Cradicle Explorer
darling-security
/ OSX / libsecurity_codesigning / lib / cdbuilder.h
cdbuilder.h
  1  /*
  2   * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
  3   * 
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  //
 25  // cdbuilder - constructor for CodeDirectories
 26  //
 27  #ifndef _H_CDBUILDER
 28  #define _H_CDBUILDER
 29  
 30  #include "codedirectory.h"
 31  
 32  
 33  namespace Security {
 34  namespace CodeSigning {
 35  
 36  
 37  //
 38  // Builder can construct CodeDirectories from pieces:
 39  //	Builder builder(...);
 40  //	builder.variousSetters(withSuitableData);
 41  //  CodeDirectory *result = builder.build();
 42  // Builder is not reusable.
 43  //
 44  class CodeDirectory::Builder : public RefCount {
 45  	NOCOPY(Builder)
 46  public:
 47  	Builder(HashAlgorithm digestAlgorithm);
 48  	~Builder();
 49  	
 50  	void executable(string path, size_t pagesize, size_t offset, size_t length);
 51  	void reopen(string path, size_t offset, size_t length);
 52  	bool opened();
 53  
 54  	void specialSlot(SpecialSlot slot, CFDataRef data);
 55  	void identifier(const std::string &code) { mIdentifier = code; }
 56  	void teamID(const std::string &team) { mTeamID = team; }
 57  	void flags(uint32_t f) { mFlags = f; }
 58  	void platform(uint8_t p) { mPlatform = p; }
 59  	std::set<Slot> filledSpecialSlots() const { return mFilledSpecialSlots; }
 60  	
 61  	Scatter *scatter(unsigned count);			// allocate that many scatter elements (w/o sentinel)
 62  	Scatter *scatter() { return mScatter; }		// return already allocated scatter vector
 63  
 64  	void execSeg(uint64_t base, uint64_t limit, uint64_t flags) {
 65  		mExecSegOffset = base; mExecSegLimit = limit; mExecSegFlags = flags; }
 66  	void addExecSegFlags(uint64_t flags) { mExecSegFlags |= flags; }
 67  
 68  	typedef std::map<CodeDirectory::HashAlgorithm, CFCopyRef<CFDataRef> >
 69  		PreEncryptHashMap;
 70  
 71  	void generatePreEncryptHashes(bool pre) { mGeneratePreEncryptHashes = pre; }
 72  	void preservePreEncryptHashMap(PreEncryptHashMap preEncryptHashMap) {
 73  		mPreservedPreEncryptHashMap = preEncryptHashMap;
 74  	}
 75  
 76  	void runTimeVersion(uint32_t runtime) {
 77  		mRuntimeVersion = runtime;
 78  	}
 79  
 80  	size_t size(const uint32_t version);		// calculate size
 81  	CodeDirectory *build();						// build CodeDirectory and return it
 82      size_t fixedSize(const uint32_t version);	// calculate fixed size of the CodeDirectory
 83  	
 84  	uint32_t hashType() const { return mHashType; }
 85  
 86  	DynamicHash *getHash() const { return CodeDirectory::hashFor(this->mHashType); }
 87  	
 88  private:
 89  	Hashing::Byte *specialSlot(SpecialSlot slot)
 90  		{ assert(slot > 0 && slot <= cdSlotMax); return mSpecial + (slot - 1) * mDigestLength; }
 91  	Hashing::Byte *specialSlot(SpecialSlot slot) const
 92  		{ assert(slot > 0 && slot <= cdSlotMax); return mSpecial + (slot - 1) * mDigestLength; }
 93  	
 94  private:
 95  	Hashing::Byte *mSpecial;					// array of special slot hashes
 96  	std::set<Slot> mFilledSpecialSlots;			// special slots filled with values
 97  	UnixPlusPlus::AutoFileDesc mExec;			// main executable file
 98  	size_t mExecOffset;							// starting offset in mExec
 99  	size_t mExecLength;							// total bytes of file to sign
100  	size_t mPageSize;							// page size of executable (bytes)
101  	uint32_t mFlags;							// CodeDirectory flags
102  	uint32_t mHashType;							// digest algorithm code
103  	uint8_t mPlatform;							// platform identifier
104  	uint32_t mDigestLength;						// number of bytes in a single glue digest
105  	std::string mIdentifier;					// canonical identifier
106  	std::string mTeamID;                        // team identifier
107  	
108  	size_t mSpecialSlots;						// highest special slot set
109  	size_t mCodeSlots;							// number of code pages (slots)
110  	
111  	Scatter *mScatter;							// scatter vector
112  	size_t mScatterSize;						// number of scatter elements allocated (incl. sentinel)
113  
114  	uint64_t mExecSegOffset;					// starting offset of executable segment
115  	uint64_t mExecSegLimit;						// limit of executable segment
116  	uint64_t mExecSegFlags;						// executable segment flags
117  
118  	bool mGeneratePreEncryptHashes;				// whether to also generate new pre-encrypt hashes
119  	PreEncryptHashMap mPreservedPreEncryptHashMap; // existing pre-encrypt hashes to be set
120  
121  	uint32_t mRuntimeVersion;					// Hardened Runtime Version
122  
123  	CodeDirectory *mDir;						// what we're building
124  };
125  
126  
127  }	// CodeSigning
128  }	// Security
129  
130  
131  #endif //_H_CDBUILDER