uthenticode
2.0.1-19005f0
|
Namespaces | |
impl | |
Classes | |
struct | FormatError |
class | Certificate |
class | SignedData |
class | WinCert |
Typedefs | |
using | Checksum = std::tuple< checksum_kind, std::string > |
Enumerations | |
enum class | certificate_revision : std::uint16_t { CERT_REVISION_1_0 = 0x0100 , CERT_REVISION_2_0 = 0x0200 } |
enum class | certificate_type : std::uint16_t { CERT_TYPE_X509 = 0x0001 , CERT_TYPE_PKCS_SIGNED_DATA = 0x0002 , CERT_TYPE_RESERVED_1 = 0x0003 , CERT_TYPE_PKCS1_SIGN = 0x0009 } |
enum class | checksum_kind : std::uint8_t { UNKNOWN , MD5 , SHA1 , SHA256 } |
Functions | |
std::ostream & | operator<< (std::ostream &os, checksum_kind kind) |
std::vector< WinCert > | read_certs (peparse::parsed_pe *pe) |
std::vector< Checksum > | get_checksums (peparse::parsed_pe *pe) |
std::optional< std::string > | calculate_checksum (peparse::parsed_pe *pe, checksum_kind kind) |
bool | verify (peparse::parsed_pe *pe) |
using uthenticode::Checksum = typedef std::tuple<checksum_kind, std::string> |
A convenience union for representing the kind of checksum returned, as well as its actual digest data.
|
strong |
The certificate revision. This value has nothing to do with the structure or format of the certificate, and is completely useless as far as I can tell.
MSDN lies and says that CERT_REVISION_1_0 is the only defined revision; every binary that I've seen uses CERT_REVISION_2_0.
Enumerator | |
---|---|
CERT_REVISION_1_0 | Revision 1.0 of the WIN_CERT structure (supposedly) |
CERT_REVISION_2_0 | Revision 2.0 of the WIN_CERT structure |
|
strong |
The kind of embedded certificate data.
This library only supports verifying CERT_TYPE_PKCS_SIGNED_DATA, since that's what Authenticode uses.
Enumerator | |
---|---|
CERT_TYPE_X509 | An x509 certificate |
CERT_TYPE_PKCS_SIGNED_DATA | A PKCS#7 SignedData |
CERT_TYPE_RESERVED_1 | Reserved by Windows. |
CERT_TYPE_PKCS1_SIGN | PKCS1_MODULE_SIGN fields |
|
strong |
std::optional< std::string > uthenticode::calculate_checksum | ( | peparse::parsed_pe * | pe, |
checksum_kind | kind | ||
) |
Calculates the requested message digest for the given parsed_pe
.
parsed_pe
must contain a security directory; calculating the checksum of a "bare" PE is not supported.
pe | the peparse::parsed_pe to hash |
kind | the kind of message digest to calculate |
std::nullopt
on failure std::vector< Checksum > uthenticode::get_checksums | ( | peparse::parsed_pe * | pe | ) |
Returns all checksums available in the certificates of the given parsed_pe
.
pe | the peparse::parsed_pe to extract checksums from |
std::ostream & uthenticode::operator<< | ( | std::ostream & | os, |
checksum_kind | kind | ||
) |
std::vector< WinCert > uthenticode::read_certs | ( | peparse::parsed_pe * | pe | ) |
Parses the certificates from the given parsed_pe
.
pe | the peparse::parsed_pe to extract certificates from |
bool uthenticode::verify | ( | peparse::parsed_pe * | pe | ) |
Verifies the given parsed_pe
.
A PE is said to be "verified" in the context of uthenticode under the following conditions:
pe | the peparse::parsed_pe to verify |