summaryrefslogtreecommitdiff
path: root/util
diff options
context:
space:
mode:
Diffstat (limited to 'util')
-rw-r--r--util/ldid.cpp243
-rw-r--r--util/sha1.c389
-rw-r--r--util/sha1.h64
3 files changed, 670 insertions, 26 deletions
diff --git a/util/ldid.cpp b/util/ldid.cpp
index b1c114a8c..7c225e1e9 100644
--- a/util/ldid.cpp
+++ b/util/ldid.cpp
@@ -38,10 +38,14 @@
#include "minimal/stdlib.h"
#include "minimal/mapping.h"
+#include "sha1.h"
+
#include <cstring>
#include <string>
#include <vector>
+#include <sys/wait.h>
+
struct fat_header {
uint32_t magic;
uint32_t nfat_arch;
@@ -68,12 +72,12 @@ struct mach_header {
uint32_t flags;
};
-#define MH_MAGIC 0xfeedface
+#define MH_MAGIC 0xfeedface
#define MH_CIGAM 0xcefaedfe
-#define MH_EXECUTE 0x2
-#define MH_DYLIB 0x6
-#define MH_BUNDLE 0x8
+#define MH_EXECUTE 0x2
+#define MH_DYLIB 0x6
+#define MH_BUNDLE 0x8
struct load_command {
uint32_t cmd;
@@ -82,9 +86,10 @@ struct load_command {
#define LC_REQ_DYLD 0x80000000
-#define LC_LOAD_DYLIB 0x0c
-#define LC_ID_DYLIB 0x0d
-#define LC_UUID 0x1b
+#define LC_LOAD_DYLIB 0x0c
+#define LC_ID_DYLIB 0x0d
+#define LC_UUID 0x1b
+#define LC_CODE_SIGNATURE 0x1d
#define LC_REEXPORT_DYLIB (0x1f | LC_REQ_DYLD)
struct dylib {
@@ -106,6 +111,51 @@ struct uuid_command {
uint8_t uuid[16];
};
+struct linkedit_data_command {
+ uint32_t cmd;
+ uint32_t cmdsize;
+ uint32_t dataoff;
+ uint32_t datasize;
+};
+
+uint16_t Swap_(uint16_t value) {
+ return
+ ((value >> 8) & 0x00ff) |
+ ((value << 8) & 0xff00);
+}
+
+uint32_t Swap_(uint32_t value) {
+ value = ((value >> 8) & 0x00ff00ff) |
+ ((value << 8) & 0xff00ff00);
+ value = ((value >> 16) & 0x0000ffff) |
+ ((value << 16) & 0xffff0000);
+ return value;
+}
+
+int16_t Swap_(int16_t value) {
+ return Swap_(static_cast<uint16_t>(value));
+}
+
+int32_t Swap_(int32_t value) {
+ return Swap_(static_cast<uint32_t>(value));
+}
+
+uint16_t Swap(uint16_t value) {
+ return true ? Swap_(value) : value;
+}
+
+uint32_t Swap(uint32_t value) {
+ return true ? Swap_(value) : value;
+}
+
+int16_t Swap(int16_t value) {
+ return Swap(static_cast<uint16_t>(value));
+}
+
+int32_t Swap(int32_t value) {
+ return Swap(static_cast<uint32_t>(value));
+}
+
class Framework {
private:
void *base_;
@@ -114,30 +164,20 @@ class Framework {
bool swapped_;
public:
- int16_t Swap(int16_t value) const {
- return Swap(static_cast<uint16_t>(value));
+ uint16_t Swap(uint16_t value) const {
+ return swapped_ ? Swap_(value) : value;
}
- int32_t Swap(int32_t value) const {
- return Swap(static_cast<uint32_t>(value));
+ uint32_t Swap(uint32_t value) const {
+ return swapped_ ? Swap_(value) : value;
}
- uint16_t Swap(uint16_t value) const {
- return !swapped_ ? value :
- ((value >> 8) & 0x00ff) |
- ((value << 8) & 0xff00);
+ int16_t Swap(int16_t value) const {
+ return Swap(static_cast<uint16_t>(value));
}
- uint32_t Swap(uint32_t value) const {
- if (!swapped_)
- return value;
- else {
- value = ((value >> 8) & 0x00ff00ff) |
- ((value << 8) & 0xff00ff00);
- value = ((value >> 16) & 0x0000ffff) |
- ((value << 16) & 0xffff0000);
- return value;
- }
+ int32_t Swap(int32_t value) const {
+ return Swap(static_cast<uint32_t>(value));
}
Framework(const char *framework_path) :
@@ -198,8 +238,50 @@ class Framework {
}
};
+#define CSMAGIC_CODEDIRECTORY 0xfade0c02
+#define CSMAGIC_EMBEDDED_SIGNATURE 0xfade0cc0
+#define CSSLOT_CODEDIRECTORY 0
+
+struct BlobIndex {
+ uint32_t type;
+ uint32_t offset;
+};
+
+struct SuperBlob {
+ uint32_t magic;
+ uint32_t length;
+ uint32_t count;
+ struct BlobIndex index[];
+};
+
+struct CodeDirectory {
+ uint32_t magic;
+ uint32_t length;
+ uint32_t version;
+ uint32_t flags;
+ uint32_t hashOffset;
+ uint32_t identOffset;
+ uint32_t nSpecialSlots;
+ uint32_t nCodeSlots;
+ uint32_t codeLimit;
+ uint8_t hashSize;
+ uint8_t hashType;
+ uint8_t spare1;
+ uint8_t pageSize;
+ uint32_t spare2;
+};
+
extern "C" uint32_t hash(uint8_t *k, uint32_t length, uint32_t initval);
+#define CODESIGN_ALLOCATE "arm-apple-darwin9-codesign_allocate"
+
+void sha1(uint8_t *hash, uint8_t *data, size_t size) {
+ SHA1Context context;
+ SHA1Reset(&context);
+ SHA1Input(&context, data, size);
+ SHA1Result(&context, hash);
+}
+
int main(int argc, const char *argv[]) {
bool flag_R(false);
bool flag_t(false);
@@ -207,6 +289,7 @@ int main(int argc, const char *argv[]) {
bool flag_u(false);
bool flag_T(false);
+ bool flag_S(false);
bool timeh(false);
uint32_t timev(0);
@@ -222,6 +305,7 @@ int main(int argc, const char *argv[]) {
case 't': flag_t = true; break;
case 'u': flag_u = true; break;
case 'p': flag_p = true; break;
+ case 'S': flag_S = true; break;
case 'T': {
flag_T = true;
@@ -245,7 +329,46 @@ int main(int argc, const char *argv[]) {
size_t filei(0), filee(0);
_foreach (file, files) try {
- Framework framework(file->c_str());
+ const char *path(file->c_str());
+ const char *base = strrchr(path, '/');
+ char *temp(NULL), *dir;
+
+ if (base != NULL)
+ dir = strndup(path, base++ - path + 1);
+ else {
+ dir = strdup("");
+ base = path;
+ }
+
+ if (flag_S) {
+ asprintf(&temp, "%s.%s.cs", dir, base);
+ const char *allocate = getenv("CODESIGN_ALLOCATE");
+ if (allocate == NULL)
+ allocate = "codesign_allocate";
+
+ size_t size; {
+ Framework framework(path);
+ size = framework.GetSize();
+ }
+
+ pid_t pid = fork();
+ _syscall(pid);
+ if (pid == 0) {
+ char *ssize;
+ asprintf(&ssize, "%u", (sizeof(struct SuperBlob) + sizeof(struct BlobIndex) + sizeof(struct CodeDirectory) + strlen(base) + 1 + (size + 0x1000 - 1) / 0x1000 * 0x14 + 15) / 16 * 16);
+ printf("%s\n", ssize);
+ execlp(allocate, allocate, "-i", path, "-a", "arm", ssize, "-o", temp, NULL);
+ _assert(false);
+ }
+
+ int status;
+ _syscall(waitpid(pid, &status, 0));
+ _assert(WIFEXITED(status));
+ _assert(WEXITSTATUS(status) == 0);
+ }
+
+ Framework framework(temp == NULL ? path : temp);
