rust_cryptoauthlib

Trait AteccDeviceTrait

Source 
pub trait AteccDeviceTrait {

Show 39 methods    // Required methods
    fn random(&self, rand_out: &mut Vec<u8>) -> AtcaStatus;
    fn sha(&self, message: Vec<u8>, digest: &mut Vec<u8>) -> AtcaStatus;
    fn nonce(&self, target: NonceTarget, data: &[u8]) -> AtcaStatus;
    fn nonce_rand(
        &self,
        host_nonce: &[u8],
        rand_out: &mut Vec<u8>,
    ) -> AtcaStatus;
    fn gen_key(&self, key_type: KeyType, slot_id: u8) -> AtcaStatus;
    fn import_key(
        &self,
        key_type: KeyType,
        key_data: &[u8],
        slot_id: u8,
    ) -> AtcaStatus;
    fn export_key(
        &self,
        key_type: KeyType,
        key_data: &mut Vec<u8>,
        slot_id: u8,
    ) -> AtcaStatus;
    fn get_public_key(
        &self,
        slot_id: u8,
        public_key: &mut Vec<u8>,
    ) -> AtcaStatus;
    fn sign_hash(
        &self,
        mode: SignMode,
        slot_id: u8,
        signature: &mut Vec<u8>,
    ) -> AtcaStatus;
    fn verify_hash(
        &self,
        mode: VerifyMode,
        hash: &[u8],
        signature: &[u8],
    ) -> Result<bool, AtcaStatus>;
    fn cipher_encrypt(
        &self,
        algorithm: CipherAlgorithm,
        slot_id: u8,
        data: &mut Vec<u8>,
    ) -> AtcaStatus;
    fn cipher_decrypt(
        &self,
        algorithm: CipherAlgorithm,
        slot_id: u8,
        data: &mut Vec<u8>,
    ) -> AtcaStatus;
    fn aead_encrypt(
        &self,
        algorithm: AeadAlgorithm,
        slot_id: u8,
        data: &mut Vec<u8>,
    ) -> Result<Vec<u8>, AtcaStatus>;
    fn aead_decrypt(
        &self,
        algorithm: AeadAlgorithm,
        slot_id: u8,
        data: &mut Vec<u8>,
    ) -> Result<bool, AtcaStatus>;
    fn mac_compute(
        &self,
        algorithm: MacAlgorithm,
        slot_id: u8,
        data: &[u8],
    ) -> Result<Vec<u8>, AtcaStatus>;
    fn mac_verify(
        &self,
        algorithm: MacAlgorithm,
        slot_id: u8,
        data: &[u8],
    ) -> Result<bool, AtcaStatus>;
    fn kdf(
        &self,
        algorithm: KdfAlgorithm,
        parameters: KdfParams,
        message: Option<&[u8]>,
        message_length: usize,
    ) -> Result<KdfResult, AtcaStatus>;
    fn ecdh(
        &self,
        parameters: EcdhParams,
        peer_public_key: &[u8],
    ) -> Result<EcdhResult, AtcaStatus>;
    fn lock_config_zone(&self) -> AtcaStatus;
    fn lock_data_zone(&self) -> AtcaStatus;
    fn lock_slot(&self, slot_id: u8) -> AtcaStatus;
    fn load_config_into_chip(&self, config: &[u8]) -> AtcaStatus;
    fn get_device_type(&self) -> AtcaDeviceType;
    fn is_configuration_locked(&self) -> bool;
    fn is_data_zone_locked(&self) -> bool;
    fn get_config(&self, atca_slots: &mut Vec<AtcaSlot>) -> AtcaStatus;
    fn info_cmd(&self, _command: InfoCmdType) -> Result<Vec<u8>, AtcaStatus>;
    fn add_access_key(&self, slot_id: u8, encryption_key: &[u8]) -> AtcaStatus;
    fn flush_access_keys(&self) -> AtcaStatus;
    fn get_serial_number(&self) -> [u8; 9];
    fn is_aes_enabled(&self) -> bool;
    fn is_kdf_aes_enabled(&self) -> bool;
    fn is_kdf_iv_enabled(&self) -> bool;
    fn is_io_protection_key_enabled(&self) -> bool;
    fn get_ecdh_output_protection_state(&self) -> OutputProtectionState;
    fn get_kdf_output_protection_state(&self) -> OutputProtectionState;
    fn wakeup(&self) -> AtcaStatus;
    fn sleep(&self) -> AtcaStatus;
    fn release(&self) -> AtcaStatus;

}

Required Methods§

Source

fn random(&self, rand_out: &mut Vec<u8>) -> AtcaStatus

Request ATECC to generate a vector of random bytes

Source

fn sha(&self, message: Vec<u8>, digest: &mut Vec<u8>) -> AtcaStatus

Request ATECC to compute a message hash (SHA256)

Source

fn nonce(&self, target: NonceTarget, data: &[u8]) -> AtcaStatus

Execute a Nonce command in pass-through mode to load one of the device’s internal buffers with a fixed value. For the ATECC608A, available targets are TempKey (32 or 64 bytes), Message Digest Buffer (32 or 64 bytes), or the Alternate Key Buffer (32 bytes). For all other devices, only TempKey (32 bytes) is available.

Source

fn nonce_rand(&self, host_nonce: &[u8], rand_out: &mut Vec<u8>) -> AtcaStatus

Execute a Nonce command to generate a random nonce combining a host nonce and a device random number.

Source

fn gen_key(&self, key_type: KeyType, slot_id: u8) -> AtcaStatus

Request ATECC to generate a cryptographic key

Source

fn import_key( &self, key_type: KeyType, key_data: &[u8], slot_id: u8, ) -> AtcaStatus

Request ATECC to import a cryptographic key

Source

fn export_key( &self, key_type: KeyType, key_data: &mut Vec<u8>, slot_id: u8, ) -> AtcaStatus

Request ATECC to export a cryptographic key. For cryptographic security reasons, with KeyType = P256EccKey this function exports only public key

Source

fn get_public_key(&self, slot_id: u8, public_key: &mut Vec<u8>) -> AtcaStatus

Depending on the socket configuration, this function calculates public key based on an existing private key in the socket or exports the public key directly

Source

fn sign_hash( &self, mode: SignMode, slot_id: u8, signature: &mut Vec<u8>, ) -> AtcaStatus

Request ATECC to generate an ECDSA signature

Source

fn verify_hash( &self, mode: VerifyMode, hash: &[u8], signature: &[u8], ) -> Result<bool, AtcaStatus>

Request ATECC to verify ECDSA signature

Source

fn cipher_encrypt( &self, algorithm: CipherAlgorithm, slot_id: u8, data: &mut Vec<u8>, ) -> AtcaStatus

Data encryption function in AES unauthenticated cipher alhorithms modes

Source

fn cipher_decrypt( &self, algorithm: CipherAlgorithm, slot_id: u8, data: &mut Vec<u8>, ) -> AtcaStatus

Data decryption function in AES unauthenticated cipher alhorithms modes

Source

fn aead_encrypt( &self, algorithm: AeadAlgorithm, slot_id: u8, data: &mut Vec<u8>, ) -> Result<Vec<u8>, AtcaStatus>

Data encryption function in AES AEAD (authenticated encryption with associated data) modes

Source

fn aead_decrypt( &self, algorithm: AeadAlgorithm, slot_id: u8, data: &mut Vec<u8>, ) -> Result<bool, AtcaStatus>

Data decryption function in AES AEAD (authenticated encryption with associated data) modes

Source

fn mac_compute( &self, algorithm: MacAlgorithm, slot_id: u8, data: &[u8], ) -> Result<Vec<u8>, AtcaStatus>

A function that calculates the MAC (Message Authentication Code) value for a message

Source

fn mac_verify( &self, algorithm: MacAlgorithm, slot_id: u8, data: &[u8], ) -> Result<bool, AtcaStatus>

A function that verifies the value of MAC (Message Authentication Code) for a message

Source

fn kdf( &self, algorithm: KdfAlgorithm, parameters: KdfParams, message: Option<&[u8]>, message_length: usize, ) -> Result<KdfResult, AtcaStatus>

KDF command function, which derives a new key in PRF, AES, or HKDF modes. According to RFC-5869, the HKDF mode consists of two steps, extract and expand. The “HMAC-Hash” base operation is implemented in the ATECC608x chip, so to perform full HKDF operation, proceed as described in chapter 2 of RFC-5869, first calculate PRK = HMAC-Hash(salt, IKM) and then use obtained PRK to obtain the resulting OKM, again using the same “HMAC-Hash” function, i.e. this “fn kdf”, according to the algorithm from section 2.3 of RFC-5869.

Source

fn ecdh( &self, parameters: EcdhParams, peer_public_key: &[u8], ) -> Result<EcdhResult, AtcaStatus>

Function for generating premaster secret key using ECDH

Source

fn lock_config_zone(&self) -> AtcaStatus

Execute this command prevents future modifications of the Configuration zone. This command fails if the designated area is already locked.

Source

fn lock_data_zone(&self) -> AtcaStatus

Execute this command prevents future modifications of the Data and OTP zones. This command fails if the designated area is already locked.

Source

fn lock_slot(&self, slot_id: u8) -> AtcaStatus

Lock an individual slot in the data zone on an ATECC device. Not available for ATSHA devices. Slot must be configured to be slot lockable slots[slot_idx].config.lockable = true. This command fails if the designated area is already locked.

Source

fn load_config_into_chip(&self, config: &[u8]) -> AtcaStatus

Function for uploading configuration to the chip. First 16 bytes of data are skipped as they are not writable. LockValue and LockConfig are also skipped and can only be changed via the Lock command. This command may fail if UserExtra and/or Selector bytes have already been set to non-zero values.

Source

fn get_device_type(&self) -> AtcaDeviceType

Request ATECC to return own device type

Source

fn is_configuration_locked(&self) -> bool

Request ATECC to check if its configuration is locked. If true, a chip can be used for cryptographic operations

Source

fn is_data_zone_locked(&self) -> bool

Request ATECC to check if its Data Zone is locked. If true, a chip can be used for cryptographic operations

Source

fn get_config(&self, atca_slots: &mut Vec<AtcaSlot>) -> AtcaStatus

Returns a structure containing configuration data read from ATECC during initialization of the AteccDevice object.

Source

fn info_cmd(&self, _command: InfoCmdType) -> Result<Vec<u8>, AtcaStatus>

Command accesses some static or dynamic information from the ATECC chip

Source

fn add_access_key(&self, slot_id: u8, encryption_key: &[u8]) -> AtcaStatus

A function that adds an encryption key for securely reading or writing data that is located in a specific slot on the ATECCx08 chip. Data is not written to the ATECCx08 chip, but to the AteccDevice structure

Source

fn flush_access_keys(&self) -> AtcaStatus

A function that deletes all encryption keys for secure read or write operations performed by the ATECCx08 chip

Source

fn get_serial_number(&self) -> [u8; 9]

Get serial number of the ATECC device

Source

fn is_aes_enabled(&self) -> bool

Checks if the chip supports AES encryption. (only relevant for the ATECC608x chip)

Source

fn is_kdf_aes_enabled(&self) -> bool

Checks if the chip supports AES for KDF operations (only relevant for the ATECC608x chip)

Source

fn is_kdf_iv_enabled(&self) -> bool

Checks if the special KDF Initialization Vector function is enabled (only relevant for the ATECC608x chip)

Source

fn is_io_protection_key_enabled(&self) -> bool

Checks whether transmission between chip and host is to be encrypted (IO encryption is only possible for ATECC608x chip)

Source

fn get_ecdh_output_protection_state(&self) -> OutputProtectionState

Function that reads the read security settings of the ECDH function from chip (only relevant for the ATECC608x chip)

Source

fn get_kdf_output_protection_state(&self) -> OutputProtectionState

Function that reads the read security settings of the KDF function from chip (only relevant for the ATECC608x chip)

Source

fn wakeup(&self) -> AtcaStatus

wakeup the CryptoAuth device

Source

fn sleep(&self) -> AtcaStatus

invoke sleep on the CryptoAuth device

Source

fn release(&self) -> AtcaStatus

ATECC device instance destructor

Implementors§