X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5dd5f9ec28f304ca377c42fd7f711d6cf12b90e1..5c19dc3ae3bd8e40a9c028b0deddd50ff337692c:/OSX/libsecurity_ssl/sslViewer/sslAppUtils.h

diff --git a/OSX/libsecurity_ssl/sslViewer/sslAppUtils.h b/OSX/libsecurity_ssl/sslViewer/sslAppUtils.h
new file mode 100644
index 00000000..5448105e
--- /dev/null
+++ b/OSX/libsecurity_ssl/sslViewer/sslAppUtils.h
@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 2006-2008,2010-2012,2014 Apple Inc. All Rights Reserved.
+ */
+
+#ifndef _SSLS_APP_UTILS_H_
+#define _SSLS_APP_UTILS_H_ 1
+
+#include <Security/SecureTransport.h>
+#include <Security/SecureTransportPriv.h>
+#include <CoreFoundation/CFArray.h>
+#include <stdbool.h>
+#include <Security/SecCertificate.h>
+
+#include <TargetConditionals.h>
+
+#if TARGET_OS_IPHONE
+typedef void *SecKeychainRef;
+#endif
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+const char *sslGetCipherSuiteString(SSLCipherSuite cs);
+const char *sslGetProtocolVersionString(SSLProtocol prot);
+const char *sslGetSSLErrString(OSStatus err);
+void printSslErrStr(const char *op, OSStatus err);
+const char *sslGetClientCertStateString(SSLClientCertificateState state);
+const char *sslGetClientAuthTypeString(SSLClientAuthenticationType authType);
+
+CFArrayRef getSslCerts(
+	const char			*kcName,				// may be NULL, i.e., use default
+	bool                encryptOnly,
+	bool                completeCertChain,
+	const char			*anchorFile,			// optional trusted anchor
+	SecKeychainRef		*pKcRef);				// RETURNED
+OSStatus sslCompleteCertChain(
+	SecIdentityRef 		identity,
+	SecCertificateRef	trustedAnchor,	// optional additional trusted anchor
+	bool 				includeRoot, 	// include the root in outArray
+//	const CSSM_OID		*vfyPolicy,		// optional - if NULL, use SSL
+	CFArrayRef			*outArray);		// created and RETURNED
+CFArrayRef sslKcRefToCertArray(
+	SecKeychainRef		kcRef,
+	bool                encryptOnly,
+	bool                completeCertChain,
+//	const CSSM_OID		*vfyPolicy,		// optional - if NULL, use SSL policy to complete
+	const char			*trustedAnchorFile);
+
+OSStatus addTrustedSecCert(
+	SSLContextRef 		ctx,
+	SecCertificateRef 	secCert,
+	bool                replaceAnchors);
+OSStatus sslReadAnchor(
+	const char 			*anchorFile,
+	SecCertificateRef 	*certRef);
+OSStatus sslAddTrustedRoot(
+	SSLContextRef 		ctx,
+	const char 			*anchorFile,
+	bool                replaceAnchors);
+
+/*
+ * Assume incoming identity contains a root (e.g., created by
+ * certtool) and add that cert to ST's trusted anchors. This
+ * enables ST's verify of the incoming chain to succeed without
+ * a kludgy "AllowAnyRoot" specification.
+ */
+OSStatus addIdentityAsTrustedRoot(
+	SSLContextRef 	ctx,
+	CFArrayRef		identArray);
+
+OSStatus sslAddTrustedRoots(
+	SSLContextRef 	ctx,
+	SecKeychainRef	keychain,
+	bool			*foundOne);
+
+void sslOutputDot();
+
+/*
+ * Lists of SSLCipherSuites used in sslSetCipherRestrictions.
+ */
+extern const SSLCipherSuite suites40[];
+extern const SSLCipherSuite suitesDES[];
+extern const SSLCipherSuite suitesDES40[];
+extern const SSLCipherSuite suites3DES[];
+extern const SSLCipherSuite suitesRC4[];
+extern const SSLCipherSuite suitesRC4_40[];
+extern const SSLCipherSuite suitesRC2[];
+extern const SSLCipherSuite suitesAES128[];
+extern const SSLCipherSuite suitesAES256[];
+extern const SSLCipherSuite suitesDH[];
+extern const SSLCipherSuite suitesDHAnon[];
+extern const SSLCipherSuite suitesDH_RSA[];
+extern const SSLCipherSuite suitesDH_DSS[];
+extern const SSLCipherSuite suites_SHA1[];
+extern const SSLCipherSuite suites_MD5[];
+extern const SSLCipherSuite suites_ECDHE[];
+extern const SSLCipherSuite suites_ECDH[];
+
+/*
+ * Given an SSLContextRef and an array of SSLCipherSuites, terminated by
+ * SSL_NO_SUCH_CIPHERSUITE, select those SSLCipherSuites which the library
+ * supports and do a SSLSetEnabledCiphers() specifying those.
+ */
+OSStatus sslSetEnabledCiphers(
+	SSLContextRef ctx,
+	const SSLCipherSuite *ciphers);
+
+/*
+ * Specify restricted sets of cipherspecs and protocols.
+ */
+OSStatus sslSetCipherRestrictions(
+	SSLContextRef ctx,
+	char cipherRestrict);
+
+#ifndef	SPHINX
+OSStatus sslSetProtocols(
+	SSLContextRef 	ctx,
+	const char		*acceptedProts,
+	SSLProtocol		tryVersion);			// only used if acceptedProts NULL
+#endif
+
+int sslVerifyRtn(
+	const char	*whichSide,		// "client" or "server"
+	OSStatus	expectRtn,
+	OSStatus	gotRtn);
+int sslVerifyProtVers(
+	const char	*whichSide,		// "client" or "server"
+	SSLProtocol	expectProt,
+	SSLProtocol	gotProt);
+int sslVerifyClientCertState(
+	const char					*whichSide,		// "client" or "server"
+	SSLClientCertificateState	expectState,
+	SSLClientCertificateState	gotState);
+int sslVerifyCipher(
+	const char		*whichSide,		// "client" or "server"
+	SSLCipherSuite	expectCipher,
+	SSLCipherSuite	gotCipher);
+
+
+/*
+ * Wrapper for sslIdentPicker, with optional trusted anchor specified as a filename.
+ */
+OSStatus sslIdentityPicker(
+	SecKeychainRef		kcRef,			// NULL means use default list
+	const char			*trustedAnchor,	// optional additional trusted anchor
+	bool				includeRoot,	// true --> root is appended to outArray
+										// false --> root not included
+//	const CSSM_OID		*vfyPolicy,		// optional - if NULL, use SSL
+	CFArrayRef			*outArray);		// created and RETURNED
+
+void sslKeychainPath(
+	const char *kcName,
+	char *kcPath);			// allocd by caller, MAXPATHLEN
+
+/* Verify presence of required file. Returns nonzero if not found. */
+int sslCheckFile(const char *path);
+
+/* Stringify a SSL_ECDSA_NamedCurve */
+extern const char *sslCurveString(
+	SSL_ECDSA_NamedCurve namedCurve);
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif	/* _SSLS_APP_UTILS_H_ */