Home Explore Help
Register Sign In
leon
/
RunGame
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 89c13859f3
Branches Tags
RunGame
/
Classes
/
SDK
/
HTTP
/
SSZipArchive
/
minizip
/
mz_crypt_apple.c

mz_crypt_apple.c 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532 
  1. /* mz_crypt_apple.c -- Crypto/hash functions for Apple
    2. 

  2.    Version 2.9.2, February 12, 2020
    3. 

  3.    part of the MiniZip project
    4. 

  4. 

  5.    Copyright (C) 2010-2020 Nathan Moinvaziri
    6. 

  6.      https://github.com/nmoinvaz/minizip
    7. 

  7. 

  8.    This program is distributed under the terms of the same license as zlib.
    9. 

  9.    See the accompanying LICENSE file for the full text of the license.
    10. 

  10. */
    11. 

  11. 

  12. 

  13. #include "mz.h"
    14. 

  14. 

  15. #include <CoreFoundation/CoreFoundation.h>
    16. 

  16. #include <CommonCrypto/CommonCryptor.h>
    17. 

  17. #include <CommonCrypto/CommonDigest.h>
    18. 

  18. #include <CommonCrypto/CommonHMAC.h>
    19. 

  19. #include <Security/Security.h>
    20. 

  20. #include <Security/SecPolicy.h>
    21. 

  21. 

  22. /***************************************************************************/
    23. 

  23. 

  24. int32_t mz_crypt_rand(uint8_t *buf, int32_t size)
    25. 

  25. {
    26. 

  26.     if (SecRandomCopyBytes(kSecRandomDefault, size, buf) != errSecSuccess)
    27. 

  27.         return 0;
    28. 

  28.     return size;
    29. 

  29. }
    30. 

  30. 

  31. /***************************************************************************/
    32. 

  32. 

  33. typedef struct mz_crypt_sha_s {
    34. 

  34.     CC_SHA1_CTX     ctx1;
    35. 

  35.     CC_SHA256_CTX   ctx256;
    36. 

  36.     int32_t         error;
    37. 

  37.     int32_t         initialized;
    38. 

  38.     uint16_t        algorithm;
    39. 

  39. } mz_crypt_sha;
    40. 

  40. 

  41. /***************************************************************************/
    42. 

  42. 

  43. void mz_crypt_sha_reset(void *handle)
    44. 

  44. {
    45. 

  45.     mz_crypt_sha *sha = (mz_crypt_sha *)handle;
    46. 

  46. 

  47.     sha->error = 0;
    48. 

  48.     sha->initialized = 0;
    49. 

  49. }
    50. 

  50. 

  51. int32_t mz_crypt_sha_begin(void *handle)
    52. 

  52. {
    53. 

  53.     mz_crypt_sha *sha = (mz_crypt_sha *)handle;
    54. 

  54. 

  55.     if (sha == NULL)
    56. 

  56.         return MZ_PARAM_ERROR;
    57. 

  57. 

  58.     mz_crypt_sha_reset(handle);
    59. 

  59. 

  60.     if (sha->algorithm == MZ_HASH_SHA1)
    61. 

  61.         sha->error = CC_SHA1_Init(&sha->ctx1);
    62. 

  62.     else if (sha->algorithm == MZ_HASH_SHA256)
    63. 

  63.         sha->error = CC_SHA256_Init(&sha->ctx256);
    64. 

  64.     else
    65. 

  65.         return MZ_PARAM_ERROR;
    66. 

  66. 

  67.     if (!sha->error)
    68. 

  68.         return MZ_HASH_ERROR;
    69. 

  69. 

  70.     sha->initialized = 1;
    71. 

  71.     return MZ_OK;
    72. 

  72. }
    73. 

  73. 

  74. int32_t mz_crypt_sha_update(void *handle, const void *buf, int32_t size)
    75. 

  75. {
    76. 

  76.     mz_crypt_sha *sha = (mz_crypt_sha *)handle;
    77. 

  77. 

  78.     if (sha == NULL || buf == NULL || !sha->initialized)
    79. 

  79.         return MZ_PARAM_ERROR;
    80. 

  80. 

  81.     if (sha->algorithm == MZ_HASH_SHA1)
    82. 

  82.         sha->error = CC_SHA1_Update(&sha->ctx1, buf, size);
    83. 

  83.     else
    84. 

  84.         sha->error = CC_SHA256_Update(&sha->ctx256, buf, size);
    85. 

