2 // AuthenticodeBase.cs: Authenticode signature base class
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004, 2006 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Security.Cryptography;
36 namespace Mono.Security.Authenticode {
39 // a. http://www.cs.auckland.ac.nz/~pgut001/pubs/authenticode.txt
57 class AuthenticodeBase {
59 public const string spcIndirectDataContext = "1.3.6.1.4.1.311.2.1.4";
61 private byte[] fileblock;
62 private FileStream fs;
64 private int blockLength;
66 private int dirSecurityOffset;
67 private int dirSecuritySize;
68 private int coffSymbolTableOffset;
70 public AuthenticodeBase ()
72 fileblock = new byte [4096];
75 internal int PEOffset {
83 internal int CoffSymbolTableOffset {
87 return coffSymbolTableOffset;
91 internal int SecurityOffset {
95 return dirSecurityOffset;
99 internal void Open (string filename)
103 fs = new FileStream (filename, FileMode.Open, FileAccess.Read, FileShare.Read);
106 internal void Close ()
115 internal bool ReadFirstBlock ()
121 // read first block - it will include (100% sure)
122 // the MZ header and (99.9% sure) the PE header
123 blockLength = fs.Read (fileblock, 0, fileblock.Length);
125 if (blockLength < 64)
126 return false; // invalid PE file
128 // 1. Validate the MZ header informations
129 // 1.1. Check for magic MZ at start of header
130 if (BitConverterLE.ToUInt16 (fileblock, 0) != 0x5A4D)
133 // 1.2. Find the offset of the PE header
134 peOffset = BitConverterLE.ToInt32 (fileblock, 60);
135 if (peOffset > fileblock.Length) {
136 // just in case (0.1%) this can actually happen
137 string msg = String.Format (Locale.GetText (
138 "Header size too big (> {0} bytes)."),
140 throw new NotSupportedException (msg);
142 if (peOffset > fs.Length)
145 // 2. Read between DOS header and first part of PE header
146 // 2.1. Check for magic PE at start of header
147 // PE - NT header ('P' 'E' 0x00 0x00)
148 if (BitConverterLE.ToUInt32 (fileblock, peOffset) != 0x4550)
151 // 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size)
152 dirSecurityOffset = BitConverterLE.ToInt32 (fileblock, peOffset + 152);
153 dirSecuritySize = BitConverterLE.ToInt32 (fileblock, peOffset + 156);
155 // COFF symbol tables are deprecated - we'll strip them if we see them!
156 // (otherwise the signature won't work on MS and we don't want to support COFF for that)
157 coffSymbolTableOffset = BitConverterLE.ToInt32 (fileblock, peOffset + 12);
162 internal byte[] GetSecurityEntry ()
167 if (dirSecuritySize > 8) {
168 // remove header from size (not ASN.1 based)
169 byte[] secEntry = new byte [dirSecuritySize - 8];
170 // position after header and read entry
171 fs.Position = dirSecurityOffset + 8;
172 fs.Read (secEntry, 0, secEntry.Length);
178 internal byte[] GetHash (HashAlgorithm hash)
182 fs.Position = blockLength;
184 // hash the rest of the file
187 // minus any authenticode signature (with 8 bytes header)
188 if (dirSecurityOffset > 0) {
189 // it is also possible that the signature block
190 // starts within the block in memory (small EXE)
191 if (dirSecurityOffset < blockLength) {
192 blockLength = dirSecurityOffset;
195 n = dirSecurityOffset - blockLength;
197 } else if (coffSymbolTableOffset > 0) {
198 fileblock[PEOffset + 12] = 0;
199 fileblock[PEOffset + 13] = 0;
200 fileblock[PEOffset + 14] = 0;
201 fileblock[PEOffset + 15] = 0;
202 fileblock[PEOffset + 16] = 0;
203 fileblock[PEOffset + 17] = 0;
204 fileblock[PEOffset + 18] = 0;
205 fileblock[PEOffset + 19] = 0;
206 // it is also possible that the signature block
207 // starts within the block in memory (small EXE)
208 if (coffSymbolTableOffset < blockLength) {
209 blockLength = coffSymbolTableOffset;
212 n = coffSymbolTableOffset - blockLength;
215 addsize = (int) (fs.Length & 7);
217 addsize = 8 - addsize;
219 n = fs.Length - blockLength;
222 // Authenticode(r) gymnastics
223 // Hash from (generally) 0 to 215 (216 bytes)
224 int pe = peOffset + 88;
225 hash.TransformBlock (fileblock, 0, pe, fileblock, 0);
226 // then skip 4 for checksum
228 // Continue hashing from (generally) 220 to 279 (60 bytes)
229 hash.TransformBlock (fileblock, pe, 60, fileblock, pe);
230 // then skip 8 bytes for IMAGE_DIRECTORY_ENTRY_SECURITY
233 // everything is present so start the hashing
235 // hash the (only) block
236 hash.TransformFinalBlock (fileblock, pe, blockLength - pe);
239 // hash the last part of the first (already in memory) block
240 hash.TransformBlock (fileblock, pe, blockLength - pe, fileblock, pe);
242 // hash by blocks of 4096 bytes
243 long blocks = (n >> 12);
244 int remainder = (int)(n - (blocks << 12));
245 if (remainder == 0) {
250 while (blocks-- > 0) {
251 fs.Read (fileblock, 0, fileblock.Length);
252 hash.TransformBlock (fileblock, 0, fileblock.Length, fileblock, 0);
255 if (fs.Read (fileblock, 0, remainder) != remainder)
259 hash.TransformBlock (fileblock, 0, remainder, fileblock, 0);
260 hash.TransformFinalBlock (new byte [addsize], 0, addsize);
262 hash.TransformFinalBlock (fileblock, 0, remainder);
268 // for compatibility only
269 protected byte[] HashFile (string fileName, string hashName)
273 HashAlgorithm hash = HashAlgorithm.Create (hashName);
274 byte[] result = GetHash (hash);