1/* 2 * Copyright (c) 1999-2001,2005-2007,2010-2012,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * appleCdsa.h - interface between SSL and CDSA 26 */ 27 28#ifndef _APPLE_CDSA_H_ 29#define _APPLE_CDSA_H_ 1 30 31#include "ssl.h" 32#include "sslPriv.h" 33#include "sslContext.h" 34#include <Security/cssmtype.h> 35 36#ifdef __cplusplus 37extern "C" { 38#endif 39 40extern OSStatus sslSetUpSymmKey( 41 CSSM_KEY_PTR symKey, 42 CSSM_ALGORITHMS alg, 43 CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc. 44 CSSM_BOOL copyKey, // true: copy keyData false: set by reference 45 uint8 *keyData, 46 size_t keyDataLen); // in bytes 47 48extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand, 49 CSSM_KEY_PTR *key, 50 #if ST_KC_KEYS_NEED_REF 51 SecKeychainRef *kcItem); 52 #else /* !ST_KC_KEYS_NEED_REF */ 53 void *kcItem); 54 #endif /* ST_KC_KEYS_NEED_REF*/ 55 56extern OSStatus attachToCsp(SSLContext *ctx); 57extern OSStatus attachToCl(SSLContext *ctx); 58extern OSStatus attachToTp(SSLContext *ctx); 59extern OSStatus attachToAll(SSLContext *ctx); 60extern OSStatus detachFromAll(SSLContext *ctx); 61 62extern CSSM_DATA_PTR stMallocCssmData(size_t size); 63extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct); 64extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, size_t length); 65 66 67/* 68 * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR. 69 */ 70extern OSStatus sslPubKeyFromCert( 71 SSLContext *ctx, 72 const SSLBuffer *derCert, 73 CSSM_KEY_PTR *pubKey, // RETURNED 74 CSSM_CSP_HANDLE *cspHand); // RETURNED 75 76/* 77 * Verify a cert chain. 78 */ 79extern OSStatus sslVerifyCertChain( 80 SSLContext *ctx, 81 const SSLCertificate *certChain, 82 bool arePeerCerts); 83 84/* 85 * Raw RSA/DSA sign/verify. 86 */ 87OSStatus sslRawSign( 88 SSLContext *ctx, 89 SecKeyRef privKeyRef, 90 const UInt8 *plainText, 91 size_t plainTextLen, 92 UInt8 *sig, // mallocd by caller; RETURNED 93 size_t sigLen, // available 94 size_t *actualBytes); // RETURNED 95 96OSStatus sslRawVerify( 97 SSLContext *ctx, 98 const CSSM_KEY *pubKey, 99 CSSM_CSP_HANDLE cspHand, 100 const UInt8 *plainText, 101 size_t plainTextLen, 102 const UInt8 *sig, 103 size_t sigLen); // available 104 105/* 106 * Encrypt/Decrypt 107 */ 108OSStatus sslRsaEncrypt( 109 SSLContext *ctx, 110 const CSSM_KEY *pubKey, 111 CSSM_CSP_HANDLE cspHand, 112 CSSM_PADDING padding, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2 113 const UInt8 *plainText, 114 size_t plainTextLen, 115 UInt8 *cipherText, // mallocd by caller; RETURNED 116 size_t cipherTextLen, // available 117 size_t *actualBytes); // RETURNED 118OSStatus sslRsaDecrypt( 119 SSLContext *ctx, 120 SecKeyRef privKeyRef, 121 CSSM_PADDING padding, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2 122 const UInt8 *cipherText, 123 size_t cipherTextLen, 124 UInt8 *plainText, // mallocd by caller; RETURNED 125 size_t plainTextLen, // available 126 size_t *actualBytes); // RETURNED 127 128/* 129 * Obtain size of key in bytes. 130 */ 131extern uint32 sslKeyLengthInBytes( 132 const CSSM_KEY *key); 133 134/* Obtain max signature size in bytes. */ 135extern OSStatus sslGetMaxSigSize( 136 const CSSM_KEY *privKey, 137 uint32 *maxSigSize); 138 139/* 140 * Get raw key bits from an RSA public key. 141 */ 142OSStatus sslGetPubKeyBits( 143 SSLContext *ctx, 144 const CSSM_KEY *pubKey, 145 CSSM_CSP_HANDLE cspHand, 146 SSLBuffer *modulus, // data mallocd and RETURNED 147 SSLBuffer *exponent); // data mallocd and RETURNED 148 149/* 150 * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in 151 * Server-initiated key exchange. 152 */ 153OSStatus sslGetPubKeyFromBits( 154 SSLContext *ctx, 155 const SSLBuffer *modulus, 156 const SSLBuffer *exponent, 157 CSSM_KEY_PTR *pubKey, // mallocd and RETURNED 158 CSSM_CSP_HANDLE *cspHand); // RETURNED 159 160/* 161 * Given a DER-encoded cert, obtain its DER-encoded subject name. 162 */ 163CSSM_DATA_PTR sslGetCertSubjectName( 164 SSLContext *ctx, 165 const CSSM_DATA_PTR cert); 166 167#if SSL_DEBUG 168void verifyTrustedRoots(SSLContext *ctx, 169 CSSM_DATA_PTR certs, 170 unsigned numCerts); 171#endif 172 173void * stAppMalloc (size_t size, void *allocRef); 174void stAppFree (void *mem_ptr, void *allocRef); 175void * stAppRealloc (void *ptr, size_t size, void *allocRef); 176void * stAppCalloc (uint32 num, size_t size, void *allocRef); 177 178OSStatus sslDhGenKeyPairClient( 179 SSLContext *ctx, 180 const SSLBuffer *prime, 181 const SSLBuffer *generator, 182 CSSM_KEY_PTR publicKey, // RETURNED 183 CSSM_KEY_PTR privateKey); // RETURNED 184OSStatus sslDhGenerateKeyPair( 185 SSLContext *ctx, 186 const SSLBuffer *paramBlob, 187 uint32 keySizeInBits, 188 CSSM_KEY_PTR publicKey, // RETURNED 189 CSSM_KEY_PTR privateKey); // RETURNED 190OSStatus sslDhKeyExchange( 191 SSLContext *ctx, 192 uint32 deriveSizeInBits, 193 SSLBuffer *exchanged); 194OSStatus sslEcdhGenerateKeyPair( 195 SSLContext *ctx, 196 SSL_ECDSA_NamedCurve namedCurve); 197OSStatus sslEcdhKeyExchange( 198 SSLContext *ctx, 199 SSLBuffer *exchanged); 200OSStatus sslVerifySelectedCipher( 201 SSLContext *ctx, 202 const SSLCipherSpec *selectedCipherSpec); 203 204/* 205 * Convert between SSLBuffer and CSSM_DATA, which are after all identical. 206 * No mallocs, just copy the pointer and length. 207 */ 208#define SSLBUF_TO_CSSM(sb, cd) { \ 209 (cd)->Length = (sb)->length; \ 210 (cd)->Data = (sb)->data; \ 211} 212 213#define CSSM_TO_SSLBUF(cd, sb) { \ 214 (sb)->length = (cd)->Length; \ 215 (sb)->data = (cd)->Data; \ 216} 217 218#ifdef __cplusplus 219} 220#endif 221 222#endif /* _APPLE_CDSA_H_ */ 223