]> git.saurik.com Git - apple/security.git/blob - CMS/SecCmsBase.h
Security-59754.80.3.tar.gz
[apple/security.git] / CMS / SecCmsBase.h
1 /*
2 * Copyright (c) 2004-2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecCmsBase.h
26
27 @availability 10.4 and later
28 @abstract Interfaces of the CMS implementation.
29 @discussion The functions here implement functions for encoding
30 and decoding Cryptographic Message Syntax (CMS) objects
31 as described in rfc3369.
32 */
33
34 #ifndef _SECURITY_SECCMSBASE_H_
35 #define _SECURITY_SECCMSBASE_H_ 1
36
37 #include <sys/types.h>
38 #include <Security/SecBase.h>
39 #include <Security/SecKey.h>
40 #include <Security/SecAsn1Types.h>
41
42 #if TARGET_OS_OSX
43 #include <Security/x509defs.h>
44 #endif
45
46 __BEGIN_DECLS
47
48 /*!
49 @typedef
50 @discussion XXX We need to remove these from the API and move them back to secoidt.h.
51 */
52 typedef struct SECOidDataStr SECOidData;
53
54 /*!
55 @typedef
56 @discussion XXX We might want to get rid of this alltogether.
57 */
58 #pragma clang diagnostic push
59 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
60 #if TARGET_OS_OSX
61 typedef CSSM_X509_ALGORITHM_IDENTIFIER SECAlgorithmID;
62 #else // !TARGET_OS_OSX
63 typedef SecAsn1AlgId SECAlgorithmID;
64 #endif // !TARGET_OS_OSX
65 #pragma clang diagnostic pop
66
67 /*!
68 @typedef
69 @discussion XXX This should probably move to SecKey.h
70 */
71 #if TARGET_OS_OSX
72 typedef SecKeyRef SecSymmetricKeyRef API_AVAILABLE(macos(10.4)) API_UNAVAILABLE(macCatalyst);
73 #else
74 typedef void * SecSymmetricKeyRef API_AVAILABLE(ios(2.0), tvos(2.0), watchos(1.0)) API_UNAVAILABLE(macCatalyst);
75 #endif
76
77 /*!
78 @typedef
79 @discussion XXX This should probably move to SecKey.h
80 */
81 typedef SecKeyRef SecPublicKeyRef;
82
83 /*!
84 @typedef
85 @discussion XXX This should probably move to SecKey.h
86 */
87 typedef SecKeyRef SecPrivateKeyRef;
88
89 /*!
90 @typedef
91 */
92 typedef void(*PK11PasswordFunc)(void);
93
94 #if TARGET_OS_OSX
95 /*!
96 @typedef
97 */
98 typedef struct SecArenaPoolStr *SecArenaPoolRef;
99 #endif
100
101 /*!
102 @typedef
103 */
104 typedef struct SecCmsMessageStr *SecCmsMessageRef;
105
106 /*!
107 @typedef
108 */
109 typedef struct SecCmsContentInfoStr *SecCmsContentInfoRef;
110
111 /*!
112 @typedef
113 */
114 typedef struct SecCmsSignedDataStr *SecCmsSignedDataRef;
115
116 /*!
117 @typedef
118 */
119 typedef struct SecCmsSignerInfoStr *SecCmsSignerInfoRef;
120
121 /*!
122 @typedef
123 */
124 typedef struct SecCmsEnvelopedDataStr *SecCmsEnvelopedDataRef;
125
126 /*!
127 @typedef
128 */
129 typedef struct SecCmsRecipientInfoStr *SecCmsRecipientInfoRef;
130
131 /*!
132 @typedef
133 */
134 typedef struct SecCmsDigestedDataStr *SecCmsDigestedDataRef;
135
136 /*!
137 @typedef
138 */
139 typedef struct SecCmsEncryptedDataStr *SecCmsEncryptedDataRef;
140
141 /*!
142 @typedef
143 */
144 typedef struct SecCmsDecoderStr *SecCmsDecoderRef;
145
146 /*!
147 @typedef
148 */
149 typedef struct SecCmsEncoderStr *SecCmsEncoderRef;
150
151 /*!
152 @typedef
153 */
154 typedef struct SecCmsDigestContextStr *SecCmsDigestContextRef;
155
156
157 /*!
158 @typedef
159 @discussion Type of function passed to SecCmsDecode or SecCmsDecoderStart.
160 If specified, this is where the content bytes (only) will be "sent" as they are recovered during the decoding.
161 And:
162 Type of function passed to SecCmsEncode or SecCmsEncoderStart.
163 This is where the DER-encoded bytes will be "sent".
164
165 XXX Should just combine this with SecCmsEncoderContentCallback type and use a simpler, common name.
166 */
167 typedef void (*SecCmsContentCallback)(void *arg, const char *buf, size_t len);
168
169 /*!
170 @typedef
171 @discussion Type of function passed to SecCmsDecode or SecCmsDecoderStart to retrieve the decryption key. This function is intended to be used for EncryptedData content info's which do not have a key available in a certificate, etc.
172 */
173 #pragma clang diagnostic push
174 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
175 typedef SecSymmetricKeyRef(*SecCmsGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid)
176 API_AVAILABLE(macos(10.4), ios(2.0), tvos(2.0), watchos(1.0)) API_UNAVAILABLE(macCatalyst);
177 #pragma clang diagnostic pop
178
179 /*!
180 @enum SecCmsVerificationStatus
181 */
182 typedef enum {
183 SecCmsVSUnverified = 0,
184 SecCmsVSGoodSignature = 1,
185 SecCmsVSBadSignature = 2,
186 SecCmsVSDigestMismatch = 3,
187 SecCmsVSSigningCertNotFound = 4,
188 SecCmsVSSigningCertNotTrusted = 5,
189 SecCmsVSSignatureAlgorithmUnknown = 6,
190 SecCmsVSSignatureAlgorithmUnsupported = 7,
191 SecCmsVSMalformedSignature = 8,
192 SecCmsVSProcessingError = 9,
193 SecCmsVSTimestampMissing = 10, /* A timestamp was expected but was not found. */
194 SecCmsVSTimestampInvalid = 11, /* The timestamp was not valid. */
195 SecCmsVSTimestampNotTrusted = 12, /* The timestamp signing chain was not trusted. */
196 } SecCmsVerificationStatus;
197
198 /*!
199 @enum SecCmsCertChainMode
200 */
201 typedef enum {
202 SecCmsCMNone = 0,
203 SecCmsCMCertOnly = 1,
204 SecCmsCMCertChain = 2,
205 SecCmsCMCertChainWithRoot = 3,
206 SecCmsCMCertChainWithRootOrFail = 4,
207 } SecCmsCertChainMode;
208
209 /*!
210 @enum
211 @discussion XXX This should be replaced with SecPolicyRefs
212 */
213 typedef enum SECCertUsageEnum {
214 certUsageSSLClient = 0,
215 certUsageSSLServer = 1,
216 certUsageSSLServerWithStepUp = 2,
217 certUsageSSLCA = 3,
218 certUsageEmailSigner = 4,
219 certUsageEmailRecipient = 5,
220 certUsageObjectSigner = 6,
221 certUsageUserCertImport = 7,
222 certUsageVerifyCA = 8,
223 certUsageProtectedObjectSigner = 9,
224 certUsageStatusResponder = 10,
225 certUsageAnyCA = 11
226 } SECCertUsage;
227
228
229 /*!
230 @enum SECOidTag
231 @abstract Misc object IDs - these numbers are for convenient handling.
232 @discussion They are mapped into real object IDs
233 NOTE: the order of these entries must mach the array "oids" of SECOidData in util/secoid.c.
234 */
235 typedef enum {
236 SEC_OID_UNKNOWN = 0,
237 SEC_OID_MD2 = 1,
238 SEC_OID_MD4 = 2,
239 SEC_OID_MD5 = 3,
240 SEC_OID_SHA1 = 4,
241 SEC_OID_RC2_CBC = 5,
242 SEC_OID_RC4 = 6,
243 SEC_OID_DES_EDE3_CBC = 7,
244 SEC_OID_RC5_CBC_PAD = 8,
245 SEC_OID_DES_ECB = 9,
246 SEC_OID_DES_CBC = 10,
247 SEC_OID_DES_OFB = 11,
248 SEC_OID_DES_CFB = 12,
249 SEC_OID_DES_MAC = 13,
250 SEC_OID_DES_EDE = 14,
251 SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE = 15,
252 SEC_OID_PKCS1_RSA_ENCRYPTION = 16,
253 SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION = 17,
254 SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION = 18,
255 SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION = 19,
256 SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION = 20,
257 SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC = 21,
258 SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC = 22,
259 SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC = 23,
260 SEC_OID_PKCS7 = 24,
261 SEC_OID_PKCS7_DATA = 25,
262 SEC_OID_PKCS7_SIGNED_DATA = 26,
263 SEC_OID_PKCS7_ENVELOPED_DATA = 27,
264 SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA = 28,
265 SEC_OID_PKCS7_DIGESTED_DATA = 29,
266 SEC_OID_PKCS7_ENCRYPTED_DATA = 30,
267 SEC_OID_PKCS9_EMAIL_ADDRESS = 31,
268 SEC_OID_PKCS9_UNSTRUCTURED_NAME = 32,
269 SEC_OID_PKCS9_CONTENT_TYPE = 33,
270 SEC_OID_PKCS9_MESSAGE_DIGEST = 34,
271 SEC_OID_PKCS9_SIGNING_TIME = 35,
272 SEC_OID_PKCS9_COUNTER_SIGNATURE = 36,
273 SEC_OID_PKCS9_CHALLENGE_PASSWORD = 37,
274 SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS = 38,
275 SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES = 39,
276 SEC_OID_PKCS9_SMIME_CAPABILITIES = 40,
277 SEC_OID_AVA_COMMON_NAME = 41,
278 SEC_OID_AVA_COUNTRY_NAME = 42,
279 SEC_OID_AVA_LOCALITY = 43,
280 SEC_OID_AVA_STATE_OR_PROVINCE = 44,
281 SEC_OID_AVA_ORGANIZATION_NAME = 45,
282 SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME = 46,
283 SEC_OID_AVA_DN_QUALIFIER = 47,
284 SEC_OID_AVA_DC = 48,
285
286 SEC_OID_NS_TYPE_GIF = 49,
287 SEC_OID_NS_TYPE_JPEG = 50,
288 SEC_OID_NS_TYPE_URL = 51,
289 SEC_OID_NS_TYPE_HTML = 52,
290 SEC_OID_NS_TYPE_CERT_SEQUENCE = 53,
291 SEC_OID_MISSI_KEA_DSS_OLD = 54,
292 SEC_OID_MISSI_DSS_OLD = 55,
293 SEC_OID_MISSI_KEA_DSS = 56,
294 SEC_OID_MISSI_DSS = 57,
295 SEC_OID_MISSI_KEA = 58,
296 SEC_OID_MISSI_ALT_KEA = 59,
297
298 /* Netscape private certificate extensions */
299 SEC_OID_NS_CERT_EXT_NETSCAPE_OK = 60,
300 SEC_OID_NS_CERT_EXT_ISSUER_LOGO = 61,
301 SEC_OID_NS_CERT_EXT_SUBJECT_LOGO = 62,
302 SEC_OID_NS_CERT_EXT_CERT_TYPE = 63,
303 SEC_OID_NS_CERT_EXT_BASE_URL = 64,
304 SEC_OID_NS_CERT_EXT_REVOCATION_URL = 65,
305 SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL = 66,
306 SEC_OID_NS_CERT_EXT_CA_CRL_URL = 67,
