 |
TrustCore SDK NanoCert API reference
version 7.0
|
|
TrustCore SDK NanoCert API reference
version 7.0
|
Typedefs | |
| typedef MSTATUS(* | CMS_GetCertificate) (const void *arg, CStream cs, ASN1_ITEM *pSerialNumber, ASN1_ITEM *pIssuerName, ubyte **ppCertificate, ubyte4 *certificateLen) |
| Return a message's certificate that matches a given serial number and issuer name. More... | |
| typedef MSTATUS(* | CMS_GetPrivateKey) (const void *arg, CStream cs, const CMSRecipientId *pRecipientId, AsymmetricKey *pKey) |
| Get the private key associated with a given certificate in a CMS message stream. More... | |
| typedef MSTATUS(* | CMS_SignData) (void *pCbInfo, const ubyte *digestAlgoOID, const ubyte *pDataToSign, ubyte4 dataToSignLen, ubyte *pSigBuffer, ubyte4 sigBufferLen) |
| This callback is used to perform a signature operation. More... | |
| typedef MSTATUS(* | CMS_ValidateRootCertificate) (const void *arg, CStream cs, ASN1_ITEM *pCertificate) |
| Validate the certificates in a CMS message. More... | |
| typedef MSTATUS(* CMS_GetCertificate) (const void *arg, CStream cs, ASN1_ITEM *pSerialNumber, ASN1_ITEM *pIssuerName, ubyte **ppCertificate, ubyte4 *certificateLen) |
This callback function searches a given CMS stream (message), cs, for a certificate that matches serial number and issuer name. If no match is found, this callback function should search a private store of certificates (which has been read into a CStream) for a match.
(when is callback invoked?) (what's the "arg" param for?)
| arg | TBD. |
| cs | CStream containing the CMS message in which to search for the certificate. |
| pSerialNumber | Pointer to ANS1_ITEM that references the serial number to search for. |
| pIssuerName | Pointer to ANS1_ITEM that references the issuer name to search for. |
| ppCertificate | On return, pointer to the matching certificate; NULL if no matching certificate is found. |
| pCertStream | On return, pointer to CStream that contains the matching certificate, ppCertificate. The CStream can be the same as the input, cs, or it can be a CStream containing a private store of certificates. |
OK (0). If no matching certificate is found, NULL is returned in the ppCertificate parameter.| typedef MSTATUS(* CMS_GetPrivateKey) (const void *arg, CStream cs, const CMSRecipientId *pRecipientId, AsymmetricKey *pKey) |
This callback function searches a given CMS stream (message), cs, for a certificate that matches given recipient information — serial number and issuer name. To obtain the certificate, call the CMS_GetCertificate() callback function. To validate the certificate, call the CMS_ValidateRootCertificate() callback function. If the certificate is valid, this callback function (CMS_GetPrivateKey()) can get the associated private key.
If the subject's PEM-encoded private key is stored in a file, you can copy the key to an AsymmetricKey structure as follows:
Given this code, the callback function returns the private key through the pKey parameter.
(when is callback invoked?) (what is the arg param?)
| arg | TBD. |
| cs | CStream containing the CMS message (a ContentInfo object containing a CMS EnvelopedData object) to search. |
| pRecipientId | Pointer to CMS RecipientId object that contains the serial number and issuer name of the certificate of interest. |
| pKey | On return, pointer to the certificate's private key. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| typedef MSTATUS(* CMS_SignData) (void *pCbInfo, const ubyte *digestAlgoOID, const ubyte *pDataToSign, ubyte4 dataToSignLen, ubyte *pSigBuffer, ubyte4 sigBufferLen) |
This callback is used to perform a signature operation. It can be used in place of a private key when a private key itself is unavailable, for example in a tpm.
| pCbInfo | Optional callback args you may need for your routine. |
| digestAlgoOID | For RSA, the digest OID to be used when a digest info needs to be created. |
| pDataToSign | The data to sign. This should be a raw digest and not a digest info. |
| dataToSignLen | The length of the data to sign in bytes. |
| pSigBuffer | Buffer that will hold the resulting signature. For ECC and DSA this is r concatenated by s with each padded to their standard length based on the curve or q. |
| sigBufferLen | The length of the signature buffer in bytes. |
OK (0) and a negative return code if otherwise.| typedef MSTATUS(* CMS_ValidateRootCertificate) (const void *arg, CStream cs, ASN1_ITEM *pCertificate) |
This callback function validates the certificates in a CMS message.
Which validity checks to perform depends on your application and environment. Typical checks are:
(when is callback invoked?) (is the "top" certificate the root or end-user?) (what's the "arg" param for?)
| arg | TBD. |
| cs | CStream containing the CMS message of interest. |
| pCertificate | Pointer to topmost certificate in the certificate chain whether it is the root or not. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.