DSEncryptedEndpoint.h   [plain text]


/*
 * Copyright (c) 2002 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * The contents of this file constitute Original Code as defined in and
 * are subject to the Apple Public Source License Version 1.1 (the
 * "License").  You may not use this file except in compliance with the
 * License.  Please obtain a copy of the License at
 * http://www.apple.com/publicsource and read it before using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
 * @header DSEncryptedEndpoint
 * Layered endpoint that enciphers data.
 */

/*
	Note: all network addresses in method parameters and return values
	are in host byte order - they are converted to network byte order
	inside the methods for socket calls.

	Note2: need to be aware of which routines are FW or Server exclusive
	for what type of logging
 */

#ifndef _DSEncryptedEndpoint_H_
#define _DSEncryptedEndpoint_H_ 1

#include "DSTCPEndpoint.h"

#include "libCdsaCrypt.h"

#define DH_KEY_SIZE		512		/* size of Diffie-Hellman key in bits */
#define DERIVE_KEY_SIZE	128		/* size of derived key in bits */
#define DERIVE_KEY_ALG	CSSM_ALGID_AES
#define DSTCPAuthTag	'DHN2'

typedef enum {
	eBadCall = -4,
	eDisabled = -3,
	eFail = -2,
	eContinue = -1,
	eSuccess = 0
} eResult ;


// ----------------------------------------------------------------------------
// DSEncryptedEndpoint: implementation of encrypted endpoint.
// ----------------------------------------------------------------------------

class DSEncryptedEndpoint: public DSTCPEndpoint
{
public:
	/**** Instance methods. ****/
	// ctor and dtor.
   					DSEncryptedEndpoint	(	const DSTCPEndpoint *inEndpoint,
											const uInt32 inSessionID );
					DSEncryptedEndpoint	(	int inConnectFD,
										uInt32 inOpenTimeOut = kTCPOpenTimeout,
 										uInt32 inRdWrTimeOut = kTCPRWTimeout );
    virtual			~DSEncryptedEndpoint	( void );

	// Required specialization of pure virtual base class methods.

	// Specialized versions of base class methods.
	virtual void	EncryptData ( void *inData, const uInt32 inBuffSize, void *&outData, uInt32 &outBuffSize );
	virtual void	DecryptData ( void *inData, const uInt32 inBuffSize, void *&outData, uInt32 &outBuffSize );

	// New public methods.
	sInt32			ClientNegotiateKey ( void );
	sInt32			ServerNegotiateKey ( void );

protected:
	/**** Typedefs, enums, and constants. ****/
    typedef DSTCPEndpoint inherited;

	CSSM_CSP_HANDLE 		fcspHandle;
	CSSM_KEY				fOurDerivedKey;
	CSSM_DATA				fOurParamBlock;

private:
	/**** Instance methods accessible only to class. ****/

};

#endif	/* _DSEncryptedEndpoint_H_ */