Top |
The pskc_key_t structure hold data for one key package in a
high-level PSKC pskc_t structure. The pskc_get_keypackage()
and
pskc_add_keypackage()
functions can be used to get a pskc_key_t
handle, which is always related to one pskc_t structure. This
section describes all the functions that are used to access and
modify information stored in pskc_key_t PSKC key packages.
const char *
pskc_get_device_manufacturer (pskc_key_t *key
);
Get the PSKC KeyPackage DeviceInfo Manufacturer value. This element indicates the manufacturer of the device.
void pskc_set_device_manufacturer (pskc_key_t *key
,const char *devmfr
);
Set the PSKC KeyPackage DeviceInfo Manufacturer value. This element indicates the manufacturer of the device.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle from, e.g., |
|
devmfr |
string with device manufacturer name to set. |
Since 2.2.0
const char *
pskc_get_device_serialno (pskc_key_t *key
);
Get the PSKC KeyPackage DeviceInfo SerialNo value. This element contains the serial number of the device.
void pskc_set_device_serialno (pskc_key_t *key
,const char *serialno
);
Set the PSKC KeyPackage DeviceInfo SerialNo value. This element indicates the serial number of the device.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle from, e.g., |
|
serialno |
string with serial number to set. |
Since 2.2.0
const char *
pskc_get_device_model (pskc_key_t *key
);
Get the PSKC KeyPackage DeviceInfo Model value. This element describes the model of the device (e.g., "one-button-HOTP-token-V1").
void pskc_set_device_model (pskc_key_t *key
,const char *model
);
Set the PSKC KeyPackage DeviceInfo Model value. This element describes the model of the device (e.g., "one-button-HOTP-token-V1").
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle from, e.g., |
|
model |
a string with model name to set. |
Since 2.2.0
const char *
pskc_get_device_issueno (pskc_key_t *key
);
Get the PSKC KeyPackage DeviceInfo IssueNo value. This element contains the issue number in case there are devices with the same serial number so that they can be distinguished by different issue numbers.
void pskc_set_device_issueno (pskc_key_t *key
,const char *issueno
);
Set the PSKC KeyPackage DeviceInfo IssueNo value. This element contains the issue number in case there are devices with the same serial number so that they can be distinguished by different issue numbers.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle from, e.g., |
|
issueno |
a string with issue number to set. |
Since 2.2.0
const char *
pskc_get_device_devicebinding (pskc_key_t *key
);
Get the PSKC KeyPackage DeviceInfo DeviceBinding value. This element allows a provisioning server to ensure that the key is going to be loaded into the device for which the key provisioning request was approved. The device is bound to the request using a device identifier, e.g., an International Mobile Equipment Identity (IMEI) for the phone, or an identifier for a class of identifiers, e.g., those for which the keys are protected by a Trusted Platform Module (TPM).
void pskc_set_device_devicebinding (pskc_key_t *key
,const char *devbind
);
Set the PSKC KeyPackage DeviceInfo DeviceBinding value. This element allows a provisioning server to ensure that the key is going to be loaded into the device for which the key provisioning request was approved. The device is bound to the request using a device identifier, e.g., an International Mobile Equipment Identity (IMEI) for the phone, or an identifier for a class of identifiers, e.g., those for which the keys are protected by a Trusted Platform Module (TPM).
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
devbind |
a string with device binding to set. |
Since 2.2.0
const struct tm *
pskc_get_device_startdate (pskc_key_t *key
);
Get the PSKC KeyPackage DeviceInfo StartDate. This element denote the start date of a device (such as the one on a payment card, used when issue numbers are not printed on cards).
void pskc_set_device_startdate (pskc_key_t *key
,const struct tm *startdate
);
Set the PSKC KeyPackage DeviceInfo StartDate. This element denote the start date of a device (such as the one on a payment card, used when issue numbers are not printed on cards).
