X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_keychain/lib/SecItem.h diff --git a/Security/libsecurity_keychain/lib/SecItem.h b/Security/libsecurity_keychain/lib/SecItem.h new file mode 100644 index 00000000..76a774dd --- /dev/null +++ b/Security/libsecurity_keychain/lib/SecItem.h @@ -0,0 +1,1113 @@ +/* + * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/*! + @header SecItem + SecItem defines CoreFoundation-based constants and functions for + access to Security items (certificates, keys, identities, and + passwords.) +*/ + +#ifndef _SECURITY_SECITEM_H_ +#define _SECURITY_SECITEM_H_ + +#include +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @enum Class Key Constant + @discussion Predefined key constant used to get or set item class values in + a dictionary. Its value is one of the constants defined in the Value + Constants for kSecClass. + @constant kSecClass Specifies a dictionary key whose value is the item's + class code. You use this key to get or set a value of type CFTypeRef + that contains the item class code. +*/ +extern const CFTypeRef kSecClass + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @enum Class Value Constants + @discussion Predefined item class constants used to get or set values in + a dictionary. The kSecClass constant is the key and its value is one + of the constants defined here. Note: on Mac OS X 10.6, only items + of class kSecClassInternetPassword are supported. + @constant kSecClassInternetPassword Specifies Internet password items. + @constant kSecClassGenericPassword Specifies generic password items. + @constant kSecClassCertificate Specifies certificate items. + @constant kSecClassKey Specifies key items. + @constant kSecClassIdentity Specifies identity items. +*/ +extern const CFTypeRef kSecClassInternetPassword + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecClassGenericPassword + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); +extern const CFTypeRef kSecClassCertificate + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); +extern const CFTypeRef kSecClassKey + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); +extern const CFTypeRef kSecClassIdentity + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); + +/*! + @enum Attribute Key Constants + @discussion Predefined item attribute keys used to get or set values in a + dictionary. Not all attributes apply to each item class. The table + below lists the currently defined attributes for each item class: + + kSecClassGenericPassword item attributes: + kSecAttrAccess (OS X only) + kSecAttrAccessControl + kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable specified) + kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable specified) + kSecAttrCreationDate + kSecAttrModificationDate + kSecAttrDescription + kSecAttrComment + kSecAttrCreator + kSecAttrType + kSecAttrLabel + kSecAttrIsInvisible + kSecAttrIsNegative + kSecAttrAccount + kSecAttrService + kSecAttrGeneric + + kSecClassInternetPassword item attributes: + kSecAttrAccess (OS X only) + kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable specified) + kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable specified) + kSecAttrCreationDate + kSecAttrModificationDate + kSecAttrDescription + kSecAttrComment + kSecAttrCreator + kSecAttrType + kSecAttrLabel + kSecAttrIsInvisible + kSecAttrIsNegative + kSecAttrAccount + kSecAttrSecurityDomain + kSecAttrServer + kSecAttrProtocol + kSecAttrAuthenticationType + kSecAttrPort + kSecAttrPath + + kSecClassCertificate item attributes: + kSecAttrCertificateType + kSecAttrCertificateEncoding + kSecAttrLabel + kSecAttrSubject + kSecAttrIssuer + kSecAttrSerialNumber + kSecAttrSubjectKeyID + kSecAttrPublicKeyHash + + kSecClassKey item attributes: + kSecAttrAccess (OS X only) + kSecAttrAccessGroup (iOS only) + kSecAttrAccessible (iOS only) + kSecAttrKeyClass + kSecAttrLabel + kSecAttrApplicationLabel + kSecAttrIsPermanent + kSecAttrApplicationTag + kSecAttrKeyType + kSecAttrPRF + kSecAttrSalt + kSecAttrRounds + kSecAttrKeySizeInBits + kSecAttrEffectiveKeySize + kSecAttrCanEncrypt + kSecAttrCanDecrypt + kSecAttrCanDerive + kSecAttrCanSign + kSecAttrCanVerify + kSecAttrCanWrap + kSecAttrCanUnwrap + + Note that the attributes kSecAttrCan* describe attributes of the + key itself at relatively high level. Some of these attributes are + mathematical -- for example, a DSA key cannot encrypt. Others are + key-level policy issues -- for example, it is good cryptographic + hygiene to use an RSA key either for encryption or signing but not + both. Compare these to the certificate-level policy values in + SecPolicy.h. + + kSecClassIdentity item attributes: + Since an identity is the combination of a private key and a + certificate, this class shares attributes of both kSecClassKey and + kSecClassCertificate. + + @constant kSecAttrAccessible Specifies a dictionary key whose value + indicates when your application needs access to an item's data. You + should choose the most restrictive option that meets your application's + needs to allow the system to protect that item in the best way possible. + See the "kSecAttrAccessible Value Constants" section for a list of + values which can be specified. + IMPORTANT: This attribute is currently not supported for OS X keychain + items, unless the kSecAttrSynchronizable attribute is also present. If + both attributes are specified on either OS X or iOS, the value for the + kSecAttrAccessible key may only be one whose name does not end with + "ThisDeviceOnly", as those cannot sync to another device. + + @constant kSecAttrAccessControl Specifies a dictionary key whose value + is SecAccessControl instance which contains access control conditions + for item. + IMPORTANT: This attribute is mutually exclusive with kSecAttrAccess + attribute. + + @constant kSecAttrAccess Specifies a dictionary key whose value + is a SecAccessRef describing the access control settings for this item. + This key is available on OS X only. + + @constant kSecAttrAccessGroup Specifies a dictionary key whose value is + a CFStringRef indicating which access group a item is in. The access + groups that a particular application has membership in are determined by + two entitlements for that application. The application-identifier + entitlement contains the application's single access group, unless + there is a keychain-access-groups entitlement present. The latter + has as its value a list of access groups; the first item in this list + is the default access group. Unless a specific access group is provided + as the value of kSecAttrAccessGroup when SecItemAdd is called, new items + are created in the application's default access group. Specifying this + attribute in SecItemCopyMatching, SecItemUpdate, or SecItemDelete calls + limits the search to the specified access group (of which the calling + application must be a member to obtain matching results.) To share + keychain items between multiple applications, each application must have + a common group listed in its keychain-access-groups entitlement, and each + must specify this shared access group name as the value for the + kSecAttrAccessGroup key in the dictionary passed to SecItem functions. + + @constant kSecAttrSynchronizable Specifies a dictionary key whose value is + a CFBooleanRef indicating whether the item in question can be synchronized. + To add a new item which can be synced to other devices, or to obtain + synchronizable results from a query, supply this key with a value of + kCFBooleanTrue. If the key is not supplied, or has a value of + kCFBooleanFalse, then no synchronizable items will be added or returned. + A predefined value, kSecAttrSynchronizableAny, may be provided instead of + kCFBooleanTrue if both synchronizable and non-synchronizable results are + desired. + + IMPORTANT: Specifying the kSecAttrSynchronizable key has several caveats: + + - Updating or deleting items using the kSecAttrSynchronizable key will + affect all copies of the item, not just the one on your local device. + Be sure that it makes sense to use the same password on all devices + before deciding to make a password synchronizable. + - Only password items can currently be synchronized. Keychain syncing + is not supported for certificates or cryptographic keys. + - Items stored or obtained using the kSecAttrSynchronizable key cannot + specify SecAccessRef-based access control with kSecAttrAccess. If a + password is intended to be shared between multiple applications, the + kSecAttrAccessGroup key must be specified, and each application + using this password must have a 'keychain-access-groups' entitlement + with the specified access group value. + - Items stored or obtained using the kSecAttrSynchronizable key may + not also specify a kSecAttrAccessible value which is incompatible + with syncing (namely, those whose names end with "ThisDeviceOnly".) + - Items stored or obtained using the kSecAttrSynchronizable key cannot + be specified by reference. You must pass kSecReturnAttributes and/or + kSecReturnData to retrieve results; kSecReturnRef is currently not + supported for synchronizable items. + - Persistent references to synchronizable items should be avoided; + while they may work locally, they cannot be moved between devices, + and may not resolve if the item is modified on some other device. + - When specifying a query that uses the kSecAttrSynchronizable key, + search keys are limited to the item's class and attributes. + The only search constant which may be used is kSecMatchLimit; other + constants using the kSecMatch prefix are not supported at this time. + + @constant kSecAttrSynchronizableAny Specifies that both synchronizable and + non-synchronizable results should be returned from this query. This may be + used as a value for the kSecAttrSynchronizable dictionary key in a call to + SecItemCopyMatching, SecItemUpdate, or SecItemDelete. + + @constant kSecAttrCreationDate (read-only) Specifies a dictionary key whose + value is the item's creation date. You use this key to get a value + of type CFDateRef that represents the date the item was created. + @constant kSecAttrModificationDate (read-only) Specifies a dictionary key + whose value is the item's modification date. You use this key to get + a value of type CFDateRef that represents the last time the item was + updated. + @constant kSecAttrDescription Specifies a dictionary key whose value is + the item's description attribute. You use this key to set or get a + value of type CFStringRef that represents a user-visible string + describing this particular kind of item (e.g., "disk image password"). + @constant kSecAttrComment Specifies a dictionary key whose value is the + item's comment attribute. You use this key to set or get a value of + type CFStringRef containing the user-editable comment for this item. + @constant kSecAttrCreator Specifies a dictionary key whose value is the + item's creator attribute. You use this key to set or get a value of + type CFNumberRef that represents the item's creator. This number is + the unsigned integer representation of a four-character code (e.g., + 'aCrt'). + @constant kSecAttrType Specifies a dictionary key whose value is the item's + type attribute. You use this key to set or get a value of type + CFNumberRef that represents the item's type. This number is the + unsigned integer representation of a four-character code (e.g., + 'aTyp'). + @constant kSecAttrLabel Specifies a dictionary key whose value is the + item's label attribute. You use this key to set or get a value of + type CFStringRef containing the user-visible label for this item. + @constant kSecAttrIsInvisible Specifies a dictionary key whose value is the + item's invisible attribute. You use this key to set or get a value + of type CFBooleanRef that indicates whether the item is invisible + (i.e., should not be displayed.) + @constant kSecAttrIsNegative Specifies a dictionary key whose value is the + item's negative attribute. You use this key to set or get a value of + type CFBooleanRef that indicates whether there is a valid password + associated with this keychain item. This is useful if your application + doesn't want a password for some particular service to be stored in + the keychain, but prefers that it always be entered by the user. + @constant kSecAttrAccount Specifies a dictionary key whose value is the + item's account attribute. You use this key to set or get a CFStringRef + that contains an account name. (Items of class + kSecClassGenericPassword, kSecClassInternetPassword have this + attribute.) + @constant kSecAttrService Specifies a dictionary key whose value is the + item's service attribute. You use this key to set or get a CFStringRef + that represents the service associated with this item. (Items of class + kSecClassGenericPassword have this attribute.) + @constant kSecAttrGeneric Specifies a dictionary key whose value is the + item's generic attribute. You use this key to set or get a value of + CFDataRef that contains a user-defined attribute. (Items of class + kSecClassGenericPassword have this attribute.) + @constant kSecAttrSecurityDomain Specifies a dictionary key whose value + is the item's security domain attribute. You use this key to set or + get a CFStringRef value that represents the Internet security domain. + (Items of class kSecClassInternetPassword have this attribute.) + @constant kSecAttrServer Specifies a dictionary key whose value is the + item's server attribute. You use this key to set or get a value of + type CFStringRef that contains the server's domain name or IP address. + (Items of class kSecClassInternetPassword have this attribute.) + @constant kSecAttrProtocol Specifies a dictionary key whose value is the + item's protocol attribute. You use this key to set or get a value of + type CFNumberRef that denotes the protocol for this item (see the + SecProtocolType enum in SecKeychainItem.h). (Items of class + kSecClassInternetPassword have this attribute.) + @constant kSecAttrAuthenticationType Specifies a dictionary key whose value + is the item's authentication type attribute. You use this key to set + or get a value of type CFNumberRef that denotes the authentication + scheme for this item (see the kSecAttrAuthenticationType value + constants below). + @constant kSecAttrPort Specifies a dictionary key whose value is the item's + port attribute. You use this key to set or get a CFNumberRef value + that represents an Internet port number. (Items of class + kSecClassInternetPassword have this attribute.) + @constant kSecAttrPath Specifies a dictionary key whose value is the item's + path attribute, typically this is the path component of the URL. You use + this key to set or get a CFStringRef value that represents a path. (Items + of class kSecClassInternetPassword have this attribute.) + @constant kSecAttrSubject (read-only) Specifies a dictionary key whose + value is the item's subject. You use this key to get a value of type + CFDataRef that contains the X.500 subject name of a certificate. + (Items of class kSecClassCertificate have this attribute.) + @constant kSecAttrIssuer (read-only) Specifies a dictionary key whose value + is the item's issuer. You use this key to get a value of type + CFDataRef that contains the X.500 issuer name of a certificate. (Items + of class kSecClassCertificate have this attribute.) + @constant kSecAttrSerialNumber (read-only) Specifies a dictionary key whose + value is the item's serial number. You use this key to get a value + of type CFDataRef that contains the serial number data of a + certificate. (Items of class kSecClassCertificate have this + attribute.) + @constant kSecAttrSubjectKeyID (read-only) Specifies a dictionary key whose + value is the item's subject key ID. You use this key to get a value + of type CFDataRef that contains the subject key ID of a certificate. + (Items of class kSecClassCertificate have this attribute.) + @constant kSecAttrPublicKeyHash (read-only) Specifies a dictionary key + whose value is the item's public key hash. You use this key to get a + value of type CFDataRef that contains the hash of a certificate's + public key. (Items of class kSecClassCertificate have this attribute.) + @constant kSecAttrCertificateType (read-only) Specifies a dictionary key + whose value is the item's certificate type. You use this key to get + a value of type CFNumberRef that denotes the certificate type (see the + CSSM_CERT_TYPE enum in cssmtype.h). (Items of class + kSecClassCertificate have this attribute.) + @constant kSecAttrCertificateEncoding (read-only) Specifies a dictionary + key whose value is the item's certificate encoding. You use this key + to get a value of type CFNumberRef that denotes the certificate + encoding (see the CSSM_CERT_ENCODING enum in cssmtype.h). (Items of + class kSecClassCertificate have this attribute.) + @constant kSecAttrKeyClass (read only) Specifies a dictionary key whose + value is one of kSecAttrKeyClassPublic, kSecAttrKeyClassPrivate or + kSecAttrKeyClassSymmetric. + @constant kSecAttrApplicationLabel Specifies a dictionary key whose value + is the key's application label attribute. This is different from the + kSecAttrLabel (which is intended to be human-readable). This attribute + is used to look up a key programmatically; in particular, for keys of + class kSecAttrKeyClassPublic and kSecAttrKeyClassPrivate, the value of + this attribute is the hash of the public key. This item is a type of CFDataRef. + Legacy keys may contain a UUID in this field as a CFStringRef. + @constant kSecAttrIsPermanent Specifies a dictionary key whose value is a + CFBooleanRef indicating whether the key in question will be stored + permanently. + @constant kSecAttrIsSensitive Specifies a dictionary key whose value is a + CFBooleanRef indicating that the key in question can only be exported + in a wrapped (encrypted) format. + @constant kSecAttrIsExtractable Specifies a dictionary key whose value is a + CFBooleanRef indicating whether the key in question can be exported from + its keychain container. + @constant kSecAttrApplicationTag Specifies a dictionary key whose value is a + CFDataRef containing private tag data. + @constant kSecAttrKeyType Specifies a dictionary key whose value is a + CFNumberRef indicating the algorithm associated with this key (see the + CSSM_ALGORITHMS enum in cssmtype.h). + @constant kSecAttrPRF Specifies a dictionary key whose value is the PRF + (pseudo-random function) for this key (see "kSecAttrPRF Value Constants".) + @constant kSecAttrSalt Specifies a dictionary key whose value is a + CFData containing the salt to use for this key. + @constant kSecAttrRounds Specifies a dictionary key whose value is the + number of rounds for the pseudo-random function specified by kSecAttrPRF. + @constant kSecAttrKeySizeInBits Specifies a dictionary key whose value + is a CFNumberRef indicating the number of bits in this key. + @constant kSecAttrEffectiveKeySize Specifies a dictionary key whose value + is a CFNumberRef indicating the effective number of bits in this key. + For example, a DES key has a kSecAttrKeySizeInBits of 64, but a + kSecAttrEffectiveKeySize of 56 bits. + @constant kSecAttrCanEncrypt Specifies