view common/listutil.h @ 1071:fc4e1fe4e4d4

(issue116) Sign binaries with test certificate if RELESE_BUILD option is not used
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 10 Sep 2014 17:52:11 +0200
parents 78798d3af8f0
children edbf5e5e88f4
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#ifndef LISTUTIL_H
#define LISTUTIL_H

#ifdef __cplusplus
extern "C" {
#endif

#include <stddef.h>

/**
 * @file listutil.h
 * @brief Functions to work with the certificate list.
 */

/**
 * @brief Status of the List Operations
 */
typedef enum {
    Valid = 100, /*! Could be read and signature matched */
    UnknownError = 1, /*! The expected unexpected */
    TooLarge = 2, /*! Failed because the file exeeds the limit */
    InvalidFormat = 3, /*! File does not appear to be in list format */
    InvalidSignature = 4, /*! Signature was invalid */
    SeekFailed = 5, /*! Could not seek in the file */
    ReadFailed = 6, /*! File exists but could not read the file */
    IncompatibleVersion = 7, /*! The Format Version does not match */
    NoList = 8 /*! No list parsed */
} list_status_t;

/* Definitions based on the format */
#define MAX_LINE_LENGTH 9999
#define MAX_LINES 1000

/**
 * @brief Obtain the complete and verified Certificate list.
 *
 * This checks if the file fileName is a valid certificate
 * list signed by the key specified in pubkey.h
 *
 * The caller has to free data.
 *
 * @param[in] fileName Name of the file (UTF-8 encoded).
 * @param[out] data Newly allocated pointer to the file content.
 * @param[out] size Size in Bytes of the file content.
 *
 * @return status of the operation.
 */
list_status_t read_and_verify_list(const char *fileName, char **data, size_t *size);

/** @brief verify the certificate list
 *
 * The public key to verify against is the static publicKeyPEM data defined
 * in the pubkey header.
 *
 *  @param [in] data the list data
 *  @param [in] size the size of the data
 *
 *  @returns 0 if the list is valid a polarssl error or -1 otherwise
 */
int verify_list(const char *data, const size_t size);

/** @brief get a list of the certificates marked with I: or R:
 *
 * Get a list of certificates that are contained in the
 * certificatelist pointed to by data.
 * On Success this function makes a copy of the certificates
 * and the certificates need to be freed by the caller.
 *
 * @param [in] data the certificatelist to parse
 * @param [in] size the size of the certificatelist
 *
 * @returns a newly allocated array of strings containing the encoded
 * certificates or NULL on error.
 * */
char **get_certs_from_list (char *data, const size_t size);

/**
 *  @brief Read a file into memory.
 *
 * The caller needs to free data
 *
 * @param[in] file_name Name of the file.
 * @param[out] data the file content
 * @param[out] size size in bytes of the file content.
 * @param[in] max_size the maximum amount of bytes to read.
 *
 * @return 0 on success an error code otherwise.
 */
int read_file(const char *file_name, char **data, size_t *size,
              const size_t max_size);
#ifdef __cplusplus
}
#endif
#endif

http://wald.intevation.org/projects/trustbridge/