54 #define ATCA_MSG_SIZE_NONCE (55) 61 #define ATCA_MSG_SIZE_MAC (88) 62 #define ATCA_MSG_SIZE_HMAC (88) 65 #define ATCA_MSG_SIZE_GEN_DIG (96) 69 #define ATCA_MSG_SIZE_DERIVE_KEY (96) 73 #define ATCA_MSG_SIZE_DERIVE_KEY_MAC (39) 76 #define ATCA_MSG_SIZE_ENCRYPT_MAC (96) 79 #define ATCA_MSG_SIZE_PRIVWRITE_MAC (96) 81 #define ATCA_COMMAND_HEADER_SIZE ( 4) 82 #define ATCA_GENDIG_ZEROS_SIZE (25) 83 #define ATCA_WRITE_MAC_ZEROS_SIZE (25) 84 #define ATCA_PRIVWRITE_MAC_ZEROS_SIZE (21) 85 #define ATCA_PRIVWRITE_PLAIN_TEXT_SIZE (36) 86 #define ATCA_DERIVE_KEY_ZEROS_SIZE (25) 87 #define HMAC_BLOCK_SIZE (64) 88 #define ENCRYPTION_KEY_SIZE (64) 94 #define ATCA_SN_0_DEF (0x01) 95 #define ATCA_SN_1_DEF (0x23) 96 #define ATCA_SN_8_DEF (0xEE) 102 #define MAC_MODE_USE_TEMPKEY_MASK ((uint8_t)0x03) const struct atca_temp_key * temp_key
[in] The current state of TempKey.
Definition: atca_host.h:406
ATCA_STATUS atcah_gen_mac(struct atca_gen_dig_in_out *param)
This function generates mac with session key with a plain text.
Definition: atca_host.c:796
uint16_t curve_type
[in] Curve type used in Verify command (Param2).
Definition: atca_host.h:370
const uint8_t * io_key
IO protection key value (32 bytes)
Definition: atca_host.h:186
Input/output parameters for calculating the PubKey digest put into TempKey by the GenKey command with...
Definition: atca_host.h:380
uint8_t * target_key
Derived key will be returned here (32 bytes).
Definition: atca_host.h:306
ATCA_STATUS atcah_mac(struct atca_mac_in_out *param)
This function generates an SHA-256 digest (MAC) of a key, challenge, and other information.
Definition: atca_host.c:400
Input/output parameters for function atca_decrypt().
Definition: atca_host.h:331
struct atca_temp_key * temp_key
[in,out] As input the current state of TempKey. As output, the resulting PubKEy digest.
Definition: atca_host.h:388
uint8_t mode
Mode (param 1) of the derive key command.
Definition: atca_host.h:316
uint16_t key_id
[in] GenKey KeyID
Definition: atca_host.h:383
const uint8_t * public_key
[in] Pointer to the public key to be used for verification
Definition: atca_host.h:372
uint16_t key_id
[in] KeyId/Param2 for the GenDig command
Definition: atca_host.h:275
uint16_t key_id
KeyID/Param2 for the Write or PrivWrite command.
Definition: atca_host.h:289
struct atca_gen_dig_in_out atca_gen_dig_in_out_t
Input/output parameters for function atcah_gen_dig().
const uint8_t * challenge
[in] Pointer to 32-byte Challenge data used in MAC command, depending on mode.
Definition: atca_host.h:231
uint8_t * mac
MAC is returned here.
Definition: atca_host.h:202
uint16_t secure_boot_config
SecureBootConfig value from configuration zone.
Definition: atca_host.h:198
struct atca_io_decrypt_in_out atca_io_decrypt_in_out_t
struct atca_verify_in_out atca_verify_in_out_t
uint8_t * digest
[out] SHA256 digest of the full 55 byte message. Can be NULL if not required.
Definition: atca_host.h:409
const uint8_t * target_key
Definition: atca_host.h:352
uint8_t * crypto_data
[in,out] Pointer to 32-byte data. Input encrypted data from Read command (Contents field)...
Definition: atca_host.h:333
const uint8_t * signature
Signature used in Verify command (64 bytes).
Definition: atca_host.h:174
ATCA_STATUS atcah_io_decrypt(struct atca_io_decrypt_in_out *param)
Decrypt data that's been encrypted by the IO protection key. The ECDH and KDF commands on the ATECC60...
Definition: atca_host.c:186
uint16_t key_id
KeyID (Param2) used in Verify command.
Definition: atca_host.h:173
struct atca_temp_key * temp_key
[in,out] Pointer to TempKey structure.
Definition: atca_host.h:158
const uint8_t * sn
[in] Device serial number SN[0:8] (9 bytes). Only SN[0:1] and SN[8] are required though.
Definition: atca_host.h:387
struct atca_nonce_in_out atca_nonce_in_out_t
bool is_key_nomac
[in] Set to true if the slot pointed to be key_id has the SotConfig.NoMac bit set ...
Definition: atca_host.h:276
ATCA_STATUS
Definition: atca_status.h:41
struct atca_gen_key_in_out atca_gen_key_in_out_t
Input/output parameters for calculating the PubKey digest put into TempKey by the GenKey command with...
const uint8_t * parent_key
Parent key to be used in the derive key calculation (32 bytes).
Definition: atca_host.h:305
const uint8_t * sn
[in] pointer to serial number data
Definition: atca_host.h:134
const uint8_t * digest
Plaintext digest as input.
Definition: atca_host.h:188
const uint8_t * signature
[in] Pointer to ECDSA signature to be verified
Definition: atca_host.h:371
ATCA_STATUS atcah_decrypt(struct atca_decrypt_in_out *param)
This function decrypts 32-byte encrypted data received with the Read command.
Definition: atca_host.c:1182
const uint8_t * sn
Device serial number SN[0:8]. Only SN[0:1] and SN[8] are required though.
Definition: atca_host.h:304
unsigned gen_dig_data
TempKey was derived from the GenDig command.
Definition: atca_host.h:113
uint8_t zone
Zone/Param1 for the Write or PrivWrite command.
Definition: atca_host.h:288
uint8_t * verify_other_data
[out] The 19 byte OtherData bytes to be used with the Verify(In/Validate) command. Can be NULL if not required.
Definition: atca_host.h:408
Structure to hold TempKey fields.
Definition: atca_host.h:108
unsigned key_id
If TempKey was derived from a slot or transport key (GenDig or GenKey), that key ID is saved here...
Definition: atca_host.h:111
const uint8_t * other_data
[in] 3 bytes required when bit 4 of the mode is set. Can be NULL otherwise.
Definition: atca_host.h:386
const uint8_t * sn
[in] Device serial number SN[0:8]. Only SN[0:1] and SN[8] are required though.
Definition: atca_host.h:344
bool is_slot_locked
[in] Is TempKeyFlags.keyId slot locked.
Definition: atca_host.h:403
uint8_t * data
As input, encrypted data. As output, decrypted data.
Definition: atca_host.h:166
struct atca_check_mac_in_out atca_check_mac_in_out_t
Input/output parameters for function atcah_check_mac().
Definition: atca_host.h:184
uint8_t * atcah_include_data(struct atca_include_data_in_out *param)
This function copies otp and sn data into a command buffer.
Definition: atca_host.c:37
const uint8_t * msg_dig_buf
Message digest buffer (64 bytes).
Definition: atca_host.h:176
const uint8_t * other_data
[in] 32-byte value for shared nonce zone, 4-byte value if is_key_nomac is true, ignored and/or NULL o...
Definition: atca_host.h:279
ATCA_STATUS atcah_secureboot_enc(atca_secureboot_enc_in_out_t *param)
Encrypts the digest for the SecureBoot command when using the encrypted digest / validating mac optio...
Definition: atca_host.c:314
ATCA_STATUS atcah_hmac(struct atca_hmac_in_out *param)
This function generates an HMAC / SHA-256 hash of a key and other information.
Definition: atca_host.c:585
struct atca_secureboot_mac_in_out atca_secureboot_mac_in_out_t
size_t public_key_size
[in] Total number of bytes in the public key. 64 bytes for P256 curve.
Definition: atca_host.h:385
uint16_t slot_config
[in] SlotConfig[TempKeyFlags.keyId]
Definition: atca_host.h:399
const uint8_t * sn
[in] Device serial number SN[0:8]. Only SN[0:1] and SN[8] are required though.
Definition: atca_host.h:277
Single aggregation point for all CryptoAuthLib header files.
struct atca_mac_in_out atca_mac_in_out_t
unsigned gen_key_data
TempKey was derived from the GenKey command (ATECC devices only).
Definition: atca_host.h:114
struct atca_temp_key * temp_key
[in,out] Current state of TempKey. Required if mode[0] or mode[1] are 1.
Definition: atca_host.h:353
const uint8_t * key
[in] Pointer to 32-byte key used to generate MAC digest.
Definition: atca_host.h:232
uint8_t mode
[in] CheckMac command Mode
Definition: atca_host.h:342
struct atca_secureboot_enc_in_out atca_secureboot_enc_in_out_t
uint16_t target_key_id
Key ID (param 2) of the target slot to run the command on.
Definition: atca_host.h:303
const uint8_t * stored_value
[in] 32-byte slot value, config block, OTP block as specified by the Zone/KeyId parameters ...
Definition: atca_host.h:278
const uint8_t * client_chal
[in] ClientChal data, 32 bytes. Can be NULL if mode[0] is 1.
Definition: atca_host.h:345
Input/output parameters for function atcah_write_auth_mac() and atcah_privwrite_auth_mac().
Definition: atca_host.h:286
const struct atca_temp_key * temp_key
Current value of TempKey.
Definition: atca_host.h:187
const uint8_t * out_nonce
OutNonce returned from command (32 bytes).
Definition: atca_host.h:165
const uint8_t * other_data
OtherData used in Verify command (19 bytes).
Definition: atca_host.h:175
struct atca_verify_mac atca_verify_mac_in_out_t
ATCA_STATUS atcah_sign_internal_msg(ATCADeviceType device_type, struct atca_sign_internal_in_out *param)
Builds the full message that would be signed by the Sign(Internal) command.
Definition: atca_host.c:1360
const uint8_t * sn
Serial number (9 bytes).
Definition: atca_host.h:178
ATCADeviceType
The supported Device type in Cryptoauthlib library.
Definition: atca_devtypes.h:41
uint8_t * mac
Calculated verification MAC is returned here (32 bytes).
Definition: atca_host.h:180
uint8_t zone
[in] Zone/Param1 for the GenDig command
Definition: atca_host.h:274
unsigned no_mac_flag
TempKey was derived from a key that has the NoMac bit set preventing the use of the MAC command...
Definition: atca_host.h:115
struct atca_temp_key * temp_key
Current state of TempKey.
Definition: atca_host.h:294
const uint8_t * parent_key
Parent key to be used in the derive key calculation (32 bytes).
Definition: atca_host.h:319
uint8_t mode
[in] GenKey Mode
Definition: atca_host.h:382
ATCA_STATUS atcah_derive_key(struct atca_derive_key_in_out *param)
This function derives a key with a key and TempKey.
Definition: atca_host.c:1048
Input/output parameters for function atca_nonce().
Definition: atca_host.h:152
ATCA_STATUS atcah_gen_dig(struct atca_gen_dig_in_out *param)
This function combines the current TempKey with a stored value.
Definition: atca_host.c:696
const uint8_t * io_key
IO protection key value (32 bytes).
Definition: atca_host.h:177
Input/output parameters for function atcah_verify().
Definition: atca_host.h:368
uint8_t * response
[out] Pointer to 32-byte SHA-256 digest (MAC).
Definition: atca_host.h:235
ATCA_STATUS atcah_verify_mac(atca_verify_mac_in_out_t *param)
Calculate the expected MAC on the host side for the Verify command.
Definition: atca_host.c:227
const uint8_t * digest
Digest (unencrypted)
Definition: atca_host.h:200
bool for_invalidate
[in] Set to true if this will be used for the Verify(Invalidate) command.
