2 * Copyright (c) 2008-2009,2011-2014,2016 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 SecBasePriv contains private error codes from the Security framework.
29 #ifndef _SECURITY_SECBASEPRIV_H_
30 #define _SECURITY_SECBASEPRIV_H_
32 #include <Security/SecBase.h>
33 #include <AvailabilityMacros.h>
34 #include <Availability.h>
37 // Macros for allowing use of availability for internal functions without digging for when
38 // they first existed.
39 // When publishing any API publicly, don't use these.
40 #define __SEC_MAC_ONLY_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
41 #define __SEC_IOS_ONLY_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_10_0);
42 #define __SEC_MAC_AND_IOS_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
45 #include <Security/cssmtype.h>
46 #endif /* SEC_OS_OSX */
50 /*******************************************************
51 *** Private OSStatus values unique to Security APIs ***
52 *******************************************************/
55 Note: the comments that appear after these errors are used to create SecErrorMessages.strings.
56 The comments must not be multi-line, and should be in a form meaningful to an end user. If
57 a different or additional comment is needed, it can be put in the header doc format, or on a
58 line that does not start with errZZZ.
63 errSecInvalidCertificate
= errSecDecode
, // -26265, /* This certificate could not be decoded. */
64 errSecPolicyDenied
= -26270, /* The certificate chain was not trusted due to a policy not accepting it. */
65 errSecInvalidKey
= errSecDecode
, // -26274, /* The provided key material was not valid. */
66 errSecInternal
= -26276, /* An internal error occured in the Security framework. */
67 errSecUnsupportedAlgorithm
= errSecUnimplemented
, // -26268, /* An unsupported algorithm was encountered. */
68 errSecUnsupportedOperation
= errSecUnimplemented
, // -26271, /* The operation you requested is not supported by this key. */
69 errSecUnsupportedPadding
= errSecParam
, // -26273, /* The padding you requested is not supported. */
70 errSecItemInvalidKey
= errSecParam
, // -34000, /* A string key in dictionary is not one of the supported keys. */
71 errSecItemInvalidKeyType
= errSecParam
, // -34001, /* A key in a dictionary is neither a CFStringRef nor a CFNumberRef. */
72 errSecItemInvalidValue
= errSecParam
, // -34002, /* A value in a dictionary is an invalid (or unsupported) CF type. */
73 errSecItemClassMissing
= errSecParam
, // -34003, /* No kSecItemClass key was specified in a dictionary. */
74 errSecItemMatchUnsupported
= errSecParam
, // -34004, /* The caller passed one or more kSecMatch keys to a function which does not support matches. */
75 errSecUseItemListUnsupported
= errSecParam
, // -34005, /* The caller passed in a kSecUseItemList key to a function which does not support it. */
76 errSecUseKeychainUnsupported
= errSecParam
, // -34006, /* The caller passed in a kSecUseKeychain key to a function which does not support it. */
77 errSecUseKeychainListUnsupported
= errSecParam
, // -34007, /* The caller passed in a kSecUseKeychainList key to a function which does not support it. */
78 errSecReturnDataUnsupported
= errSecParam
, // -34008, /* The caller passed in a kSecReturnData key to a function which does not support it. */
79 errSecReturnAttributesUnsupported
= errSecParam
, // -34009, /* The caller passed in a kSecReturnAttributes key to a function which does not support it. */
80 errSecReturnRefUnsupported
= errSecParam
, // -34010, /* The caller passed in a kSecReturnRef key to a function which does not support it. */
81 errSecReturnPersistentRefUnsupported
= errSecParam
, // -34010, /* The caller passed in a kSecReturnPersistentRef key to a function which does not support it. */
82 errSecValueRefUnsupported
= errSecParam
, // -34012, /* The caller passed in a kSecValueRef key to a function which does not support it. */
83 errSecValuePersistentRefUnsupported
= errSecParam
, // -34013, /* The caller passed in a kSecValuePersistentRef key to a function which does not support it. */
84 errSecReturnMissingPointer
= errSecParam
, // -34014, /* The caller passed asked for something to be returned but did not pass in a result pointer. */
85 errSecMatchLimitUnsupported
= errSecParam
, // -34015, /* The caller passed in a kSecMatchLimit key to a call which does not support limits. */
86 errSecItemIllegalQuery
= errSecParam
, // -34016, /* The caller passed in a query which contained too many keys. */
87 errSecWaitForCallback
= -34017, /* This operation is incomplete, until the callback is invoked (not an error). */
88 errSecUpgradePending
= -34019, /* Error returned if keychain database needs a schema migration but the device is locked, clients should wait for a device unlock notification and retry the command. */
90 errSecMPSignatureInvalid
= -25327, /* Signature invalid on MP message */
91 errSecOTRTooOld
= -25328, /* Message is too old to use */
92 errSecOTRIDTooNew
= -25329, /* Key ID is too new to use! Message from the future? */
93 errSecOTRNotReady
= -25331, /* Can't process packets because the session hasn't finished negotiating */
95 errSecAuthNeeded
= -25330, /* Auth is needed before the requested action can be performed. An array of
96 constraints to be fulfilled is passed inside error.userInfo's 'cons' key. */
98 errSecPeersNotAvailable
= -25336, /* No peers in the circle are available/online. */
99 errSecErrorStringNotAvailable
= -25337, /* Unable to load error string for error */
102 errSecDeviceIDNeeded
= -25332, /* Cannot send IDS messages without having our own IDS ID. */
103 errSecIDSNotRegistered
= -25333, /* IDS is not set up or devices are not registered/available within an IDS account. */
104 errSecFailedToSendIDSMessage
= -25334, /* Failed to send IDS message. */
105 errSecDeviceIDNoMatch
= -25335, /* The provided device ID does not match any device IDs in the ids account. */
106 errSecTimedOut
= -25336, /* Timed out waiting for task */
109 // Guard for CFNetwork
110 #define SECURITY_PROVIDES_INVALIDTRUSTSETTINGS
113 const char *cssmErrorString(CSSM_RETURN error
)
114 __SEC_MAC_ONLY_UNKNOWN
;
117 OSStatus
SecKeychainErrFromOSStatus(OSStatus osStatus
)
118 API_AVAILABLE(macos(10.4), ios(NA
), bridgeos(NA
));
121 * For used when running in root session as a agent/daemon and want to redirect to
122 * a background user session. This call must be called before any Sec calls are done,
123 * so very early in main().
125 * This only apply to MacOS where background session exists.
127 void _SecSetSecuritydTargetUID(uid_t uid
)
128 API_AVAILABLE(macos(10.13.5)) API_UNAVAILABLE(ios
, iosmac
, watchos
, tvos
, bridgeos
);
134 #endif /* !_SECURITY_SECBASEPRIV_H_ */