From 9c3635b6eeca14dea544c17fc0497bd205c20b92 Mon Sep 17 00:00:00 2001 From: Cameron Katri Date: Mon, 13 Jun 2022 14:28:49 -0400 Subject: Rename to trustcache Linux contains a `tc(8)` that I was unaware of. https://manpages.debian.org/tc.8 --- .gitignore | 2 +- Makefile | 18 ++++---- README.txt | 22 +++++---- tc.1 | 146 ----------------------------------------------------------- tc.c | 101 ----------------------------------------- trustcache.1 | 146 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ trustcache.c | 101 +++++++++++++++++++++++++++++++++++++++++ 7 files changed, 269 insertions(+), 267 deletions(-) delete mode 100644 tc.1 delete mode 100644 tc.c create mode 100644 trustcache.1 create mode 100644 trustcache.c diff --git a/.gitignore b/.gitignore index 93ac639..2ee8367 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ a.out *.o *.bin -tc +trustcache .vscode diff --git a/Makefile b/Makefile index 7eeb0db..7b7aec9 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -OBJS = tc.o +OBJS = trustcache.o OBJS += append.o create.o info.o remove.o OBJS += machoparse/cdhash.o cache_from_tree.o sort.o OBJS += uuid/gen_uuid.o uuid/pack.o uuid/unpack.o uuid/parse.o uuid/unparse.o uuid/copy.o @@ -19,24 +19,24 @@ else LIBS += -lcrypto endif -all: tc +all: trustcache -install: tc tc.1 +install: trustcache trustcache.1 install -d $(BINDIR) - install -m 755 tc $(BINDIR)/ + install -m 755 trustcache $(BINDIR)/ install -d $(MANDIR)/man1/ - install -m 644 tc.1 $(MANDIR)/man1/ + install -m 644 trustcache.1 $(MANDIR)/man1/ uninstall: - rm -i $(BINDIR)/tc $(MANDIR)/man1/tc.1 + rm -i $(BINDIR)/trustcache $(MANDIR)/man1/trustcache.1 -tc: $(OBJS) +trustcache: $(OBJS) $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@ $(LIBS) -README.txt: tc.1 +README.txt: trustcache.1 mandoc $^ | col -bx > $@ clean: - rm -f tc $(OBJS) + rm -f trustcache $(OBJS) .PHONY: all clean install uninstall diff --git a/README.txt b/README.txt index 54c313d..12da2b3 100644 --- a/README.txt +++ b/README.txt @@ -1,18 +1,19 @@ -TC(1) General Commands Manual TC(1) +TRUSTCACHE(1) General Commands Manual TRUSTCACHE(1) NAME - tc – Create and interact with trustcaches + trustcache – Create and interact with trustcaches SYNOPSIS - tc append [-f flags] [-u uuid | 0] infile file ... - tc create [-u uuid] [-v version] outfile file ... - tc info [-c] [-h] [-e entrynum] file - tc remove [-k] file hash ... + trustcache append [-f flags] [-u uuid | 0] infile file ... + trustcache create [-u uuid] [-v version] outfile file ... + trustcache info [-c] [-h] [-e entrynum] file + trustcache remove [-k] file hash ... DESCRIPTION - The tc utility is used to get info about and modify Apple trustcaches. + The trustcache utility is used to get info about and modify Apple + trustcaches. - The following commands are supported by tc: + The following commands are supported by trustcache: append [-f flags] [-u uuid | 0] infile file ... Modify the trustcache at infile to include each signed Mach-O at @@ -47,12 +48,13 @@ DESCRIPTION be printed. EXIT STATUS - The tc utility exits 0 on success, and >0 if an error occurs. + The trustcache utility exits 0 on success, and >0 if an error occurs. SEE ALSO cryptex-dump-trust-cache(1), cryptex-generate-trust-cache(1) HISTORY - The tc utility was written by Cameron Katri . + The trustcache utility was written by Cameron Katri + . FreeBSD 14.0-CURRENT May 19, 2022 FreeBSD 14.0-CURRENT diff --git a/tc.1 b/tc.1 deleted file mode 100644 index 8c5431b..0000000 --- a/tc.1 +++ /dev/null @@ -1,146 +0,0 @@ -.\"- -.\" Copyright (c) 2022 Cameron Katri. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY CAMERON KATRI AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL CAMERON KATRI OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd May 19, 2022 -.Dt TC 1 -.Os -.Sh NAME -.Nm tc -.Nd Create and interact with trustcaches -.Sh SYNOPSIS -.Nm -.Cm append -.Op Fl f Ar flags -.Op Fl u Ar uuid | 0 -.Ar infile -.Ar -.Nm -.Cm create -.Op Fl u Ar uuid -.Op Fl v Ar version -.Ar outfile -.Ar -.Nm -.Cm info -.Op Fl c -.Op Fl h -.Op Fl e Ar entrynum -.Ar file -.Nm -.Cm remove -.Op Fl k -.Ar file -.Ar hash ... -.Sh DESCRIPTION -The -.Nm -utility is used to get info about and modify Apple trustcaches. -.Pp -The following commands are supported by -.Nm : -.Bl -tag -width create -.It Xo -.Cm append -.Op Fl f Ar flags -.Op Fl u Ar uuid | 0 -.Ar infile -.Ar -.Xc -Modify the trustcache at -.Ar infile -to include each signed Mach-O at the specified paths. -If -.Ar file -is both 40 characters and hexadecimal, that hash will be added to the cache. -.Ar uuid -is used to specify a custom uuid to be used. -If it is -.Ar 0 , -the uuid will be left the same, otherwise, it will be regenerated. -If -.Fl f -is specified, any new entries with have the flags specified at -.Ar flags . -.It Xo -.Cm create -.Op Fl u Ar uuid -.Op Fl v Ar version -.Ar outfile -.Ar -.Xc -Create a trustcache at -.Ar outfile . -Each Mach-O found in the specified inputs will be scanned for -a code signature and hashed. -Any malformed or unsigned Mach-O will be ignored. -Each slice of a FAT binary will have its hash included. -Versions 0 and 1 are supported, if not specified, 1 is assumed. -If -.Ar uuid -is specified, that will be used instead of a randomly generated one. -.It Xo -.Cm info -.Op Fl c -.Op Fl h -.Op Fl e Ar entrynum -.Ar file -.Xc -Print information about -.Ar file . -The output for each hash will be in the format: -.Pp -.Dl [] -.Pp -If the -.Fl c -is given, only the hashes will be printed. -If -.Fl h -is given, only the header will be printed. -If -.Ar entrynum -is specified, only that entry will be printed. -.It Xo -.Cm remove -.Op Fl k -.Ar file -.Ar hash ... -.Xc -Remove each specified hash from -.Ar file . -If -.Fl k -is specified, the uuid will not be regenerated. -The number of removed entries will be printed. -.El -.Sh EXIT STATUS -.Ex -std -.Sh SEE ALSO -.Xr cryptex-dump-trust-cache 1 , -.Xr cryptex-generate-trust-cache 1 -.Sh HISTORY -The -.Nm -utility was written by -.An Cameron Katri Aq Mt me@cameronkatri.com . diff --git a/tc.c b/tc.c deleted file mode 100644 index 6142057..0000000 --- a/tc.c +++ /dev/null @@ -1,101 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause - * - * Copyright (c) 2022 Cameron Katri. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY CAMERON KATRI AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL CAMERON KATRI OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "trustcache.h" - -int -main(int argc, char **argv) -{ - if (argc < 2) { -help: - fprintf(stderr, "Usage: tc append [-f flags] [-u uuid | 0] infile file ...\n" - " tc create [-u uuid] [-v version] outfile file ...\n" - " tc info [-c] [-h] [-e entrynum] file\n" - " tc remove [-k] file hash ...\n\n" - "See tc(1) for more information\n"); - exit(1); - } - - int ret = 1; - - if (strcmp(argv[1], "info") == 0) - ret = tcinfo(argc - 1, argv + 1); - else if (strcmp(argv[1], "create") == 0) - ret = tccreate(argc - 1, argv + 1); - else if (strcmp(argv[1], "append") == 0) - ret = tcappend(argc - 1, argv + 1); - else if (strcmp(argv[1], "remove") == 0) - ret = tcremove(argc - 1, argv + 1); - else - fprintf(stderr, "Unknown subcommand %s\n", argv[1]); - - if (ret == -1) - goto help; - - return ret; -} - -struct trust_cache -opentrustcache(const char *path) -{ - FILE *f; - struct trust_cache cache; - - if ((f = fopen(path, "r")) == NULL) { - fprintf(stderr, "%s: %s\n", path, strerror(errno)); - exit(1); - } - - fread(&cache, sizeof(struct trust_cache) - sizeof(struct trust_cache_entry1*), 1, f); - cache.version = le32toh(cache.version); - cache.num_entries = le32toh(cache.num_entries); - - if (cache.version == 0) { - if ((cache.hashes = calloc(cache.num_entries, sizeof(trust_cache_hash0))) == NULL) - exit(EX_OSERR); - fread(cache.hashes, sizeof(trust_cache_hash0), cache.num_entries, f); - } else if (cache.version == 1) { - if ((cache.entries = calloc(cache.num_entries, sizeof(struct trust_cache_entry1))) == NULL) - exit(EX_OSERR); - fread(cache.entries, sizeof(struct trust_cache_entry1), cache.num_entries, f); - } else { - fprintf(stderr, "%s: Unsupported version %i\n", path, cache.version); - exit(1); - } - - fclose(f); - return cache; -} diff --git a/trustcache.1 b/trustcache.1 new file mode 100644 index 0000000..68ec6e5 --- /dev/null +++ b/trustcache.1 @@ -0,0 +1,146 @@ +.\"- +.\" Copyright (c) 2022 Cameron Katri. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY CAMERON KATRI AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL CAMERON KATRI OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd May 19, 2022 +.Dt TRUSTCACHE 1 +.Os +.Sh NAME +.Nm trustcache +.Nd Create and interact with trustcaches +.Sh SYNOPSIS +.Nm +.Cm append +.Op Fl f Ar flags +.Op Fl u Ar uuid | 0 +.Ar infile +.Ar +.Nm +.Cm create +.Op Fl u Ar uuid +.Op Fl v Ar version +.Ar outfile +.Ar +.Nm +.Cm info +.Op Fl c +.Op Fl h +.Op Fl e Ar entrynum +.Ar file +.Nm +.Cm remove +.Op Fl k +.Ar file +.Ar hash ... +.Sh DESCRIPTION +The +.Nm +utility is used to get info about and modify Apple trustcaches. +.Pp +The following commands are supported by +.Nm : +.Bl -tag -width create +.It Xo +.Cm append +.Op Fl f Ar flags +.Op Fl u Ar uuid | 0 +.Ar infile +.Ar +.Xc +Modify the trustcache at +.Ar infile +to include each signed Mach-O at the specified paths. +If +.Ar file +is both 40 characters and hexadecimal, that hash will be added to the cache. +.Ar uuid +is used to specify a custom uuid to be used. +If it is +.Ar 0 , +the uuid will be left the same, otherwise, it will be regenerated. +If +.Fl f +is specified, any new entries with have the flags specified at +.Ar flags . +.It Xo +.Cm create +.Op Fl u Ar uuid +.Op Fl v Ar version +.Ar outfile +.Ar +.Xc +Create a trustcache at +.Ar outfile . +Each Mach-O found in the specified inputs will be scanned for +a code signature and hashed. +Any malformed or unsigned Mach-O will be ignored. +Each slice of a FAT binary will have its hash included. +Versions 0 and 1 are supported, if not specified, 1 is assumed. +If +.Ar uuid +is specified, that will be used instead of a randomly generated one. +.It Xo +.Cm info +.Op Fl c +.Op Fl h +.Op Fl e Ar entrynum +.Ar file +.Xc +Print information about +.Ar file . +The output for each hash will be in the format: +.Pp +.Dl [] +.Pp +If the +.Fl c +is given, only the hashes will be printed. +If +.Fl h +is given, only the header will be printed. +If +.Ar entrynum +is specified, only that entry will be printed. +.It Xo +.Cm remove +.Op Fl k +.Ar file +.Ar hash ... +.Xc +Remove each specified hash from +.Ar file . +If +.Fl k +is specified, the uuid will not be regenerated. +The number of removed entries will be printed. +.El +.Sh EXIT STATUS +.Ex -std +.Sh SEE ALSO +.Xr cryptex-dump-trust-cache 1 , +.Xr cryptex-generate-trust-cache 1 +.Sh HISTORY +The +.Nm +utility was written by +.An Cameron Katri Aq Mt me@cameronkatri.com . diff --git a/trustcache.c b/trustcache.c new file mode 100644 index 0000000..adc594c --- /dev/null +++ b/trustcache.c @@ -0,0 +1,101 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2022 Cameron Katri. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY CAMERON KATRI AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL CAMERON KATRI OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trustcache.h" + +int +main(int argc, char **argv) +{ + if (argc < 2) { +help: + fprintf(stderr, "Usage: trustcache append [-f flags] [-u uuid | 0] infile file ...\n" + " trustcache create [-u uuid] [-v version] outfile file ...\n" + " trustcache info [-c] [-h] [-e entrynum] file\n" + " trustcache remove [-k] file hash ...\n\n" + "See trustcache(1) for more information\n"); + exit(1); + } + + int ret = 1; + + if (strcmp(argv[1], "info") == 0) + ret = tcinfo(argc - 1, argv + 1); + else if (strcmp(argv[1], "create") == 0) + ret = tccreate(argc - 1, argv + 1); + else if (strcmp(argv[1], "append") == 0) + ret = tcappend(argc - 1, argv + 1); + else if (strcmp(argv[1], "remove") == 0) + ret = tcremove(argc - 1, argv + 1); + else + fprintf(stderr, "Unknown subcommand %s\n", argv[1]); + + if (ret == -1) + goto help; + + return ret; +} + +struct trust_cache +opentrustcache(const char *path) +{ + FILE *f; + struct trust_cache cache; + + if ((f = fopen(path, "r")) == NULL) { + fprintf(stderr, "%s: %s\n", path, strerror(errno)); + exit(1); + } + + fread(&cache, sizeof(struct trust_cache) - sizeof(struct trust_cache_entry1*), 1, f); + cache.version = le32toh(cache.version); + cache.num_entries = le32toh(cache.num_entries); + + if (cache.version == 0) { + if ((cache.hashes = calloc(cache.num_entries, sizeof(trust_cache_hash0))) == NULL) + exit(EX_OSERR); + fread(cache.hashes, sizeof(trust_cache_hash0), cache.num_entries, f); + } else if (cache.version == 1) { + if ((cache.entries = calloc(cache.num_entries, sizeof(struct trust_cache_entry1))) == NULL) + exit(EX_OSERR); + fread(cache.entries, sizeof(struct trust_cache_entry1), cache.num_entries, f); + } else { + fprintf(stderr, "%s: Unsupported version %i\n", path, cache.version); + exit(1); + } + + fclose(f); + return cache; +} -- cgit v1.2.3