 |
TrustCore SDK NanoCert API reference
version 7.0
|
|
TrustCore SDK NanoCert API reference
version 7.0
|
Header file for Digicert SoT Platform source code for X509v3 Certificate parsing routines. More...
Go to the source code of this file.
Typedefs | |
| typedef MSTATUS(* | EnumCallbackFun) (struct ASN1_ITEM *pItem, CStream cs, void *userArg) |
Enumerations | |
| enum | { digitalSignature = 0, nonRepudiation = 1, keyEncipherment = 2, dataEncipherment = 3, keyAgreement = 4, keyCertSign = 5, cRLSign = 6, encipherOnly = 7, decipherOnly = 8 } |
Functions | |
| MOC_EXTERN MSTATUS | X509_canSignChain (struct ASN1_ITEM *pCertificate, CStream s, sbyte4 chainLength) |
| MOC_EXTERN MSTATUS | X509_checkCertificateIssuer (struct ASN1_ITEM *pParentCertificate, CStream pParentCertStream, struct ASN1_ITEM *pCertificate, CStream pCertStream) |
| MOC_EXTERN MSTATUS | X509_checkCertificateIssuerSerialNumber (struct ASN1_ITEM *pIssuer, struct ASN1_ITEM *pSerialNumber, CStream pIssuerStream, struct ASN1_ITEM *pCertificate, CStream pCertStream) |
| MOC_EXTERN MSTATUS | X509_compSubjectAltNames (struct ASN1_ITEM *pCertificate, CStream s, const sbyte *nameToMatch, ubyte4 tagMask) |
| MOC_EXTERN MSTATUS | X509_compSubjectAltNamesEx (struct ASN1_ITEM *pCertificate, CStream s, const struct CNMatchInfo *namesToMatch, ubyte4 tagMask) |
| MOC_EXTERN MSTATUS | X509_compSubjectCommonName (struct ASN1_ITEM *pCertificate, CStream s, const sbyte *nameToMatch) |
| MOC_EXTERN MSTATUS | X509_computeBufferHash (MOC_HASH(hwAccelDescr hwAccelCtx) ubyte *buffer, ubyte4 bytesToHash, ubyte hash[], sbyte4 *hashSize, ubyte4 hashType) |
| MOC_EXTERN void | X509_convertTime (TimeDate *pTime, ubyte *pOutputTime) |
| MOC_EXTERN MSTATUS | X509_decryptRSASignatureBuffer (MOC_RSA(hwAccelDescr hwAccelCtx) struct RSAKey *pRSAKey, const ubyte *pSignature, ubyte4 signatureLen, ubyte hash[], sbyte4 *pHashLen, ubyte4 *rsaAlgoIdSubType) |
| MOC_EXTERN MSTATUS | X509_enumerateAltName (struct ASN1_ITEM *pCertificate, CStream s, sbyte4 isSubject, EnumCallbackFun ecf, void *userArg) |
| MOC_EXTERN MSTATUS | X509_enumerateCRL (struct ASN1_ITEM *pCertificate, CStream s, EnumCallbackFun ecf, void *userArg) |
| MOC_EXTERN MSTATUS | X509_extractDistinguishedNames (struct ASN1_ITEM *pCertificate, CStream s, intBoolean isSubject, struct certDistinguishedName *pRetDN) |
| MOC_EXTERN MSTATUS | X509_extractDistinguishedNamesBuffer (ASN1_ITEMPTR pNameItem, CStream cs, ubyte **ppBuffer, ubyte4 *pBufferLen) |
| Extract the distinguished name components as a comma separated buffer. More... | |
| MOC_EXTERN MSTATUS | X509_extractDistinguishedNamesFromName (struct ASN1_ITEM *pName, CStream s, struct certDistinguishedName *pRetDN) |
| MOC_EXTERN MSTATUS | X509_extractRSAKey (MOC_RSA(hwAccelDescr hwAccelCtx) struct ASN1_ITEM *pSubjectKeyInfo, CStream s, struct AsymmetricKey *pKey) |
| MOC_EXTERN MSTATUS | X509_extractSerialNum (struct ASN1_ITEM *pCertificate, CStream s, ubyte **ppRetSerialNum, ubyte4 *pRetSerialNumLength) |
| MOC_EXTERN MSTATUS | X509_extractValidityTime (struct ASN1_ITEM *pCertificate, CStream s, struct certDistinguishedName *pRetDN) |
| MOC_EXTERN MSTATUS | X509_extractVersion (struct ASN1_ITEM *pCertificate, sbyte4 *pRetVersion) |
| MOC_EXTERN MSTATUS | X509_getCertExtension (struct ASN1_ITEM *pExtensionsSeq, CStream s, const ubyte *whichOID, intBoolean *critical, struct ASN1_ITEM **ppExtension) |
| MOC_EXTERN MSTATUS | X509_getCertificateExtensions (struct ASN1_ITEM *pCertificate, struct ASN1_ITEM **ppExtensions) |
| Get the ASN1_ITEMPTR that contains the extensions. More... | |
| MOC_EXTERN MSTATUS | X509_getCertificateIssuerSerialNumber (struct ASN1_ITEM *pCertificate, struct ASN1_ITEM **ppIssuer, struct ASN1_ITEM **ppSerialNumber) |
| MOC_EXTERN MSTATUS | X509_getCertificateKeyUsage (struct ASN1_ITEM *pCertificate, CStream s, struct ASN1_ITEM **ppKeyUsage) |
| MOC_EXTERN MSTATUS | X509_getCertificateKeyUsageValue (struct ASN1_ITEM *pCertificate, CStream s, ubyte2 *pValue) |
| Return the value of the Key Usage extension. More... | |
| MOC_EXTERN MSTATUS | X509_getCertificateSubject (struct ASN1_ITEM *pCertificate, struct ASN1_ITEM **ppSubject) |
| MOC_EXTERN MSTATUS | X509_getCertSignAlgoType (struct ASN1_ITEM *pSignAlgoId, CStream s, ubyte4 *hashType, ubyte4 *pubKeyType) |
| MOC_EXTERN MSTATUS | X509_getCertSignAlgoTypeEx (struct ASN1_ITEM *pSignAlgoId, CStream s, ubyte4 *hashType, ubyte4 *pubKeyType, ubyte4 *curveType, ubyte4 *pQsAlg) |
| MOC_EXTERN MSTATUS | X509_getCertTime (struct ASN1_ITEM *pTime, CStream s, TimeDate *pGMTTime) |
| MOC_EXTERN MSTATUS | X509_getEntryByOID (ASN1_ITEMPTR pInputItem, CStream s, const ubyte *oid, ASN1_ITEMPTR *ppEntryItem) |
| MOC_EXTERN MSTATUS | X509_getRSASignatureAlgo (struct ASN1_ITEM *pCertificate, CStream certStream, ubyte *signAlgo) |
| MOC_EXTERN MSTATUS | X509_getSignatureItem (struct ASN1_ITEM *pCertificate, CStream s, struct ASN1_ITEM **ppSignature) |
| MOC_EXTERN MSTATUS | X509_getSubjectCommonName (struct ASN1_ITEM *pCertificate, CStream s, struct ASN1_ITEM **ppCommonNameItem) |
| MOC_EXTERN MSTATUS | X509_getSubjectEntryByOID (struct ASN1_ITEM *pCertificate, CStream s, const ubyte *oid, struct ASN1_ITEM **ppEntryItem) |
| MOC_EXTERN MSTATUS | X509_getValidityTime (struct ASN1_ITEM *pCertificate, struct ASN1_ITEM **pRetStart, struct ASN1_ITEM **pRetEnd) |
| MOC_EXTERN MSTATUS | X509_isRootCertificate (struct ASN1_ITEM *pCertificate, CStream s) |
| MOC_EXTERN MSTATUS | X509_matchName (struct ASN1_ITEM *pCertificate, CStream s, const sbyte *nameToMatch) |
| MOC_EXTERN MSTATUS | X509_rawVerifyOID (struct ASN1_ITEM *pCertificate, CStream s, const ubyte *pOidItem, const ubyte *pOidValue, intBoolean *pIsPresent) |
| MOC_EXTERN MSTATUS | X509_setKeyFromSubjectPublicKeyInfo (MOC_ASYM(hwAccelDescr hwAccelCtx) struct ASN1_ITEM *pCertificate, CStream s, struct AsymmetricKey *pPubKey) |
| MOC_EXTERN MSTATUS | X509_validateLink (MOC_ASYM(hwAccelDescr hwAccelCtx) struct ASN1_ITEM *pCertificate, CStream pCertStream, struct ASN1_ITEM *pParentCertificate, CStream pParentCertStream, sbyte4 chainLength) |
| MOC_EXTERN MSTATUS | X509_verifySignature (MOC_ASYM(hwAccelDescr hwAccelCtx) struct ASN1_ITEM *pCertOrCRL, CStream cs, struct AsymmetricKey *pIsuerPubKey) |
| MOC_EXTERN MSTATUS | X509_verifyValidityTime (struct ASN1_ITEM *pCertificate, CStream s, const TimeDate *td) |
Header file for Digicert SoT Platform source code for X509v3 Certificate parsing routines.
| MOC_EXTERN MSTATUS X509_extractDistinguishedNamesBuffer | ( | ASN1_ITEMPTR | pNameItem, |
| CStream | cs, | ||
| ubyte ** | ppBuffer, | ||
| ubyte4 * | pBufferLen | ||
| ) |
This function takes in an ASN1_ITEMPTR which points to a distinguished name such as the subject or issuer name and extracts the name components. Each of the name components are placed inside a buffer with a comma delimiter. This buffer is allocated by this function and given back to the caller who must free it. Note that the buffer returned is not NULL terminated.
