OSX/libsecurity_smime/lib/SecCMS.h

   1 /*
   2  * Copyright (c) 2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 #ifndef libsecurity_smime_SecCMS_h
  26 #define libsecurity_smime_SecCMS_h
  27
  28 #include <CoreFoundation/CoreFoundation.h>
  29 #include <Security/SecBase.h>
  30 #include <Security/SecTrust.h>
  31
  32 extern const void * kSecCMSSignDigest;
  33 extern const void * kSecCMSSignDetached;
  34 extern const void * kSecCMSSignHashAlgorithm;
  35 extern const void * kSecCMSCertChainMode;
  36 extern const void * kSecCMSAdditionalCerts;
  37 extern const void * kSecCMSSignedAttributes;
  38 extern const void * kSecCMSSignDate;
  39 extern const void * kSecCMSAllCerts;
  40
  41 extern const void * kSecCMSHashingAlgorithmSHA1;
  42 extern const void * kSecCMSHashingAlgorithmSHA256;
  43 extern const void * kSecCMSHashingAlgorithmSHA384;
  44 extern const void * kSecCMSHashingAlgorithmSHA512;
  45
  46 /* Return an array of certificates contained in message, if message is of the
  47  type SignedData and has no signers, return NULL otherwise.   Not that if
  48  the message is properly formed but has no certificates an empty array will
  49  be returned.
  50  Designed to match the sec submodule implementation available for iOS
  51  */
  52 CFArrayRef SecCMSCertificatesOnlyMessageCopyCertificates(CFDataRef message);
  53
  54 /* Create a degenerate PKCS#7 containing a cert or a CFArray of certs. */
  55 CFDataRef SecCMSCreateCertificatesOnlyMessage(CFTypeRef cert_or_array_thereof);
  56 CFDataRef SecCMSCreateCertificatesOnlyMessageIAP(SecCertificateRef cert);
  57
  58 /*!
  59  @function SecCMSVerifyCopyDataAndAttributes
  60  @abstract verify a signed data cms blob.
  61  @param message the cms message to be parsed
  62  @param detached_contents to pass detached contents (optional)
  63  @param policy specifies policy or array thereof should be used (optional).
  64  if none is passed the blob will **not** be verified and only
  65  the attached contents will be returned.
  66  @param trustref (output/optional) if specified, the trust chain built during
  67     verification will not be evaluated but returned to the caller to do so.
  68  @param attached_contents (output/optional) return a copy of the attached
  69  contents.
  70  @param signed_attributes (output/optional) return a copy of the signed
  71     attributes as a CFDictionary from oids (CFData) to values
  72     (CFArray of CFData).
  73  @result A result code.  See "Security Error Codes" (SecBase.h).
  74     errSecDecode not a CMS message we can parse,
  75     errSecAuthFailed bad signature, or untrusted signer if caller doesn't
  76     ask for trustref,
  77     errSecParam garbage in, garbage out.
  78  */
  79 OSStatus SecCMSVerifyCopyDataAndAttributes(CFDataRef message, CFDataRef detached_contents,
  80                                            CFTypeRef policy, SecTrustRef *trustref,
  81                                            CFDataRef *attached_contents, CFDictionaryRef *signed_attributes);
  82
  83 /*!
  84  @function SecCMSVerify
  85  @abstract same as SecCMSVerifyCopyDataAndAttributes, for binary compatibility.
  86  */
  87 OSStatus SecCMSVerify(CFDataRef message, CFDataRef detached_contents,
  88                       CFTypeRef policy, SecTrustRef *trustref, CFDataRef *attached_contents);
  89
  90 OSStatus SecCMSVerifySignedData(CFDataRef message, CFDataRef detached_contents,
  91                                 CFTypeRef policy, SecTrustRef *trustref, CFArrayRef additional_certificates,
  92                                 CFDataRef *attached_contents, CFDictionaryRef *message_attributes);
  93
  94 /*!
  95         @function SecCMSCreateSignedData
  96  @abstract create a signed data cms blob.
  97  @param identity signer
  98  @param data SHA-1 digest or message to be signed
  99  @param parameters (input/optional) specify algorithm, detached, digest
 100  @param signed_attributes (input/optional) signed attributes to insert
 101  as a CFDictionary from oids (CFData) to value (CFData).
 102  @param signed_data (output) return signed message.
 103  @result A result code.  See "Security Error Codes" (SecBase.h).
 104  errSecParam garbage in, garbage out.
 105  */
 106 OSStatus SecCMSCreateSignedData(SecIdentityRef identity, CFDataRef data,
 107                                 CFDictionaryRef parameters, CFDictionaryRef signed_attributes,
 108                                 CFMutableDataRef signed_data);
 109
 110 #endif