*** misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 08:00:30.000000000 +0200 --- misc/build/xmlsec1-1.2.6/apps/Makefile.in 2006-05-08 12:19:38.678768000 +0200 *************** *** 370,376 **** $(CRYPTO_DEPS) \ $(NULL) ! all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj --- 370,376 ---- $(CRYPTO_DEPS) \ $(NULL) ! all: .SUFFIXES: .SUFFIXES: .c .lo .o .obj *** misc/xmlsec1-1.2.6/configure Thu Aug 26 08:00:34 2004 --- misc/build/xmlsec1-1.2.6/configure Thu Sep 28 18:00:38 2006 *************** *** 9046,9052 **** ;; esac output_verbose_link_cmd='echo' ! archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring' module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' --- 9046,9052 ---- ;; esac output_verbose_link_cmd='echo' ! archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name @executable_path/$soname $verstring' module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs$compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' *************** *** 24598,24604 **** fi LIBXML_MIN_VERSION="2.4.2" ! LIBXML_CONFIG="xml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" --- 24598,24604 ---- fi LIBXML_MIN_VERSION="2.4.2" ! LIBXML_CONFIG="./libxml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" *************** *** 25678,25688 **** XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" ! NSS_LIBS_LIST="-lnss3 -lsmime3" NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" --- 25678,25691 ---- XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" + if test "z$MOZ_FLAVOUR" = "zfirefox" ; then + MOZILLA_MIN_VERSION="1.0" + fi NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" ! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" *************** *** 25766,25788 **** else PKG_CONFIG_MIN_VERSION=0.9.0 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then ! echo "$as_me:$LINENO: checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" >&5 ! echo $ECHO_N "checking for mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 ! if $PKG_CONFIG --exists "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" ; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 succeeded=yes echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 ! NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 echo "${ECHO_T}$NSS_CFLAGS" >&6 echo "$as_me:$LINENO: checking NSS_LIBS" >&5 echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 ! NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 echo "${ECHO_T}$NSS_LIBS" >&6 else --- 25769,25791 ---- else PKG_CONFIG_MIN_VERSION=0.9.0 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then ! echo "$as_me:$LINENO: checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" >&5 ! echo $ECHO_N "checking for $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION... $ECHO_C" >&6 ! if $PKG_CONFIG --exists "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION" ; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 succeeded=yes echo "$as_me:$LINENO: checking NSS_CFLAGS" >&5 echo $ECHO_N "checking NSS_CFLAGS... $ECHO_C" >&6 ! NSS_CFLAGS=`$PKG_CONFIG --cflags "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_CFLAGS" >&5 echo "${ECHO_T}$NSS_CFLAGS" >&6 echo "$as_me:$LINENO: checking NSS_LIBS" >&5 echo $ECHO_N "checking NSS_LIBS... $ECHO_C" >&6 ! NSS_LIBS=`$PKG_CONFIG --libs "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` echo "$as_me:$LINENO: result: $NSS_LIBS" >&5 echo "${ECHO_T}$NSS_LIBS" >&6 else *************** *** 25790,25796 **** NSS_LIBS="" ## If we have a custom action on failure, don't print errors, but ## do set a variable so people can do so. ! NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION"` fi --- 25793,25799 ---- NSS_LIBS="" ## If we have a custom action on failure, don't print errors, but ## do set a variable so people can do so. ! NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION"` fi *************** *** 25817,25824 **** ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi ! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" ! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 --- 25820,25827 ---- ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi ! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" ! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 *************** *** 25853,25859 **** done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnspr4.so ; then if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" else --- 25856,25862 ---- done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" else *************** *** 25939,25945 **** done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnss3.so ; then if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" else --- 25942,25948 ---- done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" else *** misc/xmlsec1-1.2.6/configure.in 2004-08-26 04:49:24.000000000 +0200 --- misc/build/xmlsec1-1.2.6/configure.in 2006-05-08 12:19:38.849322000 +0200 *************** *** 143,149 **** dnl find libxml dnl ========================================================================== LIBXML_MIN_VERSION="2.4.2" ! LIBXML_CONFIG="xml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" --- 143,149 ---- dnl find libxml dnl ========================================================================== LIBXML_MIN_VERSION="2.4.2" ! LIBXML_CONFIG="./libxml2-config" LIBXML_CFLAGS="" LIBXML_LIBS="" LIBXML_FOUND="no" *************** *** 503,513 **** XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" ! NSS_LIBS_LIST="-lnss3 -lsmime3" NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" --- 503,516 ---- XMLSEC_NO_NSS="1" MOZILLA_MIN_VERSION="1.4" + if test "z$MOZ_FLAVOUR" = "zfirefox" ; then + MOZILLA_MIN_VERSION="1.0" + fi NSS_MIN_VERSION="3.2" NSPR_MIN_VERSION="4.0" NSS_CFLAGS="" NSS_LIBS="" ! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3" NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" NSS_CRYPTO_LIB="$PACKAGE-nss" NSS_FOUND="no" *************** *** 521,527 **** AC_MSG_RESULT(no) NSS_FOUND="without" elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then ! PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION, [NSS_FOUND=yes], [NSS_FOUND=no]) fi --- 524,530 ---- AC_MSG_RESULT(no) NSS_FOUND="without" elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$PKG_CONFIG_ENABLED" = "zyes" ; then ! PKG_CHECK_MODULES(NSS, $MOZ_FLAVOUR-nspr >= $MOZILLA_MIN_VERSION $MOZ_FLAVOUR-nss >= $MOZILLA_MIN_VERSION, [NSS_FOUND=yes], [NSS_FOUND=no]) fi *************** *** 534,541 **** ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi ! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" ! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) NSPR_INCLUDES_FOUND="no" --- 537,544 ---- ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION fi ! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" ! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) NSPR_INCLUDES_FOUND="no" *************** *** 570,576 **** done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnspr4.so ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" --- 573,579 ---- done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSPR_LIBS="$NSPR_LIBS_LIST" *************** *** 641,647 **** done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnss3.so ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" --- 644,650 ---- done for dir in $ac_nss_lib_dir ; do ! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then dnl do not add -L/usr/lib because compiler does it anyway if test "z$dir" = "z/usr/lib" ; then NSS_LIBS="$NSS_LIBS_LIST" *** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2006-05-08 12:20:35.543960000 +0200 --- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2006-05-08 12:19:38.865837000 +0200 *************** *** 1 **** ! dummy --- 1,71 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright .......................... ! */ ! #ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ ! #define __XMLSEC_MSCRYPTO_AKMNGR_H__ ! ! #include ! #include ! ! #include ! #include ! #include ! ! #ifdef __cplusplus ! extern "C" { ! #endif /* __cplusplus */ ! ! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr ! xmlSecMSCryptoAppliedKeysMngrCreate( ! HCERTSTORE keyStore , ! HCERTSTORE certStore ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY symKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY pubKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY priKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE keyStore ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE trustedStore ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE untrustedStore ! ) ; ! ! #ifdef __cplusplus ! } ! #endif /* __cplusplus */ ! ! #endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ ! ! *** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 08:12:46.000000000 +0200 --- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2006-05-08 12:19:38.877030000 +0200 *************** *** 77,82 **** --- 77,97 ---- PCCERT_CONTEXT cert, xmlSecKeyDataType type); + XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE keyStore + ) ; + + XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE trustedStore + ) ; + + XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE untrustedStore + ) ; + #endif /* XMLSEC_NO_X509 */ *** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2006-05-08 12:20:35.464923000 +0200 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2006-05-08 12:19:38.888548000 +0200 *************** *** 1 **** ! dummy --- 1,56 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright .......................... ! */ ! #ifndef __XMLSEC_NSS_AKMNGR_H__ ! #define __XMLSEC_NSS_AKMNGR_H__ ! ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! ! #ifdef __cplusplus ! extern "C" { ! #endif /* __cplusplus */ ! ! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr ! xmlSecNssAppliedKeysMngrCreate( ! PK11SlotInfo** slots, ! int cSlots, ! CERTCertDBHandle* handler ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssAppliedKeysMngrSymKeyLoad( ! xmlSecKeysMngrPtr mngr , ! PK11SymKey* symKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssAppliedKeysMngrPubKeyLoad( ! xmlSecKeysMngrPtr mngr , ! SECKEYPublicKey* pubKey ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssAppliedKeysMngrPriKeyLoad( ! xmlSecKeysMngrPtr mngr , ! SECKEYPrivateKey* priKey ! ) ; ! ! #ifdef __cplusplus ! } ! #endif /* __cplusplus */ ! ! #endif /* __XMLSEC_NSS_AKMNGR_H__ */ ! ! *** misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-12 22:06:14.000000000 +0100 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2006-05-08 12:19:38.900161000 +0200 *************** *** 22,27 **** --- 22,30 ---- #include #include + #include + #include + /** * Init/shutdown */ *************** *** 34,39 **** --- 37,44 ---- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, + xmlSecNssKeySlotPtr keySlot); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, const char* uri); XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, *** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2006-05-08 12:20:35.490138000 +0200 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2006-05-08 12:19:38.911289000 +0200 *************** *** 1 **** ! dummy --- 1,35 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright .......................... ! */ ! #ifndef __XMLSEC_NSS_CIPHERS_H__ ! #define __XMLSEC_NSS_CIPHERS_H__ ! ! #ifdef __cplusplus ! extern "C" { ! #endif /* __cplusplus */ ! ! #include ! #include ! #include ! ! ! XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, ! PK11SymKey* symkey ) ; ! ! XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; ! ! XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); ! ! ! #ifdef __cplusplus ! } ! #endif /* __cplusplus */ ! ! #endif /* __XMLSEC_NSS_CIPHERS_H__ */ ! ! *** misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-12 22:06:14.000000000 +0100 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2006-05-08 12:19:38.923311000 +0200 *************** *** 264,269 **** --- 264,278 ---- xmlSecNssTransformRsaPkcs1GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void); + /** + * xmlSecNssTransformRsaOaepId: + * + * The RSA OAEP key transport transform klass. + */ + #define xmlSecNssTransformRsaOaepId \ + xmlSecNssTransformRsaOaepGetKlass() + XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); + #endif /* XMLSEC_NO_RSA */ *** misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 04:46:35.000000000 +0200 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2006-05-08 12:19:38.935294000 +0200 *************** *** 16,21 **** --- 16,23 ---- #endif /* __cplusplus */ #include + #include + #include /**************************************************************************** * *************** *** 31,36 **** --- 33,40 ---- XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, xmlSecKeyPtr key); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, + xmlSecNssKeySlotPtr keySlot); XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, const char *uri, xmlSecKeysMngrPtr keysMngr); *** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 04:46:35.000000000 +0200 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2006-05-08 12:19:38.946533000 +0200 *************** *** 3,8 **** --- 3,9 ---- xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss xmlsecnssinc_HEADERS = \ + akmngr.h \ app.h \ crypto.h \ symbols.h \ *************** *** 10,15 **** --- 11,18 ---- keysstore.h \ pkikeys.h \ x509.h \ + tokens.h \ + ciphers.h \ $(NULL) install-exec-hook: *** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 08:00:31.000000000 +0200 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2006-05-08 12:19:38.959507000 +0200 *************** *** 273,278 **** --- 273,279 ---- NULL = xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss xmlsecnssinc_HEADERS = \ + akmngr.h \ app.h \ crypto.h \ symbols.h \ *************** *** 280,285 **** --- 281,288 ---- keysstore.h \ pkikeys.h \ x509.h \ + tokens.h \ + ciphers.h \ $(NULL) all: all-am *** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2006-05-08 12:20:35.516481000 +0200 --- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2006-05-08 12:19:38.973290000 +0200 *************** *** 1 **** ! dummy --- 1,182 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. ! * ! * Contributor(s): _____________________________ ! * ! */ ! #ifndef __XMLSEC_NSS_TOKENS_H__ ! #define __XMLSEC_NSS_TOKENS_H__ ! ! #include ! ! #include ! #include ! ! #include ! #include ! ! #ifdef __cplusplus ! extern "C" { ! #endif /* __cplusplus */ ! ! /** ! * xmlSecNssKeySlotListId ! * ! * The crypto mechanism list klass ! */ ! #define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() ! XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; ! ! /******************************************* ! * KeySlot interfaces ! *******************************************/ ! /** ! * Internal NSS key slot data ! * @mechanismList: the mechanisms that the slot bound with. ! * @slot: the pkcs slot ! * ! * This context is located after xmlSecPtrList ! */ ! typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; ! typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; ! ! struct _xmlSecNssKeySlot { ! CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ ! PK11SlotInfo* slot ; ! } ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotSetMechList( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE_PTR mechanismList ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotEnableMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE mechanism ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotDisableMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE mechanism ! ) ; ! ! XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR ! xmlSecNssKeySlotGetMechList( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotSetSlot( ! xmlSecNssKeySlotPtr keySlot , ! PK11SlotInfo* slot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotInitialize( ! xmlSecNssKeySlotPtr keySlot , ! PK11SlotInfo* slot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT void ! xmlSecNssKeySlotFinalize( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* ! xmlSecNssKeySlotGetSlot( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr ! xmlSecNssKeySlotCreate() ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotCopy( ! xmlSecNssKeySlotPtr newKeySlot , ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr ! xmlSecNssKeySlotDuplicate( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT void ! xmlSecNssKeySlotDestroy( ! xmlSecNssKeySlotPtr keySlot ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotBindMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE type ! ) ; ! ! XMLSEC_CRYPTO_EXPORT int ! xmlSecNssKeySlotSupportMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE type ! ) ; ! ! ! /************************************************************************ ! * PKCS#11 crypto token interfaces ! * ! * A PKCS#11 slot repository will be defined internally. From the ! * repository, a user can specify a particular slot for a certain crypto ! * mechanism. ! * ! * In some situation, some cryptographic operation should act in a user ! * designated devices. The interfaces defined here provide the way. If ! * the user do not initialize the repository distinctly, the interfaces ! * use the default functions provided by NSS itself. ! * ! ************************************************************************/ ! /** ! * Initialize NSS pkcs#11 slot repository ! * ! * Returns 0 if success or -1 if an error occurs. ! */ ! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; ! ! /** ! * Shutdown and destroy NSS pkcs#11 slot repository ! */ ! XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; ! ! /** ! * Get PKCS#11 slot handler ! * @type the mechanism that the slot must support. ! * ! * Returns a pointer to PKCS#11 slot or NULL if an error occurs. ! * ! * Notes: The returned handler must be destroied distinctly. ! */ ! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; ! ! /** ! * Adopt a pkcs#11 slot with a mechanism into the repository ! * @slot: the pkcs#11 slot. ! * @mech: the mechanism. ! * ! * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with ! * this mechanism only can perform on the @slot. ! * ! * Returns 0 if success or -1 if an error occurs. ! */ ! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; ! ! #ifdef __cplusplus ! } ! #endif /* __cplusplus */ ! ! #endif /* __XMLSEC_NSS_TOKENS_H__ */ ! *** misc/xmlsec1-1.2.6/libxml2-config 2006-05-08 12:20:35.726710000 +0200 --- misc/build/xmlsec1-1.2.6/libxml2-config 2006-05-08 12:19:38.987291000 +0200 *************** *** 1 **** ! dummy --- 1,48 ---- ! #! /bin/sh ! ! if test "$SYSTEM_LIBXML" = "YES" ! then xml2-config "$@"; exit 0 ! fi ! ! prefix=${SOLARVERSION}/${INPATH} ! includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external ! libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT} ! ! while test $# -gt 0; do ! case "$1" in ! -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; ! *) optarg= ;; ! esac ! ! case "$1" in ! --prefix=*) ! prefix=$optarg ! includedir=$prefix/include ! libdir=$prefix/lib ! ;; ! ! --prefix) ! echo $prefix ! ;; ! ! --version) ! echo 2.5.4 ! exit 0 ! ;; ! ! --cflags) ! echo -I${includedir} ! ;; ! ! --libs) ! echo -L${libdir} -lxml2 -lz -lm ! ;; ! ! *) ! exit 1 ! ;; ! esac ! shift ! done ! ! exit 0 *** misc/xmlsec1-1.2.6/ltmain.sh 2004-08-26 08:00:15.000000000 +0200 --- misc/build/xmlsec1-1.2.6/ltmain.sh 2006-05-08 12:19:39.019434000 +0200 *************** *** 2994,3006 **** ;; freebsd-aout) ! major=".$current" ! versuffix=".$current.$revision"; ;; freebsd-elf) ! major=".$current" ! versuffix=".$current"; ;; irix | nonstopux) --- 2994,3006 ---- ;; freebsd-aout) ! major=.`expr $current - $age` ! versuffix="$major.$age.$revision" ;; freebsd-elf) ! major=.`expr $current - $age` ! versuffix="$major.$age.$revision" ;; irix | nonstopux) *************** *** 3564,3570 **** fi else eval flag=\"$hardcode_libdir_flag_spec\" ! dep_rpath="$dep_rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in --- 3564,3571 ---- fi else eval flag=\"$hardcode_libdir_flag_spec\" ! # what the ... ! # dep_rpath="$dep_rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *** misc/xmlsec1-1.2.6/src/bn.c 2004-06-21 20:33:27.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/bn.c 2006-05-08 12:19:39.063224000 +0200 *************** *** 170,177 **** */ int xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { ! xmlSecSize i, len; xmlSecByte ch; int nn; int ret; --- 170,179 ---- */ int xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { ! xmlSecSize i, len, size; xmlSecByte ch; + xmlSecByte* data; + int positive; int nn; int ret; *************** *** 183,189 **** /* trivial case */ len = xmlStrlen(str); if(len == 0) { ! return(0); } /* The result size could not exceed the input string length --- 185,191 ---- /* trivial case */ len = xmlStrlen(str); if(len == 0) { ! return(0); } /* The result size could not exceed the input string length *************** *** 191,244 **** * In truth, it would be likely less than 1/2 input string length * because each byte is represented by 2 chars. If needed, * buffer size would be increased by Mul/Add functions. */ ! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1); if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnRevLookupTable", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", len / 2 + 1); ! return (-1); } ! for(i = 0; i < len; i++) { ! ch = str[i]; ! if(isspace(ch)) { ! continue; ! } ! ! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); ! nn = xmlSecBnLookupTable[ch]; ! if((nn < 0) || ((xmlSecSize)nn > base)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "char=%c;base=%d", ! ch, base); ! return (-1); ! } ! ! ret = xmlSecBnMul(bn, base); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnMul", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } ! ! ret = xmlSecBnAdd(bn, nn); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnAdd", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } } return(0); --- 193,323 ---- * In truth, it would be likely less than 1/2 input string length * because each byte is represented by 2 chars. If needed, * buffer size would be increased by Mul/Add functions. + * Finally, we can add one byte for 00 or 10 prefix. */ ! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1); if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnRevLookupTable", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", len / 2 + 1); ! return (-1); ! } ! ! /* figure out if it is positive or negative number */ ! positive = 1; ! i = 0; ! while(i < len) { ! ch = str[i++]; ! ! /* skip spaces */ ! if(isspace(ch)) { ! continue; ! } ! ! /* check if it is + or - */ ! if(ch == '+') { ! positive = 1; ! break; ! } else if(ch == '-') { ! positive = 0; ! break; ! } ! ! /* otherwise, it must be start of the number */ ! nn = xmlSecBnLookupTable[ch]; ! if((nn >= 0) && ((xmlSecSize)nn < base)) { ! xmlSecAssert2(i > 0, -1); ! ! /* no sign, positive by default */ ! positive = 1; ! --i; /* make sure that we will look at this character in next loop */ ! break; ! } else { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "char=%c;base=%d", ! ch, base); ! return (-1); ! } ! } ! ! /* now parse the number itself */ ! while(i < len) { ! ch = str[i++]; ! if(isspace(ch)) { ! continue; ! } ! ! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); ! nn = xmlSecBnLookupTable[ch]; ! if((nn < 0) || ((xmlSecSize)nn > base)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "char=%c;base=%d", ! ch, base); ! return (-1); ! } ! ! ret = xmlSecBnMul(bn, base); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnMul", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } ! ! ret = xmlSecBnAdd(bn, nn); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnAdd", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } } ! /* check if we need to add 00 prefix */ ! data = xmlSecBufferGetData(bn); ! size = xmlSecBufferGetSize(bn); ! if((size > 0 && data[0] > 127)||(size==0)) { ! ch = 0; ! ret = xmlSecBufferPrepend(bn, &ch, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferPrepend", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } ! } ! ! /* do 2's compliment and add 1 to represent negative value */ ! if(positive == 0) { ! data = xmlSecBufferGetData(bn); ! size = xmlSecBufferGetSize(bn); ! for(i = 0; i < size; ++i) { ! data[i] ^= 0xFF; ! } ! ! ret = xmlSecBnAdd(bn, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnAdd", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! return (-1); ! } } return(0); *************** *** 256,263 **** */ xmlChar* xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { xmlChar* res; ! xmlSecSize i, len; int nn; xmlChar ch; --- 335,346 ---- */ xmlChar* xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { + xmlSecBn bn2; + int positive = 1; xmlChar* res; ! xmlSecSize i, len, size; ! xmlSecByte* data; ! int ret; int nn; xmlChar ch; *************** *** 265,299 **** xmlSecAssert2(base > 1, NULL); xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); /* Result string len is * len = log base (256) * * Since the smallest base == 2 then we can get away with * len = 8 * */ ! len = 8 * xmlSecBufferGetSize(bn) + 1; res = (xmlChar*)xmlMalloc(len + 1); if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! "len=%d", len); ! return (NULL); } memset(res, 0, len + 1); ! for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) { ! if(xmlSecBnDiv(bn, base, &nn) < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnDiv", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! xmlFree(res); ! return (NULL); ! } ! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); ! res[i] = xmlSecBnRevLookupTable[nn]; } xmlSecAssert2(i < len, NULL); --- 348,433 ---- xmlSecAssert2(base > 1, NULL); xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); + + /* copy bn */ + data = xmlSecBufferGetData(bn); + size = xmlSecBufferGetSize(bn); + ret = xmlSecBnInitialize(&bn2, size); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + return (NULL); + } + + ret = xmlSecBnSetData(&bn2, data, size); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnSetData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + xmlSecBnFinalize(&bn2); + return (NULL); + } + + /* check if it is a negative number or not */ + data = xmlSecBufferGetData(&bn2); + size = xmlSecBufferGetSize(&bn2); + if((size > 0) && (data[0] > 127)) { + /* subtract 1 and do 2's compliment */ + ret = xmlSecBnAdd(&bn2, -1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnAdd", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", size); + xmlSecBnFinalize(&bn2); + return (NULL); + } + for(i = 0; i < size; ++i) { + data[i] ^= 0xFF; + } + + positive = 0; + } else { + positive = 1; + } + /* Result string len is * len = log base (256) * * Since the smallest base == 2 then we can get away with * len = 8 * */ ! len = 8 * size + 1 + 1; res = (xmlChar*)xmlMalloc(len + 1); if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! "len=%d", len); ! xmlSecBnFinalize(&bn2); ! return (NULL); } memset(res, 0, len + 1); ! for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) { ! if(xmlSecBnDiv(&bn2, base, &nn) < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnDiv", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "base=%d", base); ! xmlFree(res); ! xmlSecBnFinalize(&bn2); ! return (NULL); ! } ! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); ! res[i] = xmlSecBnRevLookupTable[nn]; } xmlSecAssert2(i < len, NULL); *************** *** 301,313 **** for(len = i; (len > 1) && (res[len - 1] == '0'); len--); res[len] = '\0'; /* swap the string because we wrote it in reverse order */ for(i = 0; i < len / 2; i++) { ! ch = res[i]; ! res[i] = res[len - i - 1]; ! res[len - i - 1] = ch; } return(res); } --- 435,454 ---- for(len = i; (len > 1) && (res[len - 1] == '0'); len--); res[len] = '\0'; + /* add "-" for negative numbers */ + if(positive == 0) { + res[len] = '-'; + res[++len] = '\0'; + } + /* swap the string because we wrote it in reverse order */ for(i = 0; i < len / 2; i++) { ! ch = res[i]; ! res[i] = res[len - i - 1]; ! res[len - i - 1] = ch; } + xmlSecBnFinalize(&bn2); return(res); } *************** *** 392,398 **** } data = xmlSecBufferGetData(bn); ! for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) { xmlSecAssert2(data != NULL, -1); over = over + multiplier * data[--i]; --- 533,541 ---- } data = xmlSecBufferGetData(bn); ! i = xmlSecBufferGetSize(bn); ! over = 0; ! while(i > 0) { xmlSecAssert2(data != NULL, -1); over = over + multiplier * data[--i]; *************** *** 487,529 **** */ int xmlSecBnAdd(xmlSecBnPtr bn, int delta) { ! int over; xmlSecByte* data; xmlSecSize i; xmlSecByte ch; int ret; xmlSecAssert2(bn != NULL, -1); - xmlSecAssert2(delta >= 0, -1); if(delta == 0) { ! return(0); } data = xmlSecBufferGetData(bn); ! for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) { ! xmlSecAssert2(data != NULL, -1); ! over += data[--i]; ! data[i] = over % 256; ! over = over / 256; ! } ! while(over > 0) { ! ch = over % 256; ! over = over / 256; ! ret = xmlSecBufferPrepend(bn, &ch, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferPrepend", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=1"); ! return (-1); ! } } - return(0); } --- 630,686 ---- */ int xmlSecBnAdd(xmlSecBnPtr bn, int delta) { ! int over, tmp; xmlSecByte* data; xmlSecSize i; xmlSecByte ch; int ret; xmlSecAssert2(bn != NULL, -1); if(delta == 0) { ! return(0); } data = xmlSecBufferGetData(bn); ! if(delta > 0) { ! for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) { ! xmlSecAssert2(data != NULL, -1); ! tmp = data[--i]; ! over += tmp; ! data[i] = over % 256; ! over = over / 256; ! } ! while(over > 0) { ! ch = over % 256; ! over = over / 256; ! ret = xmlSecBufferPrepend(bn, &ch, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferPrepend", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=1"); ! return (-1); ! } ! } ! } else { ! for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) { ! xmlSecAssert2(data != NULL, -1); ! ! tmp = data[--i]; ! if(tmp < over) { ! data[i] = 0; ! over = (over - tmp) / 256; ! } else { ! data[i] = tmp - over; ! over = 0; ! } ! } } return(0); } *************** *** 787,793 **** } if(addLineBreaks) { ! xmlNodeAddContent(cur, BAD_CAST "\n"); } switch(format) { --- 944,950 ---- } if(addLineBreaks) { ! xmlNodeAddContent(cur, xmlSecStringCR); } switch(format) { *************** *** 833,839 **** } if(addLineBreaks) { ! xmlNodeAddContent(cur, BAD_CAST "\n"); } return(0); --- 990,996 ---- } if(addLineBreaks) { ! xmlNodeAddContent(cur, xmlSecStringCR); } return(0); *** misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 16:57:20.000000000 +0100 --- misc/build/xmlsec1-1.2.6/src/dl.c 2006-05-08 12:19:39.082717000 +0200 *************** *** 329,334 **** --- 329,338 ---- xmlSecCryptoDLInit(void) { int ret; + /* use xmlMalloc/xmlFree */ + xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; + xmlsec_lt_dlfree = xmlSecCryptoDLFree; + ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass()); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 350,358 **** } /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */ - /* use xmlMalloc/xmlFree */ - xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; - xmlsec_lt_dlfree = xmlSecCryptoDLFree; return(0); } --- 354,359 ---- *** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2006-05-08 12:20:35.610428000 +0200 --- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2006-05-08 12:19:39.098982000 +0200 *************** *** 1 **** ! dummy --- 1,235 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright......................... ! */ ! #include "globals.h" ! ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! ! /** ! * xmlSecMSCryptoAppliedKeysMngrCreate: ! * @hKeyStore: the pointer to key store. ! * @hCertStore: the pointer to certificate database. ! * ! * Create and load key store and certificate database into keys manager ! * ! * Returns keys manager pointer on success or NULL otherwise. ! */ ! xmlSecKeysMngrPtr ! xmlSecMSCryptoAppliedKeysMngrCreate( ! HCERTSTORE hKeyStore , ! HCERTSTORE hCertStore ! ) { ! xmlSecKeyDataStorePtr certStore = NULL ; ! xmlSecKeysMngrPtr keyMngr = NULL ; ! xmlSecKeyStorePtr keyStore = NULL ; ! ! keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeyStoreCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return NULL ; ! } ! ! /*- ! * At present, MS Crypto engine do not provide a way to setup a key store. ! */ ! if( keyStore != NULL ) { ! /*TODO: binding key store.*/ ! } ! ! keyMngr = xmlSecKeysMngrCreate() ; ! if( keyMngr == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! return NULL ; ! } ! ! /*- ! * Add key store to manager, from now on keys manager destroys the store if ! * needed ! */ ! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecKeysMngrAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! /*- ! * Initialize crypto library specific data in keys manager ! */ ! if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecMSCryptoKeysMngrInit" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! /*- ! * Set certificate databse to X509 key data store ! */ ! /*- ! * At present, MS Crypto engine do not provide a way to setup a cert store. ! */ ! ! /*- ! * Set the getKey callback ! */ ! keyMngr->getKey = xmlSecKeysMngrGetKey ; ! ! return keyMngr ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY symKey ! ) { ! /*TODO: import the key into keys manager.*/ ! return(0) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY pubKey ! ) { ! /*TODO: import the key into keys manager.*/ ! return(0) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( ! xmlSecKeysMngrPtr mngr , ! HCRYPTKEY priKey ! ) { ! /*TODO: import the key into keys manager.*/ ! return(0) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE keyStore ! ) { ! xmlSecKeyDataStorePtr x509Store ; ! ! xmlSecAssert2( mngr != NULL, -1 ) ; ! xmlSecAssert2( keyStore != NULL, -1 ) ; ! ! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ! if( x509Store == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetDataStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ! "xmlSecMSCryptoX509StoreAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! return( 0 ) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE trustedStore ! ) { ! xmlSecKeyDataStorePtr x509Store ; ! ! xmlSecAssert2( mngr != NULL, -1 ) ; ! xmlSecAssert2( trustedStore != NULL, -1 ) ; ! ! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ! if( x509Store == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetDataStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ! "xmlSecMSCryptoX509StoreAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! return( 0 ) ; ! } ! ! int ! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( ! xmlSecKeysMngrPtr mngr , ! HCERTSTORE untrustedStore ! ) { ! xmlSecKeyDataStorePtr x509Store ; ! ! xmlSecAssert2( mngr != NULL, -1 ) ; ! xmlSecAssert2( untrustedStore != NULL, -1 ) ; ! ! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; ! if( x509Store == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetDataStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , ! "xmlSecMSCryptoX509StoreAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ) ; ! } ! ! return( 0 ) ; ! } ! *** misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 06:06:43.000000000 +0100 --- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2006-05-08 12:19:39.118188000 +0200 *************** *** 41,46 **** --- 41,47 ---- * a public key from xml document is provided, we need HCRYPTKEY.... The focus * now is however directed to certificates. Wouter */ + /** replaced by a wrapper style for WINNT 4.0 struct _xmlSecMSCryptoKeyDataCtx { HCRYPTPROV hProv; BOOL fCallerFreeProv; *************** *** 51,56 **** --- 52,175 ---- HCRYPTKEY hKey; xmlSecKeyDataType type; }; + */ + /*- + * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is + * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support + * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 + */ + struct _mscrypt_key { + HCRYPTKEY hKey ; + int refcnt ; + } ; + + /*- + * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is + * the same as CryptContextAddRef. Because the CryptContextAddRef is not support + * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 + */ + struct _mscrypt_prov { + HCRYPTPROV hProv ; + BOOL freeprov ; + int refcnt ; + } ; + + struct _xmlSecMSCryptoKeyDataCtx { + struct _mscrypt_prov* p_prov ; + LPCTSTR providerName; + DWORD providerType; + PCCERT_CONTEXT pCert; + DWORD dwKeySpec; + struct _mscrypt_key* p_key ; + xmlSecKeyDataType type; + }; + + struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) { + struct _mscrypt_key* pkey ; + + pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ; + if( pkey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + "mscrypt_create_key" , + NULL , + XMLSEC_ERRORS_R_MALLOC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE + ) ; + } + + pkey->hKey = key ; + pkey->refcnt = 1 ; + + return pkey ; + } + + struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) { + if( key ) + key->refcnt ++ ; + + return key ; + } + + int mscrypt_release_key( struct _mscrypt_key* key ) { + if( key ) { + key->refcnt -- ; + if( !key->refcnt ) { + if( key->hKey ) { + CryptDestroyKey( key->hKey ) ; + key->hKey = 0 ; + } + xmlFree( key ) ; + } else { + return key->refcnt ; + } + } + + return 0 ; + } + + struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) { + struct _mscrypt_prov* pprov ; + + pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ; + if( pprov == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + "mscrypt_create_prov" , + NULL , + XMLSEC_ERRORS_R_MALLOC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE + ) ; + } + + pprov->hProv = prov ; + pprov->freeprov = callerFree ; + pprov->refcnt = 1 ; + + return pprov ; + } + + struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) { + if( prov ) + prov->refcnt ++ ; + + return prov ; + } + + int mscrypt_release_prov( struct _mscrypt_prov* prov ) { + if( prov ) { + prov->refcnt -- ; + if( !prov->refcnt ) { + if( prov->hProv && prov->freeprov ) { + CryptReleaseContext( prov->hProv, 0 ) ; + prov->hProv = 0 ; + } + xmlFree( prov ) ; + } else { + return prov->refcnt ; + } + } + + return 0 ; + } /****************************************************************************** * *************** *** 88,111 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! if (ctx->hKey != 0) { ! CryptDestroyKey(ctx->hKey); ! ctx->hKey = 0; ! } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } ! if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { ! CryptReleaseContext(ctx->hProv, 0); ! ctx->hProv = 0; ! ctx->fCallerFreeProv = FALSE; ! } else { ! ctx->hProv = 0; ! ctx->fCallerFreeProv = FALSE; ! } ctx->type = type; --- 207,226 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! if( ctx->p_key != 0 ) { ! mscrypt_release_key( ctx->p_key ) ; ! } ! ctx->p_key = mscrypt_create_key( 0 ) ; if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } ! if( ( ctx->p_prov ) ) { ! mscrypt_release_prov( ctx->p_prov ) ; ! } ! ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ; ctx->type = type; *************** *** 116,124 **** if (!CryptAcquireCertificatePrivateKey(pCert, CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, ! &(ctx->hProv), &(ctx->dwKeySpec), ! &(ctx->fCallerFreeProv))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "CryptAcquireCertificatePrivateKey", --- 231,239 ---- if (!CryptAcquireCertificatePrivateKey(pCert, CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, NULL, ! &(ctx->p_prov->hProv), &(ctx->dwKeySpec), ! &(ctx->p_prov->freeprov))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "CryptAcquireCertificatePrivateKey", *************** *** 127,172 **** return(-1); } } else if((type & xmlSecKeyDataTypePublic) != 0){ ! if (!CryptAcquireContext(&(ctx->hProv), NULL, ! ctx->providerName, ctx->providerType, CRYPT_VERIFYCONTEXT)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CryptAcquireContext", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ctx->dwKeySpec = 0; ! ctx->fCallerFreeProv = TRUE; } else { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_XMLSEC_FAILED, "Unsupported keytype"); ! return(-1); ! } ! ! /* CryptImportPublicKeyInfo is only needed when a real key handle ! * is needed. The key handle is needed for de/encrypting and for ! * verifying of a signature, *not* for signing. We could call ! * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead ! * so no unnessecary calls to CryptImportPublicKeyInfo are being ! * made. WK ! */ ! if(!CryptImportPublicKeyInfo(ctx->hProv, ! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ! &(pCert->pCertInfo->SubjectPublicKeyInfo), ! &(ctx->hKey))) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CryptImportPublicKeyInfo", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } ctx->pCert = pCert; --- 242,280 ---- return(-1); } } else if((type & xmlSecKeyDataTypePublic) != 0){ ! if (!CryptAcquireContext(&(ctx->p_prov->hProv), NULL, ! NULL, /*AF: replaces "ctx->providerName" with "NULL" */ ctx->providerType, CRYPT_VERIFYCONTEXT)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CryptAcquireContext", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ctx->dwKeySpec = 0; ! ctx->p_prov->freeprov = TRUE; ! ! if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv, ! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ! &(pCert->pCertInfo->SubjectPublicKeyInfo), ! &(ctx->p_key->hKey) ) ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CryptImportPublicKeyInfo", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } } else { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_XMLSEC_FAILED, "Unsupported keytype"); ! return(-1); } ctx->pCert = pCert; *************** *** 190,218 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! if(ctx->hKey != 0) { ! CryptDestroyKey(ctx->hKey); ! ctx->hKey = 0; ! } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } ! if((ctx->hProv != 0) && ctx->fCallerFreeProv) { ! CryptReleaseContext(ctx->hProv, 0); ! ctx->hProv = 0; ! ctx->fCallerFreeProv = FALSE; ! } else { ! ctx->hProv = 0; ! ctx->fCallerFreeProv = FALSE; ! } ! ctx->hProv = hProv; ! ctx->fCallerFreeProv = fCallerFreeProv; ctx->dwKeySpec = dwKeySpec; ! ctx->hKey = hKey; ctx->type = type; return(0); --- 298,323 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! if( ctx->p_key != 0 ) { ! mscrypt_release_key( ctx->p_key ) ; ! ctx->p_key = NULL ; ! } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); ctx->pCert = NULL; } ! if( ( ctx->p_prov ) ) { ! mscrypt_release_prov( ctx->p_prov ) ; ! ctx->p_prov = NULL ; ! } else { ! ctx->p_prov = NULL ; ! } ! ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ; ctx->dwKeySpec = dwKeySpec; ! ctx->p_key = mscrypt_create_key( hKey ) ; ctx->type = type; return(0); *************** *** 238,244 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); ! return(ctx->hKey); } /** --- 343,349 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); ! return( ctx->p_key ? ctx->p_key->hKey : 0 ); } /** *************** *** 273,279 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); ! return(ctx->hProv); } DWORD --- 378,384 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); ! return( ctx->p_prov ? ctx->p_prov->hProv : 0 ); } DWORD *************** *** 316,340 **** XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - } - - if (ctxSrc->hKey != 0) { - if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CryptDuplicateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } } ! if(ctxSrc->hProv != 0) { ! CryptContextAddRef(ctxSrc->hProv, NULL, 0); ! ctxDst->hProv = ctxSrc->hProv; ! ctxDst->fCallerFreeProv = TRUE; ! } else { ! ctxDst->hProv = 0; ! ctxDst->fCallerFreeProv = FALSE; } ctxDst->dwKeySpec = ctxSrc->dwKeySpec; --- 421,456 ---- XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } ! ! if( ctxSrc->p_key ) { ! if( ctxDst->p_key ) ! mscrypt_release_key( ctxDst->p_key ) ; ! ! ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ; ! if( !ctxDst->p_key ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), ! "mscrypt_acquire_key", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! ! if( ctxSrc->p_prov ) { ! if( ctxDst->p_prov ) ! mscrypt_release_prov( ctxDst->p_prov ) ; ! ! ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ; ! if( !ctxDst->p_prov ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), ! "mscrypt_acquire_prov", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } } ctxDst->dwKeySpec = ctxSrc->dwKeySpec; *************** *** 355,370 **** ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert(ctx != NULL); ! if (ctx->hKey != 0) { ! CryptDestroyKey(ctx->hKey); } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); } ! if ((ctx->hProv != 0) && ctx->fCallerFreeProv) { ! CryptReleaseContext(ctx->hProv, 0); } memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); --- 471,486 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert(ctx != NULL); ! if( ctx->p_key ) { ! mscrypt_release_key( ctx->p_key ) ; } if(ctx->pCert != NULL) { CertFreeCertificateContext(ctx->pCert); } ! if( ctx->p_prov ) { ! mscrypt_release_prov( ctx->p_prov ) ; } memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); *************** *** 384,397 **** xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); ! } else if (ctx->hKey != 0) { DWORD length = 0; DWORD lenlen = sizeof(DWORD); ! ! if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "CertDuplicateCertificateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(0); --- 500,513 ---- xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); ! } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) { DWORD length = 0; DWORD lenlen = sizeof(DWORD); ! ! if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "CryptGetKeyParam", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(0); *************** *** 938,946 **** ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->hKey != 0, -1); ! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", --- 1054,1063 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->p_key != 0, -1); ! xmlSecAssert2(ctx->p_key->hKey != 0, -1); ! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", *************** *** 960,966 **** } blob = xmlSecBufferGetData(&buf); ! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", --- 1077,1083 ---- } blob = xmlSecBufferGetData(&buf); ! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", *************** *** 1797,1805 **** ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->hKey != 0, -1); ! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", --- 1914,1923 ---- ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->p_key != 0, -1); ! xmlSecAssert2(ctx->p_key->hKey != 0, -1); ! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", *************** *** 1819,1825 **** } blob = xmlSecBufferGetData(&buf); ! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", --- 1937,1943 ---- } blob = xmlSecBufferGetData(&buf); ! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "CryptExportKey", *************** *** 2010,2016 **** HCRYPTKEY hKey = 0; DWORD dwKeySpec; DWORD dwSize; - int res = -1; int ret; xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); --- 2128,2133 ---- *************** *** 2043,2054 **** dwKeySpec = AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { ! xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CryptGenKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! goto done; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, --- 2160,2173 ---- dwKeySpec = AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { ! xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CryptGenKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! if (hProv != 0) ! CryptReleaseContext(hProv, 0); ! return -1 ; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, *************** *** 2059,2082 **** "xmlSecMSCryptoKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! hProv = 0; ! hKey = 0; ! /* success */ ! res = 0; ! ! done: ! if (hProv != 0) { ! CryptReleaseContext(ctx->hProv, 0); } ! if (hKey != 0) { ! CryptDestroyKey(hKey); ! } ! ! return(res); } static xmlSecKeyDataType --- 2178,2194 ---- "xmlSecMSCryptoKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! if( hKey != 0 ) ! CryptDestroyKey( hKey ) ; ! if( hProv != 0 ) ! CryptReleaseContext( hProv, 0 ) ; ! return -1 ; } + hProv = 0 ; + hKey = 0 ; ! return 0 ; } static xmlSecKeyDataType *** misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 03:38:51.000000000 +0100 --- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2006-05-08 12:19:39.142137000 +0200 *************** *** 330,342 **** BYTE* xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { BYTE* str = NULL; ! xmlSecAssert2(pszX500 != NULL, NULL); xmlSecAssert2(len != NULL, NULL); if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, ! NULL, NULL, len, NULL)) { /* this might not be an error, string might just not exist */ return(NULL); } --- 330,344 ---- BYTE* xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { BYTE* str = NULL; ! LPCTSTR ppszError = NULL; ! xmlSecAssert2(pszX500 != NULL, NULL); xmlSecAssert2(len != NULL, NULL); if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, ! NULL, NULL, len, &ppszError)) { /* this might not be an error, string might just not exist */ + DWORD dw = GetLastError(); return(NULL); } *** misc/xmlsec1-1.2.6/src/mscrypto/digests.c 2003-09-30 04:09:51.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/mscrypto/digests.c 2006-05-08 12:19:39.156282000 +0200 *************** *** 96,107 **** /* TODO: Check what provider is best suited here.... */ if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } return(0); --- 96,110 ---- /* TODO: Check what provider is best suited here.... */ if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { ! //#i57942# This is also committed in rev 1.4 of this file in the xmlsec project ! if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! } ! return(0); } return(0); *** misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 02:58:13.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2006-05-08 12:19:39.176194000 +0200 *************** *** 1572,1577 **** --- 1572,1578 ---- xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecMSCryptoX509DataCtxPtr ctx; xmlSecKeyDataStorePtr x509Store; + PCCERT_CONTEXT pCert ; int ret; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1); *************** *** 1610,1615 **** --- 1611,1619 ---- return(-1); } + /*- + * Get Public key from cert, which does not always work for sign action. + * keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 1619,1624 **** --- 1623,1673 ---- XMLSEC_ERRORS_NO_MESSAGE); return(-1); } + */ + + /*- + * I'll search key according to KeyReq. + */ + pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; + if( pCert == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CertDuplicateCertificateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + return(-1); + } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoCertAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + CertFreeCertificateContext( pCert ) ; + return(-1); + } + pCert = NULL ; + } + + /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { *************** *** 1882,1888 **** xmlSecAssert2(nm->pbData != NULL, NULL); xmlSecAssert2(nm->cbData > 0, NULL); ! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0); str = (char *)xmlMalloc(csz); if (NULL == str) { xmlSecError(XMLSEC_ERRORS_HERE, --- 1931,1937 ---- xmlSecAssert2(nm->pbData != NULL, NULL); xmlSecAssert2(nm->cbData > 0, NULL); ! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); str = (char *)xmlMalloc(csz); if (NULL == str) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 1893,1899 **** return (NULL); } ! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz); if (csz < 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, --- 1942,1948 ---- return (NULL); } ! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz); if (csz < 1) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, *************** *** 1904,1920 **** return(NULL); } ! res = xmlStrdup(BAD_CAST str); ! if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlStrdup", ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlFree(str); ! return(NULL); } - xmlFree(str); return(res); } --- 1953,1989 ---- return(NULL); } ! /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead. ! * don't ask me how is it possible not to read something you wrote yourself but also ! * see comment in the xmlSecMSCryptoX509FindCert function. ! */ ! if(strncmp(str, "E=", 2) == 0) { ! res = xmlMalloc(strlen(str) + 13 + 1); ! if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlMalloc", ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! "size=%d", ! strlen(str) + 13 + 1); ! xmlFree(str); ! return(NULL); ! } ! ! memcpy(res, "emailAddress=", 13); ! strcpy(res + 13, BAD_CAST (str + 2)); ! } else { ! res = xmlStrdup(BAD_CAST str); ! if(res == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlStrdup", ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlFree(str); ! return(NULL); ! } } xmlFree(str); return(res); } *** misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 05:12:22.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2006-05-08 12:19:39.203022000 +0200 *************** *** 125,130 **** --- 125,131 ---- xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { xmlSecMSCryptoX509StoreCtxPtr ctx; + PCCERT_CONTEXT pCert ; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); *************** *** 132,141 **** ctx = xmlSecMSCryptoX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->untrusted != NULL, NULL); ! return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski)); ! } static void xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { --- 133,149 ---- ctx = xmlSecMSCryptoX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->untrusted != NULL, NULL); + xmlSecAssert2(ctx->trusted != NULL, NULL); ! pCert = NULL ; ! if( ctx->untrusted != NULL ) ! pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ; ! ! if( ctx->trusted != NULL && pCert == NULL ) ! pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ; + return( pCert ) ; + } static void xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { *************** *** 252,268 **** } static BOOL ! xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, ! xmlSecKeyInfoCtx* keyInfoCtx) { xmlSecMSCryptoX509StoreCtxPtr ctx; PCCERT_CONTEXT issuerCert = NULL; FILETIME fTime; DWORD flags; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); xmlSecAssert2(cert != NULL, FALSE); xmlSecAssert2(cert->pCertInfo != NULL, FALSE); ! xmlSecAssert2(certs != NULL, FALSE); xmlSecAssert2(keyInfoCtx != NULL, FALSE); ctx = xmlSecMSCryptoX509StoreGetCtx(store); --- 260,281 ---- } static BOOL ! xmlSecMSCryptoX509StoreConstructCertsChain( ! xmlSecKeyDataStorePtr store , ! PCCERT_CONTEXT cert , ! HCERTSTORE certStore , ! xmlSecKeyInfoCtx* keyInfoCtx ! ) { xmlSecMSCryptoX509StoreCtxPtr ctx; PCCERT_CONTEXT issuerCert = NULL; FILETIME fTime; DWORD flags; + BOOL selfSigned ; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); xmlSecAssert2(cert != NULL, FALSE); xmlSecAssert2(cert->pCertInfo != NULL, FALSE); ! xmlSecAssert2(certStore != NULL, FALSE); xmlSecAssert2(keyInfoCtx != NULL, FALSE); ctx = xmlSecMSCryptoX509StoreGetCtx(store); *************** *** 283,342 **** return(FALSE); } ! if (!xmlSecMSCryptoCheckRevocation(certs, cert)) { return(FALSE); } ! /* try the untrusted certs in the chain */ ! issuerCert = CertFindCertificateInStore(certs, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, ! &(cert->pCertInfo->Issuer), NULL); ! if(issuerCert == cert) { ! /* self signed cert, forget it */ ! CertFreeCertificateContext(issuerCert); ! } else if(issuerCert != NULL) { ! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! CertFreeCertificateContext(issuerCert); ! return(TRUE); } ! /* try the untrusted certs in the store */ ! issuerCert = CertFindCertificateInStore(ctx->untrusted, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &(cert->pCertInfo->Issuer), NULL); ! if(issuerCert == cert) { ! /* self signed cert, forget it */ ! CertFreeCertificateContext(issuerCert); ! } else if(issuerCert != NULL) { ! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { ! CertFreeCertificateContext(issuerCert); ! return(FALSE); } - CertFreeCertificateContext(issuerCert); - return(TRUE); - } /* try to find issuer cert in the trusted cert in the store */ issuerCert = CertFindCertificateInStore(ctx->trusted, --- 296,380 ---- return(FALSE); } ! if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) { return(FALSE); } ! /*- ! * Firstly try to find the cert in the trusted cert store. We will trust ! * the certificate in the trusted store. ! */ ! issuerCert = CertFindCertificateInStore(ctx->trusted, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, ! &(cert->pCertInfo->Subject), NULL); ! if( issuerCert != NULL ) { ! /* We have found the trusted cert, so return true */ ! CertFreeCertificateContext( issuerCert ) ; ! return( TRUE ) ; } ! /* Check whether the certificate is self signed certificate */ ! selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ; ! ! /* try the untrusted certs in the chain */ ! if( !selfSigned ) { ! issuerCert = CertFindCertificateInStore(certStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &(cert->pCertInfo->Issuer), NULL); ! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { ! /* self signed cert, forget it */ ! CertFreeCertificateContext(issuerCert); ! } else if(issuerCert != NULL) { ! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! ! CertFreeCertificateContext(issuerCert); ! return(TRUE); ! } ! } ! ! /* try the untrusted certs in the store */ ! if( !selfSigned ) { ! issuerCert = CertFindCertificateInStore(ctx->untrusted, ! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ! 0, ! CERT_FIND_SUBJECT_NAME, ! &(cert->pCertInfo->Issuer), ! NULL); ! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { ! /* self signed cert, forget it */ ! CertFreeCertificateContext(issuerCert); ! } else if(issuerCert != NULL) { ! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; ! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { ! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { ! CertFreeCertificateContext(issuerCert); ! return(FALSE); ! } ! ! CertFreeCertificateContext(issuerCert); ! return(TRUE); ! } } /* try to find issuer cert in the trusted cert in the store */ issuerCert = CertFindCertificateInStore(ctx->trusted, *************** *** 379,404 **** xmlSecAssert2(certs != NULL, NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); ! while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){ ! PCCERT_CONTEXT nextCert = NULL; ! xmlSecAssert2(cert->pCertInfo != NULL, NULL); ! /* if cert is the issuer of any other cert in the list, then it is ! * to be skipped */ ! nextCert = CertFindCertificateInStore(certs, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, &(cert->pCertInfo->Subject), ! NULL); ! if(nextCert != NULL) { ! CertFreeCertificateContext(nextCert); ! continue; ! } ! if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { ! return(cert); ! } } return (NULL); --- 417,477 ---- xmlSecAssert2(certs != NULL, NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); ! while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) { ! PCCERT_CONTEXT nextCert ; ! unsigned char selected ; ! xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ; ! /* if cert is the issuer of any other cert in the list, then it is ! * to be skipped except that the cert list only have one self-signed ! * certificate. ! */ ! for( selected = 0, nextCert = NULL ; ; ) { ! nextCert = CertFindCertificateInStore( certs, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, &(cert->pCertInfo->Subject), ! nextCert ) ; ! if( nextCert != NULL ) { ! if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) { ! selected = 1 ; ! continue ; ! } else { ! selected = 0 ; ! break ; ! } ! } else { ! selected = 1 ; ! break ; ! } ! } ! ! if( nextCert != NULL ) ! CertFreeCertificateContext( nextCert ) ; ! ! if( !selected ) { ! continue ; ! } ! ! /* JL: OpenOffice.org implements its own certificate verification routine. ! The goal is to seperate validation of the signature ! and the certificate. For example, OOo could show that the document signature is valid, ! but the certificate could not be verified. If we do not prevent the verification of ! the certificate by libxmlsec and the verification fails, then the XML signature will not be ! verified. This would happen, for example, if the root certificate is not installed. ! ! In the store schould only be the certificate from the X509Certificate element ! and the X509IssuerSerial element. The latter is only there ! if the certificate is installed. Both certificates must be the same! ! In case of writing the signature, the store contains only the certificate that ! was created based on the information from the X509IssuerSerial element. */ ! return cert; ! ! /* if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) { ! return( cert ) ; ! } */ } return (NULL); *************** *** 458,466 **** --- 531,656 ---- return(0); } + int + xmlSecMSCryptoX509StoreAdoptKeyStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE keyStore + ) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( keyStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); + } + + int + xmlSecMSCryptoX509StoreAdoptTrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE trustedStore + ) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( trustedStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); + } + + int + xmlSecMSCryptoX509StoreAdoptUntrustedStore ( + xmlSecKeyDataStorePtr store, + HCERTSTORE untrustedStore + ) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + xmlSecAssert2( untrustedStore != NULL, -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->untrusted != NULL, -1); + + if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + { + PCCERT_CONTEXT ptCert ; + + ptCert = NULL ; + while( 1 ) { + ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ; + if( ptCert == NULL ) + break ; + } + } + + return(0); + } + static int xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { xmlSecMSCryptoX509StoreCtxPtr ctx; + HCERTSTORE hTrustedMemStore ; + HCERTSTORE hUntrustedMemStore ; + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ctx = xmlSecMSCryptoX509StoreGetCtx(store); *************** *** 468,503 **** memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); /* create trusted certs store */ ! ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); ! if(ctx->trusted == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ! /* create trusted certs store */ ! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); ! if(ctx->untrusted == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); } --- 658,761 ---- memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); + /* create trusted certs store collection */ + ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, + 0, + NULL, + 0, + NULL); + if(ctx->trusted == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + /* create trusted certs store */ ! hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); ! if(hTrustedMemStore == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + ctx->trusted = NULL ; return(-1); } ! /* add the memory trusted certs store to trusted certs store collection */ ! if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CertAddStoreToCollection", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ! ctx->trusted = NULL ; ! return(-1); ! } ! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ! ! /* create untrusted certs store collection */ ! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, ! 0, ! NULL, ! 0, ! NULL); ! if(ctx->untrusted == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CertOpenStore", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ! ctx->trusted = NULL ; ! return(-1); ! } ! ! /* create untrusted certs store */ ! hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); ! if(hUntrustedMemStore == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "CertOpenStore", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); + ctx->trusted = NULL ; + ctx->untrusted = NULL ; return(-1); } + /* add the memory trusted certs store to untrusted certs store collection */ + if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertAddStoreToCollection", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); + CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + ctx->trusted = NULL ; + ctx->untrusted = NULL ; + return(-1); + } + CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + return(0); } *************** *** 567,576 **** --- 825,865 ---- if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) { xmlSecBn issuerSerialBn; + xmlChar * p; CERT_NAME_BLOB cnb; + CRYPT_INTEGER_BLOB cib; BYTE *cName = NULL; DWORD cNameLen = 0; + + /* aleksey: for some unknown to me reasons, mscrypto wants Email + * instead of emailAddress. This code is not bullet proof and may + * produce incorrect results if someone has "emailAddress=" string + * in one of the fields, but it is best I can suggest to fix this problem. + * Also see xmlSecMSCryptoX509NameWrite function. + */ + while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) { + memcpy(p, " Email=", 13); + } + + + + /* get issuer name */ + cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + issuerName, + CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, + &cNameLen); + if(cName == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecMSCryptoCertStrToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return (NULL); + } + cnb.pbData = cName; + cnb.cbData = cNameLen; + /* get serial number */ ret = xmlSecBnInitialize(&issuerSerialBn, 0); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 578,583 **** --- 867,873 ---- "xmlSecBnInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(cName); return(NULL); } *************** *** 589,614 **** XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); ! return(NULL); } ! cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ! issuerName, ! CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ! &cNameLen); ! if(cName == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecMSCryptoCertStrToName", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); ! return (NULL); } ! cnb.pbData = cName; ! cnb.cbData = cNameLen; ! while((pCert = CertFindCertificateInStore(store, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, --- 879,908 ---- XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); ! xmlFree(cName); ! return(NULL); } ! /* I have no clue why at a sudden a swap is needed to ! * convert from lsb... This code is purely based upon ! * trial and error :( WK ! */ ! ret = xmlSecBnReverse(&issuerSerialBn); ! if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecBnReverse", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecBnFinalize(&issuerSerialBn); ! xmlFree(cName); ! return(NULL); } ! cib.pbData = xmlSecBufferGetData(&issuerSerialBn); ! cib.cbData = xmlSecBufferGetSize(&issuerSerialBn); ! ! while((pCert = CertFindCertificateInStore(store, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, CERT_FIND_ISSUER_NAME, *************** *** 622,631 **** if((pCert->pCertInfo != NULL) && (pCert->pCertInfo->SerialNumber.pbData != NULL) && (pCert->pCertInfo->SerialNumber.cbData > 0) && ! (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData, ! pCert->pCertInfo->SerialNumber.cbData))) { ! ! break; } } xmlFree(cName); --- 916,924 ---- if((pCert->pCertInfo != NULL) && (pCert->pCertInfo->SerialNumber.pbData != NULL) && (pCert->pCertInfo->SerialNumber.cbData > 0) && ! (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE) ! ) { ! break; } } xmlFree(cName); *** misc/xmlsec1-1.2.6/src/nss/akmngr.c 2006-05-08 12:20:35.581067000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2006-05-08 12:20:20.572545000 +0200 *************** *** 1 **** ! dummy --- 1,384 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright......................... ! */ ! #include "globals.h" ! ! #include ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! #include ! #include ! ! /** ! * xmlSecNssAppliedKeysMngrCreate: ! * @slot: array of pointers to NSS PKCS#11 slot infomation. ! * @cSlots: number of slots in the array ! * @handler: the pointer to NSS certificate database. ! * ! * Create and load NSS crypto slot and certificate database into keys manager ! * ! * Returns keys manager pointer on success or NULL otherwise. ! */ ! xmlSecKeysMngrPtr ! xmlSecNssAppliedKeysMngrCreate( ! PK11SlotInfo** slots, ! int cSlots, ! CERTCertDBHandle* handler ! ) { ! xmlSecKeyDataStorePtr certStore = NULL ; ! xmlSecKeysMngrPtr keyMngr = NULL ; ! xmlSecKeyStorePtr keyStore = NULL ; ! int islot = 0; ! keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeyStoreCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return NULL ; ! } ! ! for (islot = 0; islot < cSlots; islot++) ! { ! xmlSecNssKeySlotPtr keySlot ; ! ! /* Create a key slot */ ! keySlot = xmlSecNssKeySlotCreate() ; ! if( keySlot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecNssKeySlotCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! return NULL ; ! } ! ! /* Set slot */ ! if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecNssKeySlotSetSlot" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return NULL ; ! } ! ! /* Adopt keySlot */ ! if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecNssKeysStoreAdoptKeySlot" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return NULL ; ! } ! } ! ! keyMngr = xmlSecKeysMngrCreate() ; ! if( keyMngr == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! return NULL ; ! } ! ! /*- ! * Add key store to manager, from now on keys manager destroys the store if ! * needed ! */ ! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecKeysMngrAdoptKeyStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyStoreDestroy( keyStore ) ; ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! /*- ! * Initialize crypto library specific data in keys manager ! */ ! if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! /*- ! * Set certificate databse to X509 key data store ! */ ! /** ! * Because Tej's implementation of certDB use the default DB, so I ignore ! * the certDB handler at present. I'll modify the cert store sources to ! * accept particular certDB instead of default ones. ! certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; ! if( certStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecKeysMngrGetDataStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! ! if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , ! "xmlSecNssKeyDataStoreX509SetCertDb" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeysMngrDestroy( keyMngr ) ; ! return NULL ; ! } ! */ ! ! /*- ! * Set the getKey callback ! */ ! keyMngr->getKey = xmlSecKeysMngrGetKey ; ! ! return keyMngr ; ! } ! ! int ! xmlSecNssAppliedKeysMngrSymKeyLoad( ! xmlSecKeysMngrPtr mngr , ! PK11SymKey* symKey ! ) { ! xmlSecKeyPtr key ; ! xmlSecKeyDataPtr data ; ! xmlSecKeyStorePtr keyStore ; ! ! xmlSecAssert2( mngr != NULL , -1 ) ; ! xmlSecAssert2( symKey != NULL , -1 ) ; ! ! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetKeysStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ! ! data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; ! if( data == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! ! key = xmlSecKeyCreate() ; ! if( key == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecKeySetValue( key , data ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDestroy( key ) ; ! return(-1) ; ! } ! ! return(0) ; ! } ! ! int ! xmlSecNssAppliedKeysMngrPubKeyLoad( ! xmlSecKeysMngrPtr mngr , ! SECKEYPublicKey* pubKey ! ) { ! xmlSecKeyPtr key ; ! xmlSecKeyDataPtr data ; ! xmlSecKeyStorePtr keyStore ; ! ! xmlSecAssert2( mngr != NULL , -1 ) ; ! xmlSecAssert2( pubKey != NULL , -1 ) ; ! ! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetKeysStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ! ! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; ! if( data == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssPKIAdoptKey" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! ! key = xmlSecKeyCreate() ; ! if( key == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecKeySetValue( key , data ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDestroy( key ) ; ! return(-1) ; ! } ! ! return(0) ; ! } ! ! int ! xmlSecNssAppliedKeysMngrPriKeyLoad( ! xmlSecKeysMngrPtr mngr , ! SECKEYPrivateKey* priKey ! ) { ! xmlSecKeyPtr key ; ! xmlSecKeyDataPtr data ; ! xmlSecKeyStorePtr keyStore ; ! ! xmlSecAssert2( mngr != NULL , -1 ) ; ! xmlSecAssert2( priKey != NULL , -1 ) ; ! ! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; ! if( keyStore == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeysMngrGetKeysStore" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; ! ! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; ! if( data == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssPKIAdoptKey" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! ! key = xmlSecKeyCreate() ; ! if( key == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecKeySetValue( key , data ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSymKeyDataKeyAdopt" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDestroy( key ) ; ! return(-1) ; ! } ! ! return(0) ; ! } ! *** misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 02:58:15.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2006-05-08 12:19:39.240657000 +0200 *************** *** 1,838 **** ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright (C) 2002-2003 Aleksey Sanin ! * Copyright (c) 2003 America Online, Inc. All rights reserved. ! */ #include "globals.h" #include - #include #include - #include #include #include #include #include #include #include ! #define XMLSEC_NSS_MAX_KEY_SIZE 32 ! #define XMLSEC_NSS_MAX_IV_SIZE 32 ! #define XMLSEC_NSS_MAX_BLOCK_SIZE 32 ! ! /************************************************************************** ! * ! * Internal Nss Block cipher CTX * ! *****************************************************************************/ ! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, ! *xmlSecNssBlockCipherCtxPtr; struct _xmlSecNssBlockCipherCtx { ! CK_MECHANISM_TYPE cipher; ! PK11Context* cipherCtx; ! xmlSecKeyDataId keyId; ! int keyInitialized; ! int ctxInitialized; ! xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; ! xmlSecSize keySize; ! xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; ! xmlSecSize ivSize; ! }; ! static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, ! xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx); ! static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, ! xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx); ! static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, ! xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx); ! static int ! xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx) { ! SECItem keyItem; ! SECItem ivItem; ! PK11SlotInfo* slot; ! PK11SymKey* symKey; ! int ivLen; ! SECStatus rv; ! int ret; ! ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->cipher != 0, -1); ! xmlSecAssert2(ctx->cipherCtx == NULL, -1); ! xmlSecAssert2(ctx->keyInitialized != 0, -1); ! xmlSecAssert2(ctx->ctxInitialized == 0, -1); ! xmlSecAssert2(in != NULL, -1); ! xmlSecAssert2(out != NULL, -1); ! xmlSecAssert2(transformCtx != NULL, -1); ! ! ivLen = PK11_GetIVLength(ctx->cipher); ! xmlSecAssert2(ivLen > 0, -1); ! xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); ! ! if(encrypt) { ! /* generate random iv */ ! rv = PK11_GenerateRandom(ctx->iv, ivLen); ! if(rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_GenerateRandom", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d", ivLen); ! return(-1); ! } ! ! /* write iv to the output */ ! ret = xmlSecBufferAppend(out, ctx->iv, ivLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferAppend", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", ivLen); ! return(-1); ! } ! ! } else { ! /* if we don't have enough data, exit and hope that ! * we'll have iv next time */ ! if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { ! return(0); ! } ! ! /* copy iv to our buffer*/ ! xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); ! memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); ! ! /* and remove from input */ ! ret = xmlSecBufferRemoveHead(in, ivLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferRemoveHead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", ivLen); ! return(-1); } ! } ! memset(&keyItem, 0, sizeof(keyItem)); ! keyItem.data = ctx->key; ! keyItem.len = ctx->keySize; ! memset(&ivItem, 0, sizeof(ivItem)); ! ivItem.data = ctx->iv; ! ivItem.len = ctx->ivSize; ! ! slot = PK11_GetBestSlot(ctx->cipher, NULL); ! if(slot == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_GetBestSlot", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, ! CKA_SIGN, &keyItem, NULL); ! if(symKey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_ImportSymKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! PK11_FreeSlot(slot); ! return(-1); ! } ! ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, ! (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, ! symKey, &ivItem); ! if(ctx->cipherCtx == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_CreateContextBySymKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! PK11_FreeSymKey(symKey); ! PK11_FreeSlot(slot); ! return(-1); } ! ! ctx->ctxInitialized = 1; ! PK11_FreeSymKey(symKey); ! PK11_FreeSlot(slot); ! return(0); } ! static int ! xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx) { ! xmlSecSize inSize, inBlocks, outSize; ! int blockLen; ! int outLen = 0; ! xmlSecByte* outBuf; ! SECStatus rv; ! int ret; ! ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->cipher != 0, -1); ! xmlSecAssert2(ctx->cipherCtx != NULL, -1); ! xmlSecAssert2(ctx->ctxInitialized != 0, -1); ! xmlSecAssert2(in != NULL, -1); ! xmlSecAssert2(out != NULL, -1); ! xmlSecAssert2(transformCtx != NULL, -1); ! blockLen = PK11_GetBlockSize(ctx->cipher, NULL); ! xmlSecAssert2(blockLen > 0, -1); ! inSize = xmlSecBufferGetSize(in); ! outSize = xmlSecBufferGetSize(out); ! ! if(inSize < (xmlSecSize)blockLen) { ! return(0); ! } ! if(encrypt) { ! inBlocks = inSize / ((xmlSecSize)blockLen); ! } else { ! /* we want to have the last block in the input buffer ! * for padding check */ ! inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); ! } ! inSize = inBlocks * ((xmlSecSize)blockLen); ! /* we write out the input size plus may be one block */ ! ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferSetMaxSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", outSize + inSize + blockLen); ! return(-1); ! } ! outBuf = xmlSecBufferGetData(out) + outSize; ! ! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, ! xmlSecBufferGetData(in), inSize); ! if(rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_CipherOp", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! xmlSecAssert2((xmlSecSize)outLen == inSize, -1); ! ! /* set correct output buffer size */ ! ret = xmlSecBufferSetSize(out, outSize + outLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferSetSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", outSize + outLen); ! return(-1); ! } ! ! /* remove the processed block from input */ ! ret = xmlSecBufferRemoveHead(in, inSize); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferRemoveHead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", inSize); ! return(-1); ! } ! return(0); } ! static int ! xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, ! xmlSecBufferPtr in, ! xmlSecBufferPtr out, ! int encrypt, ! const xmlChar* cipherName, ! xmlSecTransformCtxPtr transformCtx) { ! xmlSecSize inSize, outSize; ! int blockLen, outLen = 0; ! xmlSecByte* inBuf; ! xmlSecByte* outBuf; ! SECStatus rv; ! int ret; ! ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->cipher != 0, -1); ! xmlSecAssert2(ctx->cipherCtx != NULL, -1); ! xmlSecAssert2(ctx->ctxInitialized != 0, -1); ! xmlSecAssert2(in != NULL, -1); ! xmlSecAssert2(out != NULL, -1); ! xmlSecAssert2(transformCtx != NULL, -1); ! ! blockLen = PK11_GetBlockSize(ctx->cipher, NULL); ! xmlSecAssert2(blockLen > 0, -1); ! inSize = xmlSecBufferGetSize(in); ! outSize = xmlSecBufferGetSize(out); ! if(encrypt != 0) { ! xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); ! ! /* create padding */ ! ret = xmlSecBufferSetMaxSize(in, blockLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferSetMaxSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", blockLen); ! return(-1); ! } ! inBuf = xmlSecBufferGetData(in); ! ! /* generate random padding */ ! if((xmlSecSize)blockLen > (inSize + 1)) { ! rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); ! if(rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_GenerateRandom", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d", blockLen - inSize - 1); ! return(-1); ! } ! } ! inBuf[blockLen - 1] = blockLen - inSize; ! inSize = blockLen; ! } else { ! if(inSize != (xmlSecSize)blockLen) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "data=%d;block=%d", inSize, blockLen); ! return(-1); } - } - - /* process last block */ - ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 2 * blockLen); - return(-1); - } - outBuf = xmlSecBufferGetData(out) + outSize; ! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, ! xmlSecBufferGetData(in), inSize); ! if(rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "PK11_CipherOp", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! xmlSecAssert2((xmlSecSize)outLen == inSize, -1); ! ! if(encrypt == 0) { ! /* check padding */ ! if(outLen < outBuf[blockLen - 1]) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "padding=%d;buffer=%d", ! outBuf[blockLen - 1], outLen); ! return(-1); ! } ! outLen -= outBuf[blockLen - 1]; ! } ! ! /* set correct output buffer size */ ! ret = xmlSecBufferSetSize(out, outSize + outLen); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferSetSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", outSize + outLen); ! return(-1); ! } ! /* remove the processed block from input */ ! ret = xmlSecBufferRemoveHead(in, inSize); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(cipherName), ! "xmlSecBufferRemoveHead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "size=%d", inSize); ! return(-1); ! } ! return(0); } ! ! /****************************************************************************** ! * ! * EVP Block Cipher transforms * ! * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure * ! *****************************************************************************/ ! #define xmlSecNssBlockCipherSize \ ! (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) ! #define xmlSecNssBlockCipherGetCtx(transform) \ ! ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) ! ! static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); ! static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); ! static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, ! xmlSecKeyReqPtr keyReq); ! static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, ! xmlSecKeyPtr key); ! static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, ! int last, ! xmlSecTransformCtxPtr transformCtx); ! static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); ! static int ! xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { ! #ifndef XMLSEC_NO_DES ! if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { ! return(1); ! } ! #endif /* XMLSEC_NO_DES */ ! #ifndef XMLSEC_NO_AES ! if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || ! xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || ! xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { ! ! return(1); ! } ! #endif /* XMLSEC_NO_AES */ ! ! return(0); } static int ! xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { ! xmlSecNssBlockCipherCtxPtr ctx; ! ! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); ! ctx = xmlSecNssBlockCipherGetCtx(transform); ! xmlSecAssert2(ctx != NULL, -1); ! ! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); ! #ifndef XMLSEC_NO_DES ! if(transform->id == xmlSecNssTransformDes3CbcId) { ! ctx->cipher = CKM_DES3_CBC; ! ctx->keyId = xmlSecNssKeyDataDesId; ! ctx->keySize = 24; ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if(transform->id == xmlSecNssTransformAes128CbcId) { ! ctx->cipher = CKM_AES_CBC; ! ctx->keyId = xmlSecNssKeyDataAesId; ! ctx->keySize = 16; ! } else if(transform->id == xmlSecNssTransformAes192CbcId) { ! ctx->cipher = CKM_AES_CBC; ! ctx->keyId = xmlSecNssKeyDataAesId; ! ctx->keySize = 24; ! } else if(transform->id == xmlSecNssTransformAes256CbcId) { ! ctx->cipher = CKM_AES_CBC; ! ctx->keyId = xmlSecNssKeyDataAesId; ! ctx->keySize = 32; ! } else ! #endif /* XMLSEC_NO_AES */ ! ! if(1) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_INVALID_TRANSFORM, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! return(0); } ! static void ! xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { ! xmlSecNssBlockCipherCtxPtr ctx; ! xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); ! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); ! ctx = xmlSecNssBlockCipherGetCtx(transform); ! xmlSecAssert(ctx != NULL); ! if(ctx->cipherCtx != NULL) { ! PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); ! } ! ! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); } - static int - xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecNssBlockCipherCtxPtr ctx; - xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); - xmlSecAssert2(keyReq != NULL, -1); - - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->keyId != NULL, -1); - - keyReq->keyId = ctx->keyId; - keyReq->keyType = xmlSecKeyDataTypeSymmetric; - if(transform->operation == xmlSecTransformOperationEncrypt) { - keyReq->keyUsage = xmlSecKeyUsageEncrypt; - } else { - keyReq->keyUsage = xmlSecKeyUsageDecrypt; - } - keyReq->keyBitsSize = 8 * ctx->keySize; - return(0); - } static int ! xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ! xmlSecNssBlockCipherCtxPtr ctx; ! xmlSecBufferPtr buffer; ! ! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); ! xmlSecAssert2(key != NULL, -1); ! ! ctx = xmlSecNssBlockCipherGetCtx(transform); ! xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(ctx->cipher != 0, -1); ! xmlSecAssert2(ctx->keyInitialized == 0, -1); ! xmlSecAssert2(ctx->keyId != NULL, -1); ! xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); ! ! xmlSecAssert2(ctx->keySize > 0, -1); ! xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); ! ! buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); ! xmlSecAssert2(buffer != NULL, -1); ! ! if(xmlSecBufferGetSize(buffer) < ctx->keySize) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, ! "keySize=%d;expected=%d", ! xmlSecBufferGetSize(buffer), ctx->keySize); ! return(-1); ! } ! ! xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); ! memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); ! ! ctx->keyInitialized = 1; ! return(0); } ! static int ! xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ! xmlSecNssBlockCipherCtxPtr ctx; ! xmlSecBufferPtr in, out; ! int ret; ! ! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); ! xmlSecAssert2(transformCtx != NULL, -1); ! in = &(transform->inBuf); ! out = &(transform->outBuf); - ctx = xmlSecNssBlockCipherGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); ! if(transform->status == xmlSecTransformStatusNone) { ! transform->status = xmlSecTransformStatusWorking; ! } ! if(transform->status == xmlSecTransformStatusWorking) { ! if(ctx->ctxInitialized == 0) { ! ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, ! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, ! xmlSecTransformGetName(transform), transformCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "xmlSecNssBlockCipherCtxInit", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! if((ctx->ctxInitialized == 0) && (last != 0)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "not enough data to initialize transform"); ! return(-1); ! } ! ! if(ctx->ctxInitialized != 0) { ! ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, ! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, ! xmlSecTransformGetName(transform), transformCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "xmlSecNssBlockCipherCtxUpdate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! ! if(last) { ! ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, ! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, ! xmlSecTransformGetName(transform), transformCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "xmlSecNssBlockCipherCtxFinal", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! transform->status = xmlSecTransformStatusFinished; ! } ! } else if(transform->status == xmlSecTransformStatusFinished) { ! /* the only way we can get here is if there is no input */ ! xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); ! } else if(transform->status == xmlSecTransformStatusNone) { ! /* the only way we can get here is if there is no enough data in the input */ ! xmlSecAssert2(last == 0, -1); ! } else { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL, ! XMLSEC_ERRORS_R_INVALID_STATUS, ! "status=%d", transform->status); ! return(-1); ! } ! ! return(0); ! } ! #ifndef XMLSEC_NO_AES ! /********************************************************************* ! * ! * AES CBC cipher transforms ! * ! ********************************************************************/ ! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ ! ! xmlSecNameAes128Cbc, /* const xmlChar* name; */ ! xmlSecHrefAes128Cbc, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! /** ! * xmlSecNssTransformAes128CbcGetKlass: ! * ! * AES 128 CBC encryption transform klass. ! * ! * Returns pointer to AES 128 CBC encryption transform. ! */ ! xmlSecTransformId ! xmlSecNssTransformAes128CbcGetKlass(void) { ! return(&xmlSecNssAes128CbcKlass); ! } ! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ ! ! xmlSecNameAes192Cbc, /* const xmlChar* name; */ ! xmlSecHrefAes192Cbc, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; /** ! * xmlSecNssTransformAes192CbcGetKlass: ! * ! * AES 192 CBC encryption transform klass. ! * ! * Returns pointer to AES 192 CBC encryption transform. ! */ ! xmlSecTransformId ! xmlSecNssTransformAes192CbcGetKlass(void) { ! return(&xmlSecNssAes192CbcKlass); } - static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ - - xmlSecNameAes256Cbc, /* const xmlChar* name; */ - xmlSecHrefAes256Cbc, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ - }; - /** ! * xmlSecNssTransformAes256CbcGetKlass: ! * ! * AES 256 CBC encryption transform klass. ! * ! * Returns pointer to AES 256 CBC encryption transform. ! */ ! xmlSecTransformId ! xmlSecNssTransformAes256CbcGetKlass(void) { ! return(&xmlSecNssAes256CbcKlass); } ! #endif /* XMLSEC_NO_AES */ ! ! #ifndef XMLSEC_NO_DES ! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ ! ! xmlSecNameDes3Cbc, /* const xmlChar* name; */ ! xmlSecHrefDes3Cbc, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! /** ! * xmlSecNssTransformDes3CbcGetKlass: * ! * Triple DES CBC encryption transform klass. ! * ! * Returns pointer to Triple DES encryption transform. */ ! xmlSecTransformId ! xmlSecNssTransformDes3CbcGetKlass(void) { ! return(&xmlSecNssDes3CbcKlass); } ! #endif /* XMLSEC_NO_DES */ --- 1,951 ---- ! /* -- C Source File -- **/ #include "globals.h" + #include #include #include #include #include + #include + #include #include + #include #include #include #include + #include ! /** ! * Internal Nss Block Cipher Context * ! * This context is designed for repositing a block cipher for transform ! */ ! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; ! typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; ! struct _xmlSecNssBlockCipherCtx { ! CK_MECHANISM_TYPE cipher ; ! PK11SymKey* symkey ; ! PK11Context* cipherCtx ; ! xmlSecKeyDataId keyId ; ! } ; ! ! #define xmlSecNssBlockCipherSize \ ! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) ! ! #define xmlSecNssBlockCipherGetCtx( transform ) \ ! ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ! ! static int ! xmlSecNssBlockCipherCheckId( ! xmlSecTransformPtr transform ! ) { ! #ifndef XMLSEC_NO_DES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { ! return 1 ; } ! #endif /* XMLSEC_NO_DES */ ! #ifndef XMLSEC_NO_AES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { ! return 1 ; } ! #endif /* XMLSEC_NO_AES */ ! ! return 0 ; } ! static int ! xmlSecNssBlockCipherFetchCtx( ! xmlSecNssBlockCipherCtxPtr context , ! xmlSecTransformId id ! ) { ! xmlSecAssert2( context != NULL, -1 ) ; ! ! #ifndef XMLSEC_NO_DES ! if( id == xmlSecNssTransformDes3CbcId ) { ! context->cipher = CKM_DES3_CBC ; ! context->keyId = xmlSecNssKeyDataDesId ; ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if( id == xmlSecNssTransformAes128CbcId ) { ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! if( id == xmlSecNssTransformAes192CbcId ) { ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! if( id == xmlSecNssTransformAes256CbcId ) { ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! #endif /* XMLSEC_NO_AES */ ! ! if( 1 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! return 0 ; ! } ! /** ! * xmlSecTransformInitializeMethod: ! * @transform: the pointer to transform object. ! * ! * The transform specific initialization method. ! * ! * Returns 0 on success or a negative value otherwise. ! */ ! static int ! xmlSecNssBlockCipherInitialize( ! xmlSecTransformPtr transform ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! ! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ! ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherFetchCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! context->symkey = NULL ; ! context->cipherCtx = NULL ; ! return 0 ; } ! /** ! * xmlSecTransformFinalizeMethod: ! * @transform: the pointer to transform object. ! * ! * The transform specific destroy method. ! */ ! static void ! xmlSecNssBlockCipherFinalize( ! xmlSecTransformPtr transform ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; ! xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return ; } ! if( context->cipherCtx != NULL ) { ! PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; ! context->cipherCtx = NULL ; ! } ! if( context->symkey != NULL ) { ! PK11_FreeSymKey( context->symkey ) ; ! context->symkey = NULL ; ! } ! context->cipher = CKM_INVALID_MECHANISM ; ! context->keyId = NULL ; } ! /** ! * xmlSecTransformSetKeyRequirementsMethod: ! * @transform: the pointer to transform object. ! * @keyReq: the pointer to key requirements structure. * ! * Transform specific method to set transform's key requirements. * ! * Returns 0 on success or a negative value otherwise. ! */ ! static int ! xmlSecNssBlockCipherSetKeyReq( ! xmlSecTransformPtr transform , ! xmlSecKeyReqPtr keyReq ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! xmlSecSize cipherSize = 0 ; ! ! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ! xmlSecAssert2( keyReq != NULL , -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! keyReq->keyId = context->keyId ; ! keyReq->keyType = xmlSecKeyDataTypeSymmetric ; ! ! if( transform->operation == xmlSecTransformOperationEncrypt ) { ! keyReq->keyUsage = xmlSecKeyUsageEncrypt ; ! } else { ! keyReq->keyUsage = xmlSecKeyUsageDecrypt ; ! } ! ! /* ! if( context->symkey != NULL ) ! cipherSize = PK11_GetKeyLength( context->symkey ) ; ! ! keyReq->keyBitsSize = cipherSize * 8 ; ! */ + return 0 ; + } + /** + * xmlSecTransformSetKeyMethod: + * @transform: the pointer to transform object. + * @key: the pointer to key. + * + * The transform specific method to set the key for use. + * + * Returns 0 on success or a negative value otherwise. + */ static int ! xmlSecNssBlockCipherSetKey( ! xmlSecTransformPtr transform , ! xmlSecKeyPtr key ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! xmlSecKeyDataPtr keyData = NULL ; ! PK11SymKey* symkey = NULL ; ! CK_ATTRIBUTE_TYPE operation ; ! int ivLen ; ! ! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ! xmlSecAssert2( key != NULL , -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ! ! keyData = xmlSecKeyGetValue( key ) ; ! if( keyData == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ! "xmlSecKeyGetValue" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ! "xmlSecNssSymKeyDataGetKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! context->symkey = symkey ; ! ! return 0 ; } + /** + * Block cipher transform init + */ static int ! xmlSecNssBlockCipherCtxInit( ! xmlSecNssBlockCipherCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! const xmlChar* cipherName , ! xmlSecTransformCtxPtr transformCtx ! ) { ! SECItem ivItem ; ! SECItem* secParam = NULL ; ! xmlSecBufferPtr ivBuf = NULL ; ! int ivLen ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! ivLen = PK11_GetIVLength( ctx->cipher ) ; ! if( ivLen < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetIVLength" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( encrypt ) { ! if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_GenerateRandom" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! ! if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! } else { ! if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetData" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! ! if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! } ! ! ivItem.data = xmlSecBufferGetData( ivBuf ) ; ! ivItem.len = xmlSecBufferGetSize( ivBuf ) ; ! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_ParamFromIV" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! ! ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; ! if( ctx->cipherCtx == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! SECITEM_FreeItem( secParam , PR_TRUE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return -1 ; ! } ! SECITEM_FreeItem( secParam , PR_TRUE ) ; ! xmlSecBufferDestroy( ivBuf ) ; ! return 0 ; } ! /** ! * Block cipher transform update ! */ ! static int ! xmlSecNssBlockCipherCtxUpdate( ! xmlSecNssBlockCipherCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! const xmlChar* cipherName , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecSize inSize ; ! xmlSecSize outSize ; ! xmlSecSize inBlocks ; ! int blockSize ; ! int outLen ; ! xmlSecByte* outBuf ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! inSize = xmlSecBufferGetSize( in ) ; ! outSize = xmlSecBufferGetSize( out ) ; ! ! inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; ! inSize = inBlocks * blockSize ; ! ! if( inSize < blockSize ) { ! return 0 ; ! } ! ! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! outBuf = xmlSecBufferGetData( out ) + outSize ; ! ! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_CipherOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! return 0 ; ! } ! /** ! * Block cipher transform final ! */ ! static int ! xmlSecNssBlockCipherCtxFinal( ! xmlSecNssBlockCipherCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! const xmlChar* cipherName , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecSize inSize ; ! xmlSecSize outSize ; ! int blockSize ; ! int outLen ; ! xmlSecByte* inBuf ; ! xmlSecByte* outBuf ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! inSize = xmlSecBufferGetSize( in ) ; ! outSize = xmlSecBufferGetSize( out ) ; ! ! /******************************************************************/ ! if( encrypt != 0 ) { ! xmlSecAssert2( inSize < blockSize, -1 ) ; ! ! /* create padding */ ! if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! inBuf = xmlSecBufferGetData( in ) ; ! ! /* generate random */ ! if( blockSize > ( inSize + 1 ) ) { ! if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_GenerateRandom" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! inBuf[blockSize-1] = blockSize - inSize ; ! inSize = blockSize ; ! } else { ! if( inSize != blockSize ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! /* process the last block */ ! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! outBuf = xmlSecBufferGetData( out ) + outSize ; ! ! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_CipherOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( encrypt == 0 ) { ! /* check padding */ ! if( outLen < outBuf[blockSize-1] ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! outLen -= outBuf[blockSize-1] ; ! } ! /******************************************************************/ ! ! /****************************************************************** ! if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! outBuf = xmlSecBufferGetData( out ) + outSize ; ! ! if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "PK11_DigestFinal" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ******************************************************************/ ! ! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( cipherName ) , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! /* PK11_Finalize( ctx->cipherCtx ) ;*/ ! PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ; ! ctx->cipherCtx = NULL ; ! return 0 ; } + /** + * xmlSecTransformExecuteMethod: + * @transform: the pointer to transform object. + * @last: the flag: if set to 1 then it's the last data chunk. + * @transformCtx: the pointer to transform context object. + * + * Transform specific method to process a chunk of data. + * + * Returns 0 on success or a negative value otherwise. + */ static int ! xmlSecNssBlockCipherExecute( ! xmlSecTransformPtr transform , ! int last , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecNssBlockCipherCtxPtr context = NULL ; ! xmlSecBufferPtr inBuf = NULL ; ! xmlSecBufferPtr outBuf = NULL ; ! const xmlChar* cipherName ; ! int operation ; ! int rtv ; ! ! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! context = xmlSecNssBlockCipherGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! inBuf = &( transform->inBuf ) ; ! outBuf = &( transform->outBuf ) ; ! ! if( transform->status == xmlSecTransformStatusNone ) { ! transform->status = xmlSecTransformStatusWorking ; ! } ! ! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ! cipherName = xmlSecTransformGetName( transform ) ; ! ! if( transform->status == xmlSecTransformStatusWorking ) { ! if( context->cipherCtx == NULL ) { ! rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherCtxInit" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! if( context->cipherCtx == NULL && last != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "No enough data to intialize transform" ) ; ! return -1 ; ! } ! ! if( context->cipherCtx != NULL ) { ! rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherCtxUpdate" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! if( last ) { ! rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssBlockCipherCtxFinal" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! transform->status = xmlSecTransformStatusFinished ; ! } ! } else if( transform->status == xmlSecTransformStatusFinished ) { ! if( xmlSecBufferGetSize( inBuf ) != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return -1 ; ! } ! } else { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return -1 ; ! } ! ! return 0 ; } ! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { ! sizeof( xmlSecTransformKlass ) , ! xmlSecNssBlockCipherSize , ! xmlSecNameAes128Cbc , ! xmlSecHrefAes128Cbc , ! xmlSecTransformUsageEncryptionMethod , ! ! xmlSecNssBlockCipherInitialize , ! xmlSecNssBlockCipherFinalize , ! NULL , ! NULL , ! ! xmlSecNssBlockCipherSetKeyReq , ! xmlSecNssBlockCipherSetKey , ! NULL , ! xmlSecTransformDefaultGetDataType , ! ! xmlSecTransformDefaultPushBin , ! xmlSecTransformDefaultPopBin , ! NULL , ! NULL , ! xmlSecNssBlockCipherExecute , ! ! NULL , ! NULL ! } ; ! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { ! sizeof( xmlSecTransformKlass ) , ! xmlSecNssBlockCipherSize , ! xmlSecNameAes192Cbc , ! xmlSecHrefAes192Cbc , ! xmlSecTransformUsageEncryptionMethod , ! ! xmlSecNssBlockCipherInitialize , ! xmlSecNssBlockCipherFinalize , ! NULL , ! NULL , ! ! xmlSecNssBlockCipherSetKeyReq , ! xmlSecNssBlockCipherSetKey , ! NULL , ! xmlSecTransformDefaultGetDataType , ! ! xmlSecTransformDefaultPushBin , ! xmlSecTransformDefaultPopBin , ! NULL , ! NULL , ! xmlSecNssBlockCipherExecute , ! ! NULL , ! NULL ! } ; ! static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { ! sizeof( xmlSecTransformKlass ) , ! xmlSecNssBlockCipherSize , ! xmlSecNameAes256Cbc , ! xmlSecHrefAes256Cbc , ! xmlSecTransformUsageEncryptionMethod , ! ! xmlSecNssBlockCipherInitialize , ! xmlSecNssBlockCipherFinalize , ! NULL , ! NULL , ! ! xmlSecNssBlockCipherSetKeyReq , ! xmlSecNssBlockCipherSetKey , ! NULL , ! xmlSecTransformDefaultGetDataType , ! ! xmlSecTransformDefaultPushBin , ! xmlSecTransformDefaultPopBin , ! NULL , ! NULL , ! xmlSecNssBlockCipherExecute , ! ! NULL , ! NULL ! } ; ! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { ! sizeof( xmlSecTransformKlass ) , ! xmlSecNssBlockCipherSize , ! ! xmlSecNameDes3Cbc , ! xmlSecHrefDes3Cbc , ! xmlSecTransformUsageEncryptionMethod , ! ! xmlSecNssBlockCipherInitialize , ! xmlSecNssBlockCipherFinalize , ! NULL , ! NULL , ! ! xmlSecNssBlockCipherSetKeyReq , ! xmlSecNssBlockCipherSetKey , ! NULL , ! xmlSecTransformDefaultGetDataType , ! ! xmlSecTransformDefaultPushBin , ! xmlSecTransformDefaultPopBin , ! NULL , ! NULL , ! xmlSecNssBlockCipherExecute , ! ! NULL , ! NULL ! } ; /** ! * xmlSecNssTransformAes128CbcGetKlass ! * ! * Get the AES128_CBC transform klass ! * ! * Return AES128_CBC transform klass ! */ ! xmlSecTransformId ! xmlSecNssTransformAes128CbcGetKlass( void ) { ! return ( &xmlSecNssAes128CbcKlass ) ; } /** ! * xmlSecNssTransformAes192CbcGetKlass ! * ! * Get the AES192_CBC transform klass ! * ! * Return AES192_CBC transform klass ! */ ! xmlSecTransformId ! xmlSecNssTransformAes192CbcGetKlass( void ) { ! return ( &xmlSecNssAes192CbcKlass ) ; } ! /** ! * xmlSecNssTransformAes256CbcGetKlass ! * ! * Get the AES256_CBC transform klass ! * ! * Return AES256_CBC transform klass ! */ ! xmlSecTransformId ! xmlSecNssTransformAes256CbcGetKlass( void ) { ! return ( &xmlSecNssAes256CbcKlass ) ; ! } ! /** ! * xmlSecNssTransformDes3CbcGetKlass * ! * Get the DES3_CBC transform klass ! * ! * Return DES3_CBC transform klass */ ! xmlSecTransformId ! xmlSecNssTransformDes3CbcGetKlass( void ) { ! return ( &xmlSecNssDes3CbcKlass ) ; } ! *** misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 16:57:25.000000000 +0100 --- misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2006-05-08 12:19:39.257648000 +0200 *************** *** 130,135 **** --- 130,136 ---- /** * High level routines form xmlsec command line utility */ + /* gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; *************** *** 143,152 **** gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; ! #endif /* XMLSEC_NO_X509 */ gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; return(gXmlSecNssFunctions); } --- 144,172 ---- gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; ! #endif gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; + */ + + gXmlSecNssFunctions->cryptoAppInit = NULL ; + gXmlSecNssFunctions->cryptoAppShutdown = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; + #ifndef XMLSEC_NO_X509 + gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; + gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; + gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; + gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; + #endif /* XMLSEC_NO_X509 */ + gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; return(gXmlSecNssFunctions); } *** misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 02:58:15.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/digests.c 2006-05-08 12:19:39.272123000 +0200 *************** *** 21,27 **** #include #include - #include #include #define XMLSEC_NSS_MAX_DIGEST_SIZE 32 --- 21,26 ---- *************** *** 107,113 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SECOID_FindOIDByTag", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 106,112 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SECOID_FindOIDByTag", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 117,123 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateDigestContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 116,122 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateDigestContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 208,214 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } transform->status = xmlSecTransformStatusWorking; --- 207,213 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } transform->status = xmlSecTransformStatusWorking; *************** *** 225,231 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 224,230 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 246,252 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } xmlSecAssert2(ctx->dgstSize > 0, -1); --- 245,251 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } xmlSecAssert2(ctx->dgstSize > 0, -1); *** misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 02:58:15.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2006-05-08 12:19:39.287801000 +0200 *************** *** 23,30 **** #include #include - #include #include #define XMLSEC_NSS_MAX_HMAC_SIZE 128 --- 23,30 ---- #include #include #include + #include #define XMLSEC_NSS_MAX_HMAC_SIZE 128 *************** *** 241,253 **** keyItem.data = xmlSecBufferGetData(buffer); keyItem.len = xmlSecBufferGetSize(buffer); ! slot = PK11_GetBestSlot(ctx->digestType, NULL); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "PK11_GetBestSlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 241,253 ---- keyItem.data = xmlSecBufferGetData(buffer); keyItem.len = xmlSecBufferGetSize(buffer); ! slot = xmlSecNssSlotGet(ctx->digestType); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 258,264 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_ImportSymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PK11_FreeSlot(slot); return(-1); } --- 258,264 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_ImportSymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PK11_FreeSlot(slot); return(-1); } *************** *** 269,275 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateContextBySymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); --- 269,275 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateContextBySymKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); *************** *** 368,374 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } transform->status = xmlSecTransformStatusWorking; --- 368,374 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } transform->status = xmlSecTransformStatusWorking; *************** *** 385,391 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 385,391 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 408,414 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } xmlSecAssert2(dgstSize > 0, -1); --- 408,414 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } xmlSecAssert2(dgstSize > 0, -1); *** misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 02:58:15.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2006-05-08 12:19:39.306795000 +0200 *************** *** 1,119 **** /** * XMLSec library * - * Nss keys store that uses Simple Keys Store under the hood. Uses the - * Nss DB as a backing store for the finding keys, but the NSS DB is - * not written to by the keys store. - * So, if store->findkey is done and the key is not found in the simple - * keys store, the NSS DB is looked up. - * If store is called to adopt a key, that key is not written to the NSS - * DB. - * Thus, the NSS DB can be used to pre-load keys and becomes an alternate - * source of keys for xmlsec - * * This is free software; see Copyright file in the source * distribution for precise wording. * ! * Copyright (c) 2003 America Online, Inc. All rights reserved. */ - #include "globals.h" ! #include #include ! #include ! #include ! #include ! #include - #include #include ! #include ! #include ! #include ! #include ! #include #include #include ! #include #include ! /**************************************************************************** * ! * Nss Keys Store. Uses Simple Keys Store under the hood ! * ! * Simple Keys Store ptr is located after xmlSecKeyStore * ! ***************************************************************************/ ! #define xmlSecNssKeysStoreSize \ ! (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) ! ! #define xmlSecNssKeysStoreGetSS(store) \ ! ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ ! (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ ! (xmlSecKeyStorePtr*)NULL) ! ! static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); ! static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); ! static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, ! const xmlChar* name, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ! sizeof(xmlSecKeyStoreKlass), ! xmlSecNssKeysStoreSize, ! /* data */ ! BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ ! ! /* constructors/destructor */ ! xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ ! xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ ! xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ ! ! /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! /** ! * xmlSecNssKeysStoreGetKlass: ! * ! * The Nss list based keys store klass. * ! * Returns Nss list based keys store klass. */ ! xmlSecKeyStoreId ! xmlSecNssKeysStoreGetKlass(void) { ! return(&xmlSecNssKeysStoreKlass); } ! /** ! * xmlSecNssKeysStoreAdoptKey: ! * @store: the pointer to Nss keys store. ! * @key: the pointer to key. ! * ! * Adds @key to the @store. * ! * Returns 0 on success or a negative value if an error occurs. */ ! int ! xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { ! xmlSecKeyStorePtr *ss; ! ! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ! xmlSecAssert2((key != NULL), -1); ! ss = xmlSecNssKeysStoreGetSS(store); ! xmlSecAssert2(((ss != NULL) && (*ss != NULL) && ! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); ! return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); } /** * xmlSecNssKeysStoreLoad: * @store: the pointer to Nss keys store. --- 1,518 ---- /** * XMLSec library * * This is free software; see Copyright file in the source * distribution for precise wording. * ! * Copyright................................ */ ! /** ! * NSS key store uses a key list and a slot list as the key repository. NSS slot ! * list is a backup repository for the finding keys. If a key is not found from ! * the key list, the NSS slot list is looked up. ! * ! * Any key in the key list will not save to pkcs11 slot. When a store to called ! * to adopt a key, the key is resident in the key list; While a store to called ! * to set a is resident in the key list; While a store to called to set a slot ! * list, which means that the keys in the listed slot can be used for xml sign- ! * nature or encryption. ! * ! * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. ! * ! * The framework will decrease the user interfaces to administrate xmlSec crypto ! * engine. He can only focus on NSS layer functions. For examples, after the ! * user set up a slot list handler to the keys store, he do not need to do any ! * other work atop xmlSec interfaces, his action on the slot list handler, such ! * as add a token to, delete a token from the list, will directly effect the key ! * store behaviors. ! * ! * For example, a scenariio: ! * 0. Create a slot list;( NSS interfaces ) ! * 1. Create a keys store;( xmlSec interfaces ) ! * 2. Set slot list with the keys store;( xmlSec Interfaces ) ! * 3. Add a slot to the slot list;( NSS interfaces ) ! * 4. Perform xml signature; ( xmlSec Interfaces ) ! * 5. Deleter a slot from the slot list;( NSS interfaces ) ! * 6. Perform xml encryption; ( xmlSec Interfaces ) ! * 7. Perform xml signature;( xmlSec Interfaces ) ! * 8. Destroy the keys store;( xmlSec Interfaces ) ! * 8. Destroy the slot list.( NSS Interfaces ) ! */ ! ! #include "globals.h" #include ! #include ! #include ! #include ! #include #include ! #include #include + #include + #include + #include #include #include ! #include ! #include #include ! /** ! * Internal NSS key store context * ! * This context is located after xmlSecKeyStore ! */ ! typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; ! typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; ! ! struct _xmlSecNssKeysStoreCtx { ! xmlSecPtrListPtr keyList ; ! xmlSecPtrListPtr slotList ; ! } ; ! ! #define xmlSecNssKeysStoreSize \ ! ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) ! ! #define xmlSecNssKeysStoreGetCtx( data ) \ ! ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) ! ! int xmlSecNssKeysStoreAdoptKeySlot( ! xmlSecKeyStorePtr store , ! xmlSecNssKeySlotPtr keySlot ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( context->slotList == NULL ) { ! if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListCheckId" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListAdd" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! return 0 ; ! } ! ! int xmlSecNssKeysStoreAdoptKey( ! xmlSecKeyStorePtr store , ! xmlSecKeyPtr key ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( context->keyList == NULL ) { ! if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! } ! ! if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListCheckId" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecPtrListAdd" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! ! return 0 ; ! } ! ! /** ! * xmlSecKeyStoreInitializeMethod: ! * @store: the store. * ! * Keys store specific initialization method. ! * ! * Returns 0 on success or a negative value if an error occurs. ! */ ! static int ! xmlSecNssKeysStoreInitialize( ! xmlSecKeyStorePtr store ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! context->keyList = NULL ; ! context->slotList = NULL ; ! return 0 ; ! } ! /** ! * xmlSecKeyStoreFinalizeMethod: ! * @store: the store. * ! * Keys store specific finalization (destroy) method. */ ! void ! xmlSecNssKeysStoreFinalize( ! xmlSecKeyStorePtr store ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! ! xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; ! xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return ; ! } ! ! if( context->keyList != NULL ) { ! xmlSecPtrListDestroy( context->keyList ) ; ! context->keyList = NULL ; ! } ! ! if( context->slotList != NULL ) { ! xmlSecPtrListDestroy( context->slotList ) ; ! context->slotList = NULL ; ! } } ! xmlSecKeyPtr ! xmlSecNssKeysStoreFindKeyFromSlot( ! PK11SlotInfo* slot, ! const xmlChar* name, ! xmlSecKeyInfoCtxPtr keyInfoCtx ! ) { ! xmlSecKeyPtr key = NULL ; ! xmlSecKeyDataPtr data = NULL ; ! int length ; ! ! xmlSecAssert2( slot != NULL , NULL ) ; ! xmlSecAssert2( name != NULL , NULL ) ; ! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; ! ! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { ! PK11SymKey* symKey ; ! PK11SymKey* curKey ; ! ! /* Find symmetric key from the slot by name */ ! symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; ! for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { ! /* Check the key request */ ! length = PK11_GetKeyLength( curKey ) ; ! length *= 8 ; ! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ! ( length > 0 ) && ! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ! continue ; ! ! /* We find a eligible key */ ! data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; ! if( data == NULL ) { ! /* Do nothing */ ! } ! break ; ! } ! ! /* Destroy the sym key list */ ! for( curKey = symKey ; curKey != NULL ; ) { ! symKey = curKey ; ! curKey = PK11_GetNextSymKey( symKey ) ; ! PK11_FreeSymKey( symKey ) ; ! } ! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ! SECKEYPublicKeyList* pubKeyList ; ! SECKEYPublicKey* pubKey ; ! SECKEYPublicKeyListNode* curPub ; ! ! /* Find asymmetric key from the slot by name */ ! pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; ! pubKey = NULL ; ! curPub = PUBKEY_LIST_HEAD(pubKeyList); ! for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { ! /* Check the key request */ ! length = SECKEY_PublicKeyStrength( curPub->key ) ; ! length *= 8 ; ! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ! ( length > 0 ) && ! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ! continue ; ! ! /* We find a eligible key */ ! pubKey = curPub->key ; ! break ; ! } ! ! if( pubKey != NULL ) { ! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; ! if( data == NULL ) { ! /* Do nothing */ ! } ! } ! ! /* Destroy the public key list */ ! SECKEY_DestroyPublicKeyList( pubKeyList ) ; ! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ! SECKEYPrivateKeyList* priKeyList = NULL ; ! SECKEYPrivateKey* priKey = NULL ; ! SECKEYPrivateKeyListNode* curPri ; ! ! /* Find asymmetric key from the slot by name */ ! priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; ! priKey = NULL ; ! curPri = PRIVKEY_LIST_HEAD(priKeyList); ! for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { ! /* Check the key request */ ! length = PK11_SignatureLen( curPri->key ) ; ! length *= 8 ; ! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && ! ( length > 0 ) && ! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) ! continue ; ! ! /* We find a eligible key */ ! priKey = curPri->key ; ! break ; ! } ! ! if( priKey != NULL ) { ! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; ! if( data == NULL ) { ! /* Do nothing */ ! } ! } ! ! /* Destroy the private key list */ ! SECKEY_DestroyPrivateKeyList( priKeyList ) ; ! } ! ! /* If we have gotten the key value */ ! if( data != NULL ) { ! if( ( key = xmlSecKeyCreate() ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeyCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyDataDestroy( data ) ; ! return NULL ; ! } ! ! if( xmlSecKeySetValue( key , data ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecKeySetValue" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecKeyDestroy( key ) ; ! xmlSecKeyDataDestroy( data ) ; ! return NULL ; ! } ! } ! ! return(key); ! } ! ! /** ! * xmlSecKeyStoreFindKeyMethod: ! * @store: the store. ! * @name: the desired key name. ! * @keyInfoCtx: the pointer to key info context. * ! * Keys store specific find method. The caller is responsible for destroying ! * the returned key using #xmlSecKeyDestroy method. ! * ! * Returns the pointer to a key or NULL if key is not found or an error occurs. */ ! static xmlSecKeyPtr ! xmlSecNssKeysStoreFindKey( ! xmlSecKeyStorePtr store , ! const xmlChar* name , ! xmlSecKeyInfoCtxPtr keyInfoCtx ! ) { ! xmlSecNssKeysStoreCtxPtr context = NULL ; ! xmlSecKeyPtr key = NULL ; ! xmlSecNssKeySlotPtr keySlot = NULL ; ! xmlSecSize pos ; ! xmlSecSize size ; ! ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; ! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecNssKeysStoreGetCtx" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return NULL ; ! } ! ! /*- ! * Look for key at keyList at first. ! */ ! if( context->keyList != NULL ) { ! size = xmlSecPtrListGetSize( context->keyList ) ; ! for( pos = 0 ; pos < size ; pos ++ ) { ! key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; ! if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { ! return xmlSecKeyDuplicate( key ) ; ! } ! } ! } ! ! /*- ! * Find the key from slotList ! */ ! if( context->slotList != NULL ) { ! PK11SlotInfo* slot = NULL ; ! ! size = xmlSecPtrListGetSize( context->slotList ) ; ! for( pos = 0 ; pos < size ; pos ++ ) { ! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; ! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ! if( slot == NULL ) { ! continue ; ! } else { ! key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; ! if( key == NULL ) { ! continue ; ! } else { ! return( key ) ; ! } ! } ! } ! } ! ! /*- ! * Create a session key if we can not find the key from keyList and slotList ! */ ! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { ! key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; ! if( key == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , ! "xmlSecKeySetValue" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return NULL ; ! } ! ! return key ; ! } ! ! /** ! * We have no way to find the key any more. ! */ ! return NULL ; ! } ! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { ! sizeof( xmlSecKeyStoreKlass ) , ! xmlSecNssKeysStoreSize , ! BAD_CAST "implicit_nss_keys_store" , ! xmlSecNssKeysStoreInitialize , ! xmlSecNssKeysStoreFinalize , ! xmlSecNssKeysStoreFindKey , ! NULL , ! NULL ! } ; ! /** ! * xmlSecNssKeysStoreGetKlass: ! * ! * The simple list based keys store klass. ! * ! * Returns simple list based keys store klass. ! */ ! xmlSecKeyStoreId ! xmlSecNssKeysStoreGetKlass( void ) { ! return &xmlSecNssKeysStoreKlass ; } + + /************************** + * Application routines + */ /** * xmlSecNssKeysStoreLoad: * @store: the pointer to Nss keys store. *************** *** 125,132 **** * Returns 0 on success or a negative value if an error occurs. */ int ! xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, ! xmlSecKeysMngrPtr keysMngr) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; --- 524,534 ---- * Returns 0 on success or a negative value if an error occurs. */ int ! xmlSecNssKeysStoreLoad( ! xmlSecKeyStorePtr store, ! const char *uri, ! xmlSecKeysMngrPtr keysMngr ! ) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; *************** *** 252,505 **** */ int xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { ! xmlSecKeyStorePtr *ss; ! ! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ! xmlSecAssert2((filename != NULL), -1); ! ! ss = xmlSecNssKeysStoreGetSS(store); ! xmlSecAssert2(((ss != NULL) && (*ss != NULL) && ! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); ! ! return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); ! } ! ! static int ! xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { ! xmlSecKeyStorePtr *ss; ! ! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ! ss = xmlSecNssKeysStoreGetSS(store); ! xmlSecAssert2((*ss == NULL), -1); ! *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); ! if(*ss == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecKeyStoreCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecSimpleKeysStoreId"); ! return(-1); } - - return(0); - } - - static void - xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { - xmlSecKeyStorePtr *ss; - - xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); - - ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert((ss != NULL) && (*ss != NULL)); ! xmlSecKeyStoreDestroy(*ss); ! } ! ! static xmlSecKeyPtr ! xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { ! xmlSecKeyStorePtr* ss; ! xmlSecKeyPtr key = NULL; ! xmlSecKeyPtr retval = NULL; ! xmlSecKeyReqPtr keyReq = NULL; ! CERTCertificate *cert = NULL; ! SECKEYPublicKey *pubkey = NULL; ! SECKEYPrivateKey *privkey = NULL; ! xmlSecKeyDataPtr data = NULL; ! xmlSecKeyDataPtr x509Data = NULL; ! int ret; ! ! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ! ss = xmlSecNssKeysStoreGetSS(store); ! xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); ! ! key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); ! if (key != NULL) { ! return (key); ! } ! /* Try to find the key in the NSS DB, and construct an xmlSecKey. ! * we must have a name to lookup keys in NSS DB. ! */ ! if (name == NULL) { ! goto done; ! } ! /* what type of key are we looking for? ! * TBD: For now, we'll look only for public/private keys using the ! * name as a cert nickname. Later on, we can attempt to find ! * symmetric keys using PK11_FindFixedKey ! */ ! keyReq = &(keyInfoCtx->keyReq); ! if (keyReq->keyType & ! (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { ! cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); ! if (cert == NULL) { ! goto done; ! } ! ! if (keyReq->keyType & xmlSecKeyDataTypePublic) { ! pubkey = CERT_ExtractPublicKey(cert); ! if (pubkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_ExtractPublicKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; } - } ! if (keyReq->keyType & xmlSecKeyDataTypePrivate) { ! privkey = PK11_FindKeyByAnyCert(cert, NULL); ! if (privkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_FindKeyByAnyCert", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; } } ! data = xmlSecNssPKIAdoptKey(privkey, pubkey); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssPKIAdoptKey", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! privkey = NULL; ! pubkey = NULL; ! ! key = xmlSecKeyCreate(); ! if (key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! return (NULL); ! } ! ! x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); ! if(x509Data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "transform=%s", ! xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); ! goto done; ! } ! ! ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); ! if (ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKeyDataX509AdoptKeyCert", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); ! goto done; ! } ! cert = CERT_DupCertificate(cert); ! if (cert == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_DupCertificate", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); ! goto done; ! } ! ! ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); ! if (ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKeyDataX509AdoptCert", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); ! goto done; } - cert = NULL; ! ret = xmlSecKeySetValue(key, data); ! if (ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeySetValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); ! goto done; ! } ! data = NULL; ! ret = xmlSecKeyAdoptData(key, x509Data); ! if (ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyAdoptData", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "data=%s", ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); ! goto done; ! } ! x509Data = NULL; ! ! retval = key; ! key = NULL; ! } ! ! done: ! if (cert != NULL) { ! CERT_DestroyCertificate(cert); ! } ! if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); ! } ! if (privkey != NULL) { ! SECKEY_DestroyPrivateKey(privkey); ! } ! if (data != NULL) { ! xmlSecKeyDataDestroy(data); ! } ! if (x509Data != NULL) { ! xmlSecKeyDataDestroy(x509Data); ! } ! if (key != NULL) { ! xmlSecKeyDestroy(key); } ! ! /* now that we have a key, make sure it is valid and let the simple ! * store adopt it */ ! if (retval) { ! if (xmlSecKeyIsValid(retval)) { ! ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval); ! if (ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecSimpleKeysStoreAdoptKey", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDestroy(retval); ! retval = NULL; ! } ! } else { ! xmlSecKeyDestroy(retval); ! retval = NULL; ! } ! } ! ! return (retval); } --- 654,800 ---- */ int xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { ! xmlSecKeyInfoCtx keyInfoCtx; ! xmlSecNssKeysStoreCtxPtr context ; ! xmlSecPtrListPtr list; ! xmlSecKeyPtr key; ! xmlSecSize i, keysSize; ! xmlDocPtr doc; ! xmlNodePtr cur; ! xmlSecKeyDataPtr data; ! xmlSecPtrListPtr idsList; ! xmlSecKeyDataId dataId; ! xmlSecSize idsSize, j; ! int ret; ! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ; ! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; ! xmlSecAssert2(filename != NULL, -1); ! ! context = xmlSecNssKeysStoreGetCtx( store ) ; ! xmlSecAssert2( context != NULL, -1 ); ! ! list = context->keyList ; ! xmlSecAssert2( list != NULL, -1 ); ! xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); ! /* create doc */ ! doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); ! if(doc == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecCreateTree", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } ! idsList = xmlSecKeyDataIdsGet(); ! xmlSecAssert2(idsList != NULL, -1); ! ! keysSize = xmlSecPtrListGetSize(list); ! idsSize = xmlSecPtrListGetSize(idsList); ! for(i = 0; i < keysSize; ++i) { ! key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); ! xmlSecAssert2(key != NULL, -1); ! ! cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); ! if(cur == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); ! xmlFreeDoc(doc); ! return(-1); ! } ! /* special data key name */ ! if(xmlSecKeyGetName(key) != NULL) { ! if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeKeyName)); ! xmlFreeDoc(doc); ! return(-1); ! } ! } ! ! /* create nodes for other keys data */ ! for(j = 0; j < idsSize; ++j) { ! dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); ! xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); ! if(dataId->dataNodeName == NULL) { ! continue; ! } ! ! data = xmlSecKeyGetData(key, dataId); ! if(data == NULL) { ! continue; } ! if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "node=%s", ! xmlSecErrorsSafeString(dataId->dataNodeName)); ! xmlFreeDoc(doc); ! return(-1); } } ! ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); ! if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecKeyInfoCtxInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! xmlFreeDoc(doc); ! return(-1); } ! keyInfoCtx.mode = xmlSecKeyInfoModeWrite; ! keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; ! keyInfoCtx.keyReq.keyType = type; ! keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; ! /* finally write key in the node */ ! ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); ! if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSecKeyInfoNodeWrite", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyInfoCtxFinalize(&keyInfoCtx); ! xmlFreeDoc(doc); ! return(-1); ! } ! xmlSecKeyInfoCtxFinalize(&keyInfoCtx); } ! ! /* now write result */ ! ret = xmlSaveFormatFile(filename, doc, 1); ! if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), ! "xmlSaveFormatFile", ! XMLSEC_ERRORS_R_XML_FAILED, ! "filename=%s", ! xmlSecErrorsSafeString(filename)); ! xmlFreeDoc(doc); ! return(-1); ! } ! ! xmlFreeDoc(doc); ! return(0); } + *** misc/xmlsec1-1.2.6/src/nss/keytrans.c 2006-05-08 12:20:35.636652000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2006-05-08 12:19:39.325291000 +0200 *************** *** 1 **** ! dummy --- 1,744 ---- ! /** ! * ! * XMLSec library ! * ! * AES Algorithm support ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright ................................. ! */ ! #include "globals.h" ! ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! #include ! ! #include ! #include ! #include ! ! /********************************************************************* ! * ! * key transform transforms ! * ! ********************************************************************/ ! typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ; ! typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ; ! ! #define xmlSecNssKeyTransportSize \ ! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) ! ! #define xmlSecNssKeyTransportGetCtx( transform ) \ ! ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ! ! struct _xmlSecNssKeyTransportCtx { ! CK_MECHANISM_TYPE cipher ; ! SECKEYPublicKey* pubkey ; ! SECKEYPrivateKey* prikey ; ! xmlSecKeyDataId keyId ; ! xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ ! } ; ! ! static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform); ! static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform); ! static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, ! xmlSecKeyReqPtr keyReq); ! static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, ! xmlSecKeyPtr key); ! static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, ! int last, ! xmlSecTransformCtxPtr transformCtx); ! static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform); ! ! static int ! xmlSecNssKeyTransportCheckId( ! xmlSecTransformPtr transform ! ) { ! #ifndef XMLSEC_NO_RSA ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) { ! ! return(1); ! } ! #endif /* XMLSEC_NO_RSA */ ! ! return(0); ! } ! ! static int ! xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { ! xmlSecNssKeyTransportCtxPtr context ; ! int ret; ! ! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! xmlSecAssert2( context != NULL , -1 ) ; ! ! #ifndef XMLSEC_NO_RSA ! if( transform->id == xmlSecNssTransformRsaPkcs1Id ) { ! context->cipher = CKM_RSA_PKCS ; ! context->keyId = xmlSecNssKeyDataRsaId ; ! } else if( transform->id == xmlSecNssTransformRsaOaepId ) { ! context->cipher = CKM_RSA_PKCS_OAEP ; ! context->keyId = xmlSecNssKeyDataRsaId ; ! } else ! #endif /* XMLSEC_NO_RSA */ ! ! if( 1 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->pubkey = NULL ; ! context->prikey = NULL ; ! context->material = NULL ; ! ! return(0); ! } ! ! static void ! xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { ! xmlSecNssKeyTransportCtxPtr context ; ! ! xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); ! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! xmlSecAssert( context != NULL ) ; ! ! if( context->pubkey != NULL ) { ! SECKEY_DestroyPublicKey( context->pubkey ) ; ! context->pubkey = NULL ; ! } ! ! if( context->prikey != NULL ) { ! SECKEY_DestroyPrivateKey( context->prikey ) ; ! context->prikey = NULL ; ! } ! ! if( context->material != NULL ) { ! xmlSecBufferDestroy(context->material); ! context->material = NULL ; ! } ! } ! ! static int ! xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { ! xmlSecNssKeyTransportCtxPtr context ; ! xmlSecSize cipherSize = 0 ; ! ! ! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(keyReq != NULL, -1); ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! xmlSecAssert2( context != NULL , -1 ) ; ! ! keyReq->keyId = context->keyId; ! if(transform->operation == xmlSecTransformOperationEncrypt) { ! keyReq->keyUsage = xmlSecKeyUsageEncrypt; ! keyReq->keyType = xmlSecKeyDataTypePublic; ! } else { ! keyReq->keyUsage = xmlSecKeyUsageDecrypt; ! keyReq->keyType = xmlSecKeyDataTypePrivate; ! } ! ! return(0); ! } ! ! static int ! xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ! xmlSecNssKeyTransportCtxPtr context = NULL ; ! xmlSecKeyDataPtr keyData = NULL ; ! SECKEYPublicKey* pubkey = NULL ; ! SECKEYPrivateKey* prikey = NULL ; ! ! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(key != NULL, -1); ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ! ! keyData = xmlSecKeyGetValue( key ) ; ! if( keyData == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ! "xmlSecKeyGetValue" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if(transform->operation == xmlSecTransformOperationEncrypt) { ! if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ! "xmlSecNssPKIKeyDataGetPubKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->pubkey = pubkey ; ! } else { ! if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ! "xmlSecNssPKIKeyDataGetPrivKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->prikey = prikey ; ! } ! ! return(0) ; ! } ! ! /** ! * key wrap transform ! */ ! static int ! xmlSecNssKeyTransportCtxInit( ! xmlSecNssKeyTransportCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecSize blockSize ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! if( ctx->material != NULL ) { ! xmlSecBufferDestroy( ctx->material ) ; ! ctx->material = NULL ; ! } ! ! if( ctx->pubkey != NULL ) { ! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; ! } else if( ctx->prikey != NULL ) { ! blockSize = PK11_SignatureLen( ctx->prikey ) ; ! } else { ! blockSize = -1 ; ! } ! ! if( blockSize < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! ctx->material = xmlSecBufferCreate( blockSize ) ; ! if( ctx->material == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* read raw key material into context */ ! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetData" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return(0); ! } ! ! /** ! * key wrap transform update ! */ ! static int ! xmlSecNssKeyTransportCtxUpdate( ! xmlSecNssKeyTransportCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! /* read raw key material and append into context */ ! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return(0); ! } ! ! /** ! * Block cipher transform final ! */ ! static int ! xmlSecNssKeyTransportCtxFinal( ! xmlSecNssKeyTransportCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! SECKEYPublicKey* targetKey ; ! PK11SymKey* symKey ; ! PK11SlotInfo* slot ; ! SECItem oriskv ; ! xmlSecSize blockSize ; ! xmlSecBufferPtr result ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! /* read raw key material and append into context */ ! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* Now we get all of the key materail */ ! /* from now on we will wrap or unwrap the key */ ! if( ctx->pubkey != NULL ) { ! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; ! } else if( ctx->prikey != NULL ) { ! blockSize = PK11_SignatureLen( ctx->prikey ) ; ! } else { ! blockSize = -1 ; ! } ! ! if( blockSize < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! result = xmlSecBufferCreate( blockSize * 2 ) ; ! if( result == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! oriskv.type = siBuffer ; ! oriskv.data = xmlSecBufferGetData( ctx->material ) ; ! oriskv.len = xmlSecBufferGetSize( ctx->material ) ; ! ! if( encrypt != 0 ) { ! CK_OBJECT_HANDLE id ; ! SECItem wrpskv ; ! ! /* Create template symmetric key from material */ ! if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) { ! slot = xmlSecNssSlotGet( ctx->cipher ) ; ! if( slot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssSlotGet" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! ! id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; ! if( id == CK_INVALID_HANDLE ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_ImportPublicKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! PK11_FreeSlot( slot ) ; ! return(-1); ! } ! } ! ! /* pay attention to mechanism */ ! symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; ! if( symKey == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_ImportSymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! PK11_FreeSlot( slot ) ; ! return(-1); ! } ! ! wrpskv.type = siBuffer ; ! wrpskv.data = xmlSecBufferGetData( result ) ; ! wrpskv.len = xmlSecBufferGetMaxSize( result ) ; ! ! if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_PubWrapSymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! PK11_FreeSlot( slot ) ; ! return(-1); ! } ! ! if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! PK11_FreeSlot( slot ) ; ! return(-1); ! } ! PK11_FreeSymKey( symKey ) ; ! PK11_FreeSlot( slot ) ; ! } else { ! SECItem* keyItem ; ! CK_OBJECT_HANDLE id1 ; ! ! /* pay attention to mechanism */ ! if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_PubUnwrapSymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! ! /* Extract raw data from symmetric key */ ! if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_ExtractKeyValue" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! ! if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetKeyData" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! ! if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_PubUnwrapSymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! PK11_FreeSymKey( symKey ) ; ! } ! ! /* Write output */ ! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! xmlSecBufferDestroy(result); ! ! return(0); ! } ! ! static int ! xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ! xmlSecNssKeyTransportCtxPtr context = NULL ; ! xmlSecBufferPtr inBuf, outBuf ; ! int operation ; ! int rtv ; ! ! xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! context = xmlSecNssKeyTransportGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! inBuf = &( transform->inBuf ) ; ! outBuf = &( transform->outBuf ) ; ! ! if( transform->status == xmlSecTransformStatusNone ) { ! transform->status = xmlSecTransformStatusWorking ; ! } ! ! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ! if( transform->status == xmlSecTransformStatusWorking ) { ! if( context->material == NULL ) { ! rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportCtxInit" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! if( context->material == NULL && last != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "No enough data to intialize transform" ) ; ! return(-1); ! } ! ! if( context->material != NULL ) { ! rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportCtxUpdate" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! if( last ) { ! rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyTransportCtxFinal" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! transform->status = xmlSecTransformStatusFinished ; ! } ! } else if( transform->status == xmlSecTransformStatusFinished ) { ! if( xmlSecBufferGetSize( inBuf ) != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return(-1); ! } ! } else { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return(-1); ! } ! ! return(0); ! } ! ! ! #ifndef XMLSEC_NO_RSA ! ! static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ ! ! xmlSecNameRsaPkcs1, /* const xmlChar* name; */ ! xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! static xmlSecTransformKlass xmlSecNssRsaOaepKlass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ ! ! xmlSecNameRsaOaep, /* const xmlChar* name; */ ! xmlSecHrefRsaOaep, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! /** ! * xmlSecNssTransformRsaPkcs1GetKlass: ! * ! * The RSA-PKCS1 key transport transform klass. ! * ! * Returns RSA-PKCS1 key transport transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformRsaPkcs1GetKlass(void) { ! return(&xmlSecNssRsaPkcs1Klass); ! } ! ! /** ! * xmlSecNssTransformRsaOaepGetKlass: ! * ! * The RSA-PKCS1 key transport transform klass. ! * ! * Returns RSA-PKCS1 key transport transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformRsaOaepGetKlass(void) { ! return(&xmlSecNssRsaOaepKlass); ! } ! ! #endif /* XMLSEC_NO_RSA */ ! *** misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2006-05-08 12:20:35.663491000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2006-05-08 12:19:39.346178000 +0200 *************** *** 1 **** ! dummy --- 1,1197 ---- ! /** ! * ! * XMLSec library ! * ! * AES Algorithm support ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright ................................. ! */ ! #include "globals.h" ! ! #include ! #include ! #include ! ! #include ! #include ! #include ! ! #include ! #include ! #include ! #include ! #include ! ! #include ! #include ! ! #define XMLSEC_NSS_AES128_KEY_SIZE 16 ! #define XMLSEC_NSS_AES192_KEY_SIZE 24 ! #define XMLSEC_NSS_AES256_KEY_SIZE 32 ! #define XMLSEC_NSS_DES3_KEY_SIZE 24 ! #define XMLSEC_NSS_DES3_KEY_LENGTH 24 ! #define XMLSEC_NSS_DES3_IV_LENGTH 8 ! #define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 ! ! static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { ! 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 ! }; ! ! /********************************************************************* ! * ! * key wrap transforms ! * ! ********************************************************************/ ! typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; ! typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; ! ! #define xmlSecNssKeyWrapSize \ ! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) ! ! #define xmlSecNssKeyWrapGetCtx( transform ) \ ! ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) ! ! struct _xmlSecNssKeyWrapCtx { ! CK_MECHANISM_TYPE cipher ; ! PK11SymKey* symkey ; ! xmlSecKeyDataId keyId ; ! xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ ! } ; ! ! static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); ! static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); ! static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, ! xmlSecKeyReqPtr keyReq); ! static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, ! xmlSecKeyPtr key); ! static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, ! int last, ! xmlSecTransformCtxPtr transformCtx); ! static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); ! ! static int ! xmlSecNssKeyWrapCheckId( ! xmlSecTransformPtr transform ! ) { ! #ifndef XMLSEC_NO_DES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { ! return(1); ! } ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || ! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { ! ! return(1); ! } ! #endif /* XMLSEC_NO_AES */ ! ! return(0); ! } ! ! static xmlSecSize ! xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { ! #ifndef XMLSEC_NO_DES ! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { ! return(XMLSEC_NSS_DES3_KEY_SIZE); ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { ! return(XMLSEC_NSS_AES128_KEY_SIZE); ! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { ! return(XMLSEC_NSS_AES192_KEY_SIZE); ! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ! return(XMLSEC_NSS_AES256_KEY_SIZE); ! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ! return(XMLSEC_NSS_AES256_KEY_SIZE); ! } else ! #endif /* XMLSEC_NO_AES */ ! ! if(1) ! return(0); ! } ! ! ! static int ! xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { ! xmlSecNssKeyWrapCtxPtr context ; ! int ret; ! ! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! xmlSecAssert2( context != NULL , -1 ) ; ! ! #ifndef XMLSEC_NO_DES ! if( transform->id == xmlSecNssTransformKWDes3Id ) { ! context->cipher = CKM_DES3_CBC ; ! context->keyId = xmlSecNssKeyDataDesId ; ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if( transform->id == xmlSecNssTransformKWAes128Id ) { ! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! if( transform->id == xmlSecNssTransformKWAes192Id ) { ! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! if( transform->id == xmlSecNssTransformKWAes256Id ) { ! /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ ! context->cipher = CKM_AES_CBC ; ! context->keyId = xmlSecNssKeyDataAesId ; ! } else ! #endif /* XMLSEC_NO_AES */ ! ! ! if( 1 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->symkey = NULL ; ! context->material = NULL ; ! ! return(0); ! } ! ! static void ! xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { ! xmlSecNssKeyWrapCtxPtr context ; ! ! xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); ! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! xmlSecAssert( context != NULL ) ; ! ! if( context->symkey != NULL ) { ! PK11_FreeSymKey( context->symkey ) ; ! context->symkey = NULL ; ! } ! ! if( context->material != NULL ) { ! xmlSecBufferDestroy(context->material); ! context->material = NULL ; ! } ! } ! ! static int ! xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { ! xmlSecNssKeyWrapCtxPtr context ; ! xmlSecSize cipherSize = 0 ; ! ! ! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(keyReq != NULL, -1); ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! xmlSecAssert2( context != NULL , -1 ) ; ! ! keyReq->keyId = context->keyId; ! keyReq->keyType = xmlSecKeyDataTypeSymmetric; ! if(transform->operation == xmlSecTransformOperationEncrypt) { ! keyReq->keyUsage = xmlSecKeyUsageEncrypt; ! } else { ! keyReq->keyUsage = xmlSecKeyUsageDecrypt; ! } ! ! keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; ! ! return(0); ! } ! ! static int ! xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ! xmlSecNssKeyWrapCtxPtr context = NULL ; ! xmlSecKeyDataPtr keyData = NULL ; ! PK11SymKey* symkey = NULL ; ! ! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); ! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); ! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); ! xmlSecAssert2(key != NULL, -1); ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; ! ! keyData = xmlSecKeyGetValue( key ) ; ! if( keyData == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , ! "xmlSecKeyGetValue" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , ! "xmlSecNssSymKeyDataGetKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! context->symkey = symkey ; ! ! return(0) ; ! } ! ! /** ! * key wrap transform ! */ ! static int ! xmlSecNssKeyWrapCtxInit( ! xmlSecNssKeyWrapCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecSize blockSize ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! if( ctx->material != NULL ) { ! xmlSecBufferDestroy( ctx->material ) ; ! ctx->material = NULL ; ! } ! ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! ctx->material = xmlSecBufferCreate( blockSize ) ; ! if( ctx->material == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* read raw key material into context */ ! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetData" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return(0); ! } ! ! /** ! * key wrap transform update ! */ ! static int ! xmlSecNssKeyWrapCtxUpdate( ! xmlSecNssKeyWrapCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! /* read raw key material and append into context */ ! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return(0); ! } ! ! static int ! xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { ! xmlSecSize s; ! xmlSecSize i; ! xmlSecByte c; ! ! xmlSecAssert2(buf != NULL, -1); ! ! s = size / 2; ! --size; ! for(i = 0; i < s; ++i) { ! c = buf[i]; ! buf[i] = buf[size - i]; ! buf[size - i] = c; ! } ! return(0); ! } ! ! static xmlSecByte * ! xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, ! xmlSecByte *out, xmlSecSize outSize) ! { ! PK11Context *context = NULL; ! SECStatus s; ! xmlSecByte *digest = NULL; ! unsigned int len; ! ! xmlSecAssert2(in != NULL, NULL); ! xmlSecAssert2(out != NULL, NULL); ! xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); ! ! /* Create a context for hashing (digesting) */ ! context = PK11_CreateDigestContext(SEC_OID_SHA1); ! if (context == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_CreateDigestContext", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! goto done; ! } ! ! s = PK11_DigestBegin(context); ! if (s != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_DigestBegin", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! goto done; ! } ! ! s = PK11_DigestOp(context, in, inSize); ! if (s != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_DigestOp", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! goto done; ! } ! ! s = PK11_DigestFinal(context, out, &len, outSize); ! if (s != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_DigestFinal", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! goto done; ! } ! xmlSecAssert2(len == SHA1_LENGTH, NULL); ! ! digest = out; ! ! done: ! if (context != NULL) { ! PK11_DestroyContext(context, PR_TRUE); ! } ! return (digest); ! } ! ! static int ! xmlSecNssKWDes3Encrypt( ! PK11SymKey* symKey , ! CK_MECHANISM_TYPE cipherMech , ! const xmlSecByte* iv , ! xmlSecSize ivSize , ! const xmlSecByte* in , ! xmlSecSize inSize , ! xmlSecByte* out , ! xmlSecSize outSize , ! int enc ! ) { ! PK11Context* EncContext = NULL; ! SECItem ivItem ; ! SECItem* secParam = NULL ; ! int tmp1_outlen; ! unsigned int tmp2_outlen; ! int result_len = -1; ! SECStatus rv; ! ! xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( symKey != NULL , -1 ) ; ! xmlSecAssert2(iv != NULL, -1); ! xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); ! xmlSecAssert2(in != NULL, -1); ! xmlSecAssert2(inSize > 0, -1); ! xmlSecAssert2(out != NULL, -1); ! xmlSecAssert2(outSize >= inSize, -1); ! ! /* Prepare IV */ ! ivItem.data = ( unsigned char* )iv ; ! ivItem.len = ivSize ; ! ! secParam = PK11_ParamFromIV(cipherMech, &ivItem); ! if (secParam == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_ParamFromIV", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "Error code = %d", PORT_GetError()); ! goto done; ! } ! ! EncContext = PK11_CreateContextBySymKey(cipherMech, ! enc ? CKA_ENCRYPT : CKA_DECRYPT, ! symKey, secParam); ! if (EncContext == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_CreateContextBySymKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "Error code = %d", PORT_GetError()); ! goto done; ! } ! ! tmp1_outlen = tmp2_outlen = 0; ! rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, ! (unsigned char *)in, inSize); ! if (rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_CipherOp", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "Error code = %d", PORT_GetError()); ! goto done; ! } ! ! rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, ! &tmp2_outlen, outSize-tmp1_outlen); ! if (rv != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_DigestFinal", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "Error code = %d", PORT_GetError()); ! goto done; ! } ! ! result_len = tmp1_outlen + tmp2_outlen; ! ! done: ! if (secParam) { ! SECITEM_FreeItem(secParam, PR_TRUE); ! } ! if (EncContext) { ! PK11_DestroyContext(EncContext, PR_TRUE); ! } ! ! return(result_len); ! } ! ! static int ! xmlSecNssKeyWrapDesOp( ! xmlSecNssKeyWrapCtxPtr ctx , ! int encrypt , ! xmlSecBufferPtr result ! ) { ! xmlSecByte sha1[SHA1_LENGTH]; ! xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; ! xmlSecByte* in; ! xmlSecSize inSize; ! xmlSecByte* out; ! xmlSecSize outSize; ! xmlSecSize s; ! int ret; ! SECStatus status; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( result != NULL , -1 ) ; ! ! in = xmlSecBufferGetData(ctx->material); ! inSize = xmlSecBufferGetSize(ctx->material) ; ! out = xmlSecBufferGetData(result); ! outSize = xmlSecBufferGetMaxSize(result) ; ! if( encrypt ) { ! /* step 2: calculate sha1 and CMS */ ! if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssComputeSHA1", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! /* step 3: construct WKCKS */ ! memcpy(out, in, inSize); ! memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); ! ! /* step 4: generate random iv */ ! status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); ! if(status != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PK11_GenerateRandom", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code = %d", PORT_GetError()); ! return(-1); ! } ! ! /* step 5: first encryption, result is TEMP1 */ ! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ! iv, XMLSEC_NSS_DES3_IV_LENGTH, ! out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, ! out, outSize, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3Encrypt", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! /* step 6: construct TEMP2=IV || TEMP1 */ ! memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, ! inSize + XMLSEC_NSS_DES3_IV_LENGTH); ! memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); ! s = ret + XMLSEC_NSS_DES3_IV_LENGTH; ! ! /* step 7: reverse octets order, result is TEMP3 */ ! ret = xmlSecNssKWDes3BufferReverse(out, s); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3BufferReverse", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! /* step 8: second encryption with static IV */ ! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, ! out, s, ! out, outSize, 1); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3Encrypt", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! s = ret; ! ! if( xmlSecBufferSetSize( result , s ) < 0 ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferSetSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } else { ! /* step 2: first decryption with static IV, result is TEMP3 */ ! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, ! in, inSize, ! out, outSize, 0); ! if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3Encrypt", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! s = ret; ! ! /* step 3: reverse octets order in TEMP3, result is TEMP2 */ ! ret = xmlSecNssKWDes3BufferReverse(out, s); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3BufferReverse", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ ! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, ! out, XMLSEC_NSS_DES3_IV_LENGTH, ! out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, ! out, outSize, 0); ! if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssKWDes3Encrypt", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! s = ret - XMLSEC_NSS_DES3_IV_LENGTH; ! ! /* steps 6 and 7: calculate SHA1 and validate it */ ! if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssComputeSHA1", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "SHA1 does not match"); ! return(-1); ! } ! ! if( xmlSecBufferSetSize( result , s ) < 0 ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBufferSetSize", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! ! return(0); ! } ! ! static int ! xmlSecNssKeyWrapAesOp( ! xmlSecNssKeyWrapCtxPtr ctx , ! int encrypt , ! xmlSecBufferPtr result ! ) { ! PK11Context* cipherCtx = NULL; ! SECItem ivItem ; ! SECItem* secParam = NULL ; ! xmlSecSize inSize ; ! xmlSecSize inBlocks ; ! int blockSize ; ! int midSize ; ! int finSize ; ! xmlSecByte* out ; ! xmlSecSize outSize; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( result != NULL , -1 ) ; ! ! /* Do not set any IV */ ! memset(&ivItem, 0, sizeof(ivItem)); ! ! /* Get block size */ ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! inSize = xmlSecBufferGetSize( ctx->material ) ; ! if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetMaxSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* Get Param for context initialization */ ! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_ParamFromIV" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; ! if( cipherCtx == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_CreateContextBySymKey" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! SECITEM_FreeItem( secParam , PR_TRUE ) ; ! return(-1); ! } ! ! out = xmlSecBufferGetData(result) ; ! outSize = xmlSecBufferGetMaxSize(result) ; ! if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_CipherOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_DigestFinal" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferSetSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! return 0 ; ! } ! ! /** ! * Block cipher transform final ! */ ! static int ! xmlSecNssKeyWrapCtxFinal( ! xmlSecNssKeyWrapCtxPtr ctx , ! xmlSecBufferPtr in , ! xmlSecBufferPtr out , ! int encrypt , ! xmlSecTransformCtxPtr transformCtx ! ) { ! PK11SymKey* targetKey ; ! xmlSecSize blockSize ; ! xmlSecBufferPtr result ; ! ! xmlSecAssert2( ctx != NULL , -1 ) ; ! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; ! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; ! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; ! xmlSecAssert2( ctx->material != NULL , -1 ) ; ! xmlSecAssert2( in != NULL , -1 ) ; ! xmlSecAssert2( out != NULL , -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! /* read raw key material and append into context */ ! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferRemoveHead" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* Now we get all of the key materail */ ! /* from now on we will wrap or unwrap the key */ ! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "PK11_GetBlockSize" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! result = xmlSecBufferCreate( blockSize ) ; ! if( result == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! switch( ctx->cipher ) { ! case CKM_DES3_CBC : ! if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssKeyWrapDesOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! break ; ! /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ ! case CKM_AES_CBC : ! if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecNssKeyWrapAesOp" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! break ; ! } ! ! /* Write output */ ! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! "xmlSecBufferAppend" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBufferDestroy(result); ! return(-1); ! } ! xmlSecBufferDestroy(result); ! ! return(0); ! } ! ! static int ! xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { ! xmlSecNssKeyWrapCtxPtr context = NULL ; ! xmlSecBufferPtr inBuf, outBuf ; ! int operation ; ! int rtv ; ! ! xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; ! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; ! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; ! xmlSecAssert2( transformCtx != NULL , -1 ) ; ! ! context = xmlSecNssKeyWrapGetCtx( transform ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! inBuf = &( transform->inBuf ) ; ! outBuf = &( transform->outBuf ) ; ! ! if( transform->status == xmlSecTransformStatusNone ) { ! transform->status = xmlSecTransformStatusWorking ; ! } ! ! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; ! if( transform->status == xmlSecTransformStatusWorking ) { ! if( context->material == NULL ) { ! rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapCtxInit" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! if( context->material == NULL && last != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "No enough data to intialize transform" ) ; ! return(-1); ! } ! ! if( context->material != NULL ) { ! rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapCtxUpdate" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! if( last ) { ! rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; ! if( rtv < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! "xmlSecNssKeyWrapCtxFinal" , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! transform->status = xmlSecTransformStatusFinished ; ! } ! } else if( transform->status == xmlSecTransformStatusFinished ) { ! if( xmlSecBufferGetSize( inBuf ) != 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return(-1); ! } ! } else { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , ! NULL , ! XMLSEC_ERRORS_R_INVALID_STATUS , ! "status=%d", transform->status ) ; ! return(-1); ! } ! ! return(0); ! } ! ! #ifndef XMLSEC_NO_AES ! ! ! static xmlSecTransformKlass xmlSecNssKWAes128Klass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ! ! xmlSecNameKWAes128, /* const xmlChar* name; */ ! xmlSecHrefKWAes128, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! static xmlSecTransformKlass xmlSecNssKWAes192Klass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ! ! xmlSecNameKWAes192, /* const xmlChar* name; */ ! xmlSecHrefKWAes192, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! static xmlSecTransformKlass xmlSecNssKWAes256Klass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ! ! xmlSecNameKWAes256, /* const xmlChar* name; */ ! xmlSecHrefKWAes256, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! /** ! * xmlSecNssTransformKWAes128GetKlass: ! * ! * The AES-128 key wrapper transform klass. ! * ! * Returns AES-128 key wrapper transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformKWAes128GetKlass(void) { ! return(&xmlSecNssKWAes128Klass); ! } ! ! /** ! * xmlSecNssTransformKWAes192GetKlass: ! * ! * The AES-192 key wrapper transform klass. ! * ! * Returns AES-192 key wrapper transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformKWAes192GetKlass(void) { ! return(&xmlSecNssKWAes192Klass); ! } ! ! /** ! * ! * The AES-256 key wrapper transform klass. ! * ! * Returns AES-256 key wrapper transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformKWAes256GetKlass(void) { ! return(&xmlSecNssKWAes256Klass); ! } ! ! #endif /* XMLSEC_NO_AES */ ! ! ! #ifndef XMLSEC_NO_DES ! ! static xmlSecTransformKlass xmlSecNssKWDes3Klass = { ! /* klass/object sizes */ ! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ ! ! xmlSecNameKWDes3, /* const xmlChar* name; */ ! xmlSecHrefKWDes3, /* const xmlChar* href; */ ! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ ! ! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ ! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ! NULL, /* xmlSecTransformNodeReadMethod readNode; */ ! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ ! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ! NULL, /* xmlSecTransformValidateMethod validate; */ ! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ! NULL, /* xmlSecTransformPopXmlMethod popXml; */ ! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ ! ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ ! }; ! ! /** ! * xmlSecNssTransformKWDes3GetKlass: ! * ! * The Triple DES key wrapper transform klass. ! * ! * Returns Triple DES key wrapper transform klass. ! */ ! xmlSecTransformId ! xmlSecNssTransformKWDes3GetKlass(void) { ! return(&xmlSecNssKWDes3Klass); ! } ! ! #endif /* XMLSEC_NO_DES */ ! *** misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 11:43:03.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2006-05-08 12:19:39.363816000 +0200 *************** *** 20,40 **** $(NULL) libxmlsec1_nss_la_SOURCES =\ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ pkikeys.c \ signatures.c \ symkeys.c \ x509.c \ x509vfy.c \ - keysstore.c \ - kt_rsa.c \ - kw_des.c \ - kw_aes.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ --- 20,41 ---- $(NULL) libxmlsec1_nss_la_SOURCES =\ + akmngr.c \ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ + keysstore.c \ + keytrans.c \ + keywrapers.c \ pkikeys.c \ signatures.c \ symkeys.c \ + tokens.c \ x509.c \ x509vfy.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ *** misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 08:00:32.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2006-05-08 12:19:39.378564000 +0200 *************** *** 54,62 **** $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__objects_1 = ! am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \ digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ ! x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \ $(am__objects_1) libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) --- 54,62 ---- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__objects_1 = ! am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \ digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ ! x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \ $(am__objects_1) libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) *************** *** 65,75 **** @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ --- 65,75 ---- @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ ! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ *************** *** 321,341 **** $(NULL) libxmlsec1_nss_la_SOURCES = \ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ pkikeys.c \ signatures.c \ symkeys.c \ x509.c \ x509vfy.c \ - keysstore.c \ - kt_rsa.c \ - kw_des.c \ - kw_aes.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ --- 321,342 ---- $(NULL) libxmlsec1_nss_la_SOURCES = \ + akmngr.c \ app.c \ bignum.c \ ciphers.c \ crypto.c \ digests.c \ hmac.c \ + keysstore.c \ + keytrans.c \ + keywrappers.c \ pkikeys.c \ signatures.c \ symkeys.c \ + tokens.c \ x509.c \ x509vfy.c \ $(NULL) libxmlsec1_nss_la_LIBADD = \ *************** *** 418,423 **** --- 419,425 ---- distclean-compile: -rm -f *.tab.c + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ *************** *** 425,433 **** @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ --- 427,435 ---- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@ ! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ *** misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 06:06:45.000000000 +0100 --- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2006-05-08 12:19:39.399185000 +0200 *************** *** 5,10 **** --- 5,11 ---- * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. + * Copyright ........................... */ #include "globals.h" *************** *** 24,29 **** --- 25,31 ---- #include #include #include + #include /************************************************************************** * *************** *** 98,111 **** { xmlSecAssert(ctx != NULL); if (ctx->privkey != NULL) { ! SECKEY_DestroyPrivateKey(ctx->privkey); ! ctx->privkey = NULL; } ! if (ctx->pubkey) ! { ! SECKEY_DestroyPublicKey(ctx->pubkey); ! ctx->pubkey = NULL; } } --- 100,112 ---- { xmlSecAssert(ctx != NULL); if (ctx->privkey != NULL) { ! SECKEY_DestroyPrivateKey(ctx->privkey); ! ctx->privkey = NULL; } ! if (ctx->pubkey) { ! SECKEY_DestroyPublicKey(ctx->pubkey); ! ctx->pubkey = NULL; } } *************** *** 115,143 **** xmlSecNssPKIKeyDataCtxPtr ctxSrc) { xmlSecNSSPKIKeyDataCtxFree(ctxDst); if (ctxSrc->privkey != NULL) { ! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); ! if(ctxDst->privkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SECKEY_CopyPrivateKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } } if (ctxSrc->pubkey != NULL) { ! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); ! if(ctxDst->pubkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SECKEY_CopyPublicKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } } return (0); } --- 116,147 ---- xmlSecNssPKIKeyDataCtxPtr ctxSrc) { xmlSecNSSPKIKeyDataCtxFree(ctxDst); + ctxDst->privkey = NULL ; + ctxDst->pubkey = NULL ; if (ctxSrc->privkey != NULL) { ! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); ! if(ctxDst->privkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SECKEY_CopyPrivateKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! return(-1); ! } } if (ctxSrc->pubkey != NULL) { ! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); ! if(ctxDst->pubkey == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SECKEY_CopyPublicKey", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! return(-1); ! } } + return (0); } *************** *** 147,166 **** SECKEYPublicKey *pubkey) { xmlSecNssPKIKeyDataCtxPtr ctx; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); if (ctx->privkey) { ! SECKEY_DestroyPrivateKey(ctx->privkey); } ctx->privkey = privkey; if (ctx->pubkey) { ! SECKEY_DestroyPublicKey(ctx->pubkey); } ctx->pubkey = pubkey; --- 151,191 ---- SECKEYPublicKey *pubkey) { xmlSecNssPKIKeyDataCtxPtr ctx; + KeyType pubType = nullKey ; + KeyType priType = nullKey ; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); + if( privkey != NULL ) { + priType = SECKEY_GetPrivateKeyType( privkey ) ; + } + + if( pubkey != NULL ) { + pubType = SECKEY_GetPublicKeyType( pubkey ) ; + } + + if( priType != nullKey && pubType != nullKey ) { + if( pubType != priType ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "different type of private and public key" ) ; + return -1 ; + } + } + ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); if (ctx->privkey) { ! SECKEY_DestroyPrivateKey(ctx->privkey); } ctx->privkey = privkey; if (ctx->pubkey) { ! SECKEY_DestroyPublicKey(ctx->pubkey); } ctx->pubkey = pubkey; *************** *** 183,243 **** { xmlSecKeyDataPtr data = NULL; int ret; ! KeyType kt; ! ! if (pubkey != NULL) { ! kt = SECKEY_GetPublicKeyType(pubkey); ! } else { ! kt = SECKEY_GetPrivateKeyType(privkey); ! pubkey = SECKEY_ConvertToPublicKey(privkey); ! } ! switch(kt) { #ifndef XMLSEC_NO_RSA case rsaKey: ! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecNssKeyDataRsaId"); ! return(NULL); ! } ! break; #endif /* XMLSEC_NO_RSA */ #ifndef XMLSEC_NO_DSA case dsaKey: ! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecNssKeyDataDsaId"); ! return(NULL); ! } ! break; #endif /* XMLSEC_NO_DSA */ default: ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, ! "PKI key type %d not supported", kt); ! return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssPKIKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy(data); ! return(NULL); } return(data); } --- 208,282 ---- { xmlSecKeyDataPtr data = NULL; int ret; ! KeyType pubType = nullKey ; ! KeyType priType = nullKey ; ! if( privkey != NULL ) { ! priType = SECKEY_GetPrivateKeyType( privkey ) ; ! } ! ! if( pubkey != NULL ) { ! pubType = SECKEY_GetPublicKeyType( pubkey ) ; ! } ! ! if( priType != nullKey && pubType != nullKey ) { ! if( pubType != priType ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! "different type of private and public key" ) ; ! return( NULL ) ; ! } ! } ! ! pubType = priType != nullKey ? priType : pubType ; ! switch(pubType) { #ifndef XMLSEC_NO_RSA case rsaKey: ! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecNssKeyDataRsaId"); ! return(NULL); ! } ! break; #endif /* XMLSEC_NO_RSA */ #ifndef XMLSEC_NO_DSA case dsaKey: ! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); ! if(data == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "xmlSecNssKeyDataDsaId"); ! return(NULL); ! } ! break; #endif /* XMLSEC_NO_DSA */ default: ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, ! "PKI key type %d not supported", pubType); ! return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssPKIKeyDataAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy(data); ! return(NULL); } return(data); } *************** *** 263,269 **** xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->pubkey != NULL, NULL); ! ret = SECKEY_CopyPublicKey(ctx->pubkey); return(ret); } --- 302,308 ---- xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->pubkey != NULL, NULL); ! ret = SECKEY_CopyPublicKey(ctx->pubkey); return(ret); } *************** *** 312,320 **** xmlSecAssert2(ctx != NULL, nullKey); if (ctx->pubkey != NULL) { ! kt = SECKEY_GetPublicKeyType(ctx->pubkey); } else { ! kt = SECKEY_GetPrivateKeyType(ctx->privkey); } return(kt); } --- 351,359 ---- xmlSecAssert2(ctx != NULL, nullKey); if (ctx->pubkey != NULL) { ! kt = SECKEY_GetPublicKeyType(ctx->pubkey); } else { ! kt = SECKEY_GetPrivateKeyType(ctx->privkey); } return(kt); } *************** *** 553,565 **** goto done; } ! slot = PK11_GetBestSlot(CKM_DSA, NULL); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "PK11_GetBestSlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ret = -1; goto done; } --- 592,604 ---- goto done; } ! slot = xmlSecNssSlotGet(CKM_DSA); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ret = -1; goto done; } *************** *** 570,576 **** xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ret = -1; goto done; } --- 609,615 ---- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ret = -1; goto done; } *************** *** 582,588 **** xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; --- 621,627 ---- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; *************** *** 750,770 **** goto done; } data = NULL; - ret = 0; done: if (slot != NULL) { ! PK11_FreeSlot(slot); } ! if (ret != 0) { ! if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); ! } ! if (data != NULL) { ! xmlSecKeyDataDestroy(data); ! } } return(ret); } --- 789,809 ---- goto done; } data = NULL; ret = 0; done: if (slot != NULL) { ! PK11_FreeSlot(slot); } ! ! if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); ! } ! ! if (data != NULL) { ! xmlSecKeyDataDestroy(data); } + return(ret); } *************** *** 783,789 **** ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { /* we can have only private key or public key */ --- 822,828 ---- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { /* we can have only private key or public key */ *************** *** 905,911 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_ParamGen", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d", sizeBits); goto done; } --- 944,951 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_ParamGen", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d, error code=%d", sizeBits, PORT_GetError()); ! ret = -1; goto done; } *************** *** 915,925 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_VerifyParams", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d", sizeBits); goto done; } ! slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); --- 955,966 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_PQG_VerifyParams", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "size=%d, error code=%d", sizeBits, PORT_GetError()); ! ret = -1; goto done; } ! slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); *************** *** 929,936 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); goto done; } --- 970,978 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); + ret = -1; goto done; } *************** *** 943,971 **** XMLSEC_ERRORS_NO_MESSAGE); goto done; } ! ret = 0; done: if (slot != NULL) { ! PK11_FreeSlot(slot); } if (pqgParams != NULL) { ! PK11_PQG_DestroyParams(pqgParams); } if (pqgVerify != NULL) { ! PK11_PQG_DestroyVerify(pqgVerify); ! } ! if (ret == 0) { ! return (0); } if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); } if (privkey != NULL) { ! SECKEY_DestroyPrivateKey(privkey); } ! return(-1); } static xmlSecKeyDataType --- 985,1016 ---- XMLSEC_ERRORS_NO_MESSAGE); goto done; } ! privkey = NULL ; ! pubkey = NULL ; ret = 0; done: if (slot != NULL) { ! PK11_FreeSlot(slot); } + if (pqgParams != NULL) { ! PK11_PQG_DestroyParams(pqgParams); } + if (pqgVerify != NULL) { ! PK11_PQG_DestroyVerify(pqgVerify); } + if (pubkey != NULL) { ! SECKEY_DestroyPublicKey(pubkey); } + if (privkey != NULL) { ! SECKEY_DestroyPrivateKey(privkey); } ! ! return(ret); } static xmlSecKeyDataType *************** *** 975,985 **** xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); if (ctx->privkey != NULL) { ! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); ! } else { ! return(xmlSecKeyDataTypePublic); } return(xmlSecKeyDataTypeUnknown); --- 1020,1030 ---- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ if (ctx->privkey != NULL) { ! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); ! } else if( ctx->pubkey != NULL ) { ! return(xmlSecKeyDataTypePublic); } return(xmlSecKeyDataTypeUnknown); *************** *** 992,998 **** xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } --- 1037,1043 ---- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } *************** *** 1181,1193 **** goto done; } ! slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "PK11_GetBestSlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ret = -1; goto done; } --- 1226,1238 ---- goto done; } ! slot = xmlSecNssSlotGet(CKM_RSA_PKCS); if(slot == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssSlotGet", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ret = -1; goto done; } *************** *** 1198,1204 **** xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ret = -1; goto done; } --- 1243,1249 ---- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_NewArena", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ret = -1; goto done; } *************** *** 1210,1216 **** xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; --- 1255,1261 ---- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "PORT_ArenaZAlloc", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; *************** *** 1349,1355 **** ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { --- 1394,1400 ---- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { *************** *** 1420,1426 **** params.keySizeInBits = sizeBits; params.pe = 65537; ! slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, &pubkey, PR_FALSE, PR_TRUE, NULL); --- 1465,1471 ---- params.keySizeInBits = sizeBits; params.pe = 65537; ! slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, &pubkey, PR_FALSE, PR_TRUE, NULL); *************** *** 1430,1436 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); goto done; } --- 1475,1481 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "PK11_GenerateKeyPair", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); goto done; } *************** *** 1472,1478 **** ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); if (ctx->privkey != NULL) { return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); } else { --- 1517,1523 ---- ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ if (ctx->privkey != NULL) { return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); } else { *************** *** 1490,1496 **** ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } --- 1535,1541 ---- ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); ! /* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); } *** misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 02:58:15.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2006-05-08 12:19:39.421762000 +0200 *************** *** 199,205 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_NewContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else { --- 199,205 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_NewContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } else { *************** *** 222,228 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_CreateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } --- 222,228 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_CreateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } *************** *** 282,288 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update, VFY_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { xmlSecError(XMLSEC_ERRORS_HERE, --- 282,288 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update, VFY_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 341,347 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else { --- 341,347 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } else { *************** *** 351,357 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } --- 351,357 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Begin", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } *************** *** 368,374 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else { --- 368,374 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } else { *************** *** 378,384 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } --- 378,384 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "VFY_Update", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } *************** *** 404,410 **** xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 404,410 ---- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SGN_End", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *** misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 05:12:52.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2006-05-08 12:19:39.443317000 +0200 *************** *** 15,192 **** #include #include #include #include #include #include #include #include #include /***************************************************************************** * ! * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary * ****************************************************************************/ ! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); ! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, ! xmlSecKeyDataPtr src); ! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); ! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlNodePtr node, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlNodePtr node, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! const xmlSecByte* buf, ! xmlSecSize bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlSecByte** buf, ! xmlSecSize* bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, ! xmlSecSize sizeBits, ! xmlSecKeyDataType type); ! ! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); ! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); ! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, ! FILE* output); ! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, ! FILE* output); ! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); #define xmlSecNssSymKeyDataCheckId(data) \ (xmlSecKeyDataIsValid((data)) && \ xmlSecNssSymKeyDataKlassCheck((data)->id)) static int xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); ! ! return(xmlSecKeyDataBinaryValueInitialize(data)); } static int xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); xmlSecAssert2(dst->id == src->id, -1); ! ! return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); } static void xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! ! xmlSecKeyDataBinaryValueFinalize(data); } static int xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ! return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); } static int xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ! return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); } static int xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ! const xmlSecByte* buf, xmlSecSize bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { ! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ! return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); } static int xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlSecByte** buf, xmlSecSize* bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ! return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); } static int xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { ! xmlSecBufferPtr buffer; ! xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); xmlSecAssert2(sizeBits > 0, -1); ! buffer = xmlSecKeyDataBinaryValueGetBuffer(data); ! xmlSecAssert2(buffer != NULL, -1); ! ! return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); } static xmlSecKeyDataType xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { ! xmlSecBufferPtr buffer; xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); ! buffer = xmlSecKeyDataBinaryValueGetBuffer(data); ! xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); ! return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); } static xmlSecSize xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); ! ! return(xmlSecKeyDataBinaryValueGetSize(data)); } static void xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! xmlSecKeyDataBinaryValueDebugDump(data, output); } static void xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! xmlSecKeyDataBinaryValueDebugXmlDump(data, output); } static int xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { #ifndef XMLSEC_NO_DES if(klass == xmlSecNssKeyDataDesId) { ! return(1); } #endif /* XMLSEC_NO_DES */ #ifndef XMLSEC_NO_AES if(klass == xmlSecNssKeyDataAesId) { ! return(1); } #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_HMAC if(klass == xmlSecNssKeyDataHmacId) { ! return(1); } #endif /* XMLSEC_NO_HMAC */ --- 15,851 ---- #include #include + #include + #include + #include #include + #include #include #include #include #include #include + #include + #include /***************************************************************************** * ! * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey * ****************************************************************************/ ! typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; ! typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; ! ! struct _xmlSecNssSymKeyDataCtx { ! CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ ! PK11SlotInfo* slot ; /* the key resident slot */ ! PK11SymKey* symkey ; /* the symmetic key */ ! } ; ! ! #define xmlSecNssSymKeyDataSize \ ! ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) ! ! #define xmlSecNssSymKeyDataGetCtx( data ) \ ! ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) ! ! ! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); ! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, ! xmlSecKeyDataPtr src); ! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); ! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlNodePtr node, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlNodePtr node, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! const xmlSecByte* buf, ! xmlSecSize bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, ! xmlSecKeyPtr key, ! xmlSecByte** buf, ! xmlSecSize* bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx); ! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, ! xmlSecSize sizeBits, ! xmlSecKeyDataType type); ! ! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); ! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); ! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, ! FILE* output); ! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, ! FILE* output); ! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); #define xmlSecNssSymKeyDataCheckId(data) \ (xmlSecKeyDataIsValid((data)) && \ xmlSecNssSymKeyDataKlassCheck((data)->id)) + /** + * xmlSecNssSymKeyDataAdoptKey: + * @data: the pointer to symmetric key data. + * @symkey: the symmetric key + * + * Set the value of symmetric key data. + * + * Returns 0 on success or a negative value if an error occurs. + */ + int + xmlSecNssSymKeyDataAdoptKey( + xmlSecKeyDataPtr data , + PK11SymKey* symkey + ) { + xmlSecNssSymKeyDataCtxPtr context = NULL ; + + xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; + xmlSecAssert2( symkey != NULL, -1 ) ; + + context = xmlSecNssSymKeyDataGetCtx( data ) ; + xmlSecAssert2(context != NULL, -1); + + context->cipher = PK11_GetMechanism( symkey ) ; + + if( context->slot != NULL ) { + PK11_FreeSlot( context->slot ) ; + context->slot = NULL ; + } + context->slot = PK11_GetSlotFromKey( symkey ) ; + + if( context->symkey != NULL ) { + PK11_FreeSymKey( context->symkey ) ; + context->symkey = NULL ; + } + context->symkey = PK11_ReferenceSymKey( symkey ) ; + + return 0 ; + } + + xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( + PK11SymKey* symKey + ) { + xmlSecKeyDataPtr data = NULL ; + CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; + + xmlSecAssert2( symKey != NULL , NULL ) ; + + mechanism = PK11_GetMechanism( symKey ) ; + switch( mechanism ) { + case CKM_DES3_KEY_GEN : + case CKM_DES3_CBC : + case CKM_DES3_MAC : + data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyDataCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "xmlSecNssKeyDataDesId" ) ; + return NULL ; + } + break ; + case CKM_AES_KEY_GEN : + case CKM_AES_CBC : + case CKM_AES_MAC : + data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyDataCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "xmlSecNssKeyDataDesId" ) ; + return NULL ; + } + break ; + default : + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + "Unsupported mechanism" ) ; + return NULL ; + } + + if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataAdoptKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyDataDestroy( data ) ; + return NULL ; + } + + return data ; + } + + + PK11SymKey* + xmlSecNssSymKeyDataGetKey( + xmlSecKeyDataPtr data + ) { + xmlSecNssSymKeyDataCtxPtr ctx; + PK11SymKey* symkey ; + + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); + + ctx = xmlSecNssSymKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, NULL); + + if( ctx->symkey != NULL ) { + symkey = PK11_ReferenceSymKey( ctx->symkey ) ; + } else { + symkey = NULL ; + } + + return(symkey); + } + static int xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr ctx; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); ! xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); ! ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert2(ctx != NULL, -1); ! ! memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); ! ! /* Set the block cipher mechanism */ ! #ifndef XMLSEC_NO_DES ! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { ! ctx->cipher = CKM_DES3_KEY_GEN; ! } else ! #endif /* XMLSEC_NO_DES */ ! ! #ifndef XMLSEC_NO_AES ! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { ! ctx->cipher = CKM_AES_KEY_GEN; ! } else ! #endif /* XMLSEC_NO_AES */ ! ! if(1) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! "Unsupported block cipher" ) ; ! return(-1) ; ! } ! ! return(0); } static int xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecNssSymKeyDataCtxPtr ctxDst; + xmlSecNssSymKeyDataCtxPtr ctxSrc; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); xmlSecAssert2(dst->id == src->id, -1); ! ! ctxDst = xmlSecNssSymKeyDataGetCtx(dst); ! xmlSecAssert2(ctxDst != NULL, -1); ! ! ctxSrc = xmlSecNssSymKeyDataGetCtx(src); ! xmlSecAssert2(ctxSrc != NULL, -1); ! ! ctxDst->cipher = ctxSrc->cipher ; ! ! if( ctxSrc->slot != NULL ) { ! if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { ! PK11_FreeSlot( ctxDst->slot ) ; ! ctxDst->slot = NULL ; ! } ! ! if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) ! ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; ! } else { ! if( ctxDst->slot != NULL ) { ! PK11_FreeSlot( ctxDst->slot ) ; ! ctxDst->slot = NULL ; ! } ! } ! ! if( ctxSrc->symkey != NULL ) { ! if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { ! PK11_FreeSymKey( ctxDst->symkey ) ; ! ctxDst->symkey = NULL ; ! } ! ! if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) ! ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; ! } else { ! if( ctxDst->symkey != NULL ) { ! PK11_FreeSymKey( ctxDst->symkey ) ; ! ctxDst->symkey = NULL ; ! } ! } ! ! return(0); } static void xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr ctx; + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); ! ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert(ctx != NULL); ! ! if( ctx->slot != NULL ) { ! PK11_FreeSlot( ctx->slot ) ; ! ctx->slot = NULL ; ! } ! ! if( ctx->symkey != NULL ) { ! PK11_FreeSymKey( ctx->symkey ) ; ! ctx->symkey = NULL ; ! } ! ! ctx->cipher = CKM_INVALID_MECHANISM ; } static int xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ! PK11SymKey* symKey ; ! PK11SlotInfo* slot ; ! xmlSecBufferPtr keyBuf; ! xmlSecSize len; ! xmlSecKeyDataPtr data; ! xmlSecNssSymKeyDataCtxPtr ctx; ! SECItem keyItem ; ! int ret; ! ! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ! xmlSecAssert2(key != NULL, -1); ! xmlSecAssert2(node != NULL, -1); ! xmlSecAssert2(keyInfoCtx != NULL, -1); ! ! /* Create a new KeyData from a id */ ! data = xmlSecKeyDataCreate(id); ! if(data == NULL ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert2(ctx != NULL, -1); ! ! /* Create a buffer for raw symmetric key value */ ! if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecBufferCreate" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Read the raw key value */ ! if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBufferDestroy( keyBuf ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Get slot */ ! slot = xmlSecNssSlotGet(ctx->cipher); ! if( slot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssSlotGet" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBufferDestroy( keyBuf ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Wrap the raw key value SECItem */ ! keyItem.type = siBuffer ; ! keyItem.data = xmlSecBufferGetData( keyBuf ) ; ! keyItem.len = xmlSecBufferGetSize( keyBuf ) ; ! ! /* Import the raw key into slot temporalily and get the key handler*/ ! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; ! if( symKey == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "PK11_ImportSymKey" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! PK11_FreeSlot( slot ) ; ! xmlSecBufferDestroy( keyBuf ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! PK11_FreeSlot( slot ) ; ! ! /* raw key material has been copied into symKey, it isn't used any more */ ! xmlSecBufferDestroy( keyBuf ) ; ! /* Adopt the symmetric key into key data */ ! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyDataBinaryValueSetBuffer", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! PK11_FreeSymKey( symKey ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1); ! } ! /* symKey has been duplicated into data, it isn't used any more */ ! PK11_FreeSymKey( symKey ) ; ! ! /* Check value */ ! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyReqMatchKeyValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy( data ) ; ! return(0); ! } ! ! ret = xmlSecKeySetValue(key, data); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeySetValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy( data ) ; ! return(-1); ! } ! ! return(0); } static int xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { ! PK11SymKey* symKey ; ! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + /* Get symmetric key from "key" */ + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); + if( symKey != NULL ) { + SECItem* keyItem ; + xmlSecBufferPtr keyBuf ; + + /* Extract raw key data from symmetric key */ + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ExtractKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Get raw key data from "symKey" */ + keyItem = PK11_GetKeyData( symKey ) ; + if(keyItem == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_GetKeyData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Create key data buffer with raw kwy material */ + keyBuf = xmlSecBufferCreate(keyItem->len) ; + if(keyBuf == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; + + /* Write raw key material into current xml node */ + if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferBase64NodeContentWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferDestroy(keyBuf); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + xmlSecBufferDestroy(keyBuf); + PK11_FreeSymKey( symKey ) ; + } ! return 0 ; } static int xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ! const xmlSecByte* buf, xmlSecSize bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { ! PK11SymKey* symKey ; ! PK11SlotInfo* slot ; ! xmlSecKeyDataPtr data; ! xmlSecNssSymKeyDataCtxPtr ctx; ! SECItem keyItem ; ! int ret; ! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ! xmlSecAssert2(key != NULL, -1); ! xmlSecAssert2(buf != NULL, -1); ! xmlSecAssert2(bufSize != 0, -1); ! xmlSecAssert2(keyInfoCtx != NULL, -1); ! ! /* Create a new KeyData from a id */ ! data = xmlSecKeyDataCreate(id); ! if(data == NULL ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyDataCreate", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert2(ctx != NULL, -1); ! ! /* Get slot */ ! slot = xmlSecNssSlotGet(ctx->cipher); ! if( slot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssSlotGet" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Wrap the raw key value SECItem */ ! keyItem.type = siBuffer ; ! keyItem.data = buf ; ! keyItem.len = bufSize ; ! ! /* Import the raw key into slot temporalily and get the key handler*/ ! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; ! if( symKey == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "PK11_ImportSymKey" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSlot( slot ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1) ; ! } ! ! /* Adopt the symmetric key into key data */ ! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyDataBinaryValueSetBuffer", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSymKey( symKey ) ; ! PK11_FreeSlot( slot ) ; ! xmlSecKeyDataDestroy( data ) ; ! return(-1); ! } ! /* symKey has been duplicated into data, it isn't used any more */ ! PK11_FreeSymKey( symKey ) ; ! PK11_FreeSlot( slot ) ; ! ! /* Check value */ ! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeyReqMatchKeyValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy( data ) ; ! return(0); ! } ! ! ret = xmlSecKeySetValue(key, data); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecKeySetValue", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! xmlSecKeyDataDestroy( data ) ; ! return(-1); ! } ! ! return(0); } static int xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ! xmlSecByte** buf, xmlSecSize* bufSize, ! xmlSecKeyInfoCtxPtr keyInfoCtx) { ! PK11SymKey* symKey ; ! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(bufSize != 0, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + /* Get symmetric key from "key" */ + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); + if( symKey != NULL ) { + SECItem* keyItem ; + + /* Extract raw key data from symmetric key */ + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ExtractKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + /* Get raw key data from "symKey" */ + keyItem = PK11_GetKeyData( symKey ) ; + if(keyItem == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_GetKeyData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + *bufSize = keyItem->len; + *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); + if( *buf == NULL ) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey( symKey ) ; + return(-1); + } + + memcpy((*buf), keyItem->data, (*bufSize)); + PK11_FreeSymKey( symKey ) ; + } ! return 0 ; } static int xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { ! PK11SymKey* symkey ; ! PK11SlotInfo* slot ; ! xmlSecNssSymKeyDataCtxPtr ctx; ! int ret; ! xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); xmlSecAssert2(sizeBits > 0, -1); ! ctx = xmlSecNssSymKeyDataGetCtx(data); ! xmlSecAssert2(ctx != NULL, -1); ! ! if( sizeBits % 8 != 0 ) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! NULL, ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "Symmetric key size must be octuple"); ! return(-1); ! } ! ! /* Get slot */ ! slot = xmlSecNssSlotGet(ctx->cipher); ! if( slot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! "xmlSecNssSlotGet" , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1) ; ! } ! ! if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ! "PK11_Authenticate" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSlot( slot ) ; ! return -1 ; ! } ! ! symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; ! if( symkey == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ! "PK11_KeyGen" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSlot( slot ) ; ! return -1 ; ! } ! ! if( ctx->slot != NULL ) { ! PK11_FreeSlot( ctx->slot ) ; ! ctx->slot = NULL ; ! } ! ctx->slot = slot ; ! ! if( ctx->symkey != NULL ) { ! PK11_FreeSymKey( ctx->symkey ) ; ! ctx->symkey = NULL ; ! } ! ctx->symkey = symkey ; ! ! return 0 ; } static xmlSecKeyDataType xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { ! xmlSecNssSymKeyDataCtxPtr context = NULL ; ! xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; ! context = xmlSecNssSymKeyDataGetCtx( data ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ! "xmlSecNssSymKeyDataGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return xmlSecKeyDataTypeUnknown ; ! } ! ! if( context->symkey != NULL ) { ! type |= xmlSecKeyDataTypeSymmetric ; ! } else { ! type |= xmlSecKeyDataTypeUnknown ; ! } ! return type ; } static xmlSecSize xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { + xmlSecNssSymKeyDataCtxPtr context ; + unsigned int length = 0 ; + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); ! xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; ! ! context = xmlSecNssSymKeyDataGetCtx( data ) ; ! if( context == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ! "xmlSecNssSymKeyDataGetCtx" , ! XMLSEC_ERRORS_R_CRYPTO_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return 0 ; ! } ! ! if( context->symkey != NULL ) { ! length = PK11_GetKeyLength( context->symkey ) ; ! length *= 8 ; ! } ! ! return length ; } static void xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! /* print only size, everything else is sensitive */ ! fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , ! xmlSecKeyDataGetSize(data)) ; } static void xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); ! /* print only size, everything else is sensitive */ ! fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , ! xmlSecKeyDataGetSize(data)) ; } static int xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { #ifndef XMLSEC_NO_DES if(klass == xmlSecNssKeyDataDesId) { ! return(1); } #endif /* XMLSEC_NO_DES */ #ifndef XMLSEC_NO_AES if(klass == xmlSecNssKeyDataAesId) { ! return(1); } #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_HMAC if(klass == xmlSecNssKeyDataHmacId) { ! return(1); } #endif /* XMLSEC_NO_HMAC */ *************** *** 201,240 **** *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecKeyDataBinarySize, /* data */ xmlSecNameAESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefAESKeyValue, /* const xmlChar* href; */ ! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** --- 860,899 ---- *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecNssSymKeyDataSize, /* data */ xmlSecNameAESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefAESKeyValue, /* const xmlChar* href; */ ! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** *************** *** 251,259 **** /** * xmlSecNssKeyDataAesSet: ! * @data: the pointer to AES key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of AES key data. * --- 910,918 ---- /** * xmlSecNssKeyDataAesSet: ! * @data: the pointer to AES key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of AES key data. * *************** *** 282,321 **** *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecKeyDataBinarySize, /* data */ xmlSecNameDESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefDESKeyValue, /* const xmlChar* href; */ ! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** --- 941,980 ---- *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecNssSymKeyDataSize, /* data */ xmlSecNameDESKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefDESKeyValue, /* const xmlChar* href; */ ! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** *************** *** 332,340 **** /** * xmlSecNssKeyDataDesSet: ! * @data: the pointer to DES key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of DES key data. * --- 991,999 ---- /** * xmlSecNssKeyDataDesSet: ! * @data: the pointer to DES key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of DES key data. * *************** *** 364,403 **** *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecKeyDataBinarySize, /* data */ xmlSecNameHMACKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ ! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** --- 1023,1062 ---- *************************************************************************/ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { sizeof(xmlSecKeyDataKlass), ! xmlSecNssSymKeyDataSize, /* data */ xmlSecNameHMACKeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, ! /* xmlSecKeyDataUsage usage; */ ! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ ! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ ! xmlSecNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ ! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ ! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ ! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ ! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ ! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ ! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ ! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ ! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ ! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ ! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ ! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ ! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ ! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; /** *************** *** 414,422 **** /** * xmlSecNssKeyDataHmacSet: ! * @data: the pointer to HMAC key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of HMAC key data. * --- 1073,1081 ---- /** * xmlSecNssKeyDataHmacSet: ! * @data: the pointer to HMAC key data. ! * @buf: the pointer to key value. ! * @bufSize: the key value size (in bytes). * * Sets the value of HMAC key data. * *** misc/xmlsec1-1.2.6/src/nss/tokens.c 2006-05-08 12:20:35.687962000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2006-05-08 12:19:39.463184000 +0200 *************** *** 1 **** ! dummy --- 1,544 ---- ! /** ! * XMLSec library ! * ! * This is free software; see Copyright file in the source ! * distribution for preciese wording. ! * ! * Copyright.................................. ! * ! * Contributor(s): _____________________________ ! * ! */ ! ! /** ! * In order to ensure that particular crypto operation is performed on ! * particular crypto device, a subclass of xmlSecList is used to store slot and ! * mechanism information. ! * ! * In the list, a slot is bound with a mechanism. If the mechanism is available, ! * this mechanism only can perform on the slot; otherwise, it can perform on ! * every eligibl slot in the list. ! * ! * When try to find a slot for a particular mechanism, the slot bound with ! * avaliable mechanism will be looked up firstly. ! */ ! #include "globals.h" ! #include ! ! #include ! #include ! #include ! ! #include ! ! int ! xmlSecNssKeySlotSetMechList( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE_PTR mechanismList ! ) { ! int counter ; ! ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! if( keySlot->mechanismList != CK_NULL_PTR ) { ! xmlFree( keySlot->mechanismList ) ; ! ! for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ! keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ! if( keySlot->mechanismList == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ); ! } ! for( ; counter >= 0 ; counter -- ) ! *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; ! } ! ! return( 0 ); ! } ! ! int ! xmlSecNssKeySlotEnableMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE mechanism ! ) { ! int counter ; ! CK_MECHANISM_TYPE_PTR newList ; ! ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! if( mechanism != CKM_INVALID_MECHANISM ) { ! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ! newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ! if( newList == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ); ! } ! *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; ! *( newList + counter ) = mechanism ; ! for( counter -= 1 ; counter >= 0 ; counter -- ) ! *( newList + counter ) = *( keySlot->mechanismList + counter ) ; ! ! xmlFree( keySlot->mechanismList ) ; ! keySlot->mechanismList = newList ; ! } ! ! return(0); ! } ! ! int ! xmlSecNssKeySlotDisableMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE mechanism ! ) { ! int counter ; ! ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ! if( *( keySlot->mechanismList + counter ) == mechanism ) { ! for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ! *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; ! } ! ! break ; ! } ! } ! ! return(0); ! } ! ! CK_MECHANISM_TYPE_PTR ! xmlSecNssKeySlotGetMechList( ! xmlSecNssKeySlotPtr keySlot ! ) { ! if( keySlot != NULL ) ! return keySlot->mechanismList ; ! else ! return NULL ; ! } ! ! int ! xmlSecNssKeySlotSetSlot( ! xmlSecNssKeySlotPtr keySlot , ! PK11SlotInfo* slot ! ) { ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! if( slot != NULL && keySlot->slot != slot ) { ! if( keySlot->slot != NULL ) ! PK11_FreeSlot( keySlot->slot ) ; ! ! if( keySlot->mechanismList != NULL ) { ! xmlFree( keySlot->mechanismList ) ; ! keySlot->mechanismList = NULL ; ! } ! ! keySlot->slot = PK11_ReferenceSlot( slot ) ; ! } ! ! return(0); ! } ! ! int ! xmlSecNssKeySlotInitialize( ! xmlSecNssKeySlotPtr keySlot , ! PK11SlotInfo* slot ! ) { ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! xmlSecAssert2( keySlot->slot == NULL , -1 ) ; ! xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; ! ! if( slot != NULL ) { ! keySlot->slot = PK11_ReferenceSlot( slot ) ; ! } ! ! return(0); ! } ! ! void ! xmlSecNssKeySlotFinalize( ! xmlSecNssKeySlotPtr keySlot ! ) { ! xmlSecAssert( keySlot != NULL ) ; ! ! if( keySlot->mechanismList != NULL ) { ! xmlFree( keySlot->mechanismList ) ; ! keySlot->mechanismList = NULL ; ! } ! ! if( keySlot->slot != NULL ) { ! PK11_FreeSlot( keySlot->slot ) ; ! keySlot->slot = NULL ; ! } ! ! } ! ! PK11SlotInfo* ! xmlSecNssKeySlotGetSlot( ! xmlSecNssKeySlotPtr keySlot ! ) { ! if( keySlot != NULL ) ! return keySlot->slot ; ! else ! return NULL ; ! } ! ! xmlSecNssKeySlotPtr ! xmlSecNssKeySlotCreate() { ! xmlSecNssKeySlotPtr keySlot ; ! ! /* Allocates a new xmlSecNssKeySlot and fill the fields */ ! keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; ! if( keySlot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( NULL ); ! } ! memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; ! ! return( keySlot ) ; ! } ! ! int ! xmlSecNssKeySlotCopy( ! xmlSecNssKeySlotPtr newKeySlot , ! xmlSecNssKeySlotPtr keySlot ! ) { ! CK_MECHANISM_TYPE_PTR mech ; ! int counter ; ! ! xmlSecAssert2( newKeySlot != NULL , -1 ) ; ! xmlSecAssert2( keySlot != NULL , -1 ) ; ! ! if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { ! if( newKeySlot->slot != NULL ) ! PK11_FreeSlot( newKeySlot->slot ) ; ! ! newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; ! } ! ! if( keySlot->mechanismList != CK_NULL_PTR ) { ! xmlFree( newKeySlot->mechanismList ) ; ! ! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; ! newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; ! if( newKeySlot->mechanismList == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ); ! } ! for( ; counter >= 0 ; counter -- ) ! *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; ! } ! ! return( 0 ); ! } ! ! xmlSecNssKeySlotPtr ! xmlSecNssKeySlotDuplicate( ! xmlSecNssKeySlotPtr keySlot ! ) { ! xmlSecNssKeySlotPtr newKeySlot ; ! int ret ; ! ! xmlSecAssert2( keySlot != NULL , NULL ) ; ! ! newKeySlot = xmlSecNssKeySlotCreate() ; ! if( newKeySlot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( NULL ); ! } ! ! if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( NULL ); ! } ! ! return( newKeySlot ); ! } ! ! void ! xmlSecNssKeySlotDestroy( ! xmlSecNssKeySlotPtr keySlot ! ) { ! xmlSecAssert( keySlot != NULL ) ; ! ! if( keySlot->mechanismList != NULL ) ! xmlFree( keySlot->mechanismList ) ; ! ! if( keySlot->slot != NULL ) ! PK11_FreeSlot( keySlot->slot ) ; ! ! xmlFree( keySlot ) ; ! } ! ! int ! xmlSecNssKeySlotBindMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE type ! ) { ! int counter ; ! ! xmlSecAssert2( keySlot != NULL , 0 ) ; ! xmlSecAssert2( keySlot->slot != NULL , 0 ) ; ! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; ! ! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { ! if( *( keySlot->mechanismList + counter ) == type ) ! return(1) ; ! } ! ! return( 0 ) ; ! } ! ! int ! xmlSecNssKeySlotSupportMech( ! xmlSecNssKeySlotPtr keySlot , ! CK_MECHANISM_TYPE type ! ) { ! xmlSecAssert2( keySlot != NULL , 0 ) ; ! xmlSecAssert2( keySlot->slot != NULL , 0 ) ; ! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; ! ! if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { ! return(1); ! } else ! return(0); ! } ! ! void ! xmlSecNssKeySlotDebugDump( ! xmlSecNssKeySlotPtr keySlot , ! FILE* output ! ) { ! xmlSecAssert( keySlot != NULL ) ; ! xmlSecAssert( output != NULL ) ; ! ! fprintf( output, "== KEY SLOT\n" ); ! } ! ! void ! xmlSecNssKeySlotDebugXmlDump( ! xmlSecNssKeySlotPtr keySlot , ! FILE* output ! ) { ! } ! ! /** ! * Key Slot List ! */ ! static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { ! BAD_CAST "mechanism-list", ! (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, ! (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, ! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, ! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, ! }; ! ! xmlSecPtrListId ! xmlSecNssKeySlotListGetKlass(void) { ! return(&xmlSecNssKeySlotPtrListKlass); ! } ! ! ! /*- ! * Global PKCS#11 crypto token repository -- Key slot list ! */ ! static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; ! ! PK11SlotInfo* ! xmlSecNssSlotGet( ! CK_MECHANISM_TYPE type ! ) { ! PK11SlotInfo* slot = NULL ; ! xmlSecNssKeySlotPtr keySlot ; ! xmlSecSize ksSize ; ! xmlSecSize ksPos ; ! char flag ; ! ! if( _xmlSecNssKeySlotList == NULL ) { ! slot = PK11_GetBestSlot( type , NULL ) ; ! } else { ! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; ! ! /*- ! * Firstly, checking whether the mechanism is bound with a special slot. ! * If no bound slot, we try to find the first eligible slot in the list. ! */ ! for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { ! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; ! if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { ! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ! flag = 2 ; ! } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { ! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; ! flag = 1 ; ! } ! ! if( flag == 2 ) ! break ; ! } ! if( slot != NULL ) ! slot = PK11_ReferenceSlot( slot ) ; ! } ! ! if( slot != NULL && PK11_NeedLogin( slot ) ) { ! if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! PK11_FreeSlot( slot ) ; ! return( NULL ); ! } ! } ! ! return slot ; ! } ! ! int ! xmlSecNssSlotInitialize( ! void ! ) { ! if( _xmlSecNssKeySlotList != NULL ) { ! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; ! _xmlSecNssKeySlotList = NULL ; ! } ! ! _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; ! if( _xmlSecNssKeySlotList == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return( -1 ); ! } ! ! return(0); ! } ! ! void ! xmlSecNssSlotShutdown( ! void ! ) { ! if( _xmlSecNssKeySlotList != NULL ) { ! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; ! _xmlSecNssKeySlotList = NULL ; ! } ! } ! ! int ! xmlSecNssSlotAdopt( ! PK11SlotInfo* slot, ! CK_MECHANISM_TYPE type ! ) { ! xmlSecNssKeySlotPtr keySlot ; ! xmlSecSize ksSize ; ! xmlSecSize ksPos ; ! char flag ; ! ! xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; ! xmlSecAssert2( slot != NULL, -1 ) ; ! ! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; ! ! /*- ! * Firstly, checking whether the slot is in the repository already. ! */ ! flag = 0 ; ! for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { ! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; ! /* If find the slot in the list */ ! if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { ! /* If mechnism type is valid, bind the slot with the mechanism */ ! if( type != CKM_INVALID_MECHANISM ) { ! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! } ! ! flag = 1 ; ! } ! } ! ! /* If the slot do not in the list, add a new item to the list */ ! if( flag == 0 ) { ! /* Create a new KeySlot */ ! keySlot = xmlSecNssKeySlotCreate() ; ! if( keySlot == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return(-1); ! } ! ! /* Initialize the keySlot with a slot */ ! if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return(-1); ! } ! ! /* If mechnism type is valid, bind the slot with the mechanism */ ! if( type != CKM_INVALID_MECHANISM ) { ! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return(-1); ! } ! } ! ! /* Add keySlot into the list */ ! if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE , ! NULL , ! NULL , ! XMLSEC_ERRORS_R_XMLSEC_FAILED , ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecNssKeySlotDestroy( keySlot ) ; ! return(-1); ! } ! } ! ! return(0); ! } ! *** misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 05:53:09.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/x509.c 2006-05-08 12:19:39.484058000 +0200 *************** *** 34,40 **** #include #include #include - #include #include #include --- 34,39 ---- *************** *** 61,97 **** static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx); - static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf, xmlSecSize size); static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf); --- 60,80 ---- *************** *** 104,112 **** xmlSecKeyInfoCtxPtr keyInfoCtx); static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, int base64LineWrap); - static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); - static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); - static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, FILE* output); static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, --- 87,92 ---- *************** *** 378,384 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_NewCertList", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } --- 358,364 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_NewCertList", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } } *************** *** 389,395 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_AddCertToListTail", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ctx->numCerts++; --- 369,375 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_AddCertToListTail", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } ctx->numCerts++; *************** *** 588,594 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 568,574 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 627,633 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "SEC_DupCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } --- 607,613 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "SEC_DupCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } *************** *** 652,658 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); --- 632,638 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); *************** *** 752,782 **** xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; CERTCertificate* cert; CERTSignedCrl* crl; xmlSecSize size, pos; - int content = 0; - int ret; xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); ! content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); ! if (content < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecX509DataGetNodeContent", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "content=%d", content); ! return(-1); ! } else if(content == 0) { ! /* by default we are writing certificates and crls */ ! content = XMLSEC_X509DATA_DEFAULT; } - /* get x509 data */ data = xmlSecKeyGetData(key, id); if(data == NULL) { /* no x509 data in the key */ --- 732,753 ---- xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; + xmlNodePtr cur; + xmlChar* buf; CERTCertificate* cert; CERTSignedCrl* crl; xmlSecSize size, pos; xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); ! /* todo: flag in ctx remove all existing content */ ! if(0) { ! xmlNodeSetContent(node, NULL); } data = xmlSecKeyGetData(key, id); if(data == NULL) { /* no x509 data in the key */ *************** *** 795,874 **** "pos=%d", pos); return(-1); } ! ! if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ! ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509CertificateNodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } } ! ! if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ! ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509SubjectNameNodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } } ! if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ! ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509IssuerSerialNodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! } ! if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ! ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509SKINodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! } ! } ! /* write crls if needed */ ! if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { ! size = xmlSecNssKeyDataX509GetCrlsSize(data); ! for(pos = 0; pos < size; ++pos) { ! crl = xmlSecNssKeyDataX509GetCrl(data, pos); ! if(crl == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssKeyDataX509GetCrl", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! ! ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); ! if(ret < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509CRLNodeWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! } } return(0); --- 766,840 ---- "pos=%d", pos); return(-1); } ! ! /* set base64 lines size from context */ ! buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); ! if(buf == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509CertBase64DerWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } ! ! cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); ! if(cur == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); ! xmlFree(buf); ! return(-1); } + /* todo: add \n around base64 data - from context */ + /* todo: add errors check */ + xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, buf); + xmlFree(buf); + } ! /* write crls */ ! size = xmlSecNssKeyDataX509GetCrlsSize(data); ! for(pos = 0; pos < size; ++pos) { ! crl = xmlSecNssKeyDataX509GetCrl(data, pos); ! if(crl == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssKeyDataX509GetCrl", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "pos=%d", pos); ! return(-1); ! } ! /* set base64 lines size from context */ ! buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); ! if(buf == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecNssX509CrlBase64DerWrite", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); ! if(cur == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ! "xmlSecAddChild", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "new_node=%s", ! xmlSecErrorsSafeString(xmlSecNodeX509CRL)); ! xmlFree(buf); ! return(-1); ! } ! /* todo: add \n around base64 data - from context */ ! /* todo: add errors check */ ! xmlNodeSetContent(cur, xmlSecStringCR); ! xmlNodeSetContent(cur, buf); } return(0); *************** *** 1015,1033 **** xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); ! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { ! if(content != NULL) { ! xmlFree(content); ! } ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! return(0); } cert = xmlSecNssX509CertBase64DerRead(content); --- 981,993 ---- xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); ! if(content == NULL){ ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } cert = xmlSecNssX509CertBase64DerRead(content); *************** *** 1057,1102 **** return(0); } - static int - xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar* buf; - xmlNodePtr cur; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - - /* set base64 lines size from context */ - buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); - xmlFree(buf); - return(-1); - } - - /* todo: add \n around base64 data - from context */ - /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); - xmlNodeSetContent(cur, buf); - xmlFree(buf); - return(0); - } - static int xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; --- 1017,1022 ---- *************** *** 1120,1138 **** } subject = xmlNodeGetContent(node); ! if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { ! if(subject != NULL) { ! xmlFree(subject); ! } ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! return(0); } cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); --- 1040,1052 ---- } subject = xmlNodeGetContent(node); ! if(subject == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); *************** *** 1167,1206 **** return(0); } - static int - xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlChar* buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - buf = xmlSecNssX509NameWrite(&(cert->subject)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->subject))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); - xmlFree(buf); - return(-1); - } - xmlNodeSetContent(cur, buf); - xmlFree(buf); - return(0); - } - static int xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; --- 1081,1086 ---- *************** *** 1226,1246 **** } cur = xmlSecGetNextElementNode(node->children); ! if(cur == NULL) { ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), ! XMLSEC_ERRORS_R_NODE_NOT_FOUND, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); ! return(-1); ! } ! return(0); ! } ! /* the first is required node X509IssuerName */ ! if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), --- 1106,1114 ---- } cur = xmlSecGetNextElementNode(node->children); ! /* the first is required node X509IssuerName */ ! if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), *************** *** 1332,1409 **** return(0); } - static int - xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlNodePtr cur; - xmlNodePtr issuerNameNode; - xmlNodePtr issuerNumberNode; - xmlChar* buf; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); - return(-1); - } - - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); - if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); - return(-1); - } - - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); - if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); - return(-1); - } - - /* write data */ - buf = xmlSecNssX509NameWrite(&(cert->issuer)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->issuer))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlNodeSetContent(issuerNameNode, buf); - xmlFree(buf); - - buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - xmlNodeSetContent(issuerNumberNode, buf); - xmlFree(buf); - - return(0); - } - static int xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; --- 1200,1205 ---- *************** *** 1427,1446 **** } ski = xmlNodeGetContent(node); ! if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { ! if(ski != NULL) { ! xmlFree(ski); ! } ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeX509SKI)); ! return(-1); ! } ! return(0); } cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); --- 1223,1236 ---- } ski = xmlNodeGetContent(node); ! if(ski == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! "node=%s", ! xmlSecErrorsSafeString(xmlSecNodeX509SKI)); ! return(-1); } cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); *************** *** 1475,1515 **** return(0); } - static int - xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { - xmlChar *buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(cert != NULL, -1); - xmlSecAssert2(node != NULL, -1); - - buf = xmlSecNssX509SKIWrite(cert); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); - xmlFree(buf); - return(-1); - } - xmlNodeSetContent(cur, buf); - xmlFree(buf); - - return(0); - } - static int xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar *content; --- 1265,1270 ---- *************** *** 1520,1538 **** xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); ! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { ! if(content != NULL) { ! xmlFree(content); ! } ! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! return(0); } crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); --- 1275,1287 ---- xmlSecAssert2(keyInfoCtx != NULL, -1); content = xmlNodeGetContent(node); ! if(content == NULL){ ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), ! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); } crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); *************** *** 1552,1598 **** } static int - xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar* buf = NULL; - xmlNodePtr cur = NULL; - - xmlSecAssert2(crl != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - - /* set base64 lines size from context */ - buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); - if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); - xmlFree(buf); - return(-1); - } - /* todo: add \n around base64 data - from context */ - /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); - xmlNodeSetContent(cur, buf); - xmlFree(buf); - - return(0); - } - - - static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecNssX509DataCtxPtr ctx; --- 1301,1306 ---- *************** *** 1600,1605 **** --- 1308,1317 ---- int ret; SECStatus status; PRTime notBefore, notAfter; + + PK11SlotInfo* slot ; + SECKEYPublicKey *pubKey = NULL; + SECKEYPrivateKey *priKey = NULL; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); xmlSecAssert2(key != NULL, -1); *************** *** 1632,1641 **** xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(-1); } keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, --- 1344,1356 ---- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(-1); } + /*- + * Get Public key from cert, which does not always work for sign action. + * keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, *************** *** 1645,1650 **** --- 1360,1413 ---- XMLSEC_ERRORS_NO_MESSAGE); return(-1); } + */ + + /*- + * I'll search key according to KeyReq. + */ + slot = cert->slot ; + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { + if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "PK11_FindPrivateKeyFromCert" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return -1 ; + } + } + + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { + if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "CERT_ExtractPublicKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + if( priKey != NULL ) + SECKEY_DestroyPrivateKey( priKey ) ; + return -1 ; + } + } + + keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); + if( keyValue == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + if( priKey != NULL ) + SECKEY_DestroyPrivateKey( priKey ) ; + + if( pubKey != NULL ) + SECKEY_DestroyPublicKey( pubKey ) ; + + return -1 ; + } + /* Modify keyValue get Done */ /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { *************** *** 1725,1738 **** return(0); } - /** - * xmlSecNssX509CertGetKey: - * @cert: the certificate. - * - * Extracts public key from the @cert. - * - * Returns public key value or NULL if an error occurs. - */ xmlSecKeyDataPtr xmlSecNssX509CertGetKey(CERTCertificate* cert) { xmlSecKeyDataPtr data; --- 1488,1493 ---- *************** *** 1746,1752 **** NULL, "CERT_ExtractPublicKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } --- 1501,1507 ---- NULL, "CERT_ExtractPublicKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(NULL); } *************** *** 1804,1810 **** NULL, "__CERT_NewTempCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } --- 1559,1565 ---- NULL, "__CERT_NewTempCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(NULL); } *************** *** 1827,1833 **** NULL, "cert->derCert", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } --- 1582,1588 ---- NULL, "cert->derCert", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(NULL); } *************** *** 1890,1896 **** NULL, "PK11_GetInternalKeySlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return NULL; } --- 1645,1651 ---- NULL, "PK11_GetInternalKeySlot", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return NULL; } *************** *** 1905,1911 **** NULL, "PK11_ImportCRL", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); PK11_FreeSlot(slot); return(NULL); } --- 1660,1666 ---- NULL, "PK11_ImportCRL", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); PK11_FreeSlot(slot); return(NULL); } *************** *** 1929,1935 **** NULL, "crl->derCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } --- 1684,1690 ---- NULL, "crl->derCrl", XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); return(NULL); } *************** *** 1946,2031 **** return(res); } - static xmlChar* - xmlSecNssX509NameWrite(CERTName* nm) { - xmlChar *res = NULL; - char *str; - - xmlSecAssert2(nm != NULL, NULL); - - str = CERT_NameToAscii(nm); - if (str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_NameToAscii", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - - res = xmlStrdup(BAD_CAST str); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - PORT_Free(str); - return(NULL); - } - PORT_Free(str); - return(res); - } - - static xmlChar* - xmlSecNssASN1IntegerWrite(SECItem *num) { - xmlChar *res = NULL; - - xmlSecAssert2(num != NULL, NULL); - - /* TODO : to be implemented after - * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed - */ - return(res); - } - - static xmlChar* - xmlSecNssX509SKIWrite(CERTCertificate* cert) { - xmlChar *res = NULL; - SECItem ski; - SECStatus rv; - - xmlSecAssert2(cert != NULL, NULL); - - memset(&ski, 0, sizeof(ski)); - - rv = CERT_FindSubjectKeyIDExtension(cert, &ski); - if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_FindSubjectKeyIDExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - SECITEM_FreeItem(&ski, PR_FALSE); - return(NULL); - } - - res = xmlSecBase64Encode(ski.data, ski.len, 0); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - SECITEM_FreeItem(&ski, PR_FALSE); - return(NULL); - } - SECITEM_FreeItem(&ski, PR_FALSE); - - return(res); - } - - static void xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { SECItem *sn; --- 1701,1706 ---- *** misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 02:58:15.000000000 +0200 --- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2006-05-08 12:19:39.508316000 +0200 *************** *** 30,35 **** --- 30,36 ---- #include #include #include + #include #include #include *************** *** 43,50 **** typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, *xmlSecNssX509StoreCtxPtr; struct _xmlSecNssX509StoreCtx { ! CERTCertList* certsList; /* just keeping a reference to destroy later */ ! }; /**************************************************************************** * --- 44,51 ---- typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, *xmlSecNssX509StoreCtxPtr; struct _xmlSecNssX509StoreCtx { ! CERTCertList* certsList; /* just keeping a reference to destroy later */ ! }; /**************************************************************************** * *************** *** 54,98 **** * ***************************************************************************/ #define xmlSecNssX509StoreGetCtx(store) \ ! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ ! sizeof(xmlSecKeyDataStoreKlass))) #define xmlSecNssX509StoreSize \ ! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); - static int xmlSecNssX509NameStringRead (xmlSecByte **str, - int *strLen, - xmlSecByte *res, - int resLen, - xmlSecByte delim, - int ingoreTrailingSpaces); - static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, - int len); - - static void xmlSecNssNumToItem(SECItem *it, unsigned long num); static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { ! sizeof(xmlSecKeyDataStoreKlass), ! xmlSecNssX509StoreSize, ! /* data */ ! xmlSecNameX509Store, /* const xmlChar* name; */ ! ! /* constructors/destructor */ ! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ ! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ ! ! /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, ! xmlChar *issuerName, ! xmlChar *issuerSerial, ! xmlChar *ski); /** --- 55,90 ---- * ***************************************************************************/ #define xmlSecNssX509StoreGetCtx(store) \ ! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ ! sizeof(xmlSecKeyDataStoreKlass))) #define xmlSecNssX509StoreSize \ ! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); + static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { ! sizeof(xmlSecKeyDataStoreKlass), ! xmlSecNssX509StoreSize, ! /* data */ ! xmlSecNameX509Store, /* const xmlChar* name; */ ! ! /* constructors/destructor */ ! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ ! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ ! ! /* reserved for the future */ ! NULL, /* void* reserved0; */ ! NULL, /* void* reserved1; */ }; static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, ! xmlChar *issuerName, ! xmlChar *issuerSerial, ! xmlChar *ski); /** *************** *** 104,110 **** */ xmlSecKeyDataStoreId xmlSecNssX509StoreGetKlass(void) { ! return(&xmlSecNssX509StoreKlass); } /** --- 96,102 ---- */ xmlSecKeyDataStoreId xmlSecNssX509StoreGetKlass(void) { ! return(&xmlSecNssX509StoreKlass); } /** *************** *** 125,139 **** xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { ! xmlSecNssX509StoreCtxPtr ctx; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, NULL); ! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); } /** --- 117,131 ---- xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { ! xmlSecNssX509StoreCtxPtr ctx; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, NULL); ! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); } /** *************** *** 148,263 **** */ CERTCertificate * xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, ! xmlSecKeyInfoCtx* keyInfoCtx) { ! xmlSecNssX509StoreCtxPtr ctx; ! CERTCertListNode* head; ! CERTCertificate* cert = NULL; ! CERTCertListNode* head1; ! CERTCertificate* cert1 = NULL; ! SECStatus status = SECFailure; ! int64 timeboundary; ! int64 tmp1, tmp2; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ! xmlSecAssert2(certs != NULL, NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, NULL); ! ! for (head = CERT_LIST_HEAD(certs); ! !CERT_LIST_END(head, certs); ! head = CERT_LIST_NEXT(head)) { ! cert = head->cert; if(keyInfoCtx->certsVerificationTime > 0) { ! /* convert the time since epoch in seconds to microseconds */ ! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); ! tmp1 = (int64)PR_USEC_PER_SEC; ! tmp2 = timeboundary; ! LL_MUL(timeboundary, tmp1, tmp2); } else { ! timeboundary = PR_Now(); } /* if cert is the issuer of any other cert in the list, then it is * to be skipped */ for (head1 = CERT_LIST_HEAD(certs); ! !CERT_LIST_END(head1, certs); ! head1 = CERT_LIST_NEXT(head1)) { ! cert1 = head1->cert; ! if (cert1 == cert) { continue; ! } ! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) ! == SECEqual) { break; ! } } if (!CERT_LIST_END(head1, certs)) { ! continue; } ! ! status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), ! cert, PR_FALSE, ! (SECCertificateUsage)0, ! timeboundary , NULL, NULL, NULL); ! if (status == SECSuccess) { ! break; } - } ! if (status == SECSuccess) { return (cert); ! } ! ! switch(PORT_GetError()) { case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: case SEC_ERROR_CA_CERT_INVALID: case SEC_ERROR_UNKNOWN_SIGNER: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, ! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", ! cert->subjectName); ! break; case SEC_ERROR_EXPIRED_CERTIFICATE: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, ! "cert with subject name %s has expired", ! cert->subjectName); ! break; case SEC_ERROR_REVOKED_CERTIFICATE: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_REVOKED, ! "cert with subject name %s has been revoked", ! cert->subjectName); ! break; default: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, ! "cert with subject name %s could not be verified", ! cert->subjectName); ! break; ! } ! return (NULL); } /** * xmlSecNssX509StoreAdoptCert: ! * @store: the pointer to X509 key data store klass. ! * @cert: the pointer to NSS X509 certificate. ! * @type: the certificate type (trusted/untrusted). * * Adds trusted (root) or untrusted certificate to the store. * --- 140,269 ---- */ CERTCertificate * xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, ! xmlSecKeyInfoCtx* keyInfoCtx) { ! xmlSecNssX509StoreCtxPtr ctx; ! CERTCertListNode* head; ! CERTCertificate* cert = NULL; ! CERTCertListNode* head1; ! CERTCertificate* cert1 = NULL; ! SECStatus status = SECFailure; ! int64 timeboundary; ! int64 tmp1, tmp2; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); ! xmlSecAssert2(certs != NULL, NULL); ! xmlSecAssert2(keyInfoCtx != NULL, NULL); ! ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, NULL); ! ! for (head = CERT_LIST_HEAD(certs); ! !CERT_LIST_END(head, certs); ! head = CERT_LIST_NEXT(head)) { ! cert = head->cert; if(keyInfoCtx->certsVerificationTime > 0) { ! /* convert the time since epoch in seconds to microseconds */ ! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); ! tmp1 = (int64)PR_USEC_PER_SEC; ! tmp2 = timeboundary; ! LL_MUL(timeboundary, tmp1, tmp2); } else { ! timeboundary = PR_Now(); } /* if cert is the issuer of any other cert in the list, then it is * to be skipped */ for (head1 = CERT_LIST_HEAD(certs); ! !CERT_LIST_END(head1, certs); ! head1 = CERT_LIST_NEXT(head1)) { ! cert1 = head1->cert; ! if (cert1 == cert) { continue; ! } ! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) ! == SECEqual) { break; ! } } if (!CERT_LIST_END(head1, certs)) { ! continue; } ! /* JL: OpenOffice.org implements its own certificate verification routine. ! The goal is to seperate validation of the signature ! and the certificate. For example, OOo could show that the document signature is valid, ! but the certificate could not be verified. If we do not prevent the verification of ! the certificate by libxmlsec and the verification fails, then the XML signature may not be ! verified. This would happen, for example, if the root certificate is not installed. ! ! In the store schould only be the certificate from the X509Certificate element ! and the X509IssuerSerial element. The latter is only there ! if the certificate is installed. Both certificates must be the same! ! In case of writing the signature, the store contains only the certificate that ! was created based on the information from the X509IssuerSerial element. */ ! status = SECSuccess; ! break; ! /* status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), ! cert, PR_FALSE, ! (SECCertificateUsage)0, ! timeboundary , NULL, NULL, NULL); ! if (status == SECSuccess) { ! break; ! } */ } ! if (status == SECSuccess) { return (cert); ! } ! ! switch(PORT_GetError()) { case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: case SEC_ERROR_CA_CERT_INVALID: case SEC_ERROR_UNKNOWN_SIGNER: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, ! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", ! cert->subjectName); ! break; case SEC_ERROR_EXPIRED_CERTIFICATE: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, ! "cert with subject name %s has expired", ! cert->subjectName); ! break; case SEC_ERROR_REVOKED_CERTIFICATE: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_REVOKED, ! "cert with subject name %s has been revoked", ! cert->subjectName); ! break; default: ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! NULL, ! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, ! "cert with subject name %s could not be verified, errcode %d", ! cert->subjectName, ! PORT_GetError()); ! break; ! } ! return (NULL); } /** * xmlSecNssX509StoreAdoptCert: ! * @store: the pointer to X509 key data store klass. ! * @cert: the pointer to NSS X509 certificate. ! * @type: the certificate type (trusted/untrusted). * * Adds trusted (root) or untrusted certificate to the store. * *************** *** 265,331 **** */ int xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { ! xmlSecNssX509StoreCtxPtr ctx; ! int ret; ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ! xmlSecAssert2(cert != NULL, -1); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, -1); ! if(ctx->certsList == NULL) { ! ctx->certsList = CERT_NewCertList(); ! if(ctx->certsList == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CERT_NewCertList", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! } ! ! ret = CERT_AddCertToListTail(ctx->certsList, cert); ! if(ret != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CERT_AddCertToListTail", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(-1); ! } ! return(0); } static int xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { ! xmlSecNssX509StoreCtxPtr ctx; ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, -1); ! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); ! return(0); } static void xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { ! xmlSecNssX509StoreCtxPtr ctx; ! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert(ctx != NULL); ! ! if (ctx->certsList) { CERT_DestroyCertList(ctx->certsList); ctx->certsList = NULL; ! } ! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); } --- 271,337 ---- */ int xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { ! xmlSecNssX509StoreCtxPtr ctx; ! int ret; ! ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ! xmlSecAssert2(cert != NULL, -1); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, -1); ! if(ctx->certsList == NULL) { ! ctx->certsList = CERT_NewCertList(); ! if(ctx->certsList == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CERT_NewCertList", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! return(-1); ! } ! } ! ret = CERT_AddCertToListTail(ctx->certsList, cert); ! if(ret != SECSuccess) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ! "CERT_AddCertToListTail", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! return(-1); ! } ! return(0); } static int xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { ! xmlSecNssX509StoreCtxPtr ctx; ! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert2(ctx != NULL, -1); ! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); ! return(0); } static void xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { ! xmlSecNssX509StoreCtxPtr ctx; ! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); ! ctx = xmlSecNssX509StoreGetCtx(store); ! xmlSecAssert(ctx != NULL); ! ! if (ctx->certsList) { CERT_DestroyCertList(ctx->certsList); ctx->certsList = NULL; ! } ! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); } *************** *** 340,715 **** */ static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, ! xmlChar *issuerSerial, xmlChar *ski) { ! CERTCertificate *cert = NULL; ! xmlChar *p = NULL; ! CERTName *name = NULL; ! SECItem *nameitem = NULL; ! PRArenaPool *arena = NULL; ! ! if (subjectName != NULL) { ! p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); ! if (p == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssX509NameRead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "subject=%s", ! xmlSecErrorsSafeString(subjectName)); ! goto done; ! } ! ! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ! if (arena == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_NewArena", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! name = CERT_AsciiToName((char*)p); ! if (name == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_AsciiToName", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ! SEC_ASN1_GET(CERT_NameTemplate)); ! if (nameitem == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SEC_ASN1EncodeItem", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); ! goto done; ! } ! ! if((issuerName != NULL) && (issuerSerial != NULL)) { ! CERTIssuerAndSN issuerAndSN; ! ! p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); ! if (p == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssX509NameRead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "issuer=%s", ! xmlSecErrorsSafeString(issuerName)); ! goto done; ! } ! ! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ! if (arena == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_NewArena", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! name = CERT_AsciiToName((char*)p); ! if (name == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_AsciiToName", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ! SEC_ASN1_GET(CERT_NameTemplate)); ! if (nameitem == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SEC_ASN1EncodeItem", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! ! memset(&issuerAndSN, 0, sizeof(issuerAndSN)); ! issuerAndSN.derIssuer.data = nameitem->data; ! issuerAndSN.derIssuer.len = nameitem->len; ! /* TBD: serial num can be arbitrarily long */ ! xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); ! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), ! &issuerAndSN); ! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); ! goto done; ! } ! ! if(ski != NULL) { ! SECItem subjKeyID; ! int len; ! ! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); ! if(len < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBase64Decode", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "ski=%s", ! xmlSecErrorsSafeString(ski)); ! goto done; ! } ! ! memset(&subjKeyID, 0, sizeof(subjKeyID)); ! subjKeyID.data = ski; ! subjKeyID.len = xmlStrlen(ski); ! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), ! &subjKeyID); ! } ! done: ! if (p != NULL) { ! PORT_Free(p); ! } ! if (arena != NULL) { ! PORT_FreeArena(arena, PR_FALSE); ! } ! if (name != NULL) { ! CERT_DestroyName(name); ! } ! return(cert); ! } ! /** ! * xmlSecNssX509NameRead: ! */ ! static xmlSecByte * ! xmlSecNssX509NameRead(xmlSecByte *str, int len) { ! xmlSecByte name[256]; ! xmlSecByte value[256]; ! xmlSecByte *retval = NULL; ! xmlSecByte *p = NULL; ! int nameLen, valueLen; ! ! xmlSecAssert2(str != NULL, NULL); ! ! /* return string should be no longer than input string */ ! retval = (xmlSecByte *)PORT_Alloc(len+1); ! if(retval == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_Alloc", ! XMLSEC_ERRORS_R_MALLOC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! return(NULL); ! } ! p = retval; ! ! while(len > 0) { ! /* skip spaces after comma or semicolon */ ! while((len > 0) && isspace(*str)) { ! ++str; --len; ! } ! ! nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); ! if(nameLen < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecNssX509NameStringRead", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! memcpy(p, name, nameLen); ! p+=nameLen; ! *p++='='; ! if(len > 0) { ! ++str; --len; ! if((*str) == '\"') { ! valueLen = xmlSecNssX509NameStringRead(&str, &len, ! value, sizeof(value), '"', 1); ! if(valueLen < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecNssX509NameStringRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! /* skip spaces before comma or semicolon */ ! while((len > 0) && isspace(*str)) { ! ++str; --len; ! } ! if((len > 0) && ((*str) != ',')) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "comma is expected"); ! goto done; } ! if(len > 0) { ! ++str; --len; } ! *p++='\"'; ! memcpy(p, value, valueLen); ! p+=valueLen; ! *p++='\"'; ! } else if((*str) == '#') { ! /* TODO: read octect values */ ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "reading octect values is not implemented yet"); ! goto done; ! } else { ! valueLen = xmlSecNssX509NameStringRead(&str, &len, ! value, sizeof(value), ',', 1); ! if(valueLen < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecNssX509NameStringRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! XMLSEC_ERRORS_NO_MESSAGE); ! goto done; ! } ! memcpy(p, value, valueLen); ! p+=valueLen; ! if (len > 0) ! *p++=','; ! } ! } else { ! valueLen = 0; } ! if(len > 0) { ! ++str; --len; ! } ! } ! ! *p = 0; ! return(retval); ! done: ! PORT_Free(retval); ! return (NULL); } ! /** ! * xmlSecNssX509NameStringRead: ! */ ! static int ! xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, ! xmlSecByte *res, int resLen, ! xmlSecByte delim, int ingoreTrailingSpaces) { ! xmlSecByte *p, *q, *nonSpace; ! ! xmlSecAssert2(str != NULL, -1); ! xmlSecAssert2(strLen != NULL, -1); ! xmlSecAssert2(res != NULL, -1); ! ! p = (*str); ! nonSpace = q = res; ! while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { ! if((*p) != '\\') { ! if(ingoreTrailingSpaces && !isspace(*p)) { ! nonSpace = q; ! } ! *(q++) = *(p++); ! } else { ! ++p; ! nonSpace = q; ! if(xmlSecIsHex((*p))) { ! if((p - (*str) + 1) >= (*strLen)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "two hex digits expected"); ! return(-1); ! } ! *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); ! p += 2; ! } else { ! if(((++p) - (*str)) >= (*strLen)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_DATA, ! "escaped symbol missed"); ! return(-1); ! } ! *(q++) = *(p++); ! } ! } ! } ! if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! NULL, ! XMLSEC_ERRORS_R_INVALID_SIZE, ! "buffer is too small"); ! return(-1); ! } ! (*strLen) -= (p - (*str)); ! (*str) = p; ! return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); ! } ! /* code lifted from NSS */ ! static void ! xmlSecNssNumToItem(SECItem *it, unsigned long ui) ! { ! unsigned char bb[5]; ! int len; ! ! bb[0] = 0; ! bb[1] = (unsigned char) (ui >> 24); ! bb[2] = (unsigned char) (ui >> 16); ! bb[3] = (unsigned char) (ui >> 8); ! bb[4] = (unsigned char) (ui); ! ! /* ! ** Small integers are encoded in a single byte. Larger integers ! ** require progressively more space. ! */ ! if (ui > 0x7f) { ! if (ui > 0x7fff) { ! if (ui > 0x7fffffL) { ! if (ui >= 0x80000000L) { ! len = 5; ! } else { ! len = 4; ! } ! } else { ! len = 3; ! } ! } else { ! len = 2; ! } ! } else { ! len = 1; ! } ! ! it->data = (unsigned char *)PORT_Alloc(len); ! if (it->data == NULL) { ! return; ! } ! it->len = len; ! PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); } - #endif /* XMLSEC_NO_X509 */ --- 346,558 ---- */ static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, ! xmlChar *issuerSerial, xmlChar *ski) { ! CERTCertificate *cert = NULL; ! CERTName *name = NULL; ! SECItem *nameitem = NULL; ! PRArenaPool *arena = NULL; ! ! if (subjectName != NULL) { ! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ! if (arena == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_NewArena", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; ! } ! name = CERT_AsciiToName((char*)subjectName); ! if (name == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "CERT_AsciiToName", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; ! } ! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ! SEC_ASN1_GET(CERT_NameTemplate)); ! if (nameitem == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SEC_ASN1EncodeItem", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; ! } ! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); ! goto done; ! } ! if((issuerName != NULL) && (issuerSerial != NULL)) { ! CERTIssuerAndSN issuerAndSN; ! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); ! if (arena == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_NewArena", ! XMLSEC_ERRORS_R_CRYPTO_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; ! } ! name = CERT_AsciiToName((char*)issuerName); ! if (name == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "CERT_AsciiToName", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; } ! ! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, ! SEC_ASN1_GET(CERT_NameTemplate)); ! if (nameitem == NULL) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "SEC_ASN1EncodeItem", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "error code=%d", PORT_GetError()); ! goto done; } ! ! memset(&issuerAndSN, 0, sizeof(issuerAndSN)); ! ! issuerAndSN.derIssuer.data = nameitem->data; ! issuerAndSN.derIssuer.len = nameitem->len; ! ! if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { ! xmlSecError(XMLSEC_ERRORS_HERE, NULL, ! "xmlSecNssIntegerToItem", XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "serial number=%s", ! xmlSecErrorsSafeString(issuerSerial)); ! goto done; ! } ! ! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), ! &issuerAndSN); ! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); ! goto done; ! } ! ! if(ski != NULL) { ! SECItem subjKeyID; ! int len; ! ! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); ! if(len < 0) { ! xmlSecError(XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBase64Decode", ! XMLSEC_ERRORS_R_XMLSEC_FAILED, ! "ski=%s", ! xmlSecErrorsSafeString(ski)); ! goto done; ! } ! ! memset(&subjKeyID, 0, sizeof(subjKeyID)); ! subjKeyID.data = ski; ! subjKeyID.len = xmlStrlen(ski); ! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), ! &subjKeyID); } ! done: ! if (arena != NULL) { ! PORT_FreeArena(arena, PR_FALSE); ! } ! if (name != NULL) { ! CERT_DestroyName(name); ! } ! ! return(cert); } + static int + xmlSecNssIntegerToItem( + const xmlChar* integer , + SECItem *item + ) { + xmlSecBn bn ; + xmlSecSize i, length ; + const xmlSecByte* bnInteger ; + xmlSecAssert2( integer != NULL, -1 ) ; + xmlSecAssert2( item != NULL, -1 ) ; ! if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnInitialize", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! return -1 ; ! } ! if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnFromDecString", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBnFinalize( &bn ) ; ! return -1 ; ! } ! ! length = xmlSecBnGetSize( &bn ) ; ! if( length <= 0 ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnGetSize", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBnFinalize( &bn ) ; ! return -1 ; ! } ! ! bnInteger = xmlSecBnGetData( &bn ) ; ! if( bnInteger == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "xmlSecBnGetData", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! xmlSecBnFinalize( &bn ) ; ! return -1 ; ! } ! ! item->data = ( unsigned char * )PORT_Alloc( length ); ! if( item->data == NULL ) { ! xmlSecError( XMLSEC_ERRORS_HERE, ! NULL, ! "PORT_Alloc", ! XMLSEC_ERRORS_R_INVALID_DATA, ! XMLSEC_ERRORS_NO_MESSAGE ) ; ! ! xmlSecBnFinalize( &bn ) ; ! return -1 ; ! } ! ! item->len = length; ! ! for( i = 0 ; i < length ; i ++ ) ! item->data[i] = *( bnInteger + i ) ; ! ! xmlSecBnFinalize( &bn ) ; ! ! return 0 ; } + #endif /* XMLSEC_NO_X509 */ *** misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 16:35:12.000000000 +0200 --- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2006-05-08 12:19:39.522849000 +0200 *************** *** 223,228 **** --- 223,232 ---- $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj XMLSEC_NSS_OBJS = \ + $(XMLSEC_NSS_INTDIR)\akmngr.obj\ + $(XMLSEC_NSS_INTDIR)\keytrans.obj\ + $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ + $(XMLSEC_NSS_INTDIR)\tokens.obj\ $(XMLSEC_NSS_INTDIR)\app.obj\ $(XMLSEC_NSS_INTDIR)\bignum.obj\ $(XMLSEC_NSS_INTDIR)\ciphers.obj \ *************** *** 235,243 **** $(XMLSEC_NSS_INTDIR)\x509.obj\ $(XMLSEC_NSS_INTDIR)\x509vfy.obj\ $(XMLSEC_NSS_INTDIR)\keysstore.obj\ - $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\ - $(XMLSEC_NSS_INTDIR)\kw_des.obj\ - $(XMLSEC_NSS_INTDIR)\kw_aes.obj\ $(XMLSEC_NSS_INTDIR)\strings.obj XMLSEC_NSS_OBJS_A = \ $(XMLSEC_NSS_INTDIR_A)\app.obj\ --- 239,244 ---- *************** *** 258,263 **** --- 259,265 ---- $(XMLSEC_NSS_INTDIR_A)\strings.obj XMLSEC_MSCRYPTO_OBJS = \ + $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ *************** *** 376,382 **** XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib ! XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib --- 378,384 ---- XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib ! XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib