X-Git-Url: https://git.saurik.com/apple/libsecurity_codesigning.git/blobdiff_plain/516ae4771041b50b4461674fd622f46f053aa4bc..f60086fcc38b96c965d923d8ba057d01d516f6d1:/requirements.grammar diff --git a/requirements.grammar b/requirements.grammar index 45827a4..f6972e7 100644 --- a/requirements.grammar +++ b/requirements.grammar @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved. + * Copyright (c) 2006-2008 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -104,16 +104,35 @@ options { memcpy(hash, hexString(s).data(), SHA1::digestLength); } - void RequirementParser::certMatchOperation(Maker &maker, int slot, string key) + static const char *matchPrefix(const string &key, const char *prefix) { - if (!key.compare(0, 8, "subject.", 0, 8)) { + unsigned pLength = strlen(prefix); + if (!key.compare(0, pLength, prefix, 0, pLength)) + return key.c_str() + pLength; + else + return NULL; + } + + void RequirementParser::certMatchOperation(Maker &maker, int32_t slot, string key) + { + if (matchPrefix(key, "subject.")) { maker.put(opCertField); maker.put(slot); maker.put(key); - } else if (!key.compare(0, 6, "field.", 0, 6)) { + } else if (const char *oids = matchPrefix(key, "field.")) { + maker.put(opCertGeneric); + maker.put(slot); + CssmAutoData oid(Allocator::standard()); oid.fromOid(oids); + maker.putData(oid.data(), oid.length()); + } else if (const char *oids = matchPrefix(key, "extension.")) { maker.put(opCertGeneric); maker.put(slot); - CssmAutoData oid(Allocator::standard()); oid.fromOid(key.c_str() + 6); + CssmAutoData oid(Allocator::standard()); oid.fromOid(oids); + maker.putData(oid.data(), oid.length()); + } else if (const char *oids = matchPrefix(key, "policy.")) { + maker.put(opCertPolicy); + maker.put(slot); + CssmAutoData oid(Allocator::standard()); oid.fromOid(oids); maker.putData(oid.data(), oid.length()); } else { throw antlr::SemanticException(key + ": unrecognized certificate field"); @@ -137,7 +156,7 @@ public: private: static string hexString(const string &s); static void hashString(const string &s, SHA1::Digest hash); - void certMatchOperation(Maker &maker, int slot, string key); + void certMatchOperation(Maker &maker, int32_t slot, string key); } @@ -173,6 +192,8 @@ requirementType returns [uint32_t type = kSecInvalidRequirementType] { type = kSecDesignatedRequirementType; } | "library" { type = kSecLibraryRequirementType; } + | "plugin" + { type = kSecPluginRequirementType; } | stype:INTEGER { type = atol(stype->getText().c_str()); } ; @@ -199,12 +220,12 @@ requirementElement returns [Requirement *result = NULL] // expr[Maker &maker] { Maker::Label label(maker); } - : term[maker] ( "and" { maker.insert(label) = opAnd; } term[maker] )* + : term[maker] ( "or" { maker.insert(label) = opOr; } term[maker] )* ; term[Maker &maker] { Maker::Label label(maker); } - : primary[maker] ( "or" { maker.insert(label) = opOr; } primary[maker] )* + : primary[maker] ( "and" { maker.insert(label) = opAnd; } primary[maker] )* ; primary[Maker &maker] @@ -221,6 +242,8 @@ primary[Maker &maker] { maker.ident(code); } | "cdhash" { SHA1::Digest digest; } eql hash[digest] { maker.cdhash(digest); } + | LPAREN { string name; } name=identifierString RPAREN + { maker.put(opNamedCode); maker.put(name); } ; @@ -233,7 +256,7 @@ certspec[Maker &maker] { maker.put(opAppleGenericAnchor); } | ( "certificate" | "cert" | "anchor" ) "trusted" { maker.trustedAnchor(); } - | ( "certificate" | "cert" ) { int slot; } slot=certSlot + | ( "certificate" | "cert" ) { int32_t slot; } slot=certSlot ( certslotspec[maker, slot] | "trusted" { maker.trustedAnchor(slot); } ) | "anchor" certslotspec[maker, Requirement::anchorCert] ; @@ -243,9 +266,11 @@ appleanchor[Maker &maker] { maker.put(opAppleAnchor); } | "generic" { maker.put(opAppleGenericAnchor); } +| | { string name; } name=identifierString + { maker.put(opNamedAnchor); maker.put(name); } ; -certslotspec[Maker &maker, int slot] { string key; } +certslotspec[Maker &maker, int32_t slot] { string key; } : eql { SHA1::Digest digest; } certificateDigest[digest] { maker.anchor(slot, digest); } | key=bracketKey @@ -303,9 +328,9 @@ bracketKey returns [string key] ; // -// A certSlot identifiers one certificate from the certificate chain +// A certSlot identifies one certificate from the certificate chain // -certSlot returns [int slot] +certSlot returns [int32_t slot = 0] : s:INTEGER // counting from the anchor up { slot = atol(s->getText().c_str()); } | NEG ss:INTEGER // counting from the leaf down