LIEF: Library to Instrument Executable Formats Version 0.15.1
Loading...
Searching...
No Matches
LIEF::PE::Signature Class Reference

Main interface for the PKCS #7 signature scheme. More...

#include <Signature.hpp>

Inheritance diagram for LIEF::PE::Signature:
Collaboration diagram for LIEF::PE::Signature:

Public Types

enum class  VERIFICATION_FLAGS : uint32_t {
  OK = 0 , INVALID_SIGNER = 1 << 0 , UNSUPPORTED_ALGORITHM = 1 << 1 , INCONSISTENT_DIGEST_ALGORITHM = 1 << 2 ,
  CERT_NOT_FOUND = 1 << 3 , CORRUPTED_CONTENT_INFO = 1 << 4 , CORRUPTED_AUTH_DATA = 1 << 5 , MISSING_PKCS9_MESSAGE_DIGEST = 1 << 6 ,
  BAD_DIGEST = 1 << 7 , BAD_SIGNATURE = 1 << 8 , NO_SIGNATURE = 1 << 9 , CERT_EXPIRED = 1 << 10 ,
  CERT_FUTURE = 1 << 11
}
 Flags returned by the verification functions. More...
 
enum class  VERIFICATION_CHECKS : uint32_t { DEFAULT = 1 << 0 , HASH_ONLY = 1 << 1 , LIFETIME_SIGNING = 1 << 2 , SKIP_CERT_TIME = 1 << 3 }
 Flags to tweak the verification process of the signature. More...
 
using it_const_crt = const_ref_iterator<const std::vector<x509>&>
 Iterator which outputs const x509& certificates.
 
using it_crt = ref_iterator<std::vector<x509>&>
 Iterator which outputs x509& certificates.
 
using it_const_signers_t = const_ref_iterator<const std::vector<SignerInfo>&>
 Iterator which outputs const SignerInfo&.
 
using it_signers_t = ref_iterator<std::vector<SignerInfo>&>
 Iterator which outputs SignerInfo&.
 
- Public Types inherited from LIEF::Object
template<class T >
using output_t = add_pointer_t<decay_t<T>>
 
template<class T >
using output_const_t = add_pointer_t<add_const_t<decay_t<T>>>
 

Public Member Functions

 Signature ()
 
 Signature (const Signature &)
 
Signatureoperator= (const Signature &)
 
 Signature (Signature &&)
 
Signatureoperator= (Signature &&)
 
uint32_t version () const
 Should be 1.
 
ALGORITHMS digest_algorithm () const
 Algorithm used to digest the file.
 
const ContentInfocontent_info () const
 Return the ContentInfo.
 
it_const_crt certificates () const
 Return an iterator over x509 certificates.
 
it_crt certificates ()
 
it_const_signers_t signers () const
 Return an iterator over the signers (SignerInfo) defined in the PKCS #7 signature.
 
it_signers_t signers ()
 
span< const uint8_t > raw_der () const
 Return the raw original PKCS7 signature.
 
const x509find_crt (const std::vector< uint8_t > &serialno) const
 Find x509 certificate according to its serial number.
 
const x509find_crt_subject (const std::string &subject) const
 Find x509 certificate according to its subject.
 
const x509find_crt_subject (const std::string &subject, const std::vector< uint8_t > &serialno) const
 Find x509 certificate according to its subject AND serial number.
 
const x509find_crt_issuer (const std::string &issuer) const
 Find x509 certificate according to its issuer.
 
const x509find_crt_issuer (const std::string &issuer, const std::vector< uint8_t > &serialno) const
 Find x509 certificate according to its issuer AND serial number.
 
VERIFICATION_FLAGS check (VERIFICATION_CHECKS checks=VERIFICATION_CHECKS::DEFAULT) const
 Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme.
 
void accept (Visitor &visitor) const override
 
 ~Signature () override
 
- Public Member Functions inherited from LIEF::Object
 Object ()
 
 Object (const Object &other)
 
Objectoperator= (const Object &other)
 
template<class T >
output_t< T > as ()
 
template<class T >
output_const_t< T > as () const
 
virtual bool operator== (const Object &other) const
 
virtual bool operator!= (const Object &other) const
 
virtual ~Object ()
 

Static Public Member Functions

static std::vector< uint8_t > hash (const std::vector< uint8_t > &input, ALGORITHMS algo)
 Hash the input given the algorithm.
 
static std::vector< uint8_t > hash (const uint8_t *buffer, size_t size, ALGORITHMS algo)
 
static std::string flag_to_string (VERIFICATION_FLAGS flag)
 Convert a verification flag into a humman representation. e.g VERIFICATION_FLAGS.BAD_DIGEST | VERIFICATION_FLAGS.BAD_SIGNATURE | VERIFICATION_FLAGS.CERT_EXPIRED.
 

Detailed Description

Main interface for the PKCS #7 signature scheme.

Member Typedef Documentation

◆ it_const_crt

Iterator which outputs const x509& certificates.

◆ it_const_signers_t

Iterator which outputs const SignerInfo&.

◆ it_crt

Iterator which outputs x509& certificates.

◆ it_signers_t

Iterator which outputs SignerInfo&.

Member Enumeration Documentation

◆ VERIFICATION_CHECKS

enum class LIEF::PE::Signature::VERIFICATION_CHECKS : uint32_t
strong

Flags to tweak the verification process of the signature.

See Signature::check and LIEF::PE::Binary::verify_signature

Enumerator
DEFAULT 

Default behavior that tries to follow the Microsoft verification process as close as possible

HASH_ONLY 

Only check that Binary::authentihash matches ContentInfo::digest regardless of the signature's validity

LIFETIME_SIGNING 

Same semantic as WTD_LIFETIME_SIGNING_FLAG

SKIP_CERT_TIME 

Skip the verification of the certificates time validities so that even though a certificate expired, it returns VERIFICATION_FLAGS::OK

◆ VERIFICATION_FLAGS

enum class LIEF::PE::Signature::VERIFICATION_FLAGS : uint32_t
strong

Flags returned by the verification functions.

Enumerator
OK 
INVALID_SIGNER 
UNSUPPORTED_ALGORITHM 
INCONSISTENT_DIGEST_ALGORITHM 
CERT_NOT_FOUND 
CORRUPTED_CONTENT_INFO 
CORRUPTED_AUTH_DATA 
MISSING_PKCS9_MESSAGE_DIGEST 
BAD_DIGEST 
BAD_SIGNATURE 
NO_SIGNATURE 
CERT_EXPIRED 
CERT_FUTURE 

Constructor & Destructor Documentation

◆ Signature() [1/3]

LIEF::PE::Signature::Signature ( )

◆ Signature() [2/3]

LIEF::PE::Signature::Signature ( const Signature & )

◆ Signature() [3/3]

LIEF::PE::Signature::Signature ( Signature && )

◆ ~Signature()

LIEF::PE::Signature::~Signature ( )
override

Member Function Documentation

◆ accept()

void LIEF::PE::Signature::accept ( Visitor & visitor) const
overridevirtual

Implements LIEF::Object.

◆ certificates() [1/2]

it_crt LIEF::PE::Signature::certificates ( )
inline

◆ certificates() [2/2]

it_const_crt LIEF::PE::Signature::certificates ( ) const
inline

Return an iterator over x509 certificates.

◆ check()

VERIFICATION_FLAGS LIEF::PE::Signature::check ( VERIFICATION_CHECKS checks = VERIFICATION_CHECKS::DEFAULT) const

Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme.

By default, it performs the following verifications:

  1. It must contain only one signer info
  2. Signature::digest_algorithm must match:
  3. The x509 certificate specified by SignerInfo::serial_number and SignerInfo::issuer must exist within Signature::certificates
  4. Given the x509 certificate, compare SignerInfo::encrypted_digest against either:
    • hash of authenticated attributes if present
    • hash of ContentInfo
  5. If authenticated attributes are present, check that a PKCS9_MESSAGE_DIGEST attribute exists and that its value matches hash of ContentInfo
  6. Check the validity of the PKCS #9 counter signature if present
  7. If the signature doesn't embed a signing-time in the counter signature, check the certificate validity. (See LIEF::PE::Signature::VERIFICATION_CHECKS::LIFETIME_SIGNING and LIEF::PE::Signature::VERIFICATION_CHECKS::SKIP_CERT_TIME)

See: LIEF::PE::Signature::VERIFICATION_CHECKS to tweak the behavior

◆ content_info()

const ContentInfo & LIEF::PE::Signature::content_info ( ) const
inline

Return the ContentInfo.

◆ digest_algorithm()

ALGORITHMS LIEF::PE::Signature::digest_algorithm ( ) const
inline

Algorithm used to digest the file.

It should match SignerInfo::digest_algorithm

◆ find_crt()

const x509 * LIEF::PE::Signature::find_crt ( const std::vector< uint8_t > & serialno) const

Find x509 certificate according to its serial number.

◆ find_crt_issuer() [1/2]

const x509 * LIEF::PE::Signature::find_crt_issuer ( const std::string & issuer) const

Find x509 certificate according to its issuer.

◆ find_crt_issuer() [2/2]

const x509 * LIEF::PE::Signature::find_crt_issuer ( const std::string & issuer,
const std::vector< uint8_t > & serialno ) const

Find x509 certificate according to its issuer AND serial number.

◆ find_crt_subject() [1/2]

const x509 * LIEF::PE::Signature::find_crt_subject ( const std::string & subject) const

Find x509 certificate according to its subject.

◆ find_crt_subject() [2/2]

const x509 * LIEF::PE::Signature::find_crt_subject ( const std::string & subject,
const std::vector< uint8_t > & serialno ) const

Find x509 certificate according to its subject AND serial number.

◆ flag_to_string()

static std::string LIEF::PE::Signature::flag_to_string ( VERIFICATION_FLAGS flag)
static

◆ hash() [1/2]

static std::vector< uint8_t > LIEF::PE::Signature::hash ( const std::vector< uint8_t > & input,
ALGORITHMS algo )
inlinestatic

Hash the input given the algorithm.

References LIEF::hash().

◆ hash() [2/2]

static std::vector< uint8_t > LIEF::PE::Signature::hash ( const uint8_t * buffer,
size_t size,
ALGORITHMS algo )
static

◆ operator=() [1/2]

Signature & LIEF::PE::Signature::operator= ( const Signature & )

◆ operator=() [2/2]

Signature & LIEF::PE::Signature::operator= ( Signature && )

◆ raw_der()

span< const uint8_t > LIEF::PE::Signature::raw_der ( ) const
inline

Return the raw original PKCS7 signature.

◆ signers() [1/2]

it_signers_t LIEF::PE::Signature::signers ( )
inline

◆ signers() [2/2]

it_const_signers_t LIEF::PE::Signature::signers ( ) const
inline

Return an iterator over the signers (SignerInfo) defined in the PKCS #7 signature.

◆ version()

uint32_t LIEF::PE::Signature::version ( ) const
inline

Should be 1.


The documentation for this class was generated from the following file: