Security-58286.70.7.tar.gz

[apple/security.git] / OSX / sec / Security / SecPasswordGenerate.h

/*
 * Copyright (c) 2000-2004,2013-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
 @header SecPasswordGenerate
 SecPassword implements logic to use the system facilities for acquiring a password,
 optionally stored and retrieved from the user's keychain.
 */

#ifndef _SECURITY_SECPASSWORDGENERATE_H_
#define _SECURITY_SECPASSWORDGENERATE_H_

#ifdef __cplusplus
extern "C" {
#endif

#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecBase.h>

typedef uint32_t SecPasswordType;
enum {
    kSecPasswordTypeSafari = 0,
    kSecPasswordTypeiCloudRecovery = 1,
    kSecPasswordTypeWifi = 2,
    kSecPasswordTypePIN = 3,
    kSecPasswordTypeiCloudRecoveryKey __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.4) = 4,
} __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

// Keys for external dictionaries with password generation requirements we read from plist.
extern CFStringRef kSecPasswordDefaultForType
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

extern CFStringRef kSecPasswordMinLengthKey
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordMaxLengthKey
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordAllowedCharactersKey
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordRequiredCharactersKey
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

extern CFStringRef kSecPasswordDisallowedCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordCantStartWithChars
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordCantEndWithChars
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
    
extern CFStringRef kSecPasswordContainsNoMoreThanNSpecificCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordContainsAtLeastNSpecificCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordContainsNoMoreThanNConsecutiveIdenticalCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
    
extern CFStringRef kSecPasswordCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordCharacterCount
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
    
extern CFStringRef kSecPasswordGroupSize
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordNumberOfGroups
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordSeparator
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

    
/*
    @function SecPasswordCopyDefaultPasswordLength
    @abstract Returns the default length/number of tuples of a defaultly generated password
    @param type: default password types kSecPasswordTypeSafari, kSecPasswordTypeiCloudRecovery, kSecPasswordTypeWifi, kSecPasswordTypePIN
    @param error: An error code will be returned if an unrecognized password type is passed to the routine.
    @result Dictionary consisting of length of tuple and number of tuples or a NULL if the passed type isn't recognized.
*/
CFDictionaryRef SecPasswordCopyDefaultPasswordLength(SecPasswordType type, CFErrorRef *error)
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

/*
 * Check that password is propery formated (groups, checksum). Make no claim about password quality.
 */
bool
SecPasswordValidatePasswordFormat(SecPasswordType type, CFStringRef password, CFErrorRef *error)
    __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.4) __WATCHOS_AVAILABLE(3.4) __TVOS_AVAILABLE(10.4);

/*
 @function SecPasswordIsPasswordWeak
 @abstract Evalutes the weakness of a passcode. This function can take any type of passcode.  Currently
    the function evaluates passcodes with only ASCII characters
 @param passcode a string of any length and type (4 or 6 digit digit PIN, complex passcode)
 @result True if the password is weak, False if the password is strong.
 */

bool SecPasswordIsPasswordWeak(CFStringRef passcode)
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

/*
@function SecPasswordIsPasswordWeak2
@abstract Evalutes the weakness of a passcode. This function can take any type of passcode.  Currently
the function evaluates passcodes with only ASCII characters
 ***conditions in which a passcode will be evaluated as weak***
 * all repeating characters
 * repeating 2 digits
 * is found in the black list of the top 10 most commonly used passcodes
 * incrementing digits
 * decrementing digits (including 0987)
 * low enough levels of entropy (complex passcodes)
@param passcode a string of any length and type (4 or 6 digit PIN, complex passcode)
@param isSimple is to indicate whether we're evaluating a 4 or 6 digit PIN or a complex passcode
@result True if the password is weak, False if the password is strong.
 */
    
bool SecPasswordIsPasswordWeak2(bool isSimple, CFStringRef passcode)
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
    
/*
 @function SecPasswordGenerate.  Supports generating passwords for Safari, iCloud, Personal
 Hotspot clients.  Will also generate 4 or 6 digit pins.
 @abstract Returns a generated password based on a set of constraints
 @param type: type of password to generate. Pass enum types
 kSecPasswordTypeSafari, kSecPasswordTypeiCloudRecovery, kSecPasswordTypeWifi, or kSecPasswordTypePIN
 @param error: An error code will be returned if an error is encountered.  Check SecBase.h for the list of codes.
 @param passwordRequirements: a dictionary containing a set of password requirements.
 ex: password type 'safari' requires at least: minLength, maxLength, string
 of allowed characters, required characters
 @return NULL or a CFStringRef password

 *Note: This parameters is not required if kSecPasswordTypeiCloudRecovery or kSecPasswordTypePIN is supplied as the type.
 If kSecPasswordTypeSafari or kSecPasswordTypeWifi is supplied, you must include these dictionary key/value pairs:
 kSecPasswordMinLengthKey / CFNumberRef
 kSecPasswordMaxLengthKey / CFNumberRef
 kSecPasswordAllowedCharactersKey / CFStringRef
 kSecPasswordRequiredCharactersKey / CFArrayRef of CFCharacterSetRefs
 
 *Note: *If you would like a custom password type, file a bug in Sec Utilities requesting
 a new type along with generation specifications (ex. should contain one upper case, one lower case etc)
 
 *Note: Be sure to release the returned password when done using it.
 */
CF_RETURNS_RETAINED CFStringRef SecPasswordGenerate(SecPasswordType type, CFErrorRef *error, CFDictionaryRef passwordRequirements)
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
    
CFStringRef SecPasswordCreateWithRandomDigits(int n, CFErrorRef *error)
     __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);

#ifdef __cplusplus
}
#endif

#endif /* !_SECURITY_SECPASSWORDGENERATE_H_ */