[apple/security.git] / libsecurity_keychain / lib / SecKeychainItemPriv.h

/*
 * Copyright (c) 2003-2008 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

#ifndef _SECURITY_SECKEYCHAINITEMPRIV_H_
#define _SECURITY_SECKEYCHAINITEMPRIV_H_

#include <CoreFoundation/CFData.h>
#include <Security/SecBase.h>
#include <Security/SecKeychainItem.h>

#if defined(__cplusplus)
extern "C" {
#endif

/* Private keychain item attributes */
enum 
{
	kSecClassItemAttr            = 'clas',                       /* Item class (KCItemClass) */
	kSecProtectedDataItemAttr    = 'prot',                       /* Item's data is protected (encrypted) (Boolean) */
};

/* Temporary: CRL attributes */
enum 
{
	kSecCrlEncodingItemAttr			 = 'cren',
	kSecThisUpdateItemAttr			 = 'crtu',
	kSecNextUpdateItemAttr			 = 'crnu',
	kSecUriItemAttr					 = 'curi',	// URI from which it came	
	kSecCrlNumberItemAttr			 = 'crnm',
	kSecDeltaCrlNumberItemAttr		 = 'dlcr'
};

/* Unlock referral item attributes */
enum {
	kSecReferralTypeAttr			 = 'rtyp',	// type of referral
	kSecReferralDbNameAttr			 = 'rnam',	// database name
	kSecReferralDbGuidAttr			 = 'rgui',	// module GUID
	kSecReferralDbSSIDAttr			 = 'rssi',	// module subservice ID
	kSecReferralDbSSTypeAttr		 = 'rsty',	// subservice type
	kSecReferralDbNetnameAttr		 = 'rnnm',	// network name (blob)
	kSecReferralKeyLabelAttr		 = 'rlbl',	// key's Label
	kSecReferralKeyAppTagAttr		 = 'rkat'	// key's ApplicationTag
};


/* Extended Attribute record attributes */
enum {
	kExtendedAttrRecordTypeAttr		= 'eart',
	kExtendedAttrItemIDAttr			= 'eaii',
	kExtendedAttrAttributeNameAttr	= 'eaan',
	kExtendedAttrAttributeValueAttr	= 'eaav'
	/* also kSecModDateItemAttr from SecKeychainItem.h */
};

OSStatus SecKeychainItemCreateNew(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, SecKeychainItemRef* itemRef);

OSStatus SecKeychainItemGetData(SecKeychainItemRef itemRef, UInt32 maxLength, void* data, UInt32* actualLength);

OSStatus SecKeychainItemGetAttribute(SecKeychainItemRef itemRef, SecKeychainAttribute* attribute, UInt32* actualLength);

OSStatus SecKeychainItemSetAttribute(SecKeychainItemRef itemRef, SecKeychainAttribute* attribute);

OSStatus SecKeychainItemAdd(SecKeychainItemRef itemRef);

OSStatus SecKeychainItemAddNoUI(SecKeychainRef keychainRef, SecKeychainItemRef itemRef);

OSStatus SecKeychainItemUpdate(SecKeychainItemRef itemRef);

OSStatus SecKeychainItemSetData(SecKeychainItemRef itemRef, UInt32 length, const void* data);

OSStatus SecKeychainItemFindFirst(SecKeychainRef keychainRef, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef, SecKeychainItemRef *itemRef);

/*!
	@function SecKeychainItemCopyRecordIdentifier
	@abstract Returns the record identifier for a keychain item
	@param itemRef The item for which the localID is to be returned
	@param recordIdentifier The returned recordIdentifier
    @result A result code. See "Security Error Codes" (SecBase.h).
*/

OSStatus SecKeychainItemCopyRecordIdentifier(SecKeychainItemRef itemRef, CFDataRef *recordIdentifier);

/*!
	@function SecKeychainItemCopyFromRecordIdentifier
	@abstract Returns a SecKeychainItemRef, given a keychain and a recordIdentifier
	@param keychain The keychain in which the item is located
	@param itemRef The item for which the localID is to be returned
	@param recordIdentifier The returned localID
    @result A result code. See "Security Error Codes" (SecBase.h).
*/

OSStatus SecKeychainItemCopyFromRecordIdentifier(SecKeychainRef keychain,
												 SecKeychainItemRef *itemRef,
												 CFDataRef recordIdentifier);

/*!
	@function SecKeychainItemCopyAttributesAndEncryptedData
	@abstract Copies the data and/or attributes stored in the given keychain item. You must call SecKeychainItemFreeAttributesAndData()
			  when you no longer need the attributes and data. If you want to modify the attributes returned here, use SecKeychainModifyAttributesAndData().
			  The data is not decrypted.
	@param itemRef A reference to the keychain item to copy.
	@param info List of tags of attributes to retrieve.
	@param itemClass The item's class. You should pass NULL if not required.
	@param attrList on output, an attribute list with the attributes specified by info. You must call SecKeychainItemFreeAttributesAndData() when you no longer need this list.
	@param length on output the actual length of the data.
	@param outData Pointer to a buffer containing the data in this item. Pass NULL if not required. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the data.
    @result A result code.  See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters are supplied.
*/
OSStatus SecKeychainItemCopyAttributesAndEncryptedData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info,
													   SecItemClass *itemClass, SecKeychainAttributeList **attrList,
													   UInt32 *length, void **outData);

