/*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include "uefisign.h" #include "magic.h" static void usage(void) { fprintf(stderr, "usage: uefisign -c cert -k key -o outfile [-v] file\n" " uefisign -V [-c cert] [-v] file\n"); exit(1); } static char * checked_strdup(const char *s) { char *c; c = strdup(s); if (c == NULL) err(1, "strdup"); return (c); } FILE * checked_fopen(const char *path, const char *mode) { FILE *fp; assert(path != NULL); fp = fopen(path, mode); if (fp == NULL) err(1, "%s", path); return (fp); } void send_chunk(const void *buf, size_t len, int pipefd) { ssize_t ret; ret = write(pipefd, &len, sizeof(len)); if (ret != sizeof(len)) err(1, "write"); ret = write(pipefd, buf, len); if (ret != (ssize_t)len) err(1, "write"); } void receive_chunk(void **bufp, size_t *lenp, int pipefd) { ssize_t ret; size_t len; void *buf; ret = read(pipefd, &len, sizeof(len)); if (ret != sizeof(len)) err(1, "read"); buf = calloc(1, len); if (buf == NULL) err(1, "calloc"); ret = read(pipefd, buf, len); if (ret != (ssize_t)len) err(1, "read"); *bufp = buf; *lenp = len; } static char * bin2hex(const char *bin, size_t bin_len) { unsigned char *hex, *tmp, ch; size_t hex_len; size_t i; hex_len = bin_len * 2 + 1; /* +1 for '\0'. */ hex = malloc(hex_len); if (hex == NULL) err(1, "malloc"); tmp = hex; for (i = 0; i < bin_len; i++) { ch = bin[i]; tmp += sprintf(tmp, "%02x", ch); } return (hex); } /* * We need to replace a standard chunk of PKCS7 signature with one mandated * by Authenticode. Problem is, replacing it just like that and then calling * PKCS7_final() would make OpenSSL segfault somewhere in PKCS7_dataFinal(). * So, instead, we call PKCS7_dataInit(), then put our Authenticode-specific * data into BIO it returned, then call PKCS7_dataFinal() - which now somehow * does not panic - and _then_ we replace it in the signature. This technique * was used in sbsigntool by Jeremy Kerr, and might have originated in * osslsigncode. */ static void magic(PKCS7 *pkcs7, const char *digest, size_t digest_len) { BIO *bio, *t_bio; ASN1_TYPE *t; ASN1_STRING *s; CONF *cnf; unsigned char *buf, *tmp; char *digest_hex, *magic_conf, *str; int len, nid, ok; digest_hex = bin2hex(digest, digest_len); /* * Construct the SpcIndirectDataContent chunk. */ nid = OBJ_create("1.3.6.1.4.1.311.2.1.4", NULL, NULL); asprintf(&magic_conf, magic_fmt, digest_hex); if (magic_conf == NULL) err(1, "asprintf"); bio = BIO_new_mem_buf((void *)magic_conf, -1); if (bio == NULL) { ERR_print_errors_fp(stderr); errx(1, "BIO_new_mem_buf(3) failed"); } cnf = NCONF_new(NULL); if (cnf == NULL) { ERR_print_errors_fp(stderr); errx(1, "NCONF_new(3) failed"); } ok = NCONF_load_bio(cnf, bio, NULL); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "NCONF_load_bio(3) failed"); } str = NCONF_get_string(cnf, "default", "asn1"); if (str == NULL) { ERR_print_errors_fp(stderr); errx(1, "NCONF_get_string(3) failed"); } t = ASN1_generate_nconf(str, cnf); if (t == NULL) { ERR_print_errors_fp(stderr); errx(1, "ASN1_generate_nconf(3) failed"); } /* * We now have our proprietary piece of ASN.1. Let's do * the actual signing. */ len = i2d_ASN1_TYPE(t, NULL); tmp = buf = calloc(1, len); if (tmp == NULL) err(1, "calloc"); i2d_ASN1_TYPE(t, &tmp); /* * We now have contents of 't' stuffed into memory buffer 'buf'. */ tmp = NULL; t = NULL; t_bio = PKCS7_dataInit(pkcs7, NULL); if (t_bio == NULL) { ERR_print_errors_fp(stderr); errx(1, "PKCS7_dataInit(3) failed"); } BIO_write(t_bio, buf + 2, len - 2); ok = PKCS7_dataFinal(pkcs7, t_bio); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "PKCS7_dataFinal(3) failed"); } t = ASN1_TYPE_new(); s = ASN1_STRING_new(); ASN1_STRING_set(s, buf, len); ASN1_TYPE_set(t, V_ASN1_SEQUENCE, s); PKCS7_set0_type_other(pkcs7->d.sign->contents, nid, t); } static void sign(X509 *cert, EVP_PKEY *key, int