a dictionary key whole value is a + CFBooleanRef indicating whether the key in question can be used to + encrypt data. + @constant kSecAttrCanDecrypt Specifies a dictionary key whole value is a + CFBooleanRef indicating whether the key in question can be used to + decrypt data. + @constant kSecAttrCanDerive Specifies a dictionary key whole value is a + CFBooleanRef indicating whether the key in question can be used to + derive another key. + @constant kSecAttrCanSign Specifies a dictionary key whole value is a + CFBooleanRef indicating whether the key in question can be used to + create a digital signature. + @constant kSecAttrCanVerify Specifies a dictionary key whole value is a + CFBooleanRef indicating whether the key in question can be used to + verify a digital signature. + @constant kSecAttrCanWrap Specifies a dictionary key whole value is a + CFBooleanRef indicating whether the key in question can be used to + wrap another key. + @constant kSecAttrCanUnwrap Specifies a dictionary key whole value is a + CFBooleanRef indicating whether the key in question can be used to + unwrap another key. +*/ +extern const CFTypeRef kSecAttrAccessible + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); +extern const CFTypeRef kSecAttrAccess + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern CFTypeRef kSecAttrAccessControl + __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); +extern const CFTypeRef kSecAttrAccessGroup + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_3_0); +extern const CFTypeRef kSecAttrSynchronizable + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern const CFTypeRef kSecAttrSynchronizableAny + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern const CFTypeRef kSecAttrCreationDate + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrModificationDate + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrDescription + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrComment + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCreator + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrType + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrLabel + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrIsInvisible + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrIsNegative + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAccount + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrService + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrGeneric + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrSecurityDomain + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrServer + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocol + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAuthenticationType + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrPort + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrPath + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrSubject + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrIssuer + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrSerialNumber + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrSubjectKeyID + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrPublicKeyHash + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCertificateType + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCertificateEncoding + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrKeyClass + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrApplicationLabel + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrIsPermanent + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrIsSensitive + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrIsExtractable + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrApplicationTag + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrKeyType + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrPRF + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrSalt + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrRounds + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeySizeInBits + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrEffectiveKeySize + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCanEncrypt + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCanDecrypt + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCanDerive + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCanSign + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCanVerify + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCanWrap + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrCanUnwrap + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @enum kSecAttrAccessible Value Constants + @discussion Predefined item attribute constants used to get or set values + in a dictionary. The kSecAttrAccessible constant is the key and its + value is one of the constants defined here. + When asking SecItemCopyMatching to return the item's data, the error + errSecInteractionNotAllowed will be returned if the item's data is not + available until a device unlock occurs. + @constant kSecAttrAccessibleWhenUnlocked Item data can only be accessed + while the device is unlocked. This is recommended for items that only + need be accesible while the application is in the foreground. Items + with this attribute will migrate to a new device when using encrypted + backups. + @constant kSecAttrAccessibleAfterFirstUnlock Item data can only be + accessed once the device has been unlocked after a restart. This is + recommended for items that need to be accesible by background + applications. Items with this attribute will migrate to a new device + when using encrypted backups. + @constant kSecAttrAccessibleAlways Item data can always be accessed + regardless of the lock state of the device. This is not recommended + for anything except system use. Items with this attribute will migrate + to a new device when using encrypted backups. + @constant kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly Item data can + only be accessed while the device is unlocked. This is recommended for + items that only need to be accessible while the application is in the + foreground and requires a passcode to be set on the device. Items with + this attribute will never migrate to a new device, so after a backup + is restored to a new device, these items will be missing. This + attribute will not be available on devices without a passcode. Disabling + the