1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537 |
- //
- // RNCryptor.h
- //
- // Copyright © 2015 Rob Napier. All rights reserved.
- //
- // This code is licensed under the MIT License:
- //
- // Permission is hereby granted, free of charge, to any person obtaining a
- // copy of this software and associated documentation files (the "Software"),
- // to deal in the Software without restriction, including without limitation
- // the rights to use, copy, modify, merge, publish, distribute, sublicense,
- // and/or sell copies of the Software, and to permit persons to whom the
- // Software is furnished to do so, subject to the following conditions:
- //
- // The above copyright notice and this permission notice shall be included in
- // all copies or substantial portions of the Software.
- //
- // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- // FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
- // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- // DEALINGS IN THE SOFTWARE.
- //
- //
- // CommonCryptoError.h
- // CommonCrypto
- //
- // Created by Richard Murphy on 4/15/14.
- // Copyright (c) 2014 Platform Security. All rights reserved.
- //
- #ifndef CommonCrypto_CommonCryptoError_h
- #define CommonCrypto_CommonCryptoError_h
- /*
- * Copyright (c) 2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
- #include <stdint.h>
- #if defined(__cplusplus)
- extern "C" {
- #endif
- /*!
- @enum CCCryptorStatus
- @abstract Return values from CommonCryptor operations.
- @constant kCCSuccess Operation completed normally.
- @constant kCCParamError Illegal parameter value.
- @constant kCCBufferTooSmall Insufficent buffer provided for specified
- operation.
- @constant kCCMemoryFailure Memory allocation failure.
- @constant kCCAlignmentError Input size was not aligned properly.
- @constant kCCDecodeError Input data did not decode or decrypt
- properly.
- @constant kCCUnimplemented Function not implemented for the current
- algorithm.
- */
- enum {
- kCCSuccess = 0,
- kCCParamError = -4300,
- kCCBufferTooSmall = -4301,
- kCCMemoryFailure = -4302,
- kCCAlignmentError = -4303,
- kCCDecodeError = -4304,
- kCCUnimplemented = -4305,
- kCCOverflow = -4306,
- kCCRNGFailure = -4307,
- };
- typedef int32_t CCStatus;
- typedef int32_t CCCryptorStatus;
- #if defined(__cplusplus)
- }
- #endif
- #endif
- /*
- * Copyright (c) 2006-2010 Apple, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
- /*!
- @header CommonCryptor.h
- @abstract Generic interface for symmetric encryption.
- @discussion This interface provides access to a number of symmetric
- encryption algorithms. Symmetric encryption algorithms come
- in two "flavors" - block ciphers, and stream ciphers. Block
- ciphers process data (while both encrypting and decrypting)
- in discrete chunks of data called blocks; stream ciphers
- operate on arbitrary sized data.
- The object declared in this interface, CCCryptor, provides
- access to both block ciphers and stream ciphers with the same
- API; however some options are available for block ciphers that
- do not apply to stream ciphers.
- The general operation of a CCCryptor is: initialize it
- with raw key data and other optional fields with
- CCCryptorCreate(); process input data via one or more calls to
- CCCryptorUpdate(), each of which may result in output data
- being written to caller-supplied memory; and obtain possible
- remaining output data with CCCryptorFinal(). The CCCryptor is
- disposed of via CCCryptorRelease(), or it can be reused (with
- the same key data as provided to CCCryptorCreate()) by calling
- CCCryptorReset().
- CCCryptors can be dynamically allocated by this module, or
- their memory can be allocated by the caller. See discussion for
- CCCryptorCreate() and CCCryptorCreateFromData() for information
- on CCCryptor allocation.
- One option for block ciphers is padding, as defined in PKCS7;
- when padding is enabled, the total amount of data encrypted
- does not have to be an even multiple of the block size, and
- the actual length of plaintext is calculated during decryption.
- Another option for block ciphers is Cipher Block Chaining, known
- as CBC mode. When using CBC mode, an Initialization Vector (IV)
- is provided along with the key when starting an encrypt
- or decrypt operation. If CBC mode is selected and no IV is
- provided, an IV of all zeroes will be used.
- CCCryptor also implements block bufferring, so that individual
- calls to CCCryptorUpdate() do not have to provide data whose
- length is aligned to the block size. (If padding is disabled,
- encrypting with block ciphers does require that the *total*
- length of data input to CCCryptorUpdate() call(s) be aligned
- to the block size.)
- A given CCCryptor can only be used by one thread at a time;
- multiple threads can use safely different CCCryptors at the
- same time.
- */
- #ifndef _CC_COMMON_CRYPTOR_
- #define _CC_COMMON_CRYPTOR_
- #include <stdbool.h>
- #include <stdint.h>
- #ifndef KERNEL
- #include <stddef.h>
- #endif /* KERNEL */
- #include <CoreFoundation/CFAvailability.h>
- #ifdef __cplusplus
- extern "C" {
- #endif
- /*!
- @typedef CCCryptorRef
- @abstract Opaque reference to a CCCryptor object.
- */
- typedef struct _CCCryptor *CCCryptorRef;
- /*!
- @enum CCOperation
- @abstract Operations that an CCCryptor can perform.
- @constant kCCEncrypt Symmetric encryption.
- @constant kCCDecrypt Symmetric decryption.
- */
- enum {
- kCCEncrypt = 0,
- kCCDecrypt,
- };
- typedef uint32_t CCOperation;
- /*!
- @enum CCAlgorithm
- @abstract Encryption algorithms implemented by this module.
- @constant kCCAlgorithmAES128 Advanced Encryption Standard, 128-bit block
- This is kept for historical reasons. It's
- preferred now to use kCCAlgorithmAES since
- 128-bit blocks are part of the standard.
- @constant kCCAlgorithmAES Advanced Encryption Standard, 128-bit block
- @constant kCCAlgorithmDES Data Encryption Standard
- @constant kCCAlgorithm3DES Triple-DES, three key, EDE configuration
- @constant kCCAlgorithmCAST CAST
- @constant kCCAlgorithmRC4 RC4 stream cipher
- @constant kCCAlgorithmBlowfish Blowfish block cipher
- */
- enum {
- kCCAlgorithmAES128 = 0,
- kCCAlgorithmAES = 0,
- kCCAlgorithmDES,
- kCCAlgorithm3DES,
- kCCAlgorithmCAST,
- kCCAlgorithmRC4,
- kCCAlgorithmRC2,
- kCCAlgorithmBlowfish
- };
- typedef uint32_t CCAlgorithm;
- /*!
- @enum CCOptions
- @abstract Options flags, passed to CCCryptorCreate().
- @constant kCCOptionPKCS7Padding Perform PKCS7 padding.
- @constant kCCOptionECBMode Electronic Code Book Mode.
- Default is CBC.
- */
- enum {
- /* options for block ciphers */
- kCCOptionPKCS7Padding = 0x0001,
- kCCOptionECBMode = 0x0002
- /* stream ciphers currently have no options */
- };
- typedef uint32_t CCOptions;
- /*!
- @enum Key sizes
- @discussion Key sizes, in bytes, for supported algorithms. Use these
- constants to select any keysize variants you wish to use
- for algorithms that support them (ie AES-128, AES-192, AES-256)
- @constant kCCKeySizeAES128 128 bit AES key size.
- @constant kCCKeySizeAES192 192 bit AES key size.
- @constant kCCKeySizeAES256 256 bit AES key size.
- @constant kCCKeySizeDES DES key size.
- @constant kCCKeySize3DES Triple DES key size.
- @constant kCCKeySizeMinCAST CAST minimum key size.
- @constant kCCKeySizeMaxCAST CAST maximum key size.
- @constant kCCKeySizeMinRC4 RC4 minimum key size.
- @constant kCCKeySizeMaxRC4 RC4 maximum key size.
- @discussion DES and TripleDES have fixed key sizes.
- AES has three discrete key sizes.
- CAST and RC4 have variable key sizes.
- */
- enum {
- kCCKeySizeAES128 = 16,
- kCCKeySizeAES192 = 24,
- kCCKeySizeAES256 = 32,
- kCCKeySizeDES = 8,
- kCCKeySize3DES = 24,
- kCCKeySizeMinCAST = 5,
- kCCKeySizeMaxCAST = 16,
- kCCKeySizeMinRC4 = 1,
- kCCKeySizeMaxRC4 = 512,
- kCCKeySizeMinRC2 = 1,
- kCCKeySizeMaxRC2 = 128,
- kCCKeySizeMinBlowfish = 8,
- kCCKeySizeMaxBlowfish = 56,
- };
- /*!
- @enum Block sizes
- @discussion Block sizes, in bytes, for supported algorithms.
- @constant kCCBlockSizeAES128 AES block size (currently, only 128-bit
- blocks are supported).
- @constant kCCBlockSizeDES DES block size.
- @constant kCCBlockSize3DES Triple DES block size.
- @constant kCCBlockSizeCAST CAST block size.
- */
- enum {
- /* AES */
- kCCBlockSizeAES128 = 16,
- /* DES */
- kCCBlockSizeDES = 8,
- /* 3DES */
- kCCBlockSize3DES = 8,
- /* CAST */
- kCCBlockSizeCAST = 8,
- kCCBlockSizeRC2 = 8,
- kCCBlockSizeBlowfish = 8,
- };
- /*!
- @enum Minimum context sizes
- @discussion Minimum context sizes, for caller-allocated CCCryptorRefs.
- To minimize dynamic allocation memory, a caller can create
- a CCCryptorRef by passing caller-supplied memory to the
- CCCryptorCreateFromData() function.
- These constants define the minimum amount of memory, in
- bytes, needed for CCCryptorRefs for each supported algorithm.
- Note: these constants are valid for the current version of
- this library; they may change in subsequent releases, so
- applications wishing to allocate their own memory for use
- in creating CCCryptorRefs must be prepared to deal with
- a kCCBufferTooSmall return from CCCryptorCreateFromData().
- See discussion for the CCCryptorCreateFromData() function.
- @constant kCCContextSizeAES128 - Minimum context size for kCCAlgorithmAES128.
- @constant kCCContextSizeDES - Minimum context size for kCCAlgorithmDES.
- @constant kCCContextSize3DES - Minimum context size for kCCAlgorithm3DES.
- @constant kCCContextSizeCAST - Minimum context size for kCCAlgorithmCAST.
- @constant kCCContextSizeRC4 - Minimum context size for kCCAlgorithmRC4.
- */
- enum {
- kCCContextSizeAES128 = 404,
- kCCContextSizeDES = 240,
- kCCContextSize3DES = 496,
- kCCContextSizeCAST = 240,
- kCCContextSizeRC4 = 1072
- };
- /*!
- @function CCCryptorCreate
- @abstract Create a cryptographic context.
- @param op Defines the basic operation: kCCEncrypt or
- kCCDecrypt.
- @param alg Defines the algorithm.
- @param options A word of flags defining options. See discussion
- for the CCOptions type.
- @param key Raw key material, length keyLength bytes.
- @param keyLength Length of key material. Must be appropriate
- for the selected operation and algorithm. Some
- algorithms provide for varying key lengths.
- @param iv Initialization vector, optional. Used by
- block ciphers when Cipher Block Chaining (CBC)
- mode is enabled. If present, must be the same
- length as the selected algorithm's block size.
- If CBC mode is selected (by the absence of the
- kCCOptionECBMode bit in the options flags) and no
- IV is present, a NULL (all zeroes) IV will be used.
- This parameter is ignored if ECB mode is used or
- if a stream cipher algorithm is selected.
- @param cryptorRef A (required) pointer to the returned CCCryptorRef.
- @result Possible error returns are kCCParamError and kCCMemoryFailure.
- */
- CCCryptorStatus CCCryptorCreate(
- CCOperation op, /* kCCEncrypt, etc. */
- CCAlgorithm alg, /* kCCAlgorithmDES, etc. */
- CCOptions options, /* kCCOptionPKCS7Padding, etc. */
- const void *key, /* raw key material */
- size_t keyLength,
- const void *iv, /* optional initialization vector */
- CCCryptorRef *cryptorRef) /* RETURNED */
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCCryptorCreateFromData
- @abstract Create a cryptographic context using caller-supplied memory.
- @param op Defines the basic operation: kCCEncrypt or
- kCCDecrypt.
- @param alg Defines the algorithm.
- @param options A word of flags defining options. See discussion
- for the CCOptions type.
- @param key Raw key material, length keyLength bytes.
- @param keyLength Length of key material. Must be appropriate
- for the selected operation and algorithm. Some
- algorithms provide for varying key lengths.
- @param iv Initialization vector, optional. Used by
- block ciphers when Cipher Block Chaining (CBC)
- mode is enabled. If present, must be the same
- length as the selected algorithm's block size.
- If CBC mode is selected (by the absence of the
- kCCOptionECBMode bit in the options flags) and no
- IV is present, a NULL (all zeroes) IV will be used.
- This parameter is ignored if ECB mode is used or
- if a stream cipher algorithm is selected.
- @param data A pointer to caller-supplied memory from which the
- CCCryptorRef will be created.
- @param dataLength The size of the caller-supplied memory in bytes.
- @param cryptorRef A (required) pointer to the returned CCCryptorRef.
- @param dataUsed Optional. If present, the actual number of bytes of
- the caller-supplied memory which was consumed by
- creation of the CCCryptorRef is returned here. Also,
- if the supplied memory is of insufficent size to create
- a CCCryptorRef, kCCBufferTooSmall is returned, and
- the minimum required buffer size is returned via this
- parameter if present.
- @result Possible error returns are kCCParamError and kCCBufferTooSmall.
- @discussion The CCCryptorRef created by this function *may* be disposed of
- via CCCRyptorRelease; that call is not strictly necessary, but
- if it's not performed, good security practice dictates that the
- caller should zero the memory provided to create the CCCryptorRef
- when the caller is finished using the CCCryptorRef.
- */
- CCCryptorStatus CCCryptorCreateFromData(
- CCOperation op, /* kCCEncrypt, etc. */
- CCAlgorithm alg, /* kCCAlgorithmDES, etc. */
- CCOptions options, /* kCCOptionPKCS7Padding, etc. */
- const void *key, /* raw key material */
- size_t keyLength,
- const void *iv, /* optional initialization vector */
- const void *data, /* caller-supplied memory */
- size_t dataLength, /* length of data in bytes */
- CCCryptorRef *cryptorRef, /* RETURNED */
- size_t *dataUsed) /* optional, RETURNED */
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCCryptorRelease
- @abstract Free a context created by CCCryptorCreate or
- CCCryptorCreateFromData().
- @param cryptorRef The CCCryptorRef to release.
- @result The only possible error return is kCCParamError resulting
- from passing in a null CCCryptorRef.
- */
- CCCryptorStatus CCCryptorRelease(
- CCCryptorRef cryptorRef)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCCryptorUpdate
- @abstract Process (encrypt, decrypt) some data. The result, if any,
- is written to a caller-provided buffer.
- @param cryptorRef A CCCryptorRef created via CCCryptorCreate() or
- CCCryptorCreateFromData().
- @param dataIn Data to process, length dataInLength bytes.
- @param dataInLength Length of data to process.
- @param dataOut Result is written here. Allocated by caller.
- Encryption and decryption can be performed
- "in-place", with the same buffer used for
- input and output.
- @param dataOutAvailable The size of the dataOut buffer in bytes.
- @param dataOutMoved On successful return, the number of bytes
- written to dataOut.
- @result kCCBufferTooSmall indicates insufficent space in the dataOut
- buffer. The caller can use
- CCCryptorGetOutputLength() to determine the
- required output buffer size in this case. The
- operation can be retried; no state is lost
- when this is returned.
- @discussion This routine can be called multiple times. The caller does
- not need to align input data lengths to block sizes; input is
- bufferred as necessary for block ciphers.
- When performing symmetric encryption with block ciphers,
- and padding is enabled via kCCOptionPKCS7Padding, the total
- number of bytes provided by all the calls to this function
- when encrypting can be arbitrary (i.e., the total number
- of bytes does not have to be block aligned). However if
- padding is disabled, or when decrypting, the total number
- of bytes does have to be aligned to the block size; otherwise
- CCCryptFinal() will return kCCAlignmentError.
- A general rule for the size of the output buffer which must be
- provided by the caller is that for block ciphers, the output
- length is never larger than the input length plus the block size.
- For stream ciphers, the output length is always exactly the same
- as the input length. See the discussion for
- CCCryptorGetOutputLength() for more information on this topic.
- Generally, when all data has been processed, call
- CCCryptorFinal().
- In the following cases, the CCCryptorFinal() is superfluous as
- it will not yield any data nor return an error:
- 1. Encrypting or decrypting with a block cipher with padding
- disabled, when the total amount of data provided to
- CCCryptorUpdate() is an integral multiple of the block size.
- 2. Encrypting or decrypting with a stream cipher.
- */
- CCCryptorStatus CCCryptorUpdate(
- CCCryptorRef cryptorRef,
- const void *dataIn,
- size_t dataInLength,
- void *dataOut, /* data RETURNED here */
- size_t dataOutAvailable,
- size_t *dataOutMoved) /* number of bytes written */
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCCryptorFinal
- @abstract Finish an encrypt or decrypt operation, and obtain the (possible)
- final data output.
- @param cryptorRef A CCCryptorRef created via CCCryptorCreate() or
- CCCryptorCreateFromData().
- @param dataOut Result is written here. Allocated by caller.
- @param dataOutAvailable The size of the dataOut buffer in bytes.
- @param dataOutMoved On successful return, the number of bytes
- written to dataOut.
- @result kCCBufferTooSmall indicates insufficent space in the dataOut
- buffer. The caller can use
- CCCryptorGetOutputLength() to determine the
- required output buffer size in this case. The
- operation can be retried; no state is lost
- when this is returned.
- kCCAlignmentError When decrypting, or when encrypting with a
- block cipher with padding disabled,
- kCCAlignmentError will be returned if the total
- number of bytes provided to CCCryptUpdate() is
- not an integral multiple of the current
- algorithm's block size.
- kCCDecodeError Indicates garbled ciphertext or the
- wrong key during decryption. This can only
- be returned while decrypting with padding
- enabled.
- @discussion Except when kCCBufferTooSmall is returned, the CCCryptorRef
- can no longer be used for subsequent operations unless
- CCCryptorReset() is called on it.
- It is not necessary to call CCCryptorFinal() when performing
- symmetric encryption or decryption if padding is disabled, or
- when using a stream cipher.
- It is not necessary to call CCCryptorFinal() prior to
- CCCryptorRelease() when aborting an operation.
- */
- CCCryptorStatus CCCryptorFinal(
- CCCryptorRef cryptorRef,
- void *dataOut,
- size_t dataOutAvailable,
- size_t *dataOutMoved) /* number of bytes written */
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCCryptorGetOutputLength
- @abstract Determine output buffer size required to process a given input
- size.
- @param cryptorRef A CCCryptorRef created via CCCryptorCreate() or
- CCCryptorCreateFromData().
- @param inputLength The length of data which will be provided to
- CCCryptorUpdate().
- @param final If false, the returned value will indicate the
- output buffer space needed when 'inputLength'
- bytes are provided to CCCryptorUpdate(). When
- 'final' is true, the returned value will indicate
- the total combined buffer space needed when
- 'inputLength' bytes are provided to
- CCCryptorUpdate() and then CCCryptorFinal() is
- called.
- @result The maximum buffer space need to perform CCCryptorUpdate() and
- optionally CCCryptorFinal().
- @discussion Some general rules apply that allow clients of this module to
- know a priori how much output buffer space will be required
- in a given situation. For stream ciphers, the output size is
- always equal to the input size, and CCCryptorFinal() never
- produces any data. For block ciphers, the output size will
- always be less than or equal to the input size plus the size
- of one block. For block ciphers, if the input size provided
- to each call to CCCryptorUpdate() is is an integral multiple
- of the block size, then the output size for each call to
- CCCryptorUpdate() is less than or equal to the input size
- for that call to CCCryptorUpdate(). CCCryptorFinal() only
- produces output when using a block cipher with padding enabled.
- */
- size_t CCCryptorGetOutputLength(
- CCCryptorRef cryptorRef,
- size_t inputLength,
- bool final)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCCryptorReset
- @abstract Reinitializes an existing CCCryptorRef with a (possibly)
- new initialization vector. The CCCryptorRef's key is
- unchanged. Not implemented for stream ciphers.
- @param cryptorRef A CCCryptorRef created via CCCryptorCreate() or
- CCCryptorCreateFromData().
- @param iv Optional initialization vector; if present, must
- be the same size as the current algorithm's block
- size.
- @result The the only possible errors are kCCParamError and
- kCCUnimplemented.
- @discussion This can be called on a CCCryptorRef with data pending (i.e.
- in a padded mode operation before CCCryptFinal is called);
- however any pending data will be lost in that case.
- */
- CCCryptorStatus CCCryptorReset(
- CCCryptorRef cryptorRef,
- const void *iv)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCCrypt
- @abstract Stateless, one-shot encrypt or decrypt operation.
- This basically performs a sequence of CCCrytorCreate(),
- CCCryptorUpdate(), CCCryptorFinal(), and CCCryptorRelease().
- @param alg Defines the encryption algorithm.
- @param op Defines the basic operation: kCCEncrypt or
- kCCDecrypt.
- @param options A word of flags defining options. See discussion
- for the CCOptions type.
- @param key Raw key material, length keyLength bytes.
- @param keyLength Length of key material. Must be appropriate
- for the select algorithm. Some algorithms may
- provide for varying key lengths.
- @param iv Initialization vector, optional. Used for
- Cipher Block Chaining (CBC) mode. If present,
- must be the same length as the selected
- algorithm's block size. If CBC mode is
- selected (by the absence of any mode bits in
- the options flags) and no IV is present, a
- NULL (all zeroes) IV will be used. This is
- ignored if ECB mode is used or if a stream
- cipher algorithm is selected.
- @param dataIn Data to encrypt or decrypt, length dataInLength
- bytes.
- @param dataInLength Length of data to encrypt or decrypt.
- @param dataOut Result is written here. Allocated by caller.
- Encryption and decryption can be performed
- "in-place", with the same buffer used for
- input and output.
- @param dataOutAvailable The size of the dataOut buffer in bytes.
- @param dataOutMoved On successful return, the number of bytes
- written to dataOut. If kCCBufferTooSmall is
- returned as a result of insufficient buffer
- space being provided, the required buffer space
- is returned here.
- @result kCCBufferTooSmall indicates insufficent space in the dataOut
- buffer. In this case, the *dataOutMoved
- parameter will indicate the size of the buffer
- needed to complete the operation. The
- operation can be retried with minimal runtime
- penalty.
- kCCAlignmentError indicates that dataInLength was not properly
- aligned. This can only be returned for block
- ciphers, and then only when decrypting or when
- encrypting with block with padding disabled.
- kCCDecodeError Indicates improperly formatted ciphertext or
- a "wrong key" error; occurs only during decrypt
- operations.
- */
- CCCryptorStatus CCCrypt(
- CCOperation op, /* kCCEncrypt, etc. */
- CCAlgorithm alg, /* kCCAlgorithmAES128, etc. */
- CCOptions options, /* kCCOptionPKCS7Padding, etc. */
- const void *key,
- size_t keyLength,
- const void *iv, /* optional initialization vector */
- const void *dataIn, /* optional per op and alg */
- size_t dataInLength,
- void *dataOut, /* data RETURNED here */
- size_t dataOutAvailable,
- size_t *dataOutMoved)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @enum Cipher Modes
- @discussion These are the selections available for modes of operation for
- use with block ciphers. If RC4 is selected as the cipher (a stream
- cipher) the only correct mode is kCCModeRC4.
- @constant kCCModeECB - Electronic Code Book Mode.
- @constant kCCModeCBC - Cipher Block Chaining Mode.
- @constant kCCModeCFB - Cipher Feedback Mode.
- @constant kCCModeOFB - Output Feedback Mode.
- @constant kCCModeXTS - XEX-based Tweaked CodeBook Mode.
- @constant kCCModeRC4 - RC4 as a streaming cipher is handled internally as a mode.
- @constant kCCModeCFB8 - Cipher Feedback Mode producing 8 bits per round.
- */
- enum {
- kCCModeECB = 1,
- kCCModeCBC = 2,
- kCCModeCFB = 3,
- kCCModeCTR = 4,
- kCCModeF8 = 5, // Unimplemented for now (not included)
- kCCModeLRW = 6, // Unimplemented for now (not included)
- kCCModeOFB = 7,
- kCCModeXTS = 8,
- kCCModeRC4 = 9,
- kCCModeCFB8 = 10,
- };
- typedef uint32_t CCMode;
- /*!
- @enum Padding for Block Ciphers
- @discussion These are the padding options available for block modes.
- @constant ccNoPadding - No padding.
- @constant ccPKCS7Padding - PKCS7 Padding.
- */
- enum {
- ccNoPadding = 0,
- ccPKCS7Padding = 1,
- };
- typedef uint32_t CCPadding;
- /*!
- @enum Mode options - Not currently in use.
- @discussion Values used to specify options for modes. This was used for counter
- mode operations in 10.8, now only Big Endian mode is supported.
- @constant kCCModeOptionCTR_LE - CTR Mode Little Endian.
- @constant kCCModeOptionCTR_BE - CTR Mode Big Endian.
- */
- enum {
- kCCModeOptionCTR_LE = 0x0001, // Deprecated in iPhoneOS 6.0 and MacOSX10.9
- kCCModeOptionCTR_BE = 0x0002 // Deprecated in iPhoneOS 6.0 and MacOSX10.9
- };
- typedef uint32_t CCModeOptions;
- /*!
- @function CCCryptorCreateWithMode
- @abstract Create a cryptographic context.
- @param op Defines the basic operation: kCCEncrypt or
- kCCDecrypt.
- @param mode Specifies the cipher mode to use for operations.
- @param alg Defines the algorithm.
- @param padding Specifies the padding to use.
- @param iv Initialization vector, optional. Used by
- block ciphers with the following modes:
- Cipher Block Chaining (CBC)
- Cipher Feedback (CFB and CFB8)
- Output Feedback (OFB)
- Counter (CTR)
- If present, must be the same length as the selected
- algorithm's block size. If no IV is present, a NULL
- (all zeroes) IV will be used.
- This parameter is ignored if ECB mode is used or
- if a stream cipher algorithm is selected.
- @param key Raw key material, length keyLength bytes.
- @param keyLength Length of key material. Must be appropriate
- for the selected operation and algorithm. Some
- algorithms provide for varying key lengths.
- @param tweak Raw key material, length keyLength bytes. Used for the
- tweak key in XEX-based Tweaked CodeBook (XTS) mode.
- @param tweakLength Length of tweak key material. Must be appropriate
- for the selected operation and algorithm. Some
- algorithms provide for varying key lengths. For XTS
- this is the same length as the encryption key.
- @param numRounds The number of rounds of the cipher to use. 0 uses the default.
- @param options A word of flags defining options. See discussion
- for the CCModeOptions type.
- @param cryptorRef A (required) pointer to the returned CCCryptorRef.
- @result Possible error returns are kCCParamError and kCCMemoryFailure.
- */
- CCCryptorStatus CCCryptorCreateWithMode(
- CCOperation op, /* kCCEncrypt, kCCEncrypt */
- CCMode mode,
- CCAlgorithm alg,
- CCPadding padding,
- const void *iv, /* optional initialization vector */
- const void *key, /* raw key material */
- size_t keyLength,
- const void *tweak, /* raw tweak material */
- size_t tweakLength,
- int numRounds, /* 0 == default */
- CCModeOptions options,
- CCCryptorRef *cryptorRef) /* RETURNED */
- __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
- #ifdef __cplusplus
- }
- #endif
- #endif /* _CC_COMMON_CRYPTOR_ */
- /*
- * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
- /*
- * CommonDigest.h - common digest routines: MD2, MD4, MD5, SHA1.
- */
- #ifndef _CC_COMMON_DIGEST_H_
- #define _CC_COMMON_DIGEST_H_
- #include <stdint.h>
- #include <Availability.h>
- #ifdef __cplusplus
- extern "C" {
- #endif
- /*
- * For compatibility with legacy implementations, the *Init(), *Update(),
- * and *Final() functions declared here *always* return a value of 1 (one).
- * This corresponds to "success" in the similar openssl implementations.
- * There are no errors of any kind which can be, or are, reported here,
- * so you can safely ignore the return values of all of these functions
- * if you are implementing new code.
- *
- * The one-shot functions (CC_MD2(), CC_SHA1(), etc.) perform digest
- * calculation and place the result in the caller-supplied buffer
- * indicated by the md parameter. They return the md parameter.
- * Unlike the opensssl counterparts, these one-shot functions require
- * a non-NULL md pointer. Passing in NULL for the md parameter
- * results in a NULL return and no digest calculation.
- */
- typedef uint32_t CC_LONG; /* 32 bit unsigned integer */
- typedef uint64_t CC_LONG64; /* 64 bit unsigned integer */
- /*** MD2 ***/
- #define CC_MD2_DIGEST_LENGTH 16 /* digest length in bytes */
- #define CC_MD2_BLOCK_BYTES 64 /* block size in bytes */
- #define CC_MD2_BLOCK_LONG (CC_MD2_BLOCK_BYTES / sizeof(CC_LONG))
- typedef struct CC_MD2state_st
- {
- int num;
- unsigned char data[CC_MD2_DIGEST_LENGTH];
- CC_LONG cksm[CC_MD2_BLOCK_LONG];
- CC_LONG state[CC_MD2_BLOCK_LONG];
- } CC_MD2_CTX;
- extern int CC_MD2_Init(CC_MD2_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_MD2_Update(CC_MD2_CTX *c, const void *data, CC_LONG len)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_MD2_Final(unsigned char *md, CC_MD2_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern unsigned char *CC_MD2(const void *data, CC_LONG len, unsigned char *md)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*** MD4 ***/
- #define CC_MD4_DIGEST_LENGTH 16 /* digest length in bytes */
- #define CC_MD4_BLOCK_BYTES 64 /* block size in bytes */
- #define CC_MD4_BLOCK_LONG (CC_MD4_BLOCK_BYTES / sizeof(CC_LONG))
- typedef struct CC_MD4state_st
- {
- CC_LONG A,B,C,D;
- CC_LONG Nl,Nh;
- CC_LONG data[CC_MD4_BLOCK_LONG];
- uint32_t num;
- } CC_MD4_CTX;
- extern int CC_MD4_Init(CC_MD4_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_MD4_Update(CC_MD4_CTX *c, const void *data, CC_LONG len)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_MD4_Final(unsigned char *md, CC_MD4_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern unsigned char *CC_MD4(const void *data, CC_LONG len, unsigned char *md)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*** MD5 ***/
- #define CC_MD5_DIGEST_LENGTH 16 /* digest length in bytes */
- #define CC_MD5_BLOCK_BYTES 64 /* block size in bytes */
- #define CC_MD5_BLOCK_LONG (CC_MD5_BLOCK_BYTES / sizeof(CC_LONG))
- typedef struct CC_MD5state_st
- {
- CC_LONG A,B,C,D;
- CC_LONG Nl,Nh;
- CC_LONG data[CC_MD5_BLOCK_LONG];
- int num;
- } CC_MD5_CTX;
- extern int CC_MD5_Init(CC_MD5_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_MD5_Update(CC_MD5_CTX *c, const void *data, CC_LONG len)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_MD5_Final(unsigned char *md, CC_MD5_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern unsigned char *CC_MD5(const void *data, CC_LONG len, unsigned char *md)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*** SHA1 ***/
- #define CC_SHA1_DIGEST_LENGTH 20 /* digest length in bytes */
- #define CC_SHA1_BLOCK_BYTES 64 /* block size in bytes */
- #define CC_SHA1_BLOCK_LONG (CC_SHA1_BLOCK_BYTES / sizeof(CC_LONG))
- typedef struct CC_SHA1state_st
- {
- CC_LONG h0,h1,h2,h3,h4;
- CC_LONG Nl,Nh;
- CC_LONG data[CC_SHA1_BLOCK_LONG];
- int num;
- } CC_SHA1_CTX;
- extern int CC_SHA1_Init(CC_SHA1_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA1_Update(CC_SHA1_CTX *c, const void *data, CC_LONG len)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA1_Final(unsigned char *md, CC_SHA1_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern unsigned char *CC_SHA1(const void *data, CC_LONG len, unsigned char *md)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*** SHA224 ***/
- #define CC_SHA224_DIGEST_LENGTH 28 /* digest length in bytes */
- #define CC_SHA224_BLOCK_BYTES 64 /* block size in bytes */
- /* same context struct is used for SHA224 and SHA256 */
- typedef struct CC_SHA256state_st
- { CC_LONG count[2];
- CC_LONG hash[8];
- CC_LONG wbuf[16];
- } CC_SHA256_CTX;
- extern int CC_SHA224_Init(CC_SHA256_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA224_Update(CC_SHA256_CTX *c, const void *data, CC_LONG len)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA224_Final(unsigned char *md, CC_SHA256_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern unsigned char *CC_SHA224(const void *data, CC_LONG len, unsigned char *md)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*** SHA256 ***/
- #define CC_SHA256_DIGEST_LENGTH 32 /* digest length in bytes */
- #define CC_SHA256_BLOCK_BYTES 64 /* block size in bytes */
- extern int CC_SHA256_Init(CC_SHA256_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA256_Update(CC_SHA256_CTX *c, const void *data, CC_LONG len)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA256_Final(unsigned char *md, CC_SHA256_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern unsigned char *CC_SHA256(const void *data, CC_LONG len, unsigned char *md)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*** SHA384 ***/
- #define CC_SHA384_DIGEST_LENGTH 48 /* digest length in bytes */
- #define CC_SHA384_BLOCK_BYTES 128 /* block size in bytes */
- /* same context struct is used for SHA384 and SHA512 */
- typedef struct CC_SHA512state_st
- { CC_LONG64 count[2];
- CC_LONG64 hash[8];
- CC_LONG64 wbuf[16];
- } CC_SHA512_CTX;
- extern int CC_SHA384_Init(CC_SHA512_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA384_Update(CC_SHA512_CTX *c, const void *data, CC_LONG len)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA384_Final(unsigned char *md, CC_SHA512_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern unsigned char *CC_SHA384(const void *data, CC_LONG len, unsigned char *md)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*** SHA512 ***/
- #define CC_SHA512_DIGEST_LENGTH 64 /* digest length in bytes */
- #define CC_SHA512_BLOCK_BYTES 128 /* block size in bytes */
- extern int CC_SHA512_Init(CC_SHA512_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA512_Update(CC_SHA512_CTX *c, const void *data, CC_LONG len)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern int CC_SHA512_Final(unsigned char *md, CC_SHA512_CTX *c)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- extern unsigned char *CC_SHA512(const void *data, CC_LONG len, unsigned char *md)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*
- * To use the above digest functions with existing code which uses
- * the corresponding openssl functions, #define the symbol
- * COMMON_DIGEST_FOR_OPENSSL in your client code (BEFORE including
- * this file), and simply link against libSystem (or System.framework)
- * instead of libcrypto.
- *
- * You can *NOT* mix and match functions operating on a given data
- * type from the two implementations; i.e., if you do a CC_MD5_Init()
- * on a CC_MD5_CTX object, do not assume that you can do an openssl-style
- * MD5_Update() on that same context.
- */
- #ifdef COMMON_DIGEST_FOR_OPENSSL
- #define MD2_DIGEST_LENGTH CC_MD2_DIGEST_LENGTH
- #define MD2_CTX CC_MD2_CTX
- #define MD2_Init CC_MD2_Init
- #define MD2_Update CC_MD2_Update
- #define MD2_Final CC_MD2_Final
- #define MD4_DIGEST_LENGTH CC_MD4_DIGEST_LENGTH
- #define MD4_CTX CC_MD4_CTX
- #define MD4_Init CC_MD4_Init
- #define MD4_Update CC_MD4_Update
- #define MD4_Final CC_MD4_Final
- #define MD5_DIGEST_LENGTH CC_MD5_DIGEST_LENGTH
- #define MD5_CTX CC_MD5_CTX
- #define MD5_Init CC_MD5_Init
- #define MD5_Update CC_MD5_Update
- #define MD5_Final CC_MD5_Final
- #define SHA_DIGEST_LENGTH CC_SHA1_DIGEST_LENGTH
- #define SHA_CTX CC_SHA1_CTX
- #define SHA1_Init CC_SHA1_Init
- #define SHA1_Update CC_SHA1_Update
- #define SHA1_Final CC_SHA1_Final
- #define SHA224_DIGEST_LENGTH CC_SHA224_DIGEST_LENGTH
- #define SHA256_CTX CC_SHA256_CTX
- #define SHA224_Init CC_SHA224_Init
- #define SHA224_Update CC_SHA224_Update
- #define SHA224_Final CC_SHA224_Final
- #define SHA256_DIGEST_LENGTH CC_SHA256_DIGEST_LENGTH
- #define SHA256_Init CC_SHA256_Init
- #define SHA256_Update CC_SHA256_Update
- #define SHA256_Final CC_SHA256_Final
- #define SHA384_DIGEST_LENGTH CC_SHA384_DIGEST_LENGTH
- #define SHA512_CTX CC_SHA512_CTX
- #define SHA384_Init CC_SHA384_Init
- #define SHA384_Update CC_SHA384_Update
- #define SHA384_Final CC_SHA384_Final
- #define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH
- #define SHA512_Init CC_SHA512_Init
- #define SHA512_Update CC_SHA512_Update
- #define SHA512_Final CC_SHA512_Final
-
-
- #endif /* COMMON_DIGEST_FOR_OPENSSL */
-
- /*
- * In a manner similar to that described above for openssl
- * compatibility, these macros can be used to provide compatiblity
- * with legacy implementations of MD5 using the interface defined
- * in RFC 1321.
- */
-
- #ifdef COMMON_DIGEST_FOR_RFC_1321
-
- #define MD5_CTX CC_MD5_CTX
- #define MD5Init CC_MD5_Init
- #define MD5Update CC_MD5_Update
- void MD5Final (unsigned char [16], MD5_CTX *)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
-
- #endif /* COMMON_DIGEST_FOR_RFC_1321 */
-
- #ifdef __cplusplus
- }
- #endif
- #endif /* _CC_COMMON_DIGEST_H_ */
- /*
- * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
- /*!
- @header CommonHMAC.h
- @abstract Keyed Message Authentication Code (HMAC) functions.
- */
- #ifndef _CC_COMMON_HMAC_H_
- #define _CC_COMMON_HMAC_H_
- #include <sys/types.h>
- #include <Availability.h>
- #ifdef __cplusplus
- extern "C" {
- #endif
- /*!
- @enum CCHmacAlgorithm
- @abstract Algorithms implemented in this module.
- @constant kCCHmacAlgSHA1 HMAC with SHA1 digest
- @constant kCCHmacAlgMD5 HMAC with MD5 digest
- @constant kCCHmacAlgSHA256 HMAC with SHA256 digest
- @constant kCCHmacAlgSHA384 HMAC with SHA384 digest
- @constant kCCHmacAlgSHA512 HMAC with SHA512 digest
- @constant kCCHmacAlgSHA224 HMAC with SHA224 digest
- */
- enum {
- kCCHmacAlgSHA1,
- kCCHmacAlgMD5,
- kCCHmacAlgSHA256,
- kCCHmacAlgSHA384,
- kCCHmacAlgSHA512,
- kCCHmacAlgSHA224
- };
- typedef uint32_t CCHmacAlgorithm;
- /*!
- @typedef CCHmacContext
- @abstract HMAC context.
- */
- #define CC_HMAC_CONTEXT_SIZE 96
- typedef struct {
- uint32_t ctx[CC_HMAC_CONTEXT_SIZE];
- } CCHmacContext;
- /*!
- @function CCHmacInit
- @abstract Initialize an CCHmacContext with provided raw key bytes.
- @param ctx An HMAC context.
- @param algorithm HMAC algorithm to perform.
- @param key Raw key bytes.
- @param keyLength Length of raw key bytes; can be any
- length including zero.
- */
- void CCHmacInit(
- CCHmacContext *ctx,
- CCHmacAlgorithm algorithm,
- const void *key,
- size_t keyLength)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCHmacUpdate
- @abstract Process some data.
- @param ctx An HMAC context.
- @param data Data to process.
- @param dataLength Length of data to process, in bytes.
- @discussion This can be called multiple times.
- */
- void CCHmacUpdate(
- CCHmacContext *ctx,
- const void *data,
- size_t dataLength)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*!
- @function CCHmacFinal
- @abstract Obtain the final Message Authentication Code.
- @param ctx An HMAC context.
- @param macOut Destination of MAC; allocated by caller.
- @discussion The length of the MAC written to *macOut is the same as
- the digest length associated with the HMAC algorithm:
- kCCHmacSHA1 : CC_SHA1_DIGEST_LENGTH
- kCCHmacMD5 : CC_MD5_DIGEST_LENGTH
- */
- void CCHmacFinal(
- CCHmacContext *ctx,
- void *macOut)
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
- /*
- * Stateless, one-shot HMAC function.
- * Output is written to caller-supplied buffer, as in CCHmacFinal().
- */
- void CCHmac(
- CCHmacAlgorithm algorithm, /* kCCHmacSHA1, kCCHmacMD5 */
- const void *key,
- size_t keyLength, /* length of key in bytes */
- const void *data,
- size_t dataLength, /* length of data in bytes */
- void *macOut) /* MAC written here */
- __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
-
- #ifdef __cplusplus
- }
- #endif
- #endif /* _CC_COMMON_HMAC_H_ */
- /*
- * Copyright (c) 2010 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
- #ifndef _CC_PBKDF_H_
- #define _CC_PBKDF_H_
- #include <sys/param.h>
- #include <string.h>
- #include <Availability.h>
- #ifdef KERNEL
- #include <machine/limits.h>
- #else
- #include <limits.h>
- #include <stdlib.h>
- #endif /* KERNEL */
- #ifdef __cplusplus
- extern "C" {
- #endif
- enum {
- kCCPBKDF2 = 2,
- };
- typedef uint32_t CCPBKDFAlgorithm;
- enum {
- kCCPRFHmacAlgSHA1 = 1,
- kCCPRFHmacAlgSHA224 = 2,
- kCCPRFHmacAlgSHA256 = 3,
- kCCPRFHmacAlgSHA384 = 4,
- kCCPRFHmacAlgSHA512 = 5,
- };
- typedef uint32_t CCPseudoRandomAlgorithm;
- /*
- @function CCKeyDerivationPBKDF
- @abstract Derive a key from a text password/passphrase
- @param algorithm Currently only PBKDF2 is available via kCCPBKDF2
- @param password The text password used as input to the derivation
- function. The actual octets present in this string
- will be used with no additional processing. It's
- extremely important that the same encoding and
- normalization be used each time this routine is
- called if the same key is expected to be derived.
- @param passwordLen The length of the text password in bytes.
- @param salt The salt byte values used as input to the derivation
- function.
- @param saltLen The length of the salt in bytes.
- @param prf The Pseudo Random Algorithm to use for the derivation
- iterations.
- @param rounds The number of rounds of the Pseudo Random Algorithm
- to use.
- @param derivedKey The resulting derived key produced by the function.
- The space for this must be provided by the caller.
- @param derivedKeyLen The expected length of the derived key in bytes.
- @discussion The following values are used to designate the PRF:
- * kCCPRFHmacAlgSHA1
- * kCCPRFHmacAlgSHA224
- * kCCPRFHmacAlgSHA256
- * kCCPRFHmacAlgSHA384
- * kCCPRFHmacAlgSHA512
- @result kCCParamError can result from bad values for the password, salt,
- and unwrapped key pointers as well as a bad value for the prf
- function.
- */
- int
- CCKeyDerivationPBKDF( CCPBKDFAlgorithm algorithm, const char *password, size_t passwordLen,
- const uint8_t *salt, size_t saltLen,
- CCPseudoRandomAlgorithm prf, uint rounds,
- uint8_t *derivedKey, size_t derivedKeyLen)
- __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
- /*
- * All lengths are in bytes - not bits.
- */
- /*
- @function CCCalibratePBKDF
- @abstract Determine the number of PRF rounds to use for a specific delay on
- the current platform.
- @param algorithm Currently only PBKDF2 is available via kCCPBKDF2
- @param passwordLen The length of the text password in bytes.
- @param saltLen The length of the salt in bytes.
- @param prf The Pseudo Random Algorithm to use for the derivation
- iterations.
- @param derivedKeyLen The expected length of the derived key in bytes.
- @param msec The targetted duration we want to achieve for a key
- derivation with these parameters.
- @result the number of iterations to use for the desired processing time.
- */
- uint
- CCCalibratePBKDF(CCPBKDFAlgorithm algorithm, size_t passwordLen, size_t saltLen,
- CCPseudoRandomAlgorithm prf, size_t derivedKeyLen, uint32_t msec)
- __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
- #ifdef __cplusplus
- }
- #endif
- #endif /* _CC_PBKDF_H_ */
- /*
- * Copyright (c) 2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
- //
- // CommonRandom.h
- // CommonCrypto
- #ifndef CommonCrypto_CommonRandom_h
- #define CommonCrypto_CommonRandom_h
- #if defined(__cplusplus)
- extern "C" {
- #endif
- typedef CCCryptorStatus CCRNGStatus;
- /*!
- @function CCRandomGenerateBytes
- @abstract Return random bytes in a buffer allocated by the caller.
- @discussion The PRNG returns cryptographically strong random
- bits suitable for use as cryptographic keys, IVs, nonces etc.
- @param bytes Pointer to the return buffer.
- @param count Number of random bytes to return.
- @result Return kCCSuccess on success.
- */
- CCRNGStatus CCRandomGenerateBytes(void *bytes, size_t count)
- __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
-
- #if defined(__cplusplus)
- }
- #endif
- #endif
|