site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Thread-index: Acikcgu5SnGXEhBlEd20BQAdT0T19A== Thread-topic: mach-o digital signature segment? (was: Re: mach-o section question) User-agent: Microsoft-Entourage/11.4.0.080122 A good point, I'll keep it in mind, although I think I'd like to test both ways. I just had a sudden, sideways thought; mach-o allows us to define new segments, right? Can we put pure data into a segment? SHA-1, MD5, etc. got me to thinking about putting in a segment that contains the digital signature of the rest of the mach-o data. Is that possible? More importantly, for signed mach-o files, can the loader be set up to check the signature prior to running the program, each time? That might help cut down on viruses, etc (which are not a problem on the mac yet, but I like to think ahead, to prevent small problems from becoming big problems) As for programs that aren't yet signed, the loader could ask the user if they want to run the program, and if the user says yes, then the loader could add a new segment that signs the mach-o file with the user's personal key. From then on, unless the program was modified, the user would not be bothered. Other programs (e.g., system libraries, etc.) would ship with signatures, and the certs for those signatures would be installed in the System keychain (or whatever is the Darwin equivalent). Also, I know there is the whole key management problem, etc. I'm not concerned with that here; I'm only asking, is it possible to embed the signature in the mach-o file? Thanks, Cem Karan On 4/21/08 5:07 PM, "Dan Markarian" <markarian@apple.com> wrote:

Hey Cem,

I am not sure whether the Mach-O format requires it, but I suggest you stick to the UUID standard documented in RFC 4122.

http://en.wikipedia.org/wiki/UUID http://www.ietf.org/rfc/rfc4122.txt

uuid_generate() follows the standard. You can certainly create a UUID out of some other namespace, per section 4.3, for which I have provided some sample code below.

void uuid_generate_name(const uint8_t *name, uint32_t namelen, const uuid_t namespc, uuid_t out) { SHA1_CTX c; uint8_t md[SHA_DIGEST_LENGTH];

SHA1Init(&c); SHA1Update(&c, namespc, sizeof(uuid_t)); SHA1Update(&c, name, namelen); SHA1Final(md, &c);

uuid_copy(out, md);

out[6] = (out[6] & 0x0F) | 0x50; out[8] = (out[8] & 0x3F) | 0x80; }

Dan

On 21 Apr 2008, at 4:33 PM, Army Research Lab wrote:

...

On 4/21/08 2:34 PM, "Andrew Myrick" <amyrick@apple.com> wrote:

...

I'm just not familiar enough with how UUIDs are used to be of much help on this. My guess is it doesn't matter too much, as long as you aren't trying to load the same binary with different UUIDs. For example, in kext land, presume you have 2 kexts, A and B, where B depends on A. In the following scenario:

1) Load kext A 2) Change kext A on disk 3) Load kext B

the load will fail because we'll detect the UUID change and flag an error. I would expect that userspace has some similar mechanism, though probably much more complex :)

OK, so would it be better to use the MD5 hash for the UUID? Its not perfect (collisions can happen), but it will detect the code has changed...

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com