--- /dev/null
+/*
+ * Copyright (c) 2006-2008,2010-2012 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * sslCrypto.h - interface between SSL and crypto libraries
+ */
+
+#ifndef _SSL_CRYPTO_H_
+#define _SSL_CRYPTO_H_ 1
+
+#include "ssl.h"
+#include "sslContext.h"
+#include <Security/SecKeyPriv.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef NDEBUG
+extern void stPrintCdsaError(const char *op, OSStatus crtn);
+#else
+#define stPrintCdsaError(o, cr)
+#endif
+
+/*
+ * Free a pubKey object.
+ */
+extern OSStatus sslFreePubKey(SSLPubKey **pubKey);
+
+/*
+ * Free a privKey object.
+ */
+extern OSStatus sslFreePrivKey(SSLPrivKey **privKey);
+
+extern CFIndex sslPubKeyGetAlgorithmID(SSLPubKey *pubKey);
+extern CFIndex sslPrivKeyGetAlgorithmID(SSLPrivKey *privKey);
+
+/*
+ * Create a new SecTrust object and return it.
+ */
+OSStatus
+sslCreateSecTrust(
+ SSLContext *ctx,
+ CFArrayRef certChain,
+ bool arePeerCerts,
+ SecTrustRef *trust); /* RETURNED */
+
+
+/*
+ * Verify a cert chain.
+ */
+extern OSStatus sslVerifyCertChain(
+ SSLContext *ctx,
+#ifdef USE_SSLCERTIFICATE
+ const SSLCertificate *certChain,
+#else /* !USE_SSLCERTIFICATE */
+ CFArrayRef certChain,
+#endif /* !USE_SSLCERTIFICATE */
+ bool arePeerCerts);
+
+/*
+ * Get the peer's public key from the certificate chain.
+ */
+extern OSStatus sslCopyPeerPubKey(
+ SSLContext *ctx,
+ SSLPubKey **pubKey);
+
+
+/*
+ * Raw RSA/DSA sign/verify.
+ */
+OSStatus sslRawSign(
+ SSLContext *ctx,
+ SSLPrivKey *privKey,
+ const uint8_t *plainText,
+ size_t plainTextLen,
+ uint8_t *sig, // mallocd by caller; RETURNED
+ size_t sigLen, // available
+ size_t *actualBytes); // RETURNED
+
+OSStatus sslRawVerify(
+ SSLContext *ctx,
+ SSLPubKey *pubKey,
+ const uint8_t *plainText,
+ size_t plainTextLen,
+ const uint8_t *sig,
+ size_t sigLen); // available
+
+/* TLS 1.2 style RSA sign */
+OSStatus sslRsaSign(
+ SSLContext *ctx,
+ SSLPrivKey *privKey,
+ const SecAsn1AlgId *algId,
+ const uint8_t *plainText,
+ size_t plainTextLen,
+ uint8_t *sig, // mallocd by caller; RETURNED
+ size_t sigLen, // available
+ size_t *actualBytes); // RETURNED
+
+/* TLS 1.2 style RSA verify */
+OSStatus sslRsaVerify(
+ SSLContext *ctx,
+ SSLPubKey *pubKey,
+ const SecAsn1AlgId *algId,
+ const uint8_t *plainText,
+ size_t plainTextLen,
+ const uint8_t *sig,
+ size_t sigLen); // available
+
+/*
+ * Encrypt/Decrypt
+ */
+OSStatus sslRsaEncrypt(
+ SSLContext *ctx,
+ SSLPubKey *pubKey,
+#ifdef USE_CDSA_CRYPTO
+ CSSM_CSP_HANDLE cspHand,
+#endif
+ const uint32_t padding,
+ const uint8_t *plainText,
+ size_t plainTextLen,
+ uint8_t *cipherText, // mallocd by caller; RETURNED
+ size_t cipherTextLen, // available
+ size_t *actualBytes); // RETURNED
+OSStatus sslRsaDecrypt(
+ SSLContext *ctx,
+ SSLPrivKey *privKey,
+ const uint32_t padding,
+ const uint8_t *cipherText,
+ size_t cipherTextLen,
+ uint8_t *plainText, // mallocd by caller; RETURNED
+ size_t plainTextLen, // available
+ size_t *actualBytes); // RETURNED
+
+/*
+ * Obtain size of key in bytes.
+ */
+extern size_t sslPrivKeyLengthInBytes(
+ SSLPrivKey *sslKey);
+
+extern size_t sslPubKeyLengthInBytes(
+ SSLPubKey *sslKey);
+
+/* Obtain max signature size in bytes. */
+extern OSStatus sslGetMaxSigSize(
+ SSLPrivKey *privKey,
+ size_t *maxSigSize);
+
+#if 0
+/*
+ * Get raw key bits from an RSA public key.
+ */
+OSStatus sslGetPubKeyBits(
+ SSLContext *ctx,
+ SSLPubKey *pubKey,
+ SSLBuffer *modulus, // data mallocd and RETURNED
+ SSLBuffer *exponent); // data mallocd and RETURNED
+#endif
+
+/*
+ * Given raw RSA key bits, cook up a SSLPubKey. Used in
+ * Server-initiated key exchange.
+ */
+OSStatus sslGetPubKeyFromBits(
+ SSLContext *ctx,
+ const SSLBuffer *modulus,
+ const SSLBuffer *exponent,
+ SSLPubKey **pubKey); // mallocd and RETURNED
+
+OSStatus sslVerifySelectedCipher(
+ SSLContext *ctx,
+ const SSLCipherSpec *selectedCipherSpec);
+
+#if APPLE_DH
+int sslDhGenerateParams(SSLContext *ctx, uint32_t g, size_t prime_size,
+ SSLBuffer *params, SSLBuffer *generator, SSLBuffer *prime);
+
+OSStatus sslDhCreateKey(SSLContext *ctx);
+OSStatus sslDhGenerateKeyPair(SSLContext *ctx);
+OSStatus sslDhKeyExchange(SSLContext *ctx);
+
+OSStatus sslDecodeDhParams(
+ const SSLBuffer *blob, /* Input - PKCS-3 encoded */
+ SSLBuffer *prime, /* Output - wire format */
+ SSLBuffer *generator); /* Output - wire format */
+
+OSStatus sslEncodeDhParams(
+ SSLBuffer *blob, /* data mallocd and RETURNED - PKCS-3 encoded */
+ const SSLBuffer *prime, /* Input - wire format */
+ const SSLBuffer *generator); /* Input - wire format */
+
+#endif /* APPLE_DH */
+
+/*
+ * Given an ECDSA public key in CSSM format, extract the SSL_ECDSA_NamedCurve
+ * from its algorithm parameters.
+ */
+OSStatus sslEcdsaPeerCurve(
+ SSLPubKey *pubKey,
+ SSL_ECDSA_NamedCurve *namedCurve);
+OSStatus sslEcdhGenerateKeyPair(
+ SSLContext *ctx,
+ SSL_ECDSA_NamedCurve namedCurve);
+OSStatus sslEcdhKeyExchange(
+ SSLContext *ctx,
+ SSLBuffer *exchanged);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* _SSL_CRYPTO_H_ */
projects / apple / security.git / blobdiff