Files | |
file | pkcs11h-certificate.h |
pkcs11-helper certificate functions. | |
Classes | |
struct | pkcs11h_certificate_id_s |
Certificate id reference. More... | |
struct | pkcs11h_certificate_id_list_s |
Certificate id list. More... | |
Typedefs | |
typedef struct pkcs11h_certificate_id_s * | pkcs11h_certificate_id_t |
Certificate id reference. | |
typedef struct pkcs11h_certificate_s * | pkcs11h_certificate_t |
Certificate object. | |
typedef struct pkcs11h_certificate_id_list_s * | pkcs11h_certificate_id_list_t |
Certificate id list. | |
Functions | |
CK_RV | pkcs11h_certificate_freeCertificateId (IN pkcs11h_certificate_id_t certificate_id) |
Free certificate_id object. | |
CK_RV | pkcs11h_certificate_duplicateCertificateId (OUT pkcs11h_certificate_id_t *const to, IN const pkcs11h_certificate_id_t from) |
Duplicate certificate_id object. | |
CK_RV | pkcs11h_certificate_setCertificateIdCertificateBlob (IN const pkcs11h_certificate_id_t certificate_id, IN const unsigned char *const blob, IN const size_t blob_size) |
Sets internal certificate_id blob. | |
CK_RV | pkcs11h_certificate_freeCertificate (IN pkcs11h_certificate_t certificate) |
Free certificate object. | |
CK_RV | pkcs11h_certificate_create (IN const pkcs11h_certificate_id_t certificate_id, IN void *const user_data, IN const unsigned mask_prompt, IN const int pin_cache_period, OUT pkcs11h_certificate_t *const p_certificate) |
Create a certificate object out of certificate_id. | |
unsigned | pkcs11h_certificate_getPromptMask (IN const pkcs11h_certificate_t certificate) |
Extract user data out of certificate. | |
void | pkcs11h_certificate_setPromptMask (IN const pkcs11h_certificate_t certificate, IN const unsigned mask_prompt) |
Extract user data out of certificate. | |
void * | pkcs11h_certificate_getUserData (IN const pkcs11h_certificate_t certificate) |
Extract user data out of certificate. | |
void | pkcs11h_certificate_setUserData (IN const pkcs11h_certificate_t certificate, IN void *const user_data) |
Extract user data out of certificate. | |
CK_RV | pkcs11h_certificate_getCertificateId (IN const pkcs11h_certificate_t certificate, OUT pkcs11h_certificate_id_t *const p_certificate_id) |
Get certifiate id object out of a certifiate. | |
CK_RV | pkcs11h_certificate_getCertificateBlob (IN const pkcs11h_certificate_t certificate, OUT unsigned char *const certificate_blob, IN OUT size_t *const p_certificate_blob_size) |
Get the certificate blob out of the certificate object. | |
CK_RV | pkcs11h_certificate_serializeCertificateId (OUT char *const sz, IN OUT size_t *max, IN const pkcs11h_certificate_id_t certificate_id) |
Serialize certificate_id into a string. | |
CK_RV | pkcs11h_certificate_deserializeCertificateId (OUT pkcs11h_certificate_id_t *const p_certificate_id, IN const char *const sz) |
Deserialize certificate_id out of string. | |
CK_RV | pkcs11h_certificate_ensureCertificateAccess (IN const pkcs11h_certificate_t certificate) |
Ensure certificate is accessible. | |
CK_RV | pkcs11h_certificate_ensureKeyAccess (IN const pkcs11h_certificate_t certificate) |
Ensure key is accessible. | |
CK_RV | pkcs11h_certificate_lockSession (IN const pkcs11h_certificate_t certificate) |
Lock session for threded environment. | |
CK_RV | pkcs11h_certificate_releaseSession (IN const pkcs11h_certificate_t certificate) |
Releases session lock. | |
CK_RV | pkcs11h_certificate_sign (IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char *const source, IN const size_t source_size, OUT unsigned char *const target, IN OUT size_t *const p_target_size) |
Sign data. | |
CK_RV | pkcs11h_certificate_signRecover (IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char *const source, IN const size_t source_size, OUT unsigned char *const target, IN OUT size_t *const p_target_size) |
Sign data. | |
CK_RV | pkcs11h_certificate_decrypt (IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char *const source, IN const size_t source_size, OUT unsigned char *const target, IN OUT size_t *const p_target_size) |
Decrypt data. | |
CK_RV | pkcs11h_certificate_unwrap (IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char *const source, IN const size_t source_size, OUT unsigned char *const target, IN OUT size_t *const p_target_size) |
Decrypt data. | |
CK_RV | pkcs11h_certificate_signAny (IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char *const source, IN const size_t source_size, OUT unsigned char *const target, IN OUT size_t *const p_target_size) |
Sign data mechanism determined by key attributes. | |
CK_RV | pkcs11h_certificate_decryptAny (IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char *const source, IN const size_t source_size, OUT unsigned char *const target, IN OUT size_t *const p_target_size) |
Decrypt data mechanism determined by key attributes. | |
CK_RV | pkcs11h_certificate_freeCertificateIdList (IN const pkcs11h_certificate_id_list_t cert_id_list) |
Free certificate_id list. | |
CK_RV | pkcs11h_certificate_enumTokenCertificateIds (IN const pkcs11h_token_id_t token_id, IN const unsigned method, IN void *const user_data, IN const unsigned mask_prompt, OUT pkcs11h_certificate_id_list_t *const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t *const p_cert_id_end_list) |
Enumerate available certificates on specific token. | |
CK_RV | pkcs11h_certificate_enumCertificateIds (IN const unsigned method, IN void *const user_data, IN const unsigned mask_prompt, OUT pkcs11h_certificate_id_list_t *const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t *const p_cert_id_end_list) |
Enumerate available certificates. |
CK_RV pkcs11h_certificate_create | ( | IN const pkcs11h_certificate_id_t | certificate_id, | |
IN void *const | user_data, | |||
IN const unsigned | mask_prompt, | |||
IN const int | pin_cache_period, | |||
OUT pkcs11h_certificate_t *const | p_certificate | |||
) |
Create a certificate object out of certificate_id.
certificate_id | Certificate id object to be based on. | |
user_data | Optional user data, to be passed to hooks. | |
mask_prompt | Allow prompt PKCS11H_PROMPT_MASK. | |
pin_cache_period | Session specific cache period. | |
p_certificate | Receives certificate object. |
CK_RV pkcs11h_certificate_decrypt | ( | IN const pkcs11h_certificate_t | certificate, | |
IN const CK_MECHANISM_TYPE | mech_type, | |||
IN const unsigned char *const | source, | |||
IN const size_t | source_size, | |||
OUT unsigned char *const | target, | |||
IN OUT size_t *const | p_target_size | |||
) |
Decrypt data.
certificate | Certificate object. | |
mech_type | PKCS#11 mechanism. | |
source | Buffer to sign. | |
source_size | Buffer size. | |
target | Target buffer. | |
p_target_size | Target buffer size. |
CK_RV pkcs11h_certificate_decryptAny | ( | IN const pkcs11h_certificate_t | certificate, | |
IN const CK_MECHANISM_TYPE | mech_type, | |||
IN const unsigned char *const | source, | |||
IN const size_t | source_size, | |||
OUT unsigned char *const | target, | |||
IN OUT size_t *const | p_target_size | |||
) |
Decrypt data mechanism determined by key attributes.
certificate | Certificate object. | |
mech_type | PKCS#11 mechanism. | |
source | Buffer to sign. | |
source_size | Buffer size. | |
target | Target buffer. | |
p_target_size | Target buffer size. |
CK_RV pkcs11h_certificate_deserializeCertificateId | ( | OUT pkcs11h_certificate_id_t *const | p_certificate_id, | |
IN const char *const | sz | |||
) |
Deserialize certificate_id out of string.
p_certificate_id | id. | |
sz | Inut string |
CK_RV pkcs11h_certificate_duplicateCertificateId | ( | OUT pkcs11h_certificate_id_t *const | to, | |
IN const pkcs11h_certificate_id_t | from | |||
) |
Duplicate certificate_id object.
to | Target. | |
from | Source. |
CK_RV pkcs11h_certificate_ensureCertificateAccess | ( | IN const pkcs11h_certificate_t | certificate | ) |
Ensure certificate is accessible.
certificate | Certificate object. |
CK_RV pkcs11h_certificate_ensureKeyAccess | ( | IN const pkcs11h_certificate_t | certificate | ) |
Ensure key is accessible.
certificate | Certificate object. |
CK_RV pkcs11h_certificate_enumCertificateIds | ( | IN const unsigned | method, | |
IN void *const | user_data, | |||
IN const unsigned | mask_prompt, | |||
OUT pkcs11h_certificate_id_list_t *const | p_cert_id_issuers_list, | |||
OUT pkcs11h_certificate_id_list_t *const | p_cert_id_end_list | |||
) |
Enumerate available certificates.
method | How to fetch certificates PKCS11H_ENUM_METHOD. | |
user_data | Some user specific data. | |
mask_prompt | Allow prompt PKCS11H_PROMPT_MASK. | |
p_cert_id_issuers_list | Receives issues list. | |
p_cert_id_end_list | Receives end certificates list. |
Caller must free result.
This function will likely take long time.
CK_RV pkcs11h_certificate_enumTokenCertificateIds | ( | IN const pkcs11h_token_id_t | token_id, | |
IN const unsigned | method, | |||
IN void *const | user_data, | |||
IN const unsigned | mask_prompt, | |||
OUT pkcs11h_certificate_id_list_t *const | p_cert_id_issuers_list, | |||
OUT pkcs11h_certificate_id_list_t *const | p_cert_id_end_list | |||
) |
Enumerate available certificates on specific token.
token_id | Token id to enum. | |
method | How to fetch certificates PKCS11H_ENUM_METHOD. | |
user_data | Some user specific data. | |
mask_prompt | Allow prompt PKCS11H_PROMPT_MASK. | |
p_cert_id_issuers_list | Receives issues list. | |
p_cert_id_end_list | Receives end certificates list. |
Caller must free result.
This function will likely take long time.
CK_RV pkcs11h_certificate_freeCertificate | ( | IN pkcs11h_certificate_t | certificate | ) |
Free certificate object.
certificate | Certificate object. |
CK_RV pkcs11h_certificate_freeCertificateId | ( | IN pkcs11h_certificate_id_t | certificate_id | ) |
Free certificate_id object.
certificate_id | Certificate id. |
CK_RV pkcs11h_certificate_freeCertificateIdList | ( | IN const pkcs11h_certificate_id_list_t | cert_id_list | ) |
Free certificate_id list.
cert_id_list | List. |
CK_RV pkcs11h_certificate_getCertificateBlob | ( | IN const pkcs11h_certificate_t | certificate, | |
OUT unsigned char *const | certificate_blob, | |||
IN OUT size_t *const | p_certificate_blob_size | |||
) |
Get the certificate blob out of the certificate object.
certificate | Certificate object. | |
certificate_blob | Buffer. | |
p_certificate_blob_size | Buffer size. |
CK_RV pkcs11h_certificate_getCertificateId | ( | IN const pkcs11h_certificate_t | certificate, | |
OUT pkcs11h_certificate_id_t *const | p_certificate_id | |||
) |
Get certifiate id object out of a certifiate.
certificate | Certificate object. | |
p_certificate_id | Certificate id object pointer. |
unsigned pkcs11h_certificate_getPromptMask | ( | IN const pkcs11h_certificate_t | certificate | ) |
Extract user data out of certificate.
certificate | Certificate object. |
void* pkcs11h_certificate_getUserData | ( | IN const pkcs11h_certificate_t | certificate | ) |
Extract user data out of certificate.
certificate | Certificate object. |
CK_RV pkcs11h_certificate_lockSession | ( | IN const pkcs11h_certificate_t | certificate | ) |
Lock session for threded environment.
certificate | Certificate object. |
It is save to call this also in none threaded environment, it will do nothing. Call this also if you are doing one stage operation, since locking is not done by method.
CK_RV pkcs11h_certificate_releaseSession | ( | IN const pkcs11h_certificate_t | certificate | ) |
Releases session lock.
certificate | Certificate object. |
CK_RV pkcs11h_certificate_serializeCertificateId | ( | OUT char *const | sz, | |
IN OUT size_t * | max, | |||
IN const pkcs11h_certificate_id_t | certificate_id | |||
) |
Serialize certificate_id into a string.
sz | Output string. | |
max | Max buffer size. | |
certificate_id | id to serialize |
CK_RV pkcs11h_certificate_setCertificateIdCertificateBlob | ( | IN const pkcs11h_certificate_id_t | certificate_id, | |
IN const unsigned char *const | blob, | |||
IN const size_t | blob_size | |||
) |
Sets internal certificate_id blob.
certificate_id | Certificate id object. | |
blob | Certificate blob. | |
blob_size | Certificate blob size. |
void pkcs11h_certificate_setPromptMask | ( | IN const pkcs11h_certificate_t | certificate, | |
IN const unsigned | mask_prompt | |||
) |
Extract user data out of certificate.
certificate | Certificate object. | |
mask_prompt | Allow prompt PKCS11H_PROMPT_MASK. |
void pkcs11h_certificate_setUserData | ( | IN const pkcs11h_certificate_t | certificate, | |
IN void *const | user_data | |||
) |
Extract user data out of certificate.
certificate | Certificate object. | |
user_data | Optional user data, to be passed to hooks. |
CK_RV pkcs11h_certificate_sign | ( | IN const pkcs11h_certificate_t | certificate, | |
IN const CK_MECHANISM_TYPE | mech_type, | |||
IN const unsigned char *const | source, | |||
IN const size_t | source_size, | |||
OUT unsigned char *const | target, | |||
IN OUT size_t *const | p_target_size | |||
) |
Sign data.
certificate | Certificate object. | |
mech_type | PKCS#11 mechanism. | |
source | Buffer to sign. | |
source_size | Buffer size. | |
target | Target buffer. | |
p_target_size | Target buffer size. |
CK_RV pkcs11h_certificate_signAny | ( | IN const pkcs11h_certificate_t | certificate, | |
IN const CK_MECHANISM_TYPE | mech_type, | |||
IN const unsigned char *const | source, | |||
IN const size_t | source_size, | |||
OUT unsigned char *const | target, | |||
IN OUT size_t *const | p_target_size | |||
) |
Sign data mechanism determined by key attributes.
certificate | Certificate object. | |
mech_type | PKCS#11 mechanism. | |
source | Buffer to sign. | |
source_size | Buffer size. | |
target | Target buffer. | |
p_target_size | Target buffer size. |
CK_RV pkcs11h_certificate_signRecover | ( | IN const pkcs11h_certificate_t | certificate, | |
IN const CK_MECHANISM_TYPE | mech_type, | |||
IN const unsigned char *const | source, | |||
IN const size_t | source_size, | |||
OUT unsigned char *const | target, | |||
IN OUT size_t *const | p_target_size | |||
) |
Sign data.
certificate | Certificate object. | |
mech_type | PKCS#11 mechanism. | |
source | Buffer to sign. | |
source_size | Buffer size. | |
target | Target buffer. | |
p_target_size | Target buffer size. |
CK_RV pkcs11h_certificate_unwrap | ( | IN const pkcs11h_certificate_t | certificate, | |
IN const CK_MECHANISM_TYPE | mech_type, | |||
IN const unsigned char *const | source, | |||
IN const size_t | source_size, | |||
OUT unsigned char *const | target, | |||
IN OUT size_t *const | p_target_size | |||
) |
Decrypt data.
certificate | Certificate object. | |
mech_type | PKCS#11 mechanism. | |
source | Buffer to sign. | |
source_size | Buffer size. | |
target | Target buffer. | |
p_target_size | Target buffer size. |
pkcs11-helper, Copyright (C) Alon Bar-Lev <alon.barlev@gmail.com> | ![]() |