The Tor Browser / file revision

modules/libmar/verify/cryptox.h@129ffea94266

modules/libmar/verify/cryptox.h

Sat, 03 Jan 2015 20:18:00 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Sat, 03 Jan 2015 20:18:00 +0100
branch
TOR_BUG_3246
changeset 7
129ffea94266
permissions
-rw-r--r--

Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     4 

     5 #ifndef CRYPTOX_H

     6 #define CRYPTOX_H

     7 

     8 #define XP_MIN_SIGNATURE_LEN_IN_BYTES 256

     9 

    10 #define CryptoX_Result int

    11 #define CryptoX_Success 0

    12 #define CryptoX_Error (-1)

    13 #define CryptoX_Succeeded(X) ((X) == CryptoX_Success)

    14 #define CryptoX_Failed(X) ((X) != CryptoX_Success)

    15 

    16 #if defined(MAR_NSS)

    17 

    18 #include "nss_secutil.h"

    19 

    20 #define CryptoX_InvalidHandleValue NULL

    21 #define CryptoX_ProviderHandle void*

    22 #define CryptoX_SignatureHandle VFYContext *

    23 #define CryptoX_PublicKey SECKEYPublicKey *

    24 #define CryptoX_Certificate CERTCertificate *

    25 

    26 #ifdef __cplusplus

    27 extern "C" {

    28 #endif

    29 CryptoX_Result NSS_LoadPublicKey(const char *certNickname,

    30                                  SECKEYPublicKey **publicKey,

    31                                  CERTCertificate **cert);

    32 CryptoX_Result NSS_VerifyBegin(VFYContext **ctx,

    33                                SECKEYPublicKey * const *publicKey);

    34 CryptoX_Result NSS_VerifySignature(VFYContext * const *ctx ,

    35                                    const unsigned char *signature,

    36                                    unsigned int signatureLen);

    37 #ifdef __cplusplus

    38 } // extern "C"

    39 #endif

    40 

    41 #define CryptoX_InitCryptoProvider(CryptoHandle) \

    42   CryptoX_Success

    43 #define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \

    44   NSS_VerifyBegin(SignatureHandle, PublicKey)

    45 #define CryptoX_FreeSignatureHandle(SignatureHandle) \

    46   VFY_DestroyContext(*SignatureHandle, PR_TRUE)

    47 #define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \

    48   VFY_Update(*SignatureHandle, (const unsigned char*)(buf), len)

    49 #define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, \

    50                               publicKey, certName, cert) \

    51   NSS_LoadPublicKey(certName, publicKey, cert)

    52 #define CryptoX_VerifySignature(hash, publicKey, signedData, len) \

    53   NSS_VerifySignature(hash, (const unsigned char *)(signedData), len)

    54 #define CryptoX_FreePublicKey(key) \

    55   SECKEY_DestroyPublicKey(*key)

    56 #define CryptoX_FreeCertificate(cert) \

    57   CERT_DestroyCertificate(*cert)

    58 

    59 #elif XP_MACOSX

    60 

    61 #define CryptoX_InvalidHandleValue NULL

    62 #define CryptoX_ProviderHandle void*

    63 #define CryptoX_SignatureHandle void*

    64 #define CryptoX_PublicKey void*

    65 #define CryptoX_Certificate void*

    66 

    67 // Forward-declare Objective-C functions implemented in MacVerifyCrypto.mm.

    68 #ifdef __cplusplus

    69 extern "C" {

    70 #endif

    71 CryptoX_Result CryptoMac_InitCryptoProvider();

    72 CryptoX_Result CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData);

    73 CryptoX_Result CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData,

    74                                       void* aBuf, unsigned int aLen);

    75 CryptoX_Result CryptoMac_LoadPublicKey(const unsigned char* aCertData,

    76                                        CryptoX_PublicKey* aPublicKey);

    77 CryptoX_Result CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData,

    78                                          CryptoX_PublicKey* aPublicKey,

    79                                          const unsigned char* aSignature,

    80                                          unsigned int aSignatureLen);

    81 void CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData);

    82 void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey);

    83 #ifdef __cplusplus

    84 } // extern "C"

    85 #endif

    86 

    87 #define CryptoX_InitCryptoProvider(aProviderHandle) \

    88   CryptoMac_InitCryptoProvider()

    89 #define CryptoX_VerifyBegin(aCryptoHandle, aInputData, aPublicKey) \

    90   CryptoMac_VerifyBegin(aInputData)

    91 #define CryptoX_VerifyUpdate(aInputData, aBuf, aLen) \

    92   CryptoMac_VerifyUpdate(aInputData, aBuf, aLen)

    93 #define CryptoX_LoadPublicKey(aProviderHandle, aCertData, aDataSize, \

    94                               aPublicKey, aCertName, aCert) \

    95   CryptoMac_LoadPublicKey(aCertData, aPublicKey)

    96 #define CryptoX_VerifySignature(aInputData, aPublicKey, aSignature, \

    97                                 aSignatureLen) \

    98   CryptoMac_VerifySignature(aInputData, aPublicKey, aSignature, aSignatureLen)

    99 #define CryptoX_FreeSignatureHandle(aInputData) \

   100   CryptoMac_FreeSignatureHandle(aInputData)

   101 #define CryptoX_FreePublicKey(aPublicKey) \

   102   CryptoMac_FreePublicKey(aPublicKey)

   103 #define CryptoX_FreeCertificate(aCertificate)

   104 

   105 #elif defined(XP_WIN) 

   106 

   107 #include <windows.h>

   108 #include <wincrypt.h>

   109 

   110 CryptoX_Result CryptoAPI_InitCryptoContext(HCRYPTPROV *provider);

   111 CryptoX_Result CryptoAPI_LoadPublicKey(HCRYPTPROV hProv, 

   112                                        BYTE *certData,

   113                                        DWORD sizeOfCertData,

   114                                        HCRYPTKEY *publicKey,

   115                                        HCERTSTORE *cert);

   116 CryptoX_Result CryptoAPI_VerifyBegin(HCRYPTPROV provider, HCRYPTHASH* hash);

   117 CryptoX_Result CryptoAPI_VerifyUpdate(HCRYPTHASH* hash, 

   118                                       BYTE *buf, DWORD len);

   119 CryptoX_Result CyprtoAPI_VerifySignature(HCRYPTHASH *hash, 

   120                                          HCRYPTKEY *pubKey,

   121                                          const BYTE *signature, 

   122                                          DWORD signatureLen);

   123 

   124 #define CryptoX_InvalidHandleValue ((ULONG_PTR)NULL)

   125 #define CryptoX_ProviderHandle HCRYPTPROV

   126 #define CryptoX_SignatureHandle HCRYPTHASH

   127 #define CryptoX_PublicKey HCRYPTKEY

   128 #define CryptoX_Certificate HCERTSTORE

   129 #define CryptoX_InitCryptoProvider(CryptoHandle) \

   130   CryptoAPI_InitCryptoContext(CryptoHandle)

   131 #define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \

   132   CryptoAPI_VerifyBegin(CryptoHandle, SignatureHandle)

   133 #define CryptoX_FreeSignatureHandle(SignatureHandle)

   134 #define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \

   135   CryptoAPI_VerifyUpdate(SignatureHandle, (BYTE *)(buf), len)

   136 #define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, \

   137                               publicKey, certName, cert) \

   138   CryptoAPI_LoadPublicKey(CryptoHandle, (BYTE*)(certData), \

   139                           dataSize, publicKey, cert)

   140 #define CryptoX_VerifySignature(hash, publicKey, signedData, len) \

   141   CyprtoAPI_VerifySignature(hash, publicKey, signedData, len)

   142 #define CryptoX_FreePublicKey(key) \

   143   CryptDestroyKey(*(key))

   144 #define CryptoX_FreeCertificate(cert) \

   145   CertCloseStore(*(cert), CERT_CLOSE_STORE_FORCE_FLAG);

   146 

   147 #else

   148 

   149 /* This default implementation is necessary because we don't want to

   150  * link to NSS from updater code on non Windows platforms.  On Windows

   151  * we use CyrptoAPI instead of NSS.  We don't call any function as they

   152  * would just fail, but this simplifies linking.

   153  */

   154 

   155 #define CryptoX_InvalidHandleValue NULL

   156 #define CryptoX_ProviderHandle void*

   157 #define CryptoX_SignatureHandle void*

   158 #define CryptoX_PublicKey void*

   159 #define CryptoX_Certificate void*

   160 #define CryptoX_InitCryptoProvider(CryptoHandle) \

   161   CryptoX_Error

   162 #define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \

   163   CryptoX_Error

   164 #define CryptoX_FreeSignatureHandle(SignatureHandle)

   165 #define CryptoX_VerifyUpdate(SignatureHandle, buf, len) CryptoX_Error

   166 #define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, \

   167                               publicKey, certName, cert) \

   168   CryptoX_Error

   169 #define CryptoX_VerifySignature(hash, publicKey, signedData, len) CryptoX_Error

   170 #define CryptoX_FreePublicKey(key) CryptoX_Error

   171 

   172 #endif

   173 

   174 #endif

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial