Security-58286.20.16.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / CSCommon.h

diff --git a/OSX/libsecurity_codesigning/lib/CSCommon.h b/OSX/libsecurity_codesigning/lib/CSCommon.h
index 70058cf17baa4515af348dc04ac9c9c44c358768..6aeef6490477ebd431bb2aa08fce9e01292b22a4 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/CSCommon.h
+++ b/OSX/libsecurity_codesigning/lib/CSCommon.h
@@ -111,10 +111,18 @@ CF_ENUM(OSStatus) {
        errSecCSBadFrameworkVersion =           -67009, /* embedded framework contains modified or invalid version */
        errSecCSUnsealedFrameworkRoot =         -67008, /* unsealed contents present in the root directory of an embedded framework */
        errSecCSWeakResourceEnvelope =          -67007, /* resource envelope is obsolete (version 1 signature) */
-       errSecCSCancelled =                                     -67006, /* operation was terminated by explicit cancellation */
+    errSecCSCancelled =                                        -67006, /* operation was terminated by explicit cancelation */
        errSecCSInvalidPlatform =                       -67005, /* invalid platform identifier or platform mismatch */
        errSecCSTooBig =                                        -67004, /* code is too big for current signing format */
        errSecCSInvalidSymlink =                        -67003, /* invalid destination for symbolic link in bundle */
+       errSecCSNotAppLike =                            -67002, /* the code is valid but does not seem to be an app */
+       errSecCSBadDiskImageFormat =            -67001, /* disk image format unrecognized, invalid, or unsuitable */
+       errSecCSUnsupportedDigestAlgorithm = -67000, /* a requested signature digest algorithm is not supported */
+       errSecCSInvalidAssociatedFileData =     -66999, /* resource fork, Finder information, or similar detritus not allowed */
+    errSecCSInvalidTeamIdentifier =     -66998, /* a Team Identifier string is invalid */
+    errSecCSBadTeamIdentifier =         -66997, /* a Team Identifier is wrong or inappropriate */
+    errSecCSSignatureUntrusted =        -66996, /* signature is valid but signer is not trusted */
+       errSecMultipleExecSegments =            -66995, /* the image contains multiple executable segments */
 };
 
 /*
@@ -132,6 +140,7 @@ extern const CFStringRef kSecCFErrorResourceSeal;   /* CFTypeRef: invalid componen
 extern const CFStringRef kSecCFErrorResourceAdded;     /* CFURLRef: unsealed resource found */
 extern const CFStringRef kSecCFErrorResourceAltered; /* CFURLRef: modified resource found */
 extern const CFStringRef kSecCFErrorResourceMissing; /* CFURLRef: sealed (non-optional) resource missing */
+extern const CFStringRef kSecCFErrorResourceSideband; /* CFURLRef: sealed resource has invalid sideband data (resource fork, etc.) */
 extern const CFStringRef kSecCFErrorInfoPlist;         /* CFTypeRef: Info.plist dictionary or component thereof found invalid */
 extern const CFStringRef kSecCFErrorGuestAttributes; /* CFTypeRef: Guest attribute set of element not accepted */
 extern const CFStringRef kSecCFErrorRequirementSyntax; /* CFStringRef: compilation error for Requirement source */
@@ -197,11 +206,12 @@ CF_ENUM(SecGuestRef) {
 typedef CF_OPTIONS(uint32_t, SecCSFlags) {
     kSecCSDefaultFlags = 0,                                    /* no particular flags (default behavior) */
        
-    kSecCSConsiderExpiration = 1 << 31,                /* consider expired certificates invalid */
+    kSecCSConsiderExpiration = 1U << 31,               /* consider expired certificates invalid */
     kSecCSEnforceRevocationChecks = 1 << 30,   /* force revocation checks regardless of preference settings */
     kSecCSNoNetworkAccess = 1 << 29,            /* do not use the network, cancels "kSecCSEnforceRevocationChecks"  */
        kSecCSReportProgress = 1 << 28,                 /* make progress report call-backs when configured */
     kSecCSCheckTrustedAnchors = 1 << 27, /* build certificate chain to system trust anchors, not to any self-signed certificate */
+       kSecCSQuickCheck = 1 << 26,             /* (internal) */
 };
 
 
@@ -247,7 +257,6 @@ typedef CF_OPTIONS(uint32_t, SecCodeSignatureFlags) {
        kSecCodeSignatureLibraryValidation = 0x2000, /* library validation required */
 };
 
-
 /*!
        @typedef SecCodeStatus
        The code signing system attaches a set of status flags to each running code.
@@ -308,6 +317,27 @@ typedef CF_ENUM(uint32_t, SecRequirementType) {
        kSecInvalidRequirementType,                             /* invalid type of Requirement (must be last) */
        kSecRequirementTypeCount = kSecInvalidRequirementType /* number of valid requirement types */
 };
+       
+       
+/*!
+ Types of cryptographic digests (hashes) used to hold code signatures
+ together.
+ 
+ Each combination of type, length, and other parameters is a separate
+ hash type; we don't understand "families" here.
+ 
+ These type codes govern the digest links that connect a CodeDirectory
+ to its subordinate data structures (code pages, resources, etc.)
+ They do not directly control other uses of hashes (such as those used
+ within X.509 certificates and CMS blobs).
+ */
+typedef CF_ENUM(uint32_t, SecCSDigestAlgorithm) {
+       kSecCodeSignatureNoHash                                                 =  0,   /* null value */
+       kSecCodeSignatureHashSHA1                                               =  1,   /* SHA-1 */
+       kSecCodeSignatureHashSHA256                                             =  2,   /* SHA-256 */
+       kSecCodeSignatureHashSHA256Truncated                    =  3,   /* SHA-256 truncated to first 20 bytes */
+       kSecCodeSignatureHashSHA384                                             =  4,   /* SHA-384 */
+};
 
 CF_ASSUME_NONNULL_END