X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/72a12576750f52947eb043106ba5c12c0d07decf..b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195:/libsecurity_ssl/lib/sslCrypto.h

diff --git a/libsecurity_ssl/lib/sslCrypto.h b/libsecurity_ssl/lib/sslCrypto.h
new file mode 100644
index 00000000..9fa68760
--- /dev/null
+++ b/libsecurity_ssl/lib/sslCrypto.h
@@ -0,0 +1,233 @@
+/*
+ * Copyright (c) 2006-2008,2010-2012 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * sslCrypto.h - interface between SSL and crypto libraries
+ */
+
+#ifndef	_SSL_CRYPTO_H_
+#define _SSL_CRYPTO_H_	1
+
+#include "ssl.h"
+#include "sslContext.h"
+#include <Security/SecKeyPriv.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef		NDEBUG
+extern void stPrintCdsaError(const char *op, OSStatus crtn);
+#else
+#define stPrintCdsaError(o, cr)
+#endif
+
+/*
+ * Free a pubKey object.
+ */
+extern OSStatus sslFreePubKey(SSLPubKey **pubKey);
+
+/*
+ * Free a privKey object.
+ */
+extern OSStatus sslFreePrivKey(SSLPrivKey **privKey);
+
+extern CFIndex sslPubKeyGetAlgorithmID(SSLPubKey *pubKey);
+extern CFIndex sslPrivKeyGetAlgorithmID(SSLPrivKey *privKey);
+
+/*
+ * Create a new SecTrust object and return it.
+ */
+OSStatus
+sslCreateSecTrust(
+	SSLContext				*ctx,
+	CFArrayRef				certChain,
+	bool					arePeerCerts,
+    SecTrustRef             *trust); 	/* RETURNED */
+
+
+/*
+ * Verify a cert chain.
+ */
+extern OSStatus sslVerifyCertChain(
+	SSLContext				*ctx,
+#ifdef USE_SSLCERTIFICATE
+	const SSLCertificate	*certChain,
+#else /* !USE_SSLCERTIFICATE */
+	CFArrayRef				certChain,
+#endif /* !USE_SSLCERTIFICATE */
+	bool					arePeerCerts);
+
+/*
+ * Get the peer's public key from the certificate chain.
+ */
+extern OSStatus sslCopyPeerPubKey(
+	SSLContext 				*ctx,
+	SSLPubKey               **pubKey);
+
+
+/*
+ * Raw RSA/DSA sign/verify.
+ */
+OSStatus sslRawSign(
+	SSLContext			*ctx,
+	SSLPrivKey          *privKey,
+	const uint8_t       *plainText,
+	size_t              plainTextLen,
+	uint8_t				*sig,			// mallocd by caller; RETURNED
+	size_t              sigLen,         // available
+	size_t              *actualBytes);  // RETURNED
+
+OSStatus sslRawVerify(
+	SSLContext			*ctx,
+	SSLPubKey           *pubKey,
+	const uint8_t		*plainText,
+	size_t              plainTextLen,
+	const uint8_t       *sig,
+	size_t              sigLen);        // available
+
+/* TLS 1.2 style RSA sign */
+OSStatus sslRsaSign(
+    SSLContext			*ctx,
+    SSLPrivKey          *privKey,
+    const SecAsn1AlgId  *algId,
+    const uint8_t       *plainText,
+    size_t              plainTextLen,
+    uint8_t				*sig,			// mallocd by caller; RETURNED
+    size_t              sigLen,         // available
+    size_t              *actualBytes);  // RETURNED
+
+/* TLS 1.2 style RSA verify */
+OSStatus sslRsaVerify(
+    SSLContext          *ctx,
+    SSLPubKey           *pubKey,
+    const SecAsn1AlgId  *algId,
+    const uint8_t       *plainText,
+    size_t              plainTextLen,
+    const uint8_t       *sig,
+    size_t              sigLen);         // available
+
+/*
+ * Encrypt/Decrypt
+ */
+OSStatus sslRsaEncrypt(
+	SSLContext			*ctx,
+	SSLPubKey           *pubKey,
+#ifdef USE_CDSA_CRYPTO
+	CSSM_CSP_HANDLE		cspHand,
+#endif
+	const uint32_t		padding,
+	const uint8_t       *plainText,
+	size_t              plainTextLen,
+	uint8_t				*cipherText,		// mallocd by caller; RETURNED
+	size_t              cipherTextLen,      // available
+	size_t              *actualBytes);      // RETURNED
+OSStatus sslRsaDecrypt(
+	SSLContext			*ctx,
+	SSLPrivKey			*privKey,
+	const uint32_t		padding,
+	const uint8_t       *cipherText,
+	size_t              cipherTextLen,
+	uint8_t				*plainText,			// mallocd by caller; RETURNED
+	size_t              plainTextLen,		// available
+	size_t              *actualBytes);		// RETURNED
+
+/*
+ * Obtain size of key in bytes.
+ */
+extern size_t sslPrivKeyLengthInBytes(
+	SSLPrivKey *sslKey);
+
+extern size_t sslPubKeyLengthInBytes(
+	SSLPubKey *sslKey);
+
+/* Obtain max signature size in bytes. */
+extern OSStatus sslGetMaxSigSize(
+	SSLPrivKey *privKey,
+	size_t           *maxSigSize);
+
+#if 0
+/*
+ * Get raw key bits from an RSA public key.
+ */
+OSStatus sslGetPubKeyBits(
+	SSLContext			*ctx,
+	SSLPubKey           *pubKey,
+	SSLBuffer			*modulus,		// data mallocd and RETURNED
+	SSLBuffer			*exponent);		// data mallocd and RETURNED
+#endif
+
+/*
+ * Given raw RSA key bits, cook up a SSLPubKey. Used in
+ * Server-initiated key exchange.
+ */
+OSStatus sslGetPubKeyFromBits(
+	SSLContext			*ctx,
+	const SSLBuffer		*modulus,
+	const SSLBuffer		*exponent,
+	SSLPubKey           **pubKey);       // mallocd and RETURNED
+
+OSStatus sslVerifySelectedCipher(
+	SSLContext 		*ctx,
+	const SSLCipherSpec *selectedCipherSpec);
+
+#if APPLE_DH
+int sslDhGenerateParams(SSLContext *ctx, uint32_t g, size_t prime_size,
+    SSLBuffer *params, SSLBuffer *generator, SSLBuffer *prime);
+
+OSStatus sslDhCreateKey(SSLContext *ctx);
+OSStatus sslDhGenerateKeyPair(SSLContext *ctx);
+OSStatus sslDhKeyExchange(SSLContext *ctx);
+
+OSStatus sslDecodeDhParams(
+	const SSLBuffer	*blob,			/* Input - PKCS-3 encoded */
+	SSLBuffer		*prime,			/* Output - wire format */
+    SSLBuffer		*generator);    /* Output - wire format */
+
+OSStatus sslEncodeDhParams(
+    SSLBuffer           *blob,			/* data mallocd and RETURNED - PKCS-3 encoded */
+    const SSLBuffer		*prime,			/* Input - wire format */
+    const SSLBuffer		*generator);    /* Input - wire format */
+
+#endif /* APPLE_DH */
+
+/*
+ * Given an ECDSA public key in CSSM format, extract the SSL_ECDSA_NamedCurve
+ * from its algorithm parameters.
+ */
+OSStatus sslEcdsaPeerCurve(
+	SSLPubKey *pubKey,
+	SSL_ECDSA_NamedCurve *namedCurve);
+OSStatus sslEcdhGenerateKeyPair(
+	SSLContext			*ctx,
+	SSL_ECDSA_NamedCurve namedCurve);
+OSStatus sslEcdhKeyExchange(
+	SSLContext		*ctx,
+	SSLBuffer		*exchanged);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif	/* _SSL_CRYPTO_H_ */