From 0f51a06b8f4a99bf9dad785d7f26c75daf5234e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Olsz=C3=B3wka?= Date: Sat, 25 Mar 2023 20:32:58 +0100 Subject: [PATCH] Separate common and format-dependent functions (#241) --- CMakeLists.txt | 2 +- cab.c | 934 ++++++ cat.c | 263 ++ cmake/CMakeTest.cmake | 27 +- helpers.c | 736 ++++ helpers.h | 35 + msi.c | 964 +++++- msi.h | 288 -- osslsigncode.c | 6823 +++++++++++--------------------------- osslsigncode.h | 502 ++- pe.c | 1162 +++++++ tests/files/unsigned.cat | Bin 394 -> 1905 bytes tests/files/unsigned.exe | Bin 13 files changed, 6516 insertions(+), 5220 deletions(-) create mode 100644 cab.c create mode 100644 cat.c create mode 100644 helpers.c create mode 100644 helpers.h delete mode 100644 msi.h create mode 100644 pe.c mode change 100755 => 100644 tests/files/unsigned.cat mode change 100755 => 100644 tests/files/unsigned.exe diff --git a/CMakeLists.txt b/CMakeLists.txt index 020f61e..3564423 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -47,7 +47,7 @@ configure_file(Config.h.in config.h) target_compile_definitions(osslsigncode PRIVATE HAVE_CONFIG_H=1) # set sources -target_sources(osslsigncode PRIVATE osslsigncode.c msi.c) +target_sources(osslsigncode PRIVATE osslsigncode.c helpers.c msi.c pe.c cab.c cat.c) if(NOT UNIX) target_sources(osslsigncode PRIVATE applink.c) endif(NOT UNIX) diff --git a/cab.c b/cab.c new file mode 100644 index 0000000..24c47a3 --- /dev/null +++ b/cab.c @@ -0,0 +1,934 @@ +/* + * CAB file support library + * + * Copyright (C) 2021-2023 Michał Trojnara + * Author: Małgorzata Olszówka + * + * Reference specifications: + * https://www.file-recovery.com/cab-signature-format.htm + * https://learn.microsoft.com/en-us/previous-versions/ms974336(v=msdn.10) + */ + +#include "osslsigncode.h" +#include "helpers.h" + +/* + * FLAG_PREV_CABINET is set if the cabinet file is not the first in a set + * of cabinet files. When this bit is set, the szCabinetPrev and szDiskPrev + * fields are present in this CFHEADER. + */ +#define FLAG_PREV_CABINET 0x0001 +/* + * FLAG_NEXT_CABINET is set if the cabinet file is not the last in a set of + * cabinet files. When this bit is set, the szCabinetNext and szDiskNext +* fields are present in this CFHEADER. +*/ +#define FLAG_NEXT_CABINET 0x0002 +/* + * FLAG_RESERVE_PRESENT is set if the cabinet file contains any reserved + * fields. When this bit is set, the cbCFHeader, cbCFFolder, and cbCFData + * fields are present in this CFHEADER. + */ +#define FLAG_RESERVE_PRESENT 0x0004 + + +struct cab_ctx_st { + uint32_t header_size; + uint32_t sigpos; + uint32_t siglen; + uint32_t fileend; + uint16_t flags; +}; + +/* FILE_FORMAT method prototypes */ +static FILE_FORMAT_CTX *cab_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); +static ASN1_OBJECT *cab_obsolete_link_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); +static int cab_check_file(FILE_FORMAT_CTX *ctx, int detached); +static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); +static int cab_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); +static PKCS7 *cab_pkcs7_extract(FILE_FORMAT_CTX *ctx); +static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static PKCS7 *cab_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static int cab_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); +static void cab_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); +static BIO *cab_bio_free(BIO *hash, BIO *outdata); +static void cab_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); + +FILE_FORMAT file_format_cab = { + .ctx_new = cab_ctx_new, + .data_blob_get = cab_obsolete_link_get, + .check_file = cab_check_file, + .digest_calc = cab_digest_calc, + .verify_digests = cab_verify_digests, + .pkcs7_extract = cab_pkcs7_extract, + .remove_pkcs7 = cab_remove_pkcs7, + .pkcs7_prepare = cab_pkcs7_prepare, + .append_pkcs7 = cab_append_pkcs7, + .update_data_size = cab_update_data_size, + .bio_free = cab_bio_free, + .ctx_cleanup = cab_ctx_cleanup +}; + +/* Prototypes */ +static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize); +static int cab_add_jp_attribute(PKCS7 *p7, int jp); +static size_t cab_write_optional_names(BIO *outdata, char *indata, size_t len, uint16_t flags); +static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); + +/* + * FILE_FORMAT method definitions + */ + +/* + * Allocate and return a CAB file format context. + * [in, out] options: structure holds the input data + * [out] hash: message digest BIO + * [in] outdata: outdata file BIO + * [returns] pointer to CAB file format context + */ +static FILE_FORMAT_CTX *cab_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) +{ + FILE_FORMAT_CTX *ctx; + CAB_CTX *cab_ctx; + uint32_t filesize; + + filesize = get_file_size(options->infile); + if (filesize == 0) + return NULL; /* FAILED */ + + options->indata = map_file(options->infile, filesize); + if (!options->indata) { + return NULL; /* FAILED */ + } + if (memcmp(options->indata, "MSCF", 4)) { + unmap_file(options->infile, filesize); + return NULL; /* FAILED */ + } + cab_ctx = cab_ctx_get(options->indata, filesize); + if (!cab_ctx) { + unmap_file(options->infile, filesize); + return NULL; /* FAILED */ + } + ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); + ctx->format = &file_format_cab; + ctx->options = options; + ctx->cab_ctx = cab_ctx; + + /* Push hash on outdata, if hash is NULL the function does nothing */ + BIO_push(hash, outdata); + + if (options->pagehash == 1) + printf("Warning: -ph option is only valid for PE files\n"); + if (options->add_msi_dse == 1) + printf("Warning: -add-msi-dse option is only valid for MSI files\n"); + return ctx; +} + +/* + * Allocate and return SpcLink object. + * [out] p: SpcLink data + * [out] plen: SpcLink data length + * [in] ctx: structure holds input and output data (unused) + * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_CAB_DATA_OBJID + */ +static ASN1_OBJECT *cab_obsolete_link_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) +{ + ASN1_OBJECT *dtype; + SpcLink *link = spc_link_obsolete_get(); + + /* squash the unused parameter warning */ + (void)ctx; + + *plen = i2d_SpcLink(link, NULL); + *p = OPENSSL_malloc((size_t)*plen); + i2d_SpcLink(link, p); + *p -= *plen; + dtype = OBJ_txt2obj(SPC_CAB_DATA_OBJID, 1); + SpcLink_free(link); + return dtype; /* OK */ +} + +/* + * Check if the signature exists. + * [in, out] ctx: structure holds input and output data + * [in] detached: embedded/detached PKCS#7 signature switch + * [returns] 0 on error or 1 on success + */ +static int cab_check_file(FILE_FORMAT_CTX *ctx, int detached) +{ + if (!ctx) { + printf("Init error\n\n"); + return 0; /* FAILED */ + } + if (detached) { + printf("Checking the specified catalog file\n\n"); + return 1; /* OK */ + } + if (ctx->cab_ctx->header_size != 20) { + printf("No signature found\n\n"); + return 0; /* FAILED */ + } + if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0 + || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) { + printf("No signature found\n\n"); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + +/* + * Compute a message digest value of the signed or unsigned CAB file. + * [in] ctx: structure holds input and output data + * [in] md: message digest algorithm + * [returns] pointer to calculated message digest + */ +static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) +{ + uint32_t idx, fileend, coffFiles; + u_char *mdbuf = NULL; + BIO *bhash = BIO_new(BIO_f_md()); + + if (!BIO_set_md(bhash, md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(bhash); + return 0; /* FAILED */ + } + BIO_push(bhash, BIO_new(BIO_s_null())); + + /* u1 signature[4] 4643534D MSCF: 0-3 */ + BIO_write(bhash, ctx->options->indata, 4); + /* u4 reserved1 00000000: 4-7 skipped */ + if (ctx->cab_ctx->sigpos) { + uint16_t nfolders, flags; + + /* + * u4 cbCabinet - size of this cabinet file in bytes: 8-11 + * u4 reserved2 00000000: 12-15 + */ + BIO_write(bhash, ctx->options->indata + 8, 8); + /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ + coffFiles = GET_UINT32_LE(ctx->options->indata + 16); + BIO_write(bhash, ctx->options->indata + 16, 4); + /* + * u4 reserved3 00000000: 20-23 + * u1 versionMinor 03: 24 + * u1 versionMajor 01: 25 + */ + BIO_write(bhash, ctx->options->indata + 20, 6); + /* u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 */ + nfolders = GET_UINT16_LE(ctx->options->indata + 26); + BIO_write(bhash, ctx->options->indata + 26, 2); + /* u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ + BIO_write(bhash, ctx->options->indata + 28, 2); + /* u2 flags: 30-31 */ + flags = GET_UINT16_LE(ctx->options->indata + 30); + BIO_write(bhash, ctx->options->indata + 30, 2); + /* u2 setID must be the same for all cabinets in a set: 32-33 */ + BIO_write(bhash, ctx->options->indata + 32, 2); + /* + * u2 iCabinet - number of this cabinet file in a set: 34-35 skipped + * u2 cbCFHeader: 36-37 skipped + * u1 cbCFFolder: 38 skipped + * u1 cbCFData: 39 skipped + * u22 abReserve: 40-55 skipped + * - Additional data offset: 44-47 skipped + * - Additional data size: 48-51 skipped + */ + /* u22 abReserve: 56-59 */ + BIO_write(bhash, ctx->options->indata + 56, 4); + idx = 60; + fileend = ctx->cab_ctx->sigpos; + /* TODO */ + if (flags & FLAG_PREV_CABINET) { + uint8_t byte; + /* szCabinetPrev */ + do { + byte = GET_UINT8_LE(ctx->options->indata + idx); + BIO_write(bhash, ctx->options->indata + idx, 1); + idx++; + } while (byte && idx < fileend); + /* szDiskPrev */ + do { + byte = GET_UINT8_LE(ctx->options->indata + idx); + BIO_write(bhash, ctx->options->indata + idx, 1); + idx++; + } while (byte && idx < fileend); + } + if (flags & FLAG_NEXT_CABINET) { + uint8_t byte; + /* szCabinetNext */ + do { + byte = GET_UINT8_LE(ctx->options->indata + idx); + BIO_write(bhash, ctx->options->indata + idx, 1); + idx++; + } while (byte && idx < fileend); + /* szDiskNext */ + do { + byte = GET_UINT8_LE(ctx->options->indata + idx); + BIO_write(bhash, ctx->options->indata + idx, 1); + idx++; + } while (byte && idx < fileend); + } + /* + * (u8 * cFolders) CFFOLDER - structure contains information about + * one of the folders or partial folders stored in this cabinet file + */ + while (nfolders) { + BIO_write(bhash, ctx->options->indata + idx, 8); + idx += 8; + nfolders--; + } + if (idx != coffFiles) { + printf("Corrupt coffFiles value: 0x%08X\n", coffFiles); + BIO_free_all(bhash); + return 0; /* FAILED */ + } + } else { + /* read what's left of the unsigned CAB file */ + idx = 8; + fileend = ctx->cab_ctx->fileend; + } + /* (variable) ab - the compressed data bytes */ + if (!bio_hash_data(bhash, ctx->options->indata, idx, fileend)) { + printf("Unable to calculate digest\n"); + BIO_free_all(bhash); + return 0; /* FAILED */ + } + mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); + BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); + BIO_free_all(bhash); + return mdbuf; /* OK */ +} + +/* + * Calculate message digest and compare to value retrieved from PKCS#7 signedData. + * [in] ctx: structure holds input and output data + * [in] p7: PKCS#7 signature + * [returns] 0 on error or 1 on success + */ +static int cab_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) +{ + int mdtype = -1; + const EVP_MD *md; + u_char mdbuf[EVP_MAX_MD_SIZE]; + u_char *cmdbuf; + + if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { + ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; + const u_char *p = content_val->data; + SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); + if (idc) { + if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { + mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); + memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); + } + SpcIndirectDataContent_free(idc); + } + } + if (mdtype == -1) { + printf("Failed to extract current message digest\n\n"); + return 0; /* FAILED */ + } + md = EVP_get_digestbynid(mdtype); + cmdbuf = cab_digest_calc(ctx, md); + if (!cmdbuf) { + printf("Failed to calculate message digest\n\n"); + return 0; /* FAILED */ + } + if (!compare_digests(mdbuf, cmdbuf, mdtype)) { + printf("Signature verification: failed\n\n"); + OPENSSL_free(cmdbuf); + return 0; /* FAILED */ + } + OPENSSL_free(cmdbuf); + return 1; /* OK */ +} + +/* + * Extract existing signature in DER format. + * [in] ctx: structure holds input and output data + * pointer to PKCS#7 structure + */ +static PKCS7 *cab_pkcs7_extract(FILE_FORMAT_CTX *ctx) +{ + if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0 + || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) { + return NULL; /* FAILED */ + } + return pkcs7_get(ctx->options->indata, ctx->cab_ctx->sigpos, ctx->cab_ctx->siglen); +} + +/* + * Remove existing signature. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO (unused) + * [out] outdata: outdata file BIO + * [returns] 1 on error or 0 on success + */ +static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + size_t i, written, len; + uint32_t tmp; + uint16_t nfolders, flags; + char *buf = OPENSSL_malloc(SIZE_64K); + + /* squash the unused parameter warning */ + (void)hash; + + /* + * u1 signature[4] 4643534D MSCF: 0-3 + * u4 reserved1 00000000: 4-7 + */ + BIO_write(outdata, ctx->options->indata, 8); + /* u4 cbCabinet - size of this cabinet file in bytes: 8-11 */ + tmp = GET_UINT32_LE(ctx->options->indata + 8) - 24; + PUT_UINT32_LE(tmp, buf); + BIO_write(outdata, buf, 4); + /* u4 reserved2 00000000: 12-15 */ + BIO_write(outdata, ctx->options->indata + 12, 4); + /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ + tmp = GET_UINT32_LE(ctx->options->indata + 16) - 24; + PUT_UINT32_LE(tmp, buf); + BIO_write(outdata, buf, 4); + /* + * u4 reserved3 00000000: 20-23 + * u1 versionMinor 03: 24 + * u1 versionMajor 01: 25 + * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 + * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 + */ + BIO_write(outdata, ctx->options->indata + 20, 10); + /* u2 flags: 30-31 */ + flags = GET_UINT16_LE(ctx->options->indata + 30); + /* coverity[result_independent_of_operands] only least significant byte is affected */ + PUT_UINT16_LE(flags & (FLAG_PREV_CABINET | FLAG_NEXT_CABINET), buf); + BIO_write(outdata, buf, 2); + /* + * u2 setID must be the same for all cabinets in a set: 32-33 + * u2 iCabinet - number of this cabinet file in a set: 34-35 + */ + BIO_write(outdata, ctx->options->indata + 32, 4); + i = cab_write_optional_names(outdata, ctx->options->indata, 60, flags); + /* + * (u8 * cFolders) CFFOLDER - structure contains information about + * one of the folders or partial folders stored in this cabinet file + */ + nfolders = GET_UINT16_LE(ctx->options->indata + 26); + while (nfolders) { + tmp = GET_UINT32_LE(ctx->options->indata + i); + tmp -= 24; + PUT_UINT32_LE(tmp, buf); + BIO_write(outdata, buf, 4); + BIO_write(outdata, ctx->options->indata + i + 4, 4); + i+=8; + nfolders--; + } + OPENSSL_free(buf); + /* Write what's left - the compressed data bytes */ + len = ctx->cab_ctx->fileend - ctx->cab_ctx->siglen - i; + while (len > 0) { + if (!BIO_write_ex(outdata, ctx->options->indata + i, len, &written)) + return 1; /* FAILED */ + len -= written; + i += written; + } + return 0; /* OK */ +} + +/* + * Obtain an existing signature or create a new one. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO + * [returns] pointer to PKCS#7 structure + */ +static PKCS7 *cab_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + PKCS7 *cursig = NULL, *p7 = NULL; + + /* Strip current signature and modify header */ + if (ctx->cab_ctx->header_size == 20) { + if (!cab_modify_header(ctx, hash, outdata)) + return NULL; /* FAILED */ + } else { + if (!cab_add_header(ctx, hash, outdata)) + return NULL; /* FAILED */ + } + /* Obtain a current signature from previously-signed file */ + if ((ctx->options->cmd == CMD_SIGN && ctx->options->nest) + || (ctx->options->cmd == CMD_ATTACH && ctx->options->nest) + || ctx->options->cmd == CMD_ADD) { + cursig = pkcs7_get(ctx->options->indata, ctx->cab_ctx->sigpos, ctx->cab_ctx->siglen); + if (!cursig) { + printf("Unable to extract existing signature\n"); + return NULL; /* FAILED */ + } + if (ctx->options->cmd == CMD_ADD) + p7 = cursig; + } + if (ctx->options->cmd == CMD_ATTACH) { + /* Obtain an existing PKCS#7 signature */ + p7 = pkcs7_get_sigfile(ctx); + if (!p7) { + printf("Unable to extract valid signature\n"); + PKCS7_free(cursig); + return NULL; /* FAILED */ + } + } else if (ctx->options->cmd == CMD_SIGN) { + /* Create a new PKCS#7 signature */ + p7 = pkcs7_create(ctx); + if (!p7) { + printf("Creating a new signature failed\n"); + return NULL; /* FAILED */ + } + if (ctx->options->jp >= 0 && !cab_add_jp_attribute(p7, ctx->options->jp)) { + printf("Adding jp attribute failed\n"); + PKCS7_free(p7); + return NULL; /* FAILED */ + } + if (!add_indirect_data_object(p7, hash, ctx)) { + printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); + PKCS7_free(p7); + return NULL; /* FAILED */ + } + } + if (ctx->options->nest) { + if (!cursig_set_nested(cursig, p7, ctx)) { + printf("Unable to append the nested signature to the current signature\n"); + PKCS7_free(p7); + PKCS7_free(cursig); + return NULL; /* FAILED */ + } + PKCS7_free(p7); + return cursig; + } + return p7; +} + +/* + * Append signature to the outfile. + * [in, out] ctx: structure holds input and output data (unused) + * [out] outdata: outdata file BIO + * [in] p7: PKCS#7 signature + * [returns] 1 on error or 0 on success + */ +static int cab_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) +{ + u_char *p = NULL; + int len; /* signature length */ + int padlen; /* signature padding length */ + + /* squash the unused parameter warning */ + (void)ctx; + + if (((len = i2d_PKCS7(p7, NULL)) <= 0) + || (p = OPENSSL_malloc((size_t)len)) == NULL) { + printf("i2d_PKCS memory allocation failed: %d\n", len); + return 1; /* FAILED */ + } + i2d_PKCS7(p7, &p); + p -= len; + padlen = (8 - len % 8) % 8; + BIO_write(outdata, p, len); + /* pad (with 0's) asn1 blob to 8 byte boundary */ + if (padlen > 0) { + memset(p, 0, (size_t)padlen); + BIO_write(outdata, p, padlen); + } + OPENSSL_free(p); + return 0; /* OK */ +} + +/* + * Update additional data size. + * Additional data size is located at offset 0x30 (from file beginning) + * and consist of 4 bytes (little-endian order). + * [in, out] ctx: structure holds input and output data + * [out] outdata: outdata file BIO + * [in] p7: PKCS#7 signature + * [returns] none + */ +static void cab_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) +{ + int len, padlen; + u_char buf[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + + if (ctx->options->cmd == CMD_VERIFY || ctx->options->cmd == CMD_EXTRACT + || ctx->options->cmd == CMD_REMOVE) { + return; + } + (void)BIO_seek(outdata, 0x30); + len = i2d_PKCS7(p7, NULL); + padlen = (8 - len % 8) % 8; + PUT_UINT32_LE(len + padlen, buf); + BIO_write(outdata, buf, 4); +} + +/* + * Free up an entire message digest BIO chain. + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO (unused) + * [returns] none + */ +static BIO *cab_bio_free(BIO *hash, BIO *outdata) +{ + /* squash the unused parameter warning */ + (void)outdata; + + BIO_free_all(hash); + return NULL; +} + +/* + * Deallocate a FILE_FORMAT_CTX structure and CAB format specific structure, + * unmap indata file, unlink outfile. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [in] outdata: outdata file BIO + * [returns] none + */ +static void cab_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + if (outdata) { + BIO_free_all(hash); + if (ctx->options->outfile) { +#ifdef WIN32 + _unlink(ctx->options->outfile); +#else + unlink(ctx->options->outfile); +#endif /* WIN32 */ + } + } + unmap_file(ctx->options->indata, ctx->cab_ctx->fileend); + OPENSSL_free(ctx->cab_ctx); + OPENSSL_free(ctx); +} + +/* + * CAB helper functions + */ + +/* + * Verify mapped CAB file and create CAB format specific structure. + * [in] indata: mapped CAB file + * [in] filesize: size of CAB file + * [returns] pointer to CAB format specific structure + */ +static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize) +{ + CAB_CTX *cab_ctx; + uint32_t reserved, header_size = 0, sigpos = 0, siglen = 0; + uint16_t flags; + + if (filesize < 44) { + printf("CAB file is too short\n"); + return NULL; /* FAILED */ + } + reserved = GET_UINT32_LE(indata + 4); + if (reserved) { + printf("Reserved1: 0x%08X\n", reserved); + return NULL; /* FAILED */ + } + /* flags specify bit-mapped values that indicate the presence of optional data */ + flags = GET_UINT16_LE(indata + 30); + if (flags & FLAG_PREV_CABINET) { + /* FLAG_NEXT_CABINET works */ + printf("Multivolume cabinet file is unsupported: flags 0x%04X\n", flags); + return NULL; /* FAILED */ + } + if (flags & FLAG_RESERVE_PRESENT) { + /* + * Additional headers is located at offset 36 (cbCFHeader, cbCFFolder, cbCFData); + * size of header (4 bytes, little-endian order) must be 20 (checkpoint). + */ + header_size = GET_UINT32_LE(indata + 36); + if (header_size != 20) { + printf("Additional header size: 0x%08X\n", header_size); + return NULL; /* FAILED */ + } + reserved = GET_UINT32_LE(indata + 40); + if (reserved != 0x00100000) { + printf("abReserved: 0x%08X\n", reserved); + return NULL; /* FAILED */ + } + /* + * File size is defined at offset 8, however if additional header exists, this size is not valid. + * sigpos - additional data offset is located at offset 44 (from file beginning) + * and consist of 4 bytes (little-endian order) + * siglen - additional data size is located at offset 48 (from file beginning) + * and consist of 4 bytes (little-endian order) + * If there are additional headers, size of the CAB archive file is calcualted + * as additional data offset plus additional data size. + */ + sigpos = GET_UINT32_LE(indata + 44); + siglen = GET_UINT32_LE(indata + 48); + if ((sigpos < filesize && sigpos + siglen != filesize) || (sigpos >= filesize)) { + printf("Additional data offset:\t%u bytes\nAdditional data size:\t%u bytes\n", + sigpos, siglen); + printf("File size:\t\t%u bytes\n", filesize); + return NULL; /* FAILED */ + } + if ((sigpos > 0 && siglen == 0) || (sigpos == 0 && siglen > 0)) { + printf("Corrupt signature\n"); + return NULL; /* FAILED */ + } + } + cab_ctx = OPENSSL_zalloc(sizeof(CAB_CTX)); + cab_ctx->header_size = header_size; + cab_ctx->sigpos = sigpos; + cab_ctx->siglen = siglen; + cab_ctx->fileend = filesize; + cab_ctx->flags = flags; + return cab_ctx; /* OK */ +} + +/* + * Add level of permissions in Microsoft Internet Explorer 4.x for CAB files, + * only low level is supported. + * [in, out] p7: PKCS#7 signature + * [in] jp: low (0) level + * [returns] 0 on error or 1 on success + */ +static int cab_add_jp_attribute(PKCS7 *p7, int jp) +{ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_SIGNER_INFO *si; + ASN1_STRING *astr; + const u_char *attrs = NULL; + const u_char java_attrs_low[] = { + 0x30, 0x06, 0x03, 0x02, 0x00, 0x01, 0x30, 0x00 + }; + + signer_info = PKCS7_get_signer_info(p7); + if (!signer_info) + return 0; /* FAILED */ + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) + return 0; /* FAILED */ + switch (jp) { + case 0: + attrs = java_attrs_low; + break; + case 1: + /* XXX */ + case 2: + /* XXX */ + default: + break; + } + if (attrs) { + astr = ASN1_STRING_new(); + ASN1_STRING_set(astr, attrs, sizeof java_attrs_low); + return PKCS7_add_signed_attribute(si, OBJ_txt2nid(MS_JAVA_SOMETHING), + V_ASN1_SEQUENCE, astr); + } + return 1; /* OK */ +} + +/* + * Write name of previous and next cabinet file. + * Multivolume cabinet file is unsupported TODO. + * [out] outdata: outdata file BIO + * [in] indata: mapped CAB file + * [in] len: offset + * [in] flags: FLAG_PREV_CABINET, FLAG_NEXT_CABINET + * [returns] offset + */ +static size_t cab_write_optional_names(BIO *outdata, char *indata, size_t i, uint16_t flags) +{ + if (flags & FLAG_PREV_CABINET) { + /* szCabinetPrev */ + while (GET_UINT8_LE(indata + i)) { + BIO_write(outdata, indata + i, 1); + i++; + } + BIO_write(outdata, indata + i, 1); + i++; + /* szDiskPrev */ + while (GET_UINT8_LE(indata + i)) { + BIO_write(outdata, indata + i, 1); + i++; + } + BIO_write(outdata, indata + i, 1); + i++; + } + if (flags & FLAG_NEXT_CABINET) { + /* szCabinetNext */ + while (GET_UINT8_LE(indata + i)) { + BIO_write(outdata, indata + i, 1); + i++; + } + BIO_write(outdata, indata + i, 1); + i++; + /* szDiskNext */ + while (GET_UINT8_LE(indata + i)) { + BIO_write(outdata, indata + i, 1); + i++; + } + BIO_write(outdata, indata + i, 1); + i++; + } + return i; +} + +/* + * Modify CAB header. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO + * [returns] 0 on error or 1 on success + */ +static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + size_t i, written, len; + uint16_t nfolders, flags; + u_char buf[] = {0x00, 0x00}; + + /* u1 signature[4] 4643534D MSCF: 0-3 */ + BIO_write(hash, ctx->options->indata, 4); + /* u4 reserved1 00000000: 4-7 */ + BIO_write(outdata, ctx->options->indata + 4, 4); + /* + * u4 cbCabinet - size of this cabinet file in bytes: 8-11 + * u4 reserved2 00000000: 12-15 + * u4 coffFiles - offset of the first CFFILE entry: 16-19 + * u4 reserved3 00000000: 20-23 + * u1 versionMinor 03: 24 + * u1 versionMajor 01: 25 + * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 + * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 + */ + BIO_write(hash, ctx->options->indata + 8, 22); + /* u2 flags: 30-31 */ + flags = GET_UINT16_LE(ctx->options->indata + 30); + PUT_UINT16_LE(flags, buf); + BIO_write(hash, buf, 2); + /* u2 setID must be the same for all cabinets in a set: 32-33 */ + BIO_write(hash, ctx->options->indata + 32, 2); + /* + * u2 iCabinet - number of this cabinet file in a set: 34-35 + * u2 cbCFHeader: 36-37 + * u1 cbCFFolder: 38 + * u1 cbCFData: 39 + * u16 abReserve: 40-55 + * - Additional data offset: 44-47 + * - Additional data size: 48-51 + */ + BIO_write(outdata, ctx->options->indata + 34, 22); + /* u4 abReserve: 56-59 */ + BIO_write(hash, ctx->options->indata + 56, 4); + + i = cab_write_optional_names(outdata, ctx->options->indata, 60, flags); + /* + * (u8 * cFolders) CFFOLDER - structure contains information about + * one of the folders or partial folders stored in this cabinet file + */ + nfolders = GET_UINT16_LE(ctx->options->indata + 26); + while (nfolders) { + BIO_write(hash, ctx->options->indata + i, 8); + i += 8; + nfolders--; + } + /* Write what's left - the compressed data bytes */ + len = ctx->cab_ctx->sigpos - i; + while (len > 0) { + if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written)) + return 0; /* FAILED */ + len -= written; + i += written; + } + return 1; /* OK */ +} + +/* + * Add signed CAB header. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO + * [returns] 0 on error or 1 on success + */ +static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + size_t i, written, len; + uint32_t tmp; + uint16_t nfolders, flags; + u_char cabsigned[] = { + 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, + 0xde, 0xad, 0xbe, 0xef, /* size of cab file */ + 0xde, 0xad, 0xbe, 0xef, /* size of asn1 blob */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + char *buf = OPENSSL_malloc(SIZE_64K); + memset(buf, 0, SIZE_64K); + + /* u1 signature[4] 4643534D MSCF: 0-3 */ + BIO_write(hash, ctx->options->indata, 4); + /* u4 reserved1 00000000: 4-7 */ + BIO_write(outdata, ctx->options->indata + 4, 4); + /* u4 cbCabinet - size of this cabinet file in bytes: 8-11 */ + tmp = GET_UINT32_LE(ctx->options->indata + 8) + 24; + PUT_UINT32_LE(tmp, buf); + BIO_write(hash, buf, 4); + /* u4 reserved2 00000000: 12-15 */ + BIO_write(hash, ctx->options->indata + 12, 4); + /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ + tmp = GET_UINT32_LE(ctx->options->indata + 16) + 24; + PUT_UINT32_LE(tmp, buf + 4); + BIO_write(hash, buf + 4, 4); + /* + * u4 reserved3 00000000: 20-23 + * u1 versionMinor 03: 24 + * u1 versionMajor 01: 25 + * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 + * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 + */ + memcpy(buf + 4, ctx->options->indata + 20, 10); + flags = GET_UINT16_LE(ctx->options->indata + 30); + buf[4+10] = (char)flags | FLAG_RESERVE_PRESENT; + /* u2 setID must be the same for all cabinets in a set: 32-33 */ + memcpy(buf + 16, ctx->options->indata + 32, 2); + BIO_write(hash, buf + 4, 14); + /* u2 iCabinet - number of this cabinet file in a set: 34-35 */ + BIO_write(outdata, ctx->options->indata + 34, 2); + memcpy(cabsigned + 8, buf, 4); + BIO_write(outdata, cabsigned, 20); + BIO_write(hash, cabsigned+20, 4); + + i = cab_write_optional_names(outdata, ctx->options->indata, 36, flags); + /* + * (u8 * cFolders) CFFOLDER - structure contains information about + * one of the folders or partial folders stored in this cabinet file + */ + nfolders = GET_UINT16_LE(ctx->options->indata + 26); + while (nfolders) { + tmp += 24; + PUT_UINT32_LE(tmp, buf); + BIO_write(hash, buf, 4); + BIO_write(hash, ctx->options->indata + i + 4, 4); + i += 8; + nfolders--; + } + OPENSSL_free(buf); + /* Write what's left - the compressed data bytes */ + len = ctx->cab_ctx->fileend - i; + while (len > 0) { + if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written)) + return 0; /* FAILED */ + len -= written; + i += written; + } + return 1; /* OK */ +} + +/* +Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: t +End: + + vim: set ts=4 noexpandtab: +*/ diff --git a/cat.c b/cat.c new file mode 100644 index 0000000..07c286c --- /dev/null +++ b/cat.c @@ -0,0 +1,263 @@ +/* + * CAT file support library + * + * Copyright (C) 2021-2023 Michał Trojnara + * Author: Małgorzata Olszówka + * + * Catalog files are a bit odd, in that they are only a PKCS7 blob. + */ + +#include "osslsigncode.h" +#include "helpers.h" + +const u_char pkcs7_signed_data[] = { + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x07, 0x02, +}; + +struct cat_ctx_st { + uint32_t sigpos; + uint32_t siglen; + uint32_t fileend; +}; + +/* FILE_FORMAT method prototypes */ +static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); +static PKCS7 *cat_pkcs7_extract(FILE_FORMAT_CTX *ctx); +static PKCS7 *cat_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static int cat_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); +static BIO *cat_bio_free(BIO *hash, BIO *outdata); +static void cat_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); + +FILE_FORMAT file_format_cat = { + .ctx_new = cat_ctx_new, + .pkcs7_extract = cat_pkcs7_extract, + .pkcs7_prepare = cat_pkcs7_prepare, + .append_pkcs7 = cat_append_pkcs7, + .bio_free = cat_bio_free, + .ctx_cleanup = cat_ctx_cleanup, +}; + +/* Prototypes */ +static CAT_CTX *cat_ctx_get(char *indata, uint32_t filesize); + +/* + * FILE_FORMAT method definitions + */ + +/* + * Allocate and return a CAT file format context. + * [in, out] options: structure holds the input data + * [out] hash: message digest BIO (unused) + * [in] outdata: outdata file BIO (unused) + * [returns] pointer to CAT file format context + */ +static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) +{ + FILE_FORMAT_CTX *ctx; + CAT_CTX *cat_ctx; + uint32_t filesize; + + /* squash unused parameter warnings */ + (void)outdata; + (void)hash; + + if (options->cmd == CMD_REMOVE || options->cmd==CMD_ATTACH) { + printf("Unsupported command\n"); + return NULL; /* FAILED */ + } + if (options->cmd == CMD_VERIFY) { + printf("Use -catalog option\n"); + return NULL; /* FAILED */ + } + filesize = get_file_size(options->infile); + if (filesize == 0) + return NULL; /* FAILED */ + + options->indata = map_file(options->infile, filesize); + if (!options->indata) { + return NULL; /* FAILED */ + } + /* the maximum size of a supported cat file is (2^24 -1) bytes */ + if (memcmp(options->indata + ((GET_UINT8_LE(options->indata+1) == 0x82) ? 4 : 5), + pkcs7_signed_data, sizeof pkcs7_signed_data)) { + unmap_file(options->infile, filesize); + return NULL; /* FAILED */ + } + cat_ctx = cat_ctx_get(options->indata, filesize); + if (!cat_ctx) { + unmap_file(options->infile, filesize); + return NULL; /* FAILED */ + } + ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); + ctx->format = &file_format_cat; + ctx->options = options; + ctx->cat_ctx = cat_ctx; + + /* Push hash on outdata, if hash is NULL the function does nothing */ + BIO_push(hash, outdata); + + if (options->nest) + /* I've not tried using set_nested_signature as signtool won't do this */ + printf("Warning: CAT files do not support nesting\n"); + if (options->jp >= 0) + printf("Warning: -jp option is only valid for CAB files\n"); + if (options->pagehash == 1) + printf("Warning: -ph option is only valid for PE files\n"); + if (options->add_msi_dse == 1) + printf("Warning: -add-msi-dse option is only valid for MSI files\n"); + return ctx; +} + +/* + * Extract existing signature in DER format. + * [in] ctx: structure holds input and output data + * [returns] pointer to PKCS#7 structure + */ +static PKCS7 *cat_pkcs7_extract(FILE_FORMAT_CTX *ctx) +{ + return pkcs7_get(ctx->options->indata, ctx->cat_ctx->sigpos, ctx->cat_ctx->siglen); +} + +/* + * Obtain an existing signature or create a new one. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO (unused) + * [out] outdata: outdata file BIO (unused) + * [returns] pointer to PKCS#7 structure + */ +static PKCS7 *cat_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + PKCS7 *cursig = NULL, *p7 = NULL; + + /* squash unused parameter warnings */ + (void)outdata; + (void)hash; + + /* Obtain an existing signature */ + cursig = pkcs7_get(ctx->options->indata, ctx->cat_ctx->sigpos, ctx->cat_ctx->siglen); + if (!cursig) { + printf("Unable to extract existing signature\n"); + return NULL; /* FAILED */ + } + if (ctx->options->cmd == CMD_ADD || ctx->options->cmd == CMD_ATTACH) { + p7 = cursig; + } else if (ctx->options->cmd == CMD_SIGN) { + /* Create a new signature */ + p7 = pkcs7_create(ctx); + if (!p7) { + printf("Creating a new signature failed\n"); + PKCS7_free(cursig); + return NULL; /* FAILED */ + } + if (!add_ms_ctl_object(p7, cursig)) { + printf("Adding MS_CTL_OBJID failed\n"); + PKCS7_free(p7); + PKCS7_free(cursig); + return NULL; /* FAILED */ + } + PKCS7_free(cursig); + } + return p7; /* OK */ +} + +/* + * Append signature to the outfile. + * [in, out] ctx: structure holds input and output data (unused) + * [out] outdata: outdata file BIO + * [in] p7: PKCS#7 signature + * [returns] 1 on error or 0 on success + */ +static int cat_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) +{ + u_char *p = NULL; + int len; /* signature length */ + + /* squash the unused parameter warning */ + (void)ctx; + + if (((len = i2d_PKCS7(p7, NULL)) <= 0) + || (p = OPENSSL_malloc((size_t)len)) == NULL) { + printf("i2d_PKCS memory allocation failed: %d\n", len); + return 1; /* FAILED */ + } + i2d_PKCS7(p7, &p); + p -= len; + i2d_PKCS7_bio(outdata, p7); + OPENSSL_free(p); + return 0; /* OK */ +} + +/* + * Free up an entire message digest BIO chain. + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO (unused) + * [returns] none + */ +static BIO *cat_bio_free(BIO *hash, BIO *outdata) +{ + /* squash the unused parameter warning */ + (void)outdata; + + BIO_free_all(hash); + return NULL; +} + +/* + * Deallocate a FILE_FORMAT_CTX structure and CAT format specific structure, + * unmap indata file, unlink outfile. + * [in, out] ctx: structure holds all input and output data + * [out] hash: message digest BIO + * [in] outdata: outdata file BIO + * [returns] none + */ +static void cat_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + if (outdata) { + BIO_free_all(hash); + if (ctx->options->outfile) { +#ifdef WIN32 + _unlink(ctx->options->outfile); +#else + unlink(ctx->options->outfile); +#endif /* WIN32 */ + } + } + unmap_file(ctx->options->indata, ctx->cat_ctx->fileend); + OPENSSL_free(ctx->cat_ctx); + OPENSSL_free(ctx); +} + +/* + * CAT helper functions + */ + +/* + * Verify mapped CAT file TODO and create CAT format specific structure. + * [in] indata: mapped CAT file (unused) + * [in] filesize: size of CAT file + * [returns] pointer to CAT format specific structure + */ +static CAT_CTX *cat_ctx_get(char *indata, uint32_t filesize) +{ + CAT_CTX *cat_ctx; + + /* squash the unused parameter warning */ + (void)indata; + + cat_ctx = OPENSSL_zalloc(sizeof(CAT_CTX)); + cat_ctx->sigpos = 0; + cat_ctx->siglen = filesize; + cat_ctx->fileend = filesize; + return cat_ctx; /* OK */ +} + +/* +Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: t +End: + + vim: set ts=4 noexpandtab: +*/ diff --git a/cmake/CMakeTest.cmake b/cmake/CMakeTest.cmake index 44f1d30..b95ae00 100644 --- a/cmake/CMakeTest.cmake +++ b/cmake/CMakeTest.cmake @@ -60,6 +60,7 @@ set(verify_opt "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" ) +# TODO "cat" extension set(extensions_4 "exe" "ex_" "msi" "cat") set(extensions_3 "exe" "ex_" "msi") set(files_4 "legacy" "signed" "nested" "added") @@ -168,9 +169,25 @@ foreach(ext ${extensions_4}) ) endforeach() +foreach(ext ${extensions_3}) + # Signature verification time: Sep 1 00:00:00 2019 GMT + add_test( + NAME verify_catalog_${ext} + COMMAND osslsigncode "verify" ${verify_opt} + "-catalog" "${FILES}/signed.cat" + "-time" "1567296000" + "-require-leaf-hash" "SHA256:${leafhash}" + "-in" "${FILES}/unsigned.${ext}" + ) + set_tests_properties(verify_catalog_${ext} PROPERTIES + DEPENDS ${file}_${ext} + REQUIRED_FILES "${FILES}/unsigned.${ext}" + ) +endforeach() + foreach(file ${files_4}) - foreach(ext ${extensions_4}) + foreach(ext ${extensions_3}) # Signature verification time: Sep 1 00:00:00 2019 GMT add_test( NAME verify_${file}_${ext} @@ -222,7 +239,7 @@ if(Python3_FOUND) endforeach() endforeach() - foreach(ext ${extensions_4}) + foreach(ext ${extensions_3}) # Signature verification time: Sep 1 00:00:00 2019 GMT add_test( NAME verify_ts_cert_${ext} @@ -237,7 +254,7 @@ if(Python3_FOUND) endforeach() # Signature verification time: Jan 1 00:00:00 2035 GMT - foreach(ext ${extensions_4}) + foreach(ext ${extensions_3}) add_test( NAME verify_ts_future_${ext} COMMAND osslsigncode "verify" ${verify_opt} @@ -252,7 +269,7 @@ if(Python3_FOUND) # Signature verification time: Jan 1 00:00:00 2035 GMT # enabled "-ignore-timestamp" option - foreach(ext ${extensions_4}) + foreach(ext ${extensions_3}) add_test( NAME verify_ts_ignore_${ext} COMMAND osslsigncode "verify" ${verify_opt} @@ -269,7 +286,7 @@ if(Python3_FOUND) # Signature verification time: Sep 1 00:00:00 2019 GMT # Certificate has expired or revoked - foreach(ext ${extensions_4}) + foreach(ext ${extensions_3}) foreach(cert ${failed_certs}) add_test( NAME verify_ts_${cert}_${ext} diff --git a/helpers.c b/helpers.c new file mode 100644 index 0000000..ed12449 --- /dev/null +++ b/helpers.c @@ -0,0 +1,736 @@ +/* + * osslsigncode support library + * + * Copyright (C) 2021-2023 Michał Trojnara + * Author: Małgorzata Olszówka + */ + +#include "osslsigncode.h" +#include "helpers.h" + +/* Prototypes */ +static int pkcs7_set_content_blob(PKCS7 *sig, PKCS7 *cursig); +static SpcSpOpusInfo *spc_sp_opus_info_create(FILE_FORMAT_CTX *ctx); +static int X509_attribute_chain_append_signature(STACK_OF(X509_ATTRIBUTE) **unauth_attr, u_char *p, int len); +static int spc_indirect_data_content_get(u_char **blob, int *len, FILE_FORMAT_CTX *ctx); +static int pkcs7_set_spc_indirect_data_content(PKCS7 *p7, BIO *hash, u_char *buf, int len); +static int pkcs7_signer_info_add_spc_sp_opus_info(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); +static int pkcs7_signer_info_add_purpose(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); +static int pkcs7_signer_info_add_signing_time(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); + +/* + * Common functions + */ + +/* + * [in] infile + * [returns] file size + */ +uint32_t get_file_size(const char *infile) +{ + int ret; +#ifdef _WIN32 + struct _stat64 st; + ret = _stat64(infile, &st); +#else + struct stat st; + ret = stat(infile, &st); +#endif + if (ret) { + printf("Failed to open file: %s\n", infile); + return 0; + } + + if (st.st_size < 4) { + printf("Unrecognized file type - file is too short: %s\n", infile); + return 0; + } + if (st.st_size > UINT32_MAX) { + printf("Unsupported file - too large: %s\n", infile); + return 0; + } + return (uint32_t)st.st_size; +} + +/* + * [in] infile: starting address for the new mapping + * [returns] pointer to the mapped area + */ +char *map_file(const char *infile, const size_t size) +{ + char *indata = NULL; +#ifdef WIN32 + HANDLE fhandle, fmap; + (void)size; + fhandle = CreateFile(infile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); + if (fhandle == INVALID_HANDLE_VALUE) { + return NULL; + } + fmap = CreateFileMapping(fhandle, NULL, PAGE_READONLY, 0, 0, NULL); + CloseHandle(fhandle); + if (fmap == NULL) { + return NULL; + } + indata = (char *)MapViewOfFile(fmap, FILE_MAP_READ, 0, 0, 0); + CloseHandle(fmap); +#else +#ifdef HAVE_SYS_MMAN_H + int fd = open(infile, O_RDONLY); + if (fd < 0) { + return NULL; + } + indata = mmap(0, size, PROT_READ, MAP_PRIVATE, fd, 0); + if (indata == MAP_FAILED) { + close(fd); + return NULL; + } + close(fd); +#else + printf("No file mapping function\n"); + return NULL; +#endif /* HAVE_SYS_MMAN_H */ +#endif /* WIN32 */ + return indata; +} + +/* + * [in] indata: starting address space + * [in] size: mapped area length + * [returns] none + */ +void unmap_file(char *indata, const size_t size) +{ + if (!indata) + return; +#ifdef WIN32 + (void)size; + UnmapViewOfFile(indata); +#else + munmap(indata, size); +#endif /* WIN32 */ +} + +/* + * [in, out] si: PKCS7_SIGNER_INFO structure + * [in] ctx: FILE_FORMAT_CTX structure + * [returns] 0 on error or 1 on success + */ +static int pkcs7_signer_info_add_spc_sp_opus_info(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) +{ + SpcSpOpusInfo *opus; + ASN1_STRING *astr; + int len; + u_char *p = NULL; + + opus = spc_sp_opus_info_create(ctx); + if ((len = i2d_SpcSpOpusInfo(opus, NULL)) <= 0 + || (p = OPENSSL_malloc((size_t)len)) == NULL) { + SpcSpOpusInfo_free(opus); + return 0; /* FAILED */ + } + i2d_SpcSpOpusInfo(opus, &p); + p -= len; + astr = ASN1_STRING_new(); + ASN1_STRING_set(astr, p, len); + OPENSSL_free(p); + SpcSpOpusInfo_free(opus); + return PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_SP_OPUS_INFO_OBJID), + V_ASN1_SEQUENCE, astr); +} + +/* + * [in, out] si: PKCS7_SIGNER_INFO structure + * [in] ctx: structure holds input and output data + * [returns] 0 on error or 1 on success + */ +static int pkcs7_signer_info_add_purpose(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) +{ + static const u_char purpose_ind[] = { + 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x82, 0x37, 0x02, 0x01, 0x15 + }; + static const u_char purpose_comm[] = { + 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x82, 0x37, 0x02, 0x01, 0x16 + }; + ASN1_STRING *purpose = ASN1_STRING_new(); + + if (ctx->options->comm) { + ASN1_STRING_set(purpose, purpose_comm, sizeof purpose_comm); + } else { + ASN1_STRING_set(purpose, purpose_ind, sizeof purpose_ind); + } + return PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_STATEMENT_TYPE_OBJID), + V_ASN1_SEQUENCE, purpose); +} + +/* + * Add a custom, non-trusted time to the PKCS7 structure to prevent OpenSSL + * adding the _current_ time. This allows to create a deterministic signature + * when no trusted timestamp server was specified, making osslsigncode + * behaviour closer to signtool.exe (which doesn't include any non-trusted + * time in this case.) + * [in, out] si: PKCS7_SIGNER_INFO structure + * [in] ctx: structure holds input and output data + * [returns] 0 on error or 1 on success + */ +static int pkcs7_signer_info_add_signing_time(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) +{ + if (ctx->options->time == INVALID_TIME) /* -time option was not specified */ + return 1; /* SUCCESS */ + return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, V_ASN1_UTCTIME, + ASN1_TIME_adj(NULL, ctx->options->time, 0, 0)); +} + +/* + * Retrieve a decoded PKCS#7 structure corresponding to the signature + * stored in the "sigin" file + * CMD_ATTACH command specific + * [in] ctx: structure holds input and output data + * [returns] pointer to PKCS#7 structure + */ +PKCS7 *pkcs7_get_sigfile(FILE_FORMAT_CTX *ctx) +{ + PKCS7 *p7 = NULL; + uint32_t filesize; + char *indata; + BIO *bio; + const char pemhdr[] = "-----BEGIN PKCS7-----"; + + filesize = get_file_size(ctx->options->sigfile); + if (!filesize) { + return NULL; /* FAILED */ + } + indata = map_file(ctx->options->sigfile, filesize); + if (!indata) { + printf("Failed to open file: %s\n", ctx->options->sigfile); + return NULL; /* FAILED */ + } + bio = BIO_new_mem_buf(indata, (int)filesize); + if (filesize >= sizeof pemhdr && !memcmp(indata, pemhdr, sizeof pemhdr - 1)) { + /* PEM format */ + p7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL); + } else { /* DER format */ + p7 = d2i_PKCS7_bio(bio, NULL); + } + BIO_free_all(bio); + unmap_file(indata, filesize); + return p7; +} + +/* + * Allocate, set type, add content and return a new PKCS#7 signature + * [in] ctx: structure holds input and output data + * [returns] pointer to PKCS#7 structure + */ +PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx) +{ + int i, signer = -1; + PKCS7 *p7; + PKCS7_SIGNER_INFO *si = NULL; + + p7 = PKCS7_new(); + PKCS7_set_type(p7, NID_pkcs7_signed); + + if (ctx->options->cert != NULL) { + /* + * the private key and corresponding certificate are parsed from the PKCS12 + * structure or loaded from the security token, so we may omit to check + * the consistency of a private key with the public key in an X509 certificate + */ + si = PKCS7_add_signature(p7, ctx->options->cert, ctx->options->pkey, + ctx->options->md); + if (si == NULL) + return NULL; /* FAILED */ + } else { + /* find the signer's certificate located somewhere in the whole certificate chain */ + for (i=0; ioptions->certs); i++) { + X509 *signcert = sk_X509_value(ctx->options->certs, i); + if (X509_check_private_key(signcert, ctx->options->pkey)) { + si = PKCS7_add_signature(p7, signcert, ctx->options->pkey, ctx->options->md); + signer = i; + break; + } + } + if (si == NULL) { + printf("Failed to checking the consistency of a private key: %s\n", + ctx->options->keyfile); + printf(" with a public key in any X509 certificate: %s\n\n", + ctx->options->certfile); + return NULL; /* FAILED */ + } + } + pkcs7_signer_info_add_signing_time(si, ctx); + + if (!pkcs7_signer_info_add_purpose(si, ctx)) + return NULL; /* FAILED */ + + if ((ctx->options->desc || ctx->options->url) && + !pkcs7_signer_info_add_spc_sp_opus_info(si, ctx)) { + printf("Couldn't allocate memory for opus info\n"); + return NULL; /* FAILED */ + } + PKCS7_content_new(p7, NID_pkcs7_data); + + /* add the signer's certificate */ + if (ctx->options->cert != NULL) + PKCS7_add_certificate(p7, ctx->options->cert); + if (signer != -1) + PKCS7_add_certificate(p7, sk_X509_value(ctx->options->certs, signer)); + + /* add the certificate chain */ + for (i=0; ioptions->certs); i++) { + if (i == signer) + continue; + PKCS7_add_certificate(p7, sk_X509_value(ctx->options->certs, i)); + } + /* add all cross certificates */ + if (ctx->options->xcerts) { + for (i=0; ioptions->xcerts); i++) + PKCS7_add_certificate(p7, sk_X509_value(ctx->options->xcerts, i)); + } + /* add crls */ + if (ctx->options->crls) { + for (i=0; ioptions->crls); i++) + PKCS7_add_crl(p7, sk_X509_CRL_value(ctx->options->crls, i)); + } + return p7; /* OK */ +} + +/* + * [in, out] p7: new PKCS#7 signature + * [in] hash: message digest BIO + * [returns] 0 on error or 1 on success + */ +int add_indirect_data_object(PKCS7 *p7, BIO *hash, FILE_FORMAT_CTX *ctx) +{ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_SIGNER_INFO *si; + + signer_info = PKCS7_get_signer_info(p7); + if (!signer_info) + return 0; /* FAILED */ + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) + return 0; /* FAILED */ + if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1))) + return 0; /* FAILED */ + if (!pkcs7_set_data_content(p7, hash, ctx)) { + printf("Signing failed\n"); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + +/* + * [in, out] p7: new PKCS#7 signature + * [in] cursig: current PKCS#7 signature + * [returns] 0 on error or 1 on success + */ +int add_ms_ctl_object(PKCS7 *p7, PKCS7 *cursig) +{ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_SIGNER_INFO *si; + + signer_info = PKCS7_get_signer_info(p7); + if (!signer_info) + return 0; /* FAILED */ + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) + return 0; /* FAILED */ + if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, OBJ_txt2obj(MS_CTL_OBJID, 1))) + return 0; /* FAILED */ + if (!pkcs7_set_content_blob(p7, cursig)) { + printf("Signing failed\n"); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + +static int pkcs7_set_content_blob(PKCS7 *sig, PKCS7 *cursig) +{ + PKCS7 *contents; + u_char *content; + int seqhdrlen, content_length; + BIO *sigbio; + + contents = cursig->d.sign->contents; + seqhdrlen = asn1_simple_hdr_len(contents->d.other->value.sequence->data, + contents->d.other->value.sequence->length); + content = contents->d.other->value.sequence->data + seqhdrlen; + content_length = contents->d.other->value.sequence->length - seqhdrlen; + + if ((sigbio = PKCS7_dataInit(sig, NULL)) == NULL) { + printf("PKCS7_dataInit failed\n"); + return 0; /* FAILED */ + } + BIO_write(sigbio, content, content_length); + (void)BIO_flush(sigbio); + if (!PKCS7_dataFinal(sig, sigbio)) { + printf("PKCS7_dataFinal failed\n"); + return 0; /* FAILED */ + } + BIO_free_all(sigbio); + if (!PKCS7_set_content(sig, PKCS7_dup(contents))) { + printf("PKCS7_set_content failed\n"); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + +/* + * Add the new signature to the current signature as a nested signature: + * new unauthorized SPC_NESTED_SIGNATURE_OBJID attribute + * [out] cursig: current PKCS#7 signature + * [in] p7: new PKCS#7 signature + * [in] ctx: structure holds input and output data + * [returns] 0 on error or 1 on success + */ +int cursig_set_nested(PKCS7 *cursig, PKCS7 *p7, FILE_FORMAT_CTX *ctx) +{ + u_char *p = NULL; + int len = 0; + PKCS7_SIGNER_INFO *si; + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + + if (!cursig) + return 0; /* FAILED */ + signer_info = PKCS7_get_signer_info(cursig); + if (!signer_info) + return 0; /* FAILED */ + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) + return 0; /* FAILED */ + if (((len = i2d_PKCS7(p7, NULL)) <= 0) || + (p = OPENSSL_malloc((size_t)len)) == NULL) + return 0; /* FAILED */ + i2d_PKCS7(p7, &p); + p -= len; + + pkcs7_signer_info_add_signing_time(si, ctx); + if (!X509_attribute_chain_append_signature(&(si->unauth_attr), p, len)) { + OPENSSL_free(p); + return 0; /* FAILED */ + } + OPENSSL_free(p); + return 1; /* OK */ +} + +/* Return the header length (tag and length octets) of the ASN.1 type + * [in] p: ASN.1 data + * [in] len: ASN.1 data length + * [returns] header length + */ +int asn1_simple_hdr_len(const u_char *p, int len) +{ + if (len <= 2 || p[0] > 0x31) + return 0; + return (p[1]&0x80) ? (2 + (p[1]&0x7f)) : 2; +} + +/* + * [in, out] hash: BIO with message digest method + * [in] indata: starting address space + * [in] idx: offset + * [in] fileend: the length of the hashed area + * [returns] 0 on error or 1 on success + */ +int bio_hash_data(BIO *hash, char *indata, size_t idx, size_t fileend) +{ + while (idx < fileend) { + size_t want, written; + want = fileend - idx; + if (want > SIZE_64K) + want = SIZE_64K; + if (!BIO_write_ex(hash, indata + idx, want, &written)) + return 0; /* FAILED */ + idx += written; + } + return 1; /* OK */ +} + +/* + * [in] descript1, descript2: descriptions + * [in] mdbuf: message digest + * [in] len: message digest length + * [returns] none + */ +void print_hash(const char *descript1, const char *descript2, const u_char *mdbuf, int len) +{ + char *hexbuf = NULL; + int size, i, j = 0; + + size = 2 * len + 1; + hexbuf = OPENSSL_malloc((size_t)size); + for (i = 0; i < len; i++) { +#ifdef WIN32 + j += sprintf_s(hexbuf + j, size - j, "%02X", mdbuf[i]); +#else + j += sprintf(hexbuf + j, "%02X", mdbuf[i]); +#endif /* WIN32 */ + } + printf("%s: %s %s\n", descript1, hexbuf, descript2); + OPENSSL_free(hexbuf); +} + +/* + * [in] p7: new PKCS#7 signature + * [in] objid: Microsoft OID Authenticode + * [returns] 0 on error or 1 on success + */ +int is_content_type(PKCS7 *p7, const char *objid) +{ + ASN1_OBJECT *indir_objid; + int ret; + + indir_objid = OBJ_txt2obj(objid, 1); + ret = p7 && PKCS7_type_is_signed(p7) && + !OBJ_cmp(p7->d.sign->contents->type, indir_objid) && + (p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE || + p7->d.sign->contents->d.other->type == V_ASN1_OCTET_STRING); + ASN1_OBJECT_free(indir_objid); + return ret; +} + +/* + * [out] p7: new PKCS#7 signature + * [in] hash: message digest BIO + * [in] ctx: structure holds input and output data + * [returns] 0 on error or 1 on success + */ +int pkcs7_set_data_content(PKCS7 *p7, BIO *hash, FILE_FORMAT_CTX *ctx) +{ + u_char *p = NULL; + int len = 0; + u_char *buf; + + if (!spc_indirect_data_content_get(&p, &len, ctx)) + return 0; /* FAILED */ + buf = OPENSSL_malloc(SIZE_64K); + memcpy(buf, p, (size_t)len); + OPENSSL_free(p); + if (!pkcs7_set_spc_indirect_data_content(p7, hash, buf, len)) { + OPENSSL_free(buf); + return 0; /* FAILED */ + } + OPENSSL_free(buf); + + return 1; /* OK */ +} + +/* + * PE and CAB format specific + * [in] none + * [returns] pointer to SpcLink + */ +SpcLink *spc_link_obsolete_get(void) +{ + const u_char obsolete[] = { + 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, + 0x00, 0x62, 0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, + 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, 0x3e, + 0x00, 0x3e, 0x00, 0x3e + }; + SpcLink *link = SpcLink_new(); + link->type = 2; + link->value.file = SpcString_new(); + link->value.file->type = 0; + link->value.file->value.unicode = ASN1_BMPSTRING_new(); + ASN1_STRING_set(link->value.file->value.unicode, obsolete, sizeof obsolete); + return link; +} + +/* + * Retrieve a decoded PKCS#7 structure + * [in] indata: mapped file + * [in] sigpos: signature data offset + * [in] siglen: signature data size + * [returns] pointer to PKCS#7 structure + */ +PKCS7 *pkcs7_get(char *indata, uint32_t sigpos, uint32_t siglen) +{ + PKCS7 *p7 = NULL; + const u_char *blob; + + blob = (u_char *)indata + sigpos; + p7 = d2i_PKCS7(NULL, &blob, siglen); + return p7; +} + +/* + * [in] mdbuf, cmdbuf: message digests + * [in] mdtype: message digest algorithm type + * [returns] 0 on error or 1 on success + */ +int compare_digests(u_char *mdbuf, u_char *cmdbuf, int mdtype) +{ + int mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); + int mdok = !memcmp(mdbuf, cmdbuf, (size_t)mdlen); + printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); + print_hash("Current message digest ", "", mdbuf, mdlen); + print_hash("Calculated message digest ", mdok ? "\n" : " MISMATCH!!!\n", cmdbuf, mdlen); + return mdok; +} + +/* + * Helper functions + */ + +/* + * [in] ctx: FILE_FORMAT_CTX structure + * [returns] pointer to SpcSpOpusInfo structure + */ +static SpcSpOpusInfo *spc_sp_opus_info_create(FILE_FORMAT_CTX *ctx) +{ + SpcSpOpusInfo *info = SpcSpOpusInfo_new(); + + if (ctx->options->desc) { + info->programName = SpcString_new(); + info->programName->type = 1; + info->programName->value.ascii = ASN1_IA5STRING_new(); + ASN1_STRING_set((ASN1_STRING *)info->programName->value.ascii, + ctx->options->desc, (int)strlen(ctx->options->desc)); + } + if (ctx->options->url) { + info->moreInfo = SpcLink_new(); + info->moreInfo->type = 0; + info->moreInfo->value.url = ASN1_IA5STRING_new(); + ASN1_STRING_set((ASN1_STRING *)info->moreInfo->value.url, + ctx->options->url, (int)strlen(ctx->options->url)); + } + return info; +} + +/* + * [in, out] unauth_attr: unauthorized attributes list + * [in] p: PKCS#7 data + * [in] len: PKCS#7 data length + * [returns] 0 on error or 1 on success + */ +static int X509_attribute_chain_append_signature(STACK_OF(X509_ATTRIBUTE) **unauth_attr, u_char *p, int len) +{ + X509_ATTRIBUTE *attr = NULL; + int nid = OBJ_txt2nid(SPC_NESTED_SIGNATURE_OBJID); + + if (*unauth_attr == NULL) { + if ((*unauth_attr = sk_X509_ATTRIBUTE_new_null()) == NULL) + return 0; /* FAILED */ + } else { + /* try to find SPC_NESTED_SIGNATURE_OBJID attribute */ + int i; + for (i = 0; i < sk_X509_ATTRIBUTE_num(*unauth_attr); i++) { + attr = sk_X509_ATTRIBUTE_value(*unauth_attr, i); + if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { + /* append p to the V_ASN1_SEQUENCE */ + if (!X509_ATTRIBUTE_set1_data(attr, V_ASN1_SEQUENCE, p, len)) + return 0; /* FAILED */ + return 1; /* OK */ + } + } + } + /* create new unauthorized SPC_NESTED_SIGNATURE_OBJID attribute */ + attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, V_ASN1_SEQUENCE, p, len); + if (!attr) + return 0; /* FAILED */ + if (!sk_X509_ATTRIBUTE_push(*unauth_attr, attr)) { + X509_ATTRIBUTE_free(attr); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + +/* + * [out] blob: SpcIndirectDataContent data + * [out] len: SpcIndirectDataContent data length + * [in] ctx: FILE_FORMAT_CTX structure + * [returns] 0 on error or 1 on success + */ +static int spc_indirect_data_content_get(u_char **blob, int *len, FILE_FORMAT_CTX *ctx) +{ + u_char *p = NULL; + int hashlen, l = 0; + void *hash; + SpcIndirectDataContent *idc = SpcIndirectDataContent_new(); + + idc->data->value = ASN1_TYPE_new(); + idc->data->value->type = V_ASN1_SEQUENCE; + idc->data->value->value.sequence = ASN1_STRING_new(); + idc->data->type = ctx->format->data_blob_get(&p, &l, ctx); + idc->data->value->value.sequence->data = p; + idc->data->value->value.sequence->length = l; + idc->messageDigest->digestAlgorithm->algorithm = OBJ_nid2obj(EVP_MD_nid(ctx->options->md)); + idc->messageDigest->digestAlgorithm->parameters = ASN1_TYPE_new(); + idc->messageDigest->digestAlgorithm->parameters->type = V_ASN1_NULL; + + hashlen = EVP_MD_size(ctx->options->md); + hash = OPENSSL_malloc((size_t)hashlen); + memset(hash, 0, (size_t)hashlen); + ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen); + OPENSSL_free(hash); + + *len = i2d_SpcIndirectDataContent(idc, NULL); + *blob = OPENSSL_malloc((size_t)*len); + p = *blob; + i2d_SpcIndirectDataContent(idc, &p); + SpcIndirectDataContent_free(idc); + *len -= EVP_MD_size(ctx->options->md); + return 1; /* OK */ +} + +/* + * Replace the data part with the MS Authenticode spcIndirectDataContent blob + * [out] p7: new PKCS#7 signature + * [in] hash: message digest BIO + * [in] blob: SpcIndirectDataContent data + * [in] len: SpcIndirectDataContent data length + * [returns] 0 on error or 1 on success + */ +static int pkcs7_set_spc_indirect_data_content(PKCS7 *p7, BIO *hash, u_char *buf, int len) +{ + u_char mdbuf[EVP_MAX_MD_SIZE]; + int mdlen, seqhdrlen; + BIO *bio; + PKCS7 *td7; + + mdlen = BIO_gets(hash, (char*)mdbuf, EVP_MAX_MD_SIZE); + memcpy(buf+len, mdbuf, (size_t)mdlen); + seqhdrlen = asn1_simple_hdr_len(buf, len); + + if ((bio = PKCS7_dataInit(p7, NULL)) == NULL) { + printf("PKCS7_dataInit failed\n"); + return 0; /* FAILED */ + } + BIO_write(bio, buf + seqhdrlen, len - seqhdrlen + mdlen); + (void)BIO_flush(bio); + + if (!PKCS7_dataFinal(p7, bio)) { + printf("PKCS7_dataFinal failed\n"); + return 0; /* FAILED */ + } + BIO_free_all(bio); + + td7 = PKCS7_new(); + td7->type = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); + td7->d.other = ASN1_TYPE_new(); + td7->d.other->type = V_ASN1_SEQUENCE; + td7->d.other->value.sequence = ASN1_STRING_new(); + ASN1_STRING_set(td7->d.other->value.sequence, buf, len+mdlen); + if (!PKCS7_set_content(p7, td7)) { + PKCS7_free(td7); + printf("PKCS7_set_content failed\n"); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + +/* +Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: t +End: + + vim: set ts=4 noexpandtab: +*/ diff --git a/helpers.h b/helpers.h new file mode 100644 index 0000000..34df226 --- /dev/null +++ b/helpers.h @@ -0,0 +1,35 @@ +/* + * osslsigncode support library + * + * Copyright (C) 2021-2023 Michał Trojnara + * Author: Małgorzata Olszówka + */ + +/* Common functions */ +uint32_t get_file_size(const char *infile); +char *map_file(const char *infile, const size_t size); +void unmap_file(char *indata, const size_t size); +PKCS7 *pkcs7_get_sigfile(FILE_FORMAT_CTX *ctx); +PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx); +void add_content_type(PKCS7 *p7); +int add_indirect_data_object(PKCS7 *p7, BIO *hash, FILE_FORMAT_CTX *ctx); +int add_ms_ctl_object(PKCS7 *p7, PKCS7 *cursig); +int cursig_set_nested(PKCS7 *cursig, PKCS7 *p7, FILE_FORMAT_CTX *ctx); +int asn1_simple_hdr_len(const u_char *p, int len); +int bio_hash_data(BIO *hash, char *indata, size_t idx, size_t fileend); +void print_hash(const char *descript1, const char *descript2, const u_char *hashbuf, int length); +int is_content_type(PKCS7 *p7, const char *objid); +int pkcs7_set_data_content(PKCS7 *sig, BIO *hash, FILE_FORMAT_CTX *ctx); +SpcLink *spc_link_obsolete_get(void); +PKCS7 *pkcs7_get(char *indata, uint32_t sigpos, uint32_t siglen); +int compare_digests(u_char *mdbuf, u_char *cmdbuf, int mdtype); + +/* +Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: t +End: + + vim: set ts=4 noexpandtab: +*/ diff --git a/msi.c b/msi.c index ed0ab71..7c7cee1 100644 --- a/msi.c +++ b/msi.c @@ -1,7 +1,7 @@ /* * MSI file support library * - * Copyright (C) 2021 Michał Trojnara + * Copyright (C) 2021-2023 Michał Trojnara * Author: Małgorzata Olszówka * * Reference specifications: @@ -10,19 +10,804 @@ * https://github.com/microsoft/compoundfilereader */ -#include /* memcmp */ -#include "msi.h" #include "osslsigncode.h" +#include "helpers.h" -#define MIN(a,b) ((a) < (b) ? a : b) +#define MAXREGSECT 0xfffffffa /* maximum regular sector number */ +#define DIFSECT 0xfffffffc /* specifies a DIFAT sector in the FAT */ +#define FATSECT 0xfffffffd /* specifies a FAT sector in the FAT */ +#define ENDOFCHAIN 0xfffffffe /* end of a linked chain of sectors */ +#define NOSTREAM 0xffffffff /* terminator or empty pointer */ +#define FREESECT 0xffffffff /* empty unallocated free sectors */ +#define DIR_UNKNOWN 0 +#define DIR_STORAGE 1 +#define DIR_STREAM 2 +#define DIR_ROOT 5 + +#define RED_COLOR 0 +#define BLACK_COLOR 1 + +#define DIFAT_IN_HEADER 109 +#define MINI_STREAM_CUTOFF_SIZE 0x00001000 /* 4096 bytes */ +#define HEADER_SIZE 0x200 /* 512 bytes, independent of sector size */ +#define MAX_SECTOR_SIZE 0x1000 /* 4096 bytes */ + +#define HEADER_SIGNATURE 0x00 /* 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 */ +#define HEADER_CLSID 0x08 /* reserved and unused */ +#define HEADER_MINOR_VER 0x18 /* SHOULD be set to 0x003E */ +#define HEADER_MAJOR_VER 0x1a /* MUST be set to either 0x0003 (version 3) or 0x0004 (version 4) */ +#define HEADER_BYTE_ORDER 0x1c /* 0xfe 0xff == Intel Little Endian */ +#define HEADER_SECTOR_SHIFT 0x1e /* MUST be set to 0x0009, or 0x000c */ +#define HEADER_MINI_SECTOR_SHIFT 0x20 /* MUST be set to 0x0006 */ +#define RESERVED 0x22 /* reserved and unused */ +#define HEADER_DIR_SECTORS_NUM 0x28 +#define HEADER_FAT_SECTORS_NUM 0x2c +#define HEADER_DIR_SECTOR_LOC 0x30 +#define HEADER_TRANSACTION 0x34 +#define HEADER_MINI_STREAM_CUTOFF 0x38 /* 4096 bytes */ +#define HEADER_MINI_FAT_SECTOR_LOC 0x3c +#define HEADER_MINI_FAT_SECTORS_NUM 0x40 +#define HEADER_DIFAT_SECTOR_LOC 0x44 +#define HEADER_DIFAT_SECTORS_NUM 0x48 +#define HEADER_DIFAT 0x4c + +#define DIRENT_SIZE 0x80 /* 128 bytes */ +#define DIRENT_MAX_NAME_SIZE 0x40 /* 64 bytes */ + +#define DIRENT_NAME 0x00 +#define DIRENT_NAME_LEN 0x40 /* length in bytes incl 0 terminator */ +#define DIRENT_TYPE 0x42 +#define DIRENT_COLOUR 0x43 +#define DIRENT_LEFT_SIBLING_ID 0x44 +#define DIRENT_RIGHT_SIBLING_ID 0x48 +#define DIRENT_CHILD_ID 0x4c +#define DIRENT_CLSID 0x50 +#define DIRENT_STATE_BITS 0x60 +#define DIRENT_CREATE_TIME 0x64 +#define DIRENT_MODIFY_TIME 0x6c +#define DIRENT_START_SECTOR_LOC 0x74 +#define DIRENT_FILE_SIZE 0x78 + +static const u_char msi_magic[] = { + 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 +}; + +static const u_char digital_signature[] = { + 0x05, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00, + 0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, + 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, + 0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, + 0x65, 0x00, 0x00, 0x00 +}; + +static const u_char digital_signature_ex[] = { + 0x05, 0x00, 0x4D, 0x00, 0x73, 0x00, 0x69, 0x00, + 0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00, + 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00, + 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00, + 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, + 0x45, 0x00, 0x78, 0x00, 0x00, 0x00 +}; + +static const u_char msi_root_entry[] = { + 0x52, 0x00, 0x6F, 0x00, 0x6F, 0x00, 0x74, 0x00, + 0x20, 0x00, 0x45, 0x00, 0x6E, 0x00, 0x74, 0x00, + 0x72, 0x00, 0x79, 0x00, 0x00, 0x00 +}; + +static const u_char msi_zeroes[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +typedef struct { + ASN1_INTEGER *a; + ASN1_OCTET_STRING *string; + ASN1_INTEGER *b; + ASN1_INTEGER *c; + ASN1_INTEGER *d; + ASN1_INTEGER *e; + ASN1_INTEGER *f; +} SpcSipInfo; + +DECLARE_ASN1_FUNCTIONS(SpcSipInfo) + +ASN1_SEQUENCE(SpcSipInfo) = { + ASN1_SIMPLE(SpcSipInfo, a, ASN1_INTEGER), + ASN1_SIMPLE(SpcSipInfo, string, ASN1_OCTET_STRING), + ASN1_SIMPLE(SpcSipInfo, b, ASN1_INTEGER), + ASN1_SIMPLE(SpcSipInfo, c, ASN1_INTEGER), + ASN1_SIMPLE(SpcSipInfo, d, ASN1_INTEGER), + ASN1_SIMPLE(SpcSipInfo, e, ASN1_INTEGER), + ASN1_SIMPLE(SpcSipInfo, f, ASN1_INTEGER), +} ASN1_SEQUENCE_END(SpcSipInfo) + +IMPLEMENT_ASN1_FUNCTIONS(SpcSipInfo) + +typedef struct { + u_char signature[8]; /* 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 */ + u_char unused_clsid[16]; /* reserved and unused */ + uint16_t minorVersion; + uint16_t majorVersion; + uint16_t byteOrder; + uint16_t sectorShift; /* power of 2 */ + uint16_t miniSectorShift; /* power of 2 */ + u_char reserved[6]; /* reserved and unused */ + uint32_t numDirectorySector; + uint32_t numFATSector; + uint32_t firstDirectorySectorLocation; + uint32_t transactionSignatureNumber; /* reserved */ + uint32_t miniStreamCutoffSize; + uint32_t firstMiniFATSectorLocation; + uint32_t numMiniFATSector; + uint32_t firstDIFATSectorLocation; + uint32_t numDIFATSector; + uint32_t headerDIFAT[DIFAT_IN_HEADER]; +} MSI_FILE_HDR; + +typedef struct { + u_char name[DIRENT_MAX_NAME_SIZE]; + uint16_t nameLen; + uint8_t type; + uint8_t colorFlag; + uint32_t leftSiblingID; + uint32_t rightSiblingID; + uint32_t childID; + u_char clsid[16]; + u_char stateBits[4]; + u_char creationTime[8]; + u_char modifiedTime[8]; + uint32_t startSectorLocation; + u_char size[8]; +} MSI_ENTRY; + +typedef struct msi_dirent_struct { + u_char name[DIRENT_MAX_NAME_SIZE]; + uint16_t nameLen; + uint8_t type; + MSI_ENTRY *entry; + STACK_OF(MSI_DIRENT) *children; + struct msi_dirent_struct *next; /* for cycle detection */ +} MSI_DIRENT; + +DEFINE_STACK_OF(MSI_DIRENT) + +typedef struct { + const u_char *m_buffer; + uint32_t m_bufferLen; + MSI_FILE_HDR *m_hdr; + uint32_t m_sectorSize; + uint32_t m_minisectorSize; + uint32_t m_miniStreamStartSector; +} MSI_FILE; + +typedef struct { + char *header; + char *ministream; + char *minifat; + char *fat; + uint32_t dirtreeLen; + uint32_t miniStreamLen; + uint32_t minifatLen; + uint32_t fatLen; + uint32_t ministreamsMemallocCount; + uint32_t minifatMemallocCount; + uint32_t fatMemallocCount; + uint32_t dirtreeSectorsCount; + uint32_t minifatSectorsCount; + uint32_t fatSectorsCount; + uint32_t miniSectorNum; + uint32_t sectorNum; + uint32_t sectorSize; +} MSI_OUT; + +struct msi_ctx_st { + MSI_FILE *msi; + MSI_DIRENT *dirent; + u_char *p_msiex; /* MsiDigitalSignatureEx stream data */ + uint32_t len_msiex; /* MsiDigitalSignatureEx stream data length */ + uint32_t fileend; +}; + +/* FILE_FORMAT method prototypes */ +static FILE_FORMAT_CTX *msi_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); +static ASN1_OBJECT *msi_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); +static int msi_check_file(FILE_FORMAT_CTX *ctx, int detached); +static u_char *msi_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); +static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); +static PKCS7 *msi_pkcs7_extract(FILE_FORMAT_CTX *ctx); +static int msi_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static PKCS7 *msi_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static int msi_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); +static BIO *msi_bio_free(BIO *hash, BIO *outdata); +static void msi_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); + +FILE_FORMAT file_format_msi = { + .ctx_new = msi_ctx_new, + .data_blob_get = msi_spc_sip_info_get, + .check_file = msi_check_file, + .digest_calc = msi_digest_calc, + .verify_digests = msi_verify_digests, + .pkcs7_extract = msi_pkcs7_extract, + .remove_pkcs7 = msi_remove_pkcs7, + .pkcs7_prepare = msi_pkcs7_prepare, + .append_pkcs7 = msi_append_pkcs7, + .bio_free = msi_bio_free, + .ctx_cleanup = msi_ctx_cleanup +}; + +/* Prototypes */ +static MSI_CTX *msi_ctx_get(char *indata, uint32_t filesize); +static PKCS7 *msi_pkcs7_get_digital_signature(FILE_FORMAT_CTX *ctx, MSI_ENTRY *ds, + char **p, uint32_t len); static int recurse_entry(MSI_FILE *msi, uint32_t entryID, MSI_DIRENT *parent); +static int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, + u_char *p_msiex, uint32_t len_msiex, BIO *outdata); +static MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse); +static int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len); +static int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen); +static int msi_calc_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, BIO *hash); +static int msi_check_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, MSI_ENTRY *dse); +static int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root); +static MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi); +static void msi_file_free(MSI_FILE *msi); +static MSI_FILE *msi_file_new(char *buffer, uint32_t len); +static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret); +static void msi_dirent_free(MSI_DIRENT *dirent); +static int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root); + +/* + * FILE_FORMAT method definitions + */ + +/* + * Allocate and return a MSI file format context. + * [in, out] options: structure holds the input data + * [out] hash: message digest BIO + * [in] outdata: outdata file BIO (unused) + * [returns] pointer to MSI file format context + */ +static FILE_FORMAT_CTX *msi_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) +{ + FILE_FORMAT_CTX *ctx; + MSI_CTX *msi_ctx; + uint32_t filesize; + + /* squash the unused parameter warning */ + (void)outdata; + + filesize = get_file_size(options->infile); + if (filesize == 0) + return NULL; /* FAILED */ + + options->indata = map_file(options->infile, filesize); + if (!options->indata) { + return NULL; /* FAILED */ + } + if (memcmp(options->indata, msi_magic, sizeof msi_magic)) { + unmap_file(options->infile, filesize); + return NULL; /* FAILED */ + } + msi_ctx = msi_ctx_get(options->indata, filesize); + if (!msi_ctx) { + unmap_file(options->infile, filesize); + return NULL; /* FAILED */ + } + ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); + ctx->format = &file_format_msi; + ctx->options = options; + ctx->msi_ctx = msi_ctx; + + if (hash) + BIO_push(hash, BIO_new(BIO_s_null())); + + if (options->pagehash == 1) + printf("Warning: -ph option is only valid for PE files\n"); + if (options->jp >= 0) + printf("Warning: -jp option is only valid for CAB files\n"); + return ctx; +} + +/* + * Allocate and return SpcSipInfo object. + * [out] p: SpcSipInfo data + * [out] plen: SpcSipInfo data length + * [in] ctx: structure holds input and output data (unused) + * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_SIPINFO_OBJID + */ +static ASN1_OBJECT *msi_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) +{ + const u_char msistr[] = { + 0xf1, 0x10, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 + }; + ASN1_OBJECT *dtype; + SpcSipInfo *si = SpcSipInfo_new(); + + /* squash the unused parameter warning */ + (void)ctx; + + ASN1_INTEGER_set(si->a, 1); + ASN1_INTEGER_set(si->b, 0); + ASN1_INTEGER_set(si->c, 0); + ASN1_INTEGER_set(si->d, 0); + ASN1_INTEGER_set(si->e, 0); + ASN1_INTEGER_set(si->f, 0); + ASN1_OCTET_STRING_set(si->string, msistr, sizeof msistr); + *plen = i2d_SpcSipInfo(si, NULL); + *p = OPENSSL_malloc((size_t)*plen); + i2d_SpcSipInfo(si, p); + *p -= *plen; + dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); + SpcSipInfo_free(si); + return dtype; /* OK */ +} + +/* + * Get DigitalSignature and MsiDigitalSignatureEx streams, + * check if the signature exists. + * [in, out] ctx: structure holds input and output data + * [in] detached: embedded/detached PKCS#7 signature switch (unused) + * [returns] 0 on error or 1 on successs + */ +static int msi_check_file(FILE_FORMAT_CTX *ctx, int detached) +{ + char *indata = NULL; + uint32_t inlen; + MSI_ENTRY *ds, *dse = NULL; + + /* squash the unused parameter warning */ + (void)detached; + + if (!ctx) { + printf("Init error\n\n"); + return 0; /* FAILED */ + } + if (detached) { + printf("Checking the specified catalog file\n\n"); + return 1; /* OK */ + } + ds = msi_signatures_get(ctx->msi_ctx->dirent, &dse); + if (!ds) { + printf("MSI file has no signature\n\n"); + return 0; /* FAILED */ + } + inlen = GET_UINT32_LE(ds->size); + if (inlen == 0 || inlen >= MAXREGSECT) { + printf("Corrupted DigitalSignature stream length 0x%08X\n", inlen); + return 0; /* FAILED */ + } + indata = OPENSSL_malloc((size_t)inlen); + if (!msi_file_read(ctx->msi_ctx->msi, ds, 0, indata, inlen)) { + printf("DigitalSignature stream data error\n\n"); + return 0; /* FAILED */ + } + if (!dse) { + printf("Warning: MsiDigitalSignatureEx stream doesn't exist\n"); + } else { + ctx->msi_ctx->len_msiex = GET_UINT32_LE(dse->size); + if (ctx->msi_ctx->len_msiex == 0 || ctx->msi_ctx->len_msiex >= MAXREGSECT) { + printf("Corrupted MsiDigitalSignatureEx stream length 0x%08X\n", + ctx->msi_ctx->len_msiex); + OPENSSL_free(indata); + return 0; /* FAILED */ + } + ctx->msi_ctx->p_msiex = OPENSSL_malloc((size_t)ctx->msi_ctx->len_msiex); + if (!msi_file_read(ctx->msi_ctx->msi, dse, 0, (char *)ctx->msi_ctx->p_msiex, + ctx->msi_ctx->len_msiex)) { + printf("MsiDigitalSignatureEx stream data error\n\n"); + OPENSSL_free(indata); + return 0; /* FAILED */ + } + } + OPENSSL_free(indata); + return 1; /* OK */ +} + +/* + * Compute a simple sha1/sha256 message digest of the MSI file + * for use with a catalog file. + * [in] ctx: structure holds input and output data + * [in] md: message digest algorithm + * [returns] pointer to calculated message digest + */ +static u_char *msi_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) +{ + u_char *mdbuf = NULL; + BIO *bhash = BIO_new(BIO_f_md()); + + if (!BIO_set_md(bhash, md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(bhash); + return NULL; /* FAILED */ + } + BIO_push(bhash, BIO_new(BIO_s_null())); + if (!bio_hash_data(bhash, ctx->options->indata, 0, ctx->msi_ctx->fileend)) { + printf("Unable to calculate digest\n"); + BIO_free_all(bhash); + return NULL; /* FAILED */ + } + mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); + BIO_gets(bhash, (char *)mdbuf, EVP_MD_size(md)); + BIO_free_all(bhash); + return mdbuf; /* OK */ +} + +/* + * Calculate DigitalSignature and MsiDigitalSignatureEx and compare to values + * retrieved from PKCS#7 signedData. + * [in] ctx: structure holds input and output data + * [in] p7: PKCS#7 signature + * [returns] 0 on error or 1 on success + */ +static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) +{ + int mdok, mdlen, mdtype = -1; + u_char mdbuf[EVP_MAX_MD_SIZE]; + u_char cmdbuf[EVP_MAX_MD_SIZE]; + u_char cexmdbuf[EVP_MAX_MD_SIZE]; + u_char *cdigest = NULL; + const EVP_MD *md; + BIO *hash; + + if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { + ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; + const u_char *p = content_val->data; + SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); + if (idc) { + if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { + mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); + memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); + } + SpcIndirectDataContent_free(idc); + } + } + if (mdtype == -1) { + printf("Failed to extract current message digest\n\n"); + return 0; /* FAILED */ + } + printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); + md = EVP_get_digestbynid(mdtype); + hash = BIO_new(BIO_f_md()); + if (!BIO_set_md(hash, md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(hash); + return 0; /* FAILED */ + } + BIO_push(hash, BIO_new(BIO_s_null())); + if (ctx->msi_ctx->p_msiex) { + BIO *prehash = BIO_new(BIO_f_md()); + if (EVP_MD_size(md) != (int)ctx->msi_ctx->len_msiex) { + printf("Incorrect MsiDigitalSignatureEx stream data length\n\n"); + BIO_free_all(hash); + BIO_free_all(prehash); + return 0; /* FAILED */ + } + if (!BIO_set_md(prehash, md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(hash); + BIO_free_all(prehash); + return 0; /* FAILED */ + } + BIO_push(prehash, BIO_new(BIO_s_null())); + + print_hash("Current MsiDigitalSignatureEx ", "", (u_char *)ctx->msi_ctx->p_msiex, + (int)ctx->msi_ctx->len_msiex); + if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) { + printf("Failed to calculate pre-hash used for MsiDigitalSignatureEx\n\n"); + BIO_free_all(hash); + BIO_free_all(prehash); + return 0; /* FAILED */ + } + BIO_gets(prehash, (char*)cexmdbuf, EVP_MAX_MD_SIZE); + BIO_free_all(prehash); + BIO_write(hash, (char*)cexmdbuf, EVP_MD_size(md)); + print_hash("Calculated MsiDigitalSignatureEx ", "", cexmdbuf, EVP_MD_size(md)); + } + + if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { + printf("Failed to calculate DigitalSignature\n\n"); + BIO_free_all(hash); + return 0; /* FAILED */ + } + print_hash("Current DigitalSignature ", "", mdbuf, EVP_MD_size(md)); + BIO_gets(hash, (char*)cmdbuf, EVP_MAX_MD_SIZE); + BIO_free_all(hash); + mdok = !memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md)); + print_hash("Calculated DigitalSignature ", mdok ? "" : " MISMATCH!!!\n", + cmdbuf, EVP_MD_size(md)); + if (!mdok) { + printf("Signature verification: failed\n\n"); + return 0; /* FAILED */ + } + cdigest = msi_digest_calc(ctx, md); + if (!cdigest) { + printf("Failed to calculate simple message digest\n\n"); + return 0; /* FAILED */ + } + mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); + print_hash("Calculated message digest ", "\n", cdigest, mdlen); + OPENSSL_free(cdigest); + return 1; /* OK */ +} + +/* + * Extract existing signature in DER format. + * [in] ctx: structure holds input and output data + * [returns] pointer to PKCS#7 structure + */ +static PKCS7 *msi_pkcs7_extract(FILE_FORMAT_CTX *ctx) +{ + PKCS7 *p7; + uint32_t len; + char *p; + + MSI_ENTRY *ds = msi_signatures_get(ctx->msi_ctx->dirent, NULL); + if (!ds) { + return NULL; /* FAILED */ + } + len = GET_UINT32_LE(ds->size); + if (len == 0 || len >= MAXREGSECT) { + printf("Corrupted DigitalSignature stream length 0x%08X\n", len); + return NULL; /* FAILED */ + } + p = OPENSSL_malloc((size_t)len); + p7 = msi_pkcs7_get_digital_signature(ctx, ds, &p, len); + OPENSSL_free(p); + return p7; +} + +/* + * Remove existing signature. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO (unused) + * [out] outdata: outdata file BIO + * [returns] 1 on error or 0 on success + */ +static int msi_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + /* squash the unused parameter warning */ + (void)hash; + + if (!msi_dirent_delete(ctx->msi_ctx->dirent, digital_signature_ex, + sizeof digital_signature_ex)) { + return 1; /* FAILED */ + } + if (!msi_dirent_delete(ctx->msi_ctx->dirent, digital_signature, + sizeof digital_signature)) { + return 1; /* FAILED */ + } + if (!msi_file_write(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, + NULL, 0, NULL, 0, outdata)) { + printf("Saving the msi file failed\n"); + return 1; /* FAILED */ + } + return 0; /* OK */ +} + +/* + * Obtain an existing signature or create a new one. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO (unused) + * [returns] pointer to PKCS#7 structure + */ +static PKCS7 *msi_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + PKCS7 *cursig = NULL, *p7 = NULL; + uint32_t len; + char *p; + + /* squash the unused parameter warning */ + (void)outdata; + + if (ctx->options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ctx, hash)) { + printf("Unable to calc MsiDigitalSignatureEx\n"); + return NULL; /* FAILED */ + } + if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { + printf("Unable to msi_handle_dir()\n"); + return NULL; /* FAILED */ + } + /* Obtain a current signature from previously-signed file */ + if ((ctx->options->cmd == CMD_SIGN && ctx->options->nest) + || (ctx->options->cmd == CMD_ATTACH && ctx->options->nest) + || ctx->options->cmd == CMD_ADD) { + MSI_ENTRY *dse = NULL; + MSI_ENTRY *ds = msi_signatures_get(ctx->msi_ctx->dirent, &dse); + if (!ds) { + printf("MSI file has no signature\n\n"); + return NULL; /* FAILED */ + } + if (!msi_check_MsiDigitalSignatureEx(ctx, dse)) { + return NULL; /* FAILED */ + } + len = GET_UINT32_LE(ds->size); + if (len == 0 || len >= MAXREGSECT) { + printf("Corrupted DigitalSignature stream length 0x%08X\n", len); + return NULL; /* FAILED */ + } + p = OPENSSL_malloc((size_t)len); + /* get current signature */ + cursig = msi_pkcs7_get_digital_signature(ctx, ds, &p, len); + OPENSSL_free(p); + if (!cursig) { + printf("Unable to extract existing signature\n"); + return NULL; /* FAILED */ + } + if (ctx->options->cmd == CMD_ADD) + p7 = cursig; + } + if (ctx->options->cmd == CMD_ATTACH) { + /* Obtain an existing PKCS#7 signature */ + p7 = pkcs7_get_sigfile(ctx); + if (!p7) { + printf("Unable to extract valid signature\n"); + PKCS7_free(cursig); + return NULL; /* FAILED */ + } + } else if (ctx->options->cmd == CMD_SIGN) { + /* Create a new PKCS#7 signature */ + p7 = pkcs7_create(ctx); + if (!p7) { + printf("Creating a new signature failed\n"); + return NULL; /* FAILED */ + } + if (!add_indirect_data_object(p7, hash, ctx)) { + printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); + PKCS7_free(p7); + return NULL; /* FAILED */ + } + } + if (ctx->options->nest) { + if (!cursig_set_nested(cursig, p7, ctx)) { + printf("Unable to append the nested signature to the current signature\n"); + PKCS7_free(p7); + PKCS7_free(cursig); + return NULL; /* FAILED */ + } + PKCS7_free(p7); + return cursig; + } + return p7; +} + +/* + * Append signature to the outfile. + * [in, out] ctx: structure holds input and output data + * [out] outdata: outdata file BIO + * [in] p7: PKCS#7 signature + * [returns] 1 on error or 0 on success + */ +static int msi_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) +{ + u_char *p = NULL; + int len; /* signature length */ + + if (((len = i2d_PKCS7(p7, NULL)) <= 0) + || (p = OPENSSL_malloc((size_t)len)) == NULL) { + printf("i2d_PKCS memory allocation failed: %d\n", len); + return 1; /* FAILED */ + } + i2d_PKCS7(p7, &p); + p -= len; + + if (!msi_file_write(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, p, (uint32_t)len, + ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex, outdata)) { + printf("Saving the msi file failed\n"); + OPENSSL_free(p); + return 1; /* FAILED */ + } + OPENSSL_free(p); + return 0; /* OK */ +} + +/* + * Free up an entire outdata BIO chain. + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO + * [returns] none + */ +static BIO *msi_bio_free(BIO *hash, BIO *outdata) +{ + BIO_free_all(hash); + BIO_free_all(outdata); + return NULL; +} + +/* + * Deallocate a FILE_FORMAT_CTX structure and MSI format specific structures, + * unmap indata file, unlink outfile. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO + * [returns] none + */ +static void msi_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + if (outdata) { + BIO_free_all(hash); + BIO_free_all(outdata); + if (ctx->options->outfile) { +#ifdef WIN32 + _unlink(ctx->options->outfile); +#else + unlink(ctx->options->outfile); +#endif /* WIN32 */ + } + } + unmap_file(ctx->options->indata, ctx->msi_ctx->fileend); + msi_file_free(ctx->msi_ctx->msi); + msi_dirent_free(ctx->msi_ctx->dirent); + OPENSSL_free(ctx->msi_ctx->p_msiex); + OPENSSL_free(ctx->msi_ctx); + OPENSSL_free(ctx); +} + +/* + * MSI helper functions + */ + +/* + * Verify mapped MSI file and create MSI format specific structure. + * [in] indata: mapped MSI file + * [in] filesize: size of MSI file + * [returns] pointer to MSI format specific structure + */ +static MSI_CTX *msi_ctx_get(char *indata, uint32_t filesize) +{ + MSI_ENTRY *root; + MSI_FILE *msi; + MSI_DIRENT *dirent; + MSI_CTX *msi_ctx; + + msi = msi_file_new(indata, filesize); + if (!msi) { + printf("Failed to parse MSI_FILE struct\n"); + return NULL; /* FAILED */ + } + root = msi_root_entry_get(msi); + if (!root) { + printf("Failed to get file entry\n"); + msi_file_free(msi); + return NULL; /* FAILED */ + } + if (!msi_dirent_new(msi, root, NULL, &(dirent))) { + printf("Failed to parse MSI_DIRENT struct\n"); + msi_file_free(msi); + return NULL; /* FAILED */ + } + msi_ctx = OPENSSL_zalloc(sizeof(MSI_CTX)); + msi_ctx->msi = msi; + msi_ctx->dirent = dirent; + msi_ctx->fileend = filesize; + return msi_ctx; /* OK */ +} + +static PKCS7 *msi_pkcs7_get_digital_signature(FILE_FORMAT_CTX *ctx, MSI_ENTRY *ds, + char **p, uint32_t len) +{ + PKCS7 *p7 = NULL; + const u_char *blob; + + if (!msi_file_read(ctx->msi_ctx->msi, ds, 0, *p, len)) { + printf("DigitalSignature stream data error\n"); + return NULL; + } + blob = (u_char *)*p; + p7 = d2i_PKCS7(NULL, &blob, len); + if (!p7) { + printf("Failed to extract PKCS7 data\n"); + return NULL; + } + return p7; +} /* Get absolute address from sector and offset */ static const u_char *sector_offset_to_address(MSI_FILE *msi, uint32_t sector, uint32_t offset) { if (sector >= MAXREGSECT || offset >= msi->m_sectorSize - || (msi->m_bufferLen - offset) / msi->m_sectorSize <= sector) { + || (msi->m_bufferLen - offset) / msi->m_sectorSize <= sector) { printf("Corrupted file\n"); return NULL; /* FAILED */ } @@ -230,7 +1015,7 @@ static int read_mini_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, cha * Get file (stream) data start with "offset". * The buffer must have enough space to store "len" bytes. Typically "len" is derived by the steam length. */ -int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len) +static int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len) { if (len < msi->m_hdr->miniStreamCutoffSize) { if (!read_mini_stream(msi, entry->startSectorLocation, offset, buffer, len)) @@ -337,7 +1122,7 @@ static MSI_ENTRY *parse_entry(MSI_FILE *msi, const u_char *data, int is_root) /* The root directory entry's Name field MUST contain the null-terminated * string "Root Entry" in Unicode UTF-16. */ if (is_root && (entry->nameLen != sizeof msi_root_entry - || memcmp(entry->name, msi_root_entry, entry->nameLen))) { + || memcmp(entry->name, msi_root_entry, entry->nameLen))) { printf("Corrupted Root Directory Entry's Name\n"); OPENSSL_free(entry); return NULL; /* FAILED */ @@ -364,7 +1149,7 @@ static MSI_ENTRY *parse_entry(MSI_FILE *msi, const u_char *data, int is_root) MUST be less than or equal to 0x80000000 */ inlen = GET_UINT32_LE(entry->size); if ((msi->m_sectorSize == 0x0200 && inlen > 0x80000000) - || (msi->m_bufferLen <= inlen)) { + || (msi->m_bufferLen <= inlen)) { printf("Corrupted Stream Size 0x%08X\n", inlen); OPENSSL_free(entry); return NULL; /* FAILED */ @@ -411,13 +1196,21 @@ static MSI_ENTRY *get_entry(MSI_FILE *msi, uint32_t entryID, int is_root) return parse_entry(msi, address, is_root); } -MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi) +static MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi) { return get_entry(msi, 0, TRUE); } +static void msi_file_free(MSI_FILE *msi) +{ + if (!msi) + return; + OPENSSL_free(msi->m_hdr); + OPENSSL_free(msi); +} + /* Parse MSI_FILE struct */ -MSI_FILE *msi_file_new(char *buffer, uint32_t len) +static MSI_FILE *msi_file_new(char *buffer, uint32_t len) { MSI_FILE *msi; MSI_ENTRY *root; @@ -465,7 +1258,7 @@ MSI_FILE *msi_file_new(char *buffer, uint32_t len) } /* Recursively create a tree of MSI_DIRENT structures */ -int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret) +static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret) { MSI_DIRENT *dirent; static int cnt; @@ -481,8 +1274,8 @@ int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRE /* detect cycles in previously visited entries (parents, siblings) */ if (!ret) { /* initialized (non-root entry) */ if ((entry->leftSiblingID != NOSTREAM && tortoise->entry->leftSiblingID == entry->leftSiblingID) - || (entry->rightSiblingID != NOSTREAM && tortoise->entry->rightSiblingID == entry->rightSiblingID) - || (entry->childID != NOSTREAM && tortoise->entry->childID == entry->childID)) { + || (entry->rightSiblingID != NOSTREAM && tortoise->entry->rightSiblingID == entry->rightSiblingID) + || (entry->childID != NOSTREAM && tortoise->entry->childID == entry->childID)) { printf("MSI_ENTRY cycle detected at level %d\n", cnt); OPENSSL_free(entry); return 0; /* FAILED */ @@ -518,8 +1311,8 @@ int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRE *ret = dirent; if (!recurse_entry(msi, entry->leftSiblingID, parent) - || !recurse_entry(msi, entry->rightSiblingID, parent) - || !recurse_entry(msi, entry->childID, dirent)) { + || !recurse_entry(msi, entry->rightSiblingID, parent) + || !recurse_entry(msi, entry->childID, dirent)) { printf("Failed to add a sibling or a child to the tree\n"); return 0; /* FAILED */ } @@ -551,7 +1344,7 @@ static int recurse_entry(MSI_FILE *msi, uint32_t entryID, MSI_DIRENT *parent) } /* Return DigitalSignature and MsiDigitalSignatureEx */ -MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse) +static MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse) { int i; MSI_ENTRY *ds = NULL; @@ -569,16 +1362,8 @@ MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse) return ds; } -void msi_file_free(MSI_FILE *msi) -{ - if (!msi) - return; - OPENSSL_free(msi->m_hdr); - OPENSSL_free(msi); -} - /* Recursively free MSI_DIRENT struct */ -void msi_dirent_free(MSI_DIRENT *dirent) +static void msi_dirent_free(MSI_DIRENT *dirent) { if (!dirent) return; @@ -650,7 +1435,7 @@ static void prehash_metadata(MSI_ENTRY *entry, BIO *hash) } /* Recursively hash a MSI directory's extended metadata */ -int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root) +static int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root) { int i, ret = 0; STACK_OF(MSI_DIRENT) *children; @@ -665,7 +1450,7 @@ int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root) for (i = 0; i < sk_MSI_DIRENT_num(children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(children, i); if (is_root && (!memcmp(child->name, digital_signature, MIN(child->nameLen, sizeof digital_signature)) - || !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex)))) { + || !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex)))) { continue; } if (child->type == DIR_STREAM) { @@ -684,7 +1469,7 @@ out: } /* Recursively hash a MSI directory (storage) */ -int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root) +static int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root) { int i, ret = 0; STACK_OF(MSI_DIRENT) *children; @@ -699,7 +1484,7 @@ int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root) for (i = 0; i < sk_MSI_DIRENT_num(children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(children, i); if (is_root && (!memcmp(child->name, digital_signature, MIN(child->nameLen, sizeof digital_signature)) - || !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex)))) { + || !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex)))) { /* Skip DigitalSignature and MsiDigitalSignatureEx streams */ continue; } @@ -733,27 +1518,6 @@ out: return ret; } -/* Compute a simple sha1/sha256 message digest of the MSI file */ -int msi_calc_digest(char *indata, int mdtype, u_char *mdbuf, FILE_HEADER *header) -{ - const EVP_MD *md = EVP_get_digestbynid(mdtype); - BIO *bhash = BIO_new(BIO_f_md()); - - if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(bhash); - return 0; /* FAILED */ - } - BIO_push(bhash, BIO_new(BIO_s_null())); - if (!bio_hash_data(indata, bhash, 0, 0, header->fileend)) { - printf("Unable to calculate digest\n"); - BIO_free_all(bhash); - return 0; /* FAILED */ - } - BIO_gets(bhash, (char *)mdbuf, EVP_MD_size(md)); - return 1; /* OK */ -} - static void ministream_append(MSI_OUT *out, char *buf, uint32_t len) { uint32_t needSectors = (len + out->sectorSize - 1) / out->sectorSize; @@ -785,7 +1549,7 @@ static void fat_append(MSI_OUT *out, char *buf, uint32_t len) out->fatLen += len; } -int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen) +static int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen) { int i; @@ -1328,7 +2092,7 @@ static int msiout_set(MSI_FILE *msi, uint32_t len_msi, uint32_t len_msiex, MSI_O return 1; /* OK */ } -int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, +static int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, BIO *outdata) { MSI_OUT out; @@ -1358,6 +2122,102 @@ out: return ret; } +/* + * MsiDigitalSignatureEx is an enhanced signature type that + * can be used when signing MSI files. In addition to + * file content, it also hashes some file metadata, specifically + * file names, file sizes, creation times and modification times. + * + * The file content hashing part stays the same, so the + * msi_handle_dir() function can be used across both variants. + * + * When an MsiDigitalSigntaureEx section is present in an MSI file, + * the meaning of the DigitalSignature section changes: Instead + * of being merely a file content hash (as what is output by the + * msi_handle_dir() function), it is now hashes both content + * and metadata. + * + * Here is how it works: + * + * First, a "pre-hash" is calculated. This is the "metadata" hash. + * It iterates over the files in the MSI in the same order as the + * file content hashing method would - but it only processes the + * metadata. + * + * Once the pre-hash is calculated, a new hash is created for + * calculating the hash of the file content. The output of the + * pre-hash is added as the first element of the file content hash. + * + * After the pre-hash is written, what follows is the "regular" + * stream of data that would normally be written when performing + * file content hashing. + * + * The output of this hash, which combines both metadata and file + * content, is what will be output in signed form to the + * DigitalSignature section when in 'MsiDigitalSignatureEx' mode. + * + * As mentioned previously, this new mode of operation is signalled + * by the presence of a 'MsiDigitalSignatureEx' section in the MSI + * file. This section must come after the 'DigitalSignature' + * section, and its content must be the output of the pre-hash + * ("metadata") hash. + */ + +static int msi_calc_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, BIO *hash) +{ + size_t written; + BIO *prehash = BIO_new(BIO_f_md()); + + if (!BIO_set_md(prehash, ctx->options->md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(prehash); + return 0; /* FAILED */ + } + BIO_push(prehash, BIO_new(BIO_s_null())); + + if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) { + printf("Unable to calculate MSI pre-hash ('metadata') hash\n"); + return 0; /* FAILED */ + } + ctx->msi_ctx->p_msiex = OPENSSL_malloc(EVP_MAX_MD_SIZE); + ctx->msi_ctx->len_msiex = (uint32_t)BIO_gets(prehash, + (char *)ctx->msi_ctx->p_msiex, EVP_MAX_MD_SIZE); + if (!BIO_write_ex(hash, ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex, &written) + || written != ctx->msi_ctx->len_msiex) + return 0; /* FAILED */ + BIO_free_all(prehash); + return 1; /* OK */ +} + +/* + * Perform a sanity check for the MsiDigitalSignatureEx section. + * If the file we're attempting to sign has an MsiDigitalSignatureEx + * section, we can't add a nested signature of a different MD type + * without breaking the initial signature. + */ +static int msi_check_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, MSI_ENTRY *dse) +{ + if (dse && GET_UINT32_LE(dse->size) != (uint32_t)EVP_MD_size(ctx->options->md)) { + printf("Unable to add nested signature with a different MD type (-h parameter) " + "than what exists in the MSI file already.\nThis is due to the presence of " + "MsiDigitalSignatureEx (-add-msi-dse parameter).\n\n"); + return 0; /* FAILED */ + } + if (!dse && ctx->options->add_msi_dse) { + printf("Unable to add signature with -add-msi-dse parameter " + "without breaking the initial signature.\n\n"); + return 0; /* FAILED */ + } + if (dse && !ctx->options->add_msi_dse) { + printf("Unable to add signature without -add-msi-dse parameter " + "without breaking the initial signature.\nThis is due to the presence of " + "MsiDigitalSignatureEx (-add-msi-dse parameter).\n" + "Should use -add-msi-dse options in this case.\n\n"); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + /* Local Variables: c-basic-offset: 4 diff --git a/msi.h b/msi.h deleted file mode 100644 index 7abe058..0000000 --- a/msi.h +++ /dev/null @@ -1,288 +0,0 @@ -/* - * MSI file support library - * - * Copyright (C) 2021 Michał Trojnara - * Author: Małgorzata Olszówka - * - * Reference specifications: - * http://en.wikipedia.org/wiki/Compound_File_Binary_Format - * https://msdn.microsoft.com/en-us/library/dd942138.aspx - * https://github.com/microsoft/compoundfilereader - */ - -#include -#include -#include -#include -#include - -#define MAXREGSECT 0xfffffffa /* maximum regular sector number */ -#define DIFSECT 0xfffffffc /* specifies a DIFAT sector in the FAT */ -#define FATSECT 0xfffffffd /* specifies a FAT sector in the FAT */ -#define ENDOFCHAIN 0xfffffffe /* end of a linked chain of sectors */ -#define NOSTREAM 0xffffffff /* terminator or empty pointer */ -#define FREESECT 0xffffffff /* empty unallocated free sectors */ - -#define DIR_UNKNOWN 0 -#define DIR_STORAGE 1 -#define DIR_STREAM 2 -#define DIR_ROOT 5 - -#define RED_COLOR 0 -#define BLACK_COLOR 1 - -#define DIFAT_IN_HEADER 109 -#define MINI_STREAM_CUTOFF_SIZE 0x00001000 /* 4096 bytes */ -#define HEADER_SIZE 0x200 /* 512 bytes, independent of sector size */ -#define MAX_SECTOR_SIZE 0x1000 /* 4096 bytes */ - -#define HEADER_SIGNATURE 0x00 /* 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 */ -#define HEADER_CLSID 0x08 /* reserved and unused */ -#define HEADER_MINOR_VER 0x18 /* SHOULD be set to 0x003E */ -#define HEADER_MAJOR_VER 0x1a /* MUST be set to either 0x0003 (version 3) or 0x0004 (version 4) */ -#define HEADER_BYTE_ORDER 0x1c /* 0xfe 0xff == Intel Little Endian */ -#define HEADER_SECTOR_SHIFT 0x1e /* MUST be set to 0x0009, or 0x000c */ -#define HEADER_MINI_SECTOR_SHIFT 0x20 /* MUST be set to 0x0006 */ -#define RESERVED 0x22 /* reserved and unused */ -#define HEADER_DIR_SECTORS_NUM 0x28 -#define HEADER_FAT_SECTORS_NUM 0x2c -#define HEADER_DIR_SECTOR_LOC 0x30 -#define HEADER_TRANSACTION 0x34 -#define HEADER_MINI_STREAM_CUTOFF 0x38 /* 4096 bytes */ -#define HEADER_MINI_FAT_SECTOR_LOC 0x3c -#define HEADER_MINI_FAT_SECTORS_NUM 0x40 -#define HEADER_DIFAT_SECTOR_LOC 0x44 -#define HEADER_DIFAT_SECTORS_NUM 0x48 -#define HEADER_DIFAT 0x4c - -#define DIRENT_SIZE 0x80 /* 128 bytes */ -#define DIRENT_MAX_NAME_SIZE 0x40 /* 64 bytes */ - -#define DIRENT_NAME 0x00 -#define DIRENT_NAME_LEN 0x40 /* length in bytes incl 0 terminator */ -#define DIRENT_TYPE 0x42 -#define DIRENT_COLOUR 0x43 -#define DIRENT_LEFT_SIBLING_ID 0x44 -#define DIRENT_RIGHT_SIBLING_ID 0x48 -#define DIRENT_CHILD_ID 0x4c -#define DIRENT_CLSID 0x50 -#define DIRENT_STATE_BITS 0x60 -#define DIRENT_CREATE_TIME 0x64 -#define DIRENT_MODIFY_TIME 0x6c -#define DIRENT_START_SECTOR_LOC 0x74 -#define DIRENT_FILE_SIZE 0x78 - -#define GET_UINT8_LE(p) ((const u_char *)(p))[0] - -#define GET_UINT16_LE(p) (uint16_t)(((const u_char *)(p))[0] | \ - (((const u_char *)(p))[1] << 8)) - -#define GET_UINT32_LE(p) (uint32_t)(((const u_char *)(p))[0] | \ - (((const u_char *)(p))[1] << 8) | \ - (((const u_char *)(p))[2] << 16) | \ - (((const u_char *)(p))[3] << 24)) - -#define PUT_UINT8_LE(i, p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); - -#define PUT_UINT16_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \ - ((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff) - -#define PUT_UINT32_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \ - ((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff); \ - ((u_char *)(p))[2] = (u_char)(((i) >> 16) & 0xff); \ - ((u_char *)(p))[3] = (u_char)(((i) >> 24) & 0xff) - -#ifndef FALSE -#define FALSE 0 -#endif - -#ifndef TRUE -#define TRUE 1 -#endif - -#define SIZE_64K 65536 /* 2^16 */ -#define SIZE_16M 16777216 /* 2^24 */ - -/* - * Macro names: - * linux: __BYTE_ORDER == __LITTLE_ENDIAN | __BIG_ENDIAN - * BYTE_ORDER == LITTLE_ENDIAN | BIG_ENDIAN - * bsd: _BYTE_ORDER == _LITTLE_ENDIAN | _BIG_ENDIAN - * BYTE_ORDER == LITTLE_ENDIAN | BIG_ENDIAN - * solaris: _LITTLE_ENDIAN | _BIG_ENDIAN - */ - -#ifndef BYTE_ORDER -#define LITTLE_ENDIAN 1234 -#define BIG_ENDIAN 4321 -#define BYTE_ORDER LITTLE_ENDIAN -#endif /* BYTE_ORDER */ - -#if !defined(BYTE_ORDER) || !defined(LITTLE_ENDIAN) || !defined(BIG_ENDIAN) -#error "Cannot determine the endian-ness of this platform" -#endif - -#ifndef LOWORD -#define LOWORD(x) ((x) & 0xFFFF) -#endif /* LOWORD */ -#ifndef HIWORD -#define HIWORD(x) (((x) >> 16) & 0xFFFF) -#endif /* HIWORD */ - -#if BYTE_ORDER == BIG_ENDIAN -#define LE_UINT16(x) ((((x) >> 8) & 0x00FF) | \ - (((x) << 8) & 0xFF00)) -#define LE_UINT32(x) (((x) >> 24) | \ - (((x) & 0x00FF0000) >> 8) | \ - (((x) & 0x0000FF00) << 8) | \ - ((x) << 24)) -#else -#define LE_UINT16(x) (x) -#define LE_UINT32(x) (x) -#endif /* BYTE_ORDER == BIG_ENDIAN */ - -typedef unsigned char u_char; - -typedef struct { - uint32_t header_size; - uint32_t pe32plus; - uint16_t magic; - uint32_t pe_checksum; - uint32_t nrvas; - uint32_t sigpos; - uint32_t siglen; - uint32_t fileend; - uint16_t flags; -} FILE_HEADER; - -typedef struct { - u_char signature[8]; /* 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 */ - u_char unused_clsid[16]; /* reserved and unused */ - uint16_t minorVersion; - uint16_t majorVersion; - uint16_t byteOrder; - uint16_t sectorShift; /* power of 2 */ - uint16_t miniSectorShift; /* power of 2 */ - u_char reserved[6]; /* reserved and unused */ - uint32_t numDirectorySector; - uint32_t numFATSector; - uint32_t firstDirectorySectorLocation; - uint32_t transactionSignatureNumber; /* reserved */ - uint32_t miniStreamCutoffSize; - uint32_t firstMiniFATSectorLocation; - uint32_t numMiniFATSector; - uint32_t firstDIFATSectorLocation; - uint32_t numDIFATSector; - uint32_t headerDIFAT[DIFAT_IN_HEADER]; -} MSI_FILE_HDR; - -typedef struct { - u_char name[DIRENT_MAX_NAME_SIZE]; - uint16_t nameLen; - uint8_t type; - uint8_t colorFlag; - uint32_t leftSiblingID; - uint32_t rightSiblingID; - uint32_t childID; - u_char clsid[16]; - u_char stateBits[4]; - u_char creationTime[8]; - u_char modifiedTime[8]; - uint32_t startSectorLocation; - u_char size[8]; -} MSI_ENTRY; - -typedef struct msi_dirent_struct { - u_char name[DIRENT_MAX_NAME_SIZE]; - uint16_t nameLen; - uint8_t type; - MSI_ENTRY *entry; - STACK_OF(MSI_DIRENT) *children; - struct msi_dirent_struct *next; /* for cycle detection */ -} MSI_DIRENT; - -DEFINE_STACK_OF(MSI_DIRENT) - -typedef struct { - const u_char *m_buffer; - uint32_t m_bufferLen; - MSI_FILE_HDR *m_hdr; - uint32_t m_sectorSize; - uint32_t m_minisectorSize; - uint32_t m_miniStreamStartSector; -} MSI_FILE; - -typedef struct { - char *header; - char *ministream; - char *minifat; - char *fat; - uint32_t dirtreeLen; - uint32_t miniStreamLen; - uint32_t minifatLen; - uint32_t fatLen; - uint32_t ministreamsMemallocCount; - uint32_t minifatMemallocCount; - uint32_t fatMemallocCount; - uint32_t dirtreeSectorsCount; - uint32_t minifatSectorsCount; - uint32_t fatSectorsCount; - uint32_t miniSectorNum; - uint32_t sectorNum; - uint32_t sectorSize; -} MSI_OUT; - -static const u_char msi_magic[] = { - 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 -}; - -static const u_char digital_signature[] = { - 0x05, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00, - 0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, - 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, - 0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, - 0x65, 0x00, 0x00, 0x00 -}; - -static const u_char digital_signature_ex[] = { - 0x05, 0x00, 0x4D, 0x00, 0x73, 0x00, 0x69, 0x00, - 0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00, - 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00, - 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00, - 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, - 0x45, 0x00, 0x78, 0x00, 0x00, 0x00 -}; - -static const u_char msi_root_entry[] = { - 0x52, 0x00, 0x6F, 0x00, 0x6F, 0x00, 0x74, 0x00, - 0x20, 0x00, 0x45, 0x00, 0x6E, 0x00, 0x74, 0x00, - 0x72, 0x00, 0x79, 0x00, 0x00, 0x00 -}; - -static const u_char msi_zeroes[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - -int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len); -MSI_FILE *msi_file_new(char *buffer, uint32_t len); -void msi_file_free(MSI_FILE *msi); -MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi); -int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret); -MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse); -void msi_dirent_free(MSI_DIRENT *dirent); -int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root); -int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root); -int msi_calc_digest(char *indata, int mdtype, u_char *mdbuf, FILE_HEADER *header); -int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen); -int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p, uint32_t len, - u_char *p_msiex, uint32_t len_msiex, BIO *outdata); - -/* -Local Variables: - c-basic-offset: 4 - tab-width: 4 - indent-tabs-mode: t -End: - - vim: set ts=4 noexpandtab: -*/ diff --git a/osslsigncode.c b/osslsigncode.c index 40a0335..5327edc 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -2,7 +2,7 @@ OpenSSL based Authenticode signing for PE/MSI/Java CAB files. Copyright (C) 2005-2015 Per Allansson - Copyright (C) 2018-2021 Michał Trojnara + Copyright (C) 2018-2023 Michał Trojnara This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -58,600 +58,8 @@ */ -#define OPENSSL_API_COMPAT 0x10100000L -#define OPENSSL_NO_DEPRECATED - -#if defined(_MSC_VER) || defined(__MINGW32__) -#define HAVE_WINDOWS_H -#endif /* _MSC_VER || __MINGW32__ */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif /* HAVE_CONFIG_H */ - -#ifdef HAVE_WINDOWS_H -#define NOCRYPT -#define WIN32_LEAN_AND_MEAN -#include -#endif /* HAVE_WINDOWS_H */ - -#include -#include -#include -#ifndef _WIN32 -#include -#endif /* _WIN32 */ -#include -#include -#include -#include -#include -#include - -#ifndef _WIN32 -#ifdef HAVE_SYS_MMAN_H -#include -#endif /* HAVE_SYS_MMAN_H */ - -#ifdef HAVE_TERMIOS_H -#include -#endif /* HAVE_TERMIOS_H */ -#endif /* _WIN32 */ - -#include -#include -#include -#include -#include /* X509_PURPOSE */ -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_ENGINE -#include -#endif /* OPENSSL_NO_ENGINE */ -#if OPENSSL_VERSION_NUMBER>=0x30000000L -#include -#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ - -#include "msi.h" #include "osslsigncode.h" - -#ifdef ENABLE_CURL -#ifdef __CYGWIN__ -#ifndef SOCKET -#define SOCKET UINT_PTR -#endif /* SOCKET */ -#endif /* __CYGWIN__ */ -#include - -#define MAX_TS_SERVERS 256 -#endif /* ENABLE_CURL */ - -#if defined (HAVE_TERMIOS_H) || defined (HAVE_GETPASS) -#define PROVIDE_ASKPASS 1 -#endif - -#ifdef _WIN32 -#define FILE_CREATE_MODE "w+b" -#else -#define FILE_CREATE_MODE "w+bx" -#endif - -/* Microsoft OID Authenticode */ -#define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4" -#define SPC_STATEMENT_TYPE_OBJID "1.3.6.1.4.1.311.2.1.11" -#define SPC_SP_OPUS_INFO_OBJID "1.3.6.1.4.1.311.2.1.12" -#define SPC_PE_IMAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.15" -#define SPC_CAB_DATA_OBJID "1.3.6.1.4.1.311.2.1.25" -#define SPC_SIPINFO_OBJID "1.3.6.1.4.1.311.2.1.30" -#define SPC_PE_IMAGE_PAGE_HASHES_V1 "1.3.6.1.4.1.311.2.3.1" /* SHA1 */ -#define SPC_PE_IMAGE_PAGE_HASHES_V2 "1.3.6.1.4.1.311.2.3.2" /* SHA256 */ -#define SPC_NESTED_SIGNATURE_OBJID "1.3.6.1.4.1.311.2.4.1" -/* Microsoft OID Time Stamping */ -#define SPC_TIME_STAMP_REQUEST_OBJID "1.3.6.1.4.1.311.3.2.1" -#define SPC_RFC3161_OBJID "1.3.6.1.4.1.311.3.3.1" -/* Microsoft OID Crypto 2.0 */ -#define MS_CTL_OBJID "1.3.6.1.4.1.311.10.1" -/* Microsoft OID Microsoft_Java */ -#define MS_JAVA_SOMETHING "1.3.6.1.4.1.311.15.1" - -#define SPC_UNAUTHENTICATED_DATA_BLOB_OBJID "1.3.6.1.4.1.42921.1.2.1" - -/* Public Key Cryptography Standards PKCS#9 */ -#define PKCS9_MESSAGE_DIGEST "1.2.840.113549.1.9.4" -#define PKCS9_SIGNING_TIME "1.2.840.113549.1.9.5" -#define PKCS9_COUNTER_SIGNATURE "1.2.840.113549.1.9.6" - -/* WIN_CERTIFICATE structure declared in Wintrust.h */ -#define WIN_CERT_REVISION_2_0 0x0200 -#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 - -/* - * FLAG_PREV_CABINET is set if the cabinet file is not the first in a set - * of cabinet files. When this bit is set, the szCabinetPrev and szDiskPrev - * fields are present in this CFHEADER. - */ -#define FLAG_PREV_CABINET 0x0001 -/* - * FLAG_NEXT_CABINET is set if the cabinet file is not the last in a set of - * cabinet files. When this bit is set, the szCabinetNext and szDiskNext -* fields are present in this CFHEADER. -*/ -#define FLAG_NEXT_CABINET 0x0002 -/* - * FLAG_RESERVE_PRESENT is set if the cabinet file contains any reserved - * fields. When this bit is set, the cbCFHeader, cbCFFolder, and cbCFData - * fields are present in this CFHEADER. - */ -#define FLAG_RESERVE_PRESENT 0x0004 - -#define INVALID_TIME ((time_t)-1) - -typedef struct SIGNATURE_st { - PKCS7 *p7; - int md_nid; - ASN1_STRING *digest; - time_t signtime; - char *url; - char *desc; - const u_char *purpose; - const u_char *level; - CMS_ContentInfo *timestamp; - time_t time; - ASN1_STRING *blob; -} SIGNATURE; - -DEFINE_STACK_OF(SIGNATURE) -DECLARE_ASN1_FUNCTIONS(SIGNATURE) - -typedef struct { - char *infile; - char *outfile; - char *sigfile; - char *certfile; - char *xcertfile; - char *keyfile; - char *pvkfile; - char *pkcs12file; - int output_pkcs7; -#ifndef OPENSSL_NO_ENGINE - char *p11engine; - char *p11module; - char *p11cert; -#endif /* OPENSSL_NO_ENGINE */ - int askpass; - char *readpass; - char *pass; - int comm; - int pagehash; - char *desc; - const EVP_MD *md; - char *url; - time_t time; -#ifdef ENABLE_CURL - char *turl[MAX_TS_SERVERS]; - int nturl; - char *tsurl[MAX_TS_SERVERS]; - int ntsurl; - char *proxy; - int noverifypeer; -#endif /* ENABLE_CURL */ - int addBlob; - int nest; - int ignore_timestamp; - int verbose; - int add_msi_dse; - char *catalog; - char *cafile; - char *crlfile; - char *tsa_cafile; - char *tsa_crlfile; - char *leafhash; - int jp; -#if OPENSSL_VERSION_NUMBER>=0x30000000L - int legacy; -#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ -} GLOBAL_OPTIONS; - -typedef struct { - EVP_PKEY *pkey; - X509 *cert; - STACK_OF(X509) *certs; - STACK_OF(X509) *xcerts; - STACK_OF(X509_CRL) *crls; -} CRYPTO_PARAMS; - -typedef struct { - MSI_FILE *msi; - MSI_DIRENT *dirent; - u_char *p_msiex; - int len_msiex; -} MSI_PARAMS; - -/* - * ASN.1 definitions (more or less from official MS Authenticode docs) -*/ - -typedef struct { - int type; - union { - ASN1_BMPSTRING *unicode; - ASN1_IA5STRING *ascii; - } value; -} SpcString; - -DECLARE_ASN1_FUNCTIONS(SpcString) - -ASN1_CHOICE(SpcString) = { - ASN1_IMP_OPT(SpcString, value.unicode, ASN1_BMPSTRING, 0), - ASN1_IMP_OPT(SpcString, value.ascii, ASN1_IA5STRING, 1) -} ASN1_CHOICE_END(SpcString) - -IMPLEMENT_ASN1_FUNCTIONS(SpcString) - - -typedef struct { - ASN1_OCTET_STRING *classId; - ASN1_OCTET_STRING *serializedData; -} SpcSerializedObject; - -DECLARE_ASN1_FUNCTIONS(SpcSerializedObject) - -ASN1_SEQUENCE(SpcSerializedObject) = { - ASN1_SIMPLE(SpcSerializedObject, classId, ASN1_OCTET_STRING), - ASN1_SIMPLE(SpcSerializedObject, serializedData, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(SpcSerializedObject) - -IMPLEMENT_ASN1_FUNCTIONS(SpcSerializedObject) - - -typedef struct { - int type; - union { - ASN1_IA5STRING *url; - SpcSerializedObject *moniker; - SpcString *file; - } value; -} SpcLink; - -DECLARE_ASN1_FUNCTIONS(SpcLink) - -ASN1_CHOICE(SpcLink) = { - ASN1_IMP_OPT(SpcLink, value.url, ASN1_IA5STRING, 0), - ASN1_IMP_OPT(SpcLink, value.moniker, SpcSerializedObject, 1), - ASN1_EXP_OPT(SpcLink, value.file, SpcString, 2) -} ASN1_CHOICE_END(SpcLink) - -IMPLEMENT_ASN1_FUNCTIONS(SpcLink) - - -typedef struct { - SpcString *programName; - SpcLink *moreInfo; -} SpcSpOpusInfo; - -DECLARE_ASN1_FUNCTIONS(SpcSpOpusInfo) - -ASN1_SEQUENCE(SpcSpOpusInfo) = { - ASN1_EXP_OPT(SpcSpOpusInfo, programName, SpcString, 0), - ASN1_EXP_OPT(SpcSpOpusInfo, moreInfo, SpcLink, 1) -} ASN1_SEQUENCE_END(SpcSpOpusInfo) - -IMPLEMENT_ASN1_FUNCTIONS(SpcSpOpusInfo) - - -typedef struct { - ASN1_OBJECT *type; - ASN1_TYPE *value; -} SpcAttributeTypeAndOptionalValue; - -DECLARE_ASN1_FUNCTIONS(SpcAttributeTypeAndOptionalValue) - -ASN1_SEQUENCE(SpcAttributeTypeAndOptionalValue) = { - ASN1_SIMPLE(SpcAttributeTypeAndOptionalValue, type, ASN1_OBJECT), - ASN1_OPT(SpcAttributeTypeAndOptionalValue, value, ASN1_ANY) -} ASN1_SEQUENCE_END(SpcAttributeTypeAndOptionalValue) - -IMPLEMENT_ASN1_FUNCTIONS(SpcAttributeTypeAndOptionalValue) - - -typedef struct { - ASN1_OBJECT *algorithm; - ASN1_TYPE *parameters; -} AlgorithmIdentifier; - -DECLARE_ASN1_FUNCTIONS(AlgorithmIdentifier) - -ASN1_SEQUENCE(AlgorithmIdentifier) = { - ASN1_SIMPLE(AlgorithmIdentifier, algorithm, ASN1_OBJECT), - ASN1_OPT(AlgorithmIdentifier, parameters, ASN1_ANY) -} ASN1_SEQUENCE_END(AlgorithmIdentifier) - -IMPLEMENT_ASN1_FUNCTIONS(AlgorithmIdentifier) - - -typedef struct { - AlgorithmIdentifier *digestAlgorithm; - ASN1_OCTET_STRING *digest; -} DigestInfo; - -DECLARE_ASN1_FUNCTIONS(DigestInfo) - -ASN1_SEQUENCE(DigestInfo) = { - ASN1_SIMPLE(DigestInfo, digestAlgorithm, AlgorithmIdentifier), - ASN1_SIMPLE(DigestInfo, digest, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(DigestInfo) - -IMPLEMENT_ASN1_FUNCTIONS(DigestInfo) - - -typedef struct { - SpcAttributeTypeAndOptionalValue *data; - DigestInfo *messageDigest; -} SpcIndirectDataContent; - -DECLARE_ASN1_FUNCTIONS(SpcIndirectDataContent) - -ASN1_SEQUENCE(SpcIndirectDataContent) = { - ASN1_SIMPLE(SpcIndirectDataContent, data, SpcAttributeTypeAndOptionalValue), - ASN1_SIMPLE(SpcIndirectDataContent, messageDigest, DigestInfo) -} ASN1_SEQUENCE_END(SpcIndirectDataContent) - -IMPLEMENT_ASN1_FUNCTIONS(SpcIndirectDataContent) - - -typedef struct CatalogAuthAttr_st { - ASN1_OBJECT *type; - ASN1_TYPE *contents; -} CatalogAuthAttr; - -DEFINE_STACK_OF(CatalogAuthAttr) -DECLARE_ASN1_FUNCTIONS(CatalogAuthAttr) - -ASN1_SEQUENCE(CatalogAuthAttr) = { - ASN1_SIMPLE(CatalogAuthAttr, type, ASN1_OBJECT), - ASN1_OPT(CatalogAuthAttr, contents, ASN1_ANY) -} ASN1_SEQUENCE_END(CatalogAuthAttr) - -IMPLEMENT_ASN1_FUNCTIONS(CatalogAuthAttr) - - -typedef struct { - ASN1_OCTET_STRING *digest; - STACK_OF(CatalogAuthAttr) *attributes; -} CatalogInfo; - -DEFINE_STACK_OF(CatalogInfo) -DECLARE_ASN1_FUNCTIONS(CatalogInfo) - -ASN1_SEQUENCE(CatalogInfo) = { - ASN1_SIMPLE(CatalogInfo, digest, ASN1_OCTET_STRING), - ASN1_SET_OF(CatalogInfo, attributes, CatalogAuthAttr) -} ASN1_SEQUENCE_END(CatalogInfo) - -IMPLEMENT_ASN1_FUNCTIONS(CatalogInfo) - - -typedef struct { - /* 1.3.6.1.4.1.311.12.1.1 szOID_CATALOG_LIST */ - SpcAttributeTypeAndOptionalValue *type; - ASN1_OCTET_STRING *identifier; - ASN1_UTCTIME *time; - /* 1.3.6.1.4.1.311.12.1.2 CatalogVersion = 1 - * 1.3.6.1.4.1.311.12.1.3 CatalogVersion = 2 */ - SpcAttributeTypeAndOptionalValue *version; - STACK_OF(CatalogInfo) *header_attributes; - /* 1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID */ - ASN1_TYPE *filename; -} MsCtlContent; - -DECLARE_ASN1_FUNCTIONS(MsCtlContent) - -ASN1_SEQUENCE(MsCtlContent) = { - ASN1_SIMPLE(MsCtlContent, type, SpcAttributeTypeAndOptionalValue), - ASN1_SIMPLE(MsCtlContent, identifier, ASN1_OCTET_STRING), - ASN1_SIMPLE(MsCtlContent, time, ASN1_UTCTIME), - ASN1_SIMPLE(MsCtlContent, version, SpcAttributeTypeAndOptionalValue), - ASN1_SEQUENCE_OF(MsCtlContent, header_attributes, CatalogInfo), - ASN1_OPT(MsCtlContent, filename, ASN1_ANY) -} ASN1_SEQUENCE_END(MsCtlContent) - -IMPLEMENT_ASN1_FUNCTIONS(MsCtlContent) - - -typedef struct { - ASN1_BIT_STRING *flags; - SpcLink *file; -} SpcPeImageData; - -DECLARE_ASN1_FUNCTIONS(SpcPeImageData) - -ASN1_SEQUENCE(SpcPeImageData) = { - ASN1_SIMPLE(SpcPeImageData, flags, ASN1_BIT_STRING), - ASN1_EXP_OPT(SpcPeImageData, file, SpcLink, 0) -} ASN1_SEQUENCE_END(SpcPeImageData) - -IMPLEMENT_ASN1_FUNCTIONS(SpcPeImageData) - - -typedef struct { - ASN1_INTEGER *a; - ASN1_OCTET_STRING *string; - ASN1_INTEGER *b; - ASN1_INTEGER *c; - ASN1_INTEGER *d; - ASN1_INTEGER *e; - ASN1_INTEGER *f; -} SpcSipInfo; - -DECLARE_ASN1_FUNCTIONS(SpcSipInfo) - -ASN1_SEQUENCE(SpcSipInfo) = { - ASN1_SIMPLE(SpcSipInfo, a, ASN1_INTEGER), - ASN1_SIMPLE(SpcSipInfo, string, ASN1_OCTET_STRING), - ASN1_SIMPLE(SpcSipInfo, b, ASN1_INTEGER), - ASN1_SIMPLE(SpcSipInfo, c, ASN1_INTEGER), - ASN1_SIMPLE(SpcSipInfo, d, ASN1_INTEGER), - ASN1_SIMPLE(SpcSipInfo, e, ASN1_INTEGER), - ASN1_SIMPLE(SpcSipInfo, f, ASN1_INTEGER), -} ASN1_SEQUENCE_END(SpcSipInfo) - -IMPLEMENT_ASN1_FUNCTIONS(SpcSipInfo) - - -typedef struct { - AlgorithmIdentifier *digestAlgorithm; - ASN1_OCTET_STRING *digest; -} MessageImprint; - -DECLARE_ASN1_FUNCTIONS(MessageImprint) - -ASN1_SEQUENCE(MessageImprint) = { - ASN1_SIMPLE(MessageImprint, digestAlgorithm, AlgorithmIdentifier), - ASN1_SIMPLE(MessageImprint, digest, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(MessageImprint) - -IMPLEMENT_ASN1_FUNCTIONS(MessageImprint) - -#ifdef ENABLE_CURL - -typedef struct { - ASN1_OBJECT *type; - ASN1_OCTET_STRING *signature; -} TimeStampRequestBlob; - -DECLARE_ASN1_FUNCTIONS(TimeStampRequestBlob) - -ASN1_SEQUENCE(TimeStampRequestBlob) = { - ASN1_SIMPLE(TimeStampRequestBlob, type, ASN1_OBJECT), - ASN1_EXP_OPT(TimeStampRequestBlob, signature, ASN1_OCTET_STRING, 0) -} ASN1_SEQUENCE_END(TimeStampRequestBlob) - -IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequestBlob) - - -typedef struct { - ASN1_OBJECT *type; - TimeStampRequestBlob *blob; -} TimeStampRequest; - -DECLARE_ASN1_FUNCTIONS(TimeStampRequest) - -ASN1_SEQUENCE(TimeStampRequest) = { - ASN1_SIMPLE(TimeStampRequest, type, ASN1_OBJECT), - ASN1_SIMPLE(TimeStampRequest, blob, TimeStampRequestBlob) -} ASN1_SEQUENCE_END(TimeStampRequest) - -IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequest) - -/* RFC3161 Time stamping */ - -typedef struct { - ASN1_INTEGER *status; - STACK_OF(ASN1_UTF8STRING) *statusString; - ASN1_BIT_STRING *failInfo; -} PKIStatusInfo; - -DECLARE_ASN1_FUNCTIONS(PKIStatusInfo) - -ASN1_SEQUENCE(PKIStatusInfo) = { - ASN1_SIMPLE(PKIStatusInfo, status, ASN1_INTEGER), - ASN1_SEQUENCE_OF_OPT(PKIStatusInfo, statusString, ASN1_UTF8STRING), - ASN1_OPT(PKIStatusInfo, failInfo, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(PKIStatusInfo) - -IMPLEMENT_ASN1_FUNCTIONS(PKIStatusInfo) - - -typedef struct { - PKIStatusInfo *status; - PKCS7 *token; -} TimeStampResp; - -DECLARE_ASN1_FUNCTIONS(TimeStampResp) - -ASN1_SEQUENCE(TimeStampResp) = { - ASN1_SIMPLE(TimeStampResp, status, PKIStatusInfo), - ASN1_OPT(TimeStampResp, token, PKCS7) -} ASN1_SEQUENCE_END(TimeStampResp) - -IMPLEMENT_ASN1_FUNCTIONS(TimeStampResp) - - -typedef struct { - ASN1_INTEGER *version; - MessageImprint *messageImprint; - ASN1_OBJECT *reqPolicy; - ASN1_INTEGER *nonce; - ASN1_BOOLEAN certReq; - STACK_OF(X509_EXTENSION) *extensions; -} TimeStampReq; - -DECLARE_ASN1_FUNCTIONS(TimeStampReq) - -ASN1_SEQUENCE(TimeStampReq) = { - ASN1_SIMPLE(TimeStampReq, version, ASN1_INTEGER), - ASN1_SIMPLE(TimeStampReq, messageImprint, MessageImprint), - ASN1_OPT (TimeStampReq, reqPolicy, ASN1_OBJECT), - ASN1_OPT (TimeStampReq, nonce, ASN1_INTEGER), - ASN1_SIMPLE(TimeStampReq, certReq, ASN1_FBOOLEAN), - ASN1_IMP_SEQUENCE_OF_OPT(TimeStampReq, extensions, X509_EXTENSION, 0) -} ASN1_SEQUENCE_END(TimeStampReq) - -IMPLEMENT_ASN1_FUNCTIONS(TimeStampReq) - -#endif /* ENABLE_CURL */ - -typedef struct { - ASN1_INTEGER *seconds; - ASN1_INTEGER *millis; - ASN1_INTEGER *micros; -} TimeStampAccuracy; - -DECLARE_ASN1_FUNCTIONS(TimeStampAccuracy) - -ASN1_SEQUENCE(TimeStampAccuracy) = { - ASN1_OPT(TimeStampAccuracy, seconds, ASN1_INTEGER), - ASN1_IMP_OPT(TimeStampAccuracy, millis, ASN1_INTEGER, 0), - ASN1_IMP_OPT(TimeStampAccuracy, micros, ASN1_INTEGER, 1) -} ASN1_SEQUENCE_END(TimeStampAccuracy) - -IMPLEMENT_ASN1_FUNCTIONS(TimeStampAccuracy) - - -typedef struct { - ASN1_INTEGER *version; - ASN1_OBJECT *policy_id; - MessageImprint *messageImprint; - ASN1_INTEGER *serial; - ASN1_GENERALIZEDTIME *time; - TimeStampAccuracy *accuracy; - ASN1_BOOLEAN ordering; - ASN1_INTEGER *nonce; - GENERAL_NAME *tsa; - STACK_OF(X509_EXTENSION) *extensions; -} TimeStampToken; - -DECLARE_ASN1_FUNCTIONS(TimeStampToken) - -ASN1_SEQUENCE(TimeStampToken) = { - ASN1_SIMPLE(TimeStampToken, version, ASN1_INTEGER), - ASN1_SIMPLE(TimeStampToken, policy_id, ASN1_OBJECT), - ASN1_SIMPLE(TimeStampToken, messageImprint, MessageImprint), - ASN1_SIMPLE(TimeStampToken, serial, ASN1_INTEGER), - ASN1_SIMPLE(TimeStampToken, time, ASN1_GENERALIZEDTIME), - ASN1_OPT(TimeStampToken, accuracy, TimeStampAccuracy), - ASN1_OPT(TimeStampToken, ordering, ASN1_FBOOLEAN), - ASN1_OPT(TimeStampToken, nonce, ASN1_INTEGER), - ASN1_EXP_OPT(TimeStampToken, tsa, GENERAL_NAME, 0), - ASN1_IMP_SEQUENCE_OF_OPT(TimeStampToken, extensions, X509_EXTENSION, 1) -} ASN1_SEQUENCE_END(TimeStampToken) - -IMPLEMENT_ASN1_FUNCTIONS(TimeStampToken) +#include "helpers.h" /* * $ echo -n 3006030200013000 | xxd -r -p | openssl asn1parse -i -inform der @@ -683,126 +91,174 @@ const u_char purpose_comm[] = { 0x01, 0x82, 0x37, 0x02, 0x01, 0x16 }; -const u_char classid_page_hash[] = { - 0xa6, 0xb5, 0x86, 0xd5, 0xb4, 0xa1, 0x24, 0x66, - 0xae, 0x05, 0xa2, 0x17, 0xda, 0x8e, 0x60, 0xd6 -}; - -static SpcSpOpusInfo *createOpus(const char *desc, const char *url) -{ - SpcSpOpusInfo *info = SpcSpOpusInfo_new(); - - if (desc) { - info->programName = SpcString_new(); - info->programName->type = 1; - info->programName->value.ascii = ASN1_IA5STRING_new(); - ASN1_STRING_set((ASN1_STRING *)info->programName->value.ascii, - desc, (int)strlen(desc)); - } - if (url) { - info->moreInfo = SpcLink_new(); - info->moreInfo->type = 0; - info->moreInfo->value.url = ASN1_IA5STRING_new(); - ASN1_STRING_set((ASN1_STRING *)info->moreInfo->value.url, - url, (int)strlen(url)); - } - return info; -} - /* - * Return the header length (tag and length octets) of the ASN.1 type + * ASN.1 definitions (more or less from official MS Authenticode docs) */ -static int asn1_simple_hdr_len(const u_char *p, int len) -{ - if (len <= 2 || p[0] > 0x31) - return 0; - return (p[1]&0x80) ? (2 + (p[1]&0x7f)) : 2; -} +ASN1_CHOICE(SpcString) = { + ASN1_IMP_OPT(SpcString, value.unicode, ASN1_BMPSTRING, 0), + ASN1_IMP_OPT(SpcString, value.ascii, ASN1_IA5STRING, 1) +} ASN1_CHOICE_END(SpcString) -/* - * Add a custom, non-trusted time to the PKCS7 structure to prevent OpenSSL - * adding the _current_ time. This allows to create a deterministic signature - * when no trusted timestamp server was specified, making osslsigncode - * behaviour closer to signtool.exe (which doesn't include any non-trusted - * time in this case.) - */ -static int pkcs7_add_signing_time(PKCS7_SIGNER_INFO *si, time_t time) -{ - if (time == INVALID_TIME) /* -time option was not specified */ - return 1; /* success */ - return PKCS7_add_signed_attribute(si, - NID_pkcs9_signingTime, V_ASN1_UTCTIME, - ASN1_TIME_adj(NULL, time, 0, 0)); -} +IMPLEMENT_ASN1_FUNCTIONS(SpcString) -static void tohex(const u_char *v, char *b, int len) -{ - int i, j = 0; - for(i=0; i EVP_MAX_MD_SIZE) { - printf("Invalid message digest size\n"); - return; - } - tohex(hashbuf, hexbuf, length); - printf("%s: %s %s\n", descript1, hexbuf, descript2); -} +ASN1_CHOICE(SpcLink) = { + ASN1_IMP_OPT(SpcLink, value.url, ASN1_IA5STRING, 0), + ASN1_IMP_OPT(SpcLink, value.moniker, SpcSerializedObject, 1), + ASN1_EXP_OPT(SpcLink, value.file, SpcString, 2) +} ASN1_CHOICE_END(SpcLink) -static int compare_digests(u_char *mdbuf, u_char *cmdbuf, int mdtype) -{ - int mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); - int mdok = !memcmp(mdbuf, cmdbuf, (size_t)mdlen); - printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); - print_hash("Current message digest ", "", mdbuf, mdlen); - print_hash("Calculated message digest ", mdok ? "\n" : " MISMATCH!!!\n", cmdbuf, mdlen); - return mdok; -} +IMPLEMENT_ASN1_FUNCTIONS(SpcLink) -static int is_content_type(PKCS7 *p7, const char *objid) -{ - ASN1_OBJECT *indir_objid; - int retval; +ASN1_SEQUENCE(SpcSpOpusInfo) = { + ASN1_EXP_OPT(SpcSpOpusInfo, programName, SpcString, 0), + ASN1_EXP_OPT(SpcSpOpusInfo, moreInfo, SpcLink, 1) +} ASN1_SEQUENCE_END(SpcSpOpusInfo) - indir_objid = OBJ_txt2obj(objid, 1); - retval = p7 && PKCS7_type_is_signed(p7) && - !OBJ_cmp(p7->d.sign->contents->type, indir_objid) && - (p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE || - p7->d.sign->contents->d.other->type == V_ASN1_OCTET_STRING); - ASN1_OBJECT_free(indir_objid); - return retval; -} +IMPLEMENT_ASN1_FUNCTIONS(SpcSpOpusInfo) -int bio_hash_data(char *indata, BIO *hash, uint32_t idx, uint32_t offset, uint32_t fileend) -{ - size_t written; - uint32_t want; - uint32_t start = offset ? offset : idx; +ASN1_SEQUENCE(SpcAttributeTypeAndOptionalValue) = { + ASN1_SIMPLE(SpcAttributeTypeAndOptionalValue, type, ASN1_OBJECT), + ASN1_OPT(SpcAttributeTypeAndOptionalValue, value, ASN1_ANY) +} ASN1_SEQUENCE_END(SpcAttributeTypeAndOptionalValue) - while (start < fileend) { - want = fileend - start; - if (want > SIZE_64K) - want = SIZE_64K; - if (!BIO_write_ex(hash, indata + idx, want, &written)) { - BIO_free_all(hash); - return 0; /* FAILED */ - } - idx += (uint32_t)written; - start += (uint32_t)written; - } - return 1; /* OK */ -} +IMPLEMENT_ASN1_FUNCTIONS(SpcAttributeTypeAndOptionalValue) + +ASN1_SEQUENCE(AlgorithmIdentifier) = { + ASN1_SIMPLE(AlgorithmIdentifier, algorithm, ASN1_OBJECT), + ASN1_OPT(AlgorithmIdentifier, parameters, ASN1_ANY) +} ASN1_SEQUENCE_END(AlgorithmIdentifier) + +IMPLEMENT_ASN1_FUNCTIONS(AlgorithmIdentifier) + +ASN1_SEQUENCE(DigestInfo) = { + ASN1_SIMPLE(DigestInfo, digestAlgorithm, AlgorithmIdentifier), + ASN1_SIMPLE(DigestInfo, digest, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(DigestInfo) + +IMPLEMENT_ASN1_FUNCTIONS(DigestInfo) + +ASN1_SEQUENCE(SpcIndirectDataContent) = { + ASN1_SIMPLE(SpcIndirectDataContent, data, SpcAttributeTypeAndOptionalValue), + ASN1_SIMPLE(SpcIndirectDataContent, messageDigest, DigestInfo) +} ASN1_SEQUENCE_END(SpcIndirectDataContent) + +IMPLEMENT_ASN1_FUNCTIONS(SpcIndirectDataContent) + +ASN1_SEQUENCE(CatalogAuthAttr) = { + ASN1_SIMPLE(CatalogAuthAttr, type, ASN1_OBJECT), + ASN1_OPT(CatalogAuthAttr, contents, ASN1_ANY) +} ASN1_SEQUENCE_END(CatalogAuthAttr) + +IMPLEMENT_ASN1_FUNCTIONS(CatalogAuthAttr) + +ASN1_SEQUENCE(MessageImprint) = { + ASN1_SIMPLE(MessageImprint, digestAlgorithm, AlgorithmIdentifier), + ASN1_SIMPLE(MessageImprint, digest, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(MessageImprint) + +IMPLEMENT_ASN1_FUNCTIONS(MessageImprint) + +#ifdef ENABLE_CURL + +ASN1_SEQUENCE(TimeStampRequestBlob) = { + ASN1_SIMPLE(TimeStampRequestBlob, type, ASN1_OBJECT), + ASN1_EXP_OPT(TimeStampRequestBlob, signature, ASN1_OCTET_STRING, 0) +} ASN1_SEQUENCE_END(TimeStampRequestBlob) + +IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequestBlob) + +ASN1_SEQUENCE(TimeStampRequest) = { + ASN1_SIMPLE(TimeStampRequest, type, ASN1_OBJECT), + ASN1_SIMPLE(TimeStampRequest, blob, TimeStampRequestBlob) +} ASN1_SEQUENCE_END(TimeStampRequest) + +IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequest) + +/* RFC3161 Time stamping */ + +ASN1_SEQUENCE(PKIStatusInfo) = { + ASN1_SIMPLE(PKIStatusInfo, status, ASN1_INTEGER), + ASN1_SEQUENCE_OF_OPT(PKIStatusInfo, statusString, ASN1_UTF8STRING), + ASN1_OPT(PKIStatusInfo, failInfo, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(PKIStatusInfo) + +IMPLEMENT_ASN1_FUNCTIONS(PKIStatusInfo) + +ASN1_SEQUENCE(TimeStampResp) = { + ASN1_SIMPLE(TimeStampResp, status, PKIStatusInfo), + ASN1_OPT(TimeStampResp, token, PKCS7) +} ASN1_SEQUENCE_END(TimeStampResp) + +IMPLEMENT_ASN1_FUNCTIONS(TimeStampResp) + +ASN1_SEQUENCE(TimeStampReq) = { + ASN1_SIMPLE(TimeStampReq, version, ASN1_INTEGER), + ASN1_SIMPLE(TimeStampReq, messageImprint, MessageImprint), + ASN1_OPT (TimeStampReq, reqPolicy, ASN1_OBJECT), + ASN1_OPT (TimeStampReq, nonce, ASN1_INTEGER), + ASN1_SIMPLE(TimeStampReq, certReq, ASN1_FBOOLEAN), + ASN1_IMP_SEQUENCE_OF_OPT(TimeStampReq, extensions, X509_EXTENSION, 0) +} ASN1_SEQUENCE_END(TimeStampReq) + +IMPLEMENT_ASN1_FUNCTIONS(TimeStampReq) + +#endif /* ENABLE_CURL */ + +ASN1_SEQUENCE(TimeStampAccuracy) = { + ASN1_OPT(TimeStampAccuracy, seconds, ASN1_INTEGER), + ASN1_IMP_OPT(TimeStampAccuracy, millis, ASN1_INTEGER, 0), + ASN1_IMP_OPT(TimeStampAccuracy, micros, ASN1_INTEGER, 1) +} ASN1_SEQUENCE_END(TimeStampAccuracy) + +IMPLEMENT_ASN1_FUNCTIONS(TimeStampAccuracy) + +ASN1_SEQUENCE(TimeStampToken) = { + ASN1_SIMPLE(TimeStampToken, version, ASN1_INTEGER), + ASN1_SIMPLE(TimeStampToken, policy_id, ASN1_OBJECT), + ASN1_SIMPLE(TimeStampToken, messageImprint, MessageImprint), + ASN1_SIMPLE(TimeStampToken, serial, ASN1_INTEGER), + ASN1_SIMPLE(TimeStampToken, time, ASN1_GENERALIZEDTIME), + ASN1_OPT(TimeStampToken, accuracy, TimeStampAccuracy), + ASN1_OPT(TimeStampToken, ordering, ASN1_FBOOLEAN), + ASN1_OPT(TimeStampToken, nonce, ASN1_INTEGER), + ASN1_EXP_OPT(TimeStampToken, tsa, GENERAL_NAME, 0), + ASN1_IMP_SEQUENCE_OF_OPT(TimeStampToken, extensions, X509_EXTENSION, 1) +} ASN1_SEQUENCE_END(TimeStampToken) + +IMPLEMENT_ASN1_FUNCTIONS(TimeStampToken) + +ASN1_SEQUENCE(CatalogInfo) = { + ASN1_SIMPLE(CatalogInfo, digest, ASN1_OCTET_STRING), + ASN1_SET_OF(CatalogInfo, attributes, CatalogAuthAttr) +} ASN1_SEQUENCE_END(CatalogInfo) + +IMPLEMENT_ASN1_FUNCTIONS(CatalogInfo) + +ASN1_SEQUENCE(MsCtlContent) = { + ASN1_SIMPLE(MsCtlContent, type, SpcAttributeTypeAndOptionalValue), + ASN1_SIMPLE(MsCtlContent, identifier, ASN1_OCTET_STRING), + ASN1_SIMPLE(MsCtlContent, time, ASN1_UTCTIME), + ASN1_SIMPLE(MsCtlContent, version, SpcAttributeTypeAndOptionalValue), + ASN1_SEQUENCE_OF(MsCtlContent, header_attributes, CatalogInfo), + ASN1_OPT(MsCtlContent, filename, ASN1_ANY) +} ASN1_SEQUENCE_END(MsCtlContent) + +IMPLEMENT_ASN1_FUNCTIONS(MsCtlContent) + +/* Prototypes */ +static int signature_list_append_pkcs7(STACK_OF(PKCS7) **signatures, PKCS7 *p7, int allownest); +static time_t time_t_get_asn1_time(const ASN1_TIME *s); +static time_t time_t_get_si_time(PKCS7_SIGNER_INFO *si); +static time_t time_t_get_cms_time(CMS_ContentInfo *cms); +static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, + PKCS7_SIGNER_INFO *countersignature); #ifdef ENABLE_CURL @@ -824,6 +280,11 @@ static size_t curl_write(void *ptr, size_t sz, size_t nmemb, void *stream) return written; } +/* + * [in] url: URL of the Time-Stamp Authority server + * [in] http_code: curlinfo response code + * [returns] none + */ static void print_timestamp_error(const char *url, long http_code) { if (http_code != -1) { @@ -863,20 +324,25 @@ static void print_timestamp_error(const char *url, long http_code) */ /* - * Encode RFC 3161 timestamp request and write it into BIO + * Encode RFC3161 timestamp request and write it into BIO + * [in] p7: new PKCS#7 signature + * [in] md: message digest algorithm type + * [returns] pointer to BIO with RFC3161 Timestamp Request */ -static BIO *encode_rfc3161_request(PKCS7 *sig, const EVP_MD *md) +static BIO *bio_encode_rfc3161_request(PKCS7 *p7, const EVP_MD *md) { + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; u_char mdbuf[EVP_MAX_MD_SIZE]; TimeStampReq *req; BIO *bout, *bhash; u_char *p; int len; - STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(sig); + signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return NULL; /* FAILED */ + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return NULL; /* FAILED */ @@ -915,18 +381,22 @@ static BIO *encode_rfc3161_request(PKCS7 *sig, const EVP_MD *md) /* * Encode authenticode timestamp request and write it into BIO + * [in] p7: new PKCS#7 signature + * [returns] pointer to BIO with authenticode Timestamp Request */ -static BIO *encode_authenticode_request(PKCS7 *sig) +static BIO *bio_encode_authenticode_request(PKCS7 *p7) { + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; TimeStampRequest *req; BIO *bout, *b64; u_char *p; int len; - STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(sig); + signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ @@ -956,15 +426,19 @@ static BIO *encode_authenticode_request(PKCS7 *sig) * Decode a curl response from BIO. * If successful the RFC 3161 timestamp will be written into * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]. + * [in, out] p7: new PKCS#7 signature + * [in] bin: BIO with curl data + * [in] verbose: additional output mode + * [returns] CURLcode on error or CURLE_OK (0) on success */ -static CURLcode decode_rfc3161_response(PKCS7 *sig, BIO *bin, int verbose) +static CURLcode decode_rfc3161_response(PKCS7 *p7, BIO *bin, int verbose) { PKCS7_SIGNER_INFO *si; STACK_OF(X509_ATTRIBUTE) *attrs; TimeStampResp *reply; u_char *p; int i, len; - STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(sig); + STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 1; /* FAILED */ @@ -1011,11 +485,16 @@ static CURLcode decode_rfc3161_response(PKCS7 *sig, BIO *bin, int verbose) /* * Decode a curl response from BIO. * If successful the authenticode timestamp will be written into - * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]. + * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]: + * p7->d.sign->signer_info->unauth_attr + * [in, out] p7: new PKCS#7 signature + * [in] bin: BIO with curl data + * [in] verbose: additional output mode + * [returns] CURLcode on error or CURLE_OK (0) on success */ -static CURLcode decode_authenticode_response(PKCS7 *sig, BIO *bin, int verbose) +static CURLcode decode_authenticode_response(PKCS7 *p7, BIO *bin, int verbose) { - PKCS7 *p7; + PKCS7 *resp; PKCS7_SIGNER_INFO *info, *si; STACK_OF(X509_ATTRIBUTE) *attrs; BIO* b64, *b64_bin; @@ -1027,37 +506,40 @@ static CURLcode decode_authenticode_response(PKCS7 *sig, BIO *bin, int verbose) if (!blob_has_nl) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); b64_bin = BIO_push(b64, bin); - p7 = d2i_PKCS7_bio(b64_bin, NULL); + resp = d2i_PKCS7_bio(b64_bin, NULL); BIO_free_all(b64_bin); - if (p7 == NULL) + if (resp == NULL) return 1; /* FAILED */ - for(i = sk_X509_num(p7->d.sign->cert)-1; i>=0; i--) - PKCS7_add_certificate(sig, sk_X509_value(p7->d.sign->cert, i)); + for(i = sk_X509_num(resp->d.sign->cert)-1; i>=0; i--) + PKCS7_add_certificate(p7, sk_X509_value(resp->d.sign->cert, i)); - signer_info = PKCS7_get_signer_info(p7); + signer_info = PKCS7_get_signer_info(resp); + PKCS7_free(resp); if (!signer_info) return 1; /* FAILED */ info = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); - if (!info) + if (!info) { + PKCS7_free(resp); return 1; /* FAILED */ + } if (((len = i2d_PKCS7_SIGNER_INFO(info, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { if (verbose) { printf("Failed to convert signer info: %d\n", len); ERR_print_errors_fp(stdout); } - PKCS7_free(p7); + PKCS7_free(resp); return 1; /* FAILED */ } len = i2d_PKCS7_SIGNER_INFO(info, &p); p -= len; - PKCS7_free(p7); + PKCS7_free(resp); attrs = sk_X509_ATTRIBUTE_new_null(); attrs = X509at_add1_attr_by_txt(&attrs, PKCS9_COUNTER_SIGNATURE, V_ASN1_SET, p, len); OPENSSL_free(p); - signer_info = PKCS7_get_signer_info(sig); + signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 1; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); @@ -1075,9 +557,13 @@ static CURLcode decode_authenticode_response(PKCS7 *sig, BIO *bin, int verbose) /* * Add timestamp to the PKCS7 SignerInfo structure: * sig->d.sign->signer_info->unauth_attr + * [in, out] p7: new PKCS#7 signature + * [in] ctx: structure holds input and output data + * [in] url: URL of the Time-Stamp Authority server + * [in] rfc3161: Authenticode / RFC3161 Timestamp switch + * [returns] 1 on error or 0 on success */ -static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, - const EVP_MD *md, int verbose, int noverifypeer) +static int add_timestamp(PKCS7 *p7, FILE_FORMAT_CTX *ctx, char *url, int rfc3161) { CURL *curl; struct curl_slist *slist = NULL; @@ -1085,33 +571,34 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, BIO *bout, *bin; u_char *p = NULL; long len = 0; + int verbose = ctx->options->verbose || ctx->options->ntsurl == 1; if (!url) return 1; /* FAILED */ /* Encode timestamp request */ if (rfc3161) { - bout = encode_rfc3161_request(sig, md); + bout = bio_encode_rfc3161_request(p7, ctx->options->md); } else { - bout = encode_authenticode_request(sig); + bout = bio_encode_authenticode_request(p7); } if (!bout) return 1; /* FAILED */ /* Start a libcurl easy session and set options for a curl easy handle */ curl = curl_easy_init(); - if (proxy) { - res = curl_easy_setopt(curl, CURLOPT_PROXY, proxy); + if (ctx->options->proxy) { + res = curl_easy_setopt(curl, CURLOPT_PROXY, ctx->options->proxy); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } - if (!strncmp("http:", proxy, 5)) { + if (!strncmp("http:", ctx->options->proxy, 5)) { res = curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } } - if (!strncmp("socks:", proxy, 6)) { + if (!strncmp("socks:", ctx->options->proxy, 6)) { res = curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); @@ -1126,7 +613,7 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, * ask libcurl to show us the verbose output * curl_easy_setopt(curl, CURLOPT_VERBOSE, 42); */ - if (noverifypeer) { + if (ctx->options->noverifypeer) { res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); @@ -1187,9 +674,9 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code); /* Decode a curl response from BIO and write it into the PKCS7 structure */ if (rfc3161) - res = decode_rfc3161_response(sig, bin, verbose); + res = decode_rfc3161_response(p7, bin, verbose); else - res = decode_authenticode_response(sig, bin, verbose); + res = decode_authenticode_response(p7, bin, verbose); if (res && verbose) print_timestamp_error(url, http_code); } @@ -1198,40 +685,1497 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, return (int)res; } -static int add_timestamp_authenticode(PKCS7 *sig, GLOBAL_OPTIONS *options) +/* + * [in, out] p7: new PKCS#7 signature + * [in] ctx: structure holds input and output data + * [returns] 0 on error or 1 on success + */ +static int add_timestamp_authenticode(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { int i; - for (i=0; inturl; i++) { - int res = add_timestamp(sig, options->turl[i], options->proxy, 0, NULL, - options->verbose || options->nturl == 1, options->noverifypeer); - if (!res) - return 0; /* OK */ + for (i=0; ioptions->nturl; i++) { + if (!add_timestamp(p7, ctx, ctx->options->turl[i], 0)) + return 1; /* OK */ } - return 1; /* FAILED */ + return 0; /* FAILED */ } -static int add_timestamp_rfc3161(PKCS7 *sig, GLOBAL_OPTIONS *options) +/* + * [in, out] p7: new PKCS#7 signature + * [in] ctx: structure holds input and output data + * [returns] 0 on error or 1 on success + */ +static int add_timestamp_rfc3161(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { int i; - for (i=0; intsurl; i++) { - int res = add_timestamp(sig, options->tsurl[i], options->proxy, 1, options->md, - options->verbose || options->ntsurl == 1, options->noverifypeer); - if (!res) - return 0; /* OK */ + for (i=0; ioptions->ntsurl; i++) { + if (!add_timestamp(p7, ctx, ctx->options->tsurl[i], 1)) + return 1; /* OK */ } - return 1; /* FAILED */ + return 0; /* FAILED */ } #endif /* ENABLE_CURL */ +/* + * If successful the unauthenticated blob will be written into + * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]: + * p7->d.sign->signer_info->unauth_attr + * [in, out] p7: new PKCS#7 signature + * [returns] 0 on error or 1 on success + */ +static int add_unauthenticated_blob(PKCS7 *p7) +{ + PKCS7_SIGNER_INFO *si; + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + ASN1_STRING *astr; + u_char *p = NULL; + int nid, len = 1024+4; + /* Length data for ASN1 attribute plus prefix */ + const char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; + const char postfix[] = "---END_BLOB---"; -static bool on_list(const char *txt, const char *list[]) + signer_info = PKCS7_get_signer_info(p7); + if (!signer_info) + return 0; /* FAILED */ + si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0); + if (!si) + return 0; /* FAILED */ + if ((p = OPENSSL_malloc((size_t)len)) == NULL) + return 0; /* FAILED */ + memset(p, 0, (size_t)len); + memcpy(p, prefix, sizeof prefix); + memcpy(p + len - sizeof postfix, postfix, sizeof postfix); + astr = ASN1_STRING_new(); + ASN1_STRING_set(astr, p, len); + nid = OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID, + "unauthenticatedData", "unauthenticatedData"); + PKCS7_add_attribute(si, nid, V_ASN1_SEQUENCE, astr); + OPENSSL_free(p); + return 1; /* OK */ +} + +/* + * [in, out] p7: new PKCS#7 signature + * [in, out] ctx: structure holds input and output data + * [returns] 1 on error or 0 on success + */ +static int add_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx) +{ +#ifdef ENABLE_CURL + /* add counter-signature/timestamp */ + if (ctx->options->nturl && !add_timestamp_authenticode(p7, ctx)) { + printf("%s\n%s\n", "Authenticode timestamping failed", + "Use the \"-ts\" option to add the RFC3161 Time-Stamp Authority or choose another one Authenticode Time-Stamp Authority"); + return 1; /* FAILED */ + } + if (ctx->options->ntsurl && !add_timestamp_rfc3161(p7, ctx)) { + printf("%s\n%s\n", "RFC 3161 timestamping failed", + "Use the \"-t\" option to add the Authenticode Time-Stamp Authority or choose another one RFC3161 Time-Stamp Authority"); + return 1; /* FAILED */ + } +#endif /* ENABLE_CURL */ + if (ctx->options->addBlob && !add_unauthenticated_blob(p7)) { + printf("Adding unauthenticated blob failed\n"); + return 1; /* FAILED */ + } + return 0; /* OK */ +} + +/* + * [in, out] store: structure for holding information about X.509 certificates and CRLs + * [in] time: time_t to set + * [returns] 0 on error or 1 on success + */ +static int x509_store_set_time(X509_STORE *store, time_t time) +{ + X509_VERIFY_PARAM *param; + + param = X509_STORE_get0_param(store); + if (param == NULL) + return 0; /* FAILED */ + X509_VERIFY_PARAM_set_time(param, time); + if (!X509_STORE_set1_param(store, param)) + return 0; /* FAILED */ + return 1; /* OK */ +} + +/* + * Check the syntax of the time structure and print the time in human readable format + * [in] time: time structure + * [returns] 0 on error or 1 on success + */ +static int print_asn1_time(const ASN1_TIME *time) +{ + BIO *bp; + + if ((time == NULL) || (!ASN1_TIME_check(time))) { + printf("N/A\n"); + return 0; /* FAILED */ + } + bp = BIO_new_fp(stdout, BIO_NOCLOSE); + ASN1_TIME_print(bp, time); + BIO_free(bp); + printf("\n"); + return 1; /* OK */ +} + +/* + * Set the structure s to the time represented by the time_t value + * to print this time in human readable format + * [in] time: time_t value + * [returns] 0 on error or 1 on success + */ +static int print_time_t(const time_t time) +{ + ASN1_TIME *s; + int ret; + + if (time == INVALID_TIME) { + printf("N/A\n"); + return 0; /* FAILED */ + } + if ((s = ASN1_TIME_set(NULL, time)) == NULL) { + printf("N/A\n"); + return 0; /* FAILED */ + } + ret = print_asn1_time(s); + ASN1_TIME_free(s); + return ret; + +} + +/* + * Print certificate subject name, issuer name, serial number and expiration date + * [in] cert: X509 certificate + * [in] i: certificate number in order + * [returns] none + */ +static void print_cert(X509 *cert, int i) +{ + char *subject, *issuer, *serial; + BIGNUM *serialbn; + + subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); + serialbn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), NULL); + serial = BN_bn2hex(serialbn); + if (i > 0) + printf("\t------------------\n"); + printf("\tSigner #%d:\n\t\tSubject: %s\n\t\tIssuer : %s\n\t\tSerial : %s\n\t\tCertificate expiration date:\n", + i, subject, issuer, serial); + printf("\t\t\tnotBefore : "); + print_asn1_time(X509_get0_notBefore(cert)); + printf("\t\t\tnotAfter : "); + print_asn1_time(X509_get0_notAfter(cert)); + + OPENSSL_free(subject); + OPENSSL_free(issuer); + BN_free(serialbn); + OPENSSL_free(serial); +} + +/* + * Print X509 certificate list from p7->d.sign->cert + * [in] p7: PKCS#7 signature + * [returns] 1 on success + */ +static int print_certs(PKCS7 *p7) +{ + X509 *cert; + int i, count; + + count = sk_X509_num(p7->d.sign->cert); + printf("\nNumber of certificates: %d\n", count); + for (i=0; id.sign->cert, i); + if (!cert) + return 0; /* FAILED */ + print_cert(cert, i); + } + return 1; /* OK */ +} + +/* + * [in, out] store: structure for holding information about X.509 certificates and CRLs + * [in] cafile: file contains concatenated CA certificates in PEM format + * [returns] 0 on error or 1 on success + */ +static int x509_store_load_file(X509_STORE *store, char *cafile) +{ + X509_LOOKUP *lookup; + X509_VERIFY_PARAM *param; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (!lookup || !cafile) + return 0; /* FAILED */ + if (!X509_load_cert_file(lookup, cafile, X509_FILETYPE_PEM)) { + printf("\nError: no certificate found\n"); + return 0; /* FAILED */ + } + param = X509_STORE_get0_param(store); + if (param == NULL) + return 0; /* FAILED */ + if (!X509_VERIFY_PARAM_set_purpose(param, X509_PURPOSE_ANY)) + return 0; /* FAILED */ + if (!X509_STORE_set1_param(store, param)) + return 0; /* FAILED */ + + return 1; /* OK */ +} + +/* X509_STORE_CTX_verify_cb */ +static int verify_callback(int ok, X509_STORE_CTX *ctx) +{ + int error = X509_STORE_CTX_get_error(ctx); + int depth = X509_STORE_CTX_get_error_depth(ctx); + + if (!ok && error == X509_V_ERR_CERT_HAS_EXPIRED) { + if (depth == 0) { + printf("\nWarning: Ignoring expired signer certificate for CRL validation\n"); + return 1; + } else { + X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); + printf("\nError: Expired CA certificate:\n"); + print_cert(current_cert, 0); + printf("\n"); + } + } + return ok; +} + +/* + * [in, out] store: structure for holding information about X.509 certificates and CRLs + * [in] cafile: file contains concatenated CA certificates in PEM format + * [in] crlfile: file contains Certificate Revocation List (CRLs) + * [returns] 0 on error or 1 on success + */ +static int x509_store_load_crlfile(X509_STORE *store, char *cafile, char *crlfile) +{ + X509_LOOKUP *lookup; + X509_VERIFY_PARAM *param; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (!lookup) + return 0; /* FAILED */ + if (!X509_load_cert_file(lookup, cafile, X509_FILETYPE_PEM)) { + printf("\nError: no certificate found\n"); + return 0; /* FAILED */ + } + if (crlfile && !X509_load_crl_file(lookup, crlfile, X509_FILETYPE_PEM)) { + printf("\nError: no CRL found in %s\n", crlfile); + return 0; /* FAILED */ + } + param = X509_STORE_get0_param(store); + if (param == NULL) + return 0; /* FAILED */ + /* enable CRL checking for the certificate chain leaf certificate */ + if (!X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK)) + return 0; /* FAILED */ + if (!X509_STORE_set1_param(store, param)) + return 0; /* FAILED */ + X509_STORE_set_verify_cb(store, verify_callback); + + return 1; /* OK */ +} + +/* + * Initialise X509_STORE_CTX structure to discover and validate a certificate chain + * based on given parameters + * [in] cafile: file contains concatenated CA certificates in PEM format + * [in] crlfile: file contains Certificate Revocation List (CRLs) + * [in] crls: additional CRLs obtained from p7->d.sign->crl + * [in] signer: signer's X509 certificate + * [in] chain: list of additional certificates which will be untrusted but be used to build the chain + * [returns] 0 on error or 1 on success + */ +static int verify_crl(char *cafile, char *crlfile, STACK_OF(X509_CRL) *crls, + X509 *signer, STACK_OF(X509) *chain) +{ + X509_STORE *store = NULL; + X509_STORE_CTX *ctx = NULL; + int verok = 0; + + ctx = X509_STORE_CTX_new(); + if (!ctx) + goto out; + store = X509_STORE_new(); + if (!store) + goto out; + if (!x509_store_load_crlfile(store, cafile, crlfile)) + goto out; + + /* initialise an X509_STORE_CTX structure for subsequent use by X509_verify_cert()*/ + if (!X509_STORE_CTX_init(ctx, store, signer, chain)) + goto out; + + /* set an additional CRLs */ + if (crls) + X509_STORE_CTX_set0_crls(ctx, crls); + + if (X509_verify_cert(ctx) <= 0) { + int error = X509_STORE_CTX_get_error(ctx); + printf("\nX509_verify_cert: certificate verify error: %s\n", + X509_verify_cert_error_string(error)); + goto out; + } + verok = 1; /* OK */ + +out: + if (!verok) + ERR_print_errors_fp(stdout); + /* NULL is a valid parameter value for X509_STORE_free() and X509_STORE_CTX_free() */ + X509_STORE_free(store); + X509_STORE_CTX_free(ctx); + return verok; +} + +/* + * [in] cert: X509 certificate + * [returns] CRL distribution point url + */ +static char *clrdp_url_get_x509(X509 *cert) +{ + STACK_OF(DIST_POINT) *crldp; + DIST_POINT *dp; + GENERAL_NAMES *gens; + GENERAL_NAME *gen; + int i, j, gtype; + ASN1_STRING *uri; + char *url = NULL; + + crldp = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL); + if (!crldp) + return NULL; + + for (i = 0; i < sk_DIST_POINT_num(crldp); i++) { + dp = sk_DIST_POINT_value(crldp, i); + if (!dp->distpoint || dp->distpoint->type != 0) + continue; + gens = dp->distpoint->name.fullname; + for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { + gen = sk_GENERAL_NAME_value(gens, j); + uri = GENERAL_NAME_get0_value(gen, >ype); + if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { + url = OPENSSL_strdup((const char *)ASN1_STRING_get0_data(uri)); + if (strncmp(url, "http://", 7) == 0) + goto out; + OPENSSL_free(url); + url = NULL; + } + } + } +out: + sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); + return url; +} + +/* + * Compare the hash provided from the TSTInfo object against the hash computed + * from the signature created by the signing certificate's private key + * [in] p7: PKCS#7 signature + * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp + * [returns] 0 on error or 1 on success + */ +static int verify_timestamp_token(PKCS7 *p7, CMS_ContentInfo *timestamp) +{ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_SIGNER_INFO *si; + ASN1_OCTET_STRING *hash, **pos; + TimeStampToken *token = NULL; + const u_char *p = NULL; + u_char mdbuf[EVP_MAX_MD_SIZE]; + const EVP_MD *md; + int md_nid; + BIO *bhash; + + signer_info = PKCS7_get_signer_info(p7); + if (!signer_info) + return 0; /* FAILED */ + + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) + return 0; /* FAILED */ + + pos = CMS_get0_content(timestamp); + if (pos != NULL && *pos != NULL) { + p = (*pos)->data; + token = d2i_TimeStampToken(NULL, &p, (*pos)->length); + if (token) { + /* compute a hash from the encrypted message digest value of the file */ + md_nid = OBJ_obj2nid(token->messageImprint->digestAlgorithm->algorithm); + md = EVP_get_digestbynid(md_nid); + bhash = BIO_new(BIO_f_md()); + if (!BIO_set_md(bhash, md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(bhash); + return 0; /* FAILED */ + } + BIO_push(bhash, BIO_new(BIO_s_null())); + BIO_write(bhash, si->enc_digest->data, si->enc_digest->length); + BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); + BIO_free_all(bhash); + + /* compare the provided hash against the computed hash */ + hash = token->messageImprint->digest; + /* hash->length == EVP_MD_size(md) */ + if (memcmp(mdbuf, hash->data, (size_t)hash->length)) { + printf("Hash value mismatch:\n\tMessage digest algorithm: %s\n", + (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); + print_hash("\tComputed message digest", "", mdbuf, EVP_MD_size(md)); + print_hash("\tReceived message digest", "", hash->data, hash->length); + printf("\nFile's message digest verification: failed\n"); + TimeStampToken_free(token); + return 0; /* FAILED */ + } /* else Computed and received message digests matched */ + TimeStampToken_free(token); + } else + /* our CMS_ContentInfo struct created for Authenticode Timestamp + * does not contain any TimeStampToken as specified in RFC 3161 */ + ERR_clear_error(); + } + return 1; /* OK */ +} + +/* + * [in] ctx: structure holds input and output data + * [in] p7: PKCS#7 signature + * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp + * [in] time: timestamp verification time + * [returns] 1 on error or 0 on success + */ +static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *timestamp, time_t time) +{ + X509_STORE *store; + STACK_OF(CMS_SignerInfo) *sinfos; + CMS_SignerInfo *cmssi; + X509 *signer; + STACK_OF(X509_CRL) *crls; + char *url; + int verok = 0; + + store = X509_STORE_new(); + if (!store) + goto out; + if (x509_store_load_file(store, ctx->options->tsa_cafile)) { + /* + * The TSA signing key MUST be of a sufficient length to allow for a sufficiently + * long lifetime. Even if this is done, the key will have a finite lifetime. + * Thus, any token signed by the TSA SHOULD be time-stamped again or notarized + * at a later date to renew the trust that exists in the TSA's signature. + * https://datatracker.ietf.org/doc/html/rfc3161#section-4 + * Signtool does not respect this RFC and neither we do. + * So verify timestamp against the time of its creation. + */ + if (!x509_store_set_time(store, time)) { + printf("Failed to set store time\n"); + X509_STORE_free(store); + goto out; + } + } else { + printf("Use the \"-TSA-CAfile\" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.\n"); + X509_STORE_free(store); + goto out; + } + + /* verify a CMS SignedData structure */ + if (!CMS_verify(timestamp, NULL, store, 0, NULL, 0)) { + printf("\nCMS_verify error\n"); + X509_STORE_free(store); + goto out; + } + X509_STORE_free(store); + + sinfos = CMS_get0_SignerInfos(timestamp); + cmssi = sk_CMS_SignerInfo_value(sinfos, 0); + CMS_SignerInfo_get0_algs(cmssi, NULL, &signer, NULL, NULL); + + url = clrdp_url_get_x509(signer); + if (url) { + printf("TSA's CRL distribution point: %s\n", url); + OPENSSL_free(url); + } + /* verify a Certificate Revocation List */ + crls = p7->d.sign->crl; + if (ctx->options->tsa_crlfile || crls) { + STACK_OF(X509) *chain = CMS_get1_certs(timestamp); + int crlok = verify_crl(ctx->options->tsa_cafile, ctx->options->tsa_crlfile, + crls, signer, chain); + sk_X509_pop_free(chain, X509_free); + printf("Timestamp Server Signature CRL verification: %s\n", crlok ? "ok" : "failed"); + if (!crlok) + goto out; + } else { + printf("\n"); + } + /* check extended key usage flag XKU_TIMESTAMP */ + if (!(X509_get_extended_key_usage(signer) & XKU_TIMESTAMP)) { + printf("Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); + goto out; + } + /* verify the hash provided from the trusted timestamp */ + if (!verify_timestamp_token(p7, timestamp)) { + goto out; + } + verok = 1; /* OK */ +out: + if (!verok) + ERR_print_errors_fp(stdout); + return verok; +} + +/* + * [in] ctx: structure holds input and output data + * [in] p7: PKCS#7 signature + * [in] time: signature verification time + * [in] signer: signer's X509 certificate + * [returns] 1 on error or 0 on success + */ +static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X509 *signer) +{ + X509_STORE *store; + STACK_OF(X509_CRL) *crls; + BIO *bio = NULL; + int verok = 0; + + store = X509_STORE_new(); + if (!store) + goto out; + + if (!x509_store_load_file(store, ctx->options->cafile)) { + printf("Failed to add store lookup file\n"); + X509_STORE_free(store); + goto out; + } + if (time != INVALID_TIME) { + printf("Signature verification time: "); + print_time_t(time); + if (!x509_store_set_time(store, time)) { + printf("Failed to set signature time\n"); + X509_STORE_free(store); + goto out; + } + } else if (ctx->options->time != INVALID_TIME) { + printf("Signature verification time: "); + print_time_t(ctx->options->time); + if (!x509_store_set_time(store, ctx->options->time)) { + printf("Failed to set verifying time\n"); + X509_STORE_free(store); + goto out; + } + } + /* verify a PKCS#7 signedData structure */ + if (p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE) { + /* only verify the contents of the sequence */ + int seqhdrlen; + seqhdrlen = asn1_simple_hdr_len(p7->d.sign->contents->d.other->value.sequence->data, + p7->d.sign->contents->d.other->value.sequence->length); + bio = BIO_new_mem_buf(p7->d.sign->contents->d.other->value.sequence->data + seqhdrlen, + p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen); + } else { + /* verify the entire value */ + bio = BIO_new_mem_buf(p7->d.sign->contents->d.other->value.sequence->data, + p7->d.sign->contents->d.other->value.sequence->length); + } + if (!PKCS7_verify(p7, NULL, store, bio, NULL, 0)) { + printf("\nPKCS7_verify error\n"); + X509_STORE_free(store); + BIO_free(bio); + goto out; + } + X509_STORE_free(store); + BIO_free(bio); + + /* verify a Certificate Revocation List */ + crls = p7->d.sign->crl; + if (ctx->options->crlfile || crls) { + STACK_OF(X509) *chain = p7->d.sign->cert; + int crlok = verify_crl(ctx->options->cafile, ctx->options->crlfile, + crls, signer, chain); + printf("Signature CRL verification: %s\n", crlok ? "ok" : "failed"); + if (!crlok) + goto out; + } + + /* check extended key usage flag XKU_CODE_SIGN */ + if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) { + printf("Unsupported Signer's certificate purpose XKU_CODE_SIGN\n"); + goto out; + } + + verok = 1; /* OK */ +out: + if (!verok) + ERR_print_errors_fp(stdout); + return verok; +} + +/* + * [in] leafhash: optional hash algorithm and the signer's certificate hash + * [in] cert: signer's x509 certificate + * [returns] 0 on error or 1 on success + */ +static int verify_leaf_hash(X509 *cert, const char *leafhash) +{ + u_char *mdbuf = NULL, *certbuf, *tmp; + u_char cmdbuf[EVP_MAX_MD_SIZE]; + const EVP_MD *md; + long mdlen = 0; + size_t certlen, written; + BIO *bhash; + + /* decode the provided hash */ + char *mdid = OPENSSL_strdup(leafhash); + char *hash = strchr(mdid, ':'); + if (hash == NULL) { + printf("\nUnable to parse -require-leaf-hash parameter: %s\n", leafhash); + return 0; /* FAILED */ + } + *hash++ = '\0'; + md = EVP_get_digestbyname(mdid); + if (md == NULL) { + printf("\nUnable to lookup digest by name '%s'\n", mdid); + OPENSSL_free(mdid); + return 0; /* FAILED */ + } + mdbuf = OPENSSL_hexstr2buf(hash, &mdlen); + if (mdlen != EVP_MD_size(md)) { + printf("\nHash length mismatch: '%s' digest must be %d bytes long (got %ld bytes)\n", + mdid, EVP_MD_size(md), mdlen); + OPENSSL_free(mdid); + OPENSSL_free(mdbuf); + return 0; /* FAILED */ + } + OPENSSL_free(mdid); + + /* compute the leaf certificate hash */ + bhash = BIO_new(BIO_f_md()); + if (!BIO_set_md(bhash, md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(bhash); + OPENSSL_free(mdbuf); + return 0; /* FAILED */ + } + BIO_push(bhash, BIO_new(BIO_s_null())); + certlen = (size_t)i2d_X509(cert, NULL); + certbuf = OPENSSL_malloc(certlen); + tmp = certbuf; + i2d_X509(cert, &tmp); + if (!BIO_write_ex(bhash, certbuf, certlen, &written) || written != certlen) { + BIO_free_all(bhash); + OPENSSL_free(mdbuf); + OPENSSL_free(certbuf); + return 0; /* FAILED */ + } + BIO_gets(bhash, (char*)cmdbuf, EVP_MD_size(md)); + BIO_free_all(bhash); + OPENSSL_free(certbuf); + + /* compare the provided hash against the computed hash */ + if (memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md))) { + print_hash("\nLeaf hash value mismatch", "computed", cmdbuf, EVP_MD_size(md)); + OPENSSL_free(mdbuf); + return 0; /* FAILED */ + } + OPENSSL_free(mdbuf); + return 1; /* OK */ +} + +/* + * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp + * [in] time: timestamp verification time + * [returns] 0 on error or 1 on success + */ +static int print_cms_timestamp(CMS_ContentInfo *timestamp, time_t time) +{ + STACK_OF(CMS_SignerInfo) *sinfos; + CMS_SignerInfo *si; + int md_nid; + ASN1_INTEGER *serialno; + char *issuer_name, *serial; + BIGNUM *serialbn; + X509_ALGOR *pdig; + X509_NAME *issuer = NULL; + + sinfos = CMS_get0_SignerInfos(timestamp); + if (sinfos == NULL) + return 0; /* FAILED */ + si = sk_CMS_SignerInfo_value(sinfos, 0); + if (si == NULL) + return 0; /* FAILED */ + printf("\nThe signature is timestamped: "); + print_time_t(time); + CMS_SignerInfo_get0_algs(si, NULL, NULL, &pdig, NULL); + if (pdig == NULL || pdig->algorithm == NULL) + return 0; /* FAILED */ + md_nid = OBJ_obj2nid(pdig->algorithm); + printf("Hash Algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); + if (!CMS_SignerInfo_get0_signer_id(si, NULL, &issuer, &serialno) || !issuer) + return 0; /* FAILED */ + issuer_name = X509_NAME_oneline(issuer, NULL, 0); + serialbn = ASN1_INTEGER_to_BN(serialno, NULL); + serial = BN_bn2hex(serialbn); + printf("Timestamp Verified by:\n\t\tIssuer : %s\n\t\tSerial : %s\n", issuer_name, serial); + OPENSSL_free(issuer_name); + BN_free(serialbn); + OPENSSL_free(serial); + return 1; /* OK */ +} + +/* + * RFC3852: the message-digest authenticated attribute type MUST be + * present when there are any authenticated attributes present + * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp + * [in] p7: PKCS#7 signature + * [in] verbose: additional output mode + * [returns] 0 on error or 1 on success + */ +static time_t time_t_timestamp_get_attributes(CMS_ContentInfo **timestamp, PKCS7 *p7, int verbose) +{ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_SIGNER_INFO *si; + int md_nid, i; + STACK_OF(X509_ATTRIBUTE) *auth_attr, *unauth_attr; + X509_ATTRIBUTE *attr; + ASN1_OBJECT *object; + ASN1_STRING *value; + char object_txt[128]; + time_t time = INVALID_TIME; + + signer_info = PKCS7_get_signer_info(p7); + if (!signer_info) + return INVALID_TIME; /* FAILED */ + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) + return INVALID_TIME; /* FAILED */ + md_nid = OBJ_obj2nid(si->digest_alg->algorithm); + printf("\nMessage digest algorithm: %s\n", + (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2sn(md_nid)); + printf("\nAuthenticated attributes:\n"); + auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */ + for (i=0; imoreInfo && opus->moreInfo->type == 0) { + char *url = OPENSSL_strdup((char *)opus->moreInfo->value.url->data); + printf("\tURL description: %s\n", url); + OPENSSL_free(url); + } + if (opus->programName) { + char *desc = NULL; + if (opus->programName->type == 0) { + u_char *opusdata; + int len = ASN1_STRING_to_UTF8(&opusdata, opus->programName->value.unicode); + if (len >= 0) { + desc = OPENSSL_strndup((char *)opusdata, (size_t)len); + OPENSSL_free(opusdata); + } + } else { + desc = OPENSSL_strdup((char *)opus->programName->value.ascii->data); + } + if (desc) { + printf("\tText description: %s\n", desc); + OPENSSL_free(desc); + } + } + SpcSpOpusInfo_free(opus); + } else if (!strcmp(object_txt, SPC_STATEMENT_TYPE_OBJID)) { + /* Microsoft OID: 1.3.6.1.4.1.311.2.1.11 */ + const u_char *purpose; + value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); + if (value == NULL) + continue; + purpose = ASN1_STRING_get0_data(value); + if (!memcmp(purpose, purpose_comm, sizeof purpose_comm)) + printf("\tMicrosoft Commercial Code Signing purpose\n"); + else if (!memcmp(purpose, purpose_ind, sizeof purpose_ind)) + printf("\tMicrosoft Individual Code Signing purpose\n"); + else + printf("\tUnrecognized Code Signing purpose\n"); + } else if (!strcmp(object_txt, MS_JAVA_SOMETHING)) { + /* Microsoft OID: 1.3.6.1.4.1.311.15.1 */ + const u_char *level; + value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); + if (value == NULL) + continue; + level = ASN1_STRING_get0_data(value); + if (!memcmp(level, java_attrs_low, sizeof java_attrs_low)) + printf("\tLow level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); + else + printf("\tUnrecognized level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); + } + } + + /* Unauthenticated attributes */ + unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ + for (i=0; id.sign, countersi); + if (*timestamp) { + if (!print_cms_timestamp(*timestamp, time)) + return INVALID_TIME; /* FAILED */ + } else { + printf("Error: Corrupt Authenticode Timestamp embedded content\n"); + } + } else { + printf("Error: PKCS9_TIMESTAMP_SIGNING_TIME attribute not found\n"); + PKCS7_SIGNER_INFO_free(countersi); + } + } else if (!strcmp(object_txt, SPC_RFC3161_OBJID)) { + /* RFC3161 Timestamp - Policy OID: 1.3.6.1.4.1.311.3.3.1 */ + const u_char *data; + value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); + if (value == NULL) + continue; + data = ASN1_STRING_get0_data(value); + *timestamp = d2i_CMS_ContentInfo(NULL, &data, ASN1_STRING_length(value)); + if (*timestamp == NULL) { + printf("Error: RFC3161 Timestamp could not be decoded correctly\n"); + ERR_print_errors_fp(stdout); + continue; + } + time = time_t_get_cms_time(*timestamp); + if (time != INVALID_TIME) { + if (!print_cms_timestamp(*timestamp, time)) + return INVALID_TIME; /* FAILED */ + } else { + printf("Error: Corrupt RFC3161 Timestamp embedded content\n"); + CMS_ContentInfo_free(*timestamp); + ERR_print_errors_fp(stdout); + } + } else if (!strcmp(object_txt, SPC_UNAUTHENTICATED_DATA_BLOB_OBJID)) { + /* Unauthenticated Data Blob - Policy OID: 1.3.6.1.4.1.42921.1.2.1 */ + ASN1_STRING *blob = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTF8STRING, NULL); + if (verbose) { + char *data_blob = OPENSSL_buf2hexstr(blob->data, blob->length); + printf("\nUnauthenticated Data Blob:\n%s\n", data_blob); + OPENSSL_free(data_blob); + } else { + printf("\nUnauthenticated Data Blob length: %d bytes\n", blob->length); + } + } + } + return time; +} + +/* + * Convert ASN1_TIME to time_t + * [in] s: ASN1_TIME structure + * [returns] INVALID_TIME on error or time_t on success + */ +static time_t time_t_get_asn1_time(const ASN1_TIME *s) +{ + struct tm tm; + + if ((s == NULL) || (!ASN1_TIME_check(s))) { + return INVALID_TIME; + } + if (ASN1_TIME_to_tm(s, &tm)) { +#ifdef _WIN32 + return _mkgmtime(&tm); +#else + return timegm(&tm); +#endif + } else { + return INVALID_TIME; + } +} + +/* + * Get signing time from authorized attributes + * [in] si: PKCS7_SIGNER_INFO structure + * [returns] INVALID_TIME on error or time_t on success + */ +static time_t time_t_get_si_time(PKCS7_SIGNER_INFO *si) +{ + STACK_OF(X509_ATTRIBUTE) *auth_attr; + X509_ATTRIBUTE *attr; + ASN1_OBJECT *object; + ASN1_UTCTIME *time = NULL; + time_t posix_time; + char object_txt[128]; + int i; + + auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */ + if (auth_attr) + for (i=0; idata; + token = d2i_TimeStampToken(NULL, &p, (*pos)->length); + if (token) { + asn1_time = token->time; + posix_time = time_t_get_asn1_time(asn1_time); + TimeStampToken_free(token); + } + } + return posix_time; +} + +/* + * Create new CMS_ContentInfo struct for Authenticode Timestamp. + * This struct does not contain any TimeStampToken as specified in RFC 3161. + * [in] p7_signed: PKCS#7 signedData structure + * [in] countersignature: Authenticode Timestamp decoded to PKCS7_SIGNER_INFO + * [returns] pointer to CMS_ContentInfo structure + */ +static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, + PKCS7_SIGNER_INFO *countersignature) +{ + CMS_ContentInfo *cms = NULL; + PKCS7_SIGNER_INFO *si; + PKCS7 *p7 = NULL, *content = NULL; + u_char *p = NULL; + const u_char *q; + int i, len = 0; + + p7 = PKCS7_new(); + si = sk_PKCS7_SIGNER_INFO_value(p7_signed->signer_info, 0); + if (si == NULL) + goto out; + + /* Create new signed PKCS7 timestamp structure. */ + if (!PKCS7_set_type(p7, NID_pkcs7_signed)) + goto out; + if (!PKCS7_add_signer(p7, countersignature)) + goto out; + for (i = 0; i < sk_X509_num(p7_signed->cert); i++) { + if (!PKCS7_add_certificate(p7, sk_X509_value(p7_signed->cert, i))) + goto out; + } + /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ + content = PKCS7_new(); + content->d.other = ASN1_TYPE_new(); + content->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); + ASN1_TYPE_set1(content->d.other, V_ASN1_OCTET_STRING, si->enc_digest); + /* Add encapsulated content to signed PKCS7 timestamp structure: + p7->d.sign->contents = content */ + if (!PKCS7_set_content(p7, content)) { + PKCS7_free(content); + goto out; + } + /* Convert PKCS7 into CMS_ContentInfo */ + if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { + printf("Failed to convert pkcs7: %d\n", len); + goto out; + } + len = i2d_PKCS7(p7, &p); + p -= len; + q = p; + cms = d2i_CMS_ContentInfo(NULL, &q, len); + OPENSSL_free(p); + +out: + if (!cms) + ERR_print_errors_fp(stdout); + PKCS7_free(p7); + return cms; +} + +/* + * The attribute type is SPC_INDIRECT_DATA_OBJID, so get a digest algorithm and a message digest + * from the content and compare the message digest against the computed message digest of the file + * [in] ctx: structure holds input and output data + * [in] attribute: structure holds input and output data + * [returns] 1 on error or 0 on success + */ +static int verify_member(FILE_FORMAT_CTX *ctx, CatalogAuthAttr *attribute) +{ + int mdlen, mdtype = -1; + u_char mdbuf[EVP_MAX_MD_SIZE]; + SpcIndirectDataContent *idc; + const u_char *data; + ASN1_STRING *value; + STACK_OF(ASN1_TYPE) *contents; + ASN1_TYPE *content; + const EVP_MD *md; + u_char *cmdbuf = NULL; + + value = attribute->contents->value.sequence; + data = value->data; + contents = d2i_ASN1_SET_ANY(NULL, &data, value->length); + if (contents == NULL) { + return 1; /* FAILED */ + } + content = sk_ASN1_TYPE_value(contents, 0); + sk_ASN1_TYPE_free(contents); + value = content->value.sequence; + data = value->data; + idc = d2i_SpcIndirectDataContent(NULL, &data, value->length); + if (!idc) { + printf("Failed to extract SpcIndirectDataContent data\n"); + ASN1_TYPE_free(content); + return 1; /* FAILED */ + } + if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { + /* get a digest algorithm a message digest of the file from the content */ + mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); + memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); + } + ASN1_TYPE_free(content); + if (mdtype == -1) { + printf("Failed to extract current message digest\n\n"); + return 1; /* FAILED */ + } + md = EVP_get_digestbynid(mdtype); + cmdbuf = ctx->format->digest_calc(ctx, md); + if (!cmdbuf) { + printf("Failed to compute a message digest value\n\n"); + return 1; /* Failed */ + } + mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); + if (memcmp(mdbuf, cmdbuf, (size_t)mdlen)) { + OPENSSL_free(cmdbuf); + return 1; /* FAILED */ + } else { + printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); + print_hash("Current message digest ", "", mdbuf, mdlen); + print_hash("Calculated message digest ", "\n", cmdbuf, mdlen); + } + OPENSSL_free(cmdbuf); + + if (idc->data && ctx->format->verify_indirect_data + && !ctx->format->verify_indirect_data(ctx, idc->data)) { + SpcIndirectDataContent_free(idc); + return 1; /* FAILED */ + } + SpcIndirectDataContent_free(idc); + return 0; /* OK */ +} + +/* + * Find the message digest of the file for all files added to the catalog file + * CTL (MS_CTL_OBJID) is a list of hashes of certificates or a list of hashes files + * [in] ctx: structure holds input and output data + * [in] p7: PKCS#7 signature + * [returns] 1 on error or 0 on success + */ +static int verify_content(FILE_FORMAT_CTX *ctx, PKCS7 *p7) +{ + ASN1_STRING *value; + const u_char *data; + MsCtlContent *ctlc; + int i, j; + + if (!is_content_type(p7, MS_CTL_OBJID)) { + printf("Failed to find MS_CTL_OBJID\n"); + return 1; /* FAILED */ + } + value = p7->d.sign->contents->d.other->value.sequence; + data = value->data; + ctlc = d2i_MsCtlContent(NULL, &data, value->length); + if (!ctlc) { + printf("Failed to extract MS_CTL_OBJID data\n"); + return 1; /* FAILED */ + } + ASN1_OBJECT *indir_objid = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); + for (i = 0; i < sk_CatalogInfo_num(ctlc->header_attributes); i++) { + STACK_OF(CatalogAuthAttr) *attributes; + CatalogInfo *header_attr = sk_CatalogInfo_value(ctlc->header_attributes, i); + if (header_attr == NULL) + continue; + attributes = header_attr->attributes; + for (j = 0; j < sk_CatalogAuthAttr_num(attributes); j++) { + CatalogAuthAttr *attribute = sk_CatalogAuthAttr_value(attributes, j); + if (!attribute) + continue; + if (OBJ_cmp(attribute->type, indir_objid)) + continue; + if (!verify_member(ctx, attribute)) { + /* computed message digest of the file is found in the catalog file */ + MsCtlContent_free(ctlc); + ASN1_OBJECT_free(indir_objid); + return 0; /* OK */ + } + } + } + MsCtlContent_free(ctlc); + ASN1_OBJECT_free(indir_objid); + ERR_print_errors_fp(stdout); + return 1; /* FAILED */ +} + +/* + * [in] ctx: structure holds input and output data + * [in] p7: PKCS#7 signature + * [returns] 1 on error or 0 on success + */ +static int verify_signature(FILE_FORMAT_CTX *ctx, PKCS7 *p7) +{ + int leafok, verok; + STACK_OF(X509) *signers; + X509 *signer; + char *url; + CMS_ContentInfo *timestamp = NULL; + time_t time; + + signers = PKCS7_get0_signers(p7, NULL, 0); + if (!signers || sk_X509_num(signers) != 1) { + printf("PKCS7_get0_signers error\n"); + return 1; /* FAILED */ + } + signer = sk_X509_value(signers, 0); + sk_X509_free(signers); + printf("Signer's certificate:\n"); + print_cert(signer, 0); + + if (!print_certs(p7)) + printf("Print certs error\n"); + time = time_t_timestamp_get_attributes(×tamp, p7, ctx->options->verbose); + if (ctx->options->leafhash != NULL) { + leafok = verify_leaf_hash(signer, ctx->options->leafhash); + printf("\nLeaf hash match: %s\n", leafok ? "ok" : "failed"); + if (!leafok) { + printf("Signature verification: failed\n\n"); + return 1; /* FAILED */ + } + } + if (ctx->options->catalog) + printf("\nFile is signed in catalog: %s\n", ctx->options->catalog); + printf("\nCAfile: %s\n", ctx->options->cafile); + if (ctx->options->crlfile) + printf("CRLfile: %s\n", ctx->options->crlfile); + if (ctx->options->tsa_cafile) + printf("TSA's certificates file: %s\n", ctx->options->tsa_cafile); + if (ctx->options->tsa_crlfile) + printf("TSA's CRL file: %s\n", ctx->options->tsa_crlfile); + url = clrdp_url_get_x509(signer); + if (url) { + printf("CRL distribution point: %s\n", url); + OPENSSL_free(url); + } + if (timestamp) { + if (ctx->options->ignore_timestamp) { + printf("\nTimestamp Server Signature verification is disabled\n\n"); + time = INVALID_TIME; + } else { + int timeok = verify_timestamp(ctx, p7, timestamp, time); + printf("Timestamp Server Signature verification: %s\n", timeok ? "ok" : "failed"); + if (!timeok) { + time = INVALID_TIME; + } + } + CMS_ContentInfo_free(timestamp); + ERR_clear_error(); + } else + printf("\nTimestamp is not available\n\n"); + verok = verify_authenticode(ctx, p7, time, signer); + printf("Signature verification: %s\n\n", verok ? "ok" : "failed"); + if (!verok) + return 1; /* FAILED */ + + return 0; /* OK */ +} + +/* + * Create new SIGNATURE structure, get signed and unsigned attributes, + * insert this signature to signature list + * [in, out] signatures: signature list + * [in] p7: PKCS#7 signature + * [in] allownest: allow nested signature switch + * [returns] 0 on error or 1 on success + */ +static int signature_list_append_pkcs7(STACK_OF(PKCS7) **signatures, PKCS7 *p7, int allownest) +{ + PKCS7_SIGNER_INFO *si; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; + STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); + + if (!signer_info) { + printf("Failed to obtain PKCS#7 signer info list\n"); + return 0; /* FAILED */ + } + si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); + if (!si) { + printf("Failed to obtain PKCS#7 signer info value\n"); + return 0; /* FAILED */ + } + unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ + if (unauth_attr) { + /* find Nested Signature - Policy OID: 1.3.6.1.4.1.311.2.4.1 */ + int i; + for (i=0; icatalog ? 1 : 0; + + if (!ctx->format->check_file(ctx, detached)) + return 1; /* FAILED */ + + if (detached) { + GLOBAL_OPTIONS *cat_options; + FILE_FORMAT_CTX *cat_ctx; + cat_options = OPENSSL_memdup(options, sizeof(GLOBAL_OPTIONS)); + if (!cat_options) { + printf("OPENSSL_memdup error.\n"); + return 1; /* Failed */ + } + cat_options->infile = options->catalog; + cat_options->cmd = CMD_EXTRACT; + cat_ctx = file_format_cat.ctx_new(cat_options, NULL, NULL); + if (!cat_ctx) { + printf("CAT file initialization error\n"); + return 1; /* Failed */ + } + p7 = cat_ctx->format->pkcs7_extract(cat_ctx); + cat_ctx->format->ctx_cleanup(cat_ctx, NULL, NULL); + OPENSSL_free(cat_options); + } else { + p7 = ctx->format->pkcs7_extract(ctx); + } + if (!p7) { + printf("Unable to extract existing signature\n"); + return 1; /* FAILED */ + } + signatures = sk_PKCS7_new_null(); + if (!signature_list_append_pkcs7(&signatures, p7, 1)) { + printf("Failed to create signature list\n\n"); + sk_PKCS7_pop_free(signatures, PKCS7_free); + return 1; /* FAILED */ + } + for (i = 0; i < sk_PKCS7_num(signatures); i++) { + PKCS7 *sig = sk_PKCS7_value(signatures, i); + if (detached) { + if (!verify_content(ctx, sig)) { + ret &= verify_signature(ctx, sig); + } else { + printf("Catalog verification: failed\n\n"); + } + } else if (ctx->format->verify_digests(ctx, sig)) { + printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : ""); + ret &= verify_signature(ctx, sig); + } + } + printf("Number of verified signatures: %d\n", i); + sk_PKCS7_pop_free(signatures, PKCS7_free); + if (ret) + ERR_print_errors_fp(stdout); + return ret; +} + +/* + * [in, out] ctx: structure holds input and output data + * [out] outdata: BIO outdata file + * [in] p7: PKCS#7 signature + * [returns] 1 on error or 0 on success + */ +static int save_extracted_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) +{ + int ret; + + (void)BIO_reset(outdata); + if (ctx->options->output_pkcs7) { + /* PEM format */ + ret = !PEM_write_bio_PKCS7(outdata, p7); + } else { + /* default DER format */ + ret = !i2d_PKCS7_bio(outdata, p7); + } + if (ret) { + printf("Unable to write pkcs7 object\n"); + } + return ret; +} + +/* + * [in] options: structure holds the input data + * [returns] 1 on error or 0 on success + */ +static int check_attached_data(GLOBAL_OPTIONS *options) +{ + FILE_FORMAT_CTX *ctx; + GLOBAL_OPTIONS *tmp_options = NULL; + + tmp_options = OPENSSL_memdup(options, sizeof(GLOBAL_OPTIONS)); + if (!tmp_options) { + printf("OPENSSL_memdup error.\n"); + return 1; /* Failed */ + } + tmp_options->infile = options->outfile; + tmp_options->cmd = CMD_VERIFY; + + ctx = file_format_msi.ctx_new(tmp_options, NULL, NULL); + if (!ctx) + ctx = file_format_pe.ctx_new(tmp_options, NULL, NULL); + if (!ctx) + ctx = file_format_cab.ctx_new(tmp_options, NULL, NULL); + if (!ctx) + ctx = file_format_cat.ctx_new(tmp_options, NULL, NULL); + if (!ctx) { + printf("Corrupt attached signature\n"); + OPENSSL_free(tmp_options); + return 1; /* Failed */ + } + if (verify_signed_file(ctx, tmp_options)) { + printf("Signature mismatch\n"); + ctx->format->ctx_cleanup(ctx, NULL, NULL); + OPENSSL_free(tmp_options); + return 1; /* Failed */ + } + ctx->format->ctx_cleanup(ctx, NULL, NULL); + OPENSSL_free(tmp_options); + return 0; /* OK */ +} + +/* + * [in, out] options: structure holds the input data + * [returns] none + */ +static void free_options(GLOBAL_OPTIONS *options) +{ + /* If memory has not been allocated nothing is done */ + OPENSSL_free(options->cafile); + OPENSSL_free(options->tsa_cafile); + OPENSSL_free(options->crlfile); + OPENSSL_free(options->tsa_crlfile); + /* If key is NULL nothing is done */ + EVP_PKEY_free(options->pkey); + options->pkey = NULL; + /* If X509 structure is NULL nothing is done */ + X509_free(options->cert); + options->cert = NULL; + /* Free up all elements of sk structure and sk itself */ + sk_X509_pop_free(options->certs, X509_free); + options->certs = NULL; + sk_X509_pop_free(options->xcerts, X509_free); + options->xcerts = NULL; + sk_X509_CRL_pop_free(options->crls, X509_CRL_free); + options->crls = NULL; +} + + +/* + * [in] txt, list + * [returns] 0 on error or 1 on success + */ +static int on_list(const char *txt, const char *list[]) { while (*list) if (!strcmp(txt, *list++)) - return true; - return false; + return 1; /* OK */ + return 0; /* FAILED */ } +/* + * [in] argv0, cmd + * [returns] none + */ static void usage(const char *argv0, const char *cmd) { const char *cmds_all[] = {"all", NULL}; @@ -1318,6 +2262,10 @@ static void usage(const char *argv0, const char *cmd) } } +/* + * [in] argv0, cmd + * [returns] none + */ static void help_for(const char *argv0, const char *cmd) { const char *cmds_all[] = {"all", NULL}; @@ -1527,3341 +2475,12 @@ static void help_for(const char *argv0, const char *cmd) usage(argv0, cmd); } -#define DO_EXIT_0(x) { printf(x); goto err_cleanup; } -#define DO_EXIT_1(x, y) { printf(x, y); goto err_cleanup; } -#define DO_EXIT_2(x, y, z) { printf(x, y, z); goto err_cleanup; } - -typedef enum { - FILE_TYPE_CAB, - FILE_TYPE_PE, - FILE_TYPE_MSI, - FILE_TYPE_CAT, - FILE_TYPE_ANY -} file_type_t; - -typedef enum { - CMD_SIGN, - CMD_EXTRACT, - CMD_REMOVE, - CMD_VERIFY, - CMD_ADD, - CMD_ATTACH, - CMD_HELP, - CMD_DEFAULT -} cmd_type_t; - - -static SpcLink *get_obsolete_link(void) -{ - const u_char obsolete[] = { - 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, - 0x00, 0x62, 0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, - 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, 0x3e, - 0x00, 0x3e, 0x00, 0x3e - }; - SpcLink *link = SpcLink_new(); - link->type = 2; - link->value.file = SpcString_new(); - link->value.file->type = 0; - link->value.file->value.unicode = ASN1_BMPSTRING_new(); - ASN1_STRING_set(link->value.file->value.unicode, obsolete, sizeof obsolete); - return link; -} - -static u_char *pe_calc_page_hash(char *indata, uint32_t header_size, - uint32_t pe32plus, uint32_t sigpos, int phtype, int *rphlen) -{ - uint16_t nsections, opthdr_size; - uint32_t alignment, pagesize, hdrsize; - uint32_t rs, ro, l, lastpos = 0; - int pphlen, phlen, i, pi = 1; - size_t written; - u_char *res, *zeroes; - char *sections; - const EVP_MD *md = EVP_get_digestbynid(phtype); - BIO *bhash; - - /* NumberOfSections indicates the size of the section table, - * which immediately follows the headers, can be up to 65535 under Vista and later */ - nsections = GET_UINT16_LE(indata + header_size + 6); - if (nsections == 0 || nsections > UINT16_MAX) { - printf("Corrupted number of sections: 0x%08X\n", nsections); - return NULL; /* FAILED */ - } - /* FileAlignment is the alignment factor (in bytes) that is used to align - * the raw data of sections in the image file. The value should be a power - * of 2 between 512 and 64 K, inclusive. The default is 512. */ - alignment = GET_UINT32_LE(indata + header_size + 60); - if (alignment < 512 || alignment > UINT16_MAX) { - printf("Corrupted file alignment factor: 0x%08X\n", alignment); - return NULL; /* FAILED */ - } - /* SectionAlignment is the alignment (in bytes) of sections when they are - * loaded into memory. It must be greater than or equal to FileAlignment. - * The default is the page size for the architecture. - * The large page size is at most 4 MB. - * https://devblogs.microsoft.com/oldnewthing/20210510-00/?p=105200 */ - pagesize = GET_UINT32_LE(indata + header_size + 56); - if (pagesize == 0 || pagesize < alignment || pagesize > 4194304) { - printf("Corrupted page size: 0x%08X\n", pagesize); - return NULL; /* FAILED */ - } - /* SizeOfHeaders is the combined size of an MS-DOS stub, PE header, - * and section headers rounded up to a multiple of FileAlignment. */ - hdrsize = GET_UINT32_LE(indata + header_size + 84); - if (hdrsize < header_size || hdrsize > UINT32_MAX) { - printf("Corrupted headers size: 0x%08X\n", hdrsize); - return NULL; /* FAILED */ - } - /* SizeOfOptionalHeader is the size of the optional header, which is - * required for executable files, but for object files should be zero, - * and can't be bigger than the file */ - opthdr_size = GET_UINT16_LE(indata + header_size + 20); - if (opthdr_size == 0 || opthdr_size > sigpos) { - printf("Corrupted optional header size: 0x%08X\n", opthdr_size); - return NULL; /* FAILED */ - } - pphlen = 4 + EVP_MD_size(md); - phlen = pphlen * (3 + (int)nsections + (int)(sigpos / pagesize)); - - bhash = BIO_new(BIO_f_md()); - if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(bhash); - return NULL; /* FAILED */ - } - BIO_push(bhash, BIO_new(BIO_s_null())); - if (!BIO_write_ex(bhash, indata, header_size + 88, &written) - || written != header_size + 88) { - BIO_free_all(bhash); - return NULL; /* FAILED */ - } - if (!BIO_write_ex(bhash, indata + header_size + 92, 60 + pe32plus*16, &written) - || written != 60 + pe32plus*16) { - BIO_free_all(bhash); - return NULL; /* FAILED */ - } - if (!BIO_write_ex(bhash, indata + header_size + 160 + pe32plus*16, - hdrsize - (header_size + 160 + pe32plus*16), &written) - || written != hdrsize - (header_size + 160 + pe32plus*16)) { - BIO_free_all(bhash); - return NULL; /* FAILED */ - } - zeroes = OPENSSL_zalloc((size_t)pagesize); - if (!BIO_write_ex(bhash, zeroes, pagesize - hdrsize, &written) - || written != pagesize - hdrsize) { - BIO_free_all(bhash); - OPENSSL_free(zeroes); - return NULL; /* FAILED */ - } - res = OPENSSL_malloc((size_t)phlen); - memset(res, 0, 4); - BIO_gets(bhash, (char*)res + 4, EVP_MD_size(md)); - BIO_free_all(bhash); - - sections = indata + header_size + 24 + opthdr_size; - for (i=0; i= UINT32_MAX) { - continue; - } - for (l=0; l < rs; l+=pagesize, pi++) { - PUT_UINT32_LE(ro + l, res + pi*pphlen); - bhash = BIO_new(BIO_f_md()); - if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(bhash); - OPENSSL_free(zeroes); - OPENSSL_free(res); - return NULL; /* FAILED */ - } - BIO_push(bhash, BIO_new(BIO_s_null())); - if (rs - l < pagesize) { - if (!BIO_write_ex(bhash, indata + ro + l, rs - l, &written) - || written != rs - l) { - BIO_free_all(bhash); - OPENSSL_free(zeroes); - OPENSSL_free(res); - return NULL; /* FAILED */ - } - if (!BIO_write_ex(bhash, zeroes, pagesize - (rs - l), &written) - || written != pagesize - (rs - l)) { - BIO_free_all(bhash); - OPENSSL_free(zeroes); - OPENSSL_free(res); - return NULL; /* FAILED */ - } - } else { - if (!BIO_write_ex(bhash, indata + ro + l, pagesize, &written) - || written != pagesize) { - BIO_free_all(bhash); - OPENSSL_free(zeroes); - OPENSSL_free(res); - return NULL; /* FAILED */ - } - } - BIO_gets(bhash, (char*)res + pi*pphlen + 4, EVP_MD_size(md)); - BIO_free_all(bhash); - } - lastpos = ro + rs; - sections += 40; - } - PUT_UINT32_LE(lastpos, res + pi*pphlen); - memset(res + pi*pphlen + 4, 0, (size_t)EVP_MD_size(md)); - pi++; - OPENSSL_free(zeroes); - *rphlen = pi*pphlen; - return res; -} - -static SpcLink *get_page_hash_link(int phtype, char *indata, FILE_HEADER *header) -{ - u_char *ph, *p, *tmp; - int l, phlen; - ASN1_TYPE *tostr; - SpcAttributeTypeAndOptionalValue *aval; - ASN1_TYPE *taval; - SpcSerializedObject *so; - SpcLink *link; - STACK_OF(ASN1_TYPE) *oset, *aset; - - ph = pe_calc_page_hash(indata, header->header_size, header->pe32plus, - header->fileend, phtype, &phlen); - if (!ph) { - printf("Failed to calculate page hash\n"); - return NULL; /* FAILED */ - } - print_hash("Calculated page hash ", "...", ph, (phlen < 32) ? phlen : 32); - - tostr = ASN1_TYPE_new(); - tostr->type = V_ASN1_OCTET_STRING; - tostr->value.octet_string = ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(tostr->value.octet_string, ph, phlen); - OPENSSL_free(ph); - - oset = sk_ASN1_TYPE_new_null(); - sk_ASN1_TYPE_push(oset, tostr); - l = i2d_ASN1_SET_ANY(oset, NULL); - tmp = p = OPENSSL_malloc((size_t)l); - i2d_ASN1_SET_ANY(oset, &tmp); - ASN1_TYPE_free(tostr); - sk_ASN1_TYPE_free(oset); - - aval = SpcAttributeTypeAndOptionalValue_new(); - aval->type = OBJ_txt2obj((phtype == NID_sha1) ? \ - SPC_PE_IMAGE_PAGE_HASHES_V1 : SPC_PE_IMAGE_PAGE_HASHES_V2, 1); - aval->value = ASN1_TYPE_new(); - aval->value->type = V_ASN1_SET; - aval->value->value.set = ASN1_STRING_new(); - ASN1_STRING_set(aval->value->value.set, p, l); - OPENSSL_free(p); - l = i2d_SpcAttributeTypeAndOptionalValue(aval, NULL); - tmp = p = OPENSSL_malloc((size_t)l); - i2d_SpcAttributeTypeAndOptionalValue(aval, &tmp); - SpcAttributeTypeAndOptionalValue_free(aval); - - taval = ASN1_TYPE_new(); - taval->type = V_ASN1_SEQUENCE; - taval->value.sequence = ASN1_STRING_new(); - ASN1_STRING_set(taval->value.sequence, p, l); - OPENSSL_free(p); - - aset = sk_ASN1_TYPE_new_null(); - sk_ASN1_TYPE_push(aset, taval); - l = i2d_ASN1_SET_ANY(aset, NULL); - tmp = p = OPENSSL_malloc((size_t)l); - l = i2d_ASN1_SET_ANY(aset, &tmp); - ASN1_TYPE_free(taval); - sk_ASN1_TYPE_free(aset); - - so = SpcSerializedObject_new(); - ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof classid_page_hash); - ASN1_OCTET_STRING_set(so->serializedData, p, l); - OPENSSL_free(p); - - link = SpcLink_new(); - link->type = 1; - link->value.moniker = so; - return link; -} - -static int get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *options, - FILE_HEADER *header, file_type_t type, char *indata) -{ - u_char *p; - int hashlen, l, phtype; - void *hash; - ASN1_OBJECT *dtype; - SpcIndirectDataContent *idc; - const u_char msistr[] = { - 0xf1, 0x10, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 - }; - - idc = SpcIndirectDataContent_new(); - idc->data->value = ASN1_TYPE_new(); - idc->data->value->type = V_ASN1_SEQUENCE; - idc->data->value->value.sequence = ASN1_STRING_new(); - if (type == FILE_TYPE_CAB) { - SpcLink *link = get_obsolete_link(); - l = i2d_SpcLink(link, NULL); - p = OPENSSL_malloc((size_t)l); - i2d_SpcLink(link, &p); - p -= l; - dtype = OBJ_txt2obj(SPC_CAB_DATA_OBJID, 1); - SpcLink_free(link); - } else if (type == FILE_TYPE_PE) { - SpcPeImageData *pid = SpcPeImageData_new(); - ASN1_BIT_STRING_set_bit(pid->flags, 0, 1); - if (options->pagehash) { - SpcLink *link; - phtype = NID_sha1; - if (EVP_MD_size(options->md) > EVP_MD_size(EVP_sha1())) - phtype = NID_sha256; - link = get_page_hash_link(phtype, indata, header); - if (!link) - return 0; /* FAILED */ - pid->file = link; - } else { - pid->file = get_obsolete_link(); - } - l = i2d_SpcPeImageData(pid, NULL); - p = OPENSSL_malloc((size_t)l); - i2d_SpcPeImageData(pid, &p); - p -= l; - dtype = OBJ_txt2obj(SPC_PE_IMAGE_DATA_OBJID, 1); - SpcPeImageData_free(pid); - } else if (type == FILE_TYPE_MSI) { - SpcSipInfo *si = SpcSipInfo_new(); - ASN1_INTEGER_set(si->a, 1); - ASN1_INTEGER_set(si->b, 0); - ASN1_INTEGER_set(si->c, 0); - ASN1_INTEGER_set(si->d, 0); - ASN1_INTEGER_set(si->e, 0); - ASN1_INTEGER_set(si->f, 0); - ASN1_OCTET_STRING_set(si->string, msistr, sizeof msistr); - l = i2d_SpcSipInfo(si, NULL); - p = OPENSSL_malloc((size_t)l); - i2d_SpcSipInfo(si, &p); - p -= l; - dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); - SpcSipInfo_free(si); - } else { - printf("Unexpected file type: %d\n", type); - return 0; /* FAILED */ - } - - idc->data->type = dtype; - idc->data->value->value.sequence->data = p; - idc->data->value->value.sequence->length = l; - idc->messageDigest->digestAlgorithm->algorithm = OBJ_nid2obj(EVP_MD_nid(options->md)); - idc->messageDigest->digestAlgorithm->parameters = ASN1_TYPE_new(); - idc->messageDigest->digestAlgorithm->parameters->type = V_ASN1_NULL; - - hashlen = EVP_MD_size(options->md); - hash = OPENSSL_malloc((size_t)hashlen); - memset(hash, 0, (size_t)hashlen); - ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen); - OPENSSL_free(hash); - - *len = i2d_SpcIndirectDataContent(idc, NULL); - *blob = OPENSSL_malloc((size_t)*len); - p = *blob; - i2d_SpcIndirectDataContent(idc, &p); - SpcIndirectDataContent_free(idc); - *len -= EVP_MD_size(options->md); - return 1; /* OK */ -} - -static int set_signing_blob(PKCS7 *sig, BIO *hash, u_char *buf, int len) -{ - u_char mdbuf[EVP_MAX_MD_SIZE]; - int mdlen, seqhdrlen; - BIO *sigbio; - PKCS7 *td7; - - mdlen = BIO_gets(hash, (char*)mdbuf, EVP_MAX_MD_SIZE); - memcpy(buf+len, mdbuf, (size_t)mdlen); - seqhdrlen = asn1_simple_hdr_len(buf, len); - - if ((sigbio = PKCS7_dataInit(sig, NULL)) == NULL) { - printf("PKCS7_dataInit failed\n"); - return 0; /* FAILED */ - } - BIO_write(sigbio, buf+seqhdrlen, len-seqhdrlen+mdlen); - (void)BIO_flush(sigbio); - - if (!PKCS7_dataFinal(sig, sigbio)) { - printf("PKCS7_dataFinal failed\n"); - return 0; /* FAILED */ - } - BIO_free_all(sigbio); - /* - replace the data part with the MS Authenticode - spcIndirectDataContext blob - */ - td7 = PKCS7_new(); - td7->type = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); - td7->d.other = ASN1_TYPE_new(); - td7->d.other->type = V_ASN1_SEQUENCE; - td7->d.other->value.sequence = ASN1_STRING_new(); - ASN1_STRING_set(td7->d.other->value.sequence, buf, len+mdlen); - if (!PKCS7_set_content(sig, td7)) { - PKCS7_free(td7); - printf("PKCS7_set_content failed\n"); - return 0; /* FAILED */ - } - return 1; /* OK */ -} - -static int set_content_blob(PKCS7 *sig, PKCS7 *cursig) -{ - PKCS7 *contents; - u_char *content; - int seqhdrlen, content_length; - BIO *sigbio; - - contents = cursig->d.sign->contents; - seqhdrlen = asn1_simple_hdr_len(contents->d.other->value.sequence->data, - contents->d.other->value.sequence->length); - content = contents->d.other->value.sequence->data + seqhdrlen; - content_length = contents->d.other->value.sequence->length - seqhdrlen; - - if ((sigbio = PKCS7_dataInit(sig, NULL)) == NULL) { - printf("PKCS7_dataInit failed\n"); - return 0; /* FAILED */ - } - BIO_write(sigbio, content, content_length); - (void)BIO_flush(sigbio); - if (!PKCS7_dataFinal(sig, sigbio)) { - printf("PKCS7_dataFinal failed\n"); - return 0; /* FAILED */ - } - BIO_free_all(sigbio); - if (!PKCS7_set_content(sig, PKCS7_dup(contents))) { - printf("PKCS7_set_content failed\n"); - return 0; /* FAILED */ - } - return 1; /* OK */ -} - -static int set_indirect_data_blob(PKCS7 *sig, BIO *hash, file_type_t type, - char *indata, GLOBAL_OPTIONS *options, FILE_HEADER *header) -{ - u_char *p = NULL; - int len = 0; - u_char *buf; - - if (!get_indirect_data_blob(&p, &len, options, header, type, indata)) - return 0; /* FAILED */ - buf = OPENSSL_malloc(SIZE_64K); - memcpy(buf, p, (size_t)len); - OPENSSL_free(p); - if (!set_signing_blob(sig, hash, buf, len)) { - OPENSSL_free(buf); - return 0; /* FAILED */ - } - OPENSSL_free(buf); - - return 1; /* OK */ -} - /* - * A signed PE file is padded (with 0's) to 8 byte boundary. - * Ignore any last odd byte in an unsigned file. + * [in] bin: certfile BIO + * [in] certpass: NULL + * [returns] pointer to STACK_OF(X509) structure */ -static uint32_t pe_calc_checksum(BIO *bio, FILE_HEADER *header) -{ - uint32_t checkSum = 0, offset = 0; - int nread; - unsigned short *buf = OPENSSL_malloc(SIZE_64K); - - /* recalculate the checksum */ - (void)BIO_seek(bio, 0); - while ((nread = BIO_read(bio, buf, SIZE_64K)) > 0) { - unsigned short val; - int i; - for (i = 0; i < nread / 2; i++) { - val = LE_UINT16(buf[i]); - if (offset == header->header_size + 88 || offset == header->header_size + 90) - val = 0; - checkSum += val; - checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); - offset += 2; - } - } - OPENSSL_free(buf); - checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); - checkSum += offset; - return checkSum; -} - -static void pe_recalc_checksum(BIO *bio, FILE_HEADER *header) -{ - uint32_t checksum = pe_calc_checksum(bio, header); - char buf[4]; - - /* write back checksum */ - (void)BIO_seek(bio, header->header_size + 88); - PUT_UINT32_LE(checksum, buf); - BIO_write(bio, buf, 4); -} - -static uint32_t pe_calc_realchecksum(char *indata, FILE_HEADER *header) -{ - uint32_t n = 0, checkSum = 0, offset = 0; - BIO *bio = BIO_new(BIO_s_mem()); - unsigned short *buf = OPENSSL_malloc(SIZE_64K); - - /* calculate the checkSum */ - while (n < header->fileend) { - size_t i, written, nread; - size_t left = header->fileend - n; - unsigned short val; - if (left > SIZE_64K) - left = SIZE_64K; - if (!BIO_write_ex(bio, indata + n, left, &written)) - goto err; /* FAILED */ - (void)BIO_seek(bio, 0); - n += (uint32_t)written; - if (!BIO_read_ex(bio, buf, written, &nread)) - goto err; /* FAILED */ - for (i = 0; i < nread / 2; i++) { - val = LE_UINT16(buf[i]); - if (offset == header->header_size + 88 || offset == header->header_size + 90) - val = 0; - checkSum += val; - checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); - offset += 2; - } - } - checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); - checkSum += offset; -err: - OPENSSL_free(buf); - BIO_free(bio); - return checkSum; -} - -static int verify_leaf_hash(X509 *leaf, const char *leafhash) -{ - int ret = 1; - u_char *mdbuf = NULL, *certbuf, *tmp; - u_char cmdbuf[EVP_MAX_MD_SIZE]; - const EVP_MD *md; - long mdlen = 0; - size_t certlen, written; - BIO *bhash = BIO_new(BIO_f_md()); - - /* decode the provided hash */ - char *mdid = OPENSSL_strdup(leafhash); - char *hash = strchr(mdid, ':'); - if (hash == NULL) { - printf("\nUnable to parse -require-leaf-hash parameter: %s\n", leafhash); - goto out; - } - *hash++ = '\0'; - md = EVP_get_digestbyname(mdid); - if (md == NULL) { - printf("\nUnable to lookup digest by name '%s'\n", mdid); - goto out; - } - mdbuf = OPENSSL_hexstr2buf(hash, &mdlen); - if (mdlen != EVP_MD_size(md)) { - printf("\nHash length mismatch: '%s' digest must be %d bytes long (got %ld bytes)\n", - mdid, EVP_MD_size(md), mdlen); - goto out; - } - /* compute the leaf certificate hash */ - if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); - goto out; - } - BIO_push(bhash, BIO_new(BIO_s_null())); - certlen = (size_t)i2d_X509(leaf, NULL); - certbuf = OPENSSL_malloc(certlen); - tmp = certbuf; - i2d_X509(leaf, &tmp); - if (!BIO_write_ex(bhash, certbuf, certlen, &written) || written != certlen) { - OPENSSL_free(certbuf); - goto out; - } - BIO_gets(bhash, (char*)cmdbuf, EVP_MD_size(md)); - OPENSSL_free(certbuf); - - /* compare the provided hash against the computed hash */ - if (memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md))) { - print_hash("\nLeaf hash value mismatch", "computed", cmdbuf, EVP_MD_size(md)); - goto out; - } - ret = 0; /* OK */ -out: - BIO_free_all(bhash); - OPENSSL_free(mdid); - OPENSSL_free(mdbuf); - return ret; -} - -static int asn1_print_time(const ASN1_TIME *time) -{ - BIO *bp; - - if ((time == NULL) || (!ASN1_TIME_check(time))) { - printf("N/A\n"); - return 0; /* FAILED */ - } - bp = BIO_new_fp(stdout, BIO_NOCLOSE); - ASN1_TIME_print(bp, time); - BIO_free(bp); - printf("\n"); - return 1; /* OK */ -} - -static int print_time_t(const time_t time) -{ - ASN1_TIME *s; - int ret; - - if (time == INVALID_TIME) { - printf("N/A\n"); - return 0; /* FAILED */ - } - if ((s = ASN1_TIME_set(NULL, time)) == NULL) { - printf("N/A\n"); - return 0; /* FAILED */ - } - ret = asn1_print_time(s); - ASN1_TIME_free(s); - return ret; - -} - -static time_t asn1_get_time_t(const ASN1_TIME *s) -{ - struct tm tm; - - if ((s == NULL) || (!ASN1_TIME_check(s))) { - return INVALID_TIME; - } - if (ASN1_TIME_to_tm(s, &tm)) { -#ifdef _WIN32 - return _mkgmtime(&tm); -#else - return timegm(&tm); -#endif - } else { - return INVALID_TIME; - } -} - -static int print_cert(X509 *cert, int i) -{ - char *subject, *issuer, *serial; - BIGNUM *serialbn; - - subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); - serialbn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), NULL); - serial = BN_bn2hex(serialbn); - if (i > 0) - printf("\t------------------\n"); - printf("\tSigner #%d:\n\t\tSubject: %s\n\t\tIssuer : %s\n\t\tSerial : %s\n\t\tCertificate expiration date:\n", - i, subject, issuer, serial); - printf("\t\t\tnotBefore : "); - asn1_print_time(X509_get0_notBefore(cert)); - printf("\t\t\tnotAfter : "); - asn1_print_time(X509_get0_notAfter(cert)); - - OPENSSL_free(subject); - OPENSSL_free(issuer); - BN_free(serialbn); - OPENSSL_free(serial); - return 1; /* OK */ -} - -static X509 *find_signer(PKCS7 *p7, char *leafhash, int *leafok) -{ - STACK_OF(X509) *signers; - X509 *cert = NULL; - int ret = 0; - - /* - * retrieve the signer's certificate from p7, - * search only internal certificates if it was requested - */ - signers = PKCS7_get0_signers(p7, NULL, 0); - if (!signers || sk_X509_num(signers) != 1) { - printf("PKCS7_get0_signers error\n"); - goto out; - } - printf("Signer's certificate:\n"); - cert = sk_X509_value(signers, 0); - if ((cert == NULL) || (!print_cert(cert, 0))) - goto out; - if (leafhash != NULL && *leafok == 0) - *leafok = verify_leaf_hash(cert, leafhash) == 0; - - ret = 1; /* OK */ -out: - if (!ret) - ERR_print_errors_fp(stdout); - sk_X509_free(signers); - return cert; -} - -static int print_certs(PKCS7 *p7) -{ - X509 *cert; - int i, count; - - count = sk_X509_num(p7->d.sign->cert); - printf("\nNumber of certificates: %d\n", count); - for (i=0; id.sign->cert, i); - if ((cert == NULL) || (!print_cert(cert, i))) - return 0; /* FAILED */ - } - return 1; /* OK */ -} - -static time_t si_get_time(PKCS7_SIGNER_INFO *si) -{ - STACK_OF(X509_ATTRIBUTE) *auth_attr; - X509_ATTRIBUTE *attr; - ASN1_OBJECT *object; - ASN1_UTCTIME *time = NULL; - time_t posix_time; - char object_txt[128]; - int i; - - auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */ - if (auth_attr) - for (i=0; idata; - token = d2i_TimeStampToken(NULL, &p, (*pos)->length); - if (token) { - asn1_time = token->time; - posix_time = asn1_get_time_t(asn1_time); - TimeStampToken_free(token); - } - } - return posix_time; -} - -static int verify_callback(int ok, X509_STORE_CTX *ctx) -{ - int error = X509_STORE_CTX_get_error(ctx); - int depth = X509_STORE_CTX_get_error_depth(ctx); - - if (!ok && error == X509_V_ERR_CERT_HAS_EXPIRED) { - if (depth == 0) { - printf("\nWarning: Ignoring expired signer certificate for CRL validation\n"); - return 1; - } else { - X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); - printf("\nError: Expired CA certificate:\n"); - print_cert(current_cert, 0); - printf("\n"); - } - } - return ok; -} - -static int load_crlfile_lookup(X509_STORE *store, char *certs, char *crl) -{ - X509_LOOKUP *lookup; - X509_VERIFY_PARAM *param; - - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (!lookup) - return 0; /* FAILED */ - if (!X509_load_cert_file(lookup, certs, X509_FILETYPE_PEM)) { - printf("\nError: no certificate found\n"); - return 0; /* FAILED */ - } - if (crl && !X509_load_crl_file(lookup, crl, X509_FILETYPE_PEM)) { - printf("\nError: no CRL found in %s\n", crl); - return 0; /* FAILED */ - } - - param = X509_STORE_get0_param(store); - if (param == NULL) - return 0; /* FAILED */ - /* enable CRL checking for the certificate chain leaf certificate */ - if (!X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK)) - return 0; /* FAILED */ - if (!X509_STORE_set1_param(store, param)) - return 0; /* FAILED */ - X509_STORE_set_verify_cb(store, verify_callback); - - return 1; /* OK */ -} - -static int load_file_lookup(X509_STORE *store, char *certs) -{ - X509_LOOKUP *lookup; - X509_VERIFY_PARAM *param; - - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (!lookup || !certs) - return 0; /* FAILED */ - if (!X509_load_cert_file(lookup, certs, X509_FILETYPE_PEM)) { - printf("\nError: no certificate found\n"); - return 0; /* FAILED */ - } - - param = X509_STORE_get0_param(store); - if (param == NULL) - return 0; /* FAILED */ - if (!X509_VERIFY_PARAM_set_purpose(param, X509_PURPOSE_ANY)) - return 0; /* FAILED */ - if (!X509_STORE_set1_param(store, param)) - return 0; /* FAILED */ - - return 1; /* OK */ -} - -static int set_store_time(X509_STORE *store, time_t time) -{ - X509_VERIFY_PARAM *param; - - param = X509_STORE_get0_param(store); - if (param == NULL) - return 0; /* FAILED */ - X509_VERIFY_PARAM_set_time(param, time); - if (!X509_STORE_set1_param(store, param)) - return 0; /* FAILED */ - return 1; /* OK */ -} - -static int cms_print_timestamp(CMS_ContentInfo *cms, time_t time) -{ - STACK_OF(CMS_SignerInfo) *sinfos; - CMS_SignerInfo *si; - int md_nid; - ASN1_INTEGER *serialno; - char *issuer_name, *serial; - BIGNUM *serialbn; - X509_ALGOR *pdig; - X509_NAME *issuer = NULL; - - sinfos = CMS_get0_SignerInfos(cms); - if (sinfos == NULL) - return 0; /* FAILED */ - si = sk_CMS_SignerInfo_value(sinfos, 0); - if (si == NULL) - return 0; /* FAILED */ - printf("\nThe signature is timestamped: "); - print_time_t(time); - CMS_SignerInfo_get0_algs(si, NULL, NULL, &pdig, NULL); - if (pdig == NULL || pdig->algorithm == NULL) - return 0; /* FAILED */ - md_nid = OBJ_obj2nid(pdig->algorithm); - printf("Hash Algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); - if (!CMS_SignerInfo_get0_signer_id(si, NULL, &issuer, &serialno) || !issuer) - return 0; /* FAILED */ - issuer_name = X509_NAME_oneline(issuer, NULL, 0); - serialbn = ASN1_INTEGER_to_BN(serialno, NULL); - serial = BN_bn2hex(serialbn); - printf("Timestamp Verified by:\n\t\tIssuer : %s\n\t\tSerial : %s\n", issuer_name, serial); - OPENSSL_free(issuer_name); - BN_free(serialbn); - OPENSSL_free(serial); - return 1; /* OK */ -} - -/* - * Create new CMS_ContentInfo struct for Authenticode Timestamp. - * This struct does not contain any TimeStampToken as specified in RFC 3161. - */ -static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, PKCS7_SIGNER_INFO *countersignature) -{ - CMS_ContentInfo *cms = NULL; - PKCS7_SIGNER_INFO *si; - PKCS7 *p7 = NULL, *content = NULL; - u_char *p = NULL; - const u_char *q; - int i, len = 0; - - p7 = PKCS7_new(); - si = sk_PKCS7_SIGNER_INFO_value(p7_signed->signer_info, 0); - if (si == NULL) - goto out; - - /* Create new signed PKCS7 timestamp structure. */ - if (!PKCS7_set_type(p7, NID_pkcs7_signed)) - goto out; - if (!PKCS7_add_signer(p7, countersignature)) - goto out; - for (i = 0; i < sk_X509_num(p7_signed->cert); i++) { - if (!PKCS7_add_certificate(p7, sk_X509_value(p7_signed->cert, i))) - goto out; - } - - /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ - content = PKCS7_new(); - content->d.other = ASN1_TYPE_new(); - content->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); - ASN1_TYPE_set1(content->d.other, V_ASN1_OCTET_STRING, si->enc_digest); - /* Add encapsulated content to signed PKCS7 timestamp structure: - p7->d.sign->contents = content */ - if (!PKCS7_set_content(p7, content)) { - PKCS7_free(content); - goto out; - } - - /* Convert PKCS7 into CMS_ContentInfo */ - if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { - printf("Failed to convert pkcs7: %d\n", len); - goto out; - } - len = i2d_PKCS7(p7, &p); - p -= len; - q = p; - cms = d2i_CMS_ContentInfo(NULL, &q, len); - OPENSSL_free(p); - -out: - if (!cms) - ERR_print_errors_fp(stdout); - PKCS7_free(p7); - return cms; -} - -/* - * RFC3852: the message-digest authenticated attribute type MUST be - * present when there are any authenticated attributes present - */ -static int print_attributes(SIGNATURE *signature, int verbose) -{ - const u_char *mdbuf; - int len; - - if (!signature->digest) - return 0; /* FAILED */ - - printf("\nAuthenticated attributes:\n"); - printf("\tMessage digest algorithm: %s\n", - (signature->md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2sn(signature->md_nid)); - mdbuf = ASN1_STRING_get0_data(signature->digest); - len = ASN1_STRING_length(signature->digest); - print_hash("\tMessage digest", "", mdbuf, len); - printf("\tSigning time: "); - print_time_t(signature->signtime); - - if (signature->purpose) { - if (!memcmp(signature->purpose, purpose_comm, sizeof purpose_comm)) - printf("\tMicrosoft Commercial Code Signing purpose\n"); - else if (!memcmp(signature->purpose, purpose_ind, sizeof purpose_ind)) - printf("\tMicrosoft Individual Code Signing purpose\n"); - else - printf("\tUnrecognized Code Signing purpose\n"); - } - if (signature->url) { - printf("\tURL description: %s\n", signature->url); - } - if (signature->desc) { - printf("\tText description: %s\n", signature->desc); - } - if (signature->level) { - if (!memcmp(signature->level, java_attrs_low, sizeof java_attrs_low)) - printf("\tLow level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); - else - printf("\tUnrecognized level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); - } - - /* Unauthenticated attributes */ - if (signature->timestamp) { - if (!cms_print_timestamp(signature->timestamp, signature->time)) - return 0; /* FAILED */ - } - if (signature->blob) { - if (verbose) { - char *data_blob; - data_blob = OPENSSL_buf2hexstr(signature->blob->data, signature->blob->length); - printf("\nUnauthenticated Data Blob:\n%s\n", data_blob); - OPENSSL_free(data_blob); - } - printf("\nUnauthenticated Data Blob length: %d bytes\n",signature->blob->length); - } - return 1; /* OK */ -} - -static void get_signed_attributes(SIGNATURE *signature, STACK_OF(X509_ATTRIBUTE) *auth_attr) -{ - X509_ATTRIBUTE *attr; - ASN1_OBJECT *object; - ASN1_STRING *value; - char object_txt[128]; - const u_char *data; - int i; - - for (i=0; idigest = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_OCTET_STRING, NULL); - } else if (!strcmp(object_txt, PKCS9_SIGNING_TIME)) { - /* PKCS#9 signing time - Policy OID: 1.2.840.113549.1.9.5 */ - ASN1_UTCTIME *time; - time = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTCTIME, NULL); - signature->signtime = asn1_get_time_t(time); - } else if (!strcmp(object_txt, SPC_SP_OPUS_INFO_OBJID)) { - /* Microsoft OID: 1.3.6.1.4.1.311.2.1.12 */ - SpcSpOpusInfo *opus; - value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); - if (value == NULL) - continue; - data = ASN1_STRING_get0_data(value); - opus = d2i_SpcSpOpusInfo(NULL, &data, ASN1_STRING_length(value)); - if (opus == NULL) - continue; - if (opus->moreInfo && opus->moreInfo->type == 0) - signature->url = OPENSSL_strdup((char *)opus->moreInfo->value.url->data); - if (opus->programName) { - if (opus->programName->type == 0) { - u_char *desc; - int len = ASN1_STRING_to_UTF8(&desc, opus->programName->value.unicode); - if (len >= 0) { - signature->desc = OPENSSL_strndup((char *)desc, (size_t)len); - OPENSSL_free(desc); - } - } else { - signature->desc = OPENSSL_strdup((char *)opus->programName->value.ascii->data); - } - } - SpcSpOpusInfo_free(opus); - } else if (!strcmp(object_txt, SPC_STATEMENT_TYPE_OBJID)) { - /* Microsoft OID: 1.3.6.1.4.1.311.2.1.11 */ - value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); - if (value == NULL) - continue; - signature->purpose = ASN1_STRING_get0_data(value); - } else if (!strcmp(object_txt, MS_JAVA_SOMETHING)) { - /* Microsoft OID: 1.3.6.1.4.1.311.15.1 */ - value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); - if (value == NULL) - continue; - signature->level = ASN1_STRING_get0_data(value); - } - } -} - -static void signature_free(SIGNATURE *signature) -{ - if (signature->timestamp) { - CMS_ContentInfo_free(signature->timestamp); - ERR_clear_error(); - } - PKCS7_free(signature->p7); - /* If memory has not been allocated nothing is done */ - OPENSSL_free(signature->url); - OPENSSL_free(signature->desc); - OPENSSL_free(signature); -} - -static int append_signature_list(STACK_OF(SIGNATURE) **signatures, PKCS7 *p7, int allownest); - -static void get_unsigned_attributes(STACK_OF(SIGNATURE) **signatures, SIGNATURE *signature, - STACK_OF(X509_ATTRIBUTE) *unauth_attr, PKCS7 *p7, int allownest) -{ - X509_ATTRIBUTE *attr; - ASN1_OBJECT *object; - ASN1_STRING *value; - char object_txt[128]; - const u_char *data; - int i, j; - - for (i=0; id.sign, countersi); - if (timestamp) { - signature->time = time; - signature->timestamp = timestamp; - } else { - printf("Error: Corrupt Authenticode Timestamp embedded content\n"); - } - } else { - printf("Error: PKCS9_TIMESTAMP_SIGNING_TIME attribute not found\n"); - PKCS7_SIGNER_INFO_free(countersi); - } - } else if (!strcmp(object_txt, SPC_RFC3161_OBJID)) { - /* RFC3161 Timestamp - Policy OID: 1.3.6.1.4.1.311.3.3.1 */ - CMS_ContentInfo *timestamp = NULL; - time_t time; - value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); - if (value == NULL) - continue; - data = ASN1_STRING_get0_data(value); - timestamp = d2i_CMS_ContentInfo(NULL, &data, ASN1_STRING_length(value)); - if (timestamp == NULL) { - printf("Error: RFC3161 Timestamp could not be decoded correctly\n"); - ERR_print_errors_fp(stdout); - continue; - } - time = cms_get_time(timestamp); - if (time != INVALID_TIME) { - signature->time = time; - signature->timestamp = timestamp; - } else { - printf("Error: Corrupt RFC3161 Timestamp embedded content\n"); - CMS_ContentInfo_free(timestamp); - ERR_print_errors_fp(stdout); - } - } else if (allownest && !strcmp(object_txt, SPC_NESTED_SIGNATURE_OBJID)) { - /* Nested Signature - Policy OID: 1.3.6.1.4.1.311.2.4.1 */ - PKCS7 *nested; - for (j=0; jblob = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTF8STRING, NULL); - } else - printf("Unsupported Policy OID: %s\n\n", object_txt); - } -} - -static int append_signature_list(STACK_OF(SIGNATURE) **signatures, PKCS7 *p7, int allownest) -{ - SIGNATURE *signature = NULL; - PKCS7_SIGNER_INFO *si; - STACK_OF(X509_ATTRIBUTE) *auth_attr, *unauth_attr; - STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); - - if (!signer_info) - return 0; /* FAILED */ - si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); - if (!si) - return 0; /* FAILED */ - - signature = OPENSSL_malloc(sizeof(SIGNATURE)); - signature->p7 = p7; - signature->md_nid = OBJ_obj2nid(si->digest_alg->algorithm); - signature->digest = NULL; - signature->signtime = INVALID_TIME; - signature->url = NULL; - signature->desc = NULL; - signature->purpose = NULL; - signature->level = NULL; - signature->timestamp = NULL; - signature->time = INVALID_TIME; - signature->blob = NULL; - - auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */ - if (auth_attr) - get_signed_attributes(signature, auth_attr); - - unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ - if (unauth_attr) - get_unsigned_attributes(signatures, signature, unauth_attr, p7, allownest); - - if (!sk_SIGNATURE_unshift(*signatures, signature)) { - printf("Failed to insert signature\n"); - signature_free(signature); - return 0; /* FAILED */ - } - return 1; /* OK */ -} - -/* - * compare the hash provided from the TSTInfo object against the hash computed - * from the signature created by the signing certificate's private key -*/ -static int TST_verify(CMS_ContentInfo *timestamp, PKCS7_SIGNER_INFO *si) -{ - ASN1_OCTET_STRING *hash, **pos; - TimeStampToken *token = NULL; - const u_char *p = NULL; - u_char mdbuf[EVP_MAX_MD_SIZE]; - const EVP_MD *md; - int md_nid; - BIO *bhash; - - pos = CMS_get0_content(timestamp); - if (pos != NULL && *pos != NULL) { - p = (*pos)->data; - token = d2i_TimeStampToken(NULL, &p, (*pos)->length); - if (token) { - /* compute a hash from the encrypted message digest value of the file */ - md_nid = OBJ_obj2nid(token->messageImprint->digestAlgorithm->algorithm); - md = EVP_get_digestbynid(md_nid); - bhash = BIO_new(BIO_f_md()); - if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(bhash); - return 0; /* FAILED */ - } - BIO_push(bhash, BIO_new(BIO_s_null())); - BIO_write(bhash, si->enc_digest->data, si->enc_digest->length); - BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); - BIO_free_all(bhash); - - /* compare the provided hash against the computed hash */ - hash = token->messageImprint->digest; - /* hash->length == EVP_MD_size(md) */ - if (memcmp(mdbuf, hash->data, (size_t)hash->length)) { - printf("Hash value mismatch:\n\tMessage digest algorithm: %s\n", - (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); - print_hash("\tComputed message digest", "", mdbuf, EVP_MD_size(md)); - print_hash("\tReceived message digest", "", hash->data, hash->length); - printf("\nFile's message digest verification: failed\n"); - TimeStampToken_free(token); - return 0; /* FAILED */ - } /* else Computed and received message digests matched */ - TimeStampToken_free(token); - } else - /* our CMS_ContentInfo struct created for Authenticode Timestamp - * does not contain any TimeStampToken as specified in RFC 3161 */ - ERR_clear_error(); - } - return 1; /* OK */ -} - -static int append_nested_signature(STACK_OF(X509_ATTRIBUTE) **unauth_attr, u_char *p, int len) -{ - X509_ATTRIBUTE *attr = NULL; - int nid = OBJ_txt2nid(SPC_NESTED_SIGNATURE_OBJID); - - if (*unauth_attr == NULL) { - if ((*unauth_attr = sk_X509_ATTRIBUTE_new_null()) == NULL) - return 0; /* FAILED */ - } else { - /* try to find SPC_NESTED_SIGNATURE_OBJID attribute */ - int i; - for (i = 0; i < sk_X509_ATTRIBUTE_num(*unauth_attr); i++) { - attr = sk_X509_ATTRIBUTE_value(*unauth_attr, i); - if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { - /* append p to the V_ASN1_SEQUENCE */ - if (!X509_ATTRIBUTE_set1_data(attr, V_ASN1_SEQUENCE, p, len)) - return 0; /* FAILED */ - return 1; /* OK */ - } - } - } - /* create new unauthorized SPC_NESTED_SIGNATURE_OBJID attribute */ - attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, V_ASN1_SEQUENCE, p, len); - if (!attr) - return 0; /* FAILED */ - if (!sk_X509_ATTRIBUTE_push(*unauth_attr, attr)) { - X509_ATTRIBUTE_free(attr); - return 0; /* FAILED */ - } - - return 1; /* OK */ -} - -/* - * pkcs7_set_nested_signature adds the p7nest signature to p7 - * as a nested signature (SPC_NESTED_SIGNATURE). - */ -static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest, time_t time) -{ - u_char *p = NULL; - int len = 0; - PKCS7_SIGNER_INFO *si; - STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); - - if (!signer_info) - return 0; /* FAILED */ - si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); - if (!si) - return 0; /* FAILED */ - if (((len = i2d_PKCS7(p7nest, NULL)) <= 0) || - (p = OPENSSL_malloc((size_t)len)) == NULL) - return 0; /* FAILED */ - i2d_PKCS7(p7nest, &p); - p -= len; - - pkcs7_add_signing_time(si, time); - if (!append_nested_signature(&(si->unauth_attr), p, len)) { - OPENSSL_free(p); - return 0; /* FAILED */ - } - OPENSSL_free(p); - return 1; /* OK */ -} - -static char *get_clrdp_url(X509 *cert) -{ - STACK_OF(DIST_POINT) *crldp; - DIST_POINT *dp; - GENERAL_NAMES *gens; - GENERAL_NAME *gen; - int i, j, gtype; - ASN1_STRING *uri; - char *url = NULL; - - crldp = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL); - if (!crldp) - return NULL; - - for (i = 0; i < sk_DIST_POINT_num(crldp); i++) { - dp = sk_DIST_POINT_value(crldp, i); - if (!dp->distpoint || dp->distpoint->type != 0) - continue; - gens = dp->distpoint->name.fullname; - for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { - gen = sk_GENERAL_NAME_value(gens, j); - uri = GENERAL_NAME_get0_value(gen, >ype); - if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { - url = OPENSSL_strdup((const char *)ASN1_STRING_get0_data(uri)); - if (strncmp(url, "http://", 7) == 0) - goto out; - OPENSSL_free(url); - url = NULL; - } - } - } -out: - sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); - return url; -} - -static int verify_crl(char *ca_file, char *crl_file, STACK_OF(X509_CRL) *crls, - X509 *signer, STACK_OF(X509) *chain) -{ - X509_STORE *store = NULL; - X509_STORE_CTX *ctx = NULL; - int verok = 0; - - ctx = X509_STORE_CTX_new(); - if (!ctx) - goto out; - store = X509_STORE_new(); - if (!store) - goto out; - if (!load_crlfile_lookup(store, ca_file, crl_file)) - goto out; - - /* initialise an X509_STORE_CTX structure for subsequent use by X509_verify_cert()*/ - if (!X509_STORE_CTX_init(ctx, store, signer, chain)) - goto out; - - /* set an additional CRLs */ - if (crls) - X509_STORE_CTX_set0_crls(ctx, crls); - - if (X509_verify_cert(ctx) <= 0) { - int error = X509_STORE_CTX_get_error(ctx); - printf("\nX509_verify_cert: certificate verify error: %s\n", - X509_verify_cert_error_string(error)); - goto out; - } - verok = 1; /* OK */ - -out: - if (!verok) - ERR_print_errors_fp(stdout); - /* NULL is a valid parameter value for X509_STORE_free() and X509_STORE_CTX_free() */ - X509_STORE_free(store); - X509_STORE_CTX_free(ctx); - return verok; -} - -static int verify_timestamp(SIGNATURE *signature, GLOBAL_OPTIONS *options) -{ - X509_STORE *store; - STACK_OF(CMS_SignerInfo) *sinfos; - STACK_OF(PKCS7_SIGNER_INFO) *signer_info; - CMS_SignerInfo *cmssi; - X509 *signer; - STACK_OF(X509_CRL) *crls; - char *url; - PKCS7_SIGNER_INFO *si; - int verok = 0; - - store = X509_STORE_new(); - if (!store) - goto out; - if (load_file_lookup(store, options->tsa_cafile)) { - /* - * The TSA signing key MUST be of a sufficient length to allow for a sufficiently - * long lifetime. Even if this is done, the key will have a finite lifetime. - * Thus, any token signed by the TSA SHOULD be time-stamped again or notarized - * at a later date to renew the trust that exists in the TSA's signature. - * https://datatracker.ietf.org/doc/html/rfc3161#section-4 - * Signtool does not respect this RFC and neither we do. - * So verify timestamp against the time of its creation. - */ - if (!set_store_time(store, signature->time)) { - printf("Failed to set store time\n"); - X509_STORE_free(store); - goto out; - } - } else { - printf("Use the \"-TSA-CAfile\" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.\n"); - X509_STORE_free(store); - goto out; - } - - /* verify a CMS SignedData structure */ - if (!CMS_verify(signature->timestamp, NULL, store, 0, NULL, 0)) { - printf("\nCMS_verify error\n"); - X509_STORE_free(store); - goto out; - } - X509_STORE_free(store); - - sinfos = CMS_get0_SignerInfos(signature->timestamp); - cmssi = sk_CMS_SignerInfo_value(sinfos, 0); - CMS_SignerInfo_get0_algs(cmssi, NULL, &signer, NULL, NULL); - - url = get_clrdp_url(signer); - if (url) { - printf("TSA's CRL distribution point: %s\n", url); - OPENSSL_free(url); - } - - /* verify a Certificate Revocation List */ - crls = signature->p7->d.sign->crl; - if (options->tsa_crlfile || crls) { - STACK_OF(X509) *chain = CMS_get1_certs(signature->timestamp); - int crlok = verify_crl(options->tsa_cafile, options->tsa_crlfile, crls, signer, chain); - sk_X509_pop_free(chain, X509_free); - printf("Timestamp Server Signature CRL verification: %s\n", crlok ? "ok" : "failed"); - if (!crlok) - goto out; - } else - printf("\n"); - - /* check extended key usage flag XKU_TIMESTAMP */ - if (!(X509_get_extended_key_usage(signer) & XKU_TIMESTAMP)) { - printf("Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); - goto out; - } - - /* verify the hash provided from the trusted timestamp */ - signer_info = PKCS7_get_signer_info(signature->p7); - if (!signer_info) - goto out; - si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); - if (!si) - goto out; - if (!TST_verify(signature->timestamp, si)) - goto out; - - verok = 1; /* OK */ -out: - if (!verok) - ERR_print_errors_fp(stdout); - return verok; -} - -static int verify_authenticode(SIGNATURE *signature, GLOBAL_OPTIONS *options, X509 *signer) -{ - X509_STORE *store; - STACK_OF(X509_CRL) *crls; - BIO *bio = NULL; - int verok = 0; - - store = X509_STORE_new(); - if (!store) - goto out; - if (!load_file_lookup(store, options->cafile)) { - printf("Failed to add store lookup file\n"); - X509_STORE_free(store); - goto out; - } - if (signature->time != INVALID_TIME) { - printf("Signature verification time: "); - print_time_t(signature->time); - if (!set_store_time(store, signature->time)) { - printf("Failed to set signature time\n"); - X509_STORE_free(store); - goto out; - } - } else if (options->time != INVALID_TIME) { - printf("Signature verification time: "); - print_time_t(options->time); - if (!set_store_time(store, options->time)) { - printf("Failed to set verifying time\n"); - X509_STORE_free(store); - goto out; - } - } - /* verify a PKCS#7 signedData structure */ - if (signature->p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE) { - /* only verify the contents of the sequence */ - int seqhdrlen; - seqhdrlen = asn1_simple_hdr_len(signature->p7->d.sign->contents->d.other->value.sequence->data, - signature->p7->d.sign->contents->d.other->value.sequence->length); - bio = BIO_new_mem_buf(signature->p7->d.sign->contents->d.other->value.sequence->data + seqhdrlen, - signature->p7->d.sign->contents->d.other->value.sequence->length - seqhdrlen); - } else { - /* verify the entire value */ - bio = BIO_new_mem_buf(signature->p7->d.sign->contents->d.other->value.sequence->data, - signature->p7->d.sign->contents->d.other->value.sequence->length); - } - if (!PKCS7_verify(signature->p7, NULL, store, bio, NULL, 0)) { - printf("\nPKCS7_verify error\n"); - X509_STORE_free(store); - BIO_free(bio); - goto out; - } - X509_STORE_free(store); - BIO_free(bio); - - /* verify a Certificate Revocation List */ - crls = signature->p7->d.sign->crl; - if (options->crlfile || crls) { - STACK_OF(X509) *chain = signature->p7->d.sign->cert; - int crlok = verify_crl(options->cafile, options->crlfile, crls, signer, chain); - printf("Signature CRL verification: %s\n", crlok ? "ok" : "failed"); - if (!crlok) - goto out; - } - - /* check extended key usage flag XKU_CODE_SIGN */ - if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) { - printf("Unsupported Signer's certificate purpose XKU_CODE_SIGN\n"); - goto out; - } - - verok = 1; /* OK */ -out: - if (!verok) - ERR_print_errors_fp(stdout); - return verok; -} - -static int verify_signature(SIGNATURE *signature, GLOBAL_OPTIONS *options) -{ - int leafok = 0, verok; - X509 *signer; - char *url; - - signer = find_signer(signature->p7, options->leafhash, &leafok); - if (!signer) { - printf("Find signer error\n"); - return 1; /* FAILED */ - } - if (!print_certs(signature->p7)) - printf("Print certs error\n"); - if (!print_attributes(signature, options->verbose)) - printf("Print attributes error\n"); - if (options->leafhash != NULL) { - printf("\nLeaf hash match: %s\n", leafok ? "ok" : "failed"); - if (!leafok) { - printf("Signature verification: failed\n\n"); - return 1; /* FAILED */ - } - } - if (options->catalog) - printf("\nFile is signed in catalog: %s\n", options->catalog); - printf("\nCAfile: %s\n", options->cafile); - if (options->crlfile) - printf("CRLfile: %s\n", options->crlfile); - if (options->tsa_cafile) - printf("TSA's certificates file: %s\n", options->tsa_cafile); - if (options->tsa_crlfile) - printf("TSA's CRL file: %s\n", options->tsa_crlfile); - url = get_clrdp_url(signer); - if (url) { - printf("CRL distribution point: %s\n", url); - OPENSSL_free(url); - } - - if (signature->timestamp) { - if (!options->ignore_timestamp) { - int timeok = verify_timestamp(signature, options); - printf("Timestamp Server Signature verification: %s\n", timeok ? "ok" : "failed"); - if (!timeok) { - signature->time = INVALID_TIME; - } - } else { - printf("\nTimestamp Server Signature verification is disabled\n\n"); - signature->time = INVALID_TIME; - } - } else - printf("\nTimestamp is not available\n\n"); - verok = verify_authenticode(signature, options, signer); - printf("Signature verification: %s\n\n", verok ? "ok" : "failed"); - if (!verok) - return 1; /* FAILED */ - - return 0; /* OK */ -} - -/* - * MSI file support - * https://msdn.microsoft.com/en-us/library/dd942138.aspx - */ - -static int msi_verify_header(char *indata, uint32_t filesize, MSI_PARAMS *msiparams) -{ - MSI_ENTRY *root; - - msiparams->msi = msi_file_new(indata, filesize); - if (!msiparams->msi) { - printf("Failed to parse MSI_FILE struct\n"); - return 0; /* FAILED */ - } - root = msi_root_entry_get(msiparams->msi); - if (!root) { - printf("Failed to get file entry\n"); - return 0; /* FAILED */ - } - if (!msi_dirent_new(msiparams->msi, root, NULL, &(msiparams->dirent))) { - printf("Failed to parse MSI_DIRENT struct\n"); - return 0; /* FAILED */ - } - - return 1; /* OK */ -} - -static int msi_verify_pkcs7(SIGNATURE *signature, MSI_FILE *msi, MSI_DIRENT *dirent, - char *exdata, int exlen, GLOBAL_OPTIONS *options) -{ - int ret = 1, mdok, mdtype = -1; - u_char mdbuf[EVP_MAX_MD_SIZE]; - u_char cmdbuf[EVP_MAX_MD_SIZE]; - u_char cexmdbuf[EVP_MAX_MD_SIZE]; - const EVP_MD *md; - BIO *hash; - - if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) { - ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence; - const u_char *p = content_val->data; - SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); - if (idc) { - if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { - mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); - memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); - } - SpcIndirectDataContent_free(idc); - } - } - if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); - goto out; - } - printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); - md = EVP_get_digestbynid(mdtype); - hash = BIO_new(BIO_f_md()); - if (!BIO_set_md(hash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(hash); - goto out; - } - BIO_push(hash, BIO_new(BIO_s_null())); - if (exdata) { - BIO *prehash = BIO_new(BIO_f_md()); - if (EVP_MD_size(md) != exlen) { - printf("Incorrect MsiDigitalSignatureEx stream data length\n\n"); - BIO_free_all(hash); - BIO_free_all(prehash); - goto out; - } - if (!BIO_set_md(prehash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(hash); - BIO_free_all(prehash); - goto out; - } - BIO_push(prehash, BIO_new(BIO_s_null())); - - print_hash("Current MsiDigitalSignatureEx ", "", (u_char *)exdata, exlen); - if (!msi_prehash_dir(dirent, prehash, 1)) { - printf("Failed to calculate pre-hash used for MsiDigitalSignatureEx\n\n"); - BIO_free_all(hash); - BIO_free_all(prehash); - goto out; - } - BIO_gets(prehash, (char*)cexmdbuf, EVP_MAX_MD_SIZE); - BIO_free_all(prehash); - BIO_write(hash, (char*)cexmdbuf, EVP_MD_size(md)); - print_hash("Calculated MsiDigitalSignatureEx ", "", cexmdbuf, EVP_MD_size(md)); - } - - if (!msi_hash_dir(msi, dirent, hash, 1)) { - printf("Failed to calculate DigitalSignature\n\n"); - BIO_free_all(hash); - goto out; - } - print_hash("Current DigitalSignature ", "", mdbuf, EVP_MD_size(md)); - BIO_gets(hash, (char*)cmdbuf, EVP_MAX_MD_SIZE); - BIO_free_all(hash); - mdok = !memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md)); - print_hash("Calculated DigitalSignature ", mdok ? "\n" : " MISMATCH!!!\n", cmdbuf, EVP_MD_size(md)); - if (!mdok) { - printf("Signature verification: failed\n\n"); - goto out; - } - ret = verify_signature(signature, options); -out: - if (ret) - ERR_print_errors_fp(stdout); - return ret; -} - -static int msi_verify_file(MSI_PARAMS *msiparams, GLOBAL_OPTIONS *options) -{ - int i, ret = 1; - char *indata = NULL; - char *exdata = NULL; - const u_char *blob; - uint32_t inlen, exlen = 0; - PKCS7 *p7; - - STACK_OF(SIGNATURE) *signatures = sk_SIGNATURE_new_null(); - MSI_ENTRY *dse = NULL; - MSI_ENTRY *ds = msi_signatures_get(msiparams->dirent, &dse); - - if (!ds) { - printf("MSI file has no signature\n\n"); - goto out; - } - inlen = GET_UINT32_LE(ds->size); - if (inlen == 0 || inlen >= MAXREGSECT) { - printf("Corrupted DigitalSignature stream length 0x%08X\n", inlen); - goto out; - } - indata = OPENSSL_malloc((size_t)inlen); - if (!msi_file_read(msiparams->msi, ds, 0, indata, inlen)) { - printf("DigitalSignature stream data error\n\n"); - goto out; - } - if (!dse) { - printf("Warning: MsiDigitalSignatureEx stream doesn't exist\n"); - } else { - exlen = GET_UINT32_LE(dse->size); - if (exlen == 0 || exlen >= MAXREGSECT) { - printf("Corrupted MsiDigitalSignatureEx stream length 0x%08X\n", exlen); - goto out; - } - exdata = OPENSSL_malloc((size_t)exlen); - if (!msi_file_read(msiparams->msi, dse, 0, exdata, exlen)) { - printf("MsiDigitalSignatureEx stream data error\n\n"); - goto out; - } - } - blob = (u_char *)indata; - p7 = d2i_PKCS7(NULL, &blob, inlen); - if (!p7) { - printf("Failed to extract PKCS7 data\n\n"); - goto out; - } - if (!append_signature_list(&signatures, p7, 1)) { - printf("Failed to create signature list\n\n"); - PKCS7_free(p7); - goto out; - } - for (i = 0; i < sk_SIGNATURE_num(signatures); i++) { - SIGNATURE *signature = sk_SIGNATURE_value(signatures, i); - printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : ""); - ret &= msi_verify_pkcs7(signature, msiparams->msi, msiparams->dirent, exdata, (int)exlen, options); - } - printf("Number of verified signatures: %d\n", i); -out: - sk_SIGNATURE_pop_free(signatures, signature_free); - OPENSSL_free(indata); - OPENSSL_free(exdata); - return ret; -} - -static PKCS7 *msi_extract_existing_pkcs7(MSI_PARAMS *msiparams, MSI_ENTRY *ds, char **data, uint32_t len) -{ - PKCS7 *p7 = NULL; - const u_char *blob; - - if (!msi_file_read(msiparams->msi, ds, 0, *data, len)) { - printf("DigitalSignature stream data error\n"); - return NULL; - } - blob = (u_char *)*data; - p7 = d2i_PKCS7(NULL, &blob, len); - if (!p7) { - printf("Failed to extract PKCS7 data\n"); - return NULL; - } - return p7; -} - -static int msi_extract_file(MSI_PARAMS *msiparams, BIO *outdata, int output_pkcs7) -{ - int ret = 0; - PKCS7 *sig; - uint32_t len; - char *data; - size_t written; - - MSI_ENTRY *ds = msi_signatures_get(msiparams->dirent, NULL); - if (!ds) { - printf("MSI file has no signature\n\n"); - return 1; /* FAILED */ - } - len = GET_UINT32_LE(ds->size); - if (len == 0 || len >= MAXREGSECT) { - printf("Corrupted DigitalSignature stream length 0x%08X\n", len); - return 1; /* FAILED */ - } - data = OPENSSL_malloc((size_t)len); - (void)BIO_reset(outdata); - sig = msi_extract_existing_pkcs7(msiparams, ds, &data, len); - if (!sig) { - printf("Unable to extract existing signature\n"); - return 1; /* FAILED */ - } - if (output_pkcs7) { - ret = !PEM_write_bio_PKCS7(outdata, sig); - } else { - if (!BIO_write_ex(outdata, data, len, &written) || written != len) - ret = 1; /* FAILED */ - } - PKCS7_free(sig); - OPENSSL_free(data); - return ret; -} - -static int msi_remove_file(MSI_PARAMS *msiparams, BIO *outdata) -{ - if (!msi_dirent_delete(msiparams->dirent, digital_signature_ex, sizeof digital_signature_ex)) { - return 1; /* FAILED */ - } - if (!msi_dirent_delete(msiparams->dirent, digital_signature, sizeof digital_signature)) { - return 1; /* FAILED */ - } - if (!msi_file_write(msiparams->msi, msiparams->dirent, NULL, 0, NULL, 0, outdata)) { - printf("Saving the msi file failed\n"); - return 1; /* FAILED */ - } - return 0; /* OK */ -} - -/* - * MsiDigitalSignatureEx is an enhanced signature type that - * can be used when signing MSI files. In addition to - * file content, it also hashes some file metadata, specifically - * file names, file sizes, creation times and modification times. - * - * The file content hashing part stays the same, so the - * msi_handle_dir() function can be used across both variants. - * - * When an MsiDigitalSigntaureEx section is present in an MSI file, - * the meaning of the DigitalSignature section changes: Instead - * of being merely a file content hash (as what is output by the - * msi_handle_dir() function), it is now hashes both content - * and metadata. - * - * Here is how it works: - * - * First, a "pre-hash" is calculated. This is the "metadata" hash. - * It iterates over the files in the MSI in the same order as the - * file content hashing method would - but it only processes the - * metadata. - * - * Once the pre-hash is calculated, a new hash is created for - * calculating the hash of the file content. The output of the - * pre-hash is added as the first element of the file content hash. - * - * After the pre-hash is written, what follows is the "regular" - * stream of data that would normally be written when performing - * file content hashing. - * - * The output of this hash, which combines both metadata and file - * content, is what will be output in signed form to the - * DigitalSignature section when in 'MsiDigitalSignatureEx' mode. - * - * As mentioned previously, this new mode of operation is signalled - * by the presence of a 'MsiDigitalSignatureEx' section in the MSI - * file. This section must come after the 'DigitalSignature' - * section, and its content must be the output of the pre-hash - * ("metadata") hash. - */ - -static int msi_calc_MsiDigitalSignatureEx(MSI_PARAMS *msiparams, const EVP_MD *md, BIO *hash) -{ - BIO *prehash = BIO_new(BIO_f_md()); - if (!BIO_set_md(prehash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(prehash); - return 0; /* FAILED */ - } - BIO_push(prehash, BIO_new(BIO_s_null())); - - if (!msi_prehash_dir(msiparams->dirent, prehash, 1)) { - printf("Unable to calculate MSI pre-hash ('metadata') hash\n"); - return 0; /* FAILED */ - } - msiparams->p_msiex = OPENSSL_malloc(EVP_MAX_MD_SIZE); - msiparams->len_msiex = BIO_gets(prehash, (char*)msiparams->p_msiex, EVP_MAX_MD_SIZE); - BIO_write(hash, msiparams->p_msiex, msiparams->len_msiex); - BIO_free_all(prehash); - return 1; /* OK */ -} - -/* - * PE file support - */ - -/* Compute a message digest value of the signed or unsigned PE file */ -static int pe_calc_digest(char *indata, int mdtype, u_char *mdbuf, FILE_HEADER *header) -{ - size_t written; - uint32_t idx = 0, fileend; - const EVP_MD *md = EVP_get_digestbynid(mdtype); - BIO *bhash = BIO_new(BIO_f_md()); - - if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(bhash); - return 0; /* FAILED */ - } - BIO_push(bhash, BIO_new(BIO_s_null())); - if (header->sigpos) - fileend = header->sigpos; - else - fileend = header->fileend; - - /* header->header_size + 88 + 4 + 60 + header->pe32plus * 16 + 8 */ - if (!BIO_write_ex(bhash, indata, header->header_size + 88, &written) - || written != header->header_size + 88) { - BIO_free_all(bhash); - return 0; /* FAILED */ - } - idx += (uint32_t)written + 4; - if (!BIO_write_ex(bhash, indata + idx, 60 + header->pe32plus * 16, &written) - || written != 60 + header->pe32plus * 16) { - BIO_free_all(bhash); - return 0; /* FAILED */ - } - idx += (uint32_t)written + 8; - if (!bio_hash_data(indata, bhash, idx, 0, fileend)) { - printf("Unable to calculate digest\n"); - BIO_free_all(bhash); - return 0; /* FAILED */ - } - if (!header->sigpos) { - /* pad (with 0's) unsigned PE file to 8 byte boundary */ - int len = 8 - header->fileend % 8; - if (len > 0 && len != 8) { - char *buf = OPENSSL_malloc(8); - memset(buf, 0, (size_t)len); - BIO_write(bhash, buf, len); - OPENSSL_free(buf); - } - } - BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); - return 1; /* OK */ -} - -static int pe_extract_page_hash(SpcAttributeTypeAndOptionalValue *obj, - u_char **ph, int *phlen, int *phtype) -{ - const u_char *blob; - SpcPeImageData *id; - SpcSerializedObject *so; - int l, l2; - char buf[128]; - - *phlen = 0; - if (!obj || !obj->value) - return 0; /* FAILED */ - blob = obj->value->value.sequence->data; - id = d2i_SpcPeImageData(NULL, &blob, obj->value->value.sequence->length); - if (!id) { - return 0; /* FAILED */ - } - if (!id->file) { - SpcPeImageData_free(id); - return 0; /* FAILED */ - } - if (id->file->type != 1) { - SpcPeImageData_free(id); - return 1; /* OK - this is not SpcSerializedObject structure that contains page hashes */ - } - so = id->file->value.moniker; - if (so->classId->length != sizeof classid_page_hash || - memcmp(so->classId->data, classid_page_hash, sizeof classid_page_hash)) { - SpcPeImageData_free(id); - return 0; /* FAILED */ - } - /* skip ASN.1 SET hdr */ - l = asn1_simple_hdr_len(so->serializedData->data, so->serializedData->length); - blob = so->serializedData->data + l; - obj = d2i_SpcAttributeTypeAndOptionalValue(NULL, &blob, so->serializedData->length - l); - SpcPeImageData_free(id); - if (!obj) - return 0; /* FAILED */ - - *phtype = 0; - buf[0] = 0x00; - OBJ_obj2txt(buf, sizeof buf, obj->type, 1); - if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V1)) { - *phtype = NID_sha1; - } else if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V2)) { - *phtype = NID_sha256; - } else { - SpcAttributeTypeAndOptionalValue_free(obj); - return 0; /* FAILED */ - } - /* Skip ASN.1 SET hdr */ - l2 = asn1_simple_hdr_len(obj->value->value.sequence->data, obj->value->value.sequence->length); - /* Skip ASN.1 OCTET STRING hdr */ - l = asn1_simple_hdr_len(obj->value->value.sequence->data + l2, obj->value->value.sequence->length - l2); - l += l2; - *phlen = obj->value->value.sequence->length - l; - *ph = OPENSSL_malloc((size_t)*phlen); - memcpy(*ph, obj->value->value.sequence->data + l, (size_t)*phlen); - SpcAttributeTypeAndOptionalValue_free(obj); - return 1; /* OK */ -} - -static int pe_page_hash(char *indata, FILE_HEADER *header, u_char *ph, int phlen, int phtype) -{ - int mdok, cphlen = 0; - u_char *cph; - - printf("Page hash algorithm : %s\n", OBJ_nid2sn(phtype)); - print_hash("Page hash ", "...", ph, (phlen < 32) ? phlen : 32); - cph = pe_calc_page_hash(indata, header->header_size, header->pe32plus, header->sigpos, phtype, &cphlen); - mdok = (phlen == cphlen) && !memcmp(ph, cph, (size_t)phlen); - print_hash("Calculated page hash ", mdok ? "...\n" : "... MISMATCH!!!\n", cph, (cphlen < 32) ? cphlen : 32); - OPENSSL_free(cph); - return mdok; -} - -static int pe_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *header, - GLOBAL_OPTIONS *options) -{ - int ret = 1, mdtype = -1, phtype = -1; - u_char mdbuf[EVP_MAX_MD_SIZE]; - u_char cmdbuf[EVP_MAX_MD_SIZE]; - u_char *ph = NULL; - int phlen = 0; - - if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) { - ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence; - const u_char *p = content_val->data; - SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); - if (idc) { - if (!pe_extract_page_hash(idc->data, &ph, &phlen, &phtype)) { - printf("Failed to extract a page hash\n\n"); - SpcIndirectDataContent_free(idc); - goto out; - } - if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { - mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); - memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); - } - SpcIndirectDataContent_free(idc); - } - } - if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); - goto out; - } - if (!pe_calc_digest(indata, mdtype, cmdbuf, header)) { - printf("Failed to calculate message digest\n\n"); - goto out; - } - if (!compare_digests(mdbuf, cmdbuf, mdtype)) { - printf("Signature verification: failed\n\n"); - goto out; - } - if (phlen > 0 && !pe_page_hash(indata, header, ph, phlen, phtype)) { - printf("Signature verification: failed\n\n"); - goto out; - } - - ret = verify_signature(signature, options); -out: - if (ret) - ERR_print_errors_fp(stdout); - OPENSSL_free(ph); - return ret; -} - -/* - * pe_extract_existing_pkcs7 retrieves a decoded PKCS7 struct - * corresponding to the existing signature of the PE file. - */ -static PKCS7 *pe_extract_existing_pkcs7(char *indata, FILE_HEADER *header) -{ - uint32_t pos = 0; - PKCS7 *p7 = NULL; - - if (header->siglen == 0 || header->siglen > header->fileend) { - printf("Corrupted signature length: 0x%08X\n", header->siglen); - return NULL; /* FAILED */ - } - while (pos < header->siglen) { - uint32_t l = GET_UINT32_LE(indata + header->sigpos + pos); - uint16_t certrev = GET_UINT16_LE(indata + header->sigpos + pos + 4); - uint16_t certtype = GET_UINT16_LE(indata + header->sigpos + pos + 6); - if (certrev == WIN_CERT_REVISION_2_0 && certtype == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { - const u_char *blob = (u_char *)indata + header->sigpos + pos + 8; - p7 = d2i_PKCS7(NULL, &blob, l - 8); - } - if (l%8) - l += (8 - l%8); - pos += l; - } - return p7; -} - -static int pe_verify_file(char *indata, FILE_HEADER *header, GLOBAL_OPTIONS *options) -{ - int i, peok = 1, ret = 1; - uint32_t real_pe_checksum; - PKCS7 *p7; - STACK_OF(SIGNATURE) *signatures = sk_SIGNATURE_new_null(); - - if (header->siglen == 0) - header->sigpos = header->fileend; - - /* check PE checksum */ - printf("Current PE checksum : %08X\n", header->pe_checksum); - real_pe_checksum = pe_calc_realchecksum(indata, header); - if (header->pe_checksum && header->pe_checksum != real_pe_checksum) - peok = 0; - printf("Calculated PE checksum: %08X%s\n\n", real_pe_checksum, peok ? "" : " MISMATCH!!!"); - - if (header->sigpos == 0 || header->siglen == 0 || header->sigpos > header->fileend) { - printf("No signature found\n\n"); - goto out; - } - if (header->siglen != GET_UINT32_LE(indata + header->sigpos)) { - printf("Invalid signature\n\n"); - goto out; - } - p7 = pe_extract_existing_pkcs7(indata, header); - if (!p7) { - printf("Failed to extract PKCS7 data\n\n"); - goto out; - } - if (!append_signature_list(&signatures, p7, 1)) { - printf("Failed to create signature list\n\n"); - PKCS7_free(p7); - goto out; - } - for (i = 0; i < sk_SIGNATURE_num(signatures); i++) { - SIGNATURE *signature = sk_SIGNATURE_value(signatures, i); - printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : ""); - ret &= pe_verify_pkcs7(signature, indata, header, options); - } - printf("Number of verified signatures: %d\n", i); -out: - sk_SIGNATURE_pop_free(signatures, signature_free); - return ret; -} - -static int pe_extract_file(char *indata, FILE_HEADER *header, BIO *outdata, int output_pkcs7) -{ - int ret = 0; - PKCS7 *sig; - size_t written; - - (void)BIO_reset(outdata); - if (output_pkcs7) { - sig = pe_extract_existing_pkcs7(indata, header); - if (!sig) { - printf("Unable to extract existing signature\n"); - return 1; /* FAILED */ - } - ret = !PEM_write_bio_PKCS7(outdata, sig); - PKCS7_free(sig); - } else - if (!BIO_write_ex(outdata, indata + header->sigpos, header->siglen, &written) \ - || written != header->siglen) - ret = 1; /* FAILED */ - return ret; -} - -static int pe_verify_header(char *indata, char *infile, uint32_t filesize, FILE_HEADER *header) -{ - if (filesize < 64) { - printf("Corrupt DOS file - too short: %s\n", infile); - return 0; /* FAILED */ - } - /* SizeOfHeaders field specifies the combined size of an MS-DOS stub, PE header, - * and section headers rounded up to a multiple of FileAlignment. - * SizeOfHeaders must be < filesize and cannot be < 0x0000002C (44) in Windows 7 - * because of a bug when checking section names for compatibility purposes */ - header->header_size = GET_UINT32_LE(indata + 60); - if (header->header_size < 44 || header->header_size > filesize) { - printf("Unexpected SizeOfHeaders field: 0x%08X\n", header->header_size); - return 0; /* FAILED */ - } - if (filesize < header->header_size + 176) { - printf("Corrupt PE file - too short: %s\n", infile); - return 0; /* FAILED */ - } - if (memcmp(indata + header->header_size, "PE\0\0", 4)) { - printf("Unrecognized DOS file type: %s\n", infile); - return 0; /* FAILED */ - } - /* Magic field identifies the state of the image file. The most common number is - * 0x10B, which identifies it as a normal executable file, - * 0x20B identifies it as a PE32+ executable, - * 0x107 identifies it as a ROM image (not supported) */ - header->magic = GET_UINT16_LE(indata + header->header_size + 24); - if (header->magic == 0x20b) { - header->pe32plus = 1; - } else if (header->magic == 0x10b) { - header->pe32plus = 0; - } else { - printf("Corrupt PE file - found unknown magic %04X: %s\n", header->magic, infile); - return 0; /* FAILED */ - } - /* The image file checksum */ - header->pe_checksum = GET_UINT32_LE(indata + header->header_size + 88); - /* NumberOfRvaAndSizes field specifies the number of data-directory entries - * in the remainder of the optional header. Each describes a location and size. */ - header->nrvas = GET_UINT32_LE(indata + header->header_size + 116 + header->pe32plus * 16); - if (header->nrvas < 5) { - printf("Can not handle PE files without certificate table resource: %s\n", infile); - return 0; /* FAILED */ - } - /* Certificate Table field specifies the attribute certificate table address (4 bytes) and size (4 bytes) */ - header->sigpos = GET_UINT32_LE(indata + header->header_size + 152 + header->pe32plus * 16); - header->siglen = GET_UINT32_LE(indata + header->header_size + 152 + header->pe32plus * 16 + 4); - - /* Since fix for MS Bulletin MS12-024 we can really assume - that signature should be last part of file */ - if ((header->sigpos > 0 && header->sigpos < filesize && header->sigpos + header->siglen != filesize) - || (header->sigpos >= filesize)) { - printf("Corrupt PE file - current signature not at end of file: %s\n", infile); - return 0; /* FAILED */ - } - if ((header->sigpos > 0 && header->siglen == 0) || (header->sigpos == 0 && header->siglen > 0)) { - printf("Corrupt signature\n"); - return 0; /* FAILED */ - } - return 1; /* OK */ -} - -static int pe_modify_header(char *indata, FILE_HEADER *header, BIO *hash, BIO *outdata) -{ - size_t i, len, written; - char *buf; - - i = len = header->header_size + 88; - if (!BIO_write_ex(hash, indata, len, &written) || written != len) - return 0; /* FAILED */ - buf = OPENSSL_malloc(SIZE_64K); - memset(buf, 0, 4); - BIO_write(outdata, buf, 4); /* zero out checksum */ - i += 4; - len = 60 + header->pe32plus * 16; - if (!BIO_write_ex(hash, indata + i, len, &written) || written != len) { - OPENSSL_free(buf); - return 0; /* FAILED */ - } - i += 60 + header->pe32plus * 16; - memset(buf, 0, 8); - BIO_write(outdata, buf, 8); /* zero out sigtable offset + pos */ - i += 8; - len = header->fileend - i; - while (len > 0) { - if (!BIO_write_ex(hash, indata + i, len, &written)) { - OPENSSL_free(buf); - return 0; /* FAILED */ - } - len -= written; - i += written; - } - /* pad (with 0's) pe file to 8 byte boundary */ - len = 8 - header->fileend % 8; - if (len != 8) { - memset(buf, 0, len); - if (!BIO_write_ex(hash, buf, len, &written) || written != len) { - OPENSSL_free(buf); - return 0; /* FAILED */ - } - header->fileend += (uint32_t)len; - } - OPENSSL_free(buf); - return 1; /* OK */ -} - -/* - * CAB file support - * https://www.file-recovery.com/cab-signature-format.htm - */ - -static int cab_verify_header(char *indata, char *infile, uint32_t filesize, FILE_HEADER *header) -{ - uint32_t reserved; - - if (filesize < 44) { - printf("Corrupt cab file - too short: %s\n", infile); - return 0; /* FAILED */ - } - header->fileend = filesize; - reserved = GET_UINT32_LE(indata + 4); - if (reserved) { - printf("Reserved1: 0x%08X\n", reserved); - return 0; /* FAILED */ - } - /* flags specify bit-mapped values that indicate the presence of optional data */ - header->flags = GET_UINT16_LE(indata + 30); -#if 1 - if (header->flags & FLAG_PREV_CABINET) { - /* FLAG_NEXT_CABINET works */ - printf("Multivolume cabinet file is unsupported: flags 0x%04X\n", header->flags); - return 0; /* FAILED */ - } -#endif - if (header->flags & FLAG_RESERVE_PRESENT) { - /* - * Additional headers is located at offset 36 (cbCFHeader, cbCFFolder, cbCFData); - * size of header (4 bytes, little-endian order) must be 20 (checkpoint). - */ - header->header_size = GET_UINT32_LE(indata + 36); - if (header->header_size != 20) { - printf("Additional header size: 0x%08X\n", header->header_size); - return 0; /* FAILED */ - } - reserved = GET_UINT32_LE(indata + 40); - if (reserved != 0x00100000) { - printf("abReserved: 0x%08X\n", reserved); - return 0; /* FAILED */ - } - /* - * File size is defined at offset 8, however if additional header exists, this size is not valid. - * sigpos - additional data offset is located at offset 44 (from file beginning) - * and consist of 4 bytes (little-endian order) - * siglen - additional data size is located at offset 48 (from file beginning) - * and consist of 4 bytes (little-endian order) - * If there are additional headers, size of the CAB archive file is calcualted - * as additional data offset plus additional data size. - */ - header->sigpos = GET_UINT32_LE(indata + 44); - header->siglen = GET_UINT32_LE(indata + 48); - if ((header->sigpos < filesize && header->sigpos + header->siglen != filesize) - || (header->sigpos >= filesize)) { - printf("Additional data offset:\t%u bytes\nAdditional data size:\t%u bytes\n", - header->sigpos, header->siglen); - printf("File size:\t\t%u bytes\n", filesize); - return 0; /* FAILED */ - } - if ((header->sigpos > 0 && header->siglen == 0) || (header->sigpos == 0 && header->siglen > 0)) { - printf("Corrupt signature\n"); - return 0; /* FAILED */ - } - } - return 1; /* OK */ -} - -/* Compute a message digest value of the signed or unsigned CAB file */ -static int cab_calc_digest(char *indata, int mdtype, u_char *mdbuf, FILE_HEADER *header) -{ - uint32_t idx = 0, fileend, coffFiles; - const EVP_MD *md = EVP_get_digestbynid(mdtype); - BIO *bhash = BIO_new(BIO_f_md()); - - if (!BIO_set_md(bhash, md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(bhash); - return 0; /* FAILED */ - } - BIO_push(bhash, BIO_new(BIO_s_null())); - - if (header->sigpos) - fileend = header->sigpos; - else - fileend = header->fileend; - - /* u1 signature[4] 4643534D MSCF: 0-3 */ - BIO_write(bhash, indata, 4); - /* u4 reserved1 00000000: 4-7 skipped */ - if (header->sigpos) { - uint16_t nfolders, flags; - uint32_t pos = 60; - /* - * u4 cbCabinet - size of this cabinet file in bytes: 8-11 - * u4 reserved2 00000000: 12-15 - */ - BIO_write(bhash, indata + 8, 8); - /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ - coffFiles = GET_UINT32_LE(indata + 16); - BIO_write(bhash, indata + 16, 4); - /* - * u4 reserved3 00000000: 20-23 - * u1 versionMinor 03: 24 - * u1 versionMajor 01: 25 - */ - BIO_write(bhash, indata + 20, 6); - /* u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 */ - nfolders = GET_UINT16_LE(indata + 26); - BIO_write(bhash, indata + 26, 2); - /* u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ - BIO_write(bhash, indata + 28, 2); - /* u2 flags: 30-31 */ - flags = GET_UINT16_LE(indata + 30); - BIO_write(bhash, indata + 30, 2); - /* u2 setID must be the same for all cabinets in a set: 32-33 */ - BIO_write(bhash, indata + 32, 2); - /* - * u2 iCabinet - number of this cabinet file in a set: 34-35 skipped - * u2 cbCFHeader: 36-37 skipped - * u1 cbCFFolder: 38 skipped - * u1 cbCFData: 39 skipped - * u22 abReserve: 40-55 skipped - * - Additional data offset: 44-47 skipped - * - Additional data size: 48-51 skipped - */ - /* u22 abReserve: 56-59 */ - BIO_write(bhash, indata + 56, 4); - idx += 60; - /* TODO */ - if (flags & FLAG_PREV_CABINET) { - uint8_t byte; - /* szCabinetPrev */ - do { - byte = GET_UINT8_LE(indata + idx); - BIO_write(bhash, indata + idx, 1); - pos++; - idx++; - } while (byte && pos < fileend); - /* szDiskPrev */ - do { - byte = GET_UINT8_LE(indata + idx); - BIO_write(bhash, indata + idx, 1); - pos++; - idx++; - } while (byte && pos < fileend); - } - if (flags & FLAG_NEXT_CABINET) { - uint8_t byte; - /* szCabinetNext */ - do { - byte = GET_UINT8_LE(indata + idx); - BIO_write(bhash, indata + idx, 1); - pos++; - idx++; - } while (byte && pos < fileend); - /* szDiskNext */ - do { - byte = GET_UINT8_LE(indata + idx); - BIO_write(bhash, indata + idx, 1); - pos++; - idx++; - } while (byte && pos < fileend); - } - /* - * (u8 * cFolders) CFFOLDER - structure contains information about - * one of the folders or partial folders stored in this cabinet file - */ - while (nfolders) { - BIO_write(bhash, indata + idx, 8); - idx += 8; - nfolders--; - } - } else { - /* read what's left of the unsigned CAB file */ - coffFiles = 8; - } - /* (variable) ab - the compressed data bytes */ - if (!bio_hash_data(indata, bhash, idx, coffFiles, fileend)) { - printf("Unable to calculate digest\n"); - BIO_free_all(bhash); - return 0; /* FAILED */ - } - BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); - return 1; /* OK */ -} - -static int cab_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *header, - GLOBAL_OPTIONS *options) -{ - int ret = 1, mdtype = -1; - u_char mdbuf[EVP_MAX_MD_SIZE]; - u_char cmdbuf[EVP_MAX_MD_SIZE]; - - if (is_content_type(signature->p7, SPC_INDIRECT_DATA_OBJID)) { - ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence; - const u_char *p = content_val->data; - SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); - if (idc) { - if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { - mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); - memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); - } - SpcIndirectDataContent_free(idc); - } - } - if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); - goto out; - } - if (!cab_calc_digest(indata, mdtype, cmdbuf, header)) { - printf("Failed to calculate message digest\n\n"); - goto out; - } - if (!compare_digests(mdbuf, cmdbuf, mdtype)) { - printf("Signature verification: failed\n\n"); - goto out; - } - - ret = verify_signature(signature, options); -out: - if (ret) - ERR_print_errors_fp(stdout); - return ret; -} - -static PKCS7 *extract_existing_pkcs7(char *indata, FILE_HEADER *header) -{ - PKCS7 *p7 = NULL; - const u_char *blob; - - blob = (u_char *)indata + header->sigpos; - p7 = d2i_PKCS7(NULL, &blob, header->siglen); - return p7; -} - -static int cab_verify_file(char *indata, FILE_HEADER *header, GLOBAL_OPTIONS *options) -{ - int i, ret = 1; - PKCS7 *p7; - STACK_OF(SIGNATURE) *signatures = sk_SIGNATURE_new_null(); - - if (header->header_size != 20) { - printf("No signature found\n\n"); - goto out; - } - if (header->sigpos == 0 || header->siglen == 0 || header->sigpos > header->fileend) { - printf("No signature found\n\n"); - goto out; - } - p7 = extract_existing_pkcs7(indata, header); - if (!p7) { - printf("Failed to extract PKCS7 data\n\n"); - goto out; - } - if (!append_signature_list(&signatures, p7, 1)) { - printf("Failed to create signature list\n\n"); - PKCS7_free(p7); - goto out; - } - for (i = 0; i < sk_SIGNATURE_num(signatures); i++) { - SIGNATURE *signature = sk_SIGNATURE_value(signatures, i); - printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : ""); - ret &= cab_verify_pkcs7(signature, indata, header, options); - } - printf("Number of verified signatures: %d\n", i); -out: - sk_SIGNATURE_pop_free(signatures, signature_free); - return ret; -} - -static int cab_extract_file(char *indata, FILE_HEADER *header, BIO *outdata, int output_pkcs7) -{ - int ret = 0; - PKCS7 *sig; - size_t written; - - (void)BIO_reset(outdata); - if (output_pkcs7) { - sig = extract_existing_pkcs7(indata, header); - if (!sig) { - printf("Unable to extract existing signature\n"); - return 1; /* FAILED */ - } - ret = !PEM_write_bio_PKCS7(outdata, sig); - PKCS7_free(sig); - } else - if (!BIO_write_ex(outdata, indata + header->sigpos, header->siglen, &written) \ - || written != header->siglen) - ret = 1; /* FAILED */ - return ret; -} - -static void cab_optional_names(uint16_t flags, char *indata, BIO *outdata, size_t *len) -{ - size_t i = *len; - - /* TODO */ - if (flags & FLAG_PREV_CABINET) { - /* szCabinetPrev */ - while (GET_UINT8_LE(indata+i)) { - BIO_write(outdata, indata+i, 1); - i++; - } - BIO_write(outdata, indata+i, 1); - i++; - /* szDiskPrev */ - while (GET_UINT8_LE(indata+i)) { - BIO_write(outdata, indata+i, 1); - i++; - } - BIO_write(outdata, indata+i, 1); - i++; - } - if (flags & FLAG_NEXT_CABINET) { - /* szCabinetNext */ - while (GET_UINT8_LE(indata+i)) { - BIO_write(outdata, indata+i, 1); - i++; - } - BIO_write(outdata, indata+i, 1); - i++; - /* szDiskNext */ - while (GET_UINT8_LE(indata+i)) { - BIO_write(outdata, indata+i, 1); - i++; - } - BIO_write(outdata, indata+i, 1); - i++; - } - *len = i; -} - -static int cab_remove_file(char *indata, FILE_HEADER *header, uint32_t filesize, BIO *outdata) -{ - size_t i, written, len; - uint32_t tmp; - uint16_t nfolders, flags; - char *buf = OPENSSL_malloc(SIZE_64K); - - /* - * u1 signature[4] 4643534D MSCF: 0-3 - * u4 reserved1 00000000: 4-7 - */ - BIO_write(outdata, indata, 8); - /* u4 cbCabinet - size of this cabinet file in bytes: 8-11 */ - tmp = GET_UINT32_LE(indata+8) - 24; - PUT_UINT32_LE(tmp, buf); - BIO_write(outdata, buf, 4); - /* u4 reserved2 00000000: 12-15 */ - BIO_write(outdata, indata+12, 4); - /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ - tmp = GET_UINT32_LE(indata+16) - 24; - PUT_UINT32_LE(tmp, buf); - BIO_write(outdata, buf, 4); - /* - * u4 reserved3 00000000: 20-23 - * u1 versionMinor 03: 24 - * u1 versionMajor 01: 25 - * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 - * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 - */ - BIO_write(outdata, indata+20, 10); - /* u2 flags: 30-31 */ - flags = GET_UINT16_LE(indata+30); - /* coverity[result_independent_of_operands] only least significant byte is affected */ - PUT_UINT16_LE(flags & (FLAG_PREV_CABINET | FLAG_NEXT_CABINET), buf); - BIO_write(outdata, buf, 2); - /* - * u2 setID must be the same for all cabinets in a set: 32-33 - * u2 iCabinet - number of this cabinet file in a set: 34-35 - */ - BIO_write(outdata, indata+32, 4); - i = 60; - cab_optional_names(flags, indata, outdata, &i); - /* - * (u8 * cFolders) CFFOLDER - structure contains information about - * one of the folders or partial folders stored in this cabinet file - */ - nfolders = GET_UINT16_LE(indata + 26); - while (nfolders) { - tmp = GET_UINT32_LE(indata+i); - tmp -= 24; - PUT_UINT32_LE(tmp, buf); - BIO_write(outdata, buf, 4); - BIO_write(outdata, indata+i+4, 4); - i+=8; - nfolders--; - } - OPENSSL_free(buf); - /* Write what's left - the compressed data bytes */ - len = filesize - header->siglen - i; - while (len > 0) { - if (!BIO_write_ex(outdata, indata + i, len, &written)) - return 1; /* FAILED */ - len -= written; - i += written; - } - return 0; /* OK */ -} - -static int cab_modify_header(char *indata, FILE_HEADER *header, BIO *hash, BIO *outdata) -{ - size_t i, written, len; - uint16_t nfolders, flags; - u_char buf[] = {0x00, 0x00}; - - /* u1 signature[4] 4643534D MSCF: 0-3 */ - BIO_write(hash, indata, 4); - /* u4 reserved1 00000000: 4-7 */ - BIO_write(outdata, indata+4, 4); - /* - * u4 cbCabinet - size of this cabinet file in bytes: 8-11 - * u4 reserved2 00000000: 12-15 - * u4 coffFiles - offset of the first CFFILE entry: 16-19 - * u4 reserved3 00000000: 20-23 - * u1 versionMinor 03: 24 - * u1 versionMajor 01: 25 - * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 - * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 - */ - BIO_write(hash, indata+8, 22); - /* u2 flags: 30-31 */ - flags = GET_UINT16_LE(indata+30); - PUT_UINT16_LE(flags, buf); - BIO_write(hash, buf, 2); - /* u2 setID must be the same for all cabinets in a set: 32-33 */ - BIO_write(hash, indata+32, 2); - /* - * u2 iCabinet - number of this cabinet file in a set: 34-35 - * u2 cbCFHeader: 36-37 - * u1 cbCFFolder: 38 - * u1 cbCFData: 39 - * u16 abReserve: 40-55 - * - Additional data offset: 44-47 - * - Additional data size: 48-51 - */ - BIO_write(outdata, indata+34, 22); - /* u4 abReserve: 56-59 */ - BIO_write(hash, indata+56, 4); - - i = 60; - cab_optional_names(flags, indata, hash, &i); - /* - * (u8 * cFolders) CFFOLDER - structure contains information about - * one of the folders or partial folders stored in this cabinet file - */ - nfolders = GET_UINT16_LE(indata + 26); - while (nfolders) { - BIO_write(hash, indata + i, 8); - i += 8; - nfolders--; - } - /* Write what's left - the compressed data bytes */ - len = header->sigpos - i; - while (len > 0) { - if (!BIO_write_ex(hash, indata + i, len, &written)) - return 0; /* FAILED */ - len -= written; - i += written; - } - return 1; /* OK */ -} - -static int cab_add_header(char *indata, FILE_HEADER *header, BIO *hash, BIO *outdata) -{ - size_t i, written, len; - uint32_t tmp; - uint16_t nfolders, flags; - u_char cabsigned[] = { - 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, - 0xde, 0xad, 0xbe, 0xef, /* size of cab file */ - 0xde, 0xad, 0xbe, 0xef, /* size of asn1 blob */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - char *buf = OPENSSL_malloc(SIZE_64K); - memset(buf, 0, SIZE_64K); - - /* u1 signature[4] 4643534D MSCF: 0-3 */ - BIO_write(hash, indata, 4); - /* u4 reserved1 00000000: 4-7 */ - BIO_write(outdata, indata+4, 4); - /* u4 cbCabinet - size of this cabinet file in bytes: 8-11 */ - tmp = GET_UINT32_LE(indata+8) + 24; - PUT_UINT32_LE(tmp, buf); - BIO_write(hash, buf, 4); - /* u4 reserved2 00000000: 12-15 */ - BIO_write(hash, indata+12, 4); - /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ - tmp = GET_UINT32_LE(indata+16) + 24; - PUT_UINT32_LE(tmp, buf+4); - BIO_write(hash, buf+4, 4); - /* - * u4 reserved3 00000000: 20-23 - * u1 versionMinor 03: 24 - * u1 versionMajor 01: 25 - * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 - * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 - */ - memcpy(buf+4, indata+20, 10); - flags = GET_UINT16_LE(indata+30); - buf[4+10] = (char)flags | FLAG_RESERVE_PRESENT; - /* u2 setID must be the same for all cabinets in a set: 32-33 */ - memcpy(buf+16, indata+32, 2); - BIO_write(hash, buf+4, 14); - /* u2 iCabinet - number of this cabinet file in a set: 34-35 */ - BIO_write(outdata, indata+34, 2); - memcpy(cabsigned+8, buf, 4); - BIO_write(outdata, cabsigned, 20); - BIO_write(hash, cabsigned+20, 4); - - i = 36; - cab_optional_names(flags, indata, hash, &i); - /* - * (u8 * cFolders) CFFOLDER - structure contains information about - * one of the folders or partial folders stored in this cabinet file - */ - nfolders = GET_UINT16_LE(indata + 26); - while (nfolders) { - tmp = GET_UINT32_LE(indata + i); - tmp += 24; - PUT_UINT32_LE(tmp, buf); - BIO_write(hash, buf, 4); - BIO_write(hash, indata + i + 4, 4); - i += 8; - nfolders--; - } - OPENSSL_free(buf); - /* Write what's left - the compressed data bytes */ - len = header->fileend - i; - while (len > 0) { - if (!BIO_write_ex(hash, indata + i, len, &written)) - return 0; /* FAILED */ - len -= written; - i += written; - } - return 1; /* OK */ -} - -/* - * CAT file support - * Catalog files are a bit odd, in that they are only a PKCS7 blob. - */ - -static PKCS7 *cat_extract_existing_pkcs7(char *indata, FILE_HEADER *header) -{ - PKCS7 *p7 = NULL; - const u_char *blob; - - blob = (u_char *)indata; - p7 = d2i_PKCS7(NULL, &blob, header->fileend); - return p7; -} - -static int cat_verify_header(char *indata, uint32_t filesize, FILE_HEADER *header) -{ - PKCS7 *p7; - PKCS7_SIGNER_INFO *si; - STACK_OF(PKCS7_SIGNER_INFO) *signer_info; - - p7 = cat_extract_existing_pkcs7(indata, header); - if (!p7) { - return 0; /* FAILED */ - } - if (!PKCS7_type_is_signed(p7)) { - PKCS7_free(p7); - return 0; /* FAILED */ - } - signer_info = PKCS7_get_signer_info(p7); - if (!signer_info) - return 0; /* FAILED */ - si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); - if (!si) { - /* catalog file is unsigned */ - header->sigpos = filesize; - } - - header->fileend = filesize; - PKCS7_free(p7); - return 1; /* OK */ -} - -/* - * If the attribute type is SPC_INDIRECT_DATA_OBJID, get a digest algorithm and a message digest - * from the content and compare the message digest against the computed message digest of the file - */ -static int cat_verify_member(CatalogAuthAttr *attribute, char *indata, FILE_HEADER *header, - file_type_t filetype) -{ - int ret = 1; - u_char *ph = NULL; - ASN1_OBJECT *indir_objid = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); - - if (attribute && !OBJ_cmp(attribute->type, indir_objid)) { - int mdlen, mdtype = -1, phtype = -1; - u_char mdbuf[EVP_MAX_MD_SIZE]; - u_char cmdbuf[EVP_MAX_MD_SIZE]; - int phlen = 0; - ASN1_TYPE *content; - SpcIndirectDataContent *idc; - - ASN1_STRING *content_val = attribute->contents->value.sequence; - const u_char *p = content_val->data; - STACK_OF(ASN1_TYPE) *contents = d2i_ASN1_SET_ANY(NULL, &p, content_val->length); - if (contents == NULL) - goto out; - - content = sk_ASN1_TYPE_value(contents, 0); - sk_ASN1_TYPE_free(contents); - content_val = content->value.sequence; - p = content_val->data; - idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); - if (idc) { - if (header->sigpos) { - /* try to get a page hash if the file is signed */ - if (!pe_extract_page_hash(idc->data, &ph, &phlen, &phtype)) { - printf("Failed to extract a page hash\n\n"); - SpcIndirectDataContent_free(idc); - goto out; - } - } - if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { - /* get a digest algorithm a message digest of the file from the content */ - mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); - memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); - } - SpcIndirectDataContent_free(idc); - } - ASN1_TYPE_free(content); - if (mdtype == -1) { - printf("Failed to extract current message digest\n\n"); - goto out; - } - /* reset calculated message digest */ - memset(cmdbuf, 0, EVP_MAX_MD_SIZE); - /* compute a message digest of the input file */ - switch (filetype) { - case FILE_TYPE_CAB: - if (cab_calc_digest(indata, mdtype, cmdbuf, header)) - goto out; - break; - case FILE_TYPE_PE: - if (!pe_calc_digest(indata, mdtype, cmdbuf, header)) - goto out; - break; - case FILE_TYPE_MSI: - if (!msi_calc_digest(indata, mdtype, cmdbuf, header)) - goto out; - break; - default: - printf("Unsupported input file type.\n"); - goto out; - } - mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); - if (!memcmp(mdbuf, cmdbuf, (size_t)mdlen)) { - printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); - print_hash("Current message digest ", "", mdbuf, mdlen); - print_hash("Calculated message digest ", "\n", cmdbuf, mdlen); - } else { - goto out; - } - if (phlen > 0 && !pe_page_hash(indata, header, ph, phlen, phtype)) { - printf("Signature verification: failed\n\n"); - goto out; - } - ret = 0; /* OK */ - } -out: - ASN1_OBJECT_free(indir_objid); - OPENSSL_free(ph); - return ret; -} - -/* - * If the message digest of the input file is found in the catalog file, - * or the input file itself is a catalog file, verify the signature. - */ -static int cat_verify_pkcs7(SIGNATURE *signature, char *indata, FILE_HEADER *header, - file_type_t filetype, GLOBAL_OPTIONS *options) -{ - int ret = 1, ok = 0; - - /* A CTL (MS_CTL_OBJID) is a list of hashes of certificates or a list of hashes files */ - if (options->catalog && is_content_type(signature->p7, MS_CTL_OBJID)) { - ASN1_STRING *content_val = signature->p7->d.sign->contents->d.other->value.sequence; - const u_char *p = content_val->data; - MsCtlContent *ctlc = d2i_MsCtlContent(NULL, &p, content_val->length); - if (ctlc) { - int i, j; - /* find the message digest of the file for all files added to the catalog file */ - for (i = 0; i < sk_CatalogInfo_num(ctlc->header_attributes); i++) { - STACK_OF(CatalogAuthAttr) *attributes; - CatalogInfo *header_attr = sk_CatalogInfo_value(ctlc->header_attributes, i); - if (header_attr == NULL) - continue; - attributes = header_attr->attributes; - for (j = 0; j < sk_CatalogAuthAttr_num(attributes); j++) { - CatalogAuthAttr *attribute = sk_CatalogAuthAttr_value(attributes, j); - if (!cat_verify_member(attribute, indata, header, filetype)) { - /* computed message digest of the file is found in the catalog file */ - ok = 1; - break; - } - } - if (ok) { - break; - } - } - MsCtlContent_free(ctlc); - } - } else { - /* the input file is a catalog file */ - ok = 1; - } - if (ok) { - /* a message digest value of the catalog file is checked by PKCS7_verify() */ - ret = verify_signature(signature, options); - } else { - printf("File not found in the specified catalog.\n\n"); - } - if (ret) - ERR_print_errors_fp(stdout); - return ret; -} - -static int cat_verify_file(char *catdata, FILE_HEADER *catheader, - char *indata, FILE_HEADER *header, file_type_t filetype, GLOBAL_OPTIONS *options) -{ - int i, ret = 1; - PKCS7 *p7; - STACK_OF(SIGNATURE) *signatures = sk_SIGNATURE_new_null(); - - if (header->sigpos == header->fileend || - (options->catalog && (catheader->sigpos == catheader->fileend))) { - printf("No signature found\n\n"); - goto out; - } - if (options->catalog) - p7 = cat_extract_existing_pkcs7(catdata, catheader); - else - p7 = cat_extract_existing_pkcs7(indata, header); - if (!append_signature_list(&signatures, p7, 1)) { - printf("Failed to create signature list\n\n"); - PKCS7_free(p7); - goto out; - } - for (i = 0; i < sk_SIGNATURE_num(signatures); i++) { - SIGNATURE *signature = sk_SIGNATURE_value(signatures, i); - if (!options->catalog) - printf("Signature Index: %d %s\n", i, i==0 ? " (Primary Signature)" : ""); - ret &= cat_verify_pkcs7(signature, indata, header, filetype, options); - } - printf("Number of verified signatures: %d\n", i); -out: - sk_SIGNATURE_pop_free(signatures, signature_free); - return ret; -} - -static void add_jp_attribute(PKCS7_SIGNER_INFO *si, int jp) -{ - ASN1_STRING *astr; - const u_char *attrs = NULL; - - switch (jp) { - case 0: - attrs = java_attrs_low; - break; - case 1: - /* XXX */ - case 2: - /* XXX */ - default: - break; - } - if (attrs) { - astr = ASN1_STRING_new(); - ASN1_STRING_set(astr, attrs, sizeof java_attrs_low); - PKCS7_add_signed_attribute(si, OBJ_txt2nid(MS_JAVA_SOMETHING), - V_ASN1_SEQUENCE, astr); - } -} - -static int add_purpose_attribute(PKCS7_SIGNER_INFO *si, int comm) -{ - ASN1_STRING *astr; - - astr = ASN1_STRING_new(); - if (comm) { - ASN1_STRING_set(astr, purpose_comm, sizeof purpose_comm); - } else { - ASN1_STRING_set(astr, purpose_ind, sizeof purpose_ind); - } - return PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_STATEMENT_TYPE_OBJID), - V_ASN1_SEQUENCE, astr); -} - -static int add_opus_attribute(PKCS7_SIGNER_INFO *si, char *desc, char *url) -{ - SpcSpOpusInfo *opus; - ASN1_STRING *astr; - int len; - u_char *p = NULL; - - opus = createOpus(desc, url); - if ((len = i2d_SpcSpOpusInfo(opus, NULL)) <= 0 || (p = OPENSSL_malloc((size_t)len)) == NULL) { - SpcSpOpusInfo_free(opus); - return 0; /* FAILED */ - } - i2d_SpcSpOpusInfo(opus, &p); - p -= len; - astr = ASN1_STRING_new(); - ASN1_STRING_set(astr, p, len); - OPENSSL_free(p); - SpcSpOpusInfo_free(opus); - return PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_SP_OPUS_INFO_OBJID), - V_ASN1_SEQUENCE, astr); -} - -static PKCS7 *create_new_signature(file_type_t type, - GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) -{ - int i, signer = -1; - PKCS7 *sig; - PKCS7_SIGNER_INFO *si = NULL; - - sig = PKCS7_new(); - PKCS7_set_type(sig, NID_pkcs7_signed); - - if (cparams->cert != NULL) { - /* - * the private key and corresponding certificate are parsed from the PKCS12 - * structure or loaded from the security token, so we may omit to check - * the consistency of a private key with the public key in an X509 certificate - */ - si = PKCS7_add_signature(sig, cparams->cert, cparams->pkey, options->md); - if (si == NULL) - return NULL; /* FAILED */ - } else { - /* find the signer's certificate located somewhere in the whole certificate chain */ - for (i=0; icerts); i++) { - X509 *signcert = sk_X509_value(cparams->certs, i); - if (X509_check_private_key(signcert, cparams->pkey)) { - si = PKCS7_add_signature(sig, signcert, cparams->pkey, options->md); - signer = i; - break; - } - } - if (si == NULL) { - printf("Failed to checking the consistency of a private key: %s\n", options->keyfile); - printf(" with a public key in any X509 certificate: %s\n\n", options->certfile); - return NULL; /* FAILED */ - } - } - pkcs7_add_signing_time(si, options->time); - if (type == FILE_TYPE_CAT) { - PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, OBJ_txt2obj(MS_CTL_OBJID, 1)); - } else { - PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1)); - } - - if (type == FILE_TYPE_CAB && options->jp >= 0) - add_jp_attribute(si, options->jp); - - if (!add_purpose_attribute(si, options->comm)) - return NULL; /* FAILED */ - - if ((options->desc || options->url) && - !add_opus_attribute(si, options->desc, options->url)) { - printf("Couldn't allocate memory for opus info\n"); - return NULL; /* FAILED */ - } - PKCS7_content_new(sig, NID_pkcs7_data); - - /* add the signer's certificate */ - if (cparams->cert != NULL) - PKCS7_add_certificate(sig, cparams->cert); - if (signer != -1) - PKCS7_add_certificate(sig, sk_X509_value(cparams->certs, signer)); - - /* add the certificate chain */ - for (i=0; icerts); i++) { - if (i == signer) - continue; - PKCS7_add_certificate(sig, sk_X509_value(cparams->certs, i)); - } - /* add all cross certificates */ - if (cparams->xcerts) { - for (i=0; ixcerts); i++) - PKCS7_add_certificate(sig, sk_X509_value(cparams->xcerts, i)); - } - /* add crls */ - if (cparams->crls) { - for (i=0; icrls); i++) - PKCS7_add_crl(sig, sk_X509_CRL_value(cparams->crls, i)); - } - return sig; /* OK */ -} - -static int add_unauthenticated_blob(PKCS7 *sig) -{ - PKCS7_SIGNER_INFO *si; - ASN1_STRING *astr; - u_char *p = NULL; - int nid, len = 1024+4; - /* Length data for ASN1 attribute plus prefix */ - const char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; - const char postfix[] = "---END_BLOB---"; - STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(sig); - - if (!signer_info) - return 0; /* FAILED */ - si = sk_PKCS7_SIGNER_INFO_value(sig->d.sign->signer_info, 0); - if (!si) - return 0; /* FAILED */ - if ((p = OPENSSL_malloc((size_t)len)) == NULL) - return 0; /* FAILED */ - memset(p, 0, (size_t)len); - memcpy(p, prefix, sizeof prefix); - memcpy(p + len - sizeof postfix, postfix, sizeof postfix); - astr = ASN1_STRING_new(); - ASN1_STRING_set(astr, p, len); - nid = OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID, - "unauthenticatedData", "unauthenticatedData"); - PKCS7_add_attribute(si, nid, V_ASN1_SEQUENCE, astr); - OPENSSL_free(p); - return 1; /* OK */ -} - -/* - * Append signature to the outfile - */ -static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type, - GLOBAL_OPTIONS *options, MSI_PARAMS *msiparams, int *padlen, int *len, BIO *outdata) -{ - u_char *p = NULL; - PKCS7 *outsig = NULL; - u_char buf[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - - if (type != FILE_TYPE_CAT && options->nest) { - if (cursig == NULL) { - printf("Internal error: No 'cursig' was extracted\n"); - return 1; /* FAILED */ - } - if (pkcs7_set_nested_signature(cursig, sig, options->time) == 0) { - printf("Unable to append the nested signature to the current signature\n"); - return 1; /* FAILED */ - } - outsig = cursig; - } else { - outsig = sig; - } - /* Append signature to outfile */ - if (((*len = i2d_PKCS7(outsig, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)*len)) == NULL) { - printf("i2d_PKCS memory allocation failed: %d\n", *len); - return 1; /* FAILED */ - } - i2d_PKCS7(outsig, &p); - p -= *len; - *padlen = (8 - *len%8) % 8; - - if (type == FILE_TYPE_PE) { - PUT_UINT32_LE(*len + 8 + *padlen, buf); - PUT_UINT16_LE(WIN_CERT_REVISION_2_0, buf + 4); - PUT_UINT16_LE(WIN_CERT_TYPE_PKCS_SIGNED_DATA, buf + 6); - BIO_write(outdata, buf, 8); - } - if (type == FILE_TYPE_PE || type == FILE_TYPE_CAB) { - BIO_write(outdata, p, *len); - /* pad (with 0's) asn1 blob to 8 byte boundary */ - if (*padlen > 0) { - memset(p, 0, (size_t)*padlen); - BIO_write(outdata, p, *padlen); - } - } else if (type == FILE_TYPE_MSI) { - if (!msi_file_write(msiparams->msi, msiparams->dirent, p, (uint32_t)*len, - msiparams->p_msiex, (uint32_t)msiparams->len_msiex, outdata)) { - printf("Saving the msi file failed\n"); - OPENSSL_free(p); - return 1; /* FAILED */ - } - } else if (type == FILE_TYPE_CAT) { - i2d_PKCS7_bio(outdata, outsig); - } - OPENSSL_free(p); - return 0; /* OK */ -} - -static void update_data_size(file_type_t type, cmd_type_t cmd, FILE_HEADER *header, - int padlen, int len, BIO *outdata) -{ - u_char buf[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - - if (type == FILE_TYPE_PE) { - if (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) { - /* Update signature position and size */ - (void)BIO_seek(outdata, header->header_size + 152 + header->pe32plus * 16); - PUT_UINT32_LE(header->fileend, buf); /* Previous file end = signature table start */ - BIO_write(outdata, buf, 4); - PUT_UINT32_LE(len+8+padlen, buf); - BIO_write(outdata, buf, 4); - } - if (cmd == CMD_SIGN || cmd == CMD_REMOVE || cmd == CMD_ADD || cmd == CMD_ATTACH) - pe_recalc_checksum(outdata, header); - } else if (type == FILE_TYPE_CAB && (cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH)) { - /* - * Update additional data size. - * Additional data size is located at offset 0x30 (from file beginning) - * and consist of 4 bytes (little-endian order). - */ - (void)BIO_seek(outdata, 0x30); - PUT_UINT32_LE(len+padlen, buf); - BIO_write(outdata, buf, 4); - } -} - -static STACK_OF(X509) *PEM_read_certs(BIO *bin, char *certpass) +static STACK_OF(X509) *X509_chain_read_certs(BIO *bin, char *certpass) { STACK_OF(X509) *certs = sk_X509_new_null(); X509 *x509; @@ -4879,208 +2498,11 @@ static STACK_OF(X509) *PEM_read_certs(BIO *bin, char *certpass) return certs; } -static uint32_t get_file_size(const char *infile) -{ - int ret; -#ifdef _WIN32 - struct _stat64 st; - ret = _stat64(infile, &st); -#else - struct stat st; - ret = stat(infile, &st); -#endif - if (ret) { - printf("Failed to open file: %s\n", infile); - return 0; - } - - if (st.st_size < 4) { - printf("Unrecognized file type - file is too short: %s\n", infile); - return 0; - } - if (st.st_size > UINT32_MAX) { - printf("Unsupported file - too large: %s\n", infile); - return 0; - } - return (uint32_t)st.st_size; -} - -static char *map_file(const char *infile, const size_t size) -{ - char *indata = NULL; -#ifdef WIN32 - HANDLE fhandle, fmap; - (void)size; - fhandle = CreateFile(infile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); - if (fhandle == INVALID_HANDLE_VALUE) { - return NULL; - } - fmap = CreateFileMapping(fhandle, NULL, PAGE_READONLY, 0, 0, NULL); - CloseHandle(fhandle); - if (fmap == NULL) { - return NULL; - } - indata = (char *)MapViewOfFile(fmap, FILE_MAP_READ, 0, 0, 0); - CloseHandle(fmap); -#else -#ifdef HAVE_SYS_MMAN_H - int fd = open(infile, O_RDONLY); - if (fd < 0) { - return NULL; - } - indata = mmap(0, size, PROT_READ, MAP_PRIVATE, fd, 0); - if (indata == MAP_FAILED) { - close(fd); - return NULL; - } - close(fd); -#else - printf("No file mapping function\n"); - return NULL; -#endif /* HAVE_SYS_MMAN_H */ -#endif /* WIN32 */ - return indata; -} - -static void unmap_file(char *indata, const size_t size) -{ - if (!indata) - return; -#ifdef WIN32 - (void)size; - UnmapViewOfFile(indata); -#else - munmap(indata, size); -#endif /* WIN32 */ -} - -static int input_validation(file_type_t type, GLOBAL_OPTIONS *options, FILE_HEADER *header, - MSI_PARAMS *msiparams, char *indata, uint32_t filesize) -{ - if (type == FILE_TYPE_CAB) { - if (options->pagehash == 1) - printf("Warning: -ph option is only valid for PE files\n"); - if (options->add_msi_dse == 1) - printf("Warning: -add-msi-dse option is only valid for MSI files\n"); - if (!cab_verify_header(indata, options->infile, filesize, header)) { - printf("Corrupt CAB file\n"); - return 0; /* FAILED */ - } - } else if (type == FILE_TYPE_CAT) { - if (options->nest) - /* I've not tried using pkcs7_set_nested_signature as signtool won't do this */ - printf("Warning: CAT files do not support nesting\n"); - if (options->jp >= 0) - printf("Warning: -jp option is only valid for CAB files\n"); - if (options->pagehash == 1) - printf("Warning: -ph option is only valid for PE files\n"); - if (options->add_msi_dse == 1) - printf("Warning: -add-msi-dse option is only valid for MSI files\n"); - if (!cat_verify_header(indata, filesize, header)) { - printf("Corrupt CAT file: %s\n", options->infile); - return 0; /* FAILED */ - } - } else if (type == FILE_TYPE_PE) { - if (options->jp >= 0) - printf("Warning: -jp option is only valid for CAB files\n"); - if (options->add_msi_dse == 1) - printf("Warning: -add-msi-dse option is only valid for MSI files\n"); - if (!pe_verify_header(indata, options->infile, filesize, header)) { - printf("Corrupt PE file\n"); - return 0; /* FAILED */ - } - } else if (type == FILE_TYPE_MSI) { - if (options->pagehash == 1) - printf("Warning: -ph option is only valid for PE files\n"); - if (options->jp >= 0) - printf("Warning: -jp option is only valid for CAB files\n"); - if (!msi_verify_header(indata, filesize, msiparams)) { - printf("Corrupt MSI file: %s\n", options->infile); - return 0; /* FAILED */ - } - } - return 1; /* OK */ -} - -static int check_attached_data(file_type_t type, FILE_HEADER *header, GLOBAL_OPTIONS *options, - MSI_PARAMS *msiparams) -{ - uint32_t filesize; - char *outdata; - int ret = 1; - - filesize = get_file_size(options->outfile); - if (!filesize) { - printf("Error verifying result\n"); - return 1; /* FAILED */ - } - outdata = map_file(options->outfile, filesize); - if (!outdata) { - printf("Error verifying result\n"); - return 1; /* FAILED */ - } - if (type == FILE_TYPE_PE) { - if (!pe_verify_header(outdata, options->outfile, filesize, header)) { - printf("Corrupt PE file\n"); - goto out; - } - if (pe_verify_file(outdata, header, options)) { - printf("Signature mismatch\n"); - goto out; - } - } else if (type == FILE_TYPE_CAB) { - if (!cab_verify_header(outdata, options->outfile, filesize, header)) { - printf("Corrupt CAB file\n"); - goto out; - } - if (cab_verify_file(outdata, header, options)) { - printf("Signature mismatch\n"); - goto out; - } - } else if (type == FILE_TYPE_MSI) { - if (!msi_verify_header(outdata, filesize, msiparams)) { - printf("Corrupt MSI file: %s\n", options->outfile); - goto out; - } - if (msi_verify_file(msiparams, options)) { - printf("Signature mismatch\n"); - goto out; - } - } else { - printf("Unknown input type for file: %s\n", options->infile); - goto out; - } - ret = 0; /* OK */ -out: - unmap_file(outdata, filesize); - return ret; -} - -static int get_file_type(char *indata, char *infile, file_type_t *type) -{ - const u_char pkcs7_signed_data[] = { - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x07, 0x02, - }; - - if (!memcmp(indata, "MSCF", 4)) { - *type = FILE_TYPE_CAB; - } else if (!memcmp(indata, "MZ", 2)) { - *type = FILE_TYPE_PE; - } else if (!memcmp(indata, msi_magic, sizeof msi_magic)) { - *type = FILE_TYPE_MSI; - } else if (!memcmp(indata + ((GET_UINT8_LE(indata+1) == 0x82) ? 4 : 5), - pkcs7_signed_data, sizeof pkcs7_signed_data)) { - /* the maximum size of a supported cat file is (2^24 -1) bytes */ - *type = FILE_TYPE_CAT; - } else { - printf("Unrecognized file type: %s\n", infile); - return 0; /* FAILED */ - } - return 1; /* OK */ -} - #ifdef PROVIDE_ASKPASS +/* + * [in] prompt: "Password: " + * [returns] password + */ static char *getpassword(const char *prompt) { #ifdef HAVE_TERMIOS_H @@ -5115,6 +2537,10 @@ static char *getpassword(const char *prompt) } #endif +/* + * [in, out] options: structure holds the input data + * [returns] 0 on error or 1 on success + */ static int read_password(GLOBAL_OPTIONS *options) { char passbuf[4096]; @@ -5173,11 +2599,13 @@ static int read_password(GLOBAL_OPTIONS *options) /* * Parse a PKCS#12 container with certificates and a private key. - * If successful the private key will be written to cparams->pkey, - * the corresponding certificate to cparams->cert - * and any additional certificates to cparams->certs. + * If successful the private key will be written to options->pkey, + * the corresponding certificate to options->cert + * and any additional certificates to options->certs. + * [in, out] options: structure holds the input data + * [returns] 0 on error or 1 on success */ -static int read_pkcs12file(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) +static int read_pkcs12file(GLOBAL_OPTIONS *options) { BIO *btmp; PKCS12 *p12; @@ -5193,7 +2621,7 @@ static int read_pkcs12file(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) printf("Failed to extract PKCS#12 data: %s\n", options->pkcs12file); goto out; /* FAILED */ } - if (!PKCS12_parse(p12, options->pass ? options->pass : "", &cparams->pkey, &cparams->cert, &cparams->certs)) { + if (!PKCS12_parse(p12, options->pass ? options->pass : "", &options->pkey, &options->cert, &options->certs)) { printf("Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file); PKCS12_free(p12); goto out; /* FAILED */ @@ -5205,7 +2633,11 @@ out: return ret; } -/* Obtain a copy of the whole X509_CRL chain */ +/* + * Obtain a copy of the whole X509_CRL chain + * [in] chain: STACK_OF(X509_CRL) structure + * [returns] pointer to STACK_OF(X509_CRL) structure + */ static STACK_OF(X509_CRL) *X509_CRL_chain_up_ref(STACK_OF(X509_CRL) *chain) { STACK_OF(X509_CRL) *ret; @@ -5228,10 +2660,12 @@ err: /* * Load certificates from a file. - * If successful all certificates will be written to cparams->certs - * and optional CRLs will be written to cparams->crls. + * If successful all certificates will be written to options->certs + * and optional CRLs will be written to options->crls. + * [in, out] options: structure holds the input data + * [returns] 0 on error or 1 on success */ -static int read_certfile(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) +static int read_certfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; @@ -5242,15 +2676,15 @@ static int read_certfile(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) return 0; /* FAILED */ } /* .pem certificate file */ - cparams->certs = PEM_read_certs(btmp, NULL); + options->certs = X509_chain_read_certs(btmp, NULL); /* .der certificate file */ - if (!cparams->certs) { + if (!options->certs) { X509 *x = NULL; (void)BIO_seek(btmp, 0); if (d2i_X509_bio(btmp, &x)) { - cparams->certs = sk_X509_new_null(); - if (!sk_X509_push(cparams->certs, x)) { + options->certs = sk_X509_new_null(); + if (!sk_X509_push(options->certs, x)) { X509_free(x); goto out; /* FAILED */ } @@ -5259,17 +2693,17 @@ static int read_certfile(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) } /* .spc or .p7b certificate file (PKCS#7 structure) */ - if (!cparams->certs) { + if (!options->certs) { PKCS7 *p7; (void)BIO_seek(btmp, 0); p7 = d2i_PKCS7_bio(btmp, NULL); if (!p7) goto out; /* FAILED */ - cparams->certs = X509_chain_up_ref(p7->d.sign->cert); + options->certs = X509_chain_up_ref(p7->d.sign->cert); /* additional CRLs may be supplied as part of a PKCS#7 signed data structure */ if (p7->d.sign->crl) - cparams->crls = X509_CRL_chain_up_ref(p7->d.sign->crl); + options->crls = X509_CRL_chain_up_ref(p7->d.sign->crl); PKCS7_free(p7); } @@ -5281,8 +2715,12 @@ out: return ret; } -/* Load additional (cross) certificates from a .pem file */ -static int read_xcertfile(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) +/* + * Load additional (cross) certificates from a .pem file + * [in, out] options: structure holds the input data + * [returns] 0 on error or 1 on success + */ +static int read_xcertfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; @@ -5292,8 +2730,8 @@ static int read_xcertfile(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) printf("Failed to read cross certificates file: %s\n", options->xcertfile); return 0; /* FAILED */ } - cparams->xcerts = PEM_read_certs(btmp, NULL); - if (!cparams->xcerts) { + options->xcerts = X509_chain_read_certs(btmp, NULL); + if (!options->xcerts) { printf("Failed to read cross certificates file: %s\n", options->xcertfile); goto out; /* FAILED */ } @@ -5304,8 +2742,12 @@ out: return ret; } -/* Load the private key from a file */ -static int read_keyfile(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) +/* + * Load the private key from a file + * [in, out] options: structure holds the input data + * [returns] 0 on error or 1 on success + */ +static int read_keyfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; @@ -5315,11 +2757,11 @@ static int read_keyfile(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) printf("Failed to read private key file: %s\n", options->keyfile); return 0; /* FAILED */ } - if (((cparams->pkey = d2i_PrivateKey_bio(btmp, NULL)) == NULL && + if (((options->pkey = d2i_PrivateKey_bio(btmp, NULL)) == NULL && (BIO_seek(btmp, 0) == 0) && - (cparams->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : NULL)) == NULL && + (options->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : NULL)) == NULL && (BIO_seek(btmp, 0) == 0) && - (cparams->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) { + (options->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) { printf("Failed to decode private key file: %s (Wrong password?)\n", options->keyfile); goto out; /* FAILED */ } @@ -5334,6 +2776,8 @@ out: * PVK is a proprietary Microsoft format that stores a cryptographic private key. * PVK files are often password-protected. * A PVK file may have an associated .spc (PKCS7) certificate file. + * [in, out] options: structure holds the input data + * [returns] PVK file */ static char *find_pvk_key(GLOBAL_OPTIONS *options) { @@ -5362,7 +2806,11 @@ static char *find_pvk_key(GLOBAL_OPTIONS *options) return pvkfile; } -static int read_pvk_key(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) +/* + * [in, out] options: structure holds the input data + * [returns] 0 on error or 1 on success + */ +static int read_pvk_key(GLOBAL_OPTIONS *options) { BIO *btmp; @@ -5371,13 +2819,13 @@ static int read_pvk_key(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) printf("Failed to read private key file: %s\n", options->pvkfile); return 0; /* FAILED */ } - cparams->pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : NULL); - if (!cparams->pkey && options->askpass) { + options->pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : NULL); + if (!options->pkey && options->askpass) { (void)BIO_seek(btmp, 0); - cparams->pkey = b2i_PVK_bio(btmp, NULL, NULL); + options->pkey = b2i_PVK_bio(btmp, NULL, NULL); } BIO_free(btmp); - if (!cparams->pkey) { + if (!options->pkey) { printf("Failed to decode private key file: %s\n", options->pvkfile); return 0; /* FAILED */ } @@ -5386,8 +2834,12 @@ static int read_pvk_key(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) #ifndef OPENSSL_NO_ENGINE -/* Load an engine in a shareable library */ -static ENGINE *dynamic_engine(GLOBAL_OPTIONS *options) +/* + * Load an engine in a shareable library + * [in] options: structure holds the input data + * [returns] pointer to ENGINE + */ +static ENGINE *engine_dynamic(GLOBAL_OPTIONS *options) { ENGINE *engine; char *id; @@ -5426,8 +2878,12 @@ static ENGINE *dynamic_engine(GLOBAL_OPTIONS *options) return engine; } -/* Load a pkcs11 engine */ -static ENGINE *pkcs11_engine() +/* + * Load a pkcs11 engine + * [in] none + * [returns] pointer to ENGINE + */ +static ENGINE *engine_pkcs11() { ENGINE *engine = ENGINE_by_id("pkcs11"); if (!engine) { @@ -5437,8 +2893,13 @@ static ENGINE *pkcs11_engine() return engine; /* OK */ } -/* Load the private key and the signer certificate from a security token */ -static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine, CRYPTO_PARAMS *cparams) +/* + * Load the private key and the signer certificate from a security token + * [in, out] options: structure holds the input data + * [in] engine: ENGINE structure + * [returns] 0 on error or 1 on success + */ +static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine) { if (options->p11module && !ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", options->p11module, 0)) { printf("Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module); @@ -5475,13 +2936,13 @@ static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine, CRYPTO_PARAMS *cp ENGINE_finish(engine); return 0; /* FAILED */ } else - cparams->cert = parms.cert; + options->cert = parms.cert; } - cparams->pkey = ENGINE_load_private_key(engine, options->keyfile, NULL, NULL); + options->pkey = ENGINE_load_private_key(engine, options->keyfile, NULL, NULL); /* Free the functional reference from ENGINE_init */ ENGINE_finish(engine); - if (!cparams->pkey) { + if (!options->pkey) { printf("Failed to load private key %s\n", options->keyfile); return 0; /* FAILED */ } @@ -5489,19 +2950,23 @@ static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine, CRYPTO_PARAMS *cp } #endif /* OPENSSL_NO_ENGINE */ -static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) +/* + * [in, out] options: structure holds the input data + * [returns] 0 on error or 1 on success + */ +static int read_crypto_params(GLOBAL_OPTIONS *options) { int ret = 0; /* Microsoft Private Key format support */ options->pvkfile = find_pvk_key(options); if (options->pvkfile) { - if (!read_certfile(options, cparams) || !read_pvk_key(options, cparams)) + if (!read_certfile(options) || !read_pvk_key(options)) goto out; /* FAILED */ /* PKCS#12 container with certificates and the private key ("-pkcs12" option) */ } else if (options->pkcs12file) { - if (!read_pkcs12file(options, cparams)) + if (!read_pkcs12file(options)) goto out; /* FAILED */ #ifndef OPENSSL_NO_ENGINE @@ -5510,73 +2975,44 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) ENGINE *engine; if (options->p11engine) - engine = dynamic_engine(options); + engine = engine_dynamic(options); else - engine = pkcs11_engine(); + engine = engine_pkcs11(); if (!engine) goto out; /* FAILED */ printf("Engine \"%s\" set.\n", ENGINE_get_id(engine)); /* Load the private key and the signer certificate from the security token */ - if (!read_token(options, engine, cparams)) + if (!read_token(options, engine)) goto out; /* FAILED */ /* Load the signer certificate and the whole certificate chain from a file */ - if (options->certfile && !read_certfile(options, cparams)) + if (options->certfile && !read_certfile(options)) goto out; /* FAILED */ /* PEM / DER / SPC file format support */ - } else if (!read_certfile(options, cparams) || !read_keyfile(options, cparams)) + } else if (!read_certfile(options) || !read_keyfile(options)) goto out; /* FAILED */ #endif /* OPENSSL_NO_ENGINE */ /* Load additional (cross) certificates ("-ac" option) */ - if (options->xcertfile && !read_xcertfile(options, cparams)) + if (options->xcertfile && !read_xcertfile(options)) goto out; /* FAILED */ - ret = 1; + ret = 1; /* OK */ out: /* reset password */ if (options->pass) { memset(options->pass, 0, strlen(options->pass)); OPENSSL_free(options->pass); } - return ret; /* OK */ -} - -static void free_msi_params(MSI_PARAMS *msiparams) -{ - msi_file_free(msiparams->msi); - msi_dirent_free(msiparams->dirent); - OPENSSL_free(msiparams->p_msiex); -} - -static void free_crypto_params(CRYPTO_PARAMS *cparams) -{ - /* If key is NULL nothing is done */ - EVP_PKEY_free(cparams->pkey); - cparams->pkey = NULL; - /* If X509 structure is NULL nothing is done */ - X509_free(cparams->cert); - cparams->cert = NULL; - /* Free up all elements of sk structure and sk itself */ - sk_X509_pop_free(cparams->certs, X509_free); - cparams->certs = NULL; - sk_X509_pop_free(cparams->xcerts, X509_free); - cparams->xcerts = NULL; - sk_X509_CRL_pop_free(cparams->crls, X509_CRL_free); - cparams->crls = NULL; -} - -static void free_options(GLOBAL_OPTIONS *options) -{ - /* If memory has not been allocated nothing is done */ - OPENSSL_free(options->cafile); - OPENSSL_free(options->tsa_cafile); - OPENSSL_free(options->crlfile); - OPENSSL_free(options->tsa_crlfile); + return ret; } +/* + * [in] none + * [returns] default CAfile + */ static char *get_cafile(void) { #ifndef WIN32 @@ -5599,242 +3035,7 @@ static char *get_cafile(void) return NULL; } -static PKCS7 *get_sigfile(char *sigfile, file_type_t type) -{ - PKCS7 *sig = NULL; - uint32_t sigfilesize; - char *insigdata; - FILE_HEADER header; - BIO *sigbio; - const char pemhdr[] = "-----BEGIN PKCS7-----"; - - sigfilesize = get_file_size(sigfile); - if (!sigfilesize) { - return NULL; /* FAILED */ - } - insigdata = map_file(sigfile, sigfilesize); - if (!insigdata) { - printf("Failed to open file: %s\n", sigfile); - return NULL; /* FAILED */ - } - if (sigfilesize >= sizeof pemhdr && !memcmp(insigdata, pemhdr, sizeof pemhdr - 1)) { - sigbio = BIO_new_mem_buf(insigdata, (int)sigfilesize); - sig = PEM_read_bio_PKCS7(sigbio, NULL, NULL, NULL); - BIO_free_all(sigbio); - } else { - /* reset header */ - memset(&header, 0, sizeof(FILE_HEADER)); - header.fileend = sigfilesize; - header.siglen = sigfilesize; - header.sigpos = 0; - if (type == FILE_TYPE_PE) - sig = pe_extract_existing_pkcs7(insigdata, &header); - else - sig = extract_existing_pkcs7(insigdata, &header); - } - unmap_file(insigdata, sigfilesize); - return sig; /* OK */ -} - -/* - * Obtain an existing signature or create a new one - */ -static PKCS7 *get_pkcs7(cmd_type_t cmd, BIO *hash, file_type_t type, char *indata, - GLOBAL_OPTIONS *options, FILE_HEADER *header, CRYPTO_PARAMS *cparams, PKCS7 *cursig) -{ - PKCS7 *sig = NULL; - - if (cmd == CMD_ATTACH) { - sig = get_sigfile(options->sigfile, type); - if (!sig) { - printf("Unable to extract valid signature\n"); - return NULL; /* FAILED */ - } - } else if (cmd == CMD_SIGN) { - sig = create_new_signature(type, options, cparams); - if (!sig) { - printf("Creating a new signature failed\n"); - return NULL; /* FAILED */ - } - if (type == FILE_TYPE_CAT) { - if (!set_content_blob(sig, cursig)) { - PKCS7_free(sig); - printf("Signing failed\n"); - return NULL; /* FAILED */ - } - } else { - if (!set_indirect_data_blob(sig, hash, type, indata, options, header)) { - PKCS7_free(sig); - printf("Signing failed\n"); - return NULL; /* FAILED */ - } - } - } - return sig; -} - -/* - * Perform a sanity check for the MsiDigitalSignatureEx section. - * If the file we're attempting to sign has an MsiDigitalSignatureEx - * section, we can't add a nested signature of a different MD type - * without breaking the initial signature. - */ -static int msi_check_MsiDigitalSignatureEx(GLOBAL_OPTIONS *options, MSI_ENTRY *dse) -{ - if (dse && GET_UINT32_LE(dse->size) != (uint32_t)EVP_MD_size(options->md)) { - printf("Unable to add nested signature with a different MD type (-h parameter) " - "than what exists in the MSI file already.\nThis is due to the presence of " - "MsiDigitalSignatureEx (-add-msi-dse parameter).\n\n"); - return 0; /* FAILED */ - } - if (!dse && options->add_msi_dse) { - printf("Unable to add signature with -add-msi-dse parameter " - "without breaking the initial signature.\n\n"); - return 0; /* FAILED */ - } - if (dse && !options->add_msi_dse) { - printf("Unable to add signature without -add-msi-dse parameter " - "without breaking the initial signature.\nThis is due to the presence of " - "MsiDigitalSignatureEx (-add-msi-dse parameter).\n" - "Should use -add-msi-dse options in this case.\n\n"); - return 0; /* FAILED */ - } - return 1; /* OK */ -} - -/* - * Prepare the output file for signing - */ -static PKCS7 *msi_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *header, - GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams, char *indata, - BIO *hash, PKCS7 **cursig, MSI_PARAMS *msiparams) -{ - PKCS7 *sig = NULL; - uint32_t len; - char *data; - - if (options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(msiparams, options->md, hash)) { - printf("Unable to calc MsiDigitalSignatureEx\n"); - return NULL; /* FAILED */ - } - if (!msi_hash_dir(msiparams->msi, msiparams->dirent, hash, 1)) { - printf("Unable to msi_handle_dir()\n"); - return NULL; /* FAILED */ - } - - /* Obtain a current signature from previously-signed file */ - if ((cmd == CMD_SIGN && options->nest) || - (cmd == CMD_ATTACH && options->nest) || cmd == CMD_ADD) { - MSI_ENTRY *dse = NULL; - MSI_ENTRY *ds = msi_signatures_get(msiparams->dirent, &dse); - if (!ds) { - printf("MSI file has no signature\n\n"); - return NULL; /* FAILED */ - } - if (!msi_check_MsiDigitalSignatureEx(options, dse)) { - return NULL; /* FAILED */ - } - len = GET_UINT32_LE(ds->size); - if (len == 0 || len >= MAXREGSECT) { - printf("Corrupted DigitalSignature stream length 0x%08X\n", len); - return NULL; /* FAILED */ - } - data = OPENSSL_malloc((size_t)len); - *cursig = msi_extract_existing_pkcs7(msiparams, ds, &data, len); - OPENSSL_free(data); - if (!*cursig) { - printf("Unable to extract existing signature\n"); - return NULL; /* FAILED */ - } - if (cmd == CMD_ADD) - sig = *cursig; - } - /* Obtain an existing signature or create a new one */ - if ((cmd == CMD_ATTACH) || (cmd == CMD_SIGN)) - sig = get_pkcs7(cmd, hash, type, indata, options, header, cparams, NULL); - return sig; /* OK */ -} - -static PKCS7 *pe_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *header, - GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams, char *indata, - BIO *hash, BIO *outdata, PKCS7 **cursig) -{ - PKCS7 *sig = NULL; - - /* Obtain a current signature from previously-signed file */ - if ((cmd == CMD_SIGN && options->nest) || - (cmd == CMD_ATTACH && options->nest) || cmd == CMD_ADD) { - *cursig = pe_extract_existing_pkcs7(indata, header); - if (!*cursig) { - printf("Unable to extract existing signature\n"); - return NULL; /* FAILED */ - } - if (cmd == CMD_ADD) - sig = *cursig; - } - if (header->sigpos > 0) { - /* Strip current signature */ - header->fileend = header->sigpos; - } - if (!pe_modify_header(indata, header, hash, outdata)) { - printf("Unable to modify file header\n"); - return NULL; /* FAILED */ - } - /* Obtain an existing signature or create a new one */ - if ((cmd == CMD_ATTACH) || (cmd == CMD_SIGN)) - sig = get_pkcs7(cmd, hash, type, indata, options, header, cparams, NULL); - return sig; /* OK */ -} - -static PKCS7 *cab_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *header, - GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams, char *indata, - BIO *hash, BIO *outdata, PKCS7 **cursig) -{ - PKCS7 *sig = NULL; - - /* Obtain a current signature from previously-signed file */ - if ((cmd == CMD_SIGN && options->nest) || - (cmd == CMD_ATTACH && options->nest) || cmd == CMD_ADD) { - *cursig = extract_existing_pkcs7(indata, header); - if (!*cursig) { - printf("Unable to extract existing signature\n"); - return NULL; /* FAILED */ - } - if (cmd == CMD_ADD) - sig = *cursig; - } - if (header->header_size == 20) { - /* Strip current signature and modify header */ - if (!cab_modify_header(indata, header, hash, outdata)) - return NULL; /* FAILED */ - } else { - if (!cab_add_header(indata, header, hash, outdata)) - return NULL; /* FAILED */ - } - /* Obtain an existing signature or create a new one */ - if ((cmd == CMD_ATTACH) || (cmd == CMD_SIGN)) - sig = get_pkcs7(cmd, hash, type, indata, options, header, cparams, NULL); - return sig; /* OK */ -} - -static PKCS7 *cat_presign_file(file_type_t type, cmd_type_t cmd, FILE_HEADER *header, - GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams, char *indata, PKCS7 **cursig) -{ - PKCS7 *sig; - - *cursig = cat_extract_existing_pkcs7(indata, header); - if (!*cursig) { - printf("Failed to extract PKCS7 signed data\n"); - return NULL; /* FAILED */ - } - if (cmd == CMD_ADD) - sig = *cursig; - else - sig = get_pkcs7(cmd, NULL, type, indata, options, header, cparams, *cursig); - return sig; /* OK */ -} - -static void print_version() +static void print_version(void) { #ifdef PACKAGE_STRING printf("%s, using:\n", PACKAGE_STRING); @@ -5853,6 +3054,10 @@ static void print_version() printf("\n"); } +/* + * [in] argv + * [returns] cmd_type_t: command + */ static cmd_type_t get_command(char **argv) { if (!strcmp(argv[1], "--help")) { @@ -5923,22 +3128,29 @@ static int use_legacy(void) } #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ -static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS *options) +/* + * [in] argc, argv + * [in, out] options: structure holds the input data + * [returns] 0 on error or 1 on success + */ +static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) { int i; char *failarg = NULL; const char *argv0; + cmd_type_t cmd = CMD_SIGN; argv0 = argv[0]; if (argc > 1) { - *cmd = get_command(argv); - if (*cmd == CMD_DEFAULT) { - *cmd = CMD_SIGN; + cmd = get_command(argv); + if (cmd == CMD_DEFAULT) { + cmd = CMD_SIGN; } else { argv++; argc--; } } + options->cmd = cmd; options->md = EVP_sha256(); options->time = INVALID_TIME; options->jp = -1; @@ -5947,10 +3159,10 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS options->legacy = 1; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ - if (*cmd == CMD_HELP) { + if (cmd == CMD_HELP) { return 0; /* FAILED */ } - if (*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) { + if (cmd == CMD_VERIFY || cmd == CMD_ATTACH) { options->cafile = get_cafile(); options->tsa_cafile = get_cafile(); } @@ -5973,46 +3185,46 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS return 0; /* FAILED */ } options->sigfile = *(++argv); - } else if ((*cmd == CMD_SIGN) && (!strcmp(*argv, "-spc") || !strcmp(*argv, "-certs"))) { + } else if ((cmd == CMD_SIGN) && (!strcmp(*argv, "-spc") || !strcmp(*argv, "-certs"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->certfile = *(++argv); - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-ac")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ac")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->xcertfile = *(++argv); - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-key")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-key")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->keyfile = *(++argv); - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs12")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs12")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->pkcs12file = *(++argv); - } else if ((*cmd == CMD_EXTRACT) && !strcmp(*argv, "-pem")) { + } else if ((cmd == CMD_EXTRACT) && !strcmp(*argv, "-pem")) { options->output_pkcs7 = 1; #ifndef OPENSSL_NO_ENGINE - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11cert")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11cert")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->p11cert = *(++argv); - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11engine")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11engine")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->p11engine = *(++argv); - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11module")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11module")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ @@ -6020,10 +3232,10 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS options->p11module = *(++argv); #endif /* OPENSSL_NO_ENGINE */ #if OPENSSL_VERSION_NUMBER>=0x30000000L - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-nolegacy")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-nolegacy")) { options->legacy = 0; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pass")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pass")) { if (options->askpass || options->readpass) { usage(argv0, "all"); return 0; /* FAILED */ @@ -6035,14 +3247,14 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS options->pass = OPENSSL_strdup(*(++argv)); memset(*argv, 0, strlen(*argv)); #ifdef PROVIDE_ASKPASS - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-askpass")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-askpass")) { if (options->pass || options->readpass) { usage(argv0, "all"); return 0; /* FAILED */ } options->askpass = 1; #endif - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-readpass")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-readpass")) { if (options->askpass || options->pass) { usage(argv0, "all"); return 0; /* FAILED */ @@ -6052,17 +3264,17 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS return 0; /* FAILED */ } options->readpass = *(++argv); - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-comm")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-comm")) { options->comm = 1; - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-ph")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ph")) { options->pagehash = 1; - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-n")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->desc = *(++argv); - } else if ((*cmd == CMD_SIGN|| *cmd == CMD_ADD || *cmd == CMD_ATTACH) + } else if ((cmd == CMD_SIGN|| cmd == CMD_ADD || cmd == CMD_ATTACH) && !strcmp(*argv, "-h")) { if (--argc < 1) { usage(argv0, "all"); @@ -6083,13 +3295,13 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS usage(argv0, "all"); return 0; /* FAILED */ } - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-i")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-i")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->url = *(++argv); - } else if ((*cmd == CMD_ATTACH || *cmd == CMD_SIGN || *cmd == CMD_VERIFY) + } else if ((cmd == CMD_ATTACH || cmd == CMD_SIGN || cmd == CMD_VERIFY) && (!strcmp(*argv, "-time") || !strcmp(*argv, "-st"))) { if (--argc < 1) { usage(argv0, "all"); @@ -6097,98 +3309,98 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS } options->time = (time_t)strtoull(*(++argv), NULL, 10); #ifdef ENABLE_CURL - } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-t")) { + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-t")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->turl[options->nturl++] = *(++argv); - } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-ts")) { + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-ts")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsurl[options->ntsurl++] = *(++argv); - } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-p")) { + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-p")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->proxy = *(++argv); - } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-noverifypeer")) { + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-noverifypeer")) { options->noverifypeer = 1; #endif - } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-addUnauthenticatedBlob")) { + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-addUnauthenticatedBlob")) { options->addBlob = 1; - } else if ((*cmd == CMD_SIGN || *cmd == CMD_ATTACH) && !strcmp(*argv, "-nest")) { + } else if ((cmd == CMD_SIGN || cmd == CMD_ATTACH) && !strcmp(*argv, "-nest")) { options->nest = 1; - } else if ((*cmd == CMD_VERIFY) && !strcmp(*argv, "-ignore-timestamp")) { + } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-ignore-timestamp")) { options->ignore_timestamp = 1; - } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD || *cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) { + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) { options->verbose = 1; - } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD || *cmd == CMD_ATTACH) && !strcmp(*argv, "-add-msi-dse")) { + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH) && !strcmp(*argv, "-add-msi-dse")) { options->add_msi_dse = 1; - } else if ((*cmd == CMD_VERIFY) && (!strcmp(*argv, "-c") || !strcmp(*argv, "-catalog"))) { + } else if ((cmd == CMD_VERIFY) && (!strcmp(*argv, "-c") || !strcmp(*argv, "-catalog"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->catalog = *(++argv); - } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && !strcmp(*argv, "-CAfile")) { + } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-CAfile")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } OPENSSL_free(options->cafile); options->cafile = OPENSSL_strdup(*++argv); - } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && !strcmp(*argv, "-CRLfile")) { + } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-CRLfile")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->crlfile = OPENSSL_strdup(*++argv); - } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && (!strcmp(*argv, "-untrusted") || !strcmp(*argv, "-TSA-CAfile"))) { + } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && (!strcmp(*argv, "-untrusted") || !strcmp(*argv, "-TSA-CAfile"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } OPENSSL_free(options->tsa_cafile); options->tsa_cafile = OPENSSL_strdup(*++argv); - } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && (!strcmp(*argv, "-CRLuntrusted") || !strcmp(*argv, "-TSA-CRLfile"))) { + } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && (!strcmp(*argv, "-CRLuntrusted") || !strcmp(*argv, "-TSA-CRLfile"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_crlfile = OPENSSL_strdup(*++argv); - } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && !strcmp(*argv, "-require-leaf-hash")) { + } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-require-leaf-hash")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->leafhash = (*++argv); - } else if ((*cmd == CMD_ADD) && !strcmp(*argv, "--help")) { + } else if ((cmd == CMD_ADD) && !strcmp(*argv, "--help")) { help_for(argv0, "add"); - *cmd = CMD_HELP; + cmd = CMD_HELP; return 0; /* FAILED */ - } else if ((*cmd == CMD_ATTACH) && !strcmp(*argv, "--help")) { + } else if ((cmd == CMD_ATTACH) && !strcmp(*argv, "--help")) { help_for(argv0, "attach-signature"); - *cmd = CMD_HELP; + cmd = CMD_HELP; return 0; /* FAILED */ - } else if ((*cmd == CMD_EXTRACT) && !strcmp(*argv, "--help")) { + } else if ((cmd == CMD_EXTRACT) && !strcmp(*argv, "--help")) { help_for(argv0, "extract-signature"); - *cmd = CMD_HELP; + cmd = CMD_HELP; return 0; /* FAILED */ - } else if ((*cmd == CMD_REMOVE) && !strcmp(*argv, "--help")) { + } else if ((cmd == CMD_REMOVE) && !strcmp(*argv, "--help")) { help_for(argv0, "remove-signature"); - *cmd = CMD_HELP; + cmd = CMD_HELP; return 0; /* FAILED */ - } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "--help")) { + } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "--help")) { help_for(argv0, "sign"); - *cmd = CMD_HELP; + cmd = CMD_HELP; return 0; /* FAILED */ - } else if ((*cmd == CMD_VERIFY) && !strcmp(*argv, "--help")) { + } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "--help")) { help_for(argv0, "verify"); - *cmd = CMD_HELP; + cmd = CMD_HELP; return 0; /* FAILED */ } else if (!strcmp(*argv, "-jp")) { char *ap; @@ -6218,7 +3430,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS options->infile = *(argv++); argc--; } - if (*cmd != CMD_VERIFY && (!options->outfile && argc > 0)) { + if (cmd != CMD_VERIFY && (!options->outfile && argc > 0)) { if (!strcmp(*argv, "-out")) { argv++; argc--; @@ -6233,8 +3445,8 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS (options->nturl && options->ntsurl) || #endif !options->infile || - (*cmd != CMD_VERIFY && !options->outfile) || - (*cmd == CMD_SIGN && !((options->certfile && options->keyfile) || + (cmd != CMD_VERIFY && !options->outfile) || + (cmd == CMD_SIGN && !((options->certfile && options->keyfile) || #ifndef OPENSSL_NO_ENGINE options->p11engine || options->p11module || #endif /* OPENSSL_NO_ENGINE */ @@ -6245,13 +3457,13 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS return 0; /* FAILED */ } #ifndef WIN32 - if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && access(options->cafile, R_OK)) { + if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && access(options->cafile, R_OK)) { printf("Use the \"-CAfile\" option to add one or more trusted CA certificates to verify the signature.\n"); return 0; /* FAILED */ } #endif /* WIN32 */ #if OPENSSL_VERSION_NUMBER>=0x30000000L - if (*cmd == CMD_SIGN && options->legacy && !use_legacy()) { + if (cmd == CMD_SIGN && options->legacy && !use_legacy()) { printf("Warning: Legacy mode disabled\n"); } #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ @@ -6260,262 +3472,135 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS int main(int argc, char **argv) { + FILE_FORMAT_CTX *ctx = NULL; GLOBAL_OPTIONS options; - FILE_HEADER header, catheader; - MSI_PARAMS msiparams; - CRYPTO_PARAMS cparams; - BIO *hash = NULL, *outdata = NULL; - PKCS7 *cursig = NULL, *sig = NULL; - char *indata = NULL, *catdata = NULL; - int ret = -1, len = 0, padlen = 0; - uint32_t filesize = 0; - file_type_t type = FILE_TYPE_ANY, filetype = FILE_TYPE_CAT; - cmd_type_t cmd = CMD_DEFAULT; + PKCS7 *p7 = NULL; + BIO *outdata = NULL; + BIO *hash = NULL; + int ret = -1; /* reset options */ memset(&options, 0, sizeof(GLOBAL_OPTIONS)); /* Set up OpenSSL */ if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS - | OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS - | OPENSSL_INIT_LOAD_CONFIG, NULL)) + | OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CONFIG, NULL)) DO_EXIT_0("Failed to init crypto\n"); /* create some MS Authenticode OIDS we need later on */ - if (!OBJ_create(SPC_STATEMENT_TYPE_OBJID, NULL, NULL) || - !OBJ_create(MS_JAVA_SOMETHING, NULL, NULL) || - !OBJ_create(SPC_SP_OPUS_INFO_OBJID, NULL, NULL) || - !OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL)) + if (!OBJ_create(SPC_STATEMENT_TYPE_OBJID, NULL, NULL) + || !OBJ_create(MS_JAVA_SOMETHING, NULL, NULL) + || !OBJ_create(SPC_SP_OPUS_INFO_OBJID, NULL, NULL) + || !OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL)) DO_EXIT_0("Failed to create objects\n"); - /* reset crypto */ - memset(&cparams, 0, sizeof(CRYPTO_PARAMS)); - - /* reset MSI parameters */ - memset(&msiparams, 0, sizeof(MSI_PARAMS)); - /* commands and options initialization */ - if (!main_configure(argc, argv, &cmd, &options)) + if (!main_configure(argc, argv, &options)) goto err_cleanup; if (!read_password(&options)) { - printf("Failed to read password from file: %s\n", options.readpass); - goto err_cleanup; + DO_EXIT_1("Failed to read password from file: %s\n", options.readpass); } /* read key and certificates */ - if (cmd == CMD_SIGN && !read_crypto_params(&options, &cparams)) - goto err_cleanup; + if (options.cmd == CMD_SIGN && !read_crypto_params(&options)) + DO_EXIT_0("Failed to read key or certificates\n"); - /* check if indata is cab or pe */ - filesize = get_file_size(options.infile); - if (filesize == 0) - goto err_cleanup; - - /* reset file header */ - memset(&header, 0, sizeof(FILE_HEADER)); - header.fileend = filesize; - - indata = map_file(options.infile, filesize); - if (!indata) - DO_EXIT_1("Failed to open file: %s\n", options.infile); - - if (!get_file_type(indata, options.infile, &type)) { - ret = 1; /* Failed */ - goto err_cleanup; - } - if (!input_validation(type, &options, &header, &msiparams, indata, filesize)) { - ret = 1; /* Failed */ - goto err_cleanup; - } - - /* search catalog file to determine whether the file is signed in a catalog */ - if (options.catalog) { - uint32_t catsize = get_file_size(options.catalog); - if (catsize == 0) - goto err_cleanup; - catdata = map_file(options.catalog, catsize); - if (catdata == NULL) - DO_EXIT_1("Failed to open file: %s\n", options.catalog); - filetype = type; - if (!get_file_type(catdata, options.catalog, &type)) - goto err_cleanup; - /* reset file header */ - memset(&catheader, 0, sizeof(FILE_HEADER)); - catheader.fileend = catsize; - if (!input_validation(type, &options, &catheader, NULL, catdata, catsize)) { - ret = 1; /* Failed */ - goto err_cleanup; + if (options.cmd != CMD_VERIFY) { + /* Create message digest BIO */ + hash = BIO_new(BIO_f_md()); + if (!BIO_set_md(hash, options.md)) { + DO_EXIT_0("Unable to set the message digest of BIO\n"); } - unmap_file(catdata, catsize); - } - - hash = BIO_new(BIO_f_md()); - if (!BIO_set_md(hash, options.md)) { - printf("Unable to set the message digest of BIO\n"); - BIO_free_all(hash); - goto err_cleanup; - } - - if (cmd != CMD_VERIFY) { /* Create outdata file */ outdata = BIO_new_file(options.outfile, FILE_CREATE_MODE); - if (outdata == NULL) + if (outdata == NULL) { + BIO_free_all(hash); DO_EXIT_1("Failed to create file: %s\n", options.outfile); - if (type == FILE_TYPE_MSI) - BIO_push(hash, BIO_new(BIO_s_null())); - else - BIO_push(hash, outdata); - } - - if (type == FILE_TYPE_MSI) { - if (cmd == CMD_EXTRACT) { - ret = msi_extract_file(&msiparams, outdata, options.output_pkcs7); - goto skip_signing; - } else if (cmd == CMD_VERIFY) { - ret = msi_verify_file(&msiparams, &options); - goto skip_signing; - } else { - sig = msi_presign_file(type, cmd, &header, &options, &cparams, indata, - hash, &cursig, &msiparams); - if (cmd == CMD_REMOVE) { - ret = msi_remove_file(&msiparams, outdata); - goto skip_signing; - } else if (!sig) - goto err_cleanup; - } - } else if (type == FILE_TYPE_CAB) { - if (!(header.flags & FLAG_RESERVE_PRESENT) && - (cmd == CMD_REMOVE || cmd == CMD_EXTRACT)) { - DO_EXIT_1("CAB file does not have any signature: %s\n", options.infile); - } else if (cmd == CMD_EXTRACT) { - ret = cab_extract_file(indata, &header, outdata, options.output_pkcs7); - goto skip_signing; - } else if (cmd == CMD_REMOVE) { - ret = cab_remove_file(indata, &header, filesize, outdata); - goto skip_signing; - } else if (cmd == CMD_VERIFY) { - ret = cab_verify_file(indata, &header, &options); - goto skip_signing; - } else { - sig = cab_presign_file(type, cmd, &header, &options, &cparams, indata, - hash, outdata, &cursig); - if (!sig) - goto err_cleanup; - } - } else if (type == FILE_TYPE_PE) { - if ((cmd == CMD_REMOVE || cmd == CMD_EXTRACT) && header.sigpos == 0) { - DO_EXIT_1("PE file does not have any signature: %s\n", options.infile); - } else if (cmd == CMD_EXTRACT) { - ret = pe_extract_file(indata, &header, outdata, options.output_pkcs7); - goto skip_signing; - } else if (cmd == CMD_VERIFY) { - ret = pe_verify_file(indata, &header, &options); - goto skip_signing; - } else { - sig = pe_presign_file(type, cmd, &header, &options, &cparams, indata, - hash, outdata, &cursig); - if (cmd == CMD_REMOVE) { - ret = 0; /* OK */ - goto skip_signing; - } else if (!sig) - goto err_cleanup; - } - } else if (type == FILE_TYPE_CAT) { - if (cmd == CMD_REMOVE || cmd == CMD_EXTRACT || (cmd==CMD_ATTACH)) { - DO_EXIT_0("Unsupported command\n"); - } else if (cmd == CMD_VERIFY) { - ret = cat_verify_file(catdata, &catheader, indata, &header, filetype, &options); - goto skip_signing; - } else { - sig = cat_presign_file(type, cmd, &header, &options, &cparams, indata, &cursig); - if (!sig) - goto err_cleanup; } } - -#ifdef ENABLE_CURL - /* add counter-signature/timestamp */ - if (options.nturl && add_timestamp_authenticode(sig, &options)) - DO_EXIT_2("%s\n%s\n", "Authenticode timestamping failed", - "Use the \"-ts\" option to add the RFC3161 Time-Stamp Authority or choose another one Authenticode Time-Stamp Authority"); - if (options.ntsurl && add_timestamp_rfc3161(sig, &options)) - DO_EXIT_2("%s\n%s\n", "RFC 3161 timestamping failed", - "Use the \"-t\" option to add the Authenticode Time-Stamp Authority or choose another one RFC3161 Time-Stamp Authority"); -#endif /* ENABLE_CURL */ - - if (options.addBlob && !add_unauthenticated_blob(sig)) - DO_EXIT_0("Adding unauthenticated blob failed\n"); - -#if 0 - if (!PEM_write_PKCS7(stdout, sig)) - DO_EXIT_0("PKCS7 output failed\n"); -#endif - - ret = append_signature(sig, cursig, type, &options, &msiparams, &padlen, &len, outdata); - if (ret) - DO_EXIT_0("Append signature to outfile failed\n"); + ctx = file_format_msi.ctx_new(&options, hash, outdata); + if (!ctx) + ctx = file_format_pe.ctx_new(&options, hash, outdata); + if (!ctx) + ctx = file_format_cab.ctx_new(&options, hash, outdata); + if (!ctx) + ctx = file_format_cat.ctx_new(&options, hash, outdata); + if (!ctx) { + ret = 1; /* FAILED */ + BIO_free_all(hash); + BIO_free_all(outdata); + DO_EXIT_0("Initialization error or unsupported input file type.\n"); + } + if (options.cmd == CMD_VERIFY) { + ret = verify_signed_file(ctx, &options); + goto skip_signing; + } else if (options.cmd == CMD_EXTRACT && ctx->format->pkcs7_extract) { + p7 = ctx->format->pkcs7_extract(ctx); + if (!p7) { + DO_EXIT_0("Unable to extract existing signature\n"); + } + ret = save_extracted_pkcs7(ctx, outdata, p7); + PKCS7_free(p7); + goto skip_signing; + } else if (options.cmd == CMD_REMOVE && ctx->format->remove_pkcs7) { + ret = ctx->format->remove_pkcs7(ctx, hash, outdata); + goto skip_signing; + } else if (ctx->format->pkcs7_prepare) { + p7 = ctx->format->pkcs7_prepare(ctx, hash, outdata); + if (!p7) { + DO_EXIT_0("Unable to prepare new signature\n"); + } + } else { + DO_EXIT_0("Unsupported command\n"); + } + ret = add_timestamp_and_blob(p7, ctx); + if (ret) { + PKCS7_free(p7); + DO_EXIT_0("Unable to set unauthenticated attributes\n"); + } + if (ctx->format->append_pkcs7) { + ret = ctx->format->append_pkcs7(ctx, outdata, p7); + if (ret) { + PKCS7_free(p7); + DO_EXIT_0("Append signature to outfile failed\n"); + } + } + if (ctx->format->update_data_size) { + ctx->format->update_data_size(ctx, outdata, p7); + } + PKCS7_free(p7); skip_signing: - - update_data_size(type, cmd, &header, padlen, len, outdata); - - if (type == FILE_TYPE_MSI) { - BIO_free_all(outdata); - outdata = NULL; - } else { - BIO_free_all(hash); - hash = outdata = NULL; + if (ctx->format->bio_free) { + outdata = ctx->format->bio_free(hash, outdata); } - - if (!ret && cmd == CMD_ATTACH) { - /* reset MSI parameters */ - free_msi_params(&msiparams); - memset(&msiparams, 0, sizeof(MSI_PARAMS)); - ret = check_attached_data(type, &header, &options, &msiparams); + if (!ret && options.cmd == CMD_ATTACH) { + ret = check_attached_data(&options); if (!ret) printf("Signature successfully attached\n"); /* else - * the new signature has been successfully appended to the outfile + * the new PKCS#7 signature has been successfully appended to the outfile * but only its verification failed (incorrect verification parameters?) * so the output file is not deleted */ } err_cleanup: - if (cmd != CMD_ADD) - PKCS7_free(cursig); - PKCS7_free(sig); - if (hash) - BIO_free_all(hash); - if (outdata) { - if (type == FILE_TYPE_MSI) { - BIO_free_all(outdata); - outdata = NULL; - } - if (options.outfile) { -#ifdef WIN32 - _unlink(options.outfile); -#else - unlink(options.outfile); -#endif /* WIN32 */ - } + if (ctx && ctx->format->ctx_cleanup) { + ctx->format->ctx_cleanup(ctx, hash, outdata); } - unmap_file(indata, filesize); - /* coverity[uninit_use_in_call] False-positive: msiparams initialized by memset */ - free_msi_params(&msiparams); - /* coverity[uninit_use_in_call] False-positive: cparams initialized by memset */ - free_crypto_params(&cparams); - free_options(&options); #if OPENSSL_VERSION_NUMBER>=0x30000000L providers_cleanup(); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ if (ret) ERR_print_errors_fp(stdout); - if (cmd == CMD_HELP) + if (options.cmd == CMD_HELP) ret = 0; /* OK */ else printf(ret ? "Failed\n" : "Succeeded\n"); + free_options(&options); return ret; } diff --git a/osslsigncode.h b/osslsigncode.h index 4b0a8d2..ffe0083 100644 --- a/osslsigncode.h +++ b/osslsigncode.h @@ -1,9 +1,501 @@ /* - * osslsigncode support library - * - * Copyright (C) 2021 Michał Trojnara + * Copyright (C) 2021-2023 Michał Trojnara * Author: Małgorzata Olszówka - * */ -int bio_hash_data(char *indata, BIO *hash, uint32_t idx, uint32_t offset, uint32_t fileend); +#define OPENSSL_API_COMPAT 0x10100000L +#define OPENSSL_NO_DEPRECATED + +#if defined(_MSC_VER) || defined(__MINGW32__) +#define HAVE_WINDOWS_H +#endif /* _MSC_VER || __MINGW32__ */ + +#ifdef HAVE_WINDOWS_H +#define NOCRYPT +#define WIN32_LEAN_AND_MEAN +#include +#endif /* HAVE_WINDOWS_H */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef _WIN32 +#include +#ifdef HAVE_SYS_MMAN_H +#include +#endif /* HAVE_SYS_MMAN_H */ +#ifdef HAVE_TERMIOS_H +#include +#endif /* HAVE_TERMIOS_H */ +#endif /* _WIN32 */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif /* OPENSSL_NO_ENGINE */ +#include +#include +#include +#include +#include +#include +#if OPENSSL_VERSION_NUMBER>=0x30000000L +#include +#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ +#include +#include +#include /* X509_PURPOSE */ + +#ifdef ENABLE_CURL +#ifdef __CYGWIN__ +#ifndef SOCKET +#define SOCKET UINT_PTR +#endif /* SOCKET */ +#endif /* __CYGWIN__ */ +#include + +#define MAX_TS_SERVERS 256 +#endif /* ENABLE_CURL */ + +#if defined (HAVE_TERMIOS_H) || defined (HAVE_GETPASS) +#define PROVIDE_ASKPASS 1 +#endif + +#ifdef _WIN32 +#define FILE_CREATE_MODE "w+b" +#else +#define FILE_CREATE_MODE "w+bx" +#endif + + +#define GET_UINT8_LE(p) ((const u_char *)(p))[0] + +#define GET_UINT16_LE(p) (uint16_t)(((const u_char *)(p))[0] | \ + (((const u_char *)(p))[1] << 8)) + +#define GET_UINT32_LE(p) (uint32_t)(((const u_char *)(p))[0] | \ + (((const u_char *)(p))[1] << 8) | \ + (((const u_char *)(p))[2] << 16) | \ + (((const u_char *)(p))[3] << 24)) + +#define PUT_UINT8_LE(i, p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); + +#define PUT_UINT16_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \ + ((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff) + +#define PUT_UINT32_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \ + ((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff); \ + ((u_char *)(p))[2] = (u_char)(((i) >> 16) & 0xff); \ + ((u_char *)(p))[3] = (u_char)(((i) >> 24) & 0xff) + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#define SIZE_64K 65536 /* 2^16 */ +#define SIZE_16M 16777216 /* 2^24 */ + +/* + * Macro names: + * linux: __BYTE_ORDER == __LITTLE_ENDIAN | __BIG_ENDIAN + * BYTE_ORDER == LITTLE_ENDIAN | BIG_ENDIAN + * bsd: _BYTE_ORDER == _LITTLE_ENDIAN | _BIG_ENDIAN + * BYTE_ORDER == LITTLE_ENDIAN | BIG_ENDIAN + * solaris: _LITTLE_ENDIAN | _BIG_ENDIAN + */ + +#ifndef BYTE_ORDER +#define LITTLE_ENDIAN 1234 +#define BIG_ENDIAN 4321 +#define BYTE_ORDER LITTLE_ENDIAN +#endif /* BYTE_ORDER */ + +#if !defined(BYTE_ORDER) || !defined(LITTLE_ENDIAN) || !defined(BIG_ENDIAN) +#error "Cannot determine the endian-ness of this platform" +#endif + +#ifndef LOWORD +#define LOWORD(x) ((x) & 0xFFFF) +#endif /* LOWORD */ +#ifndef HIWORD +#define HIWORD(x) (((x) >> 16) & 0xFFFF) +#endif /* HIWORD */ + +#if BYTE_ORDER == BIG_ENDIAN +#define LE_UINT16(x) ((((x) >> 8) & 0x00FF) | \ + (((x) << 8) & 0xFF00)) +#define LE_UINT32(x) (((x) >> 24) | \ + (((x) & 0x00FF0000) >> 8) | \ + (((x) & 0x0000FF00) << 8) | \ + ((x) << 24)) +#else +#define LE_UINT16(x) (x) +#define LE_UINT32(x) (x) +#endif /* BYTE_ORDER == BIG_ENDIAN */ + +#define MIN(a,b) ((a) < (b) ? a : b) +#define INVALID_TIME ((time_t)-1) + +/* Microsoft OID Authenticode */ +#define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4" +#define SPC_STATEMENT_TYPE_OBJID "1.3.6.1.4.1.311.2.1.11" +#define SPC_SP_OPUS_INFO_OBJID "1.3.6.1.4.1.311.2.1.12" +#define SPC_PE_IMAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.15" +#define SPC_CAB_DATA_OBJID "1.3.6.1.4.1.311.2.1.25" +#define SPC_SIPINFO_OBJID "1.3.6.1.4.1.311.2.1.30" +#define SPC_PE_IMAGE_PAGE_HASHES_V1 "1.3.6.1.4.1.311.2.3.1" /* SHA1 */ +#define SPC_PE_IMAGE_PAGE_HASHES_V2 "1.3.6.1.4.1.311.2.3.2" /* SHA256 */ +#define SPC_NESTED_SIGNATURE_OBJID "1.3.6.1.4.1.311.2.4.1" +/* Microsoft OID Time Stamping */ +#define SPC_TIME_STAMP_REQUEST_OBJID "1.3.6.1.4.1.311.3.2.1" +#define SPC_RFC3161_OBJID "1.3.6.1.4.1.311.3.3.1" +/* Microsoft OID Crypto 2.0 */ +#define MS_CTL_OBJID "1.3.6.1.4.1.311.10.1" +/* Microsoft OID Microsoft_Java */ +#define MS_JAVA_SOMETHING "1.3.6.1.4.1.311.15.1" + +#define SPC_UNAUTHENTICATED_DATA_BLOB_OBJID "1.3.6.1.4.1.42921.1.2.1" + +/* Public Key Cryptography Standards PKCS#9 */ +#define PKCS9_MESSAGE_DIGEST "1.2.840.113549.1.9.4" +#define PKCS9_SIGNING_TIME "1.2.840.113549.1.9.5" +#define PKCS9_COUNTER_SIGNATURE "1.2.840.113549.1.9.6" + +/* WIN_CERTIFICATE structure declared in Wintrust.h */ +#define WIN_CERT_REVISION_2_0 0x0200 +#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 + +/* + * FLAG_PREV_CABINET is set if the cabinet file is not the first in a set + * of cabinet files. When this bit is set, the szCabinetPrev and szDiskPrev + * fields are present in this CFHEADER. + */ +#define FLAG_PREV_CABINET 0x0001 +/* + * FLAG_NEXT_CABINET is set if the cabinet file is not the last in a set of + * cabinet files. When this bit is set, the szCabinetNext and szDiskNext +* fields are present in this CFHEADER. +*/ +#define FLAG_NEXT_CABINET 0x0002 +/* + * FLAG_RESERVE_PRESENT is set if the cabinet file contains any reserved + * fields. When this bit is set, the cbCFHeader, cbCFFolder, and cbCFData + * fields are present in this CFHEADER. + */ +#define FLAG_RESERVE_PRESENT 0x0004 + +#define DO_EXIT_0(x) { printf(x); goto err_cleanup; } +#define DO_EXIT_1(x, y) { printf(x, y); goto err_cleanup; } +#define DO_EXIT_2(x, y, z) { printf(x, y, z); goto err_cleanup; } + +typedef enum { + CMD_SIGN, + CMD_EXTRACT, + CMD_REMOVE, + CMD_VERIFY, + CMD_ADD, + CMD_ATTACH, + CMD_HELP, + CMD_DEFAULT +} cmd_type_t; + +typedef unsigned char u_char; + +typedef struct { + char *infile; + char *outfile; + char *sigfile; + char *certfile; + char *xcertfile; + char *keyfile; + char *pvkfile; + char *pkcs12file; + int output_pkcs7; +#ifndef OPENSSL_NO_ENGINE + char *p11engine; + char *p11module; + char *p11cert; +#endif /* OPENSSL_NO_ENGINE */ + int askpass; + char *readpass; + char *pass; + int comm; + int pagehash; + char *desc; + const EVP_MD *md; + char *url; + time_t time; +#ifdef ENABLE_CURL + char *turl[MAX_TS_SERVERS]; + int nturl; + char *tsurl[MAX_TS_SERVERS]; + int ntsurl; + char *proxy; + int noverifypeer; +#endif /* ENABLE_CURL */ + int addBlob; + int nest; + int ignore_timestamp; + int verbose; + int add_msi_dse; + char *catalog; + char *cafile; + char *crlfile; + char *tsa_cafile; + char *tsa_crlfile; + char *leafhash; + int jp; +#if OPENSSL_VERSION_NUMBER>=0x30000000L + int legacy; +#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ + EVP_PKEY *pkey; + X509 *cert; + STACK_OF(X509) *certs; + STACK_OF(X509) *xcerts; + STACK_OF(X509_CRL) *crls; + cmd_type_t cmd; + char *indata; +} GLOBAL_OPTIONS; + +/* + * ASN.1 definitions (more or less from official MS Authenticode docs) + */ +typedef struct { + int type; + union { + ASN1_BMPSTRING *unicode; + ASN1_IA5STRING *ascii; + } value; +} SpcString; + +DECLARE_ASN1_FUNCTIONS(SpcString) + +typedef struct { + ASN1_OCTET_STRING *classId; + ASN1_OCTET_STRING *serializedData; +} SpcSerializedObject; + +DECLARE_ASN1_FUNCTIONS(SpcSerializedObject) + +typedef struct { + int type; + union { + ASN1_IA5STRING *url; + SpcSerializedObject *moniker; + SpcString *file; + } value; +} SpcLink; + +DECLARE_ASN1_FUNCTIONS(SpcLink) + +typedef struct { + SpcString *programName; + SpcLink *moreInfo; +} SpcSpOpusInfo; + +DECLARE_ASN1_FUNCTIONS(SpcSpOpusInfo) + +typedef struct { + ASN1_OBJECT *type; + ASN1_TYPE *value; +} SpcAttributeTypeAndOptionalValue; + +DECLARE_ASN1_FUNCTIONS(SpcAttributeTypeAndOptionalValue) + +typedef struct { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameters; +} AlgorithmIdentifier; + +DECLARE_ASN1_FUNCTIONS(AlgorithmIdentifier) + +typedef struct { + AlgorithmIdentifier *digestAlgorithm; + ASN1_OCTET_STRING *digest; +} DigestInfo; + +DECLARE_ASN1_FUNCTIONS(DigestInfo) + +typedef struct { + SpcAttributeTypeAndOptionalValue *data; + DigestInfo *messageDigest; +} SpcIndirectDataContent; + +DECLARE_ASN1_FUNCTIONS(SpcIndirectDataContent) + +typedef struct CatalogAuthAttr_st { + ASN1_OBJECT *type; + ASN1_TYPE *contents; +} CatalogAuthAttr; + +DEFINE_STACK_OF(CatalogAuthAttr) +DECLARE_ASN1_FUNCTIONS(CatalogAuthAttr) + +typedef struct { + AlgorithmIdentifier *digestAlgorithm; + ASN1_OCTET_STRING *digest; +} MessageImprint; + +DECLARE_ASN1_FUNCTIONS(MessageImprint) + +#ifdef ENABLE_CURL + +typedef struct { + ASN1_OBJECT *type; + ASN1_OCTET_STRING *signature; +} TimeStampRequestBlob; + +DECLARE_ASN1_FUNCTIONS(TimeStampRequestBlob) + +typedef struct { + ASN1_OBJECT *type; + TimeStampRequestBlob *blob; +} TimeStampRequest; + +DECLARE_ASN1_FUNCTIONS(TimeStampRequest) + +/* RFC3161 Time stamping */ + +typedef struct { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *statusString; + ASN1_BIT_STRING *failInfo; +} PKIStatusInfo; + +DECLARE_ASN1_FUNCTIONS(PKIStatusInfo) + +typedef struct { + PKIStatusInfo *status; + PKCS7 *token; +} TimeStampResp; + +DECLARE_ASN1_FUNCTIONS(TimeStampResp) + +typedef struct { + ASN1_INTEGER *version; + MessageImprint *messageImprint; + ASN1_OBJECT *reqPolicy; + ASN1_INTEGER *nonce; + ASN1_BOOLEAN certReq; + STACK_OF(X509_EXTENSION) *extensions; +} TimeStampReq; + +DECLARE_ASN1_FUNCTIONS(TimeStampReq) + +#endif /* ENABLE_CURL */ + +typedef struct { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; +} TimeStampAccuracy; + +DECLARE_ASN1_FUNCTIONS(TimeStampAccuracy) + +typedef struct { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + MessageImprint *messageImprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TimeStampAccuracy *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; +} TimeStampToken; + +DECLARE_ASN1_FUNCTIONS(TimeStampToken) + +typedef struct { + ASN1_OCTET_STRING *digest; + STACK_OF(CatalogAuthAttr) *attributes; +} CatalogInfo; + +DEFINE_STACK_OF(CatalogInfo) +DECLARE_ASN1_FUNCTIONS(CatalogInfo) + +typedef struct { + /* 1.3.6.1.4.1.311.12.1.1 MS_CATALOG_LIST */ + SpcAttributeTypeAndOptionalValue *type; + ASN1_OCTET_STRING *identifier; + ASN1_UTCTIME *time; + /* 1.3.6.1.4.1.311.12.1.2 CatalogVersion = 1 + * 1.3.6.1.4.1.311.12.1.3 CatalogVersion = 2 */ + SpcAttributeTypeAndOptionalValue *version; + STACK_OF(CatalogInfo) *header_attributes; + /* 1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID */ + ASN1_TYPE *filename; +} MsCtlContent; + +DECLARE_ASN1_FUNCTIONS(MsCtlContent) + +typedef struct file_format_st FILE_FORMAT; +typedef struct msi_ctx_st MSI_CTX; +typedef struct pe_ctx_st PE_CTX; +typedef struct cab_ctx_st CAB_CTX; +typedef struct cat_ctx_st CAT_CTX; + +typedef struct { + FILE_FORMAT *format; + GLOBAL_OPTIONS *options; + union { + MSI_CTX *msi_ctx; + PE_CTX *pe_ctx; + CAB_CTX *cab_ctx; + CAT_CTX *cat_ctx; + }; +} FILE_FORMAT_CTX; + +extern FILE_FORMAT file_format_msi; +extern FILE_FORMAT file_format_pe; +extern FILE_FORMAT file_format_cab; +extern FILE_FORMAT file_format_cat; + +struct file_format_st { + FILE_FORMAT_CTX *(*ctx_new) (GLOBAL_OPTIONS *option, BIO *hash, BIO *outdata); + ASN1_OBJECT *(*data_blob_get) (u_char **p, int *plen, FILE_FORMAT_CTX *ctx); + int (*check_file) (FILE_FORMAT_CTX *ctx, int detached); + u_char *(*digest_calc) (FILE_FORMAT_CTX *ctx, const EVP_MD *md); + int (*verify_digests) (FILE_FORMAT_CTX *ctx, PKCS7 *p7); + int (*verify_indirect_data) (FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj); + PKCS7 *(*pkcs7_extract) (FILE_FORMAT_CTX *ctx); + int (*remove_pkcs7) (FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); + PKCS7 *(*pkcs7_prepare) (FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); + int (*append_pkcs7) (FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); + void (*update_data_size) (FILE_FORMAT_CTX *data, BIO *outdata, PKCS7 *p7); + BIO *(*bio_free) (BIO *hash, BIO *outdata); + void (*ctx_cleanup) (FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +}; + +/* +Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: t +End: + + vim: set ts=4 noexpandtab: +*/ diff --git a/pe.c b/pe.c new file mode 100644 index 0000000..a32bc8b --- /dev/null +++ b/pe.c @@ -0,0 +1,1162 @@ +/* + * PE file support library + * + * Copyright (C) 2021-2023 Michał Trojnara + * Author: Małgorzata Olszówka + * + * MS PE/COFF documentation + * https://docs.microsoft.com/en-us/windows/win32/debug/pe-format + */ + +#include "osslsigncode.h" +#include "helpers.h" + +const u_char classid_page_hash[] = { + 0xa6, 0xb5, 0x86, 0xd5, 0xb4, 0xa1, 0x24, 0x66, + 0xae, 0x05, 0xa2, 0x17, 0xda, 0x8e, 0x60, 0xd6 +}; + +typedef struct { + ASN1_BIT_STRING *flags; + SpcLink *file; +} SpcPeImageData; + +DECLARE_ASN1_FUNCTIONS(SpcPeImageData) + +ASN1_SEQUENCE(SpcPeImageData) = { + ASN1_SIMPLE(SpcPeImageData, flags, ASN1_BIT_STRING), + ASN1_EXP_OPT(SpcPeImageData, file, SpcLink, 0) +} ASN1_SEQUENCE_END(SpcPeImageData) + +IMPLEMENT_ASN1_FUNCTIONS(SpcPeImageData) + +struct pe_ctx_st { + uint32_t header_size; + uint32_t pe32plus; + uint16_t magic; + uint32_t pe_checksum; + uint32_t nrvas; + uint32_t sigpos; + uint32_t siglen; + uint32_t fileend; +}; + +/* FILE_FORMAT method prototypes */ +static FILE_FORMAT_CTX *pe_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); +static ASN1_OBJECT *pe_spc_image_data_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); +static int pe_check_file(FILE_FORMAT_CTX *ctx, int detached); +static u_char *pe_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); +static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); +static int pe_verify_indirect_data(FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj); +static PKCS7 *pe_pkcs7_extract(FILE_FORMAT_CTX *ctx); +static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static PKCS7 *pe_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static int pe_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); +static void pe_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); +static BIO *pe_bio_free(BIO *hash, BIO *outdata); +static void pe_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); + +FILE_FORMAT file_format_pe = { + .ctx_new = pe_ctx_new, + .data_blob_get = pe_spc_image_data_get, + .check_file = pe_check_file, + .digest_calc = pe_digest_calc, + .verify_digests = pe_verify_digests, + .verify_indirect_data = pe_verify_indirect_data, + .pkcs7_extract = pe_pkcs7_extract, + .remove_pkcs7 = pe_remove_pkcs7, + .pkcs7_prepare = pe_pkcs7_prepare, + .append_pkcs7 = pe_append_pkcs7, + .update_data_size = pe_update_data_size, + .bio_free = pe_bio_free, + .ctx_cleanup = pe_ctx_cleanup +}; + +/* Prototypes */ +static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize); +static PKCS7 *pe_pkcs7_get_file(char *indata, PE_CTX *pe_ctx); +static uint32_t pe_calc_checksum(BIO *bio, uint32_t header_size); +static uint32_t pe_calc_realchecksum(FILE_FORMAT_CTX *ctx); +static int pe_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); +static int pe_page_hash_get(u_char **ph, int *phtype, SpcAttributeTypeAndOptionalValue *obj); +static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype); +static int pe_verify_page_hash(FILE_FORMAT_CTX *ctx, u_char *ph, int phlen, int phtype); +static SpcLink *pe_page_hash_link_get(FILE_FORMAT_CTX *ctx, int phtype); + + +/* + * FILE_FORMAT method definitions + */ + +/* + * Allocate and return a PE file format context. + * [in, out] options: structure holds the input data + * [out] hash: message digest BIO + * [in] outdata: outdata file BIO + * [returns] pointer to PE file format context + */ +static FILE_FORMAT_CTX *pe_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) +{ + FILE_FORMAT_CTX *ctx; + PE_CTX *pe_ctx; + uint32_t filesize; + + filesize = get_file_size(options->infile); + if (filesize == 0) + return NULL; /* FAILED */ + + options->indata = map_file(options->infile, filesize); + if (!options->indata) { + return NULL; /* FAILED */ + } + if (memcmp(options->indata, "MZ", 2)) { + unmap_file(options->infile, filesize); + return NULL; /* FAILED */ + } + pe_ctx = pe_ctx_get(options->indata, filesize); + if (!pe_ctx) { + unmap_file(options->infile, filesize); + return NULL; /* FAILED */ + } + ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); + ctx->format = &file_format_pe; + ctx->options = options; + ctx->pe_ctx = pe_ctx; + + /* Push hash on outdata, if hash is NULL the function does nothing */ + BIO_push(hash, outdata); + + if (options->jp >= 0) + printf("Warning: -jp option is only valid for CAB files\n"); + if (options->add_msi_dse == 1) + printf("Warning: -add-msi-dse option is only valid for MSI files\n"); + return ctx; +} + +/* + * Allocate and return SpcPeImageData object. + * [out] p: SpcPeImageData data + * [out] plen: SpcPeImageData data length + * [in] ctx: structure holds input and output data + * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_PE_IMAGE_DATA_OBJID + */ +static ASN1_OBJECT *pe_spc_image_data_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) +{ + int phtype; + ASN1_OBJECT *dtype; + SpcPeImageData *pid = SpcPeImageData_new(); + + ASN1_BIT_STRING_set_bit(pid->flags, 0, 1); + if (ctx->options->pagehash) { + SpcLink *link; + phtype = NID_sha1; + if (EVP_MD_size(ctx->options->md) > EVP_MD_size(EVP_sha1())) + phtype = NID_sha256; + link = pe_page_hash_link_get(ctx, phtype); + if (!link) + return NULL; /* FAILED */ + pid->file = link; + } else { + pid->file = spc_link_obsolete_get(); + } + *plen = i2d_SpcPeImageData(pid, NULL); + *p = OPENSSL_malloc((size_t)*plen); + i2d_SpcPeImageData(pid, p); + *p -= *plen; + dtype = OBJ_txt2obj(SPC_PE_IMAGE_DATA_OBJID, 1); + SpcPeImageData_free(pid); + return dtype; /* OK */ +} + +/* + * Print current and calculated PE checksum, + * check if the signature exists. + * [in, out] ctx: structure holds input and output data + * [in] detached: embedded/detached PKCS#7 signature switch + * [returns] 0 on error or 1 on success + */ +static int pe_check_file(FILE_FORMAT_CTX *ctx, int detached) +{ + int peok = 1; + uint32_t real_pe_checksum; + + if (!ctx) { + printf("Init error\n\n"); + return 0; /* FAILED */ + } + printf("Current PE checksum : %08X\n", ctx->pe_ctx->pe_checksum); + real_pe_checksum = pe_calc_realchecksum(ctx); + if (ctx->pe_ctx->pe_checksum && ctx->pe_ctx->pe_checksum != real_pe_checksum) { + peok = 0; + } + printf("Calculated PE checksum: %08X%s\n\n", real_pe_checksum, + peok ? "" : " MISMATCH!!!"); + + if (detached) { + printf("Checking the specified catalog file\n\n"); + return 1; /* OK */ + } + if (ctx->pe_ctx->sigpos == 0 || ctx->pe_ctx->siglen == 0 + || ctx->pe_ctx->sigpos > ctx->pe_ctx->fileend) { + printf("No signature found\n\n"); + return 0; /* FAILED */ + } + if (ctx->pe_ctx->siglen != GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->sigpos)) { + printf("Invalid signature\n\n"); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + +/* Compute a message digest value of a signed or unsigned PE file. + * [in] ctx: structure holds input and output data + * [in] md: message digest algorithm + * [returns] pointer to calculated message digest + */ +static u_char *pe_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) +{ + size_t written; + uint32_t idx = 0, fileend; + u_char *mdbuf = NULL; + BIO *bhash = BIO_new(BIO_f_md()); + + if (!BIO_set_md(bhash, md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(bhash); + return 0; /* FAILED */ + } + BIO_push(bhash, BIO_new(BIO_s_null())); + if (ctx->pe_ctx->sigpos) + fileend = ctx->pe_ctx->sigpos; + else + fileend = ctx->pe_ctx->fileend; + + /* ctx->pe_ctx->header_size + 88 + 4 + 60 + ctx->pe_ctx->pe32plus * 16 + 8 */ + if (!BIO_write_ex(bhash, ctx->options->indata, ctx->pe_ctx->header_size + 88, &written) + || written != ctx->pe_ctx->header_size + 88) { + BIO_free_all(bhash); + return 0; /* FAILED */ + } + idx += (uint32_t)written + 4; + if (!BIO_write_ex(bhash, ctx->options->indata + idx, + 60 + ctx->pe_ctx->pe32plus * 16, &written) + || written != 60 + ctx->pe_ctx->pe32plus * 16) { + BIO_free_all(bhash); + return 0; /* FAILED */ + } + idx += (uint32_t)written + 8; + if (!bio_hash_data(bhash, ctx->options->indata, idx, fileend)) { + printf("Unable to calculate digest\n"); + BIO_free_all(bhash); + return 0; /* FAILED */ + } + if (!ctx->pe_ctx->sigpos) { + /* pad (with 0's) unsigned PE file to 8 byte boundary */ + int len = 8 - ctx->pe_ctx->fileend % 8; + if (len > 0 && len != 8) { + char *buf = OPENSSL_malloc(8); + memset(buf, 0, (size_t)len); + BIO_write(bhash, buf, len); + OPENSSL_free(buf); + } + } + mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); + BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); + BIO_free_all(bhash); + return mdbuf; /* OK */ +} + + +/* + * Calculate message digest and page_hash and compare to values retrieved + * from PKCS#7 signedData. + * [in] ctx: structure holds input and output data + * [in] p7: PKCS#7 signature + * [returns] 0 on error or 1 on success + */ +static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) +{ + int mdtype = -1, phtype = -1; + const EVP_MD *md; + u_char mdbuf[EVP_MAX_MD_SIZE]; + u_char *cmdbuf = NULL; + u_char *ph = NULL; + int phlen = 0; + + if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { + ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; + const u_char *p = content_val->data; + SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); + if (idc) { + phlen = pe_page_hash_get(&ph, &phtype, idc->data); + if (phlen == 0) { + printf("Failed to extract a page hash\n\n"); + SpcIndirectDataContent_free(idc); + return 0; /* FAILED */ + } + if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { + mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); + memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); + } + SpcIndirectDataContent_free(idc); + } + } + if (mdtype == -1) { + printf("Failed to extract current message digest\n\n"); + OPENSSL_free(ph); + return 0; /* FAILED */ + } + md = EVP_get_digestbynid(mdtype); + cmdbuf = pe_digest_calc(ctx, md); + if (!cmdbuf) { + printf("Failed to calculate message digest\n\n"); + OPENSSL_free(ph); + return 0; /* FAILED */ + } + if (!compare_digests(mdbuf, cmdbuf, mdtype)) { + printf("Signature verification: failed\n\n"); + OPENSSL_free(ph); + OPENSSL_free(cmdbuf); + return 0; /* FAILED */ + } + if (phlen > 0 && !pe_verify_page_hash(ctx, ph, phlen, phtype)) { + printf("Signature verification: failed\n\n"); + OPENSSL_free(ph); + OPENSSL_free(cmdbuf); + return 0; /* FAILED */ + } + OPENSSL_free(ph); + OPENSSL_free(cmdbuf); + return 1; /* OK */ +} + +/* + * Verify page hash. + * [in] ctx: structure holds input and output data + * [in] obj: SPC_INDIRECT_DATA OID: 1.3.6.1.4.1.311.2.1.4 containing page hash + * [returns] 0 on error or 1 on success + */ +static int pe_verify_indirect_data(FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj) +{ + int phtype = -1, phlen = 0; + u_char *ph = NULL; + + phlen = pe_page_hash_get(&ph, &phtype, obj); + if (phlen == 0) { + printf("Failed to extract a page hash\n\n"); + return 0; /* FAILED */ + } + if (!pe_verify_page_hash(ctx, ph, phlen, phtype)) { + printf("Page hash verification: failed\n\n"); + return 0; /* FAILED */ + } + return 1; /* OK */ +} + +/* + * Extract existing signature in DER format. + * [in] ctx: structure holds input and output data + * [returns] pointer to PKCS#7 structure + */ +static PKCS7 *pe_pkcs7_extract(FILE_FORMAT_CTX *ctx) +{ + if (ctx->pe_ctx->sigpos == 0 || ctx->pe_ctx->siglen == 0 + || ctx->pe_ctx->sigpos > ctx->pe_ctx->fileend) { + return NULL; /* FAILED */ + } + return pe_pkcs7_get_file(ctx->options->indata, ctx->pe_ctx); +} + +/* + * Remove existing signature. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO + * [returns] 1 on error or 0 on success + */ +static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + if (ctx->pe_ctx->sigpos == 0) { + printf("PE file does not have any signature\n"); + return 1; /* FAILED */ + } + /* Strip current signature */ + ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos; + if (!pe_modify_header(ctx, hash, outdata)) { + printf("Unable to modify file header\n"); + return 1; /* FAILED */ + } + return 0; /* OK */ +} + +/* + * Obtain an existing signature or create a new one. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO + * [returns] pointer to PKCS#7 structure + */ +static PKCS7 *pe_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + PKCS7 *cursig = NULL, *p7 = NULL; + + /* Strip current signature */ + if (ctx->pe_ctx->sigpos > 0) { + ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos; + } + if (!pe_modify_header(ctx, hash, outdata)) { + printf("Unable to modify file header\n"); + return NULL; /* FAILED */ + } + /* Obtain a current signature from previously-signed file */ + if ((ctx->options->cmd == CMD_SIGN && ctx->options->nest) + || (ctx->options->cmd == CMD_ATTACH && ctx->options->nest) + || ctx->options->cmd == CMD_ADD) { + cursig = pe_pkcs7_get_file(ctx->options->indata, ctx->pe_ctx); + if (!cursig) { + printf("Unable to extract existing signature\n"); + return NULL; /* FAILED */ + } + if (ctx->options->cmd == CMD_ADD) + p7 = cursig; + } + if (ctx->options->cmd == CMD_ATTACH) { + /* Obtain an existing PKCS#7 signature */ + p7 = pkcs7_get_sigfile(ctx); + if (!p7) { + printf("Unable to extract valid signature\n"); + PKCS7_free(cursig); + return NULL; /* FAILED */ + } + } else if (ctx->options->cmd == CMD_SIGN) { + /* Create a new PKCS#7 signature */ + p7 = pkcs7_create(ctx); + if (!p7) { + printf("Creating a new signature failed\n"); + return NULL; /* FAILED */ + } + if (!add_indirect_data_object(p7, hash, ctx)) { + printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); + PKCS7_free(p7); + return NULL; /* FAILED */ + } + } + if (ctx->options->nest) { + if (!cursig_set_nested(cursig, p7, ctx)) { + printf("Unable to append the nested signature to the current signature\n"); + PKCS7_free(p7); + PKCS7_free(cursig); + return NULL; /* FAILED */ + } + PKCS7_free(p7); + return cursig; + } + return p7; +} + +/* + * Append signature to the outfile. + * [in, out] ctx: structure holds input and output data (unused) + * [out] outdata: outdata file BIO + * [in] p7: PKCS#7 signature + * [returns] 1 on error or 0 on success + */ +static int pe_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) +{ + u_char *p = NULL; + int len; /* signature length */ + int padlen; /* signature padding length */ + u_char buf[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + + /* squash the unused parameter warning */ + (void)ctx; + + if (((len = i2d_PKCS7(p7, NULL)) <= 0) + || (p = OPENSSL_malloc((size_t)len)) == NULL) { + printf("i2d_PKCS memory allocation failed: %d\n", len); + return 1; /* FAILED */ + } + i2d_PKCS7(p7, &p); + p -= len; + padlen = (8 - len % 8) % 8; + PUT_UINT32_LE(len + 8 + padlen, buf); + PUT_UINT16_LE(WIN_CERT_REVISION_2_0, buf + 4); + PUT_UINT16_LE(WIN_CERT_TYPE_PKCS_SIGNED_DATA, buf + 6); + BIO_write(outdata, buf, 8); + BIO_write(outdata, p, len); + /* pad (with 0's) asn1 blob to 8 byte boundary */ + if (padlen > 0) { + memset(p, 0, (size_t)padlen); + BIO_write(outdata, p, padlen); + } + OPENSSL_free(p); + return 0; /* OK */ +} + +/* + * Update signature position and size, write back new checksum. + * [in, out] ctx: structure holds input and output data + * [out] outdata: outdata file BIO + * [in] p7: PKCS#7 signature + * [returns] none + */ +static void pe_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) +{ + uint32_t checksum; + u_char buf[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + + if (ctx->options->cmd == CMD_VERIFY || ctx->options->cmd == CMD_EXTRACT) { + return; + } + if (ctx->options->cmd != CMD_REMOVE) { + int len = i2d_PKCS7(p7, NULL); + int padlen = (8 - len % 8) % 8; + + /* Update signature position and size */ + (void)BIO_seek(outdata, + ctx->pe_ctx->header_size + 152 + ctx->pe_ctx->pe32plus * 16); + /* Previous file end = signature table start */ + PUT_UINT32_LE(ctx->pe_ctx->fileend, buf); + BIO_write(outdata, buf, 4); + PUT_UINT32_LE(len + 8 + padlen, buf); + BIO_write(outdata, buf, 4); + } + checksum = pe_calc_checksum(outdata, ctx->pe_ctx->header_size); + /* write back checksum */ + (void)BIO_seek(outdata, ctx->pe_ctx->header_size + 88); + PUT_UINT32_LE(checksum, buf); + BIO_write(outdata, buf, 4); +} + +/* + * Free up an entire message digest BIO chain. + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO (unused) + * [returns] none + */ +static BIO *pe_bio_free(BIO *hash, BIO *outdata) +{ + /* squash the unused parameter warning */ + (void)outdata; + + BIO_free_all(hash); + return NULL; +} + +/* + * Deallocate a FILE_FORMAT_CTX structure and PE format specific structure, + * unmap indata file, unlink outfile. + * [out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [in] outdata: outdata file BIO + * [returns] none + */ +static void pe_ctx_cleanup(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + if (outdata) { + BIO_free_all(hash); + if (ctx->options->outfile) { +#ifdef WIN32 + _unlink(ctx->options->outfile); +#else + unlink(ctx->options->outfile); +#endif /* WIN32 */ + } + } + unmap_file(ctx->options->indata, ctx->pe_ctx->fileend); + OPENSSL_free(ctx->pe_ctx); + OPENSSL_free(ctx); +} + +/* + * PE helper functions + */ + +/* + * Verify mapped PE file and create PE format specific structure. + * [in] indata: mapped PE file + * [in] filesize: size of PE file + * [returns] pointer to PE format specific structure + */ +static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize) +{ + PE_CTX *pe_ctx; + uint32_t header_size, pe32plus, pe_checksum, nrvas, sigpos, siglen; + uint16_t magic; + + if (filesize < 64) { + printf("Corrupt DOS file - too short\n"); + return NULL; /* FAILED */ + } + /* SizeOfHeaders field specifies the combined size of an MS-DOS stub, PE header, + * and section headers rounded up to a multiple of FileAlignment. + * SizeOfHeaders must be < filesize and cannot be < 0x0000002C (44) in Windows 7 + * because of a bug when checking section names for compatibility purposes */ + header_size = GET_UINT32_LE(indata + 60); + if (header_size < 44 || header_size > filesize) { + printf("Unexpected SizeOfHeaders field: 0x%08X\n", header_size); + return NULL; /* FAILED */ + } + if (filesize < header_size + 176) { + printf("Corrupt PE file - too short\n"); + return NULL; /* FAILED */ + } + if (memcmp(indata + header_size, "PE\0\0", 4)) { + printf("Unrecognized DOS file type\n"); + return NULL; /* FAILED */ + } + /* Magic field identifies the state of the image file. The most common number is + * 0x10B, which identifies it as a normal executable file, + * 0x20B identifies it as a PE32+ executable, + * 0x107 identifies it as a ROM image (not supported) */ + magic = GET_UINT16_LE(indata + header_size + 24); + if (magic == 0x20b) { + pe32plus = 1; + } else if (magic == 0x10b) { + pe32plus = 0; + } else { + printf("Corrupt PE file - found unknown magic %04X\n", magic); + return NULL; /* FAILED */ + } + /* The image file checksum */ + pe_checksum = GET_UINT32_LE(indata + header_size + 88); + /* NumberOfRvaAndSizes field specifies the number of data-directory entries + * in the remainder of the optional header. Each describes a location and size. */ + nrvas = GET_UINT32_LE(indata + header_size + 116 + pe32plus * 16); + if (nrvas < 5) { + printf("Can not handle PE files without certificate table resource\n"); + return NULL; /* FAILED */ + } + /* Certificate Table field specifies the attribute certificate table address (4 bytes) and size (4 bytes) */ + sigpos = GET_UINT32_LE(indata + header_size + 152 + pe32plus * 16); + siglen = GET_UINT32_LE(indata + header_size + 152 + pe32plus * 16 + 4); + /* Since fix for MS Bulletin MS12-024 we can really assume + that signature should be last part of file */ + if ((sigpos > 0 && sigpos < filesize && sigpos + siglen != filesize) + || (sigpos >= filesize)) { + printf("Corrupt PE file - current signature not at the end of the file\n"); + return NULL; /* FAILED */ + } + if ((sigpos > 0 && siglen == 0) || (sigpos == 0 && siglen > 0)) { + printf("Corrupt signature\n"); + return NULL; /* FAILED */ + } + pe_ctx = OPENSSL_zalloc(sizeof(PE_CTX)); + pe_ctx->header_size = header_size; + pe_ctx->pe32plus = pe32plus; + pe_ctx->magic = magic; + pe_ctx->pe_checksum = pe_checksum; + pe_ctx->nrvas = nrvas; + pe_ctx->sigpos = sigpos; + pe_ctx->siglen = siglen; + pe_ctx->fileend = filesize; + return pe_ctx; /* OK */ +} + +/* + * Retrieve and verify a decoded PKCS#7 structure corresponding + * to the existing signature of the PE file. + * [in] indata: mapped PE file + * [in] pe_ctx: PE format specific structures + * [returns] pointer to PKCS#7 structure + */ +static PKCS7 *pe_pkcs7_get_file(char *indata, PE_CTX *pe_ctx) +{ + uint32_t pos = 0; + + if (pe_ctx->siglen == 0 || pe_ctx->siglen > pe_ctx->fileend) { + printf("Corrupted signature length: 0x%08X\n", pe_ctx->siglen); + return NULL; /* FAILED */ + } + while (pos < pe_ctx->siglen) { + uint32_t l = GET_UINT32_LE(indata + pe_ctx->sigpos + pos); + uint16_t certrev = GET_UINT16_LE(indata + pe_ctx->sigpos + pos + 4); + uint16_t certtype = GET_UINT16_LE(indata + pe_ctx->sigpos + pos + 6); + if (certrev == WIN_CERT_REVISION_2_0 && certtype == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { + const u_char *blob = (u_char *)indata + pe_ctx->sigpos + pos + 8; + return d2i_PKCS7(NULL, &blob, l - 8); + } + if (l%8) + l += (8 - l%8); + pos += l; + } + return NULL; /* FAILED */ +} + +/* + * Calculate checksum. + * A signed PE file is padded (with 0's) to 8 byte boundary, + * ignore any last odd byte in an unsigned file. + * [in] outdata: outdata file BIO + * [in] header_size: PE header size + * [returns] checksum + */ +static uint32_t pe_calc_checksum(BIO *outdata, uint32_t header_size) +{ + uint32_t checkSum = 0, offset = 0; + int nread; + unsigned short *buf = OPENSSL_malloc(SIZE_64K); + + /* recalculate the checksum */ + (void)BIO_seek(outdata, 0); + while ((nread = BIO_read(outdata, buf, SIZE_64K)) > 0) { + unsigned short val; + int i; + for (i = 0; i < nread / 2; i++) { + val = LE_UINT16(buf[i]); + if (offset == header_size + 88 || offset == header_size + 90) + val = 0; + checkSum += val; + checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); + offset += 2; + } + } + OPENSSL_free(buf); + checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); + checkSum += offset; + return checkSum; +} + +/* + * Compute a checkSum value of the signed or unsigned PE file. + * [in] ctx: structure holds input and output data + * [returns] checksum + */ +static uint32_t pe_calc_realchecksum(FILE_FORMAT_CTX *ctx) +{ + uint32_t n = 0, checkSum = 0, offset = 0; + BIO *bio = BIO_new(BIO_s_mem()); + unsigned short *buf = OPENSSL_malloc(SIZE_64K); + + /* calculate the checkSum */ + while (n < ctx->pe_ctx->fileend) { + size_t i, written, nread; + size_t left = ctx->pe_ctx->fileend - n; + unsigned short val; + if (left > SIZE_64K) + left = SIZE_64K; + if (!BIO_write_ex(bio, ctx->options->indata + n, left, &written)) + goto err; /* FAILED */ + (void)BIO_seek(bio, 0); + n += (uint32_t)written; + if (!BIO_read_ex(bio, buf, written, &nread)) + goto err; /* FAILED */ + for (i = 0; i < nread / 2; i++) { + val = LE_UINT16(buf[i]); + if (offset == ctx->pe_ctx->header_size + 88 + || offset == ctx->pe_ctx->header_size + 90) { + val = 0; + } + checkSum += val; + checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); + offset += 2; + } + } + checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); + checkSum += offset; +err: + OPENSSL_free(buf); + BIO_free(bio); + return checkSum; +} + +/* + * Modify PE header. + * [in, out] ctx: structure holds input and output data + * [out] hash: message digest BIO + * [out] outdata: outdata file BIO + * [returns] 1 on error or 0 on success + */ +static int pe_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) +{ + size_t i, len, written; + char *buf; + + i = len = ctx->pe_ctx->header_size + 88; + if (!BIO_write_ex(hash, ctx->options->indata, len, &written) + || written != len) { + return 0; /* FAILED */ + } + buf = OPENSSL_malloc(SIZE_64K); + memset(buf, 0, 4); + BIO_write(outdata, buf, 4); /* zero out checksum */ + i += 4; + len = 60 + ctx->pe_ctx->pe32plus * 16; + if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written) + || written != len) { + OPENSSL_free(buf); + return 0; /* FAILED */ + } + i += 60 + ctx->pe_ctx->pe32plus * 16; + memset(buf, 0, 8); + BIO_write(outdata, buf, 8); /* zero out sigtable offset + pos */ + i += 8; + len = ctx->pe_ctx->fileend - i; + while (len > 0) { + if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written)) { + OPENSSL_free(buf); + return 0; /* FAILED */ + } + len -= written; + i += written; + } + /* pad (with 0's) pe file to 8 byte boundary */ + len = 8 - ctx->pe_ctx->fileend % 8; + if (len != 8) { + memset(buf, 0, len); + if (!BIO_write_ex(hash, buf, len, &written) || written != len) { + OPENSSL_free(buf); + return 0; /* FAILED */ + } + ctx->pe_ctx->fileend += (uint32_t)len; + } + OPENSSL_free(buf); + return 1; /* OK */ +} + +/* + * Page hash support + */ + +/* + * Retrieve a page hash from SPC_INDIRECT_DATA structure. + * [out] ph: page hash + * [out] phtype: NID_sha1 or NID_sha256 + * [in] obj: SPC_INDIRECT_DATA OID: 1.3.6.1.4.1.311.2.1.4 containing page hash + * [returns] 0 on error or 1 on success + */ +static int pe_page_hash_get(u_char **ph, int *phtype, SpcAttributeTypeAndOptionalValue *obj) +{ + const u_char *blob; + SpcPeImageData *id; + SpcSerializedObject *so; + int l, l2, phlen = 0; + char buf[128]; + + if (!obj || !obj->value) + return 0; /* FAILED */ + blob = obj->value->value.sequence->data; + id = d2i_SpcPeImageData(NULL, &blob, obj->value->value.sequence->length); + if (!id) { + return 0; /* FAILED */ + } + if (!id->file) { + SpcPeImageData_free(id); + return 0; /* FAILED */ + } + if (id->file->type != 1) { + SpcPeImageData_free(id); + return 0; /* This is not SpcSerializedObject structure that contains page hashes */ + } + so = id->file->value.moniker; + if (so->classId->length != sizeof classid_page_hash || + memcmp(so->classId->data, classid_page_hash, sizeof classid_page_hash)) { + SpcPeImageData_free(id); + return 0; /* FAILED */ + } + /* skip ASN.1 SET hdr */ + l = asn1_simple_hdr_len(so->serializedData->data, so->serializedData->length); + blob = so->serializedData->data + l; + obj = d2i_SpcAttributeTypeAndOptionalValue(NULL, &blob, so->serializedData->length - l); + SpcPeImageData_free(id); + if (!obj) + return 0; /* FAILED */ + + *phtype = 0; + buf[0] = 0x00; + OBJ_obj2txt(buf, sizeof buf, obj->type, 1); + if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V1)) { + *phtype = NID_sha1; + } else if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V2)) { + *phtype = NID_sha256; + } else { + SpcAttributeTypeAndOptionalValue_free(obj); + return 0; /* FAILED */ + } + /* Skip ASN.1 SET hdr */ + l2 = asn1_simple_hdr_len(obj->value->value.sequence->data, obj->value->value.sequence->length); + /* Skip ASN.1 OCTET STRING hdr */ + l = asn1_simple_hdr_len(obj->value->value.sequence->data + l2, obj->value->value.sequence->length - l2); + l += l2; + phlen = obj->value->value.sequence->length - l; + *ph = OPENSSL_malloc((size_t)phlen); + memcpy(*ph, obj->value->value.sequence->data + l, (size_t)phlen); + SpcAttributeTypeAndOptionalValue_free(obj); + return phlen; /* OK */ +} + +/* + * Calculate page hash for the PE file. + * [out] rphlen: page hash length + * [in] ctx: structure holds input and output data + * [in] phtype: NID_sha1 or NID_sha256 + * [returns] pointer to calculated page hash + */ +static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) +{ + uint16_t nsections, opthdr_size; + uint32_t alignment, pagesize, hdrsize; + uint32_t rs, ro, l, lastpos = 0; + int pphlen, phlen, i, pi = 1; + size_t written; + u_char *res, *zeroes; + char *sections; + const EVP_MD *md = EVP_get_digestbynid(phtype); + BIO *bhash; + + /* NumberOfSections indicates the size of the section table, + * which immediately follows the headers, can be up to 65535 under Vista and later */ + nsections = GET_UINT16_LE(ctx->options->indata + ctx->pe_ctx->header_size + 6); + if (nsections == 0 || nsections > UINT16_MAX) { + printf("Corrupted number of sections: 0x%08X\n", nsections); + return NULL; /* FAILED */ + } + /* FileAlignment is the alignment factor (in bytes) that is used to align + * the raw data of sections in the image file. The value should be a power + * of 2 between 512 and 64 K, inclusive. The default is 512. */ + alignment = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 60); + if (alignment < 512 || alignment > UINT16_MAX) { + printf("Corrupted file alignment factor: 0x%08X\n", alignment); + return NULL; /* FAILED */ + } + /* SectionAlignment is the alignment (in bytes) of sections when they are + * loaded into memory. It must be greater than or equal to FileAlignment. + * The default is the page size for the architecture. + * The large page size is at most 4 MB. + * https://devblogs.microsoft.com/oldnewthing/20210510-00/?p=105200 */ + pagesize = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 56); + if (pagesize == 0 || pagesize < alignment || pagesize > 4194304) { + printf("Corrupted page size: 0x%08X\n", pagesize); + return NULL; /* FAILED */ + } + /* SizeOfHeaders is the combined size of an MS-DOS stub, PE header, + * and section headers rounded up to a multiple of FileAlignment. */ + hdrsize = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 84); + if (hdrsize < ctx->pe_ctx->header_size || hdrsize > UINT32_MAX) { + printf("Corrupted headers size: 0x%08X\n", hdrsize); + return NULL; /* FAILED */ + } + /* SizeOfOptionalHeader is the size of the optional header, which is + * required for executable files, but for object files should be zero, + * and can't be bigger than the file */ + opthdr_size = GET_UINT16_LE(ctx->options->indata + ctx->pe_ctx->header_size + 20); + if (opthdr_size == 0 || opthdr_size > ctx->pe_ctx->fileend) { + printf("Corrupted optional header size: 0x%08X\n", opthdr_size); + return NULL; /* FAILED */ + } + pphlen = 4 + EVP_MD_size(md); + phlen = pphlen * (3 + (int)nsections + (int)(ctx->pe_ctx->fileend / pagesize)); + + bhash = BIO_new(BIO_f_md()); + if (!BIO_set_md(bhash, md)) { + printf("Unable to set the message digest of BIO\n"); + BIO_free_all(bhash); + return NULL; /* FAILED */ + } + BIO_push(bhash, BIO_new(BIO_s_null())); + if (!BIO_write_ex(bhash, ctx->options->indata, ctx->pe_ctx->header_size + 88, &written) + || written != ctx->pe_ctx->header_size + 88) { + BIO_free_all(bhash); + return NULL; /* FAILED */ + } + if (!BIO_write_ex(bhash, ctx->options->indata + ctx->pe_ctx->header_size + 92, + 60 + ctx->pe_ctx->pe32plus*16, &written) + || written != 60 + ctx->pe_ctx->pe32plus*16) { + BIO_free_all(bhash); + return NULL; /* FAILED */ + } + if (!BIO_write_ex(bhash, + ctx->options->indata + ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16, + hdrsize - (ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16), &written) + || written != hdrsize - (ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16)) { + BIO_free_all(bhash); + return NULL; /* FAILED */ + } + zeroes = OPENSSL_zalloc((size_t)pagesize); + if (!BIO_write_ex(bhash, zeroes, pagesize - hdrsize, &written) + || written != pagesize - hdrsize) { + BIO_free_all(bhash); + OPENSSL_free(zeroes); + return NULL; /* FAILED */ + } + res = OPENSSL_malloc((size_t)phlen); + memset(res, 0, 4); + BIO_gets(bhash, (char*)res + 4, EVP_MD_size(md)); + BIO_free_all(bhash); + sections = ctx->options->indata + ctx->pe_ctx->header_size + 24 + opthdr_size; + for (i=0; i= UINT32_MAX) { + sections += 40; + continue; + } + for (l=0; loptions->indata + ro + l, rs - l, &written) + || written != rs - l) { + BIO_free_all(bhash); + OPENSSL_free(zeroes); + OPENSSL_free(res); + return NULL; /* FAILED */ + } + if (!BIO_write_ex(bhash, zeroes, pagesize - (rs - l), &written) + || written != pagesize - (rs - l)) { + BIO_free_all(bhash); + OPENSSL_free(zeroes); + OPENSSL_free(res); + return NULL; /* FAILED */ + } + } else { + if (!BIO_write_ex(bhash, ctx->options->indata + ro + l, pagesize, &written) + || written != pagesize) { + BIO_free_all(bhash); + OPENSSL_free(zeroes); + OPENSSL_free(res); + return NULL; /* FAILED */ + } + } + BIO_gets(bhash, (char*)res + pi*pphlen + 4, EVP_MD_size(md)); + BIO_free_all(bhash); + } + lastpos = ro + rs; + sections += 40; + } + PUT_UINT32_LE(lastpos, res + pi*pphlen); + memset(res + pi*pphlen + 4, 0, (size_t)EVP_MD_size(md)); + pi++; + OPENSSL_free(zeroes); + *rphlen = pi*pphlen; + return res; +} + +/* + * Calculate page hash for the PE file, compare with the given value and print values. + * [in] ctx: structure holds input and output data + * [in] ph: page hash + * [in] phlen: page hash length + * [in] phtype: NID_sha1 or NID_sha256 + * [returns] 0 on error or 1 on success + */ +static int pe_verify_page_hash(FILE_FORMAT_CTX *ctx, u_char *ph, int phlen, int phtype) +{ + int mdok, cphlen = 0; + u_char *cph; + + cph = pe_page_hash_calc(&cphlen, ctx, phtype); + mdok = (phlen == cphlen) && !memcmp(ph, cph, (size_t)phlen); + printf("Page hash algorithm : %s\n", OBJ_nid2sn(phtype)); + if (ctx->options->verbose) { + print_hash("Page hash ", "", ph, phlen); + print_hash("Calculated page hash ", mdok ? "\n" : "... MISMATCH!!!\n", cph, cphlen); + } else { + print_hash("Page hash ", "...", ph, (phlen < 32) ? phlen : 32); + print_hash("Calculated page hash ", mdok ? "...\n" : "... MISMATCH!!!\n", cph, (cphlen < 32) ? cphlen : 32); + } + OPENSSL_free(cph); + return mdok; +} + +/* + * Create a new SpcLink structure. + * [in] ctx: structure holds input and output data + * [in] phtype: NID_sha1 or NID_sha256 + * [returns] pointer to SpcLink structure + */ +static SpcLink *pe_page_hash_link_get(FILE_FORMAT_CTX *ctx, int phtype) +{ + u_char *ph, *p, *tmp; + int l, phlen; + ASN1_TYPE *tostr; + SpcAttributeTypeAndOptionalValue *aval; + ASN1_TYPE *taval; + SpcSerializedObject *so; + SpcLink *link; + STACK_OF(ASN1_TYPE) *oset, *aset; + + ph = pe_page_hash_calc(&phlen, ctx, phtype); + if (!ph) { + printf("Failed to calculate page hash\n"); + return NULL; /* FAILED */ + } + if (ctx->options->verbose) + print_hash("Calculated page hash ", "", ph, phlen); + else + print_hash("Calculated page hash ", "...", ph, (phlen < 32) ? phlen : 32); + + tostr = ASN1_TYPE_new(); + tostr->type = V_ASN1_OCTET_STRING; + tostr->value.octet_string = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING_set(tostr->value.octet_string, ph, phlen); + OPENSSL_free(ph); + + oset = sk_ASN1_TYPE_new_null(); + sk_ASN1_TYPE_push(oset, tostr); + l = i2d_ASN1_SET_ANY(oset, NULL); + tmp = p = OPENSSL_malloc((size_t)l); + i2d_ASN1_SET_ANY(oset, &tmp); + ASN1_TYPE_free(tostr); + sk_ASN1_TYPE_free(oset); + + aval = SpcAttributeTypeAndOptionalValue_new(); + aval->type = OBJ_txt2obj((phtype == NID_sha1) ? + SPC_PE_IMAGE_PAGE_HASHES_V1 : SPC_PE_IMAGE_PAGE_HASHES_V2, 1); + aval->value = ASN1_TYPE_new(); + aval->value->type = V_ASN1_SET; + aval->value->value.set = ASN1_STRING_new(); + ASN1_STRING_set(aval->value->value.set, p, l); + OPENSSL_free(p); + l = i2d_SpcAttributeTypeAndOptionalValue(aval, NULL); + tmp = p = OPENSSL_malloc((size_t)l); + i2d_SpcAttributeTypeAndOptionalValue(aval, &tmp); + SpcAttributeTypeAndOptionalValue_free(aval); + + taval = ASN1_TYPE_new(); + taval->type = V_ASN1_SEQUENCE; + taval->value.sequence = ASN1_STRING_new(); + ASN1_STRING_set(taval->value.sequence, p, l); + OPENSSL_free(p); + + aset = sk_ASN1_TYPE_new_null(); + sk_ASN1_TYPE_push(aset, taval); + l = i2d_ASN1_SET_ANY(aset, NULL); + tmp = p = OPENSSL_malloc((size_t)l); + l = i2d_ASN1_SET_ANY(aset, &tmp); + ASN1_TYPE_free(taval); + sk_ASN1_TYPE_free(aset); + + so = SpcSerializedObject_new(); + ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof classid_page_hash); + ASN1_OCTET_STRING_set(so->serializedData, p, l); + OPENSSL_free(p); + + link = SpcLink_new(); + link->type = 1; + link->value.moniker = so; + return link; +} + +/* +Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: t +End: + + vim: set ts=4 noexpandtab: +*/ diff --git a/tests/files/unsigned.cat b/tests/files/unsigned.cat old mode 100755 new mode 100644 index 23cfbee148aa0d3285c45cc5a180c093e567538b..7e6822b217e54452b6cfd2ce7e131ab65c72e5ac GIT binary patch literal 1905 zcmai#3p7-D9LIlm=9=*sdGtUl&8qYw_nJ1d>oH12FQO%nlDCF39+hXy+%-dN4(o9$ zmGKA_Jv5UfZCas@B+}GGC9Fsusf|kZI%iL8b+-RG|NHpz|EJ(=|W6%`;6&VPEst(*`s=2sI zRuydj@KjB)U#OvM#KKrcIL02dfqoQQpYN5gRX+ax`Y0c5)@ZLK%b7kjJ!~<<&Z#gT zC(!KAv#}G|1E14>L8HKvLR~hmtLzhi^g6~k~6h=#Pxh)dt8C1vA*|+ zq{c-6GypY`IAd=@Wf4olbf_g~wo=h2nKjt=c= z*b~92!VT-e7hv%-9aE9~#rFd4`)2>2GHYceC5mC3yqfUc_`N2k$`FJA#5Heyh}FH^ zU=T9*iP}DVg?aRqj|@wZnQ(fY-5Cc%2J8Vy5ma(SSU9`;XmZ9P|MCd$mGQ0}FYMgH z$}r-fYS9*m1IX=kx<9hiEcC}We{J=mvsbUve~Wd`ZNv|U)Z7f}anOPUfYL|P9w(V} zIcV`VESffg%u`-tqiH`s-!WjpAmm2WSAS&vT*qNGNUwJ}yWdDu?W^Hx>^a2?2=oioW&Y~~m zZq)7b;2B@7NElz3IJ}>``m(0rmhmg-0~oO_TV>McPic%<|JqD!R;ML>Al-{FN{EtwoD0FmufG(?ksNkFpHY*O4bd%7tCvLqSy$K+xHHArL}I S$&bAIfHy27ui<0|z~LX1S-%(n literal 394 zcmYjMJxc>o5S;h&?&QKH29zi%0)ko?Bl`|D2^c>T6BP`Im_kL1V2Cz~Mzj#cT#-gB zY_&No`~zD01GEv+3O4!&?6hAB*RTv3-oXfW6{ zt%NC*a8p6SyLFbzWShZ%(H25QUhjUNK3aphhuiO);i2bjU&tX%PKGLoRV-jg(Fvpc+l;kcT)kYc`^Pskt z$2hA=X2c$1R^;ihbAs;+IG0kwo26-*^8FENj7H-&N;tp?hpa+N6%i0BT4Z{}$&Y