SecBase.h
1 /* 2 * Copyright (c) 2000-2016 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 #ifndef _SECURITY_SECBASE_H_ 25 #define _SECURITY_SECBASE_H_ 26 27 #include <TargetConditionals.h> 28 #include <CoreFoundation/CFBase.h> 29 #include <Availability.h> 30 #ifdef DARLING 31 // for unprefixed API_AVAILABLE and friends 32 #include <os/availability.h> 33 // not sure if we're supposed to be including that header in CoreFoundation or in Availability.h, 34 // but this works for all of Security 35 #endif 36 37 // Truth table for following declarations: 38 // 39 // TARGET_OS_OSX TARGET_OS_OSX TARGET_OS_IPHONE TARGET_OS_IPHONE TARGET_OS_MACCATALYST 40 // SEC_IOS_ON_OSX SEC_IOS_ON_OSX 41 // ================================================================================================================= 42 // SEC_OS_IPHONE 0 1 1 1 1 43 // SEC_OS_OSX 1 0 0 0 0 44 // SEC_OS_OSX_INCLUDES 1 1 0 0 0 45 46 #if TARGET_OS_OSX 47 #ifdef SEC_IOS_ON_OSX 48 #define SEC_OS_IPHONE 1 49 50 #define SEC_OS_OSX 0 51 #define SEC_OS_OSX_INCLUDES 1 52 #endif // SEC_IOS_ON_OSX 53 #endif // TARGET_OS_OSX 54 55 #if TARGET_OS_MACCATALYST 56 #define SEC_OS_IPHONE 1 57 58 #define SEC_OS_OSX 0 59 #define SEC_OS_OSX_INCLUDES 0 60 #endif // TARGET_OS_MACCATALYST 61 62 #ifndef SEC_OS_IPHONE 63 // block above did not fire; set flags to current platform 64 #define SEC_OS_IPHONE TARGET_OS_IPHONE 65 66 #define SEC_OS_OSX TARGET_OS_OSX 67 #define SEC_OS_OSX_INCLUDES TARGET_OS_OSX 68 #endif 69 70 #if SEC_OS_IPHONE 71 #include <sys/cdefs.h> 72 #endif 73 74 #if defined(__clang__) 75 #define SEC_DEPRECATED_ATTRIBUTE DEPRECATED_ATTRIBUTE 76 #else 77 #define SEC_DEPRECATED_ATTRIBUTE 78 #endif 79 80 #define CSSM_DEPRECATED API_DEPRECATED("CSSM is not supported", macos(10.0, 10.7)) API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst) 81 82 __BEGIN_DECLS 83 84 CF_ASSUME_NONNULL_BEGIN 85 CF_IMPLICIT_BRIDGING_ENABLED 86 87 #define SECURITY_TYPE_UNIFICATION 1 88 89 /*! 90 @typedef SecCertificateRef 91 @abstract CFType representing a X.509 certificate. 92 See SecCertificate.h for details. 93 */ 94 typedef struct CF_BRIDGED_TYPE(id) __SecCertificate *SecCertificateRef; 95 96 #if TARGET_OS_OSX 97 typedef struct __SecCertificate OpaqueSecCertificateRef; 98 #endif 99 100 /*! 101 @typedef SecIdentityRef 102 @abstract CFType representing an identity, which contains 103 a SecKeyRef and an associated SecCertificateRef. See 104 SecIdentity.h for details. 105 */ 106 typedef struct CF_BRIDGED_TYPE(id) __SecIdentity *SecIdentityRef; 107 108 #if TARGET_OS_OSX 109 typedef struct __SecIdentity OpaqueSecIdentityRef; 110 #endif 111 112 /*! 113 @typedef SecKeyRef 114 @abstract CFType representing a cryptographic key. See 115 SecKey.h for details. 116 */ 117 typedef struct CF_BRIDGED_TYPE(id) __SecKey *SecKeyRef; 118 119 #if TARGET_OS_OSX 120 typedef struct __SecKey OpaqueSecKeyRef; 121 #endif 122 123 /*! 124 @typedef SecPolicyRef 125 @abstract CFType representing a X.509 certificate trust policy. 126 See SecPolicy.h for details. 127 */ 128 typedef struct CF_BRIDGED_TYPE(id) __SecPolicy *SecPolicyRef; 129 130 /*! 131 @typedef SecAccessControl 132 @abstract CFType representing access control for an item. 133 SecAccessControl.h for details. 134 */ 135 typedef struct CF_BRIDGED_TYPE(id) __SecAccessControl *SecAccessControlRef; 136 137 /*! 138 @typedef SecKeychainRef 139 @abstract Contains information about a keychain. 140 */ 141 typedef struct CF_BRIDGED_TYPE(id) __SecKeychain *SecKeychainRef 142 API_AVAILABLE(macos(10.0)) SPI_AVAILABLE(ios(1.0), tvos(9.0), watchos(1.0)); 143 144 /*! 145 @typedef SecKeychainItemRef 146 @abstract Contains information about a keychain item. 147 */ 148 typedef struct CF_BRIDGED_TYPE(id) __SecKeychainItem *SecKeychainItemRef API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 149 150 /*! 151 @typedef SecKeychainSearchRef 152 @abstract Contains information about a keychain search. 153 */ 154 typedef struct CF_BRIDGED_TYPE(id) __SecKeychainSearch *SecKeychainSearchRef API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 155 156 /*! 157 @typedef SecKeychainAttrType 158 @abstract Represents a keychain attribute type. 159 */ 160 typedef OSType SecKeychainAttrType API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 161 162 /*! 163 @struct SecKeychainAttribute 164 @abstract Contains keychain attributes. 165 @field tag A 4-byte attribute tag. 166 @field length The length of the buffer pointed to by data. 167 @field data A pointer to the attribute data. 168 */ 169 struct API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst) SecKeychainAttribute 170 { 171 SecKeychainAttrType tag; 172 UInt32 length; 173 void * __nullable data; 174 }; 175 typedef struct SecKeychainAttribute SecKeychainAttribute API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 176 177 /*! 178 @typedef SecKeychainAttributePtr 179 @abstract Represents a pointer to a keychain attribute structure. 180 */ 181 typedef SecKeychainAttribute *SecKeychainAttributePtr API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 182 183 /*! 184 @typedef SecKeychainAttributeList 185 @abstract Represents a list of keychain attributes. 186 @field count An unsigned 32-bit integer that represents the number of keychain attributes in the array. 187 @field attr A pointer to the first keychain attribute in the array. 188 */ 189 struct API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst) SecKeychainAttributeList 190 { 191 UInt32 count; 192 SecKeychainAttribute * __nullable attr; 193 }; 194 typedef struct SecKeychainAttributeList SecKeychainAttributeList API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 195 196 /*! 197 @typedef SecKeychainStatus 198 @abstract Represents the status of a keychain. 199 */ 200 typedef UInt32 SecKeychainStatus API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 201 202 /*! 203 @typedef SecTrustedApplicationRef 204 @abstract Contains information about a trusted application. 205 */ 206 typedef struct CF_BRIDGED_TYPE(id) __SecTrustedApplication *SecTrustedApplicationRef API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 207 208 /*! 209 @typedef SecAccessRef 210 @abstract Contains information about an access. 211 */ 212 typedef struct CF_BRIDGED_TYPE(id) __SecAccess *SecAccessRef API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 213 214 #if TARGET_OS_OSX 215 typedef struct __SecAccess OpaqueSecAccessRef; 216 #endif 217 218 /*! 219 @typedef SecACLRef 220 @abstract Contains information about an access control list (ACL) entry. 221 */ 222 typedef struct CF_BRIDGED_TYPE(id) __SecACL *SecACLRef API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 223 224 /*! 225 @typedef SecPasswordRef 226 @abstract Contains information about a password. 227 */ 228 typedef struct CF_BRIDGED_TYPE(id) __SecPassword *SecPasswordRef API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 229 230 /*! 231 @typedef SecKeychainAttributeInfo 232 @abstract Represents an attribute. 233 @field count The number of tag-format pairs in the respective arrays. 234 @field tag A pointer to the first attribute tag in the array. 235 @field format A pointer to the first CSSM_DB_ATTRIBUTE_FORMAT in the array. 236 @discussion Each tag and format item form a pair. 237 */ 238 struct API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst) SecKeychainAttributeInfo 239 { 240 UInt32 count; 241 UInt32 *tag; 242 UInt32 * __nullable format; 243 }; 244 typedef struct SecKeychainAttributeInfo SecKeychainAttributeInfo API_UNAVAILABLE(ios, watchos, tvos, bridgeos, macCatalyst); 245 246 /*! 247 @function SecCopyErrorMessageString 248 @abstract Returns a string describing the specified error result code. 249 @param status An error result code of type OSStatus or CSSM_RETURN, as returned by a Security or CSSM function. 250 @reserved Reserved for future use. Your code should pass NULL in this parameter. 251 @result A reference to an error string, or NULL if no error string is available for the specified result code. Your code must release this reference by calling the CFRelease function. 252 */ 253 __nullable 254 CFStringRef SecCopyErrorMessageString(OSStatus status, void * __nullable reserved) 255 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_11_3); 256 257 258 /*! 259 @enum Security Error Codes 260 @abstract Result codes returned from Security framework functions. 261 @constant errSecSuccess No error. 262 @constant errSecUnimplemented Function or operation not implemented. 263 @constant errSecDiskFull Disk Full error. 264 @constant errSecIO I/O error. 265 @constant errSecParam One or more parameters passed to a function were not valid. 266 @constant errSecWrPerm Write permissions error. 267 @constant errSecAllocate Failed to allocate memory. 268 @constant errSecUserCanceled User canceled the operation. 269 @constant errSecBadReq Bad parameter or invalid state for operation. 270 @constant errSecInternalComponent 271 @constant errSecCoreFoundationUnknown 272 @constant errSecNotAvailable No keychain is available. 273 @constant errSecReadOnly Read only error. 274 @constant errSecAuthFailed Authorization/Authentication failed. 275 @constant errSecNoSuchKeychain The keychain does not exist. 276 @constant errSecInvalidKeychain The keychain is not valid. 277 @constant errSecDuplicateKeychain A keychain with the same name already exists. 278 @constant errSecDuplicateCallback The specified callback is already installed. 279 @constant errSecInvalidCallback The specified callback is not valid. 280 @constant errSecDuplicateItem The item already exists. 281 @constant errSecItemNotFound The item cannot be found. 282 @constant errSecBufferTooSmall The buffer is too small. 283 @constant errSecDataTooLarge The data is too large. 284 @constant errSecNoSuchAttr The attribute does not exist. 285 @constant errSecInvalidItemRef The item reference is invalid. 286 @constant errSecInvalidSearchRef The search reference is invalid. 287 @constant errSecNoSuchClass The keychain item class does not exist. 288 @constant errSecNoDefaultKeychain A default keychain does not exist. 289 @constant errSecInteractionNotAllowed User interaction is not allowed. 290 @constant errSecReadOnlyAttr The attribute is read only. 291 @constant errSecWrongSecVersion The version is incorrect. 292 @constant errSecKeySizeNotAllowed The key size is not allowed. 293 @constant errSecNoStorageModule There is no storage module available. 294 @constant errSecNoCertificateModule There is no certificate module available. 295 @constant errSecNoPolicyModule There is no policy module available. 296 @constant errSecInteractionRequired User interaction is required. 297 @constant errSecDataNotAvailable The data is not available. 298 @constant errSecDataNotModifiable The data is not modifiable. 299 @constant errSecCreateChainFailed The attempt to create a certificate chain failed. 300 @constant errSecACLNotSimple The access control list is not in standard simple form. 301 @constant errSecPolicyNotFound The policy specified cannot be found. 302 @constant errSecInvalidTrustSetting The specified trust setting is invalid. 303 @constant errSecNoAccessForItem The specified item has no access control. 304 @constant errSecInvalidOwnerEdit Invalid attempt to change the owner of this item. 305 @constant errSecTrustNotAvailable No trust results are available. 306 @constant errSecUnsupportedFormat Import/Export format unsupported. 307 @constant errSecUnknownFormat Unknown format in import. 308 @constant errSecKeyIsSensitive Key material must be wrapped for export. 309 @constant errSecMultiplePrivKeys An attempt was made to import multiple private keys. 310 @constant errSecPassphraseRequired Passphrase is required for import/export. 311 @constant errSecInvalidPasswordRef The password reference was invalid. 312 @constant errSecInvalidTrustSettings The Trust Settings Record was corrupted. 313 @constant errSecNoTrustSettings No Trust Settings were found. 314 @constant errSecPkcs12VerifyFailure MAC verification failed during PKCS12 Import. 315 @constant errSecDecode Unable to decode the provided data. 316 317 @discussion The assigned error space is discontinuous: e.g. -25240..-25279, -25290..-25329, -68608..-67585, and so on. 318 */ 319 320 /* 321 Note: the comments that appear after these errors are used to create SecErrorMessages.strings. 322 The comments must not be multi-line, and should be in a form meaningful to an end user. If 323 a different or additional comment is needed, it can be put in the header doc format, or on a 324 line that does not start with errZZZ. 325 */ 326 327 CF_ENUM(OSStatus) 328 { 329 errSecSuccess = 0, /* No error. */ 330 errSecUnimplemented = -4, /* Function or operation not implemented. */ 331 errSecDiskFull = -34, /* The disk is full. */ 332 errSecDskFull __attribute__((deprecated("use errSecDiskFull"))) = errSecDiskFull, 333 errSecIO = -36, /* I/O error. */ 334 errSecOpWr = -49, /* File already open with write permission. */ 335 errSecParam = -50, /* One or more parameters passed to a function were not valid. */ 336 errSecWrPerm = -61, /* Write permissions error. */ 337 errSecAllocate = -108, /* Failed to allocate memory. */ 338 errSecUserCanceled = -128, /* User canceled the operation. */ 339 errSecBadReq = -909, /* Bad parameter or invalid state for operation. */ 340 341 errSecInternalComponent = -2070, 342 errSecCoreFoundationUnknown = -4960, 343 344 errSecMissingEntitlement = -34018, /* A required entitlement isn't present. */ 345 errSecRestrictedAPI = -34020, /* Client is restricted and is not permitted to perform this operation. */ 346 347 errSecNotAvailable = -25291, /* No keychain is available. You may need to restart your computer. */ 348 errSecReadOnly = -25292, /* This keychain cannot be modified. */ 349 errSecAuthFailed = -25293, /* The user name or passphrase you entered is not correct. */ 350 errSecNoSuchKeychain = -25294, /* The specified keychain could not be found. */ 351 errSecInvalidKeychain = -25295, /* The specified keychain is not a valid keychain file. */ 352 errSecDuplicateKeychain = -25296, /* A keychain with the same name already exists. */ 353 errSecDuplicateCallback = -25297, /* The specified callback function is already installed. */ 354 errSecInvalidCallback = -25298, /* The specified callback function is not valid. */ 355 errSecDuplicateItem = -25299, /* The specified item already exists in the keychain. */ 356 errSecItemNotFound = -25300, /* The specified item could not be found in the keychain. */ 357 errSecBufferTooSmall = -25301, /* There is not enough memory available to use the specified item. */ 358 errSecDataTooLarge = -25302, /* This item contains information which is too large or in a format that cannot be displayed. */ 359 errSecNoSuchAttr = -25303, /* The specified attribute does not exist. */ 360 errSecInvalidItemRef = -25304, /* The specified item is no longer valid. It may have been deleted from the keychain. */ 361 errSecInvalidSearchRef = -25305, /* Unable to search the current keychain. */ 362 errSecNoSuchClass = -25306, /* The specified item does not appear to be a valid keychain item. */ 363 errSecNoDefaultKeychain = -25307, /* A default keychain could not be found. */ 364 errSecInteractionNotAllowed = -25308, /* User interaction is not allowed. */ 365 errSecReadOnlyAttr = -25309, /* The specified attribute could not be modified. */ 366 errSecWrongSecVersion = -25310, /* This keychain was created by a different version of the system software and cannot be opened. */ 367 errSecKeySizeNotAllowed = -25311, /* This item specifies a key size which is too large or too small. */ 368 errSecNoStorageModule = -25312, /* A required component (data storage module) could not be loaded. You may need to restart your computer. */ 369 errSecNoCertificateModule = -25313, /* A required component (certificate module) could not be loaded. You may need to restart your computer. */ 370 errSecNoPolicyModule = -25314, /* A required component (policy module) could not be loaded. You may need to restart your computer. */ 371 errSecInteractionRequired = -25315, /* User interaction is required, but is currently not allowed. */ 372 errSecDataNotAvailable = -25316, /* The contents of this item cannot be retrieved. */ 373 errSecDataNotModifiable = -25317, /* The contents of this item cannot be modified. */ 374 errSecCreateChainFailed = -25318, /* One or more certificates required to validate this certificate cannot be found. */ 375 errSecInvalidPrefsDomain = -25319, /* The specified preferences domain is not valid. */ 376 errSecInDarkWake = -25320, /* In dark wake, no UI possible */ 377 378 errSecACLNotSimple = -25240, /* The specified access control list is not in standard (simple) form. */ 379 errSecPolicyNotFound = -25241, /* The specified policy cannot be found. */ 380 errSecInvalidTrustSetting = -25242, /* The specified trust setting is invalid. */ 381 errSecNoAccessForItem = -25243, /* The specified item has no access control. */ 382 errSecInvalidOwnerEdit = -25244, /* Invalid attempt to change the owner of this item. */ 383 errSecTrustNotAvailable = -25245, /* No trust results are available. */ 384 errSecUnsupportedFormat = -25256, /* Import/Export format unsupported. */ 385 errSecUnknownFormat = -25257, /* Unknown format in import. */ 386 errSecKeyIsSensitive = -25258, /* Key material must be wrapped for export. */ 387 errSecMultiplePrivKeys = -25259, /* An attempt was made to import multiple private keys. */ 388 errSecPassphraseRequired = -25260, /* Passphrase is required for import/export. */ 389 errSecInvalidPasswordRef = -25261, /* The password reference was invalid. */ 390 errSecInvalidTrustSettings = -25262, /* The Trust Settings Record was corrupted. */ 391 errSecNoTrustSettings = -25263, /* No Trust Settings were found. */ 392 errSecPkcs12VerifyFailure = -25264, /* MAC verification failed during PKCS12 import (wrong password?) */ 393 errSecNotSigner = -26267, /* A certificate was not signed by its proposed parent. */ 394 395 errSecDecode = -26275, /* Unable to decode the provided data. */ 396 397 errSecServiceNotAvailable = -67585, /* The required service is not available. */ 398 errSecInsufficientClientID = -67586, /* The client ID is not correct. */ 399 errSecDeviceReset = -67587, /* A device reset has occurred. */ 400 errSecDeviceFailed = -67588, /* A device failure has occurred. */ 401 errSecAppleAddAppACLSubject = -67589, /* Adding an application ACL subject failed. */ 402 errSecApplePublicKeyIncomplete = -67590, /* The public key is incomplete. */ 403 errSecAppleSignatureMismatch = -67591, /* A signature mismatch has occurred. */ 404 errSecAppleInvalidKeyStartDate = -67592, /* The specified key has an invalid start date. */ 405 errSecAppleInvalidKeyEndDate = -67593, /* The specified key has an invalid end date. */ 406 errSecConversionError = -67594, /* A conversion error has occurred. */ 407 errSecAppleSSLv2Rollback = -67595, /* A SSLv2 rollback error has occurred. */ 408 errSecQuotaExceeded = -67596, /* The quota was exceeded. */ 409 errSecFileTooBig = -67597, /* The file is too big. */ 410 errSecInvalidDatabaseBlob = -67598, /* The specified database has an invalid blob. */ 411 errSecInvalidKeyBlob = -67599, /* The specified database has an invalid key blob. */ 412 errSecIncompatibleDatabaseBlob = -67600, /* The specified database has an incompatible blob. */ 413 errSecIncompatibleKeyBlob = -67601, /* The specified database has an incompatible key blob. */ 414 errSecHostNameMismatch = -67602, /* A host name mismatch has occurred. */ 415 errSecUnknownCriticalExtensionFlag = -67603, /* There is an unknown critical extension flag. */ 416 errSecNoBasicConstraints = -67604, /* No basic constraints were found. */ 417 errSecNoBasicConstraintsCA = -67605, /* No basic CA constraints were found. */ 418 errSecInvalidAuthorityKeyID = -67606, /* The authority key ID is not valid. */ 419 errSecInvalidSubjectKeyID = -67607, /* The subject key ID is not valid. */ 420 errSecInvalidKeyUsageForPolicy = -67608, /* The key usage is not valid for the specified policy. */ 421 errSecInvalidExtendedKeyUsage = -67609, /* The extended key usage is not valid. */ 422 errSecInvalidIDLinkage = -67610, /* The ID linkage is not valid. */ 423 errSecPathLengthConstraintExceeded = -67611, /* The path length constraint was exceeded. */ 424 errSecInvalidRoot = -67612, /* The root or anchor certificate is not valid. */ 425 errSecCRLExpired = -67613, /* The CRL has expired. */ 426 errSecCRLNotValidYet = -67614, /* The CRL is not yet valid. */ 427 errSecCRLNotFound = -67615, /* The CRL was not found. */ 428 errSecCRLServerDown = -67616, /* The CRL server is down. */ 429 errSecCRLBadURI = -67617, /* The CRL has a bad Uniform Resource Identifier. */ 430 errSecUnknownCertExtension = -67618, /* An unknown certificate extension was encountered. */ 431 errSecUnknownCRLExtension = -67619, /* An unknown CRL extension was encountered. */ 432 errSecCRLNotTrusted = -67620, /* The CRL is not