Functions
ASN.1

Functions

WOLFSSL_API int wc_InitCert (Cert *)
 This function initializes a default cert, with the default options: version = 3 (0x2), serial = 0, sigType = SHA_WITH_RSA, issuer = blank, daysValid = 500, selfSigned = 1 (true) use subject as issuer, subject = blank. More...
 
WOLFSSL_API int wc_MakeCert (Cert *, byte *derBuffer, word32 derSz, RsaKey *, ecc_key *, WC_RNG *)
 Used to make CA signed certs. Called after the subject information has been entered. This function makes an x509 Certificate v3 RSA or ECC from a cert input. It then writes this cert to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate. The certificate must be initialized with wc_InitCert before this method is called. More...
 
WOLFSSL_API int wc_MakeCertReq (Cert *, byte *derBuffer, word32 derSz, RsaKey *, ecc_key *)
 This function makes a certificate signing request using the input certificate and writes the output to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate request. wc_SignCert() will need to be called after this function to sign the certificate request. Please see the wolfCrypt test application (./wolfcrypt/test/test.c) for an example usage of this function. More...
 
WOLFSSL_API int wc_SignCert (int requestSz, int sigType, byte *derBuffer, word32 derSz, RsaKey *, ecc_key *, WC_RNG *)
 This function signs buffer and adds the signature to the end of buffer. It takes in a signature type. Must be called after wc_MakeCert() or wc_MakeCertReq() if creating a CA signed cert. More...
 
WOLFSSL_API int wc_MakeSelfCert (Cert *, byte *derBuffer, word32 derSz, RsaKey *, WC_RNG *)
 This function is a combination of the previous two functions, wc_MakeCert and wc_SignCert for self signing (the previous functions may be used for CA requests). It makes a certificate, and then signs it, generating a self-signed certificate. More...
 
WOLFSSL_API int wc_SetIssuer (Cert *, const char *)
 This function sets the issuer for a certificate to the issuer in the provided pem issuerFile. It also changes the certificate’s self-signed attribute to false. The issuer specified in issuerFile is verified prior to setting the cert issuer. This method is used to set fields prior to signing. More...
 
WOLFSSL_API int wc_SetSubject (Cert *, const char *)
 This function sets the subject for a certificate to the subject in the provided pem subjectFile. This method is used to set fields prior to signing. More...
 
WOLFSSL_API int wc_SetSubjectRaw (Cert *cert, const byte *der, int derSz)
 This function sets the raw subject for a certificate from the subject in the provided der buffer. This method is used to set the raw subject field prior to signing. More...
 
WOLFSSL_API int wc_GetSubjectRaw (byte **subjectRaw, Cert *cert)
 This function gets the raw subject from the certificate structure. More...
 
WOLFSSL_API int wc_SetAltNames (Cert *, const char *)
 This function sets the alternate names for a certificate to the alternate names in the provided pem file. This is useful in the case that one wishes to secure multiple domains with the same certificate. This method is used to set fields prior to signing. More...
 
WOLFSSL_API int wc_SetIssuerBuffer (Cert *, const byte *, int)
 This function sets the issuer for a certificate from the issuer in the provided der buffer. It also changes the certificate’s self-signed attribute to false. This method is used to set fields prior to signing. More...
 
WOLFSSL_API int wc_SetIssuerRaw (Cert *cert, const byte *der, int derSz)
 This function sets the raw issuer for a certificate from the issuer in the provided der buffer. This method is used to set the raw issuer field prior to signing. More...
 
WOLFSSL_API int wc_SetSubjectBuffer (Cert *, const byte *, int)
 This function sets the subject for a certificate from the subject in the provided der buffer. This method is used to set fields prior to signing. More...
 
WOLFSSL_API int wc_SetAltNamesBuffer (Cert *, const byte *, int)
 This function sets the alternate names for a certificate from the alternate names in the provided der buffer. This is useful in the case that one wishes to secure multiple domains with the same certificate. This method is used to set fields prior to signing. More...
 
WOLFSSL_API int wc_SetDatesBuffer (Cert *, const byte *, int)
 This function sets the dates for a certificate from the date range in the provided der buffer. This method is used to set fields prior to signing. More...
 
WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey (Cert *cert, RsaKey *rsakey, ecc_key *eckey)
 Set AKID from either an RSA or ECC public key. note: Only set one of rsakey or eckey, not both. More...
 
WOLFSSL_API int wc_SetAuthKeyIdFromCert (Cert *cert, const byte *der, int derSz)
 Set AKID from from DER encoded certificate. More...
 
WOLFSSL_API int wc_SetAuthKeyId (Cert *cert, const char *file)
 Set AKID from certificate file in PEM format. More...
 
WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey (Cert *cert, RsaKey *rsakey, ecc_key *eckey)
 Set SKID from RSA or ECC public key. More...
 
WOLFSSL_API int wc_SetSubjectKeyId (Cert *cert, const char *file)
 Set SKID from public key file in PEM format. Both arguments are required. More...
 
WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey (Cert *cert, byte *ntruKey, word16 ntruKeySz)
 Set SKID from NTRU public key. More...
 
WOLFSSL_API int wc_MakeNtruCert (Cert *, byte *derBuffer, word32 derSz, const byte *ntruKey, word16 keySz, WC_RNG *)
 Used to make CA signed certs. Called after the subject information has been entered. This function makes an NTRU Certificate from a cert input. It then writes this cert to derBuffer. It takes in an ntruKey and a rng to generate the certificate. The certificate must be initialized with wc_InitCert before this method is called. More...
 
WOLFSSL_API int wc_PemPubKeyToDer (const char *fileName, unsigned char *derBuf, int derSz)
 Loads a PEM key from a file and converts to a DER encoded buffer. More...
 
WOLFSSL_API int wc_PubKeyPemToDer (const unsigned char *, int, unsigned char *, int)
 Convert a PEM encoded public key to DER. Returns the number of bytes written to the buffer or a negative value for an error. More...
 
WOLFSSL_API int wc_PemCertToDer (const char *fileName, unsigned char *derBuf, int derSz)
 This function converts a pem certificate to a der certificate, and places the resulting certificate in the derBuf buffer provided. More...
 
WOLFSSL_API int wc_DerToPem (const byte *der, word32 derSz, byte *output, word32 outputSz, int type)
 This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output. More...
 
WOLFSSL_API int wc_DerToPemEx (const byte *der, word32 derSz, byte *output, word32 outputSz, byte *cipherIno, int type)
 This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output. Allows setting cipher info. More...
 
WOLFSSL_API int wc_EccPrivateKeyDecode (const byte *, word32 *, ecc_key *, word32)
 This function reads in an ECC private key from the input buffer, input, parses the private key, and uses it to generate an ecc_key object, which it stores in key. More...
 
WOLFSSL_API int wc_EccKeyToDer (ecc_key *, byte *output, word32 inLen)
 This function writes a private ECC key to der format. More...
 
WOLFSSL_API int wc_EccPublicKeyDecode (const byte *, word32 *, ecc_key *, word32)
 Decodes an ECC public key from an input buffer. It will parse an ASN sequence to retrieve the ECC key. More...
 
WOLFSSL_API int wc_EccPublicKeyToDer (ecc_key *, byte *output, word32 inLen, int with_AlgCurve)
 This function converts the ECC public key to DER format. It returns the size of buffer used. The public ECC key in DER format is stored in output buffer. with_AlgCurve is a flag for when to include a header that has the Algorithm and Curve information. More...
 
WOLFSSL_API word32 wc_EncodeSignature (byte *out, const byte *digest, word32 digSz, int hashOID)
 This function encodes a digital signature into the output buffer, and returns the size of the encoded signature created. More...
 
WOLFSSL_API int wc_GetCTC_HashOID (int type)
 This function returns the hash OID that corresponds to a hashing type. For example, when given the type: SHA512, this function returns the identifier corresponding to a SHA512 hash, SHA512h. More...
 

Detailed Description

Function Documentation

◆ wc_DerToPem()

WOLFSSL_API int wc_DerToPem ( const byte *  der,
word32  derSz,
byte *  output,
word32  outputSz,
int  type 
)

This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output.

Returns
Success On successfully making a pem certificate from the input der cert, returns the size of the pem cert generated.
BAD_FUNC_ARG Returned if there is an error parsing the der file and storing it as a pem file
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_INPUT_E Returned in the case of a base 64 encoding error
BUFFER_E May be returned if the output buffer is too small to store the pem formatted certificate
Parameters
derpointer to the buffer of the certificate to convert
derSzsize of the the certificate to convert
outputpointer to the buffer in which to store the pem formatted certificate
outSzsize of the buffer in which to store the pem formatted certificate
typethe type of certificate to generate. Valid types are: CERT_TYPE, PRIVATEKEY_TYPE, ECC_PRIVATEKEY_TYPE, and CERTREQ_TYPE.

Example

byte* der;
// initialize der with certificate
byte* pemFormatted[FOURK_BUF];
word32 pemSz;
pemSz = wc_DerToPem(der, derSz,pemFormatted,FOURK_BUF, CERT_TYPE);
See also
wc_PemCertToDer

◆ wc_DerToPemEx()

WOLFSSL_API int wc_DerToPemEx ( const byte *  der,
word32  derSz,
byte *  output,
word32  outputSz,
byte *  cipherIno,
int  type 
)

This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output. Allows setting cipher info.

Returns
Success On successfully making a pem certificate from the input der cert, returns the size of the pem cert generated.
BAD_FUNC_ARG Returned if there is an error parsing the der file and storing it as a pem file
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_INPUT_E Returned in the case of a base 64 encoding error
BUFFER_E May be returned if the output buffer is too small to store the pem formatted certificate
Parameters
derpointer to the buffer of the certificate to convert
derSzsize of the the certificate to convert
outputpointer to the buffer in which to store the pem formatted certificate
outSzsize of the buffer in which to store the pem formatted certificate
cipher_infAdditional cipher information.
typethe type of certificate to generate. Valid types are: CERT_TYPE, PRIVATEKEY_TYPE, ECC_PRIVATEKEY_TYPE, and CERTREQ_TYPE.

Example

byte* der;
// initialize der with certificate
byte* pemFormatted[FOURK_BUF];
word32 pemSz;
byte* cipher_info[] { Additional cipher info. }
pemSz = wc_DerToPemEx(der, derSz,pemFormatted,FOURK_BUF, ,CERT_TYPE);
See also
wc_PemCertToDer

◆ wc_EccKeyToDer()

WOLFSSL_API int wc_EccKeyToDer ( ecc_key ,
byte *  output,
word32  inLen 
)

This function writes a private ECC key to der format.

