NAME
CSSM_TP_CertGroupVerify — Determine if a certificate is trusted (CDSA)
SYNOPSIS
# include <cssm.h>
API:
CSSM_RETURN CSSMAPI CSSM_TP_CertGroupVerify
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle,
const CSSM_CERTGROUP *CertGroupToBeVerified,
const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult)
SPI:
CSSM_RETURN CSSMTPI TP_CertGroupVerify
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle,
const CSSM_CERTGROUP *CertGroupToBeVerified,
const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult) |
LIBRARY
Common Security Services Manager library (cdsa$incssm300_shr.exe)
PARAMETERS
| TPHandle (input) | | The handle that describes the add-in trust policy
module used to perform this function. |
| CLHandle (input/optional) |
| | | The handle that describes the add-in certificate
library module that can be used to manipulate the subject certificate
and anchor certificates. If no certificate library module is specified,
the TP module uses an assumed CL module, if required. |
| CSPHandle (input/optional) |
| | | The handle that describes the add-in Cryptographic
Service Provider module that can be used to perform the cryptographic
operations required to carry out the verification. If no CSP handle
is specified, the TP module allocates a suitable CSP. |
| CertGroupToBeVerified (input) |
| | | A group of one or more certificates to be verified.
The first certificate in the group is the primary target certificate
for verification. Use of the subsequent certificates during the verification
process is specific to the trust domain. |
| VerifyContext (input/optional) |
| | | A structure containing credentials, policy information,
and contextual information to be used in the verification process.
All of the input values in the context are optional except Action.
The service provider can define default values or can attempt to
operate without input for all the other fields of this input structure.
The operation can fail if a necessary input value is omitted and
the service module can not define an appropriate default value. |
| VerifyContextResult (output/optional) |
| | | A pointer to a structure containing information
generated during the verification process. The information can include: | Evidence | (output/optional) | | NumberOfEvidences | (output/optional) |
|
DESCRIPTION
This function determines whether the certificate is trusted.
The actions performed by this function differ based on the trust
policy domain. The factors include practices, procedures and policies
defined by the certificate issuer.
Typically certificate verification involves the verification
of multiple certificates. The first certificate in the group is
the target of the verification process. The other certificates in
the group are used in the verification process to connect the target
certificate with one or more anchors of trust. The supporting certificates
can be contained in the provided certificate group or can be stored
in the data stores specified in the VerifyContext DBList.
This allows the trust policy module to construct a certificate group
and perform verification in one operation. The data stores specified
by DBList can also contain certificate revocation lists used in
the verification process. It is also possible to provide a data
store of anchor certificates. Typically the points of Trust are
few in number and are embedded in the caller or in the TPM during
software manufacturing or at runtime
The caller can select to be notified incrementally as each
certificate is verified. The CallbackWithVerifiedCert parameter
(in the VerifyContext) can specify a caller function
to be invoked at the end of each certificate verification, returning
the verified certificate for use by the caller.
Anchor certificates are a list of implicitly trusted certificates.
These include root certificates, cross certified certificates, and
locally defined sources of trust. These certificates form the basis
to determine trust in the subject certificate.
A policy identifier can specify an additional set of conditions
that must be satisfied by the subject certificate in order to meet
the trust criteria. The name space for policy identifiers is defined
by the application domains to which the policy applies. This is
outside of CSSM. A list of policy identifiers can be specified and
the stopping condition for evaluating that set of conditions.
The evaluation and verification process can produce a list
of evidence. The evidence can be selected values from the certificates
examined in the verification process, entire certificates from the
process or other pertinent information that forms an audit trail
of the verification process. This evidence is returned to the caller
after all steps in the verification process have been completed.
If verification succeeds, the trust policy module may carry
out the action on the specified data or may return approval for
the action requiring the caller to perform the action. The caller
must consult TP module documentation outside of this specification
to determine all module-specific side effects of this operation.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular
error condition. The value CSSM_OK indicates success. All other
values represent an error condition.
ERRORS
Errors are described in the CDSA Technical Standard.
 |
CSSMERR_TP_INVALID_CL_HANDLE
CSSMERR_TP_INVALID_CSP_HANDLE
CSSMERR_TP_INVALID_CERTGROUP_POINTER
CSSMERR_TP_INVALID_CERTGROUP
CSSMERR_TP_INVALID_CERTIFICATE
CSSMERR_TP_INVALID_ACTION
CSSMERR_TP_INVALID_ACTION_DATA
CSSMERR_TP_VERIFY_ACTION_FAILED
CSSMERR_TP_INVALID_CRLGROUP_POINTER
CSSMERR_TP_INVALID_CRLGROUP
CSSMERR_TP_INVALID_CRL_AUTHORITY
CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
CSSMERR_TP_INVALID_TIMESTRING
CSSMERR_TP_INVALID_STOP_ON_POLICY
CSSMERR_TP_INVALID_CALLBACK
CSSMERR_TP_INVALID_ANCHOR_CERT
CSSMERR_TP_CERTGROUP_INCOMPLETE
CSSMERR_TP_INVALID_DL_HANDLE
CSSMERR_TP_INVALID_DB_HANDLE
CSSMERR_TP_INVALID_DB_LIST_POINTER
CSSMERR_TP_INVALID_DB_LIST
CSSMERR_TP_AUTHENTICATION_FAILED
CSSMERR_TP_INSUFFICIENT_CREDENTIALS
CSSMERR_TP_NOT_TRUSTED
CSSMERR_TP_CERT_REVOKED
CSSMERR_TP_CERT_SUSPENDED
CSSMERR_TP_CERT_EXPIRED
CSSMERR_TP_CERT_NOT_VALID_YET
CSSMERR_TP_INVALID_CERT_AUTHORITY
CSSMERR_TP_INVALID_SIGNATURE
CSSMERR_TP_INVALID_NAME |
SEE ALSO
Books
Intel CDSA Application Developer's Guide
