]> git.saurik.com Git - apple/libsecurity_codesigning.git/blob - lib/signerutils.cpp
projects / apple / libsecurity_codesigning.git / blob
? search:


f1264f5db344764fb15e40b80b22c19708799a17
[apple/libsecurity_codesigning.git] / lib / signerutils.cpp
1 /*
2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // signerutils - utilities for signature generation
26 //
27 #include "signerutils.h"
28 #include "signer.h"
29 #include "SecCodeSigner.h"
30 #include <Security/SecIdentity.h>
31 #include <Security/CMSEncoder.h>
32 #include "renum.h"
33 #include "csutilities.h"
34 #include <security_utilities/unix++.h>
35 #include <security_utilities/unixchild.h>
36 #include <vector>
37
38 // for helper validation
39 #include "Code.h"
40 #include <security_utilities/cfmunge.h>
41 #include <sys/codesign.h>
42
43
44 namespace Security {
45 namespace CodeSigning {
46
47
48 //
49 // About the Mach-O allocation helper
50 //
51 static const char helperName[] = "codesign_allocate";
52 static const char helperPath[] = "/usr/bin/codesign_allocate";
53 static const char helperOverride[] = "CODESIGN_ALLOCATE";
54 static const size_t csAlign = 16;
55
56
57 //
58 // BlobWriters
59 //
60 void BlobWriter::component(CodeDirectory::SpecialSlot slot, CFDataRef data)
61 {
62 return EmbeddedSignatureBlob::Maker::component(slot, data);
63 }
64
65
66 void DetachedBlobWriter::flush()
67 {
68 EmbeddedSignatureBlob *blob = this->make();
69 signer.code->detachedSignature(makeCFData(*blob));
70 signer.state.returnDetachedSignature(blob, signer);
71 ::free(blob);
72 }
73
74
75 //
76 // ArchEditor
77 //
78 ArchEditor::ArchEditor(Universal &code, CodeDirectory::HashAlgorithm hashType, uint32_t attrs)
79 : DiskRep::Writer(attrs)
80 {
81 Universal::Architectures archList;
82 code.architectures(archList);
83 for (Universal::Architectures::const_iterator it = archList.begin();
84 it != archList.end(); ++it)
85 architecture[*it] = new Arch(*it, hashType);
86 }
87
88
89 ArchEditor::~ArchEditor()
90 {
91 for (ArchMap::iterator it = begin(); it != end(); ++it)
92 delete it->second;
93 }
94
95
96 //
97 // BlobEditor
98 //
99 BlobEditor::BlobEditor(Universal &fat, SecCodeSigner::Signer &s)
100 : ArchEditor(fat, s.digestAlgorithm(), 0), signer(s)
101 { }
102
103
104 void BlobEditor::component(CodeDirectory::SpecialSlot slot, CFDataRef data)
105 {
106 mGlobal.component(slot, data);
107 }
108
109 void BlobEditor::write(Arch &arch, EmbeddedSignatureBlob *blob)
110 {
111 mMaker.add(arch.architecture.cpuType(), blob);
112 }
113
114
115 void BlobEditor::commit()
116 {
117 // create the architecture-global blob and store it into the superblob
118 mMaker.add(0, mGlobal.make()); // takes ownership of blob
119
120 // finish up the superblob and deliver it
121 DetachedSignatureBlob *blob = mMaker.make();
122 signer.state.returnDetachedSignature(blob, signer);
123 ::free(blob);
124 }
125
126
127 //
128 // MachOEditor's allocate() method spawns the codesign_allocate helper tool to
129 // "drill up" the Mach-O binary for insertion of Code Signing signature data.
130 // After the tool succeeds, we open the new file and are ready to write it.
131 //
132 MachOEditor::MachOEditor(DiskRep::Writer *w, Universal &code, CodeDirectory::HashAlgorithm hashType, std::string srcPath)
133 : ArchEditor(code, hashType, w->attributes()),
134 writer(w),
135 sourcePath(srcPath),
136 tempPath(srcPath + ".cstemp"),
137 mNewCode(NULL),
138 mTempMayExist(false)
139 {
140 if (const char *path = getenv(helperOverride)) {
141 mHelperPath = path;
142 mHelperOverridden = true;
143 } else {
144 mHelperPath = helperPath;
145 mHelperOverridden = false;
146 }
147 }
148
149 MachOEditor::~MachOEditor()
150 {
151 delete mNewCode;
152 if (mTempMayExist)
153 ::remove(tempPath.c_str()); // ignore error (can't do anything about it)
154 this->kill();
155 }
156
157
158 void MachOEditor::component(CodeDirectory::SpecialSlot slot, CFDataRef data)
159 {
160 writer->component(slot, data);
161 }
162
163
164 void MachOEditor::allocate()
165 {
166 // note that we may have a temporary file from now on (for cleanup in the error case)
167 mTempMayExist = true;
168
169 // run codesign_allocate to make room in the executable file
170 fork();
171 wait();
172 if (!Child::succeeded())
173 UnixError::throwMe(ENOEXEC); //@@@ how to signal "it din' work"?
174
175 // open the new (temporary) Universal file
176 {
177 UidGuard guard(0);
178 mFd.open(tempPath, O_RDWR);
179 }
180 mNewCode = new Universal(mFd);
181 }
182
183 static const unsigned char appleReq[] = {
184 // anchor apple and info["Application-Group"] = "com.apple.tool.codesign_allocate"
185 0xfa, 0xde, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x06,
186 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x11, 0x41, 0x70, 0x70, 0x6c,
187 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2d, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x00, 0x00, 0x00,
188 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x20, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x70, 0x70, 0x6c,
189 0x65, 0x2e, 0x74, 0x6f, 0x6f, 0x6c, 0x2e, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x5f,
190 0x61, 0x6c, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65,
191 };
192
193 void MachOEditor::parentAction()
194 {
195 if (mHelperOverridden) {
196 CODESIGN_ALLOCATE_VALIDATE((char*)mHelperPath, this->pid());
197 // check code identity of an overridden allocation helper
198 SecPointer<SecStaticCode> code = new SecStaticCode(DiskRep::bestGuess(mHelperPath));
199 code->validateDirectory();
200 code->validateExecutable();
201 code->validateResources();
202 code->validateRequirement((const Requirement *)appleReq, errSecCSReqFailed);
203 }
204 }
205
206 void MachOEditor::childAction()
207 {
208 vector<const char *> arguments;
209 arguments.push_back(helperName);
210 arguments.push_back("-i");
211 arguments.push_back(sourcePath.c_str());
212 arguments.push_back("-o");
213 arguments.push_back(tempPath.c_str());
214
215 for (Iterator it = architecture.begin(); it != architecture.end(); ++it) {
216 size_t size = LowLevelMemoryUtilities::alignUp(it->second->blobSize, csAlign);
217 char *ssize; // we'll leak this (execv is coming soon)
218 asprintf(&ssize, "%zd", size);
219
220 if (const char *arch = it->first.name()) {
221 CODESIGN_ALLOCATE_ARCH((char*)arch, size);
222 arguments.push_back("-a");
223 arguments.push_back(arch);
224 } else {
225 CODESIGN_ALLOCATE_ARCHN(it->first.cpuType(), it->first.cpuSubtype(), size);
226 arguments.push_back("-A");
227 char *anum;
228 asprintf(&anum, "%d", it->first.cpuType());
229 arguments.push_back(anum);
230 asprintf(&anum, "%d", it->first.cpuSubtype());
231 arguments.push_back(anum);
232 }
233 arguments.push_back(ssize);
234 }
235 arguments.push_back(NULL);
236
237 if (mHelperOverridden)
238 ::csops(0, CS_EXEC_SET_KILL, NULL, 0); // force code integrity
239 ::seteuid(0); // activate privilege if caller has it; ignore error if not
240 execv(mHelperPath, (char * const *)&arguments[0]);
241 }
242
243 void MachOEditor::reset(Arch &arch)
244 {
245 arch.source.reset(mNewCode->architecture(arch.architecture));
246 arch.cdbuilder.reopen(tempPath,
247 arch.source->offset(), arch.source->signingOffset());
248 }
249
250
251 //
252 // MachOEditor's write() method actually writes the blob into the CODESIGNING section
253 // of the executable image file.
254 //
255 void MachOEditor::write(Arch &arch, EmbeddedSignatureBlob *blob)
256 {
257 if (size_t offset = arch.source->signingOffset()) {
258 size_t signingLength = arch.source->signingLength();
259 CODESIGN_ALLOCATE_WRITE((char*)arch.architecture.name(), offset, blob->length(), signingLength);
260 if (signingLength < blob->length())
261 MacOSError::throwMe(errSecCSCMSTooLarge);
262 arch.source->seek(offset);
263 arch.source->writeAll(*blob);
264 ::free(blob); // done with it
265 } else {
266 secdebug("signer", "%p cannot find CODESIGNING section", this);
267 MacOSError::throwMe(errSecCSInternalError);
268 }
269 }
270
271
272 //
273 // Commit the edit.
274 // This moves the temporary editor copy over the source image file.
275 // Note that the Universal object returned by allocate() is still open
276 // and valid; the caller owns it.
277 //
278 void MachOEditor::commit()
279 {
280 // if the file's owned by someone else *and* we can become root...
281 struct stat st;
282 UnixError::check(::stat(sourcePath.c_str(), &st));
283
284 // copy over all the *other* stuff
285 Copyfile copy;
286 int fd = mFd;
287 copy.set(COPYFILE_STATE_DST_FD, &fd);
288 {
289 // perform copy under root or file-owner privileges if available
290 UidGuard guard;
291 if (!guard.seteuid(0))
292 guard.seteuid(st.st_uid);
293
294 // copy metadata from original file...
295 copy(sourcePath.c_str(), NULL, COPYFILE_SECURITY | COPYFILE_METADATA);
296
297 // ... but explicitly update the timestamps since we did change the file
298 char buf;
299 mFd.read(&buf, sizeof(buf), 0);
300 mFd.write(&buf, sizeof(buf), 0);
301
302 // move the new file into place
303 UnixError::check(::rename(tempPath.c_str(), sourcePath.c_str()));
304 mTempMayExist = false; // we renamed it away
305 }
306 }
307
308
309 } // end namespace CodeSigning
310 } // end namespace Security
mirror of libsecurity_codesigning