]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_ssl/regressions/ssl-utils.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.30.12.tar.gz
[apple/security.git] / Security / libsecurity_ssl / regressions / ssl-utils.c
1 /*
2 * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include <Security/Security.h>
26 #include <AssertMacros.h>
27
28 #include "ssl-utils.h"
29
30 #if TARGET_OS_IPHONE
31
32 #include <Security/SecRSAKey.h>
33 #include <Security/SecECKey.h>
34 #include <Security/SecCertificatePriv.h>
35 #include <Security/SecIdentityPriv.h>
36
37 #include "privkey-1.h"
38 #include "cert-1.h"
39
40 static
41 CFArrayRef chain_from_der(const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len)
42 {
43 SecKeyRef pkey = NULL;
44 SecCertificateRef cert = NULL;
45 SecIdentityRef ident = NULL;
46 CFArrayRef items = NULL;
47
48 require(pkey = SecKeyCreateRSAPrivateKey(kCFAllocatorDefault, pkey_der, pkey_der_len, kSecKeyEncodingPkcs1), errOut);
49 require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
50 require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
51 require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);
52
53 errOut:
54 CFReleaseSafe(pkey);
55 CFReleaseSafe(cert);
56 CFReleaseSafe(ident);
57 return items;
58 }
59
60 #else
61
62 #include "identity-1.h"
63 #define P12_PASSWORD "password"
64
65 static
66 CFArrayRef chain_from_p12(const unsigned char *p12_data, size_t p12_len)
67 {
68 char keychain_path[] = "/tmp/keychain.XXXXXX";
69
70 SecKeychainRef keychain = NULL;
71 CFArrayRef list = NULL;
72 CFDataRef data = NULL;
73
74 SecExternalFormat format=kSecFormatPKCS12;
75 SecExternalItemType type=kSecItemTypeAggregate;
76 SecItemImportExportFlags flags=0;
77 SecKeyImportExportParameters params = {0,};
78 CFArrayRef out = NULL;
79
80 require_noerr(SecKeychainCopyDomainSearchList(kSecPreferencesDomainUser, &list), errOut);
81 require(mktemp(keychain_path), errOut);
82 require_noerr(SecKeychainCreate (keychain_path, strlen(P12_PASSWORD), P12_PASSWORD,
83 FALSE, NULL, &keychain), errOut);
84 require_noerr(SecKeychainSetDomainSearchList(kSecPreferencesDomainUser, list), errOut); // restores the previous search list
85 require(data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, p12_data, p12_len, kCFAllocatorNull), errOut);
86
87
88 params.passphrase=CFSTR("password");
89 params.keyAttributes = CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE;
90
91 require_noerr(SecKeychainItemImport(data, CFSTR(".p12"), &format, &type, flags,
92 &params, keychain, &out), errOut);
93
94 errOut:
95 CFReleaseSafe(data);
96 CFReleaseSafe(keychain);
97 CFReleaseSafe(list);
98
99 return out;
100 }
101
102 #endif
103
104 CFArrayRef server_chain(void)
105 {
106 #if TARGET_OS_IPHONE
107 return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
108 #else
109 return chain_from_p12(identity_1_p12, identity_1_p12_len);
110 #endif
111 }
112
113 CFArrayRef client_chain(void)
114 {
115 #if TARGET_OS_IPHONE
116 return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
117 #else
118 return chain_from_p12(identity_1_p12, identity_1_p12_len);
119 #endif
120 }
121
122 const char *ciphersuite_name(SSLCipherSuite cs)
123 {
124
125 #define C(x) case x: return #x;
126 switch (cs) {
127
128 /* TLS 1.2 addenda, RFC 5246 */
129
130 /* Initial state. */
131 C(TLS_NULL_WITH_NULL_NULL)
132
133 /* Server provided RSA certificate for key exchange. */
134 C(TLS_RSA_WITH_NULL_MD5)
135 C(TLS_RSA_WITH_NULL_SHA)
136 C(TLS_RSA_WITH_RC4_128_MD5)
137 C(TLS_RSA_WITH_RC4_128_SHA)
138 C(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
139 C(TLS_RSA_WITH_AES_128_CBC_SHA)
140 C(TLS_RSA_WITH_AES_256_CBC_SHA)
141 C(TLS_RSA_WITH_NULL_SHA256)
142 C(TLS_RSA_WITH_AES_128_CBC_SHA256)
143 C(TLS_RSA_WITH_AES_256_CBC_SHA256)
144
145 /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
146 C(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA)
147 C(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA)
148 C(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA)
149 C(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
150 C(TLS_DH_DSS_WITH_AES_128_CBC_SHA)
151 C(TLS_DH_RSA_WITH_AES_128_CBC_SHA)
152 C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA)
153 C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
154 C(TLS_DH_DSS_WITH_AES_256_CBC_SHA)
155 C(TLS_DH_RSA_WITH_AES_256_CBC_SHA)
156 C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
157 C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
158 C(TLS_DH_DSS_WITH_AES_128_CBC_SHA256)
159 C(TLS_DH_RSA_WITH_AES_128_CBC_SHA256)
160 C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256)
161 C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
162 C(TLS_DH_DSS_WITH_AES_256_CBC_SHA256)
163 C(TLS_DH_RSA_WITH_AES_256_CBC_SHA256)
164 C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256)
165 C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
166
167 /* Completely anonymous Diffie-Hellman */
168 C(TLS_DH_anon_WITH_RC4_128_MD5)
169 C(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA)
170 C(TLS_DH_anon_WITH_AES_128_CBC_SHA)
171 C(TLS_DH_anon_WITH_AES_256_CBC_SHA)
172 C(TLS_DH_anon_WITH_AES_128_CBC_SHA256)
173 C(TLS_DH_anon_WITH_AES_256_CBC_SHA256)
174
175 /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
176 for TLS. */
177 C(TLS_RSA_WITH_AES_128_GCM_SHA256)
178 C(TLS_RSA_WITH_AES_256_GCM_SHA384)
179 C(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
180 C(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)
181 C(TLS_DH_RSA_WITH_AES_128_GCM_SHA256)
182 C(TLS_DH_RSA_WITH_AES_256_GCM_SHA384)
183 C(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256)
184 C(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384)
185 C(TLS_DH_DSS_WITH_AES_128_GCM_SHA256)
186 C(TLS_DH_DSS_WITH_AES_256_GCM_SHA384)
187 C(TLS_DH_anon_WITH_AES_128_GCM_SHA256)
188 C(TLS_DH_anon_WITH_AES_256_GCM_SHA384)
189
190 /* ECDSA addenda, RFC 4492 */
191 C(TLS_ECDH_ECDSA_WITH_NULL_SHA)
192 C(TLS_ECDH_ECDSA_WITH_RC4_128_SHA)
193 C(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA)
194 C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA)
195 C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA)
196 C(TLS_ECDHE_ECDSA_WITH_NULL_SHA)
197 C(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
198 C(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
199 C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
200 C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
201 C(TLS_ECDH_RSA_WITH_NULL_SHA)
202 C(TLS_ECDH_RSA_WITH_RC4_128_SHA)
203 C(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA)
204 C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA)
205 C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA)
206 C(TLS_ECDHE_RSA_WITH_NULL_SHA)
207 C(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
208 C(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
209 C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
210 C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
211 C(TLS_ECDH_anon_WITH_NULL_SHA)
212 C(TLS_ECDH_anon_WITH_RC4_128_SHA)
213 C(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA)
214 C(TLS_ECDH_anon_WITH_AES_128_CBC_SHA)
215 C(TLS_ECDH_anon_WITH_AES_256_CBC_SHA)
216
217 /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
218 HMAC SHA-256/384. */
219 C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
220 C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
221 C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)
222 C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384)
223 C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
224 C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
225 C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256)
226 C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384)
227
228 /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
229 SHA-256/384 and AES Galois Counter Mode (GCM) */
230 C(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
231 C(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
232 C(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256)
233 C(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384)
234 C(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
235 C(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
236 C(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256)
237 C(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384)
238
239 /* RFC 5746 - Secure Renegotiation */
240 C(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
241
242 /*
243 * Tags for SSL 2 cipher kinds which are not specified
244 * for SSL 3.
245 */
246 C(SSL_RSA_WITH_RC2_CBC_MD5)
247 C(SSL_RSA_WITH_IDEA_CBC_MD5)
248 C(SSL_RSA_WITH_DES_CBC_MD5)
249 C(SSL_RSA_WITH_3DES_EDE_CBC_MD5)
250 C(SSL_NO_SUCH_CIPHERSUITE)
251
252 C(SSL_RSA_EXPORT_WITH_RC4_40_MD5)
253 C(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5)
254 C(SSL_RSA_WITH_IDEA_CBC_SHA)
255 C(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA)
256 C(SSL_RSA_WITH_DES_CBC_SHA)
257 C(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA)
258 C(SSL_DH_DSS_WITH_DES_CBC_SHA)
259 C(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA)
260 C(SSL_DH_RSA_WITH_DES_CBC_SHA)
261 C(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA)
262 C(SSL_DHE_DSS_WITH_DES_CBC_SHA)
263 C(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA)
264 C(SSL_DHE_RSA_WITH_DES_CBC_SHA)
265 C(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5)
266 C(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA)
267 C(SSL_DH_anon_WITH_DES_CBC_SHA)
268 C(SSL_FORTEZZA_DMS_WITH_NULL_SHA)
269 C(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)
270
271
272 default:
273 return "Unknown Ciphersuite";
274 }
275
276 }
mirror of Security