2 * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 CSCommon is the common header of all Code Signing API headers.
27 It defines types, constants, and error codes.
37 #include <CoreFoundation/CoreFoundation.h>
41 Code Signing specific OSStatus codes.
42 [Assigned range 0xFFFE_FAxx].
45 errSecCSUnimplemented
= -67072, /* unimplemented code signing feature */
46 errSecCSInvalidObjectRef
, /* invalid API object reference */
47 errSecCSInvalidFlags
, /* invalid or inapprpopriate API flag(s) specified */
48 errSecCSObjectRequired
, /* a required pointer argument was NULL */
49 errSecCSStaticCodeNotFound
, /* cannot find code object on disk */
50 errSecCSUnsupportedGuestAttributes
, /* cannot locate guests using this attribute set */
51 errSecCSInvalidAttributeValues
, /* given attribute values are invalid */
52 errSecCSNoSuchCode
, /* host has no guest with the requested attributes */
53 errSecCSMultipleGuests
, /* host has multiple guests with this attribute value */
54 errSecCSGuestInvalid
, /* code identity has been invalidated */
55 errSecCSUnsigned
, /* code object is not signed */
56 errSecCSSignatureFailed
, /* code or signature modified */
57 errSecCSSignatureNotVerifiable
, /* signature cannot be read, e.g., due to a filesystem that maps root to an unprivileged user */
58 errSecCSSignatureUnsupported
, /* unsupported type or version of signature */
59 errSecCSBadDictionaryFormat
, /* a required plist file or resource is malformed */
60 errSecCSResourcesNotSealed
, /* resources are not sealed by signature */
61 errSecCSResourcesNotFound
, /* cannot find sealed resources in code */
62 errSecCSResourcesInvalid
, /* the sealed resource directory is invalid */
63 errSecCSBadResource
, /* a sealed resource is missing or invalid */
64 errSecCSResourceRulesInvalid
, /* invalid resource selection rule(s) */
65 errSecCSReqInvalid
, /* invalid or corrupted code requirement(s) */
66 errSecCSReqUnsupported
, /* unsupported type or version of code requirement(s) */
67 errSecCSReqFailed
, /* failed to satisfy code requirement(s) */
68 errSecCSBadObjectFormat
, /* object file format invalid or unsuitable */
69 errSecCSInternalError
, /* internal error in Code Signing subsystem */
70 errSecCSHostReject
, /* code rejected its host */
71 errSecCSNotAHost
, /* this code is not a host */
72 errSecCSSignatureInvalid
, /* invalid format for signature */
73 errSecCSHostProtocolRelativePath
, /* host protocol violation - absolute guest path required */
74 errSecCSHostProtocolContradiction
, /* host protocol violation - contradictory hosting modes */
75 errSecCSHostProtocolDedicationError
, /* host protocol violation - operation not allowed with/for a dedicated guest */
76 errSecCSHostProtocolNotProxy
, /* host protocol violation - proxy hosting not engaged */
77 errSecCSHostProtocolStateError
, /* host protocol violation - invalid guest state change request */
78 errSecCSHostProtocolUnrelated
, /* host protocol violation - the given guest is not a guest of the given host */
83 * Code Signing specific CFError "user info" keys.
84 * In calls that can return CFErrorRef indications, if a CFErrorRef is actually
85 * returned, its "user info" dictionary will contain some (but not all) of the
86 * following keys to more closely describe the circumstances of the failure.
88 extern const CFStringRef kSecCFErrorPattern
; /* CFStringRef: invalid resource selection pattern encountered */
89 extern const CFStringRef kSecCFErrorResourceSeal
; /* CFTypeRef: invalid component in resource seal (CodeResources) */
90 extern const CFStringRef kSecCFErrorResourceAdded
; /* CFURLRef: unsealed resource found */
91 extern const CFStringRef kSecCFErrorResourceAltered
; /* CFURLRef: modified resource found */
92 extern const CFStringRef kSecCFErrorResourceMissing
; /* CFURLRef: sealed (non-optional) resource missing */
93 extern const CFStringRef kSecCFErrorInfoPlist
; /* CFTypeRef: Info.plist dictionary or component found invalid */
94 extern const CFStringRef kSecCFErrorGuestAttributes
; /* CFTypeRef: Guest attribute set of element not accepted */
95 extern const CFStringRef kSecCFErrorRequirementSyntax
; /* CFStringRef: compilation error for Requirement source */
100 This is the type of a reference to running code.
102 In many (but not all) calls, this can be passed to a SecStaticCodeRef
103 argument, which performs an implicit SecCodeCopyStaticCode call and
104 operates on the result.
106 typedef struct __SecCode
*SecCodeRef
; /* running code */
109 @typedef SecStaticCodeRef
110 This is the type of a reference to static code on disk.
112 typedef struct __SecCode
const *SecStaticCodeRef
; /* code on disk */
115 @typedef SecRequirementRef
116 This is the type of a reference to a code requirement.
118 typedef struct __SecRequirement
*SecRequirementRef
; /* code requirement */
123 An abstract handle to identify a particular Guest in the context of its Host.
125 Guest handles are assigned by the host at will, with kSecNoGuest (zero) being
126 reserved as the null value). They can be reused for new children if desired.
128 typedef u_int32_t SecGuestRef
;
131 kSecNoGuest
= 0, /* not a valid SecGuestRef */
137 This is the type of flags arguments to Code Signing API calls.
138 It provides a bit mask of request and option flags. All of the bits in these
139 masks are reserved to Apple; if you set any bits not defined in these headers,
140 the behavior is generally undefined.
142 This list describes the flags that are shared among several Code Signing API calls.
143 Flags that only apply to one call are defined and documented with that call.
144 Global flags are assigned from high order down (31 -> 0); call-specific flags
145 are assigned from the bottom up (0 -> 31).
147 @constant kSecCSDefaultFlags
148 When passed to a flags argument throughout, indicates that default behavior
149 is desired. Do not mix with other flags values.
150 @constant kSecCSConsiderExpiration
151 When passed to a call that performs code validation, requests that code signatures
152 made by expired certificates be rejected. By default, expiration of participating
153 certificates is not automatic grounds for rejection.
155 typedef uint32_t SecCSFlags
;
158 kSecCSDefaultFlags
= 0, /* no particular flags (default behavior) */
160 kSecCSConsiderExpiration
= 1 << 31, /* consider expired certificates invalid */
165 @typedef SecCodeSignatureFlags
166 This is the type of option flags that can be embedded in a code signature
167 during signing, and that govern the use of the signature thereafter.
168 Some of these flags can be set through the codesign(1) command's --options
169 argument; some are set implicitly based on signing circumstances; and all
170 can be set with the kSecCodeSignerFlags item of a signing information dictionary.
172 @constant kSecCodeSignatureHost
173 Indicates that the code may act as a host that controls and supervises guest
174 code. If this flag is not set in a code signature, the code is never considered
175 eligible to be a host, and any attempt to act like one will be ignored.
176 @constant kSecCodeSignatureAdhoc
177 The code has been sealed without a signing identity. No identity may be retrieved
178 from it, and any code requirement placing restrictions on the signing identity
179 will fail. This flag is set by the code signing API and cannot be set explicitly.
180 @constant kSecCodeSignatureForceHard
181 Implicitly set the "hard" status bit for the code when it starts running.
182 This bit indicates that the code prefers to be denied access to a resource
183 if gaining such access would cause its invalidation. Since the hard bit is
184 sticky, setting this option bit guarantees that the code will always have
186 @constant kSecCodeSignatureForceKill
187 Implicitly set the "kill" status bit for the code when it starts running.
188 This bit indicates that the code wishes to be terminated with prejudice if
189 it is ever invalidated. Since the kill bit is sticky, setting this option bit
190 guarantees that the code will always be valid, since it will die immediately
191 if it becomes invalid.
192 @constant kSecCodeSignatureForceExpiration
193 Forces the kSecCSConsiderExpiration on all validations of the code.
195 typedef uint32_t SecCodeSignatureFlags
;
198 kSecCodeSignatureHost
= 0x0001, /* may host guest code */
199 kSecCodeSignatureAdhoc
= 0x0002, /* must be used without signer */
200 kSecCodeSignatureForceHard
= 0x0100, /* always set HARD mode on launch */
201 kSecCodeSignatureForceKill
= 0x0200, /* always set KILL mode on launch */
202 kSecCodeSignatureForceExpiration
= 0x0400, /* force certificat expiration checks */
207 @typedef SecRequirementType
208 An enumeration indicating different types of internal requirements for code.
210 typedef uint32_t SecRequirementType
;
213 kSecHostRequirementType
= 1, /* what hosts may run us */
214 kSecGuestRequirementType
= 2, /* what guests we may run */
215 kSecDesignatedRequirementType
= 3, /* designated requirement */
216 kSecLibraryRequirementType
= 4, /* what libraries we may link against */
217 kSecInvalidRequirementType
, /* invalid type of Requirement (must be last) */
218 kSecRequirementTypeCount
= kSecInvalidRequirementType
/* number of valid requirement types */
projects / apple / libsecurity_codesigning.git / blob