Struct lief::pe::signature::Signature

pub struct Signature<'a> { /* private fields */ }

Implementations

impl<'a> Signature<'a>

pub fn from_file(path: &str) -> Option<Self>

Create a Signature from a PKCS#7 file path

pub fn from<R: Read + Seek>(reader: &mut R) -> Option<Self>

Create a Signature from a PKCS#7 reader implementing the Read + Seek traits

pub fn version(&self) -> u32

Should be 1

pub fn digest_algorithm(&self) -> Algorithms

Algorithm used to digest the file.

It should match SignerInfo::digest_algorithm

pub fn content_info(&'a self) -> ContentInfo<'a>

ContentInfo as described in the RFC2315 https://tools.ietf.org/html/rfc2315#section-7

pub fn certificates(&'a self) -> Certificates<'a>

Return list of X509 certificates associated with this signature

pub fn signers(&'a self) -> Signers<'a>

Iterator over the signer SignerInfo defined in the PKCS #7 signature

pub fn raw_der(&'a self) -> &[u8]

The original raw signature as a slice of bytes

pub fn crt_by_serial(&self, serial: &[u8]) -> Option<X509<'_>>

Find x509 certificate according to its serial number

pub fn crt_by_subject(&self, subject: &str) -> Option<X509<'_>>

Find X509 certificate according to its subject

pub fn crt_by_subject_and_serial( &self, subject: &str, serial: &[u8] ) -> Option<X509<'_>>

Find X509 certificate according to its subject AND serial number

pub fn crt_by_issuer(&self, issuer: &str) -> Option<X509<'_>>

Find X509 certificate according to its issuer

pub fn find_crt_by_issuer_and_serial( &self, issuer: &str, serial: &[u8] ) -> Option<X509<'_>>

Find X509 certificate according to its issuer AND serial number

pub fn check(&self, checks: VerificationChecks) -> VerificationFlags

Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme

By default, it performs the following verifications:

1. It must contain only one signer info
2. Signature::digest_algorithm must match:
   • ContentInfo::digest_algorithm
   • SignerInfo::digest_algorithm
3. The x509 certificate specified by SignerInfo::serial_number and SignerInfo::issuer must exist within Signature::certificates
4. Given the x509 certificate, compare SignerInfo::encrypted_digest against either:
   • hash of authenticated attributes if present
   • hash of ContentInfo
5. If authenticated attributes are present, check that a PKCS9_MESSAGE_DIGEST attribute exists and that its value matches hash of ContentInfo
6. Check the validity of the PKCS #9 counter signature if present
7. If the signature doesn’t embed a signing-time in the counter signature, check the certificate validity. (See VerificationChecks::LIFETIME_SIGNING and VerificationChecks::SKIP_CERT_TIME)

See: VerificationChecks to tweak the behavior

Trait Implementations

impl Debug for Signature<'_>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'b, 'a: 'b> From<&'a Signature<'_>> for &'b PE_Signature

fn from(value: &'a Signature<'_>) -> &'b PE_Signature

Converts to this type from the input type.