannel::mutuallyAuthenticate().

◆ CW_CERT_CARD_SIG_INVALID

#define CW_CERT_CARD_SIG_INVALID   (0x12U)

Card cert ECDSA sig failed

Definition at line 130 of file CW_Defs.h.

Referenced by CW_SecureChannel::verifyCertificateChain().

◆ CW_CERT_FORMAT_ERROR

#define CW_CERT_FORMAT_ERROR   (0x10U)

Malformed certificate data

Definition at line 128 of file CW_Defs.h.

Referenced by CW_SecureChannel::verifyCertificateChain().

◆ CW_CERT_KEY_NOT_FOUND

#define CW_CERT_KEY_NOT_FOUND   (0x14U)

Device public key OID not found

Definition at line 132 of file CW_Defs.h.

Referenced by CW_SecureChannel::verifyCertificateChain().

◆ CW_CERT_MANUF_SIG_INVALID

#define CW_CERT_MANUF_SIG_INVALID   (0x13U)

Manufacturer cert ECDSA sig failed

Definition at line 131 of file CW_Defs.h.

Referenced by CW_SecureChannel::verifyCertificateChain().

◆ CW_CERT_NONCE_MISMATCH

#define CW_CERT_NONCE_MISMATCH   (0x11U)

Challenge nonce not echoed

Definition at line 129 of file CW_Defs.h.

Referenced by CW_SecureChannel::verifyCertificateChain().

◆ CW_CERT_NONCE_SIZE

#define CW_CERT_NONCE_SIZE   (8U)

Challenge nonce length in bytes

Definition at line 124 of file CW_Defs.h.

Referenced by CW_SecureChannel::verifyCertificateChain().

◆ CW_CERT_OK

#define CW_CERT_OK   (0x00U)

Certificate chain verified

Definition at line 127 of file CW_Defs.h.

Referenced by CryptnoxWallet::establishSecureChannel(), and CW_SecureChannel::verifyCertificateChain().

◆ CW_CONNECT_MAX_ATTEMPTS

#define CW_CONNECT_MAX_ATTEMPTS   (5U)

Max NFC connection retry attempts

Definition at line 113 of file CW_Defs.h.

Referenced by CryptnoxWallet::connect().

◆ CW_DEBUG_LOGGING

#define CW_DEBUG_LOGGING   0

Set to 1 to enable library-internal debug logging via CW_Logger.

Off by default. Enabling it kills flash optimisation — measured on Arduino UNO R4 (Renesas RA4M1): +149 KB flash, +6 KB SRAM (31 % → 88 % of a 256 KB image on the Sign example). Same order of magnitude on every constrained MCU.

Also leaks session state over UART (SEC-012). Bring-up only, never in release builds.

Definition at line 215 of file CW_Defs.h.

◆ CW_DER_TAG_INTEGER

#define CW_DER_TAG_INTEGER   (0x02U)

Definition at line 121 of file CW_Defs.h.

Referenced by CryptnoxWallet::parseDerSignature().

◆ CW_DER_TAG_SEQUENCE

#define CW_DER_TAG_SEQUENCE   (0x30U)

Definition at line 120 of file CW_Defs.h.

Referenced by CryptnoxWallet::extractRawSignature(), and CryptnoxWallet::parseDerSignature().

◆ CW_HASH_SIZE

#define CW_HASH_SIZE   (32U)

Standard hash size

Examples
BasicUsage.ino, Sign.ino, and UsdcSigning.ino.

Definition at line 108 of file CW_Defs.h.

Referenced by CryptnoxWallet::buildSignPayload(), loop(), setup(), CryptnoxWallet::sign(), and CryptnoxWallet::validateSignRequest().

◆ CW_INVALID_SESSION

#define CW_INVALID_SESSION   (0x02U)

Invalid session

Definition at line 82 of file CW_Defs.h.

Referenced by CryptnoxWallet::validateSignRequest().

◆ CW_IV_SIZE

#define CW_IV_SIZE   (16U)

AES-CBC IV size in bytes

Definition at line 77 of file CW_Defs.h.

Referenced by CW_SecureChannel::aesCbcEncrypt(), and CW_SecureChannel::mutuallyAuthenticate().

◆ CW_MACKEY_SIZE

#define CW_MACKEY_SIZE   (32U)

AES-256 session MAC key size in bytes

Definition at line 76 of file CW_Defs.h.

Referenced by CW_SecureChannel::mutuallyAuthenticate().

◆ CW_MANUF_CERT_MAX_BYTES

#define CW_MANUF_CERT_MAX_BYTES   (420U)

Definition at line 136 of file CW_Defs.h.

Referenced by CW_SecureChannel::getManufacturerCertificate().

◆ CW_MAX_DERIVE_PATH_LENGTH

#define CW_MAX_DERIVE_PATH_LENGTH   (20U)

Max BIP32 path bytes

Definition at line 109 of file CW_Defs.h.

Referenced by CryptnoxWallet::buildSignPayload(), and CryptnoxWallet::sign().

◆ CW_MAX_PIN_LENGTH

#define CW_MAX_PIN_LENGTH   (9U)

Maximum PIN length

Definition at line 111 of file CW_Defs.h.

Referenced by CryptnoxWallet::buildSignPayload(), CryptnoxWallet::sign(), CryptnoxWallet::validateSignRequest(), and CryptnoxWallet::verifyPin().

◆ CW_MIN_PIN_LENGTH

#define CW_MIN_PIN_LENGTH   (4U)

Minimum PIN length

Definition at line 110 of file CW_Defs.h.

Referenced by CryptnoxWallet::validateSignRequest(), and CryptnoxWallet::verifyPin().

◆ CW_NOK

#define CW_NOK   (0x01U)

NOK

Definition at line 81 of file CW_Defs.h.

Referenced by CW_SignResult::CW_SignResult(), and CryptnoxWallet::extractRawSignature().

◆ CW_OK

#define CW_OK   (0x00U)

OK

Examples
BasicUsage.ino, Sign.ino, and UsdcSigning.ino.

Definition at line 80 of file CW_Defs.h.

Referenced by loop(), setup(), and CryptnoxWallet::sign().

◆ CW_RAW_SIGNATURE_SIZE

#define CW_RAW_SIGNATURE_SIZE   (64U)

Raw signature (r[32] + s[32])

Definition at line 107 of file CW_Defs.h.

Referenced by CryptnoxWallet::debugPrintSignature(), and CryptnoxWallet::extractRawSignature().

◆ CW_SIG_R_OFFSET

#define CW_SIG_R_OFFSET   (0U)

Byte offset of the r component

Examples
BasicUsage.ino, and Sign.ino.

Definition at line 116 of file CW_Defs.h.

Referenced by loop().

◆ CW_SIG_S_OFFSET

#define CW_SIG_S_OFFSET   (32U)

Byte offset of the s component

Examples
BasicUsage.ino, and Sign.ino.

Definition at line 117 of file CW_Defs.h.

Referenced by loop().

◆ CW_SIGN_CURR_K1

#define CW_SIGN_CURR_K1   (0x00U)

Current key (k1)

Examples
BasicUsage.ino, and Sign.ino.

Definition at line 85 of file CW_Defs.h.

Referenced by CW_SignRequest::CW_SignRequest(), and loop().

◆ CW_SIGN_CURR_R1

#define CW_SIGN_CURR_R1   (0x10U)

Current key (r1)

Definition at line 86 of file CW_Defs.h.

◆ CW_SIGN_DERIVE_K1

#define CW_SIGN_DERIVE_K1   (0x01U)

Derive with k1 curve

Examples
UsdcSigning.ino.

Definition at line 87 of file CW_Defs.h.

Referenced by CryptnoxWallet::buildSignPayload(), and setup().

◆ CW_SIGN_DERIVE_R1

#define CW_SIGN_DERIVE_R1   (0x11U)

Derive with r1 curve

Definition at line 88 of file CW_Defs.h.

Referenced by CryptnoxWallet::buildSignPayload().

◆ CW_SIGN_KEY_TOO_SHORT

#define CW_SIGN_KEY_TOO_SHORT   (0x80U)

Definition at line 101 of file CW_Defs.h.

Referenced by CryptnoxWallet::validateSignRequest().

◆ CW_SIGN_KEY_TOO_SHORT_WITH_PINLESS_MODE

#define CW_SIGN_KEY_TOO_SHORT_WITH_PINLESS_MODE   (0x83U)

Definition at line 104 of file CW_Defs.h.

Referenced by CryptnoxWallet::validateSignRequest().

◆ CW_SIGN_NO_KEY_LOADED

#define CW_SIGN_NO_KEY_LOADED   (0x81U)
Examples
UsdcSigning.ino.

Definition at line 102 of file CW_Defs.h.

Referenced by CryptnoxWallet::sendSignApdu(), and setup().

◆ CW_SIGN_PIN_INCORRECT

#define CW_SIGN_PIN_INCORRECT   (0x82U)
Examples
Sign.ino, and UsdcSigning.ino.

Definition at line 103 of file CW_Defs.h.

Referenced by loop(), setup(), and CryptnoxWallet::validateSignRequest().

◆ CW_SIGN_PINLESS

#define CW_SIGN_PINLESS   (true)

PIN-less path

Definition at line 93 of file CW_Defs.h.

◆ CW_SIGN_PINLESS_K1

#define CW_SIGN_PINLESS_K1   (0x03U)

PIN-less path (k1 only)

Definition at line 89 of file CW_Defs.h.

Referenced by CryptnoxWallet::validateSignRequest().

◆ CW_SIGN_SIG_ECDSA_EOSIO

#define CW_SIGN_SIG_ECDSA_EOSIO   (0x01U)

ECDSA EOSIO format

Definition at line 97 of file CW_Defs.h.

◆ CW_SIGN_SIG_ECDSA_LOW_S

#define CW_SIGN_SIG_ECDSA_LOW_S   (0x00U)

ECDSA with canonical low S

Examples
BasicUsage.ino, Sign.ino, and UsdcSigning.ino.

Definition at line 96 of file CW_Defs.h.

Referenced by CW_SignRequest::CW_SignRequest(), loop(), and setup().

◆ CW_SIGN_SIG_SCHNORR_BIP340

#define CW_SIGN_SIG_SCHNORR_BIP340   (0x02U)

Schnorr BIP340

Definition at line 98 of file CW_Defs.h.

◆ CW_SIGN_WITH_PIN

#define CW_SIGN_WITH_PIN   (false)

PIN path

Examples
BasicUsage.ino, Sign.ino, and UsdcSigning.ino.

Definition at line 92 of file CW_Defs.h.

Referenced by CW_SignRequest::CW_SignRequest(), loop(), and setup().

◆ CW_USER_DATA_PAGE_SIZE

#define CW_USER_DATA_PAGE_SIZE   (208U)

Max plaintext bytes per write user data page

Definition at line 112 of file CW_Defs.h.

Referenced by CryptnoxWallet::writeUserData().

◆ CW_VERIFY_CERT

#define CW_VERIFY_CERT   1

Certificate chain verification is always enabled (SEC-004 / H-07). Building with -DCW_VERIFY_CERT=0 is a hard error — it disables the card authenticity gate and allows any forged key to be accepted.

Definition at line 196 of file CW_Defs.h.