uthenticode  2.0.1-19005f0
Namespaces | Classes | Typedefs | Enumerations | Functions
uthenticode Namespace Reference

Namespaces

 impl
 

Classes

struct  FormatError
 
class  Certificate
 
class  SignedData
 
class  WinCert
 

Typedefs

using Checksum = std::tuple< checksum_kind, std::string >
 

Enumerations

enum class  certificate_revision : std::uint16_t { CERT_REVISION_1_0 = 0x0100 , CERT_REVISION_2_0 = 0x0200 }
 
enum class  certificate_type : std::uint16_t { CERT_TYPE_X509 = 0x0001 , CERT_TYPE_PKCS_SIGNED_DATA = 0x0002 , CERT_TYPE_RESERVED_1 = 0x0003 , CERT_TYPE_PKCS1_SIGN = 0x0009 }
 
enum class  checksum_kind : std::uint8_t { UNKNOWN , MD5 , SHA1 , SHA256 }
 

Functions

std::ostream & operator<< (std::ostream &os, checksum_kind kind)
 
std::vector< WinCertread_certs (peparse::parsed_pe *pe)
 
std::vector< Checksumget_checksums (peparse::parsed_pe *pe)
 
std::optional< std::string > calculate_checksum (peparse::parsed_pe *pe, checksum_kind kind)
 
bool verify (peparse::parsed_pe *pe)
 

Typedef Documentation

◆ Checksum

using uthenticode::Checksum = typedef std::tuple<checksum_kind, std::string>

A convenience union for representing the kind of checksum returned, as well as its actual digest data.

Enumeration Type Documentation

◆ certificate_revision

enum uthenticode::certificate_revision : std::uint16_t
strong

The certificate revision. This value has nothing to do with the structure or format of the certificate, and is completely useless as far as I can tell.

MSDN lies and says that CERT_REVISION_1_0 is the only defined revision; every binary that I've seen uses CERT_REVISION_2_0.

Enumerator
CERT_REVISION_1_0 

Revision 1.0 of the WIN_CERT structure (supposedly)

CERT_REVISION_2_0 

Revision 2.0 of the WIN_CERT structure

◆ certificate_type

enum uthenticode::certificate_type : std::uint16_t
strong

The kind of embedded certificate data.

This library only supports verifying CERT_TYPE_PKCS_SIGNED_DATA, since that's what Authenticode uses.

Enumerator
CERT_TYPE_X509 

An x509 certificate

CERT_TYPE_PKCS_SIGNED_DATA 

A PKCS#7 SignedData

CERT_TYPE_RESERVED_1 

Reserved by Windows.

CERT_TYPE_PKCS1_SIGN 

PKCS1_MODULE_SIGN fields

◆ checksum_kind

enum uthenticode::checksum_kind : std::uint8_t
strong

An enumeration for supported checksum algorithms.

Enumerator
UNKNOWN 

An unknown checksum kind

MD5 

MD5

SHA1 

SHA-1

SHA256 

SHA2-256

Function Documentation

◆ calculate_checksum()

std::optional< std::string > uthenticode::calculate_checksum ( peparse::parsed_pe *  pe,
checksum_kind  kind 
)

Calculates the requested message digest for the given parsed_pe.

parsed_pe must contain a security directory; calculating the checksum of a "bare" PE is not supported.

Parameters
pethe peparse::parsed_pe to hash
kindthe kind of message digest to calculate
Returns
the resulting digest, or std::nullopt on failure

◆ get_checksums()

std::vector< Checksum > uthenticode::get_checksums ( peparse::parsed_pe *  pe)

Returns all checksums available in the certificates of the given parsed_pe.

Parameters
pethe peparse::parsed_pe to extract checksums from
Returns
a vector of Checksum

◆ operator<<()

std::ostream & uthenticode::operator<< ( std::ostream &  os,
checksum_kind  kind 
)

◆ read_certs()

std::vector< WinCert > uthenticode::read_certs ( peparse::parsed_pe *  pe)

Parses the certificates from the given parsed_pe.

Parameters
pethe peparse::parsed_pe to extract certificates from
Returns
a vector of uthenticode::WinCert

◆ verify()

bool uthenticode::verify ( peparse::parsed_pe *  pe)

Verifies the given parsed_pe.

A PE is said to be "verified" in the context of uthenticode under the following conditions:

  1. It has one or more valid SignedData entries
  2. Every SignedData entry has a checksum that matches the PE's calculated checksum
Parameters
pethe peparse::parsed_pe to verify
Returns
true if verified, false otherwise