2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
12 * The Original Code is the Netscape security libraries.
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
35 * Interfaces of the CMS implementation.
41 #include <Security/SecTrust.h>
44 /************************************************************************/
48 /************************************************************************
49 * cmsutil.c - CMS misc utility functions
50 ************************************************************************/
54 * SecCmsArraySortByDER - sort array of objects by objects' DER encoding
56 * make sure that the order of the objects guarantees valid DER (which must be
57 * in lexigraphically ascending order for a SET OF); if reordering is necessary it
58 * will be done in place (in objs).
61 SecCmsArraySortByDER(void **objs
, const SecAsn1Template
*objtemplate
, void **objs2
);
64 * SecCmsUtilDERCompare - for use with SecCmsArraySort to
65 * sort arrays of CSSM_DATAs containing DER
68 SecCmsUtilDERCompare(void *a
, void *b
);
71 * SecCmsAlgArrayGetIndexByAlgID - find a specific algorithm in an array of
74 * algorithmArray - array of algorithm IDs
75 * algid - algorithmid of algorithm to pick
78 * An integer containing the index of the algorithm in the array or -1 if
79 * algorithm was not found.
82 SecCmsAlgArrayGetIndexByAlgID(SECAlgorithmID
**algorithmArray
, SECAlgorithmID
*algid
);
85 * SecCmsAlgArrayGetIndexByAlgID - find a specific algorithm in an array of
88 * algorithmArray - array of algorithm IDs
89 * algiddata - id of algorithm to pick
92 * An integer containing the index of the algorithm in the array or -1 if
93 * algorithm was not found.
96 SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID
**algorithmArray
, SECOidTag algtag
);
99 SecCmsUtilGetHashObjByAlgID(SECAlgorithmID
*algid
);
102 * XXX I would *really* like to not have to do this, but the current
103 * signing interface gives me little choice.
106 SecCmsUtilMakeSignatureAlgorithm(SECOidTag hashalg
, SECOidTag encalg
);
108 extern const SecAsn1Template
*
109 SecCmsUtilGetTemplateByTypeTag(SECOidTag type
);
112 SecCmsUtilGetSizeByTypeTag(SECOidTag type
);
114 extern SecCmsContentInfoRef
115 SecCmsContentGetContentInfo(void *msg
, SECOidTag type
);
117 /************************************************************************
118 * cmsmessage.c - CMS message methods
119 ************************************************************************/
123 @abstract Set up a CMS message object for encoding or decoding.
124 @discussion used internally.
125 @param cmsg Pointer to a SecCmsMessage object
126 @param pwfn callback function for getting token password for enveloped
127 data content with a password recipient.
128 @param pwfn_arg first argument passed to pwfn when it is called.
129 @param encrypt_key_cb callback function for getting bulk key for encryptedData content.
130 @param encrypt_key_cb_arg first argument passed to encrypt_key_cb when it is
132 @param detached_digestalgs digest algorithms in detached_digests
133 @param detached_digests digests from detached content (one for every element
134 in detached_digestalgs).
137 SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg
,
138 PK11PasswordFunc pwfn
, void *pwfn_arg
,
139 SecCmsGetDecryptKeyCallback encrypt_key_cb
, void *encrypt_key_cb_arg
,
140 SECAlgorithmID
**detached_digestalgs
, CSSM_DATA_PTR
*detached_digests
);
143 SecCmsMessageSetTSACallback(SecCmsMessageRef cmsg
, SecCmsTSACallback tsaCallback
);
146 SecCmsMessageSetTSAContext(SecCmsMessageRef cmsg
, const void *tsaContext
); //CFTypeRef
148 /************************************************************************
149 * cmscinfo.c - CMS contentInfo methods
150 ************************************************************************/
153 Destroy a CMS contentInfo and all of its sub-pieces.
154 @param cinfo The contentInfo object to destroy.
157 SecCmsContentInfoDestroy(SecCmsContentInfoRef cinfo
);
160 * SecCmsContentInfoSetContent - set cinfo's content type & content to CMS object
163 SecCmsContentInfoSetContent(SecCmsMessageRef cmsg
, SecCmsContentInfoRef cinfo
, SECOidTag type
, void *ptr
);
166 /************************************************************************
167 * cmssigdata.c - CMS signedData methods
168 ************************************************************************/
171 SecCmsSignedDataSetDigestValue(SecCmsSignedDataRef sigd
,
172 SECOidTag digestalgtag
,
173 CSSM_DATA_PTR digestdata
);
176 SecCmsSignedDataAddDigest(SecArenaPoolRef pool
,
177 SecCmsSignedDataRef sigd
,
178 SECOidTag digestalgtag
,
179 CSSM_DATA_PTR digest
);
182 SecCmsSignedDataGetDigestByAlgTag(SecCmsSignedDataRef sigd
, SECOidTag algtag
);
185 SecCmsSignedDataGetDigestValue(SecCmsSignedDataRef sigd
, SECOidTag digestalgtag
);
188 * SecCmsSignedDataEncodeBeforeStart - do all the necessary things to a SignedData
189 * before start of encoding.
192 * - find out about the right value to put into sigd->version
193 * - come up with a list of digestAlgorithms (which should be the union of the algorithms
194 * in the signerinfos).
195 * If we happen to have a pre-set list of algorithms (and digest values!), we
196 * check if we have all the signerinfos' algorithms. If not, this is an error.
199 SecCmsSignedDataEncodeBeforeStart(SecCmsSignedDataRef sigd
);
202 SecCmsSignedDataEncodeBeforeData(SecCmsSignedDataRef sigd
);
205 * SecCmsSignedDataEncodeAfterData - do all the necessary things to a SignedData
206 * after all the encapsulated data was passed through the encoder.
209 * - create the signatures in all the SignerInfos
211 * Please note that nothing is done to the Certificates and CRLs in the message - this
212 * is entirely the responsibility of our callers.
215 SecCmsSignedDataEncodeAfterData(SecCmsSignedDataRef sigd
);
218 SecCmsSignedDataDecodeBeforeData(SecCmsSignedDataRef sigd
);
221 * SecCmsSignedDataDecodeAfterData - do all the necessary things to a SignedData
222 * after all the encapsulated data was passed through the decoder.
225 SecCmsSignedDataDecodeAfterData(SecCmsSignedDataRef sigd
);
228 * SecCmsSignedDataDecodeAfterEnd - do all the necessary things to a SignedData
229 * after all decoding is finished.
232 SecCmsSignedDataDecodeAfterEnd(SecCmsSignedDataRef sigd
);
235 * Get SecCmsSignedDataRawCerts - obtain raw certs as a NULL_terminated array
238 extern OSStatus
SecCmsSignedDataRawCerts(SecCmsSignedDataRef sigd
,
239 CSSM_DATA_PTR
**rawCerts
);
241 /************************************************************************
242 * cmssiginfo.c - CMS signerInfo methods
243 ************************************************************************/
246 * SecCmsSignerInfoSign - sign something
250 SecCmsSignerInfoSign(SecCmsSignerInfoRef signerinfo
, CSSM_DATA_PTR digest
, CSSM_DATA_PTR contentType
);
253 * If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly.
254 * Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate().
257 SecCmsSignerInfoVerifyCertificate(SecCmsSignerInfoRef signerinfo
, SecKeychainRef keychainOrArray
,
258 CFTypeRef policies
, SecTrustRef
*trustRef
);
261 * SecCmsSignerInfoVerify - verify the signature of a single SignerInfo
263 * Just verifies the signature. The assumption is that verification of the certificate
267 SecCmsSignerInfoVerify(SecCmsSignerInfoRef signerinfo
, CSSM_DATA_PTR digest
, CSSM_DATA_PTR contentType
);
270 * SecCmsSignerInfoAddAuthAttr - add an attribute to the
271 * authenticated (i.e. signed) attributes of "signerinfo".
274 SecCmsSignerInfoAddAuthAttr(SecCmsSignerInfoRef signerinfo
, SecCmsAttribute
*attr
);
277 * SecCmsSignerInfoAddUnauthAttr - add an attribute to the
278 * unauthenticated attributes of "signerinfo".
281 SecCmsSignerInfoAddUnauthAttr(SecCmsSignerInfoRef signerinfo
, SecCmsAttribute
*attr
);
284 SecCmsSignerInfoGetVersion(SecCmsSignerInfoRef signerinfo
);
287 * Determine whether Microsoft ECDSA compatibility mode is enabled.
288 * See comments in SecCmsSignerInfo.h for details.
289 * Implemented in siginfoUtils.cpp for access to C++ Dictionary class.
292 SecCmsMsEcdsaCompatMode();
295 /************************************************************************
296 * cmsenvdata.c - CMS envelopedData methods
297 ************************************************************************/
300 * SecCmsEnvelopedDataEncodeBeforeStart - prepare this envelopedData for encoding
302 * at this point, we need
303 * - recipientinfos set up with recipient's certificates
304 * - a content encryption algorithm (if none, 3DES will be used)
306 * this function will generate a random content encryption key (aka bulk key),
307 * initialize the recipientinfos with certificate identification and wrap the bulk key
308 * using the proper algorithm for every certificiate.
309 * it will finally set the bulk algorithm and key so that the encode step can find it.
312 SecCmsEnvelopedDataEncodeBeforeStart(SecCmsEnvelopedDataRef envd
);
315 * SecCmsEnvelopedDataEncodeBeforeData - set up encryption
318 SecCmsEnvelopedDataEncodeBeforeData(SecCmsEnvelopedDataRef envd
);
321 * SecCmsEnvelopedDataEncodeAfterData - finalize this envelopedData for encoding
324 SecCmsEnvelopedDataEncodeAfterData(SecCmsEnvelopedDataRef envd
);
327 * SecCmsEnvelopedDataDecodeBeforeData - find our recipientinfo,
328 * derive bulk key & set up our contentinfo
331 SecCmsEnvelopedDataDecodeBeforeData(SecCmsEnvelopedDataRef envd
);
334 * SecCmsEnvelopedDataDecodeAfterData - finish decrypting this envelopedData's content
337 SecCmsEnvelopedDataDecodeAfterData(SecCmsEnvelopedDataRef envd
);
340 * SecCmsEnvelopedDataDecodeAfterEnd - finish decoding this envelopedData
343 SecCmsEnvelopedDataDecodeAfterEnd(SecCmsEnvelopedDataRef envd
);
346 /************************************************************************
347 * cmsrecinfo.c - CMS recipientInfo methods
348 ************************************************************************/
351 SecCmsRecipientInfoGetVersion(SecCmsRecipientInfoRef ri
);
354 SecCmsRecipientInfoGetEncryptedKey(SecCmsRecipientInfoRef ri
, int subIndex
);
358 SecCmsRecipientInfoGetKeyEncryptionAlgorithmTag(SecCmsRecipientInfoRef ri
);
361 SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri
, SecSymmetricKeyRef bulkkey
, SECOidTag bulkalgtag
);
363 extern SecSymmetricKeyRef
364 SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri
, int subIndex
,
365 SecCertificateRef cert
, SecPrivateKeyRef privkey
, SECOidTag bulkalgtag
);
368 /************************************************************************
369 * cmsencdata.c - CMS encryptedData methods
370 ************************************************************************/
373 * SecCmsEncryptedDataEncodeBeforeStart - do all the necessary things to a EncryptedData
374 * before encoding begins.
377 * - set the correct version value.
378 * - get the encryption key
381 SecCmsEncryptedDataEncodeBeforeStart(SecCmsEncryptedDataRef encd
);
384 * SecCmsEncryptedDataEncodeBeforeData - set up encryption
387 SecCmsEncryptedDataEncodeBeforeData(SecCmsEncryptedDataRef encd
);
390 * SecCmsEncryptedDataEncodeAfterData - finalize this encryptedData for encoding
393 SecCmsEncryptedDataEncodeAfterData(SecCmsEncryptedDataRef encd
);
396 * SecCmsEncryptedDataDecodeBeforeData - find bulk key & set up decryption
399 SecCmsEncryptedDataDecodeBeforeData(SecCmsEncryptedDataRef encd
);
402 * SecCmsEncryptedDataDecodeAfterData - finish decrypting this encryptedData's content
405 SecCmsEncryptedDataDecodeAfterData(SecCmsEncryptedDataRef encd
);
408 * SecCmsEncryptedDataDecodeAfterEnd - finish decoding this encryptedData
411 SecCmsEncryptedDataDecodeAfterEnd(SecCmsEncryptedDataRef encd
);
414 /************************************************************************
415 * cmsdigdata.c - CMS encryptedData methods
416 ************************************************************************/
419 * SecCmsDigestedDataEncodeBeforeStart - do all the necessary things to a DigestedData
420 * before encoding begins.
423 * - set the right version number. The contentInfo's content type must be set up already.
426 SecCmsDigestedDataEncodeBeforeStart(SecCmsDigestedDataRef digd
);
429 * SecCmsDigestedDataEncodeBeforeData - do all the necessary things to a DigestedData
430 * before the encapsulated data is passed through the encoder.
433 * - set up the digests if necessary
436 SecCmsDigestedDataEncodeBeforeData(SecCmsDigestedDataRef digd
);
439 * SecCmsDigestedDataEncodeAfterData - do all the necessary things to a DigestedData
440 * after all the encapsulated data was passed through the encoder.
443 * - finish the digests
446 SecCmsDigestedDataEncodeAfterData(SecCmsDigestedDataRef digd
);
449 * SecCmsDigestedDataDecodeBeforeData - do all the necessary things to a DigestedData
450 * before the encapsulated data is passed through the encoder.
453 * - set up the digests if necessary
456 SecCmsDigestedDataDecodeBeforeData(SecCmsDigestedDataRef digd
);
459 * SecCmsDigestedDataDecodeAfterData - do all the necessary things to a DigestedData
460 * after all the encapsulated data was passed through the encoder.
463 * - finish the digests
466 SecCmsDigestedDataDecodeAfterData(SecCmsDigestedDataRef digd
);
469 * SecCmsDigestedDataDecodeAfterEnd - finalize a digestedData.
472 * - check the digests for equality
475 SecCmsDigestedDataDecodeAfterEnd(SecCmsDigestedDataRef digd
);
478 /************************************************************************
479 * cmsdigest.c - CMS encryptedData methods
480 ************************************************************************/
483 * SecCmsDigestContextStartSingle - same as SecCmsDigestContextStartMultiple, but
484 * only one algorithm.
486 extern SecCmsDigestContextRef
487 SecCmsDigestContextStartSingle(SECAlgorithmID
*digestalg
);
490 * SecCmsDigestContextFinishSingle - same as SecCmsDigestContextFinishMultiple,
491 * but for one digest.
494 SecCmsDigestContextFinishSingle(SecCmsDigestContextRef cmsdigcx
, SecArenaPoolRef arena
,
495 CSSM_DATA_PTR digest
);
498 /************************************************************************/
501 #endif /* _CMSPRIV_H_ */