X-Git-Url: https://git.cameronkatri.com/ldid.git/blobdiff_plain/b8b5f5f7ad454cd5ae65e839f795e569206c1e97..d7d2b141bd5d3cbf2978dd3025b5fab3b43ef537:/ldid.cpp diff --git a/ldid.cpp b/ldid.cpp index c65cb96..6d95057 100644 --- a/ldid.cpp +++ b/ldid.cpp @@ -43,10 +43,15 @@ #include #ifndef LDID_NOSMIME +#include +# if OPENSSL_VERSION_NUMBER >= 0x30000000 +# include +# endif #include #include #include #include +#include #endif #ifdef __APPLE__ @@ -141,6 +146,10 @@ #define _packed \ __attribute__((packed)) +#ifndef LDID_NOSMIME +std::string password; +#endif + template struct Iterator_ { typedef typename Type_::const_iterator Result; @@ -1242,10 +1251,10 @@ static const std::vector &GetAlgorithms() { static std::vector algorithms; if (algorithms.empty()) { - if (do_sha1) - algorithms.push_back(&sha1); if (do_sha256) algorithms.push_back(&sha256); + if (do_sha1) + algorithms.push_back(&sha1); } return algorithms; @@ -1786,8 +1795,14 @@ class Stuff { ca_(NULL) { _assert(value_ != NULL); - _assert(PKCS12_parse(value_, "", &key_, &cert_, &ca_) != 0); + if (!PKCS12_verify_mac(value_, "", 0) && password.empty()) { + char passbuf[2048]; + UI_UTIL_read_pw_string(passbuf, 2048, "Enter password: ", 0); + password = passbuf; + } + + _assert(PKCS12_parse(value_, password.c_str(), &key_, &cert_, &ca_) != 0); _assert(key_ != NULL); _assert(cert_ != NULL); @@ -3090,16 +3105,29 @@ std::string Hex(const uint8_t *data, size_t size) { } static void usage(const char *argv0) { - fprintf(stderr, "usage: %s -S[entitlements.xml] \n", argv0); - fprintf(stderr, " %s -e MobileSafari\n", argv0); - fprintf(stderr, " %s -S cat\n", argv0); - fprintf(stderr, " %s -Stfp.xml gdb\n", argv0); + fprintf(stderr, "Link Identity Editor %s\n\n", LDID_VERSION); + fprintf(stderr, "usage: %s [-Acputype:subtype] [-a]\n", argv0); + fprintf(stderr, " [-C[adhoc | enforcement | expires | hard |\n"); + fprintf(stderr, " host | kill | library-validation | restrict | runtime]] [-D] [-d]\n"); + fprintf(stderr, " [-e] [-h] [-Kkey.p12 [-Upassword]] [-M] [-P] [-q] [-r | -Sfile | -s]\n"); + fprintf(stderr, " [-Ttimestamp] [-u] file ...\n\n"); + fprintf(stderr, "Options:\n"); + fprintf(stderr, " -S[file.xml] Pseudo-sign using the entitlements in file.xml\n"); + fprintf(stderr, " -Kkey.p12 Sign using private key in key.p12\n"); + fprintf(stderr, " -Upassword Use password to unlock key.p12\n"); + fprintf(stderr, " -M Merge entitlements with any existing\n"); + fprintf(stderr, " -h Print CDHash of file\n\n"); + fprintf(stderr, "More information: 'man ldid'\n"); } #ifndef LDID_NOTOOLS int main(int argc, char *argv[]) { #ifndef LDID_NOSMIME OpenSSL_add_all_algorithms(); +# if OPENSSL_VERSION_NUMBER >= 0x30000000 + OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); + OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(NULL, "default"); +# endif #endif union { @@ -3281,6 +3309,10 @@ int main(int argc, char *argv[]) { flag_M = true; break; + case 'U': + password = argv[argi] + 2; + break; + case 'K': if (argv[argi][2] != '\0') key.open(argv[argi] + 2, O_RDONLY, PROT_READ, MAP_PRIVATE); @@ -3574,6 +3606,13 @@ int main(int argc, char *argv[]) { ++filei; } +#ifndef LDID_NOSMINE +# if OPENSSL_VERSION_NUM >= 0x30000000 + OSSL_PROVIDER_unload(legacy); + OSSL_PROVIDER_unload(deflt); +# endif +#endif + return filee; } #endif