1/* 2 * Copyright (c) 2000-2004,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23/* 24 * SecImportExportCrypto.h - low-level crypto routines for wrapping and unwrapping 25 * keys. 26 */ 27 28 29#ifndef _SECURITY_SEC_IMPORT_EXPORT_CRYPTO_H_ 30#define _SECURITY_SEC_IMPORT_EXPORT_CRYPTO_H_ 31 32#include <Security/cssmtype.h> 33#include <Security/SecAccess.h> 34#include <Security/SecKeychain.h> 35#include <Security/SecImportExport.h> 36#include <CoreFoundation/CoreFoundation.h> 37#include <security_cdsa_utilities/cssmdata.h> 38#include <stdint.h> 39 40#ifdef __cplusplus 41extern "C" { 42#endif 43 44/* 45 * Post notification of a "new key added" event. 46 * If you know of another way to do this, other than a dlclient-based lookup of the 47 * existing key in order to get a KeychainCore::Item, by all means have at it. 48 */ 49OSStatus impExpKeyNotify( 50 SecKeychainRef importKeychain, 51 const CssmData &keyLabel, // stored with this, we use it to do a lookup 52 const CSSM_KEY &cssmKey); // unwrapped key in CSSM format 53 54/* 55 * Attempt to import a raw key. This can be used as a lightweight 56 * "guess" evaluator if a handle to the raw CSP is passed in (with 57 * no keychaain), or as the real thing which does full keychain import. 58 */ 59OSStatus impExpImportRawKey( 60 CFDataRef inData, 61 SecExternalFormat externForm, 62 SecExternalItemType itemType, 63 CSSM_ALGORITHMS keyAlg, 64 SecKeychainRef importKeychain, // optional 65 CSSM_CSP_HANDLE cspHand, // optional 66 SecItemImportExportFlags flags, 67 const SecKeyImportExportParameters *keyParams, // optional 68 const char *printName, // optional 69 CFMutableArrayRef outArray); // optional, append here 70 71/* 72 * Auxiliary encryption parameters associated with a key unwrap. 73 * Most of these are usually zero (meaning "tell the CSP to take the default"). 74 */ 75typedef struct { 76 CSSM_ALGORITHMS encrAlg; // 0 ==> null unwrap 77 CSSM_ENCRYPT_MODE encrMode; 78 CSSM_KEY_PTR unwrappingKey; // NULL ==> null unwrap 79 CSSM_PADDING encrPad; 80 CSSM_DATA iv; 81 82 /* weird RC2/RC5 params */ 83 uint32 effectiveKeySizeInBits; // RC2 84 uint32 blockSizeInBits; // RC5 85 uint32 rounds; // RC5 86} impExpKeyUnwrapParams; 87 88/* 89 * Common code to unwrap a key, used for raw keys (which do a NULL unwrap) and 90 * wrapped keys. 91 */ 92OSStatus impExpImportKeyCommon( 93 const CSSM_KEY *wrappedKey, 94 SecKeychainRef importKeychain, // optional 95 CSSM_CSP_HANDLE cspHand, // optional 96 SecItemImportExportFlags flags, 97 const SecKeyImportExportParameters *keyParams, // optional 98 const impExpKeyUnwrapParams *unwrapParams, 99 const char *printName, // optional 100 CFMutableArrayRef outArray); // optional, append here 101 102/* 103 * Common code to wrap a key. NULL unwraps don't use this (yet?). 104 */ 105CSSM_RETURN impExpExportKeyCommon( 106 CSSM_CSP_HANDLE cspHand, // for all three keys 107 SecKeyRef secKey, 108 CSSM_KEY_PTR wrappingKey, 109 CSSM_KEY_PTR wrappedKey, // RETURNED 110 CSSM_ALGORITHMS wrapAlg, 111 CSSM_ENCRYPT_MODE wrapMode, 112 CSSM_PADDING wrapPad, 113 CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8 114 CSSM_ATTRIBUTE_TYPE blobAttrType, // optional raw key format attr 115 CSSM_KEYBLOB_FORMAT blobForm, // ditto 116 const CSSM_DATA *descData, // optional descriptive data 117 const CSSM_DATA *iv); 118 119#ifdef __cplusplus 120} 121#endif 122 123#endif /* _SECURITY_SEC_IMPORT_EXPORT_CRYPTO_H_ */ 124