4 Device Commands

The following section details all of the commands broken out by Command mode that are allowed in the ECC608-TNGHNT. The commands have been broken into three categories:
  1. General Device Commands
    These commands fall into two categories:
    • General device access commands that are used to send data to the device or retrieve data but typically do not perform any cryptographic functions.
    • General cryptographic commands that can be used by the device or the system but typically do not operate on specific data slots.
  2. Asymmetric Cryptography Commands

    These commands perform asymmetric cryptographic operations, such as key generation, message signing and message verification that utilize an ECC public or private key. These commands are limited to use on ECC Data zone slots.

  3. Symmetric Cryptography Commands

    These commands perform a symmetric cryptographic function, such as generating a digest or MAC, key derivation or AES encryption and decryption.

Input Parameters for all Commands

Multibyte input parameters are shown as big-endian (MSB first) values in the input parameters tables unless otherwise specified. Note that the ECC608-TNGHNT device actually expects the data to be sent little-endian (LSB first).

Table 4-1. Command Opcodes, Short Descriptions, and Command Categories
CommandOpcodeDescriptionCommand Category
AES0x51Execute the AES-ECB Encrypt or Decrypt functions. Calculate a Galois Field Multiply.Symmetric Cryptography Command
CheckMac0x28Verify a MAC calculated on another CryptoAuthentication device.Symmetric Cryptography Command
Counter0x24Read or increment one of the monotonic countersGeneral Device Commands
ECDH0x43Generate an ECDH pre-master secret using stored private key and input public key.Asymmetric Cryptography Command
GenDig0x15Generate a data digest from a random or input seed and a stored value.Symmetric Cryptography Command
GenKey0x40Generate an ECC public key. Optionally generate an ECC private key.Asymmetric Cryptography Command
Info0x30Return device state information.General Device Commands
KDF0x56Implement the PRF or HKDF key derivation functionsSymmetric Cryptography Command
Lock0x17Prevent further modifications to a zone or slot of the device.General Device Commands
MAC0x08Calculate digest (response) from key and other internal data using SHA-256.Symmetric Cryptography Command
Nonce0x16Generate a 32-byte random number and an internally stored Nonce.General Device Commands
Random0x1BGenerate a random number.General Device Commands
Read0x02Read 4 or 32 bytes from the device, with or without authentication and encryption.General Device Commands
SelfTest0x77Test the various internal cryptographic computation elementsGeneral Device Commands
Sign0x41ECDSA signature calculation.Asymmetric Cryptography Command
SHA0x47Compute a SHA-256 or HMAC digest for general purpose use by the system.General Device Commands
UpdateExtra0x20Update bytes 84 or 85 within the Configuration zone after the Configuration zone is locked.General Device Commands
Verify0x45ECDSA verify calculation.Asymmetric Cryptography Command
Write0x12Write 4 or 32 bytes to the device, with or without authentication and encryption.General Device Commands