michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include michael@0: #include michael@0: #include michael@0: #include michael@0: #include michael@0: michael@0: #pragma comment(lib, "wintrust.lib") michael@0: #pragma comment(lib, "crypt32.lib") michael@0: michael@0: #ifdef UNICODE michael@0: michael@0: #ifndef _T michael@0: #define __T(x) L ## x michael@0: #define _T(x) __T(x) michael@0: #define _TEXT(x) __T(x) michael@0: #endif michael@0: michael@0: #else michael@0: michael@0: #ifndef _T michael@0: #define _T(x) x michael@0: #define _TEXT(x) x michael@0: #endif michael@0: michael@0: #endif // UNICODE michael@0: michael@0: static const int ENCODING = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING; michael@0: michael@0: typedef struct _stack_t { michael@0: struct _stack_t *next; michael@0: TCHAR text[MAX_PATH]; michael@0: } stack_t; michael@0: michael@0: int popstring(stack_t **stacktop, LPTSTR str, int len); michael@0: void pushstring(stack_t **stacktop, LPCTSTR str, int len); michael@0: michael@0: struct CertificateCheckInfo michael@0: { michael@0: LPCWSTR name; michael@0: LPCWSTR issuer; michael@0: }; michael@0: michael@0: /** michael@0: * Checks to see if a file stored at filePath matches the specified info. This michael@0: * only supports the name and issuer attributes currently. michael@0: * michael@0: * @param certContext The certificate context of the file michael@0: * @param infoToMatch The acceptable information to match michael@0: * @return FALSE if the info does not match or if any error occurs in the check michael@0: */ michael@0: BOOL michael@0: DoCertificateAttributesMatch(PCCERT_CONTEXT certContext, michael@0: CertificateCheckInfo &infoToMatch) michael@0: { michael@0: DWORD dwData; michael@0: LPTSTR szName = NULL; michael@0: michael@0: // Pass in NULL to get the needed size of the issuer buffer. michael@0: dwData = CertGetNameString(certContext, michael@0: CERT_NAME_SIMPLE_DISPLAY_TYPE, michael@0: CERT_NAME_ISSUER_FLAG, NULL, michael@0: NULL, 0); michael@0: michael@0: if (!dwData) { michael@0: return FALSE; michael@0: } michael@0: michael@0: // Allocate memory for Issuer name buffer. michael@0: szName = (LPTSTR)LocalAlloc(LPTR, dwData * sizeof(WCHAR)); michael@0: if (!szName) { michael@0: return FALSE; michael@0: } michael@0: michael@0: // Get Issuer name. michael@0: if (!CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, michael@0: CERT_NAME_ISSUER_FLAG, NULL, szName, dwData)) { michael@0: LocalFree(szName); michael@0: return FALSE; michael@0: } michael@0: michael@0: // If the issuer does not match, return a failure. michael@0: if (!infoToMatch.issuer || michael@0: wcscmp(szName, infoToMatch.issuer)) { michael@0: LocalFree(szName); michael@0: return FALSE; michael@0: } michael@0: michael@0: LocalFree(szName); michael@0: szName = NULL; michael@0: michael@0: // Pass in NULL to get the needed size of the name buffer. michael@0: dwData = CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, michael@0: 0, NULL, NULL, 0); michael@0: if (!dwData) { michael@0: return FALSE; michael@0: } michael@0: michael@0: // Allocate memory for the name buffer. michael@0: szName = (LPTSTR)LocalAlloc(LPTR, dwData * sizeof(WCHAR)); michael@0: if (!szName) { michael@0: return FALSE; michael@0: } michael@0: michael@0: // Obtain the name. michael@0: if (!(CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, michael@0: NULL, szName, dwData))) { michael@0: LocalFree(szName); michael@0: return FALSE; michael@0: } michael@0: michael@0: // If the issuer does not match, return a failure. michael@0: if (!infoToMatch.name || michael@0: wcscmp(szName, infoToMatch.name)) { michael@0: LocalFree(szName); michael@0: return FALSE; michael@0: } michael@0: michael@0: // We have a match! michael@0: LocalFree(szName); michael@0: michael@0: // If there were any errors we would have aborted by now. michael@0: return TRUE; michael@0: } michael@0: michael@0: /** michael@0: * Checks to see if a file stored at filePath matches the specified info. This michael@0: * only supports the name and issuer attributes currently. michael@0: * michael@0: * @param filePath The PE file path to check michael@0: * @param infoToMatch The acceptable information to match michael@0: * @return ERROR_SUCCESS if successful, ERROR_NOT_FOUND if the info michael@0: * does not match, or the last error otherwise. michael@0: */ michael@0: DWORD michael@0: CheckCertificateForPEFile(LPCWSTR filePath, michael@0: CertificateCheckInfo &infoToMatch) michael@0: { michael@0: HCERTSTORE certStore = NULL; michael@0: HCRYPTMSG cryptMsg = NULL; michael@0: PCCERT_CONTEXT certContext = NULL; michael@0: PCMSG_SIGNER_INFO signerInfo = NULL; michael@0: DWORD lastError = ERROR_SUCCESS; michael@0: michael@0: // Get the HCERTSTORE and HCRYPTMSG from the signed file. michael@0: DWORD encoding, contentType, formatType; michael@0: BOOL result = CryptQueryObject(CERT_QUERY_OBJECT_FILE, michael@0: filePath, michael@0: CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, michael@0: CERT_QUERY_CONTENT_FLAG_ALL, michael@0: 0, &encoding, &contentType, michael@0: &formatType, &certStore, &cryptMsg, NULL); michael@0: if (!result) { michael@0: lastError = GetLastError(); michael@0: goto cleanup; michael@0: } michael@0: michael@0: // Pass in NULL to get the needed signer information size. michael@0: DWORD signerInfoSize; michael@0: result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0, michael@0: NULL, &signerInfoSize); michael@0: if (!result) { michael@0: lastError = GetLastError(); michael@0: goto cleanup; michael@0: } michael@0: michael@0: // Allocate the needed size for the signer information. michael@0: signerInfo = (PCMSG_SIGNER_INFO)LocalAlloc(LPTR, signerInfoSize); michael@0: if (!signerInfo) { michael@0: lastError = GetLastError(); michael@0: goto cleanup; michael@0: } michael@0: michael@0: // Get the signer information (PCMSG_SIGNER_INFO). michael@0: // In particular we want the issuer and serial number. michael@0: result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0, michael@0: (PVOID)signerInfo, &signerInfoSize); michael@0: if (!result) { michael@0: lastError = GetLastError(); michael@0: goto cleanup; michael@0: } michael@0: michael@0: // Search for the signer certificate in the certificate store. michael@0: CERT_INFO certInfo; michael@0: certInfo.Issuer = signerInfo->Issuer; michael@0: certInfo.SerialNumber = signerInfo->SerialNumber; michael@0: certContext = CertFindCertificateInStore(certStore, ENCODING, 0, michael@0: CERT_FIND_SUBJECT_CERT, michael@0: (PVOID)&certInfo, NULL); michael@0: if (!certContext) { michael@0: lastError = GetLastError(); michael@0: goto cleanup; michael@0: } michael@0: michael@0: if (!DoCertificateAttributesMatch(certContext, infoToMatch)) { michael@0: lastError = ERROR_NOT_FOUND; michael@0: goto cleanup; michael@0: } michael@0: michael@0: cleanup: michael@0: if (signerInfo) { michael@0: LocalFree(signerInfo); michael@0: } michael@0: if (certContext) { michael@0: CertFreeCertificateContext(certContext); michael@0: } michael@0: if (certStore) { michael@0: CertCloseStore(certStore, 0); michael@0: } michael@0: if (cryptMsg) { michael@0: CryptMsgClose(cryptMsg); michael@0: } michael@0: return lastError; michael@0: } michael@0: michael@0: /** michael@0: * Compares the certificate name and issuer values for a signed file's with the michael@0: * values provided. michael@0: * michael@0: * @param stacktop A pointer to the top of the stack. The stack should contain michael@0: * from the top the file's path, the expected value for the michael@0: * certificate's name attribute, and the expected value for michael@0: * the certificate's issuer attribute. michael@0: * @param variables A pointer to the NSIS variables michael@0: * @return 1 if the certificate name and issuer attributes matched the expected michael@0: * values, 0 if they don't match the expected values. michael@0: */ michael@0: extern "C" void __declspec(dllexport) michael@0: VerifyCertNameIssuer(HWND hwndParent, int string_size, michael@0: TCHAR *variables, stack_t **stacktop, void *extra) michael@0: { michael@0: TCHAR tmp1[MAX_PATH + 1] = { _T('\0') }; michael@0: TCHAR tmp2[MAX_PATH + 1] = { _T('\0') }; michael@0: TCHAR tmp3[MAX_PATH + 1] = { _T('\0') }; michael@0: WCHAR filePath[MAX_PATH + 1] = { L'\0' }; michael@0: WCHAR certName[MAX_PATH + 1] = { L'\0' }; michael@0: WCHAR certIssuer[MAX_PATH + 1] = { L'\0' }; michael@0: michael@0: popstring(stacktop, tmp1, MAX_PATH); michael@0: popstring(stacktop, tmp2, MAX_PATH); michael@0: popstring(stacktop, tmp3, MAX_PATH); michael@0: michael@0: #if !defined(UNICODE) michael@0: MultiByteToWideChar(CP_ACP, 0, tmp1, -1, filePath, MAX_PATH); michael@0: MultiByteToWideChar(CP_ACP, 0, tmp2, -1, certName, MAX_PATH); michael@0: MultiByteToWideChar(CP_ACP, 0, tmp3, -1, certIssuer, MAX_PATH); michael@0: #else michael@0: wcsncpy(filePath, tmp1, MAX_PATH); michael@0: wcsncpy(certName, tmp2, MAX_PATH); michael@0: wcsncpy(certIssuer, tmp3, MAX_PATH); michael@0: #endif michael@0: michael@0: CertificateCheckInfo allowedCertificate = { michael@0: certName, michael@0: certIssuer, michael@0: }; michael@0: michael@0: LONG retCode = CheckCertificateForPEFile(filePath, allowedCertificate); michael@0: if (retCode == ERROR_SUCCESS) { michael@0: pushstring(stacktop, TEXT("1"), 2); michael@0: } else { michael@0: pushstring(stacktop, TEXT("0"), 2); michael@0: } michael@0: } michael@0: michael@0: /** michael@0: * Verifies the trust of a signed file's certificate. michael@0: * michael@0: * @param filePath The file path to check. michael@0: * @return ERROR_SUCCESS if successful, or the last error code otherwise. michael@0: */ michael@0: DWORD michael@0: VerifyCertificateTrustForFile(LPCWSTR filePath) michael@0: { michael@0: // Setup the file to check. michael@0: WINTRUST_FILE_INFO fileToCheck; michael@0: ZeroMemory(&fileToCheck, sizeof(fileToCheck)); michael@0: fileToCheck.cbStruct = sizeof(WINTRUST_FILE_INFO); michael@0: fileToCheck.pcwszFilePath = filePath; michael@0: michael@0: // Setup what to check, we want to check it is signed and trusted. michael@0: WINTRUST_DATA trustData; michael@0: ZeroMemory(&trustData, sizeof(trustData)); michael@0: trustData.cbStruct = sizeof(trustData); michael@0: trustData.pPolicyCallbackData = NULL; michael@0: trustData.pSIPClientData = NULL; michael@0: trustData.dwUIChoice = WTD_UI_NONE; michael@0: trustData.fdwRevocationChecks = WTD_REVOKE_NONE; michael@0: trustData.dwUnionChoice = WTD_CHOICE_FILE; michael@0: trustData.dwStateAction = 0; michael@0: trustData.hWVTStateData = NULL; michael@0: trustData.pwszURLReference = NULL; michael@0: // no UI michael@0: trustData.dwUIContext = 0; michael@0: trustData.pFile = &fileToCheck; michael@0: michael@0: GUID policyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2; michael@0: // Check if the file is signed by something that is trusted. michael@0: LONG ret = WinVerifyTrust(NULL, &policyGUID, &trustData); michael@0: return ret; michael@0: } michael@0: michael@0: /** michael@0: * Verifies the trust of a signed file's certificate. michael@0: * michael@0: * @param stacktop A pointer to the top of the stack. This should be the file michael@0: * path for the file that will have its trust verified. michael@0: * @param variables A pointer to the NSIS variables michael@0: * @return 1 if the file's trust was verified successfully, 0 if it was not michael@0: */ michael@0: extern "C" void __declspec(dllexport) michael@0: VerifyCertTrust(HWND hwndParent, int string_size, michael@0: TCHAR *variables, stack_t **stacktop, void *extra) michael@0: { michael@0: TCHAR tmp[MAX_PATH + 1] = { _T('\0') }; michael@0: WCHAR filePath[MAX_PATH + 1] = { L'\0' }; michael@0: michael@0: popstring(stacktop, tmp, MAX_PATH); michael@0: michael@0: #if !defined(UNICODE) michael@0: MultiByteToWideChar(CP_ACP, 0, tmp, -1, filePath, MAX_PATH); michael@0: #else michael@0: wcsncpy(filePath, tmp, MAX_PATH); michael@0: #endif michael@0: michael@0: LONG retCode = VerifyCertificateTrustForFile(filePath); michael@0: if (retCode == ERROR_SUCCESS) { michael@0: pushstring(stacktop, TEXT("1"), 2); michael@0: } else { michael@0: pushstring(stacktop, TEXT("0"), 2); michael@0: } michael@0: } michael@0: michael@0: BOOL WINAPI michael@0: DllMain(HANDLE hInst, ULONG ul_reason_for_call, LPVOID lpReserved) michael@0: { michael@0: return TRUE; michael@0: } michael@0: michael@0: /** michael@0: * Removes an element from the top of the NSIS stack michael@0: * michael@0: * @param stacktop A pointer to the top of the stack michael@0: * @param str The string to pop to michael@0: * @param len The max length michael@0: * @return 0 on success michael@0: */ michael@0: int popstring(stack_t **stacktop, TCHAR *str, int len) michael@0: { michael@0: // Removes the element from the top of the stack and puts it in the buffer michael@0: stack_t *th; michael@0: if (!stacktop || !*stacktop) { michael@0: return 1; michael@0: } michael@0: michael@0: th = (*stacktop); michael@0: lstrcpyn(str,th->text, len); michael@0: *stacktop = th->next; michael@0: GlobalFree((HGLOBAL)th); michael@0: return 0; michael@0: } michael@0: michael@0: /** michael@0: * Adds an element to the top of the NSIS stack michael@0: * michael@0: * @param stacktop A pointer to the top of the stack michael@0: * @param str The string to push on the stack michael@0: * @param len The length of the string to push on the stack michael@0: * @return 0 on success michael@0: */ michael@0: void pushstring(stack_t **stacktop, const TCHAR *str, int len) michael@0: { michael@0: stack_t *th; michael@0: if (!stacktop) { michael@0: return; michael@0: } michael@0: michael@0: th = (stack_t*)GlobalAlloc(GPTR, sizeof(stack_t) + len); michael@0: lstrcpyn(th->text, str, len); michael@0: th->next = *stacktop; michael@0: *stacktop = th; michael@0: }