diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-30 03:59:24 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-30 03:59:24 +0000 |
| commit | 023939b627b7dc93b01471f7d41fb8553ddb4ffa (patch) | |
| tree | 60fc59477c605c72b0a1051409062ddecc43f877 /vendor/security-framework-sys | |
| parent | Adding debian version 1.72.1+dfsg1-1. (diff) | |
| download | rustc-023939b627b7dc93b01471f7d41fb8553ddb4ffa.tar.xz rustc-023939b627b7dc93b01471f7d41fb8553ddb4ffa.zip | |
Merging upstream version 1.73.0+dfsg1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'vendor/security-framework-sys')
28 files changed, 2089 insertions, 0 deletions
diff --git a/vendor/security-framework-sys/.cargo-checksum.json b/vendor/security-framework-sys/.cargo-checksum.json new file mode 100644 index 000000000..c3ffc9bc9 --- /dev/null +++ b/vendor/security-framework-sys/.cargo-checksum.json @@ -0,0 +1 @@ +{"files":{"Cargo.toml":"20e20b7fc4f390987e5610851e872cabe3bca0b67a0740278fe7f89fc304fcc5","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"91e934255ba3b2f21103d68c5581c23ef34aa95c4628e4405b8c901935e11c69","README.md":"ff1d022f35ff76531a361ad421ba7ee61ce186dc6516f72fc819ec4b2a5567a4","src/access.rs":"5a3793ee3b77360f183404c1543111d6e96f5a0728f7ebdf3f6112594d9c4deb","src/access_control.rs":"097eb2ac649fed2e4b9eca8e5115ab0cb7e72cb148c2bed44f056c786d2d4691","src/authorization.rs":"82823dc5a60a7cd23bd5ee551685dd2fdc3744ab6563d838a9def393b4bba235","src/base.rs":"d4451e5dc4bb152bec38933a57de4779de491dd113308907fa39bd9720e55e7d","src/certificate.rs":"789a17be2f930fd5083e01c815551174d8cebd2435b238865724295c1580deb0","src/certificate_oids.rs":"67f6b691925133c2501e0be31aea514b3ef0e9d382281cb283bd9aa6614dc580","src/cipher_suite.rs":"d86cad8b3e48240642595b2e1518d36ecffd0fc5bcb09fbff22d6b211cde93da","src/code_signing.rs":"1120f85df71179a2261afcbbd4cf6d0c0c18c164f9b6d2c1f912fb58194ed23a","src/digest_transform.rs":"230c1ca843df534de6d5ea33d623781c0e5fac6063f472b727b118a5abea99d2","src/encrypt_transform.rs":"0992ad3ac4da00e31bc3fc481ec94e35b37f2816903872bfe9a7ef0e7547c318","src/identity.rs":"90d90db56ae650113bdb09743882b62cd426bca50be5ac2fb99e9375a932d91b","src/import_export.rs":"4efb4c41581ccdc16411e2b3a068a02a0b0ef68ebf689014240e4916ebab768e","src/item.rs":"adc4ae21067f8b65954dab3e2b71aee64715200c565ceb2222e5dac6c8fe1e1a","src/key.rs":"d9afccbeaa42c2ae2ad2f8b9f762a39239b960da7826124b610ef949a0b8be8b","src/keychain.rs":"b1c1a5d5bab31e3658b4bcfa501d8e96f15cb76f38e15d1b86ed1edfc728b992","src/keychain_item.rs":"ac7be52b5e055f934379048623c0d68cd5e24a0cf9436fa0dcd9d66c2a0598ec","src/lib.rs":"6740d2c9b3f11cc21005f021c9f4b21fcba11018b67e23dec1b34882a7758c3d","src/policy.rs":"cc33c34452cdcceb88e6d9bb890a552b8d0fc1db5ac7db98df2c418c7cca6ac8","src/random.rs":"4a9104ef3644d870d50cf3239bf690cd448225fc267214538c4f5bdb1e669052","src/secure_transport.rs":"bb1a5aa05cb6d565e312cc62dbec53305e4ad4a542ec37de4bb5a92021458de9","src/transform.rs":"4768b1f14ad8e72c696c5c68bfddc7cc39caa223caf081c1ff119feeddc9733f","src/trust.rs":"d6ae4ac02466949a7960c470b62f05d865783e4a1010bb76fff0c99ace476d30","src/trust_settings.rs":"21b89cbf485be9c40fd0418553167bfa75a00a7bfc697df558dc4fd86a692239"},"package":"f51d0c0d83bec45f16480d0ce0058397a69e48fcdc52d1dc8855fb68acbd31a7"}
\ No newline at end of file diff --git a/vendor/security-framework-sys/Cargo.toml b/vendor/security-framework-sys/Cargo.toml new file mode 100644 index 000000000..5213eeb08 --- /dev/null +++ b/vendor/security-framework-sys/Cargo.toml @@ -0,0 +1,60 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2018" +name = "security-framework-sys" +version = "2.9.0" +authors = [ + "Steven Fackler <sfackler@gmail.com>", + "Kornel <kornel@geekhood.net>", +] +description = "Apple `Security.framework` low-level FFI bindings" +homepage = "https://lib.rs/crates/security-framework-sys" +readme = "README.md" +keywords = [ + "ffi", + "iOS", + "TLS", + "SSL", + "crypto", +] +categories = [ + "os::macos-apis", + "external-ffi-bindings", +] +license = "MIT OR Apache-2.0" +repository = "https://github.com/kornelski/rust-security-framework" + +[package.metadata.docs.rs] +targets = [ + "x86_64-apple-darwin", + "aarch64-apple-ios", +] + +[dependencies.core-foundation-sys] +version = "0.8.3" + +[dependencies.libc] +version = "0.2.139" + +[features] +OSX_10_10 = ["OSX_10_9"] +OSX_10_11 = ["OSX_10_10"] +OSX_10_12 = ["OSX_10_11"] +OSX_10_13 = ["OSX_10_12"] +OSX_10_14 = ["OSX_10_13"] +OSX_10_15 = ["OSX_10_14"] +OSX_10_9 = [] +default = ["OSX_10_9"] + +[badges.maintenance] +status = "passively-maintained" diff --git a/vendor/security-framework-sys/LICENSE-APACHE b/vendor/security-framework-sys/LICENSE-APACHE new file mode 100644 index 000000000..16fe87b06 --- /dev/null +++ b/vendor/security-framework-sys/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/vendor/security-framework-sys/LICENSE-MIT b/vendor/security-framework-sys/LICENSE-MIT new file mode 100644 index 000000000..755eccdb0 --- /dev/null +++ b/vendor/security-framework-sys/LICENSE-MIT @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2015 Steven Fackler + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/security-framework-sys/README.md b/vendor/security-framework-sys/README.md new file mode 100644 index 000000000..0da3780d0 --- /dev/null +++ b/vendor/security-framework-sys/README.md @@ -0,0 +1,22 @@ +# macOS/iOS Security framework for Rust + +[](https://lib.rs/crates/security-framework) + +[Documentation](https://docs.rs/security-framework) + +Bindings to the Apple's `Security.framework`. Allows use of TLS and Keychain from Rust. + +## License + +Licensed under either of + * Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0) + * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you shall be dual licensed as above, without any +additional terms or conditions. + diff --git a/vendor/security-framework-sys/src/access.rs b/vendor/security-framework-sys/src/access.rs new file mode 100644 index 000000000..c759f78de --- /dev/null +++ b/vendor/security-framework-sys/src/access.rs @@ -0,0 +1,5 @@ +use core_foundation_sys::base::CFTypeID; + +extern "C" { + pub fn SecAccessGetTypeID() -> CFTypeID; +} diff --git a/vendor/security-framework-sys/src/access_control.rs b/vendor/security-framework-sys/src/access_control.rs new file mode 100644 index 000000000..07c21e4a2 --- /dev/null +++ b/vendor/security-framework-sys/src/access_control.rs @@ -0,0 +1,35 @@ +use core_foundation_sys::base::CFOptionFlags; +use core_foundation_sys::base::{CFAllocatorRef, CFTypeID, CFTypeRef}; +use core_foundation_sys::error::CFErrorRef; + +use crate::base::SecAccessControlRef; + +mod access_control_flags { + use super::CFOptionFlags; + + pub const kSecAccessControlUserPresence: CFOptionFlags = 1 << 0; + #[cfg(feature = "OSX_10_13")] + pub const kSecAccessControlBiometryAny: CFOptionFlags = 1 << 1; + #[cfg(feature = "OSX_10_13")] + pub const kSecAccessControlBiometryCurrentSet: CFOptionFlags = 1 << 3; + pub const kSecAccessControlDevicePasscode: CFOptionFlags = 1 << 4; + #[cfg(feature = "OSX_10_15")] + pub const kSecAccessControlWatch: CFOptionFlags = 1 << 5; + pub const kSecAccessControlOr: CFOptionFlags = 1 << 14; + pub const kSecAccessControlAnd: CFOptionFlags = 1 << 15; + pub const kSecAccessControlPrivateKeyUsage: CFOptionFlags = 1 << 30; + pub const kSecAccessControlApplicationPassword: CFOptionFlags = 1 << 31; +} + +pub use access_control_flags::*; + +extern "C" { + pub fn SecAccessControlGetTypeID() -> CFTypeID; + + pub fn SecAccessControlCreateWithFlags( + allocator: CFAllocatorRef, + protection: CFTypeRef, + flags: CFOptionFlags, + error: *mut CFErrorRef, + ) -> SecAccessControlRef; +} diff --git a/vendor/security-framework-sys/src/authorization.rs b/vendor/security-framework-sys/src/authorization.rs new file mode 100644 index 000000000..07f9a3e0c --- /dev/null +++ b/vendor/security-framework-sys/src/authorization.rs @@ -0,0 +1,145 @@ +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::OSStatus; +use core_foundation_sys::bundle::CFBundleRef; +use core_foundation_sys::dictionary::CFDictionaryRef; +use core_foundation_sys::string::CFStringRef; +use std::os::raw::{c_char, c_void}; + +pub const errAuthorizationSuccess: OSStatus = 0; +pub const errAuthorizationInvalidSet: OSStatus = -60001; +pub const errAuthorizationInvalidRef: OSStatus = -60002; +pub const errAuthorizationInvalidTag: OSStatus = -60003; +pub const errAuthorizationInvalidPointer: OSStatus = -60004; +pub const errAuthorizationDenied: OSStatus = -60005; +pub const errAuthorizationCanceled: OSStatus = -60006; +pub const errAuthorizationInteractionNotAllowed: OSStatus = -60007; +pub const errAuthorizationInternal: OSStatus = -60008; +pub const errAuthorizationExternalizeNotAllowed: OSStatus = -60009; +pub const errAuthorizationInternalizeNotAllowed: OSStatus = -60010; +pub const errAuthorizationInvalidFlags: OSStatus = -60011; +pub const errAuthorizationToolExecuteFailure: OSStatus = -60031; +pub const errAuthorizationToolEnvironmentError: OSStatus = -60032; +pub const errAuthorizationBadAddress: OSStatus = -60033; + +pub type AuthorizationFlags = u32; +pub const kAuthorizationFlagDefaults: AuthorizationFlags = 0; +pub const kAuthorizationFlagInteractionAllowed: AuthorizationFlags = 1; +pub const kAuthorizationFlagExtendRights: AuthorizationFlags = 2; +pub const kAuthorizationFlagPartialRights: AuthorizationFlags = 4; +pub const kAuthorizationFlagDestroyRights: AuthorizationFlags = 8; +pub const kAuthorizationFlagPreAuthorize: AuthorizationFlags = 16; + +pub type AuthorizationRef = *mut c_void; +pub type AuthorizationString = *const c_char; + +#[repr(C)] +#[derive(Copy, Clone, Debug)] +pub struct AuthorizationItem { + pub name: AuthorizationString, + pub valueLength: usize, + pub value: *mut c_void, + pub flags: u32, +} + +#[repr(C)] +#[derive(Copy, Clone, Debug)] +pub struct AuthorizationItemSet { + pub count: u32, + pub items: *mut AuthorizationItem, +} + +pub const kAuthorizationExternalFormLength: usize = 32; + +#[repr(C)] +#[derive(Copy, Clone, Debug)] +pub struct AuthorizationExternalForm { + pub bytes: [c_char; kAuthorizationExternalFormLength], +} + +pub type AuthorizationRights = AuthorizationItemSet; +pub type AuthorizationEnvironment = AuthorizationItemSet; + +pub type