OSX/libsecurity_smime/lib/SecCmsSignerInfo.h

   1 /*
   2  *  Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
   3  *
   4  *  @APPLE_LICENSE_HEADER_START@
   5  *
   6  *  This file contains Original Code and/or Modifications of Original Code
   7  *  as defined in and that are subject to the Apple Public Source License
   8  *  Version 2.0 (the 'License'). You may not use this file except in
   9  *  compliance with the License. Please obtain a copy of the License at
  10  *  http://www.opensource.apple.com/apsl/ and read it before using this
  11  *  file.
  12  *
  13  *  The Original Code and all software distributed under the License are
  14  *  distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  *  EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  *  INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  *  FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  *  Please see the License for the specific language governing rights and
  19  *  limitations under the License.
  20  *
  21  *  @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25     @header SecCmsSignerInfo.h
  26     @Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
  27
  28     @availability 10.4 and later
  29     @abstract Interfaces of the CMS implementation.
  30     @discussion The functions here implement functions for encoding
  31                 and decoding Cryptographic Message Syntax (CMS) objects
  32                 as described in rfc3369.
  33  */
  34
  35 #ifndef _SECURITY_SECCMSSIGNERINFO_H_
  36 #define _SECURITY_SECCMSSIGNERINFO_H_  1
  37
  38 #include <Security/SecCmsBase.h>
  39
  40 #include <Security/SecTrust.h>
  41 #include <CoreFoundation/CFDate.h>
  42
  43
  44 #if defined(__cplusplus)
  45 extern "C" {
  46 #endif
  47
  48 /*!
  49     @function
  50  */
  51 extern SecCmsSignerInfoRef
  52 SecCmsSignerInfoCreate(SecCmsMessageRef cmsg, SecIdentityRef identity, SECOidTag digestalgtag);
  53
  54 /*!
  55     @function
  56  */
  57 extern SecCmsSignerInfoRef
  58 SecCmsSignerInfoCreateWithSubjKeyID(SecCmsMessageRef cmsg, CSSM_DATA_PTR subjKeyID, SecPublicKeyRef pubKey, SecPrivateKeyRef signingKey, SECOidTag digestalgtag);
  59
  60 /*!
  61     @function
  62     @abstract Destroy a SignerInfo data structure.
  63  */
  64 extern void
  65 SecCmsSignerInfoDestroy(SecCmsSignerInfoRef si);
  66
  67 /*!
  68     @function
  69  */
  70 extern SecCmsVerificationStatus
  71 SecCmsSignerInfoGetVerificationStatus(SecCmsSignerInfoRef signerinfo);
  72
  73 /*!
  74     @function
  75  */
  76 extern OSStatus
  77 SecCmsSignerInfoVerifyUnAuthAttrs(SecCmsSignerInfoRef signerinfo);
  78
  79 /*!
  80     @function
  81  */
  82 extern OSStatus
  83 SecCmsSignerInfoVerifyUnAuthAttrsWithPolicy(SecCmsSignerInfoRef signerinfo,CFTypeRef timeStampPolicy);
  84
  85 /*!
  86     @function
  87  */
  88 extern CSSM_DATA *
  89 SecCmsSignerInfoGetEncDigest(SecCmsSignerInfoRef signerinfo);
  90
  91 /*!
  92     @function
  93  */
  94 extern SECOidData *
  95 SecCmsSignerInfoGetDigestAlg(SecCmsSignerInfoRef signerinfo);
  96
  97 /*!
  98     @function
  99  */
 100 extern SECOidTag
 101 SecCmsSignerInfoGetDigestAlgTag(SecCmsSignerInfoRef signerinfo);
 102
 103 /*!
 104     @function
 105  */
 106 extern CFArrayRef
 107 SecCmsSignerInfoGetCertList(SecCmsSignerInfoRef signerinfo);
 108
 109 /*!
 110     @function
 111  */
 112 extern CFArrayRef
 113 SecCmsSignerInfoGetTimestampCertList(SecCmsSignerInfoRef signerinfo);
 114
 115 /*!
 116     @function
 117     @abstract Return the signing time, in UTCTime format, of a CMS signerInfo.
 118     @param sinfo SignerInfo data for this signer.
 119     @discussion Returns a pointer to XXXX (what?)
 120     @result A return value of NULL is an error.
 121  */
 122 extern OSStatus
 123 SecCmsSignerInfoGetSigningTime(SecCmsSignerInfoRef sinfo, CFAbsoluteTime *stime);
 124
 125 /*!
 126     @function
 127     @abstract Return the timestamp time, in UTCTime format, of a CMS signerInfo.
 128     @param sinfo SignerInfo data for this signer.
 129     @discussion Returns a pointer to XXXX (what?)
 130     @result A return value of NULL is an error.
 131  */
 132 OSStatus
 133 SecCmsSignerInfoGetTimestampTime(SecCmsSignerInfoRef sinfo, CFAbsoluteTime *stime);
 134
 135 /*!
 136     @function
 137     @abstract Return the timestamp time, in UTCTime format, of a CMS signerInfo.
 138     @param sinfo SignerInfo data for this signer, timeStampPolicy the policy to verify the timestamp signer
 139     @discussion Returns a pointer to XXXX (what?)
 140     @result A return value of NULL is an error.
 141  */
 142 OSStatus
 143 SecCmsSignerInfoGetTimestampTimeWithPolicy(SecCmsSignerInfoRef sinfo, CFTypeRef timeStampPolicy, CFAbsoluteTime *stime);
 144
 145 /*!
 146     @function
 147     @abstract Return the data in the signed Codesigning Hash Agility attribute.
 148     @param sinfo SignerInfo data for this signer, pointer to a CFDataRef for attribute value
 149     @discussion Returns a CFDataRef containing the value of the attribute
 150     @result A return value of SECFailure is an error.
 151  */
 152 OSStatus
 153 SecCmsSignerInfoGetAppleCodesigningHashAgility(SecCmsSignerInfoRef sinfo, CFDataRef *sdata);
 154
 155 /*!
 156     @function
 157     @abstract Return the signing cert of a CMS signerInfo.
 158     @discussion The certs in the enclosing SignedData must have been imported already.
 159  */
 160 extern SecCertificateRef
 161 SecCmsSignerInfoGetSigningCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef keychainOrArray);
 162
 163 /*!
 164     @function
 165     @abstract Return the common name of the signer.
 166     @param sinfo SignerInfo data for this signer.
 167     @discussion Returns a CFStringRef containing the common name of the signer.
 168     @result A return value of NULL is an error.
 169  */
 170 extern CFStringRef
 171 SecCmsSignerInfoGetSignerCommonName(SecCmsSignerInfoRef sinfo);
 172
 173 /*!
 174     @function
 175     @abstract Return the email address of the signer
 176     @param sinfo SignerInfo data for this signer.
 177     @discussion Returns a CFStringRef containing the name of the signer.
 178     @result A return value of NULL is an error.
 179  */
 180 extern CFStringRef
 181 SecCmsSignerInfoGetSignerEmailAddress(SecCmsSignerInfoRef sinfo);
 182
 183 /*!
 184     @function
 185     @abstract Add the signing time to the authenticated (i.e. signed) attributes of "signerinfo".
 186     @discussion This is expected to be included in outgoing signed
 187                 messages for email (S/MIME) but is likely useful in other situations.
 188
 189                 This should only be added once; a second call will do nothing.
 190
 191                 XXX This will probably just shove the current time into "signerinfo"
 192                 but it will not actually get signed until the entire item is
 193                 processed for encoding.  Is this (expected to be small) delay okay?
 194  */
 195 extern OSStatus
 196 SecCmsSignerInfoAddSigningTime(SecCmsSignerInfoRef signerinfo, CFAbsoluteTime t);
 197
 198 /*!
 199     @function
 200     @abstract Add a SMIMECapabilities attribute to the authenticated (i.e. signed) attributes of "signerinfo".
 201     @discussion This is expected to be included in outgoing signed messages for email (S/MIME).
 202  */
 203 extern OSStatus
 204 SecCmsSignerInfoAddSMIMECaps(SecCmsSignerInfoRef signerinfo);
 205
 206 /*!
 207     @function
 208     @abstract Add a SMIMEEncryptionKeyPreferences attribute to the authenticated (i.e. signed) attributes of "signerinfo".
 209     @discussion This is expected to be included in outgoing signed messages for email (S/MIME).
 210  */
 211 OSStatus
 212 SecCmsSignerInfoAddSMIMEEncKeyPrefs(SecCmsSignerInfoRef signerinfo, SecCertificateRef cert, SecKeychainRef keychainOrArray);
 213
 214 /*!
 215     @function
 216     @abstract Add a SMIMEEncryptionKeyPreferences attribute to the authenticated (i.e. signed) attributes of "signerinfo", using the OID prefered by Microsoft.
 217     @discussion This is expected to be included in outgoing signed messages for email (S/MIME), if compatibility with Microsoft mail clients is wanted.
 218  */
 219 OSStatus
 220 SecCmsSignerInfoAddMSSMIMEEncKeyPrefs(SecCmsSignerInfoRef signerinfo, SecCertificateRef cert, SecKeychainRef keychainOrArray);
 221
 222 /*!
 223     @function
 224     @abstract Create a timestamp unsigned attribute with a TimeStampToken.
 225  */
 226 OSStatus
 227 SecCmsSignerInfoAddTimeStamp(SecCmsSignerInfoRef signerinfo, CSSM_DATA *tstoken);
 228
 229 /*!
 230     @function
 231     @abstract Countersign a signerinfo.
 232  */
 233 extern OSStatus
 234 SecCmsSignerInfoAddCounterSignature(SecCmsSignerInfoRef signerinfo,
 235                                     SECOidTag digestalg, SecIdentityRef identity);
 236
 237 /*!
 238      @function
 239      @abstract Add the Apple Codesigning Hash Agility attribute to the authenticated (i.e. signed) attributes of "signerinfo".
 240      @discussion This is expected to be included in outgoing signed Apple code signatures.
 241  */
 242  OSStatus
 243  SecCmsSignerInfoAddAppleCodesigningHashAgility(SecCmsSignerInfoRef signerinfo, CFDataRef attrValue);
 244
 245 /*!
 246     @function
 247     @abstract The following needs to be done in the S/MIME layer code after signature of a signerinfo has been verified.
 248     @param signerinfo The SecCmsSignerInfo object for which we verified the signature.
 249     @result The preferred encryption certificate of the user who signed this message will be added to the users default Keychain and it will be marked as the preferred certificate to use when sending that person messages from now on.
 250  */
 251 extern OSStatus
 252 SecCmsSignerInfoSaveSMIMEProfile(SecCmsSignerInfoRef signerinfo);
 253
 254 /*!
 255     @function
 256     @abstract Set cert chain inclusion mode for this signer.
 257  */
 258 extern OSStatus
 259 SecCmsSignerInfoIncludeCerts(SecCmsSignerInfoRef signerinfo, SecCmsCertChainMode cm, SECCertUsage usage);
 260
 261 /*! @functiongroup CMS misc utility functions */
 262 /*!
 263     @function
 264     Convert a SecCmsVerificationStatus to a human readable string.
 265  */
 266 extern const char *
 267 SecCmsUtilVerificationStatusToString(SecCmsVerificationStatus vs);
 268
 269 /*
 270  * Preference domain and key for the Microsoft ECDSA compatibility flag.
 271  * Default if not present is TRUE, meaning we generate ECDSA-signed messages
 272  * which are compatible with Microsoft Entourage. FALSE means we adhere to
 273  * the spec (RFC 3278 section 2.1.1).
 274  */
 275 #define kMSCompatibilityDomain  "com.apple.security.smime"
 276 #define kMSCompatibilityMode    CFSTR("MSCompatibilityMode")
 277
 278 /*!
 279  @function SecCmsSignerInfoCopyCertFromEncryptionKeyPreference
 280  @abstract Copy the certificate specified in the encryption key preference.
 281  @param signerinfo The SecCmsSignerInfo object for which we verified the signature.
 282  @result The preferred encryption certificate of the user who signed this message, if found.
 283  @discussion This function should be called after the signer info has been verified.
 284  */
 285 SecCertificateRef SecCmsSignerInfoCopyCertFromEncryptionKeyPreference(SecCmsSignerInfoRef signerinfo);
 286
 287 #if defined(__cplusplus)
 288 }
 289 #endif
 290
 291 #endif /* _SECURITY_SECCMSSIGNERINFO_H_ */