1 /**************************************************************************** 2 * * 3 * Certificate Function Header File * 4 * Copyright Peter Gutmann 1996-2008 * 5 * * 6 ****************************************************************************/ 7 8 /* The huge complexity of the certificate management code means that there 9 are a sufficient number of functions required that we confine the 10 prototypes to their own file */ 11 12 #ifndef _CERTFN_DEFINED 13 14 #define _CERTFN_DEFINED 15 16 /**************************************************************************** 17 * * 18 * DN Manipulation Functions * 19 * * 20 ****************************************************************************/ 21 22 /* DN string functions */ 23 24 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4, 5 ) ) \ 25 int getAsn1StringInfo( IN_BUFFER( stringLen ) const void *string, 26 IN_LENGTH_SHORT const int stringLen, 27 OUT_RANGE( 0, 20 ) int *stringType, 28 OUT_TAG_ENCODED_Z int *asn1StringType, 29 OUT_LENGTH_SHORT_Z int *asn1StringLen, 30 const BOOLEAN isNativeString ); 31 32 /* DN manipulation routines */ 33 34 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 5 ) ) \ 35 int insertDNComponent( INOUT_PTR DN_PTR **dnComponentListPtrPtr, 36 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE componentType, 37 IN_BUFFER( valueLength ) const void *value, 38 IN_LENGTH_SHORT const int valueLength, 39 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 40 CRYPT_ERRTYPE_TYPE *errorType ); 41 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 42 int deleteDNComponent( INOUT_PTR DN_PTR **dnComponentListPtrPtr, 43 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE type, 44 IN_BUFFER_OPT( valueLength ) const void *value, 45 IN_LENGTH_SHORT_Z const int valueLength ); 46 STDC_NONNULL_ARG( ( 1 ) ) \ 47 void deleteDN( INOUT_PTR DN_PTR **dnComponentListPtrPtr ); 48 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \ 49 int getDNComponentInfo( INOUT const DN_PTR *dnComponentList, 50 OUT_ATTRIBUTE_Z CRYPT_ATTRIBUTE_TYPE *type, 51 OUT_BOOL BOOLEAN *dnContinues ); 52 CHECK_RETVAL STDC_NONNULL_ARG( ( 6 ) ) \ 53 int getDNComponentValue( IN_OPT const DN_PTR *dnComponentList, 54 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE type, 55 IN_RANGE( 0, 100 ) const int count, 56 OUT_BUFFER_OPT( valueMaxLength, \ 57 *valueLength ) void *value, 58 IN_LENGTH_SHORT_Z const int valueMaxLength, 59 OUT_LENGTH_BOUNDED_Z( valueMaxLength ) \ 60 int *valueLength ); 61 62 /* Copy and compare a DN */ 63 64 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 65 int copyDN( OUT_PTR_COND DN_PTR **dnDest, 66 IN const DN_PTR *dnSrc ); 67 CHECK_RETVAL_BOOL \ 68 BOOLEAN compareDN( IN_OPT const DN_PTR *dnComponentList1, 69 IN_OPT const DN_PTR *dnComponentList2, 70 const BOOLEAN dn1substring, 71 OUT_OPT_PTR_xCOND DN_PTR **mismatchPointPtrPtr ); 72 73 /* Select DN/GeneralName components */ 74 75 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 76 int selectGeneralName( INOUT CERT_INFO *certInfoPtr, 77 IN_ATTRIBUTE_OPT const CRYPT_ATTRIBUTE_TYPE certInfoType, 78 IN_ENUM( SELECTION_OPTION ) const SELECTION_OPTION option ); 79 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 80 int selectGeneralNameComponent( INOUT CERT_INFO *certInfoPtr, 81 IN_ATTRIBUTE \ 82 const CRYPT_ATTRIBUTE_TYPE certInfoType ); 83 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 84 int selectDN( INOUT CERT_INFO *certInfoPtr, 85 IN_ATTRIBUTE_OPT const CRYPT_ATTRIBUTE_TYPE certInfoType, 86 IN_ENUM( SELECTION_OPTION ) const SELECTION_OPTION option ); 87 88 /* Read/write a DN */ 89 90 CHECK_RETVAL STDC_NONNULL_ARG( ( 3, 4 ) ) \ 91 int checkDN( IN_OPT const DN_PTR *dnComponentList, 92 IN_FLAGS( CHECKDN ) const int checkFlags, 93 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 94 CRYPT_ATTRIBUTE_TYPE *errorLocus, 95 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 96 CRYPT_ERRTYPE_TYPE *errorType ); 97 CHECK_RETVAL_LENGTH \ 98 int sizeofDN( INOUT_OPT DN_PTR *dnComponentList ); 99 /* Non-const because it performs a pre-encoding pass */ 100 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 101 int readDN( INOUT STREAM *stream, 102 OUT_PTR_COND DN_PTR **dnComponentListPtrPtr ); 103 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 104 int writeDN( INOUT STREAM *stream, 105 IN_OPT const DN_PTR *dnComponentList, 106 IN_TAG const int tag ); 107 #ifdef USE_CERT_DNSTRING 108 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 109 int readDNstring( INOUT_PTR DN_PTR **dnComponentListPtrPtr, 110 IN_BUFFER( stringLength ) const BYTE *string, 111 IN_LENGTH_ATTRIBUTE const int stringLength ); 112 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 113 int writeDNstring( INOUT STREAM *stream, 114 IN_OPT const DN_PTR *dnComponentList ); 115 #endif /* USE_CERT_DNSTRING */ 116 117 /**************************************************************************** 118 * * 119 * Attribute Manipulation Functions * 120 * * 121 ****************************************************************************/ 122 123 /* Find an attribute */ 124 125 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 2 ) ) \ 126 ATTRIBUTE_PTR *findAttributeByOID( IN_OPT const ATTRIBUTE_PTR *attributePtr, 127 IN_BUFFER( oidLength ) const BYTE *oid, 128 IN_LENGTH_OID const int oidLength ); 129 CHECK_RETVAL_PTR \ 130 ATTRIBUTE_PTR *findAttribute( IN_OPT const ATTRIBUTE_PTR *attributePtr, 131 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attributeID, 132 const BOOLEAN isFieldID ); 133 CHECK_RETVAL_PTR \ 134 ATTRIBUTE_PTR *findAttributeField( IN_OPT const ATTRIBUTE_PTR *attributePtr, 135 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID, 136 IN_ATTRIBUTE_OPT \ 137 const CRYPT_ATTRIBUTE_TYPE subFieldID ); 138 CHECK_RETVAL_PTR \ 139 ATTRIBUTE_PTR *findAttributeFieldEx( IN_OPT const ATTRIBUTE_PTR *attributePtr, 140 IN_ATTRIBUTE \ 141 const CRYPT_ATTRIBUTE_TYPE fieldID ); 142 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \ 143 ATTRIBUTE_PTR *findNextFieldInstance( const ATTRIBUTE_PTR *attributePtr ); 144 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \ 145 ATTRIBUTE_PTR *findDnInAttribute( IN_OPT const ATTRIBUTE_PTR *attributePtr ); 146 147 /* Get/set information about an attribute: 148 149 PROPERTY_BLOBATTRIBUTE: The item contains a single blob-type attribute. 150 151 PROPERTY_COMPLETEATTRIBUTE: This item isn't explicitly present in the 152 attribute list but represents an entire (constructed) attribute of 153 which one field is present, see the long comment for 154 findAttributeFieldEx() in cert/ext.c for a detailed description. 155 156 PROPERTY_CRITICAL: The item (which should be a complete attribute) has 157 the critical flag set. 158 159 PROPERTY_DEFAULTVALUE: The item is a dummy placeholder entry containing 160 a default value for an attribute, this field isn't explicitly 161 present in the attribute list but exists only to contain this 162 default value. 163 164 PROPERTY_DN: The item contains a composite DN rather than an integer/ 165 boolean/data value. 166 167 PROPERTY_IGNORED: This item is a recognised attribute but is ignored at 168 the current compliance level. 169 170 PROPERTY_VALUE: The integer value for the attribute. This isn't really 171 an attribute property but we need to be able to set it in a few rare 172 cases when we're applying a constraint to an attribute where the 173 constraint modifies the attribute's integer value. 174 175 PROPERTY_LOCKED: This item is locked against further changes. 176 177 PROPERTY_OID: The data in this item is an encoded OID that needs to be 178 decoded into the OID text representation before being returned to 179 the caller */ 180 181 typedef enum { 182 ATTRIBUTE_PROPERTY_NONE, /* No attribute property type */ 183 ATTRIBUTE_PROPERTY_DEFAULTVALUE,/* Field has default value */ 184 ATTRIBUTE_PROPERTY_BLOBATTRIBUTE, /* Item is a single blob attribute */ 185 ATTRIBUTE_PROPERTY_COMPLETEATRIBUTE,/* Item is a complete attribute */ 186 ATTRIBUTE_PROPERTY_LOCKED, /* Item is locked against changes */ 187 ATTRIBUTE_PROPERTY_CRITICAL, /* Attribute is critical */ 188 ATTRIBUTE_PROPERTY_DN, /* Attribute contains composite DN */ 189 ATTRIBUTE_PROPERTY_OID, /* Attribute data is an OID */ 190 ATTRIBUTE_PROPERTY_IGNORED, /* Attribute is ignored */ 191 ATTRIBUTE_PROPERTY_VALUE, /* Attribute integer value */ 192 ATTRIBUTE_PROPERTY_LAST /* Last possible property type */ 193 } ATTRIBUTE_PROPERTY_TYPE; 194 195 CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1 ) ) \ 196 BOOLEAN checkAttributeProperty( const ATTRIBUTE_PTR *attributePtr, 197 IN_ENUM( ATTRIBUTE_PROPERTY ) \ 198 ATTRIBUTE_PROPERTY_TYPE property ); 199 STDC_NONNULL_ARG( ( 1 ) ) \ 200 void setAttributeProperty( INOUT ATTRIBUTE_PTR *attributePtr, 201 IN_ENUM( ATTRIBUTE_PROPERTY ) \ 202 ATTRIBUTE_PROPERTY_TYPE property, 203 IN_INT_Z const int optValue ); 204 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 205 int getAttributeIdInfo( const ATTRIBUTE_PTR *attributePtr, 206 OUT_OPT_ATTRIBUTE_Z CRYPT_ATTRIBUTE_TYPE *attributeID, 207 OUT_OPT_ATTRIBUTE_Z CRYPT_ATTRIBUTE_TYPE *fieldID, 208 OUT_OPT_ATTRIBUTE_Z CRYPT_ATTRIBUTE_TYPE *subFieldID ); 209 CHECK_RETVAL \ 210 int getDefaultFieldValue( IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID ); 211 CHECK_RETVAL_BOOL \ 212 BOOLEAN checkAttributePresent( IN_OPT const ATTRIBUTE_PTR *attributePtr, 213 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID ); 214 CHECK_RETVAL_BOOL \ 215 BOOLEAN checkAttributeFieldPresent( IN_OPT const ATTRIBUTE_PTR *attributePtr, 216 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID ); 217 218 /* Get attribute data. See the comment by the SELECTION_INFO definition for 219 why dnPtr uses double indirection for the pointer instead of single 220 indirection */ 221 222 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 223 int getAttributeDataValue( IN const ATTRIBUTE_PTR *attributePtr, 224 OUT_INT_Z int *value ); 225 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 226 int getAttributeDataTime( IN const ATTRIBUTE_PTR *attributePtr, 227 OUT time_t *value ); 228 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 229 int getAttributeDataDN( IN const ATTRIBUTE_PTR *attributePtr, 230 OUT_PTR DN_PTR ***dnPtr ); 231 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \ 232 int getAttributeDataPtr( IN const ATTRIBUTE_PTR *attributePtr, 233 OUT_BUFFER_ALLOC( *dataLength ) void **dataPtrPtr, 234 OUT_LENGTH_SHORT_Z int *dataLength ); 235 236 /* The pattern { findAttributeField(), getAttributeDataXYZ() } is used 237 frequently enough that we provide a common function for it */ 238 239 CHECK_RETVAL STDC_NONNULL_ARG( ( 4 ) ) \ 240 int getAttributeFieldValue( IN_OPT const ATTRIBUTE_PTR *attributePtr, 241 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID, 242 IN_ATTRIBUTE_OPT \ 243 const CRYPT_ATTRIBUTE_TYPE subFieldID, 244 OUT_INT_Z int *value ); 245 CHECK_RETVAL STDC_NONNULL_ARG( ( 4 ) ) \ 246 int getAttributeFieldTime( IN_OPT const ATTRIBUTE_PTR *attributePtr, 247 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID, 248 IN_ATTRIBUTE_OPT \ 249 const CRYPT_ATTRIBUTE_TYPE subFieldID, 250 OUT time_t *value ); 251 252 /* Enumerate entries in an attribute list. This is a somewhat oddball 253 function that's required to handle a small number of special-case 254 situations that can't be easily handled directly. The alternative to 255 having the hardwired selections is to provide a general-purpose 256 enumeration capability and then have the caller extract whatever's 257 necessary from the attribute and decide whether they want to continue, 258 however this creates really akward attribute-enumeration loops and, 259 since there are only three cases that we need to handle, really isn't 260 worth the effort */ 261 262 typedef enum { 263 ATTRIBUTE_ENUM_NONE, /* No attribute enumeration type */ 264 ATTRIBUTE_ENUM_BLOB, /* Enumerate blob attributes */ 265 ATTRIBUTE_ENUM_NONBLOB, /* Enumerate non-blob attributes */ 266 ATTRIBUTE_ENUM_LAST /* Last possible attribute enumeration type */ 267 } ATTRIBUTE_ENUM_TYPE; 268 269 typedef struct { 270 const ATTRIBUTE_PTR *attributePtr; /* Currently selected attribute entry */ 271 ATTRIBUTE_ENUM_TYPE enumType; /* Type of enumeration being performed */ 272 } ATTRIBUTE_ENUM_INFO; 273 274 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \ 275 const ATTRIBUTE_PTR *getFirstAttribute( OUT ATTRIBUTE_ENUM_INFO *attrEnumInfo, 276 IN_OPT const ATTRIBUTE_PTR *attributePtr, 277 IN_ENUM( ATTRIBUTE_ENUM ) \ 278 const ATTRIBUTE_ENUM_TYPE enumType ); 279 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \ 280 const ATTRIBUTE_PTR *getNextAttribute( INOUT ATTRIBUTE_ENUM_INFO *attrEnumInfo ); 281 282 /* Since many of the attributes can be disabled to save space and reduce 283 complexity, we may need to check that an attribute that we want to use is 284 actually available, for example if we're about to create it as part of an 285 internal operation for which we don't want to present an unexpected error 286 status to the caller. The following function checks whether an attribute 287 is enabled for use */ 288 289 CHECK_RETVAL_BOOL \ 290 BOOLEAN checkAttributeAvailable( IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID ); 291 292 /* Move the current attribute cursor. The reason for the apparently- 293 reversed values in the IN_RANGE() annotation are because the values are 294 -ve, so last comes before first */ 295 296 CHECK_RETVAL_PTR \ 297 ATTRIBUTE_PTR *certMoveAttributeCursor( IN_OPT const ATTRIBUTE_PTR *currentCursor, 298 IN_ATTRIBUTE \ 299 const CRYPT_ATTRIBUTE_TYPE certInfoType, 300 IN_RANGE( CRYPT_CURSOR_LAST, \ 301 CRYPT_CURSOR_FIRST ) \ 302 const int position ); 303 304 /* For range-checking purposes we need to have ATTR_FLAG_NONE and 305 ATTR_FLAG_MAX defined, since these are defined in certattr.h which isn't 306 visible in all certificate-using code we explicitly define the values 307 here if required */ 308 309 #ifndef ATTR_FLAG_NONE 310 #define ATTR_FLAG_NONE 0x0000 311 #define ATTR_FLAG_MAX 0x007F 312 #endif /* ATTR_FLAG_NONE */ 313 #if ATTR_FLAG_MAX != 0x007F 314 #error Inconsistent definition of ATTR_FLAG_MAX in certattr.h/certfn.h 315 #endif /* ATTR_FLAG_MAX != 0x007F */ 316 317 /* Add/delete/copy attributes/attribute fields */ 318 319 CHECK_RETVAL STDC_NONNULL_ARG( ( 2, 3, 6 ) ) \ 320 int addAttribute( IN_ATTRIBUTE const ATTRIBUTE_TYPE attributeType, 321 INOUT ATTRIBUTE_PTR **listHeadPtr, 322 IN_BUFFER( oidLength ) const BYTE *oid, 323 IN_LENGTH_OID const int oidLength, 324 const BOOLEAN critical, 325 IN_BUFFER( dataLength ) const void *data, 326 IN_LENGTH_SHORT const int dataLength, 327 IN_FLAGS_Z( ATTR ) const int flags ); 328 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 6, 7 ) ) \ 329 int addAttributeField( INOUT ATTRIBUTE_PTR **listHeadPtr, 330 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID, 331 IN_ATTRIBUTE_OPT \ 332 const CRYPT_ATTRIBUTE_TYPE subFieldID, 333 const int value, 334 IN_FLAGS_Z( ATTR ) const int flags, 335 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 336 CRYPT_ATTRIBUTE_TYPE *errorLocus, 337 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 338 CRYPT_ERRTYPE_TYPE *errorType ); 339 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 4, 7, 8 ) ) \ 340 int addAttributeFieldString( INOUT ATTRIBUTE_PTR **listHeadPtr, 341 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID, 342 IN_ATTRIBUTE_OPT \ 343 const CRYPT_ATTRIBUTE_TYPE subFieldID, 344 IN_BUFFER( dataLength ) const void *data, 345 IN_LENGTH_ATTRIBUTE const int dataLength, 346 IN_FLAGS_Z( ATTR ) const int flags, 347 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 348 CRYPT_ATTRIBUTE_TYPE *errorLocus, 349 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 350 CRYPT_ERRTYPE_TYPE *errorType ); 351 RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \ 352 int deleteAttributeField( INOUT ATTRIBUTE_PTR **attributePtr, 353 INOUT_OPT ATTRIBUTE_PTR **listCursorPtr, 354 INOUT ATTRIBUTE_PTR *listItem, 355 IN_OPT const DN_PTR *dnCursor ); 356 RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \ 357 int deleteCompositeAttributeField( INOUT ATTRIBUTE_PTR **attributePtr, 358 INOUT ATTRIBUTE_PTR **listCursorPtr, 359 INOUT ATTRIBUTE_PTR *listItem, 360 IN_OPT const DN_PTR *dnCursor ); 361 RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \ 362 int deleteAttribute( INOUT ATTRIBUTE_PTR **attributePtr, 363 INOUT_OPT ATTRIBUTE_PTR **listCursorPtr, 364 INOUT ATTRIBUTE_PTR *listItem, 365 IN_OPT const DN_PTR *dnCursor ); 366 RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 367 int deleteCompleteAttribute( INOUT ATTRIBUTE_PTR **attributeListPtr, 368 INOUT ATTRIBUTE_PTR **listCursorPtr, 369 const CRYPT_ATTRIBUTE_TYPE attributeID, 370 IN_OPT const DN_PTR *dnCursor ); 371 STDC_NONNULL_ARG( ( 1 ) ) \ 372 void deleteAttributes( INOUT ATTRIBUTE_PTR **attributePtr ); 373 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) ) \ 374 int copyAttributes( INOUT ATTRIBUTE_PTR **destHeadPtr, 375 const ATTRIBUTE_PTR *srcPtr, 376 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 377 CRYPT_ATTRIBUTE_TYPE *errorLocus, 378 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 379 CRYPT_ERRTYPE_TYPE *errorType ); 380 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4, 5 ) ) \ 381 int copyIssuerAttributes( INOUT ATTRIBUTE_PTR **destListHeadPtr, 382 const ATTRIBUTE_PTR *srcListPtr, 383 const CRYPT_CERTTYPE_TYPE type, 384 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 385 CRYPT_ATTRIBUTE_TYPE *errorLocus, 386 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 387 CRYPT_ERRTYPE_TYPE *errorType ); 388 #ifdef USE_CERTREQ 389 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 390 int copyCRMFRequestAttributes( INOUT ATTRIBUTE_PTR **destListHeadPtr, 391 const ATTRIBUTE_PTR *srcListPtr ); 392 #endif /* USE_CERTREQ */ 393 #ifdef USE_CERTVAL 394 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 395 int copyRTCSRequestAttributes( INOUT ATTRIBUTE_PTR **destListHeadPtr, 396 const ATTRIBUTE_PTR *srcListPtr ); 397 #endif /* USE_CERTVAL */ 398 #ifdef USE_CERTREV 399 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 400 int copyOCSPRequestAttributes( INOUT ATTRIBUTE_PTR **destListHeadPtr, 401 const ATTRIBUTE_PTR *srcListPtr ); 402 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 403 int copyRevocationAttributes( INOUT ATTRIBUTE_PTR **destListHeadPtr, 404 const ATTRIBUTE_PTR *srcListPtr ); 405 #endif /* USE_CERTREV */ 406 407 /* Read/write a collection of attributes */ 408 409 CHECK_RETVAL STDC_NONNULL_ARG( ( 2, 3, 4 ) ) \ 410 int checkAttributes( IN_ENUM( ATTRIBUTE ) const ATTRIBUTE_TYPE attributeType, 411 const ATTRIBUTE_PTR *listHeadPtr, 412 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 413 CRYPT_ATTRIBUTE_TYPE *errorLocus, 414 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 415 CRYPT_ERRTYPE_TYPE *errorType ); 416 CHECK_RETVAL \ 417 int sizeofAttributes( IN_OPT const ATTRIBUTE_PTR *attributePtr, 418 IN_ENUM_OPT( CRYPT_CERTTYPE ) \ 419 const CRYPT_CERTTYPE_TYPE type ); 420 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 421 int writeAttributes( INOUT STREAM *stream, 422 INOUT ATTRIBUTE_PTR *attributePtr, 423 IN_ENUM_OPT( CRYPT_CERTTYPE ) const CRYPT_CERTTYPE_TYPE type, 424 IN_LENGTH const int attributeSize ); 425 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 5, 6 ) ) \ 426 int readAttributes( INOUT STREAM *stream, 427 INOUT ATTRIBUTE_PTR **attributePtrPtr, 428 IN_ENUM_OPT( CRYPT_CERTTYPE ) const CRYPT_CERTTYPE_TYPE type, 429 IN_LENGTH_Z const int attributeLength, 430 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 431 CRYPT_ATTRIBUTE_TYPE *errorLocus, 432 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 433 CRYPT_ERRTYPE_TYPE *errorType ); 434 435 /**************************************************************************** 436 * * 437 * Validity Information Processing Functions * 438 * * 439 ****************************************************************************/ 440 441 #ifdef USE_CERTVAL 442 443 /* Read/write validity information */ 444 445 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 446 int sizeofRtcsRequestEntry( STDC_UNUSED const VALIDITY_INFO *rtcsEntry ); 447 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 448 int readRtcsRequestEntry( INOUT STREAM *stream, 449 INOUT_PTR VALIDITY_INFO **listHeadPtrPtr ); 450 STDC_NONNULL_ARG( ( 1, 2 ) ) \ 451 int writeRtcsRequestEntry( INOUT STREAM *stream, 452 const VALIDITY_INFO *rtcsEntry ); 453 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 454 int sizeofRtcsResponseEntry( INOUT VALIDITY_INFO *rtcsEntry, 455 const BOOLEAN isFullResponse ); 456 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \ 457 int readRtcsResponseEntry( INOUT STREAM *stream, 458 INOUT_PTR VALIDITY_INFO **listHeadPtrPtr, 459 INOUT CERT_INFO *certInfoPtr, 460 const BOOLEAN isFullResponse ); 461 STDC_NONNULL_ARG( ( 1, 2 ) ) \ 462 int writeRtcsResponseEntry( INOUT STREAM *stream, 463 const VALIDITY_INFO *rtcsEntry, 464 const BOOLEAN isFullResponse ); 465 466 /* Add/delete a validity entry */ 467 468 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \ 469 int addValidityEntry( INOUT_PTR VALIDITY_INFO **listHeadPtrPtr, 470 OUT_OPT_PTR_COND VALIDITY_INFO **newEntryPosition, 471 IN_BUFFER( valueLength ) const void *value, 472 IN_LENGTH_FIXED( KEYID_SIZE ) const int valueLength ); 473 CHECK_RETVAL STDC_NONNULL_ARG( ( 2, 3, 4 ) ) \ 474 int prepareValidityEntries( IN_OPT const VALIDITY_INFO *listPtr, 475 OUT_PTR_xCOND VALIDITY_INFO **errorEntry, 476 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 477 CRYPT_ATTRIBUTE_TYPE *errorLocus, 478 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 479 CRYPT_ERRTYPE_TYPE *errorType ); 480 STDC_NONNULL_ARG( ( 1 ) ) \ 481 void deleteValidityEntries( INOUT_PTR VALIDITY_INFO **listHeadPtrPtr ); 482 483 /* Copy a set of validity entries */ 484 485 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 486 int copyValidityEntries( INOUT_PTR VALIDITY_INFO **destListHeadPtrPtr, 487 const VALIDITY_INFO *srcListPtr ); 488 489 /* Check a certificate's validity status */ 490 491 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 492 int checkRTCSResponse( INOUT CERT_INFO *certInfoPtr, 493 IN_HANDLE const CRYPT_KEYSET iCryptKeyset ); 494 495 #endif /* USE_CERTVAL */ 496 497 /**************************************************************************** 498 * * 499 * Revocation Information Processing Functions * 500 * * 501 ****************************************************************************/ 502 503 #ifdef USE_CERTREV 504 505 /* Read/write revocation information */ 506 507 CHECK_RETVAL_LENGTH_SHORT STDC_NONNULL_ARG( ( 1 ) ) \ 508 int sizeofCRLentry( INOUT REVOCATION_INFO *crlEntry ); 509 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4, 5 ) ) \ 510 int readCRLentry( INOUT STREAM *stream, 511 INOUT_PTR REVOCATION_INFO **listHeadPtrPtr, 512 IN_LENGTH_Z const int entryNo, 513 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 514 CRYPT_ATTRIBUTE_TYPE *errorLocus, 515 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 516 CRYPT_ERRTYPE_TYPE *errorType ); 517 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 518 int writeCRLentry( INOUT STREAM *stream, 519 const REVOCATION_INFO *crlEntry ); 520 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 521 int sizeofOcspRequestEntry( INOUT REVOCATION_INFO *ocspEntry ); 522 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \ 523 int readOcspRequestEntry( INOUT STREAM *stream, 524 INOUT_PTR REVOCATION_INFO **listHeadPtrPtr, 525 INOUT CERT_INFO *certInfoPtr ); 526 STDC_NONNULL_ARG( ( 1, 2 ) ) \ 527 int writeOcspRequestEntry( INOUT STREAM *stream, 528 const REVOCATION_INFO *ocspEntry ); 529 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 530 int sizeofOcspResponseEntry( INOUT REVOCATION_INFO *ocspEntry ); 531 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \ 532 int readOcspResponseEntry( INOUT STREAM *stream, 533 INOUT_PTR REVOCATION_INFO **listHeadPtrPtr, 534 INOUT CERT_INFO *certInfoPtr ); 535 STDC_NONNULL_ARG( ( 1, 2 ) ) \ 536 int writeOcspResponseEntry( INOUT STREAM *stream, 537 const REVOCATION_INFO *ocspEntry, 538 const time_t entryTime ); 539 540 /* Add/delete a revocation entry */ 541 542 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \ 543 int addRevocationEntry( INOUT_PTR REVOCATION_INFO **listHeadPtrPtr, 544 OUT_OPT_PTR_COND REVOCATION_INFO **newEntryPosition, 545 IN_KEYID_OPT const CRYPT_KEYID_TYPE valueType, 546 IN_BUFFER( valueLength ) const void *value, 547 IN_LENGTH_SHORT const int valueLength, 548 const BOOLEAN noCheck ); 549 550 CHECK_RETVAL STDC_NONNULL_ARG( ( 3, 5, 6 ) ) \ 551 int prepareRevocationEntries( INOUT_OPT REVOCATION_INFO *listPtr, 552 const time_t defaultTime, 553 OUT_PTR_xCOND REVOCATION_INFO **errorEntry, 554 const BOOLEAN isSingleEntry, 555 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 556 CRYPT_ATTRIBUTE_TYPE *errorLocus, 557 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 558 CRYPT_ERRTYPE_TYPE *errorType ); 559 STDC_NONNULL_ARG( ( 1 ) ) \ 560 void deleteRevocationEntries( INOUT_PTR REVOCATION_INFO **listHeadPtrPtr ); 561 562 /* Copy a set of revocation entries */ 563 564 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 565 int copyRevocationEntries( INOUT_PTR REVOCATION_INFO **destListHeadPtrPtr, 566 const REVOCATION_INFO *srcListPtr ); 567 568 /* Check a certificate's revocation status */ 569 570 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 571 int checkCRL( INOUT CERT_INFO *certInfoPtr, 572 IN_HANDLE const CRYPT_CERTIFICATE iCryptCRL ); 573 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 574 int checkOCSPResponse( INOUT CERT_INFO *certInfoPtr, 575 IN_HANDLE const CRYPT_KEYSET iCryptKeyset ); 576 577 #endif /* USE_CERTREV */ 578 579 /**************************************************************************** 580 * * 581 * Certificate Checking Functions * 582 * * 583 ****************************************************************************/ 584 585 /* Check a certificate object */ 586 587 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 588 int checkCertBasic( INOUT CERT_INFO *subjectCertInfoPtr ); 589 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 4, 5 ) ) \ 590 int checkCert( INOUT CERT_INFO *subjectCertInfoPtr, 591 IN_OPT const CERT_INFO *issuerCertInfoPtr, 592 const BOOLEAN shortCircuitCheck, 593 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 594 CRYPT_ATTRIBUTE_TYPE *errorLocus, 595 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 596 CRYPT_ERRTYPE_TYPE *errorType ); 597 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 598 int checkCertChain( INOUT CERT_INFO *certInfoPtr ); 599 600 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) ) \ 601 int getKeyUsageFromExtKeyUsage( const CERT_INFO *certInfoPtr, 602 OUT_FLAGS_Z( CRYPT_KEYUSAGE ) int *keyUsage, 603 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 604 CRYPT_ATTRIBUTE_TYPE *errorLocus, 605 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 606 CRYPT_ERRTYPE_TYPE *errorType ); 607 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 5, 6 ) ) \ 608 int checkKeyUsage( const CERT_INFO *certInfoPtr, 609 IN_FLAGS_Z( CHECKKEY ) const int flags, 610 IN_FLAGS_Z( CRYPT_KEYUSAGE ) const int specificUsage, 611 IN_RANGE( CRYPT_COMPLIANCELEVEL_OBLIVIOUS, \ 612 CRYPT_COMPLIANCELEVEL_LAST - 1 ) \ 613 const int complianceLevel, 614 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 615 CRYPT_ATTRIBUTE_TYPE *errorLocus, 616 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 617 CRYPT_ERRTYPE_TYPE *errorType ); 618 619 /* Check certificate constraints */ 620 621 #ifdef USE_CERTLEVEL_PKIX_FULL 622 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4, 5 ) ) \ 623 int checkNameConstraints( const CERT_INFO *subjectCertInfoPtr, 624 const ATTRIBUTE_PTR *issuerAttributes, 625 const BOOLEAN isExcluded, 626 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 627 CRYPT_ATTRIBUTE_TYPE *errorLocus, 628 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 629 CRYPT_ERRTYPE_TYPE *errorType ); 630 CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1 ) ) \ 631 BOOLEAN isAnyPolicy( const ATTRIBUTE_PTR *attributePtr ); 632 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 7, 8 ) ) \ 633 int checkPolicyConstraints( const CERT_INFO *subjectCertInfoPtr, 634 const ATTRIBUTE_PTR *issuerAttributes, 635 IN_ENUM_OPT( POLICY ) const POLICY_TYPE policyType, 636 IN_OPT const POLICY_INFO *policyInfo, 637 IN_RANGE( 0, MAX_CHAINLENGTH ) const int policyLevel, 638 const BOOLEAN allowMappedPolicies, 639 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 640 CRYPT_ATTRIBUTE_TYPE *errorLocus, 641 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 642 CRYPT_ERRTYPE_TYPE *errorType ); 643 #endif /* USE_CERTLEVEL_PKIX_FULL */ 644 #ifdef USE_CERTLEVEL_PKIX_PARTIAL 645 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4 ) ) \ 646 int checkPathConstraints( const CERT_INFO *subjectCertInfoPtr, 647 IN_LENGTH_SHORT_Z const int pathLength, 648 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 649 CRYPT_ATTRIBUTE_TYPE *errorLocus, 650 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 651 CRYPT_ERRTYPE_TYPE *errorType ); 652 #endif /* USE_CERTLEVEL_PKIX_PARTIAL */ 653 654 /* Sign/sig check a certificate */ 655 656 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 657 int signCert( INOUT CERT_INFO *certInfoPtr, 658 IN_HANDLE_OPT const CRYPT_CONTEXT iSignContext ); 659 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 660 int checkCertValidity( INOUT CERT_INFO *certInfoPtr, 661 IN_HANDLE_OPT const CRYPT_HANDLE iSigCheckObject ); 662 663 /**************************************************************************** 664 * * 665 * Certificate Chain Functions * 666 * * 667 ****************************************************************************/ 668 669 /* Read/write/copy a certificate chain */ 670 671 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 672 int readCertChain( INOUT STREAM *stream, 673 OUT_HANDLE_OPT CRYPT_CERTIFICATE *iCryptCert, 674 IN_HANDLE const CRYPT_USER iCryptOwner, 675 IN_ENUM( CRYPT_CERTTYPE ) const CRYPT_CERTTYPE_TYPE type, 676 IN_KEYID_OPT const CRYPT_KEYID_TYPE keyIDtype, 677 IN_BUFFER_OPT( keyIDlength ) const void *keyID, 678 IN_LENGTH_KEYID_Z const int keyIDlength, 679 IN_FLAGS( KEYMGMT ) const int options ); 680 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 681 int writeCertChain( INOUT STREAM *stream, 682 const CERT_INFO *certInfoPtr ); 683 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 684 int copyCertChain( INOUT CERT_INFO *certInfoPtr, 685 IN_HANDLE const CRYPT_HANDLE certChain, 686 const BOOLEAN isCertCollection ); 687 688 /* Read/write certificate collections in assorted formats */ 689 690 CHECK_RETVAL_LENGTH STDC_NONNULL_ARG( ( 1 ) ) \ 691 int sizeofCertCollection( const CERT_INFO *certInfoPtr, 692 IN_ENUM( CRYPT_CERTFORMAT ) \ 693 const CRYPT_CERTFORMAT_TYPE certFormatType ); 694 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 695 int writeCertCollection( INOUT STREAM *stream, 696 const CERT_INFO *certInfoPtr, 697 IN_ENUM( CRYPT_CERTFORMAT ) \ 698 const CRYPT_CERTFORMAT_TYPE certFormatType ); 699 700 /* Assemble a certificate chain from certificates read from an object */ 701 702 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 4 ) ) \ 703 int assembleCertChain( OUT CRYPT_CERTIFICATE *iCertificate, 704 IN_HANDLE const CRYPT_HANDLE iCertSource, 705 IN_KEYID const CRYPT_KEYID_TYPE keyIDtype, 706 IN_BUFFER( keyIDlength ) const void *keyID, 707 IN_LENGTH_KEYID const int keyIDlength, 708 IN_FLAGS( KEYMGMT ) const int options ); 709 710 /**************************************************************************** 711 * * 712 * Certificate Functions * 713 * * 714 ****************************************************************************/ 715 716 /* Create a certificate object ready for further initialisation */ 717 718 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 719 int createCertificateInfo( OUT_PTR_COND CERT_INFO **certInfoPtrPtr, 720 IN_HANDLE const CRYPT_USER iCryptOwner, 721 IN_ENUM( CRYPT_CERTTYPE ) \ 722 const CRYPT_CERTTYPE_TYPE certType ); 723 724 /* Add/get/delete a certificate component */ 725 726 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 727 int addCertComponent( INOUT CERT_INFO *certInfoPtr, 728 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType, 729 const int certInfo ); 730 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \ 731 int addCertComponentString( INOUT CERT_INFO *certInfoPtr, 732 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType, 733 IN_BUFFER( certInfoLength ) const void *certInfo, 734 IN_LENGTH_SHORT const int certInfoLength ); 735 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \ 736 int getCertComponent( INOUT CERT_INFO *certInfoPtr, 737 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType, 738 OUT_INT_Z int *certInfo ); 739 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 5 ) ) \ 740 int getCertComponentString( INOUT CERT_INFO *certInfoPtr, 741 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType, 742 OUT_BUFFER_OPT( certInfoMaxLength, \ 743 *certInfoLength ) void *certInfo, 744 IN_LENGTH_SHORT_Z const int certInfoMaxLength, 745 OUT_LENGTH_BOUNDED_Z( certInfoMaxLength ) \ 746 int *certInfoLength ); 747 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 748 int deleteCertComponent( INOUT CERT_INFO *certInfoPtr, 749 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType ); 750 751 /* Manage certificate attribute cursors */ 752 753 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 754 int setCertificateCursor( INOUT CERT_INFO *certInfoPtr, 755 IN_RANGE( CRYPT_CURSOR_LAST, \ 756 CRYPT_CURSOR_FIRST ) /* Values are -ve */ 757 const int cursorMoveType ); 758 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 759 int setAttributeCursor( INOUT CERT_INFO *certInfoPtr, 760 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType, 761 IN const int value ); 762 763 /* Import/export a certificate */ 764 765 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \ 766 int importCert( IN_BUFFER( certObjectLength ) const void *certObject, 767 IN_DATALENGTH const int certObjectLength, 768 OUT_HANDLE_OPT CRYPT_CERTIFICATE *certificate, 769 IN_HANDLE const CRYPT_USER iCryptOwner, 770 IN_KEYID_OPT const CRYPT_KEYID_TYPE keyIDtype, 771 IN_BUFFER_OPT( keyIDlength ) const void *keyID, 772 IN_LENGTH_KEYID_Z const int keyIDlength, 773 IN_FLAGS_Z( KEYMGMT ) const int options, 774 IN_ENUM_OPT( CRYPT_CERTTYPE ) \ 775 const CRYPT_CERTTYPE_TYPE formatHint ); 776 CHECK_RETVAL STDC_NONNULL_ARG( ( 3, 5 ) ) \ 777 int exportCert( OUT_BUFFER_OPT( certObjectMaxLength, *certObjectLength ) \ 778 void *certObject, 779 IN_DATALENGTH_Z const int certObjectMaxLength, 780 OUT_DATALENGTH_Z int *certObjectLength, 781 IN_ENUM( CRYPT_CERTFORMAT ) \ 782 const CRYPT_CERTFORMAT_TYPE certFormatType, 783 const CERT_INFO *certInfoPtr ); 784 785 /* Oddball routines: work with a certificate's serial number */ 786 787 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 788 int setSerialNumber( INOUT CERT_INFO *certInfoPtr, 789 IN_BUFFER_OPT( serialNumberLength ) const void *serialNumber, 790 IN_LENGTH_SHORT_Z const int serialNumberLength ); 791 CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1, 3 ) ) \ 792 