]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved. | |
3 | * | |
4 | * @APPLE_LICENSE_HEADER_START@ | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. Please obtain a copy of the License at | |
10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
11 | * file. | |
12 | * | |
13 | * The Original Code and all software distributed under the License are | |
14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
18 | * Please see the License for the specific language governing rights and | |
19 | * limitations under the License. | |
20 | * | |
21 | * @APPLE_LICENSE_HEADER_END@ | |
22 | */ | |
23 | ||
24 | /*! | |
25 | @header CSCommonPriv | |
26 | SecStaticCodePriv is the private counter-part to CSCommon. Its contents are not | |
27 | official API, and are subject to change without notice. | |
28 | */ | |
29 | #ifndef _H_CSCOMMONPRIV | |
30 | #define _H_CSCOMMONPRIV | |
31 | ||
32 | #include <Security/CSCommon.h> | |
33 | ||
34 | #ifdef __cplusplus | |
35 | extern "C" { | |
36 | #endif | |
37 | ||
38 | ||
39 | /*! | |
40 | @typedef SecCodeDirectoryFlagTable | |
41 | This constant array can be used to translate between names and values | |
42 | of CodeDirectory flag bits. The table ends with an entry with NULL name. | |
43 | The elements are in no particular order. | |
44 | @field name The official text name of the flag. | |
45 | @field value The binary value of the flag. | |
46 | @field signable True if the flag can be specified during signing. False if it is set | |
47 | internally and can only be read from a signature. | |
48 | */ | |
49 | typedef struct { | |
50 | const char *name; | |
51 | uint32_t value; | |
52 | bool signable; | |
53 | } SecCodeDirectoryFlagTable; | |
54 | ||
55 | extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[]; | |
56 | ||
57 | ||
58 | /*! | |
59 | Blob types (magic numbers) for blobs used by Code Signing. | |
60 | ||
61 | @constant kSecCodeMagicRequirement Magic number for individual code requirements. | |
62 | @constant kSecCodeMagicRequirementSet Magic number for a collection of | |
63 | individual code requirements, indexed by requirement type. This is used | |
64 | for internal requirement sets. | |
65 | @constant kSecCodeMagicCodeDirectory Magic number for a CodeDirectory. | |
66 | @constant kSecCodeMagicEmbeddedSignature Magic number for a SuperBlob | |
67 | containing all the signing components that are usually embedded within | |
68 | a main executable. | |
69 | @constant kSecCodeMagicDetachedSignature Magic number for a SuperBlob that | |
70 | contains all the data for all architectures of a signature, including any | |
71 | data that is usually written to separate files. This is the format of | |
72 | detached signatures if the program is capable of having multiple architectures. | |
73 | @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob. | |
74 | @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic | |
75 | numbers. This is not a valid ASCII character; test for this to distinguish | |
76 | between text and binary data if you expect a code signing-related binary blob. | |
77 | */ | |
78 | ||
79 | enum { | |
80 | kSecCodeMagicRequirement = 0xfade0c00, /* single requirement */ | |
81 | kSecCodeMagicRequirementSet = 0xfade0c01, /* requirement set */ | |
82 | kSecCodeMagicCodeDirectory = 0xfade0c02, /* CodeDirectory */ | |
83 | kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */ | |
84 | kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */ | |
85 | kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */ | |
86 | ||
87 | kSecCodeMagicByte = 0xfa /* shared first byte */ | |
88 | }; | |
89 | ||
90 | ||
91 | /*! | |
92 | Types of cryptographic digests (hashes) used to hold code signatures | |
93 | together. | |
94 | ||
95 | Each combination of type, length, and other parameters is a separate | |
96 | hash type; we don't understand "families" here. | |
97 | ||
98 | These type codes govern the digest links that connect a CodeDirectory | |
99 | to its subordinate data structures (code pages, resources, etc.) | |
100 | They do not directly control other uses of hashes (such as the | |
101 | hash-of-CodeDirectory identifiers used in requirements). | |
102 | */ | |
103 | enum { | |
104 | kSecCodeSignatureNoHash = 0, /* null value */ | |
105 | kSecCodeSignatureHashSHA1 = 1, /* SHA-1 */ | |
106 | kSecCodeSignatureHashSHA256 = 2, /* SHA-256 */ | |
107 | kSecCodeSignatureHashPrestandardSkein160x256 = 32, /* Skein, 160 bits, 256 bit pool */ | |
108 | kSecCodeSignatureHashPrestandardSkein256x512 = 33, /* Skein, 256 bits, 512 bit pool */ | |
109 | ||
110 | kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1 | |
111 | }; | |
112 | ||
113 | ||
114 | #ifdef __cplusplus | |
115 | } | |
116 | #endif | |
117 | ||
118 | #endif //_H_CSCOMMON |