X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/c38e3ce98599a410a47dc10253faa4d5830f13b2..427c49bcad63d042b29ada2ac27e3dfc4845c779:/sec/Security/SecPasswordGenerate.h diff --git a/sec/Security/SecPasswordGenerate.h b/sec/Security/SecPasswordGenerate.h new file mode 100644 index 00000000..012b9abf --- /dev/null +++ b/sec/Security/SecPasswordGenerate.h @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/*! + @header SecPasswordGenerate + SecPassword implements logic to use the system facilities for acquiring a password, + optionally stored and retrieved from the user's keychain. + */ + +#ifndef _SECURITY_SECPASSWORDGENERATE_H_ +#define _SECURITY_SECPASSWORDGENERATE_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +typedef uint32_t SecPasswordType; +enum { + kSecPasswordTypeSafari = 0, + kSecPasswordTypeiCloudRecovery = 1, + kSecPasswordTypeWifi = 2, + kSecPasswordTypePIN = 3 +} __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +// Keys for external dictionaries with password generation requirements we read from plist. +extern CFStringRef kSecPasswordDefaultForType + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +extern CFStringRef kSecPasswordMinLengthKey + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordMaxLengthKey + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordAllowedCharactersKey + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordRequiredCharactersKey + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +extern CFStringRef kSecPasswordDisallowedCharacters + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordCantStartWithChars + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordCantEndWithChars + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +extern CFStringRef kSecPasswordContainsNoMoreThanNSpecificCharacters + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordContainsAtLeastNSpecificCharacters + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordContainsNoMoreThanNConsecutiveIdenticalCharacters + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +extern CFStringRef kSecPasswordCharacters + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordCharacterCount + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +extern CFStringRef kSecPasswordGroupSize + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordNumberOfGroups + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern CFStringRef kSecPasswordSeparator + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + + +/* + @function SecPasswordCopyDefaultPasswordLength + @abstract Returns the default length/number of tuples of a defaultly generated password + @param type: default password types kSecPasswordTypeSafari, kSecPasswordTypeiCloudRecovery, kSecPasswordTypeWifi, kSecPasswordTypePIN + @param error: An error code will be returned if an unrecognized password type is passed to the routine. + @result Dictionary consisting of length of tuple and number of tuples or a NULL if the passed type isn't recognized. +*/ +CFDictionaryRef SecPasswordCopyDefaultPasswordLength(SecPasswordType type, CFErrorRef *error) + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + + +/* + @function SecPasswordIsPasswordWeak + @abstract Evalutes the weakness of a passcode. This function can take any type of passcode. Currently + the function evaluates passcodes with only ASCII characters + @param passcode a string of any length and type (4 digit PIN, complex passcode) + @result True if the password is weak, False if the password is strong. + */ + +bool SecPasswordIsPasswordWeak(CFStringRef passcode) + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +/* + @function SecPasswordGenerate. Supports generating passwords for Safari, iCloud, Personal + Hotspot clients. Will also generate 4 digit pins. + @abstract Returns a generated password based on a set of constraints + @param type: type of password to generate. Pass enum types + kSecPasswordTypeSafari, kSecPasswordTypeiCloudRecovery, kSecPasswordTypeWifi, or kSecPasswordTypePIN + @param error: An error code will be returned if an error is encountered. Check SecBase.h for the list of codes. + @param passwordRequirements: a dictionary containing a set of password requirements. + ex: password type 'safari' requires at least: minLength, maxLength, string + of allowed characters, required characters + @return NULL or a CFStringRef password + + *Note: This parameters is not required if kSecPasswordTypeiCloudRecovery or kSecPasswordTypePIN is supplied as the type. + If kSecPasswordTypeSafari or kSecPasswordTypeWifi is supplied, you must include these dictionary key/value pairs: + kSecPasswordMinLengthKey / CFNumberRef + kSecPasswordMaxLengthKey / CFNumberRef + kSecPasswordAllowedCharactersKey / CFStringRef + kSecPasswordRequiredCharactersKey / CFArrayRef of CFCharacterSetRefs + + *Note: Be sure to release the returned password when done using it. + */ +CF_RETURNS_RETAINED CFStringRef SecPasswordGenerate(SecPasswordType type, CFErrorRef *error, CFDictionaryRef passwordRequirements) + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +#ifdef __cplusplus +} +#endif + +#endif /* !_SECURITY_SECPASSWORDGENERATE_H_ */