]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/CSCommonPriv.h
Security-58286.200.222.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / CSCommonPriv.h
1 /*
2 * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header CSCommonPriv
26 SecStaticCodePriv is the private counter-part to CSCommon. Its contents are not
27 official API, and are subject to change without notice.
28 */
29 #ifndef _H_CSCOMMONPRIV
30 #define _H_CSCOMMONPRIV
31
32 #include <Security/CSCommon.h>
33
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37
38
39 /*!
40 @typedef SecCodeDirectoryFlagTable
41 This constant array can be used to translate between names and values
42 of CodeDirectory flag bits. The table ends with an entry with NULL name.
43 The elements are in no particular order.
44 @field name The official text name of the flag.
45 @field value The binary value of the flag.
46 @field signable True if the flag can be specified during signing. False if it is set
47 internally and can only be read from a signature.
48 */
49 typedef struct {
50 const char *name;
51 uint32_t value;
52 bool signable;
53 } SecCodeDirectoryFlagTable;
54
55 extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[];
56
57
58 /*!
59 Blob types (magic numbers) for blobs used by Code Signing.
60
61 @constant kSecCodeMagicRequirement Magic number for individual code requirements.
62 @constant kSecCodeMagicRequirementSet Magic number for a collection of
63 individual code requirements, indexed by requirement type. This is used
64 for internal requirement sets.
65 @constant kSecCodeMagicCodeDirectory Magic number for a CodeDirectory.
66 @constant kSecCodeMagicEmbeddedSignature Magic number for a SuperBlob
67 containing all the signing components that are usually embedded within
68 a main executable.
69 @constant kSecCodeMagicDetachedSignature Magic number for a SuperBlob that
70 contains all the data for all architectures of a signature, including any
71 data that is usually written to separate files. This is the format of
72 detached signatures if the program is capable of having multiple architectures.
73 @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob.
74 @constant kSecCodeMagicEntitlementDER Magic number for a DER entitlement blob.
75 @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic
76 numbers. This is not a valid ASCII character; test for this to distinguish
77 between text and binary data if you expect a code signing-related binary blob.
78 */
79
80 enum {
81 kSecCodeMagicRequirement = 0xfade0c00, /* single requirement */
82 kSecCodeMagicRequirementSet = 0xfade0c01, /* requirement set */
83 kSecCodeMagicCodeDirectory = 0xfade0c02, /* CodeDirectory */
84 kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */
85 kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */
86 kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */
87 kSecCodeMagicEntitlementDER = 0xfade7172, /* entitlement DER blob */
88
89 kSecCodeMagicByte = 0xfa /* shared first byte */
90 };
91
92 /*!
93 @typedef SecCodeExecSegFlags
94 */
95 typedef CF_OPTIONS(uint32_t, SecCodeExecSegFlags) {
96 kSecCodeExecSegMainBinary = 0x0001, /* exec seg belongs to main binary */
97
98 // Entitlements
99 kSecCodeExecSegAllowUnsigned = 0x0010, /* allow unsigned pages (for debugging) */
100 kSecCodeExecSegDebugger = 0x0020, /* main binary is debugger */
101 kSecCodeExecSegJit = 0x0040, /* JIT enabled */
102 kSecCodeExecSegSkipLibraryVal = 0x0080, /* skip library validation */
103 kSecCodeExecSegCanLoadCdHash = 0x0100, /* can bless cdhash for execution */
104 kSecCodeExecSegCanExecCdHash = 0x0200, /* can execute blessed cdhash */
105 };
106
107 /*
108 The current (fixed) size of a cdhash in the system.
109 */
110 enum {
111 kSecCodeCDHashLength = 20
112 };
113
114
115 /*!
116 A callback block type for monitoring certain code signing operations
117 */
118 typedef CFTypeRef (^SecCodeCallback)(SecStaticCodeRef code, CFStringRef stage, CFDictionaryRef info);
119
120
121 #ifdef __cplusplus
122 }
123 #endif
124
125 #endif //_H_CSCOMMON