Mercurial > trustbridge
comparison common/binverify.c @ 586:ecfd77751daf
Disambiguate enumerator values and add portable wrapper.
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Tue, 27 May 2014 16:30:58 +0000 |
| parents | f4ce4eef3b38 |
| children | c93730ef2a3a |
comparison
equal
deleted
inserted
replaced
| 585:21f8d32f2d2a | 586:ecfd77751daf |
|---|---|
| 9 #include "binverify.h" | 9 #include "binverify.h" |
| 10 | 10 |
| 11 #include "strhelp.h" | 11 #include "strhelp.h" |
| 12 #include "logging.h" | 12 #include "logging.h" |
| 13 | 13 |
| 14 bin_verify_result | |
| 15 verify_binary(const char *filename, size_t name_len) { | |
| 16 #ifdef WIN32 | |
| 17 return verify_binary_win(filename, name_len); | |
| 18 #else | |
| 19 /* TODO */ | |
| 20 return VerifyValid; | |
| 21 #endif | |
| 22 } | |
| 23 | |
| 14 #ifdef WIN32 | 24 #ifdef WIN32 |
| 15 | 25 |
| 16 #include <windows.h> | 26 #include <windows.h> |
| 17 #include <wincrypt.h> | 27 #include <wincrypt.h> |
| 18 #include <wintrust.h> | 28 #include <wintrust.h> |
| 19 #include <stdio.h> | 29 #include <stdio.h> |
| 20 | 30 |
| 21 bin_verify_result | 31 bin_verify_result |
| 22 verify_binary_win(const char *filename, size_t name_len) { | 32 verify_binary_win(const char *filename, size_t name_len) { |
| 23 bin_verify_result retval = UnknownError; | 33 bin_verify_result retval = VerifyUnknownError; |
| 24 WCHAR *filenameW = NULL; | 34 WCHAR *filenameW = NULL; |
| 25 BOOL result = FALSE; | 35 BOOL result = FALSE; |
| 26 DWORD dwEncoding = 0, | 36 DWORD dwEncoding = 0, |
| 27 dwContentType = 0, | 37 dwContentType = 0, |
| 28 dwFormatType = 0, | 38 dwFormatType = 0, |
| 33 PCCERT_CONTEXT pSignerCertContext = NULL; | 43 PCCERT_CONTEXT pSignerCertContext = NULL; |
| 34 | 44 |
| 35 if (!filename || name_len > MAX_PATH || strlen(filename) != name_len) | 45 if (!filename || name_len > MAX_PATH || strlen(filename) != name_len) |
| 36 { | 46 { |
| 37 ERRORPRINTF ("Invalid parameters\n"); | 47 ERRORPRINTF ("Invalid parameters\n"); |
| 38 return UnknownError; | 48 return VerifyUnknownError; |
| 39 } | 49 } |
| 40 | 50 |
| 41 filenameW = utf8_to_wchar(filename, strnlen(filename, MAX_PATH)); | 51 filenameW = utf8_to_wchar(filename, strnlen(filename, MAX_PATH)); |
| 42 | 52 |
| 43 result = CryptQueryObject (CERT_QUERY_OBJECT_FILE, | 53 result = CryptQueryObject (CERT_QUERY_OBJECT_FILE, |
| 53 NULL); | 63 NULL); |
| 54 | 64 |
| 55 if (!result || !hMsg) | 65 if (!result || !hMsg) |
| 56 { | 66 { |
| 57 PRINTLASTERROR ("Failed to query crypto object"); | 67 PRINTLASTERROR ("Failed to query crypto object"); |
| 58 retval = ReadFailed; | 68 retval = VerifyReadFailed; |
| 59 goto done; | 69 goto done; |
| 60 } | 70 } |
| 61 | 71 |
| 62 /* Get the cert info so that we can look up the signer in the store later */ | 72 /* Get the cert info so that we can look up the signer in the store later */ |
| 63 if (CryptMsgGetParam(hMsg, | 73 if (CryptMsgGetParam(hMsg, |
| 69 pSignerCert = xmalloc (dwSignerInfoSize); | 79 pSignerCert = xmalloc (dwSignerInfoSize); |
| 70 } | 80 } |
| 71 else | 81 else |
| 72 { | 82 { |
| 73 ERRORPRINTF ("Failed to get signer cert size."); | 83 ERRORPRINTF ("Failed to get signer cert size."); |
| 74 retval = UnknownError; | 84 retval = VerifyUnknownError; |
| 75 goto done; | 85 goto done; |
| 76 } | 86 } |
| 77 | 87 |
| 78 if (!(CryptMsgGetParam(hMsg, | 88 if (!(CryptMsgGetParam(hMsg, |
| 79 CMSG_SIGNER_CERT_INFO_PARAM, | 89 CMSG_SIGNER_CERT_INFO_PARAM, |
| 80 0, | 90 0, |
| 81 pSignerCert, | 91 pSignerCert, |
| 82 &dwSignerInfoSize))) | 92 &dwSignerInfoSize))) |
| 83 { | 93 { |
| 84 ERRORPRINTF ("Failed to get signer cert."); | 94 ERRORPRINTF ("Failed to get signer cert."); |
| 85 retval = UnknownError; | 95 retval = VerifyUnknownError; |
| 86 goto done; | 96 goto done; |
| 87 } | 97 } |
| 88 | 98 |
| 89 pSignerCertContext = CertGetSubjectCertificateFromStore( | 99 pSignerCertContext = CertGetSubjectCertificateFromStore( |
| 90 hStore, | 100 hStore, |
| 92 pSignerCert); | 102 pSignerCert); |
| 93 | 103 |
| 94 if (!pSignerCertContext) | 104 if (!pSignerCertContext) |
| 95 { | 105 { |
| 96 ERRORPRINTF ("Failed to find signer cert in store."); | 106 ERRORPRINTF ("Failed to find signer cert in store."); |
| 97 retval = UnknownError; | 107 retval = VerifyUnknownError; |
| 98 goto done; | 108 goto done; |
| 99 } | 109 } |
| 100 | 110 |
| 101 /* Verify that the signature is actually valid */ | 111 /* Verify that the signature is actually valid */ |
| 102 if(CryptMsgControl(hMsg, | 112 if(CryptMsgControl(hMsg, |
| 104 CMSG_CTRL_VERIFY_SIGNATURE, | 114 CMSG_CTRL_VERIFY_SIGNATURE, |
| 105 pSignerCertContext->pCertInfo)) | 115 pSignerCertContext->pCertInfo)) |
| 106 { | 116 { |
| 107 DEBUGPRINTF ("Verify signature succeeded. \n"); | 117 DEBUGPRINTF ("Verify signature succeeded. \n"); |
| 108 /* TODO pinning*/ | 118 /* TODO pinning*/ |
| 109 retval = Valid; | 119 retval = VerifyValid; |
| 110 } else { | 120 } else { |
| 111 ERRORPRINTF ("The signature was not verified. \n"); | 121 ERRORPRINTF ("The signature was not verified. \n"); |
| 112 retval = InvalidSignature; | 122 retval = VerifyInvalidSignature; |
| 113 goto done; | 123 goto done; |
| 114 } | 124 } |
| 115 | 125 |
| 116 done: | 126 done: |
| 117 xfree(filenameW); | 127 xfree(filenameW); |