myvtm/spbase/CodeSignVerify.cpp

#include "stdafx.h"

#include <WinVer.h>
//#pragma comment (lib, "Version.lib")
#include <Wintrust.h.>
#include<SoftPub.h>
//#pragma comment (lib, "wintrust")
//#pragma comment(lib, "crypt32.lib")

#include "fileutil.h"
#include "CodeSignVerify.h"

CCodeSignVerify::CCodeSignVerify(DWORD dwCodePage, DWORD dwLangID)
:m_dwCodePage(dwCodePage), m_dwLangID(dwLangID)
{
}

CCodeSignVerify::~CCodeSignVerify()
{	
}

bool CCodeSignVerify::GetVersionInfo(const char *pszFileName, CVersionInfo &versionInfo)
{
	DWORD dwZero(0);
	DWORD dwSize = ::GetFileVersionInfoSize(pszFileName, &dwZero);

	if (dwSize == 0)
	{
		SetLastErrMsg();
		return false;
	}

	void *pVersionInfo = new char[dwSize];
	bool bRet = ::GetFileVersionInfo(pszFileName, 0, dwSize, pVersionInfo) == TRUE;
	if (bRet)
	{
		// read fixed version info
		UINT nLen(0);
		VS_FIXEDFILEINFO* pFixedInfo = NULL;
		bRet = ::VerQueryValue(pVersionInfo, "\\", (LPVOID*)&pFixedInfo, &nLen) && pFixedInfo->dwSignature == VS_FFI_SIGNATURE;
		if (bRet)
		{
			// get file version & product version
			versionInfo.FileVersion = CVersion(HIWORD(pFixedInfo->dwFileVersionMS),
				LOWORD(pFixedInfo->dwFileVersionMS),
				HIWORD(pFixedInfo->dwFileVersionLS),
				LOWORD(pFixedInfo->dwFileVersionLS));

			versionInfo.ProductVersion = CVersion(HIWORD(pFixedInfo->dwProductVersionMS),
				LOWORD(pFixedInfo->dwProductVersionMS),
				HIWORD(pFixedInfo->dwProductVersionLS),
				LOWORD(pFixedInfo->dwProductVersionLS));
		}

		// get string file info 
		bRet =  bRet &&  GetStringFileInfo(pVersionInfo, "ProductName", versionInfo.strProductName);
		bRet = bRet && GetStringFileInfo(pVersionInfo, "CompanyName", versionInfo.strCompanyName);
		bRet = bRet && GetStringFileInfo(pVersionInfo, "FileDescription", versionInfo.strDescription);

		// custom info, possiblely not define
		GetStringFileInfo(pVersionInfo, "AuthorName", versionInfo.strAuthorName);
	}

	delete[] pVersionInfo;

	if (!bRet)
		SetLastErrMsg();

	return bRet;
}

bool CCodeSignVerify::VerifySignature(const char *pszFileName, CSignInfo &signInfo)
{
	if (!IsSignFromTrust(pszFileName))
		return false;

	if (!GetSignInfo(pszFileName, signInfo))
		return false;
/*
	if (signInfo.strSignCertSubject.Compare("China Merchants Bank Co., Ltd") != 0)
	{
		SetLastErrMsg(CSimpleStringA::Format("signer invalid: %s", (const char*)signInfo.strSignCertSubject));
		return false;
	}*/

	//if (signInfo.strSignCertSubject.Compare("CMB CCDG Signing") != 0)
	//{
	//	SetLastErrMsg(CSimpleStringA::Format("strSignCertSubject invalid: %s", (const char*)signInfo.strSignCertSubject));
	//	return false;	
	//}

	return true;
}

bool CCodeSignVerify::IsSignFromTrust(const char *pszFileName)
{
	// check if file exists
	if (!ExistsFileA(pszFileName))
	{
		SetLastErrMsg(CSimpleStringA::Format("file \"%s\" not exist", pszFileName));
		return false;
	}
	
	WCHAR wszFileName[MAX_PATH] = {};
	int nRet = MultiByteToWideChar(CP_ACP, 0, pszFileName, -1, wszFileName, MAX_PATH);
	if (nRet <= 0)
	{
		SetLastErrMsg("convert to wchar string fail");
		return false;
	}
	
	LONG lStatus;
	DWORD dwLastError;

	// Initialize the WINTRUST_FILE_INFO structure.
	bool bRet = false;

	WINTRUST_FILE_INFO FileData;
	memset(&FileData, 0, sizeof(FileData));
	FileData.cbStruct = sizeof(WINTRUST_FILE_INFO);
	FileData.pcwszFilePath = wszFileName;
	FileData.hFile = NULL;
	FileData.pgKnownSubject = NULL;

	/*
	WVTPolicyGUID specifies the policy to apply on the file
	WINTRUST_ACTION_GENERIC_VERIFY_V2 policy checks:

	1) The certificate used to sign the file chains up to a root
	certificate located in the trusted root certificate store. This
	implies that the identity of the publisher has been verified by
	a certification authority.

	2) In cases where user interface is displayed (which this example
	does not do), WinVerifyTrust will check for whether the
	end entity certificate is stored in the trusted publisher store,
	implying that the user trusts content from this publisher.

	3) The end entity certificate has sufficient permission to sign
	code, as indicated by the presence of a code signing EKU or no
	EKU.	*/

	GUID WVTPolicyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
	WINTRUST_DATA WinTrustData;

	// Initialize the WinVerifyTrust input data structure.
	// Default all fields to 0.
	memset(&WinTrustData, 0, sizeof(WinTrustData));

	WinTrustData.cbStruct = sizeof(WinTrustData);

	// Use default code signing EKU.
	WinTrustData.pPolicyCallbackData = NULL;

	// No data to pass to SIP.
	WinTrustData.pSIPClientData = NULL;

	// Disable WVT UI.
	WinTrustData.dwUIChoice = WTD_UI_NONE;

	// No revocation checking.
	WinTrustData.fdwRevocationChecks = WTD_REVOKE_NONE;

	// Verify an embedded signature on a file.
	WinTrustData.dwUnionChoice = WTD_CHOICE_FILE;

	// Default verification.
	WinTrustData.dwStateAction = 0;

	// Not applicable for default verification of embedded signature.
	WinTrustData.hWVTStateData = NULL;

	// Not used.
	WinTrustData.pwszURLReference = NULL;

	// Default.
	//WinTrustData.dwProvFlags = WTD_HASH_ONLY_FLAG;		// xkm@20140904: 只验证Hash， 在准入时后台验证签名证书合法性
	WinTrustData.dwProvFlags = WTD_SAFER_FLAG;

	// This is not applicable if there is no UI because it changes 
	// the UI to accommodate running applications instead of 
	// installing applications.
	WinTrustData.dwUIContext = 0;

	// Set pFile.
	WinTrustData.pFile = &FileData;

	// WinVerifyTrust verifies signatures as specified by the GUID and Wintrust_Data.
	lStatus = WinVerifyTrust(
		NULL,
		&WVTPolicyGUID,
		&WinTrustData);

	switch (lStatus)
	{
	case ERROR_SUCCESS:
		/*Signed file:
		- Hash that represents the subject is trusted.
		- Trusted publisher without any verification errors.
		- UI was disabled in dwUIChoice. No publisher or time stamp chain errors.
		- UI was enabled in dwUIChoice and the user clicked "Yes" when asked to install and run the signed subject.	*/		
		bRet = true;
		break;

	case CERT_E_CHAINING:
		// 非受信任的根证书颁发机构，此错误视为通过
		bRet = true;
		break;

	case TRUST_E_NOSIGNATURE:
		// The file was not signed or had a signature that was not valid.
		// Get the reason for no signature.
		dwLastError = GetLastError();
		if (TRUST_E_NOSIGNATURE == dwLastError ||
			TRUST_E_SUBJECT_FORM_UNKNOWN == dwLastError ||
			TRUST_E_PROVIDER_UNKNOWN == dwLastError)
		{
			// The file was not signed.
			SetLastErrMsg("file not signed or signature not valid");
		}
		else
		{
			// The signature was not valid or there was an error opening the file.
			SetLastErrMsg("unknown error occurred trying to verify the signature");
		}

		break;

	case TRUST_E_EXPLICIT_DISTRUST:
		// The hash that represents the subject or the publisher  is not allowed by the admin or user.
		SetLastErrMsg("signature is present, but disallowed");
		break;

	case TRUST_E_SUBJECT_NOT_TRUSTED:
		// The user clicked "No" when asked to install and run.
		SetLastErrMsg("signature is present, but not trusted");
		break;

	case CRYPT_E_SECURITY_SETTINGS:
		/*The hash that represents the subject or the publisher
		was not explicitly trusted by the admin and the
		admin policy has disabled user trust. No signature,
		publisher or time stamp errors.	*/
		SetLastErrMsg("CRYPT_E_SECURITY_SETTINGS - The hash "
			"representing the subject or the publisher wasn't "
			"explicitly trusted by the admin and admin policy "
			"has disabled user trust. No signature, publisher "
			"or timestamp errors");
		break;

	default:
		// The UI was disabled in dwUIChoice or the admin policy 
		// has disabled user trust. lStatus contains the 
		// publisher or time stamp chain error.
		SetLastErrMsg("verify sign not pass");
		break;
	}

	return bRet;
}

bool CCodeSignVerify::GetSignInfo(const char *pszFileName, CSignInfo &signInfo)
{	
	HCERTSTORE hStore = NULL;
	HCRYPTMSG hMsg = NULL;	
	PCMSG_SIGNER_INFO pSignerInfo = NULL;
	
	__try
	{
		// check if file exists
		if (!ExistsFileA(pszFileName))
		{
			SetLastErrMsg("file not exist");
			return false;
		}

		WCHAR wcsFileName[MAX_PATH] = {};
		int nRet = MultiByteToWideChar(CP_ACP, 0, pszFileName, -1, wcsFileName, MAX_PATH);
		if (nRet <= 0)
		{
			SetLastErrMsg("convert file name to wcstring fail");
			return false;
		}

		// Get message handle and store handle from the signed file.
		DWORD dwEncoding, dwContentType, dwFormatType;
		BOOL bRet = CryptQueryObject(CERT_QUERY_OBJECT_FILE,
			wcsFileName,
			CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
			CERT_QUERY_FORMAT_FLAG_BINARY,
			0,
			&dwEncoding,
			&dwContentType,
			&dwFormatType,
			&hStore,
			&hMsg,
			NULL);
		if (!bRet)
		{
			SetLastErrMsg("get message and store handle fail");
			return false;
		}

		// Get signer information size.
		DWORD dwSignerInfoLen;
		bRet = CryptMsgGetParam(hMsg,
			CMSG_SIGNER_INFO_PARAM,
			0,
			NULL,
			&dwSignerInfoLen);

		if (!bRet)
		{
			SetLastErrMsg("get signer info size fail");
			return false;
		}

		// Allocate memory for signer information.
		pSignerInfo = (PCMSG_SIGNER_INFO)LocalAlloc(LPTR, dwSignerInfoLen);
		if (pSignerInfo == NULL)
		{
			SetLastErrMsg("allocate memory for signer information of file fail");
			return false;
		}

		// Get Signer Information.
		bRet = CryptMsgGetParam(hMsg,
			CMSG_SIGNER_INFO_PARAM,
			0,
			(PVOID)pSignerInfo,
			&dwSignerInfoLen);
		if (!bRet)
		{
			SetLastErrMsg("get signer info fail");
			return false;
		}

		// get programe name
		if (!GetProgramName(pSignerInfo, signInfo.strProgramName))
			return false;
		
		// get sign cert info
		if (!GetSignCertInfo(hStore, pSignerInfo, signInfo.strSignCertSerialNo, signInfo.strSignCertIssuer, 
			signInfo.strSignCertSubject, signInfo.strSignCertHash))
			return false;
		
		// get timestamp info
		// 如果没有签名时间戳，也视为成功
		SYSTEMTIME st = {};
		if (GetTimeOfTimeStamp(hStore, pSignerInfo, &st))
			signInfo.dtSignTime.FromSystemTime(st);
		
		return true;
	}
	__finally
	{
		if (pSignerInfo != NULL)
			LocalFree(pSignerInfo);
		
		if (hStore != NULL)
			CertCloseStore(hStore, 0);

		if (hMsg != NULL)
			CryptMsgClose(hMsg);
	}

	return false;
}

bool CCodeSignVerify::Sha1Hash(BYTE *pData, int nDataLen, BYTE hash[20])
{
	bool bRet = false;
	HCRYPTPROV hCryptProv;
	if (CryptAcquireContextA(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) {
		HCRYPTHASH hHash;
		if (CryptCreateHash(hCryptProv, CALG_SHA1, 0, 0, &hHash))
		{
			if (!CryptHashData(hHash, pData, nDataLen, 0))
				SetLastErrMsg("CryptHashData fail");
			else
			{
				DWORD dwLen = 20;
				if (CryptGetHashParam(hHash, HP_HASHVAL, (LPBYTE)&hash[0], &dwLen, 0))
					bRet = true;
				else
					SetLastErrMsg("CryptGetHashParam fail");
			}
			CryptDestroyHash(hHash);
		}
		else {
			SetLastErrMsg("CryptCreateHash failed");
		}
		CryptReleaseContext(hCryptProv, 0);
	}
	else {
		SetLastErrMsg("CryptAcquireContextA failed");
	}

	return bRet;
}

bool CCodeSignVerify::GetSignCertInfo(HCERTSTORE hStore, PCMSG_SIGNER_INFO pSignerInfo,
	CSimpleStringA &strSerialNum, CSimpleStringA &strIssuer, CSimpleStringA &strSubject, CSimpleStringA &strCertHash)
{
	PCCERT_CONTEXT pCertContext = NULL;
	LPTSTR szName = NULL;

	__try
	{
		// Search for the signer certificate in the temporary  certificate store.
		CERT_INFO certInfo = {};
		certInfo.Issuer = pSignerInfo->Issuer;
		certInfo.SerialNumber = pSignerInfo->SerialNumber;

		pCertContext  = CertFindCertificateInStore(hStore,
			(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING),
			0,
			CERT_FIND_SUBJECT_CERT,
			(PVOID)&certInfo,
			NULL);

		if (!pCertContext)
		{
			SetLastErrMsg("search for the signer certificate in the temporary certificate store fail");
			return false;
		}

		// compute cert hash
		BYTE hash[20] = {};
		if (!Sha1Hash(pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, hash))
		{
			SetLastErrMsg("compute sign cert sha1 hash fail");
			return false;
		}

		char szHash[64] = {};
		for (int i = 0; i < 20; i++)
		{
			sprintf(szHash, "%s%02x", szHash, hash[i]);
		}
		strCertHash = szHash;

		// Serial Number
		DWORD dwDataLen = pCertContext->pCertInfo->SerialNumber.cbData;
		for (DWORD n = 0; n < dwDataLen; n++)
		{
			char szTmp[32] = {};
			sprintf(szTmp, "%02X", pCertContext->pCertInfo->SerialNumber.pbData[dwDataLen - (n + 1)]);
			strSerialNum.Append(szTmp);
		}

		// Get Issuer name size.
		if (!(dwDataLen = CertGetNameString(pCertContext,
			CERT_NAME_SIMPLE_DISPLAY_TYPE,
			CERT_NAME_ISSUER_FLAG,
			NULL,
			NULL,
			0)))
		{
			SetLastErrMsg("CertGetNameString failed");
			return false;
		}

		// Allocate memory for Issuer name.
		LPTSTR szName = (LPTSTR)LocalAlloc(LPTR, dwDataLen * sizeof(TCHAR));
		if (!szName)
		{
			SetLastErrMsg("Unable to allocate memory for issuer name");
			return false;
		}

