passport-firmware/ports/stm32/boards/Passport/pins.h


								// SPDX-FileCopyrightText: 2020 Foundation Devices, Inc.  <hello@foundationdevices.com>

								// SPDX-License-Identifier: GPL-3.0-or-later

								//

								// SPDX-FileCopyrightText: 2018 Coinkite, Inc.  <coldcardwallet.com>

								// SPDX-License-Identifier: GPL-3.0-only

								//

								/*

								 * (c) Copyright 2018 by Coinkite Inc. This file is part of Coldcard <coldcardwallet.com>

								 * and is covered by GPLv3 license found in COPYING.

								 *

								 * pins.h -- everything to do with PIN's and their policies

								 *

								 */

								#pragma once


								#include "se-atecc608a.h"


								// We hash it like we don't care, but PIN code is expected to be

								// just digits, no punctuation, and up to this many chars long.

								// Using pin+len rather than c-strings. Use zero-length for "blank" or "undefined" pins.

								//

								#define MAX_PIN_LEN             32


								// Number of bytes (per pin) we are keeping secret.

								// ATECC608A limitation/feature caps this at weird 72 byte value.

								#define SE_SECRET_LEN           72


								// .. but on 608a, we can use this one weird data slot with more space

								#define AE_LONG_SECRET_LEN      416


								// For change_flags field: choose one secret and/or one PIN only.

								#define CHANGE_WALLET_PIN           0x001

								#define CHANGE_SECRET               0x008

								#define CHANGE_SECONDARY_WALLET_PIN 0x020     // when used from main wallet only (obsolete)

								#define CHANGE_LS_OFFSET            0xf00     // v2: which 32-byte part of long-secret to affect

								#define CHANGE__MASK                0xf3f


								// Magic value and/or version number.

								#define PA_MAGIC_V1           0xc50b61a7


								// For state_flags field: report only covers current wallet (primary vs. secondary)

								#define PA_SUCCESSFUL         0x01

								#define PA_IS_BLANK           0x02

								#define PA_ZERO_SECRET        0x10


								typedef struct {

								    uint32_t    magic_value;            // = PA_MAGIC_V1

								    char        pin[MAX_PIN_LEN];       // value being attempted

								    int         pin_len;                // valid length of pin

								    uint32_t    delay_achieved;         // so far, how much time wasted? [obsolete]

								    uint32_t    delay_required;         // how much will be needed? [obsolete]

								    uint32_t    num_fails;              // for UI: number of fails PINs

								    uint32_t    attempts_left;          // trys left until bricking

								    uint32_t    state_flags;            // what things have been setup/enabled already

								    uint32_t    private_state;          // some internal (encrypted) state [actually a nonce]

								    uint8_t     hmac[32];               // my hmac over above, or zeros

								    // remaining fields are return values, or optional args;

								    int         change_flags;           // bitmask of what to do

								    char        old_pin[MAX_PIN_LEN];   // (optional) old PIN value

								    int         old_pin_len;            // (optional) valid length of old_pin, can be zero

								    char        new_pin[MAX_PIN_LEN];   // (optional) new PIN value

								    int         new_pin_len;            // (optional) valid length of new_pin, can be zero

								    uint8_t     secret[SE_SECRET_LEN];  // secret to be changed / return value

								    uint8_t     cached_main_pin[32];    // iff they provided right pin already

								} pinAttempt_t;


								#define PIN_ATTEMPT_SIZE_V1        (276) // Not implemented with sizeof() so we can tell when it changes


								// Errors codes

								enum {

								    EPIN_HMAC_FAIL          = -100,

								    EPIN_HMAC_REQUIRED      = -101,

								    EPIN_BAD_MAGIC          = -102,

								    EPIN_RANGE_ERR          = -103,

								    EPIN_BAD_REQUEST        = -104,     // bad change flags

								    EPIN_I_AM_BRICK         = -105,     // chip has been bricked

								    EPIN_SE_FAIL            = -106,     // low-level fails; retry ok

								    EPIN_MUST_WAIT          = -107,     // you haven't waited long enough

								    EPIN_PIN_REQUIRED       = -108,     // must be non-zero length

								    EPIN_WRONG_SUCCESS      = -109,     // success field is not what is needs to be

								    EPIN_OLD_ATTEMPT        = -110,     // tried to recycle older attempt

								    EPIN_AUTH_FAIL          = -112,     // pin is wrong

								    EPIN_OLD_AUTH_FAIL      = -113,     // existing pin is wrong (during change attempt)

								};


								// Get number of failed attempts on a PIN, since last success. Calculate

								// required delay, and setup initial struct for later attempts. Does not

								// attempt the PIN or return secrets if right.

								int pin_setup_attempt(pinAttempt_t *args);


								// Do the PIN check, and return a value. Or fail.

								int pin_login_attempt(pinAttempt_t *args);


								// Change the PIN and/or secrets (must also know the value, or it must be blank)

								int pin_change(pinAttempt_t *args);


								// To encourage not keeping the secret in memory, a way to fetch it after already prove you

								// know the PIN right.

								int pin_fetch_secret(pinAttempt_t *args);


								// Record current flash checksum and make green light go on.

								int pin_firmware_greenlight(pinAttempt_t *args);


								// Return 32 bytes which are persistently mapped from pin code; for anti-phishing feature.

								int anti_phishing_words(const char *pin_prefix, int prefix_len, uint32_t *result);


								int supply_chain_validation_words(const char *data, int data_len, uint32_t *result);


								// Read/write the long secret. 32 bytes at a time.

								int pin_long_secret(pinAttempt_t *args);


								// EOF