Mercurial > trustbridge

comparison common/binverify.c @ 1364:28885e8c891f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue177) Read signature time from PKCS#7 object in selftest and binverify
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 21 Nov 2014 18:33:31 +0100
parents 3cd8dd706aaa
children 948f03bb5254
comparison
equal deleted inserted replaced
1363:3d6faded03dd 1364:28885e8c891f
22 { 22 {
23 if (!filename || !name_len) { 23 if (!filename || !name_len) {
24 bin_verify_result retval; 24 bin_verify_result retval;
25 retval.fptr = NULL; 25 retval.fptr = NULL;
26 retval.result = VerifyUnknownError; 26 retval.result = VerifyUnknownError;
27 retval.sig_time = 0;
27 return retval; 28 return retval;
28 } 29 }
29 30
30 #ifdef WIN32 31 #ifdef WIN32
31 return verify_binary_win(filename, name_len); 32 return verify_binary_win(filename, name_len);
100 retval = true; 101 retval = true;
101 102
102 done: 103 done:
103 x509_crt_free(&codesign_cert); 104 x509_crt_free(&codesign_cert);
104 return retval; 105 return retval;
106 }
107
108 time_t
109 systemtime_to_time_t (SYSTEMTIME *systemTime)
110
111 {
112 LARGE_INTEGER jan1970FT = {{0}};
113 jan1970FT.QuadPart = 116444736000000000LL; // january 1st 1970 well known value
114 LARGE_INTEGER utcFT = {{0}};
115
116 SystemTimeToFileTime(systemTime, (FILETIME*)&utcFT);
117
118 __int64 utcDosTime = (utcFT.QuadPart - jan1970FT.QuadPart)/10000000;
119
120 return (time_t)utcDosTime;
121 }
122
123
124 time_t
125 get_signature_time (HCRYPTMSG hMsg)
126 {
127 FILETIME lft, ft;
128 SYSTEMTIME st;
129 DWORD dwData = 0,
130 n = 0,
131 dwSignerInfo = 0;
132 PCMSG_SIGNER_INFO pSignerInfo = NULL;
133
134 time_t ret = -1;
135
136 if (!hMsg)
137 {
138 return -1;
139 }
140
141 // Get signer information size.
142 if (!CryptMsgGetParam(hMsg,
143 CMSG_SIGNER_INFO_PARAM,
144 0,
145 NULL,
146 &dwSignerInfo))
147 {
148 ERRORPRINTF ("Failed to get signer info size.");
149 return -1;
150 }
151 pSignerInfo = xmalloc (dwSignerInfo);
152
153 if (!CryptMsgGetParam(hMsg,
154 CMSG_SIGNER_INFO_PARAM,
155 0,
156 (PVOID)pSignerInfo,
157 &dwSignerInfo))
158 {
159 ERRORPRINTF ("Failed to get signer info.");
160 goto done;
161 }
162
163
164 // Loop through authenticated attributes and find
165 // szOID_RSA_signingTime OID.
166 for (n = 0; n < pSignerInfo->AuthAttrs.cAttr; n++)
167 {
168 if (lstrcmpA(szOID_RSA_signingTime,
169 pSignerInfo->AuthAttrs.rgAttr[n].pszObjId) == 0)
170 {
171 dwData = sizeof(ft);
172 if (!CryptDecodeObject((X509_ASN_ENCODING | PKCS_7_ASN_ENCODING),
173 szOID_RSA_signingTime,
174 pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].pbData,
175 pSignerInfo->AuthAttrs.rgAttr[n].rgValue[0].cbData,
176 0,
177 (PVOID)&ft,
178 &dwData))
179 {
180 PRINTLASTERROR ("Failed to decode time: ");
181 break;
182 }
183
184 // Convert to local time.
185 FileTimeToLocalFileTime(&ft, &lft);
186 FileTimeToSystemTime(&lft, &st);
187
188 ret = systemtime_to_time_t(&st);
189 break;
190 }
191 }
192
193 done:
194 xfree(pSignerInfo);
195
196 return ret;
105 } 197 }
106 198
107 bin_verify_result 199 bin_verify_result
108 verify_binary_win(const char *filename, size_t name_len) 200 verify_binary_win(const char *filename, size_t name_len)
109 { 201 {
217 if(check_certificate(pSignerCertContext)) 309 if(check_certificate(pSignerCertContext))
218 { 310 {
219 DEBUGPRINTF ("Valid signature with pinned certificate."); 311 DEBUGPRINTF ("Valid signature with pinned certificate.");
220 retval.result = VerifyValid; 312 retval.result = VerifyValid;
221 retval.fptr = fptr; 313 retval.fptr = fptr;
314 retval.sig_time = get_signature_time (hMsg);
222 goto done; 315 goto done;
223 } 316 }
224 else 317 else
225 { 318 {
226 ERRORPRINTF ("Certificate mismatch. \n"); 319 ERRORPRINTF ("Certificate mismatch. \n");
http://wald.intevation.org/projects/trustbridge/