office-gobmx/libxmlsec/xmlsec1-1.2.6.patch
Rüdiger Timm 4af1a4779e INTEGRATION: CWS nojava3 (1.6.2); FILE MERGED
2005/08/09 15:17:40 rene 1.6.2.1: #i51542# fix system-libxml2 build. patches by maxweber (libxmlsec) and
fridrich_strba (scp2)
2005-08-18 06:24:35 +00:00

14012 lines
413 KiB
Diff

*** misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 08:00:30.000000000 +0200
--- misc/build/xmlsec1-1.2.6/apps/Makefile.in 2005-05-09 19:54:13.132635976 +0200
***************
*** 370,376 ****
$(CRYPTO_DEPS) \
$(NULL)
! all: all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
--- 370,376 ----
$(CRYPTO_DEPS) \
$(NULL)
! all:
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
*** misc/xmlsec1-1.2.6/configure 2004-08-26 08:00:34.000000000 +0200
--- misc/build/xmlsec1-1.2.6/configure 2005-05-09 19:54:13.176632266 +0200
***************
*** 24598,24604 ****
fi
LIBXML_MIN_VERSION="2.4.2"
! LIBXML_CONFIG="xml2-config"
LIBXML_CFLAGS=""
LIBXML_LIBS=""
LIBXML_FOUND="no"
--- 24598,24604 ----
fi
LIBXML_MIN_VERSION="2.4.2"
! LIBXML_CONFIG="./libxml2-config"
LIBXML_CFLAGS=""
LIBXML_LIBS=""
LIBXML_FOUND="no"
***************
*** 25682,25688 ****
NSPR_MIN_VERSION="4.0"
NSS_CFLAGS=""
NSS_LIBS=""
! NSS_LIBS_LIST="-lnss3 -lsmime3"
NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
NSS_CRYPTO_LIB="$PACKAGE-nss"
NSS_FOUND="no"
--- 25682,25688 ----
NSPR_MIN_VERSION="4.0"
NSS_CFLAGS=""
NSS_LIBS=""
! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
NSS_CRYPTO_LIB="$PACKAGE-nss"
NSS_FOUND="no"
***************
*** 25817,25824 ****
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
fi
! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
--- 25817,25824 ----
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
fi
! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
***************
*** 25853,25859 ****
done
for dir in $ac_nss_lib_dir ; do
! if test -f $dir/libnspr4.so ; then
if test "z$dir" = "z/usr/lib" ; then
NSPR_LIBS="$NSPR_LIBS_LIST"
else
--- 25853,25859 ----
done
for dir in $ac_nss_lib_dir ; do
! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
if test "z$dir" = "z/usr/lib" ; then
NSPR_LIBS="$NSPR_LIBS_LIST"
else
***************
*** 25939,25945 ****
done
for dir in $ac_nss_lib_dir ; do
! if test -f $dir/libnss3.so ; then
if test "z$dir" = "z/usr/lib" ; then
NSS_LIBS="$NSS_LIBS_LIST"
else
--- 25939,25945 ----
done
for dir in $ac_nss_lib_dir ; do
! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
if test "z$dir" = "z/usr/lib" ; then
NSS_LIBS="$NSS_LIBS_LIST"
else
*** misc/xmlsec1-1.2.6/configure.in 2004-08-26 04:49:24.000000000 +0200
--- misc/build/xmlsec1-1.2.6/configure.in 2005-05-09 19:54:13.179632013 +0200
***************
*** 143,149 ****
dnl find libxml
dnl ==========================================================================
LIBXML_MIN_VERSION="2.4.2"
! LIBXML_CONFIG="xml2-config"
LIBXML_CFLAGS=""
LIBXML_LIBS=""
LIBXML_FOUND="no"
--- 143,149 ----
dnl find libxml
dnl ==========================================================================
LIBXML_MIN_VERSION="2.4.2"
! LIBXML_CONFIG="./libxml2-config"
LIBXML_CFLAGS=""
LIBXML_LIBS=""
LIBXML_FOUND="no"
***************
*** 507,513 ****
NSPR_MIN_VERSION="4.0"
NSS_CFLAGS=""
NSS_LIBS=""
! NSS_LIBS_LIST="-lnss3 -lsmime3"
NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
NSS_CRYPTO_LIB="$PACKAGE-nss"
NSS_FOUND="no"
--- 507,513 ----
NSPR_MIN_VERSION="4.0"
NSS_CFLAGS=""
NSS_LIBS=""
! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
NSS_CRYPTO_LIB="$PACKAGE-nss"
NSS_FOUND="no"
***************
*** 534,541 ****
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
fi
! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
NSPR_INCLUDES_FOUND="no"
--- 534,541 ----
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
fi
! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
NSPR_INCLUDES_FOUND="no"
***************
*** 570,576 ****
done
for dir in $ac_nss_lib_dir ; do
! if test -f $dir/libnspr4.so ; then
dnl do not add -L/usr/lib because compiler does it anyway
if test "z$dir" = "z/usr/lib" ; then
NSPR_LIBS="$NSPR_LIBS_LIST"
--- 570,576 ----
done
for dir in $ac_nss_lib_dir ; do
! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
dnl do not add -L/usr/lib because compiler does it anyway
if test "z$dir" = "z/usr/lib" ; then
NSPR_LIBS="$NSPR_LIBS_LIST"
***************
*** 641,647 ****
done
for dir in $ac_nss_lib_dir ; do
! if test -f $dir/libnss3.so ; then
dnl do not add -L/usr/lib because compiler does it anyway
if test "z$dir" = "z/usr/lib" ; then
NSS_LIBS="$NSS_LIBS_LIST"
--- 641,647 ----
done
for dir in $ac_nss_lib_dir ; do
! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
dnl do not add -L/usr/lib because compiler does it anyway
if test "z$dir" = "z/usr/lib" ; then
NSS_LIBS="$NSS_LIBS_LIST"
*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2005-05-09 19:55:57.192859540 +0200
--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2005-05-09 19:54:13.180631929 +0200
***************
*** 1 ****
! dummy
--- 1,71 ----
! /**
! * XMLSec library
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright ..........................
! */
! #ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
! #define __XMLSEC_MSCRYPTO_AKMNGR_H__
!
! #include <windows.h>
! #include <wincrypt.h>
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/keys.h>
! #include <xmlsec/transforms.h>
!
! #ifdef __cplusplus
! extern "C" {
! #endif /* __cplusplus */
!
! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
! xmlSecMSCryptoAppliedKeysMngrCreate(
! HCERTSTORE keyStore ,
! HCERTSTORE certStore
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! HCRYPTKEY symKey
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! HCRYPTKEY pubKey
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! HCRYPTKEY priKey
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
! xmlSecKeysMngrPtr mngr ,
! HCERTSTORE keyStore
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
! xmlSecKeysMngrPtr mngr ,
! HCERTSTORE trustedStore
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
! xmlSecKeysMngrPtr mngr ,
! HCERTSTORE untrustedStore
! ) ;
!
! #ifdef __cplusplus
! }
! #endif /* __cplusplus */
!
! #endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
!
!
*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 08:12:46.000000000 +0200
--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2005-05-09 19:54:13.180631929 +0200
***************
*** 77,82 ****
--- 77,97 ----
PCCERT_CONTEXT cert,
xmlSecKeyDataType type);
+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore (
+ xmlSecKeyDataStorePtr store,
+ HCERTSTORE keyStore
+ ) ;
+
+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore (
+ xmlSecKeyDataStorePtr store,
+ HCERTSTORE trustedStore
+ ) ;
+
+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore (
+ xmlSecKeyDataStorePtr store,
+ HCERTSTORE untrustedStore
+ ) ;
+
#endif /* XMLSEC_NO_X509 */
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2005-05-09 19:55:57.148863251 +0200
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2005-05-09 19:54:13.181631844 +0200
***************
*** 1 ****
! dummy
--- 1,55 ----
! /**
! * XMLSec library
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright ..........................
! */
! #ifndef __XMLSEC_NSS_AKMNGR_H__
! #define __XMLSEC_NSS_AKMNGR_H__
!
! #include <nss.h>
! #include <nspr.h>
! #include <pk11func.h>
! #include <cert.h>
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/keys.h>
! #include <xmlsec/transforms.h>
!
! #ifdef __cplusplus
! extern "C" {
! #endif /* __cplusplus */
!
! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
! xmlSecNssAppliedKeysMngrCreate(
! PK11SlotInfo* slot ,
! CERTCertDBHandle* handler
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssAppliedKeysMngrSymKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! PK11SymKey* symKey
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssAppliedKeysMngrPubKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! SECKEYPublicKey* pubKey
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssAppliedKeysMngrPriKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! SECKEYPrivateKey* priKey
! ) ;
!
! #ifdef __cplusplus
! }
! #endif /* __cplusplus */
!
! #endif /* __XMLSEC_NSS_AKMNGR_H__ */
!
!
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-12 22:06:14.000000000 +0100
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2005-05-09 19:54:13.181631844 +0200
***************
*** 22,27 ****
--- 22,30 ----
#include <xmlsec/keysmngr.h>
#include <xmlsec/transforms.h>
+ #include <xmlsec/nss/tokens.h>
+ #include <xmlsec/nss/akmngr.h>
+
/**
* Init/shutdown
*/
***************
*** 34,39 ****
--- 37,44 ----
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr,
xmlSecKeyPtr key);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
+ xmlSecNssKeySlotPtr keySlot);
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
const char* uri);
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2005-05-09 19:55:57.165861817 +0200
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2005-05-09 19:54:13.182631760 +0200
***************
*** 1 ****
! dummy
--- 1,35 ----
! /**
! * XMLSec library
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright ..........................
! */
! #ifndef __XMLSEC_NSS_CIPHERS_H__
! #define __XMLSEC_NSS_CIPHERS_H__
!
! #ifdef __cplusplus
! extern "C" {
! #endif /* __cplusplus */
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/keys.h>
! #include <xmlsec/transforms.h>
!
!
! XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
! PK11SymKey* symkey ) ;
!
! XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
!
! XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
!
!
! #ifdef __cplusplus
! }
! #endif /* __cplusplus */
!
! #endif /* __XMLSEC_NSS_CIPHERS_H__ */
!
!
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-12 22:06:14.000000000 +0100
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2005-05-09 19:54:13.183631676 +0200
***************
*** 264,269 ****
--- 264,278 ----
xmlSecNssTransformRsaPkcs1GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void);
+ /**
+ * xmlSecNssTransformRsaOaepId:
+ *
+ * The RSA OAEP key transport transform klass.
+ */
+ #define xmlSecNssTransformRsaOaepId \
+ xmlSecNssTransformRsaOaepGetKlass()
+ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
+
#endif /* XMLSEC_NO_RSA */
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 04:46:35.000000000 +0200
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2005-05-09 19:54:13.183631676 +0200
***************
*** 16,21 ****
--- 16,23 ----
#endif /* __cplusplus */
#include <xmlsec/xmlsec.h>
+ #include <xmlsec/keysmngr.h>
+ #include <xmlsec/nss/tokens.h>
/****************************************************************************
*
***************
*** 31,36 ****
--- 33,40 ----
XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
xmlSecKeyPtr key);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
+ xmlSecNssKeySlotPtr keySlot);
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
const char *uri,
xmlSecKeysMngrPtr keysMngr);
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 04:46:35.000000000 +0200
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2005-05-09 19:54:13.184631591 +0200
***************
*** 3,8 ****
--- 3,9 ----
xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
xmlsecnssinc_HEADERS = \
+ akmngr.h \
app.h \
crypto.h \
symbols.h \
***************
*** 10,15 ****
--- 11,18 ----
keysstore.h \
pkikeys.h \
x509.h \
+ tokens.h \
+ ciphers.h \
$(NULL)
install-exec-hook:
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 08:00:31.000000000 +0200
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2005-05-09 19:54:13.184631591 +0200
***************
*** 273,278 ****
--- 273,279 ----
NULL =
xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
xmlsecnssinc_HEADERS = \
+ akmngr.h \
app.h \
crypto.h \
symbols.h \
***************
*** 280,285 ****
--- 281,288 ----
keysstore.h \
pkikeys.h \
x509.h \
+ tokens.h \
+ ciphers.h \
$(NULL)
all: all-am
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2005-05-09 19:55:57.178860721 +0200
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2005-05-09 19:54:13.185631507 +0200
***************
*** 1 ****
! dummy
--- 1,182 ----
! /**
! * XMLSec library
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
! *
! * Contributor(s): _____________________________
! *
! */
! #ifndef __XMLSEC_NSS_TOKENS_H__
! #define __XMLSEC_NSS_TOKENS_H__
!
! #include <string.h>
!
! #include <nss.h>
! #include <pk11func.h>
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/list.h>
!
! #ifdef __cplusplus
! extern "C" {
! #endif /* __cplusplus */
!
! /**
! * xmlSecNssKeySlotListId
! *
! * The crypto mechanism list klass
! */
! #define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
! XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
!
! /*******************************************
! * KeySlot interfaces
! *******************************************/
! /**
! * Internal NSS key slot data
! * @mechanismList: the mechanisms that the slot bound with.
! * @slot: the pkcs slot
! *
! * This context is located after xmlSecPtrList
! */
! typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
! typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
!
! struct _xmlSecNssKeySlot {
! CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
! PK11SlotInfo* slot ;
! } ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssKeySlotSetMechList(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE_PTR mechanismList
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssKeySlotEnableMech(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE mechanism
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssKeySlotDisableMech(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE mechanism
! ) ;
!
! XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
! xmlSecNssKeySlotGetMechList(
! xmlSecNssKeySlotPtr keySlot
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssKeySlotSetSlot(
! xmlSecNssKeySlotPtr keySlot ,
! PK11SlotInfo* slot
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssKeySlotInitialize(
! xmlSecNssKeySlotPtr keySlot ,
! PK11SlotInfo* slot
! ) ;
!
! XMLSEC_CRYPTO_EXPORT void
! xmlSecNssKeySlotFinalize(
! xmlSecNssKeySlotPtr keySlot
! ) ;
!
! XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
! xmlSecNssKeySlotGetSlot(
! xmlSecNssKeySlotPtr keySlot
! ) ;
!
! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
! xmlSecNssKeySlotCreate() ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssKeySlotCopy(
! xmlSecNssKeySlotPtr newKeySlot ,
! xmlSecNssKeySlotPtr keySlot
! ) ;
!
! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
! xmlSecNssKeySlotDuplicate(
! xmlSecNssKeySlotPtr keySlot
! ) ;
!
! XMLSEC_CRYPTO_EXPORT void
! xmlSecNssKeySlotDestroy(
! xmlSecNssKeySlotPtr keySlot
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssKeySlotBindMech(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE type
! ) ;
!
! XMLSEC_CRYPTO_EXPORT int
! xmlSecNssKeySlotSupportMech(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE type
! ) ;
!
!
! /************************************************************************
! * PKCS#11 crypto token interfaces
! *
! * A PKCS#11 slot repository will be defined internally. From the
! * repository, a user can specify a particular slot for a certain crypto
! * mechanism.
! *
! * In some situation, some cryptographic operation should act in a user
! * designated devices. The interfaces defined here provide the way. If
! * the user do not initialize the repository distinctly, the interfaces
! * use the default functions provided by NSS itself.
! *
! ************************************************************************/
! /**
! * Initialize NSS pkcs#11 slot repository
! *
! * Returns 0 if success or -1 if an error occurs.
! */
! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
!
! /**
! * Shutdown and destroy NSS pkcs#11 slot repository
! */
! XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
!
! /**
! * Get PKCS#11 slot handler
! * @type the mechanism that the slot must support.
! *
! * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
! *
! * Notes: The returned handler must be destroied distinctly.
! */
! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
!
! /**
! * Adopt a pkcs#11 slot with a mechanism into the repository
! * @slot: the pkcs#11 slot.
! * @mech: the mechanism.
! *
! * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
! * this mechanism only can perform on the @slot.
! *
! * Returns 0 if success or -1 if an error occurs.
! */
! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
!
! #ifdef __cplusplus
! }
! #endif /* __cplusplus */
!
! #endif /* __XMLSEC_NSS_TOKENS_H__ */
!
*** misc/xmlsec1-1.2.6/libxml2-config 2005-05-09 19:55:57.284851780 +0200
--- misc/build/xmlsec1-1.2.6/libxml2-config 2005-05-09 19:54:13.186631423 +0200
***************
*** 1 ****
! dummy
--- 1,48 ----
! #! /bin/sh
!
! if test "$SYSTEM_LIBXML" = "YES"
! then xml2-config "$@"; exit 0
! fi
!
! prefix=${SOLARVERSION}/${INPATH}
! includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external
! libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}
!
! while test $# -gt 0; do
! case "$1" in
! -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
! *) optarg= ;;
! esac
!
! case "$1" in
! --prefix=*)
! prefix=$optarg
! includedir=$prefix/include
! libdir=$prefix/lib
! ;;
!
! --prefix)
! echo $prefix
! ;;
!
! --version)
! echo 2.5.4
! exit 0
! ;;
!
! --cflags)
! echo -I${includedir}
! ;;
!
! --libs)
! echo -L${libdir} -lxml2 -lz -lm
! ;;
!
! *)
! exit 1
! ;;
! esac
! shift
! done
!
! exit 0
*** misc/xmlsec1-1.2.6/ltmain.sh 2004-08-26 08:00:15.000000000 +0200
--- misc/build/xmlsec1-1.2.6/ltmain.sh 2005-05-09 19:55:51.745319024 +0200
***************
*** 2994,3006 ****
;;
freebsd-aout)
! major=".$current"
! versuffix=".$current.$revision";
;;
freebsd-elf)
! major=".$current"
! versuffix=".$current";
;;
irix | nonstopux)
--- 2994,3006 ----
;;
freebsd-aout)
! major=.`expr $current - $age`
! versuffix="$major.$age.$revision"
;;
freebsd-elf)
! major=.`expr $current - $age`
! versuffix="$major.$age.$revision"
;;
irix | nonstopux)
***************
*** 3564,3570 ****
fi
else
eval flag=\"$hardcode_libdir_flag_spec\"
! dep_rpath="$dep_rpath $flag"
fi
elif test -n "$runpath_var"; then
case "$perm_rpath " in
--- 3564,3571 ----
fi
else
eval flag=\"$hardcode_libdir_flag_spec\"
! # what the ...
! # dep_rpath="$dep_rpath $flag"
fi
elif test -n "$runpath_var"; then
case "$perm_rpath " in
*** misc/xmlsec1-1.2.6/src/bn.c 2004-06-21 20:33:27.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/bn.c 2005-05-09 19:54:13.188631254 +0200
***************
*** 170,177 ****
*/
int
xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
! xmlSecSize i, len;
xmlSecByte ch;
int nn;
int ret;
--- 170,179 ----
*/
int
xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
! xmlSecSize i, len, size;
xmlSecByte ch;
+ xmlSecByte* data;
+ int positive;
int nn;
int ret;
***************
*** 183,189 ****
/* trivial case */
len = xmlStrlen(str);
if(len == 0) {
! return(0);
}
/* The result size could not exceed the input string length
--- 185,191 ----
/* trivial case */
len = xmlStrlen(str);
if(len == 0) {
! return(0);
}
/* The result size could not exceed the input string length
***************
*** 191,244 ****
* In truth, it would be likely less than 1/2 input string length
* because each byte is represented by 2 chars. If needed,
* buffer size would be increased by Mul/Add functions.
*/
! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1);
if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnRevLookupTable",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", len / 2 + 1);
! return (-1);
}
! for(i = 0; i < len; i++) {
! ch = str[i];
! if(isspace(ch)) {
! continue;
! }
!
! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
! nn = xmlSecBnLookupTable[ch];
! if((nn < 0) || ((xmlSecSize)nn > base)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "char=%c;base=%d",
! ch, base);
! return (-1);
! }
!
! ret = xmlSecBnMul(bn, base);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnMul",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "base=%d", base);
! return (-1);
! }
!
! ret = xmlSecBnAdd(bn, nn);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnAdd",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "base=%d", base);
! return (-1);
! }
}
return(0);
--- 193,323 ----
* In truth, it would be likely less than 1/2 input string length
* because each byte is represented by 2 chars. If needed,
* buffer size would be increased by Mul/Add functions.
+ * Finally, we can add one byte for 00 or 10 prefix.
*/
! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1);
if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnRevLookupTable",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", len / 2 + 1);
! return (-1);
! }
!
! /* figure out if it is positive or negative number */
! positive = 1;
! i = 0;
! while(i < len) {
! ch = str[i++];
!
! /* skip spaces */
! if(isspace(ch)) {
! continue;
! }
!
! /* check if it is + or - */
! if(ch == '+') {
! positive = 1;
! break;
! } else if(ch == '-') {
! positive = 0;
! break;
! }
!
! /* otherwise, it must be start of the number */
! nn = xmlSecBnLookupTable[ch];
! if((nn >= 0) && ((xmlSecSize)nn < base)) {
! xmlSecAssert2(i > 0, -1);
!
! /* no sign, positive by default */
! positive = 1;
! --i; /* make sure that we will look at this character in next loop */
! break;
! } else {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "char=%c;base=%d",
! ch, base);
! return (-1);
! }
! }
!
! /* now parse the number itself */
! while(i < len) {
! ch = str[i++];
! if(isspace(ch)) {
! continue;
! }
!
! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
! nn = xmlSecBnLookupTable[ch];
! if((nn < 0) || ((xmlSecSize)nn > base)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "char=%c;base=%d",
! ch, base);
! return (-1);
! }
!
! ret = xmlSecBnMul(bn, base);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnMul",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "base=%d", base);
! return (-1);
! }
!
! ret = xmlSecBnAdd(bn, nn);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnAdd",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "base=%d", base);
! return (-1);
! }
}
! /* check if we need to add 00 prefix */
! data = xmlSecBufferGetData(bn);
! size = xmlSecBufferGetSize(bn);
! if((size > 0 && data[0] > 127)||(size==0)) {
! ch = 0;
! ret = xmlSecBufferPrepend(bn, &ch, 1);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBufferPrepend",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "base=%d", base);
! return (-1);
! }
! }
!
! /* do 2's compliment and add 1 to represent negative value */
! if(positive == 0) {
! data = xmlSecBufferGetData(bn);
! size = xmlSecBufferGetSize(bn);
! for(i = 0; i < size; ++i) {
! data[i] ^= 0xFF;
! }
!
! ret = xmlSecBnAdd(bn, 1);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnAdd",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "base=%d", base);
! return (-1);
! }
}
return(0);
***************
*** 256,263 ****
*/
xmlChar*
xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
xmlChar* res;
! xmlSecSize i, len;
int nn;
xmlChar ch;
--- 335,346 ----
*/
xmlChar*
xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
+ xmlSecBn bn2;
+ int positive = 1;
xmlChar* res;
! xmlSecSize i, len, size;
! xmlSecByte* data;
! int ret;
int nn;
xmlChar ch;
***************
*** 265,299 ****
xmlSecAssert2(base > 1, NULL);
xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
/* Result string len is
* len = log base (256) * <bn size>
* Since the smallest base == 2 then we can get away with
* len = 8 * <bn size>
*/
! len = 8 * xmlSecBufferGetSize(bn) + 1;
res = (xmlChar*)xmlMalloc(len + 1);
if(res == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_MALLOC_FAILED,
! "len=%d", len);
! return (NULL);
}
memset(res, 0, len + 1);
! for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) {
! if(xmlSecBnDiv(bn, base, &nn) < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnDiv",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "base=%d", base);
! xmlFree(res);
! return (NULL);
! }
! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
! res[i] = xmlSecBnRevLookupTable[nn];
}
xmlSecAssert2(i < len, NULL);
--- 348,433 ----
xmlSecAssert2(base > 1, NULL);
xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
+
+ /* copy bn */
+ data = xmlSecBufferGetData(bn);
+ size = xmlSecBufferGetSize(bn);
+ ret = xmlSecBnInitialize(&bn2, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return (NULL);
+ }
+
+ ret = xmlSecBnSetData(&bn2, data, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlSecBnFinalize(&bn2);
+ return (NULL);
+ }
+
+ /* check if it is a negative number or not */
+ data = xmlSecBufferGetData(&bn2);
+ size = xmlSecBufferGetSize(&bn2);
+ if((size > 0) && (data[0] > 127)) {
+ /* subtract 1 and do 2's compliment */
+ ret = xmlSecBnAdd(&bn2, -1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlSecBnFinalize(&bn2);
+ return (NULL);
+ }
+ for(i = 0; i < size; ++i) {
+ data[i] ^= 0xFF;
+ }
+
+ positive = 0;
+ } else {
+ positive = 1;
+ }
+
/* Result string len is
* len = log base (256) * <bn size>
* Since the smallest base == 2 then we can get away with
* len = 8 * <bn size>
*/
! len = 8 * size + 1 + 1;
res = (xmlChar*)xmlMalloc(len + 1);
if(res == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_MALLOC_FAILED,
! "len=%d", len);
! xmlSecBnFinalize(&bn2);
! return (NULL);
}
memset(res, 0, len + 1);
! for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) {
! if(xmlSecBnDiv(&bn2, base, &nn) < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnDiv",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "base=%d", base);
! xmlFree(res);
! xmlSecBnFinalize(&bn2);
! return (NULL);
! }
! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
! res[i] = xmlSecBnRevLookupTable[nn];
}
xmlSecAssert2(i < len, NULL);
***************
*** 301,313 ****
for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
res[len] = '\0';
/* swap the string because we wrote it in reverse order */
for(i = 0; i < len / 2; i++) {
! ch = res[i];
! res[i] = res[len - i - 1];
! res[len - i - 1] = ch;
}
return(res);
}
--- 435,454 ----
for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
res[len] = '\0';
+ /* add "-" for negative numbers */
+ if(positive == 0) {
+ res[len] = '-';
+ res[++len] = '\0';
+ }
+
/* swap the string because we wrote it in reverse order */
for(i = 0; i < len / 2; i++) {
! ch = res[i];
! res[i] = res[len - i - 1];
! res[len - i - 1] = ch;
}
+ xmlSecBnFinalize(&bn2);
return(res);
}
***************
*** 392,398 ****
}
data = xmlSecBufferGetData(bn);
! for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) {
xmlSecAssert2(data != NULL, -1);
over = over + multiplier * data[--i];
--- 533,541 ----
}
data = xmlSecBufferGetData(bn);
! i = xmlSecBufferGetSize(bn);
! over = 0;
! while(i > 0) {
xmlSecAssert2(data != NULL, -1);
over = over + multiplier * data[--i];
***************
*** 487,529 ****
*/
int
xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
! int over;
xmlSecByte* data;
xmlSecSize i;
xmlSecByte ch;
int ret;
xmlSecAssert2(bn != NULL, -1);
- xmlSecAssert2(delta >= 0, -1);
if(delta == 0) {
! return(0);
}
data = xmlSecBufferGetData(bn);
! for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) {
! xmlSecAssert2(data != NULL, -1);
! over += data[--i];
! data[i] = over % 256;
! over = over / 256;
! }
! while(over > 0) {
! ch = over % 256;
! over = over / 256;
! ret = xmlSecBufferPrepend(bn, &ch, 1);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBufferPrepend",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=1");
! return (-1);
! }
}
-
return(0);
}
--- 630,686 ----
*/
int
xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
! int over, tmp;
xmlSecByte* data;
xmlSecSize i;
xmlSecByte ch;
int ret;
xmlSecAssert2(bn != NULL, -1);
if(delta == 0) {
! return(0);
}
data = xmlSecBufferGetData(bn);
! if(delta > 0) {
! for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) {
! xmlSecAssert2(data != NULL, -1);
! tmp = data[--i];
! over += tmp;
! data[i] = over % 256;
! over = over / 256;
! }
! while(over > 0) {
! ch = over % 256;
! over = over / 256;
! ret = xmlSecBufferPrepend(bn, &ch, 1);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBufferPrepend",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=1");
! return (-1);
! }
! }
! } else {
! for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) {
! xmlSecAssert2(data != NULL, -1);
!
! tmp = data[--i];
! if(tmp < over) {
! data[i] = 0;
! over = (over - tmp) / 256;
! } else {
! data[i] = tmp - over;
! over = 0;
! }
! }
}
return(0);
}
***************
*** 787,793 ****
}
if(addLineBreaks) {
! xmlNodeAddContent(cur, BAD_CAST "\n");
}
switch(format) {
--- 944,950 ----
}
if(addLineBreaks) {
! xmlNodeAddContent(cur, xmlSecStringCR);
}
switch(format) {
***************
*** 833,839 ****
}
if(addLineBreaks) {
! xmlNodeAddContent(cur, BAD_CAST "\n");
}
return(0);
--- 990,996 ----
}
if(addLineBreaks) {
! xmlNodeAddContent(cur, xmlSecStringCR);
}
return(0);
*** misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 16:57:20.000000000 +0100
--- misc/build/xmlsec1-1.2.6/src/dl.c 2005-05-09 19:54:13.189631170 +0200
***************
*** 329,334 ****
--- 329,338 ----
xmlSecCryptoDLInit(void) {
int ret;
+ /* use xmlMalloc/xmlFree */
+ xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
+ xmlsec_lt_dlfree = xmlSecCryptoDLFree;
+
ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass());
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
***************
*** 350,358 ****
}
/* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */
- /* use xmlMalloc/xmlFree */
- xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
- xmlsec_lt_dlfree = xmlSecCryptoDLFree;
return(0);
}
--- 354,359 ----
*** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2005-05-09 19:55:57.223856925 +0200
--- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2005-05-09 19:54:13.190631085 +0200
***************
*** 1 ****
! dummy
--- 1,235 ----
! /**
! * XMLSec library
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright.........................
! */
! #include "globals.h"
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/keys.h>
! #include <xmlsec/transforms.h>
! #include <xmlsec/errors.h>
!
! #include <xmlsec/mscrypto/crypto.h>
! #include <xmlsec/mscrypto/keysstore.h>
! #include <xmlsec/mscrypto/akmngr.h>
! #include <xmlsec/mscrypto/x509.h>
!
! /**
! * xmlSecMSCryptoAppliedKeysMngrCreate:
! * @hKeyStore: the pointer to key store.
! * @hCertStore: the pointer to certificate database.
! *
! * Create and load key store and certificate database into keys manager
! *
! * Returns keys manager pointer on success or NULL otherwise.
! */
! xmlSecKeysMngrPtr
! xmlSecMSCryptoAppliedKeysMngrCreate(
! HCERTSTORE hKeyStore ,
! HCERTSTORE hCertStore
! ) {
! xmlSecKeyDataStorePtr certStore = NULL ;
! xmlSecKeysMngrPtr keyMngr = NULL ;
! xmlSecKeyStorePtr keyStore = NULL ;
!
! keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
! if( keyStore == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeyStoreCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return NULL ;
! }
!
! /*-
! * At present, MS Crypto engine do not provide a way to setup a key store.
! */
! if( keyStore != NULL ) {
! //TODO: binding key store.
! }
!
! keyMngr = xmlSecKeysMngrCreate() ;
! if( keyMngr == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyStoreDestroy( keyStore ) ;
! return NULL ;
! }
!
! /*-
! * Add key store to manager, from now on keys manager destroys the store if
! * needed
! */
! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
! "xmlSecKeysMngrAdoptKeyStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyStoreDestroy( keyStore ) ;
! xmlSecKeysMngrDestroy( keyMngr ) ;
! return NULL ;
! }
!
! /*-
! * Initialize crypto library specific data in keys manager
! */
! if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecMSCryptoKeysMngrInit" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeysMngrDestroy( keyMngr ) ;
! return NULL ;
! }
!
! /*-
! * Set certificate databse to X509 key data store
! */
! /*-
! * At present, MS Crypto engine do not provide a way to setup a cert store.
! */
!
! /*-
! * Set the getKey callback
! */
! keyMngr->getKey = xmlSecKeysMngrGetKey ;
!
! return keyMngr ;
! }
!
! int
! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! HCRYPTKEY symKey
! ) {
! //TODO: import the key into keys manager.
! return(0) ;
! }
!
! int
! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! HCRYPTKEY pubKey
! ) {
! //TODO: import the key into keys manager.
! return(0) ;
! }
!
! int
! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! HCRYPTKEY priKey
! ) {
! //TODO: import the key into keys manager.
! return(0) ;
! }
!
! int
! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
! xmlSecKeysMngrPtr mngr ,
! HCERTSTORE keyStore
! ) {
! xmlSecKeyDataStorePtr x509Store ;
!
! xmlSecAssert2( mngr != NULL, -1 ) ;
! xmlSecAssert2( keyStore != NULL, -1 ) ;
!
! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
! if( x509Store == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrGetDataStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 ) ;
! }
!
! if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 ) ;
! }
!
! return( 0 ) ;
! }
!
! int
! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
! xmlSecKeysMngrPtr mngr ,
! HCERTSTORE trustedStore
! ) {
! xmlSecKeyDataStorePtr x509Store ;
!
! xmlSecAssert2( mngr != NULL, -1 ) ;
! xmlSecAssert2( trustedStore != NULL, -1 ) ;
!
! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
! if( x509Store == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrGetDataStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 ) ;
! }
!
! if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 ) ;
! }
!
! return( 0 ) ;
! }
!
! int
! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
! xmlSecKeysMngrPtr mngr ,
! HCERTSTORE untrustedStore
! ) {
! xmlSecKeyDataStorePtr x509Store ;
!
! xmlSecAssert2( mngr != NULL, -1 ) ;
! xmlSecAssert2( untrustedStore != NULL, -1 ) ;
!
! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
! if( x509Store == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrGetDataStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 ) ;
! }
!
! if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 ) ;
! }
!
! return( 0 ) ;
! }
!
*** misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 06:06:43.000000000 +0100
--- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2005-05-09 19:54:13.192630917 +0200
***************
*** 41,46 ****
--- 41,47 ----
* a public key from xml document is provided, we need HCRYPTKEY.... The focus
* now is however directed to certificates. Wouter
*/
+ /** replaced by a wrapper style for WINNT 4.0
struct _xmlSecMSCryptoKeyDataCtx {
HCRYPTPROV hProv;
BOOL fCallerFreeProv;
***************
*** 51,56 ****
--- 52,175 ----
HCRYPTKEY hKey;
xmlSecKeyDataType type;
};
+ */
+ /*-
+ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is
+ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support
+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
+ */
+ struct _mscrypt_key {
+ HCRYPTKEY hKey ;
+ int refcnt ;
+ } ;
+
+ /*-
+ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is
+ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support
+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
+ */
+ struct _mscrypt_prov {
+ HCRYPTPROV hProv ;
+ BOOL freeprov ;
+ int refcnt ;
+ } ;
+
+ struct _xmlSecMSCryptoKeyDataCtx {
+ struct _mscrypt_prov* p_prov ;
+ LPCTSTR providerName;
+ DWORD providerType;
+ PCCERT_CONTEXT pCert;
+ DWORD dwKeySpec;
+ struct _mscrypt_key* p_key ;
+ xmlSecKeyDataType type;
+ };
+
+ struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) {
+ struct _mscrypt_key* pkey ;
+
+ pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ;
+ if( pkey == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ "mscrypt_create_key" ,
+ NULL ,
+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE
+ ) ;
+ }
+
+ pkey->hKey = key ;
+ pkey->refcnt = 1 ;
+
+ return pkey ;
+ }
+
+ struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) {
+ if( key )
+ key->refcnt ++ ;
+
+ return key ;
+ }
+
+ int mscrypt_release_key( struct _mscrypt_key* key ) {
+ if( key ) {
+ key->refcnt -- ;
+ if( !key->refcnt ) {
+ if( key->hKey ) {
+ CryptDestroyKey( key->hKey ) ;
+ key->hKey = 0 ;
+ }
+ xmlFree( key ) ;
+ } else {
+ return key->refcnt ;
+ }
+ }
+
+ return 0 ;
+ }
+
+ struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) {
+ struct _mscrypt_prov* pprov ;
+
+ pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ;
+ if( pprov == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ "mscrypt_create_prov" ,
+ NULL ,
+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE
+ ) ;
+ }
+
+ pprov->hProv = prov ;
+ pprov->freeprov = callerFree ;
+ pprov->refcnt = 1 ;
+
+ return pprov ;
+ }
+
+ struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) {
+ if( prov )
+ prov->refcnt ++ ;
+
+ return prov ;
+ }
+
+ int mscrypt_release_prov( struct _mscrypt_prov* prov ) {
+ if( prov ) {
+ prov->refcnt -- ;
+ if( !prov->refcnt ) {
+ if( prov->hProv && prov->freeprov ) {
+ CryptReleaseContext( prov->hProv, 0 ) ;
+ prov->hProv = 0 ;
+ }
+ xmlFree( prov ) ;
+ } else {
+ return prov->refcnt ;
+ }
+ }
+
+ return 0 ;
+ }
/******************************************************************************
*
***************
*** 88,111 ****
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! if (ctx->hKey != 0) {
! CryptDestroyKey(ctx->hKey);
! ctx->hKey = 0;
! }
if(ctx->pCert != NULL) {
CertFreeCertificateContext(ctx->pCert);
ctx->pCert = NULL;
}
! if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) {
! CryptReleaseContext(ctx->hProv, 0);
! ctx->hProv = 0;
! ctx->fCallerFreeProv = FALSE;
! } else {
! ctx->hProv = 0;
! ctx->fCallerFreeProv = FALSE;
! }
ctx->type = type;
--- 207,226 ----
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! if( ctx->p_key != 0 ) {
! mscrypt_release_key( ctx->p_key ) ;
! }
! ctx->p_key = mscrypt_create_key( 0 ) ;
if(ctx->pCert != NULL) {
CertFreeCertificateContext(ctx->pCert);
ctx->pCert = NULL;
}
! if( ( ctx->p_prov ) ) {
! mscrypt_release_prov( ctx->p_prov ) ;
! }
! ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ;
ctx->type = type;
***************
*** 116,124 ****
if (!CryptAcquireCertificatePrivateKey(pCert,
CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
NULL,
! &(ctx->hProv),
&(ctx->dwKeySpec),
! &(ctx->fCallerFreeProv))) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CryptAcquireCertificatePrivateKey",
--- 231,239 ----
if (!CryptAcquireCertificatePrivateKey(pCert,
CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
NULL,
! &(ctx->p_prov->hProv),
&(ctx->dwKeySpec),
! &(ctx->p_prov->freeprov))) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CryptAcquireCertificatePrivateKey",
***************
*** 127,172 ****
return(-1);
}
} else if((type & xmlSecKeyDataTypePublic) != 0){
! if (!CryptAcquireContext(&(ctx->hProv),
NULL,
! ctx->providerName,
ctx->providerType,
CRYPT_VERIFYCONTEXT)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CryptAcquireContext",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! ctx->dwKeySpec = 0;
! ctx->fCallerFreeProv = TRUE;
} else {
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"Unsupported keytype");
! return(-1);
! }
!
! /* CryptImportPublicKeyInfo is only needed when a real key handle
! * is needed. The key handle is needed for de/encrypting and for
! * verifying of a signature, *not* for signing. We could call
! * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead
! * so no unnessecary calls to CryptImportPublicKeyInfo are being
! * made. WK
! */
! if(!CryptImportPublicKeyInfo(ctx->hProv,
! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
! &(pCert->pCertInfo->SubjectPublicKeyInfo),
! &(ctx->hKey))) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CryptImportPublicKeyInfo",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
}
ctx->pCert = pCert;
--- 242,280 ----
return(-1);
}
} else if((type & xmlSecKeyDataTypePublic) != 0){
! if (!CryptAcquireContext(&(ctx->p_prov->hProv),
NULL,
! NULL, /*AF: replaces "ctx->providerName" with "NULL" */
ctx->providerType,
CRYPT_VERIFYCONTEXT)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CryptAcquireContext",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! ctx->dwKeySpec = 0;
! ctx->p_prov->freeprov = TRUE;
!
! if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv,
! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
! &(pCert->pCertInfo->SubjectPublicKeyInfo),
! &(ctx->p_key->hKey) ) ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CryptImportPublicKeyInfo",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
} else {
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"Unsupported keytype");
! return(-1);
}
ctx->pCert = pCert;
***************
*** 190,218 ****
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! if(ctx->hKey != 0) {
! CryptDestroyKey(ctx->hKey);
! ctx->hKey = 0;
! }
if(ctx->pCert != NULL) {
CertFreeCertificateContext(ctx->pCert);
ctx->pCert = NULL;
}
! if((ctx->hProv != 0) && ctx->fCallerFreeProv) {
! CryptReleaseContext(ctx->hProv, 0);
! ctx->hProv = 0;
! ctx->fCallerFreeProv = FALSE;
! } else {
! ctx->hProv = 0;
! ctx->fCallerFreeProv = FALSE;
! }
! ctx->hProv = hProv;
! ctx->fCallerFreeProv = fCallerFreeProv;
ctx->dwKeySpec = dwKeySpec;
! ctx->hKey = hKey;
ctx->type = type;
return(0);
--- 298,323 ----
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! if( ctx->p_key != 0 ) {
! mscrypt_release_key( ctx->p_key ) ;
! ctx->p_key = NULL ;
! }
if(ctx->pCert != NULL) {
CertFreeCertificateContext(ctx->pCert);
ctx->pCert = NULL;
}
! if( ( ctx->p_prov ) ) {
! mscrypt_release_prov( ctx->p_prov ) ;
! ctx->p_prov = NULL ;
! } else {
! ctx->p_prov = NULL ;
! }
! ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ;
ctx->dwKeySpec = dwKeySpec;
! ctx->p_key = mscrypt_create_key( hKey ) ;
ctx->type = type;
return(0);
***************
*** 238,244 ****
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, 0);
! return(ctx->hKey);
}
/**
--- 343,349 ----
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, 0);
! return( ctx->p_key ? ctx->p_key->hKey : 0 );
}
/**
***************
*** 273,279 ****
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, 0);
! return(ctx->hProv);
}
DWORD
--- 378,384 ----
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, 0);
! return( ctx->p_prov ? ctx->p_prov->hProv : 0 );
}
DWORD
***************
*** 316,340 ****
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- }
-
- if (ctxSrc->hKey != 0) {
- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CryptDuplicateKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
}
! if(ctxSrc->hProv != 0) {
! CryptContextAddRef(ctxSrc->hProv, NULL, 0);
! ctxDst->hProv = ctxSrc->hProv;
! ctxDst->fCallerFreeProv = TRUE;
! } else {
! ctxDst->hProv = 0;
! ctxDst->fCallerFreeProv = FALSE;
}
ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
--- 421,456 ----
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
!
! if( ctxSrc->p_key ) {
! if( ctxDst->p_key )
! mscrypt_release_key( ctxDst->p_key ) ;
!
! ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ;
! if( !ctxDst->p_key ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
! "mscrypt_acquire_key",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! }
!
! if( ctxSrc->p_prov ) {
! if( ctxDst->p_prov )
! mscrypt_release_prov( ctxDst->p_prov ) ;
!
! ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ;
! if( !ctxDst->p_prov ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
! "mscrypt_acquire_prov",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
}
ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
***************
*** 355,370 ****
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert(ctx != NULL);
! if (ctx->hKey != 0) {
! CryptDestroyKey(ctx->hKey);
}
if(ctx->pCert != NULL) {
CertFreeCertificateContext(ctx->pCert);
}
! if ((ctx->hProv != 0) && ctx->fCallerFreeProv) {
! CryptReleaseContext(ctx->hProv, 0);
}
memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
--- 471,486 ----
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert(ctx != NULL);
! if( ctx->p_key ) {
! mscrypt_release_key( ctx->p_key ) ;
}
if(ctx->pCert != NULL) {
CertFreeCertificateContext(ctx->pCert);
}
! if( ctx->p_prov ) {
! mscrypt_release_prov( ctx->p_prov ) ;
}
memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
***************
*** 384,397 ****
xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0);
return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&(ctx->pCert->pCertInfo->SubjectPublicKeyInfo)));
! } else if (ctx->hKey != 0) {
DWORD length = 0;
DWORD lenlen = sizeof(DWORD);
!
! if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
! "CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(0);
--- 500,513 ----
xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0);
return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&(ctx->pCert->pCertInfo->SubjectPublicKeyInfo)));
! } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) {
DWORD length = 0;
DWORD lenlen = sizeof(DWORD);
!
! if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
! "CryptGetKeyParam",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(0);
***************
*** 938,946 ****
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(ctx->hKey != 0, -1);
! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"CryptExportKey",
--- 1054,1063 ----
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(ctx->p_key != 0, -1);
! xmlSecAssert2(ctx->p_key->hKey != 0, -1);
! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"CryptExportKey",
***************
*** 960,966 ****
}
blob = xmlSecBufferGetData(&buf);
! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"CryptExportKey",
--- 1077,1083 ----
}
blob = xmlSecBufferGetData(&buf);
! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"CryptExportKey",
***************
*** 1797,1805 ****
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(ctx->hKey != 0, -1);
! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"CryptExportKey",
--- 1914,1923 ----
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(ctx->p_key != 0, -1);
! xmlSecAssert2(ctx->p_key->hKey != 0, -1);
! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"CryptExportKey",
***************
*** 1819,1825 ****
}
blob = xmlSecBufferGetData(&buf);
! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"CryptExportKey",
--- 1937,1943 ----
}
blob = xmlSecBufferGetData(&buf);
! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"CryptExportKey",
***************
*** 2010,2016 ****
HCRYPTKEY hKey = 0;
DWORD dwKeySpec;
DWORD dwSize;
- int res = -1;
int ret;
xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
--- 2128,2133 ----
***************
*** 2043,2054 ****
dwKeySpec = AT_SIGNATURE;
dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"CryptGenKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
}
ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
--- 2160,2173 ----
dwKeySpec = AT_SIGNATURE;
dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"CryptGenKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
! if (hProv != 0)
! CryptReleaseContext(hProv, 0);
! return -1 ;
}
ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
***************
*** 2059,2082 ****
"xmlSecMSCryptoKeyDataAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
! hProv = 0;
! hKey = 0;
! /* success */
! res = 0;
!
! done:
! if (hProv != 0) {
! CryptReleaseContext(ctx->hProv, 0);
}
! if (hKey != 0) {
! CryptDestroyKey(hKey);
! }
!
! return(res);
}
static xmlSecKeyDataType
--- 2178,2194 ----
"xmlSecMSCryptoKeyDataAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
! if( hKey != 0 )
! CryptDestroyKey( hKey ) ;
! if( hProv != 0 )
! CryptReleaseContext( hProv, 0 ) ;
! return -1 ;
}
+ hProv = 0 ;
+ hKey = 0 ;
! return 0 ;
}
static xmlSecKeyDataType
*** misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 03:38:51.000000000 +0100
--- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2005-05-09 19:54:13.193630832 +0200
***************
*** 330,342 ****
BYTE*
xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
BYTE* str = NULL;
!
xmlSecAssert2(pszX500 != NULL, NULL);
xmlSecAssert2(len != NULL, NULL);
if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
! NULL, NULL, len, NULL)) {
/* this might not be an error, string might just not exist */
return(NULL);
}
--- 330,344 ----
BYTE*
xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
BYTE* str = NULL;
! LPCTSTR ppszError = NULL;
!
xmlSecAssert2(pszX500 != NULL, NULL);
xmlSecAssert2(len != NULL, NULL);
if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
! NULL, NULL, len, &ppszError)) {
/* this might not be an error, string might just not exist */
+ DWORD dw = GetLastError();
return(NULL);
}
*** misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 02:58:13.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2005-05-09 19:54:13.195630664 +0200
***************
*** 1572,1577 ****
--- 1572,1578 ----
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecMSCryptoX509DataCtxPtr ctx;
xmlSecKeyDataStorePtr x509Store;
+ PCCERT_CONTEXT pCert ;
int ret;
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
***************
*** 1610,1615 ****
--- 1611,1619 ----
return(-1);
}
+ /*-
+ * Get Public key from cert, which does not always work for sign action.
+ *
keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert);
if(keyValue == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
***************
*** 1619,1624 ****
--- 1623,1673 ----
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
+ */
+
+ /*-
+ * I'll search key according to KeyReq.
+ */
+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
+ if( pCert == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ CertFreeCertificateContext( pCert ) ;
+ return(-1);
+ }
+ pCert = NULL ;
+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ CertFreeCertificateContext( pCert ) ;
+ return(-1);
+ }
+ pCert = NULL ;
+ }
+
+
/* verify that the key matches our expectations */
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
***************
*** 1882,1888 ****
xmlSecAssert2(nm->pbData != NULL, NULL);
xmlSecAssert2(nm->cbData > 0, NULL);
! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0);
str = (char *)xmlMalloc(csz);
if (NULL == str) {
xmlSecError(XMLSEC_ERRORS_HERE,
--- 1931,1937 ----
xmlSecAssert2(nm->pbData != NULL, NULL);
xmlSecAssert2(nm->cbData > 0, NULL);
! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
str = (char *)xmlMalloc(csz);
if (NULL == str) {
xmlSecError(XMLSEC_ERRORS_HERE,
***************
*** 1893,1899 ****
return (NULL);
}
! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz);
if (csz < 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
--- 1942,1948 ----
return (NULL);
}
! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz);
if (csz < 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
***************
*** 1904,1920 ****
return(NULL);
}
! res = xmlStrdup(BAD_CAST str);
! if(res == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlStrdup",
! XMLSEC_ERRORS_R_MALLOC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! xmlFree(str);
! return(NULL);
}
-
xmlFree(str);
return(res);
}
--- 1953,1989 ----
return(NULL);
}
! /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead.
! * don't ask me how is it possible not to read something you wrote yourself but also
! * see comment in the xmlSecMSCryptoX509FindCert function.
! */
! if(strncmp(str, "E=", 2) == 0) {
! res = xmlMalloc(strlen(str) + 13 + 1);
! if(res == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlMalloc",
! XMLSEC_ERRORS_R_MALLOC_FAILED,
! "size=%d",
! strlen(str) + 13 + 1);
! xmlFree(str);
! return(NULL);
! }
!
! memcpy(res, "emailAddress=", 13);
! strcpy(res + 13, BAD_CAST (str + 2));
! } else {
! res = xmlStrdup(BAD_CAST str);
! if(res == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlStrdup",
! XMLSEC_ERRORS_R_MALLOC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! xmlFree(str);
! return(NULL);
! }
}
xmlFree(str);
return(res);
}
*** misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 05:12:22.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2005-05-09 19:54:13.197630495 +0200
***************
*** 125,130 ****
--- 125,131 ----
xmlChar *issuerName, xmlChar *issuerSerial,
xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecMSCryptoX509StoreCtxPtr ctx;
+ PCCERT_CONTEXT pCert ;
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
***************
*** 132,141 ****
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->untrusted != NULL, NULL);
! return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski));
! }
static void
xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
--- 133,149 ----
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->untrusted != NULL, NULL);
+ xmlSecAssert2(ctx->trusted != NULL, NULL);
! pCert = NULL ;
! if( ctx->untrusted != NULL )
! pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ;
!
! if( ctx->trusted != NULL && pCert == NULL )
! pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ;
+ return( pCert ) ;
+ }
static void
xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
***************
*** 252,268 ****
}
static BOOL
! xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs,
! xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecMSCryptoX509StoreCtxPtr ctx;
PCCERT_CONTEXT issuerCert = NULL;
FILETIME fTime;
DWORD flags;
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
xmlSecAssert2(cert != NULL, FALSE);
xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
! xmlSecAssert2(certs != NULL, FALSE);
xmlSecAssert2(keyInfoCtx != NULL, FALSE);
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
--- 260,281 ----
}
static BOOL
! xmlSecMSCryptoX509StoreConstructCertsChain(
! xmlSecKeyDataStorePtr store ,
! PCCERT_CONTEXT cert ,
! HCERTSTORE certStore ,
! xmlSecKeyInfoCtx* keyInfoCtx
! ) {
xmlSecMSCryptoX509StoreCtxPtr ctx;
PCCERT_CONTEXT issuerCert = NULL;
FILETIME fTime;
DWORD flags;
+ BOOL selfSigned ;
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
xmlSecAssert2(cert != NULL, FALSE);
xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
! xmlSecAssert2(certStore != NULL, FALSE);
xmlSecAssert2(keyInfoCtx != NULL, FALSE);
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
***************
*** 283,342 ****
return(FALSE);
}
! if (!xmlSecMSCryptoCheckRevocation(certs, cert)) {
return(FALSE);
}
! /* try the untrusted certs in the chain */
! issuerCert = CertFindCertificateInStore(certs,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
! &(cert->pCertInfo->Issuer),
NULL);
! if(issuerCert == cert) {
! /* self signed cert, forget it */
! CertFreeCertificateContext(issuerCert);
! } else if(issuerCert != NULL) {
! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
! CertFreeCertificateContext(issuerCert);
! return(FALSE);
! }
! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
! CertFreeCertificateContext(issuerCert);
! return(FALSE);
! }
! CertFreeCertificateContext(issuerCert);
! return(TRUE);
}
! /* try the untrusted certs in the store */
! issuerCert = CertFindCertificateInStore(ctx->untrusted,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
&(cert->pCertInfo->Issuer),
NULL);
! if(issuerCert == cert) {
! /* self signed cert, forget it */
! CertFreeCertificateContext(issuerCert);
! } else if(issuerCert != NULL) {
! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
! CertFreeCertificateContext(issuerCert);
! return(FALSE);
! }
! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
! CertFreeCertificateContext(issuerCert);
! return(FALSE);
}
- CertFreeCertificateContext(issuerCert);
- return(TRUE);
- }
/* try to find issuer cert in the trusted cert in the store */
issuerCert = CertFindCertificateInStore(ctx->trusted,
--- 296,380 ----
return(FALSE);
}
! if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) {
return(FALSE);
}
! /*-
! * Firstly try to find the cert in the trusted cert store. We will trust
! * the certificate in the trusted store.
