2 * Copyright (c) 2004-2018 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 @header SecCmsSignedData.h
27 @availability 10.4 and later
28 @abstract Interfaces of the CMS implementation.
29 @discussion The functions here implement functions for encoding
30 and decoding Cryptographic Message Syntax (CMS) objects
31 as described in rfc3369.
34 #ifndef _SECURITY_SECCMSSIGNEDDATA_H_
35 #define _SECURITY_SECCMSSIGNEDDATA_H_ 1
37 #include <Security/SecCmsBase.h>
38 #include <Security/SecTrust.h>
44 @abstract Create a new SecCmsSignedData object.
45 @param cmsg Pointer to a SecCmsMessage in which this SecCmsSignedData
48 extern SecCmsSignedDataRef
49 SecCmsSignedDataCreate(SecCmsMessageRef cmsg
);
55 SecCmsSignedDataDestroy(SecCmsSignedDataRef sigd
);
59 @abstract Retrieve the SignedData's signer list.
61 extern SecCmsSignerInfoRef
*
62 SecCmsSignedDataGetSignerInfos(SecCmsSignedDataRef sigd
);
68 SecCmsSignedDataSignerInfoCount(SecCmsSignedDataRef sigd
);
73 extern SecCmsSignerInfoRef
74 SecCmsSignedDataGetSignerInfo(SecCmsSignedDataRef sigd
, int i
);
78 @abstract Retrieve the SignedData's digest algorithm list.
80 #pragma clang diagnostic push
81 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
82 extern SECAlgorithmID
**
83 SecCmsSignedDataGetDigestAlgs(SecCmsSignedDataRef sigd
);
84 #pragma clang diagnostic pop
88 @abstract Return pointer to this signedData's contentinfo.
90 extern SecCmsContentInfoRef
91 SecCmsSignedDataGetContentInfo(SecCmsSignedDataRef sigd
);
95 @discussion XXX Should be obsoleted.
98 SecCmsSignedDataImportCerts(SecCmsSignedDataRef sigd
, SecKeychainRef keychain
,
99 SECCertUsage certusage
, Boolean keepcerts
);
103 @abstract See if we have digests in place.
106 SecCmsSignedDataHasDigests(SecCmsSignedDataRef sigd
);
110 @abstract Check the signatures.
111 @discussion The digests were either calculated during decoding (and are stored in the
112 signedData itself) or set after decoding using SecCmsSignedDataSetDigests.
114 The verification checks if the signing cert is valid and has a trusted chain
115 for the purpose specified by "policies".
117 If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly.
118 Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate().
121 SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd
, int i
, SecKeychainRef keychainOrArray
,
122 CFTypeRef policies
, SecTrustRef
*trustRef
);
126 @abstract Verify the certs in a certs-only message.
129 SecCmsSignedDataVerifyCertsOnly(SecCmsSignedDataRef sigd
,
130 SecKeychainRef keychainOrArray
,
137 SecCmsSignedDataAddCertList(SecCmsSignedDataRef sigd
, CFArrayRef certlist
);
141 @abstract Add cert and its entire chain to the set of certs.
144 SecCmsSignedDataAddCertChain(SecCmsSignedDataRef sigd
, SecCertificateRef cert
);
150 SecCmsSignedDataAddCertificate(SecCmsSignedDataRef sigd
, SecCertificateRef cert
);
156 SecCmsSignedDataContainsCertsOrCrls(SecCmsSignedDataRef sigd
);
162 @abstract Retrieve the SignedData's certificate list.
164 #pragma clang diagnostic push
165 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
166 extern CSSM_DATA_PTR
*
167 SecCmsSignedDataGetCertificateList(SecCmsSignedDataRef sigd
)
168 API_AVAILABLE(macos(10.4)) API_UNAVAILABLE(macCatalyst
);
169 #pragma clang diagnostic pop
170 #else // !TARGET_OS_OSX
173 @abstract Retrieve the SignedData's certificate list.
175 extern SecAsn1Item
* *
176 SecCmsSignedDataGetCertificateList(SecCmsSignedDataRef sigd
)
177 API_AVAILABLE(ios(2.0), tvos(2.0), watchos(1.0)) API_UNAVAILABLE(macCatalyst
);
178 #endif // !TARGET_OS_OSX
182 @abstract Create a certs-only SignedData.
183 @param cert Base certificate that will be included
184 @param include_chain If true, include the complete cert chain for cert.
185 @discussion More certs and chains can be added via AddCertificate and AddCertChain.
186 @result An error results in a return value of NULL and an error set.
188 extern SecCmsSignedDataRef
189 SecCmsSignedDataCreateCertsOnly(SecCmsMessageRef cmsg
, SecCertificateRef cert
, Boolean include_chain
);
194 @abstract Finalize the digests in digestContext and apply them to sigd.
195 @param sigd A SecCmsSignedDataRef for which the digests have been calculated
196 @param digestContext A digestContext created with SecCmsDigestContextStartMultiple.
197 @result The digest will have been applied to sigd. After this call completes sigd is ready to accept
198 SecCmsSignedDataVerifySignerInfo() calls. The caller should still destroy digestContext with a SecCmsDigestContextDestroy() call.
201 extern OSStatus
SecCmsSignedDataSetDigestContext(SecCmsSignedDataRef sigd
,
202 SecCmsDigestContextRef digestContext
)
203 API_AVAILABLE(ios(2.0), tvos(2.0), watchos(1.0)) API_UNAVAILABLE(macos
, macCatalyst
);
208 SecCmsSignedDataAddSignerInfo(SecCmsSignedDataRef sigd
,
209 SecCmsSignerInfoRef signerinfo
);
211 #pragma clang diagnostic push
212 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
214 SecCmsSignedDataSetDigests(SecCmsSignedDataRef sigd
,
215 SECAlgorithmID
**digestalgs
,
216 CSSM_DATA_PTR
*digests
)
217 API_AVAILABLE(macos(10.4)) API_UNAVAILABLE(macCatalyst
);
218 #pragma clang diagnostic pop
223 #endif /* _SECURITY_SECCMSSIGNEDDATA_H_ */