// Create and sign the Inf file and the catalog file for SeLow
public static void SignSeLowInfFiles(string cpu)
{
int build, version;
string name;
DateTime date;
ReadBuildInfoFromTextFile(out build, out version, out name, out date);
string hamcore = Path.Combine(Paths.BinDirName, "hamcore");
string sys_src = Path.Combine(hamcore, "SeLow_" + cpu + ".sys");
string inf_src = Path.Combine(hamcore, "SeLow_" + cpu + ".inf");
Con.WriteLine("Generating INF Files for SeLow...");
string dst_dir = Path.Combine(hamcore, @"inf\selow_" + cpu);
if (ExeSignChecker.CheckFileDigitalSignature(sys_src) == false ||
ExeSignChecker.IsKernelModeSignedFile(sys_src) == false)
{
throw new ApplicationException(sys_src + " is not signed.");
}
generateINFFilesForPlatform(inf_src, sys_src, null, dst_dir, version, build, date, true);
Con.WriteLine("Generating INF Files for SeLow Ok.");
}
// Sign for all binary files (parallel mode)
public static void SignAllBinaryFiles()
{
string[] files = Directory.GetFiles(Paths.BinDirName, "*", SearchOption.AllDirectories);
List <string> filename_list = new List <string>();
foreach (string file in files)
{
if (IsFileSignable(file))
{
bool isDriver = file.EndsWith(".sys", StringComparison.InvariantCultureIgnoreCase);
// Check whether this file is signed
bool isSigned = ExeSignChecker.CheckFileDigitalSignature(file);
if (isSigned && isDriver)
{
isSigned = ExeSignChecker.IsKernelModeSignedFile(file);
}
Con.WriteLine("The file '{0}': {1}.", file, isSigned ? "Already signed" : "Not yet signed");
if (isSigned == false)
{
filename_list.Add(file);
}
}
}
Con.WriteLine("Start ProcessWorkQueue for Signing...\n");
ThreadObj.ProcessWorkQueue(sign_thread, 40, filename_list.ToArray());
Con.WriteLine("ProcessWorkQueue for Signing completed.\n");
}
// Sign for all binary files (series mode)
public static void SignAllBinaryFilesSerial()
{
string[] files = Directory.GetFiles(Paths.BinDirName, "*", SearchOption.AllDirectories);
foreach (string file in files)
{
if (IsFileSignable(file))
{
bool isDriver = file.EndsWith(".sys", StringComparison.InvariantCultureIgnoreCase);
// Check whether this file is signed
bool isSigned = ExeSignChecker.CheckFileDigitalSignature(file);
if (isSigned && isDriver)
{
isSigned = ExeSignChecker.IsKernelModeSignedFile(file);
}
Con.WriteLine("The file '{0}': {1}.", file, isSigned ? "Already signed" : "Not yet signed");
if (isSigned == false)
{
Con.WriteLine("Signing...");
CodeSign.SignFile(file, file, "VPN Software", isDriver);
}
}
}
}
// Create Inf file for Windows 8
public static void GenerateINFFilesForWindows8(string cpu)
{
int build, version;
string name;
DateTime date;
ReadBuildInfoFromTextFile(out build, out version, out name, out date);
string hamcore = Path.Combine(Paths.BinDirName, "hamcore");
string inf_src_x86 = Path.Combine(hamcore, "vpn_driver.inf");
string inf_src_x64 = Path.Combine(hamcore, "vpn_driver_x64.inf");
string sys_src_x86 = Path.Combine(hamcore, "vpn_driver.sys");
string sys_src_x64 = Path.Combine(hamcore, "vpn_driver_x64.sys");
string sys6_src_x86 = Path.Combine(hamcore, "vpn_driver6.sys");
string sys6_src_x64 = Path.Combine(hamcore, "vpn_driver6_x64.sys");
Con.WriteLine("Generating INF Files for Windows 8...");
string dst_x86 = Path.Combine(hamcore, @"inf\x86");
string dst_x64 = Path.Combine(hamcore, @"inf\x64");
if (Str.StrCmpi(cpu, "x64"))
{
if (ExeSignChecker.CheckFileDigitalSignature(sys_src_x64) == false || ExeSignChecker.IsKernelModeSignedFile(sys_src_x64) == false)
{
throw new ApplicationException(sys_src_x64 + " is not signed.");
}
generateINFFilesForPlatform(inf_src_x64, sys_src_x64, sys6_src_x64, dst_x64, version, build, date, false);
}
else
{
if (ExeSignChecker.CheckFileDigitalSignature(sys_src_x86) == false || ExeSignChecker.IsKernelModeSignedFile(sys_src_x86) == false)
{
throw new ApplicationException(sys_src_x86 + " is not signed.");
}
generateINFFilesForPlatform(inf_src_x86, sys_src_x86, sys6_src_x86, dst_x86, version, build, date, false);
}
Con.WriteLine("Generating INF Files for Windows 8 Ok.");
}
public async Task <byte[]> SignAsync(string password, ReadOnlyMemory <byte> srcData, string certName, string flags, string comment, int numRetry = 5, CancellationToken cancel = default)
{
QueryStringList qs = new QueryStringList();
qs.Add("password", password);
qs.Add("cert", certName);
qs.Add("flags", flags);
qs.Add("comment", comment);
qs.Add("numretry", numRetry.ToString());
WebRet ret = await this.Web.SimplePostDataAsync(this.Url + "?" + qs, srcData.ToArray(), cancel, Consts.MimeTypes.OctetStream);
if (ret.Data.Length <= (srcData.Length * 9L / 10L))
{
throw new CoresException("ret.Data.Length <= (srcData.Length * 9L / 10L)");
}
if (ExeSignChecker.CheckFileDigitalSignature(ret.Data, flags._InStr("driver", true)) == false)
{
throw new CoresException("CheckFileDigitalSignature failed.");
}
return(ret.Data);
}
// Digital-sign the data on the memory
public static byte[] SignMemory(byte[] srcData, string comment, bool kernelModeDriver, int cert_id, int sha_mode)
{
#if !BU_OSS
int i;
string out_filename = null;
byte[] ret = null;
string in_tmp_filename = Path.Combine(in_dir,
Str.DateTimeToStrShortWithMilliSecs(DateTime.Now) + "_" +
Env.MachineName + "_" +
Secure.Rand63i().ToString() + ".dat");
IO.SaveFile(in_tmp_filename, srcData);
for (i = 0; i < NumRetries; i++)
{
Sign sign = new Sign();
sign.Proxy = new WebProxy();
try
{
out_filename = sign.ExecSignEx(Path.GetFileName(in_tmp_filename),
kernelModeDriver,
comment,
cert_id,
sha_mode);
break;
}
catch (Exception ex)
{
if (i != (NumRetries - 1))
{
Kernel.SleepThread(RetryIntervals);
}
else
{
throw ex;
}
}
}
for (i = 0; i < NumRetriesForCopy; i++)
{
try
{
ret = IO.ReadFile(Path.Combine(out_dir, out_filename));
}
catch (Exception ex)
{
if (i != (NumRetriesForCopy - 1))
{
Kernel.SleepThread(RetryIntervalsForCopy);
}
else
{
throw ex;
}
}
}
string tmpFileName = IO.CreateTempFileNameByExt(".exe");
try
{
File.Delete(tmpFileName);
}
catch
{
}
File.WriteAllBytes(tmpFileName, ret);
lock (lockObj)
{
if (ExeSignChecker.CheckFileDigitalSignature(tmpFileName) == false)
{
throw new ApplicationException("CheckFileDigitalSignature failed.");
}
if (kernelModeDriver)
{
if (ExeSignChecker.IsKernelModeSignedFile(tmpFileName) == false)
{
throw new ApplicationException("IsKernelModeSignedFile failed.");
}
}
}
try
{
}
catch
{
File.Delete(tmpFileName);
}
return(ret);
#else // BU_OSS
return(srcData);
#endif // BU_OSS
}