[apple/security.git] / libsecurity_cdsa_utilities / lib / acl_codesigning.cpp

/*
 * Copyright (c) 2000-2006 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// acl_codesigning - ACL subject for signature of calling application
//
#include <security_cdsa_utilities/acl_codesigning.h>
#include <security_cdsa_utilities/cssmdata.h>
#include <security_utilities/endian.h>
#include <algorithm>


//
// Code signature credentials are validated globally - they are entirely
// a feature of "the" process (defined by the environment), and take no
// samples whatsoever.
//
bool CodeSignatureAclSubject::validate(const AclValidationContext &context) const
{
	// a suitable environment is required for a match
    if (Environment *env = context.environment<Environment>())
			return env->verifyCodeSignature(*this, context);
	else
		return false;
}


//
// Make a copy of this subject in CSSM_LIST form.
// The format is (head), (type code: Wordid), (signature data: datum), (comment: datum)
//
CssmList CodeSignatureAclSubject::toList(Allocator &alloc) const
{
	assert(path().find('\0') == string::npos);	// no embedded nulls in path
	uint32_t type = CSSM_ACL_CODE_SIGNATURE_OSX;
	TypedList list(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE,
		new(alloc) ListElement(type),
		new(alloc) ListElement(alloc, CssmData::wrap(legacyHash(), SHA1::digestLength)),
		new(alloc) ListElement(alloc, CssmData::wrap(path().c_str(), path().size() + 1)));
	if (requirement()) {
		CFRef<CFDataRef> reqData;
		MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
		list += new(alloc) ListElement(alloc,
			CssmData::wrap(CFDataGetBytePtr(reqData), CFDataGetLength(reqData)));
	}
	for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++)
		list += new(alloc) ListElement(alloc, CssmData(*it->second));
	return list;
}


//
// Create a CodeSignatureAclSubject
//
CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const TypedList &list) const
{
	// there once was a format with only a hash (length 2+1). It is no longer supported
	unsigned total = list.length();		// includes subject type header
	if (total >= 3 + 1
		&& list[1].is(CSSM_LIST_ELEMENT_WORDID)		// [1] == signature type
		&& list[1] == CSSM_ACL_CODE_SIGNATURE_OSX
		&& list[2].is(CSSM_LIST_ELEMENT_DATUM)		// [2] == legacy hash
		&& list[2].data().length() == SHA1::digestLength
		&& list[3].is(CSSM_LIST_ELEMENT_DATUM)) {
		// structurally okay
		CodeSignatureAclSubject *subj =
			new CodeSignatureAclSubject(list[2].data().interpretedAs<const SHA1::Byte>(),
				list[3].data().interpretedAs<const char>());
		for (unsigned n = 3 + 1; n < total; n++) {
			if (list[n].is(CSSM_LIST_ELEMENT_DATUM)) {
				const BlobCore *blob = list[n].data().interpretedAs<const BlobCore>();
				if (blob->length() < sizeof(BlobCore)) {
					secdebug("csblob", "runt blob (0x%x/%zd) slot %d in CSSM_LIST",
						blob->magic(), blob->length(), n);
					CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
				} else if (blob->length() != list[n].data().length()) {
					secdebug("csblob", "badly sized blob (0x%x/%zd) slot %d in CSSM_LIST",
						blob->magic(), blob->length(), n);
					CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
				}
				subj->add(blob);
			} else
				CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
		}
		return subj;
	} else
		CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
}

CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Version version,
	Reader &pub, Reader &priv) const
{
	assert(version == 0);
	Endian<uint32> sigType; pub(sigType);
	const void *data; size_t length; pub.countedData(data, length);
	const void *commentData; size_t commentLength; pub.countedData(commentData, commentLength);
	if (sigType == CSSM_ACL_CODE_SIGNATURE_OSX
		&& length == SHA1::digestLength) {
		return make((const SHA1::Byte *)data, CssmData::wrap(commentData, commentLength));
	}
	CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
}

CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const SHA1::Byte *hash,
	const CssmData &commentBag) const
{
	using namespace LowLevelMemoryUtilities;
	const char *path = commentBag.interpretedAs<const char>();
	CodeSignatureAclSubject *subj = new CodeSignatureAclSubject(hash, path);
	for (const BlobCore *blob = increment<BlobCore>(commentBag.data(), alignUp(strlen(path) + 1, commentBagAlignment));
			blob < commentBag.end();
			blob = increment<const BlobCore>(blob, alignUp(blob->length(), commentBagAlignment))) {
		size_t leftInBag = difference(commentBag.end(), blob);
		if (leftInBag < sizeof(BlobCore) || blob->length() < sizeof(BlobCore) || blob->length() > leftInBag) {
			secdebug("csblob", "invalid blob (0x%x/%zd) [%zd in bag] in code signing ACL for %s - stopping scan",
				blob->magic(), blob->length(), leftInBag, subj->path().c_str());
			break;	// can't trust anything beyond this blob
		}
		subj->add(blob);
	}
	return subj;
}


//
// Export the subject to a memory blob
//
void CodeSignatureAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
{
	using LowLevelMemoryUtilities::alignUp;
	assert(path().find('\0') == string::npos);	// no embedded nulls in path
	Endian<uint32> sigType = CSSM_ACL_CODE_SIGNATURE_OSX; pub(sigType);
	pub.countedData(legacyHash(), SHA1::digestLength);
	size_t size = path().size() + 1;
	if (requirement()) {
		CFRef<CFDataRef> reqData;
		MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
		size = alignUp(size, commentBagAlignment) + CFDataGetLength(reqData);
	}
	for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++) {
		size = alignUp(size, commentBagAlignment) + it->second->length();
	}
	pub.countedData(NULL, size);
}

void CodeSignatureAclSubject::exportBlob(Writer &pub, Writer &priv)
{
	using LowLevelMemoryUtilities::alignUp;
	Endian<uint32> sigType = CSSM_ACL_CODE_SIGNATURE_OSX; pub(sigType);
	pub.countedData(legacyHash(), SHA1::digestLength);
	CssmAutoData commentBag(Allocator::standard(), path().c_str(), path().size() + 1);
	static const uint32_t zero = 0;
	if (requirement()) {
		CFRef<CFDataRef> reqData;
		MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
		commentBag.append(&zero,
			alignUp(commentBag.length(), commentBagAlignment) - commentBag.length());
		commentBag.append(CFDataGetBytePtr(reqData), CFDataGetLength(reqData));
	}
	for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++) {
		commentBag.append(&zero,
			alignUp(commentBag.length(), commentBagAlignment) - commentBag.length());
		commentBag.append(CssmData(*it->second));
	}
	pub.countedData(commentBag);
}


#ifdef DEBUGDUMP

void CodeSignatureAclSubject::debugDump() const
{
	Debug::dump("CodeSigning ");
	OSXVerifier::dump();
}

#endif //DEBUGDUMP
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2000-2006 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// acl_codesigning - ACL subject for signature of calling application
	27	//
	28	#include <security_cdsa_utilities/acl_codesigning.h>
	29	#include <security_cdsa_utilities/cssmdata.h>
	30	#include <security_utilities/endian.h>
	31	#include <algorithm>
	32
	33
	34	//
	35	// Code signature credentials are validated globally - they are entirely
	36	// a feature of "the" process (defined by the environment), and take no
	37	// samples whatsoever.
	38	//
	39	bool CodeSignatureAclSubject::validate(const AclValidationContext &context) const
	40	{
	41	// a suitable environment is required for a match
	42	if (Environment *env = context.environment<Environment>())
	43	return env->verifyCodeSignature(*this, context);
	44	else
	45	return false;
	46	}
	47
	48
	49	//
	50	// Make a copy of this subject in CSSM_LIST form.
	51	// The format is (head), (type code: Wordid), (signature data: datum), (comment: datum)
	52	//
	53	CssmList CodeSignatureAclSubject::toList(Allocator &alloc) const
	54	{
	55	assert(path().find('\0') == string::npos); // no embedded nulls in path
	56	uint32_t type = CSSM_ACL_CODE_SIGNATURE_OSX;
	57	TypedList list(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE,
	58	new(alloc) ListElement(type),
	59	new(alloc) ListElement(alloc, CssmData::wrap(legacyHash(), SHA1::digestLength)),
	60	new(alloc) ListElement(alloc, CssmData::wrap(path().c_str(), path().size() + 1)));
	61	if (requirement()) {
	62	CFRef<CFDataRef> reqData;
	63	MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
	64	list += new(alloc) ListElement(alloc,
65	CssmData::wrap(CFDataGetBytePtr(reqData), CFDataGetLength(reqData)));
66	}
67	for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++)
68	list += new(alloc) ListElement(alloc, CssmData(*it->second));
69	return list;
70	}
71
72
73	//
74	// Create a CodeSignatureAclSubject
75	//
76	CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const TypedList &list) const
77	{
78	// there once was a format with only a hash (length 2+1). It is no longer supported
79	unsigned total = list.length(); // includes subject type header
80	if (total >= 3 + 1
81	&& list[1].is(CSSM_LIST_ELEMENT_WORDID) // [1] == signature type
82	&& list[1] == CSSM_ACL_CODE_SIGNATURE_OSX
83	&& list[2].is(CSSM_LIST_ELEMENT_DATUM) // [2] == legacy hash
84	&& list[2].data().length() == SHA1::digestLength
85	&& list[3].is(CSSM_LIST_ELEMENT_DATUM)) {
86	// structurally okay
87	CodeSignatureAclSubject *subj =
88	new CodeSignatureAclSubject(list[2].data().interpretedAs<const SHA1::Byte>(),
89	list[3].data().interpretedAs<const char>());
90	for (unsigned n = 3 + 1; n < total; n++) {
91	if (list[n].is(CSSM_LIST_ELEMENT_DATUM)) {
92	const BlobCore *blob = list[n].data().interpretedAs<const BlobCore>();
93	if (blob->length() < sizeof(BlobCore)) {
94	secdebug("csblob", "runt blob (0x%x/%zd) slot %d in CSSM_LIST",
95	blob->magic(), blob->length(), n);
96	CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
97	} else if (blob->length() != list[n].data().length()) {
98	secdebug("csblob", "badly sized blob (0x%x/%zd) slot %d in CSSM_LIST",
99	blob->magic(), blob->length(), n);
100	CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
101	}
102	subj->add(blob);
103	} else
104	CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
105	}
106	return subj;
107	} else
108	CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
109	}
110
111	CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Version version,
112	Reader &pub, Reader &priv) const
113	{
114	assert(version == 0);
115	Endian<uint32> sigType; pub(sigType);
116	const void *data; size_t length; pub.countedData(data, length);
117	const void *commentData; size_t commentLength; pub.countedData(commentData, commentLength);
118	if (sigType == CSSM_ACL_CODE_SIGNATURE_OSX
119	&& length == SHA1::digestLength) {
120	return make((const SHA1::Byte *)data, CssmData::wrap(commentData, commentLength));
121	}
122	CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
123	}
124
125	CodeSignatureAclSubject CodeSignatureAclSubject::Maker::make(const SHA1::Byte hash,
126	const CssmData &commentBag) const
127	{
128	using namespace LowLevelMemoryUtilities;
129	const char *path = commentBag.interpretedAs<const char>();
130	CodeSignatureAclSubject *subj = new CodeSignatureAclSubject(hash, path);
131	for (const BlobCore *blob = increment<BlobCore>(commentBag.data(), alignUp(strlen(path) + 1, commentBagAlignment));
132	blob < commentBag.end();
133	blob = increment<const BlobCore>(blob, alignUp(blob->length(), commentBagAlignment))) {
134	size_t leftInBag = difference(commentBag.end(), blob);
135	if (leftInBag < sizeof(BlobCore) \|\| blob->length() < sizeof(BlobCore) \|\| blob->length() > leftInBag) {
136	secdebug("csblob", "invalid blob (0x%x/%zd) [%zd in bag] in code signing ACL for %s - stopping scan",
137	blob->magic(), blob->length(), leftInBag, subj->path().c_str());
138	break; // can't trust anything beyond this blob
139	}
140	subj->add(blob);
141	}
142	return subj;
143	}
144
145
146	//
147	// Export the subject to a memory blob
148	//
149	void CodeSignatureAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
150	{
151	using LowLevelMemoryUtilities::alignUp;
152	assert(path().find('\0') == string::npos); // no embedded nulls in path
153	Endian<uint32> sigType = CSSM_ACL_CODE_SIGNATURE_OSX; pub(sigType);
154	pub.countedData(legacyHash(), SHA1::digestLength);
155	size_t size = path().size() + 1;
156	if (requirement()) {
157	CFRef<CFDataRef> reqData;
158	MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
159	size = alignUp(size, commentBagAlignment) + CFDataGetLength(reqData);
160	}
161	for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++) {
162	size = alignUp(size, commentBagAlignment) + it->second->length();
163	}
164	pub.countedData(NULL, size);
165	}
166
167	void CodeSignatureAclSubject::exportBlob(Writer &pub, Writer &priv)
168	{
169	using LowLevelMemoryUtilities::alignUp;
170	Endian<uint32> sigType = CSSM_ACL_CODE_SIGNATURE_OSX; pub(sigType);
171	pub.countedData(legacyHash(), SHA1::digestLength);
172	CssmAutoData commentBag(Allocator::standard(), path().c_str(), path().size() + 1);
173	static const uint32_t zero = 0;
174	if (requirement()) {
175	CFRef<CFDataRef> reqData;
176	MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
177	commentBag.append(&zero,
178	alignUp(commentBag.length(), commentBagAlignment) - commentBag.length());
179	commentBag.append(CFDataGetBytePtr(reqData), CFDataGetLength(reqData));
180	}
181	for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++) {
182	commentBag.append(&zero,
183	alignUp(commentBag.length(), commentBagAlignment) - commentBag.length());
184	commentBag.append(CssmData(*it->second));
185	}
186	pub.countedData(commentBag);
187	}
188
189
190	#ifdef DEBUGDUMP
191
192	void CodeSignatureAclSubject::debugDump() const
193	{
194	Debug::dump("CodeSigning ");
195	OSXVerifier::dump();
196	}
197
198	#endif //DEBUGDUMP