]> git.saurik.com Git - apple/libsecurity_codesigning.git/blob - lib/macho++.cpp
projects / apple / libsecurity_codesigning.git / blob
? search:


11eb33b669f3a8c502edde2bc9fa857f164caf97
[apple/libsecurity_codesigning.git] / lib / macho++.cpp
1 /*
2 * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // macho++ - Mach-O object file helpers
26 //
27 #include "macho++.h"
28 #include <security_utilities/memutils.h>
29
30 namespace Security {
31
32
33 //
34 // Architecture values
35 //
36 Architecture::Architecture(const fat_arch &arch)
37 : pair<cpu_type_t, cpu_subtype_t>(ntohl(arch.cputype), ntohl(arch.cpusubtype))
38 {
39 }
40
41
42 //
43 // The local architecture (on demand; cached)
44 //
45 struct LocalArch {
46 const NXArchInfo *arch;
47 LocalArch() { arch = NXGetLocalArchInfo(); }
48 };
49 static ModuleNexus<LocalArch> localArch;
50
51 Architecture Architecture::local()
52 {
53 const NXArchInfo &local = *localArch().arch;
54 return Architecture(local.cputype, local.cpusubtype);
55 }
56
57
58 //
59 // Translate between names and numbers
60 //
61 const char *Architecture::name() const
62 {
63 if (const NXArchInfo *info = NXGetArchInfoFromCpuType(cpuType(), cpuSubtype()))
64 return info->name;
65 else if (cpuType() == CPU_TYPE_ARM) { // work-around for non-ARM Leopard systems
66 if (cpuSubtype() == CPU_SUBTYPE_ARM_V6)
67 return "armv6";
68 else
69 return "arm";
70 } else
71 return NULL;
72 }
73
74
75 //
76 // Create a MachO object from an open file and a starting offset.
77 // We load (only) the header and load commands into memory at that time.
78 //
79 MachO::MachO(FileDesc fd, size_t offset, size_t length)
80 : FileDesc(fd), mOffset(offset), mLength(length ? length : (fd.fileSize() - offset))
81 {
82 size_t size = fd.read(&mHeader, sizeof(mHeader), mOffset);
83 if (size != sizeof(mHeader))
84 UnixError::throwMe(ENOEXEC);
85 switch (mHeader.magic) {
86 case MH_MAGIC:
87 mFlip = false;
88 m64 = false;
89 break;
90 case MH_CIGAM:
91 mFlip = true;
92 m64 = false;
93 break;
94 case MH_MAGIC_64:
95 mFlip = false;
96 m64 = true;
97 break;
98 case MH_CIGAM_64:
99 mFlip = true;
100 m64 = true;
101 break;
102 default:
103 UnixError::throwMe(ENOEXEC);
104 }
105
106 size_t cmdSize = flip(mHeader.sizeofcmds);
107 size_t cmdStart = m64 ? sizeof(mach_header_64) : sizeof(mach_header);
108 mCommands = (load_command *)malloc(cmdSize);
109 if (!mCommands)
110 UnixError::throwMe();
111 if (fd.read(mCommands, cmdSize, cmdStart + mOffset) != cmdSize)
112 UnixError::throwMe(ENOEXEC);
113 mEndCommands = LowLevelMemoryUtilities::increment<load_command>(mCommands, cmdSize);
114 secdebug("macho", "%p created fd=%d offset=0x%zx size=0x%zx %s%s %d command(s)",
115 this, this->fd(), mOffset, mLength, mFlip ? " flipped" : "", m64 ? " 64-bit" : "",
116 flip(mHeader.ncmds));
117 }
118
119
120 //
121 // Destroy a MachO.
122 // Note that we don't close the file descriptor.
123 //
124 MachO::~MachO()
125 {
126 secdebug("macho", "%p destroyed", this);
127 ::free(mCommands);
128 }
129
130
131 //
132 // Return various header fields
133 //
134 Architecture MachO::architecture() const
135 {
136 return Architecture(flip(mHeader.cputype), flip(mHeader.cpusubtype));
137 }
138
139 uint32_t MachO::type() const
140 {
141 return flip(mHeader.filetype);
142 }
143
144 uint32_t MachO::flags() const
145 {
146 return flip(mHeader.flags);
147 }
148
149
150 //
151 // Iterate through load commands
152 //
153 const load_command *MachO::nextCommand(const load_command *command) const
154 {
155 using LowLevelMemoryUtilities::increment;
156 command = increment<const load_command>(command, flip(command->cmdsize));
157 return (command < mEndCommands) ? command : NULL;
158 }
159
160
161 //
162 // Locate a segment command, by name
163 //
164 const segment_command *MachO::findSegment(const char *segname) const
165 {
166 for (const load_command *command = loadCommands(); command; command = nextCommand(command)) {
167 if (flip(command->cmd) == LC_SEGMENT) {
168 const segment_command *seg = reinterpret_cast<const segment_command *>(command);
169 if (!strcmp(seg->segname, segname))
170 return seg;
171 }
172 }
173 return NULL;
174 }
175
176 const section *MachO::findSection(const char *segname, const char *sectname) const
177 {
178 using LowLevelMemoryUtilities::increment;
179 if (const segment_command *seg = findSegment(segname)) {
180 if (is64()) {
181 const segment_command_64 *seg64 = reinterpret_cast<const segment_command_64 *>(seg);
182 const section_64 *sect = increment<const section_64>(seg64 + 1, 0);
183 for (unsigned n = flip(seg64->nsects); n > 0; n--, sect++) {
184 if (!strcmp(sect->sectname, sectname))
185 return reinterpret_cast<const section *>(sect);
186 }
187 } else {
188 const section *sect = increment<const section>(seg + 1, 0);
189 for (unsigned n = flip(seg->nsects); n > 0; n--, sect++) {
190 if (!strcmp(sect->sectname, sectname))
191 return sect;
192 }
193 }
194 }
195 return NULL;
196 }
197
198
199 //
200 // Figure out where the Code Signing information starts in the Mach-O binary image.
201 // The code signature is at the end of the file, and identified
202 // by a specially-named section. So its starting offset is also the end
203 // of the signable part.
204 // Note that the offset returned is relative to the start of the Mach-O image.
205 // Returns zero if not found (usually indicating that the binary was not signed).
206 //
207 const linkedit_data_command *MachO::findCodeSignature() const
208 {
209 for (const load_command *cmd = loadCommands(); cmd; cmd = nextCommand(cmd))
210 if (flip(cmd->cmd) == LC_CODE_SIGNATURE)
211 return reinterpret_cast<const linkedit_data_command *>(cmd);
212 return NULL; // not found
213 }
214
215 size_t MachO::signingOffset() const
216 {
217 if (const linkedit_data_command *lec = findCodeSignature())
218 return flip(lec->dataoff);
219 else
220 return 0;
221 }
222
223 size_t MachO::signingLength() const
224 {
225 if (const linkedit_data_command *lec = findCodeSignature())
226 return flip(lec->datasize);
227 else
228 return 0;
229 }
230
231
232 //
233 // Return the signing-limit length for this Mach-O binary image.
234 // This is the signingOffset if present, or the full length if not.
235 //
236 size_t MachO::signingExtent() const
237 {
238 if (size_t offset = signingOffset())
239 return offset;
240 else
241 return length();
242 }
243
244
245 //
246 // I/O operations
247 //
248 void MachO::seek(size_t offset)
249 {
250 FileDesc::seek(mOffset + offset);
251 }
252
253 CFDataRef MachO::dataAt(size_t offset, size_t size)
254 {
255 CFMallocData buffer(size);
256 if (this->read(buffer, size, mOffset + offset) != size)
257 UnixError::throwMe();
258 return buffer;
259 }
260
261
262 //
263 // Fat (aka universal) file wrappers
264 //
265 Universal::Universal(FileDesc fd)
266 : FileDesc(fd)
267 {
268 //@@@ we could save a read by using a heuristically sized combined buffer here
269 fat_header header; // note how in the thin-file case, we'll reinterpret the header below
270 if (fd.read(&header, sizeof(header), 0) != sizeof(header))
271 UnixError::throwMe(ENOEXEC);
272 switch (header.magic) {
273 case FAT_MAGIC:
274 case FAT_CIGAM:
275 {
276 mArchCount = ntohl(header.nfat_arch);
277 size_t archSize = sizeof(fat_arch) * mArchCount;
278 mArchList = (fat_arch *)malloc(archSize);
279 if (!mArchList)
280 UnixError::throwMe();
281 if (fd.read(mArchList, archSize, sizeof(header)) != archSize) {
282 ::free(mArchList);
283 UnixError::throwMe(ENOEXEC);
284 }
285 secdebug("macho", "%p is a fat file with %d architectures",
286 this, mArchCount);
287 break;
288 }
289 case MH_MAGIC:
290 case MH_MAGIC_64:
291 mArchList = NULL;
292 mArchCount = 0;
293 mThinArch = Architecture(reinterpret_cast<mach_header &>(header).cputype);
294 secdebug("macho", "%p is a thin file (%s)", this, mThinArch.name());
295 break;
296 case MH_CIGAM:
297 case MH_CIGAM_64:
298 mArchList = NULL;
299 mArchCount = 0;
300 mThinArch = Architecture(ntohl(reinterpret_cast<mach_header &>(header).cputype));
301 secdebug("macho", "%p is a thin file (%s)", this, mThinArch.name());
302 break;
303 default:
304 UnixError::throwMe(ENOEXEC);
305 }
306 }
307
308 Universal::~Universal()
309 {
310 ::free(mArchList);
311 }
312
313
314 //
315 // Get the "local" architecture from the fat file
316 // Throws ENOEXEC if not found.
317 //
318 MachO *Universal::architecture() const
319 {
320 if (isUniversal())
321 return findImage(bestNativeArch());
322 else
323 return new MachO(*this);
324 }
325
326 size_t Universal::archOffset() const
327 {
328 if (isUniversal())
329 return ntohl(findArch(bestNativeArch())->offset);
330 else
331 return 0;
332 }
333
334
335 //
336 // Get the specified architecture from the fat file
337 // Throws ENOEXEC if not found.
338 //
339 MachO *Universal::architecture(const Architecture &arch) const
340 {
341 if (isUniversal())
342 return findImage(arch);
343 else if (arch == mThinArch)
344 return new MachO(*this);
345 else
346 UnixError::throwMe(ENOEXEC);
347 }
348
349 size_t Universal::archOffset(const Architecture &arch) const
350 {
351 if (isUniversal())
352 return ntohl(findArch(arch)->offset);
353 else if (arch == mThinArch)
354 return 0;
355 else
356 UnixError::throwMe(ENOEXEC);
357 }
358
359
360 //
361 // Locate an architecture from the fat file's list.
362 // Throws ENOEXEC if not found.
363 //
364 const fat_arch *Universal::findArch(const Architecture &target) const
365 {
366 assert(isUniversal());
367 const fat_arch *end = mArchList + mArchCount;
368 for (const fat_arch *arch = mArchList; arch < end; ++arch)
369 if (cpu_type_t(ntohl(arch->cputype)) == target.cpuType()) //@@@ ignoring subarch
370 return arch;
371 UnixError::throwMe(ENOEXEC); // not found
372 }
373
374 MachO *Universal::findImage(const Architecture &target) const
375 {
376 const fat_arch *arch = findArch(target);
377 return new MachO(*this, ntohl(arch->offset), ntohl(arch->size));
378 }
379
380
381 //
382 // Find the best-matching architecture for this fat file.
383 // We pick the native architecture if it's available.
384 // If it contains exactly one architecture, we take that.
385 // Otherwise, we throw.
386 //
387 Architecture Universal::bestNativeArch() const
388 {
389 if (isUniversal()) {
390 const cpu_type_t native = Architecture::local().cpuType();
391 const fat_arch *end = mArchList + mArchCount;
392 for (const fat_arch *arch = mArchList; arch < end; ++arch)
393 if (cpu_type_t(ntohl(arch->cputype)) == native) // ignoring subarch
394 return Architecture(native);
395 if (mArchCount == 1)
396 return Architecture(ntohl(mArchList->cputype));
397 UnixError::throwMe(ENOEXEC);
398 } else
399 return mThinArch;
400 }
401
402
403 //
404 // List all architectures from the fat file's list.
405 //
406 void Universal::architectures(Architectures &archs)
407 {
408 if (isUniversal()) {
409 for (unsigned n = 0; n < mArchCount; n++)
410 archs.insert(mArchList[n]);
411 } else {
412 auto_ptr<MachO> macho(architecture());
413 archs.insert(macho->architecture());
414 }
415 }
416
417
418 //
419 // Quickly guess the Mach-O type of a file.
420 // Returns type zero if the file isn't Mach-O or Universal.
421 // Does not reposition the file.
422 //
423 uint32_t Universal::typeOf(FileDesc fd)
424 {
425 mach_header header;
426 if (fd.read(&header, sizeof(header), 0) != sizeof(header))
427 return false;
428 for (;;) {
429 switch (header.magic) {
430 case MH_MAGIC:
431 case MH_MAGIC_64:
432 return header.filetype;
433 break;
434 case MH_CIGAM:
435 case MH_CIGAM_64:
436 return flip(header.filetype);
437 break;
438 case FAT_MAGIC:
439 case FAT_CIGAM:
440 {
441 const fat_arch *arch1 =
442 LowLevelMemoryUtilities::increment<fat_arch>(&header, sizeof(fat_header));
443 if (fd.read(&header, sizeof(header), ntohl(arch1->offset)) != sizeof(header))
444 return 0;
445 continue;
446 }
447 default:
448 return 0;
449 }
450 }
451 }
452
453
454 } // Security
mirror of libsecurity_codesigning