Code signing question

Comments about the book, Requests for content to be covered in the 2nd Edition? Post them here!

Code signing question

Postby vega01 » Thu Jun 15, 2017 10:54 am

Hi,

Paragraph "Encoding requirements" in "Code Signing" chapter states that requirements blob magic is 0xfade0c00, while in Output 5-3 listing the MagicRequirementSet bytes are "fa de 0c 01". Is it a typo in the "Encoding requirements"?

Also I believe paragraph LC_CODE_SIGNATURE includes a little mistake where it says that code signature component blobs are encoded little endian. Below the already mentioned Output 5-3 we can find correct information that the fields are encoded big endian.
vega01
 
Posts: 19
Joined: Mon Sep 28, 2015 4:59 pm

Re: Code signing question

Postby darkknight » Fri Jun 16, 2017 12:12 am

Checking the xnu sources I see the following magic numbers from codesign.h
enum {
CSMAGIC_REQUIREMENT = 0xfade0c00, /* single Requirement blob */
CSMAGIC_REQUIREMENTS = 0xfade0c01, /* Requirements vector (internal requirements) */

CSMAGIC_CODEDIRECTORY = 0xfade0c02, /* CodeDirectory blob */
CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0, /* embedded form of signature data */
CSMAGIC_EMBEDDED_SIGNATURE_OLD = 0xfade0b02, /* XXX */
CSMAGIC_EMBEDDED_ENTITLEMENTS = 0xfade7171, /* embedded entitlements */
CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1, /* multi-arch collection of embedded signatures */
CSMAGIC_BLOBWRAPPER = 0xfade0b01, /* CMS Signature, among other things */


https://opensource.apple.com/source/xnu/xnu-3248.60.10/bsd/sys/codesign.h.auto.html

I assume the MagicRequirementSet is CSMAGIC_REQUIREMENTS above....
darkknight
 
Posts: 66
Joined: Mon Apr 18, 2016 10:49 pm

Re: Code signing question

Postby vega01 » Mon Jun 19, 2017 6:33 pm

Thanks! I should have checked the source code before asking...
As per Apple Code Signing Guide:
A requirement set is a collection of distinct requirements, each indexed (tagged) with a type code.
vega01
 
Posts: 19
Joined: Mon Sep 28, 2015 4:59 pm

Re: Code signing question

Postby morpheus » Wed Jun 21, 2017 1:03 am

Little/Big endian is indeed a mixup. sorry, and thanks for noticing.

FYI, these should go in errata.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm


Return to *OS Internals - 2nd Edition

Who is online

Users browsing this forum: No registered users and 1 guest