2017-03-06 08:30:20 -08:00
|
|
|
From 34d2916d1616b418395c6f543ba9cd362a82d7ab Mon Sep 17 00:00:00 2001
|
2016-04-01 22:42:22 -07:00
|
|
|
From: Mark Jansen <learn0more+wine@gmail.com>
|
|
|
|
|
Date: Sat, 2 Apr 2016 02:57:47 +0200
|
2017-03-06 08:30:20 -08:00
|
|
|
Subject: wintrust: Verify image hash in WinVerifyTrust. (v2)
|
2016-04-01 22:42:22 -07:00
|
|
|
|
|
|
|
|
Includes various improvements by Sebastian Lackner <sebastian@fds-team.de>.
|
2017-03-06 08:30:20 -08:00
|
|
|
|
|
|
|
|
Changes in v2:
|
|
|
|
|
* Do not use memory mapping (based on a patch by Mark Jansen).
|
2016-04-01 22:42:22 -07:00
|
|
|
---
|
2017-03-06 08:30:20 -08:00
|
|
|
dlls/wintrust/softpub.c | 194 ++++++++++++++++++++++++++++++++++++++++++
|
2016-04-01 22:42:22 -07:00
|
|
|
dlls/wintrust/tests/softpub.c | 8 +-
|
2017-03-06 08:30:20 -08:00
|
|
|
2 files changed, 198 insertions(+), 4 deletions(-)
|
2016-04-01 22:42:22 -07:00
|
|
|
|
|
|
|
|
diff --git a/dlls/wintrust/softpub.c b/dlls/wintrust/softpub.c
|
2017-03-06 08:30:20 -08:00
|
|
|
index 4e8582e2183..35c0d7b5abb 100644
|
2016-04-01 22:42:22 -07:00
|
|
|
--- a/dlls/wintrust/softpub.c
|
|
|
|
|
+++ b/dlls/wintrust/softpub.c
|
|
|
|
|
@@ -1,5 +1,6 @@
|
|
|
|
|
/*
|
|
|
|
|
* Copyright 2007 Juan Lang
|
|
|
|
|
+ * Copyright 2016 Mark Jansen
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
@@ -21,6 +22,7 @@
|
|
|
|
|
|
|
|
|
|
#include "windef.h"
|
|
|
|
|
#include "winbase.h"
|
|
|
|
|
+#include "winternl.h"
|
|
|
|
|
#include "wintrust.h"
|
|
|
|
|
#include "mssip.h"
|
|
|
|
|
#include "softpub.h"
|
2017-03-06 08:30:20 -08:00
|
|
|
@@ -208,6 +210,195 @@ static DWORD SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data, HANDLE file,
|
2016-04-01 22:42:22 -07:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+/* See https://www.cs.auckland.ac.nz/~pgut001/pubs/authenticode.txt
|
|
|
|
|
+ * for details about the hashing.
|
|
|
|
|
+ */
|
2017-03-06 08:30:20 -08:00
|
|
|
+static BOOL SOFTPUB_HashPEFile(HANDLE file, HCRYPTHASH hash)
|
2016-04-01 22:42:22 -07:00
|
|
|
+{
|
2017-03-06 08:30:20 -08:00
|
|
|
+ DWORD pos, checksum, security_dir;
|
|
|
|
|
+ IMAGE_DOS_HEADER dos_header;
|
|
|
|
|
+ union
|
|
|
|
|
+ {
|
|
|
|
|
+ IMAGE_NT_HEADERS32 nt32;
|
|
|
|
|
+ IMAGE_NT_HEADERS64 nt64;
|
|
|
|
|
+ } nt_header;
|
|
|
|
|
+ IMAGE_DATA_DIRECTORY secdir;
|
|
|
|
|
+ LARGE_INTEGER file_size;
|
|
|
|
|
+ DWORD bytes_read;
|
|
|
|
|
+ BYTE buffer[1024];
|
|
|
|
|
+ BOOL ret;
|
|
|
|
|
+
|
|
|
|
|
+ if (!GetFileSizeEx(file, &file_size))
|
|
|
|
|
+ return FALSE;
|
2016-04-01 22:42:22 -07:00
|
|
|
+
|
2017-03-06 08:30:20 -08:00
|
|
|
+ SetFilePointer(file, 0, NULL, FILE_BEGIN);
|
|
|
|
|
+ ret = ReadFile(file, &dos_header, sizeof(dos_header), &bytes_read, NULL);
|
|
|
|
|
+ if (!ret || bytes_read != sizeof(dos_header))
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
|
|
|
|
+
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (dos_header.e_magic != IMAGE_DOS_SIGNATURE)
|
2016-04-01 22:42:22 -07:00
|
|
|
+ {
|
2017-03-06 08:30:20 -08:00
|
|
|
+ ERR("Unrecognized IMAGE_DOS_HEADER magic %04x\n", dos_header.e_magic);
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (dos_header.e_lfanew >= 256 * 1024 * 1024) /* see RtlImageNtHeaderEx */
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (dos_header.e_lfanew + FIELD_OFFSET(IMAGE_NT_HEADERS, OptionalHeader.MajorLinkerVersion) > file_size.QuadPart)
