#include <Security/cssmtype.h>
#include <CoreFoundation/CFBase.h>
#include <CoreFoundation/CFDictionary.h>
+#include <CoreFoundation/CFSet.h>
#include <sys/types.h>
#if defined(__cplusplus)
@discussion This API is deprecated for 10.7. Please use the SecKeyGeneratePair API instead.
*/
OSStatus SecKeyCreatePair(
- SecKeychainRef __nullable keychainRef,
+ SecKeychainRef _Nullable keychainRef,
CSSM_ALGORITHMS algorithm,
uint32 keySizeInBits,
CSSM_CC_HANDLE contextHandle,
uint32 publicKeyAttr,
CSSM_KEYUSE privateKeyUsage,
uint32 privateKeyAttr,
- SecAccessRef __nullable initialAccess,
- SecKeyRef* __nullable CF_RETURNS_RETAINED publicKey,
- SecKeyRef* __nullable CF_RETURNS_RETAINED privateKey)
+ SecAccessRef _Nullable initialAccess,
+ SecKeyRef* _Nullable CF_RETURNS_RETAINED publicKey,
+ SecKeyRef* _Nullable CF_RETURNS_RETAINED privateKey)
DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*!
@discussion This API is deprecated for 10.7. Please use the SecKeyGenerateSymmetric API instead.
*/
OSStatus SecKeyGenerate(
- SecKeychainRef __nullable keychainRef,
+ SecKeychainRef _Nullable keychainRef,
CSSM_ALGORITHMS algorithm,
uint32 keySizeInBits,
CSSM_CC_HANDLE contextHandle,
CSSM_KEYUSE keyUsage,
uint32 keyAttr,
- SecAccessRef __nullable initialAccess,
- SecKeyRef* __nullable CF_RETURNS_RETAINED keyRef)
+ SecAccessRef _Nullable initialAccess,
+ SecKeyRef* _Nullable CF_RETURNS_RETAINED keyRef)
DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*!
@result A result code. See "Security Error Codes" (SecBase.h).
@discussion The CSSM_KEY is valid until the key item reference is released. This API is deprecated in 10.7. Its use should no longer be needed.
*/
-OSStatus SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY * __nullable * __nonnull cssmKey)
+OSStatus SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY * _Nullable * __nonnull cssmKey)
DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;;
/*!
SecKeyRef keyRef,
CSSM_ACL_AUTHORIZATION_TAG operation,
SecCredentialType credentialType,
- const CSSM_ACCESS_CREDENTIALS * __nullable * __nonnull outCredentials)
+ const CSSM_ACCESS_CREDENTIALS * _Nullable * __nonnull outCredentials)
DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*!
* kSecAttrLabel (a user-visible label whose value is a CFStringRef,
e.g. "My App's Encryption Key")
* kSecAttrApplicationLabel (a label defined by your application, whose
- value is a CFStringRef and which can be used to find this key in a
+ value is a CFDataRef and which can be used to find this key in a
subsequent call to SecItemCopyMatching, e.g. "ID-1234567890-9876-0151")
To specify the generated key's access control settings, set this key:
* kSecAttrCanUnwrap (defaults to true if not explicitly specified)
*/
-__nullable
+_Nullable
SecKeyRef SecKeyGenerateSymmetric(CFDictionaryRef parameters, CFErrorRef *error)
__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
* kSecAttrCanUnwrap (defaults to true if not explicitly specified)
*/
-__nullable
+_Nullable
SecKeyRef SecKeyCreateFromData(CFDictionaryRef parameters,
CFDataRef keyData, CFErrorRef *error)
__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
*/
OSStatus SecKeyGeneratePair(CFDictionaryRef parameters,
- SecKeyRef * __nullable CF_RETURNS_RETAINED publicKey, SecKeyRef * __nullable CF_RETURNS_RETAINED privateKey)
+ SecKeyRef * _Nullable CF_RETURNS_RETAINED publicKey, SecKeyRef * _Nullable CF_RETURNS_RETAINED privateKey)
__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
/*!
@param parameters A dictionary containing one or more key-value pairs.
@param deliveryQueue A dispatch queue to be used to deliver the results.
@param result A callback function to result when the operation has completed.
- @result On success the function returns NULL.
@discussion In order to generate a keypair the parameters dictionary must
at least contain the following keys:
error parameter contains the reason.
*/
-__nullable
+_Nullable CF_RETURNS_RETAINED
SecKeyRef SecKeyDeriveFromPassword(CFStringRef password,
CFDictionaryRef parameters, CFErrorRef *error)
__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
* kSecSalt - a CFData for the salt value for the encrypt.
*/
-__nullable
+_Nullable
CFDataRef SecKeyWrapSymmetric(SecKeyRef keyToWrap,
SecKeyRef wrappingKey, CFDictionaryRef parameters, CFErrorRef *error)
__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
* kSecSalt - a CFData for the salt value for the decrypt.
*/
-__nullable
-SecKeyRef SecKeyUnwrapSymmetric(CFDataRef __nullable * __nonnull keyToUnwrap,
+_Nullable
+SecKeyRef SecKeyUnwrapSymmetric(CFDataRef _Nullable * __nonnull keyToUnwrap,
SecKeyRef unwrappingKey, CFDictionaryRef parameters, CFErrorRef *error)
__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+/*!
+ @function SecKeyCreateRandomKey
+ @abstract Generates a new public/private key pair.
+ @param parameters A dictionary containing one or more key-value pairs.
+ See the discussion sections below for a complete overview of options.
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @return Newly generated private key. To get associated public key, use SecKeyCopyPublicKey().
+ @discussion In order to generate a keypair the parameters dictionary must
+ at least contain the following keys:
+
+ * kSecAttrKeyType with a value being kSecAttrKeyTypeRSA or any other
+ kSecAttrKeyType defined in SecItem.h
+ * kSecAttrKeySizeInBits with a value being a CFNumberRef or CFStringRef
+ containing the requested key size in bits. Example sizes for RSA
+ keys are: 512, 768, 1024, 2048.
+
+ The values below may be set either in the top-level dictionary or in a
+ dictionary that is the value of the kSecPrivateKeyAttrs or
+ kSecPublicKeyAttrs key in the top-level dictionary. Setting these
+ attributes explicitly will override the defaults below. See SecItem.h
+ for detailed information on these attributes including the types of
+ the values.
+
+ * kSecAttrLabel default NULL
+ * kSecAttrIsPermanent if this key is present and has a Boolean value of true,
+ the key or key pair will be added to the default keychain.
+ * kSecAttrTokenID if this key should be generated on specified token. This
+ attribute can contain CFStringRef and can be present only in the top-level
+ parameters dictionary.
+ * kSecAttrApplicationTag default NULL
+ * kSecAttrEffectiveKeySize default NULL same as kSecAttrKeySizeInBits
+ * kSecAttrCanEncrypt default false for private keys, true for public keys
+ * kSecAttrCanDecrypt default true for private keys, false for public keys
+ * kSecAttrCanDerive default true
+ * kSecAttrCanSign default true for private keys, false for public keys
+ * kSecAttrCanVerify default false for private keys, true for public keys
+ * kSecAttrCanWrap default false for private keys, true for public keys
+ * kSecAttrCanUnwrap default true for private keys, false for public keys
+ */
+SecKeyRef _Nullable SecKeyCreateRandomKey(CFDictionaryRef parameters, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCreateWithData
+ @abstract Create a SecKey from a well-defined external representation.
+ @param keyData CFData representing the key. The format of the data depends on the type of key being created.
+ @param attributes Dictionary containing attributes describing the key to be imported. The keys in this dictionary
+ are kSecAttr* constants from SecItem.h. Mandatory attributes are:
+ * kSecAttrKeyType
+ * kSecAttrKeyClass
+ * kSecAttrKeySizeInBits
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result A SecKey object representing the key, or NULL on failure.
+ @discussion This function does not add keys to any keychain, but the SecKey object it returns can be added
+ to keychain using the SecItemAdd function.
+ The requested data format depend on the type of key (kSecAttrKeyType) being created:
+ * kSecAttrKeyTypeRSA PKCS#1 format
+ * kSecAttrKeyTypeECSECPrimeRandom SEC1 format (www.secg.org)
+ */
+SecKeyRef _Nullable SecKeyCreateWithData(CFDataRef keyData, CFDictionaryRef attributes, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCopyExternalRepresentation
+ @abstract Create an external representation for the given key suitable for the key's type.
+ @param key The key to be exported.
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result A CFData representing the key in a format suitable for that key type.
+ @discussion This function may fail if the key is not exportable (e.g., bound to a smart card or Secure Enclave).
+ The format in which the key will be exported depends on the type of key:
+ * kSecAttrKeyTypeRSA PKCS#1 format
+ * kSecAttrKeyTypeECSECPrimeRandom SEC1 format (www.secg.org)
+ */
+CFDataRef _Nullable SecKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCopyAttributes
+ @abstract Retrieve keychain attributes of a key.
+ @param key The key whose attributes are to be retrieved.
