Main interface for the PKCS #7 signature scheme. More...

#include <Signature.hpp>

Inheritance diagram for LIEF::PE::Signature:

Collaboration diagram for LIEF::PE::Signature:

Public Types
enum class	VERIFICATION_FLAGS : uint32_t { OK = 0 , INVALID_SIGNER = 1 << 0 , UNSUPPORTED_ALGORITHM = 1 << 1 , INCONSISTENT_DIGEST_ALGORITHM = 1 << 2 , CERT_NOT_FOUND = 1 << 3 , CORRUPTED_CONTENT_INFO = 1 << 4 , CORRUPTED_AUTH_DATA = 1 << 5 , MISSING_PKCS9_MESSAGE_DIGEST = 1 << 6 , BAD_DIGEST = 1 << 7 , BAD_SIGNATURE = 1 << 8 , NO_SIGNATURE = 1 << 9 , CERT_EXPIRED = 1 << 10 , CERT_FUTURE = 1 << 11 }
	Flags returned by the verification functions. More...

enum class	VERIFICATION_CHECKS : uint32_t { DEFAULT = 1 << 0 , HASH_ONLY = 1 << 1 , LIFETIME_SIGNING = 1 << 2 , SKIP_CERT_TIME = 1 << 3 }
	Flags to tweak the verification process of the signature. More...

using	it_const_crt = const_ref_iterator<const std::vector<x509>&>
	Iterator which outputs const x509& certificates.

using	it_crt = ref_iterator<std::vector<x509>&>
	Iterator which outputs x509& certificates.

using	it_const_signers_t = const_ref_iterator<const std::vector<SignerInfo>&>
	Iterator which outputs const SignerInfo&.

using	it_signers_t = ref_iterator<std::vector<SignerInfo>&>
	Iterator which outputs SignerInfo&.

Public Types inherited from LIEF::Object
template<class T >
using	output_t = add_pointer_t<decay_t<T>>

template<class T >
using	output_const_t = add_pointer_t<add_const_t<decay_t<T>>>

Public Member Functions
	Signature ()

	Signature (const Signature &)

Signature &	operator= (const Signature &)

	Signature (Signature &&)

Signature &	operator= (Signature &&)

uint32_t	version () const
	Should be 1.

ALGORITHMS	digest_algorithm () const
	Algorithm used to digest the file.

const ContentInfo &	content_info () const
	Return the ContentInfo.

it_const_crt	certificates () const
	Return an iterator over x509 certificates.

it_crt	certificates ()

it_const_signers_t	signers () const
	Return an iterator over the signers (SignerInfo) defined in the PKCS #7 signature.

it_signers_t	signers ()

span< const uint8_t >	raw_der () const
	Return the raw original PKCS7 signature.

const x509 *	find_crt (const std::vector< uint8_t > &serialno) const
	Find x509 certificate according to its serial number.

const x509 *	find_crt_subject (const std::string &subject) const
	Find x509 certificate according to its subject.

const x509 *	find_crt_subject (const std::string &subject, const std::vector< uint8_t > &serialno) const
	Find x509 certificate according to its subject AND serial number.

const x509 *	find_crt_issuer (const std::string &issuer) const
	Find x509 certificate according to its issuer.

const x509 *	find_crt_issuer (const std::string &issuer, const std::vector< uint8_t > &serialno) const
	Find x509 certificate according to its issuer AND serial number.

VERIFICATION_FLAGS	check (VERIFICATION_CHECKS checks=VERIFICATION_CHECKS::DEFAULT) const
	Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme.

void	accept (Visitor &visitor) const override

	~Signature () override

Public Member Functions inherited from LIEF::Object
	Object ()

	Object (const Object &other)

Object &	operator= (const Object &other)

template<class T >
output_t< T >	as ()

template<class T >
output_const_t< T >	as () const

virtual bool	operator== (const Object &other) const

virtual bool	operator!= (const Object &other) const

virtual	~Object ()

Static Public Member Functions
static std::vector< uint8_t >	hash (const std::vector< uint8_t > &input, ALGORITHMS algo)
	Hash the input given the algorithm.

static std::vector< uint8_t >	hash (const uint8_t *buffer, size_t size, ALGORITHMS algo)

static std::string	flag_to_string (VERIFICATION_FLAGS flag)
	Convert a verification flag into a humman representation. e.g VERIFICATION_FLAGS.BAD_DIGEST \| VERIFICATION_FLAGS.BAD_SIGNATURE \| VERIFICATION_FLAGS.CERT_EXPIRED.

Detailed Description

Main interface for the PKCS #7 signature scheme.

Member Typedef Documentation

◆ it_const_crt

using LIEF::PE::Signature::it_const_crt = const_ref_iterator<const std::vector<x509>&>

Iterator which outputs const x509& certificates.

◆ it_const_signers_t

using LIEF::PE::Signature::it_const_signers_t = const_ref_iterator<const std::vector<SignerInfo>&>

Iterator which outputs const SignerInfo&.

◆ it_crt

using LIEF::PE::Signature::it_crt = ref_iterator<std::vector<x509>&>

Iterator which outputs x509& certificates.

◆ it_signers_t

using LIEF::PE::Signature::it_signers_t = ref_iterator<std::vector<SignerInfo>&>

Iterator which outputs SignerInfo&.

Member Enumeration Documentation

◆ VERIFICATION_CHECKS

enum class LIEF::PE::Signature::VERIFICATION_CHECKS : uint32_t

strong

Flags to tweak the verification process of the signature.

See Signature::check and LIEF::PE::Binary::verify_signature

Enumerator
DEFAULT	Default behavior that tries to follow the Microsoft verification process as close as possible
HASH_ONLY	Only check that Binary::authentihash matches ContentInfo::digest regardless of the signature's validity
LIFETIME_SIGNING	Same semantic as WTD_LIFETIME_SIGNING_FLAG
SKIP_CERT_TIME	Skip the verification of the certificates time validities so that even though a certificate expired, it returns VERIFICATION_FLAGS::OK

◆ VERIFICATION_FLAGS

enum class LIEF::PE::Signature::VERIFICATION_FLAGS : uint32_t

strong

Flags returned by the verification functions.

Enumerator
OK
INVALID_SIGNER
UNSUPPORTED_ALGORITHM
INCONSISTENT_DIGEST_ALGORITHM
CERT_NOT_FOUND
CORRUPTED_CONTENT_INFO
CORRUPTED_AUTH_DATA
MISSING_PKCS9_MESSAGE_DIGEST
BAD_DIGEST
BAD_SIGNATURE
NO_SIGNATURE
CERT_EXPIRED
CERT_FUTURE

Constructor & Destructor Documentation

◆ Signature() [1/3]

LIEF::PE::Signature::Signature ( )

◆ Signature() [2/3]

LIEF::PE::Signature::Signature ( const Signature & )

◆ Signature() [3/3]

LIEF::PE::Signature::Signature ( Signature && )

◆ ~Signature()

LIEF::PE::Signature::~Signature ( )

override

Member Function Documentation

◆ accept()

void LIEF::PE::Signature::accept ( Visitor & visitor ) const

overridevirtual

Implements LIEF::Object.

◆ certificates() [1/2]

it_crt LIEF::PE::Signature::certificates ( )

inline

◆ certificates() [2/2]

it_const_crt LIEF::PE::Signature::certificates ( ) const

inline

Return an iterator over x509 certificates.

◆ check()

VERIFICATION_FLAGS LIEF::PE::Signature::check ( VERIFICATION_CHECKS checks = VERIFICATION_CHECKS::DEFAULT ) const

Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme.

By default, it performs the following verifications:

It must contain only one signer info
Signature::digest_algorithm must match:
- ContentInfo::digest_algorithm
- SignerInfo::digest_algorithm
The x509 certificate specified by SignerInfo::serial_number and SignerInfo::issuer must exist within Signature::certificates
Given the x509 certificate, compare SignerInfo::encrypted_digest against either:
- hash of authenticated attributes if present
- hash of ContentInfo
If authenticated attributes are present, check that a PKCS9_MESSAGE_DIGEST attribute exists and that its value matches hash of ContentInfo
Check the validity of the PKCS #9 counter signature if present
If the signature doesn't embed a signing-time in the counter signature, check the certificate validity. (See LIEF::PE::Signature::VERIFICATION_CHECKS::LIFETIME_SIGNING and LIEF::PE::Signature::VERIFICATION_CHECKS::SKIP_CERT_TIME)

See: LIEF::PE::Signature::VERIFICATION_CHECKS to tweak the behavior

◆ content_info()

const ContentInfo & LIEF::PE::Signature::content_info ( ) const

inline

Return the ContentInfo.

◆ digest_algorithm()

ALGORITHMS LIEF::PE::Signature::digest_algorithm ( ) const

inline

Algorithm used to digest the file.

It should match SignerInfo::digest_algorithm

◆ find_crt()

const x509 * LIEF::PE::Signature::find_crt ( const std::vector< uint8_t > & serialno ) const

Find x509 certificate according to its serial number.

◆ find_crt_issuer() [1/2]

const x509 * LIEF::PE::Signature::find_crt_issuer ( const std::string & issuer ) const

Find x509 certificate according to its issuer.

◆ find_crt_issuer() [2/2]

const x509 * LIEF::PE::Signature::find_crt_issuer	(	const std::string &	issuer,
		const std::vector< uint8_t > &	serialno ) const

Find x509 certificate according to its issuer AND serial number.

◆ find_crt_subject() [1/2]

const x509 * LIEF::PE::Signature::find_crt_subject ( const std::string & subject ) const

Find x509 certificate according to its subject.

◆ find_crt_subject() [2/2]

const x509 * LIEF::PE::Signature::find_crt_subject	(	const std::string &	subject,
		const std::vector< uint8_t > &	serialno ) const

Find x509 certificate according to its subject AND serial number.

◆ flag_to_string()

static std::string LIEF::PE::Signature::flag_to_string ( VERIFICATION_FLAGS flag )

static

Convert a verification flag into a humman representation. e.g VERIFICATION_FLAGS.BAD_DIGEST | VERIFICATION_FLAGS.BAD_SIGNATURE | VERIFICATION_FLAGS.CERT_EXPIRED.

◆ hash() [1/2]

static std::vector< uint8_t > LIEF::PE::Signature::hash	(	const std::vector< uint8_t > &	input,
		ALGORITHMS	algo )

inlinestatic

Hash the input given the algorithm.

References LIEF::hash().

◆ hash() [2/2]

static std::vector< uint8_t > LIEF::PE::Signature::hash	(	const uint8_t *	buffer,
		size_t	size,
		ALGORITHMS	algo )

static

◆ operator=() [1/2]

Signature & LIEF::PE::Signature::operator= ( const Signature & )

◆ operator=() [2/2]

Signature & LIEF::PE::Signature::operator= ( Signature && )

◆ raw_der()

span< const uint8_t > LIEF::PE::Signature::raw_der ( ) const

inline

Return the raw original PKCS7 signature.

◆ signers() [1/2]

it_signers_t LIEF::PE::Signature::signers ( )

inline

◆ signers() [2/2]

it_const_signers_t LIEF::PE::Signature::signers ( ) const

inline

Return an iterator over the signers (SignerInfo) defined in the PKCS #7 signature.

◆ version()

uint32_t LIEF::PE::Signature::version ( ) const

inline

Should be 1.

The documentation for this class was generated from the following file:

Signature.hpp

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Typedef Documentation

◆ it_const_crt

◆ it_const_signers_t

◆ it_crt

◆ it_signers_t

Member Enumeration Documentation

◆ VERIFICATION_CHECKS

◆ VERIFICATION_FLAGS

Constructor & Destructor Documentation

◆ Signature() [1/3]

◆ Signature() [2/3]

◆ Signature() [3/3]

◆ ~Signature()

Member Function Documentation

◆ accept()

◆ certificates() [1/2]

◆ certificates() [2/2]

◆ check()

◆ content_info()

◆ digest_algorithm()

◆ find_crt()

◆ find_crt_issuer() [1/2]

◆ find_crt_issuer() [2/2]

◆ find_crt_subject() [1/2]

◆ find_crt_subject() [2/2]

◆ flag_to_string()

◆ hash() [1/2]

◆ hash() [2/2]

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ raw_der()

◆ signers() [1/2]

◆ signers() [2/2]

◆ version()