Struct tugger_apple_codesign::MachOSigner [−][src]
pub struct MachOSigner<'data> { /* fields omitted */ }
Expand description
Mach-O binary signer.
This type provides a high-level interface for signing Mach-O binaries. It handles parsing and rewriting Mach-O binaries and contains most of the functionality for producing signatures for individual Mach-O binaries.
Signing of both single architecture and fat/universal binaries is supported.
Circular Dependency
There is a circular dependency between the generation of the Code Directory present in the embedded signature and the Mach-O binary. See the note in crate::specification for the gory details. The tl;dr is the Mach-O data up to the signature data needs to be digested. But that digested data contains load commands that reference the signature data and its size, which can’t be known until the Code Directory, CMS blob, and SuperBlob are all created.
Our solution to this problem is to estimate the size of the embedded signature data and then pad the unused data will 0s.
Implementations
Construct a new instance from unparsed data representing a Mach-O binary.
The data will be parsed as a Mach-O binary (either single arch or fat/universal) and validated that we are capable of signing it.
pub fn write_signed_binary(
&self,
settings: &SigningSettings<'_>,
writer: &mut impl Write
) -> Result<(), AppleCodesignError>
pub fn write_signed_binary(
&self,
settings: &SigningSettings<'_>,
writer: &mut impl Write
) -> Result<(), AppleCodesignError>
Write signed Mach-O data to the given writer using signing settings.
pub fn create_superblob(
&self,
settings: &SigningSettings<'_>,
macho: &MachO<'_>,
previous_signature: Option<&EmbeddedSignature<'_>>
) -> Result<Vec<u8>, AppleCodesignError>
pub fn create_superblob(
&self,
settings: &SigningSettings<'_>,
macho: &MachO<'_>,
previous_signature: Option<&EmbeddedSignature<'_>>
) -> Result<Vec<u8>, AppleCodesignError>
Create data constituting the SuperBlob to be embedded in the __LINKEDIT
segment.
The superblob contains the code directory, any extra blobs, and an optional CMS structure containing a cryptographic signature.
This takes an explicit Mach-O to operate on due to a circular dependency between writing out the Mach-O and digesting its content. See the note in MachOSigner for details.
pub fn create_cms_signature(
&self,
settings: &SigningSettings<'_>,
code_directory: &CodeDirectoryBlob<'_>
) -> Result<Vec<u8>, AppleCodesignError>
pub fn create_cms_signature(
&self,
settings: &SigningSettings<'_>,
code_directory: &CodeDirectoryBlob<'_>
) -> Result<Vec<u8>, AppleCodesignError>
Create a CMS SignedData
structure containing a cryptographic signature.
This becomes the content of the EmbeddedSignature
blob in the Signature
slot.
This function will error if a signing key has not been specified.
This takes an explicit Mach-O to operate on due to a circular dependency between writing out the Mach-O and digesting its content. See the note in MachOSigner for details.
pub fn create_code_directory(
&self,
settings: &SigningSettings<'_>,
macho: &MachO<'_>,
previous_signature: Option<&EmbeddedSignature<'_>>
) -> Result<CodeDirectoryBlob<'static>, AppleCodesignError>
pub fn create_code_directory(
&self,
settings: &SigningSettings<'_>,
macho: &MachO<'_>,
previous_signature: Option<&EmbeddedSignature<'_>>
) -> Result<CodeDirectoryBlob<'static>, AppleCodesignError>
Create the CodeDirectory
for the current configuration.
This takes an explicit Mach-O to operate on due to a circular dependency between writing out the Mach-O and digesting its content. See the note in MachOSigner for details.
pub fn create_special_blobs(
&self,
settings: &SigningSettings<'_>,
previous_signature: Option<&EmbeddedSignature<'_>>
) -> Result<Vec<(CodeSigningSlot, Vec<u8>)>, AppleCodesignError>
pub fn create_special_blobs(
&self,
settings: &SigningSettings<'_>,
previous_signature: Option<&EmbeddedSignature<'_>>
) -> Result<Vec<(CodeSigningSlot, Vec<u8>)>, AppleCodesignError>
Create blobs that need to be written given the current configuration.
This emits all blobs except CodeDirectory
and Signature
, which are
special since they are derived from the blobs emitted here.
The goal of this function is to emit data to facilitate the creation of
a CodeDirectory
, which requires hashing blobs.
Trait Implementations
Auto Trait Implementations
impl<'data> RefUnwindSafe for MachOSigner<'data>
impl<'data> Send for MachOSigner<'data>
impl<'data> Sync for MachOSigner<'data>
impl<'data> Unpin for MachOSigner<'data>
impl<'data> UnwindSafe for MachOSigner<'data>
Blanket Implementations
Mutably borrows from an owned value. Read more
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more