307 SEC_OID_NS_CERT_EXT_CA_CERT_URL = 68,
308 SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 69,
309 SEC_OID_NS_CERT_EXT_CA_POLICY_URL = 70,
310 SEC_OID_NS_CERT_EXT_HOMEPAGE_URL = 71,
311 SEC_OID_NS_CERT_EXT_ENTITY_LOGO = 72,
312 SEC_OID_NS_CERT_EXT_USER_PICTURE = 73,
313 SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME = 74,
314 SEC_OID_NS_CERT_EXT_COMMENT = 75,
315 SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL = 76,
316 SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME = 77,
317 SEC_OID_NS_KEY_USAGE_GOVT_APPROVED = 78,
318
319 /* x.509 v3 Extensions */
320 SEC_OID_X509_SUBJECT_DIRECTORY_ATTR = 79,
321 SEC_OID_X509_SUBJECT_KEY_ID = 80,
322 SEC_OID_X509_KEY_USAGE = 81,
323 SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 82,
324 SEC_OID_X509_SUBJECT_ALT_NAME = 83,
325 SEC_OID_X509_ISSUER_ALT_NAME = 84,
326 SEC_OID_X509_BASIC_CONSTRAINTS = 85,
327 SEC_OID_X509_NAME_CONSTRAINTS = 86,
328 SEC_OID_X509_CRL_DIST_POINTS = 87,
329 SEC_OID_X509_CERTIFICATE_POLICIES = 88,
330 SEC_OID_X509_POLICY_MAPPINGS = 89,
331 SEC_OID_X509_POLICY_CONSTRAINTS = 90,
332 SEC_OID_X509_AUTH_KEY_ID = 91,
333 SEC_OID_X509_EXT_KEY_USAGE = 92,
334 SEC_OID_X509_AUTH_INFO_ACCESS = 93,
335
336 SEC_OID_X509_CRL_NUMBER = 94,
337 SEC_OID_X509_REASON_CODE = 95,
338 SEC_OID_X509_INVALID_DATE = 96,
339 /* End of x.509 v3 Extensions */
340
341 SEC_OID_X500_RSA_ENCRYPTION = 97,
342
343 /* alg 1485 additions */
344 SEC_OID_RFC1274_UID = 98,
345 SEC_OID_RFC1274_MAIL = 99,
346
347 /* PKCS 12 additions */
348 SEC_OID_PKCS12 = 100,
349 SEC_OID_PKCS12_MODE_IDS = 101,
350 SEC_OID_PKCS12_ESPVK_IDS = 102,
351 SEC_OID_PKCS12_BAG_IDS = 103,
352 SEC_OID_PKCS12_CERT_BAG_IDS = 104,
353 SEC_OID_PKCS12_OIDS = 105,
354 SEC_OID_PKCS12_PBE_IDS = 106,
355 SEC_OID_PKCS12_SIGNATURE_IDS = 107,
356 SEC_OID_PKCS12_ENVELOPING_IDS = 108,
357 /* SEC_OID_PKCS12_OFFLINE_TRANSPORT_MODE,
358 SEC_OID_PKCS12_ONLINE_TRANSPORT_MODE, */
359 SEC_OID_PKCS12_PKCS8_KEY_SHROUDING = 109,
360 SEC_OID_PKCS12_KEY_BAG_ID = 110,
361 SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID = 111,
362 SEC_OID_PKCS12_SECRET_BAG_ID = 112,
363 SEC_OID_PKCS12_X509_CERT_CRL_BAG = 113,
364 SEC_OID_PKCS12_SDSI_CERT_BAG = 114,
365 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4 = 115,
366 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4 = 116,
367 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC = 117,
368 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 118,
369 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 119,
370 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4 = 120,
371 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4 = 121,
372 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES = 122,
373 SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST = 123,
374 /* end of PKCS 12 additions */
375
376 /* DSA signatures */
377 SEC_OID_ANSIX9_DSA_SIGNATURE = 124,
378 SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST = 125,
379 SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 126,
380
381 /* Verisign OIDs */
382 SEC_OID_VERISIGN_USER_NOTICES = 127,
383
384 /* PKIX OIDs */
385 SEC_OID_PKIX_CPS_POINTER_QUALIFIER = 128,
386 SEC_OID_PKIX_USER_NOTICE_QUALIFIER = 129,
387 SEC_OID_PKIX_OCSP = 130,
388 SEC_OID_PKIX_OCSP_BASIC_RESPONSE = 131,
389 SEC_OID_PKIX_OCSP_NONCE = 132,
390 SEC_OID_PKIX_OCSP_CRL = 133,
391 SEC_OID_PKIX_OCSP_RESPONSE = 134,
392 SEC_OID_PKIX_OCSP_NO_CHECK = 135,
393 SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 136,
394 SEC_OID_PKIX_OCSP_SERVICE_LOCATOR = 137,
395 SEC_OID_PKIX_REGCTRL_REGTOKEN = 138,
396 SEC_OID_PKIX_REGCTRL_AUTHENTICATOR = 139,
397 SEC_OID_PKIX_REGCTRL_PKIPUBINFO = 140,
398 SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 141,
399 SEC_OID_PKIX_REGCTRL_OLD_CERT_ID = 142,
400 SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 143,
401 SEC_OID_PKIX_REGINFO_UTF8_PAIRS = 144,
402 SEC_OID_PKIX_REGINFO_CERT_REQUEST = 145,
403 SEC_OID_EXT_KEY_USAGE_SERVER_AUTH = 146,
404 SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH = 147,
405 SEC_OID_EXT_KEY_USAGE_CODE_SIGN = 148,
406 SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT = 149,
407 SEC_OID_EXT_KEY_USAGE_TIME_STAMP = 150,
408 SEC_OID_OCSP_RESPONDER = 151,
409
410 /* Netscape Algorithm OIDs */
411 SEC_OID_NETSCAPE_SMIME_KEA = 152,
412
413 /* Skipjack OID -- ### mwelch temporary */
414 SEC_OID_FORTEZZA_SKIPJACK = 153,
415
416 /* PKCS 12 V2 oids */
417 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4 = 154,
418 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 = 155,
419 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC = 156,
420 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC = 157,
421 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 158,
422 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 159,
423 SEC_OID_PKCS12_SAFE_CONTENTS_ID = 160,
424 SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID = 161,
425
426 SEC_OID_PKCS12_V1_KEY_BAG_ID = 162,
427 SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID = 163,
428 SEC_OID_PKCS12_V1_CERT_BAG_ID = 164,
429 SEC_OID_PKCS12_V1_CRL_BAG_ID = 165,
430 SEC_OID_PKCS12_V1_SECRET_BAG_ID = 166,
431 SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID = 167,
432 SEC_OID_PKCS9_X509_CERT = 168,
433 SEC_OID_PKCS9_SDSI_CERT = 169,
434 SEC_OID_PKCS9_X509_CRL = 170,
435 SEC_OID_PKCS9_FRIENDLY_NAME = 171,
436 SEC_OID_PKCS9_LOCAL_KEY_ID = 172,
437 SEC_OID_PKCS12_KEY_USAGE = 173,
438
439 /*Diffe Helman OIDS */
440 SEC_OID_X942_DIFFIE_HELMAN_KEY = 174,
441
442 /* Netscape other name types */
443 SEC_OID_NETSCAPE_NICKNAME = 175,
444
445 /* Cert Server OIDS */
446 SEC_OID_NETSCAPE_RECOVERY_REQUEST = 176,
447
448 /* New PSM certificate management OIDs */
449 SEC_OID_CERT_RENEWAL_LOCATOR = 177,
450 SEC_OID_NS_CERT_EXT_SCOPE_OF_USE = 178,
451
452 /* CMS (RFC2630) OIDs */
453 SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN = 179,
454 SEC_OID_CMS_3DES_KEY_WRAP = 180,
455 SEC_OID_CMS_RC2_KEY_WRAP = 181,
456
457 /* SMIME attributes */
458 SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE = 182,
459
460 /* AES OIDs */
461 SEC_OID_AES_128_ECB = 183,
462 SEC_OID_AES_128_CBC = 184,
463 SEC_OID_AES_192_ECB = 185,
464 SEC_OID_AES_192_CBC = 186,
465 SEC_OID_AES_256_ECB = 187,
466 SEC_OID_AES_256_CBC = 188,
467
468 SEC_OID_SDN702_DSA_SIGNATURE = 189,
469
470 SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE = 190,
471
472 SEC_OID_SHA224 = 191,
473 SEC_OID_SHA256 = 192,
474 SEC_OID_SHA384 = 193,
475 SEC_OID_SHA512 = 194,
476
477 SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 195,
478 SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 196,
479 SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 197,
480
481 SEC_OID_AES_128_KEY_WRAP = 198,
482 SEC_OID_AES_192_KEY_WRAP = 199,
483 SEC_OID_AES_256_KEY_WRAP = 200,
484
485 /* eContentType set by client and not understood by this library; treated
486 * like SEC_OID_PKCS7_DATA, except the caller's OID is encoded. */
487 SEC_OID_OTHER = 201,
488
489 /* ECDSA */
490 SEC_OID_EC_PUBLIC_KEY = 202,
491 SEC_OID_ECDSA_WithSHA1 = 203,
492 SEC_OID_DH_SINGLE_STD_SHA1KDF = 204,
493 SEC_OID_SECP_256_R1 = 205,
494 SEC_OID_SECP_384_R1 = 206,
495 SEC_OID_SECP_521_R1 = 207,
496
497 /* RFC 3161 Timestamping OIDs */
498 SEC_OID_PKCS9_ID_CT_TSTInfo = 208,
499 SEC_OID_PKCS9_TIMESTAMP_TOKEN = 209,
500 SEC_OID_PKCS9_SIGNING_CERTIFICATE = 210,
501
502 /* ECDSA with SHA2 */
503 SEC_OID_ECDSA_WITH_SHA256 = 211,
504 SEC_OID_ECDSA_WITH_SHA384 = 212,
505 SEC_OID_ECDSA_WITH_SHA512 = 213,
506
507 /* Apple CMS Attributes */
508 SEC_OID_APPLE_HASH_AGILITY = 214,
509 SEC_OID_APPLE_HASH_AGILITY_V2 = 215,
510
511 /* Apple Expiration Time Attribute */
512 SEC_OID_APPLE_EXPIRATION_TIME = 216,
513
514 SEC_OID_TOTAL
515 } SECOidTag;
516
517 #if TARGET_OS_OSX
518 /*!
519 @function
520 @abstract Create a new SecArenaPool object.
521 @param chunksize Size of the chunks the pool will use to allocate its underlying storage.
522 @param outArena pointer to a SecArenaPoolRef to be created.
523 @result On success return 0 and outArena will contain a newly created SecArenaPoolRef.
524 @availability 10.4 and later
525 @updated 2004-04-23
526 */
527 OSStatus SecArenaPoolCreate(size_t chunksize, SecArenaPoolRef *outArena);
528
529 /*!
530 @function
531 @abstract Free a SecArenaPool object and everything in it.
532 @param arena The SecArenaPool object to free.
533 @param zero If this is true the arena's memory will be zero filled before it is freed.
534 @discussion arena will no longer be valid and the memory used by it is returned to the malloc heap.
535 @availability 10.4 and later
536 @updated 2004-04-23
537 */
538 void SecArenaPoolFree(SecArenaPoolRef arena, Boolean zero);
539 #endif // TARGET_OS_OSX
540
541 __END_DECLS
542
543 #endif /* _SECURITY_SECCMSBASE_H_ */