CryptoAuthLib
Atmel CryptoAuthentication Library
atcacert_def.h
Go to the documentation of this file.
1 
53 #ifndef ATCACERT_DEF_H
54 #define ATCACERT_DEF_H
55 
56 #include <stddef.h>
57 #include <stdint.h>
58 #include "atcacert.h"
59 #include "atcacert_date.h"
60 
72 typedef enum atcacert_cert_type_e {
76 
80 typedef enum atcacert_cert_sn_src_e {
81  SNSRC_STORED = 0x0,
91 
95 typedef enum atcacert_device_zone_e {
96  DEVZONE_CONFIG = 0x00,
97  DEVZONE_OTP = 0x01,
98  DEVZONE_DATA = 0x02,
99  DEVZONE_NONE = 0x07
101 
116 
117 // Some of these structures may need to be byte-accurate
118 #pragma pack(push, 1)
119 
123 typedef struct atcacert_device_loc_s {
125  uint8_t slot;
126  uint8_t is_genkey;
127  uint16_t offset;
128  uint16_t count;
130 
134 typedef struct atcacert_cert_loc_s {
135  uint16_t offset;
136  uint16_t count;
138 
142 typedef struct atcacert_cert_element_s {
143  char id[16];
147 
154 typedef struct atcacert_def_s {
156  uint8_t template_id;
157  uint8_t chain_id;
164  uint8_t expire_years;
170  const uint8_t* cert_template;
173 
177 typedef struct atcacert_build_state_s {
179  uint8_t* cert;
180  size_t* cert_size;
181  size_t max_cert_size;
182  uint8_t is_device_sn;
183  uint8_t device_sn[9];
185 
186 #pragma pack(pop)
187 
188 // Inform function naming when compiling in C++
189 #ifdef __cplusplus
190 extern "C" {
191 #endif
192 
212 int atcacert_get_device_locs( const atcacert_def_t* cert_def,
213  atcacert_device_loc_t* device_locs,
214  size_t* device_locs_count,
215  size_t device_locs_max_count,
216  size_t block_size);
217 
234  const atcacert_def_t* cert_def,
235  uint8_t* cert,
236  size_t* cert_size,
237  const uint8_t ca_public_key[64]);
238 
252  const atcacert_device_loc_t* device_loc,
253  const uint8_t* device_data);
254 
268 
286 int atcacert_get_device_data( const atcacert_def_t* cert_def,
287  const uint8_t* cert,
288  size_t cert_size,
289  const atcacert_device_loc_t* device_loc,
290  uint8_t* device_data);
291 
303 int atcacert_set_subj_public_key( const atcacert_def_t* cert_def,
304  uint8_t* cert,
305  size_t cert_size,
306  const uint8_t subj_public_key[64]);
307 
319 int atcacert_get_subj_public_key( const atcacert_def_t * cert_def,
320  const uint8_t * cert,
321  size_t cert_size,
322  uint8_t subj_public_key[64]);
323 
334 int atcacert_get_subj_key_id( const atcacert_def_t * cert_def,
335  const uint8_t * cert,
336  size_t cert_size,
337  uint8_t subj_key_id[20]);
338 
351 int atcacert_set_signature( const atcacert_def_t* cert_def,
352  uint8_t* cert,
353  size_t* cert_size,
354  size_t max_cert_size,
355  const uint8_t signature[64]);
356 
368 int atcacert_get_signature( const atcacert_def_t * cert_def,
369  const uint8_t * cert,
370  size_t cert_size,
371  uint8_t signature[64]);
372 
384 int atcacert_set_issue_date( const atcacert_def_t* cert_def,
385  uint8_t* cert,
386  size_t cert_size,
387  const atcacert_tm_utc_t* timestamp);
388 
400 int atcacert_get_issue_date( const atcacert_def_t* cert_def,
401  const uint8_t* cert,
402  size_t cert_size,
403  atcacert_tm_utc_t* timestamp);
404 
416 int atcacert_set_expire_date( const atcacert_def_t* cert_def,
417  uint8_t* cert,
418  size_t cert_size,
419  const atcacert_tm_utc_t* timestamp);
420 
432 int atcacert_get_expire_date( const atcacert_def_t* cert_def,
433  const uint8_t* cert,
434  size_t cert_size,
435  atcacert_tm_utc_t* timestamp);
436 
447 int atcacert_set_signer_id( const atcacert_def_t* cert_def,
448  uint8_t* cert,
449  size_t cert_size,
450  const uint8_t signer_id[2]);
451 
462 int atcacert_get_signer_id( const atcacert_def_t * cert_def,
463  const uint8_t * cert,
464  size_t cert_size,
465  uint8_t signer_id[2]);
466 
478 int atcacert_set_cert_sn( const atcacert_def_t* cert_def,
479  uint8_t* cert,
480  size_t cert_size,
481  const uint8_t* cert_sn,
482  size_t cert_sn_size);
483 
501 int atcacert_gen_cert_sn( const atcacert_def_t* cert_def,
502  uint8_t* cert,
503  size_t cert_size,
504  const uint8_t device_sn[9]);
505 
518 int atcacert_get_cert_sn( const atcacert_def_t* cert_def,
519  const uint8_t* cert,
520  size_t cert_size,
521  uint8_t* cert_sn,
522  size_t* cert_sn_size);
523 
536 int atcacert_set_auth_key_id( const atcacert_def_t* cert_def,
537  uint8_t* cert,
538  size_t cert_size,
539  const uint8_t auth_public_key[64]);
540 
551 int atcacert_get_auth_key_id( const atcacert_def_t * cert_def,
552  const uint8_t * cert,
553  size_t cert_size,
554  uint8_t auth_key_id[20]);
555 
571 int atcacert_set_comp_cert( const atcacert_def_t* cert_def,
572  uint8_t* cert,
573  size_t* cert_size,
574  size_t max_cert_size,
575  const uint8_t comp_cert[72]);
576 
587 int atcacert_get_comp_cert( const atcacert_def_t * cert_def,
588  const uint8_t * cert,
589  size_t cert_size,
590  uint8_t comp_cert[72]);
591 
603 int atcacert_get_tbs( const atcacert_def_t* cert_def,
604  const uint8_t* cert,
605  size_t cert_size,
606  const uint8_t** tbs,
607  size_t* tbs_size);
608 
619 int atcacert_get_tbs_digest( const atcacert_def_t * cert_def,
620  const uint8_t * cert,
621  size_t cert_size,
622  uint8_t tbs_digest[32]);
623 
636  uint8_t* cert,
637  size_t cert_size,
638  const uint8_t* data,
639  size_t data_size);
640 
653  const uint8_t* cert,
654  size_t cert_size,
655  uint8_t* data,
656  size_t data_size);
657 
658 
659 // Below are utility functions for dealing with various bits for data conversion and wrangling
660 
675 int atcacert_get_key_id( const uint8_t public_key[64], uint8_t key_id[20] );
676 
700  size_t* device_locs_count,
701  size_t device_locs_max_count,
702  const atcacert_device_loc_t* device_loc,
703  size_t block_size);
704 
706  const atcacert_device_loc_t* device_loc2);
707 
719 void atcacert_public_key_add_padding( const uint8_t raw_key[64], uint8_t padded_key[72] );
720 
731 void atcacert_public_key_remove_padding( const uint8_t padded_key[72], uint8_t raw_key[64] );
732 
734 #ifdef __cplusplus
735 }
736 #endif
737 
738 #endif
Configuration zone.
Definition: atcacert_def.h:96
int atcacert_gen_cert_sn(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t device_sn[9])
Sets the certificate serial number by generating it from other information in the certificate using t...
Definition: atcacert_def.c:822
atcacert_cert_loc_t std_cert_elements[STDCERT_NUM_ELEMENTS]
Where in the certificate template the standard cert elements are inserted.
Definition: atcacert_def.h:167
uint8_t chain_id
ID for the certificate chain this definition is a part of (4-bit value).
Definition: atcacert_def.h:157
void atcacert_public_key_remove_padding(const uint8_t padded_key[72], uint8_t raw_key[64])
Takes a padded public key used by ATECC devices and converts it to a raw P256 ECC public key...
Definition: atcacert_def.c:1177
Declarations common to all atcacert code.
uint8_t private_key_slot
If this is a device certificate template, this is the device slot for the device private key...
Definition: atcacert_def.h:158
Definition: atcacert_def.h:123
Cert serial number is the SHA256(Subject public key + Encoded dates), with uppermost 2 bits set to 01...
Definition: atcacert_def.h:84
int atcacert_get_tbs_digest(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t tbs_digest[32])
Get the SHA256 digest of certificate's TBS data.
Definition: atcacert_def.c:1084
atcacert_cert_loc_t tbs_cert_loc
Location in the certificate for the TBS (to be signed) portion.
Definition: atcacert_def.h:163
int atcacert_get_device_locs(const atcacert_def_t *cert_def, atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, size_t block_size)
Add all the device locations required to rebuild the specified certificate (cert_def) to a device loc...
Definition: atcacert_def.c:111
uint8_t is_device_sn
Indicates the structure contains the device SN.
Definition: atcacert_def.h:182
int atcacert_get_cert_sn(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t *cert_sn, size_t *cert_sn_size)
Gets the certificate serial number from a certificate.
Definition: atcacert_def.c:921
int atcacert_set_expire_date(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
Sets the expire date (notAfter) in a certificate. Will be formatted according to the date format spec...
Definition: atcacert_def.c:672
atcacert_device_zone_t zone
Zone in the device.
Definition: atcacert_def.h:124
int atcacert_get_comp_cert(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t comp_cert[72])
Generate the compressed certificate for the given certificate.
Definition: atcacert_def.c:1033
Definition: atcacert_def.h:112
int atcacert_set_issue_date(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const atcacert_tm_utc_t *timestamp)
Sets the issue date (notBefore) in a certificate. Will be formatted according to the date format spec...
Definition: atcacert_def.c:616
Definition: atcacert_def.h:142
uint8_t template_id
ID for the this certificate definition (4-bit value).
Definition: atcacert_def.h:156
enum atcacert_cert_sn_src_e atcacert_cert_sn_src_t
uint16_t offset
Byte offset in the zone.
Definition: atcacert_def.h:127
uint8_t expire_years
Number of years the certificate is valid for (5-bit value). 0 means no expiration.
Definition: atcacert_def.h:164
uint16_t cert_template_size
Size of the certificate template in cert_template in bytes.
Definition: atcacert_def.h:171
int atcacert_set_auth_key_id(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t auth_public_key[64])
Sets the authority key ID in a certificate. Note that this takes the actual public key creates a key ...
Definition: atcacert_def.c:940
Cert serial is stored on the device.
Definition: atcacert_def.h:81
atcacert_cert_type_t type
Certificate type.
Definition: atcacert_def.h:155
struct atcacert_def_s atcacert_def_t
One Time Programmable zone.
Definition: atcacert_def.h:97
Definition: atcacert_def.h:107
Definition: atcacert_def.h:110
Cert serial number is the SHA256(Device SN + Encoded dates), with uppermost 2 bits set to 01...
Definition: atcacert_def.h:85
int atcacert_get_signature(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signature[64])
Gets the signature from a certificate.
Definition: atcacert_def.c:592
uint8_t device_sn[9]
Storage for the device SN, when it's found.
Definition: atcacert_def.h:183
Data zone (slots).
Definition: atcacert_def.h:98
int atcacert_get_issue_date(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
Gets the issue date from a certificate. Will be parsed according to the date format specified in the ...
Definition: atcacert_def.c:642
struct atcacert_device_loc_s atcacert_device_loc_t
int atcacert_set_comp_cert(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t comp_cert[72])
Sets the signature, issue date, expire date, and signer ID found in the compressed certificate...
Definition: atcacert_def.c:973
int atcacert_get_cert_element(const atcacert_cert_loc_t *cert_loc, const uint8_t *cert, size_t cert_size, uint8_t *data, size_t data_size)
Gets an element from a certificate.
Definition: atcacert_def.c:1133
atcacert_device_loc_t device_loc
Location in the device for the element.
Definition: atcacert_def.h:144
Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates)...
Definition: atcacert_def.h:86
atcacert_date_format_t expire_date_format
format of the expire date in the certificate.
Definition: atcacert_def.h:162
atcacert_cert_sn_src_t sn_source
Where the certificate serial number comes from (4-bit value).
Definition: atcacert_def.h:159
uint16_t offset
Byte offset in the certificate template.
Definition: atcacert_def.h:135
Standard X509 certificate.
Definition: atcacert_def.h:73
int atcacert_get_auth_key_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t auth_key_id[20])
Gets the authority key ID from a certificate.
Definition: atcacert_def.c:962
atcacert_date_format_t issue_date_format
Format of the issue date in the certificate.
Definition: atcacert_def.h:161
struct atcacert_cert_element_s atcacert_cert_element_t
int atcacert_merge_device_loc(atcacert_device_loc_t *device_locs, size_t *device_locs_count, size_t device_locs_max_count, const atcacert_device_loc_t *device_loc, size_t block_size)
Merge a new device location into a list of device locations. If the new location overlaps with an exi...
Definition: atcacert_def.c:52
void atcacert_public_key_add_padding(const uint8_t raw_key[64], uint8_t padded_key[72])
Takes a raw P256 ECC public key and converts it to the padded version used by ATECC devices...
Definition: atcacert_def.c:1169
int atcacert_set_cert_sn(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t *cert_sn, size_t cert_sn_size)
Sets the certificate serial number in a certificate.
Definition: atcacert_def.c:810
int atcacert_get_key_id(const uint8_t public_key[64], uint8_t key_id[20])
Calculates the key ID for a given public ECC P256 key.
Definition: atcacert_def.c:1156
Definition: atcacert_def.h:177
uint16_t count
Byte count.
Definition: atcacert_def.h:128
const uint8_t * cert_template
Pointer to the actual certificate template data.
Definition: atcacert_def.h:170
Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates.
Definition: atcacert_def.h:89
const atcacert_def_t * cert_def
Certificate definition for the certificate being rebuilt.
Definition: atcacert_def.h:178
int atcacert_get_tbs(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const uint8_t **tbs, size_t *tbs_size)
Get a pointer to the TBS data in a certificate.
Definition: atcacert_def.c:1066
size_t max_cert_size
Max size of the cert buffer in bytes.
Definition: atcacert_def.h:181
Cert serial number is 0x40(MSB) + 9-byte device serial number. Only applies to device certificates...
Definition: atcacert_def.h:82
enum atcacert_cert_type_e atcacert_cert_type_t
uint8_t slot
Slot within the data zone. Only applies if zone is DEVZONE_DATA.
Definition: atcacert_def.h:125
int atcacert_get_subj_key_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_key_id[20])
Gets the subject key ID from a certificate.
Definition: atcacert_def.c:516
Definition: atcacert_def.h:154
int atcacert_cert_build_process(atcacert_build_state_t *build_state, const atcacert_device_loc_t *device_loc, const uint8_t *device_data)
Process information read from the ATECC device. If it contains information for the certificate...
Definition: atcacert_def.c:270
uint8_t * cert
Buffer to contain the rebuilt certificate.
Definition: atcacert_def.h:179
int atcacert_get_signer_id(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t signer_id[2])
Gets the signer ID from a certificate. Will be parsed as 4 upper-case hex digits. ...
Definition: atcacert_def.c:784
enum atcacert_device_zone_e atcacert_device_zone_t
atcacert_device_loc_t comp_cert_dev_loc
Where on the device the compressed cert can be found.
Definition: atcacert_def.h:166
uint16_t count
Byte count. Set to 0 if it doesn't exist.
Definition: atcacert_def.h:136
Definition: atcacert_date.h:58
Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates), with MSBit set to 0 to ensure it's positive. Only applies to device certificates.
Definition: atcacert_def.h:87
Cert serial number is 0x40(MSB) + 2-byte signer ID. Only applies to signer certificates.
Definition: atcacert_def.h:83
int atcacert_get_device_data(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, const atcacert_device_loc_t *device_loc, uint8_t *device_data)
Gets the dynamic data that would be saved to the specified device location. This function is primaril...
Definition: atcacert_def.c:411
Definition: atcacert_def.h:113
atcacert_cert_type_e
Definition: atcacert_def.h:72
int atcacert_get_subj_public_key(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, uint8_t subj_public_key[64])
Gets the subject public key from a certificate.
Definition: atcacert_def.c:505
int atcacert_is_device_loc_overlap(const atcacert_device_loc_t *device_loc1, const atcacert_device_loc_t *device_loc2)
Definition: atcacert_def.c:386
Definition: atcacert_def.h:106
struct atcacert_build_state_s atcacert_build_state_t
size_t * cert_size
Current size of the certificate in bytes.
Definition: atcacert_def.h:180
atcacert_std_cert_element_e
Definition: atcacert_def.h:105
int atcacert_set_signer_id(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t signer_id[2])
Sets the signer ID in a certificate. Will be formatted as 4 upper-case hex digits.
Definition: atcacert_def.c:743
int atcacert_cert_build_finish(atcacert_build_state_t *build_state)
Completes any final certificate processing required after all data from the device has been incorpora...
Definition: atcacert_def.c:368
Custom format.
Definition: atcacert_def.h:74
Definition: atcacert_def.h:111
int atcacert_set_cert_element(const atcacert_cert_loc_t *cert_loc, uint8_t *cert, size_t cert_size, const uint8_t *data, size_t data_size)
Sets an element in a certificate. The data_size must match the size in cert_loc.
Definition: atcacert_def.c:1107
enum atcacert_date_format_e atcacert_date_format_t
int atcacert_set_subj_public_key(const atcacert_def_t *cert_def, uint8_t *cert, size_t cert_size, const uint8_t subj_public_key[64])
Sets the subject public key and subject key ID in a certificate.
Definition: atcacert_def.c:479
atcacert_device_loc_t public_key_dev_loc
Where on the device the public key can be found.
Definition: atcacert_def.h:165
atcacert_device_zone_e
Definition: atcacert_def.h:95
int atcacert_get_expire_date(const atcacert_def_t *cert_def, const uint8_t *cert, size_t cert_size, atcacert_tm_utc_t *timestamp)
Gets the expire date from a certificate. Will be parsed according to the date format specified in the...
Definition: atcacert_def.c:698
Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates)...
Definition: atcacert_def.h:88
enum atcacert_std_cert_element_e atcacert_std_cert_element_t
const atcacert_cert_element_t * cert_elements
Additional certificate elements outside of the standard certificate contents.
Definition: atcacert_def.h:168
Special item to give the number of elements in this enum.
Definition: atcacert_def.h:114
Definition: atcacert_def.h:108
atcacert_cert_loc_t cert_loc
Location in the certificate template for the element.
Definition: atcacert_def.h:145
atcacert_cert_sn_src_e
Definition: atcacert_def.h:80
Definition: atcacert_def.h:109
Declarations for date handling with regard to certificates.
uint8_t is_genkey
If true, use GenKey command to get the contents instead of Read.
Definition: atcacert_def.h:126
atcacert_device_loc_t cert_sn_dev_loc
Only applies when sn_source is SNSRC_STORED. Describes where to get the certificate serial number on ...
Definition: atcacert_def.h:160
uint8_t cert_elements_count
Number of additional certificate elements in cert_elements.
Definition: atcacert_def.h:169
struct atcacert_cert_loc_s atcacert_cert_loc_t
Special value used to indicate there is no device location.
Definition: atcacert_def.h:99
int atcacert_set_signature(const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, size_t max_cert_size, const uint8_t signature[64])
Sets the signature in a certificate. This may alter the size of the X.509 certificates.
Definition: atcacert_def.c:527
int atcacert_cert_build_start(atcacert_build_state_t *build_state, const atcacert_def_t *cert_def, uint8_t *cert, size_t *cert_size, const uint8_t ca_public_key[64])
Starts the certificate rebuilding process.
Definition: atcacert_def.c:215
Definition: atcacert_def.h:134