1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <windows.h>
8 #include <softpub.h>
9 #include <wintrust.h>
10
11 #include "certificatecheck.h"
12 #include "updatecommon.h"
13
14 static const int ENCODING = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
15
16 /**
17 * Checks to see if a file stored at filePath matches the specified info.
18 *
19 * @param filePath The PE file path to check
20 * @param infoToMatch The acceptable information to match
21 * @return ERROR_SUCCESS if successful, ERROR_NOT_FOUND if the info
22 * does not match, or the last error otherwise.
23 */
24 DWORD
CheckCertificateForPEFile(LPCWSTR filePath,CertificateCheckInfo & infoToMatch)25 CheckCertificateForPEFile(LPCWSTR filePath, CertificateCheckInfo& infoToMatch) {
26 HCERTSTORE certStore = nullptr;
27 HCRYPTMSG cryptMsg = nullptr;
28 PCCERT_CONTEXT certContext = nullptr;
29 PCMSG_SIGNER_INFO signerInfo = nullptr;
30 DWORD lastError = ERROR_SUCCESS;
31
32 // Get the HCERTSTORE and HCRYPTMSG from the signed file.
33 DWORD encoding, contentType, formatType;
34 BOOL result = CryptQueryObject(
35 CERT_QUERY_OBJECT_FILE, filePath,
36 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_CONTENT_FLAG_ALL,
37 0, &encoding, &contentType, &formatType, &certStore, &cryptMsg, nullptr);
38 if (!result) {
39 lastError = GetLastError();
40 LOG_WARN(("CryptQueryObject failed. (%d)", lastError));
41 goto cleanup;
42 }
43
44 // Pass in nullptr to get the needed signer information size.
45 DWORD signerInfoSize;
46 result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0, nullptr,
47 &signerInfoSize);
48 if (!result) {
49 lastError = GetLastError();
50 LOG_WARN(("CryptMsgGetParam failed. (%d)", lastError));
51 goto cleanup;
52 }
53
54 // Allocate the needed size for the signer information.
55 signerInfo = (PCMSG_SIGNER_INFO)LocalAlloc(LPTR, signerInfoSize);
56 if (!signerInfo) {
57 lastError = GetLastError();
58 LOG_WARN(("Unable to allocate memory for Signer Info. (%d)", lastError));
59 goto cleanup;
60 }
61
62 // Get the signer information (PCMSG_SIGNER_INFO).
63 // In particular we want the issuer and serial number.
64 result = CryptMsgGetParam(cryptMsg, CMSG_SIGNER_INFO_PARAM, 0,
65 (PVOID)signerInfo, &signerInfoSize);
66 if (!result) {
67 lastError = GetLastError();
68 LOG_WARN(("CryptMsgGetParam failed. (%d)", lastError));
69 goto cleanup;
70 }
71
72 // Search for the signer certificate in the certificate store.
73 CERT_INFO certInfo;
74 certInfo.Issuer = signerInfo->Issuer;
75 certInfo.SerialNumber = signerInfo->SerialNumber;
76 certContext =
77 CertFindCertificateInStore(certStore, ENCODING, 0, CERT_FIND_SUBJECT_CERT,
78 (PVOID)&certInfo, nullptr);
79 if (!certContext) {
80 lastError = GetLastError();
81 LOG_WARN(("CertFindCertificateInStore failed. (%d)", lastError));
82 goto cleanup;
83 }
84
85 if (!DoCertificateAttributesMatch(certContext, infoToMatch)) {
86 lastError = ERROR_NOT_FOUND;
87 LOG_WARN(("Certificate did not match issuer or name. (%d)", lastError));
88 goto cleanup;
89 }
90
91 cleanup:
92 if (signerInfo) {
93 LocalFree(signerInfo);
94 }
95 if (certContext) {
96 CertFreeCertificateContext(certContext);
97 }
98 if (certStore) {
99 CertCloseStore(certStore, 0);
100 }
101 if (cryptMsg) {
102 CryptMsgClose(cryptMsg);
103 }
104 return lastError;
105 }
106
107 /**
108 * Checks to see if a file stored at filePath matches the specified info.
109 *
110 * @param certContext The certificate context of the file
111 * @param infoToMatch The acceptable information to match
112 * @return FALSE if the info does not match or if any error occurs in the check
113 */
DoCertificateAttributesMatch(PCCERT_CONTEXT certContext,CertificateCheckInfo & infoToMatch)114 BOOL DoCertificateAttributesMatch(PCCERT_CONTEXT certContext,
115 CertificateCheckInfo& infoToMatch) {
116 DWORD dwData;
117 LPWSTR szName = nullptr;
118
119 if (infoToMatch.issuer) {
120 // Pass in nullptr to get the needed size of the issuer buffer.
121 dwData = CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE,
122 CERT_NAME_ISSUER_FLAG, nullptr, nullptr, 0);
123
124 if (!dwData) {
125 LOG_WARN(("CertGetNameString failed. (%d)", GetLastError()));
126 return FALSE;
127 }
128
129 // Allocate memory for Issuer name buffer.
130 szName = (LPWSTR)LocalAlloc(LPTR, dwData * sizeof(WCHAR));
131 if (!szName) {
132 LOG_WARN(
133 ("Unable to allocate memory for issuer name. (%d)", GetLastError()));
134 return FALSE;
135 }
136
137 // Get Issuer name.
138 if (!CertGetNameStringW(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE,
139 CERT_NAME_ISSUER_FLAG, nullptr, szName, dwData)) {
140 LOG_WARN(("CertGetNameString failed. (%d)", GetLastError()));
141 LocalFree(szName);
142 return FALSE;
143 }
144
145 // If the issuer does not match, return a failure.
146 if (!infoToMatch.issuer || wcscmp(szName, infoToMatch.issuer)) {
147 LocalFree(szName);
148 return FALSE;
149 }
150
151 LocalFree(szName);
152 szName = nullptr;
153 }
154
155 if (infoToMatch.name) {
156 // Pass in nullptr to get the needed size of the name buffer.
157 dwData = CertGetNameString(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
158 nullptr, nullptr, 0);
159 if (!dwData) {
160 LOG_WARN(("CertGetNameString failed. (%d)", GetLastError()));
161 return FALSE;
162 }
163
164 // Allocate memory for the name buffer.
165 szName = (LPWSTR)LocalAlloc(LPTR, dwData * sizeof(WCHAR));
166 if (!szName) {
167 LOG_WARN(("Unable to allocate memory for subject name. (%d)",
168 GetLastError()));
169 return FALSE;
170 }
171
172 // Obtain the name.
173 if (!(CertGetNameStringW(certContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
174 nullptr, szName, dwData))) {
175 LOG_WARN(("CertGetNameString failed. (%d)", GetLastError()));
176 LocalFree(szName);
177 return FALSE;
178 }
179
180 // If the issuer does not match, return a failure.
181 if (!infoToMatch.name || wcscmp(szName, infoToMatch.name)) {
182 LocalFree(szName);
183 return FALSE;
184 }
185
186 // We have a match!
187 LocalFree(szName);
188 }
189
190 // If there were any errors we would have aborted by now.
191 return TRUE;
192 }
193
194 /**
195 * Verifies the trust of the specified file path.
196 *
197 * @param filePath The file path to check.
198 * @return ERROR_SUCCESS if successful, or the last error code otherwise.
199 */
200 DWORD
VerifyCertificateTrustForFile(LPCWSTR filePath)201 VerifyCertificateTrustForFile(LPCWSTR filePath) {
202 // Setup the file to check.
203 WINTRUST_FILE_INFO fileToCheck;
204 ZeroMemory(&fileToCheck, sizeof(fileToCheck));
205 fileToCheck.cbStruct = sizeof(WINTRUST_FILE_INFO);
206 fileToCheck.pcwszFilePath = filePath;
207
208 // Setup what to check, we want to check it is signed and trusted.
209 WINTRUST_DATA trustData;
210 ZeroMemory(&trustData, sizeof(trustData));
211 trustData.cbStruct = sizeof(trustData);
212 trustData.pPolicyCallbackData = nullptr;
213 trustData.pSIPClientData = nullptr;
214 trustData.dwUIChoice = WTD_UI_NONE;
215 trustData.fdwRevocationChecks = WTD_REVOKE_NONE;
216 trustData.dwUnionChoice = WTD_CHOICE_FILE;
217 trustData.dwStateAction = 0;
218 trustData.hWVTStateData = nullptr;
219 trustData.pwszURLReference = nullptr;
220 // no UI
221 trustData.dwUIContext = 0;
222 trustData.pFile = &fileToCheck;
223
224 GUID policyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
225 // Check if the file is signed by something that is trusted.
226 LONG ret = WinVerifyTrust(nullptr, &policyGUID, &trustData);
227 if (ERROR_SUCCESS == ret) {
228 // The hash that represents the subject is trusted and there were no
229 // verification errors. No publisher nor time stamp chain errors.
230 LOG(("The file \"%ls\" is signed and the signature was verified.",
231 filePath));
232 return ERROR_SUCCESS;
233 }
234
235 DWORD lastError = GetLastError();
236 LOG_WARN(
237 ("There was an error validating trust of the certificate for file"
238 " \"%ls\". Returned: %d. (%d)",
239 filePath, ret, lastError));
240 return ret;
241 }
242