sec/Security/SecPasswordGenerate.h

/*
 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
 @header SecPasswordGenerate
 SecPassword implements logic to use the system facilities for acquiring a password,
 optionally stored and retrieved from the user's keychain.
 */

#ifndef _SECURITY_SECPASSWORDGENERATE_H_
#define _SECURITY_SECPASSWORDGENERATE_H_

#ifdef __cplusplus
extern "C" {
#endif

#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecBase.h>

typedef uint32_t SecPasswordType;
enum {
    kSecPasswordTypeSafari = 0,
    kSecPasswordTypeiCloudRecovery = 1,
    kSecPasswordTypeWifi = 2,
    kSecPasswordTypePIN = 3
} __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

// Keys for external dictionaries with password generation requirements we read from plist.
extern CFStringRef kSecPasswordDefaultForType
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

extern CFStringRef kSecPasswordMinLengthKey
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordMaxLengthKey
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordAllowedCharactersKey
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordRequiredCharactersKey
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

extern CFStringRef kSecPasswordDisallowedCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordCantStartWithChars
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordCantEndWithChars
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

extern CFStringRef kSecPasswordContainsNoMoreThanNSpecificCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordContainsAtLeastNSpecificCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordContainsNoMoreThanNConsecutiveIdenticalCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

extern CFStringRef kSecPasswordCharacters
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordCharacterCount
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

extern CFStringRef kSecPasswordGroupSize
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordNumberOfGroups
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
extern CFStringRef kSecPasswordSeparator
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);


/*
    @function SecPasswordCopyDefaultPasswordLength
    @abstract Returns the default length/number of tuples of a defaultly generated password
    @param type: default password types kSecPasswordTypeSafari, kSecPasswordTypeiCloudRecovery, kSecPasswordTypeWifi, kSecPasswordTypePIN
    @param error: An error code will be returned if an unrecognized password type is passed to the routine.
    @result Dictionary consisting of length of tuple and number of tuples or a NULL if the passed type isn't recognized.
*/
CFDictionaryRef SecPasswordCopyDefaultPasswordLength(SecPasswordType type, CFErrorRef *error)
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);


/*
 @function SecPasswordIsPasswordWeak
 @abstract Evalutes the weakness of a passcode. This function can take any type of passcode.  Currently
    the function evaluates passcodes with only ASCII characters
 @param passcode a string of any length and type (4 digit PIN, complex passcode)
 @result True if the password is weak, False if the password is strong.
 */

bool SecPasswordIsPasswordWeak(CFStringRef passcode)
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

/*
 @function SecPasswordGenerate.  Supports generating passwords for Safari, iCloud, Personal
 Hotspot clients.  Will also generate 4 digit pins.
 @abstract Returns a generated password based on a set of constraints
 @param type: type of password to generate. Pass enum types
 kSecPasswordTypeSafari, kSecPasswordTypeiCloudRecovery, kSecPasswordTypeWifi, or kSecPasswordTypePIN
 @param error: An error code will be returned if an error is encountered.  Check SecBase.h for the list of codes.
 @param passwordRequirements: a dictionary containing a set of password requirements.
 ex: password type 'safari' requires at least: minLength, maxLength, string
 of allowed characters, required characters
 @return NULL or a CFStringRef password

 *Note: This parameters is not required if kSecPasswordTypeiCloudRecovery or kSecPasswordTypePIN is supplied as the type.
 If kSecPasswordTypeSafari or kSecPasswordTypeWifi is supplied, you must include these dictionary key/value pairs:
 kSecPasswordMinLengthKey / CFNumberRef
 kSecPasswordMaxLengthKey / CFNumberRef
 kSecPasswordAllowedCharactersKey / CFStringRef
 kSecPasswordRequiredCharactersKey / CFArrayRef of CFCharacterSetRefs

 *Note: Be sure to release the returned password when done using it.
 */
CF_RETURNS_RETAINED CFStringRef SecPasswordGenerate(SecPasswordType type, CFErrorRef *error, CFDictionaryRef passwordRequirements)
    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);

#ifdef __cplusplus
}
#endif

#endif /* !_SECURITY_SECPASSWORDGENERATE_H_ */