demo/secure_element/resources/generation_scripts/cert2certdef.py

1 

2 import sys

3 import string

4 import datetime

5 import argparse

6 

7 try:

8  from pyasn1_modules import pem, rfc2459, rfc3279, rfc2314

9  from pyasn1.codec.der import decoder, encoder

10  from pyasn1.type import univ

11 except:

12  sys.stdout.write("\n\n\n*** You must install the python package 'pyasn1_modules' first. Run the command:\n\n" + \

13  " pip install pyasn1_modules\n\n" + \

14  "More details here: https://pypi.org/project/pyasn1-modules\n\n\n")

15 

16 

17 def main():

18  # Create argument parser to document script use

19  parser = argparse.ArgumentParser(description='Generate atcacert_def_t structure from sample certificate.')

20  group = parser.add_mutually_exclusive_group(required=True)

21  group.add_argument(

22  '--signer-cert',

23  dest='signer_cert_filename',

24  nargs='?',

25  default=None,

26  metavar='file',

27  help='Generate signer certificate definition from sample certificate.')

28  group.add_argument(

29  '--device-cert',

30  dest='device_cert_filename',

31  nargs='?',

32  default=None,

33  metavar='file',

34  help='Generate device certificate definition from sample certificate.')

35  group.add_argument(

36  '--device-csr',

37  dest='device_csr_filename',

38  nargs='?',

39  default=None,

40  metavar='file',

41  help='Generate device CSR definition from sample CSR.')

42  args = parser.parse_args()

43 

44  if args.signer_cert_filename is not None:

45  print(gen_cert_def_c_signer(args.signer_cert_filename))

46  return

47 

48  if args.device_cert_filename is not None:

49  print(gen_cert_def_c_device(args.device_cert_filename))

50  return

51 

52  if args.device_csr_filename is not None:

53  print(gen_cert_def_c_device_csr(args.device_csr_filename))

54  return

55 

56 

57 

58 

59 def gen_cert_def_c_signer(cert_path):

60  cert_der = pem.readPemFromFile(open(cert_path))

61 

62  cert = decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0]

63 

64  params = {}

65 

66  # CA public key needs to be handled dynamically in the kit, so we can use fake data for now

67  params['ca_public_key'] = bin_to_c_hex(bytearray('\x00'*64))

68 

69  info = cert_sn_offset_length(cert)

70  params['cert_sn_cert_loc_offset'] = info['offset']

71  params['cert_sn_cert_loc_count'] = info['length']

72  if info['length'] < 1 or info['length'] > 20:

73  raise ValueError('Invalid certificate SN length (no more than 20 bytes).')

74 

75  not_before = set_time_params(params, cert, 'notBefore')

76  not_after = set_time_params(params, cert, 'notAfter')

77 

78  expire_years = not_after.year - not_before.year

79  if expire_years < 1 or expire_years > 31:

80  expire_years = 0

81  params['expire_years'] = expire_years

82 

83  info = cert_signer_id_offset_length(cert, 'subject')

84  params['signer_id_cert_loc_offset'] = info['offset']

85  params['signer_id_cert_loc_count'] = info['length']

86 

87  info = cert_public_key_offset_length(cert)

88  params['public_key_cert_loc_offset'] = info['offset']

89  params['public_key_cert_loc_count'] = info['length']

90 

91  info = cert_subj_key_id_offset_length(cert)

92  if info is not None:

93  params['subj_key_id_cert_loc_offset'] = info['offset']

94  params['subj_key_id_cert_loc_count'] = info['length']

95  else:

96  params['subj_key_id_cert_loc_offset'] = 0

97  params['subj_key_id_cert_loc_count'] = 0

98 

99  info = cert_auth_key_id_offset_length(cert)

100  if info is not None:

101  params['auth_key_id_cert_loc_offset'] = info['offset']

102  params['auth_key_id_cert_loc_count'] = info['length']

103  else:

104  params['auth_key_id_cert_loc_offset'] = 0

105  params['auth_key_id_cert_loc_count'] = 0

106 

107  info = cert_tbs_offset_length(cert)

108  params['tbs_cert_loc_offset'] = info['offset']

109  params['tbs_cert_loc_count'] = info['length']

110 

111  info = cert_sig_offset_length(cert)

112  params['signature_cert_loc_offset'] = info['offset']

113  params['signature_cert_loc_count'] = info['length']

114 

115  params['cert_template'] = bin_to_c_hex(cert_der)

116 

117  return bytearray(string.Template(cert_def_1_signer_c).substitute(params))

118 

119 

120 def gen_cert_def_c_device(cert_path):

121  cert_der = pem.readPemFromFile(open(cert_path))

122 

123  cert = decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0]

124 

125  params = {}

126 

127  info = cert_sn_offset_length(cert)

128  params['cert_sn_cert_loc_offset'] = info['offset']

129  params['cert_sn_cert_loc_count'] = info['length']

130  if info['length'] < 1 or info['length'] > 20:

131  raise ValueError('Invalid certificate SN length (no more than 20 bytes).')

132 

133  info = cert_signer_id_offset_length(cert, 'issuer')

134  params['signer_id_cert_loc_offset'] = info['offset']

135  params['signer_id_cert_loc_count'] = info['length']

136 

137  not_before = set_time_params(params, cert, 'notBefore')

138  not_after = set_time_params(params, cert, 'notAfter')

139 

140  expire_years = not_after.year - not_before.year

141  if expire_years < 1 or expire_years > 31:

142  expire_years = 0

143  # Don't bother re-setting notAfter

144  params['expire_date_cert_loc_offset'] = 0

145  params['expire_date_cert_loc_count'] = 0

146  params['expire_years'] = expire_years

147 

148  info = cert_public_key_offset_length(cert)

149  params['public_key_cert_loc_offset'] = info['offset']

150  params['public_key_cert_loc_count'] = info['length']

151 

152  info = cert_subj_key_id_offset_length(cert)

153  if info is not None:

154  params['subj_key_id_cert_loc_offset'] = info['offset']

155  params['subj_key_id_cert_loc_count'] = info['length']

156  else:

157  params['subj_key_id_cert_loc_offset'] = 0

158  params['subj_key_id_cert_loc_count'] = 0

159 

160  info = cert_auth_key_id_offset_length(cert)

161  if info is not None:

162  params['auth_key_id_cert_loc_offset'] = info['offset']

163  params['auth_key_id_cert_loc_count'] = info['length']

164  else:

165  params['auth_key_id_cert_loc_offset'] = 0

166  params['auth_key_id_cert_loc_count'] = 0

167 

168  info = cert_tbs_offset_length(cert)

169  params['tbs_cert_loc_offset'] = info['offset']

170  params['tbs_cert_loc_count'] = info['length']

171 

172  info = cert_sig_offset_length(cert)

173  params['signature_cert_loc_offset'] = info['offset']

174  params['signature_cert_loc_count'] = info['length']

175 

176  params['cert_template'] = bin_to_c_hex(cert_der)

177 

178  return bytearray(string.Template(cert_def_2_device_c).substitute(params))

179 

180 

181 def gen_cert_def_c_device_csr(csr_path):

182  csr_der = pem.readPemFromFile(

183  open(csr_path),

184  startMarker='-----BEGIN CERTIFICATE REQUEST-----',

185  endMarker='-----END CERTIFICATE REQUEST-----')

186 

187 

188  # Use the device certificate to create a CSR template

189  csr = decoder.decode(csr_der, asn1Spec=rfc2314.CertificationRequest())[0]

190 

191  params = {}

192 

193  info = csr_public_key_offset_length(csr)

194  params['public_key_cert_loc_offset'] = info['offset']

195  params['public_key_cert_loc_count'] = info['length']

196 

197  info = cert_tbs_offset_length(csr) # cert TBS works for CSR too

198  params['tbs_cert_loc_offset'] = info['offset']

