|
| enum | {
akt_undefined = 0,
akt_rsa = 1,
akt_ecc = 2,
akt_dsa = 3,
akt_dh = 4,
akt_rsa_pss = 5,
akt_custom = 101,
akt_moc = 102,
akt_ecc_ed = 112,
akt_hybrid = 113,
akt_qs = 114,
akt_tap_rsa = 0x00020001,
akt_tap_ecc = 0x00020002,
akt_hsm_rsa = 0x00010001,
akt_hsm_ecc = 0x00010002
} |
| |
| enum | {
cid_EC_P192 = 1,
cid_EC_P256 = 7,
cid_EC_P224 = 33,
cid_EC_P384 = 34,
cid_EC_P521 = 35,
cid_EC_X25519 = 110,
cid_EC_X448 = 111,
cid_EC_Ed25519 = 112,
cid_EC_Ed448 = 113
} |
| |
| enum | {
cid_QS_SIG_DILITHIUM_2 = 0x04,
cid_QS_SIG_DILITHIUM_3 = 0x05,
cid_QS_SIG_DILITHIUM_4 = 0x06,
cid_QS_SIG_DILITHIUM_5 = 0x07,
cid_QS_SIG_FALCON_512 = 0x10,
cid_QS_SIG_FALCON_1024 = 0x11,
cid_QS_SIG_SPHINCS_PLUS_SHA2_128S = 0x50,
cid_QS_SIG_SPHINCS_PLUS_SHA2_128F = 0x51,
cid_QS_SIG_SPHINCS_PLUS_SHAKE_128S = 0x52,
cid_QS_SIG_SPHINCS_PLUS_SHAKE_128F = 0x53,
cid_QS_SIG_SPHINCS_PLUS_SHA2_192S = 0x54,
cid_QS_SIG_SPHINCS_PLUS_SHA2_192F = 0x55,
cid_QS_SIG_SPHINCS_PLUS_SHAKE_192S = 0x56,
cid_QS_SIG_SPHINCS_PLUS_SHAKE_192F = 0x57,
cid_QS_SIG_SPHINCS_PLUS_SHA2_256S = 0x58,
cid_QS_SIG_SPHINCS_PLUS_SHA2_256F = 0x59,
cid_QS_SIG_SPHINCS_PLUS_SHAKE_256S = 0x5a,
cid_QS_SIG_SPHINCS_PLUS_SHAKE_256F = 0x5b,
cid_QS_SIG_RAINBOW_IA_CLASSIC = 0x20,
cid_QS_SIG_RAINBOW_IA_CYCLIC = 0x21,
cid_QS_SIG_RAINBOW_IA_CYCLIC_COMPRESSED = 0x22,
cid_QS_SIG_RAINBOW_IIIC_CLASSIC = 0x23,
cid_QS_SIG_RAINBOW_IIIC_CYCLIC = 0x24,
cid_QS_SIG_RAINBOW_IIIC_CYCLIC_COMPRESSED = 0x25,
cid_QS_SIG_RAINBOW_VC_CLASSIC = 0x26,
cid_QS_SIG_RAINBOW_VC_CYCLIC = 0x27,
cid_QS_SIG_RAINBOW_VC_CYCLIC_COMPRESSED = 0x28,
cid_QS_SIG_QTESLA_P_I = 0x30,
cid_QS_SIG_MQDSS_31_48 = 0x40,
cid_QS_KEM_MCELIECE_348864 = 0x100,
cid_QS_KEM_MCELIECE_348864F = 0x101,
cid_QS_KEM_MCELIECE_460896 = 0x102,
cid_QS_KEM_MCELIECE_460896F = 0x103,
cid_QS_KEM_MCELIECE_6688128 = 0x104,
cid_QS_KEM_MCELIECE_6688128F = 0x105,
cid_QS_KEM_MCELIECE_6960119 = 0x106,
cid_QS_KEM_MCELIECE_6960119F = 0x107,
cid_QS_KEM_MCELIECE_8192128 = 0x108,
cid_QS_KEM_MCELIECE_8192128F = 0x109,
cid_QS_KEM_KYBER_512 = 0x110,
cid_QS_KEM_KYBER_768 = 0x111,
cid_QS_KEM_KYBER_1024 = 0x112,
cid_QS_KEM_KYBER_512_90S = 0x113,
cid_QS_KEM_KYBER_768_90S = 0x114,
cid_QS_KEM_KYBER_1024_90S = 0x115,
cid_QS_KEM_NTRU_HPS_2048_509 = 0x120,
cid_QS_KEM_NTRU_HPS_2048_677 = 0x121,
cid_QS_KEM_NTRU_HPS_4096_821 = 0x122,
cid_QS_KEM_NTRU_HRSS_701 = 0x123,
cid_QS_KEM_LIGHTSABER = 0x130,
cid_QS_KEM_SABER = 0x131,
cid_QS_KEM_FIRESABER = 0x132,
cid_QS_KEM_FRODOKEM_640_AES = 0x140,
cid_QS_KEM_NEWHOPE_512CCA = 0x150,
cid_QS_KEM_SIKE_P434 = 0x160,
cid_QS_KEM_SIDH_P434 = 0x170
} |
| |
| enum | {
SubjectAltName_otherName,
SubjectAltName_rfc822Name,
SubjectAltName_dNSName,
SubjectAltName_x400Address,
SubjectAltName_directoryName,
SubjectAltName_ediPartyName,
SubjectAltName_uniformResourceIdentifier,
SubjectAltName_iPAddress,
SubjectAltName_registeredID
} |
| |
| enum | { kp_undefined = 0,
kp_size = 1,
kp_blob = 2,
kp_key = 3
} |
| |
| enum | matchFlag { matchFlagSuffix = 0x01,
noWildcardMatch = 0x02,
matchFlagNoWildcard = 0x02,
matchFlagDotSuffix = 0x04
} |
| |
|
| MOC_EXTERN sbyte4 | CA_MGMT_allocCertDistinguishedName (certDistinguishedName **ppNewCertDistName) |
| | Allocate and initialize a pCertificateDesc structure. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_convertIpAddress (ubyte *pIpString, ubyte *pIpBytes, ubyte4 *pIpLen) |
| | Converts an IP address represented by a string (v4 or v6) to raw bytes. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_convertKeyBlobToPKCS8Key (const ubyte *pKeyBlob, ubyte4 keyBlobLength, enum PKCS8EncryptionType encType, const ubyte *pPassword, ubyte4 passwordLen, ubyte **ppRetPKCS8DER, ubyte4 *pRetPkcs8DERLen) |
| | Encapsulate a Digicert SoT Platform keyblob in a protected PKCS #8 DER-encoded buffer. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_convertKeyDER (ubyte *pDerRsaKey, ubyte4 derRsaKeyLength, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| | This is an old function. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_convertKeyPEM (ubyte *pPemRsaKey, ubyte4 pemRsaKeyLength, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| | This is an old function. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_convertPKCS8KeyToKeyBlob (const ubyte *pPKCS8DER, ubyte4 pkcs8DERLen, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| | Convert unprotected RSA private key to a Digicert SoT Platform private RSA keyblob. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_convertProtectedPKCS8KeyToKeyBlob (const ubyte *pPKCS8DER, ubyte4 pkcs8DERLen, ubyte *pPassword, ubyte4 passwordLen, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| | Extract a protected RSA private key from a PKCS #8 DER- encoded buffer, converting it into a Digicert SoT Platform unprotected private RSA key blob. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_convertRSAPublicKeyInfoDER (ubyte *pDerRsaKey, ubyte4 derRsaKeyLength, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLength) |
| | Convert the DER encoding of an RSA public key in PublicKeyInfo format into a Digicert key blob. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_decodeCertificate (ubyte *pKeyFile, ubyte4 fileSize, ubyte **ppDecodeFile, ubyte4 *pDecodedLength) |
| | Convert PEM-encoded certificate to DER-encoded certificate. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_enumAltName (ubyte *pCertificate, ubyte4 certificateLength, sbyte4 isSubject, CA_MGMT_EnumItemCBFun callbackFunc, void *userArg) |
| | Enumerate the subject/issuer alternative names in a DER-encoded X.509 certificate, and invoke the given callback function for each alternative name. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_enumCrl (ubyte *pCertificate, ubyte4 certificateLength, CA_MGMT_EnumItemCBFun callbackFunc, void *userArg) |
| | Enumerate the CRLs (certificate revocation lists) in a certificate, and invoke the given callback function for each CRL. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_extractBasicConstraint (ubyte *pCertificate, ubyte4 certificateLen, intBoolean *pIsCritical, certExtensions *pCertExtensions) |
| | Get the BasicConstraints extension out of a cert. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_extractCertASN1Name (const ubyte *pCertificate, ubyte4 certificateLength, sbyte4 isSubject, sbyte4 includeASN1SeqHeader, ubyte4 *pASN1NameOffset, ubyte4 *pASN1NameLen) |
| | Get an X.509 certificate's subject or issuer DER-encoded ASN.1 name. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_extractCertDistinguishedName (ubyte *pCertificate, ubyte4 certificateLength, sbyte4 isSubject, certDistinguishedName *pRetDN) |
| | Get a DER-encoded X.509 certificate's subject or issuer (as specified by the isSubject parameter) distinguished name. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_extractCertTimes (ubyte *pCertificate, ubyte4 certificateLength, certDistinguishedName *pRetDN) |
| | Get a DER-encoded X.509 certificate's start and expiration times and dates. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_extractKeyBlobEx (const ubyte *pKeyBlob, ubyte4 keyBlobLength, AsymmetricKey *pKey) |
| | This is an old function. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_extractKeyBlobTypeEx (const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte4 *pRetKeyType) |
| | This is an old function. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_extractPublicKey (const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte **ppRetPublicKeyBlob, ubyte4 *pRetPublicKeyBlobLength, ubyte4 *pRetKeyType) |
| | This is an old function. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_extractPublicKeyInfo (ubyte *pCertificate, ubyte4 certificateLen, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLen) |
| | Gets the public key from a certificate. More...
|
| |
|
MOC_EXTERN sbyte4 | CA_MGMT_extractSerialNum (ubyte *pCertificate, ubyte4 certificateLength, ubyte **ppRetSerialNum, ubyte4 *pRetSerialNumLength) |
| |
| MOC_EXTERN sbyte4 | CA_MGMT_extractSignature (ubyte *pCertificate, ubyte4 certificateLen, ubyte **ppSignature, ubyte4 *pSignatureLen) |
| | Gets the signature out of a cert. More...
|
| |
|
MOC_EXTERN sbyte4 | CA_MGMT_findCertDistinguishedName (ubyte *pCertificate, ubyte4 certificateLength, intBoolean isSubject, ubyte **ppRetDistinguishedName, ubyte4 *pRetDistinguishedNameLen) |
| |
| MOC_EXTERN sbyte4 | CA_MGMT_freeCertDistinguishedName (certDistinguishedName **ppFreeCertDistName) |
| | Free certDistinguishedName structure's memory. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_freeCertificate (certDescriptor *pRetCertificateDescr) |
| | Free memory allocated by CA_MGMT_generateCertificate(). More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_freeNakedKey (ubyte **ppFreeKeyBlob) |
| | Free (release) a naked key blob's memory. More...
|
| |
|
MOC_EXTERN sbyte4 | CA_MGMT_freeSearchDetails (ubyte **ppFreeData) |
| |
|
MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateEx (certDescriptor *pRetCertificate, ubyte4 keySize, const certDistinguishedName *pCertInfo, ubyte signAlgorithm, const certExtensions *pExtensions, const certDescriptor *pParentCertificate) |
| |
|
MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateEx2 (certDescriptor *pRetCertificate, struct AsymmetricKey *key, const certDistinguishedName *pCertInfo, ubyte signAlgorithm) |
| |
| MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateExType (certDescriptor *pRetCertificate, ubyte4 keyType, ubyte4 keySize, const certDistinguishedName *pCertInfo, ubyte signAlgorithm, const certExtensions *pExtensions, const certDescriptor *pParentCertificate) |
| | Generate a signed X.509 certificate and public/private key pair. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateHybrid (certDescriptor *pRetCertificate, ubyte4 curve, ubyte4 qsAlg, const certDistinguishedName *pCertInfo, const certExtensions *pExtensions, const certDescriptor *pParentCertificate) |
| | Generates a signed X.509 certificate and private/public key pair for a hybrid authentication algorithm. More...
|
| |
|
MOC_EXTERN sbyte4 | CA_MGMT_generateCertificateWithProperties (certDescriptor *pRetCertificate, const certDistinguishedName *forName, const CertProperties *properties) |
| |
| MOC_EXTERN sbyte4 | CA_MGMT_generateNakedHybridKey (ubyte4 keyType, ubyte4 legacyKeyType, ubyte4 legacyKeySize, ubyte4 qsAlgoId, ubyte **ppRetNewKeyBlob, ubyte4 *pRetNewKeyBlobLength) |
| | Generate a naked key. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_generateNakedKey (ubyte4 keyType, ubyte4 keySize, ubyte **ppRetNewKeyBlob, ubyte4 *pRetNewKeyBlobLength) |
| | Generate a naked key. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_getCertSignAlgoType (ubyte *pCertificate, ubyte4 certificateLen, ubyte4 *pHashType, ubyte4 *pPubKeyType) |
| | Gets the hash type and public key type out of a cert. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_keyBlobToDER (const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte **ppRetKeyDER, ubyte4 *pRetKeyDERLength) |
| | This is an old function. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_keyBlobToPEM (const ubyte *pKeyBlob, ubyte4 keyBlobLength, ubyte **ppRetKeyPEM, ubyte4 *pRetKeyPEMLength) |
| | This is an old function. More...
|
| |
| MOC_EXTERN MSTATUS | CA_MGMT_makeKeyBlobEx (const AsymmetricKey *pKey, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyLength) |
| | This is an old function. More...
|
| |
|
MOC_EXTERN sbyte4 | CA_MGMT_makeSubjectAltNameExtension (extensions *pExtension, const SubjectAltNameAttr *nameAttrs, sbyte4 numNameAttrs) |
| |
| MOC_EXTERN MSTATUS | CA_MGMT_publicKeyBlobToDER (const ubyte *pPublicKeyBlob, ubyte4 publicKeyBlobLength, ubyte **ppRetKeyDER, ubyte4 *pRetKeyDERLength) |
| | This is an old function. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_returnCertificatePrints (ubyte *pCertificate, ubyte4 certLength, ubyte *pShaFingerPrint, ubyte *pMD5FingerPrint) |
| | Generate an X.509 certificate's SHA-1 and MD5 fingerprints. More...
|
| |
|
MOC_EXTERN MSTATUS | CA_MGMT_tpm12RsaKeyBlobToDer (ubyte *pKeyBlob, ubyte4 keyBlobLen, struct vlong *pModulus, struct vlong *pPubExpo, ubyte **ppDerEncoding, ubyte4 *pDerEncodingLen) |
| |
| MOC_EXTERN MSTATUS | CA_MGMT_verifyCertDate (ubyte *pCert, ubyte4 certLen) |
| | Validate a DER-encoded X.509 certificate's start and expiration times and dates against the current time. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_verifyCertWithKeyBlob (certDescriptor *pCertificateDescr, sbyte4 *pIsGood) |
| | Verify correspondence of a certDescriptor key blob and certificate's key. More...
|
| |
| MOC_EXTERN sbyte4 | CA_MGMT_verifySignature (const ubyte *pIssuerCertBlob, ubyte4 issuerCertBlobLen, ubyte *pCertificate, ubyte4 certLen) |
| | Verifies the signature in a certificate. More...
|
| |
This header file contains structures, enumerations, and function declarations for SoT Platform certificate management functions.
- Since
- 1.41
- Version
- 5.3 and later
(new structures, new functions, etc.)
Whether the following flags are defined determines which structures and enumerations are defined:
__ENABLE_MOCANA_MULTIPLE_COMMON_NAMES__ __ENABLE_MOCANA_ECC__
Whether the following flags are defined determines which function declarations are enabled:
__ENABLE_MOCANA_EXTRACT_CERT_BLOB__ __PUBCRYPTO_HEADER__
ca_mgmt.h
