VirtualBox

source: vbox/trunk/include/iprt/crypto/spc.h@ 69105

Last change on this file since 69105 was 69105, checked in by vboxsync, 7 years ago

include/iprt/: (C) year

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 17.3 KB
Line 
1/** @file
2 * IPRT - Crypto - Microsoft SPC / Authenticode.
3 */
4
5/*
6 * Copyright (C) 2006-2017 Oracle Corporation
7 *
8 * This file is part of VirtualBox Open Source Edition (OSE), as
9 * available from http://www.virtualbox.org. This file is free software;
10 * you can redistribute it and/or modify it under the terms of the GNU
11 * General Public License (GPL) as published by the Free Software
12 * Foundation, in version 2 as it comes in the "COPYING" file of the
13 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
14 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
15 *
16 * The contents of this file may alternatively be used under the terms
17 * of the Common Development and Distribution License Version 1.0
18 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
19 * VirtualBox OSE distribution, in which case the provisions of the
20 * CDDL are applicable instead of those of the GPL.
21 *
22 * You may elect to license modified versions of this file under the
23 * terms and conditions of either the GPL or the CDDL or both.
24 */
25
26#ifndef ___iprt_crypto_spc_h
27#define ___iprt_crypto_spc_h
28
29#include <iprt/asn1.h>
30#include <iprt/crypto/x509.h>
31#include <iprt/crypto/pkcs7.h>
32#include <iprt/md5.h>
33#include <iprt/sha.h>
34
35
36RT_C_DECLS_BEGIN
37
38/** @defgroup grp_rt_cr_spc RTCrSpc - Microsoft Authenticode
39 * @ingroup grp_rt_crypto
40 * @{
41 */
42
43/**
44 * PE Image page hash table, generic union.
45 *
46 * @remarks This table isn't used by ldrPE.cpp, it walks the table in a generic
47 * fashion using the hash size. So, we can ditch it if we feel like it.
48 */
49typedef union RTCRSPCPEIMAGEPAGEHASHES
50{
51 /** MD5 page hashes. */
52 struct
53 {
54 /** The file offset. */
55 uint32_t offFile;
56 /** The hash. */
57 uint8_t abHash[RTSHA1_HASH_SIZE];
58 } aMd5[1];
59
60 /** SHA-1 page hashes. */
61 struct
62 {
63 /** The file offset. */
64 uint32_t offFile;
65 /** The hash. */
66 uint8_t abHash[RTSHA1_HASH_SIZE];
67 } aSha1[1];
68
69 /** SHA-256 page hashes. */
70 struct
71 {
72 /** The file offset. */
73 uint32_t offFile;
74 /** The hash. */
75 uint8_t abHash[RTSHA256_HASH_SIZE];
76 } aSha256[1];
77
78 /** SHA-512 page hashes. */
79 struct
80 {
81 /** The file offset. */
82 uint32_t offFile;
83 /** The hash. */
84 uint8_t abHash[RTSHA512_HASH_SIZE];
85 } aSha512[1];
86
87 /** Generic view of ONE hash. */
88 struct
89 {
90 /** The file offset. */
91 uint32_t offFile;
92 /** Variable length hash field. */
93 uint8_t abHash[1];
94 } Generic;
95} RTCRSPCPEIMAGEPAGEHASHES;
96/** Pointer to a PE image page hash table union. */
97typedef RTCRSPCPEIMAGEPAGEHASHES *PRTCRSPCPEIMAGEPAGEHASHES;
98/** Pointer to a const PE image page hash table union. */
99typedef RTCRSPCPEIMAGEPAGEHASHES const *PCRTCRSPCPEIMAGEPAGEHASHES;
100
101
102/**
103 * Serialization wrapper for raw RTCRSPCPEIMAGEPAGEHASHES data.
104 */
105typedef struct RTCRSPCSERIALIZEDPAGEHASHES
106{
107 /** The page hashes are within a set. Dunno if there could be multiple
108 * entries in this set, never seen it yet, so I doubt it. */
109 RTASN1SETCORE SetCore;
110 /** Octet string containing the raw data. */
111 RTASN1OCTETSTRING RawData;
112
113 /** Pointer to the hash data within that string.
114 * The hash algorithm is given by the object attribute type in
115 * RTCRSPCSERIALIZEDOBJECTATTRIBUTE. It is generally the same as for the
116 * whole image hash. */
117 PCRTCRSPCPEIMAGEPAGEHASHES pData;
118 /** Field the user can use to store the number of pages in pData. */
119 uint32_t cPages;
120} RTCRSPCSERIALIZEDPAGEHASHES;
121/** Pointer to a serialized wrapper for page hashes. */
122typedef RTCRSPCSERIALIZEDPAGEHASHES *PRTCRSPCSERIALIZEDPAGEHASHES;
123/** Pointer to a const serialized wrapper for page hashes. */
124typedef RTCRSPCSERIALIZEDPAGEHASHES const *PCRTCRSPCSERIALIZEDPAGEHASHES;
125RTASN1TYPE_STANDARD_PROTOTYPES(RTCRSPCSERIALIZEDPAGEHASHES, RTDECL, RTCrSpcSerializedPageHashes, SetCore.Asn1Core);
126
127RTDECL(int) RTCrSpcSerializedPageHashes_UpdateDerivedData(PRTCRSPCSERIALIZEDPAGEHASHES pThis);
128
129
130/**
131 * Data type selection for RTCRSPCSERIALIZEDOBJECTATTRIBUTE.
132 */
133typedef enum RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE
134{
135 /** Invalid zero entry. */
136 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_INVALID = 0,
137 /** Not present pro forma. */
138 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_NOT_PRESENT,
139 /** Unknown object. */
140 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_UNKNOWN,
141 /** SHA-1 page hashes (pPageHashes). */
142 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_PAGE_HASHES_V1,
143 /** SHA-256 page hashes (pPageHashes). */
144 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_PAGE_HASHES_V2,
145 /** End of valid values. */
146 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_END,
147 /** Blow up the type to at least 32-bits. */
148 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_32BIT_HACK
149} RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE;
150
151/**
152 * One serialized object attribute (PE image data).
153 */
154typedef struct RTCRSPCSERIALIZEDOBJECTATTRIBUTE
155{
156 /** Sequence core. */
157 RTASN1SEQUENCECORE SeqCore;
158 /** The attribute type. */
159 RTASN1OBJID Type;
160 /** The allocation of the data type. */
161 RTASN1ALLOCATION Allocation;
162 /** Indicates the valid value in the union. */
163 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE enmType;
164 /** Union with data format depending on the Type. */
165 union
166 {
167 /** The unknown value (RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_UNKNOWN). */
168 PRTASN1CORE pCore;
169 /** Page hashes (RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_PAGE_HASHES_V1 or
170 * RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_PAGE_HASHES_V2). */
171 PRTCRSPCSERIALIZEDPAGEHASHES pPageHashes;
172 } u;
173} RTCRSPCSERIALIZEDOBJECTATTRIBUTE;
174/** Pointer to a serialized object attribute. */
175typedef RTCRSPCSERIALIZEDOBJECTATTRIBUTE *PRTCRSPCSERIALIZEDOBJECTATTRIBUTE;
176/** Pointer to a const serialized object attribute. */
177typedef RTCRSPCSERIALIZEDOBJECTATTRIBUTE const *PCRTCRSPCSERIALIZEDOBJECTATTRIBUTE;
178RTASN1TYPE_STANDARD_PROTOTYPES(RTCRSPCSERIALIZEDOBJECTATTRIBUTE, RTDECL, RTCrSpcSerializedObjectAttribute, SeqCore.Asn1Core);
179
180/** @name RTCRSPCSERIALIZEDOBJECTATTRIBUTE::Type values
181 * @{ */
182/** Serialized object attribute type for page hashes version 1. */
183#define RTCRSPC_PE_IMAGE_HASHES_V1_OID "1.3.6.1.4.1.311.2.3.1"
184/** Serialized object attribute type for page hashes version 2. */
185#define RTCRSPC_PE_IMAGE_HASHES_V2_OID "1.3.6.1.4.1.311.2.3.2"
186/** @} */
187
188
189/*
190 * Set of serialized object attributes (PE image data).
191 */
192RTASN1_IMPL_GEN_SET_OF_TYPEDEFS_AND_PROTOS(RTCRSPCSERIALIZEDOBJECTATTRIBUTES, RTCRSPCSERIALIZEDOBJECTATTRIBUTE, RTDECL,
193 RTCrSpcSerializedObjectAttributes);
194
195/** The UUID found in RTCRSPCSERIALIZEDOBJECT::Uuid for
196 * RTCRSPCSERIALIZEDOBJECTATTRIBUTES. */
197#define RTCRSPCSERIALIZEDOBJECT_UUID_STR "d586b5a6-a1b4-6624-ae05-a217da8e60d6"
198
199
200/**
201 * Decoded encapsulated data type selection in RTCRSPCSERIALIZEDOBJECT.
202 */
203typedef enum RTCRSPCSERIALIZEDOBJECTTYPE
204{
205 /** Invalid zero value. */
206 RTCRSPCSERIALIZEDOBJECTTYPE_INVALID = 0,
207 /** Serialized object attributes (RTCRSPCSERIALIZEDOBJECT_UUID_STR / pAttribs). */
208 RTCRSPCSERIALIZEDOBJECTTYPE_ATTRIBUTES,
209 /** End of valid values. */
210 RTCRSPCSERIALIZEDOBJECTTYPE_END,
211 /** MAke sure the type is at least 32-bit wide. */
212 RTCRSPCSERIALIZEDOBJECTTYPE_32BIT_HACK = 0x7fffffff
213} RTCRSPCSERIALIZEDOBJECTTYPE;
214
215/**
216 * A serialized object (PE image data).
217 */
218typedef struct RTCRSPCSERIALIZEDOBJECT
219{
220 /** Sequence core. */
221 RTASN1SEQUENCECORE SeqCore;
222 /** The UUID of the data object. */
223 RTASN1OCTETSTRING Uuid;
224 /** Serialized data object. */
225 RTASN1OCTETSTRING SerializedData;
226
227 /** Indicates the valid pointer in the union. */
228 RTCRSPCSERIALIZEDOBJECTTYPE enmType;
229 /** Union of pointers shadowing SerializedData.pEncapsulated. */
230 union
231 {
232 /** Generic core pointer. */
233 PRTASN1CORE pCore;
234 /** Pointer to decoded data if Uuid is RTCRSPCSERIALIZEDOBJECT_UUID_STR. */
235 PRTCRSPCSERIALIZEDOBJECTATTRIBUTES pData;
236 } u;
237} RTCRSPCSERIALIZEDOBJECT;
238/** Pointer to a serialized object (PE image data). */
239typedef RTCRSPCSERIALIZEDOBJECT *PRTCRSPCSERIALIZEDOBJECT;
240/** Pointer to a const serialized object (PE image data). */
241typedef RTCRSPCSERIALIZEDOBJECT const *PCRTCRSPCSERIALIZEDOBJECT;
242RTASN1TYPE_STANDARD_PROTOTYPES(RTCRSPCSERIALIZEDOBJECT, RTDECL, RTCrSpcSerializedObject, SeqCore.Asn1Core);
243
244
245/**
246 * RTCRSPCSTRING choices.
247 */
248typedef enum RTCRSPCSTRINGCHOICE
249{
250 /** Invalid zero value. */
251 RTCRSPCSTRINGCHOICE_INVALID = 0,
252 /** Not present. */
253 RTCRSPCSTRINGCHOICE_NOT_PRESENT,
254 /** UCS-2 string (pUcs2). */
255 RTCRSPCSTRINGCHOICE_UCS2,
256 /** ASCII string (pAscii). */
257 RTCRSPCSTRINGCHOICE_ASCII,
258 /** End of valid values. */
259 RTCRSPCSTRINGCHOICE_END,
260 /** Blow the type up to 32-bit. */
261 RTCRSPCSTRINGCHOICE_32BIT_HACK = 0x7fffffff
262} RTCRSPCSTRINGCHOICE;
263
264/**
265 * Stupid microsoft choosy string type.
266 */
267typedef struct RTCRSPCSTRING
268{
269 /** Dummy core. */
270 RTASN1DUMMY Dummy;
271 /** Allocation of what the pointer below points to. */
272 RTASN1ALLOCATION Allocation;
273 /** Pointer choice.*/
274 RTCRSPCSTRINGCHOICE enmChoice;
275 /** Pointer union. */
276 union
277 {
278 /** Tag 0, implicit: UCS-2 (BMP) string. */
279 PRTASN1STRING pUcs2;
280 /** Tag 1, implicit: ASCII (IA5) string. */
281 PRTASN1STRING pAscii;
282 } u;
283} RTCRSPCSTRING;
284/** Pointer to a stupid microsoft string choice. */
285typedef RTCRSPCSTRING *PRTCRSPCSTRING;
286/** Pointer to a const stupid microsoft string choice. */
287typedef RTCRSPCSTRING const *PCRTCRSPCSTRING;
288RTASN1TYPE_STANDARD_PROTOTYPES(RTCRSPCSTRING, RTDECL, RTCrSpcString, Dummy.Asn1Core);
289
290
291/**
292 * RTCRSPCSTRING choices.
293 */
294typedef enum RTCRSPCLINKCHOICE
295{
296 /** Invalid zero value. */
297 RTCRSPCLINKCHOICE_INVALID = 0,
298 /** Not present. */
299 RTCRSPCLINKCHOICE_NOT_PRESENT,
300 /** URL (ASCII) string (pUrl). */
301 RTCRSPCLINKCHOICE_URL,
302 /** Serialized object (pMoniker). */
303 RTCRSPCLINKCHOICE_MONIKER,
304 /** Filename (pT2). */
305 RTCRSPCLINKCHOICE_FILE,
306 /** End of valid values. */
307 RTCRSPCLINKCHOICE_END,
308 /** Blow the type up to 32-bit. */
309 RTCRSPCLINKCHOICE_32BIT_HACK = 0x7fffffff
310} RTCRSPCLINKCHOICE;
311
312/**
313 * PE image data link.
314 */
315typedef struct RTCRSPCLINK
316{
317 /** Dummy core. */
318 RTASN1DUMMY Dummy;
319 /** Allocation of what the pointer below points to. */
320 RTASN1ALLOCATION Allocation;
321 /** Pointer choice.*/
322 RTCRSPCLINKCHOICE enmChoice;
323 /** Pointer union. */
324 union
325 {
326 /** Tag 0, implicit: An URL encoded as an IA5 STRING. */
327 PRTASN1STRING pUrl;
328 /** Tag 1, implicit: A serialized object. */
329 PRTCRSPCSERIALIZEDOBJECT pMoniker;
330 /** Tag 2, explicit: The default, a file name.
331 * Documented to be set to "<<<Obsolete>>>" when used. */
332 struct
333 {
334 /** Context tag 2. */
335 RTASN1CONTEXTTAG2 CtxTag2;
336 /** The file name string. */
337 RTCRSPCSTRING File;
338 } *pT2;
339 } u;
340} RTCRSPCLINK;
341/** Poitner to a PE image data link. */
342typedef RTCRSPCLINK *PRTCRSPCLINK;
343/** Poitner to a const PE image data link. */
344typedef RTCRSPCLINK const *PCRTCRSPCLINK;
345RTASN1TYPE_STANDARD_PROTOTYPES(RTCRSPCLINK, RTDECL, RTCrSpcLink, Dummy.Asn1Core);
346
347
348#if 0 /** @todo Might not be the correct bit order. */
349/**
350 * Flag values for RTCRSPCPEIMAGEDATA::Flags and RTCRSPCPEIMAGEDATA::fFlags.
351 */
352typedef enum RTCRSPCPEIMAGEFLAGS
353{
354 RTCRSPCPEIMAGEFLAGS_INCLUDE_RESOURCES = 0,
355 RTCRSPCPEIMAGEFLAGS_INCLUDE_DEBUG_INFO = 1,
356 RTCRSPCPEIMAGEFLAGS_IMPORT_ADDRESS_TABLE = 2
357} RTCRSPCPEIMAGEFLAGS;
358#endif
359
360
361/**
362 * Authenticode PE Image data.
363 */
364typedef struct RTCRSPCPEIMAGEDATA
365{
366 /** Sequence core. */
367 RTASN1SEQUENCECORE SeqCore;
368 /** One of the RTCRSPCPEIMAGEFLAGS value, default is
369 * RTCRSPCPEIMAGEFLAGS_INCLUDE_RESOURCES. Obsolete with v2 page hashes? */
370 RTASN1BITSTRING Flags;
371 /** Tag 0, explicit: Link to the data. */
372 struct
373 {
374 /** Context tag 0. */
375 RTASN1CONTEXTTAG0 CtxTag0;
376 /** Link to the data. */
377 RTCRSPCLINK File;
378 } T0;
379} RTCRSPCPEIMAGEDATA;
380/** Pointer to a authenticode PE image data representation. */
381typedef RTCRSPCPEIMAGEDATA *PRTCRSPCPEIMAGEDATA;
382/** Pointer to a const authenticode PE image data representation. */
383typedef RTCRSPCPEIMAGEDATA const *PCRTCRSPCPEIMAGEDATA;
384RTASN1TYPE_STANDARD_PROTOTYPES(RTCRSPCPEIMAGEDATA, RTDECL, RTCrSpcPeImageData, SeqCore.Asn1Core);
385
386/** The object ID for SpcPeImageData. */
387#define RTCRSPCPEIMAGEDATA_OID "1.3.6.1.4.1.311.2.1.15"
388
389
390/**
391 * Data type selection for RTCRSPCATTRIBUTETYPEANDOPTIONALVALUE.
392 */
393typedef enum RTCRSPCAAOVTYPE
394{
395 /** Invalid zero entry. */
396 RTCRSPCAAOVTYPE_INVALID = 0,
397 /** Not present (pro forma). */
398 RTCRSPCAAOVTYPE_NOT_PRESENT,
399 /** Unknown object. */
400 RTCRSPCAAOVTYPE_UNKNOWN,
401 /** PE image data (pPeImage). */
402 RTCRSPCAAOVTYPE_PE_IMAGE_DATA,
403 /** End of valid values. */
404 RTCRSPCAAOVTYPE_END,
405 /** Blow up the type to at least 32-bits. */
406 RTCRSPCAAOVTYPE_32BIT_HACK
407} RTCRSPCAAOVTYPE;
408
409/**
410 * Authenticode attribute type and optional value.
411 *
412 * Note! Spec says the value should be explicitly tagged, but in real life
413 * it isn't. So, not very optional?
414 */
415typedef struct RTCRSPCATTRIBUTETYPEANDOPTIONALVALUE
416{
417 /** Sequence core. */
418 RTASN1SEQUENCECORE SeqCore;
419 /** An object ID indicating the type of the value. */
420 RTASN1OBJID Type;
421 /** Allocation of the optional data value. */
422 RTASN1ALLOCATION Allocation;
423 /** The valid pointer. */
424 RTCRSPCAAOVTYPE enmType;
425 /** The value part depends on the Type. */
426 union
427 {
428 /** RTCRSPCAAOVTYPE_UNKNOWN / Generic. */
429 PRTASN1CORE pCore;
430 /** RTCRSPCAAOVTYPE_PE_IMAGE_DATA / RTCRSPCPEIMAGEDATA_OID. */
431 PRTCRSPCPEIMAGEDATA pPeImage;
432 } uValue;
433} RTCRSPCATTRIBUTETYPEANDOPTIONALVALUE;
434/** Pointer to a authentication attribute type and optional value
435 * representation. */
436typedef RTCRSPCATTRIBUTETYPEANDOPTIONALVALUE *PRTCRSPCATTRIBUTETYPEANDOPTIONALVALUE;
437/** Pointer to a const authentication attribute type and optional value
438 * representation. */
439typedef RTCRSPCATTRIBUTETYPEANDOPTIONALVALUE const *PCRTCRSPCATTRIBUTETYPEANDOPTIONALVALUE;
440RTASN1TYPE_STANDARD_PROTOTYPES(RTCRSPCATTRIBUTETYPEANDOPTIONALVALUE, RTDECL, RTCrSpcAttributeTypeAndOptionalValue, SeqCore.Asn1Core);
441
442
443/**
444 * Authenticode indirect data content.
445 */
446typedef struct RTCRSPCINDIRECTDATACONTENT
447{
448 /** Sequence core. */
449 RTASN1SEQUENCECORE SeqCore;
450 /** Additional data. */
451 RTCRSPCATTRIBUTETYPEANDOPTIONALVALUE Data;
452 /** The whole image digest. */
453 RTCRPKCS7DIGESTINFO DigestInfo;
454} RTCRSPCINDIRECTDATACONTENT;
455/** Pointer to a authenticode indirect data content representation. */
456typedef RTCRSPCINDIRECTDATACONTENT *PRTCRSPCINDIRECTDATACONTENT;
457/** Pointer to a const authenticode indirect data content representation. */
458typedef RTCRSPCINDIRECTDATACONTENT const *PCRTCRSPCINDIRECTDATACONTENT;
459RTASN1TYPE_STANDARD_PROTOTYPES(RTCRSPCINDIRECTDATACONTENT, RTDECL, RTCrSpcIndirectDataContent, SeqCore.Asn1Core);
460
461/** The object ID for SpcIndirectDataContent. */
462#define RTCRSPCINDIRECTDATACONTENT_OID "1.3.6.1.4.1.311.2.1.4"
463
464/**
465 * Check the sanity of an Authenticode SPCIndirectDataContent object.
466 *
467 * @returns IPRT status code
468 * @param pIndData The Authenticode SPCIndirectDataContent to
469 * check.
470 * @param pSignedData The related signed data object.
471 * @param fFlags RTCRSPCINDIRECTDATACONTENT_SANITY_F_XXX.
472 * @param pErrInfo Optional error info.
473 */
474RTDECL(int) RTCrSpcIndirectDataContent_CheckSanityEx(PCRTCRSPCINDIRECTDATACONTENT pIndData, PCRTCRPKCS7SIGNEDDATA pSignedData,
475 uint32_t fFlags, PRTERRINFO pErrInfo);
476/** @name RTCRSPCINDIRECTDATACONTENT_SANITY_F_XXX for RTCrSpcIndirectDataContent_CheckSanityEx.
477 * @{ */
478/** The digest hash algorithm must be known to IPRT. */
479#define RTCRSPCINDIRECTDATACONTENT_SANITY_F_ONLY_KNOWN_HASH RT_BIT_32(0)
480/** PE image signing, check expectations of the spec. */
481#define RTCRSPCINDIRECTDATACONTENT_SANITY_F_PE_IMAGE RT_BIT_32(1)
482/** @} */
483
484/**
485 * Gets the first SPC serialized object attribute in a SPC PE image.
486 *
487 * @returns Pointer to the attribute with the given type, NULL if not found.
488 * @param pThis The Authenticode SpcIndirectDataContent.
489 * @param enmType The type of attribute to get.
490 */
491RTDECL(PCRTCRSPCSERIALIZEDOBJECTATTRIBUTE)
492RTCrSpcIndirectDataContent_GetPeImageObjAttrib(PCRTCRSPCINDIRECTDATACONTENT pThis,
493 RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE enmType);
494
495/** @} */
496
497RT_C_DECLS_END
498
499#endif
500
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette