1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/jar/jar.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,373 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef __JAR_h_
1.9 +#define __JAR_h_
1.10 +
1.11 +/*
1.12 + * In general, any functions that return pointers
1.13 + * have memory owned by the caller.
1.14 + *
1.15 + */
1.16 +
1.17 +/* security includes */
1.18 +#include "cert.h"
1.19 +#include "hasht.h"
1.20 +
1.21 +/* nspr 2.0 includes */
1.22 +#include "prio.h"
1.23 +
1.24 +#define ZHUGEP
1.25 +
1.26 +#include <stdio.h>
1.27 +
1.28 +/* various types */
1.29 +
1.30 +typedef enum {
1.31 + jarTypeMF = 2,
1.32 + jarTypeSF = 3,
1.33 + jarTypeMeta = 6,
1.34 + jarTypePhy = 7,
1.35 + jarTypeSign = 10,
1.36 + jarTypeSect = 11,
1.37 + jarTypeOwner = 13
1.38 +} jarType;
1.39 +
1.40 +/* void data in ZZList's contain JAR_Item type */
1.41 +typedef struct JAR_Item_ {
1.42 + char *pathname; /* relative. inside zip file */
1.43 + jarType type; /* various types */
1.44 + size_t size; /* size of data below */
1.45 + void *data; /* totally opaque */
1.46 +} JAR_Item;
1.47 +
1.48 +/* hashes */
1.49 +typedef enum {
1.50 + jarHashNone = 0,
1.51 + jarHashBad = 1,
1.52 + jarHashPresent = 2
1.53 +} jarHash;
1.54 +
1.55 +typedef struct JAR_Digest_ {
1.56 + jarHash md5_status;
1.57 + unsigned char md5 [MD5_LENGTH];
1.58 + jarHash sha1_status;
1.59 + unsigned char sha1 [SHA1_LENGTH];
1.60 +} JAR_Digest;
1.61 +
1.62 +/* physical archive formats */
1.63 +typedef enum {
1.64 + jarArchGuess = 0,
1.65 + jarArchNone = 1,
1.66 + jarArchZip = 2,
1.67 + jarArchTar = 3
1.68 +} jarArch;
1.69 +
1.70 +#include "jar-ds.h"
1.71 +
1.72 +struct JAR_;
1.73 +
1.74 +typedef int jar_settable_callback_fn(int status, struct JAR_ *jar,
1.75 + const char *metafile, char *pathname,
1.76 + char *errortext);
1.77 +
1.78 +/* jar object */
1.79 +typedef struct JAR_ {
1.80 + jarArch format; /* physical archive format */
1.81 +
1.82 + char *url; /* Where it came from */
1.83 + char *filename; /* Disk location */
1.84 + FILE *fp; /* For multiple extractions */
1.85 + /* JAR_FILE */
1.86 +
1.87 + /* various linked lists */
1.88 + ZZList *manifest; /* Digests of MF sections */
1.89 + ZZList *hashes; /* Digests of actual signed files */
1.90 + ZZList *phy; /* Physical layout of JAR file */
1.91 + ZZList *metainfo; /* Global metainfo */
1.92 +
1.93 + JAR_Digest *globalmeta; /* digest of .MF global portion */
1.94 +
1.95 + /* Below will change to a linked list to support multiple sigs */
1.96 + int pkcs7; /* Enforced opaqueness */
1.97 + int valid; /* PKCS7 signature validated */
1.98 +
1.99 + ZZList *signers; /* the above, per signer */
1.100 +
1.101 + /* Window context, very necessary for PKCS11 now */
1.102 + void *mw; /* MWContext window context */
1.103 +
1.104 + /* Signal callback function */
1.105 + jar_settable_callback_fn *signal;
1.106 +} JAR;
1.107 +
1.108 +/*
1.109 + * Iterator
1.110 + *
1.111 + * Context for iterative operations. Certain operations
1.112 + * require iterating multiple linked lists because of
1.113 + * multiple signers. "nextsign" is used for this purpose.
1.114 + *
1.115 + */
1.116 +typedef struct JAR_Context_ {
1.117 + JAR *jar; /* Jar we are searching */
1.118 + char *pattern; /* Regular expression */
1.119 + jarType finding; /* Type of item to find */
1.120 + ZZLink *next; /* Next item in find */
1.121 + ZZLink *nextsign; /* Next signer, sometimes */
1.122 +} JAR_Context;
1.123 +
1.124 +typedef struct JAR_Signer_ {
1.125 + int pkcs7; /* Enforced opaqueness */
1.126 + int valid; /* PKCS7 signature validated */
1.127 + char *owner; /* name of .RSA file */
1.128 + JAR_Digest *digest; /* of .SF file */
1.129 + ZZList *sf; /* Linked list of .SF file contents */
1.130 + ZZList *certs; /* Signing information */
1.131 +} JAR_Signer;
1.132 +
1.133 +/* Meta informaton, or "policy", from the manifest file.
1.134 + Right now just one tuple per JAR_Item. */
1.135 +typedef struct JAR_Metainfo_ {
1.136 + char *header;
1.137 + char *info;
1.138 +} JAR_Metainfo;
1.139 +
1.140 +/* This should not be global */
1.141 +typedef struct JAR_Physical_ {
1.142 + unsigned char compression;
1.143 + unsigned long offset;
1.144 + unsigned long length;
1.145 + unsigned long uncompressed_length;
1.146 +#if defined(XP_UNIX) || defined(XP_BEOS)
1.147 + PRUint16 mode;
1.148 +#endif
1.149 +} JAR_Physical;
1.150 +
1.151 +typedef struct JAR_Cert_ {
1.152 + size_t length;
1.153 + void *key;
1.154 + CERTCertificate *cert;
1.155 +} JAR_Cert;
1.156 +
1.157 +
1.158 +/* certificate stuff */
1.159 +typedef enum {
1.160 + jarCertCompany = 1,
1.161 + jarCertCA = 2,
1.162 + jarCertSerial = 3,
1.163 + jarCertExpires = 4,
1.164 + jarCertNickname = 5,
1.165 + jarCertFinger = 6,
1.166 + jarCertJavaHack = 100
1.167 +} jarCert;
1.168 +
1.169 +/* callback types */
1.170 +#define JAR_CB_SIGNAL 1
1.171 +
1.172 +/*
1.173 + * This is the base for the JAR error codes. It will
1.174 + * change when these are incorporated into allxpstr.c,
1.175 + * but right now they won't let me put them there.
1.176 + *
1.177 + */
1.178 +#ifndef SEC_ERR_BASE
1.179 +#define SEC_ERR_BASE (-0x2000)
1.180 +#endif
1.181 +
1.182 +#define JAR_BASE SEC_ERR_BASE + 300
1.183 +
1.184 +/* Jar specific error definitions */
1.185 +
1.186 +#define JAR_ERR_GENERAL (JAR_BASE + 1)
1.187 +#define JAR_ERR_FNF (JAR_BASE + 2)
1.188 +#define JAR_ERR_CORRUPT (JAR_BASE + 3)
1.189 +#define JAR_ERR_MEMORY (JAR_BASE + 4)
1.190 +#define JAR_ERR_DISK (JAR_BASE + 5)
1.191 +#define JAR_ERR_ORDER (JAR_BASE + 6)
1.192 +#define JAR_ERR_SIG (JAR_BASE + 7)
1.193 +#define JAR_ERR_METADATA (JAR_BASE + 8)
1.194 +#define JAR_ERR_ENTRY (JAR_BASE + 9)
1.195 +#define JAR_ERR_HASH (JAR_BASE + 10)
1.196 +#define JAR_ERR_PK7 (JAR_BASE + 11)
1.197 +#define JAR_ERR_PNF (JAR_BASE + 12)
1.198 +
1.199 +/* Function declarations */
1.200 +
1.201 +extern JAR *JAR_new (void);
1.202 +
1.203 +extern void PR_CALLBACK JAR_destroy (JAR *jar);
1.204 +
1.205 +extern char *JAR_get_error (int status);
1.206 +
1.207 +extern int JAR_set_callback(int type, JAR *jar, jar_settable_callback_fn *fn);
1.208 +
1.209 +extern void
1.210 +JAR_init_callbacks(char *(*string_cb)(int),
1.211 + void *(*find_cx)(void),
1.212 + void *(*init_cx)(void) );
1.213 +
1.214 +/*
1.215 + * JAR_set_context
1.216 + *
1.217 + * PKCS11 may require a password to be entered by the user
1.218 + * before any crypto routines may be called. This will require
1.219 + * a window context if used from inside Mozilla.
1.220 + *
1.221 + * Call this routine with your context before calling
1.222 + * verifying or signing. If you have no context, call with NULL
1.223 + * and one will be chosen for you.
1.224 + *
1.225 + */
1.226 +int JAR_set_context (JAR *jar, void /*MWContext*/ *mw);
1.227 +
1.228 +/*
1.229 + * Iterative operations
1.230 + *
1.231 + * JAR_find sets up for repeated calls with JAR_find_next.
1.232 + * I never liked findfirst and findnext, this is nicer.
1.233 + *
1.234 + * Pattern contains a relative pathname to match inside the
1.235 + * archive. It is currently assumed to be "*".
1.236 + *
1.237 + * To use:
1.238 + *
1.239 + * JAR_Item *item;
1.240 + * JAR_find (jar, "*.class", jarTypeMF);
1.241 + * while (JAR_find_next (jar, &item) >= 0)
1.242 + * { do stuff }
1.243 + *
1.244 + */
1.245 +
1.246 +/* Replacement functions with an external context */
1.247 +
1.248 +extern JAR_Context *JAR_find (JAR *jar, char *pattern, jarType type);
1.249 +
1.250 +extern int JAR_find_next (JAR_Context *ctx, JAR_Item **it);
1.251 +
1.252 +extern void JAR_find_end (JAR_Context *ctx);
1.253 +
1.254 +/*
1.255 + * Function to parse manifest file:
1.256 + *
1.257 + * Many signatures may be attached to a single filename located
1.258 + * inside the zip file. We only support one.
1.259 + *
1.260 + * Several manifests may be included in the zip file.
1.261 + *
1.262 + * You must pass the MANIFEST.MF file before any .SF files.
1.263 + *
1.264 + * Right now this returns a big ole list, privately in the jar structure.
1.265 + * If you need to traverse it, use JAR_find if possible.
1.266 + *
1.267 + * The path is needed to determine what type of binary signature is
1.268 + * being passed, though it is technically not needed for manifest files.
1.269 + *
1.270 + * When parsing an ASCII file, null terminate the ASCII raw_manifest
1.271 + * prior to sending it, and indicate a length of 0. For binary digital
1.272 + * signatures only, indicate the true length of the signature.
1.273 + * (This is legacy behavior.)
1.274 + *
1.275 + * You may free the manifest after parsing it.
1.276 + *
1.277 + */
1.278 +
1.279 +extern int
1.280 +JAR_parse_manifest(JAR *jar, char *raw_manifest, long length, const char *path,
1.281 + const char *url);
1.282 +
1.283 +/*
1.284 + * Verify data (nonstreaming). The signature is actually
1.285 + * checked by JAR_parse_manifest or JAR_pass_archive.
1.286 + *
1.287 + */
1.288 +
1.289 +extern JAR_Digest * PR_CALLBACK
1.290 +JAR_calculate_digest(void *data, long length);
1.291 +
1.292 +extern int PR_CALLBACK
1.293 +JAR_verify_digest(JAR *jar, const char *name, JAR_Digest *dig);
1.294 +
1.295 +extern int
1.296 +JAR_digest_file(char *filename, JAR_Digest *dig);
1.297 +
1.298 +/*
1.299 + * Meta information
1.300 + *
1.301 + * Currently, since this call does not support passing of an owner
1.302 + * (certificate, or physical name of the .sf file), it is restricted to
1.303 + * returning information located in the manifest.mf file.
1.304 + *
1.305 + * Meta information is a name/value pair inside the archive file. Here,
1.306 + * the name is passed in *header and value returned in **info.
1.307 + *
1.308 + * Pass a NULL as the name to retrieve metainfo from the global section.
1.309 + *
1.310 + * Data is returned in **info, of size *length. The return value
1.311 + * will indicate if no data was found.
1.312 + *
1.313 + */
1.314 +
1.315 +extern int
1.316 +JAR_get_metainfo(JAR *jar, char *name, char *header, void **info,
1.317 + unsigned long *length);
1.318 +
1.319 +extern char *JAR_get_filename (JAR *jar);
1.320 +
1.321 +extern char *JAR_get_url (JAR *jar);
1.322 +
1.323 +/* save the certificate with this fingerprint in persistent
1.324 + storage, somewhere, for retrieval in a future session when there
1.325 + is no corresponding JAR structure. */
1.326 +extern int PR_CALLBACK
1.327 +JAR_stash_cert(JAR *jar, long keylen, void *key);
1.328 +
1.329 +/* retrieve a certificate presumably stashed with the above
1.330 + function, but may be any certificate. Type is &CERTCertificate */
1.331 +CERTCertificate *
1.332 +JAR_fetch_cert(long length, void *key);
1.333 +
1.334 +/*
1.335 + * New functions to handle archives alone
1.336 + * (call JAR_new beforehand)
1.337 + *
1.338 + * JAR_pass_archive acts much like parse_manifest. Certificates
1.339 + * are returned in the JAR structure but as opaque data. When calling
1.340 + * JAR_verified_extract you still need to decide which of these
1.341 + * certificates to honor.
1.342 + *
1.343 + * Code to examine a JAR structure is in jarbert.c. You can obtain both
1.344 + * a list of filenames and certificates from traversing the linked list.
1.345 + *
1.346 + */
1.347 +extern int
1.348 +JAR_pass_archive(JAR *jar, jarArch format, char *filename, const char *url);
1.349 +
1.350 +/*
1.351 + * Same thing, but don't check signatures
1.352 + */
1.353 +extern int
1.354 +JAR_pass_archive_unverified(JAR *jar, jarArch format, char *filename,
1.355 + const char *url);
1.356 +
1.357 +/*
1.358 + * Extracts a relative pathname from the archive and places it
1.359 + * in the filename specified.
1.360 + *
1.361 + * Call JAR_set_nailed if you want to keep the file descriptors
1.362 + * open between multiple calls to JAR_verify_extract.
1.363 + *
1.364 + */
1.365 +extern int
1.366 +JAR_verified_extract(JAR *jar, char *path, char *outpath);
1.367 +
1.368 +/*
1.369 + * JAR_extract does no crypto checking. This can be used if you
1.370 + * need to extract a manifest file or signature, etc.
1.371 + *
1.372 + */
1.373 +extern int
1.374 +JAR_extract(JAR *jar, char *path, char *outpath);
1.375 +
1.376 +#endif /* __JAR_h_ */
