These methods provide convenient ways to perform certification I/O with CryptoAuth chips and perform certificate manipulation in memory. More...
Data Structures | |
struct | atcacert_tm_utc_s |
struct | atcacert_device_loc_s |
struct | atcacert_cert_loc_s |
struct | atcacert_cert_element_s |
struct | atcacert_def_s |
struct | atcacert_build_state_s |
Macros | |
#define | FALSE (0) |
#define | TRUE (1) |
#define | ATCACERT_E_SUCCESS ATCA_SUCCESS |
#define | ATCACERT_E_ERROR ATCA_GEN_FAIL |
#define | ATCACERT_E_BAD_PARAMS ATCA_BAD_PARAM |
#define | ATCACERT_E_BUFFER_TOO_SMALL ATCA_SMALL_BUFFER |
#define | ATCACERT_E_UNIMPLEMENTED ATCA_UNIMPLEMENTED |
#define | ATCACERT_E_DECODING_ERROR 4 |
#define | ATCACERT_E_INVALID_DATE 5 |
#define | ATCACERT_E_UNEXPECTED_ELEM_SIZE 7 |
#define | ATCACERT_E_ELEM_MISSING 8 |
#define | ATCACERT_E_ELEM_OUT_OF_BOUNDS 9 |
#define | ATCACERT_E_BAD_CERT 10 |
#define | ATCACERT_E_WRONG_CERT_DEF 11 |
#define | ATCACERT_E_VERIFY_FAILED 12 |
#define | ATCACERT_E_INVALID_TRANSFORM 13 |
#define | DATEFMT_ISO8601_SEP (0U) |
ISO8601 full date YYYY-MM-DDThh:mm:ssZ. | |
#define | DATEFMT_RFC5280_UTC (1U) |
RFC 5280 (X.509) 4.1.2.5.1 UTCTime format YYMMDDhhmmssZ. | |
#define | DATEFMT_POSIX_UINT32_BE (2U) |
POSIX (aka UNIX) date format. Seconds since Jan 1, 1970. 32 bit unsigned integer, big endian. | |
#define | DATEFMT_POSIX_UINT32_LE (3U) |
POSIX (aka UNIX) date format. Seconds since Jan 1, 1970. 32 bit unsigned integer, little endian. | |
#define | DATEFMT_RFC5280_GEN (4U) |
RFC 5280 (X.509) 4.1.2.5.2 GeneralizedTime format YYYYMMDDhhmmssZ. | |
#define | DATEFMT_INVALID (0xFFU) |
#define | DATEFMT_ISO8601_SEP_SIZE (20) |
#define | DATEFMT_RFC5280_UTC_SIZE (13) |
#define | DATEFMT_POSIX_UINT32_BE_SIZE (4) |
#define | DATEFMT_POSIX_UINT32_LE_SIZE (4) |
#define | DATEFMT_RFC5280_GEN_SIZE (15) |
#define | DATEFMT_MAX_SIZE DATEFMT_ISO8601_SEP_SIZE |
#define | ATCACERT_DATE_FORMAT_SIZES_COUNT 5 |
#define | ATCACERT_COMP_CERT_MAX_SIZE 72u |
#define | atcacert_date_enc_posix_uint32_be atcacert_date_enc_posix_be |
#define | atcacert_date_dec_posix_uint32_be atcacert_date_dec_posix_be |
#define | atcacert_date_enc_posix_uint32_le atcacert_date_enc_posix_le |
#define | atcacert_date_dec_posix_uint32_le atcacert_date_dec_posix_le |
Typedefs | |
typedef struct atcacert_tm_utc_s | atcacert_tm_utc_t |
typedef uint8_t | atcacert_date_format_t |
typedef enum atcacert_cert_type_e | atcacert_cert_type_t |
typedef enum atcacert_cert_sn_src_e | atcacert_cert_sn_src_t |
typedef enum atcacert_device_zone_e | atcacert_device_zone_t |
typedef enum atcacert_transform_e | atcacert_transform_t |
How to transform the data from the device to the certificate. | |
typedef enum atcacert_std_cert_element_e | atcacert_std_cert_element_t |
typedef struct ATCA_PACKED atcacert_device_loc_s | atcacert_device_loc_t |
typedef struct ATCA_PACKED atcacert_cert_loc_s | atcacert_cert_loc_t |
typedef struct ATCA_PACKED atcacert_cert_element_s | atcacert_cert_element_t |
typedef struct atcacert_def_s | atcacert_def_t |
typedef struct atcacert_build_state_s | atcacert_build_state_t |
Functions | |
ATCA_STATUS | atcacert_read_device_loc (const atcacert_device_loc_t *device_loc, uint8_t *data) |
Read the data from a device location. | |
ATCA_STATUS | atcacert_read_device_loc_ext (ATCADevice device, const atcacert_device_loc_t *device_loc, uint8_t *data) |
Read the data from a device location. | |
ATCA_STATUS | atcacert_read_cert (const atcacert_def_t *cert_def, const uint8_t ca_public_key[64], uint8_t *cert, size_t *cert_size) |
Reads the certificate specified by the certificate definition from the ATECC508A device. | |
ATCA_STATUS | atcacert_read_cert_ext (ATCADevice device, const atcacert_def_t *cert_def, const uint8_t ca_public_key[64], uint8_t *cert, size_t *cert_size) |
Reads the certificate specified by the certificate definition from the ATECC508A device. | |
ATCA_STATUS | atcacert_write_cert (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size) |
Take a full certificate and write it to the ATECC508A device according to the certificate definition. | |
ATCA_STATUS | atcacert_write_cert_ext (ATCADevice device, const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size) |
Take a full certificate and write it to the ATECC508A device according to the certificate definition. | |
ATCA_STATUS | atcacert_create_csr (const atcacert_def_t *csr_def, uint8_t *csr, size_t *csr_size) |
Creates a CSR specified by the CSR definition from the ATECC508A device. This process involves reading the dynamic CSR data from the device and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format. | |
ATCA_STATUS | atcacert_create_csr_pem (const atcacert_def_t *csr_def, char *csr, size_t *csr_size) |
Creates a CSR specified by the CSR definition from the ATECC508A device. This process involves reading the dynamic CSR data from the device and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format. | |
ATCA_STATUS | atcacert_get_response (uint8_t device_private_key_slot, const uint8_t challenge[32], uint8_t response[64]) |
Calculates the response to a challenge sent from the host. | |
ATCA_STATUS | atcacert_read_subj_key_id (const atcacert_def_t *cert_def, uint8_t subj_key_id[20]) |
Reads the subject key ID based on a certificate definition. | |
ATCA_STATUS | atcacert_read_subj_key_id_ext (ATCADevice device, const atcacert_def_t *cert_def, uint8_t subj_key_id[20]) |
Reads the subject key ID based on a certificate definition. | |
ATCA_STATUS | atcacert_read_cert_size (const atcacert_def_t *cert_def, size_t *cert_size) |
Return the actual certificate size in bytes for a given cert def. Certificate can be variable size, so this gives the absolute buffer size when reading the certificates. | |
ATCA_STATUS | atcacert_read_cert_size_ext (ATCADevice device, const atcacert_def_t *cert_def, size_t *cert_size) |
Return the actual certificate size in bytes for a given cert def. Certificate can be variable size, so this gives the absolute buffer size when reading the certificates. | |
ATCA_STATUS | atcacert_date_enc (atcacert_date_format_t format, const atcacert_tm_utc_t *timestamp, uint8_t *formatted_date, size_t *formatted_date_size) |
Format a timestamp according to the format type. | |
ATCA_STATUS | atcacert_date_dec (atcacert_date_format_t format, const uint8_t *formatted_date, size_t formatted_date_size, atcacert_tm_utc_t *timestamp) |
Parse a formatted timestamp according to the specified format. | |
ATCA_STATUS | atcacert_date_enc_compcert (const atcacert_tm_utc_t *issue_date, uint8_t expire_years, uint8_t enc_dates[3]) |
Encode the issue and expire dates in the format used by the compressed certificate. | |
ATCA_STATUS | atcacert_date_enc_compcert_ext (const atcacert_tm_utc_t *issue_date, uint8_t expire_years, uint8_t comp_cert[72u]) |
Encode the issue and expire dates in the format used by the compressed certificate. | |
ATCA_STATUS | atcacert_date_dec_compcert (const uint8_t enc_dates[3], atcacert_date_format_t expire_date_format, atcacert_tm_utc_t *issue_date, atcacert_tm_utc_t *expire_date) |
Decode the issue and expire dates from the format used by the compressed certificate. | |
ATCA_STATUS | atcacert_date_dec_compcert_ext (const uint8_t comp_cert[72u], atcacert_date_format_t expire_date_format, atcacert_tm_utc_t *issue_date, atcacert_tm_utc_t *expire_date) |
Decode the issue and expire dates from the format used by the compressed certificate. | |
atcacert_date_format_t | atcacert_date_from_asn1_tag (const uint8_t tag) |
Convert the asn1 tag for the supported time formats into the local time format. | |
ATCA_STATUS | atcacert_date_get_max_date (atcacert_date_format_t format, atcacert_tm_utc_t *timestamp) |
Return the maximum date available for the given format. | |
ATCA_STATUS | atcacert_date_enc_iso8601_sep (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(20)]) |
ATCA_STATUS | atcacert_date_dec_iso8601_sep (const uint8_t formatted_date[(20)], atcacert_tm_utc_t *timestamp) |
ATCA_STATUS | atcacert_date_enc_rfc5280_utc (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(13)]) |
ATCA_STATUS | atcacert_date_dec_rfc5280_utc (const uint8_t formatted_date[(13)], atcacert_tm_utc_t *timestamp) |
ATCA_STATUS | atcacert_date_enc_rfc5280_gen (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(15)]) |
ATCA_STATUS | atcacert_date_dec_rfc5280_gen (const uint8_t formatted_date[(15)], atcacert_tm_utc_t *timestamp) |
ATCA_STATUS | atcacert_date_enc_posix_be (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(4)]) |
ATCA_STATUS | atcacert_date_dec_posix_be (const uint8_t formatted_date[(4)], atcacert_tm_utc_t *timestamp) |
ATCA_STATUS | atcacert_date_enc_posix_le (const atcacert_tm_utc_t *timestamp, uint8_t formatted_date[(4)]) |
ATCA_STATUS | atcacert_date_dec_posix_le (const uint8_t formatted_date[(4)], atcacert_tm_utc_t *timestamp) |
int | atcacert_date_cmp (const atcacert_tm_utc_t *timestamp1, const atcacert_tm_utc_t *timestamp2) |
Compare two dates. | |
ATCA_STATUS | atcacert_get_subject (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, cal_buffer *cert_subj_buf) |
Gets the subject name from a certificate. | |
ATCA_STATUS | atcacert_get_subj_public_key (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, cal_buffer *subj_public_key) |
Gets the subject public key from a certificate. | |
ATCA_STATUS | atcacert_get_subj_key_id (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_key_id[20]) |
Gets the subject key ID from a certificate. | |
ATCA_STATUS | atcacert_get_issuer (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t cert_issuer[128]) |
Gets the issuer name of a certificate. | |
ATCA_STATUS | atcacert_get_issue_date (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp) |
Gets the issue date from a certificate. Will be parsed according to the date format specified in the certificate definition. | |
ATCA_STATUS | atcacert_get_expire_date (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp) |
Gets the expire date from a certificate. Will be parsed according to the date format specified in the certificate definition. | |
ATCA_STATUS | atcacert_get_cert_sn (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t *cert_sn, size_t *cert_sn_size) |
Gets the certificate serial number from a certificate. | |
ATCA_STATUS | atcacert_get_auth_key_id (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t auth_key_id[20]) |
Gets the authority key ID from a certificate. | |
int | atcacert_calc_expire_years (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, int issue_tm_year, uint8_t *expire_years) |
ATCA_STATUS | atcacert_der_enc_length (size_t length, uint8_t *der_length, size_t *der_length_size) |
Encode a length in DER format. | |
ATCA_STATUS | atcacert_der_dec_length (const uint8_t *der_length, size_t *der_length_size, size_t *length) |
Decode a DER format length. | |
ATCA_STATUS | atcacert_der_adjust_length (uint8_t *der_length, size_t *der_length_size, int delta_length, size_t *new_length) |
ATCA_STATUS | atcacert_der_enc_integer (const uint8_t *int_data, size_t int_data_size, uint8_t is_unsigned, uint8_t *der_int, size_t *der_int_size) |
Encode an ASN.1 integer in DER format, including tag and length fields. | |
ATCA_STATUS | atcacert_der_dec_integer (const uint8_t *der_int, size_t *der_int_size, uint8_t *int_data, size_t *int_data_size) |
Decode an ASN.1 DER encoded integer. | |
ATCA_STATUS | atcacert_der_enc_ecdsa_sig_value (const uint8_t raw_sig[64], uint8_t *der_sig, size_t *der_sig_size) |
Formats a raw ECDSA P256 signature in the DER encoding found in X.509 certificates. | |
ATCA_STATUS | atcacert_der_dec_ecdsa_sig_value (const uint8_t *der_sig, size_t *der_sig_size, uint8_t raw_sig[64]) |
Parses an ECDSA P256 signature in the DER encoding as found in X.509 certificates. | |
ATCA_STATUS | atcacert_verify_cert_hw (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t ca_public_key[64]) |
Verify a certificate against its certificate authority's public key using the host's ATECC device for crypto functions. | |
ATCA_STATUS | atcacert_gen_challenge_hw (uint8_t challenge[32]) |
Generate a random challenge to be sent to the client using the RNG on the host's ATECC device. | |
ATCA_STATUS | atcacert_verify_response_hw (const uint8_t device_public_key[64], const uint8_t challenge[32], const uint8_t response[64]) |
Verify a client's response to a challenge using the host's ATECC device for crypto functions. | |
ATCA_STATUS | atcacert_verify_cert_sw (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t ca_public_key[64]) |
Verify a certificate against its certificate authority's public key using software crypto functions.The function is currently not implemented. | |
ATCA_STATUS | atcacert_gen_challenge_sw (uint8_t challenge[32]) |
Generate a random challenge to be sent to the client using a software PRNG.The function is currently not implemented. | |
ATCA_STATUS | atcacert_verify_response_sw (const uint8_t device_public_key[64], const uint8_t challenge[32], const uint8_t response[64]) |
Verify a client's response to a challenge using software crypto functions.The function is currently not implemented. | |
Variables | |
const size_t | ATCACERT_DATE_FORMAT_SIZES [5] |
These methods provide convenient ways to perform certification I/O with CryptoAuth chips and perform certificate manipulation in memory.
#define ATCACERT_E_BAD_CERT 10 |
Certificate structure is bad in some way.
#define ATCACERT_E_BAD_PARAMS ATCA_BAD_PARAM |
Invalid/bad parameter passed to function.
#define ATCACERT_E_BUFFER_TOO_SMALL ATCA_SMALL_BUFFER |
Supplied buffer for output is too small to hold the result.
#define ATCACERT_E_DECODING_ERROR 4 |
Data being decoded/parsed has an invalid format.
#define ATCACERT_E_ELEM_MISSING 8 |
The certificate element isn't defined for the certificate definition.
#define ATCACERT_E_ELEM_OUT_OF_BOUNDS 9 |
Certificate element is out of bounds for the given certificate.
#define ATCACERT_E_ERROR ATCA_GEN_FAIL |
General error.
#define ATCACERT_E_INVALID_DATE 5 |
Date is invalid.
#define ATCACERT_E_INVALID_TRANSFORM 13 |
Invalid transform passed to function.
#define ATCACERT_E_SUCCESS ATCA_SUCCESS |
Operation completed successfully.
#define ATCACERT_E_UNEXPECTED_ELEM_SIZE 7 |
A certificate element size was not what was expected.
#define ATCACERT_E_UNIMPLEMENTED ATCA_UNIMPLEMENTED |
Function is unimplemented for the current configuration.
#define ATCACERT_E_VERIFY_FAILED 12 |
Certificate or challenge/response verification failed.
#define DATEFMT_ISO8601_SEP (0U) |
ISO8601 full date YYYY-MM-DDThh:mm:ssZ.
Date formats.
typedef struct atcacert_build_state_s atcacert_build_state_t |
Tracks the state of a certificate as it's being rebuilt from device information.
typedef struct ATCA_PACKED atcacert_cert_element_s atcacert_cert_element_t |
Defines a generic dynamic element for a certificate including the device and template locations.
typedef struct ATCA_PACKED atcacert_cert_loc_s atcacert_cert_loc_t |
Defines a chunk of data in a certificate template.
typedef enum atcacert_cert_sn_src_e atcacert_cert_sn_src_t |
Sources for the certificate serial number.
typedef enum atcacert_cert_type_e atcacert_cert_type_t |
Types of certificates.
typedef struct atcacert_def_s atcacert_def_t |
Defines a certificate and all the pieces to work with it.
If any of the standard certificate elements (std_cert_elements) are not a part of the certificate definition, set their count to 0 to indicate their absence.
typedef struct ATCA_PACKED atcacert_device_loc_s atcacert_device_loc_t |
Defines a chunk of data in an ATECC device.
typedef enum atcacert_device_zone_e atcacert_device_zone_t |
ATECC device zones. The values match the Zone Encodings as specified in the datasheet.
typedef enum atcacert_std_cert_element_e atcacert_std_cert_element_t |
Standard dynamic certificate elements.
typedef struct atcacert_tm_utc_s atcacert_tm_utc_t |
Holds a broken-down date in UTC. Mimics atcacert_tm_utc_t from time.h.
Sources for the certificate serial number.
enum atcacert_cert_type_e |
ATECC device zones. The values match the Zone Encodings as specified in the datasheet.
enum atcacert_transform_e |
How to transform the data from the device to the certificate.
int atcacert_calc_expire_years | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
int | issue_tm_year, | ||
uint8_t * | expire_years | ||
) |
[in] | cert_def | Certificate definition to find a max size for. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[in] | issue_tm_year | issue year. |
[out] | expire_years | expire years. |
ATCA_STATUS atcacert_create_csr | ( | const atcacert_def_t * | csr_def, |
uint8_t * | csr, | ||
size_t * | csr_size | ||
) |
Creates a CSR specified by the CSR definition from the ATECC508A device. This process involves reading the dynamic CSR data from the device and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format.
[in] | csr_def | CSR definition describing where to find the dynamic CSR information on the device and how to incorporate it into the template. |
[out] | csr | Buffer to receive the CSR. |
[in,out] | csr_size | As input, the size of the CSR buffer in bytes. As output, the size of the CSR returned in cert in bytes. |
ATCA_STATUS atcacert_create_csr_pem | ( | const atcacert_def_t * | csr_def, |
char * | csr, | ||
size_t * | csr_size | ||
) |
Creates a CSR specified by the CSR definition from the ATECC508A device. This process involves reading the dynamic CSR data from the device and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format.
[in] | csr_def | CSR definition describing where to find the dynamic CSR information on the device and how to incorporate it into the template. |
[out] | csr | Buffer to received the CSR formatted as PEM. |
[in,out] | csr_size | As input, the size of the CSR buffer in bytes. As output, the size of the CSR as PEM returned in cert in bytes. |
int atcacert_date_cmp | ( | const atcacert_tm_utc_t * | timestamp1, |
const atcacert_tm_utc_t * | timestamp2 | ||
) |
Compare two dates.
Dates are not checked for validity before comparing.
[in] | timestamp1 | First date to compare. |
[in] | timestamp2 | Second date to compare. |
ATCA_STATUS atcacert_date_dec | ( | atcacert_date_format_t | format, |
const uint8_t * | formatted_date, | ||
size_t | formatted_date_size, | ||
atcacert_tm_utc_t * | timestamp | ||
) |
Parse a formatted timestamp according to the specified format.
[in] | format | Format to parse the formatted date as. |
[in] | formatted_date | Formatted date to be parsed. |
[in] | formatted_date_size | Size of the formatted date in bytes. |
[out] | timestamp | Parsed timestamp is returned here. |
ATCA_STATUS atcacert_date_dec_compcert | ( | const uint8_t | enc_dates[3], |
atcacert_date_format_t | expire_date_format, | ||
atcacert_tm_utc_t * | issue_date, | ||
atcacert_tm_utc_t * | expire_date | ||
) |
Decode the issue and expire dates from the format used by the compressed certificate.
[in] | enc_dates | Encoded date from the compressed certificate. 3 bytes. |
[in] | expire_date_format | Expire date format. Only used to determine max date when no expiration date is specified by the encoded date. |
[out] | issue_date | Decoded issue date is returned here. |
[out] | expire_date | Decoded expire date is returned here. If there is no expiration date, the expire date will be set to a maximum value for the given expire_date_format. |
ATCA_STATUS atcacert_date_dec_compcert_ext | ( | const uint8_t | comp_cert[72u], |
atcacert_date_format_t | expire_date_format, | ||
atcacert_tm_utc_t * | issue_date, | ||
atcacert_tm_utc_t * | expire_date | ||
) |
Decode the issue and expire dates from the format used by the compressed certificate.
Supports extended dates if the format version field is 1
[in,out] | comp_cert | Compressed certificate (72 bytes) where the encoded dates will be set. Format version (In comp_cert byte 70([3:0]) must be set to 1 to use extended dates. |
[in] | expire_date_format | Expire date format. Only used to determine max date when no expiration date is specified by the encoded date. |
[out] | issue_date | Decoded issue date is returned here. |
[out] | expire_date | Decoded expire date is returned here. If there is no expiration date, the expire date will be set to a maximum value for the given expire_date_format. |
ATCA_STATUS atcacert_date_enc | ( | atcacert_date_format_t | format, |
const atcacert_tm_utc_t * | timestamp, | ||
uint8_t * | formatted_date, | ||
size_t * | formatted_date_size | ||
) |
Format a timestamp according to the format type.
[in] | format | Format to use. |
[in] | timestamp | Timestamp to format. |
[out] | formatted_date | Formatted date will be returned in this buffer. |
[in,out] | formatted_date_size | As input, the size of the formatted_date buffer. As output, the size of the returned formatted_date. |
ATCA_STATUS atcacert_date_enc_compcert | ( | const atcacert_tm_utc_t * | issue_date, |
uint8_t | expire_years, | ||
uint8_t | enc_dates[3] | ||
) |
Encode the issue and expire dates in the format used by the compressed certificate.
[in] | issue_date | Issue date to encode. Note that minutes and seconds will be ignored. |
[in] | expire_years | Expire date is expressed as a number of years past the issue date. 0 should be used if there is no expire date. |
[out] | enc_dates | Encoded dates for use in the compressed certificate is returned here. 3 bytes. |
ATCA_STATUS atcacert_date_enc_compcert_ext | ( | const atcacert_tm_utc_t * | issue_date, |
uint8_t | expire_years, | ||
uint8_t | comp_cert[72u] | ||
) |
Encode the issue and expire dates in the format used by the compressed certificate.
Supports extended dates if the format version field is set appropriately (currently 1).
[in] | issue_date | Issue date to encode. Note that minutes and seconds will be ignored. |
[in] | expire_years | Expire date is expressed as a number of years past the issue date. 0 should be used if there is no expire date. |
[in,out] | comp_cert | Compressed certificate (72 bytes) where the encoded dates will be set. Format version must be set appropriately. |
atcacert_date_format_t atcacert_date_from_asn1_tag | ( | const uint8_t | tag | ) |
Convert the asn1 tag for the supported time formats into the local time format.
ATCA_STATUS atcacert_date_get_max_date | ( | atcacert_date_format_t | format, |
atcacert_tm_utc_t * | timestamp | ||
) |
Return the maximum date available for the given format.
[in] | format | Format to get the max date for. |
[out] | timestamp | Max date is returned here. |
ATCA_STATUS atcacert_der_dec_ecdsa_sig_value | ( | const uint8_t * | der_sig, |
size_t * | der_sig_size, | ||
uint8_t | raw_sig[64] | ||
) |
Parses an ECDSA P256 signature in the DER encoding as found in X.509 certificates.
This will parse the DER encoding of the signatureValue field as found in an X.509 certificate (RFC 5280). x509_sig should include the tag, length, and value. The value of the signatureValue is the DER encoding of the ECDSA-Sig-Value as specified by RFC 5480 and SECG SEC1.
