1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
//! Secure Channel — Annex D.
//!
//! # Spec: Annex D
//!
//! Three layers:
//!
//! 1. [`crypto`] — primitives: AES-128, key derivation, cryptograms.
//! 2. [`mac`] — CBC-MAC with the S-MAC1/S-MAC2 swap on the final block.
//! 3. [`session`] — type-state machine wrapping the above into a usable API.
//!
//! Padding is described in [`pad`]. The full handshake is rendered in
//! [`handshake`].
/// Annex D.4 secure-channel handshake.
///
/// Both sides start out sharing only the SCBK (out-of-band install key, or a
/// previously-keyset session key). The handshake derives matching session
/// keys, proves possession to each end, and seeds the rolling-ICV chain that
/// every subsequent SCS_15..=18 frame uses.
///
/// ```mermaid
/// sequenceDiagram
/// participant ACU
/// participant PD
/// Note over ACU,PD: Both share SCBK out-of-band
/// ACU->>PD: osdp_CHLNG (RND.A)
/// PD->>PD: derive S-ENC, S-MAC1, S-MAC2 from SCBK ⊕ RND.A
/// PD->>PD: pick RND.B; compute ClientCryptogram
/// PD->>ACU: osdp_CCRYPT (cUID, RND.B, ClientCryptogram)
/// ACU->>ACU: derive same keys; verify ClientCryptogram
/// ACU->>ACU: compute ServerCryptogram
/// ACU->>PD: osdp_SCRYPT (ServerCryptogram)
/// PD->>PD: verify ServerCryptogram; compute initial R-MAC
/// PD->>ACU: osdp_RMAC_I (initial R-MAC)
/// ACU->>ACU: verify R-MAC matches own
/// Note over ACU,PD: Session is Secure;<br/>SCS_15..=18 frames carry rolling ICV
/// ```
pub use ;
pub use ;
/// Default install key (`SCBK-D`): bytes `0x30..=0x3F`.
///
/// # Spec: Annex D.8
pub const SCBK_D: = ;