SecItemConstants.c
1 /* 2 * Copyright (c) 2006-2008,2010-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 #define __CONSTANT_CFSTRINGS__ 1 25 #include <CoreFoundation/CFString.h> 26 27 /* String constant declarations */ 28 29 #define SEC_CONST_DECL(k,v) const CFStringRef k = CFSTR(v); 30 31 /* Class Key Constant */ 32 SEC_CONST_DECL (kSecClass, "class"); 33 34 /* Class Value Constants */ 35 SEC_CONST_DECL (kSecClassGenericPassword, "genp"); 36 SEC_CONST_DECL (kSecClassInternetPassword, "inet"); 37 SEC_CONST_DECL (kSecClassAppleSharePassword, "apls"); 38 SEC_CONST_DECL (kSecClassCertificate, "cert"); 39 SEC_CONST_DECL (kSecClassKey, "keys"); 40 SEC_CONST_DECL (kSecClassIdentity, "idnt"); 41 42 /* Attribute Key Constants */ 43 SEC_CONST_DECL (kSecAttrAccessible, "pdmn"); 44 SEC_CONST_DECL (kSecAttrAccessControl, "accc"); 45 SEC_CONST_DECL (kSecAttrAccessGroup, "agrp"); 46 SEC_CONST_DECL (kSecAttrCreationDate, "cdat"); 47 SEC_CONST_DECL (kSecAttrModificationDate, "mdat"); 48 SEC_CONST_DECL (kSecAttrDescription, "desc"); 49 SEC_CONST_DECL (kSecAttrComment, "icmt"); 50 SEC_CONST_DECL (kSecAttrCreator, "crtr"); 51 SEC_CONST_DECL (kSecAttrType, "type"); 52 SEC_CONST_DECL (kSecAttrLabel, "labl"); 53 SEC_CONST_DECL (kSecAttrIsInvisible, "invi"); 54 SEC_CONST_DECL (kSecAttrIsNegative, "nega"); 55 SEC_CONST_DECL (kSecAttrAccount, "acct"); 56 SEC_CONST_DECL (kSecAttrService, "svce"); 57 SEC_CONST_DECL (kSecAttrGeneric, "gena"); 58 SEC_CONST_DECL (kSecAttrSecurityDomain, "sdmn"); 59 SEC_CONST_DECL (kSecAttrServer, "srvr"); 60 SEC_CONST_DECL (kSecAttrProtocol, "ptcl"); 61 SEC_CONST_DECL (kSecAttrAuthenticationType, "atyp"); 62 SEC_CONST_DECL (kSecAttrPort, "port"); 63 SEC_CONST_DECL (kSecAttrPath, "path"); 64 SEC_CONST_DECL (kSecAttrVolume, "volm"); 65 SEC_CONST_DECL (kSecAttrAddress, "addr"); 66 SEC_CONST_DECL (kSecAttrAFPServerSignature, "afps"); 67 SEC_CONST_DECL (kSecAttrAlias, "alis"); 68 SEC_CONST_DECL (kSecAttrSubject, "subj"); 69 SEC_CONST_DECL (kSecAttrIssuer, "issr"); 70 SEC_CONST_DECL (kSecAttrSerialNumber, "slnr"); 71 SEC_CONST_DECL (kSecAttrSubjectKeyID, "skid"); 72 SEC_CONST_DECL (kSecAttrPublicKeyHash, "pkhh"); 73 SEC_CONST_DECL (kSecAttrCertificateType, "ctyp"); 74 SEC_CONST_DECL (kSecAttrCertificateEncoding, "cenc"); 75 SEC_CONST_DECL (kSecAttrKeyClass, "kcls"); 76 SEC_CONST_DECL (kSecAttrApplicationLabel, "klbl"); 77 SEC_CONST_DECL (kSecAttrIsPermanent, "perm"); 78 SEC_CONST_DECL (kSecAttrIsPrivate, "priv"); 79 SEC_CONST_DECL (kSecAttrIsModifiable, "modi"); 80 SEC_CONST_DECL (kSecAttrApplicationTag, "atag"); 81 SEC_CONST_DECL (kSecAttrKeyCreator, "crtr"); 82 SEC_CONST_DECL (kSecAttrKeyType, "type"); 83 SEC_CONST_DECL (kSecAttrKeySizeInBits, "bsiz"); 84 SEC_CONST_DECL (kSecAttrEffectiveKeySize, "esiz"); 85 SEC_CONST_DECL (kSecAttrStartDate, "sdat"); 86 SEC_CONST_DECL (kSecAttrEndDate, "edat"); 87 SEC_CONST_DECL (kSecAttrIsSensitive, "sens"); 88 SEC_CONST_DECL (kSecAttrWasAlwaysSensitive, "asen"); 89 SEC_CONST_DECL (kSecAttrIsExtractable, "extr"); 90 SEC_CONST_DECL (kSecAttrWasNeverExtractable, "next"); 91 SEC_CONST_DECL (kSecAttrCanEncrypt, "encr"); 92 SEC_CONST_DECL (kSecAttrCanDecrypt, "decr"); 93 SEC_CONST_DECL (kSecAttrCanDerive, "drve"); 94 SEC_CONST_DECL (kSecAttrCanSign, "sign"); 95 SEC_CONST_DECL (kSecAttrCanVerify, "vrfy"); 96 SEC_CONST_DECL (kSecAttrCanSignRecover, "snrc"); 97 SEC_CONST_DECL (kSecAttrCanVerifyRecover, "vyrc"); 98 SEC_CONST_DECL (kSecAttrCanWrap, "wrap"); 99 SEC_CONST_DECL (kSecAttrCanUnwrap, "unwp"); 100 SEC_CONST_DECL (kSecAttrSyncViewHint, "vwht"); 101 SEC_CONST_DECL (kSecAttrTokenID, "tkid"); 102 /* Attribute Constants (Private) */ 103 SEC_CONST_DECL (kSecAttrScriptCode, "scrp"); 104 SEC_CONST_DECL (kSecAttrHasCustomIcon, "cusi"); 105 SEC_CONST_DECL (kSecAttrCRLType, "crlt"); 106 SEC_CONST_DECL (kSecAttrCRLEncoding, "crle"); 107 SEC_CONST_DECL (kSecAttrSynchronizable, "sync"); 108 SEC_CONST_DECL (kSecAttrTombstone, "tomb"); 109 SEC_CONST_DECL (kSecAttrMultiUser, "musr"); 110 SEC_CONST_DECL (kSecAttrNoLegacy, "nleg"); // Deprecated SPI version of kSecUseDataProtectionKeychain 111 SEC_CONST_DECL (kSecAttrTokenOID, "toid"); 112 SEC_CONST_DECL (kSecAttrUUID, "UUID"); 113 SEC_CONST_DECL (kSecAttrPersistantReference, "persistref"); 114 SEC_CONST_DECL (kSecAttrPersistentReference, "persistref"); 115 SEC_CONST_DECL (kSecAttrSysBound, "sysb"); 116 SEC_CONST_DECL (kSecAttrSHA1, "sha1"); 117 118 SEC_CONST_DECL (kSecAttrDeriveSyncIDFromItemAttributes, "dspk"); 119 SEC_CONST_DECL (kSecAttrPCSPlaintextServiceIdentifier, "pcss"); 120 SEC_CONST_DECL (kSecAttrPCSPlaintextPublicKey, "pcsk"); 121 SEC_CONST_DECL (kSecAttrPCSPlaintextPublicIdentity, "pcsi"); 122 123 SEC_CONST_DECL (kSecDataInetExtraNotes, "binn"); 124 SEC_CONST_DECL (kSecDataInetExtraHistory, "bini"); 125 SEC_CONST_DECL (kSecDataInetExtraClientDefined0, "bin0"); 126 SEC_CONST_DECL (kSecDataInetExtraClientDefined1, "bin1"); 127 SEC_CONST_DECL (kSecDataInetExtraClientDefined2, "bin2"); 128 SEC_CONST_DECL (kSecDataInetExtraClientDefined3, "bin3"); 129 130 /* Predefined access groups constants */ 131 SEC_CONST_DECL (kSecAttrAccessGroupToken, "com.apple.token"); 132 133 /* Search Constants */ 134 SEC_CONST_DECL (kSecMatchPolicy, "m_Policy"); 135 SEC_CONST_DECL (kSecMatchItemList, "m_ItemList"); 136 SEC_CONST_DECL (kSecMatchSearchList, "m_SearchList"); 137 SEC_CONST_DECL (kSecMatchIssuers, "m_Issuers"); 138 SEC_CONST_DECL (kSecMatchEmailAddressIfPresent, "m_EmailAddressIfPresent"); 139 SEC_CONST_DECL (kSecMatchSubjectContains, "m_SubjectContains"); 140 SEC_CONST_DECL (kSecMatchCaseInsensitive, "m_CaseInsensitive"); 141 SEC_CONST_DECL (kSecMatchTrustedOnly, "m_TrustedOnly"); 142 SEC_CONST_DECL (kSecMatchValidOnDate, "m_ValidOnDate"); 143 SEC_CONST_DECL (kSecMatchLimit, "m_Limit"); 144 /* Could just use kCFBooleanTrue and kCFBooleanFalse for these 2. */ 145 SEC_CONST_DECL (kSecMatchLimitOne, "m_LimitOne"); 146 SEC_CONST_DECL (kSecMatchLimitAll, "m_LimitAll"); 147 148 /* Return Type Key Constants */ 149 SEC_CONST_DECL (kSecReturnData, "r_Data"); 150 SEC_CONST_DECL (kSecReturnAttributes, "r_Attributes"); 151 SEC_CONST_DECL (kSecReturnRef, "r_Ref"); 152 SEC_CONST_DECL (kSecReturnPersistentRef, "r_PersistentRef"); 153 154 /* Value Type Key Constants */ 155 SEC_CONST_DECL (kSecValueData, "v_Data"); 156 SEC_CONST_DECL (kSecValueRef, "v_Ref"); 157 SEC_CONST_DECL (kSecValuePersistentRef, "v_PersistentRef"); 158 159 /* kSecUse Constants */ 160 SEC_CONST_DECL (kSecUseItemList, "u_ItemList"); 161 SEC_CONST_DECL (kSecUseTombstones, "u_Tomb"); 162 SEC_CONST_DECL (kSecUseCredentialReference, "u_CredRef"); 163 SEC_CONST_DECL (kSecUseOperationPrompt, "u_OpPrompt"); 164 SEC_CONST_DECL (kSecUseNoAuthenticationUI, "u_NoAuthUI"); 165 SEC_CONST_DECL (kSecUseAuthenticationUI, "u_AuthUI"); 166 SEC_CONST_DECL (kSecUseSystemKeychain, "u_SystemKeychain"); 167 SEC_CONST_DECL (kSecUseSyncBubbleKeychain, "u_SyncBubbleKeychain"); 168 SEC_CONST_DECL (kSecUseCallerName, "u_CallerName"); 169 SEC_CONST_DECL (kSecUseTokenRawItems, "u_TokenRawItems"); 170 SEC_CONST_DECL (kSecUseCertificatesWithMatchIssuers, "u_CertWithIssuers"); 171 SEC_CONST_DECL (kSecUseDataProtectionKeychain, "nleg"); // API version replacing kSecAttrNoLegacy 172 173 /* kSecAttrAccessible Value Constants. */ 174 SEC_CONST_DECL (kSecAttrAccessibleWhenUnlocked, "ak"); 175 SEC_CONST_DECL (kSecAttrAccessibleAfterFirstUnlock, "ck"); 176 SEC_CONST_DECL (kSecAttrAccessibleAlways, "dk"); 177 SEC_CONST_DECL (kSecAttrAccessibleWhenUnlockedThisDeviceOnly, "aku"); 178 SEC_CONST_DECL (kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, "cku"); 179 SEC_CONST_DECL (kSecAttrAccessibleAlwaysThisDeviceOnly, "dku"); 180 SEC_CONST_DECL (kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, "akpu"); 181 /* kSecAttrAccessible Value Constants (Private). */ 182 SEC_CONST_DECL (kSecAttrAccessibleAlwaysPrivate, "dk"); 183 SEC_CONST_DECL (kSecAttrAccessibleAlwaysThisDeviceOnlyPrivate, "dku"); 184 /* _kSecAttrAccessibleUntilReboot for class F. */ 185 SEC_CONST_DECL (kSecAttrAccessibleUntilReboot, "f"); 186 187 /* kSecAttrProtocol Value Constants. */ 188 SEC_CONST_DECL (kSecAttrProtocolFTP, "ftp "); 189 SEC_CONST_DECL (kSecAttrProtocolFTPAccount, "ftpa"); 190 SEC_CONST_DECL (kSecAttrProtocolHTTP, "http"); 191 SEC_CONST_DECL (kSecAttrProtocolIRC, "irc "); 192 SEC_CONST_DECL (kSecAttrProtocolNNTP, "nntp"); 193 SEC_CONST_DECL (kSecAttrProtocolPOP3, "pop3"); 194 SEC_CONST_DECL (kSecAttrProtocolSMTP, "smtp"); 195 SEC_CONST_DECL (kSecAttrProtocolSOCKS, "sox "); 196 SEC_CONST_DECL (kSecAttrProtocolIMAP, "imap"); 197 SEC_CONST_DECL (kSecAttrProtocolLDAP, "ldap"); 198 SEC_CONST_DECL (kSecAttrProtocolAppleTalk, "atlk"); 199 SEC_CONST_DECL (kSecAttrProtocolAFP, "afp "); 200 SEC_CONST_DECL (kSecAttrProtocolTelnet, "teln"); 201 SEC_CONST_DECL (kSecAttrProtocolSSH, "ssh "); 202 SEC_CONST_DECL (kSecAttrProtocolFTPS, "ftps"); 203 SEC_CONST_DECL (kSecAttrProtocolHTTPS, "htps"); 204 SEC_CONST_DECL (kSecAttrProtocolHTTPProxy, "htpx"); 205 SEC_CONST_DECL (kSecAttrProtocolHTTPSProxy, "htsx"); 206 SEC_CONST_DECL (kSecAttrProtocolFTPProxy, "ftpx"); 207 SEC_CONST_DECL (kSecAttrProtocolSMB, "smb "); 208 SEC_CONST_DECL (kSecAttrProtocolRTSP, "rtsp"); 209 SEC_CONST_DECL (kSecAttrProtocolRTSPProxy, "rtsx"); 210 SEC_CONST_DECL (kSecAttrProtocolDAAP, "daap"); 211 SEC_CONST_DECL (kSecAttrProtocolEPPC, "eppc"); 212 SEC_CONST_DECL (kSecAttrProtocolIPP, "ipp "); 213 SEC_CONST_DECL (kSecAttrProtocolNNTPS, "ntps"); 214 SEC_CONST_DECL (kSecAttrProtocolLDAPS, "ldps"); 215 SEC_CONST_DECL (kSecAttrProtocolTelnetS, "tels"); 216 SEC_CONST_DECL (kSecAttrProtocolIMAPS, "imps"); 217 SEC_CONST_DECL (kSecAttrProtocolIRCS, "ircs"); 218 SEC_CONST_DECL (kSecAttrProtocolPOP3S, "pops"); 219 220 /* kSecAttrAuthenticationType Value Constants. */ 221 SEC_CONST_DECL (kSecAttrAuthenticationTypeNTLM, "ntlm"); 222 SEC_CONST_DECL (kSecAttrAuthenticationTypeMSN, "msna"); 223 SEC_CONST_DECL (kSecAttrAuthenticationTypeDPA, "dpaa"); 224 SEC_CONST_DECL (kSecAttrAuthenticationTypeRPA, "rpaa"); 225 SEC_CONST_DECL (kSecAttrAuthenticationTypeHTTPBasic, "http"); 226 SEC_CONST_DECL (kSecAttrAuthenticationTypeHTTPDigest, "httd"); 227 SEC_CONST_DECL (kSecAttrAuthenticationTypeHTMLForm, "form"); 228 SEC_CONST_DECL (kSecAttrAuthenticationTypeDefault, "dflt"); 229 230 /* kSecAttrKeyClass Value Constants. Based on <Security/cssmtype.h> 231 CSSM_KEYCLASS_PUBLIC_KEY = 0, 232 CSSM_KEYCLASS_PRIVATE_KEY = 1, 233 CSSM_KEYCLASS_SESSION_KEY = 2, 234 */ 235 SEC_CONST_DECL (kSecAttrKeyClassPublic, "0"); 236 SEC_CONST_DECL (kSecAttrKeyClassPrivate, "1"); 237 SEC_CONST_DECL (kSecAttrKeyClassSymmetric, "2"); 238 239 /* kSecAttrKeyType Value Constants. Based on CSSM_ALGORITHMS. */ 240 SEC_CONST_DECL (kSecAttrKeyTypeRSA, "42"); 241 SEC_CONST_DECL (kSecAttrKeyTypeEC, "73"); /* rdar://10755886 */ 242 SEC_CONST_DECL (kSecAttrKeyTypeECSECPrimeRandom, "73"); 243 SEC_CONST_DECL (kSecAttrKeyTypeECSECPrimeRandomPKA, "2147483678"); /* <Security/cssmapple.h> CSSM_ALGID__FIRST_UNUSED */ 244 SEC_CONST_DECL (kSecAttrKeyTypeSecureEnclaveAttestation, "2147483679"); /* <Security/cssmapple.h> CSSM_ALGID__FIRST_UNUSED + 1 */ 245 246 /* kSecAttrSynchronizable Value Constants. */ 247 SEC_CONST_DECL (kSecAttrSynchronizableAny, "syna"); 248 249 /* Constants used by SecKeyGeneratePair() - in SecKey.h. Never used in 250 any SecItem apis directly. */ 251 SEC_CONST_DECL (kSecPrivateKeyAttrs, "private"); 252 SEC_CONST_DECL (kSecPublicKeyAttrs, "public"); 253 SEC_CONST_DECL (kSecKeyApplePayEnabled, "applepay"); 254 255 /* This is here only temporarily until MobileActivation starts using kSecAttrTokenOID instead of this specific attribute. */ 256 SEC_CONST_DECL (kSecAttrSecureEnclaveKeyBlob, "toid"); 257 258 /* Constants used by SecPassword - in SecPasswordStrength */ 259 SEC_CONST_DECL (kSecPasswordMaxLength, "PasswordMaxLength"); 260 SEC_CONST_DECL (kSecPasswordMinLength, "PasswordMaxLength"); 261 SEC_CONST_DECL (kSecPasswordAllowedCharacters, "PasswordAllowedCharacters"); 262 SEC_CONST_DECL (kSecPasswordRequiredCharacters, "PasswordRequiredCharacters"); 263 264 /* Constants used by SecSharedCredential - in <Security/SecSharedCredential.h> */ 265 SEC_CONST_DECL (kSecSharedPassword, "spwd"); 266 267 SEC_CONST_DECL (kSecUseAuthenticationUIAllow, "u_AuthUIA"); 268 SEC_CONST_DECL (kSecUseAuthenticationUIFail, "u_AuthUIF"); 269 SEC_CONST_DECL (kSecUseAuthenticationUISkip, "u_AuthUIS"); 270 SEC_CONST_DECL (kSecUseAuthenticationContext, "u_AuthCtx"); 271 272 /* kSecAttrTokenID Value Constants. */ 273 SEC_CONST_DECL (kSecAttrTokenIDSecureEnclave, "com.apple.setoken"); 274 SEC_CONST_DECL (kSecAttrTokenIDAppleKeyStore, "com.apple.setoken:aks"); 275 SEC_CONST_DECL (kSecAttrTokenIDSecureElement, "com.apple.secelemtoken"); 276 277 /* Internal kSecAttrAccessGroup for syncing */ 278 SEC_CONST_DECL (kSOSInternalAccessGroup, "com.apple.security.sos"); 279 280 /* View Hint Constants */ 281 282 #undef DOVIEWMACRO 283 #define DO_SEC_CONST_DECL_(VIEWNAME, DEFSTRING) const CFTypeRef kSecAttrViewHint##VIEWNAME = CFSTR(DEFSTRING); 284 #define DO_SEC_CONST_DECL_V(VIEWNAME, DEFSTRING) 285 286 #define DOVIEWMACRO(VIEWNAME, DEFSTRING, CMDSTRING, SYSTEM, DEFAULTSETTING, INITIALSYNCSETTING, ALWAYSONSETTING, BACKUPSETTING, V0SETTING) DO_SEC_CONST_DECL_##V0SETTING(VIEWNAME, DEFSTRING) 287 #include "keychain/SecureObjectSync/ViewList.list" 288 #undef DOVIEWMACRO 289