[apple/security.git] / Security / libsecurity_manifest / lib / Download.cpp

/*
 * Copyright (c) 2006,2011-2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

#include <CoreFoundation/CoreFoundation.h>
#include <CommonCrypto/CommonDigest.h>

#include <Security/Security.h>
#include <security_utilities/security_utilities.h>
#include <security_cdsa_utilities/cssmbridge.h>
#include <Security/cssmapplePriv.h>

#include "SecureDownload.h"
#include "SecureDownloadInternal.h"
#include "Download.h"


static void CheckCFThingForNULL (CFTypeRef theType)
{
	if (theType == NULL)
	{
		CFError::throwMe ();
	}
}


Download::Download () : mDict (NULL), mURLs (NULL), mName (NULL), mDate (NULL), mHashes (NULL), mNumHashes (0), mCurrentHash (0), mBytesInCurrentDigest (0)
{
}


static void ReleaseIfNotNull (CFTypeRef theThing)
{
	if (theThing != NULL)
	{
		CFRelease (theThing);
	}
}


Download::~Download ()
{
	ReleaseIfNotNull (mDict);
}


CFArrayRef Download::CopyURLs ()
{
	CFRetain (mURLs);
	return mURLs;
}


CFStringRef Download::CopyName ()
{
	CFRetain (mName);
	return mName;
}


CFDateRef Download::CopyDate ()
{
	CFRetain (mDate);
	return mDate;
}


void Download::GoOrNoGo (SecTrustResultType result)
{
	switch (result)
	{
		case kSecTrustResultInvalid:
		case kSecTrustResultDeny:
		case kSecTrustResultFatalTrustFailure:
		case kSecTrustResultOtherError:
			MacOSError::throwMe (errSecureDownloadInvalidTicket);
			
		case kSecTrustResultProceed:
			return;
		
		// we would normally ask for the user's permission in these cases.
		// we don't in this case, as the Apple signing root had better be
		// in X509 anchors.  I'm leaving this broken out for ease of use
		// in case we change our minds...
		case kSecTrustResultConfirm:
		case kSecTrustResultRecoverableTrustFailure:
		case kSecTrustResultUnspecified:
		{
			MacOSError::throwMe (errSecureDownloadInvalidTicket);
		}
		
		default:
			break;
	}
}

	
SecPolicyRef Download::GetPolicy ()
{
	SecPolicySearchRef search;
	SecPolicyRef policy;
	OSStatus result;

	// get the policy for resource signing
	result = SecPolicySearchCreate (CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_RESOURCE_SIGN, NULL, &search);
	if (result != errSecSuccess)
	{
		MacOSError::throwMe (result);
	}
	
	result = SecPolicySearchCopyNext (search, &policy);
	if (result != errSecSuccess)
	{
		MacOSError::throwMe (result);
	}

	CFRelease (search);
	
	return policy;
}


#define SHA256_NAME CFSTR("SHA-256")

void Download::ParseTicket (CFDataRef ticket)
{
	// make a propertylist from the ticket
	CFDictionaryRef mDict = (CFDictionaryRef) _SecureDownloadParseTicketXML (ticket);
	CheckCFThingForNULL (mDict);
	CFRetain (mDict);
	
	mURLs = (CFArrayRef) CFDictionaryGetValue (mDict, SD_XML_URL);
	CheckCFThingForNULL (mURLs);
	
	// get the download name
	mName = (CFStringRef) CFDictionaryGetValue (mDict, SD_XML_NAME);
	CheckCFThingForNULL (mName);

	// get the download date
	mDate = (CFDateRef) CFDictionaryGetValue (mDict, SD_XML_CREATED);
	CheckCFThingForNULL (mDate);
	
	// get the download size
	CFNumberRef number = (CFNumberRef) CFDictionaryGetValue (mDict, SD_XML_SIZE);
	CFNumberGetValue (number, kCFNumberSInt64Type, &mDownloadSize);

	// get the verifications dictionary
	CFDictionaryRef verifications = (CFDictionaryRef) CFDictionaryGetValue (mDict, SD_XML_VERIFICATIONS);
	
	// from the verifications dictionary, get the hashing dictionary that we support
	CFDictionaryRef hashInfo = (CFDictionaryRef) CFDictionaryGetValue (verifications, SHA256_NAME);
	
	// from the hashing dictionary, get the sector size
	number = (CFNumberRef) CFDictionaryGetValue (hashInfo, SD_XML_SECTOR_SIZE);
	CFNumberGetValue (number, kCFNumberSInt32Type, &mSectorSize);
	
	// get the hashes
	mHashes = (CFDataRef) CFDictionaryGetValue (hashInfo, SD_XML_DIGESTS);
	CFIndex hashSize = CFDataGetLength (mHashes);
	mNumHashes = hashSize / CC_SHA256_DIGEST_LENGTH;
	mDigests = (Sha256Digest*) CFDataGetBytePtr (mHashes);
	mCurrentHash = 0;
	mBytesInCurrentDigest = 0;
}


void Download::Initialize (CFDataRef ticket,
						   SecureDownloadTrustSetupCallback setup,
						   void* setupContext,
						   SecureDownloadTrustEvaluateCallback evaluate,
						   void* evaluateContext)
{
	// decode the ticket
	SecCmsMessageRef cmsMessage = GetCmsMessageFromData (ticket);
	
	// get a policy
	SecPolicyRef policy = GetPolicy ();

	// parse the CMS message
	int contentLevelCount = SecCmsMessageContentLevelCount (cmsMessage);
	SecCmsSignedDataRef signedData;

	OSStatus result;
	
	int i = 0;
	while (i < contentLevelCount)
	{
		SecCmsContentInfoRef contentInfo = SecCmsMessageContentLevel (cmsMessage, i++);
		SECOidTag contentTypeTag = SecCmsContentInfoGetContentTypeTag (contentInfo);
		
		if (contentTypeTag != SEC_OID_PKCS7_SIGNED_DATA)
		{
			continue;
		}

		signedData = (SecCmsSignedDataRef) SecCmsContentInfoGetContent (contentInfo);
		if (signedData == NULL)
		{
			MacOSError::throwMe (errSecureDownloadInvalidTicket);
		}
		
		// import the certificates found in the cms message
		result = SecCmsSignedDataImportCerts (signedData, NULL, certUsageObjectSigner, true);
		if (result != 0)
		{
			MacOSError::throwMe (errSecureDownloadInvalidTicket);
		}
		
		int numberOfSigners = SecCmsSignedDataSignerInfoCount (signedData);
		int j;
		
		if (numberOfSigners == 0) // no signers?  This is a possible attack
		{
			MacOSError::throwMe (errSecureDownloadInvalidTicket);
		}
		
		for (j = 0; j < numberOfSigners; ++j)
		{
			SecTrustResultType resultType;
			
			// do basic verification of the message
			SecTrustRef trustRef;
			result = SecCmsSignedDataVerifySignerInfo (signedData, j, NULL, policy, &trustRef);
			
			// notify the user of the new trust ref
			if (setup != NULL)
			{
				SecureDownloadTrustCallbackResult tcResult = setup (trustRef, setupContext);
				switch (tcResult)
				{
					case kSecureDownloadDoNotEvaluateSigner:
						continue;
					
					case kSecureDownloadFailEvaluation:
						MacOSError::throwMe (errSecureDownloadInvalidTicket);
					
					case kSecureDownloadEvaluateSigner:
					break;
				}
			}
			
			if (result != 0)
			{
				MacOSError::throwMe (errSecureDownloadInvalidTicket);
			}
			
			result = SecTrustEvaluate (trustRef, &resultType);
			if (result != errSecSuccess)
			{
				MacOSError::throwMe (errSecureDownloadInvalidTicket);
			}
			
			if (evaluate != NULL)
			{
				resultType = evaluate (trustRef, resultType, evaluateContext);
			}
			
			GoOrNoGo (resultType);
		}
	}
	
	// extract the message 
	CSSM_DATA_PTR message = SecCmsMessageGetContent (cmsMessage);
	CFDataRef ticketData = CFDataCreateWithBytesNoCopy (NULL, message->Data, message->Length, kCFAllocatorNull);
	CheckCFThingForNULL (ticketData);
	
