Use these functions if your system does not use an ATCADevice as a host but implements the host in firmware.
The functions provide host-side cryptographic functionality for an ATECC client device. They are intended to accompany the CryptoAuthLib functions. They can be called directly from an application, or integrated into an API.
Modern compilers can garbage-collect unused functions. If your compiler does not support this feature, you can just discard this module from your project if you do use an ATECC as a host. Or, if you don't, delete the functions you do not use.
Data Structures | |
| struct | atca_check_mac_in_out |
| Input/output parameters for function atcah_check_mac(). More... | |
| struct | atca_decrypt_in_out |
| Input/output parameters for function atca_decrypt(). More... | |
| struct | atca_derive_key_in_out |
| Input/output parameters for function atcah_derive_key(). More... | |
| struct | atca_derive_key_mac_in_out |
| Input/output parameters for function atcah_derive_key_mac(). More... | |
| struct | atca_gen_dig_in_out |
| Input/output parameters for function atcah_gen_dig(). More... | |
| struct | atca_gen_key_in_out |
| Input/output parameters for calculating the PubKey digest put into TempKey by the GenKey command with the atcah_gen_key_msg() function. More... | |
| struct | atca_hmac_in_out |
| Input/output parameters for function atca_hmac(). More... | |
| struct | atca_include_data_in_out |
| Input / output parameters for function atca_include_data(). More... | |
| struct | atca_io_decrypt_in_out |
| struct | atca_mac_in_out |
| Input/output parameters for function atca_mac(). More... | |
| struct | atca_nonce_in_out |
| Input/output parameters for function atca_nonce(). More... | |
| struct | atca_secureboot_enc_in_out |
| struct | atca_secureboot_mac_in_out |
| struct | atca_sign_internal_in_out |
| Input/output parameters for calculating the message and digest used by the Sign(internal) command. More... | |
| struct | atca_temp_key |
| Structure to hold TempKey fields. More... | |
| struct | atca_verify_in_out |
| Input/output parameters for function atcah_verify(). More... | |
| struct | atca_verify_mac |
| struct | atca_write_mac_in_out |
| Input/output parameters for function atcah_write_auth_mac() and atcah_privwrite_auth_mac(). More... | |
Functions | |
| ATCA_STATUS | atcah_check_mac (struct atca_check_mac_in_out *param) |
| This function performs the checkmac operation to generate client response on the host side . More... | |
| ATCA_STATUS | atcah_config_to_sign_internal (ATCADeviceType device_type, struct atca_sign_internal_in_out *param, const uint8_t *config) |
| Populate the slot_config, key_config, and is_slot_locked fields in the atca_sign_internal_in_out structure from the provided config zone. More... | |
| ATCA_STATUS | atcah_decrypt (struct atca_decrypt_in_out *param) |
| This function decrypts 32-byte encrypted data received with the Read command. More... | |
| ATCA_STATUS | atcah_derive_key (struct atca_derive_key_in_out *param) |
| This function derives a key with a key and TempKey. More... | |
| ATCA_STATUS | atcah_derive_key_mac (struct atca_derive_key_mac_in_out *param) |
| This function calculates the input MAC for a DeriveKey command. More... | |
| ATCA_STATUS | atcah_encode_counter_match (uint32_t counter, uint8_t *counter_match) |
| Builds the counter match value that needs to be stored in a slot. More... | |
| ATCA_STATUS | atcah_gen_dig (struct atca_gen_dig_in_out *param) |
| This function combines the current TempKey with a stored value. More... | |
| ATCA_STATUS | atcah_gen_key_msg (struct atca_gen_key_in_out *param) |
| Calculate the PubKey digest created by GenKey and saved to TempKey. More... | |
| ATCA_STATUS | atcah_gen_mac (struct atca_gen_dig_in_out *param) |
| This function generates mac with session key with a plain text. More... | |
| ATCA_STATUS | atcah_hmac (struct atca_hmac_in_out *param) |
| This function generates an HMAC / SHA-256 hash of a key and other information. More... | |
| uint8_t * | atcah_include_data (struct atca_include_data_in_out *param) |
| This function copies otp and sn data into a command buffer. More... | |
| ATCA_STATUS | atcah_io_decrypt (struct atca_io_decrypt_in_out *param) |
| Decrypt data that's been encrypted by the IO protection key. More... | |
| ATCA_STATUS | atcah_mac (struct atca_mac_in_out *param) |
| This function generates an SHA-256 digest (MAC) of a key, challenge, and other information. More... | |
| ATCA_STATUS | atcah_nonce (struct atca_nonce_in_out *param) |
| This function calculates host side nonce with the parameters passed. More... | |
| ATCA_STATUS | atcah_privwrite_auth_mac (struct atca_write_mac_in_out *param) |
| This function calculates the input MAC for the PrivWrite command. More... | |
| ATCA_STATUS | atcah_secureboot_enc (atca_secureboot_enc_in_out_t *param) |
| Encrypts the digest for the SecureBoot command when using the encrypted digest / validating mac option. More... | |
| ATCA_STATUS | atcah_secureboot_mac (atca_secureboot_mac_in_out_t *param) |
| Calculates the expected MAC returned from the SecureBoot command when verification is a success. More... | |
| ATCA_STATUS | atcah_sha256 (int32_t len, const uint8_t *message, uint8_t *digest) |
| This function creates a SHA256 digest on a little-endian system. More... | |
| ATCA_STATUS | atcah_sign_internal_msg (ATCADeviceType device_type, struct atca_sign_internal_in_out *param) |
| Builds the full message that would be signed by the Sign(Internal) command. More... | |
| ATCA_STATUS | atcah_verify_mac (atca_verify_mac_in_out_t *param) |
| Calculate the expected MAC on the host side for the Verify command. More... | |
| ATCA_STATUS | atcah_write_auth_mac (struct atca_write_mac_in_out *param) |
| This function calculates the input MAC for the Write command. More... | |
Variables | |
| const uint8_t * | atca_mac_in_out::challenge |
| [in] Pointer to 32-byte Challenge data used in MAC command, depending on mode. More... | |
| uint8_t * | atca_decrypt_in_out::crypto_data |
| [in,out] Pointer to 32-byte data. More... | |
| uint16_t | atca_verify_in_out::curve_type |
| [in] Curve type used in Verify command (Param2). More... | |
| const uint8_t * | atca_mac_in_out::key |
| [in] Pointer to 32-byte key used to generate MAC digest. More... | |
| const uint8_t * | atca_hmac_in_out::key |
| [in] Pointer to 32-byte key used to generate HMAC digest. More... | |
| uint16_t | atca_mac_in_out::key_id |
| [in] KeyID parameter used in MAC command (Param2). More... | |
| uint16_t | atca_hmac_in_out::key_id |
| [in] KeyID parameter used in HMAC command (Param2). More... | |
| uint8_t | atca_nonce_in_out::mode |
| [in] Mode parameter used in Nonce command (Param1). More... | |
| uint8_t | atca_mac_in_out::mode |
| [in] Mode parameter used in MAC command (Param1). More... | |
| uint8_t | atca_hmac_in_out::mode |
| [in] Mode parameter used in HMAC command (Param1). More... | |
| const uint8_t * | atca_nonce_in_out::num_in |
| [in] Pointer to 20-byte NumIn data used in Nonce command. More... | |
| const uint8_t * | atca_include_data_in_out::otp |
| [in] pointer to one-time-programming data More... | |
| const uint8_t * | atca_mac_in_out::otp |
| [in] Pointer to 11-byte OTP, optionally included in MAC digest, depending on mode. More... | |
| const uint8_t * | atca_hmac_in_out::otp |
| [in] Pointer to 11-byte OTP, optionally included in HMAC digest, depending on mode. More... | |
| uint8_t * | atca_include_data_in_out::p_temp |
| [out] pointer to output buffer More... | |
| const uint8_t * | atca_verify_in_out::public_key |
| [in] Pointer to the public key to be used for verification More... | |
| const uint8_t * | atca_nonce_in_out::rand_out |
| [in] Pointer to 32-byte RandOut data from Nonce command. More... | |
| uint8_t * | atca_mac_in_out::response |
| [out] Pointer to 32-byte SHA-256 digest (MAC). More... | |
| uint8_t * | atca_hmac_in_out::response |
| [out] Pointer to 32-byte SHA-256 HMAC digest. More... | |
| const uint8_t * | atca_verify_in_out::signature |
| [in] Pointer to ECDSA signature to be verified More... | |
| const uint8_t * | atca_include_data_in_out::sn |
| [in] pointer to serial number data More... | |
| const uint8_t * | atca_mac_in_out::sn |
| [in] Pointer to 9-byte SN, optionally included in MAC digest, depending on mode. More... | |
| const uint8_t * | atca_hmac_in_out::sn |
| [in] Pointer to 9-byte SN, optionally included in HMAC digest, depending on mode. More... | |
| struct atca_temp_key * | atca_nonce_in_out::temp_key |
| [in,out] Pointer to TempKey structure. More... | |
| struct atca_temp_key * | atca_mac_in_out::temp_key |
| [in,out] Pointer to TempKey structure. More... | |
| struct atca_temp_key * | atca_hmac_in_out::temp_key |
| [in,out] Pointer to TempKey structure. More... | |
| struct atca_temp_key * | atca_decrypt_in_out::temp_key |
| [in,out] Pointer to TempKey structure. More... | |
| struct atca_temp_key * | atca_verify_in_out::temp_key |
| [in,out] Pointer to TempKey structure. More... | |
| uint16_t | atca_nonce_in_out::zero |
| [in] Zero parameter used in Nonce command (Param2). More... | |
Definitions for ATECC Message Sizes to Calculate a SHA256 Hash | |
"||" is the concatenation operator. The number in braces is the length of the hash input value in bytes. | |
| #define | ATCA_MSG_SIZE_NONCE (55) |
| RandOut{32} || NumIn{20} || OpCode{1} || Mode{1} || LSB of Param2{1}. More... | |
| #define | ATCA_MSG_SIZE_MAC (88) |
| (Key or TempKey){32} || (Challenge or TempKey){32} || OpCode{1} || Mode{1} || Param2{2} || (OTP0_7 or 0){8} || (OTP8_10 or 0){3} || SN8{1} || (SN4_7 or 0){4} || SN0_1{2} || (SN2_3 or 0){2} More... | |
| #define | ATCA_MSG_SIZE_HMAC (88) |
| #define | ATCA_MSG_SIZE_GEN_DIG (96) |
| KeyId{32} || OpCode{1} || Param1{1} || Param2{2} || SN8{1} || SN0_1{2} || 0{25} || TempKey{32}. More... | |
| #define | ATCA_MSG_SIZE_DERIVE_KEY (96) |
| KeyId{32} || OpCode{1} || Param1{1} || Param2{2} || SN8{1} || SN0_1{2} || 0{25} || TempKey{32}. More... | |
| #define | ATCA_MSG_SIZE_DERIVE_KEY_MAC (39) |
| KeyId{32} || OpCode{1} || Param1{1} || Param2{2} || SN8{1} || SN0_1{2}. More... | |
| #define | ATCA_MSG_SIZE_ENCRYPT_MAC (96) |
| KeyId{32} || OpCode{1} || Param1{1} || Param2{2}|| SN8{1} || SN0_1{2} || 0{25} || TempKey{32}. More... | |
| #define | ATCA_MSG_SIZE_PRIVWRITE_MAC (96) |
| KeyId{32} || OpCode{1} || Param1{1} || Param2{2}|| SN8{1} || SN0_1{2} || 0{21} || PlainText{36}. More... | |
| #define | ATCA_COMMAND_HEADER_SIZE ( 4) |
| #define | ATCA_GENDIG_ZEROS_SIZE (25) |
| #define | ATCA_WRITE_MAC_ZEROS_SIZE (25) |
| #define | ATCA_PRIVWRITE_MAC_ZEROS_SIZE (21) |
| #define | ATCA_PRIVWRITE_PLAIN_TEXT_SIZE (36) |
| #define | ATCA_DERIVE_KEY_ZEROS_SIZE (25) |
| #define | HMAC_BLOCK_SIZE (64) |
| #define | ENCRYPTION_KEY_SIZE (64) |
Default Fixed Byte Values of Serial Number (SN[0:1] and SN[8]) | |
| #define | ATCA_SN_0_DEF (0x01) |
| #define | ATCA_SN_1_DEF (0x23) |
| #define | ATCA_SN_8_DEF (0xEE) |
Definition for TempKey Mode | |
| #define | MAC_MODE_USE_TEMPKEY_MASK ((uint8_t)0x03) |
| mode mask for MAC command when using TempKey More... | |
| #define ATCA_COMMAND_HEADER_SIZE ( 4) |
| #define ATCA_DERIVE_KEY_ZEROS_SIZE (25) |
Referenced by atcah_derive_key().
| #define ATCA_GENDIG_ZEROS_SIZE (25) |
Referenced by atcah_gen_dig(), and atcah_gen_mac().
| #define ATCA_MSG_SIZE_DERIVE_KEY (96) |
KeyId{32} || OpCode{1} || Param1{1} || Param2{2} || SN8{1} || SN0_1{2} || 0{25} || TempKey{32}.
Referenced by atcah_derive_key().
| #define ATCA_MSG_SIZE_DERIVE_KEY_MAC (39) |
KeyId{32} || OpCode{1} || Param1{1} || Param2{2} || SN8{1} || SN0_1{2}.
Referenced by atcah_derive_key_mac().
| #define ATCA_MSG_SIZE_ENCRYPT_MAC (96) |
KeyId{32} || OpCode{1} || Param1{1} || Param2{2}|| SN8{1} || SN0_1{2} || 0{25} || TempKey{32}.
Referenced by atcah_write_auth_mac().
| #define ATCA_MSG_SIZE_GEN_DIG (96) |
KeyId{32} || OpCode{1} || Param1{1} || Param2{2} || SN8{1} || SN0_1{2} || 0{25} || TempKey{32}.
Referenced by atcah_gen_dig(), and atcah_gen_mac().
| #define ATCA_MSG_SIZE_HMAC (88) |
Referenced by atcah_hmac().
| #define ATCA_MSG_SIZE_MAC (88) |
(Key or TempKey){32} || (Challenge or TempKey){32} || OpCode{1} || Mode{1} || Param2{2} || (OTP0_7 or 0){8} || (OTP8_10 or 0){3} || SN8{1} || (SN4_7 or 0){4} || SN0_1{2} || (SN2_3 or 0){2}
Referenced by atcah_check_mac(), and atcah_mac().
| #define ATCA_MSG_SIZE_NONCE (55) |
RandOut{32} || NumIn{20} || OpCode{1} || Mode{1} || LSB of Param2{1}.
Referenced by atcah_nonce().
| #define ATCA_MSG_SIZE_PRIVWRITE_MAC (96) |
KeyId{32} || OpCode{1} || Param1{1} || Param2{2}|| SN8{1} || SN0_1{2} || 0{21} || PlainText{36}.
Referenced by atcah_privwrite_auth_mac().
| #define ATCA_PRIVWRITE_MAC_ZEROS_SIZE (21) |
Referenced by atcah_privwrite_auth_mac().
| #define ATCA_PRIVWRITE_PLAIN_TEXT_SIZE (36) |
Referenced by atcah_privwrite_auth_mac().
| #define ATCA_SN_0_DEF (0x01) |
| #define ATCA_SN_1_DEF (0x23) |
| #define ATCA_SN_8_DEF (0xEE) |
| #define ATCA_WRITE_MAC_ZEROS_SIZE (25) |
Referenced by atcah_write_auth_mac().
| #define ENCRYPTION_KEY_SIZE (64) |
| #define HMAC_BLOCK_SIZE (64) |
Referenced by atcah_hmac().
| #define MAC_MODE_USE_TEMPKEY_MASK ((uint8_t)0x03) |
mode mask for MAC command when using TempKey
Referenced by atcah_mac().
| typedef struct atca_check_mac_in_out atca_check_mac_in_out_t |
Input/output parameters for function atcah_check_mac().
| typedef struct atca_gen_dig_in_out atca_gen_dig_in_out_t |
Input/output parameters for function atcah_gen_dig().
| typedef struct atca_gen_key_in_out atca_gen_key_in_out_t |
Input/output parameters for calculating the PubKey digest put into TempKey by the GenKey command with the atcah_gen_key_msg() function.
| typedef struct atca_io_decrypt_in_out atca_io_decrypt_in_out_t |
| typedef struct atca_mac_in_out atca_mac_in_out_t |
| typedef struct atca_nonce_in_out atca_nonce_in_out_t |
| typedef struct atca_secureboot_enc_in_out atca_secureboot_enc_in_out_t |
| typedef struct atca_secureboot_mac_in_out atca_secureboot_mac_in_out_t |
| typedef struct atca_sign_internal_in_out atca_sign_internal_in_out_t |
Input/output parameters for calculating the message and digest used by the Sign(internal) command.
Used with the atcah_sign_internal_msg() function.
| typedef struct atca_temp_key atca_temp_key_t |
Structure to hold TempKey fields.
| typedef struct atca_verify_in_out atca_verify_in_out_t |
| typedef struct atca_verify_mac atca_verify_mac_in_out_t |
| typedef struct atca_write_mac_in_out atca_write_mac_in_out_t |
Input/output parameters for function atcah_write_auth_mac() and atcah_privwrite_auth_mac().
| ATCA_STATUS atcah_check_mac | ( | struct atca_check_mac_in_out * | param | ) |
This function performs the checkmac operation to generate client response on the host side .
| [in,out] | param | Input and output parameters |
References ATCA_MSG_SIZE_MAC, atcac_sw_sha2_256(), atca_check_mac_in_out::client_chal, atca_check_mac_in_out::client_resp, atca_temp_key::gen_dig_data, atca_check_mac_in_out::mode, NULL, atca_check_mac_in_out::other_data, atca_check_mac_in_out::otp, atca_check_mac_in_out::slot_key, atca_check_mac_in_out::sn, atca_temp_key::source_flag, atca_check_mac_in_out::target_key, atca_check_mac_in_out::temp_key, atca_temp_key::valid, and atca_temp_key::value.
| ATCA_STATUS atcah_config_to_sign_internal | ( | ATCADeviceType | device_type, |
| struct atca_sign_internal_in_out * | param, | ||
| const uint8_t * | config | ||
| ) |
Populate the slot_config, key_config, and is_slot_locked fields in the atca_sign_internal_in_out structure from the provided config zone.
The atca_sign_internal_in_out structure has a number of fields (slot_config, key_config, is_slot_locked) that can be determined automatically from the current state of TempKey and the full config zone.
| [in,out] | param | Sign(Internal) parameters to be filled out. Only slot_config, key_config, and is_slot_locked will be set. |
| [in] | device_type | The type of the device. |
| [in] | config | Full 128 byte config zone for the device. |
References atca_sign_internal_in_out::is_slot_locked, atca_sign_internal_in_out::key_config, atca_temp_key::key_id, NULL, atca_sign_internal_in_out::slot_config, atca_sign_internal_in_out::temp_key, atca_sign_internal_in_out::update_count, and atca_sign_internal_in_out::use_flag.
| ATCA_STATUS atcah_decrypt | ( | struct atca_decrypt_in_out * | param | ) |
This function decrypts 32-byte encrypted data received with the Read command.
