CryptoAuthLib v3.7.6
Microchip CryptoAuthentication Library
 
Loading...
Searching...
No Matches
Certificate manipulation methods (atcacert_)

These methods provide convenient ways to perform certification I/O with CryptoAuth chips and perform certificate manipulation in memory. More...

Data Structures

struct  atcacert_tm_utc_s
 
struct  atcacert_device_loc_s
 
struct  atcacert_cert_loc_s
 
struct  atcacert_cert_element_s
 
struct  atcacert_def_s
 
struct  atcacert_build_state_s
 

Macros

#define FALSE   (0)
 
#define TRUE   (1)
 
#define ATCACERT_E_SUCCESS   ATCA_SUCCESS
 
#define ATCACERT_E_ERROR   ATCA_GEN_FAIL
 
#define ATCACERT_E_BAD_PARAMS   ATCA_BAD_PARAM
 
#define ATCACERT_E_BUFFER_TOO_SMALL   ATCA_SMALL_BUFFER
 
#define ATCACERT_E_UNIMPLEMENTED   ATCA_UNIMPLEMENTED
 
#define ATCACERT_E_DECODING_ERROR   4
 
#define ATCACERT_E_INVALID_DATE   5
 
#define ATCACERT_E_UNEXPECTED_ELEM_SIZE   7
 
#define ATCACERT_E_ELEM_MISSING   8
 
#define ATCACERT_E_ELEM_OUT_OF_BOUNDS   9
 
#define ATCACERT_E_BAD_CERT   10
 
#define ATCACERT_E_WRONG_CERT_DEF   11
 
#define ATCACERT_E_VERIFY_FAILED   12
 
#define ATCACERT_E_INVALID_TRANSFORM   13
 
#define DATEFMT_ISO8601_SEP   (0U)
 ISO8601 full date YYYY-MM-DDThh:mm:ssZ.
 
#define DATEFMT_RFC5280_UTC   (1U)
 RFC 5280 (X.509) 4.1.2.5.1 UTCTime format YYMMDDhhmmssZ.
 
#define DATEFMT_POSIX_UINT32_BE   (2U)
 POSIX (aka UNIX) date format. Seconds since Jan 1, 1970. 32 bit unsigned integer, big endian.
 
#define DATEFMT_POSIX_UINT32_LE   (3U)
 POSIX (aka UNIX) date format. Seconds since Jan 1, 1970. 32 bit unsigned integer, little endian.
 
#define DATEFMT_RFC5280_GEN   (4U)
 RFC 5280 (X.509) 4.1.2.5.2 GeneralizedTime format YYYYMMDDhhmmssZ.
 
#define DATEFMT_INVALID   (0xFFU)
 
#define DATEFMT_ISO8601_SEP_SIZE   (20)
 
#define DATEFMT_RFC5280_UTC_SIZE   (13)
 
#define DATEFMT_POSIX_UINT32_BE_SIZE   (4)
 
#define DATEFMT_POSIX_UINT32_LE_SIZE   (4)
 
#define DATEFMT_RFC5280_GEN_SIZE   (15)
 
#define DATEFMT_MAX_SIZE   DATEFMT_ISO8601_SEP_SIZE
 
#define ATCACERT_DATE_FORMAT_SIZES_COUNT   5
 
#define ATCACERT_COMP_CERT_MAX_SIZE   72u
 
#define atcacert_date_enc_posix_uint32_be   atcacert_date_enc_posix_be
 
#define atcacert_date_dec_posix_uint32_be   atcacert_date_dec_posix_be
 
#define atcacert_date_enc_posix_uint32_le   atcacert_date_enc_posix_le
 
#define atcacert_date_dec_posix_uint32_le   atcacert_date_dec_posix_le
 

Typedefs

typedef struct atcacert_tm_utc_s atcacert_tm_utc_t
 
typedef uint8_t atcacert_date_format_t
 
typedef enum atcacert_cert_type_e atcacert_cert_type_t
 
typedef enum atcacert_cert_sn_src_e atcacert_cert_sn_src_t
 
typedef enum atcacert_device_zone_e atcacert_device_zone_t
 
typedef enum atcacert_transform_e atcacert_transform_t
 How to transform the data from the device to the certificate.
 
typedef enum atcacert_std_cert_element_e atcacert_std_cert_element_t
 
typedef struct ATCA_PACKED atcacert_device_loc_s atcacert_device_loc_t
 
typedef struct ATCA_PACKED atcacert_cert_loc_s atcacert_cert_loc_t
 
typedef struct ATCA_PACKED atcacert_cert_element_s atcacert_cert_element_t
 
typedef struct atcacert_def_s atcacert_def_t
 
typedef struct atcacert_build_state_s atcacert_build_state_t
 

Enumerations

enum  atcacert_cert_type_e { CERTTYPE_X509 , CERTTYPE_CUSTOM , CERTTYPE_X509_FULL_STORED }
 
enum  atcacert_cert_sn_src_e {
  SNSRC_STORED = 0x0 , SNSRC_STORED_DYNAMIC = 0x7 , SNSRC_DEVICE_SN = 0x8 , SNSRC_SIGNER_ID = 0x9 ,
  SNSRC_PUB_KEY_HASH = 0xA , SNSRC_DEVICE_SN_HASH = 0xB , SNSRC_PUB_KEY_HASH_POS = 0xC , SNSRC_DEVICE_SN_HASH_POS = 0xD ,
  SNSRC_PUB_KEY_HASH_RAW = 0xE , SNSRC_DEVICE_SN_HASH_RAW = 0xF
}
 
enum  atcacert_device_zone_e {
  DEVZONE_CONFIG = 0x00 , DEVZONE_OTP = 0x01 , DEVZONE_DATA = 0x02 , DEVZONE_GENKEY = 0x03 ,
  DEVZONE_NONE = 0x07
}
 
enum  atcacert_transform_e {
  TF_NONE , TF_REVERSE , TF_BIN2HEX_UC , TF_BIN2HEX_LC ,
  TF_HEX2BIN_UC , TF_HEX2BIN_LC , TF_BIN2HEX_SPACE_UC , TF_BIN2HEX_SPACE_LC ,
  TF_HEX2BIN_SPACE_UC , TF_HEX2BIN_SPACE_LC
}
 How to transform the data from the device to the certificate. More...
 
