|
int | KSI_PKITruststore_registerGlobals (KSI_CTX *ctx) |
|
int | KSI_PKITruststore_new (KSI_CTX *ctx, int setDefaults, KSI_PKITruststore **store) |
|
void | KSI_PKITruststore_free (KSI_PKITruststore *store) |
|
int | KSI_PKICertificate_new (KSI_CTX *ctx, const void *der, size_t der_len, KSI_PKICertificate **cert) |
|
void | KSI_PKICertificate_free (KSI_PKICertificate *cert) |
|
int | KSI_PKICertificate_fromTlv (KSI_TLV *tlv, KSI_PKICertificate **o) |
|
int | KSI_PKICertificate_toTlv (KSI_CTX *ctx, const KSI_PKICertificate *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv) |
|
int | KSI_PKICertificate_serialize (const KSI_PKICertificate *cert, unsigned char **raw, size_t *raw_len) |
|
int | KSI_PKISignature_new (KSI_CTX *ctx, const void *raw, size_t raw_len, KSI_PKISignature **signature) |
|
void | KSI_PKISignature_free (KSI_PKISignature *sig) |
|
int | KSI_PKISignature_extractCertificate (const KSI_PKISignature *signature, KSI_PKICertificate **cert) |
|
int | KSI_PKISignature_serialize (const KSI_PKISignature *sig, unsigned char **raw, size_t *raw_len) |
|
int | KSI_PKISignature_fromTlv (KSI_TLV *tlv, KSI_PKISignature **o) |
|
int | KSI_PKISignature_toTlv (KSI_CTX *ctx, const KSI_PKISignature *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv) |
|
int | KSI_PKITruststore_verifyRawSignature (KSI_CTX *ctx, const unsigned char *data, size_t data_len, const char *algoOid, const unsigned char *signature, size_t signature_len, const KSI_PKICertificate *cert) |
|
int | KSI_PKITruststore_verifySignature (KSI_PKITruststore *pki, const unsigned char *data, size_t data_len, const KSI_PKISignature *signature) |
|
int | KSI_PKITruststore_verifyPKISignature (const KSI_PKITruststore *pki, const unsigned char *data, size_t data_len, const KSI_PKISignature *signature, KSI_CertConstraint *certConstraints) |
|
int | KSI_PKITruststore_addLookupFile (const KSI_PKITruststore *store, const char *path) |
|
int | KSI_PKITruststore_addLookupDir (const KSI_PKITruststore *store, const char *path) |
|
char * | KSI_PKICertificate_toString (const KSI_PKICertificate *cert, char *buf, size_t buf_len) |
|
int | KSI_PKICertificate_getValidityNotBefore (const KSI_PKICertificate *cert, KSI_uint64_t *time) |
|
int | KSI_PKICertificate_getValidityNotAfter (const KSI_PKICertificate *cert, KSI_uint64_t *time) |
|
This module is used for PKI operations.
The main components are: 1) KSI_PKITruststore - contains and verifies certificates. 2) KSI_PKICertificate - an implementation independent PKI certificate object. 3) KSI_PKISignature - an implementation independent PKI signature object.
Destructor for the PKI Certificate object.
- Parameters
-
[in] | cert | PKI Certificate object. |
Function to convert a plain KSI_TLV to a KSI_PKICertificate . The TLV meta data (i.e. tag, length and flags) are not preserved.
- Parameters
-
[in] | tlv | Pointer to KSI_TLV. |
[out] | o | Pointer to receiving pointer. |
- Returns
- status code (
KSI_OK
, when operation succeeded, otherwise an error code).
- See also
- KSI_PKICertificate_fromTlv
Get PKI Certicate validity date not after.
- Parameters
-
[in] | cert | PKI Certificate object. |
[in] | time | Validity time not after. |
- Returns
- status code (
KSI_OK
, when operation succeeded, otherwise an error code).
Get PKI Certicate validity date not before.
- Parameters
-
[in] | cert | PKI Certificate object. |
[in] | time | Validity time not before. |
- Returns
- status code (
KSI_OK
, when operation succeeded, otherwise an error code).
PKI Certificate constructor.
- Parameters
-
[in] | ctx | KSI context. |
[in] | der | Pointer to DER encoded certificate. |
[in] | der_len | Length of the certificate. |
[out] | cert | Pointer to the receiving pointer. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKICertificate_serialize |
( |
const KSI_PKICertificate * |
cert, |
|
|
unsigned char ** |
raw, |
|
|
size_t * |
raw_len |
|
) |
| |
Function to serialise the KSI Certificate object as DER.
- Parameters
-
[in] | cert | PKI Certificate object. |
[out] | raw | Pointer to the receiving pointer. |
[out] | raw_len | Serialized length. |
char* KSI_PKICertificate_toString |
( |
const KSI_PKICertificate * |
cert, |
|
|
char * |
buf, |
|
|
size_t |
buf_len |
|
) |
| |
Creates a string representation of a PKI Certificate.
- Parameters
-
[in] | cert | input certificate object. |
[out] | buf | pointer to the receiving buffer. |
[in] | buf_len | length of the receiving buffer. |
- Returns
- buf if successful, NULL otherwise;
Extracts a PKI certificate from PKI signature.
- Parameters
-
[in] | signature | PKI Signature object. |
[out] | cert | Pointer to the receiving pointer. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
Destructor for the PKI Signature object.
- Parameters
-
[in] | sig | PKI Signature object. |
Function to convert a plain KSI_TLV to a KSI_PKISignature . The TLV meta data (i.e. tag, length and flags) are not preserved.
- Parameters
-
[in] | tlv | Pointer to KSI_TLV. |
[out] | o | Pointer to receiving pointer. |
- Returns
- status code (
KSI_OK
, when operation succeeded, otherwise an error code).
- See also
- KSI_PKISignature_fromTlv
Constructor for PKI Signature object.
- Parameters
-
[in] | ctx | KSI context. |
[in] | raw | PKCS7 encoded signature. |
[in] | raw_len | Signature len. |
[out] | signature | Pointer to the receiving pointer. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKISignature_serialize |
( |
const KSI_PKISignature * |
sig, |
|
|
unsigned char ** |
raw, |
|
|
size_t * |
raw_len |
|
) |
| |
Serializes the KSI_PKISignature object.
- Parameters
-
[in] | sig | Pointer to the PKI signature. |
[out] | raw | Pointer to the receiving pointer. |
[out] | raw_len | Serialized value length. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_addLookupDir |
( |
const KSI_PKITruststore * |
store, |
|
|
const char * |
path |
|
) |
| |
Add trusted certificate lookup directory.
- Parameters
-
[in] | store | PKI truststore. |
[in] | path | Null-terminated sting path to the directory containing trusted certificates.. |
- Returns
- status code (
KSI_OK
, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_addLookupFile |
( |
const KSI_PKITruststore * |
store, |
|
|
const char * |
path |
|
) |
| |
Add trusted certificate lookup file.
- Parameters
-
[in] | store | PKI truststore. |
[in] | path | Null-terminated sting path to the file containing trusted certificates. |
- Returns
- status code (
KSI_OK
, when operation succeeded, otherwise an error code).
Destructor for the PKI Truststore object.
- Parameters
-
[in] | store | PKI Truststore object. |
PKI Truststore constructor. If setDefaults
== 1
, the truststore is initiated with default settings, otherwise a blank truststore is created.
- Parameters
-
[in] | ctx | KSI context. |
[in] | setDefaults | With or without default system settings. |
[out] | store | Pointer to the receiving pointer. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_registerGlobals |
( |
KSI_CTX * |
ctx | ) |
|
This function is used to register the init and cleanup functions of the truststore. The init function is called once per KSI context and the cleanup function is called once when the KSI context is freed with KSI_CTX_free.
- Parameters
-
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
Function for verifying the data with PKI Signature. Explicitly verifies against publications file constraints specified in certConstraints
. If NULL is passed as certConstraints
, verification is performed implicitly against context based constraints.
- Parameters
-
[in] | pki | PKI Truststore. |
[in] | data | Pointer to signed data. |
[in] | data_len | Length of the signed data. |
[in] | signature | PKI signature object. |
[in] | certConstraints | PKI certificate constraints. |
- Returns
- status code (
KSI_OK
, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_verifyRawSignature |
( |
KSI_CTX * |
ctx, |
|
|
const unsigned char * |
data, |
|
|
size_t |
data_len, |
|
|
const char * |
algoOid, |
|
|
const unsigned char * |
signature, |
|
|
size_t |
signature_len, |
|
|
const KSI_PKICertificate * |
cert |
|
) |
| |
Function for verifying a raw PKCS#1 signature. TODO! - explain in detail!
- Parameters
-
[in] | ctx | KSI context. |
[in] | data | Pointer to input data. |
[in] | data_len | Input data len. |
[in] | algoOid | Algorithm OID used to sign the input data. |
[in] | signature | Pointer to the raw PKCS#1 signature. |
[in] | signature_len | Signature length. |
[in] | cert | PKI Certificate object. |
- Returns
- status code (
KSI_OK
, when operation succeeded, otherwise an error code).