SecureTransport/privateInc/appleCdsa.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           appleCdsa.h
  21
  22         Contains:       interface between SSL and CDSA
  23
  24         Written by:     Doug Mitchell
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _APPLE_CDSA_H_
  31 #define _APPLE_CDSA_H_  1
  32
  33 #include "ssl.h"
  34 #include "sslPriv.h"
  35 #include "sslContext.h"
  36 #include <Security/cssmtype.h>
  37
  38 #ifdef __cplusplus
  39 extern "C" {
  40 #endif
  41
  42 #ifndef         NDEBUG
  43 extern void stPrintCdsaError(const char *op, CSSM_RETURN crtn);
  44 extern char *stCssmErrToStr(CSSM_RETURN err);
  45 #else
  46 #define stPrintCdsaError(o, cr)
  47 #endif
  48
  49 extern OSStatus sslSetUpSymmKey(
  50         CSSM_KEY_PTR    symKey,
  51         CSSM_ALGORITHMS alg,
  52         CSSM_KEYUSE             keyUse,                 // CSSM_KEYUSE_ENCRYPT, etc.
  53         CSSM_BOOL               copyKey,                // true: copy keyData   false: set by reference
  54         uint8                   *keyData,
  55         uint32                  keyDataLen);    // in bytes
  56
  57 extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand,
  58         CSSM_KEY_PTR    *key,
  59         #if             ST_KC_KEYS_NEED_REF
  60         SecKeychainRef  *kcItem);
  61         #else   /* !ST_KC_KEYS_NEED_REF */
  62         void                    *kcItem);
  63         #endif  /* ST_KC_KEYS_NEED_REF*/
  64
  65 extern OSStatus attachToCsp(SSLContext *ctx);
  66 extern OSStatus attachToCl(SSLContext *ctx);
  67 extern OSStatus attachToTp(SSLContext *ctx);
  68 extern OSStatus attachToAll(SSLContext *ctx);
  69 extern OSStatus detachFromAll(SSLContext *ctx);
  70
  71 extern CSSM_DATA_PTR stMallocCssmData(uint32 size);
  72 extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct);
  73 extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, uint32 length);
  74
  75
  76 /*
  77  * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
  78  */
  79 extern OSStatus sslPubKeyFromCert(
  80         SSLContext                              *ctx,
  81         const SSLBuffer                 &derCert,
  82         CSSM_KEY_PTR                    *pubKey,                // RETURNED
  83         CSSM_CSP_HANDLE                 *cspHand);              // RETURNED
  84
  85 /*
  86  * Verify a cert chain.
  87  */
  88 extern OSStatus sslVerifyCertChain(
  89         SSLContext                              *ctx,
  90         const SSLCertificate    &certChain,
  91         bool                                    arePeerCerts = true);
  92
  93 /*
  94  * Raw RSA/DSA sign/verify.
  95  */
  96 OSStatus sslRawSign(
  97         SSLContext                      *ctx,
  98         const CSSM_KEY          *privKey,
  99         CSSM_CSP_HANDLE         cspHand,
 100         const UInt8                     *plainText,
 101         UInt32                          plainTextLen,
 102         UInt8                           *sig,                   // mallocd by caller; RETURNED
 103         UInt32                          sigLen,                 // available
 104         UInt32                          *actualBytes);  // RETURNED
 105
 106 OSStatus sslRawVerify(
 107         SSLContext                      *ctx,
 108         const CSSM_KEY          *pubKey,
 109         CSSM_CSP_HANDLE         cspHand,
 110         const UInt8                     *plainText,
 111         UInt32                          plainTextLen,
 112         const UInt8                     *sig,
 113         UInt32                          sigLen);                // available
 114
 115 /*
 116  * Encrypt/Decrypt
 117  */
 118 OSStatus sslRsaEncrypt(
 119         SSLContext                      *ctx,
 120         const CSSM_KEY          *pubKey,
 121         CSSM_CSP_HANDLE         cspHand,
 122         const UInt8                     *plainText,
 123         UInt32                          plainTextLen,
 124         UInt8                           *cipherText,            // mallocd by caller; RETURNED
 125         UInt32                          cipherTextLen,          // available
 126         UInt32                          *actualBytes);          // RETURNED
 127 OSStatus sslRsaDecrypt(
 128         SSLContext                      *ctx,
 129         const CSSM_KEY          *privKey,
 130         CSSM_CSP_HANDLE         cspHand,
 131         const UInt8                     *cipherText,
 132         UInt32                          cipherTextLen,
 133         UInt8                           *plainText,                     // mallocd by caller; RETURNED
 134         UInt32                          plainTextLen,           // available
 135         UInt32                          *actualBytes);          // RETURNED
 136
 137 /*
 138  * Obtain size of key in bytes.
 139  */
 140 extern UInt32 sslKeyLengthInBytes(
 141         const CSSM_KEY  *key);
 142
 143 /* Obtain max signature size in bytes. */
 144 extern OSStatus sslGetMaxSigSize(
 145         const CSSM_KEY  *privKey,
 146         UInt32                  &maxSigSize);
 147
 148 /*
 149  * Get raw key bits from an RSA public key.
 150  */
 151 OSStatus sslGetPubKeyBits(
 152         SSLContext                      *ctx,
 153         const CSSM_KEY          *pubKey,
 154         CSSM_CSP_HANDLE         cspHand,
 155         SSLBuffer                       *modulus,               // data mallocd and RETURNED
 156         SSLBuffer                       *exponent);             // data mallocd and RETURNED
 157
 158 /*
 159  * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
 160  * Server-initiated key exchange.
 161  */
 162 OSStatus sslGetPubKeyFromBits(
 163         SSLContext                      *ctx,
 164         const SSLBuffer         *modulus,
 165         const SSLBuffer         *exponent,
 166         CSSM_KEY_PTR            *pubKey,                // mallocd and RETURNED
 167         CSSM_CSP_HANDLE         *cspHand);              // RETURNED
 168
 169 /*
 170  * Given a DER-encoded cert, obtain its DER-encoded subject name.
 171  */
 172 CSSM_DATA_PTR sslGetCertSubjectName(
 173         SSLContext                      *ctx,
 174     const CSSM_DATA_PTR cert);
 175
 176 #if             SSL_DEBUG
 177 void verifyTrustedRoots(SSLContext *ctx,
 178         CSSM_DATA_PTR   certs,
 179         unsigned                numCerts);
 180 #endif
 181
 182 void * stAppMalloc (uint32 size, void *allocRef);
 183 void stAppFree (void *mem_ptr, void *allocRef);
 184 void * stAppRealloc (void *ptr, uint32 size, void *allocRef);
 185 void * stAppCalloc (uint32 num, uint32 size, void *allocRef);
 186
 187 OSStatus sslDhGenKeyPairClient(
 188         SSLContext              *ctx,
 189         const SSLBuffer &prime,
 190         const SSLBuffer &generator,
 191         CSSM_KEY_PTR    publicKey,                      // RETURNED
 192         CSSM_KEY_PTR    privateKey);            // RETURNED
 193 OSStatus sslDhGenerateKeyPair(
 194         SSLContext              *ctx,
 195         const SSLBuffer &paramBlob,
 196         UInt32                  keySizeInBits,
 197         CSSM_KEY_PTR    publicKey,                      // RETURNED
 198         CSSM_KEY_PTR    privateKey);            // RETURNED
 199 OSStatus sslDhKeyExchange(
 200         SSLContext              *ctx,
 201         uint32                  deriveSizeInBits,
 202         SSLBuffer               *exchanged);
 203 OSStatus sslVerifyNegotiatedCipher(
 204         SSLContext              *ctx);
 205
 206 /*
 207  * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
 208  * No mallocs, just copy the pointer and length.
 209  */
 210 #define SSLBUF_TO_CSSM(sb, cd)  {               \
 211         (cd)->Length = (sb)->length;            \
 212         (cd)->Data   = (sb)->data;                      \
 213 }
 214
 215 #define CSSM_TO_SSLBUF(cd, sb)  {               \
 216         (sb)->length = (cd)->Length;            \
 217         (sb)->data   = (cd)->Data;                      \
 218 }
 219
 220 #ifdef __cplusplus
 221 }
 222 #endif
 223
 224
 225 #endif  /* _APPLE_CDSA_H_ */