Index: base/applications/rapps_new/available.cpp =================================================================== --- base/applications/rapps_new/available.cpp (revision 70788) +++ base/applications/rapps_new/available.cpp (working copy) @@ -260,6 +260,7 @@ GET_STRING2(L"Size", Info->szSize); GET_STRING2(L"URLSite", Info->szUrlSite); GET_STRING2(L"CDPath", Info->szCDPath); + GET_STRING2(L"SHA1", Info->szSHA1); } if (!lpEnumProc(Info)) Index: base/applications/rapps_new/CMakeLists.txt =================================================================== --- base/applications/rapps_new/CMakeLists.txt (revision 70788) +++ base/applications/rapps_new/CMakeLists.txt (working copy) @@ -3,6 +3,7 @@ set_cpp(WITH_RUNTIME) include_directories(${REACTOS_SOURCE_DIR}/lib/atl) +include_directories(${REACTOS_SOURCE_DIR}/lib/cryptlib) list(APPEND SOURCE aboutdlg.cpp @@ -10,6 +11,7 @@ gui.cpp installdlg.cpp installed.cpp + integrity.cpp loaddlg.cpp misc.cpp settingsdlg.cpp Index: base/applications/rapps_new/integrity.cpp =================================================================== --- base/applications/rapps_new/integrity.cpp (revision 0) +++ base/applications/rapps_new/integrity.cpp (working copy) @@ -0,0 +1,61 @@ +/* + * PROJECT: ReactOS Applications Manager + * LICENSE: GPL - See COPYING in the top level directory + * FILE: base/applications/rapps_new/integrity.cpp + * PURPOSE: Various integrity check mechanisms + * PROGRAMMERS: Ismael Ferreras Morezuelas (swyterzone+ros@gmail.com) + * Mark Jansen + */ + +#include "rapps.h" +#include + + +BOOL VerifyInteg(LPCWSTR lpSHA1Hash, LPCWSTR lpFileName) +{ + BOOL ret = FALSE; + + /* first off, does it exist at all? */ + HANDLE file = CreateFileW(lpFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL); + + if (file == INVALID_HANDLE_VALUE) + return FALSE; + + /* let's grab the actual file size to organize the mmap'ing rounds */ + LARGE_INTEGER size; + GetFileSizeEx(file, &size); + + /* retrieve a handle to map the file contents to memory */ + HANDLE map = CreateFileMappingW(file, NULL, PAGE_READONLY, 0, 0, NULL); + if (map) + { + /* map that thing in address space */ + const unsigned char *file_map = static_cast(MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0)); + if (file_map) + { + SHA_CTX ctx; + /* initialize the SHA-1 context */ + A_SHAInit(&ctx); + + /* feed the data to the cookie monster */ + A_SHAUpdate(&ctx, file_map, size.LowPart); + + /* cool, we don't need this anymore */ + UnmapViewOfFile(file_map); + + /* we're done, compute the final hash */ + ULONG sha[5]; + A_SHAFinal(&ctx, sha); + + WCHAR buf[(sizeof(sha) * 2) + 1]; + for (UINT i = 0; i < sizeof(sha); i++) + swprintf(buf + 2 * i, L"%02x", ((unsigned char *)sha)[i]); + /* does the resulting SHA1 match with the provided one? */ + if (!_wcsicmp(buf, lpSHA1Hash)) + ret = TRUE; + } + CloseHandle(map); + } + CloseHandle(file); + return ret; +} Index: base/applications/rapps_new/lang/bg-BG.rc =================================================================== --- base/applications/rapps_new/lang/bg-BG.rc (revision 70788) +++ base/applications/rapps_new/lang/bg-BG.rc (working copy) @@ -201,4 +201,7 @@ IDS_INFORMATION "Сведения" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Премахването на данните за приложението от регистъра е невъзможно!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/cs-CZ.rc =================================================================== --- base/applications/rapps_new/lang/cs-CZ.rc (revision 70788) +++ base/applications/rapps_new/lang/cs-CZ.rc (working copy) @@ -202,4 +202,7 @@ IDS_INFORMATION "Informace" IDS_UNABLE_TO_DOWNLOAD "Soubor se nepodařilo stáhnout! Adresa nenalezena!" IDS_UNABLE_TO_REMOVE "Nepodařilo se odstranit data programu z registru!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/de-DE.rc =================================================================== --- base/applications/rapps_new/lang/de-DE.rc (revision 70788) +++ base/applications/rapps_new/lang/de-DE.rc (working copy) @@ -197,4 +197,7 @@ IDS_INFORMATION "Informationen" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Konnte die Daten nicht aus der Registry löschen!" + IDS_CERT_DOES_NOT_MATCH "Überprüfung des SSL-Zertifikats fehlgeschlagen." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/en-US.rc =================================================================== --- base/applications/rapps_new/lang/en-US.rc (revision 70788) +++ base/applications/rapps_new/lang/en-US.rc (working copy) @@ -197,4 +197,7 @@ IDS_INFORMATION "Information" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Unable to remove data on the program from the registry!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/es-ES.rc =================================================================== --- base/applications/rapps_new/lang/es-ES.rc (revision 70788) +++ base/applications/rapps_new/lang/es-ES.rc (working copy) @@ -200,4 +200,7 @@ IDS_INFORMATION "Información" IDS_UNABLE_TO_DOWNLOAD "No se pudo descargar el paquete. No se ha encontrado la dirección de Internet." IDS_UNABLE_TO_REMOVE "No se pudieron borrar del Registro los datos de instalación del programa." + IDS_CERT_DOES_NOT_MATCH "Ha fallado la comprobación del certificado SSL." + IDS_INTEG_CHECK_TITLE "Verificando integridad del paquete..." + IDS_INTEG_CHECK_FAIL "El paquete no ha pasado la comprobación de integridad, puede haber sido alterado o estar corrupto. No se recomienda ejecutarlo." END Index: base/applications/rapps_new/lang/fr-FR.rc =================================================================== --- base/applications/rapps_new/lang/fr-FR.rc (revision 70788) +++ base/applications/rapps_new/lang/fr-FR.rc (working copy) @@ -197,4 +197,7 @@ IDS_INFORMATION "Information" IDS_UNABLE_TO_DOWNLOAD "Impossible de télécharger le paquet : adresse introuvable !" IDS_UNABLE_TO_REMOVE "Impossible de supprimer du registre les données du programme !" + IDS_CERT_DOES_NOT_MATCH "La vérification du certificat SSL a échoué." + IDS_INTEG_CHECK_TITLE "Vérification de l'intégrité du paquet..." + IDS_INTEG_CHECK_FAIL "Le contrôle d'intégrité du paquet a échoué, il se peut qu'il ait été corrompu ou altéré au cours du téléchargement. L'exécution du programme n'est pas recommandée." END Index: base/applications/rapps_new/lang/he-IL.rc =================================================================== --- base/applications/rapps_new/lang/he-IL.rc (revision 70788) +++ base/applications/rapps_new/lang/he-IL.rc (working copy) @@ -199,4 +199,7 @@ IDS_INFORMATION "מידע" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Unable to remove data on the program from the registry!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/it-IT.rc =================================================================== --- base/applications/rapps_new/lang/it-IT.rc (revision 70788) +++ base/applications/rapps_new/lang/it-IT.rc (working copy) @@ -197,4 +197,7 @@ IDS_INFORMATION "Informazioni" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Impossibile cancellare i dati dal registry!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/ja-JP.rc =================================================================== --- base/applications/rapps_new/lang/ja-JP.rc (revision 70788) +++ base/applications/rapps_new/lang/ja-JP.rc (working copy) @@ -197,4 +197,7 @@ IDS_INFORMATION "情報" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "レジストリからこのプログラムに関するデータを削除できません!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/no-NO.rc =================================================================== --- base/applications/rapps_new/lang/no-NO.rc (revision 70788) +++ base/applications/rapps_new/lang/no-NO.rc (working copy) @@ -197,4 +197,7 @@ IDS_INFORMATION "Information" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Unable to remove data on the program from the registry!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/pl-PL.rc =================================================================== --- base/applications/rapps_new/lang/pl-PL.rc (revision 70788) +++ base/applications/rapps_new/lang/pl-PL.rc (working copy) @@ -205,4 +205,7 @@ IDS_INFORMATION "Informacja" IDS_UNABLE_TO_DOWNLOAD "Nie można pobrać pakietu! Nie znaleziono adresu!" IDS_UNABLE_TO_REMOVE "Nie można było usunąć wpisu z rejestru!