Functions
int	lc_x509_cert_encode (const struct lc_x509_certificate x509, uint8_t data, size_t *avail_datalen)
	Encode an X.509 certificate.
int	lc_x509_sk_encode (const struct lc_x509_key_data gendata, uint8_t data, size_t *avail_datalen)
	Encode a private key DER structure.
int	lc_x509_get_signature_size_from_sk (size_t siglen, const struct lc_x509_key_data keys)
	Return signature size derived from private key information.
int	lc_x509_get_signature_size_from_cert (size_t siglen, const struct lc_x509_certificate cert)
	Return signature size derived from certificate information.
int	lc_x509_signature_gen (uint8_t sig_data, size_t siglen, const struct lc_x509_key_data keys, const uint8_t m, size_t mlen, const struct lc_hash *prehash_algo)
	Generate signature over user-supplied data.
int	lc_x509_keypair_gen (struct lc_x509_certificate cert, struct lc_x509_key_data keys, enum lc_sig_types create_keypair_algo)
	Generate keypair and set it to the X.509 certificate.
int	lc_x509_keypair_load (struct lc_x509_certificate cert, const struct lc_x509_key_data keys)
	Load key pair it to the X.509 certificate.
int	lc_x509_cert_set_signer (struct lc_x509_certificate signed_x509, const struct lc_x509_key_data signer_key_data, const struct lc_x509_certificate *signer_x509)
	Set the signer X.509 certificate for a X.509 certificate.
int	lc_x509_cert_set_eku (struct lc_x509_certificate cert, const char name)
	Set the extended key usage from human readable form.
int	lc_x509_cert_set_eku_val (struct lc_x509_certificate *cert, uint16_t val)
	Set the extended key usage in integer form.
int	lc_x509_cert_set_keyusage (struct lc_x509_certificate cert, const char name)
	Set the key usage from human readable form.
int	lc_x509_cert_set_keyusage_val (struct lc_x509_certificate *cert, uint16_t val)
	Set the key usage in integer form.
int	lc_x509_cert_set_ca (struct lc_x509_certificate *cert)
	Mark the certificate to bear the basicConstraint CA.
int	lc_x509_cert_set_san_dns (struct lc_x509_certificate cert, const char san_dns_name)
	Get the SAN DNS name.
int	lc_x509_cert_set_san_ip (struct lc_x509_certificate cert, const uint8_t san_ip, size_t san_ip_len)
	Get the SAN IP value.
int	lc_x509_enc_san_ip (struct lc_x509_certificate cert, char ip_name, uint8_t ip, size_t ip_len)
	Helper to convert the human IP address value into binary form.
int	lc_x509_cert_set_skid (struct lc_x509_certificate cert, const uint8_t skid, size_t skidlen)
	Set the SKID value.
int	lc_x509_cert_set_akid (struct lc_x509_certificate cert, const uint8_t akid, size_t akidlen)
	Set the AKID value.
int	lc_x509_cert_set_valid_from (struct lc_x509_certificate *cert, time64_t time_since_epoch)
	Set the valid-from data to the certificate.
int	lc_x509_cert_set_valid_to (struct lc_x509_certificate *cert, time64_t time_since_epoch)
	Set the valid-to data to the certificate.
int	lc_x509_cert_set_subject_cn (struct lc_x509_certificate cert, const char string, size_t len)
	Set the subject CN field tp the certificate.
int	lc_x509_cert_set_subject_email (struct lc_x509_certificate cert, const char string, size_t len)
	Set the subject email field tp the certificate.
int	lc_x509_cert_set_subject_ou (struct lc_x509_certificate cert, const char string, size_t len)
	Set the subject OU field tp the certificate.
int	lc_x509_cert_set_subject_o (struct lc_x509_certificate cert, const char string, size_t len)
	Set the subject O field tp the certificate.
int	lc_x509_cert_set_subject_st (struct lc_x509_certificate cert, const char string, size_t len)
	Set the subject ST field tp the certificate.
int	lc_x509_cert_set_subject_c (struct lc_x509_certificate cert, const char string, size_t len)
	Set the subject C field tp the certificate.
int	lc_x509_cert_set_issuer_cn (struct lc_x509_certificate cert, const char string, size_t len)
	Set the issuer CN field tp the certificate.
int	lc_x509_cert_set_issuer_email (struct lc_x509_certificate cert, const char string, size_t len)
	Set the issuer email field tp the certificate.
int	lc_x509_cert_set_issuer_ou (struct lc_x509_certificate cert, const char string, size_t len)
	Set the issuer OU field tp the certificate.
int	lc_x509_cert_set_issuer_o (struct lc_x509_certificate cert, const char string, size_t len)
	Set the issuer O field tp the certificate.
int	lc_x509_cert_set_issuer_st (struct lc_x509_certificate cert, const char string, size_t len)
	Set the issuer ST field tp the certificate.
int	lc_x509_cert_set_issuer_c (struct lc_x509_certificate cert, const char string, size_t len)
	Set the issuer C field tp the certificate.
int	lc_x509_cert_set_serial (struct lc_x509_certificate cert, const uint8_t serial, size_t serial_len)
	Set the serial number of the certificate.
int	lc_x509_pkey_name_to_algorithm (const char name, enum lc_sig_types pkey_algo)
	Helper to convert the human readable name of a public key algorithm to its internal representation.
int	lc_x509_name_to_hash (const char hash_name, const struct lc_hash *hash_algo)
	Helper to convert the human readable name of a hash algorithm to its internal representation.
int	lc_x509_hash_to_name (const struct lc_hash hash_algo, const char *hash_name)
	Helper to convert the internal representation of a hash algorithm to its human readable form.
int	lc_x509_name_to_keyusage (const char name, uint16_t keyusage)
	Helper to convert the human readable name of a keyusage to its internal representation.
int	lc_x509_name_to_eku (const char name, uint16_t eku)
	Helper to convert the human readable name of a EKU to its internal representation.

Detailed Description

Concept of X.509 certificate generate handling in leancrypto

The leancrypto library provides an X.509 generator which can create X.509 certificates. The generator does not enforce any X.509 limitations and thus allows the caller to generate any combination of field offered by the X.509 specification. To appropriately use the X.509 parser, please consider the following rules:

The generated X.509 data blob is independent of the original X.509 certificate data structure.
The generator does not allocate any memory. All memory MUST be provided by the caller. Thus, if the caller provides insufficient memory, the generator will return -EOVERFLOW.
Before invoking the X.509 generator, the caller must allocate an lc_x509_certificate data structure (e.g. on stack) and fill it with the numerous setter functions to add data.

Function Documentation

◆ lc_x509_cert_encode()

int lc_x509_cert_encode	(	const struct lc_x509_certificate *	x509,
		uint8_t *	data,
		size_t *	avail_datalen )

Encode an X.509 certificate.

The function generates an X.509 data blob from the filled X.509 data structure.

This function also performs the signature generation to sign the X.509 data with the provided signer.

Parameters

[in]	x509	The data structure that is filled by the caller before this invocation using the various setter functions.
[in,out]	data	Raw X.509 data blob in DER / BER format - the caller must provide the memory
[in,out]	avail_datalen	Length of the raw X.509 certificate buffer that is free (the input value must be equal to the `data` buffer size, the output refers to how many bytes are unused)

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_akid()

int lc_x509_cert_set_akid	(	struct lc_x509_certificate *	cert,
		const uint8_t *	akid,
		size_t	akidlen )

Set the AKID value.

Note: The caller must keep the input data available for the lifetime of cert.; If the certificate to be generated is marked as a CA certificate and no AKID is set, the AKID is set to be identical to the SKID.; If a signer of a certificate is set, its SKID is used as AKID.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	akid	Binary representation of AKID
[in]	akidlen	length of the AKID buffer

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_ca()

int lc_x509_cert_set_ca ( struct lc_x509_certificate * cert )

Mark the certificate to bear the basicConstraint CA.

Note: This call also sets the issuer name components in the cert based on the subject data. Thus, when invoking this call, ensure that all name components in cert are properly set. If this cannot be guaranteed, the issuer information needs to be set with a sequence of lc_x509_cert_set_issuer_*(cert).

Parameters

[in] cert Certificate data structure to be filled with the data

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_eku()

int lc_x509_cert_set_eku	(	struct lc_x509_certificate *	cert,
		const char *	name )

Set the extended key usage from human readable form.

