/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#ifndef BINVERIFY_H
#define BINVERIFY_H
/* @file binverify.h
 * @brief Verification of binary files
 */
#include <stdbool.h>
#include <stddef.h>

#ifdef __cplusplus
extern "C" {
#endif

/**
 * @enum bin_verify_result
 * @brief Result of a verification
 */
typedef enum {
    VerifyValid = 100, /*! Could be read and signature matched */
    VerifyUnknownError = 1, /*! The expected unexpected */
    VerifyInvalidSignature = 4, /*! Signature was invalid */
    VerifyInvalidCertificate = 5, /*! Certificate mismatch */
    VerifyReadFailed = 6, /*! File exists but could not read the file */
} bin_verify_result;

/**
 * @brief verify a binary
 *
 * This function checks that a binary is signed by a built
 * in certificate.
 *
 * Caution: This function works on file names only which could
 * be modified after this check.
 *
 * The verification is done using Windows crypto API based on
 * embedded PKCS 7 "authenticode" signatures embedded into the
 * file.
 *
 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
 * @param[in] name_len length of the filename.
 *
 * @returns the verification result.
 */
bin_verify_result verify_binary(const char *filename, size_t name_len);

#ifdef WIN32
/**
 * @brief windows implementation of verify_binary
 */
bin_verify_result verify_binary_win(const char *filename, size_t name_len);
#endif /* WIN32 */

#ifdef __cplusplus
}
#endif

#endif /* BINVERIFY_H */