comparison common/binverify.h @ 771:2798f1869eee

(issue43) Add first draft of signature verification for GNU/Linux
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 10 Jul 2014 19:15:22 +0200
parents facb13c578f1
children 44fa5de02b52
comparison
equal deleted inserted replaced
770:7861950f7637 771:2798f1869eee
37 * in certificate. 37 * in certificate.
38 * 38 *
39 * Caution: This function works on file names only which could 39 * Caution: This function works on file names only which could
40 * be modified after this check. 40 * be modified after this check.
41 * 41 *
42 * The verification is done using Windows crypto API based on 42 * Windows verification is done using Windows crypto API based on
43 * embedded PKCS 7 "authenticode" signatures embedded into the 43 * embedded PKCS 7 "authenticode" signatures embedded into the
44 * file. 44 * file.
45 *
46 * On Linux the last pattern of \r\nS: (0x0d0a533A) is looked up and
47 * afterwards a 3072 Bit Base64 encoded RSA signature is expected.
48 * The signature is verified against the built in codesigning key in
49 * the same certificate that is used for windows verification.
45 * 50 *
46 * @param[in] filename absolute null terminated UTF-8 encoded path to the file. 51 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
47 * @param[in] name_len length of the filename. 52 * @param[in] name_len length of the filename.
48 * 53 *
49 * @returns the verification result. 54 * @returns the verification result.
53 #ifdef WIN32 58 #ifdef WIN32
54 /** 59 /**
55 * @brief windows implementation of verify_binary 60 * @brief windows implementation of verify_binary
56 */ 61 */
57 bin_verify_result verify_binary_win(const char *filename, size_t name_len); 62 bin_verify_result verify_binary_win(const char *filename, size_t name_len);
58 #endif /* WIN32 */ 63 #else /* WIN32 */
64 /**@def Max size of a valid binary in byte */
65 #define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)
66
67 /**
68 * @brief linux implementation of verify_binary
69 */
70 bin_verify_result verify_binary_linux(const char *filename, size_t name_len);
71 #endif
59 72
60 #ifdef __cplusplus 73 #ifdef __cplusplus
61 } 74 }
62 #endif 75 #endif
63 76

http://wald.intevation.org/projects/trustbridge/