--- /dev/null
+/*
+ * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*!
+ @header CSCommonPriv
+ SecStaticCodePriv is the private counter-part to CSCommon. Its contents are not
+ official API, and are subject to change without notice.
+*/
+#ifndef _H_CSCOMMONPRIV
+#define _H_CSCOMMONPRIV
+
+#include <Security/CSCommon.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*!
+ @typedef SecCodeDirectoryFlagTable
+ This constant array can be used to translate between names and values
+ of CodeDirectory flag bits. The table ends with an entry with NULL name.
+ The elements are in no particular order.
+ @field name The official text name of the flag.
+ @field value The binary value of the flag.
+ @field signable True if the flag can be specified during signing. False if it is set
+ internally and can only be read from a signature.
+ */
+typedef struct {
+ const char *name;
+ uint32_t value;
+ bool signable;
+} SecCodeDirectoryFlagTable;
+
+extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[];
+
+
+/*!
+ Blob types (magic numbers) for blobs used by Code Signing.
+
+ @constant kSecCodeMagicRequirement Magic number for individual code requirements.
+ @constant kSecCodeMagicRequirementSet Magic number for a collection of
+ individual code requirements, indexed by requirement type. This is used
+ for internal requirement sets.
+ @constant kSecCodeMagicCodeDirectory Magic number for a CodeDirectory.
+ @constant kSecCodeMagicEmbeddedSignature Magic number for a SuperBlob
+ containing all the signing components that are usually embedded within
+ a main executable.
+ @constant kSecCodeMagicDetachedSignature Magic number for a SuperBlob that
+ contains all the data for all architectures of a signature, including any
+ data that is usually written to separate files. This is the format of
+ detached signatures if the program is capable of having multiple architectures.
+ @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob.
+ @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic
+ numbers. This is not a valid ASCII character; test for this to distinguish
+ between text and binary data if you expect a code signing-related binary blob.
+ */
+
+enum {
+ kSecCodeMagicRequirement = 0xfade0c00, /* single requirement */
+ kSecCodeMagicRequirementSet = 0xfade0c01, /* requirement set */
+ kSecCodeMagicCodeDirectory = 0xfade0c02, /* CodeDirectory */
+ kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */
+ kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */
+ kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */
+
+ kSecCodeMagicByte = 0xfa /* shared first byte */
+};
+
+
+/*!
+ Types of cryptographic digests (hashes) used to hold code signatures
+ together.
+
+ Each combination of type, length, and other parameters is a separate
+ hash type; we don't understand "families" here.
+
+ These type codes govern the digest links that connect a CodeDirectory
+ to its subordinate data structures (code pages, resources, etc.)
+ They do not directly control other uses of hashes (such as the
+ hash-of-CodeDirectory identifiers used in requirements).
+ */
+enum {
+ kSecCodeSignatureNoHash = 0, /* null value */
+ kSecCodeSignatureHashSHA1 = 1, /* SHA-1 */
+ kSecCodeSignatureHashSHA256 = 2, /* SHA-256 */
+ kSecCodeSignatureHashPrestandardSkein160x256 = 32, /* Skein, 160 bits, 256 bit pool */
+ kSecCodeSignatureHashPrestandardSkein256x512 = 33, /* Skein, 256 bits, 512 bit pool */
+
+ kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1
+};
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif //_H_CSCOMMON
projects / apple / security.git / blobdiff