michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef CRYPTOX_H michael@0: #define CRYPTOX_H michael@0: michael@0: #define XP_MIN_SIGNATURE_LEN_IN_BYTES 256 michael@0: michael@0: #define CryptoX_Result int michael@0: #define CryptoX_Success 0 michael@0: #define CryptoX_Error (-1) michael@0: #define CryptoX_Succeeded(X) ((X) == CryptoX_Success) michael@0: #define CryptoX_Failed(X) ((X) != CryptoX_Success) michael@0: michael@0: #if defined(MAR_NSS) michael@0: michael@0: #include "nss_secutil.h" michael@0: michael@0: #define CryptoX_InvalidHandleValue NULL michael@0: #define CryptoX_ProviderHandle void* michael@0: #define CryptoX_SignatureHandle VFYContext * michael@0: #define CryptoX_PublicKey SECKEYPublicKey * michael@0: #define CryptoX_Certificate CERTCertificate * michael@0: michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: CryptoX_Result NSS_LoadPublicKey(const char *certNickname, michael@0: SECKEYPublicKey **publicKey, michael@0: CERTCertificate **cert); michael@0: CryptoX_Result NSS_VerifyBegin(VFYContext **ctx, michael@0: SECKEYPublicKey * const *publicKey); michael@0: CryptoX_Result NSS_VerifySignature(VFYContext * const *ctx , michael@0: const unsigned char *signature, michael@0: unsigned int signatureLen); michael@0: #ifdef __cplusplus michael@0: } // extern "C" michael@0: #endif michael@0: michael@0: #define CryptoX_InitCryptoProvider(CryptoHandle) \ michael@0: CryptoX_Success michael@0: #define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \ michael@0: NSS_VerifyBegin(SignatureHandle, PublicKey) michael@0: #define CryptoX_FreeSignatureHandle(SignatureHandle) \ michael@0: VFY_DestroyContext(*SignatureHandle, PR_TRUE) michael@0: #define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \ michael@0: VFY_Update(*SignatureHandle, (const unsigned char*)(buf), len) michael@0: #define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, \ michael@0: publicKey, certName, cert) \ michael@0: NSS_LoadPublicKey(certName, publicKey, cert) michael@0: #define CryptoX_VerifySignature(hash, publicKey, signedData, len) \ michael@0: NSS_VerifySignature(hash, (const unsigned char *)(signedData), len) michael@0: #define CryptoX_FreePublicKey(key) \ michael@0: SECKEY_DestroyPublicKey(*key) michael@0: #define CryptoX_FreeCertificate(cert) \ michael@0: CERT_DestroyCertificate(*cert) michael@0: michael@0: #elif XP_MACOSX michael@0: michael@0: #define CryptoX_InvalidHandleValue NULL michael@0: #define CryptoX_ProviderHandle void* michael@0: #define CryptoX_SignatureHandle void* michael@0: #define CryptoX_PublicKey void* michael@0: #define CryptoX_Certificate void* michael@0: michael@0: // Forward-declare Objective-C functions implemented in MacVerifyCrypto.mm. michael@0: #ifdef __cplusplus michael@0: extern "C" { michael@0: #endif michael@0: CryptoX_Result CryptoMac_InitCryptoProvider(); michael@0: CryptoX_Result CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData); michael@0: CryptoX_Result CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData, michael@0: void* aBuf, unsigned int aLen); michael@0: CryptoX_Result CryptoMac_LoadPublicKey(const unsigned char* aCertData, michael@0: CryptoX_PublicKey* aPublicKey); michael@0: CryptoX_Result CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData, michael@0: CryptoX_PublicKey* aPublicKey, michael@0: const unsigned char* aSignature, michael@0: unsigned int aSignatureLen); michael@0: void CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData); michael@0: void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey); michael@0: #ifdef __cplusplus michael@0: } // extern "C" michael@0: #endif michael@0: michael@0: #define CryptoX_InitCryptoProvider(aProviderHandle) \ michael@0: CryptoMac_InitCryptoProvider() michael@0: #define CryptoX_VerifyBegin(aCryptoHandle, aInputData, aPublicKey) \ michael@0: CryptoMac_VerifyBegin(aInputData) michael@0: #define CryptoX_VerifyUpdate(aInputData, aBuf, aLen) \ michael@0: CryptoMac_VerifyUpdate(aInputData, aBuf, aLen) michael@0: #define CryptoX_LoadPublicKey(aProviderHandle, aCertData, aDataSize, \ michael@0: aPublicKey, aCertName, aCert) \ michael@0: CryptoMac_LoadPublicKey(aCertData, aPublicKey) michael@0: #define CryptoX_VerifySignature(aInputData, aPublicKey, aSignature, \ michael@0: aSignatureLen) \ michael@0: CryptoMac_VerifySignature(aInputData, aPublicKey, aSignature, aSignatureLen) michael@0: #define CryptoX_FreeSignatureHandle(aInputData) \ michael@0: CryptoMac_FreeSignatureHandle(aInputData) michael@0: #define CryptoX_FreePublicKey(aPublicKey) \ michael@0: CryptoMac_FreePublicKey(aPublicKey) michael@0: #define CryptoX_FreeCertificate(aCertificate) michael@0: michael@0: #elif defined(XP_WIN) michael@0: michael@0: #include michael@0: #include michael@0: michael@0: CryptoX_Result CryptoAPI_InitCryptoContext(HCRYPTPROV *provider); michael@0: CryptoX_Result CryptoAPI_LoadPublicKey(HCRYPTPROV hProv, michael@0: BYTE *certData, michael@0: DWORD sizeOfCertData, michael@0: HCRYPTKEY *publicKey, michael@0: HCERTSTORE *cert); michael@0: CryptoX_Result CryptoAPI_VerifyBegin(HCRYPTPROV provider, HCRYPTHASH* hash); michael@0: CryptoX_Result CryptoAPI_VerifyUpdate(HCRYPTHASH* hash, michael@0: BYTE *buf, DWORD len); michael@0: CryptoX_Result CyprtoAPI_VerifySignature(HCRYPTHASH *hash, michael@0: HCRYPTKEY *pubKey, michael@0: const BYTE *signature, michael@0: DWORD signatureLen); michael@0: michael@0: #define CryptoX_InvalidHandleValue ((ULONG_PTR)NULL) michael@0: #define CryptoX_ProviderHandle HCRYPTPROV michael@0: #define CryptoX_SignatureHandle HCRYPTHASH michael@0: #define CryptoX_PublicKey HCRYPTKEY michael@0: #define CryptoX_Certificate HCERTSTORE michael@0: #define CryptoX_InitCryptoProvider(CryptoHandle) \ michael@0: CryptoAPI_InitCryptoContext(CryptoHandle) michael@0: #define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \ michael@0: CryptoAPI_VerifyBegin(CryptoHandle, SignatureHandle) michael@0: #define CryptoX_FreeSignatureHandle(SignatureHandle) michael@0: #define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \ michael@0: CryptoAPI_VerifyUpdate(SignatureHandle, (BYTE *)(buf), len) michael@0: #define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, \ michael@0: publicKey, certName, cert) \ michael@0: CryptoAPI_LoadPublicKey(CryptoHandle, (BYTE*)(certData), \ michael@0: dataSize, publicKey, cert) michael@0: #define CryptoX_VerifySignature(hash, publicKey, signedData, len) \ michael@0: CyprtoAPI_VerifySignature(hash, publicKey, signedData, len) michael@0: #define CryptoX_FreePublicKey(key) \ michael@0: CryptDestroyKey(*(key)) michael@0: #define CryptoX_FreeCertificate(cert) \ michael@0: CertCloseStore(*(cert), CERT_CLOSE_STORE_FORCE_FLAG); michael@0: michael@0: #else michael@0: michael@0: /* This default implementation is necessary because we don't want to michael@0: * link to NSS from updater code on non Windows platforms. On Windows michael@0: * we use CyrptoAPI instead of NSS. We don't call any function as they michael@0: * would just fail, but this simplifies linking. michael@0: */ michael@0: michael@0: #define CryptoX_InvalidHandleValue NULL michael@0: #define CryptoX_ProviderHandle void* michael@0: #define CryptoX_SignatureHandle void* michael@0: #define CryptoX_PublicKey void* michael@0: #define CryptoX_Certificate void* michael@0: #define CryptoX_InitCryptoProvider(CryptoHandle) \ michael@0: CryptoX_Error michael@0: #define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \ michael@0: CryptoX_Error michael@0: #define CryptoX_FreeSignatureHandle(SignatureHandle) michael@0: #define CryptoX_VerifyUpdate(SignatureHandle, buf, len) CryptoX_Error michael@0: #define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, \ michael@0: publicKey, certName, cert) \ michael@0: CryptoX_Error michael@0: #define CryptoX_VerifySignature(hash, publicKey, signedData, len) CryptoX_Error michael@0: #define CryptoX_FreePublicKey(key) CryptoX_Error michael@0: michael@0: #endif michael@0: michael@0: #endif