CryptoAuthLib v3.7.6
Microchip CryptoAuthentication Library
 
Loading...
Searching...
No Matches
atca_mbedtls_wrap.c File Reference

Wrapper functions to replace cryptoauthlib software crypto functions with the mbedTLS equivalent. More...

#include "atca_config_check.h"
#include "mbedtls/config.h"
#include <stdlib.h>
#include "mbedtls/cmac.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/pk.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/ecp.h"
#include "mbedtls/entropy.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/oid.h"
#include "cryptoauthlib.h"
#include "atca_mbedtls_wrap.h"
#include "atca_mbedtls_patch.h"
#include "crypto/atca_crypto_sw.h"
#include "atcacert/atcacert_client.h"
#include "atcacert/atcacert_def.h"
#include "mbedtls/pk_internal.h"
#include "atcacert/atcacert_der.h"

Macros

#define mbedtls_calloc   calloc
 
#define mbedtls_free   free
 

Functions

ATCA_STATUS atcac_sw_random (uint8_t *data, size_t data_size)
 Return Random Bytes.
 
ATCA_STATUS atcac_aes_gcm_aad_update (struct atcac_aes_gcm_ctx *ctx, const uint8_t *aad, const size_t aad_len)
 Update the GCM context with additional authentication data (AAD)
 
ATCA_STATUS atcac_aes_gcm_encrypt_start (struct atcac_aes_gcm_ctx *ctx, const uint8_t *key, const uint8_t key_len, const uint8_t *iv, const uint8_t iv_len)
 Initialize an AES-GCM context.
 
ATCA_STATUS atcac_aes_gcm_encrypt_update (struct atcac_aes_gcm_ctx *ctx, const uint8_t *plaintext, const size_t pt_len, uint8_t *ciphertext, size_t *ct_len)
 Encrypt a data using the initialized context.
 
ATCA_STATUS atcac_aes_gcm_encrypt_finish (struct atcac_aes_gcm_ctx *ctx, uint8_t *tag, size_t tag_len)
 Get the AES-GCM tag and free the context.
 
ATCA_STATUS atcac_aes_gcm_decrypt_start (struct atcac_aes_gcm_ctx *ctx, const uint8_t *key, const uint8_t key_len, const uint8_t *iv, const uint8_t iv_len)
 Initialize an AES-GCM context for decryption.
 
ATCA_STATUS atcac_aes_gcm_decrypt_update (struct atcac_aes_gcm_ctx *ctx, const uint8_t *ciphertext, const size_t ct_len, uint8_t *plaintext, size_t *pt_len)
 Decrypt ciphertext using the initialized context.
 
ATCA_STATUS atcac_aes_gcm_decrypt_finish (struct atcac_aes_gcm_ctx *ctx, const uint8_t *tag, size_t tag_len, bool *is_verified)
 Compare the AES-GCM tag and free the context.
 
ATCA_STATUS atcac_sw_sha1_init (struct atcac_sha1_ctx *ctx)
 Initialize context for performing SHA1 hash in software.
 
ATCA_STATUS atcac_sw_sha1_update (struct atcac_sha1_ctx *ctx, const uint8_t *data, size_t data_size)
 Add data to a SHA1 hash.
 
ATCA_STATUS atcac_sw_sha1_finish (struct atcac_sha1_ctx *ctx, uint8_t digest[ATCA_SHA1_DIGEST_SIZE])
 Complete the SHA1 hash in software and return the digest.
 
ATCA_STATUS atcac_aes_cmac_init (struct atcac_aes_cmac_ctx *ctx, const uint8_t *key, const uint8_t key_len)
 Initialize context for performing CMAC in software.
 
ATCA_STATUS atcac_aes_cmac_update (struct atcac_aes_cmac_ctx *ctx, const uint8_t *data, const size_t data_size)
 Update CMAC context with input data.
 
ATCA_STATUS atcac_aes_cmac_finish (struct atcac_aes_cmac_ctx *ctx, uint8_t *cmac, size_t *cmac_size)
 Finish CMAC calculation and clear the CMAC context.
 
ATCA_STATUS atcac_sha256_hmac_init (struct atcac_hmac_ctx *ctx, struct atcac_sha2_256_ctx *sha256_ctx, const uint8_t *key, const uint8_t key_len)
 Initialize context for performing HMAC (sha256) in software.
 
ATCA_STATUS atcac_sha256_hmac_update (struct atcac_hmac_ctx *ctx, const uint8_t *data, size_t data_size)
 Update HMAC context with input data.
 
ATCA_STATUS atcac_sha256_hmac_finish (struct atcac_hmac_ctx *ctx, uint8_t *digest, size_t *digest_len)
 Finish CMAC calculation and clear the HMAC context.
 
ATCA_STATUS atcac_pk_init (struct atcac_pk_ctx *ctx, const uint8_t *buf, size_t buflen, uint8_t key_type, bool pubkey)
 Set up a public/private key structure for use in asymmetric cryptographic functions.
 
ATCA_STATUS atcac_pk_init_pem (struct atcac_pk_ctx *ctx, const uint8_t *buf, size_t buflen, bool pubkey)
 Set up a public/private key structure for use in asymmetric cryptographic functions.
 
ATCA_STATUS atcac_pk_free (struct atcac_pk_ctx *ctx)
 Free a public/private key structure.
 
ATCA_STATUS atcac_pk_public (struct atcac_pk_ctx *ctx, uint8_t *buf, size_t *buflen)
 Get the public key from the context.
 
ATCA_STATUS atcac_pk_sign (struct atcac_pk_ctx *ctx, const uint8_t *digest, size_t dig_len, uint8_t *signature, size_t *sig_len)
 Perform a signature with the private key in the context.
 
ATCA_STATUS atcac_pk_verify (struct atcac_pk_ctx *ctx, const uint8_t *digest, size_t dig_len, const uint8_t *signature, size_t sig_len)
 Perform a verify using the public key in the provided context.
 
ATCA_STATUS atcac_pk_derive (struct atcac_pk_ctx *private_ctx, struct atcac_pk_ctx *public_ctx, uint8_t *buf, size_t *buflen)
 Execute the key agreement protocol for the provided keys (if they can)
 
int atca_mbedtls_pk_init_ext (ATCADevice device, mbedtls_pk_context *pkey, const uint16_t slotid)
 Initializes an mbedtls pk context for use with EC operations.
 
int atca_mbedtls_pk_init (mbedtls_pk_context *pkey, const uint16_t slotid)
 Initializes an mbedtls pk context for use with EC operations.
 
ATCA_STATUS atcac_parse_der (struct atcac_x509_ctx **cert, cal_buffer *der)
 
ATCA_STATUS atcac_get_subject (const struct atcac_x509_ctx *cert, cal_buffer *cert_subject)
 
ATCA_STATUS atcac_get_subj_public_key (const struct atcac_x509_ctx *cert, cal_buffer *subj_public_key)
 
ATCA_STATUS atcac_get_subj_key_id (const struct atcac_x509_ctx *cert, cal_buffer *subj_public_key_id)
 
ATCA_STATUS atcac_get_issue_date (const struct atcac_x509_ctx *cert, cal_buffer *not_before, uint8_t *fmt)
 
ATCA_STATUS atcac_get_expire_date (const struct atcac_x509_ctx *cert, cal_buffer *not_after, uint8_t *fmt)
 
ATCA_STATUS atcac_get_issuer (const struct atcac_x509_ctx *cert, cal_buffer *issuer_buf)
 
ATCA_STATUS atcac_get_cert_sn (const struct atcac_x509_ctx *cert, cal_buffer *cert_sn)
 
ATCA_STATUS atcac_get_auth_key_id (const struct atcac_x509_ctx *cert, cal_buffer *auth_key_id)
 
void atcac_x509_free (void *cert)
 

Variables

const mbedtls_pk_info_t atca_mbedtls_eckey_info
 

Detailed Description

Wrapper functions to replace cryptoauthlib software crypto functions with the mbedTLS equivalent.

Function Documentation

◆ atcac_aes_cmac_finish()

ATCA_STATUS atcac_aes_cmac_finish ( struct atcac_aes_cmac_ctx ctx,
uint8_t *  cmac,
size_t *  cmac_size 
)

Finish CMAC calculation and clear the CMAC context.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a aes-cmac context
[out]cmaccmac value
[in,out]cmac_sizelength of cmac

◆ atcac_aes_cmac_init()

ATCA_STATUS atcac_aes_cmac_init ( struct atcac_aes_cmac_ctx ctx,
const uint8_t *  key,
const uint8_t  key_len 
)

Initialize context for performing CMAC in software.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a aes-cmac context
[in]keykey value to use
[in]key_lenlength of the key

◆ atcac_aes_cmac_update()

ATCA_STATUS atcac_aes_cmac_update ( struct atcac_aes_cmac_ctx ctx,
const uint8_t *  data,
const size_t  data_size 
)

Update CMAC context with input data.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a aes-cmac context
[in]datainput data
[in]data_sizelength of input data

◆ atcac_aes_gcm_aad_update()

ATCA_STATUS atcac_aes_gcm_aad_update ( struct atcac_aes_gcm_ctx ctx,
const uint8_t *  aad,
const size_t  aad_len 
)

Update the GCM context with additional authentication data (AAD)

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxAES-GCM Context
[in]aadAdditional Authentication Data
[in]aad_lenLength of AAD

◆ atcac_aes_gcm_decrypt_finish()

ATCA_STATUS atcac_aes_gcm_decrypt_finish ( struct atcac_aes_gcm_ctx ctx,
const uint8_t *  tag,
size_t  tag_len,
bool *  is_verified 
)

Compare the AES-GCM tag and free the context.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxAES-GCM Context
[in]tagGCM Tag to Verify
[in]tag_lenLength of the GCM tag
[out]is_verifiedTag verified as matching

◆ atcac_aes_gcm_decrypt_start()

ATCA_STATUS atcac_aes_gcm_decrypt_start ( struct atcac_aes_gcm_ctx ctx,
const uint8_t *  key,
const uint8_t  key_len,
const uint8_t *  iv,
const uint8_t  iv_len 
)

Initialize an AES-GCM context for decryption.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxAES-GCM Context
[in]keyAES Key
[in]key_lenLength of the AES key - should be 16 or 32
[in]ivInitialization vector input
[in]iv_lenLength of the initialization vector

◆ atcac_aes_gcm_decrypt_update()

ATCA_STATUS atcac_aes_gcm_decrypt_update ( struct atcac_aes_gcm_ctx ctx,
const uint8_t *  ciphertext,
const size_t  ct_len,
uint8_t *  plaintext,
size_t *  pt_len 
)

Decrypt ciphertext using the initialized context.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxAES-GCM Context
[in]ciphertextCiphertext to decrypt
[in]ct_lenLength of the ciphertext
[out]plaintextResulting decrypted plaintext
[in,out]pt_lenLength of the plaintext buffer

◆ atcac_aes_gcm_encrypt_finish()

ATCA_STATUS atcac_aes_gcm_encrypt_finish ( struct atcac_aes_gcm_ctx ctx,
uint8_t *  tag,
size_t  tag_len 
)

Get the AES-GCM tag and free the context.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxAES-GCM Context
[out]tagGCM Tag Result
[in]tag_lenLength of the GCM tag

◆ atcac_aes_gcm_encrypt_start()

ATCA_STATUS atcac_aes_gcm_encrypt_start ( struct atcac_aes_gcm_ctx ctx,
const uint8_t *  key,
const uint8_t  key_len,
const uint8_t *  iv,
const uint8_t  iv_len 
)

Initialize an AES-GCM context.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxAES-GCM Context
[in]keyAES Key
[in]key_lenLength of the AES key - should be 16 or 32
[in]ivInitialization vector input
[in]iv_lenLength of the initialization vector

◆ atcac_aes_gcm_encrypt_update()

ATCA_STATUS atcac_aes_gcm_encrypt_update ( struct atcac_aes_gcm_ctx ctx,
const uint8_t *  plaintext,
const size_t  pt_len,
uint8_t *  ciphertext,
size_t *  ct_len 
)

Encrypt a data using the initialized context.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxAES-GCM Context
[in]plaintextInput buffer to encrypt
[in]pt_lenLength of the input
[out]ciphertextOutput buffer
[in,out]ct_lenLength of the ciphertext buffer

◆ atcac_pk_derive()

ATCA_STATUS atcac_pk_derive ( struct atcac_pk_ctx private_ctx,
struct atcac_pk_ctx public_ctx,
uint8_t *  buf,
size_t *  buflen 
)

Execute the key agreement protocol for the provided keys (if they can)

Returns
ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_pk_free()

ATCA_STATUS atcac_pk_free ( struct atcac_pk_ctx ctx)

Free a public/private key structure.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a pk context

◆ atcac_pk_init()

ATCA_STATUS atcac_pk_init ( struct atcac_pk_ctx ctx,
const uint8_t *  buf,
size_t  buflen,
uint8_t  key_type,
bool  pubkey 
)

Set up a public/private key structure for use in asymmetric cryptographic functions.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a pk context
[in]bufbuffer containing a pem encoded key
[in]buflenlength of the input buffer
[in]pubkeybuffer is a public key

◆ atcac_pk_init_pem()

ATCA_STATUS atcac_pk_init_pem ( struct atcac_pk_ctx ctx,
const uint8_t *  buf,
size_t  buflen,
bool  pubkey 
)

Set up a public/private key structure for use in asymmetric cryptographic functions.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a pk context
[in]bufbuffer containing a pem encoded key
[in]buflenlength of the input buffer
[in]pubkeybuffer is a public key

◆ atcac_pk_public()

ATCA_STATUS atcac_pk_public ( struct atcac_pk_ctx ctx,
uint8_t *  buf,
size_t *  buflen 
)

Get the public key from the context.

Returns
ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_pk_sign()

ATCA_STATUS atcac_pk_sign ( struct atcac_pk_ctx ctx,
const uint8_t *  digest,
size_t  dig_len,
uint8_t *  signature,
size_t *  sig_len 
)

Perform a signature with the private key in the context.

Returns
ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_pk_verify()

ATCA_STATUS atcac_pk_verify ( struct atcac_pk_ctx ctx,
const uint8_t *  digest,
size_t  dig_len,
const uint8_t *  signature,
size_t  sig_len 
)

Perform a verify using the public key in the provided context.

Returns
ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_sha256_hmac_finish()

ATCA_STATUS atcac_sha256_hmac_finish ( struct atcac_hmac_ctx ctx,
uint8_t *  digest,
size_t *  digest_len 
)

Finish CMAC calculation and clear the HMAC context.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a sha256-hmac context
[out]digesthmac value
[in,out]digest_lenlength of hmac

◆ atcac_sha256_hmac_init()

ATCA_STATUS atcac_sha256_hmac_init ( struct atcac_hmac_ctx ctx,
struct atcac_sha2_256_ctx sha256_ctx,
const uint8_t *  key,
const uint8_t  key_len 
)

Initialize context for performing HMAC (sha256) in software.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a sha256-hmac context
[in]sha256_ctxpointer to a sha256 context
[in]keykey value to use
[in]key_lenlength of the key

◆ atcac_sha256_hmac_update()

ATCA_STATUS atcac_sha256_hmac_update ( struct atcac_hmac_ctx ctx,
const uint8_t *  data,
size_t  data_size 
)

Update HMAC context with input data.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a sha256-hmac context
[in]datainput data
[in]data_sizelength of input data

◆ atcac_sw_random()

ATCA_STATUS atcac_sw_random ( uint8_t *  data,
size_t  data_size 
)

Return Random Bytes.

Returns
ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_sw_sha1_finish()

ATCA_STATUS atcac_sw_sha1_finish ( struct atcac_sha1_ctx ctx,
uint8_t  digest[ATCA_SHA1_DIGEST_SIZE] 
)

Complete the SHA1 hash in software and return the digest.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a hash context
[out]digestoutput buffer (20 bytes)

◆ atcac_sw_sha1_init()

ATCA_STATUS atcac_sw_sha1_init ( struct atcac_sha1_ctx ctx)

Initialize context for performing SHA1 hash in software.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a hash context

◆ atcac_sw_sha1_update()

ATCA_STATUS atcac_sw_sha1_update ( struct atcac_sha1_ctx ctx,
const uint8_t *  data,
size_t  data_size 
)

Add data to a SHA1 hash.

Returns
ATCA_SUCCESS on success, otherwise an error code.
Parameters
[in]ctxpointer to a hash context
[in]datainput data buffer
[in]data_sizeinput data length

Variable Documentation

◆ atca_mbedtls_eckey_info

const mbedtls_pk_info_t atca_mbedtls_eckey_info
Initial value:
= {
MBEDTLS_PK_ECKEY,
"EC",
atca_mbedtls_eckey_get_bitlen,
atca_mbedtls_eckey_can_do,
atca_mbedtls_eckey_verify,
atca_mbedtls_eckey_sign,
NULL,
NULL,
atca_mbedtls_eckey_check_pair,
atca_mbedtls_eckey_alloc,
atca_mbedtls_eckey_free,
atca_mbedtls_eckey_debug,
}