]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/SecCmsSignerInfo.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.60.28.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / SecCmsSignerInfo.h
1 /*
2 * Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecCmsSignerInfo.h
26 @Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
27
28 @availability 10.4 and later
29 @abstract Interfaces of the CMS implementation.
30 @discussion The functions here implement functions for encoding
31 and decoding Cryptographic Message Syntax (CMS) objects
32 as described in rfc3369.
33 */
34
35 #ifndef _SECURITY_SECCMSSIGNERINFO_H_
36 #define _SECURITY_SECCMSSIGNERINFO_H_ 1
37
38 #include <Security/SecCmsBase.h>
39
40 #include <Security/SecTrust.h>
41 #include <CoreFoundation/CFDate.h>
42
43
44 #if defined(__cplusplus)
45 extern "C" {
46 #endif
47
48 /*!
49 @function
50 */
51 extern SecCmsSignerInfoRef
52 SecCmsSignerInfoCreate(SecCmsMessageRef cmsg, SecIdentityRef identity, SECOidTag digestalgtag);
53
54 /*!
55 @function
56 */
57 extern SecCmsSignerInfoRef
58 SecCmsSignerInfoCreateWithSubjKeyID(SecCmsMessageRef cmsg, CSSM_DATA_PTR subjKeyID, SecPublicKeyRef pubKey, SecPrivateKeyRef signingKey, SECOidTag digestalgtag);
59
60 /*!
61 @function
62 @abstract Destroy a SignerInfo data structure.
63 */
64 extern void
65 SecCmsSignerInfoDestroy(SecCmsSignerInfoRef si);
66
67 /*!
68 @function
69 */
70 extern SecCmsVerificationStatus
71 SecCmsSignerInfoGetVerificationStatus(SecCmsSignerInfoRef signerinfo);
72
73 /*!
74 @function
75 */
76 extern OSStatus
77 SecCmsSignerInfoVerifyUnAuthAttrs(SecCmsSignerInfoRef signerinfo);
78
79 /*!
80 @function
81 */
82 extern OSStatus
83 SecCmsSignerInfoVerifyUnAuthAttrsWithPolicy(SecCmsSignerInfoRef signerinfo,CFTypeRef timeStampPolicy);
84
85 /*!
86 @function
87 */
88 extern CSSM_DATA *
89 SecCmsSignerInfoGetEncDigest(SecCmsSignerInfoRef signerinfo);
90
91 /*!
92 @function
93 */
94 extern SECOidData *
95 SecCmsSignerInfoGetDigestAlg(SecCmsSignerInfoRef signerinfo);
96
97 /*!
98 @function
99 */
100 extern SECOidTag
101 SecCmsSignerInfoGetDigestAlgTag(SecCmsSignerInfoRef signerinfo);
102
103 /*!
104 @function
105 */
106 extern CFArrayRef
107 SecCmsSignerInfoGetCertList(SecCmsSignerInfoRef signerinfo);
108
109 /*!
110 @function
111 */
112 extern CFArrayRef
113 SecCmsSignerInfoGetTimestampCertList(SecCmsSignerInfoRef signerinfo);
114
115 /*!
116 @function
117 */
118 extern SecCertificateRef
119 SecCmsSignerInfoGetTimestampSigningCert(SecCmsSignerInfoRef signerinfo);
120
121 /*!
122 @function
123 @abstract Return the signing time, in UTCTime format, of a CMS signerInfo.
124 @param sinfo SignerInfo data for this signer.
125 @discussion Returns a pointer to XXXX (what?)
126 @result A return value of NULL is an error.
127 */
128 extern OSStatus
129 SecCmsSignerInfoGetSigningTime(SecCmsSignerInfoRef sinfo, CFAbsoluteTime *stime);
130
131 /*!
132 @function
133 @abstract Return the timestamp time, in UTCTime format, of a CMS signerInfo.
134 @param sinfo SignerInfo data for this signer.
135 @discussion Returns a pointer to XXXX (what?)
136 @result A return value of NULL is an error.
137 */
138 OSStatus
139 SecCmsSignerInfoGetTimestampTime(SecCmsSignerInfoRef sinfo, CFAbsoluteTime *stime);
140
141 /*!
142 @function
143 @abstract Return the timestamp time, in UTCTime format, of a CMS signerInfo.
144 @param sinfo SignerInfo data for this signer, timeStampPolicy the policy to verify the timestamp signer
145 @discussion Returns a pointer to XXXX (what?)
146 @result A return value of NULL is an error.
147 */
148 OSStatus
149 SecCmsSignerInfoGetTimestampTimeWithPolicy(SecCmsSignerInfoRef sinfo, CFTypeRef timeStampPolicy, CFAbsoluteTime *stime);
150
151 /*!
152 @function
153 @abstract Return the data in the signed Codesigning Hash Agility attribute.
154 @param sinfo SignerInfo data for this signer, pointer to a CFDataRef for attribute value
155 @discussion Returns a CFDataRef containing the value of the attribute
156 @result A return value of SECFailure is an error.
157 */
158 OSStatus
159 SecCmsSignerInfoGetAppleCodesigningHashAgility(SecCmsSignerInfoRef sinfo, CFDataRef *sdata);
160
161 /*!
162 @function
163 @abstract Return the data in the signed Codesigning Hash Agility V2 attribute.
164 @param sinfo SignerInfo data for this signer, pointer to a CFDictionaryRef for attribute values
165 @discussion Returns a CFDictionaryRef containing the values of the attribute. V2 encodes the hash
166 agility values using DER.
167 @result A return value of SECFailure is an error.
168 */
169 extern OSStatus
170 SecCmsSignerInfoGetAppleCodesigningHashAgilityV2(SecCmsSignerInfoRef sinfo, CFDictionaryRef *sdict);
171
172 /*!
173 @function
174 @abstract Return the signing cert of a CMS signerInfo.
175 @discussion The certs in the enclosing SignedData must have been imported already.
176 */
177 extern SecCertificateRef
178 SecCmsSignerInfoGetSigningCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef keychainOrArray);
179
180 /*!
181 @function
182 @abstract Return the common name of the signer.
183 @param sinfo SignerInfo data for this signer.
184 @discussion Returns a CFStringRef containing the common name of the signer.
185 @result A return value of NULL is an error.
186 */
187 extern CFStringRef
188 SecCmsSignerInfoGetSignerCommonName(SecCmsSignerInfoRef sinfo);
189
190 /*!
191 @function
192 @abstract Return the email address of the signer
193 @param sinfo SignerInfo data for this signer.
194 @discussion Returns a CFStringRef containing the name of the signer.
195 @result A return value of NULL is an error.
196 */
197 extern CFStringRef
198 SecCmsSignerInfoGetSignerEmailAddress(SecCmsSignerInfoRef sinfo);
199
200 /*!
201 @function
202 @abstract Add the signing time to the authenticated (i.e. signed) attributes of "signerinfo".
203 @discussion This is expected to be included in outgoing signed
204 messages for email (S/MIME) but is likely useful in other situations.
205
206 This should only be added once; a second call will do nothing.
207
208 XXX This will probably just shove the current time into "signerinfo"
209 but it will not actually get signed until the entire item is
210 processed for encoding. Is this (expected to be small) delay okay?
211 */
212 extern OSStatus
213 SecCmsSignerInfoAddSigningTime(SecCmsSignerInfoRef signerinfo, CFAbsoluteTime t);
214
215 /*!
216 @function
217 @abstract Add a SMIMECapabilities attribute to the authenticated (i.e. signed) attributes of "signerinfo".
218 @discussion This is expected to be included in outgoing signed messages for email (S/MIME).
219 */
220 extern OSStatus
221 SecCmsSignerInfoAddSMIMECaps(SecCmsSignerInfoRef signerinfo);
222
223 /*!
224 @function
225 @abstract Add a SMIMEEncryptionKeyPreferences attribute to the authenticated (i.e. signed) attributes of "signerinfo".
226 @discussion This is expected to be included in outgoing signed messages for email (S/MIME).
227 */
228 OSStatus
229 SecCmsSignerInfoAddSMIMEEncKeyPrefs(SecCmsSignerInfoRef signerinfo, SecCertificateRef cert, SecKeychainRef keychainOrArray);
230
231 /*!
232 @function
233 @abstract Add a SMIMEEncryptionKeyPreferences attribute to the authenticated (i.e. signed) attributes of "signerinfo", using the OID prefered by Microsoft.
234 @discussion This is expected to be included in outgoing signed messages for email (S/MIME), if compatibility with Microsoft mail clients is wanted.
235 */
236 OSStatus
237 SecCmsSignerInfoAddMSSMIMEEncKeyPrefs(SecCmsSignerInfoRef signerinfo, SecCertificateRef cert, SecKeychainRef keychainOrArray);
238
239 /*!
240 @function
241 @abstract Create a timestamp unsigned attribute with a TimeStampToken.
242 */
243 OSStatus
244 SecCmsSignerInfoAddTimeStamp(SecCmsSignerInfoRef signerinfo, CSSM_DATA *tstoken);
245
246 /*!
247 @function
248 @abstract Countersign a signerinfo.
249 */
250 extern OSStatus
251 SecCmsSignerInfoAddCounterSignature(SecCmsSignerInfoRef signerinfo,
252 SECOidTag digestalg, SecIdentityRef identity);
253
254 /*!
255 @function
256 @abstract Add the Apple Codesigning Hash Agility attribute to the authenticated (i.e. signed) attributes of "signerinfo".
257 @discussion This is expected to be included in outgoing Apple code signatures.
258 */
259 OSStatus
260 SecCmsSignerInfoAddAppleCodesigningHashAgility(SecCmsSignerInfoRef signerinfo, CFDataRef attrValue);
261
262 /*!
263 @function
264 @abstract Add the Apple Codesigning Hash Agility V2 attribute to the authenticated (i.e. signed) attributes of "signerinfo".
265 @discussion This is expected to be included in outgoing Apple code signatures. V2 encodes the hash agility values using DER.
266 The dictionary should have CFNumberRef keys, corresponding to SECOidTags for digest algorithms, and CFDataRef values,
267 corresponding to the digest value for that digest algorithm.
268 */
269 OSStatus
270 SecCmsSignerInfoAddAppleCodesigningHashAgilityV2(SecCmsSignerInfoRef signerinfo, CFDictionaryRef attrValues);
271
272 /*!
273 @function
274 @abstract The following needs to be done in the S/MIME layer code after signature of a signerinfo has been verified.
275 @param signerinfo The SecCmsSignerInfo object for which we verified the signature.
276 @result The preferred encryption certificate of the user who signed this message will be added to the users default Keychain and it will be marked as the preferred certificate to use when sending that person messages from now on.
277 */
278 extern OSStatus
279 SecCmsSignerInfoSaveSMIMEProfile(SecCmsSignerInfoRef signerinfo);
280
281 /*!
282 @function
283 @abstract Set cert chain inclusion mode for this signer.
284 */
285 extern OSStatus
286 SecCmsSignerInfoIncludeCerts(SecCmsSignerInfoRef signerinfo, SecCmsCertChainMode cm, SECCertUsage usage);
287
288 /*! @functiongroup CMS misc utility functions */
289 /*!
290 @function
291 Convert a SecCmsVerificationStatus to a human readable string.
292 */
293 extern const char *
294 SecCmsUtilVerificationStatusToString(SecCmsVerificationStatus vs);
295
296 /*
297 * Preference domain and key for the Microsoft ECDSA compatibility flag.
298 * Default if not present is TRUE, meaning we generate ECDSA-signed messages
299 * which are compatible with Microsoft Entourage. FALSE means we adhere to
300 * the spec (RFC 3278 section 2.1.1).
301 */
302 #define kMSCompatibilityDomain "com.apple.security.smime"
303 #define kMSCompatibilityMode CFSTR("MSCompatibilityMode")
304
305 /*!
306 @function SecCmsSignerInfoCopyCertFromEncryptionKeyPreference
307 @abstract Copy the certificate specified in the encryption key preference.
308 @param signerinfo The SecCmsSignerInfo object for which we verified the signature.
309 @result The preferred encryption certificate of the user who signed this message, if found.
310 @discussion This function should be called after the signer info has been verified.
311 */
312 SecCertificateRef SecCmsSignerInfoCopyCertFromEncryptionKeyPreference(SecCmsSignerInfoRef signerinfo);
313
314 #if defined(__cplusplus)
315 }
316 #endif
317
318 #endif /* _SECURITY_SECCMSSIGNERINFO_H_ */
mirror of Security