enum  atcacert_std_cert_element_e {
  STDCERT_PUBLIC_KEY , STDCERT_SIGNATURE , STDCERT_ISSUE_DATE , STDCERT_EXPIRE_DATE ,
  STDCERT_SIGNER_ID , STDCERT_CERT_SN , STDCERT_AUTH_KEY_ID , STDCERT_SUBJ_KEY_ID ,
  STDCERT_NUM_ELEMENTS
}
 

Functions

ATCA_STATUS atcacert_read_device_loc (const atcacert_device_loc_t *device_loc, uint8_t *data)
 Read the data from a device location.
 
ATCA_STATUS atcacert_read_device_loc_ext (ATCADevice device, const atcacert_device_loc_t *device_loc, uint8_t *data)
 Read the data from a device location.
 
ATCA_STATUS atcacert_read_cert (const atcacert_def_t *cert_def, const uint8_t ca_public_key[64], uint8_t *cert, size_t *cert_size)
 Reads the certificate specified by the certificate definition from the ATECC508A device.
 
ATCA_STATUS atcacert_read_cert_ext (ATCADevice device, const atcacert_def_t *cert_def, const uint8_t ca_public_key[64], uint8_t *cert, size_t *cert_size)
 Reads the certificate specified by the certificate definition from the ATECC508A device.
 
ATCA_STATUS atcacert_write_cert (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size)
 Take a full certificate and write it to the ATECC508A device according to the certificate definition.
 
ATCA_STATUS atcacert_write_cert_ext (ATCADevice device, const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size)
 Take a full certificate and write it to the ATECC508A device according to the certificate definition.
 
ATCA_STATUS atcacert_create_csr (const atcacert_def_t *csr_def, uint8_t *csr, size_t *csr_size)
 Creates a CSR specified by the CSR definition from the ATECC508A device. This process involves reading the dynamic CSR data from the device and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format.
 
ATCA_STATUS atcacert_create_csr_pem (const atcacert_def_t *csr_def, char *csr, size_t *csr_size)
 Creates a CSR specified by the CSR definition from the ATECC508A device. This process involves reading the dynamic CSR data from the device and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format.
 
ATCA_STATUS atcacert_get_response (uint8_t device_private_key_slot, const uint8_t challenge[32], uint8_t response[64])
 Calculates the response to a challenge sent from the host.
 
ATCA_STATUS atcacert_read_subj_key_id (const atcacert_def_t *cert_def, uint8_t subj_key_id[20])
 Reads the subject key ID based on a certificate definition.
 
ATCA_STATUS atcacert_read_subj_key_id_ext (ATCADevice device, const atcacert_def_t *cert_def, uint8_t subj_key_id[20])
 Reads the subject key ID based on a certificate definition.
 
ATCA_STATUS atcacert_read_cert_size (const atcacert_def_t *cert_def, size_t *cert_size)
 Return the actual certificate size in bytes for a given cert def. Certificate can be variable size, so this gives the absolute buffer size when reading the certificates.
 
ATCA_STATUS atcacert_read_cert_size_ext (ATCADevice device, const atcacert_def_t *cert_def, size_t *cert_size)
 Return the actual certificate size in bytes for a given cert def. Certificate can be variable size, so this gives the absolute buffer size when reading the certificates.
 
ATCA_STATUS atcacert_date_enc (atcacert_date_format_t format, const atcacert_tm_utc_t *timestamp, uint8_t *formatted_date, size_t *formatted_date_size)
 Format a timestamp according to the format type.
 
ATCA_STATUS atcacert_date_dec (atcacert_date_format_t format, const uint8_t *formatted_date, size_t formatted_date_size, atcacert_tm_utc_t *timestamp)
 Parse a formatted timestamp according to the specified format.
 
ATCA_STATUS atcacert_date_enc_compcert (const atcacert_tm_utc_t *issue_date, uint8_t expire_years, uint8_t enc_dates[3])
 Encode the issue and expire dates in the format used by the compressed certificate.
 
ATCA_STATUS atcacert_date_enc_compcert_ext (const atcacert_tm_utc_t *issue_date, uint8_t expire_years, uint8_t comp_cert[72u])
 Encode the issue and expire dates in the format used by the compressed certificate.
 
ATCA_STATUS atcacert_date_dec_compcert (const uint8_t enc_dates[3], atcacert_date_format_t expire_date_format, atcacert_tm_utc_t *issue_date, atcacert_tm_utc_t *expire_date)
 Decode the issue and expire dates from the format used by the compressed certificate.
 
ATCA_STATUS atcacert_date_dec_compcert_ext (const uint8_t comp_cert[72u], atcacert_date_format_t expire_date_format, atcacert_tm_utc_t *issue_date, atcacert_tm_utc_t *expire_date)
 Decode the issue and expire dates from the format used by the compressed certificate.
 
atcacert_date_format_t atcacert_date_from_asn1_tag (const uint8_t tag)
 Convert the asn1 tag for the supported time formats into the local time format.
 
ATCA_STATUS atcacert_date_get_max_date (atcacert_date_format_t format, atcacert_tm_utc_t *timestamp)
 Return the maximum date available for the given format.
 
ATCA_STATUS atcacert_date_enc_iso8601_sep (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(20)])
 
ATCA_STATUS atcacert_date_dec_iso8601_sep (const uint8_t formatted_date[(20)], atcacert_tm_utc_t *timestamp)
 
ATCA_STATUS atcacert_date_enc_rfc5280_utc (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(13)])
 
ATCA_STATUS atcacert_date_dec_rfc5280_utc (const uint8_t formatted_date[(13)], atcacert_tm_utc_t *timestamp)
 
ATCA_STATUS atcacert_date_enc_rfc5280_gen (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(15)])
 
ATCA_STATUS atcacert_date_dec_rfc5280_gen (const uint8_t formatted_date[(15)], atcacert_tm_utc_t *timestamp)
 
ATCA_STATUS atcacert_date_enc_posix_be (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(4)])
 
ATCA_STATUS atcacert_date_dec_posix_be (const uint8_t formatted_date[(4)], atcacert_tm_utc_t *timestamp)
 
ATCA_STATUS atcacert_date_enc_posix_le (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(4)])
 
ATCA_STATUS atcacert_date_dec_posix_le (const uint8_t formatted_date[(4)], atcacert_tm_utc_t *timestamp)
 
int atcacert_date_cmp (const atcacert_tm_utc_t *timestamp1, const atcacert_tm_utc_t *timestamp2)
 Compare two dates.
 
ATCA_STATUS atcacert_get_subject (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, cal_buffer *cert_subj_buf)
 Gets the subject name from a certificate.
 
ATCA_STATUS atcacert_get_subj_public_key (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, cal_buffer *subj_public_key)
 Gets the subject public key from a certificate.
 
ATCA_STATUS atcacert_get_subj_key_id (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_key_id[20])
 Gets the subject key ID from a certificate.
 
ATCA_STATUS atcacert_get_issuer (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t cert_issuer[128])
 Gets the issuer name of a certificate.
 
ATCA_STATUS atcacert_get_issue_date (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
 Gets the issue date from a certificate. Will be parsed according to the date format specified in the certificate definition.
 
ATCA_STATUS atcacert_get_expire_date (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
 Gets the expire date from a certificate. Will be parsed according to the date format specified in the certificate definition.
 
ATCA_STATUS atcacert_get_cert_sn (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t *cert_sn, size_t *cert_sn_size)
 Gets the certificate serial number from a certificate.
 
ATCA_STATUS atcacert_get_auth_key_id (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t auth_key_id[20])
 Gets the authority key ID from a certificate.
 
int atcacert_calc_expire_years (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, int issue_tm_year, uint8_t *expire_years)
 
ATCA_STATUS atcacert_der_enc_length (size_t length, uint8_t *der_length, size_t *der_length_size)
 Encode a length in DER format.
 
ATCA_STATUS atcacert_der_dec_length (const uint8_t *der_length, size_t *der_length_size, size_t *length)
 Decode a DER format length.
 
ATCA_STATUS atcacert_der_adjust_length (uint8_t *der_length, size_t *der_length_size, int delta_length, size_t *new_length)
 
ATCA_STATUS atcacert_der_enc_integer (const uint8_t *int_data, size_t int_data_size, uint8_t is_unsigned, uint8_t *der_int, size_t *der_int_size)
 Encode an ASN.1 integer in DER format, including tag and length fields.
 
ATCA_STATUS atcacert_der_dec_integer (const uint8_t *der_int, size_t *der_int_size, uint8_t *int_data, size_t *int_data_size)
 Decode an ASN.1 DER encoded integer.
 
ATCA_STATUS atcacert_der_enc_ecdsa_sig_value (const uint8_t raw_sig[64], uint8_t *der_sig, size_t *der_sig_size)
 Formats a raw ECDSA P256 signature in the DER encoding found in X.509 certificates.
 
ATCA_STATUS atcacert_der_dec_ecdsa_sig_value (const uint8_t *der_sig, size_t *der_sig_size, uint8_t raw_sig[64])
 Parses an ECDSA P256 signature in the DER encoding as found in X.509 certificates.
 
ATCA_STATUS atcacert_verify_cert_hw (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t ca_public_key[64])
 Verify a certificate against its certificate authority's public key using the host's ATECC device for crypto functions.
 
ATCA_STATUS atcacert_gen_challenge_hw (uint8_t challenge[32])
 Generate a random challenge to be sent to the client using the RNG on the host's ATECC device.
 
ATCA_STATUS atcacert_verify_response_hw (const uint8_t device_public_key[64], const uint8_t challenge[32], const uint8_t response[64])
 Verify a client's response to a challenge using the host's ATECC device for crypto functions.
 
ATCA_STATUS atcacert_verify_cert_sw (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t ca_public_key[64])
 Verify a certificate against its certificate authority's public key using software crypto functions.The function is currently not implemented.
 
ATCA_STATUS atcacert_gen_challenge_sw (uint8_t challenge[32])
 Generate a random challenge to be sent to the client using a software PRNG.The function is currently not implemented.
 
ATCA_STATUS atcacert_verify_response_sw (const uint8_t device_public_key[64], const uint8_t challenge[32], const uint8_t response[64])
 Verify a client's response to a challenge using software crypto functions.The function is currently not implemented.
 

Variables

const size_t ATCACERT_DATE_FORMAT_SIZES [5]
 

Detailed Description

These methods provide convenient ways to perform certification I/O with CryptoAuth chips and perform certificate manipulation in memory.

Macro Definition Documentation

◆ ATCACERT_E_BAD_CERT

#define ATCACERT_E_BAD_CERT   10

Certificate structure is bad in some way.

◆ ATCACERT_E_BAD_PARAMS

#define ATCACERT_E_BAD_PARAMS   ATCA_BAD_PARAM

Invalid/bad parameter passed to function.

◆ ATCACERT_E_BUFFER_TOO_SMALL

#define ATCACERT_E_BUFFER_TOO_SMALL   ATCA_SMALL_BUFFER

Supplied buffer for output is too small to hold the result.

◆ ATCACERT_E_DECODING_ERROR

#define ATCACERT_E_DECODING_ERROR   4

Data being decoded/parsed has an invalid format.

◆ ATCACERT_E_ELEM_MISSING

#define ATCACERT_E_ELEM_MISSING   8

The certificate element isn't defined for the certificate definition.

◆ ATCACERT_E_ELEM_OUT_OF_BOUNDS

#define ATCACERT_E_ELEM_OUT_OF_BOUNDS   9

Certificate element is out of bounds for the given certificate.

◆ ATCACERT_E_ERROR

#define ATCACERT_E_ERROR   ATCA_GEN_FAIL

General error.

◆ ATCACERT_E_INVALID_DATE

#define ATCACERT_E_INVALID_DATE   5

Date is invalid.

◆ ATCACERT_E_INVALID_TRANSFORM

#define ATCACERT_E_INVALID_TRANSFORM   13

Invalid transform passed to function.

◆ ATCACERT_E_SUCCESS

#define ATCACERT_E_SUCCESS   ATCA_SUCCESS

Operation completed successfully.

◆ ATCACERT_E_UNEXPECTED_ELEM_SIZE

#define ATCACERT_E_UNEXPECTED_ELEM_SIZE   7

A certificate element size was not what was expected.

◆ ATCACERT_E_UNIMPLEMENTED

#define ATCACERT_E_UNIMPLEMENTED   ATCA_UNIMPLEMENTED

Function is unimplemented for the current configuration.

◆ ATCACERT_E_VERIFY_FAILED

#define ATCACERT_E_VERIFY_FAILED   12

Certificate or challenge/response verification failed.

◆ DATEFMT_ISO8601_SEP

#define DATEFMT_ISO8601_SEP   (0U)

ISO8601 full date YYYY-MM-DDThh:mm:ssZ.

Date formats.

Typedef Documentation

◆ atcacert_build_state_t

Tracks the state of a certificate as it's being rebuilt from device information.

◆ atcacert_cert_element_t

Defines a generic dynamic element for a certificate including the device and template locations.

◆ atcacert_cert_loc_t

typedef struct ATCA_PACKED atcacert_cert_loc_s atcacert_cert_loc_t

Defines a chunk of data in a certificate template.

◆ atcacert_cert_sn_src_t

Sources for the certificate serial number.

◆ atcacert_cert_type_t

Types of certificates.

◆ atcacert_def_t

Defines a certificate and all the pieces to work with it.

If any of the standard certificate elements (std_cert_elements) are not a part of the certificate definition, set their count to 0 to indicate their absence.

◆ atcacert_device_loc_t

typedef struct ATCA_PACKED atcacert_device_loc_s atcacert_device_loc_t

Defines a chunk of data in an ATECC device.

◆ atcacert_device_zone_t

ATECC device zones. The values match the Zone Encodings as specified in the datasheet.

◆ atcacert_std_cert_element_t

Standard dynamic certificate elements.

◆ atcacert_tm_utc_t

Holds a broken-down date in UTC. Mimics atcacert_tm_utc_t from time.h.

Enumeration Type Documentation

◆ atcacert_cert_sn_src_e

Sources for the certificate serial number.

Enumerator
SNSRC_STORED 

Cert serial is stored on the device.

SNSRC_STORED_DYNAMIC 

Cert serial is stored on the device with the first byte being the DER size (X509 certs only).

SNSRC_DEVICE_SN 

Cert serial number is 0x40(MSB) + 9-byte device serial number. Only applies to device certificates.

SNSRC_SIGNER_ID 

Cert serial number is 0x40(MSB) + 2-byte signer ID. Only applies to signer certificates.

SNSRC_PUB_KEY_HASH 

Cert serial number is the SHA256(Subject public key + Encoded dates), with uppermost 2 bits set to 01.

SNSRC_DEVICE_SN_HASH 

Cert serial number is the SHA256(Device SN + Encoded dates), with uppermost 2 bits set to 01. Only applies to device certificates.

SNSRC_PUB_KEY_HASH_POS 

Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates), with MSBit set to 0 to ensure it's positive.

SNSRC_DEVICE_SN_HASH_POS 

Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates), with MSBit set to 0 to ensure it's positive. Only applies to device certificates.

SNSRC_PUB_KEY_HASH_RAW 

Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates).

SNSRC_DEVICE_SN_HASH_RAW 

Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates.

◆ atcacert_cert_type_e

Types of certificates.

Enumerator
CERTTYPE_X509 

Standard X509 certificate.

CERTTYPE_CUSTOM 

Custom format.

CERTTYPE_X509_FULL_STORED 

Full Stored X509 Certificate.

◆ atcacert_device_zone_e

ATECC device zones. The values match the Zone Encodings as specified in the datasheet.

Enumerator
DEVZONE_CONFIG 

Configuration zone.

DEVZONE_OTP 

One Time Programmable zone.

DEVZONE_DATA 

Data zone (slots).

DEVZONE_GENKEY 

Data zone - Generate Pubkey (slots).

DEVZONE_NONE 

Special value used to indicate there is no device location.

◆ atcacert_std_cert_element_e

Standard dynamic certificate elements.

Enumerator
STDCERT_NUM_ELEMENTS 

Special item to give the number of elements in this enum.

◆ atcacert_transform_e

How to transform the data from the device to the certificate.

Enumerator
TF_NONE 

No transform, data is used byte for byte.

TF_REVERSE 

Reverse the bytes (e.g. change endianness)

TF_BIN2HEX_UC 

Convert raw binary into ASCII hex, uppercase.

TF_BIN2HEX_LC 

Convert raw binary into ASCII hex, lowercase.

TF_HEX2BIN_UC 

Convert ASCII hex, uppercase to binary.

TF_HEX2BIN_LC 

Convert ASCII hex, lowercase to binary.

TF_BIN2HEX_SPACE_UC 

Convert raw binary into ASCII hex, uppercase space between bytes.

TF_BIN2HEX_SPACE_LC 

Convert raw binary into ASCII hex, lowercase space between bytes.

TF_HEX2BIN_SPACE_UC 

Convert ASCII hex, uppercase with spaces between bytes to binary.

TF_HEX2BIN_SPACE_LC 

Convert ASCII hex, lowercase with spaces between bytes to binary.

Function Documentation

◆ atcacert_calc_expire_years()

int atcacert_calc_expire_years ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
int  issue_tm_year,
uint8_t *  expire_years 
)
Parameters
[in]cert_defCertificate definition to find a max size for.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[in]issue_tm_yearissue year.
[out]expire_yearsexpire years.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_create_csr()

ATCA_STATUS atcacert_create_csr ( const atcacert_def_t csr_def,
uint8_t *  csr,
size_t *  csr_size 
)

Creates a CSR specified by the CSR definition from the ATECC508A device. This process involves reading the dynamic CSR data from the device and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format.

Parameters
[in]csr_defCSR definition describing where to find the dynamic CSR information on the device and how to incorporate it into the template.
[out]csrBuffer to receive the CSR.
[in,out]csr_sizeAs input, the size of the CSR buffer in bytes. As output, the size of the CSR returned in cert in bytes.
Returns
ATCA_SUCCESS on success, otherwise an error code.

◆ atcacert_create_csr_pem()

ATCA_STATUS atcacert_create_csr_pem ( const atcacert_def_t csr_def,
char *  csr,
size_t *  csr_size 
)

Creates a CSR specified by the CSR definition from the ATECC508A device. This process involves reading the dynamic CSR data from the device and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format.

Parameters
[in]csr_defCSR definition describing where to find the dynamic CSR information on the device and how to incorporate it into the template.
[out]csrBuffer to received the CSR formatted as PEM.
[in,out]csr_sizeAs input, the size of the CSR buffer in bytes. As output, the size of the CSR as PEM returned in cert in bytes.
Returns
ATCA_SUCCESS on success, otherwise an error code.

◆ atcacert_date_cmp()

int atcacert_date_cmp ( const atcacert_tm_utc_t timestamp1,
const atcacert_tm_utc_t timestamp2 
)

Compare two dates.

Dates are not checked for validity before comparing.

Parameters
[in]timestamp1First date to compare.
[in]timestamp2Second date to compare.
Returns
-1 if timestamp1 is before timestamp2, 0 if they are equal, 1 if they are timestamp1 is after timestamp2. ATCACERT_E_BAD_PARAMS if either input is NULL.

◆ atcacert_date_dec()

ATCA_STATUS atcacert_date_dec ( atcacert_date_format_t  format,
const uint8_t *  formatted_date,
size_t  formatted_date_size,
atcacert_tm_utc_t timestamp 
)

Parse a formatted timestamp according to the specified format.

Parameters
[in]formatFormat to parse the formatted date as.
[in]formatted_dateFormatted date to be parsed.
[in]formatted_date_sizeSize of the formatted date in bytes.
[out]timestampParsed timestamp is returned here.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_date_dec_compcert()

ATCA_STATUS atcacert_date_dec_compcert ( const uint8_t  enc_dates[3],
atcacert_date_format_t  expire_date_format,
atcacert_tm_utc_t issue_date,
atcacert_tm_utc_t expire_date 
)

Decode the issue and expire dates from the format used by the compressed certificate.

Parameters
[in]enc_datesEncoded date from the compressed certificate. 3 bytes.
[in]expire_date_formatExpire date format. Only used to determine max date when no expiration date is specified by the encoded date.
[out]issue_dateDecoded issue date is returned here.
[out]expire_dateDecoded expire date is returned here. If there is no expiration date, the expire date will be set to a maximum value for the given expire_date_format.
Returns
0 on success

◆ atcacert_date_dec_compcert_ext()

ATCA_STATUS atcacert_date_dec_compcert_ext ( const uint8_t  comp_cert[72u],
atcacert_date_format_t  expire_date_format,
atcacert_tm_utc_t issue_date,
atcacert_tm_utc_t expire_date 
)

Decode the issue and expire dates from the format used by the compressed certificate.

Supports extended dates if the format version field is 1

Parameters
[in,out]comp_certCompressed certificate (72 bytes) where the encoded dates will be set. Format version (In comp_cert byte 70([3:0]) must be set to 1 to use extended dates.
[in]expire_date_formatExpire date format. Only used to determine max date when no expiration date is specified by the encoded date.
[out]issue_dateDecoded issue date is returned here.
[out]expire_dateDecoded expire date is returned here. If there is no expiration date, the expire date will be set to a maximum value for the given expire_date_format.
Returns
0 on success

◆ atcacert_date_enc()

ATCA_STATUS atcacert_date_enc ( atcacert_date_format_t  format,
const atcacert_tm_utc_t timestamp,
uint8_t *  formatted_date,
size_t *  formatted_date_size 
)

Format a timestamp according to the format type.

Parameters
[in]formatFormat to use.
[in]timestampTimestamp to format.
[out]formatted_dateFormatted date will be returned in this buffer.
[in,out]formatted_date_sizeAs input, the size of the formatted_date buffer. As output, the size of the returned formatted_date.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_date_enc_compcert()

ATCA_STATUS atcacert_date_enc_compcert ( const atcacert_tm_utc_t issue_date,
uint8_t  expire_years,
uint8_t  enc_dates[3] 
)

Encode the issue and expire dates in the format used by the compressed certificate.

Parameters
[in]issue_dateIssue date to encode. Note that minutes and seconds will be ignored.
[in]expire_yearsExpire date is expressed as a number of years past the issue date. 0 should be used if there is no expire date.
[out]enc_datesEncoded dates for use in the compressed certificate is returned here. 3 bytes.
Returns
0 on success

◆ atcacert_date_enc_compcert_ext()

ATCA_STATUS atcacert_date_enc_compcert_ext ( const atcacert_tm_utc_t issue_date,
uint8_t  expire_years,
uint8_t  comp_cert[72u] 
)

Encode the issue and expire dates in the format used by the compressed certificate.

Supports extended dates if the format version field is set appropriately (currently 1).

Parameters
[in]issue_dateIssue date to encode. Note that minutes and seconds will be ignored.
[in]expire_yearsExpire date is expressed as a number of years past the issue date. 0 should be used if there is no expire date.
[in,out]comp_certCompressed certificate (72 bytes) where the encoded dates will be set. Format version must be set appropriately.
Returns
0 on success

◆ atcacert_date_from_asn1_tag()

atcacert_date_format_t atcacert_date_from_asn1_tag ( const uint8_t  tag)

Convert the asn1 tag for the supported time formats into the local time format.

Returns
DATEFMT_RFC5280_UTC, DATEFMT_RFC5280_GEN, or DATEFMT_INVALID

◆ atcacert_date_get_max_date()

ATCA_STATUS atcacert_date_get_max_date ( atcacert_date_format_t  format,
atcacert_tm_utc_t timestamp 
)

Return the maximum date available for the given format.

Parameters
[in]formatFormat to get the max date for.
[out]timestampMax date is returned here.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_der_dec_ecdsa_sig_value()

ATCA_STATUS atcacert_der_dec_ecdsa_sig_value ( const uint8_t *  der_sig,
size_t *  der_sig_size,
uint8_t  raw_sig[64] 
)

Parses an ECDSA P256 signature in the DER encoding as found in X.509 certificates.

This will parse the DER encoding of the signatureValue field as found in an X.509 certificate (RFC 5280). x509_sig should include the tag, length, and value. The value of the signatureValue is the DER encoding of the ECDSA-Sig-Value as specified by RFC 5480 and SECG SEC1.

Parameters
[in]der_sigX.509 format signature (TLV of signatureValue) to be parsed.
[in,out]der_sig_sizeAs input, size of the der_sig buffer in bytes. As output, size of the DER x.509 signature parsed from the buffer.
[out]raw_sigParsed P256 ECDSA signature will be returned in this buffer. Formatted as R and S integers concatenated together. 64 bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_der_dec_integer()

ATCA_STATUS atcacert_der_dec_integer ( const uint8_t *  der_int,
size_t *  der_int_size,
uint8_t *  int_data,
size_t *  int_data_size 
)

Decode an ASN.1 DER encoded integer.

X.680 (http://www.itu.int/rec/T-REC-X.680/en) section 19.8, for tag value X.690 (http://www.itu.int/rec/T-REC-X.690/en) section 8.3, for encoding

Parameters
[in]der_intDER encoded ASN.1 integer, including the tag and length fields.
[in,out]der_int_sizeAs input, the size of the der_int buffer in bytes. As output, the size of the DER integer decoded in bytes.
[out]int_dataDecode integer is returned in this buffer in a signed big-endian format.
[in,out]int_data_sizeAs input, the size of int_data in bytes. As output, the size of the decoded integer in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_der_dec_length()

ATCA_STATUS atcacert_der_dec_length ( const uint8_t *  der_length,
size_t *  der_length_size,
size_t *  length 
)

Decode a DER format length.

X.690 (http://www.itu.int/rec/T-REC-X.690/en) section 8.1.3, for encoding

Parameters
[in]der_lengthDER encoded length.
[in,out]der_length_sizeAs input, the size of the der_length buffer in bytes. As output, the size of the DER encoded length that was decoded.
[out]lengthDecoded length is returned here.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_der_enc_ecdsa_sig_value()

ATCA_STATUS atcacert_der_enc_ecdsa_sig_value ( const uint8_t  raw_sig[64],
uint8_t *  der_sig,
size_t *  der_sig_size 
)

Formats a raw ECDSA P256 signature in the DER encoding found in X.509 certificates.

This will return the DER encoding of the signatureValue field as found in an X.509 certificate (RFC 5280). This include the tag, length, and value. The value of the signatureValue is the DER encoding of the ECDSA-Sig-Value as specified by RFC 5480 and SECG SEC1.

Parameters
[in]raw_sigP256 ECDSA signature to be formatted. Input format is R and S integers concatenated together. 64 bytes.
[out]der_sigX.509 format signature (TLV of signatureValue) will be returned in this buffer.
[in,out]der_sig_sizeAs input, the size of the x509_sig buffer in bytes. As output, the size of the returned X.509 signature in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_der_enc_integer()

ATCA_STATUS atcacert_der_enc_integer ( const uint8_t *  int_data,
size_t  int_data_size,
uint8_t  is_unsigned,
uint8_t *  der_int,
size_t *  der_int_size 
)

Encode an ASN.1 integer in DER format, including tag and length fields.

X.680 (http://www.itu.int/rec/T-REC-X.680/en) section 19.8, for tag value X.690 (http://www.itu.int/rec/T-REC-X.690/en) section 8.3, for encoding

Parameters
[in]int_dataRaw integer in big-endian format.
[in]int_data_sizeSize of the raw integer in bytes.
[in]is_unsignedIndicate whether the input integer should be treated as unsigned.
[out]der_intDER encoded integer is returned in this buffer.
[in,out]der_int_sizeAs input, the size of the der_int buffer in bytes. As output, the size of the DER integer returned in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_der_enc_length()

ATCA_STATUS atcacert_der_enc_length ( size_t  length,
uint8_t *  der_length,
size_t *  der_length_size 
)

Encode a length in DER format.

X.690 (http://www.itu.int/rec/T-REC-X.690/en) section 8.1.3, for encoding

Parameters
[in]lengthLength to be encoded.
[out]der_lengthDER encoded length will returned in this buffer.
[in,out]der_length_sizeAs input, size of der_length buffer in bytes. As output, the size of the DER length encoding in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_gen_challenge_hw()

ATCA_STATUS atcacert_gen_challenge_hw ( uint8_t  challenge[32])

Generate a random challenge to be sent to the client using the RNG on the host's ATECC device.

Parameters
[out]challengeRandom challenge is return here. 32 bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_gen_challenge_sw()

ATCA_STATUS atcacert_gen_challenge_sw ( uint8_t  challenge[32])

Generate a random challenge to be sent to the client using a software PRNG.The function is currently not implemented.

Parameters
[out]challengeRandom challenge is return here. 32 bytes.
Returns
ATCA_UNIMPLEMENTED , as the function is currently not implemented.

◆ atcacert_get_auth_key_id()

ATCA_STATUS atcacert_get_auth_key_id ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
uint8_t  auth_key_id[20] 
)

Gets the authority key ID from a certificate.

Parameters
[in]cert_defCertificate definition for the certificate.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[out]auth_key_idAuthority key ID is returned in this buffer. 20 bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_get_cert_sn()

ATCA_STATUS atcacert_get_cert_sn ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
uint8_t *  cert_sn,
size_t *  cert_sn_size 
)

Gets the certificate serial number from a certificate.

Parameters
[in]cert_defCertificate definition for the certificate.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[out]cert_snCertificate SN will be returned in this buffer.
[in,out]cert_sn_sizeAs input, the size of the cert_sn buffer. As output, the size of the certificate SN (cert_sn) in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_get_expire_date()

ATCA_STATUS atcacert_get_expire_date ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
atcacert_tm_utc_t timestamp 
)

Gets the expire date from a certificate. Will be parsed according to the date format specified in the certificate definition.

Parameters
[in]cert_defCertificate definition for the certificate.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[out]timestampExpire date is returned in this structure.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_get_issue_date()

ATCA_STATUS atcacert_get_issue_date ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
atcacert_tm_utc_t timestamp 
)

Gets the issue date from a certificate. Will be parsed according to the date format specified in the certificate definition.

Parameters
[in]cert_defCertificate definition for the certificate.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[out]timestampIssue date is returned in this structure.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_get_issuer()

ATCA_STATUS atcacert_get_issuer ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
uint8_t  cert_issuer[128] 
)

Gets the issuer name of a certificate.

Parameters
[in]cert_defCertificate definition for the certificate.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[out]cert_issuerCertificate's issuer is returned in this buffer.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_get_response()

ATCA_STATUS atcacert_get_response ( uint8_t  device_private_key_slot,
const uint8_t  challenge[32],
uint8_t  response[64] 
)

Calculates the response to a challenge sent from the host.

The challenge-response protocol is an ECDSA Sign and Verify. This performs the ECDSA Sign on the challenge and returns the signature as the response.

Parameters
[in]device_private_key_slotSlot number for the device's private key. This must be the same slot used to generate the public key included in the device's certificate.
[in]challengeChallenge to generate the response for. Must be 32 bytes.
[out]responseResponse will be returned in this buffer. 64 bytes.
Returns
ATCA_SUCCESS on success, otherwise an error code.

◆ atcacert_get_subj_key_id()

ATCA_STATUS atcacert_get_subj_key_id ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
uint8_t  subj_key_id[20] 
)

Gets the subject key ID from a certificate.

Parameters
[in]cert_defCertificate definition for the certificate.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[out]subj_key_idSubject key ID is returned in this buffer. 20 bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_get_subj_public_key()

ATCA_STATUS atcacert_get_subj_public_key ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
cal_buffer subj_public_key 
)

Gets the subject public key from a certificate.

Parameters
[in]cert_defCertificate definition for the certificate.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[out]subj_public_keySubject public key is returned in the buffer pointed by subj_public_key
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_get_subject()

ATCA_STATUS atcacert_get_subject ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
cal_buffer cert_subj_buf 
)

Gets the subject name from a certificate.

Parameters
[in]cert_defCertificate definition for the certificate.
[in]certCertificate to get element from.
[in]cert_sizeSize of the certificate (cert) in bytes.
[out]subjectSubject name is returned in this buffer.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_read_cert()

ATCA_STATUS atcacert_read_cert ( const atcacert_def_t cert_def,
const uint8_t  ca_public_key[64],
uint8_t *  cert,
size_t *  cert_size 
)

Reads the certificate specified by the certificate definition from the ATECC508A device.

This process involves reading the dynamic cert data from the device and combining it with the template found in the certificate definition.

Parameters
[in]cert_defCertificate definition describing where to find the dynamic certificate information on the device and how to incorporate it into the template.
[in]ca_public_keyThe ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total). Set to NULL if the authority key id is not needed, set properly in the cert_def template, or stored on the device as specifed in the cert_def cert_elements.
[out]certBuffer to received the certificate.
[in,out]cert_sizeAs input, the size of the cert buffer in bytes. As output, the size of the certificate returned in cert in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_read_cert_ext()

ATCA_STATUS atcacert_read_cert_ext ( ATCADevice  device,
const atcacert_def_t cert_def,
const uint8_t  ca_public_key[64],
uint8_t *  cert,
size_t *  cert_size 
)

Reads the certificate specified by the certificate definition from the ATECC508A device.

This process involves reading the dynamic cert data from the device and combining it with the template found in the certificate definition.

Parameters
[in]deviceDevice context
[in]cert_defCertificate definition describing where to find the dynamic certificate information on the device and how to incorporate it into the template.
[in]ca_public_keyThe ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total). Set to NULL if the authority key id is not needed, set properly in the cert_def template, or stored on the device as specifed in the cert_def cert_elements.
[out]certBuffer to received the certificate.
[in,out]cert_sizeAs input, the size of the cert buffer in bytes. As output, the size of the certificate returned in cert in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_read_cert_size()

ATCA_STATUS atcacert_read_cert_size ( const atcacert_def_t cert_def,
size_t *  cert_size 
)

Return the actual certificate size in bytes for a given cert def. Certificate can be variable size, so this gives the absolute buffer size when reading the certificates.

Parameters
[in]cert_defCertificate definition to find a max size for.
[out]cert_sizeCertificate size will be returned here in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_read_cert_size_ext()

ATCA_STATUS atcacert_read_cert_size_ext ( ATCADevice  device,
const atcacert_def_t cert_def,
size_t *  cert_size 
)

Return the actual certificate size in bytes for a given cert def. Certificate can be variable size, so this gives the absolute buffer size when reading the certificates.

Parameters
[in]deviceDevice context
[in]cert_defCertificate definition to find a max size for.
[out]cert_sizeCertificate size will be returned here in bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_read_device_loc()

ATCA_STATUS atcacert_read_device_loc ( const atcacert_device_loc_t device_loc,
uint8_t *  data 
)

Read the data from a device location.

Parameters
[in]device_locDevice location to read data from.
[out]dataData read is returned here.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_read_device_loc_ext()

ATCA_STATUS atcacert_read_device_loc_ext ( ATCADevice  device,
const atcacert_device_loc_t device_loc,
uint8_t *  data 
)

Read the data from a device location.

Parameters
[in]deviceDevice context
[in]device_locDevice location to read data from.
[out]dataData read is returned here.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_read_subj_key_id()

ATCA_STATUS atcacert_read_subj_key_id ( const atcacert_def_t cert_def,
uint8_t  subj_key_id[20] 
)

Reads the subject key ID based on a certificate definition.

Parameters
[in]cert_defCertificate definition
[out]subj_key_idSubject key ID is returned in this buffer. 20 bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_read_subj_key_id_ext()

ATCA_STATUS atcacert_read_subj_key_id_ext ( ATCADevice  device,
const atcacert_def_t cert_def,
uint8_t  subj_key_id[20] 
)

Reads the subject key ID based on a certificate definition.

Parameters
[in]deviceDevice context
[in]cert_defCertificate definition
[out]subj_key_idSubject key ID is returned in this buffer. 20 bytes.
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_verify_cert_hw()

ATCA_STATUS atcacert_verify_cert_hw ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
const uint8_t  ca_public_key[64] 
)

Verify a certificate against its certificate authority's public key using the host's ATECC device for crypto functions.

Parameters
[in]cert_defCertificate definition describing how to extract the TBS and signature components from the certificate specified.
[in]certCertificate to verify.
[in]cert_sizeSize of the certificate (cert) in bytes.
[in]ca_public_keyThe ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total).
Returns
ATCACERT_E_SUCCESS if the verify succeeds, ATCACERT_VERIFY_FAILED or ATCA_EXECUTION_ERROR if it fails to verify. ATCA_EXECUTION_ERROR may occur when the public key is invalid and doesn't fall on the P256 curve.

◆ atcacert_verify_cert_sw()

ATCA_STATUS atcacert_verify_cert_sw ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size,
const uint8_t  ca_public_key[64] 
)

Verify a certificate against its certificate authority's public key using software crypto functions.The function is currently not implemented.

Parameters
[in]cert_defCertificate definition describing how to extract the TBS and signature components from the certificate specified.
[in]certCertificate to verify.
[in]cert_sizeSize of the certificate (cert) in bytes.
[in]ca_public_keyThe ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total).
Returns
ATCA_UNIMPLEMENTED , as the function is currently not implemented.

◆ atcacert_verify_response_hw()

ATCA_STATUS atcacert_verify_response_hw ( const uint8_t  device_public_key[64],
const uint8_t  challenge[32],
const uint8_t  response[64] 
)

Verify a client's response to a challenge using the host's ATECC device for crypto functions.

The challenge-response protocol is an ECDSA Sign and Verify. This performs an ECDSA verify on the response returned by the client, verifying the client has the private key counter-part to the public key returned in its certificate.

Parameters
[in]device_public_keyDevice public key as read from its certificate. Formatted as the X and Y integers concatenated together. 64 bytes.
[in]challengeChallenge that was sent to the client. 32 bytes.
[in]responseResponse returned from the client to be verified. 64 bytes.
Returns
ATCACERT_E_SUCCESS if the verify succeeds, ATCACERT_VERIFY_FAILED or ATCA_EXECUTION_ERROR if it fails to verify. ATCA_EXECUTION_ERROR may occur when the public key is invalid and doesn't fall on the P256 curve.

◆ atcacert_verify_response_sw()

ATCA_STATUS atcacert_verify_response_sw ( const uint8_t  device_public_key[64],
const uint8_t  challenge[32],
const uint8_t  response[64] 
)

Verify a client's response to a challenge using software crypto functions.The function is currently not implemented.

The challenge-response protocol is an ECDSA Sign and Verify. This performs an ECDSA verify on the response returned by the client, verifying the client has the private key counter-part to the public key returned in its certificate.

Parameters
[in]device_public_keyDevice public key as read from its certificate. Formatted as the X and Y integers concatenated together. 64 bytes.
[in]challengeChallenge that was sent to the client. 32 bytes.
[in]responseResponse returned from the client to be verified. 64 bytes.
Returns
ATCA_UNIMPLEMENTED , as the function is currently not implemented.

◆ atcacert_write_cert()

ATCA_STATUS atcacert_write_cert ( const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size 
)

Take a full certificate and write it to the ATECC508A device according to the certificate definition.

Parameters
[in]cert_defCertificate definition describing where the dynamic certificate information is and how to store it on the device.
[in]certFull certificate to be stored.
[in]cert_sizeSize of the full certificate in bytes.
[in]deviceDevice context
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.

◆ atcacert_write_cert_ext()

ATCA_STATUS atcacert_write_cert_ext ( ATCADevice  device,
const atcacert_def_t cert_def,
const uint8_t *  cert,
size_t  cert_size 
)

Take a full certificate and write it to the ATECC508A device according to the certificate definition.

Parameters
[in]deviceDevice context
[in]cert_defCertificate definition describing where the dynamic certificate information is and how to store it on the device.
[in]certFull certificate to be stored.
[in]cert_sizeSize of the full certificate in bytes.
[in]deviceDevice context
Returns
ATCACERT_E_SUCCESS on success, otherwise an error code.