[apple/security.git] / OSX / libsecurity_smime / lib / SecCMS.h

/*
 * Copyright (c) 2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


#ifndef libsecurity_smime_SecCMS_h
#define libsecurity_smime_SecCMS_h

#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecBase.h>
#include <Security/SecTrust.h>

extern const void * kSecCMSSignDigest;
extern const void * kSecCMSSignDetached;
extern const void * kSecCMSSignHashAlgorithm;
extern const void * kSecCMSCertChainMode;
extern const void * kSecCMSAdditionalCerts;
extern const void * kSecCMSSignedAttributes;
extern const void * kSecCMSSignDate;
extern const void * kSecCMSAllCerts;
extern const void * kSecCMSHashAgility;

extern const void * kSecCMSHashingAlgorithmSHA1;
extern const void * kSecCMSHashingAlgorithmSHA256;
extern const void * kSecCMSHashingAlgorithmSHA384;
extern const void * kSecCMSHashingAlgorithmSHA512;

extern const void * kSecCMSBulkEncryptionAlgorithm;
extern const void * kSecCMSEncryptionAlgorithmDESCBC;
extern const void * kSecCMSEncryptionAlgorithmAESCBC;

/* Return an array of certificates contained in message, if message is of the
 type SignedData and has no signers, return NULL otherwise.   Not that if
 the message is properly formed but has no certificates an empty array will
 be returned. 
 Designed to match the sec submodule implementation available for iOS
 */
CFArrayRef SecCMSCertificatesOnlyMessageCopyCertificates(CFDataRef message);

/* Create a degenerate PKCS#7 containing a cert or a CFArray of certs. */
CFDataRef SecCMSCreateCertificatesOnlyMessage(CFTypeRef cert_or_array_thereof);
CFDataRef SecCMSCreateCertificatesOnlyMessageIAP(SecCertificateRef cert);

/*!
 @function SecCMSVerifyCopyDataAndAttributes
 @abstract verify a signed data cms blob.
 @param message the cms message to be parsed
 @param detached_contents to pass detached contents (optional)
 @param policy specifies policy or array thereof should be used (optional).
 if none is passed the blob will **not** be verified and only
 the attached contents will be returned.
 @param trustref (output/optional) if specified, the trust chain built during
    verification will not be evaluated but returned to the caller to do so.
 @param attached_contents (output/optional) return a copy of the attached
 contents.
 @param signed_attributes (output/optional) return a copy of the signed
    attributes as a CFDictionary from oids (CFData) to values
    (CFArray of CFData).
 @result A result code.  See "Security Error Codes" (SecBase.h).
    errSecDecode not a CMS message we can parse,
    errSecAuthFailed bad signature, or untrusted signer if caller doesn't
    ask for trustref,
    errSecParam garbage in, garbage out.
 */
OSStatus SecCMSVerifyCopyDataAndAttributes(CFDataRef message, CFDataRef detached_contents,
                                           CFTypeRef policy, SecTrustRef *trustref,
                                           CFDataRef *attached_contents, CFDictionaryRef *signed_attributes);

/*!
 @function SecCMSVerify
 @abstract same as SecCMSVerifyCopyDataAndAttributes, for binary compatibility.
 */
OSStatus SecCMSVerify(CFDataRef message, CFDataRef detached_contents,
                      CFTypeRef policy, SecTrustRef *trustref, CFDataRef *attached_contents);

OSStatus SecCMSVerifySignedData(CFDataRef message, CFDataRef detached_contents,
                                CFTypeRef policy, SecTrustRef *trustref, CFArrayRef additional_certificates,
                                CFDataRef *attached_contents, CFDictionaryRef *message_attributes);

/*!
 @function SecCMSSignDataAndAttributes
 @abstract create a signed data cms blob.
 @param identity signer
 @param data message to be signed
 @param detached sign detached or not
 @param signed_data (output) return signed message.
 @param signed_attributes (input/optional) signed attributes to insert
 as a CFDictionary from oids (CFData) to value (CFData).
 @result A result code.  See "Security Error Codes" (SecBase.h).
 errSecParam garbage in, garbage out.
 */
OSStatus SecCMSSignDataAndAttributes(SecIdentityRef identity, CFDataRef data,
                                     bool detached, CFMutableDataRef signed_data, CFDictionaryRef signed_attributes);

/*!
 @function SecCMSSignDigestAndAttributes
 @abstract create a detached signed data cms blob for a SHA-1 hash.
 @param identity signer
 @param digest SHA-1 digest of message to be signed
 @param signed_data (output) return signed message.
 @param signed_attributes (input/optional) signed attributes to insert
 as a CFDictionary from oids (CFData) to value (CFData).
 @result A result code.  See "Security Error Codes" (SecBase.h).
 errSecParam garbage in, garbage out.
 */
OSStatus SecCMSSignDigestAndAttributes(SecIdentityRef identity, CFDataRef digest,
                                       CFMutableDataRef signed_data, CFDictionaryRef signed_attributes);

/*!
	@function SecCMSCreateSignedData
 @abstract create a signed data cms blob.
 @param identity signer
 @param data SHA-1 digest or message to be signed
 @param parameters (input/optional) specify algorithm, detached, digest
 @param signed_attributes (input/optional) signed attributes to insert
 as a CFDictionary from oids (CFData) to value (CFData).
 @param signed_data (output) return signed message.
 @result A result code.  See "Security Error Codes" (SecBase.h).
 errSecParam garbage in, garbage out.
 */
OSStatus SecCMSCreateSignedData(SecIdentityRef identity, CFDataRef data,
                                CFDictionaryRef parameters, CFDictionaryRef signed_attributes,
                                CFMutableDataRef signed_data);

/*!
 @function SecCMSCreateEnvelopedData
 @abstract create a enveloped cms blob for recipients
 @param recipient_or_cfarray_thereof SecCertificateRef for each recipient
 @param params CFDictionaryRef with encryption parameters
 @param data Data to be encrypted
 @param enveloped_data (output) return enveloped message.
 @result A result code.  See "Security Error Codes" (SecBase.h).
 errSecParam garbage in, garbage out.
 */
OSStatus SecCMSCreateEnvelopedData(CFTypeRef recipient_or_cfarray_thereof,
                                   CFDictionaryRef params, CFDataRef data, CFMutableDataRef enveloped_data);


/*!
 @function SecCMSDecryptEnvelopedData
 @abstract open an enveloped cms blob. expects recipients identity in keychain.
 @param message Eveloped message
 @param data (output) return decrypted message.
 @param recipient (output/optional) return addressed recipient
 @result A result code.  See "Security Error Codes" (SecBase.h).
 errSecParam garbage in, garbage out.
 */
OSStatus SecCMSDecryptEnvelopedData(CFDataRef message,
                                    CFMutableDataRef data, SecCertificateRef *recipient);

#endif
Commit	Line	Data
f380ce78	1	/*
d8f41ccd A	2	* Copyright (c) 2014 Apple Inc. All Rights Reserved.
d8f41ccd A	3	*
f380ce78 A	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
b1ab9ed8	23
d8f41ccd A	24
	25	#ifndef libsecurity_smime_SecCMS_h
	26	#define libsecurity_smime_SecCMS_h
427c49bc A	27
427c49bc A	28	#include <CoreFoundation/CoreFoundation.h>
d8f41ccd	29	#include <Security/SecBase.h>
fa7225c8 A	30	#include <Security/SecTrust.h>
	31
	32	extern const void * kSecCMSSignDigest;
	33	extern const void * kSecCMSSignDetached;
	34	extern const void * kSecCMSSignHashAlgorithm;
	35	extern const void * kSecCMSCertChainMode;
	36	extern const void * kSecCMSAdditionalCerts;
	37	extern const void * kSecCMSSignedAttributes;
	38	extern const void * kSecCMSSignDate;
	39	extern const void * kSecCMSAllCerts;
866f8763	40	extern const void * kSecCMSHashAgility;
fa7225c8 A	41
	42	extern const void * kSecCMSHashingAlgorithmSHA1;
	43	extern const void * kSecCMSHashingAlgorithmSHA256;
	44	extern const void * kSecCMSHashingAlgorithmSHA384;
	45	extern const void * kSecCMSHashingAlgorithmSHA512;
b1ab9ed8	46
6b200bc3 A	47	extern const void * kSecCMSBulkEncryptionAlgorithm;
	48	extern const void * kSecCMSEncryptionAlgorithmDESCBC;
	49	extern const void * kSecCMSEncryptionAlgorithmAESCBC;
	50
d8f41ccd A	51	/* Return an array of certificates contained in message, if message is of the
	52	type SignedData and has no signers, return NULL otherwise. Not that if
	53	the message is properly formed but has no certificates an empty array will
	54	be returned.
	55	Designed to match the sec submodule implementation available for iOS
	56	*/
	57	CFArrayRef SecCMSCertificatesOnlyMessageCopyCertificates(CFDataRef message);
b1ab9ed8	58
d8f41ccd	59	/* Create a degenerate PKCS#7 containing a cert or a CFArray of certs. */
fa7225c8	60	CFDataRef SecCMSCreateCertificatesOnlyMessage(CFTypeRef cert_or_array_thereof);
d8f41ccd	61	CFDataRef SecCMSCreateCertificatesOnlyMessageIAP(SecCertificateRef cert);
b1ab9ed8	62
fa7225c8 A	63	/*!
	64	@function SecCMSVerifyCopyDataAndAttributes
	65	@abstract verify a signed data cms blob.
	66	@param message the cms message to be parsed
	67	@param detached_contents to pass detached contents (optional)
	68	@param policy specifies policy or array thereof should be used (optional).
	69	if none is passed the blob will not be verified and only
	70	the attached contents will be returned.
	71	@param trustref (output/optional) if specified, the trust chain built during
	72	verification will not be evaluated but returned to the caller to do so.
	73	@param attached_contents (output/optional) return a copy of the attached
	74	contents.
	75	@param signed_attributes (output/optional) return a copy of the signed
	76	attributes as a CFDictionary from oids (CFData) to values
	77	(CFArray of CFData).
	78	@result A result code. See "Security Error Codes" (SecBase.h).
	79	errSecDecode not a CMS message we can parse,
	80	errSecAuthFailed bad signature, or untrusted signer if caller doesn't
	81	ask for trustref,
	82	errSecParam garbage in, garbage out.
	83	*/
	84	OSStatus SecCMSVerifyCopyDataAndAttributes(CFDataRef message, CFDataRef detached_contents,
	85	CFTypeRef policy, SecTrustRef *trustref,
	86	CFDataRef attached_contents, CFDictionaryRef signed_attributes);
	87
	88	/*!
	89	@function SecCMSVerify
	90	@abstract same as SecCMSVerifyCopyDataAndAttributes, for binary compatibility.
	91	*/
	92	OSStatus SecCMSVerify(CFDataRef message, CFDataRef detached_contents,
	93	CFTypeRef policy, SecTrustRef trustref, CFDataRef attached_contents);
	94
	95	OSStatus SecCMSVerifySignedData(CFDataRef message, CFDataRef detached_contents,
	96	CFTypeRef policy, SecTrustRef *trustref, CFArrayRef additional_certificates,
	97	CFDataRef attached_contents, CFDictionaryRef message_attributes);
	98
866f8763 A	99	/*!
	100	@function SecCMSSignDataAndAttributes
	101	@abstract create a signed data cms blob.
	102	@param identity signer
	103	@param data message to be signed
	104	@param detached sign detached or not
	105	@param signed_data (output) return signed message.
	106	@param signed_attributes (input/optional) signed attributes to insert
	107	as a CFDictionary from oids (CFData) to value (CFData).
	108	@result A result code. See "Security Error Codes" (SecBase.h).
	109	errSecParam garbage in, garbage out.
	110	*/
	111	OSStatus SecCMSSignDataAndAttributes(SecIdentityRef identity, CFDataRef data,
	112	bool detached, CFMutableDataRef signed_data, CFDictionaryRef signed_attributes);
	113
	114	/*!
	115	@function SecCMSSignDigestAndAttributes
	116	@abstract create a detached signed data cms blob for a SHA-1 hash.
	117	@param identity signer
	118	@param digest SHA-1 digest of message to be signed
	119	@param signed_data (output) return signed message.
	120	@param signed_attributes (input/optional) signed attributes to insert
	121	as a CFDictionary from oids (CFData) to value (CFData).
	122	@result A result code. See "Security Error Codes" (SecBase.h).
	123	errSecParam garbage in, garbage out.
	124	*/
	125	OSStatus SecCMSSignDigestAndAttributes(SecIdentityRef identity, CFDataRef digest,
	126	CFMutableDataRef signed_data, CFDictionaryRef signed_attributes);
	127
fa7225c8 A	128	/*!
	129	@function SecCMSCreateSignedData
	130	@abstract create a signed data cms blob.
	131	@param identity signer
	132	@param data SHA-1 digest or message to be signed
	133	@param parameters (input/optional) specify algorithm, detached, digest
	134	@param signed_attributes (input/optional) signed attributes to insert
	135	as a CFDictionary from oids (CFData) to value (CFData).
	136	@param signed_data (output) return signed message.
	137	@result A result code. See "Security Error Codes" (SecBase.h).
	138	errSecParam garbage in, garbage out.
	139	*/
	140	OSStatus SecCMSCreateSignedData(SecIdentityRef identity, CFDataRef data,
	141	CFDictionaryRef parameters, CFDictionaryRef signed_attributes,
	142	CFMutableDataRef signed_data);
b1ab9ed8	143
6b200bc3 A	144	/*!
	145	@function SecCMSCreateEnvelopedData
	146	@abstract create a enveloped cms blob for recipients
	147	@param recipient_or_cfarray_thereof SecCertificateRef for each recipient
	148	@param params CFDictionaryRef with encryption parameters
	149	@param data Data to be encrypted
	150	@param enveloped_data (output) return enveloped message.
	151	@result A result code. See "Security Error Codes" (SecBase.h).
	152	errSecParam garbage in, garbage out.
	153	*/
	154	OSStatus SecCMSCreateEnvelopedData(CFTypeRef recipient_or_cfarray_thereof,
	155	CFDictionaryRef params, CFDataRef data, CFMutableDataRef enveloped_data);
	156
	157
	158	/*!
	159	@function SecCMSDecryptEnvelopedData
	160	@abstract open an enveloped cms blob. expects recipients identity in keychain.
	161	@param message Eveloped message
	162	@param data (output) return decrypted message.
	163	@param recipient (output/optional) return addressed recipient
	164	@result A result code. See "Security Error Codes" (SecBase.h).
	165	errSecParam garbage in, garbage out.
	166	*/
	167	OSStatus SecCMSDecryptEnvelopedData(CFDataRef message,
	168	CFMutableDataRef data, SecCertificateRef *recipient);
	169
d8f41ccd	170	#endif