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/pt-BR.rc =================================================================== --- base/applications/rapps_new/lang/pt-BR.rc (revision 70788) +++ base/applications/rapps_new/lang/pt-BR.rc (working copy) @@ -199,4 +199,7 @@ IDS_INFORMATION "Informações" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Não foi possível remover as informações do programa do registro!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/ro-RO.rc =================================================================== --- base/applications/rapps_new/lang/ro-RO.rc (revision 70788) +++ base/applications/rapps_new/lang/ro-RO.rc (working copy) @@ -203,4 +203,7 @@ IDS_INFORMATION "Informație" IDS_UNABLE_TO_DOWNLOAD "Pachetul nu poate fi descărcat! Adresa nu este găsită!" IDS_UNABLE_TO_REMOVE "Nu se pot elimina datele din registru pentru acest program!" + IDS_CERT_DOES_NOT_MATCH "Verificarea certificatului SSL a eșuat." + IDS_INTEG_CHECK_TITLE "Se verifică integritatea pachetului…" + IDS_INTEG_CHECK_FAIL "Pachetul nu a trecut de verificarea de integritate. Utilizarea programului nu este recomandată." END Index: base/applications/rapps_new/lang/ru-RU.rc =================================================================== --- base/applications/rapps_new/lang/ru-RU.rc (revision 70788) +++ base/applications/rapps_new/lang/ru-RU.rc (working copy) @@ -197,4 +197,7 @@ IDS_INFORMATION "Информация" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Не удалось удалить данные о программе из реестра!" + IDS_CERT_DOES_NOT_MATCH "Ошибка проверки SSL сертификата." + IDS_INTEG_CHECK_TITLE "Проверка целостности приложения..." + IDS_INTEG_CHECK_FAIL "Приложение не прошло проверку целостности, возможно оно было повреждено или подменено. Запуск приложения не рекомендуется." END Index: base/applications/rapps_new/lang/sk-SK.rc =================================================================== --- base/applications/rapps_new/lang/sk-SK.rc (revision 70788) +++ base/applications/rapps_new/lang/sk-SK.rc (working copy) @@ -202,4 +202,7 @@ IDS_INFORMATION "Informácie" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Nie je možné odstrániť z registrov údaje o programe!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/sq-AL.rc =================================================================== --- base/applications/rapps_new/lang/sq-AL.rc (revision 70788) +++ base/applications/rapps_new/lang/sq-AL.rc (working copy) @@ -201,4 +201,7 @@ IDS_INFORMATION "Informacione" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "E pamundur te fshihen informacionet e programit nga regjistri!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/sv-SE.rc =================================================================== --- base/applications/rapps_new/lang/sv-SE.rc (revision 70788) +++ base/applications/rapps_new/lang/sv-SE.rc (working copy) @@ -204,4 +204,7 @@ IDS_INFORMATION "Information" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Det gick ej att ta bort programmets data från registret!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/tr-TR.rc =================================================================== --- base/applications/rapps_new/lang/tr-TR.rc (revision 70788) +++ base/applications/rapps_new/lang/tr-TR.rc (working copy) @@ -199,4 +199,7 @@ IDS_INFORMATION "Bilgi" IDS_UNABLE_TO_DOWNLOAD "Paket indirilemez! Adres bulunamadı!" IDS_UNABLE_TO_REMOVE "İzlencenin girişi değer defterinden silinemiyor." + IDS_CERT_DOES_NOT_MATCH "SSL onay belgesi doğrulaması başarısız." + IDS_INTEG_CHECK_TITLE "Paket bütünlüğü doğrulanıyor..." + IDS_INTEG_CHECK_FAIL "Paket bütünlük denetimini geçmedi, bozulmuş veyâ indirme esnâsında oynanmış olabilir. Yazılımı çalıştırmak önerilmez." END Index: base/applications/rapps_new/lang/uk-UA.rc =================================================================== --- base/applications/rapps_new/lang/uk-UA.rc (revision 70788) +++ base/applications/rapps_new/lang/uk-UA.rc (working copy) @@ -205,4 +205,7 @@ IDS_INFORMATION "Інформація" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "Не вдалося видалити дані про програму з реєстру!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/zh-CN.rc =================================================================== --- base/applications/rapps_new/lang/zh-CN.rc (revision 70788) +++ base/applications/rapps_new/lang/zh-CN.rc (working copy) @@ -199,4 +199,7 @@ IDS_INFORMATION "信息" IDS_UNABLE_TO_DOWNLOAD "无法下载该软件包 !