Certificate APIs. More...

Functions

gos_result_t gos_atca_write_cert (const atcacert_def_t *cert_def, const void *buffer, uint32_t length)
 
gos_result_t gos_atca_read_cert (const atcacert_def_t *cert_def, const uint8_t *public_key, gos_buffer_t *buffer)
 
gos_result_t gos_atca_verify_cert (const atcacert_def_t *cert_def, const uint8_t *public_key, const void *buffer, uint32_t length)
 
gos_result_t gos_atca_get_cert_public_key (const atcacert_def_t *cert_def, const void *buffer, uint32_t length, uint8_t *public_key)
 
gos_result_t gos_atca_generate_csr (const atcacert_def_t *cert_def, gos_buffer_t *buffer)
 

Detailed Description

Certificate APIs.

Function Documentation

◆ gos_atca_generate_csr()

gos_result_t gos_atca_generate_csr ( const atcacert_def_t *  cert_def,
gos_buffer_t buffer 
)

Creates a CSR specified by the CSR definition from the SE. This process involves reading the dynamic CSR data from the SE and combining it with the template found in the CSR definition, then signing it. Return the CSR int der format

Parameters
[in]cert_defCSR definition describing where to find the dynamic CSR information on the SE and how to incorporate it into the template
[in,out]buffergos_buffer_t to receive the certificate. The data field should contain a buffer to hold the cert and the size field should contain the size of the buffer. Upon returning, the data field will contain the generated cert and the size will contain the size of the generated cert.
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c.

◆ gos_atca_get_cert_public_key()

gos_result_t gos_atca_get_cert_public_key ( const atcacert_def_t *  cert_def,
const void *  buffer,
uint32_t  length,
uint8_t *  public_key 
)

Gets the subject public key from a certificate

Parameters
[in]cert_defCertificate definition for the certificate
[in]bufferCertificate to get element from
[in]lengthSize of the certificate (cert) in bytes
[out]public_keySubject public key is returned in this buffer. Formatted at X and Y integers concatenated together. 64 bytes
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c.

◆ gos_atca_read_cert()

gos_result_t gos_atca_read_cert ( const atcacert_def_t *  cert_def,
const uint8_t *  public_key,
gos_buffer_t buffer 
)

Reads the certificate specified by the certificate definition from the SE

This process involves reading the dynamic cert data from the SE and combining it with the template found in the certificate definition.

Parameters
[in]cert_defCertificate definition describing where to find the dynamic certificate information on the SE and how to incorporate it into the template
[in]public_keyThe ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total). Set to NULL if the authority key id is not needed, set properly in the cert_def template, or stored on the SE as specified in the cert_def cert_elements
[in,out]buffergos_buffer_t to receive the certificate. The data field should contain a buffer to hold the cert and the size field should contain the size of the buffer. Upon returning, the data field will contain the read cert and the size will contain the size of the cert.
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c.

◆ gos_atca_verify_cert()

gos_result_t gos_atca_verify_cert ( const atcacert_def_t *  cert_def,
const uint8_t *  public_key,
const void *  buffer,
uint32_t  length 
)

Verify a certificate against its certificate authority's public key using the host's ATECC SE for crypto functions.

Parameters
[in]cert_defCertificate definition describing how to extract the TBS and signature components from the certificate specified.
[in]public_keyThe ECC P256 public key of the certificate authority that signed this certificate. Formatted as the 32 byte X and Y integers concatenated together (64 bytes total)
[in]bufferCertificate to verify
[in]lengthSize of the certificate (cert) in bytes
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c.

◆ gos_atca_write_cert()

gos_result_t gos_atca_write_cert ( const atcacert_def_t *  cert_def,
const void *  buffer,
uint32_t  length 
)

Take a full certificate and write it to the SE according to the certificate definition.

Parameters
[in]cert_defCertificate definition describing where the dynamic certificate information is and how to store it on the SE
[in]bufferFull certificate to be stored
[in]lengthSize of the full certificate in bytes
Returns
gos_result_t result of API
Examples:
demo/secure_element/commands.c.