key |
a pskc_key_t handle, from |
|
startdate |
pointer to a tm struct with device starting date to set. |
Since 2.2.0
const struct tm *
pskc_get_device_expirydate (pskc_key_t *key
);
Get the PSKC KeyPackage DeviceInfo ExpiryDate. This element denote the end date of a device (such as the one on a payment card, used when issue numbers are not printed on cards).
void pskc_set_device_expirydate (pskc_key_t *key
,const struct tm *expirydate
);
Set the PSKC KeyPackage DeviceInfo ExpiryDate. This element denote the end date of a device (such as the one on a payment card, used when issue numbers are not printed on cards).
key |
a pskc_key_t handle, from |
|
expirydate |
pointer to a tm struct with device expiry date to set. |
Since 2.2.0
const char *
pskc_get_device_userid (pskc_key_t *key
);
Get the PSKC KeyPackage DeviceInfo Userid value. This indicates the user with whom the device is associated.
void pskc_set_device_userid (pskc_key_t *key
,const char *userid
);
Set the PSKC KeyPackage DeviceInfo Userid value. This indicates the user with whom the device is associated.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
userid |
a string with user identity to set. |
Since 2.2.0
const char *
pskc_get_cryptomodule_id (pskc_key_t *key
);
Get the PSKC KeyPackage CryptoModule Id value. This element carries a unique identifier for the CryptoModule and is implementation specific. As such, it helps to identify a specific CryptoModule to which the key is being or was provisioned.
void pskc_set_cryptomodule_id (pskc_key_t *key
,const char *cid
);
Set the PSKC KeyPackage CryptoModule Id value. This element carries a unique identifier for the CryptoModule and is implementation specific. As such, it helps to identify a specific CryptoModule to which the key is being or was provisioned.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
Since 2.2.0
const char *
pskc_get_key_id (pskc_key_t *key
);
Get the PSKC KeyPackage Key Id attribute value. It is a syntax error for this attribute to not be available.
void pskc_set_key_id (pskc_key_t *key
,const char *keyid
);
Set the PSKC KeyPackage Key Id attribute value. It is a syntax error for this attribute to not be available.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
keyid |
the key identity string to set. |
Since 2.2.0
const char *
pskc_get_key_algorithm (pskc_key_t *key
);
Get the PSKC KeyPackage Key Algorithm attribute value. This may be an URN, for example "urn:ietf:params:xml:ns:keyprov:pskc:hotp".
void pskc_set_key_algorithm (pskc_key_t *key
,const char *keyalg
);
Set the PSKC KeyPackage Key Algorithm attribute value. This may be an URN, for example "urn:ietf:params:xml:ns:keyprov:pskc:hotp".
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
keyalg |
the key algorithm string to set. |
Since 2.2.0
const char *
pskc_get_key_issuer (pskc_key_t *key
);
Get the PSKC KeyPackage Key Issuer value.
void pskc_set_key_issuer (pskc_key_t *key
,const char *keyissuer
);
Set the PSKC KeyPackage Key Issuer value.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
keyissuer |
a key issuer string to set. |
Since 2.2.0
const char *
pskc_get_key_algparm_suite (pskc_key_t *key
);
Get the PSKC KeyPackage Key AlgorithmParameters Suite value.
void pskc_set_key_algparm_suite (pskc_key_t *key
,const char *keyalgparmsuite
);
Set the PSKC KeyPackage Key AlgorithmParameters Suite value.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
keyalgparmsuite |
the key algorithm parameter suite string to set. |
Since 2.2.0
pskc_valueformat pskc_get_key_algparm_chall_encoding (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key AlgorithmParameters ChallengeFormat Encoding value. This attribute defines the encoding of the challenge accepted by the device.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_algparm_chall_encoding (pskc_key_t *key
,pskc_valueformat vf
);
Set the PSKC KeyPackage Key AlgorithmParameters ChallengeFormat Encoding value. This attribute defines the encoding of the challenge accepted by the device.
key |
a pskc_key_t handle, from |
|
vf |
the pskc_valueformat encoding type to set. |
Since 2.2.0
uint32_t pskc_get_key_algparm_chall_min (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key AlgorithmParameters ChallengeFormat Min value. This attribute defines the minimum size of the challenge accepted by the device for CR mode and MUST be included. If the 'Encoding' attribute is set to 'DECIMAL', 'HEXADECIMAL', or 'ALPHANUMERIC', this value indicates the minimum number of digits/characters. If the 'Encoding' attribute is set to 'BASE64' or 'BINARY', this value indicates the minimum number of bytes of the unencoded value.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_algparm_chall_min (pskc_key_t *key
,uint32_t challmin
);
Set the PSKC KeyPackage Key AlgorithmParameters ChallengeFormat Min value. This attribute defines the minimum size of the challenge accepted by the device for CR mode and MUST be included. If the 'Encoding' attribute is set to 'DECIMAL', 'HEXADECIMAL', or 'ALPHANUMERIC', this value indicates the minimum number of digits/characters. If the 'Encoding' attribute is set to 'BASE64' or 'BINARY', this value indicates the minimum number of bytes of the unencoded value.
key |
a pskc_key_t handle, from |
|
challmin |
the minimum challenge length to set. |
Since 2.2.0
uint32_t pskc_get_key_algparm_chall_max (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key AlgorithmParameters ChallengeFormat Max value. This attribute defines the maximum size of the challenge accepted by the device for CR mode and MUST be included. If the 'Encoding' attribute is set to 'DECIMAL', 'HEXADECIMAL', or 'ALPHANUMERIC', this value indicates the maximum number of digits/characters. If the 'Encoding' attribute is set to 'BASE64' or 'BINARY', this value indicates the maximum number of bytes of the unencoded value.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_algparm_chall_max (pskc_key_t *key
,uint32_t challmax
);
Set the PSKC KeyPackage Key AlgorithmParameters ChallengeFormat Max value. This attribute defines the maximum size of the challenge accepted by the device for CR mode and MUST be included. If the 'Encoding' attribute is set to 'DECIMAL', 'HEXADECIMAL', or 'ALPHANUMERIC', this value indicates the maximum number of digits/characters. If the 'Encoding' attribute is set to 'BASE64' or 'BINARY', this value indicates the maximum number of bytes of the unencoded value.
key |
a pskc_key_t handle, from |
|
challmax |
the maximum challenge length to set. |
Since 2.2.0
int pskc_get_key_algparm_chall_checkdigits (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key AlgorithmParameters ChallengeFormat CheckDigits value. This attribute indicates whether a device needs to check the appended Luhn check digit, as defined in [ISOIEC7812], contained in a challenge. This is only valid if the 'Encoding' attribute is set to 'DECIMAL'. A value of TRUE indicates that the device will check the appended Luhn check digit in a provided challenge. A value of FALSE indicates that the device will not check the appended Luhn check digit in the challenge.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_algparm_chall_checkdigits (pskc_key_t *key
,int checkdigit
);
Set the PSKC KeyPackage Key AlgorithmParameters ChallengeFormat CheckDigits value. This attribute indicates whether a device needs to check the appended Luhn check digit, as defined in [ISOIEC7812], contained in a challenge. This is only valid if the 'Encoding' attribute is set to 'DECIMAL'. A value of TRUE indicates that the device will check the appended Luhn check digit in a provided challenge. A value of FALSE indicates that the device will not check the appended Luhn check digit in the challenge.
key |
a pskc_key_t handle, from |
|
checkdigit |
non-zero to indicate setting true CheckDigit, 0 otherwise. |
Since 2.2.0
pskc_valueformat pskc_get_key_algparm_resp_encoding (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key AlgorithmParameters ResponseFormat Encoding value. This attribute defines the encoding of the response generated by the device, it MUST be included.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_algparm_resp_encoding (pskc_key_t *key
,pskc_valueformat vf
);
Set the PSKC KeyPackage Key AlgorithmParameters ResponseFormat Encoding value. This attribute defines the encoding of the response generated by the device, it MUST be included.
key |
a pskc_key_t handle, from |
|
vf |
the pskc_valueformat encoding type to set. |
Since 2.2.0
uint32_t pskc_get_key_algparm_resp_length (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key AlgorithmParameters ResponseFormat Length value. This attribute defines the length of the response generated by the device and MUST be included. If the 'Encoding' attribute is set to 'DECIMAL', 'HEXADECIMAL', or ALPHANUMERIC, this value indicates the number of digits/characters. If the 'Encoding' attribute is set to 'BASE64' or 'BINARY', this value indicates the number of bytes of the unencoded value.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_algparm_resp_length (pskc_key_t *key
,uint32_t length
);
Set the PSKC KeyPackage Key AlgorithmParameters ResponseFormat Length value. This attribute defines the length of the response generated by the device and MUST be included. If the 'Encoding' attribute is set to 'DECIMAL', 'HEXADECIMAL', or ALPHANUMERIC, this value indicates the number of digits/characters. If the 'Encoding' attribute is set to 'BASE64' or 'BINARY', this value indicates the number of bytes of the unencoded value.
Since 2.2.0
int pskc_get_key_algparm_resp_checkdigits (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key AlgorithmParameters ResponseFormat CheckDigits value. This attribute indicates whether the device needs to append a Luhn check digit, as defined in [ISOIEC7812], to the response. This is only valid if the 'Encoding' attribute is set to 'DECIMAL'. If the value is TRUE, then the device will append a Luhn check digit to the response. If the value is FALSE, then the device will not append a Luhn check digit to the response.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_algparm_resp_checkdigits (pskc_key_t *key
,int checkdigit
);
Set the PSKC KeyPackage Key AlgorithmParameters ResponseFormat CheckDigits value. This attribute indicates whether the device needs to append a Luhn check digit, as defined in [ISOIEC7812], to the response. This is only valid if the 'Encoding' attribute is set to 'DECIMAL'. If the value is TRUE, then the device will append a Luhn check digit to the response. If the value is FALSE, then the device will not append a Luhn check digit to the response.
key |
a pskc_key_t handle, from |
|
checkdigit |
non-zero to indicate setting true CheckDigit, 0 otherwise. |
Since 2.2.0
const char *
pskc_get_key_profileid (pskc_key_t *key
);
Get the PSKC KeyPackage Key KeyProfileId value.
void pskc_set_key_profileid (pskc_key_t *key
,const char *profileid
);
Set the PSKC KeyPackage Key KeyProfileId value.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
profileid |
pointer to profileid string to set. |
Since 2.2.0
const char *
pskc_get_key_reference (pskc_key_t *key
);
Get the PSKC KeyPackage Key KeyReference value.
void pskc_set_key_reference (pskc_key_t *key
,const char *keyref
);
Set the PSKC KeyPackage Key KeyReference value.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
keyref |
pointer to key reference string to set. |
Since 2.2.0
const char *
pskc_get_key_friendlyname (pskc_key_t *key
);
Get the PSKC KeyPackage Key Friendlyname value.
void pskc_set_key_friendlyname (pskc_key_t *key
,const char *fname
);
Set the PSKC KeyPackage Key Friendlyname value.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
fname |
pointer to friendly name string to set. |
Since 2.2.0
const char *
pskc_get_key_userid (pskc_key_t *key
);
Get the PSKC KeyPackage Key Userid value.
void pskc_set_key_userid (pskc_key_t *key
,const char *keyuserid
);
Set the PSKC KeyPackage Key Userid value.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
key |
a pskc_key_t handle, from |
|
keyuserid |
pointer to key userid string to set. |
Since 2.2.0
const char * pskc_get_key_data_secret (pskc_key_t *key
,size_t *len
);
Get the PSKC KeyPackage Key Data Secret value. If len
is not set,
the caller can only use the returned value for comparison against
NULL to check whether the field is present or not.
key |
a pskc_key_t handle, from |
|
len |
pointer to output variable with length of returned data. |
int pskc_set_key_data_secret (pskc_key_t *key
,const char *data
,size_t len
);
Set the PSKC KeyPackage Key Data Secret value. The data
data is
copied into the key
handle, so you may modify or deallocate the
data
pointer after calling this function. The data is base64
encoded by this function. On errors, the old secret is not
modified.
key |
a pskc_key_t handle, from |
|
data |
the byte array with the key to set, of |
|
len |
length of |
PSKC_BASE64_ERROR
on base64 encoding errors,
PSKC_MALLOC_ERROR
on memory allocation errors, or PSKC_OK
on
success.
Since 2.2.0
const char *
pskc_get_key_data_b64secret (pskc_key_t *key
);
Get the PSKC KeyPackage Key Data Secret value in base64 as a zero-terminated string.
int pskc_set_key_data_b64secret (pskc_key_t *key
,const char *b64secret
);
Set the PSKC KeyPackage Key Data Secret value in base64 as a
zero-terminated string. The b64secret
data is copied into the
key
handle, so you may modify or deallocate the b64secret
pointer
after calling this function. The data is base64 decoded by this
function to verify data validity. On errors, the old secret is not
modified.
key |
a pskc_key_t handle, from |
|
b64secret |
the base64 encoded secret to set. |
PSKC_BASE64_ERROR
on base64 decoding errors,
PSKC_MALLOC_ERROR
on memory allocation errors, or PSKC_OK
on
success.
Since 2.2.0
uint64_t pskc_get_key_data_counter (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Data Counter value. This element contains the event counter for event-based OTP algorithms.
If present
is non-NULL, it will be 0 if the Counter field is not
present or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_data_counter (pskc_key_t *key
,uint64_t counter
);
Set the PSKC KeyPackage Key Data Counter value. This element contains the event counter for event-based OTP algorithms.
Since 2.2.0
uint32_t pskc_get_key_data_time (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Data Time value. This element contains the time for time-based OTP algorithms. (If time intervals are used, this element carries the number of time intervals passed from a specific start point, normally it is algorithm dependent).
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_data_time (pskc_key_t *key
,uint32_t datatime
);
Set the PSKC KeyPackage Key Data Time value. This element contains the time for time-based OTP algorithms. (If time intervals are used, this element carries the number of time intervals passed from a specific start point, normally it is algorithm dependent).
key |
a pskc_key_t handle, from |
|
datatime |
the data time value to set. |
Since 2.2.0
uint32_t pskc_get_key_data_timeinterval (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Data TimeInterval value. This element carries the time interval value for time-based OTP algorithms in seconds (a typical value for this would be 30, indicating a time interval of 30 seconds).
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_data_timeinterval (pskc_key_t *key
,uint32_t timeinterval
);
Set the PSKC KeyPackage Key Data TimeInterval value. This element carries the time interval value for time-based OTP algorithms in seconds (a typical value for this would be 30, indicating a time interval of 30 seconds).
key |
a pskc_key_t handle, from |
|
timeinterval |
time interval value to set. |
Since 2.2.0
uint32_t pskc_get_key_data_timedrift (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Data TimeDrift value. This element contains the device clock drift value for time-based OTP algorithms. The integer value (positive or negative drift) that indicates the number of time intervals that a validation server has established the device clock drifted after the last successful authentication. So, for example, if the last successful authentication established a device time value of 8 intervals from a specific start date but the validation server determines the time value at 9 intervals, the server SHOULD record the drift as -1.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_data_timedrift (pskc_key_t *key
,uint32_t timedrift
);
Set the PSKC KeyPackage Key Data TimeDrift value. This element contains the device clock drift value for time-based OTP algorithms. The integer value (positive or negative drift) that indicates the number of time intervals that a validation server has established the device clock drifted after the last successful authentication. So, for example, if the last successful authentication established a device time value of 8 intervals from a specific start date but the validation server determines the time value at 9 intervals, the server SHOULD record the drift as -1.
