]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/cryptType.h
Security-55178.0.1.tar.gz
[apple/security.git] / libsecurity_ssl / lib / cryptType.h
1 /*
2 * Copyright (c) 1999-2001,2005-2008,2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * cryptType.h - Crypto structures and routines
26 */
27
28 #ifndef _CRYPTTYPE_H_
29 #define _CRYPTTYPE_H_ 1
30
31 #include <Security/CipherSuite.h>
32 #include "sslPriv.h"
33 #include "sslContext.h"
34 #include "tls_hmac.h"
35 #include <CommonCrypto/CommonCryptor.h>
36
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40
41 typedef enum
42 { SSL2_RC4_128_WITH_MD5 = 0x010080,
43 SSL2_RC4_128_EXPORT_40_WITH_MD5 = 0x020080,
44 SSL2_RC2_128_CBC_WITH_MD5 = 0x030080,
45 SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080,
46 SSL2_IDEA_128_CBC_WITH_MD5 = 0x050080,
47 SSL2_DES_64_CBC_WITH_MD5 = 0x060040,
48 SSL2_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0
49 } SSL2CipherKind;
50
51 typedef struct
52 { SSL2CipherKind cipherKind;
53 SSLCipherSuite cipherSuite;
54 } SSLCipherMapping;
55
56 typedef OSStatus (*HashInit)(SSLBuffer *digestCtx, SSLContext *sslCtx);
57 typedef OSStatus (*HashUpdate)(SSLBuffer *digestCtx, const SSLBuffer *data);
58 /* HashFinal also does HashClose */
59 typedef OSStatus (*HashFinal)(SSLBuffer *digestCtx, SSLBuffer *digest);
60 typedef OSStatus (*HashClose)(SSLBuffer *digestCtx, SSLContext *sslCtx);
61 typedef OSStatus (*HashClone)(const SSLBuffer *src, SSLBuffer *dest);
62 typedef struct
63 { UInt32 contextSize;
64 UInt32 digestSize;
65 UInt32 macPadSize;
66 HashInit init;
67 HashUpdate update;
68 HashFinal final;
69 HashClose close;
70 HashClone clone;
71 } HashReference;
72
73 /*
74 * TLS addenda:
75 * -- new struct HashHmacReference
76 * -- structs which used to use HashReference now use HashHmacReference
77 * -- new union HashHmacContext, used in CipherContext.
78 */
79 typedef struct {
80 const HashReference *hash;
81 const HMACReference *hmac;
82 } HashHmacReference;
83
84 typedef union {
85 SSLBuffer hashCtx;
86 HMACContextRef hmacCtx;
87 } HashHmacContext;
88
89 /* these are declared in tls_hmac.c */
90 extern const HashHmacReference HashHmacNull;
91 extern const HashHmacReference HashHmacMD5;
92 extern const HashHmacReference HashHmacSHA1;
93 extern const HashHmacReference HashHmacSHA256;
94 extern const HashHmacReference HashHmacSHA384;
95
96 /*
97 * Hack to avoid circular dependency with tls_ssl.h.
98 */
99 struct _SslTlsCallouts;
100
101 /*
102 * All symmetric ciphers go thru CDSA, via these callouts.
103 */
104 struct CipherContext;
105 typedef struct CipherContext CipherContext;
106
107 typedef OSStatus (*SSLKeyFunc)(
108 uint8_t *key,
109 uint8_t *iv,
110 CipherContext *cipherCtx,
111 SSLContext *ctx);
112 typedef OSStatus (*SSLCryptFunc)(
113 const uint8_t *src,
114 uint8_t *dest,
115 size_t len,
116 CipherContext *cipherCtx,
117 SSLContext *ctx);
118 typedef OSStatus (*SSLFinishFunc)(
119 CipherContext *cipherCtx,
120 SSLContext *ctx);
121
122 typedef enum
123 { NotExportable = 0,
124 Exportable = 1
125 } Exportability;
126
127 /*
128 * Statically defined description of a symmetric sipher.
129 */
130 typedef struct {
131 uint8_t keySize; /* Sizes are in bytes */
132 uint8_t secretKeySize;
133 uint8_t ivSize;
134 uint8_t blockSize;
135 CCAlgorithm keyAlg;
136 SSLKeyFunc initialize;
137 SSLCryptFunc encrypt;
138 SSLCryptFunc decrypt;
139 SSLFinishFunc finish;
140 } SSLSymmetricCipher;
141
142 #define MAX_MAC_PADDING 48 /* MD5 MAC padding size = 48 bytes */
143 #define MASTER_SECRET_LEN 48 /* master secret = 3 x MD5 hashes concatenated */
144
145 /* SSL V2 - mac secret is the size of symmetric key, not digest */
146 #define MAX_SYMKEY_SIZE 24
147
148 typedef enum
149 { SSL_NULL_auth,
150 SSL_RSA,
151 SSL_RSA_EXPORT,
152 SSL_DH_DSS,
153 SSL_DH_DSS_EXPORT,
154 SSL_DH_RSA,
155 SSL_DH_RSA_EXPORT,
156 SSL_DHE_DSS,
157 SSL_DHE_DSS_EXPORT,
158 SSL_DHE_RSA,
159 SSL_DHE_RSA_EXPORT,
160 SSL_DH_anon,
161 SSL_DH_anon_EXPORT,
162 SSL_Fortezza,
163
164 /* ECDSA addenda, RFC 4492 */
165 SSL_ECDH_ECDSA,
166 SSL_ECDHE_ECDSA,
167 SSL_ECDH_RSA,
168 SSL_ECDHE_RSA,
169 SSL_ECDH_anon
170 } KeyExchangeMethod;
171
172 typedef struct {
173 SSLCipherSuite cipherSpec;
174 Exportability isExportable;
175 KeyExchangeMethod keyExchangeMethod;
176 const HashHmacReference *macAlgorithm;
177 const SSLSymmetricCipher *cipher;
178 } SSLCipherSpec;
179
180 extern const SSLCipherMapping SSL2CipherMap[];
181 extern const unsigned SSL2CipherMapCount;
182
183 /* Default size of server-generated Diffie-Hellman parameters and keys */
184 #ifdef NDEBUG
185 #define SSL_DH_DEFAULT_PRIME_SIZE 1024 /* in bits */
186 #else
187 #define SSL_DH_DEFAULT_PRIME_SIZE 512 /* in bits */
188 #endif
189 #define SSL_DH_DEFAULT_GENERATOR 2 /* only embedded uses this */
190 #ifdef __cplusplus
191 }
192 #endif
193
194 #endif /* _CRYPTTYPE_H_ */