CryptoAuthLib
Atmel CryptoAuthentication Library
atcacert_def.h
Go to the documentation of this file.
1 
53 #ifndef ATCACERT_DEF_H
54 #define ATCACERT_DEF_H
55 
56 #include <stddef.h>
57 #include <stdint.h>
58 #include "atcacert.h"
59 #include "atcacert_date.h"
60 
72 typedef enum atcacert_cert_type_e {
76 
80 typedef enum atcacert_cert_sn_src_e {
81  SNSRC_STORED = 0x0,
91 
95 typedef enum atcacert_device_zone_e {
96  DEVZONE_CONFIG = 0x00,
97  DEVZONE_OTP = 0x01,
98  DEVZONE_DATA = 0x02,
99  DEVZONE_NONE = 0x07
101 
116 
117 // Some of these structures may need to be byte-accurate
118 #pragma pack(push, 1)
119 
123 typedef struct atcacert_device_loc_s {
125  uint8_t slot;
126  uint8_t is_genkey;
127  uint16_t offset;
128  uint16_t count;
130 
134 typedef struct atcacert_cert_loc_s {
135  uint16_t offset;
136  uint16_t count;
138 
142 typedef struct atcacert_cert_element_s {
143  char id[16];
147 
154 typedef struct atcacert_def_s {
156  uint8_t template_id;
157  uint8_t chain_id;
164  uint8_t expire_years;
170  const uint8_t* cert_template;
173 
177 typedef struct atcacert_build_state_s {
179  uint8_t* cert;
180  size_t* cert_size;
181  size_t max_cert_size;
182  uint8_t is_device_sn;
183  uint8_t device_sn[9];
185 
186 #pragma pack(pop)
187 
188 // Inform function naming when compiling in C++
189 #ifdef __cplusplus
190 extern "C" {
191 #endif
192 
212 int atcacert_get_device_locs( const atcacert_def_t* cert_def,
213  atcacert_device_loc_t* device_locs,
214  size_t* device_locs_count,
215  size_t device_locs_max_count,
216  size_t block_size);
217 
234  const atcacert_def_t* cert_def,
235  uint8_t* cert,
236  size_t* cert_size,
237  const uint8_t ca_public_key[64]);
238 
252  const atcacert_device_loc_t* device_loc,
253  const uint8_t* device_data);
254 
268 
286 int atcacert_get_device_data( const atcacert_def_t* cert_def,
287  const uint8_t* cert,
288  size_t cert_size,
289  const atcacert_device_loc_t* device_loc,
290  uint8_t* device_data);
291 
302 int atcacert_set_subj_public_key( const atcacert_def_t* cert_def,
303  uint8_t* cert,
304  size_t cert_size,
305  const uint8_t subj_public_key[64]);
306 
318 int atcacert_get_subj_public_key( const atcacert_def_t * cert_def,
319  const uint8_t * cert,
320  size_t cert_size,
321  uint8_t subj_public_key[64]);
322 
333 int atcacert_get_subj_key_id( const atcacert_def_t * cert_def,
334  const uint8_t * cert,
335  size_t cert_size,
336  uint8_t subj_key_id[20]);
337 
350 int atcacert_set_signature( const atcacert_def_t* cert_def,
351  uint8_t* cert,
352  size_t* cert_size,
353  size_t max_cert_size,
354  const uint8_t signature[64]);
355 
367 int atcacert_get_signature( const atcacert_def_t * cert_def,
368  const uint8_t * cert,
369  size_t cert_size,
370  uint8_t signature[64]);
371 
383 int atcacert_set_issue_date( const atcacert_def_t* cert_def,
384  uint8_t* cert,
385  size_t cert_size,
386  const atcacert_tm_utc_t* timestamp);
387 
399 int atcacert_get_issue_date( const atcacert_def_t* cert_def,
400  const uint8_t* cert,
401  size_t cert_size,
402  atcacert_tm_utc_t* timestamp);
403 
415 int atcacert_set_expire_date( const atcacert_def_t* cert_def,
416  uint8_t* cert,
417  size_t cert_size,
418  const atcacert_tm_utc_t* timestamp);
419 
431 int atcacert_get_expire_date( const atcacert_def_t* cert_def,
432  const uint8_t* cert,
433  size_t cert_size,
434  atcacert_tm_utc_t* timestamp);
435 
446 int atcacert_set_signer_id( const atcacert_def_t* cert_def,
447  uint8_t* cert,
448  size_t cert_size,
449  const uint8_t signer_id[2]);
450 
461 int atcacert_get_signer_id( const atcacert_def_t * cert_def,
462  const uint8_t * cert,
463  size_t cert_size,
464  uint8_t signer_id[2]);
465 
477 int atcacert_set_cert_sn( const atcacert_def_t* cert_def,
478  uint8_t* cert,
479  size_t cert_size,
480  const uint8_t* cert_sn,
481  size_t cert_sn_size);
482 
500 int atcacert_gen_cert_sn( const atcacert_def_t* cert_def,
501  uint8_t* cert,
502  size_t cert_size,
503  const uint8_t device_sn[9]);
504 
517 int atcacert_get_cert_sn( const atcacert_def_t* cert_def,
518  const uint8_t* cert,
519  size_t cert_size,
520  uint8_t* cert_sn,
521  size_t* cert_sn_size);
522 
535 int atcacert_set_auth_key_id( const atcacert_def_t* cert_def,
536  uint8_t* cert,
537  size_t cert_size,
538  const uint8_t auth_public_key[64]);
539 
550 int atcacert_get_auth_key_id( const atcacert_def_t * cert_def,
551  const uint8_t * cert,
552  size_t cert_size,
553  uint8_t auth_key_id[20]);
554 
570 int atcacert_set_comp_cert( const atcacert_def_t* cert_def,
571  uint8_t* cert,
572  size_t* cert_size,
573  size_t max_cert_size,
574  const uint8_t comp_cert[72]);
575 
586 int atcacert_get_comp_cert( const atcacert_def_t * cert_def,
587  const uint8_t * cert,
588  size_t cert_size,
589  uint8_t comp_cert[72]);
590 
602 int atcacert_get_tbs( const atcacert_def_t* cert_def,
603  const uint8_t* cert,
604  size_t cert_size,
605  const uint8_t** tbs,
606  size_t* tbs_size);
607 
618 int atcacert_get_tbs_digest( const atcacert_def_t * cert_def,
619  const uint8_t * cert,
620  size_t cert_size,
621  uint8_t tbs_digest[32]);
622 
636  uint8_t* cert,
637  size_t cert_size,
638  const uint8_t* data,
639  size_t data_size);
640 
654  const uint8_t* cert,
655  size_t cert_size,
656  uint8_t* data,
657  size_t data_size);
658 
659 
660 // Below are utility functions for dealing with various bits for data conversion and wrangling
661 
676 int atcacert_get_key_id( const uint8_t public_key[64], uint8_t key_id[20] );
677 
701  size_t* device_locs_count,
702  size_t device_locs_max_count,
703  const atcacert_device_loc_t* device_loc,
704  size_t block_size);
705 
707  const atcacert_device_loc_t* device_loc2);
708 
720 void atcacert_public_key_add_padding( const uint8_t raw_key[64], uint8_t padded_key[72] );
721 
732 void atcacert_public_key_remove_padding( const uint8_t padded_key[72], uint8_t raw_key[64] );
733 
735 #ifdef __cplusplus
736 }
737 #endif
738 
739 #endif
int atcacert_get_expire_date(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
Gets the expire date from a certificate. Will be parsed according to the date format specified in the...
Definition: atcacert_def.c:698
struct atcacert_def_s atcacert_def_t
One Time Programmable zone.
Definition: atcacert_def.h:97
enum atcacert_device_zone_e atcacert_device_zone_t
Definition: atcacert_def.h:106
Definition: atcacert_date.h:58
int atcacert_set_cert_element(const atcacert_cert_loc_t *cert_loc, uint8_t *cert, size_t cert_size, const uint8_t *data, size_t data_size)
Sets an element in a certificate. The data_size must match the size in cert_loc.
