X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_cssm/lib/eisl.h diff --git a/Security/libsecurity_cssm/lib/eisl.h b/Security/libsecurity_cssm/lib/eisl.h new file mode 100644 index 00000000..fa044731 --- /dev/null +++ b/Security/libsecurity_cssm/lib/eisl.h @@ -0,0 +1,326 @@ +/* + * Copyright (c) 1999-2002,2004,2011,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + * eisl.h -- Embedded Integrity Services Library Interface + */ + +#ifndef _EISL_H_ +#define _EISL_H_ 1 + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Data Types for Embedded Integrity Services Library */ + +typedef const void *ISL_ITERATOR_PTR; + +typedef const void *ISL_VERIFIED_SIGNATURE_ROOT_PTR; + +typedef const void *ISL_VERIFIED_CERTIFICATE_CHAIN_PTR; + +typedef const void *ISL_VERIFIED_CERTIFICATE_PTR; + +typedef const void *ISL_MANIFEST_SECTION_PTR; + +typedef const void *ISL_VERIFIED_MODULE_PTR; + +typedef void (*ISL_FUNCTION_PTR)(void); + +typedef struct isl_data { + CSSM_SIZE Length; /* in bytes */ + uint8 *Data; +} ISL_DATA, *ISL_DATA_PTR; + +typedef struct isl_const_data { + CSSM_SIZE Length; /* in bytes */ + const uint8 *Data; +} ISL_CONST_DATA, *ISL_CONST_DATA_PTR; + +typedef enum isl_status { + ISL_OK = 0, + ISL_FAIL = -1 +} ISL_STATUS; + + +/* Embedded Integrity Services Library Functions */ + +ISL_VERIFIED_MODULE_PTR +EISL_SelfCheck (); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyAndLoadModuleAndCredentialData (const ISL_CONST_DATA CredentialsImage, + const ISL_CONST_DATA ModuleSearchPath, + const ISL_CONST_DATA Name, + const ISL_CONST_DATA Signer, + const ISL_CONST_DATA PublicKey); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyAndLoadModuleAndCredentialDataWithCertificate (const ISL_CONST_DATA CredentialsImage, + const ISL_CONST_DATA ModuleSearchPath, + const ISL_CONST_DATA Name, + const ISL_CONST_DATA Signer, + const ISL_CONST_DATA Certificate); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyAndLoadModuleAndCredentials (ISL_CONST_DATA Credentials, + ISL_CONST_DATA Name, + ISL_CONST_DATA Signer, + ISL_CONST_DATA PublicKey); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyAndLoadModuleAndCredentialsWithCertificate (const ISL_CONST_DATA Credentials, + const ISL_CONST_DATA Name, + const ISL_CONST_DATA Signer, + const ISL_CONST_DATA Certificate); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyLoadedModuleAndCredentialData (const ISL_CONST_DATA CredentialsImage, + const ISL_CONST_DATA ModuleSearchPath, + const ISL_CONST_DATA Name, + const ISL_CONST_DATA Signer, + const ISL_CONST_DATA PublicKey); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyLoadedModuleAndCredentialDataWithCertificate (const ISL_CONST_DATA CredentialsImage, + const ISL_CONST_DATA ModuleSearchPath, + const ISL_CONST_DATA Name, + const ISL_CONST_DATA Signer, + const ISL_CONST_DATA Certificate); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyLoadedModuleAndCredentials (ISL_CONST_DATA Credentials, + ISL_CONST_DATA Name, + ISL_CONST_DATA Signer, + ISL_CONST_DATA