Security-59306.11.20.tar.gz

[apple/security.git] / protocol / SecProtocolInternal.h
diff --git a/protocol/SecProtocolInternal.h b/protocol/SecProtocolInternal.h

new file mode 100644 (file)

index 0000000..97fd5c0
--- /dev/null
+++ b/protocol/SecProtocolInternal.h
@@ -0,0 +1,135 @@
+//
+//  SecProtocolInternal.h
+//  Security
+//
+
+#ifndef SecProtocolInternal_h
+#define SecProtocolInternal_h
+
+#include "SecProtocolPriv.h"
+
+#define kATSInfoKey "NSAppTransportSecurity"
+#define kAllowsArbitraryLoads "NSAllowsArbitraryLoads"
+#define kAllowsArbitraryLoadsForMedia "NSAllowsArbitraryLoadsForMedia"
+#define kAllowsArbitraryLoadsInWebContent "NSAllowsArbitraryLoadsInWebContent"
+#define kAllowsLocalNetworking "NSAllowsLocalNetworking"
+#define kExceptionDomains "NSExceptionDomains"
+#define kIncludesSubdomains "NSIncludesSubdomains"
+#define kExceptionAllowsInsecureHTTPLoads "NSExceptionAllowsInsecureHTTPLoads"
+#define kExceptionMinimumTLSVersion "NSExceptionMinimumTLSVersion"
+#define kExceptionRequiresForwardSecrecy "NSExceptionRequiresForwardSecrecy"
+
+#define CiphersuitesTLS13 \
+    TLS_AES_128_GCM_SHA256, \
+    TLS_AES_256_GCM_SHA384, \
+    TLS_CHACHA20_POLY1305_SHA256
+
+#define CiphersuitesPFS \
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, \
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, \
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, \
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, \
+    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, \
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, \
+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, \
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, \
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, \
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
+    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
+#define CiphersuitesNonPFS \
+    TLS_RSA_WITH_AES_256_GCM_SHA384, \
+    TLS_RSA_WITH_AES_128_GCM_SHA256, \
+    TLS_RSA_WITH_AES_256_CBC_SHA256, \
+    TLS_RSA_WITH_AES_128_CBC_SHA256, \
+    TLS_RSA_WITH_AES_256_CBC_SHA, \
+    TLS_RSA_WITH_AES_128_CBC_SHA
+
+#define CiphersuitesTLS10 \
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, \
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, \
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, \
+    TLS_RSA_WITH_AES_256_CBC_SHA, \
+    TLS_RSA_WITH_AES_128_CBC_SHA
+
+#define CiphersuitesTLS10_3DES \
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, \
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, \
+    SSL_RSA_WITH_3DES_EDE_CBC_SHA
+
+#define CiphersuitesDHE \
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
+    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+
+SEC_RETURNS_RETAINED sec_protocol_configuration_builder_t
+sec_protocol_configuration_builder_copy_default(void);
+
+CFDictionaryRef
+sec_protocol_configuration_builder_get_ats_dictionary(sec_protocol_configuration_builder_t builder);
+
+bool
+sec_protocol_configuration_builder_get_is_apple_bundle(sec_protocol_configuration_builder_t builder);
+
+SEC_RETURNS_RETAINED xpc_object_t
+sec_protocol_configuration_get_map(sec_protocol_configuration_t configuration);
+
+void
+sec_protocol_options_clear_tls_ciphersuites(sec_protocol_options_t options);
+
+void
+sec_protocol_options_set_ats_non_pfs_ciphersuite_allowed(sec_protocol_options_t options, bool ats_non_pfs_ciphersuite_allowed);
+
+void
+sec_protocol_options_set_ats_minimum_tls_version_allowed(sec_protocol_options_t options, bool ats_minimum_tls_version_allowed);
+
+void
+sec_protocol_options_set_ats_required(sec_protocol_options_t options, bool required);
+
+void
+sec_protocol_options_set_minimum_rsa_key_size(sec_protocol_options_t options, size_t minimum_key_size);
+
+void
+sec_protocol_options_set_minimum_ecdsa_key_size(sec_protocol_options_t options, size_t minimum_key_size);
+
+void
+sec_protocol_options_set_minimum_signature_algorithm(sec_protocol_options_t options, SecSignatureHashAlgorithm algorithm);
+
+void
+sec_protocol_options_set_trusted_peer_certificate(sec_protocol_options_t options, bool trusted_peer_certificate);
+
+void
+sec_protocol_configuration_populate_insecure_defaults(sec_protocol_configuration_t configuration);
+
+void
+sec_protocol_configuration_populate_secure_defaults(sec_protocol_configuration_t configuration);
+
+void
+sec_protocol_configuration_register_builtin_exceptions(sec_protocol_configuration_t configuration);
+
+bool
+sec_protocol_helper_ciphersuite_group_contains_ciphersuite(tls_ciphersuite_group_t group, tls_ciphersuite_t suite);
+
+tls_protocol_version_t
+sec_protocol_helper_ciphersuite_minimum_TLS_version(tls_ciphersuite_t ciphersuite);
+
+tls_protocol_version_t
+sec_protocol_helper_ciphersuite_maximum_TLS_version(tls_ciphersuite_t ciphersuite);
+
+const char *
+sec_protocol_helper_get_ciphersuite_name(tls_ciphersuite_t ciphersuite);
+
+const tls_key_exchange_group_t *
+sec_protocol_helper_tls_key_exchange_group_set_to_key_exchange_group_list(tls_key_exchange_group_set_t set, size_t *listSize);
+
+bool sec_protocol_helper_dispatch_data_equal(dispatch_data_t left, dispatch_data_t right);
+
+#endif /* SecProtocolInternal_h */