Wrapper functions to replace cryptoauthlib software crypto functions with the mbedTLS equivalent. More...
#include "atca_config_check.h"
#include "mbedtls/config.h"
#include <stdlib.h>
#include "mbedtls/cmac.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/pk.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/ecp.h"
#include "mbedtls/entropy.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/oid.h"
#include "cryptoauthlib.h"
#include "atca_mbedtls_wrap.h"
#include "atca_mbedtls_patch.h"
#include "crypto/atca_crypto_sw.h"
#include "atcacert/atcacert_client.h"
#include "atcacert/atcacert_def.h"
#include "mbedtls/pk_internal.h"
#include "atcacert/atcacert_der.h"
Macros | |
#define | mbedtls_calloc calloc |
#define | mbedtls_free free |
Functions | |
ATCA_STATUS | atcac_sw_random (uint8_t *data, size_t data_size) |
Return Random Bytes. | |
ATCA_STATUS | atcac_aes_gcm_aad_update (struct atcac_aes_gcm_ctx *ctx, const uint8_t *aad, const size_t aad_len) |
Update the GCM context with additional authentication data (AAD) | |
ATCA_STATUS | atcac_aes_gcm_encrypt_start (struct atcac_aes_gcm_ctx *ctx, const uint8_t *key, const uint8_t key_len, const uint8_t *iv, const uint8_t iv_len) |
Initialize an AES-GCM context. | |
ATCA_STATUS | atcac_aes_gcm_encrypt_update (struct atcac_aes_gcm_ctx *ctx, const uint8_t *plaintext, const size_t pt_len, uint8_t *ciphertext, size_t *ct_len) |
Encrypt a data using the initialized context. | |
ATCA_STATUS | atcac_aes_gcm_encrypt_finish (struct atcac_aes_gcm_ctx *ctx, uint8_t *tag, size_t tag_len) |
Get the AES-GCM tag and free the context. | |
ATCA_STATUS | atcac_aes_gcm_decrypt_start (struct atcac_aes_gcm_ctx *ctx, const uint8_t *key, const uint8_t key_len, const uint8_t *iv, const uint8_t iv_len) |
Initialize an AES-GCM context for decryption. | |
ATCA_STATUS | atcac_aes_gcm_decrypt_update (struct atcac_aes_gcm_ctx *ctx, const uint8_t *ciphertext, const size_t ct_len, uint8_t *plaintext, size_t *pt_len) |
Decrypt ciphertext using the initialized context. | |
ATCA_STATUS | atcac_aes_gcm_decrypt_finish (struct atcac_aes_gcm_ctx *ctx, const uint8_t *tag, size_t tag_len, bool *is_verified) |
Compare the AES-GCM tag and free the context. | |
ATCA_STATUS | atcac_sw_sha1_init (struct atcac_sha1_ctx *ctx) |
Initialize context for performing SHA1 hash in software. | |
ATCA_STATUS | atcac_sw_sha1_update (struct atcac_sha1_ctx *ctx, const uint8_t *data, size_t data_size) |
Add data to a SHA1 hash. | |
ATCA_STATUS | atcac_sw_sha1_finish (struct atcac_sha1_ctx *ctx, uint8_t digest[ATCA_SHA1_DIGEST_SIZE]) |
Complete the SHA1 hash in software and return the digest. | |
ATCA_STATUS | atcac_aes_cmac_init (struct atcac_aes_cmac_ctx *ctx, const uint8_t *key, const uint8_t key_len) |
Initialize context for performing CMAC in software. | |
ATCA_STATUS | atcac_aes_cmac_update (struct atcac_aes_cmac_ctx *ctx, const uint8_t *data, const size_t data_size) |
Update CMAC context with input data. | |
ATCA_STATUS | atcac_aes_cmac_finish (struct atcac_aes_cmac_ctx *ctx, uint8_t *cmac, size_t *cmac_size) |
Finish CMAC calculation and clear the CMAC context. | |
ATCA_STATUS | atcac_sha256_hmac_init (struct atcac_hmac_ctx *ctx, struct atcac_sha2_256_ctx *sha256_ctx, const uint8_t *key, const uint8_t key_len) |
Initialize context for performing HMAC (sha256) in software. | |
ATCA_STATUS | atcac_sha256_hmac_update (struct atcac_hmac_ctx *ctx, const uint8_t *data, size_t data_size) |
Update HMAC context with input data. | |
ATCA_STATUS | atcac_sha256_hmac_finish (struct atcac_hmac_ctx *ctx, uint8_t *digest, size_t *digest_len) |
Finish CMAC calculation and clear the HMAC context. | |
ATCA_STATUS | atcac_pk_init (struct atcac_pk_ctx *ctx, const uint8_t *buf, size_t buflen, uint8_t key_type, bool pubkey) |
Set up a public/private key structure for use in asymmetric cryptographic functions. | |
ATCA_STATUS | atcac_pk_init_pem (struct atcac_pk_ctx *ctx, const uint8_t *buf, size_t buflen, bool pubkey) |
Set up a public/private key structure for use in asymmetric cryptographic functions. | |
ATCA_STATUS | atcac_pk_free (struct atcac_pk_ctx *ctx) |
Free a public/private key structure. | |
ATCA_STATUS | atcac_pk_public (struct atcac_pk_ctx *ctx, uint8_t *buf, size_t *buflen) |
Get the public key from the context. | |
ATCA_STATUS | atcac_pk_sign (struct atcac_pk_ctx *ctx, const uint8_t *digest, size_t dig_len, uint8_t *signature, size_t *sig_len) |
Perform a signature with the private key in the context. | |
ATCA_STATUS | atcac_pk_verify (struct atcac_pk_ctx *ctx, const uint8_t *digest, size_t dig_len, const uint8_t *signature, size_t sig_len) |
Perform a verify using the public key in the provided context. | |
ATCA_STATUS | atcac_pk_derive (struct atcac_pk_ctx *private_ctx, struct atcac_pk_ctx *public_ctx, uint8_t *buf, size_t *buflen) |
Execute the key agreement protocol for the provided keys (if they can) | |
int | atca_mbedtls_pk_init_ext (ATCADevice device, mbedtls_pk_context *pkey, const uint16_t slotid) |
Initializes an mbedtls pk context for use with EC operations. | |
int | atca_mbedtls_pk_init (mbedtls_pk_context *pkey, const uint16_t slotid) |
Initializes an mbedtls pk context for use with EC operations. | |
ATCA_STATUS | atcac_parse_der (struct atcac_x509_ctx **cert, cal_buffer *der) |
ATCA_STATUS | atcac_get_subject (const struct atcac_x509_ctx *cert, cal_buffer *cert_subject) |
ATCA_STATUS | atcac_get_subj_public_key (const struct atcac_x509_ctx *cert, cal_buffer *subj_public_key) |
ATCA_STATUS | atcac_get_subj_key_id (const struct atcac_x509_ctx *cert, cal_buffer *subj_public_key_id) |
ATCA_STATUS | atcac_get_issue_date (const struct atcac_x509_ctx *cert, cal_buffer *not_before, uint8_t *fmt) |
ATCA_STATUS | atcac_get_expire_date (const struct atcac_x509_ctx *cert, cal_buffer *not_after, uint8_t *fmt) |
ATCA_STATUS | atcac_get_issuer (const struct atcac_x509_ctx *cert, cal_buffer *issuer_buf) |
ATCA_STATUS | atcac_get_cert_sn (const struct atcac_x509_ctx *cert, cal_buffer *cert_sn) |
ATCA_STATUS | atcac_get_auth_key_id (const struct atcac_x509_ctx *cert, cal_buffer *auth_key_id) |
void | atcac_x509_free (void *cert) |
Variables | |
const mbedtls_pk_info_t | atca_mbedtls_eckey_info |
Wrapper functions to replace cryptoauthlib software crypto functions with the mbedTLS equivalent.
ATCA_STATUS atcac_aes_cmac_finish | ( | struct atcac_aes_cmac_ctx * | ctx, |
uint8_t * | cmac, | ||
size_t * | cmac_size | ||
) |
Finish CMAC calculation and clear the CMAC context.
[in] | ctx | pointer to a aes-cmac context |
[out] | cmac | cmac value |
[in,out] | cmac_size | length of cmac |
ATCA_STATUS atcac_aes_cmac_init | ( | struct atcac_aes_cmac_ctx * | ctx, |
const uint8_t * | key, | ||
const uint8_t | key_len | ||
) |
Initialize context for performing CMAC in software.
[in] | ctx | pointer to a aes-cmac context |
[in] | key | key value to use |
[in] | key_len | length of the key |
ATCA_STATUS atcac_aes_cmac_update | ( | struct atcac_aes_cmac_ctx * | ctx, |
const uint8_t * | data, | ||
const size_t | data_size | ||
) |
Update CMAC context with input data.
[in] | ctx | pointer to a aes-cmac context |
[in] | data | input data |
[in] | data_size | length of input data |
ATCA_STATUS atcac_aes_gcm_aad_update | ( | struct atcac_aes_gcm_ctx * | ctx, |
const uint8_t * | aad, | ||
const size_t | aad_len | ||
) |
Update the GCM context with additional authentication data (AAD)
[in] | ctx | AES-GCM Context |
[in] | aad | Additional Authentication Data |
[in] | aad_len | Length of AAD |
ATCA_STATUS atcac_aes_gcm_decrypt_finish | ( | struct atcac_aes_gcm_ctx * | ctx, |
const uint8_t * | tag, | ||
size_t | tag_len, | ||
bool * | is_verified | ||
) |
Compare the AES-GCM tag and free the context.
[in] | ctx | AES-GCM Context |
[in] | tag | GCM Tag to Verify |
[in] | tag_len | Length of the GCM tag |
[out] | is_verified | Tag verified as matching |
ATCA_STATUS atcac_aes_gcm_decrypt_start | ( | struct atcac_aes_gcm_ctx * | ctx, |
const uint8_t * | key, | ||
const uint8_t | key_len, | ||
const uint8_t * | iv, | ||
const uint8_t | iv_len | ||
) |
Initialize an AES-GCM context for decryption.
[in] | ctx | AES-GCM Context |
[in] | key | AES Key |
[in] | key_len | Length of the AES key - should be 16 or 32 |
[in] | iv | Initialization vector input |
[in] | iv_len | Length of the initialization vector |
ATCA_STATUS atcac_aes_gcm_decrypt_update | ( | struct atcac_aes_gcm_ctx * | ctx, |
const uint8_t * | ciphertext, | ||
const size_t | ct_len, | ||
uint8_t * | plaintext, | ||
size_t * | pt_len | ||
) |
Decrypt ciphertext using the initialized context.
[in] | ctx | AES-GCM Context |
[in] | ciphertext | Ciphertext to decrypt |
[in] | ct_len | Length of the ciphertext |
[out] | plaintext | Resulting decrypted plaintext |
[in,out] | pt_len | Length of the plaintext buffer |
ATCA_STATUS atcac_aes_gcm_encrypt_finish | ( | struct atcac_aes_gcm_ctx * | ctx, |
uint8_t * | tag, | ||
size_t | tag_len | ||
) |
Get the AES-GCM tag and free the context.
[in] | ctx | AES-GCM Context |
[out] | tag | GCM Tag Result |
[in] | tag_len | Length of the GCM tag |
ATCA_STATUS atcac_aes_gcm_encrypt_start | ( | struct atcac_aes_gcm_ctx * | ctx, |
const uint8_t * | key, | ||
const uint8_t | key_len, | ||
const uint8_t * | iv, | ||
const uint8_t | iv_len | ||
) |
Initialize an AES-GCM context.
[in] | ctx | AES-GCM Context |
[in] | key | AES Key |
[in] | key_len | Length of the AES key - should be 16 or 32 |
[in] | iv | Initialization vector input |
[in] | iv_len | Length of the initialization vector |
ATCA_STATUS atcac_aes_gcm_encrypt_update | ( | struct atcac_aes_gcm_ctx * | ctx, |
const uint8_t * | plaintext, | ||
const size_t | pt_len, | ||
uint8_t * | ciphertext, | ||
size_t * | ct_len | ||
) |
Encrypt a data using the initialized context.
[in] | ctx | AES-GCM Context |
[in] | plaintext | Input buffer to encrypt |
[in] | pt_len | Length of the input |
[out] | ciphertext | Output buffer |
[in,out] | ct_len | Length of the ciphertext buffer |
ATCA_STATUS atcac_pk_derive | ( | struct atcac_pk_ctx * | private_ctx, |
struct atcac_pk_ctx * | public_ctx, | ||
uint8_t * | buf, | ||
size_t * | buflen | ||
) |
Execute the key agreement protocol for the provided keys (if they can)
ATCA_STATUS atcac_pk_free | ( | struct atcac_pk_ctx * | ctx | ) |
Free a public/private key structure.
[in] | ctx | pointer to a pk context |
ATCA_STATUS atcac_pk_init | ( | struct atcac_pk_ctx * | ctx, |
const uint8_t * | buf, | ||
size_t | buflen, | ||
uint8_t | key_type, | ||
bool | pubkey | ||
) |
Set up a public/private key structure for use in asymmetric cryptographic functions.
[in] | ctx | pointer to a pk context |
[in] | buf | buffer containing a pem encoded key |
[in] | buflen | length of the input buffer |
[in] | pubkey | buffer is a public key |
ATCA_STATUS atcac_pk_init_pem | ( | struct atcac_pk_ctx * | ctx, |
const uint8_t * | buf, | ||
size_t | buflen, | ||
bool | pubkey | ||
) |
Set up a public/private key structure for use in asymmetric cryptographic functions.
[in] | ctx | pointer to a pk context |
[in] | buf | buffer containing a pem encoded key |
[in] | buflen | length of the input buffer |
[in] | pubkey | buffer is a public key |
ATCA_STATUS atcac_pk_public | ( | struct atcac_pk_ctx * | ctx, |
uint8_t * | buf, | ||
size_t * | buflen | ||
) |
Get the public key from the context.
ATCA_STATUS atcac_pk_sign | ( | struct atcac_pk_ctx * | ctx, |
const uint8_t * | digest, | ||
size_t | dig_len, | ||
uint8_t * | signature, | ||
size_t * | sig_len | ||
) |
Perform a signature with the private key in the context.
ATCA_STATUS atcac_pk_verify | ( | struct atcac_pk_ctx * | ctx, |
const uint8_t * | digest, | ||
size_t | dig_len, | ||
const uint8_t * | signature, | ||
size_t | sig_len | ||
) |
Perform a verify using the public key in the provided context.
ATCA_STATUS atcac_sha256_hmac_finish | ( | struct atcac_hmac_ctx * | ctx, |
uint8_t * | digest, | ||
size_t * | digest_len | ||
) |
Finish CMAC calculation and clear the HMAC context.
[in] | ctx | pointer to a sha256-hmac context |
[out] | digest | hmac value |
[in,out] | digest_len | length of hmac |
ATCA_STATUS atcac_sha256_hmac_init | ( | struct atcac_hmac_ctx * | ctx, |
struct atcac_sha2_256_ctx * | sha256_ctx, | ||
const uint8_t * | key, | ||
const uint8_t | key_len | ||
) |
Initialize context for performing HMAC (sha256) in software.
[in] | ctx | pointer to a sha256-hmac context |
[in] | sha256_ctx | pointer to a sha256 context |
[in] | key | key value to use |
[in] | key_len | length of the key |
ATCA_STATUS atcac_sha256_hmac_update | ( | struct atcac_hmac_ctx * | ctx, |
const uint8_t * | data, | ||
size_t | data_size | ||
) |
Update HMAC context with input data.
[in] | ctx | pointer to a sha256-hmac context |
[in] | data | input data |
[in] | data_size | length of input data |
ATCA_STATUS atcac_sw_random | ( | uint8_t * | data, |
size_t | data_size | ||
) |
Return Random Bytes.
ATCA_STATUS atcac_sw_sha1_finish | ( | struct atcac_sha1_ctx * | ctx, |
uint8_t | digest[ATCA_SHA1_DIGEST_SIZE] | ||
) |
Complete the SHA1 hash in software and return the digest.
[in] | ctx | pointer to a hash context |
[out] | digest | output buffer (20 bytes) |
ATCA_STATUS atcac_sw_sha1_init | ( | struct atcac_sha1_ctx * | ctx | ) |
Initialize context for performing SHA1 hash in software.
[in] | ctx | pointer to a hash context |
ATCA_STATUS atcac_sw_sha1_update | ( | struct atcac_sha1_ctx * | ctx, |
const uint8_t * | data, | ||
size_t | data_size | ||
) |
Add data to a SHA1 hash.
[in] | ctx | pointer to a hash context |
[in] | data | input data buffer |
[in] | data_size | input data length |
const mbedtls_pk_info_t atca_mbedtls_eckey_info |