artik_security_module Struct Reference
Security module operations. More...
#include <base/artik_security.h>
Data Fields | |
| artik_error(* | request )(artik_security_handle *handle) |
| Request a security instance. More... | |
| artik_error(* | release )(artik_security_handle handle) |
| Release a security instance. More... | |
| artik_error(* | get_certificate )(artik_security_handle handle, artik_security_certificate_id cert_id, char **cert) |
| Get the certificate cert_id stored in the SE. More... | |
| artik_error(* | get_key_from_cert )(artik_security_handle handle, const char *cert, char **key) |
| Get private key from the certificate stored in the SE. More... | |
| artik_error(* | get_ca_chain )(artik_security_handle handle, artik_security_certificate_id cert_id, char **chain) |
| Get the root CA and the intermediate certificates stored in the SE. More... | |
| artik_error(* | get_random_bytes )(artik_security_handle handle, unsigned char *rand, int len) |
| Generate true random bytes. More... | |
| artik_error(* | get_certificate_sn )(artik_security_handle handle, artik_security_certificate_id cert_id, unsigned char *sn, unsigned int *len) |
| Get the serial number from the certificate. More... | |
| artik_error(* | get_ec_pubkey_from_cert )(const char *cert, char **key) |
| Get EC public key from the certificate passed as parameter. More... | |
| artik_error(* | verify_signature_init )(artik_security_handle *handle, const char *signature_pem, const char *root_ca, const artik_time *signing_time_in, artik_time *signing_time_out) |
| Initialize verification of PKCS7 signature against a signed binary. More... | |
| artik_error(* | verify_signature_update )(artik_security_handle handle, unsigned char *data, unsigned int data_len) |
| Feed data of the signed binary to the verification process. More... | |
| artik_error(* | verify_signature_final )(artik_security_handle handle) |
| Finalize signature verification process and return final result. More... | |
| artik_error(* | convert_pem_to_der )(const char *pem_data, unsigned char **der_data, int *length) |
| Convert a certificate or a key from PEM format to DER format. More... | |
Detailed Description
Structure containing all the exposed operations exposed by the Security module
- Examples:
- security_test/artik_security_test.c.
Definition at line 77 of file artik_security.h.
Field Documentation
| artik_error(* artik_security_module::convert_pem_to_der) (const char *pem_data, unsigned char **der_data, int *length) |
Only x509 public certificates, EC public key and EC private key are supported.
- Parameters
-
[in] pem_data Data in PEM format [out] der_data Data from the conversion into DER format [out] length Length of the data
- Returns
- S_OK on success, error code otherwise
Definition at line 291 of file artik_security.h.
| artik_error(* artik_security_module::get_ca_chain) (artik_security_handle handle, artik_security_certificate_id cert_id, char **chain) |
- Parameters
-
[in] handle Handle tied to a requested security instance. This handle is returned by the request function. [in] Certificate identifier [out] chain Pointer to a string that will be allocated by the function and filled with the content of the CA and the intermediate certificates in PEM format. This string must be freed by the calling function.
- Returns
- S_OK on success, error code otherwise
- Examples:
- security_test/artik_security_test.c.
Definition at line 161 of file artik_security.h.
| artik_error(* artik_security_module::get_certificate) (artik_security_handle handle, artik_security_certificate_id cert_id, char **cert) |
- Parameters
-
[in] handle Handle tied to a requested security instance. This handle is returned by the request function. [in] Certificate identifier [out] cert Pointer to a string that will be allocated by the function and filled with the content of the certificate. This string must be freed by the calling function.
This function get the certificate stored in the SE and change the certifcate used in artiksee to perform signature with ECDSA algorithm.
- Returns
- S_OK on success, error code otherwise
- Examples:
- security_test/artik_security_test.c.
Definition at line 123 of file artik_security.h.
| artik_error(* artik_security_module::get_certificate_sn) (artik_security_handle handle, artik_security_certificate_id cert_id, unsigned char *sn, unsigned int *len) |
- Parameters
-
[in] handle Handle tied to a requested security instance. This handle is returned by the request function. [in] Certificate identifier [out] sn preallocated array provided by the user [in,out] len size of the pointer preallocated and set after the pointer was filled.
- Returns
- S_OK on success, error code otherwise
- Examples:
- security_test/artik_security_test.c.
Definition at line 193 of file artik_security.h.
| artik_error(* artik_security_module::get_ec_pubkey_from_cert) (const char *cert, char **key) |
- Parameters
-
[in] cert Pointer to a string containing the certificate to retrieve the EC public key [out] key Pointer to a string that will be allocated by the function and filled with the content of the key. This string must be freed by the calling function.
- Returns
- S_OK on success, error code otherwise
Definition at line 210 of file artik_security.h.
| artik_error(* artik_security_module::get_key_from_cert) (artik_security_handle handle, const char *cert, char **key) |
- Parameters
-
[in] handle Handle tied to a requested security instance. This handle is returned by the request function. [in] cert Pointer to a string containing the certificate to generate the private key from [out] key Pointer to a string that will be allocated by the function and filled with the content of the key. This string must be freed by the calling function.
- Returns
- S_OK on success, error code otherwise
- Examples:
- security_test/artik_security_test.c.
Definition at line 143 of file artik_security.h.
| artik_error(* artik_security_module::get_random_bytes) (artik_security_handle handle, unsigned char *rand, int len) |
- Parameters
-
[in] handle Handle tied to a requested security instance. This handle is returned by the request function. [out] rand Pointer to a preallocated array that will be filled with the generated random bytes [in] len Number of random bytes to generate
- Returns
- S_OK on success, error code otherwise
- Examples:
- security_test/artik_security_test.c.
Definition at line 177 of file artik_security.h.
| artik_error(* artik_security_module::release) (artik_security_handle handle) |
- Parameters
-
[in] handle Handle tied to the requested security instance to be released. This handle is returned by the request function.
- Returns
- S_OK on success, error code otherwise
- Examples:
- security_test/artik_security_test.c.
Definition at line 102 of file artik_security.h.
| artik_error(* artik_security_module::request) (artik_security_handle *handle) |
- Parameters
-
[out] handle Handle tied to the requested security instance returned by the function.
This function loads the 'artiksee' OpenSSL engine. Loading this engine allows performing TLS handshake with the client certificate stored in SE. You can change the certificate used in the handshake by calling get_certificate. By default the ARTIK certificate is used.
- Returns
- S_OK on success, error code otherwise
- Examples:
- security_test/artik_security_test.c.
Definition at line 91 of file artik_security.h.
| artik_error(* artik_security_module::verify_signature_final) (artik_security_handle handle) |
Calls to this function must be made after proper initialization of the signature verification process (verify_signature_init) and after signed data has been fed using the verify_signature_update function.
- Parameters
-
[in] handle Handle returned by verify_signature_init after initialization of the verification process.
- Returns
- S_OK on signature verification success, error code otherwise
Signature verification related errors are listed below: E_SECURITY_ERROR (-7000) E_SECURITY_INVALID_X509 (-7001) E_SECURITY_INVALID_PKCS7 (-7002) E_SECURITY_CA_VERIF_FAILED (-7003) E_SECURITY_DIGEST_MISMATCH (-7004) E_SECURITY_SIGNATURE_MISMATCH (-7005) E_SECURITY_SIGNING_TIME_ROLLBACK (-7006)
Definition at line 276 of file artik_security.h.
| artik_error(* artik_security_module::verify_signature_init) (artik_security_handle *handle, const char *signature_pem, const char *root_ca, const artik_time *signing_time_in, artik_time *signing_time_out) |
- Parameters
-
[out] handle signing handle returned by the API. It must be passed to subsequent calls to verify_signature_update and verify_signature_final. [in] signature_pem PKCS7 signature in a PEM encoded string. [in] root_ca X509 certificate of the root CA against which to verify the signer certificate in a PEM encoded string. [in] signing_time_in If provided, the verification function fails if the date occured before the signing time specified in the PKCS7 signature. [out] signing_time_out If provided, this ate is filled up with the signing time extracted from the PKCS7 data.
- Returns
- S_OK on success, error code otherwise
Definition at line 231 of file artik_security.h.
| artik_error(* artik_security_module::verify_signature_update) (artik_security_handle handle, unsigned char *data, unsigned int data_len) |
Subsequent calls to this same function specifiying various data lengths can be made to feed big amount of data to the verification process.
- Parameters
-
[in] handle Handle returned by verify_signature_init after initialization of the verification process. [in] data Pointer to a buffer containing a portion of the data to feed. [in] data_len Length of the buffer passed in the data parameter.
- Returns
- S_OK on success, error code otherwise
Definition at line 251 of file artik_security.h.
The documentation for this struct was generated from the following file:
- inc/base/artik_security.h
Last updated on: