]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_cdsa_utilities/lib/acl_codesigning.cpp
Security-58286.260.20.tar.gz
[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / acl_codesigning.cpp
1 /*
2 * Copyright (c) 2000-2006,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // acl_codesigning - ACL subject for signature of calling application
27 //
28 #include <security_cdsa_utilities/acl_codesigning.h>
29 #include <security_cdsa_utilities/cssmdata.h>
30 #include <security_utilities/endian.h>
31 #include <algorithm>
32
33
34 //
35 // Code signature credentials are validated globally - they are entirely
36 // a feature of "the" process (defined by the environment), and take no
37 // samples whatsoever.
38 //
39 bool CodeSignatureAclSubject::validates(const AclValidationContext &context) const
40 {
41 // a suitable environment is required for a match
42 if (Environment *env = context.environment<Environment>())
43 return env->verifyCodeSignature(*this, context);
44 else
45 return false;
46 }
47
48
49 //
50 // Make a copy of this subject in CSSM_LIST form.
51 // The format is (head), (type code: Wordid), (signature data: datum), (comment: datum)
52 //
53 CssmList CodeSignatureAclSubject::toList(Allocator &alloc) const
54 {
55 assert(path().find('\0') == string::npos); // no embedded nulls in path
56 uint32_t type = CSSM_ACL_CODE_SIGNATURE_OSX;
57 TypedList list(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE,
58 new(alloc) ListElement(type),
59 new(alloc) ListElement(alloc, CssmData::wrap(legacyHash(), SHA1::digestLength)),
60 new(alloc) ListElement(alloc, CssmData::wrap(path().c_str(), path().size() + 1)));
61 if (requirement()) {
62 CFRef<CFDataRef> reqData;
63 MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
64 list += new(alloc) ListElement(alloc,
65 CssmData::wrap(CFDataGetBytePtr(reqData), CFDataGetLength(reqData)));
66 }
67 for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++)
68 list += new(alloc) ListElement(alloc, CssmData(*it->second));
69 return list;
70 }
71
72
73 //
74 // Create a CodeSignatureAclSubject
75 //
76 CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const TypedList &list) const
77 {
78 // there once was a format with only a hash (length 2+1). It is no longer supported
79 unsigned total = list.length(); // includes subject type header
80 if (total >= 3 + 1
81 && list[1].is(CSSM_LIST_ELEMENT_WORDID) // [1] == signature type
82 && list[1] == CSSM_ACL_CODE_SIGNATURE_OSX
83 && list[2].is(CSSM_LIST_ELEMENT_DATUM) // [2] == legacy hash
84 && list[2].data().length() == SHA1::digestLength
85 && list[3].is(CSSM_LIST_ELEMENT_DATUM)) {
86 // structurally okay
87 CodeSignatureAclSubject *subj =
88 new CodeSignatureAclSubject(list[2].data().interpretedAs<const SHA1::Byte>(),
89 list[3].data().interpretedAs<const char>());
90 for (unsigned n = 3 + 1; n < total; n++) {
91 if (list[n].is(CSSM_LIST_ELEMENT_DATUM)) {
92 const BlobCore *blob = list[n].data().interpretedAs<const BlobCore>();
93 if (blob->length() < sizeof(BlobCore)) {
94 secinfo("csblob", "runt blob (0x%x/%zd) slot %d in CSSM_LIST",
95 blob->magic(), blob->length(), n);
96 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
97 } else if (blob->length() != list[n].data().length()) {
98 secinfo("csblob", "badly sized blob (0x%x/%zd) slot %d in CSSM_LIST",
99 blob->magic(), blob->length(), n);
100 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
101 }
102 subj->add(blob);
103 } else
104 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
105 }
106 return subj;
107 } else
108 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
109 }
110
111 CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Version version,
112 Reader &pub, Reader &priv) const
113 {
114 assert(version == 0);
115 Endian<uint32> sigType; pub(sigType);
116 const void *data; size_t length; pub.countedData(data, length);
117 const void *commentData; size_t commentLength; pub.countedData(commentData, commentLength);
118 if (sigType == CSSM_ACL_CODE_SIGNATURE_OSX
119 && length == SHA1::digestLength) {
120 return make((const SHA1::Byte *)data, CssmData::wrap(commentData, commentLength));
121 }
122 CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
123 }
124
125 CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const SHA1::Byte *hash,
126 const CssmData &commentBag) const
127 {
128 using namespace LowLevelMemoryUtilities;
129 const char *path = commentBag.interpretedAs<const char>();
130 CodeSignatureAclSubject *subj = new CodeSignatureAclSubject(hash, path);
131 for (const BlobCore *blob = increment<BlobCore>(commentBag.data(), alignUp(strlen(path) + 1, commentBagAlignment));
132 blob < commentBag.end();
133 blob = increment<const BlobCore>(blob, alignUp(blob->length(), commentBagAlignment))) {
134 size_t leftInBag = difference(commentBag.end(), blob);
135 if (leftInBag < sizeof(BlobCore) || blob->length() < sizeof(BlobCore) || blob->length() > leftInBag) {
136 secinfo("csblob", "invalid blob (0x%x/%zd) [%zd in bag] in code signing ACL for %s - stopping scan",
137 blob->magic(), blob->length(), leftInBag, subj->path().c_str());
138 break; // can't trust anything beyond this blob
139 }
140 subj->add(blob);
141 }
142 return subj;
143 }
144
145
146 //
147 // Export the subject to a memory blob
148 //
149 void CodeSignatureAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
150 {
151 using LowLevelMemoryUtilities::alignUp;
152 assert(path().find('\0') == string::npos); // no embedded nulls in path
153 Endian<uint32> sigType = CSSM_ACL_CODE_SIGNATURE_OSX; pub(sigType);
154 pub.countedData(legacyHash(), SHA1::digestLength);
155 size_t size = path().size() + 1;
156 if (requirement()) {
157 CFRef<CFDataRef> reqData;
158 MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
159 size = alignUp(size, commentBagAlignment) + CFDataGetLength(reqData);
160 }
161 for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++) {
162 size = alignUp(size, commentBagAlignment) + it->second->length();
163 }
164 pub.countedData(NULL, size);
165 }
166
167 void CodeSignatureAclSubject::exportBlob(Writer &pub, Writer &priv)
168 {
169 using LowLevelMemoryUtilities::alignUp;
170 Endian<uint32> sigType = CSSM_ACL_CODE_SIGNATURE_OSX; pub(sigType);
171 pub.countedData(legacyHash(), SHA1::digestLength);
172 CssmAutoData commentBag(Allocator::standard(), path().c_str(), path().size() + 1);
173 static const uint32_t zero = 0;
174 if (requirement()) {
175 CFRef<CFDataRef> reqData;
176 MacOSError::check(SecRequirementCopyData(requirement(), kSecCSDefaultFlags, &reqData.aref()));
177 commentBag.append(&zero,
178 alignUp(commentBag.length(), commentBagAlignment) - commentBag.length());
179 commentBag.append(CFDataGetBytePtr(reqData), CFDataGetLength(reqData));
180 }
181 for (AuxMap::const_iterator it = beginAux(); it != endAux(); it++) {
182 commentBag.append(&zero,
183 alignUp(commentBag.length(), commentBagAlignment) - commentBag.length());
184 commentBag.append(CssmData(*it->second));
185 }
186 pub.countedData(commentBag);
187 }
188
189
190 #ifdef DEBUGDUMP
191
192 void CodeSignatureAclSubject::debugDump() const
193 {
194 Debug::dump("CodeSigning ");
195 OSXVerifier::dump();
196 }
197
198 #endif //DEBUGDUMP