view common/binverify.h @ 1118:fd85a02d771d

(issue54) Implement a privilege drop to execute the program after installation. This commit is extremly ugly as I accidentally worked in a working tree that was partially merged with default. To review the real change please check the commit that will merge this branch into default.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 16 Sep 2014 19:45:19 +0200
parents edbf5e5e88f4
children 2a1aa9df8f11
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#ifndef BINVERIFY_H
#define BINVERIFY_H
/* @file binverify.h
 * @brief Verification of binary files
 */
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>

#ifdef __cplusplus
extern "C" {
#endif

/**
 * @enum verify_result
 * @brief Result of a verification
 */
typedef enum {
    VerifyValid = 100, /*! Could be read and signature matched */
    VerifyUnknownError = 1, /*! The expected unexpected */
    VerifyInvalidSignature = 4, /*! Signature was invalid */
    VerifyInvalidCertificate = 5, /*! Certificate mismatch */
    VerifyReadFailed = 6, /*! File exists but could not read the file */
} verify_result;

/**
 * A structure containing a verify_result and a reference to the
 * verified file.
 */
typedef struct {
    /*@{*/
    verify_result result; /**< the result of the verification */
    FILE *fptr; /**< Pointer to the open file struct of the verified file
                    The ptr is only valid if verify_result is VerifyValid
                    and needs to be closed by the caller in that case.*/
    /*@}*/
} bin_verify_result;

/**
 * @brief verify a binary
 *
 * This function checks that a binary is signed by a built
 * in certificate.
 *
 * Caution: This function works on file names only which could
 * be modified after this check.
 *
 * Windows verification is done using Windows crypto API based on
 * embedded PKCS 7 "authenticode" signatures embedded into the
 * file.
 *
 * On Linux the file is epxected to and with the pattern of
 * \\r\\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA
 * signature.
 * The signature is verified against the built in codesigning key in
 * the same certificate that is used for windows verification.
 * If the pattern is not found the verification fails.
 *
 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
 * @param[in] name_len length of the filename.
 *
 * @returns the verification result.
 */
bin_verify_result verify_binary(const char *filename, size_t name_len);

/**@def Max size of a valid binary in byte */
#define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)

#ifdef WIN32
/**
 * @brief windows implementation of verify_binary
 */
bin_verify_result verify_binary_win(const char *filename, size_t name_len);
#else /* WIN32 */

/**
 * @brief linux implementation of verify_binary
 */
bin_verify_result verify_binary_linux(const char *filename, size_t name_len);
#endif

#ifdef __cplusplus
}
#endif

#endif /* BINVERIFY_H */

http://wald.intevation.org/projects/trustbridge/