]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_smime/lib/cmspriv.h
Security-57031.10.10.tar.gz
[apple/security.git] / Security / libsecurity_smime / lib / cmspriv.h
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * Interfaces of the CMS implementation.
36 */
37
38 #ifndef _CMSPRIV_H_
39 #define _CMSPRIV_H_
40
41 #include <Security/SecTrust.h>
42 #include "cmstpriv.h"
43
44 /************************************************************************/
45 SEC_BEGIN_PROTOS
46
47
48 /************************************************************************
49 * cmsutil.c - CMS misc utility functions
50 ************************************************************************/
51
52
53 /*
54 * SecCmsArraySortByDER - sort array of objects by objects' DER encoding
55 *
56 * make sure that the order of the objects guarantees valid DER (which must be
57 * in lexigraphically ascending order for a SET OF); if reordering is necessary it
58 * will be done in place (in objs).
59 */
60 extern OSStatus
61 SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, void **objs2);
62
63 /*
64 * SecCmsUtilDERCompare - for use with SecCmsArraySort to
65 * sort arrays of CSSM_DATAs containing DER
66 */
67 extern int
68 SecCmsUtilDERCompare(void *a, void *b);
69
70 /*
71 * SecCmsAlgArrayGetIndexByAlgID - find a specific algorithm in an array of
72 * algorithms.
73 *
74 * algorithmArray - array of algorithm IDs
75 * algid - algorithmid of algorithm to pick
76 *
77 * Returns:
78 * An integer containing the index of the algorithm in the array or -1 if
79 * algorithm was not found.
80 */
81 extern int
82 SecCmsAlgArrayGetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid);
83
84 /*
85 * SecCmsAlgArrayGetIndexByAlgID - find a specific algorithm in an array of
86 * algorithms.
87 *
88 * algorithmArray - array of algorithm IDs
89 * algiddata - id of algorithm to pick
90 *
91 * Returns:
92 * An integer containing the index of the algorithm in the array or -1 if
93 * algorithm was not found.
94 */
95 extern int
96 SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag);
97
98 extern CSSM_CC_HANDLE
99 SecCmsUtilGetHashObjByAlgID(SECAlgorithmID *algid);
100
101 /*
102 * XXX I would *really* like to not have to do this, but the current
103 * signing interface gives me little choice.
104 */
105 extern SECOidTag
106 SecCmsUtilMakeSignatureAlgorithm(SECOidTag hashalg, SECOidTag encalg);
107
108 extern const SecAsn1Template *
109 SecCmsUtilGetTemplateByTypeTag(SECOidTag type);
110
111 extern size_t
112 SecCmsUtilGetSizeByTypeTag(SECOidTag type);
113
114 extern SecCmsContentInfoRef
115 SecCmsContentGetContentInfo(void *msg, SECOidTag type);
116
117 /************************************************************************
118 * cmsmessage.c - CMS message methods
119 ************************************************************************/
120
121 /*!
122 @function
123 @abstract Set up a CMS message object for encoding or decoding.
124 @discussion used internally.
125 @param cmsg Pointer to a SecCmsMessage object
126 @param pwfn callback function for getting token password for enveloped
127 data content with a password recipient.
128 @param pwfn_arg first argument passed to pwfn when it is called.
129 @param encrypt_key_cb callback function for getting bulk key for encryptedData content.
130 @param encrypt_key_cb_arg first argument passed to encrypt_key_cb when it is
131 called.
132 @param detached_digestalgs digest algorithms in detached_digests
133 @param detached_digests digests from detached content (one for every element
134 in detached_digestalgs).
135 */
136 extern void
137 SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
138 PK11PasswordFunc pwfn, void *pwfn_arg,
139 SecCmsGetDecryptKeyCallback encrypt_key_cb, void *encrypt_key_cb_arg,
140 SECAlgorithmID **detached_digestalgs, CSSM_DATA_PTR *detached_digests);
141
142 extern void
143 SecCmsMessageSetTSACallback(SecCmsMessageRef cmsg, SecCmsTSACallback tsaCallback);
144
145 extern void
146 SecCmsMessageSetTSAContext(SecCmsMessageRef cmsg, const void *tsaContext); //CFTypeRef
147
148 /************************************************************************
149 * cmscinfo.c - CMS contentInfo methods
150 ************************************************************************/
151
152 /*!
153 Destroy a CMS contentInfo and all of its sub-pieces.
154 @param cinfo The contentInfo object to destroy.
155 */
156 extern void
157 SecCmsContentInfoDestroy(SecCmsContentInfoRef cinfo);
158
159 /*
160 * SecCmsContentInfoSetContent - set cinfo's content type & content to CMS object
161 */
162 extern OSStatus
163 SecCmsContentInfoSetContent(SecCmsMessageRef cmsg, SecCmsContentInfoRef cinfo, SECOidTag type, void *ptr);
164
165
166 /************************************************************************
167 * cmssigdata.c - CMS signedData methods
168 ************************************************************************/
169
170 extern OSStatus
171 SecCmsSignedDataSetDigestValue(SecCmsSignedDataRef sigd,
172 SECOidTag digestalgtag,
173 CSSM_DATA_PTR digestdata);
174
175 extern OSStatus
176 SecCmsSignedDataAddDigest(SecArenaPoolRef pool,
177 SecCmsSignedDataRef sigd,
178 SECOidTag digestalgtag,
179 CSSM_DATA_PTR digest);
180
181 extern CSSM_DATA_PTR
182 SecCmsSignedDataGetDigestByAlgTag(SecCmsSignedDataRef sigd, SECOidTag algtag);
183
184 extern CSSM_DATA_PTR
185 SecCmsSignedDataGetDigestValue(SecCmsSignedDataRef sigd, SECOidTag digestalgtag);
186
187 /*
188 * SecCmsSignedDataEncodeBeforeStart - do all the necessary things to a SignedData
189 * before start of encoding.
190 *
191 * In detail:
192 * - find out about the right value to put into sigd->version
193 * - come up with a list of digestAlgorithms (which should be the union of the algorithms
194 * in the signerinfos).
195 * If we happen to have a pre-set list of algorithms (and digest values!), we
196 * check if we have all the signerinfos' algorithms. If not, this is an error.
197 */
198 extern OSStatus
199 SecCmsSignedDataEncodeBeforeStart(SecCmsSignedDataRef sigd);
200
201 extern OSStatus
202 SecCmsSignedDataEncodeBeforeData(SecCmsSignedDataRef sigd);
203
204 /*
205 * SecCmsSignedDataEncodeAfterData - do all the necessary things to a SignedData
206 * after all the encapsulated data was passed through the encoder.
207 *
208 * In detail:
209 * - create the signatures in all the SignerInfos
210 *
211 * Please note that nothing is done to the Certificates and CRLs in the message - this
212 * is entirely the responsibility of our callers.
213 */
214 extern OSStatus
215 SecCmsSignedDataEncodeAfterData(SecCmsSignedDataRef sigd);
216
217 extern OSStatus
218 SecCmsSignedDataDecodeBeforeData(SecCmsSignedDataRef sigd);
219
220 /*
221 * SecCmsSignedDataDecodeAfterData - do all the necessary things to a SignedData
222 * after all the encapsulated data was passed through the decoder.
223 */
224 extern OSStatus
225 SecCmsSignedDataDecodeAfterData(SecCmsSignedDataRef sigd);
226
227 /*
228 * SecCmsSignedDataDecodeAfterEnd - do all the necessary things to a SignedData
229 * after all decoding is finished.
230 */
231 extern OSStatus
232 SecCmsSignedDataDecodeAfterEnd(SecCmsSignedDataRef sigd);
233
234 /*
235 * Get SecCmsSignedDataRawCerts - obtain raw certs as a NULL_terminated array
236 * of pointers.
237 */
238 extern OSStatus SecCmsSignedDataRawCerts(SecCmsSignedDataRef sigd,
239 CSSM_DATA_PTR **rawCerts);
240
241 /************************************************************************
242 * cmssiginfo.c - CMS signerInfo methods
243 ************************************************************************/
244
245 /*
246 * SecCmsSignerInfoSign - sign something
247 *
248 */
249 extern OSStatus
250 SecCmsSignerInfoSign(SecCmsSignerInfoRef signerinfo, CSSM_DATA_PTR digest, CSSM_DATA_PTR contentType);
251
252 /*
253 * If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly.
254 * Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate().
255 */
256 extern OSStatus
257 SecCmsSignerInfoVerifyCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef keychainOrArray,
258 CFTypeRef policies, SecTrustRef *trustRef);
259
260 /*
261 * SecCmsSignerInfoVerify - verify the signature of a single SignerInfo
262 *
263 * Just verifies the signature. The assumption is that verification of the certificate
264 * is done already.
265 */
266 extern OSStatus
267 SecCmsSignerInfoVerify(SecCmsSignerInfoRef signerinfo, CSSM_DATA_PTR digest, CSSM_DATA_PTR contentType);
268
269 /*
270 * SecCmsSignerInfoVerifyWithPolicy - verify the signature of a single SignerInfo
271 * use the designated policy for timeStamp signer verification
272 * Just verifies the signature. The assumption is that verification of the certificate
273 * is done already.
274 */
275 extern OSStatus
276 SecCmsSignerInfoVerifyWithPolicy(SecCmsSignerInfoRef signerinfo,CFTypeRef timeStampPolicy, CSSM_DATA_PTR digest, CSSM_DATA_PTR contentType);
277
278 /*
279 * SecCmsSignerInfoAddAuthAttr - add an attribute to the
280 * authenticated (i.e. signed) attributes of "signerinfo".
281 */
282 extern OSStatus
283 SecCmsSignerInfoAddAuthAttr(SecCmsSignerInfoRef signerinfo, SecCmsAttribute *attr);
284
285 /*
286 * SecCmsSignerInfoAddUnauthAttr - add an attribute to the
287 * unauthenticated attributes of "signerinfo".
288 */
289 extern OSStatus
290 SecCmsSignerInfoAddUnauthAttr(SecCmsSignerInfoRef signerinfo, SecCmsAttribute *attr);
291
292 extern int
293 SecCmsSignerInfoGetVersion(SecCmsSignerInfoRef signerinfo);
294
295 /*
296 * Determine whether Microsoft ECDSA compatibility mode is enabled.
297 * See comments in SecCmsSignerInfo.h for details.
298 * Implemented in siginfoUtils.cpp for access to C++ Dictionary class.
299 */
300 extern bool
301 SecCmsMsEcdsaCompatMode();
302
303
304 /************************************************************************
305 * cmsenvdata.c - CMS envelopedData methods
306 ************************************************************************/
307
308 /*
309 * SecCmsEnvelopedDataEncodeBeforeStart - prepare this envelopedData for encoding
310 *
311 * at this point, we need
312 * - recipientinfos set up with recipient's certificates
313 * - a content encryption algorithm (if none, 3DES will be used)
314 *
315 * this function will generate a random content encryption key (aka bulk key),
316 * initialize the recipientinfos with certificate identification and wrap the bulk key
317 * using the proper algorithm for every certificiate.
318 * it will finally set the bulk algorithm and key so that the encode step can find it.
319 */
320 extern OSStatus
321 SecCmsEnvelopedDataEncodeBeforeStart(SecCmsEnvelopedDataRef envd);
322
323 /*
324 * SecCmsEnvelopedDataEncodeBeforeData - set up encryption
325 */
326 extern OSStatus
327 SecCmsEnvelopedDataEncodeBeforeData(SecCmsEnvelopedDataRef envd);
328
329 /*
330 * SecCmsEnvelopedDataEncodeAfterData - finalize this envelopedData for encoding
331 */
332 extern OSStatus
333 SecCmsEnvelopedDataEncodeAfterData(SecCmsEnvelopedDataRef envd);
334
335 /*
336 * SecCmsEnvelopedDataDecodeBeforeData - find our recipientinfo,
337 * derive bulk key & set up our contentinfo
338 */
339 extern OSStatus
340 SecCmsEnvelopedDataDecodeBeforeData(SecCmsEnvelopedDataRef envd);
341
342 /*
343 * SecCmsEnvelopedDataDecodeAfterData - finish decrypting this envelopedData's content
344 */
345 extern OSStatus
346 SecCmsEnvelopedDataDecodeAfterData(SecCmsEnvelopedDataRef envd);
347
348 /*
349 * SecCmsEnvelopedDataDecodeAfterEnd - finish decoding this envelopedData
350 */
351 extern OSStatus
352 SecCmsEnvelopedDataDecodeAfterEnd(SecCmsEnvelopedDataRef envd);
353
354
355 /************************************************************************
356 * cmsrecinfo.c - CMS recipientInfo methods
357 ************************************************************************/
358
359 extern int
360 SecCmsRecipientInfoGetVersion(SecCmsRecipientInfoRef ri);
361
362 extern CSSM_DATA_PTR
363 SecCmsRecipientInfoGetEncryptedKey(SecCmsRecipientInfoRef ri, int subIndex);
364
365
366 extern SECOidTag
367 SecCmsRecipientInfoGetKeyEncryptionAlgorithmTag(SecCmsRecipientInfoRef ri);
368
369 extern OSStatus
370 SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri, SecSymmetricKeyRef bulkkey, SECOidTag bulkalgtag);
371
372 extern SecSymmetricKeyRef
373 SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex,
374 SecCertificateRef cert, SecPrivateKeyRef privkey, SECOidTag bulkalgtag);
375
376
377 /************************************************************************
378 * cmsencdata.c - CMS encryptedData methods
379 ************************************************************************/
380
381 /*
382 * SecCmsEncryptedDataEncodeBeforeStart - do all the necessary things to a EncryptedData
383 * before encoding begins.
384 *
385 * In particular:
386 * - set the correct version value.
387 * - get the encryption key
388 */
389 extern OSStatus
390 SecCmsEncryptedDataEncodeBeforeStart(SecCmsEncryptedDataRef encd);
391
392 /*
393 * SecCmsEncryptedDataEncodeBeforeData - set up encryption
394 */
395 extern OSStatus
396 SecCmsEncryptedDataEncodeBeforeData(SecCmsEncryptedDataRef encd);
397
398 /*
399 * SecCmsEncryptedDataEncodeAfterData - finalize this encryptedData for encoding
400 */
401 extern OSStatus
402 SecCmsEncryptedDataEncodeAfterData(SecCmsEncryptedDataRef encd);
403
404 /*
405 * SecCmsEncryptedDataDecodeBeforeData - find bulk key & set up decryption
406 */
407 extern OSStatus
408 SecCmsEncryptedDataDecodeBeforeData(SecCmsEncryptedDataRef encd);
409
410 /*
411 * SecCmsEncryptedDataDecodeAfterData - finish decrypting this encryptedData's content
412 */
413 extern OSStatus
414 SecCmsEncryptedDataDecodeAfterData(SecCmsEncryptedDataRef encd);
415
416 /*
417 * SecCmsEncryptedDataDecodeAfterEnd - finish decoding this encryptedData
418 */
419 extern OSStatus
420 SecCmsEncryptedDataDecodeAfterEnd(SecCmsEncryptedDataRef encd);
421
422
423 /************************************************************************
424 * cmsdigdata.c - CMS encryptedData methods
425 ************************************************************************/
426
427 /*
428 * SecCmsDigestedDataEncodeBeforeStart - do all the necessary things to a DigestedData
429 * before encoding begins.
430 *
431 * In particular:
432 * - set the right version number. The contentInfo's content type must be set up already.
433 */
434 extern OSStatus
435 SecCmsDigestedDataEncodeBeforeStart(SecCmsDigestedDataRef digd);
436
437 /*
438 * SecCmsDigestedDataEncodeBeforeData - do all the necessary things to a DigestedData
439 * before the encapsulated data is passed through the encoder.
440 *
441 * In detail:
442 * - set up the digests if necessary
443 */
444 extern OSStatus
445 SecCmsDigestedDataEncodeBeforeData(SecCmsDigestedDataRef digd);
446
447 /*
448 * SecCmsDigestedDataEncodeAfterData - do all the necessary things to a DigestedData
449 * after all the encapsulated data was passed through the encoder.
450 *
451 * In detail:
452 * - finish the digests
453 */
454 extern OSStatus
455 SecCmsDigestedDataEncodeAfterData(SecCmsDigestedDataRef digd);
456
457 /*
458 * SecCmsDigestedDataDecodeBeforeData - do all the necessary things to a DigestedData
459 * before the encapsulated data is passed through the encoder.
460 *
461 * In detail:
462 * - set up the digests if necessary
463 */
464 extern OSStatus
465 SecCmsDigestedDataDecodeBeforeData(SecCmsDigestedDataRef digd);
466
467 /*
468 * SecCmsDigestedDataDecodeAfterData - do all the necessary things to a DigestedData
469 * after all the encapsulated data was passed through the encoder.
470 *
471 * In detail:
472 * - finish the digests
473 */
474 extern OSStatus
475 SecCmsDigestedDataDecodeAfterData(SecCmsDigestedDataRef digd);
476
477 /*
478 * SecCmsDigestedDataDecodeAfterEnd - finalize a digestedData.
479 *
480 * In detail:
481 * - check the digests for equality
482 */
483 extern OSStatus
484 SecCmsDigestedDataDecodeAfterEnd(SecCmsDigestedDataRef digd);
485
486
487 /************************************************************************
488 * cmsdigest.c - CMS encryptedData methods
489 ************************************************************************/
490
491 /*
492 * SecCmsDigestContextStartSingle - same as SecCmsDigestContextStartMultiple, but
493 * only one algorithm.
494 */
495 extern SecCmsDigestContextRef
496 SecCmsDigestContextStartSingle(SECAlgorithmID *digestalg);
497
498 /*
499 * SecCmsDigestContextFinishSingle - same as SecCmsDigestContextFinishMultiple,
500 * but for one digest.
501 */
502 extern OSStatus
503 SecCmsDigestContextFinishSingle(SecCmsDigestContextRef cmsdigcx, SecArenaPoolRef arena,
504 CSSM_DATA_PTR digest);
505
506
507 /************************************************************************/
508 SEC_END_PROTOS
509
510 #endif /* _CMSPRIV_H_ */