SecureTransport/privateInc/appleCdsa.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           appleCdsa.h
  21
  22         Contains:       interface between SSL and CDSA
  23
  24         Written by:     Doug Mitchell
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _APPLE_CDSA_H_
  31 #define _APPLE_CDSA_H_  1
  32
  33 #include "ssl.h"
  34 #include "sslPriv.h"
  35 #include "sslContext.h"
  36 #include <Security/cssmtype.h>
  37
  38 #ifdef __cplusplus
  39 extern "C" {
  40 #endif
  41
  42 #ifndef         NDEBUG
  43 extern void stPrintCdsaError(const char *op, CSSM_RETURN crtn);
  44 extern char *stCssmErrToStr(CSSM_RETURN err);
  45 #else
  46 #define stPrintCdsaError(o, cr)
  47 #endif
  48
  49 extern OSStatus sslSetUpSymmKey(
  50         CSSM_KEY_PTR    symKey,
  51         CSSM_ALGORITHMS alg,
  52         CSSM_KEYUSE             keyUse,                 // CSSM_KEYUSE_ENCRYPT, etc.
  53         CSSM_BOOL               copyKey,                // true: copy keyData   false: set by reference
  54         uint8                   *keyData,
  55         uint32                  keyDataLen);    // in bytes
  56
  57 extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand,
  58         CSSM_KEY_PTR    *key,
  59         #if             ST_KC_KEYS_NEED_REF
  60         SecKeychainRef  *kcItem);
  61         #else   /* !ST_KC_KEYS_NEED_REF */
  62         void                    *kcItem);
  63         #endif  /* ST_KC_KEYS_NEED_REF*/
  64
  65 extern OSStatus attachToCsp(SSLContext *ctx);
  66 extern OSStatus attachToCl(SSLContext *ctx);
  67 extern OSStatus attachToTp(SSLContext *ctx);
  68 extern OSStatus attachToAll(SSLContext *ctx);
  69 extern OSStatus detachFromAll(SSLContext *ctx);
  70
  71 extern CSSM_DATA_PTR stMallocCssmData(uint32 size);
  72 extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct);
  73 extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, uint32 length);
  74
  75
  76 /*
  77  * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
  78  */
  79 extern OSStatus sslPubKeyFromCert(
  80         SSLContext                              *ctx,
  81         const SSLBuffer                 &derCert,
  82         CSSM_KEY_PTR                    *pubKey,                // RETURNED
  83         CSSM_CSP_HANDLE                 *cspHand);              // RETURNED
  84
  85 /*
  86  * Verify a cert chain.
  87  */
  88 extern OSStatus sslVerifyCertChain(
  89         SSLContext                              *ctx,
  90         const SSLCertificate    &certChain,
  91         bool                                    arePeerCerts = true);
  92
  93 /*
  94  * Raw RSA/DSA sign/verify.
  95  */
  96 OSStatus sslRawSign(
  97         SSLContext                      *ctx,
  98         SecKeyRef                       privKeyRef,
  99         const UInt8                     *plainText,
 100         UInt32                          plainTextLen,
 101         UInt8                           *sig,                   // mallocd by caller; RETURNED
 102         UInt32                          sigLen,                 // available
 103         UInt32                          *actualBytes);  // RETURNED
 104
 105 OSStatus sslRawVerify(
 106         SSLContext                      *ctx,
 107         const CSSM_KEY          *pubKey,
 108         CSSM_CSP_HANDLE         cspHand,
 109         const UInt8                     *plainText,
 110         UInt32                          plainTextLen,
 111         const UInt8                     *sig,
 112         UInt32                          sigLen);                // available
 113
 114 /*
 115  * Encrypt/Decrypt
 116  */
 117 OSStatus sslRsaEncrypt(
 118         SSLContext                      *ctx,
 119         const CSSM_KEY          *pubKey,
 120         CSSM_CSP_HANDLE         cspHand,
 121         const UInt8                     *plainText,
 122         UInt32                          plainTextLen,
 123         UInt8                           *cipherText,            // mallocd by caller; RETURNED
 124         UInt32                          cipherTextLen,          // available
 125         UInt32                          *actualBytes);          // RETURNED
 126 OSStatus sslRsaDecrypt(
 127         SSLContext                      *ctx,
 128         SecKeyRef                       privKeyRef,
 129         const UInt8                     *cipherText,
 130         UInt32                          cipherTextLen,
 131         UInt8                           *plainText,                     // mallocd by caller; RETURNED
 132         UInt32                          plainTextLen,           // available
 133         UInt32                          *actualBytes);          // RETURNED
 134
 135 /*
 136  * Obtain size of key in bytes.
 137  */
 138 extern UInt32 sslKeyLengthInBytes(
 139         const CSSM_KEY  *key);
 140
 141 /* Obtain max signature size in bytes. */
 142 extern OSStatus sslGetMaxSigSize(
 143         const CSSM_KEY  *privKey,
 144         UInt32                  &maxSigSize);
 145
 146 /*
 147  * Get raw key bits from an RSA public key.
 148  */
 149 OSStatus sslGetPubKeyBits(
 150         SSLContext                      *ctx,
 151         const CSSM_KEY          *pubKey,
 152         CSSM_CSP_HANDLE         cspHand,
 153         SSLBuffer                       *modulus,               // data mallocd and RETURNED
 154         SSLBuffer                       *exponent);             // data mallocd and RETURNED
 155
 156 /*
 157  * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
 158  * Server-initiated key exchange.
 159  */
 160 OSStatus sslGetPubKeyFromBits(
 161         SSLContext                      *ctx,
 162         const SSLBuffer         *modulus,
 163         const SSLBuffer         *exponent,
 164         CSSM_KEY_PTR            *pubKey,                // mallocd and RETURNED
 165         CSSM_CSP_HANDLE         *cspHand);              // RETURNED
 166
 167 /*
 168  * Given a DER-encoded cert, obtain its DER-encoded subject name.
 169  */
 170 CSSM_DATA_PTR sslGetCertSubjectName(
 171         SSLContext                      *ctx,
 172     const CSSM_DATA_PTR cert);
 173
 174 #if             SSL_DEBUG
 175 void verifyTrustedRoots(SSLContext *ctx,
 176         CSSM_DATA_PTR   certs,
 177         unsigned                numCerts);
 178 #endif
 179
 180 void * stAppMalloc (uint32 size, void *allocRef);
 181 void stAppFree (void *mem_ptr, void *allocRef);
 182 void * stAppRealloc (void *ptr, uint32 size, void *allocRef);
 183 void * stAppCalloc (uint32 num, uint32 size, void *allocRef);
 184
 185 OSStatus sslDhGenKeyPairClient(
 186         SSLContext              *ctx,
 187         const SSLBuffer &prime,
 188         const SSLBuffer &generator,
 189         CSSM_KEY_PTR    publicKey,                      // RETURNED
 190         CSSM_KEY_PTR    privateKey);            // RETURNED
 191 OSStatus sslDhGenerateKeyPair(
 192         SSLContext              *ctx,
 193         const SSLBuffer &paramBlob,
 194         UInt32                  keySizeInBits,
 195         CSSM_KEY_PTR    publicKey,                      // RETURNED
 196         CSSM_KEY_PTR    privateKey);            // RETURNED
 197 OSStatus sslDhKeyExchange(
 198         SSLContext              *ctx,
 199         uint32                  deriveSizeInBits,
 200         SSLBuffer               *exchanged);
 201 OSStatus sslVerifyNegotiatedCipher(
 202         SSLContext              *ctx);
 203
 204 /*
 205  * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
 206  * No mallocs, just copy the pointer and length.
 207  */
 208 #define SSLBUF_TO_CSSM(sb, cd)  {               \
 209         (cd)->Length = (sb)->length;            \
 210         (cd)->Data   = (sb)->data;                      \
 211 }
 212
 213 #define CSSM_TO_SSLBUF(cd, sb)  {               \
 214         (sb)->length = (cd)->Length;            \
 215         (sb)->data   = (cd)->Data;                      \
 216 }
 217
 218 #ifdef __cplusplus
 219 }
 220 #endif
 221
 222
 223 #endif  /* _APPLE_CDSA_H_ */