nl::Weave::Profiles::Security

This namespace includes all interfaces within Weave for the Weave Security profile.

Summary

Enumerations

@235 enum
X.509 Certificate Key Purpose Flags.
@236 enum
X.509 Certificate Key Usage Flags.
@237 enum
Weave Certificate Flags.
@238 enum
Weave Certificate Decode Flags.
@239 enum
Weave Certificate Validate Flags.
@240 enum
@280 enum
@281 enum
@282 enum
@283 enum
@284 enum
@285 enum
@286 enum
@287 enum
@288 enum
@289 enum

Typedefs

GenerateECDSASignatureFunct)(const uint8_t *hash, uint8_t hashLen, EncodedECDSASignature &ecdsaSig) typedef
Generate an ECDSA signature using local Weave node's private key.

Variables

gProvisioningBundleKDFSalt = "Weave Provisioning Bundle v1"[]
const char

Functions

CASECertInfoFromAccessToken(const uint8_t *accessToken, uint32_t accessTokenLen, uint8_t *certInfoBuf, uint16_t certInfoBufSize, uint16_t & certInfoLen)
Reads a Weave Access Token and constructs a CASE Certificate Info TLV structure containing the certificates from the access token.
CASECertInfoFromAccessToken(TLVReader & reader, TLVWriter & writer)
Reads a Weave Access Token and writes a CASE Certificate Info TLV structure containing the certificates from the access token.
ConvertAuthorityKeyIdentifierExtension(ASN1Reader & reader, TLVWriter & writer)
ConvertCertificate(ASN1Reader & reader, TLVWriter & writer)
ConvertDistinguishedName(ASN1Reader & reader, TLVWriter & writer, uint64_t tag)
ConvertECDSASignature_DERToWeave(const uint8_t *sigBuf, uint8_t sigLen, TLVWriter & writer, uint64_t tag)
ConvertExtension(ASN1Reader & reader, TLVWriter & writer)
ConvertExtensions(ASN1Reader & reader, TLVWriter & writer)
ConvertSubjectPublicKeyInfo(ASN1Reader & reader, TLVWriter & writer)
ConvertValidity(ASN1Reader & reader, TLVWriter & writer)
ConvertWeaveCertToX509Cert(const uint8_t *weaveCert, uint32_t weaveCertLen, uint8_t *x509CertBuf, uint32_t x509CertBufSize, uint32_t & x509CertLen)
ConvertX509CertToWeaveCert(const uint8_t *x509Cert, uint32_t x509CertLen, uint8_t *weaveCertBuf, uint32_t weaveCertBufSize, uint32_t & weaveCertLen)
DecodeConvertAuthorityKeyIdentifierExtension(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertBasicConstraintsExtension(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertCert(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertDN(TLVReader & reader, ASN1Writer & writer, WeaveDN & dn)
DecodeConvertECDSASignature(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertExtendedKeyUsageExtension(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertExtension(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertExtensions(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertKeyUsageExtension(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertRSASignature(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertSubjectKeyIdentifierExtension(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertSubjectPublicKeyInfo(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertTBSCert(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeConvertValidity(TLVReader & reader, ASN1Writer & writer, WeaveCertificateData & certData)
DecodeCopyECDSASignature_DER(const uint8_t *sigBuf, uint8_t sigLen, EncodedECDSASignature & sig)
DecodeWeaveCert(const uint8_t *weaveCert, uint32_t weaveCertLen, WeaveCertificateData & certData)
DecodeWeaveCert(TLVReader & reader, WeaveCertificateData & certData)
DecodeWeaveDN(TLVReader & reader, WeaveDN & dn)
DecodeWeaveECDSASignature(TLVReader & reader, EncodedECDSASignature & sig)
DecodeWeaveECPrivateKey(const uint8_t *buf, uint32_t len, uint32_t & weaveCurveId, EncodedECPublicKey & pubKey, EncodedECPrivateKey & privKey)
NL_DLL_EXPORT WEAVE_ERROR
DescribeWeaveCertId(OID attrOID, uint64_t weaveCertId)
const char *
DetermineCertType(WeaveCertificateData & cert)
Determine general type of a Weave certificate.
EncodeWeaveECDSASignature(TLVWriter & writer, EncodedECDSASignature & sig, uint64_t tag)
EncodeWeaveECPrivateKey(uint32_t weaveCurveId, const EncodedECPublicKey *pubKey, const EncodedECPrivateKey & privKey, uint8_t *outBuf, uint32_t outBufSize, uint32_t & outLen)
NL_DLL_EXPORT WEAVE_ERROR
ExtractCertFromAccessToken(TLVReader & reader, TLVWriter & writer, uint64_t tag)
Reads a Weave Access Token and extracts the Access Token Certificate.
ExtractPrivateKeyFromAccessToken(const uint8_t *accessToken, uint32_t accessTokenLen, uint8_t *privKeyBuf, uint16_t privKeyBufSize, uint16_t & privKeyLen)
Reads a Weave Access Token and extracts the private key.
ExtractPrivateKeyFromAccessToken(TLVReader & reader, TLVWriter & writer)
Reads a Weave Access Token and extracts the private key.
GenerateAndEncodeWeaveECDSASignature(TLVWriter & writer, uint64_t tag, const uint8_t *msgHash, uint8_t msgHashLen, const uint8_t *signingKey, uint16_t signingKeyLen)
Generate and encode a Weave ECDSA signature.
GenerateOperationalDeviceCert(uint64_t deviceId, EncodedECPublicKey & devicePubKey, uint8_t *cert, uint16_t certBufSize, uint16_t & certLen, GenerateECDSASignatureFunct genCertSignature)
NL_DLL_EXPORT WEAVE_ERROR
Generate Weave operational device certificate.
GetWeaveSignatureAlgo(const uint8_t *sig, uint16_t sigLen, OID & sigAlgoOID)
Indent(FILE *out, uint16_t count)
void
InsertRelatedCertificatesIntoWeaveSignature(uint8_t *sigBuf, uint16_t sigLen, uint16_t sigBufLen, const uint8_t *relatedCerts, uint16_t relatedCertsLen, uint16_t & outSigLen)
IsCertificateExtensionTag(uint64_t tag)
bool
IsCurveInSet(uint32_t curveId, uint8_t curveSet)
bool
IsSupportedCurve(uint32_t curveId)
bool
IsWeaveIdX509Attr(OID oid)
bool
IsWeaveX509Attr(OID oid)
bool
LoadAccessTokenCerts(const uint8_t *accessToken, uint32_t accessTokenLen, WeaveCertificateSet & certSet, uint16_t decodeFlags, WeaveCertificateData *& accessTokenCert)
Load the certificates in an access token into a Weave certificate set.
LoadAccessTokenCerts(TLVReader & reader, WeaveCertificateSet & certSet, uint16_t decodeFlags, WeaveCertificateData *& accessTokenCert)
Load the certificates in an access token into a Weave certificate set.
MakeDeviceCredentialHash(const char *serialNum, size_t serialNumLen, const char *deviceId, size_t deviceIdLen, const char *deviceSecret, size_t deviceSecretLen, char *hashBuf, size_t hashBufSize)
NL_DLL_EXPORT WEAVE_ERROR
Generate a verification hash (in base-64 format) for a given set of Thermostat device credentials.
MakeWeaveProvisioningHash(uint64_t nodeId, const char *weaveCert, size_t weaveCertLen, const char *weavePrivKey, size_t weavePrivKeyLen, const char *pairingCode, size_t pairingCodeLen, char *hashBuf, size_t hashBufSize)
NL_DLL_EXPORT WEAVE_ERROR
Generate a verification hash (in base-64 format) for a given set of Weave provisioning information.
OIDToWeaveCurveId(ASN1::OID curveOID)
uint32_t
PackCertTime(const ASN1UniversalTime & time, uint32_t & packedTime)
NL_DLL_EXPORT WEAVE_ERROR
Convert a certificate date/time (in the form of an ASN.1 universal time structure) into a packed certificate date/time.
PackedCertDateToTime(uint16_t packedDate)
NL_DLL_EXPORT uint32_t
Convert a packed certificate date to a corresponding packed certificate date/time, where the time portion of the value is set to 00:00:00.
PackedCertTimeToDate(uint32_t packedTime)
NL_DLL_EXPORT uint16_t
Convert a packed certificate date/time to a packed certificate date.
ParseWeaveIdAttribute(ASN1Reader & reader, uint64_t & weaveIdOut)
PrintCert(FILE *out, const WeaveCertificateData & cert, const WeaveCertificateSet *certSet, uint16_t indent, bool verbose)
NL_DLL_EXPORT void
PrintCertArray(FILE *out, TLVReader & reader, uint16_t indent)
PrintCertReference(FILE *out, TLVReader & reader, uint16_t indent)
PrintCertType(FILE *out, uint8_t certType)
void
PrintCertValidationResults(FILE *out, const WeaveCertificateSet & certSet, const ValidationContext & validContext, uint16_t indent)
NL_DLL_EXPORT void
PrintECDSASignature(FILE *out, TLVReader & reader, uint16_t indent)
PrintHexField(FILE *out, const char *name, uint16_t indent, uint16_t count, const uint8_t *data)
void
PrintPackedDate(FILE *out, uint16_t t)
void
PrintPackedTime(FILE *out, uint32_t t)
void
PrintWeaveDN(FILE *out, const WeaveDN & dn)
void
PrintWeaveDN(FILE *out, TLVReader & reader)
PrintWeaveSignature(FILE *out, TLVReader & reader, uint16_t indent)
SecondsSinceEpochToPackedCertTime(uint32_t secondsSinceEpoch)
NL_DLL_EXPORT uint32_t
Convert the number of seconds since 1970-01-01 00:00:00 UTC to a packed certificate date/time.
TranslateOpenSSLError(WEAVE_ERROR defaultErr)
UnpackCertTime(uint32_t packedTime, ASN1UniversalTime & time)
NL_DLL_EXPORT WEAVE_ERROR
Unpack a packed certificate date/time into an ASN.1 universal time structure.
VerifyWeaveSignature(const uint8_t *msgHash, uint8_t msgHashLen, const uint8_t *sig, uint16_t sigLen, WeaveCertificateSet & certSet, ValidationContext & certValidContext)
NL_DLL_EXPORT WEAVE_ERROR
VerifyWeaveSignature(const uint8_t *msgHash, uint8_t msgHashLen, const uint8_t *sig, uint16_t sigLen, OID expectedSigAlgoOID, WeaveCertificateSet & certSet, ValidationContext & certValidContext)
NL_DLL_EXPORT WEAVE_ERROR
WeaveCurveIdToOID(uint32_t weaveCurveId)
NL_DLL_EXPORT OID

Classes

nl::Weave::Profiles::Security::CertificateKeyId
nl::Weave::Profiles::Security::ValidationContext
nl::Weave::Profiles::Security::WeaveCertificateData
nl::Weave::Profiles::Security::WeaveCertificateSet
nl::Weave::Profiles::Security::WeaveDN
nl::Weave::Profiles::Security::WeaveProvisioningBundle
nl::Weave::Profiles::Security::WeaveSignatureGenerator

Generates a WeaveSignature using an in-memory private key.

nl::Weave::Profiles::Security::WeaveSignatureGeneratorBase

Provides generic functionality for generating WeaveSignatures.

Namespaces

nl::Weave::Profiles::Security::AppKeys

This namespace includes all interfaces within Weave for the Weave application keys library within the Weave security profile.

nl::Weave::Profiles::Security::CASE

This namespace includes all interfaces within Weave for the Certificate Authenticated Session Establishment (CASE) protocol within the Weave security profile.

nl::Weave::Profiles::Security::CertProvisioning

This namespace includes all interfaces within Weave for the Weave Certificate Provisioning protocol within the Weave security profile.

nl::Weave::Profiles::Security::KeyExport

This namespace includes all interfaces within Weave for the key export protocol within the Weave security profile.

nl::Weave::Profiles::Security::PASE

This namespace includes all interfaces within Weave for the Password Authenticated Session Establishment (PASE) protocol within the Weave security profile.

nl::Weave::Profiles::Security::Passcodes

This namespace includes all interfaces within Weave for the Weave passcodes library within the Weave security profile.

nl::Weave::Profiles::Security::TAKE

This namespace includes all interfaces within Weave for the Token Authenticated Key Exchange (TAKE) protocol within the Weave Security profile.

Enumerations

@235

 @235

X.509 Certificate Key Purpose Flags.

@236

 @236

X.509 Certificate Key Usage Flags.

@237

 @237

Weave Certificate Flags.

Contains information about a certificate that has been loaded into a WeaveCertSet object.

@238

 @238

Weave Certificate Decode Flags.

Contains information specifying how a certificate should be decoded.

@239

 @239

Weave Certificate Validate Flags.

Contains information specifying how a certificate should be validated.

@240

 @240

@280

 @280

@281

 @281

@282

 @282

@283

 @283

@284

 @284

@285

 @285

@286

 @286

@287

 @287

@288

 @288

@289

 @289

Typedefs

GenerateECDSASignatureFunct

WEAVE_ERROR(* GenerateECDSASignatureFunct)(const uint8_t *hash, uint8_t hashLen, EncodedECDSASignature &ecdsaSig)

Generate an ECDSA signature using local Weave node's private key.

When invoked, implementations must compute a signature on the given hash value using the node's private key.

Details
Parameters
[in] hash
A buffer containing the hash of the certificate to be signed.
[in] hashLen
The length in bytes of the hash.
[in] ecdsaSig
A reference to the ecdsa signature object, where result of this function to be stored.
Return Values
WEAVE_NO_ERROR
If the operation succeeded.

Variables

gProvisioningBundleKDFSalt

const char gProvisioningBundleKDFSalt[] = "Weave Provisioning Bundle v1"

Functions

CASECertInfoFromAccessToken

WEAVE_ERROR CASECertInfoFromAccessToken(
  const uint8_t *accessToken,
  uint32_t accessTokenLen,
  uint8_t *certInfoBuf,
  uint16_t certInfoBufSize,
  uint16_t & certInfoLen
)

Reads a Weave Access Token and constructs a CASE Certificate Info TLV structure containing the certificates from the access token.

This function decodes a given Weave Access Token and encodes the TLV for a Weave CASE Certificate Info structure. The EntityCertificate field within the CertificateInfo structure is set to the access token certificate, and the RelatedCertificates field (if present) is set to the corresponding field within the access token.

Details
Parameters
accessToken
A pointer to a buffer containing an encoded Weave Access Token.
accessTokenLen
The length of the encoded access token.
certInfoBuf
A pointer to a buffer into which the CASE certificate info structure should be encoded.
certInfoBufSize
The size of the buffer pointed to by certInfoBuf.
certInfoLen
A reference to an integer will be set to the length of the encoded certificate info structure. NOTE: This value is only set when the function returns successfully.
Return Values
WEAVE_NO_ERROR
If the access CASE certificate info structure was successfully encoded.
tlv-errors
Weave errors related to reading or writing TLV.
cert-errors
Weave errors related to decoding Weave certificates.
platform-errors
Other platform-specific errors.

CASECertInfoFromAccessToken

WEAVE_ERROR CASECertInfoFromAccessToken(
  TLVReader & reader,
  TLVWriter & writer
)

Reads a Weave Access Token and writes a CASE Certificate Info TLV structure containing the certificates from the access token.

This function reads a Weave Access Token from a given TLVReader and writes the TLV for a Weave CASE Certificate Info structure to a TLVWriter. The EntityCertificate field within the CertificateInfo structure is set to the access token certificate, and the RelatedCertificates field (if present) is set to the corresponding field within the access token.

Details
Parameters
[in] reader
A TLVReader positioned on the Weave Access Token.
[in] writer
A TLVWriter to be used to record the output CASE certificate info.
Return Values
WEAVE_NO_ERROR
If the access CASE certificate info structure was successfully encoded.
tlv-errors
Weave errors related to reading or writing TLV.
cert-errors
Weave errors related to decoding Weave certificates.
platform-errors
Other platform-specific errors.

ConvertAuthorityKeyIdentifierExtension

WEAVE_ERROR ConvertAuthorityKeyIdentifierExtension(
  ASN1Reader & reader,
  TLVWriter & writer
)

ConvertCertificate

WEAVE_ERROR ConvertCertificate(
  ASN1Reader & reader,
  TLVWriter & writer
)

ConvertDistinguishedName

WEAVE_ERROR ConvertDistinguishedName(
  ASN1Reader & reader,
  TLVWriter & writer,
  uint64_t tag
)

ConvertECDSASignature_DERToWeave

WEAVE_ERROR ConvertECDSASignature_DERToWeave(
  const uint8_t *sigBuf,
  uint8_t sigLen,
  TLVWriter & writer,
  uint64_t tag
)

ConvertExtension

WEAVE_ERROR ConvertExtension(
  ASN1Reader & reader,
  TLVWriter & writer
)

ConvertExtensions

WEAVE_ERROR ConvertExtensions(
  ASN1Reader & reader,
  TLVWriter & writer
)

ConvertSubjectPublicKeyInfo

WEAVE_ERROR ConvertSubjectPublicKeyInfo(
  ASN1Reader & reader,
  TLVWriter & writer
)

ConvertValidity

WEAVE_ERROR ConvertValidity(
  ASN1Reader & reader,
  TLVWriter & writer
)

ConvertWeaveCertToX509Cert

WEAVE_ERROR ConvertWeaveCertToX509Cert(
  const uint8_t *weaveCert,
  uint32_t weaveCertLen,
  uint8_t *x509CertBuf,
  uint32_t x509CertBufSize,
  uint32_t & x509CertLen
)

ConvertX509CertToWeaveCert

WEAVE_ERROR ConvertX509CertToWeaveCert(
  const uint8_t *x509Cert,
  uint32_t x509CertLen,
  uint8_t *weaveCertBuf,
  uint32_t weaveCertBufSize,
  uint32_t & weaveCertLen
)

DecodeConvertAuthorityKeyIdentifierExtension

WEAVE_ERROR DecodeConvertAuthorityKeyIdentifierExtension(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertBasicConstraintsExtension

WEAVE_ERROR DecodeConvertBasicConstraintsExtension(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertCert

WEAVE_ERROR DecodeConvertCert(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertDN

WEAVE_ERROR DecodeConvertDN(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveDN & dn
)

DecodeConvertECDSASignature

WEAVE_ERROR DecodeConvertECDSASignature(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertExtendedKeyUsageExtension

WEAVE_ERROR DecodeConvertExtendedKeyUsageExtension(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertExtension

WEAVE_ERROR DecodeConvertExtension(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertExtensions

WEAVE_ERROR DecodeConvertExtensions(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertKeyUsageExtension

WEAVE_ERROR DecodeConvertKeyUsageExtension(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertRSASignature

WEAVE_ERROR DecodeConvertRSASignature(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertSubjectKeyIdentifierExtension

WEAVE_ERROR DecodeConvertSubjectKeyIdentifierExtension(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertSubjectPublicKeyInfo

WEAVE_ERROR DecodeConvertSubjectPublicKeyInfo(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertTBSCert

WEAVE_ERROR DecodeConvertTBSCert(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeConvertValidity

WEAVE_ERROR DecodeConvertValidity(
  TLVReader & reader,
  ASN1Writer & writer,
  WeaveCertificateData & certData
)

DecodeCopyECDSASignature_DER

WEAVE_ERROR DecodeCopyECDSASignature_DER(
  const uint8_t *sigBuf,
  uint8_t sigLen,
  EncodedECDSASignature & sig
)

DecodeWeaveCert

WEAVE_ERROR DecodeWeaveCert(
  const uint8_t *weaveCert,
  uint32_t weaveCertLen,
  WeaveCertificateData & certData
)

DecodeWeaveCert

WEAVE_ERROR DecodeWeaveCert(
  TLVReader & reader,
  WeaveCertificateData & certData
)

DecodeWeaveDN

WEAVE_ERROR DecodeWeaveDN(
  TLVReader & reader,
  WeaveDN & dn
)

DecodeWeaveECDSASignature

WEAVE_ERROR DecodeWeaveECDSASignature(
  TLVReader & reader,
  EncodedECDSASignature & sig
)

DecodeWeaveECPrivateKey

NL_DLL_EXPORT WEAVE_ERROR DecodeWeaveECPrivateKey(
  const uint8_t *buf,
  uint32_t len,
  uint32_t & weaveCurveId,
  EncodedECPublicKey & pubKey,
  EncodedECPrivateKey & privKey
)

DescribeWeaveCertId

const char * DescribeWeaveCertId(
  OID attrOID,
  uint64_t weaveCertId
)

DetermineCertType

WEAVE_ERROR DetermineCertType(
  WeaveCertificateData & cert
)

Determine general type of a Weave certificate.

This function performs a general assessment of a certificate's type based on the structure of its subject DN and the extensions present. Applications are free to override this assessment by setting cert.CertType to another value, including an application-defined one.

In general, applications will only trust a peer's certificate if it chains to a trusted root certificate. However, the type assigned to a certificate can influence the nature of this trust, e.g. to allow or disallow access to certain features. Because of this, changes to this algorithm can have VERY SIGNIFICANT and POTENTIALLY CATASTROPHIC effects on overall system security, and should not be made without a thorough understanding of the implications.

NOTE: Access token certificates cannot be distinguished solely by their structure. Thus this function never sets cert.CertType = kCertType_AccessToken.

EncodeWeaveECDSASignature

WEAVE_ERROR EncodeWeaveECDSASignature(
  TLVWriter & writer,
  EncodedECDSASignature & sig,
  uint64_t tag
)

EncodeWeaveECPrivateKey

NL_DLL_EXPORT WEAVE_ERROR EncodeWeaveECPrivateKey(
  uint32_t weaveCurveId,
  const EncodedECPublicKey *pubKey,
  const EncodedECPrivateKey & privKey,
  uint8_t *outBuf,
  uint32_t outBufSize,
  uint32_t & outLen
)

ExtractCertFromAccessToken

WEAVE_ERROR ExtractCertFromAccessToken(
  TLVReader & reader,
  TLVWriter & writer,
  uint64_t tag
)

Reads a Weave Access Token and extracts the Access Token Certificate.

This function reads a Weave Access Token from a TLVReader and writes the Access Token Certificate to a specified TLVWriter.

Details
Parameters
[in] reader
A TLVReader positioned on the Weave Access Token.
[in] writer
A TLVWriter to which the certificate will be written.
[in] tag
The TLV tag to be used when writing the certificate.
Return Values
WEAVE_NO_ERROR
If the access CASE certificate info structure was successfully encoded.
tlv-errors
Weave errors related to reading or writing TLV.
cert-errors
Weave errors related to decoding Weave certificates.
platform-errors
Other platform-specific errors.

ExtractPrivateKeyFromAccessToken

WEAVE_ERROR ExtractPrivateKeyFromAccessToken(
  const uint8_t *accessToken,
  uint32_t accessTokenLen,
  uint8_t *privKeyBuf,
  uint16_t privKeyBufSize,
  uint16_t & privKeyLen
)

Reads a Weave Access Token and extracts the private key.

This function decodes a given Weave Access Token and extracts the private key field from the token.

Details
Parameters
accessToken
A pointer to a buffer containing an encoded Weave Access Token.
accessTokenLen
The length of the encoded access token.
privKeyBuf
A pointer to a buffer into which the private key structure should be encoded.
privKeyBufSize
The size of the buffer pointed to by privKeyBuf.
privKeyLen
A reference to an integer will be set to the length of the private key. NOTE: This value is only set when the function returns successfully.
Return Values
WEAVE_NO_ERROR
If the private key was successfully extracted.
tlv-errors
Weave errors related to reading or writing TLV.
cert-errors
Weave errors related to decoding Weave certificates.
platform-errors
Other platform-specific errors.

ExtractPrivateKeyFromAccessToken

WEAVE_ERROR ExtractPrivateKeyFromAccessToken(
  TLVReader & reader,
  TLVWriter & writer
)

Reads a Weave Access Token and extracts the private key.

This function decodes a given Weave Access Token and extracts the private key field from the token.

Details
Parameters
[in] reader
A TLVReader positioned on the Weave Access Token.
[in] writer
A TLVWriter to which the private key will be written.
Return Values
WEAVE_NO_ERROR
If the private key was successfully extracted.
tlv-errors
Weave errors related to reading or writing TLV.
cert-errors
Weave errors related to decoding Weave certificates.
platform-errors
Other platform-specific errors.

GenerateAndEncodeWeaveECDSASignature

WEAVE_ERROR GenerateAndEncodeWeaveECDSASignature(
  TLVWriter & writer,
  uint64_t tag,
  const uint8_t *msgHash,
  uint8_t msgHashLen,
  const uint8_t *signingKey,
  uint16_t signingKeyLen
)

Generate and encode a Weave ECDSA signature.

Computes an ECDSA signature using a given private key and message hash and write the signature as a Weave ECDSASignature structure to the specified TLV writer with the given tag.

Details
Parameters
[in] writer
The TLVWriter object to which the encoded signature should be written.
[in] tag
TLV tag to be associated with the encoded signature structure.
[in] msgHash
A buffer containing the hash of the message to be signed.
[in] msgHashLen
The length in bytes of the message hash.
[in] signingKey
A buffer containing the private key to be used to generate the signature. The private key is expected to be encoded as a Weave EllipticCurvePrivateKey TLV structure.
[in] signingKeyLen
The length in bytes of the encoded private key.
Return Values
WEAVE_NO_ERROR
If the operation succeeded.
other
Other Weave error codes related to decoding the private key, generating the signature or encoding the signature.

GenerateOperationalDeviceCert

NL_DLL_EXPORT WEAVE_ERROR GenerateOperationalDeviceCert(
  uint64_t deviceId,
  EncodedECPublicKey & devicePubKey,
  uint8_t *cert,
  uint16_t certBufSize,
  uint16_t & certLen,
  GenerateECDSASignatureFunct genCertSignature
)

Generate Weave operational device certificate.

This function generates Weave self-signed operational certificate encoded in the Weave TLV format.

Details
Parameters
deviceId
Weave operational device Id.
devicePubKey
Weave operational device public key.
cert
A pointer to a buffer where generated certificate to be written.
certBufSize
The length in bytes of the provided certificate buffer.
certLen
The length in bytes of the generated certificate.
genCertSignature
A pointer to a function that generates ECDSA signature on the given certificate hash using operational device private key.
Return Values
WEAVE_NO_ERROR
If Weave certificate was successfully generated.

GetWeaveSignatureAlgo

WEAVE_ERROR GetWeaveSignatureAlgo(
  const uint8_t *sig,
  uint16_t sigLen,
  OID & sigAlgoOID
)

Indent

void Indent(
  FILE *out,
  uint16_t count
)

InsertRelatedCertificatesIntoWeaveSignature

WEAVE_ERROR InsertRelatedCertificatesIntoWeaveSignature(
  uint8_t *sigBuf,
  uint16_t sigLen,
  uint16_t sigBufLen,
  const uint8_t *relatedCerts,
  uint16_t relatedCertsLen,
  uint16_t & outSigLen
)

IsCertificateExtensionTag

bool IsCertificateExtensionTag(
  uint64_t tag
)

IsCurveInSet

bool IsCurveInSet(
  uint32_t curveId,
  uint8_t curveSet
)

IsSupportedCurve

bool IsSupportedCurve(
  uint32_t curveId
)

IsWeaveIdX509Attr

bool IsWeaveIdX509Attr(
  OID oid
)

IsWeaveX509Attr

bool IsWeaveX509Attr(
  OID oid
)

LoadAccessTokenCerts

WEAVE_ERROR LoadAccessTokenCerts(
  const uint8_t *accessToken,
  uint32_t accessTokenLen,
  WeaveCertificateSet & certSet,
  uint16_t decodeFlags,
  WeaveCertificateData *& accessTokenCert
)

Load the certificates in an access token into a Weave certificate set.

This function decodes a given Weave access token and loads the access token certificates into the specified Weave certificate set object. If the access tokens contains one or more related certificate these are loaded into the certificate set as well.

Details
Parameters
accessToken
A pointer to a buffer containing an encoded Weave Access Token.
accessTokenLen
The length of the encoded access token.
certSet
The certificate set into which the access token certificates should be loaded.
decodeFlags
The certificate decode flags that should be used when loading the certificates.
accessTokenCert
A reference to a pointer that will be set to the Weave certificate data structure for the access token certificate. NOTE: This pointer will only be set if the function returns successfully.
Return Values
WEAVE_NO_ERROR
If the access token certificates were successfully loaded.
tlv-errors
Weave errors related to reading TLV.
cert-errors
Weave errors related to decoding Weave certificates.
platform-errors
Other platform-specific errors.

LoadAccessTokenCerts

WEAVE_ERROR LoadAccessTokenCerts(
  TLVReader & reader,
  WeaveCertificateSet & certSet,
  uint16_t decodeFlags,
  WeaveCertificateData *& accessTokenCert
)

Load the certificates in an access token into a Weave certificate set.

This function reads a Weave access token from a given TLVReader and loads the access token certificates into the specified Weave certificate set object. If the access tokens contains one or more related certificate these are loaded into the certificate set as well.

Details
Parameters
reader
A TLVReader object that is position immediately before a Weave Access Token.
certSet
The certificate set into which the access token certificates should be loaded.
decodeFlags
The certificate decode flags that should be used when loading the certificates.
accessTokenCert
A reference to a pointer that will be set to the Weave certificate data structure for the access token certificate. NOTE: This value is only set when the function returns successfully.
Return Values
WEAVE_NO_ERROR
If the access token certificates were successfully loaded.
tlv-errors
Weave errors related to reading TLV.
cert-errors
Weave errors related to decoding Weave certificates.
platform-errors
Other platform-specific errors.

MakeDeviceCredentialHash

NL_DLL_EXPORT WEAVE_ERROR MakeDeviceCredentialHash(
  const char *serialNum,
  size_t serialNumLen,
  const char *deviceId,
  size_t deviceIdLen,
  const char *deviceSecret,
  size_t deviceSecretLen,
  char *hashBuf,
  size_t hashBufSize
)

Generate a verification hash (in base-64 format) for a given set of Thermostat device credentials.

Details
Parameters
[in] serialNum
A pointer to a buffer containing the device's serial number.
[in] serialNumLen
The length of the serial number string.
[in] deviceId
A pointer to a buffer containing the device's id.
[in] deviceIdLen
The length of the device's id.
[in] deviceSecret
A pointer to a buffer containing the device's secret.
[in] deviceSecretLen
The length of the device's secret.
[in,out] hashBuf
A pointer to a buffer that will receive the verification hash value, in base-64 format. The output string will be null terminated. This buffer should be at least as big as kDeviceCredentialHashLength + 1.
[in] hashBufSize
The size in bytes of the buffer pointed at by hashBuf.
Return Values
WEAVE_NO_ERROR
If the method succeeded.
WEAVE_ERROR_INVALID_STRING_LENGTH
If one of the input values is too long (> 65535).
WEAVE_ERROR_BUFFER_TOO_SMALL
If the supplied buffer is too small to hold the generated hash value.

MakeWeaveProvisioningHash

NL_DLL_EXPORT WEAVE_ERROR MakeWeaveProvisioningHash(
  uint64_t nodeId,
  const char *weaveCert,
  size_t weaveCertLen,
  const char *weavePrivKey,
  size_t weavePrivKeyLen,
  const char *pairingCode,
  size_t pairingCodeLen,
  char *hashBuf,
  size_t hashBufSize
)

Generate a verification hash (in base-64 format) for a given set of Weave provisioning information.

Details
Parameters
[in] nodeId
The device's Weave node id.
[in] weaveCert
A pointer to a buffer containing the Weave device certificate in base-64 format.
[in] weaveCertLen
The length of the certificate value pointed at by weaveCert.
[in] weavePrivKey
A pointer to a buffer containing the Weave device private key in base-64 format.
[in] weavePrivKeyLen
The length of the private key value pointed at by weavePrivKey.
[in] pairingCode
A pointer to a buffer containing the device pairing code.
[in] pairingCodeLen
The length of the pairing code value pointed at by pairingCode.
[in,out] hashBuf
A pointer to a buffer that will receive the verification hash value, in base-64 format. The output string will be null terminated. This buffer should be at least as big as kWeaveProvisioningHashLength + 1.
[in] hashBufSize
The size in bytes of the buffer pointed at by hashBuf.
Return Values
WEAVE_NO_ERROR
If the method succeeded.
WEAVE_ERROR_INVALID_STRING_LENGTH
If one of the input values is too long (> 65535).
WEAVE_ERROR_BUFFER_TOO_SMALL
If the supplied buffer is too small to hold the generated hash value.

OIDToWeaveCurveId

uint32_t OIDToWeaveCurveId(
  ASN1::OID curveOID
)

PackCertTime

NL_DLL_EXPORT WEAVE_ERROR PackCertTime(
  const ASN1UniversalTime & time,
  uint32_t & packedTime
)

Convert a certificate date/time (in the form of an ASN.1 universal time structure) into a packed certificate date/time.

Packed certificate date/times provide a compact representation for the time values within a certificate (notBefore and notAfter) that does not require full calendar math to interpret.

A packed certificate date/time contains the fields of a calendar date/timei.e. year, month, day, hour, minute, secondpacked into an unsigned integer. The bit representation is organized such that ordinal comparisons of packed date/time values correspond to the natural ordering of the corresponding times. To reduce their size, packed certificate date/times are limited to representing times that are on or after 2000/01/01 00:00:00. When housed within a 32-bit unsigned integer, packed certificate date/times can represent times up to the year 2133.

Details
Parameters
time
The calendar date/time to be converted.
packedTime
A reference to an integer that will receive packed date/time.
Return Values
WEAVE_NO_ERROR
If the input time was successfully converted.
ASN1_ERROR_UNSUPPORTED_ENCODING
If the input time contained a year value that could not be represented in a packed certificate time value.

PackedCertDateToTime

NL_DLL_EXPORT uint32_t PackedCertDateToTime(
  uint16_t packedDate
)

Convert a packed certificate date to a corresponding packed certificate date/time, where the time portion of the value is set to 00:00:00.

Details
Parameters
packedDate
The packed certificate date to be converted.
Returns
A corresponding packet certificate date/time.

PackedCertTimeToDate

NL_DLL_EXPORT uint16_t PackedCertTimeToDate(
  uint32_t packedTime
)

Convert a packed certificate date/time to a packed certificate date.

A packed certificate date contains the fields of a calendar dateyear, month, daypacked into an unsigned integer. The bits are organized such that ordinal comparisons of packed date values correspond to the natural ordering of the corresponding dates. To reduce their size, packed certificate dates are limited to representing dates on or after 2000/01/01. When housed within a 16-bit unsigned integer, packed certificate dates can represent dates up to the year 2176.

Details
Parameters
packedTime
The packed certificate date/time to be converted.
Returns
A corresponding packet certificate date.

ParseWeaveIdAttribute

WEAVE_ERROR ParseWeaveIdAttribute(
  ASN1Reader & reader,
  uint64_t & weaveIdOut
)

PrintCert

NL_DLL_EXPORT void PrintCert(
  FILE *out,
  const WeaveCertificateData & cert,
  const WeaveCertificateSet *certSet,
  uint16_t indent,
  bool verbose
)

PrintCertArray

WEAVE_ERROR PrintCertArray(
  FILE *out,
  TLVReader & reader,
  uint16_t indent
)

PrintCertReference

WEAVE_ERROR PrintCertReference(
  FILE *out,
  TLVReader & reader,
  uint16_t indent
)

PrintCertType

void PrintCertType(
  FILE *out,
  uint8_t certType
)

PrintCertValidationResults

NL_DLL_EXPORT void PrintCertValidationResults(
  FILE *out,
  const WeaveCertificateSet & certSet,
  const ValidationContext & validContext,
  uint16_t indent
)

PrintECDSASignature

WEAVE_ERROR PrintECDSASignature(
  FILE *out,
  TLVReader & reader,
  uint16_t indent
)

PrintHexField

void PrintHexField(
  FILE *out,
  const char *name,
  uint16_t indent,
  uint16_t count,
  const uint8_t *data
)

PrintPackedDate

void PrintPackedDate(
  FILE *out,
  uint16_t t
)

PrintPackedTime

void PrintPackedTime(
  FILE *out,
  uint32_t t
)

PrintWeaveDN

void PrintWeaveDN(
  FILE *out,
  const WeaveDN & dn
)

PrintWeaveDN

WEAVE_ERROR PrintWeaveDN(
  FILE *out,
  TLVReader & reader
)

PrintWeaveSignature

WEAVE_ERROR PrintWeaveSignature(
  FILE *out,
  TLVReader & reader,
  uint16_t indent
)

SecondsSinceEpochToPackedCertTime

NL_DLL_EXPORT uint32_t SecondsSinceEpochToPackedCertTime(
  uint32_t secondsSinceEpoch
)

Convert the number of seconds since 1970-01-01 00:00:00 UTC to a packed certificate date/time.

Details
Parameters
secondsSinceEpoch
Number of seconds since 1970-01-01 00:00:00 UTC. Note: this value is compatible with positive values of the POSIX time_t value, up to the year 2105.
Returns
A corresponding packet certificate date/time.

TranslateOpenSSLError

WEAVE_ERROR TranslateOpenSSLError(
  WEAVE_ERROR defaultErr
)

UnpackCertTime

NL_DLL_EXPORT WEAVE_ERROR UnpackCertTime(
  uint32_t packedTime,
  ASN1UniversalTime & time
)

Unpack a packed certificate date/time into an ASN.1 universal time structure.

Details
Parameters
packedTime
A packed certificate time to be unpacked.
time
A reference to an ASN1UniversalTime structure to receive the unpacked date/time.
Return Values
WEAVE_NO_ERROR
If the input time was successfully unpacked.

VerifyWeaveSignature

NL_DLL_EXPORT WEAVE_ERROR VerifyWeaveSignature(
  const uint8_t *msgHash,
  uint8_t msgHashLen,
  const uint8_t *sig,
  uint16_t sigLen,
  WeaveCertificateSet & certSet,
  ValidationContext & certValidContext
)

VerifyWeaveSignature

NL_DLL_EXPORT WEAVE_ERROR VerifyWeaveSignature(
  const uint8_t *msgHash,
  uint8_t msgHashLen,
  const uint8_t *sig,
  uint16_t sigLen,
  OID expectedSigAlgoOID,
  WeaveCertificateSet & certSet,
  ValidationContext & certValidContext
)

WeaveCurveIdToOID

NL_DLL_EXPORT OID WeaveCurveIdToOID(
  uint32_t weaveCurveId
)