Mercurial > trustbridge
view common/binverify.h @ 1071:fc4e1fe4e4d4
(issue116) Sign binaries with test certificate if RELESE_BUILD option is not used
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Wed, 10 Sep 2014 17:52:11 +0200 |
parents | 78798d3af8f0 |
children | edbf5e5e88f4 |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #ifndef BINVERIFY_H #define BINVERIFY_H /* @file binverify.h * @brief Verification of binary files */ #include <stdbool.h> #include <stddef.h> #ifdef __cplusplus extern "C" { #endif /** * @enum bin_verify_result * @brief Result of a verification */ typedef enum { VerifyValid = 100, /*! Could be read and signature matched */ VerifyUnknownError = 1, /*! The expected unexpected */ VerifyInvalidSignature = 4, /*! Signature was invalid */ VerifyInvalidCertificate = 5, /*! Certificate mismatch */ VerifyReadFailed = 6, /*! File exists but could not read the file */ } bin_verify_result; /** * @brief verify a binary * * This function checks that a binary is signed by a built * in certificate. * * Caution: This function works on file names only which could * be modified after this check. * * Windows verification is done using Windows crypto API based on * embedded PKCS 7 "authenticode" signatures embedded into the * file. * * On Linux the file is epxected to and with the pattern of * \\r\\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA * signature. * The signature is verified against the built in codesigning key in * the same certificate that is used for windows verification. * If the pattern is not found the verification fails. * * @param[in] filename absolute null terminated UTF-8 encoded path to the file. * @param[in] name_len length of the filename. * * @returns the verification result. */ bin_verify_result verify_binary(const char *filename, size_t name_len); #ifdef WIN32 /** * @brief windows implementation of verify_binary */ bin_verify_result verify_binary_win(const char *filename, size_t name_len); #else /* WIN32 */ /**@def Max size of a valid binary in byte */ #define MAX_VALID_BIN_SIZE (32 * 1024 * 1024) /** * @brief linux implementation of verify_binary */ bin_verify_result verify_binary_linux(const char *filename, size_t name_len); #endif #ifdef __cplusplus } #endif #endif /* BINVERIFY_H */