The service function can be called repeadetly to set all intended EKU flags.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	name	Human readable string (any wrong string will create the list of allowed strings on stdout)

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_eku_val()

int lc_x509_cert_set_eku_val	(	struct lc_x509_certificate *	cert,
		uint16_t	val )

Set the extended key usage in integer form.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	val	EKU value holding the LC_KEY_EKU_* flags

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_issuer_c()

int lc_x509_cert_set_issuer_c	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the issuer C field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_issuer_cn()

int lc_x509_cert_set_issuer_cn	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the issuer CN field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_issuer_email()

int lc_x509_cert_set_issuer_email	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the issuer email field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_issuer_o()

int lc_x509_cert_set_issuer_o	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the issuer O field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_issuer_ou()

int lc_x509_cert_set_issuer_ou	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the issuer OU field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_issuer_st()

int lc_x509_cert_set_issuer_st	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the issuer ST field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_keyusage()

int lc_x509_cert_set_keyusage	(	struct lc_x509_certificate *	cert,
		const char *	name )

Set the key usage from human readable form.

The service function can be called repeadetly to set all intended key usage flags.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	name	Human readable string (any wrong string will craete the list of allowed strings on stdout)

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_keyusage_val()

int lc_x509_cert_set_keyusage_val	(	struct lc_x509_certificate *	cert,
		uint16_t	val )

Set the key usage in integer form.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[out]	val	key usage value holding the LC_KEY_USAGE_* flags

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_san_dns()

int lc_x509_cert_set_san_dns	(	struct lc_x509_certificate *	cert,
		const char *	san_dns_name )

Get the SAN DNS name.

Note: The caller must keep the input data available for the lifetime of cert.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	san_dns_name	SAN DNS name to add to the certificate

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_san_ip()

int lc_x509_cert_set_san_ip	(	struct lc_x509_certificate *	cert,
		const uint8_t *	san_ip,
		size_t	san_ip_len )

Get the SAN IP value.

Note: The caller must keep the input data available for the lifetime of cert.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	san_ip	Binary representation of IP address
[in]	san_ip_len	Length of the IP address buffer

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_serial()

int lc_x509_cert_set_serial	(	struct lc_x509_certificate *	cert,
		const uint8_t *	serial,
		size_t	serial_len )

Set the serial number of the certificate.

Note: The caller must keep the input data available for the lifetime of cert.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	serial	Binary representation of serial number
[in]	serial_len	Length of the serial number

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_signer()

int lc_x509_cert_set_signer	(	struct lc_x509_certificate *	signed_x509,
		const struct lc_x509_key_data *	signer_key_data,
		const struct lc_x509_certificate *	signer_x509 )

Set the signer X.509 certificate for a X.509 certificate.

Note: This call also sets the issuer name components in the signed_x509 from the signer_x509. Thus, when invoking this call, ensure that all name components in signer_x509 are properly set. If this cannot be guaranteed, the issuer information needs to be set with a sequence of lc_x509_cert_get_subject_*(signer_x509) and lc_x509_cert_set_issuer_*(signed_x509).

Parameters

[out]	signed_x509	Signed X.509 certificate data structure to be filled
[in]	signer_key_data	Buffer that holds the loaded key data where the buffer must have the same lifetime as `signer_x509`
[in]	signer_x509	Signer X.509 certificate data that shall sign the `signed_x509`

Returns: 0 on success, < 0 on error

◆ lc_x509_cert_set_skid()

int lc_x509_cert_set_skid	(	struct lc_x509_certificate *	cert,
		const uint8_t *	skid,
		size_t	skidlen )

Set the SKID value.

Note: The caller must keep the input data available for the lifetime of cert.; If no SKID is set by the caller, leancrypto generates the SHA3-256 hash of the public key as an SKID.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	skid	Binary representation of SKID
[in]	skidlen	length of the SKID buffer

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_subject_c()

int lc_x509_cert_set_subject_c	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the subject C field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_subject_cn()

int lc_x509_cert_set_subject_cn	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the subject CN field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_subject_email()

int lc_x509_cert_set_subject_email	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the subject email field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_subject_o()

int lc_x509_cert_set_subject_o	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the subject O field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_subject_ou()

int lc_x509_cert_set_subject_ou	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the subject OU field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_subject_st()

int lc_x509_cert_set_subject_st	(	struct lc_x509_certificate *	cert,
		const char *	string,
		size_t	len )

Set the subject ST field tp the certificate.

Note: The caller must keep the input data available for the lifetime of cert.; The returned pointer may not be NULL-terminated which implies that this function returns also the size of the string. Yet, it is a human readable string.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	string	Data field to set
[in]	len	Length of the data field

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_valid_from()

int lc_x509_cert_set_valid_from	(	struct lc_x509_certificate *	cert,
		time64_t	time_since_epoch )

Set the valid-from data to the certificate.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	time_since_epoch	Time in seconds since EPOCH to set

Returns: 0 on success or < 0 on error

◆ lc_x509_cert_set_valid_to()

int lc_x509_cert_set_valid_to	(	struct lc_x509_certificate *	cert,
		time64_t	time_since_epoch )

Set the valid-to data to the certificate.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	time_since_epoch	Time in seconds since EPOCH to set

Returns: 0 on success or < 0 on error

◆ lc_x509_enc_san_ip()

int lc_x509_enc_san_ip	(	struct lc_x509_certificate *	cert,
		char *	ip_name,
		uint8_t *	ip,
		size_t *	ip_len )

Helper to convert the human IP address value into binary form.

Parameters

[in]	cert	Certificate data structure to be filled with the data
[in]	ip_name	Caller-provided buffer to fill with human-readable form
[out]	ip	Caller-provided buffer of binary representation of IP address
[in]	ip_len	Length of the IP address buffer

Returns: 0 on success or < 0 on error

◆ lc_x509_get_signature_size_from_cert()

int lc_x509_get_signature_size_from_cert	(	size_t *	siglen,
		const struct lc_x509_certificate *	cert )

Return signature size derived from certificate information.

Parameters

[out]	siglen	Signature size
[in]	cert	The certificate data structure with the available public key

Returns: 0 on success or < 0 on error

◆ lc_x509_get_signature_size_from_sk()

int lc_x509_get_signature_size_from_sk	(	size_t *	siglen,
		const struct lc_x509_key_data *	keys )

Return signature size derived from private key information.

Parameters

[out]	siglen	Signature size
[in]	keys	The data structure holding the private keys

Returns: 0 on success or < 0 on error

◆ lc_x509_hash_to_name()

int lc_x509_hash_to_name	(	const struct lc_hash *	hash_algo,
		const char **	hash_name )

Helper to convert the internal representation of a hash algorithm to its human readable form.

Parameters

[in]	hash_algo	leancrypto algorithm reference
[out]	hash_name	hash algorithm in human readable form

Returns: 0 on success or < 0 on error

◆ lc_x509_keypair_gen()

int lc_x509_keypair_gen	(	struct lc_x509_certificate *	cert,
		struct lc_x509_key_data *	keys,
		enum lc_sig_types	create_keypair_algo )

Generate keypair and set it to the X.509 certificate.

Note: After this call, the X.509 certificate acts as a self-signed certificate. If another signer is to be used, use lc_x509_cert_set_signer.

Parameters

[out]	cert	X.509 certificate data structure to be filled
[out]	keys	Buffer that is filled with the newly generated key data where the buffer must have the same lifetime as `cert`
[in]	create_keypair_algo	Algorithm to generate the key pair for

Returns: 0 on success, < 0 on error

◆ lc_x509_keypair_load()

int lc_x509_keypair_load	(	struct lc_x509_certificate *	cert,
		const struct lc_x509_key_data *	keys )

Load key pair it to the X.509 certificate.

This call allows secret and / or public keys to be loaded. If only one of the types is loaded, the respective other type is not touched. For example, such freedom is needed when decoding an X.509 certificate and wanting to add the associated private key.

Note: If this call is used to load a full key pair, the X.509 certificate acts as a self-signed certificate. If another signer is to be used, use lc_x509_cert_set_signer.

Parameters

[out]	cert	X.509 certificate data structure to be filled
[in]	keys	Buffer that holds the loaded key data where the buffer must have the same lifetime as `cert`

Returns: 0 on success, < 0 on error

◆ lc_x509_name_to_eku()

int lc_x509_name_to_eku	(	const char *	name,
		uint16_t *	eku )

Helper to convert the human readable name of a EKU to its internal representation.

If there is no match, the function prints out the allowed strings.

Parameters

[in]	name	hash algorithm in human readable form
[out]	eku	leancrypto eku (note, the function ORs the value into `eku`)

Returns: 0 on success or < 0 on error

◆ lc_x509_name_to_hash()

int lc_x509_name_to_hash	(	const char *	hash_name,
		const struct lc_hash **	hash_algo )

Helper to convert the human readable name of a hash algorithm to its internal representation.

If there is no match, the function prints out the allowed strings.

Parameters

[in]	hash_name	hash algorithm in human readable form
[out]	hash_algo	leancrypto algorithm reference

Returns: 0 on success or < 0 on error

◆ lc_x509_name_to_keyusage()

int lc_x509_name_to_keyusage	(	const char *	name,
		uint16_t *	keyusage )

Helper to convert the human readable name of a keyusage to its internal representation.

If there is no match, the function prints out the allowed strings.

Parameters

[in]	name	hash algorithm in human readable form
[out]	keyusage	leancrypto keyusage (note, the function ORs the value into `keyusage`)

Returns: 0 on success or < 0 on error

◆ lc_x509_pkey_name_to_algorithm()

int lc_x509_pkey_name_to_algorithm	(	const char *	name,
		enum lc_sig_types *	pkey_algo )

Helper to convert the human readable name of a public key algorithm to its internal representation.

If there is no match, the function prints out the allowed strings.

Parameters

[in]	name	public key algorithm in human readable form
[out]	pkey_algo	leancrypto algorithm reference

Returns: 0 on success or < 0 on error

◆ lc_x509_signature_gen()

int lc_x509_signature_gen	(	uint8_t *	sig_data,
		size_t *	siglen,
		const struct lc_x509_key_data *	keys,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_hash *	prehash_algo )

Generate signature over user-supplied data.

Parameters

[out]	sig_data	Caller-supplied buffer with signature (it needs to be at least as large as reported by `lc_x509_get_signature_size_from_sk` or `lc_x509_get_signature_size_from_cert`)
[in,out]	siglen	Length of the `sig_data` buffer, the value will be updated such that it reflects the length of the signature.
[in]	keys	The data structure holding the private keys
[in]	m	Message to be signed
[in]	mlen	Length of message
[in]	prehash_algo	It is permissible that the message is prehashed. If so, it is indicated by this parameter which points to the used message digest the caller used to generate the prehashed message digest. This forces the use of the Hash[ML\|SLH\|Composite]-DSA.

Returns: 0 on success or < 0 on error

◆ lc_x509_sk_encode()

int lc_x509_sk_encode	(	const struct lc_x509_key_data *	gendata,
		uint8_t *	data,
		size_t *	avail_datalen )

Encode a private key DER structure.

The function generates a DER data blob from the private keys

Parameters

[in]	gendata	The data structure holding the private keys
[in,out]	data	Raw X.509 data blob in DER / BER format - the caller must provide the memory
[in,out]	avail_datalen	Length of the raw DER structure buffer that is free (the input value must be equal to the `data` buffer size, the output refers to how many bytes are unused)

Returns: 0 on success or < 0 on error

Functions

Detailed Description

Function Documentation

◆ lc_x509_cert_encode()

◆ lc_x509_cert_set_akid()

◆ lc_x509_cert_set_ca()

◆ lc_x509_cert_set_eku()

◆ lc_x509_cert_set_eku_val()

◆ lc_x509_cert_set_issuer_c()

◆ lc_x509_cert_set_issuer_cn()

◆ lc_x509_cert_set_issuer_email()

◆ lc_x509_cert_set_issuer_o()

◆ lc_x509_cert_set_issuer_ou()

◆ lc_x509_cert_set_issuer_st()

◆ lc_x509_cert_set_keyusage()

◆ lc_x509_cert_set_keyusage_val()

◆ lc_x509_cert_set_san_dns()

◆ lc_x509_cert_set_san_ip()

◆ lc_x509_cert_set_serial()

◆ lc_x509_cert_set_signer()

◆ lc_x509_cert_set_skid()

◆ lc_x509_cert_set_subject_c()

◆ lc_x509_cert_set_subject_cn()

◆ lc_x509_cert_set_subject_email()

◆ lc_x509_cert_set_subject_o()

◆ lc_x509_cert_set_subject_ou()

◆ lc_x509_cert_set_subject_st()

◆ lc_x509_cert_set_valid_from()

◆ lc_x509_cert_set_valid_to()

◆ lc_x509_enc_san_ip()

◆ lc_x509_get_signature_size_from_cert()

◆ lc_x509_get_signature_size_from_sk()

◆ lc_x509_hash_to_name()

◆ lc_x509_keypair_gen()

◆ lc_x509_keypair_load()

◆ lc_x509_name_to_eku()

◆ lc_x509_name_to_hash()

◆ lc_x509_name_to_keyusage()

◆ lc_x509_pkey_name_to_algorithm()

◆ lc_x509_signature_gen()

◆ lc_x509_sk_encode()