#ifndef _SSL_CRYPTO_H_
#define _SSL_CRYPTO_H_ 1
#include "ssl.h"
#include "sslContext.h"
#include <Security/SecKeyPriv.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifndef NDEBUG
extern void stPrintCdsaError(const char *op, OSStatus crtn);
#else
#define stPrintCdsaError(o, cr)
#endif
extern OSStatus sslFreePubKey(SSLPubKey **pubKey);
extern OSStatus sslFreePrivKey(SSLPrivKey **privKey);
extern CFIndex sslPubKeyGetAlgorithmID(SSLPubKey *pubKey);
extern CFIndex sslPrivKeyGetAlgorithmID(SSLPrivKey *privKey);
OSStatus
sslCreateSecTrust(
SSLContext *ctx,
CFArrayRef certChain,
bool arePeerCerts,
SecTrustRef *trust);
extern OSStatus sslVerifyCertChain(
SSLContext *ctx,
#ifdef USE_SSLCERTIFICATE
const SSLCertificate *certChain,
#else
CFArrayRef certChain,
#endif
bool arePeerCerts);
extern OSStatus sslCopyPeerPubKey(
SSLContext *ctx,
SSLPubKey **pubKey);
OSStatus sslRawSign(
SSLContext *ctx,
SSLPrivKey *privKey,
const uint8_t *plainText,
size_t plainTextLen,
uint8_t *sig, size_t sigLen, size_t *actualBytes);
OSStatus sslRawVerify(
SSLContext *ctx,
SSLPubKey *pubKey,
const uint8_t *plainText,
size_t plainTextLen,
const uint8_t *sig,
size_t sigLen);
OSStatus sslRsaSign(
SSLContext *ctx,
SSLPrivKey *privKey,
const SecAsn1AlgId *algId,
const uint8_t *plainText,
size_t plainTextLen,
uint8_t *sig, size_t sigLen, size_t *actualBytes);
OSStatus sslRsaVerify(
SSLContext *ctx,
SSLPubKey *pubKey,
const SecAsn1AlgId *algId,
const uint8_t *plainText,
size_t plainTextLen,
const uint8_t *sig,
size_t sigLen);
OSStatus sslRsaEncrypt(
SSLContext *ctx,
SSLPubKey *pubKey,
#ifdef USE_CDSA_CRYPTO
CSSM_CSP_HANDLE cspHand,
#endif
const uint32_t padding,
const uint8_t *plainText,
size_t plainTextLen,
uint8_t *cipherText, size_t cipherTextLen, size_t *actualBytes); OSStatus sslRsaDecrypt(
SSLContext *ctx,
SSLPrivKey *privKey,
const uint32_t padding,
const uint8_t *cipherText,
size_t cipherTextLen,
uint8_t *plainText, size_t plainTextLen, size_t *actualBytes);
extern size_t sslPrivKeyLengthInBytes(
SSLPrivKey *sslKey);
extern size_t sslPubKeyLengthInBytes(
SSLPubKey *sslKey);
extern OSStatus sslGetMaxSigSize(
SSLPrivKey *privKey,
size_t *maxSigSize);
#if 0
OSStatus sslGetPubKeyBits(
SSLContext *ctx,
SSLPubKey *pubKey,
SSLBuffer *modulus, SSLBuffer *exponent); #endif
OSStatus sslGetPubKeyFromBits(
SSLContext *ctx,
const SSLBuffer *modulus,
const SSLBuffer *exponent,
SSLPubKey **pubKey);
OSStatus sslVerifySelectedCipher(
SSLContext *ctx);
#if APPLE_DH
int sslDhGenerateParams(SSLContext *ctx, uint32_t g, size_t prime_size,
SSLBuffer *params, SSLBuffer *generator, SSLBuffer *prime);
OSStatus sslDhCreateKey(SSLContext *ctx);
OSStatus sslDhGenerateKeyPair(SSLContext *ctx);
OSStatus sslDhKeyExchange(SSLContext *ctx);
OSStatus sslDecodeDhParams(
const SSLBuffer *blob,
SSLBuffer *prime,
SSLBuffer *generator);
OSStatus sslEncodeDhParams(
SSLBuffer *blob,
const SSLBuffer *prime,
const SSLBuffer *generator);
#endif
OSStatus sslEcdsaPeerCurve(
SSLPubKey *pubKey,
SSL_ECDSA_NamedCurve *namedCurve);
OSStatus sslEcdhGenerateKeyPair(
SSLContext *ctx,
SSL_ECDSA_NamedCurve namedCurve);
OSStatus sslEcdhKeyExchange(
SSLContext *ctx,
SSLBuffer *exchanged);
#ifdef __cplusplus
}
#endif
#endif