ecc608-linux 0.2.4

A library for accessing the ECC608 chip on Linux
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320

use bitfield::bitfield;
use bytes::Buf;
use serde_derive::Serialize;

bitfield! {
    pub struct ReadKey(u8);
    impl Debug;
    pub external_signatures, set_external_signatures: 0;
    pub internal_signatures, set_internal_signatures: 1;
    pub ecdh_operation, set_ecdh_operation: 2;
    pub ecdh_write_slot, set_ecdh_write_slot: 3;
}

impl From<u8> for ReadKey {
    fn from(v: u8) -> Self {
        Self(v)
    }
}

impl From<ReadKey> for u8 {
    fn from(v: ReadKey) -> Self {
        v.0
    }
}

impl Default for ReadKey {
    fn default() -> Self {
        let mut result = Self(0);
        result.set_internal_signatures(true);
        result.set_external_signatures(true);
        result.set_ecdh_operation(true);
        result
    }
}

/// Write cofiguration from the write_config slot bits for a given command. The
/// interpretation of the write_config bits differs based on the command used.
#[derive(Serialize, Debug, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum WriteConfig {
    Write(_WriteConfig),
    DeriveKey(DeriveKeyConfig),
    GenKey(GenKeyConfig),
    PrivWrite(PrivWriteConfig),
}

#[derive(Debug, PartialEq, Eq)]
pub enum WriteCommand {
    Write,
    DeriveKey,
    GenKey,
    PrivWrite,
}

impl WriteConfig {
    pub fn from(cmd: WriteCommand, v: u8) -> Self {
        match cmd {
            WriteCommand::Write => Self::Write(v.into()),
            WriteCommand::DeriveKey => Self::DeriveKey(v.into()),
            WriteCommand::GenKey => Self::GenKey(v.into()),
            WriteCommand::PrivWrite => Self::PrivWrite(v.into()),
        }
    }
}

impl From<WriteConfig> for u8 {
    fn from(v: WriteConfig) -> Self {
        match v {
            WriteConfig::Write(cfg) => cfg.into(),
            WriteConfig::DeriveKey(cfg) => cfg.into(),
            WriteConfig::GenKey(cfg) => cfg.into(),
            WriteConfig::PrivWrite(cfg) => cfg.into(),
        }
    }
}

impl Default for WriteConfig {
    fn default() -> Self {
        WriteConfig::GenKey(GenKeyConfig::Valid)
    }
}

#[derive(Serialize, Debug, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum _WriteConfig {
    /// Clear text writes are always permitted on this slot. Slots set to
    /// alwaysshould never be used as key storage. Either 4 or 32 bytes may
    /// bewritten to this slot
    Always,
    /// If a validated public key is stored in the slot, writes are prohibited.
    /// UseVerify(Invalidate) to invalidate prior to writing. Do not use
    /// thismode unless the slot contains a public key.
    PubInValid,
    /// Writes are never permitted on this slot using the Write command.Slots
    /// set to never can still be used as key storage.
    Never,
    /// Writes to this slot require a properly computed MAC, and the inputdata
    /// must be encrypted by the system with WriteKey using theencryption
    /// algorithm documented in the Write command description(Section Write
    /// Command). 4 byte writes to this slot are prohibited.
    Encrypt,
}

impl From<u8> for _WriteConfig {
    fn from(v: u8) -> Self {
        match v {
            0 => _WriteConfig::Always,
            1 => _WriteConfig::PubInValid,
            _ if v >> 1 == 1 => _WriteConfig::Never,
            _ if v >> 2 == 2 => _WriteConfig::Never,
            _ if v & 4 == 4 => _WriteConfig::Encrypt,
            _ => panic!("invalid write config {:?}", v),
        }
    }
}

impl From<_WriteConfig> for u8 {
    fn from(v: _WriteConfig) -> Self {
        match v {
            _WriteConfig::Always => 0,
            _WriteConfig::PubInValid => 1,
            _WriteConfig::Never => 2,
            _WriteConfig::Encrypt => 4,
        }
    }
}

#[derive(Serialize, Debug, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum DeriveKeyConfig {
    ///  DeriveKey command can be run with/without authorizing MAC. Source Key:
    /// Target
    Roll(bool),
    /// DeriveKey command can be run with/without authorizing MAC. Source Key:
    /// Parent
    Create(bool),
    /// Slots with this write configutation can not be used as the target of a
    /// DeriveKey.
    Invalid,
}

impl From<u8> for DeriveKeyConfig {
    fn from(v: u8) -> Self {
        match v & 11 {
            2 => Self::Roll(false),
            10 => Self::Roll(true),
            3 => Self::Create(false),
            11 => Self::Create(true),
            _ => Self::Invalid,
        }
    }
}

impl From<DeriveKeyConfig> for u8 {
    fn from(v: DeriveKeyConfig) -> Self {
        match v {
            DeriveKeyConfig::Roll(false) => 2,
            DeriveKeyConfig::Roll(true) => 10,
            DeriveKeyConfig::Create(false) => 3,
            DeriveKeyConfig::Create(true) => 11,
            DeriveKeyConfig::Invalid => 0,
        }
    }
}

#[derive(Serialize, Debug, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum GenKeyConfig {
    /// GenKey may not be used to write random keys into this slot.
    Valid,
    /// GenKey may be used to write random keys into this slot.
    Invalid,
}

impl From<u8> for GenKeyConfig {
    fn from(v: u8) -> Self {
        match v & 2 == 0 {
            true => Self::Invalid,
            _ => Self::Valid,
        }
    }
}

impl From<GenKeyConfig> for u8 {
    fn from(v: GenKeyConfig) -> Self {
        match v {
            GenKeyConfig::Invalid => 0,
            GenKeyConfig::Valid => 2,
        }
    }
}

#[derive(Serialize, Debug, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum PrivWriteConfig {
    /// PrivWrite will return an error if the target key slot has this value.
    Invalid,
    /// Writes to this slot require a properly computed MAC and the inputdata
    /// must be encrypted by the system with SlotConfig.WriteKey using the
    /// encryption algorithm documented with PrivWrite.
    Encrypt,
}

impl From<u8> for PrivWriteConfig {
    fn from(v: u8) -> Self {
        match v & 4 == 0 {
            true => Self::Invalid,
            _ => Self::Encrypt,
        }
    }
}

impl From<PrivWriteConfig> for u8 {
    fn from(v: PrivWriteConfig) -> Self {
        match v {
            PrivWriteConfig::Invalid => 0,
            PrivWriteConfig::Encrypt => 4,
        }
    }
}

bitfield! {
    #[derive(PartialEq, Eq)]
    pub struct SlotConfig(u16);
    impl Debug;
    pub secret, set_secret: 15;
    pub encrypt_read, set_encrypt_read: 14;
    pub limited_use, set_limited_use: 13;
    pub no_mac, set_no_mac: 12;
    pub u8, from into ReadKey, read_key, set_read_key: 11, 8;
    u8, _write_config, _set_write_config: 7, 4;
    pub u8, write_key, set_write_key: 3, 0;
}

impl From<&[u8]> for SlotConfig {
    fn from(v: &[u8]) -> Self {
        let mut buf = v;
        Self(buf.get_u16())
    }
}

impl From<u16> for SlotConfig {
    fn from(v: u16) -> Self {
        Self(v)
    }
}

impl From<SlotConfig> for u16 {
    fn from(v: SlotConfig) -> Self {
        v.0
    }
}

impl From<&SlotConfig> for u16 {
    fn from(v: &SlotConfig) -> Self {
        v.0
    }
}

/// A convenience function to get a slot configuratoin set up to
/// generate and store ECDSA private keys.
impl Default for SlotConfig {
    fn default() -> Self {
        let mut result = SlotConfig(0);
        result.set_write_config(WriteConfig::default());
        result.set_write_key(0);
        result.set_secret(true);
        result.set_encrypt_read(false);
        result.set_limited_use(false);
        result.set_no_mac(true);
        result.set_read_key(ReadKey::default());
        result
    }
}

impl SlotConfig {
    pub fn write_config(&self, cmd: WriteCommand) -> WriteConfig {
        WriteConfig::from(cmd, self._write_config())
    }

    pub fn set_write_config<C>(&mut self, config: C)
    where
        C: Into<u8>,
    {
        self._set_write_config(config.into())
    }
}

impl serde::ser::Serialize for SlotConfig {
    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
    where
        S: serde::ser::Serializer,
    {
        use serde::ser::SerializeStruct;
        let mut state = serializer.serialize_struct("slot_config", 7)?;
        state.serialize_field("secret", &self.secret())?;
        state.serialize_field("encrypt_read", &self.encrypt_read())?;
        state.serialize_field("limited_use", &self.limited_use())?;
        state.serialize_field("no_mac", &self.no_mac())?;
        state.serialize_field("read_key", &self.read_key())?;
        state.serialize_field("write_config", &self._write_config())?;
        state.serialize_field("write_key", &self.write_key())?;
        state.end()
    }
}

impl serde::ser::Serialize for ReadKey {
    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
    where
        S: serde::ser::Serializer,
    {
        use serde::ser::SerializeStruct;
        let mut state = serializer.serialize_struct("read_key", 7)?;
        state.serialize_field("external_signatures", &self.external_signatures())?;
        state.serialize_field("internal_signatures", &self.internal_signatures())?;
        state.serialize_field("ecdh_operation", &self.ecdh_operation())?;
        state.serialize_field("ecdh_write_slot", &self.ecdh_write_slot())?;
        state.end()
    }
}