Wrapper functions to replace cryptoauthlib software crypto functions with the mbedTLS equivalent. More...

#include "atca_config_check.h"
#include "mbedtls/config.h"
#include <stdlib.h>
#include "mbedtls/cmac.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/pk.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/ecp.h"
#include "mbedtls/entropy.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/oid.h"
#include "cryptoauthlib.h"
#include "atca_mbedtls_wrap.h"
#include "atca_mbedtls_patch.h"
#include "crypto/atca_crypto_sw.h"
#include "atcacert/atcacert_client.h"
#include "atcacert/atcacert_def.h"
#include "mbedtls/pk_internal.h"
#include "atcacert/atcacert_der.h"

Macros
#define	mbedtls_calloc calloc

#define	mbedtls_free free

Functions
ATCA_STATUS	atcac_sw_random (uint8_t *data, size_t data_size)
	Return Random Bytes.

ATCA_STATUS	atcac_aes_gcm_aad_update (struct atcac_aes_gcm_ctx ctx, const uint8_t aad, const size_t aad_len)
	Update the GCM context with additional authentication data (AAD)

ATCA_STATUS	atcac_aes_gcm_encrypt_start (struct atcac_aes_gcm_ctx ctx, const uint8_t key, const uint8_t key_len, const uint8_t *iv, const uint8_t iv_len)
	Initialize an AES-GCM context.

ATCA_STATUS	atcac_aes_gcm_encrypt_update (struct atcac_aes_gcm_ctx ctx, const uint8_t plaintext, const size_t pt_len, uint8_t ciphertext, size_t ct_len)
	Encrypt a data using the initialized context.

ATCA_STATUS	atcac_aes_gcm_encrypt_finish (struct atcac_aes_gcm_ctx ctx, uint8_t tag, size_t tag_len)
	Get the AES-GCM tag and free the context.

ATCA_STATUS	atcac_aes_gcm_decrypt_start (struct atcac_aes_gcm_ctx ctx, const uint8_t key, const uint8_t key_len, const uint8_t *iv, const uint8_t iv_len)
	Initialize an AES-GCM context for decryption.

ATCA_STATUS	atcac_aes_gcm_decrypt_update (struct atcac_aes_gcm_ctx ctx, const uint8_t ciphertext, const size_t ct_len, uint8_t plaintext, size_t pt_len)
	Decrypt ciphertext using the initialized context.

ATCA_STATUS	atcac_aes_gcm_decrypt_finish (struct atcac_aes_gcm_ctx ctx, const uint8_t tag, size_t tag_len, bool *is_verified)
	Compare the AES-GCM tag and free the context.

ATCA_STATUS	atcac_sw_sha1_init (struct atcac_sha1_ctx *ctx)
	Initialize context for performing SHA1 hash in software.

ATCA_STATUS	atcac_sw_sha1_update (struct atcac_sha1_ctx ctx, const uint8_t data, size_t data_size)
	Add data to a SHA1 hash.

ATCA_STATUS	atcac_sw_sha1_finish (struct atcac_sha1_ctx *ctx, uint8_t digest[ATCA_SHA1_DIGEST_SIZE])
	Complete the SHA1 hash in software and return the digest.

ATCA_STATUS	atcac_aes_cmac_init (struct atcac_aes_cmac_ctx ctx, const uint8_t key, const uint8_t key_len)
	Initialize context for performing CMAC in software.

ATCA_STATUS	atcac_aes_cmac_update (struct atcac_aes_cmac_ctx ctx, const uint8_t data, const size_t data_size)
	Update CMAC context with input data.

ATCA_STATUS	atcac_aes_cmac_finish (struct atcac_aes_cmac_ctx ctx, uint8_t cmac, size_t *cmac_size)
	Finish CMAC calculation and clear the CMAC context.

ATCA_STATUS	atcac_sha256_hmac_init (struct atcac_hmac_ctx ctx, struct atcac_sha2_256_ctx sha256_ctx, const uint8_t *key, const uint8_t key_len)
	Initialize context for performing HMAC (sha256) in software.

ATCA_STATUS	atcac_sha256_hmac_update (struct atcac_hmac_ctx ctx, const uint8_t data, size_t data_size)
	Update HMAC context with input data.

ATCA_STATUS	atcac_sha256_hmac_finish (struct atcac_hmac_ctx ctx, uint8_t digest, size_t *digest_len)
	Finish CMAC calculation and clear the HMAC context.

ATCA_STATUS	atcac_pk_init (struct atcac_pk_ctx ctx, const uint8_t buf, size_t buflen, uint8_t key_type, bool pubkey)
	Set up a public/private key structure for use in asymmetric cryptographic functions.

ATCA_STATUS	atcac_pk_init_pem (struct atcac_pk_ctx ctx, const uint8_t buf, size_t buflen, bool pubkey)
	Set up a public/private key structure for use in asymmetric cryptographic functions.

ATCA_STATUS	atcac_pk_free (struct atcac_pk_ctx *ctx)
	Free a public/private key structure.

ATCA_STATUS	atcac_pk_public (struct atcac_pk_ctx ctx, uint8_t buf, size_t *buflen)
	Get the public key from the context.

ATCA_STATUS	atcac_pk_sign (struct atcac_pk_ctx ctx, const uint8_t digest, size_t dig_len, uint8_t signature, size_t sig_len)
	Perform a signature with the private key in the context.

ATCA_STATUS	atcac_pk_verify (struct atcac_pk_ctx ctx, const uint8_t digest, size_t dig_len, const uint8_t *signature, size_t sig_len)
	Perform a verify using the public key in the provided context.

ATCA_STATUS	atcac_pk_derive (struct atcac_pk_ctx private_ctx, struct atcac_pk_ctx public_ctx, uint8_t buf, size_t buflen)
	Execute the key agreement protocol for the provided keys (if they can)

int	atca_mbedtls_pk_init_ext (ATCADevice device, mbedtls_pk_context *pkey, const uint16_t slotid)
	Initializes an mbedtls pk context for use with EC operations.

int	atca_mbedtls_pk_init (mbedtls_pk_context *pkey, const uint16_t slotid)
	Initializes an mbedtls pk context for use with EC operations.

ATCA_STATUS	atcac_parse_der (struct atcac_x509_ctx *cert, cal_buffer der)

ATCA_STATUS	atcac_get_subject (const struct atcac_x509_ctx cert, cal_buffer cert_subject)

ATCA_STATUS	atcac_get_subj_public_key (const struct atcac_x509_ctx cert, cal_buffer subj_public_key)

ATCA_STATUS	atcac_get_subj_key_id (const struct atcac_x509_ctx cert, cal_buffer subj_public_key_id)

ATCA_STATUS	atcac_get_issue_date (const struct atcac_x509_ctx cert, cal_buffer not_before, uint8_t *fmt)

ATCA_STATUS	atcac_get_expire_date (const struct atcac_x509_ctx cert, cal_buffer not_after, uint8_t *fmt)

ATCA_STATUS	atcac_get_issuer (const struct atcac_x509_ctx cert, cal_buffer issuer_buf)

ATCA_STATUS	atcac_get_cert_sn (const struct atcac_x509_ctx cert, cal_buffer cert_sn)

ATCA_STATUS	atcac_get_auth_key_id (const struct atcac_x509_ctx cert, cal_buffer auth_key_id)

void	atcac_x509_free (void *cert)

Variables
const mbedtls_pk_info_t	atca_mbedtls_eckey_info

Detailed Description

Wrapper functions to replace cryptoauthlib software crypto functions with the mbedTLS equivalent.

Copyright: (c) 2015-2020 Microchip Technology Inc. and its subsidiaries.

Function Documentation

◆ atcac_aes_cmac_finish()

ATCA_STATUS atcac_aes_cmac_finish	(	struct atcac_aes_cmac_ctx *	ctx,
		uint8_t *	cmac,
		size_t *	cmac_size
	)

Finish CMAC calculation and clear the CMAC context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a aes-cmac context
[out]	cmac	cmac value
[in,out]	cmac_size	length of cmac

◆ atcac_aes_cmac_init()

ATCA_STATUS atcac_aes_cmac_init	(	struct atcac_aes_cmac_ctx *	ctx,
		const uint8_t *	key,
		const uint8_t	key_len
	)

Initialize context for performing CMAC in software.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a aes-cmac context
[in]	key	key value to use
[in]	key_len	length of the key

◆ atcac_aes_cmac_update()

ATCA_STATUS atcac_aes_cmac_update	(	struct atcac_aes_cmac_ctx *	ctx,
		const uint8_t *	data,
		const size_t	data_size
	)

Update CMAC context with input data.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a aes-cmac context
[in]	data	input data
[in]	data_size	length of input data

◆ atcac_aes_gcm_aad_update()

ATCA_STATUS atcac_aes_gcm_aad_update	(	struct atcac_aes_gcm_ctx *	ctx,
		const uint8_t *	aad,
		const size_t	aad_len
	)

Update the GCM context with additional authentication data (AAD)

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	AES-GCM Context
[in]	aad	Additional Authentication Data
[in]	aad_len	Length of AAD

◆ atcac_aes_gcm_decrypt_finish()

ATCA_STATUS atcac_aes_gcm_decrypt_finish	(	struct atcac_aes_gcm_ctx *	ctx,
		const uint8_t *	tag,
		size_t	tag_len,
		bool *	is_verified
	)

Compare the AES-GCM tag and free the context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	AES-GCM Context
[in]	tag	GCM Tag to Verify
[in]	tag_len	Length of the GCM tag
[out]	is_verified	Tag verified as matching

◆ atcac_aes_gcm_decrypt_start()

ATCA_STATUS atcac_aes_gcm_decrypt_start	(	struct atcac_aes_gcm_ctx *	ctx,
		const uint8_t *	key,
		const uint8_t	key_len,
		const uint8_t *	iv,
		const uint8_t	iv_len
	)

Initialize an AES-GCM context for decryption.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	AES-GCM Context
[in]	key	AES Key
[in]	key_len	Length of the AES key - should be 16 or 32
[in]	iv	Initialization vector input
[in]	iv_len	Length of the initialization vector

◆ atcac_aes_gcm_decrypt_update()

ATCA_STATUS atcac_aes_gcm_decrypt_update	(	struct atcac_aes_gcm_ctx *	ctx,
		const uint8_t *	ciphertext,
		const size_t	ct_len,
		uint8_t *	plaintext,
		size_t *	pt_len
	)

Decrypt ciphertext using the initialized context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	AES-GCM Context
[in]	ciphertext	Ciphertext to decrypt
[in]	ct_len	Length of the ciphertext
[out]	plaintext	Resulting decrypted plaintext
[in,out]	pt_len	Length of the plaintext buffer

◆ atcac_aes_gcm_encrypt_finish()

ATCA_STATUS atcac_aes_gcm_encrypt_finish	(	struct atcac_aes_gcm_ctx *	ctx,
		uint8_t *	tag,
		size_t	tag_len
	)

Get the AES-GCM tag and free the context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	AES-GCM Context
[out]	tag	GCM Tag Result
[in]	tag_len	Length of the GCM tag

◆ atcac_aes_gcm_encrypt_start()

ATCA_STATUS atcac_aes_gcm_encrypt_start	(	struct atcac_aes_gcm_ctx *	ctx,
		const uint8_t *	key,
		const uint8_t	key_len,
		const uint8_t *	iv,
		const uint8_t	iv_len
	)

Initialize an AES-GCM context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	AES-GCM Context
[in]	key	AES Key
[in]	key_len	Length of the AES key - should be 16 or 32
[in]	iv	Initialization vector input
[in]	iv_len	Length of the initialization vector

◆ atcac_aes_gcm_encrypt_update()

ATCA_STATUS atcac_aes_gcm_encrypt_update	(	struct atcac_aes_gcm_ctx *	ctx,
		const uint8_t *	plaintext,
		const size_t	pt_len,
		uint8_t *	ciphertext,
		size_t *	ct_len
	)

Encrypt a data using the initialized context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	AES-GCM Context
[in]	plaintext	Input buffer to encrypt
[in]	pt_len	Length of the input
[out]	ciphertext	Output buffer
[in,out]	ct_len	Length of the ciphertext buffer

◆ atcac_pk_derive()

ATCA_STATUS atcac_pk_derive	(	struct atcac_pk_ctx *	private_ctx,
		struct atcac_pk_ctx *	public_ctx,
		uint8_t *	buf,
		size_t *	buflen
	)

Execute the key agreement protocol for the provided keys (if they can)

Returns: ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_pk_free()

ATCA_STATUS atcac_pk_free ( struct atcac_pk_ctx * ctx )

Free a public/private key structure.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in] ctx pointer to a pk context

◆ atcac_pk_init()

ATCA_STATUS atcac_pk_init	(	struct atcac_pk_ctx *	ctx,
		const uint8_t *	buf,
		size_t	buflen,
		uint8_t	key_type,
		bool	pubkey
	)

Set up a public/private key structure for use in asymmetric cryptographic functions.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a pk context
[in]	buf	buffer containing a pem encoded key
[in]	buflen	length of the input buffer
[in]	pubkey	buffer is a public key

◆ atcac_pk_init_pem()

ATCA_STATUS atcac_pk_init_pem	(	struct atcac_pk_ctx *	ctx,
		const uint8_t *	buf,
		size_t	buflen,
		bool	pubkey
	)

Set up a public/private key structure for use in asymmetric cryptographic functions.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a pk context
[in]	buf	buffer containing a pem encoded key
[in]	buflen	length of the input buffer
[in]	pubkey	buffer is a public key

◆ atcac_pk_public()

ATCA_STATUS atcac_pk_public	(	struct atcac_pk_ctx *	ctx,
		uint8_t *	buf,
		size_t *	buflen
	)

Get the public key from the context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_pk_sign()

ATCA_STATUS atcac_pk_sign	(	struct atcac_pk_ctx *	ctx,
		const uint8_t *	digest,
		size_t	dig_len,
		uint8_t *	signature,
		size_t *	sig_len
	)

Perform a signature with the private key in the context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_pk_verify()

ATCA_STATUS atcac_pk_verify	(	struct atcac_pk_ctx *	ctx,
		const uint8_t *	digest,
		size_t	dig_len,
		const uint8_t *	signature,
		size_t	sig_len
	)

Perform a verify using the public key in the provided context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_sha256_hmac_finish()

ATCA_STATUS atcac_sha256_hmac_finish	(	struct atcac_hmac_ctx *	ctx,
		uint8_t *	digest,
		size_t *	digest_len
	)

Finish CMAC calculation and clear the HMAC context.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a sha256-hmac context
[out]	digest	hmac value
[in,out]	digest_len	length of hmac

◆ atcac_sha256_hmac_init()

ATCA_STATUS atcac_sha256_hmac_init	(	struct atcac_hmac_ctx *	ctx,
		struct atcac_sha2_256_ctx *	sha256_ctx,
		const uint8_t *	key,
		const uint8_t	key_len
	)

Initialize context for performing HMAC (sha256) in software.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a sha256-hmac context
[in]	sha256_ctx	pointer to a sha256 context
[in]	key	key value to use
[in]	key_len	length of the key

◆ atcac_sha256_hmac_update()

ATCA_STATUS atcac_sha256_hmac_update	(	struct atcac_hmac_ctx *	ctx,
		const uint8_t *	data,
		size_t	data_size
	)

Update HMAC context with input data.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a sha256-hmac context
[in]	data	input data
[in]	data_size	length of input data

◆ atcac_sw_random()

ATCA_STATUS atcac_sw_random	(	uint8_t *	data,
		size_t	data_size
	)

Return Random Bytes.

Returns: ATCA_SUCCESS on success, otherwise an error code.

◆ atcac_sw_sha1_finish()

ATCA_STATUS atcac_sw_sha1_finish	(	struct atcac_sha1_ctx *	ctx,
		uint8_t	digest[ATCA_SHA1_DIGEST_SIZE]
	)

Complete the SHA1 hash in software and return the digest.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a hash context
[out]	digest	output buffer (20 bytes)

◆ atcac_sw_sha1_init()

ATCA_STATUS atcac_sw_sha1_init ( struct atcac_sha1_ctx * ctx )

Initialize context for performing SHA1 hash in software.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in] ctx pointer to a hash context

◆ atcac_sw_sha1_update()

ATCA_STATUS atcac_sw_sha1_update	(	struct atcac_sha1_ctx *	ctx,
		const uint8_t *	data,
		size_t	data_size
	)

Add data to a SHA1 hash.

Returns: ATCA_SUCCESS on success, otherwise an error code.

Parameters

[in]	ctx	pointer to a hash context
[in]	data	input data buffer
[in]	data_size	input data length

Variable Documentation

◆ atca_mbedtls_eckey_info

const mbedtls_pk_info_t atca_mbedtls_eckey_info

Initial value:

= {
    MBEDTLS_PK_ECKEY,
    "EC",
    atca_mbedtls_eckey_get_bitlen,
    atca_mbedtls_eckey_can_do,
    atca_mbedtls_eckey_verify,
    atca_mbedtls_eckey_sign,
 
    NULL,
    NULL,
    atca_mbedtls_eckey_check_pair,
    atca_mbedtls_eckey_alloc,
    atca_mbedtls_eckey_free,
 
    atca_mbedtls_eckey_debug,
}

Macros

Functions

Variables

Detailed Description

Function Documentation

◆ atcac_aes_cmac_finish()

◆ atcac_aes_cmac_init()

◆ atcac_aes_cmac_update()

◆ atcac_aes_gcm_aad_update()

◆ atcac_aes_gcm_decrypt_finish()

◆ atcac_aes_gcm_decrypt_start()

◆ atcac_aes_gcm_decrypt_update()

◆ atcac_aes_gcm_encrypt_finish()

◆ atcac_aes_gcm_encrypt_start()

◆ atcac_aes_gcm_encrypt_update()

◆ atcac_pk_derive()

◆ atcac_pk_free()

◆ atcac_pk_init()

◆ atcac_pk_init_pem()

◆ atcac_pk_public()

◆ atcac_pk_sign()

◆ atcac_pk_verify()

◆ atcac_sha256_hmac_finish()

◆ atcac_sha256_hmac_init()

◆ atcac_sha256_hmac_update()

◆ atcac_sw_random()

◆ atcac_sw_sha1_finish()

◆ atcac_sw_sha1_init()

◆ atcac_sw_sha1_update()

Variable Documentation

◆ atca_mbedtls_eckey_info