X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e3d460c9de4426da6c630c3ae3f46173a99f82d8..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_cms/lib/CMSPrivate.h

diff --git a/OSX/libsecurity_cms/lib/CMSPrivate.h b/OSX/libsecurity_cms/lib/CMSPrivate.h
index b61296b2..d951d912 100644
--- a/OSX/libsecurity_cms/lib/CMSPrivate.h
+++ b/OSX/libsecurity_cms/lib/CMSPrivate.h
@@ -92,6 +92,26 @@ OSStatus CMSEncoderSetAppleCodesigningHashAgility(
         CMSEncoderRef   cmsEncoder,
         CFDataRef       hashAgilityAttrValue);
 
+/*
+ * Set the hash agility attribute for a CMSEncoder.
+ * This is only used if the kCMSAttrAppleCodesigningHashAgilityV2 attribute
+ * is included. V2 encodes the hash agility values using DER.
+ * The dictionary should have CFNumberRef keys, corresponding to SECOidTags
+ * (from SecCmsBase.h) for digest algorithms, and CFDataRef values,
+ * corresponding to the digest value for that digest algorithm.
+ */
+OSStatus CMSEncoderSetAppleCodesigningHashAgilityV2(
+    CMSEncoderRef       cmsEncoder,
+    CFDictionaryRef     hashAgilityV2AttrValues);
+
+/*
+ * Set the expiration time for a CMSEncoder.
+ * This is only used if the kCMSAttrAppleExpirationTime attribute is included.
+ */
+OSStatus CMSEncoderSetAppleExpirationTime(
+                                          CMSEncoderRef        cmsEncoder,
+                                          CFAbsoluteTime        time);
+
 void
 CmsMessageSetTSAContext(CMSEncoderRef cmsEncoder, CFTypeRef tsaContext);
 
@@ -147,6 +167,34 @@ OSStatus CMSDecoderCopySignerAppleCodesigningHashAgility(
     CMSDecoderRef		cmsDecoder,
     size_t				signerIndex,            /* usually 0 */
     CFDataRef  CF_RETURNS_RETAINED *hashAgilityAttrValue);		/* RETURNED */
+
+/*
+ * Obtain the Hash Agility v2 attribute value of signer 'signerIndex'
+ * of a CMS message, if present. V2 encodes the hash agility values using DER.
+ *
+ * Returns errSecParam if the CMS message was not signed or if signerIndex
+ * is greater than the number of signers of the message minus one.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerAppleCodesigningHashAgilityV2(
+    CMSDecoderRef                           cmsDecoder,
+    size_t                                  signerIndex,            /* usually 0 */
+    CFDictionaryRef CF_RETURNS_RETAINED *   hashAgilityAttrValues);   /* RETURNED */
+
+/*
+ * Obtain the expiration time of signer 'signerIndex' of a CMS message, if
+ * present. This is part of the signed attributes of the message.
+ *
+ * Returns errSecParam if the CMS message was not signed or if signerIndex
+ * is greater than the number of signers of the message minus one.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerAppleExpirationTime(
+                                                 CMSDecoderRef      cmsDecoder,
+                                                 size_t             signerIndex,
+                                                 CFAbsoluteTime     *expirationTime);            /* RETURNED */
 	
 #ifdef __cplusplus
 }