apple_security_sys/
secure_transport.rs

1use core_foundation_sys::array::CFArrayRef;
2use core_foundation_sys::base::CFAllocatorRef;
3#[cfg(target_os = "macos")]
4use core_foundation_sys::base::CFTypeRef;
5use core_foundation_sys::base::{Boolean, OSStatus};
6use std::os::raw::{c_char, c_int, c_void};
7
8use crate::cipher_suite::SSLCipherSuite;
9use crate::trust::SecTrustRef;
10
11pub enum SSLContext {}
12pub type SSLContextRef = *mut SSLContext;
13
14pub type SSLConnectionRef = *const c_void;
15
16pub type SSLProtocol = c_int;
17pub const kSSLProtocolUnknown: SSLProtocol = 0;
18pub const kSSLProtocol3: SSLProtocol = 2;
19pub const kTLSProtocol1: SSLProtocol = 4;
20pub const kTLSProtocol11: SSLProtocol = 7;
21pub const kTLSProtocol12: SSLProtocol = 8;
22pub const kDTLSProtocol1: SSLProtocol = 9;
23pub const kTLSProtocol13: SSLProtocol = 10;
24pub const kSSLProtocol2: SSLProtocol = 1;
25pub const kSSLProtocol3Only: SSLProtocol = 3;
26pub const kTLSProtocol1Only: SSLProtocol = 5;
27pub const kSSLProtocolAll: SSLProtocol = 6;
28
29pub type SSLSessionOption = c_int;
30pub const kSSLSessionOptionBreakOnServerAuth: SSLSessionOption = 0;
31pub const kSSLSessionOptionBreakOnCertRequested: SSLSessionOption = 1;
32pub const kSSLSessionOptionBreakOnClientAuth: SSLSessionOption = 2;
33#[cfg(any(feature = "OSX_10_9", target_os = "ios"))]
34pub const kSSLSessionOptionFalseStart: SSLSessionOption = 3;
35#[cfg(any(feature = "OSX_10_9", target_os = "ios"))]
36pub const kSSLSessionOptionSendOneByteRecord: SSLSessionOption = 4;
37#[cfg(all(feature = "OSX_10_11", not(target_os = "ios")))]
38pub const kSSLSessionOptionAllowServerIdentityChange: SSLSessionOption = 5;
39#[cfg(all(feature = "OSX_10_10", not(target_os = "ios")))]
40pub const kSSLSessionOptionFallback: SSLSessionOption = 6;
41#[cfg(all(feature = "OSX_10_11", not(target_os = "ios")))]
42pub const kSSLSessionOptionBreakOnClientHello: SSLSessionOption = 7;
43
44pub type SSLSessionState = c_int;
45pub const kSSLIdle: SSLSessionState = 0;
46pub const kSSLHandshake: SSLSessionState = 1;
47pub const kSSLConnected: SSLSessionState = 2;
48pub const kSSLClosed: SSLSessionState = 3;
49pub const kSSLAborted: SSLSessionState = 4;
50
51pub type SSLReadFunc = unsafe extern "C" fn(
52    connection: SSLConnectionRef,
53    data: *mut c_void,
54    dataLength: *mut usize,
55) -> OSStatus;
56
57pub type SSLWriteFunc = unsafe extern "C" fn(
58    connection: SSLConnectionRef,
59    data: *const c_void,
60    dataLength: *mut usize,
61) -> OSStatus;
62
63pub type SSLProtocolSide = c_int;
64pub const kSSLServerSide: SSLProtocolSide = 0;
65pub const kSSLClientSide: SSLProtocolSide = 1;
66
67pub type SSLConnectionType = c_int;
68pub const kSSLStreamType: SSLConnectionType = 0;
69pub const kSSLDatagramType: SSLConnectionType = 1;
70
71pub const errSSLProtocol: OSStatus = -9800;
72pub const errSSLNegotiation: OSStatus = -9801;
73pub const errSSLFatalAlert: OSStatus = -9802;
74pub const errSSLWouldBlock: OSStatus = -9803;
75pub const errSSLSessionNotFound: OSStatus = -9804;
76pub const errSSLClosedGraceful: OSStatus = -9805;
77pub const errSSLClosedAbort: OSStatus = -9806;
78pub const errSSLXCertChainInvalid: OSStatus = -9807;
79pub const errSSLBadCert: OSStatus = -9808;
80pub const errSSLCrypto: OSStatus = -9809;
81pub const errSSLInternal: OSStatus = -9810;
82pub const errSSLModuleAttach: OSStatus = -9811;
83pub const errSSLUnknownRootCert: OSStatus = -9812;
84pub const errSSLNoRootCert: OSStatus = -9813;
85pub const errSSLCertExpired: OSStatus = -9814;
86pub const errSSLCertNotYetValid: OSStatus = -9815;
87pub const errSSLClosedNoNotify: OSStatus = -9816;
88pub const errSSLBufferOverflow: OSStatus = -9817;
89pub const errSSLBadCipherSuite: OSStatus = -9818;
90pub const errSSLPeerUnexpectedMsg: OSStatus = -9819;
91pub const errSSLPeerBadRecordMac: OSStatus = -9820;
92pub const errSSLPeerDecryptionFail: OSStatus = -9821;
93pub const errSSLPeerRecordOverflow: OSStatus = -9822;
94pub const errSSLPeerDecompressFail: OSStatus = -9823;
95pub const errSSLPeerHandshakeFail: OSStatus = -9824;
96pub const errSSLPeerBadCert: OSStatus = -9825;
97pub const errSSLPeerUnsupportedCert: OSStatus = -9826;
98pub const errSSLPeerCertRevoked: OSStatus = -9827;
99pub const errSSLPeerCertExpired: OSStatus = -9828;
100pub const errSSLPeerCertUnknown: OSStatus = -9829;
101pub const errSSLIllegalParam: OSStatus = -9830;
102pub const errSSLPeerUnknownCA: OSStatus = -9831;
103pub const errSSLPeerAccessDenied: OSStatus = -9832;
104pub const errSSLPeerDecodeError: OSStatus = -9833;
105pub const errSSLPeerDecryptError: OSStatus = -9834;
106pub const errSSLPeerExportRestriction: OSStatus = -9835;
107pub const errSSLPeerProtocolVersion: OSStatus = -9836;
108pub const errSSLPeerInsufficientSecurity: OSStatus = -9837;
109pub const errSSLPeerInternalError: OSStatus = -9838;
110pub const errSSLPeerUserCancelled: OSStatus = -9839;
111pub const errSSLPeerNoRenegotiation: OSStatus = -9840;
112pub const errSSLPeerAuthCompleted: OSStatus = -9841;
113pub const errSSLClientCertRequested: OSStatus = -9842;
114pub const errSSLHostNameMismatch: OSStatus = -9843;
115pub const errSSLConnectionRefused: OSStatus = -9844;
116pub const errSSLDecryptionFail: OSStatus = -9845;
117pub const errSSLBadRecordMac: OSStatus = -9846;
118pub const errSSLRecordOverflow: OSStatus = -9847;
119pub const errSSLBadConfiguration: OSStatus = -9848;
120pub const errSSLClientHelloReceived: OSStatus = -9851;
121
122pub type SSLAuthenticate = c_int;
123pub const kNeverAuthenticate: SSLAuthenticate = 0;
124pub const kAlwaysAuthenticate: SSLAuthenticate = 1;
125pub const kTryAuthenticate: SSLAuthenticate = 2;
126
127pub type SSLClientCertificateState = c_int;
128pub const kSSLClientCertNone: SSLClientCertificateState = 0;
129pub const kSSLClientCertRequested: SSLClientCertificateState = 1;
130pub const kSSLClientCertSent: SSLClientCertificateState = 2;
131pub const kSSLClientCertRejected: SSLClientCertificateState = 3;
132
133extern "C" {
134    pub fn SSLContextGetTypeID() -> ::core_foundation_sys::base::CFTypeID;
135    pub fn SSLCreateContext(
136        alloc: CFAllocatorRef,
137        protocolSide: SSLProtocolSide,
138        connectionType: SSLConnectionType,
139    ) -> SSLContextRef;
140    #[cfg(target_os = "macos")]
141    pub fn SSLNewContext(isServer: Boolean, contextPtr: *mut SSLContextRef) -> OSStatus;
142    #[cfg(target_os = "macos")]
143    pub fn SSLDisposeContext(context: SSLContextRef) -> OSStatus;
144    pub fn SSLSetConnection(context: SSLContextRef, connection: SSLConnectionRef) -> OSStatus;
145    pub fn SSLGetConnection(context: SSLContextRef, connection: *mut SSLConnectionRef) -> OSStatus;
146    pub fn SSLSetIOFuncs(
147        context: SSLContextRef,
148        read: SSLReadFunc,
149        write: SSLWriteFunc,
150    ) -> OSStatus;
151    pub fn SSLHandshake(context: SSLContextRef) -> OSStatus;
152    pub fn SSLClose(context: SSLContextRef) -> OSStatus;
153    pub fn SSLRead(
154        context: SSLContextRef,
155        data: *mut c_void,
156        dataLen: usize,
157        processed: *mut usize,
158    ) -> OSStatus;
159    pub fn SSLWrite(
160        context: SSLContextRef,
161        data: *const c_void,
162        dataLen: usize,
163        processed: *mut usize,
164    ) -> OSStatus;
165    pub fn SSLSetPeerDomainName(
166        context: SSLContextRef,
167        peerName: *const c_char,
168        peerNameLen: usize,
169    ) -> OSStatus;
170    pub fn SSLGetPeerDomainNameLength(context: SSLContextRef, peerNameLen: *mut usize) -> OSStatus;
171    pub fn SSLGetPeerDomainName(
172        context: SSLContextRef,
173        peerName: *mut c_char,
174        peerNameLen: *mut usize,
175    ) -> OSStatus;
176    pub fn SSLSetCertificate(context: SSLContextRef, certRefs: CFArrayRef) -> OSStatus;
177    #[cfg(target_os = "macos")]
178    pub fn SSLSetCertificateAuthorities(
179        context: SSLContextRef,
180        certificateOrArray: CFTypeRef,
181        replaceExisting: Boolean,
182    ) -> OSStatus;
183    #[cfg(target_os = "macos")]
184    pub fn SSLCopyCertificateAuthorities(
185        context: SSLContextRef,
186        certificates: *mut CFArrayRef,
187    ) -> OSStatus;
188    pub fn SSLSetSessionOption(
189        context: SSLContextRef,
190        option: SSLSessionOption,
191        value: Boolean,
192    ) -> OSStatus;
193    pub fn SSLGetSessionOption(
194        context: SSLContextRef,
195        option: SSLSessionOption,
196        value: *mut Boolean,
197    ) -> OSStatus;
198    pub fn SSLCopyPeerTrust(context: SSLContextRef, trust: *mut SecTrustRef) -> OSStatus;
199    pub fn SSLGetSessionState(context: SSLContextRef, state: *mut SSLSessionState) -> OSStatus;
200    pub fn SSLGetSupportedCiphers(
201        context: SSLContextRef,
202        ciphers: *mut SSLCipherSuite,
203        numCiphers: *mut usize,
204    ) -> OSStatus;
205    pub fn SSLGetNumberSupportedCiphers(
206        context: SSLContextRef,
207        numCiphers: *mut usize,
208    ) -> OSStatus;
209    pub fn SSLGetEnabledCiphers(
210        context: SSLContextRef,
211        ciphers: *mut SSLCipherSuite,
212        numCiphers: *mut usize,
213    ) -> OSStatus;
214    pub fn SSLGetNumberEnabledCiphers(context: SSLContextRef, numCiphers: *mut usize) -> OSStatus;
215    pub fn SSLSetEnabledCiphers(
216        context: SSLContextRef,
217        ciphers: *const SSLCipherSuite,
218        numCiphers: usize,
219    ) -> OSStatus;
220    pub fn SSLGetNegotiatedCipher(context: SSLContextRef, cipher: *mut SSLCipherSuite) -> OSStatus;
221    pub fn SSLSetClientSideAuthenticate(context: SSLContextRef, auth: SSLAuthenticate) -> OSStatus;
222    #[cfg(target_os = "macos")]
223    pub fn SSLSetDiffieHellmanParams(
224        context: SSLContextRef,
225        dhParams: *const c_void,
226        dhParamsLen: usize,
227    ) -> OSStatus;
228    #[cfg(target_os = "macos")]
229    pub fn SSLGetDiffieHellmanParams(
230        context: SSLContextRef,
231        dhParams: *mut *const c_void,
232        dhParamsLen: *mut usize,
233    ) -> OSStatus;
234    pub fn SSLSetPeerID(
235        context: SSLContextRef,
236        peerID: *const c_void,
237        peerIDLen: usize,
238    ) -> OSStatus;
239    pub fn SSLGetPeerID(
240        context: SSLContextRef,
241        peerID: *mut *const c_void,
242        peerIDLen: *mut usize,
243    ) -> OSStatus;
244    pub fn SSLGetBufferedReadSize(context: SSLContextRef, bufSize: *mut usize) -> OSStatus;
245    pub fn SSLGetClientCertificateState(
246        context: SSLContextRef,
247        clientState: *mut SSLClientCertificateState,
248    ) -> OSStatus;
249    pub fn SSLGetNegotiatedProtocolVersion(
250        context: SSLContextRef,
251        protocol: *mut SSLProtocol,
252    ) -> OSStatus;
253    pub fn SSLGetProtocolVersionMax(
254        context: SSLContextRef,
255        maxVersion: *mut SSLProtocol,
256    ) -> OSStatus;
257    pub fn SSLGetProtocolVersionMin(
258        context: SSLContextRef,
259        minVersion: *mut SSLProtocol,
260    ) -> OSStatus;
261    pub fn SSLSetProtocolVersionMax(context: SSLContextRef, maxVersion: SSLProtocol) -> OSStatus;
262    pub fn SSLSetProtocolVersionMin(context: SSLContextRef, minVersion: SSLProtocol) -> OSStatus;
263    #[cfg(target_os = "macos")]
264    pub fn SSLSetProtocolVersionEnabled(
265        context: SSLContextRef,
266        protocol: SSLProtocol,
267        enable: Boolean,
268    ) -> OSStatus;
269    #[cfg(feature = "OSX_10_13")]
270    pub fn SSLSetALPNProtocols(context: SSLContextRef, protocols: CFArrayRef) -> OSStatus;
271    #[cfg(feature = "OSX_10_13")]
272    pub fn SSLCopyALPNProtocols(context: SSLContextRef, protocols: *mut CFArrayRef) -> OSStatus;
273    #[cfg(feature = "OSX_10_13")]
274    pub fn SSLSetSessionTicketsEnabled(context: SSLContextRef, enabled: Boolean) -> OSStatus;
275}