projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| b1ab9ed8 | 1 | /* |
| d8f41ccd | 2 | * Copyright (c) 2000-2004,2011,2013-2014 Apple Inc. All Rights Reserved. |
| b54c578e | 3 | * |
| b1ab9ed8 | 4 | * @APPLE_LICENSE_HEADER_START@ |
| b54c578e | 5 | * |
| b1ab9ed8 A |
6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| b54c578e | 12 | * |
| b1ab9ed8 A |
13 | * The Original Code and all software distributed under the License are |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| b54c578e | 20 | * |
| b1ab9ed8 A |
21 | * @APPLE_LICENSE_HEADER_END@ |
| 22 | */ | |
| 23 | ||
| 24 | /*! | |
| 25 | @header SecKeychain | |
| 26 | SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items. | |
| 27 | */ | |
| 28 | ||
| 29 | #ifndef _SECURITY_SECKEYCHAIN_H_ | |
| 30 | #define _SECURITY_SECKEYCHAIN_H_ | |
| 31 | ||
| 32 | #include <Security/SecBase.h> | |
| 33 | #include <Security/cssmapple.h> | |
| 34 | #include <CoreFoundation/CFArray.h> | |
| 35 | #include <libkern/OSByteOrder.h> | |
| b54c578e | 36 | #include <Availability.h> |
| b1ab9ed8 A |
37 | |
| 38 | #if defined(__cplusplus) | |
| 39 | extern "C" { | |
| 40 | #endif | |
| 41 | ||
| 5c19dc3a A |
42 | CF_ASSUME_NONNULL_BEGIN |
| 43 | ||
| b1ab9ed8 A |
44 | /*! |
| 45 | @enum KeychainStatus | |
| 46 | @abstract Defines the current status of a keychain. | |
| 47 | @constant kSecUnlockStateStatus Indicates the keychain is unlocked. | |
| 48 | @constant kSecReadPermStatus Indicates the keychain is readable. | |
| 49 | @constant kSecWritePermStatus Indicates the keychain is writable. | |
| 50 | */ | |
| 5c19dc3a | 51 | CF_ENUM(UInt32) |
| b1ab9ed8 A |
52 | { |
| 53 | kSecUnlockStateStatus = 1, | |
| 54 | kSecReadPermStatus = 2, | |
| 55 | kSecWritePermStatus = 4 | |
| 56 | }; | |
| 57 | ||
| 58 | #define SEC_KEYCHAIN_SETTINGS_VERS1 1 | |
| 59 | ||
| 60 | ||
| 61 | /*! | |
| 62 | @typedef SecKeychainSettings | |
| 63 | @abstract Contains keychain settings. | |
| 64 | @field version An unsigned 32-bit integer representing the keychain version. | |
| 65 | @field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps. | |
| 66 | @field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time. | |
| 67 | @field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks. | |
| 68 | */ | |
| 69 | struct SecKeychainSettings | |
| b54c578e A |
70 | { |
| 71 | UInt32 version; | |
| b1ab9ed8 A |
72 | Boolean lockOnSleep; |
| 73 | Boolean useLockInterval; | |
| 74 | UInt32 lockInterval; | |
| 75 | }; | |
| 76 | typedef struct SecKeychainSettings SecKeychainSettings; | |
| 77 | ||
| b1ab9ed8 A |
78 | /*! |
| 79 | @enum AuthenticationConstants | |
| 80 | @abstract Defines constants you can use to identify the type of authentication to use for an Internet password. | |
| 81 | @constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication. | |
| 82 | @constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication. | |
| 83 | @constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication. | |
| b54c578e | 84 | @constant kSecAuthenticationTypeRPA Specifies Remote Password authentication. |
| b1ab9ed8 A |
85 | @constant kSecAuthenticationTypeHTTPBasic Specifies HTTP Basic authentication. |
| 86 | @constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication. | |
| 87 | @constant kSecAuthenticationTypeHTMLForm Specifies HTML form based authentication. | |
| 88 | @constant kSecAuthenticationTypeDefault Specifies the default authentication type. | |
| 89 | @constant kSecAuthenticationTypeAny Specifies that any authentication type is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular authentication type. | |
| 90 | */ | |
| 91 | #ifdef __LITTLE_ENDIAN__ | |
| 92 | #define AUTH_TYPE_FIX_(x) OSSwapConstInt32(x) | |
| 93 | #else | |
| 94 | #define AUTH_TYPE_FIX_(x) (x) | |
| 95 | #endif | |
| 96 | ||
| 5c19dc3a | 97 | typedef CF_ENUM(FourCharCode, SecAuthenticationType) |
| b1ab9ed8 A |
98 | { |
| 99 | kSecAuthenticationTypeNTLM = AUTH_TYPE_FIX_ ('ntlm'), | |
| 100 | kSecAuthenticationTypeMSN = AUTH_TYPE_FIX_ ('msna'), | |
| 101 | kSecAuthenticationTypeDPA = AUTH_TYPE_FIX_ ('dpaa'), | |
| 102 | kSecAuthenticationTypeRPA = AUTH_TYPE_FIX_ ('rpaa'), | |
| 103 | kSecAuthenticationTypeHTTPBasic = AUTH_TYPE_FIX_ ('http'), | |
| 104 | kSecAuthenticationTypeHTTPDigest = AUTH_TYPE_FIX_ ('httd'), | |
| 105 | kSecAuthenticationTypeHTMLForm = AUTH_TYPE_FIX_ ('form'), | |
| 106 | kSecAuthenticationTypeDefault = AUTH_TYPE_FIX_ ('dflt'), | |
| 107 | kSecAuthenticationTypeAny = AUTH_TYPE_FIX_ ( 0 ) | |
| 108 | }; | |
| 109 | ||
| b1ab9ed8 A |
110 | /*! |
| 111 | @enum ProtocolTypeConstants | |
| 112 | @abstract Defines the protocol type associated with an AppleShare or Internet password. | |
| 113 | @constant kSecProtocolTypeFTP Indicates FTP. | |
| 114 | @constant kSecProtocolTypeFTPAccount Indicates FTP Account (client side), usage deprecated. | |
| b54c578e | 115 | @constant kSecProtocolTypeHTTP Indicates HTTP. |
| b1ab9ed8 A |
116 | @constant kSecProtocolTypeIRC Indicates IRC. |
| 117 | @constant kSecProtocolTypeNNTP Indicates NNTP. | |
| 118 | @constant kSecProtocolTypePOP3 Indicates POP3. | |
| 119 | @constant kSecProtocolTypeSMTP Indicates SMTP. | |
| 120 | @constant kSecProtocolTypeSOCKS Indicates SOCKS. | |
| 121 | @constant kSecProtocolTypeIMAP Indicates IMAP. | |
| 122 | @constant kSecProtocolTypeLDAP Indicates LDAP. | |
| 123 | @constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk. | |
| 124 | @constant kSecProtocolTypeAFP Indicates AFP over TCP. | |
| 125 | @constant kSecProtocolTypeTelnet Indicates Telnet. | |
| 126 | @constant kSecProtocolTypeSSH Indicates SSH. | |
| 127 | @constant kSecProtocolTypeFTPS Indicates FTPS (FTP over TLS/SSL). | |
| 128 | @constant kSecProtocolTypeHTTPS Indicates HTTPS (HTTP over TLS/SSL). | |
| 129 | @constant kSecProtocolTypeHTTPProxy Indicates HTTP proxy. | |
| 130 | @constant kSecProtocolTypeHTTPSProxy Indicates HTTPS proxy. | |
| 131 | @constant kSecProtocolTypeFTPProxy Indicates FTP proxy. | |
| 132 | @constant kSecProtocolTypeSMB Indicates SMB. | |
| 133 | @constant kSecProtocolTypeRTSP Indicates RTSP. | |
| 134 | @constant kSecProtocolTypeRTSPProxy Indicates RTSP proxy. | |
| 135 | @constant kSecProtocolTypeDAAP Indicates DAAP. | |
| 136 | @constant kSecProtocolTypeEPPC Indicates EPPC (Remote Apple Events). | |
| 137 | @constant kSecProtocolTypeIPP Indicates IPP. | |
| 138 | @constant kSecProtocolTypeNNTPS Indicates NNTPS (NNTP over TLS/SSL). | |
| 139 | @constant kSecProtocolTypeLDAPS Indicates LDAPS (LDAP over TLS/SSL). | |
| 140 | @constant kSecProtocolTypeTelnetS Indicates Telnet over TLS/SSL. | |
| 141 | @constant kSecProtocolTypeIMAPS Indicates IMAPS (IMAP4 over TLS/SSL). | |
| 142 | @constant kSecProtocolTypeIRCS Indicates IRCS (IRC over TLS/SSL). | |
