ATECC508A.Request (atecc508a v1.4.0)
View SourceThis module knows how to send requests to the ATECC508A.
Summary
Types
A transaction is a tuple with the binary to send, how long to wait in milliseconds for the response and the size of payload to expect to read for the response.
Functions
Perform a transaction to authenticate volatile key protection using an activation key.
Calculates ECDH secret.
Create a genkey request message.
Get persistent latch value.
Lock a specific slot.
Create a message to lock a zone.
Generate a MAC deterministically using a given input.
Request a random number.
Create a read message
Sign a SHA256 digest.
Create a write message
Types
@type access_data() :: <<_::32>> | <<_::256>>
@type access_size() :: 4 | 32
@type addr() :: 0..65535
@type block() :: 0..3
@type offset() :: 0..7
@type slot() :: 0..15
@type transaction() :: {binary(), non_neg_integer(), non_neg_integer()}
A transaction is a tuple with the binary to send, how long to wait in milliseconds for the response and the size of payload to expect to read for the response.
@type zone() :: :config | :otp | :data
Functions
@spec auth_volatile_key(ATECC508A.Transport.t(), slot(), binary()) :: :ok | {:error, atom()} | {:error, binary()}
Perform a transaction to authenticate volatile key protection using an activation key.
This takes the key slot holding the activation key (likely to be slot 1) and the activation key.
The transaction steps are:
- Generate a nonce inside the device sourced by the device RNG and a seed from the host. This returns the RNG output.
- Generate the identical nonce on the host based on the RNG and seed.
- Generate the CheckMac digest on the host using the activation key and produce a digest.
- Send the digest into the device CheckMac command to verify the activation key. This authorizes the transaction.
- Set the persistent latch to enable the protected keys.
Return :ok for success. Returns an error tuple indicating failure.
@spec ecdh(ATECC508A.Transport.t(), binary()) :: {:ok, binary()} | {:error, atom()}
Calculates ECDH secret.
@spec genkey(ATECC508A.Transport.t(), slot(), boolean()) :: {:ok, binary()} | {:error, atom()}
Create a genkey request message.
@spec get_latch(ATECC508A.Transport.t()) :: {:ok, binary()} | {:error, atom()}
Get persistent latch value.
Used for verifying the state of authorization.
Returns {:ok, <<1,0,0,0>>} if latch is set. Returns {:ok, <<0,0,0,0>>} if latch is not set. An error tuple is returned if the command fails.
@spec lock_slot(ATECC508A.Transport.t(), slot()) :: :ok | {:error, atom()}
Lock a specific slot.
@spec lock_zone(ATECC508A.Transport.t(), zone(), ATECC508A.crc16()) :: :ok | {:error, atom()}
Create a message to lock a zone.
@spec mac_deterministic( transport :: ATECC508A.Transport.t(), key_id :: non_neg_integer(), input :: binary() ) :: {:ok, binary()} | {:error, term()}
Generate a MAC deterministically using a given input.
Combines the key in a slot, some internal values and an input value to produce a digest.
This is primarily implemented as it can be used to verify the behavior of the device and whether a key is disabled by the persistent latch or not.
Returns the digest if successful, otherwise an error tuple.
@spec random(ATECC508A.Transport.t()) :: {:ok, binary()} | {:error, atom()}
Request a random number.
@spec read_zone(ATECC508A.Transport.t(), zone(), addr(), access_size()) :: {:ok, binary()} | {:error, atom()}
Create a read message
@spec sign_digest(ATECC508A.Transport.t(), slot(), binary()) :: {:ok, binary()} | {:error, atom()}
Sign a SHA256 digest.
@spec to_config_addr(0..127) :: addr()
@spec to_otp_addr(0..127) :: addr()
@spec write_zone(ATECC508A.Transport.t(), zone(), addr(), access_data()) :: :ok | {:error, atom()}
Create a write message