diff --git a/NEWS.md b/NEWS.md index 08327ca..c6f0b05 100644 --- a/NEWS.md +++ b/NEWS.md @@ -2,6 +2,9 @@ ### 2.7 (unreleased) +- added a built-in TSA response generation (-TSA-certs, -TSA-key + and -TSA-time options) + ### 2.6 (2023.05.29) - modular architecture implemented to simplify adding file formats diff --git a/osslsigncode.c b/osslsigncode.c index a00beca..c845328 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -183,21 +183,6 @@ IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequest) /* RFC3161 Time stamping */ -ASN1_SEQUENCE(PKIStatusInfo) = { - ASN1_SIMPLE(PKIStatusInfo, status, ASN1_INTEGER), - ASN1_SEQUENCE_OF_OPT(PKIStatusInfo, statusString, ASN1_UTF8STRING), - ASN1_OPT(PKIStatusInfo, failInfo, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(PKIStatusInfo) - -IMPLEMENT_ASN1_FUNCTIONS(PKIStatusInfo) - -ASN1_SEQUENCE(TimeStampResp) = { - ASN1_SIMPLE(TimeStampResp, status, PKIStatusInfo), - ASN1_OPT(TimeStampResp, token, PKCS7) -} ASN1_SEQUENCE_END(TimeStampResp) - -IMPLEMENT_ASN1_FUNCTIONS(TimeStampResp) - ASN1_SEQUENCE(TimeStampReq) = { ASN1_SIMPLE(TimeStampReq, version, ASN1_INTEGER), ASN1_SIMPLE(TimeStampReq, messageImprint, MessageImprint), @@ -406,19 +391,19 @@ static BIO *bio_encode_authenticode_request(PKCS7 *p7) } /* - * Decode a RFC 3161 response from BIO. * If successful the RFC 3161 timestamp will be written into * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]. * [in, out] p7: new PKCS#7 signature - * [in] bin: BIO with http data + * [in] response: RFC3161 response * [in] verbose: additional output mode * [returns] 1 on error or 0 on success */ -static int decode_rfc3161_response(PKCS7 *p7, BIO *bin, int verbose) +static int attach_rfc3161_response(PKCS7 *p7, TS_RESP *response, int verbose) { PKCS7_SIGNER_INFO *si; STACK_OF(X509_ATTRIBUTE) *attrs; - TimeStampResp *reply; + TS_STATUS_INFO *status; + PKCS7 *token; u_char *p; int i, len; STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); @@ -428,32 +413,31 @@ static int decode_rfc3161_response(PKCS7 *p7, BIO *bin, int verbose) si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 1; /* FAILED */ - - reply = ASN1_item_d2i_bio(ASN1_ITEM_rptr(TimeStampResp), bin, NULL); - if (!reply || !reply->status) + if (!response) return 1; /* FAILED */ - if (ASN1_INTEGER_get(reply->status->status) != 0) { + + status = TS_RESP_get_status_info(response); + if (ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status)) != 0) { if (verbose) { - printf("Timestamping failed: status %ld\n", ASN1_INTEGER_get(reply->status->status)); - for (i = 0; i < sk_ASN1_UTF8STRING_num(reply->status->statusString); i++) { - ASN1_UTF8STRING *status = sk_ASN1_UTF8STRING_value(reply->status->statusString, i); - printf("%s\n", ASN1_STRING_get0_data(status)); + const STACK_OF(ASN1_UTF8STRING) *reasons = TS_STATUS_INFO_get0_text(status); + printf("Timestamping failed: status %ld\n", ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status))); + for (i = 0; i < sk_ASN1_UTF8STRING_num(reasons); i++) { + ASN1_UTF8STRING *reason = sk_ASN1_UTF8STRING_value(reasons, i); + printf("%s\n", ASN1_STRING_get0_data(reason)); } } - TimeStampResp_free(reply); return 1; /* FAILED */ } - if (((len = i2d_PKCS7(reply->token, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { + token = TS_RESP_get_token(response); + if (((len = i2d_PKCS7(token, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { if (verbose) { printf("Failed to convert pkcs7: %d\n", len); ERR_print_errors_fp(stdout); } - TimeStampResp_free(reply); return 1; /* FAILED */ } - len = i2d_PKCS7(reply->token, &p); + len = i2d_PKCS7(token, &p); p -= len; - TimeStampResp_free(reply); attrs = sk_X509_ATTRIBUTE_new_null(); attrs = X509at_add1_attr_by_txt(&attrs, SPC_RFC3161_OBJID, V_ASN1_SET, p, len); @@ -465,26 +449,22 @@ static int decode_rfc3161_response(PKCS7 *p7, BIO *bin, int verbose) } /* - * Decode an authenticode response from BIO. * If successful the authenticode timestamp will be written into * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]: * p7->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature - * [in] bin: base64 BIO with http data + * [in] resp: PKCS#7 authenticode response * [in] verbose: additional output mode * [returns] 1 on error or 0 on success */ -static int decode_authenticode_response(PKCS7 *p7, BIO *b64_bin, int verbose) +static int attach_authenticode_response(PKCS7 *p7, PKCS7 *resp, int verbose) { - PKCS7 *resp; PKCS7_SIGNER_INFO *info, *si; STACK_OF(X509_ATTRIBUTE) *attrs; - u_char *p; int len, i; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; - resp = d2i_PKCS7_bio(b64_bin, NULL); if (!resp) { return 1; /* FAILED */ } @@ -689,15 +669,25 @@ static int add_timestamp(PKCS7 *p7, FILE_FORMAT_CTX *ctx, char *url, int rfc3161 if (bin) { if (rfc3161) { - res = decode_rfc3161_response(p7, bin, verbose); + /* decode a RFC 3161 response from BIO */ + TS_RESP *response = d2i_TS_RESP_bio(bin, NULL); BIO_free_all(bin); + + res = attach_rfc3161_response(p7, response, verbose); + TS_RESP_free(response); } else { - BIO *b64 = BIO_new(BIO_f_base64()); + /* decode an authenticode response from BIO */ + PKCS7 *response; + BIO *b64, *b64_bin; + + b64 = BIO_new(BIO_f_base64()); if (!blob_has_nl) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - BIO *b64_bin = BIO_push(b64, bin); - res = decode_authenticode_response(p7, b64_bin, verbose); + b64_bin = BIO_push(b64, bin); + response = d2i_PKCS7_bio(b64_bin, NULL); BIO_free_all(b64_bin); + + res = attach_authenticode_response(p7, response, verbose); } if (res && verbose) { if (http_code != -1) { @@ -744,6 +734,236 @@ static int add_timestamp_rfc3161(PKCS7 *p7, FILE_FORMAT_CTX *ctx) } #endif /* ENABLE_CURL */ +/* + * [in] resp_ctx: a response context that can be used for generating responses + * [in] data: unused + * [returns] hexadecimal serial number + */ +static ASN1_INTEGER *serial_cb(TS_RESP_CTX *resp_ctx, void *data) +{ + int ret = 0; + uint64_t buf; + ASN1_INTEGER *serial = NULL; + + /* squash unused parameter warning */ + (void)data; + + if (RAND_bytes((unsigned char *)&buf, sizeof buf) <= 0) { + printf("RAND_bytes failed\n"); + goto out; + } + serial = ASN1_INTEGER_new(); + if (!serial) + goto out; + ASN1_INTEGER_set_uint64(serial, buf); + ret = 1; +out: + if (!ret) { + TS_RESP_CTX_set_status_info(resp_ctx, TS_STATUS_REJECTION, + "Error during serial number generation."); + TS_RESP_CTX_add_failure_info(resp_ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE); + ASN1_INTEGER_free(serial); + return NULL; /* FAILED */ + } + return serial; +} + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. + * [in] resp_ctx: a response context that can be used for generating responses + * [in] data: timestamping time + * [out] sec: total of seconds since Jan 1, 1970 + * [out] usec: microseconds (unused) + * [returns] 0 on error or 1 on success + */ +static int time_cb(TS_RESP_CTX *resp_ctx, void *data, long *sec, long *usec) +{ + time_t *time = (time_t *)data; + if(!*time) { + TS_RESP_CTX_set_status_info(resp_ctx, TS_STATUS_REJECTION, + "Time is not available."); + TS_RESP_CTX_add_failure_info(resp_ctx, TS_INFO_TIME_NOT_AVAILABLE); + return 0; /* FAILED */ + } + *sec = (long int)*time; + *usec = 0; + return 1; /* OK */ +} + +/* + * [in] ctx: structure holds input and output data + * [in] signer_cert: the signer certificate of the TSA in PEM format + * [in] signer_key: the private key of the TSA in PEM format + * [in] chain: the certificate chain that will all be included in the response + * [in] bout: timestamp request + * [returns] RFC3161 response + */ +static TS_RESP *get_rfc3161_response(FILE_FORMAT_CTX *ctx, X509 *signer_cert, + EVP_PKEY *signer_key, STACK_OF(X509) *chain, BIO *bout) +{ + TS_RESP_CTX *resp_ctx = NULL; + TS_RESP *response = NULL; + ASN1_OBJECT *policy_obj = NULL; + + resp_ctx = TS_RESP_CTX_new(); + if (!resp_ctx) + goto out; + + TS_RESP_CTX_set_serial_cb(resp_ctx, serial_cb, NULL); + if (!TS_RESP_CTX_set_signer_cert(resp_ctx, signer_cert)) { + goto out; + } + if (!TS_RESP_CTX_set_signer_key(resp_ctx, signer_key)) { + goto out; + } + if (!TS_RESP_CTX_set_certs(resp_ctx, chain)) { + goto out; + } + /* message digest algorithm that the TSA accepts */ + if (!TS_RESP_CTX_add_md(resp_ctx, ctx->options->md)) { + goto out; + } + /* default policy to use when the request does not mandate any policy + * tsa_policy1 = 1.2.3.4.1 */ + policy_obj = OBJ_txt2obj(TSA_POLICY1, 0); + if (!policy_obj) { + goto out; + } + if (!TS_RESP_CTX_set_def_policy(resp_ctx, policy_obj)) { + goto out; + } + /* the accuracy of the time source of the TSA in seconds, milliseconds + * and microseconds; e.g. secs:1, millisecs:500, microsecs:100; + * 0 means not specified */ + if (!TS_RESP_CTX_set_accuracy(resp_ctx, 1, 500, 100)) { + goto out; + } + if (ctx->options->tsa_time) { + TS_RESP_CTX_set_time_cb(resp_ctx, time_cb, &(ctx->options->tsa_time)); + } + /* generate RFC3161 response with embedded TimeStampToken */ + response = TS_RESP_create_response(resp_ctx, bout); + if (!response) { + printf("Failed to create RFC3161 response\n"); + } + +out: + ASN1_OBJECT_free(policy_obj); + TS_RESP_CTX_free(resp_ctx); + + return response; +} + +/* + * [in] bin: certfile BIO + * [in] certpass: NULL + * [returns] pointer to STACK_OF(X509) structure + */ +static STACK_OF(X509) *X509_chain_read_certs(BIO *bin, char *certpass) +{ + STACK_OF(X509) *certs = sk_X509_new_null(); + X509 *x509; + (void)BIO_seek(bin, 0); + x509 = PEM_read_bio_X509(bin, NULL, NULL, certpass); + while (x509) { + sk_X509_push(certs, x509); + x509 = PEM_read_bio_X509(bin, NULL, NULL, certpass); + } + ERR_clear_error(); + if (!sk_X509_num(certs)) { + sk_X509_free(certs); + return NULL; + } + return certs; +} + +/* + * [in, out] p7: new PKCS#7 signature + * [in] ctx: structure holds input and output data + * [returns] 1 on error or 0 on success + */ +static int add_timestamp_builtin(PKCS7 *p7, FILE_FORMAT_CTX *ctx) +{ + BIO *btmp, *bout; + STACK_OF(X509) *chain; + X509 *signer_cert = NULL; + EVP_PKEY *signer_key; + TS_RESP *response = NULL; + int i, res = 1; + + btmp = BIO_new_file(ctx->options->tsa_certfile, "rb"); + if (!btmp) { + printf("Failed to read Time-Stamp Authority certificate file: %s\n", ctx->options->tsa_certfile); + return 0; /* FAILED */ + } + /* .pem certificate file */ + chain = X509_chain_read_certs(btmp, NULL); + BIO_free(btmp); + btmp = BIO_new_file(ctx->options->tsa_keyfile, "rb"); + if (!btmp) { + printf("Failed to read private key file: %s\n", ctx->options->tsa_keyfile); + return 0; /* FAILED */ + } + signer_key = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL); + BIO_free(btmp); + if(!chain || !signer_key) { + printf("Failed to load Time-Stamp Authority crypto parameters\n"); + return 0; /* FAILED */ + } + /* find the signer's certificate located somewhere in the whole certificate chain */ + for (i=0; ioptions->md); + if (!bout) { + printf("Failed to encode timestamp request\n"); + goto out; + } + + response = get_rfc3161_response(ctx, signer_cert, signer_key, chain, bout); + BIO_free_all(bout); + + if (response) { + res = attach_rfc3161_response(p7, response, ctx->options->verbose); + if (res) { + printf("Failed to convert timestamp reply\n"); + ERR_print_errors_fp(stdout); + } + } else { + printf("Failed to obtain RFC3161 response\n"); + } +out: + sk_X509_pop_free(chain, X509_free); + EVP_PKEY_free(signer_key); + TS_RESP_free(response); + return res; +} + /* * If successful the unauthenticated blob will be written into * the PKCS7 SignerInfo structure as an unauthorized attribute - cont[1]: @@ -801,6 +1021,10 @@ static int add_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx) "Use the \"-t\" option to add the Authenticode Time-Stamp Authority or choose another one RFC3161 Time-Stamp Authority"); return 1; /* FAILED */ } + if (ctx->options->tsa_certfile && ctx->options->tsa_keyfile && add_timestamp_builtin(p7, ctx)) { + printf("Built-in timestamping failed\n"); + return 1; /* FAILED */ + } #endif /* ENABLE_CURL */ if (ctx->options->addBlob && !add_unauthenticated_blob(p7)) { printf("Adding unauthenticated blob failed\n"); @@ -1224,6 +1448,18 @@ static STACK_OF(X509_CRL) *x509_crl_list_get(PKCS7 *p7, X509_CRL *crl) return crls; } +static void print_timestamp_serial_number(const ASN1_INTEGER *serial) +{ + BIGNUM *serialbn; + char *number; + + serialbn = ASN1_INTEGER_to_BN(serial, NULL); + number = BN_bn2hex(serialbn); + printf("Timestamp serial number: %s\n", number); + BN_free(serialbn); + OPENSSL_free(number); +} + /* * Compare the hash provided from the TSTInfo object against the hash computed * from the signature created by the signing certificate's private key @@ -1256,6 +1492,7 @@ static int verify_timestamp_token(PKCS7 *p7, CMS_ContentInfo *timestamp) p = (*pos)->data; token = d2i_TimeStampToken(NULL, &p, (*pos)->length); if (token) { + print_timestamp_serial_number(token->serial); /* compute a hash from the encrypted message digest value of the file */ md_nid = OBJ_obj2nid(token->messageImprint->digestAlgorithm->algorithm); md = EVP_get_digestbynid(md_nid); @@ -1269,7 +1506,6 @@ static int verify_timestamp_token(PKCS7 *p7, CMS_ContentInfo *timestamp) BIO_write(bhash, si->enc_digest->data, si->enc_digest->length); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); - /* compare the provided hash against the computed hash */ hash = token->messageImprint->digest; /* hash->length == EVP_MD_size(md) */ @@ -1353,8 +1589,7 @@ static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *ti crl = x509_crl_get(url); OPENSSL_free(url); if (!crl && !ctx->options->tsa_crlfile) { - printf("Use the \"-TSA-CRLfile\" option to add one or more Time-Stamp Authority CRLs in PEM format.\n\n"); - goto out; + printf("Use the \"-TSA-CRLfile\" option to add one or more Time-Stamp Authority CRLs in PEM format.\n"); } } #endif /* ENABLE_CURL */ @@ -1465,7 +1700,7 @@ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X50 crl = x509_crl_get(url); OPENSSL_free(url); if (!crl && !ctx->options->crlfile) { - printf("Use the \"-CRLfile\" option to add one or more CRLs in PEM format.\n\n"); + printf("Use the \"-CRLfile\" option to add one or more CRLs in PEM format.\n"); goto out; } } @@ -2441,6 +2676,8 @@ static void usage(const char *argv0, const char *cmd) printf("%12s[ -t [ -t ... ] [ -p ] [ -noverifypeer ]\n", ""); printf("%12s[ -ts [ -ts ... ] [ -p ] [ -noverifypeer ] ]\n", ""); #endif /* ENABLE_CURL */ + printf("%12s[ -TSA-certs ] [ -TSA-key ]\n", ""); + printf("%12s[ -TSA-time ]\n", ""); printf("%12s[ -time ]\n", ""); printf("%12s[ -addUnauthenticatedBlob ]\n", ""); printf("%12s[ -nest ]\n", ""); @@ -2454,6 +2691,8 @@ static void usage(const char *argv0, const char *cmd) printf("%12s[ -t [ -t ... ] [ -p ] [ -noverifypeer ]\n", ""); printf("%12s[ -ts [ -ts ... ] [ -p ] [ -noverifypeer ] ]\n", ""); #endif /* ENABLE_CURL */ + printf("%12s[ -TSA-certs ] [ -TSA-key ]\n", ""); + printf("%12s[ -TSA-time ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -verbose ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); @@ -2551,6 +2790,9 @@ static void help_for(const char *argv0, const char *cmd) const char *cmds_ts[] = {"add", "sign", NULL}; #endif /* ENABLE_CURL */ const char *cmds_CAfileTSA[] = {"attach-signature", "verify", NULL}; + const char *cmds_certsTSA[] = {"add", "sign", NULL}; + const char *cmds_keyTSA[] = {"add", "sign", NULL}; + const char *cmds_timeTSA[] = {"add", "sign", NULL}; const char *cmds_verbose[] = {"add", "sign", "verify", NULL}; if (on_list(cmd, cmds_all)) { @@ -2700,34 +2942,17 @@ static void help_for(const char *argv0, const char *cmd) printf("%-24s= the file containing one or more Time-Stamp Authority certificates in PEM format\n", "-TSA-CAfile"); if (on_list(cmd, cmds_CRLfileTSA)) printf("%-24s= the file containing one or more Time-Stamp Authority CRLs in PEM format\n", "-TSA-CRLfile"); + if (on_list(cmd, cmds_certsTSA)) + printf("%-24s= Time-Stamp Authority signing certificate\n", "-TSA-certs"); + if (on_list(cmd, cmds_keyTSA)) + printf("%-24s= Time-Stamp Authority private key or PKCS#11 URI identifies a key in the token\n", "-TSA-key"); + if (on_list(cmd, cmds_timeTSA)) + printf("%-24s= the unix-time to set the Time-Stamp Authority signing\n", "-TSA-time"); if (on_list(cmd, cmds_verbose)) printf("%-24s= include additional output in the log\n", "-verbose"); usage(argv0, cmd); } -/* - * [in] bin: certfile BIO - * [in] certpass: NULL - * [returns] pointer to STACK_OF(X509) structure - */ -static STACK_OF(X509) *X509_chain_read_certs(BIO *bin, char *certpass) -{ - STACK_OF(X509) *certs = sk_X509_new_null(); - X509 *x509; - (void)BIO_seek(bin, 0); - x509 = PEM_read_bio_X509(bin, NULL, NULL, certpass); - while (x509) { - sk_X509_push(certs, x509); - x509 = PEM_read_bio_X509(bin, NULL, NULL, certpass); - } - ERR_clear_error(); - if (!sk_X509_num(certs)) { - sk_X509_free(certs); - return NULL; - } - return certs; -} - #ifdef PROVIDE_ASKPASS /* * [in] prompt: "Password: " @@ -3608,6 +3833,24 @@ static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) return 0; /* FAILED */ } options->leafhash = (*++argv); + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-certs")) { + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } + options->tsa_certfile = *(++argv); + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-key")) { + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } + options->tsa_keyfile = *(++argv); + } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-time")) { + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } + options->tsa_time = (time_t)strtoull(*(++argv), NULL, 10); } else if ((cmd == CMD_ADD) && !strcmp(*argv, "--help")) { help_for(argv0, "add"); cmd = CMD_HELP; @@ -3673,6 +3916,8 @@ static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) if (argc > 0 || #ifdef ENABLE_CURL (options->nturl && options->ntsurl) || + (options->nturl && options->tsa_certfile && options->tsa_keyfile) || + (options->ntsurl && options->tsa_certfile && options->tsa_keyfile) || #endif !options->infile || (cmd != CMD_VERIFY && !options->outfile) || diff --git a/osslsigncode.h b/osslsigncode.h index b674774..9771086 100644 --- a/osslsigncode.h +++ b/osslsigncode.h @@ -60,7 +60,9 @@ #if OPENSSL_VERSION_NUMBER>=0x30000000L #include #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ +#include #include +#include #include #include /* X509_PURPOSE */ @@ -210,6 +212,9 @@ #define DO_EXIT_1(x, y) { printf(x, y); goto err_cleanup; } #define DO_EXIT_2(x, y, z) { printf(x, y, z); goto err_cleanup; } +/* Default policy if request did not specify it. */ +#define TSA_POLICY1 "1.2.3.4.1" + typedef enum { CMD_SIGN, CMD_EXTRACT, @@ -278,6 +283,9 @@ typedef struct { cmd_type_t cmd; char *indata; PKCS7 *prevsig; + char *tsa_certfile; + char *tsa_keyfile; + time_t tsa_time; } GLOBAL_OPTIONS; /*