[tbb-commits] [tor-browser-build/master] Bug 24561: Add our scripts to check the authenticode/mar signing

gk at torproject.org gk at torproject.org
Thu Dec 14 20:50:53 UTC 2017


commit c0915fc6a4b51418ace4d5a59f77bb63b57da3d2
Author: Georg Koppen <gk at torproject.org>
Date:   Wed Dec 13 10:53:26 2017 +0000

    Bug 24561: Add our scripts to check the authenticode/mar signing
---
 tools/authenticode_check.sh |  96 +++++++++++++++++++++++++++++++++++++++
 tools/marsigning_check.sh   | 107 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 203 insertions(+)

diff --git a/tools/authenticode_check.sh b/tools/authenticode_check.sh
new file mode 100755
index 0000000..c94682d
--- /dev/null
+++ b/tools/authenticode_check.sh
@@ -0,0 +1,96 @@
+#!/bin/sh
+
+# Copyright (c) 2017, The Tor Project, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#
+#     * Neither the names of the copyright owners nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Usage:
+# 1) Let OSSLSIGNCODE point to your osslsigncode binary
+# 2) Change into the directory containing the .exe files and the sha256sums-unsigned-build.txt
+# 3) Run /path/to/authenticode_check.sh
+
+if [ -z "$OSSLSIGNCODE" ]
+then
+  echo "The path to your osslsigncode binary is missing!"
+  exit 1
+fi
+
+UNSIGNED_BUNDLES=0
+BADSIGNED_BUNDLES=0
+
+mkdir tmp
+
+for f in `ls *.exe`; do
+  SHA256_TXT=`grep "$f" sha256sums-unsigned-build.txt`
+
+  # Test 1: Is the .exe file still unsigned? I.e. does its SHA-256 sum still
+  # match the one we had before we signed the .exe file? If so, notify us
+  # later and exit.
+  if [ "$SHA256_TXT" = "`sha256sum $f`" ]
+  then
+    echo "$f has still the SHA-256 sum of the unsigned bundle!"
+    UNSIGNED_BUNDLES=`expr $UNSIGNED_BUNDLES + 1`
+  fi
+
+  # Test 2: Do we get the old SHA-256 sum after stripping the authenticode
+  # signature? If not, notify us later and exit.
+  if [ "$UNSIGNED_BUNDLES" = "0" ]
+  then
+    # At least we seem to have attempted to sign the bundle. Let's see if we
+    # succeeded by stripping the signature. This behavior is reproducible.
+    # Thus, we know if we don't get the same SHA-256 sum we did not sign the
+    # bundle correctly.
+    echo "Trying to strip the authenticode signature of $f..."
+    ${OSSLSIGNCODE} remove-signature $f tmp/$f
+    cd tmp
+    if ! [ "$SHA256_TXT" = "`sha256sum $f`" ]
+    then
+      echo "$f does not have the SHA-256 sum of the unsigned bundle!"
+      BADSIGNED_BUNDLES=`expr $BADSIGNED_BUNDLES + 1`
+    fi
+    cd ..
+  fi
+done
+
+rm -rf tmp/
+
+if ! [ "$UNSIGNED_BUNDLES" = "0" ]
+then
+  echo "We got $UNSIGNED_BUNDLES unsigned bundle(s), exiting..."
+  exit 1
+fi
+
+if ! [ "$BADSIGNED_BUNDLES" = "0" ]
+then
+  echo "We got $BADSIGNED_BUNDLES badly signed bundle(s), exiting..."
+  exit 1
+fi
+
+echo "The signatures are fine."
+exit 0
diff --git a/tools/marsigning_check.sh b/tools/marsigning_check.sh
new file mode 100755
index 0000000..41b3b4d
--- /dev/null
+++ b/tools/marsigning_check.sh
@@ -0,0 +1,107 @@
+#!/bin/sh
+
+# Copyright (c) 2016, The Tor Project, Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#
+#     * Neither the names of the copyright owners nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Usage:
+# 1) Let SIGNMAR point to your signmar binary
+# 2) Let LD_LIBRARY_PATH point to the mar-tools directory
+# 3) Change into the directory containing the MAR files and the
+#    sha256sums-unsigned-build.txt/sha256sums-unsigned-build.incrementals.txt.
+# 4) Run /path/to/marsigning_check.sh
+
+if [ -z "$SIGNMAR" ]
+then
+  echo "The path to your signmar binary is missing!"
+  exit 1
+fi
+
+if [ -z "$LD_LIBRARY_PATH" ]
+then
+  echo "The library search path to your mar-tools directory is missing!"
+  exit 1
+fi
+
+UNSIGNED_MARS=0
+BADSIGNED_MARS=0
+
+mkdir tmp
+
+for f in `ls *.mar`; do
+  case $f in
+    *.incremental.mar) SHA256_TXT=`grep "$f" \
+      sha256sums-unsigned-build.incrementals.txt`;;
+    *) SHA256_TXT=`grep "$f" sha256sums-unsigned-build.txt`;;
+  esac
+
+  # Test 1: Is the .mar file still unsigned? I.e. does its SHA-256 sum still
+  # match the one we had before we signed it? If so, notify us later and exit.
+  if [ "$SHA256_TXT" = "`sha256sum $f`" ]
+  then
+    echo "$f has still the SHA-256 sum of the unsigned MAR file!"
+    UNSIGNED_MARS=`expr $UNSIGNED_MARS + 1`
+  fi
+
+  # Test 2: Do we get the old SHA-256 sum after stripping the MAR signature? If
+  # not, notify us later and exit.
+  if [ "$UNSIGNED_MARS" = "0" ]
+  then
+    # At least we seem to have attempted to sign the MAR file. Let's see if we
+    # succeeded by stripping the signature. This behavior is reproducible.
+    # Thus, we know if we don't get the same SHA-256 sum we did not sign the
+    # bundle correctly.
+    echo "Trying to strip the MAR signature of $f..."
+    ${SIGNMAR} -r $f tmp/$f
+    cd tmp
+    if ! [ "$SHA256_TXT" = "`sha256sum $f`" ]
+    then
+      echo "$f does not have the SHA-256 sum of the unsigned MAR file!"
+      BADSIGNED_MARS=`expr $BADSIGNED_MARS + 1`
+    fi
+    cd ..
+  fi
+done
+
+rm -rf tmp/
+
+if ! [ "$UNSIGNED_MARS" = "0" ]
+then
+  echo "We got $UNSIGNED_MARS unsigned MAR file(s), exiting..."
+  exit 1
+fi
+
+if ! [ "$BADSIGNED_MARS" = "0" ]
+then
+  echo "We got $BADSIGNED_MARS badly signed MAR file(s), exiting..."
+  exit 1
+fi
+
+echo "The signatures are fine."
+exit 0



More information about the tbb-commits mailing list