Mercurial > trustbridge > trustbridge

view common/binverify.h @ 1371:23df332b2a4c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue179) Read install signature timestamp from config This also changes the way the sigDt is propgated to the MainWindow. It no longer uses the settings but hands it over as a parameter directly.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 24 Nov 2014 15:48:49 +0100
parents 28885e8c891f
children
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#ifndef BINVERIFY_H
#define BINVERIFY_H
/* @file binverify.h
 * @brief Verification of binary files
 */
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <time.h>

#ifdef __cplusplus
extern "C" {
#endif

/**
 * @enum verify_result
 * @brief Result of a verification
 */
typedef enum {
    /*! Could be read and signature matched */
    VerifyValid = 100,
    /*! The expected unexpected */
    VerifyUnknownError = 1,
    /*! Signature was invalid */
    VerifyInvalidSignature = 4,
    /*! Certificate mismatch */
    VerifyInvalidCertificate = 5,
    /*! File exists but could not read the file */
    VerifyReadFailed = 6,
} verify_result;

/**
 * @struct bin_verify_result
 * @brief A structure containing a verify_result and a reference to the
 * verified file.
 */
typedef struct {
    /*@{*/
    verify_result result; /**< the result of the verification */
    FILE *fptr; /**< Pointer to the open file struct of the verified file
                    The ptr is only valid if verify_result is VerifyValid
                    and needs to be closed by the caller in that case.*/
    time_t sig_time; /** < Time of the signature. */
    /*@}*/
} bin_verify_result;

/**
 * @brief verify a binary
 *
 * This function checks that a binary is signed by a built
 * in certificate.
 *
 * Caution: This function works on file names only which could
 * be modified after this check.
 *
 * Windows verification is done using Windows crypto API based on
 * embedded PKCS 7 "authenticode" signatures embedded into the
 * file.
 *
 * On Linux the file is epxected to and with the pattern of
 * \\r\\nS: (0x0d0a533A) followed by a 3072 Bit Base64 encoded RSA
 * signature.
 * The signature is verified against the built in codesigning key in
 * the same certificate that is used for windows verification.
 * If the pattern is not found the verification fails.
 *
 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
 * @param[in] name_len length of the filename.
 *
 * @returns the verification result.
 */
bin_verify_result verify_binary(const char *filename, size_t name_len);

/**@def Max size of a valid binary in byte */
#define MAX_VALID_BIN_SIZE (32 * 1024 * 1024)

#ifdef WIN32
/**
 * @brief windows implementation of verify_binary
 */
bin_verify_result verify_binary_win(const char *filename, size_t name_len);
#else /* WIN32 */

/**
 * @brief linux implementation of verify_binary
 */
bin_verify_result verify_binary_linux(const char *filename, size_t name_len);
#endif

#ifdef __cplusplus
}
#endif

#endif /* BINVERIFY_H */
http://wald.intevation.org/projects/trustbridge/