]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/cdbuilder.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / cdbuilder.h
1 /*
2 * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // cdbuilder - constructor for CodeDirectories
26 //
27 #ifndef _H_CDBUILDER
28 #define _H_CDBUILDER
29
30 #include "codedirectory.h"
31
32
33 namespace Security {
34 namespace CodeSigning {
35
36
37 //
38 // Builder can construct CodeDirectories from pieces:
39 // Builder builder(...);
40 // builder.variousSetters(withSuitableData);
41 // CodeDirectory *result = builder.build();
42 // Builder is not reusable.
43 //
44 class CodeDirectory::Builder : public RefCount {
45 NOCOPY(Builder)
46 public:
47 Builder(HashAlgorithm digestAlgorithm);
48 ~Builder();
49
50 void executable(string path, size_t pagesize, size_t offset, size_t length);
51 void reopen(string path, size_t offset, size_t length);
52 bool opened();
53
54 void specialSlot(SpecialSlot slot, CFDataRef data);
55 void identifier(const std::string &code) { mIdentifier = code; }
56 void teamID(const std::string &team) { mTeamID = team; }
57 void flags(uint32_t f) { mFlags = f; }
58 void platform(uint8_t p) { mPlatform = p; }
59 std::set<Slot> filledSpecialSlots() const { return mFilledSpecialSlots; }
60
61 Scatter *scatter(unsigned count); // allocate that many scatter elements (w/o sentinel)
62 Scatter *scatter() { return mScatter; } // return already allocated scatter vector
63
64 void execSeg(uint64_t base, uint64_t limit, uint64_t flags) {
65 mExecSegOffset = base; mExecSegLimit = limit; mExecSegFlags = flags; }
66 void addExecSegFlags(uint64_t flags) { mExecSegFlags |= flags; }
67
68 typedef std::map<CodeDirectory::HashAlgorithm, CFCopyRef<CFDataRef> >
69 PreEncryptHashMap;
70
71 void generatePreEncryptHashes(bool pre) { mGeneratePreEncryptHashes = pre; }
72 void preservePreEncryptHashMap(PreEncryptHashMap preEncryptHashMap) {
73 mPreservedPreEncryptHashMap = preEncryptHashMap;
74 }
75
76 void runTimeVersion(uint32_t runtime) {
77 mRuntimeVersion = runtime;
78 }
79
80 size_t size(const uint32_t version); // calculate size
81 CodeDirectory *build(); // build CodeDirectory and return it
82 size_t fixedSize(const uint32_t version); // calculate fixed size of the CodeDirectory
83
84 uint32_t hashType() const { return mHashType; }
85
86 DynamicHash *getHash() const { return CodeDirectory::hashFor(this->mHashType); }
87
88 private:
89 Hashing::Byte *specialSlot(SpecialSlot slot)
90 { assert(slot > 0 && slot <= cdSlotMax); return mSpecial + (slot - 1) * mDigestLength; }
91 Hashing::Byte *specialSlot(SpecialSlot slot) const
92 { assert(slot > 0 && slot <= cdSlotMax); return mSpecial + (slot - 1) * mDigestLength; }
93
94 private:
95 Hashing::Byte *mSpecial; // array of special slot hashes
96 std::set<Slot> mFilledSpecialSlots; // special slots filled with values
97 UnixPlusPlus::AutoFileDesc mExec; // main executable file
98 size_t mExecOffset; // starting offset in mExec
99 size_t mExecLength; // total bytes of file to sign
100 size_t mPageSize; // page size of executable (bytes)
101 uint32_t mFlags; // CodeDirectory flags
102 uint32_t mHashType; // digest algorithm code
103 uint8_t mPlatform; // platform identifier
104 uint32_t mDigestLength; // number of bytes in a single glue digest
105 std::string mIdentifier; // canonical identifier
106 std::string mTeamID; // team identifier
107
108 size_t mSpecialSlots; // highest special slot set
109 size_t mCodeSlots; // number of code pages (slots)
110
111 Scatter *mScatter; // scatter vector
112 size_t mScatterSize; // number of scatter elements allocated (incl. sentinel)
113
114 uint64_t mExecSegOffset; // starting offset of executable segment
115 uint64_t mExecSegLimit; // limit of executable segment
116 uint64_t mExecSegFlags; // executable segment flags
117
118 bool mGeneratePreEncryptHashes; // whether to also generate new pre-encrypt hashes
119 PreEncryptHashMap mPreservedPreEncryptHashMap; // existing pre-encrypt hashes to be set
120
121 uint32_t mRuntimeVersion; // Hardened Runtime Version
122
123 CodeDirectory *mDir; // what we're building
124 };
125
126
127 } // CodeSigning
128 } // Security
129
130
131 #endif //_H_CDBUILDER
mirror of Security