1/*
2 * Copyright (c) 1999-2001,2005-2007,2010-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*
25 * appleCdsa.h - interface between SSL and CDSA
26 */
27
28#ifndef	_APPLE_CDSA_H_
29#define _APPLE_CDSA_H_	1
30
31#include "ssl.h"
32#include "sslPriv.h"
33#include "sslContext.h"
34#include <Security/cssmtype.h>
35
36#ifdef __cplusplus
37extern "C" {
38#endif
39
40extern OSStatus sslSetUpSymmKey(
41	CSSM_KEY_PTR	symKey,
42	CSSM_ALGORITHMS	alg,
43	CSSM_KEYUSE		keyUse, 		// CSSM_KEYUSE_ENCRYPT, etc.
44	CSSM_BOOL		copyKey,		// true: copy keyData   false: set by reference
45	uint8 			*keyData,
46	size_t		keyDataLen);	// in bytes
47
48extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand,
49	CSSM_KEY_PTR 	*key,
50	#if		ST_KC_KEYS_NEED_REF
51	SecKeychainRef	*kcItem);
52	#else	/* !ST_KC_KEYS_NEED_REF */
53	void			*kcItem);
54	#endif	/* ST_KC_KEYS_NEED_REF*/
55
56extern OSStatus attachToCsp(SSLContext *ctx);
57extern OSStatus attachToCl(SSLContext *ctx);
58extern OSStatus attachToTp(SSLContext *ctx);
59extern OSStatus attachToAll(SSLContext *ctx);
60extern OSStatus detachFromAll(SSLContext *ctx);
61
62extern CSSM_DATA_PTR stMallocCssmData(size_t size);
63extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct);
64extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, size_t length);
65
66
67/*
68 * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
69 */
70extern OSStatus sslPubKeyFromCert(
71	SSLContext 				*ctx,
72	const SSLBuffer			*derCert,
73	CSSM_KEY_PTR			*pubKey,		// RETURNED
74	CSSM_CSP_HANDLE			*cspHand);		// RETURNED
75
76/*
77 * Verify a cert chain.
78 */
79extern OSStatus sslVerifyCertChain(
80	SSLContext				*ctx,
81	const SSLCertificate	*certChain,
82	bool					arePeerCerts);
83
84/*
85 * Raw RSA/DSA sign/verify.
86 */
87OSStatus sslRawSign(
88	SSLContext			*ctx,
89	SecKeyRef			privKeyRef,
90	const UInt8			*plainText,
91	size_t			plainTextLen,
92	UInt8				*sig,			// mallocd by caller; RETURNED
93	size_t			sigLen,			// available
94	size_t			*actualBytes);	// RETURNED
95
96OSStatus sslRawVerify(
97	SSLContext			*ctx,
98	const CSSM_KEY		*pubKey,
99	CSSM_CSP_HANDLE		cspHand,
100	const UInt8			*plainText,
101	size_t			plainTextLen,
102	const UInt8			*sig,
103	size_t			sigLen);		// available
104
105/*
106 * Encrypt/Decrypt
107 */
108OSStatus sslRsaEncrypt(
109	SSLContext			*ctx,
110	const CSSM_KEY		*pubKey,
111	CSSM_CSP_HANDLE		cspHand,
112	CSSM_PADDING		padding,		// CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
113	const UInt8			*plainText,
114	size_t				plainTextLen,
115	UInt8				*cipherText,	// mallocd by caller; RETURNED
116	size_t				cipherTextLen,	// available
117	size_t				*actualBytes);	// RETURNED
118OSStatus sslRsaDecrypt(
119	SSLContext			*ctx,
120	SecKeyRef			privKeyRef,
121	CSSM_PADDING		padding,		// CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
122	const UInt8			*cipherText,
123	size_t				cipherTextLen,
124	UInt8				*plainText,		// mallocd by caller; RETURNED
125	size_t				plainTextLen,	// available
126	size_t				*actualBytes);	// RETURNED
127
128/*
129 * Obtain size of key in bytes.
130 */
131extern uint32 sslKeyLengthInBytes(
132	const CSSM_KEY	*key);
133
134/* Obtain max signature size in bytes. */
135extern OSStatus sslGetMaxSigSize(
136	const CSSM_KEY	*privKey,
137	uint32			*maxSigSize);
138
139/*
140 * Get raw key bits from an RSA public key.
141 */
142OSStatus sslGetPubKeyBits(
143	SSLContext			*ctx,
144	const CSSM_KEY		*pubKey,
145	CSSM_CSP_HANDLE		cspHand,
146	SSLBuffer			*modulus,		// data mallocd and RETURNED
147	SSLBuffer			*exponent);		// data mallocd and RETURNED
148
149/*
150 * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
151 * Server-initiated key exchange.
152 */
153OSStatus sslGetPubKeyFromBits(
154	SSLContext			*ctx,
155	const SSLBuffer		*modulus,
156	const SSLBuffer		*exponent,
157	CSSM_KEY_PTR		*pubKey,		// mallocd and RETURNED
158	CSSM_CSP_HANDLE		*cspHand);		// RETURNED
159
160/*
161 * Given a DER-encoded cert, obtain its DER-encoded subject name.
162 */
163CSSM_DATA_PTR sslGetCertSubjectName(
164	SSLContext			*ctx,
165    const CSSM_DATA_PTR cert);
166
167#if		SSL_DEBUG
168void verifyTrustedRoots(SSLContext *ctx,
169	CSSM_DATA_PTR	certs,
170	unsigned		numCerts);
171#endif
172
173void * stAppMalloc (size_t size, void *allocRef);
174void stAppFree (void *mem_ptr, void *allocRef);
175void * stAppRealloc (void *ptr, size_t size, void *allocRef);
176void * stAppCalloc (uint32 num, size_t size, void *allocRef);
177
178OSStatus sslDhGenKeyPairClient(
179	SSLContext		*ctx,
180	const SSLBuffer	*prime,
181	const SSLBuffer	*generator,
182	CSSM_KEY_PTR	publicKey,			// RETURNED
183	CSSM_KEY_PTR	privateKey);		// RETURNED
184OSStatus sslDhGenerateKeyPair(
185	SSLContext		*ctx,
186	const SSLBuffer	*paramBlob,
187	uint32			keySizeInBits,
188	CSSM_KEY_PTR	publicKey,			// RETURNED
189	CSSM_KEY_PTR	privateKey);		// RETURNED
190OSStatus sslDhKeyExchange(
191	SSLContext		*ctx,
192	uint32			deriveSizeInBits,
193	SSLBuffer		*exchanged);
194OSStatus sslEcdhGenerateKeyPair(
195	SSLContext			*ctx,
196	SSL_ECDSA_NamedCurve namedCurve);
197OSStatus sslEcdhKeyExchange(
198	SSLContext		*ctx,
199	SSLBuffer		*exchanged);
200OSStatus sslVerifySelectedCipher(
201	SSLContext 		*ctx,
202	const SSLCipherSpec *selectedCipherSpec);
203
204/*
205 * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
206 * No mallocs, just copy the pointer and length.
207 */
208#define SSLBUF_TO_CSSM(sb, cd)  {		\
209	(cd)->Length = (sb)->length; 		\
210	(cd)->Data   = (sb)->data;			\
211}
212
213#define CSSM_TO_SSLBUF(cd, sb)  {		\
214	(sb)->length = (cd)->Length; 		\
215	(sb)->data   = (cd)->Data;			\
216}
217
218#ifdef __cplusplus
219}
220#endif
221
222#endif	/* _APPLE_CDSA_H_ */
223