CryptoAuthLib
Microchip CryptoAuthentication Library
atca_basic.h
Go to the documentation of this file.
1 
30 #include "cryptoauthlib.h"
32 
33 #ifndef ATCA_BASIC_H_
34 #define ATCA_BASIC_H_
35 
36 #define TBD void
37 
45 #ifdef __cplusplus
46 extern "C" {
47 #endif
48 
49 #define BLOCK_NUMBER(a) (a / 32)
50 #define WORD_OFFSET(a) ((a % 32) / 4)
51 
52 #define ATCA_AES_GCM_IV_STD_LENGTH 12
53 
54 
55 extern ATCADevice _gDevice;
56 
57 // Basic global methods
58 ATCA_STATUS atcab_version(char *ver_str);
69 ATCA_STATUS atcab_get_addr(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint16_t* addr);
70 ATCA_STATUS atcab_get_zone_size(uint8_t zone, uint16_t slot, size_t* size);
71 
72 // AES command functions
73 ATCA_STATUS atcab_aes(uint8_t mode, uint16_t key_id, const uint8_t* aes_in, uint8_t* aes_out);
74 ATCA_STATUS atcab_aes_encrypt(uint16_t key_id, uint8_t key_block, const uint8_t* plaintext, uint8_t* ciphertext);
75 ATCA_STATUS atcab_aes_decrypt(uint16_t key_id, uint8_t key_block, const uint8_t* ciphertext, uint8_t* plaintext);
76 ATCA_STATUS atcab_aes_gfm(const uint8_t* h, const uint8_t* input, uint8_t* output);
77 
78 typedef struct atca_aes_cbc_ctx
79 {
80  uint16_t key_id;
81  uint8_t key_block;
84 
85 ATCA_STATUS atcab_aes_cbc_init(atca_aes_cbc_ctx_t* ctx, uint16_t key_id, uint8_t key_block, const uint8_t* iv);
86 ATCA_STATUS atcab_aes_cbc_encrypt_block(atca_aes_cbc_ctx_t* ctx, const uint8_t* plaintext, uint8_t* ciphertext);
87 ATCA_STATUS atcab_aes_cbc_decrypt_block(atca_aes_cbc_ctx_t* ctx, const uint8_t* ciphertext, uint8_t* plaintext);
88 
89 typedef struct atca_aes_cmac_ctx
90 {
92  uint32_t block_size;
93  uint8_t block[AES_DATA_SIZE];
95 
96 ATCA_STATUS atcab_aes_cmac_init(atca_aes_cmac_ctx_t* ctx, uint16_t key_id, uint8_t key_block);
97 ATCA_STATUS atcab_aes_cmac_update(atca_aes_cmac_ctx_t* ctx, const uint8_t* data, uint32_t data_size);
98 ATCA_STATUS atcab_aes_cmac_finish(atca_aes_cmac_ctx_t* ctx, uint8_t* cmac, uint32_t cmac_size);
99 
100 typedef struct atca_aes_ctr_ctx
101 {
102  uint16_t key_id;
103  uint8_t key_block;
104  uint8_t cb[AES_DATA_SIZE];
105  uint8_t counter_size;
107 
108 ATCA_STATUS atcab_aes_ctr_init(atca_aes_ctr_ctx_t* ctx, uint16_t key_id, uint8_t key_block, uint8_t counter_size, const uint8_t* iv);
109 ATCA_STATUS atcab_aes_ctr_init_rand(atca_aes_ctr_ctx_t* ctx, uint16_t key_id, uint8_t key_block, uint8_t counter_size, uint8_t* iv);
110 ATCA_STATUS atcab_aes_ctr_block(atca_aes_ctr_ctx_t* ctx, const uint8_t* input, uint8_t* output);
111 ATCA_STATUS atcab_aes_ctr_encrypt_block(atca_aes_ctr_ctx_t* ctx, const uint8_t* plaintext, uint8_t* ciphertext);
112 ATCA_STATUS atcab_aes_ctr_decrypt_block(atca_aes_ctr_ctx_t* ctx, const uint8_t* ciphertext, uint8_t* plaintext);
114 
115 // CheckMAC command functions
116 ATCA_STATUS atcab_checkmac(uint8_t mode, uint16_t key_id, const uint8_t *challenge, const uint8_t *response, const uint8_t *other_data);
117 
118 // Counter command functions
119 ATCA_STATUS atcab_counter(uint8_t mode, uint16_t counter_id, uint32_t* counter_value);
120 ATCA_STATUS atcab_counter_increment(uint16_t counter_id, uint32_t* counter_value);
121 ATCA_STATUS atcab_counter_read(uint16_t counter_id, uint32_t* counter_value);
122 
123 // DeriveKey command functions
124 ATCA_STATUS atcab_derivekey(uint8_t mode, uint16_t key_id, const uint8_t* mac);
125 
126 // ECDH command functions
127 ATCA_STATUS atcab_ecdh_base(uint8_t mode, uint16_t key_id, const uint8_t* public_key, uint8_t* pms, uint8_t* out_nonce);
128 ATCA_STATUS atcab_ecdh(uint16_t key_id, const uint8_t* public_key, uint8_t* pms);
129 ATCA_STATUS atcab_ecdh_enc(uint16_t key_id, const uint8_t* public_key, uint8_t* pms, const uint8_t* read_key, uint16_t read_key_id);
130 ATCA_STATUS atcab_ecdh_ioenc(uint16_t key_id, const uint8_t* public_key, uint8_t* pms, const uint8_t* io_key);
131 ATCA_STATUS atcab_ecdh_tempkey(const uint8_t* public_key, uint8_t* pms);
132 ATCA_STATUS atcab_ecdh_tempkey_ioenc(const uint8_t* public_key, uint8_t* pms, const uint8_t* io_key);
133 
134 // GenDig command functions
135 ATCA_STATUS atcab_gendig(uint8_t zone, uint16_t key_id, const uint8_t *other_data, uint8_t other_data_size);
136 
137 // GenKey command functions
138 ATCA_STATUS atcab_genkey_base(uint8_t mode, uint16_t key_id, const uint8_t* other_data, uint8_t* public_key);
139 ATCA_STATUS atcab_genkey(uint16_t key_id, uint8_t* public_key);
140 ATCA_STATUS atcab_get_pubkey(uint16_t key_id, uint8_t* public_key);
141 
142 // HMAC command functions
143 ATCA_STATUS atcab_hmac(uint8_t mode, uint16_t key_id, uint8_t* digest);
144 
145 // Info command functions
146 ATCA_STATUS atcab_info_base(uint8_t mode, uint16_t param2, uint8_t* out_data);
147 ATCA_STATUS atcab_info(uint8_t* revision);
149 ATCA_STATUS atcab_info_get_latch(bool* state);
150 
151 // KDF command functions
152 ATCA_STATUS atcab_kdf(uint8_t mode, uint16_t key_id, const uint32_t details, const uint8_t* message, uint8_t* out_data, uint8_t* out_nonce);
153 
154 // Lock command functions
155 ATCA_STATUS atcab_lock(uint8_t mode, uint16_t summary_crc);
157 ATCA_STATUS atcab_lock_config_zone_crc(uint16_t summary_crc);
159 ATCA_STATUS atcab_lock_data_zone_crc(uint16_t summary_crc);
160 ATCA_STATUS atcab_lock_data_slot(uint16_t slot);
161 
162 // MAC command functions
163 ATCA_STATUS atcab_mac(uint8_t mode, uint16_t key_id, const uint8_t* challenge, uint8_t* digest);
164 
165 // Nonce command functions
166 ATCA_STATUS atcab_nonce_base(uint8_t mode, uint16_t zero, const uint8_t *num_in, uint8_t* rand_out);
167 ATCA_STATUS atcab_nonce(const uint8_t *num_in);
168 ATCA_STATUS atcab_nonce_load(uint8_t target, const uint8_t *num_in, uint16_t num_in_size);
169 ATCA_STATUS atcab_nonce_rand(const uint8_t *num_in, uint8_t* rand_out);
170 ATCA_STATUS atcab_challenge(const uint8_t *num_in);
171 ATCA_STATUS atcab_challenge_seed_update(const uint8_t *num_in, uint8_t* rand_out);
172 
173 // PrivWrite command functions
174 ATCA_STATUS atcab_priv_write(uint16_t key_id, const uint8_t priv_key[36], uint16_t write_key_id, const uint8_t write_key[32]);
175 
176 // Random command functions
177 ATCA_STATUS atcab_random(uint8_t* rand_out);
178 
179 // Read command functions
180 ATCA_STATUS atcab_read_zone(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint8_t *data, uint8_t len);
181 ATCA_STATUS atcab_is_locked(uint8_t zone, bool *is_locked);
182 ATCA_STATUS atcab_is_slot_locked(uint16_t slot, bool *is_locked);
183 ATCA_STATUS atcab_read_bytes_zone(uint8_t zone, uint16_t slot, size_t offset, uint8_t *data, size_t length);
184 ATCA_STATUS atcab_read_serial_number(uint8_t* serial_number);
185 ATCA_STATUS atcab_read_pubkey(uint16_t slot, uint8_t *public_key);
186 ATCA_STATUS atcab_read_sig(uint16_t slot, uint8_t *sig);
187 ATCA_STATUS atcab_read_config_zone(uint8_t* config_data);
188 ATCA_STATUS atcab_cmp_config_zone(uint8_t* config_data, bool* same_config);
189 ATCA_STATUS atcab_read_enc(uint16_t key_id, uint8_t block, uint8_t *data, const uint8_t* enc_key, const uint16_t enc_key_id);
190 
191 // SecureBoot command functions
192 ATCA_STATUS atcab_secureboot(uint8_t mode, uint16_t param2, const uint8_t* digest, const uint8_t* signature, uint8_t* mac);
193 ATCA_STATUS atcab_secureboot_mac(uint8_t mode, const uint8_t* digest, const uint8_t* signature, const uint8_t* num_in, const uint8_t* io_key, bool* is_verified);
194 
195 // SelfTest command functions
196 ATCA_STATUS atcab_selftest(uint8_t mode, uint16_t param2, uint8_t* result);
197 
198 // SHA command functions
199 typedef struct atca_sha256_ctx
200 {
201  uint32_t total_msg_size;
202  uint32_t block_size;
205 
207 
208 ATCA_STATUS atcab_sha_base(uint8_t mode, uint16_t length, const uint8_t* data_in, uint8_t* data_out, uint16_t* data_out_size);
210 ATCA_STATUS atcab_sha_update(const uint8_t* message);
211 ATCA_STATUS atcab_sha_end(uint8_t *digest, uint16_t length, const uint8_t *message);
212 ATCA_STATUS atcab_sha_read_context(uint8_t* context, uint16_t* context_size);
213 ATCA_STATUS atcab_sha_write_context(const uint8_t* context, uint16_t context_size);
214 ATCA_STATUS atcab_sha(uint16_t length, const uint8_t *message, uint8_t *digest);
215 ATCA_STATUS atcab_hw_sha2_256(const uint8_t * data, size_t data_size, uint8_t* digest);
