SecureTransport/privateInc/appleCdsa.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           appleCdsa.h
  21
  22         Contains:       interface between SSL and CDSA
  23
  24         Written by:     Doug Mitchell, based on Netscape SSLRef 3.0
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _APPLE_CDSA_H_
  31 #define _APPLE_CDSA_H_  1
  32
  33 #include "ssl.h"
  34 #include "sslPriv.h"
  35 #include "sslctx.h"
  36 #include "sslerrs.h"
  37 #include <Security/cssmtype.h>
  38
  39 #ifdef __cplusplus
  40 extern "C" {
  41 #endif
  42
  43 #if             SSL_DEBUG
  44 extern void stPrintCdsaError(const char *op, CSSM_RETURN crtn);
  45 extern char *stCssmErrToStr(CSSM_RETURN err);
  46 #else
  47 #define stPrintCdsaError(o, cr)
  48 #endif
  49
  50 extern SSLErr sslFreeKey(CSSM_CSP_HANDLE cspHand,
  51         CSSM_KEY_PTR    *key,
  52         #if             ST_KEYCHAIN_ENABLE
  53         KCItemRef               *kcItem);
  54         #else   /* !ST_KEYCHAIN_ENABLE */
  55         /* fixme - will we need kcItem as a CL field ptr? */
  56         void                    *kcItem);
  57         #endif  /* ST_KEYCHAIN_ENABLE*/
  58
  59 extern SSLErr attachToCsp(SSLContext *ctx);
  60 extern SSLErr attachToCl(SSLContext *ctx);
  61 extern SSLErr attachToTp(SSLContext *ctx);
  62 extern SSLErr attachToAll(SSLContext *ctx);
  63 extern SSLErr detachFromAll(SSLContext *ctx);
  64
  65 extern CSSM_DATA_PTR stMallocCssmData(uint32 size);
  66 extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct);
  67 extern SSLErr stSetUpCssmData(CSSM_DATA_PTR data, uint32 length);
  68
  69
  70 /*
  71  * Common RNG function; replaces SSLRef's SSLRandomFunc
  72  */
  73 extern SSLErr sslRand(
  74         SSLContext *ctx,
  75         SSLBuffer *buf);
  76
  77 /*
  78  * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
  79  */
  80 extern SSLErr sslPubKeyFromCert(
  81         SSLContext                              *ctx,
  82         const SSLBuffer                 *derCert,
  83         CSSM_KEY_PTR                    *pubKey,                // RETURNED
  84         CSSM_CSP_HANDLE                 *cspHand);              // RETURNED
  85
  86 /*
  87  * Verify a cert chain.
  88  */
  89 extern SSLErr sslVerifyCertChain(
  90         SSLContext                              *ctx,
  91         const SSLCertificate    *certChain);
  92
  93 /*
  94  * Raw RSA sign/verify.
  95  */
  96 SSLErr sslRsaRawSign(
  97         SSLContext                      *ctx,
  98         const CSSM_KEY_PTR      privKey,
  99         CSSM_CSP_HANDLE         cspHand,
 100         const UInt8                     *plainText,
 101         UInt32                          plainTextLen,
 102         UInt8                           *sig,                   // mallocd by caller; RETURNED
 103         UInt32                          sigLen,                 // available
 104         UInt32                          *actualBytes);  // RETURNED
 105
 106 SSLErr sslRsaRawVerify(
 107         SSLContext                      *ctx,
 108         const CSSM_KEY_PTR      pubKey,
 109         CSSM_CSP_HANDLE         cspHand,
 110         const UInt8                     *plainText,
 111         UInt32                          plainTextLen,
 112         const UInt8                     *sig,
 113         UInt32                          sigLen);                // available
 114
 115 /*
 116  * Encrypt/Decrypt
 117  */
 118 SSLErr sslRsaEncrypt(
 119         SSLContext                      *ctx,
 120         const CSSM_KEY_PTR      pubKey,
 121         CSSM_CSP_HANDLE         cspHand,
 122         const UInt8                     *plainText,
 123         UInt32                          plainTextLen,
 124         UInt8                           *cipherText,            // mallocd by caller; RETURNED
 125         UInt32                          cipherTextLen,          // available
 126         UInt32                          *actualBytes);          // RETURNED
 127 SSLErr sslRsaDecrypt(
 128         SSLContext                      *ctx,
 129         const CSSM_KEY_PTR      privKey,
 130         CSSM_CSP_HANDLE         cspHand,
 131         const UInt8                     *cipherText,
 132         UInt32                          cipherTextLen,
 133         UInt8                           *plainText,                     // mallocd by caller; RETURNED
 134         UInt32                          plainTextLen,           // available
 135         UInt32                          *actualBytes);          // RETURNED
 136
 137 /*
 138  * Obtain size of key in bytes.
 139  */
 140 extern UInt32 sslKeyLengthInBytes(
 141         const CSSM_KEY_PTR key);
 142
 143 /*
 144  * Get raw key bits from an RSA public key.
 145  */
 146 SSLErr sslGetPubKeyBits(
 147         SSLContext                      *ctx,
 148         const CSSM_KEY_PTR      pubKey,
 149         CSSM_CSP_HANDLE         cspHand,
 150         SSLBuffer                       *modulus,               // data mallocd and RETURNED
 151         SSLBuffer                       *exponent);             // data mallocd and RETURNED
 152
 153 /*
 154  * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
 155  * Server-initiated key exchange.
 156  */
 157 SSLErr sslGetPubKeyFromBits(
 158         SSLContext                      *ctx,
 159         const SSLBuffer         *modulus,
 160         const SSLBuffer         *exponent,
 161         CSSM_KEY_PTR            *pubKey,                // mallocd and RETURNED
 162         CSSM_CSP_HANDLE         *cspHand);              // RETURNED
 163
 164 /*
 165  * Given two certs, verify subjectCert with issuerCert. Returns
 166  * CSSM_TRUE on successful verify.
 167  * Only special case on error is "subject cert expired", indicated by
 168  * *subjectExpired returned as CSSM_TRUE.
 169  */
 170 #if 0
 171 /* no longer needed */
 172 CSSM_BOOL sslVerifyCert(
 173         SSLContext                              *ctx,
 174         const CSSM_DATA_PTR             subjectCert,
 175         const CSSM_DATA_PTR             issuerCert,
 176         CSSM_CSP_HANDLE                 cspHand,                        // can verify with issuerCert
 177         CSSM_BOOL                               *subjectExpired);       // RETURNED
 178 #endif
 179
 180 /*
 181  * Given a DER-encoded cert, obtain its DER-encoded subject name.
 182  */
 183 #if             ST_KEYCHAIN_ENABLE
 184 CSSM_DATA_PTR sslGetCertSubjectName(
 185         SSLContext                      *ctx,
 186     const CSSM_DATA_PTR cert);
 187 #endif          ST_KEYCHAIN_ENABLE
 188
 189 #if             (SSL_DEBUG && ST_KEYCHAIN_ENABLE)
 190 void verifyTrustedRoots(SSLContext *ctx,
 191         CSSM_DATA_PTR   certs,
 192         unsigned                numCerts);
 193 #endif
 194
 195 void * stAppMalloc (uint32 size, void *allocRef);
 196 void stAppFree (void *mem_ptr, void *allocRef);
 197 void * stAppRealloc (void *ptr, uint32 size, void *allocRef);
 198 void * stAppCalloc (uint32 num, uint32 size, void *allocRef);
 199
 200 /*
 201  * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
 202  * No mallocs, just copy the pointer and length.
 203  */
 204 #define SSLBUF_TO_CSSM(sb, cd)  {               \
 205         (cd)->Length = (sb)->length;            \
 206         (cd)->Data   = (sb)->data;                      \
 207 }
 208
 209 #define CSSM_TO_SSLBUF(cd, sb)  {               \
 210         (sb)->length = (cd)->Length;            \
 211         (sb)->data   = (cd)->Data;                      \
 212 }
 213
 214 #ifdef __cplusplus
 215 }
 216 #endif
 217
 218
 219 #endif  /* _APPLE_CDSA_H_ */