--- /dev/null
+/*
+ * Copyright (c) 1999-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * appleCdsa.h - interface between SSL and CDSA
+ */
+
+#ifndef _APPLE_CDSA_H_
+#define _APPLE_CDSA_H_ 1
+
+#include "ssl.h"
+#include "sslPriv.h"
+#include "sslContext.h"
+#include <Security/cssmtype.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern OSStatus sslSetUpSymmKey(
+ CSSM_KEY_PTR symKey,
+ CSSM_ALGORITHMS alg,
+ CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc.
+ CSSM_BOOL copyKey, // true: copy keyData false: set by reference
+ uint8 *keyData,
+ size_t keyDataLen); // in bytes
+
+extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand,
+ CSSM_KEY_PTR *key,
+ #if ST_KC_KEYS_NEED_REF
+ SecKeychainRef *kcItem);
+ #else /* !ST_KC_KEYS_NEED_REF */
+ void *kcItem);
+ #endif /* ST_KC_KEYS_NEED_REF*/
+
+extern OSStatus attachToCsp(SSLContext *ctx);
+extern OSStatus attachToCl(SSLContext *ctx);
+extern OSStatus attachToTp(SSLContext *ctx);
+extern OSStatus attachToAll(SSLContext *ctx);
+extern OSStatus detachFromAll(SSLContext *ctx);
+
+extern CSSM_DATA_PTR stMallocCssmData(size_t size);
+extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct);
+extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, size_t length);
+
+
+/*
+ * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
+ */
+extern OSStatus sslPubKeyFromCert(
+ SSLContext *ctx,
+ const SSLBuffer *derCert,
+ CSSM_KEY_PTR *pubKey, // RETURNED
+ CSSM_CSP_HANDLE *cspHand); // RETURNED
+
+/*
+ * Verify a cert chain.
+ */
+extern OSStatus sslVerifyCertChain(
+ SSLContext *ctx,
+ const SSLCertificate *certChain,
+ bool arePeerCerts);
+
+/*
+ * Raw RSA/DSA sign/verify.
+ */
+OSStatus sslRawSign(
+ SSLContext *ctx,
+ SecKeyRef privKeyRef,
+ const UInt8 *plainText,
+ size_t plainTextLen,
+ UInt8 *sig, // mallocd by caller; RETURNED
+ size_t sigLen, // available
+ size_t *actualBytes); // RETURNED
+
+OSStatus sslRawVerify(
+ SSLContext *ctx,
+ const CSSM_KEY *pubKey,
+ CSSM_CSP_HANDLE cspHand,
+ const UInt8 *plainText,
+ size_t plainTextLen,
+ const UInt8 *sig,
+ size_t sigLen); // available
+
+/*
+ * Encrypt/Decrypt
+ */
+OSStatus sslRsaEncrypt(
+ SSLContext *ctx,
+ const CSSM_KEY *pubKey,
+ CSSM_CSP_HANDLE cspHand,
+ CSSM_PADDING padding, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
+ const UInt8 *plainText,
+ size_t plainTextLen,
+ UInt8 *cipherText, // mallocd by caller; RETURNED
+ size_t cipherTextLen, // available
+ size_t *actualBytes); // RETURNED
+OSStatus sslRsaDecrypt(
+ SSLContext *ctx,
+ SecKeyRef privKeyRef,
+ CSSM_PADDING padding, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
+ const UInt8 *cipherText,
+ size_t cipherTextLen,
+ UInt8 *plainText, // mallocd by caller; RETURNED
+ size_t plainTextLen, // available
+ size_t *actualBytes); // RETURNED
+
+/*
+ * Obtain size of key in bytes.
+ */
+extern uint32 sslKeyLengthInBytes(
+ const CSSM_KEY *key);
+
+/* Obtain max signature size in bytes. */
+extern OSStatus sslGetMaxSigSize(
+ const CSSM_KEY *privKey,
+ uint32 *maxSigSize);
+
+/*
+ * Get raw key bits from an RSA public key.
+ */
+OSStatus sslGetPubKeyBits(
+ SSLContext *ctx,
+ const CSSM_KEY *pubKey,
+ CSSM_CSP_HANDLE cspHand,
+ SSLBuffer *modulus, // data mallocd and RETURNED
+ SSLBuffer *exponent); // data mallocd and RETURNED
+
+/*
+ * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
+ * Server-initiated key exchange.
+ */
+OSStatus sslGetPubKeyFromBits(
+ SSLContext *ctx,
+ const SSLBuffer *modulus,
+ const SSLBuffer *exponent,
+ CSSM_KEY_PTR *pubKey, // mallocd and RETURNED
+ CSSM_CSP_HANDLE *cspHand); // RETURNED
+
+/*
+ * Given a DER-encoded cert, obtain its DER-encoded subject name.
+ */
+CSSM_DATA_PTR sslGetCertSubjectName(
+ SSLContext *ctx,
+ const CSSM_DATA_PTR cert);
+
+#if SSL_DEBUG
+void verifyTrustedRoots(SSLContext *ctx,
+ CSSM_DATA_PTR certs,
+ unsigned numCerts);
+#endif
+
+void * stAppMalloc (size_t size, void *allocRef);
+void stAppFree (void *mem_ptr, void *allocRef);
+void * stAppRealloc (void *ptr, size_t size, void *allocRef);
+void * stAppCalloc (uint32 num, size_t size, void *allocRef);
+
+OSStatus sslDhGenKeyPairClient(
+ SSLContext *ctx,
+ const SSLBuffer *prime,
+ const SSLBuffer *generator,
+ CSSM_KEY_PTR publicKey, // RETURNED
+ CSSM_KEY_PTR privateKey); // RETURNED
+OSStatus sslDhGenerateKeyPair(
+ SSLContext *ctx,
+ const SSLBuffer *paramBlob,
+ uint32 keySizeInBits,
+ CSSM_KEY_PTR publicKey, // RETURNED
+ CSSM_KEY_PTR privateKey); // RETURNED
+OSStatus sslDhKeyExchange(
+ SSLContext *ctx,
+ uint32 deriveSizeInBits,
+ SSLBuffer *exchanged);
+OSStatus sslEcdhGenerateKeyPair(
+ SSLContext *ctx,
+ SSL_ECDSA_NamedCurve namedCurve);
+OSStatus sslEcdhKeyExchange(
+ SSLContext *ctx,
+ SSLBuffer *exchanged);
+OSStatus sslVerifySelectedCipher(
+ SSLContext *ctx,
+ const SSLCipherSpec *selectedCipherSpec);
+
+/*
+ * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
+ * No mallocs, just copy the pointer and length.
+ */
+#define SSLBUF_TO_CSSM(sb, cd) { \
+ (cd)->Length = (sb)->length; \
+ (cd)->Data = (sb)->data; \
+}
+
+#define CSSM_TO_SSLBUF(cd, sb) { \
+ (sb)->length = (cd)->Length; \
+ (sb)->data = (cd)->Data; \
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _APPLE_CDSA_H_ */
projects / apple / security.git / blobdiff