SecurityTests/clxutils/clAppUtils/tpUtils.h

   1 /*
   2  * tpUtils.h - TP and cert group test support
   3  */
   4
   5 #ifndef _TP_UTILS_H_
   6 #define _TP_UTILS_H_
   7
   8 #include <Security/cssmtype.h>
   9 #include <Security/x509defs.h>
  10 #include <Security/cssmapple.h>
  11 #include <time.h>
  12 #include <MacTypes.h>
  13 #include <CoreFoundation/CoreFoundation.h>
  14 #include <Security/Security.h>
  15
  16 #ifdef  __cplusplus
  17 extern "C" {
  18 #endif
  19
  20 #define TP_DB_ENABLE    1
  21
  22 /*
  23  * Given an array of certs and an uninitialized CSSM_CERTGROUP, place the
  24  * certs into the certgroup and optionally into one of a list of DBs in
  25  * random order. Optionaly the first cert in the array is placed in the
  26  * first element of certgroup. Only error is memory error. It's legal to
  27  * pass in an empty cert array.
  28  */
  29 CSSM_RETURN tpMakeRandCertGroup(
  30         CSSM_CL_HANDLE                  clHand,
  31         CSSM_DL_DB_LIST_PTR             dbList,
  32         const CSSM_DATA_PTR             certs,
  33         unsigned                                numCerts,
  34         CSSM_CERTGROUP_PTR              certGroup,
  35         CSSM_BOOL                               firstCertIsSubject,     // true: certs[0] goes to head
  36                                                                                                 //   of certGroup
  37         CSSM_BOOL                               verbose,
  38         CSSM_BOOL                               allInDbs,                       // all certs go to DBs
  39         CSSM_BOOL                               skipFirstDb);           // no certs go to db[0]
  40
  41 CSSM_RETURN tpStoreCert(
  42         CSSM_DL_DB_HANDLE               dlDb,
  43         const CSSM_DATA_PTR             cert,
  44         /* REQUIRED fields */
  45         CSSM_CERT_TYPE                  certType,               // e.g. CSSM_CERT_X_509v3
  46         uint32                                  serialNum,
  47         const CSSM_DATA                 *issuer,                // (shouldn't this be subject?)
  48                                                                                         // normalized & encoded
  49         /* OPTIONAL fields */
  50         CSSM_CERT_ENCODING              certEncoding,   // e.g. CSSM_CERT_ENCODING_DER
  51         const CSSM_DATA                 *printName,
  52         const CSSM_DATA                 *subject);              // normalized & encoded
  53
  54 /*
  55  * Store a cert when we don't already know the required fields. We'll
  56  * extract them.
  57  */
  58 CSSM_RETURN tpStoreRawCert(
  59         CSSM_DL_DB_HANDLE               dlDb,
  60         CSSM_CL_HANDLE                  clHand,
  61         const CSSM_DATA_PTR             cert);
  62
  63 /*
  64  * Generate numKeyPairs key pairs of specified algorithm and size.
  65  * Key labels will be 'keyLabelBase' concatenated with a 4-digit
  66  * decimal number.
  67  */
  68 CSSM_RETURN tpGenKeys(
  69         CSSM_CSP_HANDLE cspHand,
  70         CSSM_DL_DB_HANDLE dbHand,                       /* keys go here */
  71         unsigned                numKeyPairs,
  72         uint32                  keyGenAlg,              /* CSSM_ALGID_RSA, etc. */
  73         uint32                  keySizeInBits,
  74         const char              *keyLabelBase,  /* C string */
  75         CSSM_KEY_PTR    pubKeys,                /* array of keys RETURNED here */
  76         CSSM_KEY_PTR    privKeys,               /* array of keys RETURNED here */
  77         CSSM_DATA_PTR   paramData = NULL);      // optional DSA params
  78
  79 /*
  80  * Generate a cert chain using specified key pairs. The last cert in the
  81  * chain (certs[numCerts-1]) is a root cert, self-signed.
  82  */
  83 CSSM_RETURN tpGenCerts(
  84         CSSM_CSP_HANDLE cspHand,
  85         CSSM_CL_HANDLE  clHand,
  86         unsigned                numCerts,
  87         uint32                  sigAlg,                 /* CSSM_ALGID_SHA1WithRSA, etc. */
  88         const char              *nameBase,              /* C string */
  89         CSSM_KEY_PTR    pubKeys,                /* array of public keys */
  90         CSSM_KEY_PTR    privKeys,               /* array of private keys */
  91         CSSM_DATA_PTR   certs,                  /* array of certs RETURNED here */
  92         const char              *notBeforeStr,  /* from genTimeAtNowPlus() */
  93         const char              *notAfterStr);  /* from genTimeAtNowPlus() */
  94
  95 /*
  96  * Generate a cert chain using specified key pairs. The last cert in the
  97  * chain (certs[numCerts-1]) is a root cert, self-signed. Store
  98  * the certs indicated by corresponding element on storeArray. If
  99  * storeArray[n].DLHandle == 0, the cert is not stored.
 100  */
 101 CSSM_RETURN tpGenCertsStore(
 102         CSSM_CSP_HANDLE         cspHand,
 103         CSSM_CL_HANDLE          clHand,
 104         unsigned                        numCerts,
 105         uint32                          sigAlg,                 /* CSSM_ALGID_SHA1WithRSA, etc. */
 106         const char                      *nameBase,              /* C string */
 107         CSSM_KEY_PTR            pubKeys,                /* array of public keys */
 108         CSSM_KEY_PTR            privKeys,               /* array of private keys */
 109         CSSM_DL_DB_HANDLE       *storeArray,    /* array of certs stored here  */
 110         CSSM_DATA_PTR           certs,                  /* array of certs RETURNED here */
 111         const char                      *notBeforeStr,  /* from genTimeAtNowPlus() */
 112         const char                      *notAfterStr);  /* from genTimeAtNowPlus() */
 113
 114 /* free a CSSM_CERT_GROUP */
 115 void tpFreeCertGroup(
 116         CSSM_CERTGROUP_PTR      certGroup,
 117         CSSM_BOOL                       freeCertData,           // free individual CertList.Data
 118         CSSM_BOOL                       freeStruct);                    // free the overall CSSM_CERTGROUP
 119
 120 CSSM_BOOL tpCompareCertGroups(
 121         const CSSM_CERTGROUP    *grp1,
 122         const CSSM_CERTGROUP    *grp2);
 123
 124 CSSM_RETURN clDeleteAllCerts(CSSM_DL_DB_HANDLE dlDb);
 125
 126 /*
 127  * Wrapper for CSSM_TP_CertGroupVerify.
 128  */
 129 CSSM_RETURN tpCertGroupVerify(
 130         CSSM_TP_HANDLE                                          tpHand,
 131         CSSM_CL_HANDLE                                          clHand,
 132         CSSM_CSP_HANDLE                                         cspHand,
 133         CSSM_DL_DB_LIST_PTR                                     dbListPtr,
 134         const CSSM_OID                                          *policy,                // optional
 135         const CSSM_DATA                                         *fieldOpts,             // optional
 136         const CSSM_DATA                                         *actionData,    // optional
 137         void                                                            *policyOpts,
 138         const CSSM_CERTGROUP                            *certGroup,
 139         CSSM_DATA_PTR                                           anchorCerts,
 140         unsigned                                                        numAnchorCerts,
 141         CSSM_TP_STOP_ON                                         stopOn,         // CSSM_TP_STOP_ON_POLICY, etc.
 142         CSSM_TIMESTRING                                         cssmTimeStr,// optional
 143         CSSM_TP_VERIFY_CONTEXT_RESULT_PTR       result);        // RETURNED
 144
 145 CSSM_RETURN tpKcOpen(
 146         CSSM_DL_HANDLE          dlHand,
 147         const char                      *kcName,
 148         const char                      *pwd,                           // optional to avoid UI
 149         CSSM_BOOL                       doCreate,
 150         CSSM_DB_HANDLE          *dbHand);                       // RETURNED
 151
 152 CSSM_RETURN freeVfyResult(
 153         CSSM_TP_VERIFY_CONTEXT_RESULT *ctx);
 154
 155 void printCertInfo(
 156         unsigned numCerts,                                                      // from CertGroup
 157         const CSSM_TP_APPLE_EVIDENCE_INFO *info);
 158
 159 void dumpVfyResult(
 160         const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult);
 161
 162 /*
 163  * Obtain system anchors in CF and in CSSM_DATA form.
 164  * Caller must CFRelease the returned rootArray and
 165  * free() the returned CSSM_DATA array, but not its
 166  * contents - SecCertificates themselves own that.
 167  */
 168 OSStatus getSystemAnchors(
 169         CFArrayRef *rootArray,  /* RETURNED */
 170         CSSM_DATA **anchors,    /* RETURNED */
 171         unsigned *numAnchors);  /* RETURNED */
 172
 173 /* get a SecCertificateRef from a file */
 174 SecCertificateRef certFromFile(
 175         const char *fileName);
 176
 177 #ifdef  __cplusplus
 178 }
 179 #endif
 180 #endif  /* _TP_UTILS_H_ */
 181