PublicKey); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyLoadedModuleAndCredentialsWithCertificate (const ISL_CONST_DATA Credentials, + const ISL_CONST_DATA Name, + const ISL_CONST_DATA Signer, + const ISL_CONST_DATA Certificate); + +ISL_VERIFIED_CERTIFICATE_CHAIN_PTR +EISL_GetCertificateChain (ISL_VERIFIED_MODULE_PTR Module); + +uint32 +EISL_ContinueVerification (ISL_VERIFIED_MODULE_PTR Module, + uint32 WorkFactor); + +ISL_VERIFIED_MODULE_PTR +EISL_DuplicateVerifiedModulePtr (ISL_VERIFIED_MODULE_PTR Module); + +ISL_STATUS +EISL_RecycleVerifiedModuleCredentials (ISL_VERIFIED_MODULE_PTR Verification); + + +/* Signature Root Methods */ + +ISL_VERIFIED_SIGNATURE_ROOT_PTR +EISL_CreateVerifiedSignatureRootWithCredentialData (const ISL_CONST_DATA CredentialsImage, + const ISL_CONST_DATA ModuleSearchPath, + const ISL_CONST_DATA Signer, + const ISL_CONST_DATA PublicKey); + +ISL_VERIFIED_SIGNATURE_ROOT_PTR +EISL_CreateVerifiedSignatureRootWithCredentialDataAndCertificate (const ISL_CONST_DATA CredentialsImage, + const ISL_CONST_DATA ModuleSearchPath, + ISL_VERIFIED_CERTIFICATE_PTR Cert); + +ISL_VERIFIED_SIGNATURE_ROOT_PTR +EISL_CreateVerfiedSignatureRoot (ISL_CONST_DATA Credentials, + ISL_CONST_DATA Signer, + ISL_CONST_DATA PublicKey); + +ISL_VERIFIED_SIGNATURE_ROOT_PTR +EISL_CreateVerfiedSignatureRootWithCertificate (ISL_CONST_DATA Credentials, + ISL_VERIFIED_CERTIFICATE_PTR Cert); + +ISL_MANIFEST_SECTION_PTR +EISL_FindManifestSection (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root, + ISL_CONST_DATA Name); + +ISL_ITERATOR_PTR +EISL_CreateManifestSectionEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); + +ISL_MANIFEST_SECTION_PTR +EISL_GetNextManifestSection (ISL_ITERATOR_PTR Iterator); + +ISL_STATUS +EISL_RecycleManifestSectionEnumerator (ISL_ITERATOR_PTR Iterator); + +ISL_STATUS +EISL_FindManifestAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context, + ISL_CONST_DATA Name, + ISL_CONST_DATA_PTR Value); + +ISL_ITERATOR_PTR +EISL_CreateManifestAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context); + +ISL_STATUS +EISL_FindSignerInfoAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context, + ISL_CONST_DATA Name, + ISL_CONST_DATA_PTR Value); + +ISL_ITERATOR_PTR +EISL_CreateSignerInfoAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context); + +ISL_STATUS +EISL_GetNextAttribute (ISL_ITERATOR_PTR Iterator, + ISL_CONST_DATA_PTR Name, + ISL_CONST_DATA_PTR Value); + +ISL_STATUS +EISL_RecycleAttributeEnumerator (ISL_ITERATOR_PTR Iterator); + +ISL_STATUS +EISL_FindSignatureAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root, + ISL_CONST_DATA Name, + ISL_CONST_DATA_PTR Value); + +ISL_ITERATOR_PTR +EISL_CreateSignatureAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); + +ISL_STATUS +EISL_GetNextSignatureAttribute (ISL_ITERATOR_PTR Iterator, + ISL_CONST_DATA_PTR Name, + ISL_CONST_DATA_PTR Value); + +ISL_STATUS +EISL_RecycleSignatureAttributeEnumerator (ISL_ITERATOR_PTR Iterator); + +ISL_STATUS +EISL_RecycleVerifiedSignatureRoot (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); + + +/* Certificate Chain Methods */ + +const ISL_VERIFIED_CERTIFICATE_CHAIN_PTR +EISL_CreateCertificateChainWithCredentialData (const ISL_CONST_DATA RootIssuer, + const ISL_CONST_DATA PublicKey, + const ISL_CONST_DATA CredentialsImage, + const ISL_CONST_DATA ModuleSearchPath); + +ISL_VERIFIED_CERTIFICATE_CHAIN_PTR +EISL_CreateCertificateChainWithCredentialDataAndCertificate (const ISL_CONST_DATA Certificate, + const ISL_CONST_DATA CredentialsImage, + const ISL_CONST_DATA ModuleSearchPath); + +ISL_VERIFIED_CERTIFICATE_CHAIN_PTR +EISL_CreateCertificateChain (ISL_CONST_DATA RootIssuer, + ISL_CONST_DATA PublicKey, + ISL_CONST_DATA Credential); + +ISL_VERIFIED_CERTIFICATE_CHAIN_PTR +EISL_CreateCertificateChainWithCertificate (const ISL_CONST_DATA Certificate, + const ISL_CONST_DATA Credential); + +uint32 +EISL_CopyCertificateChain (ISL_VERIFIED_CERTIFICATE_CHAIN_PTR Verification, + ISL_VERIFIED_CERTIFICATE_PTR Certs[], + uint32 MaxCertificates); + +ISL_STATUS +EISL_RecycleVerifiedCertificateChain (ISL_VERIFIED_CERTIFICATE_CHAIN_PTR Chain); + + +/* Certificate Attribute Methods */ + +ISL_STATUS +EISL_FindCertificateAttribute (ISL_VERIFIED_CERTIFICATE_PTR Cert, + ISL_CONST_DATA Name, + ISL_CONST_DATA_PTR Value); + +ISL_ITERATOR_PTR +EISL_CreateCertificateAttributeEnumerator (ISL_VERIFIED_CERTIFICATE_PTR Cert); + +ISL_STATUS +EISL_GetNextCertificateAttribute (ISL_ITERATOR_PTR CertIterator, + ISL_CONST_DATA_PTR Name, + ISL_CONST_DATA_PTR Value); + +ISL_STATUS +EISL_RecycleCertificateAttributeEnumerator (ISL_ITERATOR_PTR CertIterator); + + +/* Manifest Section Object Methods */ + +ISL_VERIFIED_SIGNATURE_ROOT_PTR +EISL_GetManifestSignatureRoot (ISL_MANIFEST_SECTION_PTR Section); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyAndLoadModule (ISL_MANIFEST_SECTION_PTR Section); + +ISL_VERIFIED_MODULE_PTR +EISL_VerifyLoadedModule (ISL_MANIFEST_SECTION_PTR Section); + +ISL_STATUS +EISL_FindManifestSectionAttribute (ISL_MANIFEST_SECTION_PTR Section, + ISL_CONST_DATA Name, + ISL_CONST_DATA_PTR Value); + +ISL_ITERATOR_PTR +EISL_CreateManifestSectionAttributeEnumerator (ISL_MANIFEST_SECTION_PTR Section); + +ISL_STATUS +EISL_GetNextManifestSectionAttribute (ISL_ITERATOR_PTR Iterator, + ISL_CONST_DATA_PTR Name, + ISL_CONST_DATA_PTR Value); + +ISL_STATUS +EISL_RecycleManifestSectionAttributeEnumerator (ISL_ITERATOR_PTR Iterator); + +ISL_MANIFEST_SECTION_PTR +EISL_GetModuleManifestSection (ISL_VERIFIED_MODULE_PTR Module); + + +/* Secure Linkage Services */ + +ISL_FUNCTION_PTR +EISL_LocateProcedureAddress (ISL_VERIFIED_MODULE_PTR Module, + ISL_CONST_DATA Name); + +#ifdef MACOSX +#define EISL_GetReturnAddress(Address) \ +{\ + /* Platform specific code in here */ \ +} +#endif + +ISL_STATUS +EISL_CheckAddressWithinModule (ISL_VERIFIED_MODULE_PTR Verification, + ISL_FUNCTION_PTR Address); + +ISL_STATUS +EISL_CheckDataAddressWithinModule (ISL_VERIFIED_MODULE_PTR Verification, + const void *Address); + +void * +EISL_GetLibHandle (ISL_VERIFIED_MODULE_PTR Verification); + +#ifdef __cplusplus +} +#endif + +#endif /* _EISL_H_ */