Definition: atcacert_def.c:1107
enum atcacert_cert_sn_src_e atcacert_cert_sn_src_t
uint8_t device_sn[9]
Storage for the device SN, when it's found.
Definition: atcacert_def.h:183
atcacert_device_loc_t public_key_dev_loc
Where on the device the public key can be found.
Definition: atcacert_def.h:165
int atcacert_set_expire_date(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
Sets the expire date (notAfter) in a certificate. Will be formatted according to the date format spec...
Definition: atcacert_def.c:672
atcacert_cert_loc_t cert_loc
Location in the certificate template for the element.
Definition: atcacert_def.h:145
Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates)...
Definition: atcacert_def.h:86
size_t max_cert_size
Max size of the cert buffer in bytes.
Definition: atcacert_def.h:181
int atcacert_set_signer_id(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t signer_id[2])
Sets the signer ID in a certificate. Will be formatted as 4 upper-case hex digits.
Definition: atcacert_def.c:743
int atcacert_get_cert_element(const atcacert_cert_loc_t *cert_loc, const uint8_t *cert, size_t cert_size, uint8_t *data, size_t data_size)
Gets an element from a certificate.
Definition: atcacert_def.c:1133
int atcacert_cert_build_finish(atcacert_build_state_t *build_state)
Completes any final certificate processing required after all data from the device has been incorpora...
Definition: atcacert_def.c:368
Definition: atcacert_def.h:111
Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates)...
Definition: atcacert_def.h:88
int atcacert_get_device_locs(const atcacert_def_t *cert_def, atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, size_t block_size)
Add all the device locations required to rebuild the specified certificate (cert_def) to a device loc...
Definition: atcacert_def.c:111
uint8_t cert_elements_count
Number of additional certificate elements in cert_elements.
Definition: atcacert_def.h:169
Cert serial is stored on the device.
Definition: atcacert_def.h:81
Definition: atcacert_def.h:110
Definition: atcacert_def.h:134
atcacert_cert_type_t type
Certificate type.
Definition: atcacert_def.h:155
const atcacert_def_t * cert_def
Certificate definition for the certificate being rebuilt.
Definition: atcacert_def.h:178
Data zone (slots).
Definition: atcacert_def.h:98
uint8_t is_device_sn
Indicates the structure contains the device SN.
Definition: atcacert_def.h:182
int atcacert_set_issue_date(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
Sets the issue date (notBefore) in a certificate. Will be formatted according to the date format spec...
Definition: atcacert_def.c:616
Special value used to indicate there is no device location.
Definition: atcacert_def.h:99
enum atcacert_cert_type_e atcacert_cert_type_t
struct atcacert_device_loc_s atcacert_device_loc_t
uint16_t offset
Byte offset in the zone.
Definition: atcacert_def.h:127
atcacert_cert_loc_t std_cert_elements[STDCERT_NUM_ELEMENTS]
Where in the certificate template the standard cert elements are inserted.
Definition: atcacert_def.h:167
uint8_t expire_years
Number of years the certificate is valid for (5-bit value). 0 means no expiration.
Definition: atcacert_def.h:164
Declarations for date handling with regard to certificates.
uint8_t private_key_slot
If this is a device certificate template, this is the device slot for the device private key...
Definition: atcacert_def.h:158
int atcacert_get_auth_key_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t auth_key_id[20])
Gets the authority key ID from a certificate.
Definition: atcacert_def.c:962
int atcacert_get_signer_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signer_id[2])
Gets the signer ID from a certificate. Will be parsed as 4 upper-case hex digits. ...
Definition: atcacert_def.c:784
struct atcacert_cert_element_s atcacert_cert_element_t
int atcacert_set_signature(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t signature[64])
Sets the signature in a certificate. This may alter the size of the X.509 certificates.
Definition: atcacert_def.c:527
int atcacert_merge_device_loc(atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, const atcacert_device_loc_t *device_loc, size_t block_size)
Merge a new device location into a list of device locations. If the new location overlaps with an exi...
Definition: atcacert_def.c:52
void atcacert_public_key_add_padding(const uint8_t raw_key[64], uint8_t padded_key[72])
Takes a raw P256 ECC public key and converts it to the padded version used by ATECC devices...
Definition: atcacert_def.c:1169
int atcacert_get_device_data(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const atcacert_device_loc_t *device_loc, uint8_t *device_data)
Gets the dynamic data that would be saved to the specified device location. This function is primaril...
Definition: atcacert_def.c:411
Configuration zone.
Definition: atcacert_def.h:96
Standard X509 certificate.
Definition: atcacert_def.h:73
int atcacert_gen_cert_sn(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t device_sn[9])
Sets the certificate serial number by generating it from other information in the certificate using t...
Definition: atcacert_def.c:822
int atcacert_get_cert_sn(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t *cert_sn, size_t *cert_sn_size)
Gets the certificate serial number from a certificate.
Definition: atcacert_def.c:921
atcacert_cert_sn_src_t sn_source
Where the certificate serial number comes from (4-bit value).
Definition: atcacert_def.h:159
int atcacert_cert_build_process(atcacert_build_state_t *build_state, const atcacert_device_loc_t *device_loc, const uint8_t *device_data)
Process information read from the ATECC device. If it contains information for the certificate...
Definition: atcacert_def.c:270
Definition: atcacert_def.h:113
Definition: atcacert_def.h:123
int atcacert_get_tbs(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t **tbs, size_t *tbs_size)
Get a pointer to the TBS data in a certificate.
Definition: atcacert_def.c:1066
atcacert_cert_type_e
Definition: atcacert_def.h:72
Cert serial number is the SHA256(Device SN + Encoded dates), with uppermost 2 bits set to 01...
Definition: atcacert_def.h:85
atcacert_device_loc_t comp_cert_dev_loc
Where on the device the compressed cert can be found.
Definition: atcacert_def.h:166
Definition: atcacert_def.h:112
int atcacert_get_key_id(const uint8_t public_key[64], uint8_t key_id[20])
Calculates the key ID for a given public ECC P256 key.
Definition: atcacert_def.c:1156
atcacert_date_format_t issue_date_format
Format of the issue date in the certificate.
Definition: atcacert_def.h:161
int atcacert_get_issue_date(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
Gets the issue date from a certificate. Will be parsed according to the date format specified in the ...
Definition: atcacert_def.c:642
uint16_t count
Byte count.
Definition: atcacert_def.h:128
int atcacert_set_cert_sn(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t *cert_sn, size_t cert_sn_size)
Sets the certificate serial number in a certificate.
Definition: atcacert_def.c:810
Custom format.
Definition: atcacert_def.h:74
Definition: atcacert_def.h:142
Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates), with MSBit set to 0 to ensure it's positive. Only applies to device certificates.
Definition: atcacert_def.h:87
int atcacert_get_subj_key_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_key_id[20])
Gets the subject key ID from a certificate.
Definition: atcacert_def.c:516
atcacert_device_loc_t device_loc
Location in the device for the element.
Definition: atcacert_def.h:144
int atcacert_set_auth_key_id(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t auth_public_key[64])
Sets the authority key ID in a certificate. Note that this takes the actual public key creates a key ...
Definition: atcacert_def.c:940
int atcacert_get_signature(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signature[64])
Gets the signature from a certificate.
Definition: atcacert_def.c:592
const uint8_t * cert_template
Pointer to the actual certificate template data.
Definition: atcacert_def.h:170
Special item to give the number of elements in this enum.
Definition: atcacert_def.h:114
Definition: atcacert_def.h:108
size_t * cert_size
Current size of the certificate in bytes.
Definition: atcacert_def.h:180
atcacert_date_format_t expire_date_format
format of the expire date in the certificate.
