add calulated cdhash to codesign

blacktop · Jul 22, 2020 · a3b265c · a3b265c
1 parent 41cdc68
commit a3b265c
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 5 deletions.
diff --git a/cmds.go b/cmds.go
@@ -628,8 +628,9 @@ type CodeSignature struct {
 	Size          uint32
 	ID            string
 	TeamID        string
+	CDHash        string
 	CodeDirectory ctypes.CodeDirectory
-	Requirements  []ctypes.Requirement
+	Requirements  ctypes.Requirement
 	CMSSignature  []byte
 	Entitlements  string
 }

diff --git a/file.go b/file.go
@@ -653,6 +653,8 @@ func NewFile(r io.ReaderAt, loads ...types.LoadCmd) (*File, error) {
 				return nil, err
 			}
 			l.ID = cs.ID
+			l.TeamID = cs.TeamID
+			l.CDHash = cs.CDHash
 			l.CodeDirectory = cs.CodeDirectory
 			l.Requirements = cs.Requirements
 			l.CMSSignature = cs.CMSSignature

diff --git a/pkg/codesign/codesign.go b/pkg/codesign/codesign.go
@@ -3,6 +3,7 @@ package codesign
 import (
 	"bufio"
 	"bytes"
+	"crypto/sha256"
 	"encoding/binary"
 	"fmt"
 	"io"
@@ -39,7 +40,16 @@ func ParseCodeSignature(cmddat []byte) (*types.CodeSignature, error) {
 			if err := binary.Read(r, binary.BigEndian, &cs.CodeDirectory); err != nil {
 				return nil, err
 			}
-			// TODO parse all the cdhashs
+			// Calculate the cdhashs
+			r.Seek(int64(index.Offset), io.SeekStart)
+			cdData := make([]byte, cs.CodeDirectory.Length)
+			if err := binary.Read(r, binary.LittleEndian, &cdData); err != nil {
+				return nil, err
+			}
+			h := sha256.New()
+			h.Write(cdData)
+			cs.CDHash = fmt.Sprintf("%x", h.Sum(nil))
+			// Parse version
 			switch cs.CodeDirectory.Version {
 			case types.SUPPORTS_SCATTER:
 				if cs.CodeDirectory.ScatterOffset > 0 {
@@ -97,7 +107,6 @@ func ParseCodeSignature(cmddat []byte) (*types.CodeSignature, error) {
 				}
 			}
 		case types.CSSLOT_REQUIREMENTS:
-			// TODO find out if there can be more than one requirement(s)
 			req := types.Requirement{}
 			if err := binary.Read(r, binary.BigEndian, &req.RequirementsBlob); err != nil {
 				return nil, err
@@ -120,7 +129,7 @@ func ParseCodeSignature(cmddat []byte) (*types.CodeSignature, error) {
 			} else {
 				req.Detail = "empty requirement set"
 			}
-			cs.Requirements = append(cs.Requirements, req)
+			cs.Requirements = req
 		case types.CSSLOT_ENTITLEMENTS:
 			entBlob := types.Blob{}
 			if err := binary.Read(r, binary.BigEndian, &entBlob); err != nil {

diff --git a/pkg/codesign/types/types.go b/pkg/codesign/types/types.go
@@ -10,8 +10,9 @@ type magic uint32
 type CodeSignature struct {
 	ID            string
 	TeamID        string
+	CDHash        string
 	CodeDirectory CodeDirectory
-	Requirements  []Requirement
+	Requirements  Requirement
 	CMSSignature  []byte
 	Entitlements  string
 }