]> git.saurik.com Git - apple/security.git/blob - sslViewer/sslAppUtils.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / sslViewer / sslAppUtils.h
1 /*
2 * Copyright (c) 2006-2008,2010 Apple Inc. All Rights Reserved.
3 */
4
5 #ifndef _SSLS_APP_UTILS_H_
6 #define _SSLS_APP_UTILS_H_ 1
7
8 #include <Security/SecureTransport.h>
9 #include <Security/SecureTransportPriv.h>
10 #include <CoreFoundation/CFArray.h>
11 #include <stdbool.h>
12 #include <Security/SecCertificate.h>
13
14 #ifdef __cplusplus
15 extern "C" {
16 #endif
17
18 typedef struct OpaqueSecKeychainRef *SecKeychainRef;
19
20 /* disable some Panther-only features */
21 #define JAGUAR_BUILD 0
22
23 const char *sslGetCipherSuiteString(SSLCipherSuite cs);
24 const char *sslGetProtocolVersionString(SSLProtocol prot);
25 const char *sslGetSSLErrString(OSStatus err);
26 void printSslErrStr(const char *op, OSStatus err);
27 const char *sslGetClientCertStateString(SSLClientCertificateState state);
28 const char *sslGetClientAuthTypeString(SSLClientAuthenticationType authType);
29
30 CFArrayRef getSslCerts(
31 const char *kcName, // may be NULL, i.e., use default
32 bool encryptOnly,
33 bool completeCertChain,
34 const char *anchorFile, // optional trusted anchor
35 SecKeychainRef *pKcRef); // RETURNED
36 OSStatus sslCompleteCertChain(
37 SecIdentityRef identity,
38 SecCertificateRef trustedAnchor, // optional additional trusted anchor
39 bool includeRoot, // include the root in outArray
40 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
41 CFArrayRef *outArray); // created and RETURNED
42 CFArrayRef sslKcRefToCertArray(
43 SecKeychainRef kcRef,
44 bool encryptOnly,
45 bool completeCertChain,
46 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL policy to complete
47 const char *trustedAnchorFile);
48
49 OSStatus addTrustedSecCert(
50 SSLContextRef ctx,
51 SecCertificateRef secCert,
52 bool replaceAnchors);
53 OSStatus sslReadAnchor(
54 const char *anchorFile,
55 SecCertificateRef *certRef);
56 OSStatus sslAddTrustedRoot(
57 SSLContextRef ctx,
58 const char *anchorFile,
59 bool replaceAnchors);
60
61 /*
62 * Assume incoming identity contains a root (e.g., created by
63 * certtool) and add that cert to ST's trusted anchors. This
64 * enables ST's verify of the incoming chain to succeed without
65 * a kludgy "AllowAnyRoot" specification.
66 */
67 OSStatus addIdentityAsTrustedRoot(
68 SSLContextRef ctx,
69 CFArrayRef identArray);
70
71 OSStatus sslAddTrustedRoots(
72 SSLContextRef ctx,
73 SecKeychainRef keychain,
74 bool *foundOne);
75
76 void sslOutputDot();
77
78 /*
79 * Lists of SSLCipherSuites used in sslSetCipherRestrictions.
80 */
81 extern const SSLCipherSuite suites40[];
82 extern const SSLCipherSuite suitesDES[];
83 extern const SSLCipherSuite suitesDES40[];
84 extern const SSLCipherSuite suites3DES[];
85 extern const SSLCipherSuite suitesRC4[];
86 extern const SSLCipherSuite suitesRC4_40[];
87 extern const SSLCipherSuite suitesRC2[];
88 extern const SSLCipherSuite suitesAES128[];
89 extern const SSLCipherSuite suitesAES256[];
90 extern const SSLCipherSuite suitesDH[];
91 extern const SSLCipherSuite suitesDHAnon[];
92 extern const SSLCipherSuite suitesDH_RSA[];
93 extern const SSLCipherSuite suitesDH_DSS[];
94 extern const SSLCipherSuite suites_SHA1[];
95 extern const SSLCipherSuite suites_MD5[];
96 extern const SSLCipherSuite suites_ECDHE[];
97 extern const SSLCipherSuite suites_ECDH[];
98
99 /*
100 * Given an SSLContextRef and an array of SSLCipherSuites, terminated by
101 * SSL_NO_SUCH_CIPHERSUITE, select those SSLCipherSuites which the library
102 * supports and do a SSLSetEnabledCiphers() specifying those.
103 */
104 OSStatus sslSetEnabledCiphers(
105 SSLContextRef ctx,
106 const SSLCipherSuite *ciphers);
107
108 /*
109 * Specify restricted sets of cipherspecs and protocols.
110 */
111 OSStatus sslSetCipherRestrictions(
112 SSLContextRef ctx,
113 char cipherRestrict);
114
115 #ifndef SPHINX
116 OSStatus sslSetProtocols(
117 SSLContextRef ctx,
118 const char *acceptedProts,
119 SSLProtocol tryVersion); // only used if acceptedProts NULL
120 #endif
121
122 int sslVerifyRtn(
123 const char *whichSide, // "client" or "server"
124 OSStatus expectRtn,
125 OSStatus gotRtn);
126 int sslVerifyProtVers(
127 const char *whichSide, // "client" or "server"
128 SSLProtocol expectProt,
129 SSLProtocol gotProt);
130 int sslVerifyClientCertState(
131 const char *whichSide, // "client" or "server"
132 SSLClientCertificateState expectState,
133 SSLClientCertificateState gotState);
134 int sslVerifyCipher(
135 const char *whichSide, // "client" or "server"
136 SSLCipherSuite expectCipher,
137 SSLCipherSuite gotCipher);
138
139
140 /*
141 * Wrapper for sslIdentPicker, with optional trusted anchor specified as a filename.
142 */
143 OSStatus sslIdentityPicker(
144 SecKeychainRef kcRef, // NULL means use default list
145 const char *trustedAnchor, // optional additional trusted anchor
146 bool includeRoot, // true --> root is appended to outArray
147 // false --> root not included
148 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
149 CFArrayRef *outArray); // created and RETURNED
150
151 void sslKeychainPath(
152 const char *kcName,
153 char *kcPath); // allocd by caller, MAXPATHLEN
154
155 /* Verify presence of required file. Returns nonzero if not found. */
156 int sslCheckFile(const char *path);
157
158 /* Stringify a SSL_ECDSA_NamedCurve */
159 extern const char *sslCurveString(
160 SSL_ECDSA_NamedCurve namedCurve);
161
162 #ifdef __cplusplus
163 }
164 #endif
165
166 #endif /* _SSLS_APP_UTILS_H_ */
mirror of Security