]> git.saurik.com Git - apple/security.git/blob - sslViewer/sslAppUtils.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.51.3.tar.gz
[apple/security.git] / sslViewer / sslAppUtils.h
1 /*
2 * Copyright (c) 2006-2008,2010 Apple Inc. All Rights Reserved.
3 */
4
5 #ifndef _SSLS_APP_UTILS_H_
6 #define _SSLS_APP_UTILS_H_ 1
7
8 #include <Security/SecBase.h>
9 #include <Security/SecureTransport.h>
10 #include <Security/SecureTransportPriv.h>
11 #include <CoreFoundation/CFArray.h>
12 #include <stdbool.h>
13 #include <Security/SecCertificate.h>
14
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18
19 #if ! SEC_OS_OSX_INCLUDES
20 typedef struct OpaqueSecKeychainRef *SecKeychainRef;
21 #endif
22
23 /* disable some Panther-only features */
24 #define JAGUAR_BUILD 0
25
26 const char *sslGetCipherSuiteString(SSLCipherSuite cs);
27 const char *sslGetProtocolVersionString(SSLProtocol prot);
28 const char *sslGetSSLErrString(OSStatus err);
29 void printSslErrStr(const char *op, OSStatus err);
30 const char *sslGetClientCertStateString(SSLClientCertificateState state);
31 const char *sslGetClientAuthTypeString(SSLClientAuthenticationType authType);
32
33 CFArrayRef getSslCerts(
34 const char *kcName, // may be NULL, i.e., use default
35 bool encryptOnly,
36 bool completeCertChain,
37 const char *anchorFile, // optional trusted anchor
38 SecKeychainRef *pKcRef); // RETURNED
39 OSStatus sslCompleteCertChain(
40 SecIdentityRef identity,
41 SecCertificateRef trustedAnchor, // optional additional trusted anchor
42 bool includeRoot, // include the root in outArray
43 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
44 CFArrayRef *outArray); // created and RETURNED
45 CFArrayRef sslKcRefToCertArray(
46 SecKeychainRef kcRef,
47 bool encryptOnly,
48 bool completeCertChain,
49 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL policy to complete
50 const char *trustedAnchorFile);
51
52 OSStatus addTrustedSecCert(
53 SSLContextRef ctx,
54 SecCertificateRef secCert,
55 bool replaceAnchors);
56 OSStatus sslReadAnchor(
57 const char *anchorFile,
58 SecCertificateRef *certRef);
59 OSStatus sslAddTrustedRoot(
60 SSLContextRef ctx,
61 const char *anchorFile,
62 bool replaceAnchors);
63
64 /*
65 * Assume incoming identity contains a root (e.g., created by
66 * certtool) and add that cert to ST's trusted anchors. This
67 * enables ST's verify of the incoming chain to succeed without
68 * a kludgy "AllowAnyRoot" specification.
69 */
70 OSStatus addIdentityAsTrustedRoot(
71 SSLContextRef ctx,
72 CFArrayRef identArray);
73
74 OSStatus sslAddTrustedRoots(
75 SSLContextRef ctx,
76 SecKeychainRef keychain,
77 bool *foundOne);
78
79 void sslOutputDot();
80
81 /*
82 * Lists of SSLCipherSuites used in sslSetCipherRestrictions.
83 */
84 extern const SSLCipherSuite suites40[];
85 extern const SSLCipherSuite suitesDES[];
86 extern const SSLCipherSuite suitesDES40[];
87 extern const SSLCipherSuite suites3DES[];
88 extern const SSLCipherSuite suitesRC4[];
89 extern const SSLCipherSuite suitesRC4_40[];
90 extern const SSLCipherSuite suitesRC2[];
91 extern const SSLCipherSuite suitesAES128[];
92 extern const SSLCipherSuite suitesAES256[];
93 extern const SSLCipherSuite suitesDH[];
94 extern const SSLCipherSuite suitesDHAnon[];
95 extern const SSLCipherSuite suitesDH_RSA[];
96 extern const SSLCipherSuite suitesDH_DSS[];
97 extern const SSLCipherSuite suites_SHA1[];
98 extern const SSLCipherSuite suites_MD5[];
99 extern const SSLCipherSuite suites_ECDHE[];
100 extern const SSLCipherSuite suites_ECDH[];
101
102 /*
103 * Given an SSLContextRef and an array of SSLCipherSuites, terminated by
104 * SSL_NO_SUCH_CIPHERSUITE, select those SSLCipherSuites which the library
105 * supports and do a SSLSetEnabledCiphers() specifying those.
106 */
107 OSStatus sslSetEnabledCiphers(
108 SSLContextRef ctx,
109 const SSLCipherSuite *ciphers);
110
111 /*
112 * Specify restricted sets of cipherspecs and protocols.
113 */
114 OSStatus sslSetCipherRestrictions(
115 SSLContextRef ctx,
116 char cipherRestrict);
117
118 #ifndef SPHINX
119 OSStatus sslSetProtocols(
120 SSLContextRef ctx,
121 const char *acceptedProts,
122 SSLProtocol tryVersion); // only used if acceptedProts NULL
123 #endif
124
125 int sslVerifyRtn(
126 const char *whichSide, // "client" or "server"
127 OSStatus expectRtn,
128 OSStatus gotRtn);
129 int sslVerifyProtVers(
130 const char *whichSide, // "client" or "server"
131 SSLProtocol expectProt,
132 SSLProtocol gotProt);
133 int sslVerifyClientCertState(
134 const char *whichSide, // "client" or "server"
135 SSLClientCertificateState expectState,
136 SSLClientCertificateState gotState);
137 int sslVerifyCipher(
138 const char *whichSide, // "client" or "server"
139 SSLCipherSuite expectCipher,
140 SSLCipherSuite gotCipher);
141
142
143 /*
144 * Wrapper for sslIdentPicker, with optional trusted anchor specified as a filename.
145 */
146 OSStatus sslIdentityPicker(
147 SecKeychainRef kcRef, // NULL means use default list
148 const char *trustedAnchor, // optional additional trusted anchor
149 bool includeRoot, // true --> root is appended to outArray
150 // false --> root not included
151 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
152 CFArrayRef *outArray); // created and RETURNED
153
154 void sslKeychainPath(
155 const char *kcName,
156 char *kcPath); // allocd by caller, MAXPATHLEN
157
158 /* Verify presence of required file. Returns nonzero if not found. */
159 int sslCheckFile(const char *path);
160
161 /* Stringify a SSL_ECDSA_NamedCurve */
162 extern const char *sslCurveString(
163 SSL_ECDSA_NamedCurve namedCurve);
164
165 SecKeyRef create_private_key_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len);
166 CFArrayRef chain_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len);
167
168 #ifdef __cplusplus
169 }
170 #endif
171
172 #endif /* _SSLS_APP_UTILS_H_ */
mirror of Security