view common/binverify.h @ 975:b3695a3399de

(issue86) Install into default directories on Linux If the mozilla process is now started as root it will try to write into the default directories for NSS Shared and mozilla / thunderbird profiles. Cinst will now start the mozilla process once as root.
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 29 Aug 2014 12:59:44 +0200
parents f89b41fa7048
children 78798d3af8f0
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#ifndef BINVERIFY_H
#define BINVERIFY_H
/* @file binverify.h
 * @brief Verification of binary files
 */
#include <stdbool.h>
#include <stddef.h>

#ifdef __cplusplus
extern "C" {
#endif

/**
 * @enum bin_verify_result
 * @brief Result of a verification
 */
typedef enum {
    VerifyValid = 100, /*! Could be read and signature matched */
    VerifyUnknownError = 1, /*! The expected unexpected */
    VerifyInvalidSignature = 4, /*! Signature was invalid */
    VerifyInvalidCertificate = 5, /*! Certificate mismatch */
    VerifyReadFailed = 6, /*! File exists but could not read the file */
} bin_verify_result;

/**
 * @brief verify a binary
 *
 * This function checks that a binary is signed by a built
 * in certificate.
 *
 * Caution: This function works on file names only which could
 * be modified after this check.
 *
 * Windows verification is done using Windows crypto API based on
 * embedded PKCS 7 "authenticode" signatures embedded into the
 * file.
 *
 * On Linux the file is epxected to and with the pattern of
 * \r\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA
 * signature.
 * The signature is verified against the built in codesigning key in
 * the same certificate that is used for windows verification.
 * If the pattern is not found the verification fails.
 *
 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
 * @param[in] name_len length of the filename.
 *
 * @returns the verification result.
 */
bin_verify_result verify_binary(const char *filename, size_t name_len);

#ifdef WIN32
/**
 * @brief windows implementation of verify_binary
 */
bin_verify_result verify_binary_win(const char *filename, size_t name_len);
#else /* WIN32 */
/**@def Max size of a valid binary in byte */
#define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)

/**
 * @brief linux implementation of verify_binary
 */
bin_verify_result verify_binary_linux(const char *filename, size_t name_len);
#endif

#ifdef __cplusplus
}
#endif

#endif /* BINVERIFY_H */

http://wald.intevation.org/projects/trustbridge/