projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| b1ab9ed8 | 1 | /* |
| d8f41ccd | 2 | * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved. |
| b1ab9ed8 A |
3 | * |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| 12 | * | |
| 13 | * The Original Code and all software distributed under the License are | |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| 20 | * | |
| 21 | * @APPLE_LICENSE_HEADER_END@ | |
| 22 | */ | |
| 23 | ||
| 24 | // | |
| 25 | // csutilities - miscellaneous utilities for the code signing implementation | |
| 26 | // | |
| 27 | // This is a collection of odds and ends that wouldn't fit anywhere else. | |
| 28 | // The common theme is that the contents are otherwise naturally homeless. | |
| 29 | // | |
| 30 | #ifndef _H_CSUTILITIES | |
| 31 | #define _H_CSUTILITIES | |
| 32 | ||
| 33 | #include <Security/Security.h> | |
| d87e1158 | 34 | #include <security_utilities/dispatch.h> |
| b1ab9ed8 A |
35 | #include <security_utilities/hashing.h> |
| 36 | #include <security_utilities/unix++.h> | |
| 866f8763 | 37 | #if TARGET_OS_OSX |
| b1ab9ed8 | 38 | #include <security_cdsa_utilities/cssmdata.h> |
| 866f8763 | 39 | #endif |
| b1ab9ed8 A |
40 | #include <copyfile.h> |
| 41 | #include <asl.h> | |
| 42 | #include <cstdarg> | |
| 43 | ||
| 44 | namespace Security { | |
| 45 | namespace CodeSigning { | |
| 46 | ||
| 47 | ||
| 313fa17b A |
48 | // |
| 49 | // Test for the canonical Apple CA certificate | |
| 50 | // | |
| 51 | bool isAppleCA(SecCertificateRef cert); | |
| 313fa17b A |
52 | |
| 53 | ||
| b1ab9ed8 A |
54 | // |
| 55 | // Calculate canonical hashes of certificate. | |
| 56 | // This is simply defined as (always) the SHA1 hash of the DER. | |
| 57 | // | |
| 58 | void hashOfCertificate(const void *certData, size_t certLength, SHA1::Digest digest); | |
| 59 | void hashOfCertificate(SecCertificateRef cert, SHA1::Digest digest); | |
| 313fa17b | 60 | bool verifyHash(SecCertificateRef cert, const Hashing::Byte *digest); |
| b1ab9ed8 | 61 | |
| e3d460c9 A |
62 | |
| 63 | inline size_t scanFileData(UnixPlusPlus::FileDesc fd, size_t limit, void (^handle)(const void *buffer, size_t size)) | |
| b1ab9ed8 | 64 | { |
| 866f8763 | 65 | UnixPlusPlus::FileDesc::UnixStat st; |
| b1ab9ed8 | 66 | size_t total = 0; |
| 866f8763 A |
67 | unsigned char *buffer = NULL; |
| 68 | ||
| 69 | try { | |
| 70 | fd.fstat(st); | |
| 71 | size_t bufSize = MAX(64 * 1024, st.st_blksize); | |
| 72 | buffer = (unsigned char *)valloc(bufSize); | |
| 73 | if (!buffer) | |
| 74 | return 0; | |
| 75 | ||
| 76 | for (;;) { | |
| 77 | size_t size = bufSize; | |
| 78 | if (limit && limit < size) | |
| 79 | size = limit; | |
| 80 | size_t got = fd.read(buffer, size); | |
| 81 | total += got; | |
| 82 | if (fd.atEnd()) | |
| 83 | break; | |
| 84 | handle(buffer, got); | |
| 85 | if (limit && (limit -= got) == 0) | |
| 86 | break; | |
| 87 | } | |
| b1ab9ed8 | 88 | } |
| 866f8763 A |
89 | catch(...) { |
| 90 | /* don't leak this on error */ | |
| 91 | if (buffer) | |
| 92 | free(buffer); | |
| 93 | throw; | |
| 94 | } | |
| 95 | ||
| 96 | free(buffer); | |
| b1ab9ed8 A |
97 | return total; |
| 98 | } | |
| 99 | ||
| e3d460c9 A |
100 | |
| 101 | // | |
| 102 | // Calculate hashes of (a section of) a file. | |
| 103 | // Starts at the current file position. | |
| 104 | // Extends to end of file, or (if limit > 0) at most limit bytes. | |
| 105 | // Returns number of bytes digested. | |
| 106 | // | |
| 107 | template <class _Hash> | |
| 108 | size_t hashFileData(UnixPlusPlus::FileDesc fd, _Hash *hasher, size_t limit = 0) | |
| 109 | { | |
| 110 | return scanFileData(fd, limit, ^(const void *buffer, size_t size) { | |
| 111 | hasher->update(buffer, size); | |
| 112 | }); | |
| 113 | } | |
| 114 | ||
| 313fa17b A |
115 | template <class _Hash> |
| 116 | size_t hashFileData(const char *path, _Hash *hasher) | |
| 117 | { | |
| 118 | UnixPlusPlus::AutoFileDesc fd(path); | |
| 119 | return hashFileData(fd, hasher); | |
| 120 | } | |
| e3d460c9 | 121 | |
| b1ab9ed8 A |
122 | |
| 123 | // | |
| 124 | // Check to see if a certificate contains a particular field, by OID. This works for extensions, | |
| 125 | // even ones not recognized by the local CL. It does not return any value, only presence. | |
| 126 | // | |
| 866f8763 A |
127 | |
| 128 | #if TARGET_OS_OSX | |
| b1ab9ed8 A |
129 | bool certificateHasField(SecCertificateRef cert, const CSSM_OID &oid); |
| 130 | bool certificateHasPolicy(SecCertificateRef cert, const CSSM_OID &policyOid); | |
| 07691282 | 131 | CFDateRef certificateCopyFieldDate(SecCertificateRef cert, const CSSM_OID &policyOid); |
| 866f8763 | 132 | #endif |
| b1ab9ed8 A |
133 | |
| 134 | // | |
| 135 | // Encapsulation of the copyfile(3) API. | |
| 136 | // This is slated to go into utilities once stable. | |
| 137 | // | |
| 138 | class Copyfile { | |
| 139 | public: | |
| 140 | Copyfile(); | |
| 141 | ~Copyfile() { copyfile_state_free(mState); } | |
| 142 | ||
| 143 | operator copyfile_state_t () const { return mState; } | |
| 144 | ||
| 145 | void set(uint32_t flag, const void *value); | |
| 146 | void get(uint32_t flag, void *value); | |
| 147 | ||
| 148 | void operator () (const char *src, const char *dst, copyfile_flags_t flags); | |
| 149 | ||
| 150 | private: | |
| 151 | void check(int rc); | |
| 152 | ||
| 153 | private: | |
| 154 | copyfile_state_t mState; | |
| 155 | }; | |
| 156 | ||
| 157 | ||
| 158 | // | |
| 159 | // MessageTracer support | |
| 160 | // | |
| 161 | class MessageTrace { | |
| 162 | public: | |
| 163 | MessageTrace(const char *domain, const char *signature); | |
| 427c49bc | 164 | ~MessageTrace() { ::asl_free(mAsl); } |
| 866f8763 A |
165 | void add(const char *key, const char *format, ...) __attribute__((format(printf,3,4))); |
| 166 | void send(const char *format, ...) __attribute__((format(printf,2,3))); | |
| b1ab9ed8 A |
167 | |
| 168 | private: | |
| 169 | aslmsg mAsl; | |
| 170 | }; | |
| 171 | ||
| 172 | ||
| 173 | // | |
| 174 | // A reliable uid set/reset bracket | |
| 175 | // | |
| 176 | class UidGuard { | |
| 177 | public: | |
| 178 | UidGuard() : mPrevious(-1) { } | |
| fa7225c8 | 179 | UidGuard(uid_t uid) : mPrevious(-1) { (void)seteuid(uid); } |
| b1ab9ed8 A |
180 | ~UidGuard() |
| 181 | { | |
| 182 | if (active()) | |
| 183 | UnixError::check(::seteuid(mPrevious)); | |
| 184 | } | |
| 185 | ||
| 186 | bool seteuid(uid_t uid) | |
| 187 | { | |
| 188 | if (uid == geteuid()) | |
| 189 | return true; // no change, don't bother the kernel | |
| 190 | if (!active()) | |
| 191 | mPrevious = ::geteuid(); | |
| 192 | return ::seteuid(uid) == 0; | |
| 193 | } | |
| 194 | ||
| 195 | bool active() const { return mPrevious != uid_t(-1); } | |
| 196 | operator bool () const { return active(); } | |
| 197 | uid_t saved() const { assert(active()); return mPrevious; } | |
| 198 | ||
| 199 | private: | |
| 200 | uid_t mPrevious; | |
| 201 | }; | |
| 202 | ||
| 203 | ||
| d87e1158 A |
204 | // This class provides resource limited parallelization, |
| 205 | // used for work on nested bundles (e.g. signing or validating them). | |
| 206 | ||
| 207 | // We only spins off async workers if they are available right now, | |
| 208 | // otherwise we continue synchronously in the current thread. | |
| 209 | // This is important because we must progress at all times, otherwise | |
| 210 | // deeply nested bundles will deadlock on waiting for resource validation, | |
| 211 | // with no available workers to actually do so. | |
| 212 | // Their nested resources, however, may again spin off async workers if | |
| 213 | // available. | |
| 214 | ||
| 215 | class LimitedAsync { | |
| 216 | NOCOPY(LimitedAsync) | |
| 217 | public: | |
| 218 | LimitedAsync(bool async); | |
| 219 | LimitedAsync(LimitedAsync& limitedAsync); | |
| 220 | virtual ~LimitedAsync(); | |
| 221 | ||
| 222 | bool perform(Dispatch::Group &groupRef, void (^block)()); | |
| 223 | ||
| 224 | private: | |
| 225 | Dispatch::Semaphore *mResourceSemaphore; | |
| 226 | }; | |
| 227 | ||
| d64be36e A |
228 | // Check if the path is on the root filesystem, protected by the OS. |
| 229 | bool isOnRootFilesystem(const char *path); | |
| d87e1158 | 230 | |
| 67d61d2e A |
231 | // Check if a path exists. |
| 232 | bool pathExists(const char *path); | |
| 233 | ||
| 234 | // Check if the path name represents an extended attribute file (on file systems which don't support | |
| 235 | // them natively). | |
| 236 | bool pathMatchesXattrFilenameSpec(const char *path); | |
| 237 | ||
| 238 | // Check if path is a regular file. | |
| 239 | bool pathIsRegularFile(const char *path); | |
| 240 | ||
| 241 | // Check if a path has any extended attributes. | |
| 242 | bool pathHasXattrs(const char *path); | |
| 243 | ||
| 244 | // Check if the path is on a file system that requires files to store extended attributes. | |
| 245 | bool pathFileSystemUsesXattrFiles(const char *path); | |
| 246 | ||
| 247 | // Check if path is a valid extended attribute file. | |
| 248 | bool pathIsValidXattrFile(const string fullPath, const char *scope = "csutilities"); | |
| d87e1158 | 249 | |
| b1ab9ed8 A |
250 | } // end namespace CodeSigning |
| 251 | } // end namespace Security | |
| 252 | ||
| 253 | #endif // !_H_CSUTILITIES |