4 Device Commands

The following section details all the commands broken out by the Command mode that are allowed in the ECC608-TFLXWPC. There are three categories:
  1. General Device Commands
    These commands fall into two categories:
    • General device access commands that are used to send data to the device or retrieve data but typically do not perform any cryptographic functions
    • General cryptographic commands that can be used by the device or the system but typically do not operate on specific data slots
  2. Asymmetric Cryptography Commands

    These commands perform asymmetric cryptographic operations, such as key generation, message signing and message verification that utilize an ECC public or private key. These commands are limited to use on ECC Data zone slots.

  3. Symmetric Cryptography Commands

    These commands perform a symmetric cryptographic function, such as generating a digest or MAC, key derivation or AES encryption and decryption.

Input Parameters for All Commands

The multibyte input parameters display as big-endian (MSB first) values in the input parameters tables, unless otherwise specified. Note that the ECC608-TFLXWPC device actually expects the data to be sent little-endian (LSB first).

Table 4-1. Commands, Descriptions and Command Categories
CommandDescriptionCommand Category
CounterReads or increments one of the monotonic countersGeneral Device Commands
ECDHGenerates an ECDH pre-master secret using stored private key and input public keyAsymmetric Cryptography Command
GenKeyGenerates an ECC public key. Optionally generates an ECC private keyAsymmetric Cryptography Command
InfoReturns device state informationGeneral Device Commands
LockPrevents further modifications to a zone or slot of the deviceGeneral Device Commands
NonceGenerates a 32-byte random number and an internally stored NonceGeneral Device Commands
RandomGenerates a random numberGeneral Device Commands
ReadReads 4 or 32 bytes from the device, with or without authentication and encryptionGeneral Device Commands
SecureBootValidates code signature or code digest on power-upAsymmetric Cryptography Command
SelfTestTests the various internal cryptographic computation elementsGeneral Device Commands
SignECDSA signature calculationAsymmetric Cryptography Command
SHAComputes a SHA-256 or HMAC digest for general purpose use by the systemGeneral Device Commands
UpdateExtraUpdates bytes 84 or 85 within the Configuration zone after the Configuration zone is lockedGeneral Device Commands
VerifyECDSA verify calculationAsymmetric Cryptography Command
WriteWrites 4 or 32 bytes to the device, with or without authentication and encryptionGeneral Device Commands