[apple/security.git] / libsecurity_keychain / lib / SecItemPriv.h

/*
 * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
 @header SecItemPriv
 SecItemPriv defines private constants and SPI functions for access to
 Security items (certificates, identities, keys, and keychain items.)
 */

#ifndef _SECURITY_SECITEMPRIV_H_
#define _SECURITY_SECITEMPRIV_H_

#include <CoreFoundation/CFDictionary.h>
#include <CoreFoundation/CFData.h>
#include <CoreFoundation/CFError.h>
#include <Security/SecTask.h>

#if defined(__cplusplus)
extern "C" {
#endif

	/*!
	 @enum Class Value Constants (Private)
	 @discussion Predefined item class constants used to get or set values in
	 a dictionary. The kSecClass constant is the key and its value is one
	 of the constants defined here.
	 @constant kSecClassAppleSharePassword Specifies AppleShare password items.
	 */
	extern const CFTypeRef kSecClassAppleSharePassword;

	/*!
	 @enum Attribute Key Constants (Private)
	 @discussion Predefined item attribute keys used to get or set values in a
	 dictionary. Not all attributes apply to each item class. The table
	 below lists the currently defined attributes for each item class:

	 kSecClassGenericPassword item attributes:
	 kSecAttrAccessGroup
	 kSecAttrCreationDate
	 kSecAttrModificationDate
	 kSecAttrDescription
	 kSecAttrComment
	 kSecAttrCreator
	 kSecAttrType
	 kSecAttrScriptCode (private)
	 kSecAttrLabel
	 kSecAttrAlias (private)
	 kSecAttrIsInvisible
	 kSecAttrIsNegative
	 kSecAttrHasCustomIcon (private)
	 kSecAttrProtected (private)
	 kSecAttrAccount
	 kSecAttrService
	 kSecAttrGeneric

	 kSecClassInternetPassword item attributes:
	 kSecAttrAccessGroup
	 kSecAttrCreationDate
	 kSecAttrModificationDate
	 kSecAttrDescription
	 kSecAttrComment
	 kSecAttrCreator
	 kSecAttrType
	 kSecAttrScriptCode (private)
	 kSecAttrLabel
	 kSecAttrAlias (private)
	 kSecAttrIsInvisible
	 kSecAttrIsNegative
	 kSecAttrHasCustomIcon (private)
	 kSecAttrProtected (private)
	 kSecAttrAccount
	 kSecAttrSecurityDomain
	 kSecAttrServer
	 kSecAttrProtocol
	 kSecAttrAuthenticationType
	 kSecAttrPort
	 kSecAttrPath

	 kSecClassAppleSharePassword item attributes:
	 kSecAttrAccessGroup
	 kSecAttrCreationDate
	 kSecAttrModificationDate
	 kSecAttrDescription
	 kSecAttrComment
	 kSecAttrCreator
	 kSecAttrType
	 kSecAttrScriptCode (private)
	 kSecAttrLabel
	 kSecAttrAlias (private)
	 kSecAttrIsInvisible
	 kSecAttrIsNegative
	 kSecAttrHasCustomIcon (private)
	 kSecAttrProtected (private)
	 kSecAttrAccount
	 kSecAttrVolume
	 kSecAttrAddress
	 kSecAttrAFPServerSignature

	 kSecClassCertificate item attributes:
	 kSecAttrAccessGroup
	 kSecAttrCertificateType
	 kSecAttrCertificateEncoding
	 kSecAttrLabel
	 kSecAttrAlias (private)
	 kSecAttrSubject
	 kSecAttrIssuer
	 kSecAttrSerialNumber
	 kSecAttrSubjectKeyID
	 kSecAttrPublicKeyHash

	 kSecClassKey item attributes:
	 kSecAttrAccessGroup
	 kSecAttrKeyClass
	 kSecAttrLabel
	 kSecAttrAlias (private)
	 kSecAttrApplicationLabel
	 kSecAttrIsPermanent
	 kSecAttrIsPrivate (private)
	 kSecAttrIsModifiable (private)
	 kSecAttrApplicationTag
	 kSecAttrKeyCreator (private)
	 kSecAttrKeyType
	 kSecAttrKeySizeInBits
	 kSecAttrEffectiveKeySize
	 kSecAttrStartDate (private)
	 kSecAttrEndDate (private)
	 kSecAttrIsSensitive (private)
	 kSecAttrWasAlwaysSensitive (private)
	 kSecAttrIsExtractable (private)
	 kSecAttrWasNeverExtractable (private)
	 kSecAttrCanEncrypt
	 kSecAttrCanDecrypt
	 kSecAttrCanDerive
	 kSecAttrCanSign
	 kSecAttrCanVerify
	 kSecAttrCanSignRecover (private)
	 kSecAttrCanVerifyRecover (private)
	 kSecAttrCanWrap
	 kSecAttrCanUnwrap

	 kSecClassIdentity item attributes:
	 Since an identity is the combination of a private key and a
	 certificate, this class shares attributes of both kSecClassKey and
	 kSecClassCertificate.

	 @constant kSecAttrScriptCode Specifies a dictionary key whose value is the
	 item's script code attribute. You use this tag to set or get a value
	 of type CFNumberRef that represents a script code for this item's
	 strings. (Note: use of this attribute is deprecated; string attributes
	 should always be stored in UTF-8 encoding. This is currently private
	 for use by syncing; new code should not ever access this attribute.)
	 @constant kSecAttrAlias Specifies a dictionary key whose value is the
	 item's alias. You use this key to get or set a value of type CFDataRef
	 which represents an alias. For certificate items, the alias is either
	 a single email address, an array of email addresses, or the common
	 name of the certificate if it does not contain any email address.
	 (Items of class kSecClassCertificate have this attribute.)
	 @constant kSecAttrHasCustomIcon Specifies a dictionary key whose value is the
	 item's custom icon attribute. You use this tag to set or get a value
	 of type CFBooleanRef that indicates whether the item should have an
	 application-specific icon. (Note: use of this attribute is deprecated;
	 custom item icons are not supported in Mac OS X. This is currently
	 private for use by syncing; new code should not use this attribute.)
	 @constant kSecAttrVolume Specifies a dictionary key whose value is the
	 item's volume attribute. You use this key to set or get a CFStringRef
	 value that represents an AppleShare volume name. (Items of class
	 kSecClassAppleSharePassword have this attribute.)
	 @constant kSecAttrAddress Specifies a dictionary key whose value is the
	 item's address attribute. You use this key to set or get a CFStringRef
	 value that contains the AppleTalk zone name, or the IP or domain name
	 that represents the server address. (Items of class
	 kSecClassAppleSharePassword have this attribute.)
	 @constant kSecAttrAFPServerSignature Specifies a dictionary key whose value
	 is the item's AFP server signature attribute. You use this key to set
	 or get a CFDataRef value containing 16 bytes that represents the
	 server's signature block. (Items of class kSecClassAppleSharePassword
	 have this attribute.)
	 @constant kSecAttrCRLType (read-only) Specifies a dictionary key whose
	 value is the item's certificate revocation list type. You use this
	 key to get a value of type CFNumberRef that denotes the CRL type (see
	 the CSSM_CRL_TYPE enum in cssmtype.h). (Items of class
	 kSecClassCertificate have this attribute.)
	 @constant kSecAttrCRLEncoding (read-only) Specifies a dictionary key whose
	 value is the item's certificate revocation list encoding.  You use
	 this key to get a value of type CFNumberRef that denotes the CRL
	 encoding (see the CSSM_CRL_ENCODING enum in cssmtype.h). (Items of
	 class kSecClassCertificate have this attribute.)
	 @constant kSecAttrKeyCreator Specifies a dictionary key whose value is a
	 CFDataRef containing a CSSM_GUID structure representing the module ID of
	 the CSP that owns this key.
	 @constant kSecAttrIsPrivate Specifies a dictionary key whose value is a
	 CFBooleanRef indicating whether the raw key material of the key in
	 question is private.
	 @constant kSecAttrIsModifiable Specifies a dictionary key whose value is a
	 CFBooleanRef indicating whether any of the attributes of this key are
	 modifiable.
	 @constant kSecAttrStartDate Specifies a dictionary key whose value is a
	 CFDateRef indicating the earliest date on which this key may be used.
	 If kSecAttrStartDate is not present, the restriction does not apply.
	 @constant kSecAttrEndDate Specifies a dictionary key whose value is a
	 CFDateRef indicating the last date on which this key may be used.
	 If kSecAttrEndDate is not present, the restriction does not apply.
	 @constant kSecAttrWasAlwaysSensitive Specifies a dictionary key whose value
	 is a CFBooleanRef indicating that the key in question has always been
	 marked as sensitive.
	 @constant kSecAttrWasNeverExtractable Specifies a dictionary key whose value
	 is a CFBooleanRef indicating that the key in question has never been
	 marked as extractable.
	 @constant kSecAttrCanSignRecover Specifies a dictionary key whose value is a
	 CFBooleanRef indicating whether the key in question can be used to
	 perform sign recovery.
	 @constant kSecAttrCanVerifyRecover Specifies a dictionary key whose value is
	 a CFBooleanRef indicating whether the key in question can be used to
	 perform verify recovery.
	 @constant kSecAttrTombstone Specifies a dictionary key whose value is
	 a CFBooleanRef indicating that the item in question is a tombstone.
	 */
	extern CFTypeRef kSecAttrScriptCode;
	extern CFTypeRef kSecAttrAlias;
	extern CFTypeRef kSecAttrHasCustomIcon;
	extern CFTypeRef kSecAttrVolume;
	extern CFTypeRef kSecAttrAddress;
	extern CFTypeRef kSecAttrAFPServerSignature;
	extern CFTypeRef kSecAttrCRLType;
	extern CFTypeRef kSecAttrCRLEncoding;
	extern CFTypeRef kSecAttrKeyCreator;
	extern CFTypeRef kSecAttrIsPrivate;
	extern CFTypeRef kSecAttrIsModifiable;
	extern CFTypeRef kSecAttrStartDate;
	extern CFTypeRef kSecAttrEndDate;
	extern CFTypeRef kSecAttrWasAlwaysSensitive;
	extern CFTypeRef kSecAttrWasNeverExtractable;
	extern CFTypeRef kSecAttrCanSignRecover;
	extern CFTypeRef kSecAttrCanVerifyRecover;
	extern CFTypeRef kSecAttrTombstone;

	/*!
	 @function SecItemCopyDisplayNames
	 @abstract Returns an array containing unique display names for each of the
	 certificates, keys, identities, or passwords in the provided items
	 array.
	 @param items An array containing items of type SecKeychainItemRef,
	 SecKeyRef, SecCertificateRef, or SecIdentityRef. All items in the
	 array should be of the same type.
	 @param displayNames On return, an array of CFString references containing
	 unique names for the supplied items. You are responsible for releasing
	 this array reference by calling the CFRelease function.
	 @result A result code. See "Security Error Codes" (SecBase.h).
	 @discussion Use this function to obtain item names which are suitable for
	 display in a menu or list view. The returned names are guaranteed to
	 be unique across the set of provided items.
	 */
	OSStatus SecItemCopyDisplayNames(CFArrayRef items, CFArrayRef *displayNames);

	/*!
	 @function SecItemDeleteAll
	 @abstract Removes all items from the keychain and added root certificates
	 from the trust store.
	 @result A result code. See "Security Error Codes" (SecBase.h).
	 */
	OSStatus SecItemDeleteAll(void);

/* Called by clients to push sync circle and message changes to us.
   Requires caller to have the kSecEntitlementSyncKeychain entitlement. */
bool _SecKeychainSyncUpdate(CFDictionaryRef updates, CFErrorRef *error);

CFDataRef _SecItemGetPersistentReference(CFTypeRef raw_item);

bool _SecKeychainBackupSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in, CFDictionaryRef *backup_out);
bool _SecKeychainRestoreSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in);