+ @result Dictionary containing attributes of the key. The keys that populate this dictionary are defined
+ and discussed in SecItem.h.
+ @discussion The attributes provided by this function are:
+ * kSecAttrCanEncrypt
+ * kSecAttrCanDecrypt
+ * kSecAttrCanDerive
+ * kSecAttrCanSign
+ * kSecAttrCanVerify
+ * kSecAttrKeyClass
+ * kSecAttrKeyType
+ * kSecAttrKeySizeInBits
+ * kSecAttrTokenID
+ * kSecAttrApplicationLabel
+ Other values returned in that dictionary are RFU.
+ */
+CFDictionaryRef _Nullable SecKeyCopyAttributes(SecKeyRef key)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCopyPublicKey
+ @abstract Retrieve the public key from a key pair or private key.
+ @param key The key from which to retrieve a public key.
+ @result The public key or NULL if public key is not available for specified key.
+ @discussion Fails if key does not contain a public key or no public key can be computed from it.
+ */
+SecKeyRef _Nullable SecKeyCopyPublicKey(SecKeyRef key)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @enum SecKeyAlgorithm
+ @abstract Available algorithms for performing cryptographic operations with SecKey object. String representation
+ of constant can be used for logging or debugging purposes, because they contain human readable names of the algorithm.
+
+ @constant kSecKeyAlgorithmRSASignatureRaw
+ Raw RSA sign/verify operation, size of input data must be the same as value returned by SecKeyGetBlockSize().
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw
+ RSA sign/verify operation, assumes that input data is digest and OID and digest algorithm as specified in PKCS# v1.5.
+ This algorithm is typically not used directly, instead use algorithm with specified digest, like
+ kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1
+ RSA signature with PKCS#1 padding, input data must be SHA-1 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224
+ RSA signature with PKCS#1 padding, input data must be SHA-224 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256
+ RSA signature with PKCS#1 padding, input data must be SHA-256 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384
+ RSA signature with PKCS#1 padding, input data must be SHA-384 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512
+ RSA signature with PKCS#1 padding, input data must be SHA-512 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1
+ RSA signature with PKCS#1 padding, SHA-1 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224
+ RSA signature with PKCS#1 padding, SHA-224 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256
+ RSA signature with PKCS#1 padding, SHA-256 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384
+ RSA signature with PKCS#1 padding, SHA-384 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512
+ RSA signature with PKCS#1 padding, SHA-512 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureRFC4754
+ ECDSA algorithm, signature is concatenated r and s, big endian, data is message digest.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA1 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA224 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA256 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA384 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA512 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-1 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA224
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-224 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA256
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-256 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA384
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-384 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA512
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-512 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSAEncryptionRaw
+ Raw RSA encryption or decryption, size of data must match RSA key modulus size. Note that direct
+ use of this algorithm without padding is cryptographically very weak, it is important to always introduce
+ some kind of padding. Input data size must be less or equal to the key block size and returned block has always
+ the same size as block size, as returned by SecKeyGetBlockSize().
+
+ @constant kSecKeyAlgorithmRSAEncryptionPKCS1
+ RSA encryption or decryption, data is padded using PKCS#1 padding scheme. This algorithm should be used only for
+ backward compatibility with existing protocols and data. New implementations should choose cryptographically
+ stronger algorithm instead (see kSecKeyAlgorithmRSAEncryptionOAEP). Input data must be at most
+ "key block size - 11" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize().
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA1. Input data must be at most
+ "key block size - 42" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA224. Input data must be at most
+ "key block size - 58" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA256. Input data must be at most
+ "key block size - 66" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA384. Input data must be at most
+ "key block size - 98" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA512. Input data must be at most
+ "key block size - 130" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactor
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys.
+ This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandard
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys.
+ This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+ */
+
+typedef CFStringRef SecKeyAlgorithm CF_STRING_ENUM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCreateSignature
+ @abstract Given a private key and data to sign, generate a digital signature.
+ @param key Private key with which to sign.
+ @param algorithm One of SecKeyAlgorithm constants suitable to generate signature with this key.
+ @param dataToSign The data to be signed, typically the digest of the actual data.
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result The signature over dataToSign represented as a CFData, or NULL on failure.
+ @discussion Computes digital signature using specified key over input data. The operation algorithm
+ further defines the exact format of input data, operation to be performed and output signature.
+ */
+CFDataRef _Nullable SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef dataToSign, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyVerifySignature
+ @abstract Given a public key, data which has been signed, and a signature, verify the signature.
+ @param key Public key with which to verify the signature.
