#include <Security/Security.h>
#include <AssertMacros.h>
#include "ssl-utils.h"
#if TARGET_OS_IPHONE
#include <Security/SecRSAKey.h>
#include <Security/SecECKey.h>
#include <Security/SecCertificatePriv.h>
#include <Security/SecIdentityPriv.h>
#include "privkey-1.h"
#include "cert-1.h"
static
CFArrayRef chain_from_der(const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len)
{
SecKeyRef pkey = NULL;
SecCertificateRef cert = NULL;
SecIdentityRef ident = NULL;
CFArrayRef items = NULL;
require(pkey = SecKeyCreateRSAPrivateKey(kCFAllocatorDefault, pkey_der, pkey_der_len, kSecKeyEncodingPkcs1), errOut);
require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);
errOut:
CFReleaseSafe(pkey);
CFReleaseSafe(cert);
CFReleaseSafe(ident);
return items;
}
#else
#include "identity-1.h"
#define P12_PASSWORD "password"
static
CFArrayRef chain_from_p12(const unsigned char *p12_data, size_t p12_len)
{
char keychain_path[] = "/tmp/keychain.XXXXXX";
SecKeychainRef keychain = NULL;
CFArrayRef list;
CFDataRef data;
SecExternalFormat format=kSecFormatPKCS12;
SecExternalItemType type=kSecItemTypeAggregate;
SecItemImportExportFlags flags=0;
SecKeyImportExportParameters params = {0,};
CFArrayRef out = NULL;
require_noerr(SecKeychainCopyDomainSearchList(kSecPreferencesDomainUser, &list), errOut);
require(mktemp(keychain_path), errOut);
require_noerr(SecKeychainCreate (keychain_path, strlen(P12_PASSWORD), P12_PASSWORD,
FALSE, NULL, &keychain), errOut);
require_noerr(SecKeychainSetDomainSearchList(kSecPreferencesDomainUser, list), errOut); require(data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, p12_data, p12_len, kCFAllocatorNull), errOut);
params.passphrase=CFSTR("password");
params.keyAttributes = CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE;
require_noerr(SecKeychainItemImport(data, CFSTR(".p12"), &format, &type, flags,
¶ms, keychain, &out), errOut);
errOut:
CFReleaseSafe(keychain);
CFReleaseSafe(list);
return out;
}
#endif
CFArrayRef server_chain(void)
{
#if TARGET_OS_IPHONE
return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
#else
return chain_from_p12(identity_1_p12, identity_1_p12_len);
#endif
}
CFArrayRef client_chain(void)
{
#if TARGET_OS_IPHONE
return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
#else
return chain_from_p12(identity_1_p12, identity_1_p12_len);
#endif
}
const char *ciphersuite_name(SSLCipherSuite cs)
{
#define C(x) case x: return #x;
switch (cs) {
C(TLS_NULL_WITH_NULL_NULL)
C(TLS_RSA_WITH_NULL_MD5)
C(TLS_RSA_WITH_NULL_SHA)
C(TLS_RSA_WITH_RC4_128_MD5)
C(TLS_RSA_WITH_RC4_128_SHA)
C(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
C(TLS_RSA_WITH_AES_128_CBC_SHA)
C(TLS_RSA_WITH_AES_256_CBC_SHA)
C(TLS_RSA_WITH_NULL_SHA256)
C(TLS_RSA_WITH_AES_128_CBC_SHA256)
C(TLS_RSA_WITH_AES_256_CBC_SHA256)
C(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA)
C(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA)
C(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA)
C(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
C(TLS_DH_DSS_WITH_AES_128_CBC_SHA)
C(TLS_DH_RSA_WITH_AES_128_CBC_SHA)
C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA)
C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
C(TLS_DH_DSS_WITH_AES_256_CBC_SHA)
C(TLS_DH_RSA_WITH_AES_256_CBC_SHA)
C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
C(TLS_DH_DSS_WITH_AES_128_CBC_SHA256)
C(TLS_DH_RSA_WITH_AES_128_CBC_SHA256)
C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256)
C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
C(TLS_DH_DSS_WITH_AES_256_CBC_SHA256)
C(TLS_DH_RSA_WITH_AES_256_CBC_SHA256)
C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256)
C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
C(TLS_DH_anon_WITH_RC4_128_MD5)
C(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA)
C(TLS_DH_anon_WITH_AES_128_CBC_SHA)
C(TLS_DH_anon_WITH_AES_256_CBC_SHA)
C(TLS_DH_anon_WITH_AES_128_CBC_SHA256)
C(TLS_DH_anon_WITH_AES_256_CBC_SHA256)
C(TLS_RSA_WITH_AES_128_GCM_SHA256)
C(TLS_RSA_WITH_AES_256_GCM_SHA384)
C(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
C(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)
C(TLS_DH_RSA_WITH_AES_128_GCM_SHA256)
C(TLS_DH_RSA_WITH_AES_256_GCM_SHA384)
C(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256)
C(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384)
C(TLS_DH_DSS_WITH_AES_128_GCM_SHA256)
C(TLS_DH_DSS_WITH_AES_256_GCM_SHA384)
C(TLS_DH_anon_WITH_AES_128_GCM_SHA256)
C(TLS_DH_anon_WITH_AES_256_GCM_SHA384)
C(TLS_ECDH_ECDSA_WITH_NULL_SHA)
C(TLS_ECDH_ECDSA_WITH_RC4_128_SHA)
C(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA)
C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA)
C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA)
C(TLS_ECDHE_ECDSA_WITH_NULL_SHA)
C(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
C(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
C(TLS_ECDH_RSA_WITH_NULL_SHA)
C(TLS_ECDH_RSA_WITH_RC4_128_SHA)
C(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA)
C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA)
C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA)
C(TLS_ECDHE_RSA_WITH_NULL_SHA)
C(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
C(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
C(TLS_ECDH_anon_WITH_NULL_SHA)
C(TLS_ECDH_anon_WITH_RC4_128_SHA)
C(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA)
C(TLS_ECDH_anon_WITH_AES_128_CBC_SHA)
C(TLS_ECDH_anon_WITH_AES_256_CBC_SHA)
C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)
C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384)
C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256)
C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384)
C(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
C(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
C(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256)
C(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384)
C(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
C(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
C(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256)
C(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384)
C(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
C(SSL_RSA_WITH_RC2_CBC_MD5)
C(SSL_RSA_WITH_IDEA_CBC_MD5)
C(SSL_RSA_WITH_DES_CBC_MD5)
C(SSL_RSA_WITH_3DES_EDE_CBC_MD5)
C(SSL_NO_SUCH_CIPHERSUITE)
C(SSL_RSA_EXPORT_WITH_RC4_40_MD5)
C(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5)
C(SSL_RSA_WITH_IDEA_CBC_SHA)
C(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA)
C(SSL_RSA_WITH_DES_CBC_SHA)
C(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA)
C(SSL_DH_DSS_WITH_DES_CBC_SHA)
C(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA)
C(SSL_DH_RSA_WITH_DES_CBC_SHA)
C(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA)
C(SSL_DHE_DSS_WITH_DES_CBC_SHA)
C(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA)
C(SSL_DHE_RSA_WITH_DES_CBC_SHA)
C(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5)
C(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA)
C(SSL_DH_anon_WITH_DES_CBC_SHA)
C(SSL_FORTEZZA_DMS_WITH_NULL_SHA)
C(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)
default:
return "Unknown Ciphersuite";
}
}