[RAPPS]

- Add support for SHA-1 validation of completed downloads. Patch by Ismael Ferreras Morezuelas
CORE-10301 #resolve

svn path=/trunk/; revision=69459

reactos/base/applications/rapps/CMakeLists.txt

@@ -1,4 +1,6 @@
 
+include_directories(${REACTOS_SOURCE_DIR}/lib/cryptlib)
+
 list(APPEND SOURCE
     aboutdlg.c
     available.c

reactos/base/applications/rapps/available.c

@@ -260,6 +260,7 @@ EnumAvailableApplications(INT EnumType, AVAILENUMPROC lpEnumProc)
             GET_STRING2(L"Size",        Info->szSize);
             GET_STRING2(L"URLSite",     Info->szUrlSite);
             GET_STRING2(L"CDPath",      Info->szCDPath);
+            GET_STRING2(L"SHA1",        Info->szSHA1);
         }
 
         if (!lpEnumProc(Info))

reactos/base/applications/rapps/lang/bg-BG.rc

@@ -202,4 +202,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Премахването на данните за приложението от регистъра е невъзможно!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/cs-CZ.rc

@@ -203,4 +203,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Soubor se nepodařilo stáhnout! Adresa nenalezena!"
     IDS_UNABLE_TO_REMOVE "Nepodařilo se odstranit data programu z registru!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/de-DE.rc

@@ -198,4 +198,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Konnte die Daten nicht aus der Registry löschen!"
     IDS_CERT_DOES_NOT_MATCH "Überprüfung des SSL-Zertifikats fehlgeschlagen."
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/en-US.rc

@@ -198,4 +198,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Unable to remove data on the program from the registry!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/es-ES.rc

@@ -201,4 +201,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "No se pudo descargar el paquete. No se ha encontrado la dirección de Internet."
     IDS_UNABLE_TO_REMOVE "No se pudieron borrar del Registro los datos de instalación del programa."
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verificando integridad del paquete..."
+    IDS_INTEG_CHECK_FAIL "El paquete no ha pasado la comprobación de integridad, puede haber sido alterado o estar corrupto. No se recomienda ejecutarlo."
 END

reactos/base/applications/rapps/lang/fr-FR.rc

@@ -198,4 +198,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Impossible de télécharger le paquet : adresse non trouvée !"
     IDS_UNABLE_TO_REMOVE "Impossible de supprimer les données du programme du registre !"
     IDS_CERT_DOES_NOT_MATCH "Vérification du certificat SSL échouée."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/he-IL.rc

@@ -200,4 +200,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Unable to remove data on the program from the registry!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/it-IT.rc

@@ -198,4 +198,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Impossibile cancellare i dati dal registry!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/ja-JP.rc

@@ -198,4 +198,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "レジストリからこのプログラムに関するデータを削除できません!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/no-NO.rc

@@ -198,4 +198,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Unable to remove data on the program from the registry!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/pl-PL.rc

@@ -206,4 +206,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Nie można pobrać pakietu! Nie znaleziono adresu!"
     IDS_UNABLE_TO_REMOVE "Nie można było usunąć wpisu z rejestru!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/pt-BR.rc

@@ -200,4 +200,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Não foi possível remover as informações do programa do registro!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/ro-RO.rc

@@ -204,4 +204,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Pachetul nu poate fi descărcat! Adresa nu este găsită!"
     IDS_UNABLE_TO_REMOVE "Nu se pot elimina datele din registru pentru acest program!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/ru-RU.rc

@@ -198,4 +198,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Не удалось удалить данные о программе из реестра!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/sk-SK.rc

@@ -203,4 +203,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Nie je možné odstrániť z registrov údaje o programe!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/sq-AL.rc

@@ -202,4 +202,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "E pamundur te fshihen informacionet e programit nga regjistri!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/sv-SE.rc

@@ -205,4 +205,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Det gick ej att ta bort programmets data från registret!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/tr-TR.rc

@@ -200,4 +200,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Paket indirilemez! Adres bulunamadı!"
     IDS_UNABLE_TO_REMOVE "İzlencenin girişi değer defterinden silinemiyor."
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/uk-UA.rc

@@ -206,4 +206,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "Не вдалося видалити дані про програму з реєстру!"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/zh-CN.rc

@@ -201,4 +201,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "无法下载该软件包 ！找不到网络的地址 ！"
     IDS_UNABLE_TO_REMOVE "无法从注册表删除该程序的数据！"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/lang/zh-TW.rc

@@ -200,4 +200,6 @@ BEGIN
     IDS_UNABLE_TO_DOWNLOAD "Unable to download the package! Address not found!"
     IDS_UNABLE_TO_REMOVE "無法從登錄檔刪除該程式的資料！"
     IDS_CERT_DOES_NOT_MATCH "SSL certificate verification failed."    
+    IDS_INTEG_CHECK_TITLE "Verifying package integrity..."
+    IDS_INTEG_CHECK_FAIL "The package did not pass the integrity check, it may have been corrupted or tampered with during downloading. Running the software is not recommended."
 END

reactos/base/applications/rapps/loaddlg.c

@@ -355,6 +355,14 @@ ThreadFunc(LPVOID Context)
     if (FAILED(StringCbCatNW(path, sizeof(path), p + 1, filenameLength)))
         goto end;
 
+    /* is the file already there? let's avoid having to download it */
+    if (!bCab && AppInfo->szSHA1[0] != 0 && GetFileAttributesW(path) != INVALID_FILE_ATTRIBUTES)
+    {
+        /* only open it in case of total correctness */
+        if (VerifyInteg(AppInfo->szSHA1, path))
+            goto run;
+    }
+
     /* create an async download context for it */
     bTempfile = TRUE;
     dl = CreateDl(Context, &bCancelled);
@@ -462,8 +470,32 @@ ThreadFunc(LPVOID Context)
     if (bCancelled)
         goto end;
 
+    /* if this thing isn't a RAPPS update and it has a SHA-1 checksum
+       verify its integrity by using the native advapi32.A_SHA1 functions */
+    if (!bCab && AppInfo->szSHA1[0] != 0)
+    {
+        WCHAR szMsgText[MAX_STR_LEN];
+
+        /* change a few strings in the download dialog to reflect the verification process */
+        LoadStringW(hInst, IDS_INTEG_CHECK_TITLE, szMsgText, _countof(szMsgText));
+
+        SetWindowText(Dlg, szMsgText);
+        SendMessageW(GetDlgItem(Dlg, IDC_DOWNLOAD_STATUS), WM_SETTEXT, 0, (LPARAM)path);
+
+        /* this may take a while, depending on the file size */
+        if (!VerifyInteg(AppInfo->szSHA1, path))
+        {
+            if (!LoadStringW(hInst, IDS_INTEG_CHECK_FAIL, szMsgText, _countof(szMsgText)))
+                goto end;
+
+            MessageBoxW(Dlg, szMsgText, NULL, MB_OK | MB_ICONERROR);
+            goto end;
+        }
+    }
+
     ShowWindow(Dlg, SW_HIDE);
 
+run:
     /* run it */
     if (!bCab)
         ShellExecuteW( NULL, L"open", path, NULL, NULL, SW_SHOWNORMAL );

reactos/base/applications/rapps/misc.c

@@ -8,6 +8,7 @@
  */
 
 #include "rapps.h"
+#include <sha1.h>
 
 /* SESSION Operation */
 #define EXTRACT_FILLFILELIST  0x00000001
@@ -495,4 +496,62 @@ UINT ParserGetInt(LPCWSTR lpKeyName, LPCWSTR lpFileName)
     RtlUnicodeStringToInteger(&BufferW, 0, &Result);
 
     return Result;
-}
+}
+
+BOOL VerifyInteg(LPCWSTR lpSHA1Hash, LPCWSTR lpFileName)
+{
+    BOOL ret = FALSE;
+    const unsigned char *file_map;
+    HANDLE file, map;
+
+    ULONG sha[5];
+    WCHAR buf[40 + 1];
+    SHA_CTX ctx;
+
+    LARGE_INTEGER size;
+    UINT i;
+
+    /* first off, does it exist at all? */
+    file = CreateFileW(lpFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL);
+
+    if (file == INVALID_HANDLE_VALUE)
+        return FALSE;
+
+    /* let's grab the actual file size to organize the mmap'ing rounds */
+    GetFileSizeEx(file, &size);
+
+    /* retrieve a handle to map the file contents to memory */
+    map = CreateFileMappingW(file, NULL, PAGE_READONLY, 0, 0, NULL);
+    if (!map)
+        goto cleanup;
+
+    /* initialize the SHA-1 context */
+    A_SHAInit(&ctx);
+
+    /* map that thing in address space */
+    file_map = MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
+    if (!file_map)
+        goto cleanup;
+
+    /* feed the data to the cookie monster */
+    A_SHAUpdate(&ctx, file_map, size.LowPart);
+
+    /* cool, we don't need this anymore */
+    UnmapViewOfFile(file_map);
+
+    /* we're done, compute the final hash */
+    A_SHAFinal(&ctx, sha);
+
+    for (i = 0; i < sizeof(sha); i++)
+        swprintf(buf + 2 * i, L"%02x", ((unsigned char *)sha)[i]);
+
+    /* does the resulting SHA1 match with the provided one? */
+    if (!_wcsicmp(buf, lpSHA1Hash))
+        ret = TRUE;
+
+cleanup:
+    CloseHandle(map);
+    CloseHandle(file);
+
+    return ret;
+}

reactos/base/applications/rapps/rapps.h

@@ -91,11 +91,13 @@ typedef struct
     FILETIME ftCacheStamp;
     LIST_ENTRY List;
 
-    /* optional integrity checks */
-    BYTE MD5Checksum[16];
+    /* optional integrity checks (SHA-1 digests are 160 bit = 40 characters in hex string form) */
+    WCHAR szSHA1[40 + 1];
 
 } APPLICATION_INFO, *PAPPLICATION_INFO;
 
+BOOL VerifyInteg(LPCWSTR lpSHA1Hash, LPCWSTR lpFileName);
+
 typedef struct
 {
     HKEY hRootKey;

reactos/base/applications/rapps/resource.h

@@ -97,6 +97,8 @@
 #define IDS_UNABLE_TO_REMOVE     118
 #define IDS_UNABLE_TO_DOWNLOAD   119
 #define IDS_CERT_DOES_NOT_MATCH  120
+#define IDS_INTEG_CHECK_TITLE    121
+#define IDS_INTEG_CHECK_FAIL     122
 
 /* Tooltips */
 #define IDS_TOOLTIP_INSTALL      200

reactos/media/rapps/7zip.txt

@@ -11,6 +11,7 @@ Size = 1.14 MB
 Category = 12
 URLSite = http://www.7-zip.org/
 URLDownload = http://www.7-zip.org/a/7z1505.exe
+SHA1 = ece8bbd4c8903095d44e99196219c953a1d47bfd
 CDPath = none
 
 [Section.0407]

reactos/media/rapps/ccleaner.txt

@@ -12,6 +12,7 @@ Size = 6.25 MB
 Category = 12
 URLSite = http://www.piriform.com/ccleaner
 URLDownload = http://download.piriform.com/ccsetup508.exe
+SHA1 = aa7affcbdaf13c3872f32eaccf3befb92fd0fa80
 CDPath = none
 
 [Section.0407]

reactos/media/rapps/dosbox.txt

@@ -11,6 +11,7 @@ Size = 1.38 MB
 Category = 15
 URLSite = http://www.dosbox.com/
 URLDownload = http://download.sourceforge.net/project/dosbox/dosbox/0.74/DOSBox0.74-win32-installer.exe
+SHA1 = b4d671ed3fc1fc36aaf8abc1341d2ddaaafa8f88
 CDPath = none
 
 [Section.0407]

reactos/media/rapps/firefox28.txt

@@ -11,6 +11,7 @@ Size = 24.03 MB
 Category = 5
 URLSite = http://www.mozilla.org/en-US/
 URLDownload = http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/28.0/win32/en-US/Firefox%20Setup%2028.0.exe
+SHA1 = 0154f7a38acad5c186c000533f992830e509abee
 CDPath = none
 
 [Section.0405]

reactos/media/rapps/inkscape.txt

@@ -12,6 +12,7 @@ Size = 41.31 MB
 Category = 3
 URLSite = http://www.inkscape.org/
 URLDownload = https://inkscape.global.ssl.fastly.net/media/resources/file/Inkscape-0.91-1.exe
+SHA1 = aac506f8a71c943d89a27a38970733a8bc6f9b32
 CDPath = none
 
 [Section.0407]