Certificate APIs. More...

Functions

gos_result_t gos_atca_write_cert (const atcacert_def_t *cert_def, const void *buffer, uint32_t length)
gos_result_t gos_atca_read_cert (const atcacert_def_t *cert_def, const uint8_t *public_key, gos_buffer_t *buffer)
gos_result_t gos_atca_verify_cert (const atcacert_def_t *cert_def, const uint8_t *public_key, const void *buffer, uint32_t length)
gos_result_t gos_atca_get_cert_public_key (const atcacert_def_t *cert_def, const void *buffer, uint32_t length, uint8_t *public_key)
gos_result_t gos_atca_generate_csr (const atcacert_def_t *cert_def, gos_buffer_t *buffer)

Detailed Description

Certificate APIs.

Function Documentation

gos_atca_generate_csr()

gos_result_t gos_atca_generate_csr ( const atcacert_def_t * cert_def,
gos_buffer_t * buffer
)

Creates a CSR specified by the CSR definition from the SE. This process involves reading the dynamic CSR data from the SE and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format

Parameters
[in] cert_def CSR definition describing where to find the dynamic CSR information on the SE and how to incorporate it into the template
[in,out] buffer gos_buffer_t to receive the certificate. The data field should contain a buffer to hold the cert and the size field should contain the size of the buffer. Upon returning, the data field will contain the generated cert and the size will contain the size of the generated cert.
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c .

gos_atca_get_cert_public_key()

gos_result_t gos_atca_get_cert_public_key ( const atcacert_def_t * cert_def,
const void * buffer,
uint32_t length,
uint8_t * public_key
)

Gets the subject public key from a certificate

Parameters
[in] cert_def Certificate definition for the certificate
[in] buffer Certificate to get element from
[in] length Size of the certificate (cert) in bytes
[out] public_key Subject public key is returned in this buffer. Formatted at X and Y integers concatenated together. 64 bytes
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c .

gos_atca_read_cert()

gos_result_t gos_atca_read_cert ( const atcacert_def_t * cert_def,
const uint8_t * public_key,
gos_buffer_t * buffer
)

Reads the certificate specified by the certificate definition from the SE

This process involves reading the dynamic cert data from the SE and combining it with the template found in the certificate definition.

Parameters
[in] cert_def Certificate definition describing where to find the dynamic certificate information on the SE and how to incorporate it into the template
[in] public_key The ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total). Set to NULL if the authority key id is not needed, set properly in the cert_def template, or stored on the SE as specified in the cert_def cert_elements
[in,out] buffer gos_buffer_t to receive the certificate. The data field should contain a buffer to hold the cert and the size field should contain the size of the buffer. Upon returning, the data field will contain the read cert and the size will contain the size of the cert.
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c .

gos_atca_verify_cert()

gos_result_t gos_atca_verify_cert ( const atcacert_def_t * cert_def,
const uint8_t * public_key,
const void * buffer,
uint32_t length
)

Verify a certificate against its certificate authority's public key using the host's ATECC SE for crypto functions.

Parameters
[in] cert_def Certificate definition describing how to extract the TBS and signature components from the certificate specified.
[in] public_key The ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total)
[in] buffer Certificate to verify
[in] length Size of the certificate (cert) in bytes
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c .

gos_atca_write_cert()

gos_result_t gos_atca_write_cert ( const atcacert_def_t * cert_def,
const void * buffer,
uint32_t length
)

Take a full certificate and write it to the SE according to the certificate definition.

Parameters
[in] cert_def Certificate definition describing where the dynamic certificate information is and how to store it on the SE
[in] buffer Full certificate to be stored
[in] length Size of the full certificate in bytes
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c .