RTSignTool.cpp@ 51774

Last change on this file since 51774 was 51774, checked in by vboxsync, 10 years ago
attempt at cursing weird -Wattributes warning.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 34.0 KB

Line
1	/* $Id: RTSignTool.cpp 51774 2014-07-01 18:32:18Z vboxsync $ */
2	/** @file
3	* IPRT - Signing Tool.
4	*/
5
6	/*
7	* Copyright (C) 2006-2014 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27
28	/*******************************************************************************
29	* Header Files *
30	*******************************************************************************/
31	#include <iprt/assert.h>
32	#include <iprt/buildconfig.h>
33	#include <iprt/err.h>
34	#include <iprt/getopt.h>
35	#include <iprt/file.h>
36	#include <iprt/initterm.h>
37	#include <iprt/ldr.h>
38	#include <iprt/message.h>
39	#include <iprt/mem.h>
40	#include <iprt/path.h>
41	#include <iprt/stream.h>
42	#include <iprt/string.h>
43	#include <iprt/crypto/x509.h>
44	#include <iprt/crypto/pkcs7.h>
45	#include <iprt/crypto/store.h>
46	#ifdef VBOX
47	# include <VBox/sup.h> /* Certificates */
48	#endif
49
50
51	/*******************************************************************************
52	* Structures and Typedefs *
53	*******************************************************************************/
54	/** Help detail levels. */
55	typedef enum RTSIGNTOOLHELP
56	{
57	RTSIGNTOOLHELP_USAGE,
58	RTSIGNTOOLHELP_FULL
59	} RTSIGNTOOLHELP;
60
61
62	/*******************************************************************************
63	* Internal Functions *
64	*******************************************************************************/
65	static RTEXITCODE HandleHelp(int cArgs, char **papszArgs);
66	static RTEXITCODE HelpHelp(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel);
67	static RTEXITCODE HandleVersion(int cArgs, char **papszArgs);
68
69
70
71
72	/*
73	* The 'extract-exe-signer-cert' command.
74	*/
75	static RTEXITCODE HelpExtractExeSignerCert(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
76	{
77	RTStrmPrintf(pStrm, "extract-exe-signer-cert [--ber\|--cer\|--der] [--exe\|-e] <exe> [--output\|-o] <outfile.cer>\n");
78	return RTEXITCODE_SUCCESS;
79	}
80
81	static RTEXITCODE HandleExtractExeSignerCert(int cArgs, char **papszArgs)
82	{
83	/*
84	* Parse arguments.
85	*/
86	static const RTGETOPTDEF s_aOptions[] =
87	{
88	{ "--ber", 'b', RTGETOPT_REQ_NOTHING },
89	{ "--cer", 'c', RTGETOPT_REQ_NOTHING },
90	{ "--der", 'd', RTGETOPT_REQ_NOTHING },
91	{ "--exe", 'e', RTGETOPT_REQ_STRING },
92	{ "--output", 'o', RTGETOPT_REQ_STRING },
93	};
94
95	const char *pszExe = NULL;
96	const char *pszOut = NULL;
97	RTLDRARCH enmLdrArch = RTLDRARCH_WHATEVER;
98	uint32_t fCursorFlags = RTASN1CURSOR_FLAGS_DER;
99
100	RTGETOPTSTATE GetState;
101	int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
102	AssertRCReturn(rc, RTEXITCODE_FAILURE);
103	RTGETOPTUNION ValueUnion;
104	int ch;
105	while ((ch = RTGetOpt(&GetState, &ValueUnion)))
106	{
107	switch (ch)
108	{
109	case 'e': pszExe = ValueUnion.psz; break;
110	case 'o': pszOut = ValueUnion.psz; break;
111	case 'b': fCursorFlags = 0; break;
112	case 'c': fCursorFlags = RTASN1CURSOR_FLAGS_CER; break;
113	case 'd': fCursorFlags = RTASN1CURSOR_FLAGS_DER; break;
114	case 'V': return HandleVersion(cArgs, papszArgs);
115	case 'h': return HelpExtractExeSignerCert(g_pStdOut, RTSIGNTOOLHELP_FULL);
116
117	case VINF_GETOPT_NOT_OPTION:
118	if (!pszExe)
119	pszExe = ValueUnion.psz;
120	else if (!pszOut)
121	pszOut = ValueUnion.psz;
122	else
123	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Too many file arguments: %s", ValueUnion.psz);
124	break;
125
126	default:
127	return RTGetOptPrintError(ch, &ValueUnion);
128	}
129	}
130	if (!pszExe)
131	return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
132	if (!pszOut)
133	return RTMsgErrorExit(RTEXITCODE_FAILURE, "No output file given.");
134	if (RTPathExists(pszOut))
135	return RTMsgErrorExit(RTEXITCODE_FAILURE, "The output file '%s' exists.", pszOut);
136
137	/*
138	* Do it.
139	*/
140
141	/* Open the executable image and query the PKCS7 info. */
142	RTLDRMOD hLdrMod;
143	rc = RTLdrOpen(pszExe, RTLDR_O_FOR_VALIDATION, enmLdrArch, &hLdrMod);
144	if (RT_FAILURE(rc))
145	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error opening executable image '%s': %Rrc", pszExe, rc);
146
147	RTEXITCODE rcExit = RTEXITCODE_FAILURE;
148	#ifdef DEBUG
149	size_t cbBuf = 64;
150	#else
151	size_t cbBuf = _512K;
152	#endif
153	void *pvBuf = RTMemAlloc(cbBuf);
154	size_t cbRet = 0;
155	rc = RTLdrQueryPropEx(hLdrMod, RTLDRPROP_PKCS7_SIGNED_DATA, pvBuf, cbBuf, &cbRet);
156	if (rc == VERR_BUFFER_OVERFLOW && cbRet < _4M && cbRet > 0)
157	{
158	RTMemFree(pvBuf);
159	cbBuf = cbRet;
160	pvBuf = RTMemAlloc(cbBuf);
161	rc = RTLdrQueryPropEx(hLdrMod, RTLDRPROP_PKCS7_SIGNED_DATA, pvBuf, cbBuf, &cbRet);
162	}
163	if (RT_SUCCESS(rc))
164	{
165	static RTERRINFOSTATIC s_StaticErrInfo;
166	RTErrInfoInitStatic(&s_StaticErrInfo);
167
168	/*
169	* Decode the output.
170	*/
171	RTASN1CURSORPRIMARY PrimaryCursor;
172	RTAsn1CursorInitPrimary(&PrimaryCursor, pvBuf, (uint32_t)cbRet, &s_StaticErrInfo.Core,
173	&g_RTAsn1DefaultAllocator, fCursorFlags, "exe");
174	RTCRPKCS7CONTENTINFO Pkcs7Ci;
175	rc = RTCrPkcs7ContentInfo_DecodeAsn1(&PrimaryCursor.Cursor, 0, &Pkcs7Ci, "pkcs7");
176	if (RT_SUCCESS(rc))
177	{
178	if (RTCrPkcs7ContentInfo_IsSignedData(&Pkcs7Ci))
179	{
180	PCRTCRPKCS7SIGNEDDATA pSd = Pkcs7Ci.u.pSignedData;
181	if (pSd->SignerInfos.cItems == 1)
182	{
183	PCRTCRPKCS7ISSUERANDSERIALNUMBER pISN = &pSd->SignerInfos.paItems[0].IssuerAndSerialNumber;
184	PCRTCRX509CERTIFICATE pCert;
185	pCert = RTCrX509Certificates_FindByIssuerAndSerialNumber(&pSd->Certificates,
186	&pISN->Name, &pISN->SerialNumber);
187	if (pCert)
188	{
189	/*
190	* Write it out.
191	*/
192	RTFILE hFile;
193	rc = RTFileOpen(&hFile, pszOut, RTFILE_O_WRITE \| RTFILE_O_DENY_WRITE \| RTFILE_O_CREATE);
194	if (RT_SUCCESS(rc))
195	{
196	uint32_t cbCert = pCert->SeqCore.Asn1Core.cbHdr + pCert->SeqCore.Asn1Core.cb;
197	rc = RTFileWrite(hFile, pCert->SeqCore.Asn1Core.uData.pu8 - pCert->SeqCore.Asn1Core.cbHdr,
198	cbCert, NULL);
199	if (RT_SUCCESS(rc))
200	{
201	rc = RTFileClose(hFile);
202	if (RT_SUCCESS(rc))
203	{
204	hFile = NIL_RTFILE;
205	rcExit = RTEXITCODE_SUCCESS;
206	RTMsgInfo("Successfully wrote %u bytes to '%s'", cbCert, pszOut);
207	}
208	else
209	RTMsgError("RTFileClose failed: %Rrc", rc);
210	}
211	else
212	RTMsgError("RTFileWrite failed: %Rrc", rc);
213	RTFileClose(hFile);
214	}
215	else
216	RTMsgError("Error opening '%s': %Rrc", pszOut, rc);
217	}
218	else
219	RTMsgError("Certificate not found.");
220	}
221	else
222	RTMsgError("SignerInfo count: %u", pSd->SignerInfos.cItems);
223	}
224	else
225	RTMsgError("No PKCS7 content: ContentType=%s", Pkcs7Ci.ContentType.szObjId);
226	RTAsn1VtDelete(&Pkcs7Ci.SeqCore.Asn1Core);
227	}
228	else
229	RTMsgError("RTPkcs7ContentInfoDecodeAsn1 failed: %Rrc - %s", rc, s_StaticErrInfo.szMsg);
230	}
231	else
232	RTMsgError("RTLDRPROP_PKCS7_SIGNED_DATA failed on '%s': %Rrc", pszExe, rc);
233	RTMemFree(pvBuf);
234	rc = RTLdrClose(hLdrMod);
235	if (RT_FAILURE(rc))
236	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "RTLdrClose failed: %Rrc\n", rc);
237	return rcExit;
238	}
239
240	#ifndef IPRT_IN_BUILD_TOOL
241
242	/*
243	* The 'verify-exe' command.
244	*/
245	static RTEXITCODE HelpVerifyExe(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
246	{
247	RTStrmPrintf(pStrm,
248	"verify-exe [--verbose\|--quiet] [--kernel] [--root <root-cert.der>] [--additional <supp-cert.der>]\n"
249	" [--type <win\|osx>] <exe1> [exe2 [..]]\n");
250	return RTEXITCODE_SUCCESS;
251	}
252
253	typedef struct VERIFYEXESTATE
254	{
255	RTCRSTORE hRootStore;
256	RTCRSTORE hKernelRootStore;
257	RTCRSTORE hAdditionalStore;
258	bool fKernel;
259	int cVerbose;
260	enum { kSignType_Windows, kSignType_OSX } enmSignType;
261	uint64_t uTimestamp;
262	} VERIFYEXESTATE;
263
264
265	/**
266	* @callback_method_impl{RTCRPKCS7VERIFYCERTCALLBACK,
267	* Standard code signing. Use this for Microsoft SPC.}
268	*/
269	static DECLCALLBACK(int) VerifyExecCertVerifyCallback(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths,
270	void *pvUser, PRTERRINFO pErrInfo)
271	{
272	VERIFYEXESTATE pState = (VERIFYEXESTATE )pvUser;
273	uint32_t cPaths = hCertPaths != NIL_RTCRX509CERTPATHS ? RTCrX509CertPathsGetPathCount(hCertPaths) : 0;
274
275	/*
276	* Dump all the paths.
277	*/
278	if (pState->cVerbose > 0)
279	{
280	for (uint32_t iPath = 0; iPath < cPaths; iPath++)
281	{
282	RTPrintf("---\n");
283	RTCrX509CertPathsDumpOne(hCertPaths, iPath, pState->cVerbose, RTStrmDumpPrintfV, g_pStdOut);
284	*pErrInfo->pszMsg = '\0';
285	}
286	RTPrintf("---\n");
287	}
288
289	/*
290	* Test signing certificates normally doesn't have all the necessary
291	* features required below. So, treat them as special cases.
292	*/
293	if ( hCertPaths == NIL_RTCRX509CERTPATHS
294	&& RTCrX509Name_Compare(&pCert->TbsCertificate.Issuer, &pCert->TbsCertificate.Subject) == 0)
295	{
296	RTMsgInfo("Test signed.\n");
297	return VINF_SUCCESS;
298	}
299
300	if (hCertPaths == NIL_RTCRX509CERTPATHS)
301	RTMsgInfo("Signed by trusted certificate.\n");
302
303	/*
304	* Standard code signing capabilites required.
305	*/
306	int rc = RTCrPkcs7VerifyCertCallbackCodeSigning(pCert, hCertPaths, NULL, pErrInfo);
307	if (RT_SUCCESS(rc))
308	{
309	/*
310	* If kernel signing, a valid certificate path must be anchored by the
311	* microsoft kernel signing root certificate. The only alternative is
312	* test signing.
313	*/
314	if (pState->fKernel && hCertPaths != NIL_RTCRX509CERTPATHS)
315	{
316	uint32_t cFound = 0;
317	uint32_t cValid = 0;
318	for (uint32_t iPath = 0; iPath < cPaths; iPath++)
319	{
320	bool fTrusted;
321	PCRTCRX509NAME pSubject;
322	PCRTCRX509SUBJECTPUBLICKEYINFO pPublicKeyInfo;
323	int rcVerify;
324	rc = RTCrX509CertPathsQueryPathInfo(hCertPaths, iPath, &fTrusted, NULL /pcNodes/, &pSubject, &pPublicKeyInfo,
325	NULL, NULL /pCertCtx/, &rcVerify);
326	AssertRCBreak(rc);
327
328	if (RT_SUCCESS(rcVerify))
329	{
330	Assert(fTrusted);
331	cValid++;
332
333	/* Search the kernel signing root store for a matching anchor. */
334	RTCRSTORECERTSEARCH Search;
335	rc = RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280(pState->hKernelRootStore, pSubject, &Search);
336	AssertRCBreak(rc);
337	PCRTCRCERTCTX pCertCtx;
338	while ((pCertCtx = RTCrStoreCertSearchNext(pState->hKernelRootStore, &Search)) != NULL)
339	{
340	if (RTCrX509SubjectPublicKeyInfo_Compare(&pCertCtx->pCert->TbsCertificate.SubjectPublicKeyInfo,
341	pPublicKeyInfo) == 0)
342	cFound++;
343	RTCrCertCtxRelease(pCertCtx);
344	}
345
346	int rc2 = RTCrStoreCertSearchDestroy(pState->hKernelRootStore, &Search); AssertRC(rc2);
347	}
348	}
349	if (RT_SUCCESS(rc) && cFound == 0)
350	rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE, "Not valid kernel code signature.");
351	if (RT_SUCCESS(rc) && cValid != 2)
352	RTMsgWarning("%u valid paths, expected 2", cValid);
353	}
354	}
355
356	return rc;
357	}
358
359
360	/** @callback_method_impl{FNRTLDRVALIDATESIGNEDDATA} */
361	static DECLCALLBACK(int) VerifyExeCallback(RTLDRMOD hLdrMod, RTLDRSIGNATURETYPE enmSignature,
362	void const *pvSignature, size_t cbSignature,
363	PRTERRINFO pErrInfo, void *pvUser)
364	{
365	VERIFYEXESTATE pState = (VERIFYEXESTATE )pvUser;
366	switch (enmSignature)
367	{
368	case RTLDRSIGNATURETYPE_PKCS7_SIGNED_DATA:
369	{
370	PCRTCRPKCS7CONTENTINFO pContentInfo = (PCRTCRPKCS7CONTENTINFO)pvSignature;
371
372	RTTIMESPEC ValidationTime;
373	RTTimeSpecSetSeconds(&ValidationTime, pState->uTimestamp);
374
375	/*
376	* Dump the signed data if so requested.
377	*/
378	if (pState->cVerbose)
379	RTAsn1Dump(&pContentInfo->SeqCore.Asn1Core, 0, 0, RTStrmDumpPrintfV, g_pStdOut);
380
381
382	/*
383	* Do the actual verification. Will have to modify this so it takes
384	* the authenticode policies into account.
385	*/
386	return RTCrPkcs7VerifySignedData(pContentInfo, 0, pState->hAdditionalStore, pState->hRootStore, &ValidationTime,
387	VerifyExecCertVerifyCallback, pState, pErrInfo);
388	}
389
390	default:
391	return RTErrInfoSetF(pErrInfo, VERR_NOT_SUPPORTED, "Unsupported signature type: %d", enmSignature);
392	}
393	return VINF_SUCCESS;
394	}
395
396	static RTEXITCODE HandleVerifyExe(int cArgs, char **papszArgs)
397	{
398	RTERRINFOSTATIC StaticErrInfo;
399
400	/* Note! This code does not try to clean up the crypto stores on failure.
401	This is intentional as the code is only expected to be used in a
402	one-command-per-process environment where we do exit() upon
403	returning from this function. */
404
405	/*
406	* Parse arguments.
407	*/
408	static const RTGETOPTDEF s_aOptions[] =
409	{
410	{ "--kernel", 'k', RTGETOPT_REQ_NOTHING },
411	{ "--root", 'r', RTGETOPT_REQ_STRING },
412	{ "--additional", 'a', RTGETOPT_REQ_STRING },
413	{ "--add", 'a', RTGETOPT_REQ_STRING },
414	{ "--type", 't', RTGETOPT_REQ_STRING },
415	{ "--verbose", 'v', RTGETOPT_REQ_NOTHING },
416	{ "--quiet", 'q', RTGETOPT_REQ_NOTHING },
417	};
418
419	RTLDRARCH enmLdrArch = RTLDRARCH_WHATEVER;
420	VERIFYEXESTATE State = { NIL_RTCRSTORE, NIL_RTCRSTORE, NIL_RTCRSTORE, false, false, VERIFYEXESTATE::kSignType_Windows };
421	int rc = RTCrStoreCreateInMem(&State.hRootStore, 0);
422	if (RT_SUCCESS(rc))
423	rc = RTCrStoreCreateInMem(&State.hKernelRootStore, 0);
424	if (RT_SUCCESS(rc))
425	rc = RTCrStoreCreateInMem(&State.hAdditionalStore, 0);
426	if (RT_FAILURE(rc))
427	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error creating in-memory certificate store: %Rrc", rc);
428
429	RTGETOPTSTATE GetState;
430	rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
431	AssertRCReturn(rc, RTEXITCODE_FAILURE);
432	RTGETOPTUNION ValueUnion;
433	int ch;
434	while ((ch = RTGetOpt(&GetState, &ValueUnion)) && ch != VINF_GETOPT_NOT_OPTION)
435	{
436	switch (ch)
437	{
438	case 'r': case 'a':
439	rc = RTCrStoreCertAddFromFile(ch == 'r' ? State.hRootStore : State.hAdditionalStore, 0, ValueUnion.psz,
440	RTErrInfoInitStatic(&StaticErrInfo));
441	if (RT_FAILURE(rc))
442	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error loading certificate '%s': %Rrc - %s",
443	ValueUnion.psz, rc, StaticErrInfo.szMsg);
444	break;
445
446	case 't':
447	if (!strcmp(ValueUnion.psz, "win") \|\| !strcmp(ValueUnion.psz, "windows"))
448	State.enmSignType = VERIFYEXESTATE::kSignType_Windows;
449	else if (!strcmp(ValueUnion.psz, "osx") \|\| !strcmp(ValueUnion.psz, "apple"))
450	State.enmSignType = VERIFYEXESTATE::kSignType_OSX;
451	else
452	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Unknown signing type: '%s'", ValueUnion.psz);
453	break;
454
455	case 'k': State.fKernel = true; break;
456	case 'v': State.cVerbose++; break;
457	case 'q': State.cVerbose = 0; break;
458	case 'V': return HandleVersion(cArgs, papszArgs);
459	case 'h': return HelpVerifyExe(g_pStdOut, RTSIGNTOOLHELP_FULL);
460	default: return RTGetOptPrintError(ch, &ValueUnion);
461	}
462	}
463	if (ch != VINF_GETOPT_NOT_OPTION)
464	return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
465
466	/*
467	* Populate the certificate stores according to the signing type.
468	*/
469	#ifdef VBOX
470	unsigned cSets = 0;
471	struct STORESET { RTCRSTORE hStore; PCSUPTAENTRY paTAs; unsigned cTAs; } aSets[6];
472	#endif
473
474	switch (State.enmSignType)
475	{
476	case VERIFYEXESTATE::kSignType_Windows:
477	#ifdef VBOX
478	aSets[cSets].hStore = State.hRootStore;
479	aSets[cSets].paTAs = g_aSUPTimestampTAs;
480	aSets[cSets].cTAs = g_cSUPTimestampTAs;
481	cSets++;
482	aSets[cSets].hStore = State.hRootStore;
483	aSets[cSets].paTAs = g_aSUPSpcRootTAs;
484	aSets[cSets].cTAs = g_cSUPSpcRootTAs;
485	cSets++;
486	aSets[cSets].hStore = State.hRootStore;
487	aSets[cSets].paTAs = g_aSUPNtKernelRootTAs;
488	aSets[cSets].cTAs = g_cSUPNtKernelRootTAs;
489	cSets++;
490	aSets[cSets].hStore = State.hKernelRootStore;
491	aSets[cSets].paTAs = g_aSUPNtKernelRootTAs;
492	aSets[cSets].cTAs = g_cSUPNtKernelRootTAs;
493	cSets++;
494	#endif
495	break;
496
497	case VERIFYEXESTATE::kSignType_OSX:
498	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Mac OS X executable signing is not implemented.");
499	}
500
501	#ifdef VBOX
502	for (unsigned i = 0; i < cSets; i++)
503	for (unsigned j = 0; j < aSets[i].cTAs; j++)
504	{
505	rc = RTCrStoreCertAddEncoded(aSets[i].hStore, RTCRCERTCTX_F_ENC_TAF_DER, aSets[i].paTAs[j].pch,
506	aSets[i].paTAs[j].cb, RTErrInfoInitStatic(&StaticErrInfo));
507	if (RT_FAILURE(rc))
508	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTCrStoreCertAddEncoded failed (%u/%u): %s",
509	i, j, StaticErrInfo.szMsg);
510	}
511	#endif
512
513	/*
514	* Do it.
515	*/
516	for (;;)
517	{
518	/*
519	* Open the executable image and verify it.
520	*/
521	RTLDRMOD hLdrMod;
522	rc = RTLdrOpen(ValueUnion.psz, RTLDR_O_FOR_VALIDATION, enmLdrArch, &hLdrMod);
523	if (RT_FAILURE(rc))
524	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error opening executable image '%s': %Rrc", ValueUnion.psz, rc);
525
526
527	rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_TIMESTAMP_SECONDS, &State.uTimestamp, sizeof(State.uTimestamp));
528	if (RT_SUCCESS(rc))
529	{
530	rc = RTLdrVerifySignature(hLdrMod, VerifyExeCallback, &State, RTErrInfoInitStatic(&StaticErrInfo));
531	if (RT_SUCCESS(rc))
532	RTMsgInfo("'%s' is valid.\n", ValueUnion.psz);
533	else
534	RTMsgError("RTLdrVerifySignature failed on '%s': %Rrc - %s\n", ValueUnion.psz, rc, StaticErrInfo.szMsg);
535	}
536	else
537	RTMsgError("RTLdrQueryProp/RTLDRPROP_TIMESTAMP_SECONDS failed on '%s': %Rrc\n", ValueUnion.psz, rc);
538
539	int rc2 = RTLdrClose(hLdrMod);
540	if (RT_FAILURE(rc2))
541	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTLdrClose failed: %Rrc\n", rc2);
542	if (RT_FAILURE(rc))
543	return rc != VERR_LDRVI_NOT_SIGNED ? RTEXITCODE_FAILURE : RTEXITCODE_SKIPPED;
544
545	/*
546	* Next file
547	*/
548	ch = RTGetOpt(&GetState, &ValueUnion);
549	if (ch == 0)
550	return RTEXITCODE_SUCCESS;
551	if (ch != VINF_GETOPT_NOT_OPTION)
552	return RTGetOptPrintError(ch, &ValueUnion);
553	}
554	}
555
556	#endif /* !IPRT_IN_BUILD_TOOL */
557
558	/*
559	* The 'make-tainfo' command.
560	*/
561	static RTEXITCODE HelpMakeTaInfo(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
562	{
563	RTStrmPrintf(pStrm,
564	"make-tainfo [--verbose\|--quiet] [--cert <cert.der>] [-o\|--output] <tainfo.der>\n");
565	return RTEXITCODE_SUCCESS;
566	}
567
568
569	typedef struct MAKETAINFOSTATE
570	{
571	int cVerbose;
572	const char *pszCert;
573	const char *pszOutput;
574	} MAKETAINFOSTATE;
575
576
577	/** @callback_method_impl{FNRTASN1ENCODEWRITER} */
578	static DECLCALLBACK(int) handleMakeTaInfoWriter(const void pvBuf, size_t cbToWrite, void pvUser, PRTERRINFO pErrInfo)
579	{
580	return RTStrmWrite((PRTSTREAM)pvUser, pvBuf, cbToWrite);
581	}
582
583
584	static RTEXITCODE HandleMakeTaInfo(int cArgs, char **papszArgs)
585	{
586	/*
587	* Parse arguments.
588	*/
589	static const RTGETOPTDEF s_aOptions[] =
590	{
591	{ "--cert", 'c', RTGETOPT_REQ_STRING },
592	{ "--output", 'o', RTGETOPT_REQ_STRING },
593	{ "--verbose", 'v', RTGETOPT_REQ_NOTHING },
594	{ "--quiet", 'q', RTGETOPT_REQ_NOTHING },
595	};
596
597	RTLDRARCH enmLdrArch = RTLDRARCH_WHATEVER;
598	MAKETAINFOSTATE State = { 0, NULL, NULL };
599
600	RTGETOPTSTATE GetState;
601	int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
602	AssertRCReturn(rc, RTEXITCODE_FAILURE);
603	RTGETOPTUNION ValueUnion;
604	int ch;
605	while ((ch = RTGetOpt(&GetState, &ValueUnion)) != 0)
606	{
607	switch (ch)
608	{
609	case 'c':
610	if (State.pszCert)
611	return RTMsgErrorExit(RTEXITCODE_FAILURE, "The --cert option can only be used once.");
612	State.pszCert = ValueUnion.psz;
613	break;
614
615	case 'o':
616	case VINF_GETOPT_NOT_OPTION:
617	if (State.pszOutput)
618	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Multiple output files specified.");
619	State.pszOutput = ValueUnion.psz;
620	break;
621
622	case 'v': State.cVerbose++; break;
623	case 'q': State.cVerbose = 0; break;
624	case 'V': return HandleVersion(cArgs, papszArgs);
625	case 'h': return HelpMakeTaInfo(g_pStdOut, RTSIGNTOOLHELP_FULL);
626	default: return RTGetOptPrintError(ch, &ValueUnion);
627	}
628	}
629	if (!State.pszCert)
630	return RTMsgErrorExit(RTEXITCODE_FAILURE, "No input certificate was specified.");
631	if (!State.pszOutput)
632	return RTMsgErrorExit(RTEXITCODE_FAILURE, "No output file was specified.");
633
634	/*
635	* Read the certificate.
636	*/
637	RTERRINFOSTATIC StaticErrInfo;
638	RTCRX509CERTIFICATE Certificate;
639	rc = RTCrX509Certificate_ReadFromFile(&Certificate, State.pszCert, 0, &g_RTAsn1DefaultAllocator,
640	RTErrInfoInitStatic(&StaticErrInfo));
641	if (RT_FAILURE(rc))
642	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error reading certificate from %s: %Rrc - %s",
643	State.pszCert, rc, StaticErrInfo.szMsg);
644	/*
645	* Construct the trust anchor information.
646	*/
647	RTCRTAFTRUSTANCHORINFO TrustAnchor;
648	rc = RTCrTafTrustAnchorInfo_Init(&TrustAnchor, &g_RTAsn1DefaultAllocator);
649	if (RT_SUCCESS(rc))
650	{
651	/* Public key. */
652	Assert(RTCrX509SubjectPublicKeyInfo_IsPresent(&TrustAnchor.PubKey));
653	RTCrX509SubjectPublicKeyInfo_Delete(&TrustAnchor.PubKey);
654	rc = RTCrX509SubjectPublicKeyInfo_Clone(&TrustAnchor.PubKey, &Certificate.TbsCertificate.SubjectPublicKeyInfo,
655	&g_RTAsn1DefaultAllocator);
656	if (RT_FAILURE(rc))
657	RTMsgError("RTCrX509SubjectPublicKeyInfo_Clone failed: %Rrc", rc);
658	RTAsn1Core_ResetImplict(RTCrX509SubjectPublicKeyInfo_GetAsn1Core(&TrustAnchor.PubKey)); /* temporary hack. */
659
660	/* Key Identifier. */
661	PCRTASN1OCTETSTRING pKeyIdentifier = NULL;
662	if (Certificate.TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_SUBJECT_KEY_IDENTIFIER)
663	pKeyIdentifier = Certificate.TbsCertificate.T3.pSubjectKeyIdentifier;
664	else if ( (Certificate.TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_AUTHORITY_KEY_IDENTIFIER)
665	&& RTCrX509Certificate_IsSelfSigned(&Certificate)
666	&& RTAsn1OctetString_IsPresent(&Certificate.TbsCertificate.T3.pAuthorityKeyIdentifier->KeyIdentifier) )
667	pKeyIdentifier = &Certificate.TbsCertificate.T3.pAuthorityKeyIdentifier->KeyIdentifier;
668	else if ( (Certificate.TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_OLD_AUTHORITY_KEY_IDENTIFIER)
669	&& RTCrX509Certificate_IsSelfSigned(&Certificate)
670	&& RTAsn1OctetString_IsPresent(&Certificate.TbsCertificate.T3.pOldAuthorityKeyIdentifier->KeyIdentifier) )
671	pKeyIdentifier = &Certificate.TbsCertificate.T3.pOldAuthorityKeyIdentifier->KeyIdentifier;
672	if (pKeyIdentifier && pKeyIdentifier->Asn1Core.cb > 0)
673	{
674	Assert(RTAsn1OctetString_IsPresent(&TrustAnchor.KeyIdentifier));
675	RTAsn1OctetString_Delete(&TrustAnchor.KeyIdentifier);
676	rc = RTAsn1OctetString_Clone(&TrustAnchor.KeyIdentifier, pKeyIdentifier, &g_RTAsn1DefaultAllocator);
677	if (RT_FAILURE(rc))
678	RTMsgError("RTAsn1OctetString_Clone failed: %Rrc", rc);
679	RTAsn1Core_ResetImplict(RTAsn1OctetString_GetAsn1Core(&TrustAnchor.KeyIdentifier)); /* temporary hack. */
680	}
681	else
682	RTMsgWarning("No key identifier found or has zero length.");
683
684	/* Subject */
685	if (RT_SUCCESS(rc))
686	{
687	Assert(!RTCrTafCertPathControls_IsPresent(&TrustAnchor.CertPath));
688	rc = RTCrTafCertPathControls_Init(&TrustAnchor.CertPath, &g_RTAsn1DefaultAllocator);
689	if (RT_SUCCESS(rc))
690	{
691	Assert(RTCrX509Name_IsPresent(&TrustAnchor.CertPath.TaName));
692	RTCrX509Name_Delete(&TrustAnchor.CertPath.TaName);
693	rc = RTCrX509Name_Clone(&TrustAnchor.CertPath.TaName, &Certificate.TbsCertificate.Subject,
694	&g_RTAsn1DefaultAllocator);
695	if (RT_SUCCESS(rc))
696	{
697	RTAsn1Core_ResetImplict(RTCrX509Name_GetAsn1Core(&TrustAnchor.CertPath.TaName)); /* temporary hack. */
698	rc = RTCrX509Name_RecodeAsUtf8(&TrustAnchor.CertPath.TaName, &g_RTAsn1DefaultAllocator);
699	if (RT_FAILURE(rc))
700	RTMsgError("RTCrX509Name_RecodeAsUtf8 failed: %Rrc", rc);
701	}
702	else
703	RTMsgError("RTCrX509Name_Clone failed: %Rrc", rc);
704	}
705	else
706	RTMsgError("RTCrTafCertPathControls_Init failed: %Rrc", rc);
707	}
708
709	/* Check that what we've constructed makes some sense. */
710	if (RT_SUCCESS(rc))
711	{
712	rc = RTCrTafTrustAnchorInfo_CheckSanity(&TrustAnchor, 0, RTErrInfoInitStatic(&StaticErrInfo), "TAI");
713	if (RT_FAILURE(rc))
714	RTMsgError("RTCrTafTrustAnchorInfo_CheckSanity failed: %Rrc - %s", rc, StaticErrInfo.szMsg);
715	}
716
717	if (RT_SUCCESS(rc))
718	{
719	/*
720	* Encode it and write it to the output file.
721	*/
722	uint32_t cbEncoded;
723	rc = RTAsn1EncodePrepare(RTCrTafTrustAnchorInfo_GetAsn1Core(&TrustAnchor), RTASN1ENCODE_F_DER, &cbEncoded,
724	RTErrInfoInitStatic(&StaticErrInfo));
725	if (RT_SUCCESS(rc))
726	{
727	if (State.cVerbose >= 1)
728	RTAsn1Dump(RTCrTafTrustAnchorInfo_GetAsn1Core(&TrustAnchor), 0, 0, RTStrmDumpPrintfV, g_pStdOut);
729
730	PRTSTREAM pStrm;
731	rc = RTStrmOpen(State.pszOutput, "wb", &pStrm);
732	if (RT_SUCCESS(rc))
733	{
734	rc = RTAsn1EncodeWrite(RTCrTafTrustAnchorInfo_GetAsn1Core(&TrustAnchor), RTASN1ENCODE_F_DER,
735	handleMakeTaInfoWriter, pStrm, RTErrInfoInitStatic(&StaticErrInfo));
736	if (RT_SUCCESS(rc))
737	{
738	rc = RTStrmClose(pStrm);
739	if (RT_SUCCESS(rc))
740	RTMsgInfo("Successfully wrote TrustedAnchorInfo to '%s'.", State.pszOutput);
741	else
742	RTMsgError("RTStrmClose failed: %Rrc");
743	}
744	else
745	{
746	RTMsgError("RTAsn1EncodeWrite failed: %Rrc - %s", rc, StaticErrInfo.szMsg);
747	RTStrmClose(pStrm);
748	}
749	}
750	else
751	RTMsgError("Error opening '%s' for writing: %Rrcs", State.pszOutput, rc);
752	}
753	else
754	RTMsgError("RTAsn1EncodePrepare failed: %Rrc - %s", rc, StaticErrInfo.szMsg);
755	}
756
757	RTCrTafTrustAnchorInfo_Delete(&TrustAnchor);
758	}
759	else
760	RTMsgError("RTCrTafTrustAnchorInfo_Init failed: %Rrc", rc);
761
762	RTCrX509Certificate_Delete(&Certificate);
763	return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
764	}
765
766
767
768	/*
769	* The 'version' command.
770	*/
771	static RTEXITCODE HelpVersion(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
772	{
773	RTStrmPrintf(pStrm, "version\n");
774	return RTEXITCODE_SUCCESS;
775	}
776
777	static RTEXITCODE HandleVersion(int cArgs, char **papszArgs)
778	{
779	RTPrintf("%s\n", RTBldCfgVersion());
780	return RTEXITCODE_SUCCESS;
781	}
782
783
784
785	/**
786	* Command mapping.
787	*/
788	static struct
789	{
790	/** The command. */
791	const char *pszCmd;
792	/**
793	* Handle the command.
794	* @returns Program exit code.
795	* @param cArgs Number of arguments.
796	* @param papszArgs The argument vector, starting with the command name.
797	*/
798	RTEXITCODE (pfnHandler)(int cArgs, char *papszArgs);
799	/**
800	* Produce help.
801	* @returns RTEXITCODE_SUCCESS to simplify handling '--help' in the handler.
802	* @param pStrm Where to send help text.
803	* @param enmLevel The level of the help information.
804	*/
805	RTEXITCODE (*pfnHelp)(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel);
806	}
807	/** Mapping commands to handler and helper functions. */
808	const g_aCommands[] =
809	{
810	{ "extract-exe-signer-cert", HandleExtractExeSignerCert, HelpExtractExeSignerCert },
811	#ifndef IPRT_IN_BUILD_TOOL
812	{ "verify-exe", HandleVerifyExe, HelpVerifyExe },
813	#endif
814	{ "make-tainfo", HandleMakeTaInfo, HelpMakeTaInfo },
815	{ "help", HandleHelp, HelpHelp },
816	{ "--help", HandleHelp, NULL },
817	{ "-h", HandleHelp, NULL },
818	{ "version", HandleVersion, HelpVersion },
819	{ "--version", HandleVersion, NULL },
820	{ "-V", HandleVersion, NULL },
821	};
822
823
824	/*
825	* The 'help' command.
826	*/
827	static RTEXITCODE HelpHelp(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
828	{
829	RTStrmPrintf(pStrm, "help [cmd-patterns]\n");
830	return RTEXITCODE_SUCCESS;
831	}
832
833	static RTEXITCODE HandleHelp(int cArgs, char **papszArgs)
834	{
835	RTSIGNTOOLHELP enmLevel = cArgs <= 1 ? RTSIGNTOOLHELP_USAGE : RTSIGNTOOLHELP_FULL;
836	uint32_t cShowed = 0;
837	for (uint32_t iCmd = 0; iCmd < RT_ELEMENTS(g_aCommands); iCmd++)
838	{
839	if (g_aCommands[iCmd].pfnHelp)
840	{
841	bool fShow;
842	if (cArgs <= 1)
843	fShow = true;
844	else
845	{
846	for (int iArg = 1; iArg < cArgs; iArg++)
847	if (RTStrSimplePatternMultiMatch(papszArgs[iArg], RTSTR_MAX, g_aCommands[iCmd].pszCmd, RTSTR_MAX, NULL))
848	{
849	fShow = true;
850	break;
851	}
852	}
853	if (fShow)
854	{
855	g_aCommands[iCmd].pfnHelp(g_pStdOut, enmLevel);
856	cShowed++;
857	}
858	}
859	}
860	return cShowed ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
861	}
862
863
864
865	int main(int argc, char **argv)
866	{
867	int rc = RTR3InitExe(argc, &argv, 0);
868	if (RT_FAILURE(rc))
869	return RTMsgInitFailure(rc);
870
871	/*
872	* Parse global arguments.
873	*/
874	int iArg = 1;
875	/* none presently. */
876
877	/*
878	* Command dispatcher.
879	*/
880	if (iArg < argc)
881	{
882	const char *pszCmd = argv[iArg];
883	uint32_t i = RT_ELEMENTS(g_aCommands);
884	while (i-- > 0)
885	if (!strcmp(g_aCommands[i].pszCmd, pszCmd))
886	return g_aCommands[i].pfnHandler(argc - iArg, &argv[iArg]);
887	RTMsgError("Unknown command '%s'.", pszCmd);
888	}
889	else
890	RTMsgError("No command given. (try --help)");
891
892	return RTEXITCODE_SYNTAX;
893	}
894
895

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/Runtime/tools/RTSignTool.cpp@ 51774

Download in other formats: