Guardtime KSI c SDK
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Functions
PKI Truststore

Functions

int KSI_PKITruststore_registerGlobals (KSI_CTX *ctx)
 
int KSI_PKITruststore_new (KSI_CTX *ctx, int setDefaults, KSI_PKITruststore **store)
 
void KSI_PKITruststore_free (KSI_PKITruststore *store)
 
int KSI_PKICertificate_new (KSI_CTX *ctx, const void *der, size_t der_len, KSI_PKICertificate **cert)
 
void KSI_PKICertificate_free (KSI_PKICertificate *cert)
 
int KSI_PKICertificate_fromTlv (KSI_TLV *tlv, KSI_PKICertificate **o)
 
int KSI_PKICertificate_toTlv (KSI_CTX *ctx, const KSI_PKICertificate *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv)
 
int KSI_PKICertificate_serialize (const KSI_PKICertificate *cert, unsigned char **raw, size_t *raw_len)
 
int KSI_PKISignature_new (KSI_CTX *ctx, const void *raw, size_t raw_len, KSI_PKISignature **signature)
 
void KSI_PKISignature_free (KSI_PKISignature *sig)
 
int KSI_PKISignature_extractCertificate (const KSI_PKISignature *signature, KSI_PKICertificate **cert)
 
int KSI_PKISignature_serialize (const KSI_PKISignature *sig, unsigned char **raw, size_t *raw_len)
 
int KSI_PKISignature_fromTlv (KSI_TLV *tlv, KSI_PKISignature **o)
 
int KSI_PKISignature_toTlv (KSI_CTX *ctx, const KSI_PKISignature *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv)
 
int KSI_PKITruststore_verifyRawSignature (KSI_CTX *ctx, const unsigned char *data, size_t data_len, const char *algoOid, const unsigned char *signature, size_t signature_len, const KSI_PKICertificate *cert)
 
int KSI_PKITruststore_verifySignature (KSI_PKITruststore *pki, const unsigned char *data, size_t data_len, const KSI_PKISignature *signature)
 
int KSI_PKITruststore_verifyPKISignature (const KSI_PKITruststore *pki, const unsigned char *data, size_t data_len, const KSI_PKISignature *signature, KSI_CertConstraint *certConstraints)
 
int KSI_PKITruststore_addLookupFile (const KSI_PKITruststore *store, const char *path)
 
int KSI_PKITruststore_addLookupDir (const KSI_PKITruststore *store, const char *path)
 
char * KSI_PKICertificate_toString (const KSI_PKICertificate *cert, char *buf, size_t buf_len)
 
int KSI_PKICertificate_getValidityNotBefore (const KSI_PKICertificate *cert, KSI_uint64_t *time)
 
int KSI_PKICertificate_getValidityNotAfter (const KSI_PKICertificate *cert, KSI_uint64_t *time)
 

Detailed Description

This module is used for PKI operations.

The main components are: 1) KSI_PKITruststore - contains and verifies certificates. 2) KSI_PKICertificate - an implementation independent PKI certificate object. 3) KSI_PKISignature - an implementation independent PKI signature object.

Function Documentation

void KSI_PKICertificate_free ( KSI_PKICertificate cert)

Destructor for the PKI Certificate object.

Parameters
[in]certPKI Certificate object.
int KSI_PKICertificate_fromTlv ( KSI_TLV tlv,
KSI_PKICertificate **  o 
)

Function to convert a plain KSI_TLV to a KSI_PKICertificate . The TLV meta data (i.e. tag, length and flags) are not preserved.

Parameters
[in]tlvPointer to KSI_TLV.
[out]oPointer to receiving pointer.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
See also
KSI_PKICertificate_fromTlv
int KSI_PKICertificate_getValidityNotAfter ( const KSI_PKICertificate cert,
KSI_uint64_t time 
)

Get PKI Certicate validity date not after.

Parameters
[in]certPKI Certificate object.
[in]timeValidity time not after.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKICertificate_getValidityNotBefore ( const KSI_PKICertificate cert,
KSI_uint64_t time 
)

Get PKI Certicate validity date not before.

Parameters
[in]certPKI Certificate object.
[in]timeValidity time not before.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKICertificate_new ( KSI_CTX ctx,
const void *  der,
size_t  der_len,
KSI_PKICertificate **  cert 
)

PKI Certificate constructor.

Parameters
[in]ctxKSI context.
[in]derPointer to DER encoded certificate.
[in]der_lenLength of the certificate.
[out]certPointer to the receiving pointer.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKICertificate_serialize ( const KSI_PKICertificate cert,
unsigned char **  raw,
size_t *  raw_len 
)

Function to serialise the KSI Certificate object as DER.

Parameters
[in]certPKI Certificate object.
[out]rawPointer to the receiving pointer.
[out]raw_lenSerialized length.
char* KSI_PKICertificate_toString ( const KSI_PKICertificate cert,
char *  buf,
size_t  buf_len 
)

Creates a string representation of a PKI Certificate.

Parameters
[in]certinput certificate object.
[out]bufpointer to the receiving buffer.
[in]buf_lenlength of the receiving buffer.
Returns
buf if successful, NULL otherwise;
int KSI_PKICertificate_toTlv ( KSI_CTX ctx,
const KSI_PKICertificate o,
unsigned  tag,
int  isNonCritical,
int  isForward,
KSI_TLV **  tlv 
)

Function to convert a KSI_PKICertificate to a plain KSI_TLV object.

Parameters
[in]ctxKSI context.
[in]oPointer to KSI_PKICertificate
[in]tagTag value of the KSI_TLV
[in]isNonCriticalFlag is-non-critical.
[in]isForwardFlag is-forward.
[out]tlvPointer to the receiving pointer.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
See also
KSI_PKICertificate_fromTlv, KSI_TLV_free
int KSI_PKISignature_extractCertificate ( const KSI_PKISignature signature,
KSI_PKICertificate **  cert 
)

Extracts a PKI certificate from PKI signature.

Parameters
[in]signaturePKI Signature object.
[out]certPointer to the receiving pointer.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
void KSI_PKISignature_free ( KSI_PKISignature sig)

Destructor for the PKI Signature object.

Parameters
[in]sigPKI Signature object.
int KSI_PKISignature_fromTlv ( KSI_TLV tlv,
KSI_PKISignature **  o 
)

Function to convert a plain KSI_TLV to a KSI_PKISignature . The TLV meta data (i.e. tag, length and flags) are not preserved.

Parameters
[in]tlvPointer to KSI_TLV.
[out]oPointer to receiving pointer.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
See also
KSI_PKISignature_fromTlv
int KSI_PKISignature_new ( KSI_CTX ctx,
const void *  raw,
size_t  raw_len,
KSI_PKISignature **  signature 
)

Constructor for PKI Signature object.

Parameters
[in]ctxKSI context.
[in]rawPKCS7 encoded signature.
[in]raw_lenSignature len.
[out]signaturePointer to the receiving pointer.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKISignature_serialize ( const KSI_PKISignature sig,
unsigned char **  raw,
size_t *  raw_len 
)

Serializes the KSI_PKISignature object.

Parameters
[in]sigPointer to the PKI signature.
[out]rawPointer to the receiving pointer.
[out]raw_lenSerialized value length.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKISignature_toTlv ( KSI_CTX ctx,
const KSI_PKISignature o,
unsigned  tag,
int  isNonCritical,
int  isForward,
KSI_TLV **  tlv 
)

Function to convert a KSI_PKISignature to a plain KSI_TLV object.

Parameters
[in]ctxKSI context.
[in]oPointer to KSI_PKISignature
[in]tagTag value of the KSI_TLV
[in]isNonCriticalFlag is-non-critical.
[in]isForwardFlag is-forward.
[out]tlvPointer to the receiving pointer.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
See also
KSI_PKISignature_fromTlv, KSI_TLV_free
int KSI_PKITruststore_addLookupDir ( const KSI_PKITruststore store,
const char *  path 
)

Add trusted certificate lookup directory.

Parameters
[in]storePKI truststore.
[in]pathNull-terminated sting path to the directory containing trusted certificates..
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_addLookupFile ( const KSI_PKITruststore store,
const char *  path 
)

Add trusted certificate lookup file.

Parameters
[in]storePKI truststore.
[in]pathNull-terminated sting path to the file containing trusted certificates.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
void KSI_PKITruststore_free ( KSI_PKITruststore store)

Destructor for the PKI Truststore object.

Parameters
[in]storePKI Truststore object.
int KSI_PKITruststore_new ( KSI_CTX ctx,
int  setDefaults,
KSI_PKITruststore **  store 
)

PKI Truststore constructor. If setDefaults == 1, the truststore is initiated with default settings, otherwise a blank truststore is created.

Parameters
[in]ctxKSI context.
[in]setDefaultsWith or without default system settings.
[out]storePointer to the receiving pointer.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_registerGlobals ( KSI_CTX ctx)

This function is used to register the init and cleanup functions of the truststore. The init function is called once per KSI context and the cleanup function is called once when the KSI context is freed with KSI_CTX_free.

Parameters
[in]ctxKSI context.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_verifyPKISignature ( const KSI_PKITruststore pki,
const unsigned char *  data,
size_t  data_len,
const KSI_PKISignature signature,
KSI_CertConstraint certConstraints 
)

Function for verifying the data with PKI Signature. Explicitly verifies against publications file constraints specified in certConstraints. If NULL is passed as certConstraints, verification is performed implicitly against context based constraints.

Parameters
[in]pkiPKI Truststore.
[in]dataPointer to signed data.
[in]data_lenLength of the signed data.
[in]signaturePKI signature object.
[in]certConstraintsPKI certificate constraints.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_verifyRawSignature ( KSI_CTX ctx,
const unsigned char *  data,
size_t  data_len,
const char *  algoOid,
const unsigned char *  signature,
size_t  signature_len,
const KSI_PKICertificate cert 
)

Function for verifying a raw PKCS#1 signature. TODO! - explain in detail!

Parameters
[in]ctxKSI context.
[in]dataPointer to input data.
[in]data_lenInput data len.
[in]algoOidAlgorithm OID used to sign the input data.
[in]signaturePointer to the raw PKCS#1 signature.
[in]signature_lenSignature length.
[in]certPKI Certificate object.
Returns
status code (KSI_OK, when operation succeeded, otherwise an error code).
int KSI_PKITruststore_verifySignature ( KSI_PKITruststore pki,
const unsigned char *  data,
size_t  data_len,
const KSI_PKISignature signature 
)