diff options
Diffstat (limited to 'ldid.cpp')
-rw-r--r-- | ldid.cpp | 66 |
1 files changed, 55 insertions, 11 deletions
@@ -43,10 +43,15 @@ #include <sys/types.h> #ifndef LDID_NOSMIME +#include <openssl/opensslv.h> +# if OPENSSL_VERSION_MAJOR >= 3 +# include <openssl/provider.h> +# endif #include <openssl/err.h> #include <openssl/pem.h> #include <openssl/pkcs7.h> #include <openssl/pkcs12.h> +#include <openssl/ui.h> #endif #ifdef __APPLE__ @@ -141,6 +146,10 @@ #define _packed \ __attribute__((packed)) +#ifndef LDID_NOSMIME +std::string password; +#endif + template <typename Type_> struct Iterator_ { typedef typename Type_::const_iterator Result; @@ -187,8 +196,9 @@ Scope<Function_> _scope(const Function_ &function) { #define _scope(function) \ _scope_(__COUNTER__, function) -#define CPU_ARCH_MASK uint32_t(0xff000000) -#define CPU_ARCH_ABI64 uint32_t(0x01000000) +#define CPU_ARCH_MASK uint32_t(0xff000000) +#define CPU_ARCH_ABI64 uint32_t(0x01000000) +#define CPU_ARCH_ABI64_32 uint32_t(0x02000000) #define CPU_TYPE_ANY uint32_t(-1) #define CPU_TYPE_VAX uint32_t( 1) @@ -207,6 +217,7 @@ Scope<Function_> _scope(const Function_ &function) { #define CPU_TYPE_ARM64 (CPU_ARCH_ABI64 | CPU_TYPE_ARM) #define CPU_TYPE_POWERPC64 (CPU_ARCH_ABI64 | CPU_TYPE_POWERPC) #define CPU_TYPE_X86_64 (CPU_ARCH_ABI64 | CPU_TYPE_X86) +#define CPU_TYPE_ARM64_32 (CPU_TYPE_ARM | CPU_ARCH_ABI64_32) struct fat_header { uint32_t magic; @@ -1242,10 +1253,10 @@ static const std::vector<Algorithm *> &GetAlgorithms() { static std::vector<Algorithm *> algorithms; if (algorithms.empty()) { - if (do_sha1) - algorithms.push_back(&sha1); if (do_sha256) algorithms.push_back(&sha256); + if (do_sha1) + algorithms.push_back(&sha1); } return algorithms; @@ -1474,6 +1485,7 @@ static void Allocate(const void *idata, size_t isize, std::streambuf &output, co break; case CPU_TYPE_ARM: case CPU_TYPE_ARM64: + case CPU_TYPE_ARM64_32: align = 0xe; break; default: @@ -1501,6 +1513,9 @@ static void Allocate(const void *idata, size_t isize, std::streambuf &output, co case CPU_TYPE_ARM64: arch = "arm64"; break; + case CPU_TYPE_ARM64_32: + arch = "arm64_32"; + break; } offset = Align(offset, 1 << align); @@ -1786,8 +1801,14 @@ class Stuff { ca_(NULL) { _assert(value_ != NULL); - _assert(PKCS12_parse(value_, "", &key_, &cert_, &ca_) != 0); + if (!PKCS12_verify_mac(value_, "", 0) && password.empty()) { + char passbuf[2048]; + UI_UTIL_read_pw_string(passbuf, 2048, "Enter password: ", 0); + password = passbuf; + } + + _assert(PKCS12_parse(value_, password.c_str(), &key_, &cert_, &ca_) != 0); _assert(key_ != NULL); _assert(cert_ != NULL); @@ -2019,7 +2040,7 @@ static void get(std::string &value, X509_NAME *name, int nid) { _assert(entry != NULL); auto asn(X509_NAME_ENTRY_get_data(entry)); _assert(asn != NULL); - value.assign(reinterpret_cast<char *>(ASN1_STRING_data(asn)), ASN1_STRING_length(asn)); + value.assign(reinterpret_cast<const char *>(ASN1_STRING_get0_data(asn)), ASN1_STRING_length(asn)); } #endif @@ -2716,7 +2737,7 @@ struct Rule { Mode mode_; std::string code_; - mutable std::auto_ptr<Expression> regex_; + mutable std::unique_ptr<Expression> regex_; Rule(unsigned weight, Mode mode, const std::string &code) : weight_(weight), @@ -3089,16 +3110,28 @@ std::string Hex(const uint8_t *data, size_t size) { } static void usage(const char *argv0) { - fprintf(stderr, "usage: %s -S[entitlements.xml] <binary>\n", argv0); - fprintf(stderr, " %s -e MobileSafari\n", argv0); - fprintf(stderr, " %s -S cat\n", argv0); - fprintf(stderr, " %s -Stfp.xml gdb\n", argv0); + fprintf(stderr, "Link Identity Editor %s\n\n", LDID_VERSION); + fprintf(stderr, "usage: %s [-Acputype:subtype] [-a] [-C[adhoc | enforcement | expires | hard |\n", argv0); + fprintf(stderr, " host | kill | library-validation | restrict | runtime]] [-D] [-d]\n"); + fprintf(stderr, " [-Enum:file] [-e] [-h] [-Kkey.p12 [-Upassword]] [-M] [-P] [-q]\n"); + fprintf(stderr, " [-r | -Sfile | -s] [-Ttimestamp] [-u] file ...\n\n"); + fprintf(stderr, "Options:\n"); + fprintf(stderr, " -S[file.xml] Pseudo-sign using the entitlements in file.xml\n"); + fprintf(stderr, " -Kkey.p12 Sign using private key in key.p12\n"); + fprintf(stderr, " -Upassword Use password to unlock key.p12\n"); + fprintf(stderr, " -M Merge entitlements with any existing\n"); + fprintf(stderr, " -h Print CDHash of file\n\n"); + fprintf(stderr, "More information: 'man ldid'\n"); } #ifndef LDID_NOTOOLS int main(int argc, char *argv[]) { #ifndef LDID_NOSMIME OpenSSL_add_all_algorithms(); +# if OPENSSL_VERSION_MAJOR >= 3 + OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); + OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(NULL, "default"); +# endif #endif union { @@ -3280,6 +3313,10 @@ int main(int argc, char *argv[]) { flag_M = true; break; + case 'U': + password = argv[argi] + 2; + break; + case 'K': if (argv[argi][2] != '\0') key.open(argv[argi] + 2, O_RDONLY, PROT_READ, MAP_PRIVATE); @@ -3573,6 +3610,13 @@ int main(int argc, char *argv[]) { ++filei; } +#ifndef LDID_NOSMIME +# if OPENSSL_VERSION_MAJOR >= 3 + OSSL_PROVIDER_unload(legacy); + OSSL_PROVIDER_unload(deflt); +# endif +#endif + return filee; } #endif |