Security-58286.260.20.tar.gz

[apple/security.git] / OSX / libsecurity_cms / lib / CMSPrivate.h

diff --git a/OSX/libsecurity_cms/lib/CMSPrivate.h b/OSX/libsecurity_cms/lib/CMSPrivate.h
index b61296b24c9fa86ccb9427f827a45124461cfbca..d951d912bb3a05af0647f0632b9155bffdd21af8 100644 (file)
--- a/OSX/libsecurity_cms/lib/CMSPrivate.h
+++ b/OSX/libsecurity_cms/lib/CMSPrivate.h
@@ -92,6 +92,26 @@ OSStatus CMSEncoderSetAppleCodesigningHashAgility(
         CMSEncoderRef   cmsEncoder,
         CFDataRef       hashAgilityAttrValue);
 
+/*
+ * Set the hash agility attribute for a CMSEncoder.
+ * This is only used if the kCMSAttrAppleCodesigningHashAgilityV2 attribute
+ * is included. V2 encodes the hash agility values using DER.
+ * The dictionary should have CFNumberRef keys, corresponding to SECOidTags
+ * (from SecCmsBase.h) for digest algorithms, and CFDataRef values,
+ * corresponding to the digest value for that digest algorithm.
+ */
+OSStatus CMSEncoderSetAppleCodesigningHashAgilityV2(
+    CMSEncoderRef       cmsEncoder,
+    CFDictionaryRef     hashAgilityV2AttrValues);
+
+/*
+ * Set the expiration time for a CMSEncoder.
+ * This is only used if the kCMSAttrAppleExpirationTime attribute is included.
+ */
+OSStatus CMSEncoderSetAppleExpirationTime(
+                                          CMSEncoderRef        cmsEncoder,
+                                          CFAbsoluteTime        time);
+
 void
 CmsMessageSetTSAContext(CMSEncoderRef cmsEncoder, CFTypeRef tsaContext);
 
@@ -147,6 +167,34 @@ OSStatus CMSDecoderCopySignerAppleCodesigningHashAgility(
     CMSDecoderRef              cmsDecoder,
     size_t                             signerIndex,            /* usually 0 */
     CFDataRef  CF_RETURNS_RETAINED *hashAgilityAttrValue);             /* RETURNED */
+
+/*
+ * Obtain the Hash Agility v2 attribute value of signer 'signerIndex'
+ * of a CMS message, if present. V2 encodes the hash agility values using DER.
+ *
+ * Returns errSecParam if the CMS message was not signed or if signerIndex
+ * is greater than the number of signers of the message minus one.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerAppleCodesigningHashAgilityV2(
+    CMSDecoderRef                           cmsDecoder,
+    size_t                                  signerIndex,            /* usually 0 */
+    CFDictionaryRef CF_RETURNS_RETAINED *   hashAgilityAttrValues);   /* RETURNED */
+
+/*
+ * Obtain the expiration time of signer 'signerIndex' of a CMS message, if
+ * present. This is part of the signed attributes of the message.
+ *
+ * Returns errSecParam if the CMS message was not signed or if signerIndex
+ * is greater than the number of signers of the message minus one.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerAppleExpirationTime(
+                                                 CMSDecoderRef      cmsDecoder,
+                                                 size_t             signerIndex,
+                                                 CFAbsoluteTime     *expirationTime);            /* RETURNED */
        
 #ifdef __cplusplus
 }