ASN.1 structures
SPC
Authenticode-specific ASN.1 data structures, called Software Publishing Certificate (SPC).
- class signify.asn1.spc.SpcUuid(value=None, default=None, contents=None, **kwargs)
Bases:
OctetStringSpcUuid.
Based on Windows Authenticode Portable Executable Signature Format:
SpcUuid ::= OCTETSTRING
- set(value: UUID | str) None
Sets the value of the object
- Parameters:
value – A byte string
- property native: str | None
The native Python datatype representation of this value
- Returns:
A byte string or None
- class signify.asn1.spc.SpcSerializedObject(value=None, default=None, **kwargs)
Bases:
SequenceSpcSerializedObject.
Based on Windows Authenticode Portable Executable Signature Format:
SpcSerializedObject ::= SEQUENCE { classId SpcUuid, serializedData OCTETSTRING }
- class signify.asn1.spc.SpcString(name=None, value=None, **kwargs)
Bases:
ChoiceSpcString.
Based on Windows Authenticode Portable Executable Signature Format:
SpcString ::= CHOICE { unicode [0] IMPLICIT BMPSTRING, ascii [1] IMPLICIT IA5STRING }
- class signify.asn1.spc.SpcLink(name=None, value=None, **kwargs)
Bases:
ChoiceSpcLink.
Based on Windows Authenticode Portable Executable Signature Format:
SpcLink ::= CHOICE { url [0] IMPLICIT IA5STRING, moniker [1] IMPLICIT SpcSerializedObject, file [2] EXPLICIT SpcString }
- class signify.asn1.spc.SpcImage(value=None, default=None, **kwargs)
Bases:
SequenceSpcImage.
Based on the SPC_IMAGE struct in WinTrust.h, e.g. at https://microsoft.github.io/windows-docs-rs/doc/windows/Win32/Security/WinTrust/struct.SPC_IMAGE.html
- class signify.asn1.spc.SpcPeImageFlags(value=None, default=None, contents=None, **kwargs)
Bases:
BitStringSpcPeImageFlags.
Based on Windows Authenticode Portable Executable Signature Format:
SpcPeImageFlags ::= BIT STRING { includeResources (0), includeDebugInfo (1), includeImportAddressTable (2) }
- class signify.asn1.spc.SpcPeImageData(value=None, default=None, **kwargs)
Bases:
SequenceSpcPeImageData.
Based on Windows Authenticode Portable Executable Signature Format:
SpcPeImageData ::= SEQUENCE { flags SpcPeImageFlags DEFAULT { includeResources }, file SpcLink }
Note that although this is not in the spec, it is actually explicitly tagged. And although it is not optional in the spec, it is actually optional as shown in the accompanying text. It is possible that the specs for
SpcAttributeTypeAndOptionalValue.valueandSpcPeImageData.filewere accidentally flipped.
- class signify.asn1.spc.SpcSigInfo(value=None, default=None, **kwargs)
Bases:
SequenceSpcSigInfo, mostly used in MSI files. It defines information about the SIP, which is the Subject Interface Package: A Microsoft proprietary specification for a software layer that enables applications to create, store, retrieve, and verify a subject signature.
See https://learn.microsoft.com/en-gb/archive/blogs/eduardonavarro/sips-subject-interface-package-and-authenticode and https://learn.microsoft.com/en-us/windows/win32/api/mssip/ for more information.
The ASN.1 spec, based on https://microsoft.github.io/windows-docs-rs/doc/windows/Win32/Security/WinTrust/struct.SPC_SIGINFO.html is as follows:
SpcSigInfo ::= SEQUENCE { dwSIPversion INTEGER, gSIPguid SpcUuid, dwReserved1 INTEGER, dwReserved2 INTEGER, dwReserved3 INTEGER, dwReserved4 INTEGER, dwReserved5 INTEGER }
- class signify.asn1.spc.SpcAttributeType(value=None, default=None, contents=None, **kwargs)
Bases:
ObjectIdentifierSpecific attribute type of a SPC attribute.
- class signify.asn1.spc.SpcAttributeTypeAndOptionalValue(value=None, default=None, **kwargs)
Bases:
SequenceAttribute type and optional value.
Based on Windows Authenticode Portable Executable Signature Format:
SpcAttributeTypeAndOptionalValue ::= SEQUENCE { type ObjectID, value [0] EXPLICIT ANY OPTIONAL }
Note that although the spec defines this value as explicitly tagged, that’s not actually the case. It is possible that the specs for SpcAttributeTypeAndOptionalValue.value` and
SpcPeImageData.filewere accidentally flipped.
- class signify.asn1.spc.SetOfSpcAttributeTypeAndOptionalValue(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.spc.SpcIndirectDataContent(value=None, default=None, **kwargs)
Bases:
SequenceIndirect data content.
Based on Windows Authenticode Portable Executable Signature Format:
SpcIndirectDataContent ::= SEQUENCE { data SpcAttributeTypeAndOptionalValue, messageDigest DigestInfo }
Note: although DigestInfo is explicitly defined in the docs, it is simply a copy of the RFC DigestInfo.
- class signify.asn1.spc.SetOfSpcIndirectDataContent(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.spc.SpcSpOpusInfo(value=None, default=None, **kwargs)
Bases:
SequenceSpcSpOpusInfo.
Based on Windows Authenticode Portable Executable Signature Format:
SpcSpOpusInfo ::= SEQUENCE { programName [0] EXPLICIT SpcString OPTIONAL, moreInfo [1] EXPLICIT SpcLink OPTIONAL, }
In WinTrust.h, the value pPublisherInfo is also defined. See https://microsoft.github.io/windows-docs-rs/doc/windows/Win32/Security/WinTrust/struct.SPC_SP_OPUS_INFO.html
- class signify.asn1.spc.SetOfSpcSpOpusInfo(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.spc.SpcStatementTypeIdentifier(value=None, default=None, contents=None, **kwargs)
Bases:
ObjectIdentifier
- class signify.asn1.spc.SpcStatementType(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SequenceOfSpcStatementType.
Based on MS-OSHARED:
SpcStatementType ::= SEQUENCE of OBJECT IDENTIFIER
- class signify.asn1.spc.SetOfSpcStatementType(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.spc.PlatformManifestBinaryID(value=None, default=None, contents=None, **kwargs)
Bases:
UTF8StringPlatformManifestBinaryID.
Present as OID 1.3.6.1.4.1.311.10.3.28, reversed as being a UTF8 string. The purpose of this attribute is currently unknown.
- class signify.asn1.spc.SetOfPlatformManifestBinaryID(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.spc.SpcRelaxedPeMarkerCheck(value=None, default=None, contents=None, **kwargs)
Bases:
IntegerSpcRelaxedPeMarkerCheck.
Present as OID 1.3.6.1.4.1.311.2.6.1, reversed as being an integer. The purpose of this attribute is currently unknown.
- class signify.asn1.spc.SetOfSpcRelaxedPeMarkerCheck(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.spc.SpcSpAgencyInformation(value=None, default=None, **kwargs)
Bases:
SequenceReverse-engineered extension for certificates, indicating certain information on certificate policies. Based on https://microsoft.github.io/windows-docs-rs/doc/windows/Win32/Security/WinTrust/struct.SPC_SP_AGENCY_INFO.html
See also https://sotharo-meas.medium.com/cve-2019-1388-windows-privilege-escalation-through-uac-22693fa23f5f
- class signify.asn1.spc.SpcFinancialCriteria(value=None, default=None, **kwargs)
Bases:
SequenceReverse-engineered extension for certificates
CTL
- class signify.asn1.ctl.CTLVersion(value=None, default=None, contents=None, **kwargs)
Bases:
IntegerVersion of the CTL structure.
Based on MS-CAESO:
CTLVersion ::= INTEGER {v1(0)}
- class signify.asn1.ctl.SubjectUsageObjectIdentifier(value=None, default=None, contents=None, **kwargs)
Bases:
ObjectIdentifier
- class signify.asn1.ctl.SubjectUsage(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SequenceOfSubject usage of the CTL structure.
Based on MS-CAESO:
SubjectUsage ::= EnhancedKeyUsage
- class signify.asn1.ctl.ListIdentifier(value=None, default=None, contents=None, **kwargs)
Bases:
OctetStringList identifier of the CTL structure.
Based on MS-CAESO:
ListIdentifier ::= OCTETSTRING
- class signify.asn1.ctl.SubjectIdentifier(value=None, default=None, contents=None, **kwargs)
Bases:
OctetStringSubject identifier of the CTL structure.
Based on MS-CAESO:
SubjectIdentifier ::= OCTETSTRING
- class signify.asn1.ctl.SubjectAttributeType(value=None, default=None, contents=None, **kwargs)
Bases:
ObjectIdentifier
- class signify.asn1.ctl.CTLString(value=None, default=None, contents=None, **kwargs)
Bases:
AbstractString,OctetString
- class signify.asn1.ctl.SetOfCTLString(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.ctl.FileTime(value=None, default=None, contents=None, **kwargs)
Bases:
OctetString- property native: datetime | None
The native Python datatype representation of this value
- Returns:
A byte string or None
- set(value: Any) None
Sets the value of the object
- Parameters:
value – A byte string
- class signify.asn1.ctl.SetOfFileTime(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.ctl.NameValue(value=None, default=None, **kwargs)
Bases:
SequenceBased on the CAT_NAMEVALUE struct in WinTrust.h, e.g. at https://microsoft.github.io/windows-docs-rs/doc/windows/Win32/Security/WinTrust/struct.CAT_NAMEVALUE.html:
NameValue ::= SEQUENCE { refname BMPSTRING, typeaction INTEGER, value OCTETSTRING }
- class signify.asn1.ctl.NameValues(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.ctl.MemberInfo(value=None, default=None, **kwargs)
Bases:
SequenceBased on the CAT_MEMBERINFO struct in WinTrust.h, e.g. at https://microsoft.github.io/windows-docs-rs/doc/windows/Win32/Security/WinTrust/struct.CAT_MEMBERINFO.html:
MemberInfo ::= SEQUENCE { subguid BMPSTRING, certversion INTEGER }
- class signify.asn1.ctl.SetOfMemberInfo(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.ctl.MemberInfo2(name=None, value=None, **kwargs)
Bases:
ChoiceBased on the CAT_MEMBERINFO2 struct in WinTrust.h, e.g. at https://microsoft.github.io/windows-docs-rs/doc/windows/Win32/Security/WinTrust/struct.CAT_MEMBERINFO2.html
However, this does not fully align with the ASN.1 structure observed, and since none of the examples seem to fill it in, we can simply skip for now.
- class signify.asn1.ctl.SetOfMemberInfo2(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOf
- class signify.asn1.ctl.SetOfParsableOctetString(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOfA set of ParsableOctetStrings where the values are interpreted as a DER encoded value.
- class signify.asn1.ctl.SubjectAttribute(value=None, default=None, **kwargs)
Bases:
SequenceSubject attributes of the trusted subject in the CTL structure.
Based on MS-CAESO.
- class signify.asn1.ctl.SubjectAttributes(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SetOfSubject attributes of the trusted subject in the CTL structure.
Based on MS-CAESO.
- class signify.asn1.ctl.TrustedSubject(value=None, default=None, **kwargs)
Bases:
SequenceTrusted subject in the CTL structure.
Based on MS-CAESO:
TrustedSubject ::= SEQUENCE{ subjectIdentifier SubjectIdentifier, subjectAttributes Attributes OPTIONAL }
- class signify.asn1.ctl.TrustedSubjects(value=None, default=None, contents=None, spec=None, **kwargs)
Bases:
SequenceOfTrusted subjects in the CTL structure.
Based on MS-CAESO:
TrustedSubjects ::= SEQUENCE OF TrustedSubject
- class signify.asn1.ctl.CertificateTrustList(value=None, default=None, **kwargs)
Bases:
SequenceCTL structure.
Based on MS-CAESO:
CertificateTrustList ::= SEQUENCE { version CTLVersion DEFAULT v1, subjectUsage SubjectUsage, listIdentifier ListIdentifier OPTIONAL, sequenceNumber HUGEINTEGER OPTIONAL, ctlThisUpdate ChoiceOfTime, ctlNextUpdate ChoiceOfTime OPTIONAL, subjectAlgorithm AlgorithmIdentifier, trustedSubjects TrustedSubjects OPTIONAL, ctlExtensions [0] EXPLICIT Extensions OPTIONAL }