|
My Project
|
|
My Project
|
Functions | |
| int | wc_InitCert (Cert *) |
| This function initializes a default cert, with the default options: version = 3 (0x2), serial = 0, sigType = SHA_WITH_RSA, issuer = blank, daysValid = 500, selfSigned = 1 (true) use subject as issuer, subject = blank. More... | |
| Cert * | wc_CertNew (void *heap) |
| This function allocates a new Cert structure for use during cert operations without the application having to allocate the structure itself. The Cert structure is also initialized by this function thus removing the need to call wc_InitCert(). When the application is finished using the allocated Cert structure wc_CertFree() must be called. More... | |
| void | wc_CertFree (Cert *cert) |
| This function frees the memory allocated for a cert structure by a previous call to wc_CertNew(). More... | |
| int | wc_MakeCert (Cert *cert, byte *derBuffer, word32 derSz, RsaKey *rsaKey, ecc_key *eccKey, WC_RNG *rng) |
| Used to make CA signed certs. Called after the subject information has been entered. This function makes an x509 Certificate v3 RSA or ECC from a cert input. It then writes this cert to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate. The certificate must be initialized with wc_InitCert before this method is called. More... | |
| int | wc_MakeCertReq (Cert *cert, byte *derBuffer, word32 derSz, RsaKey *rsaKey, ecc_key *eccKey) |
| This function makes a certificate signing request using the input certificate and writes the output to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate request. wc_SignCert() will need to be called after this function to sign the certificate request. Please see the wolfCrypt test application (./wolfcrypt/test/test.c) for an example usage of this function. More... | |
| int | wc_SignCert (int requestSz, int sigType, byte *derBuffer, word32 derSz, RsaKey *rsaKey, ecc_key *eccKey, WC_RNG *rng) |
| This function signs buffer and adds the signature to the end of buffer. It takes in a signature type. Must be called after wc_MakeCert() or wc_MakeCertReq() if creating a CA signed cert. More... | |
| int | wc_MakeSelfCert (Cert *cert, byte *derBuffer, word32 derSz, RsaKey *key, WC_RNG *rng) |
| This function is a combination of the previous two functions, wc_MakeCert and wc_SignCert for self signing (the previous functions may be used for CA requests). It makes a certificate, and then signs it, generating a self-signed certificate. More... | |
| int | wc_SetIssuer (Cert *cert, const char *issuerFile) |
| This function sets the issuer for a certificate to the issuer in the provided pem issuerFile. It also changes the certificate’s self-signed attribute to false. The issuer specified in issuerFile is verified prior to setting the cert issuer. This method is used to set fields prior to signing. More... | |
| int | wc_SetSubject (Cert *cert, const char *subjectFile) |
| This function sets the subject for a certificate to the subject in the provided pem subjectFile. This method is used to set fields prior to signing. More... | |
| int | wc_SetSubjectRaw (Cert *cert, const byte *der, int derSz) |
| This function sets the raw subject for a certificate from the subject in the provided der buffer. This method is used to set the raw subject field prior to signing. More... | |
| int | wc_GetSubjectRaw (byte **subjectRaw, Cert *cert) |
| This function gets the raw subject from the certificate structure. More... | |
| int | wc_SetAltNames (Cert *cert, const char *file) |
| This function sets the alternate names for a certificate to the alternate names in the provided pem file. This is useful in the case that one wishes to secure multiple domains with the same certificate. This method is used to set fields prior to signing. More... | |
| int | wc_SetIssuerBuffer (Cert *cert, const byte *der, int derSz) |
| This function sets the issuer for a certificate from the issuer in the provided der buffer. It also changes the certificate’s self-signed attribute to false. This method is used to set fields prior to signing. More... | |
| int | wc_SetIssuerRaw (Cert *cert, const byte *der, int derSz) |
| This function sets the raw issuer for a certificate from the issuer in the provided der buffer. This method is used to set the raw issuer field prior to signing. More... | |
| int | wc_SetSubjectBuffer (Cert *cert, const byte *der, int derSz) |
| This function sets the subject for a certificate from the subject in the provided der buffer. This method is used to set fields prior to signing. More... | |
| int | wc_SetAltNamesBuffer (Cert *cert, const byte *der, int derSz) |
| This function sets the alternate names for a certificate from the alternate names in the provided der buffer. This is useful in the case that one wishes to secure multiple domains with the same certificate. This method is used to set fields prior to signing. More... | |
| int | wc_SetDatesBuffer (Cert *cert, const byte *der, int derSz) |
| This function sets the dates for a certificate from the date range in the provided der buffer. This method is used to set fields prior to signing. More... | |
| int | wc_SetAuthKeyIdFromPublicKey (Cert *cert, RsaKey *rsakey, ecc_key *eckey) |
| Set AKID from either an RSA or ECC public key. note: Only set one of rsakey or eckey, not both. More... | |
| int | wc_SetAuthKeyIdFromCert (Cert *cert, const byte *der, int derSz) |
| Set AKID from from DER encoded certificate. More... | |
| int | wc_SetAuthKeyId (Cert *cert, const char *file) |
| Set AKID from certificate file in PEM format. More... | |
| int | wc_SetSubjectKeyIdFromPublicKey (Cert *cert, RsaKey *rsakey, ecc_key *eckey) |
| Set SKID from RSA or ECC public key. More... | |
| int | wc_SetSubjectKeyId (Cert *cert, const char *file) |
| Set SKID from public key file in PEM format. Both arguments are required. More... | |
| int | wc_PemPubKeyToDer (const char *fileName, unsigned char *derBuf, int derSz) |
| Loads a PEM key from a file and converts to a DER encoded buffer. More... | |
| int | wc_PubKeyPemToDer (const unsigned char *pem, int pemSz, unsigned char *buff, int buffSz) |
| Convert a PEM encoded public key to DER. Returns the number of bytes written to the buffer or a negative value for an error. More... | |
| int | wc_PemCertToDer (const char *fileName, unsigned char *derBuf, int derSz) |
| This function converts a pem certificate to a der certificate, and places the resulting certificate in the derBuf buffer provided. More... | |
| int | wc_DerToPem (const byte *der, word32 derSz, byte *output, word32 outputSz, int type) |
| This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output. More... | |
| int | wc_DerToPemEx (const byte *der, word32 derSz, byte *output, word32 outputSz, byte *cipherIno, int type) |
| This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output. Allows setting cipher info. More... | |
| int | wc_EccPrivateKeyDecode (const byte *input, word32 *inOutIdx, ecc_key *key, word32 inSz) |
| This function reads in an ECC private key from the input buffer, input, parses the private key, and uses it to generate an ecc_key object, which it stores in key. More... | |
| int | wc_EccKeyToDer (ecc_key *key, byte *output, word32 inLen) |
| This function writes a private ECC key to der format. More... | |
| int | wc_EccPublicKeyDecode (const byte *input, word32 *inOutIdx, ecc_key *key, word32 inSz) |
| Decodes an ECC public key from an input buffer. It will parse an ASN sequence to retrieve the ECC key. More... | |
| int | wc_EccPublicKeyToDer (ecc_key *key, byte *output, word32 inLen, int with_AlgCurve) |
| This function converts the ECC public key to DER format. It returns the size of buffer used. The public ECC key in DER format is stored in output buffer. The with_AlgCurve flag will include a header that has the Algorithm and Curve information. More... | |
| int | wc_EccPublicKeyToDer_ex (ecc_key *key, byte *output, word32 inLen, int with_AlgCurve, int comp) |
| This function converts the ECC public key to DER format. It returns the size of buffer used. The public ECC key in DER format is stored in output buffer. The with_AlgCurve flag will include a header that has the Algorithm and Curve information. The comp parameter determines if the public key will be exported as compressed. More... | |
| word32 | wc_EncodeSignature (byte *out, const byte *digest, word32 digSz, int hashOID) |
| This function encodes a digital signature into the output buffer, and returns the size of the encoded signature created. More... | |
| int | wc_GetCTC_HashOID (int type) |
| This function returns the hash OID that corresponds to a hashing type. For example, when given the type: WC_SHA512, this function returns the identifier corresponding to a SHA512 hash, SHA512h. More... | |
| void | wc_SetCert_Free (Cert *cert) |
| This function cleans up memory and resources used by the certificate structure's decoded cert cache. When WOLFSSL_CERT_GEN_CACHE is defined the decoded cert structure is cached in the certificate structure. This allows subsequent calls to certificate set functions to avoid parsing the decoded cert on each call. More... | |
| int | wc_GetPkcs8TraditionalOffset (byte *input, word32 *inOutIdx, word32 sz) |
| This function finds the beginning of the traditional private key inside a PKCS#8 unencrypted buffer. More... | |
| int | wc_CreatePKCS8Key (byte *out, word32 *outSz, byte *key, word32 keySz, int algoID, const byte *curveOID, word32 oidSz) |
| This function takes in a DER private key and converts it to PKCS#8 format. Also used in creating PKCS#12 shrouded key bags. See RFC 5208. More... | |
| int | wc_EncryptPKCS8Key (byte *key, word32 keySz, byte *out, word32 *outSz, const char *password, int passwordSz, int vPKCS, int pbeOid, int encAlgId, byte *salt, word32 saltSz, int itt, WC_RNG *rng, void *heap) |
| This function takes in an unencrypted PKCS#8 DER key (e.g. one created by wc_CreatePKCS8Key) and converts it to PKCS#8 encrypted format. The resulting encrypted key can be decrypted using wc_DecryptPKCS8Key. See RFC 5208. More... | |
| int | wc_DecryptPKCS8Key (byte *input, word32 sz, const char *password, int passwordSz) |
| This function takes an encrypted PKCS#8 DER key and decrypts it to PKCS#8 unencrypted DER. Undoes the encryption done by wc_EncryptPKCS8Key. See RFC5208. The input buffer is overwritten with the decrypted data. More... | |
| int | wc_CreateEncryptedPKCS8Key (byte *key, word32 keySz, byte *out, word32 *outSz, const char *password, int passwordSz, int vPKCS, int pbeOid, int encAlgId, byte *salt, word32 saltSz, int itt, WC_RNG *rng, void *heap) |
| This function takes a traditional, DER key, converts it to PKCS#8 format, and encrypts it. It uses wc_CreatePKCS8Key and wc_EncryptPKCS8Key to do this. More... | |
| void | wc_InitDecodedCert (struct DecodedCert *cert, const byte *source, word32 inSz, void *heap) |
| This function initializes the DecodedCert pointed to by the "cert" parameter. It saves the "source" pointer to a DER-encoded certificate of length "inSz." This certificate can be parsed by a subsequent call to wc_ParseCert. More... | |
| int | wc_ParseCert (DecodedCert *cert, int type, int verify, void *cm) |
| This function parses the DER-encoded certificate saved in the DecodedCert object and populates the fields of that object. The DecodedCert must have been initialized with a prior call to wc_InitDecodedCert. This function takes an optional pointer to a CertificateManager object, which is used to populate the certificate authority information of the DecodedCert, if the CA is found in the CertificateManager. More... | |
| void | wc_FreeDecodedCert (struct DecodedCert *cert) |
| This function frees a DecodedCert that was previously initialized with wc_InitDecodedCert. More... | |
| int | wc_SetTimeCb (wc_time_cb f) |
| This function registers a time callback that will be used anytime wolfSSL needs to get the current time. The prototype of the callback should be the same as the "time" function from the C standard library. More... | |
| time_t | wc_Time (time_t *t) |
| This function gets the current time. By default, it uses the XTIME macro, which varies between platforms. The user can use a function of their choosing instead via the wc_SetTimeCb function. More... | |
| int | wc_SetCustomExtension (Cert *cert, int critical, const char *oid, const byte *der, word32 derSz) |
| This function injects a custom extension in to an X.509 certificate. note: The content at the address pointed to by any of the parameters that are pointers must not be modified until the certificate is generated and you have the der output. This function does NOT copy the contents to another buffer. More... | |
| int | wc_SetUnknownExtCallback (DecodedCert *cert, wc_UnknownExtCallback cb) |
| This function registers a callback that will be used anytime wolfSSL encounters an unknown X.509 extension in a certificate while parsing a certificate. The prototype of the callback should be: More... | |
| int | wc_CheckCertSigPubKey (const byte *cert, word32 certSz, void *heap, const byte *pubKey, word32 pubKeySz, int pubKeyOID) |
| This function verifies the signature in the der form of an X.509 certificate against a public key. The public key is expected to be the full subject public key info in der form. More... | |
| int | wc_Asn1PrintOptions_Init (Asn1PrintOptions *opts) |
| This function initializes the ASN.1 print options. More... | |
| int | wc_Asn1PrintOptions_Set (Asn1PrintOptions *opts, enum Asn1PrintOpt opt, word32 val) |
| This function sets a print option into an ASN.1 print options object. More... | |
| int | wc_Asn1_Init (Asn1 *asn1) |
| This function initializes an ASN.1 parsing object. More... | |
| int | wc_Asn1_SetFile (Asn1 *asn1, XFILE file) |
| This function sets the file to use when printing into an ASN.1 parsing object. More... | |
| int | wc_Asn1_PrintAll (Asn1 *asn1, Asn1PrintOptions *opts, unsigned char *data, word32 len) |
| Print all ASN.1 items. More... | |
| int wc_Asn1_Init | ( | Asn1 * | asn1 | ) |
This function initializes an ASN.1 parsing object.
| asn1 | ASN.1 parse object. |
Example
| int wc_Asn1_PrintAll | ( | Asn1 * | asn1, |
| Asn1PrintOptions * | opts, | ||
| unsigned char * | data, | ||
| word32 | len | ||
| ) |
Print all ASN.1 items.
| asn1 | The ASN.1 parse object. |
| opts | The ASN.1 print options. |
| data | Buffer containing BER/DER data to print. |
| len | Length of data to print in bytes. |
| int wc_Asn1_SetFile | ( | Asn1 * | asn1, |
| XFILE | file | ||
| ) |
This function sets the file to use when printing into an ASN.1 parsing object.
| asn1 | The ASN.1 parse object. |
| file | File to print to. |
Example
| int wc_Asn1PrintOptions_Init | ( | Asn1PrintOptions * | opts | ) |
This function initializes the ASN.1 print options.
| opts | The ASN.1 options for printing. |
Example
| int wc_Asn1PrintOptions_Set | ( | Asn1PrintOptions * | opts, |
| enum Asn1PrintOpt | opt, | ||
| word32 | val | ||
| ) |
This function sets a print option into an ASN.1 print options object.
| opts | The ASN.1 options for printing. |
| opt | An option to set value for. |
| val | The value to set. |
Example
| void wc_CertFree | ( | Cert * | cert | ) |
This function frees the memory allocated for a cert structure by a previous call to wc_CertNew().
| A | pointer to the cert structure to free. |
Example
| Cert* wc_CertNew | ( | void * | heap | ) |
This function allocates a new Cert structure for use during cert operations without the application having to allocate the structure itself. The Cert structure is also initialized by this function thus removing the need to call wc_InitCert(). When the application is finished using the allocated Cert structure wc_CertFree() must be called.
| A | pointer to the heap used for dynamic allocation. Can be NULL. |
Example
| int wc_CheckCertSigPubKey | ( | const byte * | cert, |
| word32 | certSz, | ||
| void * | heap, | ||
| const byte * | pubKey, | ||
| word32 | pubKeySz, | ||
| int | pubKeyOID | ||
| ) |
This function verifies the signature in the der form of an X.509 certificate against a public key. The public key is expected to be the full subject public key info in der form.
| cert | The der encoding of the X.509 certificate. |
| certSz | The size in bytes of cert. |
| heap | A pointer to the heap used for dynamic allocation. Can be NULL. |
| pubKey | The der encoding of the public key. |
| pubKeySz | The size in bytes of pubKey. |
| pubKeyOID | OID identifying the algorithm of the public key. (ie: ECDSAk, DSAk or RSAk) |
| int wc_CreateEncryptedPKCS8Key | ( | byte * | key, |
| word32 | keySz, | ||
| byte * | out, | ||
| word32 * | outSz, | ||
| const char * | password, | ||
| int | passwordSz, | ||
| int | vPKCS, | ||
| int | pbeOid, | ||
| int | encAlgId, | ||
| byte * | salt, | ||
| word32 | saltSz, | ||
| int | itt, | ||
| WC_RNG * | rng, | ||
| void * | heap | ||
| ) |
This function takes a traditional, DER key, converts it to PKCS#8 format, and encrypts it. It uses wc_CreatePKCS8Key and wc_EncryptPKCS8Key to do this.
| key | Buffer with traditional DER key. |
| keySz | Size of key buffer. |
| out | Buffer to place result in. If NULL, required out buffer size returned in outSz. |
| outSz | Size of out buffer. |
| password | The password to use for the password-based encryption algorithm. |
| passwordSz | The length of the password (not including the NULL terminator). |
| vPKCS | The PKCS version to use. Can be 1 for PKCS12 or PKCS5. |
| pbeOid | The OID of the PBE scheme to use (e.g. PBES2 or one of the OIDs for PBES1 in RFC 2898 A.3). |
| encAlgId | The encryption algorithm ID to use (e.g. AES256CBCb). |
| salt | The salt buffer to use. If NULL, a random salt will be used. |
| saltSz | The length of the salt buffer. Can be 0 if passing NULL for salt. |
| itt | The number of iterations to use for the KDF. |
| rng | A pointer to an initialized WC_RNG object. |
| heap | A pointer to the heap used for dynamic allocation. Can be NULL. |
Example
| int wc_CreatePKCS8Key | ( | byte * | out, |
| word32 * | outSz, | ||
| byte * | key, | ||
| word32 | keySz, | ||
| int | algoID, | ||
| const byte * | curveOID, | ||
| word32 | oidSz | ||
| ) |
This function takes in a DER private key and converts it to PKCS#8 format. Also used in creating PKCS#12 shrouded key bags. See RFC 5208.
| out | Buffer to place result in. If NULL, required out buffer size returned in outSz. |
| outSz | Size of out buffer. |
| key | Buffer with traditional DER key. |
| keySz | Size of key buffer. |
| algoID | Algorithm ID (e.g. RSAk). |
| curveOID | ECC curve OID if used. Should be NULL for RSA keys. |
| oidSz | Size of curve OID. Is set to 0 if curveOID is NULL. |
Example
| int wc_DecryptPKCS8Key | ( | byte * | input, |
| word32 | sz, | ||
| const char * | password, | ||
| int | passwordSz | ||
| ) |
This function takes an encrypted PKCS#8 DER key and decrypts it to PKCS#8 unencrypted DER. Undoes the encryption done by wc_EncryptPKCS8Key. See RFC5208. The input buffer is overwritten with the decrypted data.
| input | On input, buffer containing encrypted PKCS#8 key. On successful output, contains the decrypted key. |
| sz | Size of the input buffer. |
| password | The password used to encrypt the key. |
| passwordSz | The length of the password (not including NULL terminator). |
Example
| int wc_DerToPem | ( | const byte * | der, |
| word32 | derSz, | ||
| byte * | output, | ||
| word32 | outputSz, | ||
| int | type | ||
| ) |
This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output.
| der | pointer to the buffer of the certificate to convert |
| derSz | size of the the certificate to convert |
| output | pointer to the buffer in which to store the pem formatted certificate |
| outSz | size of the buffer in which to store the pem formatted certificate |
| type | the type of certificate to generate. Valid types are: CERT_TYPE, PRIVATEKEY_TYPE, ECC_PRIVATEKEY_TYPE, and CERTREQ_TYPE. |
Example
| int wc_DerToPemEx | ( | const byte * | der, |
| word32 | derSz, | ||
| byte * | output, | ||
| word32 | outputSz, | ||
| byte * | cipherIno, | ||
| int | type | ||
| ) |
This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output. Allows setting cipher info.
| der | pointer to the buffer of the certificate to convert |
| derSz | size of the the certificate to convert |
| output | pointer to the buffer in which to store the pem formatted certificate |
| outSz | size of the buffer in which to store the pem formatted certificate |
| cipher_inf | Additional cipher information. |
| type | the type of certificate to generate. Valid types are: CERT_TYPE, PRIVATEKEY_TYPE, ECC_PRIVATEKEY_TYPE, and CERTREQ_TYPE. |
Example
| int wc_EccKeyToDer | ( | ecc_key * | key, |
| byte * | output, | ||
| word32 | inLen | ||
| ) |
This function writes a private ECC key to der format.
| key | pointer to the buffer containing the input ecc key |
| output | pointer to a buffer in which to store the der formatted key |
| inLen | the length of the buffer in which to store the der formatted key |
Example
| int wc_EccPrivateKeyDecode | ( | const byte * | input, |
| word32 * | inOutIdx, | ||
| ecc_key * | key, | ||
| word32 | inSz | ||
| ) |
This function reads in an ECC private key from the input buffer, input, parses the private key, and uses it to generate an ecc_key object, which it stores in key.
| input | pointer to the buffer containing the input private key |
| inOutIdx | pointer to a word32 object containing the index in the buffer at which to start |
| key | pointer to an initialized ecc object, on which to store the decoded private key |
| inSz | size of the input buffer containing the private key |
Example
| int wc_EccPublicKeyDecode | ( | const byte * | input, |
| word32 * | inOutIdx, | ||
| ecc_key * | key, | ||
| word32 | inSz | ||
| ) |
Decodes an ECC public key from an input buffer. It will parse an ASN sequence to retrieve the ECC key.
| input | Buffer containing DER encoded key to decode. |
| inOutIdx | Index to start reading input buffer from. On output, index is set to last position parsed of input buffer. |
| key | Pointer to ecc_key struct to store the public key. |
| inSz | Size of the input buffer. |
Example
| int wc_EccPublicKeyToDer | ( | ecc_key * | key, |
| byte * | output, | ||
| word32 | inLen, | ||
| int | with_AlgCurve | ||
| ) |
This function converts the ECC public key to DER format. It returns the size of buffer used. The public ECC key in DER format is stored in output buffer. The with_AlgCurve flag will include a header that has the Algorithm and Curve information.
| key | Pointer to ECC key |
| output | Pointer to output buffer to write to. |
| inLen | Size of buffer. |
| with_AlgCurve | a flag for when to include a header that has the Algorithm and Curve information. |
Example
| int wc_EccPublicKeyToDer_ex | ( | ecc_key * | key, |
| byte * | output, | ||
| word32 | inLen, | ||
| int | with_AlgCurve, | ||
| int | comp | ||
| ) |
This function converts the ECC public key to DER format. It returns the size of buffer used. The public ECC key in DER format is stored in output buffer. The with_AlgCurve flag will include a header that has the Algorithm and Curve information. The comp parameter determines if the public key will be exported as compressed.
| key | Pointer to ECC key |
| output | Pointer to output buffer to write to. |
| inLen | Size of buffer. |
| with_AlgCurve | a flag for when to include a header that has the Algorithm and Curve information. |
| comp | If 1 (non-zero) the ECC public key will be written in compressed form. If 0 it will be written in an uncompressed format. |
Example
| word32 wc_EncodeSignature | ( | byte * | out, |
| const byte * | digest, | ||
| word32 | digSz, | ||
| int | hashOID | ||
| ) |
This function encodes a digital signature into the output buffer, and returns the size of the encoded signature created.
| out | pointer to the buffer where the encoded signature will be written |
| digest | pointer to the digest to use to encode the signature |
| digSz | the length of the buffer containing the digest |
| hashOID | OID identifying the hash type used to generate the signature. Valid options, depending on build configurations, are: SHAh, SHA256h, SHA384h, SHA512h, MD2h, MD5h, DESb, DES3b, CTC_MD5wRSA, CTC_SHAwRSA, CTC_SHA256wRSA, CTC_SHA384wRSA, CTC_SHA512wRSA, CTC_SHAwECDSA, CTC_SHA256wECDSA, CTC_SHA384wECDSA, and CTC_SHA512wECDSA. |
| int wc_EncryptPKCS8Key | ( | byte * | key, |
| word32 | keySz, | ||
| byte * | out, | ||
| word32 * | outSz, | ||
| const char * | password, | ||
| int | passwordSz, | ||
| int | vPKCS, | ||
| int | pbeOid, | ||
| int | encAlgId, | ||
| byte * | salt, | ||
| word32 | saltSz, | ||
| int | itt, | ||
| WC_RNG * | rng, | ||
| void * | heap | ||
| ) |
This function takes in an unencrypted PKCS#8 DER key (e.g. one created by wc_CreatePKCS8Key) and converts it to PKCS#8 encrypted format. The resulting encrypted key can be decrypted using wc_DecryptPKCS8Key. See RFC 5208.
| key | Buffer with traditional DER key. |
| keySz | Size of key buffer. |
| out | Buffer to place result in. If NULL, required out buffer size returned in outSz. |
| outSz | Size of out buffer. |
| password | The password to use for the password-based encryption algorithm. |
| passwordSz | The length of the password (not including the NULL terminator). |
| vPKCS | The PKCS version to use. Can be 1 for PKCS12 or PKCS5. |
| pbeOid | The OID of the PBE scheme to use (e.g. PBES2 or one of the OIDs for PBES1 in RFC 2898 A.3). |
| encAlgId | The encryption algorithm ID to use (e.g. AES256CBCb). |
| salt | The salt buffer to use. If NULL, a random salt will be used. |
| saltSz | The length of the salt buffer. Can be 0 if passing NULL for salt. |
| itt | The number of iterations to use for the KDF. |
| rng | A pointer to an initialized WC_RNG object. |
| heap | A pointer to the heap used for dynamic allocation. Can be NULL. |
Example
| void wc_FreeDecodedCert | ( | struct DecodedCert * | cert | ) |
This function frees a DecodedCert that was previously initialized with wc_InitDecodedCert.
| cert | Pointer to an initialized DecodedCert object. |
Example
| int wc_GetCTC_HashOID | ( | int | type | ) |
This function returns the hash OID that corresponds to a hashing type. For example, when given the type: WC_SHA512, this function returns the identifier corresponding to a SHA512 hash, SHA512h.
| type | the hash type for which to find the OID. Valid options, depending on build configuration, include: WC_MD5, WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or WC_SHA3_512 |
Example
| int wc_GetPkcs8TraditionalOffset | ( | byte * | input, |
| word32 * | inOutIdx, | ||
| word32 | sz | ||
| ) |
This function finds the beginning of the traditional private key inside a PKCS#8 unencrypted buffer.
| input | Buffer containing unencrypted PKCS#8 private key. |
| inOutIdx | Index into the input buffer. On input, it should be a byte offset to the beginning of the the PKCS#8 buffer. On output, it will be the byte offset to the traditional private key within the input buffer. |
| sz | The number of bytes in the input buffer. |
Example
| int wc_GetSubjectRaw | ( | byte ** | subjectRaw, |
| Cert * | cert | ||
| ) |
This function gets the raw subject from the certificate structure.
| subjectRaw | pointer-pointer to the raw subject upon successful return |
| cert | pointer to the cert from which to get the raw subject |
Example
| int wc_InitCert | ( | Cert * | ) |
This function initializes a default cert, with the default options: version = 3 (0x2), serial = 0, sigType = SHA_WITH_RSA, issuer = blank, daysValid = 500, selfSigned = 1 (true) use subject as issuer, subject = blank.
| cert | pointer to an uninitialized cert structure to initialize |
Example
| void wc_InitDecodedCert | ( | struct DecodedCert * | cert, |
| const byte * | source, | ||
| word32 | inSz, | ||
| void * | heap | ||
| ) |
This function initializes the DecodedCert pointed to by the "cert" parameter. It saves the "source" pointer to a DER-encoded certificate of length "inSz." This certificate can be parsed by a subsequent call to wc_ParseCert.
| cert | Pointer to an allocated DecodedCert object. |
| source | Pointer to a DER-encoded certificate. |
| inSz | Length of the DER-encoded certificate in bytes. |
| heap | A pointer to the heap used for dynamic allocation. Can be NULL. |
Example
| int wc_MakeCert | ( | Cert * | cert, |
| byte * | derBuffer, | ||
| word32 | derSz, | ||
| RsaKey * | rsaKey, | ||
| ecc_key * | eccKey, | ||
| WC_RNG * | rng | ||
| ) |
Used to make CA signed certs. Called after the subject information has been entered. This function makes an x509 Certificate v3 RSA or ECC from a cert input. It then writes this cert to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate. The certificate must be initialized with wc_InitCert before this method is called.
| cert | pointer to an initialized cert structure |
| derBuffer | pointer to the buffer in which to hold the generated cert |
| derSz | size of the buffer in which to store the cert |
| rsaKey | pointer to an RsaKey structure containing the rsa key used to generate the certificate |
| eccKey | pointer to an EccKey structure containing the ecc key used to generate the certificate |
| rng | pointer to the random number generator used to make the cert |
Example
| int wc_MakeCertReq | ( | Cert * | cert, |
| byte * | derBuffer, | ||
| word32 | derSz, | ||
| RsaKey * | rsaKey, | ||
| ecc_key * | eccKey | ||
| ) |
This function makes a certificate signing request using the input certificate and writes the output to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate request. wc_SignCert() will need to be called after this function to sign the certificate request. Please see the wolfCrypt test application (./wolfcrypt/test/test.c) for an example usage of this function.
| cert | pointer to an initialized cert structure |
| derBuffer | pointer to the buffer in which to hold the generated certificate request |
| derSz | size of the buffer in which to store the certificate request |
| rsaKey | pointer to an RsaKey structure containing the rsa key used to generate the certificate request |
| eccKey | pointer to an EccKey structure containing the ecc key used to generate the certificate request |
Example
| int wc_MakeSelfCert | ( | Cert * | cert, |
| byte * | derBuffer, | ||
| word32 | derSz, | ||
| RsaKey * | key, | ||
| WC_RNG * | rng | ||
| ) |
This function is a combination of the previous two functions, wc_MakeCert and wc_SignCert for self signing (the previous functions may be used for CA requests). It makes a certificate, and then signs it, generating a self-signed certificate.
| cert | pointer to the cert to make and sign |
| buffer | pointer to the buffer in which to hold the signed certificate |
| buffSz | size of the buffer in which to store the signed certificate |
| key | pointer to an RsaKey structure containing the rsa key to used to sign the certificate |
| rng | pointer to the random number generator used to generate and sign the certificate |
Example
| int wc_ParseCert | ( | DecodedCert * | cert, |
| int | type, | ||
| int | verify, | ||
| void * | cm | ||
| ) |
This function parses the DER-encoded certificate saved in the DecodedCert object and populates the fields of that object. The DecodedCert must have been initialized with a prior call to wc_InitDecodedCert. This function takes an optional pointer to a CertificateManager object, which is used to populate the certificate authority information of the DecodedCert, if the CA is found in the CertificateManager.
| cert | Pointer to an initialized DecodedCert object. |
| type | Type of certificate. See the CertType enum in asn_public.h. |
| verify | Flag that, if set, indicates the user wants to verify the validity of the certificate. |
| cm | An optional pointer to a CertificateManager. Can be NULL. |
Example
| int wc_PemCertToDer | ( | const char * | fileName, |
| unsigned char * | derBuf, | ||
| int | derSz | ||
| ) |
This function converts a pem certificate to a der certificate, and places the resulting certificate in the derBuf buffer provided.
| fileName | path to the file containing a pem certificate to convert to a der certificate |
| derBuf | pointer to a char buffer in which to store the converted certificate |
| derSz | size of the char buffer in which to store the converted certificate |
Example
| int wc_PemPubKeyToDer | ( | const char * | fileName, |
| unsigned char * | derBuf, | ||
| int | derSz | ||
| ) |
Loads a PEM key from a file and converts to a DER encoded buffer.
| fileName | Name of the file to load. |
| derBuf | Buffer for DER encoded key. |
| derSz | Size of DER buffer. |
Example
| int wc_PubKeyPemToDer | ( | const unsigned char * | pem, |
| int | pemSz, | ||
| unsigned char * | buff, | ||
| int | buffSz | ||
| ) |
Convert a PEM encoded public key to DER. Returns the number of bytes written to the buffer or a negative value for an error.
| pem | PEM encoded key |
| pemSz | Size of pem |
| buff | Pointer to buffer for output. |
| buffSz | Size of buffer. |
Example
| int wc_SetAltNames | ( | Cert * | cert, |
| const char * | file | ||
| ) |
This function sets the alternate names for a certificate to the alternate names in the provided pem file. This is useful in the case that one wishes to secure multiple domains with the same certificate. This method is used to set fields prior to signing.
| cert | pointer to the cert for which to set the alt names |
| file | path of the file containing the pem formatted certificate |
Example
| int wc_SetAltNamesBuffer | ( | Cert * | cert, |
| const byte * | der, | ||
| int | derSz | ||
| ) |
This function sets the alternate names for a certificate from the alternate names in the provided der buffer. This is useful in the case that one wishes to secure multiple domains with the same certificate. This method is used to set fields prior to signing.
| cert | pointer to the cert for which to set the alternate names |
| der | pointer to the buffer containing the der formatted certificate from which to grab the alternate names |
| derSz | size of the buffer containing the der formatted certificate from which to grab the alternate names |
Example
| int wc_SetAuthKeyId | ( | Cert * | cert, |
| const char * | file | ||
| ) |
Set AKID from certificate file in PEM format.
| cert | Cert struct you want to set the AKID of. |
| file | Buffer containing PEM cert file. |
Example
| int wc_SetAuthKeyIdFromCert | ( | Cert * | cert, |
| const byte * | der, | ||
| int | derSz | ||
| ) |
Set AKID from from DER encoded certificate.
| cert | The Cert struct to write to. |
| der | The DER encoded certificate buffer. |
| derSz | Size of der in bytes. |
Example
| int wc_SetAuthKeyIdFromPublicKey | ( | Cert * | cert, |
| RsaKey * | rsakey, | ||
| ecc_key * | eckey | ||
| ) |
Set AKID from either an RSA or ECC public key. note: Only set one of rsakey or eckey, not both.
| cert | Pointer to the certificate to set the SKID. |
| rsakey | Pointer to the RsaKey struct to read from. |
| eckey | Pointer to the ecc_key to read from. |
Example
| void wc_SetCert_Free | ( | Cert * | cert | ) |
This function cleans up memory and resources used by the certificate structure's decoded cert cache. When WOLFSSL_CERT_GEN_CACHE is defined the decoded cert structure is cached in the certificate structure. This allows subsequent calls to certificate set functions to avoid parsing the decoded cert on each call.
| cert | pointer to an uninitialized certificate information structure. |
Example
| int wc_SetCustomExtension | ( | Cert * | cert, |
| int | critical, | ||
| const char * | oid, | ||
| const byte * | der, | ||
| word32 | derSz | ||
| ) |
This function injects a custom extension in to an X.509 certificate. note: The content at the address pointed to by any of the parameters that are pointers must not be modified until the certificate is generated and you have the der output. This function does NOT copy the contents to another buffer.
| cert | Pointer to an initialized DecodedCert object. |
| critical | If 0, the extension will not be marked critical, otherwise it will be marked critical. |
| oid | Dot separated oid as a string. For example "1.2.840.10045.3.1.7" |
| der | The der encoding of the content of the extension. |
| derSz | The size in bytes of the der encoding. |
Example
| int wc_SetDatesBuffer | ( | Cert * | cert, |
| const byte * | der, | ||
| int | derSz | ||
| ) |
This function sets the dates for a certificate from the date range in the provided der buffer. This method is used to set fields prior to signing.
| cert | pointer to the cert for which to set the dates |
| der | pointer to the buffer containing the der formatted certificate from which to grab the date range |
| derSz | size of the buffer containing the der formatted certificate from which to grab the date range |
Example
| int wc_SetIssuer | ( | Cert * | cert, |
| const char * | issuerFile | ||
| ) |
This function sets the issuer for a certificate to the issuer in the provided pem issuerFile. It also changes the certificate’s self-signed attribute to false. The issuer specified in issuerFile is verified prior to setting the cert issuer. This method is used to set fields prior to signing.
| cert | pointer to the cert for which to set the issuer |
| issuerFile | path of the file containing the pem formatted certificate |
Example
| int wc_SetIssuerBuffer | ( | Cert * | cert, |
| const byte * | der, | ||
| int | derSz | ||
| ) |
This function sets the issuer for a certificate from the issuer in the provided der buffer. It also changes the certificate’s self-signed attribute to false. This method is used to set fields prior to signing.
| cert | pointer to the cert for which to set the issuer |
| der | pointer to the buffer containing the der formatted certificate from which to grab the issuer |
| derSz | size of the buffer containing the der formatted certificate from which to grab the issuer |
Example
| int wc_SetIssuerRaw | ( | Cert * | cert, |
| const byte * | der, | ||
| int | derSz | ||
| ) |
This function sets the raw issuer for a certificate from the issuer in the provided der buffer. This method is used to set the raw issuer field prior to signing.
| cert | pointer to the cert for which to set the raw issuer |
| der | pointer to the buffer containing the der formatted certificate from which to grab the subject |
| derSz | size of the buffer containing the der formatted certificate from which to grab the subject |
Example
| int wc_SetSubject | ( | Cert * | cert, |
| const char * | subjectFile | ||
| ) |
This function sets the subject for a certificate to the subject in the provided pem subjectFile. This method is used to set fields prior to signing.
| cert | pointer to the cert for which to set the issuer |
| subjectFile | path of the file containing the pem formatted certificate |
Example
| int wc_SetSubjectBuffer | ( | Cert * | cert, |
| const byte * | der, | ||
| int | derSz | ||
| ) |
This function sets the subject for a certificate from the subject in the provided der buffer. This method is used to set fields prior to signing.
| cert | pointer to the cert for which to set the subject |
| der | pointer to the buffer containing the der formatted certificate from which to grab the subject |
| derSz | size of the buffer containing the der formatted certificate from which to grab the subject |
Example
| int wc_SetSubjectKeyId | ( | Cert * | cert, |
| const char * | file | ||
| ) |
Set SKID from public key file in PEM format. Both arguments are required.
| cert | Cert structure to set the SKID of. |
| file | Contains the PEM encoded file. |
Example
| int wc_SetSubjectKeyIdFromPublicKey | ( | Cert * | cert, |
| RsaKey * | rsakey, | ||
| ecc_key * | eckey | ||
| ) |
Set SKID from RSA or ECC public key.
| cert | Pointer to a Cert structure to be used. |
| rsakey | Pointer to an RsaKey structure |
| eckey | Pointer to an ecc_key structure |
Example
| int wc_SetSubjectRaw | ( | Cert * | cert, |
| const byte * | der, | ||
| int | derSz | ||
| ) |
This function sets the raw subject for a certificate from the subject in the provided der buffer. This method is used to set the raw subject field prior to signing.
| cert | pointer to the cert for which to set the raw subject |
| der | pointer to the buffer containing the der formatted certificate from which to grab the subject |
| derSz | size of the buffer containing the der formatted certificate from which to grab the subject |
Example
| int wc_SetTimeCb | ( | wc_time_cb | f | ) |
This function registers a time callback that will be used anytime wolfSSL needs to get the current time. The prototype of the callback should be the same as the "time" function from the C standard library.
| f | function to register as the time callback. |
Example
| int wc_SetUnknownExtCallback | ( | DecodedCert * | cert, |
| wc_UnknownExtCallback | cb | ||
| ) |
This function registers a callback that will be used anytime wolfSSL encounters an unknown X.509 extension in a certificate while parsing a certificate. The prototype of the callback should be:
| cert | the DecodedCert struct that is to be associated with this callback. |
| cb | function to register as the time callback. |
Example
| int wc_SignCert | ( | int | requestSz, |
| int | sigType, | ||
| byte * | derBuffer, | ||
| word32 | derSz, | ||
| RsaKey * | rsaKey, | ||
| ecc_key * | eccKey, | ||
| WC_RNG * | rng | ||
| ) |
This function signs buffer and adds the signature to the end of buffer. It takes in a signature type. Must be called after wc_MakeCert() or wc_MakeCertReq() if creating a CA signed cert.
| requestSz | the size of the certificate body we’re requesting to have signed |
| sType | Type of signature to create. Valid options are: CTC_MD5wRSA, CTC_SHAwRSA, CTC_SHAwECDSA, CTC_SHA256wECDSA, and CTC_SHA256wRSA |
| buffer | pointer to the buffer containing the certificate to be signed. On success: will hold the newly signed certificate |
| buffSz | the (total) size of the buffer in which to store the newly signed certificate |
| rsaKey | pointer to an RsaKey structure containing the rsa key to used to sign the certificate |
| eccKey | pointer to an EccKey structure containing the ecc key to used to sign the certificate |
| rng | pointer to the random number generator used to sign the certificate |
Example
| time_t wc_Time | ( | time_t * | t | ) |
This function gets the current time. By default, it uses the XTIME macro, which varies between platforms. The user can use a function of their choosing instead via the wc_SetTimeCb function.
| t | Optional time_t pointer to populate with current time. |
Example
1.9.1