forked from xamarin/xamarin-macios
-
Notifications
You must be signed in to change notification settings - Fork 1
Security macOS xcode9 beta2
Vincent Dondain edited this page Jun 21, 2017
·
1 revision
#Security.framework
diff -ruN /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/CSCommon.h /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/CSCommon.h
--- /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/CSCommon.h 2017-05-26 22:40:28.000000000 -0400
+++ /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/CSCommon.h 2017-06-11 21:18:20.000000000 -0400
@@ -258,24 +258,6 @@
};
/*!
- @typedef SecCodeExecSegFlags
- These options are relevant to the pmap's code signing enforcement.
- Some of them mirror entitlements for easy access by the lower kernel layers.
- */
-typedef CF_OPTIONS(uint32_t, SecCodeExecSegFlags) {
- kSecCodeExecSegMainBinary = 0x0001, /* exec seg belongs to main binary */
-
- // Entitlements
- kSecCodeExecSegAllowUnsigned = 0x0010, /* allow unsigned pages (for debugging) */
- kSecCodeExecSegDebugger = 0x0020, /* main binary is debugger */
- kSecCodeExecSegJit = 0x0040, /* JIT enabled */
- kSecCodeExecSegSkipLibraryVal = 0x0080, /* skip library validation */
- kSecCodeExecSegCanLoadCdHash = 0x0100, /* can bless cdhash for execution */
- kSecCodeExecSegCanExecCdHash = 0x0200, /* can execute blessed cdhash */
-};
-
-
-/*!
@typedef SecCodeStatus
The code signing system attaches a set of status flags to each running code.
These flags are maintained by the code's host, and can be read by anyone.
diff -ruN /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h
--- /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h 2017-05-27 00:31:24.000000000 -0400
+++ /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h 2017-06-14 03:41:59.000000000 -0400
@@ -552,6 +552,8 @@
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
extern const CFStringRef kSecAttrPersistantReference
__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+extern const CFStringRef kSecAttrPersistentReference
+__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
/*!
@enum kSecAttrAccessible Value Constants
diff -ruN /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h
--- /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h 2017-05-20 23:23:30.000000000 -0400
+++ /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h 2017-06-12 01:03:01.000000000 -0400
@@ -619,6 +619,11 @@
* kSecAttrCanWrap default false for private keys, true for public keys
* kSecAttrCanUnwrap default true for private keys, false for public keys
+ NOTE: The function always saves keys in the keychain on macOS and as such attribute
+ kSecAttrIsPermanent is ignored. The function respects attribute kSecAttrIsPermanent
+ on iOS, tvOS and watchOS.
+ It is recommended to use SecKeyCreateRandomKey() which respects kSecAttrIsPermanent
+ on all platforms.
*/
OSStatus SecKeyGeneratePair(CFDictionaryRef parameters,
SecKeyRef * _Nullable CF_RETURNS_RETAINED publicKey, SecKeyRef * _Nullable CF_RETURNS_RETAINED privateKey)
diff -ruN /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h
--- /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h 2017-05-26 22:40:28.000000000 -0400
+++ /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h 2017-06-12 00:57:38.000000000 -0400
@@ -168,7 +168,7 @@
extern const CFStringRef kSecTrustCertificateTransparency
__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
extern const CFStringRef kSecTrustCertificateTransparencyWhiteList
- __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
+ __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_12, __MAC_10_13, __IPHONE_10_0, __IPHONE_11_0);
#ifdef __BLOCKS__
/*!
diff -ruN /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/cssmapple.h /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/cssmapple.h
--- /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/cssmapple.h 2017-05-26 22:40:28.000000000 -0400
+++ /Applications/Xcode9-beta2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Headers/cssmapple.h 2017-06-11 21:18:20.000000000 -0400
@@ -94,6 +94,7 @@
CSSM_WORDID_PREAUTH_SOURCE,
CSSM_WORDID_ASYMMETRIC_KEY,
CSSM_WORDID_PARTITION,
+ CSSM_WORDID_KEYBAG_KEY,
CSSM_WORDID__FIRST_UNUSED
};
@@ -121,7 +122,8 @@
CSSM_SAMPLE_TYPE_RETRY_ID = CSSM_WORDID_PROPAGATE,
CSSM_SAMPLE_TYPE_SYMMETRIC_KEY = CSSM_WORDID_SYMMETRIC_KEY,
CSSM_SAMPLE_TYPE_PREAUTH = CSSM_WORDID_PREAUTH,
- CSSM_SAMPLE_TYPE_ASYMMETRIC_KEY = CSSM_WORDID_ASYMMETRIC_KEY
+ CSSM_SAMPLE_TYPE_ASYMMETRIC_KEY = CSSM_WORDID_ASYMMETRIC_KEY,
+ CSSM_SAMPLE_TYPE_KEYBAG_KEY = CSSM_WORDID_KEYBAG_KEY,
// there is no CSSM_SAMPLE_TYPE_PREAUTH_SOURCE
};
@@ -408,7 +410,8 @@
/* UNLOCK_REFERRAL "type" attribute values */
enum {
CSSM_APPLE_UNLOCK_TYPE_KEY_DIRECT = 1, // master secret key stored directly
- CSSM_APPLE_UNLOCK_TYPE_WRAPPED_PRIVATE = 2 // master key wrapped by public key
+ CSSM_APPLE_UNLOCK_TYPE_WRAPPED_PRIVATE = 2, // master key wrapped by public key
+ CSSM_APPLE_UNLOCK_TYPE_KEYBAG = 3 // master key wrapped via keybag
};
/* Apple DL private error codes. */