device passcode will cause all previously protected items to + be deleted. + @constant kSecAttrAccessibleWhenUnlockedThisDeviceOnly Item data can only + be accessed while the device is unlocked. This is recommended for items + that only need be accesible while the application is in the foreground. + Items with this attribute will never migrate to a new device, so after + a backup is restored to a new device, these items will be missing. + @constant kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly Item data can + only be accessed once the device has been unlocked after a restart. + This is recommended for items that need to be accessible by background + applications. Items with this attribute will never migrate to a new + device, so after a backup is restored to a new device these items will + be missing. + @constant kSecAttrAccessibleAlwaysThisDeviceOnly Item data can always + be accessed regardless of the lock state of the device. This option + is not recommended for anything except system use. Items with this + attribute will never migrate to a new device, so after a backup is + restored to a new device, these items will be missing. +*/ +extern const CFTypeRef kSecAttrAccessibleWhenUnlocked + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); +extern const CFTypeRef kSecAttrAccessibleAfterFirstUnlock + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); +extern const CFTypeRef kSecAttrAccessibleAlways + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); +extern CFTypeRef kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly + __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); +extern const CFTypeRef kSecAttrAccessibleWhenUnlockedThisDeviceOnly + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); +extern const CFTypeRef kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); +extern const CFTypeRef kSecAttrAccessibleAlwaysThisDeviceOnly + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); + +/*! + @enum kSecAttrProtocol Value Constants + @discussion Predefined item attribute constants used to get or set values + in a dictionary. The kSecAttrProtocol constant is the key and its + value is one of the constants defined here. + @constant kSecAttrProtocolFTP + @constant kSecAttrProtocolFTPAccount + @constant kSecAttrProtocolHTTP + @constant kSecAttrProtocolIRC + @constant kSecAttrProtocolNNTP + @constant kSecAttrProtocolPOP3 + @constant kSecAttrProtocolSMTP + @constant kSecAttrProtocolSOCKS + @constant kSecAttrProtocolIMAP + @constant kSecAttrProtocolLDAP + @constant kSecAttrProtocolAppleTalk + @constant kSecAttrProtocolAFP + @constant kSecAttrProtocolTelnet + @constant kSecAttrProtocolSSH + @constant kSecAttrProtocolFTPS + @constant kSecAttrProtocolHTTPS + @constant kSecAttrProtocolHTTPProxy + @constant kSecAttrProtocolHTTPSProxy + @constant kSecAttrProtocolFTPProxy + @constant kSecAttrProtocolSMB + @constant kSecAttrProtocolRTSP + @constant kSecAttrProtocolRTSPProxy + @constant kSecAttrProtocolDAAP + @constant kSecAttrProtocolEPPC + @constant kSecAttrProtocolIPP + @constant kSecAttrProtocolNNTPS + @constant kSecAttrProtocolLDAPS + @constant kSecAttrProtocolTelnetS + @constant kSecAttrProtocolIMAPS + @constant kSecAttrProtocolIRCS + @constant kSecAttrProtocolPOP3S +*/ +extern const CFTypeRef kSecAttrProtocolFTP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolFTPAccount + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolHTTP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolIRC + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolNNTP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolPOP3 + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolSMTP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolSOCKS + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolIMAP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolLDAP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolAppleTalk + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolAFP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolTelnet + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolSSH + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolFTPS + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolHTTPS + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolHTTPProxy + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolHTTPSProxy + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolFTPProxy + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolSMB + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolRTSP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolRTSPProxy + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolDAAP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolEPPC + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolIPP + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolNNTPS + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolLDAPS + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolTelnetS + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolIMAPS + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolIRCS + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrProtocolPOP3S + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @enum kSecAttrAuthenticationType Value Constants + @discussion Predefined item attribute constants used to get or set values + in a dictionary. The kSecAttrAuthenticationType constant is the key + and its value is one of the constants defined here. + @constant kSecAttrAuthenticationTypeNTLM + @constant kSecAttrAuthenticationTypeMSN + @constant kSecAttrAuthenticationTypeDPA + @constant kSecAttrAuthenticationTypeRPA + @constant kSecAttrAuthenticationTypeHTTPBasic + @constant kSecAttrAuthenticationTypeHTTPDigest + @constant kSecAttrAuthenticationTypeHTMLForm + @constant kSecAttrAuthenticationTypeDefault +*/ +extern const CFTypeRef kSecAttrAuthenticationTypeNTLM + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAuthenticationTypeMSN + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAuthenticationTypeDPA + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAuthenticationTypeRPA + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAuthenticationTypeHTTPBasic + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAuthenticationTypeHTTPDigest + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAuthenticationTypeHTMLForm + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecAttrAuthenticationTypeDefault + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @enum kSecAttrKeyClass Value Constants + @discussion Predefined item attribute constants used to get or set values + in a dictionary. The kSecAttrKeyClass constant is the key + and its value is one of the constants defined here. + @constant kSecAttrKeyClassPublic + @constant kSecAttrKeyClassPrivate + @constant kSecAttrKeyClassSymmetric +*/ +extern const CFTypeRef kSecAttrKeyClassPublic + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); +extern const CFTypeRef kSecAttrKeyClassPrivate + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); +extern const CFTypeRef kSecAttrKeyClassSymmetric + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); + +/*! + @enum kSecAttrKeyType Value Constants + @discussion Predefined item attribute constants used to get or set values + in a dictionary. The kSecAttrKeyType constant is the key + and its value is one of the constants defined here. + @constant kSecAttrKeyTypeRSA + @constant kSecAttrKeyTypeDSA + @constant kSecAttrKeyTypeAES + @constant kSecAttrKeyType3DES + @constant kSecAttrKeyTypeRC4 + @constant kSecAttrKeyTypeRC2 + @constant kSecAttrKeyTypeCAST + @constant kSecAttrKeyTypeECDSA (deprecated; use kSecAttrKeyTypeEC instead.) + @constant kSecAttrKeyTypeEC +*/ +extern const CFTypeRef kSecAttrKeyTypeRSA + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); +extern const CFTypeRef kSecAttrKeyTypeDSA + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeyTypeAES + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeyTypeDES + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeyType3DES + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeyTypeRC4 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeyTypeRC2 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeyTypeCAST + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeyTypeECDSA + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrKeyTypeEC + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); + +/*! + @enum kSecAttrPRF Value Constants + @discussion Predefined item attribute constants used to specify the PRF + to use with SecKeyDeriveFromPassword. + @constant kSecAttrPRFHmacAlgSHA1 + @constant kSecAttrPRFHmacAlgSHA224 + @constant kSecAttrPRFHmacAlgSHA256 + @constant kSecAttrPRFHmacAlgSHA384 + @constant kSecAttrPRFHmacAlgSHA512 +*/ +extern const CFTypeRef kSecAttrPRFHmacAlgSHA1 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrPRFHmacAlgSHA224 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrPRFHmacAlgSHA256 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrPRFHmacAlgSHA384 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecAttrPRFHmacAlgSHA512 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @enum Search Constants + @discussion Predefined search constants used to set values in a query + dictionary. You can specify a combination of search attributes and + item attributes when looking for matching items with the + SecItemCopyMatching function. + @constant kSecMatchPolicy Specifies a dictionary key whose value is a + SecPolicyRef. If provided, returned certificates or identities must + verify with this policy. + @constant kSecMatchItemList Specifies a dictionary key whose value is a + CFArray of SecKeychainItemRef items. If provided, returned items will be + limited to the subset which are contained in this list. + @constant kSecMatchSearchList Specifies a dictionary key whose value is a + CFArray of SecKeychainRef items. If provided, the search will be limited + to the keychains contained in this list. + @constant kSecMatchIssuers Specifies a dictionary key whose value is a + CFArray of X.500 names (of type CFDataRef). If provided, returned + certificates or identities will be limited to those whose + certificate chain contains one of the issuers provided in this list. + @constant kSecMatchEmailAddressIfPresent Specifies a dictionary key whose + value is a CFStringRef containing an RFC822 email address. If + provided, returned certificates or identities will be limited to those + that contain the address, or do not contain any email address. + @constant kSecMatchSubjectContains Specifies a dictionary key whose value + is a CFStringRef. If provided, returned certificates or identities + will be limited to those containing this string in the subject. + @constant kSecMatchSubjectStartsWith Specifies a dictionary key whose value + is a CFStringRef. If provided, returned certificates or identities + will be limited to those with subject names that start with this string. + @constant kSecMatchSubjectEndsWith Specifies a dictionary key whose value + is a CFStringRef. If provided, returned certificates or identities + will be limited to those with subject names that end with this string. + @constant kSecMatchSubjectWholeString Specifies a dictionary key whose + value is a CFStringRef. If provided, returned certificates or identities + will be limited to those matching this string exactly in the subject. + @constant kSecMatchCaseInsensitive Specifies a dictionary key whose value + is a CFBooleanRef. If this value is kCFBooleanFalse, or is not + provided, then case-sensitive string matching is performed. + @constant kSecMatchDiacriticInsensitive Specifies a dictionary key whose + value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not + provided, then diacritic-sensitive string matching is performed. + @constant kSecMatchWidthInsensitive Specifies a dictionary key whose + value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not + provided, then string matching is width-sensitive (e.g. 'a' != 0xFF41). + @constant kSecMatchTrustedOnly Specifies a dictionary key whose value is + a CFBooleanRef. If provided with a value of kCFBooleanTrue, only + certificates which can be verified back to a trusted anchor will be + returned. If this value is kCFBooleanFalse, or is not provided, then + both trusted and untrusted certificates may be returned. + @constant kSecMatchValidOnDate Specifies a dictionary key whose value is + of type CFDateRef. If provided, returned keys, certificates or + identities will be limited to those which are valid for the given date. + Pass a value of kCFNull to indicate the current date. + @constant kSecMatchLimit Specifies a dictionary key whose value is a + CFNumberRef. If provided, this value specifies the maximum number of + results to return. If not provided, results are limited to the first + item found. Predefined values are provided for a single item + (kSecMatchLimitOne) and all matching items (kSecMatchLimitAll). + @constant kSecMatchLimitOne Specifies that results are limited to the first + item found; used as a value for the kSecMatchLimit dictionary key. + @constant kSecMatchLimitAll Specifies that an unlimited number of results + may be returned; used as a value for the kSecMatchLimit dictionary + key. +*/ +extern const CFTypeRef kSecMatchPolicy + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchItemList + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchSearchList + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchIssuers + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchEmailAddressIfPresent + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchSubjectContains + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchSubjectStartsWith + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecMatchSubjectEndsWith + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecMatchSubjectWholeString + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecMatchCaseInsensitive + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchDiacriticInsensitive + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecMatchWidthInsensitive + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFTypeRef kSecMatchTrustedOnly + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchValidOnDate + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchLimit + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchLimitOne + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecMatchLimitAll + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + + +/*! + @enum Return Type Key Constants + @discussion Predefined return type keys used to set values in a dictionary. + You use these keys to specify the type of results which should be + returned by the SecItemCopyMatching or SecItemAdd function. You can + specify zero or more of these return types. If more than one of these + result types is specified, the result is returned as a CFDictionaryRef + whose keys are the result types and values are the requested data. + @constant kSecReturnData Specifies a dictionary key whose value is of type + CFBooleanRef. A value of kCFBooleanTrue indicates that the data of + an item (CFDataRef) should be returned. For keys and password + items, data is secret (encrypted) and may require the user to enter + a password for access. + @constant kSecReturnAttributes Specifies a dictionary key whose value is + of type CFBooleanRef. A value of kCFBooleanTrue indicates that the + (non-encrypted) attributes of an item (in a CFDictionaryRef) should be + returned. + @constant kSecReturnRef Specifies a dictionary key whose value is a + CFBooleanRef. A value of kCFBooleanTrue indicates that a reference + should be returned. Depending on the item class requested, the + returned reference(s) may be of type SecKeychainItemRef, SecKeyRef, + SecCertificateRef, or SecIdentityRef. + @constant kSecReturnPersistentRef Specifies a dictionary key whose value + is of type CFBooleanRef. A value of kCFBooleanTrue indicates that a + persistent reference to an item (CFDataRef) should be returned. +*/ +extern const CFTypeRef kSecReturnData + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecReturnAttributes + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecReturnRef + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecReturnPersistentRef + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + + +/*! + @enum Value Type Key Constants + @discussion Predefined value type keys used to pass values in a dictionary. + You can specify zero or more of these types depending on the function + you are calling. For SecItemCopyMatching or SecItemAdd these are + used as keys in the results dictionary. + @constant kSecValueData Specifies a dictionary key whose value is of type + CFDataRef. For keys and password items, data is secret (encrypted) + and may require the user to enter a password for access. + @constant kSecValueRef Specifies a dictionary key whose value, depending + on the item class requested, is of type SecKeychainItemRef, SecKeyRef, + SecCertificateRef, or SecIdentityRef. + @constant kSecValuePersistentRef Specifies a dictionary key whose value + is of type CFDataRef. The bytes in this CFDataRef can be stored by + the caller and used on a subsequent invocation of the application (or + even a different application) to retrieve the item referenced by it. +*/ +extern const CFTypeRef kSecValueData + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecValueRef + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecValuePersistentRef + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + + +/*! + @enum Other Constants + @discussion Predefined constants used to set values in a dictionary. + @constant kSecUseItemList Specifies a dictionary key whose value is a + CFArray of items. If provided, this array is treated as the set of + all possible items to search, or add if the API being called is + SecItemAdd. The items in this array may be of type SecKeyRef, + SecCertificateRef, SecIdentityRef, or CFDataRef (for a persistent + item reference.) The items in the array must all be of the same + type. When this attribute is provided, no keychains are searched. + @constant kSecUseKeychain Specifies a dictionary key whose value is a + keychain reference. You use this key to specify a value of type + SecKeychainRef to which SecItemAdd will add the provided item(s). +*/ +extern const CFTypeRef kSecUseItemList + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFTypeRef kSecUseKeychain + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @function SecItemCopyMatching + @abstract Returns one or more items which match a search query. + @param query A dictionary containing an item class specification and + optional attributes for controlling the search. See the "Keychain + Search Attributes" section for a description of currently defined + search attributes. + @param result On return, a CFTypeRef reference to the found item(s). The + exact type of the result is based on the search attributes supplied + in the query, as discussed below. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Attributes defining a search are specified by adding key/value + pairs to the query dictionary. + + A typical query consists of: + + * a kSecClass key, whose value is a constant from the Class + Constants section that specifies the class of item(s) to be searched + * one or more keys from the "Attribute Key Constants" section, whose value + is the attribute data to be matched + * one or more keys from the "Search Constants" section, whose value is + used to further refine the search + * a key from the "Return Type Key Constants" section, specifying the type of + results desired + + Result types are specified as follows: + + * To obtain the data of a matching item (CFDataRef), specify + kSecReturnData with a value of kCFBooleanTrue. + * To obtain the attributes of a matching item (CFDictionaryRef), specify + kSecReturnAttributes with a value of kCFBooleanTrue. + * To obtain a reference to a matching item (SecKeychainItemRef, + SecKeyRef, SecCertificateRef, or SecIdentityRef), specify kSecReturnRef + with a value of kCFBooleanTrue. + * To obtain a persistent reference to a matching item (CFDataRef), + specify kSecReturnPersistentRef with a value of kCFBooleanTrue. Note + that unlike normal references, a persistent reference may be stored + on disk or passed between processes. + * If more than one of these result types is specified, the result is + returned as a CFDictionaryRef containing all the requested data. + + By default, this function returns only the first match found. To obtain + more than one matching item at a time, specify kSecMatchLimit with a value + greater than 1. The result will be a CFArrayRef containing up to that + number of matching items; the items' types are described above. + + To filter a provided list of items down to those matching the query, + specify a kSecMatchItemList whose value is a CFArray of SecKeychainItemRef, + SecKeyRef, SecCertificateRef, or SecIdentityRef items. The objects in the + provided array must be of the same type. + + To convert from persistent item references to normal item references, + specify a kSecMatchItemList whose value is a CFArray containing one or + more CFDataRef elements (the persistent reference), and a kSecReturnRef + whose value is kCFBooleanTrue. The objects in the provided array must be + of the same type. +*/ +OSStatus SecItemCopyMatching(CFDictionaryRef query, CFTypeRef *result) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @function SecItemAdd + @abstract Add one or more items to a keychain. + @param attributes A dictionary containing an item class specification and + optional entries specifying the item's attribute values. See the + "Attribute Key Constants" section for a description of currently defined + attributes. + @param result On return, a CFTypeRef reference to the newly added item(s). + The exact type of the result is based on the values supplied + in attributes, as discussed below. Pass NULL if this result is not + required. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Attributes defining an item are specified by adding key/value + pairs to the attributes dictionary. To add multiple items to a keychain + at once use the kSecUseItemList key with an array of items as its value. + This is currently only supported for non password items. To add an item + to a particular keychain, supply kSecUseKeychain with a SecKeychainRef as + its value. + + Result types are specified as follows: + + * To obtain the data of the added item (CFDataRef), specify + kSecReturnData with a value of kCFBooleanTrue. + * To obtain all the attributes of the added item (CFDictionaryRef), + specify kSecReturnAttributes with a value of kCFBooleanTrue. + * To obtain a reference to the added item (SecKeychainItemRef, SecKeyRef, + SecCertificateRef, or SecIdentityRef), specify kSecReturnRef with a + value of kCFBooleanTrue. This is the default behavior if a result + type is not explicitly specified. + * To obtain a persistent reference to the added item (CFDataRef), specify + kSecReturnPersistentRef with a value of kCFBooleanTrue. Note that + unlike normal references, a persistent reference may be stored on disk + or passed between processes. + * If more than one of these result types is specified, the result is + returned as a CFDictionaryRef containing all the requested data. +*/ +OSStatus SecItemAdd(CFDictionaryRef attributes, CFTypeRef *result) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @function SecItemUpdate + @abstract Modify zero or more items which match a search query. + @param query A dictionary containing an item class specification and + optional attributes for controlling the search. See the "Attribute + Constants" and "Search Constants" sections for a description of + currently defined search attributes. + @param attributesToUpdate A dictionary containing one or more attributes + whose values should be set to the ones specified. Only real keychain + attributes are permitted in this dictionary (no "meta" attributes are + allowed.) See the "Attribute Key Constants" section for a description of + currently defined value attributes. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Attributes defining a search are specified by adding key/value + pairs to the query dictionary. +*/ +OSStatus SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @function SecItemDelete + @abstract Delete zero or more items which match a search query. + @param query A dictionary containing an item class specification and + optional attributes for controlling the search. See the "Attribute + Constants" and "Search Constants" sections for a description of + currently defined search attributes. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Attributes defining a search are specified by adding key/value + pairs to the query dictionary. + + By default, this function deletes all items matching the specified query. + You can change this behavior by specifying one of the follow keys: + + * To delete an item identified by a transient reference, specify + kSecMatchItemList with a reference returned by using the kSecReturnRef + key in a previous call to SecItemCopyMatching or SecItemAdd. + * To delete an item identified by a persistent reference, specify + kSecMatchItemList with a persistent reference returned by using the + kSecReturnPersistentRef key to SecItemCopyMatching or SecItemAdd. + * If more than one of these result keys is specified, the behavior is + undefined. +*/ +OSStatus SecItemDelete(CFDictionaryRef query) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECITEM_H_ */