23#ifndef CRYPTNOXWALLET_H
24#define CRYPTNOXWALLET_H
42#define CW_CARD_NAME_MAX_LEN (20U)
45#define CW_CARD_EMAIL_MAX_LEN (60U)
99 memset(
pin, 0U,
sizeof(
pin));
310 const uint8_t* data, uint16_t dataLength);
324 uint8_t* r, uint8_t& rLength,
325 uint8_t* s, uint8_t& sLength);
339 uint8_t* derResponse, uint16_t& derLength,
CW_SignResult& result);
Shared constants, error codes, and session state for the SDK.
#define CW_RAW_SIGNATURE_SIZE
#define CW_SIGN_SIG_ECDSA_LOW_S
#define CW_MAX_PIN_LENGTH
Abstract logging interface.
Cryptnox secure channel protocol over NFC.
Platform-independent security and memory utilities.
Abstract interface for cryptographic operations used by CW_SecureChannel.
Abstract interface for serial/debug output.
Abstract interface for NFC transport operations.
Implements the Cryptnox secure channel protocol over NFC.
static void secure_wipe(uint8_t *buf, size_t len)
Securely zero a buffer, guaranteed not to be optimised away.
static bool parseDerSignature(const uint8_t *der, uint8_t derLength, uint8_t *r, uint8_t &rLength, uint8_t *s, uint8_t &sLength)
Parse a DER-encoded ECDSA signature to extract raw r and s values.
CW_Platform & _platform
Platform abstraction (sleep_ms).
bool isSecureChannelOpen(const CW_SecureSession &session) const
void debugPrintSignature(const uint8_t *signature)
CW_SecureChannel _secure
Owned secure channel.
CryptnoxWallet(CW_NfcTransport &driver, CW_Logger &logger, CW_CryptoProvider &crypto, CW_Platform &platform)
Construct a CryptnoxWallet.
CryptnoxWallet(const CryptnoxWallet &)=delete
bool writeUserData(CW_SecureSession &session, uint8_t slot, const uint8_t *data, uint16_t dataLength)
Write data to a user memory slot, paginating in CW_USER_DATA_PAGE_SIZE chunks.
CW_Logger & _logger
Logging interface.
CW_SignResult sign(CW_SignRequest &request)
Sign a 32-byte digest using a card-resident key.
CryptnoxWallet & operator=(const CryptnoxWallet &)=delete
void disconnect(CW_SecureSession &session)
Disconnect and securely clear the session.
bool extractRawSignature(const uint8_t *derResponse, uint16_t derLength, CW_SignResult &result)
bool getCardInfo(CW_SecureSession &session, CW_CardInfo *info=NULL)
Send a secured GET CARD INFO APDU (0x80FA0000) and optionally decode the owner name/email from the re...
bool establishSecureChannel(CW_SecureSession &session)
Establish a secure channel (SELECT → certificate → ECDH → mutual auth).
bool connect(CW_SecureSession &session)
Connect to the Cryptnox card and establish a secure channel.
bool printPN532FirmwareVersion()
bool validateSignRequest(const CW_SignRequest &request, CW_SignResult &result)
bool begin()
Initialize the NFC module via the underlying transport driver.
bool sendSignApdu(CW_SignRequest &request, const uint8_t *data, uint16_t dataLength, uint8_t *derResponse, uint16_t &derLength, CW_SignResult &result)
bool verifyPin(CW_SecureSession &session, const uint8_t *pin, uint8_t pinLength)
Verify the PIN code on the card.
void buildSignPayload(const CW_SignRequest &request, uint8_t *data, uint16_t &dataLength)
#define CW_CARD_EMAIL_MAX_LEN
Max email length stored on a Cryptnox card (per card spec).
#define CW_CARD_NAME_MAX_LEN
Max name length stored on a Cryptnox card (per card spec).
Subset of the Cryptnox card info returned by APDU 0x80FA0000.
char name[CW_CARD_NAME_MAX_LEN+1U]
char email[CW_CARD_EMAIL_MAX_LEN+1U]
Holds cryptographic session state for reentrant secure channel operations.
Request parameters for CryptnoxWallet::sign.
CW_SignRequest(CW_SecureSession &sess, uint8_t kType=CW_SIGN_CURR_K1, uint8_t sigType=CW_SIGN_SIG_ECDSA_LOW_S, bool pinless=CW_SIGN_WITH_PIN)
Construct a sign request with sensible defaults.
CW_SecureSession & session
~CW_SignRequest()
Securely wipes the PIN buffer.
const uint8_t * derivePath
uint8_t pin[CW_MAX_PIN_LENGTH]
Result of CryptnoxWallet::sign.
CW_SignResult()
Construct a default-failure result.
uint8_t signature[CW_RAW_SIGNATURE_SIZE]
1.15.0