A protected item is defined by the structure in the dongle memory called descriptor. The descriptor contains fields describing the type of data stored in the protected item, its properties, status, activation/deactivation passwords and passwords for executing operations with data.
A protected item/hardware algorithm is addressed by its numerical name. Number name is a 2-byte identifier kept in a special table of item number names and algorithms (Algorithm Root Table, ART). A number name allows identifying the item regardless what memory area is occupies, since the items can be placed randomly in the memory.
| Field offset from the beginning of descriptor | Field length (bytes) | Field name | Field description |
|---|---|---|---|
| 00h | 1 | rs_LoFlags | Lower byte of flags, see nsafl_xxx |
| 01h | 1 | rs_algo | Algorithm type, see rs_algo_XXXX |
| 02h | 2 | ReservedForEven | Reserved |
| 04h | 4 | rs_HiFlags | More flags, see nsafh_xxx |
| 08h | 4 | rs_klen | Data size of protected item or dongle (determinant) algorithm in bytes (rs_K[]) |
| 0C | 4 | rs_blen | Size of data block for hardware algorithm |
| 10 | 8 | rs_hash | This field is reserved and must be filled with 0 |
| 18 | 4 | rs_ActivatePwd | Activation password (if flag nsafl_ActivationSrv exists) |
| 1C | 4 | rs_DeactivatePwd | Deactivation password (if flag nsafl_DeactivationSrv exists) |
| 20 | 4 | rs_ReadPwd | Password for reading fields rs_GP, rs_ErrorCounter, rs_K[] using GrdPI _Read function (if flag nsafh_ReadPwd exists) |
| 24 | 4 | rs_UpdatePwd | Password for updating field rs_GP, rs_ErrorCounter, rs_K[] using GrdPI_Update function(if flag nsafh_UpdateSrv exists) |
| 28 | 6 | rs_BirthTime | |
| 2E | 6 | rs_DeadTime | |
| 34 | 8 | rs_Lifetime | |
| 3C | 8 | rs_FlipTime | |
| 44 | 4 | rs_GP | Reverse counter |
| 48 | 4 | rs_ErrorCounter | Permissible number of password entry attempts (if one of the following flags exists: nsafl_ ActivationSrv, nsafl_DeactivationSrv or nsafl_ UpdateSrv) |
| 4C | rs_klen | rs_K[] | Protected item data or algorithm determinant sized rs_klen |
Field rs_LoFlags contains lower byte of flags defining the properties of protected items. The following flags can be set (flag names listed below are used in Guardant API):