  85. 

  86.     if (!sha->error)
    87. 

  87.         return MZ_HASH_ERROR;
    88. 

  88. 

  89.     return size;
    90. 

  90. }
    91. 

  91. 

  92. int32_t mz_crypt_sha_end(void *handle, uint8_t *digest, int32_t digest_size)
    93. 

  93. {
    94. 

  94.     mz_crypt_sha *sha = (mz_crypt_sha *)handle;
    95. 

  95. 

  96.     if (sha == NULL || digest == NULL || !sha->initialized)
    97. 

  97.         return MZ_PARAM_ERROR;
    98. 

  98. 

  99.     if (sha->algorithm == MZ_HASH_SHA1)
    100. 

  100.     {
    101. 

  101.         if (digest_size < MZ_HASH_SHA1_SIZE)
    102. 

  102.             return MZ_BUF_ERROR;
    103. 

  103.         sha->error = CC_SHA1_Final(digest, &sha->ctx1);
    104. 

  104.     }
    105. 

  105.     else
    106. 

  106.     {
    107. 

  107.         if (digest_size < MZ_HASH_SHA256_SIZE)
    108. 

  108.             return MZ_BUF_ERROR;
    109. 

  109.         sha->error = CC_SHA256_Final(digest, &sha->ctx256);
    110. 

  110.     }
    111. 

  111. 

  112.     if (!sha->error)
    113. 

  113.         return MZ_HASH_ERROR;
    114. 

  114. 

  115.     return MZ_OK;
    116. 

  116. }
    117. 

  117. 

  118. void mz_crypt_sha_set_algorithm(void *handle, uint16_t algorithm)
    119. 

  119. {
    120. 

  120.     mz_crypt_sha *sha = (mz_crypt_sha *)handle;
    121. 

  121.     sha->algorithm = algorithm;
    122. 

  122. }
    123. 

  123. 

  124. void *mz_crypt_sha_create(void **handle)
    125. 

  125. {
    126. 

  126.     mz_crypt_sha *sha = NULL;
    127. 

  127. 

  128.     sha = (mz_crypt_sha *)MZ_ALLOC(sizeof(mz_crypt_sha));
    129. 

  129.     if (sha != NULL)
    130. 

  130.     {
    131. 

  131.         memset(sha, 0, sizeof(mz_crypt_sha));
    132. 

  132.         sha->algorithm = MZ_HASH_SHA256;
    133. 

  133.     }
    134. 

  134.     if (handle != NULL)
    135. 

  135.         *handle = sha;
    136. 

  136. 

  137.     return sha;
    138. 

  138. }
    139. 

  139. 

  140. void mz_crypt_sha_delete(void **handle)
    141. 

  141. {
    142. 

  142.     mz_crypt_sha *sha = NULL;
    143. 

  143.     if (handle == NULL)
    144. 

  144.         return;
    145. 

  145.     sha = (mz_crypt_sha *)*handle;
    146. 

  146.     if (sha != NULL)
    147. 

  147.     {
    148. 

  148.         mz_crypt_sha_reset(*handle);
    149. 

  149.         MZ_FREE(sha);
    150. 

  150.     }
    151. 

  151.     *handle = NULL;
    152. 

  152. }
    153. 

  153. 

  154. /***************************************************************************/
    155. 

  155. 

  156. typedef struct mz_crypt_aes_s {
    157. 

  157.     CCCryptorRef crypt;
    158. 

  158.     int32_t      mode;
    159. 

  159.     int32_t      error;
    160. 

  160. } mz_crypt_aes;
    161. 

  161. 

  162. /***************************************************************************/
    163. 

  163. 

  164. void mz_crypt_aes_reset(void *handle)
    165. 

  165. {
    166. 

  166.     mz_crypt_aes *aes = (mz_crypt_aes *)handle;
    167. 

  167. 

  168.     if (aes->crypt != NULL)
    169. 

  169.         CCCryptorRelease(aes->crypt);
    170. 

  170.     aes->crypt = NULL;
    171. 

  171. }
    172. 

  172. 

  173. int32_t mz_crypt_aes_encrypt(void *handle, uint8_t *buf, int32_t size)
    174. 

  174. {
    175. 

  175.     mz_crypt_aes *aes = (mz_crypt_aes *)handle;
    176. 

  176.     size_t data_moved = 0;
    177. 

  177. 

  178.     if (aes == NULL || buf == NULL)
    179. 

  179.         return MZ_PARAM_ERROR;
    180. 

  180.     if (size != MZ_AES_BLOCK_SIZE)
    181. 

  181.         return MZ_PARAM_ERROR;
    182. 

  182. 

  183.     aes->error = CCCryptorUpdate(aes->crypt, buf, size, buf, size, &data_moved);
    184. 

  184. 

  185.     if (aes->error != kCCSuccess)
    186. 

  186.         return MZ_HASH_ERROR;
    187. 

  187. 

  188.     return size;
    189. 

  189. }
    190. 

  190. 

  191. int32_t mz_crypt_aes_decrypt(void *handle, uint8_t *buf, int32_t size)
    192. 

  192. {
    193. 

  193.     mz_crypt_aes *aes = (mz_crypt_aes *)handle;
    194. 

  194.     size_t data_moved = 0;
    195. 

  195. 

  196.     if (aes == NULL || buf == NULL)
    197. 

  197.         return MZ_PARAM_ERROR;
    198. 

  198.     if (size != MZ_AES_BLOCK_SIZE)
    199. 

  199.         return MZ_PARAM_ERROR;
    200. 

  200. 

  201.     aes->error = CCCryptorUpdate(aes->crypt, buf, size, buf, size, &data_moved);
    202. 

  202. 

  203.     if (aes->error != kCCSuccess)
    204. 

  204.         return MZ_HASH_ERROR;
    205. 

  205. 

  206.     return size;
    207. 

  207. }
    208. 

  208. 

  209. int32_t mz_crypt_aes_set_encrypt_key(void *handle, const void *key, int32_t key_length)
    210. 

  210. {
    211. 

  211.     mz_crypt_aes *aes = (mz_crypt_aes *)handle;
    212. 

  212. 

  213. 

  214.     if (aes == NULL || key == NULL || key_length == 0)
    215. 

  215.         return MZ_PARAM_ERROR;
    216. 

  216. 

  217.     mz_crypt_aes_reset(handle);
    218. 

  218. 

  219.     aes->error = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES, kCCOptionECBMode,
    220. 

  220.         key, key_length, NULL, &aes->crypt);
    221. 

  221. 

  222.     if (aes->error != kCCSuccess)
    223. 

  223.         return MZ_HASH_ERROR;
    224. 

  224. 

  225.     return MZ_OK;
    226. 

  226. }
    227. 

  227. 

  228. int32_t mz_crypt_aes_set_decrypt_key(void *handle, const void *key, int32_t key_length)
    229. 

  229. {
    230. 

  230.     mz_crypt_aes *aes = (mz_crypt_aes *)handle;
    231. 

  231. 

  232. 

  233.     if (aes == NULL || key == NULL || key_length == 0)
    234. 

  234.         return MZ_PARAM_ERROR;
    235. 

  235. 

  236.     mz_crypt_aes_reset(handle);
    237. 

  237. 

  238.     aes->error = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES, kCCOptionECBMode,
    239. 

  239.         key, key_length, NULL, &aes->crypt);
    240. 

  240. 

  241.     if (aes->error != kCCSuccess)
    242. 

  242.         return MZ_HASH_ERROR;
    243. 

  243. 

  244.     return MZ_OK;
    245. 

  245. }
    246. 

  246. 

  247. void mz_crypt_aes_set_mode(void *handle, int32_t mode)
    248. 

  248. {
    249. 

  249.     mz_crypt_aes *aes = (mz_crypt_aes *)handle;
    250. 

  250.     aes->mode = mode;
    251. 

  251. }
    252. 

  252. 

  253. void *mz_crypt_aes_create(void **handle)
    254. 

  254. {
    255. 

  255.     mz_crypt_aes *aes = NULL;
    256. 

  256. 

  257.     aes = (mz_crypt_aes *)MZ_ALLOC(sizeof(mz_crypt_aes));
    258. 

  258.     if (aes != NULL)
    259. 

  259.         memset(aes, 0, sizeof(mz_crypt_aes));
    260. 

  260.     if (handle != NULL)
    261. 

  261.         *handle = aes;
    262. 

  262. 

  263.     return aes;
    264. 

  264. }
    265. 

  265. 

  266. void mz_crypt_aes_delete(void **handle)
    267. 

  267. {
    268. 

  268.     mz_crypt_aes *aes = NULL;
    269. 

  269.     if (handle == NULL)
    270. 

  270.         return;
    271. 

  271.     aes = (mz_crypt_aes *)*handle;
    272. 

  272.     if (aes != NULL)
    273. 

  273.     {
    274. 

  274.         mz_crypt_aes_reset(*handle);
    275. 

  275.         MZ_FREE(aes);
    276. 

  276.     }
    277. 

  277.     *handle = NULL;
    278. 

  278. }
    279. 

  279. 

  280. /***************************************************************************/
    281. 

  281. 

  282. typedef struct mz_crypt_hmac_s {
    283. 

  283.     CCHmacContext   ctx;
    284. 

  284.     int32_t         initialized;
    285. 

  285.     int32_t         error;
    286. 

  286.     uint16_t        algorithm;
    287. 

  287. } mz_crypt_hmac;
    288. 

  288. 

  289. /***************************************************************************/
    290. 

  290. 

  291. static void mz_crypt_hmac_free(void *handle)
    292. 

  292. {
    293. 

  293.     mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
    294. 

  294.     memset(&hmac->ctx, 0, sizeof(hmac->ctx));
    295. 

  295. }
    296. 

  296. 

  297. void mz_crypt_hmac_reset(void *handle)
    298. 

  298. {
    299. 

  299.     mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
    300. 

  300.     mz_crypt_hmac_free(handle);
    301. 

  301.     hmac->error = 0;
    302. 

  302. }
    303. 

  303. 

  304. int32_t mz_crypt_hmac_init(void *handle, const void *key, int32_t key_length)
    305. 

  305. {
    306. 

  306.     mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
    307. 

  307.     CCHmacAlgorithm algorithm = 0;
    308. 

  308. 

  309.     if (hmac == NULL || key == NULL)
    310. 

  310.         return MZ_PARAM_ERROR;
    311. 

  311. 

  312.     mz_crypt_hmac_reset(handle);
    313. 

  313. 

  314.     if (hmac->algorithm == MZ_HASH_SHA1)
    315. 

  315.         algorithm = kCCHmacAlgSHA1;
    316. 

  316.     else if (hmac->algorithm == MZ_HASH_SHA256)
    317. 

  317.         algorithm = kCCHmacAlgSHA256;
    318. 

  318.     else
    319. 

  319.         return MZ_PARAM_ERROR;
    320. 

  320. 

  321.     CCHmacInit(&hmac->ctx, algorithm, key, key_length);
    322. 

  322.     return MZ_OK;
    323. 

  323. }
    324. 

  324. 

  325. int32_t mz_crypt_hmac_update(void *handle, const void *buf, int32_t size)
    326. 

  326. {
    327. 

  327.     mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
    328. 

  328. 

  329.     if (hmac == NULL || buf == NULL)
    330. 

  330.         return MZ_PARAM_ERROR;
    331. 

  331. 

  332.     CCHmacUpdate(&hmac->ctx, buf, size);
    333. 

  333.     return MZ_OK;
    334. 

  334. }
    335. 

  335. 

  336. int32_t mz_crypt_hmac_end(void *handle, uint8_t *digest, int32_t digest_size)
    337. 

  337. {
    338. 

  338.     mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
    339. 

  339. 

  340.     if (hmac == NULL || digest == NULL)
    341. 

  341.         return MZ_PARAM_ERROR;
    342. 

  342. 

  343.     if (hmac->algorithm == MZ_HASH_SHA1)
    344. 

  344.     {
    345. 

  345.         if (digest_size < MZ_HASH_SHA1_SIZE)
    346. 

  346.             return MZ_BUF_ERROR;
    347. 

  347.         CCHmacFinal(&hmac->ctx, digest);
    348. 

  348.     }
    349. 

  349.     else
    350. 

  350.     {
    351. 

  351.         if (digest_size < MZ_HASH_SHA256_SIZE)
    352. 

  352.             return MZ_BUF_ERROR;
    353. 

  353.         CCHmacFinal(&hmac->ctx, digest);
    354. 

  354.     }
    355. 

  355. 

  356.     return MZ_OK;
    357. 

  357. }
    358. 

  358. 

  359. void mz_crypt_hmac_set_algorithm(void *handle, uint16_t algorithm)
    360. 

  360. {
    361. 

  361.     mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
    362. 

  362.     hmac->algorithm = algorithm;
    363. 

  363. }
    364. 

  364. 

  365. int32_t mz_crypt_hmac_copy(void *src_handle, void *target_handle)
    366. 

  366. {
    367. 

  367.     mz_crypt_hmac *source = (mz_crypt_hmac *)src_handle;
    368. 

  368.     mz_crypt_hmac *target = (mz_crypt_hmac *)target_handle;
    369. 

  369. 

  370.     if (source == NULL || target == NULL)
    371. 

  371.         return MZ_PARAM_ERROR;
    372. 

  372. 

  373.     memcpy(&target->ctx, &source->ctx, sizeof(CCHmacContext));
    374. 

  374.     return MZ_OK;
    375. 

  375. }
    376. 

  376. 

  377. void *mz_crypt_hmac_create(void **handle)
    378. 

  378. {
    379. 

  379.     mz_crypt_hmac *hmac = NULL;
    380. 

  380. 

  381.     hmac = (mz_crypt_hmac *)MZ_ALLOC(sizeof(mz_crypt_hmac));
    382. 

  382.     if (hmac != NULL)
    383. 

  383.     {
    384. 

  384.         memset(hmac, 0, sizeof(mz_crypt_hmac));
    385. 

  385.         hmac->algorithm = MZ_HASH_SHA256;
    386. 

  386.     }
    387. 

  387.     if (handle != NULL)
    388. 

  388.         *handle = hmac;
    389. 

  389. 

  390.     return hmac;
    391. 

  391. }
    392. 

  392. 

  393. void mz_crypt_hmac_delete(void **handle)
    394. 

  394. {
    395. 

  395.     mz_crypt_hmac *hmac = NULL;
    396. 

  396.     if (handle == NULL)
    397. 

  397.         return;
    398. 

  398.     hmac = (mz_crypt_hmac *)*handle;
    399. 

  399.     if (hmac != NULL)
    400. 

  400.     {
    401. 

  401.         mz_crypt_hmac_free(*handle);
    402. 

  402.         MZ_FREE(hmac);
    403. 

  403.     }
    404. 

  404.     *handle = NULL;
    405. 

  405. }
    406. 

  406. 

  407. /***************************************************************************/
    408. 

  408. 

  409. #if defined(MZ_ZIP_SIGNING)
    410. 

  410. int32_t mz_crypt_sign(uint8_t *message, int32_t message_size, uint8_t *cert_data, int32_t cert_data_size,
    411. 

  411.     const char *cert_pwd, uint8_t **signature, int32_t *signature_size)
    412. 

  412. {
    413. 

  413.     CFStringRef password_ref = NULL;
    414. 

  414.     CFDictionaryRef options_dict = NULL;
    415. 

  415.     CFDictionaryRef identity_trust = NULL;
    416. 

  416.     CFDataRef signature_out = NULL;
    417. 

  417.     CFDataRef pkcs12_data = NULL;
    418. 

  418.     CFArrayRef items = 0;
    419. 

  419.     SecIdentityRef identity = NULL;
    420. 

  420.     SecTrustRef trust = NULL;
    421. 

  421.     OSStatus status = noErr;
    422. 

  422.     const void *options_key[2] = { kSecImportExportPassphrase, kSecReturnRef };
    423. 

  423.     const void *options_values[2] = { 0, kCFBooleanTrue };
    424. 

  424.     int32_t err = MZ_SIGN_ERROR;
    425. 

  425. 

  426. 

  427.     if (message == NULL || cert_data == NULL || signature == NULL || signature_size == NULL)
    428. 

  428.         return MZ_PARAM_ERROR;
    429. 

  429. 

  430.     *signature = NULL;
    431. 

  431.     *signature_size = 0;
    432. 

  432. 

  433.     password_ref = CFStringCreateWithCString(0, cert_pwd, kCFStringEncodingUTF8);
    434. 

  434.     options_values[0] = password_ref;
    435. 

  435. 

  436.     options_dict = CFDictionaryCreate(0, options_key, options_values, 2, 0, 0);
    437. 

  437.     if (options_dict)
    438. 

  438.         pkcs12_data = CFDataCreate(0, cert_data, cert_data_size);
    439. 

  439.     if (pkcs12_data)
    440. 

  440.         status = SecPKCS12Import(pkcs12_data, options_dict, &items);
    441. 

  441.     if (status == noErr)
    442. 

  442.         identity_trust = CFArrayGetValueAtIndex(items, 0);
    443. 

  443.     if (identity_trust)
    444. 

  444.         identity = (SecIdentityRef)CFDictionaryGetValue(identity_trust, kSecImportItemIdentity);
    445. 

  445.     if (identity)
    446. 

  446.         trust = (SecTrustRef)CFDictionaryGetValue(identity_trust, kSecImportItemTrust);
    447. 

  447.     if (trust)
    448. 

  448.     {
    449. 

  449.         status = CMSEncodeContent(identity, NULL, NULL, FALSE, 0, message, message_size, &signature_out);
    450. 

  450. 

  451.         if (status == errSecSuccess)
    452. 

  452.         {
    453. 

  453.             *signature_size = CFDataGetLength(signature_out);
    454. 

  454.             *signature = (uint8_t *)MZ_ALLOC(*signature_size);
    455. 

  455. 

  456.             memcpy(*signature, CFDataGetBytePtr(signature_out), *signature_size);
    457. 

  457. 

  458.             err = MZ_OK;
    459. 

  459.         }
    460. 

  460.     }
    461. 

  461. 

  462.     if (signature_out)
    463. 

  463.         CFRelease(signature_out);
    464. 

  464.     if (items)
    465. 

  465.         CFRelease(items);
    466. 

  466.     if (pkcs12_data)
    467. 

  467.         CFRelease(pkcs12_data);
    468. 

  468.     if (options_dict)
    469. 

  469.         CFRelease(options_dict);
    470. 

  470.     if (password_ref)
    471. 

  471.         CFRelease(password_ref);
    472. 

  472. 

  473.     return err;
    474. 

  474. }
    475. 

  475. 

  476. int32_t mz_crypt_sign_verify(uint8_t *message, int32_t message_size, uint8_t *signature, int32_t signature_size)
    477. 

  477. {
    478. 

  478.     CMSDecoderRef decoder = NULL;
    479. 

  479.     CMSSignerStatus signer_status = 0;
    480. 

  480.     CFDataRef message_out = NULL;
    481. 

  481.     SecPolicyRef trust_policy = NULL;
    482. 

  482.     OSStatus status = noErr;
    483. 

  483.     OSStatus verify_status = noErr;
    484. 

  484.     size_t signer_count = 0;
    485. 

  485.     size_t i = 0;
    486. 

  486.     int32_t err = MZ_SIGN_ERROR;
    487. 

  487. 

  488.     if (message == NULL || signature == NULL)
    489. 

  489.         return MZ_PARAM_ERROR;
    490. 

  490. 

  491.     status = CMSDecoderCreate(&decoder);
    492. 

  492.     if (status == errSecSuccess)
    493. 

  493.         status = CMSDecoderUpdateMessage(decoder, signature, signature_size);
    494. 

  494.     if (status == errSecSuccess)
    495. 

  495.         status = CMSDecoderFinalizeMessage(decoder);
    496. 

  496.     if (status == errSecSuccess)
    497. 

  497.         trust_policy = SecPolicyCreateBasicX509();
    498. 

  498. 

  499.     if (status == errSecSuccess && trust_policy)
    500. 

  500.     {
    501. 

  501.         CMSDecoderGetNumSigners(decoder, &signer_count);
    502. 

  502.         if (signer_count > 0)
    503. 

  503.             err = MZ_OK;
    504. 

  504.         for (i = 0; i < signer_count; i += 1)
    505. 

  505.         {
    506. 

  506.             status = CMSDecoderCopySignerStatus(decoder, i, trust_policy, TRUE, &signer_status, NULL, &verify_status);
    507. 

  507.             if (status != errSecSuccess || verify_status != 0 || signer_status != kCMSSignerValid)
    508. 

  508.             {
    509. 

  509.                 err = MZ_SIGN_ERROR;
    510. 

  510.                 break;
    511. 

  511.             }
    512. 

  512.         }
    513. 

  513.     }
    514. 

  514. 

  515.     if (err == MZ_OK)
    516. 

  516.     {
    517. 

  517.         status = CMSDecoderCopyContent(decoder, &message_out);
    518. 

  518.         if ((status != errSecSuccess) ||
    519. 

  519.             (CFDataGetLength(message_out) != message_size) ||
    520. 

  520.             (memcmp(message, CFDataGetBytePtr(message_out), message_size) != 0))
    521. 

  521.             err = MZ_SIGN_ERROR;
    522. 

  522.     }
    523. 

  523. 

  524.     if (trust_policy)
    525. 

  525.         CFRelease(trust_policy);
    526. 

  526.     if (decoder)
    527. 

  527.         CFRelease(decoder);
    528. 

  528. 

  529.     return err;
    530. 

  530. }
    531. 

  531. 

  532. #endif
    533.