pkg

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Copyright 2015 Google Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ========================================================================

Program certificate_tag manipulates "tags" in Authenticode-signed Windows binaries.

Traditionally we have inserted tag data after the PKCS#7 blob in the file (called an "appended tag" here). This area is not hashed in when checking the signature so we can alter it at serving time without invalidating the Authenticode signature.

However, Microsoft are changing the verification function to forbid that so this tool also handles "superfluous certificate" tags. These are dummy certificates, inserted into the PKCS#7 certificate chain, that can contain arbitrary data in extensions. Since they are also not hashed when verifying signatures, that data can also be changed without invalidating it.

The tool supports PE32 exe files and MSI files.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FindTag

func FindTag(contents []byte, start int64) (offset, length int64, err error)

findTag returns the offset of the superfluous-cert tag in |contents|, or (-1, 0) if not found. The caller should restrict the search to the certificate section of the contents, if known.

func SetSuperfluousCertTag

func SetSuperfluousCertTag(signedData *signedData, tag []byte) ([]byte, error)

SetSuperfluousCertTag modifies signedData, adding the superfluous cert with the given tag. It returns the asn1 serialization of the modified signedData.

Types

type Binary

type Binary interface {
	AppendedTag() (data []byte, ok bool)
	Asn1Data() []byte

	RemoveAppendedTag() (contents []byte, err error)
	SetAppendedTag(tagContents []byte) (contents []byte, err error)

	SetSuperfluousCertTag(tag []byte) (contents []byte, err error)
	CertificateOffset() int64
	// contains filtered or unexported methods
}

Binary represents a taggable binary of any format.

func NewBinary

func NewBinary(contents []byte) (Binary, error)

NewBinary returns a Binary that contains details of the PE32 or MSI binary given in |contents|. |contents| is modified if it is an MSI file.

type MSIBinary

type MSIBinary struct {
	// contains filtered or unexported fields
}

MSIBinary represents an MSI binary. |headerBytes| and |contents| are non-overlapping slices of the same backing array.

func NewMSIBinary

func NewMSIBinary(fileContents []byte) (*MSIBinary, error)

NewMSIBinary returns a Binary that contains details of the MSI binary given in |contents|. |contents| is modified; the region occupied by the cert section is zeroed out.

func (*MSIBinary) AppendedTag

func (bin *MSIBinary) AppendedTag() (data []byte, ok bool)

AppendedTag is not supported for MSI files.

func (*MSIBinary) Asn1Data

func (bin *MSIBinary) Asn1Data() []byte

func (*MSIBinary) CertificateOffset

func (bin *MSIBinary) CertificateOffset() int64

func (*MSIBinary) RemoveAppendedTag

func (bin *MSIBinary) RemoveAppendedTag() (contents []byte, err error)

RemoveAppendedTag is not supported for MSI files.

func (*MSIBinary) SetAppendedTag

func (bin *MSIBinary) SetAppendedTag(tagContents []byte) (contents []byte, err error)

SetAppendedTag is not supported for MSI files.

func (*MSIBinary) SetSuperfluousCertTag

func (bin *MSIBinary) SetSuperfluousCertTag(tag []byte) (contents []byte, err error)

SetSuperfluousCertTag returns an MSI binary based on bin, but where the superfluous certificate contains the given tag data. The (parsed) bin.signedData is modified; but bin.signedDataBytes, which contains the raw original bytes, is not.

type MSIDirEntry

type MSIDirEntry struct {
	Name              [64]byte
	NumNameBytes      uint16
	ObjectType        uint8
	ColorFlag         uint8
	Left              uint32
	Right             uint32
	Child             uint32
	Clsid             [16]byte
	StateFlags        uint32
	CreateTime        uint64
	ModifyTime        uint64
	StreamFirstSector uint32
	StreamSize        uint64
}

MSIDirEntry represents a parsed MSI directory entry for a stream.

type MSIHeader

type MSIHeader struct {
	Magic                      [8]byte
	Clsid                      [16]byte
	MinorVersion               uint16
	DllVersion                 uint16
	ByteOrder                  uint16
	SectorShift                uint16
	MiniSectorShift            uint16
	Reserved                   [6]byte
	NumDirSectors              uint32
	NumFatSectors              uint32
	FirstDirSector             uint32
	TransactionSignatureNumber uint32
	MiniStreamCutoffSize       uint32
	FirstMiniFatSector         uint32
	NumMiniFatSectors          uint32
	FirstDifatSector           uint32
	NumDifatSectors            uint32
}

MSIHeader represents a parsed MSI header.

type PE32Binary

type PE32Binary struct {
	// contains filtered or unexported fields
}

PE32Binary represents a PE binary.

func NewPE32Binary

func NewPE32Binary(contents []byte) (*PE32Binary, error)

NewPE32Binary returns a Binary that contains details of the PE32 binary given in contents.

func (*PE32Binary) AppendedTag

func (bin *PE32Binary) AppendedTag() (data []byte, ok bool)

AppendedTag returns the appended tag, if any.

func (*PE32Binary) Asn1Data

func (bin *PE32Binary) Asn1Data() []byte

func (*PE32Binary) CertificateOffset

func (bin *PE32Binary) CertificateOffset() int64

func (*PE32Binary) RemoveAppendedTag

func (bin *PE32Binary) RemoveAppendedTag() (contents []byte, err error)

RemoveAppendedTag removes a legacy-style tag from the end of the signedData container.

func (*PE32Binary) SetAppendedTag

func (bin *PE32Binary) SetAppendedTag(tagContents []byte) (contents []byte, err error)

SetAppendedTag adds a legacy-style tag at the end of the signedData container.

func (*PE32Binary) SetSuperfluousCertTag

func (bin *PE32Binary) SetSuperfluousCertTag(tag []byte) (contents []byte, err error)

SetSuperfluousCertTag returns a PE binary based on bin, but where the superfluous certificate contains the given tag data. The (parsed) bin.signedData is modified; but bin.asn1Bytes, which contains the raw original bytes, is not.

type SectorFormat

type SectorFormat struct {
	Size offT // the size of a sector in bytes; 512 for dll v3 and 4096 for v4.
	Ints int  // the number of int32s in a sector.
}

SectorFormat represents parameters of an MSI file sector.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL