Use OpenSSL to sign instead of template blob

[dhinakg]

Instead of using a crafted template blob, use OpenSSL to add a signer to the App Store CMS blob. With future work, this will let us use the code directory + CMS blob from a donor binary.

• Replace template blob with unmodified App Store CMS blob
• Remove decrypted signature file and SignOSSL (no longer needed)
• Add DER-encoded CDHash template file (this is always a fixed format, so safe to hardcode)
• Create a new certificate with extraneous fields removed so that OpenSSL puts our SignerInfo first

Resulting binaries tested on:

• [X] arm64 (iPhone 8), 16.5 beta 4
• [X] arm64 (iPhone 6s), 15.6 RC
• [x] arm64e (iPad Pro 11-inch, 3rd gen), 16.5

Notes:

• We're encoding plists so this introduces a dependency on CoreFoundation
• Need to verify the minimum version of OpenSSL required. Testing was conducted with 3.2, but I think all the functions are in at least 3.0?
  • UPDATE: Tested with OpenSSL 1.1, it works
• Should the signing code be moved somewhere else or stay in ct_bypass? With some adaptation, this could be used for normal signing, but not out of the box
• Need more testing
• Please double-check my memory management

[alfiecg24]

We're encoding plists so this introduces a dependency on CoreFoundation

That's no worries, it wouldn't build on non-Darwin systems anyway.

Should the signing code be moved somewhere else or stay in ct_bypass? With some adaptation, this could be used for normal signing, but not out of the box

At some point, I plan to add ad-hoc signing support to ChOma, so I'll probably move everything around when I get around to it. Until then, it can stay where it is.

[alfiecg24]

Does this work out-of-the-box with TrollStore compilation too?

[dhinakg]

Yup, after copying the updated code into fastPathSign it should just build. I have not retested TrollStore since ChOma became a submodule though