 |
TrustCore SDK NanoCert API reference
version 7.0
|
|
TrustCore SDK NanoCert API reference
version 7.0
|
SoT Platform certificate store factory. More...
Go to the source code of this file.
Macros | |
| #define | CERT_STORE_ALGO_FLAG_DSA (0x00000400L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate which has been signed using DSA. | |
| #define | CERT_STORE_ALGO_FLAG_EC192 (0x00010000L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a EC192 key. | |
| #define | CERT_STORE_ALGO_FLAG_EC224 (0x00020000L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a EC224 key. | |
| #define | CERT_STORE_ALGO_FLAG_EC25519 (0x00200000L) |
| #define | CERT_STORE_ALGO_FLAG_EC256 (0x00040000L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a EC256 key. | |
| #define | CERT_STORE_ALGO_FLAG_EC384 (0x00080000L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a EC384 key. | |
| #define | CERT_STORE_ALGO_FLAG_EC448 (0x00400000L) |
| #define | CERT_STORE_ALGO_FLAG_EC521 (0x00100000L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a EC521 key. | |
| #define | CERT_STORE_ALGO_FLAG_ECDSA (0x00000200L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate which has been signed using ECDSA. | |
| #define | CERT_STORE_ALGO_FLAG_EDDSA_25519 (0x00000800L) |
| #define | CERT_STORE_ALGO_FLAG_EDDSA_448 (0x00001000L) |
| #define | CERT_STORE_ALGO_FLAG_HYBRID (0x00002000L) |
| #define | CERT_STORE_ALGO_FLAG_INTRINSIC (0x00000040L) |
| #define | CERT_STORE_ALGO_FLAG_MD5 (0x00000001L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate where the certificate signature is computed over a MD5 digest. | |
| #define | CERT_STORE_ALGO_FLAG_RSA (0x00000100L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate which has been signed using RSA. | |
| #define | CERT_STORE_ALGO_FLAG_SHA1 (0x00000002L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate where the certificate signature is computed over a SHA-1 digest. | |
| #define | CERT_STORE_ALGO_FLAG_SHA224 (0x00000004L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate where the certificate signature is computed over a SHA-224 digest. | |
| #define | CERT_STORE_ALGO_FLAG_SHA256 (0x00000008L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate where the certificate signature is computed over a SHA-256 digest. | |
| #define | CERT_STORE_ALGO_FLAG_SHA384 (0x00000010L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate where the certificate signature is computed over a SHA-384 digest. | |
| #define | CERT_STORE_ALGO_FLAG_SHA512 (0x00000020L) |
| This flag can be OR'ed into the supportedAlgoFlags parameter into CERT_STORE_findIdentityCertChainFirst or any other certificate store API which takes in a supported algorithm flags bit field to search for a certificate where the certificate signature is computed over a SHA-512 digest. | |
Typedefs | |
| typedef MSTATUS(* | CERT_STORE_MatchFun) (MOC_ASYM(hwAccelDescr hwAccelCtx) const void *arg, const ubyte *testCert, ubyte4 testCertLen) |
| Certificate store callback. More... | |
| typedef struct certStore * | certStorePtr |
| typedef sbyte4(* | ExtendedDataCallback) (sbyte4 extDataIdentifier, enum dataType *pType, enum dataEncoding *pFormat, sbyte **ppBuffer, sbyte4 *pBufferLen) |
Enumerations | |
| enum | authTypes { CERT_STORE_AUTH_TYPE_RSA = 0, CERT_STORE_AUTH_TYPE_ECDSA = 1, CERT_STORE_AUTH_TYPE_DSA = 2, CERT_STORE_AUTH_TYPE_RSA_PSS = 3, CERT_STORE_AUTH_TYPE_EDDSA = 4, CERT_STORE_AUTH_TYPE_HYBRID = 5, CERT_STORE_AUTH_TYPE_ARRAY_SIZE = 6 } |
| The certificate store places identities into algorithm indexes. More... | |
| enum | identityTypes { CERT_STORE_IDENTITY_TYPE_NAKED = 0, CERT_STORE_IDENTITY_TYPE_CERT_X509_V3 = 1, CERT_STORE_IDENTITY_TYPE_ARRAY_SIZE = 2 } |
| The certificate store has two types of identities. More... | |
Functions | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentity (certStorePtr pCertStore, const ubyte *pDerCert, ubyte4 derCertLength, const ubyte *pKeyBlob, ubyte4 keyBlobLength) |
| Load a certificate and key pair into the certificate store. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentityEx (certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, ubyte *pDerCert, ubyte4 derCertLength, ubyte *pKeyBlob, ubyte4 keyBlobLength) |
| This is the same as CERT_STORE_addIdentity except the caller also supplies an "alias". More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentityNakedKey (certStorePtr pCertStore, const ubyte *pKeyBlob, ubyte4 keyBlobLength) |
| This API adds a key blob to the certificate store. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentityNakedKeyEx (certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, ubyte *pKeyBlob, ubyte4 keyBlobLength) |
| This is the same as CERT_STORE_addIdentityNakedKey, except the caller also supplies an "alias". More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentityPSK (certStorePtr pCertStore, const ubyte *pPskIdentity, ubyte4 pskIdentityLength, const ubyte *pPskHint, ubyte4 pskHintLength, const ubyte *pPskSecret, ubyte4 pskSecretLength) |
| Add a PSK to the certificate store. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentityWithCertificateChain (certStorePtr pCertStore, struct SizedBuffer *certificates, ubyte4 numCertificate, const ubyte *pKeyBlob, ubyte4 keyBlobLength) |
| This is the same as CERT_STORE_addIdentity except the caller can specify multiple certificates. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentityWithCertificateChainEx (certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct SizedBuffer *certificates, ubyte4 numCertificate, const ubyte *pKeyBlob, ubyte4 keyBlobLength) |
| This is the same as CERT_STORE_addIdentityWithCertificateChain, except the caller also supplies an "alias". More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentityWithCertificateChainExtData (certStorePtr pCertStore, struct SizedBuffer *certificates, ubyte4 numCertificate, const ubyte *pKeyBlob, ubyte4 keyBlobLength, ExtendedDataCallback extDataFunc, sbyte4 extDataIdentifier) |
| This is the same as CERT_STORE_addIdentityWithCertificateChain, except the caller also supplies a callback and identifier. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addIdentityWithCertificateChainExtDataEx (certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct SizedBuffer *certificates, ubyte4 numCertificate, const ubyte *pKeyBlob, ubyte4 keyBlobLength, ExtendedDataCallback extDataFunc, sbyte4 extDataIdentifier) |
| This is the same as CERT_STORE_addIdentityWithCertificateChain, except the caller also supplies a callback and identifier. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_addTrustPoint (certStorePtr pCertStore, const ubyte *pDerTrustPoint, ubyte4 derTrustPointLength) |
| Add a trust point to a Digicert SoT Platform certificate store. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_createStore (certStorePtr *ppNewStore) |
| Create a certificate store object. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findCertificateByIssuerSerialNumber (const certStorePtr pCertStore, const ubyte *pIssuer, ubyte4 issuerLength, const ubyte *serialNumber, ubyte4 serialNumberLength, const ubyte **ppRetDerCert, ubyte4 *ppRetDerCertLength, const struct AsymmetricKey **pRetPrivateKey) |
| Retrieve the certificate and associated private key if available. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityByAlias (certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct AsymmetricKey **ppReturnIdentityKey, ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength) |
| Find the identity in the cert store associated with the given "alias". More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityByAliasAndAlgo (certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 *pSupportedCertKeyAlgos, ubyte4 supportedCertKeyAlgosLen, ubyte4 *pSupportedSignAlgos, ubyte4 supportedSignAlgosLen, ubyte *pAlias, ubyte4 aliasLen, struct AsymmetricKey **ppReturnIdentityKey, struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumCertificates, void **ppRetHint) |
| Find the identity in the cert store associated with the given "alias" and verify it satisfies a given public key type, a given keyUsage, and membership in a list of supported cert key algorithms, and membership in a list of supported sign algorithms. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityByAliasEx (certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct AsymmetricKey **ppReturnIdentityKey, struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumCertificates) |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityByTypeFirst (const certStorePtr pCertStore, enum authTypes authType, enum identityTypes identityType, const struct AsymmetricKey **ppRetIdentityKey, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength, void **ppRetHint) |
| Retrieve the first identity stored for the specified auth type and identity type. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityByTypeNext (const certStorePtr pCertStore, enum authTypes authType, enum identityTypes identityType, const struct AsymmetricKey **ppRetIdentityKey, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength, void **ppRetHint) |
| This function continues the search for a hint. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityCertChainFirst (const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte4 supportedAlgoFlags, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint) |
| Retrieve the first identity stored for the specified key type and supported algorithm. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityCertChainFirstEx (const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 supportedAlgoFlags, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint) |
| Retrieve the first identity stored for the specified key type and supported algorithm. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityCertChainFirstFromList (const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 *pSupportedCertKeyIds, ubyte4 supportedCertKeyIdsLen, ubyte4 *pSupportedSignAlgoIds, ubyte4 supportedSignAlgoIdsLen, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint) |
| Retrieve the first identity stored for the specified key type and supported algorithms. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityCertChainNext (const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte4 supportedKeyTypeAndAlgoFlags, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint) |
| Continue the search for an identity from the hint provided. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityCertChainNextEx (const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 supportedKeyTypeAndAlgoFlags, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint) |
| Continue the search for an identity from the hint provided. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findIdentityCertChainNextFromList (const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 *pSupportedCertKeyIds, ubyte4 supportedCertKeyIdsLen, ubyte4 *pSupportedSignAlgoIds, ubyte4 supportedSignAlgoIdsLen, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint) |
| Continue the search for an identity from the hint provided. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findTrustPointBySubject (MOC_ASYM(hwAccelDescr hwAccelCtx) const certStorePtr pCertStore, const ubyte *subject, ubyte4 subjectLength, const void *cbArg, CERT_STORE_MatchFun cb, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength) |
| Find a trusted certificate by subject and user defined callback. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findTrustPointBySubjectFirst (const certStorePtr pCertStore, const ubyte *subject, ubyte4 subjectLength, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength, const void **iterator) |
| Find a trusted certificate by subject. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_findTrustPointBySubjectNext (const void **iterator, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength) |
| This function continues a search for a certificate based on the iterator. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_getIdentityPairExtData (void *pIdentity, ExtendedDataCallback *pExtDataFunc, sbyte4 *pExtDataIdentifier) |
| MOC_EXTERN MSTATUS | CERT_STORE_releaseStore (certStorePtr *ppReleaseStore) |
| Delete a certificate store object. More... | |
| MOC_EXTERN MSTATUS | CERT_STORE_updateIdentityByAlias (certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct SizedBuffer *pCertChain, ubyte4 certChainCount, const ubyte *pKeyBlob, ubyte4 keyBlobLen) |
| MOC_EXTERN MSTATUS | CERT_STORE_updateIdentityByAliasExtData (certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct SizedBuffer *pCertChain, ubyte4 certChainCount, const ubyte *pKeyBlob, ubyte4 keyBlobLen, ExtendedDataCallback extDataFunc, sbyte4 extDataIdentifier) |
This header file contains structures, enumerations, and function declarations used for SoT Platform certificate stores.
(new structure fields, functions, tc.)
No flag definitions are required to use this file.
| typedef MSTATUS(* CERT_STORE_MatchFun) (MOC_ASYM(hwAccelDescr hwAccelCtx) const void *arg, const ubyte *testCert, ubyte4 testCertLen) |
This callback is specified by the caller when calling certificate store APIs. When searching through identities in the certificate store, there may be attributes that the caller is looking for that are not stored in the identity. The certificate store provides APIs where the caller may provide a callback where the caller can parse the certificate and check whether the certificate is suitable or not.
If this API returns OK then the certificate store will return the identity back to the caller, otherwise the certificate store will continue searching through identities. Note that certificate store APIs may not all use the callback in the same manner.
| arg | User provided callback argument. |
| testCert | The certificate found. |
| testCertLen | The certificate length. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. | enum authTypes |
These indexes may be passed into the certificate store to search through all the identites for a particular algorithm.
| enum identityTypes |
When loading only a key into the certificate store, the key will be stored in CERT_STORE_IDENTITY_TYPE_NAKED. Certificates and certificate/key pairs are stored in the CERT_STORE_IDENTITY_TYPE_CERT_X509_V3 index. These values can be passed into the certificate store APIs to search through all the identities stored for that index.