You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 

A protected item is defined by the structure in the dongle memory called descriptor. The descriptor contains fields describing the type of data stored in the protected item, its properties, status, activation/deactivation passwords and passwords for executing operations with data.

A protected item/hardware algorithm is addressed by its numerical name. Number name is a 2-byte identifier kept in a special table of item number names and algorithms (Algorithm Root Table, ART). A number name allows identifying the item regardless what memory area is occupies, since the items can be placed randomly in the memory.

Field offset from the beginning of descriptorField length (bytes)Field nameField description
00h1rs_LoFlagsLower byte of flags, see nsafl_xxx
01h1rs_algoAlgorithm type, see rs_algo_XXXX
02h2ReservedForEvenReserved
04h4rs_HiFlagsMore flags, see nsafh_xxx
08h4rs_klenData size of protected item or dongle (determinant) algorithm in bytes (rs_K[])
0C4rs_blenSize of data block for hardware algorithm
108rs_hashThis field is reserved and must be filled with 0
184rs_ActivatePwdActivation password (if flag nsafl_ActivationSrv exists)
1C4rs_DeactivatePwdDeactivation password (if flag nsafl_DeactivationSrv exists)
204rs_ReadPwdPassword for reading fields rs_GP, rs_ErrorCounter, rs_K[] using GrdPI _Read function (if flag nsafh_ReadPwd exists)
244rs_UpdatePwdPassword for updating field rs_GP, rs_ErrorCounter, rs_K[] using GrdPI_Update function(if flag nsafh_UpdateSrv exists)
286rs_BirthTime 
2E6rs_DeadTime 
348rs_Lifetime 
3C8rs_FlipTime 
444rs_GPReverse counter
484rs_ErrorCounterPermissible number of password entry attempts (if one of the following flags exists: nsafl_ ActivationSrv, nsafl_DeactivationSrv or nsafl_ UpdateSrv)
4Crs_klenrs_K[]Protected item data or algorithm determinant sized rs_klen

 

Field rs_LoFlags contains lower byte of flags defining the properties of protected items. The following flags can be set (flag names listed below are used in Guardant API):

Flag nameValueComment
nsafl_ID1 
nsafl_GP_dec2Decrements GP counter on each algorithm call. Once GP counter reaches 0, algorithm is automatically deactivated and returns error code GrdE_InactiveItem in response to further calls
nsafl_GP4Not used for modern dongles
nsafl_ST_III8Flag should be set for modern dongles
nsafl_ActivationSrv16Activation service available
nsafl_DeactivationSrv32Deactivation service available
nsafl_UpdateSrv64Password-protected service for changing data in items rs_K[] available (GrdPI_Update function supported)
nsafl_InactiveFlag128Algorithm/cell is inactive at the moment. Operations GrdTransform, GrdPI_Read, GrdPI_Update not available
Flag name / Algorythm typeAES128,GSII64ECC160SHA256Loadable CodeProtected Item
nsafl_ID+----
nsafl_GP_dec++++-
nsafl_GP-----
nsafl_ST_III++++-
nsafl_ActivationSrv+++++
nsafl_DeactivationSrv+  ++++
nsafl_UpdateSrv+++++
nsafl_InactiveFlag+++++
nsafh_ReadSrv+++++
nsafh_ReadPwd+++++   
nsafh_BirthTime++++-
nsafh_DeadTime++++-
nsafh_LifeTime++++-
nsafh_FlipTime+----

Field rs_algo contains protected item type code.

    1. The following protected item type codes available for Guardant Sign/Time/Net dongles:

      Flag nameValueComment
       0-4Reserved
      rs_algo_GSII645Symmetrical data encryption algorithm. 128 or 256-bit secret key
      rs_algo_HASH646Calculation of 64-bit hash. 128 or 256-bit secret key
      rs_algo_RND647Generation of 64-bit random number
      rs_algo_PI8Protected item
      rs_algo_GSII64_ENCRYPT10 
      rs_algo_GSII64_DECRYPT11 
      rs_algo_ECC16012 
      rs_algo_AES12813 
      rs_algo_SHA25615 

    2. The following protected item type codes available for Guardant Code/Code Time:

      Flag nameValueComment
      rs_algo_PI8Protected item
      rs_algo_ECC16012 
      rs_algo_AES12813 
      rs_algo_LoadableCode14 
      rs_algo_SHA25615 
      rs_algo_AES128Encode16 
      rs_algo_AES128Decode17 

 

  • No labels