github.com/shogo82148/std@v1.22.1-0.20240327122250-4e474527810c/cmd/internal/codesign/codesign.go

github.com/shogo82148/std@v1.22.1-0.20240327122250-4e474527810c/cmd/internal/codesign/codesign.go (about)

     1  // Copyright 2020 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package codesign provides basic functionalities for
     6  // ad-hoc code signing of Mach-O files.
     7  //
     8  // This is not a general tool for code-signing. It is made
     9  // specifically for the Go toolchain. It uses the same
    10  // ad-hoc signing algorithm as the Darwin linker.
    11  package codesign
    12  
    13  import (
    14  	"github.com/shogo82148/std/debug/macho"
    15  	"github.com/shogo82148/std/io"
    16  )
    17  
    18  const LC_CODE_SIGNATURE = 0x1d
    19  
    20  const (
    21  	CSMAGIC_REQUIREMENT        = 0xfade0c00
    22  	CSMAGIC_REQUIREMENTS       = 0xfade0c01
    23  	CSMAGIC_CODEDIRECTORY      = 0xfade0c02
    24  	CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0
    25  	CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1
    26  
    27  	CSSLOT_CODEDIRECTORY = 0
    28  )
    29  
    30  const (
    31  	CS_HASHTYPE_SHA1             = 1
    32  	CS_HASHTYPE_SHA256           = 2
    33  	CS_HASHTYPE_SHA256_TRUNCATED = 3
    34  	CS_HASHTYPE_SHA384           = 4
    35  )
    36  
    37  const (
    38  	CS_EXECSEG_MAIN_BINARY     = 0x1
    39  	CS_EXECSEG_ALLOW_UNSIGNED  = 0x10
    40  	CS_EXECSEG_DEBUGGER        = 0x20
    41  	CS_EXECSEG_JIT             = 0x40
    42  	CS_EXECSEG_SKIP_LV         = 0x80
    43  	CS_EXECSEG_CAN_LOAD_CDHASH = 0x100
    44  	CS_EXECSEG_CAN_EXEC_CDHASH = 0x200
    45  )
    46  
    47  type Blob struct {
    48  	typ    uint32
    49  	offset uint32
    50  }
    51  
    52  type SuperBlob struct {
    53  	magic  uint32
    54  	length uint32
    55  	count  uint32
    56  }
    57  
    58  type CodeDirectory struct {
    59  	magic         uint32
    60  	length        uint32
    61  	version       uint32
    62  	flags         uint32
    63  	hashOffset    uint32
    64  	identOffset   uint32
    65  	nSpecialSlots uint32
    66  	nCodeSlots    uint32
    67  	codeLimit     uint32
    68  	hashSize      uint8
    69  	hashType      uint8
    70  	_pad1         uint8
    71  	pageSize      uint8
    72  	_pad2         uint32
    73  	scatterOffset uint32
    74  	teamOffset    uint32
    75  	_pad3         uint32
    76  	codeLimit64   uint64
    77  	execSegBase   uint64
    78  	execSegLimit  uint64
    79  	execSegFlags  uint64
    80  }
    81  
    82  // CodeSigCmd is Mach-O LC_CODE_SIGNATURE load command.
    83  type CodeSigCmd struct {
    84  	Cmd      uint32
    85  	Cmdsize  uint32
    86  	Dataoff  uint32
    87  	Datasize uint32
    88  }
    89  
    90  func FindCodeSigCmd(f *macho.File) (CodeSigCmd, bool)
    91  
    92  // Size computes the size of the code signature.
    93  // id is the identifier used for signing (a field in CodeDirectory blob, which
    94  // has no significance in ad-hoc signing).
    95  func Size(codeSize int64, id string) int64
    96  
    97  // Sign generates an ad-hoc code signature and writes it to out.
    98  // out must have length at least Size(codeSize, id).
    99  // data is the file content without the signature, of size codeSize.
   100  // textOff and textSize is the file offset and size of the text segment.
   101  // isMain is true if this is a main executable.
   102  // id is the identifier used for signing (a field in CodeDirectory blob, which
   103  // has no significance in ad-hoc signing).
   104  func Sign(out []byte, data io.Reader, id string, codeSize, textOff, textSize int64, isMain bool)