To use this function, first the nonce must be valid and synchronized between device and application. The application sends a GenDig command to the Device, using a key specified by SlotConfig.ReadKey. The device updates its TempKey. The application then updates its own TempKey using the GenDig calculation function, using the same key. The application sends a Read command to the device for a user zone configured with EncryptRead. The device encrypts 32-byte zone content, and outputs it to the host. The application passes these encrypted data to this decryption function. The function decrypts the data and returns them. TempKey must be updated by GenDig using a ParentKey as specified by SlotConfig.ReadKey before executing this function. The decryption function does not check whether the TempKey has been generated by a correct ParentKey for the corresponding zone. Therefore to get a correct result, the application has to make sure that prior GenDig calculation was done using correct ParentKey.
| [in,out] | param | pointer to parameter structure |
References atca_decrypt_in_out::crypto_data, atca_temp_key::gen_dig_data, i, atca_temp_key::no_mac_flag, atca_temp_key::source_flag, atca_decrypt_in_out::temp_key, atca_temp_key::valid, and atca_temp_key::value.
| ATCA_STATUS atcah_derive_key | ( | struct atca_derive_key_in_out * | param | ) |
This function derives a key with a key and TempKey.
Used in conjunction with DeriveKey command, the key derived by this function will match the key in the device. Two kinds of operation are supported:
After executing this function, the initial value of target_key will be overwritten with the derived key. The TempKey should be valid (temp_key.valid = 1) before executing this function.
| [in,out] | param | pointer to parameter structure |
References ATCA_DERIVE_KEY_ZEROS_SIZE, ATCA_MSG_SIZE_DERIVE_KEY, atcac_sw_sha2_256(), atca_derive_key_in_out::mode, atca_temp_key::no_mac_flag, atca_include_data_in_out::p_temp, atca_derive_key_in_out::parent_key, atca_derive_key_in_out::sn, atca_temp_key::source_flag, atca_derive_key_in_out::target_key, atca_derive_key_in_out::target_key_id, atca_derive_key_in_out::temp_key, atca_temp_key::valid, and atca_temp_key::value.
| ATCA_STATUS atcah_derive_key_mac | ( | struct atca_derive_key_mac_in_out * | param | ) |
This function calculates the input MAC for a DeriveKey command.
The DeriveKey command will need an input MAC if SlotConfig[TargetKey].Bit15 is set.
| [in,out] | param | pointer to parameter structure |
References ATCA_MSG_SIZE_DERIVE_KEY_MAC, atcac_sw_sha2_256(), atca_derive_key_mac_in_out::mac, atca_derive_key_mac_in_out::mode, atca_include_data_in_out::p_temp, atca_derive_key_mac_in_out::parent_key, atca_derive_key_mac_in_out::sn, and atca_derive_key_mac_in_out::target_key_id.
| ATCA_STATUS atcah_encode_counter_match | ( | uint32_t | counter_value, |
| uint8_t * | counter_match_value | ||
| ) |
Builds the counter match value that needs to be stored in a slot.
| [in] | counter_value | Counter value to be used for the counter match. This must be a multiple of 32. |
| [out] | counter_match_value | Data to be stored in the beginning of a counter match slot will be returned here (8 bytes). |
References NULL.
| ATCA_STATUS atcah_gen_dig | ( | struct atca_gen_dig_in_out * | param | ) |
This function combines the current TempKey with a stored value.
The stored value can be a data slot, OTP page, configuration zone, or hardware transport key. The TempKey generated by this function will match with the TempKey in the device generated when executing a GenDig command. The TempKey should be valid (temp_key.valid = 1) before executing this function. To use this function, an application first sends a GenDig command with a chosen stored value to the device. This stored value must be known by the application and is passed to this GenDig calculation function. The function calculates a new TempKey and returns it.
| [in,out] | param | pointer to parameter structure |
References ATCA_GENDIG_ZEROS_SIZE, ATCA_MSG_SIZE_GEN_DIG, atcac_sw_sha2_256(), atca_temp_key::gen_dig_data, atca_gen_dig_in_out::is_key_nomac, atca_temp_key::key_id, atca_gen_dig_in_out::key_id, NULL, atca_gen_dig_in_out::other_data, atca_include_data_in_out::p_temp, atca_gen_dig_in_out::sn, atca_gen_dig_in_out::stored_value, atca_gen_dig_in_out::temp_key, atca_temp_key::valid, atca_temp_key::value, and atca_gen_dig_in_out::zone.
| ATCA_STATUS atcah_gen_key_msg | ( | struct atca_gen_key_in_out * | param | ) |
Calculate the PubKey digest created by GenKey and saved to TempKey.
| [in,out] | param | GenKey parameters required to calculate the PubKey digest. Digest is return in the temp_key parameter. |
References atcac_sw_sha2_256(), atca_temp_key::gen_dig_data, atca_temp_key::gen_key_data, atca_temp_key::key_id, atca_gen_key_in_out::key_id, atca_gen_key_in_out::mode, NULL, atca_gen_key_in_out::other_data, atca_gen_key_in_out::public_key, atca_gen_key_in_out::public_key_size, atca_gen_key_in_out::sn, atca_gen_key_in_out::temp_key, and atca_temp_key::value.
| ATCA_STATUS atcah_gen_mac | ( | struct atca_gen_dig_in_out * | param | ) |
This function generates mac with session key with a plain text.
| [in,out] | param | pointer to parameter structure |
References ATCA_GENDIG_ZEROS_SIZE, ATCA_MSG_SIZE_GEN_DIG, atcac_sw_sha2_256(), atca_temp_key::gen_dig_data, atca_temp_key::key_id, atca_gen_dig_in_out::key_id, atca_temp_key::no_mac_flag, atca_include_data_in_out::p_temp, atca_gen_dig_in_out::sn, atca_gen_dig_in_out::stored_value, atca_gen_dig_in_out::temp_key, atca_temp_key::valid, atca_temp_key::value, and atca_gen_dig_in_out::zone.
| ATCA_STATUS atcah_hmac | ( | struct atca_hmac_in_out * | param | ) |
This function generates an HMAC / SHA-256 hash of a key and other information.
The resulting hash will match with the one generated in the device by an HMAC command. The TempKey has to be valid (temp_key.valid = 1) before executing this function.
| [in,out] | param | pointer to parameter structure |
References ATCA_MSG_SIZE_HMAC, atcac_sw_sha2_256(), atcah_include_data(), HMAC_BLOCK_SIZE, i, atca_hmac_in_out::key, atca_hmac_in_out::key_id, atca_include_data_in_out::mode, atca_hmac_in_out::mode, atca_temp_key::no_mac_flag, NULL, atca_include_data_in_out::otp, atca_hmac_in_out::otp, atca_include_data_in_out::p_temp, atca_hmac_in_out::response, atca_include_data_in_out::sn, atca_hmac_in_out::sn, atca_temp_key::source_flag, atca_hmac_in_out::temp_key, atca_temp_key::valid, and atca_temp_key::value.
| uint8_t* atcah_include_data | ( | struct atca_include_data_in_out * | param | ) |
This function copies otp and sn data into a command buffer.
| [in,out] | param | pointer to parameter structure |
References atca_include_data_in_out::mode, atca_include_data_in_out::otp, atca_include_data_in_out::p_temp, and atca_include_data_in_out::sn.
Referenced by atcah_hmac(), and atcah_mac().
| ATCA_STATUS atcah_io_decrypt | ( | struct atca_io_decrypt_in_out * | param | ) |
Decrypt data that's been encrypted by the IO protection key.
The ECDH and KDF commands on the ATECC608A are the only ones that support this operation.
| [in,out] | param | Parameters required to perform the operation. |
References atcac_sw_sha2_256_finish(), atcac_sw_sha2_256_init(), atcac_sw_sha2_256_update(), atca_io_decrypt_in_out::data, atca_io_decrypt_in_out::data_size, i, atca_io_decrypt_in_out::io_key, NULL, and atca_io_decrypt_in_out::out_nonce.
| ATCA_STATUS atcah_mac | ( | struct atca_mac_in_out * | param | ) |
This function generates an SHA-256 digest (MAC) of a key, challenge, and other information.
The resulting digest will match with the one generated by the device when executing a MAC command. The TempKey (if used) should be valid (temp_key.valid = 1) before executing this function.
| [in,out] | param | pointer to parameter structure |
References ATCA_MSG_SIZE_MAC, atcac_sw_sha2_256(), atcah_include_data(), atca_mac_in_out::challenge, atca_mac_in_out::key, atca_mac_in_out::key_id, MAC_MODE_USE_TEMPKEY_MASK, atca_include_data_in_out::mode, atca_mac_in_out::mode, atca_temp_key::no_mac_flag, atca_include_data_in_out::otp, atca_mac_in_out::otp, atca_include_data_in_out::p_temp, atca_mac_in_out::response, atca_include_data_in_out::sn, atca_mac_in_out::sn, atca_temp_key::source_flag, atca_mac_in_out::temp_key, atca_temp_key::valid, and atca_temp_key::value.
| ATCA_STATUS atcah_nonce | ( | struct atca_nonce_in_out * | param | ) |
This function calculates host side nonce with the parameters passed.
| [in,out] | param | pointer to parameter structure |
References ATCA_MSG_SIZE_NONCE, atcac_sw_sha2_256(), atca_temp_key::gen_dig_data, atca_temp_key::is_64, atca_temp_key::key_id, atca_nonce_in_out::mode, atca_temp_key::no_mac_flag, NULL, atca_nonce_in_out::num_in, atca_nonce_in_out::rand_out, atca_temp_key::source_flag, atca_nonce_in_out::temp_key, atca_temp_key::valid, atca_temp_key::value, and atca_nonce_in_out::zero.
| ATCA_STATUS atcah_privwrite_auth_mac | ( | struct atca_write_mac_in_out * | param | ) |
This function calculates the input MAC for the PrivWrite command.
The PrivWrite command will need an input MAC if SlotConfig.WriteConfig.Encrypt is set.
| [in,out] | param | pointer to parameter structure |
References ATCA_MSG_SIZE_PRIVWRITE_MAC, ATCA_PRIVWRITE_MAC_ZEROS_SIZE, ATCA_PRIVWRITE_PLAIN_TEXT_SIZE, atcac_sw_sha2_256(), atca_write_mac_in_out::auth_mac, atca_write_mac_in_out::encrypted_data, i, atca_write_mac_in_out::input_data, atca_write_mac_in_out::key_id, atca_temp_key::no_mac_flag, NULL, atca_include_data_in_out::p_temp, atca_write_mac_in_out::sn, atca_write_mac_in_out::temp_key, atca_temp_key::valid, atca_temp_key::value, and atca_write_mac_in_out::zone.
| ATCA_STATUS atcah_secureboot_enc | ( | atca_secureboot_enc_in_out_t * | param | ) |
Encrypts the digest for the SecureBoot command when using the encrypted digest / validating mac option.
| [in,out] | param | Data required to perform the operation. |
References atcac_sw_sha2_256_finish(), atcac_sw_sha2_256_init(), atcac_sw_sha2_256_update(), atca_secureboot_enc_in_out::digest, atca_secureboot_enc_in_out::digest_enc, atca_secureboot_enc_in_out::hashed_key, i, atca_secureboot_enc_in_out::io_key, NULL, atca_secureboot_enc_in_out::temp_key, and atca_temp_key::value.
| ATCA_STATUS atcah_secureboot_mac | ( | atca_secureboot_mac_in_out_t * | param | ) |
Calculates the expected MAC returned from the SecureBoot command when verification is a success.
The result of this function (param->mac) should be compared with the actual MAC returned to validate the response.
| [in,out] | param | Data required to perform the operation. |
References atcac_sw_sha2_256_finish(), atcac_sw_sha2_256_init(), atcac_sw_sha2_256_update(), atca_secureboot_mac_in_out::digest, atca_secureboot_mac_in_out::hashed_key, atca_secureboot_mac_in_out::mac, atca_secureboot_mac_in_out::mode, NULL, atca_secureboot_mac_in_out::param2, atca_secureboot_mac_in_out::secure_boot_config, and atca_secureboot_mac_in_out::signature.
| ATCA_STATUS atcah_sha256 | ( | int32_t | len, |
| const uint8_t * | message, | ||
| uint8_t * | digest | ||
| ) |
This function creates a SHA256 digest on a little-endian system.
| [in] | len | byte length of message |
| [in] | message | pointer to message |
| [out] | digest | SHA256 of message |
References atcac_sw_sha2_256().
| ATCA_STATUS atcah_sign_internal_msg | ( | ATCADeviceType | device_type, |
| struct atca_sign_internal_in_out * | param | ||
| ) |
Builds the full message that would be signed by the Sign(Internal) command.
Additionally, the function will optionally output the OtherData data required by the Verify(In/Validate) command as well as the SHA256 digest of the full message.
| [out] | device_type | Device type to perform the calculation for. |
| [out] | param | Input data and output buffers required. |
References atcac_sw_sha2_256(), atca_sign_internal_in_out::digest, atca_sign_internal_in_out::for_invalidate, atca_temp_key::gen_dig_data, atca_temp_key::gen_key_data, atca_sign_internal_in_out::is_slot_locked, atca_sign_internal_in_out::key_config, atca_temp_key::key_id, atca_sign_internal_in_out::key_id, atca_sign_internal_in_out::message, atca_sign_internal_in_out::mode, atca_temp_key::no_mac_flag, NULL, atca_sign_internal_in_out::slot_config, atca_sign_internal_in_out::sn, atca_temp_key::source_flag, atca_sign_internal_in_out::temp_key, atca_sign_internal_in_out::update_count, atca_sign_internal_in_out::use_flag, atca_temp_key::value, and atca_sign_internal_in_out::verify_other_data.
| ATCA_STATUS atcah_verify_mac | ( | atca_verify_mac_in_out_t * | param | ) |
Calculate the expected MAC on the host side for the Verify command.
| [in,out] | param | Data required to perform the operation. |
References atcac_sw_sha2_256_finish(), atcac_sw_sha2_256_init(), atcac_sw_sha2_256_update(), atca_verify_mac::io_key, atca_verify_mac::key_id, atca_verify_mac::mac, atca_verify_mac::mode, atca_verify_mac::msg_dig_buf, NULL, atca_verify_mac::other_data, atca_verify_mac::signature, atca_verify_mac::sn, atca_verify_mac::temp_key, and atca_temp_key::value.
| ATCA_STATUS atcah_write_auth_mac | ( | struct atca_write_mac_in_out * | param | ) |
This function calculates the input MAC for the Write command.
