diff --git a/CMakeLists.txt b/CMakeLists.txt index 4ac79f2da..49d9553c7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,10 +2,10 @@ cmake_minimum_required(VERSION 3.1.0) project (cryptoauthlib C) # Set the current release version -set(VERSION "3.7.4") +set(VERSION "3.7.5") set(VERSION_MAJOR 3) set(VERSION_MINOR 7) -set(VERSION_PATCH 4) +set(VERSION_PATCH 5) # Build Options option(BUILD_TESTS "Create Test Application with library" OFF) diff --git a/app/tng/tng_atca.c b/app/tng/tng_atca.c index c4f1d1784..ee7a4a7ae 100644 --- a/app/tng/tng_atca.c +++ b/app/tng/tng_atca.c @@ -77,10 +77,11 @@ const atcacert_def_t* tng_map_get_device_cert_def(int index) } } -ATCA_STATUS tng_get_device_cert_def(const atcacert_def_t **cert_def) +ATCA_STATUS tng_get_device_cert_def_ext(ATCADevice device, const atcacert_def_t **cert_def) { ATCA_STATUS status; - char otpcode[32]; + char otpcode[(ATCA_OTP_SIZE / 2u)]; + uint8_t otp_rd_byte_max_sz = (ATCA_OTP_SIZE / 2u); uint8_t i; if (cert_def == NULL) @@ -88,12 +89,12 @@ ATCA_STATUS tng_get_device_cert_def(const atcacert_def_t **cert_def) return ATCA_BAD_PARAM; } - status = atcab_read_zone(ATCA_ZONE_OTP, 0, 0, 0, (uint8_t*)otpcode, 32); + status = atcab_read_zone_ext(device, ATCA_ZONE_OTP, 0, 0, 0, (uint8_t*)otpcode, otp_rd_byte_max_sz); if (ATCA_SUCCESS == status) { for (i = 0; i < g_tng_cert_def_cnt; i++) { - if (0 == strncmp(g_tng_cert_def_map[i].otpcode, otpcode, 8)) + if (0 == strncmp(g_tng_cert_def_map[i].otpcode, otpcode, ATCA_OTP_CODE_SIZE)) { *cert_def = g_tng_cert_def_map[i].cert_def; break; @@ -109,6 +110,11 @@ ATCA_STATUS tng_get_device_cert_def(const atcacert_def_t **cert_def) return status; } +ATCA_STATUS tng_get_device_cert_def(const atcacert_def_t **cert_def) +{ + return tng_get_device_cert_def_ext(atcab_get_device(), cert_def); +} + ATCA_STATUS tng_get_device_pubkey(uint8_t *public_key) { ATCA_STATUS status; diff --git a/app/tng/tng_atca.h b/app/tng/tng_atca.h index 3dc0ebc02..e49138869 100644 --- a/app/tng/tng_atca.h +++ b/app/tng/tng_atca.h @@ -35,6 +35,8 @@ extern "C" { #endif +#define ATCA_OTP_CODE_SIZE (8u) + /** \defgroup tng_ TNG API (tng_) * * \brief These methods provide some convenience functions (mostly around @@ -60,6 +62,17 @@ const atcacert_def_t* tng_map_get_device_cert_def(int index); ATCA_STATUS tng_get_device_cert_def(const atcacert_def_t **cert_def); + +/** \brief Get the TNG device certificate definition. + * + * \param[in] device Pointer to the device context pointer + * \param[out] cert_def TNG device certificate defnition is returned here. + * + * \return ATCA_SUCCESS on success, otherwise an error code. + */ + +ATCA_STATUS tng_get_device_cert_def_ext(ATCADevice device, const atcacert_def_t **cert_def); + /** \brief Uses GenKey command to calculate the public key from the primary * device public key. * diff --git a/cmake/config_install.cmake b/cmake/config_install.cmake index d13931f4c..60b823513 100644 --- a/cmake/config_install.cmake +++ b/cmake/config_install.cmake @@ -25,3 +25,8 @@ install(CODE " endif() ") endif() + +if (UNIX) + configure_file(cmake/libcryptoauth.pc.in libcryptoauth.pc @ONLY) + install(FILES ${CMAKE_BINARY_DIR}/libcryptoauth.pc DESTINATION "${CMAKE_INSTALL_FULL_LIBDIR}/pkgconfig") +endif (UNIX) diff --git a/cmake/libcryptoauth.pc.in b/cmake/libcryptoauth.pc.in new file mode 100644 index 000000000..5e92c30e0 --- /dev/null +++ b/cmake/libcryptoauth.pc.in @@ -0,0 +1,10 @@ +libdir=@CMAKE_INSTALL_FULL_LIBDIR@ +includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@ + +Name: libcryptoauth +Version: @PROJECT_VERSION@ +Description: @PROJECT_DESCRIPTION@ +URL: https://github.com/MicrochipTech/cryptoauthlib.git +Requires: +Libs: -L${libdir} -lcryptoauth +Cflags: -I${includedir} -I${includedir}/cryptoauthlib diff --git a/cryptoauthlib-manual.pdf b/cryptoauthlib-manual.pdf index 678e5c77f..cfa1ed518 100644 Binary files a/cryptoauthlib-manual.pdf and b/cryptoauthlib-manual.pdf differ diff --git a/lib/atca_basic.c b/lib/atca_basic.c index 4d352886f..f6de5d92f 100644 --- a/lib/atca_basic.c +++ b/lib/atca_basic.c @@ -2458,12 +2458,14 @@ ATCA_STATUS atcab_random(uint8_t* rand_out) // Read command functions +#if ATCAB_READ_EN && defined(ATCA_USE_ATCAB_FUNCTIONS) /** \brief Executes Read command, which reads either 4 or 32 bytes of data from * a given slot, configuration zone, or the OTP zone. * * When reading a slot or OTP, data zone must be locked and the slot * configuration must not be secret for a slot to be successfully read. * + * \param[in] device Device context * \param[in] zone Zone to be read from device. Options are * ATCA_ZONE_CONFIG, ATCA_ZONE_OTP, or ATCA_ZONE_DATA. * \param[in] slot Slot number for data zone and ignored for other zones. @@ -2475,16 +2477,15 @@ ATCA_STATUS atcab_random(uint8_t* rand_out) * * returns ATCA_SUCCESS on success, otherwise an error code. */ -#if ATCAB_READ_EN && defined(ATCA_USE_ATCAB_FUNCTIONS) -ATCA_STATUS atcab_read_zone(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint8_t* data, uint8_t len) +ATCA_STATUS atcab_read_zone_ext(ATCADevice device, uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint8_t* data, uint8_t len) { ATCA_STATUS status = ATCA_UNIMPLEMENTED; - ATCADeviceType dev_type = atcab_get_device_type(); + ATCADeviceType dev_type = atcab_get_device_type_ext(device); if (atcab_is_ca_device(dev_type) || atcab_is_ca2_device(dev_type)) { #if ATCA_CA_SUPPORT - status = calib_read_zone_ext(g_atcab_device_ptr, zone, slot, block, offset, data, len); + status = calib_read_zone_ext(device, zone, slot, block, offset, data, len); #endif } else if (atcab_is_ta_device(dev_type)) @@ -2497,6 +2498,28 @@ ATCA_STATUS atcab_read_zone(uint8_t zone, uint16_t slot, uint8_t block, uint8_t } return status; } + +/** \brief Executes Read command, which reads either 4 or 32 bytes of data from + * a given slot, configuration zone, or the OTP zone. + * + * When reading a slot or OTP, data zone must be locked and the slot + * configuration must not be secret for a slot to be successfully read. + * + * \param[in] zone Zone to be read from device. Options are + * ATCA_ZONE_CONFIG, ATCA_ZONE_OTP, or ATCA_ZONE_DATA. + * \param[in] slot Slot number for data zone and ignored for other zones. + * \param[in] block 32 byte block index within the zone. + * \param[in] offset 4 byte work index within the block. Ignored for 32 byte + * reads. + * \param[out] data Read data is returned here. + * \param[in] len Length of the data to be read. Must be either 4 or 32. + * + * returns ATCA_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcab_read_zone(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint8_t* data, uint8_t len) +{ + return atcab_read_zone_ext(atcab_get_device(), zone, slot, block, offset, data, len); +} #endif /* ATCAB_READ_EN */ #ifdef ATCA_USE_ATCAB_FUNCTIONS diff --git a/lib/atca_basic.h b/lib/atca_basic.h index d1d28cafe..5dd09d3da 100644 --- a/lib/atca_basic.h +++ b/lib/atca_basic.h @@ -206,6 +206,7 @@ ATCA_STATUS atcab_random_ext(ATCADevice device, uint8_t* rand_out); // Read command functions ATCA_STATUS atcab_read_zone(uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint8_t* data, uint8_t len); +ATCA_STATUS atcab_read_zone_ext(ATCADevice device, uint8_t zone, uint16_t slot, uint8_t block, uint8_t offset, uint8_t* data, uint8_t len); ATCA_STATUS atcab_is_locked(uint8_t zone, bool* is_locked); ATCA_STATUS atcab_is_config_locked(bool* is_locked); ATCA_STATUS atcab_is_config_locked_ext(ATCADevice device, bool* is_locked); diff --git a/lib/atca_compiler.h b/lib/atca_compiler.h index bb545ef22..d1569b5cb 100644 --- a/lib/atca_compiler.h +++ b/lib/atca_compiler.h @@ -142,7 +142,10 @@ #elif defined(_MSC_VER) /* Microsoft Visual Studio. --------------------------------- */ +#if _MSC_VER >= 1914 +// This warning was added in MSCV 2017 Update 7 (15.7.1) #pragma warning(disable:5045) //Spectre mitigation informative +#endif #pragma warning(disable:4820) //Stucture packing #pragma warning(disable:4061) //Missing enumerations from switch statements diff --git a/lib/atca_config_check.h b/lib/atca_config_check.h index 443bdd644..5c8612632 100644 --- a/lib/atca_config_check.h +++ b/lib/atca_config_check.h @@ -61,6 +61,13 @@ #define ATCA_CA2_SUPPORT DEFAULT_DISABLED #endif +/* Support for cert feature in second generation of cryptoauth parts */ +#if defined(ATCA_ECC204_SUPPORT) || defined(ATCA_TA010_SUPPORT) +#define ATCA_CA2_CERT_SUPPORT DEFAULT_ENABLED +#else +#define ATCA_CA2_CERT_SUPPORT DEFAULT_DISABLED +#endif + /* Classic Cryptoauth Devices */ #if defined(ATCA_SHA_SUPPORT) || defined(ATCA_ECC_SUPPORT) || ATCA_CA2_SUPPORT #define ATCA_CA_SUPPORT DEFAULT_ENABLED diff --git a/lib/atca_device.c b/lib/atca_device.c index 10da27158..f4509165a 100644 --- a/lib/atca_device.c +++ b/lib/atca_device.c @@ -32,7 +32,7 @@ @{ */ -#ifndef ATCA_NO_HEAP +#ifdef ATCA_HEAP /** \brief constructor for a Microchip CryptoAuth device * \param[in] cfg Interface configuration object * \return Reference to a new ATCADevice on success. NULL on failure. diff --git a/lib/atca_iface.c b/lib/atca_iface.c index 7ab2563cc..0019112d1 100644 --- a/lib/atca_iface.c +++ b/lib/atca_iface.c @@ -61,7 +61,7 @@ ATCA_STATUS initATCAIface(ATCAIfaceCfg *cfg, ATCAIface ca_iface) return ATCA_SUCCESS; } -#if !defined(ATCA_NO_HEAP) && defined(ENABLE_NEWATCAIFACE) +#if defined(ATCA_HEAP) && defined(ENABLE_NEWATCAIFACE) #if ATCA_PREPROCESSOR_WARNING #warning "NewATCAIface function is deprecated" #endif @@ -566,7 +566,7 @@ ATCA_STATUS releaseATCAIface(ATCAIface ca_iface) } if (ATCA_CUSTOM_IFACE == ca_iface->mIfaceCFG->iface_type) { -#ifndef ATCA_NO_HEAP +#ifdef ATCA_HEAP hal_free(ca_iface->hal); #endif ca_iface->hal = NULL; @@ -575,7 +575,7 @@ ATCA_STATUS releaseATCAIface(ATCAIface ca_iface) return status; } -#ifndef ATCA_NO_HEAP +#ifdef ATCA_HEAP /** \brief Instruct the HAL driver to release any resources associated with * this interface, then delete the object. * \param[in] ca_iface Device interface. diff --git a/lib/atca_iface.h b/lib/atca_iface.h index 77635bdc7..736a25ba5 100644 --- a/lib/atca_iface.h +++ b/lib/atca_iface.h @@ -210,7 +210,7 @@ ATCA_STATUS initATCAIface(ATCAIfaceCfg *cfg, ATCAIface ca_iface); ATCA_STATUS releaseATCAIface(ATCAIface ca_iface); void deleteATCAIface(ATCAIface *ca_iface); -#if !defined(ATCA_NO_HEAP) && defined(ENABLE_NEWATCAIFACE) +#if defined(ATCA_HEAP) && defined(ENABLE_NEWATCAIFACE) ATCAIface newATCAIface(ATCAIfaceCfg *cfg); #endif diff --git a/lib/atca_version.h b/lib/atca_version.h index f6a2fb186..81acb791c 100644 --- a/lib/atca_version.h +++ b/lib/atca_version.h @@ -30,9 +30,9 @@ #define ATCA_VERSION_H // Version format yyyymmdd -#define ATCA_LIBRARY_VERSION_DATE "20240308" +#define ATCA_LIBRARY_VERSION_DATE "20240626" #define ATCA_LIBRARY_VERSION_MAJOR 3 #define ATCA_LIBRARY_VERSION_MINOR 7 -#define ATCA_LIBRARY_VERSION_BUILD 4 +#define ATCA_LIBRARY_VERSION_BUILD 5 #endif /* ATCA_VERSION_H */ diff --git a/lib/atcacert/atcacert_check_config.h b/lib/atcacert/atcacert_check_config.h index 185f2b2e6..e98899093 100644 --- a/lib/atcacert/atcacert_check_config.h +++ b/lib/atcacert/atcacert_check_config.h @@ -39,8 +39,8 @@ #endif #ifndef ATCACERT_COMPCERT_EN -#if ATCA_CA_SUPPORT -#define ATCACERT_COMPCERT_EN CALIB_ECC_SUPPORT +#if ATCA_CA_SUPPORT || ATCA_CA2_CERT_SUPPORT +#define ATCACERT_COMPCERT_EN (CALIB_ECC_SUPPORT || CALIB_CA2_CERT_SUPPORT) #else #define ATCACERT_COMPCERT_EN DEFAULT_DISABLED #endif diff --git a/lib/atcacert/atcacert_client.c b/lib/atcacert/atcacert_client.c index 7b2945195..1a765795a 100644 --- a/lib/atcacert/atcacert_client.c +++ b/lib/atcacert/atcacert_client.c @@ -38,6 +38,11 @@ #include "calib/calib_basic.h" #endif +#if ATCA_TA_SUPPORT +#include "talib/talib_basic.h" +#include "talib/talib_internal.h" +#endif + #if ATCACERT_COMPCERT_EN #define DEVZONE_TO_BYTEVAL(zone) (((int)(zone) < UCHAR_MAX) ? ((uint8_t)(zone) & 0xFFu) : 0x07u) @@ -80,9 +85,9 @@ ATCA_STATUS atcacert_get_response(uint8_t device_private_key_slot, return atcab_sign(device_private_key_slot, challenge, response); } -ATCA_STATUS atcacert_read_device_loc_ext(ATCADevice device, - const atcacert_device_loc_t* device_loc, - uint8_t* data) +ATCA_STATUS atcacert_read_device_loc_ext(ATCADevice device, + const atcacert_device_loc_t* device_loc, + uint8_t* data) { ATCA_STATUS ret = 0; @@ -135,20 +140,21 @@ ATCA_STATUS atcacert_read_device_loc_ext(ATCADevice device, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_read_device_loc(const atcacert_device_loc_t* device_loc, - uint8_t* data) +ATCA_STATUS atcacert_read_device_loc(const atcacert_device_loc_t* device_loc, + uint8_t* data) { return atcacert_read_device_loc_ext(atcab_get_device(), device_loc, data); } #endif -ATCA_STATUS atcacert_read_cert_ext(ATCADevice device, - const atcacert_def_t* cert_def, - const uint8_t ca_public_key[64], - uint8_t* cert, - size_t* cert_size) +ATCA_STATUS atcacert_read_cert_ext(ATCADevice device, + const atcacert_def_t* cert_def, + const uint8_t ca_public_key[64], + uint8_t* cert, + size_t* cert_size) { ATCA_STATUS ret = ATCACERT_E_BAD_PARAMS; + #if ATCACERT_COMPCERT_EN atcacert_device_loc_t device_locs[16]; size_t device_locs_count = 0; @@ -172,7 +178,25 @@ ATCA_STATUS atcacert_read_cert_ext(ATCADevice device, { if (ATCACERT_E_SUCCESS == (ret = atcab_read_bytes_zone_ext(device, (uint8_t)cert_def->comp_cert_dev_loc.zone, cert_def->comp_cert_dev_loc.slot, 0u, cert, *cert_size))) - { + { + ATCADeviceType dev_type = atcab_get_device_type_ext(device); + if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + size_t actual_cert_len = 0x00; + if (ATCACERT_E_SUCCESS == (ret = talib_get_x509_cert_size(device, cert_def->comp_cert_dev_loc.slot, cert, &actual_cert_len))) + { + if (*cert_size > actual_cert_len) + { + *cert_size = actual_cert_len; + } + } + else + { + return ret; + } +#endif + } #if ATCACERT_INTEGRATION_EN cal_buffer buf = CAL_BUF_INIT(*cert_size, cert); /* Load parsed certificate if not already done */ @@ -194,6 +218,7 @@ ATCA_STATUS atcacert_read_cert_ext(ATCADevice device, { #if ATCACERT_COMPCERT_EN ret = atcacert_get_device_locs( + device, cert_def, device_locs, &device_locs_count, @@ -204,7 +229,7 @@ ATCA_STATUS atcacert_read_cert_ext(ATCADevice device, return ret; } - ret = atcacert_cert_build_start(&build_state, cert_def, cert, cert_size, ca_public_key); + ret = atcacert_cert_build_start(device, &build_state, cert_def, cert, cert_size, ca_public_key); if (ret != ATCACERT_E_SUCCESS) { return ret; @@ -237,21 +262,22 @@ ATCA_STATUS atcacert_read_cert_ext(ATCADevice device, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_read_cert(const atcacert_def_t* cert_def, - const uint8_t ca_public_key[64], - uint8_t* cert, - size_t* cert_size) +ATCA_STATUS atcacert_read_cert(const atcacert_def_t* cert_def, + const uint8_t ca_public_key[64], + uint8_t* cert, + size_t* cert_size) { return atcacert_read_cert_ext(atcab_get_device(), cert_def, ca_public_key, cert, cert_size); } #if ATCAB_WRITE_EN -ATCA_STATUS atcacert_write_cert_ext(ATCADevice device, - const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size) +ATCA_STATUS atcacert_write_cert_ext(ATCADevice device, + const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size) { ATCA_STATUS ret = 0; + #if ATCACERT_COMPCERT_EN atcacert_device_loc_t device_locs[16]; size_t device_locs_count = 0; @@ -265,8 +291,20 @@ ATCA_STATUS atcacert_write_cert_ext(ATCADevice device, if (CERTTYPE_X509_FULL_STORED == cert_def->type) { - ret = atcab_write_bytes_zone_ext(device, (uint8_t)cert_def->comp_cert_dev_loc.zone, - cert_def->comp_cert_dev_loc.slot, 0, cert, cert_size); + ATCADeviceType dev_type = atcab_get_device_type_ext(device); + if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + cal_buffer cert_data_buf = cal_buf_init_const_ptr(cert_size, cert); + ret = talib_write_X509_cert(device, cert_def->comp_cert_dev_loc.slot, &cert_data_buf); +#endif + } + else + { + ret = atcab_write_bytes_zone_ext(device, (uint8_t)cert_def->comp_cert_dev_loc.zone, + cert_def->comp_cert_dev_loc.slot, 0, cert, cert_size); + } + if (ret != ATCACERT_E_SUCCESS) { return ret; @@ -276,6 +314,7 @@ ATCA_STATUS atcacert_write_cert_ext(ATCADevice device, { #if ATCACERT_COMPCERT_EN ret = atcacert_get_device_locs( + device, cert_def, device_locs, &device_locs_count, @@ -295,11 +334,11 @@ ATCA_STATUS atcacert_write_cert_ext(ATCADevice device, if (device_locs[i].zone == DEVZONE_CONFIG) { - continue; // Cert data isn't written to the config zone, only read + continue; // Cert data isn't written to the config zone, only read } if (device_locs[i].zone == DEVZONE_DATA && (0U != device_locs[i].is_genkey)) { - continue; // Public key is generated not written + continue; // Public key is generated not written } ret = atcacert_get_device_data(cert_def, cert, cert_size, &device_locs[i], data); @@ -331,9 +370,9 @@ ATCA_STATUS atcacert_write_cert_ext(ATCADevice device, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_write_cert(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size) +ATCA_STATUS atcacert_write_cert(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size) { return atcacert_write_cert_ext(atcab_get_device(), cert_def, cert, cert_size); } @@ -516,11 +555,12 @@ ATCA_STATUS atcacert_read_subj_key_id(const atcacert_def_t* cert_def, uint8_t su } #endif -ATCA_STATUS atcacert_read_cert_size_ext(ATCADevice device, - const atcacert_def_t* cert_def, - size_t* cert_size) +ATCA_STATUS atcacert_read_cert_size_ext(ATCADevice device, + const atcacert_def_t* cert_def, + size_t* cert_size) { ATCA_STATUS ret = ATCACERT_E_SUCCESS; + #if ATCACERT_COMPCERT_EN uint8_t buffer[75]; size_t buflen = sizeof(buffer); @@ -532,9 +572,22 @@ ATCA_STATUS atcacert_read_cert_size_ext(ATCADevice device, } if (CERTTYPE_X509_FULL_STORED == cert_def->type) - { - ret = atcab_get_zone_size_ext(device, (uint8_t)cert_def->comp_cert_dev_loc.zone, + { + ATCADeviceType dev_type = atcab_get_device_type_ext(device); + if (atcab_is_ta_device(dev_type)) + { + if (CERTTYPE_X509_FULL_STORED == cert_def->type) + { +#if ATCA_TA_SUPPORT + ret = talib_get_x509_cert_size(device, cert_def->comp_cert_dev_loc.slot, NULL, cert_size); +#endif + } + } + else + { + ret = atcab_get_zone_size_ext(device, (uint8_t)cert_def->comp_cert_dev_loc.zone, cert_def->comp_cert_dev_loc.slot, cert_size); + } } else { @@ -559,8 +612,8 @@ ATCA_STATUS atcacert_read_cert_size_ext(ATCADevice device, return ret; } -ATCA_STATUS atcacert_read_cert_size(const atcacert_def_t* cert_def, - size_t* cert_size) +ATCA_STATUS atcacert_read_cert_size(const atcacert_def_t* cert_def, + size_t* cert_size) { return atcacert_read_cert_size_ext(atcab_get_device(), cert_def, cert_size); } diff --git a/lib/atcacert/atcacert_date.c b/lib/atcacert/atcacert_date.c index c8a5d0b46..8d253b08d 100644 --- a/lib/atcacert/atcacert_date.c +++ b/lib/atcacert/atcacert_date.c @@ -44,7 +44,7 @@ atcacert_date_format_t atcacert_date_from_asn1_tag(const uint8_t tag) atcacert_date_format_t fmt; #ifdef ATCA_MBEDTLS - fmt = DATEFMT_RFC5280_GEN; //Mbedtls follows always "YYYY-MM-DD HH:MM:SS." + fmt = DATEFMT_RFC5280_GEN; //Mbedtls follows always "YYYY-MM-DD HH:MM:SS." UNUSED_VAR(tag); #else switch (tag) @@ -69,10 +69,10 @@ atcacert_date_format_t atcacert_date_from_asn1_tag(const uint8_t tag) } -ATCA_STATUS atcacert_date_enc(atcacert_date_format_t format, - const atcacert_tm_utc_t* timestamp, - uint8_t* formatted_date, - size_t* formatted_date_size) +ATCA_STATUS atcacert_date_enc(atcacert_date_format_t format, + const atcacert_tm_utc_t* timestamp, + uint8_t* formatted_date, + size_t* formatted_date_size) { ATCA_STATUS rv; @@ -125,10 +125,10 @@ ATCA_STATUS atcacert_date_enc(atcacert_date_format_t format, return rv; } -ATCA_STATUS atcacert_date_dec(atcacert_date_format_t format, - const uint8_t* formatted_date, - size_t formatted_date_size, - atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_date_dec(atcacert_date_format_t format, + const uint8_t* formatted_date, + size_t formatted_date_size, + atcacert_tm_utc_t* timestamp) { ATCA_STATUS rv; @@ -139,7 +139,7 @@ ATCA_STATUS atcacert_date_dec(atcacert_date_format_t format, if (formatted_date_size < ATCACERT_DATE_FORMAT_SIZES[format]) { - return ATCACERT_E_DECODING_ERROR; // Not enough data to parse this date format + return ATCACERT_E_DECODING_ERROR; // Not enough data to parse this date format } switch (format) @@ -189,50 +189,50 @@ ATCA_STATUS atcacert_date_get_max_date(atcacert_date_format_t format, atcacert_t #if ATCACERT_DATEFMT_ISO_EN case DATEFMT_ISO8601_SEP: timestamp->tm_year = 9999 - 1900; - timestamp->tm_mon = 12 - 1; + timestamp->tm_mon = 12 - 1; timestamp->tm_mday = 31; timestamp->tm_hour = 23; - timestamp->tm_min = 59; - timestamp->tm_sec = 59; + timestamp->tm_min = 59; + timestamp->tm_sec = 59; break; #endif #if ATCACERT_DATEFMT_UTC_EN case DATEFMT_RFC5280_UTC: timestamp->tm_year = 2049 - 1900; - timestamp->tm_mon = 12 - 1; + timestamp->tm_mon = 12 - 1; timestamp->tm_mday = 31; timestamp->tm_hour = 23; - timestamp->tm_min = 59; - timestamp->tm_sec = 59; + timestamp->tm_min = 59; + timestamp->tm_sec = 59; break; #endif #if ATCACERT_DATEFMT_POSIX_EN case DATEFMT_POSIX_UINT32_BE: timestamp->tm_year = 2106 - 1900; - timestamp->tm_mon = 2 - 1; + timestamp->tm_mon = 2 - 1; timestamp->tm_mday = 7; timestamp->tm_hour = 6; - timestamp->tm_min = 28; - timestamp->tm_sec = 15; + timestamp->tm_min = 28; + timestamp->tm_sec = 15; break; case DATEFMT_POSIX_UINT32_LE: timestamp->tm_year = 2106 - 1900; - timestamp->tm_mon = 2 - 1; + timestamp->tm_mon = 2 - 1; timestamp->tm_mday = 7; timestamp->tm_hour = 6; - timestamp->tm_min = 28; - timestamp->tm_sec = 15; + timestamp->tm_min = 28; + timestamp->tm_sec = 15; break; #endif #if ATCACERT_DATEFMT_GEN_EN case DATEFMT_RFC5280_GEN: timestamp->tm_year = 9999 - 1900; - timestamp->tm_mon = 12 - 1; + timestamp->tm_mon = 12 - 1; timestamp->tm_mday = 31; timestamp->tm_hour = 23; - timestamp->tm_min = 59; - timestamp->tm_sec = 59; + timestamp->tm_min = 59; + timestamp->tm_sec = 59; break; #endif default: @@ -283,19 +283,19 @@ static const uint8_t* str_to_uint(const uint8_t* str, int width, uint32_t* num) { if (*str < (uint8_t)'0' || *str > (uint8_t)'9') { - return error_ret; // Character is not a digit + return error_ret; // Character is not a digit } if (digit >= 10) { if (*str != (uint8_t)'0') { - return error_ret; // Number is larger than the output can handle + return error_ret; // Number is larger than the output can handle } continue; } if (digit == 9 && *str > (uint8_t)'4') { - return error_ret; // Number is larger than the output can handle + return error_ret; // Number is larger than the output can handle } @@ -303,7 +303,7 @@ static const uint8_t* str_to_uint(const uint8_t* str, int width, uint32_t* num) *num += digit_value * ((uint32_t)*str - (uint32_t)'0'); if (*num < prev_num) { - return error_ret; // Number rolled over, it is larger than the output can handle + return error_ret; // Number rolled over, it is larger than the output can handle } @@ -342,8 +342,8 @@ static const uint8_t* str_to_int(const uint8_t* str, int width, int* num) } #if ATCACERT_DATEFMT_ISO_EN -ATCA_STATUS atcacert_date_enc_iso8601_sep(const atcacert_tm_utc_t* timestamp, - uint8_t formatted_date[DATEFMT_ISO8601_SEP_SIZE]) +ATCA_STATUS atcacert_date_enc_iso8601_sep(const atcacert_tm_utc_t* timestamp, + uint8_t formatted_date[DATEFMT_ISO8601_SEP_SIZE]) { uint8_t* cur_pos = formatted_date; int year = 0; @@ -406,8 +406,8 @@ ATCA_STATUS atcacert_date_enc_iso8601_sep(const atcacert_tm_utc_t* timestamp, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_date_dec_iso8601_sep(const uint8_t formatted_date[DATEFMT_ISO8601_SEP_SIZE], - atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_date_dec_iso8601_sep(const uint8_t formatted_date[DATEFMT_ISO8601_SEP_SIZE], + atcacert_tm_utc_t* timestamp) { const uint8_t* cur_pos = formatted_date; const uint8_t* new_pos = NULL; @@ -422,73 +422,73 @@ ATCA_STATUS atcacert_date_dec_iso8601_sep(const uint8_t formatted_date[DATE new_pos = str_to_int(cur_pos, 4, ×tamp->tm_year); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; timestamp->tm_year -= 1900; if (*(cur_pos++) != (uint8_t)'-') { - return ATCACERT_E_DECODING_ERROR; // Unexpected separator + return ATCACERT_E_DECODING_ERROR; // Unexpected separator } new_pos = str_to_int(cur_pos, 2, ×tamp->tm_mon); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; timestamp->tm_mon -= 1; if (*(cur_pos++) != (uint8_t)'-') { - return ATCACERT_E_DECODING_ERROR; // Unexpected separator + return ATCACERT_E_DECODING_ERROR; // Unexpected separator } new_pos = str_to_int(cur_pos, 2, ×tamp->tm_mday); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; if (*(cur_pos++) != (uint8_t)'T') { - return ATCACERT_E_DECODING_ERROR; // Unexpected separator + return ATCACERT_E_DECODING_ERROR; // Unexpected separator } new_pos = str_to_int(cur_pos, 2, ×tamp->tm_hour); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; if (*(cur_pos++) != (uint8_t)':') { - return ATCACERT_E_DECODING_ERROR; // Unexpected separator + return ATCACERT_E_DECODING_ERROR; // Unexpected separator } new_pos = str_to_int(cur_pos, 2, ×tamp->tm_min); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; if (*(cur_pos++) != (uint8_t)':') { - return ATCACERT_E_DECODING_ERROR; // Unexpected separator + return ATCACERT_E_DECODING_ERROR; // Unexpected separator } new_pos = str_to_int(cur_pos, 2, ×tamp->tm_sec); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; if (*(cur_pos++) != (uint8_t)'Z') { - return ATCACERT_E_DECODING_ERROR; // Unexpected UTC marker + return ATCACERT_E_DECODING_ERROR; // Unexpected UTC marker } return ATCACERT_E_SUCCESS; @@ -496,8 +496,8 @@ ATCA_STATUS atcacert_date_dec_iso8601_sep(const uint8_t formatted_date[DATE #endif #if ATCACERT_DATEFMT_UTC_EN -ATCA_STATUS atcacert_date_enc_rfc5280_utc(const atcacert_tm_utc_t* timestamp, - uint8_t formatted_date[DATEFMT_RFC5280_UTC_SIZE]) +ATCA_STATUS atcacert_date_enc_rfc5280_utc(const atcacert_tm_utc_t* timestamp, + uint8_t formatted_date[DATEFMT_RFC5280_UTC_SIZE]) { uint8_t* cur_pos = formatted_date; int year = 0; @@ -519,7 +519,7 @@ ATCA_STATUS atcacert_date_enc_rfc5280_utc(const atcacert_tm_utc_t* timestamp, } else { - return ATCACERT_E_INVALID_DATE; // Year out of range for RFC2459 UTC format + return ATCACERT_E_INVALID_DATE; // Year out of range for RFC2459 UTC format } cur_pos = uint_to_str(year, 2, cur_pos); @@ -558,8 +558,8 @@ ATCA_STATUS atcacert_date_enc_rfc5280_utc(const atcacert_tm_utc_t* timestamp, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_date_dec_rfc5280_utc(const uint8_t formatted_date[DATEFMT_RFC5280_UTC_SIZE], - atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_date_dec_rfc5280_utc(const uint8_t formatted_date[DATEFMT_RFC5280_UTC_SIZE], + atcacert_tm_utc_t* timestamp) { const uint8_t* cur_pos = formatted_date; const uint8_t* new_pos = NULL; @@ -574,7 +574,7 @@ ATCA_STATUS atcacert_date_dec_rfc5280_utc(const uint8_t formatted_date[DATE new_pos = str_to_int(cur_pos, 2, ×tamp->tm_year); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; if (timestamp->tm_year < 50) @@ -590,7 +590,7 @@ ATCA_STATUS atcacert_date_dec_rfc5280_utc(const uint8_t formatted_date[DATE new_pos = str_to_int(cur_pos, 2, ×tamp->tm_mon); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; timestamp->tm_mon -= 1; @@ -598,34 +598,34 @@ ATCA_STATUS atcacert_date_dec_rfc5280_utc(const uint8_t formatted_date[DATE new_pos = str_to_int(cur_pos, 2, ×tamp->tm_mday); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; new_pos = str_to_int(cur_pos, 2, ×tamp->tm_hour); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; new_pos = str_to_int(cur_pos, 2, ×tamp->tm_min); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; new_pos = str_to_int(cur_pos, 2, ×tamp->tm_sec); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; if (*(cur_pos++) != (uint8_t)'Z') { - return ATCACERT_E_DECODING_ERROR; // Unexpected UTC marker + return ATCACERT_E_DECODING_ERROR; // Unexpected UTC marker } return ATCACERT_E_SUCCESS; @@ -633,8 +633,8 @@ ATCA_STATUS atcacert_date_dec_rfc5280_utc(const uint8_t formatted_date[DATE #endif #if ATCACERT_DATEFMT_GEN_EN -ATCA_STATUS atcacert_date_enc_rfc5280_gen(const atcacert_tm_utc_t* timestamp, - uint8_t formatted_date[DATEFMT_RFC5280_GEN_SIZE]) +ATCA_STATUS atcacert_date_enc_rfc5280_gen(const atcacert_tm_utc_t* timestamp, + uint8_t formatted_date[DATEFMT_RFC5280_GEN_SIZE]) { uint8_t* cur_pos = formatted_date; int year = 0; @@ -687,8 +687,8 @@ ATCA_STATUS atcacert_date_enc_rfc5280_gen(const atcacert_tm_utc_t* timestamp, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_date_dec_rfc5280_gen(const uint8_t formatted_date[DATEFMT_RFC5280_GEN_SIZE], - atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_date_dec_rfc5280_gen(const uint8_t formatted_date[DATEFMT_RFC5280_GEN_SIZE], + atcacert_tm_utc_t* timestamp) { const uint8_t* cur_pos = formatted_date; const uint8_t* new_pos = NULL; @@ -703,7 +703,7 @@ ATCA_STATUS atcacert_date_dec_rfc5280_gen(const uint8_t formatted_date[DATE new_pos = str_to_int(cur_pos, 4, ×tamp->tm_year); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; timestamp->tm_year -= 1900; @@ -711,7 +711,7 @@ ATCA_STATUS atcacert_date_dec_rfc5280_gen(const uint8_t formatted_date[DATE new_pos = str_to_int(cur_pos, 2, ×tamp->tm_mon); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; timestamp->tm_mon -= 1; @@ -719,34 +719,34 @@ ATCA_STATUS atcacert_date_dec_rfc5280_gen(const uint8_t formatted_date[DATE new_pos = str_to_int(cur_pos, 2, ×tamp->tm_mday); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; new_pos = str_to_int(cur_pos, 2, ×tamp->tm_hour); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; new_pos = str_to_int(cur_pos, 2, ×tamp->tm_min); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; new_pos = str_to_int(cur_pos, 2, ×tamp->tm_sec); if (new_pos == cur_pos) { - return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number + return ATCACERT_E_DECODING_ERROR; // There was a problem converting the string to a number } cur_pos = new_pos; if (*(cur_pos++) != (uint8_t)'Z') { - return ATCACERT_E_DECODING_ERROR; // Unexpected UTC marker + return ATCACERT_E_DECODING_ERROR; // Unexpected UTC marker } return ATCACERT_E_SUCCESS; @@ -1044,8 +1044,8 @@ ATCA_STATUS atcacert_date_enc_posix_be(const atcacert_tm_utc_t* timestamp, return ATCACERT_E_SUCCESS; } -static ATCA_STATUS atcacert_date_dec_posix_uint32(uint32_t posix_uint32, - atcacert_tm_utc_t* timestamp) +static ATCA_STATUS atcacert_date_dec_posix_uint32(uint32_t posix_uint32, + atcacert_tm_utc_t* timestamp) { //#ifdef WIN32 // time_t posix_time = (time_t)posix_uint32; @@ -1074,8 +1074,8 @@ static ATCA_STATUS atcacert_date_dec_posix_uint32(uint32_t posix_uint3 return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_date_dec_posix_be(const uint8_t formatted_date[DATEFMT_POSIX_UINT32_BE_SIZE], - atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_date_dec_posix_be(const uint8_t formatted_date[DATEFMT_POSIX_UINT32_BE_SIZE], + atcacert_tm_utc_t* timestamp) { uint32_t posix_uint32 = 0; @@ -1118,8 +1118,8 @@ ATCA_STATUS atcacert_date_enc_posix_le(const atcacert_tm_utc_t* timestamp, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_date_dec_posix_le(const uint8_t formatted_date[DATEFMT_POSIX_UINT32_LE_SIZE], - atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_date_dec_posix_le(const uint8_t formatted_date[DATEFMT_POSIX_UINT32_LE_SIZE], + atcacert_tm_utc_t* timestamp) { uint32_t posix_uint32 = 0; @@ -1138,17 +1138,43 @@ ATCA_STATUS atcacert_date_dec_posix_le(const uint8_t formatted_date[DATEFMT } #endif -#ifdef __COVERITY__ -#pragma coverity compliance block deviate "CERT INT31-C" "Custom integer encoding scheme with documented limitations" -#endif ATCA_STATUS atcacert_date_enc_compcert(const atcacert_tm_utc_t* issue_date, uint8_t expire_years, uint8_t enc_dates[3]) +{ + ATCA_STATUS ret = ATCACERT_E_BAD_PARAMS; + + if (NULL == enc_dates) + { + return ret; + } + + uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE] = { 0 }; + + ret = atcacert_date_enc_compcert_ext(issue_date, expire_years, comp_cert); + if (ret != ATCACERT_E_SUCCESS) + { + return ret; + } + + (void)memcpy(enc_dates, &comp_cert[64], 3); + + return ret; +} + +#ifdef __COVERITY__ +#pragma coverity compliance block deviate "CERT INT31-C" "Custom integer encoding scheme with documented limitations" +#pragma coverity compliance block deviate "MISRA C-2012 Rule 10.8" "Custom integer encoding scheme with documented limitations" +#endif +ATCA_STATUS atcacert_date_enc_compcert_ext(const atcacert_tm_utc_t* issue_date, + uint8_t expire_years, + uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE]) { /* - * Issue and expire dates are compressed/encoded as below + * Issue and expire dates are compressed/encoded as below in the + * compressed certificate. * +---------------+---------------+---------------+ - * | Byte 1 | Byte 2 | Byte 3 | + * | Byte 64 | Byte 65 | Byte 66 | * +---------------+---------------+---------------+ * | | | | | | | | | | | | | | | | | | | | | | | | | * | 5 bits | 4 bits| 5 bits | 5 bits | 5 bits | @@ -1157,15 +1183,59 @@ ATCA_STATUS atcacert_date_enc_compcert(const atcacert_tm_utc_t* issue_date, * +---------+-------+---------+---------+---------+ * * Minutes and seconds are always zero. + * + * If extended dates are used then the format version must be 1 + * and the issue year and expire years get a couple extra bits + * in the last byte of the compressed certificate. + * +-------------------------------------------+ + * | Byte 71 | + * +-------------------------------------------+ + * | | | | | | | | | + * | 2 bits | 2 bits | 4 bits | + * | Year (MSbits) | Expire Years | Reserved | + * | | (MSbits) | | + * +---------------+---------------+-----------+ */ - if (issue_date == NULL || enc_dates == NULL) + uint8_t format_version = 0u; + + if (issue_date == NULL || comp_cert == NULL) { return ATCACERT_E_BAD_PARAMS; } - if ((issue_date->tm_year + 1900) < 2000 || (issue_date->tm_year + 1900) > 2031) + // Compressed certificate format version is the lower 4 bits of byte 70 + format_version = comp_cert[70] & (uint8_t)0x0Fu; + + if (format_version == 0u) { - return ATCACERT_E_INVALID_DATE; + // This version handles years from 2000 to 2031 + if ((issue_date->tm_year + 1900) < 2000 || (issue_date->tm_year + 1900) > 2031) + { + return ATCACERT_E_INVALID_DATE; + } + // and expire years from 0 to 31 + if (expire_years > 31u) + { + return ATCACERT_E_INVALID_DATE; + } + } + else if (format_version == 1u) + { + // This version extends years from 2000 to 2127 + if ((issue_date->tm_year + 1900) < 2000 || (issue_date->tm_year + 1900) > 2127) + { + return ATCACERT_E_INVALID_DATE; + } + // and expire years from 0 to 127 + if (expire_years > 127u) + { + return ATCACERT_E_INVALID_DATE; + } + } + else + { + // Unsupported format version + return ATCACERT_E_BAD_CERT; } if (issue_date->tm_mon < 0 || issue_date->tm_mon > 11) { @@ -1179,40 +1249,64 @@ ATCA_STATUS atcacert_date_enc_compcert(const atcacert_tm_utc_t* issue_date, { return ATCACERT_E_INVALID_DATE; } - if (expire_years > 31u) + + (void)memset(&comp_cert[64], 0, 3); + + comp_cert[64] = (uint8_t)((((uint32_t)issue_date->tm_year + 1900u - 2000u) & 0x1Fu) << 3u); + comp_cert[64] = (uint8_t)((comp_cert[64] & 0xF8u) | (((uint8_t)((uint32_t)issue_date->tm_mon + 1u) & 0x0Fu) >> 1u)); + comp_cert[65] = (uint8_t)(((((uint32_t)issue_date->tm_mon + 1u) & 0x0Fu) << 7u) & 0x80u); + comp_cert[65] = (uint8_t)((comp_cert[65] & 0x83u) | (uint8_t)((((uint32_t)issue_date->tm_mday & 0x1Fu)) << 2u)); + comp_cert[65] = (uint8_t)((comp_cert[65] & 0xFCu) | (((uint8_t)((uint32_t)issue_date->tm_hour & 0x1Fu)) >> 3u)); + comp_cert[66] = (uint8_t)(((((uint32_t)issue_date->tm_hour & 0x1Fu)) << 5u) & 0xE0u); + comp_cert[66] = (uint8_t)((comp_cert[66] & 0xE0u) | ((uint8_t)expire_years & 0x1Fu)); + + comp_cert[71] = comp_cert[71] & 0x0Fu; // Clear the upper 4 bits for extended dates + comp_cert[71] = (uint8_t)((comp_cert[71] | (uint8_t)((((uint32_t)issue_date->tm_year + 1900u - 2000u) & 0x60u) << 1u)) & 0xFFu); // Set upper 2 bits of issue date + comp_cert[71] = (uint8_t)((comp_cert[71] | ((uint8_t)((expire_years & 0x60u) >> 1u))) & 0xFFu); // Set upper 2 bits of expire years + + return ATCACERT_E_SUCCESS; +} + + +ATCA_STATUS atcacert_date_dec_compcert(const uint8_t enc_dates[3], + atcacert_date_format_t expire_date_format, + atcacert_tm_utc_t* issue_date, + atcacert_tm_utc_t* expire_date) +{ + ATCA_STATUS ret = ATCACERT_E_BAD_PARAMS; + + uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE] = { 0 }; + + if (NULL == enc_dates) { - return ATCACERT_E_INVALID_DATE; + return ret; } - (void)memset(enc_dates, 0, 3); + (void)memcpy(&comp_cert[64], enc_dates, 3); - enc_dates[0] = (enc_dates[0] & 0x07u) | (((uint8_t)((uint32_t)issue_date->tm_year + 1900u - 2000u) & 0x1Fu) << 3u); - enc_dates[0] = (uint8_t)((enc_dates[0] & 0xF8u) | ((((uint8_t)issue_date->tm_mon + 1u) & 0x0Fu) >> 1u)); - enc_dates[1] = (uint8_t)((enc_dates[1] & 0x7Fu) | ((((uint8_t)issue_date->tm_mon + 1u) & 0x0Fu) << 7u)); - enc_dates[1] = (uint8_t)((enc_dates[1] & 0x83u) | (((uint8_t)issue_date->tm_mday & 0x1Fu) << 2u)); - enc_dates[1] = (uint8_t)((enc_dates[1] & 0xFCu) | (((uint8_t)issue_date->tm_hour & 0x1Fu) >> 3u)); - enc_dates[2] = (uint8_t)((enc_dates[2] & 0x1Fu) | (((uint8_t)issue_date->tm_hour & 0x1Fu) << 5u)); - enc_dates[2] = (uint8_t)((enc_dates[2] & 0xE0u) | ((uint8_t)expire_years & 0x1Fu)); + ret = atcacert_date_dec_compcert_ext(comp_cert, expire_date_format, issue_date, expire_date); + if (ret != ATCACERT_E_SUCCESS) + { + return ret; + } - return ATCACERT_E_SUCCESS; + return ret; } -#ifdef __COVERITY__ -#pragma coverity compliance end_block "CERT INT31-C" -#pragma coverity compliance block deviate "MISRA C-2012 Rule 10.8" "Custom integer encoding scheme with documented limitations" -#endif -ATCA_STATUS atcacert_date_dec_compcert(const uint8_t enc_dates[3], - atcacert_date_format_t expire_date_format, - atcacert_tm_utc_t* issue_date, - atcacert_tm_utc_t* expire_date) +ATCA_STATUS atcacert_date_dec_compcert_ext(const uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE], + atcacert_date_format_t expire_date_format, + atcacert_tm_utc_t* issue_date, + atcacert_tm_utc_t* expire_date + ) { ATCA_STATUS ret = ATCACERT_E_SUCCESS; uint8_t expire_years = 0; /* - * Issue and expire dates are compressed/encoded as below + * Issue and expire dates are compressed/encoded as below in the + * compressed certificate. * +---------------+---------------+---------------+ - * | Byte 1 | Byte 2 | Byte 3 | + * | Byte 64 | Byte 65 | Byte 66 | * +---------------+---------------+---------------+ * | | | | | | | | | | | | | | | | | | | | | | | | | * | 5 bits | 4 bits| 5 bits | 5 bits | 5 bits | @@ -1221,9 +1315,21 @@ ATCA_STATUS atcacert_date_dec_compcert(const uint8_t enc_dates[3], * +---------+-------+---------+---------+---------+ * * Minutes and seconds are always zero. + * + * If extended dates are used then the format version must be 1 + * and the issue year and expire years get a couple extra bits + * in the last byte of the compressed certificate. + * +-------------------------------------------+ + * | Byte 71 | + * +-------------------------------------------+ + * | | | | | | | | | + * | 2 bits | 2 bits | 4 bits | + * | Year (MSbits) | Expire Years | Reserved | + * | | (MSbits) | | + * +---------------+---------------+-----------+ */ - if (enc_dates == NULL || issue_date == NULL || expire_date == NULL || + if (comp_cert == NULL || issue_date == NULL || expire_date == NULL || expire_date_format >= sizeof(ATCACERT_DATE_FORMAT_SIZES) / sizeof(ATCACERT_DATE_FORMAT_SIZES[0])) { return ATCACERT_E_BAD_PARAMS; @@ -1232,17 +1338,37 @@ ATCA_STATUS atcacert_date_dec_compcert(const uint8_t enc_dates[3], (void)memset(issue_date, 0, sizeof(*issue_date)); (void)memset(expire_date, 0, sizeof(*expire_date)); - issue_date->tm_year = (int)(enc_dates[0] >> 3u) + 2000 - 1900; - issue_date->tm_mon = (int)(((enc_dates[0] & (uint8_t)0x07) << 1u) | ((enc_dates[1] & (uint8_t)0x80) >> 7u)) - 1; - issue_date->tm_mday = (int)((enc_dates[1] & (uint8_t)0x7C) >> 2u); - issue_date->tm_hour = (int)(((enc_dates[1] & (uint8_t)0x03) << 3u) | ((enc_dates[2] & (uint8_t)0xE0) >> 5u)); + // Compressed certificate format version is the lower 4 bits of byte 70 + uint8_t format_version = comp_cert[70] & (uint8_t)0x0Fu; - expire_years = (enc_dates[2] & (uint8_t)0x1F); + if (format_version == 1u) + { + /* + ================================================================= + Issue year byte obtained from 64[7:3] and byte 71[7:6], (note:100u = 2000 - 1900) + ================================================================= + */ + issue_date->tm_year = (int)((uint8_t)((((uint8_t)(((((((comp_cert[71] & (uint8_t)0xc0) >> 1u) & 0x60u) | ((comp_cert[64] >> 3u) & 0x1Fu)) & 0xFFu) + 100u) & 0xFFu)) & 0xFFu))); + /* + ================================================================= + Extended expiry years from 71[5:4] is copied to expire_years [6:5] + ================================================================= + */ + expire_years = (comp_cert[66] & (uint8_t)0x1F) | ((comp_cert[71] & (uint8_t)0x30u) << 1); + } + else + { + issue_date->tm_year = (int)((uint8_t)((((comp_cert[64] & (uint8_t)0xF8u) >> 3u)) + 100u)); + expire_years = (comp_cert[66] & (uint8_t)0x1F); + } + issue_date->tm_mon = (int)(uint8_t)(((((comp_cert[64] & (uint8_t)0x07) << 1u) | ((comp_cert[65] & (uint8_t)0x80) >> 7u)) - 1u) & 0x0Fu); + issue_date->tm_mday = (int)((uint8_t)((comp_cert[65] & (uint8_t)0x7C) >> 2u)); + issue_date->tm_hour = (int)((uint8_t)(((comp_cert[65] & (uint8_t)0x03) << 3u) | ((comp_cert[66] & (uint8_t)0xE0) >> 5u))); if (expire_years != 0u) { expire_date->tm_year = issue_date->tm_year + (int)expire_years; - expire_date->tm_mon = issue_date->tm_mon; + expire_date->tm_mon = issue_date->tm_mon; expire_date->tm_mday = issue_date->tm_mday; expire_date->tm_hour = issue_date->tm_hour; } @@ -1256,8 +1382,66 @@ ATCA_STATUS atcacert_date_dec_compcert(const uint8_t enc_dates[3], } } - return ATCACERT_E_SUCCESS; + return ret; } #ifdef __COVERITY__ +#pragma coverity compliance end_block "CERT INT31-C" #pragma coverity compliance end_block "MISRA C-2012 Rule 10.8" #endif + +int atcacert_date_cmp(const atcacert_tm_utc_t* timestamp1, const atcacert_tm_utc_t* timestamp2) +{ + if (timestamp1 == NULL || timestamp2 == NULL) + { + return ATCACERT_E_BAD_PARAMS; + } + if (timestamp1->tm_year < timestamp2->tm_year) + { + return -1; + } + if (timestamp1->tm_year > timestamp2->tm_year) + { + return 1; + } + if (timestamp1->tm_mon < timestamp2->tm_mon) + { + return -1; + } + if (timestamp1->tm_mon > timestamp2->tm_mon) + { + return 1; + } + if (timestamp1->tm_mday < timestamp2->tm_mday) + { + return -1; + } + if (timestamp1->tm_mday > timestamp2->tm_mday) + { + return 1; + } + if (timestamp1->tm_hour < timestamp2->tm_hour) + { + return -1; + } + if (timestamp1->tm_hour > timestamp2->tm_hour) + { + return 1; + } + if (timestamp1->tm_min < timestamp2->tm_min) + { + return -1; + } + if (timestamp1->tm_min > timestamp2->tm_min) + { + return 1; + } + if (timestamp1->tm_sec < timestamp2->tm_sec) + { + return -1; + } + if (timestamp1->tm_sec > timestamp2->tm_sec) + { + return 1; + } + return 0; +} diff --git a/lib/atcacert/atcacert_date.h b/lib/atcacert/atcacert_date.h index 18ad73762..cff8c6497 100644 --- a/lib/atcacert/atcacert_date.h +++ b/lib/atcacert/atcacert_date.h @@ -88,6 +88,7 @@ typedef uint8_t atcacert_date_format_t; #define DATEFMT_RFC5280_GEN_SIZE (15) #define DATEFMT_MAX_SIZE DATEFMT_ISO8601_SEP_SIZE #define ATCACERT_DATE_FORMAT_SIZES_COUNT 5 +#define ATCACERT_COMP_CERT_MAX_SIZE 72u extern const size_t ATCACERT_DATE_FORMAT_SIZES[ATCACERT_DATE_FORMAT_SIZES_COUNT]; @@ -137,6 +138,23 @@ ATCA_STATUS atcacert_date_enc_compcert(const atcacert_tm_utc_t * issue_date, uint8_t expire_years, uint8_t enc_dates[3]); +/** + * \brief Encode the issue and expire dates in the format used by the compressed certificate. + * + * Supports extended dates if the format version field is set appropriately (currently 1). + * + * \param[in] issue_date Issue date to encode. Note that minutes and seconds will be ignored. + * \param[in] expire_years Expire date is expressed as a number of years past the issue date. + * 0 should be used if there is no expire date. + * \param[in,out] comp_cert Compressed certificate (72 bytes) where the encoded dates will be + * set. Format version must be set appropriately. + * + * \return 0 on success + */ +ATCA_STATUS atcacert_date_enc_compcert_ext(const atcacert_tm_utc_t* issue_date, + uint8_t expire_years, + uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE]); + /** * \brief Decode the issue and expire dates from the format used by the compressed certificate. * @@ -155,6 +173,25 @@ ATCA_STATUS atcacert_date_dec_compcert(const uint8_t enc_dates[3], atcacert_tm_utc_t* issue_date, atcacert_tm_utc_t* expire_date); +/** + * \brief Decode the issue and expire dates from the format used by the compressed certificate. + * + * Supports extended dates if the format version field is 1 + * + * \param[in,out] comp_cert Compressed certificate (72 bytes) where the encoded dates will be + * set. Format version (In comp_cert byte 70([3:0]) must be set to 1 to use extended dates. + * \param[in] expire_date_format Expire date format. Only used to determine max date when no + * expiration date is specified by the encoded date. + * \param[out] issue_date Decoded issue date is returned here. + * \param[out] expire_date Decoded expire date is returned here. If there is no + * expiration date, the expire date will be set to a maximum + * value for the given expire_date_format. + * \return 0 on success + */ +ATCA_STATUS atcacert_date_dec_compcert_ext(const uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE], + atcacert_date_format_t expire_date_format, + atcacert_tm_utc_t* issue_date, + atcacert_tm_utc_t* expire_date); /** * \brief Convert the asn1 tag for the supported time formats into the local time format * @@ -206,6 +243,19 @@ ATCA_STATUS atcacert_date_dec_posix_le(const uint8_t formatted_date[DATEFMT atcacert_tm_utc_t* timestamp); #define atcacert_date_dec_posix_uint32_le atcacert_date_dec_posix_le +/** \brief Compare two dates. + * + * Dates are not checked for validity before comparing. + * + * \param[in] timestamp1 First date to compare. + * \param[in] timestamp2 Second date to compare. + * + * \return -1 if timestamp1 is before timestamp2, + 0 if they are equal, + 1 if they are timestamp1 is after timestamp2. + * ATCACERT_E_BAD_PARAMS if either input is NULL. + */ +int atcacert_date_cmp(const atcacert_tm_utc_t* timestamp1, const atcacert_tm_utc_t* timestamp2); /** @} */ #ifdef __cplusplus diff --git a/lib/atcacert/atcacert_def.c b/lib/atcacert/atcacert_def.c index bdcff23fd..0eceb53c7 100644 --- a/lib/atcacert/atcacert_def.c +++ b/lib/atcacert/atcacert_def.c @@ -49,11 +49,11 @@ #define ATCACERT_MIN(x, y) ((x) < (y) ? (x) : (y)) #define ATCACERT_MAX(x, y) ((x) >= (y) ? (x) : (y)) -ATCA_STATUS atcacert_merge_device_loc(atcacert_device_loc_t* device_locs, - size_t* device_locs_count, - size_t device_locs_max_count, - const atcacert_device_loc_t* device_loc, - size_t block_size) +ATCA_STATUS atcacert_merge_device_loc(atcacert_device_loc_t* device_locs, + size_t* device_locs_count, + size_t device_locs_max_count, + const atcacert_device_loc_t* device_loc, + size_t block_size) { size_t i = 0; size_t new_offset; @@ -66,12 +66,12 @@ ATCA_STATUS atcacert_merge_device_loc(atcacert_device_loc_t* device_locs, if (device_loc->zone == DEVZONE_NONE || device_loc->count == 0u) { - return ATCACERT_E_SUCCESS; // New device location doesn't exist + return ATCACERT_E_SUCCESS; // New device location doesn't exist } - new_offset = (device_loc->offset / block_size) * block_size; // Round down to block_size + new_offset = (device_loc->offset / block_size) * block_size; // Round down to block_size new_end = (size_t)device_loc->offset + (size_t)device_loc->count; - new_end = ((new_end % block_size != 0u) ? new_end / block_size + 1u : new_end / block_size) * block_size; // Round up to block size + new_end = ((new_end % block_size != 0u) ? new_end / block_size + 1u : new_end / block_size) * block_size; // Round up to block size // Try to merge with an existing device location for (i = 0; i < *device_locs_count; ++i) @@ -117,7 +117,7 @@ ATCA_STATUS atcacert_merge_device_loc(atcacert_device_loc_t* device_locs, // New device_loc wasn't merged into an existing one, add to the end of the list if (*device_locs_count >= device_locs_max_count) { - return ATCACERT_E_BUFFER_TOO_SMALL; // No room to add to list + return ATCACERT_E_BUFFER_TOO_SMALL; // No room to add to list } device_locs[*device_locs_count] = *device_loc; @@ -134,7 +134,8 @@ ATCA_STATUS atcacert_merge_device_loc(atcacert_device_loc_t* device_locs, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_get_device_locs(const atcacert_def_t* cert_def, +ATCA_STATUS atcacert_get_device_locs(ATCADevice device, + const atcacert_def_t* cert_def, atcacert_device_loc_t* device_locs, size_t* device_locs_count, size_t device_locs_max_count, @@ -142,6 +143,7 @@ ATCA_STATUS atcacert_get_device_locs(const atcacert_def_t* cert_def, { ATCA_STATUS ret = 0; size_t i; + size_t cfg_rd_size = ATCA_BLOCK_SIZE; if (cert_def == NULL || device_locs == NULL || device_locs_count == NULL) { @@ -183,7 +185,7 @@ ATCA_STATUS atcacert_get_device_locs(const atcacert_def_t* cert_def, if (cert_def->cert_elements_count > 0u && cert_def->cert_elements == NULL) { - return ATCACERT_E_BAD_CERT; // Cert def is in an invalid state + return ATCACERT_E_BAD_CERT; // Cert def is in an invalid state } for (i = 0; i < cert_def->cert_elements_count; i++) @@ -209,18 +211,24 @@ ATCA_STATUS atcacert_get_device_locs(const atcacert_def_t* cert_def, // Device SN is config zone bytes 0-3 and 8-12 atcacert_device_loc_t device_sn_loc = { .zone = DEVZONE_CONFIG, - .slot = 0, // Ignored - .is_genkey = (uint8_t)FALSE, // Ignored + .slot = 0, // Ignored + .is_genkey = (uint8_t)FALSE, // Ignored .offset = 0, .count = 13 }; + if (true == (atcab_is_ca2_device(atcab_get_device_type_ext(device)))) + { + //! Set Ca2 device config zone size + cfg_rd_size = ATCA_CA2_CONFIG_SLOT_SIZE; + } + ret = atcacert_merge_device_loc( device_locs, device_locs_count, device_locs_max_count, &device_sn_loc, - block_size); + cfg_rd_size); if (ret != ATCACERT_E_SUCCESS) { return ret; @@ -285,28 +293,31 @@ static int get_effective_offset(const atcacert_def_t* cert_def, const uint8_t* c return (int)cert[sn_offset] - (int)cert_def->cert_template[sn_offset]; } -ATCA_STATUS atcacert_cert_build_start(atcacert_build_state_t* build_state, - const atcacert_def_t* cert_def, - uint8_t* cert, - size_t* cert_size, - const uint8_t ca_public_key[64]) +ATCA_STATUS atcacert_cert_build_start(ATCADevice device, + atcacert_build_state_t* build_state, + const atcacert_def_t* cert_def, + uint8_t* cert, + size_t* cert_size, + const uint8_t ca_public_key[64]) { ATCA_STATUS ret = 0; size_t new_cert_length; size_t old_cert_der_length_size; - if (build_state == NULL || cert_def == NULL || cert == NULL || cert_size == NULL) + if (build_state == NULL || cert_def == NULL || cert == NULL || cert_size == NULL || NULL == device) { return ATCACERT_E_BAD_PARAMS; } (void)memset(build_state, 0, sizeof(*build_state)); - build_state->cert_def = cert_def; - build_state->cert = cert; - build_state->cert_size = cert_size; + build_state->cert_def = cert_def; + build_state->cert = cert; + build_state->cert_size = cert_size; build_state->max_cert_size = *cert_size; - build_state->is_device_sn = (uint8_t)FALSE; + build_state->is_device_sn = (uint8_t)FALSE; + build_state->is_comp_cert = (uint8_t)FALSE; + build_state->devtype = atcab_get_device_type_ext(device); // Initialize the cert buffer with the cert template - template contains an // arbitrary signature that will be replaced during the certificate build. @@ -351,9 +362,9 @@ ATCA_STATUS atcacert_cert_build_start(atcacert_build_state_t* build_state, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_cert_build_process(atcacert_build_state_t* build_state, - const atcacert_device_loc_t* device_loc, - const uint8_t* device_data) +ATCA_STATUS atcacert_cert_build_process(atcacert_build_state_t* build_state, + const atcacert_device_loc_t* device_loc, + const uint8_t* device_data) { ATCA_STATUS ret = 0; size_t i = 0; @@ -423,11 +434,13 @@ ATCA_STATUS atcacert_cert_build_process(atcacert_build_state_t* build_state data = atcacert_is_device_loc_match(&build_state->cert_def->comp_cert_dev_loc, device_loc, device_data); if (data != NULL) { - if (build_state->cert_def->comp_cert_dev_loc.count != 72u) + if (build_state->cert_def->comp_cert_dev_loc.count != ATCACERT_COMP_CERT_MAX_SIZE) { - return ATCACERT_E_BAD_CERT; // Unexpected compressed certificate size - + return ATCACERT_E_BAD_CERT; // Unexpected compressed certificate size } + (void)memcpy(build_state->comp_cert, data, ATCACERT_COMP_CERT_MAX_SIZE); + // Save as this can be required later for SN generation + build_state->is_comp_cert = (uint8_t)TRUE; ret = atcacert_set_comp_cert( build_state->cert_def, build_state->cert, @@ -518,10 +531,19 @@ ATCA_STATUS atcacert_cert_build_process(atcacert_build_state_t* build_state data = atcacert_is_device_loc_match(&device_sn_dev_loc, device_loc, device_data); if (data != NULL) { - // Get the device SN - build_state->is_device_sn = (uint8_t)TRUE; - (void)memcpy(&build_state->device_sn[0], &data[0], 4); - (void)memcpy(&build_state->device_sn[4], &data[8], 5); + if (true == (atcab_is_ca2_device(build_state->devtype))) + { + // Get the device SN for ca2 device + build_state->is_device_sn = (uint8_t)TRUE; + (void)memcpy(&build_state->device_sn[0], &data[CA_DEV_SN_CONFIG_ZONE_OFFSET], CA_DEV_SN_SIZE); + } + else + { + // Get the device SN for ca device + build_state->is_device_sn = (uint8_t)TRUE; + (void)memcpy(&build_state->device_sn[0], &data[CA2_DEV_SN_CONFIG_ZONE_OFFSET_PART_1], CA2_DEV_SN_SIZE_PART_1); + (void)memcpy(&build_state->device_sn[4], &data[CA2_DEV_SN_CONFIG_ZONE_OFFSET_PART_2], CA2_DEV_SN_SIZE_PART_2); + } } return ATCACERT_E_SUCCESS; @@ -529,30 +551,74 @@ ATCA_STATUS atcacert_cert_build_process(atcacert_build_state_t* build_state ATCA_STATUS atcacert_cert_build_finish(atcacert_build_state_t* build_state) { - ATCA_STATUS ret = 0; - const uint8_t* device_sn = NULL; + ATCA_STATUS ret = ATCACERT_E_SUCCESS; + bool is_sn_generated = false; if (build_state == NULL) { return ATCACERT_E_BAD_PARAMS; } - if ((uint8_t)FALSE != build_state->is_device_sn) - { - device_sn = build_state->device_sn; - } + is_sn_generated = ( + build_state->cert_def->sn_source != SNSRC_STORED && + build_state->cert_def->sn_source != SNSRC_STORED_DYNAMIC); - ret = atcacert_gen_cert_sn(build_state->cert_def, build_state->cert, *build_state->cert_size, device_sn); - if (ret != ATCACERT_E_SUCCESS) + if (true == is_sn_generated) { - return ret; + uint8_t sn[32] = { 0 }; + size_t sn_size = build_state->cert_def->std_cert_elements[STDCERT_CERT_SN].count; + uint8_t public_key[64] = { 0 }; + + if (sizeof(sn) < sn_size) + { + // Serial number buffer is too small for the specified serial number size. + return ATCACERT_E_BAD_CERT; + } + + // Get public key as some SN generation methods require it + ret = atcacert_get_subj_public_key( + build_state->cert_def, + build_state->cert, + *build_state->cert_size, + public_key); + if (ret != ATCACERT_E_SUCCESS) + { + return ret; + } + + // Generate the serial number + ret = atcacert_generate_sn( + build_state->cert_def->sn_source, + (build_state->is_device_sn != (uint8_t)FALSE) ? build_state->device_sn : NULL, + public_key, + (build_state->is_comp_cert != (uint8_t)FALSE) ? build_state->comp_cert : NULL, + sn_size, + sn + ); + if (ret != ATCACERT_E_SUCCESS) + { + return ret; + } + + // Update the certificate with the generated serial number + ret = atcacert_set_cert_sn( + build_state->cert_def, + build_state->cert, + build_state->cert_size, + build_state->max_cert_size, + sn, + sn_size); + if (ret != ATCACERT_E_SUCCESS) + { + return ret; + } } return ret; } -bool atcacert_is_device_loc_overlap(const atcacert_device_loc_t* device_loc1, - const atcacert_device_loc_t* device_loc2) +bool atcacert_is_device_loc_overlap(const atcacert_device_loc_t* device_loc1, + const atcacert_device_loc_t* device_loc2) { if (device_loc1->zone != device_loc2->zone) { @@ -571,10 +637,10 @@ bool atcacert_is_device_loc_overlap(const atcacert_device_loc_t* device_loc1, || (device_loc1->offset >= device_loc2->offset + device_loc2->count)); } -static void atcacert_copy_device_loc_data(const atcacert_device_loc_t* device_loc_src, - const uint8_t* data_src, - const atcacert_device_loc_t* device_loc_dest, - uint8_t* data_dest) +static void atcacert_copy_device_loc_data(const atcacert_device_loc_t* device_loc_src, + const uint8_t* data_src, + const atcacert_device_loc_t* device_loc_dest, + uint8_t* data_dest) { size_t offset = ATCACERT_MAX((size_t)device_loc_src->offset, (size_t)device_loc_dest->offset); size_t end = ATCACERT_MIN((size_t)device_loc_src->offset + (size_t)device_loc_src->count, (size_t)device_loc_dest->offset + (size_t)device_loc_dest->count); @@ -582,15 +648,15 @@ static void atcacert_copy_device_loc_data(const atcacert_device_loc_t* device_lo (void)memcpy(&data_dest[offset - device_loc_dest->offset], &data_src[offset - device_loc_src->offset], end - offset); } -ATCA_STATUS atcacert_get_device_data(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - const atcacert_device_loc_t* device_loc, - uint8_t* device_data) +ATCA_STATUS atcacert_get_device_data(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + const atcacert_device_loc_t* device_loc, + uint8_t* device_data) { ATCA_STATUS ret = 0; unsigned int i = 0u; - uint8_t temp_buf[256] = { 0 }; // Must be at least 72 bytes + uint8_t temp_buf[256] = { 0 }; // Must be at least 72 bytes size_t temp_buf_size = sizeof(temp_buf); if (cert_def == NULL || cert == NULL || device_loc == NULL || device_data == NULL) @@ -625,7 +691,7 @@ ATCA_STATUS atcacert_get_device_data(const atcacert_def_t* cert_def, } else if (cert_def->public_key_dev_loc.count != 64u) { - return ATCACERT_E_BAD_CERT; // Unexpected public key size + return ATCACERT_E_BAD_CERT; // Unexpected public key size } else { @@ -643,9 +709,9 @@ ATCA_STATUS atcacert_get_device_data(const atcacert_def_t* cert_def, { return ret; } - if (cert_def->comp_cert_dev_loc.count != 72u) + if (cert_def->comp_cert_dev_loc.count != ATCACERT_COMP_CERT_MAX_SIZE) { - return ATCACERT_E_BAD_CERT; // Unexpected compressed certificate size + return ATCACERT_E_BAD_CERT; // Unexpected compressed certificate size } atcacert_copy_device_loc_data(&cert_def->comp_cert_dev_loc, temp_buf, device_loc, device_data); } @@ -681,10 +747,10 @@ ATCA_STATUS atcacert_get_device_data(const atcacert_def_t* cert_def, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_set_subj_public_key(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t subj_public_key[64]) +ATCA_STATUS atcacert_set_subj_public_key(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t subj_public_key[64]) { ATCA_STATUS ret = 0; uint8_t key_id[20] = { 0 }; @@ -716,10 +782,10 @@ ATCA_STATUS atcacert_set_subj_public_key(const atcacert_def_t* cert_def, } #endif -ATCA_STATUS atcacert_get_subject(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - cal_buffer* cert_subj_buf) +ATCA_STATUS atcacert_get_subject(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + cal_buffer* cert_subj_buf) { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; @@ -741,10 +807,10 @@ ATCA_STATUS atcacert_get_subject(const atcacert_def_t* cert_def, return status; } -ATCA_STATUS atcacert_get_subj_public_key(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t subj_public_key[64]) +ATCA_STATUS atcacert_get_subj_public_key(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t subj_public_key[64]) { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; @@ -774,10 +840,10 @@ ATCA_STATUS atcacert_get_subj_public_key(const atcacert_def_t* cert_def, return status; } -ATCA_STATUS atcacert_get_subj_key_id(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t subj_key_id[20]) +ATCA_STATUS atcacert_get_subj_key_id(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t subj_key_id[20]) { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; @@ -833,11 +899,11 @@ ATCA_STATUS atcacert_get_issuer(const atcacert_def_t* cert_def, } #if ATCACERT_COMPCERT_EN -ATCA_STATUS atcacert_set_signature(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t* cert_size, - size_t max_cert_size, - const uint8_t signature[64]) +ATCA_STATUS atcacert_set_signature(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t* cert_size, + size_t max_cert_size, + const uint8_t signature[64]) { ATCA_STATUS ret = 0; size_t sig_offset; @@ -859,7 +925,7 @@ ATCA_STATUS atcacert_set_signature(const atcacert_def_t* cert_def, if ((sig_offset >= *cert_size) || (sig_offset > max_cert_size)) { - return ATCACERT_E_ELEM_OUT_OF_BOUNDS; // Signature element is shown as past the end of the certificate + return ATCACERT_E_ELEM_OUT_OF_BOUNDS; // Signature element is shown as past the end of the certificate } // Current size of the signature is from its offset to the end of the cert cur_der_sig_size = *cert_size - sig_offset; @@ -900,10 +966,10 @@ ATCA_STATUS atcacert_set_signature(const atcacert_def_t* cert_def, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_get_signature(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t signature[64]) +ATCA_STATUS atcacert_get_signature(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t signature[64]) { size_t sig_offset; size_t der_sig_size = 0; @@ -924,17 +990,17 @@ ATCA_STATUS atcacert_get_signature(const atcacert_def_t* cert_def, if (sig_offset >= cert_size) { - return ATCACERT_E_ELEM_OUT_OF_BOUNDS; // Signature element is shown as past the end of the certificate + return ATCACERT_E_ELEM_OUT_OF_BOUNDS; // Signature element is shown as past the end of the certificate } der_sig_size = cert_size - sig_offset; return atcacert_der_dec_ecdsa_sig_value(&cert[sig_offset], &der_sig_size, signature); } -ATCA_STATUS atcacert_set_issue_date(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_set_issue_date(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const atcacert_tm_utc_t* timestamp) { ATCA_STATUS ret = 0; uint8_t formatted_date[DATEFMT_MAX_SIZE]; @@ -966,10 +1032,10 @@ ATCA_STATUS atcacert_set_issue_date(const atcacert_def_t* cert_def, } #endif -ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + atcacert_tm_utc_t* timestamp) { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; uint8_t formatted_date[DATEFMT_MAX_SIZE] = { 0x00 }; @@ -1024,7 +1090,7 @@ ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def, break; } - if (ATCA_SUCCESS != (status = atcacert_get_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_ISSUE_DATE], cert, + if (ATCA_SUCCESS != (status = atcacert_get_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_ISSUE_DATE], cert, cert_size, formatted_date, formatted_date_size))) { break; @@ -1040,10 +1106,10 @@ ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def, } #if ATCACERT_COMPCERT_EN -ATCA_STATUS atcacert_set_expire_date(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_set_expire_date(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const atcacert_tm_utc_t* timestamp) { ATCA_STATUS ret = 0; uint8_t formatted_date[DATEFMT_MAX_SIZE]; @@ -1075,10 +1141,10 @@ ATCA_STATUS atcacert_set_expire_date(const atcacert_def_t* cert_def, } #endif -ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - atcacert_tm_utc_t* timestamp) +ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + atcacert_tm_utc_t* timestamp) { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; uint8_t formatted_date[DATEFMT_MAX_SIZE] = { 0x00 }; @@ -1133,7 +1199,7 @@ ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def, break; } - if (ATCA_SUCCESS != (status = atcacert_get_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_EXPIRE_DATE], cert, + if (ATCA_SUCCESS != (status = atcacert_get_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_EXPIRE_DATE], cert, cert_size, formatted_date, formatted_date_size))) { break; @@ -1171,10 +1237,10 @@ static void uint8_to_hex(uint8_t num, uint8_t* hex_str) } } -ATCA_STATUS atcacert_set_signer_id(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t signer_id[2]) +ATCA_STATUS atcacert_set_signer_id(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t signer_id[2]) { uint8_t hex_str[4]; @@ -1230,10 +1296,10 @@ static ATCA_STATUS hex_to_uint8(const uint8_t hex_str[2], uint8_t* num) return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_get_signer_id(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t signer_id[2]) +ATCA_STATUS atcacert_get_signer_id(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t signer_id[2]) { ATCA_STATUS ret = 0; uint8_t hex_str[4]; @@ -1264,12 +1330,12 @@ ATCA_STATUS atcacert_get_signer_id(const atcacert_def_t* cert_def, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t* cert_size, - size_t max_cert_size, - const uint8_t* cert_sn, - size_t cert_sn_size) +ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t* cert_size, + size_t max_cert_size, + const uint8_t* cert_sn, + size_t cert_sn_size) { if (cert_def == NULL || cert == NULL || cert_size == NULL || cert_sn == NULL) { @@ -1285,7 +1351,7 @@ ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, if (sn_offset != 0) { ATCA_STATUS ret = 0; - size_t der_len_offset = 1; // Adjust cert header length + size_t der_len_offset = 1; // Adjust cert header length size_t cert_der_len = 0; size_t cert_len = 0; size_t tbs_der_len = 0; @@ -1295,7 +1361,7 @@ ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, /* coverity[cert_int30_c_violation] overflow is checked by the next statement */ if (*cert_size + sn_offset > max_cert_size) { - return ATCACERT_E_BUFFER_TOO_SMALL; // Cert buffer is too small for resizing + return ATCACERT_E_BUFFER_TOO_SMALL; // Cert buffer is too small for resizing } // Shift everything after the serial number to accommodate its new size if (*cert_size > ((size_t)sn_cert_loc->offset + (size_t)sn_cert_loc->count)) @@ -1328,10 +1394,10 @@ ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, } if (1u + cert_der_len + cert_len != *cert_size) { - return ATCACERT_E_BAD_CERT; // Cert was malformed + return ATCACERT_E_BAD_CERT; // Cert was malformed } - der_len_offset = 1u + cert_der_len + 1u; // cert Tag (1), cert len, TBS tag (1) + der_len_offset = 1u + cert_der_len + 1u; // cert Tag (1), cert len, TBS tag (1) if (der_len_offset > *cert_size) { return ATCACERT_E_ELEM_OUT_OF_BOUNDS; @@ -1360,15 +1426,16 @@ ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, return atcacert_set_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_CERT_SN], cert, *cert_size, cert_sn, cert_sn_size); } -ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t device_sn[9]) +ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t device_sn[9]) { ATCA_STATUS ret = ATCACERT_E_SUCCESS; size_t sn_size = 0; - uint8_t msg[64 + 3] = { 0x00 }; - uint8_t sn[32] = { 0x00 }; + uint8_t sn[32] = { 0 }; + uint8_t public_key[64] = { 0 }; + uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE] = { 0 }; atcacert_tm_utc_t issue_date; uint8_t expire_years; @@ -1386,28 +1453,29 @@ ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, switch (cert_def->sn_source) { - case SNSRC_DEVICE_SN: // Cert serial number is 0x40(MSB) + 9-byte device serial number. Only applies to device certificates. - if (device_sn == NULL) - { - ret = ATCACERT_E_BAD_PARAMS; - } - else - { - sn_size = 1 + 9; - sn[0] = 0x40; - (void)memcpy(&sn[1], device_sn, 9); - } + case SNSRC_DEVICE_SN: + // Cert serial number is 0x40(MSB) + 9-byte device serial number. + // Only applies to device certificates. + sn_size = 1 + 9; + ret = atcacert_generate_sn(cert_def->sn_source, device_sn, NULL, NULL, sn_size, sn); break; - case SNSRC_SIGNER_ID: // Cert serial number is 0x40(MSB) + 2-byte signer ID. Only applies to signer certificates. + case SNSRC_SIGNER_ID: + // Cert serial number is 0x40(MSB) + 2-byte signer ID. + // Only applies to signer certificates. sn_size = 1 + 2; - sn[0] = 0x40; - ret = atcacert_get_signer_id(cert_def, cert, cert_size, &sn[1]); + ret = atcacert_get_signer_id(cert_def, cert, cert_size, &comp_cert[67]); + if (ret != ATCACERT_E_SUCCESS) + { + break; + } + ret = atcacert_generate_sn(cert_def->sn_source, NULL, NULL, comp_cert, sn_size, sn); break; - case SNSRC_PUB_KEY_HASH_RAW: // Cert serial number is the SHA256(Subject public key + Encoded dates) + case SNSRC_PUB_KEY_HASH_RAW: case SNSRC_PUB_KEY_HASH_POS: case SNSRC_PUB_KEY_HASH: + // Cert serial number is the SHA256(Subject public key + Encoded dates) if (cert_def->std_cert_elements[STDCERT_CERT_SN].count > 32u) { ret = ATCACERT_E_UNEXPECTED_ELEM_SIZE; @@ -1415,14 +1483,14 @@ ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, } sn_size = cert_def->std_cert_elements[STDCERT_CERT_SN].count; - // Add public key to hash input - ret = atcacert_get_subj_public_key(cert_def, cert, cert_size, &msg[0]); + // Get public key + ret = atcacert_get_subj_public_key(cert_def, cert, cert_size, public_key); if (ret != ATCACERT_E_SUCCESS) { break; } - // Add compressed/encoded dates to hash input + // Get compressed/encoded dates ret = atcacert_get_issue_date(cert_def, cert, cert_size, &issue_date); if (ret != ATCACERT_E_SUCCESS) { @@ -1433,72 +1501,213 @@ ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, { break; } - ret = atcacert_date_enc_compcert(&issue_date, expire_years, &msg[64]); + + // tm_year value of 131 is 2031 (2031 - 1900) + if (issue_date.tm_year > 131 || expire_years > 31u) + { + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates + } + + // Create the encoded dates in the proper location in the compressed certificate + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); + if (ret != ATCACERT_E_SUCCESS) + { + break; + } + + ret = atcacert_generate_sn(cert_def->sn_source, NULL, public_key, comp_cert, sn_size, sn); + break; + + case SNSRC_DEVICE_SN_HASH_RAW: + case SNSRC_DEVICE_SN_HASH_POS: + case SNSRC_DEVICE_SN_HASH: + // Cert serial number is the SHA256(Device SN + Encoded dates). + // Only applies to device certificates. + if (cert_def->std_cert_elements[STDCERT_CERT_SN].count > 32u) + { + ret = ATCACERT_E_UNEXPECTED_ELEM_SIZE; + break; + } + sn_size = cert_def->std_cert_elements[STDCERT_CERT_SN].count; + + // Add compressed/encoded dates to hash input + ret = atcacert_get_issue_date(cert_def, cert, cert_size, &issue_date); if (ret != ATCACERT_E_SUCCESS) { break; } - ret = atcac_sw_sha2_256(msg, 64 + 3, sn); + ret = atcacert_calc_expire_years(cert_def, cert, cert_size, issue_date.tm_year, &expire_years); if (ret != ATCACERT_E_SUCCESS) { break; } - if (cert_def->sn_source == SNSRC_PUB_KEY_HASH_POS || cert_def->sn_source == SNSRC_PUB_KEY_HASH) + // tm_year value of 131 is 2031 (2031 - 1900) + if (issue_date.tm_year > 131 || expire_years > 31u) { - sn[0] &= 0x7Fu; // Ensure the SN is positive + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates } - if (cert_def->sn_source == SNSRC_PUB_KEY_HASH) + + // Create the encoded dates in the proper location in the compressed certificate + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); + if (ret != ATCACERT_E_SUCCESS) { - sn[0] |= 0x40u; // Ensure the SN doesn't have any trimmable bytes + break; } + + ret = atcacert_generate_sn(cert_def->sn_source, device_sn, NULL, comp_cert, sn_size, sn); break; - case SNSRC_DEVICE_SN_HASH_RAW: // Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates. - case SNSRC_DEVICE_SN_HASH_POS: - case SNSRC_DEVICE_SN_HASH: - if (device_sn == NULL) + default: + ret = ATCACERT_E_BAD_PARAMS; + break; + } + + if (ATCACERT_E_SUCCESS == ret) + { + ret = atcacert_set_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_CERT_SN], cert, cert_size, sn, sn_size); + } + + return ret; +} + +ATCA_STATUS atcacert_generate_sn(atcacert_cert_sn_src_t sn_source, + const uint8_t device_sn[9], + const uint8_t public_key[64], + const uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE], + size_t sn_size, + uint8_t* sn) +{ + ATCA_STATUS ret = ATCACERT_E_SUCCESS; + uint8_t msg[64 + 4] = { 0 }; + size_t msg_size = 0; + uint8_t digest[32] = { 0 }; + uint8_t format_version = 0; + + if (sn == NULL) + { + return ATCACERT_E_BAD_PARAMS; + } + + switch (sn_source) + { + case SNSRC_DEVICE_SN: + // Cert serial number is 0x40(MSB) + 9-byte device serial number. + // Only applies to device certificates. + if (device_sn == NULL || sn_size != (1u + 9u)) { ret = ATCACERT_E_BAD_PARAMS; break; } - if (cert_def->std_cert_elements[STDCERT_CERT_SN].count > 32u) + sn[0] = 0x40u; + (void)memcpy(&sn[1], device_sn, 9); + break; + + case SNSRC_SIGNER_ID: + // Cert serial number is 0x40(MSB) + 2-byte signer ID. + // Only applies to signer certificates. + if (comp_cert == NULL || sn_size != (1u + 2u)) { - ret = ATCACERT_E_UNEXPECTED_ELEM_SIZE; + ret = ATCACERT_E_BAD_PARAMS; break; } - sn_size = cert_def->std_cert_elements[STDCERT_CERT_SN].count; + sn[0] = 0x40; + (void)memcpy(&sn[1], &comp_cert[67], 2); + break; - // Add device SN to the hash input - (void)memcpy(&msg[0], device_sn, 9); + case SNSRC_PUB_KEY_HASH_RAW: + case SNSRC_PUB_KEY_HASH_POS: + case SNSRC_PUB_KEY_HASH: + // Cert serial number is the SHA256(Subject public key + Encoded dates) + if (public_key == NULL || comp_cert == NULL || sn_size <= 0u || sn_size > sizeof(digest)) + { + ret = ATCACERT_E_BAD_PARAMS; + break; + } + // Compressed certificate format version is the lower 4 bits of byte 70 + format_version = comp_cert[70] & 0x0Fu; - // Add compressed/encoded dates to hash input - ret = atcacert_get_issue_date(cert_def, cert, cert_size, &issue_date); - if (ret != ATCACERT_E_SUCCESS) + (void)memcpy(&msg[0], public_key, 64); // Add public key + (void)memcpy(&msg[64], &comp_cert[64], 3); // Add encoded dates from compressed certificate + if (format_version == 0u) + { + msg_size = 64u + 3u; + } + else if (format_version == 1u) + { + // This version supports extended dates that need to be included in the message + msg_size = 64u + 4u; + // Extended date bits are in the upper 4 bits of the last byte + msg[67] = comp_cert[71] & 0xF0u; + } + else { + // Unsupported format version + ret = ATCACERT_E_BAD_CERT; break; } - ret = atcacert_calc_expire_years(cert_def, cert, cert_size, issue_date.tm_year, &expire_years); + + ret = atcac_sw_sha2_256(msg, msg_size, digest); if (ret != ATCACERT_E_SUCCESS) { break; } - ret = atcacert_date_enc_compcert(&issue_date, expire_years, &msg[9]); - if (ret != ATCACERT_E_SUCCESS) + (void)memcpy(sn, digest, sn_size); + + if (sn_source == SNSRC_PUB_KEY_HASH_POS || sn_source == SNSRC_PUB_KEY_HASH) + { + sn[0] &= 0x7Fu; // Ensure the SN is positive + } + if (sn_source == SNSRC_PUB_KEY_HASH) + { + sn[0] |= 0x40u; // Ensure the SN doesn't have any trimmable bytes + } + break; + + case SNSRC_DEVICE_SN_HASH_RAW: + case SNSRC_DEVICE_SN_HASH_POS: + case SNSRC_DEVICE_SN_HASH: + // Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates. + if (device_sn == NULL || comp_cert == NULL || sn_size <= 0u || sn_size > sizeof(digest)) + { + ret = ATCACERT_E_BAD_PARAMS; + break; + } + // Compressed certificate format version is the lower 4 bits of byte 70 + format_version = comp_cert[70] & (uint8_t)0x0Fu; + + (void)memcpy(&msg[0], device_sn, 9); // Add device SN to the hash input + (void)memcpy(&msg[9], &comp_cert[64], 3); // Add encoded dates from compressed certificate + if (format_version == 0u) + { + msg_size = 9 + 3; + } + else if (format_version == 1u) { + // This version supports extended dates that need to be included in the message + msg_size = 9 + 4; + // Extended date bits are in the upper 4 bits of the last byte + msg[12] = comp_cert[71] & (uint8_t)0xF0u; + } + else + { + // Unsupported format version + ret = ATCACERT_E_BAD_CERT; break; } - ret = atcac_sw_sha2_256(msg, 9u + 3u, sn); + + ret = atcac_sw_sha2_256(msg, msg_size, digest); if (ret != ATCACERT_E_SUCCESS) { break; } + (void)memcpy(sn, digest, sn_size); - if (cert_def->sn_source == SNSRC_DEVICE_SN_HASH_POS || cert_def->sn_source == SNSRC_DEVICE_SN_HASH) + if (sn_source == SNSRC_DEVICE_SN_HASH_POS || sn_source == SNSRC_DEVICE_SN_HASH) { sn[0] &= 0x7Fu; // Ensure the SN is positive } - if (cert_def->sn_source == SNSRC_DEVICE_SN_HASH) + if (sn_source == SNSRC_DEVICE_SN_HASH) { sn[0] |= 0x40u; // Ensure the SN doesn't have any trimmable bytes } @@ -1509,20 +1718,16 @@ ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, break; } - if (ATCACERT_E_SUCCESS == ret) - { - ret = atcacert_set_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_CERT_SN], cert, cert_size, sn, sn_size); - } - return ret; } + #endif -ATCA_STATUS atcacert_get_cert_sn(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t* cert_sn, - size_t* cert_sn_size) +ATCA_STATUS atcacert_get_cert_sn(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t* cert_sn, + size_t* cert_sn_size) { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; @@ -1569,10 +1774,10 @@ ATCA_STATUS atcacert_get_cert_sn(const atcacert_def_t* cert_def, } #if ATCACERT_COMPCERT_EN -ATCA_STATUS atcacert_set_auth_key_id(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t auth_public_key[64]) +ATCA_STATUS atcacert_set_auth_key_id(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t auth_public_key[64]) { ATCA_STATUS ret = ATCACERT_E_SUCCESS; uint8_t key_id[20] = { 0 }; @@ -1597,10 +1802,10 @@ ATCA_STATUS atcacert_set_auth_key_id(const atcacert_def_t* cert_def, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_set_auth_key_id_raw(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t* auth_key_id) +ATCA_STATUS atcacert_set_auth_key_id_raw(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t* auth_key_id) { ATCA_STATUS ret = ATCACERT_E_SUCCESS; @@ -1609,7 +1814,7 @@ ATCA_STATUS atcacert_set_auth_key_id_raw(const atcacert_def_t* cert_def, return ATCACERT_E_BAD_PARAMS; } - ret = atcacert_set_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_AUTH_KEY_ID], cert, cert_size, + ret = atcacert_set_cert_element(cert_def, &cert_def->std_cert_elements[STDCERT_AUTH_KEY_ID], cert, cert_size, auth_key_id, cert_def->std_cert_elements[STDCERT_AUTH_KEY_ID].count); if (ret != ATCACERT_E_SUCCESS) { @@ -1620,10 +1825,10 @@ ATCA_STATUS atcacert_set_auth_key_id_raw(const atcacert_def_t* cert_def, } #endif -ATCA_STATUS atcacert_get_auth_key_id(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t auth_key_id[20]) +ATCA_STATUS atcacert_get_auth_key_id(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t auth_key_id[20]) { ATCA_STATUS status = ATCACERT_E_BAD_PARAMS; @@ -1654,14 +1859,13 @@ ATCA_STATUS atcacert_get_auth_key_id(const atcacert_def_t* cert_def, } #if ATCACERT_COMPCERT_EN -ATCA_STATUS atcacert_set_comp_cert(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t* cert_size, - size_t max_cert_size, - const uint8_t comp_cert[72]) +ATCA_STATUS atcacert_set_comp_cert(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t* cert_size, + size_t max_cert_size, + const uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE]) { ATCA_STATUS ret = 0; - uint8_t enc_dates[3]; uint8_t signer_id[2]; uint8_t template_id; uint8_t chain_id; @@ -1677,12 +1881,12 @@ ATCA_STATUS atcacert_set_comp_cert(const atcacert_def_t* cert_def, } format = comp_cert[70] & 0x0Fu; - if (format != 0u) + if (format > 1u) { - return ATCACERT_E_DECODING_ERROR; // Unknown format + return ATCACERT_E_DECODING_ERROR; // Unknown format } - (void)memcpy(enc_dates, &comp_cert[64], 3); + (void)memcpy(signer_id, &comp_cert[67], 2); template_id = (comp_cert[69] >> 4) & 0x0Fu; chain_id = comp_cert[69] & 0x0Fu; @@ -1705,7 +1909,8 @@ ATCA_STATUS atcacert_set_comp_cert(const atcacert_def_t* cert_def, return ret; } - ret = atcacert_date_dec_compcert(enc_dates, cert_def->expire_date_format, &issue_date, &expire_date); + ret = atcacert_date_dec_compcert_ext(comp_cert, cert_def->expire_date_format, &issue_date, &expire_date); + if (ret != ATCACERT_E_SUCCESS) { return ret; @@ -1732,14 +1937,44 @@ ATCA_STATUS atcacert_set_comp_cert(const atcacert_def_t* cert_def, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t comp_cert[72]) +ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE]) +{ + // Default issue date to use in the compressed certificate if no issue + // date certificate location is found in the cert_def. + atcacert_tm_utc_t def_issue_date = { + .tm_sec = 0, + .tm_min = 0, + .tm_hour = 0, + .tm_mday = 1, + .tm_mon = 1 - 1, + .tm_year = 2000 - 1900 + }; + // Default signer id to use in the compressed certificate if no signer id + // certificate location is found in the cert_def. + uint8_t def_signer_id[2] = { 0, 0 }; + + return atcacert_get_comp_cert_ext(cert_def, cert, cert_size, &def_issue_date, def_signer_id, true, comp_cert); +} + +ATCA_STATUS atcacert_get_comp_cert_ext(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + const atcacert_tm_utc_t* def_issue_date, + const uint8_t* def_signer_id, + bool is_diff_expire_years_ok, + uint8_t comp_cert[ATCACERT_COMP_CERT_MAX_SIZE]) { ATCA_STATUS ret = ATCACERT_E_SUCCESS; atcacert_tm_utc_t issue_date; - uint8_t expire_years; + atcacert_tm_utc_t expire_date; + atcacert_tm_utc_t max_date; + int expire_years; + bool is_issue_date = false; + bool is_expire_date = false; + bool is_even_years = false; if (cert_def == NULL || cert == NULL || comp_cert == NULL) { @@ -1747,6 +1982,8 @@ ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t* cert_def, } (void)memset(&issue_date, 0, sizeof(issue_date)); + (void)memset(&expire_date, 0, sizeof(expire_date)); + (void)memset(&max_date, 0, sizeof(max_date)); do { if (ATCACERT_E_SUCCESS != (ret = atcacert_get_signature(cert_def, cert, cert_size, &comp_cert[0]))) @@ -1754,39 +1991,134 @@ ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t* cert_def, break; } - if (ATCACERT_E_SUCCESS != (ret = atcacert_get_issue_date(cert_def, cert, cert_size, &issue_date))) + ret = atcacert_get_issue_date(cert_def, cert, cert_size, &issue_date); + is_issue_date = (ret == ATCACERT_E_SUCCESS); + if (ret == ATCACERT_E_ELEM_MISSING) { - if (ret == ATCACERT_E_ELEM_MISSING) + // No issue date location in cert cef, use default provided + if (def_issue_date == NULL) { - // No issue date in cert, just use lowest possible date - issue_date.tm_year = 2000 - 1900; - issue_date.tm_mon = 1 - 1; - issue_date.tm_mday = 1; - issue_date.tm_hour = 0; - issue_date.tm_min = 0; - issue_date.tm_sec = 0; + return ATCACERT_E_BAD_PARAMS; } - else + issue_date = *def_issue_date; + } + else if (ret != ATCACERT_E_SUCCESS) + { + // Unexpected error trying to get the issue date + break; + } + else + { + // Issue date was either found or an appropriate default was used + } + + // In most cases the expire_years value from the cert_def will be used + expire_years = (int)cert_def->expire_years; + + // Attempt to get the expire date from the certificate + ret = atcacert_get_expire_date(cert_def, cert, cert_size, &expire_date); + is_expire_date = (ret == ATCACERT_E_SUCCESS); + if (ret != ATCACERT_E_SUCCESS && ret != ATCACERT_E_ELEM_MISSING) + { + // Unexpected error trying to get the expire date + break; + } + + if (is_expire_date) + { + // Check to see if the expire date is a max value for its format + if (ATCACERT_E_SUCCESS != (ret = atcacert_date_get_max_date(cert_def->expire_date_format, &max_date))) { break; } + + if (atcacert_date_cmp(&expire_date, &max_date) != 0) + { + // Expire date is not a max value + if (is_issue_date) + { + // An issue date is available from the certificate + + // Check to see if the expire date is an even number of + // years from the issue date. + is_even_years = + (issue_date.tm_mon == expire_date.tm_mon) && + (issue_date.tm_mday == expire_date.tm_mday) && + (issue_date.tm_hour == expire_date.tm_hour) && + (issue_date.tm_min == expire_date.tm_min) && + (issue_date.tm_sec == expire_date.tm_sec); + + if (is_even_years) + { + // The expire date is an even number of years from the + // issue date + if (issue_date.tm_year > expire_date.tm_year) + { + // Issue date is after the expire date + return ATCACERT_E_BAD_CERT; + } + if (expire_date.tm_year - issue_date.tm_year < 32) + { + // Calculated expire years is within range of the + // encoded dates + expire_years = expire_date.tm_year - issue_date.tm_year; + if (expire_years != (int)cert_def->expire_years && !is_diff_expire_years_ok) + { + // Calculated expire years from the + // certificate is in the range of the + // compressed certificate expire years field + // (0 to 31), but is different from the value + // in the cert_def and is_diff_expire_years_ok + // doesn't allow overriding it. + return ATCACERT_E_WRONG_CERT_DEF; + } + } + } + } + } + else + { + // Expire date is a max value. An expire years value of 0 is + // used to express the max value, which is typically used for + // certificates that have no practical expiration. + if (0u != cert_def->expire_years && !is_diff_expire_years_ok) + { + // Certificate is using a max date, which maps to an + // expire years value of 0. However, this doesn't match + // what is in the cert_def and is_diff_expire_years_ok + // doesn't allow overriding it. + return ATCACERT_E_WRONG_CERT_DEF; + } + // Max expire date maps to an expire years value of 0 + expire_years = 0; + } } - if (ATCACERT_E_SUCCESS != (ret = atcacert_calc_expire_years(cert_def, cert, cert_size, issue_date.tm_year, &expire_years))) + (void)memset(&comp_cert[70], 0, 2); + + // tm_year value of 131 is 2031 (2031 - 1900) + if (issue_date.tm_year > 131 || expire_years > 31) { - break; + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates } - if (ATCACERT_E_SUCCESS != (ret = atcacert_date_enc_compcert(&issue_date, expire_years, &comp_cert[64]))) + // Encode the certificate issue and expire dates into the compressed certificate + if (ATCACERT_E_SUCCESS != (ret = atcacert_date_enc_compcert_ext(&issue_date, (uint8_t)expire_years, &comp_cert[0]))) { break; } + issue_date = *def_issue_date; if (ATCACERT_E_SUCCESS != (ret = atcacert_get_signer_id(cert_def, cert, cert_size, &comp_cert[67]))) { if (ret == ATCACERT_E_ELEM_MISSING) { - (void)memset(&comp_cert[67], 0, sizeof(uint16_t)); // No signer ID in cert, use 0 + // No signer id location in cert def, use default provided + if (def_signer_id == NULL) + { + return ATCACERT_E_BAD_PARAMS; + } + (void)memcpy(&comp_cert[67], def_signer_id, 2); } else { @@ -1795,8 +2127,7 @@ ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t* cert_def, } comp_cert[69] = (uint8_t)(((cert_def->template_id & 0x0Fu) << 4) | (cert_def->chain_id & 0x0Fu)); - comp_cert[70] = (uint8_t)((((uint8_t)cert_def->sn_source & 0x0Fu) << 4) | 0u); - comp_cert[71] = 0u; + comp_cert[70] |= (uint8_t)((((uint8_t)cert_def->sn_source & 0x0Fu) << 4) | 0u); ret = ATCACERT_E_SUCCESS; } while (false); @@ -1804,11 +2135,11 @@ ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t* cert_def, return ret; } -ATCA_STATUS atcacert_get_tbs(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - const uint8_t** tbs, - size_t* tbs_size) +ATCA_STATUS atcacert_get_tbs(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + const uint8_t** tbs, + size_t* tbs_size) { int eff_offset = 0; @@ -1829,10 +2160,10 @@ ATCA_STATUS atcacert_get_tbs(const atcacert_def_t* cert_def, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_get_tbs_digest(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t tbs_digest[32]) +ATCA_STATUS atcacert_get_tbs_digest(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t tbs_digest[32]) { ATCA_STATUS ret = ATCACERT_E_SUCCESS; const uint8_t* tbs = NULL; @@ -1858,12 +2189,12 @@ ATCA_STATUS atcacert_get_tbs_digest(const atcacert_def_t* cert_def, return ret; } -ATCA_STATUS atcacert_set_cert_element(const atcacert_def_t* cert_def, - const atcacert_cert_loc_t* cert_loc, - uint8_t* cert, - size_t cert_size, - const uint8_t* data, - size_t data_size) +ATCA_STATUS atcacert_set_cert_element(const atcacert_def_t* cert_def, + const atcacert_cert_loc_t* cert_loc, + uint8_t* cert, + size_t cert_size, + const uint8_t* data, + size_t data_size) { int eff_offset = 0; @@ -1903,12 +2234,12 @@ ATCA_STATUS atcacert_set_cert_element(const atcacert_def_t* cert_def, return ATCACERT_E_SUCCESS; } -ATCA_STATUS atcacert_get_cert_element(const atcacert_def_t* cert_def, - const atcacert_cert_loc_t* cert_loc, - const uint8_t* cert, - size_t cert_size, - uint8_t* data, - size_t data_size) +ATCA_STATUS atcacert_get_cert_element(const atcacert_def_t* cert_def, + const atcacert_cert_loc_t* cert_loc, + const uint8_t* cert, + size_t cert_size, + uint8_t* data, + size_t data_size) { int eff_offset = 0; @@ -1919,7 +2250,7 @@ ATCA_STATUS atcacert_get_cert_element(const atcacert_def_t* cert_def, if (cert_loc->count == 0u) { - return ATCACERT_E_ELEM_MISSING; // This element doesn't exist in the certificate + return ATCACERT_E_ELEM_MISSING; // This element doesn't exist in the certificate } if (cert_loc->count != data_size) @@ -1964,15 +2295,15 @@ void atcacert_public_key_add_padding(const uint8_t raw_key[64], uint8_t padded_k void atcacert_public_key_remove_padding(const uint8_t padded_key[72], uint8_t raw_key[64]) { - (void)memmove(&raw_key[0], &padded_key[4], 32); // Move X - (void)memmove(&raw_key[32], &padded_key[40], 32); // Move Y + (void)memmove(&raw_key[0], &padded_key[4], 32); // Move X + (void)memmove(&raw_key[32], &padded_key[40], 32); // Move Y } -ATCA_STATUS atcacert_transform_data(atcacert_transform_t transform, - const uint8_t* data, - size_t data_size, - uint8_t* destination, - size_t* destination_size) +ATCA_STATUS atcacert_transform_data(atcacert_transform_t transform, + const uint8_t* data, + size_t data_size, + uint8_t* destination, + size_t* destination_size) { ATCA_STATUS rv = ATCACERT_E_SUCCESS; @@ -2029,8 +2360,8 @@ ATCA_STATUS atcacert_transform_data(atcacert_transform_t transform, return rv; } -ATCA_STATUS atcacert_max_cert_size(const atcacert_def_t* cert_def, - size_t* max_cert_size) +ATCA_STATUS atcacert_max_cert_size(const atcacert_def_t* cert_def, + size_t* max_cert_size) { uint8_t template_sn_size; @@ -2070,17 +2401,16 @@ ATCA_STATUS atcacert_max_cert_size(const atcacert_def_t* cert_def, } #endif /* ATCACERT_EN */ -int atcacert_calc_expire_years( const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - int issue_tm_year, - uint8_t* expire_years) +int atcacert_calc_expire_years(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + int issue_tm_year, + uint8_t* expire_years) { int ret; int temp_expire_years = 0; atcacert_tm_utc_t expire_date = { 0 }; - // Add compressed/encoded dates to hash input if (ATCACERT_E_SUCCESS != (ret = atcacert_get_expire_date(cert_def, cert, cert_size, &expire_date))) { return ret; @@ -2094,7 +2424,9 @@ int atcacert_calc_expire_years( const atcacert_def_t* cert_def, } temp_expire_years = expire_date.tm_year - issue_tm_year; - if ((0 <= temp_expire_years) && (32 > temp_expire_years)) + // 127 is the max expire years value when using extended dates with compressed + // certificate format version 1 + if ((0 <= temp_expire_years) && (128 > temp_expire_years)) { *expire_years = (uint8_t)temp_expire_years; } diff --git a/lib/atcacert/atcacert_def.h b/lib/atcacert/atcacert_def.h index 2d6302e87..09ab63d57 100644 --- a/lib/atcacert/atcacert_def.h +++ b/lib/atcacert/atcacert_def.h @@ -50,6 +50,14 @@ #define ATCA_MAX_TRANSFORMS 2 +#define CA_DEV_SN_SIZE 9u +#define CA2_DEV_SN_SIZE_PART_1 4u +#define CA2_DEV_SN_SIZE_PART_2 5u + +#define CA_DEV_SN_CONFIG_ZONE_OFFSET 0u +#define CA2_DEV_SN_CONFIG_ZONE_OFFSET_PART_1 0u +#define CA2_DEV_SN_CONFIG_ZONE_OFFSET_PART_2 8u + /** \defgroup atcacert_ Certificate manipulation methods (atcacert_) * @@ -74,16 +82,16 @@ typedef enum atcacert_cert_type_e */ typedef enum atcacert_cert_sn_src_e { - SNSRC_STORED = 0x0, //!< Cert serial is stored on the device. - SNSRC_STORED_DYNAMIC = 0x7, //!< Cert serial is stored on the device with the first byte being the DER size (X509 certs only). - SNSRC_DEVICE_SN = 0x8, //!< Cert serial number is 0x40(MSB) + 9-byte device serial number. Only applies to device certificates. - SNSRC_SIGNER_ID = 0x9, //!< Cert serial number is 0x40(MSB) + 2-byte signer ID. Only applies to signer certificates. - SNSRC_PUB_KEY_HASH = 0xA, //!< Cert serial number is the SHA256(Subject public key + Encoded dates), with uppermost 2 bits set to 01. - SNSRC_DEVICE_SN_HASH = 0xB, //!< Cert serial number is the SHA256(Device SN + Encoded dates), with uppermost 2 bits set to 01. Only applies to device certificates. - SNSRC_PUB_KEY_HASH_POS = 0xC, //!< Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates), with MSBit set to 0 to ensure it's positive. - SNSRC_DEVICE_SN_HASH_POS = 0xD, //!< Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates), with MSBit set to 0 to ensure it's positive. Only applies to device certificates. - SNSRC_PUB_KEY_HASH_RAW = 0xE, //!< Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates). - SNSRC_DEVICE_SN_HASH_RAW = 0xF //!< Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates. + SNSRC_STORED = 0x0, //!< Cert serial is stored on the device. + SNSRC_STORED_DYNAMIC = 0x7, //!< Cert serial is stored on the device with the first byte being the DER size (X509 certs only). + SNSRC_DEVICE_SN = 0x8, //!< Cert serial number is 0x40(MSB) + 9-byte device serial number. Only applies to device certificates. + SNSRC_SIGNER_ID = 0x9, //!< Cert serial number is 0x40(MSB) + 2-byte signer ID. Only applies to signer certificates. + SNSRC_PUB_KEY_HASH = 0xA, //!< Cert serial number is the SHA256(Subject public key + Encoded dates), with uppermost 2 bits set to 01. + SNSRC_DEVICE_SN_HASH = 0xB, //!< Cert serial number is the SHA256(Device SN + Encoded dates), with uppermost 2 bits set to 01. Only applies to device certificates. + SNSRC_PUB_KEY_HASH_POS = 0xC, //!< Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates), with MSBit set to 0 to ensure it's positive. + SNSRC_DEVICE_SN_HASH_POS = 0xD, //!< Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates), with MSBit set to 0 to ensure it's positive. Only applies to device certificates. + SNSRC_PUB_KEY_HASH_RAW = 0xE, //!< Depreciated, don't use. Cert serial number is the SHA256(Subject public key + Encoded dates). + SNSRC_DEVICE_SN_HASH_RAW = 0xF //!< Depreciated, don't use. Cert serial number is the SHA256(Device SN + Encoded dates). Only applies to device certificates. } atcacert_cert_sn_src_t; /** @@ -91,27 +99,27 @@ typedef enum atcacert_cert_sn_src_e */ typedef enum atcacert_device_zone_e { - DEVZONE_CONFIG = 0x00, //!< Configuration zone. - DEVZONE_OTP = 0x01, //!< One Time Programmable zone. - DEVZONE_DATA = 0x02, //!< Data zone (slots). - DEVZONE_GENKEY = 0x03, //!< Data zone - Generate Pubkey (slots). - DEVZONE_NONE = 0x07 //!< Special value used to indicate there is no device location. + DEVZONE_CONFIG = 0x00, //!< Configuration zone. + DEVZONE_OTP = 0x01, //!< One Time Programmable zone. + DEVZONE_DATA = 0x02, //!< Data zone (slots). + DEVZONE_GENKEY = 0x03, //!< Data zone - Generate Pubkey (slots). + DEVZONE_NONE = 0x07 //!< Special value used to indicate there is no device location. } atcacert_device_zone_t; /** \brief How to transform the data from the device to the certificate. */ typedef enum atcacert_transform_e { - TF_NONE, //!< No transform, data is used byte for byte - TF_REVERSE, //!< Reverse the bytes (e.g. change endianness) - TF_BIN2HEX_UC, //!< Convert raw binary into ASCII hex, uppercase - TF_BIN2HEX_LC, //!< Convert raw binary into ASCII hex, lowercase - TF_HEX2BIN_UC, //!< Convert ASCII hex, uppercase to binary - TF_HEX2BIN_LC, //!< Convert ASCII hex, lowercase to binary - TF_BIN2HEX_SPACE_UC, //!< Convert raw binary into ASCII hex, uppercase space between bytes - TF_BIN2HEX_SPACE_LC, //!< Convert raw binary into ASCII hex, lowercase space between bytes - TF_HEX2BIN_SPACE_UC, //!< Convert ASCII hex, uppercase with spaces between bytes to binary - TF_HEX2BIN_SPACE_LC, //!< Convert ASCII hex, lowercase with spaces between bytes to binary + TF_NONE, //!< No transform, data is used byte for byte + TF_REVERSE, //!< Reverse the bytes (e.g. change endianness) + TF_BIN2HEX_UC, //!< Convert raw binary into ASCII hex, uppercase + TF_BIN2HEX_LC, //!< Convert raw binary into ASCII hex, lowercase + TF_HEX2BIN_UC, //!< Convert ASCII hex, uppercase to binary + TF_HEX2BIN_LC, //!< Convert ASCII hex, lowercase to binary + TF_BIN2HEX_SPACE_UC, //!< Convert raw binary into ASCII hex, uppercase space between bytes + TF_BIN2HEX_SPACE_LC, //!< Convert raw binary into ASCII hex, lowercase space between bytes + TF_HEX2BIN_SPACE_UC, //!< Convert ASCII hex, uppercase with spaces between bytes to binary + TF_HEX2BIN_SPACE_LC, //!< Convert ASCII hex, lowercase with spaces between bytes to binary } atcacert_transform_t; /** @@ -127,7 +135,7 @@ typedef enum atcacert_std_cert_element_e STDCERT_CERT_SN, STDCERT_AUTH_KEY_ID, STDCERT_SUBJ_KEY_ID, - STDCERT_NUM_ELEMENTS //!< Special item to give the number of elements in this enum + STDCERT_NUM_ELEMENTS //!< Special item to give the number of elements in this enum } atcacert_std_cert_element_t; // Some of these structures may need to be byte-accurate @@ -140,11 +148,11 @@ typedef enum atcacert_std_cert_element_e */ typedef struct ATCA_PACKED atcacert_device_loc_s { - atcacert_device_zone_t zone; //!< Zone in the device. - uint16_t slot; //!< Slot within the data zone. Only applies if zone is DEVZONE_DATA. - uint8_t is_genkey; //!< If true, use GenKey command to get the contents instead of Read. - uint16_t offset; //!< Byte offset in the zone. - uint16_t count; //!< Byte count. + atcacert_device_zone_t zone; //!< Zone in the device. + uint16_t slot; //!< Slot within the data zone. Only applies if zone is DEVZONE_DATA. + uint8_t is_genkey; //!< If true, use GenKey command to get the contents instead of Read. + uint16_t offset; //!< Byte offset in the zone. + uint16_t count; //!< Byte count. } atcacert_device_loc_t; /** @@ -161,10 +169,10 @@ typedef struct ATCA_PACKED atcacert_cert_loc_s */ typedef struct ATCA_PACKED atcacert_cert_element_s { - char id[25]; //!< ID identifying this element. - atcacert_device_loc_t device_loc; //!< Location in the device for the element. - atcacert_cert_loc_t cert_loc; //!< Location in the certificate template for the element. - atcacert_transform_t transforms[ATCA_MAX_TRANSFORMS]; //!< List of transforms from device to cert for this element. + char id[25]; //!< ID identifying this element. + atcacert_device_loc_t device_loc; //!< Location in the device for the element. + atcacert_cert_loc_t cert_loc; //!< Location in the certificate template for the element. + atcacert_transform_t transforms[ATCA_MAX_TRANSFORMS]; //!< List of transforms from device to cert for this element. } atcacert_cert_element_t; #ifndef ATCA_NO_PRAGMA_PACK @@ -179,28 +187,28 @@ typedef struct ATCA_PACKED atcacert_cert_element_s */ typedef struct atcacert_def_s { - atcacert_cert_type_t type; //!< Certificate type. - atcacert_device_loc_t comp_cert_dev_loc; //!< Where on the device the compressed cert can be found. + atcacert_cert_type_t type; //!< Certificate type. + atcacert_device_loc_t comp_cert_dev_loc; //!< Where on the device the compressed cert can be found. #if ATCACERT_COMPCERT_EN - uint8_t template_id; //!< ID for the this certificate definition (4-bit value). - uint8_t chain_id; //!< ID for the certificate chain this definition is a part of (4-bit value). - uint8_t private_key_slot; //!< If this is a device certificate template, this is the device slot for the device private key. - atcacert_cert_sn_src_t sn_source; //!< Where the certificate serial number comes from (4-bit value). - atcacert_device_loc_t cert_sn_dev_loc; //!< Only applies when sn_source is SNSRC_STORED or SNSRC_STORED_DYNAMIC. Describes where to get the certificate serial number on the device. - atcacert_date_format_t issue_date_format; //!< Format of the issue date in the certificate. - atcacert_date_format_t expire_date_format; //!< format of the expire date in the certificate. - atcacert_cert_loc_t tbs_cert_loc; //!< Location in the certificate for the TBS (to be signed) portion. - uint8_t expire_years; //!< Number of years the certificate is valid for (5-bit value). 0 means no expiration. - atcacert_device_loc_t public_key_dev_loc; //!< Where on the device the public key can be found. - atcacert_cert_loc_t std_cert_elements[STDCERT_NUM_ELEMENTS]; //!< Where in the certificate template the standard cert elements are inserted. - const atcacert_cert_element_t* cert_elements; //!< Additional certificate elements outside of the standard certificate contents. - uint8_t cert_elements_count; //!< Number of additional certificate elements in cert_elements. - const uint8_t* cert_template; //!< Pointer to the actual certificate template data. - uint16_t cert_template_size; //!< Size of the certificate template in cert_template in bytes. + uint8_t template_id; //!< ID for the this certificate definition (4-bit value). + uint8_t chain_id; //!< ID for the certificate chain this definition is a part of (4-bit value). + uint8_t private_key_slot; //!< If this is a device certificate template, this is the device slot for the device private key. + atcacert_cert_sn_src_t sn_source; //!< Where the certificate serial number comes from (4-bit value). + atcacert_device_loc_t cert_sn_dev_loc; //!< Only applies when sn_source is SNSRC_STORED or SNSRC_STORED_DYNAMIC. Describes where to get the certificate serial number on the device. + atcacert_date_format_t issue_date_format; //!< Format of the issue date in the certificate. + atcacert_date_format_t expire_date_format; //!< format of the expire date in the certificate. + atcacert_cert_loc_t tbs_cert_loc; //!< Location in the certificate for the TBS (to be signed) portion. + uint8_t expire_years; //!< Number of years the certificate is valid for (5-bit value). 0 means no expiration. + atcacert_device_loc_t public_key_dev_loc; //!< Where on the device the public key can be found. + atcacert_cert_loc_t std_cert_elements[STDCERT_NUM_ELEMENTS]; //!< Where in the certificate template the standard cert elements are inserted. + const atcacert_cert_element_t* cert_elements; //!< Additional certificate elements outside of the standard certificate contents. + uint8_t cert_elements_count; //!< Number of additional certificate elements in cert_elements. + const uint8_t* cert_template; //!< Pointer to the actual certificate template data. + uint16_t cert_template_size; //!< Size of the certificate template in cert_template in bytes. #endif - const struct atcacert_def_s* ca_cert_def; //!< Certificate definition of the CA certificate + const struct atcacert_def_s* ca_cert_def; //!< Certificate definition of the CA certificate #if ATCACERT_INTEGRATION_EN - struct atcac_x509_ctx** parsed; + struct atcac_x509_ctx** parsed; #endif } atcacert_def_t; @@ -210,12 +218,15 @@ typedef struct atcacert_def_s typedef struct atcacert_build_state_s { - const atcacert_def_t* cert_def; //!< Certificate definition for the certificate being rebuilt. - uint8_t* cert; //!< Buffer to contain the rebuilt certificate. - size_t* cert_size; //!< Current size of the certificate in bytes. - size_t max_cert_size; //!< Max size of the cert buffer in bytes. - uint8_t is_device_sn; //!< Indicates the structure contains the device SN. - uint8_t device_sn[9]; //!< Storage for the device SN, when it's found. + const atcacert_def_t* cert_def; //!< Certificate definition for the certificate being rebuilt. + uint8_t* cert; //!< Buffer to contain the rebuilt certificate. + size_t* cert_size; //!< Current size of the certificate in bytes. + size_t max_cert_size; //!< Max size of the cert buffer in bytes. + uint8_t is_device_sn; //!< Indicates the structure contains the device SN. + ATCADeviceType devtype; //!< Device type info for the certificate being rebuilt. + uint8_t device_sn[9]; //!< Storage for the device SN, when it's found. + uint8_t is_comp_cert; //!< Indicates the structure contains the compressed certificate. + uint8_t comp_cert[72]; //!< Storage for the compressed certificate when it's found. } atcacert_build_state_t; // Inform function naming when compiling in C++ @@ -233,6 +244,7 @@ extern "C" { * aligns with that block size. This allows one to generate a list of device locations that matches * specific read or write semantics (e.g. 4 byte or 32 byte reads). * + * \param[in] device Device context * \param[in] cert_def Certificate definition containing all the device locations * to add to the list. * \param[in,out] device_locs List of device locations to add to. @@ -244,7 +256,8 @@ extern "C" { * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_device_locs(const atcacert_def_t* cert_def, +ATCA_STATUS atcacert_get_device_locs(ATCADevice device, + const atcacert_def_t* cert_def, atcacert_device_loc_t* device_locs, size_t* device_locs_count, size_t device_locs_max_count, @@ -253,6 +266,7 @@ ATCA_STATUS atcacert_get_device_locs(const atcacert_def_t* cert_def, /** * \brief Starts the certificate rebuilding process. * + * \param[in] device device context * \param[out] build_state Structure is initialized to start the certificate building process. * Will be passed to the other certificate building functions. * \param[in] cert_def Certificate definition for the certificate being built. @@ -267,11 +281,12 @@ ATCA_STATUS atcacert_get_device_locs(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_cert_build_start(atcacert_build_state_t* build_state, - const atcacert_def_t* cert_def, - uint8_t* cert, - size_t* cert_size, - const uint8_t ca_public_key[64]); +ATCA_STATUS atcacert_cert_build_start(ATCADevice device, + atcacert_build_state_t* build_state, + const atcacert_def_t* cert_def, + uint8_t* cert, + size_t* cert_size, + const uint8_t ca_public_key[64]); /** * \brief Process information read from the ATECC device. If it contains information for the @@ -285,9 +300,9 @@ ATCA_STATUS atcacert_cert_build_start(atcacert_build_state_t* build_state, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_cert_build_process(atcacert_build_state_t* build_state, - const atcacert_device_loc_t* device_loc, - const uint8_t* device_data); +ATCA_STATUS atcacert_cert_build_process(atcacert_build_state_t* build_state, + const atcacert_device_loc_t* device_loc, + const uint8_t* device_data); /** * \brief Completes any final certificate processing required after all data from the device has @@ -320,11 +335,11 @@ ATCA_STATUS atcacert_cert_build_finish(atcacert_build_state_t* build_state); * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_device_data(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - const atcacert_device_loc_t* device_loc, - uint8_t* device_data); +ATCA_STATUS atcacert_get_device_data(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + const atcacert_device_loc_t* device_loc, + uint8_t* device_data); #endif /* ATCACERT_COMPCERT_EN */ @@ -334,14 +349,14 @@ ATCA_STATUS atcacert_get_device_data(const atcacert_def_t* cert_def, * \param[in] cert_def Certificate definition for the certificate. * \param[in] cert Certificate to get element from. * \param[in] cert_size Size of the certificate (cert) in bytes. - * \param[out] subject Subject name is returned in this buffer. + * \param[out] subject Subject name is returned in this buffer. * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_subject(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - cal_buffer* cert_subj_buf); +ATCA_STATUS atcacert_get_subject(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + cal_buffer* cert_subj_buf); #if ATCACERT_COMPCERT_EN @@ -355,10 +370,10 @@ ATCA_STATUS atcacert_get_subject(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_subj_public_key(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t subj_public_key[64]); +ATCA_STATUS atcacert_set_subj_public_key(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t subj_public_key[64]); #endif /* ATCACERT_COMPCERT_EN */ @@ -407,11 +422,11 @@ ATCA_STATUS atcacert_get_subj_key_id(const atcacert_def_t * cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_signature(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t* cert_size, - size_t max_cert_size, - const uint8_t signature[64]); +ATCA_STATUS atcacert_set_signature(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t* cert_size, + size_t max_cert_size, + const uint8_t signature[64]); /** * \brief Gets the signature from a certificate. @@ -424,10 +439,10 @@ ATCA_STATUS atcacert_set_signature(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_signature(const atcacert_def_t * cert_def, - const uint8_t * cert, - size_t cert_size, - uint8_t signature[64]); +ATCA_STATUS atcacert_get_signature(const atcacert_def_t * cert_def, + const uint8_t * cert, + size_t cert_size, + uint8_t signature[64]); /** * \brief Sets the issue date (notBefore) in a certificate. Will be formatted according to the date @@ -440,10 +455,10 @@ ATCA_STATUS atcacert_get_signature(const atcacert_def_t * cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_issue_date(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const atcacert_tm_utc_t* timestamp); +ATCA_STATUS atcacert_set_issue_date(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const atcacert_tm_utc_t* timestamp); #endif /* ATCACERT_COMPCERT_EN */ @@ -453,14 +468,14 @@ ATCA_STATUS atcacert_set_issue_date(const atcacert_def_t* cert_def, * \param[in] cert_def Certificate definition for the certificate. * \param[in] cert Certificate to get element from. * \param[in] cert_size Size of the certificate (cert) in bytes. - * \param[out] cert_issuer Certificate's issuer is returned in this buffer. + * \param[out] cert_issuer Certificate's issuer is returned in this buffer. * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_issuer(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t cert_issuer[128]); +ATCA_STATUS atcacert_get_issuer(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t cert_issuer[128]); /** * \brief Gets the issue date from a certificate. Will be parsed according to the date format @@ -473,10 +488,10 @@ ATCA_STATUS atcacert_get_issuer(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - atcacert_tm_utc_t* timestamp); +ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + atcacert_tm_utc_t* timestamp); #if ATCACERT_COMPCERT_EN /** @@ -490,10 +505,10 @@ ATCA_STATUS atcacert_get_issue_date(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_expire_date(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const atcacert_tm_utc_t* timestamp); +ATCA_STATUS atcacert_set_expire_date(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const atcacert_tm_utc_t* timestamp); #endif /* ATCACERT_COMPCERT_EN */ /** @@ -507,10 +522,10 @@ ATCA_STATUS atcacert_set_expire_date(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - atcacert_tm_utc_t* timestamp); +ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + atcacert_tm_utc_t* timestamp); #if ATCACERT_COMPCERT_EN /** @@ -523,10 +538,10 @@ ATCA_STATUS atcacert_get_expire_date(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_signer_id(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t signer_id[2]); +ATCA_STATUS atcacert_set_signer_id(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t signer_id[2]); /** * \brief Gets the signer ID from a certificate. Will be parsed as 4 upper-case hex digits. @@ -538,10 +553,10 @@ ATCA_STATUS atcacert_set_signer_id(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_signer_id(const atcacert_def_t * cert_def, - const uint8_t * cert, - size_t cert_size, - uint8_t signer_id[2]); +ATCA_STATUS atcacert_get_signer_id(const atcacert_def_t * cert_def, + const uint8_t * cert, + size_t cert_size, + uint8_t signer_id[2]); /** * \brief Sets the certificate serial number in a certificate. @@ -555,12 +570,12 @@ ATCA_STATUS atcacert_get_signer_id(const atcacert_def_t * cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t* cert_size, - size_t max_cert_size, - const uint8_t* cert_sn, - size_t cert_sn_size); +ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t* cert_size, + size_t max_cert_size, + const uint8_t* cert_sn, + size_t cert_sn_size); /** * \brief Sets the certificate serial number by generating it from other information in the @@ -579,10 +594,38 @@ ATCA_STATUS atcacert_set_cert_sn(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t device_sn[9]); +ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t device_sn[9]); + +/** + * \brief Generates a serial number for the given serial number source. + * + * \param[in] sn_source Generation scheme to use. + * \param[in] device_sn Device serial number (9 bytes) to use if required. + * Can be NULL if the sn_source does not use it. + * \param[in] public_key Certificate public key (64 bytes) to use if + * required. Can be NULL if the sn_source does not use + * it. + * \param[in] comp_cert Compressed certificate, used for encoded dates + * (including extended dates) or signer ID if required. + * Can be NULL if the sn_source does not use it. + * \param[in] sn_size Size of the certificate serial number to be + * generated. Must be appropriate for the sn_source + * specified. + * \param[out] sn Output buffer for the generated serial number. + * Must be at least sn_size bytes. + * + * \return ATCACERT_E_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcacert_generate_sn(atcacert_cert_sn_src_t sn_source, + const uint8_t device_sn[9], + const uint8_t public_key[64], + const uint8_t comp_cert[72], + size_t sn_size, + uint8_t* sn); + #endif /* ATCACERT_COMPCERT_EN */ /** @@ -597,11 +640,11 @@ ATCA_STATUS atcacert_gen_cert_sn(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_cert_sn(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - uint8_t* cert_sn, - size_t* cert_sn_size); +ATCA_STATUS atcacert_get_cert_sn(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + uint8_t* cert_sn, + size_t* cert_sn_size); #if ATCACERT_COMPCERT_EN /** @@ -616,10 +659,10 @@ ATCA_STATUS atcacert_get_cert_sn(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_auth_key_id(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t auth_public_key[64]); +ATCA_STATUS atcacert_set_auth_key_id(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t auth_public_key[64]); /** * \brief Sets the authority key ID in a certificate. @@ -631,10 +674,10 @@ ATCA_STATUS atcacert_set_auth_key_id(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_auth_key_id_raw(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t cert_size, - const uint8_t* auth_key_id); +ATCA_STATUS atcacert_set_auth_key_id_raw(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t cert_size, + const uint8_t* auth_key_id); #endif /* ATCACERT_COMPCERT_EN */ /** @@ -668,26 +711,89 @@ ATCA_STATUS atcacert_get_auth_key_id(const atcacert_def_t * cert_def, * \return ATCACERT_E_SUCCESS on success. ATCACERT_E_WRONG_CERT_DEF if the template ID, chain ID, and/or SN source * don't match between the cert_def and the compressed certificate. */ -ATCA_STATUS atcacert_set_comp_cert(const atcacert_def_t* cert_def, - uint8_t* cert, - size_t* cert_size, - size_t max_cert_size, - const uint8_t comp_cert[72]); +ATCA_STATUS atcacert_set_comp_cert(const atcacert_def_t* cert_def, + uint8_t* cert, + size_t* cert_size, + size_t max_cert_size, + const uint8_t comp_cert[72]); /** * \brief Generate the compressed certificate for the given certificate. * + * If the compressed certificate definition does not indicate a issue date + * location, then the minimum date supported (2000-01-01 00:00:00) will be + * used. + * + * Likewise, if the definition does not have a signer ID location, + * then and all-zero (0000) signer ID will be used in the compressed + * certificate. + * + * If the certificate is using encoded date logic (expire date is an even + * number of years from issue date or max date up to 31 years) then the + * certificate expire years will be used if it differs from the cert def + * value. + * * \param[in] cert_def Certificate definition for the certificate. - * \param[in] cert Certificate to generate the compressed certificate for. + * \param[in] cert Certificate to generate the compressed certificate + * for. * \param[in] cert_size Size of the certificate (cert) in bytes. - * \param[out] comp_cert Compressed certificate is returned in this buffer. 72 bytes. - * - * \return ATCACERT_E_SUCCESS on success, otherwise an error code. - */ -ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t * cert_def, - const uint8_t * cert, - size_t cert_size, - uint8_t comp_cert[72]); + * \param[out] comp_cert Compressed certificate is returned in this buffer. + * 72 bytes. + * + * \return ATCACERT_E_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t * cert_def, + const uint8_t * cert, + size_t cert_size, + uint8_t comp_cert[72]); + +/** + * \brief Generate the compressed certificate for the given certificate with + * additional controls for supplying information not in the + * certificate. + * + * If the compressed certificate definition is missing certificate locations + * for the issue date or signer id, then the values supplied in the optional + * issue_date and signer_id arguments will be used. + * + * If the certificate is using expire years logic (expire date is a max value + * or an even number of years from the the issue date up to 31) and the + * calculcate expire years is different from the value in the cert_def, + * then is_diff_expire_years controls behaviour. If true, then the calculated + * value overrides the cert_def value. If false, then an error is returned. + * + * \param[in] cert_def Certificate definition for the certificate. + * \param[in] cert Certificate to generate the compressed + * certificate for. + * \param[in] cert_size Size of the certificate (cert) in bytes. + * \param[in] def_issue_date If the cert_def is missing an issue date + * certificate location (cert_def->std_cert_elements[STDCERT_ISSUE_DATE].count == 0), + * then the issue date supplied here will be used. + * Otherwise, this argument will be ignored and + * can be set to NULL. + * \param[in] def_signer_id If the cert_def is missing a signer id + * certificate location (cert_def->std_cert_elements[STDCERT_SIGNER_ID].count == 0), + * then the 2 byte signer id supplied here will be + * used. Otherwise, this argument will be ignored + * and can be set to NULL. + * \param[in] is_diff_expire_years_ok If calculcated expire years in cert is + * different from cert_def expire_years, then this + * argument controls the behavior. If true, the + * calculated expire years is used instead of the + * cert_def value. If false, an error would be + * returned due to the mismatch. + * \param[out] comp_cert Compressed certificate is returned in this + * buffer. 72 bytes. + * + * \return ATCACERT_E_SUCCESS on success, otherwise an error code. + */ +ATCA_STATUS atcacert_get_comp_cert_ext(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + const atcacert_tm_utc_t* def_issue_date, + const uint8_t* def_signer_id, + bool is_diff_expire_years_ok, + uint8_t comp_cert[72]); /** * \brief Get a pointer to the TBS data in a certificate. @@ -700,11 +806,11 @@ ATCA_STATUS atcacert_get_comp_cert(const atcacert_def_t * cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_tbs(const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - const uint8_t** tbs, - size_t* tbs_size); +ATCA_STATUS atcacert_get_tbs(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + const uint8_t** tbs, + size_t* tbs_size); /** * \brief Get the SHA256 digest of certificate's TBS data. @@ -716,10 +822,10 @@ ATCA_STATUS atcacert_get_tbs(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_tbs_digest(const atcacert_def_t * cert_def, - const uint8_t * cert, - size_t cert_size, - uint8_t tbs_digest[32]); +ATCA_STATUS atcacert_get_tbs_digest(const atcacert_def_t * cert_def, + const uint8_t * cert, + size_t cert_size, + uint8_t tbs_digest[32]); /** * \brief Sets an element in a certificate. The data_size must match the size in cert_loc. @@ -734,12 +840,12 @@ ATCA_STATUS atcacert_get_tbs_digest(const atcacert_def_t * cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_set_cert_element(const atcacert_def_t* cert_def, - const atcacert_cert_loc_t* cert_loc, - uint8_t* cert, - size_t cert_size, - const uint8_t* data, - size_t data_size); +ATCA_STATUS atcacert_set_cert_element(const atcacert_def_t* cert_def, + const atcacert_cert_loc_t* cert_loc, + uint8_t* cert, + size_t cert_size, + const uint8_t* data, + size_t data_size); /** * \brief Gets an element from a certificate. @@ -754,12 +860,12 @@ ATCA_STATUS atcacert_set_cert_element(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_get_cert_element(const atcacert_def_t* cert_def, - const atcacert_cert_loc_t* cert_loc, - const uint8_t* cert, - size_t cert_size, - uint8_t* data, - size_t data_size); +ATCA_STATUS atcacert_get_cert_element(const atcacert_def_t* cert_def, + const atcacert_cert_loc_t* cert_loc, + const uint8_t* cert, + size_t cert_size, + uint8_t* data, + size_t data_size); // Below are utility functions for dealing with various bits for data conversion and wrangling @@ -801,19 +907,19 @@ ATCA_STATUS atcacert_get_key_id(const uint8_t public_key[64], uint8_t key_id[20] * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_merge_device_loc(atcacert_device_loc_t* device_locs, - size_t* device_locs_count, - size_t device_locs_max_count, - const atcacert_device_loc_t* device_loc, - size_t block_size); +ATCA_STATUS atcacert_merge_device_loc(atcacert_device_loc_t* device_locs, + size_t* device_locs_count, + size_t device_locs_max_count, + const atcacert_device_loc_t* device_loc, + size_t block_size); /** \brief Determines if the two device locations overlap. * \param[in] device_loc1 First device location to check. * \param[in] device_loc2 Second device location o check. * \return 0 (false) if they don't overlap, non-zero if the do overlap. */ -bool atcacert_is_device_loc_overlap(const atcacert_device_loc_t* device_loc1, - const atcacert_device_loc_t* device_loc2); +bool atcacert_is_device_loc_overlap(const atcacert_device_loc_t* device_loc1, + const atcacert_device_loc_t* device_loc2); /** * \brief Takes a raw P256 ECC public key and converts it to the padded version used by ATECC @@ -852,11 +958,11 @@ void atcacert_public_key_remove_padding(const uint8_t padded_key[72], uint8_t ra * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_transform_data(atcacert_transform_t transform, - const uint8_t* data, - size_t data_size, - uint8_t* destination, - size_t* destination_size); +ATCA_STATUS atcacert_transform_data(atcacert_transform_t transform, + const uint8_t* data, + size_t data_size, + uint8_t* destination, + size_t* destination_size); /** \brief Return the maximum possible certificate size in bytes for a given * cert def. Certificate can be variable size, so this gives an @@ -867,8 +973,8 @@ ATCA_STATUS atcacert_transform_data(atcacert_transform_t transform, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -ATCA_STATUS atcacert_max_cert_size(const atcacert_def_t* cert_def, - size_t* max_cert_size); +ATCA_STATUS atcacert_max_cert_size(const atcacert_def_t* cert_def, + size_t* max_cert_size); #endif /* ATCACERT_COMPCERT_EN */ /** \brief @@ -881,11 +987,11 @@ ATCA_STATUS atcacert_max_cert_size(const atcacert_def_t* cert_def, * * \return ATCACERT_E_SUCCESS on success, otherwise an error code. */ -int atcacert_calc_expire_years( const atcacert_def_t* cert_def, - const uint8_t* cert, - size_t cert_size, - int issue_tm_year, - uint8_t* expire_years); +int atcacert_calc_expire_years(const atcacert_def_t* cert_def, + const uint8_t* cert, + size_t cert_size, + int issue_tm_year, + uint8_t* expire_years); /** @} */ #ifdef __cplusplus } diff --git a/lib/calib/calib_basic.h b/lib/calib/calib_basic.h index b972a77cf..7f7bdf1bc 100644 --- a/lib/calib/calib_basic.h +++ b/lib/calib/calib_basic.h @@ -498,6 +498,7 @@ ATCA_STATUS calib_ca2_write_enc(ATCADevice device, uint16_t slot, uint8_t* data, #define atcab_read_config_zone_ext calib_ca2_read_config_zone #else #define atcab_read_zone(...) calib_read_zone_ext(g_atcab_device_ptr, __VA_ARGS__) +#define atcab_read_zone_ext(device, ...) calib_read_zone_ext(device, __VA_ARGS__) #define atcab_is_locked(...) calib_is_locked_ext(g_atcab_device_ptr, __VA_ARGS__) #define atcab_is_config_locked(...) calib_is_locked_ext(g_atcab_device_ptr, LOCK_ZONE_CONFIG, __VA_ARGS__) #define atcab_is_config_locked_ext(device, ...) calib_is_locked_ext(device, LOCK_ZONE_CONFIG, __VA_ARGS__) diff --git a/lib/calib/calib_config_check.h b/lib/calib/calib_config_check.h index a6f65ac4b..8ef8e06a7 100644 --- a/lib/calib/calib_config_check.h +++ b/lib/calib/calib_config_check.h @@ -89,6 +89,7 @@ #define CALIB_FULL_FEATURE (CALIB_SHA204_EN || CALIB_ECC108_EN || CALIB_ECC508_EN || CALIB_ECC608_EN) #define CALIB_ECC_SUPPORT (CALIB_ECC108_EN || CALIB_ECC508_EN || CALIB_ECC608_EN || CALIB_ECC204_EN || CALIB_TA010_EN) #define CALIB_CA2_SUPPORT (CALIB_ECC204_EN || CALIB_TA010_EN || CALIB_SHA104_EN || CALIB_SHA105_EN) +#define CALIB_CA2_CERT_SUPPORT (CALIB_ECC204_EN || CALIB_TA010_EN) #define CALIB_SHA206_ONLY (CALIB_SHA206_EN && !(CALIB_FULL_FEATURE || ATCA_CA2_SUPPORT)) diff --git a/lib/calib/calib_execution.c b/lib/calib/calib_execution.c index 00b3a70cd..502e0922f 100644 --- a/lib/calib/calib_execution.c +++ b/lib/calib/calib_execution.c @@ -330,14 +330,11 @@ ATCA_STATUS calib_execute_send(ATCADevice device, uint8_t word_address, uint8_t* } #ifdef ATCA_HAL_LEGACY_API - uint8_t temp_buf[CA_MAX_PACKET_SIZE + 1u] = { 0u }; //! One byte for byte for word address + uint8_t temp_buf[CA_MAX_PACKET_SIZE + 1u] = { 0u }; //! One byte for word address temp_buf[0] = word_address; - if (NULL != txdata) - { - memcpy(&temp_buf[1], txdata, txlength); - } + memcpy(&temp_buf[1], txdata, txlength); txlength += 1U; - status = atsend(&device->mIface, 0xFF, (uint8_t*)txdata, (int)txlength); + status = atsend(&device->mIface, 0xFF, (uint8_t*)temp_buf, (int)txlength); #else if (atca_iface_is_kit(&device->mIface)) { diff --git a/lib/crypto/atca_crypto_sw.h b/lib/crypto/atca_crypto_sw.h index 800a866c9..65a634271 100644 --- a/lib/crypto/atca_crypto_sw.h +++ b/lib/crypto/atca_crypto_sw.h @@ -56,7 +56,7 @@ typedef struct atcac_sha1_ctx struct atcac_sha1_ctx; #endif -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_sha1_ctx * atcac_sha1_ctx_new(void); void atcac_sha1_ctx_free(struct atcac_sha1_ctx * ctx); #endif @@ -77,7 +77,7 @@ typedef struct atcac_sha2_256_ctx struct atcac_sha2_256_ctx; #endif -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_sha2_256_ctx * atcac_sha256_ctx_new(void); void atcac_sha256_ctx_free(struct atcac_sha2_256_ctx * ctx); #endif @@ -100,7 +100,7 @@ typedef struct atcac_hmac_ctx struct atcac_hmac_ctx; #endif -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_hmac_ctx * atcac_hmac_ctx_new(void); void atcac_hmac_ctx_free(struct atcac_hmac_ctx * ctx); #endif @@ -114,7 +114,7 @@ ATCA_STATUS atcac_sha256_hmac_finish(struct atcac_hmac_ctx* ctx, uint8_t* digest #if ATCAC_AES_CMAC_EN struct atcac_aes_cmac_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_aes_cmac_ctx * atcac_aes_cmac_ctx_new(void); void atcac_aes_cmac_ctx_free(struct atcac_aes_cmac_ctx * ctx); #endif @@ -127,7 +127,7 @@ ATCA_STATUS atcac_aes_cmac_finish(struct atcac_aes_cmac_ctx* ctx, uint8_t* cmac, #if ATCAC_AES_GCM_EN struct atcac_aes_gcm_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_aes_gcm_ctx * atcac_aes_gcm_ctx_new(void); void atcac_aes_gcm_ctx_free(struct atcac_aes_gcm_ctx * ctx); #endif @@ -156,7 +156,7 @@ ATCA_STATUS atcac_aes_gcm_decrypt_finish(struct atcac_aes_gcm_ctx* ctx, const ui #if ATCAC_PKEY_EN struct atcac_pk_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_pk_ctx * atcac_pk_ctx_new(void); void atcac_pk_ctx_free(struct atcac_pk_ctx * ctx); #endif diff --git a/lib/crypto/atca_crypto_sw_sha1.c b/lib/crypto/atca_crypto_sw_sha1.c index 4d5603f51..36a47e26f 100644 --- a/lib/crypto/atca_crypto_sw_sha1.c +++ b/lib/crypto/atca_crypto_sw_sha1.c @@ -74,7 +74,7 @@ int atcac_sw_sha1_finish(struct atcac_sha1_ctx* ctx, uint8_t digest[ATCA_SHA1_DI return ATCA_SUCCESS; } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_sha1_ctx * atcac_sha1_ctx_new(void) { return (struct atcac_sha1_ctx*)hal_malloc(sizeof(atcac_sha1_ctx_t)); diff --git a/lib/crypto/atca_crypto_sw_sha2.c b/lib/crypto/atca_crypto_sw_sha2.c index 572f541e6..943645806 100644 --- a/lib/crypto/atca_crypto_sw_sha2.c +++ b/lib/crypto/atca_crypto_sw_sha2.c @@ -77,7 +77,7 @@ ATCA_STATUS atcac_sw_sha2_256_finish(struct atcac_sha2_256_ctx* ctx, uint8_t dig return ATCA_SUCCESS; } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_sha2_256_ctx * atcac_sha256_ctx_new(void) { return (struct atcac_sha2_256_ctx*)hal_malloc(sizeof(atcac_sha2_256_ctx_t)); @@ -216,7 +216,7 @@ ATCA_STATUS atcac_sha256_hmac_finish( return status; } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_hmac_ctx * atcac_hmac_ctx_new(void) { return (struct atcac_hmac_ctx*)hal_malloc(sizeof(atcac_hmac_ctx_t)); diff --git a/lib/cryptoauthlib.h b/lib/cryptoauthlib.h index 066d823c5..dfd29051e 100644 --- a/lib/cryptoauthlib.h +++ b/lib/cryptoauthlib.h @@ -65,11 +65,16 @@ #define ATCA_AES256_BLOCK_SIZE (16u) #define ATCA_AES256_KEY_SIZE (32u) -#define ATCA_ECCP256_KEY_SIZE (32) +#define ATCA_ECCP256_MSG_SIZE (32u) +#define ATCA_KEY_TYPE_ECCP256 (0u) +#define ATCA_ECCP256_KEY_SIZE (32u) #define ATCA_ECCP256_PUBKEY_SIZE (64u) #define ATCA_ECCP256_SIG_SIZE (64u) +#define ATCA_ECCP256_OID_SIZE (10u) +#define ATCA_ECCP256_ASN1_HDR_SIZE (27u) #define ATCA_ECC_UNCOMPRESSED_TYPE ((uint8_t)0x04) +#define ATCA_ECC_UNCOMPRESSED_TYPE_OFFSET (1u) #define ATCA_ZONE_CONFIG ((uint8_t)0x00) #define ATCA_ZONE_OTP ((uint8_t)0x01) diff --git a/lib/hal/atca_hal.c b/lib/hal/atca_hal.c index f0b24cfd1..96196beb1 100644 --- a/lib/hal/atca_hal.c +++ b/lib/hal/atca_hal.c @@ -399,7 +399,7 @@ uint8_t hal_is_command_word(uint8_t word_address) } -#if !defined(ATCA_NO_HEAP) && defined(ATCA_TESTS_ENABLED) && defined(ATCA_PLATFORM_MALLOC) +#if defined(ATCA_HEAP) && defined(ATCA_TESTS_ENABLED) && defined(ATCA_PLATFORM_MALLOC) /* coverity[misra_c_2012_rule_21_3_violation] Dynamic memory is disabled by defining ATCA_NO_HEAP */ static void* (*g_hal_malloc_f)(size_t size) = ATCA_PLATFORM_MALLOC; /* coverity[misra_c_2012_rule_21_3_violation] Dynamic memory is disabled by defining ATCA_NO_HEAP */ diff --git a/lib/hal/atca_hal.h b/lib/hal/atca_hal.h index 038681b21..a8a2a97d1 100644 --- a/lib/hal/atca_hal.h +++ b/lib/hal/atca_hal.h @@ -267,7 +267,7 @@ typedef DWORD hal_pid_t; ATCA_STATUS hal_check_pid(hal_pid_t pid); #endif -#if !defined(ATCA_NO_HEAP) && defined(ATCA_TESTS_ENABLED) +#if defined(ATCA_HEAP) && defined(ATCA_TESTS_ENABLED) void hal_test_set_memory_f(void* (*malloc_func)(size_t size), void (*free_func)(void* ptr)); #endif diff --git a/lib/hal/hal_i2c_harmony.c.orig b/lib/hal/hal_i2c_harmony.c.orig deleted file mode 100644 index 23891911d..000000000 --- a/lib/hal/hal_i2c_harmony.c.orig +++ /dev/null @@ -1,498 +0,0 @@ -/** - * \file - * \brief ATCA Hardware abstraction layer for SAMD21 I2C over Harmony PLIB. - * - * This code is structured in two parts. Part 1 is the connection of the ATCA HAL API to the physical I2C - * implementation. Part 2 is the Harmony I2C primitives to set up the interface. - * - * Prerequisite: add SERCOM I2C Master Polled support to application in Atmel Studio - * - * \copyright (c) 2015-2020 Microchip Technology Inc. and its subsidiaries. - * - * \page License - * - * Subject to your compliance with these terms, you may use Microchip software - * and any derivatives exclusively with Microchip products. It is your - * responsibility to comply with third party license terms applicable to your - * use of third party software (including open source software) that may - * accompany Microchip software. - * - * THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER - * EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED - * WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, - * SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE - * OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF - * MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE - * FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL - * LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED - * THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR - * THIS SOFTWARE. - */ -#include -#include - -#include "cryptoauthlib.h" - -/** \defgroup hal_ Hardware abstraction layer (hal_) - * - * \brief - * These methods define the hardware abstraction layer for communicating with a CryptoAuth device - * - @{ */ - - - -/* Notes: - - this HAL implementation assumes you've included the Atmel START SERCOM I2C libraries in your project, otherwise, - the HAL layer will not compile because the START I2C drivers are a dependency * - */ - -/** \brief discover i2c buses available for this hardware - * this maintains a list of logical to physical bus mappings freeing the application - * of the a-priori knowledge - * \param[in] i2c_buses - an array of logical bus numbers - * \param[in] max_buses - maximum number of buses the app wants to attempt to discover - * \return ATCA_SUCCESS - */ - -ATCA_STATUS hal_i2c_discover_buses(int i2c_buses[], int max_buses) -{ - i2c_buses[0] = 0; - return ATCA_SUCCESS; -} - -/** \brief discover any CryptoAuth devices on a given logical bus number - * \param[in] bus_num logical bus number on which to look for CryptoAuth devices - * \param[out] cfg pointer to head of an array of interface config structures which get filled in by this method - * \param[out] found number of devices found on this bus - * \return ATCA_SUCCESS - */ - -ATCA_STATUS hal_i2c_discover_devices(int bus_num, ATCAIfaceCfg cfg[], int *found) -{ - return ATCA_UNIMPLEMENTED; -} - - - -/** \brief - - this HAL implementation assumes you've included the START Twi libraries in your project, otherwise, - the HAL layer will not compile because the START TWI drivers are a dependency * - */ - -/** \brief hal_i2c_init manages requests to initialize a physical interface. it manages use counts so when an interface - * has released the physical layer, it will disable the interface for some other use. - * You can have multiple ATCAIFace instances using the same bus, and you can have multiple ATCAIFace instances on - * multiple i2c buses, so hal_i2c_init manages these things and ATCAIFace is abstracted from the physical details. - */ - -/** \brief initialize an I2C interface using given config - * \param[in] hal - opaque ptr to HAL data - * \param[in] cfg - interface configuration - * \return ATCA_SUCCESS on success, otherwise an error code. - */ - -ATCA_STATUS hal_i2c_init(void *hal, ATCAIfaceCfg *cfg) -{ - return ATCA_SUCCESS; -} - -/** \brief HAL implementation of I2C post init - * \param[in] iface instance - * \return ATCA_SUCCESS - */ -ATCA_STATUS hal_i2c_post_init(ATCAIface iface) -{ - return ATCA_SUCCESS; -} - -/** \brief HAL implementation of I2C send over START - * \param[in] iface instance - * \param[in] word_address device word address - * \param[in] txdata pointer to space to bytes to send - * \param[in] txlength number of bytes to send - * \return ATCA_SUCCESS on success, otherwise an error code. - */ - -ATCA_STATUS hal_i2c_send(ATCAIface iface, uint8_t word_address, uint8_t *txdata, int txlength) -{ - ATCAIfaceCfg* cfg = atgetifacecfg(iface); - atca_plib_i2c_api_t * plib; - - if (!cfg) - { - return ATCA_BAD_PARAM; - } - - plib = (atca_plib_i2c_api_t*)cfg->cfg_data; - if (!plib) - { - return ATCA_BAD_PARAM; - } - - if (0xFF != word_address) - { - txdata[0] = word_address; // insert the Word Address Value, Command token - txlength++; // account for word address value byte. - } - - /* Wait for the I2C bus to be ready */ - while (plib->is_busy() == true); - - if (plib->write(cfg->atcai2c.slave_address>>1, txdata, txlength) == true) - { - /* Wait for the I2C transfer to complete */ - while (plib->is_busy() == true); - - /* Transfer complete. Check if the transfer was successful */ - if (plib->error_get() != PLIB_I2C_ERROR_NONE) - { - return ATCA_COMM_FAIL; - } - } - else - { - return ATCA_COMM_FAIL; - } - - return ATCA_SUCCESS; -} - -/** \brief HAL implementation of I2C receive function for START I2C - * \param[in] iface Device to interact with. - * \param[out] rxdata Data received will be returned here. - * \param[inout] rxlength As input, the size of the rxdata buffer. - * As output, the number of bytes received. - * \return ATCA_SUCCESS on success, otherwise an error code. - */ -ATCA_STATUS hal_i2c_receive(ATCAIface iface, uint8_t word_address, uint8_t *rxdata, uint16_t *rxlength) -{ - ATCA_STATUS status = !ATCA_SUCCESS; - ATCAIfaceCfg* cfg = atgetifacecfg(iface); - uint16_t rxdata_max_size; - uint16_t read_length = 2; -<<<<<<< HEAD - atca_plib_i2c_api_t * plib; -======= - uint8_t min_resp_size = 4; - atca_plib_api_t * plib; ->>>>>>> de0c786774c2867afccd4af0650922cc5849aba7 - int retries; - - if ((NULL == cfg) || (NULL == rxlength) || (NULL == rxdata)) - { - RETURN(ATCA_INVALID_POINTER, "NULL pointer encountered"); - } - -<<<<<<< HEAD - if(NULL == (plib = (atca_plib_i2c_api_t*)cfg->cfg_data)) -======= - if (NULL == (plib = (atca_plib_api_t*)cfg->cfg_data)) - { ->>>>>>> de0c786774c2867afccd4af0650922cc5849aba7 - RETURN(ATCA_INVALID_POINTER, "NULL pointer encountered"); - } - - rxdata_max_size = *rxlength; - *rxlength = 0; - - do - { - /*Send Word address to device...*/ - retries = cfg->rx_retries; - while (retries-- > 0 && status != ATCA_SUCCESS) - { - status = hal_i2c_send(iface, word_address, &word_address, 0); - } - if (ATCA_SUCCESS != status) - { - TRACE(status, "hal_i2c_send - failed"); - break; - } - -#if ATCA_TA_SUPPORT - /*Set read length.. Check for register reads or 1 byte reads*/ - if ((word_address == ATCA_MAIN_PROCESSOR_RD_CSR) || (word_address == ATCA_FAST_CRYPTO_RD_FSR) - || (rxdata_max_size == 1)) - { - read_length = 1; - } -#endif - - /* Read length bytes to know number of bytes to read */ - status = ATCA_COMM_FAIL; - if (plib->read(cfg->atcai2c.slave_address>>1, rxdata, read_length) == true) - { - /* Wait for the I2C transfer to complete */ - while (plib->is_busy() == true); - /* Transfer complete. Check if the transfer was successful */ - if (plib->error_get() == PLIB_I2C_ERROR_NONE) - status = ATCA_SUCCESS; - } - if (ATCA_SUCCESS != status) - { - TRACE(status, "plib->read - failed"); - break; - } - - if (1 == read_length) - { - TRACE(status, "1 byte read completed"); - break; - } - - /*Calculate bytes to read based on device response*/ - if (cfg->devtype == TA100) - { - read_length = ((uint16_t)rxdata[0] * 256) + rxdata[1]; - min_resp_size += 1; - } - else - { - read_length = rxdata[0]; - } - - if (read_length > rxdata_max_size) - { - status =TRACE(ATCA_SMALL_BUFFER, "rxdata is small buffer"); - break; - } - - if (read_length < min_resp_size) - { - status = TRACE(ATCA_RX_FAIL, "packet size is invalid"); - break; - } - - /* Read given length bytes from device */ - status = ATCA_COMM_FAIL; - if (plib->read(cfg->atcai2c.slave_address>>1, &rxdata[2], read_length - 2) == true) - { - /* Wait for the I2C transfer to complete */ - while (plib->is_busy() == true); - /* Transfer complete. Check if the transfer was successful */ - if (plib->error_get() == PLIB_I2C_ERROR_NONE) - { - status = ATCA_SUCCESS; - } - } - if (ATCA_SUCCESS != status) - { - status = TRACE(status, "plib->read - failed"); - break; - } - } - while (0); - - *rxlength = read_length; - return status; -} - -/** \brief method to change the bus speec of I2C - * \param[in] iface interface on which to change bus speed - * \param[in] speed baud rate (typically 100000 or 400000) - */ -void change_i2c_speed(ATCAIface iface, uint32_t speed) -{ - ATCAIfaceCfg* cfg = atgetifacecfg(iface); - atca_plib_i2c_api_t * plib; - - if (!cfg) - { - return; - } - - plib = (atca_plib_i2c_api_t*)cfg->cfg_data; - if (!plib) - { - return; - } - - PLIB_I2C_TRANSFER_SETUP setup; - setup.clkSpeed = speed; - - /* Make sure I2C is not busy before changing the I2C clock speed */ - while (plib->is_busy() == true); - - (void)plib->transfer_setup(&setup, 0); -} - -/** \brief wake up CryptoAuth device using I2C bus - * \param[in] iface interface to logical device to wakeup - * \return ATCA_SUCCESS on success, otherwise an error code. - */ - -ATCA_STATUS hal_i2c_wake(ATCAIface iface) -{ - ATCAIfaceCfg* cfg = atgetifacecfg(iface); - atca_plib_i2c_api_t * plib; - int retries; - uint32_t bdrt; - uint8_t data[4] = {0}; - bool isSuccess = false; - - if (!cfg) - { - return ATCA_BAD_PARAM; - } - - plib = (atca_plib_i2c_api_t*)cfg->cfg_data; - if (!plib) - { - return ATCA_BAD_PARAM; - } - - retries = cfg->rx_retries; - - bdrt = cfg->atcai2c.baud; - if (bdrt != 100000) // if not already at 100KHz, change it - { - change_i2c_speed(iface, 100000); - } - - while (plib->is_busy() == true); - - // Send the 00 address as the wake pulse; part will NACK, so don't check for status - (void)plib->write(0x00, (uint8_t*)&data[0], 1); - - /* Wait for the I2C transfer to complete */ - while (plib->is_busy() == true); - - // wait tWHI + tWLO which is configured based on device type and configuration structure - atca_delay_us(cfg->wake_delay); - - while (retries-- > 0 && isSuccess == false) - { - if (plib->read(cfg->atcai2c.slave_address>>1, (uint8_t*)&data[0], 4) == true) - { - /* Wait for the I2C transfer to complete */ - while (plib->is_busy() == true); - - /* Transfer complete. Check if the transfer was successful */ - if (plib->error_get() == PLIB_I2C_ERROR_NONE) - { - isSuccess = true; - } - } - } - - if (isSuccess == true) - { - // if necessary, revert baud rate to what came in. - if (bdrt != 100000) - { - change_i2c_speed(iface, bdrt); - } - } - else - { - return ATCA_COMM_FAIL; - } - - return hal_check_wake(data, 4); -} - -/** \brief idle CryptoAuth device using I2C bus - * \param[in] iface interface to logical device to idle - * \return ATCA_SUCCESS on success, otherwise an error code. - */ - -ATCA_STATUS hal_i2c_idle(ATCAIface iface) -{ - ATCAIfaceCfg* cfg = atgetifacecfg(iface); - atca_plib_i2c_api_t * plib; - uint8_t data[1]; - - if (!cfg) - { - return ATCA_BAD_PARAM; - } - - plib = (atca_plib_i2c_api_t*)cfg->cfg_data; - if (!plib) - { - return ATCA_BAD_PARAM; - } - - data[0] = 0x02; // idle word address value - - /* Wait for the I2C bus to be ready */ - while (plib->is_busy() == true); - - if (plib->write(cfg->atcai2c.slave_address>>1, (uint8_t*)&data[0], 1) == true) - { - /* Wait for the I2C transfer to complete */ - while (plib->is_busy() == true); - - /* Transfer complete. Check if the transfer was successful */ - if (plib->error_get() != PLIB_I2C_ERROR_NONE) - { - return ATCA_COMM_FAIL; - } - } - else - { - return ATCA_COMM_FAIL; - } - - return ATCA_SUCCESS; -} - -/** \brief sleep CryptoAuth device using I2C bus - * \param[in] iface interface to logical device to sleep - * \return ATCA_SUCCESS on success, otherwise an error code. - */ - -ATCA_STATUS hal_i2c_sleep(ATCAIface iface) -{ - ATCAIfaceCfg* cfg = atgetifacecfg(iface); - atca_plib_i2c_api_t * plib; - uint8_t data[4]; - - if (!cfg) - { - return ATCA_BAD_PARAM; - } - - plib = (atca_plib_i2c_api_t*)cfg->cfg_data; - if (!plib) - { - return ATCA_BAD_PARAM; - } - - data[0] = 0x01; // sleep word address value - - /* Wait for the I2C bus to be ready */ - while (plib->is_busy() == true); - - if (plib->write(cfg->atcai2c.slave_address>>1, (uint8_t*)&data[0], 1) == true) - { - /* Wait for the I2C transfer to complete */ - while (plib->is_busy() == true); - - /* Transfer complete. Check if the transfer was successful */ - if (plib->error_get() != PLIB_I2C_ERROR_NONE) - { - return ATCA_COMM_FAIL; - } - } - else - { - return ATCA_COMM_FAIL; - } - - return ATCA_SUCCESS; -} - -/** \brief manages reference count on given bus and releases resource if no more refences exist - * \param[in] hal_data - opaque pointer to hal data structure - known only to the HAL implementation - * \return ATCA_SUCCESS on success, otherwise an error code. - */ - -ATCA_STATUS hal_i2c_release(void *hal_data) -{ - return ATCA_SUCCESS; -} - -/** @} */ diff --git a/lib/host/atca_host.h b/lib/host/atca_host.h index 00d731b94..7e54a7ad6 100644 --- a/lib/host/atca_host.h +++ b/lib/host/atca_host.h @@ -105,15 +105,6 @@ #define ATCA_ENCRYPTION_KEY_SIZE (64) /** @} */ - -/** \name Default Fixed Byte Values of Serial Number (SN[0:1] and SN[8]) - @{ */ -#define ATCA_SN_0_DEF (0x01) -#define ATCA_SN_1_DEF (0x23) -#define ATCA_SN_8_DEF (0xEE) -/** @} */ - - /** \name Definition for TempKey Mode @{ */ //! mode mask for MAC command when using TempKey diff --git a/lib/mbedtls/atca_mbedtls_wrap.c b/lib/mbedtls/atca_mbedtls_wrap.c index ad2fbd1e0..c1d6d0ca6 100644 --- a/lib/mbedtls/atca_mbedtls_wrap.c +++ b/lib/mbedtls/atca_mbedtls_wrap.c @@ -72,7 +72,7 @@ #include "atcacert/atcacert_def.h" #endif -#if !defined(ATCA_NO_HEAP) +#ifdef ATCA_HEAP struct atcac_sha1_ctx* atcac_sha1_ctx_new(void) { return (struct atcac_sha1_ctx*)hal_malloc(sizeof(atcac_sha1_ctx_t)); @@ -1282,7 +1282,7 @@ int atca_mbedtls_pk_init(mbedtls_pk_context * pkey, const uint16_t slotid) } #if (ATCA_CA_SUPPORT && ATCACERT_COMPCERT_EN) -#if !defined(ATCA_NO_HEAP) +#if defined(ATCA_HEAP) /** \brief Rebuild a certificate from an atcacert_def_t structure, and then add * it to an mbedtls cert chain. * \param[in,out] cert mbedtls cert chain. Must have already been initialized @@ -1345,7 +1345,7 @@ ATCA_STATUS atcac_parse_der(struct atcac_x509_ctx** cert, cal_buffer* der) if (NULL != cert && NULL != der) { -#if !defined(ATCA_NO_HEAP) +#if defined(ATCA_HEAP) mbedtls_x509_crt* xcert = atcac_mbedtls_new(); if (xcert == NULL) @@ -1453,7 +1453,7 @@ ATCA_STATUS atcac_get_subj_key_id(const struct atcac_x509_ctx* cert, cal_buffer* if (NULL != cert && NULL != subj_public_key_id) { -#if !defined(ATCA_NO_HEAP) +#if defined(ATCA_HEAP) /* coverity[misra_c_2012_rule_21_3_violation:FALSE] Using mbedtls memory allocation api for initializing asn1 sequence object */ // By design mbedtls prefers calloc as it not only allocates but also initializes the data mbedtls_asn1_sequence *extns = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); @@ -1639,7 +1639,7 @@ ATCA_STATUS atcac_get_auth_key_id(const struct atcac_x509_ctx* cert, cal_buffer* if (NULL != cert && NULL != auth_key_id) { -#if !defined(ATCA_NO_HEAP) +#if defined(ATCA_HEAP) /* coverity[misra_c_2012_rule_21_3_violation:FALSE] Using mbedtls memory allocation api for initializing asn1 sequence object */ // By design mbedtls prefers calloc as it not only allocates but also initializes the data mbedtls_asn1_sequence *extns = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); diff --git a/lib/openssl/atca_openssl_interface.c b/lib/openssl/atca_openssl_interface.c index 6c0ef333c..ce73dd04d 100644 --- a/lib/openssl/atca_openssl_interface.c +++ b/lib/openssl/atca_openssl_interface.c @@ -1183,7 +1183,7 @@ void atcac_x509_free(void* cert) } } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_sha1_ctx * atcac_sha1_ctx_new(void) { return (struct atcac_sha1_ctx*)hal_malloc(sizeof(atcac_sha1_ctx_t)); diff --git a/lib/pkcs11/pkcs11_cert.c b/lib/pkcs11/pkcs11_cert.c index e82e9ac1f..1c494e62c 100644 --- a/lib/pkcs11/pkcs11_cert.c +++ b/lib/pkcs11/pkcs11_cert.c @@ -46,7 +46,7 @@ * \defgroup pkcs11 Key (pkcs11_key_) @{ */ -#if !defined(ATCA_NO_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) +#if defined(ATCA_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) typedef struct pkcs11_cert_cache_s { CK_ATTRIBUTE cert_x509_parse; @@ -62,12 +62,12 @@ static pkcs11_cert_cache pkcs11_cert_cache_list[PKCS11_MAX_CERTS_CACHED]; #if defined(ATCA_TNGTLS_SUPPORT) || defined(ATCA_TNGLORA_SUPPORT) || defined(ATCA_TFLEX_SUPPORT) -static void pkcs11_cert_check_trust_data(pkcs11_object_ptr pObject) +static void pkcs11_cert_check_trust_data(pkcs11_object_ptr pObject, pkcs11_session_ctx_ptr pSession) { - if ((PKCS11_OBJECT_FLAG_TRUST_TYPE == (PKCS11_OBJECT_FLAG_TRUST_TYPE & pObject->flags)) && (NULL == pObject->data)) + if ((PKCS11_OBJECT_FLAG_TRUST_TYPE == (PKCS11_OBJECT_FLAG_TRUST_TYPE & pObject->flags)) && (NULL == pObject->data) && (NULL != pSession)) { const atcacert_def_t * cert_def = NULL; - (void)tng_get_device_cert_def(&cert_def); + (void)tng_get_device_cert_def_ext(pSession->slot->device_ctx, &cert_def); if (NULL != cert_def) { @@ -98,7 +98,7 @@ static CK_RV pkcs11_cert_load_cache(const pkcs11_session_ctx_ptr pSession, const if ((pObject->class_id == CKO_CERTIFICATE) && (pObject->class_type == CK_CERTIFICATE_CATEGORY_TOKEN_USER)) { -#if !defined(ATCA_NO_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) +#if defined(ATCA_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) if (NULL == pObject->data) { /* Find free cert cache slot*/ @@ -241,39 +241,38 @@ static CK_RV pkcs11_cert_load_ca(pkcs11_object_ptr pObject, CK_ATTRIBUTE_PTR pAt #if ATCA_TA_SUPPORT static CK_RV pkcs11_cert_load_ta(pkcs11_object_ptr pObject, CK_ATTRIBUTE_PTR pAttribute, ATCADevice device) { - ta_handle_info handle_info; + ATCA_STATUS status = ATCA_BAD_PARAM; - ATCA_STATUS status = talib_info_get_handle_info(device, pObject->slot, &handle_info); - - if (ATCA_SUCCESS == status) + if (NULL != pObject->data) { - if (NULL != pObject->data) + atcacert_def_t * cert_def = (atcacert_def_t*)pObject->data; + if ((NULL == pAttribute->pValue) && (0u == pAttribute->ulValueLen)) { - size_t cert_size = (size_t)handle_info.attributes.property; - - if ((NULL != pAttribute->pValue) && (pAttribute->ulValueLen >= cert_size)) + size_t cert_size = 0x00; + if (ATCACERT_E_SUCCESS != (status = atcacert_read_cert_ext(device, cert_def, NULL, NULL, &cert_size))) { - atcacert_def_t * cert_def = (atcacert_def_t*)pObject->data; - uint8_t* cert = (uint8_t*)pAttribute->pValue; - if (ATCACERT_E_SUCCESS != (status = atcacert_read_cert_ext(device, cert_def, NULL, cert, &cert_size))) - { - return pkcs11_util_convert_rv(status); - } - pAttribute->ulValueLen = (CK_ULONG)(cert_size); + return pkcs11_util_convert_rv(status); } - else + //Full certificate size + pAttribute->ulValueLen = cert_size; + } + else if ((NULL != pAttribute->pValue) && (0u != pAttribute->ulValueLen)) + { + uint8_t* cert = (uint8_t*)pAttribute->pValue; + size_t cert_size = pAttribute->ulValueLen; + if (ATCACERT_E_SUCCESS != (status = atcacert_read_cert_ext(device, cert_def, NULL, cert, &cert_size))) { - pAttribute->ulValueLen = (CK_ULONG)(cert_size); + return pkcs11_util_convert_rv(status); } } else { - (void)pkcs11_attrib_empty(NULL, pAttribute, NULL); + status = ATCA_SUCCESS; } } else { - return CKR_GENERAL_ERROR; + (void)pkcs11_attrib_empty(NULL, pAttribute, NULL); } return pkcs11_util_convert_rv(status); @@ -307,16 +306,18 @@ CK_RV pkcs11_cert_load(pkcs11_object_ptr pObject, CK_ATTRIBUTE_PTR pAttribute, A static CK_RV pkcs11_cert_get_encoded(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, pkcs11_session_ctx_ptr psession) { pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; + CK_RV rv = CKR_ARGUMENTS_BAD; if (NULL != obj_ptr && NULL != psession) { #if defined(ATCA_TNGTLS_SUPPORT) || defined(ATCA_TNGLORA_SUPPORT) || defined(ATCA_TFLEX_SUPPORT) - pkcs11_cert_check_trust_data(obj_ptr); -#endif - -#if !defined(ATCA_NO_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) - CK_RV rv = CKR_GENERAL_ERROR; - + pkcs11_cert_check_trust_data(obj_ptr, psession); + if (CKR_OK != (rv = pkcs11_cert_load(obj_ptr, pAttribute, psession->slot->device_ctx))) + { + return rv; + } +#else + #if defined(ATCA_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) rv = pkcs11_cert_load_cache(psession, obj_ptr); if (CKR_OK == rv) { @@ -331,23 +332,24 @@ static CK_RV pkcs11_cert_get_encoded(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttr } } } -#else + #else return pkcs11_cert_load(obj_ptr, pAttribute, psession->slot->device_ctx); + #endif #endif } - return CKR_ARGUMENTS_BAD; + return rv; } #if ATCA_CA_SUPPORT -static CK_RV pkcs11_cert_get_type_ca(pkcs11_object_ptr pObject, CK_ATTRIBUTE_PTR pAttribute) +static CK_RV pkcs11_cert_get_type_ca(pkcs11_object_ptr pObject, CK_ATTRIBUTE_PTR pAttribute, pkcs11_session_ctx_ptr psession) { CK_RV rv = CKR_ARGUMENTS_BAD; if (NULL != pObject) { #if defined(ATCA_TNGTLS_SUPPORT) || defined(ATCA_TNGLORA_SUPPORT) || defined(ATCA_TFLEX_SUPPORT) - pkcs11_cert_check_trust_data(pObject); + pkcs11_cert_check_trust_data(pObject, psession); #endif if (NULL != pObject->data) @@ -377,17 +379,20 @@ static CK_RV pkcs11_cert_get_type(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribu { CK_RV rv = CKR_GENERAL_ERROR; - if (atcab_is_ca_device(atcab_get_device_type_ext(psession->slot->device_ctx))) + if (NULL != psession) { + if (atcab_is_ca_device(atcab_get_device_type_ext(psession->slot->device_ctx))) + { #if ATCA_CA_SUPPORT - rv = pkcs11_cert_get_type_ca((pkcs11_object_ptr)pObject, pAttribute); + rv = pkcs11_cert_get_type_ca((pkcs11_object_ptr)pObject, pAttribute, psession); #else - ((void)pObject); + ((void)pObject); #endif - } - else - { - rv = pkcs11_attrib_value(pAttribute, CKC_X_509, (CK_ULONG)sizeof(CK_CERTIFICATE_TYPE)); + } + else + { + rv = pkcs11_attrib_value(pAttribute, CKC_X_509, (CK_ULONG)sizeof(CK_CERTIFICATE_TYPE)); + } } return rv; @@ -401,7 +406,7 @@ static CK_RV pkcs11_cert_get_subject(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttr if (NULL != obj_ptr && NULL != psession) { #if defined(ATCA_TNGTLS_SUPPORT) || defined(ATCA_TNGLORA_SUPPORT) || defined(ATCA_TFLEX_SUPPORT) - pkcs11_cert_check_trust_data(obj_ptr); + pkcs11_cert_check_trust_data(obj_ptr, psession); #endif rv = pkcs11_cert_load_cache(psession, obj_ptr); @@ -425,7 +430,7 @@ static CK_RV pkcs11_cert_get_subject(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttr return CKR_DEVICE_ERROR; } } - #if !defined(ATCA_NO_HEAP) && ATCA_CA_SUPPORT + #if defined(ATCA_HEAP) && ATCA_CA_SUPPORT else { const atcacert_cert_element_t * subj_element = NULL; @@ -552,10 +557,10 @@ static CK_RV pkcs11_cert_get_subject_key_id(CK_VOID_PTR pObject, CK_ATTRIBUTE_PT CK_RV read_cache = CKR_GENERAL_ERROR; pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; - if (NULL != obj_ptr && NULL != psession) + if (NULL != obj_ptr) { #if defined(ATCA_TNGTLS_SUPPORT) || defined(ATCA_TNGLORA_SUPPORT) || defined(ATCA_TFLEX_SUPPORT) - pkcs11_cert_check_trust_data(obj_ptr); + pkcs11_cert_check_trust_data(obj_ptr, psession); #endif read_cache = pkcs11_cert_load_cache(psession, obj_ptr); @@ -653,10 +658,10 @@ static CK_RV pkcs11_cert_get_authority_key_id(CK_VOID_PTR pObject, CK_ATTRIBUTE_ { pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; - if (NULL != obj_ptr && NULL != psession) + if (NULL != obj_ptr) { #if defined(ATCA_TNGTLS_SUPPORT) || defined(ATCA_TNGLORA_SUPPORT) || defined(ATCA_TFLEX_SUPPORT) - pkcs11_cert_check_trust_data(obj_ptr); + pkcs11_cert_check_trust_data(obj_ptr, psession); #endif (void)pkcs11_cert_load_cache(psession, obj_ptr); @@ -809,11 +814,11 @@ static CK_RV pkcs11_cert_get_subj_key(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAtt pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; CK_RV rv = CKR_ARGUMENTS_BAD; - if (obj_ptr) + if (NULL != obj_ptr) { CK_RV read_cache = CKR_GENERAL_ERROR; #if defined(ATCA_TNGTLS_SUPPORT) || defined(ATCA_TNGLORA_SUPPORT) || defined(ATCA_TFLEX_SUPPORT) - pkcs11_cert_check_trust_data(obj_ptr); + pkcs11_cert_check_trust_data(obj_ptr, psession); #endif read_cache = pkcs11_cert_load_cache(psession, obj_ptr); if (NULL != obj_ptr->data) @@ -855,62 +860,62 @@ static CK_RV pkcs11_cert_get_subj_key(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAtt */ const pkcs11_attrib_model pkcs11_cert_x509public_attributes[] = { /** Object Class - CK_OBJECT_CLASS */ - { CKA_CLASS, pkcs11_object_get_class }, + { CKA_CLASS, pkcs11_object_get_class }, /** CK_TRUE if object is a token object; CK_FALSE if object is a session object. Default is CK_FALSE. */ - { CKA_TOKEN, pkcs11_attrib_true }, + { CKA_TOKEN, pkcs11_attrib_true }, /** CK_TRUE if object is a private object; CK_FALSE if object is a public object. */ - { CKA_PRIVATE, pkcs11_token_get_access_type }, + { CKA_PRIVATE, pkcs11_token_get_access_type }, /** CK_TRUE if object can be modified. Default is CK_TRUE. */ - { CKA_MODIFIABLE, pkcs11_token_get_writable }, + { CKA_MODIFIABLE, pkcs11_token_get_writable }, /** Description of the object(default empty). */ - { CKA_LABEL, pkcs11_object_get_name }, + { CKA_LABEL, pkcs11_object_get_name }, /** CK_TRUE if object can be copied using C_CopyObject.Defaults to CK_TRUE. */ - { CKA_COPYABLE, pkcs11_attrib_false }, + { CKA_COPYABLE, pkcs11_attrib_false }, /** CK_TRUE if the object can be destroyed using C_DestroyObject. Default is CK_TRUE. */ - { CKA_DESTROYABLE, pkcs11_object_get_destroyable }, + { CKA_DESTROYABLE, pkcs11_object_get_destroyable }, /** Type of certificate */ - { CKA_CERTIFICATE_TYPE, pkcs11_cert_get_type }, + { CKA_CERTIFICATE_TYPE, pkcs11_cert_get_type }, /** The certificate can be trusted for the application that it was created. */ - { CKA_TRUSTED, pkcs11_cert_get_trusted_flag }, + { CKA_TRUSTED, pkcs11_cert_get_trusted_flag }, /** Default CK_CERTIFICATE_CATEGORY_UNSPECIFIED) */ - { CKA_CERTIFICATE_CATEGORY, pkcs11_object_get_type }, + { CKA_CERTIFICATE_CATEGORY, pkcs11_object_get_type }, /** Checksum */ - { CKA_CHECK_VALUE, NULL_PTR }, + { CKA_CHECK_VALUE, NULL_PTR }, /** Start date for the certificate (default empty) */ - { CKA_START_DATE, pkcs11_get_issue_date }, + { CKA_START_DATE, pkcs11_get_issue_date }, /** End date for the certificate (default empty) */ - { CKA_END_DATE, pkcs11_get_expire_date }, + { CKA_END_DATE, pkcs11_get_expire_date }, /** ALL: DER-encoding of the SubjectPublicKeyInfo for the public key contained in this certificate (default empty) SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT_STRING } */ - { CKA_PUBLIC_KEY_INFO, pkcs11_attrib_empty }, + { CKA_PUBLIC_KEY_INFO, pkcs11_attrib_empty }, /** DER-encoded Certificate subject name */ - { CKA_SUBJECT, pkcs11_cert_get_subject }, + { CKA_SUBJECT, pkcs11_cert_get_subject }, /** Key identifier for public/private key pair (default empty) */ - { CKA_ID, pkcs11_cert_get_subj_key }, + { CKA_ID, pkcs11_cert_get_subj_key }, /** DER-encoded Certificate issuer name (default empty)*/ - { CKA_ISSUER, pkcs11_cert_get_issuer }, + { CKA_ISSUER, pkcs11_cert_get_issuer }, /** DER-encoding of the certificate serial number (default empty) */ - { CKA_SERIAL_NUMBER, pkcs11_cert_get_serial_num }, + { CKA_SERIAL_NUMBER, pkcs11_cert_get_serial_num }, /** BER-encoded Complete Certificate */ - { CKA_VALUE, pkcs11_cert_get_encoded }, + { CKA_VALUE, pkcs11_cert_get_encoded }, /** If not empty this attribute gives the URL where the complete certificate can be obtained (default empty) */ - { CKA_URL, pkcs11_attrib_empty }, + { CKA_URL, pkcs11_attrib_empty }, /** Hash of the subject public key (default empty). Hash algorithm is defined by CKA_NAME_HASH_ALGORITHM */ - { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, pkcs11_cert_get_subject_key_id }, + { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, pkcs11_cert_get_subject_key_id }, /** Hash of the issuer public key (default empty). Hash algorithm is defined by CKA_NAME_HASH_ALGORITHM */ - { CKA_HASH_OF_ISSUER_PUBLIC_KEY, pkcs11_cert_get_authority_key_id }, + { CKA_HASH_OF_ISSUER_PUBLIC_KEY, pkcs11_cert_get_authority_key_id }, /** Java MIDP security domain. (default CK_SECURITY_DOMAIN_UNSPECIFIED) */ - { CKA_JAVA_MIDP_SECURITY_DOMAIN, NULL_PTR }, + { CKA_JAVA_MIDP_SECURITY_DOMAIN, NULL_PTR }, /** Defines the mechanism used to calculate CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY. If the attribute is not present then the type defaults to SHA-1. */ - { CKA_NAME_HASH_ALGORITHM, pkcs11_attrib_empty }, + { CKA_NAME_HASH_ALGORITHM, pkcs11_attrib_empty }, }; /* coverity[misra_c_2012_rule_5_1_violation:FALSE] C99 limit is 63 characters */ @@ -921,56 +926,56 @@ const CK_ULONG pkcs11_cert_x509public_attributes_count = (CK_ULONG)(PKCS11_UTIL_ */ const pkcs11_attrib_model pkcs11_cert_wtlspublic_attributes[] = { /** Object Class - CK_OBJECT_CLASS */ - { CKA_CLASS, pkcs11_object_get_class }, + { CKA_CLASS, pkcs11_object_get_class }, /** CK_TRUE if object is a token object; CK_FALSE if object is a session object. Default is CK_FALSE. */ - { CKA_TOKEN, pkcs11_attrib_true }, + { CKA_TOKEN, pkcs11_attrib_true }, /** CK_TRUE if object is a private object; CK_FALSE if object is a public object. */ - { CKA_PRIVATE, pkcs11_token_get_access_type }, + { CKA_PRIVATE, pkcs11_token_get_access_type }, /** CK_TRUE if object can be modified. Default is CK_TRUE. */ - { CKA_MODIFIABLE, NULL_PTR }, + { CKA_MODIFIABLE, NULL_PTR }, /** Description of the object(default empty). */ - { CKA_LABEL, pkcs11_object_get_name }, + { CKA_LABEL, pkcs11_object_get_name }, /** CK_TRUE if object can be copied using C_CopyObject.Defaults to CK_TRUE. */ - { CKA_COPYABLE, pkcs11_attrib_false }, + { CKA_COPYABLE, pkcs11_attrib_false }, /** CK_TRUE if the object can be destroyed using C_DestroyObject. Default is CK_TRUE. */ - { CKA_DESTROYABLE, pkcs11_object_get_destroyable }, + { CKA_DESTROYABLE, pkcs11_object_get_destroyable }, /** Type of certificate */ - { CKA_CERTIFICATE_TYPE, pkcs11_cert_get_type }, + { CKA_CERTIFICATE_TYPE, pkcs11_cert_get_type }, /** The certificate can be trusted for the application that it was created. */ - { CKA_TRUSTED, NULL_PTR }, + { CKA_TRUSTED, NULL_PTR }, /** Default CK_CERTIFICATE_CATEGORY_UNSPECIFIED) */ - { CKA_CERTIFICATE_CATEGORY, pkcs11_object_get_type }, + { CKA_CERTIFICATE_CATEGORY, pkcs11_object_get_type }, /** Checksum */ - { CKA_CHECK_VALUE, NULL_PTR }, + { CKA_CHECK_VALUE, NULL_PTR }, /** Start date for the certificate (default empty) */ - { CKA_START_DATE, pkcs11_attrib_empty }, + { CKA_START_DATE, pkcs11_attrib_empty }, /** End date for the certificate (default empty) */ - { CKA_END_DATE, pkcs11_attrib_empty }, + { CKA_END_DATE, pkcs11_attrib_empty }, /** ALL: DER-encoding of the SubjectPublicKeyInfo for the public key contained in this certificate (default empty) SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT_STRING } */ - { CKA_PUBLIC_KEY_INFO, pkcs11_attrib_empty }, + { CKA_PUBLIC_KEY_INFO, pkcs11_attrib_empty }, /** WTLS-encoded Certificate subject name */ - { CKA_SUBJECT, pkcs11_attrib_empty }, + { CKA_SUBJECT, pkcs11_attrib_empty }, /** WTLS-encoded Certificate issuer name (default empty)*/ - { CKA_ISSUER, pkcs11_attrib_empty }, + { CKA_ISSUER, pkcs11_attrib_empty }, /** WTLS-encoded Complete Certificate */ - { CKA_VALUE, pkcs11_cert_get_encoded }, + { CKA_VALUE, pkcs11_cert_get_encoded }, /** If not empty this attribute gives the URL where the complete certificate can be obtained (default empty) */ - { CKA_URL, pkcs11_attrib_empty }, + { CKA_URL, pkcs11_attrib_empty }, /** Hash of the subject public key (default empty). Hash algorithm is defined by CKA_NAME_HASH_ALGORITHM */ - { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, pkcs11_cert_get_subject_key_id }, + { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, pkcs11_cert_get_subject_key_id }, /** Hash of the issuer public key (default empty). Hash algorithm is defined by CKA_NAME_HASH_ALGORITHM */ - { CKA_HASH_OF_ISSUER_PUBLIC_KEY, pkcs11_attrib_empty }, + { CKA_HASH_OF_ISSUER_PUBLIC_KEY, pkcs11_attrib_empty }, /** Defines the mechanism used to calculate CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY. If the attribute is not present then the type defaults to SHA-1. */ - { CKA_NAME_HASH_ALGORITHM, pkcs11_attrib_empty }, + { CKA_NAME_HASH_ALGORITHM, pkcs11_attrib_empty }, }; /* coverity[misra_c_2012_rule_5_1_violation:FALSE] C99 limit is 63 characters */ @@ -981,56 +986,56 @@ const CK_ULONG pkcs11_cert_wtlspublic_attributes_count = (CK_ULONG)(PKCS11_UTIL_ */ const pkcs11_attrib_model pkcs11_cert_x509_attributes[] = { /** Object Class - CK_OBJECT_CLASS */ - { CKA_CLASS, pkcs11_object_get_class }, + { CKA_CLASS, pkcs11_object_get_class }, /** CK_TRUE if object is a token object; CK_FALSE if object is a session object. Default is CK_FALSE. */ - { CKA_TOKEN, pkcs11_attrib_true }, + { CKA_TOKEN, pkcs11_attrib_true }, /** CK_TRUE if object is a private object; CK_FALSE if object is a public object. */ - { CKA_PRIVATE, pkcs11_token_get_access_type }, + { CKA_PRIVATE, pkcs11_token_get_access_type }, /** CK_TRUE if object can be modified. Default is CK_TRUE. */ - { CKA_MODIFIABLE, NULL_PTR }, + { CKA_MODIFIABLE, NULL_PTR }, /** Description of the object(default empty). */ - { CKA_LABEL, pkcs11_object_get_name }, + { CKA_LABEL, pkcs11_object_get_name }, /** CK_TRUE if object can be copied using C_CopyObject.Defaults to CK_TRUE. */ - { CKA_COPYABLE, pkcs11_attrib_false }, + { CKA_COPYABLE, pkcs11_attrib_false }, /** CK_TRUE if the object can be destroyed using C_DestroyObject. Default is CK_TRUE. */ - { CKA_DESTROYABLE, pkcs11_object_get_destroyable }, + { CKA_DESTROYABLE, pkcs11_object_get_destroyable }, /** Type of certificate */ - { CKA_CERTIFICATE_TYPE, pkcs11_cert_get_type }, + { CKA_CERTIFICATE_TYPE, pkcs11_cert_get_type }, /** The certificate can be trusted for the application that it was created. */ - { CKA_TRUSTED, NULL_PTR }, + { CKA_TRUSTED, NULL_PTR }, /** Default CK_CERTIFICATE_CATEGORY_UNSPECIFIED) */ - { CKA_CERTIFICATE_CATEGORY, pkcs11_object_get_type }, + { CKA_CERTIFICATE_CATEGORY, pkcs11_object_get_type }, /** Checksum */ - { CKA_CHECK_VALUE, NULL_PTR }, + { CKA_CHECK_VALUE, NULL_PTR }, /** Start date for the certificate (default empty) */ - { CKA_START_DATE, pkcs11_attrib_empty }, + { CKA_START_DATE, pkcs11_attrib_empty }, /** End date for the certificate (default empty) */ - { CKA_END_DATE, pkcs11_attrib_empty }, + { CKA_END_DATE, pkcs11_attrib_empty }, /** ALL: DER-encoding of the SubjectPublicKeyInfo for the public key contained in this certificate (default empty) SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT_STRING } */ - { CKA_PUBLIC_KEY_INFO, pkcs11_attrib_empty }, + { CKA_PUBLIC_KEY_INFO, pkcs11_attrib_empty }, /** X509: DER-encoding of the attribute certificate's subject field. This is distinct from the CKA_SUBJECT attribute contained in CKC_X_509 certificates because the ASN.1 syntax and encoding are different. */ - { CKA_OWNER, pkcs11_attrib_empty }, + { CKA_OWNER, pkcs11_attrib_empty }, /** X509: DER-encoding of the attribute certificate's issuer field. This is distinct from the CKA_ISSUER attribute contained in CKC_X_509 certificates because the ASN.1 syntax and encoding are different. (default empty) */ - { CKA_AC_ISSUER, pkcs11_attrib_empty }, + { CKA_AC_ISSUER, pkcs11_attrib_empty }, /** DER-encoding of the certificate serial number (default empty) */ - { CKA_SERIAL_NUMBER, pkcs11_attrib_empty }, + { CKA_SERIAL_NUMBER, pkcs11_attrib_empty }, /** X509: BER-encoding of a sequence of object identifier values corresponding to the attribute types contained in the certificate. When present, this field offers an opportunity for applications to search for a particular attribute certificate without fetching and parsing the certificate itself. (default empty) */ - { CKA_ATTR_TYPES, pkcs11_attrib_empty }, + { CKA_ATTR_TYPES, pkcs11_attrib_empty }, /** BER-encoded Complete Certificate */ - { CKA_VALUE, pkcs11_cert_get_encoded }, + { CKA_VALUE, pkcs11_cert_get_encoded }, }; const CK_ULONG pkcs11_cert_x509_attributes_count = (CK_ULONG)(PKCS11_UTIL_ARRAY_SIZE(pkcs11_cert_x509_attributes)); @@ -1071,7 +1076,7 @@ CK_RV pkcs11_cert_x509_write(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, p if (ATCA_SUCCESS == status) { cal_buffer sAttribute = CAL_BUF_INIT(pAttribute->ulValueLen, pAttribute->pValue); - status = talib_write_element(device, obj_ptr->slot, &sAttribute); + status = talib_write_X509_cert(device, obj_ptr->slot, &sAttribute); } #else status = ATCA_NO_DEVICES; @@ -1092,9 +1097,10 @@ CK_RV pkcs11_cert_x509_write(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, p CK_RV pkcs11_cert_clear_session_cache(pkcs11_session_ctx_ptr session_ctx) { CK_RV rv = CKR_GENERAL_ERROR; + UNUSED_VAR(session_ctx); -#if !defined(ATCA_NO_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) +#if defined(ATCA_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) CK_ULONG i; for (i = 0; i < PKCS11_MAX_CERTS_CACHED; i++) @@ -1139,9 +1145,10 @@ CK_RV pkcs11_cert_clear_session_cache(pkcs11_session_ctx_ptr session_ctx) CK_RV pkcs11_cert_clear_object_cache(pkcs11_object_ptr pObject) { CK_RV rv = CKR_GENERAL_ERROR; + UNUSED_VAR(pObject); -#if !defined(ATCA_NO_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) +#if defined(ATCA_HEAP) && (FEATURE_ENABLED == ATCACERT_INTEGRATION_EN) CK_ULONG i; atcacert_def_t *cert_def = pObject->data; diff --git a/lib/pkcs11/pkcs11_debug.c b/lib/pkcs11/pkcs11_debug.c index d9a495634..935985822 100644 --- a/lib/pkcs11/pkcs11_debug.c +++ b/lib/pkcs11/pkcs11_debug.c @@ -310,7 +310,7 @@ void pkcs11_debug_attributes(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) PKCS11_DEBUG_NOFILE("%s(%X):%d:%s\r\n", name, (unsigned int)pTemplate->type, (int)pTemplate->ulValueLen, (char*)pTemplate->pValue); break; default: -#ifndef ATCA_NO_HEAP +#ifdef ATCA_HEAP { size_t buf_len = pTemplate->ulValueLen * 3 + 1; char * buffer = pkcs11_os_malloc(buf_len); diff --git a/lib/pkcs11/pkcs11_find.c b/lib/pkcs11/pkcs11_find.c index bf9dfb5c3..c9de0f9b6 100644 --- a/lib/pkcs11/pkcs11_find.c +++ b/lib/pkcs11/pkcs11_find.c @@ -189,7 +189,7 @@ static const pkcs11_attrib_model *pkcs11_find_attrib_match(pkcs11_object_ptr pOb } } } -#ifndef ATCA_NO_HEAP +#ifdef ATCA_HEAP if (NULL != temp.pValue) { pkcs11_os_free(temp.pValue); diff --git a/lib/pkcs11/pkcs11_init.c b/lib/pkcs11/pkcs11_init.c index 8d4e84651..c6bb8d667 100644 --- a/lib/pkcs11/pkcs11_init.c +++ b/lib/pkcs11/pkcs11_init.c @@ -39,7 +39,7 @@ #include "cryptoauthlib.h" #ifdef CreateMutex -#undef CreateMutex /* CreateMutex is defined to CreateMutexW in synchapi.h in Windows. */ +#undef CreateMutex /* CreateMutex is defined to CreateMutexW in synchapi.h in Windows. */ #endif /** @@ -48,12 +48,12 @@ /** Library intialization defaults if none were provided */ static const CK_C_INITIALIZE_ARGS pkcs11_init_defaults = { - NULL_PTR, /**< Callback to create a mutex */ - NULL_PTR, /**< Callback to destroy a mutex */ - NULL_PTR, /**< Callback to lock a mutex */ - NULL_PTR, /**< Callback to unlock a mutex */ - CKF_OS_LOCKING_OK, /**< Initialization Flags */ - NULL_PTR, /**< Reserved - Must be NULL */ + NULL_PTR, /**< Callback to create a mutex */ + NULL_PTR, /**< Callback to destroy a mutex */ + NULL_PTR, /**< Callback to lock a mutex */ + NULL_PTR, /**< Callback to unlock a mutex */ + CKF_OS_LOCKING_OK, /**< Initialization Flags */ + NULL_PTR, /**< Reserved - Must be NULL */ }; /** @@ -424,70 +424,12 @@ CK_RV pkcs11_init(CK_C_INITIALIZE_ARGS const *pInitArgs) return rv; } -static CK_RV pkcs11_deinit_interface_check(ATCADevice device, ATCAIfaceType list[]) -{ - CK_RV rv = CKR_OK; - CK_CHAR i = 0; - uint16_t minSlotCount = 1; - - if (NULL == device || NULL == list) - { - rv = CKR_ARGUMENTS_BAD; - } - - if (CKR_OK == rv) - { - /* check if current interface is already released - if yes return failure*/ - while (i < (CK_ULONG)PKCS11_MAX_SLOTS_ALLOWED) - { - if (device->mIface.mIfaceCFG->iface_type == list[i]) - { - rv = CKR_GENERAL_ERROR; - break; - } - i++; - } - } - - /* Interface not yet released - Update the list and return success*/ - if (CKR_OK == rv) - { - i = 0; - /* coverity[misra_c_2012_rule_14_3_violation] Max slot can be greater than 1*/ - if (PKCS11_MAX_SLOTS_ALLOWED != minSlotCount) - { - /* coverity[misra_c_2012_rule_14_3_violation] For MAX_SLOT > 1 Execution will reach this statement */ - while (ATCA_UNKNOWN_IFACE != list[i]) - { - /* coverity[misra_c_2012_rule_14_3_violation] Based on User input max slot varies */ - if (i >= (CK_CHAR)(PKCS11_MAX_SLOTS_ALLOWED - 1u)) - { - /* list max reached*/ - rv = CKR_FUNCTION_FAILED; - break; - } - i++; - } - } - - if (CKR_OK == rv) - { - /* update the list with current interface*/ - list[i] = device->mIface.mIfaceCFG->iface_type; - } - } - - return rv; -} /* Close the library */ CK_RV pkcs11_deinit(CK_VOID_PTR pReserved) { CK_RV rv = CKR_OK; uint32_t ulSlot = 0; pkcs11_lib_ctx_ptr lib_ctx = pkcs11_get_context(); - ATCAIfaceType interfaceList[PKCS11_MAX_SLOTS_ALLOWED]; CK_ULONG i = 0; if (NULL != pReserved) @@ -530,11 +472,6 @@ CK_RV pkcs11_deinit(CK_VOID_PTR pReserved) /* Release the crypto devices */ pkcs11_slot_ctx_ptr pslot_ctx_release = (pkcs11_slot_ctx_ptr)lib_ctx->slots; - for (i = 0; i < PKCS11_MAX_SLOTS_ALLOWED; i++) - { - interfaceList[i] = ATCA_UNKNOWN_IFACE; - } - for (i = 0; i < lib_ctx->slot_cnt; i++) { if ((NULL == pslot_ctx_release) || (NULL == pslot_ctx_release->device_ctx)) @@ -542,14 +479,10 @@ CK_RV pkcs11_deinit(CK_VOID_PTR pReserved) break; } - /* Release current interface only if not already released */ - if (CKR_OK == pkcs11_deinit_interface_check(pslot_ctx_release->device_ctx, interfaceList)) - { - (void)releaseATCADevice(pslot_ctx_release->device_ctx); - PKCS11_DEBUG("Release device_ctx Interface:[%d] Device:[%d]\n", \ - pslot_ctx_release->device_ctx->mIface.mIfaceCFG->iface_type, pslot_ctx_release->device_ctx->mIface.mIfaceCFG->devtype); + (void)releaseATCADevice(pslot_ctx_release->device_ctx); + PKCS11_DEBUG("Release device_ctx Interface:[%d] Device:[%d]\n", \ + pslot_ctx_release->device_ctx->mIface.mIfaceCFG->iface_type, pslot_ctx_release->device_ctx->mIface.mIfaceCFG->devtype); - } pslot_ctx_release++; } diff --git a/lib/pkcs11/pkcs11_key.c b/lib/pkcs11/pkcs11_key.c index 9ccd46aa1..9b4c7ff8b 100644 --- a/lib/pkcs11/pkcs11_key.c +++ b/lib/pkcs11/pkcs11_key.c @@ -46,15 +46,144 @@ #if defined(ATCA_HEAP) typedef struct pkcs11_key_cache_s { - CK_ATTRIBUTE key_id_hash; - pkcs11_session_ctx_ptr pSession_key; - pkcs11_object_ptr pObject_key; - CK_BBOOL in_use; + CK_ATTRIBUTE key_id_hash; + pkcs11_session_ctx_ptr pSession_key; + pkcs11_object_ptr pObject_key; + CK_BBOOL in_use; } pkcs11_key_cache_fields_t; static pkcs11_key_cache_fields_t pkcs11_key_cache_list[PKCS11_MAX_KEYS_CACHED]; #endif +//All below data taken from: https://asecuritysite.com/ecc/sigs3 + +/** ASN.1 Header for SECP256R1 public keys */ +CK_BYTE pkcs11_ec_pbkey_asn1_hdr_p256[] = { + 0x30, 0x59, // a SEQUENCE of 89 bytes follows + 0x30, 0x13, // a SEQUENCE of 19 bytes follows + 0x06, 0x07, // an OBJECT IDENTIFIER of 7 bytes follows + 0x2A, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, //ID algorithm: 1.2.840.10045.2.1 ECC (ecPublicKey) + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, //ID algorithm: 1.2.840.10045.3.1.7 secp256r1 + 0x03, 0x42, 0x00, // a BIT STRING of 66 bytes follows (including the 0x00 padding byte) + 0x04 // Uncompressed indicator +}; + +/** X.962 ASN.1 Header for EC256 public keys */ +CK_BYTE pkcs11_x962_asn1_hdr_ec256[] = { + 0x04, 0x41, 0x04 +}; + +CK_BYTE pkcs11_key_ec_params_p256[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; + +#if ATCA_TA_SUPPORT +/** ASN.1 Header for SECP224R1 public keys */ +CK_BYTE pkcs11_ec_pbkey_asn1_hdr_p224[] = { + 0x30, 0x4e, // a SEQUENCE of 78 bytes follows + 0x30, 0x10, // a SEQUENCE of 16 bytes follows + 0x06, 0x07, // an OBJECT IDENTIFIER of 7 bytes follows + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, //ID algorithm: 1.2.840.10045.2.1 ECC (ecPublicKey) + 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21, //ID algorithm: 1.3.132.0.33 secp224r1 + 0x03, 0x3a, 0x00, // a BIT STRING of 58 bytes follows (including the 0x00 padding byte) + 0x04 // Uncompressed indicator +}; + +/** X.962 ASN.1 Header for EC224 public keys */ +CK_BYTE pkcs11_x962_asn1_hdr_ec224[] = { + 0x04, 0x39, 0x04 +}; + +CK_BYTE pkcs11_key_ec_params_p224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 }; + +/** ASN.1 Header for SECP384R1 public keys */ +CK_BYTE pkcs11_ec_pbkey_asn1_hdr_p384[] = { + 0x30, 0x76, // a SEQUENCE of 118 bytes follows + 0x30, 0x10, // a SEQUENCE of 16 bytes follows + 0x06, 0x07, // an OBJECT IDENTIFIER of 7 bytes follows + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, // OID 1.2.840.10045.2.1 (ecPublicKey) + 0x06, 0x05, // an OBJECT IDENTIFIER of 5 bytes follows + 0x2b, 0x81, 0x04, 0x00, 0x22, // OID 1.3.132.0.34 (secp384r1) + 0x03, 0x62, 0x00, // a BIT STRING of 98 bytes follows (including the 0x00 padding byte) + 0x04 // Uncompressed indicator +}; + +CK_BYTE pkcs11_key_ec_params_p384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 }; + +/** X.962 ASN.1 Header for EC384 public keys */ +CK_BYTE pkcs11_x962_asn1_hdr_ec384[] = { + 0x04, 0x61, 0x04 +}; + +/** ASN.1 Header for SECP521R1 public keys */ +CK_BYTE pkcs11_ec_pbkey_asn1_hdr_p521[] = { + 0x30, 0x81, 0x9b, // a SEQUENCE of 155 bytes follows + 0x30, 0x10, // a SEQUENCE of 16 bytes follows + 0x06, 0x07, // an OBJECT IDENTIFIER of 7 bytes follows + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, // OID 1.2.840.10045.2.1 (ecPublicKey) + 0x06, 0x05, // an OBJECT IDENTIFIER of 5 bytes follows + 0x2b, 0x81, 0x04, 0x00, 0x23, // OID 1.3.132.0.35 (secp521r1) + 0x03, 0x81, 0x86, 0x00, // a BIT STRING of 134 bytes follows (including the 0x00 padding byte) + 0x04 //Uncompressed indicator +}; + +/** X.962 ASN.1 Header for EC521 public keys */ +CK_BYTE pkcs11_x962_asn1_hdr_ec521[] = { + 0x04, 0x85, 0x04 +}; + +CK_BYTE pkcs11_key_ec_params_p521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 }; +#endif + +//Fixing the lookup table size to support max of 4 ECC curves +//Note: Add more ECC key type info based on support required + +const pkcs11_ecc_key_info_t ec_key_data_table[4] = { + { ATCA_KEY_TYPE_ECCP256, (CK_BYTE)ATCA_ECCP256_OID_SIZE, pkcs11_key_ec_params_p256, pkcs11_ec_pbkey_asn1_hdr_p256, + pkcs11_x962_asn1_hdr_ec256, (uint16_t)ATCA_ECCP256_ASN1_HDR_SIZE, ATCA_ECCP256_PUBKEY_SIZE, ATCA_ECCP256_MSG_SIZE, ATCA_ECCP256_SIG_SIZE } +#if ATCA_TA_SUPPORT + ,{ TA_KEY_TYPE_ECCP224, (CK_BYTE)TA_ECC224_OID_SIZE, pkcs11_key_ec_params_p224, pkcs11_ec_pbkey_asn1_hdr_p224, + pkcs11_x962_asn1_hdr_ec224, (uint16_t)TA_ECC224_ASN1_HDR_SIZE, TA_ECC224_PUB_KEY_SIZE, TA_SIGN_P224_MSG_SIZE, TA_SIGN_P224_SIG_SIZE }, + + { TA_KEY_TYPE_ECCP384, (CK_BYTE)TA_ECC384_OID_SIZE, pkcs11_key_ec_params_p384, pkcs11_ec_pbkey_asn1_hdr_p384, + pkcs11_x962_asn1_hdr_ec384, (uint16_t)TA_ECC384_ASN1_HDR_SIZE, TA_ECC384_PUB_KEY_SIZE, TA_SIGN_P384_MSG_SIZE, TA_SIGN_P384_SIG_SIZE }, + + { TA_KEY_TYPE_ECCP521, (CK_BYTE)TA_ECC521_OID_SIZE, pkcs11_key_ec_params_p521, pkcs11_ec_pbkey_asn1_hdr_p521, + pkcs11_x962_asn1_hdr_ec521, (uint16_t)TA_ECC521_ASN1_HDR_SIZE, TA_ECC521_PUB_KEY_SIZE, TA_SIGN_P521_MSG_SIZE, TA_SIGN_P521_SIG_SIZE }, +#endif +}; + +const pkcs11_ecc_key_info_t* pkcs11_get_object_key_type(ATCADevice device_ctx, pkcs11_object_ptr obj_ptr) +{ + CK_BYTE key_type = 0u; + + ATCADeviceType dev_type = atcab_get_device_type_ext(device_ctx); + + if (NULL != obj_ptr) + { + if (atcab_is_ca_device(dev_type)) + { + return &ec_key_data_table[key_type]; + } + else if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + key_type = ((obj_ptr->handle_info.element_CKA & TA_HANDLE_INFO_KEY_TYPE_MASK) >> TA_HANDLE_INFO_KEY_TYPE_SHIFT); + if (key_type > 3u) + { + return NULL; + } + return &ec_key_data_table[key_type]; +#endif + } + else + { + /* do nothing*/ + } + } + + /* If reached here means object not valid*/ + return NULL; +} + static CK_RV pkcs11_key_get_derivekey_flag(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, pkcs11_session_ctx_ptr pSession) { pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; @@ -91,7 +220,7 @@ static CK_RV pkcs11_key_get_derivekey_flag(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR } #if ATCA_TA_SUPPORT -static ATCA_STATUS pkcs11_ta_get_pubkey(CK_VOID_PTR pObject, uint8_t buffer[ATCA_ECCP256_PUBKEY_SIZE], pkcs11_session_ctx_ptr session_ctx) +CK_RV pkcs11_ta_get_pubkey(CK_VOID_PTR pObject, cal_buffer *key_buffer, pkcs11_session_ctx_ptr session_ctx) { pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; pkcs11_slot_ctx_ptr slot_ctx; @@ -104,17 +233,17 @@ static ATCA_STATUS pkcs11_ta_get_pubkey(CK_VOID_PTR pObject, uint8_t buffer[ATCA if (CKR_OK != pkcs11_object_get_owner(obj_ptr, &owner_id)) { - return ATCA_GEN_FAIL; + return CKR_FUNCTION_FAILED; } if (NULL == (slot_ctx = pkcs11_slot_get_context(NULL, owner_id))) { - return ATCA_GEN_FAIL; + return CKR_FUNCTION_FAILED; } if (NULL == session_ctx || NULL == session_ctx->slot) { - return ATCA_GEN_FAIL; + return CKR_FUNCTION_FAILED; } ATCADevice device = session_ctx->slot->device_ctx; @@ -137,7 +266,7 @@ static ATCA_STATUS pkcs11_ta_get_pubkey(CK_VOID_PTR pObject, uint8_t buffer[ATCA (void)talib_handle_can_read(device, auth_handle, &pubkey_field_handle_info.attributes, &allowed); if (allowed) { - status = atcab_read_pubkey_ext(device, publickey_slot, buffer); + status = talib_read_element(device, publickey_slot, key_buffer); } else { @@ -156,7 +285,7 @@ static ATCA_STATUS pkcs11_ta_get_pubkey(CK_VOID_PTR pObject, uint8_t buffer[ATCA (void)talib_handle_can_use(device, auth_handle, &obj_ptr->handle_info, &allowed); if (allowed) { - status = atcab_get_pubkey_ext(device, obj_ptr->slot, buffer); + status = talib_get_pubkey(device, obj_ptr->slot, key_buffer); } else { @@ -164,7 +293,7 @@ static ATCA_STATUS pkcs11_ta_get_pubkey(CK_VOID_PTR pObject, uint8_t buffer[ATCA } } - return status; + return pkcs11_util_convert_rv(status); } #endif @@ -341,19 +470,6 @@ static CK_RV pkcs11_key_get_allowed_mechanisms(CK_VOID_PTR pObject, CK_ATTRIBUTE return rv; } -/** ASN.1 Header for SECP256R1 public keys */ -static const uint8_t ec_pubkey_asn1_header[] = { - 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, - 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04 -}; - -/** X.962 ASN.1 Header for EC public keys */ -static const uint8_t ec_x962_asn1_header[] = { - 0x04, 0x41, 0x04 -}; - /** * \brief Extract a public key and convert it to the asn.1 format */ @@ -365,137 +481,229 @@ static CK_RV pkcs11_key_get_public_key(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAt if (NULL != obj_ptr && NULL != session_ctx) { CK_BBOOL is_private = false; + const pkcs11_ecc_key_info_t *ec_key_data = pkcs11_get_object_key_type(session_ctx->slot->device_ctx, obj_ptr); - if (CKR_OK == (rv = pkcs11_object_is_private(obj_ptr, &is_private, session_ctx))) + if (NULL == ec_key_data) { - CK_UTF8CHAR ec_asn1_key[sizeof(ec_pubkey_asn1_header) + ATCA_ECCP256_PUBKEY_SIZE]; - ATCA_STATUS status = ATCA_GEN_FAIL; - - (void)memcpy(ec_asn1_key, ec_pubkey_asn1_header, sizeof(ec_pubkey_asn1_header)); - + return rv; + } - if (is_private) - { + if (CKR_OK == (rv = pkcs11_object_is_private(obj_ptr, &is_private, session_ctx))) + { + if (ec_key_data->asn1_header_sz <= ((uint16_t)PKCS11_MAX_ECC_ASN1_HDR_SIZE) && (ec_key_data->pubkey_sz <= PKCS11_MAX_ECC_PB_KEY_SIZE)) + { + //Keeping to max size + CK_UTF8CHAR ec_asn1_key[PKCS11_MAX_ECC_ASN1_HDR_SIZE + PKCS11_MAX_ECC_PB_KEY_SIZE]; + (void)memcpy(ec_asn1_key, ec_key_data->ec_asn1_header, ec_key_data->asn1_header_sz); ATCADeviceType dev_type = atcab_get_device_type_ext(session_ctx->slot->device_ctx); - if (atcab_is_ca_device(dev_type)) + if (is_private) { + if (atcab_is_ca_device(dev_type)) + { #if ATCA_CA_SUPPORT - status = atcab_get_pubkey_ext(session_ctx->slot->device_ctx, obj_ptr->slot, &ec_asn1_key[sizeof(ec_pubkey_asn1_header)]); - PKCS11_DEBUG("atcab_get_pubkey: %x\r\n", status); + rv = pkcs11_util_convert_rv(atcab_get_pubkey_ext(session_ctx->slot->device_ctx, obj_ptr->slot, + &ec_asn1_key[ec_key_data->asn1_header_sz])); + PKCS11_DEBUG("atcab_get_pubkey_ext: %x\r\n", rv); #endif + } + else if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + CK_UTF8CHAR ec_pubkey_gen[PKCS11_MAX_ECC_PB_KEY_SIZE]; + cal_buffer ec_pubkey_buf = CAL_BUF_INIT(ec_key_data->pubkey_sz, ec_pubkey_gen); + if (CKR_OK == (rv = pkcs11_ta_get_pubkey(pObject, &ec_pubkey_buf, session_ctx))) + { + (void)memcpy(&ec_asn1_key[ec_key_data->asn1_header_sz], ec_pubkey_gen, ec_key_data->pubkey_sz); + } + PKCS11_DEBUG("pkcs11_ta_get_pubkey: %x\r\n", rv); +#endif + } + else + { + rv = CKR_GENERAL_ERROR; + } } - else if (atcab_is_ta_device(dev_type)) + else { + if (atcab_is_ca_device(dev_type)) + { +#if ATCA_CA_SUPPORT + rv = pkcs11_util_convert_rv(atcab_read_pubkey_ext(session_ctx->slot->device_ctx, obj_ptr->slot, + &ec_asn1_key[(ec_key_data->asn1_header_sz)])); + PKCS11_DEBUG("atcab_read_pubkey_ext: %x\r\n", rv); +#endif + } + else if (atcab_is_ta_device(dev_type)) + { #if ATCA_TA_SUPPORT - status = pkcs11_ta_get_pubkey(pObject, &ec_asn1_key[sizeof(ec_pubkey_asn1_header)], session_ctx); + CK_UTF8CHAR ec_pubkey_rd[PKCS11_MAX_ECC_PB_KEY_SIZE]; + cal_buffer ec_pubkey_buf = CAL_BUF_INIT(ec_key_data->pubkey_sz, ec_pubkey_rd); + if (CKR_OK == (rv = pkcs11_util_convert_rv(talib_read_element(session_ctx->slot->device_ctx, obj_ptr->slot, &ec_pubkey_buf)))) + { + (void)memcpy(&ec_asn1_key[ec_key_data->asn1_header_sz], ec_pubkey_rd, ec_key_data->pubkey_sz); + } + PKCS11_DEBUG("talib_read_element: %x\r\n", rv); #endif + } + else + { + rv = CKR_GENERAL_ERROR; + } + } + if (CKR_OK == rv) + { + rv = pkcs11_attrib_fill(pAttribute, ec_asn1_key, (CK_ULONG)sizeof(ec_asn1_key)); } else { - /* do nothing */ + (void)pkcs11_attrib_empty(pObject, pAttribute, NULL); + PKCS11_DEBUG("Couldnt generate public key\r\n", rv); + rv = CKR_OK; } } else { - status = atcab_read_pubkey_ext(session_ctx->slot->device_ctx, obj_ptr->slot, &ec_asn1_key[sizeof(ec_pubkey_asn1_header)]); - PKCS11_DEBUG("atcab_read_pubkey: %x\r\n", status); - - } - - if (ATCA_SUCCESS == status) - { - rv = pkcs11_attrib_fill(pAttribute, ec_asn1_key, (CK_ULONG)sizeof(ec_asn1_key)); - } - else - { - (void)pkcs11_attrib_empty(pObject, pAttribute, NULL); - PKCS11_DEBUG("Couldnt generate public key\r\n", status); - rv = CKR_OK; - + rv = CKR_KEY_SIZE_RANGE; } } } - + else + { + rv = CKR_ARGUMENTS_BAD; + } + return rv; } -static const uint8_t pkcs11_key_ec_params[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; - static CK_RV pkcs11_key_get_ec_params(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, pkcs11_session_ctx_ptr psession) { - ((void)pObject); ((void)psession); + pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; + CK_RV rv = CKR_ARGUMENTS_BAD; + if (NULL != obj_ptr && NULL != psession) + { + const pkcs11_ecc_key_info_t *ec_key_data = pkcs11_get_object_key_type(psession->slot->device_ctx, obj_ptr); + + if (NULL != ec_key_data) + { + rv = pkcs11_attrib_fill(pAttribute, ec_key_data->curve_oid, (CK_ULONG)(ec_key_data->oid_size)); + } + else + { + (void)pkcs11_attrib_empty(pObject, pAttribute, NULL); + } - return pkcs11_attrib_fill(pAttribute, pkcs11_key_ec_params, (CK_ULONG)sizeof(pkcs11_key_ec_params)); + } + return rv; } static CK_RV pkcs11_key_get_ec_point(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, pkcs11_session_ctx_ptr psession) { pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; CK_RV rv = CKR_ARGUMENTS_BAD; - + if (NULL != obj_ptr && NULL != psession) { - ATCA_STATUS status = ATCA_SUCCESS; - CK_UTF8CHAR ec_asn1_key[3 + ATCA_ECCP256_PUBKEY_SIZE] = { 0x04, 0x41, 0x04, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0 }; + const pkcs11_ecc_key_info_t *ec_key_data = pkcs11_get_object_key_type(psession->slot->device_ctx, obj_ptr); - if (NULL != pAttribute->pValue) + if (NULL == ec_key_data) { - CK_BBOOL is_private; + return rv; + } + + //EC point attribute length need to be set before fetching the actual attribute data + //Hence by default, return value is CKR_OK + rv = CKR_OK; + + if (ec_key_data->pubkey_sz <= PKCS11_MAX_ECC_PB_KEY_SIZE) + { + CK_UTF8CHAR ec_asn1_key[PKCS11_X962_ASN1_HEADER_SZ + PKCS11_MAX_ECC_PB_KEY_SIZE]; + (void)memcpy(ec_asn1_key, ec_key_data->ec_x962_asn1_header, PKCS11_X962_ASN1_HEADER_SZ); - if (CKR_OK == (rv = pkcs11_object_is_private(obj_ptr, &is_private, psession))) + if (NULL != pAttribute->pValue) { - if (is_private) - { - ATCADeviceType dev_type = atcab_get_device_type_ext(psession->slot->device_ctx); + CK_BBOOL is_private; + ATCADeviceType dev_type = atcab_get_device_type_ext(psession->slot->device_ctx); - if (atcab_is_ca_device(dev_type)) + if (CKR_OK == (rv = pkcs11_object_is_private(obj_ptr, &is_private, psession))) + { + if (is_private) { + if (atcab_is_ca_device(dev_type)) + { #if ATCA_CA_SUPPORT - status = atcab_get_pubkey_ext(psession->slot->device_ctx, obj_ptr->slot, &ec_asn1_key[3]); - PKCS11_DEBUG("atcab_get_pubkey: %x\r\n", status); + rv = pkcs11_util_convert_rv(atcab_get_pubkey_ext(psession->slot->device_ctx, obj_ptr->slot, &ec_asn1_key[PKCS11_X962_ASN1_HEADER_SZ])); + PKCS11_DEBUG("atcab_get_pubkey: %x\r\n", rv); #endif - } - else if (atcab_is_ta_device(dev_type)) - { + } + else if (atcab_is_ta_device(dev_type)) + { #if ATCA_TA_SUPPORT - status = pkcs11_ta_get_pubkey(pObject, &ec_asn1_key[3], psession); + CK_UTF8CHAR ec_pubkey_gen[PKCS11_MAX_ECC_PB_KEY_SIZE]; + cal_buffer ec_pubkey_buf = CAL_BUF_INIT(ec_key_data->pubkey_sz, ec_pubkey_gen); + if (CKR_OK == (rv = pkcs11_ta_get_pubkey(pObject, &ec_pubkey_buf, psession))) + { + (void)memcpy(&ec_asn1_key[PKCS11_X962_ASN1_HEADER_SZ], ec_pubkey_gen, ec_key_data->pubkey_sz); + } + PKCS11_DEBUG("pkcs11_ta_get_pubkey: %x\r\n", rv); #endif + } + else + { + rv = CKR_GENERAL_ERROR; + } } else { - /* do nothing */ - } - } - else - { - status = atcab_read_pubkey_ext(psession->slot->device_ctx, obj_ptr->slot, &ec_asn1_key[3]); - PKCS11_DEBUG("atcab_read_pubkey: %x\r\n", status); + if (atcab_is_ca_device(dev_type)) + { +#if ATCA_CA_SUPPORT + rv = pkcs11_util_convert_rv(atcab_read_pubkey_ext(psession->slot->device_ctx, obj_ptr->slot, &ec_asn1_key[PKCS11_X962_ASN1_HEADER_SZ])); + PKCS11_DEBUG("atcab_read_pubkey: %x\r\n", rv); +#endif + } + else if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + CK_UTF8CHAR ec_pubkey_rd[PKCS11_MAX_ECC_PB_KEY_SIZE]; + cal_buffer ec_pubkey_buf = CAL_BUF_INIT(ec_key_data->pubkey_sz, ec_pubkey_rd); + if (CKR_OK == (rv = pkcs11_util_convert_rv(talib_read_element(psession->slot->device_ctx, obj_ptr->slot, &ec_pubkey_buf)))) + { + (void)memcpy(&ec_asn1_key[PKCS11_X962_ASN1_HEADER_SZ], ec_pubkey_rd, ec_key_data->pubkey_sz); + } + PKCS11_DEBUG("talib_read_element: %x\r\n", rv); +#endif + } + else + { + rv = CKR_GENERAL_ERROR; + } + } } } - } - if (ATCA_SUCCESS == status) - { - rv = pkcs11_attrib_fill(pAttribute, ec_asn1_key, (CK_ULONG)sizeof(ec_asn1_key)); + if (CKR_OK == rv) + { + rv = pkcs11_attrib_fill(pAttribute, ec_asn1_key, (CK_ULONG)sizeof(ec_asn1_key)); + } + else + { + (void)pkcs11_attrib_empty(pObject, pAttribute, NULL); + PKCS11_DEBUG("Couldnt generate public key\r\n", rv); + rv = CKR_OK; + } } else { - (void)pkcs11_attrib_empty(pObject, pAttribute, NULL); - PKCS11_DEBUG("Couldnt generate public key\r\n", status); - rv = CKR_OK; + rv = CKR_KEY_SIZE_RANGE; } } + else + { + rv = CKR_ARGUMENTS_BAD; + } return rv; } @@ -591,51 +799,99 @@ static CK_RV pkcs11_key_auth_required(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAtt return rv; } -static CK_RV pkcs11_key_calc_key_id(const pkcs11_session_ctx_ptr pSession, const pkcs11_object_ptr pObject, uint8_t *key_id_buffer) +static CK_RV pkcs11_key_calc_key_id(const pkcs11_session_ctx_ptr pSession, const pkcs11_object_ptr pObject, CK_BYTE_PTR key_id_buffer) { CK_BBOOL is_private = FALSE; CK_RV rv = CKR_ARGUMENTS_BAD; + pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; - if (CKR_OK == (rv = pkcs11_object_is_private(pObject, &is_private, pSession))) - { - uint8_t pubkey_buffer[1 + ATCA_ECCP256_PUBKEY_SIZE] = { 0x0 }; - pubkey_buffer[0] = ATCA_ECC_UNCOMPRESSED_TYPE; + if (NULL != obj_ptr && NULL != pSession) + { + const pkcs11_ecc_key_info_t *ec_key_data = pkcs11_get_object_key_type(pSession->slot->device_ctx, obj_ptr); - if (TRUE == is_private) + if (NULL == ec_key_data) { - ATCADeviceType dev_type = atcab_get_device_type_ext(pSession->slot->device_ctx); - if (atcab_is_ca_device(dev_type)) - { + return rv; + } + + if (ec_key_data->pubkey_sz <= PKCS11_MAX_ECC_PB_KEY_SIZE) + { + if (CKR_OK == (rv = pkcs11_object_is_private(pObject, &is_private, pSession))) + { + CK_BYTE pubkey_buffer[ATCA_ECC_UNCOMPRESSED_TYPE_OFFSET + PKCS11_MAX_ECC_PB_KEY_SIZE]; + pubkey_buffer[0] = ATCA_ECC_UNCOMPRESSED_TYPE; + ATCADeviceType dev_type = atcab_get_device_type_ext(pSession->slot->device_ctx); + + if (TRUE == is_private) + { + if (atcab_is_ca_device(dev_type)) + { #if ATCA_CA_SUPPORT - rv = pkcs11_util_convert_rv(atcab_get_pubkey_ext(pSession->slot->device_ctx, pObject->slot, &pubkey_buffer[1])); + rv = pkcs11_util_convert_rv(atcab_get_pubkey_ext(pSession->slot->device_ctx, pObject->slot, &pubkey_buffer[1])); #endif - } - else if (atcab_is_ta_device(dev_type)) - { + } + else if (atcab_is_ta_device(dev_type)) + { #if ATCA_TA_SUPPORT - rv = pkcs11_util_convert_rv(pkcs11_ta_get_pubkey(pObject, &pubkey_buffer[1], pSession)); + CK_UTF8CHAR ec_pubkey_gen[PKCS11_MAX_ECC_PB_KEY_SIZE]; + cal_buffer ec_pubkey_buf = CAL_BUF_INIT(ec_key_data->pubkey_sz, ec_pubkey_gen); + if (CKR_OK == (rv = pkcs11_ta_get_pubkey(pObject, &ec_pubkey_buf, pSession))) + { + (void)memcpy(&pubkey_buffer[1], ec_pubkey_gen, ec_key_data->pubkey_sz); + } + PKCS11_DEBUG("pkcs11_ta_get_pubkey: %x\r\n", rv); #endif - } - else - { - /* do nothing */ + } + else + { + rv = CKR_GENERAL_ERROR; + } + } + else + { + if (atcab_is_ca_device(dev_type)) + { +#if ATCA_CA_SUPPORT + rv = pkcs11_util_convert_rv(atcab_read_pubkey_ext(pSession->slot->device_ctx, obj_ptr->slot, &pubkey_buffer[1])); + PKCS11_DEBUG("atcab_read_pubkey_ext: %x\r\n", rv); +#endif + } + else if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + CK_UTF8CHAR ec_pubkey_rd[PKCS11_MAX_ECC_PB_KEY_SIZE]; + cal_buffer ec_pubkey_buf = CAL_BUF_INIT(ec_key_data->pubkey_sz, ec_pubkey_rd); + if (CKR_OK == (rv = pkcs11_util_convert_rv(talib_read_element(pSession->slot->device_ctx, obj_ptr->slot, &ec_pubkey_buf)))) + { + (void)memcpy(&pubkey_buffer[1], ec_pubkey_rd, ec_key_data->pubkey_sz); + } + PKCS11_DEBUG("talib_read_element: %x\r\n", rv); +#endif + } + else + { + rv = CKR_GENERAL_ERROR; + } + } + if (CKR_OK == rv) + { + rv = pkcs11_util_convert_rv(atcac_sw_sha1(pubkey_buffer, sizeof(pubkey_buffer), key_id_buffer)); + } } } else { - rv = pkcs11_util_convert_rv(atcab_read_pubkey_ext(pSession->slot->device_ctx, pObject->slot, &pubkey_buffer[1])); - } - if (CKR_OK == rv) - { - rv = pkcs11_util_convert_rv(atcac_sw_sha1(pubkey_buffer, sizeof(pubkey_buffer), key_id_buffer)); + rv = CKR_ARGUMENTS_BAD; } + } return rv; } #if defined(ATCA_HEAP) /* Loads keys into cache list*/ -static CK_RV pkcs11_key_load_key_id_cache(const pkcs11_session_ctx_ptr pSession, const pkcs11_object_ptr pObject, pkcs11_key_cache_fields_t** pkcs11_key_cache_item) +static CK_RV pkcs11_key_load_key_id_cache(const pkcs11_session_ctx_ptr pSession, const pkcs11_object_ptr pObject, + pkcs11_key_cache_fields_t** pkcs11_key_cache_item) { CK_RV rv = CKR_ARGUMENTS_BAD; @@ -649,7 +905,7 @@ static CK_RV pkcs11_key_load_key_id_cache(const pkcs11_session_ctx_ptr pSession, rv = CKR_HOST_MEMORY; /* Find free key ID cache slot*/ for (i = 0U; i < PKCS11_MAX_KEYS_CACHED; i++) - { + { //Check for free slots if (FALSE == pkcs11_key_cache_list[i].in_use) { @@ -658,18 +914,18 @@ static CK_RV pkcs11_key_load_key_id_cache(const pkcs11_session_ctx_ptr pSession, } if (i < PKCS11_MAX_KEYS_CACHED) - { + { /* Allocate key ID object memory */ uint8_t *key_id_object_ptr = pkcs11_os_malloc(ATCA_SHA1_DIGEST_SIZE); if (NULL != key_id_object_ptr) - { + { (void)memset(key_id_object_ptr, 0, ATCA_SHA1_DIGEST_SIZE); //Read public key from device //calculate SHA1 rv = pkcs11_key_calc_key_id(pSession, pObject, key_id_object_ptr); if (CKR_OK == rv) - { + { pObject->data = key_id_object_ptr; /* Link key ID buffer to cache list and object */ pkcs11_key_cache_list[i].key_id_hash.pValue = pkcs11_os_malloc(ATCA_SHA1_DIGEST_SIZE); @@ -688,7 +944,7 @@ static CK_RV pkcs11_key_load_key_id_cache(const pkcs11_session_ctx_ptr pSession, } } else - { + { rv = CKR_GENERAL_ERROR; for (i = 0U; i < PKCS11_MAX_KEYS_CACHED; i++) { @@ -707,17 +963,17 @@ static CK_RV pkcs11_key_load_key_id_cache(const pkcs11_session_ctx_ptr pSession, #endif static CK_RV pkcs11_key_get_key_id(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, pkcs11_session_ctx_ptr session_ctx) -{ +{ pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; CK_RV rv = CKR_ARGUMENTS_BAD; //Check if object allocated and a valid session if (NULL != obj_ptr && NULL != session_ctx) - { + { #if PKCS11_AUTO_ID_ENABLE //Check if attribute fields are valid and required buffer allocated if (NULL != pAttribute->pValue) - { + { #ifdef ATCA_HEAP pkcs11_key_cache_fields_t *pkcs11_key_cache_item = NULL; //Check if calculated key ID can be read from cache list @@ -728,22 +984,22 @@ static CK_RV pkcs11_key_get_key_id(CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttrib else #endif { - uint8_t key_id[ATCA_SHA1_DIGEST_SIZE] = { 0x0 }; + CK_BYTE key_id[ATCA_SHA1_DIGEST_SIZE] = { 0x0 }; //Read public key from device and calculate key id - if(CKR_OK == pkcs11_key_calc_key_id(session_ctx, obj_ptr, key_id)) + if (CKR_OK == pkcs11_key_calc_key_id(session_ctx, obj_ptr, key_id)) { - rv = pkcs11_attrib_fill(pAttribute, key_id, (uint8_t)ATCA_SHA1_DIGEST_SIZE); + rv = pkcs11_attrib_fill(pAttribute, key_id, (CK_BYTE)ATCA_SHA1_DIGEST_SIZE); } else - { + { rv = pkcs11_attrib_empty(pObject, pAttribute, NULL); } } } else { - rv = pkcs11_attrib_fill(pAttribute, NULL, (uint8_t)ATCA_SHA1_DIGEST_SIZE); + rv = pkcs11_attrib_fill(pAttribute, NULL, (CK_BYTE)ATCA_SHA1_DIGEST_SIZE); } #else uint16_t key_id = ATCA_UINT16_HOST_TO_BE(obj_ptr->slot); @@ -1097,8 +1353,7 @@ static CK_RV pkcs11_key_privwrite_ca(CK_VOID_PTR pSession, pkcs11_object_ptr pOb return rv; } - -CK_RV pkcs11_key_write(CK_VOID_PTR pSession, CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute) +CK_RV pkcs11_key_write(CK_VOID_PTR pSession, CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, const pkcs11_ecc_key_info_t *ec_key_info) { pkcs11_object_ptr obj_ptr = (pkcs11_object_ptr)pObject; CK_RV rv = CKR_ARGUMENTS_BAD; @@ -1108,23 +1363,48 @@ CK_RV pkcs11_key_write(CK_VOID_PTR pSession, CK_VOID_PTR pObject, CK_ATTRIBUTE_P pkcs11_session_ctx_ptr session_ctx = (pkcs11_session_ctx_ptr)pSession; if (obj_ptr->class_id == CKO_PUBLIC_KEY && pAttribute->type == CKA_EC_POINT) { - /* coverity[misra_c_2012_rule_21_16_violation:FALSE] inputs are of pointer type */ - if (0 == memcmp(ec_x962_asn1_header, pAttribute->pValue, sizeof(ec_x962_asn1_header))) - { - CK_BBOOL is_private; + const pkcs11_ecc_key_info_t *ec_key_data = pkcs11_get_object_key_type(session_ctx->slot->device_ctx, obj_ptr); - if (CKR_OK == (rv = pkcs11_object_is_private(obj_ptr, &is_private, session_ctx))) + if (NULL != ec_key_data) + { + /* coverity[misra_c_2012_rule_21_16_violation:FALSE] CK_VOID_PTR is a pointer type */ + if (0 == memcmp(ec_key_data->ec_x962_asn1_header, pAttribute->pValue, PKCS11_X962_ASN1_HEADER_SZ)) { - if (is_private) - { - /* Assume it is paired with the private key that is already stored */ - rv = CKR_OK; - } - else + CK_BBOOL is_private; + + if (CKR_OK == (rv = pkcs11_object_is_private(obj_ptr, &is_private, session_ctx))) { - /* Actually write the public key into the slot */ - rv = pkcs11_util_convert_rv(atcab_write_pubkey_ext(session_ctx->slot->device_ctx, obj_ptr->slot, - &(((uint8_t*)pAttribute->pValue)[sizeof(ec_x962_asn1_header)]))); + if (is_private) + { + /* Assume it is paired with the private key that is already stored */ + rv = CKR_OK; + } + else + { + ATCADeviceType device_type = atcab_get_device_type_ext(session_ctx->slot->device_ctx); + /* Actually write the public key into the slot */ + if (atcab_is_ca_device(device_type)) + { + rv = pkcs11_util_convert_rv(atcab_write_pubkey_ext(session_ctx->slot->device_ctx, obj_ptr->slot, + &(((uint8_t*)pAttribute->pValue)[PKCS11_X962_ASN1_HEADER_SZ]))); + } + else if (atcab_is_ta_device(device_type)) + { + if (ec_key_data->asn1_header_sz <= ((uint16_t)PKCS11_MAX_ECC_ASN1_HDR_SIZE) && (ec_key_data->pubkey_sz <= PKCS11_MAX_ECC_PB_KEY_SIZE)) + { +#if ATCA_TA_SUPPORT + CK_UTF8CHAR ec_pubkey[PKCS11_MAX_ECC_ASN1_HDR_SIZE + PKCS11_MAX_ECC_PB_KEY_SIZE]; + (void)memcpy(ec_pubkey, &(((CK_BYTE_PTR)pAttribute->pValue)[0]), pAttribute->ulValueLen); + cal_buffer ec_pbkey_buf = CAL_BUF_INIT(ec_key_info->pubkey_sz, ec_pubkey); + rv = pkcs11_util_convert_rv(talib_write_element(session_ctx->slot->device_ctx, obj_ptr->slot, &ec_pbkey_buf)); +#endif + } + } + else + { + rv = CKR_KEY_SIZE_RANGE; + } + } } } } @@ -1167,11 +1447,11 @@ CK_RV pkcs11_key_write(CK_VOID_PTR pSession, CK_VOID_PTR pObject, CK_ATTRIBUTE_P CK_RV pkcs11_key_generate ( - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phKey + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey ) { CK_ATTRIBUTE_PTR pName = NULL; @@ -1299,22 +1579,26 @@ CK_RV pkcs11_key_generate CK_RV pkcs11_key_generate_pair ( - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - CK_OBJECT_HANDLE_PTR phPublicKey, - CK_OBJECT_HANDLE_PTR phPrivateKey + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey ) { - CK_ATTRIBUTE_PTR pName = NULL; + CK_ATTRIBUTE_PTR pLabel = NULL; + CK_OBJECT_CLASS_PTR pClass = NULL; + CK_ATTRIBUTE_PTR pData = NULL; pkcs11_lib_ctx_ptr pLibCtx; pkcs11_session_ctx_ptr pSession; pkcs11_object_ptr pPublic = NULL; pkcs11_object_ptr pPrivate = NULL; CK_ULONG i; + CK_ULONG ecKeyTableIdx = 0; + CK_BBOOL OidMatched = false; CK_RV rv = CKR_OK; rv = pkcs11_init_check(&pLibCtx, FALSE); @@ -1336,28 +1620,49 @@ CK_RV pkcs11_key_generate_pair return rv; } - /* @todo Perform the various mechanism and key attribute checks */ - if (CKM_EC_KEY_PAIR_GEN != pMechanism->mechanism) { return CKR_MECHANISM_INVALID; } - + /* Look for supported/mandatory attributes */ for (i = 0; i < ulPrivateKeyAttributeCount; i++) { - if (CKA_LABEL == pPrivateKeyTemplate[i].type) + switch (pPrivateKeyTemplate[i].type) { - pName = &pPrivateKeyTemplate[i]; + case CKA_LABEL: + pLabel = &pPrivateKeyTemplate[i]; + break; + case CKA_CLASS: + pClass = pPrivateKeyTemplate[i].pValue; + break; + case CKA_EC_PARAMS: + pData = &pPrivateKeyTemplate[i]; + break; + default: break; } } - if (NULL == pName || pName->ulValueLen > (CK_ULONG)PKCS11_MAX_LABEL_SIZE) + if (NULL == pLabel || pLabel->ulValueLen > (CK_ULONG)PKCS11_MAX_LABEL_SIZE) + { + PKCS11_DEBUG("pLabel is NULL\r\n"); + return CKR_TEMPLATE_INCONSISTENT; + } + + if (NULL == pClass || (CKO_PRIVATE_KEY) != *pClass) + { + PKCS11_DEBUG("pClass is NULL\r\n"); + return CKR_TEMPLATE_INCONSISTENT; + } + + if (NULL == pData || pData->ulValueLen == 0u) { + PKCS11_DEBUG("pData is NULL\r\n"); return CKR_TEMPLATE_INCONSISTENT; } + /* Must create two new objects - a public and private key */ rv = pkcs11_object_alloc(pSession->slot->slot_id, &pPrivate); @@ -1378,32 +1683,69 @@ CK_RV pkcs11_key_generate_pair if (CKR_OK == rv) { pPrivate->class_id = CKO_PRIVATE_KEY; + CK_ULONG ecKeyTableSz = sizeof(ec_key_data_table) / sizeof(ec_key_data_table[0]); + for (i = 0; i < ecKeyTableSz; i++) + { + /* coverity[misra_c_2012_rule_21_16_violation:FALSE] CK_VOID_PTR is a pointer type */ + if (0 == memcmp(ec_key_data_table[i].curve_oid, pData->pValue, pData->ulValueLen)) + { + //Key OID matched and we got the private key type + ecKeyTableIdx = i; + OidMatched = true; + break; + } + } + + if (false == OidMatched) + { + rv = CKR_TEMPLATE_INCONSISTENT; + } + else + { #if ATCA_TA_SUPPORT - (void)talib_handle_init_private_key(&pPrivate->handle_info, TA_KEY_TYPE_ECCP256, + (void)talib_handle_init_private_key(&pPrivate->handle_info, ec_key_data_table[ecKeyTableIdx].ec_key_type, TA_ALG_MODE_ECC_ECDSA, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_NO_KEY_AGREEMENT); #endif - rv = pkcs11_config_key(pLibCtx, pSession->slot, pPrivate, pName); + rv = pkcs11_config_key(pLibCtx, pSession->slot, pPrivate, pLabel); + } } if (CKR_OK == rv) { pPublic->slot = pPrivate->slot; pPublic->flags = pPrivate->flags; - (void)memcpy(pPublic->name, pName->pValue, pName->ulValueLen); + (void)memcpy(pPublic->name, pLabel->pValue, pLabel->ulValueLen); pPublic->class_id = CKO_PUBLIC_KEY; pPublic->class_type = CKK_EC; pPublic->attributes = pkcs11_key_public_attributes; pPublic->count = pkcs11_key_public_attributes_count; - pPublic->size = 64; + pPublic->size = ec_key_data_table[ecKeyTableIdx].pubkey_sz; #if ATCA_CA_SUPPORT pPublic->config = &((pkcs11_slot_ctx_ptr)pSession->slot)->cfg_zone; #endif - if (CKR_OK == (rv = pkcs11_lock_both(pLibCtx))) { - rv = pkcs11_util_convert_rv(atcab_genkey_ext(pSession->slot->device_ctx, pPrivate->slot, NULL)); + ATCADeviceType dev_type = atcab_get_device_type_ext(pSession->slot->device_ctx); + if (atcab_is_ca_device(dev_type)) + { +#if ATCA_CA_SUPPORT + rv = pkcs11_util_convert_rv(atcab_genkey_ext(pSession->slot->device_ctx, pPrivate->slot, NULL)); +#endif + } + else if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + rv = pkcs11_util_convert_rv(talib_genkey(pSession->slot->device_ctx, pPrivate->slot, NULL)); +#endif + } + else + { + /* do nothing */ + } + + //If public key generation is success , means corresponding private key is good if (CKR_OK != rv) { #if !PKCS11_USE_STATIC_CONFIG @@ -1555,12 +1897,12 @@ static CK_RV pkcs11_key_derive_ca(pkcs11_session_ctx_ptr pSession, pkcs11_object CK_RV pkcs11_key_derive ( - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phKey + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey ) { pkcs11_session_ctx_ptr pSession = NULL; @@ -1734,7 +2076,7 @@ CK_RV pkcs11_key_clear_object_cache(pkcs11_object_ptr pObject) CK_ULONG i; for (i = 0; i < PKCS11_MAX_KEYS_CACHED; i++) - { + { if (pObject == pkcs11_key_cache_list[i].pObject_key) { if (NULL != pObject->data) diff --git a/lib/pkcs11/pkcs11_key.h b/lib/pkcs11/pkcs11_key.h index 20caf6d28..1c789fb92 100644 --- a/lib/pkcs11/pkcs11_key.h +++ b/lib/pkcs11/pkcs11_key.h @@ -38,6 +38,34 @@ extern "C" { } #endif +typedef struct pkcs11_ecc_key_info_s +{ + CK_BYTE ec_key_type; + CK_BYTE oid_size; + CK_BYTE_PTR curve_oid; + CK_BYTE_PTR ec_asn1_header; + CK_BYTE_PTR ec_x962_asn1_header; + uint16_t asn1_header_sz; + CK_ULONG pubkey_sz; + CK_ULONG min_msg_sz; + CK_ULONG sig_sz; +}pkcs11_ecc_key_info_t; + +#define PKCS11_X962_ASN1_HEADER_SZ 3u + +//Maximum ASN1 Header size for the supported ECC curves (ECCP256/224/384/521) +//Set to ASN1 header size for ECCP256 which has the max size +#define PKCS11_MAX_ECC_ASN1_HDR_SIZE ATCA_ECCP256_ASN1_HDR_SIZE + +#if ATCA_TA_SUPPORT +//Max public key size supported (ECCP521) in case of TA + #define PKCS11_MAX_ECC_PB_KEY_SIZE TA_ECC521_PUB_KEY_SIZE +#else +//Max public key size supported (ECCP256) in case of ECC device + #define PKCS11_MAX_ECC_PB_KEY_SIZE ATCA_ECCP256_PUBKEY_SIZE +#endif + +extern const pkcs11_ecc_key_info_t ec_key_data_table[4]; extern const pkcs11_attrib_model pkcs11_key_public_attributes[]; extern const CK_ULONG pkcs11_key_public_attributes_count; @@ -47,7 +75,24 @@ extern const CK_ULONG pkcs11_key_private_attributes_count; extern const pkcs11_attrib_model pkcs11_key_secret_attributes[]; extern const CK_ULONG pkcs11_key_secret_attributes_count; -CK_RV pkcs11_key_write(CK_VOID_PTR pSession, CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute); +extern CK_BYTE pkcs11_ec_pbkey_asn1_hdr_p256[]; +extern CK_BYTE pkcs11_x962_asn1_hdr_ec256[]; +extern CK_BYTE pkcs11_key_ec_params_p256[]; + +#if ATCA_TA_SUPPORT +extern CK_BYTE pkcs11_ec_pbkey_asn1_hdr_p224[]; +extern CK_BYTE pkcs11_x962_asn1_hdr_ec224[]; +extern CK_BYTE pkcs11_key_ec_params_p224[]; + +extern CK_BYTE pkcs11_ec_pbkey_asn1_hdr_p384[]; +extern CK_BYTE pkcs11_x962_asn1_hdr_ec384[]; +extern CK_BYTE pkcs11_key_ec_params_p384[]; + +extern CK_BYTE pkcs11_ec_pbkey_asn1_hdr_p521[]; +extern CK_BYTE pkcs11_x962_asn1_hdr_ec521[]; +extern CK_BYTE pkcs11_key_ec_params_p521[]; +#endif +CK_RV pkcs11_key_write(CK_VOID_PTR pSession, CK_VOID_PTR pObject, CK_ATTRIBUTE_PTR pAttribute, const pkcs11_ecc_key_info_t *ec_key_info); CK_RV pkcs11_key_generate(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey); CK_RV pkcs11_key_generate_pair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -58,5 +103,8 @@ CK_RV pkcs11_key_derive(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey); CK_RV pkcs11_key_clear_session_cache(pkcs11_session_ctx_ptr session_ctx); CK_RV pkcs11_key_clear_object_cache(pkcs11_object_ptr pObject); - +const pkcs11_ecc_key_info_t* pkcs11_get_object_key_type(ATCADevice device_ctx, pkcs11_object_ptr obj_ptr); +#if ATCA_TA_SUPPORT +CK_RV pkcs11_ta_get_pubkey(CK_VOID_PTR pObject, cal_buffer *key_buffer, pkcs11_session_ctx_ptr session_ctx); +#endif #endif /* PKCS11_KEY_H_ */ diff --git a/lib/pkcs11/pkcs11_object.c b/lib/pkcs11/pkcs11_object.c index cf8aa46e9..873c418f7 100644 --- a/lib/pkcs11/pkcs11_object.c +++ b/lib/pkcs11/pkcs11_object.c @@ -211,7 +211,7 @@ CK_RV pkcs11_object_free(pkcs11_object_ptr pObject) (void)pkcs11_util_memset(pObject, sizeof(pkcs11_object), 0, sizeof(pkcs11_object)); -#ifndef ATCA_NO_HEAP +#ifdef ATCA_HEAP pkcs11_os_free(pObject); #endif } @@ -405,7 +405,7 @@ CK_RV pkcs11_object_find(CK_SLOT_ID slotId, pkcs11_object_ptr *ppObject, CK_ATTR { CK_ULONG i; CK_ATTRIBUTE_PTR pName = NULL; - CK_OBJECT_CLASS class = CKO_PRIVATE_KEY; /* Unless specified assume private key object */ + CK_OBJECT_CLASS class = CKO_PRIVATE_KEY; /* Unless specified assume private key object */ if (NULL == ppObject || NULL == pTemplate || 0u == ulCount) { @@ -457,19 +457,23 @@ CK_RV pkcs11_object_find(CK_SLOT_ID slotId, pkcs11_object_ptr *ppObject, CK_ATTR * \brief Create a new object on the token in the specified session using the given attribute template */ CK_RV pkcs11_object_create( - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phObject) + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject) { CK_RV rv; pkcs11_object_ptr pObject = NULL; CK_ATTRIBUTE_PTR pLabel = NULL; CK_OBJECT_CLASS_PTR pClass = NULL; CK_ATTRIBUTE_PTR pData = NULL; + CK_KEY_TYPE *pKeyType = NULL; + CK_ATTRIBUTE_PTR pEC_OID_Data = NULL; CK_ULONG i; pkcs11_lib_ctx_ptr pLibCtx = NULL; pkcs11_session_ctx_ptr pSession = NULL; + CK_ULONG ecKeyTableIdx = 0; + CK_BBOOL OidMatched = false; rv = pkcs11_init_check(&pLibCtx, FALSE); if (CKR_OK != rv) @@ -494,25 +498,48 @@ CK_RV pkcs11_object_create( case CKA_CLASS: pClass = pTemplate[i].pValue; break; + case CKA_KEY_TYPE: + pKeyType = pTemplate[i].pValue; + break; case CKA_VALUE: - /* fall-through */ case CKA_EC_POINT: pData = &pTemplate[i]; break; + case CKA_EC_PARAMS: + pEC_OID_Data = &pTemplate[i]; + break; default: - pLabel = NULL; - pClass = NULL; - pData = NULL; break; } } + //Data to be supplied by user for the certificate/ecc key object data to be written to device + if (NULL == pData) + { + return CKR_TEMPLATE_INCOMPLETE; + } + + if (CKO_PUBLIC_KEY == *pClass || CKO_PRIVATE_KEY == *pClass) + { + //Mandatory attributes for ECC KEY objects as per PKCS11 v2.40 standards + if (NULL == pKeyType || NULL == pEC_OID_Data) + { + return CKR_TEMPLATE_INCOMPLETE; + } + + if (CKK_EC != *pKeyType) + { + return CKR_TEMPLATE_INCONSISTENT; + } + } + if (CKR_OK == (rv = pkcs11_lock_context(pLibCtx))) { if (NULL != pLabel && NULL != pClass) { if (CKR_OK != (rv = pkcs11_object_find(pSession->slot->slot_id, &pObject, pTemplate, ulCount))) - { + { + (void)pkcs11_unlock_context(pLibCtx); return rv; } } @@ -530,66 +557,104 @@ CK_RV pkcs11_object_create( if (NULL != pObject) { - switch (*pClass) + CK_ULONG ecKeyTableSz = 0u; + if (CKO_PUBLIC_KEY == *pClass || CKO_PRIVATE_KEY == *pClass) { - case CKO_CERTIFICATE: - rv = pkcs11_config_cert(pLibCtx, pSession->slot, pObject, pLabel); - if (CKR_OK == rv) + ecKeyTableSz = sizeof(ec_key_data_table) / sizeof(ec_key_data_table[0]); + for (i = 0; i < ecKeyTableSz; i++) { - if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) + /* coverity[misra_c_2012_rule_21_16_violation:FALSE] CK_VOID_PTR is a pointer type */ + if ((0 == memcmp(pEC_OID_Data->pValue, ec_key_data_table[i].curve_oid, pEC_OID_Data->ulValueLen))) { - rv = pkcs11_cert_x509_write(pObject, pData, pSession); - (void)pkcs11_unlock_device(pLibCtx); + //Key OID matched and we got the private key type + ecKeyTableIdx = i; + OidMatched = true; + break; } } - break; - case CKO_PUBLIC_KEY: - pObject->class_id = CKO_PUBLIC_KEY; - if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) - { - if (CKR_OK == (rv = pkcs11_config_key(pLibCtx, pSession->slot, pObject, pLabel))) + } + + ATCADeviceType dev_type = atcab_get_device_type_ext(pSession->slot->device_ctx); + + switch (*pClass) + { + case CKO_CERTIFICATE: + rv = pkcs11_config_cert(pLibCtx, pSession->slot, pObject, pLabel); + if (CKR_OK == rv) { - rv = pkcs11_key_write(pSession, pObject, pData); - if (CKR_OK != rv) + if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) + { + rv = pkcs11_cert_x509_write(pObject, pData, pSession); + (void)pkcs11_unlock_device(pLibCtx); + } + } + break; + case CKO_PUBLIC_KEY: + if (true == OidMatched) + { + pObject->class_id = CKO_PUBLIC_KEY; + + if(atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + (void)talib_handle_init_public_key(&pObject->handle_info, ec_key_data_table[ecKeyTableIdx].ec_key_type, + TA_ALG_MODE_ECC_ECDSA, TA_PROP_NO_SIGN_GENERATION, + TA_PROP_NO_KEY_AGREEMENT); +#endif + } + if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) { + if (CKR_OK == (rv = pkcs11_config_key(pLibCtx, pSession->slot, pObject, pLabel))) + { + rv = pkcs11_key_write(pSession, pObject, pData, &ec_key_data_table[ecKeyTableIdx]); + if (CKR_OK != rv) + { #if !PKCS11_USE_STATIC_CONFIG - (void)pkcs11_config_remove_object(pLibCtx, pSession->slot, pObject); + (void)pkcs11_config_remove_object(pLibCtx, pSession->slot, pObject); #endif + } + } + (void)pkcs11_unlock_device(pLibCtx); } } - (void)pkcs11_unlock_device(pLibCtx); - } - break; - case CKO_PRIVATE_KEY: - pObject->class_id = CKO_PRIVATE_KEY; + break; + case CKO_PRIVATE_KEY: + if (true == OidMatched) + { + pObject->class_id = CKO_PRIVATE_KEY; + if(atcab_is_ta_device(dev_type)) + { + #if ATCA_TA_SUPPORT - (void)talib_handle_init_private_key(&pObject->handle_info, TA_KEY_TYPE_ECCP256, + (void)talib_handle_init_private_key(&pObject->handle_info, ec_key_data_table[ecKeyTableIdx].ec_key_type, TA_ALG_MODE_ECC_ECDSA, TA_PROP_SIGN_INT_EXT_DIGEST, TA_PROP_NO_KEY_AGREEMENT); - /* coverity[cert_int31_c_violation] signed to unsigned casting */ - pObject->handle_info.property &= (uint16_t)(~TA_PROP_EXECUTE_ONLY_KEY_GEN_MASK); -#endif - if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) - { - if (CKR_OK == (rv = pkcs11_config_key(pLibCtx, pSession->slot, pObject, pLabel))) - { - rv = pkcs11_key_write(pSession, pObject, pData); - if (CKR_OK != rv) - { + /* coverity[cert_int31_c_violation] signed to unsigned casting */ + pObject->handle_info.property &= (uint16_t)(~TA_PROP_EXECUTE_ONLY_KEY_GEN_MASK); +#endif + if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) + { + if (CKR_OK == (rv = pkcs11_config_key(pLibCtx, pSession->slot, pObject, pLabel))) + { + rv = pkcs11_key_write(pSession, pObject, pData, &ec_key_data_table[ecKeyTableIdx]); + if (CKR_OK != rv) + { #if !PKCS11_USE_STATIC_CONFIG - (void)pkcs11_config_remove_object(pLibCtx, pSession->slot, pObject); -#endif + (void)pkcs11_config_remove_object(pLibCtx, pSession->slot, pObject); +#endif + } + } + (void)pkcs11_unlock_device(pLibCtx); + } } } - (void)pkcs11_unlock_device(pLibCtx); - } - break; - default: - /* Do Nothing*/ - break; + break; + default: + /* Do Nothing*/ + break; } - + if (CKR_OK == rv) { rv = pkcs11_object_get_handle(pObject, phObject); diff --git a/lib/pkcs11/pkcs11_session.c b/lib/pkcs11/pkcs11_session.c index c8d340ba6..fa9cda08a 100644 --- a/lib/pkcs11/pkcs11_session.c +++ b/lib/pkcs11/pkcs11_session.c @@ -124,7 +124,7 @@ static CK_RV pkcs11_session_free_session_context(pkcs11_session_ctx_ptr session_ if (NULL != session_ctx) { (void)pkcs11_util_memset(session_ctx, sizeof(pkcs11_session_ctx), 0, sizeof(pkcs11_session_ctx)); -#ifndef ATCA_NO_HEAP +#ifdef ATCA_HEAP CK_ULONG i; for (i = 0; i < (CK_ULONG)PKCS11_MAX_SESSIONS_ALLOWED; i++) { @@ -253,13 +253,12 @@ CK_RV pkcs11_release_resource(pkcs11_lib_ctx_ptr pContext, pkcs11_session_ctx_pt return rv; } - CK_RV pkcs11_session_open( - CK_SLOT_ID slotID, - CK_FLAGS flags, - CK_VOID_PTR pApplication, - CK_NOTIFY notify, - CK_SESSION_HANDLE_PTR phSession) + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY notify, + CK_SESSION_HANDLE_PTR phSession) { pkcs11_lib_ctx_ptr lib_ctx = pkcs11_get_context(); pkcs11_slot_ctx_ptr slot_ctx; @@ -479,6 +478,7 @@ CK_RV pkcs11_session_login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK pkcs11_session_ctx_ptr session_ctx = pkcs11_get_session_context(hSession); bool is_ca_device = false; uint16_t key_len = 0; + uint8_t auth_idx = 0; CK_RV rv; ((void)userType); @@ -509,8 +509,21 @@ CK_RV pkcs11_session_login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK return CKR_USER_ALREADY_LOGGED_IN; } - if (CKR_OK != (rv = pkcs11_reserve_resource(pLibCtx, session_ctx, PKCS11_AUTH_OP_0))) + do + { + //! Reserve the PKCS11_AUTH_OP_0 / PKCS11_AUTH_OP_1 based on availability + rv = pkcs11_reserve_resource(pLibCtx, session_ctx, (uint8_t)((PKCS11_AUTH_OP_0 + auth_idx) & UINT8_MAX)); + + if(CKR_OK != rv) + { + auth_idx++; + } + }while((CKR_OK != rv) && (MAX_AUTH_SESSIONS > auth_idx)); + + if(CKR_OK != rv) { + //! Auth operation unavailable return error + PKCS11_DEBUG(" Login failed: Resource unavailable\r\n"); return rv; } @@ -547,16 +560,15 @@ CK_RV pkcs11_session_login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK #if PKCS11_AUTH_TERMINATE_BEFORE_LOGIN ATCADevice device = session_ctx->slot->device_ctx; - device->session_key_id = TA_HANDLE_AUTH_SESSION0; (void)talib_auth_terminate(device); #endif (void)atcac_sw_random(auth_r_nonce, sizeof(auth_r_nonce)); if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) { - - status = talib_auth_generate_nonce(session_ctx->slot->device_ctx, TA_HANDLE_AUTH_SESSION0, + status = talib_auth_generate_nonce(session_ctx->slot->device_ctx, (TA_HANDLE_AUTH_SESSION0 + auth_idx), TA_AUTH_GENERATE_OPT_NONCE_SRC_MASK | TA_AUTH_GENERATE_OPT_RANDOM_MASK, auth_i_nonce); + if (CKR_OK == (rv = pkcs11_util_convert_rv(status))) { cal_buffer key = CAL_BUF_INIT(16U, session_ctx->slot->read_key); @@ -579,7 +591,7 @@ CK_RV pkcs11_session_login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK if (CKR_OK != rv) { - (void)pkcs11_release_resource(pLibCtx, session_ctx, PKCS11_AUTH_OP_0); + (void)pkcs11_release_resource(pLibCtx, session_ctx, (uint8_t)((PKCS11_AUTH_OP_0 + auth_idx) & UINT8_MAX)); } if (CKR_OK == rv) @@ -596,6 +608,7 @@ CK_RV pkcs11_session_logout(CK_SESSION_HANDLE hSession) CK_RV rv = CKR_OK; pkcs11_lib_ctx_ptr lib_ctx = pkcs11_get_context(); pkcs11_session_ctx_ptr session_ctx = pkcs11_get_session_context(hSession); + uint8_t auth_idx = 0; if (NULL == lib_ctx || FALSE == lib_ctx->initialized) { @@ -625,7 +638,12 @@ CK_RV pkcs11_session_logout(CK_SESSION_HANDLE hSession) (void)pkcs11_cert_clear_session_cache(session_ctx); (void)pkcs11_key_clear_session_cache(session_ctx); - rv = pkcs11_release_resource(lib_ctx, session_ctx, PKCS11_AUTH_OP_0); + + do + { + (void)pkcs11_release_resource(lib_ctx, session_ctx, (uint8_t)((PKCS11_AUTH_OP_0 + auth_idx) & UINT8_MAX)); + auth_idx++; + }while(MAX_AUTH_SESSIONS > auth_idx); /* Wipe the io protection secret regardless if the above operatios succeeded */ (void)pkcs11_util_memset(session_ctx->slot->read_key, sizeof(session_ctx->slot->read_key), 0, sizeof(session_ctx->slot->read_key)); diff --git a/lib/pkcs11/pkcs11_signature.c b/lib/pkcs11/pkcs11_signature.c index 956f08864..c64f5b27c 100644 --- a/lib/pkcs11/pkcs11_signature.c +++ b/lib/pkcs11/pkcs11_signature.c @@ -34,6 +34,7 @@ #include "pkcs11_util.h" #include "cryptoauthlib.h" #include "pkcs11_slot.h" +#include "pkcs11_key.h" #if ATCA_CA_SUPPORT #include "atcacert/atcacert_der.h" @@ -50,9 +51,9 @@ * pMechanism is a valid pointer */ static CK_RV pkcs11_signature_check_key( - pkcs11_object_ptr pKey, /**< [in] Key object */ - CK_MECHANISM_PTR pMechanism, /**< [in] Mechanism parameters from C_SignInit */ - CK_BBOOL verify /**< [in] true if verify is being performed */ + pkcs11_object_ptr pKey, /**< [in] Key object */ + CK_MECHANISM_PTR pMechanism, /**< [in] Mechanism parameters from C_SignInit */ + CK_BBOOL verify /**< [in] true if verify is being performed */ ) { CK_RV rv = CKR_MECHANISM_INVALID; @@ -87,20 +88,36 @@ static CK_RV pkcs11_signature_check_key( } /** \brief Get the sign of expected size of a signature based on the private key - * * Assumptions: * pKey is a valid pointer * * \return signature length in bytes */ static CK_ULONG pkcs11_signature_get_len( - pkcs11_object_ptr pKey /**< [in] Key object */ + ATCADeviceType dev_type, /**<[in] Device type */ + pkcs11_object_ptr pKey /**< [in] Key object */ ) -{ - /** \todo Support other key types (RSA, P384, etc) */ - ((void)pKey); - - return ATCA_ECCP256_SIG_SIZE; +{ + CK_ULONG ulSiglen = 0u; + if (NULL != pKey) + { + if (atcab_is_ca_device(dev_type)) + { + ulSiglen = ATCA_ECCP256_SIG_SIZE; + } + else if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + uint8_t key_type = ((pKey->handle_info.element_CKA & TA_HANDLE_INFO_KEY_TYPE_MASK) >> TA_HANDLE_INFO_KEY_TYPE_SHIFT); + ulSiglen = (CK_ULONG)ec_key_data_table[key_type].sig_sz; +#endif + } + else + { + /* do nothing */ + } + } + return ulSiglen; } /** \brief Check the parameters for a sign operation @@ -109,9 +126,9 @@ static CK_ULONG pkcs11_signature_get_len( * pulSignatureLen is a valid pointer */ static CK_RV pkcs11_signature_check_params( - CK_BYTE_PTR pSignature, /**< [in] signature buffer - only checked if it non-null */ - CK_ULONG_PTR pulSignatureLen, /**< [in/out] input: size of pSignature, output: required signature size */ - CK_ULONG ulSignatureLen /**< [in] Required signature length */ + CK_BYTE_PTR pSignature, /**< [in] signature buffer - only checked if it non-null */ + CK_ULONG_PTR pulSignatureLen, /**< [in/out] input: size of pSignature, output: required signature size */ + CK_ULONG ulSignatureLen /**< [in] Required signature length */ ) { CK_RV rv = CKR_OK; @@ -185,21 +202,21 @@ CK_RV pkcs11_signature_sign_init(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pM * \brief Sign the data in a single pass operation */ CK_RV pkcs11_signature_sign( - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen) + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) { pkcs11_lib_ctx_ptr pLibCtx = NULL; - pkcs11_session_ctx_ptr pSession; - pkcs11_object_ptr pKey; - CK_RV rv; + pkcs11_session_ctx_ptr pSession = NULL; + pkcs11_object_ptr pKey = NULL; + CK_RV rv = CKR_ARGUMENTS_BAD; /* Check parameters */ if (NULL == pData || NULL == pulSignatureLen) { - return CKR_ARGUMENTS_BAD; + return rv; } if (0u == ulDataLen) @@ -226,27 +243,60 @@ CK_RV pkcs11_signature_sign( } if (CKR_OK == (rv = pkcs11_lock_context(pLibCtx))) - { + { + ATCADeviceType dev_type = atcab_get_device_type_ext(pSession->slot->device_ctx); + switch (pSession->active_mech) { + //Key type is symmetric case CKM_SHA256_HMAC: if (CKR_OK == (rv = pkcs11_signature_check_params(pSignature, pulSignatureLen, ATCA_SHA256_DIGEST_SIZE))) { if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) { - rv = pkcs11_util_convert_rv(atcab_sha_hmac_ext(pSession->slot->device_ctx, pData, ulDataLen, pKey->slot, pSignature, SHA_MODE_TARGET_OUT_ONLY)); + rv = + pkcs11_util_convert_rv(atcab_sha_hmac_ext(pSession->slot->device_ctx, pData, ulDataLen, pKey->slot, pSignature, + SHA_MODE_TARGET_OUT_ONLY)); (void)pkcs11_unlock_device(pLibCtx); } } break; case CKM_ECDSA: - if (CKR_OK == (rv = pkcs11_signature_check_params(pSignature, pulSignatureLen, pkcs11_signature_get_len(pKey)))) - { - if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) + if (CKR_OK == (rv = pkcs11_signature_check_params(pSignature, pulSignatureLen, pkcs11_signature_get_len(dev_type, pKey)))) + { + if (atcab_is_ca_device(dev_type)) { - rv = pkcs11_util_convert_rv(atcab_sign_ext(pSession->slot->device_ctx, pKey->slot, pData, pSignature)); - (void)pkcs11_unlock_device(pLibCtx); + if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) + { + +#if ATCA_CA_SUPPORT + rv = pkcs11_util_convert_rv(atcab_sign_ext(pSession->slot->device_ctx, pKey->slot, pData, pSignature)); +#endif + (void)pkcs11_unlock_device(pLibCtx); + } + } + else if (atcab_is_ta_device(dev_type)) + { + if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) + { +#if ATCA_TA_SUPPORT + uint8_t key_type = ((pKey->handle_info.element_CKA & TA_HANDLE_INFO_KEY_TYPE_MASK) >> TA_HANDLE_INFO_KEY_TYPE_SHIFT); + cal_buffer msg_buf = CAL_BUF_INIT(ulDataLen, pData); + cal_buffer sign_buf = CAL_BUF_INIT(*pulSignatureLen, pSignature); + //EC CURVE type depend on minium message size constraints for signing external messages in TA devices + if (ulDataLen >= ec_key_data_table[key_type].min_msg_sz) + { + rv = pkcs11_util_convert_rv(talib_sign_external(pSession->slot->device_ctx, key_type, pKey->slot, TA_HANDLE_INPUT_BUFFER, &msg_buf, + &sign_buf)); + } +#endif + (void)pkcs11_unlock_device(pLibCtx); + } + } + else + { + /* do nothing */ } } break; @@ -351,11 +401,16 @@ CK_RV pkcs11_signature_verify_init(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR CK_RV pkcs11_signature_verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen) { pkcs11_lib_ctx_ptr pLibCtx = NULL; - pkcs11_session_ctx_ptr pSession; - pkcs11_object_ptr pKey; - CK_BBOOL is_private; - CK_RV rv; - ATCA_STATUS status = ATCA_GEN_FAIL; + pkcs11_session_ctx_ptr pSession = NULL; + pkcs11_object_ptr pKey = NULL; + CK_BBOOL is_private = FALSE; + + /* + A successful call to C_Verify should return either the value CKR_OK (indicating that the supplied signature is valid) or CKR_SIGNATURE_INVALID (indicating that the supplied signature is invalid). + If the signature can be seen to be invalid purely on the basis of its length, then CKR_SIGNATURE_LEN_RANGE should be returned. + In any of these cases, the active signing operation is terminated. + */ + CK_RV rv = CKR_ARGUMENTS_BAD; bool verified = FALSE; rv = pkcs11_init_check(&pLibCtx, FALSE); @@ -379,9 +434,11 @@ CK_RV pkcs11_signature_verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ /* Check parameters */ if (NULL == pData || NULL == pSignature) { - return CKR_ARGUMENTS_BAD; + return rv; } + const pkcs11_ecc_key_info_t *ec_key_data = pkcs11_get_object_key_type(pSession->slot->device_ctx, pKey); + if (CKR_OK != (rv = pkcs11_lock_context(pLibCtx))) { return rv; @@ -409,7 +466,8 @@ CK_RV pkcs11_signature_verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) { - if (ATCA_SUCCESS == (status = atcab_sha_hmac_ext(pSession->slot->device_ctx, pData, ulDataLen, pKey->slot, buf, SHA_MODE_TARGET_OUT_ONLY))) + if (CKR_OK == + (rv = pkcs11_util_convert_rv(atcab_sha_hmac_ext(pSession->slot->device_ctx, pData, ulDataLen, pKey->slot, buf, SHA_MODE_TARGET_OUT_ONLY)))) { if (0 == memcmp(pSignature, buf, ATCA_SHA256_DIGEST_SIZE)) { @@ -422,15 +480,20 @@ CK_RV pkcs11_signature_verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ } break; case CKM_ECDSA: + if (NULL == ec_key_data) + { + return CKR_ARGUMENTS_BAD; + } + /* Checking data length */ - if (ulDataLen != ATCA_SHA256_DIGEST_SIZE) + if (ulDataLen < ec_key_data->min_msg_sz) { (void)pkcs11_unlock_context(pLibCtx); return CKR_DATA_LEN_RANGE; } /* Checking Signature length */ - if (ulSignatureLen != ATCA_ECCP256_SIG_SIZE) + if (ulSignatureLen < ec_key_data->sig_sz) { (void)pkcs11_unlock_context(pLibCtx); return CKR_SIGNATURE_LEN_RANGE; @@ -440,42 +503,87 @@ CK_RV pkcs11_signature_verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ { if (CKR_OK == (rv = pkcs11_lock_device(pLibCtx))) { + + ATCADeviceType dev_type = atcab_get_device_type_ext(pSession->slot->device_ctx); + + /* Device can't verify against a private key so ask the device for + the public key first then perform an external verify */ + uint8_t pub_key[PKCS11_MAX_ECC_PB_KEY_SIZE]; if (is_private) { - /* Device can't verify against a private key so ask the device for - the public key first then perform an external verify */ - uint8_t pub_key[ATCA_ECCP256_PUBKEY_SIZE]; - - if (ATCA_SUCCESS == (status = atcab_get_pubkey_ext(pSession->slot->device_ctx, pKey->slot, pub_key))) + if (atcab_is_ca_device(dev_type)) + { +#if ATCA_CA_SUPPORT + if (CKR_OK == (rv = pkcs11_util_convert_rv(atcab_get_pubkey_ext(pSession->slot->device_ctx, pKey->slot, pub_key)))) + { + rv = pkcs11_util_convert_rv(atcab_verify_extern_ext(pSession->slot->device_ctx, pData, pSignature, pub_key, &verified)); + } +#endif + } + else if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + cal_buffer ec_pubkey_buf = CAL_BUF_INIT(ec_key_data->pubkey_sz, pub_key); + if (CKR_OK == (rv = pkcs11_ta_get_pubkey(pKey, &ec_pubkey_buf, pSession))) + { + uint8_t key_type = ((pKey->handle_info.element_CKA & TA_HANDLE_INFO_KEY_TYPE_MASK) >> TA_HANDLE_INFO_KEY_TYPE_SHIFT); + cal_buffer sign_buf = CAL_BUF_INIT(ulSignatureLen, pSignature); + cal_buffer pbkey_buf = CAL_BUF_INIT(ec_key_data->pubkey_sz, pub_key); + cal_buffer msg_buf = CAL_BUF_INIT(ulDataLen, pData); +#if TALIB_VERIFY_EXTERN_EN + rv = pkcs11_util_convert_rv(talib_verify_extern(pSession->slot->device_ctx, key_type, TA_HANDLE_INPUT_BUFFER, &pbkey_buf, &sign_buf, + &msg_buf, &verified)); +#endif + } +#endif + } + else { - status = atcab_verify_extern_ext(pSession->slot->device_ctx, pData, pSignature, pub_key, &verified); + /* do nothing */ } } else { /* Assume Public Key has been stored properly and verify against whatever is stored */ - status = atcab_verify_stored_ext(pSession->slot->device_ctx, pData, pSignature, pKey->slot, &verified); - } + if (atcab_is_ca_device(dev_type)) + { +#if ATCA_CA_SUPPORT + rv = pkcs11_util_convert_rv(atcab_verify_stored_ext(pSession->slot->device_ctx, pData, pSignature, pKey->slot, &verified)); +#endif + } + else if (atcab_is_ta_device(dev_type)) + { +#if ATCA_TA_SUPPORT + uint8_t key_type = ((pKey->handle_info.element_CKA & TA_HANDLE_INFO_KEY_TYPE_MASK) >> TA_HANDLE_INFO_KEY_TYPE_SHIFT); + cal_buffer sign_buf = CAL_BUF_INIT(ulSignatureLen, pSignature); + cal_buffer msg_buf = CAL_BUF_INIT(ulDataLen, pData); +#if TALIB_VERIFY_STORED_EN + rv = pkcs11_util_convert_rv(talib_verify_stored(pSession->slot->device_ctx, key_type, TA_HANDLE_INPUT_BUFFER, pKey->slot, &sign_buf, + &msg_buf, &verified)); +#endif +#endif + } + else + { + /* do nothing */ + } + } (void)pkcs11_unlock_device(pLibCtx); } } break; default: - status = ATCA_GEN_FAIL; break; } + pSession->active_mech = CKM_VENDOR_DEFINED; (void)pkcs11_unlock_context(pLibCtx); - if (ATCA_SUCCESS == status) - { - rv = verified ? CKR_OK : CKR_SIGNATURE_INVALID; - } - else + if ((CKR_OK != rv || TRUE != verified)) { - rv = CKR_DEVICE_ERROR; + rv = CKR_SIGNATURE_INVALID; } return rv; diff --git a/lib/wolfssl/atca_wolfssl_interface.c b/lib/wolfssl/atca_wolfssl_interface.c index 824e86bb2..5150359ba 100644 --- a/lib/wolfssl/atca_wolfssl_interface.c +++ b/lib/wolfssl/atca_wolfssl_interface.c @@ -1104,7 +1104,7 @@ void atcac_x509_free(void* cert) } } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) struct atcac_sha1_ctx * atcac_sha1_ctx_new(void) { return (struct atcac_sha1_ctx*)hal_malloc(sizeof(atcac_sha1_ctx_t)); diff --git a/license.txt b/license.txt index 762419578..ed2617cfe 100644 --- a/license.txt +++ b/license.txt @@ -1,22 +1,22 @@ -(c) 2015-2024 Microchip Technology Inc. and its subsidiaries. - -Subject to your compliance with these terms, you may use the Microchip Software -and any derivatives exclusively with Microchip products. It is your -responsibility to comply with third party license terms applicable to your -use of third party software (including open source software) that may -accompany Microchip Software. - -Redistribution of this Microchip Software in source or binary form is allowed -and must include the above terms of use and the following disclaimer with the -distribution and accompanying materials. - -THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER -EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED -WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A -PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, -SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE -OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF -MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE FORESEEABLE. -TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL LIABILITY ON ALL -CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED THE AMOUNT OF -FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THIS SOFTWARE. \ No newline at end of file +(c) 2015-2023 Microchip Technology Inc. and its subsidiaries. + +Subject to your compliance with these terms, you may use the Microchip Software +and any derivatives exclusively with Microchip products. It is your +responsibility to comply with third party license terms applicable to your +use of third party software (including open source software) that may +accompany Microchip Software. + +Redistribution of this Microchip Software in source or binary form is allowed +and must include the above terms of use and the following disclaimer with the +distribution and accompanying materials. + +THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER +EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED +WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A +PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, +SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE +OF ANY KIND WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF +MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE FORESEEABLE. +TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL LIABILITY ON ALL +CLAIMS IN ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED THE AMOUNT OF +FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THIS SOFTWARE. diff --git a/package.yml b/package.yml index 15651d4c8..830ac3290 100644 --- a/package.yml +++ b/package.yml @@ -4,7 +4,7 @@ package: type: "application" status: "production" required: true - version: "v3.7.4" + version: "v3.7.5" dependencies: - name: "csp" diff --git a/python/cryptoauthlib/cryptoauth.json b/python/cryptoauthlib/cryptoauth.json index 73bba9f0d..ec3911eb8 100644 --- a/python/cryptoauthlib/cryptoauth.json +++ b/python/cryptoauthlib/cryptoauth.json @@ -24,5624 +24,6 @@ "docstring": "Get the current device type configured for the global ATCADevice. ", "parameters": [] }, - "talib_wakeup": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_idle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_sleep": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "_talib_exit": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_get_zone_size": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "Gets the size of the specified zone in bytes. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "zone", - "Zone to get size information from. Config(0), OTP(1), or Data(2) which requires a slot. " - ], - [ - "handle", - "If zone is Data(2), report the handle size " - ], - [ - "size", - "Zone size is returned here." - ] - ] - }, - "talib_cfg_discover": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ATCAIfaceCfg*", - "ctypes.c_int" - ], - "docstring": null, - "parameters": [] - }, - "talib_aes_keyload": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint16" - ], - "docstring": "TA API - Loads a Key into internal key memory for AES operation. This must be called before performing AES operations. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "mode", - "Mode value for key load operation " - ], - [ - "iv_index", - "IV offset in the Key handle. Applicable only for TLS1.2 IV mode " - ], - [ - "key_index", - "Key Offset in the Key group / Handle " - ], - [ - "key_handle", - "Handle of the Symmetric key to be used" - ] - ] - }, - "talib_aes_ecb": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Perform an AES-128 ECB encrypt or decrypt operation with a key in the device. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "mode", - "Mode value for AES operation, including encryption or decryption setting " - ], - [ - "aes_in", - "Input text to be encrypted or decrypted (16 bytes). " - ], - [ - "aes_out", - "Output plaintext or ciphertext is returned here (16 bytes)." - ] - ] - }, - "talib_aes_gcm": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Perform an AES-128 GCM encrypt or decrypt operation with a key in the device. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "mode", - "Mode value for AES operation, including encryption or decryption setting " - ], - [ - "aad_length", - "Length of the auth_data to include in GCM operation " - ], - [ - "message_length", - "Length of the message to include in GCM operation " - ], - [ - "iv", - "Initialization vector. " - ], - [ - "aad", - "AAD data " - ], - [ - "message", - "Cipher text for decrypt or Plain text for encrypt " - ], - [ - "tag", - "Authentication tag to be used or returned " - ], - [ - "data_out", - "The output data plain text or decrypt text. " - ] - ] - }, - "talib_aes_encrypt": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "Perform an AES-128 encrypt operation with a key in the device. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "key_id", - "Key handle containing the AES key. " - ], - [ - "key_block", - "Index within the key handle to be used as AES key. " - ], - [ - "plaintext", - "Input plaintext to be encrypted (16 bytes). " - ], - [ - "ciphertext", - "Output ciphertext is returned here (16 bytes)." - ] - ] - }, - "talib_aes_decrypt": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "Perform an AES-128 decrypt operation with a key in the device. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "key_id", - "Key handle containing the AES key. " - ], - [ - "key_block", - "Index of the 16-byte block to use within the key location for the actual key. " - ], - [ - "ciphertext", - "Input ciphertext to be decrypted (16 bytes). " - ], - [ - "plaintext", - "Output plaintext is returned here (16 bytes)." - ] - ] - }, - "talib_aes_gcm_keyload": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint8" - ], - "docstring": "Performs loading of an AES-128 key to the engine in device. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "key_id", - "Key handle containing the AES key. " - ], - [ - "key_block", - "Index of the byte block to use within the key location for the actual key." - ] - ] - }, - "talib_aes_gcm_keyload_with_implicit_iv": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.c_uint8" - ], - "docstring": "Performs loading of an AES-128 key & 4 byte iv to the engine in device. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "key_id", - "Key handle containing the AES key. " - ], - [ - "key_block", - "Index of the byte block to use within the key location for the actual key. " - ], - [ - "iv_index", - "Index to the 4 byte IV in the key_id handle for GCM operation." - ] - ] - }, - "talib_aes_gcm_encrypt": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Perform an AES-128 GCM encrypt operation with a key in the device and with given Additional authentication data, Initialization vector and the plain text. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "aad", - "AAD data " - ], - [ - "aad_length", - "Length of the auth_data to include in GCM operation " - ], - [ - "iv", - "The 12 byte Initialization vector for GCP operation. " - ], - [ - "plaintext", - "Plain text to be encrypted " - ], - [ - "plaintext_length", - "Length of the plaintext to include in GCM operation " - ], - [ - "ciphertext", - "The output cipher text " - ], - [ - "tag", - "Authentication tag to be returned " - ] - ] - }, - "talib_aes_gcm_encrypt_with_rand_iv": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Perform an AES-128 GCM encrypt operation with a key in the device, with given Additional authentication data, plain text and random Initialization vector generated within device. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "aad", - "AAD data " - ], - [ - "aad_length", - "Length of the auth_data to include in GCM operation " - ], - [ - "plaintext", - "Plain text to be encrypted " - ], - [ - "plaintext_length", - "Length of the plaintext to include in GCM operation " - ], - [ - "ciphertext", - "The output cipher text " - ], - [ - "tag", - "Authentication tag to be returned " - ], - [ - "iv", - "The 12 byte Initialization vector returned. " - ] - ] - }, - "talib_aes_gcm_decrypt": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Perform an AES-128 GCM decrypt operation with a key in the device and with given Additional authentication data, Initialization vector, TAG and the cipher text. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "aad", - "AAD data " - ], - [ - "aad_length", - "Length of the auth_data to include in GCM operation " - ], - [ - "iv", - "The 12 byte Initialization vector for GCP operation " - ], - [ - "tag", - "Authentication tag to be verified " - ], - [ - "ciphertext", - "Cipher text to be decrypted " - ], - [ - "ciphertext_length", - "Length of the ciphertext to include in GCM operation " - ], - [ - "plaintext", - "The output cipher text " - ] - ] - }, - "talib_auth_hmac_kdf": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_create_hmac": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "TA API - Create an hmac for a packet in an authenticated session. ", - "parameters": [] - }, - "talib_auth_generate_nonce": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char*16" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_startup": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_void_p", - "ctypes.c_char*16", - "ctypes.c_char*16" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_execute_nested": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_terminate": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_counter": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": "TA API - Compute the Counter functions. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "the mode used for the counter " - ], - [ - "counter_id", - "The counter to be used " - ], - [ - "counter_value", - "pointer to the counter value returned from device " - ] - ] - }, - "talib_counter_read": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": "Read one of the device's nonvolatile counter. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "counter_id", - "Counter to be read " - ], - [ - "counter_value", - "Counter value is returned here." - ] - ] - }, - "talib_counter_increment": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": "Increment one of the device's nonvolatile counter. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "counter_id", - "Counter to be increment " - ], - [ - "counter_value", - "Counter value is returned here." - ] - ] - }, - "talib_create": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes Create command to create elements on shared data or volatile register. This cannot create Secure_boot special handles. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "mode parameter for the create operations " - ], - [ - "details", - "Additional details for HMAC and Ephemeral elements " - ], - [ - "handle_in", - "handle to use to create an element " - ], - [ - "handle_config", - "Attributes information for the element to be created. Size must be 8 bytes " - ], - [ - "handle_out", - "handle created by TA100 is returned here" - ] - ] - }, - "talib_create_element": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes Create command to create elements on TA100 shared data memory. The handle is created by internally and handle value is copied into output buffer. This function wont create handle for ephemeral or HMAC symmetric key. This cannot create Secure_boot special handles. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle_cfg", - "Attributes information for the element to be created. Size must be 8 bytes " - ], - [ - "handle_out", - "handle created by TA100 is returned here" - ] - ] - }, - "talib_create_element_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ta_element_attributes_t)" - ], - "docstring": "TA API - Executes Create command to create elements on TA100 shared data memory or volatile register. This cannot create Secure_boot special handles. This function wont create handle for ephemeral or HMAC symmetric key. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle_in", - "handle to use to create an element " - ], - [ - "handle_config", - "Attributes information for the element to be created. Size must be 8 bytes" - ] - ] - }, - "talib_create_ephemeral_element_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.POINTER(ta_element_attributes_t)" - ], - "docstring": "TA API - Executes Create command to create Ephemeral element on volatile register This cannot create Secure_boot special handles. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "details", - "Additional details for HMAC and Ephemeral elements " - ], - [ - "handle_in", - "handle to use to create an element " - ], - [ - "handle_config", - "Attributes information for the element to be created. Size must be 8 bytes" - ] - ] - }, - "talib_create_hmac_element": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_size_t", - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes Create command to create HMAC symmetric elements on shared data. The handle is created by the device and handle value is copied into output buffer. This cannot create Secure_boot special handles. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "hmac_key_size", - "size of hmac symmetric key size " - ], - [ - "handle_config", - "Attributes information for the element to be created. Size must be 8 bytes " - ], - [ - "handle_out", - "handle created by the device" - ] - ] - }, - "talib_create_hmac_element_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_size_t", - "ctypes.c_uint16", - "ctypes.POINTER(ta_element_attributes_t)" - ], - "docstring": "TA API - Executes Create command to create HMAC symmetric elements on shared data memory or volatile register. This cannot create Secure_boot special handles. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "hmac_key_size", - "size of hmac symmetric key size " - ], - [ - "handle_in", - "handle to use to create an element " - ], - [ - "handle_config", - "Attributes information for the element to be created. Size must be 8 bytes" - ] - ] - }, - "talib_create_linked_shared_data": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA-API Execute the create command to create handle by TA100 in linked shared data. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "details", - "Additional details for HMAC and Ephemeral elements " - ], - [ - "handle_config", - "Attributes information for the element to be created. Size must be 8 bytes " - ], - [ - "handle_out", - "handle created by TA100 is returned here" - ] - ] - }, - "talib_delete_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32" - ], - "docstring": "TA API - Executes delete command to delete elements on TA100. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "mode for delete entire chip or handle " - ], - [ - "handle", - "Element handle to delete. Should point to shared or volatile register" - ] - ] - }, - "talib_delete_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint32" - ], - "docstring": "TA API - Executes delete command to delete handle on shared data or volatile register. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "Element handle to delete. Should point to shared or volatile register" - ] - ] - }, - "talib_chip_erase": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "TA API - Executes delete command to delete/erase entire chip. ", - "parameters": [ - [ - "device", - "Device context pointer " - ] - ] - }, - "talib_devupdate_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_uint16" - ], - "docstring": "TA API - Executes devupdate command to Update one block of the nonvolatile operating code within the trust anchor device. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "mode", - "Block ID. 0x00 through 0xFE legal " - ], - [ - "data", - "data to Update image block " - ], - [ - "data_length", - "length of update image block in bytes (maximum size is 1024)" - ] - ] - }, - "talib_devupdate_init_ctx": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16" - ], - "docstring": "TA API - Initialize the Devupdate context stucture. ", - "parameters": [ - [ - "ctx", - "devupdate context pointer " - ], - [ - "first_block_size", - "size of first block " - ], - [ - "second_block_szie", - "size of remaining block" - ] - ] - }, - "talib_devupdate_first_block": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes devupdate command to Update the first block (image) of the nonvolatile operating code within the trust anchor device. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "ctx", - "As input, devupdate context pointer As output, Update the block id after successful first block update " - ], - [ - "first_block", - "first block of the image" - ] - ] - }, - "talib_devupdate_subsequent_block": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes devupdate command to Update the subsequent block (image) of the nonvolatile operating code within the trust anchor device. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "ctx", - "As input, devupdate context pointer As output, Update the block id and remaining size " - ], - [ - "block", - "block of the image to be updated in the device " - ], - [ - "block_len", - "As input, length of the block As output, updated block length" - ] - ] - }, - "talib_devupdate_image": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes devupdate command to Update the complete image of the nonvolatile operating code within the trust anchor device. ", - "parameters": [ - [ - "image", - "Update image of the non volatile operating code" - ] - ] - }, - "talib_ecdh_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_char_p" - ], - "docstring": "TA API - Base function for generating premaster secret key using ECDH. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Mode to be used for ECDH computation " - ], - [ - "priv_handle", - "Private key handle for ECDH computation, can be Volatile or Shared memory " - ], - [ - "target_handle", - "Handle for ECDH computation result, can be IO, Volatile or Shared memory " - ], - [ - "public_key", - "Public key input to ECDH calculation. X and Y integers in big-endian format. 64 bytes for P256 key , 56 bytes for P224 key and 96 bytes for P384 " - ], - [ - "public_key_size", - "Length of the Public key parameter " - ], - [ - "pms", - "Computed ECDH pre-master secret is returned here (28 or 32 or 48 bytes) if returned directly. Otherwise NULL." - ] - ] - }, - "talib_ecdh_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char*64", - "ctypes.c_char_p" - ], - "docstring": "TA API - Generate pre master secret using ECDH and secret key copied into output buffer. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "priv_handle", - "Private key handle for ECDH computation, can be Volatile or Shared memory " - ], - [ - "public_key", - "Public key input to ECDH calculation. X and Y integers in big-endian format. 64 bytes for P256 key and 56 bytes for P224 key " - ], - [ - "pms", - "Computed ECDH pre-master secret is returned here (28 or 32 bytes) if returned directly. Otherwise NULL. " - ] - ] - }, - "talib_ecdh_io_buffer": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_char_p" - ], - "docstring": "TA API - Generate pre master secret using ECDH and secret key copied into output buffer (premaster secret key size is equal to the public key size divide by 2) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "priv_handle", - "Private key handle for ECDH computation, can be Volatile or Shared memory " - ], - [ - "public_key", - "Public key input to ECDH calculation. " - ], - [ - "pubkey_len", - "Length of the Public key parameter " - ], - [ - "pms", - "Computed ECDH pre-master secret is returned here (public key size/2) if returned directly. Otherwise NULL. " - ] - ] - }, - "talib_ecdh_xy_in_io_buffer": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_char_p" - ], - "docstring": "TA API - Generate pre master secret using ECDH and secret key copied into output buffer (premaster secret key size is same as the public key size) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "priv_handle", - "Private key handle for ECDH computation, can be Volatile or Shared memory " - ], - [ - "public_key", - "Public key input to ECDH calculation. " - ], - [ - "pubkey_len", - "Length of the Public key parameter " - ], - [ - "pms", - "Computed ECDH pre-master secret is returned here (public key size) if returned directly. Otherwise NULL. " - ] - ] - }, - "talib_ecdh_to_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_size_t" - ], - "docstring": "TA API - Generating premaster secret key using ECDH and stores in shared data or volatile register (premaster secret key size is equal to the public key size divided by 2) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "priv_handle", - "Private key handle for ECDH computation, can be Volatile or Shared memory " - ], - [ - "target_handle", - "Handle for ECDH computation result can go to Volatile or Shared memory " - ], - [ - "public_key", - "Public key input to ECDH calculation. X and Y integers in big-endian format. 64 bytes for P256 key and 56 bytes for P224 key " - ], - [ - "pubkey_len", - "Length of the Public key parameter " - ] - ] - }, - "talib_ecdh_xy_to_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_size_t" - ], - "docstring": "TA API - Generating premaster secret key using ECDH and stores in shared data or volatile register.(premaster secret key size is same as the public key size) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "priv_handle", - "Private key handle for ECDH computation, can be Volatile or Shared memory " - ], - [ - "target_handle", - "Handle for ECDH computation result can go to Volatile or Shared memory " - ], - [ - "public_key", - "Public key input to ECDH calculation. X and Y integers in big-endian format. 64 bytes for P256 key and 56 bytes for P224 key " - ], - [ - "pubkey_len", - "Length of the Public key parameter " - ] - ] - }, - "talib_export": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes the Export command, which exports the contents of a key/data element in the shared data memory. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "The key_handle that contains key/data to be exported. " - ], - [ - "export_data", - "The buffer to the store the exported data. " - ], - [ - "export_data_length", - "As input, the size of the export_data buffer and as output the size of the exported data." - ] - ] - }, - "talib_fcconfig_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": "TA API - Execute the FC config command to Configure the Fast Crypto engine for the desired algorithm and select the key group. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "mode", - "Mode Algorithm Encoding " - ], - [ - "handle", - "handle of the group of symmetric keys for use " - ], - [ - "written_map", - "map of those keys that were successfully written to the FCE" - ] - ] - }, - "talib_import_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32", - "ctypes.c_char_p", - "ctypes.c_uint16" - ], - "docstring": "TA API - Executes Import command to import the encrypted key/data blob into the handle. The target handle should be created prior to this command and the value of its attribute fields must match exactly that which is contained in the exported blob with the exception of the link fields. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "either link keys are as per target handle or exported blob handle " - ], - [ - "handle", - "Element handle where to import the data blob " - ], - [ - "blob", - "Encrypted key/data blob " - ], - [ - "blob_length", - "Length of encrypted key/data blob" - ] - ] - }, - "talib_import_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16" - ], - "docstring": "TA API - Executes Import command to import the encrypted key/data blob into the handle. The target handle should be created prior to this command and the value of its attribute fields must match exactly that which is contained in the exported blob. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "Element handle where to import the data blob " - ], - [ - "blob", - "Encrypted key/data blob " - ], - [ - "blob_length", - "Length of encrypted key/data blob" - ] - ] - }, - "talib_import_handle_with_target_links": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16" - ], - "docstring": "TA API - Executes Import command to import the encrypted key/data blob into the handle. The target handle should be created prior to this command and the value of its attribute fields must match exactly that which is contained in the exported blob with the exception of the link fields. Link keys are as per target handle (where blob going to import) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "Element handle where to import the data blob " - ], - [ - "blob", - "Encrypted key/data blob " - ], - [ - "blob_length", - "Length of encrypted key/data blob" - ] - ] - }, - "talib_info_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "TA API - Issues an Info command, which return internal device information. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Selects which mode to be used for info command. " - ], - [ - "param2", - "Handle for mode 2 & 3. " - ], - [ - "out_data", - "Response from info command " - ], - [ - "data_size", - "out_data buffer size as input and valid data length as output" - ] - ] - }, - "talib_info": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*8" - ], - "docstring": "TA API - Issues an Info command to return revision of the internal hardware, configuration or firmware of the device. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "revision", - "device revision number returned here" - ] - ] - }, - "talib_info_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*4" - ], - "docstring": "TA API - Issues an Info command to return revision of the internal hardware (compatible with cryptoauthlib info command) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "revision", - "device revision number returned here" - ] - ] - }, - "talib_info_serial_number": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*8" - ], - "docstring": "The function returns 8 byte serial number of the device. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "serial_number", - "8 byte serial number is returned here." - ] - ] - }, - "talib_info_serial_number_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*9" - ], - "docstring": "The function return 8 byte serial number of the device in 9 byte buffer (compatibility mode - cryptoauth devices have a 9 byte serial number) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "serial_number", - "8 byte serial number is returned here." - ] - ] - }, - "talib_info_get_nv_remain": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": "TA API - Issues an Info command to return remaining bytes in Non Volatile memory. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "nv_remain", - "remaining non volatile memory in the device is returned here" - ] - ] - }, - "talib_is_handle_valid": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint32", - "ctypes.c_char_p" - ], - "docstring": "TA API - Issues an Info command to return handle validity. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "target_handle", - "Target handle to read info " - ], - [ - "is_valid", - "True if handle is created, irrespective of written or used status" - ] - ] - }, - "talib_info_get_handle_info": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint32", - "ctypes.POINTER(ta_handle_info)" - ], - "docstring": "TA API - Issues an Info command to return attributes & status of a handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "target_handle", - "Target handle to read handle info " - ], - [ - "handle_info", - "Handle info (handle attributes) returned here" - ] - ] - }, - "talib_info_get_handles_array": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_uint16)", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "TA API - Issues an Info command to return handles list. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle_array", - "List of handles received as response.. " - ], - [ - "array_size", - "As input, handle_array buffer size As output, number of elements in handle_array" - ] - ] - }, - "talib_info_get_handle_size": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint32", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "TA API - Get the data stored in a handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "target_handle", - "Target handle to read info " - ], - [ - "out_size", - "data handle size is returned here" - ] - ] - }, - "talib_is_auth_session_valid": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_char_p" - ], - "docstring": "TA API - Issues an Info command to get auth session validity. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "auth_session_id", - "Target Auth session id to check validity, 0-1 are only valid " - ], - [ - "is_valid", - "Auth session validity. True if session is valid for use" - ] - ] - }, - "talib_is_volatile_register_valid": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_char_p" - ], - "docstring": "TA API - Issues an Info command to get volatile register status. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "volatile_register_id", - "Target Volatile register id to check validity, 0-3 are only valid " - ], - [ - "is_valid", - "True if handle is created, irrespective of written or used status" - ] - ] - }, - "talib_info_get_dedicated_memory": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Issues an Info command to return dedicated memory contents. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "dedicated_memory", - "dedicated memory content of 16 byte is return here" - ] - ] - }, - "talib_info_get_chip_status": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*(6)" - ], - "docstring": "TA API - Issues an Info command to return chip status. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "chip_status", - "chip status (config lock status, setup lock status, latch status) returned here" - ] - ] - }, - "talib_is_config_locked": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Issues an Info command to get config lock status. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "is_locked", - "True if config is locked or else false" - ] - ] - }, - "talib_is_setup_locked": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Issues an Info command to get setup lock status. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "is_locked", - "True if setup is locked or else false" - ] - ] - }, - "talib_is_locked_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "Executes Read command, which reads the configuration zone to see if the specified zone is locked. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "zone", - "The zone to query for locked (use LOCK_ZONE_CONFIG or LOCK_ZONE_SETUP). " - ], - [ - "is_locked", - "Lock state returned here. True if locked. " - ] - ] - }, - "talib_info_get_vcc_latch": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Issues an Info command to get Vcc latch state. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "latch_value", - "return current state of the vcc latches" - ] - ] - }, - "talib_info_get_failure_log": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Issues an Info command to get Failure logs. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "failure_log", - "previous self test failure log is returned here (64 byte)" - ] - ] - }, - "talib_info_get_rom_id": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Issues an Info command to get ROM ID. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "rom_id", - "Device rom version id is returned here" - ] - ] - }, - "talib_info_get_crl_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Issues an Info command to get CRL handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "crl_handle", - "valid crl handle is returned here" - ] - ] - }, - "talib_is_handle_locked": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "Executes info command, which reads the handle info to see if the specified handle element is locked. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "Handle to query for locked " - ], - [ - "is_locked", - "Lock state returned here. True if locked." - ] - ] - }, - "talib_kdf_aesA": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes AES OptionA operations using KDF command. Output_Handle = AESencrypt(key, Message[16:31]) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "msg_handle", - "handle refers to the message which present in device " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "output_handle", - "kdf output will be stored in this handle " - ], - [ - "message", - "Message to send on IO if indicated by message_handle if present, should be 32 bytes " - ], - [ - "kdf_out", - "Output of the KDF AES-A function is retuned here." - ] - ] - }, - "talib_kdf_aesA_io": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes AES OptionA operations using KDF command, result is on IO buffer. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "msg_handle", - "Input handle for the message " - ], - [ - "message", - "Message to send on IO if indicated by message_handle if present, should be 32 bytes " - ], - [ - "kdf_output", - "Output of the KDF - AESA function is retuned here." - ] - ] - }, - "talib_kdf_aesA_stored": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16" - ], - "docstring": "TA API - Executes AES OptionA operations using KDF command, result is stored inside device either in shared data memory or volatile register. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "message_handle", - "handle refers to the message which present in device " - ], - [ - "message", - "Message to send on IO if indicated by message_handle if present, should be 32 bytes " - ], - [ - "output_handle", - "Stores the KDF output result in this handle" - ] - ] - }, - "talib_kdf_aesB": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes AES OptionB operations using KDF command. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "msg_handle", - "handle refers to the message (which present in device) " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "output_handle", - "Holds the KDF output result " - ], - [ - "input_data", - "Application data to include in computation, should be 16 bytes " - ], - [ - "kdf_out", - "Output of the HKDF function is retuned here." - ] - ] - }, - "talib_kdf_aesB_io": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes AES OptionB operations using KDF command, result is on IO buffer. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "message_handle", - "Input handle for the message " - ], - [ - "input_data", - "Message to send on IO if indicated by message_handle if present, should be 16 bytes " - ], - [ - "kdf_output", - "Output of the KDF - AESA function is retuned here." - ] - ] - }, - "talib_kdf_aesB_stored": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes AES OptionB operations using KDF command, result is stored inside device in either shared data memory or volatile register. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "output_handle", - "Holds the KDF output result " - ], - [ - "message_handle", - "handle refers to the message (which present in device) " - ], - [ - "input_data", - "Application data to include in computation, should be 16 bytes" - ] - ] - }, - "talib_hkdf": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes HKDF operation using KDF command. Extract_key = HMAC(Salt, Key_Handle) Out_Handle[0-31] = HMAC(Key_ Extract_key, Info | 1) Out_Handle[32-63] = HMAC(Key_ Extract_key, Out_Handle[0-31] | Info | 2) Out_Handle[64-95] = HMAC(Key_ Extract_key, Out_Handle[32-63] | Info | 3) Out_Handle[96-127] = HMAC(Key_ Extract_key, Out_Handle[64-95] | Info | 4) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "output_handle", - "Holds the KDF output result " - ], - [ - "salt_len", - "Input Salt size " - ], - [ - "info_len", - "Input Info size " - ], - [ - "salt", - "Input Salt for HKDF-Extract phase " - ], - [ - "info", - "Application specific info for HKDF-Exapnd phase " - ], - [ - "kdf_out", - "Output of the HKDF function is retuned here. " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_hkdf_io": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes HKDF operation using KDF command, result in IO buffer. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "salt", - "Input Salt for HKDF-Extract phase " - ], - [ - "salt_len", - "Input Salt size " - ], - [ - "info", - "Application specific info for HKDF-Exapnd phase " - ], - [ - "info_len", - "Input Info size " - ], - [ - "kdf_output", - "Output of the HKDF function is retuned here. " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_hkdf_stored": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes HKDF operation using KDF command, result is stored inside device either in shared data memory or volatile register. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "salt", - "Input Salt for HKDF-Extract phase " - ], - [ - "salt_len", - "Input Salt size " - ], - [ - "info", - "Application specific info for HKDF-Exapnd phase " - ], - [ - "info_len", - "Input Info size " - ], - [ - "target_handle", - "Holds the KDF output result " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_prf": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes PRF operation using KDF command. A1 = HMAC(Key_Handle, Input_Data) Out_Handle[0-31] = HMAC(Key_Handle, A1 | Input_Data) A2 = HMAC(Key_Handle, A1) Out_Handle[32-63] = HMAC(Key_Handle, A2 | Input_Data) A3 = HMAC(Key_Handle, A2) Out_Handle[64-95] = HMAC(Key_Handle, A3 | Input_Data) A4 = HMAC(Key_Handle, A3) Out_Handle[96-127] = HMAC(Key_Handle, A4 | Input_Data) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "output_handle", - "Holds the KDF output result " - ], - [ - "input_len", - "Input \"input\" size " - ], - [ - "input_data", - "concatenated value of label and seed " - ], - [ - "kdf_out", - "Output of the HKDF function is retuned here. " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_prf_io": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes PRF operation using KDF command, result in IO buffer. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "src_key_length", - "Source Key length in bytes. 16, 32, 48 and 64 are only valid " - ], - [ - "input", - "concatenated value of label and seed " - ], - [ - "input_len", - "Input \"input\" size " - ], - [ - "kdf_output", - "Output of the HKDF function is retuned here. " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_prf_stored": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes PRF operation using KDF command, result is stored inside device either in shared data memory or volatile register. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "src_key_length", - "Source Key length in bytes. 16, 32, 48 and 64 are only valid " - ], - [ - "input", - "concatenated value of label and seed " - ], - [ - "input_len", - "Input \"input\" size " - ], - [ - "target_handle", - "Holds the KDF output result " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_hmac_counter": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes HMAC-Counter operation using KDF command. Bytes 0-31: HMAC(key_handle, 1 | Label | 0 | Context | Length) Bytes 32-63: HMAC(key_handle, 2 | Label | 0 | Context | Length) Bytes 64-95: HMAC(key_handle, 3 | Label | 0 | Context | Length) Bytes 95-127: HMAC(key_handle, 4 | Label | 0 | Context | Length) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "output_handle", - "Holds the KDF output result " - ], - [ - "label_len", - "Input label size " - ], - [ - "context_len", - "Input context size " - ], - [ - "label", - "Input label string provided by host " - ], - [ - "context", - "Input context provided by host " - ], - [ - "kdf_out", - "Output of the HKDF function is retuned here. " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_hmac_counter_io": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes HMAC-Counter operation using KDF command, result is in IO buffer. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "label", - "Input label string provided by host " - ], - [ - "label_len", - "Input label size " - ], - [ - "context", - "Input context provided by host " - ], - [ - "context_len", - "Input context size " - ], - [ - "kdf_output", - "Output of the HKDF function is retuned here. " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_hmac_counter_stored": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes HMAC-Counter operation using KDF command, result is stored inside device either in shared data memory or volatile register. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "label", - "Input label string provided by host " - ], - [ - "label_len", - "Input label size " - ], - [ - "context", - "Input context provided by host " - ], - [ - "context_len", - "Input context size " - ], - [ - "target_handle", - "Holds the KDF output result " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_sha256": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes SHA256 operation using KDF command. Bytes 0-31: SHA256(Pre_pad | key_handle | Post_pad) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "output_handle", - "Holds the KDF output result " - ], - [ - "pre_pad", - "Host data to prepad IKM " - ], - [ - "pre_len", - "Input pre-pad size " - ], - [ - "post_pad", - "Host data to prepad IKM " - ], - [ - "post_len", - "Input post-pad size " - ], - [ - "kdf_out", - "Output of the HKDF function is retuned here. " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_sha256_io": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes SHA256 operation using KDF command, result in IO buffer. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "pre_pad", - "Host data to prepad IKM " - ], - [ - "pre_pad_len", - "Input pre-pad size " - ], - [ - "post_pad", - "Host data to prepad IKM " - ], - [ - "post_pad_len", - "Input post-pad size " - ], - [ - "kdf_output", - "Output of the HKDF function is retuned here. " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_kdf_sha256_stored": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes SHA256 operation using KDF command, result is stored inside device either in shared data memory or volatile register. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Contains Input Key Material " - ], - [ - "pre_pad", - "Host data to prepad IKM " - ], - [ - "pre_pad_len", - "Input pre-pad size " - ], - [ - "post_pad", - "Host data to prepad IKM " - ], - [ - "post_pad_len", - "Input post-pad size " - ], - [ - "target_handle", - "Holds the KDF output result " - ], - [ - "kdf_length", - "As input, expected Key Material size As output, length of the Key Material in kdf_output" - ] - ] - }, - "talib_genkey_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "TA API - Issues GenKey command, which generates a new random key in handle and returns the public key if applicable. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Mode determines what operations the GenKey command performs " - ], - [ - "key_handle", - "Handle for a Symmetric or private key " - ], - [ - "public_key", - "Public key will be returned here. Format will be the X and Y integers in big-endian format. Length depends on the Key attributes. Set to NULL if public key isn't required. " - ], - [ - "pubkey_len", - "As input, expected public key length As output, public key length received from device." - ] - ] - }, - "talib_genkey": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "TA API - Issues GenKey command, which generates a new random key in handle and returns the public key if applicable. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Handle for a Symmetric or private key " - ], - [ - "public_key", - "Public key will be returned here. Format will be the X and Y integers in big-endian format. Length depends on the Key attributes. Set to NULL if public key isn't required. " - ], - [ - "pubkey_len", - "As input, expected public key length As output, public key length received from device." - ] - ] - }, - "talib_genkey_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char*64" - ], - "docstring": "Issue Keygen command, which generates a new random ECCP256 private key in handle and returns the public key. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Handle of a private key. " - ], - [ - "public_key", - "Public key will be returned here. Format will be the X and Y integers in big-endian format. 64 bytes for P256 curve. Set to NULL if public key isn't required." - ] - ] - }, - "talib_get_pubkey_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char*64" - ], - "docstring": "Uses GenKey command to calculate the public key from an existing ECCP256 private key in a handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Handle of a private key. " - ], - [ - "public_key", - "Public key will be returned here. Format will be the X and Y integers in big-endian format. 64 bytes for P256 curve. Set to NULL if public key isn't required." - ] - ] - }, - "talib_get_pubkey": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "Uses GenKey command to calculate the public key from an existing private key in a handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Handle of a private key. " - ], - [ - "public_key", - "Public key will be returned here. " - ], - [ - "pubkey_len", - "As input, expected public key length As output, public key length received from device." - ] - ] - }, - "talib_genkey_symmetric_key": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": "Uses GenKey command to calculate the symmetric key and load into given handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "generated symmetric key write into handle." - ] - ] - }, - "talib_lock": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32" - ], - "docstring": "TA API - Executes Lock command to prevent further updates to Configuration or Setup or shared data or one time based on the mode. Once locked, these can't be unlocked. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Parameter to select the memory type and options to lock " - ], - [ - "param2", - "CRC if locking Config, Handle if locking a shared element" - ] - ] - }, - "talib_lock_config": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Lock the config zone without CRC. ", - "parameters": [ - [ - "device", - "Device context pointer " - ] - ] - }, - "talib_lock_config_with_crc": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": "Lock the config zone with summary CRC. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "summary_crc", - "Expected CRC over the config zone." - ] - ] - }, - "talib_lock_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": "Lock an individual handle in the data zone on an ATECC device. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "handle to be locked in nv shared data zone." - ] - ] - }, - "talib_lock_setup": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Locks Setup memory. ", - "parameters": [ - [ - "device", - "Device context pointer " - ] - ] - }, - "talib_lock_onetime_latch": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Locks one time latch. Applicable only when enabled in Chip Options. ", - "parameters": [ - [ - "device", - "Device context pointer " - ] - ] - }, - "talib_mac_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes MAC command for CMAC and HMAC calculations. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Handle of the Symmetric key to be used either present in Shared data or Volatile register " - ], - [ - "key_index", - "Key index in the Key grup if handle points to a group " - ], - [ - "message", - "Challenge message of max size 1022 bytes " - ], - [ - "msg_length", - "Carries the message length " - ], - [ - "digest", - "CMAC or HMAC response is returned here (16 or 32 bytes) " - ], - [ - "mac_length", - "As input, digest buffer size As output, mac size in digest buffer" - ] - ] - }, - "talib_cmac": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "Executes MAC command for CMAC calculations. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Handle of the Symmetric key to be used either present in Shared data or Volatile register " - ], - [ - "key_index", - "Key index in the Key grup if handle points to a group " - ], - [ - "message", - "Challenge message of max size 1022 bytes " - ], - [ - "length", - "carries the message length " - ], - [ - "cmac", - "CMAC response is returned here (16 bytes)" - ] - ] - }, - "talib_hmac": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "Executes MAC command for HMAC calculations. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Handle of the Symmetric key to be used either present in Shared data or Volatile register " - ], - [ - "key_index", - "Key index in the Key grup if handle points to a group " - ], - [ - "message", - "Challenge message of max size 1022 bytes " - ], - [ - "length", - "carries the message length " - ], - [ - "hmac", - "HMAC response is returned here (32 bytes)" - ] - ] - }, - "talib_hmac_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint8" - ], - "docstring": "Executes MAC command for HMAC calculation (compatible with sha-hmac command) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "data", - "Challenge message of max size 1022 bytes " - ], - [ - "data_size", - "carries the message length " - ], - [ - "key_slot", - "Handle of the Symmetric key to be used either present in Shared data or Volatile register " - ], - [ - "digest", - "HMAC response is returned here (32 bytes) " - ], - [ - "target", - "Where to save the digest internal to the device." - ] - ] - }, - "talib_cert_extract": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_void_p" - ], - "docstring": "TA API - Executes manage_cert api to extract x.509 certs from IO buffer or shared memory and store extracted certificate to shared element. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "parent_handle", - "Verifying certificate handle. This can be in Shared or Volatile " - ], - [ - "target_handle", - "Handle to write verified certificate or CRL element. After successful verification, extracted element is written to this handle. A value of 0xFFFF, skips write to handle but returns verification status " - ], - [ - "source_handle", - "Handle pointing to Full certificate or CRL. Only supports IO buffer or shared memory, but not Volatile register. CRL must point to IO buffer. " - ], - [ - "cert", - "Incoming buffer containing certificate or CRL when source handle pointing to IO buffer. Maximum size is 1020. If the certificate buffer is present then it will take priority over the source_handle parameter. Should be NULL if source_handle points to internal memory " - ] - ] - }, - "talib_cert_verify": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_void_p" - ], - "docstring": "TA API - Executes manage_cert api to verify x.509 incoming cert and returns verification status. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "parent_handle", - "Verifying certificate handle. This can be in Shared or Volatile " - ], - [ - "target_handle", - "Handle to write verified certificate or CRL element. After successful verification, extracted element is written to this handle. A value of 0xFFFF, skips write to handle but returns verification status " - ], - [ - "source_handle", - "Handle pointing to Full certificate or CRL. Only supports IO buffer or shared memory, but not Volatile register. CRL must point to IO buffer. " - ], - [ - "cert", - "Incoming buffer containing certificate or CRL when source handle pointing to IO buffer. Maximum size is 1020. If the certificate buffer is present then it will take priority over the source_handle parameter. Should be NULL if source_handle points to internal memory " - ] - ] - }, - "talib_power": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8" - ], - "docstring": "TA API - Executes MAC command for CMAC and HMAC calculations. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Mode parameter to control the power state of the device" - ] - ] - }, - "talib_power_reboot": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "TA API - Executes Power command to reboot the TA100. ", - "parameters": [ - [ - "device", - "Device context pointer " - ] - ] - }, - "talib_power_sleep": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "TA API - Executes Power command to sleep the TA100. ", - "parameters": [ - [ - "device", - "Device context pointer " - ] - ] - }, - "talib_random": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_random_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*32" - ], - "docstring": null, - "parameters": [] - }, - "talib_read": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint16)", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes Read command to read an element from shared data memory. This supports both partial and completed writes Restrictions apply based on attributes of the element Volatile registers can never be read. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "mode parameter for the read operations " - ], - [ - "transfer_handle", - "Remote device write handle in case of transfer operation " - ], - [ - "key_handle", - "Target handle to initiate read operation " - ], - [ - "offset", - "Offset to the first byte to be read... Applicable only to Shared data memory only Valid only for partial reads " - ], - [ - "length", - "As Input, number of bytes to read. Cannot exceed element size Valid only for partial reads As Output, number bytes read is returned here " - ], - [ - "data_read", - "Actual data read is returned here " - ], - [ - "mac", - "MAC for the transfer function." - ] - ] - }, - "talib_read_element": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint16)", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes Read command to read complete element from shared data memory. Restrictions apply based on attributes of the element. Volatile registers can never be read. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Target handle to initiate read operation " - ], - [ - "length", - "As Input, number of bytes to read. Cannot exceed element size " - ], - [ - "data_out", - "Actual data read is returned here" - ] - ] - }, - "talib_read_partial_element": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_uint16)", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes Read command to read partial element from shared date memory. Restrictions apply based on attributes of the element. Volatile registers can never be read. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Target handle to initiate read operation " - ], - [ - "offset", - "Offset to the first byte to be read... Applicable only to Shared data memory only " - ], - [ - "length", - "As Input, number of bytes to read. Cannot exceed element size As Output, number bytes read is returned here " - ], - [ - "data", - "Actual data read is returned here" - ] - ] - }, - "talib_read_config_zone": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "Executes Read command to read the complete device configuration handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "config_data", - "Configuration zone data is returned here." - ] - ] - }, - "talib_read_gpio_pin_state": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "Executes Read command to read the gpio pin state. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "gpio_handle", - "refer to gpio handle (gpio1, gpio2, gpio2) " - ], - [ - "pin_state", - "state of the gpio pin returned here" - ] - ] - }, - "talib_read_pubkey_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char*64" - ], - "docstring": "Executes Read command to read an ECC P256 public key from a handle for clear reads. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "Handle number to read from. " - ], - [ - "public_key", - "Public key is returned here." - ] - ] - }, - "talib_read_bytes_zone": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_size_t", - "ctypes.c_char_p", - "ctypes.c_size_t" - ], - "docstring": "Used to read an arbitrary number of bytes from internal memory for clear reads. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "zone", - "Zone to read data from. Unused " - ], - [ - "handle", - "handle number to read " - ], - [ - "offset", - "Byte offset within the handle to read from. " - ], - [ - "data", - "Read data is returned here. " - ], - [ - "length", - "Number of bytes to read starting from the offset." - ] - ] - }, - "talib_read_sig_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char*64" - ], - "docstring": "Executes Read command to read a 64 byte ECDSA P256 signature from a slot configured for clear reads. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "Handle number to read from. " - ], - [ - "signature", - "Signature will be returned here (64 bytes). Format will be the 32 byte R and S big-endian integers concatenated." - ] - ] - }, - "talib_read_data_transfer": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "Executes Read command to transfer key to another trust anchor device. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "transfer_handle", - "handle where data need to be written " - ], - [ - "data", - "transfer package is returned here " - ], - [ - "transfer_mac", - "mac for transfer read" - ] - ] - }, - "talib_cmp_config_zone": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*(48)", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "Compares a specified configuration zone with the configuration zone currently on the device. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "config_data", - "Full configuration data to compare the device against. " - ], - [ - "same_config", - "Result is returned here. True if the static portions on the configuration zones are the same." - ] - ] - }, - "talib_rsaenc": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes RSAEnc command to perform RSA Encryption and Decryption operations Maximum number of bytes that can be encrypted or decrypted is 62. This is available only for RSA-1024 bit keys. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "mode parameter for RSAEnc command " - ], - [ - "in_length", - "number of bytes in data_in " - ], - [ - "handle", - "RSA Key handle for encrypt or decrypt operation " - ], - [ - "data_in", - "Input data to encrypt or decrypt" - ], - [ - "data_out", - "Encrypt or decrypt result is returned here " - ], - [ - "public_key", - "RSA-1024 bit public key for encryption if handle is IO buffer, otherwise NULL. " - ], - [ - "out_length", - "As Input, size of data_out As output, number of bytes in data_out" - ] - ] - }, - "talib_rsaenc_encrypt": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes RSAEnc command to perform RSA Encryption. Encrypt using shared data element which is referred by handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "RSA public Key handle for encrypt operation " - ], - [ - "text_size", - "number of bytes of plain text (maximum 62 bytes) " - ], - [ - "plain_text", - "Input data to encrypt " - ], - [ - "cipher_text_size", - "The size of the ciphertext buffer " - ], - [ - "cipher_text", - "Encrypted result is returned here " - ] - ] - }, - "talib_rsaenc_encrypt_with_iobuffer": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes RSAEnc command to perform RSA Encryption. Encrypt using given public key in input buffer. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "pub_key", - "public key used to encrypt the plain text " - ], - [ - "text_size", - "number of bytes of plain text (maximum 62 bytes) " - ], - [ - "plain_text", - "Input data to encrypt " - ], - [ - "cipher_text_size", - "The size of the ciphertext buffer " - ], - [ - "cipher_text", - "Encrypted result is returned here" - ] - ] - }, - "talib_rsaenc_decrypt": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes RSAEnc command to perform RSA Decryption. Decrypt using private key referred by the handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "RSA private Key handle to decrypt cipher text " - ], - [ - "text_size", - "number of bytes of cipher text which is always 128 bytes. " - ], - [ - "cipher_text", - "Input data to decrypt " - ], - [ - "plain_text_size", - "Size of the plain_text buffer. " - ], - [ - "plain_text", - "decrypted result is returned here" - ] - ] - }, - "talib_secureboot_full_asymmetric": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command with full asymmetric mode. signature is validated against extracted certificates or secure boot public key. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "dig_handle", - "Handle for the code digest " - ], - [ - "pub_handle", - "Handle for the validating public key which must be a root key or extracted certificate element " - ], - [ - "digest", - "Input digest " - ], - [ - "signature", - "Input code signature " - ], - [ - "sig_len", - "length of the input signature " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_preset": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Execute secure boot command preset phase mode for full stored, partial and pre boot config mode. This phase allocates the necessary space for the stored digest in the secureboot handle. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "mode", - "determine full store or partial or pre-boot For full stored, 0x10 For partial, 0x20 For pre-boot, 0x40 " - ], - [ - "dig_handle", - "handle for the code digest. For full stored and pre-boot, it is always 0x4800 For partial, it is always 0x0000 " - ], - [ - "param", - "determine digest present in io buffer or not For full stored and pre-boot, it is either 0x0001 or 0x0000 For partial, it is always 0x0000 " - ], - [ - "digest", - "input code digest" - ] - ] - }, - "talib_secureboot_update": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command with update phase mode for full stored and pre-boot For partial config mode, this phase is similar with complete phase This phase writes a new digest to the special handle allocated during the Preset phase. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "mode", - "determine config mode For full stored, 0x11 For partial, 0x24 For pre-boot, 0x41 " - ], - [ - "dig_handle", - "Handle for the code digest For partial, 0x0000 " - ], - [ - "pub_handle", - "Handle for the validating public key which must be a root key or extracted certificate element " - ], - [ - "digest", - "Input digest For partial, no input digest required " - ], - [ - "signature", - "Input code signature " - ], - [ - "sig_len", - "length of the input signature " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_boot": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command with boot phase mode for full store, partial and pre boot config mode. Validate the code digest from the host against stored digest. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "mode", - "Determine config mode For full store, 0x12 For partial, 0x26 For pre boot, 0x42 " - ], - [ - "dig_handle", - "Handle for the code digest " - ], - [ - "digest", - "input code digest " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_fullstore_preset": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Execute secure boot command preset phase mode for full stored config mode. This phase allocates the necessary space for the stored digest in the secureboot handle. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "digest", - "input code digest" - ] - ] - }, - "talib_secureboot_fullstore_update": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command with update phase mode for full stored config mode. This phase writes a new digest to the special handle allocated during the Preset phase. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "dig_handle", - "Handle for the code digest " - ], - [ - "pub_handle", - "Handle for the validating public key which must be a root key or extracted certificate element " - ], - [ - "digest", - "Input digest " - ], - [ - "signature", - "Input code signature " - ], - [ - "sig_len", - "length of the input signature " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_fullstore_boot": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command with boot phase mode for full store config mode. Validate the code digest from the host against stored digest. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "dig_handle", - "Handle for the code digest " - ], - [ - "digest", - "input code digest " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_partial_preset": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "TA API - Execute secure boot command preset phase mode for partial config mode. This phase allocates the necessary space for the stored digest in the secureboot handle. ", - "parameters": [ - [ - "device", - "device context pointer" - ] - ] - }, - "talib_secureboot_partial_setup": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint32" - ], - "docstring": "TA API - Execute secure boot command for setup phase in partial config mode This phase initializes the code update sequence. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "code_size", - "Total size of the code over which the signature was generated" - ] - ] - }, - "talib_secureboot_partial_code_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_size_t" - ], - "docstring": "TA API - Execute Secureboot command in partial config mode to update the code Pass a full SHA256 (64 byte) block of code to the trust anchor device as part of the overall code load/upgrade procedure. This phase is run repeatedly till the final full or partial block has been sent. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "mode", - "determine initial block or final block " - ], - [ - "code", - "Subsequent block of operating code bytes " - ], - [ - "code_size", - "size of the operating code" - ] - ] - }, - "talib_secureboot_partial_code": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Execute Secureboot command in partial config mode to update the initial code Pass a full SHA256 (64 byte) block of code to the trust anchor device as part of the overall code load/upgrade procedure. This phase is run repeatedly till before the final full or partial block has been sent. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "code", - "Subsequent block of operating code bytes Data must be of 64 bytes" - ] - ] - }, - "talib_secureboot_partial_final": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_size_t" - ], - "docstring": "TA API - Execute Secureboot command in partial config mode to update the final code This phase update the final code block. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "code", - "Subsequent block of operating code bytes " - ], - [ - "code_size", - "size of the operating code" - ] - ] - }, - "talib_secureboot_partial_complete": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command in partial config mode of complete phase This phase verifies the signature and updated the partial digests. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "pub_handle", - "Handle for the validating public key which must be a root key or extracted certificate element " - ], - [ - "signature", - "Input code signature " - ], - [ - "sig_len", - "length of the input signature " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_partial_address": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_uint32)", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": "TA API - Execute secureboot command in partial config mode of address phase This phase retrieve address min/max bounds from the trust anchor device. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "begin", - "The begin address (inclusive) for the current portion over which host should calculate digest " - ], - [ - "end", - "The ending address (inclusive) for the current portion" - ] - ] - }, - "talib_secureboot_partial_boot": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command with boot phase mode for partial config mode. Validate the code digest from the host against stored digest. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "dig_handle", - "Handle for the code digest " - ], - [ - "digest", - "input code digest " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_preboot_preset": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Execute secure boot command preset phase mode for pre boot config mode. This phase allocates the necessary space for the stored digest in the secureboot handle. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "digest", - "input code digest" - ] - ] - }, - "talib_secureboot_preboot_update": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command with update phase mode for pre boot config mode. This phase writes a new digest to the special handle allocated during the Preset phase. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "dig_handle", - "Handle for the code digest " - ], - [ - "pub_handle", - "Handle for the validating public key which must be a root key or extracted certificate element " - ], - [ - "digest", - "Input digest " - ], - [ - "signature", - "Input code signature " - ], - [ - "sig_len", - "length of the input signature " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_preboot_boot": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Execute secureboot command with boot phase mode for pre boot config mode. Validate the code digest from the host against stored digest. ", - "parameters": [ - [ - "device", - "device context pointer " - ], - [ - "dig_handle", - "Handle for the code digest " - ], - [ - "digest", - "input code digest " - ], - [ - "is_validated", - "result of secure boot validation (True or False)" - ] - ] - }, - "talib_secureboot_common_lock": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "TA API - Execute secureboot command to prevents further Secure_Boot commands from executing until the next power/reset cycle or the passing of 50% of the secure boot timer. ", - "parameters": [ - [ - "device", - "device context pointer" - ] - ] - }, - "talib_selftest": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": "TA API - Executes the SelfTest command, which performs a test of one or more of the cryptographic engines within the chip. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Mode for self test command " - ], - [ - "tests_bitmap", - "Bit map of tests to be run for self tests " - ], - [ - "result_bitmap", - "Bit map of tests that failed self tests" - ] - ] - }, - "talib_sha_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes SHA command, which computes a SHA-256 digest for general purpose use by the host system. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "SHA command mode Start(0), Update/Compute(1), Finalize(2) or Entire message is in IO buffer(3). " - ], - [ - "length", - "Number of bytes in the input stream " - ], - [ - "context_handle", - "Target handle to write digest or SHA context handle of prior calculation " - ], - [ - "message", - "Data bytes to be hashed " - ], - [ - "data_out", - "Data returned by the command (digest or context). " - ], - [ - "data_out_size", - "As input, the size of the data_out buffer. As output, the number of bytes returned in data_out." - ] - ] - }, - "talib_sha_base_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes SHA command, which computes a SHA-256 digest for general purpose use by the host system. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "SHA command mode Start(0), Update/Compute(1), Finalize(2) or Entire message is in IO buffer(3). " - ], - [ - "length", - "Number of bytes in the input stream " - ], - [ - "message", - "Data bytes to be hashed " - ], - [ - "digest", - "Data returned by the command (digest or context). " - ], - [ - "digest_size", - "As input, the size of the data_out buffer. As output, the number of bytes returned in data_out." - ] - ] - }, - "talib_sha_start": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Executes SHA command to initialize SHA-256 calculation engine. ", - "parameters": [ - [ - "device", - "Device context pointer " - ] - ] - }, - "talib_sha_start_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": "Executes SHA command to initialize SHA-256 calculation engine. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "context_handle", - "SHA context handle of prior calculation" - ] - ] - }, - "talib_sha_update": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "Executes SHA command to add message data to the current context. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "message_length", - "length of input message for SHA operation " - ], - [ - "message", - "message data to add to SHA operation." - ] - ] - }, - "talib_sha_update_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "Executes SHA command to add message data to the current context. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "context_handle", - "SHA context handle of prior calculation " - ], - [ - "message_length", - "length of input message for SHA operation " - ], - [ - "message", - "message data to add to SHA operation." - ] - ] - }, - "talib_sha_update_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "Executes SHA command to add message data to the current context. (compatibility function) ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "message", - "message data to add to SHA operation." - ] - ] - }, - "talib_sha_end": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "Executes SHA command to finalize SHA-256 calculation engine. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "digest", - "Digest is returned here (32 bytes)." - ] - ] - }, - "talib_sha_end_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "Executes SHA command to finalize SHA-256 calculation engine. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "context_handle", - "SHA context handle of prior calculation " - ], - [ - "digest", - "Digest is returned here (32 bytes)." - ] - ] - }, - "talib_sha_end_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "Executes SHA command to finalize SHA-256 calculation engine. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "digest", - "Digest is returned here (32 bytes). " - ], - [ - "length", - "input message length to update the context " - ], - [ - "message", - "message to compute SHA" - ] - ] - }, - "talib_sha": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char*32" - ], - "docstring": "Use the SHA command to compute a SHA-256 digest for given message in input stream. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "length", - "Size of message parameter in bytes. " - ], - [ - "message", - "Message data to be hashed. " - ], - [ - "digest", - "Digest is returned here (32 bytes)." - ] - ] - }, - "talib_sha_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "Use the SHA command to compute a SHA-256 digest for given message in input stream. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "context_handle", - "Target to write the digest " - ], - [ - "length", - "Size of message parameter in bytes. " - ], - [ - "message", - "Message data to be hashed. " - ], - [ - "digest", - "Digest is returned here (32 bytes)." - ] - ] - }, - "talib_sha_read_context": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": null, - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "context", - "Context data is returned here. " - ], - [ - "context_size", - "As input, the size of the context buffer in bytes. As output, the size of the returned context data." - ] - ] - }, - "talib_sha_read_context_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "Executes Read command to read the SHA-256 context from given input handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "context_handle", - "SHA context handle of prior calculation " - ], - [ - "context", - "Context data is returned here. " - ], - [ - "context_size", - "As input, the size of the context buffer in bytes. As output, the size of the returned context data." - ] - ] - }, - "talib_sha_write_context": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_uint16" - ], - "docstring": "Executes SHA command to write (restore) a SHA-256 context into the the device SHA context0 handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "context", - "Context data to be restored. " - ], - [ - "context_size", - "Size of the context data in bytes." - ] - ] - }, - "talib_sha_write_context_with_handle": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16" - ], - "docstring": "Executes SHA command to write (restore) a SHA-256 context into the the device in given input handle. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "context_handle", - "SHA context handle of prior calculation " - ], - [ - "context", - "Context data to be restored. " - ], - [ - "context_size", - "Size of the context data in bytes." - ] - ] - }, - "talib_sign_internal": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes the Sign command for sign internally generated messages using ECDSA or RSA algorithm. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Mode determines algorithm, key and algorithm options " - ], - [ - "priv_handle", - "Private key handle used to sign the message. " - ], - [ - "template_handle", - "Message template handle... Should be in Shared Data memory " - ], - [ - "target_handle", - "Private key corresponding to Public Key to be included in the message... Should be in Shared Data memory " - ], - [ - "signature", - "Signature is returned here. " - ], - [ - "sign_size", - "As input, the size of the data_out buffer. As output, the number of bytes returned in data_out." - ] - ] - }, - "talib_sign_external": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - Executes the Sign command for sign the external messages using ECDSA or RSA algorithm. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Mode determines algorithm, key and algorithm options " - ], - [ - "priv_handle", - "Private key handle used to sign the message " - ], - [ - "msg_handle", - "Message handle that contains message to be signed " - ], - [ - "message", - "Message to be signed when msg_handle points to Input buffer Should be 28, 32 or 48 bytes when sent on Input buffer " - ], - [ - "message_length", - "number of bytes in message buffer " - ], - [ - "signature", - "Signature is returned here. " - ], - [ - "sign_size", - "As input, the size of the signature buffer. As output, the number of bytes returned in data_out." - ] - ] - }, - "talib_sign_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char*32", - "ctypes.c_char*64" - ], - "docstring": "Executes Sign command, to sign a 32-byte external message using the private key in the specified slot. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_id", - "Slot of the private key to be used to sign the message. " - ], - [ - "msg", - "32-byte message to be signed. Typically the SHA256 hash of the full message. " - ], - [ - "signature", - "Signature will be returned here. Format is R and S integers in big-endian format. 64 bytes for P256 curve." - ] - ] - }, - "talib_verify": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "TA API - Executes the Verify command, to Verify a signature using given the message and a public key. The message and public key can either be stored within trust anchor device or passed on the command line. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "Verify command mode options " - ], - [ - "msg_handle", - "Message handle that contains message used for Signature calculation " - ], - [ - "pub_handle", - "Public key Handle to be used to verify signature " - ], - [ - "signature", - "Signature to be verified " - ], - [ - "sign_size", - "Size of the signature passed. Varies based on Key type and Algorithm " - ], - [ - "message", - "If msg_handle is IO buffer, message used for Signature calculation. NULL if message is coming from other than IO buffer " - ], - [ - "message_len", - "input message length " - ], - [ - "public_key", - "If pub_handle is IO buffer, the public key to be used for verification. NULL if Public key is stored internally " - ], - [ - "pubkey_len", - "Size of the public_key passed. Varies based on Key type and Algorithm " - ], - [ - "is_verified", - "if verified true returned here or else false." - ] - ] - }, - "talib_verify_extern_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*32", - "ctypes.c_char*64", - "ctypes.c_char*64", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "Executes the Verify command for ECCP256, which verifies a signature (ECDSA verify operation) with all components (message, signature, and public key) supplied. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "message", - "32 byte message to be verified. Typically the SHA256 hash of the full message. " - ], - [ - "signature", - "Signature to be verified. R and S integers in big-endian format. 64 bytes for P256 curve. " - ], - [ - "public_key", - "The public key to be used for verification. X and Y integers in big-endian format. 64 bytes for P256 curve. " - ], - [ - "is_verified", - "Boolean whether or not the message, signature, public key verified." - ] - ] - }, - "talib_verify_stored_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*32", - "ctypes.c_char*64", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "Executes the Verify command for ECCP256, which verifies a signature (ECDSA verify operation) with a public key stored in the device. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "message", - "32 byte message to be verified. Typically the SHA256 hash of the full message. " - ], - [ - "signature", - "Signature to be verified. R and S integers in big-endian format. 64 bytes for P256 curve. " - ], - [ - "key_id", - "Handle containing the public key to be used in the verification. " - ], - [ - "is_verified", - "Boolean whether or not the message, signature, public key verified." - ] - ] - }, - "talib_verify_point_exp": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "Executes the Verify command, to expand a point for known X - value and return Y - val. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "y_odd", - "2 if Y is even or 3 if Y is odd" - ], - [ - "x_val", - "Known X value" - ], - [ - "y_val", - "Y value for corresponding X value returned here" - ] - ] - }, - "talib_write": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes Write command to write an element. This supports both partial and completed writes Restrictions apply based on attributes of the element. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "mode", - "mode parameter for the write operations " - ], - [ - "source_handle", - "Memory handle to source data from... Must be IO buffer or volatile register " - ], - [ - "target_handle", - "Target handle to write data " - ], - [ - "length", - "Number of bytes to write. Cannot exceed element size " - ], - [ - "offset", - "Offset to the first byte to be written... Valid only for partial writes " - ], - [ - "write_data", - "Data to write if source_handle points to IO buffer " - ], - [ - "mac", - "MAC returned for the transfer function. " - ] - ] - }, - "talib_write_element": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes Write command to write an entire element. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "target_handle", - "Target handle to write data " - ], - [ - "length", - "Number of bytes to write. Cannot exceed element size Valid only for partial writes " - ], - [ - "write_data", - "Data to write if source_handle points to IO buffer" - ] - ] - }, - "talib_write_partial_element": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes Write command to write a partial element. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "target_handle", - "Target handle to write data " - ], - [ - "length", - "Number of bytes to write. Cannot exceed element size " - ], - [ - "offset", - "Offset to the first byte to be written... Valid only for partial writes " - ], - [ - "write_data", - "Data to write if source_handle points to IO buffer" - ] - ] - }, - "talib_write_config_zone": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char*(48)" - ], - "docstring": "Executes the Write command, which writes the configuration zone. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "config_data", - "Data to the config zone data. ." - ] - ] - }, - "talib_write_pubkey_compat": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char*64" - ], - "docstring": "Executes the Write command, which writes a public key to a data handle in the device format. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "refer to handle where public key reside " - ], - [ - "public_key", - "Public key to write into the handle specified. X and Y integers in big-endian format. 64 bytes for P256 curve." - ] - ] - }, - "talib_write_zone": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_char_p", - "ctypes.c_uint8" - ], - "docstring": "Executes the Write command in compability mode. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "zone", - "Unused parameter " - ], - [ - "handle", - "the handle number to write to. " - ], - [ - "block", - "Block number (cryptoauth block size is 32 bytes) " - ], - [ - "offset", - "Byte offset within the \"block\" to write to. " - ], - [ - "data", - "Data to be written. " - ], - [ - "length", - "Number of bytes to be written." - ] - ] - }, - "talib_write_bytes_zone": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_size_t", - "ctypes.c_char_p", - "ctypes.c_size_t" - ], - "docstring": "Executes the Write command. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "zone", - "Unused parameter " - ], - [ - "handle", - "the handle number to write to. " - ], - [ - "offset_bytes", - "Byte offset within the handle to write to. " - ], - [ - "data", - "Data to be written. " - ], - [ - "length", - "Number of bytes to be written." - ] - ] - }, - "talib_write_gpio_pin_state": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "Executes write command to write the gpio pin state. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "gpio_handle", - "refer to gpio handle (gpio1, gpio2, gpio2) " - ], - [ - "pin_state", - "state of the gpio pin" - ] - ] - }, - "talib_write_volatile_shared_transfer": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16" - ], - "docstring": "Executes write command to transfer key from vol_reg to shared data. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "source_handle", - "handle from data will be copied " - ], - [ - "target_handle", - "handle where data will be written" - ] - ] - }, - "talib_write_priv_key": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes Write command to write a private key. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Target handle to write data " - ], - [ - "length", - "Number of bytes to write. Cannot exceed element size Valid only for partial writes " - ], - [ - "private_key", - "private key to write into key_handle mentioned" - ] - ] - }, - "talib_write_pub_key": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_char_p" - ], - "docstring": "TA API - Executes Write command to write a public key. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "key_handle", - "Target handle to write data " - ], - [ - "length", - "The size of the public key. Cannot exceed element size " - ], - [ - "public_key", - "Public key to write into key_handle mentioned" - ] - ] - }, - "talib_handle_init_public_key": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the Handle attributes for Public key. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer to store the 8 byte Handle attributes. " - ], - [ - "key_type", - "The key type for the Handle. " - ], - [ - "alg_mode", - "The algorithm mode for the key_type and is applicable to rsa key only. " - ], - [ - "secure_boot_enable", - "Mode for the Secure boot functions. " - ], - [ - "root_key_enable", - "Mode for the Public key functions. " - ] - ] - }, - "talib_handle_init_private_key": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the Handle attributes for Private key. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer to store the 8 byte Handle attributes. " - ], - [ - "key_type", - "The key type for the Handle. " - ], - [ - "alg_mode", - "The algorithm mode for the key_type and is applicable to rsa key only. " - ], - [ - "sign_use", - "Modes for signature generation. " - ], - [ - "key_agreement_use", - "Modes for Key agreement. " - ] - ] - }, - "talib_handle_init_symmetric_key": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the Handle attributes for Symmetric key. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer to store the 8 byte Handle attributes. " - ], - [ - "key_type", - "The key type for the Handle. " - ], - [ - "sym_usage", - "Modes for MAC/ENC/KDF operations. " - ] - ] - }, - "talib_handle_init_data": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint16" - ], - "docstring": "TA API - Helper function to create the Handle attributes for Symmetric key. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer to store the 8 byte Handle attributes. " - ], - [ - "data_size", - "The size of the data element and the maximum size is 2048. " - ] - ] - }, - "talib_handle_init_extracated_certificate": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the Handle attributes for Extracted Certificates. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer to store the 8 byte Handle attributes. " - ], - [ - "key_type", - "The key type the extracted cert. " - ], - [ - "alg_mode", - "The algorithm mode for the extracted cert and is applicable to rsa key only. " - ], - [ - "secure_boot_use", - "Modes for the Secure boot use. " - ], - [ - "intermediate_CA_enable", - "Mode for the extracted cert use as parent CA or not. " - ] - ] - }, - "talib_handle_init_fast_crypto_key_group": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the Handle attributes for Fast Crypto key group. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer to store the 8 byte Handle attributes. " - ], - [ - "key_type", - "The key type for the handle. Applicable only for symmetric key. " - ], - [ - "no_of_keys", - "No of key space in the handle. " - ], - [ - "handles", - "Mode for single key or for a group of keys space. " - ] - ] - }, - "talib_handle_set_permissions": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the permission for the handle. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer the handle attributes. " - ], - [ - "usage_perm", - "Usage permissions for the handle. " - ], - [ - "write_perm", - "Write permissions for the handle. " - ], - [ - "read_perm", - "Read permissions for the handle. " - ], - [ - "delete_perm", - "Delete permissions for the handle.. " - ] - ] - }, - "talib_handle_set_usage_permission": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the permission for the handle. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer the handle attributes. " - ], - [ - "usage_perm", - "Usage permissions for the handle. " - ] - ] - }, - "talib_handle_set_write_permission": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the permission for the handle. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer the handle attributes. " - ], - [ - "write_perm", - "Usage permissions for the handle. " - ] - ] - }, - "talib_handle_set_read_permission": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the permission for the handle. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer the handle attributes. " - ], - [ - "read_perm", - "Usage permissions for the handle. " - ] - ] - }, - "talib_handle_set_delete_permission": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.c_uint8" - ], - "docstring": "TA API - Helper function to create the permission for the handle. This function will not create the handle and it is only a helper function for Create command. ", - "parameters": [ - [ - "element_attributes", - "Pointer the handle attributes. " - ], - [ - "delete_perm", - "Usage permissions for the handle. " - ] - ] - }, - "talib_sequence_base": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32", - "ctypes.c_char_p", - "ctypes.c_uint16", - "ctypes.c_char_p", - "ctypes.POINTER(ctypes.c_uint16)" - ], - "docstring": "TA API - To pass data from host to TA100 or TA100 to host for sequence calculation. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "mode", - "Mode value for sequence operation " - ], - [ - "param", - "TA100 parameter for sequence command " - ], - [ - "data_in", - "Input data for the sequence command " - ], - [ - "data_in_length", - "Input data length " - ], - [ - "data_out", - "Output data buffer where sequence command output is copied " - ], - [ - "data_out_length", - "As input, the size of the data_out buffer and as output the size of the data." - ] - ] - }, - "talib_sharekey_sequence_init": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_bool", - "ctypes.c_void_p" - ], - "docstring": "TA API - To initialize share key sequence context with given input parameters. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations " - ], - [ - "target_handle", - "Handle where shared secret to be created " - ], - [ - "ephe_handle", - "Handle where local ephemeral to be created " - ], - [ - "sign_handle", - "Signing handle to create singature to be send to remote " - ], - [ - "cert_handle", - "Handle where remote certificate is extracted " - ], - [ - "symm_key_size", - "Share key size to be created " - ], - [ - "is_local_first", - "It is Set, if local nonce and public key to be used in first for TBS message " - ], - [ - "sharekey_cb", - "Call back function used to share IO buffers between application and CAL" - ] - ] - }, - "talib_sequence_sharekey_step1": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 1: Random. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step2": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 2: Remote Nonce. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step3": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 3: Create Target Handle. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step4": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 4: Create Ephemeral Key Handle. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step5": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 5: Key Gen Ephemeral Private Key. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step6": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 6: Receive Remote Ephemeral Public Key. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step7": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 7: Sign. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step8": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 8: Verify Remote Signature. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step9": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 9: Ephemeral ECDH. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sequence_sharekey_step10": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "Share Key - Step 10: KDF (HMAC-counter) ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sharekey_sequence_execute": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": "TA API - To execute share key sequence steps. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, - "talib_sharekey_sequence_terminate": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": "TA API - To terminate the share key sequence steps. ", - "parameters": [ - [ - "ctx", - "Share key sequence object that holds the share key related informations" - ] - ] - }, "atcab_get_device_address": { "restype": "ctypes.c_uint8", "argtypes": [ @@ -5649,429 +31,5 @@ ], "docstring": "Get the current device address based on the configured device and interface. ", "parameters": [] - }, - "talib_get_max_data_size": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "Gets the maximum length of data that can be written into the packet for the given session. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "size", - "Max data size allowed in the current session" - ] - ] - }, - "talib_auth_reset_on_device": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_reset_on_host": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_is_private": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": "Check if a slot is a private key. ", - "parameters": [ - [ - "device", - "Device context pointer " - ], - [ - "handle", - "Handle to query " - ], - [ - "is_private", - "return true if private" - ] - ] - }, - "talib_random_internal": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": null, - "parameters": [] - }, - "talib_handle_can_use": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": null, - "parameters": [] - }, - "talib_handle_can_read": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": null, - "parameters": [] - }, - "talib_handle_can_write": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ta_element_attributes_t)", - "ctypes.POINTER(ctypes.c_bool)" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_init": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint32", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_execute": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_sha_start": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_sha_update": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_bool" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_sha_finish": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_sha": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_char_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_hmac_start": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_hmac_update": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_bool" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_hmac_finish": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_hmac": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.POINTER(ctypes.c_uint32)", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_char_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_cmac_start": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.POINTER(ctypes.c_uint32)" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_cmac_update": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_bool" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_cmac_finish": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_char_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_fce_cmac": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint8", - "ctypes.POINTER(ctypes.c_uint32)", - "ctypes.c_char_p", - "ctypes.c_size_t", - "ctypes.c_char_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_get_context": { - "restype": "ctypes.c_void_p", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_get_max_data_size": { - "restype": "ctypes.c_size_t", - "argtypes": [ - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_verify_mac": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_char_p", - "ctypes.c_char_p", - "ctypes.c_size_t" - ], - "docstring": null, - "parameters": [] - }, - "talib_auth_packet_init": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ctypes.c_void_p)", - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_bool" - ], - "docstring": null, - "parameters": [] - }, - "talib_kdf_init": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ctypes.c_void_p)", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16" - ], - "docstring": null, - "parameters": [] - }, - "talib_kdf_execute": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_void_p" - ], - "docstring": null, - "parameters": [] - }, - "talib_kdf_sha_format": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": null, - "parameters": [] - }, - "talib_kdf_hmac_format": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": null, - "parameters": [] - }, - "talib_kdf_hkdf_format": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": null, - "parameters": [] - }, - "talib_kdf_prf_format": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_uint16" - ], - "docstring": null, - "parameters": [] - }, - "talib_cert_extract_internal": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_uint16", - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": "TA API - Executes ManageCert command to parse and verify x.509 certs or manage an input certificate revocation list. ", - "parameters": [ - [ - "device", - "Device object that holds the device related informations " - ], - [ - "parent_handle", - "Verifying certificate handle. This can be in Shared or Volatile " - ], - [ - "target_handle", - "Handle to write verified certificate or CRL element. After successful verification, extracted element is written to this handle. A value of 0xFFFF, skips write to handle but returns verification status " - ], - [ - "source_handle", - "Handle pointing to Full certificate or CRL. Only supports IO buffer or shared memory, but not Volatile register. CRL must point to IO buffer. " - ], - [ - "cert", - "Incoming buffer containing certificate or CRL when source handle pointing to IO buffer. Maximum size is 1020. If the certificate buffer is present then it will take priority over the source_handle parameter. Should be NULL if source_handle points to internal memory " - ] - ] - }, - "talib_read_init": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.POINTER(ctypes.c_void_p)", - "ctypes.c_uint8", - "ctypes.c_uint16", - "ctypes.c_uint16" - ], - "docstring": null, - "parameters": [] - }, - "talib_read_execute": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.c_void_p", - "ctypes.POINTER(ctypes.c_size_t)" - ], - "docstring": null, - "parameters": [] - }, - "talib_read_partial_internal": { - "restype": "ctypes.c_uint8", - "argtypes": [ - "ctypes.c_void_p", - "ctypes.c_uint16", - "ctypes.POINTER(ctypes.c_size_t)", - "ctypes.c_void_p", - "ctypes.c_bool" - ], - "docstring": null, - "parameters": [] } } \ No newline at end of file diff --git a/release_notes.md b/release_notes.md index 3451df5dc..b9bbafd06 100644 --- a/release_notes.md +++ b/release_notes.md @@ -1,6 +1,32 @@ # Microchip Cryptoauthlib Release Notes +## Release v3.7.5 (06/26/2024) + +### New Features + - In PKCS11 module, added ECCP384,ECCP521,ECCP224 elliptic curves support for + ECC key operations, in addition to the existing ECCP256 support + - Enhanced certificate related tests to include coverage for ECC204 and TA010 devices + - Added a new ATCA_HEAP internal macro check in place of ATCA_NO_HEAP for dynamic memory usages + - Added an additional test to validate AES-CBC encrypt/decrypt APIs using + CAVP's AES multiblock message test (MMT) sample vectors + - See [talib/CHANGES.md] for details on talib module changes + +### Fixes + - Fixed atcacert_get_comp_cert() API to support certificates with expiry dates beyond year 2031 + - Fixed atcacert_read_cert() API to consider serial number as source while processing + extracted certificates + - Fixed atcacert_write_cert() API to support X509 certificates with an odd byte length, + without any additional padding + - Fixed calib_execute_send() to consider correct data buffer when ATCA_HAL_LEGACY_API is used + - PKCS11 layer fixes/updates + - Fixed certificate chain/key export failures in ECC608 Trust devices + - Fixed memory leak during C_Finalize API call usage in a multi-slot configuration + +### API Changes + - Added atcacert_generate_sn() API in atcacert module to generate certificate serial number + from a valid serial number source + ## Release v3.7.4 (03/08/2024) ### New Features diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index a35ec5b02..7fc75d495 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -120,3 +120,8 @@ add_custom_command(TARGET cryptoauth_test POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_directory ${CMAKE_CURRENT_SOURCE_DIR}/vectors/hmac_test_vectors $/hmac_test_vectors ) + +add_custom_command(TARGET cryptoauth_test POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_directory + ${CMAKE_CURRENT_SOURCE_DIR}/vectors/aesmmt_cbc_cavp_vectors + $/aesmmt_cbc_cavp_vectors ) \ No newline at end of file diff --git a/test/api_atcab/atca_tests_aes_cbc.c b/test/api_atcab/atca_tests_aes_cbc.c index 1a9f3b47b..24aba0d87 100644 --- a/test/api_atcab/atca_tests_aes_cbc.c +++ b/test/api_atcab/atca_tests_aes_cbc.c @@ -460,9 +460,173 @@ TEST(atca_cmd_basic_test, aes_cbc_padding_simple) TEST_ASSERT_EQUAL(sizeof(g_plaintext), res_len); TEST_ASSERT_EQUAL_MEMORY(&g_plaintext, plaintext, sizeof(g_plaintext)); } + +#if defined(_WIN32) || defined(__linux__) +#define SIZE_OF_TEXT 340 +TEST(atca_cmd_basic_test, aes_cbc_mmt_cavp_vectors) +{ + uint8_t plaintext[SIZE_OF_TEXT]; + uint8_t * pPtr = plaintext; + uint8_t ciphertext[SIZE_OF_TEXT]; + uint8_t * cPtr = ciphertext; + size_t length = SIZE_OF_TEXT; + atca_aes_cbc_ctx_t ctx; + ATCA_STATUS status; + uint16_t key_slot; + FILE* rsp_file = NULL; + uint8_t line[SIZE_OF_TEXT]; + bool enc_oper = true; + char *str; + char *name_value; + uint8_t key[32]; + uint8_t iv[32]; + uint8_t pt[SIZE_OF_TEXT]; + uint8_t ct[SIZE_OF_TEXT]; + size_t key_size = 0; + size_t iv_size = 0; + uint32_t pt_size =0; + uint32_t ct_size =0; +#ifdef ATCA_PRINTF + uint16_t test_count = 0; +#endif + + // Skip test if data zone isn't locked + test_assert_data_is_locked(); + + // Skip test if AES is not enabled + check_config_aes_enable(); + + rsp_file = fopen("aesmmt_cbc_cavp_vectors/CBCMMT128.rsp", "r"); + TEST_ASSERT_NOT_NULL_MESSAGE(rsp_file, "Failed to open .rsp file"); + + status = atca_test_config_get_id(TEST_TYPE_AES, &key_slot); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + do + { + if (NULL == (str = fgets((char *)line, sizeof(line), rsp_file))) + { + continue; + } + else + { + size_t ln = strlen((const char *)line); + if (ln > 0 && line[ln - 2] == '\r') + { + line[ln - 1] = 0; + } + } + + if (!memcmp(str, "[ENCRYPT]", strlen("[ENCRYPT]"))) + { + enc_oper = true; + } + else if (!memcmp(str, "[DECRYPT]", strlen("[DECRYPT]"))) + { + enc_oper = false; + } + else if (!memcmp(str, "KEY = ", strlen("KEY = "))) + { + name_value = (char *)&line[strlen("KEY = ")]; + key_size = strlen(name_value) / 2; + hex_to_data(name_value, key, key_size); + } + else if (!memcmp(str, "IV = ", strlen("IV = "))) + { + name_value = (char *)&line[strlen("IV = ")]; + iv_size = strlen(name_value) / 2; + hex_to_data(name_value, iv, iv_size); + } + else if (!memcmp(str, "PLAINTEXT = ", strlen("PLAINTEXT = "))) + { + name_value = (char *)&line[strlen("PLAINTEXT = ")]; + pt_size = (uint32_t)strlen(name_value) / 2; + hex_to_data(name_value, pt, pt_size); + + /* Check to reconcile decrypted text */ + if (false == enc_oper) + { +#ifdef ATCA_PRINTF + //Process read vector + printf("%04d\r", test_count++); +#endif + + // Load AES keys into slot + status = atcab_write_bytes_zone(ATCA_ZONE_DATA, key_slot, 0, &key[0], 16); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Init CBC mode context using key in slot + status = atcab_aes_cbc_init(&ctx, key_slot, 0, iv); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Decrypt the entire plaintext + pPtr = plaintext; + length = sizeof(plaintext); + status = atcab_aes_cbc_decrypt_update(&ctx, (uint8_t*)ct, ct_size, pPtr, &length); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT_EQUAL(pt_size, length); + + pPtr += length; + length = sizeof(pt); + + // Finalize without padding + status = atcab_aes_cbc_decrypt_finish(&ctx, pPtr, &length); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT_EQUAL(0, length); + TEST_ASSERT_EQUAL_MEMORY(plaintext, pt, pt_size); + } + } + else if (!memcmp(str, "CIPHERTEXT = ", strlen("CIPHERTEXT = "))) + { + name_value = (char *)&line[strlen("CIPHERTEXT = ")]; + ct_size = (uint32_t)strlen(name_value) / 2; + hex_to_data(name_value, ct, ct_size); + + /* Check to reconcile encrypted text */ + if (true == enc_oper) + { +#ifdef ATCA_PRINTF + //Process read vector + printf("%04d\r", test_count++); #endif + // Load AES keys into slot + status = atcab_write_bytes_zone(ATCA_ZONE_DATA, key_slot, 0, &key[0], 16); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Init CBC mode context using key in slot + status = atcab_aes_cbc_init(&ctx, key_slot, 0, iv); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + // Encrypt the entire plaintext + cPtr = ciphertext; + length = sizeof(ciphertext); + status = atcab_aes_cbc_encrypt_update(&ctx, (uint8_t*)pt, pt_size, cPtr, &length); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT_EQUAL(ct_size, length); + cPtr += length; + + // Finalize without padding + length = sizeof(pt); + status = atcab_aes_cbc_encrypt_finish(&ctx, cPtr, &length); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT_EQUAL(0, length); + TEST_ASSERT_EQUAL_MEMORY(ciphertext, ct, ct_size); + } + } + } + while (!feof(rsp_file)); + + fclose(rsp_file); + +#ifdef ATCA_PRINTF + printf("\n"); +#endif +} +#undef SIZE_OF_TEXT +#endif //_WIN32 / __linux__ #endif /* TEST_ATCAB_AES_CBC_EN */ +#endif // *INDENT-OFF* - Preserve formatting t_test_case_info aes_cbc_basic_test_info[] = @@ -480,6 +644,9 @@ t_test_case_info aes_cbc_basic_test_info[] = { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_update_simple), atca_test_cond_ta }, { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_decrypt_update_chunks), atca_test_cond_ta }, { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_padding_simple), atca_test_cond_ta }, +#if defined(_WIN32) || defined(__linux__) + { REGISTER_TEST_CASE(atca_cmd_basic_test, aes_cbc_mmt_cavp_vectors), atca_test_cond_ta }, +#endif //_WIN32 / __linux__ #endif /* TEST_ATCAB_AES_CBC_UPDATE_EN */ #endif /* TEST_ATCAB_AES_CBC_EN */ { (fp_test_case)NULL, NULL }, /* Array Termination element*/ diff --git a/test/api_atcab/atca_tests_sign.c b/test/api_atcab/atca_tests_sign.c index d4b3796d3..6d298dc9d 100644 --- a/test/api_atcab/atca_tests_sign.c +++ b/test/api_atcab/atca_tests_sign.c @@ -78,7 +78,7 @@ TEST(atca_cmd_basic_test, sign_sw_verify) TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); /* Initialize a software public key context */ -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) pkey = atcac_pk_ctx_new(); #else atcac_pk_ctx_t pkey_ctx; @@ -95,7 +95,7 @@ TEST(atca_cmd_basic_test, sign_sw_verify) status = atcac_pk_verify(pkey, msg, sizeof(msg), signature, sizeof(signature)); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) if (NULL != pkey) { atcac_pk_free(pkey); diff --git a/test/api_atcab/atca_tests_verify.c b/test/api_atcab/atca_tests_verify.c index 76da8de65..f7eeda841 100644 --- a/test/api_atcab/atca_tests_verify.c +++ b/test/api_atcab/atca_tests_verify.c @@ -268,7 +268,7 @@ TEST(atca_cmd_basic_test, verify_stored_on_reqrandom_set) #if defined(ATCA_MBEDTLS) || defined(ATCA_OPENSSL) || defined(ATCA_WOLFSSL) struct atcac_pk_ctx * sign_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) sign_ctx = atcac_pk_ctx_new(); TEST_ASSERT_NOT_NULL(sign_ctx); #else @@ -344,7 +344,7 @@ TEST(atca_cmd_basic_test, verify_stored_on_reqrandom_set) status = atcac_pk_free(sign_ctx); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); - #if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) + #if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) atcac_pk_ctx_free(sign_ctx); #endif #endif diff --git a/test/api_crypto/test_crypto_aes.c b/test/api_crypto/test_crypto_aes.c index a3bc4929f..339077c54 100644 --- a/test/api_crypto/test_crypto_aes.c +++ b/test/api_crypto/test_crypto_aes.c @@ -57,8 +57,7 @@ TEST(atcac_aes, aes128_gcm_nist) uint8_t tag[AES_DATA_SIZE]; bool is_verified; struct atcac_aes_gcm_ctx * ctx; - -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) ctx = atcac_aes_gcm_ctx_new(); #else atcac_aes_gcm_ctx_t gcm_ctx; @@ -184,7 +183,7 @@ TEST(atcac_aes, aes128_gcm_nist) } } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) if (NULL != ctx) { atcac_aes_gcm_ctx_free(ctx); @@ -202,7 +201,7 @@ TEST(atcac_aes, aes128_cmac_nist) struct atcac_aes_cmac_ctx * ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) ctx = atcac_aes_cmac_ctx_new(); #else atcac_aes_cmac_ctx_t cmac_ctx; @@ -225,7 +224,7 @@ TEST(atcac_aes, aes128_cmac_nist) TEST_ASSERT_EQUAL_MEMORY(g_cmacs[key_block][msg_index], cmac, sizeof(cmac)); } } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) if (NULL != ctx) { atcac_aes_cmac_ctx_free(ctx); diff --git a/test/api_crypto/test_crypto_pk.c b/test/api_crypto/test_crypto_pk.c index b466c73d5..70646bb1d 100644 --- a/test/api_crypto/test_crypto_pk.c +++ b/test/api_crypto/test_crypto_pk.c @@ -54,7 +54,7 @@ TEST(atcac_pk, verify_nist) struct atcac_pk_ctx * pkey_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) pkey_ctx = atcac_pk_ctx_new(); TEST_ASSERT_NOT_NULL(pkey_ctx); #else @@ -98,7 +98,7 @@ TEST(atcac_pk, verify_nist) } } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) atcac_pk_ctx_free(pkey_ctx); #endif } @@ -131,7 +131,7 @@ TEST(atcac_pk, init_public) struct atcac_pk_ctx * pkey_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) pkey_ctx = atcac_pk_ctx_new(); TEST_ASSERT_NOT_NULL(pkey_ctx); #else @@ -151,7 +151,7 @@ TEST(atcac_pk, init_public) status = atcac_pk_free(pkey_ctx); TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) atcac_pk_ctx_free(pkey_ctx); #endif } @@ -168,7 +168,7 @@ TEST(atcac_pk, sign_simple) size_t sig_size = sizeof(signature); ATCA_STATUS status; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) sign_ctx = atcac_pk_ctx_new(); TEST_ASSERT_NOT_NULL(sign_ctx); verify_ctx = atcac_pk_ctx_new(); @@ -204,7 +204,7 @@ TEST(atcac_pk, sign_simple) status = atcac_pk_verify(verify_ctx, digest, sizeof(digest), &signature[sig_size - 64], 64); TEST_ASSERT_NOT_EQUAL(ATCA_SUCCESS, status); -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) if (NULL != sign_ctx) { atcac_pk_free(sign_ctx); @@ -227,7 +227,7 @@ TEST(atcac_pk, derive_ecdh_p256_nist) size_t result_size; size_t i; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) pri_ctx = atcac_pk_ctx_new(); TEST_ASSERT_NOT_NULL(pri_ctx); pub_ctx = atcac_pk_ctx_new(); @@ -261,7 +261,7 @@ TEST(atcac_pk, derive_ecdh_p256_nist) TEST_ASSERT_EQUAL_MEMORY(ecdh_p256_test_vectors[i].ZIUT, result, 32); } -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) atcac_pk_ctx_free(pri_ctx); atcac_pk_ctx_free(pub_ctx); #endif diff --git a/test/api_crypto/test_crypto_sha.c b/test/api_crypto/test_crypto_sha.c index 38f620d2a..cb72b9d18 100644 --- a/test/api_crypto/test_crypto_sha.c +++ b/test/api_crypto/test_crypto_sha.c @@ -105,7 +105,7 @@ TEST(atcac_sha, sha1_nist3) struct atcac_sha1_ctx * ctx; uint32_t i; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) ctx = atcac_sha1_ctx_new(); TEST_ASSERT_NOT_NULL(ctx); #else @@ -126,7 +126,7 @@ TEST(atcac_sha, sha1_nist3) TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); TEST_ASSERT_EQUAL_MEMORY(digest_ref, digest, sizeof(digest_ref)); -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) atcac_sha1_ctx_free(ctx); #endif } @@ -275,7 +275,7 @@ TEST(atcac_sha, sha256_nist3) struct atcac_sha2_256_ctx* ctx; uint32_t i; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) ctx = atcac_sha256_ctx_new(); TEST_ASSERT_NOT_NULL(ctx); #else @@ -296,7 +296,7 @@ TEST(atcac_sha, sha256_nist3) TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); TEST_ASSERT_EQUAL_MEMORY(digest_ref, digest, sizeof(digest_ref)); -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) atcac_sha256_ctx_free(ctx); #endif } @@ -430,7 +430,7 @@ TEST(atcac_sha, sha256_hmac) }; struct atcac_hmac_ctx* ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) sha256_ctx = atcac_sha256_ctx_new(); TEST_ASSERT_NOT_NULL(sha256_ctx); ctx = atcac_hmac_ctx_new(); @@ -454,7 +454,7 @@ TEST(atcac_sha, sha256_hmac) TEST_ASSERT_EQUAL_MEMORY(hmac_ref, hmac, ATCA_SHA256_DIGEST_SIZE); -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) atcac_hmac_ctx_free(ctx); atcac_sha256_ctx_free(sha256_ctx); #endif @@ -478,7 +478,7 @@ TEST(atcac_sha, sha256_hmac_nist) struct atcac_hmac_ctx* hmac_ctx; struct atcac_sha2_256_ctx* sha256_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) sha256_ctx = atcac_sha256_ctx_new(); TEST_ASSERT_NOT_NULL(sha256_ctx); hmac_ctx = atcac_hmac_ctx_new(); @@ -529,7 +529,7 @@ TEST(atcac_sha, sha256_hmac_nist) } while (ret == ATCA_SUCCESS); -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) atcac_hmac_ctx_free(hmac_ctx); atcac_sha256_ctx_free(sha256_ctx); #endif diff --git a/test/atca_test.c b/test/atca_test.c index 62c8526cb..b257138b9 100644 --- a/test/atca_test.c +++ b/test/atca_test.c @@ -410,6 +410,48 @@ void atca_test_assert_ta_sboot_preboot_enabled(UNITY_LINE_TYPE from_line) } } } + +//The Function checks the digest type used for preboot Secureboot in configuration zone , if it is not set, it skips the test +void atca_test_assert_ta_sboot_preboot_digest_type_enabled(UNITY_LINE_TYPE from_line, uint8_t mode) +{ + if (atcab_is_ta_device(gCfg->devtype)) + { + ATCA_STATUS status; + uint8_t check_config_sboot_preboot_digest_type_enable[8]; + uint16_t config_size = sizeof(check_config_sboot_preboot_digest_type_enable); + cal_buffer check_config_sboot_preboot_digest_type_enable_buf = CAL_BUF_INIT(config_size, check_config_sboot_preboot_digest_type_enable); + + // Bytes 32 of the config zone contains the Secure boot config bit + status = talib_read_partial_element(atcab_get_device(), TA_HANDLE_CONFIG_MEMORY, 32, &check_config_sboot_preboot_digest_type_enable_buf); + UNITY_TEST_ASSERT_EQUAL_INT(ATCA_SUCCESS, status, from_line, NULL); + + if ((check_config_sboot_preboot_digest_type_enable[6] & TA_SECUREBOOT_CONFIG_PREBOOT_DIGEST_MASK) != mode) + { + TEST_IGNORE_MESSAGE("Ignoring the test, Digest type for Preboot Secureboot is not configured"); + } + } +} + +//The Function checks the digest type used for Secureboot in configuration zone , if it is not set, it skips the test +void atca_test_assert_ta_sboot_digest_type_enabled(UNITY_LINE_TYPE from_line, uint8_t mode) +{ + if (atcab_is_ta_device(gCfg->devtype)) + { + ATCA_STATUS status; + uint8_t check_config_sboot_digest_type_enable[8]; + uint16_t config_size = sizeof(check_config_sboot_digest_type_enable); + cal_buffer check_config_sboot_digest_type_enable_buf = CAL_BUF_INIT(config_size, check_config_sboot_digest_type_enable); + + // Bytes 32 of the config zone contains the Secure boot config bit + status = talib_read_partial_element(atcab_get_device(), TA_HANDLE_CONFIG_MEMORY, 32, &check_config_sboot_digest_type_enable_buf); + UNITY_TEST_ASSERT_EQUAL_INT(ATCA_SUCCESS, status, from_line, NULL); + + if ((check_config_sboot_digest_type_enable[6] & TA_SECUREBOOT_CONFIG_DIGEST_MASK) != mode) + { + TEST_IGNORE_MESSAGE("Ignoring the test, Digest type for Secureboot is not configured"); + } + } +} #endif ATCA_STATUS atca_test_config_get_id(uint8_t test_type, uint16_t* handle) diff --git a/test/atca_test.h b/test/atca_test.h index 2a19fa6f8..259c93200 100644 --- a/test/atca_test.h +++ b/test/atca_test.h @@ -80,7 +80,7 @@ typedef struct #define TEST_CONDITION(group, name) bool TEST_ ## group ## _ ## name ## _cond(void) -#if !defined(ATCA_ECC_SUPPORT) && !defined(DO_NOT_TEST_CERT) +#if !defined(ATCA_ECC_SUPPORT) && !(ATCA_CA2_CERT_SUPPORT) && !defined(DO_NOT_TEST_CERT) #define DO_NOT_TEST_CERT #endif @@ -156,6 +156,8 @@ void atca_test_assert_aes_enabled(UNITY_LINE_TYPE from_line); #if ATCA_TA_SUPPORT void atca_test_assert_ta_sboot_enabled(UNITY_LINE_TYPE from_line, uint8_t mode); void atca_test_assert_ta_sboot_preboot_enabled(UNITY_LINE_TYPE from_line); +void atca_test_assert_ta_sboot_preboot_digest_type_enabled(UNITY_LINE_TYPE from_line, uint8_t mode); +void atca_test_assert_ta_sboot_digest_type_enabled(UNITY_LINE_TYPE from_line, uint8_t mode); #endif #define unit_test_assert_config_is_locked() atca_test_assert_config_is_locked(__LINE__) @@ -172,23 +174,29 @@ void atca_test_assert_ta_sboot_preboot_enabled(UNITY_LINE_TYPE from_line); #define check_config_aes_enable() atca_test_assert_aes_enabled(__LINE__) #define check_config_ta_sboot_enable(mode) atca_test_assert_ta_sboot_enabled(__LINE__, mode) #define check_config_ta_sboot_preboot_enable() atca_test_assert_ta_sboot_preboot_enabled(__LINE__) - - -#define TEST_TYPE_ECC_SIGN (1) -#define TEST_TYPE_ECC_VERIFY (2) -#define TEST_TYPE_ECC_GENKEY (3) -#define TEST_TYPE_AES (4) -#define TEST_TYPE_DATA (5) -#define TEST_TYPE_HMAC (6) -#define TEST_TYPE_ECDH (7) -#define TEST_TYPE_AUTH_HMAC (8) -#define TEST_TYPE_AUTH_CMAC (9) -#define TEST_TYPE_AUTH_GCM (10) -#define TEST_TYPE_ECC_ROOT_KEY (11) -#define TEST_TYPE_ECC_ROOTED25519_KEY (12) -#define TEST_TYPE_ECC_ROOTRSA2K_KEY (13) -#define TEST_TYPE_TEMPLATE_DATA (14) -#define TEST_TYPE_CRL_KEY_SIGN (15) +#define check_config_ta_sboot_preboot_digest_type_enable(mode) atca_test_assert_ta_sboot_preboot_digest_type_enabled(__LINE__, mode) +#define check_config_ta_sboot_digest_type_enable(mode) atca_test_assert_ta_sboot_digest_type_enabled(__LINE__, mode) + + +#define TEST_TYPE_ECC_SIGN (1) +#define TEST_TYPE_ECC_VERIFY (2) +#define TEST_TYPE_ECC_GENKEY (3) +#define TEST_TYPE_AES (4) +#define TEST_TYPE_DATA (5) +#define TEST_TYPE_HMAC (6) +#define TEST_TYPE_ECDH (7) +#define TEST_TYPE_AUTH_HMAC (8) +#define TEST_TYPE_AUTH_CMAC (9) +#define TEST_TYPE_AUTH_GCM (10) +#define TEST_TYPE_ECC_ROOT_KEY (11) +#define TEST_TYPE_ECC_ROOTED25519_KEY (12) +#define TEST_TYPE_ECC_ROOTRSA2K_KEY (13) +#define TEST_TYPE_TEMPLATE_DATA (14) +#define TEST_TYPE_CRL_KEY_SIGN (15) +#define TEST_TYPE_ECC_ROOT_KEY_P384 (16) +#define TEST_TYPE_ECC_ROOT_KEY_P521 (17) +#define TEST_TYPE_ECC_ROOT_KEY_ED25519 (18) +#define TEST_TYPE_RSA3072_CERT (19) typedef struct { diff --git a/test/atca_test_console.c b/test/atca_test_console.c index 462e9c021..d9a1a17ca 100644 --- a/test/atca_test_console.c +++ b/test/atca_test_console.c @@ -245,7 +245,7 @@ int read_sernum(int argc, char* argv[]) return status; } -#if defined(ATCA_ECC_SUPPORT) && !defined(DO_NOT_TEST_CERT) +#ifndef DO_NOT_TEST_CERT void RunAllCertDataTests(void); int certdata_unit_tests(int argc, char* argv[]) { @@ -545,7 +545,7 @@ int run_all_tests(int argc, char* argv[]) } #endif -#if !defined(DO_NOT_TEST_CERT) && defined(ATCA_ECC_SUPPORT) +#if !defined(DO_NOT_TEST_CERT) && (defined(ATCA_ECC_SUPPORT) || (ATCA_CA2_CERT_SUPPORT)) if (atIsECCFamily(gCfg->devtype)) { fails += run_test(argc, argv, RunAllCertIOTests); diff --git a/test/atcacert/test_atcacert.c b/test/atcacert/test_atcacert.c index 724699438..95471f34f 100644 --- a/test/atcacert/test_atcacert.c +++ b/test/atcacert/test_atcacert.c @@ -85,6 +85,7 @@ void RunAllCertDataTests(void) RUN_TEST_GROUP(atcacert_get_signer_id); RUN_TEST_GROUP(atcacert_set_cert_sn); RUN_TEST_GROUP(atcacert_gen_cert_sn); + RUN_TEST_GROUP(atcacert_generate_sn); RUN_TEST_GROUP(atcacert_get_cert_sn); RUN_TEST_GROUP(atcacert_set_auth_key_id); RUN_TEST_GROUP(atcacert_get_auth_key_id); @@ -101,8 +102,14 @@ void RunAllCertDataTests(void) void RunAllCertIOTests(void) { +#if ATCA_ECC_SUPPORT RUN_TEST_GROUP(atcacert_client); RUN_TEST_GROUP(atcacert_host_hw); +#endif + +#if ATCA_CA2_CERT_SUPPORT + RUN_TEST_GROUP(atcacert_client_ca2); +#endif } #endif diff --git a/test/atcacert/test_atcacert.h b/test/atcacert/test_atcacert.h index 9acc28573..8fbcc4e1d 100644 --- a/test/atcacert/test_atcacert.h +++ b/test/atcacert/test_atcacert.h @@ -34,8 +34,6 @@ extern "C" { #include "atca_test.h" - - /* Console Functions */ int certdata_unit_tests(int argc, char* argv[]); int certio_unit_tests(int argc, char* argv[]); diff --git a/test/atcacert/test_atcacert_client.c b/test/atcacert/test_atcacert_client.c index 01bf81159..d30e14ffe 100644 --- a/test/atcacert/test_atcacert_client.c +++ b/test/atcacert/test_atcacert_client.c @@ -39,6 +39,9 @@ #include "test_cert_def_2_device_csr.h" #include "test_cert_def_4_device.h" #include "test_cert_def_5_device.h" +#include "test_cert_def_8_signer.h" +#include "test_cert_def_9_device.h" +#include "test_cert_def_10_device.h" #ifdef ATCA_MBEDTLS #include "mbedtls/certs.h" @@ -56,6 +59,9 @@ size_t g_signer_cert_ref_size = 0; uint8_t g_device_cert_ref[512]; size_t g_device_cert_ref_size = 0; +//Flag to switch to atcacert_write_cert api or use the talib_write_cert api in the tests +#define TALIB_API_WRITE_RSACERT FEATURE_ENABLED + #if ATCACERT_COMPCERT_EN static void build_and_save_cert( const atcacert_def_t* cert_def, @@ -65,14 +71,17 @@ static void build_and_save_cert( const uint8_t public_key[64], const uint8_t signer_id[2], const atcacert_tm_utc_t* issue_date, - const uint8_t config32[32], + const uint8_t * config, uint8_t ca_slot) { int ret; atcacert_build_state_t build_state; uint8_t tbs_digest[32]; uint8_t signature[64]; + uint8_t comp_cert[72]; size_t max_cert_size = *cert_size; + uint16_t config_count = atcab_is_ca2_device(atcab_get_device_type()) ? 16U : 32U; + atcacert_tm_utc_t expire_date = { .tm_year = issue_date->tm_year + cert_def->expire_years, .tm_mon = issue_date->tm_mon, @@ -81,11 +90,13 @@ static void build_and_save_cert( .tm_min = 0, .tm_sec = 0 }; - const atcacert_device_loc_t config32_dev_loc = { + + const atcacert_device_loc_t config_dev_loc = { .zone = DEVZONE_CONFIG, .offset = 0, - .count = 32 + .count = config_count }; + atcacert_device_loc_t device_locs[4]; size_t device_locs_count = 0; size_t i; @@ -96,7 +107,7 @@ static void build_and_save_cert( TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); } - ret = atcacert_cert_build_start(&build_state, cert_def, cert, cert_size, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(),&build_state, cert_def, cert, cert_size, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); ret = atcacert_set_subj_public_key(build_state.cert_def, build_state.cert, *build_state.cert_size, public_key); @@ -107,7 +118,13 @@ static void build_and_save_cert( TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); ret = atcacert_set_signer_id(build_state.cert_def, build_state.cert, *build_state.cert_size, signer_id); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - ret = atcacert_cert_build_process(&build_state, &config32_dev_loc, config32); + ret = atcacert_get_comp_cert(build_state.cert_def, build_state.cert, *build_state.cert_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_cert_build_process(&build_state, &config_dev_loc, config); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_cert_build_process(&build_state, &cert_def->comp_cert_dev_loc, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); ret = atcacert_cert_build_finish(&build_state); @@ -122,7 +139,7 @@ static void build_and_save_cert( ret = atcacert_set_signature(cert_def, cert, cert_size, max_cert_size, signature); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - ret = atcacert_get_device_locs(cert_def, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 32); + ret = atcacert_get_device_locs(atcab_get_device(),cert_def, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 32); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); for (i = 0; i < device_locs_count; i++) @@ -163,10 +180,17 @@ TEST_SETUP(atcacert_client) { int ret = 0; bool lockstate = 0; + bool is_ca_device = false; ret = atcab_init(gCfg); TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + is_ca_device = atcab_is_ca_device(atcab_get_device_type()); + if(false == is_ca_device) + { + TEST_IGNORE_MESSAGE("This Test group can be run on Ca devices only"); + } + ret = atcab_is_config_locked(&lockstate); TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); if (!lockstate) @@ -197,6 +221,9 @@ TEST_TEAR_DOWN(atcacert_client) } #if ATCACERT_COMPCERT_EN +//! #warning "For demonstration purposes, we're storing the Root private key and Signer private key inside a protected part of the device. +//! However, for production setup, these secure keys should not be kept in the device, +//! and the process to create a verification certificate should be performed off-chip." TEST(atcacert_client, init) { int ret = 0; @@ -225,7 +252,6 @@ TEST(atcacert_client, init) char disp_str[1500]; size_t disp_size = sizeof(disp_str); - ret = atcab_read_zone(ATCA_ZONE_CONFIG, 0, 0, 0, config32, 32); TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); @@ -289,6 +315,7 @@ TEST(atcacert_client, atcacert_read_device_loc_gen_key) int ret; uint8_t public_key[ATCA_ECCP256_PUBKEY_SIZE]; uint8_t data[sizeof(public_key)]; + atcacert_device_loc_t device_loc = { DEVZONE_DATA, 0, TRUE, 0, 64 }; ret = atcab_get_pubkey(device_loc.slot, public_key); @@ -439,6 +466,38 @@ TEST(atcacert_client, atcacert_read_cert_bad_params) TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); } +TEST(atcacert_client, atcacert_get_response_bad_params) +{ + int ret = 0; + uint8_t response[64]; + const uint8_t challenge[32] = { + 0x0c, 0xa6, 0x34, 0xc8, 0x37, 0x2f, 0x87, 0x99, 0x99, 0x7e, 0x9e, 0xe9, 0xd5, 0xbc, 0x72, 0x71, + 0x84, 0xd1, 0x97, 0x0a, 0xea, 0xfe, 0xac, 0x60, 0x7e, 0xd1, 0x3e, 0x12, 0xb7, 0x32, 0x25, 0xf1 + }; + + ret = atcacert_get_response(16, challenge, response); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(0, NULL, response); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(16, NULL, response); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(0, challenge, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(16, challenge, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(0, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(16, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} + +#if (ATCA_ECC_SUPPORT) TEST(atcacert_client, atcacert_get_response) { int ret = 0; @@ -472,37 +531,6 @@ TEST(atcacert_client, atcacert_get_response) printf("Public Key:\r\n%s\r\n", disp_str); } -TEST(atcacert_client, atcacert_get_response_bad_params) -{ - int ret = 0; - uint8_t response[64]; - const uint8_t challenge[32] = { - 0x0c, 0xa6, 0x34, 0xc8, 0x37, 0x2f, 0x87, 0x99, 0x99, 0x7e, 0x9e, 0xe9, 0xd5, 0xbc, 0x72, 0x71, - 0x84, 0xd1, 0x97, 0x0a, 0xea, 0xfe, 0xac, 0x60, 0x7e, 0xd1, 0x3e, 0x12, 0xb7, 0x32, 0x25, 0xf1 - }; - - ret = atcacert_get_response(16, challenge, response); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - - ret = atcacert_get_response(0, NULL, response); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - - ret = atcacert_get_response(16, NULL, response); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - - ret = atcacert_get_response(0, challenge, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - - ret = atcacert_get_response(16, challenge, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - - ret = atcacert_get_response(0, NULL, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - - ret = atcacert_get_response(16, NULL, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); -} - TEST(atcacert_client, atcacert_generate_device_csr) { uint8_t csr_der_buffer[512]; @@ -593,6 +621,7 @@ TEST(atcacert_client, atcacert_generate_device_csr_pem) TEST_ASSERT(is_verified); } #endif +#endif #if ATCACERT_INTEGRATION_EN @@ -703,7 +732,7 @@ TEST(atcacert_client, atcacert_get_subj_pbkey) uint8_t ref_pubkey[64] = { 0x00 }; if (atcab_is_ca_device(dev_type)) - { + { #if ATCA_CA_SUPPORT // Skip test if data zone is locked test_assert_data_is_unlocked(); @@ -734,7 +763,7 @@ TEST(atcacert_client, atcacert_get_subj_pbkey) #endif } else - { + { #if ATCA_TA_SUPPORT uint8_t ref_pubkey_ta[64] = { 0x62, 0xB4, 0xC4, 0xF9, 0x4E, 0xD0, 0xDB, 0x36, 0xFE, 0xEC, 0x9A, 0x4E, 0xC8, 0x2A, 0x93, 0x96, 0x47, 0x1D, 0x01, 0x0A, 0xA9, 0x37, 0x91, 0x98, 0xB4, 0xBD, 0xDB, 0x7E, 0xEB, 0xD3, 0x32, 0x65, 0x88, 0xAA, 0xA5, 0x53, 0xC1, 0x61, 0x63, 0x92, 0xC9, 0xE4, 0x2D, 0xD1, 0x88, 0x56, 0x9F, 0x9A, 0xC2, 0x54, 0x85, 0x4A, 0xAA, 0xF4, 0xEC, 0xB8, 0x12, 0xBC, 0x66, 0x5D, 0x76, 0xE2, 0x22, 0xC8 }; @@ -780,7 +809,7 @@ TEST(atcacert_client, atcacert_get_subj_pbkey_id) size_t cert_sz = 0x00; if (atcab_is_ca_device(dev_type)) - { + { #if ATCA_CA_SUPPORT // Skip test if data zone is locked test_assert_data_is_unlocked(); @@ -811,7 +840,7 @@ TEST(atcacert_client, atcacert_get_subj_pbkey_id) } else - { + { #if ATCA_TA_SUPPORT uint8_t ref_key_id_ta[20] = { 0x00, 0xD8, 0xDE, 0xEC, 0x59, 0x5C, 0xE6, 0x3E, 0x43, 0x44, 0x77, 0xEA, 0xDA, 0x57, 0xE4, 0xEB, 0x6C, 0x22, 0xD6, 0x15 }; memcpy(ref_key_id, ref_key_id_ta, sizeof(ref_key_id_ta)); @@ -871,7 +900,7 @@ TEST(atcacert_client, atcacert_get_issue_date_test) ATCADeviceType dev_type = atca_test_get_device_type(); if (atcab_is_ca_device(dev_type)) - { + { #if ATCA_CA_SUPPORT // Skip test if data zone is locked test_assert_data_is_unlocked(); @@ -912,7 +941,7 @@ TEST(atcacert_client, atcacert_get_issue_date_test) #endif } else - { + { #if ATCA_TA_SUPPORT static const atcacert_tm_utc_t issue_date_ref_ta = { .tm_year = 122, @@ -1072,7 +1101,7 @@ TEST(atcacert_client, atcacert_get_serial_num) ATCADeviceType dev_type = atca_test_get_device_type(); if (atcab_is_ca_device(dev_type)) - { + { #if ATCA_CA_SUPPORT // Skip test if data zone is locked test_assert_data_is_unlocked(); @@ -1104,7 +1133,7 @@ TEST(atcacert_client, atcacert_get_serial_num) #endif } else - { + { #if ATCA_TA_SUPPORT uint8_t ref_cert_sn_ta[32] = { 0x01 }; memcpy(ref_cert_sn, ref_cert_sn_ta, sizeof(ref_cert_sn_ta)); @@ -1281,5 +1310,378 @@ TEST(atcacert_client, atcacert_get_issuer_test) #endif } } + +/** \brief Execute write and read command to create handle for large certificate element on shared data memory of odd size + */ +#if ATCA_TA_SUPPORT + +TEST(atcacert_client, atcacert_write_rsa_signed_cert) +{ + ATCA_STATUS status; + ta_element_attributes_t attr_crt_handle_attr; + + // Skip test if data zone isn't locked + test_assert_data_is_locked(); + + // Skip test if config zone isn't locked + test_assert_config_is_locked(); + + uint16_t cert_handle; + status = atca_test_config_get_id(TEST_TYPE_RSA3072_CERT, &cert_handle); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + uint16_t cert_size = (sizeof(g_test_cert_rsa3072)+1u); + + uint8_t cert_rd[1431] = {0x00}; + size_t cert_rd_sz = 0x00; + +//Flag to select which api to use for writing the certificate in the atcacert_write_rsa_signed_cert test +#if TALIB_API_WRITE_RSACERT == FEATURE_ENABLED + cal_buffer cert_data_buf = CAL_BUF_INIT(sizeof(g_test_cert_rsa3072), g_test_cert_rsa3072); + status = talib_write_X509_cert(atcab_get_device(), cert_handle, &cert_data_buf); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + cal_buffer cert_rddata_buf = CAL_BUF_INIT(cert_rd_sz, NULL); + //Read cert get the length of the certificate stored; pass null output buffer + status = talib_read_X509_cert(atcab_get_device(), cert_handle, &cert_rddata_buf); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT_EQUAL(cert_rddata_buf.len, g_test_cert_def_10_device.cert_template_size); + //Read full certificate stored + cert_rddata_buf.buf = cert_rd; + status = talib_read_X509_cert(atcab_get_device(), cert_handle, &cert_rddata_buf); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + +#else + status = atcacert_write_cert(&g_test_cert_def_10_device, g_test_cert_rsa3072, g_test_cert_def_10_device.cert_template_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + //Read cert get the length of the certificate stored; pass null output buffer + status = atcacert_read_cert(&g_test_cert_def_10_device, NULL, NULL, &cert_rd_sz); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT_EQUAL(cert_rd_sz, g_test_cert_def_10_device.cert_template_size); + //Read cert to check the asn1 parse der api works fine + status = atcacert_read_cert(&g_test_cert_def_10_device, NULL, cert_rd, &cert_rd_sz); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + TEST_ASSERT_EQUAL(cert_rd_sz, g_test_cert_def_10_device.cert_template_size); +#endif + TEST_ASSERT_EQUAL_MEMORY(&g_test_cert_rsa3072, cert_rd, g_test_cert_def_10_device.cert_template_size); + status = talib_delete_handle(atcab_get_device(), (uint32_t)cert_handle); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); +} +#endif + +#endif + +#if ATCA_CA2_CERT_SUPPORT +TEST_GROUP(atcacert_client_ca2); + +TEST_SETUP(atcacert_client_ca2) +{ + int ret = 0; + bool lockstate = 0; + bool is_ca2_device = false; + + ret = atcab_init(gCfg); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + + is_ca2_device = atcab_is_ca2_device(atcab_get_device_type()); + if(false == is_ca2_device) + { + TEST_IGNORE_MESSAGE("This Test group can be run on Ecc204/ta010 devices only"); + } + + ret = atcab_is_config_locked(&lockstate); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + if (!lockstate) + { + TEST_IGNORE_MESSAGE("Config zone must be locked for this test."); + } +} + +TEST_TEAR_DOWN(atcacert_client_ca2) +{ + ATCA_STATUS status; + + status = atcab_release(); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); +} + +//! #warning "For demonstration purposes, we're storing the Root private key and Signer private key inside a protected part of the device. +//! However, for production setup, these secure keys should not be kept in the device, +//! and the process to create a verification certificate should be performed off-chip." +TEST(atcacert_client_ca2, init) +{ + int ret = 0; + static const uint8_t signer_ca_private_key_slot = 0; + static const uint8_t signer_private_key_slot = 0; + uint8_t signer_id[2] = { 0xC4, 0x8B }; + const atcacert_tm_utc_t signer_issue_date = { + .tm_year = 2014 - 1900, + .tm_mon = 8 - 1, + .tm_mday = 2, + .tm_hour = 20, + .tm_min = 0, + .tm_sec = 0 + }; + static const uint8_t device_private_key_slot = 0; + const atcacert_tm_utc_t device_issue_date = { + .tm_year = 2015 - 1900, + .tm_mon = 9 - 1, + .tm_mday = 3, + .tm_hour = 21, + .tm_min = 0, + .tm_sec = 0 + }; + uint8_t config[16]; + char disp_str[1500]; + size_t disp_size = sizeof(disp_str); + + ret = atcab_read_zone(ATCA_ZONE_CONFIG, 0, 0, 0, config, 16); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + + //! Generate Device private key and Device public key + ret = atca_test_genkey(device_private_key_slot, g_device_public_key); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + disp_size = sizeof(disp_str); + ret = atcab_bin2hex(g_device_public_key, ATCA_ECCP256_PUBKEY_SIZE, disp_str, &disp_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + printf("Device Public Key:\r\n%s\r\n", disp_str); + + ret = atcab_write_bytes_zone(ATCA_ZONE_DATA, 1, 8, g_device_public_key, ATCA_ECCP256_PUBKEY_SIZE); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + + //! Generate Signer private key and Signer public key + ret = atca_test_genkey(signer_private_key_slot, g_signer_public_key); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + disp_size = sizeof(disp_str); + ret = atcab_bin2hex(g_signer_public_key, ATCA_ECCP256_PUBKEY_SIZE, disp_str, &disp_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + printf("Signer Public Key:\r\n%s\r\n", disp_str); + + ret = atcab_write_bytes_zone(ATCA_ZONE_DATA, 1, 6, g_signer_public_key, ATCA_ECCP256_PUBKEY_SIZE); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + + g_device_cert_ref_size = sizeof(g_device_cert_ref); + build_and_save_cert( + &g_test_cert_def_9_device, + g_device_cert_ref, + &g_device_cert_ref_size, + g_signer_public_key, + g_device_public_key, + signer_id, + &device_issue_date, + config, + signer_private_key_slot); + disp_size = sizeof(disp_str); + ret = atcab_bin2hex(g_device_cert_ref, g_device_cert_ref_size, disp_str, &disp_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + printf("Device Certificate:\r\n%s\r\n", disp_str); + + //! Generate Signer CA Private key and Signer CA public key + ret = atca_test_genkey(signer_ca_private_key_slot, g_signer_ca_public_key); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + disp_size = sizeof(disp_str); + ret = atcab_bin2hex(g_signer_ca_public_key, ATCA_ECCP256_PUBKEY_SIZE, disp_str, &disp_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + printf("Signer CA Public Key:\r\n%s\r\n", disp_str); + + // Build signer cert + g_signer_cert_ref_size = sizeof(g_signer_cert_ref); + build_and_save_cert( + &g_test_cert_def_8_signer, + g_signer_cert_ref, + &g_signer_cert_ref_size, + g_signer_ca_public_key, + g_signer_public_key, + signer_id, + &signer_issue_date, + config, + signer_ca_private_key_slot); + disp_size = sizeof(disp_str); + ret = atcab_bin2hex(g_signer_cert_ref, g_signer_cert_ref_size, disp_str, &disp_size); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + printf("Signer Certificate:\r\n%s\r\n", disp_str); + printf("\n"); +} + +TEST(atcacert_client_ca2, atcacert_read_device_loc_pub_key) +{ + int ret; + uint8_t public_key[ATCA_ECCP256_PUBKEY_SIZE]; + uint8_t data[sizeof(public_key)]; + + atcacert_device_loc_t device_loc = { DEVZONE_DATA, 1, FALSE, 256, 64 }; + + ret = atcacert_read_device_loc(&device_loc, data); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(&g_device_public_key[0], data, device_loc.count); +} + +TEST(atcacert_client_ca2, atcacert_read_device_loc_pub_key_partial) +{ + int ret; + uint8_t public_key[ATCA_ECCP256_PUBKEY_SIZE]; + uint8_t data[sizeof(public_key)]; + atcacert_device_loc_t device_loc = { DEVZONE_DATA, 1, FALSE, 261, 55 }; + + ret = atcacert_read_device_loc(&device_loc, data); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(&g_device_public_key[5], data, device_loc.count); +} + +TEST(atcacert_client_ca2, atcacert_read_device_loc_data_partial) +{ + int ret; + uint8_t data_full[72]; + uint8_t data[sizeof(data_full)]; + atcacert_device_loc_t device_loc = { DEVZONE_DATA, 1, FALSE, 5, 55 }; + + ret = atcab_read_bytes_zone(device_loc.zone, device_loc.slot, 0, data_full, 72); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + + ret = atcacert_read_device_loc(&device_loc, data); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(&data_full[device_loc.offset], data, device_loc.count); +} + +TEST(atcacert_client_ca2, atcacert_read_cert_signer) +{ + int ret = 0; + uint8_t cert[512]; + size_t cert_size = sizeof(cert); + + ret = atcacert_read_cert(&g_test_cert_def_8_signer, g_signer_ca_public_key, cert, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(g_signer_cert_ref_size, cert_size); + TEST_ASSERT_EQUAL_MEMORY(g_signer_cert_ref, cert, cert_size); +} + +TEST(atcacert_client_ca2, atcacert_read_cert_device) +{ + int ret = 0; + uint8_t cert[512]; + size_t cert_size = sizeof(cert); + + ret = atcacert_read_cert(&g_test_cert_def_9_device, g_signer_public_key, cert, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(g_device_cert_ref_size, cert_size); + TEST_ASSERT_EQUAL_MEMORY(g_device_cert_ref, cert, cert_size); +} + +TEST(atcacert_client_ca2, atcacert_read_subj_key_id) +{ + int ret = 0; + uint8_t cert[512]; + size_t cert_size = sizeof(cert); + uint8_t key_id_ref[20]; + uint8_t key_id[20]; + + ret = atcacert_read_cert(&g_test_cert_def_8_signer, g_signer_ca_public_key, cert, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(g_signer_cert_ref_size, cert_size); + TEST_ASSERT_EQUAL_MEMORY(g_signer_cert_ref, cert, cert_size); + + ret = atcacert_get_subj_key_id(&g_test_cert_def_8_signer, cert, cert_size, key_id_ref); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_read_subj_key_id(&g_test_cert_def_8_signer, key_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(key_id_ref, key_id, sizeof(key_id)); +} + +TEST(atcacert_client_ca2, atcacert_read_cert_small_buf) +{ + int ret = 0; + uint8_t cert[512]; + size_t cert_size = sizeof(cert); + + // Getting the actual buffer size needed for the certificate + ret = atcacert_read_cert(&g_test_cert_def_9_device, g_signer_public_key, NULL, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + // Read the device certificate + ret = atcacert_read_cert(&g_test_cert_def_9_device, g_signer_public_key, cert, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(g_device_cert_ref_size, cert_size); + TEST_ASSERT_EQUAL_MEMORY(g_device_cert_ref, cert, cert_size); + + // Decrease the size of the buffer needed for device certificate + cert_size -= 1; + ret = atcacert_read_cert(&g_test_cert_def_9_device, g_signer_public_key, cert, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BUFFER_TOO_SMALL, ret); +} + +TEST(atcacert_client_ca2, atcacert_read_cert_bad_params) +{ + int ret = 0; + uint8_t cert[128]; + size_t cert_size = sizeof(cert); + + ret = atcacert_read_cert(NULL, g_signer_public_key, cert, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(NULL, NULL, cert, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(NULL, g_signer_public_key, NULL, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(NULL, NULL, NULL, &cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(&g_test_cert_def_9_device, g_signer_public_key, cert, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(NULL, g_signer_public_key, cert, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(&g_test_cert_def_9_device, NULL, cert, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(NULL, NULL, cert, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(&g_test_cert_def_9_device, g_signer_public_key, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(NULL, g_signer_public_key, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(&g_test_cert_def_9_device, NULL, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_read_cert(NULL, NULL, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} + +TEST(atcacert_client_ca2, atcacert_get_response_bad_params) +{ + int ret = 0; + uint8_t response[64]; + const uint8_t challenge[32] = { + 0x0c, 0xa6, 0x34, 0xc8, 0x37, 0x2f, 0x87, 0x99, 0x99, 0x7e, 0x9e, 0xe9, 0xd5, 0xbc, 0x72, 0x71, + 0x84, 0xd1, 0x97, 0x0a, 0xea, 0xfe, 0xac, 0x60, 0x7e, 0xd1, 0x3e, 0x12, 0xb7, 0x32, 0x25, 0xf1 + }; + + ret = atcacert_get_response(16, challenge, response); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(0, NULL, response); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(16, NULL, response); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(0, challenge, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(16, challenge, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(0, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_response(16, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} +#endif #endif -#endif \ No newline at end of file diff --git a/test/atcacert/test_atcacert_client_runner.c b/test/atcacert/test_atcacert_client_runner.c index da35450bd..01b65c1d9 100644 --- a/test/atcacert/test_atcacert_client_runner.c +++ b/test/atcacert/test_atcacert_client_runner.c @@ -37,7 +37,6 @@ TEST_GROUP_RUNNER(atcacert_client) #if ATCACERT_COMPCERT_EN // Load certificate data onto the device RUN_TEST_CASE(atcacert_client, init); - RUN_TEST_CASE(atcacert_client, atcacert_read_device_loc_gen_key); RUN_TEST_CASE(atcacert_client, atcacert_read_device_loc_gen_key_partial); RUN_TEST_CASE(atcacert_client, atcacert_read_device_loc_data_partial); @@ -47,14 +46,17 @@ TEST_GROUP_RUNNER(atcacert_client) RUN_TEST_CASE(atcacert_client, atcacert_read_subj_key_id); RUN_TEST_CASE(atcacert_client, atcacert_read_cert_small_buf); RUN_TEST_CASE(atcacert_client, atcacert_read_cert_bad_params); + RUN_TEST_CASE(atcacert_client, atcacert_get_response_bad_params); + +#if ATCA_ECC_SUPPORT + RUN_TEST_CASE(atcacert_client, atcacert_get_response); RUN_TEST_CASE(atcacert_client, atcacert_generate_device_csr); RUN_TEST_CASE(atcacert_client, atcacert_generate_device_csr_pem); +#endif - RUN_TEST_CASE(atcacert_client, atcacert_get_response); - RUN_TEST_CASE(atcacert_client, atcacert_get_response_bad_params); #endif -#if ATCACERT_INTEGRATION_EN +#if ATCACERT_INTEGRATION_EN RUN_TEST_CASE(atcacert_client, atcacert_get_subj); RUN_TEST_CASE(atcacert_client, atcacert_get_subj_pbkey); RUN_TEST_CASE(atcacert_client, atcacert_get_subj_pbkey_id); @@ -63,6 +65,25 @@ TEST_GROUP_RUNNER(atcacert_client) RUN_TEST_CASE(atcacert_client, atcacert_get_issue_date_test); RUN_TEST_CASE(atcacert_client, atcacert_get_expiry_date); RUN_TEST_CASE(atcacert_client, atcacert_get_serial_num); +#if ATCA_TA_SUPPORT + RUN_TEST_CASE(atcacert_client, atcacert_write_rsa_signed_cert); +#endif #endif } + +#if ATCA_CA2_CERT_SUPPORT +TEST_GROUP_RUNNER(atcacert_client_ca2) +{ + RUN_TEST_CASE(atcacert_client_ca2, init); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_read_device_loc_pub_key); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_read_device_loc_pub_key_partial); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_read_device_loc_data_partial); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_read_cert_signer); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_read_cert_device); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_read_subj_key_id); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_read_cert_small_buf); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_read_cert_bad_params); + RUN_TEST_CASE(atcacert_client_ca2, atcacert_get_response_bad_params); +} +#endif #endif diff --git a/test/atcacert/test_atcacert_date.c b/test/atcacert/test_atcacert_date.c index 3787c2807..729fb6b68 100644 --- a/test/atcacert/test_atcacert_date.c +++ b/test/atcacert/test_atcacert_date.c @@ -832,21 +832,148 @@ TEST(atcacert_date_enc_compcert, max) TEST_ASSERT_EQUAL_MEMORY(enc_dates_ref, enc_dates, sizeof(enc_dates)); } +TEST(atcacert_date_enc_compcert, min_ext_issue_year) +{ + // Test the smallest issue year that requires extended dates + + int ret = 0; + atcacert_tm_utc_t issue_date; + uint8_t comp_cert[72] = { 0 }; + uint8_t comp_cert_ref[sizeof(comp_cert)] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x84, 0x01, 0x00, 0x00, 0x00, 0x01, 0x40 + }; + uint8_t expire_years = 1; + + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates + set_tm(&issue_date, 2032, 1, 1, 00, 00, 00); + + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_date_enc_compcert, max_ext_issue_year) +{ + // Test the largest issue year that requires extended dates + + int ret = 0; + atcacert_tm_utc_t issue_date; + uint8_t comp_cert[72] = { 0 }; + uint8_t comp_cert_ref[sizeof(comp_cert)] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xF8, 0x84, 0x01, 0x00, 0x00, 0x00, 0x01, 0xC0 + }; + uint8_t expire_years = 1; + + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates + set_tm(&issue_date, 2127, 1, 1, 00, 00, 00); + + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_date_enc_compcert, min_ext_expire_years) +{ + // Test the smallest expire years that requires extended dates + + int ret = 0; + atcacert_tm_utc_t issue_date; + uint8_t comp_cert[72] = { 0 }; + uint8_t comp_cert_ref[sizeof(comp_cert)] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x84, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10 + }; + uint8_t expire_years = 32; + + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates + set_tm(&issue_date, 2000, 1, 1, 00, 00, 00); + + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_date_enc_compcert, max_ext_expire_years) +{ + // Test the largest expire years that requires extended dates + + int ret = 0; + atcacert_tm_utc_t issue_date; + uint8_t comp_cert[72] = { 0 }; + uint8_t comp_cert_ref[sizeof(comp_cert)] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x84, 0x1F, 0x00, 0x00, 0x00, 0x01, 0x30 + }; + uint8_t expire_years = 127; + + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates + set_tm(&issue_date, 2000, 1, 1, 00, 00, 00); + + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_date_enc_compcert, mixed_ext) +{ + // Test different patterns for extended issue year and expire years to make sure bit + // packing is working + + int ret = 0; + atcacert_tm_utc_t issue_date; + uint8_t comp_cert[72] = { 0 }; + uint8_t comp_cert_ref[sizeof(comp_cert)] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x84, 0x00, 0x00, 0x00, 0x00, 0x01, 0x9F + }; + uint8_t expire_years = 32; + + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates + comp_cert[71] = 0x0F; // Make sure the lower 4 bits aren't changed. + set_tm(&issue_date, 2064, 1, 1, 00, 00, 00); + + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + TEST(atcacert_date_enc_compcert, bad_year) { int ret = 0; atcacert_tm_utc_t issue_date; - uint8_t enc_dates[3]; + uint8_t comp_cert[72] = { 0 }; uint8_t expire_years = 0; expire_years = 28; - set_tm(&issue_date, 1900, 3, 7, 10, 0, 0); - ret = atcacert_date_enc_compcert(&issue_date, expire_years, enc_dates); + set_tm(&issue_date, 1999, 3, 7, 10, 0, 0); + ret = atcacert_date_enc_compcert(&issue_date, expire_years, &comp_cert[64]); TEST_ASSERT_EQUAL(ATCACERT_E_INVALID_DATE, ret); expire_years = 28; set_tm(&issue_date, 2032, 3, 7, 10, 0, 0); - ret = atcacert_date_enc_compcert(&issue_date, expire_years, enc_dates); + ret = atcacert_date_enc_compcert(&issue_date, expire_years, &comp_cert[64]); + TEST_ASSERT_EQUAL(ATCACERT_E_INVALID_DATE, ret); + + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates + set_tm(&issue_date, 2128, 3, 7, 10, 0, 0); + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_INVALID_DATE, ret); } @@ -908,12 +1035,17 @@ TEST(atcacert_date_enc_compcert, bad_expire) { int ret = 0; atcacert_tm_utc_t issue_date; - uint8_t enc_dates[3]; + uint8_t comp_cert[72] = { 0 }; uint8_t expire_years = 0; expire_years = 32; set_tm(&issue_date, 2021, 3, 7, 10, 0, 0); - ret = atcacert_date_enc_compcert(&issue_date, expire_years, enc_dates); + ret = atcacert_date_enc_compcert(&issue_date, expire_years, &comp_cert[64]); + TEST_ASSERT_EQUAL(ATCACERT_E_INVALID_DATE, ret); + + comp_cert[70] = 1; // Set compressed certificate format version 1 to support extended dates + expire_years = 128; + ret = atcacert_date_enc_compcert_ext(&issue_date, expire_years, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_INVALID_DATE, ret); } @@ -1902,6 +2034,105 @@ TEST(atcacert_date_dec_compcert, bad_params) TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); } +TEST(atcacert_date_dec_compcert, expiry_date_extended_gen) +{ + int ret = 0; + atcacert_tm_utc_t issue_date, issue_date_ref; + atcacert_tm_utc_t expire_date, expire_date_ref; + + //Compressed format version with 1 has 4 bytes encoded date + uint8_t comp_cert[72] = {0}; + + //Issue date = 2024 + set_tm(&issue_date_ref, 2024, 3, 7, 10, 0, 0); + + //Expiry date with expiry year = 2056 + set_tm(&expire_date_ref, 2024 + 32, 3, 7, 10, 0, 0); + + uint8_t expire_years = 32; //Set no of expiry years > 31 + + comp_cert[70] = 1; //Set format version to 1 for extended expiry year encoding + + //Get the encoded date format data from compressed certificate + ret = atcacert_date_enc_compcert_ext(&issue_date_ref, expire_years, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + //Encoded data for reference:{ 0xC1, 0x9D, 0x40, 0x10 }; + + //Decode the compressed certificate encoded date value + ret = atcacert_date_dec_compcert_ext(comp_cert, DATEFMT_RFC5280_GEN, &issue_date, &expire_date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + //Compare the decoded dates with actual time format + TEST_ASSERT_EQUAL_MEMORY(&issue_date_ref, &issue_date, sizeof(issue_date)); + TEST_ASSERT_EQUAL_MEMORY(&expire_date_ref, &expire_date, sizeof(expire_date)); +} + +TEST(atcacert_date_dec_compcert, expiry_date_utc) +{ + int ret = 0; + atcacert_tm_utc_t issue_date, issue_date_ref; + atcacert_tm_utc_t expire_date, expire_date_ref; + + //Compressed format version with 0 has 3 byte date encoding + uint8_t enc_dates[3] = {0}; + + //Issue date = 2024 + set_tm(&issue_date_ref, 2024, 3, 7, 10, 0, 0); + + //Expiry date with expiry year = 2030 + set_tm(&expire_date_ref, 2024 + 6, 3, 7, 10, 0, 0); + + uint8_t expire_years = 6; //Set no of expiry years < 31 + + //Get the encoded date format data from compressed certificate + ret = atcacert_date_enc_compcert(&issue_date_ref, expire_years, enc_dates); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + //Encoded date data for reference: uint8_t enc_dates[4] = { 0xC1, 0x9D, 0x46 }; + + //Decode the compressed certificate encoded date value + ret = atcacert_date_dec_compcert(enc_dates, DATEFMT_RFC5280_UTC, &issue_date, &expire_date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + //Compare the decoded dates with actual time format + TEST_ASSERT_EQUAL_MEMORY(&issue_date_ref, &issue_date, sizeof(issue_date)); + TEST_ASSERT_EQUAL_MEMORY(&expire_date_ref, &expire_date, sizeof(expire_date)); +} + +TEST(atcacert_date_dec_compcert, issue_date_extended_gen) +{ + int ret = 0; + atcacert_tm_utc_t issue_date, issue_date_ref; + atcacert_tm_utc_t expire_date, expire_date_ref; + + //Compressed format version with 1 has 4 bytes encoded date + uint8_t comp_cert[72] = {0}; + + //Issue date = 2050 + set_tm(&issue_date_ref, 2050, 3, 7, 10, 0, 0); + + //Expiry date with expiry year = 2082 + set_tm(&expire_date_ref, 2050 + 32, 3, 7, 10, 0, 0); + + uint8_t expire_years = 32; //Set no of expiry years > 31 + + comp_cert[70] = 1; //Set format version to 1 for extended expiry year encoding + + //Get the encoded date format data from compressed certificate + ret = atcacert_date_enc_compcert_ext(&issue_date_ref, expire_years, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + //Encoded data for reference: { 0x91, 0x9D, 0x40, 0x50 }; + + //Decode the compressed certificate encoded date value + ret = atcacert_date_dec_compcert_ext(comp_cert, DATEFMT_RFC5280_GEN, &issue_date, &expire_date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + //Compare the decoded dates with actual time format + TEST_ASSERT_EQUAL_MEMORY(&issue_date_ref, &issue_date, sizeof(issue_date)); + TEST_ASSERT_EQUAL_MEMORY(&expire_date_ref, &expire_date, sizeof(expire_date)); +} diff --git a/test/atcacert/test_atcacert_date_runner.c b/test/atcacert/test_atcacert_date_runner.c index a20819f8a..9a3b1b8d4 100644 --- a/test/atcacert/test_atcacert_date_runner.c +++ b/test/atcacert/test_atcacert_date_runner.c @@ -108,6 +108,11 @@ TEST_GROUP_RUNNER(atcacert_date_enc_compcert) RUN_TEST_CASE(atcacert_date_enc_compcert, good); RUN_TEST_CASE(atcacert_date_enc_compcert, min); RUN_TEST_CASE(atcacert_date_enc_compcert, max); + RUN_TEST_CASE(atcacert_date_enc_compcert, min_ext_issue_year); + RUN_TEST_CASE(atcacert_date_enc_compcert, max_ext_issue_year); + RUN_TEST_CASE(atcacert_date_enc_compcert, min_ext_expire_years); + RUN_TEST_CASE(atcacert_date_enc_compcert, max_ext_expire_years); + RUN_TEST_CASE(atcacert_date_enc_compcert, mixed_ext); RUN_TEST_CASE(atcacert_date_enc_compcert, bad_year); RUN_TEST_CASE(atcacert_date_enc_compcert, bad_month); RUN_TEST_CASE(atcacert_date_enc_compcert, bad_day); @@ -206,6 +211,9 @@ TEST_GROUP_RUNNER(atcacert_date_dec_compcert) RUN_TEST_CASE(atcacert_date_dec_compcert, max); RUN_TEST_CASE(atcacert_date_dec_compcert, posix_uint32_be); RUN_TEST_CASE(atcacert_date_dec_compcert, bad_params); + RUN_TEST_CASE(atcacert_date_dec_compcert, expiry_date_extended_gen); + RUN_TEST_CASE(atcacert_date_dec_compcert, expiry_date_utc); + RUN_TEST_CASE(atcacert_date_dec_compcert, issue_date_extended_gen); } TEST_GROUP_RUNNER(atcacert_date_dec) diff --git a/test/atcacert/test_atcacert_def.c b/test/atcacert/test_atcacert_def.c index 90b423c70..8bfe647ad 100644 --- a/test/atcacert/test_atcacert_def.c +++ b/test/atcacert/test_atcacert_def.c @@ -28,11 +28,15 @@ #ifndef DO_NOT_TEST_CERT #include "atcacert/atcacert_def.h" +#include "atca_basic.h" #include "test_cert_def_0_device.h" #include "test_cert_def_1_signer.h" #include "test_cert_def_3_device.h" +#include "test_cert_def_6_device.h" +#include "test_cert_def_7_signer.h" #include +extern ATCAIfaceCfg *gCfg; uint8_t g_cert_def_cert_template[800]; atcacert_def_t g_cert_def; @@ -2333,6 +2337,188 @@ TEST(atcacert_gen_cert_sn, pub_key_hash_raw) TEST_ASSERT_EQUAL_MEMORY(cert_template_ref, g_cert_def_cert_template, g_cert_def.cert_template_size); } +TEST(atcacert_gen_cert_sn, pub_key_hash_ext_issue) +{ + // Make sure SN generation takes into account extended dates when using an + // extended issue date (>= 2032). + + int ret = 0; + uint8_t clear_sn[8]; + static const uint8_t cert_template_ref[] = { + 0x30, 0x82, 0x01, 0x38, 0x30, 0x81, 0xde, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x49, 0x7a, + 0xd7, 0x75, 0x1e, 0xca, 0x0a, 0x17, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x02, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x30, + 0x30, 0x34, 0x45, 0x2d, 0x31, 0x41, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x33, 0x32, 0x30, 0x37, + 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x35, 0x32, 0x30, + 0x37, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, 0x30, 0x31, 0x31, 0x34, 0x33, 0x30, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x27, 0xdc, 0x86, 0xe9, 0xcc, 0x59, 0xa1, 0xfa, + 0xf8, 0xe6, 0x02, 0xb3, 0x44, 0x89, 0xd1, 0x70, 0x4a, 0x3b, 0x44, 0x04, 0x52, 0xaa, 0x11, 0x93, + 0x35, 0xa9, 0xbe, 0x6f, 0x68, 0x32, 0xdc, 0x59, 0xce, 0x5e, 0x74, 0x73, 0xb8, 0x44, 0xbd, 0x08, + 0x4d, 0x5d, 0x3d, 0xe5, 0xde, 0x21, 0xc3, 0x4f, 0x8d, 0xc1, 0x61, 0x4f, 0x17, 0x27, 0xaf, 0x6d, + 0xc4, 0x9c, 0x42, 0x83, 0xee, 0x36, 0xe2, 0x31, 0xa3, 0x1b, 0x30, 0x19, 0x30, 0x17, 0x06, 0x05, + 0x67, 0x81, 0x14, 0x01, 0x02, 0x01, 0x01, 0xff, 0x04, 0x0b, 0x04, 0x09, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x30, 0x30, 0x30, 0x30, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, + 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xb7, 0xa3, 0xab, 0x33, 0x5d, 0x4d, 0x70, + 0xd4, 0x79, 0x5d, 0x03, 0x48, 0x73, 0xda, 0x5d, 0x7f, 0x45, 0x35, 0x19, 0x18, 0xf1, 0xd6, 0x1f, + 0x6d, 0xae, 0xd8, 0xc4, 0x36, 0x63, 0x38, 0xd7, 0xef, 0x02, 0x21, 0x00, 0x9d, 0x10, 0xf3, 0xf8, + 0x99, 0x67, 0xc8, 0x3d, 0xd2, 0x7e, 0x99, 0xc7, 0x60, 0x0f, 0xa9, 0xbe, 0x84, 0xcf, 0x9a, 0x15, + 0xa4, 0xdc, 0x5d, 0xc6, 0x2c, 0x1c, 0x5e, 0x6b, 0xbb, 0xd8, 0x14, 0x70 + }; + atcacert_tm_utc_t date = { + .tm_year = 2032 - 1900, + .tm_mon = 7 - 1, + .tm_mday = 31, + .tm_hour = 0, + .tm_min = 0, + .tm_sec = 0 + }; + size_t cert_size; + + useCert(&g_test_cert_def_6_device); + cert_size = g_cert_def.cert_template_size; + + TEST_ASSERT_EQUAL(g_cert_def.cert_template_size, sizeof(cert_template_ref)); + + g_cert_def.sn_source = SNSRC_PUB_KEY_HASH; + g_cert_def.expire_years = 20; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].offset = 75; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].count = 15; + + memset(clear_sn, 0, sizeof(clear_sn)); + ret = atcacert_set_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + &cert_size, + sizeof(g_cert_def_cert_template), + clear_sn, + sizeof(clear_sn)); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(g_cert_def.cert_template_size, cert_size); + + ret = atcacert_set_subj_public_key( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + g_hash_public_key); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_set_issue_date( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + date.tm_year += g_cert_def.expire_years; + ret = atcacert_set_expire_date( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_gen_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(cert_template_ref, g_cert_def_cert_template, g_cert_def.cert_template_size); +} + +TEST(atcacert_gen_cert_sn, pub_key_hash_ext_expire) +{ + // Make sure SN generation takes into account extended dates when using an + // extended expire years (>= 32). + + int ret = 0; + uint8_t clear_sn[8]; + static const uint8_t cert_template_ref[] = { + 0x30, 0x82, 0x01, 0x38, 0x30, 0x81, 0xde, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x7a, 0x36, + 0xd7, 0xda, 0x47, 0x08, 0x84, 0xcb, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x02, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x30, + 0x30, 0x34, 0x45, 0x2d, 0x31, 0x41, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x35, 0x30, 0x37, + 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x34, 0x37, 0x30, + 0x37, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, 0x30, 0x31, 0x31, 0x34, 0x33, 0x30, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x27, 0xdc, 0x86, 0xe9, 0xcc, 0x59, 0xa1, 0xfa, + 0xf8, 0xe6, 0x02, 0xb3, 0x44, 0x89, 0xd1, 0x70, 0x4a, 0x3b, 0x44, 0x04, 0x52, 0xaa, 0x11, 0x93, + 0x35, 0xa9, 0xbe, 0x6f, 0x68, 0x32, 0xdc, 0x59, 0xce, 0x5e, 0x74, 0x73, 0xb8, 0x44, 0xbd, 0x08, + 0x4d, 0x5d, 0x3d, 0xe5, 0xde, 0x21, 0xc3, 0x4f, 0x8d, 0xc1, 0x61, 0x4f, 0x17, 0x27, 0xaf, 0x6d, + 0xc4, 0x9c, 0x42, 0x83, 0xee, 0x36, 0xe2, 0x31, 0xa3, 0x1b, 0x30, 0x19, 0x30, 0x17, 0x06, 0x05, + 0x67, 0x81, 0x14, 0x01, 0x02, 0x01, 0x01, 0xff, 0x04, 0x0b, 0x04, 0x09, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x30, 0x30, 0x30, 0x30, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, + 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xb7, 0xa3, 0xab, 0x33, 0x5d, 0x4d, 0x70, + 0xd4, 0x79, 0x5d, 0x03, 0x48, 0x73, 0xda, 0x5d, 0x7f, 0x45, 0x35, 0x19, 0x18, 0xf1, 0xd6, 0x1f, + 0x6d, 0xae, 0xd8, 0xc4, 0x36, 0x63, 0x38, 0xd7, 0xef, 0x02, 0x21, 0x00, 0x9d, 0x10, 0xf3, 0xf8, + 0x99, 0x67, 0xc8, 0x3d, 0xd2, 0x7e, 0x99, 0xc7, 0x60, 0x0f, 0xa9, 0xbe, 0x84, 0xcf, 0x9a, 0x15, + 0xa4, 0xdc, 0x5d, 0xc6, 0x2c, 0x1c, 0x5e, 0x6b, 0xbb, 0xd8, 0x14, 0x70 + }; + atcacert_tm_utc_t date = { + .tm_year = 2015 - 1900, + .tm_mon = 7 - 1, + .tm_mday = 31, + .tm_hour = 0, + .tm_min = 0, + .tm_sec = 0 + }; + size_t cert_size; + + useCert(&g_test_cert_def_6_device); + cert_size = g_cert_def.cert_template_size; + + TEST_ASSERT_EQUAL(g_cert_def.cert_template_size, sizeof(cert_template_ref)); + + g_cert_def.sn_source = SNSRC_PUB_KEY_HASH; + g_cert_def.expire_years = 32; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].offset = 75; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].count = 15; + + memset(clear_sn, 0, sizeof(clear_sn)); + ret = atcacert_set_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + &cert_size, + sizeof(g_cert_def_cert_template), + clear_sn, + sizeof(clear_sn)); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(g_cert_def.cert_template_size, cert_size); + + ret = atcacert_set_subj_public_key( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + g_hash_public_key); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_set_issue_date( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + date.tm_year += g_cert_def.expire_years; + ret = atcacert_set_expire_date( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_gen_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(cert_template_ref, g_cert_def_cert_template, g_cert_def.cert_template_size); +} + TEST(atcacert_gen_cert_sn, pub_key_hash_unexpected_size) { int ret = 0; @@ -2570,6 +2756,177 @@ TEST(atcacert_gen_cert_sn, device_sn_hash_raw) TEST_ASSERT_EQUAL_MEMORY(cert_template_ref, g_cert_def_cert_template, g_cert_def.cert_template_size); } + +TEST(atcacert_gen_cert_sn, device_sn_hash_ext_issue) +{ + // Make sure SN generation takes into account extended dates when using an + // extended issue date (>= 2032). + + int ret = 0; + uint8_t clear_sn[8]; + static const uint8_t device_sn[9] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 }; + static const uint8_t cert_template_ref[] = { + 0x30, 0x82, 0x01, 0x38, 0x30, 0x81, 0xde, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x57, 0x67, + 0xd5, 0x87, 0xea, 0x86, 0xfe, 0xc2, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x02, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x30, + 0x30, 0x34, 0x45, 0x2d, 0x31, 0x41, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x33, 0x32, 0x30, 0x37, + 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x35, 0x32, 0x30, + 0x37, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, 0x30, 0x31, 0x31, 0x34, 0x33, 0x30, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x63, 0x91, 0xf3, 0x5a, 0x89, 0x09, 0x8c, 0x21, + 0x0b, 0x4a, 0x5f, 0xee, 0xa8, 0x0f, 0x78, 0xff, 0xd4, 0x4c, 0x24, 0x14, 0x08, 0x86, 0xe4, 0x91, + 0xa6, 0xcd, 0xe9, 0xf0, 0x11, 0x55, 0xab, 0x11, 0x76, 0xaf, 0xa5, 0xba, 0x0f, 0x99, 0x88, 0xd7, + 0x4b, 0x81, 0x2d, 0x6f, 0x03, 0xce, 0xb6, 0x40, 0xba, 0x51, 0x68, 0xff, 0xdc, 0x05, 0x8b, 0xd2, + 0x60, 0x67, 0x00, 0xce, 0xb0, 0x03, 0xaa, 0x69, 0xa3, 0x1b, 0x30, 0x19, 0x30, 0x17, 0x06, 0x05, + 0x67, 0x81, 0x14, 0x01, 0x02, 0x01, 0x01, 0xff, 0x04, 0x0b, 0x04, 0x09, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x30, 0x30, 0x30, 0x30, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, + 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xb7, 0xa3, 0xab, 0x33, 0x5d, 0x4d, 0x70, + 0xd4, 0x79, 0x5d, 0x03, 0x48, 0x73, 0xda, 0x5d, 0x7f, 0x45, 0x35, 0x19, 0x18, 0xf1, 0xd6, 0x1f, + 0x6d, 0xae, 0xd8, 0xc4, 0x36, 0x63, 0x38, 0xd7, 0xef, 0x02, 0x21, 0x00, 0x9d, 0x10, 0xf3, 0xf8, + 0x99, 0x67, 0xc8, 0x3d, 0xd2, 0x7e, 0x99, 0xc7, 0x60, 0x0f, 0xa9, 0xbe, 0x84, 0xcf, 0x9a, 0x15, + 0xa4, 0xdc, 0x5d, 0xc6, 0x2c, 0x1c, 0x5e, 0x6b, 0xbb, 0xd8, 0x14, 0x70 + }; + atcacert_tm_utc_t date = { + .tm_year = 2032 - 1900, + .tm_mon = 7 - 1, + .tm_mday = 31, + .tm_hour = 0, + .tm_min = 0, + .tm_sec = 0 + }; + size_t cert_size; + + useCert(&g_test_cert_def_6_device); + cert_size = g_cert_def.cert_template_size; + + TEST_ASSERT_EQUAL(g_cert_def.cert_template_size, sizeof(cert_template_ref)); + + g_cert_def.sn_source = SNSRC_DEVICE_SN_HASH; + g_cert_def.expire_years = 20; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].offset = 75; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].count = 15; + + memset(clear_sn, 0, sizeof(clear_sn)); + ret = atcacert_set_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + &cert_size, + sizeof(g_cert_def_cert_template), + clear_sn, + sizeof(clear_sn)); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(g_cert_def.cert_template_size, cert_size); + + ret = atcacert_set_issue_date( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + date.tm_year += g_cert_def.expire_years; + ret = atcacert_set_expire_date( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_gen_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + device_sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(cert_template_ref, g_cert_def_cert_template, g_cert_def.cert_template_size); +} + +TEST(atcacert_gen_cert_sn, device_sn_hash_ext_expire) +{ + // Make sure SN generation takes into account extended dates when using an + // extended expire years (>= 32). + + int ret = 0; + uint8_t clear_sn[8]; + static const uint8_t device_sn[9] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 }; + static const uint8_t cert_template_ref[] = { + 0x30, 0x82, 0x01, 0x38, 0x30, 0x81, 0xde, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x58, 0xdc, + 0x80, 0x57, 0xb4, 0x77, 0x7f, 0xae, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x02, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x30, + 0x30, 0x34, 0x45, 0x2d, 0x31, 0x41, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x35, 0x30, 0x37, + 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x34, 0x37, 0x30, + 0x37, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, 0x30, 0x31, 0x31, 0x34, 0x33, 0x30, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x63, 0x91, 0xf3, 0x5a, 0x89, 0x09, 0x8c, 0x21, + 0x0b, 0x4a, 0x5f, 0xee, 0xa8, 0x0f, 0x78, 0xff, 0xd4, 0x4c, 0x24, 0x14, 0x08, 0x86, 0xe4, 0x91, + 0xa6, 0xcd, 0xe9, 0xf0, 0x11, 0x55, 0xab, 0x11, 0x76, 0xaf, 0xa5, 0xba, 0x0f, 0x99, 0x88, 0xd7, + 0x4b, 0x81, 0x2d, 0x6f, 0x03, 0xce, 0xb6, 0x40, 0xba, 0x51, 0x68, 0xff, 0xdc, 0x05, 0x8b, 0xd2, + 0x60, 0x67, 0x00, 0xce, 0xb0, 0x03, 0xaa, 0x69, 0xa3, 0x1b, 0x30, 0x19, 0x30, 0x17, 0x06, 0x05, + 0x67, 0x81, 0x14, 0x01, 0x02, 0x01, 0x01, 0xff, 0x04, 0x0b, 0x04, 0x09, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x30, 0x30, 0x30, 0x30, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, + 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xb7, 0xa3, 0xab, 0x33, 0x5d, 0x4d, 0x70, + 0xd4, 0x79, 0x5d, 0x03, 0x48, 0x73, 0xda, 0x5d, 0x7f, 0x45, 0x35, 0x19, 0x18, 0xf1, 0xd6, 0x1f, + 0x6d, 0xae, 0xd8, 0xc4, 0x36, 0x63, 0x38, 0xd7, 0xef, 0x02, 0x21, 0x00, 0x9d, 0x10, 0xf3, 0xf8, + 0x99, 0x67, 0xc8, 0x3d, 0xd2, 0x7e, 0x99, 0xc7, 0x60, 0x0f, 0xa9, 0xbe, 0x84, 0xcf, 0x9a, 0x15, + 0xa4, 0xdc, 0x5d, 0xc6, 0x2c, 0x1c, 0x5e, 0x6b, 0xbb, 0xd8, 0x14, 0x70 + }; + atcacert_tm_utc_t date = { + .tm_year = 2015 - 1900, + .tm_mon = 7 - 1, + .tm_mday = 31, + .tm_hour = 0, + .tm_min = 0, + .tm_sec = 0 + }; + size_t cert_size; + + useCert(&g_test_cert_def_6_device); + cert_size = g_cert_def.cert_template_size; + + TEST_ASSERT_EQUAL(g_cert_def.cert_template_size, sizeof(cert_template_ref)); + + g_cert_def.sn_source = SNSRC_DEVICE_SN_HASH; + g_cert_def.expire_years = 32; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].offset = 75; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].count = 15; + + memset(clear_sn, 0, sizeof(clear_sn)); + ret = atcacert_set_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + &cert_size, + sizeof(g_cert_def_cert_template), + clear_sn, + sizeof(clear_sn)); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(g_cert_def.cert_template_size, cert_size); + + ret = atcacert_set_issue_date( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + date.tm_year += g_cert_def.expire_years; + ret = atcacert_set_expire_date( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_gen_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + device_sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(cert_template_ref, g_cert_def_cert_template, g_cert_def.cert_template_size); +} + TEST(atcacert_gen_cert_sn, device_sn_hash_unexpected_size) { int ret = 0; @@ -2630,80 +2987,541 @@ TEST(atcacert_gen_cert_sn, device_sn_hash_bad_params) } -TEST_GROUP(atcacert_get_cert_sn); +TEST_GROUP(atcacert_generate_sn); -TEST_SETUP(atcacert_get_cert_sn) +TEST_SETUP(atcacert_generate_sn) { - useCert(&g_test_cert_def_1_signer); } -TEST_TEAR_DOWN(atcacert_get_cert_sn) +TEST_TEAR_DOWN(atcacert_generate_sn) { } -TEST(atcacert_get_cert_sn, good) +TEST(atcacert_generate_sn, device_sn) { int ret = 0; - uint8_t cert_sn[32]; - size_t cert_sn_size = sizeof(cert_sn); - static const uint8_t cert_sn_ref[3] = { 0x40, 0x01, 0x02 }; - - TEST_ASSERT(g_cert_def.std_cert_elements[STDCERT_CERT_SN].count <= sizeof(cert_sn)); + static const uint8_t device_sn[9] = { + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 + }; + static const uint8_t sn_ref[] = { + 0x40, 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; - ret = atcacert_get_cert_sn( - &g_cert_def, - g_cert_def_cert_template, - g_cert_def.cert_template_size, - cert_sn, - &cert_sn_size); + ret = atcacert_generate_sn( + SNSRC_DEVICE_SN, + device_sn, + NULL, + NULL, + sizeof(sn), + sn); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - TEST_ASSERT_EQUAL(sizeof(cert_sn_ref), cert_sn_size); - TEST_ASSERT_EQUAL_MEMORY(cert_sn_ref, cert_sn, sizeof(cert_sn_ref)); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); } -TEST(atcacert_get_cert_sn, bad_params) +TEST(atcacert_generate_sn, device_sn_bad_params) { int ret = 0; - uint8_t cert_sn[32]; - size_t cert_sn_size = sizeof(cert_sn); - - ret = atcacert_get_cert_sn(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, cert_sn, &cert_sn_size); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - - ret = atcacert_get_cert_sn(&g_cert_def, NULL, g_cert_def.cert_template_size, cert_sn, &cert_sn_size); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - - ret = atcacert_get_cert_sn(NULL, NULL, g_cert_def.cert_template_size, cert_sn, &cert_sn_size); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + static const uint8_t device_sn[9] = { + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 + }; + uint8_t sn[10] = { 0 }; - ret = atcacert_get_cert_sn(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, &cert_sn_size); + // Output buffer is null + ret = atcacert_generate_sn(SNSRC_DEVICE_SN, device_sn, NULL, NULL, sizeof(sn), NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_cert_sn(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, &cert_sn_size); + // Size must be 10 + ret = atcacert_generate_sn(SNSRC_DEVICE_SN, device_sn, NULL, NULL, sizeof(sn) + 1, sn); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_cert_sn(&g_cert_def, NULL, g_cert_def.cert_template_size, NULL, &cert_sn_size); + // Device SN is null + ret = atcacert_generate_sn(SNSRC_DEVICE_SN, NULL, NULL, NULL, sizeof(sn), sn); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} - ret = atcacert_get_cert_sn(NULL, NULL, g_cert_def.cert_template_size, NULL, &cert_sn_size); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +TEST(atcacert_generate_sn, signer_id) +{ + int ret = 0; + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xC4, 0x8B, 0x00, 0x00 + }; + static const uint8_t sn_ref[] = { + 0x40, 0xC4, 0x8B + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; - ret = atcacert_get_cert_sn(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, cert_sn, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + ret = atcacert_generate_sn( + SNSRC_SIGNER_ID, + NULL, + NULL, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} - ret = atcacert_get_cert_sn(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, cert_sn, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +TEST(atcacert_generate_sn, signer_id_bad_params) +{ + int ret = 0; + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xC4, 0x8B, 0x00, 0x00 + }; + uint8_t sn[3] = { 0 }; - ret = atcacert_get_cert_sn(&g_cert_def, NULL, g_cert_def.cert_template_size, cert_sn, NULL); + // Output buffer is null + ret = atcacert_generate_sn(SNSRC_SIGNER_ID, NULL, NULL, comp_cert, sizeof(sn), NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_cert_sn(NULL, NULL, g_cert_def.cert_template_size, cert_sn, NULL); + // Size must be 3 + ret = atcacert_generate_sn(SNSRC_SIGNER_ID, NULL, NULL, comp_cert, sizeof(sn) + 1, sn); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_cert_sn(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, NULL); + // comp_cert is null + ret = atcacert_generate_sn(SNSRC_SIGNER_ID, NULL, NULL, NULL, sizeof(sn), sn); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} - ret = atcacert_get_cert_sn(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, NULL); +TEST(atcacert_generate_sn, pub_key_hash) +{ + int ret = 0; + // Only setting the encoded dates part of the compressed certificate + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static const uint8_t sn_ref[] = { + 0x72, 0x69, 0xB4, 0x59, 0x76, 0x63, 0xFD, 0xD5, 0xBD, 0x45 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_PUB_KEY_HASH, + NULL, + g_hash_public_key, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, pub_key_hash_pos) +{ + int ret = 0; + // Only setting the encoded dates part of the compressed certificate + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static const uint8_t sn_ref[] = { + 0x32, 0x69, 0xB4, 0x59, 0x76, 0x63, 0xFD, 0xD5, 0xBD, 0x45 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_PUB_KEY_HASH_POS, + NULL, + g_hash_public_key, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, pub_key_hash_raw) +{ + int ret = 0; + // Only setting the encoded dates part of the compressed certificate + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static const uint8_t sn_ref[] = { + 0xB2, 0x69, 0xB4, 0x59, 0x76, 0x63, 0xFD, 0xD5, 0xBD, 0x45 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_PUB_KEY_HASH_RAW, + NULL, + g_hash_public_key, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, pub_key_hash_ext_issue) +{ + // Make sure SN generation takes into account extended dates when using an + // extended issue date (>= 2032). + + int ret = 0; + // Set issue date to 2032. Format version must be set to 1 to use extended dates. + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x03, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x01, 0x40 + }; + static const uint8_t sn_ref[] = { + 0x49, 0x7a, 0xd7, 0x75, 0x1e, 0xca, 0x0a, 0x17, 0x50, 0xac + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_PUB_KEY_HASH, + NULL, + g_hash_public_key, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, pub_key_hash_ext_expire) +{ + // Make sure SN generation takes into account extended dates when using an + // extended exire date (>= 32 years from the issue date). + + int ret = 0; + // Set expire years to 32. Format version must be set to 1 to use extended dates. + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10 + }; + static const uint8_t sn_ref[] = { + 0x7a, 0x36, 0xd7, 0xda, 0x47, 0x08, 0x84, 0xcb, 0x2e, 0x21 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_PUB_KEY_HASH, + NULL, + g_hash_public_key, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, pub_key_hash_bad_params) +{ + int ret = 0; + // Only setting the encoded dates part of the compressed certificate + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + uint8_t sn[10] = { 0 }; + + // Output buffer is null + ret = atcacert_generate_sn(SNSRC_PUB_KEY_HASH, NULL, g_hash_public_key, comp_cert, sizeof(sn), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + // Size must be <= 32 + ret = atcacert_generate_sn(SNSRC_PUB_KEY_HASH, NULL, g_hash_public_key, comp_cert, 33, sn); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + // Size must be != 0 + ret = atcacert_generate_sn(SNSRC_PUB_KEY_HASH, NULL, g_hash_public_key, comp_cert, 0, sn); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + // public_key is null + ret = atcacert_generate_sn(SNSRC_PUB_KEY_HASH, NULL, NULL, comp_cert, sizeof(sn), sn); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + // comp_cert is null + ret = atcacert_generate_sn(SNSRC_PUB_KEY_HASH, NULL, g_hash_public_key, NULL, sizeof(sn), sn); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} + +TEST(atcacert_generate_sn, device_sn_hash) +{ + int ret = 0; + static const uint8_t device_sn[9] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 }; + // Only setting the encoded dates part of the compressed certificate + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static const uint8_t sn_ref[] = { + 0x73, 0x51, 0xA9, 0x79, 0xD7, 0xCA, 0xCC, 0xA4, 0xA7, 0xD2 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_DEVICE_SN_HASH, + device_sn, + NULL, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, device_sn_hash_pos) +{ + int ret = 0; + static const uint8_t device_sn[9] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 }; + // Only setting the encoded dates part of the compressed certificate + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static const uint8_t sn_ref[] = { + 0x33, 0x51, 0xA9, 0x79, 0xD7, 0xCA, 0xCC, 0xA4, 0xA7, 0xD2 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_DEVICE_SN_HASH_POS, + device_sn, + NULL, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, device_sn_hash_raw) +{ + int ret = 0; + static const uint8_t device_sn[9] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 }; + // Only setting the encoded dates part of the compressed certificate + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static const uint8_t sn_ref[] = { + 0xB3, 0x51, 0xA9, 0x79, 0xD7, 0xCA, 0xCC, 0xA4, 0xA7, 0xD2 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_DEVICE_SN_HASH_RAW, + device_sn, + NULL, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, device_sn_hash_ext_issue) +{ + // Make sure SN generation takes into account extended dates when using an + // extended issue date (>= 2032). + + int ret = 0; + static const uint8_t device_sn[9] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 }; + // Set issue date to 2032. Format version must be set to 1 to use extended dates. + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x03, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x01, 0x40 + }; + static const uint8_t sn_ref[] = { + 0x57, 0x67, 0xd5, 0x87, 0xea, 0x86, 0xfe, 0xc2, 0xee, 0x77 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_DEVICE_SN_HASH, + device_sn, + NULL, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, device_sn_hash_ext_expire) +{ + // Make sure SN generation takes into account extended dates when using an + // extended exire date (>= 32 years from the issue date). + + int ret = 0; + static const uint8_t device_sn[9] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 }; + // Set expire years to 32. Format version must be set to 1 to use extended dates. + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10 + }; + static const uint8_t sn_ref[] = { + 0x58, 0xdc, 0x80, 0x57, 0xb4, 0x77, 0x7f, 0xae, 0xfd, 0x36 + }; + uint8_t sn[sizeof(sn_ref)] = { 0 }; + + ret = atcacert_generate_sn( + SNSRC_DEVICE_SN_HASH, + device_sn, + NULL, + comp_cert, + sizeof(sn), + sn); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(sn_ref, sn, sizeof(sn)); +} + +TEST(atcacert_generate_sn, device_sn_hash_bad_params) +{ + int ret = 0; + static const uint8_t device_sn[9] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12 }; + // Only setting the encoded dates part of the compressed certificate + static const uint8_t comp_cert[72] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x7B, 0xFC, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + uint8_t sn[10] = { 0 }; + + // Output buffer is null + ret = atcacert_generate_sn(SNSRC_DEVICE_SN_HASH, device_sn, NULL, comp_cert, sizeof(sn), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + // Size must be <= 32 + ret = atcacert_generate_sn(SNSRC_DEVICE_SN_HASH, device_sn, NULL, comp_cert, 33, sn); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + // Size must be != 0 + ret = atcacert_generate_sn(SNSRC_DEVICE_SN_HASH, device_sn, NULL, comp_cert, 0, sn); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + // device_sn is null + ret = atcacert_generate_sn(SNSRC_DEVICE_SN_HASH, NULL, NULL, comp_cert, sizeof(sn), sn); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + // comp_cert is null + ret = atcacert_generate_sn(SNSRC_DEVICE_SN_HASH, device_sn, NULL, NULL, sizeof(sn), sn); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} + + +TEST_GROUP(atcacert_get_cert_sn); + +TEST_SETUP(atcacert_get_cert_sn) +{ + useCert(&g_test_cert_def_1_signer); +} + +TEST_TEAR_DOWN(atcacert_get_cert_sn) +{ +} + +TEST(atcacert_get_cert_sn, good) +{ + int ret = 0; + uint8_t cert_sn[32]; + size_t cert_sn_size = sizeof(cert_sn); + static const uint8_t cert_sn_ref[3] = { 0x40, 0x01, 0x02 }; + + TEST_ASSERT(g_cert_def.std_cert_elements[STDCERT_CERT_SN].count <= sizeof(cert_sn)); + + ret = atcacert_get_cert_sn( + &g_cert_def, + g_cert_def_cert_template, + g_cert_def.cert_template_size, + cert_sn, + &cert_sn_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(sizeof(cert_sn_ref), cert_sn_size); + TEST_ASSERT_EQUAL_MEMORY(cert_sn_ref, cert_sn, sizeof(cert_sn_ref)); +} + +TEST(atcacert_get_cert_sn, bad_params) +{ + int ret = 0; + uint8_t cert_sn[32]; + size_t cert_sn_size = sizeof(cert_sn); + + ret = atcacert_get_cert_sn(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, cert_sn, &cert_sn_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(&g_cert_def, NULL, g_cert_def.cert_template_size, cert_sn, &cert_sn_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(NULL, NULL, g_cert_def.cert_template_size, cert_sn, &cert_sn_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, &cert_sn_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, &cert_sn_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(&g_cert_def, NULL, g_cert_def.cert_template_size, NULL, &cert_sn_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(NULL, NULL, g_cert_def.cert_template_size, NULL, &cert_sn_size); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, cert_sn, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, cert_sn, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(&g_cert_def, NULL, g_cert_def.cert_template_size, cert_sn, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(NULL, NULL, g_cert_def.cert_template_size, cert_sn, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_get_cert_sn(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); ret = atcacert_get_cert_sn(&g_cert_def, NULL, g_cert_def.cert_template_size, NULL, NULL); @@ -2991,7 +3809,7 @@ TEST(atcacert_set_comp_cert, bad_format) 0x19, 0x2a, 0x10, 0x51, 0x99, 0xae, 0x63, 0xfc, 0xeb, 0xd9, 0x33, 0xeb, 0x90, 0x25, 0x7d, 0x2e, 0xa9, 0x12, 0x89, 0xb5, 0xae, 0x90, 0x02, 0x7c, 0xbc, 0xb1, 0xc7, 0x44, 0x3a, 0x8a, 0x00, 0xbd, 0x15, 0xf2, 0xf5, 0x6f, 0x55, 0x01, 0xd1, 0x7a, 0xdf, 0xef, 0x48, 0x6b, 0x89, 0xf0, 0xc6, 0xaf, - 0xA9, 0x9D, 0x5C, 0xC4, 0x8B, 0x10, 0x91, 0x00 + 0xA9, 0x9D, 0x5C, 0xC4, 0x8B, 0x10, 0x92, 0x00 }; size_t cert_template_size = g_cert_def.cert_template_size; @@ -3067,138 +3885,848 @@ TEST(atcacert_set_comp_cert, bad_sn_source) TEST_ASSERT_EQUAL(ATCACERT_E_WRONG_CERT_DEF, ret); } -TEST(atcacert_set_comp_cert, bad_enc_dates) +TEST(atcacert_set_comp_cert, bad_enc_dates) +{ + int ret = 0; + static const uint8_t comp_cert[72] = { + 0x63, 0xe6, 0xfd, 0xcc, 0x7a, 0x99, 0xd5, 0x0d, 0x6a, 0x06, 0x70, 0x2d, 0xc0, 0x2f, 0x34, 0x25, + 0x19, 0x2a, 0x10, 0x51, 0x99, 0xae, 0x63, 0xfc, 0xeb, 0xd9, 0x33, 0xeb, 0x90, 0x25, 0x7d, 0x2e, + 0xa9, 0x12, 0x89, 0xb5, 0xae, 0x90, 0x02, 0x7c, 0xbc, 0xb1, 0xc7, 0x44, 0x3a, 0x8a, 0x00, 0xbd, + 0x15, 0xf2, 0xf5, 0x6f, 0x55, 0x01, 0xd1, 0x7a, 0xdf, 0xef, 0x48, 0x6b, 0x89, 0xf0, 0xc6, 0xaf, + 0xAF, 0x9D, 0x5C, 0xC4, 0x8B, 0x10, 0x90, 0x00 + }; + size_t cert_template_size = g_cert_def.cert_template_size; + + ret = atcacert_set_comp_cert( + &g_cert_def, + g_cert_def_cert_template, + &cert_template_size, + sizeof(g_cert_def_cert_template), + comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_INVALID_DATE, ret); +} + +TEST(atcacert_set_comp_cert, bad_params) +{ + int ret = 0; + size_t cert_template_size = g_cert_def.cert_template_size; + + ret = atcacert_set_comp_cert(NULL, g_cert_def_cert_template, &cert_template_size, sizeof(g_cert_def_cert_template), g_comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(&g_cert_def, NULL, &cert_template_size, sizeof(g_cert_def_cert_template), g_comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(NULL, NULL, &cert_template_size, sizeof(g_cert_def_cert_template), g_comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(&g_cert_def, g_cert_def_cert_template, NULL, sizeof(g_cert_def_cert_template), g_comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(NULL, g_cert_def_cert_template, NULL, sizeof(g_cert_def_cert_template), g_comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(&g_cert_def, NULL, NULL, sizeof(g_cert_def_cert_template), g_comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(NULL, NULL, NULL, sizeof(g_cert_def_cert_template), g_comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(&g_cert_def, g_cert_def_cert_template, &cert_template_size, sizeof(g_cert_def_cert_template), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(NULL, g_cert_def_cert_template, &cert_template_size, sizeof(g_cert_def_cert_template), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(&g_cert_def, NULL, &cert_template_size, sizeof(g_cert_def_cert_template), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(NULL, NULL, &cert_template_size, sizeof(g_cert_def_cert_template), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(&g_cert_def, g_cert_def_cert_template, NULL, sizeof(g_cert_def_cert_template), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(NULL, g_cert_def_cert_template, NULL, sizeof(g_cert_def_cert_template), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(&g_cert_def, NULL, NULL, sizeof(g_cert_def_cert_template), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + ret = atcacert_set_comp_cert(NULL, NULL, NULL, sizeof(g_cert_def_cert_template), NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} + + +TEST_GROUP(atcacert_get_comp_cert); + +TEST_SETUP(atcacert_get_comp_cert) +{ + ATCA_STATUS status; + status = atcab_init(gCfg); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + + useCert(&g_test_cert_def_1_signer); +} + +TEST_TEAR_DOWN(atcacert_get_comp_cert) +{ + ATCA_STATUS status; + status = atcab_release(); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); +} + +TEST(atcacert_get_comp_cert, good) +{ + int ret = 0; + uint8_t comp_cert[72]; + atcacert_tm_utc_t date; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0x7B, 0xFC, 0x1C, 0xC4, 0x8B, 0x14, 0x90, 0x00 + }; + static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + + g_cert_def.chain_id = 4; + + // Template signer id is XXXX, so we need to set it to a real hex value so it can be parsed + ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + // Make sure the expire_years in the cert matches the cert_def, so there's no mismatch + memset(&date, 0, sizeof(date)); + ret = atcacert_get_issue_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + date.tm_year += g_cert_def.expire_years; + ret = atcacert_set_expire_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_get_comp_cert, no_expire_loc) +{ + int ret = 0; + uint8_t comp_cert[72]; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0x7B, 0xFC, 0x1C, 0xC4, 0x8B, 0x14, 0x90, 0x00 + }; + static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + + g_cert_def.chain_id = 4; + + // Some cert defs with fixed expirations (i.e. no expiration max date) + // don't have an expire (not after) location set, since it never changes. + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].count = 0; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].offset = 0; + + // Template signer id is XXXX, so we need to set it to a real hex value so it can be parsed + ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_get_comp_cert, max_expire) +{ + int ret = 0; + uint8_t comp_cert[72]; + atcacert_tm_utc_t date; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0x7B, 0xFC, 0x00, 0xC4, 0x8B, 0x14, 0x90, 0x00 + }; + static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + + g_cert_def.chain_id = 4; + + // Template signer id is XXXX, so we need to set it to a real hex value so + // it can be parsed. + ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + // Set expire date to the max date for the RFC5280 UTC format being used, + // this should result in expire_years of 0 + memset(&date, 0, sizeof(date)); + date.tm_year = 2049 - 1900; + date.tm_mon = 12 - 1; + date.tm_mday = 31; + date.tm_hour = 23; + date.tm_min = 59; + date.tm_sec = 59; + ret = atcacert_set_expire_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); + + // Turn off the is_diff_expire_years_ok, which should now return an error due to differing expire_years + ret = atcacert_get_comp_cert_ext(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, NULL, false, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_WRONG_CERT_DEF, ret); +} + +TEST(atcacert_get_comp_cert, no_dates) +{ + int ret = 0; + uint8_t comp_cert[72]; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0x00, 0x84, 0x00, 0xC4, 0x8B, 0x14, 0x90, 0x00 + }; + static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + + g_cert_def.chain_id = 4; + g_cert_def.expire_years = 0; + + // Some cert defs have fixed dates or no dates. Need to make sure appropriate default values are used. + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].count = 0; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].offset = 0; + g_cert_def.std_cert_elements[STDCERT_ISSUE_DATE].count = 0; + g_cert_def.std_cert_elements[STDCERT_ISSUE_DATE].offset = 0; + + // Template signer id is XXXX, so we need to set it to a real hex value so it can be parsed + ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_get_comp_cert, not_even) +{ + int ret = 0; + uint8_t comp_cert[72]; + atcacert_tm_utc_t date; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0x7B, 0xFC, 0x1C, 0xC4, 0x8B, 0x14, 0x90, 0x00 + }; + static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + + g_cert_def.chain_id = 4; + + // Template signer id is XXXX, so we need to set it to a real hex value so + // it can be parsed. + ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + // Set the expire date to a value that's not an even number of years from + // the issue date. This means it's not using the encoded dates logic, so + // the cert def expire_years value is used instead of any kind of + // calculcated value from the certificate. + ret = atcacert_get_issue_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + date.tm_year += 5; + date.tm_sec += 1; + ret = atcacert_set_expire_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_get_comp_cert, expire_before_issue) +{ + int ret = 0; + uint8_t comp_cert[72]; + atcacert_tm_utc_t date; + static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + + // Template signer id is XXXX, so we need to set it to a real hex value so + // it can be parsed. + ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + // Set expire date to before issue date to make sure this is caught + ret = atcacert_get_issue_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + date.tm_year -= 1; + ret = atcacert_set_expire_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_BAD_CERT, ret); +} + +TEST(atcacert_get_comp_cert, large_expire) +{ + int ret = 0; + uint8_t comp_cert[72]; + atcacert_tm_utc_t date; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0x7B, 0xFC, 0x1C, 0xC4, 0x8B, 0x14, 0x90, 0x00 + }; + static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + + g_cert_def.chain_id = 4; + + // Template signer id is XXXX, so we need to set it to a real hex value so it can be parsed + ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + // Set expire date beyond the expire_years range to make sure it falls back to the fixed expire_years value in the cert_def + ret = atcacert_get_issue_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + date.tm_year += 32; // Max is 31, so set it 1 past + ret = atcacert_set_expire_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_get_comp_cert, diff_expire_years) +{ + int ret = 0; + uint8_t comp_cert[72]; + atcacert_tm_utc_t date; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0x7B, 0xFC, 0x1B, 0xC4, 0x8B, 0x14, 0x90, 0x00 + }; + static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + + g_cert_def.chain_id = 4; + + // Template signer id is XXXX, so we need to set it to a real hex value so it can be parsed + ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + // Make sure the expire_years in the cert is different from the cert_def + memset(&date, 0, sizeof(date)); + ret = atcacert_get_issue_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + date.tm_year += g_cert_def.expire_years - 1; + ret = atcacert_set_expire_date(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, &date); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + // This should use the calculcate value from the certificate + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); + + // Turn off the is_diff_expire_years_ok, which should now return an error due to differing expire_years + ret = atcacert_get_comp_cert_ext(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL, NULL, false, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_WRONG_CERT_DEF, ret); +} + +TEST(atcacert_get_comp_cert, public_key_only) +{ + // Make sure that a certificate composed of nothing more than a public key and signature + // still works for atcacert_get_comp_cert. + // Issue date should be the minimum value and signer ID should be zero. + + int ret = 0; + uint8_t comp_cert[72]; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0x00, 0x84, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00 + }; + + uint8_t cert[128] = { + 0x9F, 0x61, 0xEB, 0xA0, 0xD7, 0x9E, 0xF2, 0xC4, 0x96, 0xF1, 0x32, 0xF2, 0x50, 0x29, 0x01, 0xEF, + 0xD1, 0xE8, 0x6D, 0x45, 0x1A, 0xAC, 0x59, 0x70, 0xBE, 0x62, 0xF3, 0xE5, 0xFC, 0x53, 0xF1, 0xD9, + 0x20, 0x2D, 0x21, 0x9B, 0x3B, 0x66, 0x53, 0xC5, 0x5F, 0xD8, 0x1F, 0xAA, 0x99, 0x8C, 0x1F, 0x6C, + 0x42, 0x14, 0x2C, 0x61, 0xB2, 0x83, 0x9E, 0x71, 0x40, 0x06, 0xF2, 0x52, 0x7C, 0xFE, 0xA2, 0x3E, + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D + }; + + const uint8_t cert_template[128] = {0}; + + atcacert_def_t cert_def = { + .type = CERTTYPE_CUSTOM, + .comp_cert_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 9, + .is_genkey = FALSE, + .offset = 0, + .count = 72 + }, + .template_id = 2, + .chain_id = 3, + .private_key_slot = 0, + .sn_source = SNSRC_STORED, + .cert_sn_dev_loc = { + .zone = DEVZONE_NONE, + .slot = 0, + .is_genkey = 0, + .offset = 0, + .count = 0 + }, + .issue_date_format = DATEFMT_RFC5280_GEN, + .expire_date_format = DATEFMT_RFC5280_GEN, + .tbs_cert_loc = { + .offset = 0, + .count = 64 + }, + .expire_years = 0, + .public_key_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 0, + .is_genkey = 1, + .offset = 0, + .count = 64 + }, + .std_cert_elements = { + { // STDCERT_PUBLIC_KEY + .offset = 0, + .count = 64 + }, + { // STDCERT_SIGNATURE + .offset = 64, + .count = 64 + }, + { // STDCERT_ISSUE_DATE + .offset = 0, + .count = 0 + }, + { // STDCERT_EXPIRE_DATE + .offset = 0, + .count = 0 + }, + { // STDCERT_SIGNER_ID + .offset = 0, + .count = 0 + }, + { // STDCERT_CERT_SN + .offset = 0, + .count = 0 + }, + { // STDCERT_AUTH_KEY_ID + .offset = 0, + .count = 0 + }, + { // STDCERT_SUBJ_KEY_ID + .offset = 0, + .count = 0 + } + }, + .cert_elements = NULL, + .cert_elements_count = 0, + .cert_template = cert_template, + .cert_template_size = sizeof(cert_template) + }; + + ret = atcacert_get_comp_cert(&cert_def, cert, sizeof(cert), comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); +} + +TEST(atcacert_get_comp_cert, ext_def_issue_date_signer_id) { + // Make sure that atcacert_get_comp_cert_ext() defaults for issue date and signer id + // work. + int ret = 0; - static const uint8_t comp_cert[72] = { - 0x63, 0xe6, 0xfd, 0xcc, 0x7a, 0x99, 0xd5, 0x0d, 0x6a, 0x06, 0x70, 0x2d, 0xc0, 0x2f, 0x34, 0x25, - 0x19, 0x2a, 0x10, 0x51, 0x99, 0xae, 0x63, 0xfc, 0xeb, 0xd9, 0x33, 0xeb, 0x90, 0x25, 0x7d, 0x2e, - 0xa9, 0x12, 0x89, 0xb5, 0xae, 0x90, 0x02, 0x7c, 0xbc, 0xb1, 0xc7, 0x44, 0x3a, 0x8a, 0x00, 0xbd, - 0x15, 0xf2, 0xf5, 0x6f, 0x55, 0x01, 0xd1, 0x7a, 0xdf, 0xef, 0x48, 0x6b, 0x89, 0xf0, 0xc6, 0xaf, - 0xAF, 0x9D, 0x5C, 0xC4, 0x8B, 0x10, 0x90, 0x00 + uint8_t comp_cert[72]; + static const uint8_t comp_cert_ref[72] = { + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, + 0xC1, 0xD9, 0xC0, 0xC4, 0x8B, 0x23, 0x00, 0x00 }; - size_t cert_template_size = g_cert_def.cert_template_size; - ret = atcacert_set_comp_cert( - &g_cert_def, - g_cert_def_cert_template, - &cert_template_size, - sizeof(g_cert_def_cert_template), - comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_INVALID_DATE, ret); -} + atcacert_tm_utc_t def_issue_date = { + .tm_sec = 0, + .tm_min = 0, + .tm_hour = 14, + .tm_mday = 22, + .tm_mon = 3 - 1, + .tm_year = 2024 - 1900 + }; -TEST(atcacert_set_comp_cert, bad_params) -{ - int ret = 0; - size_t cert_template_size = g_cert_def.cert_template_size; + uint8_t def_signer_id[2] = { 0xC4, 0x8B }; - ret = atcacert_set_comp_cert(NULL, g_cert_def_cert_template, &cert_template_size, sizeof(g_cert_def_cert_template), g_comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_set_comp_cert(&g_cert_def, NULL, &cert_template_size, sizeof(g_cert_def_cert_template), g_comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + uint8_t cert[128] = { + 0x9F, 0x61, 0xEB, 0xA0, 0xD7, 0x9E, 0xF2, 0xC4, 0x96, 0xF1, 0x32, 0xF2, 0x50, 0x29, 0x01, 0xEF, + 0xD1, 0xE8, 0x6D, 0x45, 0x1A, 0xAC, 0x59, 0x70, 0xBE, 0x62, 0xF3, 0xE5, 0xFC, 0x53, 0xF1, 0xD9, + 0x20, 0x2D, 0x21, 0x9B, 0x3B, 0x66, 0x53, 0xC5, 0x5F, 0xD8, 0x1F, 0xAA, 0x99, 0x8C, 0x1F, 0x6C, + 0x42, 0x14, 0x2C, 0x61, 0xB2, 0x83, 0x9E, 0x71, 0x40, 0x06, 0xF2, 0x52, 0x7C, 0xFE, 0xA2, 0x3E, + 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, + 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, + 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, + 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D + }; - ret = atcacert_set_comp_cert(NULL, NULL, &cert_template_size, sizeof(g_cert_def_cert_template), g_comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + const uint8_t cert_template[128] = { 0 }; - ret = atcacert_set_comp_cert(&g_cert_def, g_cert_def_cert_template, NULL, sizeof(g_cert_def_cert_template), g_comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + atcacert_def_t cert_def = { + .type = CERTTYPE_CUSTOM, + .comp_cert_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 9, + .is_genkey = FALSE, + .offset = 0, + .count = 72 + }, + .template_id = 2, + .chain_id = 3, + .private_key_slot = 0, + .sn_source = SNSRC_STORED, + .cert_sn_dev_loc = { + .zone = DEVZONE_NONE, + .slot = 0, + .is_genkey = 0, + .offset = 0, + .count = 0 + }, + .issue_date_format = DATEFMT_RFC5280_GEN, + .expire_date_format = DATEFMT_RFC5280_GEN, + .tbs_cert_loc = { + .offset = 0, + .count = 64 + }, + .expire_years = 0, + .public_key_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 0, + .is_genkey = 1, + .offset = 0, + .count = 64 + }, + .std_cert_elements = { + { // STDCERT_PUBLIC_KEY + .offset = 0, + .count = 64 + }, + { // STDCERT_SIGNATURE + .offset = 64, + .count = 64 + }, + { // STDCERT_ISSUE_DATE + .offset = 0, + .count = 0 + }, + { // STDCERT_EXPIRE_DATE + .offset = 0, + .count = 0 + }, + { // STDCERT_SIGNER_ID + .offset = 0, + .count = 0 + }, + { // STDCERT_CERT_SN + .offset = 0, + .count = 0 + }, + { // STDCERT_AUTH_KEY_ID + .offset = 0, + .count = 0 + }, + { // STDCERT_SUBJ_KEY_ID + .offset = 0, + .count = 0 + } + }, + .cert_elements = NULL, + .cert_elements_count = 0, + .cert_template = cert_template, + .cert_template_size = sizeof(cert_template) + }; - ret = atcacert_set_comp_cert(NULL, g_cert_def_cert_template, NULL, sizeof(g_cert_def_cert_template), g_comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + ret = atcacert_get_comp_cert_ext(&cert_def, cert, sizeof(cert), &def_issue_date, def_signer_id, false, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); - ret = atcacert_set_comp_cert(&g_cert_def, NULL, NULL, sizeof(g_cert_def_cert_template), g_comp_cert); + // Make sure we get an error if the def_issue_date isn't set + ret = atcacert_get_comp_cert_ext(&cert_def, cert, sizeof(cert), NULL, def_signer_id, false, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_set_comp_cert(NULL, NULL, NULL, sizeof(g_cert_def_cert_template), g_comp_cert); + // Make sure we get an error if the def_signer_id isn't set + ret = atcacert_get_comp_cert_ext(&cert_def, cert, sizeof(cert), &def_issue_date, NULL, false, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +} - ret = atcacert_set_comp_cert(&g_cert_def, g_cert_def_cert_template, &cert_template_size, sizeof(g_cert_def_cert_template), NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); +TEST(atcacert_get_comp_cert, bad_params) +{ + int ret = 0; + uint8_t comp_cert[72]; - ret = atcacert_set_comp_cert(NULL, g_cert_def_cert_template, &cert_template_size, sizeof(g_cert_def_cert_template), NULL); + ret = atcacert_get_comp_cert(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_set_comp_cert(&g_cert_def, NULL, &cert_template_size, sizeof(g_cert_def_cert_template), NULL); + ret = atcacert_get_comp_cert(&g_cert_def, NULL, g_cert_def.cert_template_size, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_set_comp_cert(NULL, NULL, &cert_template_size, sizeof(g_cert_def_cert_template), NULL); + ret = atcacert_get_comp_cert(NULL, NULL, g_cert_def.cert_template_size, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_set_comp_cert(&g_cert_def, g_cert_def_cert_template, NULL, sizeof(g_cert_def_cert_template), NULL); + ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_set_comp_cert(NULL, g_cert_def_cert_template, NULL, sizeof(g_cert_def_cert_template), NULL); + ret = atcacert_get_comp_cert(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_set_comp_cert(&g_cert_def, NULL, NULL, sizeof(g_cert_def_cert_template), NULL); + ret = atcacert_get_comp_cert(&g_cert_def, NULL, g_cert_def.cert_template_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_set_comp_cert(NULL, NULL, NULL, sizeof(g_cert_def_cert_template), NULL); + ret = atcacert_get_comp_cert(NULL, NULL, g_cert_def.cert_template_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); } +TEST(atcacert_get_comp_cert, gen_comp_with_expiry_date_beyond_2049) +{ + int ret = 0; + uint8_t comp_cert[72] = {0}; + uint8_t comp_cert_ref[72] = {0x8a ,0x76 ,0x8e ,0x21 ,0x4f ,0x85 ,0xb1 ,0x7c ,0x30 ,0x72 ,0x17 , + 0x04 ,0x10 ,0x84 ,0x80 ,0xb8 ,0xa2 ,0x77 ,0x7e ,0x88 ,0x7c, 0xbe ,0x21 ,0xc4 ,0xde ,0x92 ,0x37 , + 0x3f ,0x47 ,0x1f ,0xe4 ,0x3d ,0xd4 ,0x02 ,0x89 ,0xa0 ,0xb0 ,0xdc ,0x18 ,0x01 ,0x3e ,0x26 , 0x82 , + 0xa5 ,0x7e ,0x03 ,0x42 ,0xc0 ,0xae ,0x74 ,0x08 ,0x9d ,0x7a ,0x30 ,0x46 ,0x2d ,0x91 ,0x9d ,0xc3 , + 0xb1 ,0xcb ,0x64 ,0x27 , 0x62 ,0xc2 ,0x65 ,0x52 ,0xad ,0x04 ,0x01 ,0xa1 ,0x10}; -TEST_GROUP(atcacert_get_comp_cert); + //Use the openssl generated x.509 certificate + useCert(&g_test_cert_def_7_signer); -TEST_SETUP(atcacert_get_comp_cert) -{ - useCert(&g_test_cert_def_1_signer); -} + //Generate the compressed certificate + ret = atcacert_get_comp_cert(&g_test_cert_def_7_signer, g_test_cert_def_7_signer.cert_template, g_test_cert_def_7_signer.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); -TEST_TEAR_DOWN(atcacert_get_comp_cert) -{ -} -TEST(atcacert_get_comp_cert, good) -{ - int ret = 0; - uint8_t comp_cert[72]; - static const uint8_t comp_cert_ref[72] = { - 0x43, 0x90, 0xCD, 0x89, 0xE0, 0x75, 0xD0, 0x45, 0x93, 0x7B, 0x37, 0x3F, 0x52, 0x6F, 0xF6, 0x5C, - 0x4B, 0x4C, 0xCA, 0x7C, 0x61, 0x3C, 0x5F, 0x9C, 0xF2, 0xF4, 0xC9, 0xE7, 0xCE, 0xDF, 0x24, 0xAA, - 0x89, 0x52, 0x36, 0xF3, 0xC3, 0x7C, 0xD7, 0x9D, 0x5C, 0x43, 0xF4, 0xA9, 0x1B, 0xB3, 0xB1, 0xC7, - 0x3E, 0xB2, 0x66, 0x74, 0x6C, 0x20, 0x53, 0x0A, 0x3B, 0x90, 0x77, 0x6C, 0xA9, 0xC7, 0x79, 0x0D, - 0x7B, 0xFC, 0x14, 0xC4, 0x8B, 0x14, 0x90, 0x00 - }; - static const uint8_t signer_id[2] = { 0xC4, 0x8B }; + uint8_t cert[528]; + size_t cert_size = sizeof(cert); + atcacert_build_state_t build_state; - g_cert_def.chain_id = 4; + //Root public key + static const uint8_t ca_public_key[64] = { + 0x58 ,0x11 ,0x17 ,0x18 ,0x46 ,0xc7 ,0x62 ,0x65 ,0x1b ,0x45 ,0x51 ,0xe1 ,0x13 ,0xca, + 0x58 ,0x25 ,0x1d ,0xaf ,0x5a ,0xfe ,0xa9 ,0xf6 ,0xc5 ,0x2a ,0xb2 ,0x3b ,0xa0 ,0xa3 ,0x2f, + 0x26 ,0x3a ,0x0e ,0x83 ,0xf2 ,0xfe ,0xe3 ,0x57 ,0x98 ,0xb5 ,0xcd ,0xa0 ,0x20 ,0x04 ,0xdf, + 0xc5 ,0x11 ,0x88 ,0xdf ,0x89 ,0x2c ,0x8d ,0x52 ,0xa8 ,0x08 ,0x01 ,0xe3 ,0x0e ,0xda ,0x71, + 0xb6 ,0x88 ,0x1f ,0x4e ,0xff + }; + + //Signer certificate public key + static const uint8_t signer_public_key[64] = { + 0x44, 0xA2, 0x47, 0xFB, 0x1A, 0x3D, 0x5A, 0xA4, 0x0E, 0xC7, 0x10, 0x0C, + 0x82, 0x6A, 0x4C, 0xA8, 0xC5, 0x99, 0xED, 0xB9, 0xC1, 0x69, 0x25, 0xE1, 0x21, 0xD0, 0xA7, 0x96, + 0x42, 0x2C, 0x2E, 0x75, 0xF5, 0xE0, 0x96, 0xE3, 0x81, 0x36, 0x69, 0xF6, 0xB2, 0xCC, 0xD0, 0x73, + 0x03, 0x1E, 0x5C, 0x0C, 0xFC, 0x2E, 0xDC, 0x31, 0x3D, 0xAA, 0x77, 0x8F, 0xEE, 0xEE, 0x97, 0x54, + 0xE6, 0xAC, 0x48, 0x0A + }; + + //Full signer certificate with : + //expiry date: year, day, month, hr, sec updated as per spec + //issue date: year, day, month, hr, sec updated as per spec + //Updated serial number based on public key source 0x0A mode + const uint8_t cert_signer_ref[528] = { + 0x30, 0x82, 0x02, 0x0C, 0x30, 0x82, 0x01, 0xB1, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x43, + 0x4E, 0x4D, 0xBA, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, + 0x61, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x4E, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x54, 0x4E, 0x31, 0x0C, 0x30, 0x0A, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x03, 0x43, 0x48, 0x4E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x04, 0x4D, 0x43, 0x48, 0x50, 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x03, 0x53, 0x43, 0x47, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x11, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x46, 0x46, + 0x46, 0x46, 0x30, 0x20, 0x17, 0x0D, 0x32, 0x34, 0x30, 0x34, 0x32, 0x35, 0x31, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x37, 0x34, 0x30, 0x34, 0x32, 0x35, 0x31, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x5A, 0x30, 0x63, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x49, 0x4E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x54, 0x4E, + 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x03, 0x43, 0x48, 0x4E, 0x31, 0x0D, + 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x04, 0x4D, 0x43, 0x48, 0x50, 0x31, 0x0C, 0x30, + 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x53, 0x43, 0x47, 0x31, 0x1C, 0x30, 0x1A, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x13, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x53, 0x69, + 0x67, 0x6E, 0x65, 0x72, 0x20, 0x41, 0x44, 0x30, 0x34, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x44, 0xA2, 0x47, 0xFB, 0x1A, 0x3D, 0x5A, 0xA4, 0x0E, 0xC7, 0x10, 0x0C, + 0x82, 0x6A, 0x4C, 0xA8, 0xC5, 0x99, 0xED, 0xB9, 0xC1, 0x69, 0x25, 0xE1, 0x21, 0xD0, 0xA7, 0x96, + 0x42, 0x2C, 0x2E, 0x75, 0xF5, 0xE0, 0x96, 0xE3, 0x81, 0x36, 0x69, 0xF6, 0xB2, 0xCC, 0xD0, 0x73, + 0x03, 0x1E, 0x5C, 0x0C, 0xFC, 0x2E, 0xDC, 0x31, 0x3D, 0xAA, 0x77, 0x8F, 0xEE, 0xEE, 0x97, 0x54, + 0xE6, 0xAC, 0x48, 0x0A, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0xF5, 0x78, 0x56, 0x6F, 0x58, 0xDE, 0x04, 0xF4, 0xF8, 0x06, 0xE6, 0x2E, 0x1F, + 0xD0, 0xC9, 0xC0, 0xBC, 0xFB, 0x65, 0xAA, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x7F, 0x51, 0xE5, 0x29, 0xEA, 0x34, 0x74, 0x00, 0x20, 0x1E, 0x2C, 0x10, + 0xB3, 0x80, 0xFC, 0xC7, 0x5C, 0x4E, 0xE4, 0xD2, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, + 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0x8A, 0x76, 0x8E, + 0x21, 0x4F, 0x85, 0xB1, 0x7C, 0x30, 0x72, 0x17, 0x04, 0x10, 0x84, 0x80, 0xB8, 0xA2, 0x77, 0x7E, + 0x88, 0x7C, 0xBE, 0x21, 0xC4, 0xDE, 0x92, 0x37, 0x3F, 0x47, 0x1F, 0xE4, 0x3D, 0x02, 0x21, 0x00, + 0xD4, 0x02, 0x89, 0xA0, 0xB0, 0xDC, 0x18, 0x01, 0x3E, 0x26, 0x82, 0xA5, 0x7E, 0x03, 0x42, 0xC0, + 0xAE, 0x74, 0x08, 0x9D, 0x7A, 0x30, 0x46, 0x2D, 0x91, 0x9D, 0xC3, 0xB1, 0xCB, 0x64, 0x27, 0x62}; + + //Build the full certificate + ret = atcacert_cert_build_start( + atcab_get_device(), + &build_state, + &g_test_cert_def_7_signer, + cert, + &cert_size, + ca_public_key); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - ret = atcacert_set_signer_id(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, signer_id); + //Update the signer public key in full certificate buffer + ret = atcacert_cert_build_process(&build_state, &g_test_cert_def_7_signer.public_key_dev_loc, signer_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); + //Decode the compressed certificate to full certificate for remaining contents + ret = atcacert_cert_build_process(&build_state, &g_test_cert_def_7_signer.comp_cert_dev_loc, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); + + ret = atcacert_cert_build_finish(&build_state); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + TEST_ASSERT_EQUAL(sizeof(cert_signer_ref), cert_size); + TEST_ASSERT_EQUAL_MEMORY(cert_signer_ref, cert, cert_size); } -TEST(atcacert_get_comp_cert, bad_params) +TEST(atcacert_get_comp_cert, gen_comp_with_issue_date_beyond_2031) { int ret = 0; - uint8_t comp_cert[72]; + uint8_t comp_cert[72] = {0}; + uint8_t comp_cert_ref[72] = {0x8a ,0x76 ,0x8e ,0x21 ,0x4f ,0x85 ,0xb1 ,0x7c ,0x30 ,0x72 ,0x17 , + 0x04 ,0x10 ,0x84 ,0x80 ,0xb8 ,0xa2 ,0x77 ,0x7e ,0x88 ,0x7c, 0xbe ,0x21 ,0xc4 ,0xde ,0x92 ,0x37 , + 0x3f ,0x47 ,0x1f ,0xe4 ,0x3d ,0xd4 ,0x02 ,0x89 ,0xa0 ,0xb0 ,0xdc ,0x18 ,0x01 ,0x3e ,0x26 , 0x82 , + 0xa5 ,0x7e ,0x03 ,0x42 ,0xc0 ,0xae ,0x74 ,0x08 ,0x9d ,0x7a ,0x30 ,0x46 ,0x2d ,0x91 ,0x9d ,0xc3 , + 0xb1 ,0xcb ,0x64 ,0x27 , 0x62 ,0xc2 ,0x65 ,0x52 ,0xad ,0x04 ,0x01 ,0xa1 ,0x10}; - ret = atcacert_get_comp_cert(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + //Use the openssl generated x.509 certificate + useCert(&g_test_cert_def_7_signer); - ret = atcacert_get_comp_cert(&g_cert_def, NULL, g_cert_def.cert_template_size, comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + //Generate the compressed certificate + ret = atcacert_get_comp_cert(&g_test_cert_def_7_signer, g_test_cert_def_7_signer.cert_template, g_test_cert_def_7_signer.cert_template_size, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL_MEMORY(comp_cert_ref, comp_cert, sizeof(comp_cert)); - ret = atcacert_get_comp_cert(NULL, NULL, g_cert_def.cert_template_size, comp_cert); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_comp_cert(&g_cert_def, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + uint8_t cert[528]; + size_t cert_size = sizeof(cert); + atcacert_build_state_t build_state; - ret = atcacert_get_comp_cert(NULL, g_cert_def_cert_template, g_cert_def.cert_template_size, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + //Root public key + static const uint8_t ca_public_key[64] = { + 0x58 ,0x11 ,0x17 ,0x18 ,0x46 ,0xc7 ,0x62 ,0x65 ,0x1b ,0x45 ,0x51 ,0xe1 ,0x13 ,0xca, + 0x58 ,0x25 ,0x1d ,0xaf ,0x5a ,0xfe ,0xa9 ,0xf6 ,0xc5 ,0x2a ,0xb2 ,0x3b ,0xa0 ,0xa3 ,0x2f, + 0x26 ,0x3a ,0x0e ,0x83 ,0xf2 ,0xfe ,0xe3 ,0x57 ,0x98 ,0xb5 ,0xcd ,0xa0 ,0x20 ,0x04 ,0xdf, + 0xc5 ,0x11 ,0x88 ,0xdf ,0x89 ,0x2c ,0x8d ,0x52 ,0xa8 ,0x08 ,0x01 ,0xe3 ,0x0e ,0xda ,0x71, + 0xb6 ,0x88 ,0x1f ,0x4e ,0xff + }; + + //Signer certificate public key + static const uint8_t signer_public_key[64] = { + 0x44, 0xA2, 0x47, 0xFB, 0x1A, 0x3D, 0x5A, 0xA4, 0x0E, 0xC7, 0x10, 0x0C, + 0x82, 0x6A, 0x4C, 0xA8, 0xC5, 0x99, 0xED, 0xB9, 0xC1, 0x69, 0x25, 0xE1, 0x21, 0xD0, 0xA7, 0x96, + 0x42, 0x2C, 0x2E, 0x75, 0xF5, 0xE0, 0x96, 0xE3, 0x81, 0x36, 0x69, 0xF6, 0xB2, 0xCC, 0xD0, 0x73, + 0x03, 0x1E, 0x5C, 0x0C, 0xFC, 0x2E, 0xDC, 0x31, 0x3D, 0xAA, 0x77, 0x8F, 0xEE, 0xEE, 0x97, 0x54, + 0xE6, 0xAC, 0x48, 0x0A + }; + + //Full signer certificate with : + //new expiry date: year, day, month, hr, sec updated as per spec + //new issue date: year, day, month, hr, sec updated as per spec + //Updated serial number based on public key source 0x0A mode + const uint8_t cert_signer_ref[528] = { + 0x30, 0x82, 0x02, 0x0C, 0x30, 0x82, 0x01, 0xB1, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x46, + 0xF5, 0x8D, 0x36, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, + 0x61, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x4E, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x54, 0x4E, 0x31, 0x0C, 0x30, 0x0A, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x03, 0x43, 0x48, 0x4E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x04, 0x4D, 0x43, 0x48, 0x50, 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x03, 0x53, 0x43, 0x47, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x11, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x46, 0x46, + 0x46, 0x46, 0x30, 0x20, 0x17, 0x0D, 0x34, 0x37, 0x30, 0x39, 0x30, 0x33, 0x32, 0x31, 0x30, 0x30, + 0x30, 0x30, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x39, 0x37, 0x30, 0x39, 0x30, 0x33, 0x32, 0x31, 0x30, + 0x30, 0x30, 0x30, 0x5A, 0x30, 0x63, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x49, 0x4E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x54, 0x4E, + 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x03, 0x43, 0x48, 0x4E, 0x31, 0x0D, + 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x04, 0x4D, 0x43, 0x48, 0x50, 0x31, 0x0C, 0x30, + 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x53, 0x43, 0x47, 0x31, 0x1C, 0x30, 0x1A, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x13, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x53, 0x69, + 0x67, 0x6E, 0x65, 0x72, 0x20, 0x41, 0x44, 0x30, 0x34, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x44, 0xA2, 0x47, 0xFB, 0x1A, 0x3D, 0x5A, 0xA4, 0x0E, 0xC7, 0x10, 0x0C, + 0x82, 0x6A, 0x4C, 0xA8, 0xC5, 0x99, 0xED, 0xB9, 0xC1, 0x69, 0x25, 0xE1, 0x21, 0xD0, 0xA7, 0x96, + 0x42, 0x2C, 0x2E, 0x75, 0xF5, 0xE0, 0x96, 0xE3, 0x81, 0x36, 0x69, 0xF6, 0xB2, 0xCC, 0xD0, 0x73, + 0x03, 0x1E, 0x5C, 0x0C, 0xFC, 0x2E, 0xDC, 0x31, 0x3D, 0xAA, 0x77, 0x8F, 0xEE, 0xEE, 0x97, 0x54, + 0xE6, 0xAC, 0x48, 0x0A, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0xF5, 0x78, 0x56, 0x6F, 0x58, 0xDE, 0x04, 0xF4, 0xF8, 0x06, 0xE6, 0x2E, 0x1F, + 0xD0, 0xC9, 0xC0, 0xBC, 0xFB, 0x65, 0xAA, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x7F, 0x51, 0xE5, 0x29, 0xEA, 0x34, 0x74, 0x00, 0x20, 0x1E, 0x2C, 0x10, + 0xB3, 0x80, 0xFC, 0xC7, 0x5C, 0x4E, 0xE4, 0xD2, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, + 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0x8A, 0x76, 0x8E, + 0x21, 0x4F, 0x85, 0xB1, 0x7C, 0x30, 0x72, 0x17, 0x04, 0x10, 0x84, 0x80, 0xB8, 0xA2, 0x77, 0x7E, + 0x88, 0x7C, 0xBE, 0x21, 0xC4, 0xDE, 0x92, 0x37, 0x3F, 0x47, 0x1F, 0xE4, 0x3D, 0x02, 0x21, 0x00, + 0xD4, 0x02, 0x89, 0xA0, 0xB0, 0xDC, 0x18, 0x01, 0x3E, 0x26, 0x82, 0xA5, 0x7E, 0x03, 0x42, 0xC0, + 0xAE, 0x74, 0x08, 0x9D, 0x7A, 0x30, 0x46, 0x2D, 0x91, 0x9D, 0xC3, 0xB1, 0xCB, 0x64, 0x27, 0x62}; + + //Build the full certificate + ret = atcacert_cert_build_start( + atcab_get_device(), + &build_state, + &g_test_cert_def_7_signer, + cert, + &cert_size, + ca_public_key); - ret = atcacert_get_comp_cert(&g_cert_def, NULL, g_cert_def.cert_template_size, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - ret = atcacert_get_comp_cert(NULL, NULL, g_cert_def.cert_template_size, NULL); - TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); + + //Update issue date > 2031 + const atcacert_tm_utc_t device_issue_date = { + .tm_year = 2047 - 1900, + .tm_mon = 9 - 1, + .tm_mday = 3, + .tm_hour = 21, + .tm_min = 0, + .tm_sec = 0 + }; + + //Get the encoded date format data from compressed certificate with the updated dates + //This is a functional test to see certificate is build proper eventhough signature has to be changed + ret = atcacert_date_enc_compcert_ext(&device_issue_date, g_test_cert_def_7_signer.expire_years, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + //Update the signer public key in full certificate + ret = atcacert_cert_build_process(&build_state, &g_test_cert_def_7_signer.public_key_dev_loc, signer_public_key); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + //Decode the compressed certificate to full certificate for remaining contents + ret = atcacert_cert_build_process(&build_state, &g_test_cert_def_7_signer.comp_cert_dev_loc, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_cert_build_finish(&build_state); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(sizeof(cert_signer_ref), cert_size); + TEST_ASSERT_EQUAL_MEMORY(cert_signer_ref, cert, cert_size); } @@ -4921,11 +6449,18 @@ TEST_GROUP(atcacert_get_device_locs); TEST_SETUP(atcacert_get_device_locs) { + ATCA_STATUS status; + status = atcab_init(gCfg); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + useCert(&g_test_cert_def_1_signer); } TEST_TEAR_DOWN(atcacert_get_device_locs) { + ATCA_STATUS status; + status = atcab_release(); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); } TEST(atcacert_get_device_locs, device) @@ -4940,6 +6475,7 @@ TEST(atcacert_get_device_locs, device) .offset = 0, .count = 67 }; + atcacert_cert_element_t cert_elements[] = { { .id = "Extra element 1", @@ -4970,7 +6506,7 @@ TEST(atcacert_get_device_locs, device) } } }; - static const atcacert_device_loc_t ref_device_locs[] = { + static atcacert_device_loc_t ref_device_locs[] = { { //compressed cert .zone = DEVZONE_DATA, .slot = 10, @@ -5015,6 +6551,8 @@ TEST(atcacert_get_device_locs, device) }, }; + ref_device_locs[5].count = (true == atcab_is_ca_device(atcab_get_device_type())) ? 32 : 16; + useCert(&g_test_cert_def_0_device); g_cert_def.cert_sn_dev_loc = cert_sn_dev_loc; @@ -5023,14 +6561,16 @@ TEST(atcacert_get_device_locs, device) g_cert_def.cert_elements_count = sizeof(cert_elements) / sizeof(cert_elements[0]); ret = atcacert_get_device_locs( + atcab_get_device(), &g_cert_def, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 1); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); TEST_ASSERT_EQUAL(sizeof(ref_device_locs) / sizeof(ref_device_locs[0]), device_locs_count); - TEST_ASSERT_EQUAL_MEMORY(&ref_device_locs[0], &device_locs[0], sizeof(ref_device_locs)); + TEST_ASSERT_EQUAL_MEMORY(&ref_device_locs[0], &device_locs[0], (sizeof(ref_device_locs))); } TEST(atcacert_get_device_locs, signer_device) @@ -5075,7 +6615,7 @@ TEST(atcacert_get_device_locs, signer_device) } } }; - static const atcacert_device_loc_t ref_device_locs[] = { + static atcacert_device_loc_t ref_device_locs[] = { { //signer compressed cert loc .zone = DEVZONE_DATA, @@ -5142,9 +6682,12 @@ TEST(atcacert_get_device_locs, signer_device) }, }; + ref_device_locs[7].count = (true == atcab_is_ca_device(atcab_get_device_type())) ? 32 : 16; + g_cert_def.cert_sn_dev_loc = cert_sn_dev_loc; ret = atcacert_get_device_locs( + atcab_get_device(), &g_cert_def, device_locs, &device_locs_count, @@ -5162,6 +6705,7 @@ TEST(atcacert_get_device_locs, signer_device) g_cert_def.cert_elements_count = sizeof(cert_elements) / sizeof(cert_elements[0]); ret = atcacert_get_device_locs( + atcab_get_device(), &g_cert_def, device_locs, &device_locs_count, @@ -5214,7 +6758,7 @@ TEST(atcacert_get_device_locs, 32block_signer_device) } } }; - static const atcacert_device_loc_t ref_device_locs[] = { + static atcacert_device_loc_t ref_device_locs[] = { { // .zone = DEVZONE_DATA, .slot = 12, @@ -5273,9 +6817,12 @@ TEST(atcacert_get_device_locs, 32block_signer_device) }, }; + ref_device_locs[7].count = (true == atcab_is_ca_device(atcab_get_device_type())) ? 32 : 16; + g_cert_def.cert_sn_dev_loc = cert_sn_dev_loc; ret = atcacert_get_device_locs( + atcab_get_device(), &g_cert_def, device_locs, &device_locs_count, @@ -5293,6 +6840,7 @@ TEST(atcacert_get_device_locs, 32block_signer_device) g_cert_def.cert_elements_count = sizeof(cert_elements) / sizeof(cert_elements[0]); ret = atcacert_get_device_locs( + atcab_get_device(), &g_cert_def, device_locs, &device_locs_count, @@ -5319,6 +6867,7 @@ TEST(atcacert_get_device_locs, small_buf) g_cert_def.cert_sn_dev_loc = cert_sn_dev_loc; ret = atcacert_get_device_locs( + atcab_get_device(), &g_cert_def, device_locs, &device_locs_count, @@ -5333,49 +6882,49 @@ TEST(atcacert_get_device_locs, bad_params) atcacert_device_loc_t device_locs[5]; size_t device_locs_count = 0; - ret = atcacert_get_device_locs(NULL, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 1); + ret = atcacert_get_device_locs(atcab_get_device(),NULL, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 1); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(&g_cert_def, NULL, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 1); + ret = atcacert_get_device_locs(atcab_get_device(),&g_cert_def, NULL, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 1); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(NULL, NULL, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 1); + ret = atcacert_get_device_locs(atcab_get_device(),NULL, NULL, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 1); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(&g_cert_def, device_locs, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 1); + ret = atcacert_get_device_locs(atcab_get_device(),&g_cert_def, device_locs, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 1); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(NULL, device_locs, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 1); + ret = atcacert_get_device_locs(atcab_get_device(),NULL, device_locs, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 1); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(&g_cert_def, NULL, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 1); + ret = atcacert_get_device_locs(atcab_get_device(),&g_cert_def, NULL, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 1); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(NULL, NULL, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 1); + ret = atcacert_get_device_locs(atcab_get_device(),NULL, NULL, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 1); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(&g_cert_def, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 0); + ret = atcacert_get_device_locs(atcab_get_device(),&g_cert_def, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 0); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(NULL, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 0); + ret = atcacert_get_device_locs(atcab_get_device(),NULL, device_locs, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 0); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(&g_cert_def, NULL, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 0); + ret = atcacert_get_device_locs(atcab_get_device(),&g_cert_def, NULL, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 0); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(NULL, NULL, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 0); + ret = atcacert_get_device_locs(atcab_get_device(),NULL, NULL, &device_locs_count, sizeof(device_locs) / sizeof(device_locs[0]), 0); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(&g_cert_def, device_locs, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 0); + ret = atcacert_get_device_locs(atcab_get_device(),&g_cert_def, device_locs, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 0); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(NULL, device_locs, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 0); + ret = atcacert_get_device_locs(atcab_get_device(),NULL, device_locs, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 0); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(&g_cert_def, NULL, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 0); + ret = atcacert_get_device_locs(atcab_get_device(),&g_cert_def, NULL, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 0); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_get_device_locs(NULL, NULL, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 0); + ret = atcacert_get_device_locs(atcab_get_device(),NULL, NULL, NULL, sizeof(device_locs) / sizeof(device_locs[0]), 0); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); } @@ -5384,11 +6933,20 @@ TEST_GROUP(atcacert_cert_build); TEST_SETUP(atcacert_cert_build) { + ATCA_STATUS status; + + status = atcab_init(gCfg); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); + useCert(&g_test_cert_def_1_signer); } TEST_TEAR_DOWN(atcacert_cert_build) { + ATCA_STATUS status; + + status = atcab_release(); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, status); } TEST(atcacert_cert_build, start_signer) @@ -5424,7 +6982,7 @@ TEST(atcacert_cert_build, start_signer) 0xa9, 0x1b, 0xb3, 0xb1, 0xc7, 0x3e, 0xb2, 0x66, 0x74, 0x6c, 0x20, 0x53, 0x0a, 0x3b, 0x90, 0x77, 0x6c, 0xa9, 0xc7, 0x79, 0x0d }; - uint8_t cert[512]; + uint8_t cert[512] = {0}; size_t cert_size = sizeof(cert); const atcacert_build_state_t build_state_ref = { .cert_def = &g_cert_def, @@ -5432,11 +6990,20 @@ TEST(atcacert_cert_build, start_signer) .cert_size = &cert_size, .max_cert_size = cert_size, .is_device_sn = FALSE, - .device_sn = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } + .devtype = atcab_get_device_type_ext(atcab_get_device()), + .device_sn = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + .comp_cert = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } }; atcacert_build_state_t build_state; ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -5508,6 +7075,7 @@ TEST(atcacert_cert_build, process_signer_public_key) atcacert_build_state_t build_state; ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -5573,6 +7141,7 @@ TEST(atcacert_cert_build, process_signer_comp_cert) atcacert_build_state_t build_state; ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -5641,6 +7210,7 @@ TEST(atcacert_cert_build, finish_signer) atcacert_build_state_t build_state; ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -5713,15 +7283,23 @@ TEST(atcacert_cert_build, start_signer_no_ca_key) 0xa9, 0x1b, 0xb3, 0xb1, 0xc7, 0x3e, 0xb2, 0x66, 0x74, 0x6c, 0x20, 0x53, 0x0a, 0x3b, 0x90, 0x77, 0x6c, 0xa9, 0xc7, 0x79, 0x0d }; - uint8_t cert[512]; + uint8_t cert[512] = {0}; size_t cert_size = sizeof(cert); - const atcacert_build_state_t build_state_ref = { + const atcacert_build_state_t build_state_ref = { .cert_def = &g_cert_def, .cert = cert, .cert_size = &cert_size, .max_cert_size = cert_size, .is_device_sn = FALSE, - .device_sn = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } + .devtype = atcab_get_device_type_ext(atcab_get_device()), + .device_sn = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + .comp_cert = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } }; atcacert_build_state_t build_state; @@ -5730,6 +7308,7 @@ TEST(atcacert_cert_build, start_signer_no_ca_key) g_cert_def.cert_elements_count = 1; ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -5786,7 +7365,8 @@ TEST(atcacert_cert_build, process_signer_auth_key_id) .cert_size = &cert_size, .max_cert_size = cert_size, .is_device_sn = FALSE, - .device_sn = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } + .device_sn = { 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + .devtype = atcab_get_device_type_ext(atcab_get_device()) }; atcacert_build_state_t build_state; @@ -5795,6 +7375,7 @@ TEST(atcacert_cert_build, process_signer_auth_key_id) g_cert_def.cert_elements_count = 1; ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -5848,13 +7429,15 @@ TEST(atcacert_cert_build, start_device) .cert_size = &cert_size, .max_cert_size = cert_size, .is_device_sn = FALSE, - .device_sn = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } + .device_sn = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + .devtype = atcab_get_device_type_ext(atcab_get_device()) }; atcacert_build_state_t build_state; useCert(&g_test_cert_def_0_device); ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -5916,6 +7499,7 @@ TEST(atcacert_cert_build, process_device_public_key) useCert(&g_test_cert_def_0_device); ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -5993,6 +7577,7 @@ TEST(atcacert_cert_build, process_device_comp_cert) useCert(&g_test_cert_def_0_device); ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -6073,6 +7658,7 @@ TEST(atcacert_cert_build, process_device_comp_cert_new_expire) useCert(&g_test_cert_def_0_device); ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -6130,6 +7716,10 @@ TEST(atcacert_cert_build, finish_device) 0x01, 0x23, 0x12, 0x24, 0x00, 0x00, 0x50, 0x00, 0xD8, 0x2C, 0xA5, 0x71, 0xEE, 0xC0, 0x69, 0x00, 0xC0, 0x00, 0x55, 0x00, 0x83, 0x20, 0x87, 0x20, 0x8F, 0x20, 0xC4, 0x8F, 0x8F, 0x8F, 0x8F, 0x8F }; + static const uint8_t ecc204_config[32] = { + 0x01, 0x23, 0x12, 0x24, 0xD8, 0x2C, 0xA5, 0x71, 0xEE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; static const uint8_t cert_ref[] = { 0x30, 0x82, 0x01, 0x8A, 0x30, 0x82, 0x01, 0x30, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0A, 0x40, 0x01, 0x23, 0x12, 0x24, 0xD8, 0x2C, 0xA5, 0x71, 0xEE, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, @@ -6164,6 +7754,7 @@ TEST(atcacert_cert_build, finish_device) useCert(&g_test_cert_def_0_device); ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -6177,8 +7768,16 @@ TEST(atcacert_cert_build, finish_device) ret = atcacert_cert_build_process(&build_state, &device_loc_comp_cert, comp_cert); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - ret = atcacert_cert_build_process(&build_state, &device_loc_config, config); - TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + if(true == (atcab_is_ca_device(atcab_get_device_type()))) + { + ret = atcacert_cert_build_process(&build_state, &device_loc_config, config); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + } + else + { + ret = atcacert_cert_build_process(&build_state, &device_loc_config, ecc204_config); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + } ret = atcacert_cert_build_finish(&build_state); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); @@ -6189,6 +7788,13 @@ TEST(atcacert_cert_build, finish_device) TEST(atcacert_cert_build, transform) { int ret = 0; + bool is_ca2_device; + + if(true == (is_ca2_device = atcab_is_ca2_device(atcab_get_device_type()))) + { + TEST_IGNORE_MESSAGE("This Test can be run on ECC608 devices only"); + } + static const uint8_t public_key[64] = { 0x86, 0xC1, 0x06, 0xE2, 0x85, 0xCB, 0x97, 0x79, 0x3D, 0x46, 0x11, 0x36, 0x10, 0xDF, 0xD1, 0xD8, 0xB0, 0x1C, 0x3B, 0xB3, 0x07, 0x95, 0xA7, 0x1F, @@ -6252,6 +7858,19 @@ TEST(atcacert_cert_build, transform) 0x33, 0x00, 0x1c, 0x00, 0x13, 0x00, 0x13, 0x00, 0x5c, 0x00, 0x1c, 0x00, 0x1c, 0x00, 0x1c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x30, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x10, 0x00 }; + + static const uint8_t ecc204_config[128] = { + 0x01, 0x23, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xff, 0x05, 0x06, 0x07, 0xff, 0x55, 0x01, 0x00, + 0xb0, 0x00, 0x55, 0x00, 0x8f, 0x20, 0xc4, 0x44, 0x87, 0x20, 0x87, 0x20, 0x8f, 0x8f, 0xc4, 0x36, + 0x9f, 0x8f, 0x8f, 0x44, 0x0f, 0x0f, 0xc4, 0x44, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, + 0x0f, 0x0f, 0x0f, 0x8f, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x33, 0x00, 0x1c, 0x00, 0x13, 0x00, 0x13, 0x00, 0x5c, 0x00, 0x1c, 0x00, 0x1c, 0x00, 0x1c, 0x00, + 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x30, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x10, 0x00 + }; + + static const atcacert_device_loc_t config_cert_loc = { .zone = DEVZONE_CONFIG, .slot = 0, @@ -6326,7 +7945,10 @@ TEST(atcacert_cert_build, transform) useCert(&g_test_cert_def_3_device); + + ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -6342,9 +7964,17 @@ TEST(atcacert_cert_build, transform) ret = atcacert_cert_build_process(&build_state, &(build_state.cert_def->public_key_dev_loc), public_key); TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); - // Add config data - ret = atcacert_cert_build_process(&build_state, &config_cert_loc, config); - TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + if(true == (atcab_is_ca_device(atcab_get_device_type()))) + { + // Add config data + ret = atcacert_cert_build_process(&build_state, &config_cert_loc, config); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + } + else + { + ret = atcacert_cert_build_process(&build_state, &config_cert_loc, ecc204_config); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + } // Add slot 8 data ret = atcacert_cert_build_process(&build_state, &slot8_cert_loc, slot8); @@ -6372,6 +8002,7 @@ TEST(atcacert_cert_build, start_small_buf) memset(cert, 0xA5, sizeof(cert)); ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -6390,94 +8021,94 @@ TEST(atcacert_cert_build, start_bad_params) size_t cert_size = sizeof(cert); atcacert_build_state_t build_state; - ret = atcacert_cert_build_start(NULL, &g_cert_def, cert, &cert_size, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, &g_cert_def, cert, &cert_size, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, NULL, cert, &cert_size, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, NULL, cert, &cert_size, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, NULL, cert, &cert_size, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, NULL, cert, &cert_size, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, &g_cert_def, NULL, &cert_size, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, &g_cert_def, NULL, &cert_size, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, &g_cert_def, NULL, &cert_size, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, &g_cert_def, NULL, &cert_size, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, NULL, NULL, &cert_size, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, NULL, NULL, &cert_size, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, NULL, NULL, &cert_size, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, NULL, NULL, &cert_size, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, &g_cert_def, cert, NULL, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, &g_cert_def, cert, NULL, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, &g_cert_def, cert, NULL, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, &g_cert_def, cert, NULL, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, NULL, cert, NULL, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, NULL, cert, NULL, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, NULL, cert, NULL, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, NULL, cert, NULL, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, &g_cert_def, NULL, NULL, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, &g_cert_def, NULL, NULL, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, &g_cert_def, NULL, NULL, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, &g_cert_def, NULL, NULL, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, NULL, NULL, NULL, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, NULL, NULL, NULL, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, NULL, NULL, NULL, ca_public_key); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, NULL, NULL, NULL, ca_public_key); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, &g_cert_def, cert, &cert_size, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, &g_cert_def, cert, &cert_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, NULL, cert, &cert_size, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, NULL, cert, &cert_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, NULL, cert, &cert_size, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, NULL, cert, &cert_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, &g_cert_def, NULL, &cert_size, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, &g_cert_def, NULL, &cert_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, &g_cert_def, NULL, &cert_size, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, &g_cert_def, NULL, &cert_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, NULL, NULL, &cert_size, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, NULL, NULL, &cert_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, NULL, NULL, &cert_size, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, NULL, NULL, &cert_size, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, &g_cert_def, cert, NULL, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, &g_cert_def, cert, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, &g_cert_def, cert, NULL, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, &g_cert_def, cert, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, NULL, cert, NULL, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, NULL, cert, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, NULL, cert, NULL, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, NULL, cert, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, &g_cert_def, NULL, NULL, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, &g_cert_def, NULL, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, &g_cert_def, NULL, NULL, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, &g_cert_def, NULL, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(&build_state, NULL, NULL, NULL, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), &build_state, NULL, NULL, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); - ret = atcacert_cert_build_start(NULL, NULL, NULL, NULL, NULL); + ret = atcacert_cert_build_start(atcab_get_device(), NULL, NULL, NULL, NULL, NULL); TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); } @@ -6498,6 +8129,7 @@ TEST(atcacert_cert_build, process_bad_params) atcacert_build_state_t build_state; ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -6537,6 +8169,7 @@ TEST(atcacert_cert_build, finish_missing_device_sn) useCert(&g_test_cert_def_0_device); ret = atcacert_cert_build_start( + atcab_get_device(), &build_state, &g_cert_def, cert, @@ -6556,6 +8189,66 @@ TEST(atcacert_cert_build, finish_bad_params) TEST_ASSERT_EQUAL(ATCACERT_E_BAD_PARAMS, ret); } +TEST(atcacert_cert_build, no_expire_loc) +{ + // Test to make sure certificate rebuilding works when using a hash + // generated serial number (which relies on encoded dates) with a + // compressed certificate definition that has no expire date location. + + int ret = 0; + uint8_t cert[512]; + size_t cert_size = sizeof(cert); + atcacert_build_state_t build_state; + static const uint8_t comp_cert[72] = { + 0xDF, 0x86, 0xA9, 0xAD, 0xD8, 0x88, 0x86, 0x97, 0xDA, 0xE5, 0x72, 0xCB, 0x36, 0x11, 0xC7, 0xBB, + 0x1C, 0xA9, 0x9F, 0xE5, 0x57, 0xFE, 0xF1, 0xED, 0x42, 0xBA, 0x21, 0xE8, 0xC4, 0xA3, 0xDA, 0xCE, + 0xB8, 0xA1, 0xE8, 0x0F, 0x2F, 0xB8, 0xC6, 0x30, 0xC3, 0xAC, 0x60, 0xEA, 0x53, 0x2E, 0x9A, 0xB2, + 0x32, 0x04, 0xCA, 0xF4, 0x0A, 0xF5, 0x22, 0xCE, 0x1C, 0x62, 0x11, 0xC3, 0x98, 0x8A, 0x99, 0x1E, + 0xC2, 0x2A, 0xE0, 0x00, 0x00, 0x23, 0xA0, 0x00 + }; + static const uint8_t cert_ref[316] = { + 0x30, 0x82, 0x01, 0x38, 0x30, 0x81, 0xde, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x50, 0x24, + 0x9a, 0x01, 0x82, 0xfc, 0x4b, 0xe6, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x02, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x30, + 0x30, 0x34, 0x45, 0x2d, 0x31, 0x41, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30, 0x34, + 0x31, 0x30, 0x32, 0x33, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x39, 0x39, 0x39, 0x39, 0x31, + 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, 0x30, 0x31, 0x31, 0x34, 0x33, 0x30, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x63, 0x91, 0xf3, 0x5a, 0x89, 0x09, 0x8c, 0x21, + 0x0b, 0x4a, 0x5f, 0xee, 0xa8, 0x0f, 0x78, 0xff, 0xd4, 0x4c, 0x24, 0x14, 0x08, 0x86, 0xe4, 0x91, + 0xa6, 0xcd, 0xe9, 0xf0, 0x11, 0x55, 0xab, 0x11, 0x76, 0xaf, 0xa5, 0xba, 0x0f, 0x99, 0x88, 0xd7, + 0x4b, 0x81, 0x2d, 0x6f, 0x03, 0xce, 0xb6, 0x40, 0xba, 0x51, 0x68, 0xff, 0xdc, 0x05, 0x8b, 0xd2, + 0x60, 0x67, 0x00, 0xce, 0xb0, 0x03, 0xaa, 0x69, 0xa3, 0x1b, 0x30, 0x19, 0x30, 0x17, 0x06, 0x05, + 0x67, 0x81, 0x14, 0x01, 0x02, 0x01, 0x01, 0xff, 0x04, 0x0b, 0x04, 0x09, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x30, 0x30, 0x30, 0x30, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, + 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xdf, 0x86, 0xa9, 0xad, 0xd8, 0x88, 0x86, + 0x97, 0xda, 0xe5, 0x72, 0xcb, 0x36, 0x11, 0xc7, 0xbb, 0x1c, 0xa9, 0x9f, 0xe5, 0x57, 0xfe, 0xf1, + 0xed, 0x42, 0xba, 0x21, 0xe8, 0xc4, 0xa3, 0xda, 0xce, 0x02, 0x21, 0x00, 0xb8, 0xa1, 0xe8, 0x0f, + 0x2f, 0xb8, 0xc6, 0x30, 0xc3, 0xac, 0x60, 0xea, 0x53, 0x2e, 0x9a, 0xb2, 0x32, 0x04, 0xca, 0xf4, + 0x0a, 0xf5, 0x22, 0xce, 0x1c, 0x62, 0x11, 0xc3, 0x98, 0x8a, 0x99, 0x1e + }; + + useCert(&g_test_cert_def_6_device); + + // Hash-based generated SN + g_cert_def.sn_source = SNSRC_PUB_KEY_HASH; + // No expire date location + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].count = 0; + g_cert_def.std_cert_elements[STDCERT_EXPIRE_DATE].offset = 0; + + ret = atcacert_cert_build_start(atcab_get_device(),&build_state, &g_cert_def, cert, &cert_size, NULL); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_cert_build_process(&build_state, &build_state.cert_def->comp_cert_dev_loc, comp_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_cert_build_finish(&build_state); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT_EQUAL(sizeof(cert_ref), cert_size); + TEST_ASSERT_EQUAL_MEMORY(cert_ref, cert, cert_size); +} + TEST_GROUP(atcacert_is_device_loc_overlap); @@ -6839,6 +8532,7 @@ TEST(atcacert_get_device_data, flow) size_t device_locs_count = 0; ret = atcacert_get_device_locs( + atcab_get_device(), &g_cert_def, device_locs, &device_locs_count, diff --git a/test/atcacert/test_atcacert_def_runner.c b/test/atcacert/test_atcacert_def_runner.c index 8fe492cf5..e42d7d080 100644 --- a/test/atcacert/test_atcacert_def_runner.c +++ b/test/atcacert/test_atcacert_def_runner.c @@ -170,6 +170,8 @@ TEST_GROUP_RUNNER(atcacert_gen_cert_sn) RUN_TEST_CASE(atcacert_gen_cert_sn, pub_key_hash); RUN_TEST_CASE(atcacert_gen_cert_sn, pub_key_hash_pos); RUN_TEST_CASE(atcacert_gen_cert_sn, pub_key_hash_raw); + RUN_TEST_CASE(atcacert_gen_cert_sn, pub_key_hash_ext_issue); + RUN_TEST_CASE(atcacert_gen_cert_sn, pub_key_hash_ext_expire); RUN_TEST_CASE(atcacert_gen_cert_sn, pub_key_hash_unexpected_size); RUN_TEST_CASE(atcacert_gen_cert_sn, pub_key_hash_bad_public_key); RUN_TEST_CASE(atcacert_gen_cert_sn, pub_key_hash_bad_issue_date); @@ -177,11 +179,33 @@ TEST_GROUP_RUNNER(atcacert_gen_cert_sn) RUN_TEST_CASE(atcacert_gen_cert_sn, device_sn_hash); RUN_TEST_CASE(atcacert_gen_cert_sn, device_sn_hash_pos); RUN_TEST_CASE(atcacert_gen_cert_sn, device_sn_hash_raw); + RUN_TEST_CASE(atcacert_gen_cert_sn, device_sn_hash_ext_issue); + RUN_TEST_CASE(atcacert_gen_cert_sn, device_sn_hash_ext_expire); RUN_TEST_CASE(atcacert_gen_cert_sn, device_sn_hash_unexpected_size); RUN_TEST_CASE(atcacert_gen_cert_sn, device_sn_hash_bad_issue_date); RUN_TEST_CASE(atcacert_gen_cert_sn, device_sn_hash_bad_params); } +TEST_GROUP_RUNNER(atcacert_generate_sn) +{ + RUN_TEST_CASE(atcacert_generate_sn, device_sn); + RUN_TEST_CASE(atcacert_generate_sn, device_sn_bad_params); + RUN_TEST_CASE(atcacert_generate_sn, signer_id); + RUN_TEST_CASE(atcacert_generate_sn, signer_id_bad_params); + RUN_TEST_CASE(atcacert_generate_sn, pub_key_hash); + RUN_TEST_CASE(atcacert_generate_sn, pub_key_hash_pos); + RUN_TEST_CASE(atcacert_generate_sn, pub_key_hash_raw); + RUN_TEST_CASE(atcacert_generate_sn, pub_key_hash_ext_issue); + RUN_TEST_CASE(atcacert_generate_sn, pub_key_hash_ext_expire); + RUN_TEST_CASE(atcacert_generate_sn, pub_key_hash_bad_params); + RUN_TEST_CASE(atcacert_generate_sn, device_sn_hash); + RUN_TEST_CASE(atcacert_generate_sn, device_sn_hash_pos); + RUN_TEST_CASE(atcacert_generate_sn, device_sn_hash_raw); + RUN_TEST_CASE(atcacert_generate_sn, device_sn_hash_ext_issue); + RUN_TEST_CASE(atcacert_generate_sn, device_sn_hash_ext_expire); + RUN_TEST_CASE(atcacert_generate_sn, device_sn_hash_bad_params); +} + TEST_GROUP_RUNNER(atcacert_get_cert_sn) { RUN_TEST_CASE(atcacert_get_cert_sn, good); @@ -215,7 +239,18 @@ TEST_GROUP_RUNNER(atcacert_set_comp_cert) TEST_GROUP_RUNNER(atcacert_get_comp_cert) { RUN_TEST_CASE(atcacert_get_comp_cert, good); + RUN_TEST_CASE(atcacert_get_comp_cert, no_expire_loc); + RUN_TEST_CASE(atcacert_get_comp_cert, max_expire); + RUN_TEST_CASE(atcacert_get_comp_cert, no_dates); + RUN_TEST_CASE(atcacert_get_comp_cert, not_even); + RUN_TEST_CASE(atcacert_get_comp_cert, expire_before_issue); + RUN_TEST_CASE(atcacert_get_comp_cert, large_expire); + RUN_TEST_CASE(atcacert_get_comp_cert, diff_expire_years); + RUN_TEST_CASE(atcacert_get_comp_cert, public_key_only); + RUN_TEST_CASE(atcacert_get_comp_cert, ext_def_issue_date_signer_id); RUN_TEST_CASE(atcacert_get_comp_cert, bad_params); + RUN_TEST_CASE(atcacert_get_comp_cert, gen_comp_with_expiry_date_beyond_2049); + RUN_TEST_CASE(atcacert_get_comp_cert, gen_comp_with_issue_date_beyond_2031); } TEST_GROUP_RUNNER(atcacert_get_tbs) @@ -302,6 +337,8 @@ TEST_GROUP_RUNNER(atcacert_cert_build) RUN_TEST_CASE(atcacert_cert_build, max_cert_size_x509_dynamic_sn_bad_size); RUN_TEST_CASE(atcacert_cert_build, max_cert_size_custom); RUN_TEST_CASE(atcacert_cert_build, max_cert_size_bad_params); + + RUN_TEST_CASE(atcacert_cert_build, no_expire_loc); } TEST_GROUP_RUNNER(atcacert_is_device_loc_overlap) diff --git a/test/atcacert/test_atcacert_host_hw.c b/test/atcacert/test_atcacert_host_hw.c index 2beeef87b..b47158d02 100644 --- a/test/atcacert/test_atcacert_host_hw.c +++ b/test/atcacert/test_atcacert_host_hw.c @@ -24,7 +24,7 @@ * THIS SOFTWARE. */ #include "atca_test.h" -#ifndef DO_NOT_TEST_CERT +#if defined(ATCA_ECC_SUPPORT) && !defined(DO_NOT_TEST_CERT) #include "atcacert/atcacert_host_hw.h" #include "atca_basic.h" @@ -114,9 +114,16 @@ TEST_GROUP(atcacert_host_hw); TEST_SETUP(atcacert_host_hw) { - int ret = atcab_init(gCfg); + bool is_ca_device = false; + int ret = atcab_init(gCfg); TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + + is_ca_device = atcab_is_ca_device(atcab_get_device_type()); + if(false == is_ca_device) + { + TEST_IGNORE_MESSAGE("This Test group can be run on Ca devices only"); + } } TEST_TEAR_DOWN(atcacert_host_hw) diff --git a/test/atcacert/test_atcacert_host_hw_runner.c b/test/atcacert/test_atcacert_host_hw_runner.c index 40458b277..626a4ceef 100644 --- a/test/atcacert/test_atcacert_host_hw_runner.c +++ b/test/atcacert/test_atcacert_host_hw_runner.c @@ -24,7 +24,7 @@ * THIS SOFTWARE. */ #include "atca_test.h" -#ifndef DO_NOT_TEST_CERT +#if defined(ATCA_ECC_SUPPORT) && !defined(DO_NOT_TEST_CERT) #ifdef __GNUC__ // Unity macros trigger this warning diff --git a/test/atcacert/test_cert_def_10_device.c b/test/atcacert/test_cert_def_10_device.c new file mode 100644 index 000000000..2ee64f90f --- /dev/null +++ b/test/atcacert/test_cert_def_10_device.c @@ -0,0 +1,54 @@ +#include "atca_test.h" +#ifndef DO_NOT_TEST_CERT + +#include "atcacert/atcacert_def.h" + +#if ATCACERT_INTEGRATION_EN + + +/* +openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:3072 +openssl req -new -key private_key.pem -out cert_request.csr -config csr_config.cnf +openssl x509 -req -days 365 -in cert_request.csr -signkey private_key.pem -out certificate.pem -extfile extensions.cnf -extensions v3_ca + +[ req ] +default_bits = 3072 +distinguished_name = req_distinguished_name +prompt = no +req_extensions = v3_req + +[ req_distinguished_name ] +C = US +ST = California +L = San Francisco +O = My Company +OU = My Division +CN = www.example.com +emailAddress = email@example.com + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = www.example.com +DNS.2 = example.com + +*/ + +//x.509 certificate for ta device +const uint8_t g_test_cert_rsa3072[1431] = {0x30,0x82,0x05,0x93,0x30,0x82,0x03,0xFB,0xA0,0x03,0x02,0x01,0x02,0x02,0x14,0x1C,0xAB,0xB9,0x10,0x20,0xEF,0x0F,0x07,0x50,0x82,0xBE,0xF8,0x04,0x3F,0xAD,0x35,0xF6,0x8A,0x3F,0xAA,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x81,0xA1,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x0C,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x4D,0x79,0x20,0x43,0x6F,0x6D,0x70,0x61,0x6E,0x79,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x4D,0x79,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6F,0x6E,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x03,0x0C,0x0F,0x77,0x77,0x77,0x2E,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x20,0x30,0x1E,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,0x11,0x65,0x6D,0x61,0x69,0x6C,0x40,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,0x32,0x34,0x30,0x36,0x30,0x35,0x30,0x36,0x34,0x38,0x32,0x32,0x5A,0x17,0x0D,0x32,0x35,0x30,0x36,0x30,0x35,0x30,0x36,0x34,0x38,0x32,0x32,0x5A,0x30,0x81,0xA1,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x0C,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x4D,0x79,0x20,0x43,0x6F,0x6D,0x70,0x61,0x6E,0x79,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x4D,0x79,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6F,0x6E,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x03,0x0C,0x0F,0x77,0x77,0x77,0x2E,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x20,0x30,0x1E,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,0x16,0x11,0x65,0x6D,0x61,0x69,0x6C,0x40,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0xA2,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x8F,0x00,0x30,0x82,0x01,0x8A,0x02,0x82,0x01,0x81,0x00,0xBD,0x44,0x9F,0x1B,0xAB,0xDE,0x8F,0x8A,0x80,0x37,0x13,0xA2,0x9D,0x58,0xF0,0xBA,0x2D,0xB4,0xFD,0x38,0xAB,0x07,0x1F,0x7C,0x15,0x88,0x37,0xBF,0x0C,0x02,0x31,0x5F,0xFE,0xE6,0x81,0x33,0x30,0x8B,0x3C,0x10,0xC0,0x14,0x29,0x9A,0x9F,0x85,0x1F,0xCC,0x8B,0xA9,0x5C,0x52,0xCC,0x60,0x5B,0x80,0x75,0xF8,0xDE,0xC0,0x72,0x54,0xB2,0xB6,0xBC,0xEE,0xEF,0x44,0x6C,0xDE,0x8F,0x25,0x00,0x23,0xFC,0x91,0x74,0xAB,0x63,0xBB,0xF8,0x3C,0x0C,0xC5,0xA9,0xF9,0xD1,0xBF,0xAD,0x0E,0xB2,0x32,0x5B,0xE6,0x89,0x8D,0x73,0x2C,0x76,0x0D,0x10,0xC3,0x29,0x18,0xD6,0x5A,0xF6,0xF0,0x67,0xFA,0x71,0x47,0xDB,0x90,0xC6,0xC1,0xDE,0x58,0x30,0xA6,0x94,0xA9,0x37,0xD7,0xEB,0xFA,0xF2,0x7F,0xCE,0xB0,0x0D,0x52,0x56,0x08,0x04,0x17,0xC0,0x53,0x5D,0x0E,0xF7,0x78,0xA8,0xA3,0x08,0x10,0xF8,0x80,0x00,0xE2,0x42,0x91,0x91,0x18,0x52,0x35,0x88,0x1A,0x21,0x72,0x74,0xA6,0x88,0x7D,0x25,0x80,0x9A,0x45,0xC5,0x98,0x54,0xBF,0x75,0xE1,0x58,0x57,0xD4,0xF8,0xC6,0x43,0x30,0x25,0x30,0x22,0xE9,0x41,0xFF,0xCE,0x23,0xB2,0x38,0x58,0x0D,0xED,0x18,0x48,0x3C,0x69,0x51,0xCA,0xF1,0xAF,0xDC,0xBC,0xA0,0x1C,0xF1,0x3A,0x3B,0x80,0xF4,0x6C,0x0A,0x2E,0xAD,0xAB,0x7F,0x78,0x51,0x4E,0xE5,0x91,0x8B,0x61,0x4F,0x10,0xDB,0xA1,0xAF,0x74,0xC8,0xF2,0x9D,0xAA,0x69,0xAF,0x43,0x91,0x1B,0x45,0x68,0x81,0x75,0xB9,0x06,0xBE,0x06,0x3C,0xBA,0xEA,0x7C,0x54,0x2A,0x9F,0xB9,0xD8,0x83,0x9E,0xAF,0x90,0xD4,0xE0,0x00,0x6F,0x2D,0xFD,0xEF,0xF7,0x1A,0x30,0x40,0x23,0x31,0x78,0xCC,0x06,0x5B,0xF1,0x54,0xFE,0x57,0x05,0x31,0x4C,0x5A,0x93,0x73,0x17,0x1B,0xD0,0xDF,0xFB,0xDC,0x8D,0x8F,0x58,0xA7,0xA5,0x38,0xF1,0x97,0x0B,0xDB,0xE8,0x0E,0x58,0x4F,0xFF,0x9B,0x62,0x47,0x0A,0xC7,0x66,0x1A,0xD0,0x45,0xBA,0xBA,0xAB,0x28,0x5B,0xA1,0xCA,0x84,0x31,0x2A,0x5D,0x4E,0x9A,0xF2,0x3A,0x08,0x32,0xF8,0x91,0xDF,0xED,0x6E,0x8A,0xA8,0x71,0xC3,0x77,0xF2,0x69,0x10,0xD7,0x53,0x6F,0x33,0xE0,0x43,0x78,0xCE,0x3F,0x38,0x2D,0xE2,0xA2,0xEF,0xF0,0x65,0xC1,0x9E,0x49,0x9C,0xDF,0x3E,0xB9,0x4A,0xDE,0x87,0xDA,0x8E,0x75,0x5C,0xAC,0x85,0x95,0xE5,0xD7,0xC9,0xFB,0x02,0x03,0x01,0x00,0x01,0xA3,0x81,0xC0,0x30,0x81,0xBD,0x30,0x62,0x06,0x03,0x55,0x1D,0x11,0x04,0x5B,0x30,0x59,0x82,0x0F,0x77,0x77,0x77,0x2E,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x0B,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x15,0x73,0x75,0x62,0x64,0x6F,0x6D,0x61,0x69,0x6E,0x2E,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x0B,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x82,0x15,0x73,0x75,0x62,0x64,0x6F,0x6D,0x61,0x69,0x6E,0x2E,0x65,0x78,0x61,0x6D,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xD7,0x7E,0x38,0x10,0xD4,0x86,0xD3,0xC6,0xEF,0x00,0x3F,0x77,0x91,0xA1,0xC1,0x7D,0x08,0x5A,0x5F,0xF6,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x81,0x00,0xB8,0xE3,0xAA,0xF5,0xD0,0x2E,0x1F,0xC5,0xC3,0xBC,0x89,0xFD,0x3F,0x2F,0x27,0x8F,0x7D,0xFE,0x95,0xC5,0x76,0x3E,0xD8,0xBF,0xC3,0xEE,0x03,0xF3,0x1A,0x0F,0x93,0x47,0x54,0xEF,0xBD,0x02,0xB6,0xD6,0xFF,0x78,0x11,0x79,0x81,0x47,0xE0,0xAF,0xC8,0x44,0x88,0x9D,0x56,0x19,0x93,0xEF,0x64,0xC4,0x66,0xE4,0x43,0x84,0x42,0xBD,0x44,0xA5,0x25,0xD5,0x27,0xF2,0x35,0x6A,0xD8,0x40,0x43,0x16,0x7A,0xDA,0xCC,0xAB,0x52,0xAA,0x40,0xE3,0x2B,0xD1,0x31,0x45,0xA0,0x09,0x8D,0xB1,0x7E,0x5F,0xFB,0xE9,0xEA,0xA9,0xAE,0xF9,0x27,0x32,0x4B,0xB5,0x9E,0xDA,0x68,0x16,0xDB,0xD9,0xF3,0x8A,0x00,0xC4,0xD0,0x9A,0x34,0x4A,0xFA,0x8D,0xCA,0x8C,0x6F,0x14,0xD4,0x16,0xFC,0x95,0x12,0xB9,0xAF,0xFD,0xAC,0xDB,0xE2,0xBC,0xCB,0x54,0x64,0xE8,0xBA,0x33,0x35,0x65,0x77,0x45,0xD8,0xFE,0xE6,0x0C,0x5F,0x34,0x62,0xFE,0x08,0x75,0xCE,0x4B,0x47,0x84,0xC3,0xCD,0x23,0xFA,0xB6,0x84,0xA3,0x57,0x95,0xCB,0x5A,0xDC,0x1E,0xD7,0xF2,0x99,0x98,0xB4,0x12,0xEF,0xF6,0xDE,0xF7,0xEF,0xB1,0x6E,0x19,0xAB,0x02,0xCC,0xC0,0x53,0x75,0x61,0xD2,0xF4,0x05,0x24,0x2A,0xF2,0x41,0x0D,0x3B,0xF8,0x5D,0x32,0x2E,0xE7,0xE0,0x3E,0x10,0xFD,0x32,0x7E,0xBF,0x54,0x75,0xC5,0x3A,0x94,0x6E,0xB6,0x45,0xA3,0x5C,0x77,0x4B,0xA2,0xF1,0x95,0x10,0x8F,0xB0,0x21,0x02,0xBC,0x01,0x9F,0x16,0x6E,0xE6,0xCD,0x14,0x6C,0xD0,0x6F,0x8C,0xFC,0x46,0x5C,0x69,0xE8,0xFD,0x9F,0x0E,0xCD,0x57,0x2F,0xE5,0x0B,0xA3,0x6A,0xEE,0xB7,0xEB,0xE2,0x43,0x9E,0x3E,0xBF,0x07,0x27,0x6E,0x99,0x3C,0x9F,0x8A,0x8F,0x31,0x36,0xE6,0x08,0x3A,0x99,0xA5,0x9B,0x99,0xA8,0xCF,0xE4,0xD3,0xF6,0xA1,0xF6,0xA9,0x5A,0xFD,0xFD,0x19,0xC2,0x6A,0x5A,0xF8,0xB3,0xBA,0xD5,0x2A,0x74,0x83,0x19,0x8D,0x02,0x4F,0xCC,0x7F,0x10,0x10,0xF6,0x94,0x1A,0x2A,0xB4,0x1E,0x06,0x36,0xED,0x99,0x7E,0x85,0x5D,0xE1,0x9E,0x03,0x1F,0x5A,0xC7,0x97,0xE1,0x4C,0xE3,0x2D,0x38,0x7E,0xD0,0xD9,0x08,0x3E,0x0C,0x23,0x9B,0xE0,0x06,0xBD,0x85,0x83,0x7A,0x5D,0x20,0x7F,0x05,0x18,0x30,0x88,0xA4,0x46,0x47,0xDE,0x58,0x83,0xAC,0x0D,0x09,0xE2,0xD7,0x70,0xEB,0x7E,0x9E,0x7C,0x5C,0x7D,0x88,0x11,0x4C,0xAD,0x0D}; + +static struct atcac_x509_ctx* parsed; + +const atcacert_def_t g_test_cert_def_10_device = { + .type = CERTTYPE_X509_FULL_STORED, + .comp_cert_dev_loc.zone = DEVZONE_DATA, + .comp_cert_dev_loc.offset = 0, + .comp_cert_dev_loc.slot = 0x9B00, + .cert_template = g_test_cert_rsa3072, + .cert_template_size = sizeof(g_test_cert_rsa3072), + .parsed = &parsed, +}; +#endif /* ATCACERT_INTEGRATION_EN */ + +#endif /* DO_NOT_TEST_CERT */ \ No newline at end of file diff --git a/test/atcacert/test_cert_def_10_device.h b/test/atcacert/test_cert_def_10_device.h new file mode 100644 index 000000000..f2d14cccb --- /dev/null +++ b/test/atcacert/test_cert_def_10_device.h @@ -0,0 +1,9 @@ +#ifndef TEST_CERT_DEF_10_DEVICE_H +#define TEST_CERT_DEF_10_DEVICE_H + +#include "atcacert/atcacert_def.h" + +extern const uint8_t g_test_cert_rsa3072[1431]; +extern const atcacert_def_t g_test_cert_def_10_device; + +#endif \ No newline at end of file diff --git a/test/atcacert/test_cert_def_6_device.c b/test/atcacert/test_cert_def_6_device.c new file mode 100644 index 000000000..b59a37da1 --- /dev/null +++ b/test/atcacert/test_cert_def_6_device.c @@ -0,0 +1,161 @@ +#include "atca_test.h" +#ifndef DO_NOT_TEST_CERT + +#include "atcacert/atcacert_def.h" + +const uint8_t g_test_cert_template_6_device[316] = { + 0x30, 0x82, 0x01, 0x38, 0x30, 0x81, 0xde, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x55, 0x3a, + 0x49, 0x4e, 0x6c, 0x8c, 0x47, 0xc6, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x02, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x30, + 0x30, 0x34, 0x45, 0x2d, 0x31, 0x41, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, + 0x32, 0x34, 0x30, 0x36, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x39, 0x39, 0x39, 0x39, 0x31, + 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, 0x30, 0x31, 0x31, 0x34, 0x33, 0x30, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x63, 0x91, 0xf3, 0x5a, 0x89, 0x09, 0x8c, 0x21, + 0x0b, 0x4a, 0x5f, 0xee, 0xa8, 0x0f, 0x78, 0xff, 0xd4, 0x4c, 0x24, 0x14, 0x08, 0x86, 0xe4, 0x91, + 0xa6, 0xcd, 0xe9, 0xf0, 0x11, 0x55, 0xab, 0x11, 0x76, 0xaf, 0xa5, 0xba, 0x0f, 0x99, 0x88, 0xd7, + 0x4b, 0x81, 0x2d, 0x6f, 0x03, 0xce, 0xb6, 0x40, 0xba, 0x51, 0x68, 0xff, 0xdc, 0x05, 0x8b, 0xd2, + 0x60, 0x67, 0x00, 0xce, 0xb0, 0x03, 0xaa, 0x69, 0xa3, 0x1b, 0x30, 0x19, 0x30, 0x17, 0x06, 0x05, + 0x67, 0x81, 0x14, 0x01, 0x02, 0x01, 0x01, 0xff, 0x04, 0x0b, 0x04, 0x09, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x30, 0x30, 0x30, 0x30, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, + 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xb7, 0xa3, 0xab, 0x33, 0x5d, 0x4d, 0x70, + 0xd4, 0x79, 0x5d, 0x03, 0x48, 0x73, 0xda, 0x5d, 0x7f, 0x45, 0x35, 0x19, 0x18, 0xf1, 0xd6, 0x1f, + 0x6d, 0xae, 0xd8, 0xc4, 0x36, 0x63, 0x38, 0xd7, 0xef, 0x02, 0x21, 0x00, 0x9d, 0x10, 0xf3, 0xf8, + 0x99, 0x67, 0xc8, 0x3d, 0xd2, 0x7e, 0x99, 0xc7, 0x60, 0x0f, 0xa9, 0xbe, 0x84, 0xcf, 0x9a, 0x15, + 0xa4, 0xdc, 0x5d, 0xc6, 0x2c, 0x1c, 0x5e, 0x6b, 0xbb, 0xd8, 0x14, 0x70, +}; + +const atcacert_cert_element_t g_test_cert_template_6_elements[3] = { + { + .id = "Issuer_CN", + .device_loc ={ + .zone = DEVZONE_DATA, + .slot = 1, + .is_genkey = 0, + .offset = 288, + .count = 7 + }, + .cert_loc ={ + .offset = 47, + .count = 7 + }, + .transforms ={ + TF_NONE, + TF_NONE + } + }, + { + .id = "Subject_CN", + .device_loc ={ + .zone = DEVZONE_DATA, + .slot = 1, + .is_genkey = 0, + .offset = 72, + .count = 6 + }, + .cert_loc ={ + .offset = 103, + .count = 6 + }, + .transforms ={ + TF_NONE, + TF_NONE + } + }, + { + .id = "RSID", + .device_loc ={ + .zone = DEVZONE_DATA, + .slot = 1, + .is_genkey = 0, + .offset = 107, + .count = 9 + }, + .cert_loc ={ + .offset = 220, + .count = 9 + }, + .transforms ={ + TF_NONE, + TF_NONE + } + } +}; + +const atcacert_def_t g_test_cert_def_6_device = { + .type = CERTTYPE_X509, + .template_id = 2, + .chain_id = 3, + .private_key_slot = 0, + .sn_source = SNSRC_PUB_KEY_HASH, + .cert_sn_dev_loc = { + .zone = DEVZONE_NONE, + .slot = 0, + .is_genkey = 0, + .offset = 0, + .count = 0 + }, + .issue_date_format = DATEFMT_RFC5280_GEN, + .expire_date_format = DATEFMT_RFC5280_GEN, + .tbs_cert_loc = { + .offset = 4, + .count = 225 + }, + .expire_years = 0, + .public_key_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 0, + .is_genkey = 1, + .offset = 0, + .count = 64 + }, + .comp_cert_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 1, + .is_genkey = 0, + .offset = 0, + .count = 72 + }, + .std_cert_elements = { + { // STDCERT_PUBLIC_KEY + .offset = 136, + .count = 64 + }, + { // STDCERT_SIGNATURE + .offset = 241, + .count = 64 + }, + { // STDCERT_ISSUE_DATE + .offset = 58, + .count = 15 + }, + { // STDCERT_EXPIRE_DATE + .offset = 0, + .count = 0 + }, + { // STDCERT_SIGNER_ID + .offset = 0, + .count = 0 + }, + { // STDCERT_CERT_SN + .offset = 14, + .count = 8 + }, + { // STDCERT_AUTH_KEY_ID + .offset = 0, + .count = 0 + }, + { // STDCERT_SUBJ_KEY_ID + .offset = 0, + .count = 0 + }, + }, + .cert_elements = g_test_cert_template_6_elements, + .cert_elements_count = sizeof(g_test_cert_template_6_elements) / sizeof(g_test_cert_template_6_elements[0]), + .cert_template = g_test_cert_template_6_device, + .cert_template_size = sizeof(g_test_cert_template_6_device), + .ca_cert_def = NULL +}; + +#endif diff --git a/test/atcacert/test_cert_def_6_device.h b/test/atcacert/test_cert_def_6_device.h new file mode 100644 index 000000000..f617faea1 --- /dev/null +++ b/test/atcacert/test_cert_def_6_device.h @@ -0,0 +1,8 @@ +#ifndef TEST_CERT_DEF_6_DEVICE_H +#define TEST_CERT_DEF_6_DEVICE_H + +#include "atcacert/atcacert_def.h" + +extern const atcacert_def_t g_test_cert_def_6_device; + +#endif \ No newline at end of file diff --git a/test/atcacert/test_cert_def_7_signer.c b/test/atcacert/test_cert_def_7_signer.c new file mode 100644 index 000000000..40be83188 --- /dev/null +++ b/test/atcacert/test_cert_def_7_signer.c @@ -0,0 +1,117 @@ +#include "atca_test.h" +#ifndef DO_NOT_TEST_CERT + +#include "atcacert/atcacert_def.h" + +const uint8_t g_test_cert_template_7_signer[528] = { +0x30, 0x82, 0x02, 0x0C, 0x30, 0x82, 0x01, 0xB1, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x00, +0xBC, 0x61, 0x4E, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, +0x61, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x4E, 0x31, 0x0B, +0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x54, 0x4E, 0x31, 0x0C, 0x30, 0x0A, 0x06, +0x03, 0x55, 0x04, 0x07, 0x0C, 0x03, 0x43, 0x48, 0x4E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, +0x04, 0x0A, 0x0C, 0x04, 0x4D, 0x43, 0x48, 0x50, 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, +0x0B, 0x0C, 0x03, 0x53, 0x43, 0x47, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, +0x11, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x46, 0x46, +0x46, 0x46, 0x30, 0x20, 0x17, 0x0D, 0x32, 0x34, 0x30, 0x34, 0x32, 0x35, 0x31, 0x30, 0x30, 0x37, +0x30, 0x39, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x37, 0x34, 0x30, 0x34, 0x31, 0x33, 0x31, 0x30, 0x30, +0x37, 0x30, 0x39, 0x5A, 0x30, 0x63, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, +0x02, 0x49, 0x4E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x54, 0x4E, +0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x03, 0x43, 0x48, 0x4E, 0x31, 0x0D, +0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x04, 0x4D, 0x43, 0x48, 0x50, 0x31, 0x0C, 0x30, +0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x53, 0x43, 0x47, 0x31, 0x1C, 0x30, 0x1A, 0x06, +0x03, 0x55, 0x04, 0x03, 0x0C, 0x13, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x53, 0x69, +0x67, 0x6E, 0x65, 0x72, 0x20, 0x41, 0x44, 0x30, 0x34, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, +0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, +0x03, 0x42, 0x00, 0x04, 0x44, 0xA2, 0x47, 0xFB, 0x1A, 0x3D, 0x5A, 0xA4, 0x0E, 0xC7, 0x10, 0x0C, +0x82, 0x6A, 0x4C, 0xA8, 0xC5, 0x99, 0xED, 0xB9, 0xC1, 0x69, 0x25, 0xE1, 0x21, 0xD0, 0xA7, 0x96, +0x42, 0x2C, 0x2E, 0x75, 0xF5, 0xE0, 0x96, 0xE3, 0x81, 0x36, 0x69, 0xF6, 0xB2, 0xCC, 0xD0, 0x73, +0x03, 0x1E, 0x5C, 0x0C, 0xFC, 0x2E, 0xDC, 0x31, 0x3D, 0xAA, 0x77, 0x8F, 0xEE, 0xEE, 0x97, 0x54, +0xE6, 0xAC, 0x48, 0x0A, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, +0x16, 0x04, 0x14, 0xF5, 0x78, 0x56, 0x6F, 0x58, 0xDE, 0x04, 0xF4, 0xF8, 0x06, 0xE6, 0x2E, 0x1F, +0xD0, 0xC9, 0xC0, 0xBC, 0xFB, 0x65, 0xAA, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, +0x30, 0x16, 0x80, 0x14, 0x7F, 0x51, 0xE5, 0x29, 0xEA, 0x34, 0x74, 0x00, 0x20, 0x1E, 0x2C, 0x10, +0xB3, 0x80, 0xFC, 0xC7, 0x5C, 0x4E, 0xE4, 0xD2, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, +0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, +0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0x8A, 0x76, 0x8E, +0x21, 0x4F, 0x85, 0xB1, 0x7C, 0x30, 0x72, 0x17, 0x04, 0x10, 0x84, 0x80, 0xB8, 0xA2, 0x77, 0x7E, +0x88, 0x7C, 0xBE, 0x21, 0xC4, 0xDE, 0x92, 0x37, 0x3F, 0x47, 0x1F, 0xE4, 0x3D, 0x02, 0x21, 0x00, +0xD4, 0x02, 0x89, 0xA0, 0xB0, 0xDC, 0x18, 0x01, 0x3E, 0x26, 0x82, 0xA5, 0x7E, 0x03, 0x42, 0xC0, +0xAE, 0x74, 0x08, 0x9D, 0x7A, 0x30, 0x46, 0x2D, 0x91, 0x9D, 0xC3, 0xB1, 0xCB, 0x64, 0x27, 0x62}; + + +const atcacert_def_t g_test_cert_def_7_signer = { + .type = CERTTYPE_X509, + .template_id = 0, + .chain_id = 1, + .private_key_slot = 0, + .sn_source = SNSRC_PUB_KEY_HASH, + .cert_sn_dev_loc = { + .zone = DEVZONE_NONE, + .slot = 0, + .is_genkey = 0, + .offset = 0, + .count = 0 + }, + .issue_date_format = DATEFMT_RFC5280_UTC, + .expire_date_format = DATEFMT_RFC5280_GEN, + .tbs_cert_loc = { + .offset = 4, + .count = 437 + }, + .expire_years = 50, + .public_key_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 14, + .is_genkey = 1, + .offset = 0, + .count = 64 + }, + .comp_cert_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 13, + .is_genkey = 0, + .offset = 0, + .count = 72 + }, + .std_cert_elements = { + { // STDCERT_PUBLIC_KEY + .offset = 292, + .count = 64 + }, + { // STDCERT_SIGNATURE + .offset = 453, + .count = 75 + }, + { // STDCERT_ISSUE_DATE + .offset = 134, + .count = 13 + }, + { // STDCERT_EXPIRE_DATE + .offset = 149, + .count = 15 + }, + { // STDCERT_SIGNER_ID + .offset = 261, + .count = 4 + }, + { // STDCERT_CERT_SN + .offset = 15, + .count = 4 + }, + { // STDCERT_AUTH_KEY_ID + .offset = 404, + .count = 20 + }, + { // STDCERT_SUBJ_KEY_ID + .offset = 371, + .count = 20 + }, + }, + .cert_elements = NULL, + .cert_elements_count = 0, + .cert_template = g_test_cert_template_7_signer, + .cert_template_size = sizeof(g_test_cert_template_7_signer), + .ca_cert_def = NULL +}; + +#endif diff --git a/test/atcacert/test_cert_def_7_signer.h b/test/atcacert/test_cert_def_7_signer.h new file mode 100644 index 000000000..29139a21e --- /dev/null +++ b/test/atcacert/test_cert_def_7_signer.h @@ -0,0 +1,8 @@ +#ifndef TEST_CERT_DEF_7_DEVICE_H +#define TEST_CERT_DEF_7_DEVICE_H + +#include "atcacert/atcacert_def.h" + +extern const atcacert_def_t g_test_cert_def_7_signer; + +#endif \ No newline at end of file diff --git a/test/atcacert/test_cert_def_8_signer.c b/test/atcacert/test_cert_def_8_signer.c new file mode 100644 index 000000000..fc9a6c9ae --- /dev/null +++ b/test/atcacert/test_cert_def_8_signer.c @@ -0,0 +1,113 @@ +#include "atca_test.h" +#ifndef DO_NOT_TEST_CERT +#include "atcacert/atcacert_def.h" + +const uint8_t g_test_signer_8_ca_public_key[64] = { + 0xC3, 0xEB, 0x13, 0xCA, 0x5E, 0xE0, 0xE7, 0x8F, 0x85, 0x40, 0xC9, 0x8D, 0x83, 0xBB, 0xA5, 0xDD, +0x28, 0x22, 0x5D, 0x0E, 0x41, 0x02, 0xC7, 0x71, 0x90, 0x76, 0x73, 0xC0, 0x53, 0x56, 0xBD, 0x99, +0x70, 0x74, 0xBC, 0xDF, 0xDC, 0xC1, 0xBF, 0x4F, 0xD3, 0x53, 0xF5, 0xC9, 0xEA, 0xE6, 0xAE, 0x1C, +0x4C, 0xB7, 0x59, 0x22, 0xEC, 0x97, 0x47, 0x9E, 0x67, 0x30, 0xF1, 0x9E, 0xC2, 0xF1, 0x3D, 0xE5 +}; + +const uint8_t g_test_cert_template_8_signer[] = { + 0x30, 0x82, 0x01, 0x7f, 0x30, 0x82, 0x01, 0x26, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0a, 0x40, +0x01, 0x23, 0x64, 0xdc, 0x66, 0x43, 0x69, 0xde, 0xee, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, +0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, +0x0c, 0x0f, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, +0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x32, 0x39, 0x31, 0x31, 0x30, 0x30, 0x30, +0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x35, 0x32, 0x39, 0x31, 0x31, 0x30, 0x30, 0x30, 0x30, +0x5a, 0x30, 0x1e, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x45, 0x78, +0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x20, 0x46, 0x46, 0x46, +0x46, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, +0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x8c, 0x21, 0x1a, 0xa2, +0x81, 0x46, 0x86, 0xa8, 0x90, 0x3b, 0x60, 0xe3, 0x72, 0xbd, 0xeb, 0x74, 0x87, 0x06, 0x4a, 0x9c, +0xf0, 0x1b, 0xf4, 0xa5, 0xd7, 0x2a, 0xb1, 0x38, 0xad, 0xe8, 0xd9, 0x66, 0xf8, 0x94, 0xb8, 0xa6, +0xa4, 0x9b, 0x03, 0xf2, 0xb4, 0x32, 0x0e, 0xba, 0xe1, 0x1b, 0x22, 0x02, 0x92, 0x53, 0xa1, 0x75, +0xff, 0x8b, 0xc1, 0x9c, 0x20, 0x49, 0x4d, 0x21, 0x5d, 0x19, 0x4c, 0xf1, 0xa3, 0x50, 0x30, 0x4e, +0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x57, 0x4c, 0xdb, 0x0d, 0xcc, +0x14, 0x78, 0x2c, 0x00, 0xe8, 0xbb, 0xe8, 0x20, 0xf3, 0x6b, 0x95, 0x68, 0x6a, 0xa2, 0xe6, 0x30, +0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb7, 0x28, 0x45, 0x77, +0x8e, 0xef, 0xcd, 0x07, 0xbf, 0x40, 0x92, 0x64, 0x36, 0x68, 0xaf, 0xa7, 0x7a, 0x3d, 0xcd, 0xb0, +0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0a, +0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, +0x20, 0x6b, 0x28, 0x28, 0xb4, 0x96, 0xf9, 0x05, 0x31, 0x91, 0x87, 0x23, 0x28, 0x9b, 0x42, 0x21, +0xe8, 0x27, 0x56, 0xad, 0xf3, 0xf1, 0x91, 0x27, 0x15, 0x2b, 0x13, 0xad, 0x15, 0xee, 0xc2, 0x95, +0xe2, 0x02, 0x20, 0x1f, 0x06, 0xc6, 0xf6, 0x10, 0x31, 0xff, 0xb5, 0x19, 0xf2, 0x32, 0x4d, 0x0e, +0x1d, 0x0d, 0xa8, 0xd6, 0x27, 0xcd, 0x92, 0xf4, 0x3f, 0x91, 0x8f, 0x8b, 0x8a, 0xa4, 0xb7, 0x5b, +0xd8, 0xc8, 0x27 +}; + +const atcacert_def_t g_test_cert_def_8_signer = { + .type = CERTTYPE_X509, + .template_id = 1, + .chain_id = 0, + .private_key_slot = 0, + .sn_source = SNSRC_DEVICE_SN, + .cert_sn_dev_loc = { + .zone = DEVZONE_NONE, + .slot = 0, + .is_genkey = 0, + .offset = 0, + .count = 0 + }, + .issue_date_format = DATEFMT_RFC5280_UTC, + .expire_date_format = DATEFMT_RFC5280_UTC, + .tbs_cert_loc = { + .offset = 4, + .count = 298 + }, + .expire_years = 5, + .public_key_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 1, + .is_genkey = 0, + .offset = 192, + .count = 64 + }, + .comp_cert_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 1, + .is_genkey = 0, + .offset = 0, + .count = 72 + }, + .std_cert_elements = { + { // STDCERT_PUBLIC_KEY + .offset = 156, + .count = 64 + }, + { // STDCERT_SIGNATURE + .offset = 314, + .count = 74 + }, + { // STDCERT_ISSUE_DATE + .offset = 69, + .count = 13 + }, + { // STDCERT_EXPIRE_DATE + .offset = 84, + .count = 13 + }, + { // STDCERT_SIGNER_ID + .offset = 125, + .count = 4 + }, + { // STDCERT_CERT_SN + .offset = 15, + .count = 10 + }, + { // STDCERT_AUTH_KEY_ID + .offset = 268, + .count = 20 + }, + { // STDCERT_SUBJ_KEY_ID + .offset = 235, + .count = 20 + } + }, + .cert_elements = NULL, + .cert_elements_count = 0, + .cert_template = g_test_cert_template_8_signer, + .cert_template_size = sizeof(g_test_cert_template_8_signer) +}; +#endif \ No newline at end of file diff --git a/test/atcacert/test_cert_def_8_signer.h b/test/atcacert/test_cert_def_8_signer.h new file mode 100644 index 000000000..c2277e30b --- /dev/null +++ b/test/atcacert/test_cert_def_8_signer.h @@ -0,0 +1,9 @@ +#ifndef TEST_CERT_DEF_8_SIGNER_H +#define TEST_CERT_DEF_8_SIGNER_H + +#include "atcacert/atcacert_def.h" + +extern const uint8_t g_test_signer_8_ca_public_key[]; +extern const atcacert_def_t g_test_cert_def_8_signer; + +#endif diff --git a/test/atcacert/test_cert_def_9_device.c b/test/atcacert/test_cert_def_9_device.c new file mode 100644 index 000000000..171428342 --- /dev/null +++ b/test/atcacert/test_cert_def_9_device.c @@ -0,0 +1,113 @@ +#include "atca_test.h" +#ifndef DO_NOT_TEST_CERT +#include "atcacert/atcacert_def.h" + +const uint8_t g_test_device_9_ca_public_key[64] = { + 0xC3, 0xEB, 0x13, 0xCA, 0x5E, 0xE0, 0xE7, 0x8F, 0x85, 0x40, 0xC9, 0x8D, 0x83, 0xBB, 0xA5, 0xDD, +0x28, 0x22, 0x5D, 0x0E, 0x41, 0x02, 0xC7, 0x71, 0x90, 0x76, 0x73, 0xC0, 0x53, 0x56, 0xBD, 0x99, +0x70, 0x74, 0xBC, 0xDF, 0xDC, 0xC1, 0xBF, 0x4F, 0xD3, 0x53, 0xF5, 0xC9, 0xEA, 0xE6, 0xAE, 0x1C, +0x4C, 0xB7, 0x59, 0x22, 0xEC, 0x97, 0x47, 0x9E, 0x67, 0x30, 0xF1, 0x9E, 0xC2, 0xF1, 0x3D, 0xE5 +}; + +const uint8_t g_test_cert_template_9_device[] = { + 0x30, 0x82, 0x01, 0x7f, 0x30, 0x82, 0x01, 0x26, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0a, 0x40, +0x01, 0x23, 0x64, 0xdc, 0x66, 0x43, 0x69, 0xde, 0xee, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, +0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, +0x0c, 0x0f, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, +0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x32, 0x39, 0x31, 0x31, 0x30, 0x30, 0x30, +0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x35, 0x32, 0x39, 0x31, 0x31, 0x30, 0x30, 0x30, 0x30, +0x5a, 0x30, 0x1e, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x45, 0x78, +0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x20, 0x46, 0x46, 0x46, +0x46, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, +0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x8c, 0x21, 0x1a, 0xa2, +0x81, 0x46, 0x86, 0xa8, 0x90, 0x3b, 0x60, 0xe3, 0x72, 0xbd, 0xeb, 0x74, 0x87, 0x06, 0x4a, 0x9c, +0xf0, 0x1b, 0xf4, 0xa5, 0xd7, 0x2a, 0xb1, 0x38, 0xad, 0xe8, 0xd9, 0x66, 0xf8, 0x94, 0xb8, 0xa6, +0xa4, 0x9b, 0x03, 0xf2, 0xb4, 0x32, 0x0e, 0xba, 0xe1, 0x1b, 0x22, 0x02, 0x92, 0x53, 0xa1, 0x75, +0xff, 0x8b, 0xc1, 0x9c, 0x20, 0x49, 0x4d, 0x21, 0x5d, 0x19, 0x4c, 0xf1, 0xa3, 0x50, 0x30, 0x4e, +0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x57, 0x4c, 0xdb, 0x0d, 0xcc, +0x14, 0x78, 0x2c, 0x00, 0xe8, 0xbb, 0xe8, 0x20, 0xf3, 0x6b, 0x95, 0x68, 0x6a, 0xa2, 0xe6, 0x30, +0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb7, 0x28, 0x45, 0x77, +0x8e, 0xef, 0xcd, 0x07, 0xbf, 0x40, 0x92, 0x64, 0x36, 0x68, 0xaf, 0xa7, 0x7a, 0x3d, 0xcd, 0xb0, +0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0a, +0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, +0x20, 0x6b, 0x28, 0x28, 0xb4, 0x96, 0xf9, 0x05, 0x31, 0x91, 0x87, 0x23, 0x28, 0x9b, 0x42, 0x21, +0xe8, 0x27, 0x56, 0xad, 0xf3, 0xf1, 0x91, 0x27, 0x15, 0x2b, 0x13, 0xad, 0x15, 0xee, 0xc2, 0x95, +0xe2, 0x02, 0x20, 0x1f, 0x06, 0xc6, 0xf6, 0x10, 0x31, 0xff, 0xb5, 0x19, 0xf2, 0x32, 0x4d, 0x0e, +0x1d, 0x0d, 0xa8, 0xd6, 0x27, 0xcd, 0x92, 0xf4, 0x3f, 0x91, 0x8f, 0x8b, 0x8a, 0xa4, 0xb7, 0x5b, +0xd8, 0xc8, 0x27 +}; + +const atcacert_def_t g_test_cert_def_9_device = { + .type = CERTTYPE_X509, + .template_id = 1, + .chain_id = 0, + .private_key_slot = 0, + .sn_source = SNSRC_DEVICE_SN, + .cert_sn_dev_loc = { + .zone = DEVZONE_NONE, + .slot = 0, + .is_genkey = 0, + .offset = 0, + .count = 0 + }, + .issue_date_format = DATEFMT_RFC5280_UTC, + .expire_date_format = DATEFMT_RFC5280_UTC, + .tbs_cert_loc = { + .offset = 4, + .count = 298 + }, + .expire_years = 5, + .public_key_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 1, + .is_genkey = 0, + .offset = 256, + .count = 64 + }, + .comp_cert_dev_loc = { + .zone = DEVZONE_DATA, + .slot = 1, + .is_genkey = 0, + .offset = 96, + .count = 72 + }, + .std_cert_elements = { + { // STDCERT_PUBLIC_KEY + .offset = 156, + .count = 64 + }, + { // STDCERT_SIGNATURE + .offset = 314, + .count = 74 + }, + { // STDCERT_ISSUE_DATE + .offset = 69, + .count = 13 + }, + { // STDCERT_EXPIRE_DATE + .offset = 84, + .count = 13 + }, + { // STDCERT_SIGNER_ID + .offset = 125, + .count = 4 + }, + { // STDCERT_CERT_SN + .offset = 15, + .count = 10 + }, + { // STDCERT_AUTH_KEY_ID + .offset = 268, + .count = 20 + }, + { // STDCERT_SUBJ_KEY_ID + .offset = 235, + .count = 20 + } + }, + .cert_elements = NULL, + .cert_elements_count = 0, + .cert_template = g_test_cert_template_9_device, + .cert_template_size = sizeof(g_test_cert_template_9_device) +}; +#endif \ No newline at end of file diff --git a/test/atcacert/test_cert_def_9_device.h b/test/atcacert/test_cert_def_9_device.h new file mode 100644 index 000000000..42f94ce3a --- /dev/null +++ b/test/atcacert/test_cert_def_9_device.h @@ -0,0 +1,9 @@ +#ifndef TEST_CERT_DEF_9_DEVICE_H +#define TEST_CERT_DEF_9_DEVICE_H + +#include "atcacert/atcacert_def.h" + +extern const uint8_t g_test_signer_9_ca_public_key[]; +extern const atcacert_def_t g_test_cert_def_9_device; + +#endif diff --git a/test/cmd-processor.c b/test/cmd-processor.c index 484d3a1cc..aa373a5e6 100644 --- a/test/cmd-processor.c +++ b/test/cmd-processor.c @@ -41,7 +41,7 @@ #include "api_calib/test_calib.h" #endif -#if ATCA_CA_SUPPORT && !defined(DO_NOT_TEST_CERT) +#if ((ATCA_CA_SUPPORT) || (ATCA_CA2_CERT_SUPPORT)) && !defined(DO_NOT_TEST_CERT) #include "atcacert/test_atcacert.h" #endif diff --git a/test/tng/tng_atcacert_client_test.c b/test/tng/tng_atcacert_client_test.c index 956fd0bfd..78f58d46b 100644 --- a/test/tng/tng_atcacert_client_test.c +++ b/test/tng/tng_atcacert_client_test.c @@ -145,7 +145,7 @@ TEST(tng_atcacert_client, tng_atcacert_read_signer_cert) #if ATCA_HOSTLIB_EN struct atcac_pk_ctx * pkey_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) pkey_ctx = atcac_pk_ctx_new(); #else atcac_pk_ctx_t pkey_ctx_inst; @@ -168,7 +168,7 @@ TEST(tng_atcacert_client, tng_atcacert_read_signer_cert) TEST_ASSERT(is_verified); #endif -#if ATCA_HOSTLIB_EN && (defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP)) +#if ATCA_HOSTLIB_EN && (defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP)) if (NULL != pkey_ctx) { atcac_pk_ctx_free(pkey_ctx); @@ -283,7 +283,7 @@ TEST(tng_atcacert_client, tng_atcacert_read_device_cert_no_signer) #if ATCA_HOSTLIB_EN struct atcac_pk_ctx * pkey_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) pkey_ctx = atcac_pk_ctx_new(); #else atcac_pk_ctx_t pkey_ctx_inst; @@ -306,7 +306,7 @@ TEST(tng_atcacert_client, tng_atcacert_read_device_cert_no_signer) TEST_ASSERT(is_verified); #endif -#if ATCA_HOSTLIB_EN && (defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP)) +#if ATCA_HOSTLIB_EN && (defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP)) if (NULL != pkey_ctx) { atcac_pk_ctx_free(pkey_ctx); @@ -362,7 +362,7 @@ TEST(tng_atcacert_client, tng_atcacert_read_device_cert_signer) #if ATCA_HOSTLIB_EN struct atcac_pk_ctx * pkey_ctx; -#if defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP) +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) pkey_ctx = atcac_pk_ctx_new(); #else atcac_pk_ctx_t pkey_ctx_inst; @@ -384,7 +384,86 @@ TEST(tng_atcacert_client, tng_atcacert_read_device_cert_signer) TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); TEST_ASSERT(is_verified); #endif -#if ATCA_HOSTLIB_EN && (defined(ATCA_BUILD_SHARED_LIBS) || !defined(ATCA_NO_HEAP)) +#if ATCA_HOSTLIB_EN && (defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP)) + if (NULL != pkey_ctx) + { + atcac_pk_ctx_free(pkey_ctx); + } +#endif + +} + +TEST(tng_atcacert_client, tng_atcacert_read_device_cert_signer_with_ext_api) +{ + int ret; + uint8_t signer_cert[1024]; + size_t signer_cert_size = 0; + uint8_t cert[1024]; + size_t cert_size = 0; + const atcacert_def_t* cert_def = NULL; + uint8_t ca_public_key[ATCA_ECCP256_PUBKEY_SIZE]; + uint8_t tbs_digest[ATCA_SHA2_256_DIGEST_SIZE]; + uint8_t signature[ATCA_ECCP256_SIG_SIZE]; + + ret = tng_atcacert_max_signer_cert_size(&signer_cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT(sizeof(signer_cert) >= signer_cert_size); + + ret = tng_atcacert_read_signer_cert(signer_cert, &signer_cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = tng_atcacert_max_device_cert_size(&cert_size); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + TEST_ASSERT(sizeof(cert) >= cert_size); + + ret = tng_atcacert_read_device_cert(cert, &cert_size, signer_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = tng_atcacert_signer_public_key(ca_public_key, signer_cert); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = (int)tng_get_device_cert_def_ext(atcab_get_device(), &cert_def); + TEST_ASSERT_EQUAL(ATCACERT_E_SUCCESS, ret); + + ret = atcacert_get_tbs_digest( + cert_def, + cert, + cert_size, + tbs_digest); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + + ret = atcacert_get_signature( + cert_def, + cert, + cert_size, + signature); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + +#if ATCA_HOSTLIB_EN + struct atcac_pk_ctx * pkey_ctx; +#if defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP) + pkey_ctx = atcac_pk_ctx_new(); +#else + atcac_pk_ctx_t pkey_ctx_inst; + pkey_ctx = &pkey_ctx_inst; +#endif + ret = atcac_pk_init(pkey_ctx, ca_public_key, sizeof(ca_public_key), 0, true); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + + ret = atcac_pk_verify(pkey_ctx, tbs_digest, sizeof(tbs_digest), signature, sizeof(signature)); + + /* Make sure to free the key before testing the result of the verify */ + atcac_pk_free(pkey_ctx); + + /* Check verification result */ + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); +#elif CALIB_VERIFY_EXTERN_EN || TALIB_VERIFY_EXTERN_EN + bool is_verified = false; + ret = atcab_verify_extern(tbs_digest, signature, ca_public_key, &is_verified); + TEST_ASSERT_EQUAL(ATCA_SUCCESS, ret); + TEST_ASSERT(is_verified); +#endif +#if ATCA_HOSTLIB_EN && (defined(ATCA_BUILD_SHARED_LIBS) || defined(ATCA_HEAP)) if (NULL != pkey_ctx) { atcac_pk_ctx_free(pkey_ctx); @@ -467,6 +546,7 @@ t_test_case_info tng_atcacert_client_unit_test_info[] = { REGISTER_TEST_CASE(tng_atcacert_client, tng_atcacert_max_device_cert_size), atca_test_cond_ecc608 }, { REGISTER_TEST_CASE(tng_atcacert_client, tng_atcacert_read_device_cert_no_signer), atca_test_cond_ecc608 }, { REGISTER_TEST_CASE(tng_atcacert_client, tng_atcacert_read_device_cert_signer), atca_test_cond_ecc608 }, + { REGISTER_TEST_CASE(tng_atcacert_client, tng_atcacert_read_device_cert_signer_with_ext_api), atca_test_cond_ecc608 }, { REGISTER_TEST_CASE(tng_atcacert_client, tng_atcacert_device_public_key_no_cert), atca_test_cond_ecc608 }, { REGISTER_TEST_CASE(tng_atcacert_client, tng_atcacert_device_public_key_cert), atca_test_cond_ecc608 }, #endif diff --git a/test/vectors/aesmmt_cbc_cavp_vectors/CBCMMT128.rsp b/test/vectors/aesmmt_cbc_cavp_vectors/CBCMMT128.rsp new file mode 100644 index 000000000..c0a6aec00 --- /dev/null +++ b/test/vectors/aesmmt_cbc_cavp_vectors/CBCMMT128.rsp @@ -0,0 +1,131 @@ +# CAVS 11.1 +# Config info for aes_values +# AESVS MMT test data for CBC +# State : Encrypt and Decrypt +# Key Length : 128 +# Generated on Fri Apr 22 15:11:33 2011 + +[ENCRYPT] + +COUNT = 0 +KEY = 1f8e4973953f3fb0bd6b16662e9a3c17 +IV = 2fe2b333ceda8f98f4a99b40d2cd34a8 +PLAINTEXT = 45cf12964fc824ab76616ae2f4bf0822 +CIPHERTEXT = 0f61c4d44c5147c03c195ad7e2cc12b2 + +COUNT = 1 +KEY = 0700d603a1c514e46b6191ba430a3a0c +IV = aad1583cd91365e3bb2f0c3430d065bb +PLAINTEXT = 068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91 +CIPHERTEXT = c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00 + +COUNT = 2 +KEY = 3348aa51e9a45c2dbe33ccc47f96e8de +IV = 19153c673160df2b1d38c28060e59b96 +PLAINTEXT = 9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599 +CIPHERTEXT = d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5 + +COUNT = 3 +KEY = b7f3c9576e12dd0db63e8f8fac2b9a39 +IV = c80f095d8bb1a060699f7c19974a1aa0 +PLAINTEXT = 9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e +CIPHERTEXT = 19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467 + +COUNT = 4 +KEY = b6f9afbfe5a1562bba1368fc72ac9d9c +IV = 3f9d5ebe250ee7ce384b0d00ee849322 +PLAINTEXT = db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1 +CIPHERTEXT = 10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9 + +COUNT = 5 +KEY = bbe7b7ba07124ff1ae7c3416fe8b465e +IV = 7f65b5ee3630bed6b84202d97fb97a1e +PLAINTEXT = 2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187 +CIPHERTEXT = 3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe + +COUNT = 6 +KEY = 89a553730433f7e6d67d16d373bd5360 +IV = f724558db3433a523f4e51a5bea70497 +PLAINTEXT = 807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625 +CIPHERTEXT = 406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a + +COUNT = 7 +KEY = c491ca31f91708458e29a925ec558d78 +IV = 9ef934946e5cd0ae97bd58532cb49381 +PLAINTEXT = cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d +CIPHERTEXT = 7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2 + +COUNT = 8 +KEY = f6e87d71b0104d6eb06a68dc6a71f498 +IV = 1c245f26195b76ebebc2edcac412a2f8 +PLAINTEXT = f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729 +CIPHERTEXT = b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365 + +COUNT = 9 +KEY = 2c14413751c31e2730570ba3361c786b +IV = 1dbbeb2f19abb448af849796244a19d7 +PLAINTEXT = 40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f +CIPHERTEXT = 6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b + +[DECRYPT] + +COUNT = 0 +KEY = 6a7082cf8cda13eff48c8158dda206ae +IV = bd4172934078c2011cb1f31cffaf486e +CIPHERTEXT = f8eb31b31e374e960030cd1cadb0ef0c +PLAINTEXT = 940bc76d61e2c49dddd5df7f37fcf105 + +COUNT = 1 +KEY = 625eefa18a4756454e218d8bfed56e36 +IV = 73d9d0e27c2ec568fbc11f6a0998d7c8 +CIPHERTEXT = 5d6fed86f0c4fe59a078d6361a142812514b295dc62ff5d608a42ea37614e6a1 +PLAINTEXT = 360dc1896ce601dfb2a949250067aad96737847a4580ede2654a329b842fe81e + +COUNT = 2 +KEY = fd6e0b954ae2e3b723d6c9fcae6ab09b +IV = f08b65c9f4dd950039941da2e8058c4e +CIPHERTEXT = e29e3114c8000eb484395b256b1b3267894f290d3999819ff35da03e6463c186c4d7ebb964941f1986a2d69572fcaba8 +PLAINTEXT = a206385945b21f812a9475f47fddbb7fbdda958a8d14c0dbcdaec36e8b28f1f6ececa1ceae4ce17721d162c1d42a66c1 + +COUNT = 3 +KEY = 7b1ab9144b0239315cd5eec6c75663bd +IV = 0b1e74f45c17ff304d99c059ce5cde09 +CIPHERTEXT = d3f89b71e033070f9d7516a6cb4ea5ef51d6fb63d4f0fea089d0a60e47bbb3c2e10e9ba3b282c7cb79aefe3068ce228377c21a58fe5a0f8883d0dbd3d096beca +PLAINTEXT = b968aeb199ad6b3c8e01f26c2edad444538c78bfa36ed68ca76123b8cdce615a01f6112bb80bfc3f17490578fb1f909a52e162637b062db04efee291a1f1af60 + +COUNT = 4 +KEY = 36466b6bd25ea3857ea42f0cac1919b1 +IV = 7186fb6bdfa98a16189544b228f3bcd3 +CIPHERTEXT = 9ed957bd9bc52bba76f68cfbcde52157a8ca4f71ac050a3d92bdebbfd7c78316b4c9f0ba509fad0235fdafe90056ad115dfdbf08338b2acb1c807a88182dd2a882d1810d4302d598454e34ef2b23687d +PLAINTEXT = 999983467c47bb1d66d7327ab5c58f61ddb09b93bd2460cb78cbc12b5fa1ea0c5f759ccc5e478697687012ff4673f6e61eecaeda0ccad2d674d3098c7d17f887b62b56f56b03b4d055bf3a4460e83efa + +COUNT = 5 +KEY = 89373ee6e28397640d5082eed4123239 +IV = 1a74d7c859672c804b82472f7e6d3c6b +CIPHERTEXT = 1bcba44ddff503db7c8c2ec4c4eea0e827957740cce125c1e11769842fa97e25f1b89269e6d77923a512a358312f4ba1cd33f2d111280cd83e1ef9e7cf7036d55048d5c273652afa611cc81b4e9dac7b5078b7c4716062e1032ead1e3329588a +PLAINTEXT = 45efd00daa4cdc8273ef785cae9e944a7664a2391e1e2c449f475acec0124bbc22944331678617408a1702917971f4654310ffb9229bec6173715ae512d37f93aaa6abf009f7e30d65669d1db0366b5bce4c7b00f871014f5753744a1878dc57 + +COUNT = 6 +KEY = bab0cceddc0abd63e3f82e9fbff7b8aa +IV = 68b9140f300490c5c942f66e777eb806 +CIPHERTEXT = c65b94b1f291fa9f0600f22c3c0432c895ad5d177bcccc9ea44e8ec339c9adf43855b326179d6d81aa36ef59462fd86127e9d81b0f286f93306bf74d4c79e47c1b3d4b74edd3a16290e3c63b742e41f20d66ceee794316bb63d3bd002712a1b136ba6185bd5c1dab81b07db90d2af5e5 +PLAINTEXT = c5585ff215bbb73ba5393440852fb199436de0d15e55c631f877670aa3eda9f672eb1f876f09544e63558436b8928000db2f02a5ad90f95b05ac4cf49e198e617e7678480fdf0efacc6aae691271e6cdd3541ebf719a1ccaedb24e2f80f92455dd5910cb5086b0960a3942ec182dcbd7 + +COUNT = 7 +KEY = 9c702898efa44557b29ed283f5bc0293 +IV = cec6e1b82e8b2a591a9fa5ff1cf5cc51 +CIPHERTEXT = ba9f646755dacc22911f51d7de2f7e7cb0bc0b75257ea44fe883edb055c7c28ede04c3a0adcb10128ad4517d0093fa16bb0bcd2635e7a0ba92c7609bc8d8568002a7a983473724d256513aa7d51b477aabec1975ab5faf2872a6407e922180eff02f1ef86a4591c8bd3d143da6f0ef0e4806f94ace0d5b0151c99640fccbc843 +PLAINTEXT = 1d1f8d81bdc3e2c7cb057f408e6450000c5aaed3260ff1e87fbb6f324df6887ffd8f78d7e2a04c9ed9deda9d64482d2b002f4a2b78d8b4f691875c8295d4a64b22257ceaf713ed2f4b92530d7ad7151d629acda882b4829577a43990b0948c1149c22fe4273656d1b08833930e8b06709a94579a78fc220f7057bbc1fa9f6563 + +COUNT = 8 +KEY = 5674636dbdb38f705f0b08c372ef4785 +IV = 3f20ce0509b57420d53b6be4d0b7f0a9 +CIPHERTEXT = 198351f453103face6655666fe90bdbd9630e3733b2d66c013a634e91f2bf015bd2d975d71b26322e44defa32d4e9dce50363557046ece08ba38f258dae5fd3e5049c647476c81e73482e40c171d89f9fea29452caf995733589b0061464fbd5dabe27dc5ea463a3deeb7dcb43664ae6a65c498c143883ab8e83b51e5410b181647602443dc3cfffe86f0205398fa83c +PLAINTEXT = 6d40fd2f908f48ce19241b6b278b1b1676dffd4a97ce9f8a1574c33bc59237deb536bee376fd6c381e6987700e39283aa111cf1a59f26fae6fb6700bf012646a2ab80239bf5e1632329043aa87d7911978b36523a2bc0bed9a9737ccf7a00baa2f3822b4e9e742e168e7069290705fed2eb63aa044b78f97dd33a8d6b24741ec1fd8c8db79d93b884e762dba0f406961 + +COUNT = 9 +KEY = 97a1025529b9925e25bbe78770ca2f99 +IV = d4b4eab92aa9637e87d366384ed6915c +CIPHERTEXT = 22cdc3306fcd4d31ccd32720cbb61bad28d855670657c48c7b88c31f4fa1f93c01b57da90be63ead67d6a325525e6ed45083e6fb70a53529d1fa0f55653b942af59d78a2660361d63a7290155ac5c43312a25b235dacbbc863faf00940c99624076dfa44068e7c554c9038176953e571751dfc0954d41d113771b06466b1c8d13e0d4cb675ed58d1a619e1540970983781dc11d2dd8525ab5745958d615defda +PLAINTEXT = e8b89150d8438bf5b17449d6ed26bd72127e10e4aa57cad85283e8359e089208e84921649f5b60ea21f7867cbc9620560c4c6238db021216db453c9943f1f1a60546173daef2557c3cdd855031b353d4bf176f28439e48785c37d38f270aa4a6faad2baabcb0c0b2d1dd5322937498ce803ba1148440a52e227ddba4872fe4d81d2d76a939d24755adb8a7b8452ceed2d179e1a5848f316f5c016300a390bfa7 +