trustbridge/trustbridge: common/binverify.h annotate

annotate common/binverify.h @ 1081:edbf5e5e88f4

(issue118) Extend verify_binary to carry an open file * binverify.c: Change result to a structure containing an open fptr Use in Memory data for windows verification. * mainwindow.cpp, selftest.c: Handle the returend structure * binverifytest.cpp: Test for the exclusive read and update signature. * listutil.c: Add optional fptr parameter to read_file

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Thu, 11 Sep 2014 12:05:24 +0200
parents	78798d3af8f0
children	2a1aa9df8f11

rev	line source
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	2 * Software engineering by Intevation GmbH
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	3 *
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	4 * This file is Free Software under the GNU GPL (v>=2)
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY!
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	6 * See LICENSE.txt for details.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	7 */
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	8
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	9 #ifndef BINVERIFY_H
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	10 #define BINVERIFY_H
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	11 /* @file binverify.h
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	12 * @brief Verification of binary files
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	13 */
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	14 #include <stdbool.h>
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	15 #include <stddef.h>
1081 edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	16 #include <stdio.h>
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	17
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	18 #ifdef __cplusplus
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	19 extern "C" {
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	20 #endif
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	21
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	22 /**
1081 edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	23 * @enum verify_result
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	24 * @brief Result of a verification
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	25 */
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	26 typedef enum {
586 ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	27 VerifyValid = 100, /! Could be read and signature matched /
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	28 VerifyUnknownError = 1, /! The expected unexpected /
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	29 VerifyInvalidSignature = 4, /! Signature was invalid /
629 facb13c578f1 Add certificate pinning to verify_binary_win Andre Heinecke <andre.heinecke@intevation.de> parents: 586 diff changeset	30 VerifyInvalidCertificate = 5, /! Certificate mismatch /
586 ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	31 VerifyReadFailed = 6, /! File exists but could not read the file /
1081 edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	32 } verify_result;
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	33
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	34 /**
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	35 * A structure containing a verify_result and a reference to the
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	36 * verified file.
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	37 */
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	38 typedef struct {
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	39 /@{/
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	40 verify_result result; /*< the result of the verification /
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	41 FILE fptr; /*< Pointer to the open file struct of the verified file
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	42 The ptr is only valid if verify_result is VerifyValid
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	43 and needs to be closed by the caller in that case.*/
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	44 /@}/
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	45 } bin_verify_result;
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	46
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	47 /**
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	48 * @brief verify a binary
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	49 *
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	50 * This function checks that a binary is signed by a built
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	51 * in certificate.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	52 *
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	53 * Caution: This function works on file names only which could
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	54 * be modified after this check.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	55 *
771 2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	56 * Windows verification is done using Windows crypto API based on
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	57 * embedded PKCS 7 "authenticode" signatures embedded into the
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	58 * file.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	59 *
904 f89b41fa7048 Fix whitespace errors Andre Heinecke <andre.heinecke@intevation.de> parents: 774 diff changeset	60 * On Linux the file is epxected to and with the pattern of
1053 78798d3af8f0 Fixed doxygen build warnings. Emanuel Schuetze <emanuel@intevation.de> parents: 904 diff changeset	61 * \\r\\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA
774 44fa5de02b52 (issue43) Finalize and verify binary verification for linux. Andre Heinecke <andre.heinecke@intevation.de> parents: 771 diff changeset	62 * signature.
771 2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	63 * The signature is verified against the built in codesigning key in
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	64 * the same certificate that is used for windows verification.
774 44fa5de02b52 (issue43) Finalize and verify binary verification for linux. Andre Heinecke <andre.heinecke@intevation.de> parents: 771 diff changeset	65 * If the pattern is not found the verification fails.
771 2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	66 *
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	67 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	68 * @param[in] name_len length of the filename.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	69 *
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	70 * @returns the verification result.
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	71 */
586 ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	72 bin_verify_result verify_binary(const char *filename, size_t name_len);
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	73
1081 edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	74 /*@def Max size of a valid binary in byte /
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	75 #define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 1053 diff changeset	76
586 ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	77 #ifdef WIN32
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	78 /**
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	79 * @brief windows implementation of verify_binary
ecfd77751daf Disambiguate enumerator values and add portable wrapper. Andre Heinecke <aheinecke@intevation.de> parents: 579 diff changeset	80 */
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	81 bin_verify_result verify_binary_win(const char *filename, size_t name_len);
771 2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	82 #else /* WIN32 */
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	83
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	84 /**
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	85 * @brief linux implementation of verify_binary
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	86 */
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	87 bin_verify_result verify_binary_linux(const char *filename, size_t name_len);
2798f1869eee (issue43) Add first draft of signature verification for GNU/Linux Andre Heinecke <andre.heinecke@intevation.de> parents: 629 diff changeset	88 #endif
579 f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	89
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	90 #ifdef __cplusplus
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	91 }
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	92 #endif
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	93
f4ce4eef3b38 Implement PKCS#7 embedded signature verfification for windows Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	94 #endif /* BINVERIFY_H */

Mercurial > trustbridge > trustbridge

annotate common/binverify.h @ 1081:edbf5e5e88f4