2 * Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 @header SecCmsSignerInfo.h
26 @Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
28 @availability 10.4 and later
29 @abstract Interfaces of the CMS implementation.
30 @discussion The functions here implement functions for encoding
31 and decoding Cryptographic Message Syntax (CMS) objects
32 as described in rfc3369.
35 #ifndef _SECURITY_SECCMSSIGNERINFO_H_
36 #define _SECURITY_SECCMSSIGNERINFO_H_ 1
38 #include <Security/SecCmsBase.h>
40 #include <Security/SecTrust.h>
43 #if defined(__cplusplus)
50 extern SecCmsSignerInfoRef
51 SecCmsSignerInfoCreate(SecCmsMessageRef cmsg
, SecIdentityRef identity
, SECOidTag digestalgtag
);
56 extern SecCmsSignerInfoRef
57 SecCmsSignerInfoCreateWithSubjKeyID(SecCmsMessageRef cmsg
, CSSM_DATA_PTR subjKeyID
, SecPublicKeyRef pubKey
, SecPrivateKeyRef signingKey
, SECOidTag digestalgtag
);
61 @abstract Destroy a SignerInfo data structure.
64 SecCmsSignerInfoDestroy(SecCmsSignerInfoRef si
);
69 extern SecCmsVerificationStatus
70 SecCmsSignerInfoGetVerificationStatus(SecCmsSignerInfoRef signerinfo
);
76 SecCmsSignerInfoVerifyUnAuthAttrs(SecCmsSignerInfoRef signerinfo
);
82 SecCmsSignerInfoVerifyUnAuthAttrsWithPolicy(SecCmsSignerInfoRef signerinfo
,CFTypeRef timeStampPolicy
);
88 SecCmsSignerInfoGetEncDigest(SecCmsSignerInfoRef signerinfo
);
94 SecCmsSignerInfoGetDigestAlg(SecCmsSignerInfoRef signerinfo
);
100 SecCmsSignerInfoGetDigestAlgTag(SecCmsSignerInfoRef signerinfo
);
106 SecCmsSignerInfoGetCertList(SecCmsSignerInfoRef signerinfo
);
112 SecCmsSignerInfoGetTimestampCertList(SecCmsSignerInfoRef signerinfo
);
116 @abstract Return the signing time, in UTCTime format, of a CMS signerInfo.
117 @param sinfo SignerInfo data for this signer.
118 @discussion Returns a pointer to XXXX (what?)
119 @result A return value of NULL is an error.
122 SecCmsSignerInfoGetSigningTime(SecCmsSignerInfoRef sinfo
, CFAbsoluteTime
*stime
);
126 @abstract Return the timestamp time, in UTCTime format, of a CMS signerInfo.
127 @param sinfo SignerInfo data for this signer.
128 @discussion Returns a pointer to XXXX (what?)
129 @result A return value of NULL is an error.
132 SecCmsSignerInfoGetTimestampTime(SecCmsSignerInfoRef sinfo
, CFAbsoluteTime
*stime
);
136 @abstract Return the timestamp time, in UTCTime format, of a CMS signerInfo.
137 @param sinfo SignerInfo data for this signer, timeStampPolicy the policy to verify the timestamp signer
138 @discussion Returns a pointer to XXXX (what?)
139 @result A return value of NULL is an error.
142 SecCmsSignerInfoGetTimestampTimeWithPolicy(SecCmsSignerInfoRef sinfo
, CFTypeRef timeStampPolicy
, CFAbsoluteTime
*stime
);
146 @abstract Return the signing cert of a CMS signerInfo.
147 @discussion The certs in the enclosing SignedData must have been imported already.
149 extern SecCertificateRef
150 SecCmsSignerInfoGetSigningCertificate(SecCmsSignerInfoRef signerinfo
, SecKeychainRef keychainOrArray
);
154 @abstract Return the common name of the signer.
155 @param sinfo SignerInfo data for this signer.
156 @discussion Returns a CFStringRef containing the common name of the signer.
157 @result A return value of NULL is an error.
160 SecCmsSignerInfoGetSignerCommonName(SecCmsSignerInfoRef sinfo
);
164 @abstract Return the email address of the signer
165 @param sinfo SignerInfo data for this signer.
166 @discussion Returns a CFStringRef containing the name of the signer.
167 @result A return value of NULL is an error.
170 SecCmsSignerInfoGetSignerEmailAddress(SecCmsSignerInfoRef sinfo
);
174 @abstract Add the signing time to the authenticated (i.e. signed) attributes of "signerinfo".
175 @discussion This is expected to be included in outgoing signed
176 messages for email (S/MIME) but is likely useful in other situations.
178 This should only be added once; a second call will do nothing.
180 XXX This will probably just shove the current time into "signerinfo"
181 but it will not actually get signed until the entire item is
182 processed for encoding. Is this (expected to be small) delay okay?
185 SecCmsSignerInfoAddSigningTime(SecCmsSignerInfoRef signerinfo
, CFAbsoluteTime t
);
189 @abstract Add a SMIMECapabilities attribute to the authenticated (i.e. signed) attributes of "signerinfo".
190 @discussion This is expected to be included in outgoing signed messages for email (S/MIME).
193 SecCmsSignerInfoAddSMIMECaps(SecCmsSignerInfoRef signerinfo
);
197 @abstract Add a SMIMEEncryptionKeyPreferences attribute to the authenticated (i.e. signed) attributes of "signerinfo".
198 @discussion This is expected to be included in outgoing signed messages for email (S/MIME).
201 SecCmsSignerInfoAddSMIMEEncKeyPrefs(SecCmsSignerInfoRef signerinfo
, SecCertificateRef cert
, SecKeychainRef keychainOrArray
);
205 @abstract Add a SMIMEEncryptionKeyPreferences attribute to the authenticated (i.e. signed) attributes of "signerinfo", using the OID prefered by Microsoft.
206 @discussion This is expected to be included in outgoing signed messages for email (S/MIME), if compatibility with Microsoft mail clients is wanted.
209 SecCmsSignerInfoAddMSSMIMEEncKeyPrefs(SecCmsSignerInfoRef signerinfo
, SecCertificateRef cert
, SecKeychainRef keychainOrArray
);
213 @abstract Create a timestamp unsigned attribute with a TimeStampToken.
216 SecCmsSignerInfoAddTimeStamp(SecCmsSignerInfoRef signerinfo
, CSSM_DATA
*tstoken
);
220 @abstract Countersign a signerinfo.
223 SecCmsSignerInfoAddCounterSignature(SecCmsSignerInfoRef signerinfo
,
224 SECOidTag digestalg
, SecIdentityRef identity
);
228 @abstract The following needs to be done in the S/MIME layer code after signature of a signerinfo has been verified.
229 @param signerinfo The SecCmsSignerInfo object for which we verified the signature.
230 @result The preferred encryption certificate of the user who signed this message will be added to the users default Keychain and it will be marked as the preferred certificate to use when sending that person messages from now on.
233 SecCmsSignerInfoSaveSMIMEProfile(SecCmsSignerInfoRef signerinfo
);
237 @abstract Set cert chain inclusion mode for this signer.
240 SecCmsSignerInfoIncludeCerts(SecCmsSignerInfoRef signerinfo
, SecCmsCertChainMode cm
, SECCertUsage usage
);
242 /*! @functiongroup CMS misc utility functions */
245 Convert a SecCmsVerificationStatus to a human readable string.
248 SecCmsUtilVerificationStatusToString(SecCmsVerificationStatus vs
);
251 * Preference domain and key for the Microsoft ECDSA compatibility flag.
252 * Default if not present is TRUE, meaning we generate ECDSA-signed messages
253 * which are compatible with Microsoft Entourage. FALSE means we adhere to
254 * the spec (RFC 3278 section 2.1.1).
256 #define kMSCompatibilityDomain "com.apple.security.smime"
257 #define kMSCompatibilityMode CFSTR("MSCompatibilityMode")
259 #if defined(__cplusplus)
263 #endif /* _SECURITY_SECCMSSIGNERINFO_H_ */