OSX/libsecurity_codesigning/lib/csutilities.h

   1 /*
   2  * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // csutilities - miscellaneous utilities for the code signing implementation
  26 //
  27 // This is a collection of odds and ends that wouldn't fit anywhere else.
  28 // The common theme is that the contents are otherwise naturally homeless.
  29 //
  30 #ifndef _H_CSUTILITIES
  31 #define _H_CSUTILITIES
  32
  33 #include <Security/Security.h>
  34 #include <security_utilities/dispatch.h>
  35 #include <security_utilities/hashing.h>
  36 #include <security_utilities/unix++.h>
  37 #if TARGET_OS_OSX
  38 #include <security_cdsa_utilities/cssmdata.h>
  39 #endif
  40 #include <copyfile.h>
  41 #include <asl.h>
  42 #include <cstdarg>
  43
  44 namespace Security {
  45 namespace CodeSigning {
  46
  47
  48 //
  49 // Test for the canonical Apple CA certificate
  50 //
  51 bool isAppleCA(SecCertificateRef cert);
  52
  53
  54 //
  55 // Calculate canonical hashes of certificate.
  56 // This is simply defined as (always) the SHA1 hash of the DER.
  57 //
  58 void hashOfCertificate(const void *certData, size_t certLength, SHA1::Digest digest);
  59 void hashOfCertificate(SecCertificateRef cert, SHA1::Digest digest);
  60 bool verifyHash(SecCertificateRef cert, const Hashing::Byte *digest);
  61
  62
  63 inline size_t scanFileData(UnixPlusPlus::FileDesc fd, size_t limit, void (^handle)(const void *buffer, size_t size))
  64 {
  65         UnixPlusPlus::FileDesc::UnixStat st;
  66         size_t total = 0;
  67         unsigned char *buffer = NULL;
  68
  69         try {
  70                 fd.fstat(st);
  71                 size_t bufSize = MAX(64 * 1024, st.st_blksize);
  72                 buffer = (unsigned char *)valloc(bufSize);
  73                 if (!buffer)
  74                         return 0;
  75
  76                 for (;;) {
  77                         size_t size = bufSize;
  78                         if (limit && limit < size)
  79                                 size = limit;
  80                         size_t got = fd.read(buffer, size);
  81                         total += got;
  82                         if (fd.atEnd())
  83                                 break;
  84                         handle(buffer, got);
  85                         if (limit && (limit -= got) == 0)
  86                                 break;
  87                 }
  88         }
  89         catch(...) {
  90                 /* don't leak this on error */
  91                 if (buffer)
  92                         free(buffer);
  93                 throw;
  94         }
  95
  96         free(buffer);
  97         return total;
  98 }
  99
 100
 101 //
 102 // Calculate hashes of (a section of) a file.
 103 // Starts at the current file position.
 104 // Extends to end of file, or (if limit > 0) at most limit bytes.
 105 // Returns number of bytes digested.
 106 //
 107 template <class _Hash>
 108 size_t hashFileData(UnixPlusPlus::FileDesc fd, _Hash *hasher, size_t limit = 0)
 109 {
 110         return scanFileData(fd, limit, ^(const void *buffer, size_t size) {
 111                 hasher->update(buffer, size);
 112         });
 113 }
 114
 115 template <class _Hash>
 116 size_t hashFileData(const char *path, _Hash *hasher)
 117 {
 118         UnixPlusPlus::AutoFileDesc fd(path);
 119         return hashFileData(fd, hasher);
 120 }
 121
 122
 123 //
 124 // Check to see if a certificate contains a particular field, by OID. This works for extensions,
 125 // even ones not recognized by the local CL. It does not return any value, only presence.
 126 //
 127
 128 #if TARGET_OS_OSX
 129 bool certificateHasField(SecCertificateRef cert, const CSSM_OID &oid);
 130 bool certificateHasPolicy(SecCertificateRef cert, const CSSM_OID &policyOid);
 131 CFDateRef certificateCopyFieldDate(SecCertificateRef cert, const CSSM_OID &policyOid);
 132 #endif
 133
 134 //
 135 // Encapsulation of the copyfile(3) API.
 136 // This is slated to go into utilities once stable.
 137 //
 138 class Copyfile {
 139 public:
 140         Copyfile();
 141         ~Copyfile()     { copyfile_state_free(mState); }
 142
 143         operator copyfile_state_t () const { return mState; }
 144
 145         void set(uint32_t flag, const void *value);
 146         void get(uint32_t flag, void *value);
 147
 148         void operator () (const char *src, const char *dst, copyfile_flags_t flags);
 149
 150 private:
 151         void check(int rc);
 152
 153 private:
 154         copyfile_state_t mState;
 155 };
 156
 157
 158 //
 159 // MessageTracer support
 160 //
 161 class MessageTrace {
 162 public:
 163         MessageTrace(const char *domain, const char *signature);
 164         ~MessageTrace() { ::asl_free(mAsl); }
 165         void add(const char *key, const char *format, ...) __attribute__((format(printf,3,4)));
 166         void send(const char *format, ...) __attribute__((format(printf,2,3)));
 167
 168 private:
 169         aslmsg mAsl;
 170 };
 171
 172
 173 //
 174 // A reliable uid set/reset bracket
 175 //
 176 class UidGuard {
 177 public:
 178         UidGuard() : mPrevious(-1) { }
 179         UidGuard(uid_t uid) : mPrevious(-1) { (void)seteuid(uid); }
 180         ~UidGuard()
 181         {
 182                 if (active())
 183                         UnixError::check(::seteuid(mPrevious));
 184         }
 185
 186         bool seteuid(uid_t uid)
 187         {
 188                 if (uid == geteuid())
 189                         return true;    // no change, don't bother the kernel
 190                 if (!active())
 191                         mPrevious = ::geteuid();
 192                 return ::seteuid(uid) == 0;
 193         }
 194
 195         bool active() const { return mPrevious != uid_t(-1); }
 196         operator bool () const { return active(); }
 197         uid_t saved() const { assert(active()); return mPrevious; }
 198
 199 private:
 200         uid_t mPrevious;
 201 };
 202
 203
 204 // This class provides resource limited parallelization,
 205 // used for work on nested bundles (e.g. signing or validating them).
 206
 207 // We only spins off async workers if they are available right now,
 208 // otherwise we continue synchronously in the current thread.
 209 // This is important because we must progress at all times, otherwise
 210 // deeply nested bundles will deadlock on waiting for resource validation,
 211 // with no available workers to actually do so.
 212 // Their nested resources, however, may again spin off async workers if
 213 // available.
 214
 215 class LimitedAsync {
 216         NOCOPY(LimitedAsync)
 217 public:
 218         LimitedAsync(bool async);
 219         LimitedAsync(LimitedAsync& limitedAsync);
 220         virtual ~LimitedAsync();
 221
 222         bool perform(Dispatch::Group &groupRef, void (^block)());
 223
 224 private:
 225         Dispatch::Semaphore *mResourceSemaphore;
 226 };
 227
 228
 229
 230 } // end namespace CodeSigning
 231 } // end namespace Security
 232
 233 #endif // !_H_CSUTILITIES