-
Notifications
You must be signed in to change notification settings - Fork 0
/
cms.h
843 lines (707 loc) · 27.5 KB
/
cms.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/*
* Interfaces of the CMS implementation.
*/
#ifndef _CMS_H_
#define _CMS_H_
#include <SecurityNssSmime/cmst.h>
#include <CoreFoundation/CFDate.h>
#include <Security/SecTrust.h>
/************************************************************************/
SEC_BEGIN_PROTOS
/************************************************************************
* cmsdecode.c - CMS decoding
************************************************************************/
/*
* SecCmsDecoderStart - set up decoding of a DER-encoded CMS message
*
* "poolp" - pointer to arena for message, or NULL if new pool should be created
* "cb", "cb_arg" - callback function and argument for delivery of inner content
* inner content will be stored in the message if cb is NULL.
* "pwfn", pwfn_arg" - callback function for getting token password
* "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
*/
extern SecCmsDecoderContext *
SecCmsDecoderStart(PRArenaPool *poolp,
SecCmsContentCallback cb, void *cb_arg,
PK11PasswordFunc pwfn, void *pwfn_arg,
SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
/*
* SecCmsDecoderUpdate - feed DER-encoded data to decoder
*/
extern OSStatus
SecCmsDecoderUpdate(SecCmsDecoderContext *p7dcx, const char *buf, unsigned long len);
/*
* SecCmsDecoderCancel - cancel a decoding process
*/
extern void
SecCmsDecoderCancel(SecCmsDecoderContext *p7dcx);
/*
* SecCmsDecoderFinish - mark the end of inner content and finish decoding
*/
extern SecCmsMessage *
SecCmsDecoderFinish(SecCmsDecoderContext *p7dcx);
/*
* SecCmsMessageCreateFromDER - decode a CMS message from DER encoded data
*/
extern SecCmsMessage *
SecCmsMessageCreateFromDER(CSSM_DATA *DERmessage,
SecCmsContentCallback cb, void *cb_arg,
PK11PasswordFunc pwfn, void *pwfn_arg,
SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
/************************************************************************
* cmsencode.c - CMS encoding
************************************************************************/
/*
* SecCmsEncoderStart - set up encoding of a CMS message
*
* "cmsg" - message to encode
* "outputfn", "outputarg" - callback function for delivery of DER-encoded output
* will not be called if NULL.
* "dest" - if non-NULL, pointer to CSSM_DATA that will hold the DER-encoded output
* "destpoolp" - pool to allocate DER-encoded output in
* "pwfn", pwfn_arg" - callback function for getting token password
* "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
* "detached_digestalgs", "detached_digests" - digests from detached content
*/
extern SecCmsEncoderContext *
SecCmsEncoderStart(SecCmsMessage *cmsg,
SecCmsContentCallback outputfn, void *outputarg,
CSSM_DATA *dest, PLArenaPool *destpoolp,
PK11PasswordFunc pwfn, void *pwfn_arg,
SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
SECAlgorithmID **detached_digestalgs, CSSM_DATA **detached_digests);
/*
* SecCmsEncoderUpdate - take content data delivery from the user
*
* "p7ecx" - encoder context
* "data" - content data
* "len" - length of content data
*/
extern OSStatus
SecCmsEncoderUpdate(SecCmsEncoderContext *p7ecx, const char *data, unsigned long len);
/*
* SecCmsEncoderCancel - stop all encoding
*/
extern OSStatus
SecCmsEncoderCancel(SecCmsEncoderContext *p7ecx);
/*
* SecCmsEncoderFinish - signal the end of data
*
* we need to walk down the chain of encoders and the finish them from the innermost out
*/
extern OSStatus
SecCmsEncoderFinish(SecCmsEncoderContext *p7ecx);
/************************************************************************
* cmsmessage.c - CMS message object
************************************************************************/
/*
* SecCmsMessageCreate - create a CMS message object
*
* "poolp" - arena to allocate memory from, or NULL if new arena should be created
*/
extern SecCmsMessage *
SecCmsMessageCreate(PLArenaPool *poolp);
/*
* SecCmsMessageSetEncodingParams - set up a CMS message object for encoding or decoding
*
* "cmsg" - message object
* "pwfn", pwfn_arg" - callback function for getting token password
* "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
* "detached_digestalgs", "detached_digests" - digests from detached content
*
* used internally.
*/
extern void
SecCmsMessageSetEncodingParams(SecCmsMessage *cmsg,
PK11PasswordFunc pwfn, void *pwfn_arg,
SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
SECAlgorithmID **detached_digestalgs, CSSM_DATA **detached_digests);
/*
* SecCmsMessageDestroy - destroy a CMS message and all of its sub-pieces.
*/
extern void
SecCmsMessageDestroy(SecCmsMessage *cmsg);
/*
* SecCmsMessageCopy - return a copy of the given message.
*
* The copy may be virtual or may be real -- either way, the result needs
* to be passed to SecCmsMessageDestroy later (as does the original).
*/
extern SecCmsMessage *
SecCmsMessageCopy(SecCmsMessage *cmsg);
/*
* SecCmsMessageGetArena - return a pointer to the message's arena pool
*/
extern PLArenaPool *
SecCmsMessageGetArena(SecCmsMessage *cmsg);
/*
* SecCmsMessageGetContentInfo - return a pointer to the top level contentInfo
*/
extern SecCmsContentInfo *
SecCmsMessageGetContentInfo(SecCmsMessage *cmsg);
/*
* Return a pointer to the actual content.
* In the case of those types which are encrypted, this returns the *plain* content.
* In case of nested contentInfos, this descends and retrieves the innermost content.
*/
extern CSSM_DATA *
SecCmsMessageGetContent(SecCmsMessage *cmsg);
/*
* SecCmsMessageContentLevelCount - count number of levels of CMS content objects in this message
*
* CMS data content objects do not count.
*/
extern int
SecCmsMessageContentLevelCount(SecCmsMessage *cmsg);
/*
* SecCmsMessageContentLevel - find content level #n
*
* CMS data content objects do not count.
*/
extern SecCmsContentInfo *
SecCmsMessageContentLevel(SecCmsMessage *cmsg, int n);
/*
* SecCmsMessageContainsCertsOrCrls - see if message contains certs along the way
*/
extern PRBool
SecCmsMessageContainsCertsOrCrls(SecCmsMessage *cmsg);
/*
* SecCmsMessageIsEncrypted - see if message contains a encrypted submessage
*/
extern PRBool
SecCmsMessageIsEncrypted(SecCmsMessage *cmsg);
/*
* SecCmsMessageIsSigned - see if message contains a signed submessage
*
* If the CMS message has a SignedData with a signature (not just a SignedData)
* return true; false otherwise. This can/should be called before calling
* VerifySignature, which will always indicate failure if no signature is
* present, but that does not mean there even was a signature!
* Note that the content itself can be empty (detached content was sent
* another way); it is the presence of the signature that matters.
*/
extern PRBool
SecCmsMessageIsSigned(SecCmsMessage *cmsg);
/*
* SecCmsMessageIsContentEmpty - see if content is empty
*
* returns PR_TRUE is innermost content length is < minLen
* XXX need the encrypted content length (why?)
*/
extern PRBool
SecCmsMessageIsContentEmpty(SecCmsMessage *cmsg, unsigned int minLen);
/************************************************************************
* cmscinfo.c - CMS contentInfo methods
************************************************************************/
/*
* SecCmsContentInfoDestroy - destroy a CMS contentInfo and all of its sub-pieces.
*/
extern void
SecCmsContentInfoDestroy(SecCmsContentInfo *cinfo);
/*
* SecCmsContentInfoGetChildContentInfo - get content's contentInfo (if it exists)
*/
extern SecCmsContentInfo *
SecCmsContentInfoGetChildContentInfo(SecCmsContentInfo *cinfo);
/*
* SecCmsContentInfoSetContent - set cinfo's content type & content to CMS object
*/
extern OSStatus
SecCmsContentInfoSetContent(SecCmsMessage *cmsg, SecCmsContentInfo *cinfo, SECOidTag type, void *ptr);
/*
* SecCmsContentInfoSetContentXXXX - typesafe wrappers for SecCmsContentInfoSetType
* set cinfo's content type & content to CMS object
*/
extern OSStatus
SecCmsContentInfoSetContentData(SecCmsMessage *cmsg, SecCmsContentInfo *cinfo, CSSM_DATA *data, PRBool detached);
extern OSStatus
SecCmsContentInfoSetContentSignedData(SecCmsMessage *cmsg, SecCmsContentInfo *cinfo, SecCmsSignedData *sigd);
extern OSStatus
SecCmsContentInfoSetContentEnvelopedData(SecCmsMessage *cmsg, SecCmsContentInfo *cinfo, SecCmsEnvelopedData *envd);
extern OSStatus
SecCmsContentInfoSetContentDigestedData(SecCmsMessage *cmsg, SecCmsContentInfo *cinfo, SecCmsDigestedData *digd);
extern OSStatus
SecCmsContentInfoSetContentEncryptedData(SecCmsMessage *cmsg, SecCmsContentInfo *cinfo, SecCmsEncryptedData *encd);
/*
* SecCmsContentInfoGetContent - get pointer to inner content
*
* needs to be casted...
*/
extern void *
SecCmsContentInfoGetContent(SecCmsContentInfo *cinfo);
/*
* SecCmsContentInfoGetInnerContent - get pointer to innermost content
*
* this is typically only called by SecCmsMessageGetContent()
*/
extern CSSM_DATA *
SecCmsContentInfoGetInnerContent(SecCmsContentInfo *cinfo);
/*
* SecCmsContentInfoGetContentType{Tag,OID} - find out (saving pointer to lookup result
* for future reference) and return the inner content type.
*/
extern SECOidTag
SecCmsContentInfoGetContentTypeTag(SecCmsContentInfo *cinfo);
extern CSSM_OID *
SecCmsContentInfoGetContentTypeOID(SecCmsContentInfo *cinfo);
/*
* SecCmsContentInfoGetContentEncAlgTag - find out (saving pointer to lookup result
* for future reference) and return the content encryption algorithm tag.
*/
extern SECOidTag
SecCmsContentInfoGetContentEncAlgTag(SecCmsContentInfo *cinfo);
/*
* SecCmsContentInfoGetContentEncAlg - find out and return the content encryption algorithm tag.
*/
extern SECAlgorithmID *
SecCmsContentInfoGetContentEncAlg(SecCmsContentInfo *cinfo);
extern OSStatus
SecCmsContentInfoSetContentEncAlg(PLArenaPool *poolp, SecCmsContentInfo *cinfo,
SECOidTag bulkalgtag, CSSM_DATA *parameters, int keysize);
extern OSStatus
SecCmsContentInfoSetContentEncAlgID(PLArenaPool *poolp, SecCmsContentInfo *cinfo,
SECAlgorithmID *algid, int keysize);
extern void
SecCmsContentInfoSetBulkKey(SecCmsContentInfo *cinfo, SecSymmetricKeyRef bulkkey);
extern SecSymmetricKeyRef
SecCmsContentInfoGetBulkKey(SecCmsContentInfo *cinfo);
extern int
SecCmsContentInfoGetBulkKeySize(SecCmsContentInfo *cinfo);
/************************************************************************
* cmsutil.c - CMS misc utility functions
************************************************************************/
extern const char *
SecCmsUtilVerificationStatusToString(SecCmsVerificationStatus vs);
/************************************************************************
* cmssigdata.c - CMS signedData methods
************************************************************************/
extern SecCmsSignedData *
SecCmsSignedDataCreate(SecCmsMessage *cmsg);
extern void
SecCmsSignedDataDestroy(SecCmsSignedData *sigd);
/*
* SecCmsSignedDataGetSignerInfos - retrieve the SignedData's signer list
*/
extern SecCmsSignerInfo **
SecCmsSignedDataGetSignerInfos(SecCmsSignedData *sigd);
extern int
SecCmsSignedDataSignerInfoCount(SecCmsSignedData *sigd);
extern SecCmsSignerInfo *
SecCmsSignedDataGetSignerInfo(SecCmsSignedData *sigd, int i);
/*
* SecCmsSignedDataGetDigestAlgs - retrieve the SignedData's digest algorithm list
*/
extern SECAlgorithmID **
SecCmsSignedDataGetDigestAlgs(SecCmsSignedData *sigd);
/*
* SecCmsSignedDataGetContentInfo - return pointer to this signedData's contentinfo
*/
extern SecCmsContentInfo *
SecCmsSignedDataGetContentInfo(SecCmsSignedData *sigd);
/*
* SecCmsSignedDataGetCertificateList - retrieve the SignedData's certificate list
*/
extern CSSM_DATA **
SecCmsSignedDataGetCertificateList(SecCmsSignedData *sigd);
extern OSStatus
SecCmsSignedDataImportCerts(SecCmsSignedData *sigd, SecKeychainRef keychain,
SECCertUsage certusage, PRBool keepcerts);
/*
* SecCmsSignedDataHasDigests - see if we have digests in place
*/
extern PRBool
SecCmsSignedDataHasDigests(SecCmsSignedData *sigd);
/*
* SecCmsSignedDataVerifySignerInfo - check the signatures.
