4c0b4b1d1a
The PKCS#7 certificate should contain a "Microsoft individual code signing" data blob as its signed content. This blob contains a digest of the signed content of the PE binary and the OID of the digest algorithm used (typically SHA256). Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>
29 lines
840 B
Groff
29 lines
840 B
Groff
--- Microsoft individual code signing data blob parser
|
|
---
|
|
--- Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
--- Written by David Howells (dhowells@redhat.com)
|
|
---
|
|
--- This program is free software; you can redistribute it and/or
|
|
--- modify it under the terms of the GNU General Public Licence
|
|
--- as published by the Free Software Foundation; either version
|
|
--- 2 of the Licence, or (at your option) any later version.
|
|
---
|
|
|
|
MSCode ::= SEQUENCE {
|
|
type SEQUENCE {
|
|
contentType ContentType,
|
|
parameters ANY
|
|
},
|
|
content SEQUENCE {
|
|
digestAlgorithm DigestAlgorithmIdentifier,
|
|
digest OCTET STRING ({ mscode_note_digest })
|
|
}
|
|
}
|
|
|
|
ContentType ::= OBJECT IDENTIFIER ({ mscode_note_content_type })
|
|
|
|
DigestAlgorithmIdentifier ::= SEQUENCE {
|
|
algorithm OBJECT IDENTIFIER ({ mscode_note_digest_algo }),
|
|
parameters ANY OPTIONAL
|
|
}
|