#if defined(__cplusplus)
}
#endif

#endif /* !_SECURITY_SECITEMPRIV_H_ */
Commit	Line	Data
b1ab9ed8	1	/*
427c49bc A	2	* Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
427c49bc A	3	*
b1ab9ed8	4	* @APPLE_LICENSE_HEADER_START@
427c49bc	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
427c49bc	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
427c49bc	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*!
	25	@header SecItemPriv
	26	SecItemPriv defines private constants and SPI functions for access to
	27	Security items (certificates, identities, keys, and keychain items.)
	28	*/
	29
	30	#ifndef _SECURITY_SECITEMPRIV_H_
	31	#define _SECURITY_SECITEMPRIV_H_
	32
427c49bc A	33	#include <CoreFoundation/CFDictionary.h>
	34	#include <CoreFoundation/CFData.h>
	35	#include <CoreFoundation/CFError.h>
	36	#include <Security/SecTask.h>
b1ab9ed8 A	37
	38	#if defined(__cplusplus)
	39	extern "C" {
	40	#endif
427c49bc	41
b1ab9ed8 A	42	/*!
	43	@enum Class Value Constants (Private)
	44	@discussion Predefined item class constants used to get or set values in
	45	a dictionary. The kSecClass constant is the key and its value is one
	46	of the constants defined here.
	47	@constant kSecClassAppleSharePassword Specifies AppleShare password items.
	48	*/
	49	extern const CFTypeRef kSecClassAppleSharePassword;
427c49bc	50
b1ab9ed8 A	51	/*!
	52	@enum Attribute Key Constants (Private)
	53	@discussion Predefined item attribute keys used to get or set values in a
	54	dictionary. Not all attributes apply to each item class. The table
	55	below lists the currently defined attributes for each item class:
427c49bc	56
b1ab9ed8	57	kSecClassGenericPassword item attributes:
427c49bc	58	kSecAttrAccessGroup
b1ab9ed8 A	59	kSecAttrCreationDate
	60	kSecAttrModificationDate
	61	kSecAttrDescription
	62	kSecAttrComment
	63	kSecAttrCreator
	64	kSecAttrType
	65	kSecAttrScriptCode (private)
	66	kSecAttrLabel
	67	kSecAttrAlias (private)
	68	kSecAttrIsInvisible
	69	kSecAttrIsNegative
	70	kSecAttrHasCustomIcon (private)
	71	kSecAttrProtected (private)
	72	kSecAttrAccount
	73	kSecAttrService
	74	kSecAttrGeneric
427c49bc	75
b1ab9ed8	76	kSecClassInternetPassword item attributes:
427c49bc	77	kSecAttrAccessGroup
b1ab9ed8 A	78	kSecAttrCreationDate
	79	kSecAttrModificationDate
	80	kSecAttrDescription
	81	kSecAttrComment
	82	kSecAttrCreator
	83	kSecAttrType
	84	kSecAttrScriptCode (private)
	85	kSecAttrLabel
	86	kSecAttrAlias (private)
	87	kSecAttrIsInvisible
	88	kSecAttrIsNegative
	89	kSecAttrHasCustomIcon (private)
	90	kSecAttrProtected (private)
	91	kSecAttrAccount
	92	kSecAttrSecurityDomain
	93	kSecAttrServer
	94	kSecAttrProtocol
	95	kSecAttrAuthenticationType
	96	kSecAttrPort
	97	kSecAttrPath
427c49bc	98
b1ab9ed8	99	kSecClassAppleSharePassword item attributes:
427c49bc	100	kSecAttrAccessGroup
b1ab9ed8 A	101	kSecAttrCreationDate
	102	kSecAttrModificationDate
	103	kSecAttrDescription
	104	kSecAttrComment
	105	kSecAttrCreator
	106	kSecAttrType
	107	kSecAttrScriptCode (private)
	108	kSecAttrLabel
	109	kSecAttrAlias (private)
	110	kSecAttrIsInvisible
	111	kSecAttrIsNegative
	112	kSecAttrHasCustomIcon (private)
	113	kSecAttrProtected (private)
	114	kSecAttrAccount
	115	kSecAttrVolume
	116	kSecAttrAddress
	117	kSecAttrAFPServerSignature
427c49bc	118
b1ab9ed8	119	kSecClassCertificate item attributes:
427c49bc	120	kSecAttrAccessGroup
b1ab9ed8 A	121	kSecAttrCertificateType
	122	kSecAttrCertificateEncoding
	123	kSecAttrLabel
	124	kSecAttrAlias (private)
	125	kSecAttrSubject
	126	kSecAttrIssuer
	127	kSecAttrSerialNumber
	128	kSecAttrSubjectKeyID
	129	kSecAttrPublicKeyHash
427c49bc	130
b1ab9ed8	131	kSecClassKey item attributes:
427c49bc	132	kSecAttrAccessGroup
b1ab9ed8 A	133	kSecAttrKeyClass
	134	kSecAttrLabel
	135	kSecAttrAlias (private)
	136	kSecAttrApplicationLabel
	137	kSecAttrIsPermanent
	138	kSecAttrIsPrivate (private)
	139	kSecAttrIsModifiable (private)
	140	kSecAttrApplicationTag
	141	kSecAttrKeyCreator (private)
	142	kSecAttrKeyType
	143	kSecAttrKeySizeInBits
	144	kSecAttrEffectiveKeySize
	145	kSecAttrStartDate (private)
	146	kSecAttrEndDate (private)
	147	kSecAttrIsSensitive (private)
	148	kSecAttrWasAlwaysSensitive (private)
	149	kSecAttrIsExtractable (private)
	150	kSecAttrWasNeverExtractable (private)
	151	kSecAttrCanEncrypt
	152	kSecAttrCanDecrypt
	153	kSecAttrCanDerive
	154	kSecAttrCanSign
	155	kSecAttrCanVerify
	156	kSecAttrCanSignRecover (private)
	157	kSecAttrCanVerifyRecover (private)
	158	kSecAttrCanWrap
	159	kSecAttrCanUnwrap
427c49bc	160
b1ab9ed8 A	161	kSecClassIdentity item attributes:
	162	Since an identity is the combination of a private key and a
	163	certificate, this class shares attributes of both kSecClassKey and
	164	kSecClassCertificate.
427c49bc	165
b1ab9ed8 A	166	@constant kSecAttrScriptCode Specifies a dictionary key whose value is the
	167	item's script code attribute. You use this tag to set or get a value
	168	of type CFNumberRef that represents a script code for this item's
	169	strings. (Note: use of this attribute is deprecated; string attributes
	170	should always be stored in UTF-8 encoding. This is currently private
	171	for use by syncing; new code should not ever access this attribute.)
	172	@constant kSecAttrAlias Specifies a dictionary key whose value is the
	173	item's alias. You use this key to get or set a value of type CFDataRef
	174	which represents an alias. For certificate items, the alias is either
	175	a single email address, an array of email addresses, or the common
	176	name of the certificate if it does not contain any email address.
	177	(Items of class kSecClassCertificate have this attribute.)
	178	@constant kSecAttrHasCustomIcon Specifies a dictionary key whose value is the
	179	item's custom icon attribute. You use this tag to set or get a value
	180	of type CFBooleanRef that indicates whether the item should have an
	181	application-specific icon. (Note: use of this attribute is deprecated;
	182	custom item icons are not supported in Mac OS X. This is currently
	183	private for use by syncing; new code should not use this attribute.)
	184	@constant kSecAttrVolume Specifies a dictionary key whose value is the
	185	item's volume attribute. You use this key to set or get a CFStringRef
	186	value that represents an AppleShare volume name. (Items of class
	187	kSecClassAppleSharePassword have this attribute.)
	188	@constant kSecAttrAddress Specifies a dictionary key whose value is the
	189	item's address attribute. You use this key to set or get a CFStringRef
	190	value that contains the AppleTalk zone name, or the IP or domain name
	191	that represents the server address. (Items of class
	192	kSecClassAppleSharePassword have this attribute.)
	193	@constant kSecAttrAFPServerSignature Specifies a dictionary key whose value
	194	is the item's AFP server signature attribute. You use this key to set
	195	or get a CFDataRef value containing 16 bytes that represents the
	196	server's signature block. (Items of class kSecClassAppleSharePassword
	197	have this attribute.)
	198	@constant kSecAttrCRLType (read-only) Specifies a dictionary key whose
	199	value is the item's certificate revocation list type. You use this
	200	key to get a value of type CFNumberRef that denotes the CRL type (see
	201	the CSSM_CRL_TYPE enum in cssmtype.h). (Items of class
	202	kSecClassCertificate have this attribute.)
	203	@constant kSecAttrCRLEncoding (read-only) Specifies a dictionary key whose
	204	value is the item's certificate revocation list encoding. You use
	205	this key to get a value of type CFNumberRef that denotes the CRL
	206	encoding (see the CSSM_CRL_ENCODING enum in cssmtype.h). (Items of
	207	class kSecClassCertificate have this attribute.)
	208	@constant kSecAttrKeyCreator Specifies a dictionary key whose value is a
	209	CFDataRef containing a CSSM_GUID structure representing the module ID of
	210	the CSP that owns this key.
	211	@constant kSecAttrIsPrivate Specifies a dictionary key whose value is a
	212	CFBooleanRef indicating whether the raw key material of the key in
	213	question is private.
	214	@constant kSecAttrIsModifiable Specifies a dictionary key whose value is a
	215	CFBooleanRef indicating whether any of the attributes of this key are
	216	modifiable.
	217	@constant kSecAttrStartDate Specifies a dictionary key whose value is a
	218	CFDateRef indicating the earliest date on which this key may be used.
	219	If kSecAttrStartDate is not present, the restriction does not apply.
	220	@constant kSecAttrEndDate Specifies a dictionary key whose value is a
	221	CFDateRef indicating the last date on which this key may be used.
	222	If kSecAttrEndDate is not present, the restriction does not apply.
b1ab9ed8 A	223	@constant kSecAttrWasAlwaysSensitive Specifies a dictionary key whose value
	224	is a CFBooleanRef indicating that the key in question has always been
	225	marked as sensitive.
b1ab9ed8 A	226	@constant kSecAttrWasNeverExtractable Specifies a dictionary key whose value
	227	is a CFBooleanRef indicating that the key in question has never been
	228	marked as extractable.
427c49bc	229	@constant kSecAttrCanSignRecover Specifies a dictionary key whose value is a
b1ab9ed8 A	230	CFBooleanRef indicating whether the key in question can be used to
b1ab9ed8 A	231	perform sign recovery.
427c49bc	232	@constant kSecAttrCanVerifyRecover Specifies a dictionary key whose value is
b1ab9ed8 A	233	a CFBooleanRef indicating whether the key in question can be used to
b1ab9ed8 A	234	perform verify recovery.
427c49bc A	235	@constant kSecAttrTombstone Specifies a dictionary key whose value is
427c49bc A	236	a CFBooleanRef indicating that the item in question is a tombstone.
b1ab9ed8 A	237	*/
	238	extern CFTypeRef kSecAttrScriptCode;
	239	extern CFTypeRef kSecAttrAlias;
	240	extern CFTypeRef kSecAttrHasCustomIcon;
	241	extern CFTypeRef kSecAttrVolume;
	242	extern CFTypeRef kSecAttrAddress;
	243	extern CFTypeRef kSecAttrAFPServerSignature;
	244	extern CFTypeRef kSecAttrCRLType;
	245	extern CFTypeRef kSecAttrCRLEncoding;
	246	extern CFTypeRef kSecAttrKeyCreator;
	247	extern CFTypeRef kSecAttrIsPrivate;
	248	extern CFTypeRef kSecAttrIsModifiable;
	249	extern CFTypeRef kSecAttrStartDate;
	250	extern CFTypeRef kSecAttrEndDate;
b1ab9ed8	251	extern CFTypeRef kSecAttrWasAlwaysSensitive;
b1ab9ed8 A	252	extern CFTypeRef kSecAttrWasNeverExtractable;
	253	extern CFTypeRef kSecAttrCanSignRecover;
	254	extern CFTypeRef kSecAttrCanVerifyRecover;
427c49bc A	255	extern CFTypeRef kSecAttrTombstone;
427c49bc A	256
b1ab9ed8 A	257	/*!
	258	@function SecItemCopyDisplayNames
	259	@abstract Returns an array containing unique display names for each of the
	260	certificates, keys, identities, or passwords in the provided items
	261	array.
	262	@param items An array containing items of type SecKeychainItemRef,
	263	SecKeyRef, SecCertificateRef, or SecIdentityRef. All items in the
	264	array should be of the same type.
	265	@param displayNames On return, an array of CFString references containing
	266	unique names for the supplied items. You are responsible for releasing
	267	this array reference by calling the CFRelease function.
	268	@result A result code. See "Security Error Codes" (SecBase.h).
	269	@discussion Use this function to obtain item names which are suitable for
	270	display in a menu or list view. The returned names are guaranteed to
	271	be unique across the set of provided items.
	272	*/
	273	OSStatus SecItemCopyDisplayNames(CFArrayRef items, CFArrayRef *displayNames);
427c49bc	274
b1ab9ed8 A	275	/*!
	276	@function SecItemDeleteAll
	277	@abstract Removes all items from the keychain and added root certificates
	278	from the trust store.
	279	@result A result code. See "Security Error Codes" (SecBase.h).
	280	*/
	281	OSStatus SecItemDeleteAll(void);
427c49bc A	282
	283	/* Called by clients to push sync circle and message changes to us.
	284	Requires caller to have the kSecEntitlementSyncKeychain entitlement. */
	285	bool _SecKeychainSyncUpdate(CFDictionaryRef updates, CFErrorRef *error);
	286
	287	CFDataRef _SecItemGetPersistentReference(CFTypeRef raw_item);
	288
	289	bool _SecKeychainBackupSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in, CFDictionaryRef *backup_out);
	290	bool _SecKeychainRestoreSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in);
	291
b1ab9ed8 A	292	#if defined(__cplusplus)
	293	}
	294	#endif
	295
	296	#endif /* !_SECURITY_SECITEMPRIV_H_ */