Definition: atca_host.h:404
uint8_t * digest_enc
Encrypted (ciphertext) digest is return here (32 bytes)
Definition: atca_host.h:190
uint8_t value[ATCA_KEY_SIZE *2]
Value of TempKey (64 bytes for ATECC608A only)
Definition: atca_host.h:110
const uint8_t * sn
Device serial number SN[0:8]. Only SN[0:1] and SN[8] are required though.
Definition: atca_host.h:290
uint8_t * client_resp
[out] Calculated ClientResp will be returned here.
Definition: atca_host.h:346
uint8_t mode
Mode (Param1) parameter used in Verify command.
Definition: atca_host.h:172
uint16_t key_id
[in] KeyID parameter used in MAC command (Param2).
Definition: atca_host.h:230
Input/output parameters for function atca_mac().
Definition: atca_host.h:227
uint8_t mode
Mode (param 1) of the derive key command.
Definition: atca_host.h:302
uint16_t key_id
[in] Sign KeyID
Definition: atca_host.h:398
ATCA_STATUS atcah_encode_counter_match(uint32_t counter, uint8_t *counter_match)
Builds the counter match value that needs to be stored in a slot.
Definition: atca_host.c:1447
uint8_t * p_temp
[out] pointer to output buffer
Definition: atca_host.h:132
Definition: atca_host.h:170
const uint8_t * signature
Signature (can be NULL if not required)
Definition: atca_host.h:201
uint8_t use_flag
[in] UseFlag[TempKeyFlags.keyId], 0x00 for slots 8 and above and for ATECC508A
Definition: atca_host.h:401
uint8_t * hashed_key
Calculated key is returned here (32 bytes)
Definition: atca_host.h:189
const uint8_t * other_data
[in] OtherData, 13 bytes
Definition: atca_host.h:347
const uint8_t * rand_out
[in] Pointer to 32-byte RandOut data from Nonce command.
Definition: atca_host.h:157
ATCA_STATUS atcah_write_auth_mac(struct atca_write_mac_in_out *param)
This function calculates the input MAC for the Write command.
Definition: atca_host.c:876
#define ATCA_KEY_SIZE
size of a symmetric SHA key
Definition: atca_command.h:241
Input / output parameters for function atca_include_data().
Definition: atca_host.h:130
ATCA_STATUS atcah_nonce(struct atca_nonce_in_out *param)
This function calculates host side nonce with the parameters passed.
Definition: atca_host.c:96
uint8_t is_64
TempKey has 64 bytes of valid data.
Definition: atca_host.h:117
uint16_t key_config
[in] KeyConfig[TempKeyFlags.keyId]
Definition: atca_host.h:400
const uint8_t * num_in
[in] Pointer to 20-byte NumIn data used in Nonce command.
Definition: atca_host.h:156
ATCA_STATUS atcah_sha256(int32_t len, const uint8_t *message, uint8_t *digest)
This function creates a SHA256 digest on a little-endian system.
Definition: atca_host.c:1230
uint16_t zero
[in] Zero parameter used in Nonce command (Param2).
Definition: atca_host.h:155
struct atca_write_mac_in_out atca_write_mac_in_out_t
Input/output parameters for function atcah_write_auth_mac() and atcah_privwrite_auth_mac().
struct atca_temp_key * temp_key
[inout] Current state of TempKey
Definition: atca_host.h:280
const uint8_t * hashed_key
Hashed key. SHA256(IO Protection Key | TempKey)
Definition: atca_host.h:199
const uint8_t * slot_key
Definition: atca_host.h:349
struct atca_sign_internal_in_out atca_sign_internal_in_out_t
Input/output parameters for calculating the message and digest used by the Sign(internal) command...
const uint8_t * otp
[in] pointer to one-time-programming data
Definition: atca_host.h:133
Input/output parameters for function atcah_derive_key_mac().
Definition: atca_host.h:314
uint8_t mode
SecureBoot mode (param1)
Definition: atca_host.h:196
struct atca_temp_key atca_temp_key_t
Structure to hold TempKey fields.
ATCA_STATUS atcah_secureboot_mac(atca_secureboot_mac_in_out_t *param)
Calculates the expected MAC returned from the SecureBoot command when verification is a success...
Definition: atca_host.c:350
Input/output parameters for function atcah_gen_dig().
Definition: atca_host.h:272
ATCA_STATUS atcah_check_mac(struct atca_check_mac_in_out *param)
This function performs the checkmac operation to generate client response on the host side ...
Definition: atca_host.c:481
const uint8_t * sn
[in] Device serial number SN[0:8] (9 bytes)
Definition: atca_host.h:405
Definition: atca_host.h:194
ATCA_STATUS atcah_gen_key_msg(struct atca_gen_key_in_out *param)
Calculate the PubKey digest created by GenKey and saved to TempKey.
Definition: atca_host.c:1242
unsigned source_flag
Indicates id TempKey started from a random nonce (0) or not (1).
Definition: atca_host.h:112
uint8_t mode
[in] Mode parameter used in Nonce command (Param1).
Definition: atca_host.h:154
unsigned valid
TempKey is valid.
Definition: atca_host.h:116
const uint8_t * public_key
[in] Public key to be used in the PubKey digest. X and Y integers in big-endian format. 64 bytes for P256 curve.
Definition: atca_host.h:384
Definition: atca_host.h:162
uint16_t target_key_id
Key ID (param 2) of the target slot to run the command on.
Definition: atca_host.h:317
uint8_t * encrypted_data
Encrypted version of input_data will be returned here. 32 bytes for Write command, 36 bytes for PrivWrite command.
Definition: atca_host.h:292
Input/output parameters for calculating the message and digest used by the Sign(internal) command...
Definition: atca_host.h:395
uint8_t mode
Definition: atca_host.h:135
ATCA_STATUS atcah_derive_key_mac(struct atca_derive_key_mac_in_out *param)
This function calculates the input MAC for a DeriveKey command.
Definition: atca_host.c:1123
const uint8_t * otp
[in] First 8 bytes of the OTP zone data. Can be NULL is mode[5] is 0.
Definition: atca_host.h:348
Input/output parameters for function atcah_check_mac().
Definition: atca_host.h:340
const uint8_t * sn
Device serial number SN[0:8]. Only SN[0:1] and SN[8] are required though.
Definition: atca_host.h:318
Input/output parameters for function atcah_derive_key().
Definition: atca_host.h:300
const atca_temp_key_t * temp_key
TempKey.
Definition: atca_host.h:179
uint8_t * mac
DeriveKey MAC will be returned here.
Definition: atca_host.h:320
uint16_t param2
SecureBoot param2.
Definition: atca_host.h:197
Input/output parameters for function atca_hmac().
Definition: atca_host.h:257
struct atca_temp_key * temp_key
Current state of TempKey.
Definition: atca_host.h:307
ATCA_STATUS atcah_privwrite_auth_mac(struct atca_write_mac_in_out *param)
This function calculates the input MAC for the PrivWrite command.
Definition: atca_host.c:951
ATCA_STATUS atcah_config_to_sign_internal(ATCADeviceType device_type, struct atca_sign_internal_in_out *param, const uint8_t *config)
Populate the slot_config, key_config, and is_slot_locked fields in the atca_sign_internal_in_out stru...
Definition: atca_host.c:1311
uint8_t mode
[in] Sign Mode
Definition: atca_host.h:397
uint8_t update_count
[in] UpdateCount[TempKeyFlags.keyId], 0x00 for slots 8 and above and for ATECC508A ...
Definition: atca_host.h:402
uint8_t * message
[out] Full 55 byte message the Sign(internal) command will build. Can be NULL if not required...
Definition: atca_host.h:407
const uint8_t * io_key
IO protection key (32 bytes).
Definition: atca_host.h:164
uint16_t key_id
[in] CheckMac command KeyID
Definition: atca_host.h:343
uint8_t * auth_mac
Write MAC will be returned here. 32 bytes.
Definition: atca_host.h:293
size_t data_size
Size of data in bytes (32 or 64).
Definition: atca_host.h:167
const uint8_t * input_data
Data to be encrypted. 32 bytes for Write command, 36 bytes for PrivWrite command. ...
Definition: atca_host.h:291