X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_codesigning/lib/CSCommonPriv.h diff --git a/OSX/libsecurity_codesigning/lib/CSCommonPriv.h b/OSX/libsecurity_codesigning/lib/CSCommonPriv.h index a03ac61d..0bb82021 100644 --- a/OSX/libsecurity_codesigning/lib/CSCommonPriv.h +++ b/OSX/libsecurity_codesigning/lib/CSCommonPriv.h @@ -71,6 +71,7 @@ extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[]; data that is usually written to separate files. This is the format of detached signatures if the program is capable of having multiple architectures. @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob. + @constant kSecCodeMagicEntitlementDER Magic number for a DER entitlement blob. @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic numbers. This is not a valid ASCII character; test for this to distinguish between text and binary data if you expect a code signing-related binary blob. @@ -83,33 +84,26 @@ enum { kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */ kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */ kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */ - + kSecCodeMagicEntitlementDER = 0xfade7172, /* entitlement DER blob */ + kSecCodeMagicByte = 0xfa /* shared first byte */ }; - /*! - Types of cryptographic digests (hashes) used to hold code signatures - together. - - Each combination of type, length, and other parameters is a separate - hash type; we don't understand "families" here. - - These type codes govern the digest links that connect a CodeDirectory - to its subordinate data structures (code pages, resources, etc.) - They do not directly control other uses of hashes (such as the - hash-of-CodeDirectory identifiers used in requirements). + @typedef SecCodeExecSegFlags */ -enum { - kSecCodeSignatureNoHash = 0, /* null value */ - kSecCodeSignatureHashSHA1 = 1, /* SHA-1 */ - kSecCodeSignatureHashSHA256 = 2, /* SHA-256 */ - kSecCodeSignatureHashSHA256Truncated = 3, /* SHA-256 truncated to first 20 bytes */ - - kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1 +typedef CF_OPTIONS(uint32_t, SecCodeExecSegFlags) { + kSecCodeExecSegMainBinary = 0x0001, /* exec seg belongs to main binary */ + + // Entitlements + kSecCodeExecSegAllowUnsigned = 0x0010, /* allow unsigned pages (for debugging) */ + kSecCodeExecSegDebugger = 0x0020, /* main binary is debugger */ + kSecCodeExecSegJit = 0x0040, /* JIT enabled */ + kSecCodeExecSegSkipLibraryVal = 0x0080, /* skip library validation */ + kSecCodeExecSegCanLoadCdHash = 0x0100, /* can bless cdhash for execution */ + kSecCodeExecSegCanExecCdHash = 0x0200, /* can execute blessed cdhash */ }; - /* The current (fixed) size of a cdhash in the system. */