*
* The digests were either calculated during decoding (and are stored in the
* signedData itself) or set after decoding using SecCmsSignedDataSetDigests.
*
* The verification checks if the signing cert is valid and has a trusted chain
* for the purpose specified by "policies".
*
* If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly.
* Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate().
*/
extern OSStatus
SecCmsSignedDataVerifySignerInfo(SecCmsSignedData *sigd, int i, SecKeychainRef keychainOrArray,
CFTypeRef policies, SecTrustRef *trustRef);
/*
* SecCmsSignedDataVerifyCertsOnly - verify the certs in a certs-only message
*/
extern OSStatus
SecCmsSignedDataVerifyCertsOnly(SecCmsSignedData *sigd,
SecKeychainRef keychainOrArray,
CFTypeRef policies);
extern OSStatus
SecCmsSignedDataAddCertList(SecCmsSignedData *sigd, CFArrayRef certlist);
/*
* SecCmsSignedDataAddCertChain - add cert and its entire chain to the set of certs
*/
extern OSStatus
SecCmsSignedDataAddCertChain(SecCmsSignedData *sigd, SecCertificateRef cert);
extern OSStatus
SecCmsSignedDataAddCertificate(SecCmsSignedData *sigd, SecCertificateRef cert);
extern PRBool
SecCmsSignedDataContainsCertsOrCrls(SecCmsSignedData *sigd);
extern OSStatus
SecCmsSignedDataAddSignerInfo(SecCmsSignedData *sigd,
SecCmsSignerInfo *signerinfo);
extern CSSM_DATA *
SecCmsSignedDataGetDigestByAlgTag(SecCmsSignedData *sigd, SECOidTag algtag);
extern OSStatus
SecCmsSignedDataSetDigests(SecCmsSignedData *sigd,
SECAlgorithmID **digestalgs,
CSSM_DATA **digests);
extern OSStatus
SecCmsSignedDataSetDigestValue(SecCmsSignedData *sigd,
SECOidTag digestalgtag,
CSSM_DATA *digestdata);
extern OSStatus
SecCmsSignedDataAddDigest(PRArenaPool *poolp,
SecCmsSignedData *sigd,
SECOidTag digestalgtag,
CSSM_DATA *digest);
extern CSSM_DATA *
SecCmsSignedDataGetDigestValue(SecCmsSignedData *sigd, SECOidTag digestalgtag);
/*
* SecCmsSignedDataCreateCertsOnly - create a certs-only SignedData.
*
* cert - base certificates that will be included
* include_chain - if true, include the complete cert chain for cert
*
* More certs and chains can be added via AddCertificate and AddCertChain.
*
* An error results in a return value of NULL and an error set.
