...

Package codesign

import "cmd/internal/codesign"
Overview
Index

Overview ▾

Package codesign provides basic functionalities for ad-hoc code signing of Mach-O files.

This is not a general tool for code-signing. It is made specifically for the Go toolchain. It uses the same ad-hoc signing algorithm as the Darwin linker.

Constants

const (
    CSMAGIC_REQUIREMENT        = 0xfade0c00 // single Requirement blob
    CSMAGIC_REQUIREMENTS       = 0xfade0c01 // Requirements vector (internal requirements)
    CSMAGIC_CODEDIRECTORY      = 0xfade0c02 // CodeDirectory blob
    CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0 // embedded form of signature data
    CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1 // multi-arch collection of embedded signatures

    CSSLOT_CODEDIRECTORY = 0 // slot index for CodeDirectory
)
const (
    CS_HASHTYPE_SHA1             = 1
    CS_HASHTYPE_SHA256           = 2
    CS_HASHTYPE_SHA256_TRUNCATED = 3
    CS_HASHTYPE_SHA384           = 4
)
const (
    CS_EXECSEG_MAIN_BINARY     = 0x1   // executable segment denotes main binary
    CS_EXECSEG_ALLOW_UNSIGNED  = 0x10  // allow unsigned pages (for debugging)
    CS_EXECSEG_DEBUGGER        = 0x20  // main binary is debugger
    CS_EXECSEG_JIT             = 0x40  // JIT enabled
    CS_EXECSEG_SKIP_LV         = 0x80  // skip library validation
    CS_EXECSEG_CAN_LOAD_CDHASH = 0x100 // can bless cdhash for execution
    CS_EXECSEG_CAN_EXEC_CDHASH = 0x200 // can execute blessed cdhash
)
const LC_CODE_SIGNATURE = 0x1d

func Sign

func Sign(out []byte, data io.Reader, id string, codeSize, textOff, textSize int64, isMain bool)

Sign generates an ad-hoc code signature and writes it to out. out must have length at least Size(codeSize, id). data is the file content without the signature, of size codeSize. textOff and textSize is the file offset and size of the text segment. isMain is true if this is a main executable. id is the identifier used for signing (a field in CodeDirectory blob, which has no significance in ad-hoc signing).

func Size

func Size(codeSize int64, id string) int64

Size computes the size of the code signature. id is the identifier used for signing (a field in CodeDirectory blob, which has no significance in ad-hoc signing).

type Blob

type Blob struct {
    // contains filtered or unexported fields
}

type CodeDirectory

type CodeDirectory struct {
    // contains filtered or unexported fields
}

type CodeSigCmd

CodeSigCmd is Mach-O LC_CODE_SIGNATURE load command.

type CodeSigCmd struct {
    Cmd      uint32 // LC_CODE_SIGNATURE
    Cmdsize  uint32 // sizeof this command (16)
    Dataoff  uint32 // file offset of data in __LINKEDIT segment
    Datasize uint32 // file size of data in __LINKEDIT segment
}

func FindCodeSigCmd

func FindCodeSigCmd(f *macho.File) (CodeSigCmd, bool)

type SuperBlob

type SuperBlob struct {
    // contains filtered or unexported fields
}