/** * @defgroup MC_DATA_TYPES MobiCore generic data types * * @addtogroup MC_SO mcSo - Secure objects definitions. * * @ingroup MC_DATA_TYPES * @{ * */ #ifndef MC_SO_H_ #define MC_SO_H_ #include "mcUuid.h" #include "mcSpid.h" #define SO_VERSION_MAJOR 2 #define SO_VERSION_MINOR 0 #define MC_ENUM_32BIT_SPACER ((int32_t)-1) /** Secure object type. */ typedef enum { /** Regular secure object. */ MC_SO_TYPE_REGULAR = 0x00000001, /** Dummy to ensure that enum is 32 bit wide. */ MC_SO_TYPE_DUMMY = MC_ENUM_32BIT_SPACER, } mcSoType_t; /** Secure object context. * A context defines which key to use to encrypt/decrypt a secure object. */ typedef enum { /** Trustlet context. */ MC_SO_CONTEXT_TLT = 0x00000001, /** Service provider context. */ MC_SO_CONTEXT_SP = 0x00000002, /** Device context. */ MC_SO_CONTEXT_DEVICE = 0x00000003, /** Dummy to ensure that enum is 32 bit wide. */ MC_SO_CONTEXT_DUMMY = MC_ENUM_32BIT_SPACER, } mcSoContext_t; /** Secure object lifetime. * A lifetime defines how long a secure object is valid. */ typedef enum { /** SO does not expire. */ MC_SO_LIFETIME_PERMANENT = 0x00000000, /** SO expires on reboot (coldboot). */ MC_SO_LIFETIME_POWERCYCLE = 0x00000001, /** SO expires when Trustlet is closed. */ MC_SO_LIFETIME_SESSION = 0x00000002, /** Dummy to ensure that enum is 32 bit wide. */ MC_SO_LIFETIME_DUMMY = MC_ENUM_32BIT_SPACER, } mcSoLifeTime_t; /** Service provider Trustlet id. * The combination of service provider id and Trustlet UUID forms a unique * Trustlet identifier. */ typedef struct { /** Service provider id. */ mcSpid_t spid; /** Trustlet UUID. */ mcUuid_t uuid; } tlApiSpTrustletId_t; /** Secure object header. * A secure object header introduces a secure object. * Layout of a secure object: *
*
*
* +--------+------------------+------------------+--------+---------+
* | Header | plain-data | encrypted-data | hash | padding |
* +--------+------------------+------------------+--------+---------+
*
* /--------/---- plainLen ----/-- encryptedLen --/-- 32 --/- 1..16 -/
*
* /----------------- toBeHashedLen --------------/
*
* /---------- toBeEncryptedLen ---------/
*
* /--------------------------- totalSoSize -------------------------/
*
*
*
*/
typedef struct {
/** Type of secure object. */
uint32_t type;
/** Secure object version. */
uint32_t version;
/** Secure object context. */
mcSoContext_t context;
/** Secure object lifetime. */
mcSoLifeTime_t lifetime;
/** Producer Trustlet id. */
tlApiSpTrustletId_t producer;
/** Length of unencrypted user data (after the header). */
uint32_t plainLen;
/** Length of encrypted user data (after unencrypted data, excl. checksum
* and excl. padding bytes). */
uint32_t encryptedLen;
} mcSoHeader_t;
#endif // MC_SO_H_
/** Maximum size of the payload (plain length + encrypted length) of a secure object. */
#define MC_SO_PAYLOAD_MAX_SIZE 1000000
/** Block size of encryption algorithm used for secure objects. */
#define MC_SO_ENCRYPT_BLOCK_SIZE 16
/** Maximum number of ISO padding bytes. */
#define MC_SO_MAX_PADDING_SIZE (MC_SO_ENCRYPT_BLOCK_SIZE)
/** Size of hash used for secure objects. */
#define MC_SO_HASH_SIZE 32
/** Calculates gross size of cryptogram within secure object including ISO padding bytes. */
#define MC_SO_ENCRYPT_PADDED_SIZE(netsize) ( (netsize) + \
MC_SO_MAX_PADDING_SIZE - (netsize) % MC_SO_MAX_PADDING_SIZE )
/** Calculates the total size of a secure object.
* @param plainLen Length of plain text part within secure object.
* @param encryptedLen Length of encrypted part within secure object (excl.
* hash, padding).
* @return Total (gross) size of the secure object or 0 if given parameters are
* illegal or would lead to a secure object of invalid size.
*/
#define MC_SO_SIZE(plainLen, encryptedLen) ( \
((plainLen) + (encryptedLen) < (encryptedLen) || (plainLen) + (encryptedLen) > MC_SO_PAYLOAD_MAX_SIZE) ? 0 : \
sizeof(mcSoHeader_t) + (plainLen) + MC_SO_ENCRYPT_PADDED_SIZE((encryptedLen) + MC_SO_HASH_SIZE) \
)
/** @} */