217 ATCA_STATUS atcab_hw_sha2_256_update(atca_sha256_ctx_t* ctx, const uint8_t* data, size_t data_size);
220 ATCA_STATUS atcab_sha_hmac_update(atca_hmac_sha256_ctx_t* ctx, const uint8_t* data, size_t data_size);
221 ATCA_STATUS atcab_sha_hmac_finish(atca_hmac_sha256_ctx_t* ctx, uint8_t* digest, uint8_t target);
222 ATCA_STATUS atcab_sha_hmac(const uint8_t * data, size_t data_size, uint16_t key_slot, uint8_t* digest, uint8_t target);
223 
224 // Sign command functions
225 ATCA_STATUS atcab_sign_base(uint8_t mode, uint16_t key_id, uint8_t *signature);
226 ATCA_STATUS atcab_sign(uint16_t key_id, const uint8_t *msg, uint8_t *signature);
227 ATCA_STATUS atcab_sign_internal(uint16_t key_id, bool is_invalidate, bool is_full_sn, uint8_t *signature);
228 
229 // UpdateExtra command functions
230 ATCA_STATUS atcab_updateextra(uint8_t mode, uint16_t new_value);
231 
232 // Verify command functions
233 ATCA_STATUS atcab_verify(uint8_t mode, uint16_t key_id, const uint8_t* signature, const uint8_t* public_key, const uint8_t* other_data, uint8_t* mac);
234 ATCA_STATUS atcab_verify_extern(const uint8_t *message, const uint8_t *signature, const uint8_t *public_key, bool *is_verified);
235 ATCA_STATUS atcab_verify_extern_mac(const uint8_t *message, const uint8_t* signature, const uint8_t* public_key, const uint8_t* num_in, const uint8_t* io_key, bool* is_verified);
236 ATCA_STATUS atcab_verify_stored(const uint8_t *message, const uint8_t *signature, uint16_t key_id, bool *is_verified);
237 ATCA_STATUS atcab_verify_stored_mac(const uint8_t *message, const uint8_t *signature, uint16_t key_id, const uint8_t* num_in, const uint8_t* io_key, bool* is_verified);
238 
239 ATCA_STATUS atcab_verify_validate(uint16_t key_id, const uint8_t *signature, const uint8_t *other_data, bool *is_verified);
240 ATCA_STATUS atcab_verify_invalidate(uint16_t key_id, const uint8_t *signature, const uint8_t *other_data, bool *is_verified);
241 
242 // Write command functions
243 ATCA_STATUS atcab_write(uint8_t zone, uint16_t address, const uint8_t *value, const uint8_t *mac);
244 ATCA_STATUS atcab_write_zone(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, const uint8_t *data, uint8_t len);
245 ATCA_STATUS atcab_write_bytes_zone(uint8_t zone, uint16_t slot, size_t offset_bytes, const uint8_t *data, size_t length);
246 ATCA_STATUS atcab_write_pubkey(uint16_t slot, const uint8_t *public_key);
247 ATCA_STATUS atcab_write_config_zone(const uint8_t* config_data);
248 ATCA_STATUS atcab_write_enc(uint16_t key_id, uint8_t block, const uint8_t *data, const uint8_t* enc_key, const uint16_t enc_key_id);
249 ATCA_STATUS atcab_write_config_counter(uint16_t counter_id, uint32_t counter_value);
250 
251 #ifdef __cplusplus
252 }
253 #endif
254 
257 #endif /* ATCA_BASIC_H_ */
ATCA_STATUS atcab_nonce_base(uint8_t mode, uint16_t zero, const uint8_t *num_in, uint8_t *rand_out)
Executes Nonce command, which loads a random or fixed nonce/data into the device for use by subsequen...
Definition: atca_basic_nonce.c:57
ATCA_STATUS atcab_sha_start(void)
Executes SHA command to initialize SHA-256 calculation engine.
Definition: atca_basic_sha.c:126
#define max(a, b)
Definition: hal_linux_kit_cdc.c:50
ATCA_STATUS atcab_wakeup(void)
wakeup the CryptoAuth device
Definition: atca_basic.c:178
ATCA_STATUS atcab_lock_config_zone(void)
Unconditionally (no CRC required) lock the config zone.
Definition: atca_basic_lock.c:83
Definition: atca_iface.h:66
struct atca_aes_cbc_ctx atca_aes_cbc_ctx_t
uint8_t counter_size
Size of counter in the initialization vector.
Definition: atca_basic.h:105
ATCA_STATUS atcab_ecdh_enc(uint16_t key_id, const uint8_t *public_key, uint8_t *pms, const uint8_t *read_key, uint16_t read_key_id)
ECDH command with a private key in a slot and the premaster secret is read from the next slot...
Definition: atca_basic_ecdh.c:128
ATCA_STATUS atcab_sign_base(uint8_t mode, uint16_t key_id, uint8_t *signature)
Executes the Sign command, which generates a signature using the ECDSA algorithm. ...
Definition: atca_basic_sign.c:50
uint32_t block_size
Number of bytes in current block.
Definition: atca_basic.h:202
ATCA_STATUS atcab_info_set_latch(bool state)
Use the Info command to set the persistent latch state for an ATECC608A device.
Definition: atca_basic_info.c:133
ATCA_STATUS atcab_sha_write_context(const uint8_t *context, uint16_t context_size)
Executes SHA command to write (restore) a SHA-256 context into the the device. Only supported for ATE...
Definition: atca_basic_sha.c:183
ATCA_STATUS atcab_aes_cmac_update(atca_aes_cmac_ctx_t *ctx, const uint8_t *data, uint32_t data_size)
Add data to an initialized CMAC calculation.
Definition: atca_basic_aes_cmac.c:74
ATCA_STATUS atcab_read_bytes_zone(uint8_t zone, uint16_t slot, size_t offset, uint8_t *data, size_t length)
Used to read an arbitrary number of bytes from any zone configured for clear reads.
Definition: atca_basic_read.c:607
uint8_t ciphertext[AES_DATA_SIZE]
Ciphertext from last operation.
Definition: atca_basic.h:82
ATCA_STATUS atcab_write_bytes_zone(uint8_t zone, uint16_t slot, size_t offset_bytes, const uint8_t *data, size_t length)
Executes the Write command, which writes data into the configuration, otp, or data zones with a given...
Definition: atca_basic_write.c:411
ATCA_STATUS atcab_mac(uint8_t mode, uint16_t key_id, const uint8_t *challenge, uint8_t *digest)
Executes MAC command, which computes a SHA-256 digest of a key stored in the device, a challenge, and other information on the device.
Definition: atca_basic_mac.c:52
ATCA_STATUS atcab_aes_cmac_finish(atca_aes_cmac_ctx_t *ctx, uint8_t *cmac, uint32_t cmac_size)
Finish a CMAC operation returning the CMAC value.
Definition: atca_basic_aes_cmac.c:156
ATCA_STATUS atcab_write_config_counter(uint16_t counter_id, uint32_t counter_value)
Initialize one of the monotonic counters in device with a specific value.
Definition: atca_basic_write.c:506
ATCA_STATUS atcab_sha(uint16_t length, const uint8_t *message, uint8_t *digest)
Use the SHA command to compute a SHA-256 digest.
Definition: atca_basic_sha.c:196
ATCA_STATUS atcab_genkey_base(uint8_t mode, uint16_t key_id, const uint8_t *other_data, uint8_t *public_key)
Issues GenKey command, which can generate a private key, compute a public key, nd/or compute a digest...
Definition: atca_basic_genkey.c:54
ATCA_STATUS atcab_ecdh_tempkey_ioenc(const uint8_t *public_key, uint8_t *pms, const uint8_t *io_key)
ECDH command with a private key in TempKey and the premaster secret is returned encrypted using the I...
Definition: atca_basic_ecdh.c:230
ATCA_STATUS atcab_verify_extern(const uint8_t *message, const uint8_t *signature, const uint8_t *public_key, bool *is_verified)
Executes the Verify command, which verifies a signature (ECDSA verify operation) with all components ...
Definition: atca_basic_verify.c:247
ATCA_STATUS atcab_sha_update(const uint8_t *message)
Executes SHA command to add 64 bytes of message data to the current context.
Definition: atca_basic_sha.c:138
ATCA_STATUS atcab_sign_internal(uint16_t key_id, bool is_invalidate, bool is_full_sn, uint8_t *signature)
Executes Sign command to sign an internally generated message.
Definition: atca_basic_sign.c:154
uint32_t total_msg_size
Total number of message bytes processed.
Definition: atca_basic.h:201
uint8_t key_block
Index of the 16-byte block to use within the key location for the actual key.
Definition: atca_basic.h:103
ATCA_STATUS atcab_random(uint8_t *rand_out)
Executes Random command, which generates a 32 byte random number from the CryptoAuth device...
Definition: atca_basic_random.c:43
ATCA_STATUS atcab_sha_hmac_init(atca_hmac_sha256_ctx_t *ctx, uint16_t key_slot)
Executes SHA command to start an HMAC/SHA-256 operation.
Definition: atca_basic_sha.c:379
ATCA_STATUS atcab_sign(uint16_t key_id, const uint8_t *msg, uint8_t *signature)
Executes Sign command, to sign a 32-byte external message using the private key in the specified slot...
Definition: atca_basic_sign.c:102
ATCA_STATUS
Definition: atca_status.h:41
ATCA_STATUS atcab_lock_data_slot(uint16_t slot)
Lock an individual slot in the data zone on an ATECC device. Not available for ATSHA devices...
Definition: atca_basic_lock.c:137
uint8_t block[ATCA_SHA256_BLOCK_SIZE *2]
Unprocessed message storage.
Definition: atca_basic.h:203
ATCADeviceType atcab_get_device_type(void)
Get the current device type.
Definition: atca_basic.c:163
ATCA_STATUS atcab_init_device(ATCADevice ca_device)
Initialize the global ATCADevice object to point to one of your choosing for use with all the atcab_ ...
Definition: atca_basic.c:110
ATCA_STATUS atcab_sha_hmac_finish(atca_hmac_sha256_ctx_t *ctx, uint8_t *digest, uint8_t target)
Executes SHA command to complete a HMAC/SHA-256 operation.
Definition: atca_basic_sha.c:451
ATCA_STATUS atcab_secureboot_mac(uint8_t mode, const uint8_t *digest, const uint8_t *signature, const uint8_t *num_in, const uint8_t *io_key, bool *is_verified)
Executes Secure Boot command with encrypted digest and validated MAC response using the IO protection...
Definition: atca_basic_secureboot.c:112
ATCA_STATUS atcab_read_sig(uint16_t slot, uint8_t *sig)
Executes Read command to read a 64 byte ECDSA P256 signature from a slot configured for clear reads...
Definition: atca_basic_read.c:472
ATCA_STATUS atcab_version(char *ver_str)
basic API methods are all prefixed with atcab_ (CryptoAuthLib Basic) the fundamental premise of the b...
Definition: atca_basic.c:53
ATCA_STATUS atcab_cmp_config_zone(uint8_t *config_data, bool *same_config)
Compares a specified configuration zone with the configuration zone currently on the device...
Definition: atca_basic_read.c:386
ATCA_STATUS atcab_write_config_zone(const uint8_t *config_data)
Executes the Write command, which writes the configuration zone.
Definition: atca_basic_write.c:301
ATCA_STATUS atcab_is_locked(uint8_t zone, bool *is_locked)
Executes Read command, which reads the configuration zone to see if the specified zone is locked...
Definition: atca_basic_read.c:186
ATCA_STATUS atcab_lock_config_zone_crc(uint16_t summary_crc)
Lock the config zone with summary CRC.
Definition: atca_basic_lock.c:98
ATCA_STATUS atcab_aes_ctr_encrypt_block(atca_aes_ctr_ctx_t *ctx, const uint8_t *plaintext, uint8_t *ciphertext)
Encrypt a block of data using CTR mode and a key within the ATECC608A device. atcab_aes_ctr_init() or...
Definition: atca_basic_aes_ctr.c:209
struct atca_aes_ctr_ctx atca_aes_ctr_ctx_t
Wrapper API for software SHA 256 routines.
ATCA_STATUS atcab_get_pubkey(uint16_t key_id, uint8_t *public_key)
Uses GenKey command to calculate the public key from an existing private key in a slot...
Definition: atca_basic_genkey.c:119
ATCA_STATUS atcab_write_pubkey(uint16_t slot, const uint8_t *public_key)
Executes the Write command, which writes a public key to a data slot in the device format...
Definition: atca_basic_write.c:358
ATCA_STATUS atcab_hw_sha2_256_finish(atca_sha256_ctx_t *ctx, uint8_t *digest)
Finish SHA-256 digest for a SHA context for performing a hardware SHA-256 operation on a device...
Definition: atca_basic_sha.c:276
ATCA_STATUS atcab_aes_cbc_init(atca_aes_cbc_ctx_t *ctx, uint16_t key_id, uint8_t key_block, const uint8_t *iv)
Initialize context for AES CBC operation.
Definition: atca_basic_aes_cbc.c:51
atca_aes_cbc_ctx_t cbc_ctx
CBC context.
Definition: atca_basic.h:91
ATCA_STATUS atcab_get_addr(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint16_t *addr)
Compute the address given the zone, slot, block, and offset.
Definition: atca_basic.c:327
Definition: atca_basic.h:78
ATCA_STATUS atcab_write(uint8_t zone, uint16_t address, const uint8_t *value, const uint8_t *mac)
Executes the Write command, which writes either one four byte word or a 32-byte block to one of the E...
Definition: atca_basic_write.c:59
ATCA_STATUS atcab_checkmac(uint8_t mode, uint16_t key_id, const uint8_t *challenge, const uint8_t *response, const uint8_t *other_data)
Compares a MAC response with input values.
Definition: atca_basic_checkmac.c:49
ATCA_STATUS atcab_verify(uint8_t mode, uint16_t key_id, const uint8_t *signature, const uint8_t *public_key, const uint8_t *other_data, uint8_t *mac)
Executes the Verify command, which takes an ECDSA [R,S] signature and verifies that it is correctly g...
Definition: atca_basic_verify.c:69
uint8_t cb[AES_DATA_SIZE]
Counter block, comprises of nonce + count value (16 bytes).
Definition: atca_basic.h:104
ATCA_STATUS atcab_sha_end(uint8_t *digest, uint16_t length, const uint8_t *message)
Executes SHA command to complete SHA-256 or HMAC/SHA-256 operation.
Definition: atca_basic_sha.c:153
ATCA_STATUS atcab_updateextra(uint8_t mode, uint16_t new_value)
Executes UpdateExtra command to update the values of the two extra bytes within the Configuration zon...
Definition: atca_basic_updateextra.c:49
Single aggregation point for all CryptoAuthLib header files.
ATCA_STATUS atcab_ecdh(uint16_t key_id, const uint8_t *public_key, uint8_t *pms)
ECDH command with a private key in a slot and the premaster secret is returned in the clear...
Definition: atca_basic_ecdh.c:103
ATCA_STATUS atcab_nonce(const uint8_t *num_in)
Execute a Nonce command in pass-through mode to initialize TempKey to a specified value...
Definition: atca_basic_nonce.c:120
ATCA_STATUS atcab_verify_validate(uint16_t key_id, const uint8_t *signature, const uint8_t *other_data, bool *is_verified)
Executes the Verify command in Validate mode to validate a public key stored in a slot...
Definition: atca_basic_verify.c:439
ATCA_STATUS atcab_verify_invalidate(uint16_t key_id, const uint8_t *signature, const uint8_t *other_data, bool *is_verified)
Executes the Verify command in Invalidate mode which invalidates a previously validated public key st...
Definition: atca_basic_verify.c:476
ATCA_STATUS atcab_read_zone(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint8_t *data, uint8_t len)
Executes Read command, which reads either 4 or 32 bytes of data from a given slot, configuration zone, or the OTP zone.
Definition: atca_basic_read.c:57
atca_sha256_ctx_t atca_hmac_sha256_ctx_t
Definition: atca_basic.h:206
ATCA_STATUS atcab_hw_sha2_256_update(atca_sha256_ctx_t *ctx, const uint8_t *data, size_t data_size)
Add message data to a SHA context for performing a hardware SHA-256 operation on a device...
Definition: atca_basic_sha.c:223
ATCA_STATUS atcab_verify_extern_mac(const uint8_t *message, const uint8_t *signature, const uint8_t *public_key, const uint8_t *num_in, const uint8_t *io_key, bool *is_verified)
Executes the Verify command with verification MAC, which verifies a signature (ECDSA verify operation...
Definition: atca_basic_verify.c:314
ATCA_STATUS atcab_verify_stored_mac(const uint8_t *message, const uint8_t *signature, uint16_t key_id, const uint8_t *num_in, const uint8_t *io_key, bool *is_verified)
Executes the Verify command with verification MAC, which verifies a signature (ECDSA verify operation...
Definition: atca_basic_verify.c:409
ATCA_STATUS atcab_challenge_seed_update(const uint8_t *num_in, uint8_t *rand_out)
Execute a Nonce command to generate a random challenge combining a host nonce (num_in) and a device r...
Definition: atca_basic_nonce.c:202
ATCA_STATUS atcab_aes_ctr_decrypt_block(atca_aes_ctr_ctx_t *ctx, const uint8_t *ciphertext, uint8_t *plaintext)
Decrypt a block of data using CTR mode and a key within the ATECC608A device. atcab_aes_ctr_init() or...
Definition: atca_basic_aes_ctr.c:225
ATCA_STATUS _atcab_exit(void)
common cleanup code which idles the device after any operation
Definition: atca_basic.c:313
ATCA_STATUS atcab_kdf(uint8_t mode, uint16_t key_id, const uint32_t details, const uint8_t *message, uint8_t *out_data, uint8_t *out_nonce)
Executes the KDF command, which derives a new key in PRF, AES, or HKDF modes.
Definition: atca_basic_kdf.c:64
ATCA_STATUS atcab_get_zone_size(uint8_t zone, uint16_t slot, size_t *size)
Gets the size of the specified zone in bytes.
Definition: atca_basic.c:372
ATCA_STATUS atcab_aes_ctr_block(atca_aes_ctr_ctx_t *ctx, const uint8_t *input, uint8_t *output)
Process a block of data using CTR mode and a key within the ATECC608A device. atcab_aes_ctr_init() or...
Definition: atca_basic_aes_ctr.c:165
ATCA_STATUS atcab_sleep(void)
invoke sleep on the CryptoAuth device
Definition: atca_basic.c:204
ATCADevice atcab_get_device(void)
Get the global device object.
Definition: atca_basic.c:155
ATCA_STATUS atcab_hmac(uint8_t mode, uint16_t key_id, uint8_t *digest)
Issues a HMAC command, which computes an HMAC/SHA-256 digest of a key stored in the device...
Definition: atca_basic_hmac.c:53
ATCADeviceType
The supported Device type in Cryptoauthlib library.
Definition: atca_devtypes.h:41
ATCA_STATUS atcab_challenge(const uint8_t *num_in)
Execute a Nonce command in pass-through mode to initialize TempKey to a specified value...
Definition: atca_basic_nonce.c:186
ATCA_STATUS atcab_aes_cbc_encrypt_block(atca_aes_cbc_ctx_t *ctx, const uint8_t *plaintext, uint8_t *ciphertext)
Encrypt a block of data using CBC mode and a key within the ATECC608A. atcab_aes_cbc_init() should be...
Definition: atca_basic_aes_cbc.c:76
ATCA_STATUS atcab_ecdh_tempkey(const uint8_t *public_key, uint8_t *pms)
ECDH command with a private key in TempKey and the premaster secret is returned in the clear...
Definition: atca_basic_ecdh.c:210
ATCA_STATUS atcab_idle(void)
idle the CryptoAuth device
Definition: atca_basic.c:191
ATCA_STATUS atcab_cfg_discover(ATCAIfaceCfg cfg_array[], int max)
auto discovery of crypto auth devices
Definition: atca_basic.c:228
ATCA_STATUS atcab_read_pubkey(uint16_t slot, uint8_t *public_key)
Executes Read command to read an ECC P256 public key from a slot configured for clear reads...
Definition: atca_basic_read.c:515
ATCA_STATUS atcab_counter(uint8_t mode, uint16_t counter_id, uint32_t *counter_value)
Compute the Counter functions.
Definition: atca_basic_counter.c:45
atca_device is the C object backing ATCADevice. See the atca_device.h file for details on the ATCADev...
Definition: atca_device.h:44
ATCA_STATUS atcab_derivekey(uint8_t mode, uint16_t key_id, const uint8_t *mac)
Executes the DeviveKey command for deriving a new key from a nonce (TempKey) and an existing key...
Definition: atca_basic_derivekey.c:48
ATCA_STATUS atcab_lock(uint8_t mode, uint16_t summary_crc)
The Lock command prevents future modifications of the Configuration and/or Data and OTP zones...
Definition: atca_basic_lock.c:50
ATCA_STATUS atcab_lock_data_zone(void)
Unconditionally (no CRC required) lock the data zone (slots and OTP).
Definition: atca_basic_lock.c:109
ATCA_STATUS atcab_is_slot_locked(uint16_t slot, bool *is_locked)
Executes Read command, which reads the configuration zone to see if the specified slot is locked...
Definition: atca_basic_read.c:147
ATCA_STATUS atcab_secureboot(uint8_t mode, uint16_t param2, const uint8_t *digest, const uint8_t *signature, uint8_t *mac)
Executes Secure Boot command, which provides support for secure boot of an external MCU or MPU...
Definition: atca_basic_secureboot.c:53
ATCA_STATUS atcab_hw_sha2_256(const uint8_t *data, size_t data_size, uint8_t *digest)
Use the SHA command to compute a SHA-256 digest.
Definition: atca_basic_sha.c:346
ATCA_STATUS atcab_lock_data_zone_crc(uint16_t summary_crc)
Lock the data zone (slots and OTP) with summary CRC.
Definition: atca_basic_lock.c:124
uint16_t key_id
Key location. Can either be a slot number or ATCA_TEMPKEY_KEYID for TempKey.
Definition: atca_basic.h:102
Definition: atca_basic.h:100
ATCA_STATUS atcab_info(uint8_t *revision)
Use the Info command to get the device revision (DevRev).
Definition: atca_basic_info.c:87
ATCA_STATUS atcab_aes_gfm(const uint8_t *h, const uint8_t *input, uint8_t *output)
Perform a Galois Field Multiply (GFM) operation.
Definition: atca_basic_aes.c:145
ATCA_STATUS atcab_aes_cbc_decrypt_block(atca_aes_cbc_ctx_t *ctx, const uint8_t *ciphertext, uint8_t *plaintext)
Decrypt a block of data using CBC mode and a key within the ATECC608A. atcab_aes_cbc_init() should be...
Definition: atca_basic_aes_cbc.c:116
ATCA_STATUS atcab_info_base(uint8_t mode, uint16_t param2, uint8_t *out_data)
Issues an Info command, which return internal device information and can control GPIO and the persist...
Definition: atca_basic_info.c:50
ATCA_STATUS atcab_read_enc(uint16_t key_id, uint8_t block, uint8_t *data, const uint8_t *enc_key, const uint16_t enc_key_id)
Executes Read command on a slot configured for encrypted reads and decrypts the data to return it as ...
Definition: atca_basic_read.c:232
ATCA_STATUS atcab_priv_write(uint16_t key_id, const uint8_t priv_key[36], uint16_t write_key_id, const uint8_t write_key[32])
Executes PrivWrite command, to write externally generated ECC private keys into the device...
Definition: atca_basic_privwrite.c:51
ATCA_STATUS atcab_aes_encrypt(uint16_t key_id, uint8_t key_block, const uint8_t *plaintext, uint8_t *ciphertext)
Perform an AES-128 encrypt operation with a key in the device.
Definition: atca_basic_aes.c:110
ATCA_STATUS atcab_nonce_load(uint8_t target, const uint8_t *num_in, uint16_t num_in_size)
Execute a Nonce command in pass-through mode to load one of the device's internal buffers with a fixe...
Definition: atca_basic_nonce.c:143
ATCA_STATUS atcab_sha_hmac(const uint8_t *data, size_t data_size, uint16_t key_slot, uint8_t *digest, uint8_t target)
Use the SHA command to compute an HMAC/SHA-256 operation.
Definition: atca_basic_sha.c:484
ATCA_STATUS atcab_sha_read_context(uint8_t *context, uint16_t *context_size)
Executes SHA command to read the SHA-256 context back. Only for ATECC608A with SHA-256 contexts...
Definition: atca_basic_sha.c:170
ATCA_STATUS atcab_release(void)
release (free) the global ATCADevice instance. This must be called in order to release or free up the...
Definition: atca_basic.c:137
struct atca_sha256_ctx atca_sha256_ctx_t
ATCA_STATUS atcab_verify_stored(const uint8_t *message, const uint8_t *signature, uint16_t key_id, bool *is_verified)
Executes the Verify command, which verifies a signature (ECDSA verify operation) with a public key st...
Definition: atca_basic_verify.c:344
ATCA_STATUS atcab_ecdh_base(uint8_t mode, uint16_t key_id, const uint8_t *public_key, uint8_t *pms, uint8_t *out_nonce)
Base function for generating premaster secret key using ECDH.
Definition: atca_basic_ecdh.c:53
#define AES_DATA_SIZE
size of AES encrypt/decrypt data
Definition: atca_command.h:306
ATCA_STATUS atcab_selftest(uint8_t mode, uint16_t param2, uint8_t *result)
Executes the SelfTest command, which performs a test of one or more of the cryptographic engines with...
Definition: atca_basic_selftest.c:50
ATCA_STATUS atcab_aes_cmac_init(atca_aes_cmac_ctx_t *ctx, uint16_t key_id, uint8_t key_block)
Initialize a CMAC calculation using an AES-128 key in the ATECC608A.
Definition: atca_basic_aes_cmac.c:55
ATCA_STATUS atcab_genkey(uint16_t key_id, uint8_t *public_key)
Issues GenKey command, which generates a new random private key in slot and returns the public key...
