[SignedArchive] Give the verifier the ability to check for the version number. Give resign the ability to resign more than one file. Move SIGArchiveCommon.m into the SignedArchive folder and add it to the project.

Author: gnachman

SignedArchive/SignedArchive.xcodeproj/project.pbxproj

@@ -14,6 +14,8 @@
 		53F5895321C9B527004A372B /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 53F5895221C9B527004A372B /* main.m */; };
 		53F5895721C9B564004A372B /* libSignedArchive.a in Frameworks */ = {isa = PBXBuildFile; fileRef = A6BC8B2321C8D80D00796BF3 /* libSignedArchive.a */; };
 		53F5895B21C9C1F2004A372B /* SIGVerificationAlgorithm.m in Sources */ = {isa = PBXBuildFile; fileRef = 53F5895A21C9C1F2004A372B /* SIGVerificationAlgorithm.m */; };
+		A665C1C9243A4D8E00F623F0 /* SIGArchiveCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = A665C1C8243A4D8E00F623F0 /* SIGArchiveCommon.h */; };
+		A665C1CD243A4DF000F623F0 /* SIGArchiveCommon.m in Sources */ = {isa = PBXBuildFile; fileRef = A665C1CC243A4DF000F623F0 /* SIGArchiveCommon.m */; };
 		A6BC8B1921C8D5B500796BF3 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = A6BC8B1821C8D5B500796BF3 /* main.m */; };
 		A6BC8B2C21C8D81F00796BF3 /* SIGArchiveBuilder.m in Sources */ = {isa = PBXBuildFile; fileRef = A6BC8AEB21C78A3000796BF3 /* SIGArchiveBuilder.m */; };
 		A6BC8B2D21C8D81F00796BF3 /* SIGArchiveChunk.m in Sources */ = {isa = PBXBuildFile; fileRef = A6BC8B0321C8B65900796BF3 /* SIGArchiveChunk.m */; };
@@ -117,6 +119,8 @@
 		53F5895021C9B527004A372B /* extract */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = extract; sourceTree = BUILT_PRODUCTS_DIR; };
 		53F5895221C9B527004A372B /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = "<group>"; };
 		53F5895A21C9C1F2004A372B /* SIGVerificationAlgorithm.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = SIGVerificationAlgorithm.m; sourceTree = "<group>"; };
+		A665C1C8243A4D8E00F623F0 /* SIGArchiveCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SIGArchiveCommon.h; sourceTree = "<group>"; };
+		A665C1CC243A4DF000F623F0 /* SIGArchiveCommon.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SIGArchiveCommon.m; sourceTree = "<group>"; };
 		A6BC8ADF21C789DA00796BF3 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		A6BC8AEA21C78A3000796BF3 /* SIGArchiveBuilder.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SIGArchiveBuilder.h; sourceTree = "<group>"; };
 		A6BC8AEB21C78A3000796BF3 /* SIGArchiveBuilder.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = SIGArchiveBuilder.m; sourceTree = "<group>"; };
@@ -211,8 +215,8 @@
 		A6BC8AD121C789DA00796BF3 = {
 			isa = PBXGroup;
 			children = (
-				A6F5F3B122EE28010093FC81 /* resign */,
 				A6BC8ADD21C789DA00796BF3 /* SignedArchive */,
+				A6F5F3B122EE28010093FC81 /* resign */,
 				A6BC8B1721C8D5B500796BF3 /* sign */,
 				A6BC8B3C21C8E30600796BF3 /* verify */,
 				53F5895121C9B527004A372B /* extract */,
@@ -236,37 +240,39 @@
 		A6BC8ADD21C789DA00796BF3 /* SignedArchive */ = {
 			isa = PBXGroup;
 			children = (
+				A6BC8ADF21C789DA00796BF3 /* Info.plist */,
 				A6BC8AEA21C78A3000796BF3 /* SIGArchiveBuilder.h */,
+				A6BC8AEB21C78A3000796BF3 /* SIGArchiveBuilder.m */,
 				A6BC8B0221C8B65900796BF3 /* SIGArchiveChunk.h */,
+				A6BC8B0321C8B65900796BF3 /* SIGArchiveChunk.m */,
+				A665C1C8243A4D8E00F623F0 /* SIGArchiveCommon.h */,
+				A665C1CC243A4DF000F623F0 /* SIGArchiveCommon.m */,
 				A6BC8AFE21C79A8000796BF3 /* SIGArchiveReader.h */,
+				A6BC8AFF21C79A8000796BF3 /* SIGArchiveReader.m */,
 				A6BC8AFA21C7982800796BF3 /* SIGArchiveVerifier.h */,
+				A6BC8AFB21C7982800796BF3 /* SIGArchiveVerifier.m */,
 				A6BC8B0621C8BB3700796BF3 /* SIGCertificate.h */,
+				A6BC8B0721C8BB3700796BF3 /* SIGCertificate.m */,
 				A6BC8B4821C95F8900796BF3 /* SIGError.h */,
+				A6BC8B4921C95F8900796BF3 /* SIGError.m */,
 				A6BC8AEE21C78C1700796BF3 /* SIGIdentity.h */,
+				A6BC8AEF21C78C1700796BF3 /* SIGIdentity.m */,
 				A6BC8AF621C791A700796BF3 /* SIGKey.h */,
+				A6BC8AF721C791A700796BF3 /* SIGKey.m */,
 				A6BC8AF221C78C5E00796BF3 /* SIGKeychain.h */,
+				A6BC8AF321C78C5E00796BF3 /* SIGKeychain.m */,
 				A6BC8B0E21C8CE7600796BF3 /* SIGPartialInputStream.h */,
+				A6BC8B0F21C8CE7600796BF3 /* SIGPartialInputStream.m */,
 				53F5893C21C9AF38004A372B /* SIGPolicy.h */,
+				53F5893D21C9AF38004A372B /* SIGPolicy.m */,
 				A6BC8B5021C965C100796BF3 /* SIGSHA2SigningAlgorithm.h */,
+				A6BC8B5121C965C100796BF3 /* SIGSHA2SigningAlgorithm.m */,
 				A6BC8B5821C96E4200796BF3 /* SIGSHA2VerificationAlgorithm.h */,
+				A6BC8B5921C96E4200796BF3 /* SIGSHA2VerificationAlgorithm.m */,
 				A6BC8B4C21C9656100796BF3 /* SIGSigningAlgorithm.h */,
 				A6BC8B0A21C8C67300796BF3 /* SIGTrust.h */,
-				A6BC8B5421C96E0E00796BF3 /* SIGVerificationAlgorithm.h */,
-				A6BC8AEB21C78A3000796BF3 /* SIGArchiveBuilder.m */,
-				A6BC8B0321C8B65900796BF3 /* SIGArchiveChunk.m */,
-				A6BC8AFF21C79A8000796BF3 /* SIGArchiveReader.m */,
-				A6BC8AFB21C7982800796BF3 /* SIGArchiveVerifier.m */,
-				A6BC8B0721C8BB3700796BF3 /* SIGCertificate.m */,
-				A6BC8B4921C95F8900796BF3 /* SIGError.m */,
-				A6BC8AEF21C78C1700796BF3 /* SIGIdentity.m */,
-				A6BC8AF721C791A700796BF3 /* SIGKey.m */,
-				A6BC8AF321C78C5E00796BF3 /* SIGKeychain.m */,
-				A6BC8B0F21C8CE7600796BF3 /* SIGPartialInputStream.m */,
-				53F5893D21C9AF38004A372B /* SIGPolicy.m */,
-				A6BC8B5121C965C100796BF3 /* SIGSHA2SigningAlgorithm.m */,
-				A6BC8B5921C96E4200796BF3 /* SIGSHA2VerificationAlgorithm.m */,
 				A6BC8B0B21C8C67300796BF3 /* SIGTrust.m */,
-				A6BC8ADF21C789DA00796BF3 /* Info.plist */,
+				A6BC8B5421C96E0E00796BF3 /* SIGVerificationAlgorithm.h */,
 				53F5895A21C9C1F2004A372B /* SIGVerificationAlgorithm.m */,
 			);
 			path = SignedArchive;
@@ -314,6 +320,7 @@
 				A6BC8B4A21C95F8900796BF3 /* SIGError.h in Headers */,
 				A6BC8B5621C96E0E00796BF3 /* SIGVerificationAlgorithm.h in Headers */,
 				53F5893E21C9AF38004A372B /* SIGPolicy.h in Headers */,
+				A665C1C9243A4D8E00F623F0 /* SIGArchiveCommon.h in Headers */,
 				A6BC8B5A21C96E4200796BF3 /* SIGSHA2VerificationAlgorithm.h in Headers */,
 				A6BC8B5221C965C100796BF3 /* SIGSHA2SigningAlgorithm.h in Headers */,
 				A6BC8B4E21C9656100796BF3 /* SIGSigningAlgorithm.h in Headers */,
@@ -488,6 +495,7 @@
 				A6BC8B4B21C95F8900796BF3 /* SIGError.m in Sources */,
 				A6BC8B3221C8D81F00796BF3 /* SIGPartialInputStream.m in Sources */,
 				A6BC8B3321C8D81F00796BF3 /* SIGKey.m in Sources */,
+				A665C1CD243A4DF000F623F0 /* SIGArchiveCommon.m in Sources */,
 				A6BC8B5321C965C100796BF3 /* SIGSHA2SigningAlgorithm.m in Sources */,
 				A6BC8B5B21C96E4200796BF3 /* SIGSHA2VerificationAlgorithm.m in Sources */,
 				A6BC8B3421C8D81F00796BF3 /* SIGKeychain.m in Sources */,

SignedArchive/SIGArchiveCommon.m SignedArchive/SignedArchive/SIGArchiveCommon.m

@@ -17,6 +17,7 @@ NS_ASSUME_NONNULL_BEGIN
 @property (nonatomic, readonly) NSURL *url;
 @property (nonatomic, readonly) BOOL verified;
 @property (nonatomic, readonly, nullable) SIGArchiveReader *reader;
+@property (nonatomic) NSInteger minimumVersion;
 
 - (instancetype)initWithURL:(NSURL *)url NS_DESIGNATED_INITIALIZER;
 - (instancetype)init NS_UNAVAILABLE;

SignedArchive/SignedArchive/SIGArchiveVerifier.h

@@ -48,6 +48,11 @@ - (instancetype)initWithURL:(NSURL *)url {
     self = [super init];
     if (self) {
         _url = url;
+#if ENABLE_SIGARCHIVE_MIGRATION_VALIDATION
+        _minimumVersion = 1;
+#else
+        _minimumVersion = 2;
+#endif
     }
     return self;
 }
@@ -219,13 +224,13 @@ - (BOOL)verifyMetadata:(NSString *)metadata error:(out NSError **)error {
         }
         return NO;
     }
-    if (version < SIGArchiveVerifiedLowestSupportedVersion) {
+    if (version < SIGArchiveVerifiedLowestSupportedVersion || version < _minimumVersion) {
         if (error) {
             *error = [SIGError errorWithCode:SIGErrorCodeDeprecatedOldVersion];
         }
         return NO;
     }
-    
+
     NSString *const digestType = dictionary[SIGArchiveMetadataKeyDigestType];
     if (!digestType) {
         if (error) {

SignedArchive/SignedArchive/SIGArchiveVerifier.m

@@ -68,11 +68,11 @@ + (NSString *)localizedDescriptionFcode:(SIGErrorCode)code {
         case SIGErrorCodeAlgorithmCreationFailed:
             return @"Could not create algorithm";
         case SIGErrorCodeVersionTooNew:
-            return @"This file is from a newer version of this app and cannot be loaded. Please upgrade and try again.";
+            return @"This file is from a newer version of this app and cannot be loaded. Please upgrade and try again";
         case SIGErrorCodeMalformedMetadata:
             return @"Metadata chunk malformed";
         case SIGErrorCodeDeprecatedOldVersion:
-            return @"This file is in an older format that is no longer supported because its authenticity cannot be guaranteed. It cannot be opened by this version of the app.";
+            return @"This file is in an older format that is no longer supported because its authenticity cannot be guaranteed. It cannot be opened by this version of the app";
         case SIGErrorCodeMalformedHeader:
             return @"Header chunk malformed";
         case SIGErrorCodeUnsupportedAlgorithm:

SignedArchive/SignedArchive/SIGError.m

@@ -8,11 +8,18 @@
 
 #import <Foundation/Foundation.h>
 #import "SIGArchiveBuilder.h"
+#import "SIGArchiveCommon.h"
 #import "SIGArchiveReader.h"
 #import "SIGCertificate.h"
 #import "SIGIdentity.h"
 #import <stdio.h>
 
+typedef enum {
+    SIGReSignModeError,
+    SIGReSignModeMultiple,
+    SIGReSignModeSingle
+} SIGReSignMode;
+
 SIGIdentity *FindSigningIdentity(NSString *query) {
     for (SIGIdentity *identity in [SIGIdentity allSigningIdentities]) {
         if ([identity.signingCertificate.longDescription localizedCaseInsensitiveContainsString:query]) {
@@ -99,43 +106,116 @@
     return url;
 }
 
+static BOOL ReSignExtracted(NSURL *oldArchiveURL,
+                            NSString *identityName,
+                            NSURL *outputURL,
+                            NSURL *payloadURL) {
+    if (!payloadURL) {
+        fprintf(stderr, "Could not extract from %s\n", oldArchiveURL.path.UTF8String);
+        return NO;
+    }
+    SIGIdentity *identity = FindSigningIdentity(identityName);
+    if (!identity) {
+        fprintf(stderr, "No identity found\n");
+        return NO;
+    }
+    SIGArchiveBuilder *builder = [[SIGArchiveBuilder alloc] initWithPayloadFileURL:payloadURL
+                                                                          identity:identity];
 
-int main(int argc, const char * argv[]) {
-    if (argc != 4) {
-        fprintf(stderr, "Usage: resign filename.in identity filename.out\n");
-        return -1;
+    NSError *error = nil;
+    const BOOL ok = [builder writeToURL:outputURL error:&error];
+    if (!ok) {
+        fprintf(stderr, "Signing error: %s\n", error.localizedDescription.UTF8String);
+        return NO;
     }
 
-    @autoreleasepool {
-        NSURL *oldArchiveURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:argv[1]]];
-        NSURL *payloadURL = TemporaryURLOfExtractedUnverifiedPayload(oldArchiveURL);
-        do {
-            if (!payloadURL) {
-                fprintf(stderr, "Could not extract from %s\n", argv[1]);
-                break;
-            }
-            SIGIdentity *identity = FindSigningIdentity([NSString stringWithUTF8String:argv[2]]);
-            if (!identity) {
-                fprintf(stderr, "No identity found\n");
-                break;
-            }
-            SIGArchiveBuilder *builder = [[SIGArchiveBuilder alloc] initWithPayloadFileURL:payloadURL
-                                                                                  identity:identity];
-
-            NSError *error = nil;
-            NSURL *outputURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:argv[3]]];
-            const BOOL ok = [builder writeToURL:outputURL error:&error];
-            if (!ok) {
-                fprintf(stderr, "Signing error: %s\n", error.localizedDescription.UTF8String);
-                break;
-            }
-        } while (0);
-
-        NSError *error = nil;
-        [[NSFileManager defaultManager] removeItemAtURL:payloadURL error:&error];
-        if (error) {
-            fprintf(stderr, "While deleting temp file %s: %s\n", payloadURL.path.UTF8String, error.localizedDescription.UTF8String);
+    return YES;
+}
+
+static void DeleteTempFile(NSURL *payloadURL) {
+    NSError *error = nil;
+    [[NSFileManager defaultManager] removeItemAtURL:payloadURL error:&error];
+    if (error) {
+        fprintf(stderr, "Warning: While deleting temp file %s: %s\n",
+                payloadURL.path.UTF8String, error.localizedDescription.UTF8String);
+    }
+}
+
+static BOOL ReSign(NSURL *oldArchiveURL,
+                   NSString *identityName,
+                   NSURL *outputURL) {
+    NSURL *payloadURL = TemporaryURLOfExtractedUnverifiedPayload(oldArchiveURL);
+    const BOOL ok = ReSignExtracted(oldArchiveURL, identityName, outputURL, payloadURL);
+    DeleteTempFile(payloadURL);
+    return ok;
+}
+
+static void Move(NSURL *source, NSURL *dest) {
+    NSError *error = nil;
+    [[NSFileManager defaultManager] replaceItemAtURL:dest
+                                       withItemAtURL:source
+                                      backupItemName:nil
+                                             options:0
+                                    resultingItemURL:nil
+                                               error:&error];
+    if (error) {
+        fprintf(stderr, "While moving temp file %s over input file %s: %s",
+                source.path.UTF8String, dest.path.UTF8String, error.localizedDescription.UTF8String);
+    }
+}
+
+static int ResignMultiple(int argc, const char *argv[]) {
+    NSInteger errorCount = 0;
+    NSString *identityName = [NSString stringWithUTF8String:argv[2]];
+    for (size_t i = 3; i < argc; i++) {
+        NSURL *fileURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:argv[i]]];
+        NSURL *temporaryFileURL = CreateTemporaryURL([NSURL fileURLWithPath:NSTemporaryDirectory()]);
+        if (!ReSign(fileURL, identityName, temporaryFileURL)) {
+            errorCount += 1;
         }
+        Move(temporaryFileURL, fileURL);
+    }
+    return errorCount == 0 ? 0 : 1;
+}
+
+static int ResignSingle(int argc, const char *argv[]) {
+    NSURL *oldArchiveURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:argv[1]]];
+    NSString *identityName = [NSString stringWithUTF8String:argv[2]];
+    NSURL *outputURL = [NSURL fileURLWithPath:[NSString stringWithUTF8String:argv[3]]];
+    if (!ReSign(oldArchiveURL, identityName, outputURL)) {
+        return 1;
     }
     return 0;
 }
+
+static void Usage(void) {
+    fprintf(stderr, "Usage: resign filename.in identity filename.out\n");
+    fprintf(stderr, "       resign -m identity file [file...]\n");
+}
+
+static SIGReSignMode CheckArgs(int argc, const char *argv[]) {
+    if (argc < 4) {
+        return SIGReSignModeError;
+    }
+    if (!strcmp(argv[1], "-m")) {
+        return SIGReSignModeMultiple;
+    }
+    if (argc > 4) {
+        return SIGReSignModeError;
+    }
+    return SIGReSignModeSingle;
+}
+
+int main(int argc, const char * argv[]) {
+    @autoreleasepool {
+        switch (CheckArgs(argc, argv)) {
+            case SIGReSignModeError:
+                Usage();
+                return 1;
+            case SIGReSignModeSingle:
+                return ResignSingle(argc, argv);
+            case SIGReSignModeMultiple:
+                return ResignMultiple(argc, argv);
+        }
+    }
+}

SignedArchive/resign/main.m

@@ -48,13 +48,14 @@
     return [detailLines componentsJoinedByString:@"\n"];
 }
 
-static NSError *Verify(NSString *path, NSString **detailsPtr) {
+static NSError *Verify(NSString *path, BOOL requireV2, NSString **detailsPtr) {
     SIGArchiveVerifier *verifier = [[SIGArchiveVerifier alloc] initWithURL:[NSURL fileURLWithPath:path]];
     __block BOOL result;
     __block NSError *errorResult = nil;
     dispatch_group_t group = dispatch_group_create();
     dispatch_group_enter(group);
     __block NSString *details;
+    verifier.minimumVersion = requireV2 ? 2 : 1;
     [verifier verifyWithCompletion:^(BOOL ok, NSError *error) {
         details = Details(verifier);
         result = ok;
@@ -77,19 +78,25 @@
 int main(int argc, const char * argv[]) {
     @autoreleasepool {
         if (argc < 2) {
-            fprintf(stderr, "Usage: verify [-v] file [file...]\n");
+            fprintf(stderr, "Usage: verify [-v] [-2] file [file...]\n");
             return 1;
         }
         int errors = 0;
         int first = 1;
+        BOOL requireV2 = NO;
         BOOL verbose = NO;
         if (argc > 1 && !strcmp(argv[1], "-v")) {
             verbose = YES;
             first++;
         }
+        if (argc > first && !strcmp(argv[first], "-2")) {
+            requireV2 = YES;
+            first++;
+        }
         for (int i = first; i < argc; i++) {
             NSString *details;
             NSError *error = Verify([NSString stringWithUTF8String:argv[i]],
+                                    requireV2,
                                     verbose ? &details : NULL);
             if (error) {
                 errors++;