at-cryptoauth 0.4.0

Driver for ATECC608 Crypto Authentication secure elements
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

// for this implementation of I2C with CryptoAuth chips, txdata is assumed to
// have ATCAPacket format Devices such as ATECCx08A require a word address value
// pre-pended to the packet txdata[0] is using _reserved byte of the ATCAPacket
use super::error::{Error, ErrorKind};
use super::packet::{Packet, Response};
use core::fmt::Debug;
use core::iter::from_fn;
use core::slice::from_ref;
use embedded_hal::blocking::delay::DelayUs;
use embedded_hal::blocking::i2c::{Read, Write};
const WAKE_RESPONSE_EXPECTED: &[u8] = &[0x04, 0x11, 0x33, 0x43];
const WAKE_SELFTEST_FAILED: &[u8] = &[0x04, 0x07, 0xC4, 0x40];

/// Default I2C address of ATECC608
const ADDRESS: u8 = 0xc0 >> 1;
/// Default time in us that takes for ATECC608 device to wake up.
const DELAY_US: u32 = 1500;

// By default, wake up sequence is repeated up to 20 times until it succeeds.
// Multiply by 2, otherwise you see RxFail on wake up. It happens when you try
// to write a word to the config zone on Raspberry Pi's I2C. This behavior might
// be specific to linux HAL. What's worse, GenKey command from Raspberry Pi
// needs to retry 20 * 15 times until it succeeds.
#[cfg(target_os = "none")]
const RETRY: usize = 20;
#[cfg(not(target_os = "none"))]
const RETRY: usize = 20 * 15;

/// So-called "word address".
#[derive(Clone, Copy, Debug, PartialEq)]
pub(crate) enum Transaction {
    Reset = 0x00,
    Sleep = 0x01,
    Idle = 0x02,
    Command = 0x03,
    #[allow(dead_code)]
    Reserved = 0xff,
}

pub(crate) struct I2c<PHY, D> {
    phy: PHY,
    delay: D,
}

impl<PHY, D> I2c<PHY, D> {
    pub(crate) fn new(phy: PHY, delay: D) -> Self {
        Self { phy, delay }
    }
}

impl<PHY, D> I2c<PHY, D>
where
    PHY: Read + Write,
    <PHY as Read>::Error: Debug,
    <PHY as Write>::Error: Debug,
    D: DelayUs<u32>,
{
    /// Wakes up device, sends the packet, waits for command completion,
    /// receives response, and puts the device into the idle state.
    pub(crate) fn execute<'a>(
        &mut self,
        buffer: &'a mut [u8],
        packet: Packet,
        exec_time: Option<u32>,
    ) -> Result<Response<'a>, Error> {
        self.wake()?;
        self.send(&packet.buffer(buffer))?;
        // Wait for the device to finish its job.
        self.delay
            .try_delay_us(exec_time.unwrap_or(1) * 1000)
            .map_err(|_| Error::from(ErrorKind::Timeout))?;
        let response_buffer = self.receive(buffer)?;
        self.idle()?;
        Response::new(response_buffer)
    }

    fn send<T>(&mut self, bytes: &T) -> Result<(), Error>
    where
        T: AsRef<[u8]>,
    {
        self.phy
            .try_write(ADDRESS, bytes.as_ref())
            .map_err(|_| ErrorKind::TxFail.into())
    }

    /// Returns response buffer for later processing.
    fn receive<'a>(&mut self, buffer: &'a mut [u8]) -> Result<&'a mut [u8], Error> {
        // Reset indicates the beginning of transaction.
        let word_address = Transaction::Reset as u8;
        from_fn(|| self.phy.try_write(ADDRESS, from_ref(&word_address)).into())
            .take(RETRY)
            .find_map(Result::<_, _>::ok)
            .ok_or_else(|| Error::from(ErrorKind::TxFail))?;

        let min_resp_size = 4;
        self.phy
            .try_read(ADDRESS, &mut buffer[0..2])
            .map_err(|_| Error::from(ErrorKind::RxFail))?;

        let length_to_read = match buffer[0] {
            // A single byte has already read.
            length if length == 1 => return Ok(buffer[0..1].as_mut()),
            // Buffer cannot contain the response to come. Abort.
            length if buffer.len() < length as usize => return Err(ErrorKind::CommFail.into()),
            // The coming response is malformed. Abort.
            length if length < min_resp_size => return Err(ErrorKind::CommFail.into()),
            length => length as usize,
        };

        self.phy
            .try_read(ADDRESS, buffer[2..length_to_read].as_mut())
            .map(move |()| buffer[..length_to_read].as_mut())
            .map_err(|_| ErrorKind::RxFail.into())
    }

    fn wake(&mut self) -> Result<(), Error> {
        // Send a single null byte to an absent address.
        self.phy.try_write(ADDRESS, from_ref(&0x00)).unwrap_err();

        // Wait for the device to wake up.
        self.delay
            .try_delay_us(DELAY_US)
            .map_err(|_| Error::from(ErrorKind::Timeout))?;

        let buffer = &mut [0x00, 0x00, 0x00, 0x00];
        from_fn(|| self.phy.try_read(ADDRESS, buffer.as_mut()).into())
            .take(RETRY)
            .find_map(Result::<_, _>::ok)
            .ok_or_else(|| Error::from(ErrorKind::RxFail))?;

        match buffer.as_ref() {
            WAKE_RESPONSE_EXPECTED => Ok(()),
            WAKE_SELFTEST_FAILED => Err(ErrorKind::WakeFailed.into()),
            _ => Err(ErrorKind::WakeFailed.into()),
        }
    }

    fn idle(&mut self) -> Result<(), Error> {
        let word_address = Transaction::Idle as u8;
        self.phy
            .try_write(ADDRESS, from_ref(&word_address))
            .map_err(|_| ErrorKind::TxFail.into())
    }

    pub(crate) fn sleep(&mut self) -> Result<(), Error> {
        let word_address = Transaction::Sleep as u8;
        // Wait for the I2C bus to be ready.
        self.delay
            .try_delay_us(30)
            .map_err(|_| Error::from(ErrorKind::Timeout))?;
        self.phy
            .try_write(ADDRESS, from_ref(&word_address))
            .map_err(|_| ErrorKind::TxFail.into())
    }
}