CryptoX_Result
CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData)
{
if (!aInputData) {
return CryptoX_Error;
}
void* inputData = CFDataCreateMutable(kCFAllocatorDefault, 0);
if (!inputData) {
return CryptoX_Error;
}
if (!OnLionOrLater()) {
CSSM_DATA_PTR cssmData = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
if (!cssmData) {
CFRelease(inputData);
return CryptoX_Error;
}
cssmData->Data = (uint8*)inputData;
cssmData->Length = 0;
*aInputData = cssmData;
return CryptoX_Success;
}
*aInputData = inputData;
return CryptoX_Success;
}
CryptoX_Result
CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData,
CryptoX_PublicKey* aPublicKey,
const unsigned char* aSignature,
unsigned int aSignatureLen)
{
if (!OnLionOrLater()) {
return NSS_VerifySignature((VFYContext* const*)aInputData, aSignature,
aSignatureLen);
}
if (!aInputData || !*aInputData || !aPublicKey || !*aPublicKey ||
!aSignature || aSignatureLen == 0) {
return CryptoX_Error;
}
CFDataRef signatureData = CFDataCreate(kCFAllocatorDefault,
aSignature, aSignatureLen);
if (!signatureData) {
return CryptoX_Error;
}
CFErrorRef error;
SecTransformRef verifier =
SecVerifyTransformCreatePtr((SecKeyRef)*aPublicKey,
signatureData,
&error);
if (!verifier || error) {
CFRelease(signatureData);
return CryptoX_Error;
}
SecTransformSetAttributePtr(verifier,
kSecTransformInputAttributeName,
(CFDataRef)*aInputData,
&error);
if (error) {
CFRelease(signatureData);
CFRelease(verifier);
return CryptoX_Error;
}
CryptoX_Result result = CryptoX_Error;
CFTypeRef rv = SecTransformExecutePtr(verifier, &error);
if (error) {
CFRelease(signatureData);
CFRelease(verifier);
return CryptoX_Error;
}
if (CFGetTypeID(rv) == CFBooleanGetTypeID() &&
CFBooleanGetValue((CFBooleanRef)rv) == true) {
result = CryptoX_Success;
}
CFRelease(signatureData);
CFRelease(verifier);
return result;
}
CryptoX_Result
CryptoMac_InitCryptoProvider()
{
if (!OnLionOrLater()) {
return CryptoX_Success;
}
if (!SecTransformCreateReadTransformWithReadStreamPtr) {
SecTransformCreateReadTransformWithReadStreamPtr =
(SecTransformCreateReadTransformWithReadStreamFunc)
dlsym(RTLD_DEFAULT, "SecTransformCreateReadTransformWithReadStream");
}
if (!SecTransformExecutePtr) {
SecTransformExecutePtr = (SecTransformExecuteFunc)
dlsym(RTLD_DEFAULT, "SecTransformExecute");
}
if (!SecVerifyTransformCreatePtr) {
SecVerifyTransformCreatePtr = (SecVerifyTransformCreateFunc)
dlsym(RTLD_DEFAULT, "SecVerifyTransformCreate");
}
if (!SecTransformSetAttributePtr) {
SecTransformSetAttributePtr = (SecTransformSetAttributeFunc)
dlsym(RTLD_DEFAULT, "SecTransformSetAttribute");
}
if (!SecTransformCreateReadTransformWithReadStreamPtr ||
!SecTransformExecutePtr ||
!SecVerifyTransformCreatePtr ||
!SecTransformSetAttributePtr) {
return CryptoX_Error;
}
return CryptoX_Success;
}
void
CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData)
{
if (!aInputData || !*aInputData) {
return;
}
CFMutableDataRef inputData = NULL;
if (OnLionOrLater()) {
inputData = (CFMutableDataRef)*aInputData;
} else {
inputData = (CFMutableDataRef)((CSSM_DATA_PTR)*aInputData)->Data;
}
CFRelease(inputData);
if (!OnLionOrLater()) {
free((CSSM_DATA_PTR)*aInputData);
}
}
PRBool nsPluginsDir::IsPluginFile(nsIFile* file)
{
nsCString temp;
file->GetNativeLeafName(temp);
/*
* Don't load the VDP fake plugin, to avoid tripping a bad bug in OS X
* 10.5.3 (see bug 436575).
*/
if (!strcmp(temp.get(), "VerifiedDownloadPlugin.plugin")) {
NS_WARNING("Preventing load of VerifiedDownloadPlugin.plugin (see bug 436575)");
return PR_FALSE;
}
// If we're running on OS X Lion (10.7) or later, don't load the Java Embedding
// Plugin (any version). If/when Steven Michaud releases a version of the JEP that
// works on Lion, we'll need to revise this code. See bug 670655.
if (OnLionOrLater() && !strcmp(temp.get(), "MRJPlugin.plugin")) {
NS_WARNING("Preventing load of Java Embedding Plugin (MRJPlugin.plugin) on OS X Lion (see bug 670655)");
return PR_FALSE;
}
CFURLRef pluginURL = NULL;
if (NS_FAILED(toCFURLRef(file, pluginURL)))
return PR_FALSE;
PRBool isPluginFile = PR_FALSE;
CFBundleRef pluginBundle = CFBundleCreate(kCFAllocatorDefault, pluginURL);
if (pluginBundle) {
UInt32 packageType, packageCreator;
CFBundleGetPackageInfo(pluginBundle, &packageType, &packageCreator);
if (packageType == 'BRPL' || packageType == 'IEPL' || packageType == 'NSPL') {
CFURLRef executableURL = CFBundleCopyExecutableURL(pluginBundle);
if (executableURL) {
isPluginFile = IsLoadablePlugin(executableURL);
::CFRelease(executableURL);
}
}
::CFRelease(pluginBundle);
}
else {
LSItemInfoRecord info;
if (LSCopyItemInfoForURL(pluginURL, kLSRequestTypeCreator, &info) == noErr) {
if ((info.filetype == 'shlb' && info.creator == 'MOSS') ||
info.filetype == 'NSPL' ||
info.filetype == 'BRPL' ||
info.filetype == 'IEPL') {
isPluginFile = IsLoadablePlugin(pluginURL);
}
}
}
::CFRelease(pluginURL);
return isPluginFile;
}
void
CryptoMac_FreeCertificate(CryptoX_Certificate* aCertificate)
{
if (!OnLionOrLater()) {
return CERT_DestroyCertificate((CERTCertificate*)*aCertificate);
}
if (!aCertificate || !*aCertificate) {
return;
}
CFRelease((SecKeyRef)*aCertificate);
}
void
CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey)
{
if (!OnLionOrLater()) {
return SECKEY_DestroyPublicKey((SECKEYPublicKey*)*aPublicKey);
}
if (!aPublicKey || !*aPublicKey) {
return;
}
CFRelease((SecKeyRef)*aPublicKey);
}
void
CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData)
{
if (!OnLionOrLater()) {
return VFY_DestroyContext((VFYContext*)aInputData, PR_TRUE);
}
if (!aInputData || !*aInputData) {
return;
}
CFRelease((CFMutableDataRef)*aInputData);
}
void
CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey)
{
if (!aPublicKey || !*aPublicKey) {
return;
}
if (!OnLionOrLater() && sCspHandle) {
CSSM_ModuleDetach(sCspHandle);
sCspHandle = NULL;
}
CFRelease((SecKeyRef)*aPublicKey);
}
CryptoX_Result
CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData,
CryptoX_PublicKey* aPublicKey)
{
if (!OnLionOrLater()) {
return NSS_VerifyBegin((VFYContext**)aInputData,
(SECKEYPublicKey* const*)aPublicKey);
}
(void)aPublicKey;
if (!aInputData) {
return CryptoX_Error;
}
CryptoX_Result result = CryptoX_Error;
*aInputData = CFDataCreateMutable(kCFAllocatorDefault, 0);
if (*aInputData) {
result = CryptoX_Success;
}
return result;
}
CryptoX_Result
CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData, void* aBuf,
unsigned int aLen)
{
if (aLen == 0) {
return CryptoX_Success;
}
if (!aInputData || !*aInputData) {
return CryptoX_Error;
}
CFMutableDataRef inputData;
if (!OnLionOrLater()) {
inputData = (CFMutableDataRef)((CSSM_DATA_PTR)*aInputData)->Data;
((CSSM_DATA_PTR)*aInputData)->Length += aLen;
} else {
inputData = (CFMutableDataRef)*aInputData;
}
CFDataAppendBytes(inputData, (const uint8*)aBuf, aLen);
return CryptoX_Success;
}
CryptoX_Result
CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData, void* aBuf,
unsigned int aLen)
{
if (!OnLionOrLater()) {
return VFY_Update((VFYContext*)*aInputData,
(const unsigned char*)aBuf, aLen);
}
if (aLen == 0) {
return CryptoX_Success;
}
if (!aInputData || !*aInputData) {
return CryptoX_Error;
}
CryptoX_Result result = CryptoX_Error;
CFDataAppendBytes((CFMutableDataRef)*aInputData, (const UInt8 *) aBuf, aLen);
if (*aInputData) {
result = CryptoX_Success;
}
return result;
}
CryptoX_Result
CryptoMac_LoadPublicKey(const unsigned char* aCertData,
CryptoX_PublicKey* aPublicKey,
const char* aCertName,
CryptoX_Certificate* aCert)
{
if (!aPublicKey ||
(OnLionOrLater() && !aCertData) ||
(!OnLionOrLater() && !aCertName)) {
return CryptoX_Error;
}
if (!OnLionOrLater()) {
return NSS_LoadPublicKey(aCertName,
(SECKEYPublicKey**)aPublicKey,
(CERTCertificate**)aCert);
}
CFURLRef url =
CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault,
aCertData,
strlen((char*)aCertData),
false);
if (!url) {
return CryptoX_Error;
}
CFReadStreamRef stream = CFReadStreamCreateWithFile(kCFAllocatorDefault, url);
if (!stream) {
CFRelease(url);
return CryptoX_Error;
}
SecTransformRef readTransform =
SecTransformCreateReadTransformWithReadStreamPtr(stream);
if (!readTransform) {
CFRelease(url);
CFRelease(stream);
return CryptoX_Error;
}
CFErrorRef error;
CFDataRef tempCertData = (CFDataRef)SecTransformExecutePtr(readTransform,
&error);
if (!tempCertData || error) {
CFRelease(url);
CFRelease(stream);
CFRelease(readTransform);
return CryptoX_Error;
}
SecCertificateRef cert = SecCertificateCreateWithDataPtr(kCFAllocatorDefault,
tempCertData);
if (!cert) {
CFRelease(url);
CFRelease(stream);
CFRelease(readTransform);
CFRelease(tempCertData);
return CryptoX_Error;
}
CryptoX_Result result = CryptoX_Error;
OSStatus status = SecCertificateCopyPublicKeyPtr(cert,
(SecKeyRef*)aPublicKey);
if (status == 0) {
result = CryptoX_Success;
}
CFRelease(url);
CFRelease(stream);
CFRelease(readTransform);
CFRelease(tempCertData);
CFRelease(cert);
return result;
}
CryptoX_Result
CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData,
CryptoX_PublicKey* aPublicKey,
const unsigned char* aSignature,
unsigned int aSignatureLen)
{
if (!aInputData || !*aInputData || !aPublicKey || !*aPublicKey ||
!aSignature || aSignatureLen == 0) {
return CryptoX_Error;
}
if (!OnLionOrLater()) {
if (!sCspHandle) {
return CryptoX_Error;
}
CSSM_KEY* publicKey;
OSStatus status = SecKeyGetCSSMKey((SecKeyRef)*aPublicKey,
(const CSSM_KEY**)&publicKey);
if (status) {
return CryptoX_Error;
}
CSSM_CC_HANDLE ccHandle;
if (CSSM_CSP_CreateSignatureContext(sCspHandle,
CSSM_ALGID_SHA1WithRSA,
NULL,
publicKey,
&ccHandle) != CSSM_OK) {
return CryptoX_Error;
}
CryptoX_Result result = CryptoX_Error;
CSSM_DATA signatureData;
signatureData.Data = (uint8*)aSignature;
signatureData.Length = aSignatureLen;
CSSM_DATA inputData;
inputData.Data =
CFDataGetMutableBytePtr((CFMutableDataRef)
(((CSSM_DATA_PTR)*aInputData)->Data));
inputData.Length = ((CSSM_DATA_PTR)*aInputData)->Length;
if (CSSM_VerifyData(ccHandle,
&inputData,
1,
CSSM_ALGID_NONE,
&signatureData) == CSSM_OK) {
result = CryptoX_Success;
}
return result;
}
CFDataRef signatureData = CFDataCreate(kCFAllocatorDefault,
aSignature, aSignatureLen);
if (!signatureData) {
return CryptoX_Error;
}
CFErrorRef error;
SecTransformRef verifier =
SecVerifyTransformCreatePtr((SecKeyRef)*aPublicKey,
signatureData,
&error);
if (!verifier || error) {
CFRelease(signatureData);
return CryptoX_Error;
}
SecTransformSetAttributePtr(verifier,
kSecTransformInputAttributeName,
(CFDataRef)*aInputData,
&error);
if (error) {
CFRelease(signatureData);
CFRelease(verifier);
return CryptoX_Error;
}
CryptoX_Result result = CryptoX_Error;
CFTypeRef rv = SecTransformExecutePtr(verifier, &error);
if (error) {
CFRelease(signatureData);
CFRelease(verifier);
return CryptoX_Error;
}
if (CFGetTypeID(rv) == CFBooleanGetTypeID() &&
CFBooleanGetValue((CFBooleanRef)rv) == true) {
result = CryptoX_Success;
}
CFRelease(signatureData);
CFRelease(verifier);
return result;
}
CryptoX_Result
CryptoMac_LoadPublicKey(const unsigned char* aCertData,
CryptoX_PublicKey* aPublicKey)
{
if (!aCertData || !aPublicKey) {
return CryptoX_Error;
}
*aPublicKey = NULL;
if (!OnLionOrLater()) {
if (!sCspHandle) {
CSSM_RETURN rv;
if (!sCssmInitialized) {
CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE;
rv = CSSM_Init(&sCssmVersion,
CSSM_PRIVILEGE_SCOPE_PROCESS,
&sMozCssmGuid,
CSSM_KEY_HIERARCHY_NONE,
&pvcPolicy,
NULL);
if (rv != CSSM_OK) {
return CryptoX_Error;
}
sCssmInitialized = true;
}
rv = CSSM_ModuleLoad(&gGuidAppleCSP,
CSSM_KEY_HIERARCHY_NONE,
NULL,
NULL);
if (rv != CSSM_OK) {
return CryptoX_Error;
}
CSSM_CSP_HANDLE cspHandle;
rv = CSSM_ModuleAttach(&gGuidAppleCSP,
&sCssmVersion,
&cssmMemFuncs,
0,
CSSM_SERVICE_CSP,
0,
CSSM_KEY_HIERARCHY_NONE,
NULL,
0,
NULL,
&cspHandle);
if (rv != CSSM_OK) {
return CryptoX_Error;
}
sCspHandle = cspHandle;
}
FILE* certFile = NULL;
long certFileSize = 0;
uint8* certBuffer = NULL;
certFile = fopen((char*)aCertData, "rb");
if (!certFile) {
return CryptoX_Error;
}
if (fseek(certFile, 0, SEEK_END)) {
fclose(certFile);
return CryptoX_Error;
}
certFileSize = ftell(certFile);
if (certFileSize < 0) {
fclose(certFile);
return CryptoX_Error;
}
certBuffer = (uint8*)malloc(certFileSize);
if (fseek(certFile, 0, SEEK_SET)) {
free(certBuffer);
fclose(certFile);
return CryptoX_Error;
}
uint readResult = fread(certBuffer, sizeof(uint8), certFileSize, certFile);
if (readResult != certFileSize) {
free(certBuffer);
fclose(certFile);
return CryptoX_Error;
}
fclose(certFile);
CFDataRef certData = CFDataCreate(kCFAllocatorDefault,
certBuffer,
certFileSize);
free(certBuffer);
if (!certData) {
return CryptoX_Error;
}
SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault,
certData);
CFRelease(certData);
if (!cert) {
return CryptoX_Error;
}
SecKeyRef publicKey;
OSStatus status = SecCertificateCopyPublicKey(cert, (SecKeyRef*)&publicKey);
CFRelease(cert);
if (status) {
return CryptoX_Error;
}
*aPublicKey = (void*)publicKey;
return CryptoX_Success;
}
CFURLRef url =
CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault,
aCertData,
strlen((char*)aCertData),
false);
if (!url) {
return CryptoX_Error;
}
CFReadStreamRef stream = CFReadStreamCreateWithFile(kCFAllocatorDefault, url);
if (!stream) {
CFRelease(url);
return CryptoX_Error;
}
SecTransformRef readTransform =
SecTransformCreateReadTransformWithReadStreamPtr(stream);
if (!readTransform) {
CFRelease(url);
CFRelease(stream);
return CryptoX_Error;
}
CFErrorRef error;
CFDataRef tempCertData = (CFDataRef)SecTransformExecutePtr(readTransform,
&error);
if (!tempCertData || error) {
CFRelease(url);
CFRelease(stream);
CFRelease(readTransform);
return CryptoX_Error;
}
SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault,
tempCertData);
if (!cert) {
CFRelease(url);
CFRelease(stream);
CFRelease(readTransform);
CFRelease(tempCertData);
return CryptoX_Error;
}
CryptoX_Result result = CryptoX_Error;
OSStatus status = SecCertificateCopyPublicKey(cert,
(SecKeyRef*)aPublicKey);
if (status == 0) {
result = CryptoX_Success;
}
CFRelease(url);
CFRelease(stream);
CFRelease(readTransform);
CFRelease(tempCertData);
CFRelease(cert);
return result;
}
