cdk Namespace Reference


Detailed Description

Namespace for all CDK symbols.


Data Structures

class  AES
 Implementation of the NIST Advanced Encryption Standard ("AES"), FIPS 197. More...
class  Algorithm
 Base class for tracking algorithm errors and internal system states. More...
struct  recinfo
 Lowest level data type used to process ASN.1 data. More...
struct  Date
 Data type used for date and time processing. More...
struct  asn
 Internal data type used for ASN.1 BER/DER encoding/decoding. More...
class  ISC_CDK
 Base class for FIPS 140-1 on-demand self-tests, error state tracking, and convenience utilities. More...
struct  DName
 Data type used for representing and processing X.500 distinguished names. More...
struct  Cert
 Data type used for encoding and decoding individual X.509 certificates. More...
struct  Chain
 Data type used for processing X.509 certificate chains. More...
struct  CRL
 Data type used for creating and processing certificate revocation lists. More...
struct  certid
 Data type used to detect matching certificates. More...
struct  tokenop
 Data type used by callbacks to do private key operations, possibly on a hardware token. More...
struct  Signer
 Data type used for CMS digital signature operations. More...
struct  CMS1
 Data type used for in-memory PKCS #7 operations (RFC 3852 CMS). More...
class  CRC
 Implementation of the IEEE 32-bit CRC. More...
class  DES
 Implementation of the NIST Data Encryption Standard (DES, TDES, and variants), FIPS 46-3/81. More...
class  EES
 Implementation of the NIST EES ("Skipjack"), FIPS 185. More...
class  MD2
 Implementation of the RFC 1319 MD2 message digest. More...
class  MD5
 Implementation of the RFC 1321 MD5 message digest. More...
struct  GroupData
 Data type used to store parameters for particular Abelian groups. More...
class  Password
 Implementation of the NIST FIPS 181 Automated Password Generator. More...
class  Nat
 Data type used to represent elements of various algebraic objects. More...
struct  Parameters
 Base class for arithmetic parameters (used to define various algebraic structures). More...
class  FParms
 Data type used to specify arithmetic parameters for various rings and fields. More...
struct  num
 Implementation of the arithmetic in various groups, rings, and fields. More...
class  GParms
 Data type used to specify arithmetic parameters for various groups, including elliptic curves. More...
class  Point
 Data type used to represent the elements of, and abstract the operations in, various Abelian groups, including elliptic curves. More...
class  RSA
 Implementation of RSA-based cryptographic schemes. More...
class  Signature
 Data type used for digital signature operations. More...
struct  Key
 Class Key is the principal data type used for public and private keys and all related cryptographic operations. More...
class  PRNG
 Implementation of the NIST FIPS 186-2 Pseudorandom Number Generator. More...
struct  RC2
 Implementation of the RC2 symmetric block cipher. More...
class  RC4
 Implementation of the RC4 stream cipher. More...
class  SHA
 Implementation of the NIST Secure Hash Algorithm (SHA/SHA-1), FIPS 180-1. More...
class  SHA2
 Implementation of the Extended NIST Secure Hash Algorithms (SHA-256/-384/-512), FIPS 180-2. More...
struct  str
 Class str is somewhat similar to the STL std::string type. More...
struct  party
 Internal data type used by the implementation of class TLS to encapsulate various cryptographic operations. More...
struct  TLS
 Data type used to implement SSLv2/TLS. For details, see RFC 2246. More...

Typedefs

typedef double TimeT
 Data type used to extend UNIX time format.
typedef int(CALLBACK *) TokenDecryptCallback (tokenop &)
 Callback type for decryption operations.
typedef int(CALLBACK *) TokenSignCallback (tokenop &)
 Callback type for signature operations.
typedef int(CALLBACK *) TokenVerifyCallback (tokenop &)
 Callback type for signature validation.
typedef Natnat
 pointer to a Nat
typedef Nat const * cnat
 const pointer to a Nat
typedef unsigned int nword
 basic word type
typedef nwordnwordp
 pointer to a nword
typedef nword const * cnwordp
 const pointer to a nword

Enumerations

enum  tags {
  Bool = 0x01,
  Int = 0x02,
  Bit = 0x03,
  Oct = 0x04,
  Obj = 0x06,
  Asc = 0x13,
  Asc0C = 0x0C,
  Asc14 = 0x14,
  Asc16 = 0x16,
  Asc1A = 0x1A,
  T_Date17 = 0x17,
  T_Date = 0x18,
  Unicode = 0x1E,
  Seq = 0x30,
  Set = 0x31 ,
  VarStr = 0x0B,
  VarInt = 0x1F,
  VarNum = 0x0D,
  VarDate = 0x0E,
  TagOption = 0x0F,
  BitTrunc = -3
}
 ASN.1 tags for simple types and aliases for various BER/DER encoding bytes. More...
enum  DSAParms {
  FIPSEXAMPLE = 0,
  ISCDSA512 = 1,
  ISCDSA768 = 2,
  ISCDSA1024 = 3,
  ISCDSA2048 = 4,
  ISCDSA4096 = 5
}
 Parameter IDs for DSA. More...
enum  NISTCurves {
  NISTP192 = 0,
  NISTP224 = 1,
  NISTP256 = 2,
  NISTP384 = 3,
  NISTP521 = 4,
  NISTK163 = 5,
  NISTB163 = 6,
  NISTK233 = 7,
  NISTB233 = 8,
  NISTK283 = 9,
  NISTB283 = 10,
  NISTK409 = 11,
  NISTB409 = 12,
  NISTK571 = 13,
  NISTB571 = 14
}
 Parameter IDs for NIST FIPS 186-2 elliptic curves; SECG and ANSI X.9.62 aliases are also provided below. More...
enum  hashes {
  hNone,
  hMD2 = 1,
  hMD4 = 2,
  hMD5 = 3,
  hSHA1 = 4,
  hSHA256 = 5,
  hSHA384 = 6,
  hSHA512 = 7,
  hSHA224 = 8
}
 Algorithm IDs for various hash functions (values are consistent with MS CAPI) More...
enum  groups
 IDs for various groups/algorithms (for internal use only).

Functions

_cdkpub TimeT timegmt ()
 Get the current time (GMT) in UNIX format.
_cdkpub num loaddec (const char *s)
 Convert an ASCII string of decimal digits to the corresponding num.
_cdkpub int parsedname (const str &dn, str &ASCII, int opt=0)
 Parse an ASN.1 encoded DN into a printable string.
_cdkpub int parsesign (const str &cer, asn &body, asn &oid, asn &sig, int recode_der=0)
 Parse the signature out of an ASN.1 encoded certificate.
_cdkpub str makesign (const str &body, const str &oid, const str &sig)
 Create an X.509 certificate (or CRL) by combining its body with an issuer's signature.
_cdkpub num makep1 (int htype, const num &hvalue, int n)
 Pad a message digest value according to PKCS#1v1.5 (for signing).
_cdkpub int parsep1 (const str &b, int &htype, asn &hvalue)
 Parse a PKCS#1v1.5 padded message digest.
_cdkpub str makep7 (const Chain &chn)
 Create an ASN.1 encoded PKCS#7 PDU containing a set of certificates.
_cdkpub int parsep7 (const str &b, Chain &chn)
 Parse an ASN.1 encoded PKCS#7 PDU containing one or more certificates.
_cdkpub str makep8 (const str &oid, const str &prv, const str &pwd)
 Create an ASN.1 encoded PKCS#8 PDU containing an encrypted private key.
_cdkpub int parsep8 (const str &p8, const str &pwd, asn &oid, asn &prv)
 Decrypt and parse an ASN.1 encoded PKCS#8 PDU containing an encrypted private key.
_cdkpub str makep10raw (const str &dn, const str &oid, const str &pub, const str &attributes)
 Create an ASN.1 encoded PKCS#10 certificate request.
_cdkpub int parsep10 (const str &p10, asn &dn, asn &oid, asn &pub, asn &attributes)
 Parse an ASN.1 encoded PKCS#10 certificate request.
_cdkpub int parse_crmf (const str &req, asn &dn, asn &oid, asn &pub, asn &attributes)
 Parse an ASN.1 encoded CRMF PDU.
_cdkpub str make_cmmf (const Chain &chn, int requestid)
 Create a Netscape CMMF PDU.
_cdkpub str makep12 (const str &cer, const str &oid, const str &prv, const str &pwd, const str &frname, const str &id)
 Create an ASN.1 encoded PKCS#12 PDU.
_cdkpub int parsep12 (const str &p12, const char *pwd, Chain &chn, asn &oid, asn &prv, asn &crl)
 Decrypt and parse an ASN.1 encoded PKCS#12 PDU containing an encrypted private key.
_cdkpub int checkcert (const str &certissuer, const str &certsubject)
 Validate one ASN.1 encoded certificate against another.
_cdkpub int checksign (const str &cer, const str &oidhash, const str &msg, const str &sig)
 Validate an ASN.1 encoded digital signature over a specified message.
_cdkpub int checksignhash (const str &cer, const num &h, const str &sig)
 Validate an ASN.1 encoded digital signature over a specified hash value.
typedef int (CALLBACK *TokenCallback)(tokenop &)
 General callback type.
_cdkpub str make_ocsp_req (const str &caCert, const str &subCert, const str &nonce)
 Create an OCSP request.
_cdkpub int check_ocsp (const str &req, const str &resp, asn &signinfo, TimeT &revTime, asn &certs, asn &dn)
 Check an OCSP response.
_cdkpub int check_signinfo (const str &cer, const str &signinfo)
 Check an OCSP response.
_cdkpub str asn1ber_to_der (const asn &ber)
 Convert a BER-encoded (indefinite length encoding) to a DER-encoded PDU.
template<class T>
str HMAC (const str &key, const str &msg)
 Compute an HMAC over a specified message using a specified key.
_cdkpub str A2O (const str &strDotted)
 Convert human readable OID's in dotted notation to binary equivalent for encoding.
_cdkpub str genkeyp5 (const str &pwd, const str &salt, int iter, int n)
 Generate a (symmetric) key from a password as per PKCS#5.
_cdkpub str genkeyp12 (const str &pwd, const str &salt, int n, int iter, int id)
 Generate a (symmetric) key from a password as per PKCS#12.
_cdkpub int DSA_GenerateParameters (const str &seed, int nq, int np, num &q, num &p, num &g, int &counter, int start=0, int h=2, int v=1)
 Generate DSA parameters as per FIPS 186-2.
_cdkpub int rsadecrypt (const num &pq, const num &d, const num &input, str &x)
 Raises input to the power d, mod pq, and strips pkcs1 padding.
_cdkpub double mytime1 ()
 Get system time.
_cdkpub str getrand1 (int n)
 Get a str object containing a specified number of pseudorandom bytes.
_cdkpub str getrand2 (int n)
 Get a str object containing a specified number of pseudorandom bytes.
template<class T>
void operator+= (T &t, const str &x)
 Operator template used to add() a str object to an object of type T.
template<class T>
str tostr2 (const T &t)
 Template used to convert an object of type T into a str object.
template<class T>
str DoHash (const str &x, int v=1)
 Template used to hash a str object using a message digest of type T.
_cdkpub str hex (const char *hexstr)
 Create a str object by parsing a specified string of hex digits.

Variables

GroupData const DSA_Parms [6]
GroupData const NIST_Curves [15]
GroupData const ANSI_Curves [1]
GroupData const MicrosoftDRM


Enumeration Type Documentation

enum tags

ASN.1 tags for simple types and aliases for various BER/DER encoding bytes.

Enumerator:
Bool  BOOLEAN.
Int  INTEGER.
Bit  BIT STRING.
Oct  OCTET STRING.
Obj  OBJECT IDENTIFIER.
Asc  PrintableString.
Asc0C  UTF8String.
Asc14  TeletexString, T61String.
Asc16  IA5String.
Asc1A  VisibleString.
T_Date17  UTCTime.
T_Date  GeneralizedTime (w/ 4-digit year).
Unicode  BMPString.
Seq  SEQUENCE OF.
Set  SET OF.
VarStr  VarStr.
VarInt  VarInt.
VarNum  VarNum.
VarDate  VarDate.
TagOption  TagOption.
BitTrunc  for RFC 3280 named bit lists

enum DSAParms

Parameter IDs for DSA.

Use this enum to access the built in DSA parmeters
(e.g., cdk::str strOID = cdk::DSA_Parms[cdk::ISCDSA2048].oid()).

Enumerator:
FIPSEXAMPLE  NIST FIPS 186-2 sample DSA parameters
ISCDSA512  ISC 512-bit DSA parameters
ISCDSA768  ISC 768-bit DSA parameters
ISCDSA1024  ISC 1024-bit DSA parameters
ISCDSA2048  ISC 2048-bit DSA parameters
ISCDSA4096  ISC 4096-bit DSA parameters

enum NISTCurves

Parameter IDs for NIST FIPS 186-2 elliptic curves; SECG and ANSI X.9.62 aliases are also provided below.

Use this enum to access built-in ECDSA parameters
(e.g., cdk::str strOID = cdk::NIST_Curves[cdk::NISTP192].oid()).

Enumerator:
NISTP192  NIST curve P-192; SECG secp192r1; ANSI X9.62 ansix9p192r1/prime192v1
NISTP224  NIST curve P-224; SECG secp224r1; ANSI X9.62 ansix9p224r1
NISTP256  NIST curve P-256; SECG secp256r1; ANSI X9.62 ansix9p256r1/prime256v1
NISTP384  NIST curve P-384; SECG secp384r1; ANSI X9.62 ansix9p384r1
NISTP521  NIST curve P-521; SECG secp521r1; ANSI X9.62 ansix9p521r1
NISTK163  NIST curve K-163; SECG sect163k1; ANSI X9.62 ansix9t163k1
NISTB163  NIST curve B-163; SECG sect163r2; ANSI X9.62 ansix9t163r2
NISTK233  NIST curve K-233; SECG sect233k1; ANSI X9.62 ansix9t233k1
NISTB233  NIST curve B-233; SECG sect233r1; ANSI X9.62 ansix9t233r1
NISTK283  NIST curve K-283; SECG sect283k1; ANSI X9.62 ansix9t283k1
NISTB283  NIST curve B-283; SECG sect283r1; ANSI X9.62 ansix9t283r1
NISTK409  NIST curve K-409; SECG sect409k1; ANSI X9.62 ansix9t409k1
NISTB409  NIST curve B-409; SECG sect409r1; ANSI X9.62 ansix9t409r1
NISTK571  NIST curve K-571; SECG sect571k1; ANSI X9.62 ansix9t571k1
NISTB571  NIST curve B-571; SECG sect571r1; ANSI X9.62 ansix9t571r1

enum hashes

Algorithm IDs for various hash functions (values are consistent with MS CAPI)

Enumerator:
hNone  undefined
hMD2  MD2 (RFC 1319)
hMD4  MD4 (RFC 1320)
hMD5  MD5 (RFC 1321)
hSHA1  SHA-1 (FIPS 180-1).
hSHA256  SHA-256 (FIPS 180-2).
hSHA384  SHA-384 (FIPS 180-2).
hSHA512  SHA-512 (FIPS 180-2).
hSHA224  SHA-224 (FIPS 180-2).


Function Documentation

_cdkpub TimeT cdk::timegmt (  ) 

Get the current time (GMT) in UNIX format.

Returns:
a TimeT object representing the current time (GMT) in UNIX format (a double containing the number of seconds since Jan. 1 1970)

_cdkpub num cdk::loaddec ( const char *  s  ) 

Convert an ASCII string of decimal digits to the corresponding num.

Parameters:
s a pointer to a buffer containing the decimal number (in ASCII) to be converted
Returns:
a num object representing the value of s.

_cdkpub int cdk::parsedname ( const str &  dn,
str &  ASCII,
int  opt = 0 
)

Parse an ASN.1 encoded DN into a printable string.

Parameters:
dn an ASN.1 encoded distinguished name.
ASCII an output buffer for the printable string representing dn
opt a format indicator:
0 for RDNs in the order they are encournterd in dn with no intervening spaces
1 for an uppercase string representation of dn
2 for RDNs in the reverse order of their occurance in dn
Returns:
0 (success)
non-zero on failure.

_cdkpub int cdk::parsesign ( const str &  cer,
asn &  body,
asn &  oid,
asn &  sig,
int  recode_der = 0 
)

Parse the signature out of an ASN.1 encoded certificate.

Parameters:
cer the binary ASN.1 encoded certificate to be parsed
body an output buffer for the certificate body (tbsCertificate)
oid an ASN.1 encoded OID identifying the issuer's signature algorithm
sig an output buffer for the issuer's signature (ASN.1 encoded)
recode_der 
Returns:
0 (success)
1, if the certificate cannot be parsed

_cdkpub str cdk::makesign ( const str &  body,
const str &  oid,
const str &  sig 
)

Create an X.509 certificate (or CRL) by combining its body with an issuer's signature.

Parameters:
body the binary ASN.1 encoded certificate body (tbsCertificate)
oid an ASN.1 encoded OID identifying the issuer's signature algorithm
sig the ASN.1 encoded issuer's signature over the body
Returns:
a str containing the complete ASN.1 encoded certificate
(If an error occurs, the returned str has length 0.)
Remarks:
This function doesn't actually sign the certificate body. You may call Key::Sign() and then Signature::toasn1() to obtain the input value for the sig parameter.

_cdkpub num cdk::makep1 ( int  htype,
const num &  hvalue,
int  n 
)

Pad a message digest value according to PKCS#1v1.5 (for signing).

Parameters:
htype type of message digest in hvalue
hvalue hash value to be padded
n required number of output bytes
Returns:
the message digest padded according to PKCS#1v1.5
Remarks:
htype == hNone is allowed and pads according to TLS/SSL (36 bytes, no oid)

_cdkpub int cdk::parsep1 ( const str &  b,
int &  htype,
asn &  hvalue 
)

Parse a PKCS#1v1.5 padded message digest.

Parameters:
b padded hash value to be parsed
htype output buffer for the message digest type
hvalue output buffer for the unpadded message digest value
Returns:
0 (success)
non-zero (failure)

_cdkpub str cdk::makep7 ( const Chain &  chn  ) 

Create an ASN.1 encoded PKCS#7 PDU containing a set of certificates.

Parameters:
chn a set of binary ASN.1 encoded certificates (concatenated together)
Returns:
a str containing an ASN.1 encoded PKCS #7 PDU containing the certificates

_cdkpub int cdk::parsep7 ( const str &  b,
Chain &  chn 
)

Parse an ASN.1 encoded PKCS#7 PDU containing one or more certificates.

Parameters:
b the binary ASN.1 encoded PKCS #7 PDU to be parsed
chn an output buffer for the certificates (concatenated together)
Returns:
0 (success)
non-zero (failure)

_cdkpub str cdk::makep8 ( const str &  oid,
const str &  prv,
const str &  pwd 
)

Create an ASN.1 encoded PKCS#8 PDU containing an encrypted private key.

Parameters:
oid the algorithm identifier of the private key in prv
prv the ASN.1 encoded private key to be encrypted
pwd the password for PKCS#8 PBE
Returns:
a binary ASN.1 encoded private key encrypted in accordance with PKCS #8
(On failure, a str of length 0.)
Remarks:
On failure the returned str has 0 length. In this case Algorithm::isErrorState() should be called to determine whether or not the CDK has entered its hard error state.

_cdkpub int cdk::parsep8 ( const str &  p8,
const str &  pwd,
asn &  oid,
asn &  prv 
)

Decrypt and parse an ASN.1 encoded PKCS#8 PDU containing an encrypted private key.

Parameters:
p8 the PKCS#8 PDU to be decrypted and parsed
pwd the password used to encrypt the PKCS#8 PDU
oid an output buffer for the algorithm ID of the private key
prv an output buffer for the (unencrypted) private key
Returns:
0 (success)
2 (parse error)
3 (invalid password)
CDK_ERROR_STATE, if the CDK is in the hard error state

_cdkpub str cdk::makep10raw ( const str &  dn,
const str &  oid,
const str &  pub,
const str &  attributes 
)

Create an ASN.1 encoded PKCS#10 certificate request.

Parameters:
dn an ASN.1 encoded subject distinguished name
oid the ASN.1 encoded algorithm ID of the public key
pub the ASN.1 encoded public key to include in the reqeust
attributes additional attributes (i.e., extensions) to be included in the request
Returns:
a str containing the binary ASN.1 encoded PKCS#10 certificate request
(On failure, a str of length 0.)

_cdkpub int cdk::parsep10 ( const str &  p10,
asn &  dn,
asn &  oid,
asn &  pub,
asn &  attributes 
)

Parse an ASN.1 encoded PKCS#10 certificate request.

Parameters:
p10 the binary ASN.1 encoded PKCS #10 certificate request to be parsed
dn an output buffer for the subject DN
oid an output buffer for the algorith ID of the public key
pub an output buffer for the public key
attributes an output buffer for additional attributes (i.e., extensions) found in the request
Returns:
0 (success)
1, 2 (parse error)
3 (invalid signature)
CDK_ERROR_STATE

_cdkpub int cdk::parse_crmf ( const str &  req,
asn &  dn,
asn &  oid,
asn &  pub,
asn &  attributes 
)

Parse an ASN.1 encoded CRMF PDU.

Parameters:
req the binary ASN.1 encoded CRMF PDU to be parsed (see RFC 4211)
dn an output buffer for the subject DN
oid an output buffer for the algorith ID of the public key
pub an output buffer for the public key
attributes an output buffer for additional attributes (i.e., extensions) found in the request
Returns:
0 (success)
1, 2 (parse error)
3 (invalid signature)
CDK_ERROR_STATE
Remarks:
Private key escrow is not supported.

_cdkpub str cdk::make_cmmf ( const Chain &  chn,
int  requestid 
)

Create a Netscape CMMF PDU.

Parameters:
chn certificate chain containing newly issued certificate
requestid request id returned by Netscape browser during enrollment
Returns:
a CMMF PDU that Netscape will, upon import, associate with the corresponding private key.

_cdkpub str cdk::makep12 ( const str &  cer,
const str &  oid,
const str &  prv,
const str &  pwd,
const str &  frname,
const str &  id 
)

Create an ASN.1 encoded PKCS#12 PDU.

Parameters:
cer a binary ASN.1 encoded certificate (or a concatenation of binary ASN.1 encoded certificates) to be included in the PDU
oid the ASN.1 encoded algorithm ID of the private key
prv an ASN.1 encoded private key (encrypted or not)
pwd the password to use for encryption of the private key
frname an optional "friendly" name to include in the PDU
id an identifier to include in the PDU
Returns:
a str containing the binary ASN.1 encoded PKCS #12 PDU
(On failure, a str of length 0.)
Remarks:
On failure the returned str has 0 length. In this case Algorithm::isErrorState() should be called to determine whether or not the CDK has entered its hard error state.

_cdkpub int cdk::parsep12 ( const str &  p12,
const char *  pwd,
Chain &  chn,
asn &  oid,
asn &  prv,
asn &  crl 
)

Decrypt and parse an ASN.1 encoded PKCS#12 PDU containing an encrypted private key.

Parameters:
p12 the binary ASN.1 encoded PKCS#12 PDU to be decrypted and parsed
pwd the password used to encrypt the PDU
chn an output buffer for all certificates found in the PDU
oid an output buffer for the algorithm ID of the private key
prv an output buffer for the the private key (in the clear or encrypted according to PKCS#8 or PKCS#5)
crl an output buffer for all CRLs found in the PDU
Returns:
0 (success)
1 (parse error)
2 (invalid password)
CDK_ERROR_STATE

_cdkpub int cdk::checkcert ( const str &  certissuer,
const str &  certsubject 
)

Validate one ASN.1 encoded certificate against another.

Parameters:
certissuer the binary ASN.1 encoded certificate of the purported issuer
certsubject the binary ASN.1 encoded certificate to be validated
Returns:
0 (certificate is valid)
CDK_SUBJECT_CERT_EXPIRED
CDK_ISSUER_CERT_EXPIRED
CDK_WRONG_ISSUER_CERT
CDK_ISSUER_CERT_NOT_CA
CDK_CANT_PARSE_SUBJECT_CERT
CDK_CANT_PARSE_ISSUER_CERT
CDK_INVALID_SIGNATURE
CDK_ERROR_STATE

_cdkpub int cdk::checksign ( const str &  cer,
const str &  oidhash,
const str &  msg,
const str &  sig 
)

Validate an ASN.1 encoded digital signature over a specified message.

Parameters:
cer the binary ASN.1 encoded certificate of the purported signer
oidhash the algorithm ID of the message digest function
msg the data that was purportedly signed
sig the binary ASN.1 encoded signature to be validated
Returns:
0 (signature is valid)
CDK_CERT_EXPIRED
CDK_CANT_PARSE_CERT
CDK_INVALID_SIGNATURE
CDK_ERROR_STATE

_cdkpub int cdk::checksignhash ( const str &  cer,
const num &  h,
const str &  sig 
)

Validate an ASN.1 encoded digital signature over a specified hash value.

Parameters:
cer the binary ASN.1 encoded certificate of the purported signer
h the message digest that was purportedly signed
sig the binary ASN.1 encoded signature to be validated
Returns:
0 (signature is valid)
CDK_CERT_EXPIRED
CDK_CANT_PARSE_CERT
CDK_INVALID_SIGNATURE
CDK_ERROR_STATE

_cdkpub str cdk::make_ocsp_req ( const str &  caCert,
const str &  subCert,
const str &  nonce 
)

Create an OCSP request.

Parameters:
caCert issuer certificate
subCert subject certificate whose validity is to be tested
nonce a 16-byte random value
Returns:
a str representation of the request PDU suitable for transmission to an OCSP responder

_cdkpub int cdk::check_ocsp ( const str &  req,
const str &  resp,
asn &  signinfo,
TimeT revTime,
asn &  certs,
asn &  dn 
)

Check an OCSP response.

Parameters:
req the original request
resp the responder's response
sinfo the responder's signature on the response
revTime if certificate has been revoked, the time of revocation
certs 
dn 
Returns:
0 certificate is valid
1 certificate has been revoked
Remarks:
If this function returns 0 or 1, the signature on the response should be checked using check_signinfo().

_cdkpub int cdk::check_signinfo ( const str &  cer,
const str &  signinfo 
)

Check an OCSP response.

Parameters:
req the original request
resp the responder's response
Returns:
0 certificate is valid
1 certificate has been revoked
2 certificate status is unknown (responder is not authoritative for this issuer)
3 protocol error
4 invalid signature on response

_cdkpub str cdk::asn1ber_to_der ( const asn &  ber  ) 

Convert a BER-encoded (indefinite length encoding) to a DER-encoded PDU.

Parameters:
ber a BER-encoded PDU
Returns:
on success, a str containing the DER-encoded PDU
the input str is returned unchanged if it was already DER-encoded or a parsing error occurred.

str cdk::HMAC ( const str &  key,
const str &  msg 
)

Compute an HMAC over a specified message using a specified key.

Parameters:
key the secret shared key
msg the data to be hashed
Returns:
a cdk::str representation of the message digest
Remarks:
HMAC is explicitly instantiated (for those systems whose compilers don't support the template approach) only for SHA-1 and MD5, but the supplied inline source code for this function in hmac.h makes it clear how to instantiate HMAC for other hash functions.

See FIPS 198 and RFC 2104 for details about HMAC.

_cdkpub str cdk::A2O ( const str &  strDotted  ) 

Convert human readable OID's in dotted notation to binary equivalent for encoding.

Parameters:
strDotted is a string like "OID.1.2.3.4" or "1.2.3.4"
Returns:
A CDK string object containing the binary representation of the OID.

_cdkpub str cdk::genkeyp5 ( const str &  pwd,
const str &  salt,
int  iter,
int  n 
)

Generate a (symmetric) key from a password as per PKCS#5.

Parameters:
pwd a pointer to the password
salt the salt value
iter the iteration count (512 or higher is recommended)
n the length of the desired symmetric key in bytes
Returns:
a str containing the symmetric key generated as per PKCS#5

_cdkpub str cdk::genkeyp12 ( const str &  pwd,
const str &  salt,
int  n,
int  iter,
int  id 
)

Generate a (symmetric) key from a password as per PKCS#12.

Parameters:
pwd a pointer to the password
salt the salt value
n the length of the desired symmetric key in bytes
iter the iteration count (1024 or higher is recommended)
id the type of key to generate: 1 = symmetric encryption key, 2 = IV, 3 = MAC
Returns:
a str containing the symmetric key generated as per PKCS#12

_cdkpub int cdk::DSA_GenerateParameters ( const str &  seed,
int  nq,
int  np,
num &  q,
num &  p,
num &  g,
int &  counter,
int  start = 0,
int  h = 2,
int  v = 1 
)

Generate DSA parameters as per FIPS 186-2.

Parameters:
seed a SEED value
nq the length of the desired q value in bits
np length of the desired p value in bits
q num that is to receive the q value (order of g modulo p)
p num that is to receive the p value (a large prime)
g num that is to receive the g value (subgroup generator of order q modulo p)
counter int that is receive the iteration count required to select p
start initial value of the counter
h base value use to select g = h^(p-1)/q; NIST tends to use 2, ISC uses 7.
v flag used to select hash function: 0=SHA, 1=SHA-1
Returns:
0 (success)
CDK_ERROR_STATE
CDK_INVALID_SEED
CDK_INVALID_ALG_PARAMS
CDK_INVALID_ITERATION_COUNT

_cdkpub int cdk::rsadecrypt ( const num &  pq,
const num &  d,
const num &  input,
str &  x 
)

Raises input to the power d, mod pq, and strips pkcs1 padding.

Parameters:
pq the RSA modulus.
d the RSA private exponent
input the value to decrypt
x the output value.
Remarks:
This function will attempt to remove PKCS#1 padding. If the result isn't padded according to PKCS#1 the result is undefined.
Returns:
0 (success)

_cdkpub double cdk::mytime1 (  ) 

Get system time.

Returns:
a double representation of the current high precision system time.

_cdkpub str cdk::getrand1 ( int  n  ) 

Get a str object containing a specified number of pseudorandom bytes.

Parameters:
n the number of random bytes to generate
Returns:
a str with n "low-grade" random bytes
Note:
This function is for internal use only!

_cdkpub str cdk::getrand2 ( int  n  ) 

Get a str object containing a specified number of pseudorandom bytes.

Parameters:
n the number of random bytes to generate
Returns:
a str with n random bytes
Note:
This method creates a temporary PRNG object, calls gens(n), and returns the result.

_cdkpub str cdk::hex ( const char *  hexstr  ) 

Create a str object by parsing a specified string of hex digits.

Parameters:
hexstr a pointer to a buffer containing a null-terminated string of hex digits
Returns:
a str object containing the binary data encoded in hexstr


Variable Documentation

GroupData const DSA_Parms[6]

Several NIST and ISC DSA parameters (see enum DSAParms for array indices).

GroupData const NIST_Curves[15]

Various NIST FIPS 186-2 elliptic curves (see enum NISTCurves for array indices).

GroupData const ANSI_Curves[1]

The ANSI x9.62-J.2.1 elliptic curve over GF(2191).

GroupData const MicrosoftDRM

The elliptic curve used by Microsoft for digital rights management (DRM 2.0).


ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.