X-Git-Url: https://git.cameronkatri.com/ldid.git/blobdiff_plain/88de319a622c1d4a6d0ec914321e8d58affe73f6..33c6686fda5e2d18d26f7e0510a245487f9a0c01:/ldid.cpp

diff --git a/ldid.cpp b/ldid.cpp
index c2f7e0a..7598b40 100644
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -43,11 +43,15 @@
 #include <sys/types.h>
 
 #ifndef LDID_NOSMIME
-#include <openssl/provider.h>
+#include <openssl/opensslv.h>
+# if OPENSSL_VERSION_MAJOR >= 3
+#  include <openssl/provider.h>
+# endif
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pkcs12.h>
+#include <openssl/ui.h>
 #endif
 
 #ifdef __APPLE__
@@ -142,6 +146,10 @@
 #define _packed \
     __attribute__((packed))
 
+#ifndef LDID_NOSMIME
+std::string password;
+#endif
+
 template <typename Type_>
 struct Iterator_ {
     typedef typename Type_::const_iterator Result;
@@ -188,8 +196,9 @@ Scope<Function_> _scope(const Function_ &function) {
 #define _scope(function) \
     _scope_(__COUNTER__, function)
 
-#define CPU_ARCH_MASK  uint32_t(0xff000000)
-#define CPU_ARCH_ABI64 uint32_t(0x01000000)
+#define CPU_ARCH_MASK     uint32_t(0xff000000)
+#define CPU_ARCH_ABI64    uint32_t(0x01000000)
+#define CPU_ARCH_ABI64_32 uint32_t(0x02000000)
 
 #define CPU_TYPE_ANY     uint32_t(-1)
 #define CPU_TYPE_VAX     uint32_t( 1)
@@ -208,6 +217,7 @@ Scope<Function_> _scope(const Function_ &function) {
 #define CPU_TYPE_ARM64     (CPU_ARCH_ABI64 | CPU_TYPE_ARM)
 #define CPU_TYPE_POWERPC64 (CPU_ARCH_ABI64 | CPU_TYPE_POWERPC)
 #define CPU_TYPE_X86_64    (CPU_ARCH_ABI64 | CPU_TYPE_X86)
+#define CPU_TYPE_ARM64_32  (CPU_TYPE_ARM | CPU_ARCH_ABI64_32)
 
 struct fat_header {
     uint32_t magic;
@@ -1243,10 +1253,10 @@ static const std::vector<Algorithm *> &GetAlgorithms() {
 
     static std::vector<Algorithm *> algorithms;
     if (algorithms.empty()) {
-        if (do_sha1)
-            algorithms.push_back(&sha1);
         if (do_sha256)
             algorithms.push_back(&sha256);
+        if (do_sha1)
+            algorithms.push_back(&sha1);
     }
 
     return algorithms;
@@ -1475,6 +1485,7 @@ static void Allocate(const void *idata, size_t isize, std::streambuf &output, co
                 break;
             case CPU_TYPE_ARM:
             case CPU_TYPE_ARM64:
+            case CPU_TYPE_ARM64_32:
                 align = 0xe;
                 break;
             default:
@@ -1502,6 +1513,9 @@ static void Allocate(const void *idata, size_t isize, std::streambuf &output, co
             case CPU_TYPE_ARM64:
                 arch = "arm64";
                 break;
+            case CPU_TYPE_ARM64_32:
+                arch = "arm64_32";
+                break;
         }
 
         offset = Align(offset, 1 << align);
@@ -1787,8 +1801,14 @@ class Stuff {
         ca_(NULL)
     {
         _assert(value_ != NULL);
-        _assert(PKCS12_parse(value_, "", &key_, &cert_, &ca_) != 0);
 
+        if (!PKCS12_verify_mac(value_, "", 0) && password.empty()) {
+            char passbuf[2048];
+            UI_UTIL_read_pw_string(passbuf, 2048, "Enter password: ", 0);
+            password = passbuf;
+        }
+
+        _assert(PKCS12_parse(value_, password.c_str(), &key_, &cert_, &ca_) != 0);
         _assert(key_ != NULL);
         _assert(cert_ != NULL);
 
@@ -2783,7 +2803,7 @@ struct State {
     }
 };
 
-Bundle Sign(const std::string &root, Folder &parent, const std::string &key, State &remote, const std::string &requirements, const Functor<std::string (const std::string &, const std::string &)> &alter, const Progress &progress) {
+Bundle Sign(const std::string &root, Folder &parent, const std::string &key, State &local, const std::string &requirements, const Functor<std::string (const std::string &, const std::string &)> &alter, const Progress &progress) {
     std::string executable;
     std::string identifier;
 
@@ -2862,8 +2882,6 @@ Bundle Sign(const std::string &root, Folder &parent, const std::string &key, Sta
         rules2.insert(Rule{20, NoMode, "^version\\.plist$"});
     }
 
-    State local;
-
     std::string failure(mac ? "Contents/|Versions/[^/]*/Resources/" : "");
     Expression nested("^(Frameworks/[^/]*\\.framework|PlugIns/[^/]*\\.appex(()|/[^/]*.app))/(" + failure + ")Info\\.plist$");
     std::map<std::string, Bundle> bundles;
@@ -2871,16 +2889,18 @@ Bundle Sign(const std::string &root, Folder &parent, const std::string &key, Sta
     folder.Find("", fun([&](const std::string &name) {
         if (!nested(name))
             return;
-        auto bundle(root + Split(name).dir);
+        auto bundle(Split(name).dir);
         if (mac) {
             _assert(!bundle.empty());
             bundle = Split(bundle.substr(0, bundle.size() - 1)).dir;
         }
         SubFolder subfolder(folder, bundle);
 
-        bundles[nested[1]] = Sign(bundle, subfolder, key, local, "", Starts(name, "PlugIns/") ? alter :
+        State remote;
+        bundles[nested[1]] = Sign(root + bundle, subfolder, key, remote, "", Starts(name, "PlugIns/") ? alter :
             static_cast<const Functor<std::string (const std::string &, const std::string &)> &>(fun([&](const std::string &, const std::string &) -> std::string { return entitlements; }))
         , progress);
+        local.Merge(bundle, remote);
     }), fun([&](const std::string &name, const Functor<std::string ()> &read) {
     }));
 
@@ -3067,7 +3087,6 @@ Bundle Sign(const std::string &root, Folder &parent, const std::string &key, Sta
         }));
     }));
 
-    remote.Merge(root, local);
     return bundle;
 }
 
@@ -3091,18 +3110,28 @@ std::string Hex(const uint8_t *data, size_t size) {
 }
 
 static void usage(const char *argv0) {
-    fprintf(stderr, "usage: %s -S[entitlements.xml] <binary>\n", argv0);
-    fprintf(stderr, "   %s -e MobileSafari\n", argv0);
-    fprintf(stderr, "   %s -S cat\n", argv0);
-    fprintf(stderr, "   %s -Stfp.xml gdb\n", argv0);
+    fprintf(stderr, "Link Identity Editor %s\n\n", LDID_VERSION);
+    fprintf(stderr, "usage: %s [-Acputype:subtype] [-a] [-C[adhoc | enforcement | expires | hard |\n", argv0);
+    fprintf(stderr, "          host | kill | library-validation | restrict | runtime]] [-D] [-d]\n");
+    fprintf(stderr, "          [-Enum:file] [-e] [-h] [-Kkey.p12 [-Upassword]] [-M] [-P] [-q]\n");
+    fprintf(stderr, "          [-r | -Sfile | -s] [-Ttimestamp] [-u] file ...\n\n");
+    fprintf(stderr, "Options:\n");
+    fprintf(stderr, "   -S[file.xml]  Pseudo-sign using the entitlements in file.xml\n");
+    fprintf(stderr, "   -Kkey.p12     Sign using private key in key.p12\n");
+    fprintf(stderr, "   -Upassword    Use password to unlock key.p12\n");
+    fprintf(stderr, "   -M            Merge entitlements with any existing\n");
+    fprintf(stderr, "   -h            Print CDHash of file\n\n");
+    fprintf(stderr, "More information: 'man ldid'\n");
 }
 
 #ifndef LDID_NOTOOLS
 int main(int argc, char *argv[]) {
 #ifndef LDID_NOSMIME
     OpenSSL_add_all_algorithms();
+# if OPENSSL_VERSION_MAJOR >= 3
     OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
     OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(NULL, "default");
+# endif
 #endif
 
     union {
@@ -3284,6 +3313,10 @@ int main(int argc, char *argv[]) {
                 flag_M = true;
             break;
 
+            case 'U':
+                password = argv[argi] + 2;
+            break;
+
             case 'K':
                 if (argv[argi][2] != '\0')
                     key.open(argv[argi] + 2, O_RDONLY, PROT_READ, MAP_PRIVATE);
@@ -3577,9 +3610,11 @@ int main(int argc, char *argv[]) {
         ++filei;
     }
 
-#ifndef LDID_NOSMINE
+#ifndef LDID_NOSMIME
+# if OPENSSL_VERSION_MAJOR >= 3
     OSSL_PROVIDER_unload(legacy);
     OSSL_PROVIDER_unload(deflt);
+# endif
 #endif
 
     return filee;