1/* 2 * Copyright (c) 2004,2008,2010-2011 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/*! 25 @header SecCmsBase.h 26 @Copyright (c) 2004,2008,2010-2011 Apple Inc. All Rights Reserved. 27 28 @availability 10.4 and later 29 @abstract Interfaces of the CMS implementation. 30 @discussion The functions here implement functions for encoding 31 and decoding Cryptographic Message Syntax (CMS) objects 32 as described in rfc3369. 33 */ 34 35#ifndef _SECURITY_SECCMSBASE_H_ 36#define _SECURITY_SECCMSBASE_H_ 1 37 38#include <Security/SecKey.h> 39#include <Security/SecAsn1Types.h> 40 41#if !USE_CDSA_CRYPTO 42typedef CFTypeRef SecKeychainRef; 43#endif 44 45#if defined(__cplusplus) 46extern "C" { 47#endif 48 49/*! 50 @typedef 51 @discussion XXX We need to remove these from the API and move them back to secoidt.h. 52 */ 53typedef struct SECOidDataStr SECOidData; 54 55/*! 56 @typedef 57 @discussion XXX We might want to get rid of this alltogether. 58 */ 59typedef SecAsn1AlgId SECAlgorithmID; 60 61/*! 62 @typedef 63 @discussion XXX This should probably move to SecKey.h 64 */ 65typedef void * SecSymmetricKeyRef; 66 67/*! 68 @typedef 69 @discussion XXX This should probably move to SecKey.h 70 */ 71typedef SecKeyRef SecPublicKeyRef; 72 73/*! 74 @typedef 75 @discussion XXX This should probably move to SecKey.h 76 */ 77typedef SecKeyRef SecPrivateKeyRef; 78 79/*! 80 @typedef 81 */ 82typedef void(*PK11PasswordFunc)(void); 83 84/*! 85 @typedef 86 */ 87typedef struct SecCmsMessageStr *SecCmsMessageRef; 88 89/*! 90 @typedef 91 */ 92typedef struct SecCmsContentInfoStr *SecCmsContentInfoRef; 93 94/*! 95 @typedef 96 */ 97typedef struct SecCmsSignedDataStr *SecCmsSignedDataRef; 98 99/*! 100 @typedef 101 */ 102typedef struct SecCmsSignerInfoStr *SecCmsSignerInfoRef; 103 104/*! 105 @typedef 106 */ 107typedef struct SecCmsEnvelopedDataStr *SecCmsEnvelopedDataRef; 108 109/*! 110 @typedef 111 */ 112typedef struct SecCmsRecipientInfoStr *SecCmsRecipientInfoRef; 113 114/*! 115 @typedef 116 */ 117typedef struct SecCmsDigestedDataStr *SecCmsDigestedDataRef; 118 119/*! 120 @typedef 121 */ 122typedef struct SecCmsEncryptedDataStr *SecCmsEncryptedDataRef; 123 124/*! 125 @typedef 126 */ 127typedef struct SecCmsDecoderStr *SecCmsDecoderRef; 128 129/*! 130 @typedef 131 */ 132typedef struct SecCmsEncoderStr *SecCmsEncoderRef; 133 134/*! 135 @typedef 136 */ 137typedef struct SecCmsDigestContextStr *SecCmsDigestContextRef; 138 139 140/*! 141 @typedef 142 @discussion Type of function passed to SecCmsDecode or SecCmsDecoderStart. 143 If specified, this is where the content bytes (only) will be "sent" as they are recovered during the decoding. 144 And: 145 Type of function passed to SecCmsEncode or SecCmsEncoderStart. 146 This is where the DER-encoded bytes will be "sent". 147 148 XXX Should just combine this with SecCmsEncoderContentCallback type and use a simpler, common name. 149 */ 150typedef void (*SecCmsContentCallback)(void *arg, const char *buf, size_t len); 151 152/*! 153 @typedef 154 @discussion Type of function passed to SecCmsDecode or SecCmsDecoderStart to retrieve the decryption key. This function is intended to be used for EncryptedData content info's which do not have a key available in a certificate, etc. 155 */ 156typedef SecSymmetricKeyRef(*SecCmsGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid); 157 158/*! 159 @enum SecCmsVerificationStatus 160 */ 161typedef enum { 162 SecCmsVSUnverified = 0, 163 SecCmsVSGoodSignature = 1, 164 SecCmsVSBadSignature = 2, 165 SecCmsVSDigestMismatch = 3, 166 SecCmsVSSigningCertNotFound = 4, 167 SecCmsVSSigningCertNotTrusted = 5, 168 SecCmsVSSignatureAlgorithmUnknown = 6, 169 SecCmsVSSignatureAlgorithmUnsupported = 7, 170 SecCmsVSMalformedSignature = 8, 171 SecCmsVSProcessingError = 9 172} SecCmsVerificationStatus; 173 174/*! 175 @enum SecCmsCertChainMode 176 */ 177typedef enum { 178 SecCmsCMNone = 0, 179 SecCmsCMCertOnly = 1, 180 SecCmsCMCertChain = 2, 181 SecCmsCMCertChainWithRoot = 3 182} SecCmsCertChainMode; 183 184/*! 185 @enum 186 @discussion XXX This should be replaced with SecPolicyRefs 187 */ 188typedef enum SECCertUsageEnum { 189 certUsageSSLClient = 0, 190 certUsageSSLServer = 1, 191 certUsageSSLServerWithStepUp = 2, 192 certUsageSSLCA = 3, 193 certUsageEmailSigner = 4, 194 certUsageEmailRecipient = 5, 195 certUsageObjectSigner = 6, 196 certUsageUserCertImport = 7, 197 certUsageVerifyCA = 8, 198 certUsageProtectedObjectSigner = 9, 199 certUsageStatusResponder = 10, 200 certUsageAnyCA = 11 201} SECCertUsage; 202 203 204/*! 205 @enum SECOidTag 206 @abstract Misc object IDs - these numbers are for convenient handling. 207 @discussion They are mapped into real object IDs 208 NOTE: the order of these entries must mach the array "oids" of SECOidData in util/secoid.c. 209 */ 210typedef enum { 211 SEC_OID_UNKNOWN = 0, 212 SEC_OID_MD2 = 1, 213 SEC_OID_MD4 = 2, 214 SEC_OID_MD5 = 3, 215 SEC_OID_SHA1 = 4, 216 SEC_OID_RC2_CBC = 5, 217 SEC_OID_RC4 = 6, 218 SEC_OID_DES_EDE3_CBC = 7, 219 SEC_OID_RC5_CBC_PAD = 8, 220 SEC_OID_DES_ECB = 9, 221 SEC_OID_DES_CBC = 10, 222 SEC_OID_DES_OFB = 11, 223 SEC_OID_DES_CFB = 12, 224 SEC_OID_DES_MAC = 13, 225 SEC_OID_DES_EDE = 14, 226 SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE = 15, 227 SEC_OID_PKCS1_RSA_ENCRYPTION = 16, 228 SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION = 17, 229 SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION = 18, 230 SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION = 19, 231 SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION = 20, 232 SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC = 21, 233 SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC = 22, 234 SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC = 23, 235 SEC_OID_PKCS7 = 24, 236 SEC_OID_PKCS7_DATA = 25, 237 SEC_OID_PKCS7_SIGNED_DATA = 26, 238 SEC_OID_PKCS7_ENVELOPED_DATA = 27, 239 SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA = 28, 240 SEC_OID_PKCS7_DIGESTED_DATA = 29, 241 SEC_OID_PKCS7_ENCRYPTED_DATA = 30, 242 SEC_OID_PKCS9_EMAIL_ADDRESS = 31, 243 SEC_OID_PKCS9_UNSTRUCTURED_NAME = 32, 244 SEC_OID_PKCS9_CONTENT_TYPE = 33, 245 SEC_OID_PKCS9_MESSAGE_DIGEST = 34, 246 SEC_OID_PKCS9_SIGNING_TIME = 35, 247 SEC_OID_PKCS9_COUNTER_SIGNATURE = 36, 248 SEC_OID_PKCS9_CHALLENGE_PASSWORD = 37, 249 SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS = 38, 250 SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES = 39, 251 SEC_OID_PKCS9_SMIME_CAPABILITIES = 40, 252 SEC_OID_AVA_COMMON_NAME = 41, 253 SEC_OID_AVA_COUNTRY_NAME = 42, 254 SEC_OID_AVA_LOCALITY = 43, 255 SEC_OID_AVA_STATE_OR_PROVINCE = 44, 256 SEC_OID_AVA_ORGANIZATION_NAME = 45, 257 SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME = 46, 258 SEC_OID_AVA_DN_QUALIFIER = 47, 259 SEC_OID_AVA_DC = 48, 260 261 SEC_OID_NS_TYPE_GIF = 49, 262 SEC_OID_NS_TYPE_JPEG = 50, 263 SEC_OID_NS_TYPE_URL = 51, 264 SEC_OID_NS_TYPE_HTML = 52, 265 SEC_OID_NS_TYPE_CERT_SEQUENCE = 53, 266 SEC_OID_MISSI_KEA_DSS_OLD = 54, 267 SEC_OID_MISSI_DSS_OLD = 55, 268 SEC_OID_MISSI_KEA_DSS = 56, 269 SEC_OID_MISSI_DSS = 57, 270 SEC_OID_MISSI_KEA = 58, 271 SEC_OID_MISSI_ALT_KEA = 59, 272 273 /* Netscape private certificate extensions */ 274 SEC_OID_NS_CERT_EXT_NETSCAPE_OK = 60, 275 SEC_OID_NS_CERT_EXT_ISSUER_LOGO = 61, 276 SEC_OID_NS_CERT_EXT_SUBJECT_LOGO = 62, 277 SEC_OID_NS_CERT_EXT_CERT_TYPE = 63, 278 SEC_OID_NS_CERT_EXT_BASE_URL = 64, 279 SEC_OID_NS_CERT_EXT_REVOCATION_URL = 65, 280 SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL = 66, 281 SEC_OID_NS_CERT_EXT_CA_CRL_URL = 67, 282 SEC_OID_NS_CERT_EXT_CA_CERT_URL = 68, 283 SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 69, 284 SEC_OID_NS_CERT_EXT_CA_POLICY_URL = 70, 285 SEC_OID_NS_CERT_EXT_HOMEPAGE_URL = 71, 286 SEC_OID_NS_CERT_EXT_ENTITY_LOGO = 72, 287 SEC_OID_NS_CERT_EXT_USER_PICTURE = 73, 288 SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME = 74, 289 SEC_OID_NS_CERT_EXT_COMMENT = 75, 290 SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL = 76, 291 SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME = 77, 292 SEC_OID_NS_KEY_USAGE_GOVT_APPROVED = 78, 293 294 /* x.509 v3 Extensions */ 295 SEC_OID_X509_SUBJECT_DIRECTORY_ATTR = 79, 296 SEC_OID_X509_SUBJECT_KEY_ID = 80, 297 SEC_OID_X509_KEY_USAGE = 81, 298 SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 82, 299 SEC_OID_X509_SUBJECT_ALT_NAME = 83, 300 SEC_OID_X509_ISSUER_ALT_NAME = 84, 301 SEC_OID_X509_BASIC_CONSTRAINTS = 85, 302 SEC_OID_X509_NAME_CONSTRAINTS = 86, 303 SEC_OID_X509_CRL_DIST_POINTS = 87, 304 SEC_OID_X509_CERTIFICATE_POLICIES = 88, 305 SEC_OID_X509_POLICY_MAPPINGS = 89, 306 SEC_OID_X509_POLICY_CONSTRAINTS = 90, 307 SEC_OID_X509_AUTH_KEY_ID = 91, 308 SEC_OID_X509_EXT_KEY_USAGE = 92, 309 SEC_OID_X509_AUTH_INFO_ACCESS = 93, 310 311 SEC_OID_X509_CRL_NUMBER = 94, 312 SEC_OID_X509_REASON_CODE = 95, 313 SEC_OID_X509_INVALID_DATE = 96, 314 /* End of x.509 v3 Extensions */ 315 316 SEC_OID_X500_RSA_ENCRYPTION = 97, 317 318 /* alg 1485 additions */ 319 SEC_OID_RFC1274_UID = 98, 320 SEC_OID_RFC1274_MAIL = 99, 321 322 /* PKCS 12 additions */ 323 SEC_OID_PKCS12 = 100, 324 SEC_OID_PKCS12_MODE_IDS = 101, 325 SEC_OID_PKCS12_ESPVK_IDS = 102, 326 SEC_OID_PKCS12_BAG_IDS = 103, 327 SEC_OID_PKCS12_CERT_BAG_IDS = 104, 328 SEC_OID_PKCS12_OIDS = 105, 329 SEC_OID_PKCS12_PBE_IDS = 106, 330 SEC_OID_PKCS12_SIGNATURE_IDS = 107, 331 SEC_OID_PKCS12_ENVELOPING_IDS = 108, 332 /* SEC_OID_PKCS12_OFFLINE_TRANSPORT_MODE, 333 SEC_OID_PKCS12_ONLINE_TRANSPORT_MODE, */ 334 SEC_OID_PKCS12_PKCS8_KEY_SHROUDING = 109, 335 SEC_OID_PKCS12_KEY_BAG_ID = 110, 336 SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID = 111, 337 SEC_OID_PKCS12_SECRET_BAG_ID = 112, 338 SEC_OID_PKCS12_X509_CERT_CRL_BAG = 113, 339 SEC_OID_PKCS12_SDSI_CERT_BAG = 114, 340 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4 = 115, 341 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4 = 116, 342 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC = 117, 343 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 118, 344 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 119, 345 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4 = 120, 346 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4 = 121, 347 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES = 122, 348 SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST = 123, 349 /* end of PKCS 12 additions */ 350 351 /* DSA signatures */ 352 SEC_OID_ANSIX9_DSA_SIGNATURE = 124, 353 SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST = 125, 354 SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 126, 355 356 /* Verisign OIDs */ 357 SEC_OID_VERISIGN_USER_NOTICES = 127, 358 359 /* PKIX OIDs */ 360 SEC_OID_PKIX_CPS_POINTER_QUALIFIER = 128, 361 SEC_OID_PKIX_USER_NOTICE_QUALIFIER = 129, 362 SEC_OID_PKIX_OCSP = 130, 363 SEC_OID_PKIX_OCSP_BASIC_RESPONSE = 131, 364 SEC_OID_PKIX_OCSP_NONCE = 132, 365 SEC_OID_PKIX_OCSP_CRL = 133, 366 SEC_OID_PKIX_OCSP_RESPONSE = 134, 367 SEC_OID_PKIX_OCSP_NO_CHECK = 135, 368 SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 136, 369 SEC_OID_PKIX_OCSP_SERVICE_LOCATOR = 137, 370 SEC_OID_PKIX_REGCTRL_REGTOKEN = 138, 371 SEC_OID_PKIX_REGCTRL_AUTHENTICATOR = 139, 372 SEC_OID_PKIX_REGCTRL_PKIPUBINFO = 140, 373 SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 141, 374 SEC_OID_PKIX_REGCTRL_OLD_CERT_ID = 142, 375 SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 143, 376 SEC_OID_PKIX_REGINFO_UTF8_PAIRS = 144, 377 SEC_OID_PKIX_REGINFO_CERT_REQUEST = 145, 378 SEC_OID_EXT_KEY_USAGE_SERVER_AUTH = 146, 379 SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH = 147, 380 SEC_OID_EXT_KEY_USAGE_CODE_SIGN = 148, 381 SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT = 149, 382 SEC_OID_EXT_KEY_USAGE_TIME_STAMP = 150, 383 SEC_OID_OCSP_RESPONDER = 151, 384 385 /* Netscape Algorithm OIDs */ 386 SEC_OID_NETSCAPE_SMIME_KEA = 152, 387 388 /* Skipjack OID -- ### mwelch temporary */ 389 SEC_OID_FORTEZZA_SKIPJACK = 153, 390 391 /* PKCS 12 V2 oids */ 392 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4 = 154, 393 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 = 155, 394 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC = 156, 395 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC = 157, 396 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 158, 397 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 159, 398 SEC_OID_PKCS12_SAFE_CONTENTS_ID = 160, 399 SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID = 161, 400 401 SEC_OID_PKCS12_V1_KEY_BAG_ID = 162, 402 SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID = 163, 403 SEC_OID_PKCS12_V1_CERT_BAG_ID = 164, 404 SEC_OID_PKCS12_V1_CRL_BAG_ID = 165, 405 SEC_OID_PKCS12_V1_SECRET_BAG_ID = 166, 406 SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID = 167, 407 SEC_OID_PKCS9_X509_CERT = 168, 408 SEC_OID_PKCS9_SDSI_CERT = 169, 409 SEC_OID_PKCS9_X509_CRL = 170, 410 SEC_OID_PKCS9_FRIENDLY_NAME = 171, 411 SEC_OID_PKCS9_LOCAL_KEY_ID = 172, 412 SEC_OID_PKCS12_KEY_USAGE = 173, 413 414 /*Diffe Helman OIDS */ 415 SEC_OID_X942_DIFFIE_HELMAN_KEY = 174, 416 417 /* Netscape other name types */ 418 SEC_OID_NETSCAPE_NICKNAME = 175, 419 420 /* Cert Server OIDS */ 421 SEC_OID_NETSCAPE_RECOVERY_REQUEST = 176, 422 423 /* New PSM certificate management OIDs */ 424 SEC_OID_CERT_RENEWAL_LOCATOR = 177, 425 SEC_OID_NS_CERT_EXT_SCOPE_OF_USE = 178, 426 427 /* CMS (RFC2630) OIDs */ 428 SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN = 179, 429 SEC_OID_CMS_3DES_KEY_WRAP = 180, 430 SEC_OID_CMS_RC2_KEY_WRAP = 181, 431 432 /* SMIME attributes */ 433 SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE = 182, 434 435 /* AES OIDs */ 436 SEC_OID_AES_128_ECB = 183, 437 SEC_OID_AES_128_CBC = 184, 438 SEC_OID_AES_192_ECB = 185, 439 SEC_OID_AES_192_CBC = 186, 440 SEC_OID_AES_256_ECB = 187, 441 SEC_OID_AES_256_CBC = 188, 442 443 SEC_OID_SDN702_DSA_SIGNATURE = 189, 444 445 SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE = 190, 446 447 SEC_OID_SHA256 = 191, 448 SEC_OID_SHA384 = 192, 449 SEC_OID_SHA512 = 193, 450 451 SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 194, 452 SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 195, 453 SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 196, 454 455 SEC_OID_AES_128_KEY_WRAP = 197, 456 SEC_OID_AES_192_KEY_WRAP = 198, 457 SEC_OID_AES_256_KEY_WRAP = 199, 458 459 SEC_OID_SHA224 = 200, 460 461 SEC_OID_TOTAL 462} SECOidTag; 463 464 465#if defined(__cplusplus) 466} 467#endif 468 469#endif /* _SECURITY_SECCMSBASE_H_ */ 470