]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/sslCrypto.h
Security-55471.14.tar.gz
[apple/security.git] / libsecurity_ssl / lib / sslCrypto.h
1 /*
2 * Copyright (c) 2006-2008,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * sslCrypto.h - interface between SSL and crypto libraries
26 */
27
28 #ifndef _SSL_CRYPTO_H_
29 #define _SSL_CRYPTO_H_ 1
30
31 #include "ssl.h"
32 #include "sslContext.h"
33 #include <Security/SecKeyPriv.h>
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NDEBUG
40 extern void stPrintCdsaError(const char *op, OSStatus crtn);
41 #else
42 #define stPrintCdsaError(o, cr)
43 #endif
44
45 /*
46 * Free a pubKey object.
47 */
48 extern OSStatus sslFreePubKey(SSLPubKey **pubKey);
49
50 /*
51 * Free a privKey object.
52 */
53 extern OSStatus sslFreePrivKey(SSLPrivKey **privKey);
54
55 extern CFIndex sslPubKeyGetAlgorithmID(SSLPubKey *pubKey);
56 extern CFIndex sslPrivKeyGetAlgorithmID(SSLPrivKey *privKey);
57
58 /*
59 * Create a new SecTrust object and return it.
60 */
61 OSStatus
62 sslCreateSecTrust(
63 SSLContext *ctx,
64 CFArrayRef certChain,
65 bool arePeerCerts,
66 SecTrustRef *trust); /* RETURNED */
67
68
69 /*
70 * Verify a cert chain.
71 */
72 extern OSStatus sslVerifyCertChain(
73 SSLContext *ctx,
74 #ifdef USE_SSLCERTIFICATE
75 const SSLCertificate *certChain,
76 #else /* !USE_SSLCERTIFICATE */
77 CFArrayRef certChain,
78 #endif /* !USE_SSLCERTIFICATE */
79 bool arePeerCerts);
80
81 /*
82 * Get the peer's public key from the certificate chain.
83 */
84 extern OSStatus sslCopyPeerPubKey(
85 SSLContext *ctx,
86 SSLPubKey **pubKey);
87
88
89 /*
90 * Raw RSA/DSA sign/verify.
91 */
92 OSStatus sslRawSign(
93 SSLContext *ctx,
94 SSLPrivKey *privKey,
95 const uint8_t *plainText,
96 size_t plainTextLen,
97 uint8_t *sig, // mallocd by caller; RETURNED
98 size_t sigLen, // available
99 size_t *actualBytes); // RETURNED
100
101 OSStatus sslRawVerify(
102 SSLContext *ctx,
103 SSLPubKey *pubKey,
104 const uint8_t *plainText,
105 size_t plainTextLen,
106 const uint8_t *sig,
107 size_t sigLen); // available
108
109 /* TLS 1.2 style RSA sign */
110 OSStatus sslRsaSign(
111 SSLContext *ctx,
112 SSLPrivKey *privKey,
113 const SecAsn1AlgId *algId,
114 const uint8_t *plainText,
115 size_t plainTextLen,
116 uint8_t *sig, // mallocd by caller; RETURNED
117 size_t sigLen, // available
118 size_t *actualBytes); // RETURNED
119
120 /* TLS 1.2 style RSA verify */
121 OSStatus sslRsaVerify(
122 SSLContext *ctx,
123 SSLPubKey *pubKey,
124 const SecAsn1AlgId *algId,
125 const uint8_t *plainText,
126 size_t plainTextLen,
127 const uint8_t *sig,
128 size_t sigLen); // available
129
130 /*
131 * Encrypt/Decrypt
132 */
133 OSStatus sslRsaEncrypt(
134 SSLContext *ctx,
135 SSLPubKey *pubKey,
136 #ifdef USE_CDSA_CRYPTO
137 CSSM_CSP_HANDLE cspHand,
138 #endif
139 const uint32_t padding,
140 const uint8_t *plainText,
141 size_t plainTextLen,
142 uint8_t *cipherText, // mallocd by caller; RETURNED
143 size_t cipherTextLen, // available
144 size_t *actualBytes); // RETURNED
145 OSStatus sslRsaDecrypt(
146 SSLContext *ctx,
147 SSLPrivKey *privKey,
148 const uint32_t padding,
149 const uint8_t *cipherText,
150 size_t cipherTextLen,
151 uint8_t *plainText, // mallocd by caller; RETURNED
152 size_t plainTextLen, // available
153 size_t *actualBytes); // RETURNED
154
155 /*
156 * Obtain size of key in bytes.
157 */
158 extern size_t sslPrivKeyLengthInBytes(
159 SSLPrivKey *sslKey);
160
161 extern size_t sslPubKeyLengthInBytes(
162 SSLPubKey *sslKey);
163
164 /* Obtain max signature size in bytes. */
165 extern OSStatus sslGetMaxSigSize(
166 SSLPrivKey *privKey,
167 size_t *maxSigSize);
168
169 #if 0
170 /*
171 * Get raw key bits from an RSA public key.
172 */
173 OSStatus sslGetPubKeyBits(
174 SSLContext *ctx,
175 SSLPubKey *pubKey,
176 SSLBuffer *modulus, // data mallocd and RETURNED
177 SSLBuffer *exponent); // data mallocd and RETURNED
178 #endif
179
180 /*
181 * Given raw RSA key bits, cook up a SSLPubKey. Used in
182 * Server-initiated key exchange.
183 */
184 OSStatus sslGetPubKeyFromBits(
185 SSLContext *ctx,
186 const SSLBuffer *modulus,
187 const SSLBuffer *exponent,
188 SSLPubKey **pubKey); // mallocd and RETURNED
189
190 OSStatus sslVerifySelectedCipher(
191 SSLContext *ctx);
192
193 #if APPLE_DH
194 int sslDhGenerateParams(SSLContext *ctx, uint32_t g, size_t prime_size,
195 SSLBuffer *params, SSLBuffer *generator, SSLBuffer *prime);
196
197 OSStatus sslDhCreateKey(SSLContext *ctx);
198 OSStatus sslDhGenerateKeyPair(SSLContext *ctx);
199 OSStatus sslDhKeyExchange(SSLContext *ctx);
200
201 OSStatus sslDecodeDhParams(
202 const SSLBuffer *blob, /* Input - PKCS-3 encoded */
203 SSLBuffer *prime, /* Output - wire format */
204 SSLBuffer *generator); /* Output - wire format */
205
206 OSStatus sslEncodeDhParams(
207 SSLBuffer *blob, /* data mallocd and RETURNED - PKCS-3 encoded */
208 const SSLBuffer *prime, /* Input - wire format */
209 const SSLBuffer *generator); /* Input - wire format */
210
211 #endif /* APPLE_DH */
212
213 /*
214 * Given an ECDSA public key in CSSM format, extract the SSL_ECDSA_NamedCurve
215 * from its algorithm parameters.
216 */
217 OSStatus sslEcdsaPeerCurve(
218 SSLPubKey *pubKey,
219 SSL_ECDSA_NamedCurve *namedCurve);
220 OSStatus sslEcdhGenerateKeyPair(
221 SSLContext *ctx,
222 SSL_ECDSA_NamedCurve namedCurve);
223 OSStatus sslEcdhKeyExchange(
224 SSLContext *ctx,
225 SSLBuffer *exchanged);
226
227 #ifdef __cplusplus
228 }
229 #endif
230
231
232 #endif /* _SSL_CRYPTO_H_ */