trusted. */ 433 errSecCRLPolicyFailed = -67621, /* The CRL policy failed. */ 434 errSecIDPFailure = -67622, /* The issuing distribution point was not valid. */ 435 errSecSMIMEEmailAddressesNotFound = -67623, /* An email address mismatch was encountered. */ 436 errSecSMIMEBadExtendedKeyUsage = -67624, /* The appropriate extended key usage for SMIME was not found. */ 437 errSecSMIMEBadKeyUsage = -67625, /* The key usage is not compatible with SMIME. */ 438 errSecSMIMEKeyUsageNotCritical = -67626, /* The key usage extension is not marked as critical. */ 439 errSecSMIMENoEmailAddress = -67627, /* No email address was found in the certificate. */ 440 errSecSMIMESubjAltNameNotCritical = -67628, /* The subject alternative name extension is not marked as critical. */ 441 errSecSSLBadExtendedKeyUsage = -67629, /* The appropriate extended key usage for SSL was not found. */ 442 errSecOCSPBadResponse = -67630, /* The OCSP response was incorrect or could not be parsed. */ 443 errSecOCSPBadRequest = -67631, /* The OCSP request was incorrect or could not be parsed. */ 444 errSecOCSPUnavailable = -67632, /* OCSP service is unavailable. */ 445 errSecOCSPStatusUnrecognized = -67633, /* The OCSP server did not recognize this certificate. */ 446 errSecEndOfData = -67634, /* An end-of-data was detected. */ 447 errSecIncompleteCertRevocationCheck = -67635, /* An incomplete certificate revocation check occurred. */ 448 errSecNetworkFailure = -67636, /* A network failure occurred. */ 449 errSecOCSPNotTrustedToAnchor = -67637, /* The OCSP response was not trusted to a root or anchor certificate. */ 450 errSecRecordModified = -67638, /* The record was modified. */ 451 errSecOCSPSignatureError = -67639, /* The OCSP response had an invalid signature. */ 452 errSecOCSPNoSigner = -67640, /* The OCSP response had no signer. */ 453 errSecOCSPResponderMalformedReq = -67641, /* The OCSP responder was given a malformed request. */ 454 errSecOCSPResponderInternalError = -67642, /* The OCSP responder encountered an internal error. */ 455 errSecOCSPResponderTryLater = -67643, /* The OCSP responder is busy, try again later. */ 456 errSecOCSPResponderSignatureRequired = -67644, /* The OCSP responder requires a signature. */ 457 errSecOCSPResponderUnauthorized = -67645, /* The OCSP responder rejected this request as unauthorized. */ 458 errSecOCSPResponseNonceMismatch = -67646, /* The OCSP response nonce did not match the request. */ 459 errSecCodeSigningBadCertChainLength = -67647, /* Code signing encountered an incorrect certificate chain length. */ 460 errSecCodeSigningNoBasicConstraints = -67648, /* Code signing found no basic constraints. */ 461 errSecCodeSigningBadPathLengthConstraint = -67649, /* Code signing encountered an incorrect path length constraint. */ 462 errSecCodeSigningNoExtendedKeyUsage = -67650, /* Code signing found no extended key usage. */ 463 errSecCodeSigningDevelopment = -67651, /* Code signing indicated use of a development-only certificate. */ 464 errSecResourceSignBadCertChainLength = -67652, /* Resource signing has encountered an incorrect certificate chain length. */ 465 errSecResourceSignBadExtKeyUsage = -67653, /* Resource signing has encountered an error in the extended key usage. */ 466 errSecTrustSettingDeny = -67654, /* The trust setting for this policy was set to Deny. */ 467 errSecInvalidSubjectName = -67655, /* An invalid certificate subject name was encountered. */ 468 errSecUnknownQualifiedCertStatement = -67656, /* An unknown qualified certificate statement was encountered. */ 469 errSecMobileMeRequestQueued = -67657, 470 errSecMobileMeRequestRedirected = -67658, 471 errSecMobileMeServerError = -67659, 472 errSecMobileMeServerNotAvailable = -67660, 473 errSecMobileMeServerAlreadyExists = -67661, 474 errSecMobileMeServerServiceErr = -67662, 475 errSecMobileMeRequestAlreadyPending = -67663, 476 errSecMobileMeNoRequestPending = -67664, 477 errSecMobileMeCSRVerifyFailure = -67665, 478 errSecMobileMeFailedConsistencyCheck = -67666, 479 errSecNotInitialized = -67667, /* A function was called without initializing CSSM. */ 480 errSecInvalidHandleUsage = -67668, /* The CSSM handle does not match with the service type. */ 481 errSecPVCReferentNotFound = -67669, /* A reference to the calling module was not found in the list of authorized callers. */ 482 errSecFunctionIntegrityFail = -67670, /* A function address was not within the verified module. */ 483 errSecInternalError = -67671, /* An internal error has occurred. */ 484 errSecMemoryError = -67672, /* A memory error has occurred. */ 485 errSecInvalidData = -67673, /* Invalid data was encountered. */ 486 errSecMDSError = -67674, /* A Module Directory Service error has occurred. */ 487 errSecInvalidPointer = -67675, /* An invalid pointer was encountered. */ 488 errSecSelfCheckFailed = -67676, /* Self-check has failed. */ 489 errSecFunctionFailed = -67677, /* A function has failed. */ 490 errSecModuleManifestVerifyFailed = -67678, /* A module manifest verification failure has occurred. */ 491 errSecInvalidGUID = -67679, /* An invalid GUID was encountered. */ 492 errSecInvalidHandle = -67680, /* An invalid handle was encountered. */ 493 errSecInvalidDBList = -67681, /* An invalid DB list was encountered. */ 494 errSecInvalidPassthroughID = -67682, /* An invalid passthrough ID was encountered. */ 495 errSecInvalidNetworkAddress = -67683, /* An invalid network address was encountered. */ 496 errSecCRLAlreadySigned = -67684, /* The certificate revocation list is already signed. */ 497 errSecInvalidNumberOfFields = -67685, /* An invalid number of fields were encountered. */ 498 errSecVerificationFailure = -67686, /* A verification failure occurred. */ 499 errSecUnknownTag = -67687, /* An unknown tag was encountered. */ 500 errSecInvalidSignature = -67688, /* An invalid signature was encountered. */ 501 errSecInvalidName = -67689, /* An invalid name was encountered. */ 502 errSecInvalidCertificateRef = -67690, /* An invalid certificate reference was encountered. */ 503 errSecInvalidCertificateGroup = -67691, /* An invalid certificate group was encountered. */ 504 errSecTagNotFound = -67692, /* The specified tag was not found. */ 505 errSecInvalidQuery = -67693, /* The specified query was not valid. */ 506 errSecInvalidValue = -67694, /* An invalid value was detected. */ 507 errSecCallbackFailed = -67695, /* A callback has failed. */ 508 errSecACLDeleteFailed = -67696, /* An ACL delete operation has failed. */ 509 errSecACLReplaceFailed = -67697, /* An ACL replace operation has failed. */ 510 errSecACLAddFailed = -67698, /* An ACL add operation has failed. */ 511 errSecACLChangeFailed = -67699, /* An ACL change operation has failed. */ 512 errSecInvalidAccessCredentials = -67700, /* Invalid access credentials were encountered. */ 513 errSecInvalidRecord = -67701, /* An invalid record was encountered. */ 514 errSecInvalidACL = -67702, /* An invalid ACL was encountered. */ 515 errSecInvalidSampleValue = -67703, /* An