*/
extern SecCmsSignedData *
SecCmsSignedDataCreateCertsOnly(SecCmsMessage *cmsg, SecCertificateRef cert, PRBool include_chain);
/************************************************************************
* cmssiginfo.c - signerinfo methods
************************************************************************/
extern SecCmsSignerInfo *
SecCmsSignerInfoCreate(SecCmsMessage *cmsg, SecIdentityRef identity, SECOidTag digestalgtag);
extern SecCmsSignerInfo *
SecCmsSignerInfoCreateWithSubjKeyID(SecCmsMessage *cmsg, CSSM_DATA *subjKeyID, SecPublicKeyRef pubKey, SecPrivateKeyRef signingKey, SECOidTag digestalgtag);
/*
* SecCmsSignerInfoDestroy - destroy a SignerInfo data structure
*/
extern void
SecCmsSignerInfoDestroy(SecCmsSignerInfo *si);
/*
* SecCmsSignerInfoSign - sign something
*
*/
extern OSStatus
SecCmsSignerInfoSign(SecCmsSignerInfo *signerinfo, CSSM_DATA *digest, CSSM_DATA *contentType);
/*
* If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly.
* Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate().
*/
extern OSStatus
SecCmsSignerInfoVerifyCertificate(SecCmsSignerInfo *signerinfo, SecKeychainRef keychainOrArray,
CFTypeRef policies, SecTrustRef *trustRef);
/*
* SecCmsSignerInfoVerify - verify the signature of a single SignerInfo
*
* Just verifies the signature. The assumption is that verification of the certificate
* is done already.
*/
extern OSStatus
SecCmsSignerInfoVerify(SecCmsSignerInfo *signerinfo, CSSM_DATA *digest, CSSM_DATA *contentType);
extern SecCmsVerificationStatus
SecCmsSignerInfoGetVerificationStatus(SecCmsSignerInfo *signerinfo);
extern SECOidData *
SecCmsSignerInfoGetDigestAlg(SecCmsSignerInfo *signerinfo);
extern SECOidTag
SecCmsSignerInfoGetDigestAlgTag(SecCmsSignerInfo *signerinfo);
extern int
SecCmsSignerInfoGetVersion(SecCmsSignerInfo *signerinfo);
extern CFArrayRef
SecCmsSignerInfoGetCertList(SecCmsSignerInfo *signerinfo);
/*
* SecCmsSignerInfoGetSigningTime - return the signing time,
* in UTCTime format, of a CMS signerInfo.
*
* sinfo - signerInfo data for this signer
*
* Returns a pointer to XXXX (what?)
* A return value of NULL is an error.
*/
extern OSStatus
SecCmsSignerInfoGetSigningTime(SecCmsSignerInfo *sinfo, CFAbsoluteTime *stime);
/*
* Return the signing cert of a CMS signerInfo.
*
* the certs in the enclosing SignedData must have been imported already
*/
extern SecCertificateRef
SecCmsSignerInfoGetSigningCertificate(SecCmsSignerInfo *signerinfo, SecKeychainRef keychainOrArray);
/*
* SecCmsSignerInfoGetSignerCommonName - return the common name of the signer
*
* sinfo - signerInfo data for this signer
*
* Returns a CFStringRef containing the common name of the signer.
* A return value of NULL is an error.
*/
extern CFStringRef
SecCmsSignerInfoGetSignerCommonName(SecCmsSignerInfo *sinfo);
/*
* SecCmsSignerInfoGetSignerEmailAddress - return the email address of the signer
*
* sinfo - signerInfo data for this signer
*
* Returns a CFStringRef containing the name of the signer.
* A return value of NULL is an error.
*/
extern CFStringRef
SecCmsSignerInfoGetSignerEmailAddress(SecCmsSignerInfo *sinfo);
/*
* SecCmsSignerInfoAddAuthAttr - add an attribute to the
* authenticated (i.e. signed) attributes of "signerinfo".
*/
extern OSStatus
SecCmsSignerInfoAddAuthAttr(SecCmsSignerInfo *signerinfo, SecCmsAttribute *attr);
/*
* SecCmsSignerInfoAddUnauthAttr - add an attribute to the
* unauthenticated attributes of "signerinfo".
*/
extern OSStatus
SecCmsSignerInfoAddUnauthAttr(SecCmsSignerInfo *signerinfo, SecCmsAttribute *attr);
/*
* SecCmsSignerInfoAddSigningTime - add the signing time to the
* authenticated (i.e. signed) attributes of "signerinfo".
*
* This is expected to be included in outgoing signed
* messages for email (S/MIME) but is likely useful in other situations.
*
* This should only be added once; a second call will do nothing.
*
* XXX This will probably just shove the current time into "signerinfo"
* but it will not actually get signed until the entire item is
* processed for encoding. Is this (expected to be small) delay okay?
*/
extern OSStatus
SecCmsSignerInfoAddSigningTime(SecCmsSignerInfo *signerinfo, CFAbsoluteTime t);
/*
* SecCmsSignerInfoAddSMIMECaps - add a SMIMECapabilities attribute to the
* authenticated (i.e. signed) attributes of "signerinfo".
*
* This is expected to be included in outgoing signed
* messages for email (S/MIME).
*/
extern OSStatus
SecCmsSignerInfoAddSMIMECaps(SecCmsSignerInfo *signerinfo);
/*
* SecCmsSignerInfoAddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
* authenticated (i.e. signed) attributes of "signerinfo".
*
* This is expected to be included in outgoing signed messages for email (S/MIME).
*/
OSStatus
SecCmsSignerInfoAddSMIMEEncKeyPrefs(SecCmsSignerInfo *signerinfo, SecCertificateRef cert, SecKeychainRef keychainOrArray);
/*
* SecCmsSignerInfoAddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
* authenticated (i.e. signed) attributes of "signerinfo", using the OID prefered by Microsoft.
*
* This is expected to be included in outgoing signed messages for email (S/MIME),
* if compatibility with Microsoft mail clients is wanted.
*/
OSStatus
SecCmsSignerInfoAddMSSMIMEEncKeyPrefs(SecCmsSignerInfo *signerinfo, SecCertificateRef cert, SecKeychainRef keychainOrArray);
/*
* SecCmsSignerInfoAddCounterSignature - countersign a signerinfo
*/
extern OSStatus
SecCmsSignerInfoAddCounterSignature(SecCmsSignerInfo *signerinfo,
SECOidTag digestalg, SecIdentityRef identity);
/*
* XXXX the following needs to be done in the S/MIME layer code
* after signature of a signerinfo is verified
*/
extern OSStatus
SecCmsSignerInfoSaveSMIMEProfile(SecCmsSignerInfo *signerinfo);
/*
* SecCmsSignerInfoIncludeCerts - set cert chain inclusion mode for this signer
*/
extern OSStatus
SecCmsSignerInfoIncludeCerts(SecCmsSignerInfo *signerinfo, SecCmsCertChainMode cm, SECCertUsage usage);
/************************************************************************
* cmsenvdata.c - CMS envelopedData methods
************************************************************************/
/*
* SecCmsEnvelopedDataCreate - create an enveloped data message
*/
extern SecCmsEnvelopedData *
SecCmsEnvelopedDataCreate(SecCmsMessage *cmsg, SECOidTag algorithm, int keysize);
/*
* SecCmsEnvelopedDataDestroy - destroy an enveloped data message
*/
extern void
SecCmsEnvelopedDataDestroy(SecCmsEnvelopedData *edp);
/*
* SecCmsEnvelopedDataGetContentInfo - return pointer to this envelopedData's contentinfo
*/
extern SecCmsContentInfo *
SecCmsEnvelopedDataGetContentInfo(SecCmsEnvelopedData *envd);
/*
* SecCmsEnvelopedDataAddRecipient - add a recipientinfo to the enveloped data msg
*
* rip must be created on the same pool as edp - this is not enforced, though.
*/
extern OSStatus
SecCmsEnvelopedDataAddRecipient(SecCmsEnvelopedData *edp, SecCmsRecipientInfo *rip);
/************************************************************************
* cmsrecinfo.c - CMS recipientInfo methods
************************************************************************/
/*
* SecCmsRecipientInfoCreate - create a recipientinfo
*
* we currently do not create KeyAgreement recipientinfos with multiple recipientEncryptedKeys
* the certificate is supposed to have been verified by the caller
*/
extern SecCmsRecipientInfo *
SecCmsRecipientInfoCreate(SecCmsMessage *cmsg, SecCertificateRef cert);
extern SecCmsRecipientInfo *
SecCmsRecipientInfoCreateWithSubjKeyID(SecCmsMessage *cmsg,
CSSM_DATA *subjKeyID,
SecPublicKeyRef pubKey);
extern SecCmsRecipientInfo *
SecCmsRecipientInfoCreateWithSubjKeyIDFromCert(SecCmsMessage *cmsg,
SecCertificateRef cert);
extern void
SecCmsRecipientInfoDestroy(SecCmsRecipientInfo *ri);
/************************************************************************
* cmsencdata.c - CMS encryptedData methods
************************************************************************/
/*
* SecCmsEncryptedDataCreate - create an empty encryptedData object.
