+/*!
+ @function SecKeyCreateRandomKey
+ @abstract Generates a new public/private key pair.
+ @param parameters A dictionary containing one or more key-value pairs.
+ See the discussion sections below for a complete overview of options.
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @return Newly generated private key. To get associated public key, use SecKeyCopyPublicKey().
+ @discussion In order to generate a keypair the parameters dictionary must
+ at least contain the following keys:
+
+ * kSecAttrKeyType with a value being kSecAttrKeyTypeRSA or any other
+ kSecAttrKeyType defined in SecItem.h
+ * kSecAttrKeySizeInBits with a value being a CFNumberRef or CFStringRef
+ containing the requested key size in bits. Example sizes for RSA
+ keys are: 512, 768, 1024, 2048.
+
+ The values below may be set either in the top-level dictionary or in a
+ dictionary that is the value of the kSecPrivateKeyAttrs or
+ kSecPublicKeyAttrs key in the top-level dictionary. Setting these
+ attributes explicitly will override the defaults below. See SecItem.h
+ for detailed information on these attributes including the types of
+ the values.
+
+ * kSecAttrLabel default NULL
+ * kSecAttrIsPermanent if this key is present and has a Boolean value of true,
+ the key or key pair will be added to the default keychain.
+ * kSecAttrTokenID if this key should be generated on specified token. This
+ attribute can contain CFStringRef and can be present only in the top-level
+ parameters dictionary.
+ * kSecAttrApplicationTag default NULL
+ * kSecAttrEffectiveKeySize default NULL same as kSecAttrKeySizeInBits
+ * kSecAttrCanEncrypt default false for private keys, true for public keys
+ * kSecAttrCanDecrypt default true for private keys, false for public keys
+ * kSecAttrCanDerive default true
+ * kSecAttrCanSign default true for private keys, false for public keys
+ * kSecAttrCanVerify default false for private keys, true for public keys
+ * kSecAttrCanWrap default false for private keys, true for public keys
+ * kSecAttrCanUnwrap default true for private keys, false for public keys
+ */
+SecKeyRef _Nullable SecKeyCreateRandomKey(CFDictionaryRef parameters, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCreateWithData
+ @abstract Create a SecKey from a well-defined external representation.
+ @param keyData CFData representing the key. The format of the data depends on the type of key being created.
+ @param attributes Dictionary containing attributes describing the key to be imported. The keys in this dictionary
+ are kSecAttr* constants from SecItem.h. Mandatory attributes are:
+ * kSecAttrKeyType
+ * kSecAttrKeyClass
+ * kSecAttrKeySizeInBits
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result A SecKey object representing the key, or NULL on failure.
+ @discussion This function does not add keys to any keychain, but the SecKey object it returns can be added
+ to keychain using the SecItemAdd function.
+ The requested data format depend on the type of key (kSecAttrKeyType) being created:
+ * kSecAttrKeyTypeRSA PKCS#1 format
+ * kSecAttrKeyTypeECSECPrimeRandom SEC1 format (www.secg.org)
+ */
+SecKeyRef _Nullable SecKeyCreateWithData(CFDataRef keyData, CFDictionaryRef attributes, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCopyExternalRepresentation
+ @abstract Create an external representation for the given key suitable for the key's type.
+ @param key The key to be exported.
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result A CFData representing the key in a format suitable for that key type.
+ @discussion This function may fail if the key is not exportable (e.g., bound to a smart card or Secure Enclave).
+ The format in which the key will be exported depends on the type of key:
+ * kSecAttrKeyTypeRSA PKCS#1 format
+ * kSecAttrKeyTypeECSECPrimeRandom SEC1 format (www.secg.org)
+ */
+CFDataRef _Nullable SecKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCopyAttributes
+ @abstract Retrieve keychain attributes of a key.
+ @param key The key whose attributes are to be retrieved.
+ @result Dictionary containing attributes of the key. The keys that populate this dictionary are defined
+ and discussed in SecItem.h.
+ @discussion The attributes provided by this function are:
+ * kSecAttrCanEncrypt
+ * kSecAttrCanDecrypt
+ * kSecAttrCanDerive
+ * kSecAttrCanSign
+ * kSecAttrCanVerify
+ * kSecAttrKeyClass
+ * kSecAttrKeyType
+ * kSecAttrKeySizeInBits
+ * kSecAttrTokenID
+ * kSecAttrApplicationLabel
+ Other values returned in that dictionary are RFU.
+ */
+CFDictionaryRef _Nullable SecKeyCopyAttributes(SecKeyRef key)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCopyPublicKey
+ @abstract Retrieve the public key from a key pair or private key.
+ @param key The key from which to retrieve a public key.
+ @result The public key or NULL if public key is not available for specified key.
+ @discussion Fails if key does not contain a public key or no public key can be computed from it.
+ */
+SecKeyRef _Nullable SecKeyCopyPublicKey(SecKeyRef key)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @enum SecKeyAlgorithm
+ @abstract Available algorithms for performing cryptographic operations with SecKey object. String representation
+ of constant can be used for logging or debugging purposes, because they contain human readable names of the algorithm.
+
+ @constant kSecKeyAlgorithmRSASignatureRaw
+ Raw RSA sign/verify operation, size of input data must be the same as value returned by SecKeyGetBlockSize().
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw
+ RSA sign/verify operation, assumes that input data is digest and OID and digest algorithm as specified in PKCS# v1.5.
+ This algorithm is typically not used directly, instead use algorithm with specified digest, like
+ kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1
+ RSA signature with PKCS#1 padding, input data must be SHA-1 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224
+ RSA signature with PKCS#1 padding, input data must be SHA-224 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256
+ RSA signature with PKCS#1 padding, input data must be SHA-256 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384
+ RSA signature with PKCS#1 padding, input data must be SHA-384 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512
+ RSA signature with PKCS#1 padding, input data must be SHA-512 generated digest.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1
+ RSA signature with PKCS#1 padding, SHA-1 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224
+ RSA signature with PKCS#1 padding, SHA-224 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256
+ RSA signature with PKCS#1 padding, SHA-256 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384
+ RSA signature with PKCS#1 padding, SHA-384 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512
+ RSA signature with PKCS#1 padding, SHA-512 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureRFC4754
+ ECDSA algorithm, signature is concatenated r and s, big endian, data is message digest.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA1 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA224 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA256 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA384 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA512 algorithm.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA1
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-1 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA224
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-224 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA256
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-256 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA384
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-384 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA512
+ ECDSA algorithm, signature is in DER x9.62 encoding, SHA-512 digest is generated from input data of any size.
+
+ @constant kSecKeyAlgorithmRSAEncryptionRaw
+ Raw RSA encryption or decryption, size of data must match RSA key modulus size. Note that direct
+ use of this algorithm without padding is cryptographically very weak, it is important to always introduce
+ some kind of padding. Input data size must be less or equal to the key block size and returned block has always
+ the same size as block size, as returned by SecKeyGetBlockSize().
+
+ @constant kSecKeyAlgorithmRSAEncryptionPKCS1
+ RSA encryption or decryption, data is padded using PKCS#1 padding scheme. This algorithm should be used only for
+ backward compatibility with existing protocols and data. New implementations should choose cryptographically
+ stronger algorithm instead (see kSecKeyAlgorithmRSAEncryptionOAEP). Input data must be at most
+ "key block size - 11" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize().
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA1. Input data must be at most
+ "key block size - 42" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA224. Input data must be at most
+ "key block size - 58" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA256. Input data must be at most
+ "key block size - 66" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA384. Input data must be at most
+ "key block size - 98" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512
+ RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA512. Input data must be at most
+ "key block size - 130" bytes long and returned block has always the same size as block size, as returned
+ by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM to be able to encrypt and decrypt arbitrary long data.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM
+ Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM
+ mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext.
+ 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used
+ as authentication data for AES-GCM encryption.
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM
+ ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted.
+ Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size
+ is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,
+ and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and
+ all-zero 16 byte long IV (initialization vector).
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactor
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys.
+ This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512
+ Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandard
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys.
+ This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+
+ @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512
+ Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys
+ and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows
+ kSecKeyKeyExchangeParameterSharedInfo parameters to be used.
+ */
+
+typedef CFStringRef SecKeyAlgorithm CF_STRING_ENUM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCreateSignature
+ @abstract Given a private key and data to sign, generate a digital signature.
+ @param key Private key with which to sign.
+ @param algorithm One of SecKeyAlgorithm constants suitable to generate signature with this key.
+ @param dataToSign The data to be signed, typically the digest of the actual data.
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result The signature over dataToSign represented as a CFData, or NULL on failure.
+ @discussion Computes digital signature using specified key over input data. The operation algorithm
+ further defines the exact format of input data, operation to be performed and output signature.
+ */
+CFDataRef _Nullable SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef dataToSign, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyVerifySignature
+ @abstract Given a public key, data which has been signed, and a signature, verify the signature.
+ @param key Public key with which to verify the signature.
+ @param algorithm One of SecKeyAlgorithm constants suitable to verify signature with this key.
+ @param signedData The data over which sig is being verified, typically the digest of the actual data.
+ @param signature The signature to verify.
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result True if the signature was valid, False otherwise.
+ @discussion Verifies digital signature operation using specified key and signed data. The operation algorithm
+ further defines the exact format of input data, signature and operation to be performed.
+ */
+Boolean SecKeyVerifySignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef signedData, CFDataRef signature, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCreateEncryptedData
+ @abstract Encrypt a block of plaintext.
+ @param key Public key with which to encrypt the data.
+ @param algorithm One of SecKeyAlgorithm constants suitable to perform encryption with this key.
+ @param plaintext The data to encrypt. The length and format of the data must conform to chosen algorithm,
+ typically be less or equal to the value returned by SecKeyGetBlockSize().
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result The ciphertext represented as a CFData, or NULL on failure.
+ @discussion Encrypts plaintext data using specified key. The exact type of the operation including the format
+ of input and output data is specified by encryption algorithm.
+ */
+CFDataRef _Nullable SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext,
+ CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCreateDecryptedData
+ @abstract Decrypt a block of ciphertext.
+ @param key Private key with which to decrypt the data.
+ @param algorithm One of SecKeyAlgorithm constants suitable to perform decryption with this key.
+ @param ciphertext The data to decrypt. The length and format of the data must conform to chosen algorithm,
+ typically be less or equal to the value returned by SecKeyGetBlockSize().
+ @param error On error, will be populated with an error object describing the failure.
+ See "Security Error Codes" (SecBase.h).
+ @result The plaintext represented as a CFData, or NULL on failure.
+ @discussion Decrypts ciphertext data using specified key. The exact type of the operation including the format
+ of input and output data is specified by decryption algorithm.
+ */
+CFDataRef _Nullable SecKeyCreateDecryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef ciphertext,
+ CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @enum SecKeyKeyExchangeParameter SecKey Key Exchange parameters
+ @constant kSecKeyKeyExchangeParameterRequestedSize Contains CFNumberRef with requested result size in bytes.
+ @constant kSecKeyKeyExchangeParameterSharedInfo Contains CFDataRef with additional shared info
+ for KDF (key derivation function).
+ */
+typedef CFStringRef SecKeyKeyExchangeParameter CF_STRING_ENUM
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyCopyKeyExchangeResult
+ @abstract Perform Diffie-Hellman style of key exchange operation, optionally with additional key-derivation steps.
+ @param algorithm One of SecKeyAlgorithm constants suitable to perform this operation.
+ @param publicKey Remote party's public key.
+ @param parameters Dictionary with parameters, see SecKeyKeyExchangeParameter constants. Used algorithm
+ determines the set of required and optional parameters to be used.
+ @param error Pointer to an error object on failure.
+ See "Security Error Codes" (SecBase.h).
+ @result Result of key exchange operation as a CFDataRef, or NULL on failure.
+ */
+CFDataRef _Nullable SecKeyCopyKeyExchangeResult(SecKeyRef privateKey, SecKeyAlgorithm algorithm, SecKeyRef publicKey, CFDictionaryRef parameters, CFErrorRef *error)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @enum SecKeyOperationType
+ @abstract Defines types of cryptographic operations available with SecKey instance.
+
+ @constant kSecKeyOperationTypeSign
+ Represents SecKeyCreateSignature()
+
+ @constant kSecKeyOperationTypeVerify
+ Represents SecKeyVerifySignature()
+
+ @constant kSecKeyOperationTypeEncrypt
+ Represents SecKeyCreateEncryptedData()
+
+ @constant kSecKeyOperationTypeDecrypt
+ Represents SecKeyCreateDecryptedData()
+
+ @constant kSecKeyOperationTypeKeyExchange
+ Represents SecKeyCopyKeyExchangeResult()
+ */
+typedef CF_ENUM(CFIndex, SecKeyOperationType) {
+ kSecKeyOperationTypeSign = 0,
+ kSecKeyOperationTypeVerify = 1,
+ kSecKeyOperationTypeEncrypt = 2,
+ kSecKeyOperationTypeDecrypt = 3,
+ kSecKeyOperationTypeKeyExchange = 4,
+} __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
+/*!
+ @function SecKeyIsAlgorithmSupported
+ @abstract Checks whether key supports specified algorithm for specified operation.
+ @param key Key to query
+ @param operation Operation type for which the key is queried
+ @param algorithm Algorithm which is queried
+ @return True if key supports specified algorithm for specified operation, False otherwise.
+ */
+Boolean SecKeyIsAlgorithmSupported(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm)
+__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+
projects / apple / security.git / blobdiff