nasingfaund / verify-sigs Goto Github PK

verify_sigs contains library functions to compute and validate hashes on different file types, and signatures on PECOFF Authenticode-signed binaries.

You need pyasn1 == 0.13b or >= pyasn1-0.1.4rc4 and Cryptography to parse and validate signatures. libssl-dev To exercise some demonstrator code, you may need pefile. Cryptograpy: https://cryptography.io pyasn1: http://pyasn1.sourceforge.net/ pefile: https://github.com/erocarrera/pefile

Currently the following hashing methods are supported:

• generic files: md5, sha1, sha256, sha512
• PE-COFF authenticode (windows executables, drivers, dll's, ...): md5, sha1

fingerprint.py The actual library of hashing algorithms, deployable as library and on 'naked' client systems, running under python 2.7. See embedded docstrings and tests for usage scenarios. Does not use third party libraries.

fingerprinter_test.py Set of tests on the fingerprinter, using pregenerated data.

generate_test_data.py Run-once code supposed to be run by hand, creates some of the files in test_data, that then need to be checked in.

auth_data.py Basic container for authenticode data, as represented in ASN.1 together with accessor and validator functions. Currently provides limited validation, in particular certificate chain validation is missing.

auth_data_test.py Set of tests on auth_data, assuring that pregenerated data still produces the same reuslts.

pecoff_blob.py Container for PECOFF format part of authenticode blobs, as provided by the fingerprinter library in the SignedData structure.

print_pe_certs.py Exercises authenticode validation routines, prints out hashes and certs.

Many thanks to Darren and Michael for motivating me to work through tangled standards. Many thanks to Ero for pefile, and to Ilya Etingof for pyasn1, very useful examples code for x509 and pkcs7 parsing, and finally for extending the parser to handle 'any' type!

Germano Caronni, 2012/4/26 [email protected] , [email protected]