diff options
Diffstat (limited to 'vendor/security-framework-sys/src')
24 files changed, 2131 insertions, 0 deletions
diff --git a/vendor/security-framework-sys/src/access.rs b/vendor/security-framework-sys/src/access.rs new file mode 100644 index 00000000..c759f78d --- /dev/null +++ b/vendor/security-framework-sys/src/access.rs @@ -0,0 +1,5 @@ +use core_foundation_sys::base::CFTypeID; + +extern "C" { + pub fn SecAccessGetTypeID() -> CFTypeID; +} diff --git a/vendor/security-framework-sys/src/access_control.rs b/vendor/security-framework-sys/src/access_control.rs new file mode 100644 index 00000000..e5e18d6f --- /dev/null +++ b/vendor/security-framework-sys/src/access_control.rs @@ -0,0 +1,46 @@ +use core_foundation_sys::base::CFOptionFlags; +use core_foundation_sys::base::{CFAllocatorRef, CFTypeID, CFTypeRef}; +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecAccessControlRef; + +mod access_control_flags { + use super::CFOptionFlags; + + pub const kSecAccessControlUserPresence: CFOptionFlags = 1 << 0; + #[cfg(feature = "OSX_10_13")] + pub const kSecAccessControlBiometryAny: CFOptionFlags = 1 << 1; + #[cfg(feature = "OSX_10_13")] + pub const kSecAccessControlBiometryCurrentSet: CFOptionFlags = 1 << 3; + pub const kSecAccessControlDevicePasscode: CFOptionFlags = 1 << 4; + #[cfg(feature = "OSX_10_15")] + pub const kSecAccessControlWatch: CFOptionFlags = 1 << 5; + pub const kSecAccessControlOr: CFOptionFlags = 1 << 14; + pub const kSecAccessControlAnd: CFOptionFlags = 1 << 15; + pub const kSecAccessControlPrivateKeyUsage: CFOptionFlags = 1 << 30; + pub const kSecAccessControlApplicationPassword: CFOptionFlags = 1 << 31; +} + +pub use access_control_flags::*; + +extern "C" { + pub static kSecAttrAccessibleWhenUnlocked: CFStringRef; + pub static kSecAttrAccessibleAfterFirstUnlock: CFStringRef; + pub static kSecAttrAccessibleAlways: CFStringRef; + pub static kSecAttrAccessibleWhenUnlockedThisDeviceOnly: CFStringRef; + pub static kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly: CFStringRef; + pub static kSecAttrAccessibleAlwaysThisDeviceOnly: CFStringRef; + pub static kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly: CFStringRef; +} + +extern "C" { + pub fn SecAccessControlGetTypeID() -> CFTypeID; + + pub fn SecAccessControlCreateWithFlags( + allocator: CFAllocatorRef, + protection: CFTypeRef, + flags: CFOptionFlags, + error: *mut CFErrorRef, + ) -> SecAccessControlRef; +} diff --git a/vendor/security-framework-sys/src/authorization.rs b/vendor/security-framework-sys/src/authorization.rs new file mode 100644 index 00000000..07f9a3e0 --- /dev/null +++ b/vendor/security-framework-sys/src/authorization.rs @@ -0,0 +1,145 @@ +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::OSStatus; +use core_foundation_sys::bundle::CFBundleRef; +use core_foundation_sys::dictionary::CFDictionaryRef; +use core_foundation_sys::string::CFStringRef; +use std::os::raw::{c_char, c_void}; + +pub const errAuthorizationSuccess: OSStatus = 0; +pub const errAuthorizationInvalidSet: OSStatus = -60001; +pub const errAuthorizationInvalidRef: OSStatus = -60002; +pub const errAuthorizationInvalidTag: OSStatus = -60003; +pub const errAuthorizationInvalidPointer: OSStatus = -60004; +pub const errAuthorizationDenied: OSStatus = -60005; +pub const errAuthorizationCanceled: OSStatus = -60006; +pub const errAuthorizationInteractionNotAllowed: OSStatus = -60007; +pub const errAuthorizationInternal: OSStatus = -60008; +pub const errAuthorizationExternalizeNotAllowed: OSStatus = -60009; +pub const errAuthorizationInternalizeNotAllowed: OSStatus = -60010; +pub const errAuthorizationInvalidFlags: OSStatus = -60011; +pub const errAuthorizationToolExecuteFailure: OSStatus = -60031; +pub const errAuthorizationToolEnvironmentError: OSStatus = -60032; +pub const errAuthorizationBadAddress: OSStatus = -60033; + +pub type AuthorizationFlags = u32; +pub const kAuthorizationFlagDefaults: AuthorizationFlags = 0; +pub const kAuthorizationFlagInteractionAllowed: AuthorizationFlags = 1; +pub const kAuthorizationFlagExtendRights: AuthorizationFlags = 2; +pub const kAuthorizationFlagPartialRights: AuthorizationFlags = 4; +pub const kAuthorizationFlagDestroyRights: AuthorizationFlags = 8; +pub const kAuthorizationFlagPreAuthorize: AuthorizationFlags = 16; + +pub type AuthorizationRef = *mut c_void; +pub type AuthorizationString = *const c_char; + +#[repr(C)] +#[derive(Copy, Clone, Debug)] +pub struct AuthorizationItem { + pub name: AuthorizationString, + pub valueLength: usize, + pub value: *mut c_void, + pub flags: u32, +} + +#[repr(C)] +#[derive(Copy, Clone, Debug)] +pub struct AuthorizationItemSet { + pub count: u32, + pub items: *mut AuthorizationItem, +} + +pub const kAuthorizationExternalFormLength: usize = 32; + +#[repr(C)] +#[derive(Copy, Clone, Debug)] +pub struct AuthorizationExternalForm { + pub bytes: [c_char; kAuthorizationExternalFormLength], +} + +pub type AuthorizationRights = AuthorizationItemSet; +pub type AuthorizationEnvironment = AuthorizationItemSet; + +pub type AuthorizationAsyncCallback = + unsafe extern "C" fn(err: OSStatus, blockAuthorizedRights: *mut AuthorizationRights); + +extern "C" { + pub fn AuthorizationCreate( + rights: *const AuthorizationRights, + environment: *const AuthorizationEnvironment, + flags: AuthorizationFlags, + authorization: *mut AuthorizationRef, + ) -> OSStatus; + + pub fn AuthorizationFree( + authorization: AuthorizationRef, + flags: AuthorizationFlags, + ) -> OSStatus; + + pub fn AuthorizationCopyRights( + authorization: AuthorizationRef, + rights: *const AuthorizationRights, + environment: *const AuthorizationEnvironment, + flags: AuthorizationFlags, + authorizedRights: *mut *mut AuthorizationRights, + ) -> OSStatus; + + pub fn AuthorizationCopyRightsAsync( + authorization: AuthorizationRef, + rights: *const AuthorizationRights, + environment: *const AuthorizationEnvironment, + flags: AuthorizationFlags, + callbackBlock: AuthorizationAsyncCallback, + ); + + pub fn AuthorizationCopyInfo( + authorization: AuthorizationRef, + tag: AuthorizationString, + info: *mut *mut AuthorizationItemSet, + ) -> OSStatus; + + pub fn AuthorizationMakeExternalForm( + authorization: AuthorizationRef, + extForm: *mut AuthorizationExternalForm, + ) -> OSStatus; + + pub fn AuthorizationCreateFromExternalForm( + extForm: *const AuthorizationExternalForm, + authorization: *mut AuthorizationRef, + ) -> OSStatus; + + pub fn AuthorizationFreeItemSet(set: *mut AuthorizationItemSet) -> OSStatus; + + pub fn AuthorizationRightGet( + rightName: *const c_char, + rightDefinition: *mut CFDictionaryRef, + ) -> OSStatus; + + pub fn AuthorizationRightSet( + authorization: AuthorizationRef, + rightName: *const c_char, + rightDefinition: CFTypeRef, + descriptionKey: CFStringRef, + bundle: CFBundleRef, + localeTableName: CFStringRef, + ) -> OSStatus; + + pub fn AuthorizationRightRemove( + authorization: AuthorizationRef, + rightName: *const c_char, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn AuthorizationExecuteWithPrivileges( + authorization: AuthorizationRef, + pathToTool: *const c_char, + options: AuthorizationFlags, + arguments: *const *mut c_char, + communicationsPipe: *mut *mut libc::FILE, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn AuthorizationCopyPrivilegedReference( + authorization: *mut AuthorizationRef, + flags: AuthorizationFlags, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/base.rs b/vendor/security-framework-sys/src/base.rs new file mode 100644 index 00000000..fafc57cc --- /dev/null +++ b/vendor/security-framework-sys/src/base.rs @@ -0,0 +1,68 @@ +use core_foundation_sys::base::OSStatus; +use core_foundation_sys::string::CFStringRef; +use std::os::raw::c_void; + +pub enum OpaqueSecKeychainRef {} +pub type SecKeychainRef = *mut OpaqueSecKeychainRef; + +pub enum OpaqueSecKeychainItemRef {} +pub type SecKeychainItemRef = *mut OpaqueSecKeychainItemRef; + +// OSType from MacTypes.h +pub type SecKeychainAttrType = u32; + +#[repr(C)] +#[derive(Copy, Clone)] +pub struct SecKeychainAttribute { + pub tag: SecKeychainAttrType, + pub length: u32, + pub data: *mut c_void, +} + +#[repr(C)] +#[derive(Copy, Clone)] +pub struct SecKeychainAttributeList { + pub count: u32, + pub attr: *mut SecKeychainAttribute, +} + +pub enum OpaqueSecCertificateRef {} +pub type SecCertificateRef = *mut OpaqueSecCertificateRef; + +pub enum OpaqueSecAccessRef {} +pub type SecAccessRef = *mut OpaqueSecAccessRef; + +pub enum OpaqueSecAccessControlRef {} +pub type SecAccessControlRef = *mut OpaqueSecAccessControlRef; + +pub enum OpaqueSecKeyRef {} +pub type SecKeyRef = *mut OpaqueSecKeyRef; + +pub enum OpaqueSecIdentityRef {} +pub type SecIdentityRef = *mut OpaqueSecIdentityRef; + +pub enum OpaqueSecPolicyRef {} +pub type SecPolicyRef = *mut OpaqueSecPolicyRef; + +pub const errSecSuccess: OSStatus = 0; +pub const errSecUnimplemented: OSStatus = -4; +pub const errSecIO: OSStatus = -36; +pub const errSecParam: OSStatus = -50; +pub const errSecBadReq: OSStatus = -909; +pub const errSecNoTrustSettings: OSStatus = -25263; +pub const errSecAuthFailed: OSStatus = -25293; +pub const errSecDuplicateItem: OSStatus = -25299; +pub const errSecItemNotFound: OSStatus = -25300; +pub const errSecCreateChainFailed: OSStatus = -25318; +pub const errSecConversionError: OSStatus = -67594; +pub const errSecHostNameMismatch: OSStatus = -67602; +pub const errSecInvalidExtendedKeyUsage: OSStatus = -67609; +pub const errSecTrustSettingDeny: OSStatus = -67654; +pub const errSecCertificateRevoked: OSStatus = -67820; +pub const errSecNotTrusted: OSStatus = -67843; +pub const errSecInternalComponent: OSStatus = -2070; + +extern "C" { + // this is available on iOS 11.3+, MacOS 10.3+ + pub fn SecCopyErrorMessageString(status: OSStatus, reserved: *mut c_void) -> CFStringRef; +} diff --git a/vendor/security-framework-sys/src/certificate.rs b/vendor/security-framework-sys/src/certificate.rs new file mode 100644 index 00000000..4d38ca2a --- /dev/null +++ b/vendor/security-framework-sys/src/certificate.rs @@ -0,0 +1,101 @@ +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::{CFAllocatorRef, CFTypeID, OSStatus}; +use core_foundation_sys::data::CFDataRef; +#[cfg(target_os = "macos")] +use core_foundation_sys::dictionary::CFDictionaryRef; +#[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecCertificateRef; +use crate::base::SecKeyRef; +use crate::base::SecKeychainRef; + +extern "C" { + #[cfg(target_os = "macos")] + pub static kSecPropertyKeyType: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyKeyLabel: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyKeyLocalizedLabel: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyKeyValue: CFStringRef; + + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeWarning: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeSuccess: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeSection: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeData: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeString: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeURL: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeDate: CFStringRef; + + // certificate policies + pub static kSecPolicyAppleX509Basic: CFStringRef; + pub static kSecPolicyAppleSSL: CFStringRef; + pub static kSecPolicyAppleSMIME: CFStringRef; + pub static kSecPolicyAppleEAP: CFStringRef; + pub static kSecPolicyAppleIPsec: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPolicyApplePKINITClient: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPolicyApplePKINITServer: CFStringRef; + pub static kSecPolicyAppleCodeSigning: CFStringRef; + pub static kSecPolicyMacAppStoreReceipt: CFStringRef; + pub static kSecPolicyAppleIDValidation: CFStringRef; + pub static kSecPolicyAppleTimeStamping: CFStringRef; + pub static kSecPolicyAppleRevocation: CFStringRef; + pub static kSecPolicyApplePassbookSigning: CFStringRef; + pub static kSecPolicyApplePayIssuerEncryption: CFStringRef; + + pub fn SecCertificateGetTypeID() -> CFTypeID; + pub fn SecCertificateCreateWithData( + allocator: CFAllocatorRef, + data: CFDataRef, + ) -> SecCertificateRef; + pub fn SecCertificateAddToKeychain( + certificate: SecCertificateRef, + keychain: SecKeychainRef, + ) -> OSStatus; + pub fn SecCertificateCopyData(certificate: SecCertificateRef) -> CFDataRef; + pub fn SecCertificateCopySubjectSummary(certificate: SecCertificateRef) -> CFStringRef; + pub fn SecCertificateCopyCommonName( + certificate: SecCertificateRef, + common_name: *mut CFStringRef, + ) -> OSStatus; + pub fn SecCertificateCopyEmailAddresses( + certificate: SecCertificateRef, + email_addresses: *mut CFArrayRef, + ) -> OSStatus; + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecCertificateCopyNormalizedIssuerSequence(certificate: SecCertificateRef) -> CFDataRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecCertificateCopyNormalizedSubjectSequence(certificate: SecCertificateRef) + -> CFDataRef; + #[cfg(target_os = "macos")] + #[cfg_attr(target_arch = "aarch64", link_name = "SecCertificateCopyPublicKey$LEGACYMAC")] + #[deprecated(note = "Deprecated by Apple. May not work any more. Use SecCertificateCopyKey")] + pub fn SecCertificateCopyPublicKey( + certificate: SecCertificateRef, + key: *mut SecKeyRef, + ) -> OSStatus; + #[cfg(any(feature = "OSX_10_14", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecCertificateCopyKey(certificate: SecCertificateRef) -> SecKeyRef; + #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecCertificateCopySerialNumberData( + certificate: SecCertificateRef, + error: *mut CFErrorRef, + ) -> CFDataRef; + #[cfg(target_os = "macos")] + pub fn SecCertificateCopyValues( + certificate: SecCertificateRef, + keys: CFArrayRef, + error: *mut CFErrorRef, + ) -> CFDictionaryRef; +} diff --git a/vendor/security-framework-sys/src/certificate_oids.rs b/vendor/security-framework-sys/src/certificate_oids.rs new file mode 100644 index 00000000..7f6b854d --- /dev/null +++ b/vendor/security-framework-sys/src/certificate_oids.rs @@ -0,0 +1,5 @@ +use core_foundation_sys::string::CFStringRef; + +extern "C" { + pub static kSecOIDX509V1SignatureAlgorithm: CFStringRef; +} diff --git a/vendor/security-framework-sys/src/cipher_suite.rs b/vendor/security-framework-sys/src/cipher_suite.rs new file mode 100644 index 00000000..9782a0e5 --- /dev/null +++ b/vendor/security-framework-sys/src/cipher_suite.rs @@ -0,0 +1,219 @@ +#[cfg(not(target_os = "macos"))] +pub type SSLCipherSuite = u16; + +#[cfg(all(target_os = "macos", target_arch = "aarch64"))] +pub type SSLCipherSuite = u16; + +#[cfg(all(target_os = "macos", not(target_arch = "aarch64")))] +pub type SSLCipherSuite = u32; + +pub const SSL_NULL_WITH_NULL_NULL: SSLCipherSuite = 0x0000; +pub const SSL_RSA_WITH_NULL_MD5: SSLCipherSuite = 0x0001; +pub const SSL_RSA_WITH_NULL_SHA: SSLCipherSuite = 0x0002; +pub const SSL_RSA_EXPORT_WITH_RC4_40_MD5: SSLCipherSuite = 0x0003; +pub const SSL_RSA_WITH_RC4_128_MD5: SSLCipherSuite = 0x0004; +pub const SSL_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0x0005; +pub const SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: SSLCipherSuite = 0x0006; +pub const SSL_RSA_WITH_IDEA_CBC_SHA: SSLCipherSuite = 0x0007; +pub const SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0008; +pub const SSL_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0009; +pub const SSL_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000A; +pub const SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x000B; +pub const SSL_DH_DSS_WITH_DES_CBC_SHA: SSLCipherSuite = 0x000C; +pub const SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000D; +pub const SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x000E; +pub const SSL_DH_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x000F; +pub const SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0010; +pub const SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0011; +pub const SSL_DHE_DSS_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0012; +pub const SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0013; +pub const SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0014; +pub const SSL_DHE_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0015; +pub const SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0016; +pub const SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: SSLCipherSuite = 0x0017; +pub const SSL_DH_anon_WITH_RC4_128_MD5: SSLCipherSuite = 0x0018; +pub const SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0019; +pub const SSL_DH_anon_WITH_DES_CBC_SHA: SSLCipherSuite = 0x001A; +pub const SSL_DH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x001B; +pub const SSL_FORTEZZA_DMS_WITH_NULL_SHA: SSLCipherSuite = 0x001C; +pub const SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: SSLCipherSuite = 0x001D; + +// TLS addenda using AES, per RFC 3268 +pub const TLS_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x002F; +pub const TLS_DH_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0030; +pub const TLS_DH_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0031; +pub const TLS_DHE_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0032; +pub const TLS_DHE_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0033; +pub const TLS_DH_anon_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0034; +pub const TLS_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0035; +pub const TLS_DH_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0036; +pub const TLS_DH_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0037; +pub const TLS_DHE_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0038; +pub const TLS_DHE_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0039; +pub const TLS_DH_anon_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x003A; + +// ECDSA addenda, RFC 4492 +pub const TLS_ECDH_ECDSA_WITH_NULL_SHA: SSLCipherSuite = 0xC001; +pub const TLS_ECDH_ECDSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC002; +pub const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC003; +pub const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC004; +pub const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC005; +pub const TLS_ECDHE_ECDSA_WITH_NULL_SHA: SSLCipherSuite = 0xC006; +pub const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC007; +pub const TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC008; +pub const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC009; +pub const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC00A; +pub const TLS_ECDH_RSA_WITH_NULL_SHA: SSLCipherSuite = 0xC00B; +pub const TLS_ECDH_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC00C; +pub const TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC00D; +pub const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC00E; +pub const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC00F; +pub const TLS_ECDHE_RSA_WITH_NULL_SHA: SSLCipherSuite = 0xC010; +pub const TLS_ECDHE_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC011; +pub const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC012; +pub const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC013; +pub const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC014; +pub const TLS_ECDH_anon_WITH_NULL_SHA: SSLCipherSuite = 0xC015; +pub const TLS_ECDH_anon_WITH_RC4_128_SHA: SSLCipherSuite = 0xC016; +pub const TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC017; +pub const TLS_ECDH_anon_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC018; +pub const TLS_ECDH_anon_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC019; + +// TLS 1.2 addenda, RFC 5246 + +// Initial state. +pub const TLS_NULL_WITH_NULL_NULL: SSLCipherSuite = 0x0000; + +// Server provided RSA certificate for key exchange. +pub const TLS_RSA_WITH_NULL_MD5: SSLCipherSuite = 0x0001; +pub const TLS_RSA_WITH_NULL_SHA: SSLCipherSuite = 0x0002; +pub const TLS_RSA_WITH_RC4_128_MD5: SSLCipherSuite = 0x0004; +pub const TLS_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0x0005; +pub const TLS_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000A; +// pub const TLS_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x002F; +// pub const TLS_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0035; +pub const TLS_RSA_WITH_NULL_SHA256: SSLCipherSuite = 0x003B; +pub const TLS_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003C; +pub const TLS_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x003D; + +// Server-authenticated (and optionally client-authenticated) Diffie-Hellman. +pub const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000D; +pub const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0010; +pub const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0013; +pub const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0016; +// pub const TLS_DH_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0030; +// pub const TLS_DH_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0031; +// pub const TLS_DHE_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0032; +// pub const TLS_DHE_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0033; +// pub const TLS_DH_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0036; +// pub const TLS_DH_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0037; +// pub const TLS_DHE_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0038; +// pub const TLS_DHE_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0039; +pub const TLS_DH_DSS_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003E; +pub const TLS_DH_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003F; +pub const TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x0040; +pub const TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x0067; +pub const TLS_DH_DSS_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x0068; +pub const TLS_DH_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x0069; +pub const TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006A; +pub const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006B; + +// Completely anonymous Diffie-Hellman +pub const TLS_DH_anon_WITH_RC4_128_MD5: SSLCipherSuite = 0x0018; +pub const TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x001B; +// pub const TLS_DH_anon_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0034; +// pub const TLS_DH_anon_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x003A; +pub const TLS_DH_anon_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x006C; +pub const TLS_DH_anon_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006D; + +// Addendum from RFC 4279, TLS PSK + +pub const TLS_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x008A; +pub const TLS_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x008B; +pub const TLS_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x008C; +pub const TLS_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x008D; +pub const TLS_DHE_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x008E; +pub const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x008F; +pub const TLS_DHE_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0090; +pub const TLS_DHE_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0091; +pub const TLS_RSA_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x0092; +pub const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0093; +pub const TLS_RSA_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0094; +pub const TLS_RSA_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0095; + +// RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption + +pub const TLS_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002C; +pub const TLS_DHE_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002D; +pub const TLS_RSA_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002E; + +// Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites +// for TLS. +pub const TLS_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x009C; +pub const TLS_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x009D; +pub const TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x009E; +pub const TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x009F; +pub const TLS_DH_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A0; +pub const TLS_DH_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A1; +pub const TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A2; +pub const TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A3; +pub const TLS_DH_DSS_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A4; +pub const TLS_DH_DSS_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A5; +pub const TLS_DH_anon_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A6; +pub const TLS_DH_anon_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A7; + +// RFC 5487 - PSK with SHA-256/384 and AES GCM +pub const TLS_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A8; +pub const TLS_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A9; +pub const TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00AA; +pub const TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00AB; +pub const TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00AC; +pub const TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00AD; + +pub const TLS_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00AE; +pub const TLS_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00AF; +pub const TLS_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B0; +pub const TLS_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B1; + +pub const TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00B2; +pub const TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00B3; +pub const TLS_DHE_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B4; +pub const TLS_DHE_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B5; + +pub const TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00B6; +pub const TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00B7; +pub const TLS_RSA_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B8; +pub const TLS_RSA_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B9; + +// Addenda from rfc 5289 Elliptic Curve Cipher Suites with +// HMAC SHA-256/384. +pub const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC023; +pub const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC024; +pub const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC025; +pub const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC026; +pub const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC027; +pub const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC028; +pub const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC029; +pub const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC02A; + +// Addenda from rfc 5289 Elliptic Curve Cipher Suites with +// SHA-256/384 and AES Galois Counter Mode (GCM) +pub const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02B; +pub const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC02C; +pub const TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02D; +pub const TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC02E; +pub const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02F; +pub const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC030; +pub const TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC031; +pub const TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC032; + +// RFC 5746 - Secure Renegotiation +pub const TLS_EMPTY_RENEGOTIATION_INFO_SCSV: SSLCipherSuite = 0x00FF; +// Tags for SSL 2 cipher kinds which are not specified +// for SSL 3. +// +pub const SSL_RSA_WITH_RC2_CBC_MD5: SSLCipherSuite = 0xFF80; +pub const SSL_RSA_WITH_IDEA_CBC_MD5: SSLCipherSuite = 0xFF81; +pub const SSL_RSA_WITH_DES_CBC_MD5: SSLCipherSuite = 0xFF82; +pub const SSL_RSA_WITH_3DES_EDE_CBC_MD5: SSLCipherSuite = 0xFF83; +pub const SSL_NO_SUCH_CIPHERSUITE: SSLCipherSuite = 0xFFFF; diff --git a/vendor/security-framework-sys/src/cms.rs b/vendor/security-framework-sys/src/cms.rs new file mode 100644 index 00000000..6da3702e --- /dev/null +++ b/vendor/security-framework-sys/src/cms.rs @@ -0,0 +1,250 @@ +//! Cryptographic Message Syntax support + +use std::os::raw::c_void; + +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::{Boolean, CFTypeID, CFTypeRef, OSStatus}; +use core_foundation_sys::data::CFDataRef; +use core_foundation_sys::date::CFAbsoluteTime; +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecCertificateRef; +use crate::trust::SecTrustRef; + +pub enum OpaqueCMSEncoderRef {} +pub type CMSEncoderRef = *mut OpaqueCMSEncoderRef; + +pub enum OpaqueCMSDecoderRef {} +pub type CMSDecoderRef = *mut OpaqueCMSEncoderRef; + +#[repr(i32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +pub enum CMSSignerStatus { + kCMSSignerUnsigned = 0, + kCMSSignerValid = 1, + kCMSSignerNeedsDetachedContent = 2, + kCMSSignerInvalidSignature = 3, + kCMSSignerInvalidCert = 4, + kCMSSignerInvalidIndex = 5, +} + +pub type CMSSignedAttributes = u32; +pub const kCMSAttrNone: CMSSignedAttributes = 0x0000; +pub const kCMSAttrSmimeCapabilities: CMSSignedAttributes = 0x0001; +pub const kCMSAttrSmimeEncryptionKeyPrefs: CMSSignedAttributes = 0x0002; +pub const kCMSAttrSmimeMSEncryptionKeyPrefs: CMSSignedAttributes = 0x0004; +pub const kCMSAttrSigningTime: CMSSignedAttributes = 0x0008; +pub const kCMSAttrAppleCodesigningHashAgility: CMSSignedAttributes = 0x0010; +pub const kCMSAttrAppleCodesigningHashAgilityV2: CMSSignedAttributes = 0x0020; +pub const kCMSAttrAppleExpirationTime: CMSSignedAttributes = 0x0040; + +#[repr(i32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +pub enum CMSCertificateChainMode { + kCMSCertificateNone = 0, + kCMSCertificateSignerOnly = 1, + kCMSCertificateChain = 2, + kCMSCertificateChainWithRoot = 3, + kCMSCertificateChainWithRootOrFail = 4, +} + +extern "C" { + + // CMS decoder + + pub fn CMSDecoderGetTypeID() -> CFTypeID; + + pub fn CMSDecoderCreate(output: *mut CMSDecoderRef) -> OSStatus; + + pub fn CMSDecoderUpdateMessage( + decoder: CMSDecoderRef, + msg_bytes: *const c_void, + msg_bytes_len: usize, + ) -> OSStatus; + + pub fn CMSDecoderFinalizeMessage(decoder: CMSDecoderRef) -> OSStatus; + + pub fn CMSDecoderSetDetachedContent( + decoder: CMSDecoderRef, + detached_content: CFDataRef, + ) -> OSStatus; + + pub fn CMSDecoderCopyDetachedContent( + decoder: CMSDecoderRef, + detached_content_out: *mut CFDataRef, + ) -> OSStatus; + + pub fn CMSDecoderGetNumSigners( + decoder: CMSDecoderRef, + num_signers_out: *mut usize, + ) -> OSStatus; + + pub fn CMSDecoderCopySignerStatus( + decoder: CMSDecoderRef, + signer_index: usize, + policy_or_array: CFTypeRef, + evaluate_sec_trust: Boolean, + signer_status_out: *mut CMSSignerStatus, + sec_trust_out: *mut SecTrustRef, + cert_verify_result_code_out: *mut OSStatus, + ) -> OSStatus; + + pub fn CMSDecoderCopySignerEmailAddress( + decoder: CMSDecoderRef, + signer_index: usize, + signer_email_address_out: *mut CFStringRef, + ) -> OSStatus; + + pub fn CMSDecoderCopySignerCert( + decoder: CMSDecoderRef, + signer_index: usize, + signer_cert_out: *mut SecCertificateRef, + ) -> OSStatus; + + pub fn CMSDecoderIsContentEncrypted( + decoder: CMSDecoderRef, + is_encrypted_out: *mut Boolean, + ) -> OSStatus; + + pub fn CMSDecoderCopyEncapsulatedContentType( + decoder: CMSDecoderRef, + content_type_out: *mut CFDataRef, + ) -> OSStatus; + + pub fn CMSDecoderCopyAllCerts(decoder: CMSDecoderRef, certs_out: *mut CFArrayRef) -> OSStatus; + + pub fn CMSDecoderCopyContent(decoder: CMSDecoderRef, content_out: *mut CFDataRef) -> OSStatus; + + pub fn CMSDecoderCopySignerSigningTime( + decoder: CMSDecoderRef, + signer_index: usize, + sign_time_out: *mut CFAbsoluteTime, + ) -> OSStatus; + + pub fn CMSDecoderCopySignerTimestamp( + decoder: CMSDecoderRef, + signer_index: usize, + timestamp: *mut CFAbsoluteTime, + ) -> OSStatus; + + pub fn CMSDecoderCopySignerTimestampWithPolicy( + decoder: CMSDecoderRef, + timestamp_policy: CFTypeRef, + signer_index: usize, + timestamp: *mut CFAbsoluteTime, + ) -> OSStatus; + + pub fn CMSDecoderCopySignerTimestampCertificates( + decoder: CMSDecoderRef, + signer_index: usize, + certificate_refs: *mut CFArrayRef, + ) -> OSStatus; + + // CMS encoder + + pub static kCMSEncoderDigestAlgorithmSHA1: CFStringRef; + pub static kCMSEncoderDigestAlgorithmSHA256: CFStringRef; + + pub fn CMSEncoderGetTypeID() -> CFTypeID; + + pub fn CMSEncoderCreate(encoder_out: *mut CMSEncoderRef) -> OSStatus; + + pub fn CMSEncoderSetSignerAlgorithm( + encoder: CMSEncoderRef, + digest_alogrithm: CFStringRef, + ) -> OSStatus; + + pub fn CMSEncoderAddSigners(encoder: CMSEncoderRef, signer_or_array: CFTypeRef) -> OSStatus; + + pub fn CMSEncoderCopySigners(encoder: CMSEncoderRef, signers_out: *mut CFArrayRef) -> OSStatus; + + pub fn CMSEncoderAddRecipients( + encoder: CMSEncoderRef, + recipient_or_array: CFTypeRef, + ) -> OSStatus; + + pub fn CMSEncoderCopyRecipients( + encoder: CMSEncoderRef, + recipients_out: *mut CFArrayRef, + ) -> OSStatus; + + pub fn CMSEncoderSetHasDetachedContent( + encoder: CMSEncoderRef, + detached_content: Boolean, + ) -> OSStatus; + + pub fn CMSEncoderGetHasDetachedContent( + encoder: CMSEncoderRef, + detached_content_out: *mut Boolean, + ) -> OSStatus; + + pub fn CMSEncoderSetEncapsulatedContentTypeOID( + encoder: CMSEncoderRef, + content_type_oid: CFTypeRef, + ) -> OSStatus; + + pub fn CMSEncoderCopyEncapsulatedContentType( + encoder: CMSEncoderRef, + content_type_out: *mut CFDataRef, + ) -> OSStatus; + + pub fn CMSEncoderAddSupportingCerts( + encoder: CMSEncoderRef, + cert_or_array: CFTypeRef, + ) -> OSStatus; + + pub fn CMSEncoderCopySupportingCerts( + encoder: CMSEncoderRef, + certs_out: *mut CFArrayRef, + ) -> OSStatus; + + pub fn CMSEncoderAddSignedAttributes( + encoder: CMSEncoderRef, + signed_attributes: CMSSignedAttributes, + ) -> OSStatus; + + pub fn CMSEncoderSetCertificateChainMode( + encoder: CMSEncoderRef, + chain_mode: CMSCertificateChainMode, + ) -> OSStatus; + + pub fn CMSEncoderGetCertificateChainMode( + encoder: CMSEncoderRef, + chain_mode_out: *mut CMSCertificateChainMode, + ) -> OSStatus; + + pub fn CMSEncoderUpdateContent( + encoder: CMSEncoderRef, + content: *const c_void, + content_len: usize, + ) -> OSStatus; + + pub fn CMSEncoderCopyEncodedContent( + encoder: CMSEncoderRef, + encoded_content_out: *mut CFDataRef, + ) -> OSStatus; + + pub fn CMSEncodeContent( + signers: CFTypeRef, + recipients: CFTypeRef, + content_type_oid: CFTypeRef, + detached_content: Boolean, + signed_attributes: CMSSignedAttributes, + content: *const c_void, + content_len: usize, + encoded_content_out: *mut CFDataRef, + ) -> OSStatus; + + pub fn CMSEncoderCopySignerTimestamp( + encoder: CMSEncoderRef, + signer_index: usize, + timestamp: *mut CFAbsoluteTime, + ) -> OSStatus; + + pub fn CMSEncoderCopySignerTimestampWithPolicy( + encoder: CMSEncoderRef, + timestamp_policy: CFTypeRef, + signer_index: usize, + timestamp: *mut CFAbsoluteTime, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/code_signing.rs b/vendor/security-framework-sys/src/code_signing.rs new file mode 100644 index 00000000..bd4abc76 --- /dev/null +++ b/vendor/security-framework-sys/src/code_signing.rs @@ -0,0 +1,96 @@ +use core_foundation_sys::base::CFTypeID; +use core_foundation_sys::base::OSStatus; +use core_foundation_sys::dictionary::CFDictionaryRef; +use core_foundation_sys::string::CFStringRef; +use core_foundation_sys::url::CFURLRef; + +pub enum OpaqueSecRequirementRef {} +pub type SecRequirementRef = *mut OpaqueSecRequirementRef; + +pub enum OpaqueSecCodeRef {} +pub type SecCodeRef = *mut OpaqueSecCodeRef; + +pub enum OpaqueSecStaticCodeRef {} +pub type SecStaticCodeRef = *mut OpaqueSecStaticCodeRef; + +pub type SecCSFlags = u32; +pub const kSecCSCheckAllArchitectures: SecCSFlags = 1 << 0; +pub const kSecCSDoNotValidateExecutable: SecCSFlags = 1 << 1; +pub const kSecCSDoNotValidateResources: SecCSFlags = 1 << 2; +pub const kSecCSBasicValidateOnly: SecCSFlags = + kSecCSDoNotValidateExecutable | kSecCSDoNotValidateResources; +pub const kSecCSCheckNestedCode: SecCSFlags = 1 << 3; +pub const kSecCSStrictValidate: SecCSFlags = 1 << 4; +pub const kSecCSFullReport: SecCSFlags = 1 << 5; +pub const kSecCSCheckGatekeeperArchitectures: SecCSFlags = (1 << 6) | kSecCSCheckAllArchitectures; +pub const kSecCSRestrictSymlinks: SecCSFlags = 1 << 7; +pub const kSecCSRestrictToAppLike: SecCSFlags = 1 << 8; +pub const kSecCSRestrictSidebandData: SecCSFlags = 1 << 9; +pub const kSecCSUseSoftwareSigningCert: SecCSFlags = 1 << 10; +pub const kSecCSValidatePEH: SecCSFlags = 1 << 11; +pub const kSecCSSingleThreaded: SecCSFlags = 1 << 12; +// 13 - 15 are unused +// This is only available in macOS 11.3: +// pub const kSecCSAllowNetworkAccess: SecCSFlags = 1 << 16; +// 17 - 25 are unused +pub const kSecCSQuickCheck: SecCSFlags = 1 << 26; +pub const kSecCSCheckTrustedAnchors: SecCSFlags = 1 << 27; +pub const kSecCSReportProgress: SecCSFlags = 1 << 28; +pub const kSecCSNoNetworkAccess: SecCSFlags = 1 << 29; +pub const kSecCSEnforceRevocationChecks: SecCSFlags = 1 << 30; +pub const kSecCSConsiderExpiration: SecCSFlags = 1 << 31; + +extern "C" { + pub static kSecGuestAttributeArchitecture: CFStringRef; + pub static kSecGuestAttributeAudit: CFStringRef; + pub static kSecGuestAttributeCanonical: CFStringRef; + pub static kSecGuestAttributeDynamicCode: CFStringRef; + pub static kSecGuestAttributeDynamicCodeInfoPlist: CFStringRef; + pub static kSecGuestAttributeHash: CFStringRef; + pub static kSecGuestAttributeMachPort: CFStringRef; + pub static kSecGuestAttributePid: CFStringRef; + pub static kSecGuestAttributeSubarchitecture: CFStringRef; + + pub fn SecCodeGetTypeID() -> CFTypeID; + pub fn SecStaticCodeGetTypeID() -> CFTypeID; + pub fn SecRequirementGetTypeID() -> CFTypeID; + + pub fn SecCodeCheckValidity( + code: SecCodeRef, + flags: SecCSFlags, + requirement: SecRequirementRef, + ) -> OSStatus; + + pub fn SecCodeCopyGuestWithAttributes( + host: SecCodeRef, + attrs: CFDictionaryRef, + flags: SecCSFlags, + guest: *mut SecCodeRef, + ) -> OSStatus; + + pub fn SecCodeCopyPath( + code: SecStaticCodeRef, + flags: SecCSFlags, + path: *mut CFURLRef, + ) -> OSStatus; + + pub fn SecCodeCopySelf(flags: SecCSFlags, out: *mut SecCodeRef) -> OSStatus; + + pub fn SecRequirementCreateWithString( + text: CFStringRef, + flags: SecCSFlags, + requirement: *mut SecRequirementRef, + ) -> OSStatus; + + pub fn SecStaticCodeCheckValidity( + code: SecStaticCodeRef, + flags: SecCSFlags, + requirement: SecRequirementRef, + ) -> OSStatus; + + pub fn SecStaticCodeCreateWithPath( + path: CFURLRef, + flags: SecCSFlags, + code: *mut SecStaticCodeRef, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/digest_transform.rs b/vendor/security-framework-sys/src/digest_transform.rs new file mode 100644 index 00000000..fdcf6ee2 --- /dev/null +++ b/vendor/security-framework-sys/src/digest_transform.rs @@ -0,0 +1,28 @@ +use core_foundation_sys::base::{CFIndex, CFTypeRef}; +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +use crate::transform::SecTransformRef; + +extern "C" { + pub static kSecDigestHMACKeyAttribute: CFStringRef; + pub static kSecDigestHMACMD5: CFStringRef; + pub static kSecDigestHMACSHA1: CFStringRef; + pub static kSecDigestHMACSHA2: CFStringRef; + pub static kSecDigestLengthAttribute: CFStringRef; + pub static kSecDigestMD2: CFStringRef; + pub static kSecDigestMD4: CFStringRef; + pub static kSecDigestMD5: CFStringRef; + pub static kSecDigestSHA1: CFStringRef; + pub static kSecDigestSHA2: CFStringRef; + pub static kSecDigestTypeAttribute: CFStringRef; + + pub fn SecDigestTransformCreate( + digestType: CFTypeRef, + digestLength: CFIndex, + error: *mut CFErrorRef, + ) -> SecTransformRef; + +// this symbol is apparently missing in 10.13.3? +// pub fn SecDigestTransformGetTypeID() -> CFTypeID; +} diff --git a/vendor/security-framework-sys/src/encrypt_transform.rs b/vendor/security-framework-sys/src/encrypt_transform.rs new file mode 100644 index 00000000..85330527 --- /dev/null +++ b/vendor/security-framework-sys/src/encrypt_transform.rs @@ -0,0 +1,29 @@ +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecKeyRef; +use crate::transform::SecTransformRef; + +extern "C" { + pub static kSecEncryptionMode: CFStringRef; + pub static kSecEncryptKey: CFStringRef; + pub static kSecIVKey: CFStringRef; + pub static kSecModeCBCKey: CFStringRef; + pub static kSecModeCFBKey: CFStringRef; + pub static kSecModeECBKey: CFStringRef; + pub static kSecModeNoneKey: CFStringRef; + pub static kSecModeOFBKey: CFStringRef; + pub static kSecPaddingKey: CFStringRef; + pub static kSecPaddingNoneKey: CFStringRef; + pub static kSecPaddingOAEPKey: CFStringRef; + pub static kSecPaddingPKCS1Key: CFStringRef; + pub static kSecPaddingPKCS5Key: CFStringRef; + pub static kSecPaddingPKCS7Key: CFStringRef; + + pub fn SecDecryptTransformCreate(keyRef: SecKeyRef, error: *mut CFErrorRef) -> SecTransformRef; + // this symbol is apparently missing in 10.13.3? + // pub fn SecDecryptTransformGetTypeID() -> CFTypeID; + pub fn SecEncryptTransformCreate(keyRef: SecKeyRef, error: *mut CFErrorRef) -> SecTransformRef; +// this symbol is apparently missing in 10.13.3? +// pub fn SecEncryptTransformGetTypeID() -> CFTypeID; +} diff --git a/vendor/security-framework-sys/src/identity.rs b/vendor/security-framework-sys/src/identity.rs new file mode 100644 index 00000000..6d8295ec --- /dev/null +++ b/vendor/security-framework-sys/src/identity.rs @@ -0,0 +1,21 @@ +#[cfg(target_os = "macos")] +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::{CFTypeID, OSStatus}; + +use crate::base::{SecCertificateRef, SecIdentityRef, SecKeyRef}; + +extern "C" { + pub fn SecIdentityGetTypeID() -> CFTypeID; + pub fn SecIdentityCopyCertificate( + identity: SecIdentityRef, + certificate_ref: *mut SecCertificateRef, + ) -> OSStatus; + pub fn SecIdentityCopyPrivateKey(identity: SecIdentityRef, key_ref: *mut SecKeyRef) + -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SecIdentityCreateWithCertificate( + keychain_or_Array: CFTypeRef, + certificate_ref: SecCertificateRef, + identity_ref: *mut SecIdentityRef, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/import_export.rs b/vendor/security-framework-sys/src/import_export.rs new file mode 100644 index 00000000..cd32f571 --- /dev/null +++ b/vendor/security-framework-sys/src/import_export.rs @@ -0,0 +1,86 @@ +use core_foundation_sys::array::CFArrayRef; +#[cfg(target_os = "macos")] +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::OSStatus; +use core_foundation_sys::data::CFDataRef; +use core_foundation_sys::dictionary::CFDictionaryRef; +use core_foundation_sys::string::CFStringRef; +#[cfg(target_os = "macos")] +use std::os::raw::c_uint; + +#[cfg(target_os = "macos")] +use crate::base::{SecAccessRef, SecKeychainRef}; + +#[cfg(target_os = "macos")] +pub type SecExternalFormat = u32; +#[cfg(target_os = "macos")] +pub type SecExternalItemType = u32; +#[cfg(target_os = "macos")] +pub type SecItemImportExportFlags = u32; +#[cfg(target_os = "macos")] +pub type SecKeyImportExportFlags = u32; + +#[cfg(target_os = "macos")] +pub const kSecKeyImportOnlyOne: SecKeyImportExportFlags = 1; +#[cfg(target_os = "macos")] +pub const kSecKeySecurePassphrase: SecKeyImportExportFlags = 2; +#[cfg(target_os = "macos")] +pub const kSecKeyNoAccessControl: SecKeyImportExportFlags = 4; + +#[cfg(target_os = "macos")] +pub const SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION: c_uint = 0; + +#[repr(C)] +#[derive(Copy, Clone)] +#[cfg(target_os = "macos")] +pub struct SecItemImportExportKeyParameters { + pub version: c_uint, + pub flags: SecKeyImportExportFlags, + pub passphrase: CFTypeRef, + pub alertTitle: CFStringRef, + pub alertPrompt: CFStringRef, + pub accessRef: SecAccessRef, + pub keyUsage: CFArrayRef, + pub keyAttributes: CFArrayRef, +} + +extern "C" { + #[cfg(target_os = "macos")] + pub fn SecItemImport( + importedData: CFDataRef, + fileNameOrExtension: CFStringRef, + inputFormat: *mut SecExternalFormat, + itemType: *mut SecExternalItemType, + flags: SecItemImportExportFlags, + keyParams: *const SecItemImportExportKeyParameters, + importKeychain: SecKeychainRef, + outItems: *mut CFArrayRef, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecItemExport( + secItemOrArray: CFTypeRef, + outputFormat: SecExternalFormat, + flags: SecItemImportExportFlags, + keyParams: *const SecItemImportExportKeyParameters, + exportedData: *mut CFDataRef, + ) -> OSStatus; + + pub static kSecImportExportPassphrase: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecImportExportKeychain: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecImportExportAccess: CFStringRef; + + pub static kSecImportItemLabel: CFStringRef; + pub static kSecImportItemKeyID: CFStringRef; + pub static kSecImportItemTrust: CFStringRef; + pub static kSecImportItemCertChain: CFStringRef; + pub static kSecImportItemIdentity: CFStringRef; + + pub fn SecPKCS12Import( + pkcs12_data: CFDataRef, + options: CFDictionaryRef, + items: *mut CFArrayRef, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/item.rs b/vendor/security-framework-sys/src/item.rs new file mode 100644 index 00000000..5427bc99 --- /dev/null +++ b/vendor/security-framework-sys/src/item.rs @@ -0,0 +1,93 @@ +use core_foundation_sys::string::CFStringRef; + +extern "C" { + pub static kSecClass: CFStringRef; + pub static kSecClassInternetPassword: CFStringRef; + pub static kSecClassGenericPassword: CFStringRef; + pub static kSecClassCertificate: CFStringRef; + pub static kSecClassKey: CFStringRef; + pub static kSecClassIdentity: CFStringRef; + + pub static kSecMatchLimit: CFStringRef; + pub static kSecMatchLimitAll: CFStringRef; + + pub static kSecMatchTrustedOnly: CFStringRef; + pub static kSecMatchCaseInsensitive: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecMatchSubjectWholeString: CFStringRef; + + pub static kSecReturnData: CFStringRef; + pub static kSecReturnAttributes: CFStringRef; + pub static kSecReturnRef: CFStringRef; + pub static kSecReturnPersistentRef: CFStringRef; + + pub static kSecMatchSearchList: CFStringRef; + + pub static kSecAttrApplicationLabel: CFStringRef; + pub static kSecAttrKeyType: CFStringRef; + pub static kSecAttrLabel: CFStringRef; + pub static kSecAttrIsPermanent: CFStringRef; + pub static kSecAttrPublicKeyHash: CFStringRef; + pub static kSecAttrSerialNumber: CFStringRef; + pub static kSecPrivateKeyAttrs: CFStringRef; + pub static kSecPublicKeyAttrs: CFStringRef; + + pub static kSecAttrKeyClass: CFStringRef; + pub static kSecAttrKeyClassPublic: CFStringRef; + pub static kSecAttrKeyClassPrivate: CFStringRef; + pub static kSecAttrKeyClassSymmetric: CFStringRef; + + pub static kSecUseKeychain: CFStringRef; + #[cfg(any(feature = "OSX_10_15", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub static kSecUseDataProtectionKeychain: CFStringRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub static kSecAttrTokenID: CFStringRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub static kSecAttrTokenIDSecureEnclave: CFStringRef; + #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub static kSecUseAuthenticationContext: CFStringRef; + #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub static kSecAttrSynchronizable: CFStringRef; + + pub static kSecAttrKeySizeInBits: CFStringRef; + + pub static kSecAttrKeyTypeECSECPrimeRandom: CFStringRef; + pub static kSecAttrKeyTypeRSA: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeDSA: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeAES: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeDES: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyType3DES: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeRC4: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeRC2: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeCAST: CFStringRef; + pub static kSecAttrKeyTypeEC: CFStringRef; + + pub static kSecAttrAccessGroup: CFStringRef; + pub static kSecAttrAccessGroupToken: CFStringRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub static kSecKeyKeyExchangeParameterRequestedSize: CFStringRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub static kSecKeyKeyExchangeParameterSharedInfo: CFStringRef; + + pub static kSecAttrAuthenticationType: CFStringRef; + pub static kSecAttrComment: CFStringRef; + pub static kSecAttrDescription: CFStringRef; + pub static kSecAttrPath: CFStringRef; + pub static kSecAttrPort: CFStringRef; + pub static kSecAttrProtocol: CFStringRef; + pub static kSecAttrSecurityDomain: CFStringRef; + pub static kSecAttrServer: CFStringRef; + pub static kSecAttrService: CFStringRef; + pub static kSecAttrAccessControl: CFStringRef; + pub static kSecAttrAccount: CFStringRef; + pub static kSecValueData: CFStringRef; + pub static kSecValueRef: CFStringRef; +} diff --git a/vendor/security-framework-sys/src/key.rs b/vendor/security-framework-sys/src/key.rs new file mode 100644 index 00000000..a40a3036 --- /dev/null +++ b/vendor/security-framework-sys/src/key.rs @@ -0,0 +1,219 @@ +use core_foundation_sys::base::CFTypeID; +use core_foundation_sys::data::CFDataRef; +use core_foundation_sys::dictionary::CFDictionaryRef; +use core_foundation_sys::error::CFErrorRef; +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecKeyRef; + +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +pub type SecKeyAlgorithm = CFStringRef; + +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +pub type SecKeyOperationType = u32; +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +pub const kSecKeyOperationTypeSign: SecKeyOperationType = 0; +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +pub const kSecKeyOperationTypeVerify: SecKeyOperationType = 1; +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +pub const kSecKeyOperationTypeEncrypt: SecKeyOperationType = 2; +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +pub const kSecKeyOperationTypeDecrypt: SecKeyOperationType = 3; +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +pub const kSecKeyOperationTypeKeyExchange: SecKeyOperationType = 4; + +extern "C" { + pub fn SecKeyGetTypeID() -> CFTypeID; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCreateRandomKey(parameters: CFDictionaryRef, error: *mut CFErrorRef) -> SecKeyRef; + + #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCreateWithData( + keyData: CFDataRef, + attributes: CFDictionaryRef, + error: *mut CFErrorRef, + ) -> SecKeyRef; + + #[cfg(target_os = "macos")] + pub fn SecKeyCreateFromData( + parameters: CFDictionaryRef, + keyData: CFDataRef, + error: *mut CFErrorRef, + ) -> SecKeyRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCopyExternalRepresentation(key: SecKeyRef, error: *mut CFErrorRef) -> CFDataRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCopyAttributes(key: SecKeyRef) -> CFDictionaryRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCopyPublicKey(key: SecKeyRef) -> SecKeyRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCreateSignature( + key: SecKeyRef, + algorithm: SecKeyAlgorithm, + dataToSign: CFDataRef, + error: *mut CFErrorRef, + ) -> CFDataRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyVerifySignature( + key: SecKeyRef, + algorithm: SecKeyAlgorithm, + signedData: CFDataRef, + signature: CFDataRef, + error: *mut CFErrorRef, + ) -> core_foundation_sys::base::Boolean; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCreateEncryptedData( + key: SecKeyRef, + algorithm: SecKeyAlgorithm, + plaintext: CFDataRef, + error: *mut CFErrorRef, + ) -> CFDataRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCreateDecryptedData( + key: SecKeyRef, + algorithm: SecKeyAlgorithm, + ciphertext: CFDataRef, + error: *mut CFErrorRef, + ) -> CFDataRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyIsAlgorithmSupported( + key: SecKeyRef, + operation: SecKeyOperationType, + algorithm: SecKeyAlgorithm, + ) -> core_foundation_sys::base::Boolean; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecKeyCopyKeyExchangeResult( + privateKey: SecKeyRef, + algorithm: SecKeyAlgorithm, + publicKey: SecKeyRef, + parameters: CFDictionaryRef, + error: *mut CFErrorRef, + ) -> CFDataRef; +} + +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +macro_rules! names { + ($( $(# $meta:literal )* $i:ident => $x:ident),*) => { + extern "C" { + $($(#[cfg(feature = $meta)])* pub static $x: SecKeyAlgorithm;)* + } + + #[non_exhaustive] + #[derive(Copy, Clone)] + pub enum Algorithm { + $( $(#[cfg(feature = $meta)])* $i, )* + } + + impl From<Algorithm> for SecKeyAlgorithm { + fn from(m: Algorithm) -> Self { + unsafe { match m { + $( $(#[cfg(feature = $meta)])* Algorithm::$i => $x, )* + } } + } + } + } +} + +#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +names! { + ECIESEncryptionStandardX963SHA1AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM, + ECIESEncryptionStandardX963SHA224AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM, + ECIESEncryptionStandardX963SHA256AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM, + ECIESEncryptionStandardX963SHA384AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM, + ECIESEncryptionStandardX963SHA512AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM, + + ECIESEncryptionStandardVariableIVX963SHA224AESGCM => kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM, + ECIESEncryptionStandardVariableIVX963SHA256AESGCM => kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM, + ECIESEncryptionStandardVariableIVX963SHA384AESGCM => kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM, + ECIESEncryptionStandardVariableIVX963SHA512AESGCM => kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM, + + ECIESEncryptionCofactorVariableIVX963SHA224AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM, + ECIESEncryptionCofactorVariableIVX963SHA256AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM, + ECIESEncryptionCofactorVariableIVX963SHA384AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM, + ECIESEncryptionCofactorVariableIVX963SHA512AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM, + + #"OSX_10_13" ECIESEncryptionCofactorX963SHA1AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM, + #"OSX_10_13" ECIESEncryptionCofactorX963SHA224AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM, + #"OSX_10_13" ECIESEncryptionCofactorX963SHA256AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM, + #"OSX_10_13" ECIESEncryptionCofactorX963SHA384AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM, + #"OSX_10_13" ECIESEncryptionCofactorX963SHA512AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM, + + ECDSASignatureRFC4754 => kSecKeyAlgorithmECDSASignatureRFC4754, + + ECDSASignatureDigestX962 => kSecKeyAlgorithmECDSASignatureDigestX962, + ECDSASignatureDigestX962SHA1 => kSecKeyAlgorithmECDSASignatureDigestX962SHA1, + ECDSASignatureDigestX962SHA224 => kSecKeyAlgorithmECDSASignatureDigestX962SHA224, + ECDSASignatureDigestX962SHA256 => kSecKeyAlgorithmECDSASignatureDigestX962SHA256, + ECDSASignatureDigestX962SHA384 => kSecKeyAlgorithmECDSASignatureDigestX962SHA384, + ECDSASignatureDigestX962SHA512 => kSecKeyAlgorithmECDSASignatureDigestX962SHA512, + + ECDSASignatureMessageX962SHA1 => kSecKeyAlgorithmECDSASignatureMessageX962SHA1, + ECDSASignatureMessageX962SHA224 => kSecKeyAlgorithmECDSASignatureMessageX962SHA224, + ECDSASignatureMessageX962SHA256 => kSecKeyAlgorithmECDSASignatureMessageX962SHA256, + ECDSASignatureMessageX962SHA384 => kSecKeyAlgorithmECDSASignatureMessageX962SHA384, + ECDSASignatureMessageX962SHA512 => kSecKeyAlgorithmECDSASignatureMessageX962SHA512, + + ECDHKeyExchangeCofactor => kSecKeyAlgorithmECDHKeyExchangeCofactor, + ECDHKeyExchangeStandard => kSecKeyAlgorithmECDHKeyExchangeStandard, + ECDHKeyExchangeCofactorX963SHA1 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1, + ECDHKeyExchangeStandardX963SHA1 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1, + ECDHKeyExchangeCofactorX963SHA224 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224, + ECDHKeyExchangeCofactorX963SHA256 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256, + ECDHKeyExchangeCofactorX963SHA384 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384, + ECDHKeyExchangeCofactorX963SHA512 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512, + ECDHKeyExchangeStandardX963SHA224 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224, + ECDHKeyExchangeStandardX963SHA256 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256, + ECDHKeyExchangeStandardX963SHA384 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384, + ECDHKeyExchangeStandardX963SHA512 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512, + + RSAEncryptionRaw => kSecKeyAlgorithmRSAEncryptionRaw, + RSAEncryptionPKCS1 => kSecKeyAlgorithmRSAEncryptionPKCS1, + + RSAEncryptionOAEPSHA1 => kSecKeyAlgorithmRSAEncryptionOAEPSHA1, + RSAEncryptionOAEPSHA224 => kSecKeyAlgorithmRSAEncryptionOAEPSHA224, + RSAEncryptionOAEPSHA256 => kSecKeyAlgorithmRSAEncryptionOAEPSHA256, + RSAEncryptionOAEPSHA384 => kSecKeyAlgorithmRSAEncryptionOAEPSHA384, + RSAEncryptionOAEPSHA512 => kSecKeyAlgorithmRSAEncryptionOAEPSHA512, + + RSAEncryptionOAEPSHA1AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM, + RSAEncryptionOAEPSHA224AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM, + RSAEncryptionOAEPSHA256AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM, + RSAEncryptionOAEPSHA384AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM, + RSAEncryptionOAEPSHA512AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM, + + RSASignatureRaw => kSecKeyAlgorithmRSASignatureRaw, + + RSASignatureDigestPKCS1v15Raw => kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw, + RSASignatureDigestPKCS1v15SHA1 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, + RSASignatureDigestPKCS1v15SHA224 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224, + RSASignatureDigestPKCS1v15SHA256 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256, + RSASignatureDigestPKCS1v15SHA384 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384, + RSASignatureDigestPKCS1v15SHA512 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512, + + RSASignatureMessagePKCS1v15SHA1 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1, + RSASignatureMessagePKCS1v15SHA224 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224, + RSASignatureMessagePKCS1v15SHA256 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256, + RSASignatureMessagePKCS1v15SHA384 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384, + RSASignatureMessagePKCS1v15SHA512 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512, + + RSASignatureDigestPSSSHA1 => kSecKeyAlgorithmRSASignatureDigestPSSSHA1, + RSASignatureDigestPSSSHA224 => kSecKeyAlgorithmRSASignatureDigestPSSSHA224, + RSASignatureDigestPSSSHA256 => kSecKeyAlgorithmRSASignatureDigestPSSSHA256, + RSASignatureDigestPSSSHA384 => kSecKeyAlgorithmRSASignatureDigestPSSSHA384, + RSASignatureDigestPSSSHA512 => kSecKeyAlgorithmRSASignatureDigestPSSSHA512, + + RSASignatureMessagePSSSHA1 => kSecKeyAlgorithmRSASignatureMessagePSSSHA1, + RSASignatureMessagePSSSHA224 => kSecKeyAlgorithmRSASignatureMessagePSSSHA224, + RSASignatureMessagePSSSHA256 => kSecKeyAlgorithmRSASignatureMessagePSSSHA256, + RSASignatureMessagePSSSHA384 => kSecKeyAlgorithmRSASignatureMessagePSSSHA384, + RSASignatureMessagePSSSHA512 => kSecKeyAlgorithmRSASignatureMessagePSSSHA512 +} diff --git a/vendor/security-framework-sys/src/keychain.rs b/vendor/security-framework-sys/src/keychain.rs new file mode 100644 index 00000000..1413e3aa --- /dev/null +++ b/vendor/security-framework-sys/src/keychain.rs @@ -0,0 +1,194 @@ +#[cfg(target_os = "macos")] +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::{Boolean, CFTypeID, OSStatus}; +use std::os::raw::{c_char, c_uint, c_void}; + +#[cfg(target_os = "macos")] +use crate::base::SecKeychainItemRef; +use crate::base::{SecAccessRef, SecKeychainRef}; + +pub const SEC_KEYCHAIN_SETTINGS_VERS1: c_uint = 1; + +#[repr(C)] +pub struct SecKeychainSettings { + pub version: c_uint, + pub lockOnSleep: Boolean, + pub useLockInterval: Boolean, + pub lockInterval: c_uint, +} + +/// Like Apple's headers, it assumes Little Endian, +/// as there are no supported Big Endian machines any more :( +macro_rules! char_lit { + ($e:expr) => { + ($e[3] as u32) + (($e[2] as u32) << 8) + (($e[1] as u32) << 16) + (($e[0] as u32) << 24) + }; +} + +macro_rules! char_lit_swapped { + ($e:expr) => { + ($e[0] as u32) + (($e[1] as u32) << 8) + (($e[2] as u32) << 16) + (($e[3] as u32) << 24) + }; +} + +#[repr(u32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +#[allow(clippy::upper_case_acronyms)] +pub enum SecProtocolType { + FTP = char_lit!(b"ftp "), + FTPAccount = char_lit!(b"ftpa"), + HTTP = char_lit!(b"http"), + IRC = char_lit!(b"irc "), + NNTP = char_lit!(b"nntp"), + POP3 = char_lit!(b"pop3"), + SMTP = char_lit!(b"smtp"), + SOCKS = char_lit!(b"sox "), + IMAP = char_lit!(b"imap"), + LDAP = char_lit!(b"ldap"), + AppleTalk = char_lit!(b"atlk"), + AFP = char_lit!(b"afp "), + Telnet = char_lit!(b"teln"), + SSH = char_lit!(b"ssh "), + FTPS = char_lit!(b"ftps"), + HTTPS = char_lit!(b"htps"), + HTTPProxy = char_lit!(b"htpx"), + HTTPSProxy = char_lit!(b"htsx"), + FTPProxy = char_lit!(b"ftpx"), + CIFS = char_lit!(b"cifs"), + SMB = char_lit!(b"smb "), + RTSP = char_lit!(b"rtsp"), + RTSPProxy = char_lit!(b"rtsx"), + DAAP = char_lit!(b"daap"), + EPPC = char_lit!(b"eppc"), + IPP = char_lit!(b"ipp "), + NNTPS = char_lit!(b"ntps"), + LDAPS = char_lit!(b"ldps"), + TelnetS = char_lit!(b"tels"), + IMAPS = char_lit!(b"imps"), + IRCS = char_lit!(b"ircs"), + POP3S = char_lit!(b"pops"), + CVSpserver = char_lit!(b"cvsp"), + SVN = char_lit!(b"svn "), + Any = 0, +} + +#[repr(u32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +#[allow(clippy::upper_case_acronyms)] +pub enum SecAuthenticationType { + // [sic] Apple has got two related enums each with a different endianness! + NTLM = char_lit_swapped!(b"ntlm"), + MSN = char_lit_swapped!(b"msna"), + DPA = char_lit_swapped!(b"dpaa"), + RPA = char_lit_swapped!(b"rpaa"), + HTTPBasic = char_lit_swapped!(b"http"), + HTTPDigest = char_lit_swapped!(b"httd"), + HTMLForm = char_lit_swapped!(b"form"), + Default = char_lit_swapped!(b"dflt"), + Any = 0, +} + +#[repr(i32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +pub enum SecPreferencesDomain { + User = 0, + System = 1, + Common = 2, + Dynamic = 3, +} + +extern "C" { + pub fn SecKeychainGetTypeID() -> CFTypeID; + pub fn SecKeychainCopyDefault(keychain: *mut SecKeychainRef) -> OSStatus; + pub fn SecKeychainCopyDomainDefault( + domain: SecPreferencesDomain, + keychain: *mut SecKeychainRef, + ) -> OSStatus; + pub fn SecKeychainCreate( + pathName: *const c_char, + passwordLength: c_uint, + password: *const c_void, + promptUser: Boolean, + initialAccess: SecAccessRef, + keychain: *mut SecKeychainRef, + ) -> OSStatus; + pub fn SecKeychainOpen(pathName: *const c_char, keychain: *mut SecKeychainRef) -> OSStatus; + pub fn SecKeychainUnlock( + keychain: SecKeychainRef, + passwordLength: c_uint, + password: *const c_void, + usePassword: Boolean, + ) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SecKeychainFindGenericPassword( + keychainOrArray: CFTypeRef, + serviceNameLength: u32, + serviceName: *const c_char, + accountNameLength: u32, + accountName: *const c_char, + passwordLength: *mut u32, + passwordData: *mut *mut c_void, + itemRef: *mut SecKeychainItemRef, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainFindInternetPassword( + keychainOrArray: CFTypeRef, + serverNameLength: u32, + serverName: *const c_char, + securityDomainLength: u32, + securityDomain: *const c_char, + accountNameLength: u32, + accountName: *const c_char, + pathLength: u32, + path: *const c_char, + port: u16, + protocol: SecProtocolType, + authenticationType: SecAuthenticationType, + passwordLength: *mut u32, + passwordData: *mut *mut c_void, + itemRef: *mut SecKeychainItemRef, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainAddGenericPassword( + keychain: SecKeychainRef, + serviceNameLength: u32, + serviceName: *const c_char, + accountNameLength: u32, + accountName: *const c_char, + passwordLength: u32, + passwordData: *const c_void, + itemRef: *mut SecKeychainItemRef, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainAddInternetPassword( + keychain: SecKeychainRef, + serverNameLength: u32, + serverName: *const c_char, + securityDomainLength: u32, + securityDomain: *const c_char, + accountNameLength: u32, + accountName: *const c_char, + pathLength: u32, + path: *const c_char, + port: u16, + protocol: SecProtocolType, + authenticationType: SecAuthenticationType, + passwordLength: u32, + passwordData: *const c_void, + itemRef: *mut SecKeychainItemRef, + ) -> OSStatus; + + pub fn SecKeychainSetSettings( + keychain: SecKeychainRef, + newSettings: *const SecKeychainSettings, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainGetUserInteractionAllowed(state: *mut Boolean) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainSetUserInteractionAllowed(state: Boolean) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/keychain_item.rs b/vendor/security-framework-sys/src/keychain_item.rs new file mode 100644 index 00000000..9b41f100 --- /dev/null +++ b/vendor/security-framework-sys/src/keychain_item.rs @@ -0,0 +1,37 @@ +use crate::base::{SecKeychainAttributeList, SecKeychainItemRef}; +use core_foundation_sys::base::{CFTypeID, CFTypeRef, OSStatus}; +use core_foundation_sys::dictionary::CFDictionaryRef; +use std::os::raw::c_void; + +extern "C" { + + /// Returns the unique identifier of the opaque type to which a keychain item object belongs. + pub fn SecKeychainItemGetTypeID() -> CFTypeID; + + /// Adds one or more items to a keychain. + pub fn SecItemAdd(attributes: CFDictionaryRef, result: *mut CFTypeRef) -> OSStatus; + + /// Returns one or more keychain items that match a search query, or copies attributes of specific keychain items. + pub fn SecItemCopyMatching(query: CFDictionaryRef, result: *mut CFTypeRef) -> OSStatus; + + /// Modifies items that match a search query. + pub fn SecItemUpdate(query: CFDictionaryRef, attributesToUpdate: CFDictionaryRef) -> OSStatus; + + /// Deletes items that match a search query. + pub fn SecItemDelete(query: CFDictionaryRef) -> OSStatus; + + /// # Legacy API + pub fn SecKeychainItemModifyAttributesAndData( + itemRef: SecKeychainItemRef, + attrList: *const SecKeychainAttributeList, + length: u32, + data: *const c_void, + ) -> OSStatus; + + pub fn SecKeychainItemFreeContent( + attrList: *mut SecKeychainAttributeList, + data: *mut c_void, + ) -> OSStatus; + + pub fn SecKeychainItemDelete(itemRef: SecKeychainItemRef) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/lib.rs b/vendor/security-framework-sys/src/lib.rs new file mode 100644 index 00000000..f4be4d75 --- /dev/null +++ b/vendor/security-framework-sys/src/lib.rs @@ -0,0 +1,41 @@ +#![allow(bad_style)] + +#[cfg_attr( + any(target_os = "macos", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"), + link(name = "Security", kind = "framework") +)] +extern "C" {} + +#[cfg(target_os = "macos")] +pub mod access; +pub mod access_control; +#[cfg(target_os = "macos")] +pub mod authorization; +pub mod base; +#[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +pub mod certificate; +#[cfg(target_os = "macos")] +pub mod certificate_oids; +pub mod cipher_suite; +#[cfg(target_os = "macos")] +pub mod cms; +#[cfg(target_os = "macos")] +pub mod code_signing; +#[cfg(target_os = "macos")] +pub mod digest_transform; +#[cfg(target_os = "macos")] +pub mod encrypt_transform; +pub mod identity; +pub mod import_export; +pub mod item; +pub mod key; +pub mod keychain; +pub mod keychain_item; +pub mod policy; +pub mod random; +pub mod secure_transport; +#[cfg(target_os = "macos")] +pub mod transform; +pub mod trust; +#[cfg(target_os = "macos")] +pub mod trust_settings; diff --git a/vendor/security-framework-sys/src/policy.rs b/vendor/security-framework-sys/src/policy.rs new file mode 100644 index 00000000..b30fa72f --- /dev/null +++ b/vendor/security-framework-sys/src/policy.rs @@ -0,0 +1,25 @@ +use core_foundation_sys::base::CFOptionFlags; +use core_foundation_sys::base::{Boolean, CFTypeID}; +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecPolicyRef; + +mod revocation_flags { + use super::CFOptionFlags; + + pub const kSecRevocationOCSPMethod: CFOptionFlags = 1 << 0; + pub const kSecRevocationCRLMethod: CFOptionFlags = 1 << 1; + pub const kSecRevocationPreferCRL: CFOptionFlags = 1 << 2; + pub const kSecRevocationRequirePositiveResponse: CFOptionFlags = 1 << 3; + pub const kSecRevocationNetworkAccessDisabled: CFOptionFlags = 1 << 4; + pub const kSecRevocationUseAnyAvailableMethod: CFOptionFlags = kSecRevocationOCSPMethod | kSecRevocationCRLMethod; +} + +pub use revocation_flags::*; + +extern "C" { + pub fn SecPolicyCreateSSL(server: Boolean, hostname: CFStringRef) -> SecPolicyRef; + pub fn SecPolicyCreateRevocation(revocationFlags: CFOptionFlags) -> SecPolicyRef; + pub fn SecPolicyGetTypeID() -> CFTypeID; + pub fn SecPolicyCreateBasicX509() -> SecPolicyRef; +} diff --git a/vendor/security-framework-sys/src/random.rs b/vendor/security-framework-sys/src/random.rs new file mode 100644 index 00000000..6ec9c985 --- /dev/null +++ b/vendor/security-framework-sys/src/random.rs @@ -0,0 +1,10 @@ +use std::os::raw::{c_int, c_void}; + +pub enum __SecRandom {} +pub type SecRandomRef = *const __SecRandom; + +extern "C" { + pub static kSecRandomDefault: SecRandomRef; + + pub fn SecRandomCopyBytes(rnd: SecRandomRef, count: usize, bytes: *mut c_void) -> c_int; +} diff --git a/vendor/security-framework-sys/src/secure_transport.rs b/vendor/security-framework-sys/src/secure_transport.rs new file mode 100644 index 00000000..19f3300b --- /dev/null +++ b/vendor/security-framework-sys/src/secure_transport.rs @@ -0,0 +1,278 @@ +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::CFAllocatorRef; +#[cfg(target_os = "macos")] +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::{Boolean, OSStatus}; +use std::os::raw::{c_char, c_int, c_void}; + +use crate::cipher_suite::SSLCipherSuite; +use crate::trust::SecTrustRef; + +pub enum SSLContext {} +pub type SSLContextRef = *mut SSLContext; + +pub type SSLConnectionRef = *const c_void; + +pub type SSLProtocol = c_int; +pub const kSSLProtocolUnknown: SSLProtocol = 0; +pub const kSSLProtocol3: SSLProtocol = 2; +pub const kTLSProtocol1: SSLProtocol = 4; +pub const kTLSProtocol11: SSLProtocol = 7; +pub const kTLSProtocol12: SSLProtocol = 8; +pub const kDTLSProtocol1: SSLProtocol = 9; +pub const kTLSProtocol13: SSLProtocol = 10; +pub const kSSLProtocol2: SSLProtocol = 1; +pub const kSSLProtocol3Only: SSLProtocol = 3; +pub const kTLSProtocol1Only: SSLProtocol = 5; +pub const kSSLProtocolAll: SSLProtocol = 6; + +pub type SSLSessionOption = c_int; +#[deprecated(note = "deprecated by Apple")] +pub const kSSLSessionOptionBreakOnServerAuth: SSLSessionOption = 0; +#[deprecated(note = "deprecated by Apple")] +pub const kSSLSessionOptionBreakOnCertRequested: SSLSessionOption = 1; +#[deprecated(note = "deprecated by Apple")] +pub const kSSLSessionOptionBreakOnClientAuth: SSLSessionOption = 2; +#[deprecated(note = "deprecated by Apple")] +pub const kSSLSessionOptionFalseStart: SSLSessionOption = 3; +pub const kSSLSessionOptionSendOneByteRecord: SSLSessionOption = 4; +#[deprecated(note = "deprecated by Apple")] +pub const kSSLSessionOptionAllowServerIdentityChange: SSLSessionOption = 5; +#[cfg(target_os = "macos")] +#[deprecated(note = "deprecated by Apple")] +pub const kSSLSessionOptionFallback: SSLSessionOption = 6; +#[deprecated(note = "deprecated by Apple")] +pub const kSSLSessionOptionBreakOnClientHello: SSLSessionOption = 7; + +pub type SSLSessionState = c_int; +pub const kSSLIdle: SSLSessionState = 0; +pub const kSSLHandshake: SSLSessionState = 1; +pub const kSSLConnected: SSLSessionState = 2; +pub const kSSLClosed: SSLSessionState = 3; +pub const kSSLAborted: SSLSessionState = 4; + +pub type SSLReadFunc = unsafe extern "C" fn( + connection: SSLConnectionRef, + data: *mut c_void, + dataLength: *mut usize, +) -> OSStatus; + +pub type SSLWriteFunc = unsafe extern "C" fn( + connection: SSLConnectionRef, + data: *const c_void, + dataLength: *mut usize, +) -> OSStatus; + +pub type SSLProtocolSide = c_int; +pub const kSSLServerSide: SSLProtocolSide = 0; +pub const kSSLClientSide: SSLProtocolSide = 1; + +pub type SSLConnectionType = c_int; +pub const kSSLStreamType: SSLConnectionType = 0; +pub const kSSLDatagramType: SSLConnectionType = 1; + +pub const errSSLProtocol: OSStatus = -9800; +pub const errSSLNegotiation: OSStatus = -9801; +pub const errSSLFatalAlert: OSStatus = -9802; +pub const errSSLWouldBlock: OSStatus = -9803; +pub const errSSLSessionNotFound: OSStatus = -9804; +pub const errSSLClosedGraceful: OSStatus = -9805; +pub const errSSLClosedAbort: OSStatus = -9806; +pub const errSSLXCertChainInvalid: OSStatus = -9807; +pub const errSSLBadCert: OSStatus = -9808; +pub const errSSLCrypto: OSStatus = -9809; +pub const errSSLInternal: OSStatus = -9810; +pub const errSSLModuleAttach: OSStatus = -9811; +pub const errSSLUnknownRootCert: OSStatus = -9812; +pub const errSSLNoRootCert: OSStatus = -9813; +pub const errSSLCertExpired: OSStatus = -9814; +pub const errSSLCertNotYetValid: OSStatus = -9815; +pub const errSSLClosedNoNotify: OSStatus = -9816; +pub const errSSLBufferOverflow: OSStatus = -9817; +pub const errSSLBadCipherSuite: OSStatus = -9818; +pub const errSSLPeerUnexpectedMsg: OSStatus = -9819; +pub const errSSLPeerBadRecordMac: OSStatus = -9820; +pub const errSSLPeerDecryptionFail: OSStatus = -9821; +pub const errSSLPeerRecordOverflow: OSStatus = -9822; +pub const errSSLPeerDecompressFail: OSStatus = -9823; +pub const errSSLPeerHandshakeFail: OSStatus = -9824; +pub const errSSLPeerBadCert: OSStatus = -9825; +pub const errSSLPeerUnsupportedCert: OSStatus = -9826; +pub const errSSLPeerCertRevoked: OSStatus = -9827; +pub const errSSLPeerCertExpired: OSStatus = -9828; +pub const errSSLPeerCertUnknown: OSStatus = -9829; +pub const errSSLIllegalParam: OSStatus = -9830; +pub const errSSLPeerUnknownCA: OSStatus = -9831; +pub const errSSLPeerAccessDenied: OSStatus = -9832; +pub const errSSLPeerDecodeError: OSStatus = -9833; +pub const errSSLPeerDecryptError: OSStatus = -9834; +pub const errSSLPeerExportRestriction: OSStatus = -9835; +pub const errSSLPeerProtocolVersion: OSStatus = -9836; +pub const errSSLPeerInsufficientSecurity: OSStatus = -9837; +pub const errSSLPeerInternalError: OSStatus = -9838; +pub const errSSLPeerUserCancelled: OSStatus = -9839; +pub const errSSLPeerNoRenegotiation: OSStatus = -9840; +pub const errSSLPeerAuthCompleted: OSStatus = -9841; +pub const errSSLClientCertRequested: OSStatus = -9842; +pub const errSSLHostNameMismatch: OSStatus = -9843; +pub const errSSLConnectionRefused: OSStatus = -9844; +pub const errSSLDecryptionFail: OSStatus = -9845; +pub const errSSLBadRecordMac: OSStatus = -9846; +pub const errSSLRecordOverflow: OSStatus = -9847; +pub const errSSLBadConfiguration: OSStatus = -9848; +pub const errSSLClientHelloReceived: OSStatus = -9851; + +pub type SSLAuthenticate = c_int; +pub const kNeverAuthenticate: SSLAuthenticate = 0; +pub const kAlwaysAuthenticate: SSLAuthenticate = 1; +pub const kTryAuthenticate: SSLAuthenticate = 2; + +pub type SSLClientCertificateState = c_int; +pub const kSSLClientCertNone: SSLClientCertificateState = 0; +pub const kSSLClientCertRequested: SSLClientCertificateState = 1; +pub const kSSLClientCertSent: SSLClientCertificateState = 2; +pub const kSSLClientCertRejected: SSLClientCertificateState = 3; + +extern "C" { + pub fn SSLContextGetTypeID() -> ::core_foundation_sys::base::CFTypeID; + pub fn SSLCreateContext( + alloc: CFAllocatorRef, + protocolSide: SSLProtocolSide, + connectionType: SSLConnectionType, + ) -> SSLContextRef; + #[cfg(target_os = "macos")] + pub fn SSLNewContext(isServer: Boolean, contextPtr: *mut SSLContextRef) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLDisposeContext(context: SSLContextRef) -> OSStatus; + pub fn SSLSetConnection(context: SSLContextRef, connection: SSLConnectionRef) -> OSStatus; + pub fn SSLGetConnection(context: SSLContextRef, connection: *mut SSLConnectionRef) -> OSStatus; + pub fn SSLSetIOFuncs( + context: SSLContextRef, + read: SSLReadFunc, + write: SSLWriteFunc, + ) -> OSStatus; + pub fn SSLHandshake(context: SSLContextRef) -> OSStatus; + pub fn SSLClose(context: SSLContextRef) -> OSStatus; + pub fn SSLRead( + context: SSLContextRef, + data: *mut c_void, + dataLen: usize, + processed: *mut usize, + ) -> OSStatus; + pub fn SSLWrite( + context: SSLContextRef, + data: *const c_void, + dataLen: usize, + processed: *mut usize, + ) -> OSStatus; + pub fn SSLSetPeerDomainName( + context: SSLContextRef, + peerName: *const c_char, + peerNameLen: usize, + ) -> OSStatus; + pub fn SSLGetPeerDomainNameLength(context: SSLContextRef, peerNameLen: *mut usize) -> OSStatus; + pub fn SSLGetPeerDomainName( + context: SSLContextRef, + peerName: *mut c_char, + peerNameLen: *mut usize, + ) -> OSStatus; + pub fn SSLSetCertificate(context: SSLContextRef, certRefs: CFArrayRef) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLSetCertificateAuthorities( + context: SSLContextRef, + certificateOrArray: CFTypeRef, + replaceExisting: Boolean, + ) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLCopyCertificateAuthorities( + context: SSLContextRef, + certificates: *mut CFArrayRef, + ) -> OSStatus; + pub fn SSLSetSessionOption( + context: SSLContextRef, + option: SSLSessionOption, + value: Boolean, + ) -> OSStatus; + pub fn SSLGetSessionOption( + context: SSLContextRef, + option: SSLSessionOption, + value: *mut Boolean, + ) -> OSStatus; + pub fn SSLCopyPeerTrust(context: SSLContextRef, trust: *mut SecTrustRef) -> OSStatus; + pub fn SSLGetSessionState(context: SSLContextRef, state: *mut SSLSessionState) -> OSStatus; + pub fn SSLGetSupportedCiphers( + context: SSLContextRef, + ciphers: *mut SSLCipherSuite, + numCiphers: *mut usize, + ) -> OSStatus; + pub fn SSLGetNumberSupportedCiphers( + context: SSLContextRef, + numCiphers: *mut usize, + ) -> OSStatus; + pub fn SSLGetEnabledCiphers( + context: SSLContextRef, + ciphers: *mut SSLCipherSuite, + numCiphers: *mut usize, + ) -> OSStatus; + pub fn SSLGetNumberEnabledCiphers(context: SSLContextRef, numCiphers: *mut usize) -> OSStatus; + pub fn SSLSetEnabledCiphers( + context: SSLContextRef, + ciphers: *const SSLCipherSuite, + numCiphers: usize, + ) -> OSStatus; + pub fn SSLGetNegotiatedCipher(context: SSLContextRef, cipher: *mut SSLCipherSuite) -> OSStatus; + pub fn SSLSetClientSideAuthenticate(context: SSLContextRef, auth: SSLAuthenticate) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLSetDiffieHellmanParams( + context: SSLContextRef, + dhParams: *const c_void, + dhParamsLen: usize, + ) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLGetDiffieHellmanParams( + context: SSLContextRef, + dhParams: *mut *const c_void, + dhParamsLen: *mut usize, + ) -> OSStatus; + pub fn SSLSetPeerID( + context: SSLContextRef, + peerID: *const c_void, + peerIDLen: usize, + ) -> OSStatus; + pub fn SSLGetPeerID( + context: SSLContextRef, + peerID: *mut *const c_void, + peerIDLen: *mut usize, + ) -> OSStatus; + pub fn SSLGetBufferedReadSize(context: SSLContextRef, bufSize: *mut usize) -> OSStatus; + pub fn SSLGetClientCertificateState( + context: SSLContextRef, + clientState: *mut SSLClientCertificateState, + ) -> OSStatus; + pub fn SSLGetNegotiatedProtocolVersion( + context: SSLContextRef, + protocol: *mut SSLProtocol, + ) -> OSStatus; + pub fn SSLGetProtocolVersionMax( + context: SSLContextRef, + maxVersion: *mut SSLProtocol, + ) -> OSStatus; + pub fn SSLGetProtocolVersionMin( + context: SSLContextRef, + minVersion: *mut SSLProtocol, + ) -> OSStatus; + pub fn SSLSetProtocolVersionMax(context: SSLContextRef, maxVersion: SSLProtocol) -> OSStatus; + pub fn SSLSetProtocolVersionMin(context: SSLContextRef, minVersion: SSLProtocol) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLSetProtocolVersionEnabled( + context: SSLContextRef, + protocol: SSLProtocol, + enable: Boolean, + ) -> OSStatus; + #[cfg(feature = "OSX_10_13")] + pub fn SSLSetALPNProtocols(context: SSLContextRef, protocols: CFArrayRef) -> OSStatus; + #[cfg(feature = "OSX_10_13")] + pub fn SSLCopyALPNProtocols(context: SSLContextRef, protocols: *mut CFArrayRef) -> OSStatus; + #[cfg(feature = "OSX_10_13")] + pub fn SSLSetSessionTicketsEnabled(context: SSLContextRef, enabled: Boolean) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/transform.rs b/vendor/security-framework-sys/src/transform.rs new file mode 100644 index 00000000..a4a14f84 --- /dev/null +++ b/vendor/security-framework-sys/src/transform.rs @@ -0,0 +1,23 @@ +use core_foundation_sys::base::{Boolean, CFTypeID, CFTypeRef}; +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +pub type SecTransformRef = CFTypeRef; + +extern "C" { + pub static kSecTransformInputAttributeName: CFStringRef; + + pub fn SecTransformGetTypeID() -> CFTypeID; + + pub fn SecTransformSetAttribute( + transformRef: SecTransformRef, + key: CFStringRef, + value: CFTypeRef, + error: *mut CFErrorRef, + ) -> Boolean; + + pub fn SecTransformExecute( + transformRef: SecTransformRef, + errorRef: *mut CFErrorRef, + ) -> CFTypeRef; +} diff --git a/vendor/security-framework-sys/src/trust.rs b/vendor/security-framework-sys/src/trust.rs new file mode 100644 index 00000000..363e1eec --- /dev/null +++ b/vendor/security-framework-sys/src/trust.rs @@ -0,0 +1,77 @@ +use crate::base::SecCertificateRef; +use crate::base::SecKeyRef; +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::{Boolean, CFIndex, CFTypeID, CFTypeRef, OSStatus}; +use core_foundation_sys::date::CFDateRef; +#[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] +use core_foundation_sys::error::CFErrorRef; + +pub type SecTrustResultType = u32; + +pub const kSecTrustResultInvalid: SecTrustResultType = 0; +pub const kSecTrustResultProceed: SecTrustResultType = 1; +pub const kSecTrustResultDeny: SecTrustResultType = 3; +pub const kSecTrustResultUnspecified: SecTrustResultType = 4; +pub const kSecTrustResultRecoverableTrustFailure: SecTrustResultType = 5; +pub const kSecTrustResultFatalTrustFailure: SecTrustResultType = 6; +pub const kSecTrustResultOtherError: SecTrustResultType = 7; + +#[cfg(target_os = "macos")] +mod flags { + pub type SecTrustOptionFlags = u32; + + pub const kSecTrustOptionAllowExpired: SecTrustOptionFlags = 0x0000_0001; + pub const kSecTrustOptionLeafIsCA: SecTrustOptionFlags = 0x0000_0002; + pub const kSecTrustOptionFetchIssuerFromNet: SecTrustOptionFlags = 0x0000_0004; + pub const kSecTrustOptionAllowExpiredRoot: SecTrustOptionFlags = 0x0000_0008; + pub const kSecTrustOptionRequireRevPerCert: SecTrustOptionFlags = 0x0000_0010; + pub const kSecTrustOptionUseTrustSettings: SecTrustOptionFlags = 0x0000_0020; + pub const kSecTrustOptionImplicitAnchors: SecTrustOptionFlags = 0x0000_0040; +} + +#[cfg(target_os = "macos")] +pub use flags::*; + +pub enum __SecTrust {} + +pub type SecTrustRef = *mut __SecTrust; + +extern "C" { + pub fn SecTrustGetTypeID() -> CFTypeID; + pub fn SecTrustGetCertificateCount(trust: SecTrustRef) -> CFIndex; + #[deprecated(note = "deprecated by Apple")] + pub fn SecTrustGetCertificateAtIndex(trust: SecTrustRef, ix: CFIndex) -> SecCertificateRef; + pub fn SecTrustSetVerifyDate(trust: SecTrustRef, verifyDate: CFDateRef) -> OSStatus; + pub fn SecTrustSetAnchorCertificates( + trust: SecTrustRef, + anchorCertificates: CFArrayRef, + ) -> OSStatus; + pub fn SecTrustSetAnchorCertificatesOnly( + trust: SecTrustRef, + anchorCertificatesOnly: Boolean, + ) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SecTrustCopyAnchorCertificates(anchors: *mut CFArrayRef) -> OSStatus; + #[deprecated(note = "deprecated by Apple")] + pub fn SecTrustEvaluate(trust: SecTrustRef, result: *mut SecTrustResultType) -> OSStatus; + // it should have been OSX_10_14, but due to back-compat it can't rely on the newer feature flag + #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecTrustEvaluateWithError(trust: SecTrustRef, error: *mut CFErrorRef) -> bool; + pub fn SecTrustCreateWithCertificates( + certificates: CFTypeRef, + policies: CFTypeRef, + trust: *mut SecTrustRef, + ) -> OSStatus; + pub fn SecTrustSetPolicies(trust: SecTrustRef, policies: CFTypeRef) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SecTrustSetOptions(trust: SecTrustRef, options: SecTrustOptionFlags) -> OSStatus; + pub fn SecTrustGetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: *mut Boolean) -> OSStatus; + pub fn SecTrustSetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: Boolean) -> OSStatus; + pub fn SecTrustSetOCSPResponse(trust: SecTrustRef, responseData: CFTypeRef) -> OSStatus; + #[cfg(any(feature = "OSX_10_14", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] + pub fn SecTrustSetSignedCertificateTimestamps( + trust: SecTrustRef, + sctArray: CFArrayRef, + ) -> OSStatus; + pub fn SecTrustCopyPublicKey(trust: SecTrustRef) -> SecKeyRef; +} diff --git a/vendor/security-framework-sys/src/trust_settings.rs b/vendor/security-framework-sys/src/trust_settings.rs new file mode 100644 index 00000000..fad20a18 --- /dev/null +++ b/vendor/security-framework-sys/src/trust_settings.rs @@ -0,0 +1,35 @@ +use crate::base::SecCertificateRef; +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::OSStatus; + +pub type SecTrustSettingsDomain = u32; + +pub const kSecTrustSettingsDomainUser: SecTrustSettingsDomain = 0; +pub const kSecTrustSettingsDomainAdmin: SecTrustSettingsDomain = 1; +pub const kSecTrustSettingsDomainSystem: SecTrustSettingsDomain = 2; + +pub type SecTrustSettingsResult = u32; + +pub const kSecTrustSettingsResultInvalid: SecTrustSettingsResult = 0; +pub const kSecTrustSettingsResultTrustRoot: SecTrustSettingsResult = 1; +pub const kSecTrustSettingsResultTrustAsRoot: SecTrustSettingsResult = 2; +pub const kSecTrustSettingsResultDeny: SecTrustSettingsResult = 3; +pub const kSecTrustSettingsResultUnspecified: SecTrustSettingsResult = 4; + +extern "C" { + pub fn SecTrustSettingsCopyCertificates( + domain: SecTrustSettingsDomain, + certsOut: *mut CFArrayRef, + ) -> OSStatus; + pub fn SecTrustSettingsCopyTrustSettings( + certificateRef: SecCertificateRef, + domain: SecTrustSettingsDomain, + trustSettings: *mut CFArrayRef, + ) -> OSStatus; + pub fn SecTrustSettingsSetTrustSettings( + certificateRef: SecCertificateRef, + domain: SecTrustSettingsDomain, + trustSettingsDictOrArray: CFTypeRef, + ) -> OSStatus; +} |