mach-o digital signature segment? (was: Re: mach-o section question)
mach-o digital signature segment? (was: Re: mach-o section question)
- Subject: mach-o digital signature segment? (was: Re: mach-o section question)
- From: Army Research Lab <email@hidden>
- Date: Tue, 22 Apr 2008 08:11:51 -0400
- Thread-topic: mach-o digital signature segment? (was: Re: mach-o section question)
A good point, I'll keep it in mind, although I think I'd like to test both
ways.
I just had a sudden, sideways thought; mach-o allows us to define new
segments, right? Can we put pure data into a segment? SHA-1, MD5, etc. got
me to thinking about putting in a segment that contains the digital
signature of the rest of the mach-o data. Is that possible? More
importantly, for signed mach-o files, can the loader be set up to check the
signature prior to running the program, each time? That might help cut down
on viruses, etc (which are not a problem on the mac yet, but I like to think
ahead, to prevent small problems from becoming big problems)
As for programs that aren't yet signed, the loader could ask the user if
they want to run the program, and if the user says yes, then the loader
could add a new segment that signs the mach-o file with the user's personal
key. From then on, unless the program was modified, the user would not be
bothered. Other programs (e.g., system libraries, etc.) would ship with
signatures, and the certs for those signatures would be installed in the
System keychain (or whatever is the Darwin equivalent).
Also, I know there is the whole key management problem, etc. I'm not
concerned with that here; I'm only asking, is it possible to embed the
signature in the mach-o file?
Thanks,
Cem Karan
On 4/21/08 5:07 PM, "Dan Markarian" <email@hidden> wrote:
> Hey Cem,
>
> I am not sure whether the Mach-O format requires it, but I suggest you
> stick to the UUID standard documented in RFC 4122.
>
> http://en.wikipedia.org/wiki/UUID
> http://www.ietf.org/rfc/rfc4122.txt
>
> uuid_generate() follows the standard. You can certainly create a UUID
> out of some other namespace, per section 4.3, for which I have
> provided some sample code below.
>
> void
> uuid_generate_name(const uint8_t *name, uint32_t namelen, const uuid_t
> namespc, uuid_t out)
> {
> SHA1_CTX c;
> uint8_t md[SHA_DIGEST_LENGTH];
>
> SHA1Init(&c);
> SHA1Update(&c, namespc, sizeof(uuid_t));
> SHA1Update(&c, name, namelen);
> SHA1Final(md, &c);
>
> uuid_copy(out, md);
>
> out[6] = (out[6] & 0x0F) | 0x50;
> out[8] = (out[8] & 0x3F) | 0x80;
> }
>
> Dan
>
> On 21 Apr 2008, at 4:33 PM, Army Research Lab wrote:
>
>> On 4/21/08 2:34 PM, "Andrew Myrick" <email@hidden> wrote:
>>
>>> I'm just not familiar enough with how UUIDs are used to be of much
>>> help on this. My guess is it doesn't matter too much, as long as you
>>> aren't trying to load the same binary with different UUIDs. For
>>> example, in kext land, presume you have 2 kexts, A and B, where B
>>> depends on A. In the following scenario:
>>>
>>> 1) Load kext A
>>> 2) Change kext A on disk
>>> 3) Load kext B
>>>
>>> the load will fail because we'll detect the UUID change and flag an
>>> error. I would expect that userspace has some similar mechanism,
>>> though probably much more complex :)
>>
>> OK, so would it be better to use the MD5 hash for the UUID? Its not
>> perfect
>> (collisions can happen), but it will detect the code has changed...
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden