Mercurial > trustbridge
view common/binverify.h @ 629:facb13c578f1
Add certificate pinning to verify_binary_win
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 23 Jun 2014 13:04:34 +0200 |
| parents | ecfd77751daf |
| children | 2798f1869eee |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #ifndef BINVERIFY_H #define BINVERIFY_H /* @file binverify.h * @brief Verification of binary files */ #include <stdbool.h> #include <stddef.h> #ifdef __cplusplus extern "C" { #endif /** * @enum bin_verify_result * @brief Result of a verification */ typedef enum { VerifyValid = 100, /*! Could be read and signature matched */ VerifyUnknownError = 1, /*! The expected unexpected */ VerifyInvalidSignature = 4, /*! Signature was invalid */ VerifyInvalidCertificate = 5, /*! Certificate mismatch */ VerifyReadFailed = 6, /*! File exists but could not read the file */ } bin_verify_result; /** * @brief verify a binary * * This function checks that a binary is signed by a built * in certificate. * * Caution: This function works on file names only which could * be modified after this check. * * The verification is done using Windows crypto API based on * embedded PKCS 7 "authenticode" signatures embedded into the * file. * * @param[in] filename absolute null terminated UTF-8 encoded path to the file. * @param[in] name_len length of the filename. * * @returns the verification result. */ bin_verify_result verify_binary(const char *filename, size_t name_len); #ifdef WIN32 /** * @brief windows implementation of verify_binary */ bin_verify_result verify_binary_win(const char *filename, size_t name_len); #endif /* WIN32 */ #ifdef __cplusplus } #endif #endif /* BINVERIFY_H */