Security-59306.11.20.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / cdbuilder.h
diff --git a/OSX/libsecurity_codesigning/lib/cdbuilder.h b/OSX/libsecurity_codesigning/lib/cdbuilder.h

index 21f92405df3ff9147b5519255e27ab5d1ede84a0..7137444ce9a3e7798f315a1d6eb8d97f79d6aa4b 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/cdbuilder.h
+++ b/OSX/libsecurity_codesigning/lib/cdbuilder.h
@@ -41,26 +41,47 @@ namespace CodeSigning {
  //  CodeDirectory *result = builder.build();
  // Builder is not reusable.
  //
-class CodeDirectory::Builder {
+class CodeDirectory::Builder : public RefCount {
+       NOCOPY(Builder)
  public:
         Builder(HashAlgorithm digestAlgorithm);
         ~Builder();
         
         void executable(string path, size_t pagesize, size_t offset, size_t length);
         void reopen(string path, size_t offset, size_t length);
+       bool opened();
  
         void specialSlot(SpecialSlot slot, CFDataRef data);
         void identifier(const std::string &code) { mIdentifier = code; }
         void teamID(const std::string &team) { mTeamID = team; }
         void flags(uint32_t f) { mFlags = f; }
         void platform(uint8_t p) { mPlatform = p; }
+       std::set<Slot> filledSpecialSlots() const { return mFilledSpecialSlots; }
         
         Scatter *scatter(unsigned count);                       // allocate that many scatter elements (w/o sentinel)
         Scatter *scatter() { return mScatter; }         // return already allocated scatter vector
-       
+
+       void execSeg(uint64_t base, uint64_t limit, uint64_t flags) {
+               mExecSegOffset = base; mExecSegLimit = limit; mExecSegFlags = flags; }
+       void addExecSegFlags(uint64_t flags) { mExecSegFlags |= flags; }
+
+       typedef std::map<CodeDirectory::HashAlgorithm, CFCopyRef<CFDataRef> >
+               PreEncryptHashMap;
+
+       void generatePreEncryptHashes(bool pre) { mGeneratePreEncryptHashes = pre; }
+       void preservePreEncryptHashMap(PreEncryptHashMap preEncryptHashMap) {
+               mPreservedPreEncryptHashMap = preEncryptHashMap;
+       }
+
+       void runTimeVersion(uint32_t runtime) {
+               mRuntimeVersion = runtime;
+       }
+
         size_t size(const uint32_t version);            // calculate size
         CodeDirectory *build();                                         // build CodeDirectory and return it
-       const size_t fixedSize(const uint32_t version); // calculate fixed size of the CodeDirectory
+    size_t fixedSize(const uint32_t version);  // calculate fixed size of the CodeDirectory
+       
+       uint32_t hashType() const { return mHashType; }
  
         DynamicHash *getHash() const { return CodeDirectory::hashFor(this->mHashType); }
         
@@ -72,6 +93,7 @@ private:
         
  private:
         Hashing::Byte *mSpecial;                                        // array of special slot hashes
+       std::set<Slot> mFilledSpecialSlots;                     // special slots filled with values
         UnixPlusPlus::AutoFileDesc mExec;                       // main executable file
         size_t mExecOffset;                                                     // starting offset in mExec
         size_t mExecLength;                                                     // total bytes of file to sign
@@ -88,7 +110,16 @@ private:
         
         Scatter *mScatter;                                                      // scatter vector
         size_t mScatterSize;                                            // number of scatter elements allocated (incl. sentinel)
-       
+
+       uint64_t mExecSegOffset;                                        // starting offset of executable segment
+       uint64_t mExecSegLimit;                                         // limit of executable segment
+       uint64_t mExecSegFlags;                                         // executable segment flags
+
+       bool mGeneratePreEncryptHashes;                         // whether to also generate new pre-encrypt hashes
+       PreEncryptHashMap mPreservedPreEncryptHashMap; // existing pre-encrypt hashes to be set
+
+       uint32_t mRuntimeVersion;                                       // Hardened Runtime Version
+
         CodeDirectory *mDir;                                            // what we're building
  };