 |
TrustCore SDK NanoCrypto API reference
version 7.0
|
|
TrustCore SDK NanoCrypto API reference
version 7.0
|
Header file for ASN.1 Certificate Chain Verification. More...
Go to the source code of this file.
Data Structures | |
| struct | ValidationConfig |
| Validation configuration structure. More... | |
Typedefs | |
| typedef struct certChain * | certChainPtr |
| typedef MSTATUS(* | funcPtrWalkStr) (const ubyte *, ubyte4, ubyte4 *) |
Functions | |
| MOC_EXTERN MSTATUS | CERTCHAIN_createFromCVC (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, struct certDescriptor certiDesc[], ubyte4 numCertDesc) |
| Build a certificate chain from a certificate descriptor containing CV certs. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_createFromIKE (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, struct certDescriptor certiDesc[], ubyte4 numCertDesc) |
| Build a certificate chain from a certificate descriptor. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_createFromSSH (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSHCertChainBuf, ubyte4 sshCertChainBufLen, ubyte4 *pBufIndex) |
| Build a certificate chain from an SSH Certificate chain buffer. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_createFromSSHEx (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSHCertChainBuf, ubyte4 sshCertChainBufLen, ubyte4 *pBufIndex, funcPtrWalkStr walkStrFunc) |
| Build a certificate chain from an SSH Certificate chain buffer. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_createFromSSLRecord (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSLCertificateMsg, ubyte4 sslCertificateMsgLen) |
| Build a certificate chain from an SSL Certificate message. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_createFromSSLRecordEx (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSLCertificateMsg, ubyte4 sslCertificateMsgLen, ubyte sslMinorVersion) |
| MOC_EXTERN MSTATUS | CERTCHAIN_CVC_createFromSSLRecordEx (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSLCertificateMsg, ubyte4 sslCertificateMsgLen, ubyte sslMinorVersion, byteBoolean *pIsCvc) |
| Build a certificate chain from an SSL Certificate message. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_CVC_validate (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr pCertChain, ValidationConfig *validationConfig) |
| Validates a CV certificate chain with respect to a validation configuration. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_delete (certChainPtr *ppCertChain) |
| Deletes a certificate chain and alll memory allocated within it. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_getCertificate (certChainPtr pCertChain, ubyte4 indexInChain, const ubyte **certDerData, ubyte4 *certDerDataLen) |
| Gets a certificate from a chain. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_getCertificateExtensions (certChainPtr pCertChain, ubyte4 index, ubyte **ppCertExts, ubyte4 *pCertExtLen) |
| MOC_EXTERN MSTATUS | CERTCHAIN_getCertificateExtensionsCertStatus (certChainPtr pCertChain, ubyte4 index, ubyte **ppOcspExt, ubyte4 *pOcspExtLen) |
| MOC_EXTERN MSTATUS | CERTCHAIN_getKey (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr pCertChain, ubyte4 indexInChain, struct AsymmetricKey *pubKey) |
| Gets the public key of a certificate from a chain. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_getRSASigAlgo (certChainPtr pCertChain, ubyte4 indexInChain, ubyte *sigAlgo) |
| Gets the RSA hash algorithm in a certificate from a chain. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_isComplete (certChainPtr pCertChain, intBoolean *complete) |
| Checks whether the last certificate in the chain is a self-signed certificate. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_numberOfCertificates (certChainPtr pCertChain, ubyte4 *numCerts) |
| Gets the number of certificates in a chain. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_validate (MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr pCertChain, ValidationConfig *validationConfig) |
| Validates a certificate chain with respect to a validation configuration. More... | |
| MOC_EXTERN MSTATUS | CERTCHAIN_validateAll (MOC_ASYM(hwAccelDescr hwAccelCtx) ubyte *pCertArr, sbyte4 certArrLen, ValidationConfig *pConfig, certChainPtr *ppRetChain) |
| Validates an array of certificates with respect to a validation configuration. More... | |
Header file for ASN.1 Certificate Chain Verification.
| MOC_EXTERN MSTATUS CERTCHAIN_createFromCVC | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr * | ppNewCertChain, |
| struct certDescriptor | certiDesc[], | ||
| ubyte4 | numCertDesc | ||
| ) |
Build a certificate chain from a certificate descriptor. This method allocates memory so be sure to call CERTCHAIN_delete when done with the new cert chain.
| ppNewCertChain | Pointer to the location of the newly allocated certificate chain. |
| certiDesc | Array of certificate descriptors. Please see the certDescriptor type definition in ca_mgmt.h. |
| numCertDesc | The number of certificate descriptors in the array certiDesc. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_createFromIKE | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr * | ppNewCertChain, |
| struct certDescriptor | certiDesc[], | ||
| ubyte4 | numCertDesc | ||
| ) |
Build a certificate chain from a certificate descriptor. This method allocates memory so be sure to call CERTCHAIN_delete when done with the new cert chain.
| ppNewCertChain | Pointer to the location of the newly allocated certificate chain. |
| certiDesc | Array of certificate descriptors. Please see the certDescriptor type definition in ca_mgmt.h. |
| numCertDesc | The number of certificate descriptors in the array certiDesc. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_createFromSSH | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr * | ppNewCertChain, |
| const ubyte * | pSSHCertChainBuf, | ||
| ubyte4 | sshCertChainBufLen, | ||
| ubyte4 * | pBufIndex | ||
| ) |
Build a certificate chain from an SSH Certificate chain buffer. This method allocates memory so be sure to call CERTCHAIN_delete when done with the new cert chain.
| ppNewCertChain | Pointer to the location of the newly allocated certificate chain. |
| pSSHCertChainBuf | The SSH certificate chain buffer. |
| sshCertChainBufLen | The length of pSSHCertChainBuf buffer in bytes. |
| pBufIndex | Contents should begin at the offset in the pSSHCertChainBuf buffer where the certificate chain begins. This is the number of certificates in the chain field. Contents will be updated to the end of the certificate chain buffer when done. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_createFromSSHEx | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr * | ppNewCertChain, |
| const ubyte * | pSSHCertChainBuf, | ||
| ubyte4 | sshCertChainBufLen, | ||
| ubyte4 * | pBufIndex, | ||
| funcPtrWalkStr | walkStrFunc | ||
| ) |
Build a certificate chain from an SSH Certificate chain buffer. This method allocates memory so be sure to call CERTCHAIN_delete when done with the new cert chain.
| ppNewCertChain | Pointer to the location of the newly allocated certificate chain. |
| pSSHCertChainBuf | The SSH certificate chain buffer. |
| sshCertChainBufLen | The length of pSSHCertChainBuf buffer in bytes. |
| pBufIndex | Contents should begin at the offset in the pSSHCertChainBuf buffer where the certificate chain begins. This is the number of certificates in the chain field. Contents will be updated to the end of the certificate chain buffer when done. |
| walkStrFunc | Function pointer that performs an SSH string walk. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_createFromSSLRecord | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr * | ppNewCertChain, |
| const ubyte * | pSSLCertificateMsg, | ||
| ubyte4 | sslCertificateMsgLen | ||
| ) |
Build a certificate chain from an SSL Certificate message. This method allocates memory so be sure to call CERTCHAIN_delete when done with the new cert chain.
| ppNewCertChain | Pointer to the location of the newly allocated certificate chain. |
| pSSLCertificateMsg | The SSL certificate message. This should be a pointer to the certificate chain length (medium) field after the message type (11). |
| sslCertificateMsgLen | The length of pSSLCertificateMsg buffer in bytes. This should be the number of bytes after the message type (11), so 3 bytes more than the length contained in the medium length. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_CVC_createFromSSLRecordEx | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr * | ppNewCertChain, |
| const ubyte * | pSSLCertificateMsg, | ||
| ubyte4 | sslCertificateMsgLen, | ||
| ubyte | sslMinorVersion, | ||
| byteBoolean * | pIsCvc | ||
| ) |
Build a certificate chain from an SSL Certificate message. This method allocates memory so be sure to call CERTCHAIN_delete when done with the new cert chain.
| ppNewCertChain | Pointer to the location of the newly allocated certificate chain. |
| pSSLCertificateMsg | The SSL certificate message. This should be a pointer to the certificate chain length (medium) field after the message type (11). |
| sslCertificateMsgLen | The length of pSSLCertificateMsg buffer in bytes. This should be the number of bytes after the message type (11), so 3 bytes more than the length contained in the medium length. |
| pIsCvc | Will be set to TRUE if the cert chain is formed using CV certificates. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_CVC_validate | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr | pCertChain, |
| ValidationConfig * | validationConfig | ||
| ) |
Validates a certificate chain with respect to a validation configuration. Options in the configuration are to
If the root of trust certificate was not in the cert chain but was found in the cert store, this method will optionally output it. Please also see the description of the ValidationConfig type.
| pCertChain | Pointer to the input cert chain to be validated, created using CERTCHAIN_createFromCVC. |
| validationConfig | Pointer to the input validation config. If the root of trust certificate was not in the cert chain but was in the cert store, the anchorCert field and anchorCertLen field will be set to it and its length in bytes. |
OK (0) if successful and all validation is valid, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_delete | ( | certChainPtr * | ppCertChain | ) |
Deletes a certificate chain and alll memory allocated within it.
| ppCertChain | Pointer to the location of the certificate chain to be deleted. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_getCertificate | ( | certChainPtr | pCertChain, |
| ubyte4 | indexInChain, | ||
| const ubyte ** | certDerData, | ||
| ubyte4 * | certDerDataLen | ||
| ) |
Gets a certificate from a chain. Index 0 is the leaf certificate and the last valid index will be the root certificate. Memory is not allocated by this method.
| pCertChain | Pointer to the input certificate chain. |
| indexInChain | The index to retrieve, with 0 being the leaf and the last valid index being the root. |
| certDerData | Pointer to the location of the requested certificate in DER form. |
| certDerDataLen | Contents will be set to the length of the requested certificate in bytes. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_getKey | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr | pCertChain, |
| ubyte4 | indexInChain, | ||
| struct AsymmetricKey * | pubKey | ||
| ) |
Gets the public key of a certificate from a chain. Index 0 is the leaf certificate and the last valid index will be the root certificate. Memory is not allocated by this method.
| pCertChain | Pointer to the input certificate chain. |
| indexInChain | The index to retrieve, with 0 being the leaf and the last valid index being the root. |
| pubKey | Pointer to a previously initialized AsymmetricKey. This key will be set according to the certificate found via the indexInChain passed in. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_getRSASigAlgo | ( | certChainPtr | pCertChain, |
| ubyte4 | indexInChain, | ||
| ubyte * | sigAlgo | ||
| ) |
Gets the RSA hash algorithm in a certificate from a chain. Index 0 is the leaf certificate and the last valid index will be the root certificate.
| pCertChain | Pointer to the input certificate chain. |
| indexInChain | The index to retrieve, with 0 being the leaf and the last valid index being the root. |
| sigAlgo | Contents will be set to the hash algorithm identifier found in the requested certificate. This is one of the ht_<...> types found in crypto.h. Note this is stored in a single byte. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_isComplete | ( | certChainPtr | pCertChain, |
| intBoolean * | complete | ||
| ) |
Checks whether the last certificate in the chain is a self-signed certificate.
| pCertChain | Pointer to the input certificate chain. |
| complete | Contents will be set to TRUE if the last certificate is self-signed. and FALSE otherwise. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_numberOfCertificates | ( | certChainPtr | pCertChain, |
| ubyte4 * | numCerts | ||
| ) |
Gets the number of certificates in a chain.
| pCertChain | Pointer to the input certificate chain. |
| numCerts | Contents will be set to the number of certificates in the chain. |
OK (0) if successful, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_validate | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr | pCertChain, |
| ValidationConfig * | validationConfig | ||
| ) |
Validates a certificate chain with respect to a validation configuration. Options in the configuration are to
If the root of trust certificate was not in the cert chain but was found in the cert store, this method will optionally output it. Please also see the description of the ValidationConfig type.
| pCertChain | Pointer to the input cert chain to be validated. |
| validationConfig | Pointer to the input validation config. If the root of trust certificate was not in the cert chain but was in the cert store, the anchorCert field and anchorCertLen field will be set to it and its length in bytes. |
OK (0) if successful and all validation is valid, otherwise a negative number error code from merrors.h. | MOC_EXTERN MSTATUS CERTCHAIN_validateAll | ( | MOC_ASYM(hwAccelDescr hwAccelCtx) ubyte * | pCertArr, |
| sbyte4 | certArrLen, | ||
| ValidationConfig * | pConfig, | ||
| certChainPtr * | ppRetChain | ||
| ) |
and upon success will return the certificates in a certificate chain form.
Validates an array of certificates with respect to a validation configuration and upon success will return the certificates in a certificate chain form. The array of certificates can be in any order. Validation will only be done with respect to a trusted cert store and with respect to dates of validity. This function will also allow self-signed certificates. The certificate array provided to this function must only contain DER encoded certificates. Note also if validation is successful then memory will be allocated to store the resulting chain. Please be sure to use CERTCHAIN_delete to delete it when done with it.
| pCertArr | Pointer to the array of certificates. All certificates within the certificate chain must be DER encoded. |
| certArrLen | Length of the certificate array in bytes. |
| pConfig | Pointer to the ValidationConfig struct. This struct must contain which certificate store to validate against and optionally may contain the time to validate against. |
| ppRetChain | Pointer to the location of the resulting chain. The certificate chain will only be computed if the validation was successful. |
OK (0) if successful and all validation is valid, otherwise a negative number error code from merrors.h.