]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/regressions/ssl-utils.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55471.14.tar.gz
[apple/security.git] / libsecurity_ssl / regressions / ssl-utils.c
1 //
2 // ssl-utils.c
3 // libsecurity_ssl
4 //
5 // Created by Fabrice Gautier on 8/7/12.
6 //
7 //
8
9 #include <Security/Security.h>
10 #include <AssertMacros.h>
11
12 #include "ssl-utils.h"
13
14 #if TARGET_OS_IPHONE
15
16 #include <Security/SecRSAKey.h>
17 #include <Security/SecECKey.h>
18 #include <Security/SecCertificatePriv.h>
19 #include <Security/SecIdentityPriv.h>
20
21 #include "privkey-1.h"
22 #include "cert-1.h"
23
24 static
25 CFArrayRef chain_from_der(const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len)
26 {
27 SecKeyRef pkey = NULL;
28 SecCertificateRef cert = NULL;
29 SecIdentityRef ident = NULL;
30 CFArrayRef items = NULL;
31
32 require(pkey = SecKeyCreateRSAPrivateKey(kCFAllocatorDefault, pkey_der, pkey_der_len, kSecKeyEncodingPkcs1), errOut);
33 require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
34 require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
35 require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);
36
37 errOut:
38 CFReleaseSafe(pkey);
39 CFReleaseSafe(cert);
40 CFReleaseSafe(ident);
41 return items;
42 }
43
44 #else
45
46 #include "identity-1.h"
47 #define P12_PASSWORD "password"
48
49 static
50 CFArrayRef chain_from_p12(const unsigned char *p12_data, size_t p12_len)
51 {
52 char keychain_path[] = "/tmp/keychain.XXXXXX";
53
54 SecKeychainRef keychain = NULL;
55 CFArrayRef list;
56 CFDataRef data;
57
58 SecExternalFormat format=kSecFormatPKCS12;
59 SecExternalItemType type=kSecItemTypeAggregate;
60 SecItemImportExportFlags flags=0;
61 SecKeyImportExportParameters params = {0,};
62 CFArrayRef out = NULL;
63
64 require_noerr(SecKeychainCopyDomainSearchList(kSecPreferencesDomainUser, &list), errOut);
65 require(mktemp(keychain_path), errOut);
66 require_noerr(SecKeychainCreate (keychain_path, strlen(P12_PASSWORD), P12_PASSWORD,
67 FALSE, NULL, &keychain), errOut);
68 require_noerr(SecKeychainSetDomainSearchList(kSecPreferencesDomainUser, list), errOut); // restores the previous search list
69 require(data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, p12_data, p12_len, kCFAllocatorNull), errOut);
70
71
72 params.passphrase=CFSTR("password");
73 params.keyAttributes = CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE;
74
75 require_noerr(SecKeychainItemImport(data, CFSTR(".p12"), &format, &type, flags,
76 &params, keychain, &out), errOut);
77
78 errOut:
79 CFReleaseSafe(keychain);
80 CFReleaseSafe(list);
81
82 return out;
83 }
84
85 #endif
86
87 CFArrayRef server_chain(void)
88 {
89 #if TARGET_OS_IPHONE
90 return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
91 #else
92 return chain_from_p12(identity_1_p12, identity_1_p12_len);
93 #endif
94 }
95
96 CFArrayRef client_chain(void)
97 {
98 #if TARGET_OS_IPHONE
99 return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
100 #else
101 return chain_from_p12(identity_1_p12, identity_1_p12_len);
102 #endif
103 }
104
105 const char *ciphersuite_name(SSLCipherSuite cs)
106 {
107
108 #define C(x) case x: return #x;
109 switch (cs) {
110
111 /* TLS 1.2 addenda, RFC 5246 */
112
113 /* Initial state. */
114 C(TLS_NULL_WITH_NULL_NULL)
115
116 /* Server provided RSA certificate for key exchange. */
117 C(TLS_RSA_WITH_NULL_MD5)
118 C(TLS_RSA_WITH_NULL_SHA)
119 C(TLS_RSA_WITH_RC4_128_MD5)
120 C(TLS_RSA_WITH_RC4_128_SHA)
121 C(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
122 C(TLS_RSA_WITH_AES_128_CBC_SHA)
123 C(TLS_RSA_WITH_AES_256_CBC_SHA)
124 C(TLS_RSA_WITH_NULL_SHA256)
125 C(TLS_RSA_WITH_AES_128_CBC_SHA256)
126 C(TLS_RSA_WITH_AES_256_CBC_SHA256)
127
128 /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
129 C(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA)
130 C(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA)
131 C(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA)
132 C(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
133 C(TLS_DH_DSS_WITH_AES_128_CBC_SHA)
134 C(TLS_DH_RSA_WITH_AES_128_CBC_SHA)
135 C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA)
136 C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
137 C(TLS_DH_DSS_WITH_AES_256_CBC_SHA)
138 C(TLS_DH_RSA_WITH_AES_256_CBC_SHA)
139 C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
140 C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
141 C(TLS_DH_DSS_WITH_AES_128_CBC_SHA256)
142 C(TLS_DH_RSA_WITH_AES_128_CBC_SHA256)
143 C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256)
144 C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
145 C(TLS_DH_DSS_WITH_AES_256_CBC_SHA256)
146 C(TLS_DH_RSA_WITH_AES_256_CBC_SHA256)
147 C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256)
148 C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
149
150 /* Completely anonymous Diffie-Hellman */
151 C(TLS_DH_anon_WITH_RC4_128_MD5)
152 C(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA)
153 C(TLS_DH_anon_WITH_AES_128_CBC_SHA)
154 C(TLS_DH_anon_WITH_AES_256_CBC_SHA)
155 C(TLS_DH_anon_WITH_AES_128_CBC_SHA256)
156 C(TLS_DH_anon_WITH_AES_256_CBC_SHA256)
157
158 /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
159 for TLS. */
160 C(TLS_RSA_WITH_AES_128_GCM_SHA256)
161 C(TLS_RSA_WITH_AES_256_GCM_SHA384)
162 C(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
163 C(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)
164 C(TLS_DH_RSA_WITH_AES_128_GCM_SHA256)
165 C(TLS_DH_RSA_WITH_AES_256_GCM_SHA384)
166 C(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256)
167 C(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384)
168 C(TLS_DH_DSS_WITH_AES_128_GCM_SHA256)
169 C(TLS_DH_DSS_WITH_AES_256_GCM_SHA384)
170 C(TLS_DH_anon_WITH_AES_128_GCM_SHA256)
171 C(TLS_DH_anon_WITH_AES_256_GCM_SHA384)
172
173 /* ECDSA addenda, RFC 4492 */
174 C(TLS_ECDH_ECDSA_WITH_NULL_SHA)
175 C(TLS_ECDH_ECDSA_WITH_RC4_128_SHA)
176 C(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA)
177 C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA)
178 C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA)
179 C(TLS_ECDHE_ECDSA_WITH_NULL_SHA)
180 C(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
181 C(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
182 C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
183 C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
184 C(TLS_ECDH_RSA_WITH_NULL_SHA)
185 C(TLS_ECDH_RSA_WITH_RC4_128_SHA)
186 C(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA)
187 C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA)
188 C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA)
189 C(TLS_ECDHE_RSA_WITH_NULL_SHA)
190 C(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
191 C(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
192 C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
193 C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
194 C(TLS_ECDH_anon_WITH_NULL_SHA)
195 C(TLS_ECDH_anon_WITH_RC4_128_SHA)
196 C(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA)
197 C(TLS_ECDH_anon_WITH_AES_128_CBC_SHA)
198 C(TLS_ECDH_anon_WITH_AES_256_CBC_SHA)
199
200 /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
201 HMAC SHA-256/384. */
202 C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
203 C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
204 C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)
205 C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384)
206 C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
207 C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
208 C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256)
209 C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384)
210
211 /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
212 SHA-256/384 and AES Galois Counter Mode (GCM) */
213 C(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
214 C(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
215 C(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256)
216 C(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384)
217 C(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
218 C(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
219 C(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256)
220 C(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384)
221
222 /* RFC 5746 - Secure Renegotiation */
223 C(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
224
225 /*
226 * Tags for SSL 2 cipher kinds which are not specified
227 * for SSL 3.
228 */
229 C(SSL_RSA_WITH_RC2_CBC_MD5)
230 C(SSL_RSA_WITH_IDEA_CBC_MD5)
231 C(SSL_RSA_WITH_DES_CBC_MD5)
232 C(SSL_RSA_WITH_3DES_EDE_CBC_MD5)
233 C(SSL_NO_SUCH_CIPHERSUITE)
234
235 C(SSL_RSA_EXPORT_WITH_RC4_40_MD5)
236 C(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5)
237 C(SSL_RSA_WITH_IDEA_CBC_SHA)
238 C(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA)
239 C(SSL_RSA_WITH_DES_CBC_SHA)
240 C(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA)
241 C(SSL_DH_DSS_WITH_DES_CBC_SHA)
242 C(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA)
243 C(SSL_DH_RSA_WITH_DES_CBC_SHA)
244 C(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA)
245 C(SSL_DHE_DSS_WITH_DES_CBC_SHA)
246 C(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA)
247 C(SSL_DHE_RSA_WITH_DES_CBC_SHA)
248 C(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5)
249 C(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA)
250 C(SSL_DH_anon_WITH_DES_CBC_SHA)
251 C(SSL_FORTEZZA_DMS_WITH_NULL_SHA)
252 C(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)
253
254
255 default:
256 return "Unknown Ciphersuite";
257 }
258
259 }
mirror of Security