1/*
2 *  Copyright (c) 2004,2008,2010-2011 Apple Inc. All Rights Reserved.
3 *
4 *  @APPLE_LICENSE_HEADER_START@
5 *
6 *  This file contains Original Code and/or Modifications of Original Code
7 *  as defined in and that are subject to the Apple Public Source License
8 *  Version 2.0 (the 'License'). You may not use this file except in
9 *  compliance with the License. Please obtain a copy of the License at
10 *  http://www.opensource.apple.com/apsl/ and read it before using this
11 *  file.
12 *
13 *  The Original Code and all software distributed under the License are
14 *  distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 *  EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 *  INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 *  FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 *  Please see the License for the specific language governing rights and
19 *  limitations under the License.
20 *
21 *  @APPLE_LICENSE_HEADER_END@
22 */
23
24/*!
25    @header SecCmsBase.h
26    @Copyright (c) 2004,2008,2010-2011 Apple Inc. All Rights Reserved.
27
28    @availability 10.4 and later
29    @abstract Interfaces of the CMS implementation.
30    @discussion The functions here implement functions for encoding
31                and decoding Cryptographic Message Syntax (CMS) objects
32                as described in rfc3369.
33 */
34
35#ifndef _SECURITY_SECCMSBASE_H_
36#define _SECURITY_SECCMSBASE_H_  1
37
38#include <Security/SecKey.h>
39#include <Security/SecAsn1Types.h>
40
41#if !USE_CDSA_CRYPTO
42typedef CFTypeRef SecKeychainRef;
43#endif
44
45#if defined(__cplusplus)
46extern "C" {
47#endif
48
49/*!
50    @typedef
51    @discussion XXX We need to remove these from the API and move them back to secoidt.h.
52 */
53typedef struct SECOidDataStr SECOidData;
54
55/*!
56    @typedef
57    @discussion XXX We might want to get rid of this alltogether.
58 */
59typedef SecAsn1AlgId SECAlgorithmID;
60
61/*!
62    @typedef
63    @discussion XXX This should probably move to SecKey.h
64 */
65typedef void * SecSymmetricKeyRef;
66
67/*!
68    @typedef
69    @discussion XXX This should probably move to SecKey.h
70 */
71typedef SecKeyRef SecPublicKeyRef;
72
73/*!
74    @typedef
75    @discussion XXX This should probably move to SecKey.h
76 */
77typedef SecKeyRef SecPrivateKeyRef;
78
79/*!
80    @typedef
81 */
82typedef void(*PK11PasswordFunc)(void);
83
84/*!
85    @typedef
86 */
87typedef struct SecCmsMessageStr *SecCmsMessageRef;
88
89/*!
90    @typedef
91 */
92typedef struct SecCmsContentInfoStr *SecCmsContentInfoRef;
93
94/*!
95    @typedef
96 */
97typedef struct SecCmsSignedDataStr *SecCmsSignedDataRef;
98
99/*!
100    @typedef
101 */
102typedef struct SecCmsSignerInfoStr *SecCmsSignerInfoRef;
103
104/*!
105    @typedef
106 */
107typedef struct SecCmsEnvelopedDataStr *SecCmsEnvelopedDataRef;
108
109/*!
110    @typedef
111 */
112typedef struct SecCmsRecipientInfoStr *SecCmsRecipientInfoRef;
113
114/*!
115    @typedef
116 */
117typedef struct SecCmsDigestedDataStr *SecCmsDigestedDataRef;
118
119/*!
120    @typedef
121 */
122typedef struct SecCmsEncryptedDataStr *SecCmsEncryptedDataRef;
123
124/*!
125    @typedef
126 */
127typedef struct SecCmsDecoderStr *SecCmsDecoderRef;
128
129/*!
130    @typedef
131 */
132typedef struct SecCmsEncoderStr *SecCmsEncoderRef;
133
134/*!
135    @typedef
136 */
137typedef struct SecCmsDigestContextStr *SecCmsDigestContextRef;
138
139
140/*!
141     @typedef
142     @discussion Type of function passed to SecCmsDecode or SecCmsDecoderStart.
143     If specified, this is where the content bytes (only) will be "sent" as they are recovered during the decoding.
144     And:
145     Type of function passed to SecCmsEncode or SecCmsEncoderStart.
146     This is where the DER-encoded bytes will be "sent".
147
148     XXX Should just combine this with SecCmsEncoderContentCallback type and use a simpler, common name.
149 */
150typedef void (*SecCmsContentCallback)(void *arg, const char *buf, size_t len);
151
152/*!
153    @typedef
154    @discussion Type of function passed to SecCmsDecode or SecCmsDecoderStart to retrieve the decryption key.  This function is intended to be used for EncryptedData content info's which do not have a key available in a certificate, etc.
155 */
156typedef SecSymmetricKeyRef(*SecCmsGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);
157
158/*!
159    @enum SecCmsVerificationStatus
160 */
161typedef enum {
162    SecCmsVSUnverified = 0,
163    SecCmsVSGoodSignature = 1,
164    SecCmsVSBadSignature = 2,
165    SecCmsVSDigestMismatch = 3,
166    SecCmsVSSigningCertNotFound = 4,
167    SecCmsVSSigningCertNotTrusted = 5,
168    SecCmsVSSignatureAlgorithmUnknown = 6,
169    SecCmsVSSignatureAlgorithmUnsupported = 7,
170    SecCmsVSMalformedSignature = 8,
171    SecCmsVSProcessingError = 9
172} SecCmsVerificationStatus;
173
174/*!
175    @enum SecCmsCertChainMode
176 */
177typedef enum {
178    SecCmsCMNone = 0,
179    SecCmsCMCertOnly = 1,
180    SecCmsCMCertChain = 2,
181    SecCmsCMCertChainWithRoot = 3
182} SecCmsCertChainMode;
183
184/*!
185    @enum
186    @discussion XXX This should be replaced with SecPolicyRefs
187 */
188typedef enum SECCertUsageEnum {
189    certUsageSSLClient = 0,
190    certUsageSSLServer = 1,
191    certUsageSSLServerWithStepUp = 2,
192    certUsageSSLCA = 3,
193    certUsageEmailSigner = 4,
194    certUsageEmailRecipient = 5,
195    certUsageObjectSigner = 6,
196    certUsageUserCertImport = 7,
197    certUsageVerifyCA = 8,
198    certUsageProtectedObjectSigner = 9,
199    certUsageStatusResponder = 10,
200    certUsageAnyCA = 11
201} SECCertUsage;
202
203
204/*!
205    @enum SECOidTag
206    @abstract Misc object IDs - these numbers are for convenient handling.
207    @discussion They are mapped into real object IDs
208    NOTE: the order of these entries must mach the array "oids" of SECOidData in util/secoid.c.
209 */
210typedef enum {
211    SEC_OID_UNKNOWN = 0,
212    SEC_OID_MD2 = 1,
213    SEC_OID_MD4 = 2,
214    SEC_OID_MD5 = 3,
215    SEC_OID_SHA1 = 4,
216    SEC_OID_RC2_CBC = 5,
217    SEC_OID_RC4 = 6,
218    SEC_OID_DES_EDE3_CBC = 7,
219    SEC_OID_RC5_CBC_PAD = 8,
220    SEC_OID_DES_ECB = 9,
221    SEC_OID_DES_CBC = 10,
222    SEC_OID_DES_OFB = 11,
223    SEC_OID_DES_CFB = 12,
224    SEC_OID_DES_MAC = 13,
225    SEC_OID_DES_EDE = 14,
226    SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE = 15,
227    SEC_OID_PKCS1_RSA_ENCRYPTION = 16,
228    SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION = 17,
229    SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION = 18,
230    SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION = 19,
231    SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION = 20,
232    SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC = 21,
233    SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC = 22,
234    SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC = 23,
235    SEC_OID_PKCS7 = 24,
236    SEC_OID_PKCS7_DATA = 25,
237    SEC_OID_PKCS7_SIGNED_DATA = 26,
238    SEC_OID_PKCS7_ENVELOPED_DATA = 27,
239    SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA = 28,
240    SEC_OID_PKCS7_DIGESTED_DATA = 29,
241    SEC_OID_PKCS7_ENCRYPTED_DATA = 30,
242    SEC_OID_PKCS9_EMAIL_ADDRESS = 31,
243    SEC_OID_PKCS9_UNSTRUCTURED_NAME = 32,
244    SEC_OID_PKCS9_CONTENT_TYPE = 33,
245    SEC_OID_PKCS9_MESSAGE_DIGEST = 34,
246    SEC_OID_PKCS9_SIGNING_TIME = 35,
247    SEC_OID_PKCS9_COUNTER_SIGNATURE = 36,
248    SEC_OID_PKCS9_CHALLENGE_PASSWORD = 37,
249    SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS = 38,
250    SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES = 39,
251    SEC_OID_PKCS9_SMIME_CAPABILITIES = 40,
252    SEC_OID_AVA_COMMON_NAME = 41,
253    SEC_OID_AVA_COUNTRY_NAME = 42,
254    SEC_OID_AVA_LOCALITY = 43,
255    SEC_OID_AVA_STATE_OR_PROVINCE = 44,
256    SEC_OID_AVA_ORGANIZATION_NAME = 45,
257    SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME = 46,
258    SEC_OID_AVA_DN_QUALIFIER = 47,
259    SEC_OID_AVA_DC = 48,
260
261    SEC_OID_NS_TYPE_GIF = 49,
262    SEC_OID_NS_TYPE_JPEG = 50,
263    SEC_OID_NS_TYPE_URL = 51,
264    SEC_OID_NS_TYPE_HTML = 52,
265    SEC_OID_NS_TYPE_CERT_SEQUENCE = 53,
266    SEC_OID_MISSI_KEA_DSS_OLD = 54,
267    SEC_OID_MISSI_DSS_OLD = 55,
268    SEC_OID_MISSI_KEA_DSS = 56,
269    SEC_OID_MISSI_DSS = 57,
270    SEC_OID_MISSI_KEA = 58,
271    SEC_OID_MISSI_ALT_KEA = 59,
272
273    /* Netscape private certificate extensions */
274    SEC_OID_NS_CERT_EXT_NETSCAPE_OK = 60,
275    SEC_OID_NS_CERT_EXT_ISSUER_LOGO = 61,
276    SEC_OID_NS_CERT_EXT_SUBJECT_LOGO = 62,
277    SEC_OID_NS_CERT_EXT_CERT_TYPE = 63,
278    SEC_OID_NS_CERT_EXT_BASE_URL = 64,
279    SEC_OID_NS_CERT_EXT_REVOCATION_URL = 65,
280    SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL = 66,
281    SEC_OID_NS_CERT_EXT_CA_CRL_URL = 67,
282    SEC_OID_NS_CERT_EXT_CA_CERT_URL = 68,
283    SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 69,
284    SEC_OID_NS_CERT_EXT_CA_POLICY_URL = 70,
285    SEC_OID_NS_CERT_EXT_HOMEPAGE_URL = 71,
286    SEC_OID_NS_CERT_EXT_ENTITY_LOGO = 72,
287    SEC_OID_NS_CERT_EXT_USER_PICTURE = 73,
288    SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME = 74,
289    SEC_OID_NS_CERT_EXT_COMMENT = 75,
290    SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL = 76,
291    SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME = 77,
292    SEC_OID_NS_KEY_USAGE_GOVT_APPROVED = 78,
293
294    /* x.509 v3 Extensions */
295    SEC_OID_X509_SUBJECT_DIRECTORY_ATTR = 79,
296    SEC_OID_X509_SUBJECT_KEY_ID = 80,
297    SEC_OID_X509_KEY_USAGE = 81,
298    SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 82,
299    SEC_OID_X509_SUBJECT_ALT_NAME = 83,
300    SEC_OID_X509_ISSUER_ALT_NAME = 84,
301    SEC_OID_X509_BASIC_CONSTRAINTS = 85,
302    SEC_OID_X509_NAME_CONSTRAINTS = 86,
303    SEC_OID_X509_CRL_DIST_POINTS = 87,
304    SEC_OID_X509_CERTIFICATE_POLICIES = 88,
305    SEC_OID_X509_POLICY_MAPPINGS = 89,
306    SEC_OID_X509_POLICY_CONSTRAINTS = 90,
307    SEC_OID_X509_AUTH_KEY_ID = 91,
308    SEC_OID_X509_EXT_KEY_USAGE = 92,
309    SEC_OID_X509_AUTH_INFO_ACCESS = 93,
310
311    SEC_OID_X509_CRL_NUMBER = 94,
312    SEC_OID_X509_REASON_CODE = 95,
313    SEC_OID_X509_INVALID_DATE = 96,
314    /* End of x.509 v3 Extensions */
315
316    SEC_OID_X500_RSA_ENCRYPTION = 97,
317
318    /* alg 1485 additions */
319    SEC_OID_RFC1274_UID = 98,
320    SEC_OID_RFC1274_MAIL = 99,
321
322    /* PKCS 12 additions */
323    SEC_OID_PKCS12 = 100,
324    SEC_OID_PKCS12_MODE_IDS = 101,
325    SEC_OID_PKCS12_ESPVK_IDS = 102,
326    SEC_OID_PKCS12_BAG_IDS = 103,
327    SEC_OID_PKCS12_CERT_BAG_IDS = 104,
328    SEC_OID_PKCS12_OIDS = 105,
329    SEC_OID_PKCS12_PBE_IDS = 106,
330    SEC_OID_PKCS12_SIGNATURE_IDS = 107,
331    SEC_OID_PKCS12_ENVELOPING_IDS = 108,
332   /* SEC_OID_PKCS12_OFFLINE_TRANSPORT_MODE,
333    SEC_OID_PKCS12_ONLINE_TRANSPORT_MODE, */
334    SEC_OID_PKCS12_PKCS8_KEY_SHROUDING = 109,
335    SEC_OID_PKCS12_KEY_BAG_ID = 110,
336    SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID = 111,
337    SEC_OID_PKCS12_SECRET_BAG_ID = 112,
338    SEC_OID_PKCS12_X509_CERT_CRL_BAG = 113,
339    SEC_OID_PKCS12_SDSI_CERT_BAG = 114,
340    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4 = 115,
341    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4 = 116,
342    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC = 117,
343    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 118,
344    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 119,
345    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4 = 120,
346    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4 = 121,
347    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES = 122,
348    SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST = 123,
349    /* end of PKCS 12 additions */
350
351    /* DSA signatures */
352    SEC_OID_ANSIX9_DSA_SIGNATURE = 124,
353    SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST = 125,
354    SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 126,
355
356    /* Verisign OIDs */
357    SEC_OID_VERISIGN_USER_NOTICES = 127,
358
359    /* PKIX OIDs */
360    SEC_OID_PKIX_CPS_POINTER_QUALIFIER = 128,
361    SEC_OID_PKIX_USER_NOTICE_QUALIFIER = 129,
362    SEC_OID_PKIX_OCSP = 130,
363    SEC_OID_PKIX_OCSP_BASIC_RESPONSE = 131,
364    SEC_OID_PKIX_OCSP_NONCE = 132,
365    SEC_OID_PKIX_OCSP_CRL = 133,
366    SEC_OID_PKIX_OCSP_RESPONSE = 134,
367    SEC_OID_PKIX_OCSP_NO_CHECK = 135,
368    SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 136,
369    SEC_OID_PKIX_OCSP_SERVICE_LOCATOR = 137,
370    SEC_OID_PKIX_REGCTRL_REGTOKEN = 138,
371    SEC_OID_PKIX_REGCTRL_AUTHENTICATOR = 139,
372    SEC_OID_PKIX_REGCTRL_PKIPUBINFO = 140,
373    SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 141,
374    SEC_OID_PKIX_REGCTRL_OLD_CERT_ID = 142,
375    SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 143,
376    SEC_OID_PKIX_REGINFO_UTF8_PAIRS = 144,
377    SEC_OID_PKIX_REGINFO_CERT_REQUEST = 145,
378    SEC_OID_EXT_KEY_USAGE_SERVER_AUTH = 146,
379    SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH = 147,
380    SEC_OID_EXT_KEY_USAGE_CODE_SIGN = 148,
381    SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT = 149,
382    SEC_OID_EXT_KEY_USAGE_TIME_STAMP = 150,
383    SEC_OID_OCSP_RESPONDER = 151,
384
385    /* Netscape Algorithm OIDs */
386    SEC_OID_NETSCAPE_SMIME_KEA = 152,
387
388    /* Skipjack OID -- ### mwelch temporary */
389    SEC_OID_FORTEZZA_SKIPJACK = 153,
390
391    /* PKCS 12 V2 oids */
392    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4 = 154,
393    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 = 155,
394    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC = 156,
395    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC = 157,
396    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 158,
397    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 159,
398    SEC_OID_PKCS12_SAFE_CONTENTS_ID = 160,
399    SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID = 161,
400
401    SEC_OID_PKCS12_V1_KEY_BAG_ID = 162,
402    SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID = 163,
403    SEC_OID_PKCS12_V1_CERT_BAG_ID = 164,
404    SEC_OID_PKCS12_V1_CRL_BAG_ID = 165,
405    SEC_OID_PKCS12_V1_SECRET_BAG_ID = 166,
406    SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID = 167,
407    SEC_OID_PKCS9_X509_CERT = 168,
408    SEC_OID_PKCS9_SDSI_CERT = 169,
409    SEC_OID_PKCS9_X509_CRL = 170,
410    SEC_OID_PKCS9_FRIENDLY_NAME = 171,
411    SEC_OID_PKCS9_LOCAL_KEY_ID = 172,
412    SEC_OID_PKCS12_KEY_USAGE = 173,
413
414    /*Diffe Helman OIDS */
415    SEC_OID_X942_DIFFIE_HELMAN_KEY = 174,
416
417    /* Netscape other name types */
418    SEC_OID_NETSCAPE_NICKNAME = 175,
419
420    /* Cert Server OIDS */
421    SEC_OID_NETSCAPE_RECOVERY_REQUEST = 176,
422
423    /* New PSM certificate management OIDs */
424    SEC_OID_CERT_RENEWAL_LOCATOR = 177,
425    SEC_OID_NS_CERT_EXT_SCOPE_OF_USE = 178,
426
427    /* CMS (RFC2630) OIDs */
428    SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN = 179,
429    SEC_OID_CMS_3DES_KEY_WRAP = 180,
430    SEC_OID_CMS_RC2_KEY_WRAP = 181,
431
432    /* SMIME attributes */
433    SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE = 182,
434
435    /* AES OIDs */
436    SEC_OID_AES_128_ECB 	= 183,
437    SEC_OID_AES_128_CBC 	= 184,
438    SEC_OID_AES_192_ECB 	= 185,
439    SEC_OID_AES_192_CBC 	= 186,
440    SEC_OID_AES_256_ECB 	= 187,
441    SEC_OID_AES_256_CBC 	= 188,
442
443    SEC_OID_SDN702_DSA_SIGNATURE = 189,
444
445    SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE = 190,
446
447    SEC_OID_SHA256              = 191,
448    SEC_OID_SHA384              = 192,
449    SEC_OID_SHA512              = 193,
450
451    SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 194,
452    SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 195,
453    SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 196,
454
455    SEC_OID_AES_128_KEY_WRAP	= 197,
456    SEC_OID_AES_192_KEY_WRAP	= 198,
457    SEC_OID_AES_256_KEY_WRAP	= 199,
458
459    SEC_OID_SHA224              = 200,
460
461    SEC_OID_TOTAL
462} SECOidTag;
463
464
465#if defined(__cplusplus)
466}
467#endif
468
469#endif /* _SECURITY_SECCMSBASE_H_ */
470