+ @param algorithm One of SecKeyAlgorithm constants suitable to verify signature with this key.
+ @param signedData The data over which sig is being verified, typically the digest of the actual data.
+ @param signature The signature to verify.
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result True if the signature was valid, False otherwise.
+ @discussion Verifies digital signature operation using specified key and signed data. The operation algorithm
+ further defines the exact format of input data, signature and operation to be performed.
+ */
+Boolean SecKeyVerifySignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef signedData, CFDataRef signature, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCreateEncryptedData
+ @abstract Encrypt a block of plaintext.
+ @param key Public key with which to encrypt the data.
+ @param algorithm One of SecKeyAlgorithm constants suitable to perform encryption with this key.
+ @param plaintext The data to encrypt. The length and format of the data must conform to chosen algorithm,
+ typically be less or equal to the value returned by SecKeyGetBlockSize().
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result The ciphertext represented as a CFData, or NULL on failure.
+ @discussion Encrypts plaintext data using specified key. The exact type of the operation including the format
+ of input and output data is specified by encryption algorithm.
+ */
+CFDataRef _Nullable SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext,
+ CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCreateDecryptedData
+ @abstract Decrypt a block of ciphertext.
+ @param key Private key with which to decrypt the data.
+ @param algorithm One of SecKeyAlgorithm constants suitable to perform decryption with this key.
+ @param ciphertext The data to decrypt. The length and format of the data must conform to chosen algorithm,
+ typically be less or equal to the value returned by SecKeyGetBlockSize().
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result The plaintext represented as a CFData, or NULL on failure.
+ @discussion Decrypts ciphertext data using specified key. The exact type of the operation including the format
+ of input and output data is specified by decryption algorithm.
+ */
+CFDataRef _Nullable SecKeyCreateDecryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef ciphertext,
+ CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @enum SecKeyKeyExchangeParameter SecKey Key Exchange parameters
+ @constant kSecKeyKeyExchangeParameterRequestedSize Contains CFNumberRef with requested result size in bytes.
+ @constant kSecKeyKeyExchangeParameterSharedInfo Contains CFDataRef with additional shared info
+ for KDF (key derivation function).
+ */
+typedef CFStringRef SecKeyKeyExchangeParameter CF_STRING_ENUM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCopyKeyExchangeResult
+ @abstract Perform Diffie-Hellman style of key exchange operation, optionally with additional key-derivation steps.
+ @param algorithm One of SecKeyAlgorithm constants suitable to perform this operation.
+ @param publicKey Remote party's public key.
+ @param parameters Dictionary with parameters, see SecKeyKeyExchangeParameter constants. Used algorithm
+ determines the set of required and optional parameters to be used.
+ @param error Pointer to an error object on failure.
+ See "Security Error Codes" (SecBase.h).
+ @result Result of key exchange operation as a CFDataRef, or NULL on failure.
+ */
+CFDataRef _Nullable SecKeyCopyKeyExchangeResult(SecKeyRef privateKey, SecKeyAlgorithm algorithm, SecKeyRef publicKey, CFDictionaryRef parameters, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @enum SecKeyOperationType
+ @abstract Defines types of cryptographic operations available with SecKey instance.
+
+ @constant kSecKeyOperationTypeSign
+ Represents SecKeyCreateSignature()
+
+ @constant kSecKeyOperationTypeVerify
+ Represents SecKeyVerifySignature()
+
+ @constant kSecKeyOperationTypeEncrypt
+ Represents SecKeyCreateEncryptedData()
+
+ @constant kSecKeyOperationTypeDecrypt
+ Represents SecKeyCreateDecryptedData()
+
+ @constant kSecKeyOperationTypeKeyExchange
+ Represents SecKeyCopyKeyExchangeResult()
+ */
+typedef CF_ENUM(CFIndex, SecKeyOperationType) {
+ kSecKeyOperationTypeSign = 0,
+ kSecKeyOperationTypeVerify = 1,
+ kSecKeyOperationTypeEncrypt = 2,
+ kSecKeyOperationTypeDecrypt = 3,
+ kSecKeyOperationTypeKeyExchange = 4,
+} __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyIsAlgorithmSupported
+ @abstract Checks whether key supports specified algorithm for specified operation.
+ @param key Key to query
+ @param operation Operation type for which the key is queried
+ @param algorithm Algorithm which is queried
+ @return True if key supports specified algorithm for specified operation, False otherwise.
+ */
+Boolean SecKeyIsAlgorithmSupported(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
CF_IMPLICIT_BRIDGING_DISABLED
CF_ASSUME_NONNULL_END
projects / apple / security.git / blobdiff