Module embedded_signature

Common embedded signature data structures (superblobs, magic values, etc).

This module defines types and data structures that are common to Apple’s embedded signature format.

Within this module are constants for header magic, definitions of serialized data structures like superblobs and blobs, and some common enumerations.

There is no official specification of the Mach-O structure for various code signing primitives. So the definitions in here could diverge from what is actually implemented.

The best source of the specification comes from Apple’s open source headers, notably cs_blobs.h (e.g. https://opensource.apple.com/source/xnu/xnu-7195.81.3/osfmk/kern/cs_blobs.h.auto.html). (Go to https://opensource.apple.com/source/xnu and check for newer versions of xnu to look for new features.)

The high-level format of embedded signature data is roughly as follows:

• A SuperBlob header describes the total length of data and the number of blob sections that follow.
• An array of BlobIndex describing the type and offset of all blob sections that follow. The type here is a slot and describes what type of data the blob contains (code directory, entitlements, embedded signature, etc).
• N blob sections of varying formats and lengths.

We only support the CodeSigningMagic::EmbeddedSignature magic in the SuperBlob, as this is what is used in the wild. (It is even unclear if other magic values can occur in SuperBlob headers.)

The EmbeddedSignature type represents a lightly parsed SuperBlob. It provides access to BlobEntry which describe the blob sections within the super blob. A BlobEntry can be parsed into the more concrete ParsedBlob, which allows some access to data within each specific blob type.

Structs

• BlobEntry
  Represents a single blob as defined by a SuperBlob index entry.
• BlobWrapperBlob
  Represents a generic blob wrapper.
• ConstraintsDerBlob
  A blob holding DER encoded launch/library constraints.
• DetachedSignatureBlob
  A detached signature.
• EmbeddedSignature
  Represents Apple’s common embedded code signature data structures.
• EmbeddedSignatureBlob
  Represents an embedded signature.
• EmbeddedSignatureOldBlob
  An old embedded signature.
• EntitlementsBlob
  Represents an Entitlements blob.
• EntitlementsDerBlob
• OtherBlob
  Represents an unknown blob type.
• ParsedBlob
  Represents the parsed content of a blob entry.
• RequirementBlob
  Represents a Requirement blob.
• RequirementSetBlob
  Represents a Requirement set blob.

Enums

• BlobData
  Represents a single, parsed Blob entry/slot.
• CodeSigningMagic
  Defines header magic for various payloads.
• CodeSigningSlot
  A well-known slot within code signing data.

Traits

• Blob
  Provides common features for a parsed blob type.

Functions

• create_superblob
  Create the binary content for a SuperBlob.