Mercurial > trustbridge > trustbridge
diff common/binverify.h @ 771:2798f1869eee
(issue43) Add first draft of signature verification for GNU/Linux
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Thu, 10 Jul 2014 19:15:22 +0200 |
| parents | facb13c578f1 |
| children | 44fa5de02b52 |
line wrap: on
line diff
--- a/common/binverify.h Thu Jul 10 19:14:22 2014 +0200 +++ b/common/binverify.h Thu Jul 10 19:15:22 2014 +0200 @@ -39,10 +39,15 @@ * Caution: This function works on file names only which could * be modified after this check. * - * The verification is done using Windows crypto API based on + * Windows verification is done using Windows crypto API based on * embedded PKCS 7 "authenticode" signatures embedded into the * file. * + * On Linux the last pattern of \r\nS: (0x0d0a533A) is looked up and + * afterwards a 3072 Bit Base64 encoded RSA signature is expected. + * The signature is verified against the built in codesigning key in + * the same certificate that is used for windows verification. + * * @param[in] filename absolute null terminated UTF-8 encoded path to the file. * @param[in] name_len length of the filename. * @@ -55,7 +60,15 @@ * @brief windows implementation of verify_binary */ bin_verify_result verify_binary_win(const char *filename, size_t name_len); -#endif /* WIN32 */ +#else /* WIN32 */ +/**@def Max size of a valid binary in byte */ +#define MAX_VALID_BIN_SIZE (32 * 1024 * 1024) + +/** + * @brief linux implementation of verify_binary + */ +bin_verify_result verify_binary_linux(const char *filename, size_t name_len); +#endif #ifdef __cplusplus }