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+
|
|
|
|
|
+ SetFilePointer(file, dos_header.e_lfanew, NULL, FILE_BEGIN);
|
|
|
|
|
+ ret = ReadFile(file, &nt_header, sizeof(nt_header), &bytes_read, NULL);
|
|
|
|
|
+ if (!ret || bytes_read < FIELD_OFFSET(IMAGE_NT_HEADERS32, OptionalHeader.Magic) +
|
|
|
|
|
+ sizeof(nt_header.nt32.OptionalHeader.Magic))
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
|
|
|
|
+
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (nt_header.nt32.Signature != IMAGE_NT_SIGNATURE)
|
2016-04-01 22:42:22 -07:00
|
|
|
+ {
|
2017-03-06 08:30:20 -08:00
|
|
|
+ ERR("Unrecognized IMAGE_NT_HEADERS signature %08x\n", nt_header.nt32.Signature);
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (nt_header.nt32.OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
|
2016-04-01 22:42:22 -07:00
|
|
|
+ {
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (bytes_read < sizeof(nt_header.nt32))
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
|
|
|
|
+
|
2017-03-06 08:30:20 -08:00
|
|
|
+ checksum = dos_header.e_lfanew + FIELD_OFFSET(IMAGE_NT_HEADERS32, OptionalHeader.CheckSum);
|
|
|
|
|
+ security_dir = dos_header.e_lfanew + FIELD_OFFSET(IMAGE_NT_HEADERS32, OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]);
|
|
|
|
|
+ secdir = nt_header.nt32.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
|
2016-04-01 22:42:22 -07:00
|
|
|
+ }
|
2017-03-06 08:30:20 -08:00
|
|
|
+ else if (nt_header.nt32.OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)
|
2016-04-01 22:42:22 -07:00
|
|
|
+ {
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (bytes_read < sizeof(nt_header.nt64))
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
|
|
|
|
+
|
2017-03-06 08:30:20 -08:00
|
|
|
+ checksum = dos_header.e_lfanew + FIELD_OFFSET(IMAGE_NT_HEADERS64, OptionalHeader.CheckSum);
|
|
|
|
|
+ security_dir = dos_header.e_lfanew + FIELD_OFFSET(IMAGE_NT_HEADERS64, OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]);
|
|
|
|
|
+ secdir = nt_header.nt64.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
|
2016-04-01 22:42:22 -07:00
|
|
|
+ }
|
|
|
|
|
+ else
|
|
|
|
|
+ {
|
2017-03-06 08:30:20 -08:00
|
|
|
+ ERR("Unrecognized OptionalHeader magic %04x\n", nt_header.nt32.OptionalHeader.Magic);
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (secdir.VirtualAddress < security_dir + sizeof(IMAGE_DATA_DIRECTORY))
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (secdir.VirtualAddress > file_size.QuadPart)
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (secdir.VirtualAddress + secdir.Size != file_size.QuadPart)
|
2016-04-01 22:42:22 -07:00
|
|
|
+ return FALSE;
|
|
|
|
|
+
|
|
|
|
|
+ /* Hash until checksum. */
|
2017-03-06 08:30:20 -08:00
|
|
|
+ SetFilePointer(file, 0, NULL, FILE_BEGIN);
|
|
|
|
|
+ for (pos = 0; pos < checksum; pos += bytes_read)
|
|
|
|
|
+ {
|
|
|
|
|
+ ret = ReadFile(file, buffer, min(sizeof(buffer), checksum - pos), &bytes_read, NULL);
|
|
|
|
|
+ if (!ret || !bytes_read)
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!CryptHashData(hash, buffer, bytes_read, 0))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
2016-04-01 22:42:22 -07:00
|
|
|
+
|
|
|
|
|
+ /* Hash until the DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY] entry. */
|
2017-03-06 08:30:20 -08:00
|
|
|
+ checksum += sizeof(DWORD);
|
|
|
|
|
+ SetFilePointer(file, checksum, NULL, FILE_BEGIN);
|
|
|
|
|
+ for (pos = checksum; pos < security_dir; pos += bytes_read)
|
|
|
|
|
+ {
|
|
|
|
|
+ ret = ReadFile(file, buffer, min(sizeof(buffer), security_dir - pos), &bytes_read, NULL);
|
|
|
|
|
+ if (!ret || !bytes_read)
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!CryptHashData(hash, buffer, bytes_read, 0))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
2016-04-01 22:42:22 -07:00
|
|
|
+
|
|
|
|
|
+ /* Hash until the end of the file. */
|
2017-03-06 08:30:20 -08:00
|
|
|
+ security_dir += sizeof(IMAGE_DATA_DIRECTORY);
|
|
|
|
|
+ SetFilePointer(file, security_dir, NULL, FILE_BEGIN);
|
|
|
|
|
+ for (pos = security_dir; pos < secdir.VirtualAddress; pos += bytes_read)
|
|
|
|
|
+ {
|
|
|
|
|
+ ret = ReadFile(file, buffer, min(sizeof(buffer), secdir.VirtualAddress - pos), &bytes_read, NULL);
|
|
|
|
|
+ if (!ret || !bytes_read)
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!CryptHashData(hash, buffer, bytes_read, 0))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
2016-04-01 22:42:22 -07:00
|
|
|
+
|
|
|
|
|
+ return TRUE;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+static DWORD SOFTPUB_VerifyImageHash(CRYPT_PROVIDER_DATA *data, HANDLE file)
|
|
|
|
|
+{
|
|
|
|
|
+ SPC_INDIRECT_DATA_CONTENT *indirect = (SPC_INDIRECT_DATA_CONTENT *)data->u.pPDSip->psIndirectData;
|
|
|
|
|
+ DWORD err, hash_size, length;
|
2017-03-06 08:30:20 -08:00
|
|
|
+ BYTE *hash_data;
|
2016-04-01 22:42:22 -07:00
|
|
|
+ BOOL release_prov = FALSE;
|
|
|
|
|
+ HCRYPTPROV prov = data->hProv;
|
2016-04-02 08:00:21 -07:00
|
|
|
+ HCRYPTHASH hash = 0;
|
2016-04-01 22:42:22 -07:00
|
|
|
+ ALG_ID algID;
|
|
|
|
|
+
|
|
|
|
|
+ if (((ULONG_PTR)indirect->Data.pszObjId >> 16) == 0 ||
|
|
|
|
|
+ strcmp(indirect->Data.pszObjId, SPC_PE_IMAGE_DATA_OBJID))
|
|
|
|
|
+ {
|
|
|
|
|
+ FIXME("Cannot verify hash for pszObjId=%s\n", debugstr_a(indirect->Data.pszObjId));
|
|
|
|
|
+ return ERROR_SUCCESS;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (!(algID = CertOIDToAlgId(indirect->DigestAlgorithm.pszObjId)))
|
|
|
|
|
+ return TRUST_E_SYSTEM_ERROR; /* FIXME */
|
|
|
|
|
+
|
|
|
|
|
+ if (!prov)
|
|
|
|
|
+ {
|
|
|
|
|
+ if (!CryptAcquireContextW(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
|
|
|
|
|
+ return GetLastError();
|
|
|
|
|
+ release_prov = TRUE;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (!CryptCreateHash(prov, algID, 0, 0, &hash))
|
|
|
|
|
+ {
|
|
|
|
|
+ err = GetLastError();
|
|
|
|
|
+ goto done;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
2017-03-06 08:30:20 -08:00
|
|
|
+ if (!SOFTPUB_HashPEFile(file, hash))
|
2016-04-01 22:42:22 -07:00
|
|
|
+ {
|
|
|
|
|
+ err = TRUST_E_NOSIGNATURE;
|
|
|
|
|
+ goto done;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ length = sizeof(hash_size);
|
|
|
|
|
+ if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *)&hash_size, &length, 0))
|
|
|
|
|
+ {
|
|
|
|
|
+ err = GetLastError();
|
|
|
|
|
+ goto done;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (!(hash_data = data->psPfns->pfnAlloc(hash_size)))
|
|
|
|
|
+ {
|
|
|
|
|
+ err = ERROR_OUTOFMEMORY;
|
|
|
|
|
+ goto done;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (!CryptGetHashParam(hash, HP_HASHVAL, hash_data, &hash_size, 0))
|
|
|
|
|
+ {
|
|
|
|
|
+ err = GetLastError();
|
|
|
|
|
+ data->psPfns->pfnFree(hash_data);
|
|
|
|
|
+ goto done;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ err = (hash_size == indirect->Digest.cbData &&
|
|
|
|
|
+ !memcmp(hash_data, indirect->Digest.pbData, hash_size)) ? S_OK : TRUST_E_BAD_DIGEST;
|
|
|
|
|
+ data->psPfns->pfnFree(hash_data);
|
|
|
|
|
+
|
|
|
|
|
+done:
|
|
|
|
|
+ if (hash)
|
|
|
|
|
+ CryptDestroyHash(hash);
|
|
|
|
|
+ if (release_prov)
|
|
|
|
|
+ CryptReleaseContext(prov, 0);
|
|
|
|
|
+ return err;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
static DWORD SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data)
|
|
|
|
|
{
|
|
|
|
|
DWORD err = ERROR_SUCCESS;
|
2017-03-06 08:30:20 -08:00
|
|
|
@@ -371,6 +562,9 @@ static DWORD SOFTPUB_LoadFileMessage(CRYPT_PROVIDER_DATA *data)
|
2016-04-01 22:42:22 -07:00
|
|
|
if (err)
|
|
|
|
|
goto error;
|
|
|
|
|
err = SOFTPUB_DecodeInnerContent(data);
|
|
|
|
|
+ if (err)
|
|
|
|
|
+ goto error;
|
|
|
|
|
+ err = SOFTPUB_VerifyImageHash(data, data->pWintrustData->u.pFile->hFile);
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
if (err && data->fOpenedFile && data->pWintrustData->u.pFile)
|
|
|
|
|
diff --git a/dlls/wintrust/tests/softpub.c b/dlls/wintrust/tests/softpub.c
|
2017-03-06 08:30:20 -08:00
|
|
|
index aa481e407fc..1f872341357 100644
|
2016-04-01 22:42:22 -07:00
|
|
|
--- a/dlls/wintrust/tests/softpub.c
|
|
|
|
|
+++ b/dlls/wintrust/tests/softpub.c
|
2017-03-06 08:30:20 -08:00
|
|
|
@@ -1152,7 +1152,7 @@ static void test_wintrust_digest(void)
|
2016-04-01 22:42:22 -07:00
|
|
|
{
|
|
|
|
|
{{ SelfSignedFile32, sizeof(SelfSignedFile32) },
|
|
|
|
|
{ Dummy, sizeof(Dummy) }},
|
|
|
|
|
- { TRUST_E_NOSIGNATURE, TRUE }, { TRUST_E_NOSIGNATURE, TRUE }
|
|
|
|
|
+ { TRUST_E_NOSIGNATURE, FALSE }, { TRUST_E_NOSIGNATURE, FALSE }
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
{{ Dummy, sizeof(Dummy) },
|
2017-03-06 08:30:20 -08:00
|
|
|
@@ -1163,7 +1163,7 @@ static void test_wintrust_digest(void)
|
2016-04-01 22:42:22 -07:00
|
|
|
{{ SelfSignedFile32, 19 },
|
|
|
|
|
{ Dummy, sizeof(Dummy) },
|
|
|
|
|
{ SelfSignedFile32 + 19 + sizeof(Dummy), sizeof(SelfSignedFile32) - 19 - sizeof(Dummy) }},
|
|
|
|
|
- { TRUST_E_BAD_DIGEST, TRUE }, { TRUST_E_NOSIGNATURE, TRUE }
|
|
|
|
|
+ { TRUST_E_BAD_DIGEST, FALSE }, { TRUST_E_NOSIGNATURE, TRUE }
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
{{ SelfSignedFile32, sizeof(IMAGE_DOS_HEADER) }},
|
2017-03-06 08:30:20 -08:00
|
|
|
@@ -1182,7 +1182,7 @@ static void test_wintrust_digest(void)
|
2016-04-01 22:42:22 -07:00
|
|
|
{
|
|
|
|
|
{{ SelfSignedFile64, sizeof(SelfSignedFile64) },
|
|
|
|
|
{ Dummy, sizeof(Dummy) }},
|
|
|
|
|
- { TRUST_E_NOSIGNATURE, TRUE }, { TRUST_E_NOSIGNATURE, TRUE }
|
|
|
|
|
+ { TRUST_E_NOSIGNATURE, FALSE }, { TRUST_E_NOSIGNATURE, FALSE }
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
{{ Dummy, sizeof(Dummy) },
|
2017-03-06 08:30:20 -08:00
|
|
|
@@ -1193,7 +1193,7 @@ static void test_wintrust_digest(void)
|
2016-04-01 22:42:22 -07:00
|
|
|
{{ SelfSignedFile64, 19 },
|
|
|
|
|
{ Dummy, sizeof(Dummy) },
|
|
|
|
|
{ SelfSignedFile64 + 19 + sizeof(Dummy), sizeof(SelfSignedFile64) - 19 - sizeof(Dummy) }},
|
|
|
|
|
- { TRUST_E_BAD_DIGEST, TRUE }, { TRUST_E_NOSIGNATURE, TRUE }
|
|
|
|
|
+ { TRUST_E_BAD_DIGEST, FALSE }, { TRUST_E_NOSIGNATURE, TRUE }
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
{{ SelfSignedFile64, sizeof(IMAGE_DOS_HEADER) }},
|
|
|
|
|
--
|
2017-03-06 08:30:20 -08:00
|
|
|
2.11.0
|
2016-04-01 22:42:22 -07:00
|
|
|
|
