online update: MAR-based online update - initial import from Mozilla.

This commit copies several source files around the Mozilla's online update
from the Mozilla sources to LibreOffice.  The hope is that we will be able to
modify it so that LibreOffice can use the same update mechanism as Firefox,
including downloading the packs on background, and applying them on the next
start.

changeset:   248917:ce863f9d8864

The following locations in the Mozzila sources were copied:

firefox/modules/libmar -> onlineupdate/source/libmar
firefox/toolkit/mozapps/update -> onlineupdate/source/update

JavaScript parts were omitted.

Change-Id: I0c92dc0bf734bfd5d8746822f674e162d64fa62f

onlineupdate/README

+Online update implementation based on Mozilla's MAR format + update mechanism
+
+Parts of this code are copied from the mozilla repository, and adapted to
+LibreOffice needs:
+
+firefox/modules/libmar -> online-update/source/libmar
+firefox/toolkit/mozapps/update -> online-update/source/update

onlineupdate/source/libmar/README

+This directory contains code for a simple archive file format, which
+is documented at http://wiki.mozilla.org/Software_Update:MAR
+
+The src directory builds a small static library used to create, read, and
+extract an archive file.  The tool directory builds a command line utility
+around the library.

onlineupdate/source/libmar/sign/Makefile.in

+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This makefile just builds support for reading archives.
+include $(topsrcdir)/config/rules.mk
+
+# The intermediate (.ii/.s) files for host and target can have the same name...
+# disable parallel builds
+.NOTPARALLEL:

onlineupdate/source/libmar/sign/moz.build

+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Library('signmar')
+
+UNIFIED_SOURCES += [
+    'mar_sign.c',
+    'nss_secutil.c',
+]
+
+FORCE_STATIC_LIB = True
+
+LOCAL_INCLUDES += [
+    '../src',
+    '../verify',
+]
+
+DEFINES['MAR_NSS'] = True
+
+if CONFIG['OS_ARCH'] == 'WINNT':
+    USE_STATIC_LIBS = True

onlineupdate/source/libmar/sign/nss_secutil.c

+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* With the exception of GetPasswordString, this file was
+   copied from NSS's cmd/lib/secutil.c hg revision 8f011395145e */
+
+#include "nss_secutil.h"
+
+#include "prprf.h"
+#ifdef XP_WIN
+#include <io.h>
+#else
+#include <unistd.h>
+#endif
+
+static char consoleName[] =  {
+#ifdef XP_UNIX
+  "/dev/tty"
+#else
+  "CON:"
+#endif
+};
+
+#if defined(_WINDOWS)
+static char * quiet_fgets (char *buf, int length, FILE *input)
+{
+  int c;
+  char *end = buf;
+
+  /* fflush (input); */
+  memset (buf, 0, length);
+
+  if (!isatty(fileno(input))) {
+    return fgets(buf,length,input);
+  }
+
+  while (1)
+  {
+#if defined (_WIN32_WCE)
+    c = getchar();      /* gets a character from stdin */
+#else
+    c = getch();        /* getch gets a character from the console */
+#endif
+    if (c == '\b')
+    {
+      if (end > buf)
+        end--;
+    }
+
+    else if (--length > 0)
+      *end++ = c;
+
+    if (!c || c == '\n' || c == '\r')
+      break;
+  }
+
+  return buf;
+}
+#endif
+
+char *
+GetPasswordString(void *arg, char *prompt)
+{
+  FILE *input = stdin;
+  char phrase[200] = {'\0'};
+  int isInputTerminal = isatty(fileno(stdin));
+
+#ifndef _WINDOWS
+  if (isInputTerminal) {
+    input = fopen(consoleName, "r");
+    if (input == NULL) {
+      fprintf(stderr, "Error opening input terminal for read\n");
+      return NULL;
+    }
+  }
+#endif
+
+  if (isInputTerminal) {
+    fprintf(stdout, "Please enter your password:\n");
+    fflush(stdout);
+  }
+
+  QUIET_FGETS (phrase, sizeof(phrase), input);
+
+  if (isInputTerminal) {
+    fprintf(stdout, "\n");
+  }
+
+#ifndef _WINDOWS
+  if (isInputTerminal) {
+    fclose(input);
+  }
+#endif
+
+  /* Strip off the newlines if present */
+  if (phrase[PORT_Strlen(phrase)-1] == '\n' ||
+      phrase[PORT_Strlen(phrase)-1] == '\r') {
+    phrase[PORT_Strlen(phrase)-1] = 0;
+  }
+  return (char*) PORT_Strdup(phrase);
+}
+
+char *
+SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+  char* phrases, *phrase;
+  PRFileDesc *fd;
+  int32_t nb;
+  char *pwFile = arg;
+  int i;
+  const long maxPwdFileSize = 4096;
+  char* tokenName = NULL;
+  int tokenLen = 0;
+
+  if (!pwFile)
+    return 0;
+
+  if (retry) {
+    return 0;  /* no good retrying - the files contents will be the same */
+  }
+
+  phrases = PORT_ZAlloc(maxPwdFileSize);
+
+  if (!phrases) {
+    return 0; /* out of memory */
+  }
+
+  fd = PR_Open(pwFile, PR_RDONLY, 0);
+  if (!fd) {
+    fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
+    PORT_Free(phrases);
+    return NULL;
+  }
+
+  nb = PR_Read(fd, phrases, maxPwdFileSize);
+
+  PR_Close(fd);
+
+  if (nb == 0) {
+    fprintf(stderr,"password file contains no data\n");
+    PORT_Free(phrases);
+    return NULL;
+  }
+
+  if (slot) {
+    tokenName = PK11_GetTokenName(slot);
+    if (tokenName) {
+      tokenLen = PORT_Strlen(tokenName);
+    }
+  }
+  i = 0;
+  do
+  {
+    int startphrase = i;
+    int phraseLen;
+
+    /* handle the Windows EOL case */
+    while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb) i++;
+    /* terminate passphrase */
+    phrases[i++] = '\0';
+    /* clean up any EOL before the start of the next passphrase */
+    while ( (i<nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
+      phrases[i++] = '\0';
+    }
+    /* now analyze the current passphrase */
+    phrase = &phrases[startphrase];
+    if (!tokenName)
+      break;
+    if (PORT_Strncmp(phrase, tokenName, tokenLen)) continue;
+    phraseLen = PORT_Strlen(phrase);
+    if (phraseLen < (tokenLen+1)) continue;
+    if (phrase[tokenLen] != ':') continue;
+    phrase = &phrase[tokenLen+1];
+    break;
+
+  } while (i<nb);
+
+  phrase = PORT_Strdup((char*)phrase);
+  PORT_Free(phrases);
+  return phrase;
+}
+
+char *
+SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+    char prompt[255];
+    secuPWData *pwdata = (secuPWData *)arg;
+    secuPWData pwnull = { PW_NONE, 0 };
+    secuPWData pwxtrn = { PW_EXTERNAL, "external" };
+    char *pw;
+
+    if (pwdata == NULL)
+  pwdata = &pwnull;
+
+    if (PK11_ProtectedAuthenticationPath(slot)) {
+  pwdata = &pwxtrn;
+    }
+    if (retry && pwdata->source != PW_NONE) {
+  PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n");
+      return NULL;
+    }
+
+    switch (pwdata->source) {
+    case PW_NONE:
+  sprintf(prompt, "Enter Password or Pin for \"%s\":",
+                   PK11_GetTokenName(slot));
+  return GetPasswordString(NULL, prompt);
+    case PW_FROMFILE:
+  /* Instead of opening and closing the file every time, get the pw
+   * once, then keep it in memory (duh).
+   */
+  pw = SECU_FilePasswd(slot, retry, pwdata->data);
+  pwdata->source = PW_PLAINTEXT;
+  pwdata->data = PL_strdup(pw);
+  /* it's already been dup'ed */
+  return pw;
+    case PW_EXTERNAL:
+  sprintf(prompt,
+          "Press Enter, then enter PIN for \"%s\" on external device.\n",
+    PK11_GetTokenName(slot));
+  pw = GetPasswordString(NULL, prompt);
+  if (pw) {
+    memset(pw, 0, PORT_Strlen(pw));
+    PORT_Free(pw);
+  }
+      /* Fall Through */
+    case PW_PLAINTEXT:
+  return PL_strdup(pwdata->data);
+    default:
+  break;
+    }
+
+    PR_fprintf(PR_STDERR, "Password check failed:  No password found.\n");
+    return NULL;
+}

onlineupdate/source/libmar/sign/nss_secutil.h

+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* With the exception of GetPasswordString, this file was
+   copied from NSS's cmd/lib/secutil.h hg revision 8f011395145e */
+
+#ifndef NSS_SECUTIL_H_
+#define NSS_SECUTIL_H_
+
+#include "nss.h"
+#include "pk11pub.h"
+#include "cryptohi.h"
+#include "hasht.h"
+#include "cert.h"
+#include "key.h"
+#include <stdint.h>
+
+typedef struct {
+  enum {
+    PW_NONE = 0,
+    PW_FROMFILE = 1,
+    PW_PLAINTEXT = 2,
+    PW_EXTERNAL = 3
+  } source;
+  char *data;
+} secuPWData;
+
+#if( defined(_WINDOWS) && !defined(_WIN32_WCE))
+#include <conio.h>
+#include <io.h>
+#define QUIET_FGETS quiet_fgets
+static char * quiet_fgets (char *buf, int length, FILE *input);
+#else
+#define QUIET_FGETS fgets
+#endif
+
+char *
+SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
+
+#endif

onlineupdate/source/libmar/src/Makefile.in

+# vim:set ts=8 sw=8 sts=8 noet:
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This makefile just builds support for reading archives.
+
+include $(topsrcdir)/config/rules.mk
+
+# The intermediate (.ii/.s) files for host and target can have the same name...
+# disable parallel builds
+.NOTPARALLEL:

onlineupdate/source/libmar/src/mar.h

+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef MAR_H__
+#define MAR_H__
+
+#include "mozilla/Assertions.h"
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* We have a MAX_SIGNATURES limit so that an invalid MAR will never
+ * waste too much of either updater's or signmar's time.
+ * It is also used at various places internally and will affect memory usage.
+ * If you want to increase this value above 9 then you need to adjust parsing
+ * code in tool/mar.c.
+*/
+#define MAX_SIGNATURES 8
+#ifdef __cplusplus
+static_assert(MAX_SIGNATURES <= 9, "too many signatures");
+#else
+MOZ_STATIC_ASSERT(MAX_SIGNATURES <= 9, "too many signatures");
+#endif
+
+struct ProductInformationBlock {
+  const char *MARChannelID;
+  const char *productVersion;
+};
+
+/**
+ * The MAR item data structure.
+ */
+typedef struct MarItem_ {
+  struct MarItem_ *next;  /* private field */
+  uint32_t offset;        /* offset into archive */
+  uint32_t length;        /* length of data in bytes */
+  uint32_t flags;         /* contains file mode bits */
+  char name[1];           /* file path */
+} MarItem;
+
+#define TABLESIZE 256
+
+struct MarFile_ {
+  FILE *fp;
+  MarItem *item_table[TABLESIZE];
+};
+
+typedef struct MarFile_ MarFile;
+
+/**
+ * Signature of callback function passed to mar_enum_items.
+ * @param mar       The MAR file being visited.
+ * @param item      The MAR item being visited.
+ * @param data      The data parameter passed by the caller of mar_enum_items.
+ * @return          A non-zero value to stop enumerating.
+ */
+typedef int (* MarItemCallback)(MarFile *mar, const MarItem *item, void *data);
+
+/**
+ * Open a MAR file for reading.
+ * @param path      Specifies the path to the MAR file to open.  This path must
+ *                  be compatible with fopen.
+ * @return          NULL if an error occurs.
+ */
+MarFile *mar_open(const char *path);
+
+#ifdef XP_WIN
+MarFile *mar_wopen(const wchar_t *path);
+#endif
+
+/**
+ * Close a MAR file that was opened using mar_open.
+ * @param mar       The MarFile object to close.
+ */
+void mar_close(MarFile *mar);
+
+/**
+ * Find an item in the MAR file by name.
+ * @param mar       The MarFile object to query.
+ * @param item      The name of the item to query.
+ * @return          A const reference to a MAR item or NULL if not found.
+ */
+const MarItem *mar_find_item(MarFile *mar, const char *item);
+
+/**
+ * Enumerate all MAR items via callback function.
+ * @param mar       The MAR file to enumerate.
+ * @param callback  The function to call for each MAR item.
+ * @param data      A caller specified value that is passed along to the
+ *                  callback function.
+ * @return          0 if the enumeration ran to completion.  Otherwise, any
+ *                  non-zero return value from the callback is returned.
+ */
+int mar_enum_items(MarFile *mar, MarItemCallback callback, void *data);
+
+/**
+ * Read from MAR item at given offset up to bufsize bytes.
+ * @param mar       The MAR file to read.
+ * @param item      The MAR item to read.
+ * @param offset    The byte offset relative to the start of the item.
+ * @param buf       A pointer to a buffer to copy the data into.
+ * @param bufsize   The length of the buffer to copy the data into.
+ * @return          The number of bytes written or a negative value if an
+ *                  error occurs.
+ */
+int mar_read(MarFile *mar, const MarItem *item, int offset, char *buf,
+             int bufsize);
+
+/**
+ * Create a MAR file from a set of files.
+ * @param dest      The path to the file to create.  This path must be
+ *                  compatible with fopen.
+ * @param numfiles  The number of files to store in the archive.
+ * @param files     The list of null-terminated file paths.  Each file
+ *                  path must be compatible with fopen.
+ * @param infoBlock The information to store in the product information block.
+ * @return          A non-zero value if an error occurs.
+ */
+int mar_create(const char *dest,
+               int numfiles,
+               char **files,
+               struct ProductInformationBlock *infoBlock);
+
+/**
+ * Extract a MAR file to the current working directory.
+ * @param path      The path to the MAR file to extract.  This path must be
+ *                  compatible with fopen.
+ * @return          A non-zero value if an error occurs.
+ */
+int mar_extract(const char *path);
+
+#define MAR_MAX_CERT_SIZE (16*1024) // Way larger than necessary
+
+/* Read the entire file (not a MAR file) into a newly-allocated buffer.
+ * This function does not write to stderr. Instead, the caller should
+ * write whatever error messages it sees fit. The caller must free the returned
+ * buffer using free().
+ *
+ * @param filePath The path to the file that should be read.
+ * @param maxSize  The maximum valid file size.
+ * @param data     On success, *data will point to a newly-allocated buffer
+ *                 with the file's contents in it.
+ * @param size     On success, *size will be the size of the created buffer.
+ *
+ * @return 0 on success, -1 on error
+ */
+int mar_read_entire_file(const char * filePath,
+                         uint32_t maxSize,
+                         /*out*/ const uint8_t * *data,
+                         /*out*/ uint32_t *size);
+
+/**
+ * Verifies a MAR file by verifying each signature with the corresponding
+ * certificate. That is, the first signature will be verified using the first
+ * certificate given, the second signature will be verified using the second
+ * certificate given, etc. The signature count must exactly match the number of
+ * certificates given, and all signature verifications must succeed.
+ * We do not check that the certificate was issued by any trusted authority.
+ * We assume it to be self-signed.  We do not check whether the certificate
+ * is valid for this usage.
+ *
+ * @param mar            The already opened MAR file.
+ * @param certData       Pointer to the first element in an array of certificate
+ *                       file data.
+ * @param certDataSizes  Pointer to the first element in an array for size of
+ *                       the cert data.
+ * @param certCount      The number of elements in certData and certDataSizes
+ * @return 0 on success
+ *         a negative number if there was an error
+ *         a positive number if the signature does not verify
+ */
+int mar_verify_signatures(MarFile *mar,
+                          const uint8_t * const *certData,
+                          const uint32_t *certDataSizes,
+                          uint32_t certCount);
+
+/**
+ * Reads the product info block from the MAR file's additional block section.
+ * The caller is responsible for freeing the fields in infoBlock
+ * if the return is successful.
+ *
+ * @param infoBlock Out parameter for where to store the result to
+ * @return 0 on success, -1 on failure
+*/
+int
+mar_read_product_info_block(MarFile *mar,
+                            struct ProductInformationBlock *infoBlock);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* MAR_H__ */

onlineupdate/source/libmar/src/mar_cmdline.h

+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef MAR_CMDLINE_H__
+#define MAR_CMDLINE_H__
+
+/* We use NSPR here just to import the definition of uint32_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct ProductInformationBlock;
+
+/**
+ * Determines MAR file information.
+ *
+ * @param path                   The path of the MAR file to check.
+ * @param hasSignatureBlock      Optional out parameter specifying if the MAR
+ *                               file has a signature block or not.
+ * @param numSignatures          Optional out parameter for storing the number
+ *                               of signatures in the MAR file.
+ * @param hasAdditionalBlocks    Optional out parameter specifying if the MAR
+ *                               file has additional blocks or not.
+ * @param offsetAdditionalBlocks Optional out parameter for the offset to the
+ *                               first additional block. Value is only valid if
+ *                               hasAdditionalBlocks is not equal to 0.
+ * @param numAdditionalBlocks    Optional out parameter for the number of
+ *                               additional blocks.  Value is only valid if
+ *                               has_additional_blocks is not equal to 0.
+ * @return 0 on success and non-zero on failure.
+ */
+int get_mar_file_info(const char *path,
+                      int *hasSignatureBlock,
+                      uint32_t *numSignatures,
+                      int *hasAdditionalBlocks,
+                      uint32_t *offsetAdditionalBlocks,
+                      uint32_t *numAdditionalBlocks);
+
+/**
+ * Reads the product info block from the MAR file's additional block section.
+ * The caller is responsible for freeing the fields in infoBlock
+ * if the return is successful.
+ *
+ * @param infoBlock Out parameter for where to store the result to
+ * @return 0 on success, -1 on failure
+*/
+int
+read_product_info_block(char *path,
+                        struct ProductInformationBlock *infoBlock);
+
+/**
+ * Refreshes the product information block with the new information.
+ * The input MAR must not be signed or the function call will fail.
+ *
+ * @param path             The path to the MAR file whose product info block
+ *                         should be refreshed.
+ * @param infoBlock        Out parameter for where to store the result to
+ * @return 0 on success, -1 on failure
+*/
+int
+refresh_product_info_block(const char *path,
+                           struct ProductInformationBlock *infoBlock);
+
+/**
+ * Writes out a copy of the MAR at src but with the signature block stripped.
+ *
+ * @param  src  The path of the source MAR file
+ * @param  dest The path of the MAR file to write out that
+                has no signature block
+ * @return 0 on success
+ *         -1 on error
+*/
+int
+strip_signature_block(const char *src, const char * dest);
+
+/**
+ * Extracts a signature from a MAR file, base64 encodes it, and writes it out
+ *
+ * @param  src       The path of the source MAR file
+ * @param  sigIndex  The index of the signature to extract
+ * @param  dest      The path of file to write the signature to
+ * @return 0 on success
+ *         -1 on error
+*/
+int
+extract_signature(const char *src, uint32_t sigIndex, const char * dest);
+
+/**
+ * Imports a base64 encoded signature into a MAR file
+ *
+ * @param  src           The path of the source MAR file
+ * @param  sigIndex      The index of the signature to import
+ * @param  base64SigFile A file which contains the signature to import
+ * @param  dest          The path of the destination MAR file with replaced signature
+ * @return 0 on success
+ *         -1 on error
+*/
+int
+import_signature(const char *src,
+                 uint32_t sigIndex,
+                 const char * base64SigFile,
+                 const char *dest);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* MAR_CMDLINE_H__ */

onlineupdate/source/libmar/src/mar_extract.c

+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include "mar_private.h"
+#include "mar.h"
+
+#ifdef XP_WIN
+#include <io.h>
+#include <direct.h>
+#endif
+
+/* Ensure that the directory containing this file exists */
+static int mar_ensure_parent_dir(const char *path)
+{
+  char *slash = strrchr(path, '/');
+  if (slash)
+  {
+    *slash = '\0';
+    mar_ensure_parent_dir(path);
+#ifdef XP_WIN
+    _mkdir(path);
+#else
+    mkdir(path, 0755);
+#endif
+    *slash = '/';
+  }
+  return 0;
+}
+
+static int mar_test_callback(MarFile *mar, const MarItem *item, void *unused) {
+  FILE *fp;
+  char buf[BLOCKSIZE];
+  int fd, len, offset = 0;
+
+  if (mar_ensure_parent_dir(item->name))
+    return -1;
+
+#ifdef XP_WIN
+  fd = _open(item->name, _O_BINARY|_O_CREAT|_O_TRUNC|_O_WRONLY, item->flags);
+#else
+  fd = creat(item->name, item->flags);
+#endif
+  if (fd == -1) {
+    fprintf(stderr, "ERROR: could not create file in mar_test_callback()\n");
+    perror(item->name);
+    return -1;
+  }
+
+  fp = fdopen(fd, "wb");
+  if (!fp)
+    return -1;
+
+  while ((len = mar_read(mar, item, offset, buf, sizeof(buf))) > 0) {
+    if (fwrite(buf, len, 1, fp) != 1)
+      break;
+    offset += len;
+  }
+
+  fclose(fp);
+  return len == 0 ? 0 : -1;
+}
+
+int mar_extract(const char *path) {
+  MarFile *mar;
+  int rv;
+
+  mar = mar_open(path);
+  if (!mar)
+    return -1;
+
+  rv = mar_enum_items(mar, mar_test_callback, NULL);
+
+  mar_close(mar);
+  return rv;
+}

onlineupdate/source/libmar/src/mar_private.h

+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef MAR_PRIVATE_H__
+#define MAR_PRIVATE_H__
+
+#include "limits.h"
+#include "mozilla/Assertions.h"
+#include <stdint.h>
+
+#define BLOCKSIZE 4096
+#define ROUND_UP(n, incr) (((n) / (incr) + 1) * (incr))
+
+#define MAR_ID "MAR1"
+#define MAR_ID_SIZE 4
+
+/* The signature block comes directly after the header block
+   which is 16 bytes */
+#define SIGNATURE_BLOCK_OFFSET 16
+
+/* Make sure the file is less than 500MB.  We do this to protect against
+   invalid MAR files. */
+#define MAX_SIZE_OF_MAR_FILE ((int64_t)524288000)
+
+/* Existing code makes assumptions that the file size is
+   smaller than LONG_MAX. */
+MOZ_STATIC_ASSERT(MAX_SIZE_OF_MAR_FILE < ((int64_t)LONG_MAX),
+                  "max mar file size is too big");
+
+/* We store at most the size up to the signature block + 4
+   bytes per BLOCKSIZE bytes */
+MOZ_STATIC_ASSERT(sizeof(BLOCKSIZE) < \
+                  (SIGNATURE_BLOCK_OFFSET + sizeof(uint32_t)),
+                  "BLOCKSIZE is too big");
+
+/* The maximum size of any signature supported by current and future
+   implementations of the signmar program. */
+#define MAX_SIGNATURE_LENGTH 2048
+
+/* Each additional block has a unique ID.
+   The product information block has an ID of 1. */
+#define PRODUCT_INFO_BLOCK_ID 1
+
+#define MAR_ITEM_SIZE(namelen) (3*sizeof(uint32_t) + (namelen) + 1)
+
+/* Product Information Block (PIB) constants */
+#define PIB_MAX_MAR_CHANNEL_ID_SIZE 63
+#define PIB_MAX_PRODUCT_VERSION_SIZE 31
+
+/* The mar program is compiled as a host bin so we don't have access to NSPR at
+   runtime.  For that reason we use ntohl, htonl, and define HOST_TO_NETWORK64
+   instead of the NSPR equivalents. */
+#ifdef XP_WIN
+#include <winsock2.h>
+#define ftello _ftelli64
+#define fseeko _fseeki64
+#else
+#define _FILE_OFFSET_BITS 64
+#include <netinet/in.h>
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+
+#define HOST_TO_NETWORK64(x) ( \
+  ((((uint64_t) x) & 0xFF) << 56) | \
+  ((((uint64_t) x) >> 8) & 0xFF) << 48) | \
+  (((((uint64_t) x) >> 16) & 0xFF) << 40) | \
+  (((((uint64_t) x) >> 24) & 0xFF) << 32) | \
+  (((((uint64_t) x) >> 32) & 0xFF) << 24) | \
+  (((((uint64_t) x) >> 40) & 0xFF) << 16) | \
+  (((((uint64_t) x) >> 48) & 0xFF) << 8) | \
+  (((uint64_t) x) >> 56)
+#define NETWORK_TO_HOST64 HOST_TO_NETWORK64
+
+#endif  /* MAR_PRIVATE_H__ */

onlineupdate/source/libmar/src/moz.build

+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+EXPORTS += [
+    'mar.h',
+    'mar_cmdline.h',
+]
+
+HOST_SOURCES += [
+    'mar_create.c',
+    'mar_extract.c',
+    'mar_read.c',
+]
+HostLibrary('hostmar')
+
+Library('mar')
+
+UNIFIED_SOURCES += [
+    'mar_create.c',
+    'mar_extract.c',
+    'mar_read.c',
+]
+
+FORCE_STATIC_LIB = True
+
+if CONFIG['OS_ARCH'] == 'WINNT':
+    USE_STATIC_LIBS = True

onlineupdate/source/libmar/tool/Makefile.in

+# vim:set ts=8 sw=8 sts=8 noet:
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# The mar executable is output into dist/host/bin since it is something that
+# would only be used by our build system and should not itself be included in a
+# Mozilla distribution.
+
+HOST_CFLAGS += \
+  -DNO_SIGN_VERIFY \
+  $(DEFINES) \
+  $(NULL)
+
+include $(topsrcdir)/config/rules.mk
+
+ifdef CROSS_COMPILE
+ifdef HOST_NSPR_MDCPUCFG
+HOST_CFLAGS += -DMDCPUCFG=$(HOST_NSPR_MDCPUCFG)
+CFLAGS += -DMDCPUCFG=$(HOST_NSPR_MDCPUCFG)
+endif
+endif

onlineupdate/source/libmar/tool/moz.build

+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+HOST_SOURCES += [
+    'mar.c',
+]
+
+HostProgram('mar')
+
+HOST_USE_LIBS += [
+    'hostmar',
+]
+
+if CONFIG['MOZ_ENABLE_SIGNMAR']:
+    Program('signmar')
+
+    SOURCES += HOST_SOURCES
+
+    USE_LIBS += [
+        'mar',
+        'signmar',
+        'verifymar',
+    ]
+
+for var in ('MAR_CHANNEL_ID', 'MOZ_APP_VERSION'):
+    DEFINES[var] = '"%s"' % CONFIG[var]
+
+if CONFIG['MOZ_ENABLE_SIGNMAR']:
+    USE_LIBS += [
+        'nspr',
+        'nss',
+    ]
+else:
+    DEFINES['NO_SIGN_VERIFY'] = True
+
+if CONFIG['OS_ARCH'] == 'WINNT':
+    USE_STATIC_LIBS = True
+
+    OS_LIBS += [
+        'ws2_32',
+    ]
+    if CONFIG['MOZ_ENABLE_SIGNMAR']:
+        OS_LIBS += [
+            'crypt32',
+            'advapi32',
+        ]
+elif CONFIG['OS_ARCH'] == 'Darwin':
+    OS_LIBS += [
+      '-framework Security',
+    ]
+
+if CONFIG['HOST_OS_ARCH'] == 'WINNT':
+    HOST_OS_LIBS += [
+        'ws2_32',
+    ]

onlineupdate/source/libmar/verify/Makefile.in

+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(topsrcdir)/config/rules.mk
+
+# The intermediate (.ii/.s) files for host and target can have the same name...
+# disable parallel builds
+.NOTPARALLEL:

onlineupdate/source/libmar/verify/cryptox.c

+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef XP_WIN
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#include <stdlib.h>
+#include "cryptox.h"
+
+#if defined(MAR_NSS)
+
+/**
+ * Loads the public key for the specified cert name from the NSS store.
+ *
+ * @param certData  The DER-encoded X509 certificate to extract the key from.
+ * @param certDataSize The size of certData.
+ * @param publicKey Out parameter for the public key to use.
+ * @return CryptoX_Success on success, CryptoX_Error on error.
+*/
+CryptoX_Result
+NSS_LoadPublicKey(const unsigned char *certData, unsigned int certDataSize,
+                  SECKEYPublicKey **publicKey)
+{
+  CERTCertificate * cert;
+  SECItem certDataItem = { siBuffer, (unsigned char*) certData, certDataSize };
+
+  if (!certData || !publicKey) {
+    return CryptoX_Error;
+  }
+
+  cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &certDataItem, NULL,
+                                 PR_FALSE, PR_TRUE);
+  /* Get the cert and embedded public key out of the database */
+  if (!cert) {
+    return CryptoX_Error;
+  }
+  *publicKey = CERT_ExtractPublicKey(cert);
+  CERT_DestroyCertificate(cert);
+
+  if (!*publicKey) {
+    return CryptoX_Error;
+  }
+  return CryptoX_Success;
+}
+
+CryptoX_Result
+NSS_VerifyBegin(VFYContext **ctx,
+                SECKEYPublicKey * const *publicKey)
+{
+  SECStatus status;
+  if (!ctx || !publicKey || !*publicKey) {
+    return CryptoX_Error;
+  }
+
+  /* Check that the key length is large enough for our requirements */
+  if ((SECKEY_PublicKeyStrength(*publicKey) * 8) <
+      XP_MIN_SIGNATURE_LEN_IN_BYTES) {
+    fprintf(stderr, "ERROR: Key length must be >= %d bytes\n",
+            XP_MIN_SIGNATURE_LEN_IN_BYTES);
+    return CryptoX_Error;
+  }
+
+  *ctx = VFY_CreateContext(*publicKey, NULL,
+                           SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, NULL);
+  if (*ctx == NULL) {
+    return CryptoX_Error;
+  }
+
+  status = VFY_Begin(*ctx);
+  return SECSuccess == status ? CryptoX_Success : CryptoX_Error;
+}
+
+/**
+ * Verifies if a verify context matches the passed in signature.
+ *
+ * @param ctx          The verify context that the signature should match.
+ * @param signature    The signature to match.
+ * @param signatureLen The length of the signature.
+ * @return CryptoX_Success on success, CryptoX_Error on error.
+*/
+CryptoX_Result
+NSS_VerifySignature(VFYContext * const *ctx,
+                    const unsigned char *signature,
+                    unsigned int signatureLen)
+{
+  SECItem signedItem;
+  SECStatus status;
+  if (!ctx || !signature || !*ctx) {
+    return CryptoX_Error;
+  }
+
+  signedItem.len = signatureLen;
+  signedItem.data = (unsigned char*)signature;
+  status = VFY_EndWithSignature(*ctx, &signedItem);
+  return SECSuccess == status ? CryptoX_Success : CryptoX_Error;
+}
+
+#elif defined(XP_WIN)
+/**
+ * Verifies if a signature + public key matches a hash context.
+ *
+ * @param hash      The hash context that the signature should match.
+ * @param pubKey    The public key to use on the signature.
+ * @param signature The signature to check.
+ * @param signatureLen The length of the signature.
+ * @return CryptoX_Success on success, CryptoX_Error on error.
+*/
+CryptoX_Result
+CyprtoAPI_VerifySignature(HCRYPTHASH *hash,
+                          HCRYPTKEY *pubKey,
+                          const BYTE *signature,
+                          DWORD signatureLen)
+{
+  DWORD i;
+  BOOL result;
+/* Windows APIs expect the bytes in the signature to be in little-endian
+ * order, but we write the signature in big-endian order.  Other APIs like
+ * NSS and OpenSSL expect big-endian order.
+ */
+  BYTE *signatureReversed;
+  if (!hash || !pubKey || !signature || signatureLen < 1) {
+    return CryptoX_Error;
+  }
+
+  signatureReversed = malloc(signatureLen);
+  if (!signatureReversed) {
+    return CryptoX_Error;
+  }
+
+  for (i = 0; i < signatureLen; i++) {
+    signatureReversed[i] = signature[signatureLen - 1 - i];
+  }
+  result = CryptVerifySignature(*hash, signatureReversed,
+                                signatureLen, *pubKey, NULL, 0);
+  free(signatureReversed);
+  return result ? CryptoX_Success : CryptoX_Error;
+}
+
+/**
+ * Obtains the public key for the passed in cert data
+ *
+ * @param provider       The cyrto provider
+ * @param certData       Data of the certificate to extract the public key from
+ * @param sizeOfCertData The size of the certData buffer
+ * @param certStore      Pointer to the handle of the certificate store to use
+ * @param CryptoX_Success on success
+*/
+CryptoX_Result
+CryptoAPI_LoadPublicKey(HCRYPTPROV provider,
+                        BYTE *certData,
+                        DWORD sizeOfCertData,
+                        HCRYPTKEY *publicKey)
+{
+  CRYPT_DATA_BLOB blob;
+  CERT_CONTEXT *context;
+  if (!provider || !certData || !publicKey) {
+    return CryptoX_Error;
+  }
+
+  blob.cbData = sizeOfCertData;
+  blob.pbData = certData;
+  if (!CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &blob,
+                        CERT_QUERY_CONTENT_FLAG_CERT,
+                        CERT_QUERY_FORMAT_FLAG_BINARY,
+                        0, NULL, NULL, NULL,
+                        NULL, NULL, (const void **)&context)) {
+    return CryptoX_Error;
+  }
+
+  if (!CryptImportPublicKeyInfo(provider,
+                                PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+                                &context->pCertInfo->SubjectPublicKeyInfo,
+                                publicKey)) {
+    CertFreeCertificateContext(context);
+    return CryptoX_Error;
+  }
+
+  CertFreeCertificateContext(context);
+  return CryptoX_Success;
+}
+
+/* Try to acquire context in this way:
+  * 1. Enhanced provider without creating a new key set
+  * 2. Enhanced provider with creating a new key set
+  * 3. Default provider without creating a new key set
+  * 4. Default provider without creating a new key set
+  * #2 and #4 should not be needed because of the CRYPT_VERIFYCONTEXT,
+  * but we add it just in case.
+  *
+  * @param provider Out parameter containing the provider handle.
+  * @return CryptoX_Success on success, CryptoX_Error on error.
+ */
+CryptoX_Result
+CryptoAPI_InitCryptoContext(HCRYPTPROV *provider)
+{
+  if (!CryptAcquireContext(provider,
+                           NULL,
+                           MS_ENHANCED_PROV,
+                           PROV_RSA_FULL,
+                           CRYPT_VERIFYCONTEXT)) {
+    if (!CryptAcquireContext(provider,
+                             NULL,
+                             MS_ENHANCED_PROV,
+                             PROV_RSA_FULL,
+                             CRYPT_NEWKEYSET | CRYPT_VERIFYCONTEXT)) {
+      if (!CryptAcquireContext(provider,
+                               NULL,
+                               NULL,
+                               PROV_RSA_FULL,
+                               CRYPT_VERIFYCONTEXT)) {
+        if (!CryptAcquireContext(provider,
+                                 NULL,
+                                 NULL,
+                                 PROV_RSA_FULL,
+                                 CRYPT_NEWKEYSET | CRYPT_VERIFYCONTEXT)) {
+          *provider = CryptoX_InvalidHandleValue;
+          return CryptoX_Error;
+        }
+      }
+    }
+  }
+  return CryptoX_Success;
+}
+
+/**
+  * Begins a signature verification hash context
+  *
+  * @param provider The crypt provider to use
+  * @param hash     Out parameter for a handle to the hash context
+  * @return CryptoX_Success on success, CryptoX_Error on error.
+*/
+CryptoX_Result
+CryptoAPI_VerifyBegin(HCRYPTPROV provider, HCRYPTHASH* hash)
+{
+  BOOL result;
+  if (!provider || !hash) {
+    return CryptoX_Error;
+  }
+
+  *hash = (HCRYPTHASH)NULL;
+  result = CryptCreateHash(provider, CALG_SHA1,
+                           0, 0, hash);
+  return result ? CryptoX_Success : CryptoX_Error;
+}
+
+/**
+  * Updates a signature verification hash context
+  *
+  * @param hash The hash context to udpate
+  * @param buf  The buffer to update the hash context with
+  * @param len The size of the passed in buffer
+  * @return CryptoX_Success on success, CryptoX_Error on error.
+*/
+CryptoX_Result
+CryptoAPI_VerifyUpdate(HCRYPTHASH* hash, BYTE *buf, DWORD len)
+{
+  BOOL result;
+  if (!hash || !buf) {
+    return CryptoX_Error;
+  }
+
+  result = CryptHashData(*hash, buf, len, 0);
+  return result ? CryptoX_Success : CryptoX_Error;
+}
+
+#endif
+
+
+

onlineupdate/source/libmar/verify/cryptox.h

+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CRYPTOX_H
+#define CRYPTOX_H
+
+#define XP_MIN_SIGNATURE_LEN_IN_BYTES 256
+
+#define CryptoX_Result int
+#define CryptoX_Success 0
+#define CryptoX_Error (-1)
+#define CryptoX_Succeeded(X) ((X) == CryptoX_Success)
+#define CryptoX_Failed(X) ((X) != CryptoX_Success)
+
+#if defined(MAR_NSS)
+
+#include "cert.h"
+#include "keyhi.h"
+#include "cryptohi.h"
+
+#define CryptoX_InvalidHandleValue NULL
+#define CryptoX_ProviderHandle void*
+#define CryptoX_SignatureHandle VFYContext *
+#define CryptoX_PublicKey SECKEYPublicKey *
+#define CryptoX_Certificate CERTCertificate *
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+CryptoX_Result NSS_LoadPublicKey(const unsigned char* certData,
+                                 unsigned int certDataSize,
+                                 SECKEYPublicKey** publicKey);
+CryptoX_Result NSS_VerifyBegin(VFYContext **ctx,
+                               SECKEYPublicKey * const *publicKey);
+CryptoX_Result NSS_VerifySignature(VFYContext * const *ctx ,
+                                   const unsigned char *signature,
+                                   unsigned int signatureLen);
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#define CryptoX_InitCryptoProvider(CryptoHandle) \
+  CryptoX_Success
+#define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \
+  NSS_VerifyBegin(SignatureHandle, PublicKey)
+#define CryptoX_FreeSignatureHandle(SignatureHandle) \
+  VFY_DestroyContext(*SignatureHandle, PR_TRUE)
+#define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \
+  VFY_Update(*SignatureHandle, (const unsigned char*)(buf), len)
+#define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \
+  NSS_LoadPublicKey(certData, dataSize, publicKey)
+#define CryptoX_VerifySignature(hash, publicKey, signedData, len) \
+  NSS_VerifySignature(hash, (const unsigned char *)(signedData), len)
+#define CryptoX_FreePublicKey(key) \
+  SECKEY_DestroyPublicKey(*key)
+#define CryptoX_FreeCertificate(cert) \
+  CERT_DestroyCertificate(*cert)
+
+#elif XP_MACOSX
+
+#define CryptoX_InvalidHandleValue NULL
+#define CryptoX_ProviderHandle void*
+#define CryptoX_SignatureHandle void*
+#define CryptoX_PublicKey void*
+#define CryptoX_Certificate void*
+
+// Forward-declare Objective-C functions implemented in MacVerifyCrypto.mm.
+#ifdef __cplusplus
+extern "C" {
+#endif
+CryptoX_Result CryptoMac_InitCryptoProvider();
+CryptoX_Result CryptoMac_VerifyBegin(CryptoX_SignatureHandle* aInputData);
+CryptoX_Result CryptoMac_VerifyUpdate(CryptoX_SignatureHandle* aInputData,
+                                      void* aBuf, unsigned int aLen);
+CryptoX_Result CryptoMac_LoadPublicKey(const unsigned char* aCertData,
+                                       unsigned int aDataSize,
+                                       CryptoX_PublicKey* aPublicKey);
+CryptoX_Result CryptoMac_VerifySignature(CryptoX_SignatureHandle* aInputData,
+                                         CryptoX_PublicKey* aPublicKey,
+                                         const unsigned char* aSignature,
+                                         unsigned int aSignatureLen);
+void CryptoMac_FreeSignatureHandle(CryptoX_SignatureHandle* aInputData);
+void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey);
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#define CryptoX_InitCryptoProvider(aProviderHandle) \
+  CryptoMac_InitCryptoProvider()
+#define CryptoX_VerifyBegin(aCryptoHandle, aInputData, aPublicKey) \
+  CryptoMac_VerifyBegin(aInputData)
+#define CryptoX_VerifyUpdate(aInputData, aBuf, aLen) \
+  CryptoMac_VerifyUpdate(aInputData, aBuf, aLen)
+#define CryptoX_LoadPublicKey(aProviderHandle, aCertData, aDataSize, \
+                              aPublicKey) \
+  CryptoMac_LoadPublicKey(aCertData, aDataSize, aPublicKey)
+#define CryptoX_VerifySignature(aInputData, aPublicKey, aSignature, \
+                                aSignatureLen) \
+  CryptoMac_VerifySignature(aInputData, aPublicKey, aSignature, aSignatureLen)
+#define CryptoX_FreeSignatureHandle(aInputData) \
+  CryptoMac_FreeSignatureHandle(aInputData)
+#define CryptoX_FreePublicKey(aPublicKey) \
+  CryptoMac_FreePublicKey(aPublicKey)
+#define CryptoX_FreeCertificate(aCertificate)
+
+#elif defined(XP_WIN)
+
+#include <windows.h>
+#include <wincrypt.h>
+
+CryptoX_Result CryptoAPI_InitCryptoContext(HCRYPTPROV *provider);
+CryptoX_Result CryptoAPI_LoadPublicKey(HCRYPTPROV hProv,
+                                       BYTE *certData,
+                                       DWORD sizeOfCertData,
+                                       HCRYPTKEY *publicKey);
+CryptoX_Result CryptoAPI_VerifyBegin(HCRYPTPROV provider, HCRYPTHASH* hash);
+CryptoX_Result CryptoAPI_VerifyUpdate(HCRYPTHASH* hash,
+                                      BYTE *buf, DWORD len);
+CryptoX_Result CyprtoAPI_VerifySignature(HCRYPTHASH *hash,
+                                         HCRYPTKEY *pubKey,
+                                         const BYTE *signature,
+                                         DWORD signatureLen);
+
+#define CryptoX_InvalidHandleValue ((ULONG_PTR)NULL)
+#define CryptoX_ProviderHandle HCRYPTPROV
+#define CryptoX_SignatureHandle HCRYPTHASH
+#define CryptoX_PublicKey HCRYPTKEY
+#define CryptoX_Certificate HCERTSTORE
+#define CryptoX_InitCryptoProvider(CryptoHandle) \
+  CryptoAPI_InitCryptoContext(CryptoHandle)
+#define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \
+  CryptoAPI_VerifyBegin(CryptoHandle, SignatureHandle)
+#define CryptoX_FreeSignatureHandle(SignatureHandle)
+#define CryptoX_VerifyUpdate(SignatureHandle, buf, len) \
+  CryptoAPI_VerifyUpdate(SignatureHandle, (BYTE *)(buf), len)
+#define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \
+  CryptoAPI_LoadPublicKey(CryptoHandle, (BYTE*)(certData), dataSize, publicKey)
+#define CryptoX_VerifySignature(hash, publicKey, signedData, len) \
+  CyprtoAPI_VerifySignature(hash, publicKey, signedData, len)
+#define CryptoX_FreePublicKey(key) \
+  CryptDestroyKey(*(key))
+#define CryptoX_FreeCertificate(cert) \
+  CertCloseStore(*(cert), CERT_CLOSE_STORE_FORCE_FLAG);
+
+#else
+
+/* This default implementation is necessary because we don't want to
+ * link to NSS from updater code on non Windows platforms.  On Windows
+ * we use CyrptoAPI instead of NSS.  We don't call any function as they
+ * would just fail, but this simplifies linking.
+ */
+
+#define CryptoX_InvalidHandleValue NULL
+#define CryptoX_ProviderHandle void*
+#define CryptoX_SignatureHandle void*
+#define CryptoX_PublicKey void*
+#define CryptoX_Certificate void*
+#define CryptoX_InitCryptoProvider(CryptoHandle) \
+  CryptoX_Error
+#define CryptoX_VerifyBegin(CryptoHandle, SignatureHandle, PublicKey) \
+  CryptoX_Error
+#define CryptoX_FreeSignatureHandle(SignatureHandle)
+#define CryptoX_VerifyUpdate(SignatureHandle, buf, len) CryptoX_Error
+#define CryptoX_LoadPublicKey(CryptoHandle, certData, dataSize, publicKey) \
+  CryptoX_Error
+#define CryptoX_VerifySignature(hash, publicKey, signedData, len) CryptoX_Error
+#define CryptoX_FreePublicKey(key) CryptoX_Error
+
+#endif
+
+#endif

onlineupdate/source/libmar/verify/moz.build

+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Library('verifymar')
+
+UNIFIED_SOURCES += [
+    'cryptox.c',
+    'mar_verify.c',
+]
+
+FORCE_STATIC_LIB = True
+
+if CONFIG['OS_ARCH'] == 'WINNT':
+    USE_STATIC_LIBS = True
+elif CONFIG['OS_ARCH'] == 'Darwin':
+    UNIFIED_SOURCES += [
+      'MacVerifyCrypto.cpp',
+    ]
+    OS_LIBS += [
+      '-framework Security',
+    ]
+else:
+    DEFINES['MAR_NSS'] = True
+    LOCAL_INCLUDES += ['../sign']
+
+LOCAL_INCLUDES += [
+    '../src',
+]
+

onlineupdate/source/update/common/errors.h

+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef Errors_h__
+#define Errors_h__
+
+#define OK 0
+
+// Error codes that are no longer used should not be used again unless they
+// aren't used in client code (e.g. nsUpdateService.js, updates.js,
+// UpdatePrompt.js, etc.).
+
+#define MAR_ERROR_EMPTY_ACTION_LIST 1
+#define LOADSOURCE_ERROR_WRONG_SIZE 2
+
+// Error codes 3-16 are for general update problems.
+#define USAGE_ERROR 3
+#define CRC_ERROR 4
+#define PARSE_ERROR 5
+#define READ_ERROR 6
+#define WRITE_ERROR 7
+// #define UNEXPECTED_ERROR 8 // Replaced with errors 38-42
+#define ELEVATION_CANCELED 9
+#define READ_STRINGS_MEM_ERROR 10
+#define ARCHIVE_READER_MEM_ERROR 11
+#define BSPATCH_MEM_ERROR 12
+#define UPDATER_MEM_ERROR 13
+#define UPDATER_QUOTED_PATH_MEM_ERROR 14
+#define BAD_ACTION_ERROR 15
+#define STRING_CONVERSION_ERROR 16
+
+// Error codes 17-23 are related to security tasks for MAR
+// signing and MAR protection.
+#define CERT_LOAD_ERROR 17
+#define CERT_HANDLING_ERROR 18
+#define CERT_VERIFY_ERROR 19
+#define ARCHIVE_NOT_OPEN 20
+#define COULD_NOT_READ_PRODUCT_INFO_BLOCK_ERROR 21
+#define MAR_CHANNEL_MISMATCH_ERROR 22
+#define VERSION_DOWNGRADE_ERROR 23
+
+// Error codes 24-33 and 49-51 are for the Windows maintenance service.
+#define SERVICE_UPDATER_COULD_NOT_BE_STARTED 24
+#define SERVICE_NOT_ENOUGH_COMMAND_LINE_ARGS 25
+#define SERVICE_UPDATER_SIGN_ERROR 26
+#define SERVICE_UPDATER_COMPARE_ERROR 27
+#define SERVICE_UPDATER_IDENTITY_ERROR 28
+#define SERVICE_STILL_APPLYING_ON_SUCCESS 29
+#define SERVICE_STILL_APPLYING_ON_FAILURE 30
+#define SERVICE_UPDATER_NOT_FIXED_DRIVE 31
+#define SERVICE_COULD_NOT_LOCK_UPDATER 32
+#define SERVICE_INSTALLDIR_ERROR 33
+
+#define NO_INSTALLDIR_ERROR 34
+#define WRITE_ERROR_ACCESS_DENIED 35
+// #define WRITE_ERROR_SHARING_VIOLATION 36 // Replaced with errors 46-48
+#define WRITE_ERROR_CALLBACK_APP 37
+#define UNEXPECTED_BZIP_ERROR 39
+#define UNEXPECTED_MAR_ERROR 40
+#define UNEXPECTED_BSPATCH_ERROR 41
+#define UNEXPECTED_FILE_OPERATION_ERROR 42
+#define FILESYSTEM_MOUNT_READWRITE_ERROR 43
+#define DELETE_ERROR_EXPECTED_DIR 46
+#define DELETE_ERROR_EXPECTED_FILE 47
+#define RENAME_ERROR_EXPECTED_FILE 48
+
+// Error codes 24-33 and 49-51 are for the Windows maintenance service.
+#define SERVICE_COULD_NOT_COPY_UPDATER 49
+#define SERVICE_STILL_APPLYING_TERMINATED 50
+#define SERVICE_STILL_APPLYING_NO_EXIT_CODE 51
+
+#define WRITE_ERROR_FILE_COPY 61
+#define WRITE_ERROR_DELETE_FILE 62
+#define WRITE_ERROR_OPEN_PATCH_FILE 63
+#define WRITE_ERROR_PATCH_FILE 64
+#define WRITE_ERROR_APPLY_DIR_PATH 65
+#define WRITE_ERROR_CALLBACK_PATH 66
+#define WRITE_ERROR_FILE_ACCESS_DENIED 67
+#define WRITE_ERROR_DIR_ACCESS_DENIED 68
+#define WRITE_ERROR_DELETE_BACKUP 69
+#define WRITE_ERROR_EXTRACT 70
+
+// Error codes 80 through 99 are reserved for nsUpdateService.js
+
+// The following error codes are only used by updater.exe
+// when a fallback key exists for tests.
+#define FALLBACKKEY_UNKNOWN_ERROR 100
+#define FALLBACKKEY_REGPATH_ERROR 101
+#define FALLBACKKEY_NOKEY_ERROR 102
+#define FALLBACKKEY_SERVICE_NO_STOP_ERROR 103
+#define FALLBACKKEY_LAUNCH_ERROR 104
+
+#endif  // Errors_h__

onlineupdate/source/update/common/moz.build

+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+EXPORTS += [
+    'readstrings.h',
+    'updatedefines.h',
+    'updatelogging.h',
+]
+
+if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'windows':
+    EXPORTS += [
+        'pathhash.h',
+        'uachelper.h',
+        'updatehelper.cpp',
+        'updatehelper.h',
+    ]
+
+Library('updatecommon')
+
+srcdir = '.'
+
+include('sources.mozbuild')
+
+FINAL_LIBRARY = 'xul'
+
+FAIL_ON_WARNINGS = True

onlineupdate/source/update/common/pathhash.h

+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _PATHHASH_H_
+#define _PATHHASH_H_
+
+/**
+ * Converts a file path into a unique registry location for cert storage
+ *
+ * @param  filePath     The input file path to get a registry path from
+ * @param  registryPath A buffer to write the registry path to, must
+ *                      be of size in WCHARs MAX_PATH + 1
+ * @return TRUE if successful
+*/
+BOOL CalculateRegistryPathFromFilePath(const LPCWSTR filePath,
+                                       LPWSTR registryPath);
+
+#endif

onlineupdate/source/update/common/sources.mozbuild

+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+sources = []
+
+if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'windows':
+    sources += [
+        'pathhash.cpp',
+        'uachelper.cpp',
+        'updatehelper.cpp',
+    ]
+
+sources += [
+    'readstrings.cpp',
+    'updatelogging.cpp',
+]
+
+SOURCES += sorted(['%s/%s' % (srcdir, s) for s in sources])