Trait rust_cryptoauthlib::AteccDeviceTrait

source · []
pub trait AteccDeviceTrait {

Show 39 methods    fn random(&self, rand_out: &mut Vec<u8>) -> AtcaStatus;

    fn sha(&self, message: Vec<u8>, digest: &mut Vec<u8>) -> AtcaStatus;

    fn nonce(&self, target: NonceTarget, data: &[u8]) -> AtcaStatus;

    fn nonce_rand(
        &self, 
        host_nonce: &[u8], 
        rand_out: &mut Vec<u8>
    ) -> AtcaStatus;

    fn gen_key(&self, key_type: KeyType, slot_id: u8) -> AtcaStatus;

    fn import_key(
        &self, 
        key_type: KeyType, 
        key_data: &[u8], 
        slot_id: u8
    ) -> AtcaStatus;

    fn export_key(
        &self, 
        key_type: KeyType, 
        key_data: &mut Vec<u8>, 
        slot_id: u8
    ) -> AtcaStatus;

    fn get_public_key(
        &self, 
        slot_id: u8, 
        public_key: &mut Vec<u8>
    ) -> AtcaStatus;

    fn sign_hash(
        &self, 
        mode: SignMode, 
        slot_id: u8, 
        signature: &mut Vec<u8>
    ) -> AtcaStatus;

    fn verify_hash(
        &self, 
        mode: VerifyMode, 
        hash: &[u8], 
        signature: &[u8]
    ) -> Result<bool, AtcaStatus>;

    fn cipher_encrypt(
        &self, 
        algorithm: CipherAlgorithm, 
        slot_id: u8, 
        data: &mut Vec<u8>
    ) -> AtcaStatus;

    fn cipher_decrypt(
        &self, 
        algorithm: CipherAlgorithm, 
        slot_id: u8, 
        data: &mut Vec<u8>
    ) -> AtcaStatus;

    fn aead_encrypt(
        &self, 
        algorithm: AeadAlgorithm, 
        slot_id: u8, 
        data: &mut Vec<u8>
    ) -> Result<Vec<u8>, AtcaStatus>;

    fn aead_decrypt(
        &self, 
        algorithm: AeadAlgorithm, 
        slot_id: u8, 
        data: &mut Vec<u8>
    ) -> Result<bool, AtcaStatus>;

    fn mac_compute(
        &self, 
        algorithm: MacAlgorithm, 
        slot_id: u8, 
        data: &[u8]
    ) -> Result<Vec<u8>, AtcaStatus>;

    fn mac_verify(
        &self, 
        algorithm: MacAlgorithm, 
        slot_id: u8, 
        data: &[u8]
    ) -> Result<bool, AtcaStatus>;

    fn kdf(
        &self, 
        algorithm: KdfAlgorithm, 
        parameters: KdfParams, 
        message: Option<&[u8]>, 
        message_length: usize
    ) -> Result<KdfResult, AtcaStatus>;

    fn ecdh(
        &self, 
        parameters: EcdhParams, 
        peer_public_key: &[u8]
    ) -> Result<EcdhResult, AtcaStatus>;

    fn lock_config_zone(&self) -> AtcaStatus;

    fn lock_data_zone(&self) -> AtcaStatus;

    fn lock_slot(&self, slot_id: u8) -> AtcaStatus;

    fn load_config_into_chip(&self, config: &[u8]) -> AtcaStatus;

    fn get_device_type(&self) -> AtcaDeviceType;

    fn is_configuration_locked(&self) -> bool;

    fn is_data_zone_locked(&self) -> bool;

    fn get_config(&self, atca_slots: &mut Vec<AtcaSlot>) -> AtcaStatus;

    fn info_cmd(&self, _command: InfoCmdType) -> Result<Vec<u8>, AtcaStatus>;

    fn add_access_key(&self, slot_id: u8, encryption_key: &[u8]) -> AtcaStatus;

    fn flush_access_keys(&self) -> AtcaStatus;

    fn get_serial_number(&self) -> [u8; 9];

    fn is_aes_enabled(&self) -> bool;

    fn is_kdf_aes_enabled(&self) -> bool;

    fn is_kdf_iv_enabled(&self) -> bool;

    fn is_io_protection_key_enabled(&self) -> bool;

    fn get_ecdh_output_protection_state(&self) -> OutputProtectionState;

    fn get_kdf_output_protection_state(&self) -> OutputProtectionState;

    fn wakeup(&self) -> AtcaStatus;

    fn sleep(&self) -> AtcaStatus;

    fn release(&self) -> AtcaStatus;

}

Required methods

Request ATECC to generate a vector of random bytes

Request ATECC to compute a message hash (SHA256)

Execute a Nonce command in pass-through mode to load one of the device’s internal buffers with a fixed value. For the ATECC608A, available targets are TempKey (32 or 64 bytes), Message Digest Buffer (32 or 64 bytes), or the Alternate Key Buffer (32 bytes). For all other devices, only TempKey (32 bytes) is available.

Execute a Nonce command to generate a random nonce combining a host nonce and a device random number.

Request ATECC to generate a cryptographic key

Request ATECC to import a cryptographic key

Request ATECC to export a cryptographic key. For cryptographic security reasons, with KeyType = P256EccKey this function exports only public key

Depending on the socket configuration, this function calculates public key based on an existing private key in the socket or exports the public key directly

Request ATECC to generate an ECDSA signature

Request ATECC to verify ECDSA signature

Data encryption function in AES unauthenticated cipher alhorithms modes

Data decryption function in AES unauthenticated cipher alhorithms modes

Data encryption function in AES AEAD (authenticated encryption with associated data) modes

Data decryption function in AES AEAD (authenticated encryption with associated data) modes

A function that calculates the MAC (Message Authentication Code) value for a message

A function that verifies the value of MAC (Message Authentication Code) for a message

KDF command function, which derives a new key in PRF, AES, or HKDF modes. According to RFC-5869, the HKDF mode consists of two steps, extract and expand. The “HMAC-Hash” base operation is implemented in the ATECC608x chip, so to perform full HKDF operation, proceed as described in chapter 2 of RFC-5869, first calculate PRK = HMAC-Hash(salt, IKM) and then use obtained PRK to obtain the resulting OKM, again using the same “HMAC-Hash” function, i.e. this “fn kdf”, according to the algorithm from section 2.3 of RFC-5869.

Function for generating premaster secret key using ECDH

Execute this command prevents future modifications of the Configuration zone. This command fails if the designated area is already locked.

Execute this command prevents future modifications of the Data and OTP zones. This command fails if the designated area is already locked.

Lock an individual slot in the data zone on an ATECC device. Not available for ATSHA devices. Slot must be configured to be slot lockable slots[slot_idx].config.lockable = true. This command fails if the designated area is already locked.

Function for uploading configuration to the chip. First 16 bytes of data are skipped as they are not writable. LockValue and LockConfig are also skipped and can only be changed via the Lock command. This command may fail if UserExtra and/or Selector bytes have already been set to non-zero values.

Request ATECC to return own device type

Request ATECC to check if its configuration is locked. If true, a chip can be used for cryptographic operations

Request ATECC to check if its Data Zone is locked. If true, a chip can be used for cryptographic operations

Returns a structure containing configuration data read from ATECC during initialization of the AteccDevice object.

Command accesses some static or dynamic information from the ATECC chip

A function that adds an encryption key for securely reading or writing data that is located in a specific slot on the ATECCx08 chip. Data is not written to the ATECCx08 chip, but to the AteccDevice structure

A function that deletes all encryption keys for secure read or write operations performed by the ATECCx08 chip

Get serial number of the ATECC device

Checks if the chip supports AES encryption. (only relevant for the ATECC608x chip)

Checks if the chip supports AES for KDF operations (only relevant for the ATECC608x chip)

Checks if the special KDF Initialization Vector function is enabled (only relevant for the ATECC608x chip)

Checks whether transmission between chip and host is to be encrypted (IO encryption is only possible for ATECC608x chip)

Function that reads the read security settings of the ECDH function from chip (only relevant for the ATECC608x chip)

Function that reads the read security settings of the KDF function from chip (only relevant for the ATECC608x chip)

wakeup the CryptoAuth device

invoke sleep on the CryptoAuth device

ATECC device instance destructor

Implementors