High Performance OPC UA Server SDK
1.7.1.383
|
Store certificates, CRLs and private keys in backend specific locations. More...
Data Structures | |
struct | pki_store_file |
Configuration structure of the file based PKI store. More... | |
struct | pki_store_credentials |
Credentials for accessing a PKI store. More... | |
Macros | |
#define | PKI_STORE_CRL_FIND_CA_USE_IDENTITY 0 |
Find CA certificate matching given CRL in the store. More... | |
#define | PKI_STORE_CERT_ID_SIZE CRYPTO_SHA1_LEN |
Defines the length of the certificate id. More... | |
Enumerations | |
enum | pki_store_loc { pki_store_loc_invld = 0, pki_store_loc_trstd = 1, pki_store_loc_issrs = 2, pki_store_loc_rjctd = 3, pki_store_loc_own = 4 } |
PKI Store location. More... | |
enum | pki_store_loc_mask { pki_store_loc_mask_invld = 0, pki_store_loc_mask_trstd_certs = 1, pki_store_loc_mask_trstd_crls = 2, pki_store_loc_mask_trstd_all = 3, pki_store_loc_mask_issrs_certs = 4, pki_store_loc_mask_issrs_crls = 8, pki_store_loc_mask_issrs_all = 12, pki_store_loc_mask_trustlist = 15, pki_store_loc_mask_own = 16, pki_store_loc_mask_rjctd = 32, pki_store_loc_mask_everything = 63, pki_store_loc_mask_max = INT32_MAX } |
Mask for pki_store_remove_by_mask. More... | |
Functions | |
static int | pki_store_load_sha1table (uint32_t store) |
static int | pki_store_save_sha1table (uint32_t store) |
static struct pki_store_name_table * | pki_store_get_nametable (uint32_t store) |
static int | pki_store_check_file_limit (char *full_path, uint32_t full_path_size, uint32_t store, enum pki_store_loc location, const char *type) |
int | pki_store_string_to_sha1 (const char *src, unsigned char *id) |
Convenience function to convert certificate ID from string to binary/API representation. More... | |
int | pki_store_sha1_to_string (const unsigned char *id, char *dest) |
Convenience function to convert certificate ID to string representation. More... | |
int | pki_store_init (void) |
Initialize PKI store management. More... | |
int | pki_store_clear (void) |
Clear PKI store management. More... | |
int | pki_store_open (const char *config, uint32_t store) |
Open the PKI store with the given id and settings and create directory layout if not existing. More... | |
int | pki_store_close (uint32_t store) |
Closes the store with the given id. More... | |
int | pki_store_load_cert (uint32_t store, const struct pki_store_credentials *credentials, const unsigned char *cert_sha, enum pki_store_loc location, size_t *cert_len, unsigned char **cert_data, int prio) |
Load a certificate from the store. More... | |
int | pki_store_save_cert (uint32_t store, const struct pki_store_credentials *credentials, enum pki_store_loc location, size_t cert_len, const unsigned char *cert_data, int prio) |
Save a certificate in the store. More... | |
int | pki_store_remove_cert (uint32_t store, const struct pki_store_credentials *credentials, const unsigned char *cert_sha, enum pki_store_loc location, int prio) |
Remove a certificate from the store. More... | |
int | pki_store_load_certs (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_certs, unsigned char **cert_sha, enum pki_store_loc *location, int **results, size_t **cert_len, unsigned char ***cert_data, int prio) |
Load a set of certificates from the store. More... | |
int | pki_store_save_certs (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_certs, enum pki_store_loc *location, size_t *cert_len, unsigned char **cert_data, int **results, int prio) |
Save a set of certificates in the store. More... | |
int | pki_store_remove_certs (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_certs, unsigned char **cert_sha, enum pki_store_loc *location, int **results, int prio) |
Remove a set of certificates from the store. More... | |
int | pki_store_list_certs (uint32_t store, const struct pki_store_credentials *credentials, enum pki_store_loc location, unsigned int *num_cert_shas, unsigned char **cert_shas, int prio) |
Retrieve a list of all certificates in a particular location in the store. More... | |
int | pki_store_load_crl (uint32_t store, const struct pki_store_credentials *credentials, const unsigned char *cert_sha, enum pki_store_loc location, size_t *crl_len, unsigned char **crl_data, int prio) |
Load a CRL from the store. More... | |
static int | pki_store_crl_find_ca (uint32_t store, const struct pki_store_credentials *credentials, enum pki_store_loc location, size_t crl_len, const unsigned char *crl_data, unsigned char *cert_sha) |
int | pki_store_save_crl (uint32_t store, const struct pki_store_credentials *credentials, const unsigned char *cert_sha, enum pki_store_loc location, size_t crl_len, const unsigned char *crl_data, int prio) |
Save a CRL in the store. More... | |
int | pki_store_remove_crl (uint32_t store, const struct pki_store_credentials *credentials, const unsigned char *cert_sha, enum pki_store_loc location, int prio) |
Remove a CRL form the store. More... | |
int | pki_store_load_crls (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_crls, unsigned char **cert_sha, enum pki_store_loc *location, int **results, size_t **crl_len, unsigned char ***crl_data, int prio) |
Load a set of CRLs from the store. More... | |
int | pki_store_save_crls (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_crls, unsigned char **cert_sha, enum pki_store_loc *location, size_t *crl_len, unsigned char **crl_data, int **results, int prio) |
Save a set of certificates in the store. More... | |
int | pki_store_remove_crls (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_crls, unsigned char **cert_sha, enum pki_store_loc *location, int **results, int prio) |
Remove a set of CRLs from the store. More... | |
int | pki_store_list_crls (uint32_t store, const struct pki_store_credentials *credentials, enum pki_store_loc location, unsigned int *num_cert_shas, unsigned char **cert_shas, int prio) |
Retrieve a list of all CRLs in a particular location in the store. More... | |
static int | pki_store_rename_key (uint32_t store, const char *old_sha, const char *new_sha) |
int | pki_store_load_key (uint32_t store, const struct pki_store_credentials *credentials, const unsigned char *cert_sha, struct crypto_key *key, int prio) |
Load a key from the store. More... | |
int | pki_store_save_key (uint32_t store, const struct pki_store_credentials *credentials, const unsigned char *cert_sha, size_t key_len, const unsigned char *key_data, int prio) |
Save a key in the store. More... | |
int | pki_store_remove_key (uint32_t store, const struct pki_store_credentials *credentials, unsigned char *cert_sha, int prio) |
Remove a key from the store. More... | |
int | pki_store_load_keys (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_keys, unsigned char **cert_sha, int **results, struct crypto_key **key, int prio) |
Load a set of keys from the store. More... | |
int | pki_store_save_keys (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_keys, unsigned char **cert_sha, size_t *key_len, unsigned char **key_data, int **results, int prio) |
Save a set of keys in the store. More... | |
int | pki_store_remove_keys (uint32_t store, const struct pki_store_credentials *credentials, unsigned int num_keys, unsigned char **cert_sha, int **results, int prio) |
Remove a set of keys from the store. More... | |
int | pki_store_list_keys (uint32_t store, const struct pki_store_credentials *credentials, unsigned int *num_cert_shas, unsigned char **cert_shas, int prio) |
Retrieve a list of all keys in the store. More... | |
static int | pki_store_mask_trusted_issuers (uint32_t num_trusted, size_t *trusted_lengths, unsigned char **trusted_datas, uint32_t *num_issuers, size_t *issuer_lengths, unsigned char **issuer_datas) |
Mask all issuer certificates which are trusted as well. More... | |
int | pki_store_verify_cert (uint32_t store, size_t cert_len, unsigned char *cert_data, uint32_t verification_flags, uint32_t num_issuers, size_t *issuer_lengths, unsigned char **issuer_datas, bool *cert_ok, unsigned int *num_results, struct pki_cert_verification_result **results, int prio) |
Verify a certificate in the context of the PKI store with the given ID. More... | |
int | pki_store_remove_by_mask (uint32_t store, const struct pki_store_credentials *credentials, enum pki_store_loc_mask mask, int prio) |
