Mbed TLS v3.6.1
|
PKCS #7 generic defines and structures https://tools.ietf.org/html/rfc2315. More...
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/x509_crt.h"
Go to the source code of this file.
Data Structures | |
struct | mbedtls_pkcs7_signer_info |
struct | mbedtls_pkcs7_signed_data |
struct | mbedtls_pkcs7 |
Macros | |
PKCS #7 Module Error codes | |
Note: For the time being, this implementation of the PKCS #7 cryptographic message syntax is a partial implementation of RFC 2315. Differences include:
| |
#define | MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x5300 |
#define | MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x5380 |
#define | MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 |
#define | MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 |
#define | MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 |
#define | MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 |
#define | MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 |
#define | MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 |
#define | MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 |
#define | MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 |
#define | MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 |
#define | MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 |
PKCS #7 Supported Version | |
#define | MBEDTLS_PKCS7_SUPPORTED_VERSION 0x01 |
enum | mbedtls_pkcs7_type { MBEDTLS_PKCS7_NONE =0 , MBEDTLS_PKCS7_DATA , MBEDTLS_PKCS7_SIGNED_DATA , MBEDTLS_PKCS7_ENVELOPED_DATA , MBEDTLS_PKCS7_SIGNED_AND_ENVELOPED_DATA , MBEDTLS_PKCS7_DIGESTED_DATA , MBEDTLS_PKCS7_ENCRYPTED_DATA } |
typedef mbedtls_asn1_buf | mbedtls_pkcs7_buf |
typedef mbedtls_asn1_named_data | mbedtls_pkcs7_name |
typedef mbedtls_asn1_sequence | mbedtls_pkcs7_sequence |
typedef struct mbedtls_pkcs7_signer_info | mbedtls_pkcs7_signer_info |
typedef struct mbedtls_pkcs7_signed_data | mbedtls_pkcs7_signed_data |
typedef struct mbedtls_pkcs7 | mbedtls_pkcs7 |
void | mbedtls_pkcs7_init (mbedtls_pkcs7 *pkcs7) |
Initialize mbedtls_pkcs7 structure. | |
int | mbedtls_pkcs7_parse_der (mbedtls_pkcs7 *pkcs7, const unsigned char *buf, const size_t buflen) |
Parse a single DER formatted PKCS #7 detached signature. | |
int | mbedtls_pkcs7_signed_data_verify (mbedtls_pkcs7 *pkcs7, const mbedtls_x509_crt *cert, const unsigned char *data, size_t datalen) |
Verification of PKCS #7 signature against a caller-supplied certificate. | |
int | mbedtls_pkcs7_signed_hash_verify (mbedtls_pkcs7 *pkcs7, const mbedtls_x509_crt *cert, const unsigned char *hash, size_t hashlen) |
Verification of PKCS #7 signature against a caller-supplied certificate. | |
void | mbedtls_pkcs7_free (mbedtls_pkcs7 *pkcs7) |
Unallocate all PKCS #7 data and zeroize the memory. It doesn't free pkcs7 itself. This should be done by the caller. | |
PKCS #7 generic defines and structures https://tools.ietf.org/html/rfc2315.
Definition in file pkcs7.h.
#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 |
#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 |
#define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 |
#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x5380 |
#define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 |
#define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 |
#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 |
#define MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x5300 |
#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 |
#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 |
#define MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 |
#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 |
typedef struct mbedtls_pkcs7 mbedtls_pkcs7 |
Structure holding PKCS #7 structure, only signed data for now
typedef mbedtls_asn1_buf mbedtls_pkcs7_buf |
typedef struct mbedtls_pkcs7_signed_data mbedtls_pkcs7_signed_data |
Structure holding the signed data section
typedef struct mbedtls_pkcs7_signer_info mbedtls_pkcs7_signer_info |
Structure holding PKCS #7 signer info
enum mbedtls_pkcs7_type |
void mbedtls_pkcs7_free | ( | mbedtls_pkcs7 * | pkcs7 | ) |
Unallocate all PKCS #7 data and zeroize the memory. It doesn't free pkcs7
itself. This should be done by the caller.
pkcs7 | mbedtls_pkcs7 structure to free. |
void mbedtls_pkcs7_init | ( | mbedtls_pkcs7 * | pkcs7 | ) |
Initialize mbedtls_pkcs7 structure.
pkcs7 | mbedtls_pkcs7 structure. |
int mbedtls_pkcs7_parse_der | ( | mbedtls_pkcs7 * | pkcs7, |
const unsigned char * | buf, | ||
const size_t | buflen | ||
) |
Parse a single DER formatted PKCS #7 detached signature.
pkcs7 | The mbedtls_pkcs7 structure to be filled by the parser. |
buf | The buffer holding only the DER encoded PKCS #7 content. |
buflen | The size in bytes of buf . The size must be exactly the length of the DER encoded PKCS #7 content. |
buf
. In particular, buf
may be destroyed or reused after this call returns. mbedtls_pkcs7_type
of buf
, if successful. int mbedtls_pkcs7_signed_data_verify | ( | mbedtls_pkcs7 * | pkcs7, |
const mbedtls_x509_crt * | cert, | ||
const unsigned char * | data, | ||
size_t | datalen | ||
) |
Verification of PKCS #7 signature against a caller-supplied certificate.
For each signer in the PKCS structure, this function computes a signature over the supplied data, using the supplied certificate and the same digest algorithm as specified by the signer. It then compares this signature against the signer's signature; verification succeeds if any comparison matches.
This function does not use the certificates held within the PKCS #7 structure itself, and does not check that the certificate is signed by a trusted certification authority.
pkcs7 | mbedtls_pkcs7 structure containing signature. |
cert | Certificate containing key to verify signature. |
data | Plain data on which signature has to be verified. |
datalen | Length of the data. |
int mbedtls_pkcs7_signed_hash_verify | ( | mbedtls_pkcs7 * | pkcs7, |
const mbedtls_x509_crt * | cert, | ||
const unsigned char * | hash, | ||
size_t | hashlen | ||
) |
Verification of PKCS #7 signature against a caller-supplied certificate.
For each signer in the PKCS structure, this function validates a signature over the supplied hash, using the supplied certificate and the same digest algorithm as specified by the signer. Verification succeeds if any signature is good.
This function does not use the certificates held within the PKCS #7 structure itself, and does not check that the certificate is signed by a trusted certification authority.
pkcs7 | PKCS #7 structure containing signature. |
cert | Certificate containing key to verify signature. |
hash | Hash of the plain data on which signature has to be verified. |
hashlen | Length of the hash. |