diff common/binverify.h @ 579:f4ce4eef3b38

Implement PKCS#7 embedded signature verfification for windows
author Andre Heinecke <aheinecke@intevation.de>
date Tue, 27 May 2014 10:28:36 +0000
parents
children ecfd77751daf
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/binverify.h	Tue May 27 10:28:36 2014 +0000
@@ -0,0 +1,58 @@
+/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
+ * Software engineering by Intevation GmbH
+ *
+ * This file is Free Software under the GNU GPL (v>=2)
+ * and comes with ABSOLUTELY NO WARRANTY!
+ * See LICENSE.txt for details.
+ */
+
+#ifndef BINVERIFY_H
+#define BINVERIFY_H
+/* @file binverify.h
+ * @brief Verification of binary files
+ */
+#include <stdbool.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @enum bin_verify_result
+ * @brief Result of a verification
+ */
+typedef enum {
+    Valid = 100, /*! Could be read and signature matched */
+    UnknownError = 1, /*! The expected unexpected */
+    InvalidSignature = 4, /*! Signature was invalid */
+    ReadFailed = 6, /*! File exists but could not read the file */
+} bin_verify_result;
+
+#ifdef WIN32
+/**
+ * @brief verify a binary
+ *
+ * This function checks that a binary is signed by a built
+ * in certificate.
+ *
+ * Caution: This function works on file names only which could
+ * be modified after this check.
+ *
+ * The verification is done using Windows crypto API based on
+ * embedded PKCS 7 "authenticode" signatures embedded into the
+ * file.
+ *
+ * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
+ * @param[in] name_len length of the filename.
+ *
+ * @returns the verification result.
+ */
+bin_verify_result verify_binary_win(const char *filename, size_t name_len);
+#endif /* WIN32 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* BINVERIFY_H */

http://wald.intevation.org/projects/trustbridge/