michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef MAR_CMDLINE_H__ michael@0: #define MAR_CMDLINE_H__ michael@0: michael@0: /* We use NSPR here just to import the definition of uint32_t */ michael@0: michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: michael@0: struct ProductInformationBlock; michael@0: michael@0: /** michael@0: * Determines MAR file information. michael@0: * michael@0: * @param path The path of the MAR file to check. michael@0: * @param hasSignatureBlock Optional out parameter specifying if the MAR michael@0: * file has a signature block or not. michael@0: * @param numSignatures Optional out parameter for storing the number michael@0: * of signatures in the MAR file. michael@0: * @param hasAdditionalBlocks Optional out parameter specifying if the MAR michael@0: * file has additional blocks or not. michael@0: * @param offsetAdditionalBlocks Optional out parameter for the offset to the michael@0: * first additional block. Value is only valid if michael@0: * hasAdditionalBlocks is not equal to 0. michael@0: * @param numAdditionalBlocks Optional out parameter for the number of michael@0: * additional blocks. Value is only valid if michael@0: * has_additional_blocks is not equal to 0. michael@0: * @return 0 on success and non-zero on failure. michael@0: */ michael@0: int get_mar_file_info(const char *path, michael@0: int *hasSignatureBlock, michael@0: uint32_t *numSignatures, michael@0: int *hasAdditionalBlocks, michael@0: uint32_t *offsetAdditionalBlocks, michael@0: uint32_t *numAdditionalBlocks); michael@0: michael@0: /** michael@0: * Verifies a MAR file by verifying each signature with the corresponding michael@0: * certificate. That is, the first signature will be verified using the first michael@0: * certificate given, the second signature will be verified using the second michael@0: * certificate given, etc. The signature count must exactly match the number of michael@0: * certificates given, and all signature verifications must succeed. michael@0: * This is only used by the signmar program when used with arguments to verify michael@0: * a MAR. This should not be used to verify a MAR that will be extracted in the michael@0: * same operation by updater code. This function prints the error message if michael@0: * verification fails. michael@0: * michael@0: * @param pathToMAR The path of the MAR file whose signature should be michael@0: * checked michael@0: * @param certData Pointer to the first element in an array of certificate michael@0: * file data. michael@0: * @param certDataSizes Pointer to the first element in an array for size of michael@0: * the cert data. michael@0: * @param certNames Pointer to the first element in an array of certificate michael@0: * names. michael@0: * Used only if compiled with NSS support michael@0: * @param certCount The number of elements in certData, certDataSizes, michael@0: * and certNames michael@0: * @return 0 on success michael@0: * a negative number if there was an error michael@0: * a positive number if the signature does not verify michael@0: */ michael@0: int mar_verify_signatures(const char *pathToMAR, michael@0: const uint8_t * const *certData, michael@0: const uint32_t *certDataSizes, michael@0: const char * const *certNames, michael@0: uint32_t certCount); michael@0: michael@0: /** michael@0: * Reads the product info block from the MAR file's additional block section. michael@0: * The caller is responsible for freeing the fields in infoBlock michael@0: * if the return is successful. michael@0: * michael@0: * @param infoBlock Out parameter for where to store the result to michael@0: * @return 0 on success, -1 on failure michael@0: */ michael@0: int michael@0: read_product_info_block(char *path, michael@0: struct ProductInformationBlock *infoBlock); michael@0: michael@0: /** michael@0: * Refreshes the product information block with the new information. michael@0: * The input MAR must not be signed or the function call will fail. michael@0: * michael@0: * @param path The path to the MAR file whose product info block michael@0: * should be refreshed. michael@0: * @param infoBlock Out parameter for where to store the result to michael@0: * @return 0 on success, -1 on failure michael@0: */ michael@0: int michael@0: refresh_product_info_block(const char *path, michael@0: struct ProductInformationBlock *infoBlock); michael@0: michael@0: /** michael@0: * Writes out a copy of the MAR at src but with the signature block stripped. michael@0: * michael@0: * @param src The path of the source MAR file michael@0: * @param dest The path of the MAR file to write out that michael@0: has no signature block michael@0: * @return 0 on success michael@0: * -1 on error michael@0: */ michael@0: int michael@0: strip_signature_block(const char *src, const char * dest); michael@0: michael@0: /** michael@0: * Extracts a signature from a MAR file, base64 encodes it, and writes it out michael@0: * michael@0: * @param src The path of the source MAR file michael@0: * @param sigIndex The index of the signature to extract michael@0: * @param dest The path of file to write the signature to michael@0: * @return 0 on success michael@0: * -1 on error michael@0: */ michael@0: int michael@0: extract_signature(const char *src, uint32_t sigIndex, const char * dest); michael@0: michael@0: /** michael@0: * Imports a base64 encoded signature into a MAR file michael@0: * michael@0: * @param src The path of the source MAR file michael@0: * @param sigIndex The index of the signature to import michael@0: * @param base64SigFile A file which contains the signature to import michael@0: * @param dest The path of the destination MAR file with replaced signature michael@0: * @return 0 on success michael@0: * -1 on error michael@0: */ michael@0: int michael@0: import_signature(const char *src, michael@0: uint32_t sigIndex, michael@0: const char * base64SigFile, michael@0: const char *dest); michael@0: michael@0: #ifdef __cplusplus michael@0: } michael@0: #endif michael@0: michael@0: #endif /* MAR_CMDLINE_H__ */