invalid sample value was encountered. */ 516 errSecIncompatibleVersion = -67704, /* An incompatible version was encountered. */ 517 errSecPrivilegeNotGranted = -67705, /* The privilege was not granted. */ 518 errSecInvalidScope = -67706, /* An invalid scope was encountered. */ 519 errSecPVCAlreadyConfigured = -67707, /* The PVC is already configured. */ 520 errSecInvalidPVC = -67708, /* An invalid PVC was encountered. */ 521 errSecEMMLoadFailed = -67709, /* The EMM load has failed. */ 522 errSecEMMUnloadFailed = -67710, /* The EMM unload has failed. */ 523 errSecAddinLoadFailed = -67711, /* The add-in load operation has failed. */ 524 errSecInvalidKeyRef = -67712, /* An invalid key was encountered. */ 525 errSecInvalidKeyHierarchy = -67713, /* An invalid key hierarchy was encountered. */ 526 errSecAddinUnloadFailed = -67714, /* The add-in unload operation has failed. */ 527 errSecLibraryReferenceNotFound = -67715, /* A library reference was not found. */ 528 errSecInvalidAddinFunctionTable = -67716, /* An invalid add-in function table was encountered. */ 529 errSecInvalidServiceMask = -67717, /* An invalid service mask was encountered. */ 530 errSecModuleNotLoaded = -67718, /* A module was not loaded. */ 531 errSecInvalidSubServiceID = -67719, /* An invalid subservice ID was encountered. */ 532 errSecAttributeNotInContext = -67720, /* An attribute was not in the context. */ 533 errSecModuleManagerInitializeFailed = -67721, /* A module failed to initialize. */ 534 errSecModuleManagerNotFound = -67722, /* A module was not found. */ 535 errSecEventNotificationCallbackNotFound = -67723, /* An event notification callback was not found. */ 536 errSecInputLengthError = -67724, /* An input length error was encountered. */ 537 errSecOutputLengthError = -67725, /* An output length error was encountered. */ 538 errSecPrivilegeNotSupported = -67726, /* The privilege is not supported. */ 539 errSecDeviceError = -67727, /* A device error was encountered. */ 540 errSecAttachHandleBusy = -67728, /* The CSP handle was busy. */ 541 errSecNotLoggedIn = -67729, /* You are not logged in. */ 542 errSecAlgorithmMismatch = -67730, /* An algorithm mismatch was encountered. */ 543 errSecKeyUsageIncorrect = -67731, /* The key usage is incorrect. */ 544 errSecKeyBlobTypeIncorrect = -67732, /* The key blob type is incorrect. */ 545 errSecKeyHeaderInconsistent = -67733, /* The key header is inconsistent. */ 546 errSecUnsupportedKeyFormat = -67734, /* The key header format is not supported. */ 547 errSecUnsupportedKeySize = -67735, /* The key size is not supported. */ 548 errSecInvalidKeyUsageMask = -67736, /* The key usage mask is not valid. */ 549 errSecUnsupportedKeyUsageMask = -67737, /* The key usage mask is not supported. */ 550 errSecInvalidKeyAttributeMask = -67738, /* The key attribute mask is not valid. */ 551 errSecUnsupportedKeyAttributeMask = -67739, /* The key attribute mask is not supported. */ 552 errSecInvalidKeyLabel = -67740, /* The key label is not valid. */ 553 errSecUnsupportedKeyLabel = -67741, /* The key label is not supported. */ 554 errSecInvalidKeyFormat = -67742, /* The key format is not valid. */ 555 errSecUnsupportedVectorOfBuffers = -67743, /* The vector of buffers is not supported. */ 556 errSecInvalidInputVector = -67744, /* The input vector is not valid. */ 557 errSecInvalidOutputVector = -67745, /* The output vector is not valid. */ 558 errSecInvalidContext = -67746, /* An invalid context was encountered. */ 559 errSecInvalidAlgorithm = -67747, /* An invalid algorithm was encountered. */ 560 errSecInvalidAttributeKey = -67748, /* A key attribute was not valid. */ 561 errSecMissingAttributeKey = -67749, /* A key attribute was missing. */ 562 errSecInvalidAttributeInitVector = -67750, /* An init vector attribute was not valid. */ 563 errSecMissingAttributeInitVector = -67751, /* An init vector attribute was missing. */ 564 errSecInvalidAttributeSalt = -67752, /* A salt attribute was not valid. */ 565 errSecMissingAttributeSalt = -67753, /* A salt attribute was missing. */ 566 errSecInvalidAttributePadding = -67754, /* A padding attribute was not valid. */ 567 errSecMissingAttributePadding = -67755, /* A padding attribute was missing. */ 568 errSecInvalidAttributeRandom = -67756, /* A random number attribute was not valid. */ 569 errSecMissingAttributeRandom = -67757, /* A random number attribute was missing. */ 570 errSecInvalidAttributeSeed = -67758, /* A seed attribute was not valid. */ 571 errSecMissingAttributeSeed = -67759, /* A seed attribute was missing. */ 572 errSecInvalidAttributePassphrase = -67760, /* A passphrase attribute was not valid. */ 573 errSecMissingAttributePassphrase = -67761, /* A passphrase attribute was missing. */ 574 errSecInvalidAttributeKeyLength = -67762, /* A key length attribute was not valid. */ 575 errSecMissingAttributeKeyLength = -67763, /* A key length attribute was missing. */ 576 errSecInvalidAttributeBlockSize = -67764, /* A block size attribute was not valid. */ 577 errSecMissingAttributeBlockSize = -67765, /* A block size attribute was missing. */ 578 errSecInvalidAttributeOutputSize = -67766, /* An output size attribute was not valid. */ 579 errSecMissingAttributeOutputSize = -67767, /* An output size attribute was missing. */ 580 errSecInvalidAttributeRounds = -67768, /* The number of rounds attribute was not valid. */ 581 errSecMissingAttributeRounds = -67769, /* The number of rounds attribute was missing. */ 582 errSecInvalidAlgorithmParms = -67770, /* An algorithm parameters attribute was not valid. */ 583 errSecMissingAlgorithmParms = -67771, /* An algorithm parameters attribute was missing. */ 584 errSecInvalidAttributeLabel = -67772, /* A label attribute was not valid. */ 585 errSecMissingAttributeLabel = -67773, /* A label attribute was missing. */ 586 errSecInvalidAttributeKeyType = -67774, /* A key type attribute was not valid. */ 587 errSecMissingAttributeKeyType = -67775, /* A key type attribute was missing. */ 588 errSecInvalidAttributeMode = -67776, /* A mode attribute was not valid. */ 589 errSecMissingAttributeMode = -67777, /* A mode attribute was missing. */ 590 errSecInvalidAttributeEffectiveBits = -67778, /* An effective bits attribute was not valid. */ 591 errSecMissingAttributeEffectiveBits = -67779, /* An effective bits attribute was missing. */ 592 errSecInvalidAttributeStartDate = -67780, /* A start date attribute was not valid. */ 593 errSecMissingAttributeStartDate = -67781, /* A start date attribute was missing. */ 594 errSecInvalidAttributeEndDate = -67782, /* An end date attribute was not valid. */ 595 errSecMissingAttributeEndDate = -67783, /* An end date attribute was missing. */ 596 errSecInvalidAttributeVersion = -67784, /* A version attribute was not valid. */ 597 errSecMissingAttributeVersion = -67785, /* A version attribute was missing. */ 598 errSecInvalidAttributePrime = -67786, /* A prime attribute was not valid. */ 599 errSecMissingAttributePrime = -67787, /* A prime attribute was missing. */ 600 errSecInvalidAttributeBase = -67788, /* A base attribute was not valid. */ 601 errSecMissingAttributeBase = -67789, /* A base attribute was missing. */ 602 errSecInvalidAttributeSubprime = -67790, /* A subprime attribute was not valid. */ 603 errSecMissingAttributeSubprime = -67791, /* A subprime attribute was missing. */ 604 errSecInvalidAttributeIterationCount = -67792, /* An iteration count attribute was not valid. */ 605 errSecMissingAttributeIterationCount = -67793, /* An iteration count attribute was missing. */ 606 errSecInvalidAttributeDLDBHandle = -67794, /* A database handle attribute was not valid. */ 607 errSecMissingAttributeDLDBHandle = -67795, /* A database handle attribute was missing. */ 608 errSecInvalidAttributeAccessCredentials = -67796, /* An access credentials attribute was not valid. */ 609 errSecMissingAttributeAccessCredentials = -67797, /* An access credentials attribute was missing. */ 610 errSecInvalidAttributePublicKeyFormat = -67798, /* A public key format attribute was not valid. */ 611 errSecMissingAttributePublicKeyFormat = -67799, /* A public key format attribute was missing. */ 612 errSecInvalidAttributePrivateKeyFormat = -67800, /* A private key format attribute was not valid. */ 613 errSecMissingAttributePrivateKeyFormat = -67801, /* A private key format attribute was missing. */ 614 errSecInvalidAttributeSymmetricKeyFormat = -67802, /* A symmetric key format attribute was not valid. */ 615 errSecMissingAttributeSymmetricKeyFormat = -67803, /* A symmetric key format attribute was missing. */ 616 errSecInvalidAttributeWrappedKeyFormat = -67804, /* A wrapped key format attribute was not valid. */ 617 errSecMissingAttributeWrappedKeyFormat = -67805, /* A wrapped key format attribute was missing. */ 618 errSecStagedOperationInProgress = -67806, /* A staged operation is in progress. */ 619 errSecStagedOperationNotStarted = -67807, /* A staged operation was not started. */ 620 errSecVerifyFailed = -67808, /* A cryptographic verification failure has occurred. */ 621 errSecQuerySizeUnknown = -67809, /* The query size is unknown. */ 622 errSecBlockSizeMismatch = -67810, /* A block size mismatch occurred. */ 623 errSecPublicKeyInconsistent = -67811, /* The public key was inconsistent. */ 624 errSecDeviceVerifyFailed = -67812, /* A device verification failure has occurred. */ 625 errSecInvalidLoginName = -67813, /* An invalid login name was detected. */ 626 errSecAlreadyLoggedIn = -67814, /* The user is already logged in. */ 627 errSecInvalidDigestAlgorithm = -67815, /* An invalid digest algorithm was detected. */ 628 errSecInvalidCRLGroup = -67816, /* An invalid CRL group was detected. */ 629 errSecCertificateCannotOperate = -67817, /* The certificate cannot operate. */ 630 errSecCertificateExpired = -67818, /* An expired certificate was detected. */ 631 errSecCertificateNotValidYet = -67819, /* The certificate is not yet valid. */ 632 errSecCertificateRevoked = -67820, /* The certificate was revoked. */ 633 errSecCertificateSuspended = -67821, /* The certificate was suspended. */ 634 errSecInsufficientCredentials = -67822, /* Insufficient credentials were detected. */ 635 errSecInvalidAction = -67823, /* The action was not valid. */ 636 errSecInvalidAuthority = -67824, /* The authority was not valid. */ 637 errSecVerifyActionFailed = -67825, /* A verify action has failed. */ 638 errSecInvalidCertAuthority = -67826, /* The certificate authority was not valid. */ 639 errSecInvaldCRLAuthority = -67827, /* The CRL authority was not valid. */ 640 errSecInvalidCRLEncoding = -67828, /* The CRL encoding was not valid. */ 641 errSecInvalidCRLType = -67829, /* The CRL type was not valid. */ 642 errSecInvalidCRL = -67830, /* The CRL was not valid. */ 643 errSecInvalidFormType = -67831, /* The form type was not valid. */ 644 errSecInvalidID = -67832, /* The ID was not valid. */ 645 errSecInvalidIdentifier = -67833, /* The identifier was not valid. */ 646 errSecInvalidIndex = -67834, /* The index was not valid. */ 647 errSecInvalidPolicyIdentifiers = -67835, /* The policy identifiers are not valid. */ 648 errSecInvalidTimeString = -67836, /* The time specified was not valid. */ 649 errSecInvalidReason = -67837, /* The trust policy reason was not valid. */ 650 errSecInvalidRequestInputs = -67838, /* The request inputs are not valid. */ 651 errSecInvalidResponseVector = -67839, /* The response vector was not valid. */ 652 errSecInvalidStopOnPolicy = -67840, /* The stop-on policy was not valid. */ 653 errSecInvalidTuple = -67841, /* The tuple was not valid. */ 654 errSecMultipleValuesUnsupported = -67842, /* Multiple values are not supported. */ 655 errSecNotTrusted = -67843, /* The certificate was not trusted. */ 656 errSecNoDefaultAuthority = -67844, /* No default authority was detected. */ 657 errSecRejectedForm = -67845, /* The trust policy had a rejected form. */ 658 errSecRequestLost = -67846, /* The request was lost. */ 659 errSecRequestRejected = -67847, /* The request was rejected. */ 660 errSecUnsupportedAddressType = -67848, /* The address type is not supported. */ 661 errSecUnsupportedService = -67849, /* The service is not supported. */ 662 errSecInvalidTupleGroup = -67850, /* The tuple group was not valid. */ 663 errSecInvalidBaseACLs = -67851, /* The base ACLs are not valid. */ 664 errSecInvalidTupleCredendtials = -67852, /* The tuple credentials are not valid. */ 665 errSecInvalidEncoding = -67853, /* The encoding was not valid. */ 666 errSecInvalidValidityPeriod = -67854, /* The validity period was not valid. */ 667 errSecInvalidRequestor = -67855, /* The requestor was not valid. */ 668 errSecRequestDescriptor = -67856, /* The request descriptor was not valid. */ 669 errSecInvalidBundleInfo = -67857, /* The bundle information was not valid. */ 670 errSecInvalidCRLIndex = -67858, /* The CRL index was not valid. */ 671 errSecNoFieldValues = -67859, /* No field values were detected. */ 672 errSecUnsupportedFieldFormat = -67860, /* The field format is not supported. */ 673 errSecUnsupportedIndexInfo = -67861, /* The index information is not supported. */ 674 errSecUnsupportedLocality = -67862, /* The locality is not supported. */ 675 errSecUnsupportedNumAttributes = -67863, /* The number of attributes is not supported. */ 676 errSecUnsupportedNumIndexes = -67864, /* The number of indexes is not supported. */ 677 errSecUnsupportedNumRecordTypes = -67865, /* The number of record types is not supported. */ 678 errSecFieldSpecifiedMultiple = -67866, /* Too many fields were specified. */ 679 errSecIncompatibleFieldFormat = -67867, /* The field format was incompatible. */ 680 errSecInvalidParsingModule = -67868, /* The parsing module was not valid. */ 681 errSecDatabaseLocked = -67869, /* The database is locked. */ 682 errSecDatastoreIsOpen = -67870, /* The data store is open. */ 683 errSecMissingValue = -67871, /* A missing value was detected. */ 684 errSecUnsupportedQueryLimits = -67872, /* The query limits are not supported. */ 685 errSecUnsupportedNumSelectionPreds = -67873, /* The number of selection predicates is not supported. */ 686 errSecUnsupportedOperator = -67874, /* The operator is not supported. */ 687 errSecInvalidDBLocation = -67875, /* The database location is not valid. */ 688 errSecInvalidAccessRequest = -67876, /* The access request is not valid. */ 689 errSecInvalidIndexInfo = -67877, /* The index information is not valid. */ 690 errSecInvalidNewOwner = -67878, /* The new owner is not valid. */ 691 errSecInvalidModifyMode = -67879, /* The modify mode is not valid. */ 692 errSecMissingRequiredExtension = -67880, /* A required certificate extension is missing. */ 693 errSecExtendedKeyUsageNotCritical = -67881, /* The extended key usage extension was not marked critical. */ 694 errSecTimestampMissing = -67882, /* A timestamp was expected but was not found. */ 695 errSecTimestampInvalid = -67883, /* The timestamp was not valid. */ 696 errSecTimestampNotTrusted = -67884, /* The timestamp was not trusted. */ 697 errSecTimestampServiceNotAvailable = -67885, /* The timestamp service is not available. */ 698 errSecTimestampBadAlg = -67886, /* An unrecognized or unsupported Algorithm Identifier in timestamp. */ 699 errSecTimestampBadRequest = -67887, /* The timestamp transaction is not permitted or supported. */ 700 errSecTimestampBadDataFormat = -67888, /* The timestamp data submitted has the wrong format. */ 701 errSecTimestampTimeNotAvailable = -67889, /* The time source for the Timestamp Authority is not available. */ 702 errSecTimestampUnacceptedPolicy = -67890, /* The requested policy is not supported by the Timestamp Authority. */ 703 errSecTimestampUnacceptedExtension = -67891, /* The requested extension is not supported by the Timestamp Authority. */ 704 errSecTimestampAddInfoNotAvailable = -67892, /* The additional information requested is not available. */ 705 errSecTimestampSystemFailure = -67893, /* The timestamp request cannot be handled due to system failure. */ 706 errSecSigningTimeMissing = -67894, /* A signing time was expected but was not found. */ 707 errSecTimestampRejection = -67895, /* A timestamp transaction was rejected. */ 708 errSecTimestampWaiting = -67896, /* A timestamp transaction is waiting. */ 709 errSecTimestampRevocationWarning = -67897, /* A timestamp authority revocation warning was issued. */ 710 errSecTimestampRevocationNotification = -67898, /* A timestamp authority revocation notification was issued. */ 711 errSecCertificatePolicyNotAllowed = -67899, /* The requested policy is not allowed for this certificate. */ 712 errSecCertificateNameNotAllowed = -67900, /* The requested name is not allowed for this certificate. */ 713 errSecCertificateValidityPeriodTooLong = -67901, /* The validity period in the certificate exceeds the maximum allowed. */ 714 errSecCertificateIsCA = -67902, /* The verified certificate is a CA rather than an end-entity */ 715 }; 716 717 718 /*! 719 @enum SecureTransport Error Codes 720 @abstract Result codes returned from SecureTransport and SecProtocol functions. This is also the domain 721 for TLS errors in the network stack. 722 723 @constant errSSLProtocol SSL protocol error 724 @constant errSSLNegotiation Cipher Suite negotiation failure 725 @constant errSSLFatalAlert Fatal alert 726 @constant errSSLWouldBlock I/O would block (not fatal) 727 @constant errSSLSessionNotFound attempt to restore an unknown session 728 @constant errSSLClosedGraceful connection closed gracefully 729 @constant errSSLClosedAbort connection closed via error 730 @constant errSSLXCertChainInvalid invalid certificate chain 731 @constant errSSLBadCert bad certificate format 732 @constant errSSLCrypto underlying cryptographic error 733 @constant errSSLInternal Internal error 734 @constant errSSLModuleAttach module attach failure 735 @constant errSSLUnknownRootCert valid cert chain, untrusted root 736 @constant errSSLNoRootCert cert chain not verified by root 737 @constant errSSLCertExpired chain had an expired cert 738 @constant errSSLCertNotYetValid chain had a cert not yet valid 739 @constant errSSLClosedNoNotify server closed session with no notification 740 @constant errSSLBufferOverflow insufficient buffer provided 741 @constant errSSLBadCipherSuite bad SSLCipherSuite 742 @constant errSSLPeerUnexpectedMsg unexpected message received 743 @constant errSSLPeerBadRecordMac bad MAC 744 @constant errSSLPeerDecryptionFail decryption failed 745 @constant errSSLPeerRecordOverflow record overflow 746 @constant errSSLPeerDecompressFail decompression failure 747 @constant errSSLPeerHandshakeFail handshake failure 748 @constant errSSLPeerBadCert misc. bad certificate 749 @constant errSSLPeerUnsupportedCert bad unsupported cert format 750 @constant errSSLPeerCertRevoked certificate revoked 751 @constant errSSLPeerCertExpired certificate expired 752 @constant errSSLPeerCertUnknown unknown certificate 753 @constant errSSLIllegalParam illegal parameter 754 @constant errSSLPeerUnknownCA unknown Cert Authority 755 @constant errSSLPeerAccessDenied access denied 756 @constant errSSLPeerDecodeError decoding error 757 @constant errSSLPeerDecryptError decryption error 758 @constant errSSLPeerExportRestriction export restriction 759 @constant errSSLPeerProtocolVersion bad protocol version 760 @constant errSSLPeerInsufficientSecurity insufficient security 761 @constant errSSLPeerInternalError internal error 762 @constant errSSLPeerUserCancelled user canceled 763 @constant errSSLPeerNoRenegotiation no renegotiation allowed 764 @constant errSSLPeerAuthCompleted peer cert is valid, or was ignored if verification disabled 765 @constant errSSLClientCertRequested server has requested a client cert 766 @constant errSSLHostNameMismatch peer host name mismatch 767 @constant errSSLConnectionRefused peer dropped connection before responding 768 @constant errSSLDecryptionFail decryption failure 769 @constant errSSLBadRecordMac bad MAC 770 @constant errSSLRecordOverflow record overflow 771 @constant errSSLBadConfiguration configuration error 772 @constant errSSLUnexpectedRecord unexpected (skipped) record in DTLS 773 @constant errSSLWeakPeerEphemeralDHKey weak ephemeral dh key 774 @constant errSSLClientHelloReceived SNI 775 @constant errSSLTransportReset transport (socket) shutdown, e.g., TCP RST or FIN. 776 @constant errSSLNetworkTimeout network timeout triggered 777 @constant errSSLConfigurationFailed TLS configuration failed 778 @constant errSSLUnsupportedExtension unsupported TLS extension 779 @constant errSSLUnexpectedMessage peer rejected unexpected message 780 @constant errSSLDecompressFail decompression failed 781 @constant errSSLHandshakeFail handshake failed 782 @constant errSSLDecodeError decode failed 783 @constant errSSLInappropriateFallback inappropriate fallback 784 @constant errSSLMissingExtension missing extension 785 @constant errSSLBadCertificateStatusResponse bad OCSP response 786 @constant errSSLCertificateRequired certificate required 787 @constant errSSLUnknownPSKIdentity unknown PSK identity 788 @constant errSSLUnrecognizedName unknown or unrecognized name 789 @constant errSSLATSViolation ATS violation 790 @constant errSSLATSMinimumVersionViolation ATS violation: minimum protocol version is not ATS compliant 791 @constant errSSLATSCiphersuiteViolation ATS violation: selected ciphersuite is not ATS compliant 792 @constant errSSLATSMinimumKeySizeViolation ATS violation: peer key size is not ATS compliant 793 @constant errSSLATSLeafCertificateHashAlgorithmViolation ATS violation: peer leaf certificate hash algorithm is not ATS compliant 794 @constant errSSLATSCertificateHashAlgorithmViolation ATS violation: peer certificate hash algorithm is not ATS compliant 795 @constant errSSLATSCertificateTrustViolation ATS violation: peer certificate is not issued by trusted peer 796 @constant errSSLEarlyDataRejected Early application data rejected by peer 797 */ 798 799 /* 800 Note: the comments that appear after these errors are used to create SecErrorMessages.strings. 801 The comments must not be multi-line, and should be in a form meaningful to an end user. If 802 a different or additional comment is needed, it can be put in the header doc format, or on a 803 line that does not start with errZZZ. 804 */ 805 CF_ENUM(OSStatus) { 806 errSSLProtocol = -9800, /* SSL protocol error */ 807 errSSLNegotiation = -9801, /* Cipher Suite negotiation failure */ 808 errSSLFatalAlert = -9802, /* Fatal alert */ 809 errSSLWouldBlock = -9803, /* I/O would block (not fatal) */ 810 errSSLSessionNotFound = -9804, /* attempt to restore an unknown session */ 811 errSSLClosedGraceful = -9805, /* connection closed gracefully */ 812 errSSLClosedAbort = -9806, /* connection closed via error */ 813 errSSLXCertChainInvalid = -9807, /* invalid certificate chain */ 814 errSSLBadCert = -9808, /* bad certificate format */ 815 errSSLCrypto = -9809, /* underlying cryptographic error */ 816 errSSLInternal = -9810, /* Internal error */ 817 errSSLModuleAttach = -9811, /* module attach failure */ 818 errSSLUnknownRootCert = -9812, /* valid cert chain, untrusted root */ 819 errSSLNoRootCert = -9813, /* cert chain not verified by root */ 820 errSSLCertExpired = -9814, /* chain had an expired cert */ 821 errSSLCertNotYetValid = -9815, /* chain had a cert not yet valid */ 822 errSSLClosedNoNotify = -9816, /* server closed session with no notification */ 823 errSSLBufferOverflow = -9817, /* insufficient buffer provided */ 824 errSSLBadCipherSuite = -9818, /* bad SSLCipherSuite */ 825 826 /* fatal errors detected by peer */ 827 errSSLPeerUnexpectedMsg = -9819, /* unexpected message received */ 828 errSSLPeerBadRecordMac = -9820, /* bad MAC */ 829 errSSLPeerDecryptionFail = -9821, /* decryption failed */ 830 errSSLPeerRecordOverflow = -9822, /* record overflow */ 831 errSSLPeerDecompressFail = -9823, /* decompression failure */ 832 errSSLPeerHandshakeFail = -9824, /* handshake failure */ 833 errSSLPeerBadCert = -9825, /* misc. bad certificate */ 834 errSSLPeerUnsupportedCert = -9826, /* bad unsupported cert format */ 835 errSSLPeerCertRevoked = -9827, /* certificate revoked */ 836 errSSLPeerCertExpired = -9828, /* certificate expired */ 837 errSSLPeerCertUnknown = -9829, /* unknown certificate */ 838 errSSLIllegalParam = -9830, /* illegal parameter */ 839 errSSLPeerUnknownCA = -9831, /* unknown Cert Authority */ 840 errSSLPeerAccessDenied = -9832, /* access denied */ 841 errSSLPeerDecodeError = -9833, /* decoding error */ 842 errSSLPeerDecryptError = -9834, /* decryption error */ 843 errSSLPeerExportRestriction = -9835, /* export restriction */ 844 errSSLPeerProtocolVersion = -9836, /* bad protocol version */ 845 errSSLPeerInsufficientSecurity = -9837, /* insufficient security */ 846 errSSLPeerInternalError = -9838, /* internal error */ 847 errSSLPeerUserCancelled = -9839, /* user canceled */ 848 errSSLPeerNoRenegotiation = -9840, /* no renegotiation allowed */ 849 850 /* non-fatal result codes */ 851 errSSLPeerAuthCompleted = -9841, /* peer cert is valid, or was ignored if verification disabled */ 852 errSSLClientCertRequested = -9842, /* server has requested a client cert */ 853 854 /* more errors detected by us */ 855 errSSLHostNameMismatch = -9843, /* peer host name mismatch */ 856 errSSLConnectionRefused = -9844, /* peer dropped connection before responding */ 857 errSSLDecryptionFail = -9845, /* decryption failure */ 858 errSSLBadRecordMac = -9846, /* bad MAC */ 859 errSSLRecordOverflow = -9847, /* record overflow */ 860 errSSLBadConfiguration = -9848, /* configuration error */ 861 errSSLUnexpectedRecord = -9849, /* unexpected (skipped) record in DTLS */ 862 errSSLWeakPeerEphemeralDHKey = -9850, /* weak ephemeral dh key */ 863 864 /* non-fatal result codes */ 865 errSSLClientHelloReceived = -9851, /* SNI */ 866 867 /* fatal errors resulting from transport or networking errors */ 868 errSSLTransportReset = -9852, /* transport (socket) shutdown, e.g., TCP RST or FIN. */ 869 errSSLNetworkTimeout = -9853, /* network timeout triggered */ 870 871 /* fatal errors resulting from software misconfiguration */ 872 errSSLConfigurationFailed = -9854, /* TLS configuration failed */ 873 874 /* additional errors */ 875 errSSLUnsupportedExtension = -9855, /* unsupported TLS extension */ 876 errSSLUnexpectedMessage = -9856, /* peer rejected unexpected message */ 877 errSSLDecompressFail = -9857, /* decompression failed */ 878 errSSLHandshakeFail = -9858, /* handshake failed */ 879 errSSLDecodeError = -9859, /* decode failed */ 880 errSSLInappropriateFallback = -9860, /* inappropriate fallback */ 881 errSSLMissingExtension = -9861, /* missing extension */ 882 errSSLBadCertificateStatusResponse = -9862, /* bad OCSP response */ 883 errSSLCertificateRequired = -9863, /* certificate required */ 884 errSSLUnknownPSKIdentity = -9864, /* unknown PSK identity */ 885 errSSLUnrecognizedName = -9865, /* unknown or unrecognized name */ 886 887 /* ATS compliance violation errors */ 888 errSSLATSViolation = -9880, /* ATS violation */ 889 errSSLATSMinimumVersionViolation = -9881, /* ATS violation: minimum protocol version is not ATS compliant */ 890 errSSLATSCiphersuiteViolation = -9882, /* ATS violation: selected ciphersuite is not ATS compliant */ 891 errSSLATSMinimumKeySizeViolation = -9883, /* ATS violation: peer key size is not ATS compliant */ 892 errSSLATSLeafCertificateHashAlgorithmViolation = -9884, /* ATS violation: peer leaf certificate hash algorithm is not ATS compliant */ 893 errSSLATSCertificateHashAlgorithmViolation = -9885, /* ATS violation: peer certificate hash algorithm is not ATS compliant */ 894 errSSLATSCertificateTrustViolation = -9886, /* ATS violation: peer certificate is not issued by trusted peer */ 895 896 /* early data errors */ 897 errSSLEarlyDataRejected = -9890, /* Early application data rejected by peer */ 898 }; 899 900 CF_IMPLICIT_BRIDGING_DISABLED 901 CF_ASSUME_NONNULL_END 902 903 __END_DECLS 904 905 #endif /* _SECURITY_SECBASE_H_ */