SecureTransport/privateInc/appleCdsa.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           appleCdsa.h
  21
  22         Contains:       interface between SSL and CDSA
  23
  24         Written by:     Doug Mitchell, based on Netscape SSLRef 3.0
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _APPLE_CDSA_H_
  31 #define _APPLE_CDSA_H_  1
  32
  33 #include "ssl.h"
  34 #include "sslPriv.h"
  35 #include "sslctx.h"
  36 #include "sslerrs.h"
  37 #include <Security/cssmtype.h>
  38
  39 #ifdef __cplusplus
  40 extern "C" {
  41 #endif
  42
  43 #if             SSL_DEBUG
  44 extern void stPrintCdsaError(const char *op, CSSM_RETURN crtn);
  45 extern char *stCssmErrToStr(CSSM_RETURN err);
  46 #else
  47 #define stPrintCdsaError(o, cr)
  48 #endif
  49
  50 extern SSLErr sslSetUpSymmKey(
  51         CSSM_KEY_PTR    symKey,
  52         CSSM_ALGORITHMS alg,
  53         CSSM_KEYUSE             keyUse,                 // CSSM_KEYUSE_ENCRYPT, etc.
  54         CSSM_BOOL               copyKey,                // true: copy keyData   false: set by reference
  55         uint8                   *keyData,
  56         uint32                  keyDataLen);    // in bytes
  57
  58 extern SSLErr sslFreeKey(CSSM_CSP_HANDLE cspHand,
  59         CSSM_KEY_PTR    *key,
  60         #if             ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF
  61         SecKeychainRef  *kcItem);
  62         #else   /* !ST_KEYCHAIN_ENABLE */
  63         void                    *kcItem);
  64         #endif  /* ST_KEYCHAIN_ENABLE*/
  65
  66 extern SSLErr attachToCsp(SSLContext *ctx);
  67 extern SSLErr attachToCl(SSLContext *ctx);
  68 extern SSLErr attachToTp(SSLContext *ctx);
  69 extern SSLErr attachToAll(SSLContext *ctx);
  70 extern SSLErr detachFromAll(SSLContext *ctx);
  71
  72 extern CSSM_DATA_PTR stMallocCssmData(uint32 size);
  73 extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct);
  74 extern SSLErr stSetUpCssmData(CSSM_DATA_PTR data, uint32 length);
  75
  76
  77 /*
  78  * Common RNG function; replaces SSLRef's SSLRandomFunc
  79  */
  80 extern SSLErr sslRand(
  81         SSLContext *ctx,
  82         SSLBuffer *buf);
  83
  84 /*
  85  * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
  86  */
  87 extern SSLErr sslPubKeyFromCert(
  88         SSLContext                              *ctx,
  89         const SSLBuffer                 *derCert,
  90         CSSM_KEY_PTR                    *pubKey,                // RETURNED
  91         CSSM_CSP_HANDLE                 *cspHand);              // RETURNED
  92
  93 /*
  94  * Verify a cert chain.
  95  */
  96 extern SSLErr sslVerifyCertChain(
  97         SSLContext                              *ctx,
  98         const SSLCertificate    *certChain);
  99
 100 /*
 101  * Raw RSA sign/verify.
 102  */
 103 SSLErr sslRsaRawSign(
 104         SSLContext                      *ctx,
 105         const CSSM_KEY          *privKey,
 106         CSSM_CSP_HANDLE         cspHand,
 107         const UInt8                     *plainText,
 108         UInt32                          plainTextLen,
 109         UInt8                           *sig,                   // mallocd by caller; RETURNED
 110         UInt32                          sigLen,                 // available
 111         UInt32                          *actualBytes);  // RETURNED
 112
 113 SSLErr sslRsaRawVerify(
 114         SSLContext                      *ctx,
 115         const CSSM_KEY          *pubKey,
 116         CSSM_CSP_HANDLE         cspHand,
 117         const UInt8                     *plainText,
 118         UInt32                          plainTextLen,
 119         const UInt8                     *sig,
 120         UInt32                          sigLen);                // available
 121
 122 /*
 123  * Encrypt/Decrypt
 124  */
 125 SSLErr sslRsaEncrypt(
 126         SSLContext                      *ctx,
 127         const CSSM_KEY          *pubKey,
 128         CSSM_CSP_HANDLE         cspHand,
 129         const UInt8                     *plainText,
 130         UInt32                          plainTextLen,
 131         UInt8                           *cipherText,            // mallocd by caller; RETURNED
 132         UInt32                          cipherTextLen,          // available
 133         UInt32                          *actualBytes);          // RETURNED
 134 SSLErr sslRsaDecrypt(
 135         SSLContext                      *ctx,
 136         const CSSM_KEY          *privKey,
 137         CSSM_CSP_HANDLE         cspHand,
 138         const UInt8                     *cipherText,
 139         UInt32                          cipherTextLen,
 140         UInt8                           *plainText,                     // mallocd by caller; RETURNED
 141         UInt32                          plainTextLen,           // available
 142         UInt32                          *actualBytes);          // RETURNED
 143
 144 /*
 145  * Obtain size of key in bytes.
 146  */
 147 extern UInt32 sslKeyLengthInBytes(
 148         const CSSM_KEY  *key);
 149
 150 /*
 151  * Get raw key bits from an RSA public key.
 152  */
 153 SSLErr sslGetPubKeyBits(
 154         SSLContext                      *ctx,
 155         const CSSM_KEY          *pubKey,
 156         CSSM_CSP_HANDLE         cspHand,
 157         SSLBuffer                       *modulus,               // data mallocd and RETURNED
 158         SSLBuffer                       *exponent);             // data mallocd and RETURNED
 159
 160 /*
 161  * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
 162  * Server-initiated key exchange.
 163  */
 164 SSLErr sslGetPubKeyFromBits(
 165         SSLContext                      *ctx,
 166         const SSLBuffer         *modulus,
 167         const SSLBuffer         *exponent,
 168         CSSM_KEY_PTR            *pubKey,                // mallocd and RETURNED
 169         CSSM_CSP_HANDLE         *cspHand);              // RETURNED
 170
 171 /*
 172  * Given two certs, verify subjectCert with issuerCert. Returns
 173  * CSSM_TRUE on successful verify.
 174  * Only special case on error is "subject cert expired", indicated by
 175  * *subjectExpired returned as CSSM_TRUE.
 176  */
 177 #if 0
 178 /* no longer needed */
 179 CSSM_BOOL sslVerifyCert(
 180         SSLContext                              *ctx,
 181         const CSSM_DATA_PTR             subjectCert,
 182         const CSSM_DATA_PTR             issuerCert,
 183         CSSM_CSP_HANDLE                 cspHand,                        // can verify with issuerCert
 184         CSSM_BOOL                               *subjectExpired);       // RETURNED
 185 #endif
 186
 187 /*
 188  * Given a DER-encoded cert, obtain its DER-encoded subject name.
 189  */
 190 #if             ST_KEYCHAIN_ENABLE
 191 CSSM_DATA_PTR sslGetCertSubjectName(
 192         SSLContext                      *ctx,
 193     const CSSM_DATA_PTR cert);
 194 #endif          ST_KEYCHAIN_ENABLE
 195
 196 #if             (SSL_DEBUG && ST_KEYCHAIN_ENABLE)
 197 void verifyTrustedRoots(SSLContext *ctx,
 198         CSSM_DATA_PTR   certs,
 199         unsigned                numCerts);
 200 #endif
 201
 202 void * stAppMalloc (uint32 size, void *allocRef);
 203 void stAppFree (void *mem_ptr, void *allocRef);
 204 void * stAppRealloc (void *ptr, uint32 size, void *allocRef);
 205 void * stAppCalloc (uint32 num, uint32 size, void *allocRef);
 206
 207 /*
 208  * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
 209  * No mallocs, just copy the pointer and length.
 210  */
 211 #define SSLBUF_TO_CSSM(sb, cd)  {               \
 212         (cd)->Length = (sb)->length;            \
 213         (cd)->Data   = (sb)->data;                      \
 214 }
 215
 216 #define CSSM_TO_SSLBUF(cd, sb)  {               \
 217         (sb)->length = (cd)->Length;            \
 218         (sb)->data   = (cd)->Data;                      \
 219 }
 220
 221 #ifdef __cplusplus
 222 }
 223 #endif
 224
 225
 226 #endif  /* _APPLE_CDSA_H_ */