The Write command will need an input MAC if SlotConfig.WriteConfig.Encrypt is set.
| [in,out] | param | pointer to parameter structure |
References ATCA_MSG_SIZE_ENCRYPT_MAC, ATCA_WRITE_MAC_ZEROS_SIZE, atcac_sw_sha2_256(), atca_write_mac_in_out::auth_mac, atca_write_mac_in_out::encrypted_data, i, atca_write_mac_in_out::input_data, atca_write_mac_in_out::key_id, atca_temp_key::no_mac_flag, atca_include_data_in_out::p_temp, atca_write_mac_in_out::sn, atca_write_mac_in_out::temp_key, atca_temp_key::valid, atca_temp_key::value, and atca_write_mac_in_out::zone.
| atca_mac_in_out::challenge |
[in] Pointer to 32-byte Challenge data used in MAC command, depending on mode.
Referenced by atcah_mac().
| atca_decrypt_in_out::crypto_data |
[in,out] Pointer to 32-byte data.
Input encrypted data from Read command (Contents field), output decrypted.
Referenced by atcah_decrypt().
| atca_verify_in_out::curve_type |
[in] Curve type used in Verify command (Param2).
| atca_mac_in_out::key |
[in] Pointer to 32-byte key used to generate MAC digest.
Referenced by atcah_mac().
| atca_hmac_in_out::key |
[in] Pointer to 32-byte key used to generate HMAC digest.
Referenced by atcah_hmac().
| atca_mac_in_out::key_id |
[in] KeyID parameter used in MAC command (Param2).
Referenced by atcah_mac().
| atca_hmac_in_out::key_id |
[in] KeyID parameter used in HMAC command (Param2).
Referenced by atcah_hmac().
| atca_nonce_in_out::mode |
[in] Mode parameter used in Nonce command (Param1).
Referenced by atcah_nonce().
| atca_mac_in_out::mode |
[in] Mode parameter used in MAC command (Param1).
Referenced by atcah_mac().
| atca_hmac_in_out::mode |
[in] Mode parameter used in HMAC command (Param1).
Referenced by atcah_hmac().
| atca_nonce_in_out::num_in |
[in] Pointer to 20-byte NumIn data used in Nonce command.
Referenced by atcah_nonce().
| atca_include_data_in_out::otp |
[in] pointer to one-time-programming data
Referenced by atcah_hmac(), atcah_include_data(), and atcah_mac().
| atca_mac_in_out::otp |
[in] Pointer to 11-byte OTP, optionally included in MAC digest, depending on mode.
Referenced by atcah_mac().
| atca_hmac_in_out::otp |
[in] Pointer to 11-byte OTP, optionally included in HMAC digest, depending on mode.
Referenced by atcah_hmac().
| atca_include_data_in_out::p_temp |
[out] pointer to output buffer
Referenced by atcah_derive_key(), atcah_derive_key_mac(), atcah_gen_dig(), atcah_gen_mac(), atcah_hmac(), atcah_include_data(), atcah_mac(), atcah_privwrite_auth_mac(), and atcah_write_auth_mac().
| atca_verify_in_out::public_key |
[in] Pointer to the public key to be used for verification
| atca_nonce_in_out::rand_out |
[in] Pointer to 32-byte RandOut data from Nonce command.
Referenced by atcah_nonce().
| atca_mac_in_out::response |
[out] Pointer to 32-byte SHA-256 digest (MAC).
Referenced by atcah_mac().
| atca_hmac_in_out::response |
[out] Pointer to 32-byte SHA-256 HMAC digest.
Referenced by atcah_hmac().
| atca_verify_in_out::signature |
[in] Pointer to ECDSA signature to be verified
| atca_include_data_in_out::sn |
[in] pointer to serial number data
Referenced by atcah_hmac(), atcah_include_data(), and atcah_mac().
| atca_mac_in_out::sn |
[in] Pointer to 9-byte SN, optionally included in MAC digest, depending on mode.
Referenced by atcah_mac().
| atca_hmac_in_out::sn |
[in] Pointer to 9-byte SN, optionally included in HMAC digest, depending on mode.
Referenced by atcah_hmac().
| atca_nonce_in_out::temp_key |
[in,out] Pointer to TempKey structure.
Referenced by atcah_nonce().
| atca_mac_in_out::temp_key |
[in,out] Pointer to TempKey structure.
Referenced by atcah_mac().
| atca_hmac_in_out::temp_key |
[in,out] Pointer to TempKey structure.
Referenced by atcah_hmac().
| atca_decrypt_in_out::temp_key |
[in,out] Pointer to TempKey structure.
Referenced by atcah_decrypt().
| atca_verify_in_out::temp_key |
[in,out] Pointer to TempKey structure.
| atca_nonce_in_out::zero |
[in] Zero parameter used in Nonce command (Param2).
Referenced by atcah_nonce().
1.8.5