X-Git-Url: https://git.cameronkatri.com/ldid.git/blobdiff_plain/9685c0d6ce74c677b1b3141a8a885f73e137de31..847abe6294f03d0bc47e1509defb34822c24ba74:/ldid.cpp diff --git a/ldid.cpp b/ldid.cpp index d188458..1f20275 100644 --- a/ldid.cpp +++ b/ldid.cpp @@ -54,21 +54,7 @@ #include #include -#include - -#define LDID_SHA1_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define LDID_SHA1 SHA1 -#define LDID_SHA1_CTX SHA_CTX -#define LDID_SHA1_Init SHA1_Init -#define LDID_SHA1_Update SHA1_Update -#define LDID_SHA1_Final SHA1_Final - -#define LDID_SHA256_DIGEST_LENGTH SHA256_DIGEST_LENGTH -#define LDID_SHA256 SHA256 -#define LDID_SHA256_CTX SHA256_CTX -#define LDID_SHA256_Init SHA256_Init -#define LDID_SHA256_Update SHA256_Update -#define LDID_SHA256_Final SHA256_Final +#include #include @@ -1145,7 +1131,7 @@ struct AlgorithmSHA1 : Algorithm { AlgorithmSHA1() : - Algorithm(LDID_SHA1_DIGEST_LENGTH, CS_HASHTYPE_SHA160_160) + Algorithm(SHA_DIGEST_LENGTH, CS_HASHTYPE_SHA160_160) { } @@ -1154,7 +1140,7 @@ struct AlgorithmSHA1 : } void operator ()(uint8_t *hash, const void *data, size_t size) const { - LDID_SHA1(static_cast(data), size, hash); + SHA1(static_cast(data), size, hash); } void operator ()(ldid::Hash &hash, const void *data, size_t size) const { @@ -1162,7 +1148,7 @@ struct AlgorithmSHA1 : } void operator ()(std::vector &hash, const void *data, size_t size) const { - hash.resize(LDID_SHA1_DIGEST_LENGTH); + hash.resize(SHA_DIGEST_LENGTH); return operator ()(reinterpret_cast(hash.data()), data, size); } @@ -1175,7 +1161,7 @@ struct AlgorithmSHA256 : Algorithm { AlgorithmSHA256() : - Algorithm(LDID_SHA256_DIGEST_LENGTH, CS_HASHTYPE_SHA256_256) + Algorithm(SHA256_DIGEST_LENGTH, CS_HASHTYPE_SHA256_256) { } @@ -1184,7 +1170,7 @@ struct AlgorithmSHA256 : } void operator ()(uint8_t *hash, const void *data, size_t size) const { - LDID_SHA256(static_cast(data), size, hash); + SHA256(static_cast(data), size, hash); } void operator ()(ldid::Hash &hash, const void *data, size_t size) const { @@ -1192,7 +1178,7 @@ struct AlgorithmSHA256 : } void operator ()(std::vector &hash, const void *data, size_t size) const { - hash.resize(LDID_SHA256_DIGEST_LENGTH); + hash.resize(SHA256_DIGEST_LENGTH); return operator ()(reinterpret_cast(hash.data()), data, size); } @@ -1730,7 +1716,7 @@ class Buffer { Buffer() { if (i2d_PKCS7_bio(bio_, pkcs) == 0){ - fprintf(stderr, "ldid: An error occured while getting the PKCS12 file: %s\n", ERR_error_string(ERR_get_error(), NULL)); + fprintf(stderr, "ldid: An error occured while getting the PKCS7 file: %s\n", ERR_error_string(ERR_get_error(), NULL)); exit(1); } } @@ -1869,14 +1855,18 @@ class Signature { X509_ATTRIBUTE *attribute = X509_ATTRIBUTE_new(); ASN1_OBJECT *obj2 = OBJ_txt2obj("1.2.840.113635.100.9.2", 1); X509_ATTRIBUTE_set1_object(attribute, obj2); - // xina fix; - SEQUENCE_hash_sha1 seq1; - memcpy((void *)seq1.hash,(void *)alternateCDSHA1.data() ,alternateCDSHA1.size()); - X509_ATTRIBUTE_set1_data(attribute, V_ASN1_SEQUENCE,&seq1, sizeof(seq1)); - // xina fix; - SEQUENCE_hash_sha256 seq256; - memcpy((void *)seq256.hash,(void *)alternateCDSHA256.data() ,alternateCDSHA256.size()); - X509_ATTRIBUTE_set1_data(attribute, V_ASN1_SEQUENCE,&seq256, sizeof(seq256)); + if (alternateCDSHA1.size() != 0) { + // xina fix; + SEQUENCE_hash_sha1 seq1; + memcpy((void *)seq1.hash, (void *)alternateCDSHA1.data(), alternateCDSHA1.size()); + X509_ATTRIBUTE_set1_data(attribute, V_ASN1_SEQUENCE, &seq1, sizeof(seq1)); + } + if (alternateCDSHA256.size() != 0) { + // xina fix; + SEQUENCE_hash_sha256 seq256; + memcpy((void *)seq256.hash, (void *)alternateCDSHA256.data(), alternateCDSHA256.size()); + X509_ATTRIBUTE_set1_data(attribute, V_ASN1_SEQUENCE, &seq256, sizeof(seq256)); + } STACK_OF(X509_ATTRIBUTE) *sk = PKCS7_get_signed_attributes(info); if (!sk_X509_ATTRIBUTE_push(sk, attribute)) { @@ -1942,25 +1932,31 @@ class HashBuffer : private: ldid::Hash &hash_; - LDID_SHA1_CTX sha1_; - LDID_SHA256_CTX sha256_; + EVP_MD_CTX *sha1_; + EVP_MD_CTX *sha256_; public: HashBuffer(ldid::Hash &hash) : hash_(hash) { - LDID_SHA1_Init(&sha1_); - LDID_SHA256_Init(&sha256_); + sha1_ = EVP_MD_CTX_new(); + sha256_ = EVP_MD_CTX_new(); + + EVP_DigestInit_ex(sha1_, EVP_get_digestbyname("sha1"), nullptr); + EVP_DigestInit_ex(sha256_, EVP_get_digestbyname("sha256"), nullptr); } ~HashBuffer() { - LDID_SHA1_Final(reinterpret_cast(hash_.sha1_), &sha1_); - LDID_SHA256_Final(reinterpret_cast(hash_.sha256_), &sha256_); + EVP_DigestFinal_ex(sha1_, reinterpret_cast(hash_.sha1_), nullptr); + EVP_DigestFinal_ex(sha256_, reinterpret_cast(hash_.sha256_), nullptr); + + EVP_MD_CTX_free(sha1_); + EVP_MD_CTX_free(sha256_); } virtual std::streamsize xsputn(const char_type *data, std::streamsize size) { - LDID_SHA1_Update(&sha1_, data, size); - LDID_SHA256_Update(&sha256_, data, size); + EVP_DigestUpdate(sha1_, data, size); + EVP_DigestUpdate(sha256_, data, size); return size; } @@ -3547,6 +3543,10 @@ int main(int argc, char *argv[]) { } if (flag_h) { + char *buf = _syscall(realpath(file.c_str(), NULL)); + printf("Executable=%s\n", buf); + free(buf); + auto algorithms(GetAlgorithms()); uint32_t data = mach_header.Swap(signature->dataoff); @@ -3560,9 +3560,11 @@ int main(int argc, char *argv[]) { size_t size_; Algorithm &algorithm_; std::string hash_; + uint32_t offset; }; std::map candidates; + uint32_t cmsBegin = 0, cmsEnd = 0; for (size_t index(0); index != Swap(super->count); ++index) { auto type(Swap(super->index[index].type)); @@ -3575,7 +3577,10 @@ int main(int argc, char *argv[]) { auto &algorithm(*algorithms[type - 1]); uint8_t hash[algorithm.size_]; algorithm(hash, blob + begin, end - begin); - candidates.insert({type, {directory, end - begin, algorithm, Hex(hash, 20)}}); + candidates.insert({type, {directory, end - begin, algorithm, Hex(hash, 20), begin}}); + } else if (type == CSSLOT_SIGNATURESLOT) { + cmsBegin = Swap(super->index[index].offset); + cmsEnd = index + 1 == Swap(super->count) ? Swap(super->blob.length) : Swap(super->index[index + 1].offset); } } @@ -3586,6 +3591,8 @@ int main(int argc, char *argv[]) { const auto directory(best->second.directory_); const auto flags(Swap(directory->flags)); + printf("Identifier=%s\n", blob + best->second.offset + Swap(directory->identOffset)); + std::string names; if (flags & kSecCodeSignatureHost) names += ",host"; @@ -3620,6 +3627,57 @@ int main(int argc, char *argv[]) { printf("Hash choices=%s\n", choices.c_str() + 1); printf("CDHash=%s\n", best->second.hash_.c_str()); + + if (cmsBegin != 0 && cmsEnd != 0) { + // This loads the CMS blob and parses each X509 cert in the blob to extract the + // common name and print it as "Authority=%s" + Buffer bio(reinterpret_cast(blob) + cmsBegin + sizeof(Blob), cmsEnd - cmsBegin); + PKCS7 *p7 = NULL; + if ((p7 = d2i_PKCS7_bio(bio, NULL)) == NULL) { + // In order to follow codesign, we just ignore errors + printf("Authority=(unavailable)\n"); + } else { + STACK_OF(X509) *certs = NULL; + switch (OBJ_obj2nid(p7->type)) { + case NID_pkcs7_signed: + if (p7->d.sign != NULL) + certs = p7->d.sign->cert; + break; + case NID_pkcs7_signedAndEnveloped: + if (p7->d.signed_and_enveloped != NULL) + certs = p7->d.signed_and_enveloped->cert; + break; + default: + break; + } + if (certs != NULL) { + X509 *x; + for (int i = 0; i < sk_X509_num(certs); i++) { + x = sk_X509_value(certs, i); + int lastpos = -1; + X509_NAME *nm = X509_get_subject_name(x); + X509_NAME_ENTRY *e; + + for (;;) { + lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); + if (lastpos == -1) + break; + e = X509_NAME_get_entry(nm, lastpos); + ASN1_STRING *s = X509_NAME_ENTRY_get_data(e); + printf("Authority=%s\n", reinterpret_cast(ASN1_STRING_get0_data(s))); + } + } + } else { + printf("Authority=(unavailable)\n"); + } + } + PKCS7_free(p7); + } + + if (Swap(directory->teamIDOffset) > 0) + printf("TeamIdentifier=%s\n", blob + best->second.offset + Swap(directory->teamIDOffset)); + else + printf("TeamIdentifier=not set\n"); } }