2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
23 #include "SecAssessment.h"
24 #include "notarization.h"
25 #include <security_utilities/unix++.h>
27 typedef struct __attribute__((packed
)) _package_trailer
{
36 TrailerTypeInvalid
= 0,
37 TrailerTypeTerminator
,
41 static const char *TrailerMagic
= "t8lr";
44 namespace CodeSigning
{
47 registerStapledTicketWithSystem(CFDataRef data
)
49 secinfo("notarization", "Registering stapled ticket with system");
52 CFRef
<CFErrorRef
> error
;
53 if (!SecAssessmentTicketRegister(data
, &error
.aref())) {
54 secerror("Error registering stapled ticket: %@", error
.get());
56 #endif // TARGET_OS_OSX
60 checkNotarizationServiceForRevocation(CFDataRef hash
, SecCSDigestAlgorithm hashType
, double *date
)
62 bool is_revoked
= false;
64 secinfo("notarization", "checking with online notarization service for hash: %@", hash
);
67 CFRef
<CFErrorRef
> error
;
68 if (!SecAssessmentTicketLookup(hash
, hashType
, kSecAssessmentTicketFlagForceOnlineCheck
, date
, &error
.aref())) {
69 CFIndex err
= CFErrorGetCode(error
);
71 secerror("Notarization daemon found revoked hash: %@", hash
);
74 secerror("Error checking with notarization daemon: %ld", err
);
83 isNotarized(const Requirement::Context
*context
)
86 CFRef
<CFErrorRef
> error
;
87 bool is_notarized
= false;
88 SecCSDigestAlgorithm hashType
= kSecCodeSignatureNoHash
;
90 if (context
== NULL
) {
95 if (context
->directory
) {
96 cd
.take(context
->directory
->cdhash());
97 hashType
= (SecCSDigestAlgorithm
)context
->directory
->hashType
;
98 } else if (context
->packageChecksum
) {
99 cd
= context
->packageChecksum
;
100 hashType
= context
->packageAlgorithm
;
103 if (cd
.get() == NULL
) {
104 // No cdhash means we can't check notarization.
105 is_notarized
= false;
109 secinfo("notarization", "checking notarization on %d, %@", hashType
, cd
.get());
112 if (SecAssessmentTicketLookup(cd
, hashType
, kSecAssessmentTicketFlagDefault
, NULL
, &error
.aref())) {
115 is_notarized
= false;
116 if (error
.get() != NULL
) {
117 secerror("Error checking with notarization daemon: %ld", CFErrorGetCode(error
));
123 secinfo("notarization", "isNotarized = %d", is_notarized
);
128 registerStapledTicketInPackage(const std::string
& path
)
131 package_trailer_t trailer
;
132 off_t readOffset
= 0;
133 size_t bytesRead
= 0;
135 uint8_t *ticketData
= NULL
;
136 boolean_t ticketTrailerFound
= false;
137 CFRef
<CFDataRef
> data
;
139 secinfo("notarization", "Extracting ticket from package: %s", path
.c_str());
141 fd
= open(path
.c_str(), O_RDONLY
);
143 secerror("cannot open package for reading");
147 bzero(&trailer
, sizeof(trailer
));
148 readOffset
= lseek(fd
, -sizeof(trailer
), SEEK_END
);
149 if (readOffset
<= 0) {
150 secerror("could not scan for first trailer on package (error - %d)", errno
);
154 while (!ticketTrailerFound
) {
155 bytesRead
= read(fd
, &trailer
, sizeof(trailer
));
156 if (bytesRead
!= sizeof(trailer
)) {
157 secerror("could not read next trailer from package (error - %d)", errno
);
161 if (memcmp(trailer
.magic
, TrailerMagic
, strlen(TrailerMagic
)) != 0) {
162 // Most packages will not be stapled, so this isn't really an error.
163 secdebug("notarization", "package did not end in a trailer");
167 switch (trailer
.type
) {
168 case TrailerTypeTicket
:
169 ticketTrailerFound
= true;
171 case TrailerTypeTerminator
:
172 // Found a terminator before a trailer, so just exit.
173 secinfo("notarization", "package had a trailer, but no ticket trailers");
175 case TrailerTypeInvalid
:
176 secinfo("notarization", "package had an invalid trailer");
179 // it's an unsupported trailer type, so skip it.
183 // If we're here, it's either a ticket or an unknown trailer. In both cases we can definitely seek back to the
184 // beginning of the data pointed to by this trailer, which is the length of its data and the size of the trailer itself.
185 backSeek
= -1 * (sizeof(trailer
) + trailer
.length
);
186 if (!ticketTrailerFound
) {
187 // If we didn't find a ticket, we're about to iterate again and want to read the next trailer so seek back an additional
188 // trailer blob to prepare for reading it.
189 backSeek
-= sizeof(trailer
);
191 readOffset
= lseek(fd
, backSeek
, SEEK_CUR
);
192 if (readOffset
<= 0) {
193 secerror("could not scan backwards (%lld) for next trailer on package (error - %d)", backSeek
, errno
);
198 // If we got here, we have a valid ticket trailer and already seeked back to the beginning of its data.
199 ticketData
= (uint8_t*)malloc(trailer
.length
);
200 if (ticketData
== NULL
) {
201 secerror("could not allocate memory for ticket");
205 bytesRead
= read(fd
, ticketData
, trailer
.length
);
206 if (bytesRead
!= trailer
.length
) {
207 secerror("unable to read entire ticket (error - %d)", errno
);
211 data
.take(makeCFDataMalloc(ticketData
, trailer
.length
));
212 if (data
.get() == NULL
) {
213 secerror("unable to create cfdata for notarization");
217 secinfo("notarization", "successfully found stapled ticket for: %s", path
.c_str());
218 registerStapledTicketWithSystem(data
);
227 registerStapledTicketInBundle(const std::string
& path
)
231 uint8_t *ticketData
= NULL
;
232 size_t ticketLength
= 0;
233 size_t bytesRead
= 0;
234 CFRef
<CFDataRef
> data
;
235 std::string ticketLocation
= path
+ "/Contents/CodeResources";
237 secinfo("notarization", "Extracting ticket from bundle: %s", path
.c_str());
239 fd
= open(ticketLocation
.c_str(), O_RDONLY
);
241 // Only print an error if the file exists, otherwise its an expected early exit case.
242 if (errno
!= ENOENT
) {
243 secerror("cannot open stapled file for reading: %d", errno
);
248 if (fstat(fd
, &st
)) {
249 secerror("unable to stat stapling file: %d", errno
);
253 if ((st
.st_mode
& S_IFREG
) != S_IFREG
) {
254 secerror("stapling is not a regular file");
258 if (st
.st_size
<= INT_MAX
) {
259 ticketLength
= (size_t)st
.st_size
;
261 secerror("ticket size was too large: %lld", st
.st_size
);
265 ticketData
= (uint8_t*)malloc(ticketLength
);
266 if (ticketData
== NULL
) {
267 secerror("unable to allocate data for ticket");
271 bytesRead
= read(fd
, ticketData
, ticketLength
);
272 if (bytesRead
!= ticketLength
) {
273 secerror("unable to read entire ticket from bundle");
277 data
.take(makeCFDataMalloc(ticketData
, ticketLength
));
278 if (data
.get() == NULL
) {
279 secerror("unable to create cfdata for notarization");
283 secinfo("notarization", "successfully found stapled ticket for: %s", path
.c_str());
284 registerStapledTicketWithSystem(data
);
293 registerStapledTicketInDMG(CFDataRef ticketData
)
295 if (ticketData
== NULL
) {
298 secinfo("notarization", "successfully found stapled ticket in DMG");
299 registerStapledTicketWithSystem(ticketData
);