]> git.saurik.com Git - apple/security.git/blob - Keychain/SecKeyPriv.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-179.tar.gz
[apple/security.git] / Keychain / SecKeyPriv.h
1 /*
2 * SecKeyPriv.h
3 * Security
4 *
5 * Created by Michael Brouwer on Fri Nov 08 2002.
6 * Copyright (c) 2002 __MyCompanyName__. All rights reserved.
7 *
8 */
9
10 /*
11 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
12 *
13 * The contents of this file constitute Original Code as defined in and are
14 * subject to the Apple Public Source License Version 1.2 (the 'License').
15 * You may not use this file except in compliance with the License. Please obtain
16 * a copy of the License at http://www.apple.com/publicsource and read it before
17 * using this file.
18 *
19 * This Original Code and all software distributed under the License are
20 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
21 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
22 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
23 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
24 * specific language governing rights and limitations under the License.
25 */
26
27 /*!
28 @header SecKeyPriv
29 The functions provided in SecKeyPriv implement a particular type of SecKeychainItem which represents a key. SecKeys might be stored in a SecKeychain, but can also be used as transient object representing keys.
30
31 Most SecKeychainItem* functions will work on an SecKeyRef.
32 */
33
34 #ifndef _SECURITY_SECKEYPRIV_H_
35 #define _SECURITY_SECKEYPRIV_H_
36
37 #include <Security/SecKey.h>
38
39
40 #if defined(__cplusplus)
41 extern "C" {
42 #endif
43
44 /*!
45 @typedef SecCredentialType
46 @abstract Determines the type of credential returned by SecKeyGetCredentials.
47 */
48 typedef uint32 SecCredentialType;
49
50 /*!
51 @enum SecCredentialType
52 @abstract Determines the type of credential returned by SecKeyGetCredentials.
53 @constant kSecCredentialTypeWithUI will cause UI to happen if needed.
54 @constant kSecCredentialTypeNoUI will fail if UI would of been required.
55 @constant kSecCredentialTypeDefault will choose to do UI when other SecKeychain calls currently do.
56 */
57 enum
58 {
59 kSecCredentialTypeDefault = 0,
60 kSecCredentialTypeWithUI,
61 kSecCredentialTypeNoUI
62 };
63
64
65 /*!
66 @function SecKeyGetCSPHandle
67 @abstract Returns the CSSM_CSP_HANDLE attachment for the given key reference. The handle is valid until the key reference is released.
68 @param keyRef A key reference.
69 @param cspHandle On return, a pointer to the CSSM_CSP_HANDLE for the given keychain.
70 @result A result code. See "Security Error Codes" (SecBase.h).
71 */
72 OSStatus
73 SecKeyGetCSPHandle(SecKeyRef keyRef, CSSM_CSP_HANDLE *cspHandle);
74
75 OSStatus
76 SecKeyGetAlgorithmID(SecKeyRef key, const CSSM_X509_ALGORITHM_IDENTIFIER **algid);
77
78 OSStatus
79 SecKeyGetStrengthInBits(SecKeyRef key, const CSSM_X509_ALGORITHM_IDENTIFIER *algid, unsigned int *strength);
80
81
82 /*!
83 @function SecKeyGetCredentials
84 @abstract For a given key return a const CSSM_ACCESS_CREDENTIALS * which will allow the key to be used.
85 @param keyRef The key for which a credential is requested.
86 @param operation the type of operation which is going to be perform on this key. Examples are: CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED.
87 @param credentialType The type of credential requested.
88 @param outCredentials Output a pointer to a const CSSM_ACCESS_CREDENTIALS * is returned here which remains valid at least as long as the keyRef itself remains valid, which can be used in CDSA calls.
89 @result A result code. See "Security Error Codes" (SecBase.h).
90 */
91 OSStatus SecKeyGetCredentials(
92 SecKeyRef keyRef,
93 CSSM_ACL_AUTHORIZATION_TAG operation,
94 SecCredentialType credentialType,
95 const CSSM_ACCESS_CREDENTIALS **outCredentials);
96
97 /*!
98 @function SecKeyImportPair
99 @abstract Takes an asymmetric key pair and stores it in the keychain specified by the keychain parameter.
100 @param keychainRef A reference to the keychain in which to store the private and public key items. Specify NULL for the default keychain.
101 @param publicCssmKey A CSSM_KEY which is valid for the CSP returned by SecKeychainGetCSPHandle(). This may be a normal key or reference key.
102 @param privateCssmKey A CSSM_KEY which is valid for the CSP returned by SecKeychainGetCSPHandle(). This may be a normal key or reference key.
103 @param initialAccess A SecAccess object that determines the initial access rights to the private key. The public key is given an any/any acl by default.
104 @param publicKey Optional output pointer to the keychain item reference of the imported public key. The caller must call CFRelease on this value if it is returned.
105 @param privateKey Optional output pointer to the keychain item reference of the imported private key. The caller must call CFRelease on this value if it is returned.
106 @result A result code. See "Security Error Codes" (SecBase.h).
107 */
108 OSStatus SecKeyImportPair(
109 SecKeychainRef keychainRef,
110 const CSSM_KEY *publicCssmKey,
111 const CSSM_KEY *privateCssmKey,
112 SecAccessRef initialAccess,
113 SecKeyRef* publicKey,
114 SecKeyRef* privateKey);
115
116 /*!
117 @function SecKeyGenerate
118 @abstract Generate a symmetric key and optionally stores it in the keychain specified by the keychainRef parameter.
119 @param keychainRef(optional) A reference to the keychain in which to store the private and public key items. Specify NULL to generate a transient key.
120 @param algorithm An algorithm for the key pair. This parameter is ignored if contextHandle is non 0.
121 @param keySizeInBits A key size for the key pair. This parameter is ignored if contextHandle is non 0.
122 @param contextHandle(optional) An optional CSSM_CC_HANDLE or 0. If this argument is not 0 the algorithm and keySizeInBits parameters are ignored. If extra parameters are needed to generate a key (some algortihms require this) you should create a context using CSSM_CSP_CreateKeyGenContext(), using the CSPHandle obtained by calling SecKeychainGetCSPHandle(). Then use CSSM_UpdateContextAttributes() to add additional parameters and dispose of the context using CSSM_DeleteContext after calling this function.
123 @param keyUsage A bit mask indicating all permitted uses for the new key. The bit mask values are defined in cssmtype.h
124 @param keyAttr A bit mask defining attribute values for the new key. The bit mask values are equivalent to a CSSM_KEYATTR_FLAGS and are defined in cssmtype.h
125 @param initialAccess(optional) A SecAccess object that determines the initial access rights to the key. This parameter is ignored if the keychainRef is NULL.
126 @param key Output pointer to the keychain item reference of the geerated key. Use the SecKeyGetCSSMKey function to obtain the CSSM_KEY. The caller must call CFRelease on this value if it is returned.
127 @result A result code. See "Security Error Codes" (SecBase.h).
128 */
129 OSStatus SecKeyGenerate(
130 SecKeychainRef keychainRef,
131 CSSM_ALGORITHMS algorithm,
132 uint32 keySizeInBits,
133 CSSM_CC_HANDLE contextHandle,
134 CSSM_KEYUSE keyUsage,
135 uint32 keyAttr,
136 SecAccessRef initialAccess,
137 SecKeyRef* keyRef);
138
139 OSStatus SecKeyCreate(const CSSM_KEY *key,
140 SecKeyRef* keyRef);
141
142
143 #if defined(__cplusplus)
144 }
145 #endif
146
147 #endif /* !_SECURITY_SECKEYPRIV_H_ */
148
mirror of Security