2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2014 The FreeBSD Foundation
7 * This software was developed by Edward Tomasz Napierala under sponsorship
8 * from the FreeBSD Foundation.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <sys/param.h>
37 #if __FreeBSD_version >= 1100000
38 #include <sys/capsicum.h>
40 #include <sys/capability.h>
42 #include <sys/types.h>
52 #include <openssl/evp.h>
53 #include <openssl/err.h>
54 #include <openssl/pem.h>
59 load(struct executable *x)
68 error = fstat(fd, &sb);
70 err(1, "%s: fstat", x->x_path);
74 errx(1, "%s: file is empty", x->x_path);
78 err(1, "%s: cannot malloc %zd bytes", x->x_path, len);
80 nread = fread(buf, len, 1, x->x_fp);
82 err(1, "%s: fread", x->x_path);
89 digest_range(struct executable *x, EVP_MD_CTX *mdctx, off_t off, size_t len)
93 range_check(x, off, len, "chunk");
95 ok = EVP_DigestUpdate(mdctx, x->x_buf + off, len);
97 ERR_print_errors_fp(stderr);
98 errx(1, "EVP_DigestUpdate(3) failed");
103 digest(struct executable *x)
107 size_t sum_of_bytes_hashed;
111 * Windows Authenticode Portable Executable Signature Format
112 * spec version 1.0 specifies MD5 and SHA1. However, pesign
113 * and sbsign both use SHA256, so do the same.
115 md = EVP_get_digestbyname(DIGEST);
117 ERR_print_errors_fp(stderr);
118 errx(1, "EVP_get_digestbyname(\"%s\") failed", DIGEST);
121 mdctx = EVP_MD_CTX_create();
123 ERR_print_errors_fp(stderr);
124 errx(1, "EVP_MD_CTX_create(3) failed");
127 ok = EVP_DigestInit_ex(mdctx, md, NULL);
129 ERR_print_errors_fp(stderr);
130 errx(1, "EVP_DigestInit_ex(3) failed");
134 * According to the Authenticode spec, we need to compute
135 * the digest in a rather... specific manner; see "Calculating
136 * the PE Image Hash" part of the spec for details.
138 * First, everything from 0 to before the PE checksum.
140 digest_range(x, mdctx, 0, x->x_checksum_off);
143 * Second, from after the PE checksum to before the Certificate
144 * entry in Data Directory.
146 digest_range(x, mdctx, x->x_checksum_off + x->x_checksum_len,
147 x->x_certificate_entry_off -
148 (x->x_checksum_off + x->x_checksum_len));
151 * Then, from after the Certificate entry to the end of headers.
153 digest_range(x, mdctx,
154 x->x_certificate_entry_off + x->x_certificate_entry_len,
156 (x->x_certificate_entry_off + x->x_certificate_entry_len));
159 * Then, each section in turn, as specified in the PE Section Table.
163 sum_of_bytes_hashed = x->x_headers_len;
164 for (i = 0; i < x->x_nsections; i++) {
165 digest_range(x, mdctx,
166 x->x_section_off[i], x->x_section_len[i]);
167 sum_of_bytes_hashed += x->x_section_len[i];
171 * I believe this can happen with overlapping sections.
173 if (sum_of_bytes_hashed > x->x_len)
174 errx(1, "number of bytes hashed is larger than file size");
177 * I can't really explain this one; just do what the spec says.
179 if (sum_of_bytes_hashed < x->x_len) {
180 digest_range(x, mdctx, sum_of_bytes_hashed,
181 x->x_len - (signature_size(x) + sum_of_bytes_hashed));
184 ok = EVP_DigestFinal_ex(mdctx, x->x_digest, &x->x_digest_len);
186 ERR_print_errors_fp(stderr);
187 errx(1, "EVP_DigestFinal_ex(3) failed");
190 EVP_MD_CTX_destroy(mdctx);
194 show_digest(const struct executable *x)
198 printf("computed %s digest ", DIGEST);
199 for (i = 0; i < (int)x->x_digest_len; i++)
200 printf("%02x", (unsigned char)x->x_digest[i]);
201 printf("; digest len %u\n", x->x_digest_len);
205 send_digest(const struct executable *x, int pipefd)
208 send_chunk(x->x_digest, x->x_digest_len, pipefd);
212 receive_signature(struct executable *x, int pipefd)
215 receive_chunk(&x->x_signature, &x->x_signature_len, pipefd);
219 save(struct executable *x, FILE *fp, const char *path)
224 assert(path != NULL);
226 nwritten = fwrite(x->x_buf, x->x_len, 1, fp);
228 err(1, "%s: fwrite", path);
232 child(const char *inpath, const char *outpath, int pipefd,
233 bool Vflag, bool vflag)
236 FILE *outfp = NULL, *infp = NULL;
237 struct executable *x;
239 infp = checked_fopen(inpath, "r");
241 outfp = checked_fopen(outpath, "w");
244 if (error != 0 && errno != ENOSYS)
247 x = calloc(1, sizeof(*x));
256 if (signature_size(x) == 0)
257 errx(1, "file not signed");
259 printf("file contains signature\n");
266 if (signature_size(x) != 0)
267 errx(1, "file already signed");
272 send_digest(x, pipefd);
273 receive_signature(x, pipefd);
275 save(x, outfp, outpath);