Code signing question

Post a reply

:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Topic review
   

Expand view Topic review: Code signing question

Re: Code signing question

Post by morpheus » Wed Jun 21, 2017 1:03 am

Little/Big endian is indeed a mixup. sorry, and thanks for noticing.

FYI, these should go in errata.

Re: Code signing question

Post by vega01 » Mon Jun 19, 2017 6:33 pm

Thanks! I should have checked the source code before asking...
As per Apple Code Signing Guide:
A requirement set is a collection of distinct requirements, each indexed (tagged) with a type code.

Re: Code signing question

Post by darkknight » Fri Jun 16, 2017 12:12 am

Checking the xnu sources I see the following magic numbers from codesign.h
enum {
CSMAGIC_REQUIREMENT = 0xfade0c00, /* single Requirement blob */
CSMAGIC_REQUIREMENTS = 0xfade0c01, /* Requirements vector (internal requirements) */

CSMAGIC_CODEDIRECTORY = 0xfade0c02, /* CodeDirectory blob */
CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0, /* embedded form of signature data */
CSMAGIC_EMBEDDED_SIGNATURE_OLD = 0xfade0b02, /* XXX */
CSMAGIC_EMBEDDED_ENTITLEMENTS = 0xfade7171, /* embedded entitlements */
CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1, /* multi-arch collection of embedded signatures */
CSMAGIC_BLOBWRAPPER = 0xfade0b01, /* CMS Signature, among other things */


https://opensource.apple.com/source/xnu/xnu-3248.60.10/bsd/sys/codesign.h.auto.html

I assume the MagicRequirementSet is CSMAGIC_REQUIREMENTS above....

Code signing question

Post by vega01 » Thu Jun 15, 2017 10:54 am

Hi,

Paragraph "Encoding requirements" in "Code Signing" chapter states that requirements blob magic is 0xfade0c00, while in Output 5-3 listing the MagicRequirementSet bytes are "fa de 0c 01". Is it a typo in the "Encoding requirements"?

Also I believe paragraph LC_CODE_SIGNATURE includes a little mistake where it says that code signature component blobs are encoded little endian. Below the already mentioned Output 5-3 we can find correct information that the fields are encoded big endian.

Top