CryptoAuthLib
Microchip CryptoAuthentication Library
atcacert_def.h File Reference

Declarations for certificates related to ECC CryptoAuthentication devices. These are the definitions required to define a certificate and its various elements with regards to the CryptoAuthentication ECC devices. More...

#include <stddef.h>
#include <stdint.h>
#include "atcacert.h"
#include "atcacert_date.h"

Go to the source code of this file.

Data Structures

struct  atcacert_device_loc_s
 
struct  atcacert_cert_loc_s
 
struct  atcacert_cert_element_s
 
struct  atcacert_def_s
 
struct  atcacert_build_state_s
 

Typedefs

typedef enum atcacert_cert_type_e atcacert_cert_type_t
 
typedef enum atcacert_cert_sn_src_e atcacert_cert_sn_src_t
 
typedef enum atcacert_device_zone_e atcacert_device_zone_t
 
typedef enum atcacert_std_cert_element_e atcacert_std_cert_element_t
 
typedef struct atcacert_device_loc_s atcacert_device_loc_t
 
typedef struct atcacert_cert_loc_s atcacert_cert_loc_t
 
typedef struct atcacert_cert_element_s atcacert_cert_element_t
 
typedef struct atcacert_def_s atcacert_def_t
 
typedef struct atcacert_build_state_s atcacert_build_state_t
 

Enumerations

enum  atcacert_cert_type_e { CERTTYPE_X509, CERTTYPE_CUSTOM }
 
enum  atcacert_cert_sn_src_e {
  SNSRC_STORED = 0x0, SNSRC_STORED_DYNAMIC = 0x7, SNSRC_DEVICE_SN = 0x8, SNSRC_SIGNER_ID = 0x9,
  SNSRC_PUB_KEY_HASH = 0xA, SNSRC_DEVICE_SN_HASH = 0xB, SNSRC_PUB_KEY_HASH_POS = 0xC, SNSRC_DEVICE_SN_HASH_POS = 0xD,
  SNSRC_PUB_KEY_HASH_RAW = 0xE, SNSRC_DEVICE_SN_HASH_RAW = 0xF
}
 
enum  atcacert_device_zone_e { DEVZONE_CONFIG = 0x00, DEVZONE_OTP = 0x01, DEVZONE_DATA = 0x02, DEVZONE_NONE = 0x07 }
 
enum  atcacert_std_cert_element_e {
  STDCERT_PUBLIC_KEY, STDCERT_SIGNATURE, STDCERT_ISSUE_DATE, STDCERT_EXPIRE_DATE,
  STDCERT_SIGNER_ID, STDCERT_CERT_SN, STDCERT_AUTH_KEY_ID, STDCERT_SUBJ_KEY_ID,
  STDCERT_NUM_ELEMENTS
}
 

Functions

int atcacert_get_device_locs (const atcacert_def_t *cert_def, atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, size_t block_size)
 Add all the device locations required to rebuild the specified certificate (cert_def) to a device locations list. More...
 
int atcacert_cert_build_start (atcacert_build_state_t *build_state, const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, const uint8_t ca_public_key[64])
 Starts the certificate rebuilding process. More...
 
int atcacert_cert_build_process (atcacert_build_state_t *build_state, const atcacert_device_loc_t *device_loc, const uint8_t *device_data)
 Process information read from the ATECC device. If it contains information for the certificate, it will be incorporated into the certificate. More...
 
int atcacert_cert_build_finish (atcacert_build_state_t *build_state)
 Completes any final certificate processing required after all data from the device has been incorporated. More...
 
int atcacert_get_device_data (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const atcacert_device_loc_t *device_loc, uint8_t *device_data)
 Gets the dynamic data that would be saved to the specified device location. This function is primarily used to break down a full certificate into the dynamic components to be saved to a device. More...
 
int atcacert_set_subj_public_key (const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t subj_public_key[64])
 Sets the subject public key and subject key ID in a certificate. More...
 
int atcacert_get_subj_public_key (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_public_key[64])
 Gets the subject public key from a certificate. More...
 
int atcacert_get_subj_key_id (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_key_id[20])
 Gets the subject key ID from a certificate. More...
 
int atcacert_set_signature (const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t signature[64])
 Sets the signature in a certificate. This may alter the size of the X.509 certificates. More...
 
int atcacert_get_signature (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signature[64])
 Gets the signature from a certificate. More...
 
int atcacert_set_issue_date (const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
 Sets the issue date (notBefore) in a certificate. Will be formatted according to the date format specified in the certificate definition. More...
 
int atcacert_get_issue_date (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
 Gets the issue date from a certificate. Will be parsed according to the date format specified in the certificate definition. More...
 
int atcacert_set_expire_date (const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
 Sets the expire date (notAfter) in a certificate. Will be formatted according to the date format specified in the certificate definition. More...
 
int atcacert_get_expire_date (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
 Gets the expire date from a certificate. Will be parsed according to the date format specified in the certificate definition. More...
 
int atcacert_set_signer_id (const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t signer_id[2])
 Sets the signer ID in a certificate. Will be formatted as 4 upper-case hex digits. More...
 
int atcacert_get_signer_id (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signer_id[2])
 Gets the signer ID from a certificate. Will be parsed as 4 upper-case hex digits. More...
 
int atcacert_set_cert_sn (const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t *cert_sn, size_t cert_sn_size)
 Sets the certificate serial number in a certificate. More...
 
int atcacert_gen_cert_sn (const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t device_sn[9])
 Sets the certificate serial number by generating it from other information in the certificate using the scheme specified by sn_source in cert_def. See the. More...
 
int atcacert_get_cert_sn (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t *cert_sn, size_t *cert_sn_size)
 Gets the certificate serial number from a certificate. More...
 
int atcacert_set_auth_key_id (const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t auth_public_key[64])
 Sets the authority key ID in a certificate. Note that this takes the actual public key creates a key ID from it. More...
 
int atcacert_set_auth_key_id_raw (const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t *auth_key_id)
 Sets the authority key ID in a certificate. More...
 
int atcacert_get_auth_key_id (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t auth_key_id[20])
 Gets the authority key ID from a certificate. More...
 
int atcacert_set_comp_cert (const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t comp_cert[72])
 Sets the signature, issue date, expire date, and signer ID found in the compressed certificate. This also checks fields common between the cert_def and the compressed certificate to make sure they match. More...
 
int atcacert_get_comp_cert (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t comp_cert[72])
 Generate the compressed certificate for the given certificate. More...
 
int atcacert_get_tbs (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t **tbs, size_t *tbs_size)
 Get a pointer to the TBS data in a certificate. More...
 
int atcacert_get_tbs_digest (const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t tbs_digest[32])
 Get the SHA256 digest of certificate's TBS data. More...
 
int atcacert_set_cert_element (const atcacert_def_t *cert_def, const atcacert_cert_loc_t *cert_loc, uint8_t *cert, size_t cert_size, const uint8_t *data, size_t data_size)
 Sets an element in a certificate. The data_size must match the size in cert_loc. More...
 
int atcacert_get_cert_element (const atcacert_def_t *cert_def, const atcacert_cert_loc_t *cert_loc, const uint8_t *cert, size_t cert_size, uint8_t *data, size_t data_size)
 Gets an element from a certificate. More...
 
int atcacert_get_key_id (const uint8_t public_key[64], uint8_t key_id[20])
 Calculates the key ID for a given public ECC P256 key. More...
 
int atcacert_merge_device_loc (atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, const atcacert_device_loc_t *device_loc, size_t block_size)
 Merge a new device location into a list of device locations. If the new location overlaps with an existing location, the existing one will be modified to encompass both. Otherwise the new location is appended to the end of the list. More...
 
int atcacert_is_device_loc_overlap (const atcacert_device_loc_t *device_loc1, const atcacert_device_loc_t *device_loc2)
 
void atcacert_public_key_add_padding (const uint8_t raw_key[64], uint8_t padded_key[72])
 Takes a raw P256 ECC public key and converts it to the padded version used by ATECC devices. Input and output buffers can point to the same location to do an in-place transform. More...
 
void atcacert_public_key_remove_padding (const uint8_t padded_key[72], uint8_t raw_key[64])
 Takes a padded public key used by ATECC devices and converts it to a raw P256 ECC public key. Input and output buffers can point to the same location to do an in-place transform. More...
 

Detailed Description

Declarations for certificates related to ECC CryptoAuthentication devices. These are the definitions required to define a certificate and its various elements with regards to the CryptoAuthentication ECC devices.

Only the dynamic elements of a certificate (the parts of the certificate that change from device to device) are stored on the ATECC device. The definitions here describe the form of the certificate, and where the dynamic elements can be found both on the ATECC device itself and in the certificate template.

This also defines utility functions for working with the certificates and their definitions.