*
* "algorithm" specifies the bulk encryption algorithm to use.
* "keysize" is the key size.
*
* An error results in a return value of NULL and an error set.
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
extern SecCmsEncryptedData *
SecCmsEncryptedDataCreate(SecCmsMessage *cmsg, SECOidTag algorithm, int keysize);
/*
* SecCmsEncryptedDataDestroy - destroy an encryptedData object
*/
extern void
SecCmsEncryptedDataDestroy(SecCmsEncryptedData *encd);
/*
* SecCmsEncryptedDataGetContentInfo - return pointer to encryptedData object's contentInfo
*/
extern SecCmsContentInfo *
SecCmsEncryptedDataGetContentInfo(SecCmsEncryptedData *encd);
/************************************************************************
* cmsdigdata.c - CMS encryptedData methods
************************************************************************/
/*
* SecCmsDigestedDataCreate - create a digestedData object (presumably for encoding)
*
* version will be set by SecCmsDigestedDataEncodeBeforeStart
* digestAlg is passed as parameter
* contentInfo must be filled by the user
* digest will be calculated while encoding
*/
extern SecCmsDigestedData *
SecCmsDigestedDataCreate(SecCmsMessage *cmsg, SECAlgorithmID *digestalg);
/*
* SecCmsDigestedDataDestroy - destroy a digestedData object
*/
extern void
SecCmsDigestedDataDestroy(SecCmsDigestedData *digd);
/*
* SecCmsDigestedDataGetContentInfo - return pointer to digestedData object's contentInfo
*/
extern SecCmsContentInfo *
SecCmsDigestedDataGetContentInfo(SecCmsDigestedData *digd);
/************************************************************************
* cmsdigest.c - digestion routines
************************************************************************/
/*
* SecCmsDigestContextStartMultiple - start digest calculation using all the
* digest algorithms in "digestalgs" in parallel.
*/
extern SecCmsDigestContext *
SecCmsDigestContextStartMultiple(SECAlgorithmID **digestalgs);
/*
* SecCmsDigestContextStartSingle - same as SecCmsDigestContextStartMultiple, but
* only one algorithm.
*/
extern SecCmsDigestContext *
SecCmsDigestContextStartSingle(SECAlgorithmID *digestalg);
/*
* SecCmsDigestContextUpdate - feed more data into the digest machine
*/
extern void
SecCmsDigestContextUpdate(SecCmsDigestContext *cmsdigcx, const unsigned char *data, int len);
/*
* SecCmsDigestContextCancel - cancel digesting operation
*/
extern void
SecCmsDigestContextCancel(SecCmsDigestContext *cmsdigcx);
/*
* SecCmsDigestContextFinishMultiple - finish the digests and put them
* into an array of CSSM_DATAs (allocated on poolp)
*/
extern OSStatus
SecCmsDigestContextFinishMultiple(SecCmsDigestContext *cmsdigcx, PLArenaPool *poolp,
CSSM_DATA ***digestsp);
/*
* SecCmsDigestContextFinishSingle - same as SecCmsDigestContextFinishMultiple,
* but for one digest.
*/
extern OSStatus
SecCmsDigestContextFinishSingle(SecCmsDigestContext *cmsdigcx, PLArenaPool *poolp,
CSSM_DATA *digest);
/************************************************************************
*
************************************************************************/
/* shortcuts for basic use */
/*
* SecCmsDEREncode - DER Encode a CMS message, with input being
* the plaintext message and derOut being the output,
* stored in arena's pool.
*/
extern OSStatus
SecCmsDEREncode(SecCmsMessage *cmsg, CSSM_DATA *input, CSSM_DATA *derOut,
PLArenaPool *arena);
/************************************************************************/
SEC_END_PROTOS
#endif /* _CMS_H_ */