For a certificate which contains the following attributes in the subject portion.
CN=TestCert C=US L=San Francisco ST=CA O=Digicert Corp
The buffer will be output as follows without a NULL terminating character.
CN=TestCert,C=US,L=San Francisco,ST=CA,O=Digicert Corp
| pNameItem | Pointer to the distinguished name to parse. |
| cs | CStream which holds the distinguished name data. |
| ppBuffer | Address where return pointer is placed. |
| pBufferLen | Address where length of return pointer is placed. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro. | MOC_EXTERN MSTATUS X509_getCertificateExtensions | ( | struct ASN1_ITEM * | pCertificate, |
| struct ASN1_ITEM ** | ppExtensions | ||
| ) |
Use it to get individual extensions out (see X509_getCertExtension).
If there are no extensions, the function will set *ppExtensions to NULL and retun OK.
This will return a reference to the Extensions ASN.1 object. That object belongs to the cert object. Do not free it.
To decode the certificate (get the certificate as an ASN1_ITEMPTR), do the following.
#include "common/moptions.h"
#include "common/mtypes.h"
#include "common/mdefs.h"
#include "common/merrors.h"
#include "common/mocana.h"
#include "common/mrtos.h"
#include "common/mem_part.h"
#include "common/mstdlib.h"
#include "common/random.h"
#include "crypto/hw_accel.h"
#include "common/vlong.h"
#include "common/datetime.h"
#include "common/tree.h"
#include "common/absstream.h"
#include "common/memfile.h"
#include "asn1/oiddefs.h"
#include "asn1/parseasn1.h"
#include "asn1/parsecert.h"
#include "asn1/derencoder.h"#include "crypto/crypto.h"
#include "crypto/pubcrypto.h"
#include "crypto/ca_mgmt.h"
#include "crypto/asn1cert.h" MemFile memFile;
CStream cStream;
ASN1_ITEMPTR pCertRoot = NULL;
ASN1_ITEMPTR pCertSeq, pExtensions; status = (MSTATUS)MF_attach (&memFile, (sbyte4)certLen, pCert);
if (OK != status)
goto exit; CS_AttachMemFile (&cStream, (void *)&memFile); status = ASN1_Parse (cStream, &pCertRoot);
if (OK != status)
goto exit; status = ASN1_GetNthChild (pCertRoot, 1, &pCertSeq);
if (OK != status)
goto exit; status = X509_getCertificateExtensions (pCertSeq, &pExtensions);
if (OK != status)
goto exit;exit:
if (NULL != pCertRoot)
{
TREE_DeleteTreeItem ((TreeItem *)pCertRoot);
}
| MOC_EXTERN MSTATUS X509_getCertificateKeyUsageValue | ( | struct ASN1_ITEM * | pCertificate, |
| CStream | s, | ||
| ubyte2 * | pValue | ||
| ) |
If there's no such extension, it will return 0xFFFF (All flags set)
Pass in the address of a ubyte2 and the function will set it to the result. It will be a bit field.
keyUsage ::= BIT STRING {
digitalSignature(0), nonRepudiation(1), keyEncipherment(2),
dataEncipherment(3), keyAgreement(4), keyCertSign(5), cRLSign(6),
encipherOnly(7), decipherOnly(8)}
For example, if the 0x0001 bit is set, then the digitalSignature bit is set. Similarly, if the 0x0020 bit is set, then the keyCertSign bit is set.
To decode the certificate (get the certificate as an ASN1_ITEMPTR), do the following.
#include "common/moptions.h"
#include "common/mtypes.h"
#include "common/mdefs.h"
#include "common/merrors.h"
#include "common/mocana.h"
#include "common/mrtos.h"
#include "common/mem_part.h"
#include "common/mstdlib.h"
#include "common/random.h"
#include "crypto/hw_accel.h"
#include "common/vlong.h"
#include "common/datetime.h"
#include "common/tree.h"
#include "common/absstream.h"
#include "common/memfile.h"
#include "asn1/oiddefs.h"
#include "asn1/parseasn1.h"
#include "asn1/parsecert.h"
#include "asn1/derencoder.h"#include "crypto/crypto.h"
#include "crypto/pubcrypto.h"
#include "crypto/ca_mgmt.h"
#include "crypto/asn1cert.h" MemFile memFile;
CStream cStream;
ASN1_ITEMPTR pCertRoot = NULL;
ASN1_ITEMPTR pCertSeq; status = (MSTATUS)MF_attach (&memFile, (sbyte4)certLen, pCert);
if (OK != status)
goto exit; CS_AttachMemFile (&cStream, (void *)&memFile); status = ASN1_Parse (cStream, &pCertRoot);
if (OK != status)
goto exit; status = ASN1_GetNthChild (pCertRoot, 1, &pCertSeq);
if (OK != status)
goto exit;exit:
if (NULL != pCertRoot)
{
TREE_DeleteTreeItem ((TreeItem *)pCertRoot);
}