1/* 2 * Copyright (c) 1999-2002,2004,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 * 23 * eisl.h -- Embedded Integrity Services Library Interface 24 */ 25 26#ifndef _EISL_H_ 27#define _EISL_H_ 1 28 29#include <Security/cssmconfig.h> 30 31#ifdef __cplusplus 32extern "C" { 33#endif 34 35/* Data Types for Embedded Integrity Services Library */ 36 37typedef const void *ISL_ITERATOR_PTR; 38 39typedef const void *ISL_VERIFIED_SIGNATURE_ROOT_PTR; 40 41typedef const void *ISL_VERIFIED_CERTIFICATE_CHAIN_PTR; 42 43typedef const void *ISL_VERIFIED_CERTIFICATE_PTR; 44 45typedef const void *ISL_MANIFEST_SECTION_PTR; 46 47typedef const void *ISL_VERIFIED_MODULE_PTR; 48 49typedef void (*ISL_FUNCTION_PTR)(void); 50 51typedef struct isl_data { 52 CSSM_SIZE Length; /* in bytes */ 53 uint8 *Data; 54} ISL_DATA, *ISL_DATA_PTR; 55 56typedef struct isl_const_data { 57 CSSM_SIZE Length; /* in bytes */ 58 const uint8 *Data; 59} ISL_CONST_DATA, *ISL_CONST_DATA_PTR; 60 61typedef enum isl_status { 62 ISL_OK = 0, 63 ISL_FAIL = -1 64} ISL_STATUS; 65 66 67/* Embedded Integrity Services Library Functions */ 68 69ISL_VERIFIED_MODULE_PTR 70EISL_SelfCheck (); 71 72ISL_VERIFIED_MODULE_PTR 73EISL_VerifyAndLoadModuleAndCredentialData (const ISL_CONST_DATA CredentialsImage, 74 const ISL_CONST_DATA ModuleSearchPath, 75 const ISL_CONST_DATA Name, 76 const ISL_CONST_DATA Signer, 77 const ISL_CONST_DATA PublicKey); 78 79ISL_VERIFIED_MODULE_PTR 80EISL_VerifyAndLoadModuleAndCredentialDataWithCertificate (const ISL_CONST_DATA CredentialsImage, 81 const ISL_CONST_DATA ModuleSearchPath, 82 const ISL_CONST_DATA Name, 83 const ISL_CONST_DATA Signer, 84 const ISL_CONST_DATA Certificate); 85 86ISL_VERIFIED_MODULE_PTR 87EISL_VerifyAndLoadModuleAndCredentials (ISL_CONST_DATA Credentials, 88 ISL_CONST_DATA Name, 89 ISL_CONST_DATA Signer, 90 ISL_CONST_DATA PublicKey); 91 92ISL_VERIFIED_MODULE_PTR 93EISL_VerifyAndLoadModuleAndCredentialsWithCertificate (const ISL_CONST_DATA Credentials, 94 const ISL_CONST_DATA Name, 95 const ISL_CONST_DATA Signer, 96 const ISL_CONST_DATA Certificate); 97 98ISL_VERIFIED_MODULE_PTR 99EISL_VerifyLoadedModuleAndCredentialData (const ISL_CONST_DATA CredentialsImage, 100 const ISL_CONST_DATA ModuleSearchPath, 101 const ISL_CONST_DATA Name, 102 const ISL_CONST_DATA Signer, 103 const ISL_CONST_DATA PublicKey); 104 105ISL_VERIFIED_MODULE_PTR 106EISL_VerifyLoadedModuleAndCredentialDataWithCertificate (const ISL_CONST_DATA CredentialsImage, 107 const ISL_CONST_DATA ModuleSearchPath, 108 const ISL_CONST_DATA Name, 109 const ISL_CONST_DATA Signer, 110 const ISL_CONST_DATA Certificate); 111 112ISL_VERIFIED_MODULE_PTR 113EISL_VerifyLoadedModuleAndCredentials (ISL_CONST_DATA Credentials, 114 ISL_CONST_DATA Name, 115 ISL_CONST_DATA Signer, 116 ISL_CONST_DATA PublicKey); 117 118ISL_VERIFIED_MODULE_PTR 119EISL_VerifyLoadedModuleAndCredentialsWithCertificate (const ISL_CONST_DATA Credentials, 120 const ISL_CONST_DATA Name, 121 const ISL_CONST_DATA Signer, 122 const ISL_CONST_DATA Certificate); 123 124ISL_VERIFIED_CERTIFICATE_CHAIN_PTR 125EISL_GetCertificateChain (ISL_VERIFIED_MODULE_PTR Module); 126 127uint32 128EISL_ContinueVerification (ISL_VERIFIED_MODULE_PTR Module, 129 uint32 WorkFactor); 130 131ISL_VERIFIED_MODULE_PTR 132EISL_DuplicateVerifiedModulePtr (ISL_VERIFIED_MODULE_PTR Module); 133 134ISL_STATUS 135EISL_RecycleVerifiedModuleCredentials (ISL_VERIFIED_MODULE_PTR Verification); 136 137 138/* Signature Root Methods */ 139 140ISL_VERIFIED_SIGNATURE_ROOT_PTR 141EISL_CreateVerifiedSignatureRootWithCredentialData (const ISL_CONST_DATA CredentialsImage, 142 const ISL_CONST_DATA ModuleSearchPath, 143 const ISL_CONST_DATA Signer, 144 const ISL_CONST_DATA PublicKey); 145 146ISL_VERIFIED_SIGNATURE_ROOT_PTR 147EISL_CreateVerifiedSignatureRootWithCredentialDataAndCertificate (const ISL_CONST_DATA CredentialsImage, 148 const ISL_CONST_DATA ModuleSearchPath, 149 ISL_VERIFIED_CERTIFICATE_PTR Cert); 150 151ISL_VERIFIED_SIGNATURE_ROOT_PTR 152EISL_CreateVerfiedSignatureRoot (ISL_CONST_DATA Credentials, 153 ISL_CONST_DATA Signer, 154 ISL_CONST_DATA PublicKey); 155 156ISL_VERIFIED_SIGNATURE_ROOT_PTR 157EISL_CreateVerfiedSignatureRootWithCertificate (ISL_CONST_DATA Credentials, 158 ISL_VERIFIED_CERTIFICATE_PTR Cert); 159 160ISL_MANIFEST_SECTION_PTR 161EISL_FindManifestSection (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root, 162 ISL_CONST_DATA Name); 163 164ISL_ITERATOR_PTR 165EISL_CreateManifestSectionEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); 166 167ISL_MANIFEST_SECTION_PTR 168EISL_GetNextManifestSection (ISL_ITERATOR_PTR Iterator); 169 170ISL_STATUS 171EISL_RecycleManifestSectionEnumerator (ISL_ITERATOR_PTR Iterator); 172 173ISL_STATUS 174EISL_FindManifestAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context, 175 ISL_CONST_DATA Name, 176 ISL_CONST_DATA_PTR Value); 177 178ISL_ITERATOR_PTR 179EISL_CreateManifestAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context); 180 181ISL_STATUS 182EISL_FindSignerInfoAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context, 183 ISL_CONST_DATA Name, 184 ISL_CONST_DATA_PTR Value); 185 186ISL_ITERATOR_PTR 187EISL_CreateSignerInfoAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Context); 188 189ISL_STATUS 190EISL_GetNextAttribute (ISL_ITERATOR_PTR Iterator, 191 ISL_CONST_DATA_PTR Name, 192 ISL_CONST_DATA_PTR Value); 193 194ISL_STATUS 195EISL_RecycleAttributeEnumerator (ISL_ITERATOR_PTR Iterator); 196 197ISL_STATUS 198EISL_FindSignatureAttribute (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root, 199 ISL_CONST_DATA Name, 200 ISL_CONST_DATA_PTR Value); 201 202ISL_ITERATOR_PTR 203EISL_CreateSignatureAttributeEnumerator (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); 204 205ISL_STATUS 206EISL_GetNextSignatureAttribute (ISL_ITERATOR_PTR Iterator, 207 ISL_CONST_DATA_PTR Name, 208 ISL_CONST_DATA_PTR Value); 209 210ISL_STATUS 211EISL_RecycleSignatureAttributeEnumerator (ISL_ITERATOR_PTR Iterator); 212 213ISL_STATUS 214EISL_RecycleVerifiedSignatureRoot (ISL_VERIFIED_SIGNATURE_ROOT_PTR Root); 215 216 217/* Certificate Chain Methods */ 218 219const ISL_VERIFIED_CERTIFICATE_CHAIN_PTR 220EISL_CreateCertificateChainWithCredentialData (const ISL_CONST_DATA