nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-05-20 18:34:29 -05:00
Code Issues Projects Releases Wiki Activity

attach DER signature

Browse Source
This commit is contained in:
olszomal 2020-04-08 14:21:53 +02:00
parent cafa23819b
commit e2f984f5c9
6 changed files with 150 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
osslsigncode.c
View File

@ -2791,9 +2791,8 @@ static int msi_extract_file(GsfInfile *ole, GLOBAL_OPTIONS *options)
} }
ret = !PEM_write_bio_PKCS7(outdata, sig); ret = !PEM_write_bio_PKCS7(outdata, sig);
BIO_free_all(outdata); BIO_free_all(outdata);
} else { } else
ret = msi_extract_signature_to_file(ole, options->outfile); ret = msi_extract_signature_to_file(ole, options->outfile);
}
return ret; return ret;
} }
@ -3152,9 +3151,10 @@ static int pe_extract_file(char *indata, FILE_HEADER *header, BIO *outdata, int
return 1; /* FAILED */ return 1; /* FAILED */
} }
ret = !PEM_write_bio_PKCS7(outdata, sig); ret = !PEM_write_bio_PKCS7(outdata, sig);
} else { PKCS7_free(sig);
ret = !BIO_write(outdata, indata + header->sigpos, header->siglen); } else
} ret = !BIO_write(outdata, indata + header->sigpos, header->siglen);
return ret; return ret;
} }
@ -3511,9 +3511,10 @@ static int cab_extract_file(char *indata, FILE_HEADER *header, BIO *outdata, int
return 1; /* FAILED */ return 1; /* FAILED */
} }
ret = !PEM_write_bio_PKCS7(outdata, sig); ret = !PEM_write_bio_PKCS7(outdata, sig);
} else { PKCS7_free(sig);
} else
ret = !BIO_write(outdata, indata + header->sigpos, header->siglen); ret = !BIO_write(outdata, indata + header->sigpos, header->siglen);
}
return ret; return ret;
} }
@ -4499,24 +4500,13 @@ static PKCS7 *get_sigfile(char *sigfile, file_type_t type)
} else { } else {
/* reset header */ /* reset header */
memset(&header, 0, sizeof(FILE_HEADER)); memset(&header, 0, sizeof(FILE_HEADER));
header.fileend = sigfilesize; header.siglen = sigfilesize;
if (type == FILE_TYPE_PE) { header.sigpos = 0;
if (!pe_verify_header(insigdata, sigfile, sigfilesize, &header)) if (type == FILE_TYPE_PE)
return NULL; /* FAILED */
sig = pe_extract_existing_pkcs7(insigdata, &header); sig = pe_extract_existing_pkcs7(insigdata, &header);
if (!sig) { else if (type == FILE_TYPE_CAB)
fprintf(stderr, "Failed to extract PKCS7 data: %s\n", sigfile);
return NULL; /* FAILED */
}
} else if (type == FILE_TYPE_CAB) {
if (!cab_verify_header(insigdata, sigfile, sigfilesize, &header))
return NULL; /* FAILED */
sig = cab_extract_existing_pkcs7(insigdata, &header); sig = cab_extract_existing_pkcs7(insigdata, &header);
if (!sig) { else if (type == FILE_TYPE_MSI) {
fprintf(stderr, "Failed to extract PKCS7 data: %s\n", sigfile);
return NULL; /* FAILED */
}
} else if (type == FILE_TYPE_MSI) {
#ifdef WITH_GSF #ifdef WITH_GSF
const unsigned char *p = (unsigned char*)insigdata; const unsigned char *p = (unsigned char*)insigdata;
sig = d2i_PKCS7(NULL, &p, sigfilesize); sig = d2i_PKCS7(NULL, &p, sigfilesize);

26
tests/recipes/31_extract_signature → tests/recipes/26_extract_signature_pem
View File

@ -1,21 +1,21 @@
#!/bin/sh #!/bin/sh
# Extract the signature from the PE/CAB/MSI file. # Extract the signature in the PEM format from the PE/CAB/MSI file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
# PE file # PE file
test_name="311. Extract the signature from the PE file" test_name="261. Extract the PEM signature from the PE file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "test.exe" if test -s "test.exe"
then then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_311.exe" && \ -in "test.exe" -out "test_261.exe" && \
../../osslsigncode extract-signature -pem \ ../../osslsigncode extract-signature -pem \
-in "test_311.exe" -out "sign_pe.pem" -in "test_261.exe" -out "sign_pe.pem"
verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \ verify_signature "$?" "261" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else
@ -23,17 +23,17 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
test_name="312. Extract the signature from the CAB file" test_name="262. Extract the PEM signature from the CAB file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ] if [ -s "test.ex_" ]
then then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_312.ex_" && \ -in "test.ex_" -out "test_262.ex_" && \
../../osslsigncode extract-signature -pem \ ../../osslsigncode extract-signature -pem \
-in "test_312.ex_" -out "sign_cab.pem" -in "test_262.ex_" -out "sign_cab.pem"
verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \ verify_signature "$?" "262" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else
@ -41,17 +41,17 @@ if [ -s "test.ex_" ]
fi fi
# MSI file # MSI file
test_name="313. Extract the signature from the MSI file" test_name="263. Extract the PEM signature from the MSI file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "sample.msi" if test -s "sample.msi"
then then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_313.msi" && \ -in "sample.msi" -out "test_263.msi" && \
../../osslsigncode extract-signature -pem \ ../../osslsigncode extract-signature -pem \
-in "test_313.msi" -out "sign_msi.pem" -in "test_263.msi" -out "sign_msi.pem"
verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \ verify_signature "$?" "263" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else

61
tests/recipes/27_extract_signature_der Normal file
View File

@ -0,0 +1,61 @@
#!/bin/sh
# Extract the signature in the DER format from the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="271. Extract the DER signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_271.exe" && \
../../osslsigncode extract-signature \
-in "test_271.exe" -out "sign_pe.der"
verify_signature "$?" "271" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="272. Extract the DER signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_272.ex_" && \
../../osslsigncode extract-signature \
-in "test_272.ex_" -out "sign_cab.der"
verify_signature "$?" "272" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="273. Extract the DER signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_273.msi" && \
../../osslsigncode extract-signature \
-in "test_273.msi" -out "sign_msi.der"
verify_signature "$?" "273" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/31_attach_signature_der Normal file
View File

@ -0,0 +1,58 @@
#!/bin/sh
# Attach the DER signature to the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="311. Attach the DER signature to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode attach-signature \
-sigin "sign_pe.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.exe" -out "test_311.exe"
verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="312. Attach the DER signature to the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_312.ex_"
verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="313. Attach the DER signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \
-sigin "sign_msi.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_313.msi"
verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

8
tests/recipes/32_attach_signature → tests/recipes/32_attach_signature_pem
View File

@ -1,11 +1,11 @@
#!/bin/sh #!/bin/sh
# Attach the signature to the PE/CAB/MSI file. # Attach the PEM signature to the PE/CAB/MSI file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
# PE file # PE file
test_name="321. Attach the signature to the PE file" test_name="321. Attach the PEM signature to the PE file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "test.exe" if test -s "test.exe"
then then
@ -22,7 +22,7 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
test_name="322. Attach the signature to the CAB file" test_name="322. Attach the PEM signature to the CAB file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ] if [ -s "test.ex_" ]
then then
@ -39,7 +39,7 @@ if [ -s "test.ex_" ]
fi fi
# MSI file # MSI file
test_name="323. Attach the signature to the MSI file" test_name="323. Attach the PEM signature to the MSI file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "sample.msi" if test -s "sample.msi"
then then

1
tests/testall.sh
View File

@ -102,6 +102,7 @@ if test -n "$(command -v faketime)"
make_tests make_tests
result=$? result=$?
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe" rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe"
rm -f "sign_pe.der" "sign_cab.der" "sign_msi.der"
rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log" rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log"
else else
printf "%s\n" "xxd not found in \$PATH" printf "%s\n" "xxd not found in \$PATH"