Definition: atca_basic_genkey.c:103
Definition: atca_basic.h:89
uint8_t block[AES_DATA_SIZE]
Unprocessed message storage.
Definition: atca_basic.h:93
ATCADevice _gDevice
Definition: atca_basic.c:34
#define ATCA_SHA256_BLOCK_SIZE
Definition: atca_command.h:654
ATCA_STATUS atcab_hw_sha2_256_init(atca_sha256_ctx_t *ctx)
Initialize a SHA context for performing a hardware SHA-256 operation on a device. Note that only one ...
Definition: atca_basic_sha.c:208
ATCA_STATUS atcab_aes_ctr_init(atca_aes_ctr_ctx_t *ctx, uint16_t key_id, uint8_t key_block, uint8_t counter_size, const uint8_t *iv)
Initialize context for AES CTR operation with an existing IV, which is common when start a decrypt op...
Definition: atca_basic_aes_ctr.c:56
ATCA_STATUS atcab_counter_read(uint16_t counter_id, uint32_t *counter_value)
Read one of the device's monotonic counters.
Definition: atca_basic_counter.c:101
ATCA_STATUS atcab_write_zone(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, const uint8_t *data, uint8_t len)
Executes the Write command, which writes either 4 or 32 bytes of data into a device zone...
Definition: atca_basic_write.c:121
ATCA_STATUS atcab_read_config_zone(uint8_t *config_data)
Executes Read command to read the complete device configuration zone.
Definition: atca_basic_read.c:338
uint32_t block_size
Number of bytes in current block.
Definition: atca_basic.h:92
uint8_t key_block
Index of the 16-byte block to use within the key location for the actual key.
Definition: atca_basic.h:81
ATCA_STATUS atcab_sha_hmac_update(atca_hmac_sha256_ctx_t *ctx, const uint8_t *data, size_t data_size)
Executes SHA command to add an arbitrary amount of message data to a HMAC/SHA-256 operation...
Definition: atca_basic_sha.c:394
ATCA_STATUS atcab_write_enc(uint16_t key_id, uint8_t block, const uint8_t *data, const uint8_t *enc_key, const uint16_t enc_key_id)
Executes the Write command, which performs an encrypted write of a 32 byte block into given slot...
Definition: atca_basic_write.c:175
ATCA_STATUS atcab_gendig(uint8_t zone, uint16_t key_id, const uint8_t *other_data, uint8_t other_data_size)
Issues a GenDig command, which performs a SHA256 hash on the source data indicated by zone with the c...
Definition: atca_basic_gendig.c:49
ATCA_STATUS atcab_counter_increment(uint16_t counter_id, uint32_t *counter_value)
Increments one of the device's monotonic counters.
Definition: atca_basic_counter.c:91
ATCA_STATUS atcab_read_serial_number(uint8_t *serial_number)
Executes Read command, which reads the 9 byte serial number of the device from the config zone...
Definition: atca_basic_read.c:116
ATCA_STATUS atcab_sha_base(uint8_t mode, uint16_t length, const uint8_t *data_in, uint8_t *data_out, uint16_t *data_out_size)
Executes SHA command, which computes a SHA-256 or HMAC/SHA-256 digest for general purpose use by the ...
Definition: atca_basic_sha.c:70
ATCA_STATUS atcab_aes(uint8_t mode, uint16_t key_id, const uint8_t *aes_in, uint8_t *aes_out)
Compute the AES-128 encrypt, decrypt, or GFM calculation.
Definition: atca_basic_aes.c:51
ATCA_STATUS atcab_aes_decrypt(uint16_t key_id, uint8_t key_block, const uint8_t *ciphertext, uint8_t *plaintext)
Perform an AES-128 decrypt operation with a key in the device.
Definition: atca_basic_aes.c:129
ATCA_STATUS atcab_info_get_latch(bool *state)
Use the Info command to get the persistent latch current state for an ATECC608A device.
Definition: atca_basic_info.c:105
Definition: atca_basic.h:199
uint16_t key_id
Key location. Can either be a slot number or ATCA_TEMPKEY_KEYID for TempKey.
Definition: atca_basic.h:80
struct atca_aes_cmac_ctx atca_aes_cmac_ctx_t
ATCA_STATUS atcab_aes_ctr_increment(atca_aes_ctr_ctx_t *ctx)
Increments AES CTR counter value.
Definition: atca_basic_aes_ctr.c:127
ATCA_STATUS atcab_init(ATCAIfaceCfg *cfg)
Creates a global ATCADevice object used by Basic API.
Definition: atca_basic.c:65
ATCA_STATUS atcab_nonce_rand(const uint8_t *num_in, uint8_t *rand_out)
Execute a Nonce command to generate a random nonce combining a host nonce (num_in) and a device rando...
Definition: atca_basic_nonce.c:174
ATCA_STATUS atcab_aes_ctr_init_rand(atca_aes_ctr_ctx_t *ctx, uint16_t key_id, uint8_t key_block, uint8_t counter_size, uint8_t *iv)
Initialize context for AES CTR operation with a random nonce and counter set to 0 as the IV...
Definition: atca_basic_aes_ctr.c:91
ATCA_STATUS atcab_ecdh_ioenc(uint16_t key_id, const uint8_t *public_key, uint8_t *pms, const uint8_t *io_key)
ECDH command with a private key in a slot and the premaster secret is returned encrypted using the IO...
Definition: atca_basic_ecdh.c:170