Main interface for the PKCS #7 signature scheme. More...
#include <Signature.hpp>
Inheritance diagram for LIEF::PE::Signature:
Collaboration diagram for LIEF::PE::Signature:
Public Types | |
| enum class | VERIFICATION_FLAGS { OK = 0 , INVALID_SIGNER = 1 << 0 , UNSUPPORTED_ALGORITHM = 1 << 1 , INCONSISTENT_DIGEST_ALGORITHM = 1 << 2 , CERT_NOT_FOUND = 1 << 3 , CORRUPTED_CONTENT_INFO = 1 << 4 , CORRUPTED_AUTH_DATA = 1 << 5 , MISSING_PKCS9_MESSAGE_DIGEST = 1 << 6 , BAD_DIGEST = 1 << 7 , BAD_SIGNATURE = 1 << 8 , NO_SIGNATURE = 1 << 9 , CERT_EXPIRED = 1 << 10 , CERT_FUTURE = 1 << 11 } |
| Flags returned by the verification functions. | |
| enum class | VERIFICATION_CHECKS { DEFAULT = 1 << 0 , HASH_ONLY = 1 << 1 , LIFETIME_SIGNING = 1 << 2 , SKIP_CERT_TIME = 1 << 3 } |
| Flags to tweak the verification process of the signature. More... | |
| using | it_const_crt = const_ref_iterator<const std::vector<x509>&> |
| Iterator which outputs const x509& certificates. | |
| using | it_crt = ref_iterator<std::vector<x509>&> |
| Iterator which outputs x509& certificates. | |
| using | it_const_signers_t = const_ref_iterator<const std::vector<SignerInfo>&> |
| Iterator which outputs const SignerInfo&. | |
| using | it_signers_t = ref_iterator<std::vector<SignerInfo>&> |
| Iterator which outputs SignerInfo&. | |
 Public Types inherited from LIEF::Object | |
| template<class T > | |
| using | output_t = add_pointer_t<decay_t<T>> |
| template<class T > | |
| using | output_const_t = add_pointer_t<add_const_t<decay_t<T>>> |
Public Member Functions | |
| Signature (const Signature &) | |
| Signature & | operator= (const Signature &) |
| Signature (Signature &&) | |
| Signature & | operator= (Signature &&) |
| uint32_t | version () const |
| Should be 1. | |
| ALGORITHMS | digest_algorithm () const |
| Algorithm used to digest the file. | |
| const ContentInfo & | content_info () const |
| Return the ContentInfo. | |
| it_const_crt | certificates () const |
| Return an iterator over x509 certificates. | |
| it_crt | certificates () |
| it_const_signers_t | signers () const |
| Return an iterator over the signers (SignerInfo) defined in the PKCS #7 signature. | |
| it_signers_t | signers () |
| span< const uint8_t > | raw_der () const |
| Return the raw original PKCS7 signature. | |
| const x509 * | find_crt (const std::vector< uint8_t > &serialno) const |
| Find x509 certificate according to its serial number. | |
| const x509 * | find_crt_subject (const std::string &subject) const |
| Find x509 certificate according to its subject. | |
| const x509 * | find_crt_subject (const std::string &subject, const std::vector< uint8_t > &serialno) const |
| Find x509 certificate according to its subject AND serial number. | |
| const x509 * | find_crt_issuer (const std::string &issuer) const |
| Find x509 certificate according to its issuer. | |
| const x509 * | find_crt_issuer (const std::string &issuer, const std::vector< uint8_t > &serialno) const |
| Find x509 certificate according to its issuer AND serial number. | |
| VERIFICATION_FLAGS | check (VERIFICATION_CHECKS checks=VERIFICATION_CHECKS::DEFAULT) const |
| Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme. | |
| void | accept (Visitor &visitor) const override |
| Public Member Functions inherited from LIEF::Object | |
| Object (const Object &other) | |
| Object & | operator= (const Object &other) |
| template<class T > | |
| output_t< T > | as () |
| template<class T > | |
| output_const_t< T > | as () const |
| virtual bool | operator== (const Object &other) const |
| virtual bool | operator!= (const Object &other) const |
Static Public Member Functions | |
| static std::vector< uint8_t > | hash (const std::vector< uint8_t > &input, ALGORITHMS algo) |
| Hash the input given the algorithm. | |
| static std::vector< uint8_t > | hash (const uint8_t *buffer, size_t size, ALGORITHMS algo) |
| static std::string | flag_to_string (VERIFICATION_FLAGS flag) |
| Convert a verification flag into a humman representation. e.g VERIFICATION_FLAGS.BAD_DIGEST | VERIFICATION_FLAGS.BAD_SIGNATURE | VERIFICATION_FLAGS.CERT_EXPIRED. | |
Detailed Description
Main interface for the PKCS #7 signature scheme.
Member Enumeration Documentation
◆ VERIFICATION_CHECKS
|
strong |
Flags to tweak the verification process of the signature.
See Signature::check and LIEF::PE::Binary::verify_signature
| Enumerator | |
|---|---|
| DEFAULT | Default behavior that tries to follow the Microsoft verification process as close as possible |
| HASH_ONLY | Only check that Binary::authentihash matches ContentInfo::digest regardless of the signature's validity |
| LIFETIME_SIGNING | Same semantic as WTD_LIFETIME_SIGNING_FLAG |
| SKIP_CERT_TIME | Skip the verification of the certificates time validities so that even though a certificate expired, it returns VERIFICATION_FLAGS::OK |
Member Function Documentation
◆ accept()
|
overridevirtual |
Implements LIEF::Object.
◆ check()
| VERIFICATION_FLAGS LIEF::PE::Signature::check | ( | VERIFICATION_CHECKS | checks = VERIFICATION_CHECKS::DEFAULT | ) | const |
Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme.
By default, it performs the following verifications:
- It must contain only one signer info
- Signature::digest_algorithm must match:
- The x509 certificate specified by SignerInfo::serial_number and SignerInfo::issuer must exist within Signature::certificates
- Given the x509 certificate, compare SignerInfo::encrypted_digest against either:
- hash of authenticated attributes if present
- hash of ContentInfo
- If authenticated attributes are present, check that a PKCS9_MESSAGE_DIGEST attribute exists and that its value matches hash of ContentInfo
- Check the validity of the PKCS #9 counter signature if present
- If the signature doesn't embed a signing-time in the counter signature, check the certificate validity. (See LIEF::PE::Signature::VERIFICATION_CHECKS::LIFETIME_SIGNING and LIEF::PE::Signature::VERIFICATION_CHECKS::SKIP_CERT_TIME)
See: LIEF::PE::Signature::VERIFICATION_CHECKS to tweak the behavior
◆ digest_algorithm()
|
inline |
Algorithm used to digest the file.
It should match SignerInfo::digest_algorithm
The documentation for this class was generated from the following file:
