This question is about verifying the assembly to check whether it is tampered for malicious activity.
When an assembly is created, metadata is generated. Metadata includes tables like type definition tables, type reference tables and manifest tables. Reference tables contain an entry for each assembly reference and the entry includes referenced assembly, its public key and a hash value. The manifest includes details of assembly referenced for each assembly and it includes the assembly name, its public key and Hashing algorithm. I also understand that during runtime when the assembly is loaded, it generates digital signature of the assembly with the public key embedded in the manifest and compares it with the digital signature already embedded in the assembly. If the digital signature matches then it loads.
My questions are below.
- The Assembly Reference metadata table include a HASH. It is also mentioned that it is not used. Then what is its purpose?
- Does this assembly verification happen every time the assembly loads?
- What happens if it is not strongly typed?
1: No, it’s used. Ecma-335, partition II, chapter 6.2.3 on the .file directive:
The bytes after the .hash specify a hash value computed for the file. The VES shall recompute this hash value prior to accessing this file and shall generate an exception if it does not match. The algorithm used to calculate this hash value is specified with .hash algorithm (see clause 6.2.1.1).
2: Only if strong name validation is enabled. Note that this is off by default since .NET 3.5 SP1 in full trust scenarios. You’d have to explicitly enable it with caspol.exe
3: assuming “strongly named”, then no validation is possible.