apple_codesign

Module dmg

Source
Expand description

DMG file handling.

DMG files can have code signatures as well. However, the mechanism is a bit different from Mach-O files.

The last 512 bytes of a DMG are a “koly” structure, which we represent by KolyTrailer. Within the KolyTrailer are a pair of u64 denoting the file offset and size of an embedded code signature.

The embedded code signature is a signature superblob, as represented by our EmbeddedSignature.

Apple’s codesign appears to write the Code Directory, Requirement Set, and CMS Signature slots. However, Requirement Set is empty and the CMS blob may have no data (just a blob header).

Within the Code Directory, the code limit field is the offset of the start of code signature superblob and there is exactly a single code digest. Unlike Mach-O files which digest in 4kb chunks, the full content of the DMG up to the superblob are digested in full. However, the page size is advertised as 1, which codesign reports as none.

The Code Directory also contains a digest in the Rep Specific slot. This digest is over the “koly” trailer, but with the u64 for the code signature size field zeroed out. This is likely zeroed to prevent a circular dependency: you won’t know the size of the CMS payload until the signature is created so you can’t fill in a known value ahead of time. It’s worth noting that for Mach-O, the superblob is padded with zeroes so the size of the __LINKEDIT segment can be known before the signature is made. DMG can likely get away without padding because the “koly” trailer is at the end of the file and any junk between the code signature and trailer will be ignored or corrupt one of the data structures.

The Code Directory version is 0x20100.

DMGs are stapled by adding an additional ticket slot to the superblob. However, this slot’s digest is not recorded in the code directory, as stapling occurs after signing and modifying the code directory would modify the code directory and invalidate prior signatures.

Structs§

Functions§

  • Determines whether a filesystem path is a DMG.