diff options
Diffstat (limited to '')
-rw-r--r-- | modules/libmar/verify/cryptox.h | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/modules/libmar/verify/cryptox.h b/modules/libmar/verify/cryptox.h new file mode 100644 index 0000000000..9d7b1f04bc --- /dev/null +++ b/modules/libmar/verify/cryptox.h @@ -0,0 +1,165 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef CRYPTOX_H +#define CRYPTOX_H + +#define XP_MIN_SIGNATURE_LEN_IN_BYTES 256 + +#define CryptoX_Result int +#define CryptoX_Success 0 +#define CryptoX_Error (-1) +#define CryptoX_Succeeded(X) ((X) == CryptoX_Success) +#define CryptoX_Failed(X) ((X) != CryptoX_Success) + +#if defined(MAR_NSS) + +# include "cert.h" +# include "keyhi.h" +# include "cryptohi.h" + +# define CryptoX_InvalidHandleValue NULL +# define CryptoX_ProviderHandle void* +# define CryptoX_SignatureHandle VFYContext* +# define CryptoX_PublicKey SECKEYPublicKey* +# define CryptoX_Certificate CERTCertificate* + +# ifdef __cplusplus +extern "C" { +# endif +CryptoX_Result NSS_LoadPublicKey(const unsigned char* certData, + unsigned int certDataSize, + SECKEYPublicKey** publicKey); +CryptoX_Result NSS_VerifyBegin(VFYContext** ctx, + SECKEYPublicKey* const* publicKey); +CryptoX_Result NSS_VerifySignature(VFYContext* const* ctx, + const unsigned char* signature, + unsigned int signatureLen); +# ifdef __cplusplus +} // extern "C" +# endif + +# define CryptoX_InitCryptoProvider(CryptoHandle) CryptoX_Success +# define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \ + NSS_VerifyBegin(SignatureHandle, PublicKey) +# define CryptoX_FreeSignatureHandle(SignatureHandle) \ + VFY_DestroyContext(*SignatureHandle, PR_TRUE) +# define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \ + VFY_Update(*SignatureHandle, (const unsigned char*)(buf), len) +# define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \ + NSS_LoadPublicKey(certData, dataSize, publicKey) +# define CryptoX_VerifySignature(hash, publicKey, signedData, len) \ + NSS_VerifySignature(hash, (const unsigned char*)(signedData), len) +# define CryptoX_FreePublicKey(key) SECKEY_DestroyPublicKey(*key) +# define CryptoX_FreeCertificate(cert) CERT_DestroyCertificate(*cert) + +#elif XP_MACOSX + +# define CryptoX_InvalidHandleValue NULL +# define CryptoX_ProviderHandle void* +# define CryptoX_SignatureHandle void* +# define CryptoX_PublicKey void* +# define CryptoX_Certificate void* + +// Forward-declare Objective-C functions implemented in MacVerifyCrypto.mm. +# ifdef __cplusplus +extern "C" { +# endif +CryptoX_Result CryptoMac_InitCryptoProvider(); +CryptoX_Result CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData); +CryptoX_Result CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData, + void* aBuf, unsigned int aLen); +CryptoX_Result CryptoMac_LoadPublicKey(const unsigned char* aCertData, + unsigned int aDataSize, + CryptoX_PublicKey* aPublicKey); +CryptoX_Result CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData, + CryptoX_PublicKey* aPublicKey, + const unsigned char* aSignature, + unsigned int aSignatureLen); +void CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData); +void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey); +# ifdef __cplusplus +} // extern "C" +# endif + +# define CryptoX_InitCryptoProvider(aProviderHandle) \ + CryptoMac_InitCryptoProvider() +# define CryptoX_VerifyBegin(aCryptoHandle, aInputData, aPublicKey) \ + CryptoMac_VerifyBegin(aInputData) +# define CryptoX_VerifyUpdate(aInputData, aBuf, aLen) \ + CryptoMac_VerifyUpdate(aInputData, aBuf, aLen) +# define CryptoX_LoadPublicKey(aProviderHandle, aCertData, aDataSize, \ + aPublicKey) \ + CryptoMac_LoadPublicKey(aCertData, aDataSize, aPublicKey) +# define CryptoX_VerifySignature(aInputData, aPublicKey, aSignature, \ + aSignatureLen) \ + CryptoMac_VerifySignature(aInputData, aPublicKey, aSignature, aSignatureLen) +# define CryptoX_FreeSignatureHandle(aInputData) \ + CryptoMac_FreeSignatureHandle(aInputData) +# define CryptoX_FreePublicKey(aPublicKey) CryptoMac_FreePublicKey(aPublicKey) +# define CryptoX_FreeCertificate(aCertificate) + +#elif defined(XP_WIN) + +# include <windows.h> +# include <wincrypt.h> + +CryptoX_Result CryptoAPI_InitCryptoContext(HCRYPTPROV* provider); +CryptoX_Result CryptoAPI_LoadPublicKey(HCRYPTPROV hProv, BYTE* certData, + DWORD sizeOfCertData, + HCRYPTKEY* publicKey); +CryptoX_Result CryptoAPI_VerifyBegin(HCRYPTPROV provider, HCRYPTHASH* hash); +CryptoX_Result CryptoAPI_VerifyUpdate(HCRYPTHASH* hash, BYTE* buf, DWORD len); +CryptoX_Result CryptoAPI_VerifySignature(HCRYPTHASH* hash, HCRYPTKEY* pubKey, + const BYTE* signature, + DWORD signatureLen); + +# define CryptoX_InvalidHandleValue ((ULONG_PTR)NULL) +# define CryptoX_ProviderHandle HCRYPTPROV +# define CryptoX_SignatureHandle HCRYPTHASH +# define CryptoX_PublicKey HCRYPTKEY +# define CryptoX_Certificate HCERTSTORE +# define CryptoX_InitCryptoProvider(CryptoHandle) \ + CryptoAPI_InitCryptoContext(CryptoHandle) +# define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \ + CryptoAPI_VerifyBegin(CryptoHandle, SignatureHandle) +# define CryptoX_FreeSignatureHandle(SignatureHandle) +# define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \ + CryptoAPI_VerifyUpdate(SignatureHandle, (BYTE*)(buf), len) +# define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \ + CryptoAPI_LoadPublicKey(CryptoHandle, (BYTE*)(certData), dataSize, \ + publicKey) +# define CryptoX_VerifySignature(hash, publicKey, signedData, len) \ + CryptoAPI_VerifySignature(hash, publicKey, signedData, len) +# define CryptoX_FreePublicKey(key) CryptDestroyKey(*(key)) +# define CryptoX_FreeCertificate(cert) \ + CertCloseStore(*(cert), CERT_CLOSE_STORE_FORCE_FLAG); + +#else + +/* This default implementation is necessary because we don't want to + * link to NSS from updater code on non Windows platforms. On Windows + * we use CyrptoAPI instead of NSS. We don't call any function as they + * would just fail, but this simplifies linking. + */ + +# define CryptoX_InvalidHandleValue NULL +# define CryptoX_ProviderHandle void* +# define CryptoX_SignatureHandle void* +# define CryptoX_PublicKey void* +# define CryptoX_Certificate void* +# define CryptoX_InitCryptoProvider(CryptoHandle) CryptoX_Error +# define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \ + CryptoX_Error +# define CryptoX_FreeSignatureHandle(SignatureHandle) +# define CryptoX_VerifyUpdate(SignatureHandle, buf, len) CryptoX_Error +# define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \ + CryptoX_Error +# define CryptoX_VerifySignature(hash, publicKey, signedData, len) \ + CryptoX_Error +# define CryptoX_FreePublicKey(key) CryptoX_Error + +#endif + +#endif |