		// Get Issuer name.
		if (!(CertGetNameString(pCertContext,
			CERT_NAME_SIMPLE_DISPLAY_TYPE,
			CERT_NAME_ISSUER_FLAG,
			NULL,
			szName,
			dwDataLen)))
		{
			SetLastErrMsg("CertGetNameString failed");
			return false;
		}

		// print Issuer name.
		strIssuer = szName;
		LocalFree(szName);
		szName = NULL;

		// Get Subject name size.
		if (!(dwDataLen = CertGetNameString(pCertContext,
			CERT_NAME_SIMPLE_DISPLAY_TYPE,
			0,
			NULL,
			NULL,
			0)))
		{
			SetLastErrMsg("CertGetNameString failed");
			return false;
		}

		// Allocate memory for subject name.
		szName = (LPTSTR)LocalAlloc(LPTR, dwDataLen * sizeof(TCHAR));
		if (!szName)
		{
			SetLastErrMsg("Unable to allocate memory for subject name");
			return false;
		}

		// Get subject name.
		if (!(CertGetNameString(pCertContext,
			CERT_NAME_SIMPLE_DISPLAY_TYPE,
			0,
			NULL,
			szName,
			dwDataLen)))
		{
			SetLastErrMsg("CertGetNameString failed");
			return false;
		}

		// Print Subject Name.
		strSubject = szName;
		return true;
	}
	__finally
	{
		if (szName != NULL)
			LocalFree(szName);

		if (pCertContext != NULL)
			CertFreeCertificateContext(pCertContext);
	}

	SetLastErrMsg("get sign cert info failed");
	return false;
}

bool CCodeSignVerify::GetProgramName(PCMSG_SIGNER_INFO pSignerInfo, CSimpleStringA &strProgramName)
{
	for (DWORD n = 0; n < pSignerInfo->AuthAttrs.cAttr; n++)
	{
		if (lstrcmpA(SPC_SP_OPUS_INFO_OBJID,
			pSignerInfo->AuthAttrs.rgAttr[n].pszObjId) == 0)
		{
			// Get Size of SPC_SP_OPUS_INFO structure.
			DWORD dwDataLen(0);
			if (!CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
				SPC_SP_OPUS_INFO_OBJID,
				pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
				pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
				0,
				NULL,
				&dwDataLen))
			{
				SetLastErrMsg("CryptDecodeObject failed");
				return false;
			}

			// Allocate memory for SPC_SP_OPUS_INFO structure.
			PSPC_SP_OPUS_INFO pOpusInfo = (PSPC_SP_OPUS_INFO)LocalAlloc(LPTR, dwDataLen);
			if (!pOpusInfo)
			{
				SetLastErrMsg("Unable to allocate memory for Publisher Info");
				return false;
			}

			// Decode and get SPC_SP_OPUS_INFO structure.
			if (!CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
				SPC_SP_OPUS_INFO_OBJID,
				pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
				pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
				0,
				pOpusInfo,
				&dwDataLen))
			{
				SetLastErrMsg("CryptDecodeObject failed");
				LocalFree(pOpusInfo);
				return false;
			}

			// Fill in Program Name if present.
			if (pOpusInfo->pwszProgramName)
			{
				CSimpleStringW str = pOpusInfo->pwszProgramName;
				strProgramName =  CSimpleStringW2A(str);
			}

			LocalFree(pOpusInfo);
			pOpusInfo = NULL;
			return true;
		}
	}

	SetLastErrMsg("find SPC_SP_OPUS_INFO_OBJID struct failed");
	return false;
}

bool CCodeSignVerify::GetTimeOfTimeStamp(HCERTSTORE hStore, PCMSG_SIGNER_INFO pSignerInfo, SYSTEMTIME *st)
{
	PCMSG_SIGNER_INFO pCounterSignerInfo = NULL;
	
	__try
	{
		// get timestamp sign info
		// Loop through unathenticated attributes for szOID_RSA_counterSign OID.
		for (DWORD n = 0; n < pSignerInfo->UnauthAttrs.cAttr; n++)
		{
			if (lstrcmpA(pSignerInfo->UnauthAttrs.rgAttr[n].pszObjId,
				szOID_RSA_counterSign) == 0)
			{
				// Get size of CMSG_SIGNER_INFO structure.
				DWORD dwSize(0);
				if (!CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
					PKCS7_SIGNER_INFO,
					pSignerInfo->UnauthAttrs.rgAttr[n].rgValue[0].pbData,
					pSignerInfo->UnauthAttrs.rgAttr[n].rgValue[0].cbData,
					0,
					NULL,
					&dwSize))
				{
					SetLastErrMsg("CryptDecodeObject failed");
					return false;
				}

				// Allocate memory for CMSG_SIGNER_INFO.
				pCounterSignerInfo = (PCMSG_SIGNER_INFO)LocalAlloc(LPTR, dwSize);
				if (!pCounterSignerInfo)
				{
					SetLastErrMsg("Unable to allocate memory for timestamp info");
					return false;
				}

				// Decode and get CMSG_SIGNER_INFO structure
				// for timestamp certificate.
				if (!CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
					PKCS7_SIGNER_INFO,
					pSignerInfo->UnauthAttrs.rgAttr[n].rgValue[0].pbData,
					pSignerInfo->UnauthAttrs.rgAttr[n].rgValue[0].cbData,
					0,
					(PVOID)pCounterSignerInfo,
					&dwSize))
				{
					SetLastErrMsg("CryptDecodeObject failed");
					return false;
				}

				// Loop through authenticated attributes and find
				// szOID_RSA_signingTime OID.
				for (DWORD n = 0; n < pCounterSignerInfo->AuthAttrs.cAttr; n++)
				{
					if (lstrcmpA(szOID_RSA_signingTime,
						pCounterSignerInfo->AuthAttrs.rgAttr[n].pszObjId) == 0)
					{
						// Decode and get FILETIME structure.
						FILETIME lft, ft;
						DWORD dwData = sizeof(ft);
						if (!CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
							szOID_RSA_signingTime,
							pCounterSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
							pCounterSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
							0,
							(PVOID)&ft,
							&dwData))
						{
							SetLastErrMsg("CryptDecodeObject failed");
							return false;
						}

						// Convert to local time.
						FileTimeToLocalFileTime(&ft, &lft);
						FileTimeToSystemTime(&lft, st);
						return true;
					} //lstrcmp szOID_RSA_signingTime
				} // for

				break;
			}
		}
	}
	__finally
	{
		if (pCounterSignerInfo != NULL)
			LocalFree(pCounterSignerInfo);
	}

	SetLastErrMsg("find sign timestamp info fail");
	return false;
}

bool CCodeSignVerify::GetStringFileInfo(void *pVersionInfo, const char *pszKeyName, CSimpleStringA &strValue)
{
	// get inherit string file info
	char *pszValue = NULL;
	UINT nLen(0);
	CSimpleString strStringInfoKey = CSimpleString::Format("\\StringFileInfo\\%04x%04x\\", m_dwLangID, m_dwCodePage);
	if (::VerQueryValue(pVersionInfo, strStringInfoKey + pszKeyName, (void**)&pszValue, &nLen))
	{
		strValue = pszValue;
		return true;
	}

	return false;
}

CSimpleStringA CCodeSignVerify::GetErrorMsg()
{
	if (m_strLastErrMsg.IsNullOrEmpty())	// if null, string operation will crash
		return "";
	else
		return m_strLastErrMsg;
}

void CCodeSignVerify::SetLastErrMsg(const char *pErrMsg)
{
	DWORD dwError = GetLastError();

	if (dwError == 0)
		m_strLastErrMsg = pErrMsg;
	else
		m_strLastErrMsg = CSimpleStringA::Format("%s %s(0x%X)",
		pErrMsg == NULL ? "" : pErrMsg,
		(const char*)GetSysErrMsg(dwError), dwError);
}