	ParseTicket (ticketData);

	// setup for hashing
	CC_SHA256_Init (&mSHA256Context);
	
	// clean up
	CFRelease (ticketData);
	SecCmsMessageDestroy (cmsMessage);
}


SecCmsMessageRef Download::GetCmsMessageFromData (CFDataRef data)
{
	// setup decoding
	SecCmsDecoderRef decoderContext;
	int result = SecCmsDecoderCreate (NULL, NULL, NULL, NULL, NULL, NULL, NULL, &decoderContext);
    if (result)
    {
		MacOSError::throwMe (errSecureDownloadInvalidTicket);
    }

	result = SecCmsDecoderUpdate (decoderContext, CFDataGetBytePtr (data), CFDataGetLength (data));
	if (result)
	{
        SecCmsDecoderDestroy(decoderContext);
		MacOSError::throwMe (errSecureDownloadInvalidTicket);
	}

    SecCmsMessageRef message;
	result = SecCmsDecoderFinish (decoderContext, &message);
    if (result)
    {
		MacOSError::throwMe (errSecureDownloadInvalidTicket);
    }

    return message;
}


static 
size_t MinSizeT (size_t a, size_t b)
{
	// return the smaller of a and b
	return a < b ? a : b;
}


void Download::FinalizeDigestAndCompare ()
{
	Sha256Digest digest;
	CC_SHA256_Final (digest, &mSHA256Context);
	
	// make sure we don't overflow the digest buffer
	if (mCurrentHash >= mNumHashes || memcmp (digest, mDigests[mCurrentHash++], CC_SHA256_DIGEST_LENGTH) != 0)
	{
		// Something's really wrong!
		MacOSError::throwMe (errSecureDownloadInvalidDownload);
	}
	
	// setup for the next receipt of data
	mBytesInCurrentDigest = 0;
	CC_SHA256_Init (&mSHA256Context);
}


void Download::UpdateWithData (CFDataRef data)
{
	// figure out how much data to hash
	CFIndex dataLength = CFDataGetLength (data);
	const UInt8* finger = CFDataGetBytePtr (data);
	
	while (dataLength > 0)
	{
		// figure out how many bytes are left to hash
		size_t bytesLeftToHash = mSectorSize - mBytesInCurrentDigest;
		size_t bytesToHash = MinSizeT (bytesLeftToHash, dataLength);
		
		// hash the data
		CC_SHA256_Update (&mSHA256Context, finger, (CC_LONG)bytesToHash);
		
		// update the pointers
		mBytesInCurrentDigest += bytesToHash;
		bytesLeftToHash -= bytesToHash;
		finger += bytesToHash;
		dataLength -= bytesToHash;
		
		if (bytesLeftToHash == 0) // is our digest "full"?
		{
			FinalizeDigestAndCompare ();
		}
	}
}


void Download::Finalize ()
{
	// are there any bytes left over in the digest?
	if (mBytesInCurrentDigest != 0)
	{
		FinalizeDigestAndCompare ();
	}
	
	if (mCurrentHash != mNumHashes) // check for underflow
	{
		MacOSError::throwMe (errSecureDownloadInvalidDownload);
	}
}
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2006,2011-2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	#include <CoreFoundation/CoreFoundation.h>
	25	#include <CommonCrypto/CommonDigest.h>
	26
	27	#include <Security/Security.h>
	28	#include <security_utilities/security_utilities.h>
b1ab9ed8 A	29	#include <security_cdsa_utilities/cssmbridge.h>
	30	#include <Security/cssmapplePriv.h>
	31
	32	#include "SecureDownload.h"
	33	#include "SecureDownloadInternal.h"
	34	#include "Download.h"
	35
	36
	37
	38	static void CheckCFThingForNULL (CFTypeRef theType)
	39	{
	40	if (theType == NULL)
	41	{
	42	CFError::throwMe ();
	43	}
	44	}
	45
	46
	47
	48	Download::Download () : mDict (NULL), mURLs (NULL), mName (NULL), mDate (NULL), mHashes (NULL), mNumHashes (0), mCurrentHash (0), mBytesInCurrentDigest (0)
	49	{
	50	}
	51
	52
	53
	54	static void ReleaseIfNotNull (CFTypeRef theThing)
	55	{
	56	if (theThing != NULL)
	57	{
	58	CFRelease (theThing);
	59	}
	60	}
	61
	62
	63
	64	Download::~Download ()
	65	{
	66	ReleaseIfNotNull (mDict);
	67	}
	68
	69
	70
	71	CFArrayRef Download::CopyURLs ()
	72	{
	73	CFRetain (mURLs);
	74	return mURLs;
	75	}
	76
	77
	78
	79	CFStringRef Download::CopyName ()
	80	{
	81	CFRetain (mName);
	82	return mName;
	83	}
	84
	85
	86
	87	CFDateRef Download::CopyDate ()
	88	{
	89	CFRetain (mDate);
	90	return mDate;
	91	}
	92
93
94
95	void Download::GoOrNoGo (SecTrustResultType result)
96	{
97	switch (result)
98	{
99	case kSecTrustResultInvalid:
100	case kSecTrustResultDeny:
101	case kSecTrustResultFatalTrustFailure:
102	case kSecTrustResultOtherError:
103	MacOSError::throwMe (errSecureDownloadInvalidTicket);
104
105	case kSecTrustResultProceed:
106	return;
107
108	// we would normally ask for the user's permission in these cases.
109	// we don't in this case, as the Apple signing root had better be
110	// in X509 anchors. I'm leaving this broken out for ease of use
111	// in case we change our minds...
112	case kSecTrustResultConfirm:
113	case kSecTrustResultRecoverableTrustFailure:
114	case kSecTrustResultUnspecified:
115	{
116	MacOSError::throwMe (errSecureDownloadInvalidTicket);
117	}
118
119	default:
120	break;
121	}
122	}
123
124
125
126	SecPolicyRef Download::GetPolicy ()
127	{
128	SecPolicySearchRef search;
129	SecPolicyRef policy;
130	OSStatus result;
131
132	// get the policy for resource signing
133	result = SecPolicySearchCreate (CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_RESOURCE_SIGN, NULL, &search);
427c49bc	134	if (result != errSecSuccess)
b1ab9ed8 A	135	{
	136	MacOSError::throwMe (result);
	137	}
	138
	139	result = SecPolicySearchCopyNext (search, &policy);
427c49bc	140	if (result != errSecSuccess)
b1ab9ed8 A	141	{
	142	MacOSError::throwMe (result);
	143	}
	144
	145	CFRelease (search);
	146
	147	return policy;
	148	}
	149
	150
	151
	152	#define SHA256_NAME CFSTR("SHA-256")
	153
	154	void Download::ParseTicket (CFDataRef ticket)
	155	{
	156	// make a propertylist from the ticket
	157	CFDictionaryRef mDict = (CFDictionaryRef) _SecureDownloadParseTicketXML (ticket);
	158	CheckCFThingForNULL (mDict);
	159	CFRetain (mDict);
	160
	161	mURLs = (CFArrayRef) CFDictionaryGetValue (mDict, SD_XML_URL);
	162	CheckCFThingForNULL (mURLs);
	163
	164	// get the download name
	165	mName = (CFStringRef) CFDictionaryGetValue (mDict, SD_XML_NAME);
	166	CheckCFThingForNULL (mName);
	167
