Expand description
Common embedded signature data structures (superblobs, magic values, etc).
This module defines types and data structures that are common to Apple’s embedded signature format.
Within this module are constants for header magic, definitions of serialized data structures like superblobs and blobs, and some common enumerations.
There is no official specification of the Mach-O structure for various code signing primitives. So the definitions in here could diverge from what is actually implemented.
The best source of the specification comes from Apple’s open source headers, notably cs_blobs.h (e.g. https://opensource.apple.com/source/xnu/xnu-7195.81.3/osfmk/kern/cs_blobs.h.auto.html). (Go to https://opensource.apple.com/source/xnu and check for newer versions of xnu to look for new features.)
The high-level format of embedded signature data is roughly as follows:
- A
SuperBlobheader describes the total length of data and the number of blob sections that follow. - An array of
BlobIndexdescribing the type and offset of all blob sections that follow. The type here is a slot and describes what type of data the blob contains (code directory, entitlements, embedded signature, etc). - N blob sections of varying formats and lengths.
We only support the CodeSigningMagic::EmbeddedSignature magic in the SuperBlob,
as this is what is used in the wild. (It is even unclear if other magic values
can occur in SuperBlob headers.)
The EmbeddedSignature type represents a lightly parsed SuperBlob. It
provides access to BlobEntry which describe the blob sections within the
super blob. A BlobEntry can be parsed into the more concrete ParsedBlob,
which allows some access to data within each specific blob type.
Structs§
- Blob
Entry - Represents a single blob as defined by a SuperBlob index entry.
- Blob
Wrapper Blob - Represents a generic blob wrapper.
- Constraints
DerBlob - A blob holding DER encoded launch/library constraints.
- Detached
Signature Blob - A detached signature.
- Embedded
Signature - Represents Apple’s common embedded code signature data structures.
- Embedded
Signature Blob - Represents an embedded signature.
- Embedded
Signature OldBlob - An old embedded signature.
- Entitlements
Blob - Represents an Entitlements blob.
- Entitlements
DerBlob - Other
Blob - Represents an unknown blob type.
- Parsed
Blob - Represents the parsed content of a blob entry.
- Requirement
Blob - Represents a Requirement blob.
- Requirement
SetBlob - Represents a Requirement set blob.
Enums§
- Blob
Data - Represents a single, parsed Blob entry/slot.
- Code
Signing Magic - Defines header magic for various payloads.
- Code
Signing Slot - A well-known slot within code signing data.
Traits§
- Blob
- Provides common features for a parsed blob type.
Functions§
- create_
superblob - Create the binary content for a SuperBlob.