 |
TrustCore SDK NanoCert API reference
version 7.0
|
|
TrustCore SDK NanoCert API reference
version 7.0
|
Digicert SoT Platform certificate authority management factory. More...
Go to the source code of this file.
Data Structures | |
| struct | certDescriptor |
| Certificate context (information required to manage a DER-encoded X.509 certificate). More... | |
| struct | certDistinguishedName |
| Distinguished name data (names and start/end dates) to support certificate generation. More... | |
| struct | certExtensions |
| Container for a certificate's version 3 extensions. More... | |
| struct | CNMatchInfo |
| struct | extensions |
| Version 3 certificate or CRL extension (as defined in RFC 3280). More... | |
| struct | nameAttr |
Certificate generation support for constructing an AttributeTypeAndValues ASN.1 object. More... | |
| struct | relativeDN |
Container for nameAttr structure information required to construct an ASN.1 RelativeDistinguishedName object. More... | |
Functions | |
| MOC_EXTERN sbyte4 | CA_MGMT_allocCertDistinguishedName (certDistinguishedName **ppNewCertDistName) |
Allocate and initialize a pCertificateDesc structure. More... | |
| MOC_EXTERN MSTATUS | CA_MGMT_convertIpAddress (ubyte *pIpString, ubyte *pIpBytes, ubyte4 *pIpLen) |
| Converts an IP address represented by a string (v4 or v6) to raw bytes. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_convertKeyDER (ubyte *pDerRsaKey, ubyte4 derRsaKeyLength, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| This is an old function. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_convertKeyPEM (ubyte *pPemRsaKey, ubyte4 pemRsaKeyLength, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| This is an old function. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_convertPKCS8KeyToKeyBlob (const ubyte *pPKCS8DER, ubyte4 pkcs8DERLen, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| Convert unprotected RSA private key to a Digicert SoT Platform private RSA keyblob. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_convertProtectedPKCS8KeyToKeyBlob (const ubyte *pPKCS8DER, ubyte4 pkcs8DERLen, ubyte *pPassword, ubyte4 passwordLen, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| Extract a protected RSA private key from a PKCS #8 DER- encoded buffer, converting it into a Digicert SoT Platform unprotected private RSA key blob. More... | |
| MOC_EXTERN MSTATUS | CA_MGMT_convertRSAPublicKeyInfoDER (ubyte *pDerRsaKey, ubyte4 derRsaKeyLength, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| Convert the DER encoding of an RSA public key in PublicKeyInfo format into a Digicert key blob. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_decodeCertificate (ubyte *pKeyFile, ubyte4 fileSize, ubyte **ppDecodeFile, ubyte4 *pDecodedLength) |
| Convert PEM-encoded certificate to DER-encoded certificate. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_extractBasicConstraint (ubyte *pCertificate, ubyte4 certificateLen, intBoolean *pIsCritical, certExtensions *pCertExtensions) |
| Get the BasicConstraints extension out of a cert. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_extractCertASN1Name (const ubyte *pCertificate, ubyte4 certificateLength, sbyte4 isSubject, sbyte4 includeASN1SeqHeader, ubyte4 *pASN1NameOffset, ubyte4 *pASN1NameLen) |
| Get an X.509 certificate's subject or issuer DER-encoded ASN.1 name. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_extractCertDistinguishedName (ubyte *pCertificate, ubyte4 certificateLength, sbyte4 isSubject, certDistinguishedName *pRetDN) |
Get a DER-encoded X.509 certificate's subject or issuer (as specified by the isSubject parameter) distinguished name. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_extractCertTimes (ubyte *pCertificate, ubyte4 certificateLength, certDistinguishedName *pRetDN) |
| Get a DER-encoded X.509 certificate's start and expiration times and dates. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_extractPublicKeyInfo (ubyte *pCertificate, ubyte4 certificateLen, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLen) |
| Gets the public key from a certificate. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_extractSignature (ubyte *pCertificate, ubyte4 certificateLen, ubyte **ppSignature, ubyte4 *pSignatureLen) |
| Gets the signature out of a cert. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_freeCertDistinguishedName (certDistinguishedName **ppFreeCertDistName) |
Free certDistinguishedName structure's memory. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_freeCertificate (certDescriptor *pRetCertificateDescr) |
| Free memory allocated by CA_MGMT_generateCertificate(). More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_freeNakedKey (ubyte **ppFreeKeyBlob) |
| Free (release) a naked key blob's memory. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateEx (certDescriptor *pRetCertificate, ubyte4 keySize, const certDistinguishedName *pCertInfo, ubyte signAlgorithm, const certExtensions *pExtensions, const certDescriptor *pParentCertificate) |
| MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateEx2 (certDescriptor *pRetCertificate, struct AsymmetricKey *key, const certDistinguishedName *pCertInfo, ubyte signAlgorithm) |
| MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateExType (certDescriptor *pRetCertificate, ubyte4 keyType, ubyte4 keySize, const certDistinguishedName *pCertInfo, ubyte signAlgorithm, const certExtensions *pExtensions, const certDescriptor *pParentCertificate) |
| Generate a signed X.509 certificate and public/private key pair. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateHybrid (certDescriptor *pRetCertificate, ubyte4 curve, ubyte4 qsAlg, const certDistinguishedName *pCertInfo, const certExtensions *pExtensions, const certDescriptor *pParentCertificate) |
| Generates a signed X.509 certificate and private/public key pair for a hybrid authentication algorithm. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateWithProperties (certDescriptor *pRetCertificate, const certDistinguishedName *forName, const CertProperties *properties) |
| MOC_EXTERN sbyte4 | CA_MGMT_generateNakedHybridKey (ubyte4 keyType, ubyte4 legacyKeyType, ubyte4 legacyKeySize, ubyte4 qsAlgoId, ubyte **ppRetNewKeyBlob, ubyte4 *pRetNewKeyBlobLength) |
| Generate a naked key. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_generateNakedKey (ubyte4 keyType, ubyte4 keySize, ubyte **ppRetNewKeyBlob, ubyte4 *pRetNewKeyBlobLength) |
| Generate a naked key. More... | |
| MOC_EXTERN MSTATUS | CA_MGMT_getCertSignAlgoType (ubyte *pCertificate, ubyte4 certificateLen, ubyte4 *pHashType, ubyte4 *pPubKeyType) |
| Gets the hash type and public key type out of a cert. More... | |
| MOC_EXTERN MSTATUS | CA_MGMT_keyBlobToDER (const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte **ppRetKeyDER, ubyte4 *pRetKeyDERLength) |
| This is an old function. More... | |
| MOC_EXTERN MSTATUS | CA_MGMT_keyBlobToPEM (const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte **ppRetKeyPEM, ubyte4 *pRetKeyPEMLength) |
| This is an old function. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_makeSubjectAltNameExtension (extensions *pExtension, const SubjectAltNameAttr *nameAttrs, sbyte4 numNameAttrs) |
| MOC_EXTERN MSTATUS | CA_MGMT_publicKeyBlobToDER (const ubyte *pPublicKeyBlob, ubyte4 publicKeyBlobLength, ubyte **ppRetKeyDER, ubyte4 *pRetKeyDERLength) |
| This is an old function. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_returnCertificatePrints (ubyte *pCertificate, ubyte4 certLength, ubyte *pShaFingerPrint, ubyte *pMD5FingerPrint) |
| Generate an X.509 certificate's SHA-1 and MD5 fingerprints. More... | |
| MOC_EXTERN MSTATUS | CA_MGMT_tpm12RsaKeyBlobToDer (ubyte *pKeyBlob, ubyte4 keyBlobLen, struct vlong *pModulus, struct vlong *pPubExpo, ubyte **ppDerEncoding, ubyte4 *pDerEncodingLen) |
| MOC_EXTERN MSTATUS | CA_MGMT_verifyCertDate (ubyte *pCert, ubyte4 certLen) |
| Validate a DER-encoded X.509 certificate's start and expiration times and dates against the current time. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_verifyCertWithKeyBlob (certDescriptor *pCertificateDescr, sbyte4 *pIsGood) |
Verify correspondence of a certDescriptor key blob and certificate's key. More... | |
| MOC_EXTERN sbyte4 | CA_MGMT_verifySignature (const ubyte *pIssuerCertBlob, ubyte4 issuerCertBlobLen, ubyte *pCertificate, ubyte4 certLen) |
| Verifies the signature in a certificate. More... | |
This header file contains structures, enumerations, and function declarations for SoT Platform certificate management functions.
(new structures, new functions, etc.)
Whether the following flags are defined determines which structures and enumerations are defined:
__ENABLE_MOCANA_MULTIPLE_COMMON_NAMES__ __ENABLE_MOCANA_ECC__ Whether the following flags are defined determines which function declarations are enabled:
__ENABLE_MOCANA_EXTRACT_CERT_BLOB__ __PUBCRYPTO_HEADER__ | MOC_EXTERN MSTATUS CA_MGMT_convertIpAddress | ( | ubyte * | pIpString, |
| ubyte * | pIpBytes, | ||
| ubyte4 * | pIpLen | ||
| ) |
Converts an IP address represented by a string (v4 or v6) to raw bytes. For example, v4 would look like 192.168.1.10 with decimal integers and v6 would look like 1234:5678:9abc:def0:fedc:bca9:0000:1111 with 8 groups of hex integers (with zero integers required, ie no empty groups).
| pIpString | The input string form of the ip address. |
| pIpBytes | Buffer to hold the output raw byte form ip. Must be 16 bytes if IPv6 is to be supported. |
| pIpLen | Will be set to the length of the raw byte form (either 4 or 16 for v4 or v6 respectively) |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN sbyte4 CA_MGMT_convertKeyDER | ( | ubyte * | pDerRsaKey, |
| ubyte4 | derRsaKeyLength, | ||
| ubyte ** | ppRetKeyBlob, | ||
| ubyte4 * | pRetKeyBlobLength | ||
| ) |
You should use CRYPTO_serialize to to get key blobs, along with DER and PEM encodings from keys, and CRYPTO_deserialize to build keys from key blobs, DER, and PEM.
| MOC_EXTERN sbyte4 CA_MGMT_convertKeyPEM | ( | ubyte * | pPemRsaKey, |
| ubyte4 | pemRsaKeyLength, | ||
| ubyte ** | ppRetKeyBlob, | ||
| ubyte4 * | pRetKeyBlobLength | ||
| ) |
You should use CRYPTO_serialize to to get key blobs, along with DER and PEM encodings from keys, and CRYPTO_deserialize to build keys from key blobs, DER, and PEM.
| MOC_EXTERN sbyte4 CA_MGMT_extractBasicConstraint | ( | ubyte * | pCertificate, |
| ubyte4 | certificateLen, | ||
| intBoolean * | pIsCritical, | ||
| certExtensions * | pCertExtensions | ||
| ) |
Pass in the DER-encoded cert, along with a pointer to a certExtensions struct. This function will set the BasicCOnstraints fields of the struct. You can then examine the results.
This function will set all the non-BasicConstraints fields in the struct to NULL/0.
| MOC_EXTERN sbyte4 CA_MGMT_extractPublicKeyInfo | ( | ubyte * | pCertificate, |
| ubyte4 | certificateLen, | ||
| ubyte ** | ppRetKeyBlob, | ||
| ubyte4 * | pRetKeyBlobLen | ||
| ) |
Gets the public key from a certificate. A buffer will be allocated to hold the public key in Digicert keyblob format. Be sure to free this buffer when done with it.
| pCertificate | Pointer to the DER encoded certificate. |
| certificateLen | The length of the certificate in bytes. |
| ppRetKeyBlob | Pointer to the location that will receive the newly allocated buffer holding the serialized public key. |
| pRetKeyBlobLen | Contents will be set to the length of the serialized public key in bytes. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN sbyte4 CA_MGMT_extractSignature | ( | ubyte * | pCertificate, |
| ubyte4 | certificateLen, | ||
| ubyte ** | ppSignature, | ||
| ubyte4 * | pSignatureLen | ||
| ) |
Gets the signature out of a cert. A buffer will be allocated to hold the signature. Be sure to free this buffer when done with it.
| pCertificate | Pointer to the DER encoded certificate. |
| certificateLen | The length of the certificate in bytes. |
| ppSignature | Pointer to the location that will receive the newly allocated signature buffer. |
| pSignatureLen | Contents will be set to the length of the signature in bytes. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CA_MGMT_getCertSignAlgoType | ( | ubyte * | pCertificate, |
| ubyte4 | certificateLen, | ||
| ubyte4 * | pHashType, | ||
| ubyte4 * | pPubKeyType | ||
| ) |
Gets the hash type and public key type out of a cert.
| pCertificate | Pointer to the DER encoded certificate. |
| certificateLen | The length of the certificate in bytes. |
| pHashType | Contents will be set to the hash identifier found in the certificate (if there is one). These identifiers can be found in the enum in crypto.h. |
| pPubKeyType | Contents will be set to the public key type. These are the akt_<type> identifiers above. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CA_MGMT_keyBlobToDER | ( | const ubyte * | pKeyBlob, |
| ubyte4 | keyBlobLength, | ||
| ubyte ** | ppRetKeyDER, | ||
| ubyte4 * | pRetKeyDERLength | ||
| ) |
You should use CRYPTO_serialize to to get key blobs, along with DER and PEM encodings from keys, and CRYPTO_deserialize to build keys from key blobs, DER, and PEM.
| MOC_EXTERN MSTATUS CA_MGMT_keyBlobToPEM | ( | const ubyte * | pKeyBlob, |
| ubyte4 | keyBlobLength, | ||
| ubyte ** | ppRetKeyPEM, | ||
| ubyte4 * | pRetKeyPEMLength | ||
| ) |
You should use CRYPTO_serialize to to get key blobs, along with DER and PEM encodings from keys, and CRYPTO_deserialize to build keys from key blobs, DER, and PEM.
| MOC_EXTERN MSTATUS CA_MGMT_publicKeyBlobToDER | ( | const ubyte * | pPublicKeyBlob, |
| ubyte4 | publicKeyBlobLength, | ||
| ubyte ** | ppRetKeyDER, | ||
| ubyte4 * | pRetKeyDERLength | ||
| ) |
You should use CRYPTO_serialize to to get key blobs, along with DER and PEM encodings from keys, and CRYPTO_deserialize to build keys from key blobs, DER, and PEM.
| MOC_EXTERN sbyte4 CA_MGMT_verifySignature | ( | const ubyte * | pIssuerCertBlob, |
| ubyte4 | issuerCertBlobLen, | ||
| ubyte * | pCertificate, | ||
| ubyte4 | certLen | ||
| ) |
Verifies the signature in a certificate.
| pIssuerCertBlob | The issuer public key serialized as a Digicert blob. |
| issuerCertBlobLen | The length of the serialized public key in bytes. |
| pCertificate | Pointer to the DER encoded certificate. |
| certLen | The length of the certificate in bytes. |
OK (0) if successful and the signature is valid, otherwise a negative number error code from merrors.h.