]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/SecCMS.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.270.3.0.1.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / SecCMS.h
1 /*
2 * Copyright (c) 2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #ifndef libsecurity_smime_SecCMS_h
26 #define libsecurity_smime_SecCMS_h
27
28 #include <CoreFoundation/CoreFoundation.h>
29 #include <Security/SecBase.h>
30 #include <Security/SecTrust.h>
31
32 extern const void * kSecCMSSignDigest;
33 extern const void * kSecCMSSignDetached;
34 extern const void * kSecCMSSignHashAlgorithm;
35 extern const void * kSecCMSCertChainMode;
36 extern const void * kSecCMSAdditionalCerts;
37 extern const void * kSecCMSSignedAttributes;
38 extern const void * kSecCMSSignDate;
39 extern const void * kSecCMSAllCerts;
40 extern const void * kSecCMSHashAgility;
41 extern const void * kSecCMSHashAgilityV2;
42 extern const void * kSecCMSExpirationDate;
43
44 extern const void * kSecCMSHashingAlgorithmSHA1;
45 extern const void * kSecCMSHashingAlgorithmSHA256;
46 extern const void * kSecCMSHashingAlgorithmSHA384;
47 extern const void * kSecCMSHashingAlgorithmSHA512;
48
49 extern const void * kSecCMSBulkEncryptionAlgorithm;
50 extern const void * kSecCMSEncryptionAlgorithmDESCBC;
51 extern const void * kSecCMSEncryptionAlgorithmAESCBC;
52
53 /* Return an array of certificates contained in message, if message is of the
54 type SignedData and has no signers, return NULL otherwise. Not that if
55 the message is properly formed but has no certificates an empty array will
56 be returned.
57 Designed to match the sec submodule implementation available for iOS
58 */
59 CFArrayRef SecCMSCertificatesOnlyMessageCopyCertificates(CFDataRef message);
60
61 /* Create a degenerate PKCS#7 containing a cert or a CFArray of certs. */
62 CFDataRef SecCMSCreateCertificatesOnlyMessage(CFTypeRef cert_or_array_thereof);
63 CFDataRef SecCMSCreateCertificatesOnlyMessageIAP(SecCertificateRef cert);
64
65 /*!
66 @function SecCMSVerifyCopyDataAndAttributes
67 @abstract verify a signed data cms blob.
68 @param message the cms message to be parsed
69 @param detached_contents to pass detached contents (optional)
70 @param policy specifies policy or array thereof should be used (optional).
71 if none is passed the blob will **not** be verified and only
72 the attached contents will be returned.
73 @param trustref (output/optional) if specified, the trust chain built during
74 verification will not be evaluated but returned to the caller to do so.
75 @param attached_contents (output/optional) return a copy of the attached
76 contents.
77 @param signed_attributes (output/optional) return a copy of the signed
78 attributes as a CFDictionary from oids (CFData) to values
79 (CFArray of CFData).
80 @result A result code. See "Security Error Codes" (SecBase.h).
81 errSecDecode not a CMS message we can parse,
82 errSecAuthFailed bad signature, or untrusted signer if caller doesn't
83 ask for trustref,
84 errSecParam garbage in, garbage out.
85 */
86 OSStatus SecCMSVerifyCopyDataAndAttributes(CFDataRef message, CFDataRef detached_contents,
87 CFTypeRef policy, SecTrustRef *trustref,
88 CFDataRef *attached_contents, CFDictionaryRef *signed_attributes);
89
90 /*!
91 @function SecCMSVerify
92 @abstract same as SecCMSVerifyCopyDataAndAttributes, for binary compatibility.
93 */
94 OSStatus SecCMSVerify(CFDataRef message, CFDataRef detached_contents,
95 CFTypeRef policy, SecTrustRef *trustref, CFDataRef *attached_contents);
96
97 OSStatus SecCMSVerifySignedData(CFDataRef message, CFDataRef detached_contents,
98 CFTypeRef policy, SecTrustRef *trustref, CFArrayRef additional_certificates,
99 CFDataRef *attached_contents, CFDictionaryRef *message_attributes);
100
101 /*!
102 @function SecCMSSignDataAndAttributes
103 @abstract create a signed data cms blob.
104 @param identity signer
105 @param data message to be signed
106 @param detached sign detached or not
107 @param signed_data (output) return signed message.
108 @param signed_attributes (input/optional) signed attributes to insert
109 as a CFDictionary from oids (CFData) to value (CFData).
110 @result A result code. See "Security Error Codes" (SecBase.h).
111 errSecParam garbage in, garbage out.
112 */
113 OSStatus SecCMSSignDataAndAttributes(SecIdentityRef identity, CFDataRef data,
114 bool detached, CFMutableDataRef signed_data, CFDictionaryRef signed_attributes);
115
116 /*!
117 @function SecCMSSignDigestAndAttributes
118 @abstract create a detached signed data cms blob for a SHA-1 hash.
119 @param identity signer
120 @param digest SHA-1 digest of message to be signed
121 @param signed_data (output) return signed message.
122 @param signed_attributes (input/optional) signed attributes to insert
123 as a CFDictionary from oids (CFData) to value (CFData).
124 @result A result code. See "Security Error Codes" (SecBase.h).
125 errSecParam garbage in, garbage out.
126 */
127 OSStatus SecCMSSignDigestAndAttributes(SecIdentityRef identity, CFDataRef digest,
128 CFMutableDataRef signed_data, CFDictionaryRef signed_attributes);
129
130 /*!
131 @function SecCMSCreateSignedData
132 @abstract create a signed data cms blob.
133 @param identity signer
134 @param data SHA-1 digest or message to be signed
135 @param parameters (input/optional) specify algorithm, detached, digest
136 @param signed_attributes (input/optional) signed attributes to insert
137 as a CFDictionary from oids (CFData) to value (CFData).
138 @param signed_data (output) return signed message.
139 @result A result code. See "Security Error Codes" (SecBase.h).
140 errSecParam garbage in, garbage out.
141 */
142 OSStatus SecCMSCreateSignedData(SecIdentityRef identity, CFDataRef data,
143 CFDictionaryRef parameters, CFDictionaryRef signed_attributes,
144 CFMutableDataRef signed_data);
145
146 /*!
147 @function SecCMSCreateEnvelopedData
148 @abstract create a enveloped cms blob for recipients
149 @param recipient_or_cfarray_thereof SecCertificateRef for each recipient
150 @param params CFDictionaryRef with encryption parameters
151 @param data Data to be encrypted
152 @param enveloped_data (output) return enveloped message.
153 @result A result code. See "Security Error Codes" (SecBase.h).
154 errSecParam garbage in, garbage out.
155 */
156 OSStatus SecCMSCreateEnvelopedData(CFTypeRef recipient_or_cfarray_thereof,
157 CFDictionaryRef params, CFDataRef data, CFMutableDataRef enveloped_data);
158
159
160 /*!
161 @function SecCMSDecryptEnvelopedData
162 @abstract open an enveloped cms blob. expects recipients identity in keychain.
163 @param message Eveloped message
164 @param data (output) return decrypted message.
165 @param recipient (output/optional) return addressed recipient
166 @result A result code. See "Security Error Codes" (SecBase.h).
167 errSecParam garbage in, garbage out.
168 */
169 OSStatus SecCMSDecryptEnvelopedData(CFDataRef message,
170 CFMutableDataRef data, SecCertificateRef *recipient);
171
172 #endif
mirror of Security