AuthorizationAsyncCallback = + unsafe extern "C" fn(err: OSStatus, blockAuthorizedRights: *mut AuthorizationRights); + +extern "C" { + pub fn AuthorizationCreate( + rights: *const AuthorizationRights, + environment: *const AuthorizationEnvironment, + flags: AuthorizationFlags, + authorization: *mut AuthorizationRef, + ) -> OSStatus; + + pub fn AuthorizationFree( + authorization: AuthorizationRef, + flags: AuthorizationFlags, + ) -> OSStatus; + + pub fn AuthorizationCopyRights( + authorization: AuthorizationRef, + rights: *const AuthorizationRights, + environment: *const AuthorizationEnvironment, + flags: AuthorizationFlags, + authorizedRights: *mut *mut AuthorizationRights, + ) -> OSStatus; + + pub fn AuthorizationCopyRightsAsync( + authorization: AuthorizationRef, + rights: *const AuthorizationRights, + environment: *const AuthorizationEnvironment, + flags: AuthorizationFlags, + callbackBlock: AuthorizationAsyncCallback, + ); + + pub fn AuthorizationCopyInfo( + authorization: AuthorizationRef, + tag: AuthorizationString, + info: *mut *mut AuthorizationItemSet, + ) -> OSStatus; + + pub fn AuthorizationMakeExternalForm( + authorization: AuthorizationRef, + extForm: *mut AuthorizationExternalForm, + ) -> OSStatus; + + pub fn AuthorizationCreateFromExternalForm( + extForm: *const AuthorizationExternalForm, + authorization: *mut AuthorizationRef, + ) -> OSStatus; + + pub fn AuthorizationFreeItemSet(set: *mut AuthorizationItemSet) -> OSStatus; + + pub fn AuthorizationRightGet( + rightName: *const c_char, + rightDefinition: *mut CFDictionaryRef, + ) -> OSStatus; + + pub fn AuthorizationRightSet( + authorization: AuthorizationRef, + rightName: *const c_char, + rightDefinition: CFTypeRef, + descriptionKey: CFStringRef, + bundle: CFBundleRef, + localeTableName: CFStringRef, + ) -> OSStatus; + + pub fn AuthorizationRightRemove( + authorization: AuthorizationRef, + rightName: *const c_char, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn AuthorizationExecuteWithPrivileges( + authorization: AuthorizationRef, + pathToTool: *const c_char, + options: AuthorizationFlags, + arguments: *const *mut c_char, + communicationsPipe: *mut *mut libc::FILE, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn AuthorizationCopyPrivilegedReference( + authorization: *mut AuthorizationRef, + flags: AuthorizationFlags, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/base.rs b/vendor/security-framework-sys/src/base.rs new file mode 100644 index 000000000..ea0e7f419 --- /dev/null +++ b/vendor/security-framework-sys/src/base.rs @@ -0,0 +1,67 @@ +use core_foundation_sys::base::OSStatus; +use core_foundation_sys::string::CFStringRef; +use std::os::raw::c_void; + +pub enum OpaqueSecKeychainRef {} +pub type SecKeychainRef = *mut OpaqueSecKeychainRef; + +pub enum OpaqueSecKeychainItemRef {} +pub type SecKeychainItemRef = *mut OpaqueSecKeychainItemRef; + +// OSType from MacTypes.h +pub type SecKeychainAttrType = u32; + +#[repr(C)] +#[derive(Copy, Clone)] +pub struct SecKeychainAttribute { + pub tag: SecKeychainAttrType, + pub length: u32, + pub data: *mut c_void, +} + +#[repr(C)] +#[derive(Copy, Clone)] +pub struct SecKeychainAttributeList { + pub count: u32, + pub attr: *mut SecKeychainAttribute, +} + +pub enum OpaqueSecCertificateRef {} +pub type SecCertificateRef = *mut OpaqueSecCertificateRef; + +pub enum OpaqueSecAccessRef {} +pub type SecAccessRef = *mut OpaqueSecAccessRef; + +pub enum OpaqueSecAccessControlRef {} +pub type SecAccessControlRef = *mut OpaqueSecAccessControlRef; + +pub enum OpaqueSecKeyRef {} +pub type SecKeyRef = *mut OpaqueSecKeyRef; + +pub enum OpaqueSecIdentityRef {} +pub type SecIdentityRef = *mut OpaqueSecIdentityRef; + +pub enum OpaqueSecPolicyRef {} +pub type SecPolicyRef = *mut OpaqueSecPolicyRef; + +pub const errSecSuccess: OSStatus = 0; +pub const errSecUnimplemented: OSStatus = -4; +pub const errSecIO: OSStatus = -36; +pub const errSecParam: OSStatus = -50; +pub const errSecBadReq: OSStatus = -909; +pub const errSecNoTrustSettings: OSStatus = -25263; +pub const errSecAuthFailed: OSStatus = -25293; +pub const errSecDuplicateItem: OSStatus = -25299; +pub const errSecItemNotFound: OSStatus = -25300; +pub const errSecCreateChainFailed: OSStatus = -25318; +pub const errSecConversionError: OSStatus = -67594; +pub const errSecHostNameMismatch: OSStatus = -67602; +pub const errSecInvalidExtendedKeyUsage: OSStatus = -67609; +pub const errSecTrustSettingDeny: OSStatus = -67654; +pub const errSecCertificateRevoked: OSStatus = -67820; +pub const errSecNotTrusted: OSStatus = -67843; + +extern "C" { + // this is available on iOS 11.3+, MacOS 10.3+ + pub fn SecCopyErrorMessageString(status: OSStatus, reserved: *mut c_void) -> CFStringRef; +} diff --git a/vendor/security-framework-sys/src/certificate.rs b/vendor/security-framework-sys/src/certificate.rs new file mode 100644 index 000000000..bf44cb636 --- /dev/null +++ b/vendor/security-framework-sys/src/certificate.rs @@ -0,0 +1,83 @@ +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::{CFAllocatorRef, CFTypeID, OSStatus}; +use core_foundation_sys::data::CFDataRef; +#[cfg(target_os = "macos")] +use core_foundation_sys::dictionary::CFDictionaryRef; +#[cfg(any(target_os = "macos", target_os = "ios"))] +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecCertificateRef; +use crate::base::SecKeyRef; +use crate::base::SecKeychainRef; + +extern "C" { + #[cfg(target_os = "macos")] + pub static kSecPropertyKeyType: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyKeyLabel: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyKeyLocalizedLabel: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyKeyValue: CFStringRef; + + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeWarning: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeSuccess: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeSection: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeData: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeString: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeURL: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecPropertyTypeDate: CFStringRef; + + pub fn SecCertificateGetTypeID() -> CFTypeID; + pub fn SecCertificateCreateWithData( + allocator: CFAllocatorRef, + data: CFDataRef, + ) -> SecCertificateRef; + pub fn SecCertificateAddToKeychain( + certificate: SecCertificateRef, + keychain: SecKeychainRef, + ) -> OSStatus; + pub fn SecCertificateCopyData(certificate: SecCertificateRef) -> CFDataRef; + pub fn SecCertificateCopySubjectSummary(certificate: SecCertificateRef) -> CFStringRef; + pub fn SecCertificateCopyCommonName( + certificate: SecCertificateRef, + common_name: *mut CFStringRef, + ) -> OSStatus; + pub fn SecCertificateCopyEmailAddresses( + certificate: SecCertificateRef, + email_addresses: *mut CFArrayRef, + ) -> OSStatus; + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub fn SecCertificateCopyNormalizedIssuerSequence(certificate: SecCertificateRef) -> CFDataRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub fn SecCertificateCopyNormalizedSubjectSequence(certificate: SecCertificateRef) + -> CFDataRef; + #[cfg(target_os = "macos")] + #[cfg_attr(target_arch = "aarch64", link_name = "SecCertificateCopyPublicKey$LEGACYMAC")] + #[deprecated(note = "Deprecated by Apple. May not work any more. Use SecCertificateCopyKey")] + pub fn SecCertificateCopyPublicKey( + certificate: SecCertificateRef, + key: *mut SecKeyRef, + ) -> OSStatus; + #[cfg(any(feature = "OSX_10_14", target_os = "ios"))] + pub fn SecCertificateCopyKey(certificate: SecCertificateRef) -> SecKeyRef; + #[cfg(any(feature = "OSX_10_13", target_os = "ios"))] + pub fn SecCertificateCopySerialNumberData( + certificate: SecCertificateRef, + error: *mut CFErrorRef, + ) -> CFDataRef; + #[cfg(target_os = "macos")] + pub fn SecCertificateCopyValues( + certificate: SecCertificateRef, + keys: CFArrayRef, + error: *mut CFErrorRef, + ) -> CFDictionaryRef; +} diff --git a/vendor/security-framework-sys/src/certificate_oids.rs b/vendor/security-framework-sys/src/certificate_oids.rs new file mode 100644 index 000000000..7f6b854d9 --- /dev/null +++ b/vendor/security-framework-sys/src/certificate_oids.rs @@ -0,0 +1,5 @@ +use core_foundation_sys::string::CFStringRef; + +extern "C" { + pub static kSecOIDX509V1SignatureAlgorithm: CFStringRef; +} diff --git a/vendor/security-framework-sys/src/cipher_suite.rs b/vendor/security-framework-sys/src/cipher_suite.rs new file mode 100644 index 000000000..9782a0e50 --- /dev/null +++ b/vendor/security-framework-sys/src/cipher_suite.rs @@ -0,0 +1,219 @@ +#[cfg(not(target_os = "macos"))] +pub type SSLCipherSuite = u16; + +#[cfg(all(target_os = "macos", target_arch = "aarch64"))] +pub type SSLCipherSuite = u16; + +#[cfg(all(target_os = "macos", not(target_arch = "aarch64")))] +pub type SSLCipherSuite = u32; + +pub const SSL_NULL_WITH_NULL_NULL: SSLCipherSuite = 0x0000; +pub const SSL_RSA_WITH_NULL_MD5: SSLCipherSuite = 0x0001; +pub const SSL_RSA_WITH_NULL_SHA: SSLCipherSuite = 0x0002; +pub const SSL_RSA_EXPORT_WITH_RC4_40_MD5: SSLCipherSuite = 0x0003; +pub const SSL_RSA_WITH_RC4_128_MD5: SSLCipherSuite = 0x0004; +pub const SSL_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0x0005; +pub const SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: SSLCipherSuite = 0x0006; +pub const SSL_RSA_WITH_IDEA_CBC_SHA: SSLCipherSuite = 0x0007; +pub const SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0008; +pub const SSL_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0009; +pub const SSL_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000A; +pub const SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x000B; +pub const SSL_DH_DSS_WITH_DES_CBC_SHA: SSLCipherSuite = 0x000C; +pub const SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000D; +pub const SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x000E; +pub const SSL_DH_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x000F; +pub const SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0010; +pub const SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0011; +pub const SSL_DHE_DSS_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0012; +pub const SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0013; +pub const SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0014; +pub const SSL_DHE_RSA_WITH_DES_CBC_SHA: SSLCipherSuite = 0x0015; +pub const SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0016; +pub const SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: SSLCipherSuite = 0x0017; +pub const SSL_DH_anon_WITH_RC4_128_MD5: SSLCipherSuite = 0x0018; +pub const SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: SSLCipherSuite = 0x0019; +pub const SSL_DH_anon_WITH_DES_CBC_SHA: SSLCipherSuite = 0x001A; +pub const SSL_DH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x001B; +pub const SSL_FORTEZZA_DMS_WITH_NULL_SHA: SSLCipherSuite = 0x001C; +pub const SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: SSLCipherSuite = 0x001D; + +// TLS addenda using AES, per RFC 3268 +pub const TLS_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x002F; +pub const TLS_DH_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0030; +pub const TLS_DH_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0031; +pub const TLS_DHE_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0032; +pub const TLS_DHE_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0033; +pub const TLS_DH_anon_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0034; +pub const TLS_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0035; +pub const TLS_DH_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0036; +pub const TLS_DH_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0037; +pub const TLS_DHE_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0038; +pub const TLS_DHE_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0039; +pub const TLS_DH_anon_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x003A; + +// ECDSA addenda, RFC 4492 +pub const TLS_ECDH_ECDSA_WITH_NULL_SHA: SSLCipherSuite = 0xC001; +pub const TLS_ECDH_ECDSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC002; +pub const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC003; +pub const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC004; +pub const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC005; +pub const TLS_ECDHE_ECDSA_WITH_NULL_SHA: SSLCipherSuite = 0xC006; +pub const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC007; +pub const TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC008; +pub const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC009; +pub const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC00A; +pub const TLS_ECDH_RSA_WITH_NULL_SHA: SSLCipherSuite = 0xC00B; +pub const TLS_ECDH_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC00C; +pub const TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC00D; +pub const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC00E; +pub const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC00F; +pub const TLS_ECDHE_RSA_WITH_NULL_SHA: SSLCipherSuite = 0xC010; +pub const TLS_ECDHE_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0xC011; +pub const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC012; +pub const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC013; +pub const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC014; +pub const TLS_ECDH_anon_WITH_NULL_SHA: SSLCipherSuite = 0xC015; +pub const TLS_ECDH_anon_WITH_RC4_128_SHA: SSLCipherSuite = 0xC016; +pub const TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0xC017; +pub const TLS_ECDH_anon_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0xC018; +pub const TLS_ECDH_anon_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0xC019; + +// TLS 1.2 addenda, RFC 5246 + +// Initial state. +pub const TLS_NULL_WITH_NULL_NULL: SSLCipherSuite = 0x0000; + +// Server provided RSA certificate for key exchange. +pub const TLS_RSA_WITH_NULL_MD5: SSLCipherSuite = 0x0001; +pub const TLS_RSA_WITH_NULL_SHA: SSLCipherSuite = 0x0002; +pub const TLS_RSA_WITH_RC4_128_MD5: SSLCipherSuite = 0x0004; +pub const TLS_RSA_WITH_RC4_128_SHA: SSLCipherSuite = 0x0005; +pub const TLS_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000A; +// pub const TLS_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x002F; +// pub const TLS_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0035; +pub const TLS_RSA_WITH_NULL_SHA256: SSLCipherSuite = 0x003B; +pub const TLS_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003C; +pub const TLS_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x003D; + +// Server-authenticated (and optionally client-authenticated) Diffie-Hellman. +pub const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x000D; +pub const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0010; +pub const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0013; +pub const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0016; +// pub const TLS_DH_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0030; +// pub const TLS_DH_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0031; +// pub const TLS_DHE_DSS_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0032; +// pub const TLS_DHE_RSA_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0033; +// pub const TLS_DH_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0036; +// pub const TLS_DH_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0037; +// pub const TLS_DHE_DSS_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0038; +// pub const TLS_DHE_RSA_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0039; +pub const TLS_DH_DSS_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003E; +pub const TLS_DH_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x003F; +pub const TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x0040; +pub const TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x0067; +pub const TLS_DH_DSS_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x0068; +pub const TLS_DH_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x0069; +pub const TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006A; +pub const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006B; + +// Completely anonymous Diffie-Hellman +pub const TLS_DH_anon_WITH_RC4_128_MD5: SSLCipherSuite = 0x0018; +pub const TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x001B; +// pub const TLS_DH_anon_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0034; +// pub const TLS_DH_anon_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x003A; +pub const TLS_DH_anon_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x006C; +pub const TLS_DH_anon_WITH_AES_256_CBC_SHA256: SSLCipherSuite = 0x006D; + +// Addendum from RFC 4279, TLS PSK + +pub const TLS_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x008A; +pub const TLS_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x008B; +pub const TLS_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x008C; +pub const TLS_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x008D; +pub const TLS_DHE_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x008E; +pub const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x008F; +pub const TLS_DHE_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0090; +pub const TLS_DHE_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0091; +pub const TLS_RSA_PSK_WITH_RC4_128_SHA: SSLCipherSuite = 0x0092; +pub const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: SSLCipherSuite = 0x0093; +pub const TLS_RSA_PSK_WITH_AES_128_CBC_SHA: SSLCipherSuite = 0x0094; +pub const TLS_RSA_PSK_WITH_AES_256_CBC_SHA: SSLCipherSuite = 0x0095; + +// RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption + +pub const TLS_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002C; +pub const TLS_DHE_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002D; +pub const TLS_RSA_PSK_WITH_NULL_SHA: SSLCipherSuite = 0x002E; + +// Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites +// for TLS. +pub const TLS_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x009C; +pub const TLS_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x009D; +pub const TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x009E; +pub const TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x009F; +pub const TLS_DH_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A0; +pub const TLS_DH_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A1; +pub const TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A2; +pub const TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A3; +pub const TLS_DH_DSS_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A4; +pub const TLS_DH_DSS_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A5; +pub const TLS_DH_anon_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A6; +pub const TLS_DH_anon_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A7; + +// RFC 5487 - PSK with SHA-256/384 and AES GCM +pub const TLS_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00A8; +pub const TLS_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00A9; +pub const TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00AA; +pub const TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00AB; +pub const TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0x00AC; +pub const TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0x00AD; + +pub const TLS_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00AE; +pub const TLS_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00AF; +pub const TLS_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B0; +pub const TLS_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B1; + +pub const TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00B2; +pub const TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00B3; +pub const TLS_DHE_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B4; +pub const TLS_DHE_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B5; + +pub const TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0x00B6; +pub const TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0x00B7; +pub const TLS_RSA_PSK_WITH_NULL_SHA256: SSLCipherSuite = 0x00B8; +pub const TLS_RSA_PSK_WITH_NULL_SHA384: SSLCipherSuite = 0x00B9; + +// Addenda from rfc 5289 Elliptic Curve Cipher Suites with +// HMAC SHA-256/384. +pub const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC023; +pub const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC024; +pub const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC025; +pub const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC026; +pub const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC027; +pub const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC028; +pub const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: SSLCipherSuite = 0xC029; +pub const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: SSLCipherSuite = 0xC02A; + +// Addenda from rfc 5289 Elliptic Curve Cipher Suites with +// SHA-256/384 and AES Galois Counter Mode (GCM) +pub const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02B; +pub const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC02C; +pub const TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02D; +pub const TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC02E; +pub const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC02F; +pub const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC030; +pub const TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: SSLCipherSuite = 0xC031; +pub const TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: SSLCipherSuite = 0xC032; + +// RFC 5746 - Secure Renegotiation +pub const TLS_EMPTY_RENEGOTIATION_INFO_SCSV: SSLCipherSuite = 0x00FF; +// Tags for SSL 2 cipher kinds which are not specified +// for SSL 3. +// +pub const SSL_RSA_WITH_RC2_CBC_MD5: SSLCipherSuite = 0xFF80; +pub const SSL_RSA_WITH_IDEA_CBC_MD5: SSLCipherSuite = 0xFF81; +pub const SSL_RSA_WITH_DES_CBC_MD5: SSLCipherSuite = 0xFF82; +pub const SSL_RSA_WITH_3DES_EDE_CBC_MD5: SSLCipherSuite = 0xFF83; +pub const SSL_NO_SUCH_CIPHERSUITE: SSLCipherSuite = 0xFFFF; diff --git a/vendor/security-framework-sys/src/code_signing.rs b/vendor/security-framework-sys/src/code_signing.rs new file mode 100644 index 000000000..bd4abc766 --- /dev/null +++ b/vendor/security-framework-sys/src/code_signing.rs @@ -0,0 +1,96 @@ +use core_foundation_sys::base::CFTypeID; +use core_foundation_sys::base::OSStatus; +use core_foundation_sys::dictionary::CFDictionaryRef; +use core_foundation_sys::string::CFStringRef; +use core_foundation_sys::url::CFURLRef; + +pub enum OpaqueSecRequirementRef {} +pub type SecRequirementRef = *mut OpaqueSecRequirementRef; + +pub enum OpaqueSecCodeRef {} +pub type SecCodeRef = *mut OpaqueSecCodeRef; + +pub enum OpaqueSecStaticCodeRef {} +pub type SecStaticCodeRef = *mut OpaqueSecStaticCodeRef; + +pub type SecCSFlags = u32; +pub const kSecCSCheckAllArchitectures: SecCSFlags = 1 << 0; +pub const kSecCSDoNotValidateExecutable: SecCSFlags = 1 << 1; +pub const kSecCSDoNotValidateResources: SecCSFlags = 1 << 2; +pub const kSecCSBasicValidateOnly: SecCSFlags = + kSecCSDoNotValidateExecutable | kSecCSDoNotValidateResources; +pub const kSecCSCheckNestedCode: SecCSFlags = 1 << 3; +pub const kSecCSStrictValidate: SecCSFlags = 1 << 4; +pub const kSecCSFullReport: SecCSFlags = 1 << 5; +pub const kSecCSCheckGatekeeperArchitectures: SecCSFlags = (1 << 6) | kSecCSCheckAllArchitectures; +pub const kSecCSRestrictSymlinks: SecCSFlags = 1 << 7; +pub const kSecCSRestrictToAppLike: SecCSFlags = 1 << 8; +pub const kSecCSRestrictSidebandData: SecCSFlags = 1 << 9; +pub const kSecCSUseSoftwareSigningCert: SecCSFlags = 1 << 10; +pub const kSecCSValidatePEH: SecCSFlags = 1 << 11; +pub const kSecCSSingleThreaded: SecCSFlags = 1 << 12; +// 13 - 15 are unused +// This is only available in macOS 11.3: +// pub const kSecCSAllowNetworkAccess: SecCSFlags = 1 << 16; +// 17 - 25 are unused +pub const kSecCSQuickCheck: SecCSFlags = 1 << 26; +pub const kSecCSCheckTrustedAnchors: SecCSFlags = 1 << 27; +pub const kSecCSReportProgress: SecCSFlags = 1 << 28; +pub const kSecCSNoNetworkAccess: SecCSFlags = 1 << 29; +pub const kSecCSEnforceRevocationChecks: SecCSFlags = 1 << 30; +pub const kSecCSConsiderExpiration: SecCSFlags = 1 << 31; + +extern "C" { + pub static kSecGuestAttributeArchitecture: CFStringRef; + pub static kSecGuestAttributeAudit: CFStringRef; + pub static kSecGuestAttributeCanonical: CFStringRef; + pub static kSecGuestAttributeDynamicCode: CFStringRef; + pub static kSecGuestAttributeDynamicCodeInfoPlist: CFStringRef; + pub static kSecGuestAttributeHash: CFStringRef; + pub static kSecGuestAttributeMachPort: CFStringRef; + pub static kSecGuestAttributePid: CFStringRef; + pub static kSecGuestAttributeSubarchitecture: CFStringRef; + + pub fn SecCodeGetTypeID() -> CFTypeID; + pub fn SecStaticCodeGetTypeID() -> CFTypeID; + pub fn SecRequirementGetTypeID() -> CFTypeID; + + pub fn SecCodeCheckValidity( + code: SecCodeRef, + flags: SecCSFlags, + requirement: SecRequirementRef, + ) -> OSStatus; + + pub fn SecCodeCopyGuestWithAttributes( + host: SecCodeRef, + attrs: CFDictionaryRef, + flags: SecCSFlags, + guest: *mut SecCodeRef, + ) -> OSStatus; + + pub fn SecCodeCopyPath( + code: SecStaticCodeRef, + flags: SecCSFlags, + path: *mut CFURLRef, + ) -> OSStatus; + + pub fn SecCodeCopySelf(flags: SecCSFlags, out: *mut SecCodeRef) -> OSStatus; + + pub fn SecRequirementCreateWithString( + text: CFStringRef, + flags: SecCSFlags, + requirement: *mut SecRequirementRef, + ) -> OSStatus; + + pub fn SecStaticCodeCheckValidity( + code: SecStaticCodeRef, + flags: SecCSFlags, + requirement: SecRequirementRef, + ) -> OSStatus; + + pub fn SecStaticCodeCreateWithPath( + path: CFURLRef, + flags: SecCSFlags, + code: *mut SecStaticCodeRef, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/digest_transform.rs b/vendor/security-framework-sys/src/digest_transform.rs new file mode 100644 index 000000000..fdcf6ee20 --- /dev/null +++ b/vendor/security-framework-sys/src/digest_transform.rs @@ -0,0 +1,28 @@ +use core_foundation_sys::base::{CFIndex, CFTypeRef}; +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +use crate::transform::SecTransformRef; + +extern "C" { + pub static kSecDigestHMACKeyAttribute: CFStringRef; + pub static kSecDigestHMACMD5: CFStringRef; + pub static kSecDigestHMACSHA1: CFStringRef; + pub static kSecDigestHMACSHA2: CFStringRef; + pub static kSecDigestLengthAttribute: CFStringRef; + pub static kSecDigestMD2: CFStringRef; + pub static kSecDigestMD4: CFStringRef; + pub static kSecDigestMD5: CFStringRef; + pub static kSecDigestSHA1: CFStringRef; + pub static kSecDigestSHA2: CFStringRef; + pub static kSecDigestTypeAttribute: CFStringRef; + + pub fn SecDigestTransformCreate( + digestType: CFTypeRef, + digestLength: CFIndex, + error: *mut CFErrorRef, + ) -> SecTransformRef; + +// this symbol is apparently missing in 10.13.3? +// pub fn SecDigestTransformGetTypeID() -> CFTypeID; +} diff --git a/vendor/security-framework-sys/src/encrypt_transform.rs b/vendor/security-framework-sys/src/encrypt_transform.rs new file mode 100644 index 000000000..853305272 --- /dev/null +++ b/vendor/security-framework-sys/src/encrypt_transform.rs @@ -0,0 +1,29 @@ +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecKeyRef; +use crate::transform::SecTransformRef; + +extern "C" { + pub static kSecEncryptionMode: CFStringRef; + pub static kSecEncryptKey: CFStringRef; + pub static kSecIVKey: CFStringRef; + pub static kSecModeCBCKey: CFStringRef; + pub static kSecModeCFBKey: CFStringRef; + pub static kSecModeECBKey: CFStringRef; + pub static kSecModeNoneKey: CFStringRef; + pub static kSecModeOFBKey: CFStringRef; + pub static kSecPaddingKey: CFStringRef; + pub static kSecPaddingNoneKey: CFStringRef; + pub static kSecPaddingOAEPKey: CFStringRef; + pub static kSecPaddingPKCS1Key: CFStringRef; + pub static kSecPaddingPKCS5Key: CFStringRef; + pub static kSecPaddingPKCS7Key: CFStringRef; + + pub fn SecDecryptTransformCreate(keyRef: SecKeyRef, error: *mut CFErrorRef) -> SecTransformRef; + // this symbol is apparently missing in 10.13.3? + // pub fn SecDecryptTransformGetTypeID() -> CFTypeID; + pub fn SecEncryptTransformCreate(keyRef: SecKeyRef, error: *mut CFErrorRef) -> SecTransformRef; +// this symbol is apparently missing in 10.13.3? +// pub fn SecEncryptTransformGetTypeID() -> CFTypeID; +} diff --git a/vendor/security-framework-sys/src/identity.rs b/vendor/security-framework-sys/src/identity.rs new file mode 100644 index 000000000..6d8295ecc --- /dev/null +++ b/vendor/security-framework-sys/src/identity.rs @@ -0,0 +1,21 @@ +#[cfg(target_os = "macos")] +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::{CFTypeID, OSStatus}; + +use crate::base::{SecCertificateRef, SecIdentityRef, SecKeyRef}; + +extern "C" { + pub fn SecIdentityGetTypeID() -> CFTypeID; + pub fn SecIdentityCopyCertificate( + identity: SecIdentityRef, + certificate_ref: *mut SecCertificateRef, + ) -> OSStatus; + pub fn SecIdentityCopyPrivateKey(identity: SecIdentityRef, key_ref: *mut SecKeyRef) + -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SecIdentityCreateWithCertificate( + keychain_or_Array: CFTypeRef, + certificate_ref: SecCertificateRef, + identity_ref: *mut SecIdentityRef, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/import_export.rs b/vendor/security-framework-sys/src/import_export.rs new file mode 100644 index 000000000..cd32f5716 --- /dev/null +++ b/vendor/security-framework-sys/src/import_export.rs @@ -0,0 +1,86 @@ +use core_foundation_sys::array::CFArrayRef; +#[cfg(target_os = "macos")] +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::OSStatus; +use core_foundation_sys::data::CFDataRef; +use core_foundation_sys::dictionary::CFDictionaryRef; +use core_foundation_sys::string::CFStringRef; +#[cfg(target_os = "macos")] +use std::os::raw::c_uint; + +#[cfg(target_os = "macos")] +use crate::base::{SecAccessRef, SecKeychainRef}; + +#[cfg(target_os = "macos")] +pub type SecExternalFormat = u32; +#[cfg(target_os = "macos")] +pub type SecExternalItemType = u32; +#[cfg(target_os = "macos")] +pub type SecItemImportExportFlags = u32; +#[cfg(target_os = "macos")] +pub type SecKeyImportExportFlags = u32; + +#[cfg(target_os = "macos")] +pub const kSecKeyImportOnlyOne: SecKeyImportExportFlags = 1; +#[cfg(target_os = "macos")] +pub const kSecKeySecurePassphrase: SecKeyImportExportFlags = 2; +#[cfg(target_os = "macos")] +pub const kSecKeyNoAccessControl: SecKeyImportExportFlags = 4; + +#[cfg(target_os = "macos")] +pub const SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION: c_uint = 0; + +#[repr(C)] +#[derive(Copy, Clone)] +#[cfg(target_os = "macos")] +pub struct SecItemImportExportKeyParameters { + pub version: c_uint, + pub flags: SecKeyImportExportFlags, + pub passphrase: CFTypeRef, + pub alertTitle: CFStringRef, + pub alertPrompt: CFStringRef, + pub accessRef: SecAccessRef, + pub keyUsage: CFArrayRef, + pub keyAttributes: CFArrayRef, +} + +extern "C" { + #[cfg(target_os = "macos")] + pub fn SecItemImport( + importedData: CFDataRef, + fileNameOrExtension: CFStringRef, + inputFormat: *mut SecExternalFormat, + itemType: *mut SecExternalItemType, + flags: SecItemImportExportFlags, + keyParams: *const SecItemImportExportKeyParameters, + importKeychain: SecKeychainRef, + outItems: *mut CFArrayRef, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecItemExport( + secItemOrArray: CFTypeRef, + outputFormat: SecExternalFormat, + flags: SecItemImportExportFlags, + keyParams: *const SecItemImportExportKeyParameters, + exportedData: *mut CFDataRef, + ) -> OSStatus; + + pub static kSecImportExportPassphrase: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecImportExportKeychain: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecImportExportAccess: CFStringRef; + + pub static kSecImportItemLabel: CFStringRef; + pub static kSecImportItemKeyID: CFStringRef; + pub static kSecImportItemTrust: CFStringRef; + pub static kSecImportItemCertChain: CFStringRef; + pub static kSecImportItemIdentity: CFStringRef; + + pub fn SecPKCS12Import( + pkcs12_data: CFDataRef, + options: CFDictionaryRef, + items: *mut CFArrayRef, + ) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/item.rs b/vendor/security-framework-sys/src/item.rs new file mode 100644 index 000000000..79a2a2c12 --- /dev/null +++ b/vendor/security-framework-sys/src/item.rs @@ -0,0 +1,77 @@ +use core_foundation_sys::string::CFStringRef; + +extern "C" { + pub static kSecClass: CFStringRef; + pub static kSecClassInternetPassword: CFStringRef; + pub static kSecClassGenericPassword: CFStringRef; + pub static kSecClassCertificate: CFStringRef; + pub static kSecClassKey: CFStringRef; + pub static kSecClassIdentity: CFStringRef; + + pub static kSecMatchLimit: CFStringRef; + pub static kSecMatchLimitAll: CFStringRef; + + pub static kSecReturnData: CFStringRef; + pub static kSecReturnAttributes: CFStringRef; + pub static kSecReturnRef: CFStringRef; + pub static kSecReturnPersistentRef: CFStringRef; + + pub static kSecMatchSearchList: CFStringRef; + + pub static kSecAttrApplicationLabel: CFStringRef; + pub static kSecAttrKeyType: CFStringRef; + pub static kSecAttrLabel: CFStringRef; + pub static kSecAttrIsPermanent: CFStringRef; + pub static kSecAttrPublicKeyHash: CFStringRef; + pub static kSecPrivateKeyAttrs: CFStringRef; + pub static kSecPublicKeyAttrs: CFStringRef; + + pub static kSecAttrKeyClass: CFStringRef; + pub static kSecAttrKeyClassPublic: CFStringRef; + pub static kSecAttrKeyClassPrivate: CFStringRef; + pub static kSecAttrKeyClassSymmetric: CFStringRef; + + pub static kSecUseKeychain: CFStringRef; + #[cfg(any(feature = "OSX_10_15", target_os = "ios"))] + pub static kSecUseDataProtectionKeychain: CFStringRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub static kSecAttrTokenID: CFStringRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub static kSecAttrTokenIDSecureEnclave: CFStringRef; + + pub static kSecAttrKeySizeInBits: CFStringRef; + + pub static kSecAttrKeyTypeECSECPrimeRandom: CFStringRef; + pub static kSecAttrKeyTypeRSA: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeDSA: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeAES: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeDES: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyType3DES: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeRC4: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeRC2: CFStringRef; + #[cfg(target_os = "macos")] + pub static kSecAttrKeyTypeCAST: CFStringRef; + #[cfg(any(feature = "OSX_10_9", target_os = "ios"))] + pub static kSecAttrKeyTypeEC: CFStringRef; + + pub static kSecAttrAccessGroup: CFStringRef; + pub static kSecAttrAccessGroupToken: CFStringRef; + + pub static kSecAttrAuthenticationType: CFStringRef; + pub static kSecAttrPath: CFStringRef; + pub static kSecAttrPort: CFStringRef; + pub static kSecAttrProtocol: CFStringRef; + pub static kSecAttrSecurityDomain: CFStringRef; + pub static kSecAttrServer: CFStringRef; + pub static kSecAttrService: CFStringRef; + pub static kSecAttrAccessControl: CFStringRef; + pub static kSecAttrAccount: CFStringRef; + pub static kSecValueData: CFStringRef; + pub static kSecValueRef: CFStringRef; +} diff --git a/vendor/security-framework-sys/src/key.rs b/vendor/security-framework-sys/src/key.rs new file mode 100644 index 000000000..cc950c2f2 --- /dev/null +++ b/vendor/security-framework-sys/src/key.rs @@ -0,0 +1,167 @@ +use core_foundation_sys::base::CFTypeID; +use core_foundation_sys::data::CFDataRef; +use core_foundation_sys::dictionary::CFDictionaryRef; +use core_foundation_sys::error::CFErrorRef; +#[cfg(any(feature = "OSX_10_12", target_os = "ios"))] +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecKeyRef; + +#[cfg(any(feature = "OSX_10_12", target_os = "ios"))] +pub type SecKeyAlgorithm = CFStringRef; + +extern "C" { + pub fn SecKeyGetTypeID() -> CFTypeID; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub fn SecKeyCreateRandomKey(parameters: CFDictionaryRef, error: *mut CFErrorRef) -> SecKeyRef; + + #[cfg(target_os = "macos")] + pub fn SecKeyCreateFromData( + parameters: CFDictionaryRef, + keyData: CFDataRef, + error: *mut CFErrorRef, + ) -> SecKeyRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub fn SecKeyCopyExternalRepresentation(key: SecKeyRef, error: *mut CFErrorRef) -> CFDataRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub fn SecKeyCopyAttributes(key: SecKeyRef) -> CFDictionaryRef; + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub fn SecKeyCopyPublicKey(key: SecKeyRef) -> SecKeyRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub fn SecKeyCreateSignature( + key: SecKeyRef, + algorithm: SecKeyAlgorithm, + dataToSign: CFDataRef, + error: *mut CFErrorRef, + ) -> CFDataRef; + + #[cfg(any(feature = "OSX_10_12", target_os = "ios"))] + pub fn SecKeyVerifySignature( + key: SecKeyRef, + algorithm: SecKeyAlgorithm, + signedData: CFDataRef, + signature: CFDataRef, + error: *mut CFErrorRef, + ) -> core_foundation_sys::base::Boolean; +} + +#[cfg(any(feature = "OSX_10_12", target_os = "ios"))] +macro_rules! names { + ($($i:ident => $x:ident),*) => { + extern "C" { + $(pub static $x: SecKeyAlgorithm;)* + } + + #[non_exhaustive] + #[derive(Copy, Clone)] + pub enum Algorithm { + $( $i, )* + } + + impl From<Algorithm> for SecKeyAlgorithm { + fn from(m: Algorithm) -> Self { + unsafe { match m { + $( Algorithm::$i => $x, )* + } } + } + } + } +} + +#[cfg(any(feature = "OSX_10_12", target_os = "ios"))] +names! { + ECIESEncryptionStandardX963SHA1AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM, + ECIESEncryptionStandardX963SHA224AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM, + ECIESEncryptionStandardX963SHA256AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM, + ECIESEncryptionStandardX963SHA384AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM, + ECIESEncryptionStandardX963SHA512AESGCM => kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM, + + ECIESEncryptionStandardVariableIVX963SHA224AESGCM => kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM, + ECIESEncryptionStandardVariableIVX963SHA256AESGCM => kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM, + ECIESEncryptionStandardVariableIVX963SHA384AESGCM => kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM, + ECIESEncryptionStandardVariableIVX963SHA512AESGCM => kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM, + + ECIESEncryptionCofactorVariableIVX963SHA224AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM, + ECIESEncryptionCofactorVariableIVX963SHA256AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM, + ECIESEncryptionCofactorVariableIVX963SHA384AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM, + ECIESEncryptionCofactorVariableIVX963SHA512AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM, + + ECIESEncryptionCofactorX963SHA1AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM, + ECIESEncryptionCofactorX963SHA224AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM, + ECIESEncryptionCofactorX963SHA256AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM, + ECIESEncryptionCofactorX963SHA384AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM, + ECIESEncryptionCofactorX963SHA512AESGCM => kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM, + + ECDSASignatureRFC4754 => kSecKeyAlgorithmECDSASignatureRFC4754, + + ECDSASignatureDigestX962 => kSecKeyAlgorithmECDSASignatureDigestX962, + ECDSASignatureDigestX962SHA1 => kSecKeyAlgorithmECDSASignatureDigestX962SHA1, + ECDSASignatureDigestX962SHA224 => kSecKeyAlgorithmECDSASignatureDigestX962SHA224, + ECDSASignatureDigestX962SHA256 => kSecKeyAlgorithmECDSASignatureDigestX962SHA256, + ECDSASignatureDigestX962SHA384 => kSecKeyAlgorithmECDSASignatureDigestX962SHA384, + ECDSASignatureDigestX962SHA512 => kSecKeyAlgorithmECDSASignatureDigestX962SHA512, + + ECDSASignatureMessageX962SHA1 => kSecKeyAlgorithmECDSASignatureMessageX962SHA1, + ECDSASignatureMessageX962SHA224 => kSecKeyAlgorithmECDSASignatureMessageX962SHA224, + ECDSASignatureMessageX962SHA256 => kSecKeyAlgorithmECDSASignatureMessageX962SHA256, + ECDSASignatureMessageX962SHA384 => kSecKeyAlgorithmECDSASignatureMessageX962SHA384, + ECDSASignatureMessageX962SHA512 => kSecKeyAlgorithmECDSASignatureMessageX962SHA512, + + ECDHKeyExchangeCofactor => kSecKeyAlgorithmECDHKeyExchangeCofactor, + ECDHKeyExchangeStandard => kSecKeyAlgorithmECDHKeyExchangeStandard, + ECDHKeyExchangeCofactorX963SHA1 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1, + ECDHKeyExchangeStandardX963SHA1 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1, + ECDHKeyExchangeCofactorX963SHA224 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224, + ECDHKeyExchangeCofactorX963SHA256 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256, + ECDHKeyExchangeCofactorX963SHA384 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384, + ECDHKeyExchangeCofactorX963SHA512 => kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512, + ECDHKeyExchangeStandardX963SHA224 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224, + ECDHKeyExchangeStandardX963SHA256 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256, + ECDHKeyExchangeStandardX963SHA384 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384, + ECDHKeyExchangeStandardX963SHA512 => kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512, + + RSAEncryptionRaw => kSecKeyAlgorithmRSAEncryptionRaw, + RSAEncryptionPKCS1 => kSecKeyAlgorithmRSAEncryptionPKCS1, + + RSAEncryptionOAEPSHA1 => kSecKeyAlgorithmRSAEncryptionOAEPSHA1, + RSAEncryptionOAEPSHA224 => kSecKeyAlgorithmRSAEncryptionOAEPSHA224, + RSAEncryptionOAEPSHA256 => kSecKeyAlgorithmRSAEncryptionOAEPSHA256, + RSAEncryptionOAEPSHA384 => kSecKeyAlgorithmRSAEncryptionOAEPSHA384, + RSAEncryptionOAEPSHA512 => kSecKeyAlgorithmRSAEncryptionOAEPSHA512, + + RSAEncryptionOAEPSHA1AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM, + RSAEncryptionOAEPSHA224AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM, + RSAEncryptionOAEPSHA256AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM, + RSAEncryptionOAEPSHA384AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM, + RSAEncryptionOAEPSHA512AESGCM => kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM, + + RSASignatureRaw => kSecKeyAlgorithmRSASignatureRaw, + + RSASignatureDigestPKCS1v15Raw => kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw, + RSASignatureDigestPKCS1v15SHA1 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, + RSASignatureDigestPKCS1v15SHA224 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224, + RSASignatureDigestPKCS1v15SHA256 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256, + RSASignatureDigestPKCS1v15SHA384 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384, + RSASignatureDigestPKCS1v15SHA512 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512, + + RSASignatureMessagePKCS1v15SHA1 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1, + RSASignatureMessagePKCS1v15SHA224 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224, + RSASignatureMessagePKCS1v15SHA256 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256, + RSASignatureMessagePKCS1v15SHA384 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384, + RSASignatureMessagePKCS1v15SHA512 => kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512, + + RSASignatureDigestPSSSHA1 => kSecKeyAlgorithmRSASignatureDigestPSSSHA1, + RSASignatureDigestPSSSHA224 => kSecKeyAlgorithmRSASignatureDigestPSSSHA224, + RSASignatureDigestPSSSHA256 => kSecKeyAlgorithmRSASignatureDigestPSSSHA256, + RSASignatureDigestPSSSHA384 => kSecKeyAlgorithmRSASignatureDigestPSSSHA384, + RSASignatureDigestPSSSHA512 => kSecKeyAlgorithmRSASignatureDigestPSSSHA512, + + RSASignatureMessagePSSSHA1 => kSecKeyAlgorithmRSASignatureMessagePSSSHA1, + RSASignatureMessagePSSSHA224 => kSecKeyAlgorithmRSASignatureMessagePSSSHA224, + RSASignatureMessagePSSSHA256 => kSecKeyAlgorithmRSASignatureMessagePSSSHA256, + RSASignatureMessagePSSSHA384 => kSecKeyAlgorithmRSASignatureMessagePSSSHA384, + RSASignatureMessagePSSSHA512 => kSecKeyAlgorithmRSASignatureMessagePSSSHA512 +} diff --git a/vendor/security-framework-sys/src/keychain.rs b/vendor/security-framework-sys/src/keychain.rs new file mode 100644 index 000000000..1413e3aa7 --- /dev/null +++ b/vendor/security-framework-sys/src/keychain.rs @@ -0,0 +1,194 @@ +#[cfg(target_os = "macos")] +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::{Boolean, CFTypeID, OSStatus}; +use std::os::raw::{c_char, c_uint, c_void}; + +#[cfg(target_os = "macos")] +use crate::base::SecKeychainItemRef; +use crate::base::{SecAccessRef, SecKeychainRef}; + +pub const SEC_KEYCHAIN_SETTINGS_VERS1: c_uint = 1; + +#[repr(C)] +pub struct SecKeychainSettings { + pub version: c_uint, + pub lockOnSleep: Boolean, + pub useLockInterval: Boolean, + pub lockInterval: c_uint, +} + +/// Like Apple's headers, it assumes Little Endian, +/// as there are no supported Big Endian machines any more :( +macro_rules! char_lit { + ($e:expr) => { + ($e[3] as u32) + (($e[2] as u32) << 8) + (($e[1] as u32) << 16) + (($e[0] as u32) << 24) + }; +} + +macro_rules! char_lit_swapped { + ($e:expr) => { + ($e[0] as u32) + (($e[1] as u32) << 8) + (($e[2] as u32) << 16) + (($e[3] as u32) << 24) + }; +} + +#[repr(u32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +#[allow(clippy::upper_case_acronyms)] +pub enum SecProtocolType { + FTP = char_lit!(b"ftp "), + FTPAccount = char_lit!(b"ftpa"), + HTTP = char_lit!(b"http"), + IRC = char_lit!(b"irc "), + NNTP = char_lit!(b"nntp"), + POP3 = char_lit!(b"pop3"), + SMTP = char_lit!(b"smtp"), + SOCKS = char_lit!(b"sox "), + IMAP = char_lit!(b"imap"), + LDAP = char_lit!(b"ldap"), + AppleTalk = char_lit!(b"atlk"), + AFP = char_lit!(b"afp "), + Telnet = char_lit!(b"teln"), + SSH = char_lit!(b"ssh "), + FTPS = char_lit!(b"ftps"), + HTTPS = char_lit!(b"htps"), + HTTPProxy = char_lit!(b"htpx"), + HTTPSProxy = char_lit!(b"htsx"), + FTPProxy = char_lit!(b"ftpx"), + CIFS = char_lit!(b"cifs"), + SMB = char_lit!(b"smb "), + RTSP = char_lit!(b"rtsp"), + RTSPProxy = char_lit!(b"rtsx"), + DAAP = char_lit!(b"daap"), + EPPC = char_lit!(b"eppc"), + IPP = char_lit!(b"ipp "), + NNTPS = char_lit!(b"ntps"), + LDAPS = char_lit!(b"ldps"), + TelnetS = char_lit!(b"tels"), + IMAPS = char_lit!(b"imps"), + IRCS = char_lit!(b"ircs"), + POP3S = char_lit!(b"pops"), + CVSpserver = char_lit!(b"cvsp"), + SVN = char_lit!(b"svn "), + Any = 0, +} + +#[repr(u32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +#[allow(clippy::upper_case_acronyms)] +pub enum SecAuthenticationType { + // [sic] Apple has got two related enums each with a different endianness! + NTLM = char_lit_swapped!(b"ntlm"), + MSN = char_lit_swapped!(b"msna"), + DPA = char_lit_swapped!(b"dpaa"), + RPA = char_lit_swapped!(b"rpaa"), + HTTPBasic = char_lit_swapped!(b"http"), + HTTPDigest = char_lit_swapped!(b"httd"), + HTMLForm = char_lit_swapped!(b"form"), + Default = char_lit_swapped!(b"dflt"), + Any = 0, +} + +#[repr(i32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +pub enum SecPreferencesDomain { + User = 0, + System = 1, + Common = 2, + Dynamic = 3, +} + +extern "C" { + pub fn SecKeychainGetTypeID() -> CFTypeID; + pub fn SecKeychainCopyDefault(keychain: *mut SecKeychainRef) -> OSStatus; + pub fn SecKeychainCopyDomainDefault( + domain: SecPreferencesDomain, + keychain: *mut SecKeychainRef, + ) -> OSStatus; + pub fn SecKeychainCreate( + pathName: *const c_char, + passwordLength: c_uint, + password: *const c_void, + promptUser: Boolean, + initialAccess: SecAccessRef, + keychain: *mut SecKeychainRef, + ) -> OSStatus; + pub fn SecKeychainOpen(pathName: *const c_char, keychain: *mut SecKeychainRef) -> OSStatus; + pub fn SecKeychainUnlock( + keychain: SecKeychainRef, + passwordLength: c_uint, + password: *const c_void, + usePassword: Boolean, + ) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SecKeychainFindGenericPassword( + keychainOrArray: CFTypeRef, + serviceNameLength: u32, + serviceName: *const c_char, + accountNameLength: u32, + accountName: *const c_char, + passwordLength: *mut u32, + passwordData: *mut *mut c_void, + itemRef: *mut SecKeychainItemRef, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainFindInternetPassword( + keychainOrArray: CFTypeRef, + serverNameLength: u32, + serverName: *const c_char, + securityDomainLength: u32, + securityDomain: *const c_char, + accountNameLength: u32, + accountName: *const c_char, + pathLength: u32, + path: *const c_char, + port: u16, + protocol: SecProtocolType, + authenticationType: SecAuthenticationType, + passwordLength: *mut u32, + passwordData: *mut *mut c_void, + itemRef: *mut SecKeychainItemRef, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainAddGenericPassword( + keychain: SecKeychainRef, + serviceNameLength: u32, + serviceName: *const c_char, + accountNameLength: u32, + accountName: *const c_char, + passwordLength: u32, + passwordData: *const c_void, + itemRef: *mut SecKeychainItemRef, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainAddInternetPassword( + keychain: SecKeychainRef, + serverNameLength: u32, + serverName: *const c_char, + securityDomainLength: u32, + securityDomain: *const c_char, + accountNameLength: u32, + accountName: *const c_char, + pathLength: u32, + path: *const c_char, + port: u16, + protocol: SecProtocolType, + authenticationType: SecAuthenticationType, + passwordLength: u32, + passwordData: *const c_void, + itemRef: *mut SecKeychainItemRef, + ) -> OSStatus; + + pub fn SecKeychainSetSettings( + keychain: SecKeychainRef, + newSettings: *const SecKeychainSettings, + ) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainGetUserInteractionAllowed(state: *mut Boolean) -> OSStatus; + + #[cfg(target_os = "macos")] + pub fn SecKeychainSetUserInteractionAllowed(state: Boolean) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/keychain_item.rs b/vendor/security-framework-sys/src/keychain_item.rs new file mode 100644 index 000000000..9b41f1005 --- /dev/null +++ b/vendor/security-framework-sys/src/keychain_item.rs @@ -0,0 +1,37 @@ +use crate::base::{SecKeychainAttributeList, SecKeychainItemRef}; +use core_foundation_sys::base::{CFTypeID, CFTypeRef, OSStatus}; +use core_foundation_sys::dictionary::CFDictionaryRef; +use std::os::raw::c_void; + +extern "C" { + + /// Returns the unique identifier of the opaque type to which a keychain item object belongs. + pub fn SecKeychainItemGetTypeID() -> CFTypeID; + + /// Adds one or more items to a keychain. + pub fn SecItemAdd(attributes: CFDictionaryRef, result: *mut CFTypeRef) -> OSStatus; + + /// Returns one or more keychain items that match a search query, or copies attributes of specific keychain items. + pub fn SecItemCopyMatching(query: CFDictionaryRef, result: *mut CFTypeRef) -> OSStatus; + + /// Modifies items that match a search query. + pub fn SecItemUpdate(query: CFDictionaryRef, attributesToUpdate: CFDictionaryRef) -> OSStatus; + + /// Deletes items that match a search query. + pub fn SecItemDelete(query: CFDictionaryRef) -> OSStatus; + + /// # Legacy API + pub fn SecKeychainItemModifyAttributesAndData( + itemRef: SecKeychainItemRef, + attrList: *const SecKeychainAttributeList, + length: u32, + data: *const c_void, + ) -> OSStatus; + + pub fn SecKeychainItemFreeContent( + attrList: *mut SecKeychainAttributeList, + data: *mut c_void, + ) -> OSStatus; + + pub fn SecKeychainItemDelete(itemRef: SecKeychainItemRef) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/lib.rs b/vendor/security-framework-sys/src/lib.rs new file mode 100644 index 000000000..4302889b5 --- /dev/null +++ b/vendor/security-framework-sys/src/lib.rs @@ -0,0 +1,39 @@ +#![allow(bad_style)] + +#[cfg_attr( + any(target_os = "macos", target_os = "ios"), + link(name = "Security", kind = "framework") +)] +extern "C" {} + +#[cfg(target_os = "macos")] +pub mod access; +pub mod access_control; +#[cfg(target_os = "macos")] +pub mod authorization; +pub mod base; +#[cfg(any(target_os = "macos", target_os = "ios"))] +pub mod certificate; +#[cfg(target_os = "macos")] +pub mod certificate_oids; +pub mod cipher_suite; +#[cfg(target_os = "macos")] +pub mod code_signing; +#[cfg(target_os = "macos")] +pub mod digest_transform; +#[cfg(target_os = "macos")] +pub mod encrypt_transform; +pub mod identity; +pub mod import_export; +pub mod item; +pub mod key; +pub mod keychain; +pub mod keychain_item; +pub mod policy; +pub mod random; +pub mod secure_transport; +#[cfg(target_os = "macos")] +pub mod transform; +pub mod trust; +#[cfg(target_os = "macos")] +pub mod trust_settings; diff --git a/vendor/security-framework-sys/src/policy.rs b/vendor/security-framework-sys/src/policy.rs new file mode 100644 index 000000000..c7d0eecc0 --- /dev/null +++ b/vendor/security-framework-sys/src/policy.rs @@ -0,0 +1,29 @@ +#[cfg(any(feature = "OSX_10_9", target_os = "ios"))] +use core_foundation_sys::base::CFOptionFlags; +use core_foundation_sys::base::{Boolean, CFTypeID}; +use core_foundation_sys::string::CFStringRef; + +use crate::base::SecPolicyRef; + +#[cfg(any(feature = "OSX_10_9", target_os = "ios"))] +mod revocation_flags { + use super::CFOptionFlags; + + pub const kSecRevocationOCSPMethod: CFOptionFlags = 1 << 0; + pub const kSecRevocationCRLMethod: CFOptionFlags = 1 << 1; + pub const kSecRevocationPreferCRL: CFOptionFlags = 1 << 2; + pub const kSecRevocationRequirePositiveResponse: CFOptionFlags = 1 << 3; + pub const kSecRevocationNetworkAccessDisabled: CFOptionFlags = 1 << 4; + pub const kSecRevocationUseAnyAvailableMethod: CFOptionFlags = kSecRevocationOCSPMethod | kSecRevocationCRLMethod; +} + +#[cfg(any(feature = "OSX_10_9", target_os = "ios"))] +pub use revocation_flags::*; + +extern "C" { + pub fn SecPolicyCreateSSL(server: Boolean, hostname: CFStringRef) -> SecPolicyRef; + #[cfg(any(feature = "OSX_10_9", target_os = "ios"))] + pub fn SecPolicyCreateRevocation(revocationFlags: CFOptionFlags) -> SecPolicyRef; + pub fn SecPolicyGetTypeID() -> CFTypeID; + pub fn SecPolicyCreateBasicX509() -> SecPolicyRef; +} diff --git a/vendor/security-framework-sys/src/random.rs b/vendor/security-framework-sys/src/random.rs new file mode 100644 index 000000000..6ec9c9858 --- /dev/null +++ b/vendor/security-framework-sys/src/random.rs @@ -0,0 +1,10 @@ +use std::os::raw::{c_int, c_void}; + +pub enum __SecRandom {} +pub type SecRandomRef = *const __SecRandom; + +extern "C" { + pub static kSecRandomDefault: SecRandomRef; + + pub fn SecRandomCopyBytes(rnd: SecRandomRef, count: usize, bytes: *mut c_void) -> c_int; +} diff --git a/vendor/security-framework-sys/src/secure_transport.rs b/vendor/security-framework-sys/src/secure_transport.rs new file mode 100644 index 000000000..40ca04766 --- /dev/null +++ b/vendor/security-framework-sys/src/secure_transport.rs @@ -0,0 +1,275 @@ +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::CFAllocatorRef; +#[cfg(target_os = "macos")] +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::{Boolean, OSStatus}; +use std::os::raw::{c_char, c_int, c_void}; + +use crate::cipher_suite::SSLCipherSuite; +use crate::trust::SecTrustRef; + +pub enum SSLContext {} +pub type SSLContextRef = *mut SSLContext; + +pub type SSLConnectionRef = *const c_void; + +pub type SSLProtocol = c_int; +pub const kSSLProtocolUnknown: SSLProtocol = 0; +pub const kSSLProtocol3: SSLProtocol = 2; +pub const kTLSProtocol1: SSLProtocol = 4; +pub const kTLSProtocol11: SSLProtocol = 7; +pub const kTLSProtocol12: SSLProtocol = 8; +pub const kDTLSProtocol1: SSLProtocol = 9; +pub const kTLSProtocol13: SSLProtocol = 10; +pub const kSSLProtocol2: SSLProtocol = 1; +pub const kSSLProtocol3Only: SSLProtocol = 3; +pub const kTLSProtocol1Only: SSLProtocol = 5; +pub const kSSLProtocolAll: SSLProtocol = 6; + +pub type SSLSessionOption = c_int; +pub const kSSLSessionOptionBreakOnServerAuth: SSLSessionOption = 0; +pub const kSSLSessionOptionBreakOnCertRequested: SSLSessionOption = 1; +pub const kSSLSessionOptionBreakOnClientAuth: SSLSessionOption = 2; +#[cfg(any(feature = "OSX_10_9", target_os = "ios"))] +pub const kSSLSessionOptionFalseStart: SSLSessionOption = 3; +#[cfg(any(feature = "OSX_10_9", target_os = "ios"))] +pub const kSSLSessionOptionSendOneByteRecord: SSLSessionOption = 4; +#[cfg(all(feature = "OSX_10_11", not(target_os = "ios")))] +pub const kSSLSessionOptionAllowServerIdentityChange: SSLSessionOption = 5; +#[cfg(all(feature = "OSX_10_10", not(target_os = "ios")))] +pub const kSSLSessionOptionFallback: SSLSessionOption = 6; +#[cfg(all(feature = "OSX_10_11", not(target_os = "ios")))] +pub const kSSLSessionOptionBreakOnClientHello: SSLSessionOption = 7; + +pub type SSLSessionState = c_int; +pub const kSSLIdle: SSLSessionState = 0; +pub const kSSLHandshake: SSLSessionState = 1; +pub const kSSLConnected: SSLSessionState = 2; +pub const kSSLClosed: SSLSessionState = 3; +pub const kSSLAborted: SSLSessionState = 4; + +pub type SSLReadFunc = unsafe extern "C" fn( + connection: SSLConnectionRef, + data: *mut c_void, + dataLength: *mut usize, +) -> OSStatus; + +pub type SSLWriteFunc = unsafe extern "C" fn( + connection: SSLConnectionRef, + data: *const c_void, + dataLength: *mut usize, +) -> OSStatus; + +pub type SSLProtocolSide = c_int; +pub const kSSLServerSide: SSLProtocolSide = 0; +pub const kSSLClientSide: SSLProtocolSide = 1; + +pub type SSLConnectionType = c_int; +pub const kSSLStreamType: SSLConnectionType = 0; +pub const kSSLDatagramType: SSLConnectionType = 1; + +pub const errSSLProtocol: OSStatus = -9800; +pub const errSSLNegotiation: OSStatus = -9801; +pub const errSSLFatalAlert: OSStatus = -9802; +pub const errSSLWouldBlock: OSStatus = -9803; +pub const errSSLSessionNotFound: OSStatus = -9804; +pub const errSSLClosedGraceful: OSStatus = -9805; +pub const errSSLClosedAbort: OSStatus = -9806; +pub const errSSLXCertChainInvalid: OSStatus = -9807; +pub const errSSLBadCert: OSStatus = -9808; +pub const errSSLCrypto: OSStatus = -9809; +pub const errSSLInternal: OSStatus = -9810; +pub const errSSLModuleAttach: OSStatus = -9811; +pub const errSSLUnknownRootCert: OSStatus = -9812; +pub const errSSLNoRootCert: OSStatus = -9813; +pub const errSSLCertExpired: OSStatus = -9814; +pub const errSSLCertNotYetValid: OSStatus = -9815; +pub const errSSLClosedNoNotify: OSStatus = -9816; +pub const errSSLBufferOverflow: OSStatus = -9817; +pub const errSSLBadCipherSuite: OSStatus = -9818; +pub const errSSLPeerUnexpectedMsg: OSStatus = -9819; +pub const errSSLPeerBadRecordMac: OSStatus = -9820; +pub const errSSLPeerDecryptionFail: OSStatus = -9821; +pub const errSSLPeerRecordOverflow: OSStatus = -9822; +pub const errSSLPeerDecompressFail: OSStatus = -9823; +pub const errSSLPeerHandshakeFail: OSStatus = -9824; +pub const errSSLPeerBadCert: OSStatus = -9825; +pub const errSSLPeerUnsupportedCert: OSStatus = -9826; +pub const errSSLPeerCertRevoked: OSStatus = -9827; +pub const errSSLPeerCertExpired: OSStatus = -9828; +pub const errSSLPeerCertUnknown: OSStatus = -9829; +pub const errSSLIllegalParam: OSStatus = -9830; +pub const errSSLPeerUnknownCA: OSStatus = -9831; +pub const errSSLPeerAccessDenied: OSStatus = -9832; +pub const errSSLPeerDecodeError: OSStatus = -9833; +pub const errSSLPeerDecryptError: OSStatus = -9834; +pub const errSSLPeerExportRestriction: OSStatus = -9835; +pub const errSSLPeerProtocolVersion: OSStatus = -9836; +pub const errSSLPeerInsufficientSecurity: OSStatus = -9837; +pub const errSSLPeerInternalError: OSStatus = -9838; +pub const errSSLPeerUserCancelled: OSStatus = -9839; +pub const errSSLPeerNoRenegotiation: OSStatus = -9840; +pub const errSSLPeerAuthCompleted: OSStatus = -9841; +pub const errSSLClientCertRequested: OSStatus = -9842; +pub const errSSLHostNameMismatch: OSStatus = -9843; +pub const errSSLConnectionRefused: OSStatus = -9844; +pub const errSSLDecryptionFail: OSStatus = -9845; +pub const errSSLBadRecordMac: OSStatus = -9846; +pub const errSSLRecordOverflow: OSStatus = -9847; +pub const errSSLBadConfiguration: OSStatus = -9848; +pub const errSSLClientHelloReceived: OSStatus = -9851; + +pub type SSLAuthenticate = c_int; +pub const kNeverAuthenticate: SSLAuthenticate = 0; +pub const kAlwaysAuthenticate: SSLAuthenticate = 1; +pub const kTryAuthenticate: SSLAuthenticate = 2; + +pub type SSLClientCertificateState = c_int; +pub const kSSLClientCertNone: SSLClientCertificateState = 0; +pub const kSSLClientCertRequested: SSLClientCertificateState = 1; +pub const kSSLClientCertSent: SSLClientCertificateState = 2; +pub const kSSLClientCertRejected: SSLClientCertificateState = 3; + +extern "C" { + pub fn SSLContextGetTypeID() -> ::core_foundation_sys::base::CFTypeID; + pub fn SSLCreateContext( + alloc: CFAllocatorRef, + protocolSide: SSLProtocolSide, + connectionType: SSLConnectionType, + ) -> SSLContextRef; + #[cfg(target_os = "macos")] + pub fn SSLNewContext(isServer: Boolean, contextPtr: *mut SSLContextRef) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLDisposeContext(context: SSLContextRef) -> OSStatus; + pub fn SSLSetConnection(context: SSLContextRef, connection: SSLConnectionRef) -> OSStatus; + pub fn SSLGetConnection(context: SSLContextRef, connection: *mut SSLConnectionRef) -> OSStatus; + pub fn SSLSetIOFuncs( + context: SSLContextRef, + read: SSLReadFunc, + write: SSLWriteFunc, + ) -> OSStatus; + pub fn SSLHandshake(context: SSLContextRef) -> OSStatus; + pub fn SSLClose(context: SSLContextRef) -> OSStatus; + pub fn SSLRead( + context: SSLContextRef, + data: *mut c_void, + dataLen: usize, + processed: *mut usize, + ) -> OSStatus; + pub fn SSLWrite( + context: SSLContextRef, + data: *const c_void, + dataLen: usize, + processed: *mut usize, + ) -> OSStatus; + pub fn SSLSetPeerDomainName( + context: SSLContextRef, + peerName: *const c_char, + peerNameLen: usize, + ) -> OSStatus; + pub fn SSLGetPeerDomainNameLength(context: SSLContextRef, peerNameLen: *mut usize) -> OSStatus; + pub fn SSLGetPeerDomainName( + context: SSLContextRef, + peerName: *mut c_char, + peerNameLen: *mut usize, + ) -> OSStatus; + pub fn SSLSetCertificate(context: SSLContextRef, certRefs: CFArrayRef) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLSetCertificateAuthorities( + context: SSLContextRef, + certificateOrArray: CFTypeRef, + replaceExisting: Boolean, + ) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLCopyCertificateAuthorities( + context: SSLContextRef, + certificates: *mut CFArrayRef, + ) -> OSStatus; + pub fn SSLSetSessionOption( + context: SSLContextRef, + option: SSLSessionOption, + value: Boolean, + ) -> OSStatus; + pub fn SSLGetSessionOption( + context: SSLContextRef, + option: SSLSessionOption, + value: *mut Boolean, + ) -> OSStatus; + pub fn SSLCopyPeerTrust(context: SSLContextRef, trust: *mut SecTrustRef) -> OSStatus; + pub fn SSLGetSessionState(context: SSLContextRef, state: *mut SSLSessionState) -> OSStatus; + pub fn SSLGetSupportedCiphers( + context: SSLContextRef, + ciphers: *mut SSLCipherSuite, + numCiphers: *mut usize, + ) -> OSStatus; + pub fn SSLGetNumberSupportedCiphers( + context: SSLContextRef, + numCiphers: *mut usize, + ) -> OSStatus; + pub fn SSLGetEnabledCiphers( + context: SSLContextRef, + ciphers: *mut SSLCipherSuite, + numCiphers: *mut usize, + ) -> OSStatus; + pub fn SSLGetNumberEnabledCiphers(context: SSLContextRef, numCiphers: *mut usize) -> OSStatus; + pub fn SSLSetEnabledCiphers( + context: SSLContextRef, + ciphers: *const SSLCipherSuite, + numCiphers: usize, + ) -> OSStatus; + pub fn SSLGetNegotiatedCipher(context: SSLContextRef, cipher: *mut SSLCipherSuite) -> OSStatus; + pub fn SSLSetClientSideAuthenticate(context: SSLContextRef, auth: SSLAuthenticate) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLSetDiffieHellmanParams( + context: SSLContextRef, + dhParams: *const c_void, + dhParamsLen: usize, + ) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLGetDiffieHellmanParams( + context: SSLContextRef, + dhParams: *mut *const c_void, + dhParamsLen: *mut usize, + ) -> OSStatus; + pub fn SSLSetPeerID( + context: SSLContextRef, + peerID: *const c_void, + peerIDLen: usize, + ) -> OSStatus; + pub fn SSLGetPeerID( + context: SSLContextRef, + peerID: *mut *const c_void, + peerIDLen: *mut usize, + ) -> OSStatus; + pub fn SSLGetBufferedReadSize(context: SSLContextRef, bufSize: *mut usize) -> OSStatus; + pub fn SSLGetClientCertificateState( + context: SSLContextRef, + clientState: *mut SSLClientCertificateState, + ) -> OSStatus; + pub fn SSLGetNegotiatedProtocolVersion( + context: SSLContextRef, + protocol: *mut SSLProtocol, + ) -> OSStatus; + pub fn SSLGetProtocolVersionMax( + context: SSLContextRef, + maxVersion: *mut SSLProtocol, + ) -> OSStatus; + pub fn SSLGetProtocolVersionMin( + context: SSLContextRef, + minVersion: *mut SSLProtocol, + ) -> OSStatus; + pub fn SSLSetProtocolVersionMax(context: SSLContextRef, maxVersion: SSLProtocol) -> OSStatus; + pub fn SSLSetProtocolVersionMin(context: SSLContextRef, minVersion: SSLProtocol) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SSLSetProtocolVersionEnabled( + context: SSLContextRef, + protocol: SSLProtocol, + enable: Boolean, + ) -> OSStatus; + #[cfg(feature = "OSX_10_13")] + pub fn SSLSetALPNProtocols(context: SSLContextRef, protocols: CFArrayRef) -> OSStatus; + #[cfg(feature = "OSX_10_13")] + pub fn SSLCopyALPNProtocols(context: SSLContextRef, protocols: *mut CFArrayRef) -> OSStatus; + #[cfg(feature = "OSX_10_13")] + pub fn SSLSetSessionTicketsEnabled(context: SSLContextRef, enabled: Boolean) -> OSStatus; +} diff --git a/vendor/security-framework-sys/src/transform.rs b/vendor/security-framework-sys/src/transform.rs new file mode 100644 index 000000000..a4a14f849 --- /dev/null +++ b/vendor/security-framework-sys/src/transform.rs @@ -0,0 +1,23 @@ +use core_foundation_sys::base::{Boolean, CFTypeID, CFTypeRef}; +use core_foundation_sys::error::CFErrorRef; +use core_foundation_sys::string::CFStringRef; + +pub type SecTransformRef = CFTypeRef; + +extern "C" { + pub static kSecTransformInputAttributeName: CFStringRef; + + pub fn SecTransformGetTypeID() -> CFTypeID; + + pub fn SecTransformSetAttribute( + transformRef: SecTransformRef, + key: CFStringRef, + value: CFTypeRef, + error: *mut CFErrorRef, + ) -> Boolean; + + pub fn SecTransformExecute( + transformRef: SecTransformRef, + errorRef: *mut CFErrorRef, + ) -> CFTypeRef; +} diff --git a/vendor/security-framework-sys/src/trust.rs b/vendor/security-framework-sys/src/trust.rs new file mode 100644 index 000000000..269705217 --- /dev/null +++ b/vendor/security-framework-sys/src/trust.rs @@ -0,0 +1,80 @@ +use crate::base::SecCertificateRef; +use crate::base::SecKeyRef; +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::{Boolean, CFIndex, CFTypeID, CFTypeRef, OSStatus}; +use core_foundation_sys::date::CFDateRef; +#[cfg(any(feature = "OSX_10_13", target_os = "ios"))] +use core_foundation_sys::error::CFErrorRef; + +pub type SecTrustResultType = u32; + +pub const kSecTrustResultInvalid: SecTrustResultType = 0; +pub const kSecTrustResultProceed: SecTrustResultType = 1; +pub const kSecTrustResultDeny: SecTrustResultType = 3; +pub const kSecTrustResultUnspecified: SecTrustResultType = 4; +pub const kSecTrustResultRecoverableTrustFailure: SecTrustResultType = 5; +pub const kSecTrustResultFatalTrustFailure: SecTrustResultType = 6; +pub const kSecTrustResultOtherError: SecTrustResultType = 7; + +#[cfg(target_os = "macos")] +mod flags { + pub type SecTrustOptionFlags = u32; + + pub const kSecTrustOptionAllowExpired: SecTrustOptionFlags = 0x0000_0001; + pub const kSecTrustOptionLeafIsCA: SecTrustOptionFlags = 0x0000_0002; + pub const kSecTrustOptionFetchIssuerFromNet: SecTrustOptionFlags = 0x0000_0004; + pub const kSecTrustOptionAllowExpiredRoot: SecTrustOptionFlags = 0x0000_0008; + pub const kSecTrustOptionRequireRevPerCert: SecTrustOptionFlags = 0x0000_0010; + pub const kSecTrustOptionUseTrustSettings: SecTrustOptionFlags = 0x0000_0020; + pub const kSecTrustOptionImplicitAnchors: SecTrustOptionFlags = 0x0000_0040; +} + +#[cfg(target_os = "macos")] +pub use flags::*; + +pub enum __SecTrust {} + +pub type SecTrustRef = *mut __SecTrust; + +extern "C" { + pub fn SecTrustGetTypeID() -> CFTypeID; + pub fn SecTrustGetCertificateCount(trust: SecTrustRef) -> CFIndex; + #[deprecated(note = "deprecated by Apple")] + pub fn SecTrustGetCertificateAtIndex(trust: SecTrustRef, ix: CFIndex) -> SecCertificateRef; + pub fn SecTrustSetVerifyDate(trust: SecTrustRef, verifyDate: CFDateRef) -> OSStatus; + pub fn SecTrustSetAnchorCertificates( + trust: SecTrustRef, + anchorCertificates: CFArrayRef, + ) -> OSStatus; + pub fn SecTrustSetAnchorCertificatesOnly( + trust: SecTrustRef, + anchorCertificatesOnly: Boolean, + ) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SecTrustCopyAnchorCertificates(anchors: *mut CFArrayRef) -> OSStatus; + #[deprecated(note = "deprecated by Apple")] + pub fn SecTrustEvaluate(trust: SecTrustRef, result: *mut SecTrustResultType) -> OSStatus; + // it should have been OSX_10_14, but due to back-compat it can't rely on the newer feature flag + #[cfg(any(feature = "OSX_10_13", target_os = "ios"))] + pub fn SecTrustEvaluateWithError(trust: SecTrustRef, error: *mut CFErrorRef) -> bool; + pub fn SecTrustCreateWithCertificates( + certificates: CFTypeRef, + policies: CFTypeRef, + trust: *mut SecTrustRef, + ) -> OSStatus; + pub fn SecTrustSetPolicies(trust: SecTrustRef, policies: CFTypeRef) -> OSStatus; + #[cfg(target_os = "macos")] + pub fn SecTrustSetOptions(trust: SecTrustRef, options: SecTrustOptionFlags) -> OSStatus; + #[cfg(any(feature = "OSX_10_9", target_os = "ios"))] + pub fn SecTrustGetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: *mut Boolean) -> OSStatus; + #[cfg(any(feature = "OSX_10_9", target_os = "ios"))] + pub fn SecTrustSetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: Boolean) -> OSStatus; + #[cfg(any(feature = "OSX_10_9", target_os = "ios"))] + pub fn SecTrustSetOCSPResponse(trust: SecTrustRef, responseData: CFTypeRef) -> OSStatus; + #[cfg(any(feature = "OSX_10_14", target_os = "ios"))] + pub fn SecTrustSetSignedCertificateTimestamps( + trust: SecTrustRef, + sctArray: CFArrayRef, + ) -> OSStatus; + pub fn SecTrustCopyPublicKey(trust: SecTrustRef) -> SecKeyRef; +} diff --git a/vendor/security-framework-sys/src/trust_settings.rs b/vendor/security-framework-sys/src/trust_settings.rs new file mode 100644 index 000000000..fad20a18d --- /dev/null +++ b/vendor/security-framework-sys/src/trust_settings.rs @@ -0,0 +1,35 @@ +use crate::base::SecCertificateRef; +use core_foundation_sys::array::CFArrayRef; +use core_foundation_sys::base::CFTypeRef; +use core_foundation_sys::base::OSStatus; + +pub type SecTrustSettingsDomain = u32; + +pub const kSecTrustSettingsDomainUser: SecTrustSettingsDomain = 0; +pub const kSecTrustSettingsDomainAdmin: SecTrustSettingsDomain = 1; +pub const kSecTrustSettingsDomainSystem: SecTrustSettingsDomain = 2; + +pub type SecTrustSettingsResult = u32; + +pub const kSecTrustSettingsResultInvalid: SecTrustSettingsResult = 0; +pub const kSecTrustSettingsResultTrustRoot: SecTrustSettingsResult = 1; +pub const kSecTrustSettingsResultTrustAsRoot: SecTrustSettingsResult = 2; +pub const kSecTrustSettingsResultDeny: SecTrustSettingsResult = 3; +pub const kSecTrustSettingsResultUnspecified: SecTrustSettingsResult = 4; + +extern "C" { + pub fn SecTrustSettingsCopyCertificates( + domain: SecTrustSettingsDomain, + certsOut: *mut CFArrayRef, + ) -> OSStatus; + pub fn SecTrustSettingsCopyTrustSettings( + certificateRef: SecCertificateRef, + domain: SecTrustSettingsDomain, + trustSettings: *mut CFArrayRef, + ) -> OSStatus; + pub fn SecTrustSettingsSetTrustSettings( + certificateRef: SecCertificateRef, + domain: SecTrustSettingsDomain, + trustSettingsDictOrArray: CFTypeRef, + ) -> OSStatus; +} |