Struct rust_cryptoauthlib::SlotConfig
source · [−]pub struct SlotConfig {Show 15 fields
pub write_config: WriteConfig,
pub key_type: KeyType,
pub read_key: ReadKey,
pub ecc_key_attr: EccKeyAttr,
pub x509id: u8,
pub auth_key: u8,
pub write_key: u8,
pub is_secret: bool,
pub limited_use: bool,
pub no_mac: bool,
pub persistent_disable: bool,
pub req_auth: bool,
pub req_random: bool,
pub lockable: bool,
pub pub_info: bool,
}
Expand description
Detailed ATECC key slot configuration
Fields
write_config: WriteConfig
Controls the ability to modify the data in this slot.
key_type: KeyType
read_key: ReadKey
ecc_key_attr: EccKeyAttr
x509id: u8
The index into the X509format array within the Configuration zone which corresponds to this slot. If the corresponding format byte is zero, then the public key can be validated by any format signature by the parent. If the corresponding format byte is non-zero, then the validating certificate must be of a certain length; the stored public key must be locateindicates this slot contains an ECC private key at a certain place within the message and the SHA() commands must be used to generate the digest of the message. Must be zero if the slot does not contain a public key. Valid range from 0 to 3.
auth_key: u8
If ‘req_auth’ is true, this field points to the key that must be used for authorization before the key associated with this slot may be used. Must be zero if ‘req_auth’ is false. Valid range from 0 to 15.
write_key: u8
Use this key to validate and encrypt data written to the slot indicated by this variable. Valid range from 0 to 15.
is_secret: bool
true = The contents of this slot are secret – Clear text reads are prohibited and both 4-byte reads and writes are prohibited. This variable must be true if ‘encrypt_read’ is a true or if ‘write_config’ has any value other than ‘Always’ to ensure proper operation of the device. false = The contents of this slot should contain neither confidential data nor keys. The GenKey and Sign commands will fail if ‘is_secret’ is set to false for any ECC private key.
limited_use: bool
true = The key stored in the slot is “Limited Use”. The number of uses of this key is limited by a in chip monotonic counter. false = There are no usage limitations.
no_mac: bool
true = The key stored in the slot is intended for verification usage and cannot be used by the MAC or HMAC commands. When this key is used to generate or modify TempKey, then that value may not be used by the MAC and HMAC commands. Also cannot be used with the SHA command in HMAC mode. false = The key stored in the slot can be used by all commands.
persistent_disable: bool
true = Use of this key is prohibited for all commands other than GenKey if the PersistentLatch is zero. GenKey is permitted regardless of the state of the latch. false = Use of this key is independent of the state of the PersistentLatch.
req_auth: bool
true = Before this key must be used, a prior authorization using the key pointed to by AuthKey must be completed successfully prior to cryptographic use of the key. Applies to all key types, both public, secret, and private. false = No prior authorization is required.
req_random: bool
If true then a random nonce is required for GenKey, MAC, CheckMac, Verify, DeriveKey, and GenDig commands.
lockable: bool
If true then this slot can be individually locked using the Lock command.
pub_info: bool
If ‘is_private’ indicates this slot contains an ECC private key: false = The public version of this key can never be generated. Use this mode for the highest security. true = The public version of this key can always be generated. If ‘is_private’ indicates that this slot does not contain an ECC private key, then this bit may be used to control validity of public keys. If so configured, the Verify command will only use a stored public key to verify a signature if it has been validated. The Sign and Info commands are used to report the validity state. The public key validity feature is ignored by all other commands and applies only to Slots 8 - 15. false = The public key in this slot can be used by the Verify command without being validated. true = The public key in this slot can be used by the Verify command only if the public key in the slot has been validated. When this slot is written for any reason, the most significant four bits of byte 0 of block 0 will be set to 0xA to invalidate the slot. The Verify command can be used to write those bits to 0x05 to validate the slot. If this slot contains a key of type Data or AES, then the ‘pub_info’ bit controls whether or not the KDF command write data into this slot. If true, then writes by KDF are allowed. If false, KDF may not write to this slot.
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for SlotConfig
impl Send for SlotConfig
impl Sync for SlotConfig
impl Unpin for SlotConfig
impl UnwindSafe for SlotConfig
Blanket Implementations
Mutably borrows from an owned value. Read more