4 Device Commands
- General Device CommandsThese commands fall into two categories:
- General device access commands that are used to send data to the device or retrieve data but typically do not perform any cryptographic functions.
- General cryptographic commands that can be used by the device or the system but typically do not operate on specific data slots.
- Asymmetric Cryptography
Commands
These commands perform asymmetric cryptographic operations, such as key generation, message signing and message verification that utilize an ECC public or private key. These commands are limited to use on ECC Data zone slots.
- Symmetric Cryptography
Commands
These commands perform a symmetric cryptographic function, such as generating a digest or MAC, key derivation or AES encryption and decryption.
Input Parameters for all Commands
Multibyte input parameters are shown as big-endian (MSB first) values in the input parameters tables unless otherwise specified. Note that the ECC608-TNGHNT device actually expects the data to be sent little-endian (LSB first).
Command | Opcode | Description | Command Category |
---|---|---|---|
AES | 0x51 | Execute the AES-ECB Encrypt or Decrypt functions. Calculate a Galois Field Multiply. | Symmetric Cryptography Command |
CheckMac | 0x28 | Verify a MAC calculated on another CryptoAuthentication device. | Symmetric Cryptography Command |
Counter | 0x24 | Read or increment one of the monotonic counters | General Device Commands |
ECDH | 0x43 | Generate an ECDH pre-master secret using stored private key and input public key. | Asymmetric Cryptography Command |
GenDig | 0x15 | Generate a data digest from a random or input seed and a stored value. | Symmetric Cryptography Command |
GenKey | 0x40 | Generate an ECC public key. Optionally generate an ECC private key. | Asymmetric Cryptography Command |
Info | 0x30 | Return device state information. | General Device Commands |
KDF | 0x56 | Implement the PRF or HKDF key derivation functions | Symmetric Cryptography Command |
Lock | 0x17 | Prevent further modifications to a zone or slot of the device. | General Device Commands |
MAC | 0x08 | Calculate digest (response) from key and other internal data using SHA-256. | Symmetric Cryptography Command |
Nonce | 0x16 | Generate a 32-byte random number and an internally stored Nonce. | General Device Commands |
Random | 0x1B | Generate a random number. | General Device Commands |
Read | 0x02 | Read 4 or 32 bytes from the device, with or without authentication and encryption. | General Device Commands |
SelfTest | 0x77 | Test the various internal cryptographic computation elements | General Device Commands |
Sign | 0x41 | ECDSA signature calculation. | Asymmetric Cryptography Command |
SHA | 0x47 | Compute a SHA-256 or HMAC digest for general purpose use by the system. | General Device Commands |
UpdateExtra | 0x20 | Update bytes 84 or 85 within the Configuration zone after the Configuration zone is locked. | General Device Commands |
Verify | 0x45 | ECDSA verify calculation. | Asymmetric Cryptography Command |
Write | 0x12 | Write 4 or 32 bytes to the device, with or without authentication and encryption. | General Device Commands |