codesign

package standard library

go1.16 Latest Latest Go to latest Published: Feb 16, 2021 License: BSD-3-Clause Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

cs.opensource.google/go/go

Links

Report a Vulnerability

Documentation ¶

Overview ¶

Package codesign provides basic functionalities for ad-hoc code signing of Mach-O files.

This is not a general tool for code-signing. It is made specifically for the Go toolchain. It uses the same ad-hoc signing algorithm as the Darwin linker.

Index ¶

Constants
func Sign(out []byte, data io.Reader, id string, codeSize, textOff, textSize int64, ...)
func Size(codeSize int64, id string) int64
type Blob
type CodeDirectory
type CodeSigCmd
- func FindCodeSigCmd(f *macho.File) (CodeSigCmd, bool)
type SuperBlob

Constants ¶

View Source

const (
	CSMAGIC_REQUIREMENT        = 0xfade0c00 // single Requirement blob
	CSMAGIC_REQUIREMENTS       = 0xfade0c01 // Requirements vector (internal requirements)
	CSMAGIC_CODEDIRECTORY      = 0xfade0c02 // CodeDirectory blob
	CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0 // embedded form of signature data
	CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1 // multi-arch collection of embedded signatures

	CSSLOT_CODEDIRECTORY = 0 // slot index for CodeDirectory
)

View Source

const (
	CS_HASHTYPE_SHA1             = 1
	CS_HASHTYPE_SHA256           = 2
	CS_HASHTYPE_SHA256_TRUNCATED = 3
	CS_HASHTYPE_SHA384           = 4
)

View Source

const (
	CS_EXECSEG_MAIN_BINARY     = 0x1   // executable segment denotes main binary
	CS_EXECSEG_ALLOW_UNSIGNED  = 0x10  // allow unsigned pages (for debugging)
	CS_EXECSEG_DEBUGGER        = 0x20  // main binary is debugger
	CS_EXECSEG_JIT             = 0x40  // JIT enabled
	CS_EXECSEG_SKIP_LV         = 0x80  // skip library validation
	CS_EXECSEG_CAN_LOAD_CDHASH = 0x100 // can bless cdhash for execution
	CS_EXECSEG_CAN_EXEC_CDHASH = 0x200 // can execute blessed cdhash
)

View Source

const LC_CODE_SIGNATURE = 0x1d

Variables ¶

This section is empty.

Functions ¶

func Sign ¶

func Sign(out []byte, data io.Reader, id string, codeSize, textOff, textSize int64, isMain bool)

Sign generates an ad-hoc code signature and writes it to out. out must have length at least Size(codeSize, id). data is the file content without the signature, of size codeSize. textOff and textSize is the file offset and size of the text segment. isMain is true if this is a main executable. id is the identifier used for signing (a field in CodeDirectory blob, which has no significance in ad-hoc signing).

func Size ¶

func Size(codeSize int64, id string) int64

Size computes the size of the code signature. id is the identifier used for signing (a field in CodeDirectory blob, which has no significance in ad-hoc signing).

Types ¶

type Blob ¶

type Blob struct {
	// contains filtered or unexported fields
}

type CodeDirectory ¶

type CodeDirectory struct {
	// contains filtered or unexported fields
}

type CodeSigCmd ¶

type CodeSigCmd struct {
	Cmd      uint32 // LC_CODE_SIGNATURE
	Cmdsize  uint32 // sizeof this command (16)
	Dataoff  uint32 // file offset of data in __LINKEDIT segment
	Datasize uint32 // file size of data in __LINKEDIT segment
}

CodeSigCmd is Mach-O LC_CODE_SIGNATURE load command.

func FindCodeSigCmd ¶

func FindCodeSigCmd(f *macho.File) (CodeSigCmd, bool)

type SuperBlob ¶

type SuperBlob struct {
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

codesign.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL