/*
 * Copyright (c) 2014 - 2016 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
 @function	SecBreadcrumbCreateFromPassword
 @abstract	Encryptes the password using a random key and then returns
 the encrypted password (breadcrumb) and the password encrypted random key.

 @param inPassword is the password to encrypt and use to encrypt the random key.
 @param outBreadcrumb is the password encrypted using a random key.
 @param outEncryptedKey is the random key encrypted using inPassword.
 @param outError An optional pointer to a CFErrorRef. This value is set
 if an error occurred. If not NULL, the caller is responsible for
 releasing the CFErrorRef.
 @result On return a Boolean indicating success or failure.

 @discussion This function generates the breadcrumb that will be used to
 update the user's keychain password when their Apple ID Login password
 is changed on appleid.apple.com.
*/

Boolean
SecBreadcrumbCreateFromPassword(CFStringRef inPassword,
	CFDataRef *outBreadcrumb,
	CFDataRef *outEncryptedKey,
	CFErrorRef *outError);


/*!
 @function	SecBreadcrumbCopyPassword
 @abstract	Decryptes the encrypted key using the password and uses the key to
 decrypt the breadcrumb and returns the password stored in the breadcrumb.

 @param inPassword is the password to decrypt the encrypted random key.
 @param inBreadcrumb is the breadcrumb encrypted by the key. It contains
 and encrypted version of the users old password.
 @param inEncryptedKey is an encrypted version of the key used to encrypt the
 breadcrumb.
 @param outPassword is the cleartext password that was stored in the breadcrumb.
 @param outError An optional pointer to a CFErrorRef. This value is set
 if an error occurred. If not NULL, the caller is responsible for
 releasing the CFErrorRef.
 @result On return a Boolean indicating success or failure.

 @discussion This function uses the password to decrypt the encrypted key and then
 uses that key to decrypt the breadcrumb.
*/

Boolean
SecBreadcrumbCopyPassword(CFStringRef inPassword,
	CFDataRef inBreadcrumb,
	CFDataRef inEncryptedKey,
	CFStringRef *outPassword,
	CFErrorRef *outError);

/*
 * Change password used to encrypt the key from old password to new password
 */

CFDataRef
SecBreadcrumbCreateNewEncryptedKey(CFStringRef oldPassword,
                                   CFStringRef newPassword,
                                   CFDataRef encryptedKey,
                                   CFErrorRef *outError);