找不到网络的地址 !" IDS_UNABLE_TO_REMOVE "无法从注册表删除该程序的数据!" + IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed." + IDS_INTEG_CHECK_TITLE "Verifying package integrity..." + IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended." END Index: base/applications/rapps_new/lang/zh-TW.rc =================================================================== --- base/applications/rapps_new/lang/zh-TW.rc (revision 70788) +++ base/applications/rapps_new/lang/zh-TW.rc (working copy) @@ -199,4 +199,7 @@ IDS_INFORMATION "資訊" IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!" IDS_UNABLE_TO_REMOVE "無法從登錄檔刪除該程式的資料!" + IDS_CERT_DOES_NOT_MATCH "SSL 憑證驗證失敗。" + IDS_INTEG_CHECK_TITLE "驗證套裝軟體的完整性..." + IDS_INTEG_CHECK_FAIL "包沒有通過完整性檢查,它可能已損壞,或者在下載過程中篡改。建議您不要運行該軟體。" END Index: base/applications/rapps_new/loaddlg.cpp =================================================================== --- base/applications/rapps_new/loaddlg.cpp (revision 70788) +++ base/applications/rapps_new/loaddlg.cpp (working copy) @@ -207,6 +207,13 @@ if (FAILED(StringCbCatW(path, sizeof(path), p + 1))) goto end; + if (!bCab && AppInfo->szSHA1[0] != 0 && GetFileAttributesW(path) != INVALID_FILE_ATTRIBUTES) + { + /* only open it in case of total correctness */ + if (VerifyInteg(AppInfo->szSHA1, path)) + goto run; + } + /* download it */ bTempfile = TRUE; CDownloadDialog_Constructor(Dlg, &bCancelled, IID_PPV_ARG(IBindStatusCallback, &dl)); @@ -293,8 +300,32 @@ if (bCancelled) goto end; + /* if this thing isn't a RAPPS update and it has a SHA-1 checksum + verify its integrity by using the native advapi32.A_SHA1 functions */ + if (!bCab && AppInfo->szSHA1[0] != 0) + { + WCHAR szMsgText[MAX_STR_LEN]; + + /* change a few strings in the download dialog to reflect the verification process */ + LoadStringW(hInst, IDS_INTEG_CHECK_TITLE, szMsgText, _countof(szMsgText)); + + SetWindowText(Dlg, szMsgText); + SendMessageW(GetDlgItem(Dlg, IDC_DOWNLOAD_STATUS), WM_SETTEXT, 0, (LPARAM)path); + + /* this may take a while, depending on the file size */ + if (!VerifyInteg(AppInfo->szSHA1, path)) + { + if (!LoadStringW(hInst, IDS_INTEG_CHECK_FAIL, szMsgText, _countof(szMsgText))) + goto end; + + MessageBoxW(Dlg, szMsgText, NULL, MB_OK | MB_ICONERROR); + goto end; + } + } + ShowWindow(Dlg, SW_HIDE); +run: /* run it */ if (!bCab) ShellExecuteW( NULL, L"open", path, NULL, NULL, SW_SHOWNORMAL ); Index: base/applications/rapps_new/rapps.h =================================================================== --- base/applications/rapps_new/rapps.h (revision 70788) +++ base/applications/rapps_new/rapps.h (working copy) @@ -89,8 +89,8 @@ FILETIME ftCacheStamp; LIST_ENTRY List; - /* optional integrity checks */ - BYTE MD5Checksum[16]; + /* optional integrity checks (SHA-1 digests are 160 bit = 40 characters in hex string form) */ + WCHAR szSHA1[40 + 1]; } APPLICATION_INFO, *PAPPLICATION_INFO; @@ -185,6 +185,9 @@ extern HWND hListView; extern WCHAR szSearchPattern[MAX_STR_LEN]; +/* integrity.cpp */ +BOOL VerifyInteg(LPCWSTR lpSHA1Hash, LPCWSTR lpFileName); + //extern HWND hTreeView; //BOOL CreateTreeView(HWND hwnd); //HTREEITEM TreeViewAddItem(HTREEITEM hParent, LPWSTR lpText, INT Image, INT SelectedImage, LPARAM lParam); Index: base/applications/rapps_new/resource.h =================================================================== --- base/applications/rapps_new/resource.h (revision 70788) +++ base/applications/rapps_new/resource.h (working copy) @@ -96,6 +96,9 @@ #define IDS_INFORMATION 117 #define IDS_UNABLE_TO_REMOVE 118 #define IDS_UNABLE_TO_DOWNLOAD 119 +#define IDS_CERT_DOES_NOT_MATCH 120 +#define IDS_INTEG_CHECK_TITLE 121 +#define IDS_INTEG_CHECK_FAIL 122 /* Tooltips */ #define IDS_TOOLTIP_INSTALL 200 Index: lib/cryptlib/sha1.h =================================================================== --- lib/cryptlib/sha1.h (revision 70788) +++ lib/cryptlib/sha1.h (working copy) @@ -1,6 +1,11 @@ #pragma once +#ifdef __cplusplus +extern "C" { +#endif + + #include /* SHA Context Structure Declaration */ @@ -21,4 +26,7 @@ VOID NTAPI A_SHAFinal(PSHA_CTX Context, PULONG Result); +#ifdef __cplusplus +} +#endif