[apple/security.git] / OSX / libsecurity_codesigning / lib / csutilities.h

/*
 * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// csutilities - miscellaneous utilities for the code signing implementation
//
// This is a collection of odds and ends that wouldn't fit anywhere else.
// The common theme is that the contents are otherwise naturally homeless.
//
#ifndef _H_CSUTILITIES
#define _H_CSUTILITIES

#include <Security/Security.h>
#include <security_utilities/dispatch.h>
#include <security_utilities/hashing.h>
#include <security_utilities/unix++.h>
#if TARGET_OS_OSX
#include <security_cdsa_utilities/cssmdata.h>
#endif
#include <copyfile.h>
#include <asl.h>
#include <cstdarg>

namespace Security {
namespace CodeSigning {


//
// Test for the canonical Apple CA certificate
//
bool isAppleCA(SecCertificateRef cert);


//
// Calculate canonical hashes of certificate.
// This is simply defined as (always) the SHA1 hash of the DER.
//
void hashOfCertificate(const void *certData, size_t certLength, SHA1::Digest digest);
void hashOfCertificate(SecCertificateRef cert, SHA1::Digest digest);
bool verifyHash(SecCertificateRef cert, const Hashing::Byte *digest);

	
inline size_t scanFileData(UnixPlusPlus::FileDesc fd, size_t limit, void (^handle)(const void *buffer, size_t size))
{
	UnixPlusPlus::FileDesc::UnixStat st;
	size_t total = 0;
	unsigned char *buffer = NULL;

	try {
		fd.fstat(st);
		size_t bufSize = MAX(64 * 1024, st.st_blksize);
		buffer = (unsigned char *)valloc(bufSize);
		if (!buffer)
			return 0;

		for (;;) {
			size_t size = bufSize;
			if (limit && limit < size)
				size = limit;
			size_t got = fd.read(buffer, size);
			total += got;
			if (fd.atEnd())
				break;
			handle(buffer, got);
			if (limit && (limit -= got) == 0)
				break;
		}
	}
	catch(...) {
		/* don't leak this on error */
		if (buffer)
			free(buffer);
		throw;
	}
	
	free(buffer);
	return total;
}


//
// Calculate hashes of (a section of) a file.
// Starts at the current file position.
// Extends to end of file, or (if limit > 0) at most limit bytes.
// Returns number of bytes digested.
//
template <class _Hash>
size_t hashFileData(UnixPlusPlus::FileDesc fd, _Hash *hasher, size_t limit = 0)
{
	return scanFileData(fd, limit, ^(const void *buffer, size_t size) {
		hasher->update(buffer, size);
	});
}

template <class _Hash>
size_t hashFileData(const char *path, _Hash *hasher)
{
	UnixPlusPlus::AutoFileDesc fd(path);
	return hashFileData(fd, hasher);
}
	

//
// Check to see if a certificate contains a particular field, by OID. This works for extensions,
// even ones not recognized by the local CL. It does not return any value, only presence.
//

#if TARGET_OS_OSX
bool certificateHasField(SecCertificateRef cert, const CSSM_OID &oid);
bool certificateHasPolicy(SecCertificateRef cert, const CSSM_OID &policyOid);
#endif

//
// Encapsulation of the copyfile(3) API.
// This is slated to go into utilities once stable.
//
class Copyfile {
public:
	Copyfile();
	~Copyfile()	{ copyfile_state_free(mState); }
	
	operator copyfile_state_t () const { return mState; }
	
	void set(uint32_t flag, const void *value);
	void get(uint32_t flag, void *value);
	
	void operator () (const char *src, const char *dst, copyfile_flags_t flags);

private:
	void check(int rc);
	
private:
	copyfile_state_t mState;
};


//
// MessageTracer support
//
class MessageTrace {
public:
	MessageTrace(const char *domain, const char *signature);
	~MessageTrace() { ::asl_free(mAsl); }
	void add(const char *key, const char *format, ...) __attribute__((format(printf,3,4)));
	void send(const char *format, ...) __attribute__((format(printf,2,3)));

private:
	aslmsg mAsl;
};


//
// A reliable uid set/reset bracket
//
class UidGuard {
public:
	UidGuard() : mPrevious(-1) { }
	UidGuard(uid_t uid) : mPrevious(-1) { (void)seteuid(uid); }
	~UidGuard()
	{
		if (active())
			UnixError::check(::seteuid(mPrevious));
	}
	
	bool seteuid(uid_t uid)
	{
		if (uid == geteuid())
			return true;	// no change, don't bother the kernel
		if (!active())
			mPrevious = ::geteuid();
		return ::seteuid(uid) == 0;
	}
	
	bool active() const { return mPrevious != uid_t(-1); }
	operator bool () const { return active(); }
	uid_t saved() const { assert(active()); return mPrevious; }

private:
	uid_t mPrevious;
};


// This class provides resource limited parallelization,
// used for work on nested bundles (e.g. signing or validating them).

// We only spins off async workers if they are available right now,
// otherwise we continue synchronously in the current thread.
// This is important because we must progress at all times, otherwise
// deeply nested bundles will deadlock on waiting for resource validation,
// with no available workers to actually do so.
// Their nested resources, however, may again spin off async workers if
// available.

class LimitedAsync {
	NOCOPY(LimitedAsync)
public:
	LimitedAsync(bool async);
	LimitedAsync(LimitedAsync& limitedAsync);
	virtual ~LimitedAsync();

	bool perform(Dispatch::Group &groupRef, void (^block)());

private:
	Dispatch::Semaphore *mResourceSemaphore;
};


} // end namespace CodeSigning
} // end namespace Security

#endif // !_H_CSUTILITIES
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// csutilities - miscellaneous utilities for the code signing implementation
	26	//
	27	// This is a collection of odds and ends that wouldn't fit anywhere else.
	28	// The common theme is that the contents are otherwise naturally homeless.
	29	//
	30	#ifndef _H_CSUTILITIES
	31	#define _H_CSUTILITIES
	32
	33	#include <Security/Security.h>
d87e1158	34	#include <security_utilities/dispatch.h>
b1ab9ed8 A	35	#include <security_utilities/hashing.h>
b1ab9ed8 A	36	#include <security_utilities/unix++.h>
866f8763	37	#if TARGET_OS_OSX
b1ab9ed8	38	#include <security_cdsa_utilities/cssmdata.h>
866f8763	39	#endif
b1ab9ed8 A	40	#include <copyfile.h>
	41	#include <asl.h>
	42	#include <cstdarg>
	43
	44	namespace Security {
	45	namespace CodeSigning {
	46
	47
313fa17b A	48	//
	49	// Test for the canonical Apple CA certificate
	50	//
	51	bool isAppleCA(SecCertificateRef cert);
313fa17b A	52
313fa17b A	53
b1ab9ed8 A	54	//
	55	// Calculate canonical hashes of certificate.
	56	// This is simply defined as (always) the SHA1 hash of the DER.
	57	//
	58	void hashOfCertificate(const void *certData, size_t certLength, SHA1::Digest digest);
	59	void hashOfCertificate(SecCertificateRef cert, SHA1::Digest digest);
313fa17b	60	bool verifyHash(SecCertificateRef cert, const Hashing::Byte *digest);
b1ab9ed8	61
e3d460c9 A	62
e3d460c9 A	63	inline size_t scanFileData(UnixPlusPlus::FileDesc fd, size_t limit, void (^handle)(const void *buffer, size_t size))
b1ab9ed8	64	{
866f8763	65	UnixPlusPlus::FileDesc::UnixStat st;
b1ab9ed8	66	size_t total = 0;
866f8763 A	67	unsigned char *buffer = NULL;
	68
	69	try {
	70	fd.fstat(st);
	71	size_t bufSize = MAX(64 * 1024, st.st_blksize);
	72	buffer = (unsigned char *)valloc(bufSize);
	73	if (!buffer)
	74	return 0;
	75
	76	for (;;) {
	77	size_t size = bufSize;
	78	if (limit && limit < size)
	79	size = limit;
	80	size_t got = fd.read(buffer, size);
	81	total += got;
	82	if (fd.atEnd())
	83	break;
	84	handle(buffer, got);
	85	if (limit && (limit -= got) == 0)
	86	break;
	87	}
b1ab9ed8	88	}
866f8763 A	89	catch(...) {
	90	/* don't leak this on error */
	91	if (buffer)
	92	free(buffer);
	93	throw;
	94	}
	95
	96	free(buffer);
b1ab9ed8 A	97	return total;
	98	}
	99
e3d460c9 A	100
	101	//
	102	// Calculate hashes of (a section of) a file.
	103	// Starts at the current file position.
	104	// Extends to end of file, or (if limit > 0) at most limit bytes.
	105	// Returns number of bytes digested.
	106	//
	107	template <class _Hash>
	108	size_t hashFileData(UnixPlusPlus::FileDesc fd, _Hash *hasher, size_t limit = 0)
	109	{
	110	return scanFileData(fd, limit, ^(const void *buffer, size_t size) {
	111	hasher->update(buffer, size);
	112	});
	113	}
	114
313fa17b A	115	template <class _Hash>
	116	size_t hashFileData(const char path, _Hash hasher)
	117	{
	118	UnixPlusPlus::AutoFileDesc fd(path);
	119	return hashFileData(fd, hasher);
	120	}
e3d460c9	121
b1ab9ed8 A	122
	123	//
	124	// Check to see if a certificate contains a particular field, by OID. This works for extensions,
	125	// even ones not recognized by the local CL. It does not return any value, only presence.
	126	//
866f8763 A	127
866f8763 A	128	#if TARGET_OS_OSX
b1ab9ed8 A	129	bool certificateHasField(SecCertificateRef cert, const CSSM_OID &oid);
b1ab9ed8 A	130	bool certificateHasPolicy(SecCertificateRef cert, const CSSM_OID &policyOid);
866f8763	131	#endif
b1ab9ed8 A	132
	133	//
	134	// Encapsulation of the copyfile(3) API.
	135	// This is slated to go into utilities once stable.
	136	//
	137	class Copyfile {
	138	public:
	139	Copyfile();
	140	~Copyfile() { copyfile_state_free(mState); }
	141
	142	operator copyfile_state_t () const { return mState; }
	143
	144	void set(uint32_t flag, const void *value);
	145	void get(uint32_t flag, void *value);
	146
	147	void operator () (const char src, const char dst, copyfile_flags_t flags);
	148
	149	private:
	150	void check(int rc);
	151
	152	private:
	153	copyfile_state_t mState;
	154	};
	155
	156
	157	//
	158	// MessageTracer support
	159	//
	160	class MessageTrace {
	161	public:
	162	MessageTrace(const char domain, const char signature);
427c49bc	163	~MessageTrace() { ::asl_free(mAsl); }
866f8763 A	164	void add(const char key, const char format, ...) __attribute__((format(printf,3,4)));
866f8763 A	165	void send(const char *format, ...) __attribute__((format(printf,2,3)));
b1ab9ed8 A	166
	167	private:
	168	aslmsg mAsl;
	169	};
	170
	171
	172	//
	173	// A reliable uid set/reset bracket
	174	//
	175	class UidGuard {
	176	public:
	177	UidGuard() : mPrevious(-1) { }
fa7225c8	178	UidGuard(uid_t uid) : mPrevious(-1) { (void)seteuid(uid); }
b1ab9ed8 A	179	~UidGuard()
	180	{
	181	if (active())
	182	UnixError::check(::seteuid(mPrevious));
	183	}
	184
	185	bool seteuid(uid_t uid)
	186	{
	187	if (uid == geteuid())
	188	return true; // no change, don't bother the kernel
	189	if (!active())
	190	mPrevious = ::geteuid();
	191	return ::seteuid(uid) == 0;
	192	}
	193
	194	bool active() const { return mPrevious != uid_t(-1); }
	195	operator bool () const { return active(); }
	196	uid_t saved() const { assert(active()); return mPrevious; }
	197
	198	private:
	199	uid_t mPrevious;
	200	};
	201
	202
d87e1158 A	203	// This class provides resource limited parallelization,
	204	// used for work on nested bundles (e.g. signing or validating them).
	205
	206	// We only spins off async workers if they are available right now,
	207	// otherwise we continue synchronously in the current thread.
	208	// This is important because we must progress at all times, otherwise
	209	// deeply nested bundles will deadlock on waiting for resource validation,
	210	// with no available workers to actually do so.
	211	// Their nested resources, however, may again spin off async workers if
	212	// available.
	213
	214	class LimitedAsync {
	215	NOCOPY(LimitedAsync)
	216	public:
	217	LimitedAsync(bool async);
	218	LimitedAsync(LimitedAsync& limitedAsync);
	219	virtual ~LimitedAsync();
	220
	221	bool perform(Dispatch::Group &groupRef, void (^block)());
	222
	223	private:
	224	Dispatch::Semaphore *mResourceSemaphore;
	225	};
	226
	227
	228
b1ab9ed8 A	229	} // end namespace CodeSigning
	230	} // end namespace Security
	231
	232	#endif // !_H_CSUTILITIES