pipefd) { PKCS7 *pkcs7; BIO *bio, *out; const EVP_MD *md; PKCS7_SIGNER_INFO *info; void *digest, *signature; size_t digest_len, signature_len; int ok; assert(cert != NULL); assert(key != NULL); receive_chunk(&digest, &digest_len, pipefd); bio = BIO_new_mem_buf(digest, digest_len); if (bio == NULL) { ERR_print_errors_fp(stderr); errx(1, "BIO_new_mem_buf(3) failed"); } pkcs7 = PKCS7_sign(NULL, NULL, NULL, bio, PKCS7_BINARY | PKCS7_PARTIAL); if (pkcs7 == NULL) { ERR_print_errors_fp(stderr); errx(1, "PKCS7_sign(3) failed"); } md = EVP_get_digestbyname(DIGEST); if (md == NULL) { ERR_print_errors_fp(stderr); errx(1, "EVP_get_digestbyname(\"%s\") failed", DIGEST); } info = PKCS7_sign_add_signer(pkcs7, cert, key, md, 0); if (info == NULL) { ERR_print_errors_fp(stderr); errx(1, "PKCS7_sign_add_signer(3) failed"); } /* * XXX: All the signed binaries seem to have this, but where is it * described in the spec? */ PKCS7_add_signed_attribute(info, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_txt2obj("1.3.6.1.4.1.311.2.1.4", 1)); magic(pkcs7, digest, digest_len); #if 0 out = BIO_new(BIO_s_file()); BIO_set_fp(out, stdout, BIO_NOCLOSE); PKCS7_print_ctx(out, pkcs7, 0, NULL); i2d_PKCS7_bio(out, pkcs7); #endif out = BIO_new(BIO_s_mem()); if (out == NULL) { ERR_print_errors_fp(stderr); errx(1, "BIO_new(3) failed"); } ok = i2d_PKCS7_bio(out, pkcs7); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "i2d_PKCS7_bio(3) failed"); } signature_len = BIO_get_mem_data(out, &signature); if (signature_len <= 0) { ERR_print_errors_fp(stderr); errx(1, "BIO_get_mem_data(3) failed"); } (void)BIO_set_close(out, BIO_NOCLOSE); BIO_free(out); send_chunk(signature, signature_len, pipefd); } static int wait_for_child(pid_t pid) { int status; pid = waitpid(pid, &status, 0); if (pid == -1) err(1, "waitpid"); return (WEXITSTATUS(status)); } int main(int argc, char **argv) { int ch, error; bool Vflag = false, vflag = false; const char *certpath = NULL, *keypath = NULL, *outpath = NULL, *inpath = NULL; FILE *certfp = NULL, *keyfp = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; pid_t pid; int pipefds[2]; while ((ch = getopt(argc, argv, "Vc:k:o:v")) != -1) { switch (ch) { case 'V': Vflag = true; break; case 'c': if (certpath == NULL) certpath = checked_strdup(optarg); else err(1, "-c can only be specified once"); break; case 'k': if (keypath == NULL) keypath = checked_strdup(optarg); else err(1, "-k can only be specified once"); break; case 'o': if (outpath == NULL) outpath = checked_strdup(optarg); else err(1, "-o can only be specified once"); break; case 'v': vflag = true; break; default: usage(); } } argc -= optind; argv += optind; if (argc != 1) usage(); if (Vflag) { if (certpath != NULL) errx(1, "-V and -c are mutually exclusive"); if (keypath != NULL) errx(1, "-V and -k are mutually exclusive"); if (outpath != NULL) errx(1, "-V and -o are mutually exclusive"); } else { if (certpath == NULL) errx(1, "-c option is mandatory"); if (keypath == NULL) errx(1, "-k option is mandatory"); if (outpath == NULL) errx(1, "-o option is mandatory"); } inpath = argv[0]; OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); error = pipe(pipefds); if (error != 0) err(1, "pipe"); pid = fork(); if (pid < 0) err(1, "fork"); if (pid == 0) { close(pipefds[0]); exit(child(inpath, outpath, pipefds[1], Vflag, vflag)); } close(pipefds[1]); if (!Vflag) { certfp = checked_fopen(certpath, "r"); cert = PEM_read_X509(certfp, NULL, NULL, NULL); if (cert == NULL) { ERR_print_errors_fp(stderr); errx(1, "failed to load certificate from %s", certpath); } keyfp = checked_fopen(keypath, "r"); key = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL); if (key == NULL) { ERR_print_errors_fp(stderr); errx(1, "failed to load private key from %s", keypath); } sign(cert, key, pipefds[0]); } exit(wait_for_child(pid)); }