1 /* 2 * COPYRIGHT (c) International Business Machines Corp. 2016-2017 3 * 4 * This program is provided under the terms of the Common Public License, 5 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this 6 * software constitutes recipient's acceptance of CPL-1.0 terms which can be 7 * found in the file LICENSE file or at 8 * https://opensource.org/licenses/cpl1.0.php 9 */ 10 11 typedef CK_RV (*m_GenerateRandom_t) (CK_BYTE_PTR rnd, CK_ULONG len, 12 uint64_t target); 13 typedef CK_RV (*m_SeedRandom_t) (CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen, 14 uint64_t target); 15 typedef CK_RV (*m_Digest_t) (const unsigned char *state, size_t slen, 16 CK_BYTE_PTR data, CK_ULONG len, 17 CK_BYTE_PTR digest, CK_ULONG_PTR dglen, 18 uint64_t target); 19 typedef CK_RV (*m_DigestInit_t) (unsigned char *state, size_t * len, 20 const CK_MECHANISM_PTR pmech, 21 uint64_t target); 22 typedef CK_RV (*m_DigestUpdate_t) (unsigned char *state, size_t slen, 23 CK_BYTE_PTR data, CK_ULONG dlen, 24 uint64_t target); 25 typedef CK_RV (*m_DigestKey_t) (unsigned char *state, size_t slen, 26 const unsigned char *key, size_t klen, 27 uint64_t target); 28 typedef CK_RV (*m_DigestFinal_t) (const unsigned char *state, 29 size_t slen, CK_BYTE_PTR digest, 30 CK_ULONG_PTR dlen, uint64_t target); 31 typedef CK_RV (*m_DigestSingle_t) (CK_MECHANISM_PTR pmech, 32 CK_BYTE_PTR data, CK_ULONG len, 33 CK_BYTE_PTR digest, CK_ULONG_PTR dlen, 34 uint64_t target); 35 typedef CK_RV (*m_EncryptInit_t) (unsigned char *state, size_t * slen, 36 CK_MECHANISM_PTR pmech, 37 const unsigned char *key, size_t klen, 38 uint64_t target); 39 typedef CK_RV (*m_DecryptInit_t) (unsigned char *state, size_t * slen, 40 CK_MECHANISM_PTR pmech, 41 const unsigned char *key, size_t klen, 42 uint64_t target); 43 typedef CK_RV (*m_EncryptUpdate_t) (unsigned char *state, size_t slen, 44 CK_BYTE_PTR plain, CK_ULONG plen, 45 CK_BYTE_PTR cipher, 46 CK_ULONG_PTR clen, uint64_t target); 47 typedef CK_RV (*m_DecryptUpdate_t) (unsigned char *state, size_t slen, 48 CK_BYTE_PTR cipher, CK_ULONG clen, 49 CK_BYTE_PTR plain, CK_ULONG_PTR plen, 50 uint64_t target); 51 typedef CK_RV (*m_Encrypt_t) (const unsigned char *state, size_t slen, 52 CK_BYTE_PTR plain, CK_ULONG plen, 53 CK_BYTE_PTR cipher, CK_ULONG_PTR clen, 54 uint64_t target); 55 typedef CK_RV (*m_Decrypt_t) (const unsigned char *state, size_t slen, 56 CK_BYTE_PTR cipher, CK_ULONG clen, 57 CK_BYTE_PTR plain, CK_ULONG_PTR plen, 58 uint64_t target); 59 typedef CK_RV (*m_EncryptFinal_t) (const unsigned char *state, 60 size_t slen, CK_BYTE_PTR output, 61 CK_ULONG_PTR len, uint64_t target); 62 typedef CK_RV (*m_DecryptFinal_t) (const unsigned char *state, 63 size_t slen, CK_BYTE_PTR output, 64 CK_ULONG_PTR len, uint64_t target); 65 typedef CK_RV (*m_EncryptSingle_t) (const unsigned char *key, 66 size_t klen, CK_MECHANISM_PTR mech, 67 CK_BYTE_PTR plain, CK_ULONG plen, 68 CK_BYTE_PTR cipher, 69 CK_ULONG_PTR clen, uint64_t target); 70 typedef CK_RV (*m_DecryptSingle_t) (const unsigned char *key, 71 size_t klen, CK_MECHANISM_PTR mech, 72 CK_BYTE_PTR cipher, CK_ULONG clen, 73 CK_BYTE_PTR plain, CK_ULONG_PTR plen, 74 uint64_t target); 75 typedef CK_RV (*m_ReencryptSingle_t) (const unsigned char *dkey, 76 size_t dklen, 77 const unsigned char *ekey, 78 size_t eklen, 79 CK_MECHANISM_PTR pdecrmech, 80 CK_MECHANISM_PTR pencrmech, 81 CK_BYTE_PTR in, CK_ULONG ilen, 82 CK_BYTE_PTR out, CK_ULONG_PTR olen, 83 uint64_t target); 84 typedef CK_RV (*m_GenerateKey_t) (CK_MECHANISM_PTR pmech, 85 CK_ATTRIBUTE_PTR ptempl, 86 CK_ULONG templcount, 87 const unsigned char *pin, 88 size_t pinlen, unsigned char *key, 89 size_t * klen, unsigned char *csum, 90 size_t * clen, uint64_t target); 91 typedef CK_RV (*m_GenerateKeyPair_t) (CK_MECHANISM_PTR pmech, 92 CK_ATTRIBUTE_PTR ppublic, 93 CK_ULONG pubattrs, 94 CK_ATTRIBUTE_PTR pprivate, 95 CK_ULONG prvattrs, 96 const unsigned char *pin, 97 size_t pinlen, unsigned char *key, 98 size_t * klen, 99 unsigned char *pubkey, 100 size_t * pklen, uint64_t target); 101 typedef CK_RV (*m_SignInit_t) (unsigned char *state, size_t * slen, 102 CK_MECHANISM_PTR alg, 103 const unsigned char *key, size_t klen, 104 uint64_t target); 105 typedef CK_RV (*m_VerifyInit_t) (unsigned char *state, size_t * slen, 106 CK_MECHANISM_PTR alg, 107 const unsigned char *key, size_t klen, 108 uint64_t target); 109 typedef CK_RV (*m_SignUpdate_t) (unsigned char *state, size_t slen, 110 CK_BYTE_PTR data, CK_ULONG dlen, 111 uint64_t target); 112 typedef CK_RV (*m_VerifyUpdate_t) (unsigned char *state, size_t slen, 113 CK_BYTE_PTR data, CK_ULONG dlen, 114 uint64_t target); 115 typedef CK_RV (*m_SignFinal_t) (const unsigned char *state, size_t stlen, 116 CK_BYTE_PTR sig, CK_ULONG_PTR siglen, 117 uint64_t target); 118 typedef CK_RV (*m_VerifyFinal_t) (const unsigned char *state, 119 size_t stlen, CK_BYTE_PTR sig, 120 CK_ULONG siglen, uint64_t target); 121 typedef CK_RV (*m_Sign_t) (const unsigned char *state, size_t stlen, 122 CK_BYTE_PTR data, CK_ULONG dlen, 123 CK_BYTE_PTR sig, CK_ULONG_PTR siglen, 124 uint64_t target); 125 typedef CK_RV (*m_Verify_t) (const unsigned char *state, size_t stlen, 126 CK_BYTE_PTR data, CK_ULONG dlen, 127 CK_BYTE_PTR sig, CK_ULONG siglen, 128 uint64_t target); 129 typedef CK_RV (*m_SignSingle_t) (const unsigned char *key, size_t klen, 130 CK_MECHANISM_PTR pmech, 131 CK_BYTE_PTR data, CK_ULONG dlen, 132 CK_BYTE_PTR sig, CK_ULONG_PTR slen, 133 uint64_t target); 134 typedef CK_RV (*m_VerifySingle_t) (const unsigned char *key, size_t klen, 135 CK_MECHANISM_PTR pmech, 136 CK_BYTE_PTR data, CK_ULONG dlen, 137 CK_BYTE_PTR sig, CK_ULONG slen, 138 uint64_t target); 139 140 /* mackey is NULL for PKCS#11 formats, not for authenticated ones */ 141 typedef CK_RV (*m_WrapKey_t) (const unsigned char *key, size_t keylen, 142 const unsigned char *kek, size_t keklen, 143 const unsigned char *mackey, size_t mklen, 144 const CK_MECHANISM_PTR pmech, 145 CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen, 146 uint64_t target); 147 /**/ 148 /* mackey is NULL for PKCS#11 formats, not for authenticated ones */ 149 typedef CK_RV (*m_UnwrapKey_t) (const CK_BYTE_PTR wrapped, CK_ULONG wlen, 150 const unsigned char *kek, size_t keklen, 151 const unsigned char *mackey, 152 size_t mklen, const unsigned char *pin, 153 size_t pinlen, 154 const CK_MECHANISM_PTR uwmech, 155 const CK_ATTRIBUTE_PTR ptempl, 156 CK_ULONG pcount, 157 unsigned char *unwrapped, size_t * uwlen, 158 CK_BYTE_PTR csum, CK_ULONG * cslen, 159 uint64_t target); 160 161 typedef CK_RV (*m_DeriveKey_t) (CK_MECHANISM_PTR pderivemech, 162 CK_ATTRIBUTE_PTR ptempl, 163 CK_ULONG templcount, 164 const unsigned char *basekey, 165 size_t bklen, 166 const unsigned char *data, size_t dlen, 167 const unsigned char *pin, size_t pinlen, 168 unsigned char *newkey, size_t * nklen, 169 unsigned char *csum, size_t * cslen, 170 uint64_t target); 171 172 typedef CK_RV (*m_GetMechanismList_t) (CK_SLOT_ID slot, 173 CK_MECHANISM_TYPE_PTR mechs, 174 CK_ULONG_PTR count, 175 uint64_t target); 176 typedef CK_RV (*m_GetMechanismInfo_t) (CK_SLOT_ID slot, 177 CK_MECHANISM_TYPE mech, 178 CK_MECHANISM_INFO_PTR pmechinfo, 179 uint64_t target); 180 typedef CK_RV (*m_GetAttributeValue_t) (const unsigned char *obj, 181 size_t olen, 182 CK_ATTRIBUTE_PTR pTemplate, 183 CK_ULONG ulCount, 184 uint64_t target); 185 typedef CK_RV (*m_SetAttributeValue_t) (unsigned char *obj, size_t olen, 186 CK_ATTRIBUTE_PTR pTemplate, 187 CK_ULONG ulCount, 188 uint64_t target); 189 typedef CK_RV (*m_Login_t) (CK_UTF8CHAR_PTR pin, CK_ULONG pinlen, 190 const unsigned char *nonce, size_t nlen, 191 unsigned char *pinblob, size_t * pinbloblen, 192 uint64_t target); 193 typedef CK_RV (*m_Logout_t) (const unsigned char *pin, size_t len, 194 uint64_t target); 195 typedef CK_RV (*m_admin_t) (unsigned char *response1, size_t * r1len, 196 unsigned char *response2, size_t * r2len, 197 const unsigned char *cmd, size_t clen, 198 const unsigned char *sigs, size_t slen, 199 uint64_t target); 200 typedef int (*m_add_backend_t) (const char *name, unsigned int port); 201 typedef int (*m_init_t) (void); 202 typedef int (*m_shutdown_t) (void); 203 204 #ifndef XCP_SERIALNR_CHARS 205 #define XCP_SERIALNR_CHARS 8 206 #endif 207 #ifndef XCP_ADMCTR_BYTES 208 #define XCP_ADMCTR_BYTES ((size_t) (128/8)) 209 #endif 210 #ifndef XCP_ADM_QUERY 211 #define XCP_ADM_QUERY 0x10000 212 #endif 213 #ifndef XCP_ADMQ_DOM_CTRLPOINTS 214 #define XCP_ADMQ_DOM_CTRLPOINTS 6 | XCP_ADM_QUERY // domain CP 215 #endif 216 217 #ifndef __xcpadm_h__ 218 typedef struct XCPadmresp { 219 uint32_t fn; 220 uint32_t domain; 221 uint32_t domainInst; 222 223 /* module ID || module instance */ 224 unsigned char module[XCP_SERIALNR_CHARS + XCP_SERIALNR_CHARS]; 225 unsigned char modNr[XCP_SERIALNR_CHARS]; 226 unsigned char modInst[XCP_SERIALNR_CHARS]; 227 228 unsigned char tctr[XCP_ADMCTR_BYTES]; /* transaction counter */ 229 230 CK_RV rv; 231 uint32_t reason; 232 233 // points to original response; NULL if no payload 234 // make sure it's copied if used after releasing response block 235 // 236 const unsigned char *payload; 237 size_t pllen; 238 } *XCPadmresp_t; 239 #endif 240 241 #ifndef XCP_CPB_ADD_CPBS 242 #define XCP_CPB_ADD_CPBS 0 // allow addition (activation) of CP bits 243 #define XCP_CPB_DELETE_CPBS 1 // allow removal (deactivation) of CP bits 244 // remove both ADD_CPBs and DELETE_CPBs 245 // to make unit read-only 246 #define XCP_CPB_SIGN_ASYMM 2 // sign with private keys 247 #define XCP_CPB_SIGN_SYMM 3 // sign with HMAC or CMAC 248 #define XCP_CPB_SIGVERIFY_SYMM 4 // verify with HMAC or CMAC 249 #define XCP_CPB_ENCRYPT_SYMM 5 // encrypt with symmetric keys 250 // No asymmetric counterpart: one 251 // may not restrict use of public keys 252 #define XCP_CPB_DECRYPT_ASYMM 6 // decrypt with private keys 253 #define XCP_CPB_DECRYPT_SYMM 7 // decrypt with symmetric keys 254 #define XCP_CPB_WRAP_ASYMM 8 // key export with public keys 255 #define XCP_CPB_WRAP_SYMM 9 // key export with symmetric keys 256 #define XCP_CPB_UNWRAP_ASYMM 10 // key import with private keys 257 #define XCP_CPB_UNWRAP_SYMM 11 // key import with symmetric keys 258 #define XCP_CPB_KEYGEN_ASYMM 12 // generate asymmetric keypairs 259 #define XCP_CPB_KEYGEN_SYMM 13 // generate or derive symmetric keys 260 // including DSA parameters 261 #define XCP_CPB_RETAINKEYS 14 // allow backend to save semi/retained 262 // keys 263 #define XCP_CPB_SKIP_KEYTESTS 15 // disable selftests on new asymmetric 264 // keys 265 #define XCP_CPB_NON_ATTRBOUND 16 // allow keywrap without attribute-binding 266 #define XCP_CPB_MODIFY_OBJECTS 17 // allow changes to objects 267 // (Booleans only) 268 #define XCP_CPB_RNG_SEED 18 // allow mixing external seed to RNG 269 #define XCP_CPB_ALG_RAW_RSA 19 // allow RSA private-key use without 270 // padding (highly discouraged) 271 #define XCP_CPB_ALG_NFIPS2009 20 // allow non-FIPS-approved algs 272 // (as of 2009) 273 // including non-FIPS keysizes 274 #define XCP_CPB_ALG_NBSI2009 21 // allow non-BSI algorithms (as of 2009) 275 // including non-FIPS keysizes 276 #define XCP_CPB_KEYSZ_HMAC_ANY 22 // don't enforce minimum keysize on HMAC 277 #define XCP_CPB_KEYSZ_BELOW80BIT 23 // allow algorithms below 80-bit strength 278 // public-key operations are still allowed 279 #define XCP_CPB_KEYSZ_80BIT 24 // allow 80 to 111-bit algorithms 280 #define XCP_CPB_KEYSZ_112BIT 25 // allow 112 to 127-bit algorithms 281 #define XCP_CPB_KEYSZ_128BIT 26 // allow 128 to 191-bit algorithms 282 #define XCP_CPB_KEYSZ_192BIT 27 // allow 192 to 255-bit algorithms 283 #define XCP_CPB_KEYSZ_256BIT 28 // allow 256-bit algorithms 284 #define XCP_CPB_KEYSZ_RSA65536 29 // allow RSA public exponents below 285 // 0x10001 286 #define XCP_CPB_ALG_RSA 30 // RSA private-key or key-encrypt use 287 #define XCP_CPB_ALG_DSA 31 // DSA private-key use 288 #define XCP_CPB_ALG_EC 32 // EC private-key use, see also 289 // curve restrictions 290 #define XCP_CPB_ALG_EC_BPOOLCRV 33 // Brainpool (E.U.) EC curves 291 #define XCP_CPB_ALG_EC_NISTCRV 34 // NIST/SECG EC curves 292 #define XCP_CPB_ALG_NFIPS2011 35 // allow non-FIPS-approved algs 293 // (as of 2011) 294 // including non-FIPS keysizes 295 #define XCP_CPB_ALG_NBSI2011 36 // allow non-BSI algorithms (as of 2011) 296 // including non-BSI keysizes 297 #define XCP_CPB_USER_SET_TRUSTED 37 // allow non-admins to set TRUSTED on a 298 // blob/SPKI 299 #define XCP_CPB_ALG_SKIP_CROSSCHK 38 // do not double-check sign/decrypt ops 300 #define XCP_CPB_WRAP_CRYPT_KEYS 39 // allow keys which can en/decrypt data 301 // and also un/wrap other keys 302 #define XCP_CPB_SIGN_CRYPT_KEYS 40 // allow keys which can en/decrypt data 303 // and also sign/verify 304 #define XCP_CPB_WRAP_SIGN_KEYS 41 // allow keys which can un/wrap data 305 // and also sign/verify 306 #define XCP_CPB_USER_SET_ATTRBOUND 42 // allow non-administrators to 307 // Wire format 69/82 308 // mark public key objects ATTRBOUND 309 #define XCP_CPB_ALLOW_PASSPHRASE 43 // allow host to pass passprases, such as 310 // PKCS12 data, in the clear 311 #define XCP_CPB_WRAP_STRONGER_KEY 44 // allow wrapping of stronger keys 312 // by weaker keys 313 #define XCP_CPB_WRAP_WITH_RAW_SPKI 45 // allow wrapping with SPKIs without 314 // MAC and attributes 315 #define XCP_CPB_ALG_DH 46 // Diffie-Hellman use (private keys) 316 #define XCP_CPB_DERIVE 47 // allow key derivation (symmetric+EC/DH) 317 #define XCP_CPB_ALG_NBSI2017 61 // allow non-BSI algorithms (as of 2017) 318 // including non-BSI keysizes 319 320 #define XCP_CPBITS_MAX XCP_CPB_ALG_NBSI2017 // marks last used CPB 321 322 #define XCP_CPBLOCK_BITS 128 // handle CPs in this granularity 323 #define XCP_CPCOUNT \ 324 (((XCP_CPBITS_MAX + XCP_CPBLOCK_BITS-1) / XCP_CPBLOCK_BITS) * \ 325 XCP_CPBLOCK_BITS) 326 #define XCP_CP_BYTES (XCP_CPCOUNT / 8) // full blocks, incl. unused bits 327 328 #endif 329 330 typedef long (*xcpa_queryblock_t) (unsigned char *blk, size_t blen, 331 unsigned int fn, uint64_t domain, 332 const unsigned char *payload, size_t plen); 333 typedef long (*xcpa_internal_rv_t) (const unsigned char *rsp, size_t rlen, 334 struct XCPadmresp * rspblk, CK_RV * rv); 335 336 typedef CK_RV (*m_get_xcp_info_t)(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes, 337 unsigned int query, unsigned int subquery, 338 uint64_t target); 339 340 #ifndef CK_IBM_XCP_HOSTQ_IDX 341 342 typedef enum { 343 CK_IBM_XCPQ_API = 0, /* API and build identifier */ 344 CK_IBM_XCPQ_MODULE = 1, /* module-level information */ 345 CK_IBM_XCPQ_DOMAINS = 2, /* list active domains & WK IDs */ 346 CK_IBM_XCPQ_DOMAIN = 3, 347 CK_IBM_XCPQ_SELFTEST = 4, /* integrity & algorithm tests */ 348 CK_IBM_XCPQ_EXT_CAPS = 5, /* extended capabilities, count */ 349 CK_IBM_XCPQ_EXT_CAPLIST = 6, /* extended capabilities, list */ 350 CK_IBM_XCPQ_AUDITLOG = 8, /* audit record or records */ 351 CK_IBM_XCPQ_DESCRTEXT = 9, /* human-readable text/tokens */ 352 CK_IBM_XCPQ_EC_CURVES = 10, /* supported elliptic curves */ 353 CK_IBM_XCPQ_COMPAT = 11, /* domains' compatibility modes */ 354 CK_IBM_XCPQ_MAX = CK_IBM_XCPQ_COMPAT 355 } CK_IBM_XCPQUERY_t; 356 357 #define CK_IBM_XCP_HOSTQ_IDX 0xff000000 /* host-only queries index, min. */ 358 typedef enum { 359 CK_IBM_XCPHQ_COUNT = (int)0xff000000, /* number of host-query indexes */ 360 /* including this type itself */ 361 CK_IBM_XCPHQ_VERSION = (int)0xff000001, /* host-specific package version*/ 362 /* such as packaging library ID */ 363 CK_IBM_XCPHQ_VERSION_HASH 364 = (int)0xff000002, /* Assumed-unique identifier of */ 365 /* host code, such as version- */ 366 /* identifying cryptographic */ 367 /* hash (library signature */ 368 /* field...) */ 369 CK_IBM_XCPHQ_DIAGS = (int)0xff000003, /* Host code diagnostic level. */ 370 /* 0 if non-diagnostics host */ 371 /* code. */ 372 CK_IBM_XCPHQ_HVERSION = (int)0xff000004, /* Human-readable host version */ 373 /* identification (recommended: */ 374 /* UTF-8 string) */ 375 CK_IBM_XCPHQ_TGT_MODE = (int)0xff000005, /* Host targeting modes */ 376 /* returns supported target */ 377 /* modes as bitmask. */ 378 /* If not available only */ 379 /* compat target mode is in */ 380 /* use. See */ 381 /* CK_IBM_XCPHQ_TGT_MODES_t. */ 382 CK_IBM_XCPHQ_MAX = CK_IBM_XCPHQ_TGT_MODE 383 } CK_IBM_XCPHQUERY_t; 384 385 typedef struct CK_IBM_XCPAPI_INFO { 386 CK_ULONG firmwareApi; 387 CK_ULONG firmwareConfig; /* truncated firmware hash */ 388 } CK_IBM_XCPAPI_INFO; 389 390 typedef CK_IBM_XCPAPI_INFO CK_PTR CK_IBM_XCPAPI_INFO_PTR; 391 392 typedef struct CK_IBM_XCP_INFO { 393 CK_ULONG firmwareApi; /* API ordinal number */ 394 /* major+minor pairs */ 395 CK_ULONG firmwareId; /* truncated firmwareConfig */ 396 397 CK_VERSION firmwareVersion; /* xcp only, matches xcpConfig below */ 398 CK_VERSION cspVersion; 399 400 /* hashes, possibly truncated */ 401 CK_BYTE firmwareConfig[ 32 ]; 402 CK_BYTE xcpConfig [ 32 ]; 403 CK_BYTE cspConfig [ 32 ]; 404 405 CK_CHAR serialNumber[ 16 ]; /* device || instance */ 406 CK_CHAR utcTime [ 16 ]; 407 408 CK_ULONG opMode2; /* currently, reserved 0 */ 409 CK_ULONG opMode1; /* operational mode, card-level */ 410 411 CK_FLAGS flags; /* PKCS#11 capabilities */ 412 CK_FLAGS extflags; /* non-PKCS#11 capabilities */ 413 414 CK_ULONG domains; 415 CK_ULONG symmStateBytes; 416 CK_ULONG digestStateBytes; 417 CK_ULONG pinBlockBytes; 418 CK_ULONG symmKeyBytes; 419 CK_ULONG spkiBytes; 420 CK_ULONG prvkeyBytes; 421 422 CK_ULONG maxPayloadBytes; 423 CK_ULONG cpProfileBytes; 424 CK_ULONG controlPoints; 425 } CK_IBM_XCP_INFO; 426 427 typedef CK_IBM_XCP_INFO CK_PTR CK_IBM_XCP_INFO_PTR; 428 429 #endif 430 431 #ifndef XCP_PINBLOB_BYTES 432 #define XCP_HMAC_BYTES ((size_t) (256 /8)) /* SHA-256 */ 433 #define XCP_WK_BYTES ((size_t) (256 /8)) /* keypart and session sizes */ 434 #define MOD_WRAP_BLOCKSIZE ((size_t) (128 /8)) /* blob crypt block bytecount */ 435 #define XCP_PIN_SALT_BYTES MOD_WRAP_BLOCKSIZE 436 #define XCP_PINBLOB_BYTES \ 437 (XCP_WK_BYTES + XCP_PIN_SALT_BYTES + XCP_HMAC_BYTES) 438 #define XCP_MIN_PINBYTES 8 439 #define XCP_MAX_PINBYTES 16 440 #endif 441