#ifndef _CSSMAPPLE_H_
#define _CSSMAPPLE_H_ 1
#include <Security/cssmerr.h>
#include <Security/cssmtype.h>
#include <Security/x509defs.h>
#include <Security/certextensions.h>
#include <sys/types.h>
#include <stdbool.h>
#ifdef __cplusplus
extern "C" {
#endif
extern const CSSM_GUID gGuidCssm;
extern const CSSM_GUID gGuidAppleFileDL;
extern const CSSM_GUID gGuidAppleCSP;
extern const CSSM_GUID gGuidAppleCSPDL;
extern const CSSM_GUID gGuidAppleX509CL;
extern const CSSM_GUID gGuidAppleX509TP;
extern const CSSM_GUID gGuidAppleLDAPDL;
extern const CSSM_GUID gGuidAppleDotMacTP;
extern const CSSM_GUID gGuidAppleSdCSPDL;
extern const CSSM_GUID gGuidAppleDotMacDL;
enum
{
CSSM_WORDID_KEYCHAIN_PROMPT = CSSM_WORDID_VENDOR_START,
CSSM_WORDID_KEYCHAIN_LOCK,
CSSM_WORDID_KEYCHAIN_CHANGE_LOCK,
CSSM_WORDID_PROCESS,
CSSM_WORDID__RESERVED_1,
CSSM_WORDID_SYMMETRIC_KEY,
CSSM_WORDID_SYSTEM,
CSSM_WORDID_KEY,
CSSM_WORDID_PIN,
CSSM_WORDID_PREAUTH,
CSSM_WORDID_PREAUTH_SOURCE,
CSSM_WORDID_ASYMMETRIC_KEY,
CSSM_WORDID__FIRST_UNUSED
};
enum
{
CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT = CSSM_WORDID_KEYCHAIN_PROMPT,
CSSM_ACL_SUBJECT_TYPE_PROCESS = CSSM_WORDID_PROCESS,
CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE = CSSM_WORDID_SIGNATURE,
CSSM_ACL_SUBJECT_TYPE_COMMENT = CSSM_WORDID_COMMENT,
CSSM_ACL_SUBJECT_TYPE_SYMMETRIC_KEY = CSSM_WORDID_SYMMETRIC_KEY,
CSSM_ACL_SUBJECT_TYPE_PREAUTH = CSSM_WORDID_PREAUTH,
CSSM_ACL_SUBJECT_TYPE_PREAUTH_SOURCE = CSSM_WORDID_PREAUTH_SOURCE,
CSSM_ACL_SUBJECT_TYPE_ASYMMETRIC_KEY = CSSM_WORDID_ASYMMETRIC_KEY
};
enum
{
CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT = CSSM_WORDID_KEYCHAIN_PROMPT,
CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK = CSSM_WORDID_KEYCHAIN_LOCK,
CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK = CSSM_WORDID_KEYCHAIN_CHANGE_LOCK,
CSSM_SAMPLE_TYPE_PROCESS = CSSM_WORDID_PROCESS,
CSSM_SAMPLE_TYPE_COMMENT = CSSM_WORDID_COMMENT,
CSSM_SAMPLE_TYPE_RETRY_ID = CSSM_WORDID_PROPAGATE,
CSSM_SAMPLE_TYPE_SYMMETRIC_KEY = CSSM_WORDID_SYMMETRIC_KEY,
CSSM_SAMPLE_TYPE_PREAUTH = CSSM_WORDID_PREAUTH,
CSSM_SAMPLE_TYPE_ASYMMETRIC_KEY = CSSM_WORDID_ASYMMETRIC_KEY
};
enum {
CSSM_ACL_AUTHORIZATION_CHANGE_ACL = CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START,
CSSM_ACL_AUTHORIZATION_CHANGE_OWNER,
CSSM_ACL_AUTHORIZATION_PREAUTH_BASE =
CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START + 0x1000000,
CSSM_ACL_AUTHORIZATION_PREAUTH_END = CSSM_ACL_AUTHORIZATION_PREAUTH_BASE + 0x10000
};
#define CSSM_ACL_AUTHORIZATION_PREAUTH(slot) \
(CSSM_ACL_AUTHORIZATION_PREAUTH_BASE + (slot))
#define CSSM_ACL_AUTHORIZATION_PREAUTH_SLOT(auth) \
((auth) - CSSM_ACL_AUTHORIZATION_PREAUTH_BASE)
#define CSSM_ACL_AUTHORIZATION_IS_PREAUTH(auth) \
((auth) >= CSSM_ACL_AUTHORIZATION_PREAUTH_BASE && \
(auth) < CSSM_ACL_AUTHORIZATION_PREAUTH_END)
enum {
CSSM_ACL_CODE_SIGNATURE_INVALID = 0,
CSSM_ACL_CODE_SIGNATURE_OSX = 1
};
enum {
CSSM_ACL_MATCH_UID = 0x01,
CSSM_ACL_MATCH_GID = 0x02,
CSSM_ACL_MATCH_HONOR_ROOT = 0x100,
CSSM_ACL_MATCH_BITS = CSSM_ACL_MATCH_UID | CSSM_ACL_MATCH_GID
};
enum {
CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION = 0x101
};
typedef struct cssm_acl_process_subject_selector {
uint16 version;
uint16 mask;
uint32 uid;
uint32 gid;
} CSSM_ACL_PROCESS_SUBJECT_SELECTOR;
enum {
CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION = 0x101
};
enum {
CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE = 0x0001,
CSSM_ACL_KEYCHAIN_PROMPT_UNSIGNED = 0x0010,
CSSM_ACL_KEYCHAIN_PROMPT_UNSIGNED_ACT = 0x0020,
CSSM_ACL_KEYCHAIN_PROMPT_INVALID = 0x0040,
CSSM_ACL_KEYCHAIN_PROMPT_INVALID_ACT = 0x0080,
};
typedef struct cssm_acl_keychain_prompt_selector {
uint16 version;
uint16 flags;
} CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR;
typedef uint32 CSSM_ACL_PREAUTH_TRACKING_STATE;
enum {
CSSM_ACL_PREAUTH_TRACKING_COUNT_MASK = 0xff,
CSSM_ACL_PREAUTH_TRACKING_BLOCKED = 0,
CSSM_ACL_PREAUTH_TRACKING_UNKNOWN = 0x40000000,
CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED = 0x80000000
};
enum {
CSSM_DB_ACCESS_RESET = 0x10000
};
enum
{
CSSM_ALGID_APPLE_YARROW = CSSM_ALGID_VENDOR_DEFINED,
CSSM_ALGID_AES,
CSSM_ALGID_FEE,
CSSM_ALGID_FEE_MD5,
CSSM_ALGID_FEE_SHA1,
CSSM_ALGID_FEED,
CSSM_ALGID_FEEDEXP,
CSSM_ALGID_ASC,
CSSM_ALGID_SHA1HMAC_LEGACY,
CSSM_ALGID_KEYCHAIN_KEY,
CSSM_ALGID_PKCS12_PBE_ENCR,
CSSM_ALGID_PKCS12_PBE_MAC,
CSSM_ALGID_SECURE_PASSPHRASE,
CSSM_ALGID_PBE_OPENSSL_MD5,
CSSM_ALGID_SHA256,
CSSM_ALGID_SHA384,
CSSM_ALGID_SHA512,
CSSM_ALGID_ENTROPY_DEFAULT,
CSSM_ALGID_SHA224,
CSSM_ALGID_SHA224WithRSA,
CSSM_ALGID_SHA256WithRSA,
CSSM_ALGID_SHA384WithRSA,
CSSM_ALGID_SHA512WithRSA,
CSSM_ALGID_OPENSSH1,
CSSM_ALGID_SHA224WithECDSA,
CSSM_ALGID_SHA256WithECDSA,
CSSM_ALGID_SHA384WithECDSA,
CSSM_ALGID_SHA512WithECDSA,
CSSM_ALGID_ECDSA_SPECIFIED,
CSSM_ALGID_ECDH_X963_KDF,
CSSM_ALGID__FIRST_UNUSED
};
enum
{
CSSM_PADDING_APPLE_SSLv2 = CSSM_PADDING_VENDOR_DEFINED
};
enum {
CSSM_KEYBLOB_RAW_FORMAT_VENDOR_DEFINED = 0x80000000
};
enum {
CSSM_KEYBLOB_RAW_FORMAT_X509 = CSSM_KEYBLOB_RAW_FORMAT_VENDOR_DEFINED,
CSSM_KEYBLOB_RAW_FORMAT_OPENSSH,
CSSM_KEYBLOB_RAW_FORMAT_OPENSSL,
CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2
};
enum
{
CSSM_CUSTOM_COMMON_ERROR_EXTENT = 0x00e0,
CSSM_ERRCODE_NO_USER_INTERACTION = 0x00e0,
CSSM_ERRCODE_USER_CANCELED = 0x00e1,
CSSM_ERRCODE_SERVICE_NOT_AVAILABLE = 0x00e2,
CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION = 0x00e3,
CSSM_ERRCODE_DEVICE_RESET = 0x00e4,
CSSM_ERRCODE_DEVICE_FAILED = 0x00e5,
CSSM_ERRCODE_IN_DARK_WAKE = 0x00e6
};
enum {
CSSMERR_CSSM_NO_USER_INTERACTION = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION,
CSSMERR_AC_NO_USER_INTERACTION = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION,
CSSMERR_CSP_NO_USER_INTERACTION = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION,
CSSMERR_CL_NO_USER_INTERACTION = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION,
CSSMERR_DL_NO_USER_INTERACTION = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION,
CSSMERR_TP_NO_USER_INTERACTION = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION,
CSSMERR_CSSM_USER_CANCELED = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED,
CSSMERR_AC_USER_CANCELED = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED,
CSSMERR_CSP_USER_CANCELED = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED,
CSSMERR_CL_USER_CANCELED = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED,
CSSMERR_DL_USER_CANCELED = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED,
CSSMERR_TP_USER_CANCELED = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED,
CSSMERR_CSSM_SERVICE_NOT_AVAILABLE = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE,
CSSMERR_AC_SERVICE_NOT_AVAILABLE = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE,
CSSMERR_CSP_SERVICE_NOT_AVAILABLE = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE,
CSSMERR_CL_SERVICE_NOT_AVAILABLE = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE,
CSSMERR_DL_SERVICE_NOT_AVAILABLE = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE,
CSSMERR_TP_SERVICE_NOT_AVAILABLE = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_SERVICE_NOT_AVAILABLE,
CSSMERR_CSSM_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION,
CSSMERR_AC_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION,
CSSMERR_CSP_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION,
CSSMERR_CL_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION,
CSSMERR_DL_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION,
CSSMERR_TP_INSUFFICIENT_CLIENT_IDENTIFICATION = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INSUFFICIENT_CLIENT_IDENTIFICATION,
CSSMERR_CSSM_DEVICE_RESET = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_DEVICE_RESET,
CSSMERR_AC_DEVICE_RESET = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_DEVICE_RESET,
CSSMERR_CSP_DEVICE_RESET = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_DEVICE_RESET,
CSSMERR_CL_DEVICE_RESET = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_DEVICE_RESET,
CSSMERR_DL_DEVICE_RESET = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_DEVICE_RESET,
CSSMERR_TP_DEVICE_RESET = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_DEVICE_RESET,
CSSMERR_CSSM_DEVICE_FAILED = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_DEVICE_FAILED,
CSSMERR_AC_DEVICE_FAILED = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_DEVICE_FAILED,
CSSMERR_CSP_DEVICE_FAILED = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_DEVICE_FAILED,
CSSMERR_CL_DEVICE_FAILED = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_DEVICE_FAILED,
CSSMERR_DL_DEVICE_FAILED = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_DEVICE_FAILED,
CSSMERR_TP_DEVICE_FAILED = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_DEVICE_FAILED,
CSSMERR_CSSM_IN_DARK_WAKE = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_IN_DARK_WAKE,
CSSMERR_AC_IN_DARK_WAKE = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_IN_DARK_WAKE,
CSSMERR_CSP_IN_DARK_WAKE = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_IN_DARK_WAKE,
CSSMERR_CL_IN_DARK_WAKE = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_IN_DARK_WAKE,
CSSMERR_DL_IN_DARK_WAKE = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_IN_DARK_WAKE,
CSSMERR_TP_IN_DARK_WAKE = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_IN_DARK_WAKE
};
enum {
CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT = CSSM_CSP_PRIVATE_ERROR + 0,
CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE = CSSM_CSP_PRIVATE_ERROR + 1,
CSSMERR_CSP_APPLE_SIGNATURE_MISMATCH = CSSM_CSP_PRIVATE_ERROR + 2,
CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE = CSSM_CSP_PRIVATE_ERROR + 3,
CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE = CSSM_CSP_PRIVATE_ERROR + 4,
CSSMERR_CSPDL_APPLE_DL_CONVERSION_ERROR = CSSM_CSP_PRIVATE_ERROR + 5,
CSSMERR_CSP_APPLE_SSLv2_ROLLBACK = CSSM_CSP_PRIVATE_ERROR + 6
};
enum
{
CSSM_DL_DB_RECORD_GENERIC_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0,
CSSM_DL_DB_RECORD_INTERNET_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 1,
CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 2,
CSSM_DL_DB_RECORD_X509_CERTIFICATE = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x1000,
CSSM_DL_DB_RECORD_USER_TRUST,
CSSM_DL_DB_RECORD_X509_CRL,
CSSM_DL_DB_RECORD_UNLOCK_REFERRAL,
CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE,
CSSM_DL_DB_RECORD_METADATA = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x8000
};
enum {
CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
CSSM_APPLEFILEDL_COMMIT,
CSSM_APPLEFILEDL_ROLLBACK
};
enum {
CSSM_APPLE_UNLOCK_TYPE_KEY_DIRECT = 1, CSSM_APPLE_UNLOCK_TYPE_WRAPPED_PRIVATE = 2 };
enum
{
CSSMERR_APPLEDL_INVALID_OPEN_PARAMETERS = CSSM_DL_PRIVATE_ERROR + 0,
CSSMERR_APPLEDL_DISK_FULL = CSSM_DL_PRIVATE_ERROR + 1,
CSSMERR_APPLEDL_QUOTA_EXCEEDED = CSSM_DL_PRIVATE_ERROR + 2,
CSSMERR_APPLEDL_FILE_TOO_BIG = CSSM_DL_PRIVATE_ERROR + 3,
CSSMERR_APPLEDL_INVALID_DATABASE_BLOB = CSSM_DL_PRIVATE_ERROR + 4,
CSSMERR_APPLEDL_INVALID_KEY_BLOB = CSSM_DL_PRIVATE_ERROR + 5,
CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB = CSSM_DL_PRIVATE_ERROR + 6,
CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB = CSSM_DL_PRIVATE_ERROR + 7,
};
enum
{
CSSMERR_APPLETP_HOSTNAME_MISMATCH = CSSM_TP_PRIVATE_ERROR + 0,
CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN = CSSM_TP_PRIVATE_ERROR + 1,
CSSMERR_APPLETP_NO_BASIC_CONSTRAINTS = CSSM_TP_PRIVATE_ERROR + 2,
CSSMERR_APPLETP_INVALID_CA = CSSM_TP_PRIVATE_ERROR + 3,
CSSMERR_APPLETP_INVALID_AUTHORITY_ID = CSSM_TP_PRIVATE_ERROR + 4,
CSSMERR_APPLETP_INVALID_SUBJECT_ID = CSSM_TP_PRIVATE_ERROR + 5,
CSSMERR_APPLETP_INVALID_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 6,
CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 7,
CSSMERR_APPLETP_INVALID_ID_LINKAGE = CSSM_TP_PRIVATE_ERROR + 8,
CSSMERR_APPLETP_PATH_LEN_CONSTRAINT = CSSM_TP_PRIVATE_ERROR + 9,
CSSMERR_APPLETP_INVALID_ROOT = CSSM_TP_PRIVATE_ERROR + 10,
CSSMERR_APPLETP_CRL_EXPIRED = CSSM_TP_PRIVATE_ERROR + 11,
CSSMERR_APPLETP_CRL_NOT_VALID_YET = CSSM_TP_PRIVATE_ERROR + 12,
CSSMERR_APPLETP_CRL_NOT_FOUND = CSSM_TP_PRIVATE_ERROR + 13,
CSSMERR_APPLETP_CRL_SERVER_DOWN = CSSM_TP_PRIVATE_ERROR + 14,
CSSMERR_APPLETP_CRL_BAD_URI = CSSM_TP_PRIVATE_ERROR + 15,
CSSMERR_APPLETP_UNKNOWN_CERT_EXTEN = CSSM_TP_PRIVATE_ERROR + 16,
CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN = CSSM_TP_PRIVATE_ERROR + 17,
CSSMERR_APPLETP_CRL_NOT_TRUSTED = CSSM_TP_PRIVATE_ERROR + 18,
CSSMERR_APPLETP_CRL_INVALID_ANCHOR_CERT = CSSM_TP_PRIVATE_ERROR + 19,
CSSMERR_APPLETP_CRL_POLICY_FAIL = CSSM_TP_PRIVATE_ERROR + 20,
CSSMERR_APPLETP_IDP_FAIL = CSSM_TP_PRIVATE_ERROR + 21,
CSSMERR_APPLETP_CERT_NOT_FOUND_FROM_ISSUER = CSSM_TP_PRIVATE_ERROR + 22,
CSSMERR_APPLETP_BAD_CERT_FROM_ISSUER = CSSM_TP_PRIVATE_ERROR + 23,
CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND = CSSM_TP_PRIVATE_ERROR + 24,
CSSMERR_APPLETP_SMIME_BAD_EXT_KEY_USE = CSSM_TP_PRIVATE_ERROR + 25,
CSSMERR_APPLETP_SMIME_BAD_KEY_USE = CSSM_TP_PRIVATE_ERROR + 26,
CSSMERR_APPLETP_SMIME_KEYUSAGE_NOT_CRITICAL = CSSM_TP_PRIVATE_ERROR + 27,
CSSMERR_APPLETP_SMIME_NO_EMAIL_ADDRS = CSSM_TP_PRIVATE_ERROR + 28,
CSSMERR_APPLETP_SMIME_SUBJ_ALT_NAME_NOT_CRIT = CSSM_TP_PRIVATE_ERROR + 29,
CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE = CSSM_TP_PRIVATE_ERROR + 30,
CSSMERR_APPLETP_OCSP_BAD_RESPONSE = CSSM_TP_PRIVATE_ERROR + 31,
CSSMERR_APPLETP_OCSP_BAD_REQUEST = CSSM_TP_PRIVATE_ERROR + 32,
CSSMERR_APPLETP_OCSP_UNAVAILABLE = CSSM_TP_PRIVATE_ERROR + 33,
CSSMERR_APPLETP_OCSP_STATUS_UNRECOGNIZED = CSSM_TP_PRIVATE_ERROR + 34,
CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK = CSSM_TP_PRIVATE_ERROR + 35,
CSSMERR_APPLETP_NETWORK_FAILURE = CSSM_TP_PRIVATE_ERROR + 36,
CSSMERR_APPLETP_OCSP_NOT_TRUSTED = CSSM_TP_PRIVATE_ERROR + 37,
CSSMERR_APPLETP_OCSP_INVALID_ANCHOR_CERT = CSSM_TP_PRIVATE_ERROR + 38,
CSSMERR_APPLETP_OCSP_SIG_ERROR = CSSM_TP_PRIVATE_ERROR + 39,
CSSMERR_APPLETP_OCSP_NO_SIGNER = CSSM_TP_PRIVATE_ERROR + 40,
CSSMERR_APPLETP_OCSP_RESP_MALFORMED_REQ = CSSM_TP_PRIVATE_ERROR + 41,
CSSMERR_APPLETP_OCSP_RESP_INTERNAL_ERR = CSSM_TP_PRIVATE_ERROR + 42,
CSSMERR_APPLETP_OCSP_RESP_TRY_LATER = CSSM_TP_PRIVATE_ERROR + 43,
CSSMERR_APPLETP_OCSP_RESP_SIG_REQUIRED = CSSM_TP_PRIVATE_ERROR + 44,
CSSMERR_APPLETP_OCSP_RESP_UNAUTHORIZED = CSSM_TP_PRIVATE_ERROR + 45,
CSSMERR_APPLETP_OCSP_NONCE_MISMATCH = CSSM_TP_PRIVATE_ERROR + 46,
CSSMERR_APPLETP_CS_BAD_CERT_CHAIN_LENGTH = CSSM_TP_PRIVATE_ERROR + 47,
CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS = CSSM_TP_PRIVATE_ERROR + 48,
CSSMERR_APPLETP_CS_BAD_PATH_LENGTH = CSSM_TP_PRIVATE_ERROR + 49,
CSSMERR_APPLETP_CS_NO_EXTENDED_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 50,
CSSMERR_APPLETP_CODE_SIGN_DEVELOPMENT = CSSM_TP_PRIVATE_ERROR + 51,
CSSMERR_APPLETP_RS_BAD_CERT_CHAIN_LENGTH = CSSM_TP_PRIVATE_ERROR + 52,
CSSMERR_APPLETP_RS_BAD_EXTENDED_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 53,
CSSMERR_APPLETP_TRUST_SETTING_DENY = CSSM_TP_PRIVATE_ERROR + 54,
CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT = CSSM_TP_PRIVATE_ERROR + 55,
CSSMERR_APPLETP_UNKNOWN_QUAL_CERT_STATEMENT = CSSM_TP_PRIVATE_ERROR + 56,
CSSMERR_APPLETP_MISSING_REQUIRED_EXTENSION = CSSM_TP_PRIVATE_ERROR + 57,
CSSMERR_APPLETP_EXT_KEYUSAGE_NOT_CRITICAL = CSSM_TP_PRIVATE_ERROR + 58
};
enum
{
CSSMERR_APPLE_DOTMAC_REQ_QUEUED = CSSM_TP_PRIVATE_ERROR + 100,
CSSMERR_APPLE_DOTMAC_REQ_REDIRECT = CSSM_TP_PRIVATE_ERROR + 101,
CSSMERR_APPLE_DOTMAC_REQ_SERVER_ERR = CSSM_TP_PRIVATE_ERROR + 102,
CSSMERR_APPLE_DOTMAC_REQ_SERVER_PARAM = CSSM_TP_PRIVATE_ERROR + 103,
CSSMERR_APPLE_DOTMAC_REQ_SERVER_AUTH = CSSM_TP_PRIVATE_ERROR + 104,
CSSMERR_APPLE_DOTMAC_REQ_SERVER_UNIMPL = CSSM_TP_PRIVATE_ERROR + 105,
CSSMERR_APPLE_DOTMAC_REQ_SERVER_NOT_AVAIL = CSSM_TP_PRIVATE_ERROR + 106,
CSSMERR_APPLE_DOTMAC_REQ_SERVER_ALREADY_EXIST = CSSM_TP_PRIVATE_ERROR + 107,
CSSMERR_APPLE_DOTMAC_REQ_SERVER_SERVICE_ERROR = CSSM_TP_PRIVATE_ERROR + 108,
CSSMERR_APPLE_DOTMAC_REQ_IS_PENDING = CSSM_TP_PRIVATE_ERROR + 109,
CSSMERR_APPLE_DOTMAC_NO_REQ_PENDING = CSSM_TP_PRIVATE_ERROR + 110,
CSSMERR_APPLE_DOTMAC_CSR_VERIFY_FAIL = CSSM_TP_PRIVATE_ERROR + 111,
CSSMERR_APPLE_DOTMAC_FAILED_CONSISTENCY_CHECK = CSSM_TP_PRIVATE_ERROR + 112
};
enum
{
CSSM_APPLEDL_OPEN_PARAMETERS_VERSION = 1
};
enum cssm_appledl_open_parameters_mask
{
kCSSM_APPLEDL_MASK_MODE = (1 << 0)
};
typedef struct cssm_appledl_open_parameters
{
uint32 length;
uint32 version;
CSSM_BOOL autoCommit;
uint32 mask;
mode_t mode;
} CSSM_APPLEDL_OPEN_PARAMETERS, *CSSM_APPLEDL_OPEN_PARAMETERS_PTR;
enum
{
CSSM_APPLECSPDL_DB_LOCK = 0,
CSSM_APPLECSPDL_DB_UNLOCK = 1,
CSSM_APPLECSPDL_DB_GET_SETTINGS = 2,
CSSM_APPLECSPDL_DB_SET_SETTINGS = 3,
CSSM_APPLECSPDL_DB_IS_LOCKED = 4,
CSSM_APPLECSPDL_DB_CHANGE_PASSWORD =5,
CSSM_APPLECSPDL_DB_GET_HANDLE = 6,
CSSM_APPLESCPDL_CSP_GET_KEYHANDLE = 7,
CSSM_APPLE_PRIVATE_CSPDL_CODE_8 = 8,
CSSM_APPLE_PRIVATE_CSPDL_CODE_9 = 9,
CSSM_APPLE_PRIVATE_CSPDL_CODE_10 = 10,
CSSM_APPLE_PRIVATE_CSPDL_CODE_11 = 11,
CSSM_APPLE_PRIVATE_CSPDL_CODE_12 = 12,
CSSM_APPLE_PRIVATE_CSPDL_CODE_13 = 13,
CSSM_APPLE_PRIVATE_CSPDL_CODE_14 = 14,
CSSM_APPLE_PRIVATE_CSPDL_CODE_15 = 15,
CSSM_APPLE_PRIVATE_CSPDL_CODE_16 = 16,
CSSM_APPLECSP_KEYDIGEST = 0x100
};
typedef struct cssm_applecspdl_db_settings_parameters
{
uint32 idleTimeout; uint8 lockOnSleep; } CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS, *CSSM_APPLECSPDL_DB_SETTINGS_PARAMETERS_PTR;
typedef struct cssm_applecspdl_db_is_locked_parameters
{
uint8 isLocked; } CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS, *CSSM_APPLECSPDL_DB_IS_LOCKED_PARAMETERS_PTR;
typedef struct cssm_applecspdl_db_change_password_parameters
{
CSSM_ACCESS_CREDENTIALS *accessCredentials;
} CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS, *CSSM_APPLECSPDL_DB_CHANGE_PASSWORD_PARAMETERS_PTR;
enum {
CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM = 100,
CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSL, CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1 };
enum {
CSSM_ATTRIBUTE_VENDOR_DEFINED = 0x800000
};
enum {
CSSM_ATTRIBUTE_PUBLIC_KEY =
(CSSM_ATTRIBUTE_DATA_KEY | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 0)),
CSSM_ATTRIBUTE_FEE_PRIME_TYPE =
(CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 1)),
CSSM_ATTRIBUTE_FEE_CURVE_TYPE =
(CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 2)),
CSSM_ATTRIBUTE_ASC_OPTIMIZATION =
(CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 3)),
CSSM_ATTRIBUTE_RSA_BLINDING =
(CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 4)),
CSSM_ATTRIBUTE_PARAM_KEY =
(CSSM_ATTRIBUTE_DATA_KEY | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 5)),
CSSM_ATTRIBUTE_PROMPT =
(CSSM_ATTRIBUTE_DATA_CSSM_DATA | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 6)),
CSSM_ATTRIBUTE_ALERT_TITLE =
(CSSM_ATTRIBUTE_DATA_CSSM_DATA | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 7)),
CSSM_ATTRIBUTE_VERIFY_PASSPHRASE =
(CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 8))
};
enum {
CSSM_FEE_PRIME_TYPE_DEFAULT = 0,
CSSM_FEE_PRIME_TYPE_MERSENNE,
CSSM_FEE_PRIME_TYPE_FEE,
CSSM_FEE_PRIME_TYPE_GENERAL
};
enum {
CSSM_FEE_CURVE_TYPE_DEFAULT = 0,
CSSM_FEE_CURVE_TYPE_MONTGOMERY,
CSSM_FEE_CURVE_TYPE_WEIERSTRASS,
CSSM_FEE_CURVE_TYPE_ANSI_X9_62
};
enum {
CSSM_ASC_OPTIMIZE_DEFAULT = 0,
CSSM_ASC_OPTIMIZE_SIZE,
CSSM_ASC_OPTIMIZE_SECURITY,
CSSM_ASC_OPTIMIZE_TIME,
CSSM_ASC_OPTIMIZE_TIME_SIZE,
CSSM_ASC_OPTIMIZE_ASCII,
};
enum {
CSSM_KEYATTR_PARTIAL = 0x00010000,
CSSM_KEYATTR_PUBLIC_KEY_ENCRYPT = 0x00020000
};
typedef struct {
const char *string;
const CSSM_OID *oid;
} CSSM_APPLE_TP_NAME_OID;
typedef struct {
CSSM_CSP_HANDLE cspHand; CSSM_CL_HANDLE clHand; uint32 serialNumber;
uint32 numSubjectNames; CSSM_APPLE_TP_NAME_OID *subjectNames;
uint32 numIssuerNames; CSSM_APPLE_TP_NAME_OID *issuerNames; CSSM_X509_NAME_PTR issuerNameX509;
const CSSM_KEY *certPublicKey;
const CSSM_KEY *issuerPrivateKey;
CSSM_ALGORITHMS signatureAlg; CSSM_OID signatureOid; uint32 notBefore; uint32 notAfter;
uint32 numExtensions;
CE_DataAndType *extensions;
const char *challengeString;
} CSSM_APPLE_TP_CERT_REQUEST;
#define CSSM_APPLE_TP_SSL_OPTS_VERSION 1
#define CSSM_APPLE_TP_SSL_CLIENT 0x00000001
typedef struct {
uint32 Version;
uint32 ServerNameLen;
const char *ServerName;
uint32 Flags;
} CSSM_APPLE_TP_SSL_OPTIONS;
#define CSSM_APPLE_TP_CRL_OPTS_VERSION 0
typedef uint32 CSSM_APPLE_TP_CRL_OPT_FLAGS;
enum {
CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT = 0x00000001,
CSSM_TP_ACTION_FETCH_CRL_FROM_NET = 0x00000002,
CSSM_TP_ACTION_CRL_SUFFICIENT = 0x00000004,
CSSM_TP_ACTION_REQUIRE_CRL_IF_PRESENT = 0x00000008
};
typedef struct {
uint32 Version; CSSM_APPLE_TP_CRL_OPT_FLAGS CrlFlags;
CSSM_DL_DB_HANDLE_PTR crlStore;
} CSSM_APPLE_TP_CRL_OPTIONS;
#define CSSM_APPLE_TP_SMIME_OPTS_VERSION 0
typedef struct {
uint32 Version;
CE_KeyUsage IntendedUsage;
uint32 SenderEmailLen;
const char *SenderEmail; } CSSM_APPLE_TP_SMIME_OPTIONS;
typedef uint32 CSSM_APPLE_TP_ACTION_FLAGS;
enum {
CSSM_TP_ACTION_ALLOW_EXPIRED = 0x00000001, CSSM_TP_ACTION_LEAF_IS_CA = 0x00000002, CSSM_TP_ACTION_FETCH_CERT_FROM_NET = 0x00000004, CSSM_TP_ACTION_ALLOW_EXPIRED_ROOT = 0x00000008, CSSM_TP_ACTION_REQUIRE_REV_PER_CERT = 0x00000010, CSSM_TP_ACTION_TRUST_SETTINGS = 0x00000020, CSSM_TP_ACTION_IMPLICIT_ANCHORS = 0x00000040 };
#define CSSM_APPLE_TP_ACTION_VERSION 0
typedef struct {
uint32 Version; CSSM_APPLE_TP_ACTION_FLAGS ActionFlags; } CSSM_APPLE_TP_ACTION_DATA;
typedef uint32 CSSM_TP_APPLE_CERT_STATUS;
enum
{
CSSM_CERT_STATUS_EXPIRED = 0x00000001,
CSSM_CERT_STATUS_NOT_VALID_YET = 0x00000002,
CSSM_CERT_STATUS_IS_IN_INPUT_CERTS = 0x00000004,
CSSM_CERT_STATUS_IS_IN_ANCHORS = 0x00000008,
CSSM_CERT_STATUS_IS_ROOT = 0x00000010,
CSSM_CERT_STATUS_IS_FROM_NET = 0x00000020,
CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_USER = 0x00000040,
CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_ADMIN = 0x00000080,
CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_SYSTEM = 0x00000100,
CSSM_CERT_STATUS_TRUST_SETTINGS_TRUST = 0x00000200,
CSSM_CERT_STATUS_TRUST_SETTINGS_DENY = 0x00000400,
CSSM_CERT_STATUS_TRUST_SETTINGS_IGNORED_ERROR = 0x00000800
};
typedef struct {
CSSM_TP_APPLE_CERT_STATUS StatusBits;
uint32 NumStatusCodes;
CSSM_RETURN *StatusCodes;
uint32 Index;
CSSM_DL_DB_HANDLE DlDbHandle;
CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord;
} CSSM_TP_APPLE_EVIDENCE_INFO;
#define CSSM_TP_APPLE_EVIDENCE_VERSION 0
typedef struct
{
uint32 Version;
} CSSM_TP_APPLE_EVIDENCE_HEADER;
#define CSSM_EVIDENCE_FORM_APPLE_CUSTOM 0x80000000
enum
{
CSSM_EVIDENCE_FORM_APPLE_HEADER = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 0,
CSSM_EVIDENCE_FORM_APPLE_CERTGROUP = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 1,
CSSM_EVIDENCE_FORM_APPLE_CERT_INFO = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 2
};
enum {
CSSM_APPLEX509CL_OBTAIN_CSR,
CSSM_APPLEX509CL_VERIFY_CSR
};
typedef struct {
CSSM_X509_NAME_PTR subjectNameX509;
CSSM_ALGORITHMS signatureAlg; CSSM_OID signatureOid;
CSSM_CSP_HANDLE cspHand; const CSSM_KEY *subjectPublicKey;
const CSSM_KEY *subjectPrivateKey;
const char *challengeString;
} CSSM_APPLE_CL_CSR_REQUEST;
#define CSSM_APPLE_CRL_END_OF_TIME "99991231235959"
#define kKeychainSuffix ".keychain"
#define kSystemKeychainName "System.keychain"
#define kSystemKeychainDir "/Library/Keychains/"
#define kSystemUnlockFile "/var/db/SystemKey"
void cssmPerror(const char *how, CSSM_RETURN error);
bool cssmOidToAlg(const CSSM_OID *oid, CSSM_ALGORITHMS *alg);
const CSSM_OID *cssmAlgToOid(CSSM_ALGORITHMS algId);
#define errSecErrnoBase 100000
#define errSecErrnoLimit 100255
#ifdef __cplusplus
}
#endif // __cplusplus
#endif