LIEF: Library to Instrument Executable Formats Version 1.0.0
Loading...
Searching...
No Matches
Signature.hpp
Go to the documentation of this file.
1/* Copyright 2017 - 2026 R. Thomas
2 * Copyright 2017 - 2026 Quarkslab
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#ifndef LIEF_PE_SIGNATURE_H
17#define LIEF_PE_SIGNATURE_H
18
19#include "LIEF/Object.hpp"
21#include "LIEF/visibility.h"
22#include "LIEF/span.hpp"
23
27
28#include "LIEF/PE/enums.hpp"
29
30#include "LIEF/iterators.hpp"
31#include "LIEF/enums.hpp"
32
33namespace LIEF {
34namespace PE {
35
36class SignatureParser;
37class Binary;
38
40class LIEF_API Signature : public Object {
41
42 friend class SignatureParser;
43 friend class Parser;
44 friend class Binary;
45
46 public:
48 static std::vector<uint8_t> hash(const std::vector<uint8_t>& input,
49 ALGORITHMS algo) {
50 return hash(input.data(), input.size(), algo);
51 }
52
53 static std::vector<uint8_t> hash(const uint8_t* buffer, size_t size,
54 ALGORITHMS algo);
55
56 public:
59
62
65
68
70 enum class VERIFICATION_FLAGS : uint32_t {
71 OK = 0,
72 INVALID_SIGNER = 1 << 0,
73 UNSUPPORTED_ALGORITHM = 1 << 1,
74 INCONSISTENT_DIGEST_ALGORITHM = 1 << 2,
75 CERT_NOT_FOUND = 1 << 3,
76 CORRUPTED_CONTENT_INFO = 1 << 4,
77 CORRUPTED_AUTH_DATA = 1 << 5,
78 MISSING_PKCS9_MESSAGE_DIGEST = 1 << 6,
79 BAD_DIGEST = 1 << 7,
80 BAD_SIGNATURE = 1 << 8,
81 NO_SIGNATURE = 1 << 9,
82 CERT_EXPIRED = 1 << 10,
83 CERT_FUTURE = 1 << 11,
84 };
85
89 static std::string flag_to_string(VERIFICATION_FLAGS flag);
90
94 enum class VERIFICATION_CHECKS : uint32_t {
97 DEFAULT = 1 << 0,
98
101 HASH_ONLY = 1 << 1,
102
105 LIFETIME_SIGNING = 1 << 2,
106
109 SKIP_CERT_TIME = 1 << 3,
110 };
111
115
118
120 uint32_t version() const {
121 return version_;
122 }
123
128 return digest_algorithm_;
129 }
130
133 return content_info_;
134 }
135
138 return certificates_;
139 }
140
142 return certificates_;
143 }
144
148 return signers_;
149 }
150
152 return signers_;
153 }
154
157 return original_raw_signature_;
158 }
159
161 const x509* find_crt(const std::vector<uint8_t>& serialno) const;
162
164 const x509* find_crt_subject(const std::string& subject) const;
165
167 const x509* find_crt_subject(const std::string& subject,
168 const std::vector<uint8_t>& serialno) const;
169
171 const x509* find_crt_issuer(const std::string& issuer) const;
172
174 const x509* find_crt_issuer(const std::string& issuer,
175 const std::vector<uint8_t>& serialno) const;
176
205
206 void accept(Visitor& visitor) const override;
207
208 ~Signature() override;
209
210 LIEF_API friend std::ostream& operator<<(std::ostream& os,
211 const Signature& signature);
212
213 private:
214 uint32_t version_ = 0;
215 ALGORITHMS digest_algorithm_ = ALGORITHMS::UNKNOWN;
216 ContentInfo content_info_;
217 std::vector<x509> certificates_;
218 std::vector<SignerInfo> signers_;
219
220 uint64_t content_info_start_ = 0;
221 uint64_t content_info_end_ = 0;
222
223 std::vector<uint8_t> original_raw_signature_;
224};
225
226
227}
228}
229
232
233
234#endif
Class which represents a PE binary This is the main interface to manage and modify a PE executable.
Definition PE/Binary.hpp:57
Definition ContentInfo.hpp:81
Definition SignatureParser.hpp:37
Signature(Signature &&)
const x509 * find_crt_issuer(const std::string &issuer, const std::vector< uint8_t > &serialno) const
Find x509 certificate according to its issuer AND serial number.
it_signers_t signers()
Definition Signature.hpp:151
const x509 * find_crt(const std::vector< uint8_t > &serialno) const
Find x509 certificate according to its serial number.
static std::vector< uint8_t > hash(const uint8_t *buffer, size_t size, ALGORITHMS algo)
Signature & operator=(Signature &&)
VERIFICATION_FLAGS check(VERIFICATION_CHECKS checks=VERIFICATION_CHECKS::DEFAULT) const
Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme.
const_ref_iterator< const std::vector< SignerInfo > & > it_const_signers_t
Iterator which outputs const SignerInfo&.
Definition Signature.hpp:64
span< const uint8_t > raw_der() const
Return the raw original PKCS7 signature.
Definition Signature.hpp:156
static std::string flag_to_string(VERIFICATION_FLAGS flag)
Convert a verification flag into a human-readable representation. e.g VERIFICATION_FLAGS....
const_ref_iterator< const std::vector< x509 > & > it_const_crt
Iterator which outputs const x509& certificates.
Definition Signature.hpp:58
ref_iterator< std::vector< x509 > & > it_crt
Iterator which outputs x509& certificates.
Definition Signature.hpp:61
const ContentInfo & content_info() const
Return the ContentInfo.
Definition Signature.hpp:132
Signature(const Signature &)
~Signature() override
friend class SignatureParser
Definition Signature.hpp:42
friend class Binary
Definition Signature.hpp:44
it_crt certificates()
Definition Signature.hpp:141
Signature & operator=(const Signature &)
ref_iterator< std::vector< SignerInfo > & > it_signers_t
Iterator which outputs SignerInfo&.
Definition Signature.hpp:67
const x509 * find_crt_issuer(const std::string &issuer) const
Find x509 certificate according to its issuer.
static std::vector< uint8_t > hash(const std::vector< uint8_t > &input, ALGORITHMS algo)
Hash the input given the algorithm.
Definition Signature.hpp:48
friend class Parser
Definition Signature.hpp:43
const x509 * find_crt_subject(const std::string &subject) const
Find x509 certificate according to its subject.
VERIFICATION_CHECKS
Flags to tweak the verification process of the signature.
Definition Signature.hpp:94
@ DEFAULT
Default behavior that tries to follow the Microsoft verification process as close as possible.
Definition Signature.hpp:97
void accept(Visitor &visitor) const override
it_const_signers_t signers() const
Return an iterator over the signers (SignerInfo) defined in the PKCS #7 signature.
Definition Signature.hpp:147
it_const_crt certificates() const
Return an iterator over x509 certificates.
Definition Signature.hpp:137
const x509 * find_crt_subject(const std::string &subject, const std::vector< uint8_t > &serialno) const
Find x509 certificate according to its subject AND serial number.
uint32_t version() const
Should be 1.
Definition Signature.hpp:120
friend std::ostream & operator<<(std::ostream &os, const Signature &signature)
ALGORITHMS digest_algorithm() const
Algorithm used to digest the file.
Definition Signature.hpp:127
VERIFICATION_FLAGS
Flags returned by the verification functions.
Definition Signature.hpp:70
Interface over a x509 certificate.
Definition x509.hpp:43
Definition Visitor.hpp:212
Iterator which returns reference on container's values.
Definition iterators.hpp:47
#define LIEF_LIFETIMEBOUND
Definition compiler_attributes.hpp:72
#define ENABLE_BITMASK_OPERATORS(X)
Definition enums.hpp:24
Namespace related to the LIEF's PE module.
Definition Abstract/Header.hpp:32
ALGORITHMS
Cryptography algorithms.
Definition PE/enums.hpp:28
@ UNKNOWN
Definition PE/enums.hpp:29
@ DEFAULT
Definition PE/utils.hpp:34
LIEF namespace.
Definition Abstract/Binary.hpp:41
tcb::span< ElementType, Extent > span
Definition span.hpp:22
ref_iterator< CT, U, typename decay_t< CT >::const_iterator > const_ref_iterator
Iterator which returns a const ref on container's values.
Definition iterators.hpp:320
#define LIEF_API
Definition visibility.h:45