trustbridge: common/binverify.h annotate

annotate common/binverify.h @ 975:b3695a3399de

(issue86) Install into default directories on Linux If the mozilla process is now started as root it will try to write into the default directories for NSS Shared and mozilla / thunderbird profiles. Cinst will now start the mozilla process once as root.

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Fri, 29 Aug 2014 12:59:44 +0200
parents	f89b41fa7048
children	78798d3af8f0

rev	line source
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	2 * Software engineering by Intevation GmbH
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	3 *
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	4 * This file is Free Software under the GNU GPL (v>=2)
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY!
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	6 * See LICENSE.txt for details.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	7 */
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	8
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	9 #ifndef BINVERIFY_H
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	10 #define BINVERIFY_H
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	11 /* @file binverify.h
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	12 * @brief Verification of binary files
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	13 */
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	14 #include <stdbool.h>
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	15 #include <stddef.h>
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	16
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	17 #ifdef __cplusplus
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	18 extern "C" {
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	19 #endif
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	20
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	21 /**
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	22 * @enum bin_verify_result
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	23 * @brief Result of a verification
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	24 */
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	25 typedef enum {
586 ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	26 VerifyValid = 100, /! Could be read and signature matched /
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	27 VerifyUnknownError = 1, /! The expected unexpected /
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	28 VerifyInvalidSignature = 4, /! Signature was invalid /
629 facb13c578f1 Add certificate pinning to verify_binary_win Andre Heinecke <andre.heinecke@intevation.de> parents: 586 diff changeset	29 VerifyInvalidCertificate = 5, /! Certificate mismatch /
586 ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	30 VerifyReadFailed = 6, /! File exists but could not read the file /
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	31 } bin_verify_result;
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	32
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	33 /**
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	34 * @brief verify a binary
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	35 *
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	36 * This function checks that a binary is signed by a built
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	37 * in certificate.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	38 *
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	39 * Caution: This function works on file names only which could
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	40 * be modified after this check.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	41 *
771 2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	42 * Windows verification is done using Windows crypto API based on
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	43 * embedded PKCS 7 "authenticode" signatures embedded into the
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	44 * file.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	45 *
904 f89b41fa7048 Fix whitespace errors Andre Heinecke <andre.heinecke@intevation.de> parents: 774 diff changeset	46 * On Linux the file is epxected to and with the pattern of
774 44fa5de02b52 (issue43) Finalize and verify binary verification for linux. Andre Heinecke <andre.heinecke@intevation.de> parents: 771 diff changeset	47 * \r\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA
44fa5de02b52 (issue43) Finalize and verify binary verification for linux. Andre Heinecke <andre.heinecke@intevation.de> parents: 771 diff changeset	48 * signature.
771 2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	49 * The signature is verified against the built in codesigning key in
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	50 * the same certificate that is used for windows verification.
774 44fa5de02b52 (issue43) Finalize and verify binary verification for linux. Andre Heinecke <andre.heinecke@intevation.de> parents: 771 diff changeset	51 * If the pattern is not found the verification fails.
771 2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	52 *
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	53 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	54 * @param[in] name_len length of the filename.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	55 *
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	56 * @returns the verification result.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	57 */
586 ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	58 bin_verify_result verify_binary(const char *filename, size_t name_len);
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	59
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	60 #ifdef WIN32
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	61 /**
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	62 * @brief windows implementation of verify_binary
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	63 */
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	64 bin_verify_result verify_binary_win(const char *filename, size_t name_len);
771 2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	65 #else /* WIN32 */
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	66 /*@def Max size of a valid binary in byte /
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	67 #define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	68
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	69 /**
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	70 * @brief linux implementation of verify_binary
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	71 */
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	72 bin_verify_result verify_binary_linux(const char *filename, size_t name_len);
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	73 #endif
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	74
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	75 #ifdef __cplusplus
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	76 }
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	77 #endif
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	78
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	79 #endif /* BINVERIFY_H */

Mercurial > trustbridge

annotate common/binverify.h @ 975:b3695a3399de