Documentation
¶
Overview ¶
Package authenticode implements the Microsoft Authenticode standard.
It allows parsing, verifying and signing of PE/COFF binaries.
Index ¶
- Variables
- func CreateSpcIndirectDataContent(digest []byte, alg crypto.Hash) ([]byte, error)
- func Padding(src []byte, blockSize int) []byte
- func PaddingBytes(srcLen, blockSize int) ([]byte, int)
- func SignAuthenticode(signer crypto.Signer, cert *x509.Certificate, digest []byte, alg crypto.Hash) ([]byte, error)
- type Authenticode
- type PECOFFBinary
- func (p *PECOFFBinary) AppendSignature(sig []byte) error
- func (p *PECOFFBinary) Bytes() []byte
- func (p *PECOFFBinary) Hash(h crypto.Hash) []byte
- func (p *PECOFFBinary) Sign(key crypto.Signer, cert *x509.Certificate) ([]byte, error)
- func (p *PECOFFBinary) Signatures() ([]*signature.WINCertificate, error)
- func (p *PECOFFBinary) Verify(cert *x509.Certificate) (bool, error)
Constants ¶
This section is empty.
Variables ¶
var ( OIDSpcIndirectDataContent = encasn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 4} OIDSpcPEImageDataObjID = encasn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 15} )
var ( // No singatures where found in the binary. ErrNoSignatures = errors.New("binary has no signatures") // No valid signatures where found in the binary. ErrNoValidSignatures = errors.New("binary has no valid signatures") )
Functions ¶
func CreateSpcIndirectDataContent ¶
CreateSpcIndirectDataContent creates the SPCIndirectDataContent container as specified int he Authenticode standard.
func PaddingBytes ¶
Types ¶
type Authenticode ¶
type Authenticode struct {
Pkcs *pkcs7.PKCS7
Algid *pkix.AlgorithmIdentifier
Digest []byte
}
Authenticode represents an authenticode signature.
func ParseAuthenticode ¶
func ParseAuthenticode(b []byte) (*Authenticode, error)
ParseAuthenticode parses an Authenticode signature.
func (*Authenticode) Verify ¶
func (a *Authenticode) Verify(cert *x509.Certificate, img []byte) (bool, error)
Verify validates an authenticode signature. Note it doesn't validate x509 certificate chains.
type PECOFFBinary ¶
type PECOFFBinary struct {
// DataDirectory for the Certificate table
Datadir pe.DataDirectory
// Reader with the hashable bytes
HashContent *bytes.Buffer
// contains filtered or unexported fields
}
PECOFFBinary represents a parsed PE/COFF binary.
func Parse ¶
func Parse(r io.ReaderAt) (*PECOFFBinary, error)
Parse a PECOFF Binary. This will read the binary and collect all the bytes we are hashing.
func (*PECOFFBinary) AppendSignature ¶
func (p *PECOFFBinary) AppendSignature(sig []byte) error
Append an signature to the file.
func (*PECOFFBinary) Bytes ¶
func (p *PECOFFBinary) Bytes() []byte
Return the binary with any appended signatures
func (*PECOFFBinary) Hash ¶
func (p *PECOFFBinary) Hash(h crypto.Hash) []byte
Hash makes a hash of the HashContent bytes.
func (*PECOFFBinary) Sign ¶
func (p *PECOFFBinary) Sign(key crypto.Signer, cert *x509.Certificate) ([]byte, error)
Sign the PE/COFF binary and return the signature. .Bytes() will return the binary with the signature appended.
func (*PECOFFBinary) Signatures ¶
func (p *PECOFFBinary) Signatures() ([]*signature.WINCertificate, error)
Signatures returns a slice of *signature.WINCertificate which contains the WINCert wrapped Authenticode signatures.
func (*PECOFFBinary) Verify ¶
func (p *PECOFFBinary) Verify(cert *x509.Certificate) (bool, error)
Verify signature
Source Files