Partial Darling build of Security-59306.61.1

This is only the *build* of the Security framework. It does not link yet, and I also have not tried building the various executables yet.

This one required lots of edits in various places throughout the Darling codebase. It seems Apple has really changed things up from 10.13 to 10.15.

A great example of the huge difference is that libDER is no longer included with Security! I had to import it from the last version it was released and modify it slightly to fit the updated code.
Yet another example of Apple being bipolar towards open-source. I wonder what kind of secrets they could be hiding in a library made for working with an *open standard*, smh.

Also, since 10.15 included the drop of 32-bit support, Apple has now made use of many more "modern" Objective-C runtime features, such as automatic ivar synthesis.
Since we want to keep 32-bit app support in Darling but also support newer 64-bit apps and frameworks, I've put the sources using the new features into x86_64-only object libraries.
That way, we only build them for 64-bit and they're available in the 64-bit part of the final "fat" framework. This is fine because those brand new sources aren't used by any old 32-bit code (and 32-bit code can't be updated to use it, either).

Also, I'd like to point out that Apple's code uses such a mess of includes that it's ridiculous (and this is for all their projects, not just Security). Some sources require more includes than the ones listed in Xcode.

CMakeLists.txt

@@ -1,43 +1,61 @@
 project(Security)
 
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+
+include(security_lib)
+include(security_xcconfigs)
+
 set(CMAKE_CXX_STANDARD 14)
+set(SECURITY_PROJECT_DIR "${CMAKE_CURRENT_SOURCE_DIR}")
 
 add_compile_options(
 	-w
-)
-
-add_definitions(
-	-DNDEBUG=1
-	-D__KEYCHAINCORE__=1
-	-DOSSPINLOCK_USE_INLINED=0
-	-DDTRACE_PROBES_DISABLED
-
 	-nostdinc
 )
 
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/securityd/securityd_service/KeyStore
-	${CMAKE_CURRENT_SOURCE_DIR}/OSX/trustd
-	${CMAKE_CURRENT_SOURCE_DIR}/OSX/authd
-	${CMAKE_CURRENT_SOURCE_DIR}/OSX/security_dotmac_tp/lib
-	${CMAKE_CURRENT_SOURCE_DIR}/cssm
-	${CMAKE_CURRENT_SOURCE_DIR}/keychain
-	${CMAKE_CURRENT_SOURCE_DIR}/base
-	${CMAKE_CURRENT_SOURCE_DIR}/OSX/libsecurity_asn1
-	${CMAKE_CURRENT_SOURCE_DIR}/OSX/utilities
-	${CMAKE_CURRENT_SOURCE_DIR}/OSX/utilities/src
-	${CMAKE_CURRENT_SOURCE_DIR}/sectask
-	${CMAKE_CURRENT_SOURCE_DIR}/trust
-	${CMAKE_CURRENT_SOURCE_DIR}/internal-include
-	${CMAKE_CURRENT_SOURCE_DIR}/gen/include
-	${CMAKE_SOURCE_DIR}/src/frameworks/CryptoTokenKit/include/
-	${CMAKE_SOURCE_DIR}/src/frameworks/LocalAuthentication/include/
+add_compile_definitions(
+	__KEYCHAINCORE__=1
+	CORECRYPTO_DONOT_USE_TRANSPARENT_UNION=1
+	#OCTAGON=1 # needs some extra stuff i don't want to implement right now
+	TRUSTEDPEERS=1
+	SECUREOBJECTSYNC=1
+	SHAREDWEBCREDENTIALS=0
+	PLATFORM=macOS
+	"SECURITY_BUILD_VERSION=\"0\""
+	NDEBUG=1
+
+	# not listed in Xcode, but apparently necessary
+	PRIVATE
 )
 
+include_directories(
+	${SECURITY_PROJECT_DIR}/header_symlinks
+	${SECURITY_PROJECT_DIR}/header_symlinks/macOS
+	${SECURITY_PROJECT_DIR}
+	${SECURITY_PROJECT_DIR}/libDER
+	${SECURITY_PROJECT_DIR}/OSX/libsecurity_asn1
+	${SECURITY_PROJECT_DIR}/OSX/sec
+	${SECURITY_PROJECT_DIR}/OSX/utilities
+	${SECURITY_PROJECT_DIR}/OSX
+	${SECURITY_PROJECT_DIR}/header_symlinks/Security
+	${SECURITY_PROJECT_DIR}/header_symlinks/macOS/Security
+)
+
+add_subdirectory(libDER)
+add_subdirectory(keychain)
+add_subdirectory(keychain/SecureObjectSync)
+
 # Security.framework
 add_subdirectory(OSX)
 # securityd
 add_subdirectory(securityd)
-add_subdirectory(SecurityTool)
+add_subdirectory(SecurityTool/macOS)
+
+# missing ProtocolBuffer.framework
+#add_subdirectory(KeychainCircle)
+
+add_subdirectory(trust/trustd)
+add_subdirectory(keychain/securityd)
+#add_subdirectory(OSX/authd)
 
 install(DIRECTORY DESTINATION libexec/darling/System/Library/Security)

KVSKeychainSyncingProxy/CMakeLists.txt

@@ -0,0 +1,34 @@
+project(CloudKeychainProxy)
+
+add_bundle(CloudKeychainProxy ""
+	CKDAKSLockMonitor.m
+	XPCNotificationDispatcher.m
+	CKDKVSProxy.m
+	CKDSecuritydAccount.m
+	cloudkeychainproxy.m
+	../keychain/SecureObjectSync/CKBridge/SOSCloudKeychainConstants.c
+	CKDKVSStore.m
+)
+
+set_target_properties(CloudKeychainProxy PROPERTIES
+	SUFFIX ".bundle"
+)
+
+target_link_libraries(CloudKeychainProxy
+	utilities
+	Security
+	Foundation
+	IOKit
+
+	# implied dependencies
+	objc
+	system
+)
+
+install(TARGETS CloudKeychainProxy DESTINATION libexec/darling/System/Library/Frameworks/Security.framework/Versions/A/Resources)
+install(
+	FILES com.apple.security.cloudkeychainproxy3.osx.plist
+	DESTINATION libexec/darling/System/Library/LaunchAgents
+	RENAME com.apple.security.cloudkeychainproxy3.plist
+)
+install(FILES ../OSX/sec/CloudKeychainProxy/CloudKeychainProxy.8 DESTINATION libexec/darling/usr/share/man/man8)

KeychainCircle/CMakeLists.txt

@@ -0,0 +1,38 @@
+project(KeychainCircle)
+
+add_framework(KeychainCircle
+	FAT
+	CURRENT_VERSION
+	VERSION "A"
+
+	SOURCES
+		../keychain/ot/proto/generated_source/OTApplicantToSponsorRound2M1.m
+		../keychain/ot/proto/generated_source/OTPairingMessage.m
+		../keychain/ot/proto/generated_source/OTSOSMessage.m
+		../keychain/ot/proto/generated_source/OTSponsorToApplicantRound1M2.m
+		../keychain/ot/proto/generated_source/OTSponsorToApplicantRound2M2.m
+		generated_source/KCInitialMessageData.m
+		KCAccountKCCircleDelegate.m
+		KCAESGCMDuplexSession.m
+		KCDer.m
+		KCError.m
+		KCJoiningAcceptSession.m
+		KCJoiningMessages.m
+		KCJoiningRequestCircleSession.m
+		KCJoiningRequestSecretSession.m
+		KCSRPContext.m
+		NSData+SecRandom.m
+		NSError+KCCreationHelpers.m
+		PairingChannel.m
+
+	DEPENDENCIES
+		# frameworks
+		#ProtocolBuffer # missing
+		Security
+
+		# dynamic libraries
+		compression
+
+		# static libraries
+		utilities
+)

KeychainSyncAccountNotification/CMakeLists.txt

@@ -0,0 +1,22 @@
+project(KeychainSyncAccountNotification)
+
+add_bundle(KeychainSyncAccountNotification ""
+	KeychainSyncAccountNotification.m
+)
+
+set_target_properties(KeychainSyncAccountNotification PROPERTIES
+	SUFFIX ".bundle"
+)
+
+target_link_libraries(KeychainSyncAccountNotification
+	AuthKit
+	Security
+	#Accounts # missing
+	Foundation
+
+	# implied dependencies
+	objc
+	system
+)
+
+install(TARGETS KeychainSyncAccountNotification DESTINATION libexec/darling/System/Library/Accounts/Notification)

KeychainSyncAccountUpdater/CMakeLists.txt

@@ -0,0 +1,24 @@
+project(KeychainSyncAccountUpdater)
+
+add_bundle(KeychainSyncAccountUpdater ""
+KeychainSyncAccountUpdater.m
+)
+
+set_target_properties(KeychainSyncAccountUpdater PROPERTIES
+	SUFFIX ".bundle"
+)
+
+target_link_libraries(KeychainSyncAccountUpdater
+	libsecurityd_ios
+	SystemConfiguration
+	utilities
+	#MobileGestalt # missing
+	#IDS #missing
+	KeychainCircle
+
+	# implied dependencies
+	objc
+	system
+)
+
+install(TARGETS KeychainSyncAccountUpdater DESTINATION libexec/darling/System/Library/CoreServices/UAUPlugins)

OSX/CMakeLists.txt

@@ -1,5 +1,5 @@
 add_subdirectory(libsecurity_asn1)
-add_subdirectory(sec)
+add_subdirectory(sec/Security)
 add_subdirectory(libsecurity_apple_csp)
 add_subdirectory(libsecurity_apple_cspdl)
 add_subdirectory(libsecurity_apple_file_dl)
@@ -23,7 +23,6 @@ add_subdirectory(libsecurity_mds)
 add_subdirectory(libsecurity_ocspd)
 add_subdirectory(libsecurity_pkcs12)
 add_subdirectory(libsecurity_sd_cspdl)
-add_subdirectory(libsecurity_smime)
 add_subdirectory(libsecurity_ssl)
 add_subdirectory(libsecurity_transform)
 add_subdirectory(libsecurity_translocate)
@@ -32,7 +31,50 @@ add_subdirectory(libsecurityd)
 add_subdirectory(utilities)
 
 set(DYLIB_COMPAT_VERSION "1.0.0")
-set(DYLIB_CURRENT_VERSION "57740.51.3")
+set(DYLIB_CURRENT_VERSION "59306.61.1")
+
+add_compile_definitions(
+	CORECRYPTO_DONOT_USE_TRANSPARENT_UNION=1
+)
+
+add_darling_object_library(Security_x86_64
+	x86_64_ONLY
+
+	../Analytics/Clients/LocalKeychainAnalytics.m
+	../Analytics/Clients/SOSAnalytics.m
+	../Analytics/NSDate+SFAnalytics.m
+	../Analytics/SFAnalytics.m
+	../Analytics/SFAnalyticsActivityTracker.m
+	../Analytics/SFAnalyticsMultiSampler.m
+	../Analytics/SFAnalyticsSampler.m
+	../Analytics/SFAnalyticsSQLiteStore.m
+	../Analytics/SQLite/SFObjCType.m
+	../Analytics/SQLite/SFSQLite.m
+	../Analytics/SQLite/SFSQLiteStatement.m
+	../keychain/escrowrequest/Framework/SecEscrowRequest.m
+
+	# all this Octagon stuff is brand new and most of it only compiles on x86_64
+	../keychain/ot/OTClique.m
+	../keychain/ot/OTConstants.m
+	../keychain/ot/OTControl.m
+	../keychain/ot/OTControlProtocol.m
+	../keychain/ot/OTDefines.m
+	../keychain/ot/OTJoiningConfiguration.m
+)
+
+target_include_directories(Security_x86_64 PRIVATE
+	${CMAKE_CURRENT_SOURCE_DIR}/include
+)
+
+set_source_files_properties(
+	../Analytics/SFAnalytics.m
+	../Analytics/SFAnalyticsMultiSampler.m
+	../Analytics/SFAnalyticsSampler.m
+	../Analytics/SQLite/SFSQLiteStatement.m
+
+	PROPERITES
+		COMPILE_FLAGS " -fobjc-arc"
+)
 
 add_framework(Security
 	FAT
@@ -40,37 +82,38 @@ add_framework(Security
 	VERSION "A"
 
 	SOURCES
-		lib/dummy.cpp
-		lib/version.c
 		Breadcrumb/SecBreadcrumb.c
-		../../coretls/coretls_cfhelpers/tls_helpers.c
-		../../coretls/coretls_cfhelpers/tls_helpers_identity.c
-		../../coretls/lib/sslMemory.c
+		lib/dummy.cpp
+		sec/ipc/client_endpoint.m
+		sec/ipc/client.c
+		sec/Security/SecFramework.c
+		utilities/SecCoreAnalytics.m
+		utilities/SecPaddingConfigurations.c
+		$<TARGET_OBJECTS:Security_x86_64>
+		../experiment/SecExperiment.m
+		../keychain/behavior/SFBehavior.m
+		../keychain/ckks/CKKSControl.m
+		../keychain/ckks/CKKSControlProtocol.m
+		../keychain/escrowrequest/EscrowRequestXPCProtocol.m
+		../keychain/SigninMetrics/OctagonSignPosts.m
+		../keychain/SigninMetrics/SFSignInAnalytics.m
+		../protocol/SecProtocol.c
+		../protocol/SecProtocolConfiguration.m
+		../protocol/SecProtocolHelper.m
+		../protocol/SecProtocolTypes.m
 
 	DEPENDENCIES
-		#coretls_cfhelpers
-		objc
-		pam.2
-		bsm.0
-		auto
-		z
-		xar
-		sqlite3
-		CoreFoundation
-		CryptoTokenKit
-		IOKit
-		SystemConfiguration
-		LocalAuthentication
-		DiagnosticMessagesClient
-
-		# Static libraries
+		# try to stick to the order in xcodeproj as much as possible
+		#
+		# kind of difficult because there is a mix of libraries added
+		# through target "Frameworks" and some added as plain flags
+		AppleFSCompression
 		security_asn1
 		SecItemShimOSX
 		SecOtrOSX
 		SecTrustOSX
-		SecureObjectSync
+		SecureObjectSyncFramework
 		logging
-		secipc_client
 		security_apple_csp
 		security_apple_cspdl
 		security_apple_file_dl
@@ -89,21 +132,48 @@ add_framework(Security
 		security_cssm
 		security_filedb
 		security_keychain
-		security_keychain_DER
 		security_manifest
 		security_mds
 		security_ocspd
 		security_pkcs12
 		security_sd_cspdl
-		security_smime
 		security_ssl
 		security_transform
 		security_translocate
 		security_utilities
 		securityd_client
-		securityd
 		utilities
+		DiagnosticMessagesClient
+
+		#aks_acl # missing
 		aks
+
+		bsm.0
+
+		CrashReporterClient
+
+		#coreauthd_client
+		LocalAuthentication # instead of coreauthd_client
+
+		coretls
+		#coretls_cfhelpers # missing
+
+		#ctkclient_sep
+		#ACM
+		CryptoTokenKit # instead of ctkclient_sep and ACM
+
+		DER
+		pam.2
+		sqlite3
+		xar
+		z
+		CoreFoundation
+		IOKit
+
+		# implied dependencies (not listed in Xcode, but still used)
+		objc
+		cxx
+		system
 	RESOURCES
 		cssm.mdsinfo			libsecurity_cssm/mds/cssm.mdsinfo
 		sd_cspdl_common.mdsinfo		libsecurity_sd_cspdl/mds/sd_cspdl_common.mdsinfo
@@ -129,4 +199,21 @@ add_framework(Security
 
 )
 
-set_property(TARGET Security APPEND_STRING PROPERTY LINK_FLAGS " -Wl,-dead_strip -exported_symbols_list ${CMAKE_CURRENT_SOURCE_DIR}/../SEC_MANUAL.exp")
+target_include_directories(Security PRIVATE
+	${CMAKE_CURRENT_SOURCE_DIR}/include
+)
+
+set_property(TARGET Security APPEND_STRING PROPERTY LINK_FLAGS " -Wl,-dead_strip -exported_symbols_list ${CMAKE_CURRENT_SOURCE_DIR}/../SEC_MANUAL.exp -Wl,-upward_library,$<TARGET_FILE:Foundation>")
+
+include(darling_bundle)
+
+add_darling_bundle(csparser ""
+	lib/plugins/csparser.cpp
+)
+make_fat(csparser)
+target_link_libraries(csparser security_cdsa_utilities utilities)
+set_target_properties(csparser PROPERTIES
+	OUTPUT_NAME "csparser"
+	PREFIX ""
+	SUFFIX ".bundle"
+)

OSX/authd/CMakeLists.txt

@@ -0,0 +1,42 @@
+project(authd)
+
+add_darling_executable(authd
+	agent.c
+	authdb.c
+	authitems.c
+	authtoken.c
+	authutilities.c
+	ccaudit.c
+	connection.c
+	crc.c
+	credential.c
+	engine.c
+	main.c
+	mechanism.c
+	object.c
+	process.c
+	rule.c
+	server.c
+	session.c
+)
+target_compile_options(authd PRIVATE
+	-fobjc-arc
+)
+
+target_link_libraries(authd
+	Foundation
+	sqlite3
+	bsm.0
+	Security
+	CoreFoundation
+	IOKit
+	#coreauthd_client # missing
+	#ctkloginhelper # missing
+
+	# implied dependencies
+	system
+)
+
+install(TARGETS authd DESTINATION libexec/darling/System/Library/Frameworks/Security.framework/Versions/A/XPCServices)
+install(FILES authorization.plist DESTINATION libexec/darling/System/Library/Security)
+install(FILES com.apple.authd DESTINATION libexec/darling/private/etc/asl)

OSX/libsecurity_apple_csp/CMakeLists.txt

@@ -1,139 +1,128 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/open_ssl
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_apple_csp)
 
-add_definitions(
-	-DALLOW_ZERO_PASSWORD
-	-DCRYPTKIT_CSP_ENABLE
-	-DCK_SECURITY_BUILD
-	-DASC_CSP_ENABLE
-)
-
-add_darling_static_library(security_apple_csp FAT
+add_macos_legacy_lib(security_apple_csp
 	SOURCES
-		lib/pkcs12Derive.cpp
-		open_ssl/misc/rc2_skey.c
-		open_ssl/bn/bn_exp.c
-		open_ssl/rsa/rsa_pk1.c
-		lib/SHA1_MD5_Object.cpp
-		open_ssl/dh/dh_lib.c
-		lib/cryptkitcsp.cpp
-		open_ssl/bn/bn_gcd.c
-		open_ssl/dh/dh_err.c
-		open_ssl/bn/bn_blind.c
-		open_ssl/buffer/buf_err.c
-		open_ssl/buffer/buffer.c
-		lib/DH_utils.cpp
-		lib/miscAlgFactory.cpp
-		open_ssl/bn/bn_asm.c
-		lib/FEEKeys.cpp
-		open_ssl/dsa/dsa_sign.c
-		lib/gladmanContext.cpp
-		lib/BlockCryptor.cpp
-		lib/RSA_DSA_signature.cpp
-		open_ssl/bn/bn_recp.c
-		open_ssl/bn/bn_sqr.c
-		lib/RSA_DSA_utils.cpp
-		lib/FEECSPUtils.cpp
-		open_ssl/dsa/dsa_err.c
-		open_ssl/misc/rc5_enc.c
-		open_ssl/bn/bn_prime.c
 		lib/aescsp.cpp
-		lib/bsafeAsymmetric.cpp
-		open_ssl/bf/bf_ecb.c
-		lib/HMACSHA1.c
-		open_ssl/rsa/rsa_ssl.c
-		lib/bsafeKeyGen.cpp
+		lib/AppleCSP.cpp
+		lib/AppleCSPBuiltin.cpp
+		lib/AppleCSPContext.cpp
+		lib/AppleCSPKeys.cpp
+		lib/AppleCSPUtils.cpp
+		lib/ascContext.cpp
+		lib/bfContext.cpp
+		lib/BlockCryptor.cpp
+		lib/boxes-ref.c
+		lib/castContext.cpp
+		lib/cryptkitcsp.cpp
+		lib/cspdebugging.c
+		lib/deriveKey.cpp
+		lib/desContext.cpp
+		lib/DH_csp.cpp
+		lib/DH_exchange.cpp
 		lib/DH_keys.cpp
-		open_ssl/bn/bn_shift.c
-		open_ssl/bn/bn_mpi.c
-		open_ssl/bn/bn_mul.c
-		open_ssl/dh/dh_gen.c
-		lib/RSA_asymmetric.cpp
-		open_ssl/rsa/rsa_chk.c
+		lib/DH_utils.cpp
+		lib/DigestContext.cpp
+		lib/FEEAsymmetricContext.cpp
+		lib/FEECSPUtils.cpp
+		lib/FEEKeys.cpp
+		lib/FEESignatureObject.cpp
+		lib/gladmanContext.cpp
+		lib/HMACSHA1.c
 		lib/MacContext.cpp
 		lib/MD2Object.cpp
-		lib/vRijndael-alg-ref.c
-		lib/AppleCSPContext.cpp
-		open_ssl/dsa/dsa_asn1.c
-		lib/boxes-ref.c
-		open_ssl/opensslUtils/opensslUtils.cpp
-		lib/deriveKey.cpp
-		lib/rc2Context.cpp
-		lib/opensshWrap.cpp
-		lib/SHA2_Object.cpp
-		open_ssl/bn/bn_print.c
-		lib/rijndaelApi.c
-		lib/DigestContext.cpp
-		open_ssl/misc/rc5_skey.c
-		open_ssl/lhash/lhash.c
-		open_ssl/dh/dh_key.c
-		open_ssl/err/err.c
-		lib/AppleCSPKeys.cpp
-		open_ssl/mem.c
-		lib/FEEAsymmetricContext.cpp
-		lib/miscalgorithms.cpp
-		lib/DH_exchange.cpp
-		lib/YarrowConnection.cpp
-		open_ssl/bn/bn_mont.c
-		lib/wrapKey.cpp
-		lib/SignatureContext.cpp
+		lib/miscAlgFactory.cpp
 		lib/opensshCoding.cpp
-		open_ssl/dsa/dsa_gen.c
-		lib/RSA_DSA_csp.cpp
-		lib/bfContext.cpp
-		lib/desContext.cpp
-		open_ssl/misc/rc2_cbc.c
-		open_ssl/bn/bn_rand.c
-		open_ssl/dh/dh_check.c
-		lib/AppleCSP.cpp
-		open_ssl/dsa/dsa_lib.c
-		open_ssl/bio/bio_lib.c
-		open_ssl/ex_data.c
-		open_ssl/dsa/dsa_key.c
-		open_ssl/bn/bn_lib.c
-		open_ssl/bf/bf_skey.c
-		open_ssl/rsa/rsa_lib.c
-		lib/AppleCSPBuiltin.cpp
-		lib/ascContext.cpp
-		open_ssl/bio/bss_file.c
-		open_ssl/err/err_prn.c
-		open_ssl/rsa/rsa_none.c
-		open_ssl/cryptlib.c
-		lib/DH_csp.cpp
-		open_ssl/bn/bn_exp2.c
-		lib/RSA_DSA_keys.cpp
-		lib/bsafePKCS1.cpp
-		lib/AppleCSPUtils.cpp
-		open_ssl/rsa/rsa_err.c
-		lib/castContext.cpp
-		lib/pkcs8.cpp
-		lib/wrapKeyCms.cpp
-		open_ssl/bn/bn_err.c
-		open_ssl/opensslUtils/opensslAsn1.cpp
-		open_ssl/bn/bn_add.c
-		lib/rc4Context.cpp
-		lib/bsafeContext.cpp
-		lib/FEESignatureObject.cpp
-		open_ssl/dsa/dsa_vrf.c
-		open_ssl/bn/bn_word.c
-		lib/rijndael-alg-ref.c
-		lib/memory.cpp
+		lib/opensshWrap.cpp
 		lib/pbkdDigest.cpp
-		lib/rc5Context.cpp
 		lib/pbkdf2.c
-		lib/cspdebugging.c
-		open_ssl/rsa/rsa_eay.c
-		open_ssl/rsa/rsa_gen.c
-		lib/bsafeSymmetric.cpp
-		open_ssl/stack/stack.c
-		open_ssl/bn/bn_ctx.c
-		open_ssl/rsa/rsa_sign.c
-		open_ssl/rsa/rsa_null.c
+		lib/pkcs12Derive.cpp
+		lib/pkcs8.cpp
+		lib/rc2Context.cpp
+		lib/rc4Context.cpp
+		lib/rc5Context.cpp
+		lib/rijndael-alg-ref.c
+		lib/rijndaelApi.c
+		lib/RSA_asymmetric.cpp
+		lib/RSA_DSA_csp.cpp
+		lib/RSA_DSA_keys.cpp
+		lib/RSA_DSA_signature.cpp
+		lib/RSA_DSA_utils.cpp
+		lib/SHA1_MD5_Object.cpp
+		lib/SHA2_Object.cpp
+		lib/SignatureContext.cpp
+		lib/vRijndael-alg-ref.c
+		lib/wrapKey.cpp
+		lib/wrapKeyCms.cpp
+		lib/YarrowConnection.cpp
+		open_ssl/bf/bf_ecb.c
 		open_ssl/bf/bf_enc.c
-		open_ssl/rsa/rsa_saos.c
-		lib/algmaker.cpp
+		open_ssl/bf/bf_skey.c
+		open_ssl/bio/bio_lib.c
+		open_ssl/bio/bss_file.c
+		open_ssl/bn/bn_add.c
+		open_ssl/bn/bn_asm.c
+		open_ssl/bn/bn_blind.c
+		open_ssl/bn/bn_ctx.c
 		open_ssl/bn/bn_div.c
+		open_ssl/bn/bn_err.c
+		open_ssl/bn/bn_exp.c
+		open_ssl/bn/bn_exp2.c
+		open_ssl/bn/bn_gcd.c
+		open_ssl/bn/bn_lib.c
+		open_ssl/bn/bn_mont.c
+		open_ssl/bn/bn_mpi.c
+		open_ssl/bn/bn_mul.c
+		open_ssl/bn/bn_prime.c
+		open_ssl/bn/bn_print.c
+		open_ssl/bn/bn_rand.c
+		open_ssl/bn/bn_recp.c
+		open_ssl/bn/bn_shift.c
+		open_ssl/bn/bn_sqr.c
+		open_ssl/bn/bn_word.c
+		open_ssl/buffer/buf_err.c
+		open_ssl/buffer/buffer.c
+		open_ssl/cryptlib.c
+		open_ssl/dh/dh_check.c
+		open_ssl/dh/dh_err.c
+		open_ssl/dh/dh_gen.c
+		open_ssl/dh/dh_key.c
+		open_ssl/dh/dh_lib.c
+		open_ssl/dsa/dsa_asn1.c
+		open_ssl/dsa/dsa_err.c
+		open_ssl/dsa/dsa_gen.c
+		open_ssl/dsa/dsa_key.c
+		open_ssl/dsa/dsa_lib.c
 		open_ssl/dsa/dsa_ossl.c
+		open_ssl/dsa/dsa_sign.c
+		open_ssl/dsa/dsa_vrf.c
+		open_ssl/err/err_prn.c
+		open_ssl/err/err.c
+		open_ssl/ex_data.c
+		open_ssl/lhash/lhash.c
+		open_ssl/mem.c
+		open_ssl/misc/rc2_cbc.c
+		open_ssl/misc/rc2_skey.c
+		open_ssl/misc/rc5_enc.c
+		open_ssl/misc/rc5_skey.c
+		open_ssl/opensslUtils/opensslAsn1.cpp
+		open_ssl/opensslUtils/opensslUtils.cpp
+		open_ssl/rsa/rsa_chk.c
+		open_ssl/rsa/rsa_eay.c
+		open_ssl/rsa/rsa_err.c
+		open_ssl/rsa/rsa_gen.c
+		open_ssl/rsa/rsa_lib.c
+		open_ssl/rsa/rsa_none.c
+		open_ssl/rsa/rsa_null.c
+		open_ssl/rsa/rsa_pk1.c
+		open_ssl/rsa/rsa_saos.c
+		open_ssl/rsa/rsa_sign.c
+		open_ssl/rsa/rsa_ssl.c
+		open_ssl/stack/stack.c
+	DEFINITIONS
+		ALLOW_ZERO_PASSWORD
+		CRYPTKIT_CSP_ENABLE
+		CK_SECURITY_BUILD
+		ASC_CSP_ENABLE
+	INCLUDES
+		${SECURITY_PROJECT_DIR}/OSX/libsecurity_apple_csp/open_ssl
 )

OSX/libsecurity_apple_cspdl/CMakeLists.txt

@@ -1,24 +1,22 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_apple_cspdl)
 
-add_definitions(
-	-DALLOW_ZERO_PASSWORD
-	-DCRYPTKIT_CSP_ENABLE
-	-DCK_SECURITY_BUILD
-	-DASC_CSP_ENABLE
-)
-
-add_darling_static_library(security_apple_cspdl FAT
+add_macos_legacy_lib(security_apple_cspdl
 	SOURCES
-		lib/SSCSPSession.cpp
-		lib/SSDLSession.cpp
-		lib/SSKey.cpp
+		lib/AppleCSPDLBuiltin.cpp
+		lib/CSPDLDatabase.cpp
+		lib/CSPDLPlugin.cpp
 		lib/SSContext.cpp
 		lib/SSCSPDLSession.cpp
-		lib/CSPDLPlugin.cpp
+		lib/SSCSPSession.cpp
 		lib/SSDatabase.cpp
-		lib/CSPDLDatabase.cpp
+		lib/SSDLSession.cpp
 		lib/SSFactory.cpp
-		lib/AppleCSPDLBuiltin.cpp
+		lib/SSKey.cpp
+	DEFINITIONS
+		ALLOW_ZERO_PASSWORD
+		CK_SECURITY_BUILD
+		ASC_CSP_ENABLE
+		CRYPTKIT_CSP_ENABLE
+	INCLUDES
+		${SECURITY_PROJECT_DIR}/OSX/libsecurity_apple_csp/open_ssl
 )

OSX/libsecurity_apple_file_dl/CMakeLists.txt

@@ -1,8 +1,6 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_apple_file_dl)
 
-add_darling_static_library(security_apple_file_dl FAT
+add_macos_legacy_lib(security_apple_file_dl
 	SOURCES
 		lib/AppleDLBuiltin.cpp
 		lib/AppleFileDL.cpp

OSX/libsecurity_apple_x509_cl/CMakeLists.txt

@@ -1,28 +1,26 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_apple_x509_cl)
 
-add_darling_static_library(security_apple_x509_cl FAT
+add_macos_legacy_lib(security_apple_x509_cl
 	SOURCES
 		lib/AppleX509CL.cpp
-		lib/clNssUtils.cpp
-		lib/DecodedItem.cpp
-		lib/clNameUtils.cpp
-		lib/Session_Cert.cpp
-		lib/CLFieldsCommon.cpp
-		lib/DecodedCert.cpp
 		lib/AppleX509CLBuiltin.cpp
-		lib/CertFields.cpp
-		lib/AppleX509CLSession.cpp
-		lib/CSPAttacher.cpp
-		lib/CLCrlExtensions.cpp
 		lib/AppleX509CLPlugin.cpp
+		lib/AppleX509CLSession.cpp
+		lib/CertFields.cpp
 		lib/CLCachedEntry.cpp
-		lib/DecodedCrl.cpp
-		lib/CrlFields.cpp
-		lib/Session_CSR.cpp
-		lib/Session_CRL.cpp
-		lib/DecodedExtensions.cpp
 		lib/CLCertExtensions.cpp
+		lib/CLCrlExtensions.cpp
+		lib/CLFieldsCommon.cpp
+		lib/clNameUtils.cpp
+		lib/clNssUtils.cpp
+		lib/CrlFields.cpp
+		lib/CSPAttacher.cpp
+		lib/DecodedCert.cpp
+		lib/DecodedCrl.cpp
+		lib/DecodedExtensions.cpp
+		lib/DecodedItem.cpp
+		lib/Session_Cert.cpp
+		lib/Session_CRL.cpp
 		lib/Session_Crypto.cpp
+		lib/Session_CSR.cpp
 )

OSX/libsecurity_apple_x509_tp/CMakeLists.txt

@@ -1,25 +1,23 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_apple_x509_tp)
 
-add_darling_static_library(security_apple_x509_tp FAT
+add_macos_legacy_lib(security_apple_x509_tp
 	SOURCES
-		lib/TPDatabase.cpp
-		lib/TPCertInfo.cpp
 		lib/AppleTP.cpp
-		lib/ocspRequest.cpp
-		lib/TPNetwork.cpp
-		lib/tpCrlVerify.cpp
 		lib/AppleTPSession.cpp
-		lib/cuEnc64.c
-		lib/tpPolicies.cpp
 		lib/AppleX509TPBuiltin.cpp
-		lib/tpOcspVerify.cpp
-		lib/TPCrlInfo.cpp
-		lib/tpTime.c
 		lib/certGroupUtils.cpp
-		lib/tpOcspCache.cpp
+		lib/cuEnc64.c
+		lib/ocspRequest.cpp
 		lib/tpCertGroup.cpp
-		lib/tpOcspCertVfy.cpp
+		lib/TPCertInfo.cpp
 		lib/tpCredRequest.cpp
+		lib/TPCrlInfo.cpp
+		lib/tpCrlVerify.cpp
+		lib/TPDatabase.cpp
+		lib/TPNetwork.cpp
+		lib/tpOcspCache.cpp
+		lib/tpOcspCertVfy.cpp
+		lib/tpOcspVerify.cpp
+		lib/tpPolicies.cpp
+		lib/tpTime.c
 )

OSX/libsecurity_asn1/CMakeLists.txt

@@ -1,30 +1,34 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}
-)
+project(libsecurity_asn1)
 
-add_darling_static_library(security_asn1 FAT
+add_security_library(security_asn1
+	FAT
 	SOURCES
-		lib/X509Templates.c
+		lib/certExtensionTemplates.c
+		lib/csrTemplates.c
 		lib/keyTemplates.c
-		lib/SecAsn1Templates.c
-		lib/osKeyTemplates.c
-		lib/nsprPortX.c
 		lib/nameTemplates.c
+		lib/nsprPortX.c
+		lib/nssUtils.c
+		lib/ocspTemplates.c
+		lib/oidsalg.c
+		lib/oidsattr.c
+		lib/oidsocsp.c
+		lib/osKeyTemplates.c
+		lib/pkcs12Templates.c
 		lib/pkcs7Templates.c
 		lib/plarena.c
-		lib/secasn1e.c
-		lib/SecNssCoder.cpp
-		lib/oidsalg.c
-		lib/ocspTemplates.c
-		lib/certExtensionTemplates.c
-		lib/secport.c
-		lib/nssUtils.c
-		lib/pkcs12Templates.c
-		lib/csrTemplates.c
-		lib/oidsattr.c
-		lib/secErrorStr.c
-		lib/oidsocsp.c
-		lib/secasn1d.c
 		lib/SecAsn1Coder.c
+		lib/secasn1d.c
+		lib/secasn1e.c
+		lib/SecAsn1Templates.c
 		lib/secasn1u.c
+		lib/secErrorStr.c
+		lib/SecNssCoder.cpp
+		lib/secport.c
+		lib/X509Templates.c
+	INCLUDES
+		${SECURITY_PROJECT_DIR}/header_symlinks/iOS
+
+		# not listed in xcode builds files, but necessary
+		${CMAKE_CURRENT_SOURCE_DIR}/../include
 )

OSX/libsecurity_authorization/CMakeLists.txt

@@ -1,12 +1,12 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_authorization)
 
-add_darling_static_library(security_authorization FAT
+add_macos_legacy_lib(security_authorization
 	SOURCES
-		lib/trampolineServer.cpp
-		lib/Authorization++.cpp
-		lib/Authorization.c
 		../authd/authutilities.c
+		lib/Authorization.c
+		lib/Authorization.cpp
 		lib/trampolineClient.cpp
+		lib/trampolineServer.cpp
+	INCLUDES
+		${CMAKE_CURRENT_SOURCE_DIR}/../authd
 )

OSX/libsecurity_authorization/lib/Authorization.c

@@ -17,7 +17,11 @@
 #include <syslog.h>
 #include <AssertMacros.h>
 #include <CoreFoundation/CFXPCBridge.h>
+#ifndef DARLING
 #include <CoreGraphics/CGWindow.h>
+#else
+typedef uint32_t CGWindowID;
+#endif
 #include <dlfcn.h>
 #include <os/log.h>
 

OSX/libsecurity_cdsa_client/CMakeLists.txt

@@ -1,29 +1,27 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_cdsa_client)
 
-add_darling_static_library(security_cdsa_client FAT
+add_macos_legacy_lib(security_cdsa_client
 	SOURCES
-		lib/dlclient.cpp
-		lib/mdsclient.cpp
-		lib/tpclient.cpp
-		lib/cssmclient.cpp
-		lib/cryptoclient.cpp
 		lib/aclclient.cpp
-		lib/DLDBList.cpp
 		lib/clclient.cpp
-		lib/signclient.cpp
-		lib/genkey.cpp
-		lib/macclient.cpp
-		lib/wrapkey.cpp
-		lib/keychainacl.cpp
-		lib/dliterators.cpp
-		lib/mds_standard.cpp
-		lib/dl_standard.cpp
-		lib/securestorage.cpp
-		lib/keyclient.cpp
-		lib/dlquery.cpp
+		lib/cryptoclient.cpp
 		lib/cspclient.cpp
+		lib/cssmclient.cpp
+		lib/dl_standard.cpp
+		lib/dlclient.cpp
 		lib/dlclientpriv.cpp
+		lib/DLDBList.cpp
+		lib/dliterators.cpp
+		lib/dlquery.cpp
+		lib/genkey.cpp
+		lib/keychainacl.cpp
+		lib/keyclient.cpp
+		lib/macclient.cpp
+		lib/mds_standard.cpp
+		lib/mdsclient.cpp
 		lib/multidldb.cpp
+		lib/securestorage.cpp
+		lib/signclient.cpp
+		lib/tpclient.cpp
+		lib/wrapkey.cpp
 )

OSX/libsecurity_cdsa_plugin/CMakeLists.txt

@@ -1,20 +1,18 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_cdsa_plugin)
 
-add_darling_static_library(security_cdsa_plugin FAT
+add_macos_legacy_lib(security_cdsa_plugin
 	SOURCES
 		lib/ACabstractsession.cpp
+		lib/CLabstractsession.cpp
 		lib/CSPabstractsession.cpp
-		lib/DLabstractsession.cpp
-		lib/DatabaseSession.cpp
 		lib/CSPsession.cpp
 		lib/csputilities.cpp
-		lib/DbContext.cpp
-		lib/Database.cpp
-		lib/pluginsession.cpp
 		lib/cssmplugin.cpp
-		lib/TPabstractsession.cpp
+		lib/Database.cpp
+		lib/DatabaseSession.cpp
+		lib/DbContext.cpp
+		lib/DLabstractsession.cpp
 		lib/DLsession.cpp
-		lib/CLabstractsession.cpp
+		lib/pluginsession.cpp
+		lib/TPabstractsession.cpp
 )

OSX/libsecurity_cdsa_utilities/CMakeLists.txt

@@ -1,48 +1,45 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_cdsa_utilities)
 
-add_darling_static_library(security_cdsa_utilities FAT
+add_macos_legacy_lib(security_cdsa_utilities
 	SOURCES
-		../../gen/KeySchema.cpp
-		../../gen/Schema.cpp
-		lib/callback.cpp
-		lib/acl_secret.cpp
-		lib/osxverifier.cpp
-		lib/handletemplates.cpp
-		lib/cssmdates.cpp
-		lib/acl_preauth.cpp
-		lib/cssmcred.cpp
-		lib/acl_password.cpp
-		lib/cssmtrust.cpp
-		lib/cssmlist.cpp
-		lib/objectacl.cpp
-		lib/cssmalloc.cpp
-		lib/cssmdbname.cpp
-		lib/acl_protectedpw.cpp
-		lib/handleobject.cpp
-		lib/uniformrandom.cpp
-		lib/acl_prompted.cpp
-		lib/acl_codesigning.cpp
-		lib/cssmerrors.cpp
-		lib/cssmwalkers.cpp
-		lib/AuthorizationData.cpp
-		lib/db++.cpp
-		lib/walkers.cpp
-		lib/cssmpods.cpp
-		lib/cssmdata.cpp
-		lib/acl_threshold.cpp
-		lib/cssmacl.cpp
-		lib/cssmdb.cpp
-		lib/aclsubject.cpp
-		lib/cssmkey.cpp
-		lib/cssmendian.cpp
-		lib/cssmcert.cpp
-		lib/acl_process.cpp
-		lib/context.cpp
-		lib/acl_comment.cpp
+		../../derived_src/KeySchema.cpp
+		../../derived_src/Schema.cpp
 		lib/acl_any.cpp
-		lib/cssmaclpod.cpp
-		lib/u32handleobject.cpp
+		lib/acl_codesigning.cpp
+		lib/acl_comment.cpp
+		lib/acl_password.cpp
+		lib/acl_preauth.cpp
+		lib/acl_process.cpp
+		lib/acl_prompted.cpp
+		lib/acl_protectedpw.cpp
+		lib/acl_secret.cpp
+		lib/acl_threshold.cpp
+		lib/aclsubject.cpp
+		lib/AuthorizationData.cpp
+		lib/callback.cpp
 		lib/constdata.cpp
+		lib/context.cpp
+		lib/cssmacl.cpp
+		lib/cssmaclpod.cpp
+		lib/cssmalloc.cpp
+		lib/cssmcert.cpp
+		lib/cssmcred.cpp
+		lib/cssmdata.cpp
+		lib/cssmdates.cpp
+		lib/cssmdb.cpp
+		lib/cssmdbname.cpp
+		lib/cssmendian.cpp
+		lib/cssmerrors.cpp
+		lib/cssmkey.cpp
+		lib/cssmlist.cpp
+		lib/cssmpods.cpp
+		lib/cssmtrust.cpp
+		lib/cssmwalkers.cpp
+		lib/db++.cpp
+		lib/handleobject.cpp
+		lib/handletemplates.cpp
+		lib/objectacl.cpp
+		lib/osxverifier.cpp
+		lib/u32handleobject.cpp
+		lib/walkers.cpp
 )

OSX/libsecurity_cdsa_utils/CMakeLists.txt

@@ -1,15 +1,13 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_cdsa_utils)
 
-add_darling_static_library(security_cdsa_utils FAT
+add_macos_legacy_lib(security_cdsa_utils
 	SOURCES
-		lib/cuPem.cpp
-		lib/cuEnc64.c
 		lib/cuCdsaUtils.cpp
 		lib/cuDbUtils.cpp
+		lib/cuEnc64.c
+		lib/cuFileIo.c
 		lib/cuOidParser.cpp
+		lib/cuPem.cpp
 		lib/cuPrintCert.cpp
 		lib/cuTimeStr.cpp
-		lib/cuFileIo.c
 )

OSX/libsecurity_checkpw/CMakeLists.txt

@@ -1,4 +1,6 @@
-add_darling_static_library(security_checkpw FAT
+project(libsecurity_checkpw)
+
+add_macos_legacy_lib(security_checkpw
 	SOURCES
 		lib/checkpw.c
 )

OSX/libsecurity_cms/CMakeLists.txt

@@ -1,6 +1,39 @@
-add_darling_static_library(security_cms FAT
+project(libsecurity_cms)
+
+add_macos_legacy_lib(security_cms
 	SOURCES
+		../libsecurity_smime/lib/cert.c
+		../libsecurity_smime/lib/cmsarray.c
+		../libsecurity_smime/lib/cmsasn1.c
+		../libsecurity_smime/lib/cmsattr.c
+		../libsecurity_smime/lib/cmscinfo.c
+		../libsecurity_smime/lib/cmscipher.c
+		../libsecurity_smime/lib/cmsdecode.c
+		../libsecurity_smime/lib/cmsdigdata.c
+		../libsecurity_smime/lib/cmsdigest.c
+		../libsecurity_smime/lib/cmsencdata.c
+		../libsecurity_smime/lib/cmsencode.c
+		../libsecurity_smime/lib/cmsenvdata.c
+		../libsecurity_smime/lib/cmsmessage.c
+		../libsecurity_smime/lib/cmspubkey.c
+		../libsecurity_smime/lib/cmsrecinfo.c
+		../libsecurity_smime/lib/cmsreclist.c
+		../libsecurity_smime/lib/cmssigdata.c
+		../libsecurity_smime/lib/cmssiginfo.c
+		../libsecurity_smime/lib/cmsutil.c
+		../libsecurity_smime/lib/cryptohi.c
+		../libsecurity_smime/lib/plhash.c
+		../libsecurity_smime/lib/secalgid.c
+		../libsecurity_smime/lib/SecCMS.c
+		../libsecurity_smime/lib/secitem.c
+		../libsecurity_smime/lib/secoid.c
+		../libsecurity_smime/lib/siginfoUtils.cpp
+		../libsecurity_smime/lib/smimeutil.c
+		../libsecurity_smime/lib/tsaSupport.c
+		../libsecurity_smime/lib/tsaTemplates.c
 		lib/CMSDecoder.cpp
 		lib/CMSEncoder.cpp
 		lib/CMSUtils.cpp
+	INCLUDES
+		${CMAKE_CURRENT_SOURCE_DIR}/../libsecurity_smime/lib
 )

OSX/libsecurity_codesigning/CMakeLists.txt

@@ -1,10 +1,8 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/antlr2
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_codesigning)
 
-add_darling_static_library(security_codesigning FAT
+add_macos_legacy_lib(security_codesigning
 	SOURCES
+		../../sectask/SecTask.c
 		antlr2/src/ANTLRUtil.cpp
 		antlr2/src/ASTFactory.cpp
 		antlr2/src/ASTNULLType.cpp
@@ -13,8 +11,6 @@ add_darling_static_library(security_codesigning FAT
 		antlr2/src/BitSet.cpp
 		antlr2/src/CharBuffer.cpp
 		antlr2/src/CharScanner.cpp
-		lib/Code.cpp
-		lib/CodeSigner.cpp
 		antlr2/src/CommonAST.cpp
 		antlr2/src/CommonASTWithHiddenTokens.cpp
 		antlr2/src/CommonHiddenStreamToken.cpp
@@ -27,17 +23,6 @@ add_darling_static_library(security_codesigning FAT
 		antlr2/src/NoViableAltForCharException.cpp
 		antlr2/src/Parser.cpp
 		antlr2/src/RecognitionException.cpp
-		lib/RequirementLexer.cpp
-		lib/RequirementParser.cpp
-		lib/Requirements.cpp
-		lib/SecAssessment.cpp
-		lib/SecCode.cpp
-		lib/SecCodeHost.cpp
-		lib/SecCodeSigner.cpp
-		lib/SecRequirement.cpp
-		lib/SecStaticCode.cpp
-		lib/SecTask.c
-		lib/StaticCode.cpp
 		antlr2/src/String.cpp
 		antlr2/src/Token.cpp
 		antlr2/src/TokenBuffer.cpp
@@ -50,11 +35,12 @@ add_darling_static_library(security_codesigning FAT
 		lib/antlrplugin.cpp
 		lib/bundlediskrep.cpp
 		lib/cdbuilder.cpp
+		lib/Code.cpp
 		lib/codedirectory.cpp
+		lib/CodeSigner.cpp
 		lib/cs.cpp
 		lib/csdatabase.cpp
 		lib/cserror.cpp
-		lib/csgeneric.cpp
 		lib/cskernel.cpp
 		lib/csprocess.cpp
 		lib/csutilities.cpp
@@ -66,7 +52,9 @@ add_darling_static_library(security_codesigning FAT
 		lib/evaluationmanager.cpp
 		lib/filediskrep.cpp
 		lib/kerneldiskrep.cpp
+		lib/legacydevid.cpp
 		lib/machorep.cpp
+		lib/notarization.cpp
 		lib/opaquewhitelist.cpp
 		lib/piddiskrep.cpp
 		lib/policydb.cpp
@@ -78,12 +66,26 @@ add_darling_static_library(security_codesigning FAT
 		lib/reqparser.cpp
 		lib/reqreader.cpp
 		lib/requirement.cpp
+		lib/RequirementLexer.cpp
+		lib/RequirementParser.cpp
+		lib/Requirements.cpp
 		lib/resources.cpp
+		lib/SecAssessment.cpp
+		lib/SecCode.cpp
+		lib/SecCodeHost.cpp
+		lib/SecCodeSigner.cpp
+		lib/SecRequirement.cpp
+		lib/SecStaticCode.cpp
 		lib/sigblob.cpp
 		lib/signer.cpp
 		lib/signerutils.cpp
 		lib/singlediskrep.cpp
 		lib/slcrep.cpp
+		lib/StaticCode.cpp
 		lib/xar++.cpp
 		lib/xpcengine.cpp
+	INCLUDES
+		${SECURITY_PROJECT_DIR}/OSX/libsecurity_codesigning/antlr2
+		${SECURITY_PROJECT_DIR}/derived_src
+		${SECURITY_PROJECT_DIR}/cstemp
 )

OSX/libsecurity_codesigning/CodeSigningHelper/CMakeLists.txt

@@ -0,0 +1,26 @@
+project(CodeSigningHelper)
+
+include(darling_bundle)
+
+add_bundle(CodeSigningHelper ""
+	main.cpp
+)
+
+set_target_properties(CodeSigningHelper PROPERTIES
+	OUTPUT_NAME "com.apple.CodeSigningHelper"
+	PREFIX ""
+	SUFFIX ""
+)
+
+target_link_libraries(CodeSigningHelper
+	IOKit
+	CoreFoundation
+	Security
+	security_utilities
+
+	# implied dependencies
+	cxx
+	system
+)
+
+install(TARGETS CodeSigningHelper DESTINATION libexec/darling/System/Library/Frameworks/Security.framework/Versions/A/XPCServices)

OSX/libsecurity_comcryption/CMakeLists.txt

@@ -1,4 +1,6 @@
-add_darling_static_library(security_comcryption FAT
+project(libsecurity_comcryption)
+
+add_macos_legacy_lib(security_comcryption
 	SOURCES
 		lib/comcryption.c
 		lib/comcryptPriv.c

OSX/libsecurity_cryptkit/CMakeLists.txt

@@ -1,22 +1,17 @@
-add_definitions(
-	-DCK_SECURITY_BUILD
-)
+project(libsecurity_cryptkit)
 
-add_darling_static_library(security_cryptkit FAT
+add_macos_legacy_lib(security_cryptkit
 	SOURCES
-		lib/CryptKitAsn1.cpp
-		lib/CryptKitDER.cpp
-		lib/HmacSha1Legacy.c
 		lib/byteRep.c
 		lib/ckSHA1.c
 		lib/ckutilities.c
+		lib/CryptKitAsn1.cpp
+		lib/CryptKitDER.cpp
 		lib/curveParams.c
 		lib/elliptic.c
 		lib/ellipticProj.c
 		lib/enc64.c
-		lib/engineNSA127.c
 		lib/falloc.c
-		lib/feeDES.c
 		lib/feeDigitalSignature.c
 		lib/feeECDSA.c
 		lib/feeFEED.c
@@ -25,7 +20,8 @@ add_darling_static_library(security_cryptkit FAT
 		lib/feePublicKey.c
 		lib/feeRandom.c
 		lib/giantIntegers.c
-		lib/giantPort_PPC.c
-		lib/giantPort_PPC_Gnu.S
+		lib/HmacSha1Legacy.c
 		lib/platform.c
+	DEFINITIONS
+		CK_SECURITY_BUILD
 )

OSX/libsecurity_cssm/CMakeLists.txt

@@ -1,23 +1,21 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_cssm)
 
-add_darling_static_library(security_cssm FAT
+add_macos_legacy_lib(security_cssm
 	SOURCES
-		lib/attachment.cpp
-		lib/modloader.cpp
-		lib/cspattachment.cpp
-		lib/cssmcontext.cpp
-		lib/oidsalg.c
-		lib/modload_plugin.cpp
-		lib/oidscrl.cpp
 		lib/attachfactory.cpp
-		lib/cssmmds.cpp
-		lib/modload_static.cpp
-		lib/transition.cpp
+		lib/attachment.cpp
+		lib/cspattachment.cpp
 		lib/cssm.cpp
-		lib/oidscert.cpp
-		lib/module.cpp
+		lib/cssmcontext.cpp
+		lib/cssmmds.cpp
 		lib/guids.cpp
 		lib/manager.cpp
+		lib/modload_plugin.cpp
+		lib/modload_static.cpp
+		lib/modloader.cpp
+		lib/module.cpp
+		lib/oidsalg.c
+		lib/oidscert.cpp
+		lib/oidscrl.cpp
+		lib/transition.cpp
 )

OSX/libsecurity_filedb/CMakeLists.txt

@@ -1,16 +1,14 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_filedb)
 
-add_darling_static_library(security_filedb FAT
+add_macos_legacy_lib(security_filedb
 	SOURCES
-		lib/DbQuery.cpp
-		lib/AtomicFile.cpp
 		lib/AppleDatabase.cpp
-		lib/MetaRecord.cpp
+		lib/AtomicFile.cpp
 		lib/DbIndex.cpp
+		lib/DbQuery.cpp
 		lib/DbValue.cpp
-		lib/SelectionPredicate.cpp
 		lib/MetaAttribute.cpp
+		lib/MetaRecord.cpp
 		lib/ReadWriteSection.cpp
+		lib/SelectionPredicate.cpp
 )

OSX/libsecurity_keychain/CMakeLists.txt

@@ -1,16 +1,14 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-	${CMAKE_CURRENT_SOURCE_DIR}/libDER
-)
+project(libsecurity_keychain)
 
-add_darling_static_library(security_keychain FAT
+add_macos_legacy_lib(security_keychain
 	SOURCES
-		lib/ACL.cpp
 		lib/Access.cpp
-		lib/CCallbackMgr.cpp
+		lib/ACL.cpp
+		lib/CCallbackMgr.cp
 		lib/Certificate.cpp
-		lib/CertificateRequest.cpp
 		lib/CertificateValues.cpp
+		lib/cssmdatetime.cpp
+		lib/defaultcreds.cpp
 		lib/DLDBListCFPref.cpp
 		lib/DynamicDLDBList.cpp
 		lib/ExtendedAttribute.cpp
@@ -21,25 +19,21 @@ add_darling_static_library(security_keychain FAT
 		lib/KCCursor.cpp
 		lib/KCEventNotifier.cpp
 		lib/KCUtilities.cpp
-		lib/KeyItem.cpp
 		lib/Keychains.cpp
+		lib/KeyItem.cpp
 		lib/Password.cpp
 		lib/Policies.cpp
 		lib/PolicyCursor.cpp
 		lib/PrimaryKey.cpp
-		lib/SecACL.cpp
 		lib/SecAccess.cpp
+		lib/SecACL.cpp
 		lib/SecBase.cpp
-		lib/SecBase64P.c
-		lib/SecCFTypes.cpp
 		lib/SecCertificate.cpp
 		lib/SecCertificateBundle.cpp
-		lib/SecCertificateP.c
-		lib/SecCertificateRequest.cpp
+		lib/SecCFTypes.cpp
 		lib/SecExport.cpp
 		lib/SecExternalRep.cpp
 		lib/SecFDERecoveryAsymmetricCrypto.cpp
-		lib/SecFrameworkP.c
 		lib/SecIdentity.cpp
 		lib/SecIdentitySearch.cpp
 		lib/SecImport.cpp
@@ -66,32 +60,20 @@ add_darling_static_library(security_keychain FAT
 		lib/SecRandom.c
 		lib/SecRecoveryPassword.c
 		lib/SecTrust.cpp
+		lib/SecTrustedApplication.cpp
 		lib/SecTrustOSXEntryPoints.cpp
 		lib/SecTrustSettings.cpp
-		lib/SecTrustedApplication.cpp
 		lib/SecWrappedKeys.cpp
 		lib/StorageManager.cpp
 		lib/TokenLogin.cpp
 		lib/Trust.cpp
 		lib/TrustAdditions.cpp
+		lib/TrustedApplication.cpp
 		lib/TrustItem.cpp
 		lib/TrustRevocation.cpp
 		lib/TrustSettings.cpp
 		lib/TrustSettingsUtils.cpp
 		lib/TrustStore.cpp
-		lib/TrustedApplication.cpp
-		lib/UnlockReferralItem.cpp
-		lib/cssmdatetime.cpp
-		lib/defaultcreds.cpp
 		lib/tsaDERUtilities.c
-)
-
-add_darling_static_library(security_keychain_DER FAT
-	SOURCES
-		libDER/libDER/DER_Decode.c
-		libDER/libDER/DER_Encode.c
-		libDER/libDER/DER_Keys.c
-		libDER/libDER/DER_Digest.c
-		libDER/libDER/oids.c
-		libDER/libDER/DER_CertCrl.c
+		lib/UnlockReferralItem.cpp
 )

OSX/libsecurity_keychain/xpc-tsa/CMakeLists.txt

@@ -0,0 +1,18 @@
+project(XPCTimeStampingService)
+
+add_darling_executable(XPCTimeStampingService
+	main-tsa.m
+	timestampclient.m
+)
+
+target_link_libraries(XPCTimeStampingService
+	Foundation
+	Security
+	CoreFoundation
+
+	# implied dependencies
+	objc
+	system
+)
+
+install(TARGETS XPCTimeStampingService DESTINATION libexec/darling/System/Library/Frameworks/Security.framework/Versions/A/XPCServices)

OSX/libsecurity_keychain/xpc/CMakeLists.txt

@@ -0,0 +1,17 @@
+project(XPCKeychainSandboxCheck)
+
+add_darling_executable(XPCKeychainSandboxCheck
+	main.c
+)
+target_compile_options(XPCKeychainSandboxCheck PRIVATE
+	-fobjc-arc
+)
+
+target_link_libraries(XPCKeychainSandboxCheck
+	CoreFoundation
+
+	# implied dependencies
+	system
+)
+
+install(TARGETS XPCKeychainSandboxCheck DESTINATION libexec/darling/System/Library/Frameworks/Security.framework/Versions/A/XPCServices)

OSX/libsecurity_manifest/CMakeLists.txt

@@ -1,15 +1,13 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_manifest)
 
-add_darling_static_library(security_manifest FAT
+add_macos_legacy_lib(security_manifest
 	SOURCES
-		lib/ManifestSigner.cpp
-		lib/Manifest.cpp
-		lib/SecManifest.cpp
-		lib/SecureDownloadInternal.c
-		lib/SecureDownload.cpp
-		lib/ManifestInternal.cpp
-		lib/Download.cpp
 		lib/AppleManifest.cpp
+		lib/Download.cpp
+		lib/Manifest.cpp
+		lib/ManifestInternal.cpp
+		lib/ManifestSigner.cpp
+		lib/SecManifest.cpp
+		lib/SecureDownload.cpp
+		lib/SecureDownloadInternal.c
 )

OSX/libsecurity_mds/CMakeLists.txt

@@ -1,16 +1,14 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_mds)
 
-add_darling_static_library(security_mds FAT
+add_macos_legacy_lib(security_mds
 	SOURCES
-		lib/MDSDictionary.cpp
-		lib/MDSDatabase.cpp
-		lib/MDSAttrParser.cpp
-		lib/MDSSchema.cpp
-		lib/MDSModule.cpp
-		lib/MDSAttrUtils.cpp
-		lib/MDSAttrStrings.cpp
-		lib/MDSSession.cpp
 		lib/mdsapi.cpp
+		lib/MDSAttrParser.cpp
+		lib/MDSAttrStrings.cpp
+		lib/MDSAttrUtils.cpp
+		lib/MDSDatabase.cpp
+		lib/MDSDictionary.cpp
+		lib/MDSModule.cpp
+		lib/MDSSchema.cpp
+		lib/MDSSession.cpp
 )

OSX/libsecurity_ocspd/CMakeLists.txt

@@ -1,15 +1,21 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/common
-)
+project(libsecurity_ocspd)
 
-add_darling_static_library(security_ocspd FAT
+set(MIG_USER_SOURCE_SUFFIX "_client.cpp")
+set(MIG_SERVER_SOURCE_SUFFIX "_server.cpp")
+mig(mig/ocspd.defs)
+
+add_macos_legacy_lib(security_ocspd
 	SOURCES
-		mig/ocspd_client.cpp
-		common/ocspdDbSchema.cpp
-		mig/ocspd.defs
-		common/ocspResponse.cpp
-		mig/ocspd_server.cpp
 		client/ocspdClient.cpp
-		common/ocspExtensions.cpp
+		common/ocspdDbSchema.cpp
 		common/ocspdUtils.cpp
+		common/ocspExtensions.cpp
+		common/ocspResponse.cpp
+
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ocspd_client.cpp
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ocspd_server.cpp
+
+	INCLUDES
+		${CMAKE_CURRENT_BINARY_DIR}/mig
+		${CMAKE_CURRENT_SOURCE_DIR}/common
 )

OSX/libsecurity_ocspd/client/ocspdClient.cpp

@@ -32,7 +32,11 @@
 #include <security_utilities/threading.h>
 #include <security_utilities/mach++.h>
 #include <security_utilities/unix++.h>
+#ifdef DARLING
+#include "ocspd.h"
+#else
 #include <security_ocspd/ocspd.h>			/* MIG interface */
+#endif
 #include <Security/SecBase.h>
 class ocspdGlobals
 {

OSX/libsecurity_pkcs12/CMakeLists.txt

@@ -1,14 +1,16 @@
-add_darling_static_library(security_pkcs12 FAT
+project(libsecurity_pkcs12)
+
+add_macos_legacy_lib(security_pkcs12
 	SOURCES
-		lib/pkcs12Crypto.cpp
-		lib/pkcs12Utils.cpp
-		lib/pkcs12Decode.cpp
 		lib/pkcs12BagAttrs.cpp
 		lib/pkcs12Coder.cpp
+		lib/pkcs12Crypto.cpp
+		lib/pkcs12Decode.cpp
 		lib/pkcs12Encode.cpp
-		lib/SecPkcs12.cpp
-		lib/pkcs12SafeBag.cpp
 		lib/pkcs12Keychain.cpp
-		lib/pkcs7Templates.cpp
+		lib/pkcs12SafeBag.cpp
 		lib/pkcs12Templates.cpp
+		lib/pkcs12Utils.cpp
+		lib/pkcs7Templates.cpp
+		lib/SecPkcs12.cpp
 )

OSX/libsecurity_sd_cspdl/CMakeLists.txt

@@ -1,16 +1,14 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_sd_cspdl)
 
-add_darling_static_library(security_sd_cspdl FAT
+add_macos_legacy_lib(security_sd_cspdl
 	SOURCES
-		lib/SDCSPSession.cpp
-		lib/SDCSPDLDatabase.cpp
-		lib/SDDLSession.cpp
 		lib/SDContext.cpp
+		lib/SDCSPDLBuiltin.cpp
+		lib/SDCSPDLDatabase.cpp
+		lib/SDCSPDLPlugin.cpp
 		lib/SDCSPDLSession.cpp
+		lib/SDCSPSession.cpp
+		lib/SDDLSession.cpp
 		lib/SDFactory.cpp
 		lib/SDKey.cpp
-		lib/SDCSPDLPlugin.cpp
-		lib/SDCSPDLBuiltin.cpp
 )

OSX/libsecurity_smime/CMakeLists.txt

@@ -1,38 +0,0 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
-
-add_definitions(-DcmsSimpleContentInfoTemplate=SecCmsContentInfoTemplate)
-
-add_darling_static_library(security_smime FAT
-	SOURCES
-		lib/cert.c
-		lib/cmsarray.c
-		lib/cmsasn1.c
-		lib/cmsattr.c
-		lib/cmscinfo.c
-		lib/cmscipher.c
-		lib/SecCMS.c
-		lib/cmsdecode.c
-		lib/cmsdigdata.c
-		lib/cmsdigest.c
-		lib/cmsencdata.c
-		lib/cmsencode.c
-		lib/cmsenvdata.c
-		lib/cmsmessage.c
-		lib/cmspubkey.c
-		lib/cmsrecinfo.c
-		lib/cmsreclist.c
-		lib/cmssigdata.c
-		lib/cmssiginfo.c
-		lib/cmsutil.c
-		lib/cryptohi.c
-		lib/plhash.c
-		lib/secalgid.c
-		lib/secitem.c
-		lib/secoid.c
-		lib/smimeutil.c
-		lib/siginfoUtils.cpp
-		lib/tsaTemplates.c
-		lib/tsaSupport.c
-)

OSX/libsecurity_ssl/CMakeLists.txt

@@ -1,16 +1,18 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_ssl)
 
-add_darling_static_library(security_ssl FAT
+add_macos_legacy_lib(security_ssl
 	SOURCES
-		lib/sslRecord.c
+		../../protocol/SecProtocol.c
+		../../protocol/SecProtocolConfiguration.m
+		../../protocol/SecProtocolHelper.m
+		../../protocol/SecProtocolTypes.m
+		lib/sslCipherSpecs.c
 		lib/sslContext.c
-		lib/tlsCallbacks.c
-		lib/SSLRecordInternal.c
+		lib/sslCrypto.c
 		lib/sslKeychain.c
 		lib/sslMemory.c
+		lib/sslRecord.c
+		lib/SSLRecordInternal.c
 		lib/sslTransport.c
-		lib/sslCipherSpecs.c
-		lib/sslCrypto.c
+		lib/tlsCallbacks.c
 )

OSX/libsecurity_transform/CMakeLists.txt

@@ -1,36 +1,36 @@
-add_definitions(
-	-DCOM_APPLE_SECURITY_SANE_INCLUDES
-)
+project(libsecurity_transform)
 
-add_darling_static_library(security_transform FAT
+add_macos_legacy_lib(security_transform
 	SOURCES
 		lib/c++utils.cpp
-		lib/Source.cpp
-		lib/EncryptTransform.cpp
-		lib/SecSignVerifyTransform.c
-		lib/GroupTransform.cpp
-		lib/SecCustomTransform.cpp
-		lib/SecExternalSourceTransform.cpp
-		lib/StreamSource.cpp
-		lib/SecGroupTransform.cpp
-		lib/misc.c
-		lib/SecEncryptTransform.cpp
-		lib/Digest.cpp
-		lib/SecMaskGenerationFunctionTransform.c
-		lib/LinkedList.cpp
-		lib/CoreFoundationBasics.cpp
-		lib/SingleShotSource.cpp
 		lib/CEncryptDecrypt.c
-		lib/SecNullTransform.cpp
-		lib/NullTransform.cpp
+		lib/CoreFoundationBasics.cpp
+		lib/Digest.cpp
 		lib/EncodeDecodeTransforms.c
+		lib/EncryptTransform.cpp
+		lib/EncryptTransformUtilities.cpp
+		lib/GroupTransform.cpp
+		lib/LinkedList.cpp
+		lib/misc.c
+		lib/Monitor.cpp
+		lib/NullTransform.cpp
+		lib/SecCollectTransform.cpp
+		lib/SecCustomTransform.cpp
+		lib/SecDigestTransform.cpp
+		lib/SecEncryptTransform.cpp
+		lib/SecExternalSourceTransform.cpp
+		lib/SecGroupTransform.cpp
+		lib/SecMaskGenerationFunctionTransform.c
+		lib/SecNullTransform.cpp
+		lib/SecSignVerifyTransform.c
 		lib/SecTransform.cpp
+		lib/SecTransformReadTransform.cpp
+		lib/SingleShotSource.cpp
+		lib/Source.cpp
+		lib/StreamSource.cpp
 		lib/Transform.cpp
 		lib/TransformFactory.cpp
-		lib/EncryptTransformUtilities.cpp
-		lib/SecTransformReadTransform.cpp
-		lib/Monitor.cpp
-		lib/SecDigestTransform.cpp
-		lib/SecCollectTransform.cpp
 		lib/Utilities.cpp
+	DEFINITIONS
+		COM_APPLE_SECURITY_SANE_INCLUDES
 )

OSX/libsecurity_translocate/CMakeLists.txt

@@ -1,12 +1,14 @@
-add_darling_static_library(security_translocate FAT
+project(libsecurity_translocate)
+
+add_macos_legacy_lib(security_translocate
 	SOURCES
 		lib/SecTranslocate.cpp
-		lib/SecTranslocateShared.cpp
-		lib/SecTranslocateLSNotification.cpp
-		lib/SecTranslocateUtilities.cpp
-		lib/SecTranslocateDANotification.cpp
-		lib/SecTranslocateServer.cpp
-		lib/SecTranslocateInterface.cpp
 		lib/SecTranslocateClient.cpp
+		lib/SecTranslocateDANotification.cpp
+		lib/SecTranslocateInterface.cpp
+		lib/SecTranslocateLSNotification.cpp
+		lib/SecTranslocateServer.cpp
+		lib/SecTranslocateShared.cpp
+		lib/SecTranslocateUtilities.cpp
 		lib/SecTranslocateXPCServer.cpp
 )

OSX/libsecurity_utilities/CMakeLists.txt

@@ -1,68 +1,61 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
-)
+project(libsecurity_utilities)
 
-add_darling_static_library(security_utilities FAT
+mig(lib/mach_notify.defs)
+
+add_macos_legacy_lib(security_utilities
 	SOURCES
-		lib/cfmach++.cpp
-		lib/hashing.cpp
-		lib/devrandom.cpp
-		lib/headermap.cpp
-		lib/pcsc++.cpp
-		lib/ccaudit.cpp
-		lib/cfmunge.cpp
-		lib/url.cpp
-		lib/seccfobject.cpp
-		lib/superblob.cpp
-		lib/dyldcache.cpp
-		lib/buffers.cpp
-		lib/simpleprefs.cpp
-		lib/logging.cpp
-		lib/threading.cpp
-		lib/tqueue.cpp
-		lib/timeflow.cpp
-		lib/trackingallocator.cpp
-		lib/utilities.cpp
-		lib/machserver.cpp
-		lib/cfutilities.cpp
-		lib/mach_notify.c
-		lib/crc.c
-		lib/hosts.cpp
-		lib/sqlite++.cpp
-		lib/dispatch.cpp
-		lib/selector.cpp
-		lib/inetreply.cpp
-		lib/fdsel.cpp
-		lib/fdmover.cpp
-		lib/socks++4.cpp
-		lib/FileLockTransaction.cpp
-		lib/socks++5.cpp
+		lib/adornments.cpp
+		lib/alloc.cpp
 		lib/blob.cpp
-		lib/typedvalue.cpp
-		lib/ip++.cpp
-		lib/errors.cpp
+		lib/ccaudit.cpp
+		lib/cfclass.cpp
+		lib/cfmach++.cpp
+		lib/cfmunge.cpp
+		lib/cfutilities.cpp
+		lib/coderepository.cpp
+		lib/crc.c
+		lib/CSPDLTransaction.cpp
+		lib/daemon.cpp
+		lib/debugging_internal.cpp
+		lib/dispatch.cpp
+		lib/dyldcache.cpp
 		lib/endian.cpp
+		lib/errors.cpp
+		lib/FileLockTransaction.cpp
+		lib/globalizer.cpp
+		lib/hashing.cpp
+		lib/kq++.cpp
+		lib/logging.cpp
+		lib/mach++.cpp
+		lib/macho++.cpp
+		lib/machserver.cpp
+		lib/muscle++.cpp
+		lib/osxcode.cpp
+		lib/pcsc++.cpp
+		lib/powerwatch.cpp
+		lib/seccfobject.cpp
+		lib/simpleprefs.cpp
+		lib/sqlite++.cpp
+		lib/superblob.cpp
+		lib/threading.cpp
+		lib/timeflow.cpp
+		lib/tqueue.cpp
+		lib/trackingallocator.cpp
 		lib/transactions.cpp
 		lib/unix++.cpp
-		lib/coderepository.cpp
-		lib/iodevices.cpp
-		lib/alloc.cpp
-		lib/vproc++.cpp
-		lib/muscle++.cpp
-		lib/adornments.cpp
-		lib/debugging_internal.cpp
-		lib/streams.cpp
-		lib/cfclass.cpp
-		lib/mach++.cpp
 		lib/unixchild.cpp
-		lib/CSPDLTransaction.cpp
-		lib/macho++.cpp
-		lib/bufferfifo.cpp
-		lib/socks++.cpp
-		lib/osxcode.cpp
-		lib/globalizer.cpp
-		lib/powerwatch.cpp
-		lib/daemon.cpp
-		lib/machrunloopserver.cpp
-		lib/kq++.cpp
+		lib/utilities.cpp
+
+		${CMAKE_CURRENT_BINARY_DIR}/lib/mach_notifyServer.c
+	INCLUDES
+		${SECURITY_PROJECT_DIR}/OSX/libsecurity_cssm/lib
+		${SECURITY_PROJECT_DIR}/header_symlinks/iOS
+		${SECURITY_PROJECT_DIR}/header_symlinks/macOS
+		${SECURITY_PROJECT_DIR}/header_symlinks/Security
+		${SECURITY_PROJECT_DIR}/OSX/include
+		${SECURITY_PROJECT_DIR}
+		${SECURITY_PROJECT_DIR}/OSX/libsecurity_apple_csp/open_ssl
+		${SECURITY_PROJECT_DIR}/OSX/libsecurity_utilities/lib
+
+		${CMAKE_CURRENT_BINARY_DIR}/lib
 )

OSX/libsecurity_utilities/lib/debugging.h

@@ -0,0 +1 @@
+../../utilities/debugging.h

OSX/libsecurity_utilities/lib/utilities_dtrace.h

@@ -0,0 +1,573 @@
+/*
+ * Generated by dtrace(1M).
+ */
+
+#ifndef	_UTILITIES_DTRACE_H
+#define	_UTILITIES_DTRACE_H
+
+#include <unistd.h>
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+#define SECURITY_DEBUG_STABILITY "___dtrace_stability$security_debug$v1$1_1_0_1_1_0_1_1_0_1_1_0_1_1_0"
+
+#define SECURITY_DEBUG_TYPEDEFS "___dtrace_typedefs$security_debug$v2"
+
+#if !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED
+
+#define	SECURITY_DEBUG_DELAY(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_DEBUG_TYPEDEFS); \
+	__dtrace_probe$security_debug$delay$v1$63686172202a(arg0); \
+	__asm__ volatile(".reference " SECURITY_DEBUG_STABILITY); \
+} while (0)
+#define	SECURITY_DEBUG_DELAY_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_debug$delay$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_DEBUG_LOG(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_DEBUG_TYPEDEFS); \
+	__dtrace_probe$security_debug$log$v1$63686172202a$63686172202a(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_DEBUG_STABILITY); \
+} while (0)
+#define	SECURITY_DEBUG_LOG_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_debug$log$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_DEBUG_LOGP(arg0, arg1, arg2) \
+do { \
+	__asm__ volatile(".reference " SECURITY_DEBUG_TYPEDEFS); \
+	__dtrace_probe$security_debug$logp$v1$63686172202a$766f6964202a$63686172202a(arg0, arg1, arg2); \
+	__asm__ volatile(".reference " SECURITY_DEBUG_STABILITY); \
+} while (0)
+#define	SECURITY_DEBUG_LOGP_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_debug$logp$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_DEBUG_REFCOUNT_CREATE(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_DEBUG_TYPEDEFS); \
+	__dtrace_probe$security_debug$refcount__create$v1$766f6964202a(arg0); \
+	__asm__ volatile(".reference " SECURITY_DEBUG_STABILITY); \
+} while (0)
+#define	SECURITY_DEBUG_REFCOUNT_CREATE_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_debug$refcount__create$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_DEBUG_REFCOUNT_DOWN(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_DEBUG_TYPEDEFS); \
+	__dtrace_probe$security_debug$refcount__down$v1$766f6964202a$756e7369676e6564(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_DEBUG_STABILITY); \
+} while (0)
+#define	SECURITY_DEBUG_REFCOUNT_DOWN_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_debug$refcount__down$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_DEBUG_REFCOUNT_UP(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_DEBUG_TYPEDEFS); \
+	__dtrace_probe$security_debug$refcount__up$v1$766f6964202a$756e7369676e6564(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_DEBUG_STABILITY); \
+} while (0)
+#define	SECURITY_DEBUG_REFCOUNT_UP_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_debug$refcount__up$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_DEBUG_SEC_CREATE(arg0, arg1, arg2) \
+do { \
+	__asm__ volatile(".reference " SECURITY_DEBUG_TYPEDEFS); \
+	__dtrace_probe$security_debug$sec__create$v1$766f6964202a$63686172202a$756e7369676e6564(arg0, arg1, arg2); \
+	__asm__ volatile(".reference " SECURITY_DEBUG_STABILITY); \
+} while (0)
+#define	SECURITY_DEBUG_SEC_CREATE_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_debug$sec__create$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_DEBUG_SEC_DESTROY(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_DEBUG_TYPEDEFS); \
+	__dtrace_probe$security_debug$sec__destroy$v1$766f6964202a(arg0); \
+	__asm__ volatile(".reference " SECURITY_DEBUG_STABILITY); \
+} while (0)
+#define	SECURITY_DEBUG_SEC_DESTROY_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_debug$sec__destroy$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+
+
+extern void __dtrace_probe$security_debug$delay$v1$63686172202a(const char *);
+extern int __dtrace_isenabled$security_debug$delay$v1(void);
+extern void __dtrace_probe$security_debug$log$v1$63686172202a$63686172202a(const char *, const char *);
+extern int __dtrace_isenabled$security_debug$log$v1(void);
+extern void __dtrace_probe$security_debug$logp$v1$63686172202a$766f6964202a$63686172202a(const char *, const void *, const char *);
+extern int __dtrace_isenabled$security_debug$logp$v1(void);
+extern void __dtrace_probe$security_debug$refcount__create$v1$766f6964202a(const void *);
+extern int __dtrace_isenabled$security_debug$refcount__create$v1(void);
+extern void __dtrace_probe$security_debug$refcount__down$v1$766f6964202a$756e7369676e6564(const void *, unsigned);
+extern int __dtrace_isenabled$security_debug$refcount__down$v1(void);
+extern void __dtrace_probe$security_debug$refcount__up$v1$766f6964202a$756e7369676e6564(const void *, unsigned);
+extern int __dtrace_isenabled$security_debug$refcount__up$v1(void);
+extern void __dtrace_probe$security_debug$sec__create$v1$766f6964202a$63686172202a$756e7369676e6564(const void *, const char *, unsigned);
+extern int __dtrace_isenabled$security_debug$sec__create$v1(void);
+extern void __dtrace_probe$security_debug$sec__destroy$v1$766f6964202a(const void *);
+extern int __dtrace_isenabled$security_debug$sec__destroy$v1(void);
+
+#else
+
+#define	SECURITY_DEBUG_DELAY(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_DEBUG_DELAY_ENABLED() (0)
+#define	SECURITY_DEBUG_LOG(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_DEBUG_LOG_ENABLED() (0)
+#define	SECURITY_DEBUG_LOGP(arg0, arg1, arg2) \
+do { \
+	} while (0)
+#define	SECURITY_DEBUG_LOGP_ENABLED() (0)
+#define	SECURITY_DEBUG_REFCOUNT_CREATE(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_DEBUG_REFCOUNT_CREATE_ENABLED() (0)
+#define	SECURITY_DEBUG_REFCOUNT_DOWN(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_DEBUG_REFCOUNT_DOWN_ENABLED() (0)
+#define	SECURITY_DEBUG_REFCOUNT_UP(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_DEBUG_REFCOUNT_UP_ENABLED() (0)
+#define	SECURITY_DEBUG_SEC_CREATE(arg0, arg1, arg2) \
+do { \
+	} while (0)
+#define	SECURITY_DEBUG_SEC_CREATE_ENABLED() (0)
+#define	SECURITY_DEBUG_SEC_DESTROY(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_DEBUG_SEC_DESTROY_ENABLED() (0)
+
+#endif /* !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED */
+
+#define SECURITY_EXCEPTION_STABILITY "___dtrace_stability$security_exception$v1$1_1_0_1_1_0_1_1_0_1_1_0_1_1_0"
+
+#define SECURITY_EXCEPTION_TYPEDEFS "___dtrace_typedefs$security_exception$v2$4454457863657074696f6e"
+
+#if !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED
+
+#define	SECURITY_EXCEPTION_COPY(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$copy$v1$4454457863657074696f6e$4454457863657074696f6e(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_COPY_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$copy$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_HANDLED(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$handled$v1$4454457863657074696f6e(arg0); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_HANDLED_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$handled$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_THROW_CF(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$throw__cf$v1$4454457863657074696f6e(arg0); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_THROW_CF_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$throw__cf$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_THROW_CSSM(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$throw__cssm$v1$4454457863657074696f6e$756e7369676e6564(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_THROW_CSSM_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$throw__cssm$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_THROW_MACH(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$throw__mach$v1$4454457863657074696f6e$696e74(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_THROW_MACH_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$throw__mach$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_THROW_OSSTATUS(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$throw__osstatus$v1$4454457863657074696f6e$696e74(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_THROW_OSSTATUS_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$throw__osstatus$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_THROW_OTHER(arg0, arg1, arg2) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$throw__other$v1$4454457863657074696f6e$756e7369676e6564$63686172202a(arg0, arg1, arg2); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_THROW_OTHER_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$throw__other$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_THROW_PCSC(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$throw__pcsc$v1$4454457863657074696f6e$756e7369676e6564(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_THROW_PCSC_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$throw__pcsc$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_THROW_SQLITE(arg0, arg1, arg2) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$throw__sqlite$v1$4454457863657074696f6e$696e74$63686172202a(arg0, arg1, arg2); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_THROW_SQLITE_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$throw__sqlite$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_EXCEPTION_THROW_UNIX(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_TYPEDEFS); \
+	__dtrace_probe$security_exception$throw__unix$v1$4454457863657074696f6e$696e74(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_EXCEPTION_STABILITY); \
+} while (0)
+#define	SECURITY_EXCEPTION_THROW_UNIX_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_exception$throw__unix$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+
+
+extern void __dtrace_probe$security_exception$copy$v1$4454457863657074696f6e$4454457863657074696f6e(DTException, DTException);
+extern int __dtrace_isenabled$security_exception$copy$v1(void);
+extern void __dtrace_probe$security_exception$handled$v1$4454457863657074696f6e(DTException);
+extern int __dtrace_isenabled$security_exception$handled$v1(void);
+extern void __dtrace_probe$security_exception$throw__cf$v1$4454457863657074696f6e(DTException);
+extern int __dtrace_isenabled$security_exception$throw__cf$v1(void);
+extern void __dtrace_probe$security_exception$throw__cssm$v1$4454457863657074696f6e$756e7369676e6564(DTException, unsigned);
+extern int __dtrace_isenabled$security_exception$throw__cssm$v1(void);
+extern void __dtrace_probe$security_exception$throw__mach$v1$4454457863657074696f6e$696e74(DTException, int);
+extern int __dtrace_isenabled$security_exception$throw__mach$v1(void);
+extern void __dtrace_probe$security_exception$throw__osstatus$v1$4454457863657074696f6e$696e74(DTException, int);
+extern int __dtrace_isenabled$security_exception$throw__osstatus$v1(void);
+extern void __dtrace_probe$security_exception$throw__other$v1$4454457863657074696f6e$756e7369676e6564$63686172202a(DTException, unsigned, const char *);
+extern int __dtrace_isenabled$security_exception$throw__other$v1(void);
+extern void __dtrace_probe$security_exception$throw__pcsc$v1$4454457863657074696f6e$756e7369676e6564(DTException, unsigned);
+extern int __dtrace_isenabled$security_exception$throw__pcsc$v1(void);
+extern void __dtrace_probe$security_exception$throw__sqlite$v1$4454457863657074696f6e$696e74$63686172202a(DTException, int, const char *);
+extern int __dtrace_isenabled$security_exception$throw__sqlite$v1(void);
+extern void __dtrace_probe$security_exception$throw__unix$v1$4454457863657074696f6e$696e74(DTException, int);
+extern int __dtrace_isenabled$security_exception$throw__unix$v1(void);
+
+#else
+
+#define	SECURITY_EXCEPTION_COPY(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_COPY_ENABLED() (0)
+#define	SECURITY_EXCEPTION_HANDLED(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_HANDLED_ENABLED() (0)
+#define	SECURITY_EXCEPTION_THROW_CF(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_THROW_CF_ENABLED() (0)
+#define	SECURITY_EXCEPTION_THROW_CSSM(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_THROW_CSSM_ENABLED() (0)
+#define	SECURITY_EXCEPTION_THROW_MACH(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_THROW_MACH_ENABLED() (0)
+#define	SECURITY_EXCEPTION_THROW_OSSTATUS(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_THROW_OSSTATUS_ENABLED() (0)
+#define	SECURITY_EXCEPTION_THROW_OTHER(arg0, arg1, arg2) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_THROW_OTHER_ENABLED() (0)
+#define	SECURITY_EXCEPTION_THROW_PCSC(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_THROW_PCSC_ENABLED() (0)
+#define	SECURITY_EXCEPTION_THROW_SQLITE(arg0, arg1, arg2) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_THROW_SQLITE_ENABLED() (0)
+#define	SECURITY_EXCEPTION_THROW_UNIX(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_EXCEPTION_THROW_UNIX_ENABLED() (0)
+
+#endif /* !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED */
+
+#define SECURITY_MACHSERVER_STABILITY "___dtrace_stability$security_machserver$v1$1_1_0_1_1_0_1_1_0_1_1_0_1_1_0"
+
+#define SECURITY_MACHSERVER_TYPEDEFS "___dtrace_typedefs$security_machserver$v2"
+
+#if !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED
+
+#define	SECURITY_MACHSERVER_ALLOC_REGISTER(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$alloc__register$v1$766f6964202a$766f6964202a(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_ALLOC_REGISTER_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$alloc__register$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_ALLOC_RELEASE(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$alloc__release$v1$766f6964202a$766f6964202a(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_ALLOC_RELEASE_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$alloc__release$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_BEGIN(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$begin$v1$756e7369676e6564$696e74(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_BEGIN_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$begin$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_END() \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$end$v1(); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_END_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$end$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_END_THREAD(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$end_thread$v1$696e74(arg0); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_END_THREAD_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$end_thread$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_PORT_ADD(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$port__add$v1$756e7369676e6564(arg0); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_PORT_ADD_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$port__add$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_PORT_REMOVE(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$port__remove$v1$756e7369676e6564(arg0); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_PORT_REMOVE_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$port__remove$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_REAP(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$reap$v1$756e7369676e6564$756e7369676e6564(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_REAP_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$reap$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_RECEIVE(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$receive$v1$646f75626c65(arg0); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_RECEIVE_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$receive$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_RECEIVE_ERROR(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$receive_error$v1$756e7369676e6564(arg0); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_RECEIVE_ERROR_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$receive_error$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_SEND_ERROR(arg0, arg1) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$send_error$v1$756e7369676e6564$756e7369676e6564(arg0, arg1); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_SEND_ERROR_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$send_error$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_START_THREAD(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$start_thread$v1$696e74(arg0); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_START_THREAD_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$start_thread$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_TIMER_END(arg0) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$timer__end$v1$696e74(arg0); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_TIMER_END_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$timer__end$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+#define	SECURITY_MACHSERVER_TIMER_START(arg0, arg1, arg2) \
+do { \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_TYPEDEFS); \
+	__dtrace_probe$security_machserver$timer__start$v1$766f6964202a$696e74$646f75626c65(arg0, arg1, arg2); \
+	__asm__ volatile(".reference " SECURITY_MACHSERVER_STABILITY); \
+} while (0)
+#define	SECURITY_MACHSERVER_TIMER_START_ENABLED() \
+	({ int _r = __dtrace_isenabled$security_machserver$timer__start$v1(); \
+		__asm__ volatile(""); \
+		_r; })
+
+
+extern void __dtrace_probe$security_machserver$alloc__register$v1$766f6964202a$766f6964202a(const void *, const void *);
+extern int __dtrace_isenabled$security_machserver$alloc__register$v1(void);
+extern void __dtrace_probe$security_machserver$alloc__release$v1$766f6964202a$766f6964202a(const void *, const void *);
+extern int __dtrace_isenabled$security_machserver$alloc__release$v1(void);
+extern void __dtrace_probe$security_machserver$begin$v1$756e7369676e6564$696e74(unsigned, int);
+extern int __dtrace_isenabled$security_machserver$begin$v1(void);
+extern void __dtrace_probe$security_machserver$end$v1(void);
+extern int __dtrace_isenabled$security_machserver$end$v1(void);
+extern void __dtrace_probe$security_machserver$end_thread$v1$696e74(int);
+extern int __dtrace_isenabled$security_machserver$end_thread$v1(void);
+extern void __dtrace_probe$security_machserver$port__add$v1$756e7369676e6564(unsigned);
+extern int __dtrace_isenabled$security_machserver$port__add$v1(void);
+extern void __dtrace_probe$security_machserver$port__remove$v1$756e7369676e6564(unsigned);
+extern int __dtrace_isenabled$security_machserver$port__remove$v1(void);
+extern void __dtrace_probe$security_machserver$reap$v1$756e7369676e6564$756e7369676e6564(unsigned, unsigned);
+extern int __dtrace_isenabled$security_machserver$reap$v1(void);
+extern void __dtrace_probe$security_machserver$receive$v1$646f75626c65(double);
+extern int __dtrace_isenabled$security_machserver$receive$v1(void);
+extern void __dtrace_probe$security_machserver$receive_error$v1$756e7369676e6564(unsigned);
+extern int __dtrace_isenabled$security_machserver$receive_error$v1(void);
+extern void __dtrace_probe$security_machserver$send_error$v1$756e7369676e6564$756e7369676e6564(unsigned, unsigned);
+extern int __dtrace_isenabled$security_machserver$send_error$v1(void);
+extern void __dtrace_probe$security_machserver$start_thread$v1$696e74(int);
+extern int __dtrace_isenabled$security_machserver$start_thread$v1(void);
+extern void __dtrace_probe$security_machserver$timer__end$v1$696e74(int);
+extern int __dtrace_isenabled$security_machserver$timer__end$v1(void);
+extern void __dtrace_probe$security_machserver$timer__start$v1$766f6964202a$696e74$646f75626c65(const void *, int, double);
+extern int __dtrace_isenabled$security_machserver$timer__start$v1(void);
+
+#else
+
+#define	SECURITY_MACHSERVER_ALLOC_REGISTER(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_ALLOC_REGISTER_ENABLED() (0)
+#define	SECURITY_MACHSERVER_ALLOC_RELEASE(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_ALLOC_RELEASE_ENABLED() (0)
+#define	SECURITY_MACHSERVER_BEGIN(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_BEGIN_ENABLED() (0)
+#define	SECURITY_MACHSERVER_END() \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_END_ENABLED() (0)
+#define	SECURITY_MACHSERVER_END_THREAD(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_END_THREAD_ENABLED() (0)
+#define	SECURITY_MACHSERVER_PORT_ADD(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_PORT_ADD_ENABLED() (0)
+#define	SECURITY_MACHSERVER_PORT_REMOVE(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_PORT_REMOVE_ENABLED() (0)
+#define	SECURITY_MACHSERVER_REAP(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_REAP_ENABLED() (0)
+#define	SECURITY_MACHSERVER_RECEIVE(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_RECEIVE_ENABLED() (0)
+#define	SECURITY_MACHSERVER_RECEIVE_ERROR(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_RECEIVE_ERROR_ENABLED() (0)
+#define	SECURITY_MACHSERVER_SEND_ERROR(arg0, arg1) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_SEND_ERROR_ENABLED() (0)
+#define	SECURITY_MACHSERVER_START_THREAD(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_START_THREAD_ENABLED() (0)
+#define	SECURITY_MACHSERVER_TIMER_END(arg0) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_TIMER_END_ENABLED() (0)
+#define	SECURITY_MACHSERVER_TIMER_START(arg0, arg1, arg2) \
+do { \
+	} while (0)
+#define	SECURITY_MACHSERVER_TIMER_START_ENABLED() (0)
+
+#endif /* !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED */
+
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif	/* _UTILITIES_DTRACE_H */

OSX/libsecurityd/CMakeLists.txt

@@ -1,33 +1,63 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/mig
-	${CMAKE_CURRENT_SOURCE_DIR}/lib
+project(libsecurityd)
+
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/mig)
+
+set(MIG_USER_SOURCE_SUFFIX "Client.cpp")
+set(MIG_SERVER_SOURCE_SUFFIX "Server.cpp")
+mig(mig/ucsp.defs)
+
+set(MIG_USER_SOURCE_SUFFIX "Sender.cpp")
+set(MIG_SERVER_SOURCE_SUFFIX "Receiver.cpp")
+mig(mig/ucspNotify.defs)
+
+file(MAKE_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/mig")
+file(CREATE_LINK "ucspClient.cpp" "${CMAKE_CURRENT_BINARY_DIR}/mig/ucspClientC.c" SYMBOLIC)
+
+# we don't need to make these depend on their targets because they will alreday be generated
+# for the targets that need them
+file(MAKE_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/mig/securityd_client")
+file(CREATE_LINK "../ucsp.h" "${CMAKE_CURRENT_BINARY_DIR}/mig/securityd_client/ucsp.h" SYMBOLIC)
+file(CREATE_LINK "../ucspNotify.h" "${CMAKE_CURRENT_BINARY_DIR}/mig/securityd_client/ucspNotify.h" SYMBOLIC)
+
+add_custom_command(
+	OUTPUT
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ucspClientC.c
+	DEPENDS
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ucspClient.cpp
+	COMMAND
+		true
+	COMMENT "Generating MIG symlinks for libsecurityd libraries"
 )
 
-add_darling_static_library(securityd_client FAT
+add_macos_legacy_lib(securityd_client
 	SOURCES
 		lib/dictionary.cpp
-		lib/sec_xdr.c
+		lib/eventlistener.cpp
 		lib/sec_xdr_array.c
 		lib/sec_xdr_reference.c
-		lib/sec_xdrmem.c
 		lib/sec_xdr_sizeof.c
-		lib/xdr_auth.c
-		lib/xdr_cssm.c
-		lib/xdr_dldb.cpp
+		lib/sec_xdr.c
+		lib/sec_xdrmem.c
 		lib/SharedMemoryClient.cpp
-		lib/eventlistener.cpp
 		lib/ssblob.cpp
 		lib/ssclient.cpp
 		lib/sstransit.cpp
 		lib/transition.cpp
-		mig/ucspClient.cpp
-		mig/ucspNotifySender.cpp
-		mig/cshostingClient.cpp
-		mig/cshostingServer.cpp
+		lib/xdr_auth.c
+		lib/xdr_cssm.c
+		lib/xdr_dldb.cpp
+
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ucspClient.cpp
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ucspNotifySender.cpp
 )
 
-add_darling_static_library(securityd_server FAT
+add_macos_legacy_lib(securityd_server
 	SOURCES
-		mig/ucspNotifyReceiver.cpp
-		mig/ucspServer.cpp
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ucspNotifyReceiver.cpp
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ucspServer.cpp
+)
+
+add_macos_legacy_lib(securityd_ucspc
+	SOURCES
+		${CMAKE_CURRENT_BINARY_DIR}/mig/ucspClientC.c
 )

OSX/libsecurityd/lib/ss_types.defs

@@ -0,0 +1 @@
+../mig/ss_types.defs

OSX/sec/CMakeLists.txt

@@ -1,221 +0,0 @@
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}
-	${CMAKE_CURRENT_SOURCE_DIR}/ipc
-	${CMAKE_CURRENT_SOURCE_DIR}/SOSCircle/SecureObjectSync
-	${CMAKE_CURRENT_SOURCE_DIR}/SOSCircle/CKBridge
-	${CMAKE_CURRENT_SOURCE_DIR}/SOSCircle/Tool
-	${CMAKE_CURRENT_SOURCE_DIR}/Security
-	${CMAKE_CURRENT_SOURCE_DIR}/securityd
-	${CMAKE_CURRENT_SOURCE_DIR}/SharedWebCredential
-)
-
-add_definitions(
-	-DSEC_IOS_ON_OSX=1
-	-DNO_SERVER=1
-	-DOS_STATE_API_REQUEST=1
-	-DOS_STATE_DATA_PROTOCOL_BUFFER=1
-)
-
-add_darling_static_library(securityd FAT
-	SOURCES
-		securityd/asynchttp.c
-		securityd/iCloudTrace.c
-		securityd/nameconstraints.c
-		securityd/OTATrustUtilities.c
-		securityd/personalization.c
-		securityd/policytree.c
-		securityd/SecCAIssuerCache.c
-		securityd/SecCAIssuerRequest.c
-		securityd/SecCertificateSource.c
-		securityd/SecDbItem.c
-		securityd/SecDbKeychainItem.c
-		securityd/SecDbQuery.c
-		securityd/SecItemBackupServer.c
-		securityd/SecItemDataSource.c
-		securityd/SecItemDb.c
-		securityd/SecItemSchema.c
-		securityd/SecItemServer.c
-		securityd/SecKeybagSupport.c
-		securityd/SecLogSettingsServer.c
-		securityd/SecOCSPCache.c
-		securityd/SecOCSPRequest.c
-		securityd/SecOCSPResponse.c
-		securityd/SecOTRRemote.c
-		securityd/SecPolicyServer.c
-		securityd/SecRevocationDb.c
-		securityd/SecTrustLoggingServer.c
-		securityd/SecTrustServer.c
-		securityd/SecTrustStoreServer.c
-		securityd/SOSCloudCircleServer.c
-		securityd/spi.c
-)
-
-add_darling_static_library(SecOtrOSX FAT
-	SOURCES
-		Security/SecOTRDHKey.c
-		Security/SecOTRFullIdentity.c
-		Security/SecOTRMath.c
-		Security/SecOTRPacketData.c
-		Security/SecOTRPackets.c
-		Security/SecOTRPublicIdentity.c
-		Security/SecOTRSession.c
-		Security/SecOTRSessionAKE.c
-		Security/SecOTRUtils.c
-)
-
-add_darling_static_library(SecureObjectSync FAT
-	SOURCES
-		SOSCircle/Tool/accountCirclesViewsPrint.c
-		SOSCircle/SecureObjectSync/SOSBackupInformation.c
-		SOSCircle/SecureObjectSync/SOSAccount.c
-		SOSCircle/SecureObjectSync/SOSAccountBackup.c
-		SOSCircle/SecureObjectSync/SOSAccountCircles.c
-		SOSCircle/SecureObjectSync/SOSAccountSync.c
-		SOSCircle/SecureObjectSync/SOSAccountCloudParameters.c
-		SOSCircle/SecureObjectSync/SOSAccountCredentials.c
-		SOSCircle/SecureObjectSync/SOSAccountDer.c
-		SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.c
-		SOSCircle/SecureObjectSync/SOSAccountFullPeerInfo.c
-		SOSCircle/SecureObjectSync/SOSAccountHSAJoin.c
-		SOSCircle/SecureObjectSync/SOSAccountLog.c
-		SOSCircle/SecureObjectSync/SOSAccountPeers.c
-		SOSCircle/SecureObjectSync/SOSAccountPersistence.c
-		SOSCircle/SecureObjectSync/SOSAccountRingUpdate.c
-		SOSCircle/SecureObjectSync/SOSAccountRings.c
-		SOSCircle/SecureObjectSync/SOSRingRecovery.c
-		SOSCircle/SecureObjectSync/SOSAccountTransaction.c
-		SOSCircle/SecureObjectSync/SOSAccountUpdate.c
-		SOSCircle/SecureObjectSync/SOSAccountViewSync.c
-		SOSCircle/SecureObjectSync/SOSBackupEvent.c
-		SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c
-		SOSCircle/SecureObjectSync/SOSCircle.c
-		SOSCircle/SecureObjectSync/SOSCircleDer.c
-		SOSCircle/SecureObjectSync/SOSCircleV2.c
-		SOSCircle/CKBridge/SOSCloudKeychainConstants.c
-		SOSCircle/CKBridge/SOSCloudKeychainClient.c
-		SOSCircle/SecureObjectSync/SOSCoder.c
-		SOSCircle/SecureObjectSync/SOSChangeTracker.c
-		SOSCircle/SecureObjectSync/SOSDigestVector.c
-		SOSCircle/SecureObjectSync/SOSEngine.c
-		SOSCircle/SecureObjectSync/SOSECWrapUnwrap.c
-		SOSCircle/SecureObjectSync/SOSFullPeerInfo.c
-		SOSCircle/SecureObjectSync/SOSGenCount.c
-		SOSCircle/SecureObjectSync/SOSInternal.c
-		SOSCircle/SecureObjectSync/SOSKVSKeys.c
-		SOSCircle/SecureObjectSync/SOSManifest.c
-		SOSCircle/SecureObjectSync/SOSMessage.c
-		SOSCircle/SecureObjectSync/SOSPeer.c
-		SOSCircle/SecureObjectSync/SOSPeerCoder.c
-		SOSCircle/SecureObjectSync/SOSPeerInfo.c
-		SOSCircle/SecureObjectSync/SOSPeerInfoCollections.c
-		SOSCircle/SecureObjectSync/SOSPeerInfoDER.c
-		SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.c
-		SOSCircle/SecureObjectSync/SOSPeerInfoRingState.c
-		SOSCircle/SecureObjectSync/SOSPeerInfoSecurityProperties.c
-		SOSCircle/SecureObjectSync/SOSPeerInfoV2.c
-		SOSCircle/SecureObjectSync/SOSAccountGhost.c
-		SOSCircle/SecureObjectSync/SOSRingBackup.c
-		SOSCircle/SecureObjectSync/SOSAccountGetSet.c
-		SOSCircle/SecureObjectSync/SOSRingBasic.c
-		SOSCircle/SecureObjectSync/SOSRingConcordanceTrust.c
-		Security/SecRecoveryKey.m
-		SOSCircle/SecureObjectSync/SOSRingDER.c
-		SOSCircle/SecureObjectSync/SOSAccountRecovery.c
-		SOSCircle/SecureObjectSync/SOSRingPeerInfoUtils.c
-		SOSCircle/SecureObjectSync/SOSRingTypes.c
-		SOSCircle/SecureObjectSync/SOSRingUtils.c
-		SOSCircle/SecureObjectSync/SOSRingV0.c
-		SOSCircle/SecureObjectSync/SOSSysdiagnose.c
-		SOSCircle/SecureObjectSync/SOSTransport.c
-		SOSCircle/SecureObjectSync/SOSTransportBackupPeer.c
-		SOSCircle/SecureObjectSync/SOSTransportCircle.c
-		SOSCircle/SecureObjectSync/SOSTransportCircleKVS.c
-		SOSCircle/SecureObjectSync/SOSTransportKeyParameter.c
-		SOSCircle/SecureObjectSync/SOSTransportKeyParameterKVS.c
-		SOSCircle/SecureObjectSync/SOSTransportMessage.c
-		SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c
-		SOSCircle/SecureObjectSync/SOSTransportMessageKVS.c
-		SOSCircle/SecureObjectSync/SOSUserKeygen.c
-		SOSCircle/SecureObjectSync/SOSViews.c
-		SOSCircle/Tool/secToolFileIO.c
-		SOSCircle/Tool/secViewDisplay.c
-)
-
-add_darling_static_library(logging FAT
-	SOURCES
-		Security/SecLogging.c
-)
-
-add_definitions(
-	-DSECITEM_SHIM_OSX=1
-)
-
-add_darling_static_library(SecItemShimOSX FAT
-	SOURCES
-		Security/SecItemBackup.c
-		Security/SecKeyAdaptors.c
-		Security/SecCFAllocator.c
-		Security/SecItem.c
-		Security/SecRSAKey.c
-		Security/SecDH.c
-		Security/SecCTKKey.c
-		SOSCircle/SecureObjectSync/SOSCloudCircle.c
-		Security/SecAccessControl.c
-		Security/SecKey.c
-		Security/SecuritydXPC.c
-		Security/SecECKey.c
-		Security/SecItemConstants.c
-		Security/SecPasswordGenerate.c
-)
-
-add_darling_static_library(SecTrustOSX FAT
-	SOURCES
-		Security/SecCertificateRequest.c
-		Security/SecCertificate.c
-		Security/SecDigest.c
-		Security/SecBase64.c
-		Security/SecCertificatePath.c
-		Security/SecKey.c
-		Security/SecKeyAdaptors.c
-		Security/SecPolicy.c
-		Security/SecPolicyLeafCallbacks.c
-		Security/SecTrust.c
-		Security/SecTrustStore.c
-		Security/SecECKey.c
-		Security/SecRSAKey.c
-		Security/SecServerEncryptionSupport.c
-		../utilities/src/SecInternalRelease.c
-		Security/SecSignatureVerificationSupport.c
-)
-
-add_darling_static_library(secipc_client FAT
-	SOURCES
-		ipc/client.c
-)
-
-add_darling_executable(secipc_server ipc/server.c ipc/client.c)
-set_target_properties(secipc_server PROPERTIES OUTPUT_NAME "secd")
-target_link_libraries(secipc_server system Security CoreFoundation
-    SecTrustOSX securityd xpc sqlite3 utilities CFNetwork SecItemShimOSX
-    security_keychain_DER SecureObjectSync z IOKit #security_smime
-    LocalAuthentication objc CryptoTokenKit SystemConfiguration
-	security_asn1 bsm.0 AppleSystemInfo cxx)
-#target_link_options(secipc_server BEFORE PRIVATE "-Wl,-all_load")
-install(TARGETS secipc_server DESTINATION libexec/darling/usr/libexec)
-install(FILES ipc/com.apple.secd.plist DESTINATION libexec/darling/System/Library/LaunchDaemons)
-
-add_darling_executable(trustd_server ipc/server.c ipc/client.c)
-set_target_properties(trustd_server PROPERTIES OUTPUT_NAME "trustd")
-target_compile_definitions(trustd_server PRIVATE TRUSTD_SERVER)
-target_link_libraries(trustd_server system Security CoreFoundation
-	SecTrustOSX securityd xpc sqlite3 utilities CFNetwork SecItemShimOSX
-	security_keychain_DER SecureObjectSync z IOKit #security_smime
-	LocalAuthentication objc CryptoTokenKit SystemConfiguration
-	security_asn1 bsm.0 AppleSystemInfo cxx)
-#target_link_options(trustd_server BEFORE PRIVATE "-Wl,-all_load")
-install(TARGETS trustd_server DESTINATION libexec/darling/usr/libexec)
-install(FILES ../trustd/com.apple.trustd.plist DESTINATION libexec/darling/System/Library/LaunchDaemons)
-install(FILES ../trustd/com.apple.trustd.agent.plist DESTINATION libexec/darling/System/Library/LaunchAgents)
-
-add_subdirectory(Security/Tool)
-#add_subdirectory(SOSCircle/Tool)

OSX/sec/Security/CMakeLists.txt

@@ -0,0 +1,122 @@
+project(libsecurity)
+
+add_security_library(libsecurity
+	FAT
+	OUTPUT_NAME "security"
+	SOURCES
+		../../../experiment/SecExperiment.m
+		../../../keychain/SecureObjectSync/SOSCloudCircle.m
+		../../../keychain/SecureObjectSync/Tool/secViewDisplay.c
+		../../utilities/SecInternalRelease.c
+		../../utilities/SecPaddingConfigurations.c
+		p12import.c
+		p12pbegen.c
+		pbkdf2.c
+		SecAccessControl.m
+		SecBase.c
+		SecBase64.c
+		SecCertificate.c
+		SecCertificateRequest.c
+		SecCFAllocator.c
+		SecCMS.c
+		SecCTKKey.m
+		SecDH.c
+		SecDigest.c
+		SecECKey.m
+		SecEMCS.m
+		SecIdentity.c
+		SecImportExport.c
+		SecItem.c
+		SecItem.m
+		SecItemBackup.c
+		SecItemConstants.c
+		SecKey.m
+		SecKeyAdaptors.m
+		SecKeyProxy.m
+		SecOTRDHKey.c
+		SecOTRFullIdentity.c
+		SecOTRMath.c
+		SecOTRPacketData.c
+		SecOTRPackets.c
+		SecOTRPublicIdentity.c
+		SecOTRSession.c
+		SecOTRSessionAKE.c
+		SecOTRUtils.c
+		SecPasswordGenerate.c
+		SecPBKDF.c
+		SecPolicy.c
+		SecPolicyLeafCallbacks.c
+		SecRSAKey.c
+		SecSCEP.c
+		SecServerEncryptionSupport.c
+		SecSharedCredential.c
+		SecSignatureVerificationSupport.c
+		SecTrust.c
+		SecTrustStatusCodes.c
+		SecTrustStore.c
+		SecuritydXPC.c
+		vmdh.c
+)
+
+add_lib_ios(SecOtrOSX
+	SOURCES
+		SecOTRDHKey.c
+		SecOTRFullIdentity.c
+		SecOTRMath.c
+		SecOTRPacketData.c
+		SecOTRPackets.c
+		SecOTRPublicIdentity.c
+		SecOTRSession.c
+		SecOTRSessionAKE.c
+		SecOTRUtils.c
+)
+
+add_lib_ios_shim(SecTrustOSX
+	SOURCES
+		../../utilities/SecInternalRelease.c
+		SecBase64.c
+		SecCertificate.c
+		SecCertificateRequest.c
+		SecDigest.c
+		SecECKey.m
+		SecKey.m
+		SecKeyAdaptors.m
+		SecPolicy.c
+		SecPolicyLeafCallbacks.c
+		SecRSAKey.c
+		SecServerEncryptionSupport.c
+		SecSignatureVerificationSupport.c
+		SecTrust.c
+		SecTrustStatusCodes.c
+		SecTrustStore.c
+)
+
+add_lib_ios_shim(SecItemShimOSX
+	SOURCES
+		../../../keychain/SecureObjectSync/SOSCloudCircle.m
+		p12import.c
+		p12pbegen.c
+		SecAccessControl.m
+		SecCFAllocator.c
+		SecCTKKey.m
+		SecDH.c
+		SecECKey.m
+		SecImportExport.c
+		SecItem.c
+		SecItem.m
+		SecItemBackup.c
+		SecItemConstants.c
+		SecKey.m
+		SecKeyAdaptors.m
+		SecKeyProxy.m
+		SecPasswordGenerate.c
+		SecRSAKey.c
+		SecuritydXPC.c
+)
+
+add_lib_ios(logging
+	SOURCES
+		SecLogging.c
+	INCLUDES
+		${CMAKE_CURRENT_SOURCE_DIR}/../ipc
+)

OSX/sec/Security/SecCertificate.c

@@ -71,6 +71,9 @@
 #include "AppleiPhoneDeviceCACertificates.h"
 #include <ipc/securityd_client.h>
 #include <Security/SecKeyInternal.h>
+#ifdef DARLING
+#include <libDER/oidsPriv.h>
+#endif
 
 #pragma clang diagnostic ignored "-Wformat=2"
 

OSX/sec/Security/SecPolicy.c

@@ -44,6 +44,9 @@
 #include <utilities/SecCFWrappers.h>
 #include <utilities/array_size.h>
 #include <ipc/securityd_client.h>
+#ifdef DARLING
+#include <libDER/oidsPriv.h>
+#endif
 
 #include <utilities/SecInternalReleasePriv.h>
 

OSX/sec/Security/SecRecoveryKey.m

@@ -20,7 +20,9 @@
 
 #if !TARGET_OS_BRIDGE
 #include <dlfcn.h>
+#ifndef DARLING
 #include <AppleIDAuthSupport/AppleIDAuthSupport.h>
+#endif
 #define PATH_FOR_APPLEIDAUTHSUPPORTFRAMEWORK "/System/Library/PrivateFrameworks/AppleIDAuthSupport.framework/AppleIDAuthSupport"
 #endif
 

OSX/sec/Security/SecTrustStatusCodes.c

@@ -32,6 +32,14 @@
 #include <Security/SecTrustStatusCodes.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <libDER/oids.h>
+#ifdef DARLING
+// if i had to guess, i'd say Apple changed up libDER when they stopped releasing it and now
+// their "private" OIDs are included in the regular `libDER/oids.h` header
+//
+// if this error keeps popping up, i'll stop manually including `libDER/oidsPriv.h` and instead patch
+// `libDER/oids.h` to include `libDER/oidsPriv.h`
+#include <libDER/oidsPriv.h>
+#endif
 
 struct resultmap_entry_s {
     const CFStringRef checkstr;

OSX/utilities/CMakeLists.txt

@@ -1,79 +1,54 @@
-add_compile_options(
-	-fobjc-arc
+project(libutilities)
+
+add_darling_object_library(utilities_x86_64
+	x86_64_ONLY
+
+	SecTapToRadar.m
 )
 
-set(utilities_normal_sources
-	src/debugging.c
-	src/der_dictionary.c
-	src/iCloudKeychainTrace.c
-	src/SecCFWrappers.c
-	src/SecADWrapper.c
-	src/der_date.c
-	src/fileIo.c
-	src/SecFileLocations.c
-	src/SecDb.c
-	src/SecCoreCrypto.c
-	src/SecAppleAnchor.c
-	src/SecTrace.c
-	src/der_plist_internal.c
-	src/SecSCTUtils.c
-	src/der_number.c
-	src/iOSforOSX-SecRandom.c
-	src/SecCFError.c
-	src/der_plist.c
-	src/SecCertificateTrace.c
-	src/SecAKSWrappers.c
-	src/der_array.c
-	src/SecCFCCWrappers.c
-	src/NSURL+SOSPlistStore.m
-	src/der_string.c
-	src/der_boolean.c
-	src/der_data.c
-	src/der_null.c
-	src/der_set.c
-	src/simulate_crash.c
-	src/SecBuffer.c
-	src/SecXPCError.c
-	SecurityTool/not_on_this_platorm.c
-	SecurityTool/readline.c
-)
-
-add_darling_static_library(utilities FAT
+add_security_library(utilities
+	FAT
+	OBJC_ARC
 	SOURCES
-		src/debugging.c
-		src/der_dictionary.c
-		src/iCloudKeychainTrace.c
-		src/SecCFWrappers.c
-		src/SecADWrapper.c
-		src/der_date.c
-		src/fileIo.c
-		src/SecFileLocations.c
-		src/SecDb.c
-		src/SecCoreCrypto.c
-		src/SecAppleAnchor.c
-		#src/iOSforOSX-SecAttr.c
-		src/SecTrace.c
-		src/der_plist_internal.c
-		src/SecSCTUtils.c
-		src/der_number.c
-		src/iOSforOSX-SecRandom.c
-		src/SecCFError.c
-		src/der_plist.c
-		src/SecCertificateTrace.c
-		src/SecAKSWrappers.c
-		src/der_array.c
-		src/SecCFCCWrappers.c
-		src/NSURL+SOSPlistStore.m
-		src/der_string.c
-		src/der_boolean.c
-		src/der_data.c
-		src/der_null.c
-		src/der_set.c
-		src/simulate_crash.c
-		src/SecBuffer.c
-		src/SecXPCError.c
-		SecurityTool/not_on_this_platorm.c
-		SecurityTool/readline.c
-)
+		debugging.c
+		der_array.c
+		der_boolean.c
+		der_data.c
+		der_date.c
+		der_dictionary.c
+		der_null.c
+		der_number.c
+		der_plist_internal.c
+		der_plist.c
+		der_set.c
+		der_string.c
+		fileIo.c
+		iCloudKeychainTrace.c
+		iOSforOSX-SecAttr.c
+		iOSforOSX-SecRandom.c
+		NSURL+SOSPlistStore.m
+		sec_action.c
+		SecABC.m
+		SecADWrapper.c
+		SecAKSWrappers.c
+		SecAppleAnchor.c
+		SecAutorelease.m
+		SecBuffer.c
+		SecCFCCWrappers.c
+		SecCFError.c
+		SecCFWrappers.c
+		SecCoreCrypto.c
+		SecDb.c
+		SecFileLocations.c
+		SecNSAdditions.m
+		SecPLWrappers.m
+		SecSCTUtils.c
+		SecTrace.c
+		SecXPCError.c
+		SecXPCHelper.m
+		simulate_crash.m
 
-add_subdirectory(SecurityTool)
+		$<TARGET_OBJECTS:utilities_x86_64>
+	INCLUDES
+		${SECURITY_PROJECT_DIR}/securityd/securityd_service/KeyStore
+)

OSX/utilities/SecFileLocations.c

@@ -58,7 +58,21 @@ CFURLRef SecCopyHomeURL(void)
     if (homeURL) {
         CFRetain(homeURL);
     } else {
+#ifdef DARLING
+        // ported from an older version of Security
+        //
+        // i'm not sure how Apple is convincing the compiler that CFCopyHomeDirectoryURL is available on macOS
+        // because there's nothing new in the public headers to indicate that the function has suddenly become
+        // available on macOS, nor is there any indication in the Xcode build files that this code is being
+        // compiled for Catalyst for macOS
+        //
+        // maybe they're just not using compiler availability warnings/errors
+        //
+        // either way, this should work fine and provide the same behavior as Apple's code
+        homeURL = CFCopyHomeDirectoryURLForUser(NULL);
+#else
         homeURL = CFCopyHomeDirectoryURL();
+#endif
     }
 
     return homeURL;

OSX/utilities/SecurityTool/CMakeLists.txt

@@ -1 +0,0 @@
-add_library(UtilitiesSecurityTool OBJECT not_on_this_platorm.c readline.c)

SecurityTool/macOS/CMakeLists.txt

@@ -1,23 +1,20 @@
-project(SecurityTool)
+project(SecurityTool-macOS)
 
-include_directories(
-	${CMAKE_CURRENT_SOURCE_DIR}/../OSX/sec
-	${CMAKE_CURRENT_SOURCE_DIR}/..
-)
-
-set(sources
-	access_utils.c
-	authz.c
-	cmsutil.c
+add_darling_executable(securitytool_macos
+	srCdsaUtils.cpp
 	createFVMaster.c
+	mds_install.cpp
+	cmsutil.c
 	db_commands.cpp
 	display_error_code.c
-	identity_find.c
+	trusted_cert_dump.c
+	identity_find.m
 	identity_prefs.c
+	key_create.c
 	keychain_add.c
 	keychain_create.c
 	keychain_delete.c
-	keychain_export.c
+	keychain_export.m
 	keychain_find.c
 	keychain_import.c
 	keychain_list.c
@@ -27,47 +24,48 @@ set(sources
 	keychain_show_info.c
 	keychain_unlock.c
 	keychain_utilities.c
-	key_create.c
 	leaks.c
-	mds_install.cpp
-	#readline.c
+	readline.c
 	security.c
-	#security_tool_commands.c
-	srCdsaUtils.cpp
-	translocate.c
+	smartcards.m
 	trusted_cert_add.c
-	trusted_cert_dump.c
 	trusted_cert_utils.c
 	trust_settings_impexp.c
 	user_trust_enable.cpp
-	#verify_cert.c
-	smartcards.m
-	#${CMAKE_CURRENT_SOURCE_DIR}/../OSX/sec/Security/Tool/keychain_find.c
-	${CMAKE_CURRENT_SOURCE_DIR}/../OSX/sec/SecurityTool/whoami.m
-	${CMAKE_CURRENT_SOURCE_DIR}/../OSX/sec/SecurityTool/syncbubble.m
-	${CMAKE_CURRENT_SOURCE_DIR}/../OSX/sec/SecurityTool/digest_calc.c
+	requirement.c
+	authz.c
+	verify_cert.c
+	trusted_cert_ssl.m
+	access_utils.c
+	translocate.c
+)
+target_compile_options(securitytool_macos PRIVATE
+	-fobjc-arc
+)
+target_include_directories(securitytool_macos PRIVATE
+	${SECURITY_PROJECT_DIR}/header_symlinks/macOS
 )
 
-add_darling_executable(security ${sources}
-	$<TARGET_OBJECTS:SecSecurityTool>
-	$<TARGET_OBJECTS:UtilitiesSecurityTool>
-	#$<TARGET_OBJECTS:SOSCircleTool>
-)
-target_link_libraries(security
-	system
-	Security
+set_target_properties(securitytool_macos PROPERTIES OUTPUT_NAME "security")
+
+target_link_libraries(securitytool_macos
 	CoreFoundation
-	security_cdsa_utilities
-	security_cdsa_utils
+	SecurityFoundation
+	Security
+	security_asn1
+	utilities
 	security_utilities
 	security_cdsa_client
-	#SecureObjectSync
-	security_asn1
-	cxx
+	security_cdsa_utilities
+	security_cdsa_utils
 	Foundation
-	utilities
-	sqlite3
+	#Network # missing
+
+	# implied dependencies
+	objc
+	cxx
+	system
 )
 
-install(TARGETS security DESTINATION libexec/darling/usr/bin)
+install(TARGETS securitytool_macos DESTINATION libexec/darling/usr/bin)
 install(FILES security.1 DESTINATION libexec/darling/usr/share/man/man1)

base/SecBase.h

@@ -27,6 +27,12 @@
 #include <TargetConditionals.h>
 #include <CoreFoundation/CFBase.h>
 #include <Availability.h>
+#ifdef DARLING
+    // for unprefixed API_AVAILABLE and friends
+    #include <os/availability.h>
+    // not sure if we're supposed to be including that header in CoreFoundation or in Availability.h,
+    // but this works for all of Security
+#endif
 
 // Truth table for following declarations:
 //

base/Security.h

@@ -114,7 +114,11 @@
 #endif
 
 /* DER */
+#ifdef DARLING
+#include <libDER/oids.h>
+#else
 #include <Security/oids.h>
+#endif
 
 #endif // SEC_OS_OSX
 

cmake/security_lib.cmake

@@ -0,0 +1,112 @@
+include(CMakeParseArguments)
+
+# add_security_library
+# Helper function for adding Security libraries
+# (because there's a lot of them, and it's easier to configure all necessary options with a single function)
+#
+# Options:
+# 	FAT
+# 		Build the library for both x86_64 and i386.
+# 	OBJC_ARC
+# 		Enable Objective-C ARC for the library.
+#
+# Single-value arguments:
+# 	OUTPUT_NAME
+# 		The filename for the built library. This is combined with PREFIX and SUFFIX to produce the full filename.
+# 		Defaults to the target name.
+# 	PREFIX
+# 		The prefix to add to the library filename.
+# 		Defaults to `lib`.
+# 	SUFFIX
+# 		The suffix to add to the library filename.
+# 		Defaults to `.dylib`.
+# 	C_STANDARD
+# 		The C standard to use when compiling the code. E.g. `gnu99`, `c99`, etc.
+# 	CXX_STANDARD
+# 		The C++ standard to use when compiling the code. E.g. `gnu++11`, `c++1`, etc.
+#
+# Multi-value arguments:
+# 	SOURCES
+# 		A list of sources to use to build the library.
+# 		Can include any source that `add_darling_static_library` supports.
+# 	LIBRARIES
+# 		A list of libraries to link to. If target names are provided, they are also added as dependencies.
+# 	INCLUDES
+# 		A list of directories to add as private header directories.
+# 	DEFINITIONS
+# 		A list of preprocessor definitions to add as private preprocessor definitions.
+# 		Supports the same syntax as `add_compile_definitions`.
+# 	FLAGS
+# 		A list of flags to pass to the compiler when compiling the library.
+# 		Supports the same syntax as `add_compile_options`.
+function(add_security_library name)
+	cmake_parse_arguments(SECLIB "FAT;OBJC_ARC" "OUTPUT_NAME;PREFIX;SUFFIX;C_STANDARD;CXX_STANDARD" "SOURCES;LIBRARIES;INCLUDES;DEFINITIONS;FLAGS" ${ARGN})
+
+	add_darling_static_library(${name} ${SECLIB_FAT} SOURCES ${SECLIB_SOURCES})
+
+	if(SECLIB_OBJC_ARC)
+		target_compile_options(${name} PRIVATE -fobjc-arc)
+	endif()
+
+	if(DEFINED SECLIB_OUTPUT_NAME)
+		set_target_properties(${name} PROPERTIES OUTPUT_NAME "${SECLIB_OUTPUT_NAME}")
+	endif()
+
+	if(DEFINED SECLIB_PREFIX)
+		set_target_properties(${name} PROPERTIES PREFIX "${SECLIB_PREFIX}")
+	endif()
+
+	if(DEFINED SECLIB_SUFFIX)
+		set_target_properties(${name} PROPERTIES SUFFIX "${SECLIB_SUFFIX}")
+	endif()
+
+	if(SECLIB_C_STANDARD)
+		set(SECLIB_C_STANDARD_VALID TRUE)
+		if(SECLIB_C_STANDARD MATCHES "[cC][0-9]+([a-zA-Z])?")
+			set_property(TARGET ${name} PROPERTY C_EXTENSIONS OFF)
+		elseif(SECLIB_C_STANDARD MATCHES "([gG][nN][uU])?[0-9]+([a-zA-Z])?")
+			# the default is to enable extensions
+			set_property(TARGET ${name} PROPERTY C_EXTENSIONS ON)
+		else()
+			set(SECLIB_C_STANDARD_VALID FALSE)
+			message(WARNING "Unrecognized C standard: ${SECLIB_C_STANDARD}")
+		endif()
+		if(SECLIB_C_STANDARD_VALID)
+			string(REGEX MATCH "[0-9]+" SECLIB_C_STANDARD_VERSION "${SECLIB_C_STANDARD}")
+			set_property(TARGET ${name} PROPERTY C_STANDARD "${SECLIB_C_STANDARD_VERSION}")
+		endif()
+	endif()
+
+	if(SECLIB_CXX_STANDARD)
+		set(SECLIB_CXX_STANDARD_VALID TRUE)
+		if(SECLIB_CXX_STANDARD MATCHES "[cC](\\+\\+|[xX][xX])[0-9]+([a-zA-Z])?")
+			set_property(TARGET ${name} PROPERTY CXX_EXTENSIONS OFF)
+		elseif(SECLIB_CXX_STANDARD MATCHES "([gG][nN][uU](\\+\\+|[xX][xX]))?[0-9]+([a-zA-Z])?")
+			# the default is to enable extensions
+			set_property(TARGET ${name} PROPERTY CXX_EXTENSIONS ON)
+		else()
+			set(SECLIB_CXX_STANDARD_VALID FALSE)
+			message(WARNING "Unrecognized C standard: ${SECLIB_CXX_STANDARD}")
+		endif()
+		if(SECLIB_CXX_STANDARD_VALID)
+			string(REGEX MATCH "[0-9]+" SECLIB_CXX_STANDARD_VERSION "${SECLIB_CXX_STANDARD}")
+			set_property(TARGET ${name} PROPERTY CXX_STANDARD "${SECLIB_CXX_STANDARD_VERSION}")
+		endif()
+	endif()
+
+	if(SECLIB_LIBRARIES)
+		target_link_libraries(${name} ${SECLIB_LIBRARIES})
+	endif()
+
+	if(SECLIB_INCLUDES)
+		target_include_directories(${name} PRIVATE ${SECLIB_INCLUDES})
+	endif()
+
+	if(SECLIB_DEFINITIONS)
+		target_compile_definitions(${name} PRIVATE ${SECLIB_DEFINITIONS})
+	endif()
+
+	if (SECLIB_FLAGS)
+		target_compile_options(${name} PRIVATE ${SECLIB_FLAGS})
+	endif()
+endfunction()

cmake/security_xcconfigs.cmake

@@ -0,0 +1,38 @@
+# some Xcode `.xcconfig` files translated into CMake functions
+
+include(security_lib)
+include(CMakeParseArguments)
+
+function(add_macos_legacy_lib name)
+	add_security_library(${name}
+		FAT
+		INCLUDES
+			${SECURITY_PROJECT_DIR}/OSX/libsecurity_cssm/lib
+			${SECURITY_PROJECT_DIR}/OSX/include
+			${SECURITY_PROJECT_DIR}/OSX/utilities/src
+			${SECURITY_PROJECT_DIR}/OSX/libsecurity_apple_csp/open_ssl
+			${SECURITY_PROJECT_DIR}/OSX/lib${name}/lib
+		${ARGN}
+	)
+endfunction()
+
+function(add_lib_ios name)
+	add_security_library(${name}
+		FAT
+		C_STANDARD gnu99
+		INCLUDES
+			${SECURITY_PROJECT_DIR}/OSX/libsecurity_smime
+			#$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers
+		DEFINITIONS
+			SEC_IOS_ON_OSX=1
+		${ARGN}
+	)
+endfunction()
+
+function(add_lib_ios_shim name)
+	add_lib_ios(${name}
+		DEFINITIONS
+			SECITEM_SHIM_OSX=1
+		${ARGN}
+	)
+endfunction()

derived_src/KeySchema.cpp

@@ -0,0 +1,262 @@
+/*
+ * Generated by m4 from KeySchema.m4 please do not edit this file.
+ */
+
+#include <security_cdsa_utilities/KeySchema.h>
+#include <Security/SecKey.h>
+
+namespace KeySchema {
+
+// Key attributes
+const CSSM_DB_SCHEMA_ATTRIBUTE_INFO KeySchemaAttributeList[] =
+{
+    { kSecKeyKeyClass, (char*) (char*) "KeyClass", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyPrintName, (char*) (char*) "PrintName", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_BLOB },
+    { kSecKeyAlias, (char*) (char*) "Alias", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_BLOB },
+    { kSecKeyPermanent, (char*) (char*) "Permanent", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyPrivate, (char*) (char*) "Private", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyModifiable, (char*) (char*) "Modifiable", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyLabel, (char*) (char*) "Label", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_BLOB },
+    { kSecKeyApplicationTag, (char*) (char*) "ApplicationTag", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_BLOB },
+    { kSecKeyKeyCreator, (char*) (char*) "KeyCreator", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_BLOB },
+    { kSecKeyKeyType, (char*) (char*) "KeyType", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyKeySizeInBits, (char*) (char*) "KeySizeInBits", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyEffectiveKeySize, (char*) (char*) "EffectiveKeySize", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyStartDate, (char*) (char*) "StartDate", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_BLOB },
+    { kSecKeyEndDate, (char*) (char*) "EndDate", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_BLOB },
+    { kSecKeySensitive, (char*) (char*) "Sensitive", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyAlwaysSensitive, (char*) (char*) "AlwaysSensitive", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyExtractable, (char*) (char*) "Extractable", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyNeverExtractable, (char*) (char*) "NeverExtractable", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyEncrypt, (char*) (char*) "Encrypt", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyDecrypt, (char*) (char*) "Decrypt", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyDerive, (char*) (char*) "Derive", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeySign, (char*) (char*) "Sign", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyVerify, (char*) (char*) "Verify", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeySignRecover, (char*) (char*) "SignRecover", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyVerifyRecover, (char*) (char*) "VerifyRecover", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyWrap, (char*) (char*) "Wrap", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+    { kSecKeyUnwrap, (char*) (char*) "Unwrap", { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_UINT32 },
+};
+
+const uint32 KeySchemaAttributeCount = sizeof(KeySchemaAttributeList) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO);
+
+// Key indices
+const CSSM_DB_SCHEMA_INDEX_INFO KeySchemaIndexList[] =
+{
+    // Unique (primary) index
+    { kSecKeyLabel, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyApplicationTag, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyKeyCreator, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyKeyType, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyKeySizeInBits, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyEffectiveKeySize, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyStartDate, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyEndDate, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+
+    // Secondary indices
+    { kSecKeyLabel, 1, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyEncrypt, 2, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyDecrypt, 3, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyDerive, 4, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeySign, 5, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyVerify, 6, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeySignRecover, 7, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyVerifyRecover, 8, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyWrap, 9, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+    { kSecKeyUnwrap, 10, CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+};
+
+const uint32 KeySchemaIndexCount = sizeof(KeySchemaIndexList) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO);
+
+const CSSM_DB_ATTRIBUTE_INFO KeyClass =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "KeyClass"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO PrintName =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "PrintName"},
+    CSSM_DB_ATTRIBUTE_FORMAT_BLOB
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Alias =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Alias"},
+    CSSM_DB_ATTRIBUTE_FORMAT_BLOB
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Permanent =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Permanent"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Private =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Private"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Modifiable =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Modifiable"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Label =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Label"},
+    CSSM_DB_ATTRIBUTE_FORMAT_BLOB
+};
+
+const CSSM_DB_ATTRIBUTE_INFO ApplicationTag =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "ApplicationTag"},
+    CSSM_DB_ATTRIBUTE_FORMAT_BLOB
+};
+
+const CSSM_DB_ATTRIBUTE_INFO KeyCreator =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "KeyCreator"},
+    CSSM_DB_ATTRIBUTE_FORMAT_BLOB
+};
+
+const CSSM_DB_ATTRIBUTE_INFO KeyType =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "KeyType"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO KeySizeInBits =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "KeySizeInBits"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO EffectiveKeySize =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "EffectiveKeySize"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO StartDate =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "StartDate"},
+    CSSM_DB_ATTRIBUTE_FORMAT_BLOB
+};
+
+const CSSM_DB_ATTRIBUTE_INFO EndDate =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "EndDate"},
+    CSSM_DB_ATTRIBUTE_FORMAT_BLOB
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Sensitive =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Sensitive"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO AlwaysSensitive =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "AlwaysSensitive"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Extractable =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Extractable"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO NeverExtractable =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "NeverExtractable"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Encrypt =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Encrypt"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Decrypt =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Decrypt"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Derive =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Derive"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Sign =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Sign"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Verify =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Verify"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO SignRecover =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "SignRecover"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO VerifyRecover =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "VerifyRecover"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Wrap =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Wrap"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+const CSSM_DB_ATTRIBUTE_INFO Unwrap =
+{
+    CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+    {(char*) "Unwrap"},
+    CSSM_DB_ATTRIBUTE_FORMAT_UINT32
+};
+
+
+} // end namespace KeySchema

derived_src/cssmexports.gen

@@ -0,0 +1,634 @@
+_CSSMOID_SupportedApplicationContext
+_CSSMOID_CrlReason
+_CSSMOID_APPLE_TP_ESCROW_SERVICE
+_CSSMOID_X9_62_C_TwoCurve
+_CSSMOID_CountryName
+_CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_STORE
+_CSSMOID_TimeStamping
+_CSSMOID_secp256r1
+_CSSMOID_UniqueIdentifier
+_CSSMOID_InvalidityDate
+_CSSMOID_PrivateKeyUsagePeriod
+_CSSMOID_CollectiveTelexNumber
+_CSSMOID_sect131r2
+_CSSMOID_APPLE_EKU_CODE_SIGNING
+_CSSM_CL_CrlRemoveCert
+_CSSM_DecryptData
+_CSSMOID_APPLE_EXTENSION_APPLEID_SHARING
+_CSSMOID_InhibitAnyPolicy
+_CSSMOID_PhysicalDeliveryOfficeName
+_CSSMOID_PDA_DATE_OF_BIRTH
+_CSSMOID_CrossCertificatePair
+_CSSMOID_UnstructuredAddress
+_CSSMOID_secp128r1
+_CSSM_CSP_CreateRandomGenContext
+_CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING
+_CSSMOID_X509V2CRLExtensionCritical
+_CSSMOID_MD5
+_CSSM_CL_CrlGetNextFieldValue
+_CSSMOID_X509V3CertificateExtensionCritical
+_CSSM_GetModuleGUIDFromHandle
+_CSSM_SignDataUpdate
+_CSSMOID_X509V2CRLExtensionId
+_CSSMOID_SHA256WithRSA
+_CSSMOID_PolicyConstraints
+_CSSMOID_PKCS12_keyBag
+_CSSMOID_X509V1SubjectPublicKeyAlgorithm
+_CSSMOID_RegisteredAddress
+_CSSMOID_ANSI_MQV2
+_CSSMOID_PKCS12_crlBag
+_CSSMOID_APPLE_EKU_ICHAT_ENCRYPTION
+_CSSMOID_DOTMAC_CERT_EMAIL_ENCRYPT
+_CSSM_DecryptDataUpdate
+_CSSMOID_TEST_MOBILE_STORE_SIGNING_POLICY
+_CSSM_CL_CertGetFirstCachedFieldValue
+_CSSMOID_MD2
+_CSSM_TP_CertGroupPrune
+_CSSM_Introduce
+_CSSMOID_DSA
+_CSSMOID_APPLE_EXTENSION_ADC_APPLE_SIGNING
+_CSSMOID_X509V2CRLTbsCertListStruct
+_CSSMOID_APPLE_EKU_SYSTEM_IDENTITY
+_CSSMOID_Initials
+_CSSMOID_PDA_COUNTRY_RESIDENCE
+_CSSM_GenerateKey
+_CSSM_CL_CertVerify
+_CSSMOID_PKCS5_DIGEST_ALG
+_CSSMOID_PDA_GENDER
+_CSSMOID_DOTMAC_CERT_REQ_VALUE_HOSTNAME
+_CSSMOID_X509V3CertificateCStruct
+_CSSM_DigestDataClone
+_CSSMOID_ECDSA_WithSHA256
+_CSSM_CL_IsCertInCrl
+_CSSMOID_SubjectInfoAccess
+_CSSM_CL_CertCache
+_CSSMOID_HouseIdentifier
+_CSSMOID_PKCS12_pbewithSHAAnd40BitRC2CBC
+_CSSM_VerifyMac
+_CSSMOID_OAEP_MGF1
+_CSSMOID_PKIX_OCSP_CRL
+_CSSMOID_ANSI_DH_ONE_FLOW_SHA1
+_CSSMOID_SHA224WithRSA
+_CSSMOID_X509V2CRLRevokedEntryExtensionId
+_CSSM_CSP_CreatePassThroughContext
+_CSSMOID_APPLE_X509_BASIC
+_CSSMOID_OID_QCS_SYNTAX_V2
+_CSSMOID_FacsimileTelephoneNumber
+_CSSM_CL_IsCertInCachedCrl
+_CSSMOID_PKCS12_pbeWithSHAAnd128BitRC2CBC
+_CSSMOID_secp224r1
+_CSSM_CL_CertGetAllTemplateFields
+_CSSMOID_IssuerAltName
+_CSSMOID_APPLE_CERT_POLICY
+_CSSM_DL_DbDelete
+_CSSMOID_SubjectPicture
+_CSSMOID_DOTMAC_CERT_EXTENSION
+_CSSMOID_ProtocolInformation
+_CSSMOID_APPLE_FEED
+_CSSMOID_X509V2CRLSignedCrlStruct
+_CSSM_CSP_GetLoginAcl
+_CSSMOID_X509V1IssuerNameStd
+_CSSMOID_PKCS12_pbeWithSHAAnd3Key3DESCBC
+_CSSMOID_DSA_CMS
+_CSSM_TP_TupleGroupToCertGroup
+_CSSMOID_secp128r2
+_CSSM_DL_DbOpen
+_CSSMOID_APPLEID_SHARING_CERT_POLICY
+_CSSM_TP_CertGroupConstruct
+_CSSMOID_sect571r1
+_CSSM_CL_CrlGetAllFields
+_CSSMOID_PDA_PLACE_OF_BIRTH
+_CSSMOID_X509V1SignatureStruct
+_CSSMOID_APPLE_EKU_ICHAT_SIGNING
+_CSSMOID_ECDSA_WithSHA1
+_CSSMOID_sect131r1
+_CSSM_TP_CertReclaimKey
+_CSSMOID_APPLE_EXTENSION_AAI_INTERMEDIATE
+_CSSM_Init
+_CSSM_TP_ReceiveConfirmation
+_CSSMOID_sect233r1
+_CSSMOID_GivenName
+_CSSMOID_X509V3CertificateExtensionsStruct
+_CSSM_GetKeyAcl
+_CSSM_GenerateKeyP
+_CSSM_RetrieveUniqueId
+_CSSM_DecryptDataFinal
+_CSSMOID_PKCS5_pbeWithMD5AndDES
+_CSSMOID_TelexTerminalIdentifier
+_CSSM_DecryptDataInit
+_CSSM_DecryptDataP
+_CSSMOID_CollectiveTelexTerminalIdentifier
+_CSSM_CSP_ChangeLoginAcl
+_CSSM_GenerateKeyPair
+_CSSMOID_APPLE_TP_SMIME
+_CSSM_DL_GetDbNames
+_CSSMOID_APPLE_TP_ICHAT
+_CSSM_GetContextAttribute
+_CSSMOID_X9_62
+_CSSMOID_DOTMAC_CERT_POLICY
+_CSSMOID_PKIX_OCSP_NOCHECK
+_CSSM_DeriveKey
+_CSSMOID_CollectivePostalCode
+_CSSMOID_X509V3CertificateNumberOfExtensions
+_CSSMOID_QT_UNOTICE
+_CSSMOID_ServerAuth
+_CSSMOID_UserPassword
+_CSSMOID_APPLE_TP_PCS_ESCROW_SERVICE
+_CSSMOID_CommonName
+_CSSMOID_PKCS3
+_CSSMOID_APPLE_TP_TEST_MOBILE_STORE
+_CSSMOID_ClientAuth
+_CSSMOID_CACertificate
+_CSSMOID_X509V1CRLRevokedEntrySerialNumber
+_CSSMOID_X509V1IssuerNameLDAP
+_CSSM_UnwrapKey
+_CSSMOID_X509V2CRLRevokedEntrySingleExtensionStruct
+_CSSMOID_DNQualifier
+_CSSMOID_SHA1WithRSA_OIW
+_CSSMOID_ANSI_DH_HYBRID_ONEFLOW
+_CSSM_CL_CrlCache
+_CSSM_CL_CrlVerify
+_CSSMOID_KERBv5_PKINIT_KP_CLIENT_AUTH
+_CSSM_TP_CrlSign
+_CSSMOID_ExtendedCertificateAttributes
+_CSSM_DL_DataGetNext
+_CSSMOID_UseExemptions
+_CSSMOID_Surname
+_CSSM_CSP_ObtainPrivateKeyFromPublicKey
+_CSSMOID_ANSI_DH_EPHEM_SHA1
+_CSSMOID_BiometricInfo
+_CSSMOID_ANSI_MQV1
+_CSSMOID_EnhancedSearchGuide
+_CSSMOID_DeltaCrlIndicator
+_CSSMOID_DSA_JDK
+_CSSMOID_KnowledgeInformation
+_CSSM_DL_ChangeDbOwner
+_CSSMOID_NameConstraints
+_CSSM_CL_CrlAbortQuery
+_CSSMOID_UnstructuredName
+_CSSMOID_UniqueMember
+_CSSMOID_X509V1SerialNumber
+_CSSMOID_SeeAlso
+_CSSMOID_secp192r1
+_CSSMOID_X509V3SignedCertificateCStruct
+_CSSMOID_DestinationIndicator
+_CSSMOID_PKCS9_Id_Ct_TSTInfo
+_CSSM_TP_CertGroupVerify
+_CSSMOID_CollectiveOrganizationName
+_CSSMOID_X509V2CRLAllExtensionsStruct
+_CSSMOID_X9_62_FieldType
+_CSSMOID_sect239k1
+_CSSM_EncryptDataInitP
+_CSSM_Terminate
+_CSSMOID_X509V3CertificateExtensionCStruct
+_CSSMOID_APPLE_EKU_PROFILE_SIGNING
+_CSSMOID_PKIX_OCSP
+_CSSM_VerifyData
+_CSSMOID_X509V2CRLSignedCrlCStruct
+_CSSMOID_ADC_CERT_POLICY
+_CSSMOID_DOTMAC_CERT_REQ_VALUE_IS_PENDING
+_CSSM_DL_DestroyRelation
+_CSSMOID_PKCS12_shroudedKeyBag
+_CSSMOID_APPLE_FEE_MD5
+_CSSMOID_sect163k1
+_CSSMOID_X509V1Signature
+_CSSMOID_KERBv5_PKINIT_KP_KDC
+_CSSM_CL_CrlGetFirstFieldValue
+_CSSMOID_APPLE_TP_LOCAL_CERT_GEN
+_CSSM_VerifyMacInit
+_CSSMOID_ANSI_DH_HYBRID2
+_CSSM_DigestData
+_CSSMOID_X509V1SubjectNameLDAP
+_CSSMOID_MicrosoftSGC
+_CSSMOID_PKCS9_FriendlyName
+_CSSM_FreeContext
+_CSSM_WrapKey
+_CSSMOID_PKCS9_X509Crl
+_CSSMOID_X509V2CRLRevokedEntrySingleExtensionCStruct
+_CSSM_VerifyMacUpdate
+_CSSM_AC_AuthCompute
+_CSSMOID_PKCS5_RC5_CBC
+_CSSM_CL_CrlDescribeFormat
+_CSSMOID_APPLE_EKU_CODE_SIGNING_DEV
+_CSSMOID_DOTMAC_CERT_REQ_VALUE_ASYNC
+_CSSM_TP_CertRemoveFromCrlTemplate
+_CSSMOID_PKCS12_secretBag
+_CSSMOID_CerticomEllCurve
+_CSSMOID_ECDSA_WithSHA384
+_CSSMOID_SubjectSignatureBitmap
+_CSSMOID_APPLE_EKU_RESOURCE_SIGNING
+_CSSMOID_SerialNumber
+_CSSMOID_APPLE_FEE_SHA1
+_CSSMOID_TelephoneNumber
+_CSSMOID_SHA1WithDSA
+_CSSM_DL_DataModify
+_CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_LIST
+_CSSMOID_AliasedEntryName
+_CSSMOID_APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING
+_CSSM_CL_PassThrough
+_CSSMOID_UserID
+_CSSMOID_X509V3Certificate
+_CSSMOID_PKIX_OCSP_BASIC
+_CSSMOID_ECDSA_WithSHA224
+_CSSMOID_APPLE_TP_PKINIT_SERVER
+_CSSM_CSP_GetOperationalStatistics
+_CSSMOID_secp160k1
+_CSSMOID_sect193r2
+_CSSMOID_ANSI_DH_STATIC
+_CSSMOID_MD5WithRSA
+_CSSM_CL_CrlVerifyWithKey
+_CSSMOID_sect283r1
+_CSSMOID_AuthorityInfoAccess
+_CSSM_DL_ChangeDbAcl
+_CSSMOID_PKCS5_pbeWithSHA1AndDES
+_CSSMOID_EmailProtection
+_CSSMOID_SHA1WithDSA_JDK
+_CSSMOID_StateProvinceName
+_CSSM_QuerySize
+_CSSMOID_DH
+_CSSMOID_sect409k1
+_CSSM_DL_DbClose
+_CSSMOID_SigningTime
+_CSSMOID_APPLE_EXTENSION_SERVER_AUTHENTICATION
+_CSSMOID_IssuingDistributionPoints
+_CSSMOID_secp384r1
+_CSSMOID_PKCS9_X509Certificate
+_CSSM_CL_CertGroupToSignedBundle
+_CSSMOID_LocalityName
+_CSSMOID_CertificateRevocationList
+_CSSMOID_APPLE_EXTENSION
+_CSSM_CSP_CreateSignatureContext
+_CSSMOID_PreferredDeliveryMethod
+_CSSM_CL_CrlGetFirstCachedFieldValue
+_CSSMOID_APPLE_TP_REVOCATION_CRL
+_CSSMOID_QC_Statements
+_CSSMOID_APPLE_ECDSA
+_CSSM_DL_CreateRelation
+_CSSMOID_PKCS5_PBKDF2
+_CSSMOID_ANSI_DH_HYBRID2_SHA1
+_CSSMOID_APPLEID_CERT_POLICY
+_CSSMOID_APPLE_EXTENSION_APPLEID_INTERMEDIATE
+_CSSM_DL_DataInsert
+_CSSMOID_SHA1WithRSA
+_CSSM_SignDataInit
+_CSSMOID_PKCS9_CrlTypes
+_CSSMOID_MOBILE_STORE_SIGNING_POLICY
+_CSSMOID_SHA384
+_CSSMOID_X9_62_PrimeCurve
+_CSSMOID_PKCS9_LocalKeyId
+_CSSM_ModuleAttach
+_CSSMOID_sect193r1
+_CSSM_DigestDataFinal
+_CSSMOID_APPLE_EKU_QA_PROFILE_SIGNING
+_CSSMOID_ExtendedUseCodeSigning
+_CSSM_GetTimeValue
+_CSSMOID_ECDSA_WithSHA512
+_CSSMOID_X509V1IssuerName
+_CSSM_VerifyDataFinal
+_CSSM_DL_FreeNameList
+_CSSMOID_X509V1CRLRevokedEntryRevocationDate
+_CSSM_TP_FormSubmit
+_CSSM_CL_CertGetAllFields
+_CSSMOID_MD2WithRSA
+_CSSMOID_X509V1CRLNextUpdate
+_CSSMOID_X509V1SubjectPublicKey
+_CSSMOID_SHA512WithRSA
+_CSSMOID_X509V1CRLIssuerNameCStruct
+_CSSMOID_KERBv5_PKINIT_DH_KEY_DATA
+_CSSMOID_PKCS7_EncryptedData
+_CSSMOID_X509V1SubjectPublicKeyCStruct
+_CSSMOID_RSAWithOAEP
+_CSSMOID_APPLE_TP_REVOCATION_OCSP
+_CSSM_ModuleUnload
+_CSSMOID_PKCS5_PBMAC1
+_CSSMOID_X509V2CRLRevokedEntryExtensionCritical
+_CSSM_CL_CertSign
+_CSSMOID_AD_CA_REPOSITORY
+_CSSMOID_DOTMAC_CERT_REQ_SHARED_SERVICES
+_CSSM_TP_CertGetAllTemplateFields
+_CSSMOID_PKCS5_PBES2
+_CSSM_WrapKeyP
+_CSSMOID_PKIX_OCSP_ARCHIVE_CUTOFF
+_CSSMOID_OrganizationalUnitName
+_CSSMOID_SearchGuide
+_CSSMOID_NetscapeCertSequence
+_CSSMOID_CollectiveFacsimileTelephoneNumber
+_CSSMOID_PKCS12_pbeWithSHAAnd2Key3DESCBC
+_CSSMOID_APPLE_EXTENSION_APPLE_SIGNING
+_CSSMOID_X509V1CRLNumberOfRevokedCertEntries
+_CSSMOID_APPLE_TP_EAP
+_CSSM_DL_Authenticate
+_CSSM_CL_CrlGetAllCachedRecordFields
+_CSSMOID_ANSI_DH_HYBRID1
+_CSSM_CL_CertGetKeyInfo
+_CSSMOID_TelexNumber
+_CSSMOID_APPLE_TP_IP_SEC
+_CSSMOID_SHA512
+_CSSM_TP_PassThrough
+_CSSMOID_PKCS7_DigestedData
+_CSSMOID_CollectivePostOfficeBox
+_CSSM_TP_CrlCreateTemplate
+_CSSMOID_ANSI_DH_ONE_FLOW
+_CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_FETCH
+_CSSM_FreeKey
+_CSSMOID_secp160r1
+_CSSMOID_KERBv5_PKINIT_AUTH_DATA
+_CSSMOID_AD_TIME_STAMPING
+_CSSMOID_DOTMAC_CERT_IDENTITY
+_CSSMOID_Owner
+_CSSMOID_ExtendedKeyUsage
+_CSSMOID_ANSI_DH_PUB_NUMBER
+_CSSMOID_SHA384WithRSA
+_CSSMOID_PKCS5_DES_EDE3_CBC
+_CSSMOID_X509V1SubjectName
+_CSSMOID_PKCS7_EncryptedPrivateKeyInfo
+_CSSMOID_APPLE_FEE
+_CSSM_EncryptDataUpdate
+_CSSMOID_SubjectEmailAddress
+_CSSMOID_PKIX_OCSP_RESPONSE
+_CSSMOID_DOTMAC_CERT_REQ
+_CSSMOID_X509V1CRLRevokedCertificatesStruct
+_CSSMOID_InternationalISDNNumber
+_CSSMOID_GenerationQualifier
+_CSSMOID_secp192k1
+_CSSMOID_APPLE_TP_PROFILE_SIGNING
+_CSSMOID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT
+_CSSMOID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE
+_CSSMOID_Name
+_CSSMOID_Member
+_CSSMOID_PKCS5_pbeWithMD2AndDES
+_CSSM_DL_DataGetFirst
+_CSSMOID_DOTMAC_CERT_EMAIL_SIGN
+_CSSM_DL_GetDbAcl
+_CSSM_EncryptData
+_CSSMOID_X509V3CertificateExtensionType
+_CSSMOID_SHA1WithDSA_CMS
+_CSSMOID_APPLE_TP_CSR_GEN
+_CSSMOID_DOTMAC_CERT
+_CSSMOID_X509V1SubjectNameCStruct
+_CSSM_TP_SubmitCredRequest
+_CSSMOID_StreetAddress
+_CSSM_DL_PassThrough
+_CSSMOID_APPLE_EXTENSION_ADC_DEV_SIGNING
+_CSSMOID_X509V1SignatureAlgorithmTBS
+_CSSMOID_MACAPPSTORE_RECEIPT_CERT_POLICY
+_CSSMOID_NetscapeSGC
+_CSSMOID_APPLE_ISIGN
+_CSSMOID_ContentType
+_CSSM_CL_CertGetNextFieldValue
+_CSSMOID_X509V2CRLTbsCertListCStruct
+_CSSM_CL_CertAbortQuery
+_CSSMOID_X509V1CertificateSubjectUniqueId
+_CSSM_ModuleDetach
+_CSSMOID_sect163r1
+_CSSMOID_ecPublicKey
+_CSSMOID_PostOfficeBox
+_CSSM_CSP_Login
+_CSSMOID_APPLE_EXTENSION_CODE_SIGNING
+_CSSM_QueryKeySizeInBits
+_CSSMOID_APPLE_TP_SW_UPDATE_SIGNING
+_CSSMOID_ObjectClass
+_CSSM_CSP_CreateSymmetricContext
+_CSSMOID_X9_62_EllCurve
+_CSSMOID_APPLE_EXTENSION_ESCROW_SERVICE
+_CSSMOID_APPLE_TP_RESOURCE_SIGN
+_CSSMOID_ECDSA_WithSpecified
+_CSSMOID_AD_OCSP
+_CSSMOID_MD4
+_CSSMOID_X509V3SignedCertificate
+_CSSMOID_DES_CBC
+_CSSMOID_CollectiveOrganizationalUnitName
+_CSSMOID_CollectivePhysicalDeliveryOfficeName
+_CSSM_CL_CertVerifyWithKey
+_CSSMOID_APPLE_ASC
+_CSSMOID_secp160r2
+_CSSM_GenerateRandom
+_CSSMOID_X509V1CRLRevokedEntryCStruct
+_CSSMOID_APPLE_TP_MOBILE_STORE
+_CSSMOID_Description
+_CSSMOID_SHA1
+_CSSMOID_CollectiveTelephoneNumber
+_CSSM_GetPrivilege
+_CSSM_DL_DbCreate
+_CSSMOID_X509V1CRLThisUpdate
+_CSSMOID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT
+_CSSMOID_ETSI_QCS_QC_LIMIT_VALUE
+_CSSMOID_OCSPSigning
+_CSSM_CL_CertCreateTemplate
+_CSSMOID_X509V1CRLRevokedCertificatesCStruct
+_CSSM_VerifyDevice
+_CSSM_ChangeKeyOwner
+_CSSMOID_CrlDistributionPoints
+_CSSMOID_X509V2CRLSingleExtensionCStruct
+_CSSM_TP_CertSign
+_CSSMOID_X509V1Version
+_CSSM_EncryptDataInit
+_CSSMOID_PKCS7_SignedData
+_CSSM_TP_RetrieveCredResult
+_CSSMOID_PKCS5_HMAC_SHA1
+_CSSM_EncryptDataP
+_CSSMOID_PKCS5_pbeWithSHA1AndRC2
+_CSSM_TP_ConfirmCredResult
+_CSSM_TP_ApplyCrlToDb
+_CSSM_CL_CrlAbortCache
+_CSSMOID_X509V1SubjectPublicKeyAlgorithmParameters
+_CSSM_CL_CrlSetFields
+_CSSMOID_PKCS12_safeContentsBag
+_CSSMOID_ChallengePassword
+_CSSMOID_QT_CPS
+_CSSMOID_APPLE_TP_TIMESTAMPING
+_CSSMOID_X509V2CRLRevokedEntryExtensionType
+_CSSMOID_sect409r1
+_CSSMOID_X509V1SignatureCStruct
+_CSSM_CSP_CreateMacContext
+_CSSM_CL_CrlGetNextCachedFieldValue
+_CSSMOID_CounterSignature
+_CSSMOID_CollectiveStateProvinceName
+_CSSM_EncryptDataFinal
+_CSSMOID_NetscapeCertType
+_CSSM_GetContext
+_CSSM_CSP_Logout
+_CSSM_DeleteContextAttributes
+_CSSM_TP_CertGroupToTupleGroup
+_CSSMOID_BusinessCategory
+_CSSMOID_Certicom
+_CSSMOID_APPLE_FEEDEXP
+_CSSMOID_PKCS12_pbeWithSHAAnd128BitRC4
+_CSSM_DL_GetDbNameFromHandle
+_CSSMOID_sect163r2
+_CSSM_DeleteContext
+_CSSMOID_sect283k1
+_CSSM_ListAttachedModuleManagers
+_CSSM_CSP_ChangeLoginOwner
+_CSSMOID_PostalCode
+_CSSMOID_X509V3CertificateExtensionStruct
+_CSSMOID_APPLE_EXTENSION_DEVELOPER_AUTHENTICATION
+_CSSM_GetKeyOwner
+_CSSMOID_X509V1ValidityNotBefore
+_CSSM_CSP_CreateDeriveKeyContext
+_CSSMOID_ETSI_QCS_QC_COMPLIANCE
+_CSSMOID_APPLE_EKU_PASSBOOK_SIGNING
+_CSSMOID_AuthorityKeyIdentifier
+_CSSMOID_ANSI_DH_HYBRID1_SHA1
+_CSSM_UpdateContextAttributes
+_CSSMOID_PKCS7_SignedAndEnvelopedData
+_CSSMOID_X509V1IssuerNameCStruct
+_CSSMOID_X9_62_SigType
+_CSSM_CL_CrlAddCert
+_CSSMOID_MessageDigest
+_CSSMOID_RSA
+_CSSMOID_X509V3CertificateExtensionValue
+_CSSMOID_ETSI_QCS_QC_SSCD
+_CSSM_TP_FormRequest
+_CSSM_CL_CertGroupFromVerifiedBundle
+_CSSMOID_X509V1CRLIssuerNameLDAP
+_CSSMOID_X509V2CRLExtensionType
+_CSSMOID_DOTMAC_CERT_REQ_VALUE_PASSWORD
+_CSSMOID_APPLE_TP_APPLEID_SHARING
+_CSSMOID_APPLE_EXTENSION_PASSBOOK_SIGNING
+_CSSMOID_PKCS12_certBag
+_CSSMOID_SubjectDirectoryAttributes
+_CSSMOID_X509V2CRLRevokedEntryAllExtensionsStruct
+_CSSM_SetPrivilege
+_CSSMOID_SubjectAltName
+_CSSMOID_ANSI_MQV2_SHA1
+_CSSMOID_X509V1SubjectNameStd
+_CSSMOID_sect113r2
+_CSSM_ChangeKeyAcl
+_CSSMOID_PKCS7_EnvelopedData
+_CSSM_DL_GetDbOwner
+_CSSMOID_PostalAddress
+_CSSMOID_KERBv5_PKINIT_RKEY_DATA
+_CSSM_CL_FreeFieldValue
+_CSSMOID_CertIssuer
+_CSSMOID_AuthorityRevocationList
+_CSSMOID_SubjectKeyIdentifier
+_CSSM_SignDataFinal
+_CSSMOID_APPLE_EXTENSION_INTERMEDIATE_MARKER
+_CSSM_CL_FreeFields
+_CSSMOID_MACAPPSTORE_CERT_POLICY
+_CSSMOID_KeyUsage
+_CSSMOID_PKCS7_Data
+_CSSMOID_PKCS7_DataWithAttributes
+_CSSMOID_CollectivePostalAddress
+_CSSMOID_PKCS9_SdsiCertificate
+_CSSMOID_APPLE_TP_REVOCATION
+_CSSMOID_AD_CA_ISSUERS
+_CSSMOID_DOTMAC_CERT_REQ_VALUE_RENEW
+_CSSMOID_MD4WithRSA
+_CSSM_GenerateMacFinal
+_CSSMOID_X509V1SignatureAlgorithmParameters
+_CSSMOID_IssuingDistributionPoint
+_CSSMOID_CollectiveStreetAddress
+_CSSM_CL_CertGetFirstFieldValue
+_CSSMOID_CertificatePolicies
+_CSSMOID_X509V3CertificateExtensionsCStruct
+_CSSMOID_secp112r1
+_CSSM_GenerateMacInit
+_CSSMOID_DOTMAC_CERT_REQ_VALUE_USERNAME
+_CSSMOID_APPLE_TP_CODE_SIGN
+_CSSMOID_APPLE_EXTENSION_WWDR_INTERMEDIATE
+_CSSMOID_OAEP_ID_PSPECIFIED
+_CSSM_DL_DataGetFromUniqueRecordId
+_CSSMOID_DistinguishedName
+_CSSMOID_EKU_IPSec
+_CSSMOID_APPLE_TP_CODE_SIGNING
+_CSSMOID_X9_62_PubKeyType
+_CSSMOID_DomainComponent
+_CSSM_GenerateAlgorithmParams
+_CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN
+_CSSM_GenerateKeyPairP
+_CSSMOID_CollectiveInternationalISDNNumber
+_CSSM_DecryptDataInitP
+_CSSM_ModuleLoad
+_CSSM_SetContext
+_CSSMOID_APPLE_TP_SSL
+_CSSMOID_OrganizationName
+_CSSMOID_PKCS9_TimeStampToken
+_CSSMOID_secp256k1
+_CSSMOID_X509V3CertificateExtensionId
+_CSSM_DL_DataAbortQuery
+_CSSMOID_X_121Address
+_CSSM_TP_CertCreateTemplate
+_CSSM_TP_CertRevoke
+_CSSM_DL_DataDelete
+_CSSMOID_PKCS5_RC2_CBC
+_CSSMOID_PKIX_OCSP_SERVICE_LOCATOR
+_CSSMOID_PKIX_OCSP_NONCE
+_CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT
+_CSSM_CL_CrlCreateTemplate
+_CSSMOID_PKCS5_pbeWithMD2AndRC2
+_CSSMOID_ANSI_DH_STATIC_SHA1
+_CSSM_AC_PassThrough
+_CSSM_CSP_PassThrough
+_CSSMOID_PKCS5_pbeWithMD5AndRC2
+_CSSMOID_APPLE_TP_PASSBOOK_SIGNING
+_CSSMOID_CSSMKeyStruct
+_CSSMOID_BasicConstraints
+_CSSM_SignData
+_CSSMOID_X509V2CRLVersion
+_CSSMOID_X509V1CertificateIssuerUniqueId
+_CSSM_UnwrapKeyP
+_CSSMOID_SHA224
+_CSSM_CSP_CreateDigestContext
+_CSSM_DL_FreeUniqueRecord
+_CSSMOID_HoldInstructionCode
+_CSSMOID_X509V1CRLRevokedEntryStruct
+_CSSMOID_X509V2CRLRevokedEntryNumberOfExtensions
+_CSSMOID_X509V1ValidityNotAfter
+_CSSMOID_sect113r1
+_CSSM_CSP_GetLoginOwner
+_CSSMOID_X509V2CRLRevokedEntryAllExtensionsCStruct
+_CSSMOID_X509V1SignatureAlgorithm
+_CSSMOID_secp521r1
+_CSSMOID_X509V2CRLSingleExtensionStruct
+_CSSMOID_APPLE_EXTENSION_ITMS_INTERMEDIATE
+_CSSMOID_PDA_COUNTRY_CITIZEN
+_CSSMOID_PolicyMappings
+_CSSM_GenerateMac
+_CSSM_CL_CrlSign
+_CSSMOID_ANSI_MQV1_SHA1
+_CSSMOID_X509V2CRLRevokedEntryExtensionValue
+_CSSM_GetSubserviceUIDFromHandle
+_CSSMOID_ANSI_DH_EPHEM
+_CSSM_VerifyDataInit
+_CSSMOID_X509V2CRLNumberOfExtensions
+_CSSMOID_APPLE_TP_QA_PROFILE_SIGNING
+_CSSMOID_PKCS9_CertTypes
+_CSSM_CL_CertGetNextCachedFieldValue
+_CSSM_TP_CrlVerify
+_CSSM_VerifyMacFinal
+_CSSM_DigestDataInit
+_CSSMOID_PresentationAddress
+_CSSMOID_APPLE_TP_PKINIT_CLIENT
+_CSSMOID_DOTMAC_CERT_REQ_IDENTITY
+_CSSM_CSP_CreateKeyGenContext
+_CSSM_CL_CertAbortCache
+_CSSM_GenerateMacUpdate
+_CSSMOID_SHA256
+_CSSM_TP_CertReclaimAbort
+_CSSMOID_secp224k1
+_CSSMOID_ExtendedKeyUsageAny
+_CSSMOID_UserCertificate
+_CSSMOID_OID_QCS_SYNTAX_V1
+_CSSM_RetrieveCounter
+_CSSMOID_APPLE_TP_PACKAGE_SIGNING
+_CSSM_GetAPIMemoryFunctions
+_CSSM_DigestDataUpdate
+_CSSM_CSP_CreateAsymmetricContext
+_CSSMOID_X509V1CRLIssuerStruct
+_CSSMOID_EmailAddress
+_CSSMOID_PKCS12_pbeWithSHAAnd40BitRC4
+_CSSMOID_RoleOccupant
+_CSSMOID_CrlNumber
+_CSSM_CL_CertDescribeFormat
+_CSSMOID_sect233k1
+_CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_REMOVE
+_CSSMOID_secp112r2
+_CSSMOID_ETSI_QCS_QC_RETENTION
+_CSSMOID_Title
+_CSSM_VerifyDataUpdate
+_CSSM_Unintroduce
+_CSSMOID_X509V2CRLAllExtensionsCStruct
+_CSSMOID_sect571k1
+_CSSMOID_PKCS5_ENCRYPT_ALG

derived_src/funcnames.gen

@@ -0,0 +1,163 @@
+//
+// Standard plugin name tables
+// This file was automatically generated. Do not edit on penalty of futility!
+//
+extern const char *const CLNameTable[] = {
+    	"CertCreateTemplate",
+    	"CertGetAllTemplateFields",
+    	"CertSign",
+    	"CertVerify",
+    	"CertVerifyWithKey",
+    	"CertGetFirstFieldValue",
+    	"CertGetNextFieldValue",
+    	"CertAbortQuery",
+    	"CertGetKeyInfo",
+    	"CertGetAllFields",
+		"FreeFields",
+    	"FreeFieldValue",
+    	"CertCache",
+    	"CertGetFirstCachedFieldValue",
+    	"CertGetNextCachedFieldValue",
+    	"CertAbortCache",
+    	"CertGroupToSignedBundle",
+    	"CertGroupFromVerifiedBundle",
+    	"CertDescribeFormat",
+    	"CrlCreateTemplate",
+    	"CrlSetFields",
+    	"CrlAddCert",
+    	"CrlRemoveCert",
+    	"CrlSign",
+    	"CrlVerify",
+    	"CrlVerifyWithKey",
+    	"IsCertInCrl",
+    	"CrlGetFirstFieldValue",
+    	"CrlGetNextFieldValue",
+    	"CrlAbortQuery",
+    	"CrlGetAllFields",
+    	"CrlCache",
+    	"IsCertInCachedCrl",
+    	"CrlGetFirstCachedFieldValue",
+    	"CrlGetNextCachedFieldValue",
+    	"CrlGetAllCachedRecordFields",
+    	"CrlAbortCache",
+    	"CrlDescribeFormat",
+    	"PassThrough",
+};
+
+extern const char *const DLNameTable[] = {
+    	"DbOpen",
+    	"DbClose",
+    	"DbCreate",
+    	"DbDelete",
+    	"CreateRelation",
+    	"DestroyRelation",
+    	"Authenticate",
+    	"GetDbAcl",
+    	"ChangeDbAcl",
+    	"GetDbOwner",
+    	"ChangeDbOwner",
+    	"GetDbNames",
+    	"GetDbNameFromHandle",
+    	"FreeNameList",
+    	"DataInsert",
+    	"DataDelete",
+    	"DataModify",
+    	"DataGetFirst",
+    	"DataGetNext",
+    	"DataAbortQuery",
+    	"DataGetFromUniqueRecordId",
+    	"FreeUniqueRecord",
+    	"PassThrough",
+};
+
+extern const char *const CSPNameTable[] = {
+    	"EventNotify",
+    	"QuerySize",
+    	"SignData",
+    	"SignDataInit",
+    	"SignDataUpdate",
+    	"SignDataFinal",
+    	"VerifyData",
+    	"VerifyDataInit",
+    	"VerifyDataUpdate",
+    	"VerifyDataFinal",
+    	"DigestData",
+    	"DigestDataInit",
+    	"DigestDataUpdate",
+    	"DigestDataClone",
+    	"DigestDataFinal",
+    	"GenerateMac",
+    	"GenerateMacInit",
+    	"GenerateMacUpdate",
+    	"GenerateMacFinal",
+    	"VerifyMac",
+    	"VerifyMacInit",
+    	"VerifyMacUpdate",
+    	"VerifyMacFinal",
+    	"EncryptData",
+    	"EncryptDataInit",
+    	"EncryptDataUpdate",
+    	"EncryptDataFinal",
+    	"DecryptData",
+    	"DecryptDataInit",
+    	"DecryptDataUpdate",
+    	"DecryptDataFinal",
+    	"QueryKeySizeInBits",
+    	"GenerateKey",
+    	"GenerateKeyPair",
+   	"GenerateRandom",
+    	"GenerateAlgorithmParams",
+    	"WrapKey",
+    	"UnwrapKey",
+    	"DeriveKey",
+    	"FreeKey",
+    	"PassThrough",
+    	"Login",
+    	"Logout",
+    	"ChangeLoginAcl",
+    	"ObtainPrivateKeyFromPublicKey",
+    	"RetrieveUniqueId",
+    	"RetrieveCounter",
+    	"VerifyDevice",
+    	"GetTimeValue",
+    	"GetOperationalStatistics",
+    	"GetLoginAcl",
+    	"GetKeyAcl",
+    	"ChangeKeyAcl",
+    	"GetKeyOwner",
+    	"ChangeKeyOwner",
+    	"GetLoginOwner",
+    	"ChangeLoginOwner",
+};
+
+extern const char *const TPNameTable[] = {
+    	"SubmitCredRequest",
+    	"RetrieveCredResult",
+    	"ConfirmCredResult",
+    	"ReceiveConfirmation",
+    	"CertReclaimKey",
+    	"CertReclaimAbort",
+    	"FormRequest",
+    	"FormSubmit",
+    	"CertGroupVerify",
+    	"CertCreateTemplate",
+    	"CertGetAllTemplateFields",
+    	"CertSign",
+    	"CrlVerify",
+    	"CrlCreateTemplate",
+    	"CertRevoke",
+    	"CertRemoveFromCrlTemplate",
+    	"CrlSign",
+    	"ApplyCrlToDb",
+    	"CertGroupConstruct",
+    	"CertGroupPrune",
+    	"CertGroupToTupleGroup",
+    	"TupleGroupToCertGroup",
+    	"PassThrough",
+};
+
+extern const char *const ACNameTable[] = {
+    	"AuthCompute",
+    	"PassThrough",
+};
+

derived_src/generator.rpt

@@ -0,0 +1,33 @@
+CSSM_CSP_CreateAsymmetricContext not in cssmcspi.h
+CSSM_CSP_CreateDeriveKeyContext not in cssmcspi.h
+CSSM_CSP_CreateDigestContext not in cssmcspi.h
+CSSM_CSP_CreateKeyGenContext not in cssmcspi.h
+CSSM_CSP_CreateMacContext not in cssmcspi.h
+CSSM_CSP_CreatePassThroughContext not in cssmcspi.h
+CSSM_CSP_CreateRandomGenContext not in cssmcspi.h
+CSSM_CSP_CreateSignatureContext not in cssmcspi.h
+CSSM_CSP_CreateSymmetricContext not in cssmcspi.h
+CSSM_DeleteContext not in cssmcspi.h
+CSSM_DeleteContextAttributes not in cssmcspi.h
+CSSM_DigestDataClone has custom implementation
+CSSM_FreeContext has no module type
+CSSM_GenerateAlgorithmParams has custom implementation
+CSSM_GetAPIMemoryFunctions has no module type
+CSSM_GetContext not in cssmcspi.h
+CSSM_GetContextAttribute has no module type
+CSSM_GetModuleGUIDFromHandle has no module type
+CSSM_GetPrivilege has no module type
+CSSM_GetSubserviceUIDFromHandle has no module type
+CSSM_Init has no module type
+CSSM_Introduce has no module type
+CSSM_ListAttachedModuleManagers has no module type
+CSSM_ModuleAttach has no module type
+CSSM_ModuleDetach has no module type
+CSSM_ModuleLoad has no module type
+CSSM_ModuleUnload has no module type
+CSSM_QueryKeySizeInBits has custom implementation
+CSSM_SetContext not in cssmcspi.h
+CSSM_SetPrivilege has no module type
+CSSM_Terminate has no module type
+CSSM_Unintroduce has no module type
+CSSM_UpdateContextAttributes not in cssmcspi.h

header_symlinks/Security/SFSignInAnalytics.h

@@ -1 +1 @@
-../../keychain/Signin Metrics/SFSignInAnalytics.h
+../../keychain/SigninMetrics/SFSignInAnalytics.h

header_symlinks/Security/SecEscrowRequest.h

@@ -0,0 +1 @@
+../../keychain/escrowrequest/Framework/SecEscrowRequest.h

header_symlinks/Security/SecExperimentPriv.h

@@ -1 +1 @@
-../../SecExperiment/SecExperimentPriv.h
+../../experiment/SecExperimentPriv.h

header_symlinks/Security/SecProtocolInternal.h

@@ -0,0 +1 @@
+../../protocol/SecProtocolInternal.h

header_symlinks/Security/SecProtocolTypesPriv.h

@@ -0,0 +1 @@
+../../protocol/SecProtocolTypesPriv.h

header_symlinks/Security/SecXPCHelper.h

@@ -0,0 +1 @@
+../../OSX/utilities/SecXPCHelper.h

header_symlinks/Security/certExtensionTemplates.h

@@ -1 +1 @@
-./OSX/libsecurity_asn1/lib/certExtensionTemplates.h
+../../OSX/libsecurity_asn1/lib/certExtensionTemplates.h

keychain/CMakeLists.txt

@@ -0,0 +1,187 @@
+project(libsecurityd_ios)
+
+add_lib_ios_shim(libsecurityd_ios
+	OUTPUT_NAME "securityd_ios"
+	OBJC_ARC
+	SOURCES
+		../OSX/sec/Security/SecBackupKeybagEntry.m
+		../OSX/sec/Security/SecuritydXPC.c
+		../OSX/sec/SharedWebCredential/swcagent_client.c
+		analytics/C2Metric/SECC2MPCloudKitInfo.m
+		analytics/C2Metric/SECC2MPCloudKitOperationGroupInfo.m
+		analytics/C2Metric/SECC2MPCloudKitOperationInfo.m
+		analytics/C2Metric/SECC2MPDeviceInfo.m
+		analytics/C2Metric/SECC2MPError.m
+		analytics/C2Metric/SECC2MPGenericEvent.m
+		analytics/C2Metric/SECC2MPGenericEventMetric.m
+		analytics/C2Metric/SECC2MPGenericEventMetricValue.m
+		analytics/C2Metric/SECC2MPInternalTestConfig.m
+		analytics/C2Metric/SECC2MPMetric.m
+		analytics/C2Metric/SECC2MPNetworkEvent.m
+		analytics/C2Metric/SECC2MPServerInfo.m
+		analytics/CKKSLaunchSequence.m
+		analytics/CKKSPowerCollection.m
+		analytics/SecC2DeviceInfo.m
+		analytics/SecEventMetric.m
+		analytics/SecMetrics.m
+		categories/NSError+UsefulConstructors.m
+		ckks/CKKS.m
+		ckks/CKKSAccountStateTracker.m
+		ckks/CKKSAnalytics.m
+		ckks/CKKSCloudKitClassDependencies.m
+		ckks/CKKSCondition.m
+		ckks/CKKSConstants.m
+		ckks/CKKSControlServer.m
+		ckks/CKKSCurrentItemPointer.m
+		ckks/CKKSCurrentKeyPointer.m
+		ckks/CKKSDeviceStateEntry.m
+		ckks/CKKSFetchAllRecordZoneChangesOperation.m
+		ckks/CKKSFixups.m
+		ckks/CKKSGroupOperation.m
+		ckks/CKKSHealKeyHierarchyOperation.m
+		ckks/CKKSHealTLKSharesOperation.m
+		ckks/CKKSIncomingQueueEntry.m
+		ckks/CKKSIncomingQueueOperation.m
+		ckks/CKKSItem.m
+		ckks/CKKSItemEncrypter.m
+		ckks/CKKSKey.m
+		ckks/CKKSKeychainBackedKey.m
+		ckks/CKKSKeychainView.m
+		ckks/CKKSListenerCollection.m
+		ckks/CKKSLocalSynchronizeOperation.m
+		ckks/CKKSLockStateTracker.m
+		ckks/CKKSManifest.m
+		ckks/CKKSManifestLeafRecord.m
+		ckks/CKKSMirrorEntry.m
+		ckks/CKKSNearFutureScheduler.m
+		ckks/CKKSNewTLKOperation.m
+		ckks/CKKSNotifier.m
+		ckks/CKKSOutgoingQueueEntry.m
+		ckks/CKKSOutgoingQueueOperation.m
+		ckks/CKKSPBFileStorage.m
+		ckks/CKKSPeer.m
+		ckks/CKKSPeerProvider.m
+		ckks/CKKSProcessReceivedKeysOperation.m
+		ckks/CKKSProvideKeySetOperation.m
+		ckks/CKKSRateLimiter.m
+		ckks/CKKSReachabilityTracker.m
+		ckks/CKKSRecordHolder.m
+		ckks/CKKSReencryptOutgoingItemsOperation.m
+		ckks/CKKSResultOperation.m
+		ckks/CKKSScanLocalItemsOperation.m
+		ckks/CKKSSIV.m
+		ckks/CKKSSQLDatabaseObject.m
+		ckks/CKKSSynchronizeOperation.m
+		ckks/CKKSTLKShare.m
+		ckks/CKKSTLKShareRecord.m
+		ckks/CKKSUpdateCurrentItemPointerOperation.m
+		ckks/CKKSUpdateDeviceStateOperation.m
+		ckks/CKKSViewManager.m
+		ckks/CKKSZone.m
+		ckks/CKKSZoneChangeFetcher.m
+		ckks/CKKSZoneModifier.m
+		ckks/CKKSZoneStateEntry.m
+		ckks/CloudKitCategories.m
+		ckks/NSOperationCategories.m
+		ckks/OctagonAPSReceiver.m
+		ckks/proto/generated_source/CKKSSerializedKey.m
+		ckks/RateLimiter.m
+		CoreDataKeychain/KeychainModel.xcdatamodeld
+		CoreDataKeychain/SecCDKeychain.m
+		escrowrequest/EscrowRequestController.m
+		escrowrequest/EscrowRequestServer.m
+		escrowrequest/EscrowRequestServerHelpers.m
+		escrowrequest/EscrowRequestXPCServer.m
+		escrowrequest/generated_source/SecEscrowPendingRecord.m
+		escrowrequest/operations/EscrowRequestInformCloudServicesOperation.m
+		escrowrequest/operations/EscrowRequestPerformEscrowEnrollOperation.m
+		escrowrequest/SecEscrowPendingRecord+KeychainSupport.m
+		ot/categories/OTAccountMetadataClassC+KeychainSupport.m
+		ot/CuttlefishXPCWrapper.h
+		ot/CuttlefishXPCWrapper.m
+		ot/OctagonCheckTrustStateOperation.m
+		ot/OctagonCKKSPeerAdapter.m
+		ot/OctagonControlServer.m
+		ot/OctagonFlags.m
+		ot/OctagonPendingFlag.m
+		ot/OctagonStateMachine.m
+		ot/OctagonStateMachineHelpers.m
+		ot/OctagonStateMachineObservers.m
+		ot/OT.m
+		ot/OTAuthKitAdapter.m
+		ot/OTCheckHealthOperation.m
+		ot/OTClientStateMachine.m
+		ot/OTClientVoucherOperation.m
+		ot/OTConstants.m
+		ot/OTControlProtocol.m
+		ot/OTCuttlefishAccountStateHolder.m
+		ot/OTCuttlefishContext.m
+		ot/OTDefines.m
+		ot/OTDetermineHSA2AccountStatusOperation.m
+		ot/OTDeviceInformation.m
+		ot/OTDeviceInformationAdapter.m
+		ot/OTEnsureOctagonKeyConsistency.m
+		ot/OTEpochOperation.m
+		ot/OTEstablishOperation.m
+		ot/OTFetchCKKSKeysOperation.m
+		ot/OTFetchViewsOperation.m
+		ot/OTFollowup.m
+		ot/OTJoinWithVoucherOperation.m
+		ot/OTLeaveCliqueOperation.m
+		ot/OTLocalCKKSResetOperation.m
+		ot/OTLocalCuttlefishReset.m
+		ot/OTManager.m
+		ot/OTOperationDependencies.m
+		ot/OTPrepareOperation.m
+		ot/OTRamping.m
+		ot/OTRemovePeersOperation.m
+		ot/OTResetCKKSZonesLackingTLKsOperation.m
+		ot/OTResetOperation.m
+		ot/OTSetRecoveryKeyOperation.m
+		ot/OTSOSAdapter.m
+		ot/OTSOSUpdatePreapprovalsOperation.m
+		ot/OTSOSUpgradeOperation.m
+		ot/OTStates.m
+		ot/OTTriggerEscrowUpdateOperation.m
+		ot/OTUpdateTPHOperation.m
+		ot/OTUpdateTrustedDeviceListOperation.m
+		ot/OTUploadNewCKKSTLKsOperation.m
+		ot/OTVouchWithBottleOperation.m
+		ot/OTVouchWithRecoveryKeyOperation.m
+		ot/proto/generated_source/OTAccountMetadataClassC.m
+		otpaird/OTPairingClient.m
+		SecureObjectSync/SOSChangeTracker.c
+		SecureObjectSync/SOSEngine.c
+		SecureObjectSync/SOSEnsureBackup.m
+		securityd/CheckV12DevEnabled.m
+		securityd/iCloudTrace.c
+		securityd/SecAKSObjCWrappers.m
+		securityd/SecDbBackupManager-protobufs/generated_source/SecDbBackupBag.m
+		securityd/SecDbBackupManager-protobufs/generated_source/SecDbBackupBagIdentity.m
+		securityd/SecDbBackupManager-protobufs/generated_source/SecDbBackupKeyClassSigningKey.m
+		securityd/SecDbBackupManager-protobufs/generated_source/SecDbBackupMetadataClassKey.m
+		securityd/SecDbBackupManager-protobufs/generated_source/SecDbBackupRecoverySet.m
+		securityd/SecDbBackupManager.m
+		securityd/SecDbItem.c
+		securityd/SecDbKeychainItem.m
+		securityd/SecDbKeychainItemV7.m
+		securityd/SecDbKeychainMetadataKeyStore.m
+		securityd/SecDbKeychainV7-protobufs/generated_source/SecDbKeychainSerializedAKSWrappedKey.m
+		securityd/SecDbKeychainV7-protobufs/generated_source/SecDbKeychainSerializedItemV7.m
+		securityd/SecDbKeychainV7-protobufs/generated_source/SecDbKeychainSerializedMetadata.m
+		securityd/SecDbKeychainV7-protobufs/generated_source/SecDbKeychainSerializedSecretData.m
+		securityd/SecDbQuery.c
+		securityd/SecItemBackupServer.c
+		securityd/SecItemDataSource.c
+		securityd/SecItemDb.c
+		securityd/SecItemSchema.c
+		securityd/SecItemServer.c
+		securityd/SecKeybagSupport.c
+		securityd/SecLogSettingsServer.m
+		securityd/SecOTRRemote.m
+		securityd/SFKeychainControlManager.m
+		securityd/SFKeychainServer.m
+		TrustedPeersHelper/TrustedPeersHelperProtocol.m
+	DEFINITIONS
+		USE_KEYSTORE=1
+)

keychain/SecureObjectSync/CMakeLists.txt

@@ -0,0 +1,94 @@
+project(SecureObjectSync)
+
+add_lib_ios_shim(SecureObjectSyncFramework
+	SOURCES
+		SOSBackupSliceKeyBag.m
+		SOSCircleDer.c
+		SOSCircle.c
+		Tool/secViewDisplay.c
+		SOSPeerInfo.m
+		SOSCircleV2.c
+		CKBridge/SOSCloudKeychainClient.c
+		SOSPiggyback.m
+		CKBridge/SOSCloudKeychainConstants.c
+		SOSECWrapUnwrap.c
+		SOSFullPeerInfo.m
+		SOSGenCount.c
+		SOSInternal.m
+		SOSControlHelper.m
+		SOSKVSKeys.m
+		SOSKeyedPubKeyIdentifier.c
+		SOSPeerInfoCollections.c
+		SOSPeerInfoDER.m
+		SOSPeerInfoRingState.m
+		SOSPeerInfoV2.m
+		SOSRingPeerInfoUtils.c
+		SOSRingV0.m
+		SOSViews.m
+		../../OSX/sec/Security/SecRecoveryKey.m
+	INCLUDES
+		${CMAKE_CURRENT_SOURCE_DIR}
+)
+
+add_lib_ios_shim(SecureObjectSyncServer
+	SOURCES
+		../../OSX/sec/Security/SecRecoveryKey.m
+		../securityd/SOSCloudCircleServer.m
+		generated_source/SOSAccountConfiguration.m
+		SOSAccount.m
+		SOSAccountBackup.m
+		SOSAccountCircles.m
+		SOSAccountCloudParameters.m
+		SOSAccountCredentials.m
+		SOSAccountDer.m
+		SOSAccountFullPeerInfo.m
+		SOSAccountGetSet.m
+		SOSAccountGhost.m
+		SOSAccountLog.m
+		SOSAccountPeers.m
+		SOSAccountPersistence.m
+		SOSAccountRecovery.m
+		SOSAccountRings.m
+		SOSAccountRingUpdate.m
+		SOSAccountSync.m
+		SOSAccountTransaction.m
+		SOSAccountTrust.m
+		SOSAccountTrustClassic.m
+		SOSAccountTrustClassic+Circle.m
+		SOSAccountTrustClassic+Expansion.m
+		SOSAccountTrustClassic+Identity.m
+		SOSAccountTrustClassic+Retirement.m
+		SOSAccountUpdate.m
+		SOSAccountViewSync.m
+		SOSAuthKitHelpers.m
+		SOSBackupEvent.c
+		SOSBackupInformation.m
+		SOSCoder.c
+		SOSControlServer.m
+		SOSDigestVector.c
+		SOSIntervalEvent.m
+		SOSManifest.c
+		SOSMessage.c
+		SOSPeer.m
+		SOSPeerCoder.m
+		SOSPeerOTRTimer.m
+		SOSPeerRateLimiter.m
+		SOSRecoveryKeyBag.m
+		SOSRingBackup.m
+		SOSRingBasic.m
+		SOSRingConcordanceTrust.c
+		SOSRingDER.c
+		SOSRingRecovery.m
+		SOSRingTypes.m
+		SOSRingUtils.c
+		SOSTransport.m
+		SOSTransportBackupPeer.m
+		SOSTransportCircle.m
+		SOSTransportCircleCK.m
+		SOSTransportCircleKVS.m
+		SOSTransportKeyParameter.m
+		SOSTransportMessage.m
+		SOSTransportMessageKVS.m
+		SOSTrustedDeviceAttributes.m
+		SOSUserKeygen.m
+)

keychain/SecureObjectSync/Tool/CMakeLists.txt

@@ -0,0 +1,13 @@
+project(SOSCommands)
+
+add_lib_ios(SOSCommands
+	SOURCES
+		accountCirclesViewsPrint.m
+		keychain_log.m
+		keychain_sync_test.m
+		keychain_sync.m
+		recovery_key.m
+		secToolFileIO.c
+		secViewDisplay.c
+		syncbackup.m
+)

keychain/SigninMetrics/OctagonSignPosts.h

@@ -128,6 +128,28 @@ extern os_log_t _OctagonSignpostLogSystem(void);
 extern OctagonSignpost _OctagonSignpostCreate(os_log_t subsystem);
 extern uint64_t _OctagonSignpostGetNanoseconds(OctagonSignpost signpost);
 
+#ifdef DARLING
+// the compiler was being weird with the preprocessor trickery that was happening in Apple's code
+// so i had to manually expand parts of it
+#define _OctagonSignpostBegin(subsystem, name, something, ...) __extension__({ \
+    OctagonSignpost internalSignpost = _OctagonSignpostCreate(subsystem); \
+    os_signpost_interval_begin(subsystem, internalSignpost.identifier, name, __VA_ARGS__); \
+    os_log(subsystem, "BEGIN [%lld]: " name " " something, internalSignpost.identifier, ##__VA_ARGS__); \
+    internalSignpost; \
+})
+
+#define _OctagonSignpostEvent(subsystem, signpost, name, something, ...) __extension__({ \
+    double interval = ((double)_OctagonSignpostGetNanoseconds(_signpost) / NSEC_PER_SEC); \
+    os_signpost_event_emit(subsystem, signpost.identifier, name, __VA_ARGS__); \
+    os_log(subsystem, "EVENT [%lld] %fs: " name " " something, signpost.identifier, interval, ##__VA_ARGS__); \
+})
+
+#define _OctagonSignpostEnd(subsystem, signpost, name, something, ...) __extension__({ \
+    double interval = ((double)_OctagonSignpostGetNanoseconds(signpost) / NSEC_PER_SEC); \
+    os_signpost_interval_end(subsystem, signpost.identifier, name, __VA_ARGS__); \
+    os_log(subsystem, "END [%lld] %fs: " name " " something, signpost.identifier, interval, ##__VA_ARGS__); \
+})
+#else
 #define _OctagonSignpostBegin(subsystem, name, ...) __extension__({ \
     OctagonSignpost internalSignpost = _OctagonSignpostCreate(subsystem); \
     os_signpost_interval_begin(subsystem, internalSignpost.identifier, name, __VA_ARGS__); \
@@ -149,6 +171,7 @@ extern uint64_t _OctagonSignpostGetNanoseconds(OctagonSignpost signpost);
 
 #define _OctagonSwizzle1(x, a, ...) a, x, ##__VA_ARGS__
 #define _OctagonSwizzle2(x, y, a, ...) a, x, y, ##__VA_ARGS__
+#endif
 
 NS_ASSUME_NONNULL_END
 

keychain/ckksctl/CMakeLists.txt

@@ -0,0 +1,16 @@
+project(ckksctl)
+
+add_darling_executable(ckksctl
+	../../lib/SecArgParse.c
+	ckksctl.m
+)
+
+target_link_libraries(ckksctl
+	Security
+
+	# implied dependencies
+	objc
+	system
+)
+
+install(TARGETS ckksctl DESTINATION libexec/darling/usr/sbin)

keychain/otctl/CMakeLists.txt

@@ -0,0 +1,21 @@
+project(otctl)
+
+add_darling_executable(otctl
+	../../lib/SecArgParse.c
+	../ot/OTControlProtocol.m
+	../otpaird/OTPairingClient.m
+	EscrowRequestCLI.m
+	OTControlCLI.m
+	otctl.m
+)
+
+target_link_libraries(otctl
+	Security
+
+	# implied dependencies
+	objc
+	system
+)
+
+install(TARGETS otctl DESTINATION libexec/darling/usr/sbin)
+install(FILES otctl.1 DESTINATION libexec/darling/usr/share/man/man1)

keychain/securityd/CMakeLists.txt

@@ -0,0 +1,64 @@
+project(secd)
+
+add_darling_executable(secd
+	PolicyReporter.h
+	PolicyReporter.m
+	spi.c
+	../../OSX/sec/ipc/SecdWatchdog.m
+	../../OSX/sec/ipc/server.c
+	../../securityd/src/util.m
+	../../OSX/sec/ipc/server_entitlement_helpers.c
+	../../OSX/sec/ipc/server_security_helpers.m
+	../../OSX/sec/ipc/server_xpc.m
+	../../OSX/sec/ipc/server_endpoint.m
+)
+target_compile_definitions(secd PRIVATE
+	SECITEM_SHIM_OSX=1
+	SEC_IOS_ON_OSX=1
+	SECD_SERVER=1
+)
+target_compile_options(secd PRIVATE
+	-fobjc-arc
+)
+target_link_libraries(secd
+	#TrustedPeers # missing
+	#CloudServices # missing
+	z
+	AuthKit
+	#AppleAccount # missing
+	#Accounts # missing
+	#prequelite # missing
+	CrashReporterSupport
+	DiagnosticMessagesClient
+	SecurityFoundation
+	#WirelessDiagnostics # missing
+	Foundation
+	login
+	DER
+	#ACM # missing
+	aks
+	#aks_acl # missing
+	security_asn1
+	#coreauthd_client # missing
+	#ctkclient_sep # missing
+	sqlite3
+	SecureObjectSyncServer
+	utilities
+	libsecurityd_ios
+	libtrustd
+	CoreFoundation
+	IOKit
+	CoreData
+	#ApplePushService # missing
+	#CloudKit # missing
+	SystemConfiguration
+	Security
+	#ProtocolBuffer
+	AppleSystemInfo
+
+	# implied dependencies
+	objc
+	system
+)
+install(TARGETS secd DESTINATION libexec/darling/usr/libexec)
+install(FILES ../../OSX/sec/ipc/com.apple.secd.plist DESTINATION libexec/darling/System/Library/LaunchAgents)

libDER/.gitignore

@@ -0,0 +1,3 @@
+.DS_Store
+xcuserdata
+project.xcworkspace

libDER/CMakeLists.txt

@@ -0,0 +1,12 @@
+project(libDER)
+
+add_security_library(DER
+	FAT
+	SOURCES
+		libDER/DER_CertCrl.c
+		libDER/DER_Decode.c
+		libDER/DER_Digest.c
+		libDER/DER_Encode.c
+		libDER/DER_Keys.c
+		libDER/oids.c
+)

libDER/README.txt

@@ -0,0 +1,34 @@
+                             libDER Library Notes
+			    Last update to this file Jan. 26 2006 by dmitch
+
+This module is a very lightweight implementation of a DER encoder and 
+decoder. Unlike most other DER packages, this one does no malloc or 
+copies when it encodes or decodes; decoding an item yields a pointer 
+and a byte count which refer to memory inside of the "thing" being 
+decoded. Likewise, when encoding, the caller mustsupply a target buffer
+to which the encoded item is written. 
+
+Support for encoding sequences and for decoding sequences and sets of 
+known items is also included; when you decode a sequence, you get a
+sequence of pointers and byte counts - again, no mallocs or copies occur. 
+
+The directory libDER contains the DER decoding library proper. The main
+API is in DER_Decode.h. Support for RSA keys, X509 certs, X509 CRLs, and
+miscellaneous OIDs can also be found in libDER. 
+
+Command line programs to parse and display the contents of X509 certificates
+and CRLs, using libDER, can be found in the Tests directory. 
+
+Revision History
+----------------
+
+  Date        svk tag		Changes
+--------    -----------		----------------------------------------
+01/26/06	 libDER-5		Avoid varargs macros for portability. 
+01/03/06	 libDER-4		Initial distribution in RSACertLib.
+12/23/05	 libDER-3		Fix DER_DECODE_ENABLE ifdef for DER_Decode.c.
+							Add MD2, MD5 OID and DigestInfo capabilities.
+12/13/05	 libDER-2		Added Apple Custom RSA public key formats. 
+							Added PKCS1 RSA private keys. 
+11/28/05	 libDER-1		Initial tag.
+

libDER/Tests/AppleMobilePersonalizedTicket.h

@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2009,2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+#ifndef APPLEMOBILEPERSONALIZEDTICKET_H
+#define APPLEMOBILEPERSONALIZEDTICKET_H
+
+const unsigned kApECIDTag                                 = 1;
+const unsigned kApChipIDTag                               = 2;
+const unsigned kApBoardIDTag                              = 3;
+const unsigned kApProductionModeTag                       = 4;
+const unsigned kApSecurityDomainTag                       = 5;
+const unsigned kLLBBuildStringTag                         = 6;
+const unsigned kiBootDigestTag                            = 7;
+const unsigned kAppleLogoDigestTag                        = 8;
+const unsigned kDeviceTreeDigestTag                       = 9;
+const unsigned kKernelCacheDigestTag                      = 10;
+const unsigned kDiagsDigestTag                            = 11;
+const unsigned kBatteryChargingDigestTag                  = 12;
+const unsigned kBatteryPluginDigestTag                    = 13;
+const unsigned kBatteryLow0DigestTag                      = 14;
+const unsigned kBatteryLow1DigestTag                      = 15;
+const unsigned kRecoveryModeDigestTag                     = 16;
+const unsigned kNeedServiceDigestTag                      = 17;
+const unsigned kApNonceTag                                = 18;
+const unsigned kApPriorTicketIDTag                        = 19;
+const unsigned kiBSSBuildStringTag                        = 20;
+const unsigned kHostiBootTag                              = 21;
+const unsigned kiBECBuildStringTag                        = 22;
+const unsigned kRestoreLogoDigestTag                      = 23;
+const unsigned kRestoreDeviceTreeDigestTag                = 24;
+const unsigned kRestoreKernelCacheDigestTag               = 25;
+const unsigned kRestoreRamDiskDigestTag                   = 26;
+const unsigned kOSDigestTag                               = 27;
+const unsigned kApBindingDigestTag                        = 28;
+const unsigned kApServerNonceTag                          = 29;
+const unsigned kLLBPartialDigestTag                       = 30;
+const unsigned kiBootPartialDigestTag                     = 31;
+const unsigned kAppleLogoPartialDigestTag                 = 32;
+const unsigned kDeviceTreePartialDigestTag                = 33;
+const unsigned kKernelCachePartialDigestTag               = 34;
+const unsigned kDiagsPartialDigestTag                     = 35;
+const unsigned kBatteryChargingPartialDigestTag           = 36;
+const unsigned kBatteryPluginPartialDigestTag             = 37;
+const unsigned kBatteryLow0PartialDigestTag               = 38;
+const unsigned kBatteryLow1PartialDigestTag               = 39;
+const unsigned kRecoveryModePartialDigestTag              = 40;
+const unsigned kNeedServicePartialDigestTag               = 41;
+const unsigned kiBSSPartialDigestTag                      = 42;
+const unsigned kiBECPartialDigestTag                      = 43;
+const unsigned kRestoreLogoPartialDigestTag               = 44;
+const unsigned kRestoreDeviceTreePartialDigestTag         = 45;
+const unsigned kRestoreKernelCachePartialDigestTag        = 46;
+const unsigned kRestoreRamDiskPartialDigestTag            = 47;
+const unsigned kiBootTrustedTag                           = 48;
+const unsigned kAppleLogoTrustedTag                       = 49;
+const unsigned kDeviceTreeTrustedTag                      = 50;
+const unsigned kKernelCacheTrustedTag                     = 51;
+const unsigned kDiagsTrustedTag                           = 52;
+const unsigned kBatteryChargingTrustedTag                 = 53;
+const unsigned kBatteryPluginTrustedTag                   = 54;
+const unsigned kBatteryLow0TrustedTag                     = 55;
+const unsigned kBatteryLow1TrustedTag                     = 56;
+const unsigned kRecoveryModeTrustedTag                    = 57;
+const unsigned kNeedServiceTrustedTag                     = 58;
+const unsigned kRestoreLogoTrustedTag                     = 59;
+const unsigned kRestoreDeviceTreeTrustedTag               = 60;
+const unsigned kRestoreKernelCacheTrustedTag              = 61;
+const unsigned kRestoreRamDiskTrustedTag                  = 62;
+const unsigned kBbSNUMTag                                 = 63;
+const unsigned kBbChipIDTag                               = 64;
+const unsigned kBbProductionModeTag                       = 65;
+const unsigned kFlashPSIBuildStringTag                    = 66;
+const unsigned kModemStackDigestTag                       = 67;
+const unsigned kBbNonceTag                                = 68;
+const unsigned kBbPriorTicketIdTag                        = 69;
+const unsigned kRamPSIBuildStringTag                      = 70;
+const unsigned kHostFlashPSITag                           = 71;
+const unsigned kEBLDigestTag                              = 72;
+const unsigned kStaticEEPDigestTag                        = 73;
+const unsigned kBbApBindingDigestTag                      = 74;
+const unsigned kBbServerNonceTag                          = 75;
+const unsigned kRamPSIPartialDigestTag                    = 76;
+const unsigned kFlashPSIPartialDigestTag                  = 77;
+const unsigned kBatteryCharging0DigestTag                 = 78;
+const unsigned kBatteryCharging1DigestTag                 = 79;
+const unsigned kBatteryFullDigestTag                      = 80;
+const unsigned kBatteryCharging0PartialDigestTag          = 81;
+const unsigned kBatteryCharging1PartialDigestTag          = 82;
+const unsigned kBatteryFullPartialDigestTag               = 83;
+const unsigned kBatteryCharging0TrustedTag                = 84;
+const unsigned kBatteryCharging1TrustedTag                = 85;
+const unsigned kBatteryFullTrustedTag                     = 86;
+const unsigned kUniqueBuildIDTag                          = 87;
+const unsigned kBbGoldCertIdTag                           = 88;
+const unsigned kBbSkeyIdTag                               = 89;
+const unsigned kBasebandFirmwareFlashPSIVersionTag        = 90;
+const unsigned kBasebandFirmwareModemStackDigestTag       = 91;
+const unsigned kBasebandFirmwareRamPSIVersionTag          = 92;
+const unsigned kBasebandFirmwareEBLDigestTag              = 93;
+const unsigned kBasebandFirmwareFlashPSISecPackDigestTag  = 94;
+const unsigned kBasebandFirmwareModemStackSecPackDigestTag= 95;
+const unsigned kBasebandFirmwareFlashPSIDigestTag         = 96;
+const unsigned kBasebandFirmwareRamPSIPartialDigestTag    = 97;
+const unsigned kBasebandFirmwareFlashPSIPartialDigestTag  = 98;
+const unsigned kBbJtagEnableTag                           = 99;
+
+
+#endif /* APPLEMOBILEPERSONALIZEDTICKET_H */

libDER/Tests/DER_Ticket.c

@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 2009,2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+#include "DER_Ticket.h"
+
+#include <libDER/asn1Types.h>
+#include <libDER/DER_Decode.h>
+#include <libDER/DER_Encode.h>
+#include <libDER/DER_Keys.h>
+
+/* Application Processor Ticket */
+const DERItemSpec DERApTicketItemSpecs[] =
+{
+	{ DER_OFFSET(DERApTicket, signatureAlgorithm),
+			ASN1_CONSTR_SEQUENCE,
+			DER_DEC_NO_OPTS | DER_ENC_WRITE_DER },
+	{ DER_OFFSET(DERApTicket, body),
+			ASN1_CONSTR_SET,
+			DER_DEC_NO_OPTS | DER_DEC_SAVE_DER | DER_ENC_WRITE_DER },
+	{ DER_OFFSET(DERApTicket, signature),
+			ASN1_OCTET_STRING,
+			DER_DEC_NO_OPTS },
+	{ DER_OFFSET(DERApTicket, certificates),
+			ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1,
+			DER_DEC_NO_OPTS | DER_ENC_WRITE_DER }
+};
+const DERSize DERNumApTicketItemSpecs =
+	sizeof(DERApTicketItemSpecs) / sizeof(DERItemSpec);
+
+/* Baseband Ticket */
+const DERItemSpec DERBbTicketItemSpecs[] =
+{
+	{ DER_OFFSET(DERBbTicket, signatureAlgorithm),
+			ASN1_CONSTR_SEQUENCE,
+			DER_DEC_NO_OPTS | DER_ENC_WRITE_DER },
+	{ DER_OFFSET(DERBbTicket, body),
+			ASN1_CONSTR_SET,
+			DER_DEC_NO_OPTS | DER_DEC_SAVE_DER | DER_ENC_WRITE_DER },
+	{ DER_OFFSET(DERBbTicket, signature),
+			ASN1_OCTET_STRING,
+			DER_DEC_NO_OPTS },
+	{ DER_OFFSET(DERBbTicket, gpuk),
+			ASN1_CONTEXT_SPECIFIC | 2,
+			DER_DEC_NO_OPTS }
+};
+const DERSize DERNumBbTicketItemSpecs =
+	sizeof(DERBbTicketItemSpecs) / sizeof(DERItemSpec);
+
+#if 0
+/* We need to verify this value and use it here. */
+const DERByte rsaWithSha1Algorithm[] = {
+    0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05
+};
+#endif
+
+#ifdef FAST_SET_LOOKUP
+/* Iterates over all the tags in the set to build an index returned in
+   derSet. */
+DERReturn DERDecodeSetContentInit(
+	const DERItem   *content,			/* data to decode */
+	DERSet          *derSet)            /* IN/OUT, to use in DERDecodeSetTag */
+{
+    DERReturn drtn;
+    DERSequence derSeq;
+    memset(derSet->byTag, 0, derSet->capacity);
+    drtn = DERDecodeSeqContentInit(content, &derSeq);
+    if (drtn == DR_Success) {
+        DERDecodedInfo element;
+        while ((drtn = DERDecodeSeqNext(&derSeq, &element)) == DR_Success) {
+            if (element.tag >= derSet->capacity) return DR_UnexpectedTag;
+            derSet->byTag[element.tag] = element.content.data;
+        }
+        if (drtn == DR_EndOfSequence) drtn = DR_Success;
+    }
+    derSet->end = content->data + content->length;
+
+    return drtn;
+}
+
+DERReturn DERDecodeSetTag(
+	DERSet          *derSet,		/* data to decode */
+	DERTag			tag,			/* tag in sequence/set we are looking for. */
+	DERItem         *content)		/* RETURNED */
+{
+    DERReturn drtn;
+    DERTag tagNumber = tag & ASN1_TAGNUM_MASK;
+    if (tagNumber > derSet->capacity)
+        return DR_UnexpectedTag;
+    DERByte *start = derSet->byTag[tagNumber];
+    if (!start) return DR_UnexpectedTag;
+    DERItem derItem = { .data = start, .length = derSet->end - start };
+    DERDecodedInfo element;
+    drtn = DERDecodeItem(&derItem, &element);
+    if (drtn) return drtn;
+    if (tag != element.tag) return DR_UnexpectedTag;
+    *content = element.content;
+
+    return drtn;
+}
+#endif /* FAST_SET_LOOKUP */
+
+/* Returns the item with tag from the sequence or set pointed to by der.
+   result DR_EndOfSequence if the tag was not found. */
+DERReturn DERSetDecodeItemWithTag(
+	const DERItem	*der,			/* data to decode */
+	DERTag			tag,			/* tag in sequence/set we are looking for. */
+	DERItem         *content)		/* RETURNED */
+{
+    DERReturn drtn;
+    DERSequence derSeq;
+    DERTag topTag;
+    drtn = DERDecodeSeqInit(der, &topTag, &derSeq);
+    if (drtn == DR_Success) {
+        DERDecodedInfo info;
+        while ((drtn = DERDecodeSeqNext(&derSeq, &info)) == DR_Success) {
+            if (info.tag == tag) {
+                *content = info.content;
+                return DR_Success;
+            }
+        }
+    }
+
+    return drtn;
+}
+
+DERReturn DERDecodeApTicket(
+	const DERItem	*contents,
+	DERApTicket		*ticket,            /* RETURNED */
+	DERSize			*numUsedBytes)      /* RETURNED */
+{
+    DERReturn drtn;
+    DERDecodedInfo decodedTicket;
+    drtn = DERDecodeItem(contents, &decodedTicket);
+    if (drtn != DR_Success) goto badTicket;
+    drtn = DERParseSequenceContent(&decodedTicket.content,
+        DERNumApTicketItemSpecs, DERApTicketItemSpecs, ticket, 0);
+    if (drtn != DR_Success) goto badTicket;
+
+    /* Decode the algorithm sequence. */
+    DERAlgorithmId algorithm = {};
+    drtn = DERParseSequenceContent(&ticket->signatureAlgorithm,
+        DERNumAlgorithmIdItemSpecs, DERAlgorithmIdItemSpecs, &algorithm, 0);
+    if (drtn != DR_Success) goto badTicket;
+    /* TODO Check algorithm oid and ensure there are no params.
+       Alternatively replace the code above with a simple memcmp with
+       an already ASN.1 encoded algorithm parms block. */
+
+badTicket:
+    *numUsedBytes = decodedTicket.content.length +
+        decodedTicket.content.data - contents->data;
+
+    return drtn;
+}
+
+DERReturn DERDecodeBbTicket(
+	const DERItem	*contents,
+	DERBbTicket		*ticket,            /* RETURNED */
+	DERSize			*numUsedBytes)      /* RETURNED */
+{
+    DERReturn drtn;
+    DERDecodedInfo decodedTicket;
+    drtn = DERDecodeItem(contents, &decodedTicket);
+    if (drtn != DR_Success) goto badTicket;
+    drtn = DERParseSequenceContent(&decodedTicket.content,
+        DERNumBbTicketItemSpecs, DERBbTicketItemSpecs, ticket, 0);
+    if (drtn != DR_Success) goto badTicket;
+
+    /* Decode the algorithm sequence. */
+    DERAlgorithmId algorithm = {};
+    drtn = DERParseSequenceContent(&ticket->signatureAlgorithm,
+        DERNumAlgorithmIdItemSpecs, DERAlgorithmIdItemSpecs, &algorithm, 0);
+    if (drtn != DR_Success) goto badTicket;
+    /* TODO Check algorithm oid and ensure there are no params.
+       Alternatively replace the code above with a simple memcmp with
+       an already ASN.1 encoded algorithm parms block. */
+
+badTicket:
+    *numUsedBytes = decodedTicket.content.length +
+        decodedTicket.content.data - contents->data;
+
+    return drtn;
+}

libDER/Tests/DER_Ticket.h

@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2009,2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+#include <libDER/libDER.h>
+
+
+#define FAST_SET_LOOKUP     1
+
+#ifdef FAST_SET_LOOKUP
+/* state representing a fast by tag set accessor, the caller needs to provide
+   a set large enough to hold all */
+typedef struct {
+	DERTag	capacity;   /* should be large enough to hold all encountered tags.
+                           otherwise DR_UnexpectedTag will be returned, note
+                           that only one tag per tag number can exist. */
+	DERByte	*end;
+	DERByte	*byTag[];   /* maxTag element array of pointers to tag + length
+                           of items in set indexed by tagNumber. */
+} DERSet;
+
+/* Iterates over all the tags in the set to build an index returned in
+   derSet. */
+DERReturn DERDecodeSetContentInit(
+	const DERItem   *der,			/* data to decode */
+	DERSet          *derSet);		/* IN/OUT, to use in DERDecodeSetTag */
+
+/* Returns DR_UnexpectedTag if the requested tag is not in derSet, returns
+   the content of the decoded item in content otherwise. */
+DERReturn DERDecodeSetTag(
+	DERSet          *derSeq,		/* data to decode */
+	DERTag			tag,			/* tag in sequence/set we are looking for. */
+	DERItem         *content);		/* RETURNED */
+#endif /* FAST_SET_LOOKUP */
+
+
+DERReturn DERSetDecodeItemWithTag(
+	const DERItem	*der,			/* data to decode */
+	DERTag			tag,			/* tag in sequence/set we are looking for. */
+	DERItem         *content);		/* RETURNED */
+
+
+/* Application Processor Ticket */
+typedef struct {
+	DERItem		signatureAlgorithm;     /* AlgorithmId */
+	DERItem		body;                   /* SET OF OCTECT STRING, DER_DEC_SAVE_DER */
+	DERItem		signature;              /* OCTET STRING */
+	DERItem		certificates;            /* SEQUENCE of CERTIFICATE */
+} DERApTicket;
+
+/* DERItemSpecs to decode into a DERApTicket */
+extern const DERItemSpec DERApTicketItemSpecs[];
+extern const DERSize DERNumApTicketItemSpecs;
+
+DERReturn DERDecodeApTicket(
+	const DERItem	*contents,
+	DERApTicket		*ticket,            /* RETURNED */
+	DERSize			*numUsedBytes);     /* RETURNED */
+
+
+/* Baseband Ticket */
+typedef struct {
+	DERItem		signatureAlgorithm;     /* AlgorithmId */
+	DERItem		body;                   /* SET OF OCTECT STRING, DER_DEC_SAVE_DER */
+	DERItem		signature;              /* OCTET STRING */
+	DERItem		gpuk;                   /* OCTET STRING */
+} DERBbTicket;
+
+/* DERItemSpecs to decode into a DERBbTicket */
+extern const DERItemSpec DERBbTicketItemSpecs[];
+extern const DERSize DERNumBbTicketItemSpecs;
+
+DERReturn DERDecodeBbTicket(
+	const DERItem	*contents,
+	DERBbTicket		*ticket,            /* RETURNED */
+	DERSize			*numUsedBytes);     /* RETURNED */

libDER/Tests/certsCrls/Test_CRL_CA1.crl.pem

@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB3zCByDANBgkqhkiG9w0BAQQFADBvMQswCQYDVQQGEwJkZTEgMB4GA1UEChMX
+SW5zZWN1cmVUZXN0Q2VydGlmaWNhdGUxFzAVBgNVBAMTDkZvciBUZXN0cyBPbmx5
+MSUwIwYJKoZIhvcNAQkBFhZpbnNlY3VyZUB0ZXN0Lmluc2VjdXJlFw0wMTA4MTcx
+MTEyMDNaFw0wNjA4MTYxMTEyMDNaMCgwEgIBAxcNMDEwODE3MTExMDM5WjASAgEF
+Fw0wMTA4MTcxMTExNTlaMA0GCSqGSIb3DQEBBAUAA4IBAQB47lMVCKlPoBAgLway
+76eNRq1749jt/7g/Ouh06isNM66/CgzVL2xKSC3s2FX4xKg320niWI6Dvm4H3M6I
+7RvuoCvZBVpu1MA8z2No89g2UPWlSxUAvuvo2GOGRgo+8nc/84g8biLUxTSF8Vs4
+T1Hngo1qrfePM4ou1uu7LhRnR8tuIVoQT6W3RSlEsQRBRM3y+VkOPAf0GBGyl6WG
+WiymXHqsqis80WbX50tr859Cltqbu2yaFAX++IEBBDB7JoVi1blumgarqfXYkoUW
+n9d3F8qySNjsfhOV613fXpmfXFZ33uTFsLSoihP8f6+Cusx2rfuGap7jOPv7j7sj
+l2Y1
+-----END X509 CRL-----

libDER/Tests/parseCert.c

@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 2005-2007,2010-2011 Apple Inc. All Rights Reserved.
+ *
+ * parseCert.c - parse a DER-encoded X509 certificate using libDER. 
+ */
+ 
+#include <stdlib.h>
+#include <strings.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <libDER/libDER.h>
+#include <libDER/asn1Types.h>
+#include <libDER/DER_CertCrl.h>
+#include <libDER/DER_Keys.h>
+#include <libDERUtils/fileIo.h>
+#include <libDERUtils/libDERUtils.h>
+#include <libDERUtils/printFields.h>
+
+static void usage(char **argv)
+{
+	printf("usage: %s certFile [options]\n", argv[0]);
+	printf("Options:\n");
+	printf("  -v     -- verbose \n");
+	/* etc. */
+	exit(1);
+}
+
+static void	printValidity(
+	DERItem *validity, 
+	int verbose)
+{
+	DERReturn drtn;
+	DERValidity derv;
+	
+	drtn = DERParseSequenceContent(validity,
+		DERNumValidityItemSpecs, DERValidityItemSpecs,
+		&derv, sizeof(derv));
+	if(drtn) {
+		DERPerror("DERParseSequenceContent(validity)", drtn);
+		return;
+	}
+	decodePrintItem("notBefore", IT_Leaf, verbose, &derv.notBefore);
+	decodePrintItem("notAfter",  IT_Leaf, verbose, &derv.notAfter);
+	
+}
+
+int main(int argc, char **argv)
+{
+	unsigned char *certData = NULL;
+	unsigned certDataLen = 0;
+	DERSignedCertCrl signedCert;
+	DERTBSCert tbs;
+	DERReturn drtn;
+	DERItem item;
+	int verbose = 0;
+	extern char *optarg;
+	int arg;
+	extern int optind;
+	
+	if(argc < 2) {
+		usage(argv);
+	}
+	if(readFile(argv[1], &certData, &certDataLen)) {
+		printf("***Error reading cert from %s. Aborting.\n", argv[1]);
+		exit(1);
+	}
+
+	optind = 2;
+	while ((arg = getopt(argc, argv, "vh")) != -1) {
+		switch (arg) {
+			case 'v':
+				verbose = 1;
+				break;
+			case 'h':
+				usage(argv);
+		}
+	}
+	if(optind != argc) {
+		usage(argv);
+	}
+
+	/* Top level decode of signed cert into 3 components */
+	item.data = certData;
+	item.length = certDataLen;
+	drtn = DERParseSequence(&item, DERNumSignedCertCrlItemSpecs, DERSignedCertCrlItemSpecs,
+		&signedCert, sizeof(signedCert));
+	if(drtn) {
+		DERPerror("DERParseSequence(SignedCert)", drtn);
+		exit(1);
+	}
+	printItem("TBSCert", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &signedCert.tbs);
+	
+	incrIndent();
+	
+	/* decode the TBSCert - it was saved in full DER form */
+	drtn = DERParseSequence(&signedCert.tbs, 
+		DERNumTBSCertItemSpecs, DERTBSCertItemSpecs,
+		&tbs, sizeof(tbs));
+	if(drtn) {
+		DERPerror("DERParseSequenceContent(TBSCert)", drtn);
+		exit(1);
+	}
+	if(tbs.version.data) {
+		/* unwrap the explicitly tagged integer.... */
+		decodePrintItem("version", IT_Leaf, verbose, &tbs.version);
+	}
+	printItem("serialNum", IT_Leaf, verbose, ASN1_INTEGER, &tbs.serialNum);
+	
+	printItem("tbsSigAlg", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &tbs.tbsSigAlg);
+	incrIndent();
+	printAlgId(&tbs.tbsSigAlg, verbose);
+	decrIndent();
+	
+	printItem("issuer", IT_Leaf, verbose, ASN1_CONSTR_SEQUENCE, &tbs.issuer);
+	printItem("subject", IT_Leaf, verbose, ASN1_CONSTR_SEQUENCE, &tbs.subject);
+	
+	printItem("validity", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &tbs.validity);
+	incrIndent();
+	printValidity(&tbs.validity, verbose);
+	decrIndent();
+	
+	printItem("subjectPubKey", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, 
+		&tbs.subjectPubKey);
+	incrIndent();
+	printSubjPubKeyInfo(&tbs.subjectPubKey, verbose);
+	decrIndent();
+	
+	if(tbs.issuerID.data) {
+		/* found tag is implicit context specific: tell printItem what it really is */
+		printItem("issuerID", IT_Leaf, verbose, ASN1_BIT_STRING, &tbs.issuerID);
+	}
+	if(tbs.subjectID.data) {
+		printItem("subjectID", IT_Leaf, verbose, ASN1_BIT_STRING, &tbs.subjectID);
+	}
+	if(tbs.extensions.data) {
+		printItem("extensions", IT_Leaf, verbose, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 3, 
+			&tbs.extensions);
+	}
+	decrIndent();
+	
+	printItem("sigAlg", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &signedCert.sigAlg);
+	incrIndent();
+	printAlgId(&signedCert.sigAlg, verbose);
+	decrIndent();
+
+	printItem("sig", IT_Leaf, verbose, ASN1_BIT_STRING, &signedCert.sig);
+	
+	return 0;
+}

libDER/Tests/parseCrl.c

@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 2005-2007,2010-2011 Apple Inc. All Rights Reserved.
+ *
+ * parseCrl.c - parse a DER-encoded X509 CRL using libDER. 
+ */
+ 
+#include <stdlib.h>
+#include <strings.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <libDER/libDER.h>
+#include <libDER/asn1Types.h>
+#include <libDER/DER_CertCrl.h>
+#include <libDER/DER_Keys.h>
+#include <libDERUtils/fileIo.h>
+#include <libDERUtils/libDERUtils.h>
+#include <libDERUtils/printFields.h>
+
+static void usage(char **argv)
+{
+	printf("usage: %s crlFile [options]\n", argv[0]);
+	printf("Options:\n");
+	printf("  -v     -- verbose \n");
+	/* etc. */
+	exit(1);
+}
+
+/* 
+ * This is a SEQUENCE OF so we use the low-level DERDecodeSeq* routines to snag one entry 
+ * at a time.
+ */
+static void	printRevokedCerts(
+	DERItem *revokedCerts, 
+	int verbose)
+{
+	DERReturn drtn;
+	DERDecodedInfo currItem;
+	DERSequence seq;
+	unsigned certNum;
+	DERRevokedCert revoked;
+	
+	drtn = DERDecodeSeqContentInit(revokedCerts, &seq);
+	if(drtn) {
+		DERPerror("DERDecodeSeqContentInit(revokedCerts)", drtn);
+		return;
+	}
+	
+	for(certNum=0; ; certNum++) {
+		drtn = DERDecodeSeqNext(&seq, &currItem);
+		switch(drtn) {
+			case DR_EndOfSequence:
+				/* normal termination */
+				return;
+			default:
+				DERPerror("DERDecodeSeqNext", drtn);
+				return;
+			case DR_Success:
+				doIndent();
+				printf("revoked cert %u\n", certNum);
+				incrIndent();
+				drtn = DERParseSequenceContent(&currItem.content, 
+					DERNumRevokedCertItemSpecs, DERRevokedCertItemSpecs,
+					&revoked, sizeof(revoked));
+				if(drtn) {
+					DERPerror("DERParseSequenceContent(RevokedCert)", drtn);
+					decrIndent();
+					return;
+				}
+				printItem("serialNum", IT_Leaf, verbose, ASN1_INTEGER, &revoked.serialNum);
+				decodePrintItem("revocationDate",  IT_Leaf, verbose, &revoked.revocationDate);
+				printItem("extensions", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &revoked.extensions);
+				decrIndent();
+		}
+	}
+}
+
+int main(int argc, char **argv)
+{
+	unsigned char *crlData = NULL;
+	unsigned crlDataLen = 0;
+	DERSignedCertCrl signedCrl;
+	DERTBSCrl tbs;
+	DERReturn drtn;
+	DERItem item;
+	int verbose = 0;
+	extern char *optarg;
+	int arg;
+	extern int optind;
+	
+	if(argc < 2) {
+		usage(argv);
+	}
+	if(readFile(argv[1], &crlData, &crlDataLen)) {
+		printf("***Error reading CRL from %s. Aborting.\n", argv[1]);
+		exit(1);
+	}
+
+	optind = 2;
+	while ((arg = getopt(argc, argv, "vh")) != -1) {
+		switch (arg) {
+			case 'v':
+				verbose = 1;
+				break;
+			case 'h':
+				usage(argv);
+		}
+	}
+	if(optind != argc) {
+		usage(argv);
+	}
+
+	/* Top level decode of signed CRL into 3 components */
+	item.data = crlData;
+	item.length = crlDataLen;
+	drtn = DERParseSequence(&item, DERNumSignedCertCrlItemSpecs, DERSignedCertCrlItemSpecs,
+		&signedCrl, sizeof(signedCrl));
+	if(drtn) {
+		DERPerror("DERParseSequence(SignedCrl)", drtn);
+		exit(1);
+	}
+	printItem("TBSCrl", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &signedCrl.tbs);
+	
+	incrIndent();
+	
+	/* decode the TBSCrl - it was saved in full DER form */
+	drtn = DERParseSequence(&signedCrl.tbs, 
+		DERNumTBSCrlItemSpecs, DERTBSCrlItemSpecs,
+		&tbs, sizeof(tbs));
+	if(drtn) {
+		DERPerror("DERParseSequenceContent(TBSCrl)", drtn);
+		exit(1);
+	}
+	if(tbs.version.data) {
+		printItem("version", IT_Leaf, verbose, ASN1_INTEGER, &tbs.version);
+	}
+	
+	printItem("tbsSigAlg", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &tbs.tbsSigAlg);
+	incrIndent();
+	printAlgId(&tbs.tbsSigAlg, verbose);
+	decrIndent();
+	
+	printItem("issuer", IT_Leaf, verbose, ASN1_CONSTR_SEQUENCE, &tbs.issuer);
+	
+	decodePrintItem("thisUpdate",  IT_Leaf, verbose, &tbs.thisUpdate);
+	decodePrintItem("nextUpdate",  IT_Leaf, verbose, &tbs.nextUpdate);
+	
+	if(tbs.revokedCerts.data) {
+		printItem("version", IT_Leaf, verbose, ASN1_CONSTR_SEQUENCE, &tbs.revokedCerts);
+		incrIndent();
+		printRevokedCerts(&tbs.revokedCerts, verbose);
+		decrIndent();
+	}
+	
+	if(tbs.extensions.data) {
+		printItem("extensions", IT_Leaf, verbose, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 3, 
+			&tbs.extensions);
+	}
+	
+	printItem("sigAlg", IT_Branch, verbose, ASN1_CONSTR_SEQUENCE, &signedCrl.sigAlg);
+	incrIndent();
+	printAlgId(&signedCrl.sigAlg, verbose);
+	decrIndent();
+
+	printItem("sig", IT_Leaf, verbose, ASN1_BIT_STRING, &signedCrl.sig);
+	
+	return 0;
+}