/* * security.h - Runtime function declarations for libglacier * * This file is part of Glacier. * * Glacier is free software: you can redistribute it and/or modify it under the terms of the * GNU Lesser General Public License as published by the Free Software Foundation, either * version 3 of the License, or (at your option) any later version. * * Glacier is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License along with Glacier. If * not, see . */ #ifndef GLACIERSECURITY_H_ #define GLACIERSECURITY_H_ typedef unsigned int uint; typedef unsigned char uchar; /* * compare_file_hash * * DESCRIPTION: compare_file_hash compares the SHA256 hashes of a file and its original hash * PARAMETERS: * char ORIG_HASH[] -> The file containing the expected hash result * char FILE[] -> The file to compare against ORIG_HASH[] * RETURN VALUES: * 0 on hashes match, 1 on hashes do not match, -1 on library error * CAVEATS: * None. * EXAMPLE: * compare_file_hash("pkg.sha256sum", "pkg.tar.xz"); */ /* int compare_file_hash(char ORIG_HASH[], char FILE[]); */ /* * gl_print_hash * * DESCRIPTION: Prints a specified hash string * PARAMETERS: unsigned char *hash, unsigned int length * RETURNS: 0 on success, 1 on error */ int gl_print_hash(uchar *hash, uint length); /* * gl_stash_hash * * DESCRIPTION: Stores a hash inside a string * PARAMETERS: unsigned char *stored_hash, unsigned char *hash, unsigned int length * RETURNS: 0 on success, 1 on error */ int gl_stash_hash(char *stored_hash, unsigned int stored_hash_size, const uchar *hash, uint length); /* * gl_hash_file * * DESCRIPTION: Performs a hashing operation on a file and stores the result * PARAMETERS: const char *filename, unsigned char *out_hash, unsigned int *out_length * RETURNS: 0 on success, 1-6 for different error conditions */ int gl_hash_file(const char *filename, unsigned char *out_hash, unsigned int *out_length); /* * gl_verify_signature * * DESCRIPTION: Verify a package signature against a trusted keyring * PARAMETERS: char PACKAGE[], char SIGNATURE[] * RETURNS: 0 on success, 1 on verification failure, 2 on file not found */ int gl_verify_signature(char PACKAGE[], char SIGNATURE[]); /* * gl_check_integrity * * DESCRIPTION: Check package integrity by comparing with expected hash * PARAMETERS: char PACKAGE[], char EXPECTED_HASH[] * RETURNS: 0 on success, 1 on hash mismatch, 2 on file not found or error */ int gl_check_integrity(char PACKAGE[], char EXPECTED_HASH[]); #endif