	168	// get the download date
	169	mDate = (CFDateRef) CFDictionaryGetValue (mDict, SD_XML_CREATED);
	170	CheckCFThingForNULL (mDate);
	171
	172	// get the download size
	173	CFNumberRef number = (CFNumberRef) CFDictionaryGetValue (mDict, SD_XML_SIZE);
	174	CFNumberGetValue (number, kCFNumberSInt64Type, &mDownloadSize);
	175
	176	// get the verifications dictionary
	177	CFDictionaryRef verifications = (CFDictionaryRef) CFDictionaryGetValue (mDict, SD_XML_VERIFICATIONS);
	178
	179	// from the verifications dictionary, get the hashing dictionary that we support
	180	CFDictionaryRef hashInfo = (CFDictionaryRef) CFDictionaryGetValue (verifications, SHA256_NAME);
	181
	182	// from the hashing dictionary, get the sector size
	183	number = (CFNumberRef) CFDictionaryGetValue (hashInfo, SD_XML_SECTOR_SIZE);
	184	CFNumberGetValue (number, kCFNumberSInt32Type, &mSectorSize);
	185
	186	// get the hashes
	187	mHashes = (CFDataRef) CFDictionaryGetValue (hashInfo, SD_XML_DIGESTS);
	188	CFIndex hashSize = CFDataGetLength (mHashes);
	189	mNumHashes = hashSize / CC_SHA256_DIGEST_LENGTH;
	190	mDigests = (Sha256Digest*) CFDataGetBytePtr (mHashes);
	191	mCurrentHash = 0;
	192	mBytesInCurrentDigest = 0;
	193	}
	194
	195
	196
	197	void Download::Initialize (CFDataRef ticket,
	198	SecureDownloadTrustSetupCallback setup,
	199	void* setupContext,
	200	SecureDownloadTrustEvaluateCallback evaluate,
	201	void* evaluateContext)
	202	{
	203	// decode the ticket
	204	SecCmsMessageRef cmsMessage = GetCmsMessageFromData (ticket);
205
206	// get a policy
207	SecPolicyRef policy = GetPolicy ();
208
209	// parse the CMS message
210	int contentLevelCount = SecCmsMessageContentLevelCount (cmsMessage);
211	SecCmsSignedDataRef signedData;
212
213	OSStatus result;
214
215	int i = 0;
216	while (i < contentLevelCount)
217	{
218	SecCmsContentInfoRef contentInfo = SecCmsMessageContentLevel (cmsMessage, i++);
219	SECOidTag contentTypeTag = SecCmsContentInfoGetContentTypeTag (contentInfo);
220
221	if (contentTypeTag != SEC_OID_PKCS7_SIGNED_DATA)
222	{
223	continue;
224	}
225
226	signedData = (SecCmsSignedDataRef) SecCmsContentInfoGetContent (contentInfo);
227	if (signedData == NULL)
228	{
229	MacOSError::throwMe (errSecureDownloadInvalidTicket);
230	}
231
232	// import the certificates found in the cms message
233	result = SecCmsSignedDataImportCerts (signedData, NULL, certUsageObjectSigner, true);
234	if (result != 0)
235	{
236	MacOSError::throwMe (errSecureDownloadInvalidTicket);
237	}
238
239	int numberOfSigners = SecCmsSignedDataSignerInfoCount (signedData);
240	int j;
241
242	if (numberOfSigners == 0) // no signers? This is a possible attack
243	{
244	MacOSError::throwMe (errSecureDownloadInvalidTicket);
245	}
246
247	for (j = 0; j < numberOfSigners; ++j)
248	{
249	SecTrustResultType resultType;
250
251	// do basic verification of the message
252	SecTrustRef trustRef;
253	result = SecCmsSignedDataVerifySignerInfo (signedData, j, NULL, policy, &trustRef);
254
255	// notify the user of the new trust ref
256	if (setup != NULL)
257	{
258	SecureDownloadTrustCallbackResult tcResult = setup (trustRef, setupContext);
259	switch (tcResult)
260	{
261	case kSecureDownloadDoNotEvaluateSigner:
262	continue;
263
264	case kSecureDownloadFailEvaluation:
265	MacOSError::throwMe (errSecureDownloadInvalidTicket);
266
267	case kSecureDownloadEvaluateSigner:
268	break;
269	}
270	}
271
272	if (result != 0)
273	{
274	MacOSError::throwMe (errSecureDownloadInvalidTicket);
275	}
276
277	result = SecTrustEvaluate (trustRef, &resultType);
427c49bc	278	if (result != errSecSuccess)
b1ab9ed8 A	279	{
	280	MacOSError::throwMe (errSecureDownloadInvalidTicket);
	281	}
	282
	283	if (evaluate != NULL)
	284	{
	285	resultType = evaluate (trustRef, resultType, evaluateContext);
	286	}
	287
	288	GoOrNoGo (resultType);
	289	}
	290	}
	291
	292	// extract the message
	293	CSSM_DATA_PTR message = SecCmsMessageGetContent (cmsMessage);
	294	CFDataRef ticketData = CFDataCreateWithBytesNoCopy (NULL, message->Data, message->Length, kCFAllocatorNull);
	295	CheckCFThingForNULL (ticketData);
	296
	297	ParseTicket (ticketData);
	298
	299	// setup for hashing
	300	CC_SHA256_Init (&mSHA256Context);
	301
	302	// clean up
	303	CFRelease (ticketData);
	304	SecCmsMessageDestroy (cmsMessage);
	305	}
	306
	307
	308
	309	SecCmsMessageRef Download::GetCmsMessageFromData (CFDataRef data)
	310	{
	311	// setup decoding
	312	SecCmsDecoderRef decoderContext;
	313	int result = SecCmsDecoderCreate (NULL, NULL, NULL, NULL, NULL, NULL, NULL, &decoderContext);
	314	if (result)
	315	{
	316	MacOSError::throwMe (errSecureDownloadInvalidTicket);
	317	}
	318
	319	result = SecCmsDecoderUpdate (decoderContext, CFDataGetBytePtr (data), CFDataGetLength (data));
	320	if (result)
	321	{
	322	SecCmsDecoderDestroy(decoderContext);
	323	MacOSError::throwMe (errSecureDownloadInvalidTicket);
	324	}
	325
	326	SecCmsMessageRef message;
	327	result = SecCmsDecoderFinish (decoderContext, &message);
	328	if (result)
	329	{
	330	MacOSError::throwMe (errSecureDownloadInvalidTicket);
	331	}
	332
	333	return message;
	334	}
	335
	336
427c49bc	337	static
b1ab9ed8 A	338	size_t MinSizeT (size_t a, size_t b)
	339	{
	340	// return the smaller of a and b
	341	return a < b ? a : b;
	342	}
	343
	344
	345
	346	void Download::FinalizeDigestAndCompare ()
	347	{
	348	Sha256Digest digest;
	349	CC_SHA256_Final (digest, &mSHA256Context);
	350
	351	// make sure we don't overflow the digest buffer
	352	if (mCurrentHash >= mNumHashes \|\| memcmp (digest, mDigests[mCurrentHash++], CC_SHA256_DIGEST_LENGTH) != 0)
	353	{
	354	// Something's really wrong!
	355	MacOSError::throwMe (errSecureDownloadInvalidDownload);
	356	}
	357
	358	// setup for the next receipt of data
	359	mBytesInCurrentDigest = 0;
	360	CC_SHA256_Init (&mSHA256Context);
	361	}
	362
	363
	364
	365	void Download::UpdateWithData (CFDataRef data)
	366	{
	367	// figure out how much data to hash
	368	CFIndex dataLength = CFDataGetLength (data);
	369	const UInt8* finger = CFDataGetBytePtr (data);
	370
	371	while (dataLength > 0)
	372	{
	373	// figure out how many bytes are left to hash
	374	size_t bytesLeftToHash = mSectorSize - mBytesInCurrentDigest;
	375	size_t bytesToHash = MinSizeT (bytesLeftToHash, dataLength);
	376
	377	// hash the data
427c49bc	378	CC_SHA256_Update (&mSHA256Context, finger, (CC_LONG)bytesToHash);
b1ab9ed8 A	379
	380	// update the pointers
	381	mBytesInCurrentDigest += bytesToHash;
	382	bytesLeftToHash -= bytesToHash;
	383	finger += bytesToHash;
	384	dataLength -= bytesToHash;
	385
	386	if (bytesLeftToHash == 0) // is our digest "full"?
	387	{
	388	FinalizeDigestAndCompare ();
	389	}
	390	}
	391	}
	392
	393
	394
	395	void Download::Finalize ()
	396	{
	397	// are there any bytes left over in the digest?
	398	if (mBytesInCurrentDigest != 0)
	399	{
	400	FinalizeDigestAndCompare ();
	401	}
	402
	403	if (mCurrentHash != mNumHashes) // check for underflow
	404	{
	405	MacOSError::throwMe (errSecureDownloadInvalidDownload);
	406	}
	407	}
	408