trustbridge: common/binverify.h comparison

(issue43) Add first draft of signature verification for GNU/Linux

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Thu, 10 Jul 2014 19:15:22 +0200
parents	facb13c578f1
children	44fa5de02b52

comparison

equal deleted inserted replaced

-:7861950f7637
+:2798f1869eee
 * in certificate.
 *
 * Caution: This function works on file names only which could
 * be modified after this check.
 *
-* The verification is done using Windows crypto API based on
+* Windows verification is done using Windows crypto API based on
 * embedded PKCS 7 "authenticode" signatures embedded into the
 * file.
+*
+* On Linux the last pattern of \r\nS: (0x0d0a533A) is looked up and
+* afterwards a 3072 Bit Base64 encoded RSA signature is expected.
+* The signature is verified against the built in codesigning key in
+* the same certificate that is used for windows verification.
 *
 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
 * @param[in] name_len length of the filename.
 *
 * @returns the verification result.
 #ifdef WIN32
 /**
 * @brief windows implementation of verify_binary
 */
 bin_verify_result verify_binary_win(const char *filename, size_t name_len);
-#endif /* WIN32 */
+#else /* WIN32 */
+/**@def Max size of a valid binary in byte */
+#define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)
+/**
+* @brief linux implementation of verify_binary
+*/
+bin_verify_result verify_binary_linux(const char *filename, size_t name_len);
+#endif
 #ifdef __cplusplus
 }
 #endif

Mercurial > trustbridge