mbedtls_asn1_buf struct

Retrieve an AlgorithmIdentifier ASN.1 sequence. Updates the pointer to immediately behind the full AlgorithmIdentifier.

Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params. Updates the pointer to immediately behind the full AlgorithmIdentifier.

Translate hash algorithm OID into md_type

Store the certificate serial in printable form into buf; no more than size characters will be written.

This function parses an item in the SubjectAlternativeNames extension. Please note that this function might allocate additional memory for a subject alternative name, thus mbedtls_x509_free_subject_alt_name has to be called to dispose of this additional memory afterwards. \warning The target structure contains pointers to the raw data of the parsed certificate, and its lifetime is restricted by the lifetime of the certificate.

Translate an ASN.1 OID into its numeric representation (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")

Translate an X.509 extension OID into local values

Translate a string containing a dotted-decimal representation of an ASN.1 OID into its encoded form (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). On success, this function allocates oid->buf from the heap. It must be freed by the caller using mbedtls_free().

Translate an X.509 attribute type OID into the short name (e.g. the OID for an X520 Common Name into "CN")

Translate PublicKeyAlgorithm OID into pk_type

Translate NamedCurve OID into an EC group identifier

Translate AlgorithmIdentifier OID into an EC group identifier, for curves that are directly encoded at this level

Translate SignatureAlgorithm OID into md_type and pk_type

Translate SignatureAlgorithm OID into description

Translate hmac algorithm OID into md_type

Translate Extended Key Usage OID into description

Translate certificate policies OID into description

Translate encryption algorithm OID into cipher_type

Translate PKCS#12 PBE algorithm OID into md_type and cipher_type

PKCS#5 PBES2 function \warning When decrypting: - This function validates the CBC padding and returns #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).

PKCS12 Password Based function (encryption / decryption) for cipher-based and mbedtls_md-based PBE's \warning When decrypting: - This function validates the CBC padding and returns #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).

DigestAlgorithmIdentifier ::= AlgorithmIdentifier This is from x509.h

SignerInfo ::= SEQUENCE { version Version; issuerAndSerialNumber IssuerAndSerialNumber, digestAlgorithm DigestAlgorithmIdentifier, authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL, digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, encryptedDigest EncryptedDigest, unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL, Returns 0 if the signerInfo is valid. Return negative error code for failure. Structure must not contain vales for authenticatedAttributes and unauthenticatedAttributes.

Unsorted (yet!) from this point on until the next section header

DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier

ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }

SignerInfos ::= SET of SignerInfo Return number of signers added to the signed data, 0 or higher is valid. Return negative error code for failure.

EncryptedDigest ::= OCTET STRING