Defines structs/classes: Data, DName, Cert, Chain, CRL, Signer, CMS1
The standard algorithms implemented here are not in the FIPS-approved class, but are specified in various ISO/IEC and IETF publications.
Implemented in cert.c.
Functions performing cryptographic operations are:
checksign()
checksignhash()
makep8() - if this fails, check Algorithm::isErrorState()
to see if CDK is in the hard error state.
parsep8()
parsep10()
checkcert()
CRL::check()
All other methods and functions are merely data manipulation tools for dealing
with ASN.1 objects.
Recommendations for strict FIPS 140-1 compliance:
All classes/methods defined in this file may be used in an application claiming
FIPS 140-1 complaince with the exception of specifying hash types and/or algorithms.
Hash type must be hSHA1 as that is the only FIPS approved hash algorithm. You cannot
use *makep12* or *parsep12* as the PKCS #12 specific requires RC2 be used for the outer
encryption and TDES for encrypting the private key.
Namespaces | |
| namespace | cdk |
Data Structures | |
| struct | DName |
| Data type used for representing and processing X.500 distinguished names. More... | |
| struct | Cert |
| Data type used for encoding and decoding individual X.509 certificates. More... | |
| struct | Chain |
| Data type used for processing X.509 certificate chains. More... | |
| struct | CRL |
| Data type used for creating and processing certificate revocation lists. More... | |
| struct | certid |
| Data type used to detect matching certificates. More... | |
| struct | tokenop |
| Data type used by callbacks to do private key operations, possibly on a hardware token. More... | |
| struct | Signer |
| Data type used for CMS digital signature operations. More... | |
| struct | CMS1 |
| Data type used for in-memory PKCS #7 operations (RFC 3852 CMS). More... | |
Typedefs | |
| typedef int(CALLBACK *) | cdk::TokenDecryptCallback (tokenop &) |
| Callback type for decryption operations. | |
| typedef int(CALLBACK *) | cdk::TokenSignCallback (tokenop &) |
| Callback type for signature operations. | |
| typedef int(CALLBACK *) | cdk::TokenVerifyCallback (tokenop &) |
| Callback type for signature validation. | |
Functions | |
| _cdkpub int | cdk::parsedname (const str &dn, str &ASCII, int opt=0) |
| Parse an ASN.1 encoded DN into a printable string. | |
| _cdkpub int | cdk::parsesign (const str &cer, asn &body, asn &oid, asn &sig, int recode_der=0) |
| Parse the signature out of an ASN.1 encoded certificate. | |
| _cdkpub str | cdk::makesign (const str &body, const str &oid, const str &sig) |
| Create an X.509 certificate (or CRL) by combining its body with an issuer's signature. | |
| _cdkpub num | cdk::makep1 (int htype, const num &hvalue, int n) |
| Pad a message digest value according to PKCS#1v1.5 (for signing). | |
| _cdkpub int | cdk::parsep1 (const str &b, int &htype, asn &hvalue) |
| Parse a PKCS#1v1.5 padded message digest. | |
| _cdkpub str | cdk::makep7 (const Chain &chn) |
| Create an ASN.1 encoded PKCS#7 PDU containing a set of certificates. | |
| _cdkpub int | cdk::parsep7 (const str &b, Chain &chn) |
| Parse an ASN.1 encoded PKCS#7 PDU containing one or more certificates. | |
| _cdkpub str | cdk::makep8 (const str &oid, const str &prv, const str &pwd) |
| Create an ASN.1 encoded PKCS#8 PDU containing an encrypted private key. | |
| _cdkpub int | cdk::parsep8 (const str &p8, const str &pwd, asn &oid, asn &prv) |
| Decrypt and parse an ASN.1 encoded PKCS#8 PDU containing an encrypted private key. | |
| _cdkpub str | cdk::makep10raw (const str &dn, const str &oid, const str &pub, const str &attributes) |
| Create an ASN.1 encoded PKCS#10 certificate request. | |
| _cdkpub int | cdk::parsep10 (const str &p10, asn &dn, asn &oid, asn &pub, asn &attributes) |
| Parse an ASN.1 encoded PKCS#10 certificate request. | |
| _cdkpub int | cdk::parse_crmf (const str &req, asn &dn, asn &oid, asn &pub, asn &attributes) |
| Parse an ASN.1 encoded CRMF PDU. | |
| _cdkpub str | cdk::make_cmmf (const Chain &chn, int requestid) |
| Create a Netscape CMMF PDU. | |
| _cdkpub str | cdk::makep12 (const str &cer, const str &oid, const str &prv, const str &pwd, const str &frname, const str &id) |
| Create an ASN.1 encoded PKCS#12 PDU. | |
| _cdkpub int | cdk::parsep12 (const str &p12, const char *pwd, Chain &chn, asn &oid, asn &prv, asn &crl) |
| Decrypt and parse an ASN.1 encoded PKCS#12 PDU containing an encrypted private key. | |
| _cdkpub int | cdk::checkcert (const str &certissuer, const str &certsubject) |
| Validate one ASN.1 encoded certificate against another. | |
| _cdkpub int | cdk::checksign (const str &cer, const str &oidhash, const str &msg, const str &sig) |
| Validate an ASN.1 encoded digital signature over a specified message. | |
| _cdkpub int | cdk::checksignhash (const str &cer, const num &h, const str &sig) |
| Validate an ASN.1 encoded digital signature over a specified hash value. | |
| typedef | cdk::int (CALLBACK *TokenCallback)(tokenop &) |
| General callback type. | |
| _cdkpub str | cdk::make_ocsp_req (const str &caCert, const str &subCert, const str &nonce) |
| Create an OCSP request. | |
| _cdkpub int | cdk::check_ocsp (const str &req, const str &resp, asn &signinfo, TimeT &revTime, asn &certs, asn &dn) |
| Check an OCSP response. | |
| _cdkpub int | cdk::check_signinfo (const str &cer, const str &signinfo) |
| Check an OCSP response. | |
| _cdkpub str | cdk::asn1ber_to_der (const asn &ber) |
| Convert a BER-encoded (indefinite length encoding) to a DER-encoded PDU. | |
| ISC Cryptographic Development Kit - User's Guide |
|
| Questions? E-mail ISC technical support | |
| Copyright© 2002-2006 Information Security Corp. All rights reserved. |