#ifndef SecProtocolPriv_h
#define SecProtocolPriv_h
#include <Security/SecProtocolOptions.h>
#include <Security/SecProtocolMetadata.h>
__BEGIN_DECLS
typedef struct sec_protocol_options_content {
SSLProtocol min_version;
SSLProtocol max_version;
void *ciphersuites;
void *application_protocols;
void *identity; char *server_name;
void *pre_shared_keys;
void *key_update_block; void *key_update_queue; void *challenge_block; void *challenge_queue; void *verify_block; void *verify_queue;
void *dh_params;
void *custom_extensions;
unsigned disable_sni : 1;
unsigned enable_fallback_attempt : 1;
unsigned enable_false_start : 1;
unsigned enable_tickets : 1;
unsigned enable_sct : 1;
unsigned enable_ocsp : 1;
unsigned enforce_ev : 1;
unsigned enable_resumption : 1;
unsigned enable_renegotiation : 1;
unsigned enable_early_data : 1;
unsigned peer_authentication_required : 1;
unsigned peer_authentication_override : 1;
} *sec_protocol_options_content_t;
typedef dispatch_data_t (*sec_protocol_metadata_exporter)(void * handle, size_t label_len, const char *label,
size_t context_len, const uint8_t *context, size_t exporter_len);
typedef struct sec_protocol_metadata_content {
void *peer_certificate_chain; void *peer_public_key;
const char *negotiated_protocol;
SSLProtocol negotiated_protocol_version;
SSLCipherSuite negotiated_ciphersuite;
void *supported_signature_algorithms; void *request_certificate_types; void *ocsp_response; void *distinguished_names;
void *exporter_context; sec_protocol_metadata_exporter exporter_function;
unsigned early_data_accepted : 1;
unsigned false_start_used : 1;
unsigned ticket_offered : 1;
unsigned ticket_received : 1;
unsigned session_resumed : 1;
unsigned session_renewed : 1;
unsigned __pad_bits : 2;
} *sec_protocol_metadata_content_t;
#ifndef SEC_OBJECT_IMPL
SEC_OBJECT_DECL(sec_array);
#endif // !SEC_OBJECT_IMPL
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
SEC_RETURNS_RETAINED sec_array_t
sec_array_create(void);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
void
sec_array_append(sec_array_t array, sec_object_t object);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
size_t
sec_array_get_count(sec_array_t array);
#ifdef __BLOCKS__
typedef bool (^sec_array_applier_t) (size_t index, sec_object_t object);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
bool
sec_array_apply(sec_array_t array, sec_array_applier_t applier);
#ifdef __BLOCKS__
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
typedef int (^sec_protocol_tls_ext_add_callback)(sec_protocol_metadata_t metadata, uint16_t extension_type,
const uint8_t **data, size_t *data_length, int *error);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
typedef void (^sec_protocol_tls_ext_free_callback)(sec_protocol_metadata_t metadata, uint16_t extension_type,
const uint8_t *data);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
typedef int (^sec_protocol_tls_ext_parse_callback)(sec_protocol_metadata_t metadata, uint16_t extension_type,
const uint8_t *data, size_t data_length,
int *error);
#endif // __BLOCKS__
#ifndef SEC_OBJECT_IMPL
SEC_OBJECT_DECL(sec_tls_extension);
#endif // !SEC_OBJECT_IMPL
#ifdef __BLOCKS__
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
uint16_t
sec_tls_extension_get_type(sec_tls_extension_t extension);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
SEC_RETURNS_RETAINED sec_protocol_tls_ext_add_callback
sec_tls_extension_copy_add_block(sec_tls_extension_t extension);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
SEC_RETURNS_RETAINED sec_protocol_tls_ext_parse_callback
sec_tls_extension_copy_parse_block(sec_tls_extension_t extension);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
SEC_RETURNS_RETAINED sec_protocol_tls_ext_free_callback
sec_tls_extension_copy_free_block(sec_tls_extension_t extension);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
sec_tls_extension_t
sec_tls_extension_create(uint16_t type, sec_protocol_tls_ext_add_callback add_block,
sec_protocol_tls_ext_parse_callback parse_block,
sec_protocol_tls_ext_free_callback free_block);
#endif // __BLOCKS__
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
void
sec_protocol_options_add_tls_extension(sec_protocol_options_t options, sec_tls_extension_t extension);
#endif // __BLOCKS__
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
void
sec_protocol_options_set_tls_early_data_enabled(sec_protocol_options_t options, bool early_data_enabled);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
void
sec_protocol_options_set_tls_sni_disabled(sec_protocol_options_t options, bool sni_disabled);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
void
sec_protocol_options_set_enforce_ev(sec_protocol_options_t options, bool enforce_ev);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
bool
sec_protocol_metadata_get_tls_false_start_used(sec_protocol_metadata_t metadata);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
bool
sec_protocol_metadata_get_ticket_offered(sec_protocol_metadata_t metadata);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
bool
sec_protocol_metadata_get_ticket_received(sec_protocol_metadata_t metadata);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
bool
sec_protocol_metadata_get_session_resumed(sec_protocol_metadata_t metadata);
API_AVAILABLE(macos(10.14), ios(12.0), watchos(5.0), tvos(12.0))
bool
sec_protocol_metadata_get_session_renewed(sec_protocol_metadata_t metadata);
__END_DECLS
#endif