From 0985c479906f79b01631a232eddcd60258b018bc Mon Sep 17 00:00:00 2001 From: olszomal Date: Fri, 19 Jan 2024 14:31:15 +0100 Subject: [PATCH] Add a new "-index" option to enable verification or addition of attributes to the signature at a certain position --- NEWS.md | 5 + osslsigncode.c | 469 +++++++++++++++++++++++++++++++++---------------- osslsigncode.h | 1 + 3 files changed, 322 insertions(+), 153 deletions(-) diff --git a/NEWS.md b/NEWS.md index 65831be..f05cf21 100644 --- a/NEWS.md +++ b/NEWS.md @@ -2,6 +2,11 @@ ### 2.8 (unreleased) +- fixed setting unauthenticated attributes (Countersignature, + Unauthenticated Data Blob) in a nested signature +- added support for verifying the signature at a certain position ("-index" option) +- added support for adding unauthenticated attributes to the signature + at a certain position ("-index" option) - added CAT file verification and listing each member of the CAT file by using the "-verbose" option - added new command "extract-data" to extract a PKCS#7 data content to be signed diff --git a/osslsigncode.c b/osslsigncode.c index af6fe9d..610100c 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -197,12 +197,17 @@ ASN1_SEQUENCE(MsCtlContent) = { IMPLEMENT_ASN1_FUNCTIONS(MsCtlContent) /* Prototypes */ -static int signature_list_append_pkcs7(STACK_OF(PKCS7) **signatures, PKCS7 *p7, int allownest); static time_t time_t_get_asn1_time(const ASN1_TIME *s); static time_t time_t_get_si_time(PKCS7_SIGNER_INFO *si); +static ASN1_UTCTIME *asn1_time_get_si_time(PKCS7_SIGNER_INFO *si); static time_t time_t_get_cms_time(CMS_ContentInfo *cms); static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, PKCS7_SIGNER_INFO *countersignature); +static int cursig_set_nested(PKCS7 *cursig, PKCS7 *p7); +static int X509_attribute_chain_append_object(STACK_OF(X509_ATTRIBUTE) **unauth_attr, + u_char *p, int len, const char *oid); +static STACK_OF(PKCS7) *signature_list_create(PKCS7 *p7); +static int PKCS7_compare(const PKCS7 *const *a, const PKCS7 *const *b); #ifdef ENABLE_CURL @@ -374,7 +379,7 @@ static BIO *bio_encode_authenticode_request(PKCS7 *p7) /* * If successful the RFC 3161 timestamp will be written into - * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]. + * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]. * [in, out] p7: new PKCS#7 signature * [in] response: RFC3161 response * [in] verbose: additional output mode @@ -383,7 +388,6 @@ static BIO *bio_encode_authenticode_request(PKCS7 *p7) static int attach_rfc3161_response(PKCS7 *p7, TS_RESP *response, int verbose) { PKCS7_SIGNER_INFO *si; - STACK_OF(X509_ATTRIBUTE) *attrs; TS_STATUS_INFO *status; PKCS7 *token; u_char *p; @@ -420,19 +424,17 @@ static int attach_rfc3161_response(PKCS7 *p7, TS_RESP *response, int verbose) } len = i2d_PKCS7(token, &p); p -= len; - - attrs = sk_X509_ATTRIBUTE_new_null(); - attrs = X509at_add1_attr_by_txt(&attrs, SPC_RFC3161_OBJID, V_ASN1_SET, p, len); + if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, SPC_RFC3161_OBJID)) { + OPENSSL_free(p); + return 1; /* FAILED */ + } OPENSSL_free(p); - - PKCS7_set_attributes(si, attrs); - sk_X509_ATTRIBUTE_pop_free(attrs, X509_ATTRIBUTE_free); return 0; /* OK */ } /* * If successful the authenticode timestamp will be written into - * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]: + * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]: * p7->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature * [in] resp: PKCS#7 authenticode response @@ -442,7 +444,6 @@ static int attach_rfc3161_response(PKCS7 *p7, TS_RESP *response, int verbose) static int attach_authenticode_response(PKCS7 *p7, PKCS7 *resp, int verbose) { PKCS7_SIGNER_INFO *info, *si; - STACK_OF(X509_ATTRIBUTE) *attrs; u_char *p; int len, i; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; @@ -474,23 +475,17 @@ static int attach_authenticode_response(PKCS7 *p7, PKCS7 *resp, int verbose) len = i2d_PKCS7_SIGNER_INFO(info, &p); p -= len; PKCS7_free(resp); - - attrs = sk_X509_ATTRIBUTE_new_null(); - attrs = X509at_add1_attr_by_txt(&attrs, PKCS9_COUNTER_SIGNATURE, V_ASN1_SET, p, len); - OPENSSL_free(p); - signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 1; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 1; /* FAILED */ - /* - * PKCS7_set_attributes() frees up all elements of si->unauth_attr - * and sets there a copy of attrs so overrides the previous timestamp - */ - PKCS7_set_attributes(si, attrs); - sk_X509_ATTRIBUTE_pop_free(attrs, X509_ATTRIBUTE_free); + if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, PKCS9_COUNTER_SIGNATURE)) { + OPENSSL_free(p); + return 1; /* FAILED */ + } + OPENSSL_free(p); return 0; /* OK */ } @@ -952,7 +947,7 @@ out: /* * If successful the unauthenticated blob will be written into - * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]: + * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]: * p7->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature * [returns] 0 on error or 1 on success @@ -961,16 +956,17 @@ static int add_unauthenticated_blob(PKCS7 *p7) { PKCS7_SIGNER_INFO *si; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; - ASN1_STRING *astr; u_char *p = NULL; - int nid, len = 1024+4; + int len = 1024+4; /* Length data for ASN1 attribute plus prefix */ const char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; const char postfix[] = "---END_BLOB---"; signer_info = PKCS7_get_signer_info(p7); - if (!signer_info) + if (!signer_info) { + printf("Failed to obtain PKCS#7 signer info list\n"); return 0; /* FAILED */ + } si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0); if (!si) return 0; /* FAILED */ @@ -979,16 +975,16 @@ static int add_unauthenticated_blob(PKCS7 *p7) memset(p, 0, (size_t)len); memcpy(p, prefix, sizeof prefix); memcpy(p + len - sizeof postfix, postfix, sizeof postfix); - astr = ASN1_STRING_new(); - ASN1_STRING_set(astr, p, len); - nid = OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID, - "unauthenticatedData", "unauthenticatedData"); - PKCS7_add_attribute(si, nid, V_ASN1_SEQUENCE, astr); + if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, SPC_UNAUTHENTICATED_DATA_BLOB_OBJID)) { + OPENSSL_free(p); + return 1; /* FAILED */ + } OPENSSL_free(p); return 1; /* OK */ } /* + * Add unauthenticated attributes (Countersignature, Unauthenticated Data Blob) * [in, out] p7: new PKCS#7 signature * [in, out] ctx: structure holds input and output data * [returns] 1 on error or 0 on success @@ -1020,52 +1016,83 @@ static int add_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx) } /* - * [in, out] unauth_attr: unauthorized attributes list - * [in] p: PKCS#7 data - * [in] len: PKCS#7 data length - * [returns] 0 on error or 1 on success + * Add unauthenticated attributes to the signature at a certain position + * [in, out] p7: new PKCS#7 signature + * [in, out] ctx: structure holds input and output data + * [in] index: signature index + * [returns] 1 on error or 0 on success */ -static int X509_attribute_chain_append_signature(STACK_OF(X509_ATTRIBUTE) **unauth_attr, u_char *p, int len) +static int add_nested_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx, int index) { - X509_ATTRIBUTE *attr = NULL; - int nid = OBJ_txt2nid(SPC_NESTED_SIGNATURE_OBJID); + STACK_OF(PKCS7) *signatures; + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; + PKCS7_SIGNER_INFO *si; + PKCS7 *p7_tmp; + int i; - if (*unauth_attr == NULL) { - if ((*unauth_attr = sk_X509_ATTRIBUTE_new_null()) == NULL) - return 0; /* FAILED */ - } else { - /* try to find SPC_NESTED_SIGNATURE_OBJID attribute */ - int i; - for (i = 0; i < sk_X509_ATTRIBUTE_num(*unauth_attr); i++) { - attr = sk_X509_ATTRIBUTE_value(*unauth_attr, i); + p7_tmp = PKCS7_dup(p7); + if (!p7_tmp) { + return 1; /* FAILED */ + } + signer_info = PKCS7_get_signer_info(p7); + if (!signer_info) { + printf("Failed to obtain PKCS#7 signer info list\n"); + return 1; /* FAILED */ + } + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) { + printf("Failed to obtain PKCS#7 signer info value\n"); + return 1; /* FAILED */ + } + unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ + if (unauth_attr) { + /* try to find and remove SPC_NESTED_SIGNATURE_OBJID attribute */ + for (i=0; iunauth_attr), p, len)) { + if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, SPC_NESTED_SIGNATURE_OBJID)) { OPENSSL_free(p); return 0; /* FAILED */ } @@ -1093,6 +1120,62 @@ static int cursig_set_nested(PKCS7 *cursig, PKCS7 *p7, FILE_FORMAT_CTX *ctx) return 1; /* OK */ } +/* + * [in, out] unauth_attr: unauthenticated attributes list + * [in] p: PKCS#7 data + * [in] len: PKCS#7 data length + * [in] oid: unauthenticated attribute oid: SPC_UNAUTHENTICATED_DATA_BLOB_OBJID, + PKCS9_COUNTER_SIGNATURE, SPC_RFC3161_OBJID or SPC_NESTED_SIGNATURE_OBJID + * [returns] 0 on error or 1 on success + */ +static int X509_attribute_chain_append_object(STACK_OF(X509_ATTRIBUTE) **unauth_attr, + u_char *p, int len, const char *oid) +{ + X509_ATTRIBUTE *attr = NULL; + ASN1_OBJECT *object; + char object_txt[128]; + + if (*unauth_attr == NULL) { + if ((*unauth_attr = sk_X509_ATTRIBUTE_new_null()) == NULL) + return 0; /* FAILED */ + } else { + /* try to find indicated unauthenticated attribute */ + int i; + for (i = 0; i < X509at_get_attr_count(*unauth_attr); i++) { + attr = X509at_get_attr(*unauth_attr, i); + object = X509_ATTRIBUTE_get0_object(attr); + if (object == NULL) + continue; + object_txt[0] = 0x00; + OBJ_obj2txt(object_txt, sizeof object_txt, object, 1); + if ((!strcmp(oid, PKCS9_COUNTER_SIGNATURE) || !strcmp(oid, SPC_RFC3161_OBJID)) + && (!strcmp(object_txt, PKCS9_COUNTER_SIGNATURE) || !strcmp(object_txt, SPC_RFC3161_OBJID))) { + /* free up countersignature/timestamp in unauthenticated attributes + * to override the previous timestamp */ + X509at_delete_attr(*unauth_attr, i); + X509_ATTRIBUTE_free(attr); + continue; + } + if (!strcmp(oid, object_txt)) { + /* append p to the V_ASN1_SEQUENCE */ + if (!X509_ATTRIBUTE_set1_data(attr, V_ASN1_SEQUENCE, p, len)) + return 0; /* FAILED */ + return 1; /* OK */ + } + } + } + /* create new unauthenticated attribute */ + attr = X509_ATTRIBUTE_create_by_NID(NULL, OBJ_txt2nid(oid), V_ASN1_SEQUENCE, p, len); + if (!attr) + return 0; /* FAILED */ + if (!sk_X509_ATTRIBUTE_push(*unauth_attr, attr)) { + X509_ATTRIBUTE_free(attr); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + + /* * [in, out] store: structure for holding information about X.509 certificates and CRLs * [in] time: time_t to set @@ -2150,38 +2233,41 @@ static time_t time_t_get_asn1_time(const ASN1_TIME *s) } /* - * Get signing time from authorized attributes + * Get signing time from authenticated attributes * [in] si: PKCS7_SIGNER_INFO structure * [returns] INVALID_TIME on error or time_t on success */ static time_t time_t_get_si_time(PKCS7_SIGNER_INFO *si) +{ + ASN1_UTCTIME *time = asn1_time_get_si_time(si); + + if (time == NULL) + return INVALID_TIME; /* FAILED */ + return time_t_get_asn1_time(time); +} + +/* + * Get signing time from authenticated attributes + * [in] si: PKCS7_SIGNER_INFO structure + * [returns] NULL on error or ASN1_UTCTIME on success + */ +static ASN1_UTCTIME *asn1_time_get_si_time(PKCS7_SIGNER_INFO *si) { STACK_OF(X509_ATTRIBUTE) *auth_attr; - X509_ATTRIBUTE *attr; - ASN1_OBJECT *object; - ASN1_UTCTIME *time = NULL; - time_t posix_time; - char object_txt[128]; - int i; auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */ - if (auth_attr) + if (auth_attr) { + int i; for (i=0; icatalog ? 1 : 0; if (!ctx->format->check_file) { @@ -2564,37 +2587,151 @@ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options) printf("Unable to extract existing signature\n"); return 1; /* FAILED */ } - signatures = sk_PKCS7_new_null(); - if (!signature_list_append_pkcs7(&signatures, p7, 1)) { + signatures = signature_list_create(p7); + if (!signatures) { printf("Failed to create signature list\n\n"); sk_PKCS7_pop_free(signatures, PKCS7_free); return 1; /* FAILED */ } for (i = 0; i < sk_PKCS7_num(signatures); i++) { - PKCS7 *sig = sk_PKCS7_value(signatures, i); + PKCS7 *sig; + + if (options->index >= 0 && options->index != i) { + printf("Warning: signature verification at index %d was skipped\n", i); + continue; + } + sig = sk_PKCS7_value(signatures, i); if (detached) { if (!verify_content(ctx, sig)) { ret &= verify_signature(ctx, sig); } else { printf("Catalog verification: failed\n\n"); } + verified++; } else if (ctx->format->verify_digests) { printf("\nSignature Index: %d %s\n\n", i, i==0 ? " (Primary Signature)" : ""); if (ctx->format->verify_digests(ctx, sig)) { ret &= verify_signature(ctx, sig); } + verified++; } else { printf("Unsupported method: verify_digests\n"); return 1; /* FAILED */ } } - printf("Number of verified signatures: %d\n", i); + printf("Number of verified signatures: %d\n", verified); sk_PKCS7_pop_free(signatures, PKCS7_free); if (ret) ERR_print_errors_fp(stdout); return ret; } +/* + * Insert PKCS#7 signature and its nested signatures to the sorted signature list + * [in] p7: PKCS#7 signature + * [returns] sorted signature list + */ +static STACK_OF(PKCS7) *signature_list_create(PKCS7 *p7) +{ + STACK_OF(PKCS7) *signatures = NULL; + PKCS7_SIGNER_INFO *si; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; + STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); + + if (!signer_info) { + printf("Failed to obtain PKCS#7 signer info list\n"); + return 0; /* FAILED */ + } + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) { + printf("Failed to obtain PKCS#7 signer info value\n"); + return 0; /* FAILED */ + } + signatures = sk_PKCS7_new(PKCS7_compare); + if (!signatures) { + printf("Failed to create new signature list\n"); + return 0; /* FAILED */ + } + /* Unauthenticated attributes */ + unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ + if (unauth_attr) { + /* find Nested Signature - Policy OID: 1.3.6.1.4.1.311.2.4.1 */ + int i; + for (i=0; i ] [ -TSA-key ]\n", ""); printf("%12s[ -TSA-time ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); + printf("%12s[ -index ]\n", ""); printf("%12s[ -verbose ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); @@ -2762,6 +2900,7 @@ static void usage(const char *argv0, const char *cmd) printf("%12s[ -CRLfile ]\n", ""); printf("%12s[ -TSA-CAfile ]\n", ""); printf("%12s[ -TSA-CRLfile ]\n", ""); + printf("%12s[ -index ]\n", ""); printf("%12s[ -ignore-timestamp ]\n", ""); printf("%12s[ -time ]\n", ""); printf("%12s[ -require-leaf-hash {md5,sha1,sha2(56),sha384,sha512}:XXXXXXXXXXXX... ]\n", ""); @@ -2799,6 +2938,7 @@ static void help_for(const char *argv0, const char *cmd) const char *cmds_i[] = {"sign", NULL}; const char *cmds_in[] = {"add", "attach-signature", "extract-signature", "remove-signature", "sign", "extract-data", "verify", NULL}; + const char *cmds_index[] = {"add", "verify", NULL}; const char *cmds_jp[] = {"sign", NULL}; const char *cmds_key[] = {"sign", NULL}; #if OPENSSL_VERSION_NUMBER>=0x30000000L @@ -2919,6 +3059,8 @@ static void help_for(const char *argv0, const char *cmd) printf("%-24s= specifies a URL for expanded description of the signed content\n", "-i"); if (on_list(cmd, cmds_in)) printf("%-24s= input file\n", "-in"); + if (on_list(cmd, cmds_index)) + printf("%-24s= use the signature at a certain position\n", "-index"); if (on_list(cmd, cmds_jp)) { printf("%-24s= low | medium | high\n", "-jp"); printf("%26slevels of permissions in Microsoft Internet Explorer 4.x for CAB files\n", ""); @@ -3668,6 +3810,7 @@ static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) options->md = EVP_sha256(); options->time = INVALID_TIME; options->jp = -1; + options->index = -1; #if OPENSSL_VERSION_NUMBER>=0x30000000L /* Use legacy PKCS#12 container with RC2-40-CBC private key and certificate encryption algorithm */ options->legacy = 1; @@ -3849,6 +3992,17 @@ static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) options->addBlob = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_ATTACH) && !strcmp(*argv, "-nest")) { options->nest = 1; + } else if ((cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-index")) { + char *tmp_str; + if (--argc < 1 ) { + usage(argv0, "all"); + return 0; /* FAILED */ + } + options->index = (int)strtol(*(++argv), &tmp_str, 10); + if (tmp_str == *argv || *tmp_str != '\0' || errno == ERANGE) { /* not a number */ + usage(argv0, "all"); + return 0; /* FAILED */ + } } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-ignore-timestamp")) { options->ignore_timestamp = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) { @@ -4035,9 +4189,12 @@ int main(int argc, char **argv) /* create some MS Authenticode OIDS we need later on */ if (!OBJ_create(SPC_STATEMENT_TYPE_OBJID, NULL, NULL) + /* PKCS9_COUNTER_SIGNATURE exists as OpenSSL OBJ_pkcs9_countersignature */ || !OBJ_create(MS_JAVA_SOMETHING, NULL, NULL) || !OBJ_create(SPC_SP_OPUS_INFO_OBJID, NULL, NULL) - || !OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL)) + || !OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL) + || !OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID, NULL, NULL) + || !OBJ_create(SPC_RFC3161_OBJID, NULL, NULL)) DO_EXIT_0("Failed to create objects\n"); /* commands and options initialization */ @@ -4127,13 +4284,19 @@ int main(int argc, char **argv) } else { DO_EXIT_0("Unsupported command\n"); } - ret = add_timestamp_and_blob(p7, ctx); + if (options.index > 0) { + /* CMD_ADD or CMD_VERIFY */ + ret = add_nested_timestamp_and_blob(p7, ctx, options.index); + } else { + ret = add_timestamp_and_blob(p7, ctx); + } if (ret) { PKCS7_free(p7); DO_EXIT_0("Unable to set unauthenticated attributes\n"); } if (options.prevsig) { - if (!cursig_set_nested(options.prevsig, p7, ctx)) + /* CMD_SIGN or CMD_ATTACH */ + if (!cursig_set_nested(options.prevsig, p7)) DO_EXIT_0("Unable to append the nested signature to the current signature\n"); PKCS7_free(p7); p7 = options.prevsig; diff --git a/osslsigncode.h b/osslsigncode.h index 4ec2988..6619e7d 100644 --- a/osslsigncode.h +++ b/osslsigncode.h @@ -266,6 +266,7 @@ typedef struct { #endif /* ENABLE_CURL */ int addBlob; int nest; + int index; int ignore_timestamp; int verbose; int add_msi_dse;