Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

fix README

  • Loading branch information...
commit 2fe3c4f417c7e96ec1f30ecf47ec71a7f3705c9c 1 parent bb67a76
@halayli authored
Showing with 23 additions and 6 deletions.
  1. +20 −4 README
  2. +3 −2 verifier.h
View
24 README
@@ -1,4 +1,22 @@
-signer_common.c & signer_common.h is the signer library used by signer.c to sign executables.
+supports FreeBSD ONLY for now.
+
+signer/verifier allows you to sign elf32 binary executables and give them
+expiration date to execute. Verification makes sure that the binary is signed
+and hasn't expired or been tampered with.
+
+The verification should take place from the shell before it runs the executable.
+Use verifier.o when recompiling the shell.
+
+
+To verify binaries from your program (ex. shell), add verifier.o to the
+linked objects when compiling, and call
+verify_binary(char * file, char *cacert)
+
+returns 0 upon successful verification.
+
+-----------------
+signer_common.c & signer_common.h is the signer library used by signer.c to
+sign executables.
verifier.c depends on signer_common library to verify signed executables.
@@ -12,6 +30,4 @@ make verifier_test
To compiler verifier.o, run:
make verifier.o
-
-To verify binaries from your program, add verifier.o to the linked objects when compiling, and call
-verify_binary(char *, char *) from your code.
+-----------------
View
5 verifier.h
@@ -1,7 +1,8 @@
-/* Returns 0 if binary is verified, -1 for system call error, or 1 for crypto error
+/* Returns 0 if binary is verified, -1 for system call error,
+ or 1 for crypto error
arg1: the executable path to be verified
arg2: the root's public certificate.
NOTE: the second argument is not used for now, and it is only there so that the interface doesn't get modified in the future */
enum {CERT_NOT_MATCH = 1, CERT_INVALID, CERT_EXPIRED, CERT_NOT_FOUND};
-int verify_binary(char *, char *);
+int verify_binary(char *file, char *cacert);
Please sign in to comment.
Something went wrong with that request. Please try again.