/*!
	@function SecKeychainItemModifyEncryptedData
	@abstract Updates an existing keychain item after changing its data.
			  The data is not re-encrypted.
	@param itemRef A reference to the keychain item to modify.
	@param length The length of the buffer pointed to by data.
	@param data Pointer to a buffer containing the data to store.
    @result A result code.  See "Security Error Codes" (SecBase.h).
	@discussion The keychain item is written to the keychain's permanent data store. If the keychain item has not previously been added to a keychain, a call to the SecKeychainItemModifyContent function does nothing and returns errSecSuccess.
*/
OSStatus SecKeychainItemModifyEncryptedData(SecKeychainItemRef itemRef, UInt32 length, const void *data);

/*!
	@function SecKeychainItemCreateFromEncryptedContent
	@abstract Creates a new keychain item from the supplied parameters. The data is not re-encrypted.
	@param itemClass A constant identifying the class of item to create.
	@param length The length of the buffer pointed to by data.
	@param data A pointer to a buffer containing the data to store.
    @param keychainRef A reference to the keychain in which to add the item.
	@param initialAccess A reference to the access for this keychain item.
	@param itemRef On return, a pointer to a reference to the newly created keychain item (optional). When the item reference is no longer required, call CFRelease to deallocate memory occupied by the item.
	@param itemLocalID On return, the item's local ID data (optional). When the local ID data reference is no longer required, call CFRelease to deallocate memory occupied by the reference.
    @result A result code.  See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters are supplied, or errSecAllocate (-108) if there is not enough memory in the current heap zone to create the object.
*/
OSStatus SecKeychainItemCreateFromEncryptedContent(SecItemClass itemClass, UInt32 length, const void *data,
												   SecKeychainRef keychainRef, SecAccessRef initialAccess,
												   SecKeychainItemRef *itemRef, CFDataRef *itemLocalID);
#if defined(__cplusplus)
}
#endif

#endif /* !_SECURITY_SECKEYCHAINITEMPRIV_H_ */
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2003-2008 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	#ifndef _SECURITY_SECKEYCHAINITEMPRIV_H_
	25	#define _SECURITY_SECKEYCHAINITEMPRIV_H_
	26
	27	#include <CoreFoundation/CFData.h>
	28	#include <Security/SecBase.h>
	29	#include <Security/SecKeychainItem.h>
	30
	31	#if defined(__cplusplus)
	32	extern "C" {
	33	#endif
	34
	35	/* Private keychain item attributes */
	36	enum
	37	{
	38	kSecClassItemAttr = 'clas', /* Item class (KCItemClass) */
	39	kSecProtectedDataItemAttr = 'prot', /* Item's data is protected (encrypted) (Boolean) */
	40	};
	41
	42	/* Temporary: CRL attributes */
	43	enum
	44	{
	45	kSecCrlEncodingItemAttr = 'cren',
	46	kSecThisUpdateItemAttr = 'crtu',
	47	kSecNextUpdateItemAttr = 'crnu',
	48	kSecUriItemAttr = 'curi', // URI from which it came
	49	kSecCrlNumberItemAttr = 'crnm',
	50	kSecDeltaCrlNumberItemAttr = 'dlcr'
	51	};
	52
	53	/* Unlock referral item attributes */
	54	enum {
	55	kSecReferralTypeAttr = 'rtyp', // type of referral
	56	kSecReferralDbNameAttr = 'rnam', // database name
	57	kSecReferralDbGuidAttr = 'rgui', // module GUID
	58	kSecReferralDbSSIDAttr = 'rssi', // module subservice ID
	59	kSecReferralDbSSTypeAttr = 'rsty', // subservice type
	60	kSecReferralDbNetnameAttr = 'rnnm', // network name (blob)
	61	kSecReferralKeyLabelAttr = 'rlbl', // key's Label
	62	kSecReferralKeyAppTagAttr = 'rkat' // key's ApplicationTag
	63	};
	64
65
66	/* Extended Attribute record attributes */
67	enum {
68	kExtendedAttrRecordTypeAttr = 'eart',
69	kExtendedAttrItemIDAttr = 'eaii',
70	kExtendedAttrAttributeNameAttr = 'eaan',
71	kExtendedAttrAttributeValueAttr = 'eaav'
72	/* also kSecModDateItemAttr from SecKeychainItem.h */
73	};
74
75	OSStatus SecKeychainItemCreateNew(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, SecKeychainItemRef* itemRef);
76
77	OSStatus SecKeychainItemGetData(SecKeychainItemRef itemRef, UInt32 maxLength, void* data, UInt32* actualLength);
78
79	OSStatus SecKeychainItemGetAttribute(SecKeychainItemRef itemRef, SecKeychainAttribute* attribute, UInt32* actualLength);
80
81	OSStatus SecKeychainItemSetAttribute(SecKeychainItemRef itemRef, SecKeychainAttribute* attribute);
82
83	OSStatus SecKeychainItemAdd(SecKeychainItemRef itemRef);
84
85	OSStatus SecKeychainItemAddNoUI(SecKeychainRef keychainRef, SecKeychainItemRef itemRef);
86
87	OSStatus SecKeychainItemUpdate(SecKeychainItemRef itemRef);
88
89	OSStatus SecKeychainItemSetData(SecKeychainItemRef itemRef, UInt32 length, const void* data);
90
91	OSStatus SecKeychainItemFindFirst(SecKeychainRef keychainRef, const SecKeychainAttributeList attrList, SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef);
92
93	/*!
94	@function SecKeychainItemCopyRecordIdentifier
95	@abstract Returns the record identifier for a keychain item
96	@param itemRef The item for which the localID is to be returned
97	@param recordIdentifier The returned recordIdentifier
98	@result A result code. See "Security Error Codes" (SecBase.h).
99	*/
100
101	OSStatus SecKeychainItemCopyRecordIdentifier(SecKeychainItemRef itemRef, CFDataRef *recordIdentifier);
102
103	/*!
104	@function SecKeychainItemCopyFromRecordIdentifier
105	@abstract Returns a SecKeychainItemRef, given a keychain and a recordIdentifier
106	@param keychain The keychain in which the item is located
107	@param itemRef The item for which the localID is to be returned
108	@param recordIdentifier The returned localID
109	@result A result code. See "Security Error Codes" (SecBase.h).
110	*/
111
112	OSStatus SecKeychainItemCopyFromRecordIdentifier(SecKeychainRef keychain,
113	SecKeychainItemRef *itemRef,
114	CFDataRef recordIdentifier);
115
116	/*!
117	@function SecKeychainItemCopyAttributesAndEncryptedData
118	@abstract Copies the data and/or attributes stored in the given keychain item. You must call SecKeychainItemFreeAttributesAndData()
119	when you no longer need the attributes and data. If you want to modify the attributes returned here, use SecKeychainModifyAttributesAndData().
120	The data is not decrypted.
121	@param itemRef A reference to the keychain item to copy.
122	@param info List of tags of attributes to retrieve.
123	@param itemClass The item's class. You should pass NULL if not required.
124	@param attrList on output, an attribute list with the attributes specified by info. You must call SecKeychainItemFreeAttributesAndData() when you no longer need this list.
125	@param length on output the actual length of the data.
126	@param outData Pointer to a buffer containing the data in this item. Pass NULL if not required. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the data.
427c49bc	127	@result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters are supplied.
b1ab9ed8 A	128	*/
	129	OSStatus SecKeychainItemCopyAttributesAndEncryptedData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info,
	130	SecItemClass itemClass, SecKeychainAttributeList *attrList,
	131	UInt32 length, void *outData);
	132
	133	/*!
	134	@function SecKeychainItemModifyEncryptedData
	135	@abstract Updates an existing keychain item after changing its data.
	136	The data is not re-encrypted.
	137	@param itemRef A reference to the keychain item to modify.
	138	@param length The length of the buffer pointed to by data.
	139	@param data Pointer to a buffer containing the data to store.
	140	@result A result code. See "Security Error Codes" (SecBase.h).
427c49bc	141	@discussion The keychain item is written to the keychain's permanent data store. If the keychain item has not previously been added to a keychain, a call to the SecKeychainItemModifyContent function does nothing and returns errSecSuccess.
b1ab9ed8 A	142	*/
	143	OSStatus SecKeychainItemModifyEncryptedData(SecKeychainItemRef itemRef, UInt32 length, const void *data);
	144
	145	/*!
	146	@function SecKeychainItemCreateFromEncryptedContent
	147	@abstract Creates a new keychain item from the supplied parameters. The data is not re-encrypted.
	148	@param itemClass A constant identifying the class of item to create.
	149	@param length The length of the buffer pointed to by data.
	150	@param data A pointer to a buffer containing the data to store.
	151	@param keychainRef A reference to the keychain in which to add the item.
	152	@param initialAccess A reference to the access for this keychain item.
	153	@param itemRef On return, a pointer to a reference to the newly created keychain item (optional). When the item reference is no longer required, call CFRelease to deallocate memory occupied by the item.
	154	@param itemLocalID On return, the item's local ID data (optional). When the local ID data reference is no longer required, call CFRelease to deallocate memory occupied by the reference.
427c49bc	155	@result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters are supplied, or errSecAllocate (-108) if there is not enough memory in the current heap zone to create the object.
b1ab9ed8 A	156	*/
	157	OSStatus SecKeychainItemCreateFromEncryptedContent(SecItemClass itemClass, UInt32 length, const void *data,
	158	SecKeychainRef keychainRef, SecAccessRef initialAccess,
	159	SecKeychainItemRef itemRef, CFDataRef itemLocalID);
	160	#if defined(__cplusplus)
	161	}
	162	#endif
	163
	164	#endif /* !_SECURITY_SECKEYCHAINITEMPRIV_H_ */