[in] | der_sig | X.509 format signature (TLV of signatureValue) to be parsed. |
[in,out] | der_sig_size | As input, size of the der_sig buffer in bytes. As output, size of the DER x.509 signature parsed from the buffer. |
[out] | raw_sig | Parsed P256 ECDSA signature will be returned in this buffer. Formatted as R and S integers concatenated together. 64 bytes. |
ATCA_STATUS atcacert_der_dec_integer | ( | const uint8_t * | der_int, |
size_t * | der_int_size, | ||
uint8_t * | int_data, | ||
size_t * | int_data_size | ||
) |
Decode an ASN.1 DER encoded integer.
X.680 (http://www.itu.int/rec/T-REC-X.680/en) section 19.8, for tag value X.690 (http://www.itu.int/rec/T-REC-X.690/en) section 8.3, for encoding
[in] | der_int | DER encoded ASN.1 integer, including the tag and length fields. |
[in,out] | der_int_size | As input, the size of the der_int buffer in bytes. As output, the size of the DER integer decoded in bytes. |
[out] | int_data | Decode integer is returned in this buffer in a signed big-endian format. |
[in,out] | int_data_size | As input, the size of int_data in bytes. As output, the size of the decoded integer in bytes. |
ATCA_STATUS atcacert_der_dec_length | ( | const uint8_t * | der_length, |
size_t * | der_length_size, | ||
size_t * | length | ||
) |
Decode a DER format length.
X.690 (http://www.itu.int/rec/T-REC-X.690/en) section 8.1.3, for encoding
[in] | der_length | DER encoded length. |
[in,out] | der_length_size | As input, the size of the der_length buffer in bytes. As output, the size of the DER encoded length that was decoded. |
[out] | length | Decoded length is returned here. |
ATCA_STATUS atcacert_der_enc_ecdsa_sig_value | ( | const uint8_t | raw_sig[64], |
uint8_t * | der_sig, | ||
size_t * | der_sig_size | ||
) |
Formats a raw ECDSA P256 signature in the DER encoding found in X.509 certificates.
This will return the DER encoding of the signatureValue field as found in an X.509 certificate (RFC 5280). This include the tag, length, and value. The value of the signatureValue is the DER encoding of the ECDSA-Sig-Value as specified by RFC 5480 and SECG SEC1.
[in] | raw_sig | P256 ECDSA signature to be formatted. Input format is R and S integers concatenated together. 64 bytes. |
[out] | der_sig | X.509 format signature (TLV of signatureValue) will be returned in this buffer. |
[in,out] | der_sig_size | As input, the size of the x509_sig buffer in bytes. As output, the size of the returned X.509 signature in bytes. |
ATCA_STATUS atcacert_der_enc_integer | ( | const uint8_t * | int_data, |
size_t | int_data_size, | ||
uint8_t | is_unsigned, | ||
uint8_t * | der_int, | ||
size_t * | der_int_size | ||
) |
Encode an ASN.1 integer in DER format, including tag and length fields.
X.680 (http://www.itu.int/rec/T-REC-X.680/en) section 19.8, for tag value X.690 (http://www.itu.int/rec/T-REC-X.690/en) section 8.3, for encoding
[in] | int_data | Raw integer in big-endian format. |
[in] | int_data_size | Size of the raw integer in bytes. |
[in] | is_unsigned | Indicate whether the input integer should be treated as unsigned. |
[out] | der_int | DER encoded integer is returned in this buffer. |
[in,out] | der_int_size | As input, the size of the der_int buffer in bytes. As output, the size of the DER integer returned in bytes. |
ATCA_STATUS atcacert_der_enc_length | ( | size_t | length, |
uint8_t * | der_length, | ||
size_t * | der_length_size | ||
) |
Encode a length in DER format.
X.690 (http://www.itu.int/rec/T-REC-X.690/en) section 8.1.3, for encoding
[in] | length | Length to be encoded. |
[out] | der_length | DER encoded length will returned in this buffer. |
[in,out] | der_length_size | As input, size of der_length buffer in bytes. As output, the size of the DER length encoding in bytes. |
ATCA_STATUS atcacert_gen_challenge_hw | ( | uint8_t | challenge[32] | ) |
Generate a random challenge to be sent to the client using the RNG on the host's ATECC device.
[out] | challenge | Random challenge is return here. 32 bytes. |
ATCA_STATUS atcacert_gen_challenge_sw | ( | uint8_t | challenge[32] | ) |
Generate a random challenge to be sent to the client using a software PRNG.The function is currently not implemented.
[out] | challenge | Random challenge is return here. 32 bytes. |
ATCA_STATUS atcacert_get_auth_key_id | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
uint8_t | auth_key_id[20] | ||
) |
Gets the authority key ID from a certificate.
[in] | cert_def | Certificate definition for the certificate. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[out] | auth_key_id | Authority key ID is returned in this buffer. 20 bytes. |
ATCA_STATUS atcacert_get_cert_sn | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
uint8_t * | cert_sn, | ||
size_t * | cert_sn_size | ||
) |
Gets the certificate serial number from a certificate.
[in] | cert_def | Certificate definition for the certificate. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[out] | cert_sn | Certificate SN will be returned in this buffer. |
[in,out] | cert_sn_size | As input, the size of the cert_sn buffer. As output, the size of the certificate SN (cert_sn) in bytes. |
ATCA_STATUS atcacert_get_expire_date | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
atcacert_tm_utc_t * | timestamp | ||
) |
Gets the expire date from a certificate. Will be parsed according to the date format specified in the certificate definition.
[in] | cert_def | Certificate definition for the certificate. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[out] | timestamp | Expire date is returned in this structure. |
ATCA_STATUS atcacert_get_issue_date | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
atcacert_tm_utc_t * | timestamp | ||
) |
Gets the issue date from a certificate. Will be parsed according to the date format specified in the certificate definition.
[in] | cert_def | Certificate definition for the certificate. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[out] | timestamp | Issue date is returned in this structure. |
ATCA_STATUS atcacert_get_issuer | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
uint8_t | cert_issuer[128] | ||
) |
Gets the issuer name of a certificate.
[in] | cert_def | Certificate definition for the certificate. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[out] | cert_issuer | Certificate's issuer is returned in this buffer. |
ATCA_STATUS atcacert_get_response | ( | uint8_t | device_private_key_slot, |
const uint8_t | challenge[32], | ||
uint8_t | response[64] | ||
) |
Calculates the response to a challenge sent from the host.
The challenge-response protocol is an ECDSA Sign and Verify. This performs the ECDSA Sign on the challenge and returns the signature as the response.
[in] | device_private_key_slot | Slot number for the device's private key. This must be the same slot used to generate the public key included in the device's certificate. |
[in] | challenge | Challenge to generate the response for. Must be 32 bytes. |
[out] | response | Response will be returned in this buffer. 64 bytes. |
ATCA_STATUS atcacert_get_subj_key_id | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
uint8_t | subj_key_id[20] | ||
) |
Gets the subject key ID from a certificate.
[in] | cert_def | Certificate definition for the certificate. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[out] | subj_key_id | Subject key ID is returned in this buffer. 20 bytes. |
ATCA_STATUS atcacert_get_subj_public_key | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
cal_buffer * | subj_public_key | ||
) |
Gets the subject public key from a certificate.
[in] | cert_def | Certificate definition for the certificate. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[out] | subj_public_key | Subject public key is returned in the buffer pointed by subj_public_key |
ATCA_STATUS atcacert_get_subject | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
cal_buffer * | cert_subj_buf | ||
) |
Gets the subject name from a certificate.
[in] | cert_def | Certificate definition for the certificate. |
[in] | cert | Certificate to get element from. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[out] | subject | Subject name is returned in this buffer. |
ATCA_STATUS atcacert_read_cert | ( | const atcacert_def_t * | cert_def, |
const uint8_t | ca_public_key[64], | ||
uint8_t * | cert, | ||
size_t * | cert_size | ||
) |
Reads the certificate specified by the certificate definition from the ATECC508A device.
This process involves reading the dynamic cert data from the device and combining it with the template found in the certificate definition.
[in] | cert_def | Certificate definition describing where to find the dynamic certificate information on the device and how to incorporate it into the template. |
[in] | ca_public_key | The ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total). Set to NULL if the authority key id is not needed, set properly in the cert_def template, or stored on the device as specifed in the cert_def cert_elements. |
[out] | cert | Buffer to received the certificate. |
[in,out] | cert_size | As input, the size of the cert buffer in bytes. As output, the size of the certificate returned in cert in bytes. |
ATCA_STATUS atcacert_read_cert_ext | ( | ATCADevice | device, |
const atcacert_def_t * | cert_def, | ||
const uint8_t | ca_public_key[64], | ||
uint8_t * | cert, | ||
size_t * | cert_size | ||
) |
Reads the certificate specified by the certificate definition from the ATECC508A device.
This process involves reading the dynamic cert data from the device and combining it with the template found in the certificate definition.
[in] | device | Device context |
[in] | cert_def | Certificate definition describing where to find the dynamic certificate information on the device and how to incorporate it into the template. |
[in] | ca_public_key | The ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total). Set to NULL if the authority key id is not needed, set properly in the cert_def template, or stored on the device as specifed in the cert_def cert_elements. |
[out] | cert | Buffer to received the certificate. |
[in,out] | cert_size | As input, the size of the cert buffer in bytes. As output, the size of the certificate returned in cert in bytes. |
ATCA_STATUS atcacert_read_cert_size | ( | const atcacert_def_t * | cert_def, |
size_t * | cert_size | ||
) |
Return the actual certificate size in bytes for a given cert def. Certificate can be variable size, so this gives the absolute buffer size when reading the certificates.
[in] | cert_def | Certificate definition to find a max size for. |
[out] | cert_size | Certificate size will be returned here in bytes. |
ATCA_STATUS atcacert_read_cert_size_ext | ( | ATCADevice | device, |
const atcacert_def_t * | cert_def, | ||
size_t * | cert_size | ||
) |
Return the actual certificate size in bytes for a given cert def. Certificate can be variable size, so this gives the absolute buffer size when reading the certificates.
[in] | device | Device context |
[in] | cert_def | Certificate definition to find a max size for. |
[out] | cert_size | Certificate size will be returned here in bytes. |
ATCA_STATUS atcacert_read_device_loc | ( | const atcacert_device_loc_t * | device_loc, |
uint8_t * | data | ||
) |
Read the data from a device location.
[in] | device_loc | Device location to read data from. |
[out] | data | Data read is returned here. |
ATCA_STATUS atcacert_read_device_loc_ext | ( | ATCADevice | device, |
const atcacert_device_loc_t * | device_loc, | ||
uint8_t * | data | ||
) |
Read the data from a device location.
[in] | device | Device context |
[in] | device_loc | Device location to read data from. |
[out] | data | Data read is returned here. |
ATCA_STATUS atcacert_read_subj_key_id | ( | const atcacert_def_t * | cert_def, |
uint8_t | subj_key_id[20] | ||
) |
Reads the subject key ID based on a certificate definition.
[in] | cert_def | Certificate definition |
[out] | subj_key_id | Subject key ID is returned in this buffer. 20 bytes. |
ATCA_STATUS atcacert_read_subj_key_id_ext | ( | ATCADevice | device, |
const atcacert_def_t * | cert_def, | ||
uint8_t | subj_key_id[20] | ||
) |
Reads the subject key ID based on a certificate definition.
[in] | device | Device context |
[in] | cert_def | Certificate definition |
[out] | subj_key_id | Subject key ID is returned in this buffer. 20 bytes. |
ATCA_STATUS atcacert_verify_cert_hw | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
const uint8_t | ca_public_key[64] | ||
) |
Verify a certificate against its certificate authority's public key using the host's ATECC device for crypto functions.
[in] | cert_def | Certificate definition describing how to extract the TBS and signature components from the certificate specified. |
[in] | cert | Certificate to verify. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[in] | ca_public_key | The ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total). |
ATCA_STATUS atcacert_verify_cert_sw | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size, | ||
const uint8_t | ca_public_key[64] | ||
) |
Verify a certificate against its certificate authority's public key using software crypto functions.The function is currently not implemented.
[in] | cert_def | Certificate definition describing how to extract the TBS and signature components from the certificate specified. |
[in] | cert | Certificate to verify. |
[in] | cert_size | Size of the certificate (cert) in bytes. |
[in] | ca_public_key | The ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total). |
ATCA_STATUS atcacert_verify_response_hw | ( | const uint8_t | device_public_key[64], |
const uint8_t | challenge[32], | ||
const uint8_t | response[64] | ||
) |
Verify a client's response to a challenge using the host's ATECC device for crypto functions.
The challenge-response protocol is an ECDSA Sign and Verify. This performs an ECDSA verify on the response returned by the client, verifying the client has the private key counter-part to the public key returned in its certificate.
[in] | device_public_key | Device public key as read from its certificate. Formatted as the X and Y integers concatenated together. 64 bytes. |
[in] | challenge | Challenge that was sent to the client. 32 bytes. |
[in] | response | Response returned from the client to be verified. 64 bytes. |
ATCA_STATUS atcacert_verify_response_sw | ( | const uint8_t | device_public_key[64], |
const uint8_t | challenge[32], | ||
const uint8_t | response[64] | ||
) |
Verify a client's response to a challenge using software crypto functions.The function is currently not implemented.
The challenge-response protocol is an ECDSA Sign and Verify. This performs an ECDSA verify on the response returned by the client, verifying the client has the private key counter-part to the public key returned in its certificate.
[in] | device_public_key | Device public key as read from its certificate. Formatted as the X and Y integers concatenated together. 64 bytes. |
[in] | challenge | Challenge that was sent to the client. 32 bytes. |
[in] | response | Response returned from the client to be verified. 64 bytes. |
ATCA_STATUS atcacert_write_cert | ( | const atcacert_def_t * | cert_def, |
const uint8_t * | cert, | ||
size_t | cert_size | ||
) |
Take a full certificate and write it to the ATECC508A device according to the certificate definition.
[in] | cert_def | Certificate definition describing where the dynamic certificate information is and how to store it on the device. |
[in] | cert | Full certificate to be stored. |
[in] | cert_size | Size of the full certificate in bytes. |
[in] | device | Device context |
ATCA_STATUS atcacert_write_cert_ext | ( | ATCADevice | device, |
const atcacert_def_t * | cert_def, | ||
const uint8_t * | cert, | ||
size_t | cert_size | ||
) |
Take a full certificate and write it to the ATECC508A device according to the certificate definition.
[in] | device | Device context |
[in] | cert_def | Certificate definition describing where the dynamic certificate information is and how to store it on the device. |
[in] | cert | Full certificate to be stored. |
[in] | cert_size | Size of the full certificate in bytes. |
[in] | device | Device context |