Commit 368924d1 authored by Kathleen Brade's avatar Kathleen Brade Committed by Mike Perry
Browse files

Bug 13379: Sign our MAR files (backport Mozilla patches). 

Backport reviewed patches from these two Mozilla bugs:
903135 - Link updater to NSS and enable MAR verification on Linux and OSX
903126 - Implement a platform independent way to determine which cert to use
	   for verifying mars
Configure browser build with --enable-signmar and --enable-verify-mar.
parent 99d51e21

browser/confvars.sh

+5 −0
Original line number Diff line number Diff line
@@ -8,6 +8,11 @@ MOZ_APP_VENDOR=Mozilla 
MOZ_UPDATER=1

MOZ_PHOENIX=1



MOZ_VERIFY_MAR_SIGNATURE=1



# Enable building ./signmar and running libmar signature tests

MOZ_ENABLE_SIGNMAR=1



MOZ_CHROME_FILE_FORMAT=omni

MOZ_DISABLE_EXPORT_JS=1

MOZ_SAFE_BROWSING=1

configure.in

+1 −5
Original line number Diff line number Diff line
@@ -6351,11 +6351,7 @@ MOZ_ARG_ENABLE_BOOL(verify-mar, 
    MOZ_VERIFY_MAR_SIGNATURE= )



if test -n "$MOZ_VERIFY_MAR_SIGNATURE"; then

  if test "$OS_ARCH" = "WINNT"; then

  AC_DEFINE(MOZ_VERIFY_MAR_SIGNATURE)

  else

    AC_MSG_ERROR([Can only build with --enable-verify-mar with a Windows target])

  fi

fi



dnl ========================================================

modules/libmar/moz.build

+1 −5
Original line number Diff line number Diff line
@@ -9,11 +9,7 @@ DIRS += ['src'] 
if CONFIG['MOZ_ENABLE_SIGNMAR']:

    DIRS += ['sign', 'verify']

    TEST_DIRS += ['tests']

elif CONFIG['OS_ARCH'] == 'WINNT':

    # On Windows we don't verify with NSS and updater needs to link to it

    DIRS += ['verify']

elif CONFIG['OS_ARCH'] == 'Darwin':

    # On OSX we don't verify with NSS and updater needs to link to it.

elif CONFIG['MOZ_VERIFY_MAR_SIGNATURE']:

    DIRS += ['verify']



# If we are building ./sign and ./verify then ./tool must come after it

modules/libmar/src/mar.h

+24 −6
Original line number Diff line number Diff line
@@ -134,6 +134,26 @@ int mar_create(const char *dest, 
 */

int mar_extract(const char *path);



#define MAR_MAX_CERT_SIZE (16*1024) // Way larger than necessary



/* Read the entire file (not a MAR file) into a newly-allocated buffer.

 * This function does not write to stderr. Instead, the caller should

 * write whatever error messages it sees fit. The caller must free the returned

 * buffer using free().

 *

 * @param filePath The path to the file that should be read.

 * @param maxSize  The maximum valid file size.

 * @param data     On success, *data will point to a newly-allocated buffer

 *                 with the file's contents in it.

 * @param size     On success, *size will be the size of the created buffer.

 * 

 * @return 0 on success, -1 on error

 */

int mar_read_entire_file(const char * filePath,

                         uint32_t maxSize,

                         /*out*/ const uint8_t * *data,

                         /*out*/ uint32_t *size);



/**

 * Verifies a MAR file by verifying each signature with the corresponding

 * certificate. That is, the first signature will be verified using the first
@@ -154,12 +174,10 @@ int mar_extract(const char *path); 
 *         a negative number if there was an error

 *         a positive number if the signature does not verify

 */

#ifdef XP_WIN

int mar_verify_signaturesW(MarFile *mar,

int mar_verify_signatures(MarFile *mar,

                          const uint8_t * const *certData,

                          const uint32_t *certDataSizes,

                          uint32_t certCount);

#endif



/** 

 * Reads the product info block from the MAR file's additional block section.

modules/libmar/src/mar_cmdline.h

+0 −32
Original line number Diff line number Diff line
@@ -38,38 +38,6 @@ int get_mar_file_info(const char *path, 
                      uint32_t *offsetAdditionalBlocks,

                      uint32_t *numAdditionalBlocks);



/**

 * Verifies a MAR file by verifying each signature with the corresponding

 * certificate. That is, the first signature will be verified using the first

 * certificate given, the second signature will be verified using the second

 * certificate given, etc. The signature count must exactly match the number of

 * certificates given, and all signature verifications must succeed.

 * This is only used by the signmar program when used with arguments to verify 

 * a MAR. This should not be used to verify a MAR that will be extracted in the 

 * same operation by updater code. This function prints the error message if 

 * verification fails.

 * 

 * @param pathToMAR     The path of the MAR file whose signature should be

 *                      checked

 * @param certData      Pointer to the first element in an array of certificate

 *                      file data.

 * @param certDataSizes Pointer to the first element in an array for size of

 *                      the cert data.

 * @param certNames     Pointer to the first element in an array of certificate

 *                      names.

 *                      Used only if compiled with NSS support

 * @param certCount     The number of elements in certData, certDataSizes,

 *                      and certNames

 * @return 0 on success

 *         a negative number if there was an error

 *         a positive number if the signature does not verify

 */

int mar_verify_signatures(const char *pathToMAR,

                          const uint8_t * const *certData,

                          const uint32_t *certDataSizes,

                          const char * const *certNames,

                          uint32_t certCount);



/** 

 * Reads the product info block from the MAR file's additional block section.

 * The caller is responsible for freeing the fields in infoBlock