OSX/libsecurity_codesigning/lib/CSCommonPriv.h

   1 /*
   2  * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25         @header CSCommonPriv
  26         SecStaticCodePriv is the private counter-part to CSCommon. Its contents are not
  27         official API, and are subject to change without notice.
  28 */
  29 #ifndef _H_CSCOMMONPRIV
  30 #define _H_CSCOMMONPRIV
  31
  32 #include <Security/CSCommon.h>
  33
  34 #ifdef __cplusplus
  35 extern "C" {
  36 #endif
  37
  38
  39 /*!
  40         @typedef SecCodeDirectoryFlagTable
  41         This constant array can be used to translate between names and values
  42         of CodeDirectory flag bits. The table ends with an entry with NULL name.
  43         The elements are in no particular order.
  44         @field name The official text name of the flag.
  45         @field value The binary value of the flag.
  46         @field signable True if the flag can be specified during signing. False if it is set
  47         internally and can only be read from a signature.
  48  */
  49 typedef struct {
  50         const char *name;
  51         uint32_t value;
  52         bool signable;
  53 } SecCodeDirectoryFlagTable;
  54
  55 extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[];
  56
  57
  58 /*!
  59         Blob types (magic numbers) for blobs used by Code Signing.
  60
  61         @constant kSecCodeMagicRequirement Magic number for individual code requirements.
  62         @constant kSecCodeMagicRequirementSet Magic number for a collection of
  63         individual code requirements, indexed by requirement type. This is used
  64         for internal requirement sets.
  65         @constant kSecCodeMagicCodeDirectory Magic number for a CodeDirectory.
  66         @constant kSecCodeMagicEmbeddedSignature Magic number for a SuperBlob
  67         containing all the signing components that are usually embedded within
  68         a main executable.
  69         @constant kSecCodeMagicDetachedSignature Magic number for a SuperBlob that
  70         contains all the data for all architectures of a signature, including any
  71         data that is usually written to separate files. This is the format of
  72         detached signatures if the program is capable of having multiple architectures.
  73         @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob.
  74         @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic
  75         numbers. This is not a valid ASCII character; test for this to distinguish
  76         between text and binary data if you expect a code signing-related binary blob.
  77  */
  78
  79 enum {
  80         kSecCodeMagicRequirement = 0xfade0c00,          /* single requirement */
  81         kSecCodeMagicRequirementSet = 0xfade0c01,       /* requirement set */
  82         kSecCodeMagicCodeDirectory = 0xfade0c02,        /* CodeDirectory */
  83         kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */
  84         kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */
  85         kSecCodeMagicEntitlement = 0xfade7171,          /* entitlement blob */
  86
  87         kSecCodeMagicByte = 0xfa                                        /* shared first byte */
  88 };
  89
  90
  91 /*!
  92         Types of cryptographic digests (hashes) used to hold code signatures
  93         together.
  94
  95         Each combination of type, length, and other parameters is a separate
  96         hash type; we don't understand "families" here.
  97
  98         These type codes govern the digest links that connect a CodeDirectory
  99         to its subordinate data structures (code pages, resources, etc.)
 100         They do not directly control other uses of hashes (such as the
 101         hash-of-CodeDirectory identifiers used in requirements).
 102  */
 103 enum {
 104         kSecCodeSignatureNoHash                                                 =  0,   /* null value */
 105         kSecCodeSignatureHashSHA1                                               =  1,   /* SHA-1 */
 106         kSecCodeSignatureHashSHA256                                             =  2,   /* SHA-256 */
 107         kSecCodeSignatureHashSHA256Truncated                    =  3,   /* SHA-256 truncated to first 20 bytes */
 108
 109         kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1
 110 };
 111
 112
 113 /*
 114         The current (fixed) size of a cdhash in the system.
 115  */
 116 enum {
 117         kSecCodeCDHashLength = 20
 118 };
 119
 120
 121 /*!
 122         A callback block type for monitoring certain code signing operations
 123  */
 124 typedef CFTypeRef (^SecCodeCallback)(SecStaticCodeRef code, CFStringRef stage, CFDictionaryRef info);
 125
 126
 127 #ifdef __cplusplus
 128 }
 129 #endif
 130
 131 #endif //_H_CSCOMMON