Remove all elements from store location indicated by mask. More... | |
int | pki_store_clone_trustlist (uint32_t store, const struct pki_store_credentials *credentials, enum pki_store_loc_mask mask, unsigned int num_trstd_certs, struct ua_bytestring *trstd_certs, unsigned int num_trstd_crls, struct ua_bytestring *trstd_crls, unsigned int num_issrs_certs, struct ua_bytestring *issrs_certs, unsigned int num_issrs_crls, struct ua_bytestring *issrs_crls, int prio) |
Clear/Store trusted and issuer elements according to parameters. More... | |
static int | pki_store_load_trustlist_elements (uint32_t store, const struct pki_store_credentials *credentials, enum pki_store_loc_mask mask, unsigned int *num_elements, struct ua_bytestring **elements, int prio) |
int | pki_store_load_trustlist (uint32_t store, const struct pki_store_credentials *credentials, enum pki_store_loc_mask mask, unsigned int *num_trstd_certs, struct ua_bytestring **trstd_certs, unsigned int *num_trstd_crls, struct ua_bytestring **trstd_crls, unsigned int *num_issrs_certs, struct ua_bytestring **issrs_certs, unsigned int *num_issrs_crls, struct ua_bytestring **issrs_crls, int prio) |
Clear/Store trusted and issuer elements according to parameters. More... | |
int | pki_store_load_rejected_list (uint32_t store, const struct pki_store_credentials *credentials, unsigned int *num_rjctd_certs, struct ua_bytestring **rjctd_certs, int prio) |
Retrieves the list of rejected certificates. More... | |
static int | pki_store_compute_sha1 (const unsigned char *data, size_t data_len, char *sha1, size_t sha1_len) |
int | pki_store_load_own_cert (uint32_t store, const struct pki_store_credentials *credentials, const char *name, size_t *cert_len, unsigned char **cert_data, int prio) |
Loads the "own" certificate by name. More... | |
int | pki_store_save_own_cert (uint32_t store, const struct pki_store_credentials *credentials, const char *name, size_t cert_len, const unsigned char *cert_data, int prio) |
Save the own certificate by name. More... | |
int | pki_store_load_own_key (uint32_t store, const struct pki_store_credentials *credentials, const char *name, struct crypto_key *key, int prio) |
Loads the own key by name. More... | |
int | pki_store_save_own_key (uint32_t store, const struct pki_store_credentials *credentials, const char *name, size_t key_len, const unsigned char *key_data, int prio) |
Save the own key by name. More... | |
int | pki_store_remove_own_cert_and_key (uint32_t store, const struct pki_store_credentials *credentials, const char *name, int prio) |
Removes the own certificate and key by name. More... | |
static int | pki_store_make_cert_id (struct ua_bytestring *cert, unsigned char *id) |
Convenience function to create SHA1 from a ByteString for use as certificate ID. More... | |
static int | pki_store_make_cert_id_ex (const unsigned char *cert_data, size_t cert_len, unsigned char *id) |
Convenience function to create SHA1 for use as certificate ID. More... | |
Store certificates, CRLs and private keys in backend specific locations.
#define PKI_STORE_CERT_ID_SIZE CRYPTO_SHA1_LEN |
Defines the length of the certificate id.
#define PKI_STORE_CRL_FIND_CA_USE_IDENTITY 0 |
Find CA certificate matching given CRL in the store.
Expensive function, both in processing time and memory usage. Function tests all avaiable certificates. Avoid if possible.
enum pki_store_loc |
enum pki_store_loc_mask |
Mask for pki_store_remove_by_mask.
PKI_STORE_EXPORT int pki_store_clear | ( | void | ) |
Clear PKI store management.
No further PKI store calls allowed after this call.
int pki_store_clone_trustlist | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
enum pki_store_loc_mask | mask, | ||
unsigned int | num_trstd_certs, | ||
struct ua_bytestring * | trstd_certs, | ||
unsigned int | num_trstd_crls, | ||
struct ua_bytestring * | trstd_crls, | ||
unsigned int | num_issrs_certs, | ||
struct ua_bytestring * | issrs_certs, | ||
unsigned int | num_issrs_crls, | ||
struct ua_bytestring * | issrs_crls, | ||
int | prio | ||
) |
Clear/Store trusted and issuer elements according to parameters.
