Documentation ¶
Index ¶
- Variables
- func AllSigStyles() []string
- func DigestMSI(cdf *comdoc.ComDoc, hash crypto.Hash, extended bool) (imprint, prehash []byte, err error)
- func DigestMsiTar(r io.Reader, hash crypto.Hash, extended bool) ([]byte, error)
- func FixPEChecksum(f *os.File) error
- func InsertMSISignature(cdf *comdoc.ComDoc, pkcs, exsig []byte) error
- func MsiToTar(cdf *comdoc.ComDoc, w io.Writer) error
- func NewPEChecksum(peStart int) hash.Hash
- func PrehashMSI(cdf *comdoc.ComDoc, hash crypto.Hash) ([]byte, error)
- func SignCabImprint(ctx context.Context, digest *cabfile.CabinetDigest, ...) (*binpatch.PatchSet, *pkcs9.TimestampedSignature, error)
- func SignMSIImprint(ctx context.Context, digest []byte, hash crypto.Hash, ...) (*pkcs9.TimestampedSignature, error)
- func SignSip(ctx context.Context, imprint []byte, hash crypto.Hash, sipInfo SpcSipInfo, ...) (*pkcs9.TimestampedSignature, error)
- type CabSignature
- type Catalog
- type CertTrustAttributes
- type CertTrustEntry
- type CertTrustList
- type CertTrustMemberInfoV1
- type CertTrustValue
- type DigestInfo
- type MSISignature
- type OpusParams
- type PEDigest
- func (pd *PEDigest) GetIndirect() (indirect SpcIndirectDataContentPe, err error)
- func (pd *PEDigest) MakePatch(sig []byte) (*binpatch.PatchSet, error)
- func (pd *PEDigest) Sign(ctx context.Context, cert *certloader.Certificate, params *OpusParams) (*binpatch.PatchSet, *pkcs9.TimestampedSignature, error)
- type PESignature
- type PowershellSignature
- type PsDigest
- type PsSigStyle
- type SpcAttributeMsiImageData
- type SpcAttributePageHashes
- type SpcAttributePeImageData
- type SpcIndirectDataContentMsi
- type SpcIndirectDataContentPe
- type SpcLink
- type SpcPeImageData
- type SpcSerializedObject
- type SpcSipInfo
- type SpcSpOpusInfo
- type SpcSpStatementType
- type SpcString
Constants ¶
This section is empty.
Variables ¶
var ( OidSpcIndirectDataContent = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 4} OidSpcStatementType = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 11} OidSpcSpOpusInfo = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 12} OidSpcPeImageData = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 15} OidSpcIndividualPurpose = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 21} OidSpcCabImageData = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 25} OidSpcSipInfo = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 30} OidSpcPageHashV1 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 3, 1} OidSpcPageHashV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 3, 2} OidSpcCabPageHash = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 5, 1} OidCertTrustList = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 1} OidCatalogList = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 12, 1, 1} OidCatalogListMember = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 12, 1, 2} OidCatalogListMemberV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 12, 1, 3} OidCatalogNameValue = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 12, 2, 1} OidCatalogMemberInfo = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 12, 2, 2} OidCatalogMemberInfoV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 12, 2, 3} SpcUUIDPageHashes = []byte{0xa6, 0xb5, 0x86, 0xd5, 0xb4, 0xa1, 0x24, 0x66, 0xae, 0x05, 0xa2, 0x17, 0xda, 0x8e, 0x60, 0xd6} // SIP or Subject Interface Package is an internal Microsoft API for // transforming arbitrary files into a digestible stream. These ClassIDs // are found in the indirect data section and identify the type of processor needed to validate the signature. // SIP related DLLs are registered at // HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData // although these particular ClassIDs do not seem to appear there. // Relevant DLLs include: WINTRUST.DLL, MSISIP.DLL, pwrshsip.dll SpcUUIDSipInfoMsi = []byte{0xf1, 0x10, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} SpcUUIDSipInfoPs = []byte{0x1f, 0xcc, 0x3b, 0x60, 0x59, 0x4b, 0x08, 0x4e, 0xb7, 0x24, 0xd2, 0xc6, 0x29, 0x7e, 0xf3, 0x51} // This one is used in V1 security catalogs CryptSipCreateIndirectData = "{C689AAB8-8E78-11D0-8C47-00C04FC295EE}" )
Functions ¶
func DigestMSI ¶
func DigestMSI(cdf *comdoc.ComDoc, hash crypto.Hash, extended bool) (imprint, prehash []byte, err error)
Calculate the digest (imprint) of a MSI file. If extended is true then the MsiDigitalSignatureEx value is also hashed and returned.
func DigestMsiTar ¶
Digset a tarball produced by MsiToTar
func FixPEChecksum ¶
func InsertMSISignature ¶
Add a signature blob to an open MSI file. The extended signature blob is added or updated if provided, or deleted if nil.
func NewPEChecksum ¶
Hasher that calculates the undocumented, non-CRC checksum used in PE images. peStart is the offset found at 0x3c in the DOS header.
func PrehashMSI ¶
Calculates the MsiDigitalSignatureEx blob for a MSI file
func SignCabImprint ¶
func SignCabImprint(ctx context.Context, digest *cabfile.CabinetDigest, cert *certloader.Certificate, params *OpusParams) (*binpatch.PatchSet, *pkcs9.TimestampedSignature, error)
Create the Authenticode structure for a CAB file signature using a previously-calculated digest (imprint).
func SignMSIImprint ¶
func SignMSIImprint(ctx context.Context, digest []byte, hash crypto.Hash, cert *certloader.Certificate, params *OpusParams) (*pkcs9.TimestampedSignature, error)
Create the Authenticode structure for a MSI file signature using a previously-calculated digest (imprint).
func SignSip ¶
func SignSip(ctx context.Context, imprint []byte, hash crypto.Hash, sipInfo SpcSipInfo, cert *certloader.Certificate, params *OpusParams) (*pkcs9.TimestampedSignature, error)
Types ¶
type CabSignature ¶
type CabSignature struct { pkcs9.TimestampedSignature Indirect *SpcIndirectDataContentPe OpusInfo *SpcSpOpusInfo HashFunc crypto.Hash PatchSet *binpatch.PatchSet }
type Catalog ¶
type Catalog struct { Version int Hash crypto.Hash Sha1Entries, Sha2Entries []CertTrustEntry }
func NewCatalog ¶
func (*Catalog) Add ¶
func (cat *Catalog) Add(indirect SpcIndirectDataContentPe) error
func (*Catalog) Sign ¶
func (cat *Catalog) Sign(ctx context.Context, cert *certloader.Certificate, params *OpusParams) (*pkcs9.TimestampedSignature, error)
type CertTrustAttributes ¶
type CertTrustAttributes struct { }
type CertTrustEntry ¶
type CertTrustEntry struct { Tag []byte Values []CertTrustValue `asn1:"set"` }
type CertTrustList ¶
type CertTrustList struct { SubjectUsage []asn1.ObjectIdentifier ListIdentifier []byte EffectiveDate time.Time SubjectAlgorithm pkix.AlgorithmIdentifier Entries []CertTrustEntry Attributes *CertTrustAttributes `asn1:"optional,explicit,tag:0"` }
type CertTrustMemberInfoV1 ¶
type CertTrustValue ¶
type CertTrustValue struct { Attribute asn1.ObjectIdentifier Value asn1.RawValue }
type DigestInfo ¶
type DigestInfo struct { DigestAlgorithm pkix.AlgorithmIdentifier Digest []byte }
type MSISignature ¶
type MSISignature struct { pkcs9.TimestampedSignature Indirect *SpcIndirectDataContentMsi HashFunc crypto.Hash OpusInfo *SpcSpOpusInfo }
type OpusParams ¶ added in v7.5.6
type PEDigest ¶
type PEDigest struct { OrigSize int64 CertStart int64 Imprint []byte PageHashes []byte Hash crypto.Hash // contains filtered or unexported fields }
func DigestPE ¶
Calculate a digest (message imprint) over a PE image. Returns a structure that can be used to sign the imprint and produce a binary patch to apply the signature.
func (*PEDigest) GetIndirect ¶
func (pd *PEDigest) GetIndirect() (indirect SpcIndirectDataContentPe, err error)
func (*PEDigest) MakePatch ¶
Create a patchset that will add or replace the signature from a previously digested image with a new one
func (*PEDigest) Sign ¶
func (pd *PEDigest) Sign(ctx context.Context, cert *certloader.Certificate, params *OpusParams) (*binpatch.PatchSet, *pkcs9.TimestampedSignature, error)
Sign the digest and return an Authenticode structure
type PESignature ¶
type PESignature struct { pkcs9.TimestampedSignature Indirect *SpcIndirectDataContentPe OpusInfo *SpcSpOpusInfo ImageHashFunc crypto.Hash PageHashes []byte PageHashFunc crypto.Hash }
func VerifyPE ¶
func VerifyPE(r io.ReadSeeker, skipDigests bool) ([]PESignature, error)
Extract and verify the signature from a PE/COFF image file. Does not check X509 chains.
type PowershellSignature ¶ added in v7.5.6
type PowershellSignature struct { pkcs9.TimestampedSignature OpusInfo *SpcSpOpusInfo HashFunc crypto.Hash }
func VerifyPowershell ¶
func VerifyPowershell(r io.ReadSeeker, style PsSigStyle, skipDigests bool) (*PowershellSignature, error)
Verify a PowerShell script. The signature "style" must already have been determined by calling GetSigStyle
type PsDigest ¶
type PsDigest struct { Imprint []byte HashFunc crypto.Hash TextSize, SigSize int64 SigStyle PsSigStyle IsUtf16 bool }
func DigestPowershell ¶
Digest a PowerShell script from a stream, returning the sum and the length of the digested bytes.
PowerShell scripts are digested in UTF-16-LE format so, unless already in that format, the text is converted first. Existing signatures are discarded.
func (*PsDigest) MakePatch ¶
Create a patchset that will add or replace the signature on the digested script
func (*PsDigest) Sign ¶
func (pd *PsDigest) Sign(ctx context.Context, cert *certloader.Certificate, params *OpusParams) (*binpatch.PatchSet, *pkcs9.TimestampedSignature, error)
Sign a previously digested PowerShell script and return the Authenticode structure
type PsSigStyle ¶
type PsSigStyle int
Type of signature formatting used for different PowerShell file formats
const ( // "Hash" style used by e.g. .ps1 files SigStyleHash PsSigStyle = iota + 1 // XML style used by e.g. .ps1xml files SigStyleXML // C# style used by .mof files SigStyleC )
func GetSigStyle ¶
func GetSigStyle(filename string) (PsSigStyle, bool)
Get the PowerShell signature style for a filename or extension
type SpcAttributeMsiImageData ¶
type SpcAttributeMsiImageData struct { Type asn1.ObjectIdentifier Value SpcSipInfo `asn1:"optional"` }
type SpcAttributePageHashes ¶
type SpcAttributePageHashes struct { Type asn1.ObjectIdentifier Hashes [][]byte `asn1:"set"` }
type SpcAttributePeImageData ¶
type SpcAttributePeImageData struct { Type asn1.ObjectIdentifier Value SpcPeImageData `asn1:"optional"` }
type SpcIndirectDataContentMsi ¶
type SpcIndirectDataContentMsi struct { Data SpcAttributeMsiImageData MessageDigest DigestInfo }
type SpcIndirectDataContentPe ¶
type SpcIndirectDataContentPe struct { Data SpcAttributePeImageData MessageDigest DigestInfo }
type SpcLink ¶
type SpcLink struct { URL string `asn1:"optional,tag:0,ia5"` Moniker SpcSerializedObject `asn1:"optional,tag:1"` File SpcString `asn1:"optional,tag:2"` }
type SpcPeImageData ¶
type SpcSerializedObject ¶
type SpcSipInfo ¶
type SpcSpOpusInfo ¶
type SpcSpOpusInfo struct { ProgramName SpcString `asn1:"optional,tag:0"` MoreInfo SpcLink `asn1:"optional,tag:1"` }
func GetOpusInfo ¶ added in v7.5.6
func GetOpusInfo(si *pkcs7.SignerInfo) (*SpcSpOpusInfo, error)
type SpcSpStatementType ¶
type SpcSpStatementType struct {
Type asn1.ObjectIdentifier
}