BOOLEAN compareSerialNumber( IN_BUFFER( canonSerialNumberLength ) \ 793 const void *canonSerialNumber, 794 IN_LENGTH_SHORT const int canonSerialNumberLength, 795 IN_BUFFER( serialNumberLength ) \ 796 const void *serialNumber, 797 IN_LENGTH_SHORT const int serialNumberLength ); 798 799 /**************************************************************************** 800 * * 801 * Miscellaneous Functions * 802 * * 803 ****************************************************************************/ 804 805 /* Convert a text-form OID to its binary form */ 806 807 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 5 ) ) \ 808 int textToOID( IN_BUFFER( textOidLength ) const char *textOID, 809 IN_LENGTH_TEXT const int textOidLength, 810 OUT_BUFFER( binaryOidMaxLen, *binaryOidLen ) BYTE *binaryOID, 811 IN_LENGTH_SHORT const int binaryOidMaxLen, 812 OUT_LENGTH_BOUNDED_Z( binaryOidMaxLen ) \ 813 int *binaryOidLen ); 814 815 /* Check that a text string contains valid characters for its string type. 816 This is used in non-DN strings where we can't avoid the problem by varying 817 the string type based on the characters being used */ 818 819 CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1 ) ) \ 820 BOOLEAN checkTextStringData( IN_BUFFER( stringLen ) const char *string, 821 IN_LENGTH_SHORT const int stringLen, 822 const BOOLEAN isPrintableString ); 823 824 /* Prototypes for functions in certext.c */ 825 826 CHECK_RETVAL_BOOL \ 827 BOOLEAN isValidField( IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE fieldID, 828 IN_ENUM( CRYPT_CERTTYPE ) \ 829 const CRYPT_CERTTYPE_TYPE certType ); 830 831 /* Prototypes for functions in certschk.c */ 832 833 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 8, 9 ) ) \ 834 int checkCertDetails( INOUT CERT_INFO *subjectCertInfoPtr, 835 INOUT_OPT CERT_INFO *issuerCertInfoPtr, 836 IN_HANDLE_OPT const CRYPT_CONTEXT iIssuerPubKey, 837 IN_OPT const X509SIG_FORMATINFO *formatInfo, 838 const BOOLEAN trustAnchorCheck, 839 const BOOLEAN shortCircuitCheck, 840 const BOOLEAN basicCheckDone, 841 OUT_ENUM_OPT( CRYPT_ATTRIBUTE ) \ 842 CRYPT_ATTRIBUTE_TYPE *errorLocus, 843 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 844 CRYPT_ERRTYPE_TYPE *errorType ); 845 846 /* Prototypes for functions in comp_cert.c */ 847 848 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 849 int copyPublicKeyInfo( INOUT CERT_INFO *certInfoPtr, 850 IN_HANDLE_OPT const CRYPT_HANDLE cryptHandle, 851 IN_OPT const CERT_INFO *srcCertInfoPtr ); 852 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 853 int copyCertObject( INOUT CERT_INFO *certInfoPtr, 854 IN_HANDLE const CRYPT_CERTIFICATE addedCert, 855 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType, 856 IN const int certInfo ); 857 858 /* Prototypes for functions in comp_get.c */ 859 860 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \ 861 time_t *getRevocationTimePtr( const CERT_INFO *certInfoPtr ); 862 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \ 863 ATTRIBUTE_PTR *findAttributeComponent( const CERT_INFO *certInfoPtr, 864 IN_ATTRIBUTE \ 865 const CRYPT_ATTRIBUTE_TYPE certInfoType ); 866 867 /* Prototypes for functions in comp_pkiu.c */ 868 869 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 870 int copyPkiUserToCertReq( INOUT CERT_INFO *certInfoPtr, 871 INOUT CERT_INFO *pkiUserInfoPtr ); 872 873 /* Prototypes for functions in dn.c */ 874 875 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 876 int convertEmail( INOUT CERT_INFO *certInfoPtr, 877 INOUT DN_PTR **dnComponentListPtrPtr, 878 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE altNameType ); 879 880 /* Prototypes for functions in ext.c */ 881 882 CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 883 BOOLEAN compareAttribute( const ATTRIBUTE_PTR *attributeField1, 884 const ATTRIBUTE_PTR *attributeField2 ); 885 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 886 int fixAttributes( INOUT CERT_INFO *certInfoPtr ); 887 888 /* Prototypes for functions in ext_def.c */ 889 890 CHECK_RETVAL_BOOL \ 891 BOOLEAN checkExtensionTables( void ); 892 893 /* Prototypes for functions in imp_chk.c */ 894 895 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) ) \ 896 int getCertObjectInfo( INOUT STREAM *stream, 897 OUT_LENGTH_SHORT_Z int *objectOffset, 898 OUT_DATALENGTH_Z int *objectLength, 899 OUT_ENUM_OPT( CRYPT_CERTTYPE ) \ 900 CRYPT_CERTTYPE_TYPE *objectType, 901 IN_ENUM( CRYPT_CERTTYPE ) \ 902 const CRYPT_CERTTYPE_TYPE formatHint ); 903 904 /* Prototypes for functions in write_pre.c */ 905 906 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 907 int preEncodeCertificate( INOUT CERT_INFO *subjectCertInfoPtr, 908 IN_OPT const CERT_INFO *issuerCertInfoPtr, 909 IN_FLAGS( PRE_SET ) const int actions ); 910 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 911 int preCheckCertificate( INOUT CERT_INFO *subjectCertInfoPtr, 912 IN_OPT const CERT_INFO *issuerCertInfoPtr, 913 IN_FLAGS( PRE_CHECK ) const int actions, 914 IN_FLAGS_Z( PRE ) const int flags ); 915 916 #endif /* _CERTFN_DEFINED */ 917