-/*
- * Magic numbers used by Code Signing
- */
-enum {
- CSMAGIC_REQUIREMENT = 0xfade0c00, /* single Requirement blob */
- CSMAGIC_REQUIREMENTS = 0xfade0c01, /* Requirements vector (internal requirements) */
- CSMAGIC_CODEDIRECTORY = 0xfade0c02, /* CodeDirectory blob */
- CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0, /* embedded form of signature data */
- CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1, /* multi-arch collection of embedded signatures */
-
- CSSLOT_CODEDIRECTORY = 0, /* slot index for CodeDirectory */
-};
-
-
-/*
- * Structure of an embedded-signature SuperBlob
- */
-typedef struct __BlobIndex {
- uint32_t type; /* type of entry */
- uint32_t offset; /* offset of entry */
-} CS_BlobIndex;
-
-typedef struct __SuperBlob {
- uint32_t magic; /* magic number */
- uint32_t length; /* total length of SuperBlob */
- uint32_t count; /* number of index entries following */
- CS_BlobIndex index[]; /* (count) entries */
- /* followed by Blobs in no particular order as indicated by offsets in index */
-} CS_SuperBlob;
-
-
-/*
- * C form of a CodeDirectory.
- */
-typedef struct __CodeDirectory {
- uint32_t magic; /* magic number (CSMAGIC_CODEDIRECTORY) */
- uint32_t length; /* total length of CodeDirectory blob */
- uint32_t version; /* compatibility version */
- uint32_t flags; /* setup and mode flags */
- uint32_t hashOffset; /* offset of hash slot element at index zero */
- uint32_t identOffset; /* offset of identifier string */
- uint32_t nSpecialSlots; /* number of special hash slots */
- uint32_t nCodeSlots; /* number of ordinary (code) hash slots */
- uint32_t codeLimit; /* limit to main image signature range */
- uint8_t hashSize; /* size of each hash in bytes */
- uint8_t hashType; /* type of hash (cdHashType* constants) */
- uint8_t spare1; /* unused (must be zero) */
- uint8_t pageSize; /* log2(page size in bytes); 0 => infinite */
- uint32_t spare2; /* unused (must be zero) */
- /* followed by dynamic content as located by offset fields above */
-} CS_CodeDirectory;
-
-
-/*
- * Sample code to locate the CodeDirectory from an embedded signature blob
- */
-static inline const CS_CodeDirectory *findCodeDirectory(const CS_SuperBlob *embedded)
-{
- if (embedded && ntohl(embedded->magic) == CSMAGIC_EMBEDDED_SIGNATURE) {
- const CS_BlobIndex *limit = &embedded->index[ntohl(embedded->count)];
- const CS_BlobIndex *p;
- for (p = embedded->index; p < limit; ++p)
- if (ntohl(p->type) == CSSLOT_CODEDIRECTORY) {
- const unsigned char *base = (const unsigned char *)embedded;
- const CS_CodeDirectory *cd = (const CS_CodeDirectory *)(base + ntohl(p->offset));
- if (cd->magic == CSMAGIC_CODEDIRECTORY)
- return cd;
- else
- break;
- }
- }
- // not found
- return NULL;
-}
-
-
-/*
- * Locating a page hash
- */
-static inline const unsigned char *hashes(const CS_CodeDirectory *cd, unsigned page)
-{
- const unsigned char *base = (const unsigned char *)cd;
- assert(page < ntohl(cd->nCodeSlots));
-
- // "20" below is the size of a SHA-1 hash. There's got to be a constant for that
- // where you get your SHA-1 functions from. This can also be had as cd->hashSize
- // (but the constant is marginally faster, I suppose)
- return base + ntohl(cd->hashOffset) + page * 20;
-}
projects / apple / security.git / blobdiff