key |
a pskc_key_t handle, from |
|
timedrift |
the time drift value to set. |
Since 2.2.0
const struct tm *
pskc_get_key_policy_startdate (pskc_key_t *key
);
Get the PSKC KeyPackage Key Policy StartDate. This element denote the start of the validity period of a key.
void pskc_set_key_policy_startdate (pskc_key_t *key
,const struct tm *startdate
);
Set the PSKC KeyPackage Key Policy StartDate. This element denote the start of the validity period of a key.
key |
a pskc_key_t handle, from |
|
startdate |
pointer to a tm struct with key policy starting date to set. |
Since 2.2.0
const struct tm *
pskc_get_key_policy_expirydate (pskc_key_t *key
);
Get the PSKC KeyPackage Key Policy ExpiryDate. This element denote the expiry of the validity period of a key.
void pskc_set_key_policy_expirydate (pskc_key_t *key
,const struct tm *expirydate
);
Set the PSKC KeyPackage Key Policy ExpiryDate. This element denote the expiry of the validity period of a key.
key |
a pskc_key_t handle, from |
|
expirydate |
pointer to a tm struct with key policy expiry date to set. |
Since 2.2.0
const char *
pskc_get_key_policy_pinkeyid (pskc_key_t *key
);
Get the PSKC KeyPackage Key Policy PINPolicy PINKeyId value. This attribute carries the unique 'Id' attribute vale of the "Key" element held within this "KeyContainer" that contains the value of the PIN that protects the key.
void pskc_set_key_policy_pinkeyid (pskc_key_t *key
,const char *pinkeyid
);
Set the PSKC KeyPackage Key Policy PINPolicy PINKeyId value. This attribute carries the unique 'Id' attribute vale of the "Key" element held within this "KeyContainer" that contains the value of the PIN that protects the key.
The pointer is stored in container
, not a copy of the data, so you
must not deallocate the data before another call to this function
or the last call to any function using container
.
Since 2.2.0
pskc_pinusagemode pskc_get_key_policy_pinusagemode (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Policy PINPolicy PINUsageMode value. This mandatory attribute indicates the way the PIN is used during the usage of the key.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_policy_pinusagemode (pskc_key_t *key
,pskc_pinusagemode pinusagemode
);
Set the PSKC KeyPackage Key Policy PINPolicy PINUsageMode value. This mandatory attribute indicates the way the PIN is used during the usage of the key.
key |
a pskc_key_t handle, from |
|
pinusagemode |
the pskc_pinusagemode value to set |
Since 2.2.0
uint32_t pskc_get_key_policy_pinmaxfailedattempts (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Policy PINPolicy MaxFailedAttempts value. This attribute indicates the maximum number of times the PIN may be entered wrongly before it MUST NOT be possible to use the key anymore (typical reasonable values are in the positive integer range of at least 2 and no more than 10).
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_policy_pinmaxfailedattempts (pskc_key_t *key
,uint32_t attempts
);
Set the PSKC KeyPackage Key Policy PINPolicy MaxFailedAttempts value. This attribute indicates the maximum number of times the PIN may be entered wrongly before it MUST NOT be possible to use the key anymore (typical reasonable values are in the positive integer range of at least 2 and no more than 10).
Since 2.2.0
uint32_t pskc_get_key_policy_pinminlength (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Policy PINPolicy MinLength value. This attribute indicates the minimum length of a PIN that can be set to protect the associated key. It MUST NOT be possible to set a PIN shorter than this value. If the 'PINFormat' attribute is set to 'DECIMAL', 'HEXADECIMAL', or 'ALPHANUMERIC', this value indicates the number of digits/ characters. If the 'PINFormat' attribute is set to 'BASE64' or 'BINARY', this value indicates the number of bytes of the unencoded value.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_policy_pinminlength (pskc_key_t *key
,uint32_t minlength
);
Set the PSKC KeyPackage Key Policy PINPolicy MinLength value. This attribute indicates the minimum length of a PIN that can be set to protect the associated key. It MUST NOT be possible to set a PIN shorter than this value. If the 'PINFormat' attribute is set to 'DECIMAL', 'HEXADECIMAL', or 'ALPHANUMERIC', this value indicates the number of digits/ characters. If the 'PINFormat' attribute is set to 'BASE64' or 'BINARY', this value indicates the number of bytes of the unencoded value.
Since 2.2.0
uint32_t pskc_get_key_policy_pinmaxlength (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Policy PINPolicy MaxLength value. This attribute indicates the maximum length of a PIN that can be set to protect this key. It MUST NOT be possible to set a PIN longer than this value. If the 'PINFormat' attribute is set to 'DECIMAL', 'HEXADECIMAL', or 'ALPHANUMERIC', this value indicates the number of digits/ characters. If the 'PINFormat' attribute is set to 'BASE64' or 'BINARY', this value indicates the number of bytes of the unencoded value.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_policy_pinmaxlength (pskc_key_t *key
,uint32_t maxlength
);
Set the PSKC KeyPackage Key Policy PINPolicy MaxLength value. This attribute indicates the maximum length of a PIN that can be set to protect this key. It MUST NOT be possible to set a PIN longer than this value. If the 'PINFormat' attribute is set to 'DECIMAL', 'HEXADECIMAL', or 'ALPHANUMERIC', this value indicates the number of digits/ characters. If the 'PINFormat' attribute is set to 'BASE64' or 'BINARY', this value indicates the number of bytes of the unencoded value.
Since 2.2.0
pskc_valueformat pskc_get_key_policy_pinencoding (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Policy PINPolicy PINEncoding value. This attribute indicates the encoding of the PIN and MUST be one of the pskc_valueformat values.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_policy_pinencoding (pskc_key_t *key
,pskc_valueformat pinencoding
);
Set the PSKC KeyPackage Key Policy PINPolicy PINEncoding value. This attribute indicates the encoding of the PIN and MUST be one of the pskc_valueformat values.
key |
a pskc_key_t handle, from |
|
pinencoding |
the pskc_valueformat encoding to set. |
Since 2.2.0
int pskc_get_key_policy_keyusages (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Policy KeyUsage values. The element puts constraints on the intended usage of the key. The recipient of the PSKC document MUST enforce the key usage.
If present
is non-NULL, it will be 0 if the field is not present
or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_policy_keyusages (pskc_key_t *key
,int keyusages
);
Set the PSKC KeyPackage Key Policy KeyUsage values. The element puts constraints on the intended usage of the key. The recipient of the PSKC document MUST enforce the key usage.
key |
a pskc_key_t handle, from |
|
keyusages |
integer with pskc_keyusage values ORed together. |
Since 2.2.0
uint64_t pskc_get_key_policy_numberoftransactions (pskc_key_t *key
,int *present
);
Get the PSKC KeyPackage Key Policy NumberOfTransactions value. The value in this element indicates the maximum number of times a key carried within the PSKC document can be used by an application after having received it. When this element is omitted, there is no restriction regarding the number of times a key can be used.
Note that while the PSKC specification uses the XML data type "nonNegativeInteger" for this variable, this implementation restricts the size of the value to 64-bit integers.
If present
is non-NULL, it will be 0 if the Counter field is not
present or 1 if it was present.
key |
a pskc_key_t handle, from |
|
present |
output variable indicating whether data was provided or not. |
void pskc_set_key_policy_numberoftransactions (pskc_key_t *key
,uint64_t uses
);
Set the PSKC KeyPackage Key Policy NumberOfTransactions value. The value in this element indicates the maximum number of times a key carried within the PSKC document can be used by an application after having received it. When this element is omitted, there is no restriction regarding the number of times a key can be used.
Note that while the PSKC specification uses the XML data type "nonNegativeInteger" for this variable, this implementation restricts the size of the value to 64-bit integers.
key |
a pskc_key_t handle, from |
|
uses |
the number of transactions to set. |
Since 2.2.0