typedef RSA* (__cdecl* _EVP_PKEY_get1_RSA)(EVP_PKEY*);\r
typedef void (__cdecl* _RSA_free)(RSA*);\r
typedef int (__cdecl* _RSA_size)(const RSA*);\r
-typedef int (__cdecl* _RSA_public_decrypt)(int, const unsigned char*, unsigned char*, RSA*,int);\r
+typedef int (__cdecl* _RSA_public_decrypt)(int, const unsigned char*, unsigned char*, RSA*, int);\r
+typedef unsigned char* (__cdecl* _SHA1)(const unsigned char*, size_t, unsigned char*);\r
+typedef unsigned char* (__cdecl* _SHA224)(const unsigned char*, size_t, unsigned char*);\r
+typedef unsigned char* (__cdecl* _SHA256)(const unsigned char*, size_t, unsigned char*);\r
+typedef unsigned char* (__cdecl* _SHA384)(const unsigned char*, size_t, unsigned char*);\r
+typedef unsigned char* (__cdecl* _SHA512)(const unsigned char*, size_t, unsigned char*);\r
\r
_SSL_load_error_strings p_SSL_load_error_strings;\r
_SSL_library_init p_SSL_library_init;\r
_RSA_free p_RSA_free;\r
_RSA_size p_RSA_size;\r
_RSA_public_decrypt p_RSA_public_decrypt;\r
+_SHA1 p_SHA1;\r
+_SHA224 p_SHA224;\r
+_SHA256 p_SHA256;\r
+_SHA384 p_SHA384;\r
+_SHA512 p_SHA512;\r
\r
#define MAX_SSL_SOCKET 16\r
\r
|| !(p_EVP_PKEY_get1_RSA = (_EVP_PKEY_get1_RSA)GetProcAddress(g_hOpenSSLCommon, "EVP_PKEY_get1_RSA"))\r
|| !(p_RSA_free = (_RSA_free)GetProcAddress(g_hOpenSSLCommon, "RSA_free"))\r
|| !(p_RSA_size = (_RSA_size)GetProcAddress(g_hOpenSSLCommon, "RSA_size"))\r
- || !(p_RSA_public_decrypt = (_RSA_public_decrypt)GetProcAddress(g_hOpenSSLCommon, "RSA_public_decrypt")))\r
+ || !(p_RSA_public_decrypt = (_RSA_public_decrypt)GetProcAddress(g_hOpenSSLCommon, "RSA_public_decrypt"))\r
+ || !(p_SHA1 = (_SHA1)GetProcAddress(g_hOpenSSLCommon, "SHA1"))\r
+ || !(p_SHA224 = (_SHA224)GetProcAddress(g_hOpenSSLCommon, "SHA224"))\r
+ || !(p_SHA256 = (_SHA256)GetProcAddress(g_hOpenSSLCommon, "SHA256"))\r
+ || !(p_SHA384 = (_SHA384)GetProcAddress(g_hOpenSSLCommon, "SHA384"))\r
+ || !(p_SHA512 = (_SHA512)GetProcAddress(g_hOpenSSLCommon, "SHA512")))\r
{\r
if(g_hOpenSSL)\r
FreeLibrary(g_hOpenSSL);\r
return bResult;\r
}\r
\r
+// ハッシュ計算\r
+// 他にも同等の関数はあるが主にマルウェア対策のための冗長化\r
+void GetHashSHA1(const void* pData, DWORD Size, void* pHash)\r
+{\r
+ p_SHA1((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);\r
+}\r
+\r
+void GetHashSHA224(const void* pData, DWORD Size, void* pHash)\r
+{\r
+ p_SHA224((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);\r
+}\r
+\r
+void GetHashSHA256(const void* pData, DWORD Size, void* pHash)\r
+{\r
+ p_SHA256((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);\r
+}\r
+\r
+void GetHashSHA384(const void* pData, DWORD Size, void* pHash)\r
+{\r
+ p_SHA384((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);\r
+}\r
+\r
+void GetHashSHA512(const void* pData, DWORD Size, void* pHash)\r
+{\r
+ p_SHA512((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);\r
+}\r
+\r
// SSLセッションを開始\r
BOOL AttachSSL(SOCKET s, SOCKET parent, BOOL* pbAborted)\r
{\r
BOOL SetSSLRootCertificate(const void* pData, DWORD Length);\r
BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName);\r
BOOL DecryptSignature(const char* PublicKey, const void* pIn, DWORD InLength, void* pOut, DWORD OutLength, DWORD* pOutLength);\r
+void GetHashSHA1(const void* pData, DWORD Size, void* pHash);\r
+void GetHashSHA224(const void* pData, DWORD Size, void* pHash);\r
+void GetHashSHA256(const void* pData, DWORD Size, void* pHash);\r
+void GetHashSHA384(const void* pData, DWORD Size, void* pHash);\r
+void GetHashSHA512(const void* pData, DWORD Size, void* pHash);\r
BOOL AttachSSL(SOCKET s, SOCKET parent, BOOL* pbAborted);\r
BOOL DetachSSL(SOCKET s);\r
BOOL IsSSLAttached(SOCKET s);\r
#include "socketwrapper.h"\r
#include "protectprocess.h"\r
\r
+typedef struct\r
+{\r
+ BYTE Signature[64];\r
+ BYTE ListHash[64];\r
+} UPDATE_HASH;\r
+\r
BOOL DownloadFileViaHTTP(void* pOut, DWORD Length, DWORD* pLength, LPCWSTR UserAgent, LPCWSTR ServerName, LPCWSTR ObjectName)\r
{\r
BOOL bResult;\r
BOOL CheckForUpdates()\r
{\r
BOOL bResult;\r
+ DWORD Length;\r
BYTE Buf1[4096];\r
BYTE Buf2[1024];\r
- BYTE Hash[20];\r
- DWORD Length;\r
+ UPDATE_HASH UpdateHash;\r
+ BYTE Hash[64];\r
bResult = FALSE;\r
if(DownloadFileViaHTTP(&Buf1, sizeof(Buf1), &Length, HTTP_USER_AGENT, UPDATE_SERVER, UPDATE_HASH_PATH))\r
{\r
if(DecryptSignature(UPDATE_RSA_PUBLIC_KEY, &Buf1, Length, &Buf2, sizeof(Buf2), &Length))\r
{\r
- if(Length >= 20)\r
+ if(Length == sizeof(UPDATE_HASH))\r
{\r
- if(memcmp(&Buf2[0], UPDATE_SIGNATURE, 20) == 0)\r
+ memcpy(&UpdateHash, &Buf2, sizeof(UPDATE_HASH));\r
+ if(memcmp(&UpdateHash.Signature, UPDATE_SIGNATURE, 64) == 0)\r
{\r
if(DownloadFileViaHTTP(&Buf1, sizeof(Buf1), &Length, HTTP_USER_AGENT, UPDATE_SERVER, UPDATE_LIST_PATH))\r
{\r
- if(GetSHA1HashOfMemory(&Buf1, Length, &Hash))\r
+ GetHashSHA512(&Buf1, Length, &Hash);\r
+ if(memcmp(&Hash, &UpdateHash.ListHash, 64) == 0)\r
{\r
- if(memcmp(&Hash, &Buf2[20], 20) == 0)\r
- {\r
- // TODO: 更新情報を解析\r
- }\r
+ // TODO: 更新情報を解析\r
}\r
}\r
}\r
#define UPDATE_LIST_PATH L"/update/list"\r
#define UPDATE_RSA_PUBLIC_KEY \\r
"-----BEGIN PUBLIC KEY-----\n" \\r
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJvR902LFeKcP9ldQfVQ\n" \\r
- "F11f3Ph+KDZRIaMM30lBV77atXKuhJunbrjoiocakoSI7UZ1e7Em/Vx7DKi09Hu5\n" \\r
- "P0Qr5VU4OZ1CoO0bLsot7kKm2LbvLvVD/D92Ff4nhTMD5jhtsdp/XIbRjcdRj+TI\n" \\r
- "BmEdGOL62vXZ5XjZbrO3CRis7g0Ft/ojSgH1Qd3QSck5IJ3+L7844uIF9SB73xME\n" \\r
- "RuL+tG2n+VGajM6Hi6xJ1ssbpr7iLB69QmQ5swIaJSiY8oE950mL+EBNFmI3Md0N\n" \\r
- "vr4tDG8+fq/VhQB64k5hfgWaBImKYaEfftvg51L7yRX+CttgV6GM85ls41H/NDPM\n" \\r
- "CwIDAQAB\n" \\r
+ "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsVo13yricPHxkQypqiMy\n" \\r
+ "+EVPH5KCTsOz0EAJo9WpdiDrDsATbQ7vbLz0DVVzYKmdBFKF98qTFGqKLt67Z/Y4\n" \\r
+ "7fBmIbkEcA4Ct2oHlyuFtN8sxNAwjZ4k0EC59BXh0bsp+RXdwninliA0zRD30C4Z\n" \\r
+ "Tseul9ZyvllUfVm+cdf7pOPwd1Akh3qdffWRVUHCjAjCeUqTKPSnevKgj4uSP440\n" \\r
+ "ixRnwDSfH0+UPMIOdFT2fD9WG0CRDpg+PM/X34c4qjgnlQtDhfi0dHnZwN1gywkT\n" \\r
+ "CVAXcn3uulVzUO4h61nYcliHhN1C0+mN2cf98C8d65DCkLYamaDFAXn5pxuKV5PM\n" \\r
+ "Vl7O5+UYX7qVPFJih+YP+rf3UVe1kCQFWQ7K4HAz9IytFSNx7uNWbi1OoS5pTXhb\n" \\r
+ "dd7LvwA29XdqFx3pcCqC08wyZnesXqHH828/yetHbXzO6t03CaESVaqmr9V6c9R/\n" \\r
+ "d4c8aagPoG8tlysv4cR1UyAOPZ3ciT3dsn3sJr0HuYZ5S8zFKDybrT4r0hCGp3HS\n" \\r
+ "FfsEoJacyuUJ9WkPul8kW//wdQFstsIisRaBkj/jH6+/aqamIItXR0GkAC7QSM1+\n" \\r
+ "FztlwuPCzs/nJ4piaBBI8NOyWJ5xSSar3kW9arjHzkMDFwRmBVNz+UwgtoOy+jM3\n" \\r
+ "BSnG4aZtcUEB6AZwhG+z9jkCAwEAAQ==\n" \\r
"-----END PUBLIC KEY-----\n"\r
-#define UPDATE_SIGNATURE "\x15\x48\x1D\x36\x13\x9D\xA3\x84\x2F\x06\x73\x40\x74\xAC\xED\xFC\x2D\xED\x75\x86"\r
+#define UPDATE_SIGNATURE "\x4C\x2A\x8E\x57\xAB\x75\x0C\xB5\xDA\x5F\xFE\xB9\x57\x9A\x1B\xA2\x7A\x61\x32\xF8\xFA\x4B\x61\xE2\xBA\x20\x9C\x37\xD5\x0A\xDC\x94\x10\x4D\x02\x30\x9B\xCD\x01\x9B\xB8\x73\x1E\xDB\xFD\xD7\x45\xCA\xE0\x8E\xF9\xB0\x1F\xB4\x0D\xD8\xFB\xE8\x41\x48\xE7\xF5\xE8\x64"\r
\r
BOOL CheckForUpdates();\r
BOOL StartUpdateProcess();\r