libsecurity_ssl/lib/sslCrypto.h

   1 /*
   2  * Copyright (c) 2006-2008,2010-2012 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*
  25  * sslCrypto.h - interface between SSL and crypto libraries
  26  */
  27
  28 #ifndef _SSL_CRYPTO_H_
  29 #define _SSL_CRYPTO_H_  1
  30
  31 #include "ssl.h"
  32 #include "sslContext.h"
  33 #include <Security/SecKeyPriv.h>
  34
  35 #ifdef __cplusplus
  36 extern "C" {
  37 #endif
  38
  39 #ifndef         NDEBUG
  40 extern void stPrintCdsaError(const char *op, OSStatus crtn);
  41 #else
  42 #define stPrintCdsaError(o, cr)
  43 #endif
  44
  45 /*
  46  * Free a pubKey object.
  47  */
  48 extern OSStatus sslFreePubKey(SSLPubKey **pubKey);
  49
  50 /*
  51  * Free a privKey object.
  52  */
  53 extern OSStatus sslFreePrivKey(SSLPrivKey **privKey);
  54
  55 extern CFIndex sslPubKeyGetAlgorithmID(SSLPubKey *pubKey);
  56 extern CFIndex sslPrivKeyGetAlgorithmID(SSLPrivKey *privKey);
  57
  58 /*
  59  * Create a new SecTrust object and return it.
  60  */
  61 OSStatus
  62 sslCreateSecTrust(
  63         SSLContext                              *ctx,
  64         CFArrayRef                              certChain,
  65         bool                                    arePeerCerts,
  66     SecTrustRef             *trust);    /* RETURNED */
  67
  68
  69 /*
  70  * Verify a cert chain.
  71  */
  72 extern OSStatus sslVerifyCertChain(
  73         SSLContext                              *ctx,
  74 #ifdef USE_SSLCERTIFICATE
  75         const SSLCertificate    *certChain,
  76 #else /* !USE_SSLCERTIFICATE */
  77         CFArrayRef                              certChain,
  78 #endif /* !USE_SSLCERTIFICATE */
  79         bool                                    arePeerCerts);
  80
  81 /*
  82  * Get the peer's public key from the certificate chain.
  83  */
  84 extern OSStatus sslCopyPeerPubKey(
  85         SSLContext                              *ctx,
  86         SSLPubKey               **pubKey);
  87
  88
  89 /*
  90  * Raw RSA/DSA sign/verify.
  91  */
  92 OSStatus sslRawSign(
  93         SSLContext                      *ctx,
  94         SSLPrivKey          *privKey,
  95         const uint8_t       *plainText,
  96         size_t              plainTextLen,
  97         uint8_t                         *sig,                   // mallocd by caller; RETURNED
  98         size_t              sigLen,         // available
  99         size_t              *actualBytes);  // RETURNED
 100
 101 OSStatus sslRawVerify(
 102         SSLContext                      *ctx,
 103         SSLPubKey           *pubKey,
 104         const uint8_t           *plainText,
 105         size_t              plainTextLen,
 106         const uint8_t       *sig,
 107         size_t              sigLen);        // available
 108
 109 /* TLS 1.2 style RSA sign */
 110 OSStatus sslRsaSign(
 111     SSLContext                  *ctx,
 112     SSLPrivKey          *privKey,
 113     const SecAsn1AlgId  *algId,
 114     const uint8_t       *plainText,
 115     size_t              plainTextLen,
 116     uint8_t                             *sig,                   // mallocd by caller; RETURNED
 117     size_t              sigLen,         // available
 118     size_t              *actualBytes);  // RETURNED
 119
 120 /* TLS 1.2 style RSA verify */
 121 OSStatus sslRsaVerify(
 122     SSLContext          *ctx,
 123     SSLPubKey           *pubKey,
 124     const SecAsn1AlgId  *algId,
 125     const uint8_t       *plainText,
 126     size_t              plainTextLen,
 127     const uint8_t       *sig,
 128     size_t              sigLen);         // available
 129
 130 /*
 131  * Encrypt/Decrypt
 132  */
 133 OSStatus sslRsaEncrypt(
 134         SSLContext                      *ctx,
 135         SSLPubKey           *pubKey,
 136 #ifdef USE_CDSA_CRYPTO
 137         CSSM_CSP_HANDLE         cspHand,
 138 #endif
 139         const uint32_t          padding,
 140         const uint8_t       *plainText,
 141         size_t              plainTextLen,
 142         uint8_t                         *cipherText,            // mallocd by caller; RETURNED
 143         size_t              cipherTextLen,      // available
 144         size_t              *actualBytes);      // RETURNED
 145 OSStatus sslRsaDecrypt(
 146         SSLContext                      *ctx,
 147         SSLPrivKey                      *privKey,
 148         const uint32_t          padding,
 149         const uint8_t       *cipherText,
 150         size_t              cipherTextLen,
 151         uint8_t                         *plainText,                     // mallocd by caller; RETURNED
 152         size_t              plainTextLen,               // available
 153         size_t              *actualBytes);              // RETURNED
 154
 155 /*
 156  * Obtain size of key in bytes.
 157  */
 158 extern size_t sslPrivKeyLengthInBytes(
 159         SSLPrivKey *sslKey);
 160
 161 extern size_t sslPubKeyLengthInBytes(
 162         SSLPubKey *sslKey);
 163
 164 /* Obtain max signature size in bytes. */
 165 extern OSStatus sslGetMaxSigSize(
 166         SSLPrivKey *privKey,
 167         size_t           *maxSigSize);
 168
 169 #if 0
 170 /*
 171  * Get raw key bits from an RSA public key.
 172  */
 173 OSStatus sslGetPubKeyBits(
 174         SSLContext                      *ctx,
 175         SSLPubKey           *pubKey,
 176         SSLBuffer                       *modulus,               // data mallocd and RETURNED
 177         SSLBuffer                       *exponent);             // data mallocd and RETURNED
 178 #endif
 179
 180 /*
 181  * Given raw RSA key bits, cook up a SSLPubKey. Used in
 182  * Server-initiated key exchange.
 183  */
 184 OSStatus sslGetPubKeyFromBits(
 185         SSLContext                      *ctx,
 186         const SSLBuffer         *modulus,
 187         const SSLBuffer         *exponent,
 188         SSLPubKey           **pubKey);       // mallocd and RETURNED
 189
 190 OSStatus sslVerifySelectedCipher(
 191         SSLContext              *ctx,
 192         const SSLCipherSpec *selectedCipherSpec);
 193
 194 #if APPLE_DH
 195 int sslDhGenerateParams(SSLContext *ctx, uint32_t g, size_t prime_size,
 196     SSLBuffer *params, SSLBuffer *generator, SSLBuffer *prime);
 197
 198 OSStatus sslDhCreateKey(SSLContext *ctx);
 199 OSStatus sslDhGenerateKeyPair(SSLContext *ctx);
 200 OSStatus sslDhKeyExchange(SSLContext *ctx);
 201
 202 OSStatus sslDecodeDhParams(
 203         const SSLBuffer *blob,                  /* Input - PKCS-3 encoded */
 204         SSLBuffer               *prime,                 /* Output - wire format */
 205     SSLBuffer           *generator);    /* Output - wire format */
 206
 207 OSStatus sslEncodeDhParams(
 208     SSLBuffer           *blob,                  /* data mallocd and RETURNED - PKCS-3 encoded */
 209     const SSLBuffer             *prime,                 /* Input - wire format */
 210     const SSLBuffer             *generator);    /* Input - wire format */
 211
 212 #endif /* APPLE_DH */
 213
 214 /*
 215  * Given an ECDSA public key in CSSM format, extract the SSL_ECDSA_NamedCurve
 216  * from its algorithm parameters.
 217  */
 218 OSStatus sslEcdsaPeerCurve(
 219         SSLPubKey *pubKey,
 220         SSL_ECDSA_NamedCurve *namedCurve);
 221 OSStatus sslEcdhGenerateKeyPair(
 222         SSLContext                      *ctx,
 223         SSL_ECDSA_NamedCurve namedCurve);
 224 OSStatus sslEcdhKeyExchange(
 225         SSLContext              *ctx,
 226         SSLBuffer               *exchanged);
 227
 228 #ifdef __cplusplus
 229 }
 230 #endif
 231
 232
 233 #endif  /* _SSL_CRYPTO_H_ */