Beispiel #1
0
/**
 * Verifies a MAR file by verifying each signature with the corresponding
 * certificate. That is, the first signature will be verified using the first
 * certificate given, the second signature will be verified using the second
 * certificate given, etc. The signature count must exactly match the number of
 * certificates given, and all signature verifications must succeed.
 * 
 * @param  mar            The file who's signature should be calculated
 * @param  certData       Pointer to the first element in an array of
 *                        certificate data
 * @param  certDataSizes  Pointer to the first element in an array for size of
 *                        the data stored
 * @param  certCount      The number of elements in certData and certDataSizes
 * @return 0 on success
*/
int
mar_verify_signatures(MarFile *mar,
                      const uint8_t * const *certData,
                      const uint32_t *certDataSizes,
                      uint32_t certCount) {
  int rv = -1;
  CryptoX_ProviderHandle provider = CryptoX_InvalidHandleValue;
  CryptoX_PublicKey keys[MAX_SIGNATURES];
  uint32_t k;
  
  memset(keys, 0, sizeof(keys));

  if (!mar || !certData || !certDataSizes || certCount == 0) {
    fprintf(stderr, "ERROR: Invalid parameter specified.\n");
    goto failure;
  }

  if (!mar->fp) {
    fprintf(stderr, "ERROR: MAR file is not open.\n");
    goto failure;
  }

  if (CryptoX_Failed(CryptoX_InitCryptoProvider(&provider))) { 
    fprintf(stderr, "ERROR: Could not init crytpo library.\n");
    goto failure;
  }

  for (k = 0; k < certCount; ++k) {
    if (CryptoX_Failed(CryptoX_LoadPublicKey(provider, certData[k], certDataSizes[k],
                                             &keys[k]))) {
      fprintf(stderr, "ERROR: Could not load public key.\n");
      goto failure;
    }
  }

  rv = mar_extract_and_verify_signatures_fp(mar->fp, provider, keys, certCount);

failure:

  for (k = 0; k < certCount; ++k) {
    if (keys[k]) {
      CryptoX_FreePublicKey(&keys[k]);
    }
  }

  return rv;
}
Beispiel #2
0
/**
 * Verifies the embedded signature of the specified file path.
 * This is only used by the signmar program when used with arguments to verify 
 * a MAR. This should not be used to verify a MAR that will be extracted in the 
 * same operation by updater code. This function prints the error message if 
 * verification fails.
 * 
 * @param pathToMAR  The path of the MAR file who's signature should be checked
 * @param certData       The certificate file data.
 * @param sizeOfCertData The size of the cert data.
 * @param certName   Used only if compiled as NSS, specifies the certName
 * @return 0 on success
 *         a negative number if there was an error
 *         a positive number if the signature does not verify
 */
int
mar_verify_signature(const char *pathToMARFile, 
                     const char *certData,
                     PRUint32 sizeOfCertData,
                     const char *certName) {
  int rv;
  CryptoX_ProviderHandle provider = CryptoX_InvalidHandleValue;
  CryptoX_Certificate cert;
  CryptoX_PublicKey key;
  FILE *fp;
  
  if (!pathToMARFile || (!certData && !certName)) {
    fprintf(stderr, "ERROR: Invalid parameter specified.\n");
    return CryptoX_Error;
  }

  fp = fopen(pathToMARFile, "rb");
  if (!fp) {
    fprintf(stderr, "ERROR: Could not open MAR file.\n");
    return CryptoX_Error;
  }

  if (CryptoX_Failed(CryptoX_InitCryptoProvider(&provider))) {
    fclose(fp);
    fprintf(stderr, "ERROR: Could not init crytpo library.\n");
    return CryptoX_Error;
  }

  if (CryptoX_Failed(CryptoX_LoadPublicKey(provider, certData, sizeOfCertData,
                                           &key, certName, &cert))) {
    fclose(fp);
    fprintf(stderr, "ERROR: Could not load public key.\n");
    return CryptoX_Error;
  }

  rv = mar_verify_signature_fp(fp, provider, key);
  fclose(fp);
  if (key) {
    CryptoX_FreePublicKey(&key);
  }

  if (cert) {
    CryptoX_FreeCertificate(&cert);
  }
  return rv;
}
Beispiel #3
0
/**
 * Verifies a MAR file's signature by making sure at least one 
 * signature verifies.
 * 
 * @param  pathToMARFile The path of the MAR file who's signature 
 *                       should be calculated
 * @param  certData      The certificate data
 * @param sizeOfCertData The size of the data stored in certData
 * @return 0 on success
*/
int
mar_verify_signatureW(MarFile *mar, 
                      const char *certData,
                      PRUint32 sizeOfCertData) {
  int rv;
  CryptoX_ProviderHandle provider = CryptoX_InvalidHandleValue;
  CryptoX_Certificate cert;
  CryptoX_PublicKey key;
  
  if (!mar || !certData) {
    fprintf(stderr, "ERROR: Invalid parameter specified.\n");
    return CryptoX_Error;
  }

  if (!mar->fp) {
    fprintf(stderr, "ERROR: MAR file is not open.\n");
    return CryptoX_Error;
  }

  if (CryptoX_Failed(CryptoX_InitCryptoProvider(&provider))) { 
    fprintf(stderr, "ERROR: Could not init crytpo library.\n");
    return CryptoX_Error;
  }

  if (CryptoX_Failed(CryptoX_LoadPublicKey(provider, certData, sizeOfCertData,
                                           &key, "", &cert))) {
    fprintf(stderr, "ERROR: Could not load public key.\n");
    return CryptoX_Error;
  }

  rv = mar_verify_signature_fp(mar->fp, provider, key);
  if (key) {
    CryptoX_FreePublicKey(&key);
  }

  if (cert) {
    CryptoX_FreeCertificate(&cert);
  }
  return rv;
}