CryptoX_Result CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData) { if (!aInputData) { return CryptoX_Error; } void* inputData = CFDataCreateMutable(kCFAllocatorDefault, 0); if (!inputData) { return CryptoX_Error; } if (!OnLionOrLater()) { CSSM_DATA_PTR cssmData = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); if (!cssmData) { CFRelease(inputData); return CryptoX_Error; } cssmData->Data = (uint8*)inputData; cssmData->Length = 0; *aInputData = cssmData; return CryptoX_Success; } *aInputData = inputData; return CryptoX_Success; }
CryptoX_Result CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData, CryptoX_PublicKey* aPublicKey, const unsigned char* aSignature, unsigned int aSignatureLen) { if (!OnLionOrLater()) { return NSS_VerifySignature((VFYContext* const*)aInputData, aSignature, aSignatureLen); } if (!aInputData || !*aInputData || !aPublicKey || !*aPublicKey || !aSignature || aSignatureLen == 0) { return CryptoX_Error; } CFDataRef signatureData = CFDataCreate(kCFAllocatorDefault, aSignature, aSignatureLen); if (!signatureData) { return CryptoX_Error; } CFErrorRef error; SecTransformRef verifier = SecVerifyTransformCreatePtr((SecKeyRef)*aPublicKey, signatureData, &error); if (!verifier || error) { CFRelease(signatureData); return CryptoX_Error; } SecTransformSetAttributePtr(verifier, kSecTransformInputAttributeName, (CFDataRef)*aInputData, &error); if (error) { CFRelease(signatureData); CFRelease(verifier); return CryptoX_Error; } CryptoX_Result result = CryptoX_Error; CFTypeRef rv = SecTransformExecutePtr(verifier, &error); if (error) { CFRelease(signatureData); CFRelease(verifier); return CryptoX_Error; } if (CFGetTypeID(rv) == CFBooleanGetTypeID() && CFBooleanGetValue((CFBooleanRef)rv) == true) { result = CryptoX_Success; } CFRelease(signatureData); CFRelease(verifier); return result; }
CryptoX_Result CryptoMac_InitCryptoProvider() { if (!OnLionOrLater()) { return CryptoX_Success; } if (!SecTransformCreateReadTransformWithReadStreamPtr) { SecTransformCreateReadTransformWithReadStreamPtr = (SecTransformCreateReadTransformWithReadStreamFunc) dlsym(RTLD_DEFAULT, "SecTransformCreateReadTransformWithReadStream"); } if (!SecTransformExecutePtr) { SecTransformExecutePtr = (SecTransformExecuteFunc) dlsym(RTLD_DEFAULT, "SecTransformExecute"); } if (!SecVerifyTransformCreatePtr) { SecVerifyTransformCreatePtr = (SecVerifyTransformCreateFunc) dlsym(RTLD_DEFAULT, "SecVerifyTransformCreate"); } if (!SecTransformSetAttributePtr) { SecTransformSetAttributePtr = (SecTransformSetAttributeFunc) dlsym(RTLD_DEFAULT, "SecTransformSetAttribute"); } if (!SecTransformCreateReadTransformWithReadStreamPtr || !SecTransformExecutePtr || !SecVerifyTransformCreatePtr || !SecTransformSetAttributePtr) { return CryptoX_Error; } return CryptoX_Success; }
void CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData) { if (!aInputData || !*aInputData) { return; } CFMutableDataRef inputData = NULL; if (OnLionOrLater()) { inputData = (CFMutableDataRef)*aInputData; } else { inputData = (CFMutableDataRef)((CSSM_DATA_PTR)*aInputData)->Data; } CFRelease(inputData); if (!OnLionOrLater()) { free((CSSM_DATA_PTR)*aInputData); } }
