/* * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_LICENSE_HEADER_END@ */ /*! @header SecPasswordGenerate SecPassword implements logic to use the system facilities for acquiring a password, optionally stored and retrieved from the user's keychain. */ #ifndef _SECURITY_SECPASSWORDGENERATE_H_ #define _SECURITY_SECPASSWORDGENERATE_H_ #ifdef __cplusplus extern "C" { #endif #include <CoreFoundation/CoreFoundation.h> #include <Security/SecBase.h> typedef uint32_t SecPasswordType; enum { kSecPasswordTypeSafari = 0, kSecPasswordTypeiCloudRecovery = 1, kSecPasswordTypeWifi = 2, kSecPasswordTypePIN = 3 } __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); // Keys for external dictionaries with password generation requirements we read from plist. extern CFStringRef kSecPasswordDefaultForType __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordMinLengthKey __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordMaxLengthKey __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordAllowedCharactersKey __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordRequiredCharactersKey __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordDisallowedCharacters __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordCantStartWithChars __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordCantEndWithChars __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordContainsNoMoreThanNSpecificCharacters __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordContainsAtLeastNSpecificCharacters __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordContainsNoMoreThanNConsecutiveIdenticalCharacters __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordCharacters __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordCharacterCount __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordGroupSize __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordNumberOfGroups __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern CFStringRef kSecPasswordSeparator __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); /* @function SecPasswordCopyDefaultPasswordLength @abstract Returns the default length/number of tuples of a defaultly generated password @param type: default password types kSecPasswordTypeSafari, kSecPasswordTypeiCloudRecovery, kSecPasswordTypeWifi, kSecPasswordTypePIN @param error: An error code will be returned if an unrecognized password type is passed to the routine. @result Dictionary consisting of length of tuple and number of tuples or a NULL if the passed type isn't recognized. */ CFDictionaryRef SecPasswordCopyDefaultPasswordLength(SecPasswordType type, CFErrorRef *error) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); /* @function SecPasswordIsPasswordWeak @abstract Evalutes the weakness of a passcode. This function can take any type of passcode. Currently the function evaluates passcodes with only ASCII characters @param passcode a string of any length and type (4 digit PIN, complex passcode) @result True if the password is weak, False if the password is strong. */ bool SecPasswordIsPasswordWeak(CFStringRef passcode) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); /* @function SecPasswordGenerate. Supports generating passwords for Safari, iCloud, Personal Hotspot clients. Will also generate 4 digit pins. @abstract Returns a generated password based on a set of constraints @param type: type of password to generate. Pass enum types kSecPasswordTypeSafari, kSecPasswordTypeiCloudRecovery, kSecPasswordTypeWifi, or kSecPasswordTypePIN @param error: An error code will be returned if an error is encountered. Check SecBase.h for the list of codes. @param passwordRequirements: a dictionary containing a set of password requirements. ex: password type 'safari' requires at least: minLength, maxLength, string of allowed characters, required characters @return NULL or a CFStringRef password *Note: This parameters is not required if kSecPasswordTypeiCloudRecovery or kSecPasswordTypePIN is supplied as the type. If kSecPasswordTypeSafari or kSecPasswordTypeWifi is supplied, you must include these dictionary key/value pairs: kSecPasswordMinLengthKey / CFNumberRef kSecPasswordMaxLengthKey / CFNumberRef kSecPasswordAllowedCharactersKey / CFStringRef kSecPasswordRequiredCharactersKey / CFArrayRef of CFCharacterSetRefs *Note: Be sure to release the returned password when done using it. */ CF_RETURNS_RETAINED CFStringRef SecPasswordGenerate(SecPasswordType type, CFErrorRef *error, CFDictionaryRef passwordRequirements) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); #ifdef __cplusplus } #endif #endif /* !_SECURITY_SECPASSWORDGENERATE_H_ */