CryptoAuthLib
Microchip CryptoAuthentication Library
atcacert_def.h
Go to the documentation of this file.
1 
39 #ifndef ATCACERT_DEF_H
40 #define ATCACERT_DEF_H
41 
42 #include <stddef.h>
43 #include <stdint.h>
44 #include "atcacert.h"
45 #include "atcacert_date.h"
46 
59 {
63 
68 {
69  SNSRC_STORED = 0x0,
80 
85 {
86  DEVZONE_CONFIG = 0x00,
87  DEVZONE_OTP = 0x01,
88  DEVZONE_DATA = 0x02,
89  DEVZONE_NONE = 0x07
91 
96 {
107 
108 // Some of these structures may need to be byte-accurate
109 
110 #pragma pack(push, 1)
111 
115 typedef struct atcacert_device_loc_s
116 {
118  uint8_t slot;
119  uint8_t is_genkey;
120  uint16_t offset;
121  uint16_t count;
123 
127 typedef struct atcacert_cert_loc_s
128 {
129  uint16_t offset;
130  uint16_t count;
132 
137 {
138  char id[16];
142 
149 typedef struct atcacert_def_s
150 {
152  uint8_t template_id;
153  uint8_t chain_id;
160  uint8_t expire_years;
166  const uint8_t* cert_template;
168  const struct atcacert_def_s* ca_cert_def;
170 
175 {
177  uint8_t* cert;
178  size_t* cert_size;
179  size_t max_cert_size;
180  uint8_t is_device_sn;
181  uint8_t device_sn[9];
183 
184 #pragma pack(pop)
185 
186 // Inform function naming when compiling in C++
187 #ifdef __cplusplus
188 extern "C" {
189 #endif
190 
210 int atcacert_get_device_locs(const atcacert_def_t* cert_def,
211  atcacert_device_loc_t* device_locs,
212  size_t* device_locs_count,
213  size_t device_locs_max_count,
214  size_t block_size);
215 
234  const atcacert_def_t* cert_def,
235  uint8_t* cert,
236  size_t* cert_size,
237  const uint8_t ca_public_key[64]);
238 
252  const atcacert_device_loc_t* device_loc,
253  const uint8_t* device_data);
254 
268 
286 int atcacert_get_device_data(const atcacert_def_t* cert_def,
287  const uint8_t* cert,
288  size_t cert_size,
289  const atcacert_device_loc_t* device_loc,
290  uint8_t* device_data);
291 
302 int atcacert_set_subj_public_key(const atcacert_def_t* cert_def,
303  uint8_t* cert,
304  size_t cert_size,
305  const uint8_t subj_public_key[64]);
306 
318 int atcacert_get_subj_public_key(const atcacert_def_t * cert_def,
319  const uint8_t * cert,
320  size_t cert_size,
321  uint8_t subj_public_key[64]);
322 
333 int atcacert_get_subj_key_id(const atcacert_def_t * cert_def,
334  const uint8_t * cert,
335  size_t cert_size,
336  uint8_t subj_key_id[20]);
337 
350 int atcacert_set_signature(const atcacert_def_t* cert_def,
351  uint8_t* cert,
352  size_t* cert_size,
353  size_t max_cert_size,
354  const uint8_t signature[64]);
355 
367 int atcacert_get_signature(const atcacert_def_t * cert_def,
368  const uint8_t * cert,
369  size_t cert_size,
370  uint8_t signature[64]);
371 
383 int atcacert_set_issue_date(const atcacert_def_t* cert_def,
384  uint8_t* cert,
385  size_t cert_size,
386  const atcacert_tm_utc_t* timestamp);
387 
399 int atcacert_get_issue_date(const atcacert_def_t* cert_def,
400  const uint8_t* cert,
401  size_t cert_size,
402  atcacert_tm_utc_t* timestamp);
403 
415 int atcacert_set_expire_date(const atcacert_def_t* cert_def,
416  uint8_t* cert,
417  size_t cert_size,
418  const atcacert_tm_utc_t* timestamp);
419 
431 int atcacert_get_expire_date(const atcacert_def_t* cert_def,
432  const uint8_t* cert,
433  size_t cert_size,
434  atcacert_tm_utc_t* timestamp);
435 
446 int atcacert_set_signer_id(const atcacert_def_t* cert_def,
447  uint8_t* cert,
448  size_t cert_size,
449  const uint8_t signer_id[2]);
450 
461 int atcacert_get_signer_id(const atcacert_def_t * cert_def,