| 143 | @constant kSecProtocolTypePOP3S Indicates POP3S (POP3 over TLS/SSL). | |
| 144 | @constant kSecProtocolTypeCVSpserver Indicates CVS pserver. | |
| 145 | @constant kSecProtocolTypeSVN Indicates Subversion. | |
| 146 | @constant kSecProtocolTypeAny Indicates that any protocol is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular protocol. | |
| 147 | */ | |
| 5c19dc3a | 148 | typedef CF_ENUM(FourCharCode, SecProtocolType) |
| b1ab9ed8 A |
149 | { |
| 150 | kSecProtocolTypeFTP = 'ftp ', | |
| 151 | kSecProtocolTypeFTPAccount = 'ftpa', | |
| 152 | kSecProtocolTypeHTTP = 'http', | |
| 153 | kSecProtocolTypeIRC = 'irc ', | |
| 154 | kSecProtocolTypeNNTP = 'nntp', | |
| 155 | kSecProtocolTypePOP3 = 'pop3', | |
| 156 | kSecProtocolTypeSMTP = 'smtp', | |
| 157 | kSecProtocolTypeSOCKS = 'sox ', | |
| 158 | kSecProtocolTypeIMAP = 'imap', | |
| 159 | kSecProtocolTypeLDAP = 'ldap', | |
| 160 | kSecProtocolTypeAppleTalk = 'atlk', | |
| 161 | kSecProtocolTypeAFP = 'afp ', | |
| 162 | kSecProtocolTypeTelnet = 'teln', | |
| 163 | kSecProtocolTypeSSH = 'ssh ', | |
| 164 | kSecProtocolTypeFTPS = 'ftps', | |
| 165 | kSecProtocolTypeHTTPS = 'htps', | |
| 166 | kSecProtocolTypeHTTPProxy = 'htpx', | |
| 167 | kSecProtocolTypeHTTPSProxy = 'htsx', | |
| 168 | kSecProtocolTypeFTPProxy = 'ftpx', | |
| 169 | kSecProtocolTypeCIFS = 'cifs', | |
| 170 | kSecProtocolTypeSMB = 'smb ', | |
| 171 | kSecProtocolTypeRTSP = 'rtsp', | |
| 172 | kSecProtocolTypeRTSPProxy = 'rtsx', | |
| 173 | kSecProtocolTypeDAAP = 'daap', | |
| 174 | kSecProtocolTypeEPPC = 'eppc', | |
| 175 | kSecProtocolTypeIPP = 'ipp ', | |
| 176 | kSecProtocolTypeNNTPS = 'ntps', | |
| 177 | kSecProtocolTypeLDAPS = 'ldps', | |
| 178 | kSecProtocolTypeTelnetS = 'tels', | |
| 179 | kSecProtocolTypeIMAPS = 'imps', | |
| 180 | kSecProtocolTypeIRCS = 'ircs', | |
| 181 | kSecProtocolTypePOP3S = 'pops', | |
| 182 | kSecProtocolTypeCVSpserver = 'cvsp', | |
| 183 | kSecProtocolTypeSVN = 'svn ', | |
| 184 | kSecProtocolTypeAny = 0 | |
| 185 | }; | |
| 186 | ||
| b1ab9ed8 A |
187 | /*! |
| 188 | @enum KeychainEventConstants | |
| 189 | @abstract Defines the keychain-related event. | |
| 190 | @constant kSecLockEvent Indicates a keychain was locked. | |
| 191 | @constant kSecUnlockEvent Indicates a keychain was unlocked. | |
| 192 | @constant kSecAddEvent Indicates an item was added to a keychain. | |
| 193 | @constant kSecDeleteEvent Indicates an item was deleted from a keychain. | |
| 194 | @constant kSecUpdateEvent Indicates a keychain item was updated. | |
| 195 | @constant kSecPasswordChangedEvent Indicates the keychain password was changed. | |
| 196 | @constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default. | |
| 197 | @constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data. | |
| 198 | @constant kSecKeychainListChangedEvent Indicates the list of keychains has changed. | |
| 199 | @constant kSecTrustSettingsChangedEvent Indicates Trust Settings changed. | |
| 200 | */ | |
| 5c19dc3a | 201 | typedef CF_ENUM(UInt32, SecKeychainEvent) |
| b1ab9ed8 A |
202 | { |
| 203 | kSecLockEvent = 1, | |
| 204 | kSecUnlockEvent = 2, | |
| 205 | kSecAddEvent = 3, | |
| 206 | kSecDeleteEvent = 4, | |
| 207 | kSecUpdateEvent = 5, | |
| 208 | kSecPasswordChangedEvent = 6, | |
| 209 | kSecDefaultChangedEvent = 9, | |
| b54c578e | 210 | kSecDataAccessEvent __API_DEPRECATED("Read events are no longer posted", macos(10.10, 10.15)) = 10, |
