fix: Verification of MS countersignatures now takes into account signer

info digest and verifies it against digest of content info (timestamp info) The signature of the signed attributes was verified, the digest of countersigned signature was verified but what was missing is the verification that the signed attributes are actually signing the embedded timestamp information. This would allow anyone to take a valid countersignature, replace content info of the signed data with their own timestamp info, recalculate hash against the countersigned signature and it would be verified as OK.
VirusTotal · May 5, 2024 · 051829c · 051829c
1 parent 769262a
commit 051829c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/lib/src/modules/pe/authenticode.rs b/lib/src/modules/pe/authenticode.rs
@@ -345,13 +345,26 @@ impl AuthenticodeParser {
             countersignature.digest_alg = oid_to_str(tst.hash_algorithm.oid());
             countersignature.digest = tst.hashed_message;
 
+            let cs_si_digest = match cs_si
+                .get_signed_attr(&rfc5911::ID_MESSAGE_DIGEST)
+                .map(|value| value.data.as_bytes())
+            {
+                Some(md) => md,
+                None => return Err(ParseError::MissingAuthenticodeDigest),
+            };
+
             countersignature.verified =
                 verify_message_digest(
                     &tst.hash_algorithm,
                     si.signature,
                     tst.hashed_message,
+                ) && verify_message_digest(
+                    &cs_si.digest_algorithm,
+                    sd.content_info.content.as_bytes(),
+                    cs_si_digest,
                 ) && verify_signer_info(cs_si, certificates.as_slice());
 
+
             countersignatures.push(countersignature);
         }
 

diff --git a/...es/pe/tests/testdata/130f9b2e65bfceae8d9e7cbe205471fc8ee34c3d9996f77baa3c3ab47a3b3068.out b/...es/pe/tests/testdata/130f9b2e65bfceae8d9e7cbe205471fc8ee34c3d9996f77baa3c3ab47a3b3068.out
@@ -689,7 +689,7 @@ signatures:
         not_before: 1513987200 # 2017-12-23 00:00:00 UTC
         not_after: 1868918399 # 2029-03-22 23:59:59 UTC
     countersignatures:
-      - verified: true
+      - verified: false
         sign_time: 1634237249 # 2021-10-14 18:47:29 UTC
         digest: "a6d56d546fb347a798239820467f4871bdd4c2f331548f4fdf5ab961a46c5c45"
         digest_alg: "sha256"