 |
TrustCore SDK NanoCert API reference
version 7.0
|
|
TrustCore SDK NanoCert API reference
version 7.0
|
Provides CMS (Cryptographic Message Syntax) streaming functionality. More...
Functions | |
| MOC_EXTERN MSTATUS | CMS_createSignedReceipt (CMS_context context, sbyte4 index, RNGFun rngFun, void *rngFunArg, const ubyte *signerCert, ubyte4 signerCertLen, const AsymmetricKey *pKey, const ubyte *hashAlgoOID, ubyte **ppReceipt, ubyte4 *pReceiptLen) |
Create a signed Receipt on the given message for a given signer. More... | |
| MOC_EXTERN MSTATUS | CMS_deleteContext (CMS_context *pContext) |
| Free a CMS context structure. More... | |
| MOC_EXTERN MSTATUS | CMS_detachedSignature (CMS_context context, intBoolean *detached) |
Determine whether a given CMS_context is a detached signature. More... | |
| MOC_EXTERN MSTATUS | CMS_envelopedAddRecipient (CMS_envelopedDataContext myCtx, const ubyte *cert, ubyte4 certLen) |
Add a recipient, identified by its DER-encoded certificate, to a CMS EnvelopedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_envelopedAddUnauthAttribute (CMS_envelopedDataContext myCtx, const ubyte *typeOID, ubyte4 type, const ubyte *value, ubyte4 valueLen) |
Add an unauthenticated attribute to a CMS EnvelopedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_envelopedDeleteContext (MOC_SYM(hwAccelDescr hwAccelCtx) CMS_envelopedDataContext *ppCtx) |
Delete and free a CMS EnvelopedData object that was allocated by CMS_envelopedNewContext(). More... | |
| MOC_EXTERN MSTATUS | CMS_envelopedNewContext (CMS_envelopedDataContext *pNewCtx, const ubyte *encryptAlgoOID, RNGFun rngFun, void *rngFunArg) |
Create a CMS EnvelopedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_envelopedUpdateContext (MOC_HW(hwAccelDescr hwAccelCtx) CMS_envelopedDataContext myCtx, const ubyte *data, ubyte4 dataLen, ubyte **ppOutput, ubyte4 *pOutputLen, intBoolean finished) |
Add data to a CMS EnvelopedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_getContentType (CMS_context context, CMS_ContentType *cmsContentType) |
Get the ContentType (CMS_contentType enumerated value from cms.h) of a given CMS object. More... | |
| MOC_EXTERN MSTATUS | CMS_getContentTypeOnly (CMS_context context, const ubyte *pInput, ubyte4 inputLen, CMS_ContentType *cType) |
Get the ContentType (CMS_contentType enumerated value from cms.h) of a given data buffer input. More... | |
| MOC_EXTERN MSTATUS | CMS_getDecryptingRecipient (CMS_context context, sbyte4 *recipientIndexZeroBased) |
Gets the index of the decrypting recipient in a given EnvelopedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_getEncapContentType (CMS_context context, ubyte **ppOID) |
| Get the OID (with length prefix) of the encapsulated content type. More... | |
| MOC_EXTERN MSTATUS | CMS_getEncryptionAlgo (CMS_context context, ubyte **ppEncryptionAlgoOID) |
Get the OID (with prefix length) of the encryption algorithm of a given CMS_context. More... | |
| MOC_EXTERN MSTATUS | CMS_getFirstCertificate (CMS_context context, const ASN1_ITEM **ppCertificate, CStream *pCS) |
Get the first certificate (its ASN1_ITEM structure) in a given CMS_context SignedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_getNumRecipients (CMS_context context, sbyte4 *numRecipients) |
Get the number of recipients in a given CMS EnvelopedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_getNumSigners (CMS_context context, sbyte4 *numSigners) |
Get the number of verified signers of a given SignedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_getReceiptInfo (const ubyte *receipt, ubyte4 receiptLen, const ubyte **messageId, ubyte4 *messageIdLen, const ubyte **signature, ubyte4 *signatureLen) |
Get message ID and signature of a given signed Receipt. More... | |
| MOC_EXTERN MSTATUS | CMS_getReceiptMsgDigest (CMS_context context, const ubyte **ppDigest, ubyte4 *pDigestLen) |
Get the message digest of a given signed Receipt. More... | |
| MOC_EXTERN MSTATUS | CMS_getRecipientInfo (CMS_context context, sbyte4 recipientIndexZeroBased, const ASN1_ITEM **pRecipientInfo, CStream *pCS) |
Get offset and length information of a given RecipientInfo object in a given EnvelopedData object, as well as the CStream that contains the RecipientInfo. More... | |
| MOC_EXTERN MSTATUS | CMS_getSignerInfo (CMS_context context, sbyte4 index, const ASN1_ITEM **ppRecipientInfo, CStream *pCS) |
| Get the SignerInfo object for a given verified signer. More... | |
| MOC_EXTERN MSTATUS | CMS_newContext (CMS_context *pNewContext, const void *callbackArg, const CMS_Callbacks *pCallbacks) |
| Create a CMS context structure for parsing a received CMS object. More... | |
| MOC_EXTERN MSTATUS | CMS_setDetachedSignatureData (CMS_context context, const ubyte *payload, ubyte4 payloadLen, intBoolean final) |
Add payload information to a CMS_context so that it can verify a detached signature. More... | |
| MOC_EXTERN MSTATUS | CMS_signedAddCertificate (CMS_signedDataContext myCtx, const ubyte *cert, ubyte4 certLen) |
Add a signed certificate to a CMS SignedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_signedAddCRL (CMS_signedDataContext myCtx, const ubyte *crl, ubyte4 crlLen) |
Add a signed CRL to a CMS SignedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_signedAddReceiptRequest (MOC_HASH(hwAccelDescr hwAccelCtx) CMS_signedDataContext myCtx, const ubyte **receiptFrom, sbyte4 numReceiptFrom, const ubyte **receiptTo, sbyte4 numReceiptTo) |
| Request a receipt for a given message. More... | |
| MOC_EXTERN MSTATUS | CMS_signedAddSigner (CMS_signedDataContext myCtx, const ubyte *cert, ubyte4 certLen, const AsymmetricKey *pKey, const ubyte *digestAlgoOID, ubyte4 flags, CMS_signerInfo *pNewSignerInfo) |
Add a signer to a given SignedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_signedAddSignerAttribute (CMS_signedDataContext myCtx, CMS_signerInfo signerInfo, const ubyte *typeOID, ubyte4 type, const ubyte *value, ubyte4 valueLen, intBoolean authenticated) |
Add an attribute (authenticated or non-authenticated) to a CMS SignedData object's signer(s). More... | |
| MOC_EXTERN MSTATUS | CMS_signedAddSignerWithCallback (MOC_HW(hwAccelDescr hwAccelCtx) CMS_signedDataContext myCtx, const ubyte *cert, ubyte4 certLen, CMS_SignData signCallback, void *pCbInfo, const ubyte *digestAlgoOID, ubyte4 flags, CMS_signerInfo *pNewSignerInfo) |
Add a signer to a given SignedData object when the private key is unavailable. More... | |
| MOC_EXTERN MSTATUS | CMS_signedDeleteContext (MOC_HASH(hwAccelDescr hwAccelCtx) CMS_signedDataContext *ppCtx) |
Delete and free a CMS SignedData object that was allocated by CMS_signedNewContext(). More... | |
| MOC_EXTERN MSTATUS | CMS_signedGetRequestInfo (CMS_signedDataContext myCtx, CMS_signerInfo signerInfo, const ubyte **messageId, ubyte4 *messageIdLen, const ubyte **digest, ubyte4 *digestLen, const ubyte **signature, ubyte4 *signatureLen) |
| Extract receipt request information. More... | |
| MOC_EXTERN MSTATUS | CMS_signedNewContext (CMS_signedDataContext *pNewCtx, const ubyte *payloadTypeOID, intBoolean detached, RNGFun rngFun, void *rngFunArg) |
Create a CMS SignedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_signedUpdateContext (MOC_ASYM(hwAccelDescr hwAccelCtx) CMS_signedDataContext myCtx, const ubyte *data, ubyte4 dataLen, ubyte **ppOutput, ubyte4 *pOutputLen, intBoolean finished) |
Add data to a CMS SignedData object. More... | |
| MOC_EXTERN MSTATUS | CMS_updateContext (CMS_context context, const ubyte *input, ubyte4 inputLen, ubyte **ppOutput, ubyte4 *pOutputLen, intBoolean *pFinished) |
Add data to a CMS_context object. More... | |
| MOC_EXTERN MSTATUS CMS_createSignedReceipt | ( | CMS_context | context, |
| sbyte4 | index, | ||
| RNGFun | rngFun, | ||
| void * | rngFunArg, | ||
| const ubyte * | signerCert, | ||
| ubyte4 | signerCertLen, | ||
| const AsymmetricKey * | pKey, | ||
| const ubyte * | hashAlgoOID, | ||
| ubyte ** | ppReceipt, | ||
| ubyte4 * | pReceiptLen | ||
| ) |
This function creates a signed Receipt object for the given message and signer. A signed Receipt object is a Receipt object that is encapsulated within a SignedData object.
For details about Receipt and signed Receipt objects, refer to RFC 2634.
(FIPS-compliance info in rngFun parameter desc)
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS context structure for the SignedData object for which you want to create a signed Receipt. |
| index | Index value indicating the verified signer of the SignedData object for which you want to generate a signed Receipt. |
| rngFun | Pointer to a function that generates random numbers suitable for cryptographic use. To be FIPS-compliant, reference RANDOM_rngFun() (defined in random.c), and make sure that __ENABLE_MOCANA_FIPS_MODULE__ is defined in moptions.h |
| rngFunArg | Pointer to arguments that are required by the function referenced in rngFun. If you use RANDOM_rngFun(), you must supply a randomContext structure, which you can create by calling RANDOM_acquireContext(). |
| signerCert | Pointer to a DER-encoded certificate for the signer of the signed Receipt to create. |
| signerCertLen | Length of the DER-encoded certificate, signerCert. |
| pKey | Pointer to an AsymmetricKey structure containing the signer's private key, which is used to sign the Receipt. |
| hashAlgoOID | Pointer to the OID for the message digest method to use for this signer. Valid values are pointers to md5_OID or sha1_OID, which are defined in src/asn1/oiddefs.h. |
| ppReceipt | On return, pointer to the signed Receipt object, which is encapsulated in a SignedData object. |
| pReceiptLen | On return, pointer to the length of the signed Receipt object, ppReceipt. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_deleteContext | ( | CMS_context * | pContext | ) |
This function frees (releases) a CMS context structure.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | pContext | Pointer to the CMS context structure to free. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_detachedSignature | ( | CMS_context | context, |
| intBoolean * | detached | ||
| ) |
This function determines whether a given CMS_context is a detached signature — a SignedData object that contains the signature that would otherwise be included in a different CMS_context.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS_context of interest. |
| detached | On return, pointer to TRUE if the context is a detached signature; otherwise pointer to FALSE. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_envelopedAddRecipient | ( | CMS_envelopedDataContext | myCtx, |
| const ubyte * | cert, | ||
| ubyte4 | certLen | ||
| ) |
This function adds a recipient to a CMS EnvelopedData object. You identify the recipient using its DER-encoded certificate.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to CMS EnvelopedData object to which to add a recipient. |
| cert | Pointer to the recipients's DER-encoded certificate. |
| certLen | Length of the certificate buffer, cert. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_envelopedAddUnauthAttribute | ( | CMS_envelopedDataContext | myCtx, |
| const ubyte * | typeOID, | ||
| ubyte4 | type, | ||
| const ubyte * | value, | ||
| ubyte4 | valueLen | ||
| ) |
This function adds an unauthenticated attribute to a CMS EnvelopedData object.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to the CMS EnvelopedData object to which to add the unauthenticated attribute. |
| typeOID | Pointer to OID value specifying the data type of enveloped data. |
| type | Pointer to content type of the enveloped data. |
| value | Pointer to unauthenticated attribute to add. |
| valueLen | Length of the unauthenticated attribute to add, value. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_envelopedDeleteContext | ( | MOC_SYM(hwAccelDescr hwAccelCtx) CMS_envelopedDataContext * | ppCtx | ) |
This function deletes and frees a CMS EnvelopedData object that was allocated by CMS_envelopedNewContext().
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | ppCtx | Pointer to CMS EnvelopedData object to delete and free. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_envelopedNewContext | ( | CMS_envelopedDataContext * | pNewCtx, |
| const ubyte * | encryptAlgoOID, | ||
| RNGFun | rngFun, | ||
| void * | rngFunArg | ||
| ) |
This function creates a CMS EnvelopedData object. After you call this function, you must call other functions to populate the object.
EnvelopedData object. Instead, use CMS_newContext().To delete and free the EnvelopedData object, call CMS_envelopedDeleteContext().
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | pNewCtx | On return, pointer to the new EnvelopedData object. |
| encryptAlgoOID | Pointer to OID array that describes the type of encryption to apply to the EnvelopedData object. Use any of the preconfigured OID arrays from src/asn1/oiddefs.h:
|
| rngFun | Pointer to a function that generates random numbers suitable for cryptographic use. To be FIPS-compliant, reference RANDOM_rngFun() (defined in random.c), and make sure that __ENABLE_MOCANA_FIPS_MODULE__ is defined in moptions.h |
| rngFunArg | Pointer to arguments that are required by the function referenced in rngFun. If you use RANDOM_rngFun(), you must supply a randomContext structure, which you can create by calling RANDOM_acquireContext(). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.(FIPS-compliance info in rngFun parameter description.)
| MOC_EXTERN MSTATUS CMS_envelopedUpdateContext | ( | MOC_HW(hwAccelDescr hwAccelCtx) CMS_envelopedDataContext | myCtx, |
| const ubyte * | data, | ||
| ubyte4 | dataLen, | ||
| ubyte ** | ppOutput, | ||
| ubyte4 * | pOutputLen, | ||
| intBoolean | finished | ||
| ) |
This function adds data to a CMS EnvelopedData object.
finished parameter equal to TRUE, which indicates that all the data is in and that the CMS can be generated in its entirety.To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to CMS EnvelopedData object to which to add data. |
| data | Pointer to the data to add. |
| dataLen | Length of the data to add, data. |
| ppOutput | On return, if finished is TRUE, pointer to the address of the DER-encoded, signed CMS EnvelopedData object. |
| pOutputLen | On return, if finished is TRUE, pointer to the length of the DER-encoded, signed CMS object, ppOutput. |
| finished | TRUE if this function supplies the last data to add; otherwise FALSE. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getContentType | ( | CMS_context | context, |
| CMS_ContentType * | cmsContentType | ||
| ) |
This function returns the ContentType (CMS_contentType enumerated value from cms.h) of a given CMS object, through the cmsContentType parameter.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS object from which to extract the ContentType. |
| cmsContentType | On return, pointer to a CMS_ContentType enumerated value (see cms.h). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getContentTypeOnly | ( | CMS_context | context, |
| const ubyte * | pInput, | ||
| ubyte4 | inputLen, | ||
| CMS_ContentType * | cType | ||
| ) |
This function returns the ContentType (CMS_contentType enumerated value from cms.h) of the input data buffer, through the cType parameter. Note that this call will only return accurate information on the first data buffer.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS_context object |
| pInput | Pointer to the data from which to ascertain the ContentType |
| inputLen | Length of the data to add, input. |
| cType | On return, pointer to a CMS_ContentType enumerated value (see cms.h). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getDecryptingRecipient | ( | CMS_context | context, |
| sbyte4 * | recipientIndexZeroBased | ||
| ) |
This function returns the index of the decrypting recipient in a given EnvelopedData object, through the recipientIndexZeroBased parameter.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS context structure of the EnvelopedData object to query. |
| recipientIndexZeroBased | On return, pointer to the zero-based index of the decrypting recipient in the EnvelopedData object. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getEncapContentType | ( | CMS_context | context, |
| ubyte ** | ppOID | ||
| ) |
This function returns the OID (with length prefix) of the encapsulated content type of a given CMS_context, through the ppOID parameter.
ppOID buffer. To avoid memory leaks, you must free the buffer when you are done with it.To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS context from which to extract the OID. |
| ppOID | On return, pointer to the address of an OID value. The value's buffer is allocated by this function, and you must free it when you are done with it. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getEncryptionAlgo | ( | CMS_context | context, |
| ubyte ** | ppEncryptionAlgoOID | ||
| ) |
This function returns the OID (with prefix length) of the encryption algorithm of a given CMS_context, through the ppEncryptionAlgoOID parameter.
ppEncryptionAlgoOID buffer. To avoid memory leaks, you must free the buffer when you are done with it.To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS_context for the EnvelopedData object to query. |
| ppEncryptionAlgoOID | On return, pointer to the address of a buffer that contains the OID (with prefix length) of the encryption algorithm. value's buffer is allocated by this function, and you must free it when you are done with it. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getFirstCertificate | ( | CMS_context | context, |
| const ASN1_ITEM ** | ppCertificate, | ||
| CStream * | pCS | ||
| ) |
This function Get the first certificate (its ASN1_ITEM structure) in a givenCMS_context SignedData object. The ASN1_ITEM structure contains offset and length information for the certificate that is in the returned CStream, pCS.
To get subsequent certificates, use ASN1_NEXT_SIBLING.
(Pls clarify how to "use ASN1_NEXT_SIBLING" to get subsequent certificates.)
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS_context for the SignedData object from which to get its first certificate. |
| ppCertificate | On return, pointer to the address of the ASN1_ITEM structure for the found certificate. This structure contains offset and length information for the certificate, which is in the CStream, pCS. |
| pCS | On return, pointer to the CStream that contains the ASN1_ITEM structure, ppCertificate, of the first certificate. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getNumRecipients | ( | CMS_context | context, |
| sbyte4 * | numRecipients | ||
| ) |
This function returns the number of recipients in the referenced CMS EnvelopedData object, through the numRecipients parameter. If the recipients are not all in the EnvelopedData object, this function returns an error (ERR_EOF).
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | EnvelopedData object from which to extract the number of recipients. |
| numRecipients | On return, pointer to the number of recipients in the referenced EnvelopedData object, context. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getNumSigners | ( | CMS_context | context, |
| sbyte4 * | numSigners | ||
| ) |
This function returns the number of verified signers of a given SignedData object, returned through the numSigners parameter.
If you do not know whether the given SignedData object is a detached signature, before calling this function you should call CMS_detachedSignature(). If the SignedData object is a detached signature, you must call CMS_setDetachedSignatureData() before calling the CMS_getNumSigners function. Otherwise, the CMS_getNumSigners function cannot verify the signers, and will return the error, ERR_PKCS7_DETACHED_DATA.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS_context structure that contains the SignedData object of interest. |
| numSigners | On return, pointer to the number of verified signers. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getReceiptInfo | ( | const ubyte * | receipt, |
| ubyte4 | receiptLen, | ||
| const ubyte ** | messageId, | ||
| ubyte4 * | messageIdLen, | ||
| const ubyte ** | signature, | ||
| ubyte4 * | signatureLen | ||
| ) |
This function gets the message ID and signature of a given signed Receipt.
Call this function after the signedData has been parsed and the signature(s) verified. The encapsulated Content Type (see CMS_getEncapContentType()) is id-ct-receipt. The receipt is the signed data (which is built by concatenating the CMS_updateContext object's returned buffers).
receipt buffer. Do not free these pointers.(confusing description in inherited Doxygen comments)
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | receipt | Pointer to signed Receipt of interest. |
| receiptLen | Length of the Receipt buffer, receipt. |
| messageId | On return, pointer the address of an offset into the signed Receipt for the message ID. |
| messageIdLen | On return, pointer to length of the message ID, messageId. |
| signature | On return, pointer to the address of an offset into the signed Receipt for the signature. |
| signatureLen | On return, pointer to the length of the signature, signature. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getReceiptMsgDigest | ( | CMS_context | context, |
| const ubyte ** | ppDigest, | ||
| ubyte4 * | pDigestLen | ||
| ) |
This function gets the message digest of a given signed Receipt.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to CMS_context for the signed Receipt object of interest. |
| ppDigest | On return, pointer to the address of a buffer containing the message digest of the signed Receipt. |
| pDigestLen | On return, pointer to the length of the message digest buffer, ppDigest. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getRecipientInfo | ( | CMS_context | context, |
| sbyte4 | recipientIndexZeroBased, | ||
| const ASN1_ITEM ** | pRecipientInfo, | ||
| CStream * | pCS | ||
| ) |
This function returns the offset and length information of a given RecipientInfo object in a given EnvelopedData (CMS_context) object, as well as the CStream that contains the RecipientInfo.
You can use the offset and length information, which is returned through the pRecipientInfo parameter, to find the RecipientInfo object in the returned CStream. If the recipient is not in the EnvelopedData (CMS_context) object, this function returns an error (ERR_EOF).
(there's contradictory info in inherited Doxygen documentation.)
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS context structure for the EnvelopedData object from which you want to extract a RecipientInfo object. |
| recipientIndexZeroBased | Zero-based index of the RecipientInfo object of interest in the EnvelopedData object, context. (To get the size of the EnvelopedData array, call CMS_getNumRecipients().) |
| pRecipientInfo | On return, pointer to the address of an ASN1_ITEM structure that contains offset and length information for the RecipientInfo object of interest. |
| pCS | On return, pointer to the CStream that contains the RecipientInfo object of interest. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_getSignerInfo | ( | CMS_context | context, |
| sbyte4 | index, | ||
| const ASN1_ITEM ** | ppRecipientInfo, | ||
| CStream * | pCS | ||
| ) |
Call this function to get an ASN1_ITEM structure that provides the offset and length information for a SignerInfo object for a verified signer of the given SignedData object.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS_context structure containing the SignedData object from which to extract the SignerInfo object. |
| index | Zero-based index of the SignerInfo object of interest in the SignedData object that is in context. (To get the size of the SignedData array, call CMS_getNumSigners().) |
| ppRecipientInfo | On return, pointer to the address of an ASN1_ITEM structure that contains offset and length information for the SignerInfo object of interest. |
| pCS | On return, pointer to the CStream that contains the SignedData object of interest. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_newContext | ( | CMS_context * | pNewContext, |
| const void * | callbackArg, | ||
| const CMS_Callbacks * | pCallbacks | ||
| ) |
This function creates a CMS context structure, initializes its state, and populates its callback pointers with the passed-in function pointers, pCallbacks.
Use this function to parse a received CMS object. The CMS context structure, pNewContext, contains information required to parse a CMS message. Treat this structure as opaque, and do not attempt to access its members directly.
SignedData object, or use CMS_envelopedNewContext() to create a new EnvelopedData object.To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | pNewContext | On return, pointer to a MS_context structure, which maintains context information required by functions that parse a CMS message. Treat this structure as opaque, and do not access its members directly. |
| callbackArg | Pointer to arguments that are required by the function referenced in pCallbacks. |
| pCallbacks | Pointer to a populated CMS_Callbacks structure containing pointers to functions for obtaining the private key for a particular subject, for validating a root certificate, and for searching a CStream for a certificate that matches a specified issuer name and serial number. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_setDetachedSignatureData | ( | CMS_context | context, |
| const ubyte * | payload, | ||
| ubyte4 | payloadLen, | ||
| intBoolean | final | ||
| ) |
This function adds payload information to a CMS_context so that it can verify a detached signature — a SignedData object that contains the signature that would otherwise be included in the CMS_context.
(There are confusing statements in inherited Doxygen documentation.)
To enable this function, at least one of the following flags must be defined in moptions.h:`
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS_context structure that contains the SignedData object that is an external signature for the data in the buffer, payload.On return, also contains the information that is required to verify the SignedData object's detached signature. |
| payload | Pointer to the buffer containing the data that is signed by the context object's SignedData object. |
| payloadLen | Length of the signed data, payload. |
| final | TRUE if all the data is already added; otherwise FALSE. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedAddCertificate | ( | CMS_signedDataContext | myCtx, |
| const ubyte * | cert, | ||
| ubyte4 | certLen | ||
| ) |
This function adds a signed certificate to CMS SignedData object. This function can add an intermediate certificate.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to the CMS SignedData object to which to add a certificate. |
| cert | Pointer to DER-encoded certificate to add. |
| certLen | Length of the certificate buffer, cert. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedAddCRL | ( | CMS_signedDataContext | myCtx, |
| const ubyte * | crl, | ||
| ubyte4 | crlLen | ||
| ) |
This function adds a signed CRL (Certificate Revocation List) to a CMS SignedData object.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to CMS SignedData object to which to add a CRL. |
| crl | Pointer to the DER-encoded CRL to add. |
| crlLen | Length of the CRL buffer, crl. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedAddReceiptRequest | ( | MOC_HASH(hwAccelDescr hwAccelCtx) CMS_signedDataContext | myCtx, |
| const ubyte ** | receiptFrom, | ||
| sbyte4 | numReceiptFrom, | ||
| const ubyte ** | receiptTo, | ||
| sbyte4 | numReceiptTo | ||
| ) |
This function requests a receipt for a given message.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to the CMS SignedData object containing the signer(s) to which to add a receipt request. |
| receiptFrom | Array of recipient email addresses from which receipts are requested. |
| numReceiptFrom | -1 for all; 0 for not on mailing list; >0 to use the receiptFrom value. |
| receiptTo | Array of email addresses to which to send receipts. |
| numReceiptTo | -1 for all; 0 for not on mailing list; >0 to use the receiptTo value. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedAddSigner | ( | CMS_signedDataContext | myCtx, |
| const ubyte * | cert, | ||
| ubyte4 | certLen, | ||
| const AsymmetricKey * | pKey, | ||
| const ubyte * | digestAlgoOID, | ||
| ubyte4 | flags, | ||
| CMS_signerInfo * | pNewSignerInfo | ||
| ) |
This function adds a signer, and optionally a certificate and authenticated atrributes, to a given SignedData object.
(Does this function "add" or "allocate, initialize, and populate"?)
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to the CMS context for the SignedData object to which to add a signer. |
| cert | Pointer to signer's DER-encoded certificate. |
| certLen | Length of the signer's DER-encoded certificate, cert. |
| pKey | Pointer to signer's key, an AsymetricKey structure. |
| digestAlgoOID | Pointer to the OID for the message digest method to use for the signer. Valid values are md5_OID or sha1_OID, defined in src/asn1/oiddefs.h. |
| flags | Zero (0) or bitmask combination (created by ORing definitions together) specifying which signing elements to include (defined in cms.h):
|
| pNewSignerInfo | On return, pointer to a newly allocated CMS_signerInfo structure (an opaque structure). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedAddSignerAttribute | ( | CMS_signedDataContext | myCtx, |
| CMS_signerInfo | signerInfo, | ||
| const ubyte * | typeOID, | ||
| ubyte4 | type, | ||
| const ubyte * | value, | ||
| ubyte4 | valueLen, | ||
| intBoolean | authenticated | ||
| ) |
This function adds an attribute (authenticated or non-authenticated) to a CMS SignedData object's signer(s).
To add an authenticated signer attribute, RFC 5652 requires that you add at least two attributes:
EncapsulatedContentInfo value being signed.A typical function call is similar to the following:
CMS_signedAddSignerAttribute(
myCtx,
mySigner,
pkcs9_emailAddress_OID,
PRINTABLESTRING,
(const ubyte*) "nobody@mocana.com",
17,
1)
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to the CMS SignedData object containing the signer(s) to which to add an attributed. |
| signerInfo | Zero (0) to add the attribute to all signers; otherwise pointer to the CMS_signerInfo structure, created by CMS_signedAddSigner(), for the signer to which to add the attribute. |
| typeOID | OID specifying the type of signer attribute to add, such as pkcs9_emailAddress_OID. |
| type | OID specifying the content type of the signer attribute; for example, the PRINTABLESTRING constant defined in src/asn1/parseasn1.h. |
| value | Pointer to the signer attribute to add; for example, "nobody@mocana.com". |
| valueLen | Length of the signer attribute to add, value. |
| authenticated | TRUE if the signer attribute to add, value, is an authenticated attribute; otherwise FALSE. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedAddSignerWithCallback | ( | MOC_HW(hwAccelDescr hwAccelCtx) CMS_signedDataContext | myCtx, |
| const ubyte * | cert, | ||
| ubyte4 | certLen, | ||
| CMS_SignData | signCallback, | ||
| void * | pCbInfo, | ||
| const ubyte * | digestAlgoOID, | ||
| ubyte4 | flags, | ||
| CMS_signerInfo * | pNewSignerInfo | ||
| ) |
Add a signer to a given SignedData object when the private key is unavailable. Later a callback will be used to perform the signing operation.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to the CMS context for the SignedData object to which to add a signer. |
| cert | Pointer to signer's DER-encoded certificate. |
| certLen | Length of the signer's DER-encoded certificate, cert. |
| signCallback | Callback that will perform a signing operation given the proper inputs. |
| pCbInfo | Optional callback argument that may be needed by your implementation. |
| digestAlgoOID | Pointer to the OID for the message digest method to use for the signer. Valid values are md5_OID or sha1_OID, defined in src/asn1/oiddefs.h. |
| flags | Zero (0) or bitmask combination (created by ORing definitions together) specifying which signing elements to include (defined in cms.h):
|
| pNewSignerInfo | On return, pointer to a newly allocated CMS_signerInfo structure (an opaque structure). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedDeleteContext | ( | MOC_HASH(hwAccelDescr hwAccelCtx) CMS_signedDataContext * | ppCtx | ) |
This function deletes and frees a CMS SignedData object that was allocated by CMS_signedNewContext().
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | ppCtx | Pointer to CMS SignedData object to delete and free. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedGetRequestInfo | ( | CMS_signedDataContext | myCtx, |
| CMS_signerInfo | signerInfo, | ||
| const ubyte ** | messageId, | ||
| ubyte4 * | messageIdLen, | ||
| const ubyte ** | digest, | ||
| ubyte4 * | digestLen, | ||
| const ubyte ** | signature, | ||
| ubyte4 * | signatureLen | ||
| ) |
This function extracts receipt request information, which should be saved for processing the receipt when it arrives.
Do not call this function until after:
TRUE for the finished parameter.CMS_signedDataContext structure. Do not free these pointers. If the CMS_signedDataContext structure is deleted, these pointers become invalid.To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to the CMS SignedData object from which to extract receipt request information. |
| signerInfo | Pointer to the CMS_signerInfo structure, created by CMS_signedAddSigner(), for the signer from which to extract receipt request information. |
| messageId | On return, pointer the address of an offset into the signed Receipt for the message ID. |
| messageIdLen | On return, pointer to length of the message ID, messageId. |
| digest | On return, pointer the address of an offset into the signed Receipt for the message digest. |
| digestLen | On return, pointer to length of the message digest, digest. |
| signature | On return, pointer the address of an offset into the signed Receipt for the signature. |
| signatureLen | On return, pointer to length of the signature, signature. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedNewContext | ( | CMS_signedDataContext * | pNewCtx, |
| const ubyte * | payloadTypeOID, | ||
| intBoolean | detached, | ||
| RNGFun | rngFun, | ||
| void * | rngFunArg | ||
| ) |
This function creates a CMS SignedData object. After you call this function, you must call other functions to populate to populate the object.
SignedData object. Instead, use CMS_newContext().To delete and free the SignedData object, call CMS_signedDeleteContext().
(FIPS-compliance info in rngFun parameter desc)
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | pNewCtx | On return, pointer to the new SignedData object. |
| payloadTypeOID | Pointer to an OID describing the data against which this SignedData object is a signature. The src/asn1/oiddefs.c file defines the valid constant arrays, such as pkcs7_data_OID. You can create a SignedData object for other types of payloads, such as pkcs7_encryptedData_OID. Refer to src/asn1/oiddefs.c for the arrays of OID types. |
| detached | TRUE if the SignedData object is a detached signature; otherwise FALSE. |
| rngFun | Pointer to a function that generates random numbers suitable for cryptographic use. To be FIPS-compliant, reference RANDOM_rngFun() (defined in random.c), and make sure that __ENABLE_MOCANA_FIPS_MODULE__ is defined in moptions.h |
| rngFunArg | Pointer to arguments that are required by the function referenced in rngFun. If you use RANDOM_rngFun(), you must supply a randomContext structure, which you can create by calling RANDOM_acquireContext(). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_signedUpdateContext | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) CMS_signedDataContext | myCtx, |
| const ubyte * | data, | ||
| ubyte4 | dataLen, | ||
| ubyte ** | ppOutput, | ||
| ubyte4 * | pOutputLen, | ||
| intBoolean | finished | ||
| ) |
This function adds data to a CMS SignedData object.
finished parameter equal to TRUE, which indicates that all the data is in and that the CMS can be generated in its entirety.To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | myCtx | Pointer to the CMS SignedData object to which to add data. |
| data | Pointer to the data to add. |
| dataLen | Length of the data to add, data. |
| ppOutput | On return, if finished is TRUE, pointer to the address of the DER-encoded, signed CMS SignedData object. |
| pOutputLen | On return, if finished is TRUE, pointer to the length of the DER-encoded, signed CMS SignedData object, ppOutput. |
| finished | TRUE if this function supplies the last data to add; otherwise FALSE. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS CMS_updateContext | ( | CMS_context | context, |
| const ubyte * | input, | ||
| ubyte4 | inputLen, | ||
| ubyte ** | ppOutput, | ||
| ubyte4 * | pOutputLen, | ||
| intBoolean * | pFinished | ||
| ) |
This function adds data to a given CMS_context. The decrypted data (if any) is returned in newly allocated output buffers. If the logical end of the processing has been reached (that is, no more data is necessary), the returned value of pFinished is TRUE.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_PKCS7__ __ENABLE_MOCANA_CMS__ | context | Pointer to the CMS_context object to which to add data. |
| input | Pointer to the data to add. |
| inputLen | Length of the data to add, input. |
| ppOutput | On return, pointer to the address of a buffer containing the ASN.1 object to which the input contents were added. |
| pOutputLen | On return, pointer to the length of the ASN.1 object, pOutput. |
| pFinished | On return, pointer TRUE if the ASN.1 object, pOutput, is complete; otherwise pointer to FALSE. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.