39 #ifndef ATCACERT_DEF_H 40 #define ATCACERT_DEF_H 110 #pragma pack(push, 1) 212 size_t* device_locs_count,
213 size_t device_locs_max_count,
237 const uint8_t ca_public_key[64]);
253 const uint8_t* device_data);
290 uint8_t* device_data);
305 const uint8_t subj_public_key[64]);
319 const uint8_t * cert,
321 uint8_t subj_public_key[64]);
334 const uint8_t * cert,
336 uint8_t subj_key_id[20]);
353 size_t max_cert_size,
354 const uint8_t signature[64]);
368 const uint8_t * cert,
370 uint8_t signature[64]);
449 const uint8_t signer_id[2]);
462 const uint8_t * cert,
464 uint8_t signer_id[2]);
481 size_t max_cert_size,
482 const uint8_t* cert_sn,
483 size_t cert_sn_size);
505 const uint8_t device_sn[9]);
523 size_t* cert_sn_size);
540 const uint8_t auth_public_key[64]);
555 const uint8_t* auth_key_id);
568 const uint8_t * cert,
570 uint8_t auth_key_id[20]);
590 size_t max_cert_size,
591 const uint8_t comp_cert[72]);
604 const uint8_t * cert,
606 uint8_t comp_cert[72]);
636 const uint8_t * cert,
638 uint8_t tbs_digest[32]);
722 size_t* device_locs_count,
723 size_t device_locs_max_count,
atcacert_cert_sn_src_e
Definition: atcacert_def.h:67
int atcacert_set_signature(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t signature[64])
Sets the signature in a certificate. This may alter the size of the X.509 certificates.
Definition: atcacert_def.c:672
Standard X509 certificate.
Definition: atcacert_def.h:60
int atcacert_set_comp_cert(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t comp_cert[72])
Sets the signature, issue date, expire date, and signer ID found in the compressed certificate...
Definition: atcacert_def.c:1338
int atcacert_get_subj_public_key(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_public_key[64])
Gets the subject public key from a certificate.
Definition: atcacert_def.c:646
const uint8_t * cert_template
Pointer to the actual certificate template data.
Definition: atcacert_def.h:166
Definition: atcacert_def.h:102
int atcacert_get_expire_date(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
Gets the expire date from a certificate. Will be parsed according to the date format specified in the...
Definition: atcacert_def.c:882
Cert serial number is the SHA256(Subject public key + Encoded dates), with uppermost 2 bits set to 01...
Definition: atcacert_def.h:73
Definition: atcacert_def.h:103
int atcacert_get_cert_sn(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t *cert_sn, size_t *cert_sn_size)
Gets the certificate serial number from a certificate.
Definition: atcacert_def.c:1254
struct atcacert_cert_loc_s atcacert_cert_loc_t
atcacert_device_loc_t device_loc
Location in the device for the element.
Definition: atcacert_def.h:139
int atcacert_get_key_id(const uint8_t public_key[64], uint8_t key_id[20])
Calculates the key ID for a given public ECC P256 key.
Definition: atcacert_def.c:1607
atcacert_cert_loc_t cert_loc
Location in the certificate template for the element.
Definition: atcacert_def.h:140
Custom format.
Definition: atcacert_def.h:61
Special value used to indicate there is no device location.
Definition: atcacert_def.h:89
size_t max_cert_size
Max size of the cert buffer in bytes.
Definition: atcacert_def.h:179
uint16_t offset
Byte offset in the certificate template.
Definition: atcacert_def.h:129
Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates)...
Definition: atcacert_def.h:77
uint8_t is_genkey
If true, use GenKey command to get the contents instead of Read.
Definition: atcacert_def.h:119
Cert serial is stored on the device with the first byte being the DER size (X509 certs only)...
Definition: atcacert_def.h:70
int atcacert_get_cert_element(const atcacert_def_t *cert_def, const atcacert_cert_loc_t *cert_loc, const uint8_t *cert, size_t cert_size, uint8_t *data, size_t data_size)
Gets an element from a certificate.
Definition: atcacert_def.c:1571
int atcacert_cert_build_finish(atcacert_build_state_t *build_state)
Completes any final certificate processing required after all data from the device has been incorpora...
Definition: atcacert_def.c:464
struct atcacert_def_s atcacert_def_t
Cert serial is stored on the device.
Definition: atcacert_def.h:69
const struct atcacert_def_s * ca_cert_def
Certificate definition of the CA certificate.
Definition: atcacert_def.h:168
uint16_t cert_template_size
Size of the certificate template in cert_template in bytes.
Definition: atcacert_def.h:167
uint8_t expire_years
Number of years the certificate is valid for (5-bit value). 0 means no expiration.
Definition: atcacert_def.h:160
uint8_t private_key_slot
If this is a device certificate template, this is the device slot for the device private key...
