modules/libmar/src/mar_cmdline.h@b8a032363ba2 (annotated)
modules/libmar/src/mar_cmdline.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef MAR_CMDLINE_H__ |
| michael@0 | 6 | #define MAR_CMDLINE_H__ |
| michael@0 | 7 | |
| michael@0 | 8 | /* We use NSPR here just to import the definition of uint32_t */ |
| michael@0 | 9 | |
| michael@0 | 10 | #ifdef __cplusplus |
| michael@0 | 11 | extern "C" { |
| michael@0 | 12 | #endif |
| michael@0 | 13 | |
| michael@0 | 14 | struct ProductInformationBlock; |
| michael@0 | 15 | |
| michael@0 | 16 | /** |
| michael@0 | 17 | * Determines MAR file information. |
| michael@0 | 18 | * |
| michael@0 | 19 | * @param path The path of the MAR file to check. |
| michael@0 | 20 | * @param hasSignatureBlock Optional out parameter specifying if the MAR |
| michael@0 | 21 | * file has a signature block or not. |
| michael@0 | 22 | * @param numSignatures Optional out parameter for storing the number |
| michael@0 | 23 | * of signatures in the MAR file. |
| michael@0 | 24 | * @param hasAdditionalBlocks Optional out parameter specifying if the MAR |
| michael@0 | 25 | * file has additional blocks or not. |
| michael@0 | 26 | * @param offsetAdditionalBlocks Optional out parameter for the offset to the |
| michael@0 | 27 | * first additional block. Value is only valid if |
| michael@0 | 28 | * hasAdditionalBlocks is not equal to 0. |
| michael@0 | 29 | * @param numAdditionalBlocks Optional out parameter for the number of |
| michael@0 | 30 | * additional blocks. Value is only valid if |
| michael@0 | 31 | * has_additional_blocks is not equal to 0. |
| michael@0 | 32 | * @return 0 on success and non-zero on failure. |
| michael@0 | 33 | */ |
| michael@0 | 34 | int get_mar_file_info(const char *path, |
| michael@0 | 35 | int *hasSignatureBlock, |
| michael@0 | 36 | uint32_t *numSignatures, |
| michael@0 | 37 | int *hasAdditionalBlocks, |
| michael@0 | 38 | uint32_t *offsetAdditionalBlocks, |
| michael@0 | 39 | uint32_t *numAdditionalBlocks); |
| michael@0 | 40 | |
| michael@0 | 41 | /** |
| michael@0 | 42 | * Verifies a MAR file by verifying each signature with the corresponding |
| michael@0 | 43 | * certificate. That is, the first signature will be verified using the first |
| michael@0 | 44 | * certificate given, the second signature will be verified using the second |
| michael@0 | 45 | * certificate given, etc. The signature count must exactly match the number of |
| michael@0 | 46 | * certificates given, and all signature verifications must succeed. |
| michael@0 | 47 | * This is only used by the signmar program when used with arguments to verify |
| michael@0 | 48 | * a MAR. This should not be used to verify a MAR that will be extracted in the |
| michael@0 | 49 | * same operation by updater code. This function prints the error message if |
| michael@0 | 50 | * verification fails. |
| michael@0 | 51 | * |
| michael@0 | 52 | * @param pathToMAR The path of the MAR file whose signature should be |
| michael@0 | 53 | * checked |
| michael@0 | 54 | * @param certData Pointer to the first element in an array of certificate |
| michael@0 | 55 | * file data. |
| michael@0 | 56 | * @param certDataSizes Pointer to the first element in an array for size of |
| michael@0 | 57 | * the cert data. |
| michael@0 | 58 | * @param certNames Pointer to the first element in an array of certificate |
| michael@0 | 59 | * names. |
| michael@0 | 60 | * Used only if compiled with NSS support |
| michael@0 | 61 | * @param certCount The number of elements in certData, certDataSizes, |
| michael@0 | 62 | * and certNames |
| michael@0 | 63 | * @return 0 on success |
| michael@0 | 64 | * a negative number if there was an error |
| michael@0 | 65 | * a positive number if the signature does not verify |
| michael@0 | 66 | */ |
| michael@0 | 67 | int mar_verify_signatures(const char *pathToMAR, |
| michael@0 | 68 | const uint8_t * const *certData, |
| michael@0 | 69 | const uint32_t *certDataSizes, |
| michael@0 | 70 | const char * const *certNames, |
| michael@0 | 71 | uint32_t certCount); |
| michael@0 | 72 | |
| michael@0 | 73 | /** |
| michael@0 | 74 | * Reads the product info block from the MAR file's additional block section. |
| michael@0 | 75 | * The caller is responsible for freeing the fields in infoBlock |
| michael@0 | 76 | * if the return is successful. |
| michael@0 | 77 | * |
| michael@0 | 78 | * @param infoBlock Out parameter for where to store the result to |
| michael@0 | 79 | * @return 0 on success, -1 on failure |
| michael@0 | 80 | */ |
| michael@0 | 81 | int |
| michael@0 | 82 | read_product_info_block(char *path, |
| michael@0 | 83 | struct ProductInformationBlock *infoBlock); |
| michael@0 | 84 | |
| michael@0 | 85 | /** |
| michael@0 | 86 | * Refreshes the product information block with the new information. |
| michael@0 | 87 | * The input MAR must not be signed or the function call will fail. |
| michael@0 | 88 | * |
| michael@0 | 89 | * @param path The path to the MAR file whose product info block |
| michael@0 | 90 | * should be refreshed. |
| michael@0 | 91 | * @param infoBlock Out parameter for where to store the result to |
| michael@0 | 92 | * @return 0 on success, -1 on failure |
| michael@0 | 93 | */ |
| michael@0 | 94 | int |
| michael@0 | 95 | refresh_product_info_block(const char *path, |
| michael@0 | 96 | struct ProductInformationBlock *infoBlock); |
| michael@0 | 97 | |
| michael@0 | 98 | /** |
| michael@0 | 99 | * Writes out a copy of the MAR at src but with the signature block stripped. |
| michael@0 | 100 | * |
| michael@0 | 101 | * @param src The path of the source MAR file |
| michael@0 | 102 | * @param dest The path of the MAR file to write out that |
| michael@0 | 103 | has no signature block |
| michael@0 | 104 | * @return 0 on success |
| michael@0 | 105 | * -1 on error |
| michael@0 | 106 | */ |
| michael@0 | 107 | int |
| michael@0 | 108 | strip_signature_block(const char *src, const char * dest); |
| michael@0 | 109 | |
| michael@0 | 110 | /** |
| michael@0 | 111 | * Extracts a signature from a MAR file, base64 encodes it, and writes it out |
| michael@0 | 112 | * |
| michael@0 | 113 | * @param src The path of the source MAR file |
| michael@0 | 114 | * @param sigIndex The index of the signature to extract |
| michael@0 | 115 | * @param dest The path of file to write the signature to |
| michael@0 | 116 | * @return 0 on success |
| michael@0 | 117 | * -1 on error |
| michael@0 | 118 | */ |
| michael@0 | 119 | int |
| michael@0 | 120 | extract_signature(const char *src, uint32_t sigIndex, const char * dest); |
| michael@0 | 121 | |
| michael@0 | 122 | /** |
| michael@0 | 123 | * Imports a base64 encoded signature into a MAR file |
| michael@0 | 124 | * |
| michael@0 | 125 | * @param src The path of the source MAR file |
| michael@0 | 126 | * @param sigIndex The index of the signature to import |
| michael@0 | 127 | * @param base64SigFile A file which contains the signature to import |
| michael@0 | 128 | * @param dest The path of the destination MAR file with replaced signature |
| michael@0 | 129 | * @return 0 on success |
| michael@0 | 130 | * -1 on error |
| michael@0 | 131 | */ |
| michael@0 | 132 | int |
| michael@0 | 133 | import_signature(const char *src, |
| michael@0 | 134 | uint32_t sigIndex, |
| michael@0 | 135 | const char * base64SigFile, |
| michael@0 | 136 | const char *dest); |
| michael@0 | 137 | |
| michael@0 | 138 | #ifdef __cplusplus |
| michael@0 | 139 | } |
| michael@0 | 140 | #endif |
| michael@0 | 141 | |
| michael@0 | 142 | #endif /* MAR_CMDLINE_H__ */ |
