Deprecated functions
This appendix provides information about the deprecated API functions and specifications.
Although the deprecated functions and structures listed in this appendix are operational, they do not support the use of SHA-384 or SHA-512. The hash value size in these structures is limited to 40 bytes, which is not sufficient to support SHA-384 or SHA-512. |
TTI_EncodeTSQ
This function has been replaced by TTI_EncodeTSQ_Ex . See TTI_EncodeTSQ_Ex for more information.
Uses the information in a TTI_TSQ structure to create an encoded time-stamp request.
|
int TTI_EncodeTSQ( const TTI_TSQ * pTSQ, byte * encodedReq, size_t * encodedReqLen, TTI_TransportFormat transportFormat;
Parameters
|
[in] Points to a populated |
|
[out] Points to a buffer to receive the encoded time-stamp request. |
|
[in/out] Points to a value specifying the size, in bytes, of the |
|
[in] A flag indicating which type of additional transport encoding should be included in the request. |
Currently defined format types are:
|
Returns the encoded time-stamp request with no headers and no special encoding. |
|
Returns the encoded time-stamp request prepended with a five-byte TCP header. |
|
Returns the time-stamp request encoded as an HTTP encoded request. |
|
Reserved for future use. |
Return values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
The size indicated by |
|
An unexpected ASN error occurred.
To get the ASN error code, call |
|
|
Remarks
This function creates an encoded time-stamp request that includes the information supplied in the TTI_TSQ
structure.
The request is formatted according to version one of the PKIX Time-Stamp protocol.
This function will also encode the request for a particular transport mechanism.
At this time, two transport format options are supported: TTI_RAW
and TTI_TCP
. TTI_RAW
returns the encoded time-stamp request with no headers and no special encoding. TTI_TCP
returns the request with a five-byte TCP header prepended.
This header includes the size of the request and a flag byte set to zero (tsaMsg
).
When this function is used with the transportFormat
set to TTI_TCP
, the resulting encoded time-stamp request may be submitted directly to a TSS via a TCP socket connected to port 318 of the server.
TTI_DecodeTSQ
This function has been replaced by TTI_DecodeTSQ_Ex . See TTI_DecodeTSQ_Ex for more information.
Decodes an encoded time-stamp request and writes the information into a TTI_TSQ structure.
|
int TTI_DecodeTSQ( TTI_TSQ * pTSQ, const byte * encodedReq, size_t encodedReqLen );
Parameters
|
[out] Points to a |
|
[in] Points to a buffer that contains an encoded time-stamp request. |
|
[in] Specifies the size, in bytes, of the encoded time-stamp request. |
Return values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
Received unexpected results from an ASN function. |
|
An unexpected ASN error occurred.
To get the ASN error code, call |
TTI_GetTST_TSTInfo
This function has been replaced by TTI_GetTST_TSTInfoEx . See TTI_GetTST_TSTInfoEx for more information.
Decodes an encoded time-stamp token and writes the encapsulated TSTInfo data into a TTI_TSTInfo structure.
|
int TTI_GetTST_TSTInfo( TTI_TSTInfo * pTSTInfo, const byte * encodedToken, size_t encodedTokenLen );
Parameters
|
[out] Points to a |
|
[in] Points to a buffer that contains an encoded time-stamp token. |
|
[in] Specifies the size, in bytes, of the encoded time-stamp token. |
Return values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
Received unexpected results from an ASN function. |
|
An unexpected ASN error occurred.
To get the ASN error code, call |
TTI_GetTAC_CertInfo
This function has been replaced by TTI_GetTAC_CertInfoEx . See TTI_GetTAC_CertInfoEx for more information.
Decodes an encoded Time Attribute certificate and writes the encapsulated certificate data into a TTI_TAC_CertInfo structure.
|
int TTI_GetTAC_CertInfo( TTI_TAC_CertInfo * pTAC, const byte * certBuf, size_t certBufLen );
Parameters
|
[out] Points to a |
|
[in] Points to a buffer than contains an encoded Time Attribute certificate. |
|
[in] Specifies the size, in bytes, of the encoded Time Attribute certificate. |
Return values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
Received unexpected results from an ASN function. |
|
An unexpected ASN error occurred.
To get the ASN error code, call |
TTI_GetTAC_TimingMetrics
This function has been replaced by TTI_GetTAC_TimingMetricsEx . See TTI_GetTAC_TimingMetricsEx for more information.
Decodes an encoded Time Attribute certificate and writes the encapsulated TimingMetrics attribute data into a TTI_TimingMetrics structure.
|
int TTI_GetTAC_TimingMetrics( TTI_TimingMetrics * pTimingMetrics, const byte * certBuf, size_t certBufLen );
Parameters
|
[out] Points to a |
|
[in] Points to a buffer that contains an encoded Time Attribute certificate. |
|
[in] Specifies the size, in bytes, of the encoded Time Attribute certificate. |
Return values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
Received unexpected results from an ASN function. |
|
An unexpected ASN error occurred.
To get the ASN error code, call |
TTI_GetTST_TSACert
This function has been replaced by TTI_GetTST_TSACertEx . See TTI_GetTST_TSACertEx for more information.
Retrieves the encoded TSA certificate from an encoded time-stamp token.
|
int TTI_GetTST_TSACert( byte * certBuf, size_t * certBufLen, const byte * encodedToken, size_t encodedTokenLen );
Parameters
|
[out] Points to a buffer that receives the encoded TSA certificate. |
|
[in/out] Points to a value specifying the size, in bytes, of the |
|
[in] Points to a buffer that contains an encoded time-stamp token. |
|
[in] Specifies the size, in bytes, of the encoded time-stamp token. |
Return Values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
The size indicated by |
|
The content of the |
|
The encoded time-stamp token did not contain the signing certificate. A time-stamp token will only contain the signing certificate if the time-stamp request specified that the certificate be included. |
|
The hash of the signing certificate did not match a value stored in the signed attributes of the time-stamp token. |
Remarks
If the encoded time-stamp token contains the signing certificate, this function copies the encoded signing certificate into the supplied buffer. This function does not validate the signature on the time-stamp token. By default, this function verifies the signing certificate against the first SHA-2 hash in the ESSCertIDv2 list before the function returns. The ESSCertIDv2 provides cryptographic binding of the time-stamp token to a particular identity certificate, whereas the signature only binds the time-stamp token to the public key. If the TTI_VERIFY_ESSCERTIDV2 environment variable is set to 0, the function will instead carry out the comparable checks against the first SHA-1 hash in the ESSCertID list. Checking ESSCertIDv2 rather than ESSCertID will succeed only if the TSA is configured to include ESSCertIDv2 in the certificate as per RFC 5816.
TTI_GetTST_TimeAttributeCert
This function has been replaced by TTI_GetTST_TimeAttributeCertEx . See TTI_GetTST_TimeAttributeCertEx for more information.
Retrieves the encoded Time Attribute certificate from an encoded time-stamp token.
|
int TTI_GetTST_TimeAttributeCert( byte * certBuf, size_t * certBufLen, const byte * encodedToken, size_t encodedTokenLen );
Parameters
|
[out] Points to a buffer that receives the encoded Time Attribute Certificate. |
|
[in/out] Points to a value specifying the size, in bytes, of the buffer. When the function returns, this value contains the size, in bytes, of the encoded Time Attribute certificate. |
|
[in] Points to a buffer that contains an encoded time-stamp token. |
|
[in] Specifies the size, in bytes, of the encoded time-stamp token. |
Return Values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
The size indicated by |
|
The content of the |
|
The encoded time-stamp token did not contain the Time Attribute certificate. A time-stamp token will only contain the Time Attribute certificate if the time-stamp request specified that the certificate be included. |
|
The hash of the Time Attribute certificate did not match a value stored in the signed attributes of the time-stamp token. |
Remarks
If the encoded time-stamp token contains the Time Attribute certificate, this function copies the encoded TAC into the supplied buffer. This function verifies that the timestamp token was issued under the Time Attribute certificate before the function returns. By default, this verification is done by checking the ESSCertIDv2 list of SHA-2 hashes for the SHA-2 hash of the Time Attribute certificate. This check is necessary because the certificate list in a time-stamp token is not protected by the signature. The cryptographic binding of a time-stamp to a Time Attribute certificate is accomplished by including the SHA-2 hash of the Time Attribute certificate in the ESSCertIDv2. The ESSCertIDv2 is protected by the signature of the time-stamp token. If the TTI_VERIFY_ESSCERTIDV2 environment variable is set to 0, the function will instead carry out the comparable operations using SHA-1, checking the ESSCertID list of SHA-1 hashes for the SHA-1 hash of the Time Attribute certificate. Checking ESSCertIDv2 rather than ESSCertID will succeed only if the TSA is configured to include ESSCertIDv2 in the certificate as per RFC 5816.
TTI_CheckTAC_MatchesTST
This function has been replaced by TTI_CheckTAC_MatchesTSTEx . See TTI_CheckTAC_MatchesTSTEx for more information.
Verifies that the time-stamp token was issued under the Time Attribute certificate.
|
int TTI_CheckTAC_MatchesTST( const byte * certBuf, size_t certBufLen, const byte * encodedToken, size_t encodedTokenLen );
Parameters
|
[in] Points to a buffer that contains an encoded Time Attribute certificate. |
|
[in] Specifies the size, in bytes, of the encoded Time Attribute certificate. |
|
[in] Points to a buffer that contains an encoded time-stamp token. |
|
[in] Specifies the size, in bytes, of the encoded time-stamp token. |
Return Values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
Received unexpected results from an ASN function. |
|
An unexpected ASN error occurred. To get the ASN error code, call |
|
The hash of the Time Attribute certificate did not match a value stored in the signed attributes of the time-stamp token. |
Remarks
This function verifies that the time-stamp token was issued under the Time Attribute certificate. This function is especially useful when the time-stamp token does not contain a Time Attribute certificate and the user wants to verify that the time-stamp token was issued under a TAC that the user retrieved from a previous time-stamp or some other mechanism. By default, this verification is done by checking the ESSCertIDv2 list of SHA-2 hashes for the SHA-2 hash of the Time Attribute certificate. The cryptographic binding of a time-stamp to a Time Attribute certificate is accomplished by including the SHA-2 hash of the Time Attribute certificate in the ESSCertIDv2. The ESSCertIDv2 is protected by the signature on the time-stamp token. If the TTI_VERIFY_ESSCERTIDV2 environment variable is set to 0, the function will instead carry out the comparable checks against SHA-1 hashes in the ESSCertID list. Checking ESSCertIDv2 rather than ESSCertID will succeed only if the TSA is configured to include ESSCertIDv2 in the certificate as per RFC 5816.
TTI_VerifyTST_Signature
This function has been replaced by TTI_VerifyTST_SignatureEx . See TTI_VerifyTST_SignatureEx for more information.
Verifies the signature on an encoded time-stamp token.
|
int TTI_VerifyTST_Signature( const byte * encodedToken, size_t encodedTokenLen, const byte * tsaCert, size_t tsaCertLen );
Parameters
|
[in] Points to a buffer that contains an encoded time-stamp token. |
|
[in] Specifies the size, in bytes, of encoded time-stamp token. |
|
[in, optional] Points to a buffer that contains the TSA certificate that signed this token. If this parameter is NULL, this function attempts to verify the signature with a certificate included in the time-stamp token. |
|
[in] Specifies the size, in bytes, of the encoded certificate. |
Return Values
If this function succeeds, the return value is zero (TTI_SUCCESS
).
If this function fails, the return value is a nonzero error code.
|
|
|
|
|
The time-stamp token signature was not valid. |
|
The encoded time-stamp token did not contain the signing certificate. A time-stamp token contains the signing certificate only if the time-stamp request required that the certificate be included. |
|
The hash of the signing certificate did not match a value stored in the signed attributes of the time-stamp token. |
Remarks
This function is provided so that API users can validate the signature of a time-stamp token. However, if you have access to other PKI tools, we recommend you use those to validate the signature. Asking the API to validate its own signature is of limited value. In addition to verifying the signature on the time-stamp token, TTI_VerifyTST_Signature
verifies the cryptographic binding of the time-stamp token to a particular identity certificate using either ESSCertID or ESSCertIDv2. By default, the function achieves this by verifying the signing certificate against the first SHA-2 hash in the ESSCertIDv2 list before the function returns. If the TTI_VERIFY_ESSCERTIDV2 environment variable is set to 0, the function will instead carry out the comparable checks against the first SHA-1 hash in the ESSCertID list. Checking ESSCertIDv2 rather than ESSCertID will succeed only if the TSA is configured to include ESSCertIDv2 in the certificate as per RFC 5816.