1/*
2 * Copyright (c) 2006-2008,2010-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*
25 * sslCrypto.h - interface between SSL and crypto libraries
26 */
27
28#ifndef	_SSL_CRYPTO_H_
29#define _SSL_CRYPTO_H_	1
30
31#include "ssl.h"
32#include "sslContext.h"
33#include <Security/SecKeyPriv.h>
34
35#ifdef __cplusplus
36extern "C" {
37#endif
38
39#ifndef		NDEBUG
40extern void stPrintCdsaError(const char *op, OSStatus crtn);
41#else
42#define stPrintCdsaError(o, cr)
43#endif
44
45/*
46 * Get algorithm id for a SSLPubKey object.
47 */
48CFIndex sslPubKeyGetAlgorithmID(SecKeyRef pubKey);
49
50/*
51 * Get algorithm id for a SSLPrivKey object.
52 */
53CFIndex sslPrivKeyGetAlgorithmID(SecKeyRef privKey);
54
55/*
56 * Create a new SecTrust object and return it.
57 */
58OSStatus
59sslCreateSecTrust(
60	SSLContext				*ctx,
61	CFArrayRef				certChain,
62	bool					arePeerCerts,
63    SecTrustRef             *trust); 	/* RETURNED */
64
65OSStatus sslVerifySelectedCipher(
66	SSLContext 		*ctx);
67
68/* Convert DER certs to SecCertificateRefs */
69CFArrayRef tls_get_peer_certs(const SSLCertificate *certs);
70
71/*
72 * Verify the peer cert chain.
73 */
74int tls_verify_peer_cert(SSLContext *ctx);
75
76
77#
78#ifdef __cplusplus
79}
80#endif
81
82
83#endif	/* _SSL_CRYPTO_H_ */
84