|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_add_attr
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_add_attr}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_add_attr} (gnutls_pkcs7_attrs_t * @var{list}, const char * @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags})
|
|
Packit |
aea12f |
@var{list}: A list of existing attributes or pointer to @code{NULL} for the first one
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{oid}: the OID of the attribute to be set
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: the raw (DER-encoded) data of the attribute to be set
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero or @code{GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set a PKCS @code{7} attribute in the provided list.
|
|
Packit |
aea12f |
If this function fails, the previous list would be deallocated.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that any attributes set with this function must either be
|
|
Packit |
aea12f |
DER or BER encoded, unless a special flag is present.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, the new list head, otherwise @code{NULL} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_attrs_deinit
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_attrs_deinit}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_pkcs7_attrs_deinit} (gnutls_pkcs7_attrs_t @var{list})
|
|
Packit |
aea12f |
@var{list}: A list of existing attributes
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will clear a PKCS @code{7} attribute list.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_deinit
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_deinit}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7})
|
|
Packit |
aea12f |
@var{pkcs7}: the type to be deinitialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize a PKCS7 type.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_delete_crl
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_delete_crl}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{indx}: the index of the crl to delete
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will delete a crl from a PKCS7 or RFC2630 crl set.
|
|
Packit |
aea12f |
Index starts from 0. Returns 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_delete_crt
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_delete_crt}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{indx}: the index of the certificate to delete
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will delete a certificate from a PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set. Index starts from 0. Returns 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_export
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_export}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: the format of output params. One of PEM or DER.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{output_data}: will contain a structure PEM or DER encoded
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{output_data_size}: holds the size of output_data (and will be
|
|
Packit |
aea12f |
replaced by the actual size of parameters)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the pkcs7 structure to DER or PEM format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the buffer provided is not long enough to hold the output, then
|
|
Packit |
aea12f |
* @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}
|
|
Packit |
aea12f |
will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the structure is PEM encoded, it will have a header
|
|
Packit |
aea12f |
of "BEGIN PKCS7".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_export2
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_export2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_export2} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: the format of output params. One of PEM or DER.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{out}: will contain a structure PEM or DER encoded
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the pkcs7 structure to DER or PEM format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output buffer is allocated using @code{gnutls_malloc()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the structure is PEM encoded, it will have a header
|
|
Packit |
aea12f |
of "BEGIN PKCS7".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_attr
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_attr}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_attr} (gnutls_pkcs7_attrs_t @var{list}, unsigned @var{idx}, char ** @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags})
|
|
Packit |
aea12f |
@var{list}: A list of existing attributes or @code{NULL} for the first one
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{idx}: the index of the attribute to get
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{oid}: the OID of the attribute (read-only)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: the raw data of the attribute
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero or @code{GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will get a PKCS @code{7} attribute from the provided list.
|
|
Packit |
aea12f |
The OID is a constant string, but data will be allocated and must be
|
|
Packit |
aea12f |
deinitialized by the caller.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned
|
|
Packit |
aea12f |
if there are no data in the current index.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_crl_count
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_crl_count}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the number of certificates in the PKCS7
|
|
Packit |
aea12f |
or RFC2630 crl set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_crl_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_crl_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{crl}, size_t * @var{crl_size})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{indx}: contains the index of the crl to extract
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crl}: the contents of the crl will be copied there (may be null)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crl_size}: should hold the size of the crl
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a crl of the PKCS7 or RFC2630 crl set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value. If the provided buffer is not long enough,
|
|
Packit |
aea12f |
then @code{crl_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is
|
|
Packit |
aea12f |
returned. After the last crl has been read
|
|
Packit |
aea12f |
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_crl_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_crl_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_crl_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{crl})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{indx}: contains the index of the crl to extract
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crl}: will contain the contents of the CRL in an allocated buffer
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a DER encoded CRL of the PKCS7 or RFC2630 crl set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value. After the last crl has been read
|
|
Packit |
aea12f |
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_crt_count
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_crt_count}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the number of certificates in the PKCS7
|
|
Packit |
aea12f |
or RFC2630 certificate set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, a positive number is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_crt_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_crt_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{certificate}, size_t * @var{certificate_size})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a gnutls_pkcs7_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{indx}: contains the index of the certificate to extract
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{certificate}: the contents of the certificate will be copied
|
|
Packit |
aea12f |
there (may be null)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{certificate_size}: should hold the size of the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a certificate of the PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
After the last certificate has been read
|
|
Packit |
aea12f |
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value. If the provided buffer is not long enough,
|
|
Packit |
aea12f |
then @code{certificate_size} is updated and
|
|
Packit |
aea12f |
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_crt_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_crt_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_crt_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{cert})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a gnutls_pkcs7_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{indx}: contains the index of the certificate to extract
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{cert}: will hold the contents of the certificate; must be deallocated with @code{gnutls_free()}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a certificate of the PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
After the last certificate has been read
|
|
Packit |
aea12f |
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value. If the provided buffer is not long enough,
|
|
Packit |
aea12f |
then @code{certificate_size} is updated and
|
|
Packit |
aea12f |
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_embedded_data
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_embedded_data}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_embedded_data} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{flags}, gnutls_datum_t * @var{data})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a gnutls_pkcs7_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be zero or @code{GNUTLS_PKCS7_EDATA_GET_RAW}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: will hold the embedded data in the provided structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the data embedded in the signature of
|
|
Packit |
aea12f |
the PKCS7 structure. If no data are available then
|
|
Packit |
aea12f |
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The returned data must be de-allocated using @code{gnutls_free()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note, that this function returns the exact same data that are
|
|
Packit |
aea12f |
authenticated. If the @code{GNUTLS_PKCS7_EDATA_GET_RAW} flag is provided,
|
|
Packit |
aea12f |
the returned data will be including the wrapping tag/value as
|
|
Packit |
aea12f |
they are encoded in the structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.8
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_embedded_data_oid
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_embedded_data_oid}
|
|
Packit |
aea12f |
@deftypefun {const char *} {gnutls_pkcs7_get_embedded_data_oid} (gnutls_pkcs7_t @var{pkcs7})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a gnutls_pkcs7_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the OID of the data embedded in the signature of
|
|
Packit |
aea12f |
the PKCS7 structure. If no data are available then @code{NULL} will be
|
|
Packit |
aea12f |
returned. The returned value will be valid during the lifetime
|
|
Packit |
aea12f |
of the @code{pkcs7} structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, a pointer to an OID string, @code{NULL} on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.5.5
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_signature_count
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_signature_count}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_signature_count} (gnutls_pkcs7_t @var{pkcs7})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the number of signatures in the PKCS7
|
|
Packit |
aea12f |
structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, a positive number is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_get_signature_info
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_get_signature_info}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_get_signature_info} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_pkcs7_signature_info_st * @var{info})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{idx}: the index of the signature info to check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{info}: will contain the output signature
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return information about the signature identified
|
|
Packit |
aea12f |
by idx in the provided PKCS @code{7} structure. The information should be
|
|
Packit |
aea12f |
deinitialized using @code{gnutls_pkcs7_signature_info_deinit()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_import
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_import}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
|
|
Packit |
aea12f |
@var{pkcs7}: The data to store the parsed PKCS7.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The DER or PEM encoded PKCS7.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: One of DER or PEM
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given DER or PEM encoded PKCS7 to
|
|
Packit |
aea12f |
the native @code{gnutls_pkcs7_t} format. The output will be stored in
|
|
Packit |
aea12f |
@code{pkcs7} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the PKCS7 is PEM encoded it should have a header of "PKCS7".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_init
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_init}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7})
|
|
Packit |
aea12f |
@var{pkcs7}: A pointer to the type to be initialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will initialize a PKCS7 structure. PKCS7 structures
|
|
Packit |
aea12f |
usually contain lists of X.509 Certificates and X.509 Certificate
|
|
Packit |
aea12f |
revocation lists.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_print
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_print}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_print} (gnutls_pkcs7_t @var{pkcs7}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
|
|
Packit |
aea12f |
@var{pkcs7}: The PKCS7 struct to be printed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: Indicate the format to use
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{out}: Newly allocated datum with null terminated string.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will pretty print a signed PKCS @code{7} structure, suitable for
|
|
Packit |
aea12f |
display to a human.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Currently the supported formats are @code{GNUTLS_CRT_PRINT_FULL} and
|
|
Packit |
aea12f |
@code{GNUTLS_CRT_PRINT_COMPACT} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output @code{out} needs to be deallocated using @code{gnutls_free()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
@subheading gnutls_pkcs7_print_signature_info
|
|
Packit Service |
991b93 |
@anchor{gnutls_pkcs7_print_signature_info}
|
|
Packit Service |
991b93 |
@deftypefun {int} {gnutls_pkcs7_print_signature_info} (gnutls_pkcs7_signature_info_st * @var{info}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
|
|
Packit Service |
991b93 |
@var{info}: The PKCS7 signature info struct to be printed
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
@var{format}: Indicate the format to use
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
@var{out}: Newly allocated datum with null terminated string.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
This function will pretty print a PKCS @code{7} signature info structure, suitable
|
|
Packit Service |
991b93 |
for display to a human.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
Currently the supported formats are @code{GNUTLS_CRT_PRINT_FULL} and
|
|
Packit Service |
991b93 |
@code{GNUTLS_CRT_PRINT_COMPACT} .
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
The output @code{out} needs to be deallocated using @code{gnutls_free()} .
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
991b93 |
negative error value.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
@strong{Since:} 3.6.14
|
|
Packit Service |
991b93 |
@end deftypefun
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_set_crl
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_set_crl}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crl}: the DER encoded crl to be added
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a parsed CRL to the PKCS7 or RFC2630 crl
|
|
Packit |
aea12f |
set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_set_crl_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_set_crl_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crl}: the DER encoded crl to be added
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a crl to the PKCS7 or RFC2630 crl set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_set_crt
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_set_crt}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: the certificate to be copied.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a parsed certificate to the PKCS7 or
|
|
Packit |
aea12f |
RFC2630 certificate set. This is a wrapper function over
|
|
Packit |
aea12f |
@code{gnutls_pkcs7_set_crt_raw()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_set_crt_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_set_crt_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt})
|
|
Packit |
aea12f |
@var{pkcs7}: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: the DER encoded certificate to be added
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a certificate to the PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_sign
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_sign}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_sign} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, gnutls_privkey_t @var{signer_key}, const gnutls_datum_t * @var{data}, gnutls_pkcs7_attrs_t @var{signed_attrs}, gnutls_pkcs7_attrs_t @var{unsigned_attrs}, gnutls_digest_algorithm_t @var{dig}, unsigned @var{flags})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signer}: the certificate to sign the structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signer_key}: the key to sign the structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The data to be signed or @code{NULL} if the data are already embedded
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signed_attrs}: Any additional attributes to be included in the signed ones (or @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{unsigned_attrs}: Any additional attributes to be included in the unsigned ones (or @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{dig}: The digest algorithm to use for signing
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Should be zero or one of @code{GNUTLS_PKCS7} flags
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a signature in the provided PKCS @code{7} structure
|
|
Packit |
aea12f |
for the provided data. Multiple signatures can be made with different
|
|
Packit |
aea12f |
signers.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The available flags are:
|
|
Packit |
aea12f |
@code{GNUTLS_PKCS7_EMBED_DATA} , @code{GNUTLS_PKCS7_INCLUDE_TIME} , @code{GNUTLS_PKCS7_INCLUDE_CERT} ,
|
|
Packit |
aea12f |
and @code{GNUTLS_PKCS7_WRITE_SPKI} . They are explained in the @code{gnutls_pkcs7_sign_flags}
|
|
Packit |
aea12f |
definition.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_signature_info_deinit
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_signature_info_deinit}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_pkcs7_signature_info_deinit} (gnutls_pkcs7_signature_info_st * @var{info})
|
|
Packit |
aea12f |
@var{info}: should point to a @code{gnutls_pkcs7_signature_info_st} structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize any allocated value in the
|
|
Packit |
aea12f |
provided @code{gnutls_pkcs7_signature_info_st} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_verify
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_verify}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_verify} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_trust_list_t @var{tl}, gnutls_typed_vdata_st * @var{vdata}, unsigned int @var{vdata_size}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{tl}: A list of trusted certificates
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{vdata}: an array of typed data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{vdata_size}: the number of data elements
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{idx}: the index of the signature info to check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The data to be verified or @code{NULL}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify the provided data against the signature
|
|
Packit |
aea12f |
present in the SignedData of the PKCS @code{7} structure. If the data
|
|
Packit |
aea12f |
provided are NULL then the data in the encapsulatedContent field
|
|
Packit |
aea12f |
will be used instead.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value. A verification error results to a
|
|
Packit |
aea12f |
@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data
|
|
Packit |
aea12f |
to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pkcs7_verify_direct
|
|
Packit |
aea12f |
@anchor{gnutls_pkcs7_verify_direct}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pkcs7_verify_direct} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags})
|
|
Packit |
aea12f |
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signer}: the certificate believed to have signed the structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{idx}: the index of the signature info to check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The data to be verified or @code{NULL}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify the provided data against the signature
|
|
Packit |
aea12f |
present in the SignedData of the PKCS @code{7} structure. If the data
|
|
Packit |
aea12f |
provided are NULL then the data in the encapsulatedContent field
|
|
Packit |
aea12f |
will be used instead.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that, unlike @code{gnutls_pkcs7_verify()} this function does not
|
|
Packit |
aea12f |
verify the key purpose of the signer. It is expected for the caller
|
|
Packit |
aea12f |
to verify the intended purpose of the @code{signer} -e.g., via @code{gnutls_x509_crt_get_key_purpose_oid()} ,
|
|
Packit |
aea12f |
or @code{gnutls_x509_crt_check_key_purpose()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note also, that since GnuTLS 3.5.6 this function introduces checks in the
|
|
Packit |
aea12f |
end certificate ( @code{signer} ), including time checks and key usage checks.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value. A verification error results to a
|
|
Packit |
aea12f |
@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data
|
|
Packit |
aea12f |
to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.2
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|