diff options
| author | wyllys <none@none> | 2008-02-20 16:42:06 -0800 |
|---|---|---|
| committer | wyllys <none@none> | 2008-02-20 16:42:06 -0800 |
| commit | d00756ccb34596a328f8a15d1965da5412d366d0 (patch) | |
| tree | 7e086e15d7f37b4820231342edb72fb6b7e60a09 /usr/src/lib/libkmf/include/kmfapi.h | |
| parent | f243d98a5f37cb011837c5ac9230d51aa966c997 (diff) | |
| download | illumos-gate-d00756ccb34596a328f8a15d1965da5412d366d0.tar.gz | |
PSARC 2008/037 new EKU support for pktool and kmfcfg
6648052 pktool(1) could allow certificate signing and verification
6652751 kmf_get_kmf_error_str() doesn't know about KMF_ERR_ATTR_NOT_FOUND
6654080 kmf_verify_data() should use algorithm from the cert if KMF_ALGORITHM_INDEX_ATTR is missing
6654205 kmf_find_prikey_by_cert() should be public
6654910 kmf_validate_cert() won't get over non-existent x509v3 extensions in TA
6660235 Command summary on pktool help should be localizable.
6660622 KMF needs API to determine format of raw data
Diffstat (limited to 'usr/src/lib/libkmf/include/kmfapi.h')
| -rw-r--r-- | usr/src/lib/libkmf/include/kmfapi.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/usr/src/lib/libkmf/include/kmfapi.h b/usr/src/lib/libkmf/include/kmfapi.h index 85a54175ca..4618b548ab 100644 --- a/usr/src/lib/libkmf/include/kmfapi.h +++ b/usr/src/lib/libkmf/include/kmfapi.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * @@ -87,6 +87,7 @@ extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT, extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int, unsigned int, char *, KMF_ENCODE_FORMAT *); +extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *); extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *); @@ -128,8 +129,11 @@ extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX); extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *, int, KMF_GENERALNAMECHOICES); extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t); +extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *); +extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *, KMF_KEY_HANDLE *, KMF_DATA *); +extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int); /* * GetCert operations. @@ -283,6 +287,7 @@ extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *); extern char *kmf_oid_to_string(KMF_OID *); extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *); extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *); +extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *); extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *); extern uint32_t kmf_string_to_ku(char *); extern char *kmf_ku_to_string(uint32_t); @@ -292,6 +297,9 @@ extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **, extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *, KMF_KEYSTORE_TYPE *, char **); +extern KMF_OID *kmf_ekuname_to_oid(char *); +extern char *kmf_oid_to_ekuname(KMF_OID *); + #define KMF_CompareRDNs kmf_compare_rdns /* |