cryptnox-sdk-arduino 1.0.0
Arduino library for Cryptnox Hardware Wallet
Loading...
Searching...
No Matches
CW_Defs.h
Go to the documentation of this file.
1/*
2 * SPDX-License-Identifier: LGPL-3.0-or-later
3 * Copyright (c) 2026 Cryptnox SA
4 */
5
20
21#ifndef CW_DEFS_H
22#define CW_DEFS_H
23
24/******************************************************************
25 * 0. Doxygen module groups (used by @ingroup throughout the SDK)
26 ******************************************************************/
27
35
44
53
62
63/******************************************************************
64 * 1. Included files
65 ******************************************************************/
66
67#include "platform_compat.h"
68#include "CW_Utils.h"
69
70/******************************************************************
71 * 2. Constants / define declarations
72 ******************************************************************/
73
74/* Session key sizes */
75#define CW_AESKEY_SIZE (32U)
76#define CW_MACKEY_SIZE (32U)
77#define CW_IV_SIZE (16U)
78
79/* Generic error codes */
80#define CW_OK (0x00U)
81#define CW_NOK (0x01U)
82#define CW_INVALID_SESSION (0x02U)
83
84/* Key / path types for SIGN command (keyType) */
85#define CW_SIGN_CURR_K1 (0x00U)
86#define CW_SIGN_CURR_R1 (0x10U)
87#define CW_SIGN_DERIVE_K1 (0x01U)
88#define CW_SIGN_DERIVE_R1 (0x11U)
89#define CW_SIGN_PINLESS_K1 (0x03U)
90
91/* PIN mode for SIGN command */
92#define CW_SIGN_WITH_PIN (false)
93#define CW_SIGN_PINLESS (true)
94
95/* Signature types for SIGN command */
96#define CW_SIGN_SIG_ECDSA_LOW_S (0x00U)
97#define CW_SIGN_SIG_ECDSA_EOSIO (0x01U)
98#define CW_SIGN_SIG_SCHNORR_BIP340 (0x02U)
99
100/* SIGN-specific error codes */
101#define CW_SIGN_KEY_TOO_SHORT (0x80U)
102#define CW_SIGN_NO_KEY_LOADED (0x81U)
103#define CW_SIGN_PIN_INCORRECT (0x82U)
104#define CW_SIGN_KEY_TOO_SHORT_WITH_PINLESS_MODE (0x83U)
105
106/* Size constants */
107#define CW_RAW_SIGNATURE_SIZE (64U)
108#define CW_HASH_SIZE (32U)
109#define CW_MAX_DERIVE_PATH_LENGTH (20U)
110#define CW_MIN_PIN_LENGTH (4U)
111#define CW_MAX_PIN_LENGTH (9U)
112#define CW_USER_DATA_PAGE_SIZE (208U)
113#define CW_CONNECT_MAX_ATTEMPTS (5U)
114
115/* Byte offsets within a raw 64-byte signature (r[32] || s[32]) */
116#define CW_SIG_R_OFFSET (0U)
117#define CW_SIG_S_OFFSET (32U)
118
119/* DER encoding tags (ASN.1) */
120#define CW_DER_TAG_SEQUENCE (0x30U)
121#define CW_DER_TAG_INTEGER (0x02U)
122
123/* Certificate verification constants */
124#define CW_CERT_NONCE_SIZE (8U)
125
126/* Certificate verification result codes */
127#define CW_CERT_OK (0x00U)
128#define CW_CERT_FORMAT_ERROR (0x10U)
129#define CW_CERT_NONCE_MISMATCH (0x11U)
130#define CW_CERT_CARD_SIG_INVALID (0x12U)
131#define CW_CERT_MANUF_SIG_INVALID (0x13U)
132#define CW_CERT_KEY_NOT_FOUND (0x14U)
133
134/* Manufacturer certificate maximum buffer size (bytes).
135 * Actual Cryptnox Basic G1 manufacturer certificate is 411 bytes (0x019B). */
136#define CW_MANUF_CERT_MAX_BYTES (420U)
137
138/******************************************************************
139 * 3. CW_Curve enum
140 ******************************************************************/
141
155
156/******************************************************************
157 * 4. CW_SecureSession struct
158 ******************************************************************/
159
168struct CW_SecureSession {
169 uint8_t aesKey[CW_AESKEY_SIZE];
170 uint8_t macKey[CW_MACKEY_SIZE];
171 uint8_t iv[CW_IV_SIZE];
172
174 CW_SecureSession() {
175 memset(aesKey, 0U, sizeof(aesKey));
176 memset(macKey, 0U, sizeof(macKey));
177 memset(iv, 0U, sizeof(iv));
178 }
179
181 void clear() {
182 CW_Utils::secure_wipe(aesKey, sizeof(aesKey));
183 CW_Utils::secure_wipe(macKey, sizeof(macKey));
184 CW_Utils::secure_wipe(iv, sizeof(iv));
185 }
186};
187
188/******************************************************************
189 * 5. Compile-time feature flags
190 ******************************************************************/
191
195#ifndef CW_VERIFY_CERT
196#define CW_VERIFY_CERT 1
197#endif
198#if CW_VERIFY_CERT == 0
199# error "CW_VERIFY_CERT=0 disables certificate chain verification (CRIT-02/H-07). " \
200 "Remove -DCW_VERIFY_CERT=0 from your build flags — this gate must never be disabled."
201#endif
202
214#ifndef CW_DEBUG_LOGGING
215# define CW_DEBUG_LOGGING 0
216#endif
217
218#if CW_DEBUG_LOGGING && defined(NDEBUG)
219# error "CW_DEBUG_LOGGING=1 is set but NDEBUG is defined (release/optimised build). " \
220 "Debug logging must not ship in production firmware — it leaks session state " \
221 "over UART. Remove -DCW_DEBUG_LOGGING=1 from your release build flags (SEC-012)."
222#endif
223
224#endif // CW_DEFS_H
CW_IV_SIZE
#define CW_IV_SIZE
Definition CW_Defs.h:77
CW_MACKEY_SIZE
#define CW_MACKEY_SIZE
Definition CW_Defs.h:76
CW_AESKEY_SIZE
#define CW_AESKEY_SIZE
Definition CW_Defs.h:75
CW_CURVE_SECP256K1
@ CW_CURVE_SECP256K1
Definition CW_Defs.h:153
CW_CURVE_SECP256R1
@ CW_CURVE_SECP256R1
Definition CW_Defs.h:152
CW_Utils.h
Platform-independent security and memory utilities.
CW_Utils::secure_wipe
static void secure_wipe(uint8_t *buf, size_t len)
Securely zero a buffer, guaranteed not to be optimised away.
Definition CW_Utils.cpp:37
CW_Curve
CW_Curve
Portable curve identifier used throughout the SDK.
Definition CW_Defs.h:151
platform_compat.h
Arduino compatibility shims for non-Arduino (plain C++) builds.
CW_SecureSession::macKey
uint8_t macKey[CW_MACKEY_SIZE]
Definition CW_Defs.h:170
CW_SecureSession::clear
void clear()
Securely clear all session keys and IV.
Definition CW_Defs.h:181
CW_SecureSession::CW_SecureSession
CW_SecureSession()
Zero-initialise all session keys and IV.
Definition CW_Defs.h:174
CW_SecureSession::aesKey
uint8_t aesKey[CW_AESKEY_SIZE]
Definition CW_Defs.h:169
CW_SecureSession::iv
uint8_t iv[CW_IV_SIZE]
Definition CW_Defs.h:171