Documentation

Overview

    Package codesign provides basic functionalities for ad-hoc code signing of Mach-O files.

    This is not a general tool for code-signing. It is made specifically for the Go toolchain. It uses the same ad-hoc signing algorithm as the Darwin linker.

    Index

    Constants

    View Source
    const (
    	CSMAGIC_REQUIREMENT        = 0xfade0c00 // single Requirement blob
    	CSMAGIC_REQUIREMENTS       = 0xfade0c01 // Requirements vector (internal requirements)
    	CSMAGIC_CODEDIRECTORY      = 0xfade0c02 // CodeDirectory blob
    	CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0 // embedded form of signature data
    	CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1 // multi-arch collection of embedded signatures
    
    	CSSLOT_CODEDIRECTORY = 0 // slot index for CodeDirectory
    )
    View Source
    const (
    	CS_HASHTYPE_SHA1             = 1
    	CS_HASHTYPE_SHA256           = 2
    	CS_HASHTYPE_SHA256_TRUNCATED = 3
    	CS_HASHTYPE_SHA384           = 4
    )
    View Source
    const (
    	CS_EXECSEG_MAIN_BINARY     = 0x1   // executable segment denotes main binary
    	CS_EXECSEG_ALLOW_UNSIGNED  = 0x10  // allow unsigned pages (for debugging)
    	CS_EXECSEG_DEBUGGER        = 0x20  // main binary is debugger
    	CS_EXECSEG_JIT             = 0x40  // JIT enabled
    	CS_EXECSEG_SKIP_LV         = 0x80  // skip library validation
    	CS_EXECSEG_CAN_LOAD_CDHASH = 0x100 // can bless cdhash for execution
    	CS_EXECSEG_CAN_EXEC_CDHASH = 0x200 // can execute blessed cdhash
    )
    View Source
    const LC_CODE_SIGNATURE = 0x1d

    Variables

    This section is empty.

    Functions

    func Sign

    func Sign(out []byte, data io.Reader, id string, codeSize, textOff, textSize int64, isMain bool)

      Sign generates an ad-hoc code signature and writes it to out. out must have length at least Size(codeSize, id). data is the file content without the signature, of size codeSize. textOff and textSize is the file offset and size of the text segment. isMain is true if this is a main executable. id is the identifier used for signing (a field in CodeDirectory blob, which has no significance in ad-hoc signing).

      func Size

      func Size(codeSize int64, id string) int64

        Size computes the size of the code signature. id is the identifier used for signing (a field in CodeDirectory blob, which has no significance in ad-hoc signing).

        Types

        type Blob

        type Blob struct {
        	// contains filtered or unexported fields
        }

        type CodeDirectory

        type CodeDirectory struct {
        	// contains filtered or unexported fields
        }

        type CodeSigCmd

        type CodeSigCmd struct {
        	Cmd      uint32 // LC_CODE_SIGNATURE
        	Cmdsize  uint32 // sizeof this command (16)
        	Dataoff  uint32 // file offset of data in __LINKEDIT segment
        	Datasize uint32 // file size of data in __LINKEDIT segment
        }

          CodeSigCmd is Mach-O LC_CODE_SIGNATURE load command.

          func FindCodeSigCmd

          func FindCodeSigCmd(f *macho.File) (CodeSigCmd, bool)

          type SuperBlob

          type SuperBlob struct {
          	// contains filtered or unexported fields
          }

          Source Files