apple_security_framework_sys/
secure_transport.rs

1use std::os::raw::c_char;
2use std::os::raw::c_int;
3use std::os::raw::c_void;
4
5use core_foundation_sys::array::CFArrayRef;
6use core_foundation_sys::base::Boolean;
7use core_foundation_sys::base::CFAllocatorRef;
8#[cfg(target_os = "macos")]
9use core_foundation_sys::base::CFTypeRef;
10use core_foundation_sys::base::OSStatus;
11
12use crate::cipher_suite::SSLCipherSuite;
13use crate::trust::SecTrustRef;
14
15pub enum SSLContext {}
16pub type SSLContextRef = *mut SSLContext;
17
18pub type SSLConnectionRef = *const c_void;
19
20pub type SSLProtocol = c_int;
21pub const kSSLProtocolUnknown: SSLProtocol = 0;
22pub const kSSLProtocol3: SSLProtocol = 2;
23pub const kTLSProtocol1: SSLProtocol = 4;
24pub const kTLSProtocol11: SSLProtocol = 7;
25pub const kTLSProtocol12: SSLProtocol = 8;
26pub const kDTLSProtocol1: SSLProtocol = 9;
27pub const kTLSProtocol13: SSLProtocol = 10;
28pub const kSSLProtocol2: SSLProtocol = 1;
29pub const kSSLProtocol3Only: SSLProtocol = 3;
30pub const kTLSProtocol1Only: SSLProtocol = 5;
31pub const kSSLProtocolAll: SSLProtocol = 6;
32
33pub type SSLSessionOption = c_int;
34pub const kSSLSessionOptionBreakOnServerAuth: SSLSessionOption = 0;
35pub const kSSLSessionOptionBreakOnCertRequested: SSLSessionOption = 1;
36pub const kSSLSessionOptionBreakOnClientAuth: SSLSessionOption = 2;
37#[cfg(any(feature = "OSX_10_9", target_os = "ios"))]
38pub const kSSLSessionOptionFalseStart: SSLSessionOption = 3;
39#[cfg(any(feature = "OSX_10_9", target_os = "ios"))]
40pub const kSSLSessionOptionSendOneByteRecord: SSLSessionOption = 4;
41#[cfg(all(feature = "OSX_10_11", not(target_os = "ios")))]
42pub const kSSLSessionOptionAllowServerIdentityChange: SSLSessionOption = 5;
43#[cfg(all(feature = "OSX_10_10", not(target_os = "ios")))]
44pub const kSSLSessionOptionFallback: SSLSessionOption = 6;
45#[cfg(all(feature = "OSX_10_11", not(target_os = "ios")))]
46pub const kSSLSessionOptionBreakOnClientHello: SSLSessionOption = 7;
47
48pub type SSLSessionState = c_int;
49pub const kSSLIdle: SSLSessionState = 0;
50pub const kSSLHandshake: SSLSessionState = 1;
51pub const kSSLConnected: SSLSessionState = 2;
52pub const kSSLClosed: SSLSessionState = 3;
53pub const kSSLAborted: SSLSessionState = 4;
54
55pub type SSLReadFunc = unsafe extern "C" fn(
56    connection: SSLConnectionRef,
57    data: *mut c_void,
58    dataLength: *mut usize,
59) -> OSStatus;
60
61pub type SSLWriteFunc = unsafe extern "C" fn(
62    connection: SSLConnectionRef,
63    data: *const c_void,
64    dataLength: *mut usize,
65) -> OSStatus;
66
67pub type SSLProtocolSide = c_int;
68pub const kSSLServerSide: SSLProtocolSide = 0;
69pub const kSSLClientSide: SSLProtocolSide = 1;
70
71pub type SSLConnectionType = c_int;
72pub const kSSLStreamType: SSLConnectionType = 0;
73pub const kSSLDatagramType: SSLConnectionType = 1;
74
75pub const errSSLProtocol: OSStatus = -9800;
76pub const errSSLNegotiation: OSStatus = -9801;
77pub const errSSLFatalAlert: OSStatus = -9802;
78pub const errSSLWouldBlock: OSStatus = -9803;
79pub const errSSLSessionNotFound: OSStatus = -9804;
80pub const errSSLClosedGraceful: OSStatus = -9805;
81pub const errSSLClosedAbort: OSStatus = -9806;
82pub const errSSLXCertChainInvalid: OSStatus = -9807;
83pub const errSSLBadCert: OSStatus = -9808;
84pub const errSSLCrypto: OSStatus = -9809;
85pub const errSSLInternal: OSStatus = -9810;
86pub const errSSLModuleAttach: OSStatus = -9811;
87pub const errSSLUnknownRootCert: OSStatus = -9812;
88pub const errSSLNoRootCert: OSStatus = -9813;
89pub const errSSLCertExpired: OSStatus = -9814;
90pub const errSSLCertNotYetValid: OSStatus = -9815;
91pub const errSSLClosedNoNotify: OSStatus = -9816;
92pub const errSSLBufferOverflow: OSStatus = -9817;
93pub const errSSLBadCipherSuite: OSStatus = -9818;
94pub const errSSLPeerUnexpectedMsg: OSStatus = -9819;
95pub const errSSLPeerBadRecordMac: OSStatus = -9820;
96pub const errSSLPeerDecryptionFail: OSStatus = -9821;
97pub const errSSLPeerRecordOverflow: OSStatus = -9822;
98pub const errSSLPeerDecompressFail: OSStatus = -9823;
99pub const errSSLPeerHandshakeFail: OSStatus = -9824;
100pub const errSSLPeerBadCert: OSStatus = -9825;
101pub const errSSLPeerUnsupportedCert: OSStatus = -9826;
102pub const errSSLPeerCertRevoked: OSStatus = -9827;
103pub const errSSLPeerCertExpired: OSStatus = -9828;
104pub const errSSLPeerCertUnknown: OSStatus = -9829;
105pub const errSSLIllegalParam: OSStatus = -9830;
106pub const errSSLPeerUnknownCA: OSStatus = -9831;
107pub const errSSLPeerAccessDenied: OSStatus = -9832;
108pub const errSSLPeerDecodeError: OSStatus = -9833;
109pub const errSSLPeerDecryptError: OSStatus = -9834;
110pub const errSSLPeerExportRestriction: OSStatus = -9835;
111pub const errSSLPeerProtocolVersion: OSStatus = -9836;
112pub const errSSLPeerInsufficientSecurity: OSStatus = -9837;
113pub const errSSLPeerInternalError: OSStatus = -9838;
114pub const errSSLPeerUserCancelled: OSStatus = -9839;
115pub const errSSLPeerNoRenegotiation: OSStatus = -9840;
116pub const errSSLPeerAuthCompleted: OSStatus = -9841;
117pub const errSSLClientCertRequested: OSStatus = -9842;
118pub const errSSLHostNameMismatch: OSStatus = -9843;
119pub const errSSLConnectionRefused: OSStatus = -9844;
120pub const errSSLDecryptionFail: OSStatus = -9845;
121pub const errSSLBadRecordMac: OSStatus = -9846;
122pub const errSSLRecordOverflow: OSStatus = -9847;
123pub const errSSLBadConfiguration: OSStatus = -9848;
124pub const errSSLClientHelloReceived: OSStatus = -9851;
125
126pub type SSLAuthenticate = c_int;
127pub const kNeverAuthenticate: SSLAuthenticate = 0;
128pub const kAlwaysAuthenticate: SSLAuthenticate = 1;
129pub const kTryAuthenticate: SSLAuthenticate = 2;
130
131pub type SSLClientCertificateState = c_int;
132pub const kSSLClientCertNone: SSLClientCertificateState = 0;
133pub const kSSLClientCertRequested: SSLClientCertificateState = 1;
134pub const kSSLClientCertSent: SSLClientCertificateState = 2;
135pub const kSSLClientCertRejected: SSLClientCertificateState = 3;
136
137extern "C" {
138    pub fn SSLContextGetTypeID() -> ::core_foundation_sys::base::CFTypeID;
139    pub fn SSLCreateContext(
140        alloc: CFAllocatorRef,
141        protocolSide: SSLProtocolSide,
142        connectionType: SSLConnectionType,
143    ) -> SSLContextRef;
144    #[cfg(target_os = "macos")]
145    pub fn SSLNewContext(isServer: Boolean, contextPtr: *mut SSLContextRef) -> OSStatus;
146    #[cfg(target_os = "macos")]
147    pub fn SSLDisposeContext(context: SSLContextRef) -> OSStatus;
148    pub fn SSLSetConnection(context: SSLContextRef, connection: SSLConnectionRef) -> OSStatus;
149    pub fn SSLGetConnection(context: SSLContextRef, connection: *mut SSLConnectionRef) -> OSStatus;
150    pub fn SSLSetIOFuncs(
151        context: SSLContextRef,
152        read: SSLReadFunc,
153        write: SSLWriteFunc,
154    ) -> OSStatus;
155    pub fn SSLHandshake(context: SSLContextRef) -> OSStatus;
156    pub fn SSLClose(context: SSLContextRef) -> OSStatus;
157    pub fn SSLRead(
158        context: SSLContextRef,
159        data: *mut c_void,
160        dataLen: usize,
161        processed: *mut usize,
162    ) -> OSStatus;
163    pub fn SSLWrite(
164        context: SSLContextRef,
165        data: *const c_void,
166        dataLen: usize,
167        processed: *mut usize,
168    ) -> OSStatus;
169    pub fn SSLSetPeerDomainName(
170        context: SSLContextRef,
171        peerName: *const c_char,
172        peerNameLen: usize,
173    ) -> OSStatus;
174    pub fn SSLGetPeerDomainNameLength(context: SSLContextRef, peerNameLen: *mut usize) -> OSStatus;
175    pub fn SSLGetPeerDomainName(
176        context: SSLContextRef,
177        peerName: *mut c_char,
178        peerNameLen: *mut usize,
179    ) -> OSStatus;
180    pub fn SSLSetCertificate(context: SSLContextRef, certRefs: CFArrayRef) -> OSStatus;
181    #[cfg(target_os = "macos")]
182    pub fn SSLSetCertificateAuthorities(
183        context: SSLContextRef,
184        certificateOrArray: CFTypeRef,
185        replaceExisting: Boolean,
186    ) -> OSStatus;
187    #[cfg(target_os = "macos")]
188    pub fn SSLCopyCertificateAuthorities(
189        context: SSLContextRef,
190        certificates: *mut CFArrayRef,
191    ) -> OSStatus;
192    pub fn SSLSetSessionOption(
193        context: SSLContextRef,
194        option: SSLSessionOption,
195        value: Boolean,
196    ) -> OSStatus;
197    pub fn SSLGetSessionOption(
198        context: SSLContextRef,
199        option: SSLSessionOption,
200        value: *mut Boolean,
201    ) -> OSStatus;
202    pub fn SSLCopyPeerTrust(context: SSLContextRef, trust: *mut SecTrustRef) -> OSStatus;
203    pub fn SSLGetSessionState(context: SSLContextRef, state: *mut SSLSessionState) -> OSStatus;
204    pub fn SSLGetSupportedCiphers(
205        context: SSLContextRef,
206        ciphers: *mut SSLCipherSuite,
207        numCiphers: *mut usize,
208    ) -> OSStatus;
209    pub fn SSLGetNumberSupportedCiphers(context: SSLContextRef, numCiphers: *mut usize)
210        -> OSStatus;
211    pub fn SSLGetEnabledCiphers(
212        context: SSLContextRef,
213        ciphers: *mut SSLCipherSuite,
214        numCiphers: *mut usize,
215    ) -> OSStatus;
216    pub fn SSLGetNumberEnabledCiphers(context: SSLContextRef, numCiphers: *mut usize) -> OSStatus;
217    pub fn SSLSetEnabledCiphers(
218        context: SSLContextRef,
219        ciphers: *const SSLCipherSuite,
220        numCiphers: usize,
221    ) -> OSStatus;
222    pub fn SSLGetNegotiatedCipher(context: SSLContextRef, cipher: *mut SSLCipherSuite) -> OSStatus;
223    pub fn SSLSetClientSideAuthenticate(context: SSLContextRef, auth: SSLAuthenticate) -> OSStatus;
224    #[cfg(target_os = "macos")]
225    pub fn SSLSetDiffieHellmanParams(
226        context: SSLContextRef,
227        dhParams: *const c_void,
228        dhParamsLen: usize,
229    ) -> OSStatus;
230    #[cfg(target_os = "macos")]
231    pub fn SSLGetDiffieHellmanParams(
232        context: SSLContextRef,
233        dhParams: *mut *const c_void,
234        dhParamsLen: *mut usize,
235    ) -> OSStatus;
236    pub fn SSLSetPeerID(
237        context: SSLContextRef,
238        peerID: *const c_void,
239        peerIDLen: usize,
240    ) -> OSStatus;
241    pub fn SSLGetPeerID(
242        context: SSLContextRef,
243        peerID: *mut *const c_void,
244        peerIDLen: *mut usize,
245    ) -> OSStatus;
246    pub fn SSLGetBufferedReadSize(context: SSLContextRef, bufSize: *mut usize) -> OSStatus;
247    pub fn SSLGetClientCertificateState(
248        context: SSLContextRef,
249        clientState: *mut SSLClientCertificateState,
250    ) -> OSStatus;
251    pub fn SSLGetNegotiatedProtocolVersion(
252        context: SSLContextRef,
253        protocol: *mut SSLProtocol,
254    ) -> OSStatus;
255    pub fn SSLGetProtocolVersionMax(
256        context: SSLContextRef,
257        maxVersion: *mut SSLProtocol,
258    ) -> OSStatus;
259    pub fn SSLGetProtocolVersionMin(
260        context: SSLContextRef,
261        minVersion: *mut SSLProtocol,
262    ) -> OSStatus;
263    pub fn SSLSetProtocolVersionMax(context: SSLContextRef, maxVersion: SSLProtocol) -> OSStatus;
264    pub fn SSLSetProtocolVersionMin(context: SSLContextRef, minVersion: SSLProtocol) -> OSStatus;
265    #[cfg(target_os = "macos")]
266    pub fn SSLSetProtocolVersionEnabled(
267        context: SSLContextRef,
268        protocol: SSLProtocol,
269        enable: Boolean,
270    ) -> OSStatus;
271    #[cfg(feature = "OSX_10_13")]
272    pub fn SSLSetALPNProtocols(context: SSLContextRef, protocols: CFArrayRef) -> OSStatus;
273    #[cfg(feature = "OSX_10_13")]
274    pub fn SSLCopyALPNProtocols(context: SSLContextRef, protocols: *mut CFArrayRef) -> OSStatus;
275    #[cfg(feature = "OSX_10_13")]
276    pub fn SSLSetSessionTicketsEnabled(context: SSLContextRef, enabled: Boolean) -> OSStatus;
277}