WinGui: Improve the security of the update checker on windows. This download is now verified against a signed RSA-SHA256 hash verifying both file integrity and origin.

1 files changed, 54 insertions, 25 deletions

diff --git a/win/CS/HandBrakeWPF/Services/UpdateService.cs b/win/CS/HandBrakeWPF/Services/UpdateService.cs
index 732193ac4..e5c97126f 100644
--- a/win/CS/HandBrakeWPF/Services/UpdateService.cs
+++ b/win/CS/HandBrakeWPF/Services/UpdateService.cs
@@ -10,8 +10,10 @@
 namespace HandBrakeWPF.Services

 {

     using System;

+    using System.Diagnostics;

     using System.IO;

     using System.Net;

+    using System.Reflection;

     using System.Security.Cryptography;

     using System.Text;

     using System.Threading;

@@ -127,7 +129,7 @@ namespace HandBrakeWPF.Services
                                 DownloadFile = reader.DownloadFile,

                                 Build = reader.Build,

                                 Version = reader.Version,

-                                ExpectedSHA1Hash = reader.Hash

+                                Signature = reader.Hash

                             };

 

                         callback(info2);

@@ -145,8 +147,8 @@ namespace HandBrakeWPF.Services
         /// <param name="url">

         /// The url.

         /// </param>

-        /// <param name="expectedSha1Hash">

-        /// The expected Sha 1 Hash.

+        /// <param name="expectedSignature">

+        /// The expected DSA SHA265 Signature

         /// </param>

         /// <param name="completed">

         /// The complete.

@@ -154,7 +156,7 @@ namespace HandBrakeWPF.Services
         /// <param name="progress">

         /// The progress.

         /// </param>

-        public void DownloadFile(string url, string expectedSha1Hash, Action<DownloadStatus> completed, Action<DownloadStatus> progress)

+        public void DownloadFile(string url, string expectedSignature, Action<DownloadStatus> completed, Action<DownloadStatus> progress)

         {

             ThreadPool.QueueUserWorkItem(

                delegate

@@ -188,13 +190,13 @@ namespace HandBrakeWPF.Services
                        localStream.Close();

 

                        completed(

-                           GetSHA1(tempPath) != expectedSha1Hash

-                               ? new DownloadStatus

+                           this.VerifyDownload(expectedSignature, tempPath)

+                               ? new DownloadStatus { WasSuccessful = true, Message = "Download Complete." } :

+                                 new DownloadStatus

                                    {

                                        WasSuccessful = false,

-                                       Message = "Download Failed.  SHA1 Checksum Failed. Please visit the website to download this update."

-                                   }

-                               : new DownloadStatus { WasSuccessful = true, Message = "Download Complete." });

+                                       Message = "Download Failed.  Checksum Failed. Please visit the website to download this update."

+                                   });

                    }

                    catch (Exception exc)

                    {

@@ -204,27 +206,54 @@ namespace HandBrakeWPF.Services
         }

 

         /// <summary>

-        /// The get sh a 1.

+        /// Verify the HandBrake download is Valid.

         /// </summary>

-        /// <param name="fileName">

-        /// The file name.

-        /// </param>

-        /// <returns>

-        /// The <see cref="string"/>.

-        /// </returns>

-        public static String GetSHA1(String fileName)

+        /// <param name="signature">The DSA SHA256 Signature from the appcast</param>

+        /// <param name="updateFile">Path to the downloaded update file</param>

+        /// <returns>True if the file is valid, false otherwise.</returns>

+        public bool VerifyDownload(string signature, string updateFile)

         {

-            FileStream file = new FileStream(fileName, FileMode.Open);

-            SHA1 sha1 = new SHA1CryptoServiceProvider();

-            byte[] retVal = sha1.ComputeHash(file);

-            file.Close();

+            // Sanity Checks

+            if (!File.Exists(updateFile))

+            {

+                return false;

+            }

 

-            StringBuilder sb = new StringBuilder();

-            for (int i = 0; i < retVal.Length; i++)

+            if (string.IsNullOrEmpty(signature))

+            {

+                return false;

+            }

+

+            // Fetch our Public Key

+            string publicKey;

+            using (Stream stream = Assembly.GetExecutingAssembly().GetManifestResourceStream("HandBrakeWPF.public.key"))

+            {

+                if (stream == null)

+                {

+                    return false;

+                }

+

+                using (StreamReader reader = new StreamReader(stream))

+                {

+                    publicKey = reader.ReadToEnd();

+                }

+            }

+            

+            // Verify the file against the Signature. 

+            try

+            {

+                byte[] file = File.ReadAllBytes(updateFile);

+                using (RSACryptoServiceProvider verifyProfider = new RSACryptoServiceProvider())

+                {

+                    verifyProfider.FromXmlString(publicKey);

+                    return verifyProfider.VerifyData(file, "SHA256", Convert.FromBase64String(signature));

+                }

+            }

+            catch (Exception e)

             {

-                sb.Append(retVal[i].ToString("x2"));

+                Debug.WriteLine(e);

+                return false;

             }

-            return sb.ToString();

         }

 

         #endregion