SecBasePriv.h
1 /* 2 * Copyright (c) 2008-2009,2011-2014,2016 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 /*! 25 @header SecBasePriv 26 SecBasePriv contains private error codes from the Security framework. 27 */ 28 29 #ifndef _SECURITY_SECBASEPRIV_H_ 30 #define _SECURITY_SECBASEPRIV_H_ 31 32 #include <Security/SecBase.h> 33 #include <AvailabilityMacros.h> 34 #include <Availability.h> 35 36 37 // Macros for allowing use of availability for internal functions without digging for when 38 // they first existed. 39 // When publishing any API publicly, don't use these. 40 #define __SEC_MAC_ONLY_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); 41 #define __SEC_IOS_ONLY_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_10_0); 42 #define __SEC_MAC_AND_IOS_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); 43 44 #if SEC_OS_OSX 45 #include <Security/cssmtype.h> 46 #endif /* SEC_OS_OSX */ 47 48 __BEGIN_DECLS 49 50 /******************************************************* 51 *** Private OSStatus values unique to Security APIs *** 52 *******************************************************/ 53 54 /* 55 Note: the comments that appear after these errors are used to create SecErrorMessages.strings. 56 The comments must not be multi-line, and should be in a form meaningful to an end user. If 57 a different or additional comment is needed, it can be put in the header doc format, or on a 58 line that does not start with errZZZ. 59 */ 60 61 enum 62 { 63 errSecInvalidCertificate = errSecDecode, // -26265, /* This certificate could not be decoded. */ 64 errSecPolicyDenied = -26270, /* The certificate chain was not trusted due to a policy not accepting it. */ 65 errSecInvalidKey = errSecDecode, // -26274, /* The provided key material was not valid. */ 66 errSecInternal = -26276, /* An internal error occured in the Security framework. */ 67 errSecUnsupportedAlgorithm = errSecUnimplemented, // -26268, /* An unsupported algorithm was encountered. */ 68 errSecUnsupportedOperation = errSecUnimplemented, // -26271, /* The operation you requested is not supported by this key. */ 69 errSecUnsupportedPadding = errSecParam, // -26273, /* The padding you requested is not supported. */ 70 errSecItemInvalidKey = errSecParam, // -34000, /* A string key in dictionary is not one of the supported keys. */ 71 errSecItemInvalidKeyType = errSecParam, // -34001, /* A key in a dictionary is neither a CFStringRef nor a CFNumberRef. */ 72 errSecItemInvalidValue = errSecParam, // -34002, /* A value in a dictionary is an invalid (or unsupported) CF type. */ 73 errSecItemClassMissing = errSecParam, // -34003, /* No kSecItemClass key was specified in a dictionary. */ 74 errSecItemMatchUnsupported = errSecParam, // -34004, /* The caller passed one or more kSecMatch keys to a function which does not support matches. */ 75 errSecUseItemListUnsupported = errSecParam, // -34005, /* The caller passed in a kSecUseItemList key to a function which does not support it. */ 76 errSecUseKeychainUnsupported = errSecParam, // -34006, /* The caller passed in a kSecUseKeychain key to a function which does not support it. */ 77 errSecUseKeychainListUnsupported = errSecParam, // -34007, /* The caller passed in a kSecUseKeychainList key to a function which does not support it. */ 78 errSecReturnDataUnsupported = errSecParam, // -34008, /* The caller passed in a kSecReturnData key to a function which does not support it. */ 79 errSecReturnAttributesUnsupported = errSecParam, // -34009, /* The caller passed in a kSecReturnAttributes key to a function which does not support it. */ 80 errSecReturnRefUnsupported = errSecParam, // -34010, /* The caller passed in a kSecReturnRef key to a function which does not support it. */ 81 errSecReturnPersistentRefUnsupported = errSecParam, // -34010, /* The caller passed in a kSecReturnPersistentRef key to a function which does not support it. */ 82 errSecValueRefUnsupported = errSecParam, // -34012, /* The caller passed in a kSecValueRef key to a function which does not support it. */ 83 errSecValuePersistentRefUnsupported = errSecParam, // -34013, /* The caller passed in a kSecValuePersistentRef key to a function which does not support it. */ 84 errSecReturnMissingPointer = errSecParam, // -34014, /* The caller passed asked for something to be returned but did not pass in a result pointer. */ 85 errSecMatchLimitUnsupported = errSecParam, // -34015, /* The caller passed in a kSecMatchLimit key to a call which does not support limits. */ 86 errSecItemIllegalQuery = errSecParam, // -34016, /* The caller passed in a query which contained too many keys. */ 87 errSecWaitForCallback = -34017, /* This operation is incomplete, until the callback is invoked (not an error). */ 88 errSecUpgradePending = -34019, /* Error returned if keychain database needs a schema migration but the device is locked, clients should wait for a device unlock notification and retry the command. */ 89 90 errSecMPSignatureInvalid = -25327, /* Signature invalid on MP message */ 91 errSecOTRTooOld = -25328, /* Message is too old to use */ 92 errSecOTRIDTooNew = -25329, /* Key ID is too new to use! Message from the future? */ 93 errSecOTRNotReady = -25331, /* Can't process packets because the session hasn't finished negotiating */ 94 95 errSecAuthNeeded = -25330, /* Auth is needed before the requested action can be performed. An array of 96 constraints to be fulfilled is passed inside error.userInfo's 'cons' key. */ 97 98 errSecPeersNotAvailable = -25336, /* No peers in the circle are available/online. */ 99 errSecErrorStringNotAvailable= -25337, /* Unable to load error string for error */ 100 101 /* UNUSED enums */ 102 errSecDeviceIDNeeded = -25332, /* Cannot send IDS messages without having our own IDS ID. */ 103 errSecIDSNotRegistered = -25333, /* IDS is not set up or devices are not registered/available within an IDS account. */ 104 errSecFailedToSendIDSMessage = -25334, /* Failed to send IDS message. */ 105 errSecDeviceIDNoMatch = -25335, /* The provided device ID does not match any device IDs in the ids account. */ 106 errSecTimedOut = -25336, /* Timed out waiting for task */ 107 }; 108 109 // Guard for CFNetwork 110 #define SECURITY_PROVIDES_INVALIDTRUSTSETTINGS 111 112 #if SEC_OS_OSX 113 const char *cssmErrorString(CSSM_RETURN error) 114 __SEC_MAC_ONLY_UNKNOWN; 115 #endif 116 117 OSStatus SecKeychainErrFromOSStatus(OSStatus osStatus) 118 API_AVAILABLE(macos(10.4), ios(NA), bridgeos(NA)); 119 120 /* 121 * For used when running in root session as a agent/daemon and want to redirect to 122 * a background user session. This call must be called before any Sec calls are done, 123 * so very early in main(). 124 * 125 * This only apply to MacOS where background session exists. 126 */ 127 void _SecSetSecuritydTargetUID(uid_t uid) 128 API_AVAILABLE(macos(10.13.5)) API_UNAVAILABLE(ios, macCatalyst, watchos, tvos, bridgeos); 129 130 131 132 __END_DECLS 133 134 #endif /* !_SECURITY_SECBASEPRIV_H_ */