From b96f440b038b606bbe18c93e574470b9784ecdc3 Mon Sep 17 00:00:00 2001
From: Mikkel Krautz <mikkel@krautz.dk>
Date: Wed, 1 May 2013 19:54:45 +0200
Subject: [PATCH] PE, MSI: implement -require-leaf-hash for CMD_VERIFY.

---
 osslsigncode.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 111 insertions(+), 5 deletions(-)

diff --git a/osslsigncode.c b/osslsigncode.c
index b522ed0..2abfa80 100644
--- a/osslsigncode.c
+++ b/osslsigncode.c
@@ -736,7 +736,9 @@ static void usage(const char *argv0)
 			"\t\t[ -in ] <infile> [-out ] <outfile>\n\n"
 			"\textract-signature [ -in ] <infile> [ -out ] <outfile>\n\n"
 			"\tremove-signature [ -in ] <infile> [ -out ] <outfile>\n\n"
-			"\tverify [ -in ] <infile>\n\n"
+			"\tverify [ -in ] <infile>\n"
+			"\t\t[ -require-leaf-hash {md5,sha1,sha2(56),sha384,sha512}:XXXXXXXXXXXX... ]\n"
+			"\n"
 			"",
 			argv0);
 	cleanup_lib_state();
@@ -988,6 +990,84 @@ static void recalc_pe_checksum(BIO *bio, unsigned int peheader)
 	BIO_write(bio, buf, 4);
 }
 
+static unsigned char nib2val(unsigned char c) {
+	if (c >= '0' && c <= '9') {
+		return c - '0';
+	} else if (c >= 'a' && c <= 'f') {
+		return c - 'a' + 10;
+	} else if (c >= 'A' && c <= 'F') {
+		return c - 'A' + 10;
+	}
+}
+
+static int verify_leaf_hash(X509 *leaf, char *leafhash) {
+	char *orig = leafhash;
+	char *mdid = orig;
+	char *hash = NULL;
+	while (leafhash != NULL && *leafhash != '\0') {
+		if (*leafhash == ':') {
+			*leafhash = '\0';
+			++leafhash;
+			hash = leafhash;
+			break;
+		}
+		++leafhash;
+	}
+	if (hash == NULL) {
+		printf("Unable to parse -require-leaf-hash parameter: %s\n\n", orig);
+		return 1;
+	}
+
+	const EVP_MD *md = EVP_get_digestbyname(mdid);
+	if (md == NULL) {
+		printf("Unable to lookup digest by name '%s'\n", mdid);
+		return 1;
+	}
+
+	unsigned long sz = EVP_MD_size(md);
+	unsigned long actual = strlen(hash);
+	if (actual%2 != 0) {
+		printf("Hash length mismatch: length is uneven.\n");
+		return 1;
+	}
+	actual /= 2;
+	if (actual != sz) {
+		printf("Hash length mismatch: '%s' digest must be %lu bytes long (got %lu bytes)\n", mdid, sz, actual);
+		return 1;
+	}
+
+	unsigned char mdbuf[EVP_MAX_MD_SIZE];
+	unsigned char cmdbuf[EVP_MAX_MD_SIZE];
+	int i = 0, j = 0;
+	while (i < sz*2) {
+		unsigned char x;
+		x = nib2val(hash[i+1]);
+		x |= nib2val(hash[i]) << 4;
+		mdbuf[j] = x;
+		i += 2;
+		j += 1;
+	}
+
+	unsigned long certlen = i2d_X509(leaf, NULL);
+	unsigned char *certbuf = malloc(certlen);
+	unsigned char *tmp = certbuf;
+	i2d_X509(leaf, &tmp);
+
+	EVP_MD_CTX *ctx = EVP_MD_CTX_create();
+	EVP_DigestInit_ex(ctx, md, NULL);
+	EVP_DigestUpdate(ctx, certbuf, certlen);
+	EVP_DigestFinal_ex(ctx, cmdbuf, NULL);
+	EVP_MD_CTX_destroy(ctx);
+
+	free(certbuf);
+
+	if (memcmp(mdbuf, cmdbuf, EVP_MD_size(md))) {
+		return 1;
+	}
+
+	return 0;
+}
+
 #ifdef WITH_GSF
 static gint msi_base64_decode(gint x)
 {
@@ -1254,7 +1334,7 @@ static gboolean msi_handle_dir(GsfInfile *infile, GsfOutfile *outole, BIO *hash)
 /*
  * msi_verify_file checks whether or not the signature of infile is valid.
  */
-static int msi_verify_file(GsfInfile *infile) {
+static int msi_verify_file(GsfInfile *infile, char *leafhash) {
 	GsfInput *sig = NULL;
 	GsfInput *exsig = NULL;
 	gchar decoded[0x40];
@@ -1419,6 +1499,7 @@ static int msi_verify_file(GsfInfile *infile) {
 		ret = 1;
 	}
 
+	int leafok = 0;
 	STACK_OF(X509) *signers = PKCS7_get0_signers(p7, NULL, 0);
 	printf("Number of signers: %d\n", sk_X509_num(signers));
 	for (i=0; i<sk_X509_num(signers); i++) {
@@ -1428,6 +1509,10 @@ static int msi_verify_file(GsfInfile *infile) {
 		printf("\tSigner #%d:\n\t\tSubject : %s\n\t\tIssuer  : %s\n", i, subject, issuer);
 		OPENSSL_free(subject);
 		OPENSSL_free(issuer);
+
+		if (leafhash != NULL && leafok == 0) {
+			leafok = verify_leaf_hash(cert, leafhash) == 0;
+		}
 	}
 	sk_X509_free(signers);
 
@@ -1443,6 +1528,12 @@ static int msi_verify_file(GsfInfile *infile) {
 
 	printf("\n");
 
+	if (leafhash != NULL) {
+		printf("Leaf hash match: %s\n\n", leafok ? "ok" : "failed");
+		if (!leafok)
+			ret = 1;
+	}
+
 out:
 	free(indata);
 	free(exdata);
@@ -1670,7 +1761,7 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
 }
 
 static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
-						  unsigned int sigpos, unsigned int siglen)
+						  unsigned int sigpos, unsigned int siglen, char *leafhash)
 {
 	int ret = 0;
 	unsigned int pe_checksum = GET_UINT32_LE(indata + peheader + 88);
@@ -1779,6 +1870,7 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
 	}
 
 	int i;
+	int leafok = 0;
 	STACK_OF(X509) *signers = PKCS7_get0_signers(p7, NULL, 0);
 	printf("Number of signers: %d\n", sk_X509_num(signers));
 	for (i=0; i<sk_X509_num(signers); i++) {
@@ -1788,6 +1880,10 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
 		printf("\tSigner #%d:\n\t\tSubject: %s\n\t\tIssuer : %s\n", i, subject, issuer);
 		OPENSSL_free(subject);
 		OPENSSL_free(issuer);
+
+		if (leafhash != NULL && leafok == 0) {
+			leafok = verify_leaf_hash(cert, leafhash) == 0;
+		}
 	}
 	sk_X509_free(signers);
 
@@ -1806,6 +1902,12 @@ static int verify_pe_file(char *indata, unsigned int peheader, int pe32plus,
 
 	printf("\n");
 
+	if (leafhash != NULL) {
+		printf("Leaf hash match: %s\n\n", leafok ? "ok" : "failed");
+		if (!leafok)
+			ret = 1;
+	}
+
 	return ret;
 }
 
@@ -1848,6 +1950,7 @@ int main(int argc, char **argv)
 	static char buf[64*1024];
 	char *xcertfile, *certfile, *keyfile, *pvkfile, *pkcs12file, *infile, *outfile, *desc, *url, *indata;
 	char *pass = "";
+	char *leafhash = NULL;
 #ifdef ENABLE_CURL
 	char *turl[MAX_TS_SERVERS], *proxy = NULL, *tsurl[MAX_TS_SERVERS];
 	int nturl = 0, ntsurl = 0;
@@ -1969,6 +2072,9 @@ int main(int argc, char **argv)
 			if (--argc < 1) usage(argv0);
 			proxy = *(++argv);
 #endif
+		} else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-require-leaf-hash")) {
+			if (--argc < 1) usage(argv0);
+			leafhash = (*++argv); 
 		} else if (!strcmp(*argv, "-v") || !strcmp(*argv, "--version")) {
 			printf(PACKAGE_STRING ", using:\n\t%s\n\t%s\n",
 				   SSLeay_version(SSLEAY_VERSION),
@@ -2166,7 +2272,7 @@ int main(int argc, char **argv)
 			ret = msi_extract_signature(ole, outfile);
 			goto skip_signing;
 		} else if (cmd == CMD_VERIFY) {
-			ret = msi_verify_file(ole);
+			ret = msi_verify_file(ole, leafhash);
 			goto skip_signing;
 		}
 
@@ -2338,7 +2444,7 @@ int main(int argc, char **argv)
 		}
 
 		if (cmd == CMD_VERIFY) {
-			ret = verify_pe_file(indata, peheader, pe32plus, sigpos ? sigpos : fileend, siglen);
+			ret = verify_pe_file(indata, peheader, pe32plus, sigpos ? sigpos : fileend, siglen, leafhash);
 			goto skip_signing;
 		}