Page 1 of 1

Code signing question

PostPosted: Thu Jun 15, 2017 10:54 am
by vega01
Hi,

Paragraph "Encoding requirements" in "Code Signing" chapter states that requirements blob magic is 0xfade0c00, while in Output 5-3 listing the MagicRequirementSet bytes are "fa de 0c 01". Is it a typo in the "Encoding requirements"?

Also I believe paragraph LC_CODE_SIGNATURE includes a little mistake where it says that code signature component blobs are encoded little endian. Below the already mentioned Output 5-3 we can find correct information that the fields are encoded big endian.

Re: Code signing question

PostPosted: Fri Jun 16, 2017 12:12 am
by darkknight
Checking the xnu sources I see the following magic numbers from codesign.h
enum {
CSMAGIC_REQUIREMENT = 0xfade0c00, /* single Requirement blob */
CSMAGIC_REQUIREMENTS = 0xfade0c01, /* Requirements vector (internal requirements) */

CSMAGIC_CODEDIRECTORY = 0xfade0c02, /* CodeDirectory blob */
CSMAGIC_EMBEDDED_SIGNATURE = 0xfade0cc0, /* embedded form of signature data */
CSMAGIC_EMBEDDED_SIGNATURE_OLD = 0xfade0b02, /* XXX */
CSMAGIC_EMBEDDED_ENTITLEMENTS = 0xfade7171, /* embedded entitlements */
CSMAGIC_DETACHED_SIGNATURE = 0xfade0cc1, /* multi-arch collection of embedded signatures */
CSMAGIC_BLOBWRAPPER = 0xfade0b01, /* CMS Signature, among other things */


https://opensource.apple.com/source/xnu/xnu-3248.60.10/bsd/sys/codesign.h.auto.html

I assume the MagicRequirementSet is CSMAGIC_REQUIREMENTS above....

Re: Code signing question

PostPosted: Mon Jun 19, 2017 6:33 pm
by vega01
Thanks! I should have checked the source code before asking...
As per Apple Code Signing Guide:
A requirement set is a collection of distinct requirements, each indexed (tagged) with a type code.

Re: Code signing question

PostPosted: Wed Jun 21, 2017 1:03 am
by morpheus
Little/Big endian is indeed a mixup. sorry, and thanks for noticing.

FYI, these should go in errata.