]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/clAppUtils/sslAppUtils.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / clAppUtils / sslAppUtils.h
1 #ifndef _SSLS_APP_UTILS_H_
2 #define _SSLS_APP_UTILS_H_ 1
3
4 #include <Security/SecureTransport.h>
5 #include <Security/SecureTransportPriv.h>
6 #include <Security/Security.h>
7 #include <security_utilities/threading.h>
8
9 #ifdef __cplusplus
10 extern "C" {
11 #endif
12
13 /* disable some Panther-only features */
14 #define JAGUAR_BUILD 0
15
16 const char *sslGetCipherSuiteString(SSLCipherSuite cs);
17 const char *sslGetProtocolVersionString(SSLProtocol prot);
18 const char *sslGetSSLErrString(OSStatus err);
19 void printSslErrStr(const char *op, OSStatus err);
20 const char *sslGetClientCertStateString(SSLClientCertificateState state);
21 const char *sslGetClientAuthTypeString(SSLClientAuthenticationType authType);
22
23 CFArrayRef getSslCerts(
24 const char *kcName, // may be NULL, i.e., use default
25 CSSM_BOOL encryptOnly,
26 CSSM_BOOL completeCertChain,
27 const char *anchorFile, // optional trusted anchor
28 SecKeychainRef *pKcRef); // RETURNED
29 OSStatus sslCompleteCertChain(
30 SecIdentityRef identity,
31 SecCertificateRef trustedAnchor, // optional additional trusted anchor
32 bool includeRoot, // include the root in outArray
33 const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
34 CFArrayRef *outArray); // created and RETURNED
35 CFArrayRef sslKcRefToCertArray(
36 SecKeychainRef kcRef,
37 CSSM_BOOL encryptOnly,
38 CSSM_BOOL completeCertChain,
39 const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL policy to complete
40 const char *trustedAnchorFile);
41
42 OSStatus addTrustedSecCert(
43 SSLContextRef ctx,
44 SecCertificateRef secCert,
45 CSSM_BOOL replaceAnchors);
46 OSStatus sslReadAnchor(
47 const char *anchorFile,
48 SecCertificateRef *certRef);
49 OSStatus sslAddTrustedRoot(
50 SSLContextRef ctx,
51 const char *anchorFile,
52 CSSM_BOOL replaceAnchors);
53
54 /*
55 * Assume incoming identity contains a root (e.g., created by
56 * certtool) and add that cert to ST's trusted anchors. This
57 * enables ST's verify of the incoming chain to succeed without
58 * a kludgy "AllowAnyRoot" specification.
59 */
60 OSStatus addIdentityAsTrustedRoot(
61 SSLContextRef ctx,
62 CFArrayRef identArray);
63
64 OSStatus sslAddTrustedRoots(
65 SSLContextRef ctx,
66 SecKeychainRef keychain,
67 bool *foundOne);
68
69 void sslOutputDot();
70
71 /*
72 * Lists of SSLCipherSuites used in sslSetCipherRestrictions.
73 */
74 extern const SSLCipherSuite suites40[];
75 extern const SSLCipherSuite suitesDES[];
76 extern const SSLCipherSuite suitesDES40[];
77 extern const SSLCipherSuite suites3DES[];
78 extern const SSLCipherSuite suitesRC4[];
79 extern const SSLCipherSuite suitesRC4_40[];
80 extern const SSLCipherSuite suitesRC2[];
81 extern const SSLCipherSuite suitesAES128[];
82 extern const SSLCipherSuite suitesAES256[];
83 extern const SSLCipherSuite suitesDH[];
84 extern const SSLCipherSuite suitesDHAnon[];
85 extern const SSLCipherSuite suitesDH_RSA[];
86 extern const SSLCipherSuite suitesDH_DSS[];
87 extern const SSLCipherSuite suites_SHA1[];
88 extern const SSLCipherSuite suites_MD5[];
89 extern const SSLCipherSuite suites_ECDHE[];
90 extern const SSLCipherSuite suites_ECDH[];
91
92 /*
93 * Given an SSLContextRef and an array of SSLCipherSuites, terminated by
94 * SSL_NO_SUCH_CIPHERSUITE, select those SSLCipherSuites which the library
95 * supports and do a SSLSetEnabledCiphers() specifying those.
96 */
97 OSStatus sslSetEnabledCiphers(
98 SSLContextRef ctx,
99 const SSLCipherSuite *ciphers);
100
101 /*
102 * Specify restricted sets of cipherspecs and protocols.
103 */
104 OSStatus sslSetCipherRestrictions(
105 SSLContextRef ctx,
106 char cipherRestrict);
107
108 #ifndef SPHINX
109 OSStatus sslSetProtocols(
110 SSLContextRef ctx,
111 const char *acceptedProts,
112 SSLProtocol tryVersion); // only used if acceptedProts NULL
113 #endif
114
115 int sslVerifyRtn(
116 const char *whichSide, // "client" or "server"
117 OSStatus expectRtn,
118 OSStatus gotRtn);
119 int sslVerifyProtVers(
120 const char *whichSide, // "client" or "server"
121 SSLProtocol expectProt,
122 SSLProtocol gotProt);
123 int sslVerifyClientCertState(
124 const char *whichSide, // "client" or "server"
125 SSLClientCertificateState expectState,
126 SSLClientCertificateState gotState);
127 int sslVerifyCipher(
128 const char *whichSide, // "client" or "server"
129 SSLCipherSuite expectCipher,
130 SSLCipherSuite gotCipher);
131
132
133 /*
134 * Wrapper for sslIdentPicker, with optional trusted anchor specified as a filename.
135 */
136 OSStatus sslIdentityPicker(
137 SecKeychainRef kcRef, // NULL means use default list
138 const char *trustedAnchor, // optional additional trusted anchor
139 bool includeRoot, // true --> root is appended to outArray
140 // false --> root not included
141 const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
142 CFArrayRef *outArray); // created and RETURNED
143
144 void sslKeychainPath(
145 const char *kcName,
146 char *kcPath); // allocd by caller, MAXPATHLEN
147
148 /* Verify presence of required file. Returns nonzero if not found. */
149 int sslCheckFile(const char *path);
150
151 /* Stringify a SSL_ECDSA_NamedCurve */
152 extern const char *sslCurveString(
153 SSL_ECDSA_NamedCurve namedCurve);
154
155 #ifdef __cplusplus
156 }
157 #endif
158
159 #endif /* _SSLS_APP_UTILS_H_ */
mirror of Security