Skip to content

anthrotype/verify-sigs

Repository files navigation

ABSTRACT
--------
verify_sigs contains library functions to compute and validate hashes
on different file types, and signatures on PECOFF Authenticode-signed
binaries.


DEPENDENCIES
------------
You need pyasn1 == 0.13b or >= pyasn1-0.1.4rc4
and M2Crypto to parse and validate signatures.
To exercise some demonstrator code, you may need pefile.
M2Crypto: http://chandlerproject.org/Projects/MeTooCrypto/
pyasn1: http://pyasn1.sourceforge.net/
pefile: http://code.google.com/p/pefile/


DETAILS
-------
Currently the following hashing methods are supported:
- generic files:
  md5, sha1, sha256, sha512
- PE-COFF authenticode (windows executables, drivers, dll's, ...):
  md5, sha1

fingerprint.py
The actual library of hashing algorithms, deployable as library and on
'naked' client systems, running under python 2.7. See embedded docstrings
and tests for usage scenarios. Does not use third party libraries.

fingerprinter_test.py
Set of tests on the fingerprinter, using pregenerated data.

generate_test_data.py
Run-once code supposed to be run by hand, creates some of the files
in test_data, that then need to be checked in.

auth_data.py
Basic container for authenticode data, as represented in ASN.1 together
with accessor and validator functions. Currently provides limited validation,
in particular certificate chain validation is missing.

auth_data_test.py
Set of tests on auth_data, assuring that pregenerated data still
produces the same reuslts.

pecoff_blob.py
Container for PECOFF format part of authenticode blobs, as provided
by the fingerprinter library in the SignedData structure.

print_pe_certs.py
Exercises authenticode validation routines, prints out hashes and certs.




THANKS
------
Many thanks to Darren and Michael for motivating me to work through tangled
standards.
Many thanks to Ero for pefile, and to Ilya Etingof for pyasn1, very useful
examples code for x509 and pkcs7 parsing, and finally for extending the 
parser to handle 'any' type!

Germano Caronni, 2012/4/26
caronni@google.com , gec@acm.org

About

Automatically exported from code.google.com/p/verify-sigs

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages