Skip to main content

security_framework_sys/
secure_transport.rs

1use core_foundation_sys::array::CFArrayRef;
2#[cfg(target_os = "macos")]
3use core_foundation_sys::base::CFTypeRef;
4use core_foundation_sys::base::{Boolean, CFAllocatorRef, OSStatus};
5use std::os::raw::{c_char, c_int, c_void};
6
7use crate::cipher_suite::SSLCipherSuite;
8use crate::trust::SecTrustRef;
9
10pub enum SSLContext {}
11pub type SSLContextRef = *mut SSLContext;
12
13pub type SSLConnectionRef = *const c_void;
14
15pub type SSLProtocol = c_int;
16pub const kSSLProtocolUnknown: SSLProtocol = 0;
17pub const kSSLProtocol3: SSLProtocol = 2;
18pub const kTLSProtocol1: SSLProtocol = 4;
19pub const kTLSProtocol11: SSLProtocol = 7;
20pub const kTLSProtocol12: SSLProtocol = 8;
21pub const kDTLSProtocol1: SSLProtocol = 9;
22pub const kTLSProtocol13: SSLProtocol = 10;
23pub const kSSLProtocol2: SSLProtocol = 1;
24pub const kSSLProtocol3Only: SSLProtocol = 3;
25pub const kTLSProtocol1Only: SSLProtocol = 5;
26pub const kSSLProtocolAll: SSLProtocol = 6;
27
28pub type SSLSessionOption = c_int;
29#[deprecated(note = "deprecated by Apple")]
30pub const kSSLSessionOptionBreakOnServerAuth: SSLSessionOption = 0;
31#[deprecated(note = "deprecated by Apple")]
32pub const kSSLSessionOptionBreakOnCertRequested: SSLSessionOption = 1;
33#[deprecated(note = "deprecated by Apple")]
34pub const kSSLSessionOptionBreakOnClientAuth: SSLSessionOption = 2;
35#[deprecated(note = "deprecated by Apple")]
36pub const kSSLSessionOptionFalseStart: SSLSessionOption = 3;
37pub const kSSLSessionOptionSendOneByteRecord: SSLSessionOption = 4;
38#[deprecated(note = "deprecated by Apple")]
39pub const kSSLSessionOptionAllowServerIdentityChange: SSLSessionOption = 5;
40#[cfg(target_os = "macos")]
41#[deprecated(note = "deprecated by Apple")]
42pub const kSSLSessionOptionFallback: SSLSessionOption = 6;
43#[deprecated(note = "deprecated by Apple")]
44pub const kSSLSessionOptionBreakOnClientHello: SSLSessionOption = 7;
45
46pub type SSLSessionState = c_int;
47pub const kSSLIdle: SSLSessionState = 0;
48pub const kSSLHandshake: SSLSessionState = 1;
49pub const kSSLConnected: SSLSessionState = 2;
50pub const kSSLClosed: SSLSessionState = 3;
51pub const kSSLAborted: SSLSessionState = 4;
52
53pub type SSLReadFunc = unsafe extern "C" fn(
54    connection: SSLConnectionRef,
55    data: *mut c_void,
56    dataLength: *mut usize,
57) -> OSStatus;
58
59pub type SSLWriteFunc = unsafe extern "C" fn(
60    connection: SSLConnectionRef,
61    data: *const c_void,
62    dataLength: *mut usize,
63) -> OSStatus;
64
65pub type SSLProtocolSide = c_int;
66pub const kSSLServerSide: SSLProtocolSide = 0;
67pub const kSSLClientSide: SSLProtocolSide = 1;
68
69pub type SSLConnectionType = c_int;
70pub const kSSLStreamType: SSLConnectionType = 0;
71pub const kSSLDatagramType: SSLConnectionType = 1;
72
73pub const errSSLProtocol: OSStatus = -9800;
74pub const errSSLNegotiation: OSStatus = -9801;
75pub const errSSLFatalAlert: OSStatus = -9802;
76pub const errSSLWouldBlock: OSStatus = -9803;
77pub const errSSLSessionNotFound: OSStatus = -9804;
78pub const errSSLClosedGraceful: OSStatus = -9805;
79pub const errSSLClosedAbort: OSStatus = -9806;
80pub const errSSLXCertChainInvalid: OSStatus = -9807;
81pub const errSSLBadCert: OSStatus = -9808;
82pub const errSSLCrypto: OSStatus = -9809;
83pub const errSSLInternal: OSStatus = -9810;
84pub const errSSLModuleAttach: OSStatus = -9811;
85pub const errSSLUnknownRootCert: OSStatus = -9812;
86pub const errSSLNoRootCert: OSStatus = -9813;
87pub const errSSLCertExpired: OSStatus = -9814;
88pub const errSSLCertNotYetValid: OSStatus = -9815;
89pub const errSSLClosedNoNotify: OSStatus = -9816;
90pub const errSSLBufferOverflow: OSStatus = -9817;
91pub const errSSLBadCipherSuite: OSStatus = -9818;
92pub const errSSLPeerUnexpectedMsg: OSStatus = -9819;
93pub const errSSLPeerBadRecordMac: OSStatus = -9820;
94pub const errSSLPeerDecryptionFail: OSStatus = -9821;
95pub const errSSLPeerRecordOverflow: OSStatus = -9822;
96pub const errSSLPeerDecompressFail: OSStatus = -9823;
97pub const errSSLPeerHandshakeFail: OSStatus = -9824;
98pub const errSSLPeerBadCert: OSStatus = -9825;
99pub const errSSLPeerUnsupportedCert: OSStatus = -9826;
100pub const errSSLPeerCertRevoked: OSStatus = -9827;
101pub const errSSLPeerCertExpired: OSStatus = -9828;
102pub const errSSLPeerCertUnknown: OSStatus = -9829;
103pub const errSSLIllegalParam: OSStatus = -9830;
104pub const errSSLPeerUnknownCA: OSStatus = -9831;
105pub const errSSLPeerAccessDenied: OSStatus = -9832;
106pub const errSSLPeerDecodeError: OSStatus = -9833;
107pub const errSSLPeerDecryptError: OSStatus = -9834;
108pub const errSSLPeerExportRestriction: OSStatus = -9835;
109pub const errSSLPeerProtocolVersion: OSStatus = -9836;
110pub const errSSLPeerInsufficientSecurity: OSStatus = -9837;
111pub const errSSLPeerInternalError: OSStatus = -9838;
112pub const errSSLPeerUserCancelled: OSStatus = -9839;
113pub const errSSLPeerNoRenegotiation: OSStatus = -9840;
114pub const errSSLPeerAuthCompleted: OSStatus = -9841;
115pub const errSSLClientCertRequested: OSStatus = -9842;
116pub const errSSLHostNameMismatch: OSStatus = -9843;
117pub const errSSLConnectionRefused: OSStatus = -9844;
118pub const errSSLDecryptionFail: OSStatus = -9845;
119pub const errSSLBadRecordMac: OSStatus = -9846;
120pub const errSSLRecordOverflow: OSStatus = -9847;
121pub const errSSLBadConfiguration: OSStatus = -9848;
122pub const errSSLClientHelloReceived: OSStatus = -9851;
123
124pub type SSLAuthenticate = c_int;
125pub const kNeverAuthenticate: SSLAuthenticate = 0;
126pub const kAlwaysAuthenticate: SSLAuthenticate = 1;
127pub const kTryAuthenticate: SSLAuthenticate = 2;
128
129pub type SSLClientCertificateState = c_int;
130pub const kSSLClientCertNone: SSLClientCertificateState = 0;
131pub const kSSLClientCertRequested: SSLClientCertificateState = 1;
132pub const kSSLClientCertSent: SSLClientCertificateState = 2;
133pub const kSSLClientCertRejected: SSLClientCertificateState = 3;
134
135extern "C" {
136    pub fn SSLContextGetTypeID() -> ::core_foundation_sys::base::CFTypeID;
137    pub fn SSLCreateContext(
138        alloc: CFAllocatorRef,
139        protocolSide: SSLProtocolSide,
140        connectionType: SSLConnectionType,
141    ) -> SSLContextRef;
142    #[cfg(target_os = "macos")]
143    pub fn SSLNewContext(isServer: Boolean, contextPtr: *mut SSLContextRef) -> OSStatus;
144    #[cfg(target_os = "macos")]
145    pub fn SSLDisposeContext(context: SSLContextRef) -> OSStatus;
146    pub fn SSLSetConnection(context: SSLContextRef, connection: SSLConnectionRef) -> OSStatus;
147    pub fn SSLGetConnection(context: SSLContextRef, connection: *mut SSLConnectionRef) -> OSStatus;
148    pub fn SSLSetIOFuncs(
149        context: SSLContextRef,
150        read: SSLReadFunc,
151        write: SSLWriteFunc,
152    ) -> OSStatus;
153    pub fn SSLHandshake(context: SSLContextRef) -> OSStatus;
154    pub fn SSLClose(context: SSLContextRef) -> OSStatus;
155    pub fn SSLRead(
156        context: SSLContextRef,
157        data: *mut c_void,
158        dataLen: usize,
159        processed: *mut usize,
160    ) -> OSStatus;
161    pub fn SSLWrite(
162        context: SSLContextRef,
163        data: *const c_void,
164        dataLen: usize,
165        processed: *mut usize,
166    ) -> OSStatus;
167    pub fn SSLSetPeerDomainName(
168        context: SSLContextRef,
169        peerName: *const c_char,
170        peerNameLen: usize,
171    ) -> OSStatus;
172    pub fn SSLGetPeerDomainNameLength(context: SSLContextRef, peerNameLen: *mut usize) -> OSStatus;
173    pub fn SSLGetPeerDomainName(
174        context: SSLContextRef,
175        peerName: *mut c_char,
176        peerNameLen: *mut usize,
177    ) -> OSStatus;
178    pub fn SSLSetCertificate(context: SSLContextRef, certRefs: CFArrayRef) -> OSStatus;
179    #[cfg(target_os = "macos")]
180    pub fn SSLSetCertificateAuthorities(
