2 * Copyright (c) 2014 The FreeBSD Foundation
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD: head/usr.sbin/uefisign/child.c 305980 2016-09-19 16:07:32Z emaste $");
34 #include <sys/param.h>
35 #include <sys/types.h>
45 #include <openssl/evp.h>
46 #include <openssl/err.h>
47 #include <openssl/pem.h>
52 load(struct executable
*x
)
61 error
= fstat(fd
, &sb
);
63 err(1, "%s: fstat", x
->x_path
);
67 errx(1, "%s: file is empty", x
->x_path
);
71 err(1, "%s: cannot malloc %zd bytes", x
->x_path
, len
);
73 nread
= fread(buf
, len
, 1, x
->x_fp
);
75 err(1, "%s: fread", x
->x_path
);
82 digest_range(struct executable
*x
, EVP_MD_CTX
*mdctx
, off_t off
, size_t len
)
86 range_check(x
, off
, len
, "chunk");
88 ok
= EVP_DigestUpdate(mdctx
, x
->x_buf
+ off
, len
);
90 ERR_print_errors_fp(stderr
);
91 errx(1, "EVP_DigestUpdate(3) failed");
96 digest(struct executable
*x
)
100 size_t sum_of_bytes_hashed
;
104 * Windows Authenticode Portable Executable Signature Format
105 * spec version 1.0 specifies MD5 and SHA1. However, pesign
106 * and sbsign both use SHA256, so do the same.
108 md
= EVP_get_digestbyname(DIGEST
);
110 ERR_print_errors_fp(stderr
);
111 errx(1, "EVP_get_digestbyname(\"%s\") failed", DIGEST
);
114 mdctx
= EVP_MD_CTX_create();
116 ERR_print_errors_fp(stderr
);
117 errx(1, "EVP_MD_CTX_create(3) failed");
120 ok
= EVP_DigestInit_ex(mdctx
, md
, NULL
);
122 ERR_print_errors_fp(stderr
);
123 errx(1, "EVP_DigestInit_ex(3) failed");
127 * According to the Authenticode spec, we need to compute
128 * the digest in a rather... specific manner; see "Calculating
129 * the PE Image Hash" part of the spec for details.
131 * First, everything from 0 to before the PE checksum.
133 digest_range(x
, mdctx
, 0, x
->x_checksum_off
);
136 * Second, from after the PE checksum to before the Certificate
137 * entry in Data Directory.
139 digest_range(x
, mdctx
, x
->x_checksum_off
+ x
->x_checksum_len
,
140 x
->x_certificate_entry_off
-
141 (x
->x_checksum_off
+ x
->x_checksum_len
));
144 * Then, from after the Certificate entry to the end of headers.
146 digest_range(x
, mdctx
,
147 x
->x_certificate_entry_off
+ x
->x_certificate_entry_len
,
149 (x
->x_certificate_entry_off
+ x
->x_certificate_entry_len
));
152 * Then, each section in turn, as specified in the PE Section Table.
156 sum_of_bytes_hashed
= x
->x_headers_len
;
157 for (i
= 0; i
< x
->x_nsections
; i
++) {
158 digest_range(x
, mdctx
,
159 x
->x_section_off
[i
], x
->x_section_len
[i
]);
160 sum_of_bytes_hashed
+= x
->x_section_len
[i
];
164 * I believe this can happen with overlapping sections.
166 if (sum_of_bytes_hashed
> x
->x_len
)
167 errx(1, "number of bytes hashed is larger than file size");
170 * I can't really explain this one; just do what the spec says.
172 if (sum_of_bytes_hashed
< x
->x_len
) {
173 digest_range(x
, mdctx
, sum_of_bytes_hashed
,
174 x
->x_len
- (signature_size(x
) + sum_of_bytes_hashed
));
177 ok
= EVP_DigestFinal_ex(mdctx
, x
->x_digest
, &x
->x_digest_len
);
179 ERR_print_errors_fp(stderr
);
180 errx(1, "EVP_DigestFinal_ex(3) failed");
183 EVP_MD_CTX_destroy(mdctx
);
187 show_digest(const struct executable
*x
)
191 printf("computed %s digest ", DIGEST
);
192 for (i
= 0; i
< (int)x
->x_digest_len
; i
++)
193 printf("%02x", (unsigned char)x
->x_digest
[i
]);
194 printf("; digest len %u\n", x
->x_digest_len
);
198 send_digest(const struct executable
*x
, int pipefd
)
201 send_chunk(x
->x_digest
, x
->x_digest_len
, pipefd
);
205 receive_signature(struct executable
*x
, int pipefd
)
208 receive_chunk(&x
->x_signature
, &x
->x_signature_len
, pipefd
);
212 save(struct executable
*x
, FILE *fp
, const char *path
)
217 assert(path
!= NULL
);
219 nwritten
= fwrite(x
->x_buf
, x
->x_len
, 1, fp
);
221 err(1, "%s: fwrite", path
);
225 child(const char *inpath
, const char *outpath
, int pipefd
,
226 bool Vflag
, bool vflag
)
228 FILE *outfp
= NULL
, *infp
= NULL
;
229 struct executable
*x
;
231 infp
= checked_fopen(inpath
, "r");
233 outfp
= checked_fopen(outpath
, "w");
235 x
= calloc(1, sizeof(*x
));
244 if (signature_size(x
) == 0)
245 errx(1, "file not signed");
247 printf("file contains signature\n");
254 if (signature_size(x
) != 0)
255 errx(1, "file already signed");
260 send_digest(x
, pipefd
);
261 receive_signature(x
, pipefd
);
263 save(x
, outfp
, outpath
);