Security macOS xcode9 beta4 - rolfbjarne/xamarin-macios GitHub Wiki
#Security.framework
diff -ruN /Applications/Xcode9-beta3.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/Authorization.h /Applications/Xcode9-beta4.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/Authorization.h
--- /Applications/Xcode9-beta3.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/Authorization.h 2017-06-29 23:01:10.000000000 -0400
+++ /Applications/Xcode9-beta4.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/Authorization.h 2017-07-18 00:30:04.000000000 -0400
@@ -35,6 +35,7 @@
#include <Availability.h>
#include <CoreFoundation/CFAvailability.h>
#include <CoreFoundation/CFBase.h>
+#include <CoreFoundation/CFArray.h>
#include <stdio.h>
diff -ruN /Applications/Xcode9-beta3.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/AuthorizationPlugin.h /Applications/Xcode9-beta4.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/AuthorizationPlugin.h
--- /Applications/Xcode9-beta3.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/AuthorizationPlugin.h 2017-06-29 23:01:10.000000000 -0400
+++ /Applications/Xcode9-beta4.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/AuthorizationPlugin.h 2017-07-18 00:30:04.000000000 -0400
@@ -176,7 +176,7 @@
interface.
*/
enum {
- kAuthorizationCallbacksVersion = 1
+ kAuthorizationCallbacksVersion = 2
};
@@ -194,6 +194,8 @@
@field SetHintValue Write value to hints. AuthorizationValue and data are copied.
@field GetArguments Read arguments passed. AuthorizationValueVector does not own data.
@field GetSessionId Read SessionId.
+ @field GetLAContext Returns authenticated LAContext which can be used for operations with Tokens which would normally require PIN. Caller owns returned context and is responsible for release.
+ @field GetTokenIdentities Returns array of identities. Caller owns returned array and is reponsible for release.
*/
typedef struct AuthorizationCallbacks {
@@ -246,6 +248,25 @@
AuthorizationString inKey,
const AuthorizationValue * __nullable * __nullable outValue);
+ /*
+ Available only on systems with callback version 2 or higher
+ Constructs LAContext object based od actual user credentials,
+ userful for kSecUseAuthenticationContext for SecItem calls.
+ Caller is responsible for outValue release */
+ OSStatus (*GetLAContext)(AuthorizationEngineRef inEngine,
+ CFTypeRef __nullable * __nullable outValue) __OSX_AVAILABLE_STARTING(__MAC_10_13, __PHONE_NA);
+
+ /*
+ Available only on systems with callback version 2 or higher
+ Returns array of available identities available on tokens. Each array item consists of two
+ elements. The first one is SecIdentityRef and the second one is textual description of that identity
+ context parameter may contain CFTypeRef returned by GetLAContext. Returned identities
+ will contain PIN in such case so crypto operations won't display PIN prompt.
+ Caller is responsible for outValue release */
+ OSStatus (*GetTokenIdentities)(AuthorizationEngineRef inEngine,
+ CFTypeRef context,
+ CFArrayRef __nullable * __nullable outValue) __OSX_AVAILABLE_STARTING(__MAC_10_13, __PHONE_NA);
+
} AuthorizationCallbacks;
diff -ruN /Applications/Xcode9-beta3.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/CipherSuite.h /Applications/Xcode9-beta4.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/CipherSuite.h
--- /Applications/Xcode9-beta3.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/CipherSuite.h 2017-06-30 03:12:10.000000000 -0400
+++ /Applications/Xcode9-beta4.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/CipherSuite.h 2017-07-18 00:31:02.000000000 -0400
@@ -128,8 +128,6 @@
TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
TLS_RSA_WITH_RC4_128_SHA = 0x0005,
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
- //TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
- //TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
TLS_RSA_WITH_NULL_SHA256 = 0x003B,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
@@ -139,14 +137,6 @@
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
- //TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
- //TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
- //TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
- //TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
- //TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
- //TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
- //TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
- //TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
@@ -159,13 +149,10 @@
/* Completely anonymous Diffie-Hellman */
TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
- //TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
- //TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
/* Addendum from RFC 4279, TLS PSK */
-
TLS_PSK_WITH_RC4_128_SHA = 0x008A,
TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
@@ -180,13 +167,11 @@
TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
/* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
-
TLS_PSK_WITH_NULL_SHA = 0x002C,
TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
- /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
- for TLS. */
+ /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS. */
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
@@ -254,12 +239,16 @@
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
+ /* Addenda from rfc 7905 ChaCha20-Poly1305 Cipher Suites for
+ Transport Layer Security (TLS). */
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8,
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9,
+
/* RFC 5746 - Secure Renegotiation */
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
- /*
- * Tags for SSL 2 cipher kinds which are not specified
- * for SSL 3.
- */
+
+ /* Tags for SSL 2 cipher kinds which are not specified
+ * for SSL 3. */
SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,