181        context: SSLContextRef,
182        certificateOrArray: CFTypeRef,
183        replaceExisting: Boolean,
184    ) -> OSStatus;
185    #[cfg(target_os = "macos")]
186    pub fn SSLCopyCertificateAuthorities(
187        context: SSLContextRef,
188        certificates: *mut CFArrayRef,
189    ) -> OSStatus;
190    pub fn SSLSetSessionOption(
191        context: SSLContextRef,
192        option: SSLSessionOption,
193        value: Boolean,
194    ) -> OSStatus;
195    pub fn SSLGetSessionOption(
196        context: SSLContextRef,
197        option: SSLSessionOption,
198        value: *mut Boolean,
199    ) -> OSStatus;
200    pub fn SSLCopyPeerTrust(context: SSLContextRef, trust: *mut SecTrustRef) -> OSStatus;
201    pub fn SSLGetSessionState(context: SSLContextRef, state: *mut SSLSessionState) -> OSStatus;
202    pub fn SSLGetSupportedCiphers(
203        context: SSLContextRef,
204        ciphers: *mut SSLCipherSuite,
205        numCiphers: *mut usize,
206    ) -> OSStatus;
207    pub fn SSLGetNumberSupportedCiphers(
208        context: SSLContextRef,
209        numCiphers: *mut usize,
210    ) -> OSStatus;
211    pub fn SSLGetEnabledCiphers(
212        context: SSLContextRef,
213        ciphers: *mut SSLCipherSuite,
214        numCiphers: *mut usize,
215    ) -> OSStatus;
216    pub fn SSLGetNumberEnabledCiphers(context: SSLContextRef, numCiphers: *mut usize) -> OSStatus;
217    pub fn SSLSetEnabledCiphers(
218        context: SSLContextRef,
219        ciphers: *const SSLCipherSuite,
220        numCiphers: usize,
221    ) -> OSStatus;
222    pub fn SSLGetNegotiatedCipher(context: SSLContextRef, cipher: *mut SSLCipherSuite) -> OSStatus;
223    pub fn SSLSetClientSideAuthenticate(context: SSLContextRef, auth: SSLAuthenticate) -> OSStatus;
224    #[cfg(target_os = "macos")]
225    pub fn SSLSetDiffieHellmanParams(
226        context: SSLContextRef,
227        dhParams: *const c_void,
228        dhParamsLen: usize,
229    ) -> OSStatus;
230    #[cfg(target_os = "macos")]
231    pub fn SSLGetDiffieHellmanParams(
232        context: SSLContextRef,
233        dhParams: *mut *const c_void,
234        dhParamsLen: *mut usize,
235    ) -> OSStatus;
236    pub fn SSLSetPeerID(
237        context: SSLContextRef,
238        peerID: *const c_void,
239        peerIDLen: usize,
240    ) -> OSStatus;
241    pub fn SSLGetPeerID(
242        context: SSLContextRef,
243        peerID: *mut *const c_void,
244        peerIDLen: *mut usize,
245    ) -> OSStatus;
246    pub fn SSLGetBufferedReadSize(context: SSLContextRef, bufSize: *mut usize) -> OSStatus;
247    pub fn SSLGetClientCertificateState(
248        context: SSLContextRef,
249        clientState: *mut SSLClientCertificateState,
250    ) -> OSStatus;
251    pub fn SSLGetNegotiatedProtocolVersion(
252        context: SSLContextRef,
253        protocol: *mut SSLProtocol,
254    ) -> OSStatus;
255    pub fn SSLGetProtocolVersionMax(
256        context: SSLContextRef,
257        maxVersion: *mut SSLProtocol,
258    ) -> OSStatus;
259    pub fn SSLGetProtocolVersionMin(
260        context: SSLContextRef,
261        minVersion: *mut SSLProtocol,
262    ) -> OSStatus;
263    pub fn SSLSetProtocolVersionMax(context: SSLContextRef, maxVersion: SSLProtocol) -> OSStatus;
264    pub fn SSLSetProtocolVersionMin(context: SSLContextRef, minVersion: SSLProtocol) -> OSStatus;
265    #[cfg(target_os = "macos")]
266    pub fn SSLSetProtocolVersionEnabled(
267        context: SSLContextRef,
268        protocol: SSLProtocol,
269        enable: Boolean,
270    ) -> OSStatus;
271    #[cfg(feature = "OSX_10_13")]
272    pub fn SSLSetALPNProtocols(context: SSLContextRef, protocols: CFArrayRef) -> OSStatus;
273    #[cfg(feature = "OSX_10_13")]
274    pub fn SSLCopyALPNProtocols(context: SSLContextRef, protocols: *mut CFArrayRef) -> OSStatus;
275    #[cfg(feature = "OSX_10_13")]
276    pub fn SSLSetSessionTicketsEnabled(context: SSLContextRef, enabled: Boolean) -> OSStatus;
277}