search

ebourg / jsign

Java implementation of Microsoft Authenticode for signing Windows executables, installers & scripts
https://ebourg.github.io/jsign
Apache License 2.0
250 stars 107 forks source link

Invalid SHA-512 signatures on MSI/PowerShell files #66

Closed ebourg closed 4 years ago

ebourg commented 4 years ago

When signing a file with two SHA-512 signatures, both signatures appear as invalid. This issue doesn't occur with SHA-1 or SHA-256 signatures, nor with only one SHA-512 signature.

ebourg commented 4 years ago

This actually depends on the type of the file signed, it isn't a matter of nesting the signatures or not. SHA-512 signatures on MSI/PowerShell files are always invalid due to a bug in AuthenticodeDigestCalculatorProvider. When the digest is computed the first 2 bytes of the SpcIndirectData structure are skipped (i.e. the ASN.1 sequence marker is ignored), but when SHA-512 is used the digest is longer and the ASN.1 sequence holds more that 128 bytes, so it's marker takes actually 3 bytes. The digest is thus computed with an extra byte and fatally, it's wrong.

In #55 this issue was fixed for the PE files by removing the optional <<<Obsolete>>> string in the SpcIndirectData structure. This shortened the data digested below128 bytes and the 2 bytes stripping trick worked. But the real solution is to properly skip the ASN.1 sequence header, whatever it's size.