chrome/app/signature_validator_win.cc - platform/external/chromium_org - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/app/signature_validator_win.h"

 #include <atlstr.h>
 #include <softpub.h>
 #include <wincrypt.h>
 #include <windows.h>
 #include <wintrust.h>

 #include <algorithm>

 #include "base/files/file_path.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "base/win/scoped_handle.h"
 #include "crypto/sha2.h"

 namespace {

 bool ExtractPublicKeyHash(const CERT_CONTEXT* cert_context,
                           std::string* public_key_hash) {
   public_key_hash->clear();

   CRYPT_BIT_BLOB crypt_blob =
       cert_context->pCertInfo->SubjectPublicKeyInfo.PublicKey;

   // Key blobs that are not an integral number of bytes are unsupported.
   if (crypt_blob.cUnusedBits != 0)
     return false;

   uint8 hash[crypto::kSHA256Length] = {};

   base::StringPiece key_bytes(reinterpret_cast<char*>(
       crypt_blob.pbData), crypt_blob.cbData);
   crypto::SHA256HashString(key_bytes, hash, crypto::kSHA256Length);

   *public_key_hash = StringToLowerASCII(base::HexEncode(hash, arraysize(hash)));
   return true;
 }

 // The traits class for HCERTSTORE handles that can be closed via
 // CertCloseStore() API.
 class CertStoreHandleTraits {
  public:
   typedef HCERTSTORE Handle;

   // Closes the handle.
   static bool CloseHandle(HCERTSTORE handle) {
     return CertCloseStore(handle, 0) != FALSE;
   }

   // Returns true if the handle value is valid.
   static bool IsHandleValid(HCERTSTORE handle) {
     return handle != NULL;
   }

   // Returns NULL handle value.
   static HANDLE NullHandle() {
     return NULL;
   }

  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(CertStoreHandleTraits);
 };

 typedef base::win::GenericScopedHandle<CertStoreHandleTraits,
     base::win::DummyVerifierTraits> ScopedCertStoreHandle;

 // Class: CertInfo
 //
 // CertInfo holds all sensible details of a certificate. During verification of
 // a signature, one CertInfo object is made for each certificate encountered in
 // the signature.
 class CertInfo {
  public:
   explicit CertInfo(const CERT_CONTEXT* given_cert_context)
       : cert_context_(NULL) {
     if (given_cert_context) {
       // CertDuplicateCertificateContext just increases reference count of a
       // given CERT_CONTEXT.
       cert_context_ = CertDuplicateCertificateContext(given_cert_context);
       not_valid_before_ = cert_context_->pCertInfo->NotBefore;
       not_valid_after_ = cert_context_->pCertInfo->NotAfter;

       ExtractPublicKeyHash(cert_context_, &public_key_hash_);
     }
   }

   ~CertInfo() {  // Decrement reference count, if needed.
     if (cert_context_) {
       CertFreeCertificateContext(cert_context_);
       cert_context_ = NULL;
     }
   }

   // IsValidNow() functions returns true if this certificate is valid at this
   // moment, based on the validity period specified in the certificate.
   bool IsValidNow() const {
     // we cannot directly get current time in FILETIME format.
     // so first get it in SYSTEMTIME format and convert it into FILETIME.
     base::Time now = base::Time::NowFromSystemTime();
     FILETIME filetime_now = now.ToFileTime();
     // CompareFileTime() is a windows function
     return ((CompareFileTime(&filetime_now, &not_valid_before_) > 0) &&
             (CompareFileTime(&filetime_now, &not_valid_after_) < 0));
   }

   std::string public_key_hash() const {
     return public_key_hash_;
   }

  private:
   // cert_context structure, defined by Crypto API, contains all the info
   // about the certificate.
   const CERT_CONTEXT* cert_context_;

   // Lower-case hex SHA-256 hash of the certificate subject's public key.
   std::string public_key_hash_;

   // Validity period start-date
   FILETIME not_valid_before_;

   // Validity period end-date
   FILETIME not_valid_after_;
 };

 }  // namespace

 bool VerifyAuthenticodeSignature(const base::FilePath& signed_file) {
   // Don't pop up any windows
   const HWND window_mode = reinterpret_cast<HWND>(INVALID_HANDLE_VALUE);

   // Verify file & certificates using the Microsoft Authenticode Policy
   // Provider.
   GUID verification_type = WINTRUST_ACTION_GENERIC_VERIFY_V2;

   // Info for the file we're going to verify.
   WINTRUST_FILE_INFO file_info = {};
   file_info.cbStruct = sizeof(file_info);
   file_info.pcwszFilePath = signed_file.value().c_str();

   // Info for request to WinVerifyTrust.
   WINTRUST_DATA trust_data = {};
   trust_data.cbStruct = sizeof(trust_data);
   trust_data.dwUIChoice = WTD_UI_NONE;               // no graphics
   trust_data.fdwRevocationChecks = WTD_REVOKE_NONE;  // no revocation checking
   trust_data.dwUnionChoice = WTD_CHOICE_FILE;        // check a file
   trust_data.pFile = &file_info;                     // check this file
   trust_data.dwProvFlags = WTD_REVOCATION_CHECK_NONE;

   // From the WinVerifyTrust documentation:
   //   http://msdn2.microsoft.com/en-us/library/aa388208.aspx:
   //   "If the trust provider verifies that the subject is trusted
   //   for the specified action, the return value is zero. No other
   //   value besides zero should be considered a successful return."
   LONG result = WinVerifyTrust(window_mode, &verification_type, &trust_data);
   return !result;
 }

 bool VerifySignerIsGoogle(const base::FilePath& signed_file,
                           const std::string& subject_name,
                           const std::vector<std::string>& expected_hashes) {
   if (signed_file.empty())
     return false;

   // If successful, cert_store will be populated by a store containing all the
   // certificates related to the file signature.
   HCERTSTORE cert_store = NULL;

   BOOL succeeded = CryptQueryObject(
       CERT_QUERY_OBJECT_FILE,
       signed_file.value().c_str(),
       CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
       CERT_QUERY_FORMAT_FLAG_ALL,
       0,               // Reserved: must be 0.
       NULL,
       NULL,
       NULL,
       &cert_store,
       NULL,            // Do not return the message.
       NULL);           // Do not return additional context.

   ScopedCertStoreHandle scoped_cert_store(cert_store);

   if (!succeeded || !scoped_cert_store.IsValid())
     return false;

   PCCERT_CONTEXT cert_context_ptr = NULL;
   cert_context_ptr = CertFindCertificateInStore(
       cert_store,
       X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
       0,
       CERT_FIND_SUBJECT_STR,
       base::UTF8ToWide(subject_name).c_str(),
       cert_context_ptr);

   // No cert found with this subject, so stop here.
   if (!cert_context_ptr)
     return false;

   CertInfo cert_info(cert_context_ptr);

   CertFreeCertificateContext(cert_context_ptr);
   cert_context_ptr = NULL;

   // Check the hashes to make sure subject isn't being faked, and the time
   // to make sure the cert is current.
   std::vector<std::string>::const_iterator it = std::find(
       expected_hashes.begin(),
       expected_hashes.end(),
       cert_info.public_key_hash());
   if (it == expected_hashes.end() || !cert_info.IsValidNow())
     return false;

   return true;
 }
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/app/signature_validator_win.h"

	#include <atlstr.h>
	#include <softpub.h>
	#include <wincrypt.h>
	#include <windows.h>
	#include <wintrust.h>

	#include <algorithm>

	#include "base/files/file_path.h"
	#include "base/strings/string_number_conversions.h"
	#include "base/strings/string_util.h"
	#include "base/strings/utf_string_conversions.h"
	#include "base/time/time.h"
	#include "base/win/scoped_handle.h"
	#include "crypto/sha2.h"

	namespace {

	bool ExtractPublicKeyHash(const CERT_CONTEXT* cert_context,
	std::string* public_key_hash) {
	public_key_hash->clear();

	CRYPT_BIT_BLOB crypt_blob =
	cert_context->pCertInfo->SubjectPublicKeyInfo.PublicKey;

	// Key blobs that are not an integral number of bytes are unsupported.
	if (crypt_blob.cUnusedBits != 0)
	return false;

	uint8 hash[crypto::kSHA256Length] = {};

	base::StringPiece key_bytes(reinterpret_cast<char*>(
	crypt_blob.pbData), crypt_blob.cbData);
	crypto::SHA256HashString(key_bytes, hash, crypto::kSHA256Length);

	*public_key_hash = StringToLowerASCII(base::HexEncode(hash, arraysize(hash)));
	return true;
	}

	// The traits class for HCERTSTORE handles that can be closed via
	// CertCloseStore() API.
	class CertStoreHandleTraits {
	public:
	typedef HCERTSTORE Handle;

	// Closes the handle.
	static bool CloseHandle(HCERTSTORE handle) {
	return CertCloseStore(handle, 0) != FALSE;
	}

	// Returns true if the handle value is valid.
	static bool IsHandleValid(HCERTSTORE handle) {
	return handle != NULL;
	}

	// Returns NULL handle value.
	static HANDLE NullHandle() {
	return NULL;
	}

	private:
	DISALLOW_IMPLICIT_CONSTRUCTORS(CertStoreHandleTraits);
	};

	typedef base::win::GenericScopedHandle<CertStoreHandleTraits,
	base::win::DummyVerifierTraits> ScopedCertStoreHandle;

	// Class: CertInfo
	//
	// CertInfo holds all sensible details of a certificate. During verification of
	// a signature, one CertInfo object is made for each certificate encountered in
	// the signature.
	class CertInfo {
	public:
	explicit CertInfo(const CERT_CONTEXT* given_cert_context)
	: cert_context_(NULL) {
	if (given_cert_context) {
	// CertDuplicateCertificateContext just increases reference count of a
	// given CERT_CONTEXT.
	cert_context_ = CertDuplicateCertificateContext(given_cert_context);
	not_valid_before_ = cert_context_->pCertInfo->NotBefore;
	not_valid_after_ = cert_context_->pCertInfo->NotAfter;

	ExtractPublicKeyHash(cert_context_, &public_key_hash_);
	}
	}

	~CertInfo() { // Decrement reference count, if needed.
	if (cert_context_) {
	CertFreeCertificateContext(cert_context_);
	cert_context_ = NULL;
	}
	}

	// IsValidNow() functions returns true if this certificate is valid at this
	// moment, based on the validity period specified in the certificate.
	bool IsValidNow() const {
	// we cannot directly get current time in FILETIME format.
	// so first get it in SYSTEMTIME format and convert it into FILETIME.
	base::Time now = base::Time::NowFromSystemTime();
	FILETIME filetime_now = now.ToFileTime();
	// CompareFileTime() is a windows function
	return ((CompareFileTime(&filetime_now, &not_valid_before_) > 0) &&
	(CompareFileTime(&filetime_now, &not_valid_after_) < 0));
	}

	std::string public_key_hash() const {
	return public_key_hash_;
	}

	private:
	// cert_context structure, defined by Crypto API, contains all the info
	// about the certificate.
	const CERT_CONTEXT* cert_context_;

	// Lower-case hex SHA-256 hash of the certificate subject's public key.
	std::string public_key_hash_;

	// Validity period start-date
	FILETIME not_valid_before_;

	// Validity period end-date
	FILETIME not_valid_after_;
	};

	} // namespace

	bool VerifyAuthenticodeSignature(const base::FilePath& signed_file) {
	// Don't pop up any windows
	const HWND window_mode = reinterpret_cast<HWND>(INVALID_HANDLE_VALUE);

	// Verify file & certificates using the Microsoft Authenticode Policy
	// Provider.
	GUID verification_type = WINTRUST_ACTION_GENERIC_VERIFY_V2;

	// Info for the file we're going to verify.
	WINTRUST_FILE_INFO file_info = {};
	file_info.cbStruct = sizeof(file_info);
	file_info.pcwszFilePath = signed_file.value().c_str();

	// Info for request to WinVerifyTrust.
	WINTRUST_DATA trust_data = {};
	trust_data.cbStruct = sizeof(trust_data);
	trust_data.dwUIChoice = WTD_UI_NONE; // no graphics
	trust_data.fdwRevocationChecks = WTD_REVOKE_NONE; // no revocation checking
	trust_data.dwUnionChoice = WTD_CHOICE_FILE; // check a file
	trust_data.pFile = &file_info; // check this file
	trust_data.dwProvFlags = WTD_REVOCATION_CHECK_NONE;

	// From the WinVerifyTrust documentation:
	// http://msdn2.microsoft.com/en-us/library/aa388208.aspx:
	// "If the trust provider verifies that the subject is trusted
	// for the specified action, the return value is zero. No other
	// value besides zero should be considered a successful return."
	LONG result = WinVerifyTrust(window_mode, &verification_type, &trust_data);
	return !result;
	}

	bool VerifySignerIsGoogle(const base::FilePath& signed_file,
	const std::string& subject_name,
	const std::vector<std::string>& expected_hashes) {
	if (signed_file.empty())
	return false;

	// If successful, cert_store will be populated by a store containing all the
	// certificates related to the file signature.
	HCERTSTORE cert_store = NULL;

	BOOL succeeded = CryptQueryObject(
	CERT_QUERY_OBJECT_FILE,
	signed_file.value().c_str(),
	CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
	CERT_QUERY_FORMAT_FLAG_ALL,
	0, // Reserved: must be 0.
	NULL,
	NULL,
	NULL,
	&cert_store,
	NULL, // Do not return the message.
	NULL); // Do not return additional context.

	ScopedCertStoreHandle scoped_cert_store(cert_store);

	if (!succeeded \|\| !scoped_cert_store.IsValid())
	return false;

	PCCERT_CONTEXT cert_context_ptr = NULL;
	cert_context_ptr = CertFindCertificateInStore(
	cert_store,
	X509_ASN_ENCODING \| PKCS_7_ASN_ENCODING,
	0,
	CERT_FIND_SUBJECT_STR,
	base::UTF8ToWide(subject_name).c_str(),
	cert_context_ptr);

	// No cert found with this subject, so stop here.
	if (!cert_context_ptr)
	return false;

	CertInfo cert_info(cert_context_ptr);

	CertFreeCertificateContext(cert_context_ptr);
	cert_context_ptr = NULL;

	// Check the hashes to make sure subject isn't being faked, and the time
	// to make sure the cert is current.
	std::vector<std::string>::const_iterator it = std::find(
	expected_hashes.begin(),
	expected_hashes.end(),
	cert_info.public_key_hash());
	if (it == expected_hashes.end() \|\| !cert_info.IsValidNow())
	return false;

	return true;
	}