+ struct linkedit_data_command *signature(NULL);
if (flag_p)
printf("path%zu='%s'\n", filei, file->c_str());
@@ -255,6 +378,8 @@ int main(int argc, const char *argv[]) {
if (flag_R && cmd == LC_REEXPORT_DYLIB)
(*load_command)->cmd = framework.Swap(LC_LOAD_DYLIB);
+ else if (cmd == LC_CODE_SIGNATURE)
+ signature = reinterpret_cast<struct linkedit_data_command *>(*load_command);
else if (cmd == LC_UUID) {
volatile struct uuid_command *uuid_command(reinterpret_cast<struct uuid_command *>(*load_command));
@@ -287,6 +412,72 @@ int main(int argc, const char *argv[]) {
}
}
+ if (flag_S) {
+ _assert(signature != NULL);
+
+ uint32_t data = framework.Swap(signature->dataoff);
+ uint32_t size = framework.Swap(signature->datasize);
+
+ uint8_t *top = reinterpret_cast<uint8_t *>(framework.GetBase());
+ uint8_t *blob = top + data;
+ struct SuperBlob *super = reinterpret_cast<struct SuperBlob *>(blob);
+ super->magic = Swap(CSMAGIC_EMBEDDED_SIGNATURE);
+
+ uint32_t count = 1;
+ uint32_t offset = sizeof(struct SuperBlob) + count * sizeof(struct BlobIndex);
+
+ super->index[0].type = Swap(CSSLOT_CODEDIRECTORY);
+ super->index[0].offset = Swap(offset);
+
+ uint32_t begin = offset;
+ struct CodeDirectory *directory = reinterpret_cast<struct CodeDirectory *>(blob + begin);
+ offset += sizeof(struct CodeDirectory);
+
+ directory->magic = Swap(CSMAGIC_CODEDIRECTORY);
+ directory->version = Swap(0x00020001);
+ directory->flags = Swap(0);
+ directory->codeLimit = Swap(data);
+ directory->hashSize = 0x14;
+ directory->hashType = 0x01;
+ directory->spare1 = 0x00;
+ directory->pageSize = 0x0c;
+ directory->spare2 = Swap(0);
+
+ directory->identOffset = Swap(offset - begin);
+ strcpy(reinterpret_cast<char *>(blob + offset), base);
+ offset += strlen(base) + 1;
+
+ uint8_t (*hashes)[20] = reinterpret_cast<uint8_t (*)[20]>(blob + offset);
+ uint32_t special = 0;
+
+ uint32_t pages = (data + 0x1000 - 1) / 0x1000;
+ directory->nSpecialSlots = Swap(special);
+ directory->nCodeSlots = Swap(pages);
+
+ if (pages != 1)
+ for (size_t i = 0; i != pages - 1; ++i)
+ sha1(hashes[special + i], top + 0x1000 * i, 0x1000);
+ if (pages != 0)
+ sha1(hashes[special + pages - 1], top + 0x1000 * (pages - 1), data % 0x1000);
+
+ directory->hashOffset = Swap(offset - begin);
+ offset += sizeof(*hashes) * (special + pages);
+ directory->length = Swap(offset - begin);
+
+ super->count = Swap(count);
+ super->length = Swap(offset);
+
+ _assert(offset < size);
+ memset(blob + offset, 0, size - offset);
+ }
+
+ if (temp) {
+ _syscall(unlink(path));
+ _syscall(rename(temp, path));
+ free(temp);
+ }
+
+ free(dir);
++filei;
} catch (const char *) {
++filee;
diff --git a/util/sha1.c b/util/sha1.c
new file mode 100644
index 000000000..2b74de8dd
--- /dev/null
+++ b/util/sha1.c
@@ -0,0 +1,389 @@
+/*
+ * sha1.c
+ *
+ * Description:
+ * This file implements the Secure Hashing Algorithm 1 as
+ * defined in FIPS PUB 180-1 published April 17, 1995.
+ *
+ * The SHA-1, produces a 160-bit message digest for a given
+ * data stream. It should take about 2**n steps to find a
+ * message with the same digest as a given message and
+ * 2**(n/2) to find any two messages with the same digest,
+ * when n is the digest size in bits. Therefore, this
+ * algorithm can serve as a means of providing a
+ * "fingerprint" for a message.
+ *
+ * Portability Issues:
+ * SHA-1 is defined in terms of 32-bit "words". This code
+ * uses <stdint.h> (included via "sha1.h" to define 32 and 8
+ * bit unsigned integer types. If your C compiler does not
+ * support 32 bit unsigned integers, this code is not
+ * appropriate.
+ *
+ * Caveats:
+ * SHA-1 is designed to work with messages less than 2^64 bits
+ * long. Although SHA-1 allows a message digest to be generated
+ * for messages of any number of bits less than 2^64, this
+ * implementation only works with messages with a length that is
+ * a multiple of the size of an 8-bit character.
+ *
+ */
+
+#include "sha1.h"
+
+/*
+ * Define the SHA1 circular left shift macro
+ */
+#define SHA1CircularShift(bits,word) \
+ (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/* Local Function Prototyptes */
+void SHA1PadMessage(SHA1Context *);
+void SHA1ProcessMessageBlock(SHA1Context *);
+
+/*
+ * SHA1Reset
+ *
+ * Description:
+ * This function will initialize the SHA1Context in preparation
+ * for computing a new SHA1 message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Reset(SHA1Context *context)
+{
+ if (!context)
+ {
+ return shaNull;
+ }
+
+ context->Length_Low = 0;
+ context->Length_High = 0;
+ context->Message_Block_Index = 0;
+
+ context->Intermediate_Hash[0] = 0x67452301;
+ context->Intermediate_Hash[1] = 0xEFCDAB89;
+ context->Intermediate_Hash[2] = 0x98BADCFE;
+ context->Intermediate_Hash[3] = 0x10325476;
+ context->Intermediate_Hash[4] = 0xC3D2E1F0;
+
+ context->Computed = 0;
+ context->Corrupted = 0;
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1Result
+ *
+ * Description:
+ * This function will return the 160-bit message digest into the
+ * Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 19th element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA-1 hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Result( SHA1Context *context,
+ uint8_t Message_Digest[SHA1HashSize])
+{
+ int i;
+
+ if (!context || !Message_Digest)
+ {
+ return shaNull;
+ }
+
+ if (context->Corrupted)
+ {
+ return context->Corrupted;
+ }
+
+ if (!context->Computed)
+ {
+ SHA1PadMessage(context);
+ for(i=0; i<64; ++i)
+ {
+ /* message may be sensitive, clear it out */
+ context->Message_Block[i] = 0;
+ }
+ context->Length_Low = 0; /* and clear length */
+ context->Length_High = 0;
+ context->Computed = 1;
+
+ }
+
+ for(i = 0; i < SHA1HashSize; ++i)
+ {
+ Message_Digest[i] = context->Intermediate_Hash[i>>2]
+ >> 8 * ( 3 - ( i & 0x03 ) );
+ }
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1Input
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Input( SHA1Context *context,
+ const uint8_t *message_array,
+ unsigned length)
+{
+ if (!length)
+ {
+ return shaSuccess;
+ }
+
+ if (!context || !message_array)
+ {
+ return shaNull;
+ }
+
+ if (context->Computed)
+ {
+ context->Corrupted = shaStateError;
+
+ return shaStateError;
+ }
+
+ if (context->Corrupted)
+ {
+ return context->Corrupted;
+ }
+ while(length-- && !context->Corrupted)
+ {
+ context->Message_Block[context->Message_Block_Index++] =
+ (*message_array & 0xFF);
+
+ context->Length_Low += 8;
+ if (context->Length_Low == 0)
+ {
+ context->Length_High++;
+ if (context->Length_High == 0)
+ {
+ /* Message is too long */
+ context->Corrupted = 1;
+ }
+ }
+
+ if (context->Message_Block_Index == 64)
+ {
+ SHA1ProcessMessageBlock(context);
+ }
+
+ message_array++;
+ }
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1ProcessMessageBlock
+ *
+ * Description:
+ * This function will process the next 512 bits of the message
+ * stored in the Message_Block array.
+ *
+ * Parameters:
+ * None.
+ *
+ * Returns:
+ * Nothing.
+ *
+ * Comments:
+
+ * Many of the variable names in this code, especially the
+ * single character names, were used because those were the
+ * names used in the publication.
+ *
+ *
+ */
+void SHA1ProcessMessageBlock(SHA1Context *context)
+{
+ const uint32_t K[] = { /* Constants defined in SHA-1 */
+ 0x5A827999,
+ 0x6ED9EBA1,
+ 0x8F1BBCDC,
+ 0xCA62C1D6
+ };
+ int t; /* Loop counter */
+ uint32_t temp; /* Temporary word value */
+ uint32_t W[80]; /* Word sequence */
+ uint32_t A, B, C, D, E; /* Word buffers */
+
+ /*
+ * Initialize the first 16 words in the array W
+ */
+ for(t = 0; t < 16; t++)
+ {
+ W[t] = context->Message_Block[t * 4] << 24;
+ W[t] |= context->Message_Block[t * 4 + 1] << 16;
+ W[t] |= context->Message_Block[t * 4 + 2] << 8;
+ W[t] |= context->Message_Block[t * 4 + 3];
+ }
+
+ for(t = 16; t < 80; t++)
+ {
+ W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+ }
+
+ A = context->Intermediate_Hash[0];
+ B = context->Intermediate_Hash[1];
+ C = context->Intermediate_Hash[2];
+ D = context->Intermediate_Hash[3];
+ E = context->Intermediate_Hash[4];
+
+ for(t = 0; t < 20; t++)
+ {
+ temp = SHA1CircularShift(5,A) +
+ ((B & C) | ((~B) & D)) + E + W[t] + K[0];
+ E = D;
+ D = C;
+ C = SHA1CircularShift(30,B);
+
+ B = A;
+ A = temp;
+ }
+
+ for(t = 20; t < 40; t++)
+ {
+ temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
+ E = D;
+ D = C;
+ C = SHA1CircularShift(30,B);
+ B = A;
+ A = temp;
+ }
+
+ for(t = 40; t < 60; t++)
+ {
+ temp = SHA1CircularShift(5,A) +
+ ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
+ E = D;
+ D = C;
+ C = SHA1CircularShift(30,B);
+ B = A;
+ A = temp;
+ }
+
+ for(t = 60; t < 80; t++)
+ {
+ temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
+ E = D;
+ D = C;
+ C = SHA1CircularShift(30,B);
+ B = A;
+ A = temp;
+ }
+
+ context->Intermediate_Hash[0] += A;
+ context->Intermediate_Hash[1] += B;
+ context->Intermediate_Hash[2] += C;
+ context->Intermediate_Hash[3] += D;
+ context->Intermediate_Hash[4] += E;
+
+ context->Message_Block_Index = 0;
+}
+
+/*
+ * SHA1PadMessage
+ *
+
+ * Description:
+ * According to the standard, the message must be padded to an even
+ * 512 bits. The first padding bit must be a '1'. The last 64
+ * bits represent the length of the original message. All bits in
+ * between should be 0. This function will pad the message
+ * according to those rules by filling the Message_Block array
+ * accordingly. It will also call the ProcessMessageBlock function
+ * provided appropriately. When it returns, it can be assumed that
+ * the message digest has been computed.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to pad
+ * ProcessMessageBlock: [in]
+ * The appropriate SHA*ProcessMessageBlock function
+ * Returns:
+ * Nothing.
+ *
+ */
+
+void SHA1PadMessage(SHA1Context *context)
+{
+ /*
+ * Check to see if the current message block is too small to hold
+ * the initial padding bits and length. If so, we will pad the
+ * block, process it, and then continue padding into a second
+ * block.
+ */
+ if (context->Message_Block_Index > 55)
+ {
+ context->Message_Block[context->Message_Block_Index++] = 0x80;
+ while(context->Message_Block_Index < 64)
+ {
+ context->Message_Block[context->Message_Block_Index++] = 0;
+ }
+
+ SHA1ProcessMessageBlock(context);
+
+ while(context->Message_Block_Index < 56)
+ {
+ context->Message_Block[context->Message_Block_Index++] = 0;
+ }
+ }
+ else
+ {
+ context->Message_Block[context->Message_Block_Index++] = 0x80;
+ while(context->Message_Block_Index < 56)
+ {
+
+ context->Message_Block[context->Message_Block_Index++] = 0;
+ }
+ }
+
+ /*
+ * Store the message length as the last 8 octets
+ */
+ context->Message_Block[56] = context->Length_High >> 24;
+ context->Message_Block[57] = context->Length_High >> 16;
+ context->Message_Block[58] = context->Length_High >> 8;
+ context->Message_Block[59] = context->Length_High;
+ context->Message_Block[60] = context->Length_Low >> 24;
+ context->Message_Block[61] = context->Length_Low >> 16;
+ context->Message_Block[62] = context->Length_Low >> 8;
+ context->Message_Block[63] = context->Length_Low;
+
+ SHA1ProcessMessageBlock(context);
+}
diff --git a/util/sha1.h b/util/sha1.h
new file mode 100644
index 000000000..32a62a367
--- /dev/null
+++ b/util/sha1.h
@@ -0,0 +1,64 @@
+/*
+ * sha1.h
+ *
+ * Description:
+ * This is the header file for code which implements the Secure
+ * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
+ * April 17, 1995.
+ *
+ * Many of the variable names in this code, especially the
+ * single character names, were used because those were the names
+ * used in the publication.
+ *
+ * Please read the file sha1.c for more information.
+ *
+ */
+
+#ifndef _SHA1_H_
+#define _SHA1_H_
+
+#include <stdint.h>
+
+#ifndef _SHA_enum_
+#define _SHA_enum_
+enum
+{
+ shaSuccess = 0,
+ shaNull, /* Null pointer parameter */
+ shaInputTooLong, /* input data too long */
+ shaStateError /* called Input after Result */
+};
+#endif
+#define SHA1HashSize 20
+
+/*
+ * This structure will hold context information for the SHA-1
+ * hashing operation
+ */
+typedef struct SHA1Context
+{
+ uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
+
+ uint32_t Length_Low; /* Message length in bits */
+ uint32_t Length_High; /* Message length in bits */
+
+ /* Index into message block array */
+ int_least16_t Message_Block_Index;
+ uint8_t Message_Block[64]; /* 512-bit message blocks */
+
+ int Computed; /* Is the digest computed? */
+ int Corrupted; /* Is the message digest corrupted? */
+} SHA1Context;
+
+/*
+ * Function Prototypes
+ */
+
+int SHA1Reset( SHA1Context *);
+int SHA1Input( SHA1Context *,
+ const uint8_t *,
+ unsigned int);
+int SHA1Result( SHA1Context *,
+ uint8_t Message_Digest[SHA1HashSize]);
+
+#endif