OSX/libsecurity_codesigning/lib/csutilities.h

   1 /*
   2  * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // csutilities - miscellaneous utilities for the code signing implementation
  26 //
  27 // This is a collection of odds and ends that wouldn't fit anywhere else.
  28 // The common theme is that the contents are otherwise naturally homeless.
  29 //
  30 #ifndef _H_CSUTILITIES
  31 #define _H_CSUTILITIES
  32
  33 #include <Security/Security.h>
  34 #include <security_utilities/dispatch.h>
  35 #include <security_utilities/hashing.h>
  36 #include <security_utilities/unix++.h>
  37 #include <security_cdsa_utilities/cssmdata.h>
  38 #include <copyfile.h>
  39 #include <asl.h>
  40 #include <cstdarg>
  41
  42 namespace Security {
  43 namespace CodeSigning {
  44
  45
  46 //
  47 // Test for the canonical Apple CA certificate
  48 //
  49 bool isAppleCA(SecCertificateRef cert);
  50
  51
  52 //
  53 // Calculate canonical hashes of certificate.
  54 // This is simply defined as (always) the SHA1 hash of the DER.
  55 //
  56 void hashOfCertificate(const void *certData, size_t certLength, SHA1::Digest digest);
  57 void hashOfCertificate(SecCertificateRef cert, SHA1::Digest digest);
  58 bool verifyHash(SecCertificateRef cert, const Hashing::Byte *digest);
  59
  60
  61 inline size_t scanFileData(UnixPlusPlus::FileDesc fd, size_t limit, void (^handle)(const void *buffer, size_t size))
  62 {
  63         unsigned char buffer[4096];
  64         size_t total = 0;
  65         for (;;) {
  66                 size_t size = sizeof(buffer);
  67                 if (limit && limit < size)
  68                         size = limit;
  69                 size_t got = fd.read(buffer, size);
  70                 total += got;
  71                 if (fd.atEnd())
  72                         break;
  73                 handle(buffer, got);
  74                 if (limit && (limit -= got) == 0)
  75                         break;
  76         }
  77         return total;
  78 }
  79
  80
  81 //
  82 // Calculate hashes of (a section of) a file.
  83 // Starts at the current file position.
  84 // Extends to end of file, or (if limit > 0) at most limit bytes.
  85 // Returns number of bytes digested.
  86 //
  87 template <class _Hash>
  88 size_t hashFileData(UnixPlusPlus::FileDesc fd, _Hash *hasher, size_t limit = 0)
  89 {
  90         return scanFileData(fd, limit, ^(const void *buffer, size_t size) {
  91                 hasher->update(buffer, size);
  92         });
  93 }
  94
  95 template <class _Hash>
  96 size_t hashFileData(const char *path, _Hash *hasher)
  97 {
  98         UnixPlusPlus::AutoFileDesc fd(path);
  99         return hashFileData(fd, hasher);
 100 }
 101
 102
 103 //
 104 // Check to see if a certificate contains a particular field, by OID. This works for extensions,
 105 // even ones not recognized by the local CL. It does not return any value, only presence.
 106 //
 107 bool certificateHasField(SecCertificateRef cert, const CSSM_OID &oid);
 108 bool certificateHasPolicy(SecCertificateRef cert, const CSSM_OID &policyOid);
 109
 110
 111 //
 112 // Encapsulation of the copyfile(3) API.
 113 // This is slated to go into utilities once stable.
 114 //
 115 class Copyfile {
 116 public:
 117         Copyfile();
 118         ~Copyfile()     { copyfile_state_free(mState); }
 119
 120         operator copyfile_state_t () const { return mState; }
 121
 122         void set(uint32_t flag, const void *value);
 123         void get(uint32_t flag, void *value);
 124
 125         void operator () (const char *src, const char *dst, copyfile_flags_t flags);
 126
 127 private:
 128         void check(int rc);
 129
 130 private:
 131         copyfile_state_t mState;
 132 };
 133
 134
 135 //
 136 // MessageTracer support
 137 //
 138 class MessageTrace {
 139 public:
 140         MessageTrace(const char *domain, const char *signature);
 141         ~MessageTrace() { ::asl_free(mAsl); }
 142         void add(const char *key, const char *format, ...);
 143         void send(const char *format, ...);
 144
 145 private:
 146         aslmsg mAsl;
 147 };
 148
 149
 150 //
 151 // A reliable uid set/reset bracket
 152 //
 153 class UidGuard {
 154 public:
 155         UidGuard() : mPrevious(-1) { }
 156         UidGuard(uid_t uid) : mPrevious(-1) { (void)seteuid(uid); }
 157         ~UidGuard()
 158         {
 159                 if (active())
 160                         UnixError::check(::seteuid(mPrevious));
 161         }
 162
 163         bool seteuid(uid_t uid)
 164         {
 165                 if (uid == geteuid())
 166                         return true;    // no change, don't bother the kernel
 167                 if (!active())
 168                         mPrevious = ::geteuid();
 169                 return ::seteuid(uid) == 0;
 170         }
 171
 172         bool active() const { return mPrevious != uid_t(-1); }
 173         operator bool () const { return active(); }
 174         uid_t saved() const { assert(active()); return mPrevious; }
 175
 176 private:
 177         uid_t mPrevious;
 178 };
 179
 180
 181 // This class provides resource limited parallelization,
 182 // used for work on nested bundles (e.g. signing or validating them).
 183
 184 // We only spins off async workers if they are available right now,
 185 // otherwise we continue synchronously in the current thread.
 186 // This is important because we must progress at all times, otherwise
 187 // deeply nested bundles will deadlock on waiting for resource validation,
 188 // with no available workers to actually do so.
 189 // Their nested resources, however, may again spin off async workers if
 190 // available.
 191
 192 class LimitedAsync {
 193         NOCOPY(LimitedAsync)
 194 public:
 195         LimitedAsync(bool async);
 196         LimitedAsync(LimitedAsync& limitedAsync);
 197         virtual ~LimitedAsync();
 198
 199         bool perform(Dispatch::Group &groupRef, void (^block)());
 200
 201 private:
 202         Dispatch::Semaphore *mResourceSemaphore;
 203 };
 204
 205
 206
 207 } // end namespace CodeSigning
 208 } // end namespace Security
 209
 210 #endif // !_H_CSUTILITIES