 |
High Performance OPC UA Server SDK
1.2.0.193
|
|
High Performance OPC UA Server SDK
1.2.0.193
|
Modules | |
| Certificate Validation Flags | |
| Bitmask values for controlling the verification process of pki_cert_verify. | |
Data Structures | |
| struct | pki_cert_trust_list |
| List of trust list elements (trusted|issuers&certs|crls). More... | |
| struct | pki_cert_verification_result |
| Certificate verification result. More... | |
| struct | pki_cert_identity |
| Holds all information about a certificate issuer or subject. More... | |
| struct | pki_cert_info |
| Holds all additional OPC UA relevant information of a certificate. More... | |
Typedefs | |
| typedef void * | pki_cert |
| X509 certificate handle. More... | |
| typedef void * | pki_crl |
| CRL type. | |
| typedef void * | pki_cert_writer |
| typedef void * | pki_csr_writer |
Enumerations | |
| enum | pki_cert_extension { pki_cert_extension_subject_alt_name = 0, pki_cert_extension_basic_constraints = 1, pki_cert_extension_netscape_comment = 2, pki_cert_extension_subject_key_identifier = 3, pki_cert_extension_authority_key_identifier = 4, pki_cert_extension_key_usage = 5, pki_cert_extension_extended_key_usage = 6 } |
| Identifiers for supported X509 extenstions. | |
Functions | |
| static void | pki_cert_identity_clear (struct pki_cert_identity *id) |
| Release all memory referenced by a pki_cert_identitiy structure. More... | |
| static void | pki_cert_info_clear (struct pki_cert_info *info) |
| Release all memory referenced by a pki_cert_info structure. More... | |
| int | pki_cert_from_der (const unsigned char *der, size_t derlen, pki_cert *cert) |
| Decode a single certificate from DER format. More... | |
| int | pki_cert_verify (size_t cert_len, unsigned char *cert_data, uint32_t verification_flags, struct pki_cert_trust_list *trusted_certs, struct pki_cert_trust_list *trusted_crls, struct pki_cert_trust_list *issuer_certs, struct pki_cert_trust_list *issuer_crls, bool *cert_ok, unsigned int *num_results, struct pki_cert_verification_result *results) |
| Check if certificate is valid (time, signature etc.). More... | |
| int | pki_cert_get_public_key (pki_cert cert, struct crypto_key *key) |
| Get handle to public key of a certificate. More... | |
| int | pki_cert_get_identity (pki_cert cert, unsigned char issuer, struct pki_cert_identity *cert_id) |
| Get issuer or subject information from a certificate. More... | |
| int | pki_cert_get_info (pki_cert cert, struct pki_cert_info *cert_info) |
| Get basic X509 information from a certificate. More... | |
| void | pki_cert_delete (pki_cert *cert) |
| Release handle to certificate. More... | |
| int | pki_cert_split_chain (unsigned char *chain, size_t chain_size, uint32_t *pnum_certs, size_t *cert_lengths, unsigned char **cert_datas) |
| Get start positions of pnum_certs certificates. More... | |
| int | pki_cert_get_extension (pki_cert cert, enum pki_cert_extension ext, unsigned char *val, size_t vallen) |
| Get extension from cert. More... | |
| int | pki_cert_create_selfsigned_der (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, enum crypto_hash_alg sign_alg, unsigned char *der, size_t *derlen) |
| Creates a new cert based on given certificate data and returns it DER encoded. More... | |
| int | pki_cert_create_selfsigned (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, enum crypto_hash_alg sign_alg, pki_cert *cert) |
| Creates a new cert based on given certificate data and returns it in internal format. More... | |
| int | pki_csr_create_der (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, enum crypto_hash_alg sign_alg, unsigned char *der, size_t *derlen) |
| Creates a new certificate signing request based on given certificate data and returns it DER encoded. More... | |
| int | pki_cert_create_casigned_der (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, pki_cert iss_cert, const struct crypto_key *iss_key, enum crypto_hash_alg sign_alg, unsigned char *der, size_t *derlen) |
| Creates a new cert based on given certificate data and returns it DER encoded. More... | |
| int | pki_cert_create_casigned (const struct pki_cert_info *cert_info, const struct pki_cert_identity *sub, const struct crypto_key *sub_key, const pki_cert iss_cert, const struct crypto_key *iss_key, enum crypto_hash_alg sign_alg, pki_cert *cert) |
