mirrors/zig
1
0
Fork 0
mirror of https://codeberg.org/ziglang/zig.git synced 2025-12-06 05:44:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

libc: Add all macOS CommonCrypto headers

Browse source 
Closes #23795.
This commit is contained in:
Linus Groh 2025-11-04 21:48:06 +00:00
parent abca5bd588
commit e2fb103ce1
8 changed files with 1400 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
lib/libc/include/any-macos-any/CommonCrypto/CommonCrypto.h vendored Normal file
View file

@ -0,0 +1,34 @@
/*
* Copyright (c) 2006-2012 Apple, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#ifndef __COMMONCRYPTO_PUBLIC__
#define __COMMONCRYPTO_PUBLIC__
#include <CommonCrypto/CommonCryptor.h>
#include <CommonCrypto/CommonDigest.h>
#include <CommonCrypto/CommonHMAC.h>
#include <CommonCrypto/CommonKeyDerivation.h>
#include <CommonCrypto/CommonSymmetricKeywrap.h>
#endif /* __COMMONCRYPTO_PUBLIC__ */

78
lib/libc/include/any-macos-any/CommonCrypto/CommonCryptoError.h vendored Normal file
View file

@ -0,0 +1,78 @@
//
// CommonCryptoError.h
// CommonCrypto
//
// Copyright (c) 2014 Platform Security. All rights reserved.
//
#ifndef CommonCrypto_CommonCryptoError_h
#define CommonCrypto_CommonCryptoError_h
/*
* Copyright (c) 2014 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#include <stdint.h>
#if defined(__cplusplus)
extern "C" {
#endif
/*!
@enum CCCryptorStatus
@abstract Return values from CommonCryptor operations.
@constant kCCSuccess Operation completed normally.
@constant kCCParamError Illegal parameter value.
@constant kCCBufferTooSmall Insufficent buffer provided for specified
operation.
@constant kCCMemoryFailure Memory allocation failure.
@constant kCCAlignmentError Input size was not aligned properly.
@constant kCCDecodeError Input data did not decode or decrypt
properly.
@constant kCCUnimplemented Function not implemented for the current
algorithm.
@constant kCCInvalidKey Key is not valid.
*/
enum {
kCCSuccess = 0,
kCCParamError = -4300,
kCCBufferTooSmall = -4301,
kCCMemoryFailure = -4302,
kCCAlignmentError = -4303,
kCCDecodeError = -4304,
kCCUnimplemented = -4305,
kCCOverflow = -4306,
kCCRNGFailure = -4307,
kCCUnspecifiedError = -4308,
kCCCallSequenceError= -4309,
kCCKeySizeError = -4310,
kCCInvalidKey = -4311,
};
typedef int32_t CCStatus;
typedef int32_t CCCryptorStatus;
#if defined(__cplusplus)
}
#endif
#endif

763
lib/libc/include/any-macos-any/CommonCrypto/CommonCryptor.h vendored Normal file
View file

@ -0,0 +1,763 @@
/*
* Copyright (c) 2006-2010 Apple, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*!
@header CommonCryptor.h
@abstract Generic interface for symmetric encryption.
@discussion This interface provides access to a number of symmetric
encryption algorithms. Symmetric encryption algorithms come
in two "flavors" - block ciphers, and stream ciphers. Block
ciphers process data (while both encrypting and decrypting)
in discrete chunks of data called blocks; stream ciphers
operate on arbitrary sized data.
The object declared in this interface, CCCryptor, provides
access to both block ciphers and stream ciphers with the same
API; however some options are available for block ciphers that
do not apply to stream ciphers.
The general operation of a CCCryptor is: initialize it
with raw key data and other optional fields with
CCCryptorCreate(); process input data via one or more calls to
CCCryptorUpdate(), each of which may result in output data
being written to caller-supplied memory; and obtain possible
remaining output data with CCCryptorFinal(). The CCCryptor is
disposed of via CCCryptorRelease(), or it can be reused (with
the same key data as provided to CCCryptorCreate()) by calling
CCCryptorReset(). The CCCryptorReset() function only works for
the CBC and CTR modes. In other block cipher modes, it returns error.
CCCryptors can be dynamically allocated by this module, or
their memory can be allocated by the caller. See discussion for
CCCryptorCreate() and CCCryptorCreateFromData() for information
on CCCryptor allocation.
One option for block ciphers is padding, as defined in PKCS7;
when padding is enabled, the total amount of data encrypted
does not have to be an even multiple of the block size, and
the actual length of plaintext is calculated during decryption.
Another option for block ciphers is Cipher Block Chaining, known
as CBC mode. When using CBC mode, an Initialization Vector (IV)
is provided along with the key when starting an encrypt
or decrypt operation. If CBC mode is selected and no IV is
provided, an IV of all zeroes will be used.
CCCryptor also implements block bufferring, so that individual
calls to CCCryptorUpdate() do not have to provide data whose
length is aligned to the block size. (If padding is disabled,
encrypting with block ciphers does require that the *total*
length of data input to CCCryptorUpdate() call(s) be aligned
to the block size.)
A given CCCryptor can only be used by one thread at a time;
multiple threads can use safely different CCCryptors at the
same time.
*/
#include <CommonCrypto/CommonCryptoError.h>
#ifndef _CC_COMMON_CRYPTOR_
#define _CC_COMMON_CRYPTOR_
#include <stdbool.h>
#include <stdint.h>
#include <stddef.h>
#if defined(_MSC_VER)
#include <availability.h>
#else
#include <os/availability.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/*!
@typedef CCCryptorRef
@abstract Opaque reference to a CCCryptor object.
*/
typedef struct _CCCryptor *CCCryptorRef;
/*!
@enum CCOperation
@abstract Operations that an CCCryptor can perform.
@constant kCCEncrypt Symmetric encryption.
@constant kCCDecrypt Symmetric decryption.
*/
enum {
kCCEncrypt = 0,
kCCDecrypt,
};
typedef uint32_t CCOperation;
/*!
@enum CCAlgorithm
@abstract Encryption algorithms implemented by this module.
@constant kCCAlgorithmAES Advanced Encryption Standard, 128-bit block
@constant kCCAlgorithmAES128 Deprecated, name phased out due to ambiguity with key size
@constant kCCAlgorithmDES Data Encryption Standard
@constant kCCAlgorithm3DES Triple-DES, three key, EDE configuration
@constant kCCAlgorithmCAST CAST
@constant kCCAlgorithmRC4 RC4 stream cipher
@constant kCCAlgorithmBlowfish Blowfish block cipher
*/
enum {
kCCAlgorithmAES128 = 0, /* Deprecated, name phased out due to ambiguity with key size */
kCCAlgorithmAES = 0,
kCCAlgorithmDES,
kCCAlgorithm3DES,
kCCAlgorithmCAST,
kCCAlgorithmRC4,
kCCAlgorithmRC2,
kCCAlgorithmBlowfish
};
typedef uint32_t CCAlgorithm;
/*!
@enum CCOptions
@abstract Options flags, passed to CCCryptorCreate().
@constant kCCOptionPKCS7Padding Perform PKCS7 padding.
@constant kCCOptionECBMode Electronic Code Book Mode.
Default is CBC.
*/
enum {
/* options for block ciphers */
kCCOptionPKCS7Padding = 0x0001,
kCCOptionECBMode = 0x0002
/* stream ciphers currently have no options */
};
typedef uint32_t CCOptions;
/*!
@enum Key sizes
@discussion Key sizes, in bytes, for supported algorithms. Use these
constants to select any keysize variants you wish to use
for algorithms that support them (ie AES-128, AES-192, AES-256)
@constant kCCKeySizeAES128 128 bit AES key size.
@constant kCCKeySizeAES192 192 bit AES key size.
@constant kCCKeySizeAES256 256 bit AES key size.
@constant kCCKeySizeDES DES key size.
@constant kCCKeySize3DES Triple DES key size.
@constant kCCKeySizeMinCAST CAST minimum key size.
@constant kCCKeySizeMaxCAST CAST maximum key size.
@constant kCCKeySizeMinRC4 RC4 minimum key size.
@constant kCCKeySizeMaxRC4 RC4 maximum key size.
@discussion DES and TripleDES have fixed key sizes.
AES has three discrete key sizes.
CAST and RC4 have variable key sizes.
*/
enum {
kCCKeySizeAES128 = 16,
kCCKeySizeAES192 = 24,
kCCKeySizeAES256 = 32,
kCCKeySizeDES = 8,
kCCKeySize3DES = 24,
kCCKeySizeMinCAST = 5,
kCCKeySizeMaxCAST = 16,
kCCKeySizeMinRC4 = 1,
kCCKeySizeMaxRC4 = 512,
kCCKeySizeMinRC2 = 1,
kCCKeySizeMaxRC2 = 128,
kCCKeySizeMinBlowfish = 8,
kCCKeySizeMaxBlowfish = 56,
};
/*!
@enum Block sizes
@discussion Block sizes, in bytes, for supported algorithms.
@constant kCCBlockSizeAES128 AES block size (currently, only 128-bit
blocks are supported).
@constant kCCBlockSizeDES DES block size.
@constant kCCBlockSize3DES Triple DES block size.
@constant kCCBlockSizeCAST CAST block size.
*/
enum {
/* AES */
kCCBlockSizeAES128 = 16,
/* DES */
kCCBlockSizeDES = 8,
/* 3DES */
kCCBlockSize3DES = 8,
/* CAST */
kCCBlockSizeCAST = 8,
kCCBlockSizeRC2 = 8,
kCCBlockSizeBlowfish = 8,
};
/*!
@enum Minimum context sizes
@discussion Minimum context sizes, for caller-allocated CCCryptorRefs.
To minimize dynamic allocation memory, a caller can create
a CCCryptorRef by passing caller-supplied memory to the
CCCryptorCreateFromData() function.
These constants define the minimum amount of memory, in
bytes, needed for CCCryptorRefs for each supported algorithm.
Note: these constants are valid for the current version of
this library; they may change in subsequent releases, so
applications wishing to allocate their own memory for use
in creating CCCryptorRefs must be prepared to deal with
a kCCBufferTooSmall return from CCCryptorCreateFromData().
See discussion for the CCCryptorCreateFromData() function.
@constant kCCContextSizeAES128 - Minimum context size for kCCAlgorithmAES128.
@constant kCCContextSizeDES - Minimum context size for kCCAlgorithmDES.
@constant kCCContextSize3DES - Minimum context size for kCCAlgorithm3DES.
@constant kCCContextSizeCAST - Minimum context size for kCCAlgorithmCAST.
@constant kCCContextSizeRC4 - Minimum context size for kCCAlgorithmRC4.
*/
enum {
kCCContextSizeAES128 = 404,
kCCContextSizeDES = 240,
kCCContextSize3DES = 496,
kCCContextSizeCAST = 240,
kCCContextSizeRC4 = 1072
};
/*!
@function CCCryptorCreate
@abstract Create a cryptographic context.
@param op Defines the basic operation: kCCEncrypt or
kCCDecrypt.
@param alg Defines the algorithm.
@param options A word of flags defining options. See discussion
for the CCOptions type.
@param key Raw key material, length keyLength bytes.
@param keyLength Length of key material. Must be appropriate
for the selected operation and algorithm. Some
algorithms provide for varying key lengths.
@param iv Initialization vector, optional. Used by
block ciphers when Cipher Block Chaining (CBC)
mode is enabled. If present, must be the same
length as the selected algorithm's block size.
If CBC mode is selected (by the absence of the
kCCOptionECBMode bit in the options flags) and no
IV is present, a NULL (all zeroes) IV will be used.
This parameter is ignored if ECB mode is used or
if a stream cipher algorithm is selected. For sound
encryption, always initialize iv with random data.
@param cryptorRef A (required) pointer to the returned CCCryptorRef.
@result Possible error returns are kCCParamError and kCCMemoryFailure.
*/
CCCryptorStatus CCCryptorCreate(
CCOperation op, /* kCCEncrypt, etc. */
CCAlgorithm alg, /* kCCAlgorithmDES, etc. */
CCOptions options, /* kCCOptionPKCS7Padding, etc. */
const void *key, /* raw key material */
size_t keyLength,
const void *iv, /* optional initialization vector */
CCCryptorRef *cryptorRef) /* RETURNED */
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCCryptorCreateFromData
@abstract Create a cryptographic context using caller-supplied memory.
@param op Defines the basic operation: kCCEncrypt or
kCCDecrypt.
@param alg Defines the algorithm.
@param options A word of flags defining options. See discussion
for the CCOptions type.
@param key Raw key material, length keyLength bytes.
@param keyLength Length of key material. Must be appropriate
for the selected operation and algorithm. Some
algorithms provide for varying key lengths.
@param iv Initialization vector, optional. Used by
block ciphers when Cipher Block Chaining (CBC)
mode is enabled. If present, must be the same
length as the selected algorithm's block size.
If CBC mode is selected (by the absence of the
kCCOptionECBMode bit in the options flags) and no
IV is present, a NULL (all zeroes) IV will be used.
This parameter is ignored if ECB mode is used or
if a stream cipher algorithm is selected. For sound
encryption, always initialize iv with random data.
@param data A pointer to caller-supplied memory from which the
CCCryptorRef will be created.
@param dataLength The size of the caller-supplied memory in bytes.
@param cryptorRef A (required) pointer to the returned CCCryptorRef.
@param dataUsed Optional. If present, the actual number of bytes of
the caller-supplied memory which was consumed by
creation of the CCCryptorRef is returned here. Also,
if the supplied memory is of insufficent size to create
a CCCryptorRef, kCCBufferTooSmall is returned, and
the minimum required buffer size is returned via this
parameter if present.
@result Possible error returns are kCCParamError and kCCBufferTooSmall.
@discussion The CCCryptorRef created by this function must be disposed of
via CCCRyptorRelease which clears sensitive data and deallocates memory
when the caller is finished using the CCCryptorRef.
*/
CCCryptorStatus CCCryptorCreateFromData(
CCOperation op, /* kCCEncrypt, etc. */
CCAlgorithm alg, /* kCCAlgorithmDES, etc. */
CCOptions options, /* kCCOptionPKCS7Padding, etc. */
const void *key, /* raw key material */
size_t keyLength,
const void *iv, /* optional initialization vector */
const void *data, /* caller-supplied memory */
size_t dataLength, /* length of data in bytes */
CCCryptorRef *cryptorRef, /* RETURNED */
size_t *dataUsed) /* optional, RETURNED */
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCCryptorRelease
@abstract Free a context created by CCCryptorCreate or
CCCryptorCreateFromData().
@param cryptorRef The CCCryptorRef to release.
@result The only possible error return is kCCParamError resulting
from passing in a null CCCryptorRef.
*/
CCCryptorStatus CCCryptorRelease(
CCCryptorRef cryptorRef)
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCCryptorUpdate
@abstract Process (encrypt, decrypt) some data. The result, if any,
is written to a caller-provided buffer.
@param cryptorRef A CCCryptorRef created via CCCryptorCreate() or
CCCryptorCreateFromData().
@param dataIn Data to process, length dataInLength bytes.
@param dataInLength Length of data to process.
@param dataOut Result is written here. Allocated by caller.
Encryption and decryption can be performed
"in-place", with the same buffer used for
input and output. The in-place operation is not
suported for ciphers modes that work with blocks
of data such as CBC and ECB.
@param dataOutAvailable The size of the dataOut buffer in bytes.
@param dataOutMoved On successful return, the number of bytes
written to dataOut.
@result kCCBufferTooSmall indicates insufficent space in the dataOut
buffer. The caller can use
CCCryptorGetOutputLength() to determine the
required output buffer size in this case. The
operation can be retried; no state is lost
when this is returned.
@discussion This routine can be called multiple times. The caller does
not need to align input data lengths to block sizes; input is
bufferred as necessary for block ciphers.
When performing symmetric encryption with block ciphers,
and padding is enabled via kCCOptionPKCS7Padding, the total
number of bytes provided by all the calls to this function
when encrypting can be arbitrary (i.e., the total number
of bytes does not have to be block aligned). However if
padding is disabled, or when decrypting, the total number
of bytes does have to be aligned to the block size; otherwise
CCCryptFinal() will return kCCAlignmentError.
A general rule for the size of the output buffer which must be
provided by the caller is that for block ciphers, the output
length is never larger than the input length plus the block size.
For stream ciphers, the output length is always exactly the same
as the input length. See the discussion for
CCCryptorGetOutputLength() for more information on this topic.
Generally, when all data has been processed, call
CCCryptorFinal().
In the following cases, the CCCryptorFinal() is superfluous as
it will not yield any data nor return an error:
1. Encrypting or decrypting with a block cipher with padding
disabled, when the total amount of data provided to
CCCryptorUpdate() is an integral multiple of the block size.
2. Encrypting or decrypting with a stream cipher.
*/
CCCryptorStatus CCCryptorUpdate(
CCCryptorRef cryptorRef,
const void *dataIn,
size_t dataInLength,
void *dataOut, /* data RETURNED here */
size_t dataOutAvailable,
size_t *dataOutMoved) /* number of bytes written */
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCCryptorFinal
@abstract Finish an encrypt or decrypt operation, and obtain the (possible)
final data output.
@param cryptorRef A CCCryptorRef created via CCCryptorCreate() or
CCCryptorCreateFromData().
@param dataOut Result is written here. Allocated by caller.
@param dataOutAvailable The size of the dataOut buffer in bytes.
@param dataOutMoved On successful return, the number of bytes
written to dataOut.
@result kCCBufferTooSmall indicates insufficent space in the dataOut
buffer. The caller can use
CCCryptorGetOutputLength() to determine the
required output buffer size in this case. The
operation can be retried; no state is lost
when this is returned.
kCCAlignmentError When decrypting, or when encrypting with a
block cipher with padding disabled,
kCCAlignmentError will be returned if the total
number of bytes provided to CCCryptUpdate() is
not an integral multiple of the current
algorithm's block size.
kCCDecodeError Indicates garbled ciphertext or the
wrong key during decryption. This can only
be returned while decrypting with padding
enabled.
@discussion Except when kCCBufferTooSmall is returned, the CCCryptorRef
can no longer be used for subsequent operations unless
CCCryptorReset() is called on it.
It is not necessary to call CCCryptorFinal() when performing
symmetric encryption or decryption if padding is disabled, or
when using a stream cipher.
It is not necessary to call CCCryptorFinal() prior to
CCCryptorRelease() when aborting an operation.
*/
CCCryptorStatus CCCryptorFinal(
CCCryptorRef cryptorRef,
void *dataOut,
size_t dataOutAvailable,
size_t *dataOutMoved) /* number of bytes written */
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCCryptorGetOutputLength
@abstract Determine output buffer size required to process a given input
size.
@param cryptorRef A CCCryptorRef created via CCCryptorCreate() or
CCCryptorCreateFromData().
@param inputLength The length of data which will be provided to
CCCryptorUpdate().
@param final If false, the returned value will indicate the
output buffer space needed when 'inputLength'
bytes are provided to CCCryptorUpdate(). When
'final' is true, the returned value will indicate
the total combined buffer space needed when
'inputLength' bytes are provided to
CCCryptorUpdate() and then CCCryptorFinal() is
called.
@result The maximum buffer space need to perform CCCryptorUpdate() and
optionally CCCryptorFinal().
@discussion Some general rules apply that allow clients of this module to
know a priori how much output buffer space will be required
in a given situation. For stream ciphers, the output size is
always equal to the input size, and CCCryptorFinal() never
produces any data. For block ciphers, the output size will
always be less than or equal to the input size plus the size
of one block. For block ciphers, if the input size provided
to each call to CCCryptorUpdate() is is an integral multiple
of the block size, then the output size for each call to
CCCryptorUpdate() is less than or equal to the input size
for that call to CCCryptorUpdate(). CCCryptorFinal() only
produces output when using a block cipher with padding enabled.
*/
size_t CCCryptorGetOutputLength(
CCCryptorRef cryptorRef,
size_t inputLength,
bool final)
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCCryptorReset
@abstract Reinitializes an existing CCCryptorRef with a (possibly)
new initialization vector. The CCCryptorRef's key is
unchanged. Use only for CBC and CTR modes.
@param cryptorRef A CCCryptorRef created via CCCryptorCreate() or
CCCryptorCreateFromData().
@param iv Optional initialization vector; if present, must
be the same size as the current algorithm's block
size. For sound encryption, always initialize iv with
random data.
@result The only possible errors are kCCParamError and
kCCUnimplemented. On macOS 10.13, iOS 11, watchOS 4 and tvOS 11 returns kCCUnimplemented
for modes other than CBC. On prior SDKs, returns kCCSuccess to preserve compatibility
@discussion This can be called on a CCCryptorRef with data pending (i.e.
in a padded mode operation before CCCryptFinal is called);
however any pending data will be lost in that case.
*/
CCCryptorStatus CCCryptorReset(
CCCryptorRef cryptorRef,
const void *iv)
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCCrypt
@abstract Stateless, one-shot encrypt or decrypt operation.
This basically performs a sequence of CCCrytorCreate(),
CCCryptorUpdate(), CCCryptorFinal(), and CCCryptorRelease().
@param alg Defines the encryption algorithm.
@param op Defines the basic operation: kCCEncrypt or
kCCDecrypt.
@param options A word of flags defining options. See discussion
for the CCOptions type.
@param key Raw key material, length keyLength bytes.
@param keyLength Length of key material. Must be appropriate
for the select algorithm. Some algorithms may
provide for varying key lengths.
@param iv Initialization vector, optional. Used for
Cipher Block Chaining (CBC) mode. If present,
must be the same length as the selected
algorithm's block size. If CBC mode is
selected (by the absence of any mode bits in
the options flags) and no IV is present, a
NULL (all zeroes) IV will be used. This is
ignored if ECB mode is used or if a stream
cipher algorithm is selected. For sound encryption,
always initialize IV with random data.
@param dataIn Data to encrypt or decrypt, length dataInLength
bytes.
@param dataInLength Length of data to encrypt or decrypt.
@param dataOut Result is written here. Allocated by caller.
Encryption and decryption can be performed
"in-place", with the same buffer used for
input and output.
@param dataOutAvailable The size of the dataOut buffer in bytes.
@param dataOutMoved On successful return, the number of bytes
written to dataOut. If kCCBufferTooSmall is
returned as a result of insufficient buffer
space being provided, the required buffer space
is returned here.
@result kCCBufferTooSmall indicates insufficent space in the dataOut
buffer. In this case, the *dataOutMoved
parameter will indicate the size of the buffer
needed to complete the operation. The
operation can be retried with minimal runtime
penalty.
kCCAlignmentError indicates that dataInLength was not properly
aligned. This can only be returned for block
ciphers, and then only when decrypting or when
encrypting with block with padding disabled.
kCCDecodeError Indicates improperly formatted ciphertext or
a "wrong key" error; occurs only during decrypt
operations.
*/
CCCryptorStatus CCCrypt(
CCOperation op, /* kCCEncrypt, etc. */
CCAlgorithm alg, /* kCCAlgorithmAES128, etc. */
CCOptions options, /* kCCOptionPKCS7Padding, etc. */
const void *key,
size_t keyLength,
const void *iv, /* optional initialization vector */
const void *dataIn, /* optional per op and alg */
size_t dataInLength,
void *dataOut, /* data RETURNED here */
size_t dataOutAvailable,
size_t *dataOutMoved)
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@enum Cipher Modes
@discussion These are the selections available for modes of operation for
use with block ciphers. If RC4 is selected as the cipher (a stream
cipher) the only correct mode is kCCModeRC4.
@constant kCCModeECB - Electronic Code Book Mode.
@constant kCCModeCBC - Cipher Block Chaining Mode.
@constant kCCModeCFB - Cipher Feedback Mode.
@constant kCCModeOFB - Output Feedback Mode.
@constant kCCModeRC4 - RC4 as a streaming cipher is handled internally as a mode.
@constant kCCModeCFB8 - Cipher Feedback Mode producing 8 bits per round.
*/
enum {
kCCModeECB = 1,
kCCModeCBC = 2,
kCCModeCFB = 3,
kCCModeCTR = 4,
kCCModeOFB = 7,
kCCModeRC4 = 9,
kCCModeCFB8 = 10,
};
typedef uint32_t CCMode;
/*!
@enum Padding for Block Ciphers
@discussion These are the padding options available for block modes.
@constant ccNoPadding - No padding.
@constant ccPKCS7Padding - PKCS7 Padding.
*/
enum {
ccNoPadding = 0,
ccPKCS7Padding = 1,
};
typedef uint32_t CCPadding;
/*!
@enum Mode options - Not currently in use.
@discussion Values used to specify options for modes. This was used for counter
mode operations in 10.8, now only Big Endian mode is supported.
@constant kCCModeOptionCTR_BE - CTR Mode Big Endian.
*/
enum {
kCCModeOptionCTR_BE = 2
};
typedef uint32_t CCModeOptions;
/*!
@function CCCryptorCreateWithMode
@abstract Create a cryptographic context.
@param op Defines the basic operation: kCCEncrypt or
kCCDecrypt.
@param mode Specifies the cipher mode to use for operations.
@param alg Defines the algorithm.
@param padding Specifies the padding to use.
@param iv Initialization vector, optional. Used by
block ciphers with the following modes:
Cipher Block Chaining (CBC)
Cipher Feedback (CFB and CFB8)
Output Feedback (OFB)
Counter (CTR)
If present, must be the same length as the selected
algorithm's block size. If no IV is present, a NULL
(all zeroes) IV will be used. For sound encryption,
always initialize iv with random data.
This parameter is ignored if ECB mode is used or
if a stream cipher algorithm is selected.
@param key Raw key material, length keyLength bytes.
@param keyLength Length of key material. Must be appropriate
for the selected operation and algorithm. Some
algorithms provide for varying key lengths.
@param tweak Raw key material, length keyLength bytes. Used for the
tweak key in XEX-based Tweaked CodeBook (XTS) mode.
@param tweakLength Length of tweak key material. Must be appropriate
for the selected operation and algorithm. Some
algorithms provide for varying key lengths. For XTS
this is the same length as the encryption key.
@param numRounds The number of rounds of the cipher to use. 0 uses the default.
@param options A word of flags defining options. See discussion
for the CCModeOptions type.
@param cryptorRef A (required) pointer to the returned CCCryptorRef.
@result Possible error returns are kCCParamError and kCCMemoryFailure.
*/
CCCryptorStatus CCCryptorCreateWithMode(
CCOperation op, /* kCCEncrypt, kCCDecrypt */
CCMode mode,
CCAlgorithm alg,
CCPadding padding,
const void *iv, /* optional initialization vector */
const void *key, /* raw key material */
size_t keyLength,
const void *tweak, /* raw tweak material */
size_t tweakLength,
int numRounds, /* 0 == default */
CCModeOptions options,
CCCryptorRef *cryptorRef) /* RETURNED */
API_AVAILABLE(macos(10.7), ios(5.0));
#ifdef __cplusplus
}
#endif
#endif /* _CC_COMMON_CRYPTOR_ */

162
lib/libc/include/any-macos-any/CommonCrypto/CommonHMAC.h vendored Normal file
View file

@ -0,0 +1,162 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*!
@header CommonHMAC.h
@abstract Keyed Message Authentication Code (HMAC) functions.
*/
#ifndef _CC_COMMON_HMAC_H_
#define _CC_COMMON_HMAC_H_
#include <CommonCrypto/CommonDigest.h>
#include <sys/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/*!
@enum CCHmacAlgorithm
@abstract Algorithms implemented in this module.
@constant kCCHmacAlgSHA1 HMAC with SHA1 digest
@constant kCCHmacAlgMD5 HMAC with MD5 digest
@constant kCCHmacAlgSHA256 HMAC with SHA256 digest
@constant kCCHmacAlgSHA384 HMAC with SHA384 digest
@constant kCCHmacAlgSHA512 HMAC with SHA512 digest
@constant kCCHmacAlgSHA224 HMAC with SHA224 digest
*/
enum {
kCCHmacAlgSHA1,
kCCHmacAlgMD5,
kCCHmacAlgSHA256,
kCCHmacAlgSHA384,
kCCHmacAlgSHA512,
kCCHmacAlgSHA224
};
typedef uint32_t CCHmacAlgorithm;
/*!
@typedef CCHmacContext
@abstract HMAC context.
*/
#define CC_HMAC_CONTEXT_SIZE 96
typedef struct {
uint32_t ctx[CC_HMAC_CONTEXT_SIZE];
} CCHmacContext;
/*!
@function CCHmacInit
@abstract Initialize an CCHmacContext with provided raw key bytes.
@param ctx An HMAC context.
@param algorithm HMAC algorithm to perform.
@param key Raw key bytes.
@param keyLength Length of raw key bytes; can be any
length including zero.
*/
void CCHmacInit(
CCHmacContext *ctx,
CCHmacAlgorithm algorithm,
const void *key,
size_t keyLength)
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCHmacUpdate
@abstract Process some data.
@param ctx An HMAC context.
@param data Data to process.
@param dataLength Length of data to process, in bytes.
@discussion This can be called multiple times.
*/
void CCHmacUpdate(
CCHmacContext *ctx,
const void *data,
size_t dataLength)
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCHmacFinal
@abstract Obtain the final Message Authentication Code.
@param ctx An HMAC context.
@param macOut Destination of MAC; allocated by caller.
@discussion The length of the MAC written to *macOut is the same as
the digest length associated with the HMAC algorithm:
kCCHmacAlgSHA1 : CC_SHA1_DIGEST_LENGTH
kCCHmacAlgSHA256 : CC_SHA256_DIGEST_LENGTH
The MAC must be verified by comparing the computed and expected values
using timingsafe_bcmp. Other comparison functions (e.g. memcmp)
must not be used as they may be vulnerable to practical timing attacks,
leading to MAC forgery.
*/
void CCHmacFinal(
CCHmacContext *ctx,
void *macOut)
API_AVAILABLE(macos(10.4), ios(2.0));
/*!
@function CCHmac
@abstract Stateless, one-shot HMAC function
@param algorithm HMAC algorithm to perform.
@param key Raw key bytes.
@param keyLength Length of raw key bytes; can be any
length including zero.
@param data Data to process.
@param dataLength Length of data to process, in bytes.
@param macOut Destination of MAC; allocated by caller.
@discussion The length of the MAC written to *macOut is the same as the digest length associated with the HMAC algorithm:
kCCHmacAlgSHA1 : CC_SHA1_DIGEST_LENGTH
kCCHmacAlgSHA256 : CC_SHA256_DIGEST_LENGTH
The MAC must be verified by comparing the computed and expected values
using timingsafe_bcmp. Other comparison functions (e.g. memcmp)
must not be used as they may be vulnerable to practical timing attacks,
leading to MAC forgery.
*/
void CCHmac(
CCHmacAlgorithm algorithm, /* kCCHmacAlgSHA256, kCCHmacAlgSHA1 */
const void *key,
size_t keyLength, /* length of key in bytes */
const void *data,
size_t dataLength, /* length of data in bytes */
void *macOut) /* MAC written here */
API_AVAILABLE(macos(10.4), ios(2.0));
#ifdef __cplusplus
}
#endif
#endif /* _CC_COMMON_HMAC_H_ */

136
lib/libc/include/any-macos-any/CommonCrypto/CommonKeyDerivation.h vendored Normal file
View file

@ -0,0 +1,136 @@
/*
* Copyright (c) 2010 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#ifndef _CC_PBKDF_H_
#define _CC_PBKDF_H_
#include <string.h>
#include <limits.h>
#include <stdlib.h>
#include <CommonCrypto/CommonDigest.h>
#include <CommonCrypto/CommonHMAC.h>
#ifdef __cplusplus
extern "C" {
#endif
enum {
kCCPBKDF2 = 2,
};
typedef uint32_t CCPBKDFAlgorithm;
enum {
kCCPRFHmacAlgSHA1 = 1,
kCCPRFHmacAlgSHA224 = 2,
kCCPRFHmacAlgSHA256 = 3,
kCCPRFHmacAlgSHA384 = 4,
kCCPRFHmacAlgSHA512 = 5,
};
typedef uint32_t CCPseudoRandomAlgorithm;
/*
@function CCKeyDerivationPBKDF
@abstract Derive a key from a text password/passphrase
@param algorithm Currently only PBKDF2 is available via kCCPBKDF2
@param password The text password used as input to the derivation
function. The actual octets present in this string
will be used with no additional processing. It's
extremely important that the same encoding and
normalization be used each time this routine is
called if the same key is expected to be derived.
@param passwordLen The length of the text password in bytes.
@param salt The salt byte values used as input to the derivation
function. The pointer can be NULL, only when saltLen is zero.
@param saltLen The length of the salt in bytes. It can be zero.
@param prf The Pseudo Random Algorithm to use for the derivation
iterations.
@param rounds The number of rounds of the Pseudo Random Algorithm
to use. It cannot be zero.
@param derivedKey The resulting derived key produced by the function.
The space for this must be provided by the caller.
@param derivedKeyLen The expected length of the derived key in bytes. It cannot be zero.
@discussion The following values are used to designate the PRF:
* kCCPRFHmacAlgSHA1
* kCCPRFHmacAlgSHA224
* kCCPRFHmacAlgSHA256
* kCCPRFHmacAlgSHA384
* kCCPRFHmacAlgSHA512
@result kCCParamError can result from bad values for the password, salt,
and unwrapped key pointers as well as a bad value for the prf
function.
*/
int
CCKeyDerivationPBKDF( CCPBKDFAlgorithm algorithm, const char *password, size_t passwordLen,
const uint8_t *salt, size_t saltLen,
CCPseudoRandomAlgorithm prf, unsigned rounds,
uint8_t *derivedKey, size_t derivedKeyLen)
API_AVAILABLE(macos(10.7), ios(5.0));
/*
* All lengths are in bytes - not bits.
*/
/*
@function CCCalibratePBKDF
@abstract Determine the number of PRF rounds to use for a specific delay on
the current platform.
@param algorithm Currently only PBKDF2 is available via kCCPBKDF2
@param passwordLen The length of the text password in bytes.
@param saltLen The length of the salt in bytes. saltlen must be smaller than 133.
@param prf The Pseudo Random Algorithm to use for the derivation
iterations.
@param derivedKeyLen The expected length of the derived key in bytes.
@param msec The targetted duration we want to achieve for a key
derivation with these parameters.
@result the number of iterations to use for the desired processing time.
Returns a minimum of 10000 iterations (safety net, not a particularly recommended value)
The number of iterations is a trade-off of usability and security. If there is an error
the function returns (unsigned)(-1). The minimum return value is set to 10000.
*/
unsigned
CCCalibratePBKDF(CCPBKDFAlgorithm algorithm, size_t passwordLen, size_t saltLen,
CCPseudoRandomAlgorithm prf, size_t derivedKeyLen, uint32_t msec)
API_AVAILABLE(macos(10.7), ios(5.0));
#ifdef __cplusplus
}
#endif
#endif /* _CC_PBKDF_H_ */

63
lib/libc/include/any-macos-any/CommonCrypto/CommonRandom.h vendored Normal file
View file

@ -0,0 +1,63 @@
/*
* Copyright (c) 2014 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
//
// CommonRandom.h
// CommonCrypto
#ifndef CommonCrypto_CommonRandom_h
#define CommonCrypto_CommonRandom_h
#include <sys/types.h>
#include <os/availability.h>
#include <CommonCrypto/CommonCryptoError.h>
#if defined(__cplusplus)
extern "C" {
#endif
typedef CCCryptorStatus CCRNGStatus;
/*!
@function CCRandomGenerateBytes
@abstract Return random bytes in a buffer allocated by the caller.
@discussion The PRNG returns cryptographically strong random
bits suitable for use as cryptographic keys, IVs, nonces etc.
@param bytes Pointer to the return buffer.
@param count Number of random bytes to return.
@result Return kCCSuccess on success.
*/
CCRNGStatus CCRandomGenerateBytes(void *bytes, size_t count)
API_AVAILABLE(macos(10.10), ios(8.0));
#if defined(__cplusplus)
}
#endif
#endif

162
lib/libc/include/any-macos-any/CommonCrypto/CommonSymmetricKeywrap.h vendored Normal file
View file

@ -0,0 +1,162 @@
/*
* Copyright (c) 2010 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#ifndef _CC_SYMKEYWRAP_H_
#define _CC_SYMKEYWRAP_H_
#include <sys/types.h>
#include <stdint.h>
#include <string.h>
#include <limits.h>
#include <stdlib.h>
#if defined(_MSC_VER)
#include <availability.h>
#else
#include <os/availability.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
enum {
kCCWRAPAES = 1,
};
extern const uint8_t * const CCrfc3394_iv API_AVAILABLE(macos(10.7), ios(5.0));
extern const size_t CCrfc3394_ivLen API_AVAILABLE(macos(10.7), ios(5.0));
typedef uint32_t CCWrappingAlgorithm;
/*!
@function CCSymmetricKeyWrap
@abstract Wrap a symmetric key with a Key Encryption Key (KEK).
@param algorithm Currently only AES Keywrapping (rfc3394) is available
via kCCWRAPAES
@param iv The initialization value to be used. CCrfc3394_iv is
available as a constant for the standard IV to use.
@param ivLen The length of the initialization value to be used.
CCrfc3394_ivLen is available as a constant for the
standard IV to use.
@param kek The Key Encryption Key to be used to wrap the raw key.
@param kekLen The length of the KEK in bytes.
@param rawKey The raw key bytes to be wrapped.
@param rawKeyLen The length of the key in bytes.
@param wrappedKey The resulting wrapped key produced by the function.
The space for this must be provided by the caller.
@param wrappedKeyLen The length of the wrapped key in bytes.
@discussion The algorithm chosen is determined by the algorithm parameter
and the size of the key being wrapped (ie aes128 for 128 bit
keys).
@result kCCBufferTooSmall indicates insufficent space in the wrappedKey
buffer.
kCCParamError can result from bad values for the kek, rawKey, and
wrappedKey key pointers.
*/
int
CCSymmetricKeyWrap(CCWrappingAlgorithm algorithm,
const uint8_t *iv, const size_t ivLen,
const uint8_t *kek, size_t kekLen,
const uint8_t *rawKey, size_t rawKeyLen,
uint8_t *wrappedKey, size_t *wrappedKeyLen)
API_AVAILABLE(macos(10.7), ios(5.0));
/*!
@function CCSymmetricKeyUnwrap
@abstract Unwrap a symmetric key with a Key Encryption Key (KEK).
@param algorithm Currently only AES Keywrapping (rfc3394) is available
via kCCWRAPAES
@param iv The initialization value to be used. CCrfc3394_iv is
available as a constant for the standard IV to use.
@param ivLen The length of the initialization value to be used.
CCrfc3394_ivLen is available as a constant for the
standard IV to use.
@param kek The Key Encryption Key to be used to unwrap the raw key.
@param kekLen The length of the KEK in bytes.
@param wrappedKey The wrapped key bytes.
@param wrappedKeyLen The length of the wrapped key in bytes.
@param rawKey The resulting raw key bytes. The space for this must
be provided by the caller.
@param rawKeyLen The length of the raw key in bytes.
@discussion The algorithm chosen is determined by the algorithm parameter
and the size of the key being wrapped (ie aes128 for 128 bit
keys).
@result kCCBufferTooSmall indicates insufficent space in the rawKey buffer.
kCCParamError can result from bad values for the kek, rawKey, and
wrappedKey key pointers.
*/
int
CCSymmetricKeyUnwrap(CCWrappingAlgorithm algorithm,
const uint8_t *iv, const size_t ivLen,
const uint8_t *kek, size_t kekLen,
const uint8_t *wrappedKey, size_t wrappedKeyLen,
uint8_t *rawKey, size_t *rawKeyLen)
API_AVAILABLE(macos(10.7), ios(5.0));
/*!
@function CCSymmetricWrappedSize
@abstract Determine the buffer size required to hold a key wrapped with
CCAESKeyWrap().
@param algorithm Currently only AES Keywrapping (rfc3394) is
available via kCCWRAPAES
@param rawKeyLen The length of the key in bytes.
@result The length of the resulting wrapped key.
*/
size_t
CCSymmetricWrappedSize(CCWrappingAlgorithm algorithm, size_t rawKeyLen)
API_AVAILABLE(macos(10.7), ios(5.0));
/*!
@function CCSymmetricUnwrappedSize
@abstract Determine the buffer size required to hold a key unwrapped with
CCAESKeyUnwrap().
@param algorithm Currently only AES Keywrapping (rfc3394) is
available via kCCWRAPAES
@param wrappedKeyLen The length of the wrapped key in bytes.
@result The length of the resulting raw key.
*/
size_t
CCSymmetricUnwrappedSize(CCWrappingAlgorithm algorithm, size_t wrappedKeyLen)
API_AVAILABLE(macos(10.7), ios(5.0));
#ifdef __cplusplus
}
#endif
#endif /* _CC_SYMKEYWRAP_H_ */

3
tools/macos-headers.c
View file

@ -177,7 +177,8 @@
#include <os/lock.h>
#include <simd/simd.h>
#include <xpc/xpc.h>
#include <CommonCrypto/CommonDigest.h>
#include <CommonCrypto/CommonCrypto.h>
#include <CommonCrypto/CommonRandom.h> // Not included by CommonCrypto.h
#include <objc/message.h>
#include <objc/NSObject.h>