Example #1
0
        private Native.WINTRUST_DATA InitializeWinTrustDataStruct(string filePath, bool enforcePolicy)
        {
            // See https://msdn.microsoft.com/en-us/library/windows/desktop/aa382384(v=vs.85).aspx
            // which was used to drive data initialization, API use and comments in this code.

            var winTrustData = new Native.WINTRUST_DATA();

            winTrustData.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_DATA));

            var fileInfo = new Native.WINTRUST_FILE_INFO();

            fileInfo.cbStruct      = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_FILE_INFO));
            fileInfo.pcwszFilePath = filePath;

            winTrustData.pFile = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.WINTRUST_FILE_INFO)));
            Marshal.StructureToPtr(fileInfo, winTrustData.pFile, false);

            winTrustData.pPolicyCallbackData = IntPtr.Zero;                                                  // Use default code signing EKU
            winTrustData.pSIPClientData      = IntPtr.Zero;                                                  // No data to pass to SIP
            winTrustData.UIChoice            = Native.UIChoice.WTD_UI_NONE;                                  // Disable all UI on execution
            winTrustData.UIContext           = 0;
            winTrustData.UIContext           = Native.UIContext.WTD_UICONTEXT_EXECUTE;                       // File is intended to be executed
            winTrustData.UnionChoice         = Native.UnionChoice.WTD_CHOICE_FILE;                           // We're verifying a file
            winTrustData.RevocationChecks    = Native.RevocationChecks.WTD_REVOKE_WHOLECHAIN;                // Revocation checking on whole chain.
            winTrustData.dwProvFlags         = Native.ProviderFlags.WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT; // Don't reach across the network
            winTrustData.dwProvFlags        |= Native.ProviderFlags.WTD_CACHE_ONLY_URL_RETRIEVAL;

            winTrustData.pwszURLReference = null;                                                     // Reserved for future use

            winTrustData.StateAction   = Native.StateAction.WTD_STATEACTION_VERIFY;
            winTrustData.hWVTStateData = IntPtr.Zero; // This value set by API call

            if (enforcePolicy)
            {
                var signatureSettings = new Native.WINTRUST_SIGNATURE_SETTINGS();
                signatureSettings.cbStruct           = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_SIGNATURE_SETTINGS));
                signatureSettings.dwIndex            = 0;
                signatureSettings.dwFlags            = Native.SignatureSettingsFlags.WSS_VERIFY_SPECIFIC;
                signatureSettings.cSecondarySigs     = 0;
                signatureSettings.dwVerifiedSigIndex = 0;

                var policy = new Native.CERT_STRONG_SIGN_PARA();
                policy.cbStruct     = (uint)Marshal.SizeOf(typeof(Native.CERT_STRONG_SIGN_PARA));
                policy.dwInfoChoice = Native.InfoChoice.CERT_STRONG_SIGN_OID_INFO_CHOICE;
                policy.pszOID       = Native.szOID_CERT_STRONG_SIGN_OS_1;

                signatureSettings.pCryptoPolicy = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.CERT_STRONG_SIGN_PARA)));
                Marshal.StructureToPtr(policy, signatureSettings.pCryptoPolicy, false);

                winTrustData.pSignatureSettings = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.WINTRUST_SIGNATURE_SETTINGS)));
                Marshal.StructureToPtr(signatureSettings, winTrustData.pSignatureSettings, false);
            }

            return(winTrustData);
        }
Example #2
0
        private Native.WINTRUST_DATA InitializeWinTrustDataStruct(string filePath, WinTrustDataKind kind, uint signatureIndex = 0)
        {
            // See https://msdn.microsoft.com/en-us/library/windows/desktop/aa382384(v=vs.85).aspx
            // which was used to drive data initialization, API use and comments in this code.

            var winTrustData = new Native.WINTRUST_DATA();
            winTrustData.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_DATA));

            var fileInfo = new Native.WINTRUST_FILE_INFO();
            fileInfo.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_FILE_INFO));
            fileInfo.pcwszFilePath = filePath;

            winTrustData.pFile = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.WINTRUST_FILE_INFO)));
            Marshal.StructureToPtr(fileInfo, winTrustData.pFile, false);

            winTrustData.pPolicyCallbackData = IntPtr.Zero;                                           // Use default code signing EKU
            winTrustData.pSIPClientData = IntPtr.Zero;                                                // No data to pass to SIP
            winTrustData.UIChoice = Native.UIChoice.WTD_UI_NONE;                                      // Disable all UI on execution
            winTrustData.UIContext = 0;
            winTrustData.UIContext = Native.UIContext.WTD_UICONTEXT_EXECUTE;                          // File is intended to be executed
            winTrustData.UnionChoice = Native.UnionChoice.WTD_CHOICE_FILE;                            // We're verifying a file
            winTrustData.RevocationChecks = Native.RevocationChecks.WTD_REVOKE_WHOLECHAIN;            // Revocation checking on whole chain.
            winTrustData.dwProvFlags = Native.ProviderFlags.WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;  // Don't reach across the network
            winTrustData.dwProvFlags |= Native.ProviderFlags.WTD_CACHE_ONLY_URL_RETRIEVAL;

            winTrustData.pwszURLReference = null;                                                     // Reserved for future use

            winTrustData.StateAction = Native.StateAction.WTD_STATEACTION_VERIFY;
            winTrustData.hWVTStateData = IntPtr.Zero; // This value set by API call

            if (kind != WinTrustDataKind.Normal)
            {
                Native.SignatureSettingsFlags flags = Native.SignatureSettingsFlags.WSS_GET_SECONDARY_SIG_COUNT;

                if (kind == WinTrustDataKind.EnforcePolicy)
                {
                    flags = Native.SignatureSettingsFlags.WSS_VERIFY_SPECIFIC;
                }

                var signatureSettings = new Native.WINTRUST_SIGNATURE_SETTINGS();
                signatureSettings.cbStruct = (uint)Marshal.SizeOf(typeof(Native.WINTRUST_SIGNATURE_SETTINGS));
                signatureSettings.dwIndex = signatureIndex;
                signatureSettings.dwFlags = flags;
                signatureSettings.cSecondarySigs = 0;
                signatureSettings.dwVerifiedSigIndex = 0;

                var policy = new Native.CERT_STRONG_SIGN_PARA();
                policy.cbStruct = (uint)Marshal.SizeOf(typeof(Native.CERT_STRONG_SIGN_PARA));
                policy.dwInfoChoice = Native.InfoChoice.CERT_STRONG_SIGN_OID_INFO_CHOICE;
                policy.pszOID = Native.szOID_CERT_STRONG_SIGN_OS_1;

                signatureSettings.pCryptoPolicy = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.CERT_STRONG_SIGN_PARA)));
                Marshal.StructureToPtr(policy, signatureSettings.pCryptoPolicy, false);

                winTrustData.pSignatureSettings = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Native.WINTRUST_SIGNATURE_SETTINGS)));
                Marshal.StructureToPtr(signatureSettings, winTrustData.pSignatureSettings, false);
            }

            return winTrustData;
        }