Returns
Success On successfully writing the ECC key to der format, returns the length written to the buffer
BAD_FUNC_ARG Returned if key or output is null, or inLen equals zero
MEMORY_E Returned if there is an error allocating memory with XMALLOC
BUFFER_E Returned if the converted certificate is too large to store in the output buffer
ASN_UNKNOWN_OID_E Returned if the ECC key used is of an unknown type
MP_MEM Returned if there is an error in the math library used while parsing the private key
MP_VAL Returned if there is an error in the math library used while parsing the private key
MP_RANGE Returned if there is an error in the math library used while parsing the private key
Parameters
keypointer to the buffer containing the input ecc key
outputpointer to a buffer in which to store the der formatted key
inLenthe length of the buffer in which to store the der formatted key

Example

int derSz;
ecc_key key;
// initialize and make key
byte der[FOURK_BUF];
// store der formatted key here
derSz = wc_EccKeyToDer(&key, der, FOURK_BUF);
if(derSz < 0) {
// error converting ecc key to der buffer
}
See also
wc_RsaKeyToDer

◆ wc_EccPrivateKeyDecode()

WOLFSSL_API int wc_EccPrivateKeyDecode ( const byte *  ,
word32 *  ,
ecc_key ,
word32   
)

This function reads in an ECC private key from the input buffer, input, parses the private key, and uses it to generate an ecc_key object, which it stores in key.

Returns
0 On successfully decoding the private key and storing the result in the ecc_key struct
ASN_PARSE_E: Returned if there is an error parsing the der file and storing it as a pem file
MEMORY_E Returned if there is an error allocating memory with XMALLOC
BUFFER_E Returned if the certificate to convert is large than the specified max certificate size
ASN_OBJECT_ID_E Returned if the certificate encoding has an invalid object id
ECC_CURVE_OID_E Returned if the ECC curve of the provided key is not supported
ECC_BAD_ARG_E Returned if there is an error in the ECC key format
NOT_COMPILED_IN Returned if the private key is compressed, and no compression key is provided
MP_MEM Returned if there is an error in the math library used while parsing the private key
MP_VAL Returned if there is an error in the math library used while parsing the private key
MP_RANGE Returned if there is an error in the math library used while parsing the private key
Parameters
inputpointer to the buffer containing the input private key
inOutIdxpointer to a word32 object containing the index in the buffer at which to start
keypointer to an initialized ecc object, on which to store the decoded private key
inSzsize of the input buffer containing the private key

Example

int ret, idx=0;
ecc_key key; // to store key in
byte* tmp; // tmp buffer to read key from
tmp = (byte*) malloc(FOURK_BUF);
int inSz;
inSz = fread(tmp, 1, FOURK_BUF, privateKeyFile);
// read key into tmp buffer
wc_ecc_init(&key); // initialize key
ret = wc_EccPrivateKeyDecode(tmp, &idx, &key, (word32)inSz);
if(ret < 0) {
// error decoding ecc key
}
See also
wc_RSA_PrivateKeyDecode

◆ wc_EccPublicKeyDecode()

WOLFSSL_API int wc_EccPublicKeyDecode ( const byte *  ,
word32 *  ,
ecc_key ,
word32   
)

Decodes an ECC public key from an input buffer. It will parse an ASN sequence to retrieve the ECC key.

Returns
0 Success
BAD_FUNC_ARG Returns if any arguments are null.
ASN_PARSE_E Returns if there is an error parsing
ASN_ECC_KEY_E Returns if there is an error importing the key. See wc_ecc_import_x963 for possible reasons.
Parameters
inputBuffer containing DER encoded key to decode.
inOutIdxIndex to start reading input buffer from. On output, index is set to last position parsed of input buffer.
keyPointer to ecc_key struct to store the public key.
inSzSize of the input buffer.

Example

int ret;
word32 idx = 0;
byte buff[] = { // initialize with key };
ecc_key pubKey;
wc_ecc_init_key(&pubKey);
if ( wc_EccPublicKeyDecode(buff, &idx, &pubKey, sizeof(buff)) != 0) {
// error decoding key
}
See also
wc_ecc_import_x963

◆ wc_EccPublicKeyToDer()

WOLFSSL_API int wc_EccPublicKeyToDer ( ecc_key ,
byte *  output,
word32  inLen,
int  with_AlgCurve 
)

This function converts the ECC public key to DER format. It returns the size of buffer used. The public ECC key in DER format is stored in output buffer. with_AlgCurve is a flag for when to include a header that has the Algorithm and Curve information.

Returns
>0 Success, size of buffer used
BAD_FUNC_ARG Returned if output or key is null.
LENGTH_ONLY_E Error in getting ECC public key size.
BUFFER_E Returned when output buffer is too small.
Parameters
keyPointer to ECC key
outputPointer to output buffer to write to.
inLenSize of buffer.
with_AlgCurvea flag for when to include a header that has the Algorithm and Curve information.

Example

ecc_key key;
WC_WC_RNG rng;
wc_InitRng(&rng);
wc_ecc_make_key(&rng, 24, &key);
int derSz = // Some appropriate size for der;
byte der[derSz];
if(wc_EccPublicKeyToDer(&key, der, derSz, 1) < 0)
{
// Error converting ECC public key to der
}
See also
wc_EccKeyToDer
wc_EccPrivateKeyDecode

◆ wc_EncodeSignature()

WOLFSSL_API word32 wc_EncodeSignature ( byte *  out,
const byte *  digest,
word32  digSz,
int  hashOID 
)

This function encodes a digital signature into the output buffer, and returns the size of the encoded signature created.

Returns
Success On successfully writing the encoded signature to output, returns the length written to the buffer
Parameters
outpointer to the buffer where the encoded signature will be written
digestpointer to the digest to use to encode the signature
digSzthe length of the buffer containing the digest
hashOIDOID identifying the hash type used to generate the signature. Valid options, depending on build configurations, are: SHAh, SHA256h, SHA384h, SHA512h, MD2h, MD5h, DESb, DES3b, CTC_MD5wRSA, CTC_SHAwRSA, CTC_SHA256wRSA, CTC_SHA384wRSA, CTC_SHA512wRSA, CTC_SHAwECDSA, CTC_SHA256wECDSA, CTC_SHA384wECDSA, and CTC_SHA512wECDSA.
int signSz;
byte encodedSig[MAX_ENCODED_SIG_SZ];
Sha256 sha256;
// initialize sha256 for hashing
byte* dig = = (byte*)malloc(SHA256_DIGEST_SIZE);
// perform hashing and hash updating so dig stores SHA-256 hash
// (see wc_InitSha256, wc_Sha256Update and wc_Sha256Final)
signSz = wc_EncodeSignature(encodedSig, dig, SHA256_DIGEST_SIZE,SHA256h);
See also
none

◆ wc_GetCTC_HashOID()

WOLFSSL_API int wc_GetCTC_HashOID ( int  type)

This function returns the hash OID that corresponds to a hashing type. For example, when given the type: SHA512, this function returns the identifier corresponding to a SHA512 hash, SHA512h.

Returns
Success On success, returns the OID corresponding to the appropriate hash to use with that encryption type.
0 Returned if an unrecognized hash type is passed in as argument.
Parameters
typethe hash type for which to find the OID. Valid options, depending on build configuration, include: MD2, MD5, SHA, SHA256, SHA512, SHA384, and SHA512.

Example

int hashOID;
hashOID = wc_GetCTC_HashOID(SHA512);
if (hashOID == 0) {
// WOLFSSL_SHA512 not defined
}
See also
none

◆ wc_GetSubjectRaw()

WOLFSSL_API int wc_GetSubjectRaw ( byte **  subjectRaw,
Cert cert 
)

This function gets the raw subject from the certificate structure.

Returns
0 Returned on successfully getting the subject from the certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
Parameters
subjectRawpointer-pointer to the raw subject upon successful return
certpointer to the cert from which to get the raw subject

Example

Cert myCert;
byte *subjRaw;
// initialize myCert
if(wc_GetSubjectRaw(&subjRaw, &myCert) != 0) {
// error setting subject
}
See also
wc_InitCert
wc_SetSubjectRaw

◆ wc_InitCert()

WOLFSSL_API int wc_InitCert ( Cert )

This function initializes a default cert, with the default options: version = 3 (0x2), serial = 0, sigType = SHA_WITH_RSA, issuer = blank, daysValid = 500, selfSigned = 1 (true) use subject as issuer, subject = blank.

Returns
none No returns.
Parameters
certpointer to an uninitialized cert structure to initialize

Example

Cert myCert;
wc_InitCert(&myCert);
See also
wc_MakeCert
wc_MakeCertReq

◆ wc_MakeCert()

WOLFSSL_API int wc_MakeCert ( Cert ,
byte *  derBuffer,
word32  derSz,
RsaKey ,
ecc_key ,
WC_RNG  
)

Used to make CA signed certs. Called after the subject information has been entered. This function makes an x509 Certificate v3 RSA or ECC from a cert input. It then writes this cert to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate. The certificate must be initialized with wc_InitCert before this method is called.

Returns
Success On successfully making an x509 certificate from the specified input cert, returns the size of the cert generated.
MEMORY_E Returned if there is an error allocating memory with XMALLOC
BUFFER_E Returned if the provided derBuffer is too small to store the generated certificate
Others Additional error messages may be returned if the cert generation is not successful.
Parameters
certpointer to an initialized cert structure
derBufferpointer to the buffer in which to hold the generated cert
derSzsize of the buffer in which to store the cert
rsaKeypointer to an RsaKey structure containing the rsa key used to generate the certificate
eccKeypointer to an EccKey structure containing the ecc key used to generate the certificate
rngpointer to the random number generator used to make the cert

Example

Cert myCert;
wc_InitCert(&myCert);
WC_RNG rng;
//initialize rng;
RsaKey key;
//initialize key;
byte * derCert = malloc(FOURK_BUF);
word32 certSz;
certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng);
See also
wc_InitCert
wc_MakeCertReq

◆ wc_MakeCertReq()

WOLFSSL_API int wc_MakeCertReq ( Cert ,
byte *  derBuffer,
word32  derSz,
RsaKey ,
ecc_key  
)

This function makes a certificate signing request using the input certificate and writes the output to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate request. wc_SignCert() will need to be called after this function to sign the certificate request. Please see the wolfCrypt test application (./wolfcrypt/test/test.c) for an example usage of this function.

Returns
Success On successfully making an X.509 certificate request from the specified input cert, returns the size of the certificate request generated.
MEMORY_E Returned if there is an error allocating memory with XMALLOC
BUFFER_E Returned if the provided derBuffer is too small to store the generated certificate
Other Additional error messages may be returned if the certificate request generation is not successful.
Parameters
certpointer to an initialized cert structure
derBufferpointer to the buffer in which to hold the generated certificate request
derSzsize of the buffer in which to store the certificate request
rsaKeypointer to an RsaKey structure containing the rsa key used to generate the certificate request
eccKeypointer to an EccKey structure containing the ecc key used to generate the certificate request

Example

Cert myCert;
// initialize myCert
EccKey key;
//initialize key;
byte* derCert = (byte*)malloc(FOURK_BUF);
word32 certSz;
certSz = wc_MakeCertReq(&myCert, derCert, FOURK_BUF, NULL, &key);
See also
wc_InitCert
wc_MakeCert

◆ wc_MakeNtruCert()

WOLFSSL_API int wc_MakeNtruCert ( Cert ,
byte *  derBuffer,
word32  derSz,
const byte *  ntruKey,
word16  keySz,
WC_RNG  
)

Used to make CA signed certs. Called after the subject information has been entered. This function makes an NTRU Certificate from a cert input. It then writes this cert to derBuffer. It takes in an ntruKey and a rng to generate the certificate. The certificate must be initialized with wc_InitCert before this method is called.

Returns
Success On successfully making a NTRU certificate from the specified input cert, returns the size of the cert generated.
MEMORY_E Returned if there is an error allocating memory with XMALLOC
BUFFER_E Returned if the provided derBuffer is too small to store the generated certificate
Other Additional error messages may be returned if the cert generation is not successful.
Parameters
certpointer to an initialized cert structure
derBufferpointer to the buffer in which to store the generated certificate
derSzsize of the buffer in which to store the generated certificate
ntruKeypointer to the key to be used to generate the NTRU certificate
keySzsize of the key used to generate the NTRU certificate
rngpointer to the random number generator used to generate the NTRU certificate

Example

Cert myCert;
// initialize myCert
WC_RNG rng;
//initialize rng;
byte ntruPublicKey[NTRU_KEY_SIZE];
//initialize ntruPublicKey;
byte * derCert = malloc(FOURK_BUF);
word32 certSz;
certSz = wc_MakeNtruCert(&myCert, derCert, FOURK_BUF, &ntruPublicKey,
NTRU_KEY_SIZE, &rng);
See also
wc_InitCert
wc_MakeCert

◆ wc_MakeSelfCert()

WOLFSSL_API int wc_MakeSelfCert ( Cert ,
byte *  derBuffer,
word32  derSz,
RsaKey ,
WC_RNG  
)

This function is a combination of the previous two functions, wc_MakeCert and wc_SignCert for self signing (the previous functions may be used for CA requests). It makes a certificate, and then signs it, generating a self-signed certificate.

Returns
Success On successfully signing the certificate, returns the new size of the cert.
MEMORY_E Returned if there is an error allocating memory with XMALLOC
BUFFER_E Returned if the provided buffer is too small to store the generated certificate
Other Additional error messages may be returned if the cert generation is not successful.
Parameters
certpointer to the cert to make and sign
bufferpointer to the buffer in which to hold the signed certificate
buffSzsize of the buffer in which to store the signed certificate
keypointer to an RsaKey structure containing the rsa key to used to sign the certificate
rngpointer to the random number generator used to generate and sign the certificate

Example

Cert myCert;
byte* derCert = (byte*)malloc(FOURK_BUF);
// initialize myCert, derCert
RsaKey key;
// initialize key;
WC_RNG rng;
// initialize rng
word32 certSz;
certSz = wc_MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng);
See also
wc_InitCert
wc_MakeCert
wc_SignCert

◆ wc_PemCertToDer()

WOLFSSL_API int wc_PemCertToDer ( const char *  fileName,
unsigned char *  derBuf,
int  derSz 
)

This function converts a pem certificate to a der certificate, and places the resulting certificate in the derBuf buffer provided.

Returns
Success On success returns the size of the derBuf generated
BUFFER_E Returned if the size of derBuf is too small to hold the certificate generated
MEMORY_E Returned if the call to XMALLOC fails
Parameters
fileNamepath to the file containing a pem certificate to convert to a der certificate
derBufpointer to a char buffer in which to store the converted certificate
derSzsize of the char buffer in which to store the converted certificate

Example

char * file = “./certs/client-cert.pem”;
int derSz;
byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
if(derSz <= 0) {
//PemCertToDer error
}
See also
none

◆ wc_PemPubKeyToDer()

WOLFSSL_API int wc_PemPubKeyToDer ( const char *  fileName,
unsigned char *  derBuf,
int  derSz 
)

Loads a PEM key from a file and converts to a DER encoded buffer.

Returns
0 Success
<0 Error
SSL_BAD_FILE There is a problem with opening the file.
MEMORY_E There is an error allocating memory for the file buffer.
BUFFER_E derBuf is not large enough to hold the converted key.
Parameters
fileNameName of the file to load.
derBufBuffer for DER encoded key.
derSzSize of DER buffer.

Example

char* some_file = "filename";
unsigned char der[];
if(wc_PemPubKeyToDer(some_file, der, sizeof(der)) != 0)
{
//Handle Error
}
See also
wc_PubKeyPemToDer

◆ wc_PubKeyPemToDer()

WOLFSSL_API int wc_PubKeyPemToDer ( const unsigned char *  ,
int  ,
unsigned char *  ,
int   
)

Convert a PEM encoded public key to DER. Returns the number of bytes written to the buffer or a negative value for an error.

Returns
>0 Success, number of bytes written.
BAD_FUNC_ARG Returns if pem, buff, or buffSz are null
<0 An error occurred in the function.
Parameters
pemPEM encoded key
pemSzSize of pem
buffPointer to buffer for output.
buffSzSize of buffer.

Example

byte some_pem[] = { Initialize with PEM key }
unsigned char out_buffer[1024]; // Ensure buffer is large enough to fit DER
if(wc_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer,
sizeof(out_buffer)) < 0)
{
// Handle error
}
See also
wc_PemPubKeyToDer

◆ wc_SetAltNames()

WOLFSSL_API int wc_SetAltNames ( Cert ,
const char *   
)

This function sets the alternate names for a certificate to the alternate names in the provided pem file. This is useful in the case that one wishes to secure multiple domains with the same certificate. This method is used to set fields prior to signing.

Returns
0 Returned on successfully setting the alt names for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the alt names
filepath of the file containing the pem formatted certificate

Example

Cert myCert;
// initialize myCert
if(wc_SetSubject(&myCert, ”./path/to/ca-cert.pem”) != 0) {
// error setting alt names
}
See also
wc_InitCert
wc_SetIssuer

◆ wc_SetAltNamesBuffer()

WOLFSSL_API int wc_SetAltNamesBuffer ( Cert ,
const byte *  ,
int   
)

This function sets the alternate names for a certificate from the alternate names in the provided der buffer. This is useful in the case that one wishes to secure multiple domains with the same certificate. This method is used to set fields prior to signing.

Returns
0 Returned on successfully setting the alternate names for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the alternate names
derpointer to the buffer containing the der formatted certificate from which to grab the alternate names
derSzsize of the buffer containing the der formatted certificate from which to grab the alternate names

Example

Cert myCert;
// initialize myCert
byte* der;
der = (byte*)malloc(FOURK_BUF);
// initialize der
if(wc_SetAltNamesBuffer(&myCert, der, FOURK_BUF) != 0) {
// error setting subject
}
See also
wc_InitCert
wc_SetAltNames

◆ wc_SetAuthKeyId()

WOLFSSL_API int wc_SetAuthKeyId ( Cert cert,
const char *  file 
)

Set AKID from certificate file in PEM format.

Returns
0 Success
BAD_FUNC_ARG Error if cert or file is null.
MEMORY_E Error if problem allocating memory.
Parameters
certCert struct you want to set the AKID of.
fileBuffer containing PEM cert file.

Example

char* file_name = "/path/to/file";
cert some_cert;
wc_InitCert(&some_cert);
if(wc_SetAuthKeyId(&some_cert, file_name) != 0)
{
// Handle Error
}
See also
wc_SetAuthKeyIdFromPublicKey
wc_SetAuthKeyIdFromCert

◆ wc_SetAuthKeyIdFromCert()

WOLFSSL_API int wc_SetAuthKeyIdFromCert ( Cert cert,
const byte *  der,
int  derSz 
)

Set AKID from from DER encoded certificate.

Returns
0 Success
BAD_FUNC_ARG Error if any argument is null or derSz is less than 0.
MEMORY_E Error if problem allocating memory.
ASN_NO_SKID No subject key ID found.
Parameters
certThe Cert struct to write to.
derThe DER encoded certificate buffer.
derSzSize of der in bytes.

Example

Cert some_cert;
byte some_der[] = { // Initialize a DER buffer };
wc_InitCert(&some_cert);
if(wc_SetAuthKeyIdFromCert(&some_cert, some_der, sizeof(some_der) != 0)
{
// Handle error
}
See also
wc_SetAuthKeyIdFromPublicKey
wc_SetAuthKeyId

◆ wc_SetAuthKeyIdFromPublicKey()

WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey ( Cert cert,
RsaKey rsakey,
ecc_key eckey 
)

Set AKID from either an RSA or ECC public key. note: Only set one of rsakey or eckey, not both.

Returns
0 Success
BAD_FUNC_ARG Either cert is null or both rsakey and eckey are null.
MEMORY_E Error allocating memory.
PUBLIC_KEY_E Error writing to the key.
Parameters
certPointer to the certificate to set the SKID.
rsakeyPointer to the RsaKey struct to read from.
eckeyPointer to the ecc_key to read from.

Example

Cert myCert;
RsaKey keypub;
wc_InitRsaKey(&keypub, 0);
if (wc_SetAuthKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0)
{
// Handle error
}
See also
wc_SetSubjectKeyId
wc_SetAuthKeyId
wc_SetAuthKeyIdFromCert

◆ wc_SetDatesBuffer()

WOLFSSL_API int wc_SetDatesBuffer ( Cert ,
const byte *  ,
int   
)

This function sets the dates for a certificate from the date range in the provided der buffer. This method is used to set fields prior to signing.

Returns
0 Returned on successfully setting the dates for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the dates
derpointer to the buffer containing the der formatted certificate from which to grab the date range
derSzsize of the buffer containing the der formatted certificate from which to grab the date range

Example

Cert myCert;
// initialize myCert
byte* der;
der = (byte*)malloc(FOURK_BUF);
// initialize der
if(wc_SetDatesBuffer(&myCert, der, FOURK_BUF) != 0) {
// error setting subject
}
See also
wc_InitCert

◆ wc_SetIssuer()

WOLFSSL_API int wc_SetIssuer ( Cert ,
const char *   
)

This function sets the issuer for a certificate to the issuer in the provided pem issuerFile. It also changes the certificate’s self-signed attribute to false. The issuer specified in issuerFile is verified prior to setting the cert issuer. This method is used to set fields prior to signing.

Returns
0 Returned on successfully setting the issuer for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the issuer
issuerFilepath of the file containing the pem formatted certificate

Example

Cert myCert;
// initialize myCert
if(wc_SetIssuer(&myCert, ”./path/to/ca-cert.pem”) != 0) {
// error setting issuer
}
See also
wc_InitCert
wc_SetSubject
wc_SetIssuerBuffer

◆ wc_SetIssuerBuffer()

WOLFSSL_API int wc_SetIssuerBuffer ( Cert ,
const byte *  ,
int   
)

This function sets the issuer for a certificate from the issuer in the provided der buffer. It also changes the certificate’s self-signed attribute to false. This method is used to set fields prior to signing.

Returns
0 Returned on successfully setting the issuer for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the issuer
derpointer to the buffer containing the der formatted certificate from which to grab the issuer
derSzsize of the buffer containing the der formatted certificate from which to grab the issuer

Example

Cert myCert;
// initialize myCert
byte* der;
der = (byte*)malloc(FOURK_BUF);
// initialize der
if(wc_SetIssuerBuffer(&myCert, der, FOURK_BUF) != 0) {
// error setting issuer
}
See also
wc_InitCert
wc_SetIssuer

◆ wc_SetIssuerRaw()

WOLFSSL_API int wc_SetIssuerRaw ( Cert cert,
const byte *  der,
int  derSz 
)

This function sets the raw issuer for a certificate from the issuer in the provided der buffer. This method is used to set the raw issuer field prior to signing.

Returns
0 Returned on successfully setting the issuer for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the raw issuer
derpointer to the buffer containing the der formatted certificate from which to grab the subject
derSzsize of the buffer containing the der formatted certificate from which to grab the subject

Example

Cert myCert;
// initialize myCert
byte* der;
der = (byte*)malloc(FOURK_BUF);
// initialize der
if(wc_SetIssuerRaw(&myCert, der, FOURK_BUF) != 0) {
// error setting subject
}
See also
wc_InitCert
wc_SetIssuer

◆ wc_SetSubject()

WOLFSSL_API int wc_SetSubject ( Cert ,
const char *   
)

This function sets the subject for a certificate to the subject in the provided pem subjectFile. This method is used to set fields prior to signing.

Returns
0 Returned on successfully setting the issuer for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the issuer
subjectFilepath of the file containing the pem formatted certificate

Example

Cert myCert;
// initialize myCert
if(wc_SetSubject(&myCert, ”./path/to/ca-cert.pem”) != 0) {
// error setting subject
}
See also
wc_InitCert
wc_SetIssuer

◆ wc_SetSubjectBuffer()

WOLFSSL_API int wc_SetSubjectBuffer ( Cert ,
const byte *  ,
int   
)

This function sets the subject for a certificate from the subject in the provided der buffer. This method is used to set fields prior to signing.

Returns
0 Returned on successfully setting the subject for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the subject
derpointer to the buffer containing the der formatted certificate from which to grab the subject
derSzsize of the buffer containing the der formatted certificate from which to grab the subject

Example

Cert myCert;
// initialize myCert
byte* der;
der = (byte*)malloc(FOURK_BUF);
// initialize der
if(wc_SetSubjectBuffer(&myCert, der, FOURK_BUF) != 0) {
// error setting subject
}
See also
wc_InitCert
wc_SetSubject

◆ wc_SetSubjectKeyId()

WOLFSSL_API int wc_SetSubjectKeyId ( Cert cert,
const char *  file 
)

Set SKID from public key file in PEM format. Both arguments are required.

Returns
0 Success
BAD_FUNC_ARG Returns if cert or file is null.
MEMORY_E Returns if there is a problem allocating memory for key.
PUBLIC_KEY_E Returns if there is an error decoding the public key.
Parameters
certCert structure to set the SKID of.
fileContains the PEM encoded file.

Example

const char* file_name = "path/to/file";
Cert some_cert;
wc_InitCert(&some_cert);
if(wc_SetSubjectKeyId(&some_cert, file_name) != 0)
{
// Handle Error
}
See also
wc_SetSubjectKeyIdFromNtruPublicKey
wc_SetSubjectKeyIdFromPublicKey

◆ wc_SetSubjectKeyIdFromNtruPublicKey()

WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey ( Cert cert,
byte *  ntruKey,
word16  ntruKeySz 
)

Set SKID from NTRU public key.

Returns
0 Success
BAD_FUNC_ARG Returned if cert or ntruKey is null.
MEMORY_E Returned if there is an error allocating memory.
PUBLIC_KEY_E Returned if there is an error getting the public key.
Parameters
certPointer to a Cert structure to be used.
ntruKeyPointer to the NTRU public key in a byte array.
ntruKeySzSize of the NTRU byte array.

Example

Cert some_cert;
wc_InitCert(&some_cert);
byte some_ntru_key[] = { // Load an NTRU key };
word32 ntru_size = sizeof(some_ntru_key);
some_ntru_key, ntru_size) != 0)
{
// Handle error
}
See also
SetKeyIdFromPublicKey

◆ wc_SetSubjectKeyIdFromPublicKey()

WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey ( Cert cert,
RsaKey rsakey,
ecc_key eckey 
)

Set SKID from RSA or ECC public key.

Returns
0 Success
BAD_FUNC_ARG Returned if cert or rsakey and eckey is null.
MEMORY_E Returned if there is an error allocating memory.
PUBLIC_KEY_E Returned if there is an error getting the public key.
Parameters
certPointer to a Cert structure to be used.
rsakeyPointer to an RsaKey structure
eckeyPointer to an ecc_key structure

Example

Cert some_cert;
RsaKey some_key;
wc_InitCert(&some_cert);
wc_InitRsaKey(&some_key);
if(wc_SetSubjectKeyIdFromPublicKey(&some_cert,&some_key, NULL) != 0)
{
// Handle Error
}
See also
wc_SetSubjectKeyId
wc_SetSubjectKeyIdFromNtruPublicKey

◆ wc_SetSubjectRaw()

WOLFSSL_API int wc_SetSubjectRaw ( Cert cert,
const byte *  der,
int  derSz 
)

This function sets the raw subject for a certificate from the subject in the provided der buffer. This method is used to set the raw subject field prior to signing.

Returns
0 Returned on successfully setting the subject for the certificate
MEMORY_E Returned if there is an error allocating memory with XMALLOC
ASN_PARSE_E Returned if there is an error parsing the cert header file
ASN_OBJECT_ID_E Returned if there is an error parsing the encryption type from the cert
ASN_EXPECT_0_E Returned if there is a formatting error in the encryption specification of the cert file
ASN_BEFORE_DATE_E Returned if the date is before the certificate start date
ASN_AFTER_DATE_E Returned if the date is after the certificate expiration date
ASN_BITSTR_E Returned if there is an error parsing a bit string from the certificate
ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key from the certificate
ECC_CURVE_OID_E Returned if there is an error parsing the ECC key from the certificate
ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown key object id
ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not defined and the certificate is a V1 or V2 certificate
BAD_FUNC_ARG Returned if there is an error processing the certificate extension
ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is encountered in processing the certificate
ASN_SIG_OID_E Returned if the signature encryption type is not the same as the encryption type of the certificate in the provided file
ASN_SIG_CONFIRM_E Returned if confirming the certification signature fails
ASN_NAME_INVALID_E Returned if the certificate’s name is not permitted by the CA name constraints
ASN_NO_SIGNER_E Returned if there is no CA signer to verify the certificate’s authenticity
Parameters
certpointer to the cert for which to set the raw subject
derpointer to the buffer containing the der formatted certificate from which to grab the subject
derSzsize of the buffer containing the der formatted certificate from which to grab the subject

Example

Cert myCert;
// initialize myCert
byte* der;
der = (byte*)malloc(FOURK_BUF);
// initialize der
if(wc_SetSubjectRaw(&myCert, der, FOURK_BUF) != 0) {
// error setting subject
}
See also
wc_InitCert
wc_SetSubject

◆ wc_SignCert()

WOLFSSL_API int wc_SignCert ( int  requestSz,
int  sigType,
byte *  derBuffer,
word32  derSz,
RsaKey ,
ecc_key ,
WC_RNG  
)

This function signs buffer and adds the signature to the end of buffer. It takes in a signature type. Must be called after wc_MakeCert() or wc_MakeCertReq() if creating a CA signed cert.

Returns
Success On successfully signing the certificate, returns the new size of the cert (including signature).
MEMORY_E Returned if there is an error allocating memory with XMALLOC
BUFFER_E Returned if the provided buffer is too small to store the generated certificate
Other Additional error messages may be returned if the cert generation is not successful.
Parameters
requestSzthe size of the certificate body we’re requesting to have signed
sTypeType of signature to create. Valid options are: CTC_MD5wRSA, CTC_SHAwRSA, CTC_SHAwECDSA, CTC_SHA256wECDSA, andCTC_SHA256wRSA
bufferpointer to the buffer containing the certificate to be signed. On success: will hold the newly signed certificate
buffSzthe (total) size of the buffer in which to store the newly signed certificate
rsaKeypointer to an RsaKey structure containing the rsa key to used to sign the certificate
eccKeypointer to an EccKey structure containing the ecc key to used to sign the certificate
rngpointer to the random number generator used to sign the certificate

Example

Cert myCert;
byte* derCert = (byte*)malloc(FOURK_BUF);
// initialize myCert, derCert
RsaKey key;
// initialize key;
WC_RNG rng;
// initialize rng
word32 certSz;
certSz = wc_SignCert(myCert.bodySz, myCert.sigType,derCert,FOURK_BUF,
&key, NULL,
&rng);
See also
wc_InitCert
wc_MakeCert