Initial commit

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:18:34 +08:00 · 2012-04-23 17:18:34 +08:00 · 3b802fe3da
commit 3b802fe3da
56 changed files with 11469 additions and 0 deletions
--- a/idc.c
+++ b/idc.c
@ -0,0 +1,192 @@
+
+
+#include <stdint.h>
+#include <openssl/asn1t.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+
+#include <ccan/talloc/talloc.h>
+
+#include "idc.h"
+
+typedef struct idc_type_value {
+	ASN1_OBJECT		*type;
+	ASN1_TYPE		*value;
+} IDC_TYPE_VALUE;
+
+ASN1_SEQUENCE(IDC_TYPE_VALUE) = {
+	ASN1_SIMPLE(IDC_TYPE_VALUE, type, ASN1_OBJECT),
+	ASN1_OPT(IDC_TYPE_VALUE, value, ASN1_ANY),
+} ASN1_SEQUENCE_END(IDC_TYPE_VALUE);
+
+IMPLEMENT_ASN1_FUNCTIONS(IDC_TYPE_VALUE);
+
+typedef struct idc_string {
+	int type;
+	union {
+		ASN1_BMPSTRING	*unicode;
+		ASN1_IA5STRING	*ascii;
+	} value;
+} IDC_STRING;
+
+ASN1_CHOICE(IDC_STRING) = {
+	ASN1_IMP(IDC_STRING, value.unicode, ASN1_BMPSTRING, 0),
+	ASN1_IMP(IDC_STRING, value.ascii, ASN1_IA5STRING, 1),
+} ASN1_CHOICE_END(IDC_STRING);
+
+IMPLEMENT_ASN1_FUNCTIONS(IDC_STRING);
+
+typedef struct idc_link {
+	int type;
+	union {
+		ASN1_NULL	*url;
+		ASN1_NULL	*moniker;
+		IDC_STRING	*file;
+	} value;
+} IDC_LINK;
+
+ASN1_CHOICE(IDC_LINK) = {
+	ASN1_IMP(IDC_LINK, value.url, ASN1_NULL, 0),
+	ASN1_IMP(IDC_LINK, value.moniker, ASN1_NULL, 1),
+	ASN1_EXP(IDC_LINK, value.file, IDC_STRING, 2),
+} ASN1_CHOICE_END(IDC_LINK);
+
+IMPLEMENT_ASN1_FUNCTIONS(IDC_LINK);
+
+typedef struct idc_pe_image_data {
+        ASN1_BIT_STRING		*flags;
+        IDC_LINK		*file;
+} IDC_PEID;
+
+ASN1_SEQUENCE(IDC_PEID) = {
+        ASN1_SIMPLE(IDC_PEID, flags, ASN1_BIT_STRING),
+        ASN1_EXP(IDC_PEID, file, IDC_LINK, 0),
+} ASN1_SEQUENCE_END(IDC_PEID);
+
+IMPLEMENT_ASN1_FUNCTIONS(IDC_PEID);
+
+typedef struct idc_digest {
+        X509_ALGOR              *alg;
+        ASN1_OCTET_STRING       *digest;
+} IDC_DIGEST;
+
+ASN1_SEQUENCE(IDC_DIGEST) = {
+        ASN1_SIMPLE(IDC_DIGEST, alg, X509_ALGOR),
+        ASN1_SIMPLE(IDC_DIGEST, digest, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(IDC_DIGEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(IDC_DIGEST)
+
+typedef struct idc {
+        IDC_TYPE_VALUE  *data;
+        IDC_DIGEST      *digest;
+} IDC;
+
+ASN1_SEQUENCE(IDC) = {
+        ASN1_SIMPLE(IDC, data, IDC_TYPE_VALUE),
+        ASN1_SIMPLE(IDC, digest, IDC_DIGEST),
+} ASN1_SEQUENCE_END(IDC)
+
+IMPLEMENT_ASN1_FUNCTIONS(IDC)
+
+static int type_set_sequence(void *ctx, ASN1_TYPE *type,
+		void *s, const ASN1_ITEM *it)
+{
+	uint8_t *seq_data, *tmp;
+	ASN1_OCTET_STRING *os;
+	ASN1_STRING *seq = s;
+	int len;
+
+	os = ASN1_STRING_new();
+
+	len = ASN1_item_i2d((ASN1_VALUE *)seq, NULL, it);
+	tmp = seq_data = talloc_array(ctx, uint8_t, len);
+	ASN1_item_i2d((ASN1_VALUE *)seq, &tmp, it);
+
+	ASN1_STRING_set(os, seq_data, len);
+	ASN1_TYPE_set(type, V_ASN1_SEQUENCE, os);
+	return 0;
+}
+
+const char obsolete[] = {
+	0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, 0x00, 0x62,
+	0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74,
+	0x00, 0x65, 0x00, 0x3e, 0x00, 0x3e, 0x00, 0x3e
+};
+
+int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
+{
+	uint8_t *buf, *tmp, sha[SHA256_DIGEST_LENGTH];
+	int idc_nid, peid_nid, len, rc;
+	IDC_PEID *peid;
+	ASN1_STRING *s;
+	ASN1_TYPE *t;
+	BIO *sigbio;
+	IDC *idc;
+
+	idc_nid = OBJ_create("1.3.6.1.4.1.311.2.1.4",
+			"spcIndirectDataContext",
+			"Indirect Data Context");
+	peid_nid = OBJ_create("1.3.6.1.4.1.311.2.1.15",
+			"spcPEImageData",
+			"PE Image Data");
+
+	image_hash_sha256(image, sha);
+
+	idc = IDC_new();
+	peid = IDC_PEID_new();
+
+	peid->file = IDC_LINK_new();
+	peid->file->type = 2;
+	peid->file->value.file = IDC_STRING_new();
+	peid->file->value.file->type = 0;
+	peid->file->value.file->value.unicode = ASN1_STRING_new();
+	ASN1_STRING_set(peid->file->value.file->value.unicode,
+			obsolete, sizeof(obsolete));
+
+	idc->data->type = OBJ_nid2obj(peid_nid);
+	idc->data->value = ASN1_TYPE_new();
+	type_set_sequence(NULL, idc->data->value, peid, &IDC_PEID_it);
+
+        idc->digest->alg->parameter = ASN1_TYPE_new();
+        idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
+        idc->digest->alg->parameter->type = V_ASN1_NULL;
+        ASN1_OCTET_STRING_set(idc->digest->digest, sha, sizeof(sha));
+
+	len = i2d_IDC(idc, NULL);
+	tmp = buf = talloc_array(NULL, uint8_t, len);
+	i2d_IDC(idc, &tmp);
+
+	/* Add the contentType authenticated attribute */
+	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+						OBJ_nid2obj(idc_nid));
+
+	/* Because the PKCS7 lib has a hard time dealing with non-standard
+	 * data types, we create a temporary BIO to hold the signed data, so
+	 * that the top-level PKCS7 object calculates the correct hash...
+	 */
+	sigbio = PKCS7_dataInit(p7, NULL);
+	BIO_write(sigbio, buf+2, len-2);
+
+	/* ... then we finalise the p7 content, which does the actual
+	 * signing ... */
+	rc = PKCS7_dataFinal(p7, sigbio);
+	if (!rc) {
+		fprintf(stderr, "dataFinal failed\n");
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+
+	/* ... and we replace the content with the actual IDC ASN type. */
+	t = ASN1_TYPE_new();
+	s = ASN1_STRING_new();
+	ASN1_STRING_set(s, buf, len);
+	ASN1_TYPE_set(t, V_ASN1_SEQUENCE, s);
+	PKCS7_set0_type_other(p7->d.sign->contents, idc_nid, t);
+
+	return 0;
+}
+
+