diff options
| author | Jay Freeman <saurik@saurik.com> | 2008-06-13 23:27:12 +0000 |
|---|---|---|
| committer | Jay Freeman <saurik@saurik.com> | 2008-06-13 23:27:12 +0000 |
| commit | 544c5d8f26d63f2b5751af39b955c93668d83034 (patch) | |
| tree | c8c3cbd4b278be0c7900e836a0971441c7185e79 /util | |
| parent | c27a92457f665f053e3872aa64c4569be0ca06a5 (diff) | |
Replaced codesign with ldid -S.
git-svn-id: http://svn.telesphoreo.org/trunk@302 514c082c-b64e-11dc-b46d-3d985efe055d
Diffstat (limited to 'util')
| -rw-r--r-- | util/ldid.cpp | 243 | ||||
| -rw-r--r-- | util/sha1.c | 389 | ||||
| -rw-r--r-- | util/sha1.h | 64 |
3 files changed, 670 insertions, 26 deletions
diff --git a/util/ldid.cpp b/util/ldid.cpp index b1c114a8c..7c225e1e9 100644 --- a/util/ldid.cpp +++ b/util/ldid.cpp @@ -38,10 +38,14 @@ #include "minimal/stdlib.h" #include "minimal/mapping.h" +#include "sha1.h" + #include <cstring> #include <string> #include <vector> +#include <sys/wait.h> + struct fat_header { uint32_t magic; uint32_t nfat_arch; @@ -68,12 +72,12 @@ struct mach_header { uint32_t flags; }; -#define MH_MAGIC 0xfeedface +#define MH_MAGIC 0xfeedface #define MH_CIGAM 0xcefaedfe -#define MH_EXECUTE 0x2 -#define MH_DYLIB 0x6 -#define MH_BUNDLE 0x8 +#define MH_EXECUTE 0x2 +#define MH_DYLIB 0x6 +#define MH_BUNDLE 0x8 struct load_command { uint32_t cmd; @@ -82,9 +86,10 @@ struct load_command { #define LC_REQ_DYLD 0x80000000 -#define LC_LOAD_DYLIB 0x0c -#define LC_ID_DYLIB 0x0d -#define LC_UUID 0x1b +#define LC_LOAD_DYLIB 0x0c +#define LC_ID_DYLIB 0x0d +#define LC_UUID 0x1b +#define LC_CODE_SIGNATURE 0x1d #define LC_REEXPORT_DYLIB (0x1f | LC_REQ_DYLD) struct dylib { @@ -106,6 +111,51 @@ struct uuid_command { uint8_t uuid[16]; }; +struct linkedit_data_command { + uint32_t cmd; + uint32_t cmdsize; + uint32_t dataoff; + uint32_t datasize; +}; + +uint16_t Swap_(uint16_t value) { + return + ((value >> 8) & 0x00ff) | + ((value << 8) & 0xff00); +} + +uint32_t Swap_(uint32_t value) { + value = ((value >> 8) & 0x00ff00ff) | + ((value << 8) & 0xff00ff00); + value = ((value >> 16) & 0x0000ffff) | + ((value << 16) & 0xffff0000); + return value; +} + +int16_t Swap_(int16_t value) { + return Swap_(static_cast<uint16_t>(value)); +} + +int32_t Swap_(int32_t value) { + return Swap_(static_cast<uint32_t>(value)); +} + +uint16_t Swap(uint16_t value) { + return true ? Swap_(value) : value; +} + +uint32_t Swap(uint32_t value) { + return true ? Swap_(value) : value; +} + +int16_t Swap(int16_t value) { + return Swap(static_cast<uint16_t>(value)); +} + +int32_t Swap(int32_t value) { + return Swap(static_cast<uint32_t>(value)); +} + class Framework { private: void *base_; @@ -114,30 +164,20 @@ class Framework { bool swapped_; public: - int16_t Swap(int16_t value) const { - return Swap(static_cast<uint16_t>(value)); + uint16_t Swap(uint16_t value) const { + return swapped_ ? Swap_(value) : value; } - int32_t Swap(int32_t value) const { - return Swap(static_cast<uint32_t>(value)); + uint32_t Swap(uint32_t value) const { + return swapped_ ? Swap_(value) : value; } - uint16_t Swap(uint16_t value) const { - return !swapped_ ? value : - ((value >> 8) & 0x00ff) | - ((value << 8) & 0xff00); + int16_t Swap(int16_t value) const { + return Swap(static_cast<uint16_t>(value)); } - uint32_t Swap(uint32_t value) const { - if (!swapped_) - return value; - else { - value = ((value >> 8) & 0x00ff00ff) | - ((value << 8) & 0xff00ff00); - value = ((value >> 16) & 0x0000ffff) | - ((value << 16) & 0xffff0000); - return value; - } + int32_t Swap(int32_t value) const { + return Swap(static_cast<uint32_t>(value)); } Framework(const char *framework_path) : @@ -198,8 +238,50 @@ class Framework { } }; +#define CSMAGIC_CODEDIRECTORY 0xfade0c02 +#define CSMAGIC_EMBEDDED_SIGNATURE 0xfade0cc0 +#define CSSLOT_CODEDIRECTORY 0 + +struct BlobIndex { + uint32_t type; + uint32_t offset; +}; + +struct SuperBlob { + uint32_t magic; + uint32_t length; + uint32_t count; + struct BlobIndex index[]; +}; + +struct CodeDirectory { + uint32_t magic; + uint32_t length; + uint32_t version; + uint32_t flags; + uint32_t hashOffset; + uint32_t identOffset; + uint32_t nSpecialSlots; + uint32_t nCodeSlots; + uint32_t codeLimit; + uint8_t hashSize; + uint8_t hashType; + uint8_t spare1; + uint8_t pageSize; + uint32_t spare2; +}; + extern "C" uint32_t hash(uint8_t *k, uint32_t length, uint32_t initval); +#define CODESIGN_ALLOCATE "arm-apple-darwin9-codesign_allocate" + +void sha1(uint8_t *hash, uint8_t *data, size_t size) { + SHA1Context context; + SHA1Reset(&context); + SHA1Input(&context, data, size); + SHA1Result(&context, hash); +} + int main(int argc, const char *argv[]) { bool flag_R(false); bool flag_t(false); @@ -207,6 +289,7 @@ int main(int argc, const char *argv[]) { bool flag_u(false); bool flag_T(false); + bool flag_S(false); bool timeh(false); uint32_t timev(0); @@ -222,6 +305,7 @@ int main(int argc, const char *argv[]) { case 't': flag_t = true; break; case 'u': flag_u = true; break; case 'p': flag_p = true; break; + case 'S': flag_S = true; break; case 'T': { flag_T = true; @@ -245,7 +329,46 @@ int main(int argc, const char *argv[]) { size_t filei(0), filee(0); _foreach (file, files) try { - Framework framework(file->c_str()); + const char *path(file->c_str()); + const char *base = strrchr(path, '/'); + char *temp(NULL), *dir; + + if (base != NULL) + dir = strndup(path, base++ - path + 1); + else { + dir = strdup(""); + base = path; + } + + if (flag_S) { + asprintf(&temp, "%s.%s.cs", dir, base); + const char *allocate = getenv("CODESIGN_ALLOCATE"); + if (allocate == NULL) + allocate = "codesign_allocate"; + + size_t size; { + Framework framework(path); + size = framework.GetSize(); + } + + pid_t pid = fork(); + _syscall(pid); + if (pid == 0) { + char *ssize; + asprintf(&ssize, "%u", (sizeof(struct SuperBlob) + sizeof(struct BlobIndex) + sizeof(struct CodeDirectory) + strlen(base) + 1 + (size + 0x1000 - 1) / 0x1000 * 0x14 + 15) / 16 * 16); + printf("%s\n", ssize); + execlp(allocate, allocate, "-i", path, "-a", "arm", ssize, "-o", temp, NULL); + _assert(false); + } + + int status; + _syscall(waitpid(pid, &status, 0)); + _assert(WIFEXITED(status)); + _assert(WEXITSTATUS(status) == 0); + } + + Framework framework(temp == NULL ? path : temp); + struct linkedit_data_command *signature(NULL); if (flag_p) printf("path%zu='%s'\n", filei, file->c_str()); @@ -255,6 +378,8 @@ int main(int argc, const char *argv[]) { if (flag_R && cmd == LC_REEXPORT_DYLIB) (*load_command)->cmd = framework.Swap(LC_LOAD_DYLIB); + else if (cmd == LC_CODE_SIGNATURE) + signature = reinterpret_cast<struct linkedit_data_command *>(*load_command); else if (cmd == LC_UUID) { volatile struct uuid_command *uuid_command(reinterpret_cast<struct uuid_command *>(*load_command)); @@ -287,6 +412,72 @@ int main(int argc, const char *argv[]) { } } + if (flag_S) { + _assert(signature != NULL); + + uint32_t data = framework.Swap(signature->dataoff); + uint32_t size = framework.Swap(signature->datasize); + + uint8_t *top = reinterpret_cast<uint8_t *>(framework.GetBase()); + uint8_t *blob = top + data; + struct SuperBlob *super = reinterpret_cast<struct SuperBlob *>(blob); + super->magic = Swap(CSMAGIC_EMBEDDED_SIGNATURE); + + uint32_t count = 1; + uint32_t offset = sizeof(struct SuperBlob) + count * sizeof(struct BlobIndex); + + super->index[0].type = Swap(CSSLOT_CODEDIRECTORY); + super->index[0].offset = Swap(offset); + + uint32_t begin = offset; + struct CodeDirectory *directory = reinterpret_cast<struct CodeDirectory *>(blob + begin); + offset += sizeof(struct CodeDirectory); + + directory->magic = Swap(CSMAGIC_CODEDIRECTORY); + directory->version = Swap(0x00020001); + directory->flags = Swap(0); + directory->codeLimit = Swap(data); + directory->hashSize = 0x14; + directory->hashType = 0x01; + directory->spare1 = 0x00; + directory->pageSize = 0x0c; + directory->spare2 = Swap(0); + + directory->identOffset = Swap(offset - begin); + strcpy(reinterpret_cast<char *>(blob + offset), base); + offset += strlen(base) + 1; + + uint8_t (*hashes)[20] = reinterpret_cast<uint8_t (*)[20]>(blob + offset); + uint32_t special = 0; + + uint32_t pages = (data + 0x1000 - 1) / 0x1000; + directory->nSpecialSlots = Swap(special); + directory->nCodeSlots = Swap(pages); + + if (pages != 1) + for (size_t i = 0; i != pages - 1; ++i) + sha1(hashes[special + i], top + 0x1000 * i, 0x1000); + if (pages != 0) + sha1(hashes[special + pages - 1], top + 0x1000 * (pages - 1), data % 0x1000); + + directory->hashOffset = Swap(offset - begin); + offset += sizeof(*hashes) * (special + pages); + directory->length = Swap(offset - begin); + + super->count = Swap(count); + super->length = Swap(offset); + + _assert(offset < size); + memset(blob + offset, 0, size - offset); + } + + if (temp) { + _syscall(unlink(path)); + _syscall(rename(temp, path)); + free(temp); + } + + free(dir); ++filei; } catch (const char *) { ++filee; diff --git a/util/sha1.c b/util/sha1.c new file mode 100644 index 000000000..2b74de8dd --- /dev/null +++ b/util/sha1.c @@ -0,0 +1,389 @@ +/*
+ * sha1.c
+ *
+ * Description:
+ * This file implements the Secure Hashing Algorithm 1 as
+ * defined in FIPS PUB 180-1 published April 17, 1995.
+ *
+ * The SHA-1, produces a 160-bit message digest for a given
+ * data stream. It should take about 2**n steps to find a
+ * message with the same digest as a given message and
+ * 2**(n/2) to find any two messages with the same digest,
+ * when n is the digest size in bits. Therefore, this
+ * algorithm can serve as a means of providing a
+ * "fingerprint" for a message.
+ *
+ * Portability Issues:
+ * SHA-1 is defined in terms of 32-bit "words". This code
+ * uses <stdint.h> (included via "sha1.h" to define 32 and 8
+ * bit unsigned integer types. If your C compiler does not
+ * support 32 bit unsigned integers, this code is not
+ * appropriate.
+ *
+ * Caveats:
+ * SHA-1 is designed to work with messages less than 2^64 bits
+ * long. Although SHA-1 allows a message digest to be generated
+ * for messages of any number of bits less than 2^64, this
+ * implementation only works with messages with a length that is
+ * a multiple of the size of an 8-bit character.
+ *
+ */
+
+#include "sha1.h"
+
+/*
+ * Define the SHA1 circular left shift macro
+ */
+#define SHA1CircularShift(bits,word) \
+ (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/* Local Function Prototyptes */
+void SHA1PadMessage(SHA1Context *);
+void SHA1ProcessMessageBlock(SHA1Context *);
+
+/*
+ * SHA1Reset
+ *
+ * Description:
+ * This function will initialize the SHA1Context in preparation
+ * for computing a new SHA1 message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Reset(SHA1Context *context)
+{
+ if (!context)
+ {
+ return shaNull;
+ }
+
+ context->Length_Low = 0;
+ context->Length_High = 0;
+ context->Message_Block_Index = 0;
+
+ context->Intermediate_Hash[0] = 0x67452301;
+ context->Intermediate_Hash[1] = 0xEFCDAB89;
+ context->Intermediate_Hash[2] = 0x98BADCFE;
+ context->Intermediate_Hash[3] = 0x10325476;
+ context->Intermediate_Hash[4] = 0xC3D2E1F0;
+
+ context->Computed = 0;
+ context->Corrupted = 0;
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1Result
+ *
+ * Description:
+ * This function will return the 160-bit message digest into the
+ * Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 19th element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA-1 hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Result( SHA1Context *context,
+ uint8_t Message_Digest[SHA1HashSize])
+{
+ int i;
+
+ if (!context || !Message_Digest)
+ {
+ return shaNull;
+ }
+
+ if (context->Corrupted)
+ {
+ return context->Corrupted;
+ }
+
+ if (!context->Computed)
+ {
+ SHA1PadMessage(context);
+ for(i=0; i<64; ++i)
+ {
+ /* message may be sensitive, clear it out */
+ context->Message_Block[i] = 0;
+ }
+ context->Length_Low = 0; /* and clear length */
+ context->Length_High = 0;
+ context->Computed = 1;
+
+ }
+
+ for(i = 0; i < SHA1HashSize; ++i)
+ {
+ Message_Digest[i] = context->Intermediate_Hash[i>>2]
+ >> 8 * ( 3 - ( i & 0x03 ) );
+ }
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1Input
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Input( SHA1Context *context,
+ const uint8_t *message_array,
+ unsigned length)
+{
+ if (!length)
+ {
+ return shaSuccess;
+ }
+
+ if (!context || !message_array)
+ {
+ return shaNull;
+ }
+
+ if (context->Computed)
+ {
+ context->Corrupted = shaStateError;
+
+ return shaStateError;
+ }
+
+ if (context->Corrupted)
+ {
+ return context->Corrupted;
+ }
+ while(length-- && !context->Corrupted)
+ {
+ context->Message_Block[context->Message_Block_Index++] =
+ (*message_array & 0xFF);
+
+ context->Length_Low += 8;
+ if (context->Length_Low == 0)
+ {
+ context->Length_High++;
+ if (context->Length_High == 0)
+ {
+ /* Message is too long */
+ context->Corrupted = 1;
+ }
+ }
+
+ if (context->Message_Block_Index == 64)
+ {
+ SHA1ProcessMessageBlock(context);
+ }
+
+ message_array++;
+ }
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1ProcessMessageBlock
+ *
+ * Description:
+ * This function will process the next 512 bits of the message
+ * stored in the Message_Block array.
+ *
+ * Parameters:
+ * None.
+ *
+ * Returns:
+ * Nothing.
+ *
+ * Comments:
+
+ * Many of the variable names in this code, especially the
+ * single character names, were used because those were the
+ * names used in the publication.
+ *
+ *
+ */
+void SHA1ProcessMessageBlock(SHA1Context *context)
+{
+ const uint32_t K[] = { /* Constants defined in SHA-1 */
+ 0x5A827999,
+ 0x6ED9EBA1,
+ 0x8F1BBCDC,
+ 0xCA62C1D6
+ };
+ int t; /* Loop counter */
+ uint32_t temp; /* Temporary word value */
+ uint32_t W[80]; /* Word sequence */
+ uint32_t A, B, C, D, E; /* Word buffers */
+
+ /*
+ * Initialize the first 16 words in the array W
+ */
+ for(t = 0; t < 16; t++)
+ {
+ W[t] = context->Message_Block[t * 4] << 24;
+ W[t] |= context->Message_Block[t * 4 + 1] << 16;
+ W[t] |= context->Message_Block[t * 4 + 2] << 8;
+ W[t] |= context->Message_Block[t * 4 + 3];
+ }
+
+ for(t = 16; t < 80; t++)
+ {
+ W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+ }
+
+ A = context->Intermediate_Hash[0];
+ B = context->Intermediate_Hash[1];
+ C = context->Intermediate_Hash[2];
+ D = context->Intermediate_Hash[3];
+ E = context->Intermediate_Hash[4];
+
+ for(t = 0; t < 20; t++)
+ {
+ temp = SHA1CircularShift(5,A) +
+ ((B & C) | ((~B) & D)) + E + W[t] + K[0];
+ E = D;
+ D = C;
+ C = SHA1CircularShift(30,B);
+
+ B = A;
+ A = temp;
+ }
+
+ for(t = 20; t < 40; t++)
+ {
+ temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
+ E = D;
+ D = C;
+ C = SHA1CircularShift(30,B);
+ B = A;
+ A = temp;
+ }
+
+ for(t = 40; t < 60; t++)
+ {
+ temp = SHA1CircularShift(5,A) +
+ ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
+ E = D;
+ D = C;
+ C = SHA1CircularShift(30,B);
+ B = A;
+ A = temp;
+ }
+
+ for(t = 60; t < 80; t++)
+ {
+ temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
+ E = D;
+ D = C;
+ C = SHA1CircularShift(30,B);
+ B = A;
+ A = temp;
+ }
+
+ context->Intermediate_Hash[0] += A;
+ context->Intermediate_Hash[1] += B;
+ context->Intermediate_Hash[2] += C;
+ context->Intermediate_Hash[3] += D;
+ context->Intermediate_Hash[4] += E;
+
+ context->Message_Block_Index = 0;
+}
+
+/*
+ * SHA1PadMessage
+ *
+
+ * Description:
+ * According to the standard, the message must be padded to an even
+ * 512 bits. The first padding bit must be a '1'. The last 64
+ * bits represent the length of the original message. All bits in
+ * between should be 0. This function will pad the message
+ * according to those rules by filling the Message_Block array
+ * accordingly. It will also call the ProcessMessageBlock function
+ * provided appropriately. When it returns, it can be assumed that
+ * the message digest has been computed.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to pad
+ * ProcessMessageBlock: [in]
+ * The appropriate SHA*ProcessMessageBlock function
+ * Returns:
+ * Nothing.
+ *
+ */
+
+void SHA1PadMessage(SHA1Context *context)
+{
+ /*
+ * Check to see if the current message block is too small to hold
+ * the initial padding bits and length. If so, we will pad the
+ * block, process it, and then continue padding into a second
+ * block.
+ */
+ if (context->Message_Block_Index > 55)
+ {
+ context->Message_Block[context->Message_Block_Index++] = 0x80;
+ while(context->Message_Block_Index < 64)
+ {
+ context->Message_Block[context->Message_Block_Index++] = 0;
+ }
+
+ SHA1ProcessMessageBlock(context);
+
+ while(context->Message_Block_Index < 56)
+ {
+ context->Message_Block[context->Message_Block_Index++] = 0;
+ }
+ }
+ else
+ {
+ context->Message_Block[context->Message_Block_Index++] = 0x80;
+ while(context->Message_Block_Index < 56)
+ {
+
+ context->Message_Block[context->Message_Block_Index++] = 0;
+ }
+ }
+
+ /*
+ * Store the message length as the last 8 octets
+ */
+ context->Message_Block[56] = context->Length_High >> 24;
+ context->Message_Block[57] = context->Length_High >> 16;
+ context->Message_Block[58] = context->Length_High >> 8;
+ context->Message_Block[59] = context->Length_High;
+ context->Message_Block[60] = context->Length_Low >> 24;
+ context->Message_Block[61] = context->Length_Low >> 16;
+ context->Message_Block[62] = context->Length_Low >> 8;
+ context->Message_Block[63] = context->Length_Low;
+
+ SHA1ProcessMessageBlock(context);
+}
diff --git a/util/sha1.h b/util/sha1.h new file mode 100644 index 000000000..32a62a367 --- /dev/null +++ b/util/sha1.h @@ -0,0 +1,64 @@ +/*
+ * sha1.h
+ *
+ * Description:
+ * This is the header file for code which implements the Secure
+ * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
+ * April 17, 1995.
+ *
+ * Many of the variable names in this code, especially the
+ * single character names, were used because those were the names
+ * used in the publication.
+ *
+ * Please read the file sha1.c for more information.
+ *
+ */
+
+#ifndef _SHA1_H_
+#define _SHA1_H_
+
+#include <stdint.h>
+
+#ifndef _SHA_enum_
+#define _SHA_enum_
+enum
+{
+ shaSuccess = 0,
+ shaNull, /* Null pointer parameter */
+ shaInputTooLong, /* input data too long */
+ shaStateError /* called Input after Result */
+};
+#endif
+#define SHA1HashSize 20
+
+/*
+ * This structure will hold context information for the SHA-1
+ * hashing operation
+ */
+typedef struct SHA1Context
+{
+ uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
+
+ uint32_t Length_Low; /* Message length in bits */
+ uint32_t Length_High; /* Message length in bits */
+
+ /* Index into message block array */
+ int_least16_t Message_Block_Index;
+ uint8_t Message_Block[64]; /* 512-bit message blocks */
+
+ int Computed; /* Is the digest computed? */
+ int Corrupted; /* Is the message digest corrupted? */
+} SHA1Context;
+
+/*
+ * Function Prototypes
+ */
+
+int SHA1Reset( SHA1Context *);
+int SHA1Input( SHA1Context *,
+ const uint8_t *,
+ unsigned int);
+int SHA1Result( SHA1Context *,
+ uint8_t Message_Digest[SHA1HashSize]);
+
+#endif
|