Definition: atcacert_def.h:162
atcacert_cert_sn_src_e
Definition: atcacert_def.h:80
int atcacert_set_comp_cert(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t comp_cert[72])
Sets the signature, issue date, expire date, and signer ID found in the compressed certificate...
Definition: atcacert_def.c:973
uint8_t slot
Slot within the data zone. Only applies if zone is DEVZONE_DATA.
Definition: atcacert_def.h:125
int atcacert_is_device_loc_overlap(const atcacert_device_loc_t *device_loc1, const atcacert_device_loc_t *device_loc2)
Definition: atcacert_def.c:386
Cert serial number is 0x40(MSB) + 9-byte device serial number. Only applies to device certificates...
Definition: atcacert_def.h:82
enum atcacert_date_format_e atcacert_date_format_t
atcacert_device_loc_t cert_sn_dev_loc
Only applies when sn_source is SNSRC_STORED. Describes where to get the certificate serial number on ...
Definition: atcacert_def.h:160
uint8_t * cert
Buffer to contain the rebuilt certificate.
Definition: atcacert_def.h:179
int atcacert_get_subj_public_key(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_public_key[64])
Gets the subject public key from a certificate.
Definition: atcacert_def.c:505
Definition: atcacert_def.h:177
Cert serial number is 0x40(MSB) + 2-byte signer ID. Only applies to signer certificates.
Definition: atcacert_def.h:83
void atcacert_public_key_remove_padding(const uint8_t padded_key[72], uint8_t raw_key[64])
Takes a padded public key used by ATECC devices and converts it to a raw P256 ECC public key...
Definition: atcacert_def.c:1177
Definition: atcacert_def.h:109
struct atcacert_build_state_s atcacert_build_state_t
int atcacert_get_comp_cert(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t comp_cert[72])
Generate the compressed certificate for the given certificate.
Definition: atcacert_def.c:1033
enum atcacert_std_cert_element_e atcacert_std_cert_element_t
uint16_t offset
Byte offset in the certificate template.
Definition: atcacert_def.h:135
Declarations common to all atcacert code.
uint8_t is_genkey
If true, use GenKey command to get the contents instead of Read.
Definition: atcacert_def.h:126
atcacert_cert_loc_t tbs_cert_loc
Location in the certificate for the TBS (to be signed) portion.
Definition: atcacert_def.h:163
Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates.
Definition: atcacert_def.h:89
int atcacert_set_subj_public_key(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t subj_public_key[64])
Sets the subject public key and subject key ID in a certificate.
Definition: atcacert_def.c:479
struct atcacert_cert_loc_s atcacert_cert_loc_t
uint16_t count
Byte count. Set to 0 if it doesn't exist.
Definition: atcacert_def.h:136
atcacert_std_cert_element_e
Definition: atcacert_def.h:105
atcacert_device_zone_t zone
Zone in the device.
Definition: atcacert_def.h:124
const atcacert_cert_element_t * cert_elements
Additional certificate elements outside of the standard certificate contents.
Definition: atcacert_def.h:168
int atcacert_cert_build_start(atcacert_build_state_t *build_state, const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, const uint8_t ca_public_key[64])
Starts the certificate rebuilding process.
Definition: atcacert_def.c:215
Cert serial number is the SHA256(Subject public key + Encoded dates), with uppermost 2 bits set to 01...
Definition: atcacert_def.h:84
int atcacert_get_tbs_digest(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t tbs_digest[32])
Get the SHA256 digest of certificate's TBS data.
Definition: atcacert_def.c:1084
Definition: atcacert_def.h:107
uint8_t template_id
ID for the this certificate definition (4-bit value).
Definition: atcacert_def.h:156
Definition: atcacert_def.h:154
uint8_t chain_id
ID for the certificate chain this definition is a part of (4-bit value).
Definition: atcacert_def.h:157
uint16_t cert_template_size
Size of the certificate template in cert_template in bytes.
Definition: atcacert_def.h:171
atcacert_device_zone_e
Definition: atcacert_def.h:95