summaryrefslogtreecommitdiffstats
path: root/modules/libmar/verify/cryptox.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/libmar/verify/cryptox.h165
1 files changed, 165 insertions, 0 deletions
diff --git a/modules/libmar/verify/cryptox.h b/modules/libmar/verify/cryptox.h
new file mode 100644
index 0000000000..9d7b1f04bc
--- /dev/null
+++ b/modules/libmar/verify/cryptox.h
@@ -0,0 +1,165 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CRYPTOX_H
+#define CRYPTOX_H
+
+#define XP_MIN_SIGNATURE_LEN_IN_BYTES 256
+
+#define CryptoX_Result int
+#define CryptoX_Success 0
+#define CryptoX_Error (-1)
+#define CryptoX_Succeeded(X) ((X) == CryptoX_Success)
+#define CryptoX_Failed(X) ((X) != CryptoX_Success)
+
+#if defined(MAR_NSS)
+
+# include "cert.h"
+# include "keyhi.h"
+# include "cryptohi.h"
+
+# define CryptoX_InvalidHandleValue NULL
+# define CryptoX_ProviderHandle void*
+# define CryptoX_SignatureHandle VFYContext*
+# define CryptoX_PublicKey SECKEYPublicKey*
+# define CryptoX_Certificate CERTCertificate*
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+CryptoX_Result NSS_LoadPublicKey(const unsigned char* certData,
+ unsigned int certDataSize,
+ SECKEYPublicKey** publicKey);
+CryptoX_Result NSS_VerifyBegin(VFYContext** ctx,
+ SECKEYPublicKey* const* publicKey);
+CryptoX_Result NSS_VerifySignature(VFYContext* const* ctx,
+ const unsigned char* signature,
+ unsigned int signatureLen);
+# ifdef __cplusplus
+} // extern "C"
+# endif
+
+# define CryptoX_InitCryptoProvider(CryptoHandle) CryptoX_Success
+# define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \
+ NSS_VerifyBegin(SignatureHandle, PublicKey)
+# define CryptoX_FreeSignatureHandle(SignatureHandle) \
+ VFY_DestroyContext(*SignatureHandle, PR_TRUE)
+# define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \
+ VFY_Update(*SignatureHandle, (const unsigned char*)(buf), len)
+# define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \
+ NSS_LoadPublicKey(certData, dataSize, publicKey)
+# define CryptoX_VerifySignature(hash, publicKey, signedData, len) \
+ NSS_VerifySignature(hash, (const unsigned char*)(signedData), len)
+# define CryptoX_FreePublicKey(key) SECKEY_DestroyPublicKey(*key)
+# define CryptoX_FreeCertificate(cert) CERT_DestroyCertificate(*cert)
+
+#elif XP_MACOSX
+
+# define CryptoX_InvalidHandleValue NULL
+# define CryptoX_ProviderHandle void*
+# define CryptoX_SignatureHandle void*
+# define CryptoX_PublicKey void*
+# define CryptoX_Certificate void*
+
+// Forward-declare Objective-C functions implemented in MacVerifyCrypto.mm.
+# ifdef __cplusplus
+extern "C" {
+# endif
+CryptoX_Result CryptoMac_InitCryptoProvider();
+CryptoX_Result CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData);
+CryptoX_Result CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData,
+ void* aBuf, unsigned int aLen);
+CryptoX_Result CryptoMac_LoadPublicKey(const unsigned char* aCertData,
+ unsigned int aDataSize,
+ CryptoX_PublicKey* aPublicKey);
+CryptoX_Result CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData,
+ CryptoX_PublicKey* aPublicKey,
+ const unsigned char* aSignature,
+ unsigned int aSignatureLen);
+void CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData);
+void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey);
+# ifdef __cplusplus
+} // extern "C"
+# endif
+
+# define CryptoX_InitCryptoProvider(aProviderHandle) \
+ CryptoMac_InitCryptoProvider()
+# define CryptoX_VerifyBegin(aCryptoHandle, aInputData, aPublicKey) \
+ CryptoMac_VerifyBegin(aInputData)
+# define CryptoX_VerifyUpdate(aInputData, aBuf, aLen) \
+ CryptoMac_VerifyUpdate(aInputData, aBuf, aLen)
+# define CryptoX_LoadPublicKey(aProviderHandle, aCertData, aDataSize, \
+ aPublicKey) \
+ CryptoMac_LoadPublicKey(aCertData, aDataSize, aPublicKey)
+# define CryptoX_VerifySignature(aInputData, aPublicKey, aSignature, \
+ aSignatureLen) \
+ CryptoMac_VerifySignature(aInputData, aPublicKey, aSignature, aSignatureLen)
+# define CryptoX_FreeSignatureHandle(aInputData) \
+ CryptoMac_FreeSignatureHandle(aInputData)
+# define CryptoX_FreePublicKey(aPublicKey) CryptoMac_FreePublicKey(aPublicKey)
+# define CryptoX_FreeCertificate(aCertificate)
+
+#elif defined(XP_WIN)
+
+# include <windows.h>
+# include <wincrypt.h>
+
+CryptoX_Result CryptoAPI_InitCryptoContext(HCRYPTPROV* provider);
+CryptoX_Result CryptoAPI_LoadPublicKey(HCRYPTPROV hProv, BYTE* certData,
+ DWORD sizeOfCertData,
+ HCRYPTKEY* publicKey);
+CryptoX_Result CryptoAPI_VerifyBegin(HCRYPTPROV provider, HCRYPTHASH* hash);
+CryptoX_Result CryptoAPI_VerifyUpdate(HCRYPTHASH* hash, BYTE* buf, DWORD len);
+CryptoX_Result CryptoAPI_VerifySignature(HCRYPTHASH* hash, HCRYPTKEY* pubKey,
+ const BYTE* signature,
+ DWORD signatureLen);
+
+# define CryptoX_InvalidHandleValue ((ULONG_PTR)NULL)
+# define CryptoX_ProviderHandle HCRYPTPROV
+# define CryptoX_SignatureHandle HCRYPTHASH
+# define CryptoX_PublicKey HCRYPTKEY
+# define CryptoX_Certificate HCERTSTORE
+# define CryptoX_InitCryptoProvider(CryptoHandle) \
+ CryptoAPI_InitCryptoContext(CryptoHandle)
+# define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \
+ CryptoAPI_VerifyBegin(CryptoHandle, SignatureHandle)
+# define CryptoX_FreeSignatureHandle(SignatureHandle)
+# define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \
+ CryptoAPI_VerifyUpdate(SignatureHandle, (BYTE*)(buf), len)
+# define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \
+ CryptoAPI_LoadPublicKey(CryptoHandle, (BYTE*)(certData), dataSize, \
+ publicKey)
+# define CryptoX_VerifySignature(hash, publicKey, signedData, len) \
+ CryptoAPI_VerifySignature(hash, publicKey, signedData, len)
+# define CryptoX_FreePublicKey(key) CryptDestroyKey(*(key))
+# define CryptoX_FreeCertificate(cert) \
+ CertCloseStore(*(cert), CERT_CLOSE_STORE_FORCE_FLAG);
+
+#else
+
+/* This default implementation is necessary because we don't want to
+ * link to NSS from updater code on non Windows platforms. On Windows
+ * we use CyrptoAPI instead of NSS. We don't call any function as they
+ * would just fail, but this simplifies linking.
+ */
+
+# define CryptoX_InvalidHandleValue NULL
+# define CryptoX_ProviderHandle void*
+# define CryptoX_SignatureHandle void*
+# define CryptoX_PublicKey void*
+# define CryptoX_Certificate void*
+# define CryptoX_InitCryptoProvider(CryptoHandle) CryptoX_Error
+# define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \
+ CryptoX_Error
+# define CryptoX_FreeSignatureHandle(SignatureHandle)
+# define CryptoX_VerifyUpdate(SignatureHandle, buf, len) CryptoX_Error
+# define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \
+ CryptoX_Error
+# define CryptoX_VerifySignature(hash, publicKey, signedData, len) \
+ CryptoX_Error
+# define CryptoX_FreePublicKey(key) CryptoX_Error
+
+#endif
+
+#endif