Mercurial > trustbridge
view common/binverify.h @ 579:f4ce4eef3b38
Implement PKCS#7 embedded signature verfification for windows
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Tue, 27 May 2014 10:28:36 +0000 |
| parents | |
| children | ecfd77751daf |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #ifndef BINVERIFY_H #define BINVERIFY_H /* @file binverify.h * @brief Verification of binary files */ #include <stdbool.h> #include <stddef.h> #ifdef __cplusplus extern "C" { #endif /** * @enum bin_verify_result * @brief Result of a verification */ typedef enum { Valid = 100, /*! Could be read and signature matched */ UnknownError = 1, /*! The expected unexpected */ InvalidSignature = 4, /*! Signature was invalid */ ReadFailed = 6, /*! File exists but could not read the file */ } bin_verify_result; #ifdef WIN32 /** * @brief verify a binary * * This function checks that a binary is signed by a built * in certificate. * * Caution: This function works on file names only which could * be modified after this check. * * The verification is done using Windows crypto API based on * embedded PKCS 7 "authenticode" signatures embedded into the * file. * * @param[in] filename absolute null terminated UTF-8 encoded path to the file. * @param[in] name_len length of the filename. * * @returns the verification result. */ bin_verify_result verify_binary_win(const char *filename, size_t name_len); #endif /* WIN32 */ #ifdef __cplusplus } #endif #endif /* BINVERIFY_H */