PRBool nsPluginsDir::IsPluginFile(nsIFile* file) { nsCString temp; file->GetNativeLeafName(temp); /* * Don't load the VDP fake plugin, to avoid tripping a bad bug in OS X * 10.5.3 (see bug 436575). */ if (!strcmp(temp.get(), "VerifiedDownloadPlugin.plugin")) { NS_WARNING("Preventing load of VerifiedDownloadPlugin.plugin (see bug 436575)"); return PR_FALSE; } // If we're running on OS X Lion (10.7) or later, don't load the Java Embedding // Plugin (any version). If/when Steven Michaud releases a version of the JEP that // works on Lion, we'll need to revise this code. See bug 670655. if (OnLionOrLater() && !strcmp(temp.get(), "MRJPlugin.plugin")) { NS_WARNING("Preventing load of Java Embedding Plugin (MRJPlugin.plugin) on OS X Lion (see bug 670655)"); return PR_FALSE; } CFURLRef pluginURL = NULL; if (NS_FAILED(toCFURLRef(file, pluginURL))) return PR_FALSE; PRBool isPluginFile = PR_FALSE; CFBundleRef pluginBundle = CFBundleCreate(kCFAllocatorDefault, pluginURL); if (pluginBundle) { UInt32 packageType, packageCreator; CFBundleGetPackageInfo(pluginBundle, &packageType, &packageCreator); if (packageType == 'BRPL' || packageType == 'IEPL' || packageType == 'NSPL') { CFURLRef executableURL = CFBundleCopyExecutableURL(pluginBundle); if (executableURL) { isPluginFile = IsLoadablePlugin(executableURL); ::CFRelease(executableURL); } } ::CFRelease(pluginBundle); } else { LSItemInfoRecord info; if (LSCopyItemInfoForURL(pluginURL, kLSRequestTypeCreator, &info) == noErr) { if ((info.filetype == 'shlb' && info.creator == 'MOSS') || info.filetype == 'NSPL' || info.filetype == 'BRPL' || info.filetype == 'IEPL') { isPluginFile = IsLoadablePlugin(pluginURL); } } } ::CFRelease(pluginURL); return isPluginFile; }
void CryptoMac_FreeCertificate(CryptoX_Certificate* aCertificate) { if (!OnLionOrLater()) { return CERT_DestroyCertificate((CERTCertificate*)*aCertificate); } if (!aCertificate || !*aCertificate) { return; } CFRelease((SecKeyRef)*aCertificate); }
void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey) { if (!OnLionOrLater()) { return SECKEY_DestroyPublicKey((SECKEYPublicKey*)*aPublicKey); } if (!aPublicKey || !*aPublicKey) { return; } CFRelease((SecKeyRef)*aPublicKey); }
void CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData) { if (!OnLionOrLater()) { return VFY_DestroyContext((VFYContext*)aInputData, PR_TRUE); } if (!aInputData || !*aInputData) { return; } CFRelease((CFMutableDataRef)*aInputData); }
void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey) { if (!aPublicKey || !*aPublicKey) { return; } if (!OnLionOrLater() && sCspHandle) { CSSM_ModuleDetach(sCspHandle); sCspHandle = NULL; } CFRelease((SecKeyRef)*aPublicKey); }
CryptoX_Result CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData, CryptoX_PublicKey* aPublicKey) { if (!OnLionOrLater()) { return NSS_VerifyBegin((VFYContext**)aInputData, (SECKEYPublicKey* const*)aPublicKey); } (void)aPublicKey; if (!aInputData) { return CryptoX_Error; } CryptoX_Result result = CryptoX_Error; *aInputData = CFDataCreateMutable(kCFAllocatorDefault, 0); if (*aInputData) { result = CryptoX_Success; } return result; }
CryptoX_Result CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData, void* aBuf, unsigned int aLen) { if (aLen == 0) { return CryptoX_Success; } if (!aInputData || !*aInputData) { return CryptoX_Error; } CFMutableDataRef inputData; if (!OnLionOrLater()) { inputData = (CFMutableDataRef)((CSSM_DATA_PTR)*aInputData)->Data; ((CSSM_DATA_PTR)*aInputData)->Length += aLen; } else { inputData = (CFMutableDataRef)*aInputData; } CFDataAppendBytes(inputData, (const uint8*)aBuf, aLen); return CryptoX_Success; }
CryptoX_Result CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData, void* aBuf, unsigned int aLen) { if (!OnLionOrLater()) { return VFY_Update((VFYContext*)*aInputData, (const unsigned char*)aBuf, aLen); } if (aLen == 0) { return CryptoX_Success; } if (!aInputData || !*aInputData) { return CryptoX_Error; } CryptoX_Result result = CryptoX_Error; CFDataAppendBytes((CFMutableDataRef)*aInputData, (const UInt8 *) aBuf, aLen); if (*aInputData) { result = CryptoX_Success; } return result; }
CryptoX_Result CryptoMac_LoadPublicKey(const unsigned char* aCertData, CryptoX_PublicKey* aPublicKey, const char* aCertName, CryptoX_Certificate* aCert) { if (!aPublicKey || (OnLionOrLater() && !aCertData) || (!OnLionOrLater() && !aCertName)) { return CryptoX_Error; } if (!OnLionOrLater()) { return NSS_LoadPublicKey(aCertName, (SECKEYPublicKey**)aPublicKey, (CERTCertificate**)aCert); } CFURLRef url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, aCertData, strlen((char*)aCertData), false); if (!url) { return CryptoX_Error; } CFReadStreamRef stream = CFReadStreamCreateWithFile(kCFAllocatorDefault, url); if (!stream) { CFRelease(url); return CryptoX_Error; } SecTransformRef readTransform = SecTransformCreateReadTransformWithReadStreamPtr(stream); if (!readTransform) { CFRelease(url); CFRelease(stream); return CryptoX_Error; } CFErrorRef error; CFDataRef tempCertData = (CFDataRef)SecTransformExecutePtr(readTransform, &error); if (!tempCertData || error) { CFRelease(url); CFRelease(stream); CFRelease(readTransform); return CryptoX_Error; } SecCertificateRef cert = SecCertificateCreateWithDataPtr(kCFAllocatorDefault, tempCertData); if (!cert) { CFRelease(url); CFRelease(stream); CFRelease(readTransform); CFRelease(tempCertData); return CryptoX_Error; } CryptoX_Result result = CryptoX_Error; OSStatus status = SecCertificateCopyPublicKeyPtr(cert, (SecKeyRef*)aPublicKey); if (status == 0) { result = CryptoX_Success; } CFRelease(url); CFRelease(stream); CFRelease(readTransform); CFRelease(tempCertData); CFRelease(cert); return result; }
CryptoX_Result CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData, CryptoX_PublicKey* aPublicKey, const unsigned char* aSignature, unsigned int aSignatureLen) { if (!aInputData || !*aInputData || !aPublicKey || !*aPublicKey || !aSignature || aSignatureLen == 0) { return CryptoX_Error; } if (!OnLionOrLater()) { if (!sCspHandle) { return CryptoX_Error; } CSSM_KEY* publicKey; OSStatus status = SecKeyGetCSSMKey((SecKeyRef)*aPublicKey, (const CSSM_KEY**)&publicKey); if (status) { return CryptoX_Error; } CSSM_CC_HANDLE ccHandle; if (CSSM_CSP_CreateSignatureContext(sCspHandle, CSSM_ALGID_SHA1WithRSA, NULL, publicKey, &ccHandle) != CSSM_OK) { return CryptoX_Error; } CryptoX_Result result = CryptoX_Error; CSSM_DATA signatureData; signatureData.Data = (uint8*)aSignature; signatureData.Length = aSignatureLen; CSSM_DATA inputData; inputData.Data = CFDataGetMutableBytePtr((CFMutableDataRef) (((CSSM_DATA_PTR)*aInputData)->Data)); inputData.Length = ((CSSM_DATA_PTR)*aInputData)->Length; if (CSSM_VerifyData(ccHandle, &inputData, 1, CSSM_ALGID_NONE, &signatureData) == CSSM_OK) { result = CryptoX_Success; } return result; } CFDataRef signatureData = CFDataCreate(kCFAllocatorDefault, aSignature, aSignatureLen); if (!signatureData) { return CryptoX_Error; } CFErrorRef error; SecTransformRef verifier = SecVerifyTransformCreatePtr((SecKeyRef)*aPublicKey, signatureData, &error); if (!verifier || error) { CFRelease(signatureData); return CryptoX_Error; } SecTransformSetAttributePtr(verifier, kSecTransformInputAttributeName, (CFDataRef)*aInputData, &error); if (error) { CFRelease(signatureData); CFRelease(verifier); return CryptoX_Error; } CryptoX_Result result = CryptoX_Error; CFTypeRef rv = SecTransformExecutePtr(verifier, &error); if (error) { CFRelease(signatureData); CFRelease(verifier); return CryptoX_Error; } if (CFGetTypeID(rv) == CFBooleanGetTypeID() && CFBooleanGetValue((CFBooleanRef)rv) == true) { result = CryptoX_Success; } CFRelease(signatureData); CFRelease(verifier); return result; }
CryptoX_Result CryptoMac_LoadPublicKey(const unsigned char* aCertData, CryptoX_PublicKey* aPublicKey) { if (!aCertData || !aPublicKey) { return CryptoX_Error; } *aPublicKey = NULL; if (!OnLionOrLater()) { if (!sCspHandle) { CSSM_RETURN rv; if (!sCssmInitialized) { CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE; rv = CSSM_Init(&sCssmVersion, CSSM_PRIVILEGE_SCOPE_PROCESS, &sMozCssmGuid, CSSM_KEY_HIERARCHY_NONE, &pvcPolicy, NULL); if (rv != CSSM_OK) { return CryptoX_Error; } sCssmInitialized = true; } rv = CSSM_ModuleLoad(&gGuidAppleCSP, CSSM_KEY_HIERARCHY_NONE, NULL, NULL); if (rv != CSSM_OK) { return CryptoX_Error; } CSSM_CSP_HANDLE cspHandle; rv = CSSM_ModuleAttach(&gGuidAppleCSP, &sCssmVersion, &cssmMemFuncs, 0, CSSM_SERVICE_CSP, 0, CSSM_KEY_HIERARCHY_NONE, NULL, 0, NULL, &cspHandle); if (rv != CSSM_OK) { return CryptoX_Error; } sCspHandle = cspHandle; } FILE* certFile = NULL; long certFileSize = 0; uint8* certBuffer = NULL; certFile = fopen((char*)aCertData, "rb"); if (!certFile) { return CryptoX_Error; } if (fseek(certFile, 0, SEEK_END)) { fclose(certFile); return CryptoX_Error; } certFileSize = ftell(certFile); if (certFileSize < 0) { fclose(certFile); return CryptoX_Error; } certBuffer = (uint8*)malloc(certFileSize); if (fseek(certFile, 0, SEEK_SET)) { free(certBuffer); fclose(certFile); return CryptoX_Error; } uint readResult = fread(certBuffer, sizeof(uint8), certFileSize, certFile); if (readResult != certFileSize) { free(certBuffer); fclose(certFile); return CryptoX_Error; } fclose(certFile); CFDataRef certData = CFDataCreate(kCFAllocatorDefault, certBuffer, certFileSize); free(certBuffer); if (!certData) { return CryptoX_Error; } SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, certData); CFRelease(certData); if (!cert) { return CryptoX_Error; } SecKeyRef publicKey; OSStatus status = SecCertificateCopyPublicKey(cert, (SecKeyRef*)&publicKey); CFRelease(cert); if (status) { return CryptoX_Error; } *aPublicKey = (void*)publicKey; return CryptoX_Success; } CFURLRef url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, aCertData, strlen((char*)aCertData), false); if (!url) { return CryptoX_Error; } CFReadStreamRef stream = CFReadStreamCreateWithFile(kCFAllocatorDefault, url); if (!stream) { CFRelease(url); return CryptoX_Error; } SecTransformRef readTransform = SecTransformCreateReadTransformWithReadStreamPtr(stream); if (!readTransform) { CFRelease(url); CFRelease(stream); return CryptoX_Error; } CFErrorRef error; CFDataRef tempCertData = (CFDataRef)SecTransformExecutePtr(readTransform, &error); if (!tempCertData || error) { CFRelease(url); CFRelease(stream); CFRelease(readTransform); return CryptoX_Error; } SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, tempCertData); if (!cert) { CFRelease(url); CFRelease(stream); CFRelease(readTransform); CFRelease(tempCertData); return CryptoX_Error; } CryptoX_Result result = CryptoX_Error; OSStatus status = SecCertificateCopyPublicKey(cert, (SecKeyRef*)aPublicKey); if (status == 0) { result = CryptoX_Success; } CFRelease(url); CFRelease(stream); CFRelease(readTransform); CFRelease(tempCertData); CFRelease(cert); return result; }