diff --git a/.cursorignore b/.cursorignore
index 95ea3e898..f8daacf9e 100644
--- a/.cursorignore
+++ b/.cursorignore
@@ -279,3 +279,4 @@ circuits/ptau/
**/*.d.ts
!**/types/*.d.ts
!**/src/types/*.d.ts
+!**/global.d.ts
diff --git a/.github/actions/yarn-install/action.yml b/.github/actions/yarn-install/action.yml
index 7d2ad3200..1ec7e4ea9 100644
--- a/.github/actions/yarn-install/action.yml
+++ b/.github/actions/yarn-install/action.yml
@@ -27,5 +27,9 @@ runs:
cache-dependency-path: yarn.lock
- name: Install dependencies
- shell: bash
- run: yarn install --immutable
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable
diff --git a/.github/workflows/mobile-ci.yml b/.github/workflows/mobile-ci.yml
index 42ff27885..5bc430d83 100644
--- a/.github/workflows/mobile-ci.yml
+++ b/.github/workflows/mobile-ci.yml
@@ -309,12 +309,14 @@ jobs:
bundle install --jobs 4 --retry 3
working-directory: ./app
- name: Install iOS Dependencies
- run: |
- echo "Installing iOS dependencies..."
- cd ios
- # Reuse the same guarded flow as local to ensure reproducibility
- bundle exec bash scripts/pod-install-with-cache-fix.sh
- working-directory: ./app
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 20
+ max_attempts: 3
+ retry_wait_seconds: 10
+ command: |
+ cd app/ios
+ bundle exec bash scripts/pod-install-with-cache-fix.sh
env:
SELFXYZ_INTERNAL_REPO_PAT: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
- name: Resolve iOS workspace
@@ -436,12 +438,19 @@ jobs:
with:
accept-android-sdk-licenses: true
- name: Cache NDK
+ id: ndk-cache
uses: actions/cache@v4
with:
path: ${{ env.ANDROID_HOME }}/ndk/${{ env.ANDROID_NDK_VERSION }}
key: ${{ runner.os }}-ndk-${{ env.ANDROID_NDK_VERSION }}
- name: Install NDK
- run: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"
+ if: steps.ndk-cache.outputs.cache-hit != 'true'
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 15
+ max_attempts: 3
+ retry_wait_seconds: 10
+ command: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"
- name: Install Mobile Dependencies
uses: ./.github/actions/yarn-install
- name: Cache Built Dependencies
diff --git a/.github/workflows/mobile-deploy.yml b/.github/workflows/mobile-deploy.yml
index f21b8782e..2b079aa38 100644
--- a/.github/workflows/mobile-deploy.yml
+++ b/.github/workflows/mobile-deploy.yml
@@ -1057,51 +1057,23 @@ jobs:
with:
accept-android-sdk-licenses: true
- - name: Install NDK and CMake
+ - name: Install NDK
if: inputs.platform != 'ios' && steps.ndk-cache.outputs.cache-hit != 'true'
- run: |
- max_attempts=5
- attempt=1
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 15
+ max_attempts: 5
+ retry_wait_seconds: 10
+ command: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"
- # Install NDK
- while [ $attempt -le $max_attempts ]; do
- echo "Attempt $attempt of $max_attempts to install NDK..."
- if sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"; then
- echo "Successfully installed NDK"
- break
- fi
- echo "Failed to install NDK on attempt $attempt"
- if [ $attempt -eq $max_attempts ]; then
- echo "All attempts to install NDK failed"
- exit 1
- fi
- # Exponential backoff: 2^attempt seconds
- wait_time=$((2 ** attempt))
- echo "Waiting $wait_time seconds before retrying..."
- sleep $wait_time
- attempt=$((attempt + 1))
- done
-
- # Install CMake (required for native module builds)
- echo "Installing CMake..."
- attempt=1
- while [ $attempt -le $max_attempts ]; do
- echo "Attempt $attempt of $max_attempts to install CMake..."
- if sdkmanager "cmake;3.22.1"; then
- echo "Successfully installed CMake"
- break
- fi
- echo "Failed to install CMake on attempt $attempt"
- if [ $attempt -eq $max_attempts ]; then
- echo "All attempts to install CMake failed"
- exit 1
- fi
- # Exponential backoff: 2^attempt seconds
- wait_time=$((2 ** attempt))
- echo "Waiting $wait_time seconds before retrying..."
- sleep $wait_time
- attempt=$((attempt + 1))
- done
+ - name: Install CMake
+ if: inputs.platform != 'ios' && steps.ndk-cache.outputs.cache-hit != 'true'
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 5
+ retry_wait_seconds: 10
+ command: sdkmanager "cmake;3.22.1"
- name: Set Gradle JVM options
if: inputs.platform != 'ios' # Apply to CI builds (not just ACT)
@@ -1284,6 +1256,8 @@ jobs:
VERSION="${{ needs.bump-version.outputs.version }}"
IOS_BUILD="${{ needs.bump-version.outputs.ios_build }}"
ANDROID_BUILD="${{ needs.bump-version.outputs.android_build }}"
+ IOS_SUCCESS="${{ needs.build-ios.result }}"
+ ANDROID_SUCCESS="${{ needs.build-android.result }}"
echo "π Applying version bump: $VERSION (iOS: $IOS_BUILD, Android: $ANDROID_BUILD)"
@@ -1296,12 +1270,25 @@ jobs:
console.log('β
Updated package.json');
"
- # Update version.json build numbers
+ # Update version.json build numbers and deployment timestamps
node -e "
const fs = require('fs');
const version = JSON.parse(fs.readFileSync('version.json', 'utf8'));
+ const timestamp = new Date().toISOString();
+
version.ios.build = $IOS_BUILD;
version.android.build = $ANDROID_BUILD;
+
+ // Update lastDeployed timestamp for successful builds
+ if ('$IOS_SUCCESS' === 'success') {
+ version.ios.lastDeployed = timestamp;
+ console.log('β
Updated iOS lastDeployed timestamp');
+ }
+ if ('$ANDROID_SUCCESS' === 'success') {
+ version.android.lastDeployed = timestamp;
+ console.log('β
Updated Android lastDeployed timestamp');
+ }
+
fs.writeFileSync('version.json', JSON.stringify(version, null, 2) + '\n');
console.log('β
Updated version.json');
"
@@ -1391,7 +1378,7 @@ jobs:
exit 0
fi
- git commit -m "chore: bump mobile app version to $VERSION"
+ git commit -m "chore: bump mobile app version to $VERSION" -m "Update build numbers and deployment timestamps after successful deployment."
# Create new branch from current HEAD (bump target branch with version bump)
git checkout -b ${BRANCH_NAME}
@@ -1414,6 +1401,10 @@ jobs:
**Build Branch:** ${{ github.ref_name }}
**Target Branch:** ${TARGET_BRANCH}
+ This PR updates:
+ - Build numbers for deployed platforms
+ - Deployment timestamps (\`lastDeployed\`) for successful builds
+
This PR was automatically created by the mobile deployment workflow." \
--label "automated"
diff --git a/.github/workflows/mobile-e2e.yml b/.github/workflows/mobile-e2e.yml
index fad79f285..73941d591 100644
--- a/.github/workflows/mobile-e2e.yml
+++ b/.github/workflows/mobile-e2e.yml
@@ -69,12 +69,22 @@ jobs:
run: echo "YARN_ENABLE_HARDENED_MODE=0" >> $GITHUB_ENV
- name: Install deps (internal PRs and protected branches)
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }}
- run: yarn install --immutable --silent
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable --silent
env:
SELFXYZ_INTERNAL_REPO_PAT: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
- name: Install deps (forked PRs - no secrets)
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }}
- run: yarn install --immutable --silent
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable --silent
- name: Validate Maestro test file
if: false # Skip for build-only test - keep logic for future E2E
run: |
@@ -106,7 +116,12 @@ jobs:
with:
accept-android-sdk-licenses: true
- name: Install NDK
- run: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 15
+ max_attempts: 3
+ retry_wait_seconds: 10
+ command: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"
- name: Build dependencies (outside emulator)
run: |
echo "Building dependencies..."
@@ -229,12 +244,22 @@ jobs:
run: echo "YARN_ENABLE_HARDENED_MODE=0" >> $GITHUB_ENV
- name: Install deps (internal PRs and protected branches)
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }}
- run: yarn install --immutable --silent
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable --silent
env:
SELFXYZ_INTERNAL_REPO_PAT: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
- name: Install deps (forked PRs - no secrets)
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }}
- run: yarn install --immutable --silent
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable --silent
- name: Validate Maestro test file
run: |
[ -f app/tests/e2e/launch.ios.flow.yaml ] || { echo "β iOS E2E test file missing"; exit 1; }
@@ -246,7 +271,12 @@ jobs:
key: ${{ runner.os }}-maestro-${{ env.MAESTRO_VERSION }}
- name: Install Maestro
if: steps.cache-maestro.outputs.cache-hit != 'true'
- run: curl -Ls "https://get.maestro.mobile.dev" | bash
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 5
+ max_attempts: 3
+ retry_wait_seconds: 10
+ command: curl -Ls "https://get.maestro.mobile.dev" | bash
- name: Add Maestro to path
run: echo "$HOME/.maestro/bin" >> "$GITHUB_PATH"
- name: Set up Xcode
@@ -304,11 +334,15 @@ jobs:
yarn workspace @selfxyz/mobile-app run build:deps || { echo "β Dependency build failed"; exit 1; }
echo "β
Dependencies built successfully"
- name: Install iOS dependencies
- run: |
- echo "Installing iOS dependencies..."
- cd app/ios
- echo "π¦ Installing pods via centralized scriptβ¦"
- BUNDLE_GEMFILE=../Gemfile bundle exec bash scripts/pod-install-with-cache-fix.sh || { echo "β Pod install failed"; exit 1; }
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 20
+ max_attempts: 3
+ retry_wait_seconds: 10
+ command: |
+ cd app/ios
+ echo "π¦ Installing pods via centralized scriptβ¦"
+ BUNDLE_GEMFILE=../Gemfile bundle exec bash scripts/pod-install-with-cache-fix.sh
env:
SELFXYZ_INTERNAL_REPO_PAT: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
- name: Setup iOS Simulator
diff --git a/.github/workflows/mobile-sdk-demo-e2e.yml b/.github/workflows/mobile-sdk-demo-e2e.yml
index d4a59b068..1a719fc2f 100644
--- a/.github/workflows/mobile-sdk-demo-e2e.yml
+++ b/.github/workflows/mobile-sdk-demo-e2e.yml
@@ -71,12 +71,22 @@ jobs:
run: echo "YARN_ENABLE_HARDENED_MODE=0" >> $GITHUB_ENV
- name: Install deps (internal PRs and protected branches)
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }}
- run: yarn install --immutable --silent
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable --silent
env:
SELFXYZ_INTERNAL_REPO_PAT: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
- name: Install deps (forked PRs - no secrets)
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }}
- run: yarn install --immutable --silent
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable --silent
- name: Validate Maestro test file
if: false # Skip for build-only test - keep logic for future E2E
run: |
@@ -108,7 +118,12 @@ jobs:
with:
accept-android-sdk-licenses: true
- name: Install NDK
- run: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 15
+ max_attempts: 3
+ retry_wait_seconds: 10
+ command: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"
- name: Enable KVM group perms
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
@@ -216,12 +231,22 @@ jobs:
run: echo "YARN_ENABLE_HARDENED_MODE=0" >> $GITHUB_ENV
- name: Install deps (internal PRs and protected branches)
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }}
- run: yarn install --immutable --silent
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable --silent
env:
SELFXYZ_INTERNAL_REPO_PAT: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
- name: Install deps (forked PRs - no secrets)
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }}
- run: yarn install --immutable --silent
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 10
+ max_attempts: 3
+ retry_wait_seconds: 5
+ command: yarn install --immutable --silent
- name: Validate Maestro test file
run: |
[ -f packages/mobile-sdk-demo/tests/e2e/launch.ios.flow.yaml ] || { echo "β iOS E2E test file missing"; exit 1; }
@@ -233,7 +258,12 @@ jobs:
key: ${{ runner.os }}-maestro-${{ env.MAESTRO_VERSION }}
- name: Install Maestro
if: steps.cache-maestro.outputs.cache-hit != 'true'
- run: curl -Ls "https://get.maestro.mobile.dev" | bash
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 5
+ max_attempts: 3
+ retry_wait_seconds: 10
+ command: curl -Ls "https://get.maestro.mobile.dev" | bash
- name: Add Maestro to path
run: echo "$HOME/.maestro/bin" >> "$GITHUB_PATH"
- name: Set up Xcode
@@ -284,17 +314,21 @@ jobs:
yarn workspace mobile-sdk-demo run prebuild || { echo "β Dependency build failed"; exit 1; }
echo "β
Dependencies built successfully"
- name: Install iOS dependencies
+ uses: nick-fields/retry@v3
+ with:
+ timeout_minutes: 20
+ max_attempts: 3
+ retry_wait_seconds: 10
+ command: |
+ if [ -n "${SELFXYZ_INTERNAL_REPO_PAT}" ]; then
+ echo "π Using SELFXYZ_INTERNAL_REPO_PAT for private pod access"
+ echo "::add-mask::${SELFXYZ_INTERNAL_REPO_PAT}"
+ fi
+ cd packages/mobile-sdk-demo/ios
+ pod install
env:
SELFXYZ_INTERNAL_REPO_PAT: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
GIT_TERMINAL_PROMPT: 0
- run: |
- echo "Installing iOS dependencies..."
- if [ -n "${SELFXYZ_INTERNAL_REPO_PAT}" ]; then
- echo "π Using SELFXYZ_INTERNAL_REPO_PAT for private pod access"
- echo "::add-mask::${SELFXYZ_INTERNAL_REPO_PAT}"
- fi
- cd packages/mobile-sdk-demo/ios
- pod install
- name: Setup iOS Simulator
run: |
echo "Setting up iOS Simulator..."
diff --git a/.github/workflows/release-calendar.yml b/.github/workflows/release-calendar.yml
index bc36d0c1d..67638d1e7 100644
--- a/.github/workflows/release-calendar.yml
+++ b/.github/workflows/release-calendar.yml
@@ -37,15 +37,14 @@ on:
# Sunday 17:00 UTC (same times as above) to prepare the production release PR.
- cron: "0 17 * * 0"
-permissions:
- contents: write
- pull-requests: write
- issues: write
-
jobs:
release_to_staging:
name: Create dev to staging release PR
runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ pull-requests: write
+ issues: write
steps:
- name: Guard Friday schedule
id: guard_schedule
@@ -86,7 +85,7 @@ jobs:
if: ${{ steps.guard_schedule.outputs.continue == 'true' }}
id: check_dev_staging
env:
- GH_TOKEN: ${{ github.token }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
set -euo pipefail
@@ -113,18 +112,14 @@ jobs:
- name: Ensure release labels exist
if: ${{ steps.guard_schedule.outputs.continue == 'true' && steps.check_dev_staging.outputs.existing_pr == '' }}
env:
- GH_TOKEN: ${{ github.token }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
set -euo pipefail
for LABEL in release automated staging; do
- if ! gh label list --json name --jq '.[].name' | grep -q "^${LABEL}$"; then
- echo "Creating missing label: ${LABEL}"
- gh label create "${LABEL}" --color BFD4F2
- else
- echo "Label ${LABEL} already exists."
- fi
+ echo "Ensuring label exists: ${LABEL}"
+ gh label create "${LABEL}" --color BFD4F2 --force || true
done
- name: Create release branch from dev
@@ -137,13 +132,31 @@ jobs:
echo "Creating release branch ${BRANCH_NAME} from dev"
git fetch origin dev
- git checkout -b "${BRANCH_NAME}" origin/dev
- git push origin "${BRANCH_NAME}"
+
+ # Check if branch already exists locally
+ if git show-ref --verify --quiet refs/heads/"${BRANCH_NAME}"; then
+ echo "Branch ${BRANCH_NAME} already exists locally, checking out..."
+ git checkout "${BRANCH_NAME}"
+ else
+ git checkout -b "${BRANCH_NAME}" origin/dev
+ fi
+
+ # Check if branch already exists on remote
+ if git ls-remote --heads origin "${BRANCH_NAME}" | grep -q "${BRANCH_NAME}"; then
+ echo "Branch ${BRANCH_NAME} already exists on remote. Skipping push."
+ else
+ echo "Pushing branch ${BRANCH_NAME} to remote..."
+ if ! git push origin "${BRANCH_NAME}"; then
+ echo "β ERROR: Failed to push branch ${BRANCH_NAME} to remote"
+ exit 1
+ fi
+ echo "β Successfully pushed branch ${BRANCH_NAME}"
+ fi
- name: Create dev to staging release PR
if: ${{ steps.guard_schedule.outputs.continue == 'true' && steps.check_dev_staging.outputs.existing_pr == '' }}
env:
- GH_TOKEN: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_DATE: ${{ steps.check_dev_staging.outputs.date }}
BRANCH_NAME: ${{ steps.check_dev_staging.outputs.branch_name }}
shell: bash
@@ -190,18 +203,27 @@ jobs:
TITLE="Release to Staging - ${PR_DATE}"
echo "Creating PR with title: ${TITLE} from branch ${BRANCH_NAME}"
- gh pr create \
+ if ! gh pr create \
--base staging \
--head "${BRANCH_NAME}" \
--title "${TITLE}" \
--label release \
--label automated \
--label staging \
- --body-file pr_body.md
+ --body-file pr_body.md; then
+ echo "β ERROR: Failed to create PR"
+ exit 1
+ fi
+
+ echo "β
PR created successfully"
release_to_production:
name: Create staging to main release PR
runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ pull-requests: write
+ issues: write
steps:
- name: Guard Sunday schedule
id: guard_schedule
@@ -242,7 +264,7 @@ jobs:
if: ${{ steps.guard_schedule.outputs.continue == 'true' }}
id: production_status
env:
- GH_TOKEN: ${{ github.token }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
set -euo pipefail
@@ -287,24 +309,20 @@ jobs:
- name: Ensure release labels exist
if: ${{ steps.guard_schedule.outputs.continue == 'true' && steps.production_status.outputs.staging_not_ahead != 'true' && steps.production_status.outputs.existing_pr == '' }}
env:
- GH_TOKEN: ${{ github.token }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
set -euo pipefail
for LABEL in release automated production; do
- if ! gh label list --json name --jq '.[].name' | grep -q "^${LABEL}$"; then
- echo "Creating missing label: ${LABEL}"
- gh label create "${LABEL}" --color BFD4F2
- else
- echo "Label ${LABEL} already exists."
- fi
+ echo "Ensuring label exists: ${LABEL}"
+ gh label create "${LABEL}" --color BFD4F2 --force || true
done
- name: Create staging to main release PR
if: ${{ steps.guard_schedule.outputs.continue == 'true' && steps.production_status.outputs.staging_not_ahead != 'true' && steps.production_status.outputs.existing_pr == '' }}
env:
- GH_TOKEN: ${{ secrets.SELFXYZ_INTERNAL_REPO_PAT }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_DATE: ${{ steps.production_status.outputs.date }}
COMMITS_AHEAD: ${{ steps.production_status.outputs.commits }}
shell: bash
diff --git a/.gitignore b/.gitignore
index 30a70af10..2809ef0c7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,7 @@ mobile-sdk-alpha-ci.tgz
**/mobile-sdk-alpha-*.tgz
/tmp/mobile-sdk-alpha*.tgz
dataInput.d.ts
+packages/mobile-sdk-alpha/docs/docstrings-report.json
# Private Android modules (cloned at build time)
app/android/android-passport-nfc-reader/
diff --git a/app/Gemfile.lock b/app/Gemfile.lock
index 8b97a10a4..d923869b7 100644
--- a/app/Gemfile.lock
+++ b/app/Gemfile.lock
@@ -5,7 +5,7 @@ GEM
base64
nkf
rexml
- activesupport (7.2.2.2)
+ activesupport (7.2.3)
base64
benchmark (>= 0.3)
bigdecimal
@@ -25,8 +25,8 @@ GEM
artifactory (3.0.17)
atomos (0.1.3)
aws-eventstream (1.4.0)
- aws-partitions (1.1173.0)
- aws-sdk-core (3.233.0)
+ aws-partitions (1.1178.0)
+ aws-sdk-core (3.235.0)
aws-eventstream (~> 1, >= 1.3.0)
aws-partitions (~> 1, >= 1.992.0)
aws-sigv4 (~> 1.9)
@@ -34,18 +34,18 @@ GEM
bigdecimal
jmespath (~> 1, >= 1.6.1)
logger
- aws-sdk-kms (1.114.0)
- aws-sdk-core (~> 3, >= 3.231.0)
+ aws-sdk-kms (1.115.0)
+ aws-sdk-core (~> 3, >= 3.234.0)
aws-sigv4 (~> 1.5)
- aws-sdk-s3 (1.200.0)
- aws-sdk-core (~> 3, >= 3.231.0)
+ aws-sdk-s3 (1.202.0)
+ aws-sdk-core (~> 3, >= 3.234.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.5)
aws-sigv4 (1.12.1)
aws-eventstream (~> 1, >= 1.0.2)
babosa (1.0.4)
base64 (0.3.0)
- benchmark (0.4.1)
+ benchmark (0.5.0)
bigdecimal (3.3.1)
claide (1.1.0)
cocoapods (1.16.2)
@@ -225,7 +225,7 @@ GEM
i18n (1.14.7)
concurrent-ruby (~> 1.0)
jmespath (1.6.2)
- json (2.15.1)
+ json (2.15.2)
jwt (2.10.2)
base64
logger (1.7.0)
@@ -250,7 +250,7 @@ GEM
plist (3.7.2)
public_suffix (4.0.7)
racc (1.8.1)
- rake (13.3.0)
+ rake (13.3.1)
representable (3.2.0)
declarative (< 0.1.0)
trailblazer-option (>= 0.1.1, < 0.2.0)
diff --git a/app/README.md b/app/README.md
index 545ca7b90..9ec0dca8f 100644
--- a/app/README.md
+++ b/app/README.md
@@ -30,7 +30,7 @@
## Installation
-> All of the commands in this guide are run from the `self/app` directory
+> All of the commands in this guide are run from the `app` directory
Install dependencies + build
@@ -144,8 +144,6 @@ Press `a` to open the app on Android.
To view the Android logs, use the Logcat feature in Android Studio, or use the `adb logcat` command-line tool.
-**EDIT**: to test the app on android, see [this issue](https://github.com/zk-passport/openpassport/issues/191) temporarily
-
### iOS
> :warning: To run the app on iOS, you will need a paying Apple Developer account. Free accounts can't run apps that use NFC reading.
@@ -170,43 +168,6 @@ To enable it, open Xcode and go to **Product > Destination > Show All Run Destin
> **Note:** This is a simulator-specific issue - the app itself runs natively on ARM64 devices and builds without issues.
-#### react-native-haptic-feedback v2.3.3
-
-To create a successful build, "Target Membership" for the AudioToolbox.framework needs to be updated.
-
-Pods Project > Frameworks > iOS > AudioToolbox.framework
-
-Then click on the "+" button in the "Target Membership" box and add `RNReactNativeHapticFeedback`
-
-[more info](https://github.com/mkuczera/react-native-haptic-feedback/issues/142)
-
-## Modify the circuits
-
-If you want to modify the circuits, you'll have to adapt a few things.
-
-First, go to the `circuit` folder of the monorepo, modify the circuits and build them.
-
-Then, upload the zipped zkeys and dat files at publicly available urls and replace the urls in `app/src/utils/zkeyDownload.ts`.
-
-Adapt the input generation in `common/src/utils/generateInputs.ts`, and adapt and redeploy the contracts.
-
-### Android
-
-Make sure that `ANDROID_NDK_VERSION` and `ANDROID_NDK` are defined as per the instructions above. Then build the android native module:
-
-```
-./scripts/build_android_module.sh
-```
-
-### iOS
-
-Find your [development team id](https://chat.openai.com/share/9d52c37f-d9da-4a62-acb9-9e4ee8179f95) and run:
-
-```
-export DEVELOPMENT_TEAM=""
-./scripts/build_ios_module.sh
-```
-
## π Deployment & Release
### Quick Commands
@@ -405,6 +366,6 @@ watchman shutdown-server
The `yarn reinstall` command deletes your `yarn.lock` and `package-lock.json` files and re-installs all dependencies from scratch. **This means you may get newer versions of packages than before, even if your `package.json` specifies loose version ranges.** This can sometimes introduce breaking changes or incompatibilities.
-For example, as of this writing (July 29, 2024), a minor update to the Sentry Cocoa SDK (`sentry-cocoa`) breaks Xcode builds ([see issue](https://github.com/getsentry/sentry-cocoa/issues/5648)). If you run into unexpected build failures after a reinstall, check for updated dependencies and consider pinning versions or restoring your previous lockfile.
+If you run into unexpected build failures after a reinstall, check for updated dependencies and consider pinning versions or restoring your previous lockfile.
**Tip:** After running `yarn reinstall`, if you encounter new build issues, compare your new `yarn.lock` (or `package-lock.json`) with the previous version. Look for any package version changes, especially for critical dependencies. Sometimes, a seemingly minor update can introduce breaking changes. If you find a problematic update, you may need to revert to the previous lockfile or explicitly pin the affected package version in your `package.json` to restore a working build.
diff --git a/app/android/app/build.gradle b/app/android/app/build.gradle
index e34e24aab..8947a5f5f 100644
--- a/app/android/app/build.gradle
+++ b/app/android/app/build.gradle
@@ -129,8 +129,8 @@ android {
applicationId "com.proofofpassportapp"
minSdkVersion rootProject.ext.minSdkVersion
targetSdkVersion rootProject.ext.targetSdkVersion
- versionCode 108
- versionName "2.7.0"
+ versionCode 113
+ versionName "2.7.3"
manifestPlaceholders = [appAuthRedirectScheme: 'com.proofofpassportapp']
externalNativeBuild {
cmake {
diff --git a/app/android/react-native-passport-reader/android/build.gradle b/app/android/react-native-passport-reader/android/build.gradle
index 0c8dd3a86..d5f3ff8b3 100644
--- a/app/android/react-native-passport-reader/android/build.gradle
+++ b/app/android/react-native-passport-reader/android/build.gradle
@@ -5,10 +5,10 @@ android {
namespace "io.tradle.nfc"
// Use NDK that supports 16k page size
ndkVersion = "27.0.12077973"
- compileSdkVersion 33
+ compileSdkVersion 35
defaultConfig {
minSdkVersion 21
- targetSdkVersion 33
+ targetSdkVersion 35
versionCode 1
versionName "1.0"
multiDexEnabled = true
diff --git a/app/ios/OpenPassport/Info.plist b/app/ios/OpenPassport/Info.plist
index 85cedb878..665dfb497 100644
--- a/app/ios/OpenPassport/Info.plist
+++ b/app/ios/OpenPassport/Info.plist
@@ -21,7 +21,7 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 2.7.1
+ 2.7.3
CFBundleSignature
????
CFBundleURLTypes
diff --git a/app/ios/Podfile.lock b/app/ios/Podfile.lock
index 5f77b43f0..84084a941 100644
--- a/app/ios/Podfile.lock
+++ b/app/ios/Podfile.lock
@@ -173,10 +173,6 @@ PODS:
- Mixpanel-swift (5.0.0):
- Mixpanel-swift/Complete (= 5.0.0)
- Mixpanel-swift/Complete (5.0.0)
- - mobile-sdk-alpha (0.1.0):
- - NFCPassportReader
- - QKMRZParser
- - React-Core
- nanopb (2.30910.0):
- nanopb/decode (= 2.30910.0)
- nanopb/encode (= 2.30910.0)
@@ -2161,7 +2157,6 @@ DEPENDENCIES:
- lottie-ios
- lottie-react-native (from `../node_modules/lottie-react-native`)
- Mixpanel-swift (~> 5.0.0)
- - "mobile-sdk-alpha (from `../node_modules/@selfxyz/mobile-sdk-alpha`)"
- "NFCPassportReader (from `git@github.com:selfxyz/NFCPassportReader.git`, commit `9eff7c4e3a9037fdc1e03301584e0d5dcf14d76b`)"
- QKMRZScanner
- RCT-Folly (from `../node_modules/react-native/third-party-podspecs/RCT-Folly.podspec`)
@@ -2296,8 +2291,6 @@ EXTERNAL SOURCES:
:tag: hermes-2024-11-12-RNv0.76.2-5b4aa20c719830dcf5684832b89a6edb95ac3d64
lottie-react-native:
:path: "../node_modules/lottie-react-native"
- mobile-sdk-alpha:
- :path: "../node_modules/@selfxyz/mobile-sdk-alpha"
NFCPassportReader:
:commit: 9eff7c4e3a9037fdc1e03301584e0d5dcf14d76b
:git: "git@github.com:selfxyz/NFCPassportReader.git"
@@ -2502,7 +2495,6 @@ SPEC CHECKSUMS:
lottie-ios: a881093fab623c467d3bce374367755c272bdd59
lottie-react-native: 7bb65bc88d3f9996ea2f646a96694285405df2f9
Mixpanel-swift: e9bef28a9648faff384d5ba6f48ecc2787eb24c0
- mobile-sdk-alpha: 126edf71b65b5a9e294725e4353c2705fa0fd20d
nanopb: 438bc412db1928dac798aa6fd75726007be04262
NFCPassportReader: 48873f856f91215dbfa1eaaec20eae639672862e
OpenSSL-Universal: 84efb8a29841f2764ac5403e0c4119a28b713346
diff --git a/app/ios/Self.xcodeproj/project.pbxproj b/app/ios/Self.xcodeproj/project.pbxproj
index 81499461f..704a618d5 100644
--- a/app/ios/Self.xcodeproj/project.pbxproj
+++ b/app/ios/Self.xcodeproj/project.pbxproj
@@ -542,7 +542,7 @@
"$(PROJECT_DIR)",
"$(PROJECT_DIR)/MoproKit/Libs",
);
- MARKETING_VERSION = 2.7.1;
+ MARKETING_VERSION = 2.7.3;
OTHER_LDFLAGS = (
"$(inherited)",
"-ObjC",
@@ -682,7 +682,7 @@
"$(PROJECT_DIR)",
"$(PROJECT_DIR)/MoproKit/Libs",
);
- MARKETING_VERSION = 2.7.1;
+ MARKETING_VERSION = 2.7.3;
OTHER_LDFLAGS = (
"$(inherited)",
"-ObjC",
diff --git a/app/package.json b/app/package.json
index 27227da19..77a768b30 100644
--- a/app/package.json
+++ b/app/package.json
@@ -1,6 +1,6 @@
{
"name": "@selfxyz/mobile-app",
- "version": "2.7.1",
+ "version": "2.7.3",
"private": true,
"type": "module",
"scripts": {
diff --git a/app/src/global.d.ts b/app/src/global.d.ts
index d790ba4ff..ff563cc7c 100644
--- a/app/src/global.d.ts
+++ b/app/src/global.d.ts
@@ -3,6 +3,7 @@
// NOTE: Converts to Apache-2.0 on 2029-06-11 per LICENSE.
declare module '*.json' {
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
const value: any;
export default value;
}
diff --git a/app/src/providers/authProvider.tsx b/app/src/providers/authProvider.tsx
index d4bd8dd48..92fb1cf8f 100644
--- a/app/src/providers/authProvider.tsx
+++ b/app/src/providers/authProvider.tsx
@@ -319,6 +319,45 @@ export const AuthProvider = ({
return {children};
};
+function _generateAddressFromMnemonic(mnemonic: string, index: number): string {
+ const wallet = ethers.HDNodeWallet.fromPhrase(
+ mnemonic,
+ undefined,
+ `m/44'/60'/0'/0/${index}`,
+ );
+ return wallet.address;
+}
+
+/**
+ * Gets the second address if it exists, or generates and stores it if not.
+ * By Generate, it means we need the user's biometric auth.
+ *
+ * Flow is, when the user visits the points screen for the first time, we need to generate the points address.
+ */
+export async function getOrGeneratePointsAddress(): Promise {
+ const pointsAddress = useSettingStore.getState().pointsAddress;
+ if (pointsAddress) {
+ return pointsAddress;
+ }
+
+ const mnemonicData = await _getSecurely(
+ keychainOptions => loadOrCreateMnemonic(keychainOptions),
+ str => JSON.parse(str),
+ { requireAuth: true },
+ );
+
+ if (!mnemonicData?.data?.phrase) {
+ throw new Error(
+ 'Failed to retrieve mnemonic for points address generation',
+ );
+ }
+
+ const pointsAddr = _generateAddressFromMnemonic(mnemonicData.data.phrase, 1);
+
+ useSettingStore.getState().setPointsAddress(pointsAddr);
+ return pointsAddr;
+}
+
export async function hasSecretStored() {
const seed = await Keychain.getGenericPassword({ service: SERVICE_NAME });
return !!seed;
diff --git a/app/src/screens/documents/management/ManageDocumentsScreen.tsx b/app/src/screens/documents/management/ManageDocumentsScreen.tsx
index 94d82d20f..05583fbe5 100644
--- a/app/src/screens/documents/management/ManageDocumentsScreen.tsx
+++ b/app/src/screens/documents/management/ManageDocumentsScreen.tsx
@@ -307,16 +307,6 @@ const ManageDocumentsScreen: React.FC = () => {
-
- Add New Document
-
-
Add New Document
diff --git a/app/src/stores/settingStore.ts b/app/src/stores/settingStore.ts
index ab5124039..c1c2f0545 100644
--- a/app/src/stores/settingStore.ts
+++ b/app/src/stores/settingStore.ts
@@ -28,6 +28,8 @@ interface PersistedSettingsState {
setSubscribedTopics: (topics: string[]) => void;
addSubscribedTopic: (topic: string) => void;
removeSubscribedTopic: (topic: string) => void;
+ pointsAddress: string | null;
+ setPointsAddress: (address: string | null) => void;
}
interface NonPersistedSettingsState {
@@ -96,6 +98,10 @@ export const useSettingStore = create()(
subscribedTopics: state.subscribedTopics.filter(t => t !== topic),
})),
+ pointsAddress: null,
+ setPointsAddress: (address: string | null) =>
+ set({ pointsAddress: address }),
+
// Non-persisted state (will not be saved to storage)
hideNetworkModal: false,
setHideNetworkModal: (hideNetworkModal: boolean) => {
diff --git a/app/src/utils/proving/validateDocument.ts b/app/src/utils/proving/validateDocument.ts
index 360603764..760633d12 100644
--- a/app/src/utils/proving/validateDocument.ts
+++ b/app/src/utils/proving/validateDocument.ts
@@ -3,7 +3,10 @@
// NOTE: Converts to Apache-2.0 on 2029-06-11 per LICENSE.
import type { DocumentCategory, PassportData } from '@selfxyz/common/types';
-import { isUserRegistered } from '@selfxyz/common/utils/passports/validate';
+import {
+ type AlternativeCSCA,
+ isUserRegisteredWithAlternativeCSCA,
+} from '@selfxyz/common/utils/passports/validate';
import type {
PassportValidationCallbacks,
SelfClient,
@@ -19,6 +22,7 @@ import {
getAllDocumentsDirectlyFromKeychain,
loadPassportDataAndSecret,
loadSelectedDocumentDirectlyFromKeychain,
+ reStorePassportDataWithRightCSCA,
setSelectedDocument,
storePassportData,
updateDocumentRegistrationState,
@@ -138,17 +142,35 @@ export async function checkAndUpdateRegistrationStates(
}
const { secret } = JSON.parse(passportDataAndSecret);
- const isRegistered = await isUserRegistered(
+ const { useProtocolStore } = selfClient;
+
+ // Check if user is registered with alternative CSCA
+ const { isRegistered, csca } = await isUserRegisteredWithAlternativeCSCA(
migratedPassportData,
secret,
- (docCategory: DocumentCategory) =>
- getCommitmentTree(selfClient, docCategory),
+ {
+ getCommitmentTree: docCategory =>
+ getCommitmentTree(selfClient, docCategory),
+ getAltCSCA: docCategory =>
+ getAlternativeCSCA(useProtocolStore, docCategory),
+ },
);
// Update the registration state in the document metadata
await updateDocumentRegistrationState(documentId, isRegistered);
if (isRegistered) {
+ // Update passport data with the correct CSCA if one was found
+ // Only restore for passport/id_card documents; Aadhaar uses public keys and
+ // doesn't need CSCA restoration.
+ if (
+ csca &&
+ (migratedPassportData.documentCategory === 'passport' ||
+ migratedPassportData.documentCategory === 'id_card')
+ ) {
+ await reStorePassportDataWithRightCSCA(migratedPassportData, csca);
+ }
+
trackEvent(DocumentEvents.DOCUMENT_VALIDATED, {
documentId,
documentCategory,
@@ -174,6 +196,26 @@ export async function checkAndUpdateRegistrationStates(
if (__DEV__) console.log('Registration state check and update completed');
}
+/**
+ * Helper function to get alternative CSCA or public keys for a document category.
+ * For Aadhaar documents, returns public keys. For passports/ID cards, returns alternative CSCAs.
+ */
+export function getAlternativeCSCA(
+ useProtocolStore: SelfClient['useProtocolStore'],
+ docCategory: DocumentCategory,
+): AlternativeCSCA {
+ if (docCategory === 'aadhaar') {
+ const publicKeys = useProtocolStore.getState().aadhaar.public_keys;
+ // Convert string[] to Record format expected by AlternativeCSCA
+ return publicKeys
+ ? Object.fromEntries(
+ publicKeys.map((key, index) => [`public_key_${index}`, key]),
+ )
+ : {};
+ }
+ return useProtocolStore.getState()[docCategory].alternative_csca;
+}
+
// UNUSED?
type MigratedPassportData = Omit & {
diff --git a/app/tests/src/screens/WebViewScreen.test.tsx b/app/tests/src/screens/WebViewScreen.test.tsx
index 0c4a2e1c3..604cb6ee7 100644
--- a/app/tests/src/screens/WebViewScreen.test.tsx
+++ b/app/tests/src/screens/WebViewScreen.test.tsx
@@ -9,10 +9,10 @@ import { render, screen, waitFor } from '@testing-library/react-native';
import { WebViewScreen } from '@/screens/shared/WebViewScreen';
jest.mock('react-native-webview', () => {
- const React = require('react');
+ const ReactModule = require('react');
const { View } = require('react-native');
- const MockWebView = React.forwardRef((props: any, _ref) => {
- return React.createElement(View, { testID: 'webview', ...props });
+ const MockWebView = ReactModule.forwardRef((props: any, _ref) => {
+ return ReactModule.createElement(View, { testID: 'webview', ...props });
});
MockWebView.displayName = 'MockWebView';
return {
diff --git a/app/tests/src/utils/proving/validateDocument.test.ts b/app/tests/src/utils/proving/validateDocument.test.ts
index 6efdec137..918cc5d97 100644
--- a/app/tests/src/utils/proving/validateDocument.test.ts
+++ b/app/tests/src/utils/proving/validateDocument.test.ts
@@ -3,193 +3,570 @@
// NOTE: Converts to Apache-2.0 on 2029-06-11 per LICENSE.
import type { PassportData } from '@selfxyz/common/types';
-import { isPassportDataValid } from '@selfxyz/mobile-sdk-alpha';
+import type { SelfClient } from '@selfxyz/mobile-sdk-alpha';
+import { DocumentEvents } from '@selfxyz/mobile-sdk-alpha/constants/analytics';
+
+// Import functions to test AFTER mocks are set up
+import {
+ checkAndUpdateRegistrationStates,
+ getAlternativeCSCA,
+} from '@/utils/proving/validateDocument';
// Mock the analytics module to avoid side effects in tests
-jest.mock('@/utils/analytics', () => ({
- __esModule: true,
- default: () => ({
- trackEvent: jest.fn(),
- }),
-}));
+let mockTrackEvent: jest.Mock;
+jest.mock('@/utils/analytics', () => {
+ mockTrackEvent = jest.fn();
+ return () => ({
+ trackEvent: mockTrackEvent,
+ });
+});
// Mock the passport data provider to avoid database operations
+const mockGetAllDocumentsDirectlyFromKeychain = jest.fn();
+const mockLoadSelectedDocumentDirectlyFromKeychain = jest.fn();
+const mockLoadPassportDataAndSecret = jest.fn();
+const mockSetSelectedDocument = jest.fn();
+const mockStorePassportData = jest.fn();
+const mockUpdateDocumentRegistrationState = jest.fn();
+const mockReStorePassportDataWithRightCSCA = jest.fn();
+
jest.mock('@/providers/passportDataProvider', () => ({
getAllDocuments: jest.fn(),
+ getAllDocumentsDirectlyFromKeychain: jest.fn((...args: unknown[]) =>
+ mockGetAllDocumentsDirectlyFromKeychain(...args),
+ ),
loadDocumentCatalog: jest.fn(),
- loadPassportDataAndSecret: jest.fn(),
+ loadPassportDataAndSecret: jest.fn((...args: unknown[]) =>
+ mockLoadPassportDataAndSecret(...args),
+ ),
loadSelectedDocument: jest.fn(),
- setSelectedDocument: jest.fn(),
- storePassportData: jest.fn(),
- updateDocumentRegistrationState: jest.fn(),
+ loadSelectedDocumentDirectlyFromKeychain: jest.fn((...args: unknown[]) =>
+ mockLoadSelectedDocumentDirectlyFromKeychain(...args),
+ ),
+ setSelectedDocument: jest.fn((...args: unknown[]) =>
+ mockSetSelectedDocument(...args),
+ ),
+ storePassportData: jest.fn((...args: unknown[]) =>
+ mockStorePassportData(...args),
+ ),
+ updateDocumentRegistrationState: jest.fn((...args: unknown[]) =>
+ mockUpdateDocumentRegistrationState(...args),
+ ),
+ reStorePassportDataWithRightCSCA: jest.fn((...args: unknown[]) =>
+ mockReStorePassportDataWithRightCSCA(...args),
+ ),
}));
+// Reusable default deployed circuits for initial store state
+const defaultDeployedCircuits: {
+ REGISTER: string[];
+ REGISTER_ID: string[];
+ DSC: string[];
+ DSC_ID: string[];
+} = {
+ REGISTER: ['test_register'],
+ REGISTER_ID: ['test_register_id'],
+ DSC: ['test_dsc'],
+ DSC_ID: ['test_dsc_id'],
+};
+
// Mock the protocol store to avoid complex state management
-jest.mock('@selfxyz/mobile-sdk-alpha/stores', () => ({
- useProtocolStore: {
- getState: jest.fn(() => ({
- passport: {
- fetch_all: jest.fn(),
- deployed_circuits: {
- REGISTER: ['test_register'],
- REGISTER_ID: ['test_register_id'],
- DSC: ['test_dsc'],
- DSC_ID: ['test_dsc_id'],
- },
- commitment_tree: 'test_tree',
- alternative_csca: {},
- },
- id_card: {
- fetch_all: jest.fn(),
- deployed_circuits: {
- REGISTER: ['test_register'],
- REGISTER_ID: ['test_register_id'],
- DSC: ['test_dsc'],
- DSC_ID: ['test_dsc_id'],
- },
- commitment_tree: 'test_tree',
- alternative_csca: {},
- },
- })),
+const mockGetState = jest.fn(() => ({
+ passport: {
+ fetch_all: jest.fn(),
+ deployed_circuits: { ...defaultDeployedCircuits },
+ commitment_tree: 'test_tree',
+ alternative_csca: {},
+ },
+ id_card: {
+ fetch_all: jest.fn(),
+ deployed_circuits: { ...defaultDeployedCircuits },
+ commitment_tree: 'test_tree',
+ alternative_csca: {},
+ },
+ aadhaar: {
+ public_keys: [] as string[] | null,
+ commitment_tree: 'test_tree',
},
}));
-/**
- * Creates a Self SDK client with minimal mock adapters for tests.
- */
-function createTestClient() {
- const { createSelfClient } = require('@selfxyz/mobile-sdk-alpha');
- return createSelfClient({
- config: {},
- adapters: {
- auth: { getPrivateKey: jest.fn() },
- scanner: { scan: jest.fn() },
- network: {
- http: { fetch: jest.fn() },
- ws: {
- connect: jest.fn(() => ({
- send: jest.fn(),
- close: jest.fn(),
- onMessage: jest.fn(),
- onError: jest.fn(),
- onClose: jest.fn(),
- })),
- },
- },
- crypto: {
- hash: jest.fn(),
- sign: jest.fn(),
- },
- documents: {
- loadDocumentCatalog: jest.fn(),
- loadDocumentById: jest.fn(),
- },
- },
- });
+const mockFetchAllTreesAndCircuits = jest.fn();
+const mockGetCommitmentTree = jest.fn();
+
+jest.mock('@selfxyz/mobile-sdk-alpha/stores', () => ({
+ useProtocolStore: {
+ getState: jest.fn(() => mockGetState()),
+ },
+ fetchAllTreesAndCircuits: jest.fn((...args: unknown[]) =>
+ mockFetchAllTreesAndCircuits(...args),
+ ),
+ getCommitmentTree: jest.fn((...args: unknown[]) =>
+ mockGetCommitmentTree(...args),
+ ),
+}));
+
+// DRY helpers for repeated protocol state shapes in tests
+const emptyDeployedCircuits = {
+ REGISTER: [] as string[],
+ REGISTER_ID: [] as string[],
+ DSC: [] as string[],
+ DSC_ID: [] as string[],
+};
+
+function buildModuleState(alternative: Record = {}) {
+ return {
+ fetch_all: jest.fn(),
+ deployed_circuits: { ...emptyDeployedCircuits },
+ commitment_tree: 'test_tree',
+ alternative_csca: alternative,
+ };
}
-/** Sample ICAO-compliant MRZ string for parsing tests. */
-const validMrz = `P;
+ idAlt?: Record;
+ aadhaarKeys?: string[] | null;
+}) {
+ return {
+ passport: buildModuleState(params?.passportAlt ?? {}),
+ id_card: buildModuleState(params?.idAlt ?? {}),
+ aadhaar: {
+ public_keys: (params?.aadhaarKeys ?? []) as string[] | null,
+ commitment_tree: 'test_tree',
+ },
+ };
+}
-/** Intentionally malformed MRZ string to exercise error handling. */
-const invalidMrz = 'NOT_A_VALID_MRZ';
+// Mock the validation utilities
+const mockIsUserRegisteredWithAlternativeCSCA = jest.fn();
+jest.mock('@selfxyz/common/utils/passports/validate', () => ({
+ isUserRegisteredWithAlternativeCSCA: jest.fn((...args: unknown[]) =>
+ mockIsUserRegisteredWithAlternativeCSCA(...args),
+ ),
+}));
-describe('validateDocument - Real mobile-sdk-alpha Integration (PII-safe)', () => {
- it('should use the real isPassportDataValid function with synthetic passport data', () => {
- // This test verifies that we're using the real function, not a mock
- expect(typeof isPassportDataValid).toBe('function');
-
- // The real function should be callable
- expect(typeof isPassportDataValid).toBe('function');
-
- // Test with realistic, synthetic passport data (NEVER real user data)
- const mockPassportData: PassportData = {
- documentCategory: 'passport',
- mock: true,
- mrz: 'P {
- isPassportDataValid(mockPassportData, callbacks);
- }).not.toThrow();
+describe('getAlternativeCSCA', () => {
+ beforeEach(() => {
+ jest.clearAllMocks();
});
- it('should handle validation errors through callbacks', () => {
- const invalidPassportData = {
- documentCategory: 'passport',
- mock: true,
- // Missing required fields to trigger validation errors
- } as PassportData;
+ it('should return public keys in Record format for Aadhaar with valid public keys', () => {
+ const mockPublicKeys = ['key1', 'key2', 'key3'];
+ mockGetState.mockReturnValue(buildState({ aadhaarKeys: mockPublicKeys }));
- const callbacks = {
- onPassportDataNull: jest.fn(),
- onPassportMetadataNull: jest.fn(),
- onDg1HashFunctionNull: jest.fn(),
- onEContentHashFunctionNull: jest.fn(),
- onSignedAttrHashFunctionNull: jest.fn(),
- onDg1HashMismatch: jest.fn(),
- onUnsupportedHashAlgorithm: jest.fn(),
- onDg1HashMissing: jest.fn(),
- };
+ const mockUseProtocolStore = { getState: mockGetState } as any;
+ const result = getAlternativeCSCA(mockUseProtocolStore, 'aadhaar');
- // This should call the real validation function and trigger callbacks
- const result = isPassportDataValid(invalidPassportData, callbacks);
-
- // The real function should return false for invalid data
- expect(result).toBe(false);
-
- // Some callbacks should have been called due to missing data
- expect(callbacks.onPassportMetadataNull).toHaveBeenCalled();
+ expect(result).toEqual({
+ public_key_0: 'key1',
+ public_key_1: 'key2',
+ public_key_2: 'key3',
+ });
});
- it('should expose extractMRZInfo via a self client instance', () => {
- const client = createTestClient();
- expect(typeof client.extractMRZInfo).toBe('function');
+ it('should return empty object for Aadhaar with no public keys', () => {
+ mockGetState.mockReturnValue(buildState({ aadhaarKeys: null }));
+
+ const mockUseProtocolStore = { getState: mockGetState } as any;
+ const result = getAlternativeCSCA(mockUseProtocolStore, 'aadhaar');
+
+ expect(result).toEqual({});
});
- it('parses a valid MRZ string', () => {
- const client = createTestClient();
- const info = client.extractMRZInfo(validMrz);
- expect(info.documentNumber).toBe('L898902C3');
- expect(info.validation).toBeDefined();
- expect(info.validation?.overall).toBe(true);
+ it('should return empty object for Aadhaar with empty public keys array', () => {
+ mockGetState.mockReturnValue(buildState({ aadhaarKeys: [] }));
+
+ const mockUseProtocolStore = { getState: mockGetState } as any;
+ const result = getAlternativeCSCA(mockUseProtocolStore, 'aadhaar');
+
+ expect(result).toEqual({});
});
- it('throws on malformed MRZ input', () => {
- const client = createTestClient();
- expect(() => client.extractMRZInfo(invalidMrz)).toThrow();
+ it('should return alternative_csca for passport', () => {
+ const mockAlternativeCSCA = { csca1: 'cert1', csca2: 'cert2' };
+ mockGetState.mockReturnValue(
+ buildState({ passportAlt: mockAlternativeCSCA }),
+ );
+
+ const mockUseProtocolStore = { getState: mockGetState } as any;
+ const result = getAlternativeCSCA(mockUseProtocolStore, 'passport');
+
+ expect(result).toEqual(mockAlternativeCSCA);
+ });
+
+ it('should return alternative_csca for id_card', () => {
+ const mockAlternativeCSCA = { csca1: 'id_cert1', csca2: 'id_cert2' };
+ mockGetState.mockReturnValue(buildState({ idAlt: mockAlternativeCSCA }));
+
+ const mockUseProtocolStore = { getState: mockGetState } as any;
+ const result = getAlternativeCSCA(mockUseProtocolStore, 'id_card');
+
+ expect(result).toEqual(mockAlternativeCSCA);
+ });
+
+ it('should return empty object for passport with no alternative_csca', () => {
+ mockGetState.mockReturnValue(buildState());
+
+ const mockUseProtocolStore = { getState: mockGetState } as any;
+ const result = getAlternativeCSCA(mockUseProtocolStore, 'passport');
+
+ expect(result).toEqual({});
+ });
+});
+
+describe('checkAndUpdateRegistrationStates', () => {
+ let mockSelfClient: SelfClient;
+ const mockPassportData = {
+ documentCategory: 'passport',
+ documentType: 'passport',
+ mock: true,
+ mrz: 'P {
+ jest.clearAllMocks();
+ mockGetState.mockReturnValue(
+ buildState({
+ passportAlt: { csca1: 'cert1' },
+ idAlt: { csca1: 'cert1' },
+ aadhaarKeys: ['key1', 'key2'],
+ }),
+ );
+
+ mockSelfClient = {
+ useProtocolStore: { getState: mockGetState },
+ } as unknown as SelfClient;
+
+ mockFetchAllTreesAndCircuits.mockResolvedValue(undefined);
+ mockGetCommitmentTree.mockReturnValue('mock_tree');
+ });
+
+ it('should call reStorePassportDataWithRightCSCA when document is registered with alternative CSCA (passport)', async () => {
+ const mockCSCA =
+ '-----BEGIN CERTIFICATE-----\nMOCK_CSCA_CERT_DATA\n-----END CERTIFICATE-----';
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: mockPassportData },
+ });
+ mockLoadSelectedDocumentDirectlyFromKeychain.mockResolvedValue({
+ data: mockPassportData,
+ });
+ mockLoadPassportDataAndSecret.mockResolvedValue(
+ JSON.stringify({ data: mockPassportData, secret: 'test_secret' }),
+ );
+ mockIsUserRegisteredWithAlternativeCSCA.mockResolvedValue({
+ isRegistered: true,
+ csca: mockCSCA,
+ });
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ expect(mockIsUserRegisteredWithAlternativeCSCA).toHaveBeenCalledWith(
+ mockPassportData,
+ 'test_secret',
+ expect.objectContaining({
+ getCommitmentTree: expect.any(Function),
+ getAltCSCA: expect.any(Function),
+ }),
+ );
+ expect(mockReStorePassportDataWithRightCSCA).toHaveBeenCalledWith(
+ mockPassportData,
+ mockCSCA,
+ );
+ expect(mockUpdateDocumentRegistrationState).toHaveBeenCalledWith(
+ 'doc1',
+ true,
+ );
+ expect(mockTrackEvent).toHaveBeenCalledWith(
+ DocumentEvents.DOCUMENT_VALIDATED,
+ expect.objectContaining({
+ documentId: 'doc1',
+ documentCategory: 'passport',
+ mock: true,
+ }),
+ );
+ });
+
+ it('should update registration state to false when document is not registered', async () => {
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: mockPassportData },
+ });
+ mockLoadSelectedDocumentDirectlyFromKeychain.mockResolvedValue({
+ data: mockPassportData,
+ });
+ mockLoadPassportDataAndSecret.mockResolvedValue(
+ JSON.stringify({ data: mockPassportData, secret: 'test_secret' }),
+ );
+ mockIsUserRegisteredWithAlternativeCSCA.mockResolvedValue({
+ isRegistered: false,
+ csca: null,
+ });
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ expect(mockUpdateDocumentRegistrationState).toHaveBeenCalledWith(
+ 'doc1',
+ false,
+ );
+ expect(mockReStorePassportDataWithRightCSCA).not.toHaveBeenCalled();
+ expect(mockTrackEvent).not.toHaveBeenCalledWith(
+ DocumentEvents.DOCUMENT_VALIDATED,
+ expect.anything(),
+ );
+ });
+
+ it('should skip invalid passport data and track validation failure', async () => {
+ const invalidData = {
+ documentCategory: 'passport',
+ mock: true,
+ } as PassportData;
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: invalidData },
+ });
+ mockLoadSelectedDocumentDirectlyFromKeychain.mockResolvedValue({
+ data: invalidData,
+ });
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ expect(mockIsUserRegisteredWithAlternativeCSCA).not.toHaveBeenCalled();
+ expect(mockUpdateDocumentRegistrationState).not.toHaveBeenCalled();
+ expect(mockTrackEvent).toHaveBeenCalledWith(
+ DocumentEvents.VALIDATE_DOCUMENT_FAILED,
+ expect.objectContaining({
+ error: 'Passport data is not valid',
+ documentId: 'doc1',
+ }),
+ );
+ });
+
+ it('should skip document with missing authority key identifier', async () => {
+ const dataWithoutKeyId = {
+ ...mockPassportData,
+ dsc_parsed: {
+ ...mockPassportData.dsc_parsed,
+ authorityKeyIdentifier: undefined,
+ },
+ };
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: dataWithoutKeyId },
+ });
+ mockLoadSelectedDocumentDirectlyFromKeychain.mockResolvedValue({
+ data: dataWithoutKeyId,
+ });
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ expect(mockFetchAllTreesAndCircuits).not.toHaveBeenCalled();
+ expect(mockIsUserRegisteredWithAlternativeCSCA).not.toHaveBeenCalled();
+ expect(mockTrackEvent).toHaveBeenCalledWith(
+ DocumentEvents.VALIDATE_DOCUMENT_FAILED,
+ expect.objectContaining({
+ error: 'Authority key identifier is null',
+ documentId: 'doc1',
+ }),
+ );
+ });
+
+ it('should handle multiple documents with mixed registration states', async () => {
+ const doc1Data = { ...mockPassportData };
+ const doc2Data = {
+ ...mockPassportData,
+ documentCategory: 'id_card' as const,
+ };
+ const doc3Data = { ...mockPassportData };
+
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: doc1Data },
+ doc2: { data: doc2Data },
+ doc3: { data: doc3Data },
+ });
+
+ mockLoadSelectedDocumentDirectlyFromKeychain
+ .mockResolvedValueOnce({ data: doc1Data })
+ .mockResolvedValueOnce({ data: doc2Data })
+ .mockResolvedValueOnce({ data: doc3Data });
+
+ mockLoadPassportDataAndSecret
+ .mockResolvedValueOnce(
+ JSON.stringify({ data: doc1Data, secret: 'secret1' }),
+ )
+ .mockResolvedValueOnce(
+ JSON.stringify({ data: doc2Data, secret: 'secret2' }),
+ )
+ .mockResolvedValueOnce(
+ JSON.stringify({ data: doc3Data, secret: 'secret3' }),
+ );
+
+ mockIsUserRegisteredWithAlternativeCSCA
+ .mockResolvedValueOnce({
+ isRegistered: true,
+ csca: '-----BEGIN CERTIFICATE-----\nMOCK_CSCA_CERT_DATA_1\n-----END CERTIFICATE-----',
+ })
+ .mockResolvedValueOnce({ isRegistered: false, csca: null })
+ .mockResolvedValueOnce({
+ isRegistered: true,
+ csca: '-----BEGIN CERTIFICATE-----\nMOCK_CSCA_CERT_DATA_3\n-----END CERTIFICATE-----',
+ });
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ expect(mockUpdateDocumentRegistrationState).toHaveBeenCalledTimes(3);
+ expect(mockUpdateDocumentRegistrationState).toHaveBeenNthCalledWith(
+ 1,
+ 'doc1',
+ true,
+ );
+ expect(mockUpdateDocumentRegistrationState).toHaveBeenNthCalledWith(
+ 2,
+ 'doc2',
+ false,
+ );
+ expect(mockUpdateDocumentRegistrationState).toHaveBeenNthCalledWith(
+ 3,
+ 'doc3',
+ true,
+ );
+
+ expect(mockReStorePassportDataWithRightCSCA).toHaveBeenCalledTimes(2);
+ });
+
+ it('should handle errors during registration check gracefully', async () => {
+ const consoleErrorSpy = jest.spyOn(console, 'error').mockImplementation();
+
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: mockPassportData },
+ });
+ mockLoadSelectedDocumentDirectlyFromKeychain.mockResolvedValue({
+ data: mockPassportData,
+ });
+ mockLoadPassportDataAndSecret.mockResolvedValue(
+ JSON.stringify({ data: mockPassportData, secret: 'test_secret' }),
+ );
+ mockIsUserRegisteredWithAlternativeCSCA.mockRejectedValue(
+ new Error('Network error'),
+ );
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ expect(consoleErrorSpy).toHaveBeenCalledWith(
+ expect.stringContaining(
+ 'Error checking registration state for document doc1',
+ ),
+ );
+ expect(mockTrackEvent).toHaveBeenCalledWith(
+ DocumentEvents.VALIDATE_DOCUMENT_FAILED,
+ expect.objectContaining({
+ error: 'Network error',
+ documentId: 'doc1',
+ }),
+ );
+
+ consoleErrorSpy.mockRestore();
+ });
+
+ it('should track analytics events correctly for registered documents', async () => {
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: mockPassportData },
+ });
+ mockLoadSelectedDocumentDirectlyFromKeychain.mockResolvedValue({
+ data: mockPassportData,
+ });
+ mockLoadPassportDataAndSecret.mockResolvedValue(
+ JSON.stringify({ data: mockPassportData, secret: 'test_secret' }),
+ );
+ mockIsUserRegisteredWithAlternativeCSCA.mockResolvedValue({
+ isRegistered: true,
+ csca: '-----BEGIN CERTIFICATE-----\nMOCK_CSCA_CERT_DATA\n-----END CERTIFICATE-----',
+ });
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ expect(mockTrackEvent).toHaveBeenCalledWith(
+ DocumentEvents.DOCUMENT_VALIDATED,
+ {
+ documentId: 'doc1',
+ documentCategory: 'passport',
+ mock: true,
+ },
+ );
+ });
+
+ it('should skip document when no passport data and secret is available', async () => {
+ const consoleWarnSpy = jest.spyOn(console, 'warn').mockImplementation();
+
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: mockPassportData },
+ });
+ mockLoadSelectedDocumentDirectlyFromKeychain.mockResolvedValue({
+ data: mockPassportData,
+ });
+ mockLoadPassportDataAndSecret.mockResolvedValue(null);
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ expect(consoleWarnSpy).toHaveBeenCalledWith(
+ expect.stringContaining(
+ 'Skipping document doc1 - no passport data and secret',
+ ),
+ );
+ expect(mockIsUserRegisteredWithAlternativeCSCA).not.toHaveBeenCalled();
+
+ consoleWarnSpy.mockRestore();
+ });
+
+ it('should verify correct callbacks are passed to isUserRegisteredWithAlternativeCSCA', async () => {
+ mockGetAllDocumentsDirectlyFromKeychain.mockResolvedValue({
+ doc1: { data: mockPassportData },
+ });
+ mockLoadSelectedDocumentDirectlyFromKeychain.mockResolvedValue({
+ data: mockPassportData,
+ });
+ mockLoadPassportDataAndSecret.mockResolvedValue(
+ JSON.stringify({ data: mockPassportData, secret: 'test_secret' }),
+ );
+ mockIsUserRegisteredWithAlternativeCSCA.mockResolvedValue({
+ isRegistered: false,
+ csca: null,
+ });
+
+ await checkAndUpdateRegistrationStates(mockSelfClient);
+
+ // Verify the callbacks object structure
+ expect(mockIsUserRegisteredWithAlternativeCSCA).toHaveBeenCalledWith(
+ expect.any(Object),
+ 'test_secret',
+ expect.objectContaining({
+ getCommitmentTree: expect.any(Function),
+ getAltCSCA: expect.any(Function),
+ }),
+ );
+
+ // Verify the callbacks work correctly
+ const callArgs = mockIsUserRegisteredWithAlternativeCSCA.mock.calls[0];
+ const callbacks = callArgs[2];
+
+ // Test getCommitmentTree callback
+ callbacks.getCommitmentTree('passport');
+ expect(mockGetCommitmentTree).toHaveBeenCalledWith(
+ mockSelfClient,
+ 'passport',
+ );
+
+ // Test getAltCSCA callback
+ const altCSCA = callbacks.getAltCSCA('passport');
+ expect(mockGetState).toHaveBeenCalled();
+ expect(altCSCA).toEqual({ csca1: 'cert1' });
});
});
diff --git a/app/version.json b/app/version.json
index 2bc7125d0..5f74870a1 100644
--- a/app/version.json
+++ b/app/version.json
@@ -1,10 +1,10 @@
{
"ios": {
- "build": 181,
+ "build": 182,
"lastDeployed": "2025-10-07T05:58:42Z"
},
"android": {
- "build": 111,
- "lastDeployed": "2025-10-01T08:00:07Z"
+ "build": 113,
+ "lastDeployed": "2025-10-31T16:00:07Z"
}
}
diff --git a/circuits/package.json b/circuits/package.json
index 72489679d..40e46640e 100644
--- a/circuits/package.json
+++ b/circuits/package.json
@@ -5,7 +5,7 @@
"license": "MIT",
"author": "self team",
"scripts": {
- "build-all": "bash scripts/build/build_register_circuits.sh && bash scripts/build/build_register_circuits_id.sh && bash scripts/build/build_dsc_circuits.sh && bash scripts/build/build_disclose_circuits.sh",
+ "build-all": "bash scripts/build/build_register_circuits.sh && bash scripts/build/build_register_circuits_id.sh && bash scripts/build/build_register_aadhaar.sh && bash scripts/build/build_dsc_circuits.sh && bash scripts/build/build_disclose_circuits.sh",
"build-disclose": "bash scripts/build/build_disclose_circuits.sh",
"build-dsc": "bash scripts/build/build_dsc_circuits.sh",
"build-register": "bash scripts/build/build_register_circuits.sh",
diff --git a/circuits/scripts/build/build_disclose_circuits.sh b/circuits/scripts/build/build_disclose_circuits.sh
index 3a473c33f..959acda07 100755
--- a/circuits/scripts/build/build_disclose_circuits.sh
+++ b/circuits/scripts/build/build_disclose_circuits.sh
@@ -15,9 +15,9 @@ OUTPUT_DIR="build/${CIRCUIT_TYPE}"
# Define circuits and their configurations
# format: name:poweroftau:build_flag
CIRCUITS=(
- # "vc_and_disclose:20:true"
- # "vc_and_disclose_id:20:true"
- "vc_and_disclose_aadhaar:17:true"
+ "vc_and_disclose:18:true"
+ "vc_and_disclose_id:18:true"
+ "vc_and_disclose_aadhaar:18:true"
)
build_circuits "$CIRCUIT_TYPE" "$OUTPUT_DIR" "${CIRCUITS[@]}"
diff --git a/circuits/scripts/build/common.sh b/circuits/scripts/build/common.sh
index 3db0dea59..ef60dd26b 100644
--- a/circuits/scripts/build/common.sh
+++ b/circuits/scripts/build/common.sh
@@ -31,7 +31,7 @@ download_ptau() {
cd build
if [ ! -f powersOfTau28_hez_final_${POWEROFTAU}.ptau ]; then
echo -e "${YELLOW}Download power of tau....${NC}"
- wget https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_${POWEROFTAU}.ptau
+ wget https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_${POWEROFTAU}.ptau
echo -e "${GREEN}Finished download!${NC}"
else
echo -e "${YELLOW}Powers of tau file already downloaded${NC}"
@@ -72,9 +72,10 @@ build_circuit() {
# Compile circuit
circom ${CIRCUIT_PATH} \
- -l ../node_modules \
- -l ../node_modules/@zk-kit/binary-merkle-root.circom/src \
- -l ../node_modules/circomlib/circuits \
+ -l node_modules \
+ -l node_modules/@zk-kit/binary-merkle-root.circom/src \
+ -l node_modules/circomlib/circuits \
+ -l node_modules \
--r1cs --O1 --wasm -c \
--output ${OUTPUT_DIR}/${CIRCUIT_NAME}/
diff --git a/circuits/scripts/server/download_ptau.sh b/circuits/scripts/server/download_ptau.sh
index bdeba9ae3..97f30dbbd 100755
--- a/circuits/scripts/server/download_ptau.sh
+++ b/circuits/scripts/server/download_ptau.sh
@@ -4,7 +4,7 @@ mkdir -p build
cd build
if [ ! -f powersOfTau28_hez_final_20.ptau ]; then
echo "Download power of tau...."
- wget https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_20.ptau
+ wget https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_20.ptau
echo "Finished download!"
else
echo "Powers of tau file already downloaded... Skip download action!"
diff --git a/common/src/utils/passports/validate.ts b/common/src/utils/passports/validate.ts
index 0bcceded3..a2be39ae4 100644
--- a/common/src/utils/passports/validate.ts
+++ b/common/src/utils/passports/validate.ts
@@ -34,12 +34,7 @@ import { generateCommitment, generateNullifier } from './passport.js';
import { LeanIMT } from '@openpassport/zk-kit-lean-imt';
-export type PassportSupportStatus =
- | 'passport_metadata_missing'
- | 'csca_not_found'
- | 'registration_circuit_not_supported'
- | 'dsc_circuit_not_supported'
- | 'passport_supported';
+export type AlternativeCSCA = Record;
function validateRegistrationCircuit(
passportData: IDDocument,
@@ -70,6 +65,13 @@ function validateDscCircuit(
return { isValid: !!isValid, circuitName: circuitNameDsc };
}
+export type PassportSupportStatus =
+ | 'passport_metadata_missing'
+ | 'csca_not_found'
+ | 'registration_circuit_not_supported'
+ | 'dsc_circuit_not_supported'
+ | 'passport_supported';
+
export async function checkDocumentSupported(
passportData: IDDocument,
opts: {
@@ -137,8 +139,6 @@ export async function checkIfPassportDscIsInTree(
}
return true;
}
-
-type AlternativeCSCA = Record;
type AadhaarPublicKeys = null | Array;
export function generateCommitmentInApp(
diff --git a/contracts/.env.example b/contracts/.env.example
index 1514d1807..eaa65b930 100644
--- a/contracts/.env.example
+++ b/contracts/.env.example
@@ -1,13 +1,10 @@
-NETWORK=
+NETWORK=localhost
PRIVATE_KEY='0x123'
-CELO_KEY=
-MAINNET_RPC_URL=
+MAINNET_RPC_URL=https://ethereum-rpc.publicnode.com
SEPOLIA_RPC_URL=https://rpc.sepolia.org
-CELO_RPC_URL=
-CELO_ALFAJORES_RPC_URL=
-CELO_BAKLAVA_RPC_URL=
+CELO_RPC_URL=https://celo.drpc.org
+CELO_SEPOLIA_RPC_URL=https://rpc.ankr.com/celo_sepolia
ETHERSCAN_API_KEY=
-CELOSCAN_API_KEY=
diff --git a/contracts/.env.test b/contracts/.env.test
deleted file mode 100644
index 79e55ef66..000000000
--- a/contracts/.env.test
+++ /dev/null
@@ -1,9 +0,0 @@
-PRIVATE_KEY='0x5e58432461dd54368e034c955abb48de0da9430674183a4097ff1caa53c93b89'
-CELO_KEY='0x5e58432461dd54368e034c955abb48de0da9430674183a4097ff1caa53c93b89'
-MAINNET_RPC_URL=
-SEPOLIA_RPC_URL=https://rpc.sepolia.org
-CELO_RPC_URL=
-CELO_ALFAJORES_RPC_URL=
-CELO_BAKLAVA_RPC_URL=
-
-ETHERSCAN_API_KEY=
diff --git a/contracts/README.md b/contracts/README.md
index a32653aa0..1e8f2e052 100644
--- a/contracts/README.md
+++ b/contracts/README.md
@@ -84,15 +84,59 @@ As an example, please refer to the following contract.
## Building Contracts
-1. Install dependencies:
+### Prerequisites
-We use yarn 4. If you havent already it can be enabled with
+Before building contracts, you must install these **system-level dependencies manually** or ensure they are already
+installed.
+
+#### 1. Node.js and Yarn
+
+We use yarn 4. If you haven't already, it can be enabled with:
```bash
corepack enable yarn
```
-_corepack_ is a built in nodejs command
+_corepack_ is a built-in nodejs command
+
+#### 2. Rust (for Circom)
+
+Install Rust using rustup:
+
+```bash
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
+source ~/.cargo/env
+```
+
+#### 3. Circom 2.1.9
+
+Install the specific version of Circom required:
+
+```bash
+git clone https://github.com/iden3/circom.git
+cd circom
+git checkout v2.1.9
+cargo build --release
+cp ./target/release/circom ~/.cargo/bin/
+```
+
+Verify installation:
+
+```bash
+circom --version
+# Should output: circom compiler 2.1.9
+```
+
+#### 4. wget
+
+Install wget using your system's package manager:
+
+- **macOS**: `brew install wget`
+- **Ubuntu/Debian**: `apt-get install wget`
+
+### Installation
+
+1. Install Node.js dependencies (after installing the system dependencies above):
```bash
yarn install
diff --git a/contracts/contracts/abstract/SelfVerificationRoot.sol b/contracts/contracts/abstract/SelfVerificationRoot.sol
index 016d500f2..6ee49e636 100644
--- a/contracts/contracts/abstract/SelfVerificationRoot.sol
+++ b/contracts/contracts/abstract/SelfVerificationRoot.sol
@@ -52,6 +52,10 @@ abstract contract SelfVerificationRoot is ISelfVerificationRoot {
// Events
// ====================================================
+ // ====================================================
+ // Constructor
+ // ====================================================
+
/**
* @notice Initializes the SelfVerificationRoot contract
* @dev Sets up the immutable reference to the hub contract and generates scope automatically
@@ -63,6 +67,10 @@ abstract contract SelfVerificationRoot is ISelfVerificationRoot {
_scope = _calculateScope(address(this), scopeSeed, _getPoseidonAddress());
}
+ // ====================================================
+ // Public Functions
+ // ====================================================
+
/**
* @notice Returns the current scope value
* @dev Public view function to access the current scope setting
@@ -159,6 +167,10 @@ abstract contract SelfVerificationRoot is ISelfVerificationRoot {
revert("SelfVerificationRoot: getConfigId must be overridden");
}
+ // ====================================================
+ // Internal Functions
+ // ====================================================
+
/**
* @notice Custom verification hook that can be overridden by implementing contracts
* @dev This function is called after successful verification and hub address validation
diff --git a/contracts/contracts/abstract/SelfVerificationRootUpgradeable.sol b/contracts/contracts/abstract/SelfVerificationRootUpgradeable.sol
new file mode 100644
index 000000000..cd1c7ea95
--- /dev/null
+++ b/contracts/contracts/abstract/SelfVerificationRootUpgradeable.sol
@@ -0,0 +1,308 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.28;
+
+import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol";
+
+import {IPoseidonT3} from "../interfaces/IPoseidonT3.sol";
+import {IIdentityVerificationHubV2} from "../interfaces/IIdentityVerificationHubV2.sol";
+import {ISelfVerificationRoot} from "../interfaces/ISelfVerificationRoot.sol";
+import {CircuitConstantsV2} from "../constants/CircuitConstantsV2.sol";
+import {AttestationId} from "../constants/AttestationId.sol";
+import {SelfUtils} from "../libraries/SelfUtils.sol";
+import {Formatter} from "../libraries/Formatter.sol";
+
+/**
+ * @title SelfVerificationRootUpgradeable
+ * @notice Abstract upgradeable base contract to be integrated with self's verification infrastructure
+ * @dev Provides base functionality for verifying and disclosing identity credentials with proxy upgrades enabled
+ * @author Self Team
+ */
+abstract contract SelfVerificationRootUpgradeable is Initializable, ContextUpgradeable, ISelfVerificationRoot {
+ // ====================================================
+ // Constants
+ // ====================================================
+
+ /// @notice Contract version identifier used in verification process
+ /// @dev This version is included in the hub data for protocol compatibility
+ uint8 constant CONTRACT_VERSION = 2;
+
+ // ====================================================
+ // UUPS Pattern Storage
+ // ====================================================
+
+ /// @notice The storage struct used to hold contract state according to the UUPSUpgradeable pattern
+ /// @dev Used to maintain storage state across contract upgrades
+ struct SelfVerificationRootStorage {
+ /// @notice The scope value that proofs must match
+ /// @dev Used to validate that submitted proofs match the expected scope
+ uint256 _scope;
+ /// @notice Reference to the identity verification hub V2 contract
+ /// @dev Immutable reference used for bytes-based proof verification
+ IIdentityVerificationHubV2 _identityVerificationHubV2;
+ }
+
+ /// @notice The internal storage address for contract state.
+ /// @dev keccak256(abi.encode(uint256(keccak256("self.storage.SelfVerificationRoot")) - 1)) & ~bytes32(uint256(0xff));
+ bytes32 private constant SELFVERIFICATIONROOT_STORAGE_LOCATION =
+ 0xf820f28194b303d8b69b0749376f133a581f592812c2022c414f0f3d6b6eba00;
+
+ /// @notice The access method for internal storage
+ /// @dev Called to retrieve and use contract state
+ /// @return $ The storage struct reference.
+ function _getSelfVerificationRootStorage() private pure returns (SelfVerificationRootStorage storage $) {
+ assembly {
+ $.slot := SELFVERIFICATIONROOT_STORAGE_LOCATION
+ }
+ }
+
+ // ====================================================
+ // Errors
+ // ====================================================
+
+ /// @notice Error thrown when the data format is invalid
+ /// @dev Triggered when the provided bytes data doesn't have the expected format
+ error InvalidDataFormat();
+
+ /// @notice Error thrown when onVerificationSuccess is called by an unauthorized address
+ /// @dev Only the identity verification hub V2 contract can call onVerificationSuccess
+ error UnauthorizedCaller();
+
+ // ====================================================
+ // Events
+ // ====================================================
+
+ // ====================================================
+ // Constructor
+ // ====================================================
+
+ /**
+ * @dev Prevents the implementation contract from being initialized.
+ * @dev The actual initialization will be done via the proxy using the `initialize()` function
+ * in the derived contract.
+ * @custom:oz-upgrades-unsafe-allow constructor
+ */
+ constructor() {
+ _disableInitializers();
+ }
+
+ // ====================================================
+ // Initializer
+ // ====================================================
+
+ // Implementing contracts must define an initialize function like this:
+ // function initialize(address hubAddress, string memory scopeSeed) public initializer {
+ // __SelfVerificationRoot_init(hubAddress, scopeSeed);
+ // // Add your own initialization logic here
+ // }
+
+ /**
+ * @notice Initializes the SelfVerificationRootUpgradeable contract
+ * @dev Sets up the immutable reference to the hub contract and generates scope automatically
+ * @dev Must be called from the public `initialize()` function in your derived contract
+ * @param identityVerificationHubV2Address The address of the Identity Verification Hub V2
+ * @param scopeSeed The scope seed string to be hashed with contract address to generate the scope
+ */
+ function __SelfVerificationRoot_init(
+ address identityVerificationHubV2Address,
+ string memory scopeSeed
+ ) internal onlyInitializing {
+ SelfVerificationRootStorage storage $ = _getSelfVerificationRootStorage();
+
+ $._identityVerificationHubV2 = IIdentityVerificationHubV2(identityVerificationHubV2Address);
+ $._scope = _calculateScope(address(this), scopeSeed, _getPoseidonAddress());
+ }
+
+ // ====================================================
+ // Public Functions
+ // ====================================================
+
+ /**
+ * @notice Returns the current scope value
+ * @dev Public view function to access the current scope setting
+ * @return The scope value that proofs must match
+ */
+ function scope() public view returns (uint256) {
+ SelfVerificationRootStorage storage $ = _getSelfVerificationRootStorage();
+
+ return $._scope;
+ }
+
+ /**
+ * @notice Verifies a self-proof using the bytes-based interface
+ * @dev Parses relayer data format and validates against contract settings before calling hub V2
+ * @param proofPayload Packed data from relayer in format: | 32 bytes attestationId | proof data |
+ * @param userContextData User-defined data in format: | 32 bytes destChainId | 32 bytes userIdentifier | data |
+ * @custom:data-format proofPayload = | 32 bytes attestationId | proofData |
+ * @custom:data-format userContextData = | 32 bytes destChainId | 32 bytes userIdentifier | data |
+ * @custom:data-format hubData = | 1 bytes contract version | 31 bytes buffer | 32 bytes scope | 32 bytes attestationId | proofData |
+ */
+ function verifySelfProof(bytes calldata proofPayload, bytes calldata userContextData) public {
+ SelfVerificationRootStorage storage $ = _getSelfVerificationRootStorage();
+
+ // Minimum expected length for proofData: 32 bytes attestationId + proof data
+ if (proofPayload.length < 32) {
+ revert InvalidDataFormat();
+ }
+
+ // Minimum userDefinedData length: 32 (destChainId) + 32 (userIdentifier) + 0 (userDefinedData) = 64 bytes
+ if (userContextData.length < 64) {
+ revert InvalidDataFormat();
+ }
+
+ bytes32 attestationId;
+ assembly {
+ // Load attestationId from the beginning of proofData (first 32 bytes)
+ attestationId := calldataload(proofPayload.offset)
+ }
+
+ bytes32 destinationChainId = bytes32(userContextData[0:32]);
+ bytes32 userIdentifier = bytes32(userContextData[32:64]);
+ bytes memory userDefinedData = userContextData[64:];
+
+ bytes32 configId = getConfigId(destinationChainId, userIdentifier, userDefinedData);
+
+ // Hub data should be | 1 byte contractVersion | 31 bytes buffer | 32 bytes scope | 32 bytes attestationId | proof data
+ bytes memory baseVerificationInput = abi.encodePacked(
+ // 1 byte contractVersion
+ CONTRACT_VERSION,
+ // 31 bytes buffer (all zeros)
+ bytes31(0),
+ // 32 bytes scope
+ $._scope,
+ proofPayload
+ );
+
+ // Call hub V2 verification
+ $._identityVerificationHubV2.verify(baseVerificationInput, bytes.concat(configId, userContextData));
+ }
+
+ /**
+ * @notice Callback function called upon successful verification by the hub contract
+ * @dev Only callable by the identity verification hub V2 contract for security
+ * @param output The verification output data containing disclosed identity information
+ * @param userData The user-defined data passed through the verification process
+ * @custom:security Only the authorized hub contract can call this function
+ * @custom:flow This function decodes the output and calls the customizable verification hook
+ */
+ function onVerificationSuccess(bytes memory output, bytes memory userData) public {
+ SelfVerificationRootStorage storage $ = _getSelfVerificationRootStorage();
+
+ // Only allow the identity verification hub V2 to call this function
+ if (msg.sender != address($._identityVerificationHubV2)) {
+ revert UnauthorizedCaller();
+ }
+
+ ISelfVerificationRoot.GenericDiscloseOutputV2 memory genericDiscloseOutput = abi.decode(
+ output,
+ (ISelfVerificationRoot.GenericDiscloseOutputV2)
+ );
+
+ // Call the customizable verification hook
+ customVerificationHook(genericDiscloseOutput, userData);
+ }
+
+ /**
+ * @notice Generates a configId for the user
+ * @dev This function should be overridden by the implementing contract to provide custom configId logic
+ * @param destinationChainId The destination chain ID
+ * @param userIdentifier The user identifier
+ * @param userDefinedData The user defined data
+ * @return The configId
+ */
+ function getConfigId(
+ bytes32 destinationChainId,
+ bytes32 userIdentifier,
+ bytes memory userDefinedData
+ ) public view virtual returns (bytes32) {
+ // Default implementation reverts; must be overridden in derived contract
+ revert("SelfVerificationRoot: getConfigId must be overridden");
+ }
+
+ /**
+ * @notice Custom verification hook that can be overridden by implementing contracts
+ * @dev This function is called after successful verification and hub address validation
+ * @param output The verification output data from the hub containing disclosed identity information
+ * @param userData The user-defined data passed through the verification process
+ * @custom:override Override this function in derived contracts to add custom verification logic
+ * @custom:security This function is only called after proper authentication by the hub contract
+ */
+ function customVerificationHook(
+ ISelfVerificationRoot.GenericDiscloseOutputV2 memory output,
+ bytes memory userData
+ ) internal virtual {
+ // Default implementation is empty - override in derived contracts to add custom logic
+ }
+
+ // ====================================================
+ // Internal Functions
+ // ====================================================
+
+ /**
+ * @notice Gets the PoseidonT3 library address for the current chain
+ * @dev Returns hardcoded addresses of pre-deployed PoseidonT3 library on current chain
+ * @dev For local development networks, should create a setter function to set the scope manually
+ * @return The address of the PoseidonT3 library on this chain
+ */
+ function _getPoseidonAddress() internal view returns (address) {
+ uint256 chainId = block.chainid;
+
+ // Celo Mainnet
+ if (chainId == 42220) {
+ return 0xF134707a4C4a3a76b8410fC0294d620A7c341581;
+ }
+
+ // Celo Sepolia
+ if (chainId == 11142220) {
+ return 0x0a782f7F9f8Aac6E0bacAF3cD4aA292C3275C6f2;
+ }
+
+ // For local/development networks or other chains, return zero address
+ return address(0);
+ }
+
+ /**
+ * @notice Calculates scope from contract address, scope seed, and PoseidonT3 address
+ * @param contractAddress The contract address to hash
+ * @param scopeSeed The scope seed string
+ * @param poseidonT3Address The address of the PoseidonT3 library to use
+ * @return The calculated scope value
+ */
+ function _calculateScope(
+ address contractAddress,
+ string memory scopeSeed,
+ address poseidonT3Address
+ ) internal view returns (uint256) {
+ // Skip calculation if PoseidonT3 address is zero (local development)
+ if (poseidonT3Address == address(0)) {
+ return 0;
+ }
+
+ uint256 addressHash = _calculateAddressHashWithPoseidon(contractAddress, poseidonT3Address);
+ uint256 scopeSeedAsUint = SelfUtils.stringToBigInt(scopeSeed);
+ return IPoseidonT3(poseidonT3Address).hash([addressHash, scopeSeedAsUint]);
+ }
+
+ /**
+ * @notice Calculates hash of contract address using frontend-compatible chunking with specific PoseidonT3
+ * @dev Converts address to hex string, splits into 2 chunks (31+11), and hashes with provided PoseidonT3
+ * @param addr The contract address to hash
+ * @param poseidonT3Address The address of the PoseidonT3 library to use
+ * @return The hash result equivalent to frontend's endpointHash for addresses
+ */
+ function _calculateAddressHashWithPoseidon(
+ address addr,
+ address poseidonT3Address
+ ) internal view returns (uint256) {
+ // Convert address to hex string (42 chars: "0x" + 40 hex digits)
+ string memory addressString = SelfUtils.addressToHexString(addr);
+
+ // Split into exactly 2 chunks: 31 + 11 characters
+ // Chunk 1: characters 0-30 (31 chars)
+ // Chunk 2: characters 31-41 (11 chars)
+ uint256 chunk1BigInt = SelfUtils.stringToBigInt(Formatter.substring(addressString, 0, 31));
+ uint256 chunk2BigInt = SelfUtils.stringToBigInt(Formatter.substring(addressString, 31, 42));
+
+ return IPoseidonT3(poseidonT3Address).hash([chunk1BigInt, chunk2BigInt]);
+ }
+}
diff --git a/contracts/contracts/tests/TestAirdrop.sol b/contracts/contracts/tests/TestAirdrop.sol
new file mode 100644
index 000000000..c2e9ac494
--- /dev/null
+++ b/contracts/contracts/tests/TestAirdrop.sol
@@ -0,0 +1,117 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.28;
+
+import {IERC20, SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import {MerkleProof} from "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+
+import {ISelfVerificationRoot} from "../interfaces/ISelfVerificationRoot.sol";
+import {TestSelfVerificationRoot} from "./TestSelfVerificationRoot.sol";
+
+/**
+ * @title TestAirdrop
+ * @notice Test version of Airdrop contract that inherits from TestSelfVerificationRoot
+ * @dev This allows proper scope calculation for testing by using testGenerateScope
+ */
+contract TestAirdrop is TestSelfVerificationRoot, Ownable {
+ using SafeERC20 for IERC20;
+
+ IERC20 public immutable token;
+ bytes32 public merkleRoot;
+ mapping(address => bool) public claimed;
+ bool public isRegistrationOpen;
+ bool public isClaimOpen;
+ mapping(uint256 nullifier => uint256 userIdentifier) internal _nullifierToUserIdentifier;
+ mapping(uint256 userIdentifier => bool registered) internal _registeredUserIdentifiers;
+
+ event Claimed(uint256 index, address account, uint256 amount);
+ event RegistrationOpen();
+ event RegistrationClose();
+ event ClaimOpen();
+ event ClaimClose();
+ event UserIdentifierRegistered(uint256 indexed registeredUserIdentifier, uint256 indexed nullifier);
+ event MerkleRootUpdated(bytes32 newMerkleRoot);
+
+ error InvalidProof();
+ error AlreadyClaimed();
+ error NotRegistered(address nonRegisteredAddress);
+ error RegistrationNotOpen();
+ error RegistrationNotClosed();
+ error ClaimNotOpen();
+ error InvalidUserIdentifier();
+ error UserIdentifierAlreadyRegistered();
+ error RegisteredNullifier();
+
+ constructor(
+ address identityVerificationHubAddress,
+ string memory scopeSeed,
+ address tokenAddress
+ ) TestSelfVerificationRoot(identityVerificationHubAddress, scopeSeed) Ownable(_msgSender()) {
+ token = IERC20(tokenAddress);
+ }
+
+ function setMerkleRoot(bytes32 newMerkleRoot) external onlyOwner {
+ merkleRoot = newMerkleRoot;
+ emit MerkleRootUpdated(newMerkleRoot);
+ }
+
+ function openRegistration() external onlyOwner {
+ isRegistrationOpen = true;
+ emit RegistrationOpen();
+ }
+
+ function closeRegistration() external onlyOwner {
+ isRegistrationOpen = false;
+ emit RegistrationClose();
+ }
+
+ function openClaim() external onlyOwner {
+ isClaimOpen = true;
+ emit ClaimOpen();
+ }
+
+ function closeClaim() external onlyOwner {
+ isClaimOpen = false;
+ emit ClaimClose();
+ }
+
+ function isRegistered(address registeredAddress) external view returns (bool) {
+ return _registeredUserIdentifiers[uint256(uint160(registeredAddress))];
+ }
+
+ function setConfigId(bytes32 configId) external override onlyOwner {
+ verificationConfigId = configId;
+ }
+
+ function claim(uint256 index, uint256 amount, bytes32[] memory merkleProof) external {
+ if (isRegistrationOpen) revert RegistrationNotClosed();
+ if (!isClaimOpen) revert ClaimNotOpen();
+ if (claimed[msg.sender]) revert AlreadyClaimed();
+ if (!_registeredUserIdentifiers[uint256(uint160(msg.sender))]) revert NotRegistered(msg.sender);
+
+ bytes32 node = keccak256(abi.encodePacked(index, msg.sender, amount));
+ if (!MerkleProof.verify(merkleProof, merkleRoot, node)) revert InvalidProof();
+
+ claimed[msg.sender] = true;
+ token.safeTransfer(msg.sender, amount);
+ emit Claimed(index, msg.sender, amount);
+ }
+
+ function customVerificationHook(
+ ISelfVerificationRoot.GenericDiscloseOutputV2 memory output,
+ bytes memory /* userData */
+ ) internal override {
+ if (!isRegistrationOpen) revert RegistrationNotOpen();
+ if (_nullifierToUserIdentifier[output.nullifier] != 0) revert RegisteredNullifier();
+ if (output.userIdentifier == 0) revert InvalidUserIdentifier();
+ if (_registeredUserIdentifiers[output.userIdentifier]) revert UserIdentifierAlreadyRegistered();
+
+ _nullifierToUserIdentifier[output.nullifier] = output.userIdentifier;
+ _registeredUserIdentifiers[output.userIdentifier] = true;
+
+ emit UserIdentifierRegistered(output.userIdentifier, output.nullifier);
+
+ // Call parent's customVerificationHook for any additional test functionality
+ super.customVerificationHook(output, "");
+ }
+}
diff --git a/contracts/contracts/tests/TestSelfVerificationRoot.sol b/contracts/contracts/tests/TestSelfVerificationRoot.sol
index 1c3822e81..1680d44ee 100644
--- a/contracts/contracts/tests/TestSelfVerificationRoot.sol
+++ b/contracts/contracts/tests/TestSelfVerificationRoot.sol
@@ -41,7 +41,7 @@ contract TestSelfVerificationRoot is SelfVerificationRoot {
function customVerificationHook(
ISelfVerificationRoot.GenericDiscloseOutputV2 memory output,
bytes memory userData
- ) internal override {
+ ) internal virtual override {
verificationSuccessful = true;
lastOutput = output;
lastUserData = userData;
@@ -82,7 +82,7 @@ contract TestSelfVerificationRoot is SelfVerificationRoot {
verificationConfigId = bytes32(uint256(1));
}
- function setConfigId(bytes32 configId) external {
+ function setConfigId(bytes32 configId) external virtual {
verificationConfigId = configId;
}
diff --git a/contracts/hardhat.config.ts b/contracts/hardhat.config.ts
index 0f6f5d566..c983328eb 100644
--- a/contracts/hardhat.config.ts
+++ b/contracts/hardhat.config.ts
@@ -1,22 +1,24 @@
import { HardhatUserConfig } from "hardhat/config";
import "@nomicfoundation/hardhat-toolbox";
import dotenv from "dotenv";
-dotenv.config({
- path: process.env.CI ? ".env.test" : ".env",
-});
+dotenv.config();
import "hardhat-contract-sizer";
import "@nomicfoundation/hardhat-ignition-ethers";
import "solidity-coverage";
import "hardhat-gas-reporter";
import "hardhat-contract-sizer";
+// Use a dummy private key for CI/local development (not used for actual deployments)
+const DUMMY_PRIVATE_KEY = "0x0000000000000000000000000000000000000000000000000000000000000001";
+const PRIVATE_KEY = process.env.PRIVATE_KEY || DUMMY_PRIVATE_KEY;
+
const config: HardhatUserConfig = {
solidity: {
version: "0.8.28",
settings: {
optimizer: {
enabled: true,
- runs: 200,
+ runs: 100000,
},
},
},
@@ -42,33 +44,28 @@ const config: HardhatUserConfig = {
mainnet: {
chainId: 1,
url: process.env.MAINNET_RPC_URL || "https://eth.llamarpc.com",
- accounts: [process.env.PRIVATE_KEY as string],
+ accounts: [PRIVATE_KEY],
},
sepolia: {
chainId: 11155111,
url: process.env.SEPOLIA_RPC_URL || "https://eth-sepolia.public.blastapi.io",
- accounts: [process.env.PRIVATE_KEY as string],
+ accounts: [PRIVATE_KEY],
},
celo: {
chainId: 42220,
url: process.env.CELO_RPC_URL || "https://forno.celo.org",
- accounts: [process.env.PRIVATE_KEY as string],
- },
- alfajores: {
- chainId: 44787,
- url: process.env.CELO_ALFAJORES_RPC_URL || "https://alfajores-forno.celo-testnet.org",
- accounts: [process.env.PRIVATE_KEY as string],
+ accounts: [PRIVATE_KEY],
},
"celo-sepolia": {
chainId: 11142220,
url: process.env.CELO_SEPOLIA_RPC_URL || "https://rpc.ankr.com/celo_sepolia",
- accounts: [process.env.PRIVATE_KEY as string],
+ accounts: [PRIVATE_KEY],
},
},
etherscan: {
- apiKey: process.env.CELOSCAN_API_KEY as string,
+ apiKey: process.env.ETHERSCAN_API_KEY as string,
// apiKey: {
- // "celo-sepolia": process.env.CELOSCAN_API_KEY as string,
+ // "celo-sepolia": process.env.ETHERSCAN_API_KEY as string,
// },
customChains: [
{
@@ -79,14 +76,6 @@ const config: HardhatUserConfig = {
browserURL: "https://celoscan.io/",
},
},
- {
- network: "alfajores",
- chainId: 44787,
- urls: {
- apiURL: "https://api.etherscan.io/v2/api?chainid=44787",
- browserURL: "https://alfajores.celoscan.io",
- },
- },
{
network: "celo-sepolia",
chainId: 11142220,
diff --git a/contracts/ignition/modules/deployIdCardVerifier.ts b/contracts/ignition/modules/deployIdCardVerifier.ts
deleted file mode 100644
index 7c1d9a3cf..000000000
--- a/contracts/ignition/modules/deployIdCardVerifier.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import { buildModule } from "@nomicfoundation/hardhat-ignition/modules";
-
-/**
- * This module deploys the ID Card Verifier contract specifically for register_id
- * with SHA256+SHA256+SHA256+RSA verifier
- */
-export default buildModule("DeployIdCardVerifier", (m) => {
- // Deploy the ID Card Verifier contract
- const idCardVerifier = m.contract("Verifier_register_id_sha256_sha256_sha256_rsa_65537_4096");
-
- return {
- idCardVerifier,
- };
-});
diff --git a/contracts/ignition/modules/deployV2.ts b/contracts/ignition/modules/deployV2.ts
deleted file mode 100644
index e69de29bb..000000000
diff --git a/contracts/ignition/modules/hub/updateVerifiers.ts b/contracts/ignition/modules/hub/updateVerifiers.ts
index 6dc31eeae..1ceb03ea7 100644
--- a/contracts/ignition/modules/hub/updateVerifiers.ts
+++ b/contracts/ignition/modules/hub/updateVerifiers.ts
@@ -2,7 +2,7 @@ import { buildModule, IgnitionModuleBuilder } from "@nomicfoundation/ignition-co
import hre from "hardhat";
import { readFileSync } from "fs";
import path from "path";
-import { circuitIds, CircuitName } from "../verifiers/deployAllVerifiersNew";
+import { circuitIds, CircuitName } from "../verifiers/deployAllVerifiers";
// Attestation IDs from the contract
const AttestationId = {
diff --git a/contracts/ignition/modules/verifiers/deployAllVerifiers.ts b/contracts/ignition/modules/verifiers/deployAllVerifiers.ts
index a11fdd8af..3b04995ae 100644
--- a/contracts/ignition/modules/verifiers/deployAllVerifiers.ts
+++ b/contracts/ignition/modules/verifiers/deployAllVerifiers.ts
@@ -1,163 +1,205 @@
import { buildModule } from "@nomicfoundation/hardhat-ignition/modules";
-import { RegisterVerifierId, DscVerifierId } from "@selfxyz/common";
-import * as fs from "fs";
-import * as path from "path";
-const deployVerifiers = {
- vcAndDiscloseVerifier: false,
- vcAndDiscloseIdVerifier: false,
- registerIdVerifier: false,
- registerVerifier: true,
- dscVerifier: false,
+// All circuit names as a union type
+export type CircuitName =
+ | "register_sha256_sha256_sha256_rsa_65537_4096"
+ | "register_sha256_sha256_sha256_ecdsa_brainpoolP384r1"
+ | "register_sha256_sha256_sha256_ecdsa_secp256r1"
+ | "register_sha256_sha256_sha256_ecdsa_secp384r1"
+ | "register_sha256_sha256_sha256_rsa_3_4096"
+ | "register_sha256_sha256_sha256_rsapss_3_32_2048"
+ | "register_sha256_sha256_sha256_rsapss_65537_32_2048"
+ | "register_sha256_sha256_sha256_rsapss_65537_32_3072"
+ | "register_sha384_sha384_sha384_ecdsa_brainpoolP384r1"
+ | "register_sha384_sha384_sha384_ecdsa_brainpoolP512r1"
+ | "register_sha384_sha384_sha384_ecdsa_secp384r1"
+ | "register_sha512_sha512_sha512_ecdsa_brainpoolP512r1"
+ | "register_sha512_sha512_sha512_rsa_65537_4096"
+ | "register_sha512_sha512_sha512_rsapss_65537_64_2048"
+ | "register_sha1_sha1_sha1_rsa_65537_4096"
+ | "register_sha1_sha256_sha256_rsa_65537_4096"
+ | "register_sha224_sha224_sha224_ecdsa_brainpoolP224r1"
+ | "register_sha256_sha224_sha224_ecdsa_secp224r1"
+ | "register_sha256_sha256_sha256_ecdsa_brainpoolP256r1"
+ | "register_sha1_sha1_sha1_ecdsa_brainpoolP224r1"
+ | "register_sha384_sha384_sha384_rsapss_65537_48_2048"
+ | "register_sha1_sha1_sha1_ecdsa_secp256r1"
+ | "register_sha256_sha256_sha256_rsapss_65537_64_2048"
+ | "register_sha512_sha512_sha256_rsa_65537_4096"
+ | "register_sha512_sha512_sha512_ecdsa_secp521r1"
+ | "register_id_sha256_sha256_sha256_rsa_65537_4096"
+ | "register_sha256_sha256_sha224_ecdsa_secp224r1"
+ | "register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1"
+ | "register_id_sha1_sha1_sha1_ecdsa_secp256r1"
+ | "register_id_sha1_sha1_sha1_rsa_65537_4096"
+ | "register_id_sha1_sha256_sha256_rsa_65537_4096"
+ | "register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1"
+ | "register_id_sha256_sha224_sha224_ecdsa_secp224r1"
+ | "register_id_sha256_sha256_sha224_ecdsa_secp224r1"
+ | "register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1"
+ | "register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1"
+ | "register_id_sha256_sha256_sha256_ecdsa_secp256r1"
+ | "register_id_sha256_sha256_sha256_ecdsa_secp384r1"
+ | "register_id_sha256_sha256_sha256_rsa_3_4096"
+ | "register_id_sha256_sha256_sha256_rsapss_3_32_2048"
+ | "register_id_sha256_sha256_sha256_rsapss_65537_32_2048"
+ | "register_id_sha256_sha256_sha256_rsapss_65537_32_3072"
+ | "register_id_sha256_sha256_sha256_rsapss_65537_64_2048"
+ | "register_id_sha384_sha384_sha384_ecdsa_brainpoolP384r1"
+ | "register_id_sha384_sha384_sha384_ecdsa_brainpoolP512r1"
+ | "register_id_sha384_sha384_sha384_ecdsa_secp384r1"
+ | "register_id_sha384_sha384_sha384_rsapss_65537_48_2048"
+ | "register_id_sha512_sha512_sha256_rsa_65537_4096"
+ | "register_id_sha512_sha512_sha512_ecdsa_brainpoolP512r1"
+ | "register_id_sha512_sha512_sha512_ecdsa_secp521r1"
+ | "register_id_sha512_sha512_sha512_rsa_65537_4096"
+ | "register_id_sha512_sha512_sha512_rsapss_65537_64_2048"
+ | "register_aadhaar"
+ | "register_sha1_sha1_sha1_rsa_64321_4096"
+ | "register_sha256_sha1_sha1_rsa_65537_4096"
+ | "register_sha256_sha256_sha256_rsapss_65537_32_4096"
+ | "register_id_sha512_sha512_sha256_rsapss_65537_32_2048"
+ | "register_sha512_sha512_sha256_rsapss_65537_32_2048"
+ | "dsc_sha1_ecdsa_brainpoolP256r1"
+ | "dsc_sha1_rsa_65537_4096"
+ | "dsc_sha256_ecdsa_brainpoolP256r1"
+ | "dsc_sha256_ecdsa_brainpoolP384r1"
+ | "dsc_sha256_ecdsa_secp256r1"
+ | "dsc_sha256_ecdsa_secp384r1"
+ | "dsc_sha256_ecdsa_secp521r1"
+ | "dsc_sha256_rsa_65537_4096"
+ | "dsc_sha256_rsapss_3_32_3072"
+ | "dsc_sha256_rsapss_65537_32_3072"
+ | "dsc_sha256_rsapss_65537_32_4096"
+ | "dsc_sha384_ecdsa_brainpoolP384r1"
+ | "dsc_sha384_ecdsa_brainpoolP512r1"
+ | "dsc_sha384_ecdsa_secp384r1"
+ | "dsc_sha512_ecdsa_brainpoolP512r1"
+ | "dsc_sha512_ecdsa_secp521r1"
+ | "dsc_sha512_rsa_65537_4096"
+ | "dsc_sha512_rsapss_65537_64_4096"
+ // | "dsc_sha256_rsapss_3_32_4096"
+ | "dsc_sha1_ecdsa_secp256r1"
+ | "dsc_sha256_rsa_107903_4096"
+ | "dsc_sha256_rsa_122125_4096"
+ | "dsc_sha256_rsa_130689_4096"
+ | "dsc_sha256_rsa_56611_4096"
+ | "vc_and_disclose"
+ | "vc_and_disclose_id"
+ | "vc_and_disclose_aadhaar";
+
+// Record mapping circuit names to numbers
+export const circuitIds: Record = {
+ register_sha256_sha256_sha256_rsa_65537_4096: [true, 0],
+ register_sha256_sha256_sha256_ecdsa_brainpoolP384r1: [true, 1],
+ register_sha256_sha256_sha256_ecdsa_secp256r1: [true, 2],
+ register_sha256_sha256_sha256_ecdsa_secp384r1: [true, 3],
+ register_sha256_sha256_sha256_rsa_3_4096: [true, 4],
+ register_sha256_sha256_sha256_rsapss_3_32_2048: [true, 5],
+ register_sha256_sha256_sha256_rsapss_65537_32_2048: [true, 6],
+ register_sha256_sha256_sha256_rsapss_65537_32_3072: [true, 7],
+ register_sha384_sha384_sha384_ecdsa_brainpoolP384r1: [true, 8],
+ register_sha384_sha384_sha384_ecdsa_brainpoolP512r1: [true, 9],
+ register_sha384_sha384_sha384_ecdsa_secp384r1: [true, 10],
+ register_sha512_sha512_sha512_ecdsa_brainpoolP512r1: [true, 11],
+ register_sha512_sha512_sha512_rsa_65537_4096: [true, 12],
+ register_sha512_sha512_sha512_rsapss_65537_64_2048: [true, 13],
+ register_sha1_sha1_sha1_rsa_65537_4096: [true, 14],
+ register_sha1_sha256_sha256_rsa_65537_4096: [true, 15],
+ register_sha224_sha224_sha224_ecdsa_brainpoolP224r1: [true, 16],
+ register_sha256_sha224_sha224_ecdsa_secp224r1: [true, 17],
+ register_sha256_sha256_sha256_ecdsa_brainpoolP256r1: [true, 18],
+ register_sha1_sha1_sha1_ecdsa_brainpoolP224r1: [true, 19],
+ register_sha384_sha384_sha384_rsapss_65537_48_2048: [true, 20],
+ register_sha1_sha1_sha1_ecdsa_secp256r1: [true, 21],
+ register_sha256_sha256_sha256_rsapss_65537_64_2048: [true, 22],
+ register_sha512_sha512_sha256_rsa_65537_4096: [true, 23],
+ register_sha512_sha512_sha512_ecdsa_secp521r1: [true, 24],
+ register_id_sha256_sha256_sha256_rsa_65537_4096: [true, 25],
+ register_sha256_sha256_sha224_ecdsa_secp224r1: [true, 26],
+ register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1: [true, 27],
+ register_id_sha1_sha1_sha1_ecdsa_secp256r1: [true, 28],
+ register_id_sha1_sha1_sha1_rsa_65537_4096: [true, 29],
+ register_id_sha1_sha256_sha256_rsa_65537_4096: [true, 30],
+ register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1: [true, 31],
+ register_id_sha256_sha224_sha224_ecdsa_secp224r1: [true, 32],
+ register_id_sha256_sha256_sha224_ecdsa_secp224r1: [true, 33],
+ register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1: [true, 34],
+ register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1: [true, 35],
+ register_id_sha256_sha256_sha256_ecdsa_secp256r1: [true, 36],
+ register_id_sha256_sha256_sha256_ecdsa_secp384r1: [true, 37],
+ register_id_sha256_sha256_sha256_rsa_3_4096: [true, 38],
+ register_id_sha256_sha256_sha256_rsapss_3_32_2048: [true, 39],
+ register_id_sha256_sha256_sha256_rsapss_65537_32_2048: [true, 40],
+ register_id_sha256_sha256_sha256_rsapss_65537_32_3072: [true, 41],
+ register_id_sha256_sha256_sha256_rsapss_65537_64_2048: [true, 42],
+ register_id_sha384_sha384_sha384_ecdsa_brainpoolP384r1: [true, 43],
+ register_id_sha384_sha384_sha384_ecdsa_brainpoolP512r1: [true, 44],
+ register_id_sha384_sha384_sha384_ecdsa_secp384r1: [true, 45],
+ register_id_sha384_sha384_sha384_rsapss_65537_48_2048: [true, 46],
+ register_id_sha512_sha512_sha256_rsa_65537_4096: [true, 47],
+ register_id_sha512_sha512_sha512_ecdsa_brainpoolP512r1: [true, 48],
+ register_id_sha512_sha512_sha512_ecdsa_secp521r1: [true, 49],
+ register_id_sha512_sha512_sha512_rsa_65537_4096: [true, 50],
+ register_id_sha512_sha512_sha512_rsapss_65537_64_2048: [true, 51],
+ register_aadhaar: [true, 52],
+ register_sha1_sha1_sha1_rsa_64321_4096: [true, 53],
+ register_sha256_sha1_sha1_rsa_65537_4096: [true, 54],
+ register_sha256_sha256_sha256_rsapss_65537_32_4096: [true, 55],
+ register_id_sha512_sha512_sha256_rsapss_65537_32_2048: [true, 56],
+ register_sha512_sha512_sha256_rsapss_65537_32_2048: [true, 57],
+
+ dsc_sha1_ecdsa_brainpoolP256r1: [true, 0],
+ dsc_sha1_rsa_65537_4096: [true, 1],
+ dsc_sha256_ecdsa_brainpoolP256r1: [true, 2],
+ dsc_sha256_ecdsa_brainpoolP384r1: [true, 3],
+ dsc_sha256_ecdsa_secp256r1: [true, 4],
+ dsc_sha256_ecdsa_secp384r1: [true, 5],
+ dsc_sha256_ecdsa_secp521r1: [true, 6],
+ dsc_sha256_rsa_65537_4096: [true, 7],
+ dsc_sha256_rsapss_3_32_3072: [true, 8],
+ dsc_sha256_rsapss_65537_32_3072: [true, 9],
+ dsc_sha256_rsapss_65537_32_4096: [true, 10],
+ dsc_sha384_ecdsa_brainpoolP384r1: [true, 11],
+ dsc_sha384_ecdsa_brainpoolP512r1: [true, 12],
+ dsc_sha384_ecdsa_secp384r1: [true, 13],
+ dsc_sha512_ecdsa_brainpoolP512r1: [true, 14],
+ dsc_sha512_ecdsa_secp521r1: [true, 15],
+ dsc_sha512_rsa_65537_4096: [true, 16],
+ dsc_sha512_rsapss_65537_64_4096: [true, 17],
+ // dsc_sha256_rsapss_3_32_4096: [true, 18],
+ dsc_sha1_ecdsa_secp256r1: [true, 19],
+ dsc_sha256_rsa_107903_4096: [true, 20],
+ dsc_sha256_rsa_122125_4096: [true, 21],
+ dsc_sha256_rsa_130689_4096: [true, 22],
+ dsc_sha256_rsa_56611_4096: [true, 23],
+
+ vc_and_disclose: [true, 24],
+ vc_and_disclose_id: [true, 25],
+ vc_and_disclose_aadhaar: [true, 26],
};
-/**
- * Get enum keys (circuit names) excluding numeric values
- */
-function getEnumKeys>(enumObject: T): string[] {
- return Object.keys(enumObject).filter((key) => isNaN(Number(key)));
-}
-
-/**
- * Filter register circuits to get only register_id variants
- */
-function getRegisterIdCircuits(): string[] {
- const allRegisterCircuits = getEnumKeys(RegisterVerifierId);
- return allRegisterCircuits.filter((circuit) => circuit.startsWith("register_id_"));
-}
-
-/**
- * Filter register circuits to get only regular register variants (non-ID)
- */
-function getRegularRegisterCircuits(): string[] {
- const allRegisterCircuits = getEnumKeys(RegisterVerifierId);
- return allRegisterCircuits.filter(
- (circuit) => circuit.startsWith("register_") && !circuit.startsWith("register_id_"),
- );
-}
-
-/**
- * Check if a contract file exists
- */
-function contractExists(contractName: string): boolean {
- const contractsDir = path.join(__dirname, "../../../contracts");
- const possiblePaths = [
- path.join(contractsDir, "verifiers/register", `${contractName}.sol`),
- path.join(contractsDir, "verifiers/register_id", `${contractName}.sol`),
- path.join(contractsDir, "verifiers/dsc", `${contractName}.sol`),
- path.join(contractsDir, "verifiers/disclose", `${contractName}.sol`),
- path.join(contractsDir, "verifiers", `${contractName}.sol`),
- ];
-
- return possiblePaths.some((filePath) => fs.existsSync(filePath));
-}
-
-/**
- * Sleep utility function
- */
-function sleep(ms: number): Promise {
- return new Promise((resolve) => setTimeout(resolve, ms));
-}
-
export default buildModule("DeployAllVerifiers", (m) => {
- let successfulRegisterIdDeployments = 0;
- let successfulRegisterDeployments = 0;
- let successfulDscDeployments = 0;
-
- const deployedContracts: Record = {};
+ const deployments: Record = {};
let lastDeployedContract: any = null;
- // Deploy VC and Disclose verifier
- if (deployVerifiers.vcAndDiscloseVerifier) {
- console.log("Deploying VC and Disclose verifier...");
- deployedContracts.vcAndDiscloseVerifier = m.contract("Verifier_vc_and_disclose");
- lastDeployedContract = deployedContracts.vcAndDiscloseVerifier;
- }
+ for (const circuit of Object.keys(circuitIds) as CircuitName[]) {
+ const [shouldDeploy] = circuitIds[circuit];
- // Deploy VC and Disclose ID verifier
- if (deployVerifiers.vcAndDiscloseIdVerifier) {
- console.log("Deploying VC and Disclose ID verifier...");
+ if (!shouldDeploy) {
+ console.log(`Skipping Verifier_${circuit}`);
+ continue;
+ }
+
+ const name = `Verifier_${circuit}`;
+ console.log(`Deploying ${name}...`);
+
+ // Create dependency on the last deployed contract to ensure sequential deployment
const deployOptions = lastDeployedContract ? { after: [lastDeployedContract] } : {};
- deployedContracts.vcAndDiscloseIdVerifier = m.contract("Verifier_vc_and_disclose_id", [], deployOptions);
- lastDeployedContract = deployedContracts.vcAndDiscloseIdVerifier;
+ deployments[name] = m.contract(name, [], deployOptions);
+ lastDeployedContract = deployments[name];
}
- // Deploy Register ID verifiers (for ID cards) - filtered from unified RegisterVerifierId enum
- const registerIdCircuits = getRegisterIdCircuits();
- if (deployVerifiers.registerIdVerifier) {
- console.log("Deploying Register ID verifiers with sequential dependencies...");
- registerIdCircuits.forEach((circuitName, index) => {
- const contractName = `Verifier_${circuitName}`;
- if (contractExists(contractName)) {
- console.log(` - Deploying ${contractName} (${index + 1}/${registerIdCircuits.length})`);
-
- // Create dependency on the last deployed contract to ensure sequential deployment
- const deployOptions = lastDeployedContract ? { after: [lastDeployedContract] } : {};
- deployedContracts[circuitName] = m.contract(contractName, [], deployOptions);
- lastDeployedContract = deployedContracts[circuitName];
- successfulRegisterIdDeployments++;
- } else {
- console.warn(` - Warning: Contract ${contractName} not found, skipping...`);
- }
- });
- }
-
- // Deploy Register verifiers (regular, non-ID) - filtered from unified RegisterVerifierId enum
- const registerCircuits = getRegularRegisterCircuits();
- if (deployVerifiers.registerVerifier) {
- console.log("Deploying Register verifiers with sequential dependencies...");
- registerCircuits.forEach((circuitName, index) => {
- const contractName = `Verifier_${circuitName}`;
- if (contractExists(contractName)) {
- console.log(` - Deploying ${contractName} (${index + 1}/${registerCircuits.length})`);
-
- // Create dependency on the last deployed contract to ensure sequential deployment
- const deployOptions = lastDeployedContract ? { after: [lastDeployedContract] } : {};
- deployedContracts[circuitName] = m.contract(contractName, [], deployOptions);
- lastDeployedContract = deployedContracts[circuitName];
- successfulRegisterDeployments++;
- } else {
- console.warn(` - Warning: Contract ${contractName} not found, skipping...`);
- }
- });
- }
-
- // Deploy DSC verifiers using DscVerifierId enum
- const dscCircuits = getEnumKeys(DscVerifierId);
- if (deployVerifiers.dscVerifier) {
- console.log("Deploying DSC verifiers with sequential dependencies...");
- dscCircuits.forEach((circuitName, index) => {
- const contractName = `Verifier_${circuitName}`;
- if (contractExists(contractName)) {
- console.log(` - Deploying ${contractName} (${index + 1}/${dscCircuits.length})`);
-
- // Create dependency on the last deployed contract to ensure sequential deployment
- const deployOptions = lastDeployedContract ? { after: [lastDeployedContract] } : {};
- deployedContracts[circuitName] = m.contract(contractName, [], deployOptions);
- lastDeployedContract = deployedContracts[circuitName];
- successfulDscDeployments++;
- } else {
- console.warn(` - Warning: Contract ${contractName} not found, skipping...`);
- }
- });
- }
-
- console.log(`Total verifiers deployment summary:`);
- console.log(` - VC and Disclose: ${deployVerifiers.vcAndDiscloseVerifier ? 1 : 0}`);
- console.log(` - VC and Disclose ID: ${deployVerifiers.vcAndDiscloseIdVerifier ? 1 : 0}`);
- console.log(
- ` - Register ID: ${successfulRegisterIdDeployments}/${registerIdCircuits.length} (${registerIdCircuits.length - successfulRegisterIdDeployments} skipped)`,
- );
- console.log(
- ` - Register: ${successfulRegisterDeployments}/${registerCircuits.length} (${registerCircuits.length - successfulRegisterDeployments} skipped)`,
- );
- console.log(
- ` - DSC: ${successfulDscDeployments}/${dscCircuits.length} (${dscCircuits.length - successfulDscDeployments} skipped)`,
- );
- console.log(
- ` - Total successful deployments: ${(deployVerifiers.vcAndDiscloseVerifier ? 1 : 0) + (deployVerifiers.vcAndDiscloseIdVerifier ? 1 : 0) + successfulRegisterIdDeployments + successfulRegisterDeployments + successfulDscDeployments}`,
- );
- console.log(` - Deployments will execute sequentially to prevent nonce conflicts`);
-
- return deployedContracts;
+ console.log(`Deployments will execute sequentially to prevent nonce conflicts`);
+ return deployments;
});
diff --git a/contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts b/contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts
deleted file mode 100644
index 3b04995ae..000000000
--- a/contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts
+++ /dev/null
@@ -1,205 +0,0 @@
-import { buildModule } from "@nomicfoundation/hardhat-ignition/modules";
-
-// All circuit names as a union type
-export type CircuitName =
- | "register_sha256_sha256_sha256_rsa_65537_4096"
- | "register_sha256_sha256_sha256_ecdsa_brainpoolP384r1"
- | "register_sha256_sha256_sha256_ecdsa_secp256r1"
- | "register_sha256_sha256_sha256_ecdsa_secp384r1"
- | "register_sha256_sha256_sha256_rsa_3_4096"
- | "register_sha256_sha256_sha256_rsapss_3_32_2048"
- | "register_sha256_sha256_sha256_rsapss_65537_32_2048"
- | "register_sha256_sha256_sha256_rsapss_65537_32_3072"
- | "register_sha384_sha384_sha384_ecdsa_brainpoolP384r1"
- | "register_sha384_sha384_sha384_ecdsa_brainpoolP512r1"
- | "register_sha384_sha384_sha384_ecdsa_secp384r1"
- | "register_sha512_sha512_sha512_ecdsa_brainpoolP512r1"
- | "register_sha512_sha512_sha512_rsa_65537_4096"
- | "register_sha512_sha512_sha512_rsapss_65537_64_2048"
- | "register_sha1_sha1_sha1_rsa_65537_4096"
- | "register_sha1_sha256_sha256_rsa_65537_4096"
- | "register_sha224_sha224_sha224_ecdsa_brainpoolP224r1"
- | "register_sha256_sha224_sha224_ecdsa_secp224r1"
- | "register_sha256_sha256_sha256_ecdsa_brainpoolP256r1"
- | "register_sha1_sha1_sha1_ecdsa_brainpoolP224r1"
- | "register_sha384_sha384_sha384_rsapss_65537_48_2048"
- | "register_sha1_sha1_sha1_ecdsa_secp256r1"
- | "register_sha256_sha256_sha256_rsapss_65537_64_2048"
- | "register_sha512_sha512_sha256_rsa_65537_4096"
- | "register_sha512_sha512_sha512_ecdsa_secp521r1"
- | "register_id_sha256_sha256_sha256_rsa_65537_4096"
- | "register_sha256_sha256_sha224_ecdsa_secp224r1"
- | "register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1"
- | "register_id_sha1_sha1_sha1_ecdsa_secp256r1"
- | "register_id_sha1_sha1_sha1_rsa_65537_4096"
- | "register_id_sha1_sha256_sha256_rsa_65537_4096"
- | "register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1"
- | "register_id_sha256_sha224_sha224_ecdsa_secp224r1"
- | "register_id_sha256_sha256_sha224_ecdsa_secp224r1"
- | "register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1"
- | "register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1"
- | "register_id_sha256_sha256_sha256_ecdsa_secp256r1"
- | "register_id_sha256_sha256_sha256_ecdsa_secp384r1"
- | "register_id_sha256_sha256_sha256_rsa_3_4096"
- | "register_id_sha256_sha256_sha256_rsapss_3_32_2048"
- | "register_id_sha256_sha256_sha256_rsapss_65537_32_2048"
- | "register_id_sha256_sha256_sha256_rsapss_65537_32_3072"
- | "register_id_sha256_sha256_sha256_rsapss_65537_64_2048"
- | "register_id_sha384_sha384_sha384_ecdsa_brainpoolP384r1"
- | "register_id_sha384_sha384_sha384_ecdsa_brainpoolP512r1"
- | "register_id_sha384_sha384_sha384_ecdsa_secp384r1"
- | "register_id_sha384_sha384_sha384_rsapss_65537_48_2048"
- | "register_id_sha512_sha512_sha256_rsa_65537_4096"
- | "register_id_sha512_sha512_sha512_ecdsa_brainpoolP512r1"
- | "register_id_sha512_sha512_sha512_ecdsa_secp521r1"
- | "register_id_sha512_sha512_sha512_rsa_65537_4096"
- | "register_id_sha512_sha512_sha512_rsapss_65537_64_2048"
- | "register_aadhaar"
- | "register_sha1_sha1_sha1_rsa_64321_4096"
- | "register_sha256_sha1_sha1_rsa_65537_4096"
- | "register_sha256_sha256_sha256_rsapss_65537_32_4096"
- | "register_id_sha512_sha512_sha256_rsapss_65537_32_2048"
- | "register_sha512_sha512_sha256_rsapss_65537_32_2048"
- | "dsc_sha1_ecdsa_brainpoolP256r1"
- | "dsc_sha1_rsa_65537_4096"
- | "dsc_sha256_ecdsa_brainpoolP256r1"
- | "dsc_sha256_ecdsa_brainpoolP384r1"
- | "dsc_sha256_ecdsa_secp256r1"
- | "dsc_sha256_ecdsa_secp384r1"
- | "dsc_sha256_ecdsa_secp521r1"
- | "dsc_sha256_rsa_65537_4096"
- | "dsc_sha256_rsapss_3_32_3072"
- | "dsc_sha256_rsapss_65537_32_3072"
- | "dsc_sha256_rsapss_65537_32_4096"
- | "dsc_sha384_ecdsa_brainpoolP384r1"
- | "dsc_sha384_ecdsa_brainpoolP512r1"
- | "dsc_sha384_ecdsa_secp384r1"
- | "dsc_sha512_ecdsa_brainpoolP512r1"
- | "dsc_sha512_ecdsa_secp521r1"
- | "dsc_sha512_rsa_65537_4096"
- | "dsc_sha512_rsapss_65537_64_4096"
- // | "dsc_sha256_rsapss_3_32_4096"
- | "dsc_sha1_ecdsa_secp256r1"
- | "dsc_sha256_rsa_107903_4096"
- | "dsc_sha256_rsa_122125_4096"
- | "dsc_sha256_rsa_130689_4096"
- | "dsc_sha256_rsa_56611_4096"
- | "vc_and_disclose"
- | "vc_and_disclose_id"
- | "vc_and_disclose_aadhaar";
-
-// Record mapping circuit names to numbers
-export const circuitIds: Record = {
- register_sha256_sha256_sha256_rsa_65537_4096: [true, 0],
- register_sha256_sha256_sha256_ecdsa_brainpoolP384r1: [true, 1],
- register_sha256_sha256_sha256_ecdsa_secp256r1: [true, 2],
- register_sha256_sha256_sha256_ecdsa_secp384r1: [true, 3],
- register_sha256_sha256_sha256_rsa_3_4096: [true, 4],
- register_sha256_sha256_sha256_rsapss_3_32_2048: [true, 5],
- register_sha256_sha256_sha256_rsapss_65537_32_2048: [true, 6],
- register_sha256_sha256_sha256_rsapss_65537_32_3072: [true, 7],
- register_sha384_sha384_sha384_ecdsa_brainpoolP384r1: [true, 8],
- register_sha384_sha384_sha384_ecdsa_brainpoolP512r1: [true, 9],
- register_sha384_sha384_sha384_ecdsa_secp384r1: [true, 10],
- register_sha512_sha512_sha512_ecdsa_brainpoolP512r1: [true, 11],
- register_sha512_sha512_sha512_rsa_65537_4096: [true, 12],
- register_sha512_sha512_sha512_rsapss_65537_64_2048: [true, 13],
- register_sha1_sha1_sha1_rsa_65537_4096: [true, 14],
- register_sha1_sha256_sha256_rsa_65537_4096: [true, 15],
- register_sha224_sha224_sha224_ecdsa_brainpoolP224r1: [true, 16],
- register_sha256_sha224_sha224_ecdsa_secp224r1: [true, 17],
- register_sha256_sha256_sha256_ecdsa_brainpoolP256r1: [true, 18],
- register_sha1_sha1_sha1_ecdsa_brainpoolP224r1: [true, 19],
- register_sha384_sha384_sha384_rsapss_65537_48_2048: [true, 20],
- register_sha1_sha1_sha1_ecdsa_secp256r1: [true, 21],
- register_sha256_sha256_sha256_rsapss_65537_64_2048: [true, 22],
- register_sha512_sha512_sha256_rsa_65537_4096: [true, 23],
- register_sha512_sha512_sha512_ecdsa_secp521r1: [true, 24],
- register_id_sha256_sha256_sha256_rsa_65537_4096: [true, 25],
- register_sha256_sha256_sha224_ecdsa_secp224r1: [true, 26],
- register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1: [true, 27],
- register_id_sha1_sha1_sha1_ecdsa_secp256r1: [true, 28],
- register_id_sha1_sha1_sha1_rsa_65537_4096: [true, 29],
- register_id_sha1_sha256_sha256_rsa_65537_4096: [true, 30],
- register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1: [true, 31],
- register_id_sha256_sha224_sha224_ecdsa_secp224r1: [true, 32],
- register_id_sha256_sha256_sha224_ecdsa_secp224r1: [true, 33],
- register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1: [true, 34],
- register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1: [true, 35],
- register_id_sha256_sha256_sha256_ecdsa_secp256r1: [true, 36],
- register_id_sha256_sha256_sha256_ecdsa_secp384r1: [true, 37],
- register_id_sha256_sha256_sha256_rsa_3_4096: [true, 38],
- register_id_sha256_sha256_sha256_rsapss_3_32_2048: [true, 39],
- register_id_sha256_sha256_sha256_rsapss_65537_32_2048: [true, 40],
- register_id_sha256_sha256_sha256_rsapss_65537_32_3072: [true, 41],
- register_id_sha256_sha256_sha256_rsapss_65537_64_2048: [true, 42],
- register_id_sha384_sha384_sha384_ecdsa_brainpoolP384r1: [true, 43],
- register_id_sha384_sha384_sha384_ecdsa_brainpoolP512r1: [true, 44],
- register_id_sha384_sha384_sha384_ecdsa_secp384r1: [true, 45],
- register_id_sha384_sha384_sha384_rsapss_65537_48_2048: [true, 46],
- register_id_sha512_sha512_sha256_rsa_65537_4096: [true, 47],
- register_id_sha512_sha512_sha512_ecdsa_brainpoolP512r1: [true, 48],
- register_id_sha512_sha512_sha512_ecdsa_secp521r1: [true, 49],
- register_id_sha512_sha512_sha512_rsa_65537_4096: [true, 50],
- register_id_sha512_sha512_sha512_rsapss_65537_64_2048: [true, 51],
- register_aadhaar: [true, 52],
- register_sha1_sha1_sha1_rsa_64321_4096: [true, 53],
- register_sha256_sha1_sha1_rsa_65537_4096: [true, 54],
- register_sha256_sha256_sha256_rsapss_65537_32_4096: [true, 55],
- register_id_sha512_sha512_sha256_rsapss_65537_32_2048: [true, 56],
- register_sha512_sha512_sha256_rsapss_65537_32_2048: [true, 57],
-
- dsc_sha1_ecdsa_brainpoolP256r1: [true, 0],
- dsc_sha1_rsa_65537_4096: [true, 1],
- dsc_sha256_ecdsa_brainpoolP256r1: [true, 2],
- dsc_sha256_ecdsa_brainpoolP384r1: [true, 3],
- dsc_sha256_ecdsa_secp256r1: [true, 4],
- dsc_sha256_ecdsa_secp384r1: [true, 5],
- dsc_sha256_ecdsa_secp521r1: [true, 6],
- dsc_sha256_rsa_65537_4096: [true, 7],
- dsc_sha256_rsapss_3_32_3072: [true, 8],
- dsc_sha256_rsapss_65537_32_3072: [true, 9],
- dsc_sha256_rsapss_65537_32_4096: [true, 10],
- dsc_sha384_ecdsa_brainpoolP384r1: [true, 11],
- dsc_sha384_ecdsa_brainpoolP512r1: [true, 12],
