/** * Verifies a MAR file by verifying each signature with the corresponding * certificate. That is, the first signature will be verified using the first * certificate given, the second signature will be verified using the second * certificate given, etc. The signature count must exactly match the number of * certificates given, and all signature verifications must succeed. * * @param mar The file who's signature should be calculated * @param certData Pointer to the first element in an array of * certificate data * @param certDataSizes Pointer to the first element in an array for size of * the data stored * @param certCount The number of elements in certData and certDataSizes * @return 0 on success */ int mar_verify_signatures(MarFile *mar, const uint8_t * const *certData, const uint32_t *certDataSizes, uint32_t certCount) { int rv = -1; CryptoX_ProviderHandle provider = CryptoX_InvalidHandleValue; CryptoX_PublicKey keys[MAX_SIGNATURES]; uint32_t k; memset(keys, 0, sizeof(keys)); if (!mar || !certData || !certDataSizes || certCount == 0) { fprintf(stderr, "ERROR: Invalid parameter specified.\n"); goto failure; } if (!mar->fp) { fprintf(stderr, "ERROR: MAR file is not open.\n"); goto failure; } if (CryptoX_Failed(CryptoX_InitCryptoProvider(&provider))) { fprintf(stderr, "ERROR: Could not init crytpo library.\n"); goto failure; } for (k = 0; k < certCount; ++k) { if (CryptoX_Failed(CryptoX_LoadPublicKey(provider, certData[k], certDataSizes[k], &keys[k]))) { fprintf(stderr, "ERROR: Could not load public key.\n"); goto failure; } } rv = mar_extract_and_verify_signatures_fp(mar->fp, provider, keys, certCount); failure: for (k = 0; k < certCount; ++k) { if (keys[k]) { CryptoX_FreePublicKey(&keys[k]); } } return rv; }
/** * Verifies the embedded signature of the specified file path. * This is only used by the signmar program when used with arguments to verify * a MAR. This should not be used to verify a MAR that will be extracted in the * same operation by updater code. This function prints the error message if * verification fails. * * @param pathToMAR The path of the MAR file who's signature should be checked * @param certData The certificate file data. * @param sizeOfCertData The size of the cert data. * @param certName Used only if compiled as NSS, specifies the certName * @return 0 on success * a negative number if there was an error * a positive number if the signature does not verify */ int mar_verify_signature(const char *pathToMARFile, const char *certData, PRUint32 sizeOfCertData, const char *certName) { int rv; CryptoX_ProviderHandle provider = CryptoX_InvalidHandleValue; CryptoX_Certificate cert; CryptoX_PublicKey key; FILE *fp; if (!pathToMARFile || (!certData && !certName)) { fprintf(stderr, "ERROR: Invalid parameter specified.\n"); return CryptoX_Error; } fp = fopen(pathToMARFile, "rb"); if (!fp) { fprintf(stderr, "ERROR: Could not open MAR file.\n"); return CryptoX_Error; } if (CryptoX_Failed(CryptoX_InitCryptoProvider(&provider))) { fclose(fp); fprintf(stderr, "ERROR: Could not init crytpo library.\n"); return CryptoX_Error; } if (CryptoX_Failed(CryptoX_LoadPublicKey(provider, certData, sizeOfCertData, &key, certName, &cert))) { fclose(fp); fprintf(stderr, "ERROR: Could not load public key.\n"); return CryptoX_Error; } rv = mar_verify_signature_fp(fp, provider, key); fclose(fp); if (key) { CryptoX_FreePublicKey(&key); } if (cert) { CryptoX_FreeCertificate(&cert); } return rv; }
/** * Verifies a MAR file's signature by making sure at least one * signature verifies. * * @param pathToMARFile The path of the MAR file who's signature * should be calculated * @param certData The certificate data * @param sizeOfCertData The size of the data stored in certData * @return 0 on success */ int mar_verify_signatureW(MarFile *mar, const char *certData, PRUint32 sizeOfCertData) { int rv; CryptoX_ProviderHandle provider = CryptoX_InvalidHandleValue; CryptoX_Certificate cert; CryptoX_PublicKey key; if (!mar || !certData) { fprintf(stderr, "ERROR: Invalid parameter specified.\n"); return CryptoX_Error; } if (!mar->fp) { fprintf(stderr, "ERROR: MAR file is not open.\n"); return CryptoX_Error; } if (CryptoX_Failed(CryptoX_InitCryptoProvider(&provider))) { fprintf(stderr, "ERROR: Could not init crytpo library.\n"); return CryptoX_Error; } if (CryptoX_Failed(CryptoX_LoadPublicKey(provider, certData, sizeOfCertData, &key, "", &cert))) { fprintf(stderr, "ERROR: Could not load public key.\n"); return CryptoX_Error; } rv = mar_verify_signature_fp(mar->fp, provider, key); if (key) { CryptoX_FreePublicKey(&key); } if (cert) { CryptoX_FreeCertificate(&cert); } return rv; }