OSX/libsecurity_smime/lib/SecCmsBase.h

   1 /*
   2  *  Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
   3  *
   4  *  @APPLE_LICENSE_HEADER_START@
   5  *
   6  *  This file contains Original Code and/or Modifications of Original Code
   7  *  as defined in and that are subject to the Apple Public Source License
   8  *  Version 2.0 (the 'License'). You may not use this file except in
   9  *  compliance with the License. Please obtain a copy of the License at
  10  *  http://www.opensource.apple.com/apsl/ and read it before using this
  11  *  file.
  12  *
  13  *  The Original Code and all software distributed under the License are
  14  *  distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  *  EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  *  INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  *  FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  *  Please see the License for the specific language governing rights and
  19  *  limitations under the License.
  20  *
  21  *  @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25     @header SecCmsBase.h
  26     @Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
  27
  28     @availability 10.4 and later
  29     @abstract Interfaces of the CMS implementation.
  30     @discussion The functions here implement functions for encoding
  31                 and decoding Cryptographic Message Syntax (CMS) objects
  32                 as described in rfc3369.
  33  */
  34
  35 #ifndef _SECURITY_SECCMSBASE_H_
  36 #define _SECURITY_SECCMSBASE_H_  1
  37
  38 #include <sys/types.h>                  /* size_t */
  39 #include <Security/SecKey.h>
  40 #include <Security/x509defs.h>
  41
  42 #if defined(__cplusplus)
  43 extern "C" {
  44 #endif
  45
  46 /*!
  47     @typedef
  48     @discussion XXX We need to remove these from the API and move them back to secoidt.h.
  49  */
  50 typedef struct SECOidDataStr SECOidData;
  51
  52 /*!
  53     @typedef
  54     @discussion XXX We might want to get rid of this alltogether.
  55  */
  56 typedef CSSM_X509_ALGORITHM_IDENTIFIER SECAlgorithmID;
  57
  58 /*!
  59     @typedef
  60     @discussion XXX This should probably move to SecKey.h
  61  */
  62 typedef SecKeyRef SecSymmetricKeyRef;
  63
  64 /*!
  65     @typedef
  66     @discussion XXX This should probably move to SecKey.h
  67  */
  68 typedef SecKeyRef SecPublicKeyRef;
  69
  70 /*!
  71     @typedef
  72     @discussion XXX This should probably move to SecKey.h
  73  */
  74 typedef SecKeyRef SecPrivateKeyRef;
  75
  76 /*!
  77     @typedef
  78  */
  79 typedef void(*PK11PasswordFunc)(void);
  80
  81 /*!
  82     @typedef
  83  */
  84 typedef struct SecArenaPoolStr *SecArenaPoolRef;
  85
  86 /*!
  87     @typedef
  88  */
  89 typedef struct SecCmsMessageStr *SecCmsMessageRef;
  90
  91 /*!
  92     @typedef
  93  */
  94 typedef struct SecCmsContentInfoStr *SecCmsContentInfoRef;
  95
  96 /*!
  97     @typedef
  98  */
  99 typedef struct SecCmsSignedDataStr *SecCmsSignedDataRef;
 100
 101 /*!
 102     @typedef
 103  */
 104 typedef struct SecCmsSignerInfoStr *SecCmsSignerInfoRef;
 105
 106 /*!
 107     @typedef
 108  */
 109 typedef struct SecCmsEnvelopedDataStr *SecCmsEnvelopedDataRef;
 110
 111 /*!
 112     @typedef
 113  */
 114 typedef struct SecCmsRecipientInfoStr *SecCmsRecipientInfoRef;
 115
 116 /*!
 117     @typedef
 118  */
 119 typedef struct SecCmsDigestedDataStr *SecCmsDigestedDataRef;
 120
 121 /*!
 122     @typedef
 123  */
 124 typedef struct SecCmsEncryptedDataStr *SecCmsEncryptedDataRef;
 125
 126 /*!
 127     @typedef
 128  */
 129 typedef struct SecCmsDecoderStr *SecCmsDecoderRef;
 130
 131 /*!
 132     @typedef
 133  */
 134 typedef struct SecCmsEncoderStr *SecCmsEncoderRef;
 135
 136 /*!
 137     @typedef
 138  */
 139 typedef struct SecCmsDigestContextStr *SecCmsDigestContextRef;
 140
 141
 142 /*!
 143      @typedef
 144      @discussion Type of function passed to SecCmsDecode or SecCmsDecoderStart.
 145      If specified, this is where the content bytes (only) will be "sent" as they are recovered during the decoding.
 146      And:
 147      Type of function passed to SecCmsEncode or SecCmsEncoderStart.
 148      This is where the DER-encoded bytes will be "sent".
 149
 150      XXX Should just combine this with SecCmsEncoderContentCallback type and use a simpler, common name.
 151  */
 152 typedef void (*SecCmsContentCallback)(void *arg, const char *buf, size_t len);
 153
 154 /*!
 155     @typedef
 156     @discussion Type of function passed to SecCmsDecode or SecCmsDecoderStart to retrieve the decryption key.  This function is intended to be used for EncryptedData content info's which do not have a key available in a certificate, etc.
 157  */
 158 typedef SecSymmetricKeyRef(*SecCmsGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);
 159
 160 /*!
 161     @enum SecCmsVerificationStatus
 162  */
 163 typedef enum {
 164     SecCmsVSUnverified = 0,
 165     SecCmsVSGoodSignature = 1,
 166     SecCmsVSBadSignature = 2,
 167     SecCmsVSDigestMismatch = 3,
 168     SecCmsVSSigningCertNotFound = 4,
 169     SecCmsVSSigningCertNotTrusted = 5,
 170     SecCmsVSSignatureAlgorithmUnknown = 6,
 171     SecCmsVSSignatureAlgorithmUnsupported = 7,
 172     SecCmsVSMalformedSignature = 8,
 173     SecCmsVSProcessingError = 9,
 174     SecCmsVSTimestampMissing = 10,                      /* A timestamp was expected but was not found. */
 175     SecCmsVSTimestampInvalid = 11,                      /* The timestamp was not valid. */
 176     SecCmsVSTimestampNotTrusted = 12,                   /* The timestamp signing chain was not trusted. */
 177 } SecCmsVerificationStatus;
 178
 179 /*!
 180     @enum SecCmsCertChainMode
 181  */
 182 typedef enum {
 183     SecCmsCMNone = 0,
 184     SecCmsCMCertOnly = 1,
 185     SecCmsCMCertChain = 2,
 186     SecCmsCMCertChainWithRoot = 3
 187 } SecCmsCertChainMode;
 188
 189 /*!
 190     @enum
 191     @discussion XXX This should be replaced with SecPolicyRefs
 192  */
 193 typedef enum SECCertUsageEnum {
 194     certUsageSSLClient = 0,
 195     certUsageSSLServer = 1,
 196     certUsageSSLServerWithStepUp = 2,
 197     certUsageSSLCA = 3,
 198     certUsageEmailSigner = 4,
 199     certUsageEmailRecipient = 5,
 200     certUsageObjectSigner = 6,
 201     certUsageUserCertImport = 7,
 202     certUsageVerifyCA = 8,
 203     certUsageProtectedObjectSigner = 9,
 204     certUsageStatusResponder = 10,
 205     certUsageAnyCA = 11
 206 } SECCertUsage;
 207
 208
 209 /*!
 210     @enum SECOidTag
 211     @abstract Misc object IDs - these numbers are for convenient handling.
 212     @discussion They are mapped into real object IDs
 213     NOTE: the order of these entries must mach the array "oids" of SECOidData in util/secoid.c.
 214  */
 215 typedef enum {
 216     SEC_OID_UNKNOWN = 0,
 217     SEC_OID_MD2 = 1,
 218     SEC_OID_MD4 = 2,
 219     SEC_OID_MD5 = 3,
 220     SEC_OID_SHA1 = 4,
 221     SEC_OID_RC2_CBC = 5,
 222     SEC_OID_RC4 = 6,
 223     SEC_OID_DES_EDE3_CBC = 7,
 224     SEC_OID_RC5_CBC_PAD = 8,
 225     SEC_OID_DES_ECB = 9,
 226     SEC_OID_DES_CBC = 10,
 227     SEC_OID_DES_OFB = 11,
 228     SEC_OID_DES_CFB = 12,
 229     SEC_OID_DES_MAC = 13,
 230     SEC_OID_DES_EDE = 14,
 231     SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE = 15,
 232     SEC_OID_PKCS1_RSA_ENCRYPTION = 16,
 233     SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION = 17,
 234     SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION = 18,
 235     SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION = 19,
 236     SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION = 20,
 237     SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC = 21,
 238     SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC = 22,
 239     SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC = 23,
 240     SEC_OID_PKCS7 = 24,
 241     SEC_OID_PKCS7_DATA = 25,
 242     SEC_OID_PKCS7_SIGNED_DATA = 26,
 243     SEC_OID_PKCS7_ENVELOPED_DATA = 27,
 244     SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA = 28,
 245     SEC_OID_PKCS7_DIGESTED_DATA = 29,
 246     SEC_OID_PKCS7_ENCRYPTED_DATA = 30,
 247     SEC_OID_PKCS9_EMAIL_ADDRESS = 31,
 248     SEC_OID_PKCS9_UNSTRUCTURED_NAME = 32,
 249     SEC_OID_PKCS9_CONTENT_TYPE = 33,
 250     SEC_OID_PKCS9_MESSAGE_DIGEST = 34,
 251     SEC_OID_PKCS9_SIGNING_TIME = 35,
 252     SEC_OID_PKCS9_COUNTER_SIGNATURE = 36,
 253     SEC_OID_PKCS9_CHALLENGE_PASSWORD = 37,
 254     SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS = 38,
 255     SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES = 39,
 256     SEC_OID_PKCS9_SMIME_CAPABILITIES = 40,
 257     SEC_OID_AVA_COMMON_NAME = 41,
 258     SEC_OID_AVA_COUNTRY_NAME = 42,
 259     SEC_OID_AVA_LOCALITY = 43,
 260     SEC_OID_AVA_STATE_OR_PROVINCE = 44,
 261     SEC_OID_AVA_ORGANIZATION_NAME = 45,
 262     SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME = 46,
 263     SEC_OID_AVA_DN_QUALIFIER = 47,
 264     SEC_OID_AVA_DC = 48,
 265
 266     SEC_OID_NS_TYPE_GIF = 49,
 267     SEC_OID_NS_TYPE_JPEG = 50,
 268     SEC_OID_NS_TYPE_URL = 51,
 269     SEC_OID_NS_TYPE_HTML = 52,
 270     SEC_OID_NS_TYPE_CERT_SEQUENCE = 53,
 271     SEC_OID_MISSI_KEA_DSS_OLD = 54,
 272     SEC_OID_MISSI_DSS_OLD = 55,
 273     SEC_OID_MISSI_KEA_DSS = 56,
 274     SEC_OID_MISSI_DSS = 57,
 275     SEC_OID_MISSI_KEA = 58,
 276     SEC_OID_MISSI_ALT_KEA = 59,
 277
 278     /* Netscape private certificate extensions */
 279     SEC_OID_NS_CERT_EXT_NETSCAPE_OK = 60,
 280     SEC_OID_NS_CERT_EXT_ISSUER_LOGO = 61,
 281     SEC_OID_NS_CERT_EXT_SUBJECT_LOGO = 62,
 282     SEC_OID_NS_CERT_EXT_CERT_TYPE = 63,
 283     SEC_OID_NS_CERT_EXT_BASE_URL = 64,
 284     SEC_OID_NS_CERT_EXT_REVOCATION_URL = 65,
 285     SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL = 66,
 286     SEC_OID_NS_CERT_EXT_CA_CRL_URL = 67,
 287     SEC_OID_NS_CERT_EXT_CA_CERT_URL = 68,
 288     SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 69,
 289     SEC_OID_NS_CERT_EXT_CA_POLICY_URL = 70,
 290     SEC_OID_NS_CERT_EXT_HOMEPAGE_URL = 71,
 291     SEC_OID_NS_CERT_EXT_ENTITY_LOGO = 72,
 292     SEC_OID_NS_CERT_EXT_USER_PICTURE = 73,
 293     SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME = 74,
 294     SEC_OID_NS_CERT_EXT_COMMENT = 75,
 295     SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL = 76,
 296     SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME = 77,
 297     SEC_OID_NS_KEY_USAGE_GOVT_APPROVED = 78,
 298
 299     /* x.509 v3 Extensions */
 300     SEC_OID_X509_SUBJECT_DIRECTORY_ATTR = 79,
 301     SEC_OID_X509_SUBJECT_KEY_ID = 80,
 302     SEC_OID_X509_KEY_USAGE = 81,
 303     SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 82,
 304     SEC_OID_X509_SUBJECT_ALT_NAME = 83,
 305     SEC_OID_X509_ISSUER_ALT_NAME = 84,
 306     SEC_OID_X509_BASIC_CONSTRAINTS = 85,
 307     SEC_OID_X509_NAME_CONSTRAINTS = 86,
 308     SEC_OID_X509_CRL_DIST_POINTS = 87,
 309     SEC_OID_X509_CERTIFICATE_POLICIES = 88,
 310     SEC_OID_X509_POLICY_MAPPINGS = 89,
 311     SEC_OID_X509_POLICY_CONSTRAINTS = 90,
 312     SEC_OID_X509_AUTH_KEY_ID = 91,
 313     SEC_OID_X509_EXT_KEY_USAGE = 92,
 314     SEC_OID_X509_AUTH_INFO_ACCESS = 93,
 315
 316     SEC_OID_X509_CRL_NUMBER = 94,
 317     SEC_OID_X509_REASON_CODE = 95,
 318     SEC_OID_X509_INVALID_DATE = 96,
 319     /* End of x.509 v3 Extensions */
 320
 321     SEC_OID_X500_RSA_ENCRYPTION = 97,
 322
 323     /* alg 1485 additions */
 324     SEC_OID_RFC1274_UID = 98,
 325     SEC_OID_RFC1274_MAIL = 99,
 326
 327     /* PKCS 12 additions */
 328     SEC_OID_PKCS12 = 100,
 329     SEC_OID_PKCS12_MODE_IDS = 101,
 330     SEC_OID_PKCS12_ESPVK_IDS = 102,
 331     SEC_OID_PKCS12_BAG_IDS = 103,
 332     SEC_OID_PKCS12_CERT_BAG_IDS = 104,
 333     SEC_OID_PKCS12_OIDS = 105,
 334     SEC_OID_PKCS12_PBE_IDS = 106,
 335     SEC_OID_PKCS12_SIGNATURE_IDS = 107,
 336     SEC_OID_PKCS12_ENVELOPING_IDS = 108,
 337    /* SEC_OID_PKCS12_OFFLINE_TRANSPORT_MODE,
 338     SEC_OID_PKCS12_ONLINE_TRANSPORT_MODE, */
 339     SEC_OID_PKCS12_PKCS8_KEY_SHROUDING = 109,
 340     SEC_OID_PKCS12_KEY_BAG_ID = 110,
 341     SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID = 111,
 342     SEC_OID_PKCS12_SECRET_BAG_ID = 112,
 343     SEC_OID_PKCS12_X509_CERT_CRL_BAG = 113,
 344     SEC_OID_PKCS12_SDSI_CERT_BAG = 114,
 345     SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4 = 115,
 346     SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4 = 116,
 347     SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC = 117,
 348     SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 118,
 349     SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 119,
 350     SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4 = 120,
 351     SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4 = 121,
 352     SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES = 122,
 353     SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST = 123,
 354     /* end of PKCS 12 additions */
 355
 356     /* DSA signatures */
 357     SEC_OID_ANSIX9_DSA_SIGNATURE = 124,
 358     SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST = 125,
 359     SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 126,
 360
 361     /* Verisign OIDs */
 362     SEC_OID_VERISIGN_USER_NOTICES = 127,
 363
 364     /* PKIX OIDs */
 365     SEC_OID_PKIX_CPS_POINTER_QUALIFIER = 128,
 366     SEC_OID_PKIX_USER_NOTICE_QUALIFIER = 129,
 367     SEC_OID_PKIX_OCSP = 130,
 368     SEC_OID_PKIX_OCSP_BASIC_RESPONSE = 131,
 369     SEC_OID_PKIX_OCSP_NONCE = 132,
 370     SEC_OID_PKIX_OCSP_CRL = 133,
 371     SEC_OID_PKIX_OCSP_RESPONSE = 134,
 372     SEC_OID_PKIX_OCSP_NO_CHECK = 135,
 373     SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 136,
 374     SEC_OID_PKIX_OCSP_SERVICE_LOCATOR = 137,
 375     SEC_OID_PKIX_REGCTRL_REGTOKEN = 138,
 376     SEC_OID_PKIX_REGCTRL_AUTHENTICATOR = 139,
 377     SEC_OID_PKIX_REGCTRL_PKIPUBINFO = 140,
 378     SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 141,
 379     SEC_OID_PKIX_REGCTRL_OLD_CERT_ID = 142,
 380     SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 143,
 381     SEC_OID_PKIX_REGINFO_UTF8_PAIRS = 144,
 382     SEC_OID_PKIX_REGINFO_CERT_REQUEST = 145,
 383     SEC_OID_EXT_KEY_USAGE_SERVER_AUTH = 146,
 384     SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH = 147,
 385     SEC_OID_EXT_KEY_USAGE_CODE_SIGN = 148,
 386     SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT = 149,
 387     SEC_OID_EXT_KEY_USAGE_TIME_STAMP = 150,
 388     SEC_OID_OCSP_RESPONDER = 151,
 389
 390     /* Netscape Algorithm OIDs */
 391     SEC_OID_NETSCAPE_SMIME_KEA = 152,
 392
 393     /* Skipjack OID -- ### mwelch temporary */
 394     SEC_OID_FORTEZZA_SKIPJACK = 153,
 395
 396     /* PKCS 12 V2 oids */
 397     SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4 = 154,
 398     SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 = 155,
 399     SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC = 156,
 400     SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC = 157,
 401     SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 158,
 402     SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 159,
 403     SEC_OID_PKCS12_SAFE_CONTENTS_ID = 160,
 404     SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID = 161,
 405
 406     SEC_OID_PKCS12_V1_KEY_BAG_ID = 162,
 407     SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID = 163,
 408     SEC_OID_PKCS12_V1_CERT_BAG_ID = 164,
 409     SEC_OID_PKCS12_V1_CRL_BAG_ID = 165,
 410     SEC_OID_PKCS12_V1_SECRET_BAG_ID = 166,
 411     SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID = 167,
 412     SEC_OID_PKCS9_X509_CERT = 168,
 413     SEC_OID_PKCS9_SDSI_CERT = 169,
 414     SEC_OID_PKCS9_X509_CRL = 170,
 415     SEC_OID_PKCS9_FRIENDLY_NAME = 171,
 416     SEC_OID_PKCS9_LOCAL_KEY_ID = 172,
 417     SEC_OID_PKCS12_KEY_USAGE = 173,
 418
 419     /*Diffe Helman OIDS */
 420     SEC_OID_X942_DIFFIE_HELMAN_KEY = 174,
 421
 422     /* Netscape other name types */
 423     SEC_OID_NETSCAPE_NICKNAME = 175,
 424
 425     /* Cert Server OIDS */
 426     SEC_OID_NETSCAPE_RECOVERY_REQUEST = 176,
 427
 428     /* New PSM certificate management OIDs */
 429     SEC_OID_CERT_RENEWAL_LOCATOR = 177,
 430     SEC_OID_NS_CERT_EXT_SCOPE_OF_USE = 178,
 431
 432     /* CMS (RFC2630) OIDs */
 433     SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN = 179,
 434     SEC_OID_CMS_3DES_KEY_WRAP = 180,
 435     SEC_OID_CMS_RC2_KEY_WRAP = 181,
 436
 437     /* SMIME attributes */
 438     SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE = 182,
 439
 440     /* AES OIDs */
 441     SEC_OID_AES_128_ECB         = 183,
 442     SEC_OID_AES_128_CBC         = 184,
 443     SEC_OID_AES_192_ECB         = 185,
 444     SEC_OID_AES_192_CBC         = 186,
 445     SEC_OID_AES_256_ECB         = 187,
 446     SEC_OID_AES_256_CBC         = 188,
 447
 448     SEC_OID_SDN702_DSA_SIGNATURE = 189,
 449
 450     SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE = 190,
 451
 452     SEC_OID_SHA256              = 191,
 453     SEC_OID_SHA384              = 192,
 454     SEC_OID_SHA512              = 193,
 455
 456     SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 194,
 457     SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 195,
 458     SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 196,
 459
 460     SEC_OID_AES_128_KEY_WRAP    = 197,
 461     SEC_OID_AES_192_KEY_WRAP    = 198,
 462     SEC_OID_AES_256_KEY_WRAP    = 199,
 463
 464     /* eContentType set by client and not understood by this library; treated
 465      * like SEC_OID_PKCS7_DATA, except the caller's OID is encoded. */
 466     SEC_OID_OTHER               = 200,
 467
 468         /* ECDSA */
 469         SEC_OID_EC_PUBLIC_KEY  = 201,
 470         SEC_OID_ECDSA_WithSHA1 = 202,
 471         SEC_OID_DH_SINGLE_STD_SHA1KDF = 203,
 472         SEC_OID_SECP_256_R1 = 204,
 473         SEC_OID_SECP_384_R1 = 205,
 474         SEC_OID_SECP_521_R1 = 206,
 475
 476     /* RFC 3161 Timestamping OIDs */
 477     SEC_OID_PKCS9_ID_CT_TSTInfo = 207,
 478     SEC_OID_PKCS9_TIMESTAMP_TOKEN = 208,
 479     SEC_OID_PKCS9_SIGNING_CERTIFICATE = 209,
 480
 481     SEC_OID_TOTAL
 482 } SECOidTag;
 483
 484 /*!
 485     @function
 486     @abstract Create a new SecArenaPool object.
 487     @param chunksize Size of the chunks the pool will use to allocate its underlying storage.
 488     @param outArena pointer to a SecArenaPoolRef to be created.
 489     @result On success return 0 and outArena will contain a newly created SecArenaPoolRef.
 490     @availability 10.4 and later
 491     @updated 2004-04-23
 492  */
 493 OSStatus SecArenaPoolCreate(size_t chunksize, SecArenaPoolRef *outArena);
 494
 495 /*!
 496     @function
 497     @abstract Free a SecArenaPool object and everything in it.
 498     @param arena The SecArenaPool object to free.
 499     @param zero If this is true the arena's memory will be zero filled before it is freed.
 500     @result arena will no longer be valid and the memory used by it is returned to the malloc heap.
 501     @availability 10.4 and later
 502     @updated 2004-04-23
 503  */
 504 void SecArenaPoolFree(SecArenaPoolRef arena, Boolean zero);
 505
 506
 507 #if defined(__cplusplus)
 508 }
 509 #endif
 510
 511 #endif /* _SECURITY_SECCMSBASE_H_ */