projects / apple / libsecurity_codesigning.git / blame
| Commit | Line | Data |
|---|---|---|
| d1c1ab47 | 1 | /* |
| f60086fc | 2 | * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved. |
| d1c1ab47 A |
3 | * |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| 12 | * | |
| 13 | * The Original Code and all software distributed under the License are | |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| 20 | * | |
| 21 | * @APPLE_LICENSE_HEADER_END@ | |
| 22 | */ | |
| 23 | ||
| 24 | /*! | |
| 25 | @header CSCommonPriv | |
| 26 | SecStaticCodePriv is the private counter-part to CSCommon. Its contents are not | |
| 27 | official API, and are subject to change without notice. | |
| 28 | */ | |
| 29 | #ifndef _H_CSCOMMONPRIV | |
| 30 | #define _H_CSCOMMONPRIV | |
| 31 | ||
| 32 | #include <Security/CSCommon.h> | |
| 33 | ||
| 34 | #ifdef __cplusplus | |
| 35 | extern "C" { | |
| 36 | #endif | |
| 37 | ||
| 38 | ||
| 39 | /*! | |
| 40 | @typedef SecCodeDirectoryFlagTable | |
| 41 | This constant array can be used to translate between names and values | |
| 42 | of CodeDirectory flag bits. The table ends with an entry with NULL name. | |
| 43 | The elements are in no particular order. | |
| 44 | @field name The official text name of the flag. | |
| 45 | @field value The binary value of the flag. | |
| 46 | @field signable True if the flag can be specified during signing. False if it is set | |
| 47 | internally and can only be read from a signature. | |
| 48 | */ | |
| 49 | typedef struct { | |
| 50 | const char *name; | |
| 51 | uint32_t value; | |
| 52 | bool signable; | |
| 53 | } SecCodeDirectoryFlagTable; | |
| 54 | ||
| 55 | extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[]; | |
| 56 | ||
| 57 | ||
| 58 | /*! | |
| 59 | Blob types (magic numbers) for blobs used by Code Signing. | |
| 60 | ||
| 61 | @constant kSecCodeMagicRequirement Magic number for individual code requirements. | |
| 62 | @constant kSecCodeMagicRequirementSet Magic number for a collection of | |
| 63 | individual code requirements, indexed by requirement type. This is used | |
| 64 | for internal requirement sets. | |
| 65 | @constant kSecCodeMagicCodeDirectory Magic number for a CodeDirectory. | |
| 66 | @constant kSecCodeMagicEmbeddedSignature Magic number for a SuperBlob | |
| 67 | containing all the signing components that are usually embedded within | |
| 68 | a main executable. | |
| 69 | @constant kSecCodeMagicDetachedSignature Magic number for a SuperBlob that | |
| 70 | contains all the data for all architectures of a signature, including any | |
| 71 | data that is usually written to separate files. This is the format of | |
| 72 | detached signatures if the program is capable of having multiple architectures. | |
| 73 | @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob. | |
| 74 | @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic | |
| 75 | numbers. This is not a valid ASCII character; test for this to distinguish | |
| 76 | between text and binary data if you expect a code signing-related binary blob. | |
| 77 | */ | |
| d1c1ab47 A |
78 | |
| 79 | enum { | |
| 80 | kSecCodeMagicRequirement = 0xfade0c00, /* single requirement */ | |
| 81 | kSecCodeMagicRequirementSet = 0xfade0c01, /* requirement set */ | |
| 82 | kSecCodeMagicCodeDirectory = 0xfade0c02, /* CodeDirectory */ | |
| 83 | kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */ | |
| 84 | kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */ | |
| 85 | kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */ | |
| 86 | ||
| 87 | kSecCodeMagicByte = 0xfa /* shared first byte */ | |
| 88 | }; | |
| 89 | ||
| 90 | ||
| f60086fc A |
91 | /*! |
| 92 | Types of cryptographic digests (hashes) used to hold code signatures | |
| 93 | together. | |
| 94 | ||
| 95 | Each combination of type, length, and other parameters is a separate | |
| 96 | hash type; we don't understand "families" here. | |
| 97 | ||
| 98 | These type codes govern the digest links that connect a CodeDirectory | |
| 99 | to its subordinate data structures (code pages, resources, etc.) | |
| 100 | They do not directly control other uses of hashes (such as the | |
| 101 | hash-of-CodeDirectory identifiers used in requirements). | |
| 102 | */ | |
| 103 | enum { | |
| 104 | kSecCodeSignatureNoHash = 0, /* null value */ | |
| 105 | kSecCodeSignatureHashSHA1 = 1, /* SHA-1 */ | |
| 106 | kSecCodeSignatureHashSHA256 = 2, /* SHA-256 */ | |
| 107 | kSecCodeSignatureHashPrestandardSkein160x256 = 32, /* Skein, 160 bits, 256 bit pool */ | |
| 108 | kSecCodeSignatureHashPrestandardSkein256x512 = 33, /* Skein, 256 bits, 512 bit pool */ | |
| 109 | ||
| 110 | kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1 | |
| 111 | }; | |
| 112 | ||
| 113 | ||
| d1c1ab47 A |
114 | #ifdef __cplusplus |
| 115 | } | |
| 116 | #endif | |
| 117 | ||
| 118 | #endif //_H_CSCOMMON |