]> git.saurik.com Git - apple/security.git/blob - CMS/SecCmsSignedData.h
Security-59754.80.3.tar.gz
[apple/security.git] / CMS / SecCmsSignedData.h
1 /*
2 * Copyright (c) 2004-2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecCmsSignedData.h
26
27 @availability 10.4 and later
28 @abstract Interfaces of the CMS implementation.
29 @discussion The functions here implement functions for encoding
30 and decoding Cryptographic Message Syntax (CMS) objects
31 as described in rfc3369.
32 */
33
34 #ifndef _SECURITY_SECCMSSIGNEDDATA_H_
35 #define _SECURITY_SECCMSSIGNEDDATA_H_ 1
36
37 #include <Security/SecCmsBase.h>
38 #include <Security/SecTrust.h>
39
40 __BEGIN_DECLS
41
42 /*!
43 @function
44 @abstract Create a new SecCmsSignedData object.
45 @param cmsg Pointer to a SecCmsMessage in which this SecCmsSignedData
46 should be created.
47 */
48 extern SecCmsSignedDataRef
49 SecCmsSignedDataCreate(SecCmsMessageRef cmsg);
50
51 /*!
52 @function
53 */
54 extern void
55 SecCmsSignedDataDestroy(SecCmsSignedDataRef sigd);
56
57 /*!
58 @function
59 @abstract Retrieve the SignedData's signer list.
60 */
61 extern SecCmsSignerInfoRef *
62 SecCmsSignedDataGetSignerInfos(SecCmsSignedDataRef sigd);
63
64 /*!
65 @function
66 */
67 extern int
68 SecCmsSignedDataSignerInfoCount(SecCmsSignedDataRef sigd);
69
70 /*!
71 @function
72 */
73 extern SecCmsSignerInfoRef
74 SecCmsSignedDataGetSignerInfo(SecCmsSignedDataRef sigd, int i);
75
76 /*!
77 @function
78 @abstract Retrieve the SignedData's digest algorithm list.
79 */
80 #pragma clang diagnostic push
81 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
82 extern SECAlgorithmID **
83 SecCmsSignedDataGetDigestAlgs(SecCmsSignedDataRef sigd);
84 #pragma clang diagnostic pop
85
86 /*!
87 @function
88 @abstract Return pointer to this signedData's contentinfo.
89 */
90 extern SecCmsContentInfoRef
91 SecCmsSignedDataGetContentInfo(SecCmsSignedDataRef sigd);
92
93 /*!
94 @function
95 @discussion XXX Should be obsoleted.
96 */
97 extern OSStatus
98 SecCmsSignedDataImportCerts(SecCmsSignedDataRef sigd, SecKeychainRef keychain,
99 SECCertUsage certusage, Boolean keepcerts);
100
101 /*!
102 @function
103 @abstract See if we have digests in place.
104 */
105 extern Boolean
106 SecCmsSignedDataHasDigests(SecCmsSignedDataRef sigd);
107
108 /*!
109 @function
110 @abstract Check the signatures.
111 @discussion The digests were either calculated during decoding (and are stored in the
112 signedData itself) or set after decoding using SecCmsSignedDataSetDigests.
113
114 The verification checks if the signing cert is valid and has a trusted chain
115 for the purpose specified by "policies".
116
117 If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly.
118 Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate().
119 */
120 extern OSStatus
121 SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, SecKeychainRef keychainOrArray,
122 CFTypeRef policies, SecTrustRef *trustRef);
123
124 /*!
125 @function
126 @abstract Verify the certs in a certs-only message.
127 */
128 extern OSStatus
129 SecCmsSignedDataVerifyCertsOnly(SecCmsSignedDataRef sigd,
130 SecKeychainRef keychainOrArray,
131 CFTypeRef policies);
132
133 /*!
134 @function
135 */
136 extern OSStatus
137 SecCmsSignedDataAddCertList(SecCmsSignedDataRef sigd, CFArrayRef certlist);
138
139 /*!
140 @function
141 @abstract Add cert and its entire chain to the set of certs.
142 */
143 extern OSStatus
144 SecCmsSignedDataAddCertChain(SecCmsSignedDataRef sigd, SecCertificateRef cert);
145
146 /*!
147 @function
148 */
149 extern OSStatus
150 SecCmsSignedDataAddCertificate(SecCmsSignedDataRef sigd, SecCertificateRef cert);
151
152 /*!
153 @function
154 */
155 extern Boolean
156 SecCmsSignedDataContainsCertsOrCrls(SecCmsSignedDataRef sigd);
157
158
159 #if TARGET_OS_OSX
160 /*!
161 @function
162 @abstract Retrieve the SignedData's certificate list.
163 */
164 #pragma clang diagnostic push
165 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
166 extern CSSM_DATA_PTR *
167 SecCmsSignedDataGetCertificateList(SecCmsSignedDataRef sigd)
168 API_AVAILABLE(macos(10.4)) API_UNAVAILABLE(macCatalyst);
169 #pragma clang diagnostic pop
170 #else // !TARGET_OS_OSX
171 /*!
172 @function
173 @abstract Retrieve the SignedData's certificate list.
174 */
175 extern SecAsn1Item * *
176 SecCmsSignedDataGetCertificateList(SecCmsSignedDataRef sigd)
177 API_AVAILABLE(ios(2.0), tvos(2.0), watchos(1.0)) API_UNAVAILABLE(macCatalyst);
178 #endif // !TARGET_OS_OSX
179
180 /*!
181 @function
182 @abstract Create a certs-only SignedData.
183 @param cert Base certificate that will be included
184 @param include_chain If true, include the complete cert chain for cert.
185 @discussion More certs and chains can be added via AddCertificate and AddCertChain.
186 @result An error results in a return value of NULL and an error set.
187 */
188 extern SecCmsSignedDataRef
189 SecCmsSignedDataCreateCertsOnly(SecCmsMessageRef cmsg, SecCertificateRef cert, Boolean include_chain);
190
191 #if TARGET_OS_IPHONE
192 /*!
193 @function
194 @abstract Finalize the digests in digestContext and apply them to sigd.
195 @param sigd A SecCmsSignedDataRef for which the digests have been calculated
196 @param digestContext A digestContext created with SecCmsDigestContextStartMultiple.
197 @result The digest will have been applied to sigd. After this call completes sigd is ready to accept
198 SecCmsSignedDataVerifySignerInfo() calls. The caller should still destroy digestContext with a SecCmsDigestContextDestroy() call.
199
200 */
201 extern OSStatus SecCmsSignedDataSetDigestContext(SecCmsSignedDataRef sigd,
202 SecCmsDigestContextRef digestContext)
203 API_AVAILABLE(ios(2.0), tvos(2.0), watchos(1.0)) API_UNAVAILABLE(macos, macCatalyst);
204 #endif
205
206 #if TARGET_OS_OSX
207 extern OSStatus
208 SecCmsSignedDataAddSignerInfo(SecCmsSignedDataRef sigd,
209 SecCmsSignerInfoRef signerinfo);
210
211 #pragma clang diagnostic push
212 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
213 extern OSStatus
214 SecCmsSignedDataSetDigests(SecCmsSignedDataRef sigd,
215 SECAlgorithmID **digestalgs,
216 CSSM_DATA_PTR *digests)
217 API_AVAILABLE(macos(10.4)) API_UNAVAILABLE(macCatalyst);
218 #pragma clang diagnostic pop
219 #endif
220
221 __END_DECLS
222
223 #endif /* _SECURITY_SECCMSSIGNEDDATA_H_ */