| Creates a new cert based on given certificate data and returns it in internal format. More... | |
| int | pki_csr_sign (unsigned char *csr_der, size_t csr_derlen, const pki_cert iss_cert, const struct crypto_key *iss_key, struct pki_cert_info *cert_info, enum crypto_hash_alg sign_alg, unsigned char *der, size_t *derlen) |
| Uses the data from the CRS and some additional data to create a new certificate. More... | |
| int | pki_crl_create (pki_crl *crl, uint64_t validity_time, pki_cert iss_cert, uint64_t crl_num) |
| Creates a new Certificate Revocation List. More... | |
| int | pki_crl_to_der (pki_crl crl, unsigned char *crl_der, size_t *crl_der_len) |
| Serializes the revocation list into DER format. More... | |
| int | pki_crl_from_der (pki_crl *crl, const unsigned char *crl_der, size_t crl_der_len) |
| Get Certificate Revocation List from DER encoded ByteString. More... | |
| void | pki_crl_delete (pki_crl *crl) |
| Deletes a Certificate Revocation List and frees it's memory. More... | |
| int | pki_crl_add_cert (pki_crl crl, const char *revoked_cert_serial, time_t revocation_date) |
| Adds a certificate to the Certificate Revocation List. More... | |
| int | pki_crl_sign (pki_crl crl, struct crypto_key *iss_key, enum crypto_hash_alg sign_alg) |
| Signs a Certificate Revocation List. More... | |
| int | pki_crl_get_number (pki_crl crl, uint64_t *crl_number) |
| Returns the number of the crl. More... | |
| int | pki_crl_get_seconds_until_update (pki_crl crl, int64_t *seconds_until_update) |
| Returns number of seconds until the next update. | |
| int | pki_csr_set_subject_alt_name (mbedtls_x509write_csr *ctx, const struct pki_cert_info *cert_info) |
| int | pki_cert_set_subject_alt_name (mbedtls_x509write_cert *ctx, const struct pki_cert_info *cert_info) |
| int | pki_cert_create_time_strings (time_t begin, time_t end, char *not_before, char *not_after) |
| int | pki_cert_create_identity_string (const struct pki_cert_identity *id, char *name, size_t namelen) |
| int | pki_cert_writer_encode_der (pki_cert_writer cert_writer, unsigned char *der, size_t *derlen) |
| void | pki_cert_writer_delete (pki_cert_writer *cert_writer) |
| typedef void* pki_cert |
X509 certificate handle.
| int pki_cert_create_casigned | ( | const struct pki_cert_info * | cert_info, |
| const struct pki_cert_identity * | sub, | ||
| const struct crypto_key * | sub_key, | ||
| const pki_cert | iss_cert, | ||
| const struct crypto_key * | iss_key, | ||
| enum crypto_hash_alg | sign_alg, | ||
| pki_cert * | cert | ||
| ) |
Creates a new cert based on given certificate data and returns it in internal format.
| cert_info | UA Application information. |
| sub | The identity of the cert owner. |
| sub_key | The key pair of the cert. The public key part will be stored in the cert. |
| iss_cert | The issuer certificate. (not required if self signed) |
| iss_key | The key pair of the issuer. (own key if self signed). |
| sign_alg | Set the algorithm to be used for signing the new certificate. |
| cert | The created certificate in internal format. |
| int pki_cert_create_casigned_der | ( | const struct pki_cert_info * | cert_info, |
| const struct pki_cert_identity * | sub, | ||
| const struct crypto_key * | sub_key, | ||
| pki_cert | iss_cert, | ||
| const struct crypto_key * | iss_key, | ||
| enum crypto_hash_alg | sign_alg, | ||
| unsigned char * | der, | ||
| size_t * | derlen | ||
| ) |
Creates a new cert based on given certificate data and returns it DER encoded.
| cert_info | UA Application information. |
| sub | The identity of the cert owner. |
| sub_key | The key pair of the cert. The public key part will be stored in the cert. |
| iss_cert | The issuer certificate. (not required if self signed) |
| iss_key | The key pair of the issuer. (sub_key if self signed). |
| sign_alg | Set the algorithm to be used for signing the new certificate. |
| der | Buffer to encode the certificate into. |
| derlen | Length of the destination buffer; used size on return. |
| int pki_cert_create_selfsigned | ( | const struct pki_cert_info * | cert_info, |
| const struct pki_cert_identity * | sub, | ||
| const struct crypto_key * | sub_key, | ||
| enum crypto_hash_alg | sign_alg, | ||
| pki_cert * | cert | ||
| ) |
Creates a new cert based on given certificate data and returns it in internal format.
