Skip to content

Security tvOS xcode15.0 b1

Haritha Mohan edited this page Sep 14, 2023 · 3 revisions

#Security.framework https://github.com/xamarin/xamarin-macios/pull/19021

diff -ruN /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h /Applications/Xcode_15.0.0-beta.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h
--- /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h	2023-03-09 19:17:11
+++ /Applications/Xcode_15.0.0-beta.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h	2023-05-19 20:55:12
@@ -232,8 +232,9 @@
            affect all copies of the item, not just the one on your local device.
            Be sure that it makes sense to use the same password on all devices
            before deciding to make a password synchronizable.
-         - Only password items can currently be synchronized. Keychain syncing
-           is not supported for certificates or cryptographic keys.
+         - Starting in iOS 14, macOS 11, and watchOS 7, the keychain
+           synchronizes passwords, certificates, and cryptographic keys.
+           Earlier OS versions synchronize only passwords.
          - Items stored or obtained using the kSecAttrSynchronizable key cannot
            specify SecAccessRef-based access control with kSecAttrAccess. If a
            password is intended to be shared between multiple applications, the
@@ -243,10 +244,8 @@
          - Items stored or obtained using the kSecAttrSynchronizable key may
            not also specify a kSecAttrAccessible value which is incompatible
            with syncing (namely, those whose names end with "ThisDeviceOnly".)
-         - Items stored or obtained using the kSecAttrSynchronizable key cannot
-           be specified by reference. You must pass kSecReturnAttributes and/or
-           kSecReturnData to retrieve results; kSecReturnRef is currently not
-           supported for synchronizable items.
+         - On macOS, when kSecAttrSynchronizable is set to true, returning
+           references is supported only for Certificate, Key or Identity items.
          - Persistent references to synchronizable items should be avoided;
            while they may work locally, they cannot be moved between devices,
            and may not resolve if the item is modified on some other device.
@@ -947,7 +946,11 @@
         CFBooleanRef. A value of kCFBooleanTrue indicates that a reference
         should be returned. Depending on the item class requested, the
         returned reference(s) may be of type SecKeychainItemRef, SecKeyRef,
-        SecCertificateRef, or SecIdentityRef.
+        SecCertificateRef, or SecIdentityRef. Note that returning references is
+        supported only for Certificate, Key or Identity items on iOS, watchOS and
+        tvOS. Similarly, returning references is supported only for Certificate, Key
+        or Identity items on macOS when either kSecUseDataProtectionKeychain
+        is set to true or kSecAttrSynchronizable is set to true.
     @constant kSecReturnPersistentRef Specifies a dictionary key whose value
         is of type CFBooleanRef. A value of kCFBooleanTrue indicates that a
         persistent reference to an item (CFDataRef) should be returned.
@@ -1023,6 +1026,8 @@
     @constant kSecUseDataProtectionKeychain Specifies a dictionary key whose value
         is a CFBooleanRef. Set to kCFBooleanTrue to use kSecAttrAccessGroup and/or
         kSecAttrAccessible on macOS without requiring the item to be marked synchronizable.
+        Note that when kSecUseDataProtectionKeychain is set to true, returning references is
+        supported only for Certificate, Key or Identity items.
     @constant kSecUseUserIndependentKeychain Specifies a dctionary key whose value is a CFBooleanRef
         indicating whether the item is shared with other personas on the system.
 */
@@ -1057,7 +1062,7 @@
     @constant kSecUseAuthenticationUIFail Specifies that the error
         errSecInteractionNotAllowed will be returned if an item needs
         to authenticate with UI
-    @constant kSecUseAuthenticationUIAllowSkip Specifies that all items which need
+    @constant kSecUseAuthenticationUISkip Specifies that all items which need
         to authenticate with UI will be silently skipped. This value can be used
         only with SecItemCopyMatching.
 */
@@ -1130,7 +1135,11 @@
         kSecReturnAttributes with a value of kCFBooleanTrue.
       * To obtain a reference to a matching item (SecKeychainItemRef,
         SecKeyRef, SecCertificateRef, or SecIdentityRef), specify kSecReturnRef
-        with a value of kCFBooleanTrue.
+        with a value of kCFBooleanTrue. Note that returning references is
+        supported only for Certificate, Key or Identity items on iOS, watchOS and
+        tvOS. Similarly, returning references is supported only for Certificate, Key
+        or Identity items on macOS when either kSecUseDataProtectionKeychain
+        is set to true or kSecAttrSynchronizable is set to true.
       * To obtain a persistent reference to a matching item (CFDataRef),
         specify kSecReturnPersistentRef with a value of kCFBooleanTrue. Note
         that unlike normal references, a persistent reference may be stored
@@ -1182,6 +1191,13 @@
         On OSX, To add an item to a particular keychain, supply kSecUseKeychain
         with a SecKeychainRef as its value.
 
+        On iOS, watchOS & tvOS, Certificate, Key, and Identity items may be
+        added by reference, but neither Internet Passwords nor Generic Passwords
+        may be. Similarly, on macOS with either kSecUseDataProtectionKeychain
+        set to true or kSecAttrSynchronizable set to true, Certificate, Key, and Identity
+        items may be added by reference, but neither Internet Passwords nor Generic
+        Passwords may be.
+
     Result types are specified as follows:
 
       * To obtain the data of the added item (CFDataRef), specify
@@ -1189,8 +1205,9 @@
       * To obtain all the attributes of the added item (CFDictionaryRef),
         specify kSecReturnAttributes with a value of kCFBooleanTrue.
       * To obtain a reference to the added item (SecKeychainItemRef, SecKeyRef,
-        SecCertiicateRef, or SecIdentityRef), specify kSecReturnRef with a
-        value of kCFBooleanTrue.
+        SecCertificateRef, or SecIdentityRef), specify kSecReturnRef with a
+        value of kCFBooleanTrue. See also note about kSecReturnRef and
+        macOS.
       * To obtain a persistent reference to the added item (CFDataRef), specify
         kSecReturnPersistentRef with a value of kCFBooleanTrue. Note that
         unlike normal references, a persistent reference may be stored on disk
diff -ruN /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h /Applications/Xcode_15.0.0-beta.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h
--- /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h	2023-03-09 19:24:22
+++ /Applications/Xcode_15.0.0-beta.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h	2023-05-19 20:55:12
@@ -969,9 +969,6 @@
     RSA signature with RSASSA-PSS padding according to PKCS#1 v2.1, SHA-512 digest is generated by called function automatically from input data of any size.
     PSS padding is calculated using MGF1 with SHA512 and saltLength parameter is set to 64 (SHA-512 output size).
 
-    @constant kSecKeyAlgorithmECDSASignatureRFC4754
-    ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest generated by some hash function.
-
     @constant kSecKeyAlgorithmECDSASignatureDigestX962
     ECDSA algorithm, signature is in DER x9.62 encoding, input data must be message digest generated by some hash functions.
 
@@ -1005,6 +1002,43 @@
     @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA512
     ECDSA algorithm, signature is in DER x9.62 encoding, SHA-512 digest is generated by called function automatically from input data of any size.
 
+    @constant kSecKeyAlgorithmECDSASignatureDigestRFC4754
+    ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest generated by some hash functions.
+
+    @constant kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA1
+    ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA1 algorithm.
+
+    @constant kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA224
+    ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA224 algorithm.
+
+    @constant kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA256
+    ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA256 algorithm.
+
+    @constant kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA384
+    ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA384 algorithm.
+
+    @constant kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA512
+    ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest created by SHA512 algorithm.
+
+    @constant kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA1
+    ECDSA algorithm, signature is concatenated r and s, big endian, SHA-1 digest is generated by called function automatically from input data of any size.
+
+    @constant kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA224
+    ECDSA algorithm, signature is concatenated r and s, big endian, SHA-224 digest is generated by called function automatically from input data of any size.
+
+    @constant kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA256
+    ECDSA algorithm, signature is concatenated r and s, big endian, SHA-256 digest is generated by called function automatically from input data of any size.
+
+    @constant kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA384
+    ECDSA algorithm, signature is concatenated r and s, big endian, SHA-384 digest is generated by called function automatically from input data of any size.
+
+    @constant kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA512
+    ECDSA algorithm, signature is concatenated r and s, big endian, SHA-512 digest is generated by called function automatically from input data of any size.
+
+    @constant kSecKeyAlgorithmECDSASignatureRFC4754
+    ECDSA algorithm, signature is concatenated r and s, big endian, input data must be message digest generated by some hash function.
+    This is deprecated algorithm, replaced by kSecKeyAlgorithmECDSASignatureDigestRFC4754
+
     @constant kSecKeyAlgorithmRSAEncryptionRaw
     Raw RSA encryption or decryption, size of data must match RSA key modulus size.  Note that direct
     use of this algorithm without padding is cryptographically very weak, it is important to always introduce
@@ -1301,9 +1335,6 @@
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA512
 API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 
-extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754
-API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
-
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962
 API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1
@@ -1327,6 +1358,33 @@
 API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512
 API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestRFC4754
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA1
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA224
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA256
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA384
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestRFC4754SHA512
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA1
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA224
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA256
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA384
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageRFC4754SHA512
+API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0));
+
+extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754
+API_DEPRECATED_WITH_REPLACEMENT("kSecKeyAlgorithmECDSASignatureDigestRFC4754", macos(10.12, 14.0), ios(10.0, 17.0), tvos(10.0, 17.0), watchos(3.0, 10.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw
 API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
diff -ruN /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecPolicy.h /Applications/Xcode_15.0.0-beta.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecPolicy.h
--- /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecPolicy.h	2023-03-09 19:09:23
+++ /Applications/Xcode_15.0.0-beta.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecPolicy.h	2023-05-19 21:03:44
@@ -33,6 +33,9 @@
 #include <CoreFoundation/CFBase.h>
 #include <CoreFoundation/CFDictionary.h>
 #include <Security/SecBase.h>
+#if TARGET_OS_OSX
+#include <Security/cssmtype.h>
+#endif
 
 __BEGIN_DECLS
 
@@ -253,7 +256,6 @@
  *  Legacy functions (OS X only)
  */
 #if TARGET_OS_OSX
-#include <Security/cssmtype.h>
 
 CF_ASSUME_NONNULL_BEGIN
 CF_IMPLICIT_BRIDGING_ENABLED
diff -ruN /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h /Applications/Xcode_15.0.0-beta.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h
--- /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h	2023-03-09 19:21:56
+++ /Applications/Xcode_15.0.0-beta.app/Contents/Developer/Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h	2023-05-19 20:48:26
@@ -35,6 +35,11 @@
 #include <AvailabilityMacros.h>
 #include <Availability.h>
 
+#if TARGET_OS_OSX
+#include <Security/cssmtype.h>
+#include <Security/cssmapple.h>
+#endif
+
 __BEGIN_DECLS
 
 CF_ASSUME_NONNULL_BEGIN
@@ -645,8 +650,6 @@
  *  Legacy functions (OS X only)
  */
 #if TARGET_OS_OSX
-#include <Security/cssmtype.h>
-#include <Security/cssmapple.h>
 
 CF_ASSUME_NONNULL_BEGIN
 CF_IMPLICIT_BRIDGING_ENABLED
@@ -750,10 +753,10 @@
     @result A result code. See "Security Error Codes" (SecBase.h).
     @discussion This function is deprecated in OS X 10.7 and later,
     and is not available on iOS.
-    To get the complete certificate chain, use SecTrustGetCertificateCount and
-    SecTrustGetCertificateAtIndex. To get detailed status information for each
-    certificate, use SecTrustCopyProperties. To get the overall trust result
-    for the evaluation, use SecTrustGetTrustResult.
+    To get the complete certificate chain, use SecTrustCopyCertificateChain.
+    To get detailed status information for each certificate, use
+    SecTrustCopyProperties. To get the overall trust result for the evaluation,
+    use SecTrustGetTrustResult.
  */
 OSStatus SecTrustGetResult(SecTrustRef trustRef, SecTrustResultType * __nullable result,
     CFArrayRef * __nullable CF_RETURNS_RETAINED certChain, CSSM_TP_APPLE_EVIDENCE_INFO * __nullable * __nullable statusChain)
Clone this wiki locally