| b1ab9ed8 A |
211 | kSecKeychainListChangedEvent = 11, |
| 212 | kSecTrustSettingsChangedEvent = 12 | |
| 213 | }; | |
| 214 | ||
| b1ab9ed8 A |
215 | /*! |
| 216 | @enum KeychainEventConstants | |
| 217 | @abstract Defines keychain event constants | |
| 218 | @constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked. | |
| 219 | @constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked. | |
| 220 | @constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain. | |
| 221 | @constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain. | |
| 222 | @constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated. | |
| 223 | @constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed. | |
| 224 | @constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default. | |
| 225 | @constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data. | |
| b54c578e | 226 | @constant kSecTrustSettingsChangedEvent If the bit specified by this mask is set, your callback function will be invoked when there is a change in certificate Trust Settings. |
| b1ab9ed8 A |
227 | @constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs. |
| 228 | */ | |
| 5c19dc3a | 229 | typedef CF_OPTIONS(UInt32, SecKeychainEventMask) |
| b1ab9ed8 A |
230 | { |
| 231 | kSecLockEventMask = 1 << kSecLockEvent, | |
| 232 | kSecUnlockEventMask = 1 << kSecUnlockEvent, | |
| 233 | kSecAddEventMask = 1 << kSecAddEvent, | |
| 234 | kSecDeleteEventMask = 1 << kSecDeleteEvent, | |
| 235 | kSecUpdateEventMask = 1 << kSecUpdateEvent, | |
| 236 | kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent, | |
| 237 | kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent, | |
| b54c578e | 238 | kSecDataAccessEventMask __API_DEPRECATED("Read events are no longer posted", macos(10.10, 10.15)) = 1 << kSecDataAccessEvent, |
| b1ab9ed8 A |
239 | kSecKeychainListChangedMask = 1 << kSecKeychainListChangedEvent, |
| 240 | kSecTrustSettingsChangedEventMask = 1 << kSecTrustSettingsChangedEvent, | |
| 241 | kSecEveryEventMask = 0xffffffff | |
| 242 | }; | |
| 243 | ||
| 244 | /*! | |
| 245 | @typedef SecKeychainCallbackInfo | |
| b54c578e | 246 | @abstract Contains information about a keychain event. |
| b1ab9ed8 A |
247 | @field version The version of this structure. |
| 248 | @field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item. | |
| 249 | @field keychain A reference to the keychain in which the event occurred. | |
| 250 | @field pid The id of the process that generated this event. | |
| b54c578e | 251 | @discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback. |
| b1ab9ed8 | 252 | */ |
| d64be36e | 253 | struct API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst) SecKeychainCallbackInfo |
| b1ab9ed8 | 254 | { |
| 5c19dc3a A |
255 | UInt32 version; |
| 256 | SecKeychainItemRef __nonnull item; | |
| 257 | SecKeychainRef __nonnull keychain; | |
| 258 | pid_t pid; | |
| b1ab9ed8 | 259 | }; |
| d64be36e | 260 | typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); |
| b54c578e | 261 | |
| b1ab9ed8 A |
262 | /*! |
| 263 | @function SecKeychainGetTypeID | |
| 264 | @abstract Returns the type identifier of SecKeychain instances. | |
| 265 | @result The CFTypeID of SecKeychain instances. | |
| 266 | */ | |
| 267 | CFTypeID SecKeychainGetTypeID(void); | |
| 268 | ||
| 269 | /*! | |
| 270 | @function SecKeychainGetVersion | |
| 271 | Content-type: text/html ]>