mbed TLS v3.3.0
|
PKCS7 generic defines and structures https://tools.ietf.org/html/rfc2315. More...
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
Go to the source code of this file.
Data Structures | |
struct | mbedtls_pkcs7_signer_info |
struct | mbedtls_pkcs7_data |
struct | mbedtls_pkcs7_signed_data |
struct | mbedtls_pkcs7 |
Macros | |
PKCS7 Module Error codes | |
This feature is a work in progress and not ready for production. The API may change. Furthermore, please note that the implementation has only been validated with well-formed inputs, not yet with untrusted inputs (which is almost always the case in practice). Note: For the time being, this implementation of the PKCS7 cryptographic message syntax is a partial implementation of RFC 2315. Differences include:
| |
#define | MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x5300 |
#define | MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x5380 |
#define | MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 |
#define | MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 |
#define | MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 |
#define | MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 |
#define | MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 |
#define | MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 |
#define | MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 |
#define | MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 |
#define | MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 |
#define | MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 |
PKCS7 generic defines and structures https://tools.ietf.org/html/rfc2315.
Definition in file pkcs7.h.
#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 |
#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 |
#define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 |
#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x5380 |
#define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 |
#define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 |
#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 |
#define MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x5300 |
#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 |
#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 |
#define MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 |
#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 |
typedef struct mbedtls_pkcs7 mbedtls_pkcs7 |
Structure holding PKCS7 structure, only signed data for now
typedef mbedtls_asn1_buf mbedtls_pkcs7_buf |
typedef struct mbedtls_pkcs7_data mbedtls_pkcs7_data |
Structure holding attached data as part of PKCS7 signed data format
typedef struct mbedtls_pkcs7_signed_data mbedtls_pkcs7_signed_data |
Structure holding the signed data section
typedef struct mbedtls_pkcs7_signer_info mbedtls_pkcs7_signer_info |
Structure holding PKCS7 signer info
enum mbedtls_pkcs7_type |
void mbedtls_pkcs7_free | ( | mbedtls_pkcs7 * | pkcs7 | ) |
Unallocate all PKCS7 data and zeroize the memory. It doesn't free pkcs7 itself. It should be done by the caller.
pkcs7 | PKCS7 structure to free. |
void mbedtls_pkcs7_init | ( | mbedtls_pkcs7 * | pkcs7 | ) |
Initialize pkcs7 structure.
pkcs7 | pkcs7 structure. |
int mbedtls_pkcs7_parse_der | ( | mbedtls_pkcs7 * | pkcs7, |
const unsigned char * | buf, | ||
const size_t | buflen | ||
) |
Parse a single DER formatted pkcs7 content.
pkcs7 | The pkcs7 structure to be filled by parser for the output. |
buf | The buffer holding the DER encoded pkcs7. |
buflen | The size in bytes of buf . |
buf
. In particular, buf
may be destroyed or reused after this call returns.mbedtls_pkcs7_type
of buf
, if successful. int mbedtls_pkcs7_signed_data_verify | ( | mbedtls_pkcs7 * | pkcs7, |
const mbedtls_x509_crt * | cert, | ||
const unsigned char * | data, | ||
size_t | datalen | ||
) |
Verification of PKCS7 signature against a caller-supplied certificate.
For each signer in the PKCS structure, this function computes a signature over the supplied data, using the supplied certificate and the same digest algorithm as specified by the signer. It then compares this signature against the signer's signature; verification succeeds if any comparison matches.
This function does not use the certificates held within the PKCS7 structure itself.
pkcs7 | PKCS7 structure containing signature. |
cert | Certificate containing key to verify signature. |
data | Plain data on which signature has to be verified. |
datalen | Length of the data. |
int mbedtls_pkcs7_signed_hash_verify | ( | mbedtls_pkcs7 * | pkcs7, |
const mbedtls_x509_crt * | cert, | ||
const unsigned char * | hash, | ||
size_t | hashlen | ||
) |
Verification of PKCS7 signature against a caller-supplied certificate.
For each signer in the PKCS structure, this function computes a signature over the supplied hash, using the supplied certificate and the same digest algorithm as specified by the signer. It then compares this signature against the signer's signature; verification succeeds if any comparison matches.
This function does not use the certificates held within the PKCS7 structure itself.
pkcs7 | PKCS7 structure containing signature. |
cert | Certificate containing key to verify signature. |
hash | Hash of the plain data on which signature has to be verified. |
hashlen | Length of the hash. |