199  params['tbs_cert_loc_count'] = info['length']

200 

201  info = cert_sig_offset_length(csr) # cert sig works for CSR too

202  params['signature_cert_loc_offset'] = info['offset']

203  params['signature_cert_loc_count'] = info['length']

204 

205  params['cert_template'] = bin_to_c_hex(csr_der)

206 

207  return bytearray(string.Template(cert_def_3_device_csr_c).substitute(params))

208 

209 

210 

211 

212 

213 def set_time_params(params, cert, name):

214  if name == 'notBefore':

215  param_prefix = 'issue_date'

216  elif name == 'notAfter':

217  param_prefix = 'expire_date'

218 

219  info = cert_time_offset_length(cert, name)

220  params[param_prefix + '_cert_loc_offset'] = info['offset']

221  params[param_prefix + '_cert_loc_count'] = info['length']

222 

223  if info['length'] == 13:

224  params[param_prefix + '_format'] = 'DATEFMT_RFC5280_UTC'

225  time_str = str(cert['tbsCertificate']['validity'][name][0])

226  dt = datetime.datetime.strptime(time_str, '%y%m%d%H%M%SZ')

227  elif info['length'] == 15:

228  params[param_prefix + '_format'] = 'DATEFMT_RFC5280_GEN'

229  time_str = str(cert['tbsCertificate']['validity'][name][1])

230  dt = datetime.datetime.strptime(time_str, '%Y%m%d%H%M%SZ')

231  else:

232  raise ValueError(name + ' date has invalid length')

233 

234  return dt

235 

236 def bin_to_c_hex(data):

237  data = bytearray(data)

238  c_hex = ""

239  for i in range(0, len(data)):

240  if i != 0:

241  c_hex += ','

242  if i % 16 == 0:

243  if i != 0:

244  c_hex += '\n'

245  c_hex += ' '

246  elif i % 8 == 0:

247  c_hex += ' '

248  else:

249  c_hex += ' '

250  c_hex += '0x%02X' % data[i]

251 

252  return c_hex

253 

254 def cert_sn_offset_length(cert):

255  sn_der = bytearray(encoder.encode(cert['tbsCertificate']['serialNumber']))

256  int_info = der_value_offset_length(sn_der)

257  msb_idx = int_info['offset']

258  if sn_der[msb_idx] & 0x80:

259  if sn_der[msb_idx] == 0x81:

260  sn_der[msb_idx] = 0x82

261  else:

262  sn_der[msb_idx] = 0x81

263  else:

264  if sn_der[msb_idx] == 0x01:

265  sn_der[msb_idx] = 0x02

266  else:

267  sn_der[msb_idx] = 0x01

268  cert_der = encoder.encode(cert)

269  cert_mod = decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0]

270  cert_mod['tbsCertificate']['serialNumber'] = decoder.decode(bytes(sn_der))[0]

271 

272  return {'offset':diff_offset(cert_der, encoder.encode(cert_mod)), 'length':int_info['length']}

273 

274 def cert_signer_id_offset_length(cert, name):

275  name_der = bytearray(encoder.encode(cert['tbsCertificate'][name]))

276  name_der = name_der.replace(b'FFFF', b'0000')

277 

278  cert_der = encoder.encode(cert)

279  cert_mod = decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0]

280  cert_mod['tbsCertificate'][name] = decoder.decode(bytes(name_der))[0]

281 

282  return {'offset':diff_offset(cert_der, encoder.encode(cert_mod)), 'length':4}

283 

284 def cert_time_offset_length(cert, name):

285  cert_der = encoder.encode(cert)

286  cert_mod = decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0]

287  time_str = str(cert_mod['tbsCertificate']['validity'][name].getComponent())

288  time_str = chr(ord(time_str[0]) + 1) + time_str[1:]

289  cert_mod['tbsCertificate']['validity'][name] = cert_mod['tbsCertificate']['validity'][name].getComponent().clone(

290  value=time_str)

291 

292  return {'offset': diff_offset(cert_der, encoder.encode(cert_mod)), 'length': len(time_str)}

293 

294 def cert_public_key_offset_length(cert):

295  pk_der = bytearray(encoder.encode(cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']))

296  pk_info = der_value_offset_length(pk_der)

297  # Skip the unused bits field and key compression byte

298  pk_der[pk_info['offset']+2] ^= 0xFF

299 

300  cert_der = encoder.encode(cert)

301  cert_mod = decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0]

302  cert_mod['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'] = decoder.decode(bytes(pk_der))[0]

303 

304  return {'offset':diff_offset(cert_der, encoder.encode(cert_mod)), 'length':pk_info['length']-2}

305 

306 def csr_public_key_offset_length(csr):

307  pk_der = bytearray(encoder.encode(csr['certificationRequestInfo']['subjectPublicKeyInfo']['subjectPublicKey']))

308  pk_info = der_value_offset_length(pk_der)

309  # Skip the unused bits field and key compression byte

310  pk_der[pk_info['offset']+2] ^= 0xFF

311 

312  csr_der = encoder.encode(csr)

313  csr_mod = decoder.decode(csr_der, asn1Spec=rfc2314.CertificationRequest())[0]

314  csr_mod['certificationRequestInfo']['subjectPublicKeyInfo']['subjectPublicKey'] = decoder.decode(bytes(pk_der))[0]

315 

316  return {'offset':diff_offset(csr_der, encoder.encode(csr_mod)), 'length':pk_info['length']-2}

317 

318 def cert_subj_key_id_offset_length(cert):

319  cert_der = encoder.encode(cert)

320  cert_mod = decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0]

321  for ext in cert_mod['tbsCertificate']['extensions']:

322  if ext['extnID'] == rfc2459.id_ce_subjectKeyIdentifier:

323  extn_value = decoder.decode(ext['extnValue'], asn1Spec=rfc2459.SubjectKeyIdentifier())[0]

324  key_id = bytearray(extn_value)

325  key_id[0] ^= 0xFF # Change first byte

326 

327  extn_value = rfc2459.SubjectKeyIdentifier(key_id)

328  ext['extnValue'] = univ.OctetString(encoder.encode(extn_value))

329 

330  return {'offset':diff_offset(cert_der, encoder.encode(cert_mod)), 'length':len(key_id)}

331  return None

332 

333 def cert_auth_key_id_offset_length(cert):

334  cert_der = encoder.encode(cert)

335  cert_mod = decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0]

336  for ext in cert_mod['tbsCertificate']['extensions']:

337  if ext['extnID'] == rfc2459.id_ce_authorityKeyIdentifier:

338  extn_value = decoder.decode(ext['extnValue'], asn1Spec=rfc2459.AuthorityKeyIdentifier())[0]

339  #auth_key_id = decoder.decode(extn_value, asn1Spec=rfc2459.AuthorityKeyIdentifier())[0]

340  key_id = bytearray(extn_value['keyIdentifier'])

341  key_id[0] ^= 0xFF # Change first byte

342 

343  extn_value['keyIdentifier'] = extn_value['keyIdentifier'].clone(value=key_id)

344  ext['extnValue'] = univ.OctetString(encoder.encode(extn_value))

345 

346  return {'offset':diff_offset(cert_der, encoder.encode(cert_mod)), 'length':len(key_id)}

347  return None

348 

349 def cert_tbs_offset_length(cert):

350  cert_der = encoder.encode(cert)

351  cert_info = der_value_offset_length(cert_der)

352  tbs_info = der_value_offset_length(cert_der[cert_info['offset']:])

353 

354  return {'offset':cert_info['offset'], 'length':(tbs_info['offset'] + tbs_info['length'])}

355 

356 def cert_sig_offset_length(cert):

357  cert_der = encoder.encode(cert)

358 

359  cert_info = der_value_offset_length(cert_der)

360  offset = cert_info['offset']

361 

362  tbs_info = der_value_offset_length(cert_der[offset:])

363  offset += tbs_info['offset'] + tbs_info['length']

364 

365  alg_info = der_value_offset_length(cert_der[offset:])

366  offset += alg_info['offset'] + alg_info['length']

367 

368  sig_info = der_value_offset_length(cert_der[offset:])

369 

370  return {'offset':offset, 'length':(sig_info['offset'] + sig_info['length'])}

371 

372 def der_value_offset_length(der):

373  """Returns the offset and length of the value part of the DER tag-length-value object."""

374 

375  der = bytearray(der)

376  tag_len = 1 # Assume 1 byte tag

377 

378  if der[tag_len] < 0x80:

379  # Length is short-form, only 1 byte

380  len_len = 0

381  len = der[tag_len]

382  else:

383  # Length is long-form, lower 7 bits indicates how many additional bytes are required

384  len_len = (der[tag_len] & 0x7F)

385 

386  if len_len == 1:

387  len = der[tag_len+1]

388  elif len_len == 2:

389  len = (der[tag_len+1] << 8) | der[tag_len+2]

390  elif len_len == 3:

391  len = (der[tag_len+1] << 16) | (der[tag_len+2] << 8) | der[tag_len+3]

392 

393  return {'offset':tag_len+1+len_len, 'length':len}

394 

395 def diff_offset(base, diff):

396  """Return the index where the two parameters differ."""

397  if len(base) != len(diff):

398  raise ValueError('len(base)=%d != len(diff)=%d' % (len(base), len(diff)))

399  for i in range(0, len(base)):

400  if base[i] != diff[i]:

401  return i

402  return None

403 

404 cert_def_1_signer_c = """

405 /**

406  * NOTE: This file was generated.

407  * Use the corresponding Python generation scripts to modify this file.

408  */

409 #include "atcacert/atcacert_def.h"

410 

411 uint8_t g_signer_1_ca_public_key[64] = {

412 ${ca_public_key}

413 };

414 

415 const atcacert_cert_element_t g_cert_elements_1_signer[] = {

416  {

417  .id = "IssueDate",

418  .device_loc = {

419  .zone = DEVZONE_DATA,

420  .slot = 14,

421  .is_genkey = 0,

422  .offset = 35-${issue_date_cert_loc_count},

423  .count = ${issue_date_cert_loc_count}

424  },

425  .cert_loc = {

426  .offset = ${issue_date_cert_loc_offset},

427  .count = ${issue_date_cert_loc_count}

428  }

429  },

430  {

431  .id = "ExpireDate",

432  .device_loc = {

433  .zone = DEVZONE_DATA,

434  .slot = 14,

435  .is_genkey = 0,

436  .offset = 50-${expire_date_cert_loc_count},

437  .count = ${expire_date_cert_loc_count}

438  },

439  .cert_loc = {

440  .offset = ${expire_date_cert_loc_offset},

441  .count = ${expire_date_cert_loc_count}

442  }

443  }

444 };

445 

446 const uint8_t g_cert_template_1_signer[] = {

447 ${cert_template}

448 };

449 

450 const atcacert_def_t g_cert_def_1_signer = {

451  .type = CERTTYPE_X509,

452  .template_id = 1,

453  .chain_id = 0,

454  .private_key_slot = 0,

455  .sn_source = SNSRC_STORED,

456  .cert_sn_dev_loc = {

457  .zone = DEVZONE_DATA,

458  .slot = 14,

459  .is_genkey = 0,

460  .offset = 20-${cert_sn_cert_loc_count},

461  .count = ${cert_sn_cert_loc_count}

462  },

463  .issue_date_format = ${issue_date_format},

464  .expire_date_format = ${expire_date_format},

465  .tbs_cert_loc = {

466  .offset = ${tbs_cert_loc_offset},

467  .count = ${tbs_cert_loc_count}

468  },

469  .expire_years = ${expire_years},

470  .public_key_dev_loc = {

471  .zone = DEVZONE_DATA,

472  .slot = 11,

473  .is_genkey = 0,

474  .offset = 0,

475  .count = 72

476  },

477  .comp_cert_dev_loc = {

478  .zone = DEVZONE_DATA,

479  .slot = 12,

480  .is_genkey = 0,

481  .offset = 0,

482  .count = 72

483  },

484  .std_cert_elements = {

485  { // STDCERT_PUBLIC_KEY

486  .offset = ${public_key_cert_loc_offset},

487  .count = ${public_key_cert_loc_count}

488  },

489  { // STDCERT_SIGNATURE

490  .offset = ${signature_cert_loc_offset},

491  .count = ${signature_cert_loc_count}

492  },

493  { // STDCERT_ISSUE_DATE

494  .offset = ${issue_date_cert_loc_offset},

495  .count = ${issue_date_cert_loc_count}

496  },

497  { // STDCERT_EXPIRE_DATE

498  .offset = ${expire_date_cert_loc_offset},

499  .count = ${expire_date_cert_loc_count}

500  },

501  { // STDCERT_SIGNER_ID

502  .offset = ${signer_id_cert_loc_offset},

503  .count = ${signer_id_cert_loc_count}

504  },

505  { // STDCERT_CERT_SN

506  .offset = ${cert_sn_cert_loc_offset},

507  .count = ${cert_sn_cert_loc_count}

508  },

509  { // STDCERT_AUTH_KEY_ID

510  .offset = ${auth_key_id_cert_loc_offset},

511  .count = ${auth_key_id_cert_loc_count}

512  },

513  { // STDCERT_SUBJ_KEY_ID

514  .offset = ${subj_key_id_cert_loc_offset},

515  .count = ${subj_key_id_cert_loc_count}

516  }

517  },

518  .cert_elements = g_cert_elements_1_signer,

519  .cert_elements_count = sizeof(g_cert_elements_1_signer) / sizeof(g_cert_elements_1_signer[0]),

520  .cert_template = g_cert_template_1_signer,

521  .cert_template_size = sizeof(g_cert_template_1_signer)

522 };

523 """

524 

525 cert_def_2_device_c = """

526 /**

527  * NOTE: This file was generated.

528  * Use the corresponding Python generation scripts to modify this file.

529  */

530 #include "atcacert/atcacert_def.h"

531 

532 const uint8_t g_cert_template_2_device[] = {

533 ${cert_template}

534 };

535 

536 const atcacert_def_t g_cert_def_2_device = {

537  .type = CERTTYPE_X509,

538  .template_id = 2,

539  .chain_id = 0,

540  .private_key_slot = 0,

541  .sn_source = SNSRC_PUB_KEY_HASH,

542  .cert_sn_dev_loc = {

543  .zone = DEVZONE_NONE,

544  .slot = 0,

545  .is_genkey = 0,

546  .offset = 0,

547  .count = 0

548  },

549  .issue_date_format = ${issue_date_format},

550  .expire_date_format = ${expire_date_format},

551  .tbs_cert_loc = {

552  .offset = ${tbs_cert_loc_offset},

553  .count = ${tbs_cert_loc_count}

554  },

555  .expire_years = ${expire_years},

556  .public_key_dev_loc = {

557  .zone = DEVZONE_DATA,

558  .slot = 0,

559  .is_genkey = 1,

560  .offset = 0,

561  .count = 64

562  },

563  .comp_cert_dev_loc = {

564  .zone = DEVZONE_DATA,

565  .slot = 10,

566  .is_genkey = 0,

567  .offset = 0,

568  .count = 72

569  },

570  .std_cert_elements = {

571  { // STDCERT_PUBLIC_KEY

572  .offset = ${public_key_cert_loc_offset},

573  .count = ${public_key_cert_loc_count}

574  },

575  { // STDCERT_SIGNATURE

576  .offset = ${signature_cert_loc_offset},

577  .count = ${signature_cert_loc_count}

578  },

579  { // STDCERT_ISSUE_DATE

580  .offset = ${issue_date_cert_loc_offset},

581  .count = ${issue_date_cert_loc_count}

582  },

583  { // STDCERT_EXPIRE_DATE

584  .offset = ${expire_date_cert_loc_offset},

585  .count = ${expire_date_cert_loc_count}

586  },

587  { // STDCERT_SIGNER_ID

588  .offset = ${signer_id_cert_loc_offset},

589  .count = ${signer_id_cert_loc_count}

590  },

591  { // STDCERT_CERT_SN

592  .offset = ${cert_sn_cert_loc_offset},

593  .count = ${cert_sn_cert_loc_count}

594  },

595  { // STDCERT_AUTH_KEY_ID

596  .offset = ${auth_key_id_cert_loc_offset},

597  .count = ${auth_key_id_cert_loc_count}

598  },

599  { // STDCERT_SUBJ_KEY_ID

600  .offset = ${subj_key_id_cert_loc_offset},

601  .count = ${subj_key_id_cert_loc_count}

602  }

603  },

604  .cert_elements = NULL,

605  .cert_elements_count = 0,

606  .cert_template = g_cert_template_2_device,

607  .cert_template_size = sizeof(g_cert_template_2_device)

608 };

609 """

610 

611 cert_def_3_device_csr_c = """

612 /**

613  * NOTE: This file was generated.

614  * Use the corresponding Python generation scripts to modify this file.

615  */

616 #include "atcacert/atcacert_def.h"

617 

618 const uint8_t g_csr_template_3_device[] = {

619 ${cert_template}

620 };

621 

622 const atcacert_def_t g_csr_def_3_device = {

623  .type = CERTTYPE_X509,

624  .template_id = 3,

625  .chain_id = 0,

626  .private_key_slot = 0,

627  .sn_source = SNSRC_PUB_KEY_HASH,

628  .cert_sn_dev_loc = {

629  .zone = DEVZONE_NONE,

630  .slot = 0,

631  .is_genkey = 0,

632  .offset = 0,

633  .count = 0

634  },

635  .issue_date_format = DATEFMT_RFC5280_UTC,

636  .expire_date_format = DATEFMT_RFC5280_UTC,

637  .tbs_cert_loc = {

638  .offset = ${tbs_cert_loc_offset},

639  .count = ${tbs_cert_loc_count}

640  },

641  .expire_years = 0,

642  .public_key_dev_loc = {

643  .zone = DEVZONE_NONE,

644  .slot = 0,

645  .is_genkey = 1,

646  .offset = 0,

647  .count = 64

648  },

649  .comp_cert_dev_loc = {

650  .zone = DEVZONE_NONE,

651  .slot = 0,

652  .is_genkey = 0,

653  .offset = 0,

654  .count = 0

655  },

656  .std_cert_elements = {

657  { // STDCERT_PUBLIC_KEY

658  .offset = ${public_key_cert_loc_offset},

659  .count = ${public_key_cert_loc_count}

660  },

661  { // STDCERT_SIGNATURE

662  .offset = ${signature_cert_loc_offset},

663  .count = ${signature_cert_loc_count}

664  },

665  { // STDCERT_ISSUE_DATE

666  .offset = 0,

667  .count = 0

668  },

669  { // STDCERT_EXPIRE_DATE

670  .offset = 0,

671  .count = 0

672  },

673  { // STDCERT_SIGNER_ID

674  .offset = 0,

675  .count = 0

676  },

677  { // STDCERT_CERT_SN

678  .offset = 0,

679  .count = 0

680  },

681  { // STDCERT_AUTH_KEY_ID

682  .offset = 0,

683  .count = 0

684  },

685  { // STDCERT_SUBJ_KEY_ID

686  .offset = 0,

687  .count = 0

688  }

689  },

690  .cert_elements = NULL,

691  .cert_elements_count = 0,

692  .cert_template = g_csr_template_3_device,

693  .cert_template_size = sizeof(g_csr_template_3_device)

694 };

695 """

696 

697 

698 if __name__ == '__main__':

699  main()