ECDH - Stored Key

The ECDH command may use an internal data slot as its ECC private key source. The slot must have its access policies configured such that the slot is an ECC private key and that the ECDH command is allowed. Access policies may also specify whether or not the output will be stored, encrypted or allow the command itself to determine whether the output is stored or encrypted. The IO protection key is used when encryption is required. Encryption can only occur when data is output to the output buffer.

For the ATECC608A-TNGTLS, the ECDH command may be run using the ECC private keys stored in Slots 0 and 2-4.

Table 1. Input Parameters ECDH Stored Key
Opcode (1 Byte)	Mode (1 Byte)	KeyId (2 Bytes)	Data		Description
Opcode (1 Byte)	Mode (1 Byte)	KeyId (2 Bytes)	Data 1 (32 Bytes)	Data 2 (32 Bytes)	Description
0x43	0x0C	0x00 0[Slot]	X component of public key	Y component of public key	Results go to the output buffer Output is in the clear⁽¹⁾
	0x0E	0x00 0[Slot]	X component of public key	Y component of public key	Results go to the output buffer Output is encrypted
	0x08	0x00 0[Slot]	X component of public key	Y component of public key	Results stored in TempKey Output is available for other operations but is not directly accessible.

Note:

1.When the ChipOptions.ECDHPROT value is 1, then the output of the ECDH command will be encrypted in this mode. For the ATECC608A-TNGTLS the ECDHPROT field is set to 0 and encryption will be dependent upon the mode of the ECDH command.

Table 2. Output Response ECDH Stored Key
Name	Mode	Size	Description
Response	0x0C or 0x0E	1 byte	Error code if command fails
Response	0x0C	32 bytes	Shared Master Secret as clear text
Response OutNonce	0x0E	32 bytes 32 bytes	Shared Master Secret as encrypted text nonce used for encryption
Response	0x08	1 byte	0x00 if successful, otherwise an error code is returned