- dsc_sha384_ecdsa_secp384r1: [true, 13],
- dsc_sha512_ecdsa_brainpoolP512r1: [true, 14],
- dsc_sha512_ecdsa_secp521r1: [true, 15],
- dsc_sha512_rsa_65537_4096: [true, 16],
- dsc_sha512_rsapss_65537_64_4096: [true, 17],
- // dsc_sha256_rsapss_3_32_4096: [true, 18],
- dsc_sha1_ecdsa_secp256r1: [true, 19],
- dsc_sha256_rsa_107903_4096: [true, 20],
- dsc_sha256_rsa_122125_4096: [true, 21],
- dsc_sha256_rsa_130689_4096: [true, 22],
- dsc_sha256_rsa_56611_4096: [true, 23],
-
- vc_and_disclose: [true, 24],
- vc_and_disclose_id: [true, 25],
- vc_and_disclose_aadhaar: [true, 26],
-};
-
-export default buildModule("DeployAllVerifiers", (m) => {
- const deployments: Record = {};
- let lastDeployedContract: any = null;
-
- for (const circuit of Object.keys(circuitIds) as CircuitName[]) {
- const [shouldDeploy] = circuitIds[circuit];
-
- if (!shouldDeploy) {
- console.log(`Skipping Verifier_${circuit}`);
- continue;
- }
-
- const name = `Verifier_${circuit}`;
- console.log(`Deploying ${name}...`);
-
- // Create dependency on the last deployed contract to ensure sequential deployment
- const deployOptions = lastDeployedContract ? { after: [lastDeployedContract] } : {};
- deployments[name] = m.contract(name, [], deployOptions);
- lastDeployedContract = deployments[name];
- }
-
- console.log(`Deployments will execute sequentially to prevent nonce conflicts`);
- return deployments;
-});
diff --git a/contracts/ignition/modules/verifiers/deployVerifiers.ts b/contracts/ignition/modules/verifiers/deployVerifiers.ts
deleted file mode 100644
index 1412462bf..000000000
--- a/contracts/ignition/modules/verifiers/deployVerifiers.ts
+++ /dev/null
@@ -1,36 +0,0 @@
-import { buildModule } from "@nomicfoundation/hardhat-ignition/modules";
-
-export default buildModule("DeployVerifiers", (m) => {
- // const vcAndDiscloseVerifier = m.contract("Verifier_vc_and_disclose");
-
- // const registerVerifier = m.contract("Verifier_register_sha1_sha256_sha256_rsa_65537_4096");
- // const registerVerifier2 = m.contract("Verifier_register_sha256_sha256_sha256_ecdsa_brainpoolP256r1");
- // const registerVerifier3 = m.contract("Verifier_register_sha256_sha256_sha256_rsa_65537_4096");
- const verifier1 = m.contract("Verifier_dsc_sha1_ecdsa_secp256r1");
- const verifier2 = m.contract("Verifier_dsc_sha256_ecdsa_secp521r1");
- const verifier3 = m.contract("Verifier_dsc_sha384_ecdsa_brainpoolP512r1");
- const verifier4 = m.contract("Verifier_dsc_sha512_ecdsa_brainpoolP512r1");
- const verifier5 = m.contract("Verifier_dsc_sha512_ecdsa_secp521r1");
- const verifier6 = m.contract("Verifier_register_sha1_sha1_sha1_ecdsa_secp256r1");
- const verifier7 = m.contract("Verifier_register_sha256_sha256_sha256_rsapss_65537_64_2048");
- const verifier8 = m.contract("Verifier_register_sha512_sha512_sha256_rsa_65537_4096");
- const verifier9 = m.contract("Verifier_register_sha512_sha512_sha512_ecdsa_secp521r1");
- const verifier10 = m.contract("Verifier_register_sha512_sha512_sha512_ecdsa_brainpoolP512r1");
- const verifier11 = m.contract("Verifier_register_sha384_sha384_sha384_ecdsa_brainpoolP512r1");
-
- // const dscVerifier = m.contract("Verifier_dsc_sha256_rsa_65537_4096");
-
- return {
- verifier1,
- verifier2,
- verifier3,
- verifier4,
- verifier5,
- verifier6,
- verifier7,
- verifier8,
- verifier9,
- verifier10,
- verifier11,
- };
-});
diff --git a/contracts/package.json b/contracts/package.json
index 34ca79557..c6c6b5d69 100644
--- a/contracts/package.json
+++ b/contracts/package.json
@@ -31,20 +31,19 @@
"deploy:registry": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/registry/deployRegistry.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
"deploy:registry:idcard": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/registry/deployIdCardRegistry.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
"deploy:test:selfverificationroot": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/deployTestSelfVerificationRoot.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
- "deploy:verifier:id": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployAllVerifiersNew.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
- "deploy:verifiers": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployVerifiers.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
- "deploy:verifiers:all": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployAllVerifiersNew.ts --network ${NETWORK:-localhost}' --verify",
+ "deploy:verifier:idcard": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployIdCardVerifier.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
+ "deploy:verifiers:all": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployAllVerifiers.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
"export-prod": "bash ./scripts/prod.sh",
"find:error": "npx tsx scripts/findErrorSelectors.ts",
"format": "yarn prettier:write",
"prettier:check": "prettier --plugin-search-dir . --list-different '**/*.{json,md,yml,sol,ts}'",
"prettier:write": "prettier --plugin-search-dir . --write '**/*.{json,md,yml,sol,ts}'",
"publish": "npm publish --access public",
- "set:hub:v2": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK:-alfajores} npx tsx scripts/setHubV2.ts'",
- "set:registry": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK:-staging} npx tsx scripts/setRegistry.ts'",
+ "set:hub:v2": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK} npx tsx scripts/setHubV2.ts'",
+ "set:registry": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK} npx tsx scripts/setRegistry.ts'",
"set:registry:hub:v2": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/scripts/updateRegistryHubV2.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
- "set:registry:idcard": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK:-staging} npx tsx scripts/setRegistryId.ts'",
- "set:verifiers:v2": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK:-alfajores} npx tsx scripts/setVerifiersV2.ts'",
+ "set:registry:idcard": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK} npx tsx scripts/setRegistryId.ts'",
+ "set:verifiers:v2": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK} npx tsx scripts/setVerifiersV2.ts'",
"show:registry": "npx tsx scripts/showRegistryAddresses.ts",
"test": "yarn hardhat test",
"test:airdrop": "npx dotenv-cli -- bash -c 'TEST_ENV=${TEST_ENV:-local} npx hardhat test test/example/airdrop.test.ts'",
@@ -68,8 +67,8 @@
"test:view": "yarn hardhat test test/view.ts",
"types": "tsc -noEmit",
"update:cscaroot": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/scripts/updateRegistryCscaRoot.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
- "update:hub": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK:-staging} npx tsx scripts/setRegistry.ts'",
- "update:ofacroot": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK:-alfajores} npx tsx scripts/updateRegistryOfacRoot.ts'",
+ "update:hub": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK} npx tsx scripts/setRegistry.ts'",
+ "update:ofacroot": "npx dotenv-cli -- bash -c 'NETWORK=${NETWORK} npx tsx scripts/updateRegistryOfacRoot.ts'",
"update:pcr0": "npx dotenv-cli -- bash -c 'PCR0_ACTION=${PCR0_ACTION:-add} PCR0_KEY=${PCR0_KEY} yarn hardhat ignition deploy ignition/modules/scripts/updatePCR0.ts --network ${NETWORK:-localhost} --reset'",
"upgrade:hub": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/upgrade/deployNewHubAndUpgrade.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'",
"upgrade:registry": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/upgrade/deployNewRegistryAndUpgrade.ts --network ${NETWORK:-localhost} ${VERIFY:+--verify}'"
diff --git a/contracts/scripts/constants.ts b/contracts/scripts/constants.ts
index 2d3fd8791..1672ddb3f 100644
--- a/contracts/scripts/constants.ts
+++ b/contracts/scripts/constants.ts
@@ -14,16 +14,15 @@ export const ATTESTATION_TO_REGISTRY = {
export const NETWORK_TO_CHAIN_ID: Record = {
localhost: "31337",
hardhat: "31337",
- alfajores: "44787",
- celoAlfajores: "44787",
+ celoSepolia: "11142220",
celo: "42220",
mainnet: "42220",
- staging: "44787",
+ staging: "11142220",
};
export const CHAIN_ID_TO_SAVED_REPO: Record = {
"42220": "prod",
- "44787": "staging",
+ "11142220": "staging",
};
export const getChainId = (network: string): string => {
diff --git a/contracts/scripts/setRegistry.ts b/contracts/scripts/setRegistry.ts
index 05da2e5fc..b333fc00a 100644
--- a/contracts/scripts/setRegistry.ts
+++ b/contracts/scripts/setRegistry.ts
@@ -9,7 +9,7 @@ dotenv.config();
// Environment configuration
const NETWORK = process.env.NETWORK || "localhost"; // Default to localhost
-const RPC_URL_KEY = NETWORK === "celo" ? "CELO_RPC_URL" : "CELO_ALFAJORES_RPC_URL";
+const RPC_URL_KEY = NETWORK === "celo" ? "CELO_RPC_URL" : "CELO_SEPOLIA_RPC_URL";
const PRIVATE_KEY = process.env.PRIVATE_KEY;
const SKIP_CSCA_UPDATE = process.env.SKIP_CSCA_UPDATE === "true";
const CSCA_ROOT = process.env.CSCA_ROOT; // Allow manual CSCA root setting
@@ -17,7 +17,7 @@ const CSCA_ROOT = process.env.CSCA_ROOT; // Allow manual CSCA root setting
// Network to Chain ID mapping
const NETWORK_TO_CHAIN_ID: Record = {
localhost: "31337",
- celoAlfajores: "44787",
+ celoSepolia: "11142220",
celo: "42220",
};
diff --git a/contracts/scripts/setRegistryId.ts b/contracts/scripts/setRegistryId.ts
index 3c08e6c72..4f8c66be4 100644
--- a/contracts/scripts/setRegistryId.ts
+++ b/contracts/scripts/setRegistryId.ts
@@ -9,7 +9,7 @@ dotenv.config();
// Environment configuration
const NETWORK = process.env.NETWORK || "localhost"; // Default to localhost
-const RPC_URL_KEY = NETWORK === "celo" ? "CELO_RPC_URL" : "CELO_ALFAJORES_RPC_URL";
+const RPC_URL_KEY = NETWORK === "celo" ? "CELO_RPC_URL" : "CELO_SEPOLIA_RPC_URL";
const PRIVATE_KEY = process.env.PRIVATE_KEY;
const SKIP_CSCA_UPDATE = process.env.SKIP_CSCA_UPDATE === "true";
const CSCA_ROOT = process.env.CSCA_ROOT; // Allow manual CSCA root setting
@@ -17,7 +17,7 @@ const CSCA_ROOT = process.env.CSCA_ROOT; // Allow manual CSCA root setting
// Network to Chain ID mapping
const NETWORK_TO_CHAIN_ID: Record = {
localhost: "31337",
- celoAlfajores: "44787",
+ celoSepolia: "11142220",
celo: "42220",
};
diff --git a/contracts/scripts/showRegistryAddresses.ts b/contracts/scripts/showRegistryAddresses.ts
index 7060dd1c9..b084b5819 100644
--- a/contracts/scripts/showRegistryAddresses.ts
+++ b/contracts/scripts/showRegistryAddresses.ts
@@ -7,10 +7,13 @@ async function showRegistryAddresses() {
try {
// Read the deployed addresses from the deployment artifacts
- const deployedAddressesPath = path.join(__dirname, "../ignition/deployments/chain-44787/deployed_addresses.json");
+ const deployedAddressesPath = path.join(
+ __dirname,
+ "../ignition/deployments/chain-11142220/deployed_addresses.json",
+ );
if (!fs.existsSync(deployedAddressesPath)) {
- console.log("β No deployment found for chain 44787 (Alfajores)");
+ console.log("β No deployment found for chain 11142220 (Sepolia)");
console.log(" Please run: yarn deploy:registry");
return;
}
diff --git a/contracts/scripts/staging.sh b/contracts/scripts/staging.sh
index ccc83667a..15378e82a 100755
--- a/contracts/scripts/staging.sh
+++ b/contracts/scripts/staging.sh
@@ -4,9 +4,9 @@
mkdir -p ignition/deployments/staging/artifacts
# Copy deployed_addresses.json
-cp ignition/deployments/chain-44787/deployed_addresses.json ignition/deployments/staging/deployed_addresses.json
+cp ignition/deployments/chain-11142220/deployed_addresses.json ignition/deployments/staging/deployed_addresses.json
-# Copy all artifacts from chain-44787 to staging
-cp -r ignition/deployments/chain-44787/artifacts/* ignition/deployments/staging/artifacts/
+# Copy all artifacts from chain-11142220 to staging
+cp -r ignition/deployments/chain-11142220/artifacts/* ignition/deployments/staging/artifacts/
-echo "Successfully exported chain-44787 deployment files to staging directory"
+echo "Successfully exported chain-11142220 deployment files to staging directory"
diff --git a/contracts/test/example/airdrop.test.ts b/contracts/test/example/airdrop.test.ts
index 3ef303a20..8a57a5070 100644
--- a/contracts/test/example/airdrop.test.ts
+++ b/contracts/test/example/airdrop.test.ts
@@ -1,21 +1,49 @@
import { expect } from "chai";
-import { deploySystemFixtures } from "../utils/deployment";
-import { DeployedActors } from "../utils/types";
+import { deploySystemFixturesV2 } from "../utils/deploymentV2";
+import { DeployedActorsV2 } from "../utils/types";
import { ethers } from "hardhat";
import { CIRCUIT_CONSTANTS } from "@selfxyz/common/constants/constants";
import { ATTESTATION_ID } from "../utils/constants";
-import { generateVcAndDiscloseProof } from "../utils/generateProof.js";
+import { generateVcAndDiscloseProof } from "../utils/generateProof";
import { poseidon2 } from "poseidon-lite";
import { generateCommitment } from "@selfxyz/common/utils/passports/passport";
import { generateRandomFieldElement, splitHexFromBack } from "../utils/utils";
import BalanceTree from "../utils/example/balance-tree";
-import { castFromScope } from "@selfxyz/common/utils/circuits/uuid";
import { formatCountriesList, reverseBytes } from "@selfxyz/common/utils/circuits/formatInputs";
import { Formatter } from "../utils/formatter";
import { hashEndpointWithScope } from "@selfxyz/common/utils/scope";
+import { createHash } from "crypto";
+
+// Helper function to calculate user identifier hash
+function calculateUserIdentifierHash(userContextData: string): string {
+ const sha256Hash = createHash("sha256")
+ .update(Buffer.from(userContextData.slice(2), "hex"))
+ .digest();
+ const ripemdHash = createHash("ripemd160").update(sha256Hash).digest();
+ return "0x" + ripemdHash.toString("hex").padStart(40, "0");
+}
+
+// Helper function to create V2 proof format
+function createV2ProofData(proof: any, userAddress: string, userData: string = "airdrop-user-data") {
+ const destChainId = ethers.zeroPadValue(ethers.toBeHex(31337), 32);
+ const userContextData = ethers.solidityPacked(
+ ["bytes32", "bytes32", "bytes"],
+ [destChainId, ethers.zeroPadValue(userAddress, 32), ethers.toUtf8Bytes(userData)],
+ );
+
+ const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ATTESTATION_ID.E_PASSPORT)), 32);
+ const encodedProof = ethers.AbiCoder.defaultAbiCoder().encode(
+ ["tuple(uint256[2] a, uint256[2][2] b, uint256[2] c, uint256[] pubSignals)"],
+ [[proof.a, proof.b, proof.c, proof.pubSignals]],
+ );
+
+ const proofData = ethers.solidityPacked(["bytes32", "bytes"], [attestationId, encodedProof]);
+
+ return { proofData, userContextData };
+}
describe("Airdrop", () => {
- let deployedActors: DeployedActors;
+ let deployedActors: DeployedActorsV2;
let snapshotId: string;
let airdrop: any;
let token: any;
@@ -28,9 +56,11 @@ describe("Airdrop", () => {
let forbiddenCountriesList: any;
let countriesListPacked: any;
let attestationIds: any[];
+ let userIdentifierBigInt: bigint;
+ let numericScope: string;
before(async () => {
- deployedActors = await deploySystemFixtures();
+ deployedActors = await deploySystemFixturesV2();
// must be imported dynamic since @openpassport/zk-kit-lean-imt is exclusively esm and hardhat does not support esm with typescript until verison 3
const LeanIMT = await import("@openpassport/zk-kit-lean-imt").then((mod) => mod.LeanIMT);
registerSecret = generateRandomFieldElement();
@@ -44,22 +74,7 @@ describe("Airdrop", () => {
imt = new LeanIMT(hashFunction);
await imt.insert(BigInt(commitment));
- baseVcAndDiscloseProof = await generateVcAndDiscloseProof(
- registerSecret,
- BigInt(ATTESTATION_ID.E_PASSPORT).toString(),
- deployedActors.mockPassport,
- hashEndpointWithScope("https://test.com", "test-scope"),
- new Array(88).fill("1"),
- "1",
- imt,
- "20",
- undefined,
- undefined,
- undefined,
- undefined,
- forbiddenCountriesList,
- (await deployedActors.user1.getAddress()).slice(2),
- );
+ // Proof generation will happen after airdrop deployment
const tokenFactory = await ethers.getContractFactory("AirdropToken");
token = await tokenFactory.connect(deployedActors.owner).deploy();
@@ -73,24 +88,86 @@ describe("Airdrop", () => {
reverseBytes(Formatter.bytesToHexString(new Uint8Array(formatCountriesList(forbiddenCountriesList)))),
);
- const airdropFactory = await ethers.getContractFactory("Airdrop");
- airdrop = await airdropFactory.connect(deployedActors.owner).deploy(
- deployedActors.hub.target,
- hashEndpointWithScope("https://test.com", "test-scope"),
- 0, // the types show we need a contract version here
- attestationIds,
- token.target,
- );
+ // Deploy PoseidonT3 contract for proper scope calculation
+ const PoseidonT3Factory = await ethers.getContractFactory("PoseidonT3");
+ const poseidonT3 = await PoseidonT3Factory.deploy();
+ await poseidonT3.waitForDeployment();
+ const poseidonT3Address = await poseidonT3.getAddress();
+
+ // Deploy TestAirdrop contract (which allows setting PoseidonT3 address)
+ const airdropFactory = await ethers.getContractFactory("TestAirdrop");
+ airdrop = await airdropFactory
+ .connect(deployedActors.owner)
+ .deploy(deployedActors.hub.target, "test-scope", token.target);
await airdrop.waitForDeployment();
- const verificationConfig = {
+ // Set the proper scope using the deployed PoseidonT3
+ await airdrop.testGenerateScope(poseidonT3Address, "test-scope");
+
+ // Get the actual scope from the airdrop contract (now properly calculated)
+ const contractScope = await airdrop.scope();
+ numericScope = contractScope.toString();
+
+ const airdropAddress = await airdrop.getAddress();
+
+ console.log(`π TestAirdrop deployed at: ${airdropAddress}`);
+ console.log(`π’ PoseidonT3 deployed at: ${poseidonT3Address}`);
+ console.log(`β
Proper scope (calculated with PoseidonT3): ${numericScope}`);
+
+ // The airdrop now uses the proper calculated scope
+
+ // Calculate the proper user identifier
+ const destChainId = ethers.zeroPadValue(ethers.toBeHex(31337), 32);
+ const user1Address = await deployedActors.user1.getAddress();
+ const userData = ethers.toUtf8Bytes("airdrop-user-data");
+
+ const tempUserContextData = ethers.solidityPacked(
+ ["bytes32", "bytes32", "bytes"],
+ [destChainId, ethers.zeroPadValue(user1Address, 32), userData],
+ );
+
+ const userIdentifierHash = calculateUserIdentifierHash(tempUserContextData);
+ userIdentifierBigInt = BigInt(userIdentifierHash);
+
+ baseVcAndDiscloseProof = await generateVcAndDiscloseProof(
+ registerSecret,
+ BigInt(ATTESTATION_ID.E_PASSPORT).toString(),
+ deployedActors.mockPassport,
+ numericScope,
+ new Array(88).fill("1"),
+ "1",
+ imt,
+ "20",
+ undefined,
+ undefined,
+ undefined,
+ undefined,
+ forbiddenCountriesList,
+ "0x" + userIdentifierBigInt.toString(16).padStart(64, "0"),
+ );
+
+ vcAndDiscloseProof = baseVcAndDiscloseProof;
+
+ // Set up verification config in the hub
+ const verificationConfigV2 = {
olderThanEnabled: true,
- olderThan: 20,
+ olderThan: "20",
forbiddenCountriesEnabled: true,
- forbiddenCountriesListPacked: countriesListPacked,
+ forbiddenCountriesListPacked: countriesListPacked as [any, any, any, any],
ofacEnabled: [true, true, true] as [boolean, boolean, boolean],
};
- await airdrop.connect(deployedActors.owner).setVerificationConfig(verificationConfig);
+
+ // Register the config in the hub and get the config ID
+ const configId = await deployedActors.hub
+ .connect(deployedActors.owner)
+ .setVerificationConfigV2(verificationConfigV2);
+ const receipt = await configId.wait();
+
+ // Extract the actual config ID from the transaction receipt
+ const actualConfigId = receipt!.logs[0].topics[1]; // The configId is the first indexed parameter
+
+ // Set the config ID in the airdrop contract
+ await airdrop.connect(deployedActors.owner).setConfigId(actualConfigId);
const mintAmount = ethers.parseEther("424242424242");
await token.mint(airdrop.target, mintAmount);
@@ -201,7 +278,11 @@ describe("Airdrop", () => {
const { owner, user1 } = deployedActors;
await airdrop.connect(owner).openRegistration();
- const tx = await airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof);
+
+ // Create V2 proof format
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+
+ const tx = await airdrop.connect(user1).verifySelfProof(proofData, userContextData);
const receipt = await tx.wait();
const event = receipt?.logs.find(
@@ -215,20 +296,17 @@ describe("Airdrop", () => {
const appNullifier = vcAndDiscloseProof.pubSignals[CIRCUIT_CONSTANTS.VC_AND_DISCLOSE_NULLIFIER_INDEX];
expect(eventArgs?.nullifier).to.be.equal(appNullifier);
-
- const nullifierToId = await airdrop.getNullifier(appNullifier);
- expect(nullifierToId).to.be.equal(await user1.getAddress());
-
- const isRegistered = await airdrop.isRegistered(await user1.getAddress());
- expect(isRegistered).to.be.equal(true);
- const isRegisteredFalse = await airdrop.isRegistered(await owner.getAddress());
});
it("should not able to register address by user if registration is closed", async () => {
const { owner, user1 } = deployedActors;
await airdrop.connect(owner).closeRegistration();
- await expect(airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof)).to.be.revertedWithCustomError(
+
+ // Create V2 proof format
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+
+ await expect(airdrop.connect(user1).verifySelfProof(proofData, userContextData)).to.be.revertedWithCustomError(
airdrop,
"RegistrationNotOpen",
);
@@ -237,11 +315,19 @@ describe("Airdrop", () => {
it("should not able to register address by user if scope is invalid", async () => {
const { owner, user1 } = deployedActors;
- vcAndDiscloseProof = await generateVcAndDiscloseProof(
+ // Now that we have proper scope calculation, we can create a proof with a genuinely different scope
+ const airdropAddress = await airdrop.getAddress();
+ const differentScope = hashEndpointWithScope(airdropAddress.toLowerCase(), "different-test-scope");
+
+ console.log(`TestAirdrop scope: ${numericScope}`);
+ console.log(`Different scope for test: ${differentScope}`);
+
+ // Generate proof with the different scope
+ const invalidVcAndDiscloseProof = await generateVcAndDiscloseProof(
registerSecret,
BigInt(ATTESTATION_ID.E_PASSPORT).toString(),
deployedActors.mockPassport,
- hashEndpointWithScope("https://test.com", "test-scope-invalid"),
+ differentScope, // Use different scope
new Array(88).fill("1"),
"1",
imt,
@@ -251,13 +337,17 @@ describe("Airdrop", () => {
undefined,
undefined,
forbiddenCountriesList,
- (await deployedActors.user1.getAddress()).slice(2),
+ "0x" + userIdentifierBigInt.toString(16).padStart(64, "0"),
);
await airdrop.connect(owner).openRegistration();
- await expect(airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof)).to.be.revertedWithCustomError(
- airdrop,
- "InvalidScope",
+
+ // Create V2 proof format with invalid proof (different scope)
+ const { proofData, userContextData } = createV2ProofData(invalidVcAndDiscloseProof, await user1.getAddress());
+
+ await expect(airdrop.connect(user1).verifySelfProof(proofData, userContextData)).to.be.revertedWithCustomError(
+ deployedActors.hub,
+ "ScopeMismatch",
);
});
@@ -265,8 +355,15 @@ describe("Airdrop", () => {
const { owner, user1 } = deployedActors;
await airdrop.connect(owner).openRegistration();
- await airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof);
- await expect(airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof)).to.be.revertedWithCustomError(
+
+ // Create V2 proof format
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+
+ // First registration should succeed
+ await airdrop.connect(user1).verifySelfProof(proofData, userContextData);
+
+ // Second registration with same nullifier should fail
+ await expect(airdrop.connect(user1).verifySelfProof(proofData, userContextData)).to.be.revertedWithCustomError(
airdrop,
"RegisteredNullifier",
);
@@ -292,11 +389,11 @@ describe("Airdrop", () => {
await invalidImt.insert(BigInt(commitment));
await invalidImt.insert(BigInt(invalidCommitment));
- vcAndDiscloseProof = await generateVcAndDiscloseProof(
+ const invalidVcAndDiscloseProof = await generateVcAndDiscloseProof(
registerSecret,
BigInt(ATTESTATION_ID.INVALID_ATTESTATION_ID).toString(),
deployedActors.mockPassport,
- hashEndpointWithScope("https://test.com", "test-scope"),
+ numericScope, // Use the same scope as airdrop (proper calculated scope)
new Array(88).fill("1"),
"1",
invalidImt,
@@ -306,24 +403,29 @@ describe("Airdrop", () => {
undefined,
undefined,
forbiddenCountriesList,
- (await deployedActors.user1.getAddress()).slice(2),
+ "0x" + userIdentifierBigInt.toString(16).padStart(64, "0"),
);
await airdrop.connect(owner).openRegistration();
- await expect(airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof)).to.be.revertedWithCustomError(
- airdrop,
- "InvalidAttestationId",
+
+ // Create V2 proof format with invalid attestation ID
+ const { proofData, userContextData } = createV2ProofData(invalidVcAndDiscloseProof, await user1.getAddress());
+
+ await expect(airdrop.connect(user1).verifySelfProof(proofData, userContextData)).to.be.revertedWithCustomError(
+ deployedActors.hub,
+ "AttestationIdMismatch",
);
});
it("should revert with InvalidUserIdentifier when user identifier is 0", async () => {
const { owner, user1 } = deployedActors;
- vcAndDiscloseProof = await generateVcAndDiscloseProof(
+ // Generate proof with zero user identifier
+ const invalidVcAndDiscloseProof = await generateVcAndDiscloseProof(
registerSecret,
BigInt(ATTESTATION_ID.E_PASSPORT).toString(),
deployedActors.mockPassport,
- hashEndpointWithScope("https://test.com", "test-scope"),
+ numericScope, // Use the same scope as airdrop (proper calculated scope)
new Array(88).fill("1"),
"1",
imt,
@@ -333,49 +435,123 @@ describe("Airdrop", () => {
undefined,
undefined,
forbiddenCountriesList,
- "0000000000000000000000000000000000000000",
+ "0x0000000000000000000000000000000000000000000000000000000000000000", // Zero user identifier
);
await airdrop.connect(owner).openRegistration();
- await expect(airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof)).to.be.revertedWithCustomError(
- airdrop,
- "InvalidUserIdentifier",
+
+ // Create V2 proof format with zero user identifier proof
+ const { proofData, userContextData } = createV2ProofData(invalidVcAndDiscloseProof, await user1.getAddress());
+
+ await expect(airdrop.connect(user1).verifySelfProof(proofData, userContextData)).to.be.revertedWithCustomError(
+ deployedActors.hub,
+ "InvalidUserIdentifierInProof",
);
});
it("should allow registration when targetRootTimestamp is 0", async () => {
const { hub, registry, owner, user1 } = deployedActors;
- const airdropFactory = await ethers.getContractFactory("Airdrop");
- const newAirdrop = await airdropFactory
- .connect(owner)
- .deploy(hub.target, hashEndpointWithScope("https://test.com", "test-scope"), 0, attestationIds, token.target);
+ // Deploy a new TestAirdrop with different scopeSeed
+ const PoseidonT3Factory = await ethers.getContractFactory("PoseidonT3");
+ const newPoseidonT3 = await PoseidonT3Factory.deploy();
+ await newPoseidonT3.waitForDeployment();
+ const newPoseidonT3Address = await newPoseidonT3.getAddress();
+
+ const airdropFactory = await ethers.getContractFactory("TestAirdrop");
+ const newAirdrop = await airdropFactory.connect(owner).deploy(hub.target, "test-scope-2", token.target);
await newAirdrop.waitForDeployment();
- const verificationConfig = {
+ // Set the proper scope for the new airdrop using the deployed PoseidonT3
+ await newAirdrop.testGenerateScope(newPoseidonT3Address, "test-scope-2");
+
+ // Set up verification config for the new airdrop (same as main airdrop)
+ const verificationConfigV2 = {
olderThanEnabled: true,
- olderThan: 20,
+ olderThan: "20",
forbiddenCountriesEnabled: true,
- forbiddenCountriesListPacked: countriesListPacked,
+ forbiddenCountriesListPacked: countriesListPacked as [any, any, any, any],
ofacEnabled: [true, true, true] as [boolean, boolean, boolean],
};
- await newAirdrop.connect(owner).setVerificationConfig(verificationConfig);
+
+ // Register the config in the hub and get the config ID
+ const configTx = await deployedActors.hub.connect(owner).setVerificationConfigV2(verificationConfigV2);
+ const configReceipt = await configTx.wait();
+
+ // Extract the actual config ID from the transaction receipt
+ const actualConfigId = configReceipt!.logs[0].topics[1]; // The configId is the first indexed parameter
+
+ // Set the config ID in the new airdrop contract
+ await newAirdrop.connect(owner).setConfigId(actualConfigId);
await newAirdrop.connect(owner).openRegistration();
- await expect(newAirdrop.connect(user1).verifySelfProof(vcAndDiscloseProof)).to.not.be.reverted;
+
+ // Get the actual scope from the new airdrop contract
+ const newAirdropScope = await newAirdrop.scope();
+ const newAirdropScopeAsBigIntString = newAirdropScope.toString();
+
+ // Calculate user identifier for the new airdrop context
+ const destChainId = ethers.zeroPadValue(ethers.toBeHex(31337), 32);
+ const user1Address = await user1.getAddress();
+ const userData = ethers.toUtf8Bytes("airdrop-user-data");
+
+ const tempUserContextData = ethers.solidityPacked(
+ ["bytes32", "bytes32", "bytes"],
+ [destChainId, ethers.zeroPadValue(user1Address, 32), userData],
+ );
+
+ const userIdentifierHash = calculateUserIdentifierHash(tempUserContextData);
+ const newUserIdentifierBigInt = BigInt(userIdentifierHash);
+
+ // Generate proof with the new airdrop's scope
+ const newVcAndDiscloseProof = await generateVcAndDiscloseProof(
+ registerSecret,
+ BigInt(ATTESTATION_ID.E_PASSPORT).toString(),
+ deployedActors.mockPassport,
+ newAirdropScopeAsBigIntString, // Use the actual scope from the new contract
+ new Array(88).fill("1"),
+ "1",
+ imt,
+ "20",
+ undefined,
+ undefined,
+ undefined,
+ undefined,
+ forbiddenCountriesList,
+ "0x" + newUserIdentifierBigInt.toString(16).padStart(64, "0"), // Use proper user identifier
+ );
+
+ // Create V2 proof format for the new airdrop
+ const { proofData, userContextData } = createV2ProofData(newVcAndDiscloseProof, await user1.getAddress());
+
+ await expect(newAirdrop.connect(user1).verifySelfProof(proofData, userContextData)).to.not.be.reverted;
});
it("should return correct scope", async () => {
- const scope = await airdrop.getScope();
- expect(scope).to.equal(hashEndpointWithScope("https://test.com", "test-scope"));
- });
+ const scope = await airdrop.scope();
- it("should check if attestation ID is allowed", async () => {
- const isAllowed = await airdrop.isAttestationIdAllowed(ATTESTATION_ID.E_PASSPORT);
- expect(isAllowed).to.be.true;
+ // With TestAirdrop and deployed PoseidonT3, we now get the proper calculated scope
+ expect(scope).to.not.equal(0n);
- const isNotAllowed = await airdrop.isAttestationIdAllowed(999999); // Some random ID not in the list
- expect(isNotAllowed).to.be.false;
+ // Verify that our test setup correctly uses the contract's actual scope
+ expect(numericScope).to.equal(scope.toString());
+
+ // Calculate what the scope would be using hashEndpointWithScope for comparison
+ const airdropAddress = await airdrop.getAddress();
+ const expectedScope = hashEndpointWithScope(airdropAddress.toLowerCase(), "test-scope");
+
+ // The contract-calculated scope should match the expected scope
+ expect(scope.toString()).to.equal(expectedScope);
+
+ // Also compare with TestSelfVerificationRoot which should have the same scope calculation method
+ const testRootScope = await deployedActors.testSelfVerificationRoot.scope();
+ expect(testRootScope).to.not.equal(0n);
+
+ console.log(`β
TestAirdrop scope (with PoseidonT3): ${scope}`);
+ console.log(`β
Test scope variable: ${numericScope}`);
+ console.log(`π TestSelfVerificationRoot scope: ${testRootScope}`);
+ console.log(`π Expected scope (hashEndpointWithScope): ${expectedScope}`);
+ console.log(`π― All scopes match: ${scope.toString() === expectedScope}`);
});
it("should return correct merkle root", async () => {
@@ -396,7 +572,11 @@ describe("Airdrop", () => {
const { owner, user1 } = deployedActors;
await airdrop.connect(owner).openRegistration();
- await airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof);
+
+ // Register the user first using V2 interface
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+ await airdrop.connect(user1).verifySelfProof(proofData, userContextData);
+
await airdrop.connect(owner).closeRegistration();
const tree = new BalanceTree([{ account: await user1.getAddress(), amount: BigInt(1000000000000000000) }]);
@@ -427,7 +607,10 @@ describe("Airdrop", () => {
const { owner, user1 } = deployedActors;
await airdrop.connect(owner).openRegistration();
- await airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof);
+
+ // Register the user first using V2 interface
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+ await airdrop.connect(user1).verifySelfProof(proofData, userContextData);
const tree = new BalanceTree([{ account: await user1.getAddress(), amount: BigInt(1000000000000000000) }]);
const root = tree.getHexRoot();
@@ -448,7 +631,11 @@ describe("Airdrop", () => {
const { owner, user1 } = deployedActors;
await airdrop.connect(owner).openRegistration();
- await airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof);
+
+ // Register the user first using V2 interface
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+ await airdrop.connect(user1).verifySelfProof(proofData, userContextData);
+
await airdrop.connect(owner).closeRegistration();
const tree = new BalanceTree([{ account: await user1.getAddress(), amount: BigInt(1000000000000000000) }]);
@@ -469,7 +656,11 @@ describe("Airdrop", () => {
const { owner, user1 } = deployedActors;
await airdrop.connect(owner).openRegistration();
- await airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof);
+
+ // Register the user first using V2 interface
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+ await airdrop.connect(user1).verifySelfProof(proofData, userContextData);
+
await airdrop.connect(owner).closeRegistration();
const tree = new BalanceTree([{ account: await user1.getAddress(), amount: BigInt(1000000000000000000) }]);
const root = tree.getHexRoot();
@@ -494,7 +685,11 @@ describe("Airdrop", () => {
const { owner, user1 } = deployedActors;
await airdrop.connect(owner).openRegistration();
- await airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof);
+
+ // Register the user first using V2 interface
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+ await airdrop.connect(user1).verifySelfProof(proofData, userContextData);
+
await airdrop.connect(owner).closeRegistration();
const tree = new BalanceTree([{ account: await user1.getAddress(), amount: BigInt(1000000000000000000) }]);
const root = tree.getHexRoot();
@@ -516,7 +711,11 @@ describe("Airdrop", () => {
const { owner, user1, user2 } = deployedActors;
await airdrop.connect(owner).openRegistration();
- await airdrop.connect(user1).verifySelfProof(vcAndDiscloseProof);
+
+ // Register only user1, not user2
+ const { proofData, userContextData } = createV2ProofData(vcAndDiscloseProof, await user1.getAddress());
+ await airdrop.connect(user1).verifySelfProof(proofData, userContextData);
+
await airdrop.connect(owner).closeRegistration();
const tree = new BalanceTree([
@@ -537,124 +736,21 @@ describe("Airdrop", () => {
expect(isClaimed).to.be.false;
});
- it("should able to set verification config by owner", async () => {
+ it("should able to set config ID by owner", async () => {
const { owner } = deployedActors;
- const newVerificationConfig = {
- olderThanEnabled: false,
- olderThan: 25,
- forbiddenCountriesEnabled: false,
- forbiddenCountriesListPacked: countriesListPacked,
- ofacEnabled: [false, false, false] as [boolean, boolean, boolean],
- };
+ const newConfigId = ethers.keccak256(ethers.toUtf8Bytes("new-config-v1"));
- await airdrop.connect(owner).setVerificationConfig(newVerificationConfig);
- const storedConfig = await airdrop.getVerificationConfig();
+ await airdrop.connect(owner).setConfigId(newConfigId);
+ const storedConfigId = await airdrop.verificationConfigId();
- expect(storedConfig.olderThanEnabled).to.equal(newVerificationConfig.olderThanEnabled);
- expect(storedConfig.olderThan).to.equal(newVerificationConfig.olderThan);
- expect(storedConfig.forbiddenCountriesEnabled).to.equal(newVerificationConfig.forbiddenCountriesEnabled);
- for (let i = 0; i < 4; i++) {
- expect(storedConfig.forbiddenCountriesListPacked[i]).to.equal(
- newVerificationConfig.forbiddenCountriesListPacked[i],
- );
- }
- expect(storedConfig.ofacEnabled).to.deep.equal(newVerificationConfig.ofacEnabled);
+ expect(storedConfigId).to.equal(newConfigId);
});
- it("should not able to set verification config by non-owner", async () => {
+ it("should not able to set config ID by non-owner", async () => {
const { user1 } = deployedActors;
- const newVerificationConfig = {
- olderThanEnabled: false,
- olderThan: 25,
- forbiddenCountriesEnabled: false,
- forbiddenCountriesListPacked: countriesListPacked,
- ofacEnabled: [false, false, false] as [boolean, boolean, boolean],
- };
+ const newConfigId = ethers.keccak256(ethers.toUtf8Bytes("new-config-v1"));
- await expect(airdrop.connect(user1).setVerificationConfig(newVerificationConfig))
- .to.be.revertedWithCustomError(airdrop, "OwnableUnauthorizedAccount")
- .withArgs(await user1.getAddress());
- });
-
- it("should return correct verification config", async () => {
- const config = await airdrop.getVerificationConfig();
- expect(config.olderThanEnabled).to.equal(true);
- expect(config.olderThan).to.equal(20);
- expect(config.forbiddenCountriesEnabled).to.equal(true);
- for (let i = 0; i < 4; i++) {
- expect(config.forbiddenCountriesListPacked[i]).to.equal(countriesListPacked[i]);
- }
- expect(config.ofacEnabled).to.deep.equal([true, true, true]);
- });
-
- it("should able to update scope by owner", async () => {
- const { owner } = deployedActors;
- const newScope = hashEndpointWithScope("https://newtest.com", "new-test-scope");
-
- await airdrop.connect(owner).setScope(newScope);
- const scope = await airdrop.getScope();
- expect(scope).to.equal(newScope);
-
- // Verify event was emitted
- const filter = airdrop.filters.ScopeUpdated();
- const events = await airdrop.queryFilter(filter);
- const lastEvent = events[events.length - 1];
- expect(lastEvent.args.newScope).to.equal(newScope);
- });
-
- it("should not be able to update scope by non-owner", async () => {
- const { user1 } = deployedActors;
- const newScope = hashEndpointWithScope("https://newtest.com", "new-test-scope");
-
- await expect(airdrop.connect(user1).setScope(newScope))
- .to.be.revertedWithCustomError(airdrop, "OwnableUnauthorizedAccount")
- .withArgs(await user1.getAddress());
- });
-
- it("should able to add attestation ID by owner", async () => {
- const { owner } = deployedActors;
- const newAttestationId = 999; // Some new ID
-
- await airdrop.connect(owner).addAttestationId(newAttestationId);
- const isAllowed = await airdrop.isAttestationIdAllowed(newAttestationId);
- expect(isAllowed).to.be.true;
-
- // Verify event was emitted
- const filter = airdrop.filters.AttestationIdAdded();
- const events = await airdrop.queryFilter(filter);
- const lastEvent = events[events.length - 1];
- expect(lastEvent.args.attestationId).to.equal(newAttestationId);
- });
-
- it("should not be able to add attestation ID by non-owner", async () => {
- const { user1 } = deployedActors;
- const newAttestationId = 888; // Some new ID
-
- await expect(airdrop.connect(user1).addAttestationId(newAttestationId))
- .to.be.revertedWithCustomError(airdrop, "OwnableUnauthorizedAccount")
- .withArgs(await user1.getAddress());
- });
-
- it("should able to remove attestation ID by owner", async () => {
- const { owner } = deployedActors;
- const attestationIdToRemove = ATTESTATION_ID.E_PASSPORT;
-
- await airdrop.connect(owner).removeAttestationId(attestationIdToRemove);
- const isAllowed = await airdrop.isAttestationIdAllowed(attestationIdToRemove);
- expect(isAllowed).to.be.false;
-
- // Verify event was emitted
- const filter = airdrop.filters.AttestationIdRemoved();
- const events = await airdrop.queryFilter(filter);
- const lastEvent = events[events.length - 1];
- expect(lastEvent.args.attestationId).to.equal(attestationIdToRemove);
- });
-
- it("should not be able to remove attestation ID by non-owner", async () => {
- const { user1 } = deployedActors;
- const attestationIdToRemove = ATTESTATION_ID.E_PASSPORT;
-
- await expect(airdrop.connect(user1).removeAttestationId(attestationIdToRemove))
+ await expect(airdrop.connect(user1).setConfigId(newConfigId))
.to.be.revertedWithCustomError(airdrop, "OwnableUnauthorizedAccount")
.withArgs(await user1.getAddress());
});
diff --git a/contracts/test/integration/vcAndDisclose.test.ts b/contracts/test/integration/vcAndDisclose.test.ts
index a46cabe61..90a005fbb 100644
--- a/contracts/test/integration/vcAndDisclose.test.ts
+++ b/contracts/test/integration/vcAndDisclose.test.ts
@@ -4,7 +4,7 @@ import { DeployedActors, VcAndDiscloseHubProof } from "../utils/types";
import { ethers } from "hardhat";
import { CIRCUIT_CONSTANTS } from "@selfxyz/common/constants/constants";
import { ATTESTATION_ID } from "../utils/constants";
-import { generateVcAndDiscloseProof, getSMTs } from "../utils/generateProof.js";
+import { generateVcAndDiscloseProof, getSMTs } from "../utils/generateProof";
import { poseidon2 } from "poseidon-lite";
import { generateCommitment } from "@selfxyz/common/utils/passports/passport";
import { BigNumberish } from "ethers";
diff --git a/contracts/test/integration/verifyAll.test.ts b/contracts/test/integration/verifyAll.test.ts
index 6fe782c73..a19cdb996 100644
--- a/contracts/test/integration/verifyAll.test.ts
+++ b/contracts/test/integration/verifyAll.test.ts
@@ -7,11 +7,11 @@ import { generateCommitment } from "@selfxyz/common/utils/passports/passport";
import { ATTESTATION_ID } from "../utils/constants";
import { CIRCUIT_CONSTANTS } from "@selfxyz/common/constants/constants";
import { poseidon2 } from "poseidon-lite";
-import { generateVcAndDiscloseProof, parseSolidityCalldata } from "../utils/generateProof.js";
+import { generateVcAndDiscloseProof, parseSolidityCalldata } from "../utils/generateProof";
import { Formatter } from "../utils/formatter";
import { formatCountriesList, reverseBytes } from "@selfxyz/common/utils/circuits/formatInputs";
import { VerifyAll } from "../../typechain-types";
-import { getSMTs } from "../utils/generateProof.js";
+import { getSMTs } from "../utils/generateProof";
import { Groth16Proof, PublicSignals, groth16 } from "snarkjs";
import { VcAndDiscloseProof } from "../utils/types";
diff --git a/contracts/test/unit/CircuitAttributeHandler.test.ts b/contracts/test/unit/CircuitAttributeHandler.test.ts
index dbb907ddc..c90704d98 100644
--- a/contracts/test/unit/CircuitAttributeHandler.test.ts
+++ b/contracts/test/unit/CircuitAttributeHandler.test.ts
@@ -177,12 +177,10 @@ describe("CircuitAttributeHandler", function () {
const shortMRZ = ethers.toUtf8Bytes("ABC");
await expect(testHandler.testExtractStringAttribute(shortMRZ, 0, 5)).to.be.revertedWithCustomError(
testHandler,
- "INSUFFICIENT_CHARCODE_LEN",
+ "InsufficientCharcodeLen",
);
- expect(() => CircuitAttributeHandler.extractStringAttribute(shortMRZ, 0, 5)).to.throw(
- "INSUFFICIENT_CHARCODE_LEN",
- );
+ expect(() => CircuitAttributeHandler.extractStringAttribute(shortMRZ, 0, 5)).to.throw("InsufficientCharcodeLen");
});
it("should match contract and ts implementation for empty range", async function () {
diff --git a/contracts/test/unit/CustomVerifier.test.ts b/contracts/test/unit/CustomVerifier.test.ts
index ab168b0c5..93cb6dfb3 100644
--- a/contracts/test/unit/CustomVerifier.test.ts
+++ b/contracts/test/unit/CustomVerifier.test.ts
@@ -78,7 +78,7 @@ describe("CustomVerifier", function () {
[samplePassportOutput],
),
),
- ).to.be.revertedWithCustomError(customVerifier, "INVALID_OFAC");
+ ).to.be.revertedWithCustomError(customVerifier, "InvalidOfacCheck");
});
it("should return proper OFAC results", async function () {
@@ -145,7 +145,7 @@ describe("CustomVerifier", function () {
[samplePassportOutput],
),
),
- ).to.be.revertedWithCustomError(customVerifier, "INVALID_OLDER_THAN");
+ ).to.be.revertedWithCustomError(customVerifier, "InvalidOlderThan");
});
it("should not throw an error if older than is not enabled", async function () {
@@ -243,7 +243,7 @@ describe("CustomVerifier", function () {
[sampleIdCardOutput],
),
),
- ).to.be.revertedWithCustomError(customVerifier, "INVALID_OFAC");
+ ).to.be.revertedWithCustomError(customVerifier, "InvalidOfacCheck");
});
it("should return proper OFAC results", async function () {
@@ -331,7 +331,7 @@ describe("CustomVerifier", function () {
[sampleIdCardOutput],
),
),
- ).to.be.revertedWithCustomError(customVerifier, "INVALID_OLDER_THAN");
+ ).to.be.revertedWithCustomError(customVerifier, "InvalidOlderThan");
});
it("should not throw an error if older than is not enabled", async function () {
@@ -406,6 +406,6 @@ describe("CustomVerifier", function () {
],
),
),
- ).to.be.revertedWithCustomError(customVerifier, "INVALID_ATTESTATION_ID");
+ ).to.be.revertedWithCustomError(customVerifier, "InvalidAttestationId");
});
});
diff --git a/contracts/test/utils/deployment.ts b/contracts/test/utils/deployment.ts
index bd6318006..12351236d 100644
--- a/contracts/test/utils/deployment.ts
+++ b/contracts/test/utils/deployment.ts
@@ -5,6 +5,7 @@ import { genAndInitMockPassportData } from "@selfxyz/common/utils/passports/genM
import { getCscaTreeRoot } from "@selfxyz/common/utils/trees";
import { PassportData } from "@selfxyz/common/utils/types";
import serialized_csca_tree from "../../../common/pubkeys/serialized_csca_tree.json";
+import { getSMTs } from "./generateProof";
import {
DeployedActors,
DscVerifier,
@@ -17,11 +18,11 @@ import {
} from "./types";
// Verifier artifacts
-import VcAndDiscloseVerifierArtifactLocal from "../../artifacts/contracts/verifiers/local/disclose/Verifier_vc_and_disclose.sol/Verifier_vc_and_disclose.json";
+import VcAndDiscloseVerifierArtifactLocal from "../../artifacts/contracts/verifiers/local/staging/disclose/Verifier_vc_and_disclose_staging.sol/Verifier_vc_and_disclose_staging.json";
// import VcAndDiscloseVerifierArtifactProd from "../../artifacts/contracts/verifiers/disclose/Verifier_vc_and_disclose.sol/Verifier_vc_and_disclose.json";
-import RegisterVerifierArtifactLocal from "../../artifacts/contracts/verifiers/local/register/Verifier_register_sha256_sha256_sha256_rsa_65537_4096.sol/Verifier_register_sha256_sha256_sha256_rsa_65537_4096.json";
+import RegisterVerifierArtifactLocal from "../../artifacts/contracts/verifiers/local/staging/register/Verifier_register_sha256_sha256_sha256_rsa_65537_4096_staging.sol/Verifier_register_sha256_sha256_sha256_rsa_65537_4096_staging.json";
// import RegisterVerifierArtifactProd from "../../artifacts/contracts/verifiers/register/Verifier_register_rsa_65537_sha256.sol/Verifier_register_rsa_65537_sha256.json";
-import DscVerifierArtifactLocal from "../../artifacts/contracts/verifiers/local/dsc/Verifier_dsc_sha256_rsa_65537_4096.sol/Verifier_dsc_sha256_rsa_65537_4096.json";
+import DscVerifierArtifactLocal from "../../artifacts/contracts/verifiers/local/staging/dsc/Verifier_dsc_sha256_rsa_65537_4096_staging.sol/Verifier_dsc_sha256_rsa_65537_4096_staging.json";
// import DscVerifierArtifactProd from "../../artifacts/contracts/verifiers/dsc/Verifier_dsc_sha256_rsa_65537_4096.sol/Verifier_dsc_sha256_rsa_65537_4096.json";
export async function deploySystemFixtures(): Promise {
@@ -48,8 +49,7 @@ export async function deploySystemFixtures(): Promise {
mockPassport = genAndInitMockPassportData("sha256", "sha256", "rsa_sha256_65537_4096", "FRA", "940131", "401031");
// Deploy verifiers
- const vcAndDiscloseVerifierArtifact =
- process.env.TEST_ENV === "local" ? VcAndDiscloseVerifierArtifactLocal : VcAndDiscloseVerifierArtifactProd;
+ const vcAndDiscloseVerifierArtifact = VcAndDiscloseVerifierArtifactLocal;
const vcAndDiscloseVerifierFactory = await ethers.getContractFactory(
vcAndDiscloseVerifierArtifact.abi,
vcAndDiscloseVerifierArtifact.bytecode,
@@ -59,8 +59,7 @@ export async function deploySystemFixtures(): Promise {
await vcAndDiscloseVerifier.waitForDeployment();
// Deploy register verifier
- const registerVerifierArtifact =
- process.env.TEST_ENV === "local" ? RegisterVerifierArtifactLocal : RegisterVerifierArtifactProd;
+ const registerVerifierArtifact = RegisterVerifierArtifactLocal;
const registerVerifierFactory = await ethers.getContractFactory(
registerVerifierArtifact.abi,
registerVerifierArtifact.bytecode,
@@ -70,7 +69,7 @@ export async function deploySystemFixtures(): Promise {
await registerVerifier.waitForDeployment();
// Deploy dsc verifier
- const dscVerifierArtifact = process.env.TEST_ENV === "local" ? DscVerifierArtifactLocal : DscVerifierArtifactProd;
+ const dscVerifierArtifact = DscVerifierArtifactLocal;
const dscVerifierFactory = await ethers.getContractFactory(
dscVerifierArtifact.abi,
dscVerifierArtifact.bytecode,
@@ -138,8 +137,6 @@ export async function deploySystemFixtures(): Promise {
// Initialize roots
const csca_root = getCscaTreeRoot(serialized_csca_tree);
await registryContract.updateCscaRoot(csca_root, { from: owner });
- const getSMTs = await import("./generateProof.js").then((mod) => mod.getSMTs);
-
const { passportNo_smt, nameAndDob_smt, nameAndYob_smt } = getSMTs();
await registryContract.updatePassportNoOfacRoot(passportNo_smt.root, { from: owner });
diff --git a/contracts/test/utils/deploymentV2.ts b/contracts/test/utils/deploymentV2.ts
index 2c383557b..458c7cf11 100644
--- a/contracts/test/utils/deploymentV2.ts
+++ b/contracts/test/utils/deploymentV2.ts
@@ -280,8 +280,8 @@ export async function deploySystemFixturesV2(): Promise {
// Initialize roots
const csca_root = getCscaTreeRoot(serialized_csca_tree);
- // await registryContract.updateCscaRoot(csca_root, { from: owner });
- // await registryIdContract.updateCscaRoot(csca_root, { from: owner });
+ await registryContract.updateCscaRoot(csca_root, { from: owner });
+ await registryIdContract.updateCscaRoot(csca_root, { from: owner });
await registryAadhaarContract.registerUidaiPubkeyCommitment(aadhaarPubkeyCommitment, {
from: owner,
});
diff --git a/contracts/test/utils/formatter.ts b/contracts/test/utils/formatter.ts
index a74ef9fe5..26d6fd16c 100644
--- a/contracts/test/utils/formatter.ts
+++ b/contracts/test/utils/formatter.ts
@@ -303,7 +303,7 @@ export class CircuitAttributeHandler {
static extractStringAttribute(input: string | Uint8Array, start: number, end: number): string {
const charcodes = this.normalizeInput(input);
if (charcodes.length <= end) {
- throw new Error("INSUFFICIENT_CHARCODE_LEN");
+ throw new Error("InsufficientCharcodeLen");
}
const attributeBytes = charcodes.slice(start, end + 1);
return new TextDecoder("utf-8").decode(attributeBytes);
diff --git a/contracts/test/v2/discloseAadhaar.test.ts b/contracts/test/v2/discloseAadhaar.test.ts
index 624d8d7b1..6a5a998a9 100644
--- a/contracts/test/v2/discloseAadhaar.test.ts
+++ b/contracts/test/v2/discloseAadhaar.test.ts
@@ -8,7 +8,6 @@ import { Country3LetterCode } from "@selfxyz/common/constants/countries";
import { deploySystemFixturesV2 } from "../utils/deploymentV2";
import { DeployedActorsV2 } from "../utils/types";
import { AADHAAR_ATTESTATION_ID } from "@selfxyz/common/constants/constants";
-import { hashEndpointWithScope } from "@selfxyz/common/utils/scope";
import { calculateUserIdentifierHash } from "@selfxyz/common";
import { prepareAadhaarDiscloseTestData } from "@selfxyz/common";
import path from "path";
@@ -17,7 +16,7 @@ import { formatInput } from "@selfxyz/common/utils/circuits/generateInputs";
import fs from "fs";
const privateKeyPem = fs.readFileSync(
- path.join(__dirname, "../../../node_modules/anon-aadhaar-circuits/assets/testPrivateKey.pem"),
+ path.join(__dirname, "../../../circuits/node_modules/anon-aadhaar-circuits/assets/testPrivateKey.pem"),
"utf8",
);
@@ -39,11 +38,11 @@ describe("Self Verification Flow V2 - Aadhaar", () => {
let nameAndDob_smt: any;
let nameAndYob_smt: any;
let tree: any;
- let scopeAsBigInt: bigint;
let forbiddenCountriesList: Country3LetterCode[];
let forbiddenCountriesListPacked: string[];
let verificationConfigV2: any;
+ let scopeAsBigIntString: string;
before(async () => {
deployedActors = await deploySystemFixturesV2();
@@ -64,21 +63,21 @@ describe("Self Verification Flow V2 - Aadhaar", () => {
nameAndDob_smt = getSMTs().nameDobAadhar_smt;
nameAndYob_smt = getSMTs().nameYobAadhar_smt;
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- scopeAsBigInt = BigInt(expectedScopeFromHash);
-
const destChainId = 31337;
const user1Address = await deployedActors.user1.getAddress();
const userData = "test-user-data-for-verification";
userIdentifierHash = BigInt(calculateUserIdentifierHash(destChainId, user1Address.slice(2), userData).toString());
+ const actualScope = await deployedActors.testSelfVerificationRoot.scope();
+ scopeAsBigIntString = actualScope.toString();
+
const testData = prepareAadhaarDiscloseTestData(
privateKeyPem,
tree,
nameAndDob_smt,
nameAndYob_smt,
- scopeAsBigInt.toString(),
+ scopeAsBigIntString,
registerSecret,
userIdentifierHash.toString(),
createSelector([
@@ -324,9 +323,17 @@ describe("Self Verification Flow V2 - Aadhaar", () => {
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(AADHAAR_ATTESTATION_ID)), 32);
- const differentScopeFromHash = hashEndpointWithScope("different.com", "different-scope");
- const differentScopeAsBigInt = BigInt(differentScopeFromHash);
- const differentScopeAsBigIntString = differentScopeAsBigInt.toString();
+ // Deploy a new TestSelfVerificationRoot contract with a different scopeSeed
+ const TestSelfVerificationRootFactory = await ethers.getContractFactory("TestSelfVerificationRoot");
+ const differentScopeContract = await TestSelfVerificationRootFactory.deploy(
+ deployedActors.hubImplV2.target,
+ "different-test-scope", // Different scopeSeed
+ );
+ await differentScopeContract.waitForDeployment();
+
+ // Get the actual different scope from the deployed contract
+ const differentActualScope = await differentScopeContract.scope();
+ const differentScopeAsBigIntString = differentActualScope.toString();
const aadhaarInputs = prepareAadhaarDiscloseTestData(
privateKeyPem,
@@ -498,7 +505,7 @@ describe("Self Verification Flow V2 - Aadhaar", () => {
imt,
nameAndDob_smt,
nameAndYob_smt,
- scopeAsBigInt.toString(),
+ scopeAsBigIntString,
registerSecret,
userIdentifierHash.toString(),
createSelector(["GENDER"]).toString(),
@@ -573,7 +580,7 @@ describe("Self Verification Flow V2 - Aadhaar", () => {
imt,
nameAndDob_smt,
nameAndYob_smt,
- scopeAsBigInt.toString(),
+ scopeAsBigIntString,
registerSecret,
userIdentifierHash.toString(),
createSelector(["GENDER"]).toString(),
@@ -892,7 +899,7 @@ describe("Self Verification Flow V2 - Aadhaar", () => {
imt,
nameAndDob_smt,
nameAndYob_smt,
- scopeAsBigInt.toString(),
+ scopeAsBigIntString,
registerSecret,
newUserIdentifierHash.toString(),
createSelector(["GENDER"]).toString(),
diff --git a/contracts/test/v2/discloseId.test.ts b/contracts/test/v2/discloseId.test.ts
index 1f4311fba..de7f68080 100644
--- a/contracts/test/v2/discloseId.test.ts
+++ b/contracts/test/v2/discloseId.test.ts
@@ -10,7 +10,6 @@ import { countries } from "@selfxyz/common/constants/countries";
import { deploySystemFixturesV2 } from "../utils/deploymentV2";
import { DeployedActorsV2 } from "../utils/types";
import { Country3LetterCode } from "@selfxyz/common/constants/countries";
-import { hashEndpointWithScope } from "@selfxyz/common/utils/scope";
import { createHash } from "crypto";
import { ID_CARD_ATTESTATION_ID } from "@selfxyz/common/constants/constants";
import { genMockIdDocAndInitDataParsing } from "@selfxyz/common/utils/passports/genMockIdDoc";
@@ -40,6 +39,7 @@ describe("Self Verification Flow V2 - ID Card", () => {
let forbiddenCountriesList: Country3LetterCode[];
let forbiddenCountriesListPacked: string[];
let verificationConfigV2: any;
+ let scopeAsBigIntString: string;
before(async () => {
deployedActors = await deploySystemFixturesV2();
@@ -105,9 +105,8 @@ describe("Self Verification Flow V2 - ID Card", () => {
const userIdentifierHash = calculateUserIdentifierHash(tempUserContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
+ const actualScope = await deployedActors.testSelfVerificationRoot.scope();
+ scopeAsBigIntString = actualScope.toString();
baseVcAndDiscloseProof = await generateVcAndDiscloseIdProof(
registerSecret,
@@ -297,10 +296,17 @@ describe("Self Verification Flow V2 - ID Card", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- // Generate proof with a different scope (this will create a valid proof but with wrong scope)
- const differentScopeFromHash = hashEndpointWithScope("different.com", "different-scope");
- const differentScopeAsBigInt = BigInt(differentScopeFromHash);
- const differentScopeAsBigIntString = differentScopeAsBigInt.toString();
+ // Deploy a new TestSelfVerificationRoot contract with a different scopeSeed
+ const TestSelfVerificationRootFactory = await ethers.getContractFactory("TestSelfVerificationRoot");
+ const differentScopeContract = await TestSelfVerificationRootFactory.deploy(
+ deployedActors.hub.target,
+ "different-test-scope", // Different scopeSeed
+ );
+ await differentScopeContract.waitForDeployment();
+
+ // Get the actual different scope from the deployed contract
+ const differentActualScope = await differentScopeContract.scope();
+ const differentScopeAsBigIntString = differentActualScope.toString();
const differentScopeProof = await generateVcAndDiscloseIdProof(
scopeRegisterSecret,
@@ -652,10 +658,6 @@ describe("Self Verification Flow V2 - ID Card", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ID_CARD_ATTESTATION_ID)), 32);
// Use the existing commitment and merkle root instead of creating new ones
@@ -716,10 +718,6 @@ describe("Self Verification Flow V2 - ID Card", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ID_CARD_ATTESTATION_ID)), 32);
// Use the existing commitment and merkle root instead of creating new ones
@@ -781,10 +779,6 @@ describe("Self Verification Flow V2 - ID Card", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ID_CARD_ATTESTATION_ID)), 32);
// Use the existing commitment and merkle root instead of creating new ones
@@ -846,10 +840,6 @@ describe("Self Verification Flow V2 - ID Card", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ID_CARD_ATTESTATION_ID)), 32);
// Use the existing commitment and merkle root instead of creating new ones
diff --git a/contracts/test/v2/disclosePassport.test.ts b/contracts/test/v2/disclosePassport.test.ts
index 4290b3813..c9e97c86c 100644
--- a/contracts/test/v2/disclosePassport.test.ts
+++ b/contracts/test/v2/disclosePassport.test.ts
@@ -11,7 +11,6 @@ import { countries } from "@selfxyz/common/constants/countries";
import { deploySystemFixturesV2 } from "../utils/deploymentV2";
import { DeployedActorsV2 } from "../utils/types";
import { Country3LetterCode } from "@selfxyz/common/constants/countries";
-import { hashEndpointWithScope } from "@selfxyz/common/utils/scope";
import { createHash } from "crypto";
// Helper function to format date for passport (YYMMDD format)
@@ -36,6 +35,7 @@ describe("Self Verification Flow V2", () => {
let forbiddenCountriesList: Country3LetterCode[];
let forbiddenCountriesListPacked: string[];
let verificationConfigV2: any;
+ let scopeAsBigIntString: string;
function calculateUserIdentifierHash(userContextData: string): string {
const sha256Hash = createHash("sha256")
@@ -98,9 +98,8 @@ describe("Self Verification Flow V2", () => {
const userIdentifierHash = calculateUserIdentifierHash(tempUserContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
+ const actualScope = await deployedActors.testSelfVerificationRoot.scope();
+ scopeAsBigIntString = actualScope.toString();
baseVcAndDiscloseProof = await generateVcAndDiscloseProof(
registerSecret,
@@ -283,10 +282,17 @@ describe("Self Verification Flow V2", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- // Generate proof with a different scope (this will create a valid proof but with wrong scope)
- const differentScopeFromHash = hashEndpointWithScope("different.com", "different-scope");
- const differentScopeAsBigInt = BigInt(differentScopeFromHash);
- const differentScopeAsBigIntString = differentScopeAsBigInt.toString();
+ // Deploy a new TestSelfVerificationRoot contract with a different scopeSeed
+ const TestSelfVerificationRootFactory = await ethers.getContractFactory("TestSelfVerificationRoot");
+ const differentScopeContract = await TestSelfVerificationRootFactory.deploy(
+ deployedActors.hub.target,
+ "different-test-scope", // Different scopeSeed
+ );
+ await differentScopeContract.waitForDeployment();
+
+ // Get the actual different scope from the deployed contract
+ const differentActualScope = await differentScopeContract.scope();
+ const differentScopeAsBigIntString = differentActualScope.toString();
const differentScopeProof = await generateVcAndDiscloseProof(
scopeRegisterSecret,
@@ -386,10 +392,6 @@ describe("Self Verification Flow V2", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ATTESTATION_ID.E_PASSPORT)), 32);
// Create a separate commitment with a different secret to generate a different merkle root
@@ -674,10 +676,6 @@ describe("Self Verification Flow V2", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ATTESTATION_ID.E_PASSPORT)), 32);
// Use the existing commitment and merkle root instead of creating new ones
@@ -751,10 +749,6 @@ describe("Self Verification Flow V2", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ATTESTATION_ID.E_PASSPORT)), 32);
// Generate proof with the original forbidden countries list (this will create a mismatch) using existing commitment
@@ -812,10 +806,6 @@ describe("Self Verification Flow V2", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ATTESTATION_ID.E_PASSPORT)), 32);
// Generate proof with age 20 (which is less than required 25) using existing commitment
@@ -873,10 +863,6 @@ describe("Self Verification Flow V2", () => {
const userIdentifierHash = calculateUserIdentifierHash(userContextData);
const userIdentifierBigInt = BigInt(userIdentifierHash);
- const expectedScopeFromHash = hashEndpointWithScope("example.com", "test-scope");
- const scopeAsBigInt = BigInt(expectedScopeFromHash);
- const scopeAsBigIntString = scopeAsBigInt.toString();
-
const attestationId = ethers.zeroPadValue(ethers.toBeHex(BigInt(ATTESTATION_ID.E_PASSPORT)), 32);
// Generate proof with the correct user identifier that matches the userContextData using existing commitment
diff --git a/contracts/test/v2/registerAadhaar.test.ts b/contracts/test/v2/registerAadhaar.test.ts
index 3ce989483..062ab2508 100644
--- a/contracts/test/v2/registerAadhaar.test.ts
+++ b/contracts/test/v2/registerAadhaar.test.ts
@@ -10,7 +10,7 @@ import { generateRegisterAadhaarProof } from "../utils/generateProof";
import fs from "fs";
const privateKeyPem = fs.readFileSync(
- path.join(__dirname, "../../../node_modules/anon-aadhaar-circuits/assets/testPrivateKey.pem"),
+ path.join(__dirname, "../../../circuits/node_modules/anon-aadhaar-circuits/assets/testPrivateKey.pem"),
"utf8",
);
const pubkeyPem = fs.readFileSync(
diff --git a/packages/mobile-sdk-alpha/android/build.gradle b/packages/mobile-sdk-alpha/android/build.gradle
index b5d239d68..67ace041b 100644
--- a/packages/mobile-sdk-alpha/android/build.gradle
+++ b/packages/mobile-sdk-alpha/android/build.gradle
@@ -96,6 +96,7 @@ android {
main {
java.srcDirs = ['src/main/java']
res.srcDirs = ['src/main/res']
+ assets.srcDirs = ['src/main/assets']
}
}
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers
deleted file mode 120000
index a177d2a6b..000000000
--- a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers
+++ /dev/null
@@ -1 +0,0 @@
-Versions/Current/Headers
\ No newline at end of file
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/OpenSSL.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/OpenSSL.h
new file mode 100644
index 000000000..61aca09c8
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/OpenSSL.h
@@ -0,0 +1,111 @@
+// Include before others:
+#include
+
+#include
+#include
+#include
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+// #include
+// #include
+// #include
+// #include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
\ No newline at end of file
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/aes.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/aes.h
new file mode 100644
index 000000000..245c552ab
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/aes.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AES_H
+# define HEADER_AES_H
+
+# include
+
+# include
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define AES_ENCRYPT 1
+# define AES_DECRYPT 0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+# define AES_MAXNR 14
+# define AES_BLOCK_SIZE 16
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+# ifdef AES_LONG
+ unsigned long rd_key[4 * (AES_MAXNR + 1)];
+# else
+ unsigned int rd_key[4 * (AES_MAXNR + 1)];
+# endif
+ int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ unsigned char *ivec, int *num);
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const AES_KEY *key,
+ const AES_KEY *key2, const unsigned char *ivec,
+ const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1.h
new file mode 100644
index 000000000..9522eec18
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1.h
@@ -0,0 +1,886 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1_H
+# define HEADER_ASN1_H
+
+# include
+# include
+# include
+# include
+# include
+# include
+# include
+
+# include
+# if OPENSSL_API_COMPAT < 0x10100000L
+# include
+# endif
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define V_ASN1_UNIVERSAL 0x00
+# define V_ASN1_APPLICATION 0x40
+# define V_ASN1_CONTEXT_SPECIFIC 0x80
+# define V_ASN1_PRIVATE 0xc0
+
+# define V_ASN1_CONSTRUCTED 0x20
+# define V_ASN1_PRIMITIVE_TAG 0x1f
+# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG
+
+# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */
+# define V_ASN1_OTHER -3/* used in ASN1_TYPE */
+# define V_ASN1_ANY -4/* used in ASN1 template code */
+
+# define V_ASN1_UNDEF -1
+/* ASN.1 tag values */
+# define V_ASN1_EOC 0
+# define V_ASN1_BOOLEAN 1 /**/
+# define V_ASN1_INTEGER 2
+# define V_ASN1_BIT_STRING 3
+# define V_ASN1_OCTET_STRING 4
+# define V_ASN1_NULL 5
+# define V_ASN1_OBJECT 6
+# define V_ASN1_OBJECT_DESCRIPTOR 7
+# define V_ASN1_EXTERNAL 8
+# define V_ASN1_REAL 9
+# define V_ASN1_ENUMERATED 10
+# define V_ASN1_UTF8STRING 12
+# define V_ASN1_SEQUENCE 16
+# define V_ASN1_SET 17
+# define V_ASN1_NUMERICSTRING 18 /**/
+# define V_ASN1_PRINTABLESTRING 19
+# define V_ASN1_T61STRING 20
+# define V_ASN1_TELETEXSTRING 20/* alias */
+# define V_ASN1_VIDEOTEXSTRING 21 /**/
+# define V_ASN1_IA5STRING 22
+# define V_ASN1_UTCTIME 23
+# define V_ASN1_GENERALIZEDTIME 24 /**/
+# define V_ASN1_GRAPHICSTRING 25 /**/
+# define V_ASN1_ISO64STRING 26 /**/
+# define V_ASN1_VISIBLESTRING 26/* alias */
+# define V_ASN1_GENERALSTRING 27 /**/
+# define V_ASN1_UNIVERSALSTRING 28 /**/
+# define V_ASN1_BMPSTRING 30
+
+/*
+ * NB the constants below are used internally by ASN1_INTEGER
+ * and ASN1_ENUMERATED to indicate the sign. They are *not* on
+ * the wire tag values.
+ */
+
+# define V_ASN1_NEG 0x100
+# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
+# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
+
+/* For use with d2i_ASN1_type_bytes() */
+# define B_ASN1_NUMERICSTRING 0x0001
+# define B_ASN1_PRINTABLESTRING 0x0002
+# define B_ASN1_T61STRING 0x0004
+# define B_ASN1_TELETEXSTRING 0x0004
+# define B_ASN1_VIDEOTEXSTRING 0x0008
+# define B_ASN1_IA5STRING 0x0010
+# define B_ASN1_GRAPHICSTRING 0x0020
+# define B_ASN1_ISO64STRING 0x0040
+# define B_ASN1_VISIBLESTRING 0x0040
+# define B_ASN1_GENERALSTRING 0x0080
+# define B_ASN1_UNIVERSALSTRING 0x0100
+# define B_ASN1_OCTET_STRING 0x0200
+# define B_ASN1_BIT_STRING 0x0400
+# define B_ASN1_BMPSTRING 0x0800
+# define B_ASN1_UNKNOWN 0x1000
+# define B_ASN1_UTF8STRING 0x2000
+# define B_ASN1_UTCTIME 0x4000
+# define B_ASN1_GENERALIZEDTIME 0x8000
+# define B_ASN1_SEQUENCE 0x10000
+/* For use with ASN1_mbstring_copy() */
+# define MBSTRING_FLAG 0x1000
+# define MBSTRING_UTF8 (MBSTRING_FLAG)
+# define MBSTRING_ASC (MBSTRING_FLAG|1)
+# define MBSTRING_BMP (MBSTRING_FLAG|2)
+# define MBSTRING_UNIV (MBSTRING_FLAG|4)
+# define SMIME_OLDMIME 0x400
+# define SMIME_CRLFEOL 0x800
+# define SMIME_STREAM 0x1000
+ struct X509_algor_st;
+DEFINE_STACK_OF(X509_ALGOR)
+
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+/*
+ * This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should be
+ * inserted in the memory buffer
+ */
+# define ASN1_STRING_FLAG_NDEF 0x010
+
+/*
+ * This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been accessed.
+ * The flag will be reset when content has been written to it.
+ */
+
+# define ASN1_STRING_FLAG_CONT 0x020
+/*
+ * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+# define ASN1_STRING_FLAG_MSTRING 0x040
+/* String is embedded and only content should be freed */
+# define ASN1_STRING_FLAG_EMBED 0x080
+/* String should be parsed in RFC 5280's time format */
+# define ASN1_STRING_FLAG_X509_TIME 0x100
+/* This is the base type that holds just about everything :-) */
+struct asn1_string_st {
+ int length;
+ int type;
+ unsigned char *data;
+ /*
+ * The value of the following field depends on the type being held. It
+ * is mostly being used for BIT_STRING so if the input data has a
+ * non-zero 'unused bits' value, it will be handled correctly
+ */
+ long flags;
+};
+
+/*
+ * ASN1_ENCODING structure: this is used to save the received encoding of an
+ * ASN1 type. This is useful to get round problems with invalid encodings
+ * which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st {
+ unsigned char *enc; /* DER encoding */
+ long len; /* Length of encoding */
+ int modified; /* set to 1 if 'enc' is invalid */
+} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+# define ASN1_LONG_UNDEF 0x7fffffffL
+
+# define STABLE_FLAGS_MALLOC 0x01
+/*
+ * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted
+ * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting
+ * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias
+ * STABLE_FLAGS_CLEAR to reflect this.
+ */
+# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC
+# define STABLE_NO_MASK 0x02
+# define DIRSTRING_TYPE \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+ int nid;
+ long minsize;
+ long maxsize;
+ unsigned long mask;
+ unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DEFINE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+# define ub_name 32768
+# define ub_common_name 64
+# define ub_locality_name 128
+# define ub_state_name 128
+# define ub_organization_name 64
+# define ub_organization_unit_name 64
+# define ub_title 64
+# define ub_email_address 128
+
+/*
+ * Declarations for template structures: for full definitions see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+ type *d2i_##name(type **a, const unsigned char **in, long len); \
+ int i2d_##name(type *a, unsigned char **out); \
+ DECLARE_ASN1_ITEM(itname)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+ type *d2i_##name(type **a, const unsigned char **in, long len); \
+ int i2d_##name(const type *a, unsigned char **out); \
+ DECLARE_ASN1_ITEM(name)
+
+# define DECLARE_ASN1_NDEF_FUNCTION(name) \
+ int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+# define DECLARE_ASN1_FUNCTIONS_const(name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ type *name##_new(void); \
+ void name##_free(type *a);
+
+# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
+ DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+
+# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
+ int fname##_print_ctx(BIO *out, stname *x, int indent, \
+ const ASN1_PCTX *pctx);
+
+# define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
+# define I2D_OF(type) int (*)(type *,unsigned char **)
+# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+
+# define CHECKED_D2I_OF(type, d2i) \
+ ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+# define CHECKED_I2D_OF(type, i2d) \
+ ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+# define CHECKED_NEW_OF(type, xnew) \
+ ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+# define CHECKED_PTR_OF(type, p) \
+ ((void*) (1 ? p : (type*)0))
+# define CHECKED_PPTR_OF(type, p) \
+ ((void**) (1 ? p : (type**)0))
+
+# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
+# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
+
+TYPEDEF_D2I2D_OF(void);
+
+/*-
+ * The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ * ...
+ * ASN1_ITEM_EXP *iptr;
+ * ...
+ * } SOMETHING;
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+# define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+# define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+# define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+# define DECLARE_ASN1_ITEM(name) \
+ OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+# else
+
+/*
+ * Platforms that can't easily handle shared global variables are declared as
+ * functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+# define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+# define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+# define ASN1_ITEM_rptr(ref) (ref##_it())
+
+# define DECLARE_ASN1_ITEM(name) \
+ const ASN1_ITEM * name##_it(void);
+
+# endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/*
+ * These determine which characters to escape: RFC2253 special characters,
+ * control characters and MSB set characters
+ */
+
+# define ASN1_STRFLGS_ESC_2253 1
+# define ASN1_STRFLGS_ESC_CTRL 2
+# define ASN1_STRFLGS_ESC_MSB 4
+
+/*
+ * This flag determines how we do escaping: normally RC2253 backslash only,
+ * set this to use backslash and quote.
+ */
+
+# define ASN1_STRFLGS_ESC_QUOTE 8
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+# define CHARTYPE_PRINTABLESTRING 0x10
+/* Character needs escaping if it is the first character */
+# define CHARTYPE_FIRST_ESC_2253 0x20
+/* Character needs escaping if it is the last character */
+# define CHARTYPE_LAST_ESC_2253 0x40
+
+/*
+ * NB the internal flags are safely reused below by flags handled at the top
+ * level.
+ */
+
+/*
+ * If this is set we convert all character strings to UTF8 first
+ */
+
+# define ASN1_STRFLGS_UTF8_CONVERT 0x10
+
+/*
+ * If this is set we don't attempt to interpret content: just assume all
+ * strings are 1 byte per character. This will produce some pretty odd
+ * looking output!
+ */
+
+# define ASN1_STRFLGS_IGNORE_TYPE 0x20
+
+/* If this is set we include the string type in the output */
+# define ASN1_STRFLGS_SHOW_TYPE 0x40
+
+/*
+ * This determines which strings to display and which to 'dump' (hex dump of
+ * content octets or DER encoding). We can only dump non character strings or
+ * everything. If we don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to the usual escaping
+ * options.
+ */
+
+# define ASN1_STRFLGS_DUMP_ALL 0x80
+# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
+
+/*
+ * These determine what 'dumping' does, we can dump the content octets or the
+ * DER encoding: both use the RFC2253 #XXXXX notation.
+ */
+
+# define ASN1_STRFLGS_DUMP_DER 0x200
+
+/*
+ * This flag specifies that RC2254 escaping shall be performed.
+ */
+#define ASN1_STRFLGS_ESC_2254 0x400
+
+/*
+ * All the string flags consistent with RFC2253, escaping control characters
+ * isn't essential in RFC2253 but it is advisable anyway.
+ */
+
+# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB | \
+ ASN1_STRFLGS_UTF8_CONVERT | \
+ ASN1_STRFLGS_DUMP_UNKNOWN | \
+ ASN1_STRFLGS_DUMP_DER)
+
+DEFINE_STACK_OF(ASN1_INTEGER)
+
+DEFINE_STACK_OF(ASN1_GENERALSTRING)
+
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
+typedef struct asn1_type_st {
+ int type;
+ union {
+ char *ptr;
+ ASN1_BOOLEAN boolean;
+ ASN1_STRING *asn1_string;
+ ASN1_OBJECT *object;
+ ASN1_INTEGER *integer;
+ ASN1_ENUMERATED *enumerated;
+ ASN1_BIT_STRING *bit_string;
+ ASN1_OCTET_STRING *octet_string;
+ ASN1_PRINTABLESTRING *printablestring;
+ ASN1_T61STRING *t61string;
+ ASN1_IA5STRING *ia5string;
+ ASN1_GENERALSTRING *generalstring;
+ ASN1_BMPSTRING *bmpstring;
+ ASN1_UNIVERSALSTRING *universalstring;
+ ASN1_UTCTIME *utctime;
+ ASN1_GENERALIZEDTIME *generalizedtime;
+ ASN1_VISIBLESTRING *visiblestring;
+ ASN1_UTF8STRING *utf8string;
+ /*
+ * set and sequence are left complete and still contain the set or
+ * sequence bytes
+ */
+ ASN1_STRING *set;
+ ASN1_STRING *sequence;
+ ASN1_VALUE *asn1_value;
+ } value;
+} ASN1_TYPE;
+
+DEFINE_STACK_OF(ASN1_TYPE)
+
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+ int bitnum;
+ const char *lname;
+ const char *sname;
+} BIT_STRING_BITNAME;
+
+# define B_ASN1_TIME \
+ B_ASN1_UTCTIME | \
+ B_ASN1_GENERALIZEDTIME
+
+# define B_ASN1_PRINTABLE \
+ B_ASN1_NUMERICSTRING| \
+ B_ASN1_PRINTABLESTRING| \
+ B_ASN1_T61STRING| \
+ B_ASN1_IA5STRING| \
+ B_ASN1_BIT_STRING| \
+ B_ASN1_UNIVERSALSTRING|\
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UTF8STRING|\
+ B_ASN1_SEQUENCE|\
+ B_ASN1_UNKNOWN
+
+# define B_ASN1_DIRECTORYSTRING \
+ B_ASN1_PRINTABLESTRING| \
+ B_ASN1_TELETEXSTRING|\
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UNIVERSALSTRING|\
+ B_ASN1_UTF8STRING
+
+# define B_ASN1_DISPLAYTEXT \
+ B_ASN1_IA5STRING| \
+ B_ASN1_VISIBLESTRING| \
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UTF8STRING
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(const ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DEFINE_STACK_OF(ASN1_OBJECT)
+
+ASN1_STRING *ASN1_STRING_new(void);
+void ASN1_STRING_free(ASN1_STRING *a);
+void ASN1_STRING_clear_free(ASN1_STRING *a);
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
+ASN1_STRING *ASN1_STRING_type_new(int type);
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
+ /*
+ * Since this is used to store all sorts of things, via macros, for now,
+ * make its data void *
+ */
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+int ASN1_STRING_length(const ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(const ASN1_STRING *x);
+DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+ const unsigned char *flags, int flags_len);
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+ BIT_STRING_BITNAME *tbl, int indent);
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+ BIT_STRING_BITNAME *tbl);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ long length);
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+ int offset_day, long offset_sec);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+ time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+ time_t t, int offset_day,
+ long offset_sec);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+
+int ASN1_TIME_diff(int *pday, int *psec,
+ const ASN1_TIME *from, const ASN1_TIME *to);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+ const ASN1_OCTET_STRING *b);
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
+ int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+ int offset_day, long offset_sec);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+ ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
+int ASN1_TIME_normalize(ASN1_TIME *s);
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t);
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b);
+
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+ const char *sn, const char *ln);
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+unsigned long ASN1_tag2bit(int tag);
+
+/* SPECIALS */
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+ int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p, long len);
+int ASN1_const_check_infinite_end(const unsigned char **p, long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+ int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
+
+# define ASN1_dup_of(type,i2d,d2i,x) \
+ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF(type, x)))
+
+# define ASN1_dup_of_const(type,i2d,d2i,x) \
+ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF(const type, x)))
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+# define M_ASN1_free_of(x, type) \
+ ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
+# ifndef OPENSSL_NO_STDIO
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x);
+
+# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
+ ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
+
+# define ASN1_i2d_fp_of(type,i2d,out,x) \
+ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
+# define ASN1_i2d_fp_of_const(type,i2d,out,x) \
+ (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+# endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
+
+# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
+ ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
+
+# define ASN1_i2d_bio_of(type,i2d,out,x) \
+ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
+# define ASN1_i2d_bio_of_const(type,i2d,out,x) \
+ (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off);
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+ unsigned char *buf, int off);
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+ int dump);
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write Netscape format cert */
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+ unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len);
+
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
+ ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(const char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask,
+ long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+ const unsigned char *in, int inlen,
+ int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
+ long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+ const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+void ASN1_add_stable_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+int ASN1_str2mask(const char *str, unsigned long *pmask);
+
+/* ASN1 Print flags */
+
+/* Indicate missing OPTIONAL fields */
+# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001
+/* Mark start and end of SEQUENCE */
+# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002
+/* Mark start and end of SEQUENCE/SET OF */
+# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004
+/* Show the ASN1 type of primitives */
+# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008
+/* Don't show ASN1 type of ANY */
+# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010
+/* Don't show ASN1 type of MSTRINGs */
+# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020
+/* Don't show field names in SEQUENCE */
+# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040
+/* Show structure names of each SEQUENCE field */
+# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080
+/* Don't show structure name even at top level */
+# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+ const ASN1_ITEM *it, const ASN1_PCTX *pctx);
+ASN1_PCTX *ASN1_PCTX_new(void);
+void ASN1_PCTX_free(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx));
+void ASN1_SCTX_free(ASN1_SCTX *p);
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p);
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p);
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p);
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data);
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p);
+
+const BIO_METHOD *BIO_f_asn1(void);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+ const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+ const char *hdr, const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+ int ctype_nid, int econt_nid,
+ STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
+const ASN1_ITEM *ASN1_ITEM_get(size_t i);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1err.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1err.h
new file mode 100644
index 000000000..e1ad1fefe
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1err.h
@@ -0,0 +1,256 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1ERR_H
+# define HEADER_ASN1ERR_H
+
+# include
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_ASN1_strings(void);
+
+/*
+ * ASN1 function codes.
+ */
+# define ASN1_F_A2D_ASN1_OBJECT 100
+# define ASN1_F_A2I_ASN1_INTEGER 102
+# define ASN1_F_A2I_ASN1_STRING 103
+# define ASN1_F_APPEND_EXP 176
+# define ASN1_F_ASN1_BIO_INIT 113
+# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183
+# define ASN1_F_ASN1_CB 177
+# define ASN1_F_ASN1_CHECK_TLEN 104
+# define ASN1_F_ASN1_COLLECT 106
+# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108
+# define ASN1_F_ASN1_D2I_FP 109
+# define ASN1_F_ASN1_D2I_READ_BIO 107
+# define ASN1_F_ASN1_DIGEST 184
+# define ASN1_F_ASN1_DO_ADB 110
+# define ASN1_F_ASN1_DO_LOCK 233
+# define ASN1_F_ASN1_DUP 111
+# define ASN1_F_ASN1_ENC_SAVE 115
+# define ASN1_F_ASN1_EX_C2I 204
+# define ASN1_F_ASN1_FIND_END 190
+# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216
+# define ASN1_F_ASN1_GENERATE_V3 178
+# define ASN1_F_ASN1_GET_INT64 224
+# define ASN1_F_ASN1_GET_OBJECT 114
+# define ASN1_F_ASN1_GET_UINT64 225
+# define ASN1_F_ASN1_I2D_BIO 116
+# define ASN1_F_ASN1_I2D_FP 117
+# define ASN1_F_ASN1_ITEM_D2I_FP 206
+# define ASN1_F_ASN1_ITEM_DUP 191
+# define ASN1_F_ASN1_ITEM_EMBED_D2I 120
+# define ASN1_F_ASN1_ITEM_EMBED_NEW 121
+# define ASN1_F_ASN1_ITEM_EX_I2D 144
+# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118
+# define ASN1_F_ASN1_ITEM_I2D_BIO 192
+# define ASN1_F_ASN1_ITEM_I2D_FP 193
+# define ASN1_F_ASN1_ITEM_PACK 198
+# define ASN1_F_ASN1_ITEM_SIGN 195
+# define ASN1_F_ASN1_ITEM_SIGN_CTX 220
+# define ASN1_F_ASN1_ITEM_UNPACK 199
+# define ASN1_F_ASN1_ITEM_VERIFY 197
+# define ASN1_F_ASN1_MBSTRING_NCOPY 122
+# define ASN1_F_ASN1_OBJECT_NEW 123
+# define ASN1_F_ASN1_OUTPUT_DATA 214
+# define ASN1_F_ASN1_PCTX_NEW 205
+# define ASN1_F_ASN1_PRIMITIVE_NEW 119
+# define ASN1_F_ASN1_SCTX_NEW 221
+# define ASN1_F_ASN1_SIGN 128
+# define ASN1_F_ASN1_STR2TYPE 179
+# define ASN1_F_ASN1_STRING_GET_INT64 227
+# define ASN1_F_ASN1_STRING_GET_UINT64 230
+# define ASN1_F_ASN1_STRING_SET 186
+# define ASN1_F_ASN1_STRING_TABLE_ADD 129
+# define ASN1_F_ASN1_STRING_TO_BN 228
+# define ASN1_F_ASN1_STRING_TYPE_NEW 130
+# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
+# define ASN1_F_ASN1_TEMPLATE_NEW 133
+# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
+# define ASN1_F_ASN1_TIME_ADJ 217
+# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
+# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
+# define ASN1_F_ASN1_UTCTIME_ADJ 218
+# define ASN1_F_ASN1_VERIFY 137
+# define ASN1_F_B64_READ_ASN1 209
+# define ASN1_F_B64_WRITE_ASN1 210
+# define ASN1_F_BIO_NEW_NDEF 208
+# define ASN1_F_BITSTR_CB 180
+# define ASN1_F_BN_TO_ASN1_STRING 229
+# define ASN1_F_C2I_ASN1_BIT_STRING 189
+# define ASN1_F_C2I_ASN1_INTEGER 194
+# define ASN1_F_C2I_ASN1_OBJECT 196
+# define ASN1_F_C2I_IBUF 226
+# define ASN1_F_C2I_UINT64_INT 101
+# define ASN1_F_COLLECT_DATA 140
+# define ASN1_F_D2I_ASN1_OBJECT 147
+# define ASN1_F_D2I_ASN1_UINTEGER 150
+# define ASN1_F_D2I_AUTOPRIVATEKEY 207
+# define ASN1_F_D2I_PRIVATEKEY 154
+# define ASN1_F_D2I_PUBLICKEY 155
+# define ASN1_F_DO_BUF 142
+# define ASN1_F_DO_CREATE 124
+# define ASN1_F_DO_DUMP 125
+# define ASN1_F_DO_TCREATE 222
+# define ASN1_F_I2A_ASN1_OBJECT 126
+# define ASN1_F_I2D_ASN1_BIO_STREAM 211
+# define ASN1_F_I2D_ASN1_OBJECT 143
+# define ASN1_F_I2D_DSA_PUBKEY 161
+# define ASN1_F_I2D_EC_PUBKEY 181
+# define ASN1_F_I2D_PRIVATEKEY 163
+# define ASN1_F_I2D_PUBLICKEY 164
+# define ASN1_F_I2D_RSA_PUBKEY 165
+# define ASN1_F_LONG_C2I 166
+# define ASN1_F_NDEF_PREFIX 127
+# define ASN1_F_NDEF_SUFFIX 136
+# define ASN1_F_OID_MODULE_INIT 174
+# define ASN1_F_PARSE_TAGGING 182
+# define ASN1_F_PKCS5_PBE2_SET_IV 167
+# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231
+# define ASN1_F_PKCS5_PBE_SET 202
+# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215
+# define ASN1_F_PKCS5_PBKDF2_SET 219
+# define ASN1_F_PKCS5_SCRYPT_SET 232
+# define ASN1_F_SMIME_READ_ASN1 212
+# define ASN1_F_SMIME_TEXT 213
+# define ASN1_F_STABLE_GET 138
+# define ASN1_F_STBL_MODULE_INIT 223
+# define ASN1_F_UINT32_C2I 105
+# define ASN1_F_UINT32_NEW 139
+# define ASN1_F_UINT64_C2I 112
+# define ASN1_F_UINT64_NEW 141
+# define ASN1_F_X509_CRL_ADD0_REVOKED 169
+# define ASN1_F_X509_INFO_NEW 170
+# define ASN1_F_X509_NAME_ENCODE 203
+# define ASN1_F_X509_NAME_EX_D2I 158
+# define ASN1_F_X509_NAME_EX_NEW 171
+# define ASN1_F_X509_PKEY_NEW 173
+
+/*
+ * ASN1 reason codes.
+ */
+# define ASN1_R_ADDING_OBJECT 171
+# define ASN1_R_ASN1_PARSE_ERROR 203
+# define ASN1_R_ASN1_SIG_PARSE_ERROR 204
+# define ASN1_R_AUX_ERROR 100
+# define ASN1_R_BAD_OBJECT_HEADER 102
+# define ASN1_R_BAD_TEMPLATE 230
+# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
+# define ASN1_R_BN_LIB 105
+# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
+# define ASN1_R_BUFFER_TOO_SMALL 107
+# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108
+# define ASN1_R_CONTEXT_NOT_INITIALISED 217
+# define ASN1_R_DATA_IS_WRONG 109
+# define ASN1_R_DECODE_ERROR 110
+# define ASN1_R_DEPTH_EXCEEDED 174
+# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198
+# define ASN1_R_ENCODE_ERROR 112
+# define ASN1_R_ERROR_GETTING_TIME 173
+# define ASN1_R_ERROR_LOADING_SECTION 172
+# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114
+# define ASN1_R_EXPECTING_AN_INTEGER 115
+# define ASN1_R_EXPECTING_AN_OBJECT 116
+# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119
+# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120
+# define ASN1_R_FIELD_MISSING 121
+# define ASN1_R_FIRST_NUM_TOO_LARGE 122
+# define ASN1_R_HEADER_TOO_LONG 123
+# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175
+# define ASN1_R_ILLEGAL_BOOLEAN 176
+# define ASN1_R_ILLEGAL_CHARACTERS 124
+# define ASN1_R_ILLEGAL_FORMAT 177
+# define ASN1_R_ILLEGAL_HEX 178
+# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179
+# define ASN1_R_ILLEGAL_INTEGER 180
+# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226
+# define ASN1_R_ILLEGAL_NESTED_TAGGING 181
+# define ASN1_R_ILLEGAL_NULL 125
+# define ASN1_R_ILLEGAL_NULL_VALUE 182
+# define ASN1_R_ILLEGAL_OBJECT 183
+# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126
+# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170
+# define ASN1_R_ILLEGAL_PADDING 221
+# define ASN1_R_ILLEGAL_TAGGED_ANY 127
+# define ASN1_R_ILLEGAL_TIME_VALUE 184
+# define ASN1_R_ILLEGAL_ZERO_CONTENT 222
+# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
+# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
+# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
+# define ASN1_R_INVALID_BMPSTRING_LENGTH 129
+# define ASN1_R_INVALID_DIGIT 130
+# define ASN1_R_INVALID_MIME_TYPE 205
+# define ASN1_R_INVALID_MODIFIER 186
+# define ASN1_R_INVALID_NUMBER 187
+# define ASN1_R_INVALID_OBJECT_ENCODING 216
+# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227
+# define ASN1_R_INVALID_SEPARATOR 131
+# define ASN1_R_INVALID_STRING_TABLE_VALUE 218
+# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133
+# define ASN1_R_INVALID_UTF8STRING 134
+# define ASN1_R_INVALID_VALUE 219
+# define ASN1_R_LIST_ERROR 188
+# define ASN1_R_MIME_NO_CONTENT_TYPE 206
+# define ASN1_R_MIME_PARSE_ERROR 207
+# define ASN1_R_MIME_SIG_PARSE_ERROR 208
+# define ASN1_R_MISSING_EOC 137
+# define ASN1_R_MISSING_SECOND_NUMBER 138
+# define ASN1_R_MISSING_VALUE 189
+# define ASN1_R_MSTRING_NOT_UNIVERSAL 139
+# define ASN1_R_MSTRING_WRONG_TAG 140
+# define ASN1_R_NESTED_ASN1_STRING 197
+# define ASN1_R_NESTED_TOO_DEEP 201
+# define ASN1_R_NON_HEX_CHARACTERS 141
+# define ASN1_R_NOT_ASCII_FORMAT 190
+# define ASN1_R_NOT_ENOUGH_DATA 142
+# define ASN1_R_NO_CONTENT_TYPE 209
+# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
+# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210
+# define ASN1_R_NO_MULTIPART_BOUNDARY 211
+# define ASN1_R_NO_SIG_CONTENT_TYPE 212
+# define ASN1_R_NULL_IS_WRONG_LENGTH 144
+# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
+# define ASN1_R_ODD_NUMBER_OF_CHARS 145
+# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147
+# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148
+# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
+# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192
+# define ASN1_R_SHORT_LINE 150
+# define ASN1_R_SIG_INVALID_MIME_TYPE 213
+# define ASN1_R_STREAMING_NOT_SUPPORTED 202
+# define ASN1_R_STRING_TOO_LONG 151
+# define ASN1_R_STRING_TOO_SHORT 152
+# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+# define ASN1_R_TIME_NOT_ASCII_FORMAT 193
+# define ASN1_R_TOO_LARGE 223
+# define ASN1_R_TOO_LONG 155
+# define ASN1_R_TOO_SMALL 224
+# define ASN1_R_TYPE_NOT_CONSTRUCTED 156
+# define ASN1_R_TYPE_NOT_PRIMITIVE 195
+# define ASN1_R_UNEXPECTED_EOC 159
+# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215
+# define ASN1_R_UNKNOWN_FORMAT 160
+# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
+# define ASN1_R_UNKNOWN_OBJECT_TYPE 162
+# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163
+# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199
+# define ASN1_R_UNKNOWN_TAG 194
+# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
+# define ASN1_R_UNSUPPORTED_CIPHER 228
+# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167
+# define ASN1_R_UNSUPPORTED_TYPE 196
+# define ASN1_R_WRONG_INTEGER_TYPE 225
+# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200
+# define ASN1_R_WRONG_TAG 168
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1t.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1t.h
new file mode 100644
index 000000000..a450ba0d9
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asn1t.h
@@ -0,0 +1,945 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1T_H
+# define HEADER_ASN1T_H
+
+# include
+# include
+# include
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+# define ASN1_ITEM_start(itname) \
+ const ASN1_ITEM itname##_it = {
+
+# define static_ASN1_ITEM_start(itname) \
+ static const ASN1_ITEM itname##_it = {
+
+# define ASN1_ITEM_end(itname) \
+ };
+
+# else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)()))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+# define ASN1_ITEM_start(itname) \
+ const ASN1_ITEM * itname##_it(void) \
+ { \
+ static const ASN1_ITEM local_it = {
+
+# define static_ASN1_ITEM_start(itname) \
+ static ASN1_ITEM_start(itname)
+
+# define ASN1_ITEM_end(itname) \
+ }; \
+ return &local_it; \
+ }
+
+# endif
+
+/* Macros to aid ASN1 template writing */
+
+# define ASN1_ITEM_TEMPLATE(tname) \
+ static const ASN1_TEMPLATE tname##_item_tt
+
+# define ASN1_ITEM_TEMPLATE_END(tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_PRIMITIVE,\
+ -1,\
+ &tname##_item_tt,\
+ 0,\
+ NULL,\
+ 0,\
+ #tname \
+ ASN1_ITEM_end(tname)
+# define static_ASN1_ITEM_TEMPLATE_END(tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_PRIMITIVE,\
+ -1,\
+ &tname##_item_tt,\
+ 0,\
+ NULL,\
+ 0,\
+ #tname \
+ ASN1_ITEM_end(tname)
+
+/* This is a ASN1 type which just embeds a template */
+
+/*-
+ * This pair helps declare a SEQUENCE. We can do:
+ *
+ * ASN1_SEQUENCE(stname) = {
+ * ... SEQUENCE components ...
+ * } ASN1_SEQUENCE_END(stname)
+ *
+ * This will produce an ASN1_ITEM called stname_it
+ * for a structure called stname.
+ *
+ * If you want the same structure but a different
+ * name then use:
+ *
+ * ASN1_SEQUENCE(itname) = {
+ * ... SEQUENCE components ...
+ * } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ * This will create an item called itname_it using
+ * a structure called stname.
+ */
+
+# define ASN1_SEQUENCE(tname) \
+ static const ASN1_TEMPLATE tname##_seq_tt[]
+
+# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname)
+
+# define ASN1_SEQUENCE_END_name(stname, tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #tname \
+ ASN1_ITEM_end(tname)
+
+# define static_ASN1_SEQUENCE_END_name(stname, tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE(tname) \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+ ASN1_SEQUENCE_cb(tname, cb)
+
+# define ASN1_SEQUENCE_cb(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_BROKEN_SEQUENCE(tname) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_ref(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_enc(tname, enc, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_END(tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_NDEF_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(tname),\
+ #tname \
+ ASN1_ITEM_end(tname)
+# define static_ASN1_NDEF_SEQUENCE_END(tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_NDEF_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(tname),\
+ #tname \
+ ASN1_ITEM_end(tname)
+
+# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+# define static_ASN1_BROKEN_SEQUENCE_END(stname) \
+ static_ASN1_SEQUENCE_END_ref(stname, stname)
+
+# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_ref(stname, tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #tname \
+ ASN1_ITEM_end(tname)
+# define static_ASN1_SEQUENCE_END_ref(stname, tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_NDEF_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+/*-
+ * This pair helps declare a CHOICE type. We can do:
+ *
+ * ASN1_CHOICE(chname) = {
+ * ... CHOICE options ...
+ * ASN1_CHOICE_END(chname)
+ *
+ * This will produce an ASN1_ITEM called chname_it
+ * for a structure called chname. The structure
+ * definition must look like this:
+ * typedef struct {
+ * int type;
+ * union {
+ * ASN1_SOMETHING *opt1;
+ * ASN1_SOMEOTHER *opt2;
+ * } value;
+ * } chname;
+ *
+ * the name of the selector must be 'type'.
+ * to use an alternative selector name use the
+ * ASN1_CHOICE_END_selector() version.
+ */
+
+# define ASN1_CHOICE(tname) \
+ static const ASN1_TEMPLATE tname##_ch_tt[]
+
+# define ASN1_CHOICE_cb(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+ ASN1_CHOICE(tname)
+
+# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname)
+
+# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define ASN1_CHOICE_END_selector(stname, tname, selname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_CHOICE,\
+ offsetof(stname,selname) ,\
+ tname##_ch_tt,\
+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_CHOICE,\
+ offsetof(stname,selname) ,\
+ tname##_ch_tt,\
+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+# define ASN1_CHOICE_END_cb(stname, tname, selname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_CHOICE,\
+ offsetof(stname,selname) ,\
+ tname##_ch_tt,\
+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+ (flags), (tag), 0,\
+ #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+ (flags), (tag), offsetof(stname, field),\
+ #field, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+# define ASN1_IMP_EX(stname, field, type, tag, ex) \
+ ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type)
+
+# define ASN1_EXP_EX(stname, field, type, tag, ex) \
+ ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+# else
+# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+# endif
+/* Plain simple type */
+# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+/* Embedded simple type */
+# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type)
+
+/* OPTIONAL simple type */
+# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
+
+/* Same as above but EXPLICIT */
+
+# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
+# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
+
+/* SEQUENCE OF type */
+# define ASN1_SEQUENCE_OF(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+# define ASN1_SET_OF(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+# define ASN1_SET_OF_OPT(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+# define ASN1_IMP_SET_OF(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_EXP_SET_OF(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* EXPLICIT using indefinite length constructed form */
+# define ASN1_NDEF_EXP(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
+/* EXPLICIT OPTIONAL using indefinite length constructed form */
+# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
+
+/* Macros for the ASN1_ADB structure */
+
+# define ASN1_ADB(name) \
+ static const ASN1_ADB_TABLE name##_adbtbl[]
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+ ;\
+ static const ASN1_ADB name##_adb = {\
+ flags,\
+ offsetof(name, field),\
+ adb_cb,\
+ name##_adbtbl,\
+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+ def,\
+ none\
+ }
+
+# else
+
+# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+ ;\
+ static const ASN1_ITEM *name##_adb(void) \
+ { \
+ static const ASN1_ADB internal_adb = \
+ {\
+ flags,\
+ offsetof(name, field),\
+ adb_cb,\
+ name##_adbtbl,\
+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+ def,\
+ none\
+ }; \
+ return (const ASN1_ITEM *) &internal_adb; \
+ } \
+ void dummy_function(void)
+
+# endif
+
+# define ADB_ENTRY(val, template) {val, template}
+
+# define ASN1_ADB_TEMPLATE(name) \
+ static const ASN1_TEMPLATE name##_tt
+
+/*
+ * This is the ASN1 template structure that defines a wrapper round the
+ * actual type. It determines the actual position of the field in the value
+ * structure, various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+ unsigned long flags; /* Various flags */
+ long tag; /* tag, not used if no tagging */
+ unsigned long offset; /* Offset of this field in structure */
+ const char *field_name; /* Field name */
+ ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+# define ASN1_TEMPLATE_item(t) (t->item_ptr)
+# define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+ unsigned long flags; /* Various flags */
+ unsigned long offset; /* Offset of selector field */
+ int (*adb_cb)(long *psel); /* Application callback */
+ const ASN1_ADB_TABLE *tbl; /* Table of possible types */
+ long tblcount; /* Number of entries in tbl */
+ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
+ const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+ long value; /* NID for an object or value for an int */
+ const ASN1_TEMPLATE tt; /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+# define ASN1_TFLG_OPTIONAL (0x1)
+
+/* Field is a SET OF */
+# define ASN1_TFLG_SET_OF (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
+
+/*
+ * Special case: this refers to a SET OF that will be sorted into DER order
+ * when encoded *and* the corresponding STACK will be modified to match the
+ * new order.
+ */
+# define ASN1_TFLG_SET_ORDER (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+# define ASN1_TFLG_SK_MASK (0x3 << 1)
+
+/*
+ * These flags mean the tag should be taken from the tag field. If EXPLICIT
+ * then the underlying type is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+# define ASN1_TFLG_IMPTAG (0x1 << 3)
+
+/* EXPLICIT tagging, inner tag from underlying type */
+# define ASN1_TFLG_EXPTAG (0x2 << 3)
+
+# define ASN1_TFLG_TAG_MASK (0x3 << 3)
+
+/* context specific IMPLICIT */
+# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT)
+
+/* context specific EXPLICIT */
+# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT)
+
+/*
+ * If tagging is in force these determine the type of tag to use. Otherwise
+ * the tag is determined by the underlying type. These values reflect the
+ * actual octet format.
+ */
+
+/* Universal tag */
+# define ASN1_TFLG_UNIVERSAL (0x0<<6)
+/* Application tag */
+# define ASN1_TFLG_APPLICATION (0x1<<6)
+/* Context specific tag */
+# define ASN1_TFLG_CONTEXT (0x2<<6)
+/* Private tag */
+# define ASN1_TFLG_PRIVATE (0x3<<6)
+
+# define ASN1_TFLG_TAG_CLASS (0x3<<6)
+
+/*
+ * These are for ANY DEFINED BY type. In this case the 'item' field points to
+ * an ASN1_ADB structure which contains a table of values to decode the
+ * relevant type
+ */
+
+# define ASN1_TFLG_ADB_MASK (0x3<<8)
+
+# define ASN1_TFLG_ADB_OID (0x1<<8)
+
+# define ASN1_TFLG_ADB_INT (0x1<<9)
+
+/*
+ * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
+ * indefinite length constructed encoding to be used if required.
+ */
+
+# define ASN1_TFLG_NDEF (0x1<<11)
+
+/* Field is embedded and not a pointer */
+# define ASN1_TFLG_EMBED (0x1 << 12)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+ char itype; /* The item type, primitive, SEQUENCE, CHOICE
+ * or extern */
+ long utype; /* underlying type */
+ const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains
+ * the contents */
+ long tcount; /* Number of templates if SEQUENCE or CHOICE */
+ const void *funcs; /* functions that handle this type */
+ long size; /* Structure size (usually) */
+ const char *sname; /* Structure name */
+};
+
+/*-
+ * These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+# define ASN1_ITYPE_PRIMITIVE 0x0
+
+# define ASN1_ITYPE_SEQUENCE 0x1
+
+# define ASN1_ITYPE_CHOICE 0x2
+
+# define ASN1_ITYPE_EXTERN 0x4
+
+# define ASN1_ITYPE_MSTRING 0x5
+
+# define ASN1_ITYPE_NDEF_SEQUENCE 0x6
+
+/*
+ * Cache for ASN1 tag and length, so we don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st {
+ char valid; /* Values below are valid */
+ int ret; /* return value */
+ long plen; /* length */
+ int ptag; /* class value */
+ int pclass; /* class value */
+ int hdrlen; /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it, int tag, int aclass, char opt,
+ ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
+ int indent, const char *fname,
+ const ASN1_PCTX *pctx);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont,
+ int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont,
+ int len, int utype, char *free_cont,
+ const ASN1_ITEM *it);
+typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
+ const ASN1_ITEM *it, int indent,
+ const ASN1_PCTX *pctx);
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+ void *app_data;
+ ASN1_ex_new_func *asn1_ex_new;
+ ASN1_ex_free_func *asn1_ex_free;
+ ASN1_ex_free_func *asn1_ex_clear;
+ ASN1_ex_d2i *asn1_ex_d2i;
+ ASN1_ex_i2d *asn1_ex_i2d;
+ ASN1_ex_print_func *asn1_ex_print;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+ void *app_data;
+ unsigned long flags;
+ ASN1_ex_new_func *prim_new;
+ ASN1_ex_free_func *prim_free;
+ ASN1_ex_free_func *prim_clear;
+ ASN1_primitive_c2i *prim_c2i;
+ ASN1_primitive_i2c *prim_i2c;
+ ASN1_primitive_print *prim_print;
+} ASN1_PRIMITIVE_FUNCS;
+
+/*
+ * This is the ASN1_AUX structure: it handles various miscellaneous
+ * requirements. For example the use of reference counts and an informational
+ * callback. The "informational callback" is called at various points during
+ * the ASN1 encoding and decoding. It can be used to provide minor
+ * customisation of the structures used. This is most useful where the
+ * supplied routines *almost* do the right thing but need some extra help at
+ * a few points. If the callback returns zero then it is assumed a fatal
+ * error has occurred and the main operation should be abandoned. If major
+ * changes in the default behaviour are required then an external type is
+ * more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
+ void *exarg);
+
+typedef struct ASN1_AUX_st {
+ void *app_data;
+ int flags;
+ int ref_offset; /* Offset of reference value */
+ int ref_lock; /* Lock type to use */
+ ASN1_aux_cb *asn1_cb;
+ int enc_offset; /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* For print related callbacks exarg points to this structure */
+typedef struct ASN1_PRINT_ARG_st {
+ BIO *out;
+ int indent;
+ const ASN1_PCTX *pctx;
+} ASN1_PRINT_ARG;
+
+/* For streaming related callbacks exarg points to this structure */
+typedef struct ASN1_STREAM_ARG_st {
+ /* BIO to stream through */
+ BIO *out;
+ /* BIO with filters appended */
+ BIO *ndef_bio;
+ /* Streaming I/O boundary */
+ unsigned char **boundary;
+} ASN1_STREAM_ARG;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+# define ASN1_AFLG_REFCOUNT 1
+/* Save the encoding of structure (useful for signatures) */
+# define ASN1_AFLG_ENCODING 2
+/* The Sequence length is invalid */
+# define ASN1_AFLG_BROKEN 4
+
+/* operation values for asn1_cb */
+
+# define ASN1_OP_NEW_PRE 0
+# define ASN1_OP_NEW_POST 1
+# define ASN1_OP_FREE_PRE 2
+# define ASN1_OP_FREE_POST 3
+# define ASN1_OP_D2I_PRE 4
+# define ASN1_OP_D2I_POST 5
+# define ASN1_OP_I2D_PRE 6
+# define ASN1_OP_I2D_POST 7
+# define ASN1_OP_PRINT_PRE 8
+# define ASN1_OP_PRINT_POST 9
+# define ASN1_OP_STREAM_PRE 10
+# define ASN1_OP_STREAM_POST 11
+# define ASN1_OP_DETACHED_PRE 12
+# define ASN1_OP_DETACHED_POST 13
+
+/* Macro to implement a primitive type */
+# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+ ASN1_ITEM_start(itname) \
+ ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+ ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+# define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+ ASN1_ITEM_start(itname) \
+ ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+ ASN1_ITEM_end(itname)
+
+# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+ ASN1_ITEM_start(sname) \
+ ASN1_ITYPE_EXTERN, \
+ tag, \
+ NULL, \
+ 0, \
+ &fptrs, \
+ 0, \
+ #sname \
+ ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
+ pre stname *fname##_new(void) \
+ { \
+ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+ } \
+ pre void fname##_free(stname *a) \
+ { \
+ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+ }
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+ stname *fname##_new(void) \
+ { \
+ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+ } \
+ void fname##_free(stname *a) \
+ { \
+ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+ }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+ { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+ } \
+ int i2d_##fname(stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+ }
+
+# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
+ int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+ }
+
+# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \
+ static stname *d2i_##stname(stname **a, \
+ const unsigned char **in, long len) \
+ { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
+ ASN1_ITEM_rptr(stname)); \
+ } \
+ static int i2d_##stname(stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, \
+ ASN1_ITEM_rptr(stname)); \
+ }
+
+/*
+ * This includes evil casts to remove const: they will go away when full ASN1
+ * constification is done.
+ */
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+ { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+ } \
+ int i2d_##fname(const stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+ }
+
+# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+ stname * stname##_dup(stname *x) \
+ { \
+ return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+ }
+
+# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
+ IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
+ int fname##_print_ctx(BIO *out, stname *x, int indent, \
+ const ASN1_PCTX *pctx) \
+ { \
+ return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
+ ASN1_ITEM_rptr(itname), pctx); \
+ }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/*
+ * LONG and ZLONG are strongly discouraged for use as stored data, as the
+ * underlying C type (long) differs in size depending on the architecture.
+ * They are designed with 32-bit longs in mind.
+ */
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+# endif
+
+DEFINE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it, int tag, int aclass, char opt,
+ ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/async.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/async.h
new file mode 100644
index 000000000..7052b8905
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/async.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include
+
+#ifndef HEADER_ASYNC_H
+# define HEADER_ASYNC_H
+
+#if defined(_WIN32)
+# if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include to use this */
+#define OSSL_ASYNC_FD HANDLE
+#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE
+# endif
+#else
+#define OSSL_ASYNC_FD int
+#define OSSL_BAD_ASYNC_FD -1
+#endif
+# include
+
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+typedef struct async_job_st ASYNC_JOB;
+typedef struct async_wait_ctx_st ASYNC_WAIT_CTX;
+
+#define ASYNC_ERR 0
+#define ASYNC_NO_JOBS 1
+#define ASYNC_PAUSE 2
+#define ASYNC_FINISH 3
+
+int ASYNC_init_thread(size_t max_size, size_t init_size);
+void ASYNC_cleanup_thread(void);
+
+#ifdef OSSL_ASYNC_FD
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+ OSSL_ASYNC_FD fd,
+ void *custom_data,
+ void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+ OSSL_ASYNC_FD, void *));
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+ OSSL_ASYNC_FD *fd, void **custom_data);
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+ size_t *numfds);
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+ size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+ size_t *numdelfds);
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+#endif
+
+int ASYNC_is_capable(void);
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+ int (*func)(void *), void *args, size_t size);
+int ASYNC_pause_job(void);
+
+ASYNC_JOB *ASYNC_get_current_job(void);
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+void ASYNC_block_pause(void);
+void ASYNC_unblock_pause(void);
+
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asyncerr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asyncerr.h
new file mode 100644
index 000000000..91afbbb2f
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/asyncerr.h
@@ -0,0 +1,42 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASYNCERR_H
+# define HEADER_ASYNCERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_ASYNC_strings(void);
+
+/*
+ * ASYNC function codes.
+ */
+# define ASYNC_F_ASYNC_CTX_NEW 100
+# define ASYNC_F_ASYNC_INIT_THREAD 101
+# define ASYNC_F_ASYNC_JOB_NEW 102
+# define ASYNC_F_ASYNC_PAUSE_JOB 103
+# define ASYNC_F_ASYNC_START_FUNC 104
+# define ASYNC_F_ASYNC_START_JOB 105
+# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106
+
+/*
+ * ASYNC reason codes.
+ */
+# define ASYNC_R_FAILED_TO_SET_POOL 101
+# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102
+# define ASYNC_R_INIT_FAILED 105
+# define ASYNC_R_INVALID_POOL_SIZE 103
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bio.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bio.h
new file mode 100644
index 000000000..ae559a510
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bio.h
@@ -0,0 +1,801 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BIO_H
+# define HEADER_BIO_H
+
+# include
+
+# ifndef OPENSSL_NO_STDIO
+# include
+# endif
+# include
+
+# include
+# include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* There are the classes of BIOs */
+# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */
+# define BIO_TYPE_FILTER 0x0200
+# define BIO_TYPE_SOURCE_SINK 0x0400
+
+/* These are the 'types' of BIOs */
+# define BIO_TYPE_NONE 0
+# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK)
+
+# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER)
+# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER)
+# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER)
+# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER)
+# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER)
+# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+
+# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */
+# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER)
+# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */
+# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER)
+# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER)
+# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER)
+# ifndef OPENSSL_NO_SCTP
+# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# endif
+
+#define BIO_TYPE_START 128
+
+/*
+ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ */
+# define BIO_NOCLOSE 0x00
+# define BIO_CLOSE 0x01
+
+/*
+ * These are used in the following macros and are passed to BIO_ctrl()
+ */
+# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */
+# define BIO_CTRL_EOF 2/* opt - are we at the eof */
+# define BIO_CTRL_INFO 3/* opt - extra tit-bits */
+# define BIO_CTRL_SET 4/* man - set the 'IO' type */
+# define BIO_CTRL_GET 5/* man - get the 'IO' type */
+# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */
+# define BIO_CTRL_POP 7/* opt - internal, used to signify change */
+# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */
+# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */
+# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */
+# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */
+# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */
+# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */
+# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */
+# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */
+
+# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */
+# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */
+
+/* dgram BIO stuff */
+# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */
+# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected
+ * socket to be passed in */
+# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */
+# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */
+
+# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */
+
+/* #ifdef IP_MTU_DISCOVER */
+# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */
+/* #endif */
+
+# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */
+# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
+# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */
+# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU.
+ * want to use this if asking
+ * the kernel fails */
+
+# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was
+ * exceed in the previous write
+ * operation */
+
+# define BIO_CTRL_DGRAM_GET_PEER 46
+# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */
+
+# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout
+ * to adjust socket timeouts */
+# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48
+
+# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
+
+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
+# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
+# ifndef OPENSSL_NO_SCTP
+/* SCTP stuff */
+# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51
+# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52
+# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53
+# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60
+# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61
+# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62
+# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63
+# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64
+# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65
+# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70
+# endif
+
+# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71
+
+/* modifiers */
+# define BIO_FP_READ 0x02
+# define BIO_FP_WRITE 0x04
+# define BIO_FP_APPEND 0x08
+# define BIO_FP_TEXT 0x10
+
+# define BIO_FLAGS_READ 0x01
+# define BIO_FLAGS_WRITE 0x02
+# define BIO_FLAGS_IO_SPECIAL 0x04
+# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+# define BIO_FLAGS_SHOULD_RETRY 0x08
+# ifndef BIO_FLAGS_UPLINK
+/*
+ * "UPLINK" flag denotes file descriptors provided by application. It
+ * defaults to 0, as most platforms don't require UPLINK interface.
+ */
+# define BIO_FLAGS_UPLINK 0
+# endif
+
+# define BIO_FLAGS_BASE64_NO_NL 0x100
+
+/*
+ * This is used with memory BIOs:
+ * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way;
+ * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset.
+ */
+# define BIO_FLAGS_MEM_RDONLY 0x200
+# define BIO_FLAGS_NONCLEAR_RST 0x400
+# define BIO_FLAGS_IN_EOF 0x800
+
+typedef union bio_addr_st BIO_ADDR;
+typedef struct bio_addrinfo_st BIO_ADDRINFO;
+
+int BIO_get_new_index(void);
+void BIO_set_flags(BIO *b, int flags);
+int BIO_test_flags(const BIO *b, int flags);
+void BIO_clear_flags(BIO *b, int flags);
+
+# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
+# define BIO_set_retry_special(b) \
+ BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_read(b) \
+ BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_write(b) \
+ BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+# define BIO_clear_retry_flags(b) \
+ BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_get_retry_flags(b) \
+ BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These should be used by the application to tell why we should retry */
+# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ)
+# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE)
+# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
+# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS)
+# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
+
+/*
+ * The next three are used in conjunction with the BIO_should_io_special()
+ * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int
+ * *reason); will walk the BIO stack and return the 'reason' for the special
+ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return
+ * the code.
+ */
+/*
+ * Returned from the SSL bio when the certificate retrieval code had an error
+ */
+# define BIO_RR_SSL_X509_LOOKUP 0x01
+/* Returned from the connect BIO when a connect would have blocked */
+# define BIO_RR_CONNECT 0x02
+/* Returned from the accept BIO when an accept would have blocked */
+# define BIO_RR_ACCEPT 0x03
+
+/* These are passed by the BIO callback */
+# define BIO_CB_FREE 0x01
+# define BIO_CB_READ 0x02
+# define BIO_CB_WRITE 0x03
+# define BIO_CB_PUTS 0x04
+# define BIO_CB_GETS 0x05
+# define BIO_CB_CTRL 0x06
+
+/*
+ * The callback is called before and after the underling operation, The
+ * BIO_CB_RETURN flag indicates if it is after the call
+ */
+# define BIO_CB_RETURN 0x80
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
+# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
+# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
+
+typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+ long argl, long ret);
+typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+ size_t len, int argi,
+ long argl, int ret, size_t *processed);
+BIO_callback_fn BIO_get_callback(const BIO *b);
+void BIO_set_callback(BIO *b, BIO_callback_fn callback);
+
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+
+char *BIO_get_callback_arg(const BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+
+typedef struct bio_method_st BIO_METHOD;
+
+const char *BIO_method_name(const BIO *b);
+int BIO_method_type(const BIO *b);
+
+typedef int BIO_info_cb(BIO *, int, int);
+typedef BIO_info_cb bio_info_cb; /* backward compatibility */
+
+DEFINE_STACK_OF(BIO)
+
+/* Prefix and suffix callback in ASN1 BIO */
+typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
+ void *parg);
+
+# ifndef OPENSSL_NO_SCTP
+/* SCTP parameter structs */
+struct bio_dgram_sctp_sndinfo {
+ uint16_t snd_sid;
+ uint16_t snd_flags;
+ uint32_t snd_ppid;
+ uint32_t snd_context;
+};
+
+struct bio_dgram_sctp_rcvinfo {
+ uint16_t rcv_sid;
+ uint16_t rcv_ssn;
+ uint16_t rcv_flags;
+ uint32_t rcv_ppid;
+ uint32_t rcv_tsn;
+ uint32_t rcv_cumtsn;
+ uint32_t rcv_context;
+};
+
+struct bio_dgram_sctp_prinfo {
+ uint16_t pr_policy;
+ uint32_t pr_value;
+};
+# endif
+
+/*
+ * #define BIO_CONN_get_param_hostname BIO_ctrl
+ */
+
+# define BIO_C_SET_CONNECT 100
+# define BIO_C_DO_STATE_MACHINE 101
+# define BIO_C_SET_NBIO 102
+/* # define BIO_C_SET_PROXY_PARAM 103 */
+# define BIO_C_SET_FD 104
+# define BIO_C_GET_FD 105
+# define BIO_C_SET_FILE_PTR 106
+# define BIO_C_GET_FILE_PTR 107
+# define BIO_C_SET_FILENAME 108
+# define BIO_C_SET_SSL 109
+# define BIO_C_GET_SSL 110
+# define BIO_C_SET_MD 111
+# define BIO_C_GET_MD 112
+# define BIO_C_GET_CIPHER_STATUS 113
+# define BIO_C_SET_BUF_MEM 114
+# define BIO_C_GET_BUF_MEM_PTR 115
+# define BIO_C_GET_BUFF_NUM_LINES 116
+# define BIO_C_SET_BUFF_SIZE 117
+# define BIO_C_SET_ACCEPT 118
+# define BIO_C_SSL_MODE 119
+# define BIO_C_GET_MD_CTX 120
+/* # define BIO_C_GET_PROXY_PARAM 121 */
+# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */
+# define BIO_C_GET_CONNECT 123
+# define BIO_C_GET_ACCEPT 124
+# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125
+# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126
+# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127
+# define BIO_C_FILE_SEEK 128
+# define BIO_C_GET_CIPHER_CTX 129
+# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input
+ * value */
+# define BIO_C_SET_BIND_MODE 131
+# define BIO_C_GET_BIND_MODE 132
+# define BIO_C_FILE_TELL 133
+# define BIO_C_GET_SOCKS 134
+# define BIO_C_SET_SOCKS 135
+
+# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */
+# define BIO_C_GET_WRITE_BUF_SIZE 137
+# define BIO_C_MAKE_BIO_PAIR 138
+# define BIO_C_DESTROY_BIO_PAIR 139
+# define BIO_C_GET_WRITE_GUARANTEE 140
+# define BIO_C_GET_READ_REQUEST 141
+# define BIO_C_SHUTDOWN_WR 142
+# define BIO_C_NREAD0 143
+# define BIO_C_NREAD 144
+# define BIO_C_NWRITE0 145
+# define BIO_C_NWRITE 146
+# define BIO_C_RESET_READ_REQUEST 147
+# define BIO_C_SET_MD_CTX 148
+
+# define BIO_C_SET_PREFIX 149
+# define BIO_C_GET_PREFIX 150
+# define BIO_C_SET_SUFFIX 151
+# define BIO_C_GET_SUFFIX 152
+
+# define BIO_C_SET_EX_ARG 153
+# define BIO_C_GET_EX_ARG 154
+
+# define BIO_C_SET_CONNECT_MODE 155
+
+# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg)
+# define BIO_get_app_data(s) BIO_get_ex_data(s,0)
+
+# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+# ifndef OPENSSL_NO_SOCK
+/* IP families we support, for BIO_s_connect() and BIO_s_accept() */
+/* Note: the underlying operating system may not support some of them */
+# define BIO_FAMILY_IPV4 4
+# define BIO_FAMILY_IPV6 6
+# define BIO_FAMILY_IPANY 256
+
+/* BIO_s_connect() */
+# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \
+ (char *)(name))
+# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \
+ (char *)(port))
+# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \
+ (char *)(addr))
+# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
+# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0))
+# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
+# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
+# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+
+/* BIO_s_accept() */
+# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
+ (char *)(name))
+# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \
+ (char *)(port))
+# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0))
+# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1))
+# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2))
+# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3))
+/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL)
+# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \
+ (char *)(bio))
+# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
+# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+
+/* Aliases kept for backward compatibility */
+# define BIO_BIND_NORMAL 0
+# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR
+# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR
+# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+/* BIO_s_accept() and BIO_s_connect() */
+# define BIO_do_connect(b) BIO_do_handshake(b)
+# define BIO_do_accept(b) BIO_do_handshake(b)
+# endif /* OPENSSL_NO_SOCK */
+
+# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
+# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c))
+
+/* BIO_s_file() */
+# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp))
+# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp))
+
+/* BIO_s_fd() and BIO_s_file() */
+# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/*
+ * name is cast to lose const, but might be better to route through a
+ * function so we can do it safely
+ */
+# ifdef CONST_STRICT
+/*
+ * If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b, const char *name);
+# else
+# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_READ,(char *)(name))
+# endif
+# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_WRITE,name)
+# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_APPEND,name)
+# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/*
+ * WARNING WARNING, this ups the reference count on the read bio of the SSL
+ * structure. This is because the ssl read BIO is now pointed to by the
+ * next_bio field in the bio. So when you free the BIO, make sure you are
+ * doing a BIO_free_all() to catch the underlying BIO.
+ */
+# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl))
+# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp))
+# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+# define BIO_set_ssl_renegotiate_bytes(b,num) \
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
+# define BIO_get_num_renegotiates(b) \
+ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
+# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */
+
+# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp))
+# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm))
+# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \
+ (char *)(pp))
+# define BIO_set_mem_eof_return(b,v) \
+ BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+ cbp)
+# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
+
+/* For the BIO_f_buffer() type */
+# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s))
+
+/* For BIO_s_bio() */
+# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* ctrl macros for dgram */
+# define BIO_ctrl_dgram_connect(b,peer) \
+ (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer))
+# define BIO_ctrl_set_connected(b,peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer))
+# define BIO_dgram_recv_timedout(b) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
+# define BIO_dgram_send_timedout(b) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+# define BIO_dgram_get_peer(b,peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
+# define BIO_dgram_set_peer(b,peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_get_mtu_overhead(b) \
+ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+
+#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef)
+int BIO_set_ex_data(BIO *bio, int idx, void *data);
+void *BIO_get_ex_data(BIO *bio, int idx);
+uint64_t BIO_number_read(BIO *bio);
+uint64_t BIO_number_written(BIO *bio);
+
+/* For BIO_f_asn1() */
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+ asn1_ps_func *prefix_free);
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+ asn1_ps_func **pprefix_free);
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+ asn1_ps_func *suffix_free);
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+ asn1_ps_func **psuffix_free);
+
+const BIO_METHOD *BIO_s_file(void);
+BIO *BIO_new_file(const char *filename, const char *mode);
+# ifndef OPENSSL_NO_STDIO
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+# endif
+BIO *BIO_new(const BIO_METHOD *type);
+int BIO_free(BIO *a);
+void BIO_set_data(BIO *a, void *ptr);
+void *BIO_get_data(BIO *a);
+void BIO_set_init(BIO *a, int init);
+int BIO_get_init(BIO *a);
+void BIO_set_shutdown(BIO *a, int shut);
+int BIO_get_shutdown(BIO *a);
+void BIO_vfree(BIO *a);
+int BIO_up_ref(BIO *a);
+int BIO_read(BIO *b, void *data, int dlen);
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+int BIO_gets(BIO *bp, char *buf, int size);
+int BIO_write(BIO *b, const void *data, int dlen);
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+int BIO_puts(BIO *bp, const char *buf);
+int BIO_indent(BIO *b, int indent, int max);
+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+BIO *BIO_push(BIO *b, BIO *append);
+BIO *BIO_pop(BIO *b);
+void BIO_free_all(BIO *a);
+BIO *BIO_find_type(BIO *b, int bio_type);
+BIO *BIO_next(BIO *b);
+void BIO_set_next(BIO *b, BIO *next);
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+void BIO_set_retry_reason(BIO *bio, int reason);
+BIO *BIO_dup_chain(BIO *in);
+
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+ long argl, long ret);
+
+const BIO_METHOD *BIO_s_mem(void);
+const BIO_METHOD *BIO_s_secmem(void);
+BIO *BIO_new_mem_buf(const void *buf, int len);
+# ifndef OPENSSL_NO_SOCK
+const BIO_METHOD *BIO_s_socket(void);
+const BIO_METHOD *BIO_s_connect(void);
+const BIO_METHOD *BIO_s_accept(void);
+# endif
+const BIO_METHOD *BIO_s_fd(void);
+const BIO_METHOD *BIO_s_log(void);
+const BIO_METHOD *BIO_s_bio(void);
+const BIO_METHOD *BIO_s_null(void);
+const BIO_METHOD *BIO_f_null(void);
+const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_linebuffer(void);
+const BIO_METHOD *BIO_f_nbio_test(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_datagram(void);
+int BIO_dgram_non_fatal_error(int error);
+BIO *BIO_new_dgram(int fd, int close_flag);
+# ifndef OPENSSL_NO_SCTP
+const BIO_METHOD *BIO_s_datagram_sctp(void);
+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
+int BIO_dgram_is_sctp(BIO *bio);
+int BIO_dgram_sctp_notification_cb(BIO *b,
+ void (*handle_notifications) (BIO *bio,
+ void *context,
+ void *buf),
+ void *context);
+int BIO_dgram_sctp_wait_for_dry(BIO *b);
+int BIO_dgram_sctp_msg_waiting(BIO *b);
+# endif
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+# endif
+
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+ void *u, const char *s, int len);
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+ void *u, const char *s, int len, int indent);
+int BIO_dump(BIO *b, const char *bytes, int len);
+int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
+# ifndef OPENSSL_NO_STDIO
+int BIO_dump_fp(FILE *fp, const char *s, int len);
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+# endif
+int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+ int datalen);
+
+# ifndef OPENSSL_NO_SOCK
+BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+ const void *where, size_t wherelen, unsigned short port);
+void BIO_ADDR_free(BIO_ADDR *);
+void BIO_ADDR_clear(BIO_ADDR *ap);
+int BIO_ADDR_family(const BIO_ADDR *ap);
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_path_string(const BIO_ADDR *ap);
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
+
+enum BIO_hostserv_priorities {
+ BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+};
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+ enum BIO_hostserv_priorities hostserv_prio);
+enum BIO_lookup_type {
+ BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+};
+int BIO_lookup(const char *host, const char *service,
+ enum BIO_lookup_type lookup_type,
+ int family, int socktype, BIO_ADDRINFO **res);
+int BIO_lookup_ex(const char *host, const char *service,
+ int lookup_type, int family, int socktype, int protocol,
+ BIO_ADDRINFO **res);
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_nbio(int fd, int mode);
+int BIO_sock_init(void);
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define BIO_sock_cleanup() while(0) continue
+# endif
+int BIO_set_tcp_ndelay(int sock, int turn_on);
+
+DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
+DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr))
+DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip))
+DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode))
+DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port))
+
+union BIO_sock_info_u {
+ BIO_ADDR *addr;
+};
+enum BIO_sock_info_type {
+ BIO_SOCK_INFO_ADDRESS
+};
+int BIO_sock_info(int sock,
+ enum BIO_sock_info_type type, union BIO_sock_info_u *info);
+
+# define BIO_SOCK_REUSEADDR 0x01
+# define BIO_SOCK_V6_ONLY 0x02
+# define BIO_SOCK_KEEPALIVE 0x04
+# define BIO_SOCK_NONBLOCK 0x08
+# define BIO_SOCK_NODELAY 0x10
+
+int BIO_socket(int domain, int socktype, int protocol, int options);
+int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+int BIO_bind(int sock, const BIO_ADDR *addr, int options);
+int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options);
+int BIO_closesocket(int sock);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_connect(const char *host_port);
+BIO *BIO_new_accept(const char *host_port);
+# endif /* OPENSSL_NO_SOCK*/
+
+BIO *BIO_new_fd(int fd, int close_flag);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+ BIO **bio2, size_t writebuf2);
+/*
+ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
+ * value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+/*
+ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+ */
+
+# define ossl_bio__attr__(x)
+# if defined(__GNUC__) && defined(__STDC_VERSION__) \
+ && !defined(__APPLE__)
+ /*
+ * Because we support the 'z' modifier, which made its appearance in C99,
+ * we can't use __attribute__ with pre C99 dialects.
+ */
+# if __STDC_VERSION__ >= 199901L
+# undef ossl_bio__attr__
+# define ossl_bio__attr__ __attribute__
+# if __GNUC__*10 + __GNUC_MINOR__ >= 44
+# define ossl_bio__printf__ __gnu_printf__
+# else
+# define ossl_bio__printf__ __printf__
+# endif
+# endif
+# endif
+int BIO_printf(BIO *bio, const char *format, ...)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3)));
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0)));
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4)));
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0)));
+# undef ossl_bio__attr__
+# undef ossl_bio__printf__
+
+
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+void BIO_meth_free(BIO_METHOD *biom);
+int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int);
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t,
+ size_t *);
+int BIO_meth_set_write(BIO_METHOD *biom,
+ int (*write) (BIO *, const char *, int));
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+ int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
+int BIO_meth_set_read(BIO_METHOD *biom,
+ int (*read) (BIO *, char *, int));
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+ int (*bread) (BIO *, char *, size_t, size_t *));
+int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom,
+ int (*puts) (BIO *, const char *));
+int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom,
+ int (*gets) (BIO *, char *, int));
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+ long (*ctrl) (BIO *, int, long, void *));
+int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))
+ (BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+ long (*callback_ctrl) (BIO *, int,
+ BIO_info_cb *));
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bioerr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bioerr.h
new file mode 100644
index 000000000..46e2c96ee
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bioerr.h
@@ -0,0 +1,124 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BIOERR_H
+# define HEADER_BIOERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_BIO_strings(void);
+
+/*
+ * BIO function codes.
+ */
+# define BIO_F_ACPT_STATE 100
+# define BIO_F_ADDRINFO_WRAP 148
+# define BIO_F_ADDR_STRINGS 134
+# define BIO_F_BIO_ACCEPT 101
+# define BIO_F_BIO_ACCEPT_EX 137
+# define BIO_F_BIO_ACCEPT_NEW 152
+# define BIO_F_BIO_ADDR_NEW 144
+# define BIO_F_BIO_BIND 147
+# define BIO_F_BIO_CALLBACK_CTRL 131
+# define BIO_F_BIO_CONNECT 138
+# define BIO_F_BIO_CONNECT_NEW 153
+# define BIO_F_BIO_CTRL 103
+# define BIO_F_BIO_GETS 104
+# define BIO_F_BIO_GET_HOST_IP 106
+# define BIO_F_BIO_GET_NEW_INDEX 102
+# define BIO_F_BIO_GET_PORT 107
+# define BIO_F_BIO_LISTEN 139
+# define BIO_F_BIO_LOOKUP 135
+# define BIO_F_BIO_LOOKUP_EX 143
+# define BIO_F_BIO_MAKE_PAIR 121
+# define BIO_F_BIO_METH_NEW 146
+# define BIO_F_BIO_NEW 108
+# define BIO_F_BIO_NEW_DGRAM_SCTP 145
+# define BIO_F_BIO_NEW_FILE 109
+# define BIO_F_BIO_NEW_MEM_BUF 126
+# define BIO_F_BIO_NREAD 123
+# define BIO_F_BIO_NREAD0 124
+# define BIO_F_BIO_NWRITE 125
+# define BIO_F_BIO_NWRITE0 122
+# define BIO_F_BIO_PARSE_HOSTSERV 136
+# define BIO_F_BIO_PUTS 110
+# define BIO_F_BIO_READ 111
+# define BIO_F_BIO_READ_EX 105
+# define BIO_F_BIO_READ_INTERN 120
+# define BIO_F_BIO_SOCKET 140
+# define BIO_F_BIO_SOCKET_NBIO 142
+# define BIO_F_BIO_SOCK_INFO 141
+# define BIO_F_BIO_SOCK_INIT 112
+# define BIO_F_BIO_WRITE 113
+# define BIO_F_BIO_WRITE_EX 119
+# define BIO_F_BIO_WRITE_INTERN 128
+# define BIO_F_BUFFER_CTRL 114
+# define BIO_F_CONN_CTRL 127
+# define BIO_F_CONN_STATE 115
+# define BIO_F_DGRAM_SCTP_NEW 149
+# define BIO_F_DGRAM_SCTP_READ 132
+# define BIO_F_DGRAM_SCTP_WRITE 133
+# define BIO_F_DOAPR_OUTCH 150
+# define BIO_F_FILE_CTRL 116
+# define BIO_F_FILE_READ 130
+# define BIO_F_LINEBUFFER_CTRL 129
+# define BIO_F_LINEBUFFER_NEW 151
+# define BIO_F_MEM_WRITE 117
+# define BIO_F_NBIOF_NEW 154
+# define BIO_F_SLG_WRITE 155
+# define BIO_F_SSL_NEW 118
+
+/*
+ * BIO reason codes.
+ */
+# define BIO_R_ACCEPT_ERROR 100
+# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141
+# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129
+# define BIO_R_BAD_FOPEN_MODE 101
+# define BIO_R_BROKEN_PIPE 124
+# define BIO_R_CONNECT_ERROR 103
+# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107
+# define BIO_R_GETSOCKNAME_ERROR 132
+# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133
+# define BIO_R_GETTING_SOCKTYPE 134
+# define BIO_R_INVALID_ARGUMENT 125
+# define BIO_R_INVALID_SOCKET 135
+# define BIO_R_IN_USE 123
+# define BIO_R_LENGTH_TOO_LONG 102
+# define BIO_R_LISTEN_V6_ONLY 136
+# define BIO_R_LOOKUP_RETURNED_NOTHING 142
+# define BIO_R_MALFORMED_HOST_OR_SERVICE 130
+# define BIO_R_NBIO_CONNECT_ERROR 110
+# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143
+# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144
+# define BIO_R_NO_PORT_DEFINED 113
+# define BIO_R_NO_SUCH_FILE 128
+# define BIO_R_NULL_PARAMETER 115
+# define BIO_R_UNABLE_TO_BIND_SOCKET 117
+# define BIO_R_UNABLE_TO_CREATE_SOCKET 118
+# define BIO_R_UNABLE_TO_KEEPALIVE 137
+# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119
+# define BIO_R_UNABLE_TO_NODELAY 138
+# define BIO_R_UNABLE_TO_REUSEADDR 139
+# define BIO_R_UNAVAILABLE_IP_FAMILY 145
+# define BIO_R_UNINITIALIZED 120
+# define BIO_R_UNKNOWN_INFO_TYPE 140
+# define BIO_R_UNSUPPORTED_IP_FAMILY 146
+# define BIO_R_UNSUPPORTED_METHOD 121
+# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131
+# define BIO_R_WRITE_TO_READ_ONLY_BIO 126
+# define BIO_R_WSASTARTUP 122
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/blowfish.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/blowfish.h
new file mode 100644
index 000000000..cd3e460e9
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/blowfish.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BLOWFISH_H
+# define HEADER_BLOWFISH_H
+
+# include
+
+# ifndef OPENSSL_NO_BF
+# include
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define BF_ENCRYPT 1
+# define BF_DECRYPT 0
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define BF_LONG unsigned int
+
+# define BF_ROUNDS 16
+# define BF_BLOCK 8
+
+typedef struct bf_key_st {
+ BF_LONG P[BF_ROUNDS + 2];
+ BF_LONG S[4 * 256];
+} BF_KEY;
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const BF_KEY *schedule,
+ unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const BF_KEY *schedule,
+ unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bn.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bn.h
new file mode 100644
index 000000000..d87766049
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bn.h
@@ -0,0 +1,539 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_H
+# define HEADER_BN_H
+
+# include
+# ifndef OPENSSL_NO_STDIO
+# include
+# endif
+# include
+# include
+# include
+# include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+# define BN_ULONG unsigned long
+# define BN_BYTES 8
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+# define BN_ULONG unsigned long long
+# define BN_BYTES 8
+# endif
+
+# ifdef THIRTY_TWO_BIT
+# define BN_ULONG unsigned int
+# define BN_BYTES 4
+# endif
+
+# define BN_BITS2 (BN_BYTES * 8)
+# define BN_BITS (BN_BITS2 * 2)
+# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1))
+
+# define BN_FLG_MALLOCED 0x01
+# define BN_FLG_STATIC_DATA 0x02
+
+/*
+ * avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call bn_mod_inverse_no_branch.
+ */
+# define BN_FLG_CONSTTIME 0x04
+# define BN_FLG_SECURE 0x08
+
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag */
+# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
+# define BN_FLG_FREE 0x8000 /* used for debugging */
+# endif
+
+void BN_set_flags(BIGNUM *b, int n);
+int BN_get_flags(const BIGNUM *b, int n);
+
+/* Values for |top| in BN_rand() */
+#define BN_RAND_TOP_ANY -1
+#define BN_RAND_TOP_ONE 0
+#define BN_RAND_TOP_TWO 1
+
+/* Values for |bottom| in BN_rand() */
+#define BN_RAND_BOTTOM_ANY 0
+#define BN_RAND_BOTTOM_ODD 1
+
+/*
+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
+ * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The
+ * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that
+ * has not been otherwise initialised or used.
+ */
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
+
+/* Wrapper function to make using BN_GENCB easier */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
+BN_GENCB *BN_GENCB_new(void);
+void BN_GENCB_free(BN_GENCB *cb);
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+ void *cb_arg);
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+ void *cb_arg);
+
+void *BN_GENCB_get_arg(BN_GENCB *cb);
+
+# define BN_prime_checks 0 /* default: select number of iterations based
+ * on the size of the number */
+
+/*
+ * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
+ * that will be done for checking that a random number is probably prime. The
+ * error rate for accepting a composite number as prime depends on the size of
+ * the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
+ * and so the level is what you would expect for a key of double the size of the
+ * prime.
+ *
+ * This table is generated using the algorithm of FIPS PUB 186-4
+ * Digital Signature Standard (DSS), section F.1, page 117.
+ * (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
+ *
+ * The following magma script was used to generate the output:
+ * securitybits:=125;
+ * k:=1024;
+ * for t:=1 to 65 do
+ * for M:=3 to Floor(2*Sqrt(k-1)-1) do
+ * S:=0;
+ * // Sum over m
+ * for m:=3 to M do
+ * s:=0;
+ * // Sum over j
+ * for j:=2 to m do
+ * s+:=(RealField(32)!2)^-(j+(k-1)/j);
+ * end for;
+ * S+:=2^(m-(m-1)*t)*s;
+ * end for;
+ * A:=2^(k-2-M*t);
+ * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
+ * pkt:=2.00743*Log(2)*k*2^-k*(A+B);
+ * seclevel:=Floor(-Log(2,pkt));
+ * if seclevel ge securitybits then
+ * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M;
+ * break;
+ * end if;
+ * end for;
+ * if seclevel ge securitybits then break; end if;
+ * end for;
+ *
+ * It can be run online at:
+ * http://magma.maths.usyd.edu.au/calc
+ *
+ * And will output:
+ * k: 1024, security: 129 bits (t: 6, M: 23)
+ *
+ * k is the number of bits of the prime, securitybits is the level we want to
+ * reach.
+ *
+ * prime length | RSA key size | # MR tests | security level
+ * -------------+--------------|------------+---------------
+ * (b) >= 6394 | >= 12788 | 3 | 256 bit
+ * (b) >= 3747 | >= 7494 | 3 | 192 bit
+ * (b) >= 1345 | >= 2690 | 4 | 128 bit
+ * (b) >= 1080 | >= 2160 | 5 | 128 bit
+ * (b) >= 852 | >= 1704 | 5 | 112 bit
+ * (b) >= 476 | >= 952 | 5 | 80 bit
+ * (b) >= 400 | >= 800 | 6 | 80 bit
+ * (b) >= 347 | >= 694 | 7 | 80 bit
+ * (b) >= 308 | >= 616 | 8 | 80 bit
+ * (b) >= 55 | >= 110 | 27 | 64 bit
+ * (b) >= 6 | >= 12 | 34 | 64 bit
+ */
+
+# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \
+ (b) >= 1345 ? 4 : \
+ (b) >= 476 ? 5 : \
+ (b) >= 400 ? 6 : \
+ (b) >= 347 ? 7 : \
+ (b) >= 308 ? 8 : \
+ (b) >= 55 ? 27 : \
+ /* b >= 6 */ 34)
+
+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_zero(const BIGNUM *a);
+int BN_is_one(const BIGNUM *a);
+int BN_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_odd(const BIGNUM *a);
+
+# define BN_one(a) (BN_set_word((a),1))
+
+void BN_zero_ex(BIGNUM *a);
+
+# if OPENSSL_API_COMPAT >= 0x00908000L
+# define BN_zero(a) BN_zero_ex(a)
+# else
+# define BN_zero(a) (BN_set_word((a),0))
+# endif
+
+const BIGNUM *BN_value_one(void);
+char *BN_options(void);
+BN_CTX *BN_CTX_new(void);
+BN_CTX *BN_CTX_secure_new(void);
+void BN_CTX_free(BN_CTX *c);
+void BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void BN_CTX_end(BN_CTX *ctx);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_num_bits(const BIGNUM *a);
+int BN_num_bits_word(BN_ULONG l);
+int BN_security_bits(int L, int N);
+BIGNUM *BN_new(void);
+BIGNUM *BN_secure_new(void);
+void BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/** BN_set_negative sets sign of a BIGNUM
+ * \param b pointer to the BIGNUM object
+ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
+ */
+void BN_set_negative(BIGNUM *b, int n);
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param b pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
+int BN_is_negative(const BIGNUM *b);
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+ BN_CTX *ctx);
+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m);
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m);
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+ BN_CTX *ctx);
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void BN_free(BIGNUM *a);
+int BN_is_bit_set(const BIGNUM *a, int n);
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mask_bits(BIGNUM *a, int n);
+# ifndef OPENSSL_NO_STDIO
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+# endif
+int BN_print(BIO *bio, const BIGNUM *a);
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+int BN_asc2bn(BIGNUM **a, const char *str);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
+ * -2 for
+ * error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
+/* Deprecated versions */
+DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add,
+ const BIGNUM *rem,
+ void (*callback) (int, int,
+ void *),
+ void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+ BN_is_prime(const BIGNUM *p, int nchecks,
+ void (*callback) (int, int, void *),
+ BN_CTX *ctx, void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+ BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+ void (*callback) (int, int, void *),
+ BN_CTX *ctx, void *cb_arg,
+ int do_trial_division))
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+ int do_trial_division, BN_GENCB *cb);
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ const BIGNUM *Xp, const BIGNUM *Xp1,
+ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
+ BN_CTX *ctx, BN_GENCB *cb);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
+ const BIGNUM *mod, BN_CTX *ctx);
+
+/* BN_BLINDING flags */
+# define BN_BLINDING_NO_UPDATE 0x00000001
+# define BN_BLINDING_NO_RECREATE 0x00000002
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+ BN_CTX *);
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+int BN_BLINDING_lock(BN_BLINDING *b);
+int BN_BLINDING_unlock(BN_BLINDING *b);
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+ int (*bn_mod_exp) (BIGNUM *r,
+ const BIGNUM *a,
+ const BIGNUM *p,
+ const BIGNUM *m,
+ BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx),
+ BN_MONT_CTX *m_ctx);
+
+DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
+DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
+ * mont */
+
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_EC2M
+
+/*
+ * Functions for arithmetic over binary polynomials represented by BIGNUMs.
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored. Note that input arguments are not const so that their bit arrays
+ * can be expanded to the appropriate size if needed.
+ */
+
+/*
+ * r = a + b
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+/*
+ * r=a mod p
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ BN_CTX *ctx);
+# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p. The irreducible f(t) is then of the form:
+ * t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+/* r = a mod p */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const int p[], BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+ BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
+ BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const int p[], BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const int p[], BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+ const int p[], BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+ const int p[], BN_CTX *ctx);
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
+
+# endif
+
+/*
+ * faster mod functions for the 'NIST primes' 0 <= a < p^2
+ */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *field, BN_CTX *ctx);
+
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+ const BIGNUM *priv, const unsigned char *message,
+ size_t message_len, BN_CTX *ctx);
+
+/* Primes from RFC 2409 */
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
+# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
+# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
+# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
+# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
+# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
+# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
+# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
+# endif
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bnerr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bnerr.h
new file mode 100644
index 000000000..5c83777f9
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/bnerr.h
@@ -0,0 +1,101 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BNERR_H
+# define HEADER_BNERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_BN_strings(void);
+
+/*
+ * BN function codes.
+ */
+# define BN_F_BNRAND 127
+# define BN_F_BNRAND_RANGE 138
+# define BN_F_BN_BLINDING_CONVERT_EX 100
+# define BN_F_BN_BLINDING_CREATE_PARAM 128
+# define BN_F_BN_BLINDING_INVERT_EX 101
+# define BN_F_BN_BLINDING_NEW 102
+# define BN_F_BN_BLINDING_UPDATE 103
+# define BN_F_BN_BN2DEC 104
+# define BN_F_BN_BN2HEX 105
+# define BN_F_BN_COMPUTE_WNAF 142
+# define BN_F_BN_CTX_GET 116
+# define BN_F_BN_CTX_NEW 106
+# define BN_F_BN_CTX_START 129
+# define BN_F_BN_DIV 107
+# define BN_F_BN_DIV_RECP 130
+# define BN_F_BN_EXP 123
+# define BN_F_BN_EXPAND_INTERNAL 120
+# define BN_F_BN_GENCB_NEW 143
+# define BN_F_BN_GENERATE_DSA_NONCE 140
+# define BN_F_BN_GENERATE_PRIME_EX 141
+# define BN_F_BN_GF2M_MOD 131
+# define BN_F_BN_GF2M_MOD_EXP 132
+# define BN_F_BN_GF2M_MOD_MUL 133
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
+# define BN_F_BN_GF2M_MOD_SQR 136
+# define BN_F_BN_GF2M_MOD_SQRT 137
+# define BN_F_BN_LSHIFT 145
+# define BN_F_BN_MOD_EXP2_MONT 118
+# define BN_F_BN_MOD_EXP_MONT 109
+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
+# define BN_F_BN_MOD_EXP_MONT_WORD 117
+# define BN_F_BN_MOD_EXP_RECP 125
+# define BN_F_BN_MOD_EXP_SIMPLE 126
+# define BN_F_BN_MOD_INVERSE 110
+# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139
+# define BN_F_BN_MOD_LSHIFT_QUICK 119
+# define BN_F_BN_MOD_SQRT 121
+# define BN_F_BN_MONT_CTX_NEW 149
+# define BN_F_BN_MPI2BN 112
+# define BN_F_BN_NEW 113
+# define BN_F_BN_POOL_GET 147
+# define BN_F_BN_RAND 114
+# define BN_F_BN_RAND_RANGE 122
+# define BN_F_BN_RECP_CTX_NEW 150
+# define BN_F_BN_RSHIFT 146
+# define BN_F_BN_SET_WORDS 144
+# define BN_F_BN_STACK_PUSH 148
+# define BN_F_BN_USUB 115
+# define BN_F_OSSL_BN_RSA_DO_UNBLIND 151
+
+/*
+ * BN reason codes.
+ */
+# define BN_R_ARG2_LT_ARG3 100
+# define BN_R_BAD_RECIPROCAL 101
+# define BN_R_BIGNUM_TOO_LONG 114
+# define BN_R_BITS_TOO_SMALL 118
+# define BN_R_CALLED_WITH_EVEN_MODULUS 102
+# define BN_R_DIV_BY_ZERO 103
+# define BN_R_ENCODING_ERROR 104
+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
+# define BN_R_INPUT_NOT_REDUCED 110
+# define BN_R_INVALID_LENGTH 106
+# define BN_R_INVALID_RANGE 115
+# define BN_R_INVALID_SHIFT 119
+# define BN_R_NOT_A_SQUARE 111
+# define BN_R_NOT_INITIALIZED 107
+# define BN_R_NO_INVERSE 108
+# define BN_R_NO_SOLUTION 116
+# define BN_R_PRIVATE_KEY_TOO_LARGE 117
+# define BN_R_P_IS_NOT_PRIME 112
+# define BN_R_TOO_MANY_ITERATIONS 113
+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/buffer.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/buffer.h
new file mode 100644
index 000000000..d2765766b
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/buffer.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFFER_H
+# define HEADER_BUFFER_H
+
+# include
+# ifndef HEADER_CRYPTO_H
+# include
+# endif
+# include
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include
+# include
+
+/*
+ * These names are outdated as of OpenSSL 1.1; a future release
+ * will move them to be deprecated.
+ */
+# define BUF_strdup(s) OPENSSL_strdup(s)
+# define BUF_strndup(s, size) OPENSSL_strndup(s, size)
+# define BUF_memdup(data, size) OPENSSL_memdup(data, size)
+# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size)
+# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size)
+# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen)
+
+struct buf_mem_st {
+ size_t length; /* current number of bytes */
+ char *data;
+ size_t max; /* size of buffer */
+ unsigned long flags;
+};
+
+# define BUF_MEM_FLAG_SECURE 0x01
+
+BUF_MEM *BUF_MEM_new(void);
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+void BUF_MEM_free(BUF_MEM *a);
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len);
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
+
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/buffererr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/buffererr.h
new file mode 100644
index 000000000..04f6ff7a8
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/buffererr.h
@@ -0,0 +1,34 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFERR_H
+# define HEADER_BUFERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_BUF_strings(void);
+
+/*
+ * BUF function codes.
+ */
+# define BUF_F_BUF_MEM_GROW 100
+# define BUF_F_BUF_MEM_GROW_CLEAN 105
+# define BUF_F_BUF_MEM_NEW 101
+
+/*
+ * BUF reason codes.
+ */
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/camellia.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/camellia.h
new file mode 100644
index 000000000..151f3c134
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/camellia.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAMELLIA_H
+# define HEADER_CAMELLIA_H
+
+# include
+
+# ifndef OPENSSL_NO_CAMELLIA
+# include
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define CAMELLIA_ENCRYPT 1
+# define CAMELLIA_DECRYPT 0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+
+/* This should be a hidden type, but EVP requires that the size be known */
+
+# define CAMELLIA_BLOCK_SIZE 16
+# define CAMELLIA_TABLE_BYTE_LEN 272
+# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
+ * with WORD */
+
+struct camellia_key_st {
+ union {
+ double d; /* ensures 64-bit align */
+ KEY_TABLE_TYPE rd_key;
+ } u;
+ int grand_rounds;
+};
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, const int enc);
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, int *num);
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const CAMELLIA_KEY *key,
+ unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+ unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+ unsigned int *num);
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cast.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cast.h
new file mode 100644
index 000000000..2cc89ae01
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cast.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAST_H
+# define HEADER_CAST_H
+
+# include
+
+# ifndef OPENSSL_NO_CAST
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define CAST_ENCRYPT 1
+# define CAST_DECRYPT 0
+
+# define CAST_LONG unsigned int
+
+# define CAST_BLOCK 8
+# define CAST_KEY_LENGTH 16
+
+typedef struct cast_key_st {
+ CAST_LONG data[32];
+ int short_key; /* Use reduced rounds for short key */
+} CAST_KEY;
+
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const CAST_KEY *key, int enc);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *ks, unsigned char *iv,
+ int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *schedule,
+ unsigned char *ivec, int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *schedule,
+ unsigned char *ivec, int *num);
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cmac.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cmac.h
new file mode 100644
index 000000000..3535a9abf
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cmac.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMAC_H
+# define HEADER_CMAC_H
+
+# ifndef OPENSSL_NO_CMAC
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include
+
+/* Opaque */
+typedef struct CMAC_CTX_st CMAC_CTX;
+
+CMAC_CTX *CMAC_CTX_new(void);
+void CMAC_CTX_cleanup(CMAC_CTX *ctx);
+void CMAC_CTX_free(CMAC_CTX *ctx);
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
+
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+ const EVP_CIPHER *cipher, ENGINE *impl);
+int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
+int CMAC_resume(CMAC_CTX *ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cms.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cms.h
new file mode 100644
index 000000000..c7627968c
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cms.h
@@ -0,0 +1,339 @@
+/*
+ * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMS_H
+# define HEADER_CMS_H
+
+# include
+
+# ifndef OPENSSL_NO_CMS
+# include
+# include
+# include
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
+typedef struct CMS_Receipt_st CMS_Receipt;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
+DEFINE_STACK_OF(CMS_RecipientInfo)
+DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL 0
+# define CMS_SIGNERINFO_KEYIDENTIFIER 1
+
+# define CMS_RECIPINFO_NONE -1
+# define CMS_RECIPINFO_TRANS 0
+# define CMS_RECIPINFO_AGREE 1
+# define CMS_RECIPINFO_KEK 2
+# define CMS_RECIPINFO_PASS 3
+# define CMS_RECIPINFO_OTHER 4
+
+/* S/MIME related flags */
+
+# define CMS_TEXT 0x1
+# define CMS_NOCERTS 0x2
+# define CMS_NO_CONTENT_VERIFY 0x4
+# define CMS_NO_ATTR_VERIFY 0x8
+# define CMS_NOSIGS \
+ (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+# define CMS_NOINTERN 0x10
+# define CMS_NO_SIGNER_CERT_VERIFY 0x20
+# define CMS_NOVERIFY 0x20
+# define CMS_DETACHED 0x40
+# define CMS_BINARY 0x80
+# define CMS_NOATTR 0x100
+# define CMS_NOSMIMECAP 0x200
+# define CMS_NOOLDMIMETYPE 0x400
+# define CMS_CRLFEOL 0x800
+# define CMS_STREAM 0x1000
+# define CMS_NOCRL 0x2000
+# define CMS_PARTIAL 0x4000
+# define CMS_REUSE_DIGEST 0x8000
+# define CMS_USE_KEYID 0x10000
+# define CMS_DEBUG_DECRYPT 0x20000
+# define CMS_KEY_PARAM 0x40000
+# define CMS_ASCIICRLF 0x80000
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+# ifdef HEADER_PEM_H
+DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+# endif
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+ int flags);
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
+ unsigned int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+ STACK_OF(X509) *certs, BIO *data,
+ unsigned int flags);
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+ X509 *signcert, EVP_PKEY *pkey,
+ STACK_OF(X509) *certs, unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+ unsigned int flags);
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags);
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+ const unsigned char *key,
+ size_t keylen, unsigned int flags);
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+ const unsigned char *key, size_t keylen);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+ STACK_OF(X509) *certs,
+ X509_STORE *store, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+ const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+ BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+ unsigned char *key, size_t keylen,
+ const unsigned char *id, size_t idlen);
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
+ unsigned char *pass, ossl_ssize_t passlen);
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+ X509 *recip, unsigned int flags);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+ EVP_PKEY **pk, X509 **recip,
+ X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer,
+ ASN1_INTEGER **sno);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen,
+ ASN1_GENERALIZEDTIME *date,
+ ASN1_OBJECT *otherTypeId,
+ ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+ X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pid,
+ ASN1_GENERALIZEDTIME **pdate,
+ ASN1_OBJECT **potherid,
+ ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+ unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+ const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
+ unsigned char *pass,
+ ossl_ssize_t passlen);
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+ int iter, int wrap_nid,
+ int pbe_nid,
+ unsigned char *pass,
+ ossl_ssize_t passlen,
+ const EVP_CIPHER *kekciph);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+ X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+ unsigned int flags);
+EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
+EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+ X509 **signer, X509_ALGOR **pdig,
+ X509_ALGOR **psig);
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+ int algnid, int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+ int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+ int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type);
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+ int allorfirst,
+ STACK_OF(GENERAL_NAMES)
+ *receiptList, STACK_OF(GENERAL_NAMES)
+ *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+ ASN1_STRING **pcid,
+ int *pallorfirst,
+ STACK_OF(GENERAL_NAMES) **plist,
+ STACK_OF(GENERAL_NAMES) **prto);
+int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
+ X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pukm);
+STACK_OF(CMS_RecipientEncryptedKey)
+*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
+
+int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
+ X509_ALGOR **pubalg,
+ ASN1_BIT_STRING **pubkey,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer,
+ ASN1_INTEGER **sno);
+
+int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
+
+int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+ ASN1_OCTET_STRING **keyid,
+ ASN1_GENERALIZEDTIME **tm,
+ CMS_OtherKeyAttribute **other,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
+ X509 *cert);
+int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
+EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri,
+ CMS_RecipientEncryptedKey *rek);
+
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+ ASN1_OCTET_STRING *ukm, int keylen);
+
+/* Backward compatibility for spelling errors. */
+# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
+# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
+ CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cmserr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cmserr.h
new file mode 100644
index 000000000..d589f592c
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cmserr.h
@@ -0,0 +1,203 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMSERR_H
+# define HEADER_CMSERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# include
+
+# ifndef OPENSSL_NO_CMS
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_CMS_strings(void);
+
+/*
+ * CMS function codes.
+ */
+# define CMS_F_CHECK_CONTENT 99
+# define CMS_F_CMS_ADD0_CERT 164
+# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
+# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165
+# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
+# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
+# define CMS_F_CMS_ADD1_SIGNER 102
+# define CMS_F_CMS_ADD1_SIGNINGTIME 103
+# define CMS_F_CMS_COMPRESS 104
+# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
+# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
+# define CMS_F_CMS_COPY_CONTENT 107
+# define CMS_F_CMS_COPY_MESSAGEDIGEST 108
+# define CMS_F_CMS_DATA 109
+# define CMS_F_CMS_DATAFINAL 110
+# define CMS_F_CMS_DATAINIT 111
+# define CMS_F_CMS_DECRYPT 112
+# define CMS_F_CMS_DECRYPT_SET1_KEY 113
+# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166
+# define CMS_F_CMS_DECRYPT_SET1_PKEY 114
+# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
+# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
+# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
+# define CMS_F_CMS_DIGEST_VERIFY 118
+# define CMS_F_CMS_ENCODE_RECEIPT 161
+# define CMS_F_CMS_ENCRYPT 119
+# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179
+# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
+# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
+# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
+# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
+# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
+# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
+# define CMS_F_CMS_ENVELOPED_DATA_INIT 126
+# define CMS_F_CMS_ENV_ASN1_CTRL 171
+# define CMS_F_CMS_FINAL 127
+# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
+# define CMS_F_CMS_GET0_CONTENT 129
+# define CMS_F_CMS_GET0_ECONTENT_TYPE 130
+# define CMS_F_CMS_GET0_ENVELOPED 131
+# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
+# define CMS_F_CMS_GET0_SIGNED 133
+# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
+# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
+# define CMS_F_CMS_RECEIPT_VERIFY 160
+# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
+# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169
+# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178
+# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175
+# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173
+# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172
+# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
+# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167
+# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
+# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168
+# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
+# define CMS_F_CMS_SD_ASN1_CTRL 170
+# define CMS_F_CMS_SET1_IAS 176
+# define CMS_F_CMS_SET1_KEYID 177
+# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
+# define CMS_F_CMS_SET_DETACHED 147
+# define CMS_F_CMS_SIGN 148
+# define CMS_F_CMS_SIGNED_DATA_INIT 149
+# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
+# define CMS_F_CMS_SIGNERINFO_SIGN 151
+# define CMS_F_CMS_SIGNERINFO_VERIFY 152
+# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
+# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
+# define CMS_F_CMS_SIGN_RECEIPT 163
+# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 183
+# define CMS_F_CMS_STREAM 155
+# define CMS_F_CMS_UNCOMPRESS 156
+# define CMS_F_CMS_VERIFY 157
+# define CMS_F_KEK_UNWRAP_KEY 180
+
+/*
+ * CMS reason codes.
+ */
+# define CMS_R_ADD_SIGNER_ERROR 99
+# define CMS_R_ATTRIBUTE_ERROR 161
+# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
+# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
+# define CMS_R_CERTIFICATE_VERIFY_ERROR 100
+# define CMS_R_CIPHER_INITIALISATION_ERROR 101
+# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
+# define CMS_R_CMS_DATAFINAL_ERROR 103
+# define CMS_R_CMS_LIB 104
+# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
+# define CMS_R_CONTENT_NOT_FOUND 105
+# define CMS_R_CONTENT_TYPE_MISMATCH 171
+# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
+# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
+# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
+# define CMS_R_CONTENT_VERIFY_ERROR 109
+# define CMS_R_CTRL_ERROR 110
+# define CMS_R_CTRL_FAILURE 111
+# define CMS_R_DECRYPT_ERROR 112
+# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
+# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
+# define CMS_R_ERROR_SETTING_KEY 115
+# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
+# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
+# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176
+# define CMS_R_INVALID_KEY_LENGTH 118
+# define CMS_R_MD_BIO_INIT_ERROR 119
+# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
+# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
+# define CMS_R_MSGSIGDIGEST_ERROR 172
+# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
+# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
+# define CMS_R_NEED_ONE_SIGNER 164
+# define CMS_R_NOT_A_SIGNED_RECEIPT 165
+# define CMS_R_NOT_ENCRYPTED_DATA 122
+# define CMS_R_NOT_KEK 123
+# define CMS_R_NOT_KEY_AGREEMENT 181
+# define CMS_R_NOT_KEY_TRANSPORT 124
+# define CMS_R_NOT_PWRI 177
+# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
+# define CMS_R_NO_CIPHER 126
+# define CMS_R_NO_CONTENT 127
+# define CMS_R_NO_CONTENT_TYPE 173
+# define CMS_R_NO_DEFAULT_DIGEST 128
+# define CMS_R_NO_DIGEST_SET 129
+# define CMS_R_NO_KEY 130
+# define CMS_R_NO_KEY_OR_CERT 174
+# define CMS_R_NO_MATCHING_DIGEST 131
+# define CMS_R_NO_MATCHING_RECIPIENT 132
+# define CMS_R_NO_MATCHING_SIGNATURE 166
+# define CMS_R_NO_MSGSIGDIGEST 167
+# define CMS_R_NO_PASSWORD 178
+# define CMS_R_NO_PRIVATE_KEY 133
+# define CMS_R_NO_PUBLIC_KEY 134
+# define CMS_R_NO_RECEIPT_REQUEST 168
+# define CMS_R_NO_SIGNERS 135
+# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
+# define CMS_R_RECEIPT_DECODE_ERROR 169
+# define CMS_R_RECIPIENT_ERROR 137
+# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
+# define CMS_R_SIGNFINAL_ERROR 139
+# define CMS_R_SMIME_TEXT_ERROR 140
+# define CMS_R_STORE_INIT_ERROR 141
+# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
+# define CMS_R_TYPE_NOT_DATA 143
+# define CMS_R_TYPE_NOT_DIGESTED_DATA 144
+# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
+# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
+# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
+# define CMS_R_UNKNOWN_CIPHER 148
+# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149
+# define CMS_R_UNKNOWN_ID 150
+# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
+# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194
+# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
+# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
+# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
+# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155
+# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
+# define CMS_R_UNSUPPORTED_TYPE 156
+# define CMS_R_UNWRAP_ERROR 157
+# define CMS_R_UNWRAP_FAILURE 180
+# define CMS_R_VERIFICATION_FAILURE 158
+# define CMS_R_WRAP_ERROR 159
+
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/comp.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/comp.h
new file mode 100644
index 000000000..d814d3cf2
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/comp.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMP_H
+# define HEADER_COMP_H
+
+# include
+
+# ifndef OPENSSL_NO_COMP
+# include
+# include
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx);
+int COMP_CTX_get_type(const COMP_CTX* comp);
+int COMP_get_type(const COMP_METHOD *meth);
+const char *COMP_get_name(const COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+ unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+ unsigned char *in, int ilen);
+
+COMP_METHOD *COMP_zlib(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define COMP_zlib_cleanup() while(0) continue
+#endif
+
+# ifdef HEADER_BIO_H
+# ifdef ZLIB
+const BIO_METHOD *BIO_f_zlib(void);
+# endif
+# endif
+
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/comperr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/comperr.h
new file mode 100644
index 000000000..90231e9aa
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/comperr.h
@@ -0,0 +1,44 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMPERR_H
+# define HEADER_COMPERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# include
+
+# ifndef OPENSSL_NO_COMP
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_COMP_strings(void);
+
+/*
+ * COMP function codes.
+ */
+# define COMP_F_BIO_ZLIB_FLUSH 99
+# define COMP_F_BIO_ZLIB_NEW 100
+# define COMP_F_BIO_ZLIB_READ 101
+# define COMP_F_BIO_ZLIB_WRITE 102
+# define COMP_F_COMP_CTX_NEW 103
+
+/*
+ * COMP reason codes.
+ */
+# define COMP_R_ZLIB_DEFLATE_ERROR 99
+# define COMP_R_ZLIB_INFLATE_ERROR 100
+# define COMP_R_ZLIB_NOT_SUPPORTED 101
+
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conf.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conf.h
new file mode 100644
index 000000000..7336cd2f1
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conf.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONF_H
+# define HEADER_CONF_H
+
+# include
+# include
+# include
+# include
+# include
+# include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+ char *section;
+ char *name;
+ char *value;
+} CONF_VALUE;
+
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_LHASH_OF(CONF_VALUE);
+
+struct conf_st;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st {
+ const char *name;
+ CONF *(*create) (CONF_METHOD *meth);
+ int (*init) (CONF *conf);
+ int (*destroy) (CONF *conf);
+ int (*destroy_data) (CONF *conf);
+ int (*load_bio) (CONF *conf, BIO *bp, long *eline);
+ int (*dump) (const CONF *conf, BIO *bp);
+ int (*is_number) (const CONF *conf, char c);
+ int (*to_int) (const CONF *conf, char c);
+ int (*load) (CONF *conf, const char *name, long *eline);
+};
+
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+DEFINE_STACK_OF(CONF_MODULE)
+DEFINE_STACK_OF(CONF_IMODULE)
+
+/* DSO module function typedefs */
+typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func (CONF_IMODULE *md);
+
+# define CONF_MFLAGS_IGNORE_ERRORS 0x1
+# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
+# define CONF_MFLAGS_SILENT 0x4
+# define CONF_MFLAGS_NO_DSO 0x8
+# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
+# define CONF_MFLAGS_DEFAULT_SECTION 0x20
+
+int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+ long *eline);
+# ifndef OPENSSL_NO_STDIO
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+ long *eline);
+# endif
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+ long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+ const char *section);
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
+ const char *name);
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
+ const char *name);
+void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+#ifndef OPENSSL_NO_STDIO
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+#endif
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
+
+DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OPENSSL_no_config() \
+ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
+#endif
+
+/*
+ * New conf code. The semantics are different from the functions above. If
+ * that wasn't the case, the above functions would have been replaced
+ */
+
+struct conf_st {
+ CONF_METHOD *meth;
+ void *meth_data;
+ LHASH_OF(CONF_VALUE) *data;
+};
+
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
+
+int NCONF_load(CONF *conf, const char *file, long *eline);
+# ifndef OPENSSL_NO_STDIO
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
+# endif
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
+ const char *section);
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+ long *result);
+#ifndef OPENSSL_NO_STDIO
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+#endif
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+ unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+ unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define CONF_modules_free() while(0) continue
+#endif
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+ conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+ int (*list_cb) (const char *elem, int len, void *usr),
+ void *arg);
+
+void OPENSSL_load_builtin_modules(void);
+
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conf_api.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conf_api.h
new file mode 100644
index 000000000..a0275ad79
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conf_api.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONF_API_H
+# define HEADER_CONF_API_H
+
+# include
+# include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+ const char *section);
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(const CONF *conf, const char *section,
+ const char *name);
+long _CONF_get_number(const CONF *conf, const char *section,
+ const char *name);
+
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conferr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conferr.h
new file mode 100644
index 000000000..32b922918
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/conferr.h
@@ -0,0 +1,76 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONFERR_H
+# define HEADER_CONFERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_CONF_strings(void);
+
+/*
+ * CONF function codes.
+ */
+# define CONF_F_CONF_DUMP_FP 104
+# define CONF_F_CONF_LOAD 100
+# define CONF_F_CONF_LOAD_FP 103
+# define CONF_F_CONF_PARSE_LIST 119
+# define CONF_F_DEF_LOAD 120
+# define CONF_F_DEF_LOAD_BIO 121
+# define CONF_F_GET_NEXT_FILE 107
+# define CONF_F_MODULE_ADD 122
+# define CONF_F_MODULE_INIT 115
+# define CONF_F_MODULE_LOAD_DSO 117
+# define CONF_F_MODULE_RUN 118
+# define CONF_F_NCONF_DUMP_BIO 105
+# define CONF_F_NCONF_DUMP_FP 106
+# define CONF_F_NCONF_GET_NUMBER_E 112
+# define CONF_F_NCONF_GET_SECTION 108
+# define CONF_F_NCONF_GET_STRING 109
+# define CONF_F_NCONF_LOAD 113
+# define CONF_F_NCONF_LOAD_BIO 110
+# define CONF_F_NCONF_LOAD_FP 114
+# define CONF_F_NCONF_NEW 111
+# define CONF_F_PROCESS_INCLUDE 116
+# define CONF_F_SSL_MODULE_INIT 123
+# define CONF_F_STR_COPY 101
+
+/*
+ * CONF reason codes.
+ */
+# define CONF_R_ERROR_LOADING_DSO 110
+# define CONF_R_LIST_CANNOT_BE_NULL 115
+# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100
+# define CONF_R_MISSING_EQUAL_SIGN 101
+# define CONF_R_MISSING_INIT_FUNCTION 112
+# define CONF_R_MODULE_INITIALIZATION_ERROR 109
+# define CONF_R_NO_CLOSE_BRACE 102
+# define CONF_R_NO_CONF 105
+# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106
+# define CONF_R_NO_SECTION 107
+# define CONF_R_NO_SUCH_FILE 114
+# define CONF_R_NO_VALUE 108
+# define CONF_R_NUMBER_TOO_LARGE 121
+# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111
+# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117
+# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118
+# define CONF_R_SSL_SECTION_EMPTY 119
+# define CONF_R_SSL_SECTION_NOT_FOUND 120
+# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103
+# define CONF_R_UNKNOWN_MODULE_NAME 113
+# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116
+# define CONF_R_VARIABLE_HAS_NO_VALUE 104
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/crypto.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/crypto.h
new file mode 100644
index 000000000..7d0b52623
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/crypto.h
@@ -0,0 +1,445 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTO_H
+# define HEADER_CRYPTO_H
+
+# include
+# include
+
+# include
+
+# ifndef OPENSSL_NO_STDIO
+# include
+# endif
+
+# include
+# include
+# include
+# include
+# include
+
+# ifdef CHARSET_EBCDIC
+# include
+# endif
+
+/*
+ * Resolve problems on some operating systems with symbol names that clash
+ * one way or another
+ */
+# include
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# include
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define SSLeay OpenSSL_version_num
+# define SSLeay_version OpenSSL_version
+# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+# define SSLEAY_VERSION OPENSSL_VERSION
+# define SSLEAY_CFLAGS OPENSSL_CFLAGS
+# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON
+# define SSLEAY_PLATFORM OPENSSL_PLATFORM
+# define SSLEAY_DIR OPENSSL_DIR
+
+/*
+ * Old type for allocating dynamic locks. No longer used. Use the new thread
+ * API instead.
+ */
+typedef struct {
+ int dummy;
+} CRYPTO_dynlock;
+
+# endif /* OPENSSL_API_COMPAT */
+
+typedef void CRYPTO_RWLOCK;
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+
+/*
+ * The following can be used to detect memory leaks in the library. If
+ * used, it turns on malloc checking
+ */
+# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */
+# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */
+
+struct crypto_ex_data_st {
+ STACK_OF(void) *sk;
+};
+DEFINE_STACK_OF(void)
+
+/*
+ * Per class, we have a STACK of function pointers.
+ */
+# define CRYPTO_EX_INDEX_SSL 0
+# define CRYPTO_EX_INDEX_SSL_CTX 1
+# define CRYPTO_EX_INDEX_SSL_SESSION 2
+# define CRYPTO_EX_INDEX_X509 3
+# define CRYPTO_EX_INDEX_X509_STORE 4
+# define CRYPTO_EX_INDEX_X509_STORE_CTX 5
+# define CRYPTO_EX_INDEX_DH 6
+# define CRYPTO_EX_INDEX_DSA 7
+# define CRYPTO_EX_INDEX_EC_KEY 8
+# define CRYPTO_EX_INDEX_RSA 9
+# define CRYPTO_EX_INDEX_ENGINE 10
+# define CRYPTO_EX_INDEX_UI 11
+# define CRYPTO_EX_INDEX_BIO 12
+# define CRYPTO_EX_INDEX_APP 13
+# define CRYPTO_EX_INDEX_UI_METHOD 14
+# define CRYPTO_EX_INDEX_DRBG 15
+# define CRYPTO_EX_INDEX__COUNT 16
+
+/* No longer needed, so this is a no-op */
+#define OPENSSL_malloc_init() while(0) continue
+
+int CRYPTO_mem_ctrl(int mode);
+
+# define OPENSSL_malloc(num) \
+ CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_zalloc(num) \
+ CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_realloc(addr, num) \
+ CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_realloc(addr, old_num, num) \
+ CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_free(addr, num) \
+ CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_free(addr) \
+ CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_memdup(str, s) \
+ CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strdup(str) \
+ CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strndup(str, n) \
+ CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_malloc(num) \
+ CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_zalloc(num) \
+ CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_free(addr) \
+ CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_clear_free(addr, num) \
+ CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_actual_size(ptr) \
+ CRYPTO_secure_actual_size(ptr)
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strnlen(const char *str, size_t maxlen);
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+int OPENSSL_hexchar2int(unsigned char c);
+
+# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
+
+unsigned long OpenSSL_version_num(void);
+const char *OpenSSL_version(int type);
+# define OPENSSL_VERSION 0
+# define OPENSSL_CFLAGS 1
+# define OPENSSL_BUILT_ON 2
+# define OPENSSL_PLATFORM 3
+# define OPENSSL_DIR 4
+# define OPENSSL_ENGINES_DIR 5
+
+int OPENSSL_issetugid(void);
+
+typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp);
+__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+/* No longer use an index. */
+int CRYPTO_free_ex_index(int class_index, int idx);
+
+/*
+ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a
+ * given class (invokes whatever per-class callbacks are applicable)
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+ const CRYPTO_EX_DATA *from);
+
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+
+/*
+ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
+ * index (relative to the class type involved)
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions.
+ */
+# define CRYPTO_cleanup_all_ex_data() while(0) continue
+
+/*
+ * The old locking functions have been removed completely without compatibility
+ * macros. This is because the old functions either could not properly report
+ * errors, or the returned error values were not clearly documented.
+ * Replacing the locking functions with no-ops would cause race condition
+ * issues in the affected applications. It is far better for them to fail at
+ * compile time.
+ * On the other hand, the locking callbacks are no longer used. Consequently,
+ * the callback management functions can be safely replaced with no-op macros.
+ */
+# define CRYPTO_num_locks() (1)
+# define CRYPTO_set_locking_callback(func)
+# define CRYPTO_get_locking_callback() (NULL)
+# define CRYPTO_set_add_lock_callback(func)
+# define CRYPTO_get_add_lock_callback() (NULL)
+
+/*
+ * These defines where used in combination with the old locking callbacks,
+ * they are not called anymore, but old code that's not called might still
+ * use them.
+ */
+# define CRYPTO_LOCK 1
+# define CRYPTO_UNLOCK 2
+# define CRYPTO_READ 4
+# define CRYPTO_WRITE 8
+
+/* This structure is no longer used */
+typedef struct crypto_threadid_st {
+ int dummy;
+} CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+# define CRYPTO_THREADID_set_numeric(id, val)
+# define CRYPTO_THREADID_set_pointer(id, ptr)
+# define CRYPTO_THREADID_set_callback(threadid_func) (0)
+# define CRYPTO_THREADID_get_callback() (NULL)
+# define CRYPTO_THREADID_current(id)
+# define CRYPTO_THREADID_cmp(a, b) (-1)
+# define CRYPTO_THREADID_cpy(dest, src)
+# define CRYPTO_THREADID_hash(id) (0UL)
+
+# if OPENSSL_API_COMPAT < 0x10000000L
+# define CRYPTO_set_id_callback(func)
+# define CRYPTO_get_id_callback() (NULL)
+# define CRYPTO_thread_id() (0UL)
+# endif /* OPENSSL_API_COMPAT < 0x10000000L */
+
+# define CRYPTO_set_dynlock_create_callback(dyn_create_function)
+# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function)
+# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function)
+# define CRYPTO_get_dynlock_create_callback() (NULL)
+# define CRYPTO_get_dynlock_lock_callback() (NULL)
+# define CRYPTO_get_dynlock_destroy_callback() (NULL)
+# endif /* OPENSSL_API_COMPAT < 0x10100000L */
+
+int CRYPTO_set_mem_functions(
+ void *(*m) (size_t, const char *, int),
+ void *(*r) (void *, size_t, const char *, int),
+ void (*f) (void *, const char *, int));
+int CRYPTO_set_mem_debug(int flag);
+void CRYPTO_get_mem_functions(
+ void *(**m) (size_t, const char *, int),
+ void *(**r) (void *, size_t, const char *, int),
+ void (**f) (void *, const char *, int));
+
+void *CRYPTO_malloc(size_t num, const char *file, int line);
+void *CRYPTO_zalloc(size_t num, const char *file, int line);
+void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
+char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
+void CRYPTO_free(void *ptr, const char *file, int line);
+void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line);
+void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line);
+void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+ const char *file, int line);
+
+int CRYPTO_secure_malloc_init(size_t sz, int minsize);
+int CRYPTO_secure_malloc_done(void);
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+void CRYPTO_secure_free(void *ptr, const char *file, int line);
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+ const char *file, int line);
+int CRYPTO_secure_allocated(const void *ptr);
+int CRYPTO_secure_malloc_initialized(void);
+size_t CRYPTO_secure_actual_size(void *ptr);
+size_t CRYPTO_secure_used(void);
+
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_mem_debug_push(info) \
+ CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_mem_debug_pop() \
+ CRYPTO_mem_debug_pop()
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+int CRYPTO_mem_debug_pop(void);
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
+
+/*-
+ * Debugging functions (enabled by CRYPTO_set_mem_debug(1))
+ * The flag argument has the following significance:
+ * 0: called before the actual memory allocation has taken place
+ * 1: called after the actual memory allocation has taken place
+ */
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
+ const char *file, int line);
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
+ const char *file, int line);
+void CRYPTO_mem_debug_free(void *addr, int flag,
+ const char *file, int line);
+
+int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
+ void *u);
+# ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *);
+# endif
+int CRYPTO_mem_leaks(BIO *bio);
+# endif
+
+/* die if we have to */
+ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
+# endif
+# define OPENSSL_assert(e) \
+ (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
+
+int OPENSSL_isservice(void);
+
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+# ifdef OPENSSL_SYS_UNIX
+void OPENSSL_fork_prepare(void);
+void OPENSSL_fork_parent(void);
+void OPENSSL_fork_child(void);
+# endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+ const struct tm *from, const struct tm *to);
+
+/*
+ * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
+ * It takes an amount of time dependent on |len|, but independent of the
+ * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements
+ * into a defined order as the return value when a != b is undefined, other
+ * than to be non-zero.
+ */
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
+
+/* Standard initialisation options */
+# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L
+# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L
+# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L
+# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L
+# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L
+# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L
+# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L
+# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L
+# define OPENSSL_INIT_ASYNC 0x00000100L
+# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L
+# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L
+# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L
+# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L
+# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L
+# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L
+# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L
+/* OPENSSL_INIT_ZLIB 0x00010000L */
+# define OPENSSL_INIT_ATFORK 0x00020000L
+/* OPENSSL_INIT_BASE_ONLY 0x00040000L */
+# define OPENSSL_INIT_NO_ATEXIT 0x00080000L
+/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
+/* Max OPENSSL_INIT flag value is 0x80000000 */
+
+/* openssl and dasync not counted as builtin */
+# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \
+ (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \
+ | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \
+ OPENSSL_INIT_ENGINE_PADLOCK)
+
+
+/* Library initialisation functions */
+void OPENSSL_cleanup(void);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_atexit(void (*handler)(void));
+void OPENSSL_thread_stop(void);
+
+/* Low-level control of initialization */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+# ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+ const char *config_filename);
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+ unsigned long flags);
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+ const char *config_appname);
+# endif
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
+
+# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+# if defined(_WIN32)
+# if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include in order to use this */
+typedef DWORD CRYPTO_THREAD_LOCAL;
+typedef DWORD CRYPTO_THREAD_ID;
+
+typedef LONG CRYPTO_ONCE;
+# define CRYPTO_ONCE_STATIC_INIT 0
+# endif
+# else
+# include
+typedef pthread_once_t CRYPTO_ONCE;
+typedef pthread_key_t CRYPTO_THREAD_LOCAL;
+typedef pthread_t CRYPTO_THREAD_ID;
+
+# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+# endif
+# endif
+
+# if !defined(CRYPTO_ONCE_STATIC_INIT)
+typedef unsigned int CRYPTO_ONCE;
+typedef unsigned int CRYPTO_THREAD_LOCAL;
+typedef unsigned int CRYPTO_THREAD_ID;
+# define CRYPTO_ONCE_STATIC_INIT 0
+# endif
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *));
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key);
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val);
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
+
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cryptoerr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cryptoerr.h
new file mode 100644
index 000000000..3db5a4ee9
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cryptoerr.h
@@ -0,0 +1,57 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTOERR_H
+# define HEADER_CRYPTOERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_CRYPTO_strings(void);
+
+/*
+ * CRYPTO function codes.
+ */
+# define CRYPTO_F_CMAC_CTX_NEW 120
+# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110
+# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111
+# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100
+# define CRYPTO_F_CRYPTO_MEMDUP 115
+# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112
+# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121
+# define CRYPTO_F_CRYPTO_OCB128_INIT 122
+# define CRYPTO_F_CRYPTO_SET_EX_DATA 102
+# define CRYPTO_F_FIPS_MODE_SET 109
+# define CRYPTO_F_GET_AND_LOCK 113
+# define CRYPTO_F_OPENSSL_ATEXIT 114
+# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117
+# define CRYPTO_F_OPENSSL_FOPEN 119
+# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118
+# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116
+# define CRYPTO_F_OPENSSL_LH_NEW 126
+# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127
+# define CRYPTO_F_OPENSSL_SK_DUP 128
+# define CRYPTO_F_PKEY_HMAC_INIT 123
+# define CRYPTO_F_PKEY_POLY1305_INIT 124
+# define CRYPTO_F_PKEY_SIPHASH_INIT 125
+# define CRYPTO_F_SK_RESERVE 129
+
+/*
+ * CRYPTO reason codes.
+ */
+# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
+# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102
+# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/ct.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/ct.h
new file mode 100644
index 000000000..ebdba34d6
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/ct.h
@@ -0,0 +1,474 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CT_H
+# define HEADER_CT_H
+
+# include
+
+# ifndef OPENSSL_NO_CT
+# include
+# include
+# include
+# include
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+
+/* Minimum RSA key size, from RFC6962 */
+# define SCT_MIN_RSA_BITS 2048
+
+/* All hashes are SHA256 in v1 of Certificate Transparency */
+# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
+
+typedef enum {
+ CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+ CT_LOG_ENTRY_TYPE_X509 = 0,
+ CT_LOG_ENTRY_TYPE_PRECERT = 1
+} ct_log_entry_type_t;
+
+typedef enum {
+ SCT_VERSION_NOT_SET = -1,
+ SCT_VERSION_V1 = 0
+} sct_version_t;
+
+typedef enum {
+ SCT_SOURCE_UNKNOWN,
+ SCT_SOURCE_TLS_EXTENSION,
+ SCT_SOURCE_X509V3_EXTENSION,
+ SCT_SOURCE_OCSP_STAPLED_RESPONSE
+} sct_source_t;
+
+typedef enum {
+ SCT_VALIDATION_STATUS_NOT_SET,
+ SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+ SCT_VALIDATION_STATUS_VALID,
+ SCT_VALIDATION_STATUS_INVALID,
+ SCT_VALIDATION_STATUS_UNVERIFIED,
+ SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+} sct_validation_status_t;
+
+DEFINE_STACK_OF(SCT)
+DEFINE_STACK_OF(CTLOG)
+
+/******************************************
+ * CT policy evaluation context functions *
+ ******************************************/
+
+/*
+ * Creates a new, empty policy evaluation context.
+ * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
+ * with the CT_POLICY_EVAL_CTX.
+ */
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+
+/* Deletes a policy evaluation context and anything it owns. */
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+
+/* Gets the peer certificate that the SCTs are for */
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the certificate associated with the received SCTs.
+ * Increments the reference count of cert.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+
+/* Gets the issuer of the aforementioned certificate */
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the issuer of the certificate associated with the received SCTs.
+ * Increments the reference count of issuer.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+
+/* Gets the CT logs that are trusted sources of SCTs */
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+
+/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+ CTLOG_STORE *log_store);
+
+/*
+ * Gets the time, in milliseconds since the Unix epoch, that will be used as the
+ * current time when checking whether an SCT was issued in the future.
+ * Such SCTs will fail validation, as required by RFC6962.
+ */
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch.
+ * If an SCT's timestamp is after this time, it will be interpreted as having
+ * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
+ * whose timestamp is in the future", so an SCT will not validate in this case.
+ */
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
+
+/*****************
+ * SCT functions *
+ *****************/
+
+/*
+ * Creates a new, blank SCT.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new(void);
+
+/*
+ * Creates a new SCT from some base64-encoded strings.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new_from_base64(unsigned char version,
+ const char *logid_base64,
+ ct_log_entry_type_t entry_type,
+ uint64_t timestamp,
+ const char *extensions_base64,
+ const char *signature_base64);
+
+/*
+ * Frees the SCT and the underlying data structures.
+ */
+void SCT_free(SCT *sct);
+
+/*
+ * Free a stack of SCTs, and the underlying SCTs themselves.
+ * Intended to be compatible with X509V3_EXT_FREE.
+ */
+void SCT_LIST_free(STACK_OF(SCT) *a);
+
+/*
+ * Returns the version of the SCT.
+ */
+sct_version_t SCT_get_version(const SCT *sct);
+
+/*
+ * Set the version of an SCT.
+ * Returns 1 on success, 0 if the version is unrecognized.
+ */
+__owur int SCT_set_version(SCT *sct, sct_version_t version);
+
+/*
+ * Returns the log entry type of the SCT.
+ */
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+
+/*
+ * Set the log entry type of an SCT.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+
+/*
+ * Gets the ID of the log that an SCT came from.
+ * Ownership of the log ID remains with the SCT.
+ * Returns the length of the log ID.
+ */
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+
+/*
+ * Set the log ID of an SCT to point directly to the *log_id specified.
+ * The SCT takes ownership of the specified pointer.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+
+/*
+ * Set the log ID of an SCT.
+ * This makes a copy of the log_id.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
+ size_t log_id_len);
+
+/*
+ * Returns the timestamp for the SCT (epoch time in milliseconds).
+ */
+uint64_t SCT_get_timestamp(const SCT *sct);
+
+/*
+ * Set the timestamp of an SCT (epoch time in milliseconds).
+ */
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+/*
+ * Return the NID for the signature used by the SCT.
+ * For CT v1, this will be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset).
+ */
+int SCT_get_signature_nid(const SCT *sct);
+
+/*
+ * Set the signature type of an SCT
+ * For CT v1, this should be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_signature_nid(SCT *sct, int nid);
+
+/*
+ * Set *ext to point to the extension data for the SCT. ext must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+
+/*
+ * Set the extensions of an SCT to point directly to the *ext specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+
+/*
+ * Set the extensions of an SCT.
+ * This takes a copy of the ext.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
+ size_t ext_len);
+
+/*
+ * Set *sig to point to the signature for the SCT. sig must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+
+/*
+ * Set the signature of an SCT to point directly to the *sig specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+
+/*
+ * Set the signature of an SCT to be a copy of the *sig specified.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig,
+ size_t sig_len);
+
+/*
+ * The origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ */
+sct_source_t SCT_get_source(const SCT *sct);
+
+/*
+ * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_source(SCT *sct, sct_source_t source);
+
+/*
+ * Returns a text string describing the validation status of |sct|.
+ */
+const char *SCT_validation_status_string(const SCT *sct);
+
+/*
+ * Pretty-prints an |sct| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came
+ * from, so that the log name can be printed.
+ */
+void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+
+/*
+ * Pretty-prints an |sct_list| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * SCTs will be delimited by |separator|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that each SCT
+ * came from, so that the log names can be printed.
+ */
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+ const char *separator, const CTLOG_STORE *logs);
+
+/*
+ * Gets the last result of validating this SCT.
+ * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET.
+ */
+sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+
+/*
+ * Validates the given SCT with the provided context.
+ * Sets the "validation_status" field of the SCT.
+ * Returns 1 if the SCT is valid and the signature verifies.
+ * Returns 0 if the SCT is invalid or could not be verified.
+ * Returns -1 if an error occurs.
+ */
+__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Validates the given list of SCTs with the provided context.
+ * Sets the "validation_status" field of each SCT.
+ * Returns 1 if there are no invalid SCTs and all signatures verify.
+ * Returns 0 if at least one SCT is invalid or could not be verified.
+ * Returns a negative integer if an error occurs.
+ */
+__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,
+ CT_POLICY_EVAL_CTX *ctx);
+
+
+/*********************************
+ * SCT parsing and serialisation *
+ *********************************/
+
+/*
+ * Serialize (to TLS format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just return the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Convert TLS format SCT list to a stack of SCTs.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+ size_t len);
+
+/*
+ * Serialize (to DER format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just returns the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Parses an SCT list in DER format and returns it.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+ long len);
+
+/*
+ * Serialize (to TLS format) an |sct| and write it to |out|.
+ * If |out| is null, no SCT will be output but the length will still be returned.
+ * If |out| points to a null pointer, a string will be allocated to hold the
+ * TLS-format SCT. It is the responsibility of the caller to free it.
+ * If |out| points to an allocated string, the TLS-format SCT will be written
+ * to it.
+ * The length of the SCT in TLS format will be returned.
+ */
+__owur int i2o_SCT(const SCT *sct, unsigned char **out);
+
+/*
+ * Parses an SCT in TLS format and returns it.
+ * If |psct| is not null, it will end up pointing to the parsed SCT. If it
+ * already points to a non-null pointer, the pointer will be free'd.
+ * |in| should be a pointer to a string containing the TLS-format SCT.
+ * |in| will be advanced to the end of the SCT if parsing succeeds.
+ * |len| should be the length of the SCT in |in|.
+ * Returns NULL if an error occurs.
+ * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len'
+ * fields will be populated (with |in| and |len| respectively).
+ */
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+
+/********************
+ * CT log functions *
+ ********************/
+
+/*
+ * Creates a new CT log instance with the given |public_key| and |name|.
+ * Takes ownership of |public_key| but copies |name|.
+ * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+
+/*
+ * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER
+ * in |pkey_base64|. The |name| is a string to help users identify this log.
+ * Returns 1 on success, 0 on failure.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+int CTLOG_new_from_base64(CTLOG ** ct_log,
+ const char *pkey_base64, const char *name);
+
+/*
+ * Deletes a CT log instance and its fields.
+ */
+void CTLOG_free(CTLOG *log);
+
+/* Gets the name of the CT log */
+const char *CTLOG_get0_name(const CTLOG *log);
+/* Gets the ID of the CT log */
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+ size_t *log_id_len);
+/* Gets the public key of the CT log */
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
+
+/**************************
+ * CT log store functions *
+ **************************/
+
+/*
+ * Creates a new CT log store.
+ * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
+ */
+CTLOG_STORE *CTLOG_STORE_new(void);
+
+/*
+ * Deletes a CT log store and all of the CT log instances held within.
+ */
+void CTLOG_STORE_free(CTLOG_STORE *store);
+
+/*
+ * Finds a CT log in the store based on its log ID.
+ * Returns the CT log, or NULL if no match is found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+ const uint8_t *log_id,
+ size_t log_id_len);
+
+/*
+ * Loads a CT log list into a |store| from a |file|.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+
+/*
+ * Loads the default CT log list into a |store|.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cterr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cterr.h
new file mode 100644
index 000000000..feb7bc566
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/cterr.h
@@ -0,0 +1,80 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CTERR_H
+# define HEADER_CTERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# include
+
+# ifndef OPENSSL_NO_CT
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_CT_strings(void);
+
+/*
+ * CT function codes.
+ */
+# define CT_F_CTLOG_NEW 117
+# define CT_F_CTLOG_NEW_FROM_BASE64 118
+# define CT_F_CTLOG_NEW_FROM_CONF 119
+# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122
+# define CT_F_CTLOG_STORE_LOAD_FILE 123
+# define CT_F_CTLOG_STORE_LOAD_LOG 130
+# define CT_F_CTLOG_STORE_NEW 131
+# define CT_F_CT_BASE64_DECODE 124
+# define CT_F_CT_POLICY_EVAL_CTX_NEW 133
+# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125
+# define CT_F_I2O_SCT 107
+# define CT_F_I2O_SCT_LIST 108
+# define CT_F_I2O_SCT_SIGNATURE 109
+# define CT_F_O2I_SCT 110
+# define CT_F_O2I_SCT_LIST 111
+# define CT_F_O2I_SCT_SIGNATURE 112
+# define CT_F_SCT_CTX_NEW 126
+# define CT_F_SCT_CTX_VERIFY 128
+# define CT_F_SCT_NEW 100
+# define CT_F_SCT_NEW_FROM_BASE64 127
+# define CT_F_SCT_SET0_LOG_ID 101
+# define CT_F_SCT_SET1_EXTENSIONS 114
+# define CT_F_SCT_SET1_LOG_ID 115
+# define CT_F_SCT_SET1_SIGNATURE 116
+# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102
+# define CT_F_SCT_SET_SIGNATURE_NID 103
+# define CT_F_SCT_SET_VERSION 104
+
+/*
+ * CT reason codes.
+ */
+# define CT_R_BASE64_DECODE_ERROR 108
+# define CT_R_INVALID_LOG_ID_LENGTH 100
+# define CT_R_LOG_CONF_INVALID 109
+# define CT_R_LOG_CONF_INVALID_KEY 110
+# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111
+# define CT_R_LOG_CONF_MISSING_KEY 112
+# define CT_R_LOG_KEY_INVALID 113
+# define CT_R_SCT_FUTURE_TIMESTAMP 116
+# define CT_R_SCT_INVALID 104
+# define CT_R_SCT_INVALID_SIGNATURE 107
+# define CT_R_SCT_LIST_INVALID 105
+# define CT_R_SCT_LOG_ID_MISMATCH 114
+# define CT_R_SCT_NOT_SET 106
+# define CT_R_SCT_UNSUPPORTED_VERSION 115
+# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101
+# define CT_R_UNSUPPORTED_ENTRY_TYPE 102
+# define CT_R_UNSUPPORTED_VERSION 103
+
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/des.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/des.h
new file mode 100644
index 000000000..be4abbdfd
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/des.h
@@ -0,0 +1,174 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DES_H
+# define HEADER_DES_H
+
+# include
+
+# ifndef OPENSSL_NO_DES
+# ifdef __cplusplus
+extern "C" {
+# endif
+# include
+
+typedef unsigned int DES_LONG;
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+typedef unsigned char DES_cblock[8];
+typedef /* const */ unsigned char const_DES_cblock[8];
+/*
+ * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and
+ * const_DES_cblock * are incompatible pointer types.
+ */
+
+typedef struct DES_ks {
+ union {
+ DES_cblock cblock;
+ /*
+ * make sure things are correct size on machines with 8 byte longs
+ */
+ DES_LONG deslong[2];
+ } ks[16];
+} DES_key_schedule;
+
+# define DES_KEY_SZ (sizeof(DES_cblock))
+# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
+
+# define DES_ENCRYPT 1
+# define DES_DECRYPT 0
+
+# define DES_CBC_MODE 0
+# define DES_PCBC_MODE 1
+
+# define DES_ecb2_encrypt(i,o,k1,k2,e) \
+ DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+ DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+ DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+ DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
+# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
+
+const char *DES_options(void);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks1, DES_key_schedule *ks2,
+ DES_key_schedule *ks3, int enc);
+DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+ long length, DES_key_schedule *schedule,
+ const_DES_cblock *ivec);
+/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */
+void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, const_DES_cblock *inw,
+ const_DES_cblock *outw, int enc);
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks, int enc);
+
+/*
+ * This is the DES encryption function that gets called by just about every
+ * other DES routine in the library. You should not use this function except
+ * to implement 'modes' of DES. I say this because the functions that call
+ * this routine do the conversion from 'char *' to long, and this needs to be
+ * done to make sure 'non-aligned' memory access do not occur. The
+ * characters are loaded 'little endian'. Data is a pointer to 2 unsigned
+ * long's and ks is the DES_key_schedule to use. enc, is non zero specifies
+ * encryption, zero if decryption.
+ */
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+/*
+ * This functions is the same as DES_encrypt1() except that the DES initial
+ * permutation (IP) and final permutation (FP) have been left out. As for
+ * DES_encrypt1(), you should not use this function. It is used by the
+ * routines in the library that implement triple DES. IP() DES_encrypt2()
+ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1()
+ * DES_encrypt1() DES_encrypt1() except faster :-).
+ */
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length,
+ DES_key_schedule *ks1, DES_key_schedule *ks2,
+ DES_key_schedule *ks3, DES_cblock *ivec, int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int *num, int enc);
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+ int numbits, long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int *num);
+char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+char *DES_crypt(const char *buf, const char *salt);
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+ long length, int out_count, DES_cblock *seed);
+int DES_random_key(DES_cblock *ret);
+void DES_set_odd_parity(DES_cblock *key);
+int DES_check_key_parity(const_DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+/*
+ * DES_set_key (= set_key = DES_key_sched = key_sched) calls
+ * DES_set_key_checked if global variable DES_check_key is set,
+ * DES_set_key_unchecked otherwise.
+ */
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_string_to_key(const char *str, DES_cblock *key);
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int *num, int enc);
+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int *num);
+
+# define DES_fixup_key_parity DES_set_odd_parity
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dh.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dh.h
new file mode 100644
index 000000000..6c6ff3636
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dh.h
@@ -0,0 +1,343 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DH_H
+# define HEADER_DH_H
+
+# include
+
+# ifndef OPENSSL_NO_DH
+# include
+# include
+# include
+# include
+# if OPENSSL_API_COMPAT < 0x10100000L
+# include
+# endif
+# include
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+# endif
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
+# endif
+
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+# define DH_FLAG_CACHE_MONT_P 0x01
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+# define DH_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
+
+/*
+ * If this flag is set the DH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DH_FLAG_FIPS_METHOD 0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DH_FLAG_NON_FIPS_ALLOW 0x0400
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
+
+DECLARE_ASN1_ITEM(DHparams)
+
+# define DH_GENERATOR_2 2
+/* #define DH_GENERATOR_3 3 */
+# define DH_GENERATOR_5 5
+
+/* DH_check error codes */
+# define DH_CHECK_P_NOT_PRIME 0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
+# define DH_NOT_SUITABLE_GENERATOR 0x08
+# define DH_CHECK_Q_NOT_PRIME 0x10
+# define DH_CHECK_INVALID_Q_VALUE 0x20
+# define DH_CHECK_INVALID_J_VALUE 0x40
+
+/* DH_check_pub_key error codes */
+# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
+# define DH_CHECK_PUBKEY_INVALID 0x04
+
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+
+# define d2i_DHparams_fp(fp,x) \
+ (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHparams, \
+ (fp), \
+ (unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) \
+ ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) \
+ ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
+# define i2d_DHparams_bio(bp,x) \
+ ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+
+# define d2i_DHxparams_fp(fp,x) \
+ (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHxparams, \
+ (fp), \
+ (unsigned char **)(x))
+# define i2d_DHxparams_fp(fp,x) \
+ ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
+# define d2i_DHxparams_bio(bp,x) \
+ ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
+# define i2d_DHxparams_bio(bp,x) \
+ ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x)
+
+DH *DHparams_dup(DH *);
+
+const DH_METHOD *DH_OpenSSL(void);
+
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
+
+DH *DH_new(void);
+void DH_free(DH *dh);
+int DH_up_ref(DH *dh);
+int DH_bits(const DH *dh);
+int DH_size(const DH *dh);
+int DH_security_bits(const DH *dh);
+#define DH_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int,
+ void *),
+ void *cb_arg))
+
+/* New version */
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
+ BN_GENCB *cb);
+
+int DH_check_params_ex(const DH *dh);
+int DH_check_ex(const DH *dh);
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+int DH_check_params(const DH *dh, int *ret);
+int DH_check(const DH *dh, int *codes);
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHparams(const DH *a, unsigned char **pp);
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHxparams(const DH *a, unsigned char **pp);
+# ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+int DHparams_print(BIO *bp, const DH *x);
+
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
+/* Named parameters, currently RFC7919 */
+DH *DH_new_by_nid(int nid);
+int DH_get_nid(const DH *dh);
+
+# ifndef OPENSSL_NO_CMS
+/* RFC2631 KDF */
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ ASN1_OBJECT *key_oid,
+ const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+# endif
+
+void DH_get0_pqg(const DH *dh,
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh,
+ const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DH_get0_p(const DH *dh);
+const BIGNUM *DH_get0_q(const DH *dh);
+const BIGNUM *DH_get0_g(const DH *dh);
+const BIGNUM *DH_get0_priv_key(const DH *dh);
+const BIGNUM *DH_get0_pub_key(const DH *dh);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+ENGINE *DH_get0_engine(DH *d);
+long DH_get_length(const DH *dh);
+int DH_set_length(DH *dh, long length);
+
+DH_METHOD *DH_meth_new(const char *name, int flags);
+void DH_meth_free(DH_METHOD *dhm);
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+const char *DH_meth_get0_name(const DH_METHOD *dhm);
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+int DH_meth_get_flags(const DH_METHOD *dhm);
+int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+ (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+ (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *, BN_MONT_CTX *);
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+ int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+ (DH *, int, int, BN_GENCB *);
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+ int (*generate_params) (DH *, int, int, BN_GENCB *));
+
+
+# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
+ EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
+ EVP_PKEY_CTRL_DH_NID, nid, NULL)
+
+# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_PAD, pad, NULL)
+
+# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid))
+
+# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd))
+
+# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen))
+
+# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p))
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16)
+
+/* KDF types */
+# define EVP_PKEY_DH_KDF_NONE 1
+# ifndef OPENSSL_NO_CMS
+# define EVP_PKEY_DH_KDF_X9_42 2
+# endif
+
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dherr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dherr.h
new file mode 100644
index 000000000..528c81985
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dherr.h
@@ -0,0 +1,89 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DHERR_H
+# define HEADER_DHERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# include
+
+# ifndef OPENSSL_NO_DH
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_DH_strings(void);
+
+/*
+ * DH function codes.
+ */
+# define DH_F_COMPUTE_KEY 102
+# define DH_F_DHPARAMS_PRINT_FP 101
+# define DH_F_DH_BUILTIN_GENPARAMS 106
+# define DH_F_DH_CHECK 126
+# define DH_F_DH_CHECK_EX 121
+# define DH_F_DH_CHECK_PARAMS_EX 122
+# define DH_F_DH_CHECK_PUB_KEY_EX 123
+# define DH_F_DH_CMS_DECRYPT 114
+# define DH_F_DH_CMS_SET_PEERKEY 115
+# define DH_F_DH_CMS_SET_SHARED_INFO 116
+# define DH_F_DH_METH_DUP 117
+# define DH_F_DH_METH_NEW 118
+# define DH_F_DH_METH_SET1_NAME 119
+# define DH_F_DH_NEW_BY_NID 104
+# define DH_F_DH_NEW_METHOD 105
+# define DH_F_DH_PARAM_DECODE 107
+# define DH_F_DH_PKEY_PUBLIC_CHECK 124
+# define DH_F_DH_PRIV_DECODE 110
+# define DH_F_DH_PRIV_ENCODE 111
+# define DH_F_DH_PUB_DECODE 108
+# define DH_F_DH_PUB_ENCODE 109
+# define DH_F_DO_DH_PRINT 100
+# define DH_F_GENERATE_KEY 103
+# define DH_F_PKEY_DH_CTRL_STR 120
+# define DH_F_PKEY_DH_DERIVE 112
+# define DH_F_PKEY_DH_INIT 125
+# define DH_F_PKEY_DH_KEYGEN 113
+
+/*
+ * DH reason codes.
+ */
+# define DH_R_BAD_GENERATOR 101
+# define DH_R_BN_DECODE_ERROR 109
+# define DH_R_BN_ERROR 106
+# define DH_R_CHECK_INVALID_J_VALUE 115
+# define DH_R_CHECK_INVALID_Q_VALUE 116
+# define DH_R_CHECK_PUBKEY_INVALID 122
+# define DH_R_CHECK_PUBKEY_TOO_LARGE 123
+# define DH_R_CHECK_PUBKEY_TOO_SMALL 124
+# define DH_R_CHECK_P_NOT_PRIME 117
+# define DH_R_CHECK_P_NOT_SAFE_PRIME 118
+# define DH_R_CHECK_Q_NOT_PRIME 119
+# define DH_R_DECODE_ERROR 104
+# define DH_R_INVALID_PARAMETER_NAME 110
+# define DH_R_INVALID_PARAMETER_NID 114
+# define DH_R_INVALID_PUBKEY 102
+# define DH_R_KDF_PARAMETER_ERROR 112
+# define DH_R_KEYS_NOT_SET 108
+# define DH_R_MISSING_PUBKEY 125
+# define DH_R_MODULUS_TOO_LARGE 103
+# define DH_R_NOT_SUITABLE_GENERATOR 120
+# define DH_R_NO_PARAMETERS_SET 107
+# define DH_R_NO_PRIVATE_VALUE 100
+# define DH_R_PARAMETER_ENCODING_ERROR 105
+# define DH_R_PEER_KEY_ERROR 111
+# define DH_R_SHARED_INFO_ERROR 113
+# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
+
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dsa.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dsa.h
new file mode 100644
index 000000000..6d8a18a4a
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dsa.h
@@ -0,0 +1,244 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSA_H
+# define HEADER_DSA_H
+
+# include
+
+# ifndef OPENSSL_NO_DSA
+# ifdef __cplusplus
+extern "C" {
+# endif
+# include
+# include
+# include
+# include
+# include
+# if OPENSSL_API_COMPAT < 0x10100000L
+# include
+# endif
+# include
+
+# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
+# endif
+
+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+# define DSA_FLAG_CACHE_MONT_P 0x01
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+# define DSA_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
+
+/*
+ * If this flag is set the DSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DSA_FLAG_FIPS_METHOD 0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DSA_FLAG_NON_FIPS_ALLOW 0x0400
+# define DSA_FLAG_FIPS_CHECKED 0x0800
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dsa_st DSA; */
+/* typedef struct dsa_method DSA_METHOD; */
+
+typedef struct DSA_SIG_st DSA_SIG;
+
+# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+ (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+ (unsigned char *)(x))
+# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
+# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+
+DSA *DSAparams_dup(DSA *x);
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+const DSA_METHOD *DSA_get_method(DSA *d);
+
+DSA *DSA_new(void);
+DSA *DSA_new_method(ENGINE *engine);
+void DSA_free(DSA *r);
+/* "up" the DSA object's reference count */
+int DSA_up_ref(DSA *r);
+int DSA_size(const DSA *);
+int DSA_bits(const DSA *d);
+int DSA_security_bits(const DSA *d);
+ /* next 4 return -1 on error */
+DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+ unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+ const unsigned char *sigbuf, int siglen, DSA *dsa);
+#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
+ unsigned char *seed,
+ int seed_len,
+ int *counter_ret,
+ unsigned long *h_ret, void
+ (*callback) (int, int,
+ void *),
+ void *cb_arg))
+
+/* New version */
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+ const unsigned char *seed, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
+
+int DSA_generate_key(DSA *a);
+int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+int DSAparams_print(BIO *bp, const DSA *x);
+int DSA_print(BIO *bp, const DSA *x, int off);
+# ifndef OPENSSL_NO_STDIO
+int DSAparams_print_fp(FILE *fp, const DSA *x);
+int DSA_print_fp(FILE *bp, const DSA *x, int off);
+# endif
+
+# define DSS_prime_checks 64
+/*
+ * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
+ * have one value here we set the number of checks to 64 which is the 128 bit
+ * security level that is the highest level and valid for creating a 3072 bit
+ * DSA key.
+ */
+# define DSA_is_prime(n, callback, cb_arg) \
+ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+# ifndef OPENSSL_NO_DH
+/*
+ * Convert DSA structure (key or just parameters) into DH structure (be
+ * careful to avoid small subgroup attacks when using this!)
+ */
+DH *DSA_dup_DH(const DSA *r);
+# endif
+
+# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
+# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL)
+# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
+
+void DSA_get0_pqg(const DSA *d,
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d,
+ const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DSA_get0_p(const DSA *d);
+const BIGNUM *DSA_get0_q(const DSA *d);
+const BIGNUM *DSA_get0_g(const DSA *d);
+const BIGNUM *DSA_get0_pub_key(const DSA *d);
+const BIGNUM *DSA_get0_priv_key(const DSA *d);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+void DSA_meth_free(DSA_METHOD *dsam);
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+int DSA_meth_get_flags(const DSA_METHOD *dsam);
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+ (const unsigned char *, int, DSA *);
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+ DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+ (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+ int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+ (const unsigned char *, int, DSA_SIG *, DSA *);
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+ int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+ (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+ int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *));
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+ (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+ int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+ (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+ BN_GENCB *);
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+ int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+ unsigned long *, BN_GENCB *));
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dsaerr.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dsaerr.h
new file mode 100644
index 000000000..495a1ac89
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dsaerr.h
@@ -0,0 +1,72 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSAERR_H
+# define HEADER_DSAERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include
+# endif
+
+# include
+
+# ifndef OPENSSL_NO_DSA
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_DSA_strings(void);
+
+/*
+ * DSA function codes.
+ */
+# define DSA_F_DSAPARAMS_PRINT 100
+# define DSA_F_DSAPARAMS_PRINT_FP 101
+# define DSA_F_DSA_BUILTIN_PARAMGEN 125
+# define DSA_F_DSA_BUILTIN_PARAMGEN2 126
+# define DSA_F_DSA_DO_SIGN 112
+# define DSA_F_DSA_DO_VERIFY 113
+# define DSA_F_DSA_METH_DUP 127
+# define DSA_F_DSA_METH_NEW 128
+# define DSA_F_DSA_METH_SET1_NAME 129
+# define DSA_F_DSA_NEW_METHOD 103
+# define DSA_F_DSA_PARAM_DECODE 119
+# define DSA_F_DSA_PRINT_FP 105
+# define DSA_F_DSA_PRIV_DECODE 115
+# define DSA_F_DSA_PRIV_ENCODE 116
+# define DSA_F_DSA_PUB_DECODE 117
+# define DSA_F_DSA_PUB_ENCODE 118
+# define DSA_F_DSA_SIGN 106
+# define DSA_F_DSA_SIGN_SETUP 107
+# define DSA_F_DSA_SIG_NEW 102
+# define DSA_F_OLD_DSA_PRIV_DECODE 122
+# define DSA_F_PKEY_DSA_CTRL 120
+# define DSA_F_PKEY_DSA_CTRL_STR 104
+# define DSA_F_PKEY_DSA_KEYGEN 121
+
+/*
+ * DSA reason codes.
+ */
+# define DSA_R_BAD_Q_VALUE 102
+# define DSA_R_BN_DECODE_ERROR 108
+# define DSA_R_BN_ERROR 109
+# define DSA_R_DECODE_ERROR 104
+# define DSA_R_INVALID_DIGEST_TYPE 106
+# define DSA_R_INVALID_PARAMETERS 112
+# define DSA_R_MISSING_PARAMETERS 101
+# define DSA_R_MISSING_PRIVATE_KEY 111
+# define DSA_R_MODULUS_TOO_LARGE 103
+# define DSA_R_NO_PARAMETERS_SET 107
+# define DSA_R_PARAMETER_ENCODING_ERROR 105
+# define DSA_R_Q_NOT_PRIME 113
+# define DSA_R_SEED_LEN_SMALL 110
+
+# endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dtls1.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dtls1.h
new file mode 100644
index 000000000..d55ca9c33
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/dtls1.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DTLS1_H
+# define HEADER_DTLS1_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define DTLS1_VERSION 0xFEFF
+# define DTLS1_2_VERSION 0xFEFD
+# define DTLS_MIN_VERSION DTLS1_VERSION
+# define DTLS_MAX_VERSION DTLS1_2_VERSION
+# define DTLS1_VERSION_MAJOR 0xFE
+
+# define DTLS1_BAD_VER 0x0100
+
+/* Special value for method supporting multiple versions */
+# define DTLS_ANY_VERSION 0x1FFFF
+
+/* lengths of messages */
+/*
+ * Actually the max cookie length in DTLS is 255. But we can't change this now
+ * due to compatibility concerns.
+ */
+# define DTLS1_COOKIE_LENGTH 256
+
+# define DTLS1_RT_HEADER_LENGTH 13
+
+# define DTLS1_HM_HEADER_LENGTH 12
+
+# define DTLS1_HM_BAD_FRAGMENT -2
+# define DTLS1_HM_FRAGMENT_RETRY -3
+
+# define DTLS1_CCS_HEADER_LENGTH 1
+
+# define DTLS1_AL_HEADER_LENGTH 2
+
+/* Timeout multipliers */
+# define DTLS1_TMO_READ_COUNT 2
+# define DTLS1_TMO_WRITE_COUNT 2
+
+# define DTLS1_TMO_ALERT_COUNT 12
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/e_os2.h b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/e_os2.h
new file mode 100644
index 000000000..41eaf01c6
--- /dev/null
+++ b/packages/mobile-sdk-alpha/ios/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/Headers/e_os2.h
@@ -0,0 +1,301 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_E_OS2_H
+# define HEADER_E_OS2_H
+
+# include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/******************************************************************************
+ * Detect operating systems. This probably needs completing.
+ * The result is that at least one OPENSSL_SYS_os macro should be defined.
+ * However, if none is defined, Unix is assumed.
+ **/
+
+# define OPENSSL_SYS_UNIX
+
+/* --------------------- Microsoft operating systems ---------------------- */
+
+/*
+ * Note that MSDOS actually denotes 32-bit environments running on top of
+ * MS-DOS, such as DJGPP one.
+ */
+# if defined(OPENSSL_SYS_MSDOS)
+# undef OPENSSL_SYS_UNIX
+# endif
+
+/*
+ * For 32 bit environment, there seems to be the CygWin environment and then
+ * all the others that try to do the same thing Microsoft does...
+ */
+/*
+ * UEFI lives here because it might be built with a Microsoft toolchain and
+ * we need to avoid the false positive match on Windows.
+ */
+# if defined(OPENSSL_SYS_UEFI)
+# undef OPENSSL_SYS_UNIX
+# elif defined(OPENSSL_SYS_UWIN)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WIN32_UWIN
+# else
+# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN)
+# define OPENSSL_SYS_WIN32_CYGWIN
+# else
+# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32)
+# undef OPENSSL_SYS_UNIX
+# if !defined(OPENSSL_SYS_WIN32)
+# define OPENSSL_SYS_WIN32
+# endif
+# endif
+# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64)
+# undef OPENSSL_SYS_UNIX
+# if !defined(OPENSSL_SYS_WIN64)
+# define OPENSSL_SYS_WIN64
+# endif
+# endif
+# if defined(OPENSSL_SYS_WINNT)
+# undef OPENSSL_SYS_UNIX
+# endif
+# if defined(OPENSSL_SYS_WINCE)
+# undef OPENSSL_SYS_UNIX
+# endif
+# endif
+# endif
+
+/* Anything that tries to look like Microsoft is "Windows" */
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WINDOWS
+# ifndef OPENSSL_SYS_MSDOS
+# define OPENSSL_SYS_MSDOS
+# endif
+# endif
+
+/*
+ * DLL settings. This part is a bit tough, because it's up to the
+ * application implementor how he or she will link the application, so it
+ * requires some macro to be used.
+ */
+# ifdef OPENSSL_SYS_WINDOWS
+# ifndef OPENSSL_OPT_WINDLL
+# if defined(_WINDLL) /* This is used when building OpenSSL to
+ * indicate that DLL linkage should be used */
+# define OPENSSL_OPT_WINDLL
+# endif
+# endif
+# endif
+
+/* ------------------------------- OpenVMS -------------------------------- */
+# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS)
+# if !defined(OPENSSL_SYS_VMS)
+# undef OPENSSL_SYS_UNIX
+# endif
+# define OPENSSL_SYS_VMS
+# if defined(__DECC)
+# define OPENSSL_SYS_VMS_DECC
+# elif defined(__DECCXX)
+# define OPENSSL_SYS_VMS_DECC
+# define OPENSSL_SYS_VMS_DECCXX
+# else
+# define OPENSSL_SYS_VMS_NODECC
+# endif
+# endif
+
+/* -------------------------------- Unix ---------------------------------- */
+# ifdef OPENSSL_SYS_UNIX
+# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX)
+# define OPENSSL_SYS_LINUX
+# endif
+# if defined(_AIX) && !defined(OPENSSL_SYS_AIX)
+# define OPENSSL_SYS_AIX
+# endif
+# endif
+
+/* -------------------------------- VOS ----------------------------------- */
+# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS)
+# define OPENSSL_SYS_VOS
+# ifdef __HPPA__
+# define OPENSSL_SYS_VOS_HPPA
+# endif
+# ifdef __IA32__
+# define OPENSSL_SYS_VOS_IA32
+# endif
+# endif
+
+/**
+ * That's it for OS-specific stuff
+ *****************************************************************************/
+
+/* Specials for I/O an exit */
+# ifdef OPENSSL_SYS_MSDOS
+# define OPENSSL_UNISTD_IO
+# define OPENSSL_DECLARE_EXIT extern void exit(int);
+# else
+# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
+# endif
+
+/*-
+ * OPENSSL_EXTERN is normally used to declare a symbol with possible extra
+ * attributes to handle its presence in a shared library.
+ * OPENSSL_EXPORT is used to define a symbol with extra possible attributes
+ * to make it visible in a shared library.
+ * Care needs to be taken when a header file is used both to declare and
+ * define symbols. Basically, for any library that exports some global
+ * variables, the following code must be present in the header file that
+ * declares them, before OPENSSL_EXTERN is used:
+ *
+ * #ifdef SOME_BUILD_FLAG_MACRO
+ * # undef OPENSSL_EXTERN
+ * # define OPENSSL_EXTERN OPENSSL_EXPORT
+ * #endif
+ *
+ * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN
+ * have some generally sensible values.
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
+# define OPENSSL_EXPORT extern __declspec(dllexport)
+# define OPENSSL_EXTERN extern __declspec(dllimport)
+# else
+# define OPENSSL_EXPORT extern
+# define OPENSSL_EXTERN extern
+# endif
+
+/*-
+ * Macros to allow global variables to be reached through function calls when
+ * required (if a shared library version requires it, for example.
+ * The way it's done allows definitions like this:
+ *
+ * // in foobar.c
+ * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
+ * // in foobar.h
+ * OPENSSL_DECLARE_GLOBAL(int,foobar);
+ * #define foobar OPENSSL_GLOBAL_REF(foobar)
+ */
+# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \
+ type *_shadow_##name(void) \
+ { static type _hide_##name=value; return &_hide_##name; }
+# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+# else
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value;
+# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
+# define OPENSSL_GLOBAL_REF(name) _shadow_##name
+# endif
+
+# ifdef _WIN32
+# ifdef _WIN64
+# define ossl_ssize_t __int64
+# define OSSL_SSIZE_MAX _I64_MAX
+# else
+# define ossl_ssize_t int
+# define OSSL_SSIZE_MAX INT_MAX
+# endif
+# endif
+
+# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t)
+# define ossl_ssize_t INTN
+# define OSSL_SSIZE_MAX MAX_INTN
+# endif
+
+# ifndef ossl_ssize_t
+# define ossl_ssize_t ssize_t
+# if defined(SSIZE_MAX)
+# define OSSL_SSIZE_MAX SSIZE_MAX
+# elif defined(_POSIX_SSIZE_MAX)
+# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX
+# else
+# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1))
+# endif
+# endif
+
+# ifdef DEBUG_UNUSED
+# define __owur __attribute__((__warn_unused_result__))
+# else
+# define __owur
+# endif
+
+/* Standard integer types */
+# if defined(OPENSSL_SYS_UEFI)
+typedef INT8 int8_t;
+typedef UINT8 uint8_t;
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+typedef INT32 int32_t;
+typedef UINT32 uint32_t;
+typedef INT64 int64_t;
+typedef UINT64 uint64_t;
+# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
+ defined(__osf__) || defined(__sgi) || defined(__hpux) || \
+ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
+# include
+# elif defined(_MSC_VER) && _MSC_VER<1600
+/*
+ * minimally required typdefs for systems not supporting inttypes.h or
+ * stdint.h: currently just older VC++
+ */
+typedef signed char int8_t;
+typedef unsigned char uint8_t;
+typedef short int16_t;
+typedef unsigned short uint16_t;
+typedef int int32_t;
+typedef unsigned int uint32_t;
+typedef __int64 int64_t;
+typedef unsigned __int64 uint64_t;
+# else
+# include