| cert_info | UA Application information. |
| sub | The identity of the cert owner. |
| sub_key | The key pair of the cert. The public key part will be stored in the cert. |
| sign_alg | Set the algorithm to be used for signing the new certificate. |
| cert | The created certificate in internal format. |
| int pki_cert_create_selfsigned_der | ( | const struct pki_cert_info * | cert_info, |
| const struct pki_cert_identity * | sub, | ||
| const struct crypto_key * | sub_key, | ||
| enum crypto_hash_alg | sign_alg, | ||
| unsigned char * | der, | ||
| size_t * | derlen | ||
| ) |
Creates a new cert based on given certificate data and returns it DER encoded.
| cert_info | UA Application information. |
| sub | The identity of the cert owner. |
| sub_key | The key pair of the cert. The public key part will be stored in the cert. |
| sign_alg | Set the algorithm to be used for signing the new certificate. |
| der | Buffer to encode the certificate into. |
| derlen | Length of the destination buffer; used size on return. |
| void pki_cert_delete | ( | pki_cert * | cert | ) |
Release handle to certificate.
| cert | Certificate handle to release. |
| int pki_cert_from_der | ( | const unsigned char * | der, |
| size_t | derlen, | ||
| pki_cert * | cert | ||
| ) |
Decode a single certificate from DER format.
| der | Buffer containing a DER encoded certificate. |
| derlen | Length of one encoded certificate in the buffer. |
| cert | Handle to the decoded certificate. |
| int pki_cert_get_extension | ( | pki_cert | cert, |
| enum pki_cert_extension | ext, | ||
| unsigned char * | val, | ||
| size_t | vallen | ||
| ) |
Get extension from cert.
| cert | The cert to use. |
| ext | The cert extension to get. |
| val | Place to store the value of the specified extension. |
| vallen | Length of the value buffer. |
| int pki_cert_get_identity | ( | pki_cert | cert, |
| unsigned char | issuer, | ||
| struct pki_cert_identity * | cert_id | ||
| ) |
Get issuer or subject information from a certificate.
| cert | The cert to use. |
| issuer | Set to 0 to get subject information, else issuer information. |
| cert_id | Pointer to structure for storing the identity information. Contents must be freed. |
| int pki_cert_get_info | ( | pki_cert | cert, |
| struct pki_cert_info * | cert_info | ||
| ) |
Get basic X509 information from a certificate.
| cert | The cert to extract the data from. |
| cert_info | Pointer to structure for storing the certificate information. Contents must be freed. |
| int pki_cert_get_public_key | ( | pki_cert | cert, |
| struct crypto_key * | key | ||
| ) |
Get handle to public key of a certificate.
The key becomes invalid when the certificate is released.
| cert | Handle of the certificate. |
| key | Pointer to the key handle memory. |
|
inlinestatic |
Release all memory referenced by a pki_cert_identitiy structure.
|
inlinestatic |
Release all memory referenced by a pki_cert_info structure.
| int pki_cert_split_chain | ( | unsigned char * | chain, |
| size_t | chain_size, | ||
| uint32_t * | pnum_certs, | ||
| size_t * | cert_lengths, | ||
| unsigned char ** | cert_datas | ||
| ) |
Get start positions of pnum_certs certificates.
The array certs should be long enough to hold the number of expected certificates.
| chain | Buffer containing one or more encoded certificates. |
| chain_size | Number of bytes in chain. |
| pnum_certs | Number of certs elements before call, number of used certs after call. |
| cert_lengths | Array of sizes to store the lengths of the chain elements. |
| cert_datas | Array of pointers to store the starting positions of the chain elements. |
| int pki_cert_verify | ( | size_t | cert_len, |
| unsigned char * | cert_data, | ||
| uint32_t | verification_flags, | ||
| struct pki_cert_trust_list * | trusted_certs, | ||
| struct pki_cert_trust_list * | trusted_crls, | ||
| struct pki_cert_trust_list * | issuer_certs, | ||
| struct pki_cert_trust_list * | issuer_crls, | ||
| bool * | cert_ok, | ||
| unsigned int * | num_results, | ||
| struct pki_cert_verification_result * | results | ||
| ) |
Check if certificate is valid (time, signature etc.).
| cert_len | Length in bytes of cert_data. |
| cert_data | Array containing the DER encoded certificate to be verified. |
| verification_flags | Bit mask of verification control flags (see ). |
| trusted_certs | Set of trusted application instance certificate and issuer certificates. |
| trusted_crls | Set of trusted issuer CRLs. |
| issuer_certs | Set of untrusted issuer certificates for chain completion. |
| issuer_crls | Set of untrusted issuer CRLs. |
| cert_ok | General verification result on return. |
| num_results | Size of array results; number of used elements on return. |
| results | Preallocated array for storing validation results. |
| int pki_crl_add_cert | ( | pki_crl | crl, |
| const char * | revoked_cert_serial, | ||
| time_t | revocation_date | ||
| ) |
Adds a certificate to the Certificate Revocation List.
| crl | The CRL to use. |
| revoked_cert_serial | Serial number of the certificate to revoke. |
| revocation_date | The revocation date to set. |
Creates a new Certificate Revocation List.
| crl | A pointer to a variable to store a pointer to the created CRL. |
| validity_time | Time from now in seconds until a new CRL will be created. |
| iss_cert | The issuer of the CRL (only subject name is used for CRL creation). |
| crl_num | The consecutive number of the CRL; gets incremented everytime the CLR is signed. |
| void pki_crl_delete | ( | pki_crl * | crl | ) |
Deletes a Certificate Revocation List and frees it's memory.
| crl | A pointer to a variable that points to a struct pki_crl. |
| int pki_crl_from_der | ( | pki_crl * | crl, |
| const unsigned char * | crl_der, | ||
| size_t | crl_der_len | ||
| ) |
Get Certificate Revocation List from DER encoded ByteString.
| crl_der | The byte string containing the DER encoded CRL. |
| crl_der | The DER encoded CRL. |
| crl_der_len | Length of crl_der in bytes. |
| int pki_crl_get_number | ( | pki_crl | crl, |
| uint64_t * | crl_number | ||
| ) |
Returns the number of the crl.
| crl | The CRL. |
| crl_number | Location where the CRL number is stored. |
| int pki_crl_sign | ( | pki_crl | crl, |
| struct crypto_key * | iss_key, | ||
| enum crypto_hash_alg | sign_alg | ||
| ) |
Signs a Certificate Revocation List.
| crl | The CRL to sign. |
| iss_key | The key pair used to sign the CRL. |
| sign_alg | Identifier for the signing algorithm. |
| int pki_crl_to_der | ( | pki_crl | crl, |
| unsigned char * | crl_der, | ||
| size_t * | crl_der_len | ||
| ) |
Serializes the revocation list into DER format.
| crl | The CRL to encode. |
| crl_der | The memory to store the CRL in. |
| crl_der_len | Length of crl_pem before and after the operation. |
| int pki_csr_create_der | ( | const struct pki_cert_info * | cert_info, |
| const struct pki_cert_identity * | sub, | ||
| const struct crypto_key * | sub_key, | ||
| enum crypto_hash_alg | sign_alg, | ||
| unsigned char * | der, | ||
| size_t * | derlen | ||
| ) |
Creates a new certificate signing request based on given certificate data and returns it DER encoded.
| cert_info | UA Application information. |
| sub | The identity of the cert owner. |
| sub_key | The key pair of the cert. The public key part will be stored in the cert. |
| sign_alg | Set the algorithm to be used for signing the new certificate. |
| der | Buffer to encode the certificate into. |
| derlen | Length of the destination buffer; used size on return. |
| int pki_csr_sign | ( | unsigned char * | csr_der, |
| size_t | csr_derlen, | ||
| const pki_cert | iss_cert, | ||
| const struct crypto_key * | iss_key, | ||
| struct pki_cert_info * | cert_info, | ||
| enum crypto_hash_alg | sign_alg, | ||
| unsigned char * | der, | ||
| size_t * | derlen | ||
| ) |
Uses the data from the CRS and some additional data to create a new certificate.
| csr_der | DER encoded certificate signing request. |
| csr_derlen | Length in bytes of csr_der. |
| iss_cert | Issuer certificate. |
| iss_key | Issuer private key used to sign the certificate. |
| cert_info | Contains validity time and serial number; remaining information taken from CSR. |
| sign_alg | Algorithm used to sign the new certificate. |
| der | Pointer to memory where the new certificate will be stored in DER format. |
| derlen | The size in bytes of the destination buffer at "der". |