1/* 2 * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/*! 25 @header SecCmsSignedData.h 26 @Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved. 27 28 @availability 10.4 and later 29 @abstract Interfaces of the CMS implementation. 30 @discussion The functions here implement functions for encoding 31 and decoding Cryptographic Message Syntax (CMS) objects 32 as described in rfc3369. 33 */ 34 35#ifndef _SECURITY_SECCMSSIGNEDDATA_H_ 36#define _SECURITY_SECCMSSIGNEDDATA_H_ 1 37 38#include <Security/SecCmsBase.h> 39#include <Security/SecTrust.h> 40 41 42#if defined(__cplusplus) 43extern "C" { 44#endif 45 46/*! 47 @function 48 @abstract Create a new SecCmsSignedData object. 49 @param cmsg Pointer to a SecCmsMessage in which this SecCmsSignedData 50 should be created. 51 */ 52extern SecCmsSignedDataRef 53SecCmsSignedDataCreate(SecCmsMessageRef cmsg); 54 55/*! 56 @function 57 */ 58extern void 59SecCmsSignedDataDestroy(SecCmsSignedDataRef sigd); 60 61/*! 62 @function 63 @abstract Retrieve the SignedData's signer list. 64 */ 65extern SecCmsSignerInfoRef * 66SecCmsSignedDataGetSignerInfos(SecCmsSignedDataRef sigd); 67 68/*! 69 @function 70 */ 71extern int 72SecCmsSignedDataSignerInfoCount(SecCmsSignedDataRef sigd); 73 74/*! 75 @function 76 */ 77extern SecCmsSignerInfoRef 78SecCmsSignedDataGetSignerInfo(SecCmsSignedDataRef sigd, int i); 79 80/*! 81 @function 82 @abstract Retrieve the SignedData's digest algorithm list. 83 */ 84extern SECAlgorithmID ** 85SecCmsSignedDataGetDigestAlgs(SecCmsSignedDataRef sigd); 86 87/*! 88 @function 89 @abstract Return pointer to this signedData's contentinfo. 90 */ 91extern SecCmsContentInfoRef 92SecCmsSignedDataGetContentInfo(SecCmsSignedDataRef sigd); 93 94/*! 95 @function 96 @discussion XXX Should be obsoleted. 97 */ 98extern OSStatus 99SecCmsSignedDataImportCerts(SecCmsSignedDataRef sigd, SecKeychainRef keychain, 100 SECCertUsage certusage, Boolean keepcerts); 101 102/*! 103 @function 104 @abstract See if we have digests in place. 105 */ 106extern Boolean 107SecCmsSignedDataHasDigests(SecCmsSignedDataRef sigd); 108 109/*! 110 @function 111 @abstract Check the signatures. 112 @discussion The digests were either calculated during decoding (and are stored in the 113 signedData itself) or set after decoding using SecCmsSignedDataSetDigests. 114 115 The verification checks if the signing cert is valid and has a trusted chain 116 for the purpose specified by "policies". 117 118 If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly. 119 Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate(). 120 */ 121extern OSStatus 122SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, SecKeychainRef keychainOrArray, 123 CFTypeRef policies, SecTrustRef *trustRef); 124 125/*! 126 @function 127 @abstract Verify the certs in a certs-only message. 128*/ 129extern OSStatus 130SecCmsSignedDataVerifyCertsOnly(SecCmsSignedDataRef sigd, 131 SecKeychainRef keychainOrArray, 132 CFTypeRef policies); 133 134/*! 135 @function 136 */ 137extern OSStatus 138SecCmsSignedDataAddCertList(SecCmsSignedDataRef sigd, CFArrayRef certlist); 139 140/*! 141 @function 142 @abstract Add cert and its entire chain to the set of certs. 143 */ 144extern OSStatus 145SecCmsSignedDataAddCertChain(SecCmsSignedDataRef sigd, SecCertificateRef cert); 146 147/*! 148 @function 149 */ 150extern OSStatus 151SecCmsSignedDataAddCertificate(SecCmsSignedDataRef sigd, SecCertificateRef cert); 152 153/*! 154 @function 155 */ 156extern Boolean 157SecCmsSignedDataContainsCertsOrCrls(SecCmsSignedDataRef sigd); 158 159/*! 160 @function 161 @abstract Retrieve the SignedData's certificate list. 162 */ 163extern CSSM_DATA_PTR * 164SecCmsSignedDataGetCertificateList(SecCmsSignedDataRef sigd); 165 166/*! 167 @function 168 */ 169extern OSStatus 170SecCmsSignedDataAddSignerInfo(SecCmsSignedDataRef sigd, 171 SecCmsSignerInfoRef signerinfo); 172 173/*! 174 @function 175 */ 176extern OSStatus 177SecCmsSignedDataSetDigests(SecCmsSignedDataRef sigd, 178 SECAlgorithmID **digestalgs, 179 CSSM_DATA_PTR *digests); 180 181/*! 182 @function 183 @abstract Create a certs-only SignedData. 184 @param cert Base certificate that will be included 185 @param include_chain If true, include the complete cert chain for cert. 186 @discussion More certs and chains can be added via AddCertificate and AddCertChain. 187 @result An error results in a return value of NULL and an error set. 188 */ 189extern SecCmsSignedDataRef 190SecCmsSignedDataCreateCertsOnly(SecCmsMessageRef cmsg, SecCertificateRef cert, Boolean include_chain); 191 192 193#if defined(__cplusplus) 194} 195#endif 196 197#endif /* _SECURITY_SECCMSSIGNEDDATA_H_ */ 198