RootIssuer, 221 const ISL_CONST_DATA PublicKey, 222 const ISL_CONST_DATA CredentialsImage, 223 const ISL_CONST_DATA ModuleSearchPath); 224 225ISL_VERIFIED_CERTIFICATE_CHAIN_PTR 226EISL_CreateCertificateChainWithCredentialDataAndCertificate (const ISL_CONST_DATA Certificate, 227 const ISL_CONST_DATA CredentialsImage, 228 const ISL_CONST_DATA ModuleSearchPath); 229 230ISL_VERIFIED_CERTIFICATE_CHAIN_PTR 231EISL_CreateCertificateChain (ISL_CONST_DATA RootIssuer, 232 ISL_CONST_DATA PublicKey, 233 ISL_CONST_DATA Credential); 234 235ISL_VERIFIED_CERTIFICATE_CHAIN_PTR 236EISL_CreateCertificateChainWithCertificate (const ISL_CONST_DATA Certificate, 237 const ISL_CONST_DATA Credential); 238 239uint32 240EISL_CopyCertificateChain (ISL_VERIFIED_CERTIFICATE_CHAIN_PTR Verification, 241 ISL_VERIFIED_CERTIFICATE_PTR Certs[], 242 uint32 MaxCertificates); 243 244ISL_STATUS 245EISL_RecycleVerifiedCertificateChain (ISL_VERIFIED_CERTIFICATE_CHAIN_PTR Chain); 246 247 248/* Certificate Attribute Methods */ 249 250ISL_STATUS 251EISL_FindCertificateAttribute (ISL_VERIFIED_CERTIFICATE_PTR Cert, 252 ISL_CONST_DATA Name, 253 ISL_CONST_DATA_PTR Value); 254 255ISL_ITERATOR_PTR 256EISL_CreateCertificateAttributeEnumerator (ISL_VERIFIED_CERTIFICATE_PTR Cert); 257 258ISL_STATUS 259EISL_GetNextCertificateAttribute (ISL_ITERATOR_PTR CertIterator, 260 ISL_CONST_DATA_PTR Name, 261 ISL_CONST_DATA_PTR Value); 262 263ISL_STATUS 264EISL_RecycleCertificateAttributeEnumerator (ISL_ITERATOR_PTR CertIterator); 265 266 267/* Manifest Section Object Methods */ 268 269ISL_VERIFIED_SIGNATURE_ROOT_PTR 270EISL_GetManifestSignatureRoot (ISL_MANIFEST_SECTION_PTR Section); 271 272ISL_VERIFIED_MODULE_PTR 273EISL_VerifyAndLoadModule (ISL_MANIFEST_SECTION_PTR Section); 274 275ISL_VERIFIED_MODULE_PTR 276EISL_VerifyLoadedModule (ISL_MANIFEST_SECTION_PTR Section); 277 278ISL_STATUS 279EISL_FindManifestSectionAttribute (ISL_MANIFEST_SECTION_PTR Section, 280 ISL_CONST_DATA Name, 281 ISL_CONST_DATA_PTR Value); 282 283ISL_ITERATOR_PTR 284EISL_CreateManifestSectionAttributeEnumerator (ISL_MANIFEST_SECTION_PTR Section); 285 286ISL_STATUS 287EISL_GetNextManifestSectionAttribute (ISL_ITERATOR_PTR Iterator, 288 ISL_CONST_DATA_PTR Name, 289 ISL_CONST_DATA_PTR Value); 290 291ISL_STATUS 292EISL_RecycleManifestSectionAttributeEnumerator (ISL_ITERATOR_PTR Iterator); 293 294ISL_MANIFEST_SECTION_PTR 295EISL_GetModuleManifestSection (ISL_VERIFIED_MODULE_PTR Module); 296 297 298/* Secure Linkage Services */ 299 300ISL_FUNCTION_PTR 301EISL_LocateProcedureAddress (ISL_VERIFIED_MODULE_PTR Module, 302 ISL_CONST_DATA Name); 303 304#ifdef MACOSX 305#define EISL_GetReturnAddress(Address) \ 306{\ 307 /* Platform specific code in here */ \ 308} 309#endif 310 311ISL_STATUS 312EISL_CheckAddressWithinModule (ISL_VERIFIED_MODULE_PTR Verification, 313 ISL_FUNCTION_PTR Address); 314 315ISL_STATUS 316EISL_CheckDataAddressWithinModule (ISL_VERIFIED_MODULE_PTR Verification, 317 const void *Address); 318 319void * 320EISL_GetLibHandle (ISL_VERIFIED_MODULE_PTR Verification); 321 322#ifdef __cplusplus 323} 324#endif 325 326#endif /* _EISL_H_ */ 327