Definition: atcacert_def.h:154
Definition: atcacert_def.h:97
uint8_t device_sn[9]
Storage for the device SN, when it's found.
Definition: atcacert_def.h:181
uint16_t count
Byte count.
Definition: atcacert_def.h:121
Definition: atcacert_def.h:99
int atcacert_get_signature(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signature[64])
Gets the signature from a certificate.
Definition: atcacert_def.c:743
atcacert_cert_loc_t tbs_cert_loc
Location in the certificate for the TBS (to be signed) portion.
Definition: atcacert_def.h:159
uint8_t * cert
Buffer to contain the rebuilt certificate.
Definition: atcacert_def.h:177
Definition: atcacert_def.h:101
int atcacert_get_device_locs(const atcacert_def_t *cert_def, atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, size_t block_size)
Add all the device locations required to rebuild the specified certificate (cert_def) to a device loc...
Definition: atcacert_def.c:119
enum atcacert_std_cert_element_e atcacert_std_cert_element_t
Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates)...
Definition: atcacert_def.h:75
uint8_t is_device_sn
Indicates the structure contains the device SN.
Definition: atcacert_def.h:180
Declarations for date handling with regard to certificates.
atcacert_device_zone_e
Definition: atcacert_def.h:84
Definition: atcacert_def.h:115
Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates.
Definition: atcacert_def.h:78
const atcacert_def_t * cert_def
Certificate definition for the certificate being rebuilt.
Definition: atcacert_def.h:176
atcacert_device_zone_t zone
Zone in the device.
Definition: atcacert_def.h:117
enum atcacert_device_zone_e atcacert_device_zone_t
atcacert_cert_loc_t std_cert_elements[STDCERT_NUM_ELEMENTS]
Where in the certificate template the standard cert elements are inserted.
Definition: atcacert_def.h:163
int atcacert_get_issue_date(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
Gets the issue date from a certificate. Will be parsed according to the date format specified in the ...
Definition: atcacert_def.c:808
int atcacert_get_auth_key_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t auth_key_id[20])
Gets the authority key ID from a certificate.
Definition: atcacert_def.c:1325
int atcacert_merge_device_loc(atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, const atcacert_device_loc_t *device_loc, size_t block_size)
Merge a new device location into a list of device locations. If the new location overlaps with an exi...
Definition: atcacert_def.c:38
struct atcacert_cert_element_s atcacert_cert_element_t
Data zone (slots).
Definition: atcacert_def.h:88
int atcacert_set_subj_public_key(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t subj_public_key[64])
Sets the subject public key and subject key ID in a certificate.
Definition: atcacert_def.c:612
atcacert_date_format_t expire_date_format
format of the expire date in the certificate.
Definition: atcacert_def.h:158
Cert serial number is the SHA256(Device SN + Encoded dates), with uppermost 2 bits set to 01...
Definition: atcacert_def.h:74
enum atcacert_cert_sn_src_e atcacert_cert_sn_src_t
Definition: atcacert_def.h:100
atcacert_cert_type_t type
Certificate type.
Definition: atcacert_def.h:151
int atcacert_set_auth_key_id_raw(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t *auth_key_id)
Sets the authority key ID in a certificate.
Definition: atcacert_def.c:1304
atcacert_cert_type_e
Definition: atcacert_def.h:58
atcacert_cert_sn_src_t sn_source
Where the certificate serial number comes from (4-bit value).
Definition: atcacert_def.h:155
int atcacert_cert_build_process(atcacert_build_state_t *build_state, const atcacert_device_loc_t *device_loc, const uint8_t *device_data)
Process information read from the ATECC device. If it contains information for the certificate...
Definition: atcacert_def.c:336
int atcacert_set_cert_sn(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t *cert_sn, size_t cert_sn_size)
Sets the certificate serial number in a certificate.
Definition: atcacert_def.c:1038
Cert serial number is 0x40(MSB) + 9-byte device serial number. Only applies to device certificates...
Definition: atcacert_def.h:71
int atcacert_get_signer_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signer_id[2])
Gets the signer ID from a certificate. Will be parsed as 4 upper-case hex digits. ...
Definition: atcacert_def.c:1004
int atcacert_get_tbs_digest(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t tbs_digest[32])
Get the SHA256 digest of certificate's TBS data.
Definition: atcacert_def.c:1497
struct atcacert_build_state_s atcacert_build_state_t
int atcacert_get_tbs(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t **tbs, size_t *tbs_size)
Get a pointer to the TBS data in a certificate.
Definition: atcacert_def.c:1471
uint8_t chain_id
ID for the certificate chain this definition is a part of (4-bit value).
Definition: atcacert_def.h:153
int atcacert_gen_cert_sn(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t device_sn[9])
Sets the certificate serial number by generating it from other information in the certificate using t...
Definition: atcacert_def.c:1118
Definition: atcacert_def.h:136
Definition: atcacert_def.h:98
int atcacert_get_comp_cert(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t comp_cert[72])
Generate the compressed certificate for the given certificate.
Definition: atcacert_def.c:1414
uint8_t template_id
ID for the this certificate definition (4-bit value).
Definition: atcacert_def.h:152
atcacert_std_cert_element_e
Definition: atcacert_def.h:95
Definition: atcacert_date.h:52
enum atcacert_date_format_e atcacert_date_format_t
Configuration zone.
Definition: atcacert_def.h:86
struct atcacert_device_loc_s atcacert_device_loc_t
atcacert_device_loc_t cert_sn_dev_loc
Only applies when sn_source is SNSRC_STORED or SNSRC_STORED_DYNAMIC. Describes where to get the certi...
Definition: atcacert_def.h:156
atcacert_date_format_t issue_date_format
Format of the issue date in the certificate.
Definition: atcacert_def.h:157
int atcacert_get_subj_key_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_key_id[20])
Gets the subject key ID from a certificate.
Definition: atcacert_def.c:659
void atcacert_public_key_remove_padding(const uint8_t padded_key[72], uint8_t raw_key[64])
Takes a padded public key used by ATECC devices and converts it to a raw P256 ECC public key...
Definition: atcacert_def.c:1630
void atcacert_public_key_add_padding(const uint8_t raw_key[64], uint8_t padded_key[72])
Takes a raw P256 ECC public key and converts it to the padded version used by ATECC devices...
Definition: atcacert_def.c:1622
One Time Programmable zone.
Definition: atcacert_def.h:87
Definition: atcacert_def.h:174
int atcacert_set_cert_element(const atcacert_def_t *cert_def, const atcacert_cert_loc_t *cert_loc, uint8_t *cert, size_t cert_size, const uint8_t *data, size_t data_size)
Sets an element in a certificate. The data_size must match the size in cert_loc.
Definition: atcacert_def.c:1526
int atcacert_get_device_data(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const atcacert_device_loc_t *device_loc, uint8_t *device_data)
Gets the dynamic data that would be saved to the specified device location. This function is primaril...
Definition: atcacert_def.c:519
atcacert_device_loc_t public_key_dev_loc
Where on the device the public key can be found.
Definition: atcacert_def.h:161
Definition: atcacert_def.h:104
Definition: atcacert_def.h:127
uint8_t slot
Slot within the data zone. Only applies if zone is DEVZONE_DATA.
Definition: atcacert_def.h:118
uint16_t offset
Byte offset in the zone.
Definition: atcacert_def.h:120
int atcacert_set_expire_date(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
Sets the expire date (notAfter) in a certificate. Will be formatted according to the date format spec...
Definition: atcacert_def.c:848
const atcacert_cert_element_t * cert_elements
Additional certificate elements outside of the standard certificate contents.
Definition: atcacert_def.h:164
size_t * cert_size
Current size of the certificate in bytes.
Definition: atcacert_def.h:178
int atcacert_set_auth_key_id(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t auth_public_key[64])
Sets the authority key ID in a certificate. Note that this takes the actual public key creates a key ...
Definition: atcacert_def.c:1276
Declarations common to all atcacert code.
Cert serial number is 0x40(MSB) + 2-byte signer ID. Only applies to signer certificates.
Definition: atcacert_def.h:72
Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates), with MSBit set to 0 to ensure it's positive. Only applies to device certificates.
Definition: atcacert_def.h:76
atcacert_device_loc_t comp_cert_dev_loc
Where on the device the compressed cert can be found.
Definition: atcacert_def.h:162
int atcacert_is_device_loc_overlap(const atcacert_device_loc_t *device_loc1, const atcacert_device_loc_t *device_loc2)
Definition: atcacert_def.c:488
Special item to give the number of elements in this enum.
Definition: atcacert_def.h:105
Definition: atcacert_def.h:149
uint16_t count
Byte count. Set to 0 if it doesn't exist.
Definition: atcacert_def.h:130
int atcacert_set_signer_id(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t signer_id[2])
Sets the signer ID in a certificate. Will be formatted as 4 upper-case hex digits.
Definition: atcacert_def.c:945
int atcacert_set_issue_date(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
Sets the issue date (notBefore) in a certificate. Will be formatted according to the date format spec...
Definition: atcacert_def.c:774
enum atcacert_cert_type_e atcacert_cert_type_t
int atcacert_cert_build_start(atcacert_build_state_t *build_state, const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, const uint8_t ca_public_key[64])
Starts the certificate rebuilding process.
Definition: atcacert_def.c:270
uint8_t cert_elements_count
Number of additional certificate elements in cert_elements.
Definition: atcacert_def.h:165