cert.h File Reference


Detailed Description

Interfaces for certificate processing and related ASN.1 functions.

Defines structs/classes: Data, DName, Cert, Chain, CRL, Signer, CMS1

The standard algorithms implemented here are not in the FIPS-approved class, but are specified in various ISO/IEC and IETF publications.

Requires str.h, pk.h

Implemented in cert.c.

Functions performing cryptographic operations are:
  checksign()
  checksignhash()
  makep8() - if this fails, check Algorithm::isErrorState() 
             to see if CDK is in the hard error state.
  parsep8()
  parsep10()	
  checkcert()	
  CRL::check()

All other methods and functions are merely data manipulation tools for dealing 
with ASN.1 objects.

Recommendations for strict FIPS 140-1 compliance:
  All classes/methods defined in this file may be used in an application claiming
  FIPS 140-1 complaince with the exception of specifying hash types and/or algorithms. 
  Hash type must be hSHA1 as that is the only FIPS approved hash algorithm. You cannot
  use *makep12* or *parsep12* as the PKCS #12 specific requires RC2 be used for the outer
  encryption and TDES for encrypting the private key.


Namespaces

namespace  cdk

Data Structures

struct  DName
 Data type used for representing and processing X.500 distinguished names. More...
struct  Cert
 Data type used for encoding and decoding individual X.509 certificates. More...
struct  Chain
 Data type used for processing X.509 certificate chains. More...
struct  CRL
 Data type used for creating and processing certificate revocation lists. More...
struct  certid
 Data type used to detect matching certificates. More...
struct  tokenop
 Data type used by callbacks to do private key operations, possibly on a hardware token. More...
struct  Signer
 Data type used for CMS digital signature operations. More...
struct  CMS1
 Data type used for in-memory PKCS #7 operations (RFC 3852 CMS). More...

Typedefs

typedef int(CALLBACK *) cdk::TokenDecryptCallback (tokenop &)
 Callback type for decryption operations.
typedef int(CALLBACK *) cdk::TokenSignCallback (tokenop &)
 Callback type for signature operations.
typedef int(CALLBACK *) cdk::TokenVerifyCallback (tokenop &)
 Callback type for signature validation.

Functions

_cdkpub int cdk::parsedname (const str &dn, str &ASCII, int opt=0)
 Parse an ASN.1 encoded DN into a printable string.
_cdkpub int cdk::parsesign (const str &cer, asn &body, asn &oid, asn &sig, int recode_der=0)
 Parse the signature out of an ASN.1 encoded certificate.
_cdkpub str cdk::makesign (const str &body, const str &oid, const str &sig)
 Create an X.509 certificate (or CRL) by combining its body with an issuer's signature.
_cdkpub num cdk::makep1 (int htype, const num &hvalue, int n)
 Pad a message digest value according to PKCS#1v1.5 (for signing).
_cdkpub int cdk::parsep1 (const str &b, int &htype, asn &hvalue)
 Parse a PKCS#1v1.5 padded message digest.
_cdkpub str cdk::makep7 (const Chain &chn)
 Create an ASN.1 encoded PKCS#7 PDU containing a set of certificates.
_cdkpub int cdk::parsep7 (const str &b, Chain &chn)
 Parse an ASN.1 encoded PKCS#7 PDU containing one or more certificates.
_cdkpub str cdk::makep8 (const str &oid, const str &prv, const str &pwd)
 Create an ASN.1 encoded PKCS#8 PDU containing an encrypted private key.
_cdkpub int cdk::parsep8 (const str &p8, const str &pwd, asn &oid, asn &prv)
 Decrypt and parse an ASN.1 encoded PKCS#8 PDU containing an encrypted private key.
_cdkpub str cdk::makep10raw (const str &dn, const str &oid, const str &pub, const str &attributes)
 Create an ASN.1 encoded PKCS#10 certificate request.
_cdkpub int cdk::parsep10 (const str &p10, asn &dn, asn &oid, asn &pub, asn &attributes)
 Parse an ASN.1 encoded PKCS#10 certificate request.
_cdkpub int cdk::parse_crmf (const str &req, asn &dn, asn &oid, asn &pub, asn &attributes)
 Parse an ASN.1 encoded CRMF PDU.
_cdkpub str cdk::make_cmmf (const Chain &chn, int requestid)
 Create a Netscape CMMF PDU.
_cdkpub str cdk::makep12 (const str &cer, const str &oid, const str &prv, const str &pwd, const str &frname, const str &id)
 Create an ASN.1 encoded PKCS#12 PDU.
_cdkpub int cdk::parsep12 (const str &p12, const char *pwd, Chain &chn, asn &oid, asn &prv, asn &crl)
 Decrypt and parse an ASN.1 encoded PKCS#12 PDU containing an encrypted private key.
_cdkpub int cdk::checkcert (const str &certissuer, const str &certsubject)
 Validate one ASN.1 encoded certificate against another.
_cdkpub int cdk::checksign (const str &cer, const str &oidhash, const str &msg, const str &sig)
 Validate an ASN.1 encoded digital signature over a specified message.
_cdkpub int cdk::checksignhash (const str &cer, const num &h, const str &sig)
 Validate an ASN.1 encoded digital signature over a specified hash value.
typedef cdk::int (CALLBACK *TokenCallback)(tokenop &)
 General callback type.
_cdkpub str cdk::make_ocsp_req (const str &caCert, const str &subCert, const str &nonce)
 Create an OCSP request.
_cdkpub int cdk::check_ocsp (const str &req, const str &resp, asn &signinfo, TimeT &revTime, asn &certs, asn &dn)
 Check an OCSP response.
_cdkpub int cdk::check_signinfo (const str &cer, const str &signinfo)
 Check an OCSP response.
_cdkpub str cdk::asn1ber_to_der (const asn &ber)
 Convert a BER-encoded (indefinite length encoding) to a DER-encoded PDU.


ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.