+++ /dev/null
-/*
- * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*!
- @header SecManifest
- The functions and data types in SecManifest implement file, directory, and
- data signing.
-*/
-
-#ifndef _SECURITY_SECMANIFEST_H_
-#define _SECURITY_SECMANIFEST_H_
-
-#include <Security/SecTrust.h>
-#include <Security/SecIdentity.h>
-#include <Security/SecBase.h>
-
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-enum {
- errSecManifestNotSupported = -22040, /* The specified object can't be placed in a manifest */
- errSecManifestNoSigners = -22041, /* There must be at least one signer for a manifest */
- errSecManifestCMSFailure = -22042, /* A problem occurred with CMS */
- errSecManifestIsNotEmpty = -20043, /* The manifest was not empty before create from external representation */
- errSecManifestDidNotVerify = -20044, /* The manifest did not verify */
- errSecManifestDamaged = -20045, /* The manifest was damaged */
- errSecManifestNotEqual = -20046, /* The manifests were not equal */
- errSecManifestBadResult = -20057, /* A manifest callback returned an invalid result */
- errSecManifestNoPolicy = -20058, /* Couldn't find the default policy */
- errSecManifestInvalidException = -20059, /* Exception list members must be CFStrings */
- errSecManifestNoSignersFound = -20060, /* No signers were found in the manifest */
-};
-
-typedef UInt32 SecManifestCompareOptions;
-enum {kSecManifestVerifyOwnerAndGroup = 0x1};
-
-/*!
- @typedef SecManifestRef
- @abstract A pointer to an opaque manifest structure
-*/
-typedef struct OpaqueSecManifestRef *SecManifestRef;
-
-/*!
- @function SecManifestGetVersion
- @abstract Determines the version of the SecManifest API installed on the
- user's system.
- @param version On return, a pointer to the version number of the SecManifest
- API installed on the system.
- @result A result code.
-*/
-OSStatus SecManifestGetVersion(UInt32 *version);
-
-/*!
- @function SecManifestCreate
- @abstract Creates a new manifest object for signing.
- @param manifest On return, a porinter to a manifest reference. The memory
- that manifest occupies must be released by calling
- SecManifestRelease when you are finished with it.
- @result A result code.
-*/
-OSStatus SecManifestCreate(SecManifestRef *manifest);
-
-/*!
- @function SecManifestRelease
- @abstract Destroys a manifest object
- @param manifest The manifest to destroy.
-*/
-
-void SecManifestRelease(SecManifestRef manifest);
-
-typedef enum _SecManifestTrustCallbackResult
-{
- kSecManifestDoNotVerify,
- kSecManifestSignerVerified,
- kSecManifestContinue,
- kSecManifestFailed
-} SecManifestTrustCallbackResult;
-
-typedef SecManifestTrustCallbackResult(*SecManifestTrustSetupCallback)
- (SecTrustRef trustRef, void* setupContext);
-typedef SecManifestTrustCallbackResult(*SecManifestTrustEvaluateCallback)
- (SecTrustRef trustRef, SecTrustResultType result,
- void *evaluateContext);
-
-/*!
- @function SecManifestVerifySignature
- @abstract Verifies a signature created with SecManifestCreateSignature,
- @param data The signature to verify.
- @param setupCallback Called before trust is verified for a signer. This
- allows the user to modify the SecTrustRef if needed
- (see the SecTrust documentation).
- @param setupContext User defined.
- @param evaluateCallback Called after SecTrustEvaluate has been called for a
- signer if the result was not trusted. This allows
- the developer to query the user as to whether or not
- to trust the signer.
- @param evaluateContext User defined.
- @param manifest Optional return of the verified manifest
-*/
-
-OSStatus SecManifestVerifySignature(CFDataRef data,
- SecManifestTrustSetupCallback setupCallback,
- void* setupContext,
- SecManifestTrustEvaluateCallback evaluateCallback,
- void* evaluateContext,
- SecManifestRef *manifest);
-
-/*!
- @function SecManifestVerifySignature
- @abstract Verifies a signature created with SecManifestCreateSignature,
- @param data The signature to verify.
- @param setupCallback Called before trust is verified for a signer. This
- allows the user to modify the SecTrustRef if needed
- (see the SecTrust documentation).
- @param setupContext User defined.
- @param evaluateCallback Called after SecTrustEvaluate has been called for a
- signer if the result was not trusted. This allows
- the developer to query the user as to whether or not
- to trust the signer.
- @param evaluateContext User defined.
- @param policyRef A SecPolicyRef used to evaluate the signature. Pass NULL to use the default policy
- @param manifest Optional return of the verified manifest
-*/
-OSStatus SecManifestVerifySignatureWithPolicy(CFDataRef data,
- SecManifestTrustSetupCallback setupCallback,
- void* setupContext,
- SecManifestTrustEvaluateCallback evaluateCallback,
- void* evaluateContext,
- SecPolicyRef policyRef,
- SecManifestRef *manifest);
-/*!
- @function SecManifestCreateSignature
- @abstract Creates a signature.
- @param manifest The manifest from which to create the signature.
- @param options Reserved for future use.
- @param data On return, the external representation. The memory that data
- occupies must be released by calling CFRelease when finished
- with it.
- @result A result code.
-*/
-OSStatus SecManifestCreateSignature(SecManifestRef manifest,
- UInt32 options,
- CFDataRef *data);
-
-/*!
- @function SecManifestAddObject
- @abstract Adds data to be signed or verified to the manifest object.
- @param manifest The manifest object.
- @param object The object to add.
- @param exceptionList If data points to a directory, this contains an
- optional list of CFStrings, relative to object, that will
- not be included in the manifest.
- @result A result code.
- @discussion object may either be a CFURL that points to a file URL, or a
- SecManifestData, which points to arbitrary data.
-*/
-OSStatus SecManifestAddObject(SecManifestRef manifest,
- CFTypeRef object,
- CFArrayRef exceptionList);
-
-/*!
- @function SecManifestCompare
- @abstraact Compare one manifest to another.
- @param manifest1 A manifest to be compared for equality.
- @param manifest2 A manifest to be compared for equality.
- @param verifyOwnerAndGroup If true, owner and group ID's will be checked as
- part of the verification process.
- @result A result code.
-*/
-OSStatus SecManifestCompare(SecManifestRef manifest1,
- SecManifestRef manifest2,
- SecManifestCompareOptions options);
-
-/*!
- @function SecManifestAddSigner
- @abstract Add an identity to the list of identities that will sign the
- manifest.
- @param manifest The manifest to sign.
- @param identity The identity to be used to sign the manifest.
- @result A result code.
- @discussion Multiple signers are supported. The actual signing does not
- take place until SecManifestCreateExternalRepresentation is
- called.
-*/
-OSStatus SecManifestAddSigner(SecManifestRef manifest,
- SecIdentityRef identity);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* ! _SECURITY_SECMANIFEST_H_ */
-
projects / apple / security.git / blobdiff