X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_codesigning/lib/CSCommonPriv.h?ds=inline diff --git a/Security/libsecurity_codesigning/lib/CSCommonPriv.h b/Security/libsecurity_codesigning/lib/CSCommonPriv.h new file mode 100644 index 00000000..08b90df2 --- /dev/null +++ b/Security/libsecurity_codesigning/lib/CSCommonPriv.h @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/*! + @header CSCommonPriv + SecStaticCodePriv is the private counter-part to CSCommon. Its contents are not + official API, and are subject to change without notice. +*/ +#ifndef _H_CSCOMMONPRIV +#define _H_CSCOMMONPRIV + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +/*! + @typedef SecCodeDirectoryFlagTable + This constant array can be used to translate between names and values + of CodeDirectory flag bits. The table ends with an entry with NULL name. + The elements are in no particular order. + @field name The official text name of the flag. + @field value The binary value of the flag. + @field signable True if the flag can be specified during signing. False if it is set + internally and can only be read from a signature. + */ +typedef struct { + const char *name; + uint32_t value; + bool signable; +} SecCodeDirectoryFlagTable; + +extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable[]; + + +/*! + Blob types (magic numbers) for blobs used by Code Signing. + + @constant kSecCodeMagicRequirement Magic number for individual code requirements. + @constant kSecCodeMagicRequirementSet Magic number for a collection of + individual code requirements, indexed by requirement type. This is used + for internal requirement sets. + @constant kSecCodeMagicCodeDirectory Magic number for a CodeDirectory. + @constant kSecCodeMagicEmbeddedSignature Magic number for a SuperBlob + containing all the signing components that are usually embedded within + a main executable. + @constant kSecCodeMagicDetachedSignature Magic number for a SuperBlob that + contains all the data for all architectures of a signature, including any + data that is usually written to separate files. This is the format of + detached signatures if the program is capable of having multiple architectures. + @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob. + @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic + numbers. This is not a valid ASCII character; test for this to distinguish + between text and binary data if you expect a code signing-related binary blob. + */ + +enum { + kSecCodeMagicRequirement = 0xfade0c00, /* single requirement */ + kSecCodeMagicRequirementSet = 0xfade0c01, /* requirement set */ + kSecCodeMagicCodeDirectory = 0xfade0c02, /* CodeDirectory */ + kSecCodeMagicEmbeddedSignature = 0xfade0cc0, /* single-architecture embedded signature */ + kSecCodeMagicDetachedSignature = 0xfade0cc1, /* detached multi-architecture signature */ + kSecCodeMagicEntitlement = 0xfade7171, /* entitlement blob */ + + kSecCodeMagicByte = 0xfa /* shared first byte */ +}; + + +/*! + Types of cryptographic digests (hashes) used to hold code signatures + together. + + Each combination of type, length, and other parameters is a separate + hash type; we don't understand "families" here. + + These type codes govern the digest links that connect a CodeDirectory + to its subordinate data structures (code pages, resources, etc.) + They do not directly control other uses of hashes (such as the + hash-of-CodeDirectory identifiers used in requirements). + */ +enum { + kSecCodeSignatureNoHash = 0, /* null value */ + kSecCodeSignatureHashSHA1 = 1, /* SHA-1 */ + kSecCodeSignatureHashSHA256 = 2, /* SHA-256 */ + + kSecCodeSignatureDefaultDigestAlgorithm = kSecCodeSignatureHashSHA1 +}; + + +/*! + A callback block type for monitoring certain code signing operations + */ +typedef CFTypeRef (^SecCodeCallback)(SecStaticCodeRef code, CFStringRef stage, CFDictionaryRef info); + + +#ifdef __cplusplus +} +#endif + +#endif //_H_CSCOMMON