Helper function providing a batch operation combining several other APIs for efficiency. Masked locations will be cleared from any content. Only works for trusted and issuer store locations. Other masks will result in an error. If this function fails, the store may be in an undefined condition.
store | Identifier of the store to be used. |
credentials | Optional access credentials for this operation. |
mask | Bit field indicating element type and store location for removal. |
num_trstd_certs | Number of trusted certificates. |
trstd_certs | Array of ByteStrings containing the trusted certificates. |
num_trstd_crls | Number of trusted revocation lists. |
trstd_crls | Array of ByteStrings containing the trusted revocation lists. |
num_issrs_certs | Number of issuer certificates. |
issrs_certs | Array of ByteStrings containing the issuer certificates. |
num_issrs_crls | Number of issuer revocation lists. |
issrs_crls | Array of ByteStrings containing the issuer revocation lists. |
prio | IPC specific priority value. |
PKI_STORE_EXPORT int pki_store_close | ( | uint32_t | store | ) |
Closes the store with the given id.
store | Identifier of the store to be initialized. |
PKI_STORE_EXPORT int pki_store_init | ( | void | ) |
Initialize PKI store management.
Must be called before any other PKI store function.
int pki_store_list_certs | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
enum pki_store_loc | location, | ||
unsigned int * | num_cert_shas, | ||
unsigned char ** | cert_shas, | ||
int | prio | ||
) |
Retrieve a list of all certificates in a particular location in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
location | Store element (trusted, issuers, etc.). |
num_cert_shas | Number of CRLs in the store. |
cert_shas | num_cert_shas identifiers of objects in the store. |
prio | IPC specific priority value. |
int pki_store_list_crls | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
enum pki_store_loc | location, | ||
unsigned int * | num_cert_shas, | ||
unsigned char ** | cert_shas, | ||
int | prio | ||
) |
Retrieve a list of all CRLs in a particular location in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
location | Store element (trusted, issuers, etc.). |
num_cert_shas | Number of CRLs in the store. |
cert_shas | num_cert_shas identifiers of objects in the store. |
prio | IPC specific priority value. |
int pki_store_list_keys | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int * | num_cert_shas, | ||
unsigned char ** | cert_shas, | ||
int | prio | ||
) |
Retrieve a list of all keys in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_cert_shas | Number of keys in the store. |
cert_shas | num_cert_shas key identifiers of objects in the store. |
prio | IPC specific priority value. |
int pki_store_load_cert | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
size_t * | cert_len, | ||
unsigned char ** | cert_data, | ||
int | prio | ||
) |
Load a certificate from the store.
This function allocated memory using ipc_malloc which is return via cert_data
if the operatio returns success. This memory must be freed by the caller using ipc_free.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to load. |
location | Store element (trusted, issuers, etc.). |
cert_len | The length of the loaded element. |
cert_data | The content of the loaded element. |
prio | IPC specific priority value. |
int pki_store_load_certs | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_certs, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
int ** | results, | ||
size_t ** | cert_len, | ||
unsigned char *** | cert_data, | ||
int | prio | ||
) |
Load a set of certificates from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_certs | Number of elements to load. |
cert_sha | num_certs SHA1 ids of the elements to load. |
location | Store element (trusted, issuers, etc.). |
results | num_certs result codes. |
cert_len | num_certs element lengths; particular element may be <= 0 if sub operation failed. |
cert_data | num_certs loaded elements; particular element may be NULL if sub operation failed. |
prio | IPC specific priority value. |
int pki_store_load_crl | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
size_t * | crl_len, | ||
unsigned char ** | crl_data, | ||
int | prio | ||
) |
Load a CRL from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to load. |
location | Store element (trusted, issuers, etc.). |
crl_len | The length of the loaded element. |
crl_data | The content of the loaded element. |
prio | IPC specific priority value. |
int pki_store_load_crls | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_crls, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
int ** | results, | ||
size_t ** | crl_len, | ||
unsigned char *** | crl_data, | ||
int | prio | ||
) |
Load a set of CRLs from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_crls | Number of elements to load. |
cert_sha | num_crls SHA1 ids of the elements to load. |
location | Store element (trusted, issuers, etc.). |
results | num_crls result codes. |
crl_len | num_crls element lengths; particular element may be <= 0 if sub operation failed. |
crl_data | num_crls loaded elements; particular element may be NULL if sub operation failed. |
prio | IPC specific priority value. |
int pki_store_load_key | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const unsigned char * | cert_sha, | ||
struct crypto_key * | key, | ||
int | prio | ||
) |
Load a key from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to load. |
key | The content of the loaded element. |
prio | IPC specific priority value. |
int pki_store_load_keys | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_keys, | ||
unsigned char ** | cert_sha, | ||
int ** | results, | ||
struct crypto_key ** | key, | ||
int | prio | ||
) |
Load a set of keys from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_keys | Number of elements to load. |
cert_sha | num_keys SHA1 ids of the elements to load. |
results | num_keys result codes. |
key | num_keys loaded elements; particular element may be NULL if sub operation failed. |
prio | IPC specific priority value. |
int pki_store_load_own_cert | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const char * | name, | ||
size_t * | cert_len, | ||
unsigned char ** | cert_data, | ||
int | prio | ||
) |
Loads the "own" certificate by name.
The returned memory must be freed using ipc_free.
store | Store index. |
credentials | Optional credentials for accessing the store. |
name | The name that was used to save the certificate. |
cert_len | Length of cert_data in bytes. |
cert_data | Certificate data. |
prio | IPC priority. |
int pki_store_load_own_key | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const char * | name, | ||
struct crypto_key * | key, | ||
int | prio | ||
) |
Loads the own key by name.
store | Store index. |
credentials | Optional credentials for accessing the store. |
name | Name of the certificate. |
key | The loaded key. |
prio | IPC priority. |
int pki_store_load_rejected_list | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int * | num_rjctd_certs, | ||
struct ua_bytestring ** | rjctd_certs, | ||
int | prio | ||
) |
Retrieves the list of rejected certificates.
store | Identifier of the store to be used. |
credentials | Optional access credentials for this operation. |
num_rjctd_certs | The number of found rejected certificates. |
rjctd_certs | The array of the found certificates. |
prio | IPC specific priority value. |
int pki_store_load_trustlist | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
enum pki_store_loc_mask | mask, | ||
unsigned int * | num_trstd_certs, | ||
struct ua_bytestring ** | trstd_certs, | ||
unsigned int * | num_trstd_crls, | ||
struct ua_bytestring ** | trstd_crls, | ||
unsigned int * | num_issrs_certs, | ||
struct ua_bytestring ** | issrs_certs, | ||
unsigned int * | num_issrs_crls, | ||
struct ua_bytestring ** | issrs_crls, | ||
int | prio | ||
) |
Clear/Store trusted and issuer elements according to parameters.
Helper function providing a batch operation combining several other APIs for efficiency. Only works for trusted and issuer store locations. Other masks will result in an error.
store | Identifier of the store to be used. |
credentials | Optional access credentials for this operation. |
mask | Bit field indicating element type and store location for loading. |
num_trstd_certs | Number of trusted certificates. |
trstd_certs | Array of ByteStrings containing the trusted certificates. |
num_trstd_crls | Number of trusted revocation lists. |
trstd_crls | Array of ByteStrings containing the trusted revocation lists. |
num_issrs_certs | Number of issuer certificates. |
issrs_certs | Array of ByteStrings containing the issuer certificates. |
num_issrs_crls | Number of issuer revocation lists. |
issrs_crls | Array of ByteStrings containing the issuer revocation lists. |
prio | IPC specific priority value. |
|
inline |
Convenience function to create SHA1 from a ByteString for use as certificate ID.
cert | DER encoded certificate. |
id | Destination buffer for the SHA1 certificate id. |
|
inline |
Convenience function to create SHA1 for use as certificate ID.
cert_data | DER encoded certificate. |
cert_len | The length of cert_data. |
id | Destination buffer for the SHA1 certificate id. |
|
static |
Mask all issuer certificates which are trusted as well.
PKI_STORE_EXPORT int pki_store_open | ( | const char * | config, |
uint32_t | store | ||
) |
Open the PKI store with the given id and settings and create directory layout if not existing.
Must be called before any other operation on a store with the given id.
config | The configuration string for the store. |
store | Identifier of the store to be initialized. |
int pki_store_remove_by_mask | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
enum pki_store_loc_mask | mask, | ||
int | prio | ||
) |
Remove all elements from store location indicated by mask.
If this function fails, the store may be in an undefined condition.
store | Identifier of the store to be used. |
credentials | Optional access credentials for this operation. |
mask | Bit field indicating element type and store location for removal. |
prio | IPC specific priority value. |
int pki_store_remove_cert | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
int | prio | ||
) |
Remove a certificate from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to delete. |
location | Store element (trusted, issuers, etc.). |
prio | IPC specific priority value. |
int pki_store_remove_certs | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_certs, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
int ** | results, | ||
int | prio | ||
) |
Remove a set of certificates from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_certs | Number of elements to delete. |
cert_sha | num_certs SHA1 ids of the elements to delete. |
location | Store element (trusted, issuers, etc.). |
results | num_certs result codes. |
prio | IPC specific priority value. |
int pki_store_remove_crl | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
int | prio | ||
) |
Remove a CRL form the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to delete. |
location | Store element (trusted, issuers, etc.). |
prio | IPC specific priority value. |
int pki_store_remove_crls | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_crls, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
int ** | results, | ||
int | prio | ||
) |
Remove a set of CRLs from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_crls | Number of elements to delete. |
cert_sha | num_crls SHA1 ids of the elements to delete. |
location | Store element (trusted, issuers, etc.). |
results | num_crls result codes. |
prio | IPC specific priority value. |
int pki_store_remove_key | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned char * | cert_sha, | ||
int | prio | ||
) |
Remove a key from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to delete. |
prio | IPC specific priority value. |
int pki_store_remove_keys | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_keys, | ||
unsigned char ** | cert_sha, | ||
int ** | results, | ||
int | prio | ||
) |
Remove a set of keys from the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_keys | Number of elements to delete. |
cert_sha | num_keys SHA1 ids of the elements to load. |
results | num_keys result codes. |
prio | IPC specific priority value. |
int pki_store_remove_own_cert_and_key | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const char * | name, | ||
int | prio | ||
) |
Removes the own certificate and key by name.
store | Store index. |
credentials | Optional credentials for accessing the store. |
name | Name of the certificate/key. |
prio | IPC priority. |
int pki_store_save_cert | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
enum pki_store_loc | location, | ||
size_t | cert_len, | ||
const unsigned char * | cert_data, | ||
int | prio | ||
) |
Save a certificate in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
location | Store element (trusted, issuers, etc.). |
cert_len | The length of the element to store. |
cert_data | The content of the element to store. |
prio | IPC specific priority value. |
int pki_store_save_certs | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_certs, | ||
enum pki_store_loc * | location, | ||
size_t * | cert_len, | ||
unsigned char ** | cert_data, | ||
int ** | results, | ||
int | prio | ||
) |
Save a set of certificates in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_certs | Number of elements to store. |
location | num_certs store elements (trusted, issuers, etc.). |
cert_len | num_certs object lengths of the certificates to store. |
cert_data | num_certs certificates bodies to store. |
results | num_certs result codes. |
prio | IPC specific priority value. |
int pki_store_save_crl | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const unsigned char * | cert_sha, | ||
enum pki_store_loc | location, | ||
size_t | crl_len, | ||
const unsigned char * | crl_data, | ||
int | prio | ||
) |
Save a CRL in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to store; if NULL, the issuer will be searched. |
location | Store element (trusted, issuers, etc.). |
crl_len | The length of the element to store. |
crl_data | The content of the element to store. |
prio | IPC specific priority value. |
int pki_store_save_crls | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_crls, | ||
unsigned char ** | cert_sha, | ||
enum pki_store_loc * | location, | ||
size_t * | crl_len, | ||
unsigned char ** | crl_data, | ||
int ** | results, | ||
int | prio | ||
) |
Save a set of certificates in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_crls | Number of elements to store. |
cert_sha | num_crls SHA1 ids of the elements to load. |
location | num_crls store elements (trusted, issuers, etc.). |
crl_len | num_crls object lengths of the CRLs to store. |
crl_data | num_crls CRL bodies to store. |
results | num_crls result codes. |
prio | IPC specific priority value. |
int pki_store_save_key | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const unsigned char * | cert_sha, | ||
size_t | key_len, | ||
const unsigned char * | key_data, | ||
int | prio | ||
) |
Save a key in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
cert_sha | The SHA1 id of the element to store. |
key_len | The length of the element to store. |
key_data | The content of the element to store. |
prio | IPC specific priority value. |
int pki_store_save_keys | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
unsigned int | num_keys, | ||
unsigned char ** | cert_sha, | ||
size_t * | key_len, | ||
unsigned char ** | key_data, | ||
int ** | results, | ||
int | prio | ||
) |
Save a set of keys in the store.
store | The identifier of the used store. |
credentials | Optional access credentials for this operation. |
num_keys | Number of elements to store. |
cert_sha | num_keys SHA1 ids of the elements to save. |
key_len | num_crls object lengths of the CRLs to store. |
key_data | num_crls CRL bodies to store. |
results | num_keys result codes. |
prio | IPC specific priority value. |
int pki_store_save_own_cert | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const char * | name, | ||
size_t | cert_len, | ||
const unsigned char * | cert_data, | ||
int | prio | ||
) |
Save the own certificate by name.
The name will be added to a name/sha1 mapping table.
store | Store index. |
credentials | Optional credentials for accessing the store. |
name | Name of the certificate. |
cert_len | Length of cert_data in bytes. |
cert_data | Certificate data. |
prio | IPC priority. |
int pki_store_save_own_key | ( | uint32_t | store, |
const struct pki_store_credentials * | credentials, | ||
const char * | name, | ||
size_t | key_len, | ||
const unsigned char * | key_data, | ||
int | prio | ||
) |
Save the own key by name.
The name will be added to a name/sha1 mapping
store | Store index. |
credentials | Optional credentials for accessing the store. |
name | Name of the certificate. |
key_len | Length of key_data in bytes. |
key_data | Key data. |
prio | IPC priority. |
PKI_STORE_EXPORT int pki_store_sha1_to_string | ( | const unsigned char * | id, |
char * | dest | ||
) |
Convenience function to convert certificate ID to string representation.
id | Certificate ID (SHA1) in binary representation |
dest | Destination buffer of at least 41 bytes. |
PKI_STORE_EXPORT int pki_store_string_to_sha1 | ( | const char * | src, |
unsigned char * | id | ||
) |
Convenience function to convert certificate ID from string to binary/API representation.
src | Certificate ID in string representation (zero terminated). |
id | Destination buffer of at least 20 bytes for Certificate ID (SHA1) in binary representation. |
int pki_store_verify_cert | ( | uint32_t | store, |
size_t | cert_len, | ||
unsigned char * | cert_data, | ||
uint32_t | verification_flags, | ||
uint32_t | num_issuers, | ||
size_t * | issuer_lengths, | ||
unsigned char ** | issuer_datas, | ||
bool * | cert_ok, | ||
unsigned int * | num_results, | ||
struct pki_cert_verification_result ** | results, | ||
int | prio | ||
) |
Verify a certificate in the context of the PKI store with the given ID.
Generally, this function behaves like pki_cert_verify with the trust list parameter replaced by the content of the referenced store. Additional issuer certificates may be added temporarily to the untrusted issuer certificates from the store. This is necessary if a communication partner provides these certficates in a handshake message. The verification result is the same as if the issuer certificates would be added to the issuer location in the store before calling this function. But this is not required if a client provides them in the connect phase. Internal: The reason for results being a double pointer is to have the IPC mechanism to pass it to the callback when using the asynchronous proxy version of this function (begin_pki_store_verify_cert). The pointer itself is not intended to be changed.
store | Identifier of the store containing certificates and CRLs to be used for verification. |
cert_len | Length in bytes of cert_data. |
cert_data | Array containing the DER encoded certificate to be verified. |
verification_flags | Bit mask of verification control flags ( |
num_issuers | Number of elements in issuer_lengths and issuer_datas. |
issuer_lengths | Array containing the lengts of the elements of issuer_datas. |
issuer_datas | Array with pointers to DER encoded issuer certificates which will be treated like issuer certificates from the store. |
cert_ok | General verification result on return. |
num_results | Size of array results; number of used elements on return. |
results | Preallocated array for storing validation results. |
prio | IPC priority value. |