X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_ssl/lib/appleCdsa.h diff --git a/Security/libsecurity_ssl/lib/appleCdsa.h b/Security/libsecurity_ssl/lib/appleCdsa.h new file mode 100644 index 00000000..d8d1a222 --- /dev/null +++ b/Security/libsecurity_ssl/lib/appleCdsa.h @@ -0,0 +1,222 @@ +/* + * Copyright (c) 1999-2001,2005-2007,2010-2012,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/* + * appleCdsa.h - interface between SSL and CDSA + */ + +#ifndef _APPLE_CDSA_H_ +#define _APPLE_CDSA_H_ 1 + +#include "ssl.h" +#include "sslPriv.h" +#include "sslContext.h" +#include + +#ifdef __cplusplus +extern "C" { +#endif + +extern OSStatus sslSetUpSymmKey( + CSSM_KEY_PTR symKey, + CSSM_ALGORITHMS alg, + CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc. + CSSM_BOOL copyKey, // true: copy keyData false: set by reference + uint8 *keyData, + size_t keyDataLen); // in bytes + +extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand, + CSSM_KEY_PTR *key, + #if ST_KC_KEYS_NEED_REF + SecKeychainRef *kcItem); + #else /* !ST_KC_KEYS_NEED_REF */ + void *kcItem); + #endif /* ST_KC_KEYS_NEED_REF*/ + +extern OSStatus attachToCsp(SSLContext *ctx); +extern OSStatus attachToCl(SSLContext *ctx); +extern OSStatus attachToTp(SSLContext *ctx); +extern OSStatus attachToAll(SSLContext *ctx); +extern OSStatus detachFromAll(SSLContext *ctx); + +extern CSSM_DATA_PTR stMallocCssmData(size_t size); +extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct); +extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, size_t length); + + +/* + * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR. + */ +extern OSStatus sslPubKeyFromCert( + SSLContext *ctx, + const SSLBuffer *derCert, + CSSM_KEY_PTR *pubKey, // RETURNED + CSSM_CSP_HANDLE *cspHand); // RETURNED + +/* + * Verify a cert chain. + */ +extern OSStatus sslVerifyCertChain( + SSLContext *ctx, + const SSLCertificate *certChain, + bool arePeerCerts); + +/* + * Raw RSA/DSA sign/verify. + */ +OSStatus sslRawSign( + SSLContext *ctx, + SecKeyRef privKeyRef, + const UInt8 *plainText, + size_t plainTextLen, + UInt8 *sig, // mallocd by caller; RETURNED + size_t sigLen, // available + size_t *actualBytes); // RETURNED + +OSStatus sslRawVerify( + SSLContext *ctx, + const CSSM_KEY *pubKey, + CSSM_CSP_HANDLE cspHand, + const UInt8 *plainText, + size_t plainTextLen, + const UInt8 *sig, + size_t sigLen); // available + +/* + * Encrypt/Decrypt + */ +OSStatus sslRsaEncrypt( + SSLContext *ctx, + const CSSM_KEY *pubKey, + CSSM_CSP_HANDLE cspHand, + CSSM_PADDING padding, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2 + const UInt8 *plainText, + size_t plainTextLen, + UInt8 *cipherText, // mallocd by caller; RETURNED + size_t cipherTextLen, // available + size_t *actualBytes); // RETURNED +OSStatus sslRsaDecrypt( + SSLContext *ctx, + SecKeyRef privKeyRef, + CSSM_PADDING padding, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2 + const UInt8 *cipherText, + size_t cipherTextLen, + UInt8 *plainText, // mallocd by caller; RETURNED + size_t plainTextLen, // available + size_t *actualBytes); // RETURNED + +/* + * Obtain size of key in bytes. + */ +extern uint32 sslKeyLengthInBytes( + const CSSM_KEY *key); + +/* Obtain max signature size in bytes. */ +extern OSStatus sslGetMaxSigSize( + const CSSM_KEY *privKey, + uint32 *maxSigSize); + +/* + * Get raw key bits from an RSA public key. + */ +OSStatus sslGetPubKeyBits( + SSLContext *ctx, + const CSSM_KEY *pubKey, + CSSM_CSP_HANDLE cspHand, + SSLBuffer *modulus, // data mallocd and RETURNED + SSLBuffer *exponent); // data mallocd and RETURNED + +/* + * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in + * Server-initiated key exchange. + */ +OSStatus sslGetPubKeyFromBits( + SSLContext *ctx, + const SSLBuffer *modulus, + const SSLBuffer *exponent, + CSSM_KEY_PTR *pubKey, // mallocd and RETURNED + CSSM_CSP_HANDLE *cspHand); // RETURNED + +/* + * Given a DER-encoded cert, obtain its DER-encoded subject name. + */ +CSSM_DATA_PTR sslGetCertSubjectName( + SSLContext *ctx, + const CSSM_DATA_PTR cert); + +#if SSL_DEBUG +void verifyTrustedRoots(SSLContext *ctx, + CSSM_DATA_PTR certs, + unsigned numCerts); +#endif + +void * stAppMalloc (size_t size, void *allocRef); +void stAppFree (void *mem_ptr, void *allocRef); +void * stAppRealloc (void *ptr, size_t size, void *allocRef); +void * stAppCalloc (uint32 num, size_t size, void *allocRef); + +OSStatus sslDhGenKeyPairClient( + SSLContext *ctx, + const SSLBuffer *prime, + const SSLBuffer *generator, + CSSM_KEY_PTR publicKey, // RETURNED + CSSM_KEY_PTR privateKey); // RETURNED +OSStatus sslDhGenerateKeyPair( + SSLContext *ctx, + const SSLBuffer *paramBlob, + uint32 keySizeInBits, + CSSM_KEY_PTR publicKey, // RETURNED + CSSM_KEY_PTR privateKey); // RETURNED +OSStatus sslDhKeyExchange( + SSLContext *ctx, + uint32 deriveSizeInBits, + SSLBuffer *exchanged); +OSStatus sslEcdhGenerateKeyPair( + SSLContext *ctx, + SSL_ECDSA_NamedCurve namedCurve); +OSStatus sslEcdhKeyExchange( + SSLContext *ctx, + SSLBuffer *exchanged); +OSStatus sslVerifySelectedCipher( + SSLContext *ctx, + const SSLCipherSpec *selectedCipherSpec); + +/* + * Convert between SSLBuffer and CSSM_DATA, which are after all identical. + * No mallocs, just copy the pointer and length. + */ +#define SSLBUF_TO_CSSM(sb, cd) { \ + (cd)->Length = (sb)->length; \ + (cd)->Data = (sb)->data; \ +} + +#define CSSM_TO_SSLBUF(cd, sb) { \ + (sb)->length = (cd)->Length; \ + (sb)->data = (cd)->Data; \ +} + +#ifdef __cplusplus +} +#endif + +#endif /* _APPLE_CDSA_H_ */