libsecurity_ssl/lib/appleCdsa.h

   1 /*
   2  * Copyright (c) 1999-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*
  25  * appleCdsa.h - interface between SSL and CDSA
  26  */
  27
  28 #ifndef _APPLE_CDSA_H_
  29 #define _APPLE_CDSA_H_  1
  30
  31 #include "ssl.h"
  32 #include "sslPriv.h"
  33 #include "sslContext.h"
  34 #include <Security/cssmtype.h>
  35
  36 #ifdef __cplusplus
  37 extern "C" {
  38 #endif
  39
  40 extern OSStatus sslSetUpSymmKey(
  41         CSSM_KEY_PTR    symKey,
  42         CSSM_ALGORITHMS alg,
  43         CSSM_KEYUSE             keyUse,                 // CSSM_KEYUSE_ENCRYPT, etc.
  44         CSSM_BOOL               copyKey,                // true: copy keyData   false: set by reference
  45         uint8                   *keyData,
  46         size_t          keyDataLen);    // in bytes
  47
  48 extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand,
  49         CSSM_KEY_PTR    *key,
  50         #if             ST_KC_KEYS_NEED_REF
  51         SecKeychainRef  *kcItem);
  52         #else   /* !ST_KC_KEYS_NEED_REF */
  53         void                    *kcItem);
  54         #endif  /* ST_KC_KEYS_NEED_REF*/
  55
  56 extern OSStatus attachToCsp(SSLContext *ctx);
  57 extern OSStatus attachToCl(SSLContext *ctx);
  58 extern OSStatus attachToTp(SSLContext *ctx);
  59 extern OSStatus attachToAll(SSLContext *ctx);
  60 extern OSStatus detachFromAll(SSLContext *ctx);
  61
  62 extern CSSM_DATA_PTR stMallocCssmData(size_t size);
  63 extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct);
  64 extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, size_t length);
  65
  66
  67 /*
  68  * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
  69  */
  70 extern OSStatus sslPubKeyFromCert(
  71         SSLContext                              *ctx,
  72         const SSLBuffer                 *derCert,
  73         CSSM_KEY_PTR                    *pubKey,                // RETURNED
  74         CSSM_CSP_HANDLE                 *cspHand);              // RETURNED
  75
  76 /*
  77  * Verify a cert chain.
  78  */
  79 extern OSStatus sslVerifyCertChain(
  80         SSLContext                              *ctx,
  81         const SSLCertificate    *certChain,
  82         bool                                    arePeerCerts);
  83
  84 /*
  85  * Raw RSA/DSA sign/verify.
  86  */
  87 OSStatus sslRawSign(
  88         SSLContext                      *ctx,
  89         SecKeyRef                       privKeyRef,
  90         const UInt8                     *plainText,
  91         size_t                  plainTextLen,
  92         UInt8                           *sig,                   // mallocd by caller; RETURNED
  93         size_t                  sigLen,                 // available
  94         size_t                  *actualBytes);  // RETURNED
  95
  96 OSStatus sslRawVerify(
  97         SSLContext                      *ctx,
  98         const CSSM_KEY          *pubKey,
  99         CSSM_CSP_HANDLE         cspHand,
 100         const UInt8                     *plainText,
 101         size_t                  plainTextLen,
 102         const UInt8                     *sig,
 103         size_t                  sigLen);                // available
 104
 105 /*
 106  * Encrypt/Decrypt
 107  */
 108 OSStatus sslRsaEncrypt(
 109         SSLContext                      *ctx,
 110         const CSSM_KEY          *pubKey,
 111         CSSM_CSP_HANDLE         cspHand,
 112         CSSM_PADDING            padding,                // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
 113         const UInt8                     *plainText,
 114         size_t                          plainTextLen,
 115         UInt8                           *cipherText,    // mallocd by caller; RETURNED
 116         size_t                          cipherTextLen,  // available
 117         size_t                          *actualBytes);  // RETURNED
 118 OSStatus sslRsaDecrypt(
 119         SSLContext                      *ctx,
 120         SecKeyRef                       privKeyRef,
 121         CSSM_PADDING            padding,                // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
 122         const UInt8                     *cipherText,
 123         size_t                          cipherTextLen,
 124         UInt8                           *plainText,             // mallocd by caller; RETURNED
 125         size_t                          plainTextLen,   // available
 126         size_t                          *actualBytes);  // RETURNED
 127
 128 /*
 129  * Obtain size of key in bytes.
 130  */
 131 extern uint32 sslKeyLengthInBytes(
 132         const CSSM_KEY  *key);
 133
 134 /* Obtain max signature size in bytes. */
 135 extern OSStatus sslGetMaxSigSize(
 136         const CSSM_KEY  *privKey,
 137         uint32                  *maxSigSize);
 138
 139 /*
 140  * Get raw key bits from an RSA public key.
 141  */
 142 OSStatus sslGetPubKeyBits(
 143         SSLContext                      *ctx,
 144         const CSSM_KEY          *pubKey,
 145         CSSM_CSP_HANDLE         cspHand,
 146         SSLBuffer                       *modulus,               // data mallocd and RETURNED
 147         SSLBuffer                       *exponent);             // data mallocd and RETURNED
 148
 149 /*
 150  * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
 151  * Server-initiated key exchange.
 152  */
 153 OSStatus sslGetPubKeyFromBits(
 154         SSLContext                      *ctx,
 155         const SSLBuffer         *modulus,
 156         const SSLBuffer         *exponent,
 157         CSSM_KEY_PTR            *pubKey,                // mallocd and RETURNED
 158         CSSM_CSP_HANDLE         *cspHand);              // RETURNED
 159
 160 /*
 161  * Given a DER-encoded cert, obtain its DER-encoded subject name.
 162  */
 163 CSSM_DATA_PTR sslGetCertSubjectName(
 164         SSLContext                      *ctx,
 165     const CSSM_DATA_PTR cert);
 166
 167 #if             SSL_DEBUG
 168 void verifyTrustedRoots(SSLContext *ctx,
 169         CSSM_DATA_PTR   certs,
 170         unsigned                numCerts);
 171 #endif
 172
 173 void * stAppMalloc (size_t size, void *allocRef);
 174 void stAppFree (void *mem_ptr, void *allocRef);
 175 void * stAppRealloc (void *ptr, size_t size, void *allocRef);
 176 void * stAppCalloc (uint32 num, size_t size, void *allocRef);
 177
 178 OSStatus sslDhGenKeyPairClient(
 179         SSLContext              *ctx,
 180         const SSLBuffer *prime,
 181         const SSLBuffer *generator,
 182         CSSM_KEY_PTR    publicKey,                      // RETURNED
 183         CSSM_KEY_PTR    privateKey);            // RETURNED
 184 OSStatus sslDhGenerateKeyPair(
 185         SSLContext              *ctx,
 186         const SSLBuffer *paramBlob,
 187         uint32                  keySizeInBits,
 188         CSSM_KEY_PTR    publicKey,                      // RETURNED
 189         CSSM_KEY_PTR    privateKey);            // RETURNED
 190 OSStatus sslDhKeyExchange(
 191         SSLContext              *ctx,
 192         uint32                  deriveSizeInBits,
 193         SSLBuffer               *exchanged);
 194 OSStatus sslEcdhGenerateKeyPair(
 195         SSLContext                      *ctx,
 196         SSL_ECDSA_NamedCurve namedCurve);
 197 OSStatus sslEcdhKeyExchange(
 198         SSLContext              *ctx,
 199         SSLBuffer               *exchanged);
 200 OSStatus sslVerifySelectedCipher(
 201         SSLContext              *ctx,
 202         const SSLCipherSpec *selectedCipherSpec);
 203
 204 /*
 205  * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
 206  * No mallocs, just copy the pointer and length.
 207  */
 208 #define SSLBUF_TO_CSSM(sb, cd)  {               \
 209         (cd)->Length = (sb)->length;            \
 210         (cd)->Data   = (sb)->data;                      \
 211 }
 212
 213 #define CSSM_TO_SSLBUF(cd, sb)  {               \
 214         (sb)->length = (cd)->Length;            \
 215         (sb)->data   = (cd)->Data;                      \
 216 }
 217
 218 #ifdef __cplusplus
 219 }
 220 #endif
 221
 222 #endif  /* _APPLE_CDSA_H_ */