]> git.saurik.com Git - apple/libsecurity_codesigning.git/blob - lib/codedirectory.cpp
projects / apple / libsecurity_codesigning.git / blob
? search:


5ce2ff6a9ae21c6a7ee357124568e0874326b05c
[apple/libsecurity_codesigning.git] / lib / codedirectory.cpp
1 /*
2 * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // codedirectory - format and operations for code signing "code directory" structures
26 //
27 #include "codedirectory.h"
28 #include "CSCommon.h"
29
30 using namespace UnixPlusPlus;
31
32
33 namespace Security {
34 namespace CodeSigning {
35
36
37 //
38 // Canonical filesystem names for select slot numbers.
39 // These are variously used for filenames, extended attribute names, etc.
40 // to get some consistency in naming. These are for storing signing-related
41 // data; they have no bearing on the actual hash slots in the CodeDirectory.
42 //
43 const char *CodeDirectory::canonicalSlotName(SpecialSlot slot)
44 {
45 switch (slot) {
46 case cdRequirementsSlot:
47 return kSecCS_REQUIREMENTSFILE;
48 case cdResourceDirSlot:
49 return kSecCS_RESOURCEDIRFILE;
50 case cdCodeDirectorySlot:
51 return kSecCS_CODEDIRECTORYFILE;
52 case cdSignatureSlot:
53 return kSecCS_SIGNATUREFILE;
54 case cdApplicationSlot:
55 return kSecCS_APPLICATIONFILE;
56 case cdEntitlementSlot:
57 return kSecCS_ENTITLEMENTFILE;
58 default:
59 return NULL;
60 }
61 }
62
63
64 //
65 // Canonical attributes of SpecialSlots.
66 //
67 unsigned CodeDirectory::slotAttributes(SpecialSlot slot)
68 {
69 switch (slot) {
70 case cdRequirementsSlot:
71 return cdComponentIsBlob; // global
72 case cdCodeDirectorySlot:
73 return cdComponentPerArchitecture | cdComponentIsBlob;
74 case cdSignatureSlot:
75 return cdComponentPerArchitecture; // raw
76 case cdEntitlementSlot:
77 return cdComponentIsBlob; // global
78 default:
79 return 0; // global, raw
80 }
81 }
82
83
84 //
85 // Symbolic names for code directory special slots.
86 // These are only used for debug output. They are not API-official.
87 // Needs to be coordinated with the cd*Slot enumeration in codedirectory.h.
88 //
89 #if !defined(NDEBUG)
90 const char * const CodeDirectory::debugSlotName[] = {
91 "codedirectory",
92 "info",
93 "requirements",
94 "resources",
95 "application"
96 };
97 #endif //NDEBUG
98
99
100 //
101 // Check the version of this CodeDirectory for basic sanity.
102 // Throws if the directory is corrupted or out of versioning bounds.
103 // Returns if the version is usable (perhaps with degraded features due to
104 // compatibility hacks).
105 //
106 void CodeDirectory::checkVersion() const
107 {
108 if (!this->validateBlob())
109 MacOSError::throwMe(errSecCSSignatureInvalid); // busted
110 if (version > compatibilityLimit)
111 MacOSError::throwMe(errSecCSSignatureUnsupported); // too new - no clue
112 if (version > currentVersion)
113 secdebug("codedir", "%p version 0x%x newer than current 0x%x",
114 this, uint32_t(version), currentVersion);
115 }
116
117
118 //
119 // Validate a slot against data in memory.
120 //
121 bool CodeDirectory::validateSlot(const void *data, size_t length, Slot slot) const
122 {
123 secdebug("codedir", "%p validating slot %d", this, int(slot));
124 Hash::Byte digest[Hash::digestLength];
125 hash(data, length, digest);
126 return memcmp(digest, (*this)[slot], Hash::digestLength) == 0;
127 }
128
129
130 //
131 // Validate a slot against the contents of an open file. At most 'length' bytes
132 // will be read from the file.
133 //
134 bool CodeDirectory::validateSlot(FileDesc fd, size_t length, Slot slot) const
135 {
136 Hash::Digest digest;
137 hash(fd, digest, length);
138 return memcmp(digest, (*this)[slot], Hash::digestLength) == 0;
139 }
140
141
142 //
143 // Check whether a particular slot is present.
144 // Absense is indicated by either a zero hash, or by lying outside
145 // the slot range.
146 //
147 bool CodeDirectory::slotIsPresent(Slot slot) const
148 {
149 if (slot >= -Slot(nSpecialSlots) && slot < Slot(nCodeSlots)) {
150 const Hash::Byte *digest = (*this)[slot];
151 for (unsigned n = 0; n < Hash::digestLength; n++)
152 if (digest[n])
153 return true; // non-zero digest => present
154 }
155 return false; // absent
156 }
157
158
159 //
160 // Hash the next limit bytes of a file and return the digest.
161 // If the file is shorter, hash as much as you can.
162 // Limit==0 means unlimited (to end of file).
163 // Return how many bytes were actually hashed.
164 // Throw on any errors.
165 //
166 size_t CodeDirectory::hash(FileDesc fd, Hash::Byte *digest, size_t limit)
167 {
168 IFDEBUG(size_t hpos = fd.position());
169 IFDEBUG(size_t hlimit = limit);
170 unsigned char buffer[4096];
171 Hash hash;
172 size_t total = 0;
173 for (;;) {
174 size_t size = sizeof(buffer);
175 if (limit && limit < size)
176 size = limit;
177 size_t got = fd.read(buffer, size);
178 total += got;
179 if (fd.atEnd())
180 break;
181 hash(buffer, got);
182 if (limit && (limit -= got) == 0)
183 break;
184 }
185 hash.finish(digest);
186 secdebug("cdhash", "fd %d %zd@0x%zx => %2x.%2x.%2x...",
187 fd.fd(), hpos, hlimit, digest[0], digest[1], digest[2]);
188 return total;
189 }
190
191
192 //
193 // Ditto, but hash a memory buffer instead.
194 //
195 size_t CodeDirectory::hash(const void *data, size_t length, Hash::Byte *digest)
196 {
197 Hash hash;
198 hash(data, length);
199 hash.finish(digest);
200 return length;
201 }
202
203
204 //
205 // Canonical text form for user-settable code directory flags
206 //
207 const CodeDirectory::FlagItem CodeDirectory::flagItems[] = {
208 { "host", kSecCodeSignatureHost, true },
209 { "adhoc", kSecCodeSignatureAdhoc, false },
210 { "hard", kSecCodeSignatureForceHard, true },
211 { "kill", kSecCodeSignatureForceKill, true },
212 { "expires", kSecCodeSignatureForceExpiration, true },
213 { NULL }
214 };
215
216
217 //
218 // Parse a canonical text description of code flags, in the form
219 // flag,...,flag
220 // where each flag can be a prefix of a known flag name.
221 // Internally set flags are not accepted.
222 //
223 uint32_t CodeDirectory::textFlags(std::string text)
224 {
225 uint32_t flags = 0;
226 for (string::size_type comma = text.find(','); ; text = text.substr(comma+1), comma = text.find(',')) {
227 string word = (comma == string::npos) ? text : text.substr(0, comma);
228 const CodeDirectory::FlagItem *item;
229 for (item = CodeDirectory::flagItems; item->name; item++)
230 if (item->external && !strncmp(word.c_str(), item->name, word.size())) {
231 flags |= item->value;
232 break;
233 }
234 if (!item) // not found
235 MacOSError::throwMe(errSecCSInvalidFlags);
236 if (comma == string::npos) // last word
237 break;
238 }
239 return flags;
240 }
241
242
243 } // CodeSigning
244 } // Security
mirror of libsecurity_codesigning