security_framework_sys/
secure_transport.rs

1use core_foundation_sys::array::CFArrayRef;
2use core_foundation_sys::base::CFAllocatorRef;
3#[cfg(target_os = "macos")]
4use core_foundation_sys::base::CFTypeRef;
5use core_foundation_sys::base::{Boolean, OSStatus};
6use std::os::raw::{c_char, c_int, c_void};
7
8use crate::cipher_suite::SSLCipherSuite;
9use crate::trust::SecTrustRef;
10
11pub enum SSLContext {}
12pub type SSLContextRef = *mut SSLContext;
13
14pub type SSLConnectionRef = *const c_void;
15
16pub type SSLProtocol = c_int;
17pub const kSSLProtocolUnknown: SSLProtocol = 0;
18pub const kSSLProtocol3: SSLProtocol = 2;
19pub const kTLSProtocol1: SSLProtocol = 4;
20pub const kTLSProtocol11: SSLProtocol = 7;
21pub const kTLSProtocol12: SSLProtocol = 8;
22pub const kDTLSProtocol1: SSLProtocol = 9;
23pub const kTLSProtocol13: SSLProtocol = 10;
24pub const kSSLProtocol2: SSLProtocol = 1;
25pub const kSSLProtocol3Only: SSLProtocol = 3;
26pub const kTLSProtocol1Only: SSLProtocol = 5;
27pub const kSSLProtocolAll: SSLProtocol = 6;
28
29pub type SSLSessionOption = c_int;
30#[deprecated(note = "deprecated by Apple")]
31pub const kSSLSessionOptionBreakOnServerAuth: SSLSessionOption = 0;
32#[deprecated(note = "deprecated by Apple")]
33pub const kSSLSessionOptionBreakOnCertRequested: SSLSessionOption = 1;
34#[deprecated(note = "deprecated by Apple")]
35pub const kSSLSessionOptionBreakOnClientAuth: SSLSessionOption = 2;
36#[deprecated(note = "deprecated by Apple")]
37pub const kSSLSessionOptionFalseStart: SSLSessionOption = 3;
38pub const kSSLSessionOptionSendOneByteRecord: SSLSessionOption = 4;
39#[deprecated(note = "deprecated by Apple")]
40pub const kSSLSessionOptionAllowServerIdentityChange: SSLSessionOption = 5;
41#[cfg(target_os = "macos")]
42#[deprecated(note = "deprecated by Apple")]
43pub const kSSLSessionOptionFallback: SSLSessionOption = 6;
44#[deprecated(note = "deprecated by Apple")]
45pub const kSSLSessionOptionBreakOnClientHello: SSLSessionOption = 7;
46
47pub type SSLSessionState = c_int;
48pub const kSSLIdle: SSLSessionState = 0;
49pub const kSSLHandshake: SSLSessionState = 1;
50pub const kSSLConnected: SSLSessionState = 2;
51pub const kSSLClosed: SSLSessionState = 3;
52pub const kSSLAborted: SSLSessionState = 4;
53
54pub type SSLReadFunc = unsafe extern "C" fn(
55    connection: SSLConnectionRef,
56    data: *mut c_void,
57    dataLength: *mut usize,
58) -> OSStatus;
59
60pub type SSLWriteFunc = unsafe extern "C" fn(
61    connection: SSLConnectionRef,
62    data: *const c_void,
63    dataLength: *mut usize,
64) -> OSStatus;
65
66pub type SSLProtocolSide = c_int;
67pub const kSSLServerSide: SSLProtocolSide = 0;
68pub const kSSLClientSide: SSLProtocolSide = 1;
69
70pub type SSLConnectionType = c_int;
71pub const kSSLStreamType: SSLConnectionType = 0;
72pub const kSSLDatagramType: SSLConnectionType = 1;
73
74pub const errSSLProtocol: OSStatus = -9800;
75pub const errSSLNegotiation: OSStatus = -9801;
76pub const errSSLFatalAlert: OSStatus = -9802;
77pub const errSSLWouldBlock: OSStatus = -9803;
78pub const errSSLSessionNotFound: OSStatus = -9804;
79pub const errSSLClosedGraceful: OSStatus = -9805;
80pub const errSSLClosedAbort: OSStatus = -9806;
81pub const errSSLXCertChainInvalid: OSStatus = -9807;
82pub const errSSLBadCert: OSStatus = -9808;
83pub const errSSLCrypto: OSStatus = -9809;
84pub const errSSLInternal: OSStatus = -9810;
85pub const errSSLModuleAttach: OSStatus = -9811;
86pub const errSSLUnknownRootCert: OSStatus = -9812;
87pub const errSSLNoRootCert: OSStatus = -9813;
88pub const errSSLCertExpired: OSStatus = -9814;
89pub const errSSLCertNotYetValid: OSStatus = -9815;
90pub const errSSLClosedNoNotify: OSStatus = -9816;
91pub const errSSLBufferOverflow: OSStatus = -9817;
92pub const errSSLBadCipherSuite: OSStatus = -9818;
93pub const errSSLPeerUnexpectedMsg: OSStatus = -9819;
94pub const errSSLPeerBadRecordMac: OSStatus = -9820;
95pub const errSSLPeerDecryptionFail: OSStatus = -9821;
96pub const errSSLPeerRecordOverflow: OSStatus = -9822;
97pub const errSSLPeerDecompressFail: OSStatus = -9823;
98pub const errSSLPeerHandshakeFail: OSStatus = -9824;
99pub const errSSLPeerBadCert: OSStatus = -9825;
100pub const errSSLPeerUnsupportedCert: OSStatus = -9826;
101pub const errSSLPeerCertRevoked: OSStatus = -9827;
102pub const errSSLPeerCertExpired: OSStatus = -9828;
103pub const errSSLPeerCertUnknown: OSStatus = -9829;
104pub const errSSLIllegalParam: OSStatus = -9830;
105pub const errSSLPeerUnknownCA: OSStatus = -9831;
106pub const errSSLPeerAccessDenied: OSStatus = -9832;
107pub const errSSLPeerDecodeError: OSStatus = -9833;
108pub const errSSLPeerDecryptError: OSStatus = -9834;
109pub const errSSLPeerExportRestriction: OSStatus = -9835;
110pub const errSSLPeerProtocolVersion: OSStatus = -9836;
111pub const errSSLPeerInsufficientSecurity: OSStatus = -9837;
112pub const errSSLPeerInternalError: OSStatus = -9838;
113pub const errSSLPeerUserCancelled: OSStatus = -9839;
114pub const errSSLPeerNoRenegotiation: OSStatus = -9840;
115pub const errSSLPeerAuthCompleted: OSStatus = -9841;
116pub const errSSLClientCertRequested: OSStatus = -9842;
117pub const errSSLHostNameMismatch: OSStatus = -9843;
118pub const errSSLConnectionRefused: OSStatus = -9844;
119pub const errSSLDecryptionFail: OSStatus = -9845;
120pub const errSSLBadRecordMac: OSStatus = -9846;
121pub const errSSLRecordOverflow: OSStatus = -9847;
122pub const errSSLBadConfiguration: OSStatus = -9848;
123pub const errSSLClientHelloReceived: OSStatus = -9851;
124
125pub type SSLAuthenticate = c_int;
126pub const kNeverAuthenticate: SSLAuthenticate = 0;
127pub const kAlwaysAuthenticate: SSLAuthenticate = 1;
128pub const kTryAuthenticate: SSLAuthenticate = 2;
129
130pub type SSLClientCertificateState = c_int;
131pub const kSSLClientCertNone: SSLClientCertificateState = 0;
132pub const kSSLClientCertRequested: SSLClientCertificateState = 1;
133pub const kSSLClientCertSent: SSLClientCertificateState = 2;
134pub const kSSLClientCertRejected: SSLClientCertificateState = 3;
135
136extern "C" {
137    pub fn SSLContextGetTypeID() -> ::core_foundation_sys::base::CFTypeID;
138    pub fn SSLCreateContext(
139        alloc: CFAllocatorRef,
140        protocolSide: SSLProtocolSide,
141        connectionType: SSLConnectionType,
142    ) -> SSLContextRef;
143    #[cfg(target_os = "macos")]
144    pub fn SSLNewContext(isServer: Boolean, contextPtr: *mut SSLContextRef) -> OSStatus;
145    #[cfg(target_os = "macos")]
146    pub fn SSLDisposeContext(context: SSLContextRef) -> OSStatus;
147    pub fn SSLSetConnection(context: SSLContextRef, connection: SSLConnectionRef) -> OSStatus;
148    pub fn SSLGetConnection(context: SSLContextRef, connection: *mut SSLConnectionRef) -> OSStatus;
149    pub fn SSLSetIOFuncs(
150        context: SSLContextRef,
151        read: SSLReadFunc,
152        write: SSLWriteFunc,
153    ) -> OSStatus;
154    pub fn SSLHandshake(context: SSLContextRef) -> OSStatus;
155    pub fn SSLClose(context: SSLContextRef) -> OSStatus;
156    pub fn SSLRead(
157        context: SSLContextRef,
158        data: *mut c_void,
159        dataLen: usize,
160        processed: *mut usize,
161    ) -> OSStatus;
162    pub fn SSLWrite(
163        context: SSLContextRef,
164        data: *const c_void,
165        dataLen: usize,
166        processed: *mut usize,
167    ) -> OSStatus;
168    pub fn SSLSetPeerDomainName(
169        context: SSLContextRef,
170        peerName: *const c_char,
171        peerNameLen: usize,
172    ) -> OSStatus;
173    pub fn SSLGetPeerDomainNameLength(context: SSLContextRef, peerNameLen: *mut usize) -> OSStatus;
174    pub fn SSLGetPeerDomainName(
175        context: SSLContextRef,
176        peerName: *mut c_char,
177        peerNameLen: *mut usize,
178    ) -> OSStatus;
179    pub fn SSLSetCertificate(context: SSLContextRef, certRefs: CFArrayRef) -> OSStatus;
180    #[cfg(target_os = "macos")]
181    pub fn SSLSetCertificateAuthorities(
182        context: SSLContextRef,
183        certificateOrArray: CFTypeRef,
184        replaceExisting: Boolean,
185    ) -> OSStatus;
186    #[cfg(target_os = "macos")]
187    pub fn SSLCopyCertificateAuthorities(
188        context: SSLContextRef,
189        certificates: *mut CFArrayRef,
190    ) -> OSStatus;
191    pub fn SSLSetSessionOption(
192        context: SSLContextRef,
193        option: SSLSessionOption,
194        value: Boolean,
195    ) -> OSStatus;
196    pub fn SSLGetSessionOption(
197        context: SSLContextRef,
198        option: SSLSessionOption,
199        value: *mut Boolean,
200    ) -> OSStatus;
201    pub fn SSLCopyPeerTrust(context: SSLContextRef, trust: *mut SecTrustRef) -> OSStatus;
202    pub fn SSLGetSessionState(context: SSLContextRef, state: *mut SSLSessionState) -> OSStatus;
203    pub fn SSLGetSupportedCiphers(
204        context: SSLContextRef,
205        ciphers: *mut SSLCipherSuite,
206        numCiphers: *mut usize,
207    ) -> OSStatus;
208    pub fn SSLGetNumberSupportedCiphers(
209        context: SSLContextRef,
210        numCiphers: *mut usize,
211    ) -> OSStatus;
212    pub fn SSLGetEnabledCiphers(
213        context: SSLContextRef,
214        ciphers: *mut SSLCipherSuite,
215        numCiphers: *mut usize,
216    ) -> OSStatus;
217    pub fn SSLGetNumberEnabledCiphers(context: SSLContextRef, numCiphers: *mut usize) -> OSStatus;
218    pub fn SSLSetEnabledCiphers(
219        context: SSLContextRef,
220        ciphers: *const SSLCipherSuite,
221        numCiphers: usize,
222    ) -> OSStatus;
223    pub fn SSLGetNegotiatedCipher(context: SSLContextRef, cipher: *mut SSLCipherSuite) -> OSStatus;
224    pub fn SSLSetClientSideAuthenticate(context: SSLContextRef, auth: SSLAuthenticate) -> OSStatus;
225    #[cfg(target_os = "macos")]
226    pub fn SSLSetDiffieHellmanParams(
227        context: SSLContextRef,
228        dhParams: *const c_void,
229        dhParamsLen: usize,
230    ) -> OSStatus;
231    #[cfg(target_os = "macos")]
232    pub fn SSLGetDiffieHellmanParams(
233        context: SSLContextRef,
234        dhParams: *mut *const c_void,
235        dhParamsLen: *mut usize,
236    ) -> OSStatus;
237    pub fn SSLSetPeerID(
238        context: SSLContextRef,
239        peerID: *const c_void,
240        peerIDLen: usize,
241    ) -> OSStatus;
242    pub fn SSLGetPeerID(
243        context: SSLContextRef,
244        peerID: *mut *const c_void,
245        peerIDLen: *mut usize,
246    ) -> OSStatus;
247    pub fn SSLGetBufferedReadSize(context: SSLContextRef, bufSize: *mut usize) -> OSStatus;
248    pub fn SSLGetClientCertificateState(
249        context: SSLContextRef,
250        clientState: *mut SSLClientCertificateState,
251    ) -> OSStatus;
252    pub fn SSLGetNegotiatedProtocolVersion(
253        context: SSLContextRef,
254        protocol: *mut SSLProtocol,
255    ) -> OSStatus;
256    pub fn SSLGetProtocolVersionMax(
257        context: SSLContextRef,
258        maxVersion: *mut SSLProtocol,
259    ) -> OSStatus;
260    pub fn SSLGetProtocolVersionMin(
261        context: SSLContextRef,
262        minVersion: *mut SSLProtocol,
263    ) -> OSStatus;
264    pub fn SSLSetProtocolVersionMax(context: SSLContextRef, maxVersion: SSLProtocol) -> OSStatus;
265    pub fn SSLSetProtocolVersionMin(context: SSLContextRef, minVersion: SSLProtocol) -> OSStatus;
266    #[cfg(target_os = "macos")]
267    pub fn SSLSetProtocolVersionEnabled(
268        context: SSLContextRef,
269        protocol: SSLProtocol,
270        enable: Boolean,
271    ) -> OSStatus;
272    #[cfg(feature = "OSX_10_13")]
273    pub fn SSLSetALPNProtocols(context: SSLContextRef, protocols: CFArrayRef) -> OSStatus;
274    #[cfg(feature = "OSX_10_13")]
275    pub fn SSLCopyALPNProtocols(context: SSLContextRef, protocols: *mut CFArrayRef) -> OSStatus;
276    #[cfg(feature = "OSX_10_13")]
277    pub fn SSLSetSessionTicketsEnabled(context: SSLContextRef, enabled: Boolean) -> OSStatus;
278}