TrustCore SDK NanoCert API reference  version 7.0
cert_store.h
Go to the documentation of this file.
1 /*
2  * cert_store.h
3  *
4  * Certificate Store Header
5  *
6  * Copyright 2019-2024 DigiCert, Inc. All Rights Reserved.
7  * Proprietary and Confidential Material.
8  *
9  */
10 
32 #include "../common/initmocana.h"
33 
34 #ifndef __CERT_STORE_HEADER__
35 #define __CERT_STORE_HEADER__
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 /*------------------------------------------------------------------*/
42 
47 #ifndef MAX_SIZE_CERT_STORE_TRUST_HASH_TABLE
48 #define MAX_SIZE_CERT_STORE_TRUST_HASH_TABLE (0x1f)
49 #endif
50 
51 /* left first octet is reserved */
52 #define CERT_STORE_ALGO_FLAG_RESERVED (0xFF000000L)
53 /* left second octet is for ECDSA curves */
54 #define CERT_STORE_ALGO_FLAG_ECCURVES (0x00FF0000L)
55 /* left third octet is for sign keyType */
56 #define CERT_STORE_ALGO_FLAG_SIGNKEYTYPE (0x0000FF00L)
57 /* right most octet is for HASH algorithms */
58 #define CERT_STORE_ALGO_FLAG_HASHALGO (0x000000FFL)
59 
60 /* Function Like Macros for setting algo id's for a cert key or sign algo */
61 #define CERT_STORE_ALGO_ID_SET_KEYTYPE( id, value) (id) |= (((value) & 0xff) << 24 )
62 #define CERT_STORE_ALGO_ID_SET_HASH( id, value) (id) |= (((value) & 0xff) << 16 )
63 #define CERT_STORE_ALGO_ID_SET_QSALG( id, value) (id) |= (((value) & 0xffff) << 8 )
64 #define CERT_STORE_ALGO_ID_SET_CURVE( id, value) (id) |= ((value) & 0xff)
65 
66 #define CERT_STORE_ALGO_ID_GET_KEYTYPE(id) ((id & 0xff000000) >> 24)
67 #define CERT_STORE_ALGO_ID_GET_HASH(id) ((id & 0x00ff0000) >> 16)
68 
69 #define CERT_STORE_ALGO_ID_HASH_MASK (0x00ff0000L)
70 
71 #define CERT_STORE_ALGO_ID_MASK_REMOVE_HASH_MASK (~CERT_STORE_ALGO_ID_HASH_MASK)
72 #define CERT_STORE_ALGO_ID_MASK_REMOVE_CURVE_MASK (0xffffff00L)
73 
78 /* individual flags: ec curves */
85 #define CERT_STORE_ALGO_FLAG_EC192 (0x00010000L)
86 
92 #define CERT_STORE_ALGO_FLAG_EC224 (0x00020000L)
93 
99 #define CERT_STORE_ALGO_FLAG_EC256 (0x00040000L)
100 
106 #define CERT_STORE_ALGO_FLAG_EC384 (0x00080000L)
107 
113 #define CERT_STORE_ALGO_FLAG_EC521 (0x00100000L)
114 #define CERT_STORE_ALGO_FLAG_EC25519 (0x00200000L)
115 #define CERT_STORE_ALGO_FLAG_EC448 (0x00400000L)
116 
117 /* individual flags: signing keyType */
124 #define CERT_STORE_ALGO_FLAG_RSA (0x00000100L)
125 
131 #define CERT_STORE_ALGO_FLAG_ECDSA (0x00000200L)
132 
138 #define CERT_STORE_ALGO_FLAG_DSA (0x00000400L)
139 #define CERT_STORE_ALGO_FLAG_EDDSA_25519 (0x00000800L)
140 #define CERT_STORE_ALGO_FLAG_EDDSA_448 (0x00001000L)
141 #define CERT_STORE_ALGO_FLAG_HYBRID (0x00002000L)
142 
143 /* individual flags: hash algos */
150 #define CERT_STORE_ALGO_FLAG_MD5 (0x00000001L)
151 
157 #define CERT_STORE_ALGO_FLAG_SHA1 (0x00000002L)
158 
165 #define CERT_STORE_ALGO_FLAG_SHA224 (0x00000004L)
166 
173 #define CERT_STORE_ALGO_FLAG_SHA256 (0x00000008L)
174 
181 #define CERT_STORE_ALGO_FLAG_SHA384 (0x00000010L)
182 
189 #define CERT_STORE_ALGO_FLAG_SHA512 (0x00000020L)
190 #define CERT_STORE_ALGO_FLAG_INTRINSIC (0x00000040L)
191 
192 /*------------------------------------------------------------------*/
193 
199 enum authTypes
200 {
201  CERT_STORE_AUTH_TYPE_RSA = 0,
202  CERT_STORE_AUTH_TYPE_ECDSA = 1,
203  CERT_STORE_AUTH_TYPE_DSA = 2,
204  CERT_STORE_AUTH_TYPE_RSA_PSS = 3,
205  CERT_STORE_AUTH_TYPE_EDDSA = 4,
206  CERT_STORE_AUTH_TYPE_HYBRID = 5,
207  CERT_STORE_AUTH_TYPE_ARRAY_SIZE = 6 /* needs to be last */
208 };
209 
218 enum identityTypes
219 {
220  CERT_STORE_IDENTITY_TYPE_NAKED = 0,
221  CERT_STORE_IDENTITY_TYPE_CERT_X509_V3 = 1,
222  CERT_STORE_IDENTITY_TYPE_ARRAY_SIZE = 2 /* needs to be last */
223 };
224 
225 /*------------------------------------------------------------------*/
226 
227 struct AsymmetricKey;
228 struct certStore;
229 struct SizedBuffer;
230 
231 typedef struct certStore* certStorePtr;
232 
233 #if defined(__ENABLE_MOCANA_MINIMAL_CA__)
234 struct certStoreIssuer;
235 typedef struct certStoreIssuer* certStoreIssuerPtr;
236 #endif
237 
238 typedef sbyte4 (*ExtendedDataCallback)(sbyte4 extDataIdentifier, enum dataType *pType, enum dataEncoding *pFormat,
239  sbyte **ppBuffer, sbyte4 *pBufferLen);
240 
241 /*------------------------------------------------------------------*/
242 
260 MOC_EXTERN MSTATUS CERT_STORE_createStore (
261  certStorePtr *ppNewStore
262  );
263 
279 MOC_EXTERN MSTATUS CERT_STORE_releaseStore (
280  certStorePtr *ppReleaseStore
281  );
282 
287 /* Load a MocCtx into this cert store. If later operations need it, it's there.
288  * This function will acquire a reference to the MocCtx, and then when the store
289  * is released, it will release it. That is, the caller does not need to do
290  * anything beyond calling _releaseStore (which it is already doing, right?).
291  */
292 MOC_EXTERN MSTATUS CERT_STORE_loadMocCtx (
293  certStorePtr pCertStore,
294  MocCtx pMocCtx
295  );
296 
297 /* handy conversion functions */
298 MOC_EXTERN MSTATUS CERT_STORE_convertCertStoreKeyTypeToPubKeyType(ubyte4 certStoreKeyType, ubyte4 *pRetPubKeyType);
299 
304 /* add identity */
305 #ifndef __DISABLE_MOCANA_CERTIFICATE_PARSING__
306 
337 MOC_EXTERN MSTATUS CERT_STORE_addIdentity (
338  certStorePtr pCertStore,
339  const ubyte *pDerCert,
340  ubyte4 derCertLength,
341  const ubyte *pKeyBlob,
342  ubyte4 keyBlobLength
343  );
344 
383 MOC_EXTERN MSTATUS CERT_STORE_addIdentityEx (
384  certStorePtr pCertStore,
385  ubyte *pAlias,
386  ubyte4 aliasLen,
387  ubyte *pDerCert,
388  ubyte4 derCertLength,
389  ubyte *pKeyBlob,
390  ubyte4 keyBlobLength
391  );
392 
421 MOC_EXTERN MSTATUS CERT_STORE_addIdentityWithCertificateChain (
422  certStorePtr pCertStore,
423  struct SizedBuffer *certificates,
424  ubyte4 numCertificate,
425  const ubyte *pKeyBlob,
426  ubyte4 keyBlobLength
427  );
428 
457 MOC_EXTERN MSTATUS
458 CERT_STORE_addIdentityWithCertificateChainExtData(certStorePtr pCertStore,
459  struct SizedBuffer *certificates,
460  ubyte4 numCertificate,
461  const ubyte *pKeyBlob,
462  ubyte4 keyBlobLength,
463  ExtendedDataCallback extDataFunc,
464  sbyte4 extDataIdentifier
465  );
466 
495 MOC_EXTERN MSTATUS CERT_STORE_addIdentityWithCertificateChainExtDataEx (
496  certStorePtr pCertStore,
497  ubyte *pAlias,
498  ubyte4 aliasLen,
499  struct SizedBuffer *certificates,
500  ubyte4 numCertificate,
501  const ubyte *pKeyBlob,
502  ubyte4 keyBlobLength,
503  ExtendedDataCallback extDataFunc,
504  sbyte4 extDataIdentifier
505  );
506 
542 MOC_EXTERN MSTATUS CERT_STORE_addIdentityWithCertificateChainEx (
543  certStorePtr pCertStore,
544  ubyte *pAlias,
545  ubyte4 aliasLen,
546  struct SizedBuffer *certificates,
547  ubyte4 numCertificate,
548  const ubyte *pKeyBlob,
549  ubyte4 keyBlobLength
550  );
551 
552 #endif /* ifndef __DISABLE_MOCANA_CERTIFICATE_PARSING__ */
553 
570 MOC_EXTERN MSTATUS CERT_STORE_addIdentityNakedKey (
571  certStorePtr pCertStore,
572  const ubyte *pKeyBlob,
573  ubyte4 keyBlobLength
574  );
575 
596 MOC_EXTERN MSTATUS CERT_STORE_addIdentityNakedKeyEx (
597  certStorePtr pCertStore,
598  ubyte *pAlias,
599  ubyte4 aliasLen,
600  ubyte *pKeyBlob,
601  ubyte4 keyBlobLength
602  );
603 
630 MOC_EXTERN MSTATUS CERT_STORE_addIdentityPSK(certStorePtr pCertStore,
631  const ubyte *pPskIdentity,
632  ubyte4 pskIdentityLength,
633  const ubyte *pPskHint,
634  ubyte4 pskHintLength,
635  const ubyte *pPskSecret,
636  ubyte4 pskSecretLength);
637 
638 #ifndef __DISABLE_MOCANA_CERTIFICATE_PARSING__
639 
660 MOC_EXTERN MSTATUS CERT_STORE_addTrustPoint(certStorePtr pCertStore,
661  const ubyte *pDerTrustPoint,
662  ubyte4 derTrustPointLength);
663 
664 #ifdef __ENABLE_MOCANA_CV_CERT__
665 
688 MOC_EXTERN MSTATUS CERT_STORE_CVC_addTrustPoint(certStorePtr pCertStore,
689  const ubyte *pTrustPoint,
690  ubyte4 trustPointLength);
691 
692 #endif
693 
722 MOC_EXTERN MSTATUS CERT_STORE_findTrustPointBySubjectFirst(const certStorePtr pCertStore,
723  const ubyte *subject,
724  ubyte4 subjectLength,
725  const ubyte **ppRetDerCert,
726  ubyte4 *pRetDerCertLength,
727  const void** iterator);
728 
750 MOC_EXTERN MSTATUS CERT_STORE_findTrustPointBySubjectNext(const void** iterator,
751  const ubyte **ppRetDerCert,
752  ubyte4* pRetDerCertLength);
753 
754 
755 /* test function: return OK if match, ERR_FALSE if no match, anything else to
756  stop the search */
776 typedef MSTATUS (*CERT_STORE_MatchFun) (MOC_ASYM(hwAccelDescr hwAccelCtx)
777  const void* arg,
778  const ubyte* testCert,
779  ubyte4 testCertLen);
780 
812 MOC_EXTERN MSTATUS CERT_STORE_findTrustPointBySubject(MOC_ASYM(hwAccelDescr hwAccelCtx)
813  const certStorePtr pCertStore,
814  const ubyte* subject,
815  ubyte4 subjectLength,
816  const void* cbArg,
817  CERT_STORE_MatchFun cb,
818  const ubyte** ppRetDerCert,
819  ubyte4* pRetDerCertLength);
820 
824 MOC_EXTERN MSTATUS CERT_STORE_traverseTrustPoints(MOC_ASYM(hwAccelDescr hwAccelCtx)
825  const certStorePtr pCertStore,
826  const void* cbArg,
827  CERT_STORE_MatchFun cb);
831 #endif
832 
877 MOC_EXTERN MSTATUS CERT_STORE_findIdentityByAlias (
878  certStorePtr pCertStore,
879  ubyte *pAlias,
880  ubyte4 aliasLen,
881  struct AsymmetricKey **ppReturnIdentityKey,
882  ubyte **ppRetDerCert,
883  ubyte4 *pRetDerCertLength
884  );
885 
945 MOC_EXTERN MSTATUS CERT_STORE_findIdentityByAliasAndAlgo (
946  certStorePtr pCertStore,
947  ubyte4 pubKeyType,
948  ubyte2 keyUsage,
949  ubyte4 *pSupportedCertKeyAlgos,
950  ubyte4 supportedCertKeyAlgosLen,
951  ubyte4 *pSupportedSignAlgos,
952  ubyte4 supportedSignAlgosLen,
953  ubyte *pAlias,
954  ubyte4 aliasLen,
955  struct AsymmetricKey **ppReturnIdentityKey,
956  struct SizedBuffer **ppRetCertificates,
957  ubyte4 *pRetNumCertificates,
958  void **ppRetHint
959  );
960 
961 /* Find the identity in the cert store associated with the given "alias".
962  * <p>The function will look through the given store, and compare the alias in
963  * each entry with the one passed in. If it is the same, it will return the key
964  * and cert chain from that entry.
965  * <p>Note that an entry might have only a key or a cert, or both a key and cert.
966  * <p>The function will return references to the key and cert insde the store, it
967  * will not build a new AsymmetricKey object, nor will it allocate memory for the
968  * cert it returns. Do not alter or uninit the key and do not alter or free the
969  * cert buffer returned.
970  * <p>If the function cannot find an entry with the given alias, it will set the
971  * return key and cert chain args to NULL/0 and return OK. That is, if it finds no
972  * entry, that is not an error, it simply indicates there is no entry with that
973  * alias.
974  * <p>You might only want a key, and not a cert. If so, you can pass NULL for the
975  * ppRetDerCert and pRetDerCertLen args. That is not an error. The function will
976  * return a reference to the key and not a cert. Similarly, you can pass NULL for
977  * the key and receive only a cert chain.
978  * <p>It is possible an entry has no key, only a cert. This function will return
979  * a pointer to an AsymmetricKey, but it might be empty. Check the return key's
980  * type. If it is 0 (akt_undefined), there is no key.
981  *
982  * @param pCertStore The store to search.
983  * @param pAlias The alias, or name of the entry, against which the cert will be
984  * made.
985  * @param aliasLen The length, in bytes, of the alias.
986  * @param ppReturnIdentityKey If not NULL, the address where the function will
987  * deposit a reference to the key object inside the cert store for the entry
988  * associated with the alias.
989  * @param ppRetCertificates If not NULL, the address where the function will
990  * deposit a reference to the cert chain corresponding to the entry.
991  * for the given alias.
992  * @param pRetNumCertificates If not NULL, the address where the function will
993  * deposit the number of certificates in the returned chain.
994  * @return \c OK (0) if successful; otherwise a negative number error code
995  * definition from merrors.h. To retrieve a string containing an
996  * English text error identifier corresponding to the function's
997  * returned error status, use the \c DISPLAY_ERROR macro.
998  */
999 MOC_EXTERN MSTATUS CERT_STORE_findIdentityByAliasEx (
1000  certStorePtr pCertStore,
1001  ubyte *pAlias,
1002  ubyte4 aliasLen,
1003  struct AsymmetricKey **ppReturnIdentityKey,
1004  struct SizedBuffer **ppRetCertificates,
1005  ubyte4 *pRetNumCertificates
1006  );
1007 
1008 MOC_EXTERN MSTATUS CERT_STORE_updateIdentityByAliasExtData (
1009  certStorePtr pCertStore,
1010  ubyte *pAlias,
1011  ubyte4 aliasLen,
1012  struct SizedBuffer *pCertChain,
1013  ubyte4 certChainCount,
1014  const ubyte *pKeyBlob,
1015  ubyte4 keyBlobLen,
1016  ExtendedDataCallback extDataFunc,
1017  sbyte4 extDataIdentifier
1018  );
1019 
1020 MOC_EXTERN MSTATUS CERT_STORE_getIdentityPairExtData (
1021  void *pIdentity,
1022  ExtendedDataCallback *pExtDataFunc,
1023  sbyte4 *pExtDataIdentifier
1024 );
1025 
1026 MOC_EXTERN MSTATUS CERT_STORE_updateIdentityByAlias (
1027  certStorePtr pCertStore,
1028  ubyte *pAlias,
1029  ubyte4 aliasLen,
1030  struct SizedBuffer *pCertChain,
1031  ubyte4 certChainCount,
1032  const ubyte *pKeyBlob,
1033  ubyte4 keyBlobLen
1034  );
1035 
1071 MOC_EXTERN MSTATUS CERT_STORE_findIdentityByTypeFirst(const certStorePtr pCertStore,
1072  enum authTypes authType,
1073  enum identityTypes identityType,
1074  const struct AsymmetricKey** ppRetIdentityKey,
1075  const ubyte **ppRetDerCert,
1076  ubyte4 *pRetDerCertLength,
1077  void** ppRetHint);
1078 
1108 MOC_EXTERN MSTATUS CERT_STORE_findIdentityByTypeNext(const certStorePtr pCertStore,
1109  enum authTypes authType,
1110  enum identityTypes identityType,
1111  const struct AsymmetricKey** ppRetIdentityKey,
1112  const ubyte **ppRetDerCert,
1113  ubyte4 *pRetDerCertLength,
1114  void** ppRetHint);
1115 
1160 MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainFirstEx(const certStorePtr pCertStore,
1161  ubyte4 pubKeyType,
1162  ubyte2 keyUsage,
1163  ubyte4 supportedAlgoFlags,
1164  const struct AsymmetricKey** ppRetIdentityKey,
1165  const struct SizedBuffer** ppRetCertificates,
1166  ubyte4 *pRetNumberCertificate,
1167  void** ppRetHint);
1168 
1199 MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainNextEx(const certStorePtr pCertStore,
1200  ubyte4 pubKeyType,
1201  ubyte2 keyUsage,
1202  ubyte4 supportedKeyTypeAndAlgoFlags,
1203  const struct AsymmetricKey** ppRetIdentityKey,
1204  const struct SizedBuffer** ppRetCertificates,
1205  ubyte4 *pRetNumberCertificate,
1206  void** ppRetHint);
1207 
1208 
1209 
1261 MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainFirstFromList(
1262  const certStorePtr pCertStore,
1263  ubyte4 pubKeyType,
1264  ubyte2 keyUsage,
1265  ubyte4 *pSupportedCertKeyIds,
1266  ubyte4 supportedCertKeyIdsLen,
1267  ubyte4 *pSupportedSignAlgoIds,
1268  ubyte4 supportedSignAlgoIdsLen,
1269  const struct AsymmetricKey** ppRetIdentityKey,
1270  const struct SizedBuffer** ppRetCertificates,
1271  ubyte4 *pRetNumberCertificate,
1272  void** ppRetHint);
1273 
1274 
1312 MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainNextFromList(
1313  const certStorePtr pCertStore,
1314  ubyte4 pubKeyType,
1315  ubyte2 keyUsage,
1316  ubyte4 *pSupportedCertKeyIds,
1317  ubyte4 supportedCertKeyIdsLen,
1318  ubyte4 *pSupportedSignAlgoIds,
1319  ubyte4 supportedSignAlgoIdsLen,
1320  const struct AsymmetricKey** ppRetIdentityKey,
1321  const struct SizedBuffer** ppRetCertificates,
1322  ubyte4 *pRetNumberCertificate,
1323  void** ppRetHint);
1324 
1350 MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainFirst(const certStorePtr pCertStore,
1351  ubyte4 pubKeyType,
1352  ubyte4 supportedAlgoFlags,
1353  const struct AsymmetricKey** ppRetIdentityKey,
1354  const struct SizedBuffer** ppRetCertificates,
1355  ubyte4 *pRetNumberCertificate,
1356  void** ppRetHint);
1357 
1383 MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainNext(const certStorePtr pCertStore,
1384  ubyte4 pubKeyType,
1385  ubyte4 supportedKeyTypeAndAlgoFlags,
1386  const struct AsymmetricKey** ppRetIdentityKey,
1387  const struct SizedBuffer** ppRetCertificates,
1388  ubyte4 *pRetNumberCertificate,
1389  void** ppRetHint);
1390 
1394 /* traverse/find a psk */
1395 MOC_EXTERN MSTATUS CERT_STORE_traversePskListHead(const certStorePtr pCertStore,
1396  ubyte **ppRetPskIdentity,
1397  ubyte4 *pRetPskIdentityLength,
1398  ubyte **ppRetPskHint,
1399  ubyte4 *pRetPskHintLength,
1400  ubyte **ppRetPskSecret,
1401  ubyte4 *pRetPskSecretLength,
1402  void** ppRetHint);
1403 MOC_EXTERN MSTATUS CERT_STORE_traversePskListNext(const certStorePtr pCertStore,
1404  ubyte **ppRetPskIdentity,
1405  ubyte4 *pRetPskIdentityLength,
1406  ubyte **ppRetPskHint,
1407  ubyte4 *pRetPskHintLength,
1408  ubyte **ppRetPskSecret,
1409  ubyte4 *pRetPskSecretLength,
1410  void** ppRetHint);
1411 MOC_EXTERN MSTATUS CERT_STORE_findPskByIdentity(const certStorePtr pCertStore,
1412  ubyte *pPskIdentity,
1413  ubyte4 pskIdentityLength,
1414  ubyte **ppRetPskSecret,
1415  ubyte4 *pRetPskSecretLength);
1420 /* find a certificate and possibly key by issuer/serial number */
1448 MOC_EXTERN MSTATUS
1449 CERT_STORE_findCertificateByIssuerSerialNumber(const certStorePtr pCertStore,
1450  const ubyte* pIssuer,
1451  ubyte4 issuerLength,
1452  const ubyte* serialNumber,
1453  ubyte4 serialNumberLength,
1454  const ubyte** ppRetDerCert,
1455  ubyte4* ppRetDerCertLength,
1456  const struct AsymmetricKey** pRetPrivateKey);
1457 
1458 #if defined(__ENABLE_MOCANA_MINIMAL_CA__)
1459 
1467 MOC_EXTERN MSTATUS
1468 CERT_STORE_createIssuerStore(sbyte *pDirPath, certStoreIssuerPtr *pStore);
1469 
1477 MOC_EXTERN MSTATUS
1478 CERT_STORE_releaseIssuerStore(certStoreIssuerPtr *pStore);
1479 
1487 MOC_EXTERN MSTATUS
1488 CERT_STORE_traverseChildCertsByFile(
1489  certStoreIssuerPtr pStore, void **ppCookie, ubyte4 *pIndex, sbyte **ppFile);
1490 
1491 #endif /* __ENABLE_MOCANA_MINIMAL_CA__ */
1492 
1493 #ifdef __cplusplus
1494 }
1495 #endif
1496 
1497 #endif /* __CERT_STORE_HEADER__ */
1498 
CERT_STORE_addIdentityWithCertificateChainExtData
MOC_EXTERN MSTATUS CERT_STORE_addIdentityWithCertificateChainExtData(certStorePtr pCertStore, struct SizedBuffer *certificates, ubyte4 numCertificate, const ubyte *pKeyBlob, ubyte4 keyBlobLength, ExtendedDataCallback extDataFunc, sbyte4 extDataIdentifier)
This is the same as CERT_STORE_addIdentityWithCertificateChain, except the caller also supplies a cal...
CERT_STORE_findIdentityByAlias
MOC_EXTERN MSTATUS CERT_STORE_findIdentityByAlias(certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct AsymmetricKey **ppReturnIdentityKey, ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength)
Find the identity in the cert store associated with the given "alias".
CERT_STORE_findIdentityCertChainNext
MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainNext(const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte4 supportedKeyTypeAndAlgoFlags, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint)
Continue the search for an identity from the hint provided.
CERT_STORE_addTrustPoint
MOC_EXTERN MSTATUS CERT_STORE_addTrustPoint(certStorePtr pCertStore, const ubyte *pDerTrustPoint, ubyte4 derTrustPointLength)
Add a trust point to a Digicert SoT Platform certificate store.
CERT_STORE_findIdentityCertChainFirst
MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainFirst(const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte4 supportedAlgoFlags, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint)
Retrieve the first identity stored for the specified key type and supported algorithm.
CERT_STORE_addIdentityNakedKeyEx
MOC_EXTERN MSTATUS CERT_STORE_addIdentityNakedKeyEx(certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, ubyte *pKeyBlob, ubyte4 keyBlobLength)
This is the same as CERT_STORE_addIdentityNakedKey, except the caller also supplies an "alias"...
CERT_STORE_addIdentityWithCertificateChain
MOC_EXTERN MSTATUS CERT_STORE_addIdentityWithCertificateChain(certStorePtr pCertStore, struct SizedBuffer *certificates, ubyte4 numCertificate, const ubyte *pKeyBlob, ubyte4 keyBlobLength)
This is the same as CERT_STORE_addIdentity except the caller can specify multiple certificates...
CERT_STORE_findTrustPointBySubjectNext
MOC_EXTERN MSTATUS CERT_STORE_findTrustPointBySubjectNext(const void **iterator, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength)
This function continues a search for a certificate based on the iterator.
CERT_STORE_findTrustPointBySubjectFirst
MOC_EXTERN MSTATUS CERT_STORE_findTrustPointBySubjectFirst(const certStorePtr pCertStore, const ubyte *subject, ubyte4 subjectLength, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength, const void **iterator)
Find a trusted certificate by subject.
CERT_STORE_addIdentityNakedKey
MOC_EXTERN MSTATUS CERT_STORE_addIdentityNakedKey(certStorePtr pCertStore, const ubyte *pKeyBlob, ubyte4 keyBlobLength)
This API adds a key blob to the certificate store.
CERT_STORE_findTrustPointBySubject
MOC_EXTERN MSTATUS CERT_STORE_findTrustPointBySubject(MOC_ASYM(hwAccelDescr hwAccelCtx) const certStorePtr pCertStore, const ubyte *subject, ubyte4 subjectLength, const void *cbArg, CERT_STORE_MatchFun cb, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength)
Find a trusted certificate by subject and user defined callback.
CERT_STORE_addIdentityWithCertificateChainEx
MOC_EXTERN MSTATUS CERT_STORE_addIdentityWithCertificateChainEx(certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct SizedBuffer *certificates, ubyte4 numCertificate, const ubyte *pKeyBlob, ubyte4 keyBlobLength)
This is the same as CERT_STORE_addIdentityWithCertificateChain, except the caller also supplies an "a...
identityTypes
identityTypes
The certificate store has two types of identities.
Definition: cert_store.h:218
CERT_STORE_findCertificateByIssuerSerialNumber
MOC_EXTERN MSTATUS CERT_STORE_findCertificateByIssuerSerialNumber(const certStorePtr pCertStore, const ubyte *pIssuer, ubyte4 issuerLength, const ubyte *serialNumber, ubyte4 serialNumberLength, const ubyte **ppRetDerCert, ubyte4 *ppRetDerCertLength, const struct AsymmetricKey **pRetPrivateKey)
Retrieve the certificate and associated private key if available.
CERT_STORE_findIdentityByAliasAndAlgo
MOC_EXTERN MSTATUS CERT_STORE_findIdentityByAliasAndAlgo(certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 *pSupportedCertKeyAlgos, ubyte4 supportedCertKeyAlgosLen, ubyte4 *pSupportedSignAlgos, ubyte4 supportedSignAlgosLen, ubyte *pAlias, ubyte4 aliasLen, struct AsymmetricKey **ppReturnIdentityKey, struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumCertificates, void **ppRetHint)
Find the identity in the cert store associated with the given "alias" and verify it satisfies a given...
CERT_STORE_findIdentityByTypeFirst
MOC_EXTERN MSTATUS CERT_STORE_findIdentityByTypeFirst(const certStorePtr pCertStore, enum authTypes authType, enum identityTypes identityType, const struct AsymmetricKey **ppRetIdentityKey, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength, void **ppRetHint)
Retrieve the first identity stored for the specified auth type and identity type. ...
CERT_STORE_addIdentityPSK
MOC_EXTERN MSTATUS CERT_STORE_addIdentityPSK(certStorePtr pCertStore, const ubyte *pPskIdentity, ubyte4 pskIdentityLength, const ubyte *pPskHint, ubyte4 pskHintLength, const ubyte *pPskSecret, ubyte4 pskSecretLength)
Add a PSK to the certificate store.
CERT_STORE_addIdentityWithCertificateChainExtDataEx
MOC_EXTERN MSTATUS CERT_STORE_addIdentityWithCertificateChainExtDataEx(certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, struct SizedBuffer *certificates, ubyte4 numCertificate, const ubyte *pKeyBlob, ubyte4 keyBlobLength, ExtendedDataCallback extDataFunc, sbyte4 extDataIdentifier)
This is the same as CERT_STORE_addIdentityWithCertificateChain, except the caller also supplies a cal...
CERT_STORE_addIdentity
MOC_EXTERN MSTATUS CERT_STORE_addIdentity(certStorePtr pCertStore, const ubyte *pDerCert, ubyte4 derCertLength, const ubyte *pKeyBlob, ubyte4 keyBlobLength)
Load a certificate and key pair into the certificate store.
authTypes
authTypes
The certificate store places identities into algorithm indexes.
Definition: cert_store.h:199
CERT_STORE_releaseStore
MOC_EXTERN MSTATUS CERT_STORE_releaseStore(certStorePtr *ppReleaseStore)
Delete a certificate store object.
CERT_STORE_findIdentityCertChainNextEx
MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainNextEx(const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 supportedKeyTypeAndAlgoFlags, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint)
Continue the search for an identity from the hint provided.
CERT_STORE_findIdentityCertChainFirstFromList
MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainFirstFromList(const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 *pSupportedCertKeyIds, ubyte4 supportedCertKeyIdsLen, ubyte4 *pSupportedSignAlgoIds, ubyte4 supportedSignAlgoIdsLen, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint)
Retrieve the first identity stored for the specified key type and supported algorithms.
CERT_STORE_findIdentityByTypeNext
MOC_EXTERN MSTATUS CERT_STORE_findIdentityByTypeNext(const certStorePtr pCertStore, enum authTypes authType, enum identityTypes identityType, const struct AsymmetricKey **ppRetIdentityKey, const ubyte **ppRetDerCert, ubyte4 *pRetDerCertLength, void **ppRetHint)
This function continues the search for a hint.
CERT_STORE_findIdentityCertChainNextFromList
MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainNextFromList(const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 *pSupportedCertKeyIds, ubyte4 supportedCertKeyIdsLen, ubyte4 *pSupportedSignAlgoIds, ubyte4 supportedSignAlgoIdsLen, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint)
Continue the search for an identity from the hint provided.
CERT_STORE_addIdentityEx
MOC_EXTERN MSTATUS CERT_STORE_addIdentityEx(certStorePtr pCertStore, ubyte *pAlias, ubyte4 aliasLen, ubyte *pDerCert, ubyte4 derCertLength, ubyte *pKeyBlob, ubyte4 keyBlobLength)
This is the same as CERT_STORE_addIdentity except the caller also supplies an "alias".
CERT_STORE_findIdentityCertChainFirstEx
MOC_EXTERN MSTATUS CERT_STORE_findIdentityCertChainFirstEx(const certStorePtr pCertStore, ubyte4 pubKeyType, ubyte2 keyUsage, ubyte4 supportedAlgoFlags, const struct AsymmetricKey **ppRetIdentityKey, const struct SizedBuffer **ppRetCertificates, ubyte4 *pRetNumberCertificate, void **ppRetHint)
Retrieve the first identity stored for the specified key type and supported algorithm.
CERT_STORE_createStore
MOC_EXTERN MSTATUS CERT_STORE_createStore(certStorePtr *ppNewStore)
Create a certificate store object.
CERT_STORE_MatchFun
MSTATUS(* CERT_STORE_MatchFun)(MOC_ASYM(hwAccelDescr hwAccelCtx) const void *arg, const ubyte *testCert, ubyte4 testCertLen)
Certificate store callback.
Definition: cert_store.h:776