462  const uint8_t * cert,
463  size_t cert_size,
464  uint8_t signer_id[2]);
465 
478 int atcacert_set_cert_sn(const atcacert_def_t* cert_def,
479  uint8_t* cert,
480  size_t* cert_size,
481  size_t max_cert_size,
482  const uint8_t* cert_sn,
483  size_t cert_sn_size);
484 
502 int atcacert_gen_cert_sn(const atcacert_def_t* cert_def,
503  uint8_t* cert,
504  size_t cert_size,
505  const uint8_t device_sn[9]);
506 
519 int atcacert_get_cert_sn(const atcacert_def_t* cert_def,
520  const uint8_t* cert,
521  size_t cert_size,
522  uint8_t* cert_sn,
523  size_t* cert_sn_size);
524 
537 int atcacert_set_auth_key_id(const atcacert_def_t* cert_def,
538  uint8_t* cert,
539  size_t cert_size,
540  const uint8_t auth_public_key[64]);
541 
552 int atcacert_set_auth_key_id_raw(const atcacert_def_t* cert_def,
553  uint8_t* cert,
554  size_t cert_size,
555  const uint8_t* auth_key_id);
556 
567 int atcacert_get_auth_key_id(const atcacert_def_t * cert_def,
568  const uint8_t * cert,
569  size_t cert_size,
570  uint8_t auth_key_id[20]);
571 
587 int atcacert_set_comp_cert(const atcacert_def_t* cert_def,
588  uint8_t* cert,
589  size_t* cert_size,
590  size_t max_cert_size,
591  const uint8_t comp_cert[72]);
592 
603 int atcacert_get_comp_cert(const atcacert_def_t * cert_def,
604  const uint8_t * cert,
605  size_t cert_size,
606  uint8_t comp_cert[72]);
607 
619 int atcacert_get_tbs(const atcacert_def_t* cert_def,
620  const uint8_t* cert,
621  size_t cert_size,
622  const uint8_t** tbs,
623  size_t* tbs_size);
624 
635 int atcacert_get_tbs_digest(const atcacert_def_t * cert_def,
636  const uint8_t * cert,
637  size_t cert_size,
638  uint8_t tbs_digest[32]);
639 
653 int atcacert_set_cert_element(const atcacert_def_t* cert_def,
654  const atcacert_cert_loc_t* cert_loc,
655  uint8_t* cert,
656  size_t cert_size,
657  const uint8_t* data,
658  size_t data_size);
659 
673 int atcacert_get_cert_element(const atcacert_def_t* cert_def,
674  const atcacert_cert_loc_t* cert_loc,
675  const uint8_t* cert,
676  size_t cert_size,
677  uint8_t* data,
678  size_t data_size);
679 
680 
681 // Below are utility functions for dealing with various bits for data conversion and wrangling
682 
697 int atcacert_get_key_id(const uint8_t public_key[64], uint8_t key_id[20]);
698 
722  size_t* device_locs_count,
723  size_t device_locs_max_count,
724  const atcacert_device_loc_t* device_loc,
725  size_t block_size);
726 
728  const atcacert_device_loc_t* device_loc2);
729 
741 void atcacert_public_key_add_padding(const uint8_t raw_key[64], uint8_t padded_key[72]);
742 
753 void atcacert_public_key_remove_padding(const uint8_t padded_key[72], uint8_t raw_key[64]);
754 
756 #ifdef __cplusplus
757 }
758 #endif
759 
760 #endif
761 
atcacert_cert_sn_src_e
Definition: atcacert_def.h:67
int atcacert_set_signature(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t signature[64])
Sets the signature in a certificate. This may alter the size of the X.509 certificates.
Definition: atcacert_def.c:672
Standard X509 certificate.
Definition: atcacert_def.h:60
int atcacert_set_comp_cert(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t comp_cert[72])
Sets the signature, issue date, expire date, and signer ID found in the compressed certificate...
Definition: atcacert_def.c:1338
int atcacert_get_subj_public_key(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_public_key[64])
Gets the subject public key from a certificate.
Definition: atcacert_def.c:646
const uint8_t * cert_template
Pointer to the actual certificate template data.
Definition: atcacert_def.h:166
Definition: atcacert_def.h:102
int atcacert_get_expire_date(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
Gets the expire date from a certificate. Will be parsed according to the date format specified in the...
Definition: atcacert_def.c:882
Cert serial number is the SHA256(Subject public key + Encoded dates), with uppermost 2 bits set to 01...
Definition: atcacert_def.h:73
Definition: atcacert_def.h:103
int atcacert_get_cert_sn(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t *cert_sn, size_t *cert_sn_size)
Gets the certificate serial number from a certificate.
Definition: atcacert_def.c:1254
struct atcacert_cert_loc_s atcacert_cert_loc_t
atcacert_device_loc_t device_loc
Location in the device for the element.
Definition: atcacert_def.h:139
int atcacert_get_key_id(const uint8_t public_key[64], uint8_t key_id[20])
Calculates the key ID for a given public ECC P256 key.
Definition: atcacert_def.c:1607
atcacert_cert_loc_t cert_loc
Location in the certificate template for the element.
Definition: atcacert_def.h:140
Custom format.
Definition: atcacert_def.h:61
Special value used to indicate there is no device location.
Definition: atcacert_def.h:89
size_t max_cert_size
Max size of the cert buffer in bytes.
Definition: atcacert_def.h:179
uint16_t offset
Byte offset in the certificate template.
Definition: atcacert_def.h:129
Depreciated, don&#39;t use. Cert serial number is the SHA256(Subject public key + Encoded dates)...
Definition: atcacert_def.h:77
uint8_t is_genkey
If true, use GenKey command to get the contents instead of Read.
Definition: atcacert_def.h:119
Cert serial is stored on the device with the first byte being the DER size (X509 certs only)...
Definition: atcacert_def.h:70
int atcacert_get_cert_element(const atcacert_def_t *cert_def, const atcacert_cert_loc_t *cert_loc, const uint8_t *cert, size_t cert_size, uint8_t *data, size_t data_size)
Gets an element from a certificate.
Definition: atcacert_def.c:1571
int atcacert_cert_build_finish(atcacert_build_state_t *build_state)
Completes any final certificate processing required after all data from the device has been incorpora...
Definition: atcacert_def.c:464
struct atcacert_def_s atcacert_def_t
Cert serial is stored on the device.
Definition: atcacert_def.h:69
const struct atcacert_def_s * ca_cert_def
Certificate definition of the CA certificate.
Definition: atcacert_def.h:168
uint16_t cert_template_size
Size of the certificate template in cert_template in bytes.
Definition: atcacert_def.h:167
uint8_t expire_years
Number of years the certificate is valid for (5-bit value). 0 means no expiration.
Definition: atcacert_def.h:160
uint8_t private_key_slot
If this is a device certificate template, this is the device slot for the device private key...
Definition: atcacert_def.h:154
Definition: atcacert_def.h:97
uint8_t device_sn[9]
Storage for the device SN, when it&#39;s found.
Definition: atcacert_def.h:181
uint16_t count
Byte count.
Definition: atcacert_def.h:121
Definition: atcacert_def.h:99
int atcacert_get_signature(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signature[64])
Gets the signature from a certificate.
Definition: atcacert_def.c:743
atcacert_cert_loc_t tbs_cert_loc
Location in the certificate for the TBS (to be signed) portion.
Definition: atcacert_def.h:159
uint8_t * cert
Buffer to contain the rebuilt certificate.
Definition: atcacert_def.h:177
Definition: atcacert_def.h:101
int atcacert_get_device_locs(const atcacert_def_t *cert_def, atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, size_t block_size)
Add all the device locations required to rebuild the specified certificate (cert_def) to a device loc...
Definition: atcacert_def.c:119
enum atcacert_std_cert_element_e atcacert_std_cert_element_t
Depreciated, don&#39;t use. Cert serial number is the SHA256(Subject public key + Encoded dates)...
Definition: atcacert_def.h:75
uint8_t is_device_sn
Indicates the structure contains the device SN.
Definition: atcacert_def.h:180
Declarations for date handling with regard to certificates.
atcacert_device_zone_e
Definition: atcacert_def.h:84
Definition: atcacert_def.h:115
Depreciated, don&#39;t use. Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates.
Definition: atcacert_def.h:78
const atcacert_def_t * cert_def
Certificate definition for the certificate being rebuilt.
Definition: atcacert_def.h:176
atcacert_device_zone_t zone
Zone in the device.
Definition: atcacert_def.h:117
enum atcacert_device_zone_e atcacert_device_zone_t
atcacert_cert_loc_t std_cert_elements[STDCERT_NUM_ELEMENTS]
Where in the certificate template the standard cert elements are inserted.
Definition: atcacert_def.h:163
int atcacert_get_issue_date(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
Gets the issue date from a certificate. Will be parsed according to the date format specified in the ...
Definition: atcacert_def.c:808
int atcacert_get_auth_key_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t auth_key_id[20])
Gets the authority key ID from a certificate.
Definition: atcacert_def.c:1325
int atcacert_merge_device_loc(atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, const atcacert_device_loc_t *device_loc, size_t block_size)
Merge a new device location into a list of device locations. If the new location overlaps with an exi...
Definition: atcacert_def.c:38
struct atcacert_cert_element_s atcacert_cert_element_t
Data zone (slots).
Definition: atcacert_def.h:88
int atcacert_set_subj_public_key(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t subj_public_key[64])
Sets the subject public key and subject key ID in a certificate.
Definition: atcacert_def.c:612
atcacert_date_format_t expire_date_format
format of the expire date in the certificate.
Definition: atcacert_def.h:158
Cert serial number is the SHA256(Device SN + Encoded dates), with uppermost 2 bits set to 01...
Definition: atcacert_def.h:74
enum atcacert_cert_sn_src_e atcacert_cert_sn_src_t
Definition: atcacert_def.h:100
atcacert_cert_type_t type
Certificate type.
Definition: atcacert_def.h:151
int atcacert_set_auth_key_id_raw(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t *auth_key_id)
Sets the authority key ID in a certificate.
Definition: atcacert_def.c:1304
atcacert_cert_type_e
Definition: atcacert_def.h:58
atcacert_cert_sn_src_t sn_source
Where the certificate serial number comes from (4-bit value).
Definition: atcacert_def.h:155
int atcacert_cert_build_process(atcacert_build_state_t *build_state, const atcacert_device_loc_t *device_loc, const uint8_t *device_data)
Process information read from the ATECC device. If it contains information for the certificate...
Definition: atcacert_def.c:336
int atcacert_set_cert_sn(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t *cert_sn, size_t cert_sn_size)
Sets the certificate serial number in a certificate.
Definition: atcacert_def.c:1038
Cert serial number is 0x40(MSB) + 9-byte device serial number. Only applies to device certificates...
Definition: atcacert_def.h:71
int atcacert_get_signer_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signer_id[2])
Gets the signer ID from a certificate. Will be parsed as 4 upper-case hex digits. ...
Definition: atcacert_def.c:1004
int atcacert_get_tbs_digest(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t tbs_digest[32])
Get the SHA256 digest of certificate&#39;s TBS data.
Definition: atcacert_def.c:1497
struct atcacert_build_state_s atcacert_build_state_t
int atcacert_get_tbs(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t **tbs, size_t *tbs_size)
Get a pointer to the TBS data in a certificate.
Definition: atcacert_def.c:1471
uint8_t chain_id
ID for the certificate chain this definition is a part of (4-bit value).
Definition: atcacert_def.h:153
int atcacert_gen_cert_sn(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t device_sn[9])
Sets the certificate serial number by generating it from other information in the certificate using t...
Definition: atcacert_def.c:1118
Definition: atcacert_def.h:136
Definition: atcacert_def.h:98
int atcacert_get_comp_cert(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t comp_cert[72])
Generate the compressed certificate for the given certificate.
Definition: atcacert_def.c:1414
uint8_t template_id
ID for the this certificate definition (4-bit value).
Definition: atcacert_def.h:152
atcacert_std_cert_element_e
Definition: atcacert_def.h:95
Definition: atcacert_date.h:52
enum atcacert_date_format_e atcacert_date_format_t
Configuration zone.
Definition: atcacert_def.h:86
struct atcacert_device_loc_s atcacert_device_loc_t
atcacert_device_loc_t cert_sn_dev_loc
Only applies when sn_source is SNSRC_STORED or SNSRC_STORED_DYNAMIC. Describes where to get the certi...
Definition: atcacert_def.h:156
atcacert_date_format_t issue_date_format
Format of the issue date in the certificate.
Definition: atcacert_def.h:157
int atcacert_get_subj_key_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_key_id[20])
Gets the subject key ID from a certificate.
Definition: atcacert_def.c:659
void atcacert_public_key_remove_padding(const uint8_t padded_key[72], uint8_t raw_key[64])
Takes a padded public key used by ATECC devices and converts it to a raw P256 ECC public key...
Definition: atcacert_def.c:1630
void atcacert_public_key_add_padding(const uint8_t raw_key[64], uint8_t padded_key[72])
Takes a raw P256 ECC public key and converts it to the padded version used by ATECC devices...
Definition: atcacert_def.c:1622
One Time Programmable zone.
Definition: atcacert_def.h:87
Definition: atcacert_def.h:174
int atcacert_set_cert_element(const atcacert_def_t *cert_def, const atcacert_cert_loc_t *cert_loc, uint8_t *cert, size_t cert_size, const uint8_t *data, size_t data_size)
Sets an element in a certificate. The data_size must match the size in cert_loc.
Definition: atcacert_def.c:1526
int atcacert_get_device_data(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const atcacert_device_loc_t *device_loc, uint8_t *device_data)
Gets the dynamic data that would be saved to the specified device location. This function is primaril...
Definition: atcacert_def.c:519
atcacert_device_loc_t public_key_dev_loc
Where on the device the public key can be found.
Definition: atcacert_def.h:161
Definition: atcacert_def.h:104
Definition: atcacert_def.h:127
uint8_t slot
Slot within the data zone. Only applies if zone is DEVZONE_DATA.
Definition: atcacert_def.h:118
uint16_t offset
Byte offset in the zone.
Definition: atcacert_def.h:120
int atcacert_set_expire_date(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
Sets the expire date (notAfter) in a certificate. Will be formatted according to the date format spec...
Definition: atcacert_def.c:848
const atcacert_cert_element_t * cert_elements
Additional certificate elements outside of the standard certificate contents.
Definition: atcacert_def.h:164
size_t * cert_size
Current size of the certificate in bytes.
Definition: atcacert_def.h:178
int atcacert_set_auth_key_id(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t auth_public_key[64])
Sets the authority key ID in a certificate. Note that this takes the actual public key creates a key ...
Definition: atcacert_def.c:1276
Declarations common to all atcacert code.
Cert serial number is 0x40(MSB) + 2-byte signer ID. Only applies to signer certificates.
Definition: atcacert_def.h:72
Depreciated, don&#39;t use. Cert serial number is the SHA256(Device SN + Encoded dates), with MSBit set to 0 to ensure it&#39;s positive. Only applies to device certificates.
Definition: atcacert_def.h:76
atcacert_device_loc_t comp_cert_dev_loc
Where on the device the compressed cert can be found.
Definition: atcacert_def.h:162
int atcacert_is_device_loc_overlap(const atcacert_device_loc_t *device_loc1, const atcacert_device_loc_t *device_loc2)
Definition: atcacert_def.c:488
Special item to give the number of elements in this enum.
Definition: atcacert_def.h:105
Definition: atcacert_def.h:149
uint16_t count
Byte count. Set to 0 if it doesn&#39;t exist.
Definition: atcacert_def.h:130
int atcacert_set_signer_id(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t signer_id[2])
Sets the signer ID in a certificate. Will be formatted as 4 upper-case hex digits.
Definition: atcacert_def.c:945
int atcacert_set_issue_date(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
Sets the issue date (notBefore) in a certificate. Will be formatted according to the date format spec...
Definition: atcacert_def.c:774
enum atcacert_cert_type_e atcacert_cert_type_t
int atcacert_cert_build_start(atcacert_build_state_t *build_state, const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, const uint8_t ca_public_key[64])
Starts the certificate rebuilding process.
Definition: atcacert_def.c:270
uint8_t cert_elements_count
Number of additional certificate elements in cert_elements.
Definition: atcacert_def.h:165