const CFStringRef kSecCFErrorResourceAdded = CFSTR("SecCSResourceAdded");
const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered");
const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing");
+const CFStringRef kSecCFErrorResourceSideband = CFSTR("SecCSResourceHasSidebandData");
const CFStringRef kSecCFErrorInfoPlist = CFSTR("SecCSInfoPlist");
const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes");
const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax");
const CFStringRef kSecGuestAttributeHash = CFSTR("codedirectory-hash");
const CFStringRef kSecGuestAttributeMachPort = CFSTR("mach-port");
const CFStringRef kSecGuestAttributePid = CFSTR("pid");
-const CFStringRef kSecGuestAttributeDynamicCode = CFSTR("dynamicCode");
-const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist");
+const CFStringRef kSecGuestAttributeAudit = CFSTR("audit");
+const CFStringRef kSecGuestAttributeDynamicCode = CFSTR("dynamicCode");
+const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist");
const CFStringRef kSecGuestAttributeArchitecture = CFSTR("architecture");
const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture");
+#if TARGET_OS_OSX
OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef,
CFDictionaryRef attributes, SecCSFlags flags, SecCodeRef *guestRef)
{
END_CSAPI
}
+#endif // TARGET_OS_OSX
//
OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags,
SecRequirementRef requirementRef, CFErrorRef *errors)
{
-#if !SECTRUST_OSX
BEGIN_CSAPI
checkFlags(flags,
kSecCSConsiderExpiration
+ | kSecCSStrictValidate
+ | kSecCSRestrictSidebandData
| kSecCSEnforceRevocationChecks);
SecPointer<SecCode> code = SecCode::required(codeRef);
code->checkValidity(flags);
code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);
END_CSAPI_ERRORS
-#else
-#warning resolve before enabling SECTRUST_OSX: <rdar://21328880>
- OSStatus result = errSecSuccess;
- const char *func = "SecCodeCheckValidity";
- CFErrorRef localErrors = NULL;
- if (!errors) { errors = &localErrors; }
- try {
- checkFlags(flags,
- kSecCSConsiderExpiration
- | kSecCSEnforceRevocationChecks);
- SecPointer<SecCode> code = SecCode::required(codeRef);
- code->checkValidity(flags);
- if (const SecRequirement *req = SecRequirement::optional(requirementRef))
- code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);
- }
- catch (...) {
- // the actual error being thrown is not being caught by any of the
- // type-specific blocks contained in the END_CSAPI_ERRORS macro,
- // so we only have the catch-all block here for now.
- result = errSecCSInternalError;
- }
-
- if (errors && *errors) {
- CFShow(errors);
- CFRelease(errors);
- *errors = NULL;
- }
- if (result == errSecCSInternalError) {
- #if !NDEBUG
- Security::Syslog::error("WARNING: %s ignored error %d", func, (int)result);
- #endif
- result = errSecSuccess;
- }
- return result;
-#endif
}
const CFStringRef kSecCodeInfoFlags = CFSTR("flags");
const CFStringRef kSecCodeInfoFormat = CFSTR("format");
const CFStringRef kSecCodeInfoDigestAlgorithm = CFSTR("digest-algorithm");
+const CFStringRef kSecCodeInfoDigestAlgorithms = CFSTR("digest-algorithms");
const CFStringRef kSecCodeInfoPlatformIdentifier = CFSTR("platform-identifier");
const CFStringRef kSecCodeInfoIdentifier = CFSTR("identifier");
const CFStringRef kSecCodeInfoImplicitDesignatedRequirement = CFSTR("implicit-requirement");
const CFStringRef kSecCodeInfoTimestamp = CFSTR("signing-timestamp");
const CFStringRef kSecCodeInfoTrust = CFSTR("trust");
const CFStringRef kSecCodeInfoUnique = CFSTR("unique");
+const CFStringRef kSecCodeInfoCdHashes = CFSTR("cdhashes");
+
const CFStringRef kSecCodeInfoCodeDirectory = CFSTR("CodeDirectory");
const CFStringRef kSecCodeInfoCodeOffset = CFSTR("CodeOffset");
+const CFStringRef kSecCodeInfoDiskRepInfo = CFSTR("DiskRepInfo");
const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory");
+/* DiskInfoRepInfo types */
+const CFStringRef kSecCodeInfoDiskRepOSPlatform = CFSTR("OSPlatform");
+const CFStringRef kSecCodeInfoDiskRepOSVersionMin = CFSTR("OSVersionMin");
+const CFStringRef kSecCodeInfoDiskRepOSSDKVersion = CFSTR("SDKVersion");
+const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation");
+
OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
CFDictionaryRef *infoRef)
| kSecCSSigningInformation
| kSecCSRequirementInformation
| kSecCSDynamicInformation
- | kSecCSContentInformation);
+ | kSecCSContentInformation
+ | kSecCSSkipResourceDirectory);
SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
CFRef<CFDictionaryRef> info = code->signingInformation(flags);
projects / apple / security.git / blobdiff