! */
! issuerCert = CertFindCertificateInStore(ctx->trusted,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
! &(cert->pCertInfo->Subject),
NULL);
! if( issuerCert != NULL ) {
! /* We have found the trusted cert, so return true */
! CertFreeCertificateContext( issuerCert ) ;
! return( TRUE ) ;
}
! /* Check whether the certificate is self signed certificate */
! selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ;
!
! /* try the untrusted certs in the chain */
! if( !selfSigned ) {
! issuerCert = CertFindCertificateInStore(certStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
&(cert->pCertInfo->Issuer),
NULL);
! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
! /* self signed cert, forget it */
! CertFreeCertificateContext(issuerCert);
! } else if(issuerCert != NULL) {
! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
! CertFreeCertificateContext(issuerCert);
! return(FALSE);
! }
! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
! CertFreeCertificateContext(issuerCert);
! return(FALSE);
! }
!
! CertFreeCertificateContext(issuerCert);
! return(TRUE);
! }
! }
!
! /* try the untrusted certs in the store */
! if( !selfSigned ) {
! issuerCert = CertFindCertificateInStore(ctx->untrusted,
! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
! 0,
! CERT_FIND_SUBJECT_NAME,
! &(cert->pCertInfo->Issuer),
! NULL);
! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
! /* self signed cert, forget it */
! CertFreeCertificateContext(issuerCert);
! } else if(issuerCert != NULL) {
! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
! CertFreeCertificateContext(issuerCert);
! return(FALSE);
! }
! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
! CertFreeCertificateContext(issuerCert);
! return(FALSE);
! }
!
! CertFreeCertificateContext(issuerCert);
! return(TRUE);
! }
}
/* try to find issuer cert in the trusted cert in the store */
issuerCert = CertFindCertificateInStore(ctx->trusted,
***************
*** 379,404 ****
xmlSecAssert2(certs != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
! while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){
! PCCERT_CONTEXT nextCert = NULL;
! xmlSecAssert2(cert->pCertInfo != NULL, NULL);
! /* if cert is the issuer of any other cert in the list, then it is
! * to be skipped */
! nextCert = CertFindCertificateInStore(certs,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_ISSUER_NAME,
&(cert->pCertInfo->Subject),
! NULL);
! if(nextCert != NULL) {
! CertFreeCertificateContext(nextCert);
! continue;
! }
! if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
! return(cert);
! }
}
return (NULL);
--- 417,463 ----
xmlSecAssert2(certs != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
! while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) {
! PCCERT_CONTEXT nextCert ;
! unsigned char selected ;
! xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ;
! /* if cert is the issuer of any other cert in the list, then it is
! * to be skipped except that the cert list only have one self-signed
! * certificate.
! */
! for( selected = 0, nextCert = NULL ; ; ) {
! nextCert = CertFindCertificateInStore( certs,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_ISSUER_NAME,
&(cert->pCertInfo->Subject),
! nextCert ) ;
! if( nextCert != NULL ) {
! if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) {
! selected = 1 ;
! continue ;
! } else {
! selected = 0 ;
! break ;
! }
! } else {
! selected = 1 ;
! break ;
! }
! }
!
! if( nextCert != NULL )
! CertFreeCertificateContext( nextCert ) ;
!
! if( !selected ) {
! continue ;
! }
!
! if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) {
! return( cert ) ;
! }
}
return (NULL);
***************
*** 458,466 ****
--- 517,642 ----
return(0);
}
+ int
+ xmlSecMSCryptoX509StoreAdoptKeyStore (
+ xmlSecKeyDataStorePtr store,
+ HCERTSTORE keyStore
+ ) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+ xmlSecAssert2( keyStore != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->trusted != NULL, -1);
+
+ if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ {
+ PCCERT_CONTEXT ptCert ;
+
+ ptCert = NULL ;
+ while( 1 ) {
+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
+ if( ptCert == NULL )
+ break ;
+ }
+ }
+
+ return(0);
+ }
+
+ int
+ xmlSecMSCryptoX509StoreAdoptTrustedStore (
+ xmlSecKeyDataStorePtr store,
+ HCERTSTORE trustedStore
+ ) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+ xmlSecAssert2( trustedStore != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->trusted != NULL, -1);
+
+ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ {
+ PCCERT_CONTEXT ptCert ;
+
+ ptCert = NULL ;
+ while( 1 ) {
+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
+ if( ptCert == NULL )
+ break ;
+ }
+ }
+
+ return(0);
+ }
+
+ int
+ xmlSecMSCryptoX509StoreAdoptUntrustedStore (
+ xmlSecKeyDataStorePtr store,
+ HCERTSTORE untrustedStore
+ ) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+ xmlSecAssert2( untrustedStore != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->untrusted != NULL, -1);
+
+ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ {
+ PCCERT_CONTEXT ptCert ;
+
+ ptCert = NULL ;
+ while( 1 ) {
+ ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ;
+ if( ptCert == NULL )
+ break ;
+ }
+ }
+
+ return(0);
+ }
+
static int
xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) {
xmlSecMSCryptoX509StoreCtxPtr ctx;
+ HCERTSTORE hTrustedMemStore ;
+ HCERTSTORE hUntrustedMemStore ;
+
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
***************
*** 468,503 ****
memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
/* create trusted certs store */
! ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_STORE_CREATE_NEW_FLAG,
NULL);
! if(ctx->trusted == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"CertOpenStore",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
! /* create trusted certs store */
! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_STORE_CREATE_NEW_FLAG,
NULL);
! if(ctx->untrusted == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"CertOpenStore",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
--- 644,747 ----
memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
+ /* create trusted certs store collection */
+ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
+ 0,
+ NULL,
+ 0,
+ NULL);
+ if(ctx->trusted == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* create trusted certs store */
! hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_STORE_CREATE_NEW_FLAG,
NULL);
! if(hTrustedMemStore == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"CertOpenStore",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ ctx->trusted = NULL ;
return(-1);
}
! /* add the memory trusted certs store to trusted certs store collection */
! if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! "CertAddStoreToCollection",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
! ctx->trusted = NULL ;
! return(-1);
! }
! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
!
! /* create untrusted certs store collection */
! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
! 0,
! NULL,
! 0,
! NULL);
! if(ctx->untrusted == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! "CertOpenStore",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
! ctx->trusted = NULL ;
! return(-1);
! }
!
! /* create untrusted certs store */
! hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_STORE_CREATE_NEW_FLAG,
NULL);
! if(hUntrustedMemStore == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"CertOpenStore",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ ctx->trusted = NULL ;
+ ctx->untrusted = NULL ;
return(-1);
}
+ /* add the memory trusted certs store to untrusted certs store collection */
+ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+ ctx->trusted = NULL ;
+ ctx->untrusted = NULL ;
+ return(-1);
+ }
+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+
return(0);
}
***************
*** 567,576 ****
--- 811,851 ----
if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
xmlSecBn issuerSerialBn;
+ xmlChar * p;
CERT_NAME_BLOB cnb;
+ CRYPT_INTEGER_BLOB cib;
BYTE *cName = NULL;
DWORD cNameLen = 0;
+
+ /* aleksey: for some unknown to me reasons, mscrypto wants Email
+ * instead of emailAddress. This code is not bullet proof and may
+ * produce incorrect results if someone has "emailAddress=" string
+ * in one of the fields, but it is best I can suggest to fix this problem.
+ * Also see xmlSecMSCryptoX509NameWrite function.
+ */
+ while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) {
+ memcpy(p, " Email=", 13);
+ }
+
+
+
+ /* get issuer name */
+ cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ issuerName,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &cNameLen);
+ if(cName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoCertStrToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+ cnb.pbData = cName;
+ cnb.cbData = cNameLen;
+ /* get serial number */
ret = xmlSecBnInitialize(&issuerSerialBn, 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
***************
*** 578,583 ****
--- 853,859 ----
"xmlSecBnInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(cName);
return(NULL);
}
***************
*** 589,614 ****
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecBnFinalize(&issuerSerialBn);
! return(NULL);
}
! cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
! issuerName,
! CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
! &cNameLen);
! if(cName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
! "xmlSecMSCryptoCertStrToName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecBnFinalize(&issuerSerialBn);
! return (NULL);
}
! cnb.pbData = cName;
! cnb.cbData = cNameLen;
! while((pCert = CertFindCertificateInStore(store,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
0,
CERT_FIND_ISSUER_NAME,
--- 865,894 ----
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecBnFinalize(&issuerSerialBn);
! xmlFree(cName);
! return(NULL);
}
! /* I have no clue why at a sudden a swap is needed to
! * convert from lsb... This code is purely based upon
! * trial and error :( WK
! */
! ret = xmlSecBnReverse(&issuerSerialBn);
! if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
! "xmlSecBnReverse",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecBnFinalize(&issuerSerialBn);
! xmlFree(cName);
! return(NULL);
}
! cib.pbData = xmlSecBufferGetData(&issuerSerialBn);
! cib.cbData = xmlSecBufferGetSize(&issuerSerialBn);
!
! while((pCert = CertFindCertificateInStore(store,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
0,
CERT_FIND_ISSUER_NAME,
***************
*** 622,631 ****
if((pCert->pCertInfo != NULL) &&
(pCert->pCertInfo->SerialNumber.pbData != NULL) &&
(pCert->pCertInfo->SerialNumber.cbData > 0) &&
! (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData,
! pCert->pCertInfo->SerialNumber.cbData))) {
!
! break;
}
}
xmlFree(cName);
--- 902,910 ----
if((pCert->pCertInfo != NULL) &&
(pCert->pCertInfo->SerialNumber.pbData != NULL) &&
(pCert->pCertInfo->SerialNumber.cbData > 0) &&
! (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE)
! ) {
! break;
}
}
xmlFree(cName);
*** misc/xmlsec1-1.2.6/src/nss/akmngr.c 2005-05-09 19:55:57.206858359 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2005-05-09 19:54:13.199630327 +0200
***************
*** 1 ****
! dummy
--- 1,381 ----
! /**
! * XMLSec library
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright.........................
! */
! #include "globals.h"
!
! #include <nspr.h>
! #include <nss.h>
! #include <pk11func.h>
! #include <cert.h>
! #include <keyhi.h>
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/keys.h>
! #include <xmlsec/transforms.h>
! #include <xmlsec/errors.h>
!
! #include <xmlsec/nss/crypto.h>
! #include <xmlsec/nss/tokens.h>
! #include <xmlsec/nss/akmngr.h>
! #include <xmlsec/nss/pkikeys.h>
! #include <xmlsec/nss/ciphers.h>
! #include <xmlsec/nss/keysstore.h>
!
! /**
! * xmlSecNssAppliedKeysMngrCreate:
! * @slot: the pointer to NSS PKCS#11 slot infomation.
! * @handler: the pointer to NSS certificate database.
! *
! * Create and load NSS crypto slot and certificate database into keys manager
! *
! * Returns keys manager pointer on success or NULL otherwise.
! */
! xmlSecKeysMngrPtr
! xmlSecNssAppliedKeysMngrCreate(
! PK11SlotInfo* slot ,
! CERTCertDBHandle* handler
! ) {
! xmlSecKeyDataStorePtr certStore = NULL ;
! xmlSecKeysMngrPtr keyMngr = NULL ;
! xmlSecKeyStorePtr keyStore = NULL ;
!
! keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
! if( keyStore == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeyStoreCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return NULL ;
! }
!
! if( slot != NULL ) {
! xmlSecNssKeySlotPtr keySlot ;
!
! /* Create a key slot */
! keySlot = xmlSecNssKeySlotCreate() ;
! if( keySlot == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
! "xmlSecNssKeySlotCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyStoreDestroy( keyStore ) ;
! return NULL ;
! }
!
! /* Set slot */
! if( xmlSecNssKeySlotSetSlot( keySlot , slot ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
! "xmlSecNssKeySlotSetSlot" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyStoreDestroy( keyStore ) ;
! xmlSecNssKeySlotDestroy( keySlot ) ;
! return NULL ;
! }
!
! /* Adopt keySlot */
! if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
! "xmlSecNssKeysStoreAdoptKeySlot" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyStoreDestroy( keyStore ) ;
! xmlSecNssKeySlotDestroy( keySlot ) ;
! return NULL ;
! }
! }
!
! keyMngr = xmlSecKeysMngrCreate() ;
! if( keyMngr == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyStoreDestroy( keyStore ) ;
! return NULL ;
! }
!
! /*-
! * Add key store to manager, from now on keys manager destroys the store if
! * needed
! */
! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
! "xmlSecKeysMngrAdoptKeyStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyStoreDestroy( keyStore ) ;
! xmlSecKeysMngrDestroy( keyMngr ) ;
! return NULL ;
! }
!
! /*-
! * Initialize crypto library specific data in keys manager
! */
! if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeysMngrDestroy( keyMngr ) ;
! return NULL ;
! }
!
! /*-
! * Set certificate databse to X509 key data store
! */
! /**
! * Because Tej's implementation of certDB use the default DB, so I ignore
! * the certDB handler at present. I'll modify the cert store sources to
! * accept particular certDB instead of default ones.
! certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
! if( certStore == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
! "xmlSecKeysMngrGetDataStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeysMngrDestroy( keyMngr ) ;
! return NULL ;
! }
!
! if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
! "xmlSecNssKeyDataStoreX509SetCertDb" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeysMngrDestroy( keyMngr ) ;
! return NULL ;
! }
! */
!
! /*-
! * Set the getKey callback
! */
! keyMngr->getKey = xmlSecKeysMngrGetKey ;
!
! return keyMngr ;
! }
!
! int
! xmlSecNssAppliedKeysMngrSymKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! PK11SymKey* symKey
! ) {
! xmlSecKeyPtr key ;
! xmlSecKeyDataPtr data ;
! xmlSecKeyStorePtr keyStore ;
!
! xmlSecAssert2( mngr != NULL , -1 ) ;
! xmlSecAssert2( symKey != NULL , -1 ) ;
!
! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
! if( keyStore == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrGetKeysStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1) ;
! }
! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
!
! data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
! if( data == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1) ;
! }
!
! key = xmlSecKeyCreate() ;
! if( key == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! if( xmlSecKeySetValue( key , data ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDestroy( key ) ;
! return(-1) ;
! }
!
! return(0) ;
! }
!
! int
! xmlSecNssAppliedKeysMngrPubKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! SECKEYPublicKey* pubKey
! ) {
! xmlSecKeyPtr key ;
! xmlSecKeyDataPtr data ;
! xmlSecKeyStorePtr keyStore ;
!
! xmlSecAssert2( mngr != NULL , -1 ) ;
! xmlSecAssert2( pubKey != NULL , -1 ) ;
!
! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
! if( keyStore == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrGetKeysStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1) ;
! }
! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
!
! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
! if( data == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssPKIAdoptKey" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1) ;
! }
!
! key = xmlSecKeyCreate() ;
! if( key == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! if( xmlSecKeySetValue( key , data ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDestroy( key ) ;
! return(-1) ;
! }
!
! return(0) ;
! }
!
! int
! xmlSecNssAppliedKeysMngrPriKeyLoad(
! xmlSecKeysMngrPtr mngr ,
! SECKEYPrivateKey* priKey
! ) {
! xmlSecKeyPtr key ;
! xmlSecKeyDataPtr data ;
! xmlSecKeyStorePtr keyStore ;
!
! xmlSecAssert2( mngr != NULL , -1 ) ;
! xmlSecAssert2( priKey != NULL , -1 ) ;
!
! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
! if( keyStore == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeysMngrGetKeysStore" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1) ;
! }
! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
!
! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
! if( data == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssPKIAdoptKey" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1) ;
! }
!
! key = xmlSecKeyCreate() ;
! if( key == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! if( xmlSecKeySetValue( key , data ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSymKeyDataKeyAdopt" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDestroy( key ) ;
! return(-1) ;
! }
!
! return(0) ;
! }
!
*** misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 02:58:15.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2005-05-09 19:54:13.204629905 +0200
***************
*** 1,838 ****
! /**
! * XMLSec library
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
! * Copyright (c) 2003 America Online, Inc. All rights reserved.
! */
#include "globals.h"
#include <string.h>
- #include <nspr.h>
#include <nss.h>
- #include <secoid.h>
#include <pk11func.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
#include <xmlsec/nss/crypto.h>
! #define XMLSEC_NSS_MAX_KEY_SIZE 32
! #define XMLSEC_NSS_MAX_IV_SIZE 32
! #define XMLSEC_NSS_MAX_BLOCK_SIZE 32
!
! /**************************************************************************
! *
! * Internal Nss Block cipher CTX
*
! *****************************************************************************/
! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
! *xmlSecNssBlockCipherCtxPtr;
struct _xmlSecNssBlockCipherCtx {
! CK_MECHANISM_TYPE cipher;
! PK11Context* cipherCtx;
! xmlSecKeyDataId keyId;
! int keyInitialized;
! int ctxInitialized;
! xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
! xmlSecSize keySize;
! xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
! xmlSecSize ivSize;
! };
! static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
! xmlSecBufferPtr in,
! xmlSecBufferPtr out,
! int encrypt,
! const xmlChar* cipherName,
! xmlSecTransformCtxPtr transformCtx);
! static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
! xmlSecBufferPtr in,
! xmlSecBufferPtr out,
! int encrypt,
! const xmlChar* cipherName,
! xmlSecTransformCtxPtr transformCtx);
! static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
! xmlSecBufferPtr in,
! xmlSecBufferPtr out,
! int encrypt,
! const xmlChar* cipherName,
! xmlSecTransformCtxPtr transformCtx);
! static int
! xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
! xmlSecBufferPtr in, xmlSecBufferPtr out,
! int encrypt,
! const xmlChar* cipherName,
! xmlSecTransformCtxPtr transformCtx) {
! SECItem keyItem;
! SECItem ivItem;
! PK11SlotInfo* slot;
! PK11SymKey* symKey;
! int ivLen;
! SECStatus rv;
! int ret;
!
! xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(ctx->cipher != 0, -1);
! xmlSecAssert2(ctx->cipherCtx == NULL, -1);
! xmlSecAssert2(ctx->keyInitialized != 0, -1);
! xmlSecAssert2(ctx->ctxInitialized == 0, -1);
! xmlSecAssert2(in != NULL, -1);
! xmlSecAssert2(out != NULL, -1);
! xmlSecAssert2(transformCtx != NULL, -1);
!
! ivLen = PK11_GetIVLength(ctx->cipher);
! xmlSecAssert2(ivLen > 0, -1);
! xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
!
! if(encrypt) {
! /* generate random iv */
! rv = PK11_GenerateRandom(ctx->iv, ivLen);
! if(rv != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "PK11_GenerateRandom",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "size=%d", ivLen);
! return(-1);
! }
!
! /* write iv to the output */
! ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "xmlSecBufferAppend",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", ivLen);
! return(-1);
! }
!
! } else {
! /* if we don't have enough data, exit and hope that
! * we'll have iv next time */
! if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
! return(0);
! }
!
! /* copy iv to our buffer*/
! xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
! memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
!
! /* and remove from input */
! ret = xmlSecBufferRemoveHead(in, ivLen);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "xmlSecBufferRemoveHead",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", ivLen);
! return(-1);
}
! }
! memset(&keyItem, 0, sizeof(keyItem));
! keyItem.data = ctx->key;
! keyItem.len = ctx->keySize;
! memset(&ivItem, 0, sizeof(ivItem));
! ivItem.data = ctx->iv;
! ivItem.len = ctx->ivSize;
!
! slot = PK11_GetBestSlot(ctx->cipher, NULL);
! if(slot == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "PK11_GetBestSlot",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
! CKA_SIGN, &keyItem, NULL);
! if(symKey == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "PK11_ImportSymKey",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! PK11_FreeSlot(slot);
! return(-1);
! }
! ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
! (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
! symKey, &ivItem);
! if(ctx->cipherCtx == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "PK11_CreateContextBySymKey",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! PK11_FreeSymKey(symKey);
! PK11_FreeSlot(slot);
! return(-1);
}
!
! ctx->ctxInitialized = 1;
! PK11_FreeSymKey(symKey);
! PK11_FreeSlot(slot);
! return(0);
}
! static int
! xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
! xmlSecBufferPtr in, xmlSecBufferPtr out,
! int encrypt,
! const xmlChar* cipherName,
! xmlSecTransformCtxPtr transformCtx) {
! xmlSecSize inSize, inBlocks, outSize;
! int blockLen;
! int outLen = 0;
! xmlSecByte* outBuf;
! SECStatus rv;
! int ret;
!
! xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(ctx->cipher != 0, -1);
! xmlSecAssert2(ctx->cipherCtx != NULL, -1);
! xmlSecAssert2(ctx->ctxInitialized != 0, -1);
! xmlSecAssert2(in != NULL, -1);
! xmlSecAssert2(out != NULL, -1);
! xmlSecAssert2(transformCtx != NULL, -1);
! blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
! xmlSecAssert2(blockLen > 0, -1);
! inSize = xmlSecBufferGetSize(in);
! outSize = xmlSecBufferGetSize(out);
!
! if(inSize < (xmlSecSize)blockLen) {
! return(0);
! }
! if(encrypt) {
! inBlocks = inSize / ((xmlSecSize)blockLen);
! } else {
! /* we want to have the last block in the input buffer
! * for padding check */
! inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
! }
! inSize = inBlocks * ((xmlSecSize)blockLen);
! /* we write out the input size plus may be one block */
! ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "xmlSecBufferSetMaxSize",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", outSize + inSize + blockLen);
! return(-1);
! }
! outBuf = xmlSecBufferGetData(out) + outSize;
!
! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
! xmlSecBufferGetData(in), inSize);
! if(rv != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "PK11_CipherOp",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
!
! /* set correct output buffer size */
! ret = xmlSecBufferSetSize(out, outSize + outLen);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "xmlSecBufferSetSize",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", outSize + outLen);
! return(-1);
! }
!
! /* remove the processed block from input */
! ret = xmlSecBufferRemoveHead(in, inSize);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "xmlSecBufferRemoveHead",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", inSize);
! return(-1);
! }
! return(0);
}
! static int
! xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
! xmlSecBufferPtr in,
! xmlSecBufferPtr out,
! int encrypt,
! const xmlChar* cipherName,
! xmlSecTransformCtxPtr transformCtx) {
! xmlSecSize inSize, outSize;
! int blockLen, outLen = 0;
! xmlSecByte* inBuf;
! xmlSecByte* outBuf;
! SECStatus rv;
! int ret;
!
! xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(ctx->cipher != 0, -1);
! xmlSecAssert2(ctx->cipherCtx != NULL, -1);
! xmlSecAssert2(ctx->ctxInitialized != 0, -1);
! xmlSecAssert2(in != NULL, -1);
! xmlSecAssert2(out != NULL, -1);
! xmlSecAssert2(transformCtx != NULL, -1);
!
! blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
! xmlSecAssert2(blockLen > 0, -1);
! inSize = xmlSecBufferGetSize(in);
! outSize = xmlSecBufferGetSize(out);
! if(encrypt != 0) {
! xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
!
! /* create padding */
! ret = xmlSecBufferSetMaxSize(in, blockLen);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "xmlSecBufferSetMaxSize",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", blockLen);
! return(-1);
! }
! inBuf = xmlSecBufferGetData(in);
!
! /* generate random padding */
! if((xmlSecSize)blockLen > (inSize + 1)) {
! rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
! if(rv != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "PK11_GenerateRandom",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "size=%d", blockLen - inSize - 1);
! return(-1);
! }
! }
! inBuf[blockLen - 1] = blockLen - inSize;
! inSize = blockLen;
! } else {
! if(inSize != (xmlSecSize)blockLen) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "data=%d;block=%d", inSize, blockLen);
! return(-1);
}
- }
-
- /* process last block */
- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 2 * blockLen);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
! xmlSecBufferGetData(in), inSize);
! if(rv != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "PK11_CipherOp",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
!
! if(encrypt == 0) {
! /* check padding */
! if(outLen < outBuf[blockLen - 1]) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "padding=%d;buffer=%d",
! outBuf[blockLen - 1], outLen);
! return(-1);
! }
! outLen -= outBuf[blockLen - 1];
! }
!
! /* set correct output buffer size */
! ret = xmlSecBufferSetSize(out, outSize + outLen);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "xmlSecBufferSetSize",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", outSize + outLen);
! return(-1);
! }
! /* remove the processed block from input */
! ret = xmlSecBufferRemoveHead(in, inSize);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(cipherName),
! "xmlSecBufferRemoveHead",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "size=%d", inSize);
! return(-1);
! }
! return(0);
}
!
! /******************************************************************************
! *
! * EVP Block Cipher transforms
*
! * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
*
! *****************************************************************************/
! #define xmlSecNssBlockCipherSize \
! (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
! #define xmlSecNssBlockCipherGetCtx(transform) \
! ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
!
! static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
! static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
! static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
! xmlSecKeyReqPtr keyReq);
! static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
! xmlSecKeyPtr key);
! static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
! int last,
! xmlSecTransformCtxPtr transformCtx);
! static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
!
static int
! xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
! #ifndef XMLSEC_NO_DES
! if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
! return(1);
! }
! #endif /* XMLSEC_NO_DES */
! #ifndef XMLSEC_NO_AES
! if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
! xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
! xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
!
! return(1);
! }
! #endif /* XMLSEC_NO_AES */
!
! return(0);
}
static int
! xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
! xmlSecNssBlockCipherCtxPtr ctx;
!
! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
! ctx = xmlSecNssBlockCipherGetCtx(transform);
! xmlSecAssert2(ctx != NULL, -1);
!
! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
! #ifndef XMLSEC_NO_DES
! if(transform->id == xmlSecNssTransformDes3CbcId) {
! ctx->cipher = CKM_DES3_CBC;
! ctx->keyId = xmlSecNssKeyDataDesId;
! ctx->keySize = 24;
! } else
! #endif /* XMLSEC_NO_DES */
!
! #ifndef XMLSEC_NO_AES
! if(transform->id == xmlSecNssTransformAes128CbcId) {
! ctx->cipher = CKM_AES_CBC;
! ctx->keyId = xmlSecNssKeyDataAesId;
! ctx->keySize = 16;
! } else if(transform->id == xmlSecNssTransformAes192CbcId) {
! ctx->cipher = CKM_AES_CBC;
! ctx->keyId = xmlSecNssKeyDataAesId;
! ctx->keySize = 24;
! } else if(transform->id == xmlSecNssTransformAes256CbcId) {
! ctx->cipher = CKM_AES_CBC;
! ctx->keyId = xmlSecNssKeyDataAesId;
! ctx->keySize = 32;
! } else
! #endif /* XMLSEC_NO_AES */
!
! if(1) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! NULL,
! XMLSEC_ERRORS_R_INVALID_TRANSFORM,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! return(0);
}
! static void
! xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
! xmlSecNssBlockCipherCtxPtr ctx;
! xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
! ctx = xmlSecNssBlockCipherGetCtx(transform);
! xmlSecAssert(ctx != NULL);
! if(ctx->cipherCtx != NULL) {
! PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
! }
!
! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
}
- static int
- xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecNssBlockCipherCtxPtr ctx;
- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
- xmlSecAssert2(keyReq != NULL, -1);
-
- ctx = xmlSecNssBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->keyId != NULL, -1);
-
- keyReq->keyId = ctx->keyId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
- } else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- }
- keyReq->keyBitsSize = 8 * ctx->keySize;
- return(0);
- }
static int
! xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
! xmlSecNssBlockCipherCtxPtr ctx;
! xmlSecBufferPtr buffer;
!
! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
! xmlSecAssert2(key != NULL, -1);
!
! ctx = xmlSecNssBlockCipherGetCtx(transform);
! xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(ctx->cipher != 0, -1);
! xmlSecAssert2(ctx->keyInitialized == 0, -1);
! xmlSecAssert2(ctx->keyId != NULL, -1);
! xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
!
! xmlSecAssert2(ctx->keySize > 0, -1);
! xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
!
! buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
! xmlSecAssert2(buffer != NULL, -1);
!
! if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! NULL,
! XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
! "keySize=%d;expected=%d",
! xmlSecBufferGetSize(buffer), ctx->keySize);
! return(-1);
! }
!
! xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
! memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
!
! ctx->keyInitialized = 1;
! return(0);
}
! static int
! xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
! xmlSecNssBlockCipherCtxPtr ctx;
! xmlSecBufferPtr in, out;
! int ret;
!
! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
! xmlSecAssert2(transformCtx != NULL, -1);
! in = &(transform->inBuf);
! out = &(transform->outBuf);
- ctx = xmlSecNssBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
! if(transform->status == xmlSecTransformStatusNone) {
! transform->status = xmlSecTransformStatusWorking;
! }
! if(transform->status == xmlSecTransformStatusWorking) {
! if(ctx->ctxInitialized == 0) {
! ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
! xmlSecTransformGetName(transform), transformCtx);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! "xmlSecNssBlockCipherCtxInit",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! }
! if((ctx->ctxInitialized == 0) && (last != 0)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "not enough data to initialize transform");
! return(-1);
! }
!
! if(ctx->ctxInitialized != 0) {
! ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
! xmlSecTransformGetName(transform), transformCtx);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! "xmlSecNssBlockCipherCtxUpdate",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! }
!
! if(last) {
! ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
! xmlSecTransformGetName(transform), transformCtx);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! "xmlSecNssBlockCipherCtxFinal",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! transform->status = xmlSecTransformStatusFinished;
! }
! } else if(transform->status == xmlSecTransformStatusFinished) {
! /* the only way we can get here is if there is no input */
! xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
! } else if(transform->status == xmlSecTransformStatusNone) {
! /* the only way we can get here is if there is no enough data in the input */
! xmlSecAssert2(last == 0, -1);
! } else {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! NULL,
! XMLSEC_ERRORS_R_INVALID_STATUS,
! "status=%d", transform->status);
! return(-1);
! }
!
! return(0);
! }
! #ifndef XMLSEC_NO_AES
! /*********************************************************************
! *
! * AES CBC cipher transforms
! *
! ********************************************************************/
! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
!
! xmlSecNameAes128Cbc, /* const xmlChar* name; */
! xmlSecHrefAes128Cbc, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
! /**
! * xmlSecNssTransformAes128CbcGetKlass:
! *
! * AES 128 CBC encryption transform klass.
! *
! * Returns pointer to AES 128 CBC encryption transform.
! */
! xmlSecTransformId
! xmlSecNssTransformAes128CbcGetKlass(void) {
! return(&xmlSecNssAes128CbcKlass);
! }
! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
!
! xmlSecNameAes192Cbc, /* const xmlChar* name; */
! xmlSecHrefAes192Cbc, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
/**
! * xmlSecNssTransformAes192CbcGetKlass:
! *
! * AES 192 CBC encryption transform klass.
! *
! * Returns pointer to AES 192 CBC encryption transform.
! */
! xmlSecTransformId
! xmlSecNssTransformAes192CbcGetKlass(void) {
! return(&xmlSecNssAes192CbcKlass);
}
- static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes256Cbc, /* const xmlChar* name; */
- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
- };
-
/**
! * xmlSecNssTransformAes256CbcGetKlass:
! *
! * AES 256 CBC encryption transform klass.
! *
! * Returns pointer to AES 256 CBC encryption transform.
! */
! xmlSecTransformId
! xmlSecNssTransformAes256CbcGetKlass(void) {
! return(&xmlSecNssAes256CbcKlass);
}
! #endif /* XMLSEC_NO_AES */
!
! #ifndef XMLSEC_NO_DES
! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
!
! xmlSecNameDes3Cbc, /* const xmlChar* name; */
! xmlSecHrefDes3Cbc, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
! /**
! * xmlSecNssTransformDes3CbcGetKlass:
*
! * Triple DES CBC encryption transform klass.
! *
! * Returns pointer to Triple DES encryption transform.
*/
! xmlSecTransformId
! xmlSecNssTransformDes3CbcGetKlass(void) {
! return(&xmlSecNssDes3CbcKlass);
}
! #endif /* XMLSEC_NO_DES */
--- 1,951 ----
! /* -- C Source File -- **/
#include "globals.h"
+ #include <stdlib.h>
#include <string.h>
#include <nss.h>
#include <pk11func.h>
#include <xmlsec/xmlsec.h>
+ #include <xmlsec/xmltree.h>
+ #include <xmlsec/base64.h>
#include <xmlsec/keys.h>
+ #include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
#include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/ciphers.h>
! /**
! * Internal Nss Block Cipher Context
*
! * This context is designed for repositing a block cipher for transform
! */
! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
! typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
!
struct _xmlSecNssBlockCipherCtx {
! CK_MECHANISM_TYPE cipher ;
! PK11SymKey* symkey ;
! PK11Context* cipherCtx ;
! xmlSecKeyDataId keyId ;
! } ;
!
! #define xmlSecNssBlockCipherSize \
! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
!
! #define xmlSecNssBlockCipherGetCtx( transform ) \
! ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
!
! static int
! xmlSecNssBlockCipherCheckId(
! xmlSecTransformPtr transform
! ) {
! #ifndef XMLSEC_NO_DES
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
! return 1 ;
}
! #endif /* XMLSEC_NO_DES */
! #ifndef XMLSEC_NO_AES
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
! xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
! xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
! return 1 ;
}
! #endif /* XMLSEC_NO_AES */
!
! return 0 ;
}
! static int
! xmlSecNssBlockCipherFetchCtx(
! xmlSecNssBlockCipherCtxPtr context ,
! xmlSecTransformId id
! ) {
! xmlSecAssert2( context != NULL, -1 ) ;
!
! #ifndef XMLSEC_NO_DES
! if( id == xmlSecNssTransformDes3CbcId ) {
! context->cipher = CKM_DES3_CBC ;
! context->keyId = xmlSecNssKeyDataDesId ;
! } else
! #endif /* XMLSEC_NO_DES */
!
! #ifndef XMLSEC_NO_AES
! if( id == xmlSecNssTransformAes128CbcId ) {
! context->cipher = CKM_AES_CBC ;
! context->keyId = xmlSecNssKeyDataAesId ;
! } else
! if( id == xmlSecNssTransformAes192CbcId ) {
! context->cipher = CKM_AES_CBC ;
! context->keyId = xmlSecNssKeyDataAesId ;
! } else
! if( id == xmlSecNssTransformAes256CbcId ) {
! context->cipher = CKM_AES_CBC ;
! context->keyId = xmlSecNssKeyDataAesId ;
! } else
! #endif /* XMLSEC_NO_AES */
!
! if( 1 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! return 0 ;
! }
! /**
! * xmlSecTransformInitializeMethod:
! * @transform: the pointer to transform object.
! *
! * The transform specific initialization method.
! *
! * Returns 0 on success or a negative value otherwise.
! */
! static int
! xmlSecNssBlockCipherInitialize(
! xmlSecTransformPtr transform
! ) {
! xmlSecNssBlockCipherCtxPtr context = NULL ;
!
! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
!
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherFetchCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! context->symkey = NULL ;
! context->cipherCtx = NULL ;
! return 0 ;
}
! /**
! * xmlSecTransformFinalizeMethod:
! * @transform: the pointer to transform object.
! *
! * The transform specific destroy method.
! */
! static void
! xmlSecNssBlockCipherFinalize(
! xmlSecTransformPtr transform
! ) {
! xmlSecNssBlockCipherCtxPtr context = NULL ;
! xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
! xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return ;
}
! if( context->cipherCtx != NULL ) {
! PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
! context->cipherCtx = NULL ;
! }
! if( context->symkey != NULL ) {
! PK11_FreeSymKey( context->symkey ) ;
! context->symkey = NULL ;
! }
! context->cipher = CKM_INVALID_MECHANISM ;
! context->keyId = NULL ;
}
! /**
! * xmlSecTransformSetKeyRequirementsMethod:
! * @transform: the pointer to transform object.
! * @keyReq: the pointer to key requirements structure.
*
! * Transform specific method to set transform's key requirements.
*
! * Returns 0 on success or a negative value otherwise.
! */
! static int
! xmlSecNssBlockCipherSetKeyReq(
! xmlSecTransformPtr transform ,
! xmlSecKeyReqPtr keyReq
! ) {
! xmlSecNssBlockCipherCtxPtr context = NULL ;
! xmlSecSize cipherSize = 0 ;
!
! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
! xmlSecAssert2( keyReq != NULL , -1 ) ;
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
!
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! keyReq->keyId = context->keyId ;
! keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
!
! if( transform->operation == xmlSecTransformOperationEncrypt ) {
! keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
! } else {
! keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
! }
!
! /*
! if( context->symkey != NULL )
! cipherSize = PK11_GetKeyLength( context->symkey ) ;
!
! keyReq->keyBitsSize = cipherSize * 8 ;
! */
+ return 0 ;
+ }
+ /**
+ * xmlSecTransformSetKeyMethod:
+ * @transform: the pointer to transform object.
+ * @key: the pointer to key.
+ *
+ * The transform specific method to set the key for use.
+ *
+ * Returns 0 on success or a negative value otherwise.
+ */
static int
! xmlSecNssBlockCipherSetKey(
! xmlSecTransformPtr transform ,
! xmlSecKeyPtr key
! ) {
! xmlSecNssBlockCipherCtxPtr context = NULL ;
! xmlSecKeyDataPtr keyData = NULL ;
! PK11SymKey* symkey = NULL ;
! CK_ATTRIBUTE_TYPE operation ;
! int ivLen ;
!
! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
! xmlSecAssert2( key != NULL , -1 ) ;
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
!
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
!
! keyData = xmlSecKeyGetValue( key ) ;
! if( keyData == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
! "xmlSecKeyGetValue" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
! "xmlSecNssSymKeyDataGetKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! context->symkey = symkey ;
!
! return 0 ;
}
+ /**
+ * Block cipher transform init
+ */
static int
! xmlSecNssBlockCipherCtxInit(
! xmlSecNssBlockCipherCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! const xmlChar* cipherName ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! SECItem ivItem ;
! SECItem* secParam = NULL ;
! xmlSecBufferPtr ivBuf = NULL ;
! int ivLen ;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! ivLen = PK11_GetIVLength( ctx->cipher ) ;
! if( ivLen < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_GetIVLength" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferCreate" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( encrypt ) {
! if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "PK11_GenerateRandom" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy( ivBuf ) ;
! return -1 ;
! }
! if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferSetSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy( ivBuf ) ;
! return -1 ;
! }
!
! if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferAppend" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy( ivBuf ) ;
! return -1 ;
! }
! } else {
! if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferSetData" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy( ivBuf ) ;
! return -1 ;
! }
!
! if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy( ivBuf ) ;
! return -1 ;
! }
! }
!
! ivItem.data = xmlSecBufferGetData( ivBuf ) ;
! ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "PK11_ParamFromIV" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy( ivBuf ) ;
! return -1 ;
! }
!
! ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
! if( ctx->cipherCtx == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! SECITEM_FreeItem( secParam , PR_TRUE ) ;
! xmlSecBufferDestroy( ivBuf ) ;
! return -1 ;
! }
! SECITEM_FreeItem( secParam , PR_TRUE ) ;
! xmlSecBufferDestroy( ivBuf ) ;
! return 0 ;
}
! /**
! * Block cipher transform update
! */
! static int
! xmlSecNssBlockCipherCtxUpdate(
! xmlSecNssBlockCipherCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! const xmlChar* cipherName ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! xmlSecSize inSize ;
! xmlSecSize outSize ;
! xmlSecSize inBlocks ;
! int blockSize ;
! int outLen ;
! xmlSecByte* outBuf ;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "PK11_GetBlockSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! inSize = xmlSecBufferGetSize( in ) ;
! outSize = xmlSecBufferGetSize( out ) ;
!
! inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
! inSize = inBlocks * blockSize ;
!
! if( inSize < blockSize ) {
! return 0 ;
! }
!
! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferSetMaxSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! outBuf = xmlSecBufferGetData( out ) + outSize ;
!
! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "PK11_CipherOp" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferSetSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! return 0 ;
! }
! /**
! * Block cipher transform final
! */
! static int
! xmlSecNssBlockCipherCtxFinal(
! xmlSecNssBlockCipherCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! const xmlChar* cipherName ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! xmlSecSize inSize ;
! xmlSecSize outSize ;
! int blockSize ;
! int outLen ;
! xmlSecByte* inBuf ;
! xmlSecByte* outBuf ;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "PK11_GetBlockSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! inSize = xmlSecBufferGetSize( in ) ;
! outSize = xmlSecBufferGetSize( out ) ;
!
! /******************************************************************/
! if( encrypt != 0 ) {
! xmlSecAssert2( inSize < blockSize, -1 ) ;
!
! /* create padding */
! if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferSetMaxSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! inBuf = xmlSecBufferGetData( in ) ;
!
! /* generate random */
! if( blockSize > ( inSize + 1 ) ) {
! if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "PK11_GenerateRandom" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! }
!
! inBuf[blockSize-1] = blockSize - inSize ;
! inSize = blockSize ;
! } else {
! if( inSize != blockSize ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! NULL ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! }
!
! /* process the last block */
! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferSetMaxSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! outBuf = xmlSecBufferGetData( out ) + outSize ;
!
! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "PK11_CipherOp" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( encrypt == 0 ) {
! /* check padding */
! if( outLen < outBuf[blockSize-1] ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! NULL ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! outLen -= outBuf[blockSize-1] ;
! }
! /******************************************************************/
!
! /******************************************************************
! if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferSetMaxSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! outBuf = xmlSecBufferGetData( out ) + outSize ;
!
! if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "PK11_DigestFinal" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! ******************************************************************/
!
! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferSetSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( cipherName ) ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! // PK11_Finalize( ctx->cipherCtx ) ;
! PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ;
! ctx->cipherCtx = NULL ;
! return 0 ;
}
+ /**
+ * xmlSecTransformExecuteMethod:
+ * @transform: the pointer to transform object.
+ * @last: the flag: if set to 1 then it's the last data chunk.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Transform specific method to process a chunk of data.
+ *
+ * Returns 0 on success or a negative value otherwise.
+ */
static int
! xmlSecNssBlockCipherExecute(
! xmlSecTransformPtr transform ,
! int last ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! xmlSecNssBlockCipherCtxPtr context = NULL ;
! xmlSecBufferPtr inBuf = NULL ;
! xmlSecBufferPtr outBuf = NULL ;
! const xmlChar* cipherName ;
! int operation ;
! int rtv ;
!
! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! inBuf = &( transform->inBuf ) ;
! outBuf = &( transform->outBuf ) ;
!
! if( transform->status == xmlSecTransformStatusNone ) {
! transform->status = xmlSecTransformStatusWorking ;
! }
!
! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
! cipherName = xmlSecTransformGetName( transform ) ;
!
! if( transform->status == xmlSecTransformStatusWorking ) {
! if( context->cipherCtx == NULL ) {
! rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherCtxInit" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! }
!
! if( context->cipherCtx == NULL && last != 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "No enough data to intialize transform" ) ;
! return -1 ;
! }
!
! if( context->cipherCtx != NULL ) {
! rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherCtxUpdate" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! }
!
! if( last ) {
! rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssBlockCipherCtxFinal" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! transform->status = xmlSecTransformStatusFinished ;
! }
! } else if( transform->status == xmlSecTransformStatusFinished ) {
! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "status=%d", transform->status ) ;
! return -1 ;
! }
! } else {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "status=%d", transform->status ) ;
! return -1 ;
! }
!
! return 0 ;
}
! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
! sizeof( xmlSecTransformKlass ) ,
! xmlSecNssBlockCipherSize ,
! xmlSecNameAes128Cbc ,
! xmlSecHrefAes128Cbc ,
! xmlSecTransformUsageEncryptionMethod ,
!
! xmlSecNssBlockCipherInitialize ,
! xmlSecNssBlockCipherFinalize ,
! NULL ,
! NULL ,
!
! xmlSecNssBlockCipherSetKeyReq ,
! xmlSecNssBlockCipherSetKey ,
! NULL ,
! xmlSecTransformDefaultGetDataType ,
!
! xmlSecTransformDefaultPushBin ,
! xmlSecTransformDefaultPopBin ,
! NULL ,
! NULL ,
! xmlSecNssBlockCipherExecute ,
!
! NULL ,
! NULL
! } ;
! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
! sizeof( xmlSecTransformKlass ) ,
! xmlSecNssBlockCipherSize ,
! xmlSecNameAes192Cbc ,
! xmlSecHrefAes192Cbc ,
! xmlSecTransformUsageEncryptionMethod ,
!
! xmlSecNssBlockCipherInitialize ,
! xmlSecNssBlockCipherFinalize ,
! NULL ,
! NULL ,
!
! xmlSecNssBlockCipherSetKeyReq ,
! xmlSecNssBlockCipherSetKey ,
! NULL ,
! xmlSecTransformDefaultGetDataType ,
!
! xmlSecTransformDefaultPushBin ,
! xmlSecTransformDefaultPopBin ,
! NULL ,
! NULL ,
! xmlSecNssBlockCipherExecute ,
!
! NULL ,
! NULL
! } ;
! static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
! sizeof( xmlSecTransformKlass ) ,
! xmlSecNssBlockCipherSize ,
! xmlSecNameAes256Cbc ,
! xmlSecHrefAes256Cbc ,
! xmlSecTransformUsageEncryptionMethod ,
!
! xmlSecNssBlockCipherInitialize ,
! xmlSecNssBlockCipherFinalize ,
! NULL ,
! NULL ,
!
! xmlSecNssBlockCipherSetKeyReq ,
! xmlSecNssBlockCipherSetKey ,
! NULL ,
! xmlSecTransformDefaultGetDataType ,
!
! xmlSecTransformDefaultPushBin ,
! xmlSecTransformDefaultPopBin ,
! NULL ,
! NULL ,
! xmlSecNssBlockCipherExecute ,
!
! NULL ,
! NULL
! } ;
! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
! sizeof( xmlSecTransformKlass ) ,
! xmlSecNssBlockCipherSize ,
!
! xmlSecNameDes3Cbc ,
! xmlSecHrefDes3Cbc ,
! xmlSecTransformUsageEncryptionMethod ,
!
! xmlSecNssBlockCipherInitialize ,
! xmlSecNssBlockCipherFinalize ,
! NULL ,
! NULL ,
!
! xmlSecNssBlockCipherSetKeyReq ,
! xmlSecNssBlockCipherSetKey ,
! NULL ,
! xmlSecTransformDefaultGetDataType ,
!
! xmlSecTransformDefaultPushBin ,
! xmlSecTransformDefaultPopBin ,
! NULL ,
! NULL ,
! xmlSecNssBlockCipherExecute ,
!
! NULL ,
! NULL
! } ;
/**
! * xmlSecNssTransformAes128CbcGetKlass
! *
! * Get the AES128_CBC transform klass
! *
! * Return AES128_CBC transform klass
! */
! xmlSecTransformId
! xmlSecNssTransformAes128CbcGetKlass( void ) {
! return ( &xmlSecNssAes128CbcKlass ) ;
}
/**
! * xmlSecNssTransformAes192CbcGetKlass
! *
! * Get the AES192_CBC transform klass
! *
! * Return AES192_CBC transform klass
! */
! xmlSecTransformId
! xmlSecNssTransformAes192CbcGetKlass( void ) {
! return ( &xmlSecNssAes192CbcKlass ) ;
}
! /**
! * xmlSecNssTransformAes256CbcGetKlass
! *
! * Get the AES256_CBC transform klass
! *
! * Return AES256_CBC transform klass
! */
! xmlSecTransformId
! xmlSecNssTransformAes256CbcGetKlass( void ) {
! return ( &xmlSecNssAes256CbcKlass ) ;
! }
! /**
! * xmlSecNssTransformDes3CbcGetKlass
*
! * Get the DES3_CBC transform klass
! *
! * Return DES3_CBC transform klass
*/
! xmlSecTransformId
! xmlSecNssTransformDes3CbcGetKlass( void ) {
! return ( &xmlSecNssDes3CbcKlass ) ;
}
!
*** misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 16:57:25.000000000 +0100
--- misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2005-05-09 19:54:13.204629905 +0200
***************
*** 130,135 ****
--- 130,136 ----
/**
* High level routines form xmlsec command line utility
*/
+ /*
gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
***************
*** 143,152 ****
gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
! #endif /* XMLSEC_NO_X509 */
gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback;
return(gXmlSecNssFunctions);
}
--- 144,172 ----
gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
! #endif
gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback;
+ */
+
+ gXmlSecNssFunctions->cryptoAppInit = NULL ;
+ gXmlSecNssFunctions->cryptoAppShutdown = NULL ;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ;
+ #ifndef XMLSEC_NO_X509
+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ;
+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ;
+ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ;
+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ;
+ #endif /* XMLSEC_NO_X509 */
+ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ;
+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ;
+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ;
return(gXmlSecNssFunctions);
}
*** misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 02:58:15.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/digests.c 2005-05-09 19:54:13.205629821 +0200
***************
*** 21,27 ****
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
- #include <xmlsec/nss/app.h>
#include <xmlsec/nss/crypto.h>
#define XMLSEC_NSS_MAX_DIGEST_SIZE 32
--- 21,26 ----
***************
*** 107,113 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SECOID_FindOIDByTag",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
--- 106,112 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SECOID_FindOIDByTag",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
***************
*** 117,123 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_CreateDigestContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
--- 116,122 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_CreateDigestContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
***************
*** 208,214 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestBegin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
transform->status = xmlSecTransformStatusWorking;
--- 207,213 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestBegin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
transform->status = xmlSecTransformStatusWorking;
***************
*** 225,231 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestOp",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
--- 224,230 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestOp",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
***************
*** 246,252 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestFinal",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
xmlSecAssert2(ctx->dgstSize > 0, -1);
--- 245,251 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestFinal",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
xmlSecAssert2(ctx->dgstSize > 0, -1);
*** misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 02:58:15.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2005-05-09 19:54:13.206629736 +0200
***************
*** 23,30 ****
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
- #include <xmlsec/nss/app.h>
#include <xmlsec/nss/crypto.h>
#define XMLSEC_NSS_MAX_HMAC_SIZE 128
--- 23,30 ----
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
#include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/tokens.h>
#define XMLSEC_NSS_MAX_HMAC_SIZE 128
***************
*** 241,253 ****
keyItem.data = xmlSecBufferGetData(buffer);
keyItem.len = xmlSecBufferGetSize(buffer);
! slot = PK11_GetBestSlot(ctx->digestType, NULL);
if(slot == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! "PK11_GetBestSlot",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
--- 241,253 ----
keyItem.data = xmlSecBufferGetData(buffer);
keyItem.len = xmlSecBufferGetSize(buffer);
! slot = xmlSecNssSlotGet(ctx->digestType);
if(slot == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! "xmlSecNssSlotGet",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
***************
*** 258,264 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_ImportSymKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
PK11_FreeSlot(slot);
return(-1);
}
--- 258,264 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_ImportSymKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
PK11_FreeSlot(slot);
return(-1);
}
***************
*** 269,275 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_CreateContextBySymKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
PK11_FreeSymKey(symKey);
PK11_FreeSlot(slot);
return(-1);
--- 269,275 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_CreateContextBySymKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
PK11_FreeSymKey(symKey);
PK11_FreeSlot(slot);
return(-1);
***************
*** 368,374 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestBegin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
transform->status = xmlSecTransformStatusWorking;
--- 368,374 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestBegin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
transform->status = xmlSecTransformStatusWorking;
***************
*** 385,391 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestOp",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
--- 385,391 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestOp",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
***************
*** 408,414 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestFinal",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
xmlSecAssert2(dgstSize > 0, -1);
--- 408,414 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestFinal",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
xmlSecAssert2(dgstSize > 0, -1);
*** misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 02:58:15.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2005-05-09 19:54:13.209629483 +0200
***************
*** 1,119 ****
/**
* XMLSec library
*
- * Nss keys store that uses Simple Keys Store under the hood. Uses the
- * Nss DB as a backing store for the finding keys, but the NSS DB is
- * not written to by the keys store.
- * So, if store->findkey is done and the key is not found in the simple
- * keys store, the NSS DB is looked up.
- * If store is called to adopt a key, that key is not written to the NSS
- * DB.
- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
- * source of keys for xmlsec
- *
* This is free software; see Copyright file in the source
* distribution for precise wording.
*
! * Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
- #include "globals.h"
! #include <stdlib.h>
#include <string.h>
! #include <nss.h>
! #include <cert.h>
! #include <pk11func.h>
! #include <keyhi.h>
- #include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
! #include <xmlsec/buffer.h>
! #include <xmlsec/base64.h>
! #include <xmlsec/errors.h>
! #include <xmlsec/xmltree.h>
!
#include <xmlsec/keysmngr.h>
#include <xmlsec/nss/crypto.h>
#include <xmlsec/nss/keysstore.h>
! #include <xmlsec/nss/x509.h>
#include <xmlsec/nss/pkikeys.h>
! /****************************************************************************
*
! * Nss Keys Store. Uses Simple Keys Store under the hood
! *
! * Simple Keys Store ptr is located after xmlSecKeyStore
*
! ***************************************************************************/
! #define xmlSecNssKeysStoreSize \
! (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
!
! #define xmlSecNssKeysStoreGetSS(store) \
! ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
! (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
! (xmlSecKeyStorePtr*)NULL)
!
! static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
! static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
! static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
! const xmlChar* name,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
! sizeof(xmlSecKeyStoreKlass),
! xmlSecNssKeysStoreSize,
! /* data */
! BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
!
! /* constructors/destructor */
! xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
! xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
! xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
!
! /* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
! /**
! * xmlSecNssKeysStoreGetKlass:
! *
! * The Nss list based keys store klass.
*
! * Returns Nss list based keys store klass.
*/
! xmlSecKeyStoreId
! xmlSecNssKeysStoreGetKlass(void) {
! return(&xmlSecNssKeysStoreKlass);
}
! /**
! * xmlSecNssKeysStoreAdoptKey:
! * @store: the pointer to Nss keys store.
! * @key: the pointer to key.
! *
! * Adds @key to the @store.
*
! * Returns 0 on success or a negative value if an error occurs.
*/
! int
! xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
! xmlSecKeyStorePtr *ss;
!
! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
! xmlSecAssert2((key != NULL), -1);
! ss = xmlSecNssKeysStoreGetSS(store);
! xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
! return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
}
/**
* xmlSecNssKeysStoreLoad:
* @store: the pointer to Nss keys store.
--- 1,518 ----
/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for precise wording.
*
! * Copyright................................
*/
! /**
! * NSS key store uses a key list and a slot list as the key repository. NSS slot
! * list is a backup repository for the finding keys. If a key is not found from
! * the key list, the NSS slot list is looked up.
! *
! * Any key in the key list will not save to pkcs11 slot. When a store to called
! * to adopt a key, the key is resident in the key list; While a store to called
! * to set a is resident in the key list; While a store to called to set a slot
! * list, which means that the keys in the listed slot can be used for xml sign-
! * nature or encryption.
! *
! * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
! *
! * The framework will decrease the user interfaces to administrate xmlSec crypto
! * engine. He can only focus on NSS layer functions. For examples, after the
! * user set up a slot list handler to the keys store, he do not need to do any
! * other work atop xmlSec interfaces, his action on the slot list handler, such
! * as add a token to, delete a token from the list, will directly effect the key
! * store behaviors.
! *
! * For example, a scenariio:
! * 0. Create a slot list;( NSS interfaces )
! * 1. Create a keys store;( xmlSec interfaces )
! * 2. Set slot list with the keys store;( xmlSec Interfaces )
! * 3. Add a slot to the slot list;( NSS interfaces )
! * 4. Perform xml signature; ( xmlSec Interfaces )
! * 5. Deleter a slot from the slot list;( NSS interfaces )
! * 6. Perform xml encryption; ( xmlSec Interfaces )
! * 7. Perform xml signature;( xmlSec Interfaces )
! * 8. Destroy the keys store;( xmlSec Interfaces )
! * 8. Destroy the slot list.( NSS Interfaces )
! */
!
! #include "globals.h"
#include <string.h>
! #include <nss.h>
! #include <pk11func.h>
! #include <prinit.h>
! #include <keyhi.h>
#include <xmlsec/xmlsec.h>
! #include <xmlsec/keys.h>
#include <xmlsec/keysmngr.h>
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/xmltree.h>
+ #include <xmlsec/errors.h>
#include <xmlsec/nss/crypto.h>
#include <xmlsec/nss/keysstore.h>
! #include <xmlsec/nss/tokens.h>
! #include <xmlsec/nss/ciphers.h>
#include <xmlsec/nss/pkikeys.h>
! /**
! * Internal NSS key store context
*
! * This context is located after xmlSecKeyStore
! */
! typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
! typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
!
! struct _xmlSecNssKeysStoreCtx {
! xmlSecPtrListPtr keyList ;
! xmlSecPtrListPtr slotList ;
! } ;
!
! #define xmlSecNssKeysStoreSize \
! ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
!
! #define xmlSecNssKeysStoreGetCtx( data ) \
! ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
!
! int xmlSecNssKeysStoreAdoptKeySlot(
! xmlSecKeyStorePtr store ,
! xmlSecNssKeySlotPtr keySlot
! ) {
! xmlSecNssKeysStoreCtxPtr context = NULL ;
!
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
!
! context = xmlSecNssKeysStoreGetCtx( store ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecNssKeysStoreGetCtx" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( context->slotList == NULL ) {
! if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecPtrListCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! }
!
! if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecPtrListCheckId" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecPtrListAdd" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! return 0 ;
! }
!
! int xmlSecNssKeysStoreAdoptKey(
! xmlSecKeyStorePtr store ,
! xmlSecKeyPtr key
! ) {
! xmlSecNssKeysStoreCtxPtr context = NULL ;
!
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
!
! context = xmlSecNssKeysStoreGetCtx( store ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecNssKeysStoreGetCtx" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( context->keyList == NULL ) {
! if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecPtrListCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! }
!
! if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecPtrListCheckId" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecPtrListAdd" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
!
! return 0 ;
! }
!
! /**
! * xmlSecKeyStoreInitializeMethod:
! * @store: the store.
*
! * Keys store specific initialization method.
! *
! * Returns 0 on success or a negative value if an error occurs.
! */
! static int
! xmlSecNssKeysStoreInitialize(
! xmlSecKeyStorePtr store
! ) {
! xmlSecNssKeysStoreCtxPtr context = NULL ;
!
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
!
! context = xmlSecNssKeysStoreGetCtx( store ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecNssKeysStoreGetCtx" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! context->keyList = NULL ;
! context->slotList = NULL ;
! return 0 ;
! }
! /**
! * xmlSecKeyStoreFinalizeMethod:
! * @store: the store.
*
! * Keys store specific finalization (destroy) method.
*/
! void
! xmlSecNssKeysStoreFinalize(
! xmlSecKeyStorePtr store
! ) {
! xmlSecNssKeysStoreCtxPtr context = NULL ;
!
! xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
! xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
!
! context = xmlSecNssKeysStoreGetCtx( store ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecNssKeysStoreGetCtx" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return ;
! }
!
! if( context->keyList != NULL ) {
! xmlSecPtrListDestroy( context->keyList ) ;
! context->keyList = NULL ;
! }
!
! if( context->slotList != NULL ) {
! xmlSecPtrListDestroy( context->slotList ) ;
! context->slotList = NULL ;
! }
}
! xmlSecKeyPtr
! xmlSecNssKeysStoreFindKeyFromSlot(
! PK11SlotInfo* slot,
! const xmlChar* name,
! xmlSecKeyInfoCtxPtr keyInfoCtx
! ) {
! xmlSecKeyPtr key = NULL ;
! xmlSecKeyDataPtr data = NULL ;
! int length ;
!
! xmlSecAssert2( slot != NULL , NULL ) ;
! xmlSecAssert2( name != NULL , NULL ) ;
! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
!
! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
! PK11SymKey* symKey ;
! PK11SymKey* curKey ;
!
! /* Find symmetric key from the slot by name */
! symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
! for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
! /* Check the key request */
! length = PK11_GetKeyLength( curKey ) ;
! length *= 8 ;
! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
! ( length > 0 ) &&
! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
! continue ;
!
! /* We find a eligible key */
! data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
! if( data == NULL ) {
! /* Do nothing */
! }
! break ;
! }
!
! /* Destroy the sym key list */
! for( curKey = symKey ; curKey != NULL ; ) {
! symKey = curKey ;
! curKey = PK11_GetNextSymKey( symKey ) ;
! PK11_FreeSymKey( symKey ) ;
! }
! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
! SECKEYPublicKeyList* pubKeyList ;
! SECKEYPublicKey* pubKey ;
! SECKEYPublicKeyListNode* curPub ;
!
! /* Find asymmetric key from the slot by name */
! pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
! pubKey = NULL ;
! curPub = PUBKEY_LIST_HEAD(pubKeyList);
! for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
! /* Check the key request */
! length = SECKEY_PublicKeyStrength( curPub->key ) ;
! length *= 8 ;
! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
! ( length > 0 ) &&
! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
! continue ;
!
! /* We find a eligible key */
! pubKey = curPub->key ;
! break ;
! }
!
! if( pubKey != NULL ) {
! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
! if( data == NULL ) {
! /* Do nothing */
! }
! }
!
! /* Destroy the public key list */
! SECKEY_DestroyPublicKeyList( pubKeyList ) ;
! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
! SECKEYPrivateKeyList* priKeyList = NULL ;
! SECKEYPrivateKey* priKey = NULL ;
! SECKEYPrivateKeyListNode* curPri ;
!
! /* Find asymmetric key from the slot by name */
! priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
! priKey = NULL ;
! curPri = PRIVKEY_LIST_HEAD(priKeyList);
! for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
! /* Check the key request */
! length = PK11_SignatureLen( curPri->key ) ;
! length *= 8 ;
! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
! ( length > 0 ) &&
! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
! continue ;
!
! /* We find a eligible key */
! priKey = curPri->key ;
! break ;
! }
!
! if( priKey != NULL ) {
! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
! if( data == NULL ) {
! /* Do nothing */
! }
! }
!
! /* Destroy the private key list */
! SECKEY_DestroyPrivateKeyList( priKeyList ) ;
! }
!
! /* If we have gotten the key value */
! if( data != NULL ) {
! if( ( key = xmlSecKeyCreate() ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeyCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyDataDestroy( data ) ;
! return NULL ;
! }
!
! if( xmlSecKeySetValue( key , data ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecKeySetValue" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecKeyDestroy( key ) ;
! xmlSecKeyDataDestroy( data ) ;
! return NULL ;
! }
! }
!
! return(key);
! }
!
! /**
! * xmlSecKeyStoreFindKeyMethod:
! * @store: the store.
! * @name: the desired key name.
! * @keyInfoCtx: the pointer to key info context.
*
! * Keys store specific find method. The caller is responsible for destroying
! * the returned key using #xmlSecKeyDestroy method.
! *
! * Returns the pointer to a key or NULL if key is not found or an error occurs.
*/
! static xmlSecKeyPtr
! xmlSecNssKeysStoreFindKey(
! xmlSecKeyStorePtr store ,
! const xmlChar* name ,
! xmlSecKeyInfoCtxPtr keyInfoCtx
! ) {
! xmlSecNssKeysStoreCtxPtr context = NULL ;
! xmlSecKeyPtr key = NULL ;
! xmlSecNssKeySlotPtr keySlot = NULL ;
! xmlSecSize pos ;
! xmlSecSize size ;
!
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
!
! context = xmlSecNssKeysStoreGetCtx( store ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecNssKeysStoreGetCtx" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return NULL ;
! }
!
! /*-
! * Look for key at keyList at first.
! */
! if( context->keyList != NULL ) {
! size = xmlSecPtrListGetSize( context->keyList ) ;
! for( pos = 0 ; pos < size ; pos ++ ) {
! key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
! if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
! return xmlSecKeyDuplicate( key ) ;
! }
! }
! }
!
! /*-
! * Find the key from slotList
! */
! if( context->slotList != NULL ) {
! PK11SlotInfo* slot = NULL ;
!
! size = xmlSecPtrListGetSize( context->slotList ) ;
! for( pos = 0 ; pos < size ; pos ++ ) {
! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
! if( slot == NULL ) {
! continue ;
! } else {
! key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
! if( key == NULL ) {
! continue ;
! } else {
! return( key ) ;
! }
! }
! }
! }
!
! /*-
! * Create a session key if we can not find the key from keyList and slotList
! */
! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
! key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
! if( key == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
! "xmlSecKeySetValue" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return NULL ;
! }
!
! return key ;
! }
!
! /**
! * We have no way to find the key any more.
! */
! return NULL ;
! }
! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
! sizeof( xmlSecKeyStoreKlass ) ,
! xmlSecNssKeysStoreSize ,
! BAD_CAST "implicit_nss_keys_store" ,
! xmlSecNssKeysStoreInitialize ,
! xmlSecNssKeysStoreFinalize ,
! xmlSecNssKeysStoreFindKey ,
! NULL ,
! NULL
! } ;
! /**
! * xmlSecNssKeysStoreGetKlass:
! *
! * The simple list based keys store klass.
! *
! * Returns simple list based keys store klass.
! */
! xmlSecKeyStoreId
! xmlSecNssKeysStoreGetKlass( void ) {
! return &xmlSecNssKeysStoreKlass ;
}
+
+ /**************************
+ * Application routines
+ */
/**
* xmlSecNssKeysStoreLoad:
* @store: the pointer to Nss keys store.
***************
*** 125,132 ****
* Returns 0 on success or a negative value if an error occurs.
*/
int
! xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
! xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
--- 524,534 ----
* Returns 0 on success or a negative value if an error occurs.
*/
int
! xmlSecNssKeysStoreLoad(
! xmlSecKeyStorePtr store,
! const char *uri,
! xmlSecKeysMngrPtr keysMngr
! ) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
***************
*** 252,505 ****
*/
int
xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
! xmlSecKeyStorePtr *ss;
!
! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
! xmlSecAssert2((filename != NULL), -1);
!
! ss = xmlSecNssKeysStoreGetSS(store);
! xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
!
! return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
! }
!
! static int
! xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
! xmlSecKeyStorePtr *ss;
!
! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
! ss = xmlSecNssKeysStoreGetSS(store);
! xmlSecAssert2((*ss == NULL), -1);
! *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
! if(*ss == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSecKeyStoreCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "xmlSecSimpleKeysStoreId");
! return(-1);
}
-
- return(0);
- }
-
- static void
- xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
- xmlSecKeyStorePtr *ss;
-
- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
-
- ss = xmlSecNssKeysStoreGetSS(store);
- xmlSecAssert((ss != NULL) && (*ss != NULL));
! xmlSecKeyStoreDestroy(*ss);
! }
!
! static xmlSecKeyPtr
! xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
! xmlSecKeyStorePtr* ss;
! xmlSecKeyPtr key = NULL;
! xmlSecKeyPtr retval = NULL;
! xmlSecKeyReqPtr keyReq = NULL;
! CERTCertificate *cert = NULL;
! SECKEYPublicKey *pubkey = NULL;
! SECKEYPrivateKey *privkey = NULL;
! xmlSecKeyDataPtr data = NULL;
! xmlSecKeyDataPtr x509Data = NULL;
! int ret;
!
! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
!
! ss = xmlSecNssKeysStoreGetSS(store);
! xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
!
! key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
! if (key != NULL) {
! return (key);
! }
! /* Try to find the key in the NSS DB, and construct an xmlSecKey.
! * we must have a name to lookup keys in NSS DB.
! */
! if (name == NULL) {
! goto done;
! }
! /* what type of key are we looking for?
! * TBD: For now, we'll look only for public/private keys using the
! * name as a cert nickname. Later on, we can attempt to find
! * symmetric keys using PK11_FindFixedKey
! */
! keyReq = &(keyInfoCtx->keyReq);
! if (keyReq->keyType &
! (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
! cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
! if (cert == NULL) {
! goto done;
! }
!
! if (keyReq->keyType & xmlSecKeyDataTypePublic) {
! pubkey = CERT_ExtractPublicKey(cert);
! if (pubkey == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CERT_ExtractPublicKey",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
}
- }
! if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
! privkey = PK11_FindKeyByAnyCert(cert, NULL);
! if (privkey == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_FindKeyByAnyCert",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
}
}
! data = xmlSecNssPKIAdoptKey(privkey, pubkey);
! if(data == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssPKIAdoptKey",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
! privkey = NULL;
! pubkey = NULL;
!
! key = xmlSecKeyCreate();
! if (key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
! return (NULL);
! }
!
! x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
! if(x509Data == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecKeyDataCreate",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "transform=%s",
! xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
! goto done;
! }
!
! ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
! if (ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssKeyDataX509AdoptKeyCert",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "data=%s",
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
! goto done;
! }
! cert = CERT_DupCertificate(cert);
! if (cert == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CERT_DupCertificate",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "data=%s",
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
! goto done;
! }
!
! ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
! if (ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssKeyDataX509AdoptCert",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "data=%s",
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
! goto done;
}
- cert = NULL;
! ret = xmlSecKeySetValue(key, data);
! if (ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecKeySetValue",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "data=%s",
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
! goto done;
! }
! data = NULL;
! ret = xmlSecKeyAdoptData(key, x509Data);
! if (ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "data=%s",
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
! goto done;
! }
! x509Data = NULL;
!
! retval = key;
! key = NULL;
! }
!
! done:
! if (cert != NULL) {
! CERT_DestroyCertificate(cert);
! }
! if (pubkey != NULL) {
! SECKEY_DestroyPublicKey(pubkey);
! }
! if (privkey != NULL) {
! SECKEY_DestroyPrivateKey(privkey);
! }
! if (data != NULL) {
! xmlSecKeyDataDestroy(data);
! }
! if (x509Data != NULL) {
! xmlSecKeyDataDestroy(x509Data);
! }
! if (key != NULL) {
! xmlSecKeyDestroy(key);
}
!
! /* now that we have a key, make sure it is valid and let the simple
! * store adopt it */
! if (retval) {
! if (xmlSecKeyIsValid(retval)) {
! ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval);
! if (ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSecSimpleKeysStoreAdoptKey",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! xmlSecKeyDestroy(retval);
! retval = NULL;
! }
! } else {
! xmlSecKeyDestroy(retval);
! retval = NULL;
! }
! }
!
! return (retval);
}
--- 654,800 ----
*/
int
xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
! xmlSecKeyInfoCtx keyInfoCtx;
! xmlSecNssKeysStoreCtxPtr context ;
! xmlSecPtrListPtr list;
! xmlSecKeyPtr key;
! xmlSecSize i, keysSize;
! xmlDocPtr doc;
! xmlNodePtr cur;
! xmlSecKeyDataPtr data;
! xmlSecPtrListPtr idsList;
! xmlSecKeyDataId dataId;
! xmlSecSize idsSize, j;
! int ret;
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ;
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
! xmlSecAssert2(filename != NULL, -1);
!
! context = xmlSecNssKeysStoreGetCtx( store ) ;
! xmlSecAssert2( context != NULL, -1 );
!
! list = context->keyList ;
! xmlSecAssert2( list != NULL, -1 );
! xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
! /* create doc */
! doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
! if(doc == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSecCreateTree",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
}
! idsList = xmlSecKeyDataIdsGet();
! xmlSecAssert2(idsList != NULL, -1);
!
! keysSize = xmlSecPtrListGetSize(list);
! idsSize = xmlSecPtrListGetSize(idsList);
! for(i = 0; i < keysSize; ++i) {
! key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
! xmlSecAssert2(key != NULL, -1);
!
! cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
! if(cur == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSecAddChild",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "node=%s",
! xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
! xmlFreeDoc(doc);
! return(-1);
! }
! /* special data key name */
! if(xmlSecKeyGetName(key) != NULL) {
! if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSecAddChild",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "node=%s",
! xmlSecErrorsSafeString(xmlSecNodeKeyName));
! xmlFreeDoc(doc);
! return(-1);
! }
! }
!
! /* create nodes for other keys data */
! for(j = 0; j < idsSize; ++j) {
! dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
! xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
! if(dataId->dataNodeName == NULL) {
! continue;
! }
!
! data = xmlSecKeyGetData(key, dataId);
! if(data == NULL) {
! continue;
}
! if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSecAddChild",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "node=%s",
! xmlSecErrorsSafeString(dataId->dataNodeName));
! xmlFreeDoc(doc);
! return(-1);
}
}
! ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
! if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSecKeyInfoCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
! xmlFreeDoc(doc);
! return(-1);
}
! keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
! keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
! keyInfoCtx.keyReq.keyType = type;
! keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
! /* finally write key in the node */
! ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
! if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSecKeyInfoNodeWrite",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
! xmlFreeDoc(doc);
! return(-1);
! }
! xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
}
!
! /* now write result */
! ret = xmlSaveFormatFile(filename, doc, 1);
! if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
! "xmlSaveFormatFile",
! XMLSEC_ERRORS_R_XML_FAILED,
! "filename=%s",
! xmlSecErrorsSafeString(filename));
! xmlFreeDoc(doc);
! return(-1);
! }
!
! xmlFreeDoc(doc);
! return(0);
}
+
*** misc/xmlsec1-1.2.6/src/nss/keytrans.c 2005-05-09 19:55:57.237855744 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2005-05-09 19:54:13.211629315 +0200
***************
*** 1 ****
! dummy
--- 1,744 ----
! /**
! *
! * XMLSec library
! *
! * AES Algorithm support
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright .................................
! */
! #include "globals.h"
!
! #include <stdlib.h>
! #include <stdio.h>
! #include <string.h>
!
! #include <nss.h>
! #include <pk11func.h>
! #include <keyhi.h>
! #include <key.h>
! #include <hasht.h>
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/xmltree.h>
! #include <xmlsec/keys.h>
! #include <xmlsec/transforms.h>
! #include <xmlsec/errors.h>
!
! #include <xmlsec/nss/crypto.h>
! #include <xmlsec/nss/pkikeys.h>
! #include <xmlsec/nss/tokens.h>
!
! /*********************************************************************
! *
! * key transform transforms
! *
! ********************************************************************/
! typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ;
! typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ;
!
! #define xmlSecNssKeyTransportSize \
! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) )
!
! #define xmlSecNssKeyTransportGetCtx( transform ) \
! ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
!
! struct _xmlSecNssKeyTransportCtx {
! CK_MECHANISM_TYPE cipher ;
! SECKEYPublicKey* pubkey ;
! SECKEYPrivateKey* prikey ;
! xmlSecKeyDataId keyId ;
! xmlSecBufferPtr material ; /* to be encrypted/decrypted material */
! } ;
!
! static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform);
! static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform);
! static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform,
! xmlSecKeyReqPtr keyReq);
! static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform,
! xmlSecKeyPtr key);
! static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform,
! int last,
! xmlSecTransformCtxPtr transformCtx);
! static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform);
!
! static int
! xmlSecNssKeyTransportCheckId(
! xmlSecTransformPtr transform
! ) {
! #ifndef XMLSEC_NO_RSA
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) ||
! xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) {
!
! return(1);
! }
! #endif /* XMLSEC_NO_RSA */
!
! return(0);
! }
!
! static int
! xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) {
! xmlSecNssKeyTransportCtxPtr context ;
! int ret;
!
! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
!
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
! xmlSecAssert2( context != NULL , -1 ) ;
!
! #ifndef XMLSEC_NO_RSA
! if( transform->id == xmlSecNssTransformRsaPkcs1Id ) {
! context->cipher = CKM_RSA_PKCS ;
! context->keyId = xmlSecNssKeyDataRsaId ;
! } else if( transform->id == xmlSecNssTransformRsaOaepId ) {
! context->cipher = CKM_RSA_PKCS_OAEP ;
! context->keyId = xmlSecNssKeyDataRsaId ;
! } else
! #endif /* XMLSEC_NO_RSA */
!
! if( 1 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! NULL ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! context->pubkey = NULL ;
! context->prikey = NULL ;
! context->material = NULL ;
!
! return(0);
! }
!
! static void
! xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) {
! xmlSecNssKeyTransportCtxPtr context ;
!
! xmlSecAssert(xmlSecNssKeyTransportCheckId(transform));
! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize));
!
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
! xmlSecAssert( context != NULL ) ;
!
! if( context->pubkey != NULL ) {
! SECKEY_DestroyPublicKey( context->pubkey ) ;
! context->pubkey = NULL ;
! }
!
! if( context->prikey != NULL ) {
! SECKEY_DestroyPrivateKey( context->prikey ) ;
! context->prikey = NULL ;
! }
!
! if( context->material != NULL ) {
! xmlSecBufferDestroy(context->material);
! context->material = NULL ;
! }
! }
!
! static int
! xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
! xmlSecNssKeyTransportCtxPtr context ;
! xmlSecSize cipherSize = 0 ;
!
!
! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
! xmlSecAssert2(keyReq != NULL, -1);
!
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
! xmlSecAssert2( context != NULL , -1 ) ;
!
! keyReq->keyId = context->keyId;
! if(transform->operation == xmlSecTransformOperationEncrypt) {
! keyReq->keyUsage = xmlSecKeyUsageEncrypt;
! keyReq->keyType = xmlSecKeyDataTypePublic;
! } else {
! keyReq->keyUsage = xmlSecKeyUsageDecrypt;
! keyReq->keyType = xmlSecKeyDataTypePrivate;
! }
!
! return(0);
! }
!
! static int
! xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
! xmlSecNssKeyTransportCtxPtr context = NULL ;
! xmlSecKeyDataPtr keyData = NULL ;
! SECKEYPublicKey* pubkey = NULL ;
! SECKEYPrivateKey* prikey = NULL ;
!
! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
! xmlSecAssert2(key != NULL, -1);
!
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
! if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyTransportGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
!
! keyData = xmlSecKeyGetValue( key ) ;
! if( keyData == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
! "xmlSecKeyGetValue" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if(transform->operation == xmlSecTransformOperationEncrypt) {
! if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
! "xmlSecNssPKIKeyDataGetPubKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! context->pubkey = pubkey ;
! } else {
! if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
! "xmlSecNssPKIKeyDataGetPrivKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! context->prikey = prikey ;
! }
!
! return(0) ;
! }
!
! /**
! * key wrap transform
! */
! static int
! xmlSecNssKeyTransportCtxInit(
! xmlSecNssKeyTransportCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! xmlSecSize blockSize ;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! if( ctx->material != NULL ) {
! xmlSecBufferDestroy( ctx->material ) ;
! ctx->material = NULL ;
! }
!
! if( ctx->pubkey != NULL ) {
! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
! } else if( ctx->prikey != NULL ) {
! blockSize = PK11_SignatureLen( ctx->prikey ) ;
! } else {
! blockSize = -1 ;
! }
!
! if( blockSize < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! ctx->material = xmlSecBufferCreate( blockSize ) ;
! if( ctx->material == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferCreate" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! /* read raw key material into context */
! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferSetData" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! return(0);
! }
!
! /**
! * key wrap transform update
! */
! static int
! xmlSecNssKeyTransportCtxUpdate(
! xmlSecNssKeyTransportCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! /* read raw key material and append into context */
! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferAppend" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! return(0);
! }
!
! /**
! * Block cipher transform final
! */
! static int
! xmlSecNssKeyTransportCtxFinal(
! xmlSecNssKeyTransportCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! SECKEYPublicKey* targetKey ;
! PK11SymKey* symKey ;
! PK11SlotInfo* slot ;
! SECItem oriskv ;
! xmlSecSize blockSize ;
! xmlSecBufferPtr result ;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! /* read raw key material and append into context */
! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferAppend" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! /* Now we get all of the key materail */
! /* from now on we will wrap or unwrap the key */
! if( ctx->pubkey != NULL ) {
! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
! } else if( ctx->prikey != NULL ) {
! blockSize = PK11_SignatureLen( ctx->prikey ) ;
! } else {
! blockSize = -1 ;
! }
!
! if( blockSize < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_GetBlockSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! result = xmlSecBufferCreate( blockSize * 2 ) ;
! if( result == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferCreate" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! oriskv.type = siBuffer ;
! oriskv.data = xmlSecBufferGetData( ctx->material ) ;
! oriskv.len = xmlSecBufferGetSize( ctx->material ) ;
!
! if( encrypt != 0 ) {
! CK_OBJECT_HANDLE id ;
! SECItem wrpskv ;
!
! /* Create template symmetric key from material */
! if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) {
! slot = xmlSecNssSlotGet( ctx->cipher ) ;
! if( slot == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssSlotGet" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
!
! id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ;
! if( id == CK_INVALID_HANDLE ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_ImportPublicKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy(result);
! PK11_FreeSlot( slot ) ;
! return(-1);
! }
! }
!
! /* pay attention to mechanism */
! symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ;
! if( symKey == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_ImportSymKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy(result);
! PK11_FreeSlot( slot ) ;
! return(-1);
! }
!
! wrpskv.type = siBuffer ;
! wrpskv.data = xmlSecBufferGetData( result ) ;
! wrpskv.len = xmlSecBufferGetMaxSize( result ) ;
!
! if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_PubWrapSymKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSymKey( symKey ) ;
! xmlSecBufferDestroy(result);
! PK11_FreeSlot( slot ) ;
! return(-1);
! }
!
! if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferSetSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSymKey( symKey ) ;
! xmlSecBufferDestroy(result);
! PK11_FreeSlot( slot ) ;
! return(-1);
! }
! PK11_FreeSymKey( symKey ) ;
! PK11_FreeSlot( slot ) ;
! } else {
! SECItem* keyItem ;
! CK_OBJECT_HANDLE id1 ;
!
! /* pay attention to mechanism */
! if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_PubUnwrapSymKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
!
! /* Extract raw data from symmetric key */
! if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_ExtractKeyValue" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSymKey( symKey ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
!
! if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_GetKeyData" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSymKey( symKey ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
!
! if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_PubUnwrapSymKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSymKey( symKey ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
! PK11_FreeSymKey( symKey ) ;
! }
!
! /* Write output */
! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferAppend" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
! xmlSecBufferDestroy(result);
!
! return(0);
! }
!
! static int
! xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
! xmlSecNssKeyTransportCtxPtr context = NULL ;
! xmlSecBufferPtr inBuf, outBuf ;
! int operation ;
! int rtv ;
!
! xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ;
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ;
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyTransportGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! inBuf = &( transform->inBuf ) ;
! outBuf = &( transform->outBuf ) ;
!
! if( transform->status == xmlSecTransformStatusNone ) {
! transform->status = xmlSecTransformStatusWorking ;
! }
!
! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
! if( transform->status == xmlSecTransformStatusWorking ) {
! if( context->material == NULL ) {
! rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyTransportCtxInit" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! }
!
! if( context->material == NULL && last != 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "No enough data to intialize transform" ) ;
! return(-1);
! }
!
! if( context->material != NULL ) {
! rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyTransportCtxUpdate" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! }
!
! if( last ) {
! rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyTransportCtxFinal" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! transform->status = xmlSecTransformStatusFinished ;
! }
! } else if( transform->status == xmlSecTransformStatusFinished ) {
! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "status=%d", transform->status ) ;
! return(-1);
! }
! } else {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "status=%d", transform->status ) ;
! return(-1);
! }
!
! return(0);
! }
!
!
! #ifndef XMLSEC_NO_RSA
!
! static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
!
! xmlSecNameRsaPkcs1, /* const xmlChar* name; */
! xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
!
! static xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
!
! xmlSecNameRsaOaep, /* const xmlChar* name; */
! xmlSecHrefRsaOaep, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
!
! /**
! * xmlSecNssTransformRsaPkcs1GetKlass:
! *
! * The RSA-PKCS1 key transport transform klass.
! *
! * Returns RSA-PKCS1 key transport transform klass.
! */
! xmlSecTransformId
! xmlSecNssTransformRsaPkcs1GetKlass(void) {
! return(&xmlSecNssRsaPkcs1Klass);
! }
!
! /**
! * xmlSecNssTransformRsaOaepGetKlass:
! *
! * The RSA-PKCS1 key transport transform klass.
! *
! * Returns RSA-PKCS1 key transport transform klass.
! */
! xmlSecTransformId
! xmlSecNssTransformRsaOaepGetKlass(void) {
! return(&xmlSecNssRsaOaepKlass);
! }
!
! #endif /* XMLSEC_NO_RSA */
!
*** misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2005-05-09 19:55:57.250854648 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2005-05-09 19:54:13.215628977 +0200
***************
*** 1 ****
! dummy
--- 1,1197 ----
! /**
! *
! * XMLSec library
! *
! * AES Algorithm support
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright .................................
! */
! #include "globals.h"
!
! #include <stdlib.h>
! #include <stdio.h>
! #include <string.h>
!
! #include <nss.h>
! #include <pk11func.h>
! #include <hasht.h>
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/xmltree.h>
! #include <xmlsec/keys.h>
! #include <xmlsec/transforms.h>
! #include <xmlsec/errors.h>
!
! #include <xmlsec/nss/crypto.h>
! #include <xmlsec/nss/ciphers.h>
!
! #define XMLSEC_NSS_AES128_KEY_SIZE 16
! #define XMLSEC_NSS_AES192_KEY_SIZE 24
! #define XMLSEC_NSS_AES256_KEY_SIZE 32
! #define XMLSEC_NSS_DES3_KEY_SIZE 24
! #define XMLSEC_NSS_DES3_KEY_LENGTH 24
! #define XMLSEC_NSS_DES3_IV_LENGTH 8
! #define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
!
! static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
! 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
! };
!
! /*********************************************************************
! *
! * key wrap transforms
! *
! ********************************************************************/
! typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
! typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
!
! #define xmlSecNssKeyWrapSize \
! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
!
! #define xmlSecNssKeyWrapGetCtx( transform ) \
! ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
!
! struct _xmlSecNssKeyWrapCtx {
! CK_MECHANISM_TYPE cipher ;
! PK11SymKey* symkey ;
! xmlSecKeyDataId keyId ;
! xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
! } ;
!
! static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
! static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
! static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
! xmlSecKeyReqPtr keyReq);
! static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
! xmlSecKeyPtr key);
! static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
! int last,
! xmlSecTransformCtxPtr transformCtx);
! static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
!
! static int
! xmlSecNssKeyWrapCheckId(
! xmlSecTransformPtr transform
! ) {
! #ifndef XMLSEC_NO_DES
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
! return(1);
! }
! #endif /* XMLSEC_NO_DES */
!
! #ifndef XMLSEC_NO_AES
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
!
! return(1);
! }
! #endif /* XMLSEC_NO_AES */
!
! return(0);
! }
!
! static xmlSecSize
! xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
! #ifndef XMLSEC_NO_DES
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
! return(XMLSEC_NSS_DES3_KEY_SIZE);
! } else
! #endif /* XMLSEC_NO_DES */
!
! #ifndef XMLSEC_NO_AES
! if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
! return(XMLSEC_NSS_AES128_KEY_SIZE);
! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
! return(XMLSEC_NSS_AES192_KEY_SIZE);
! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
! return(XMLSEC_NSS_AES256_KEY_SIZE);
! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
! return(XMLSEC_NSS_AES256_KEY_SIZE);
! } else
! #endif /* XMLSEC_NO_AES */
!
! if(1)
! return(0);
! }
!
!
! static int
! xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
! xmlSecNssKeyWrapCtxPtr context ;
! int ret;
!
! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
!
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
! xmlSecAssert2( context != NULL , -1 ) ;
!
! #ifndef XMLSEC_NO_DES
! if( transform->id == xmlSecNssTransformKWDes3Id ) {
! context->cipher = CKM_DES3_CBC ;
! context->keyId = xmlSecNssKeyDataDesId ;
! } else
! #endif /* XMLSEC_NO_DES */
!
! #ifndef XMLSEC_NO_AES
! if( transform->id == xmlSecNssTransformKWAes128Id ) {
! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
! context->cipher = CKM_AES_CBC ;
! context->keyId = xmlSecNssKeyDataAesId ;
! } else
! if( transform->id == xmlSecNssTransformKWAes192Id ) {
! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
! context->cipher = CKM_AES_CBC ;
! context->keyId = xmlSecNssKeyDataAesId ;
! } else
! if( transform->id == xmlSecNssTransformKWAes256Id ) {
! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
! context->cipher = CKM_AES_CBC ;
! context->keyId = xmlSecNssKeyDataAesId ;
! } else
! #endif /* XMLSEC_NO_AES */
!
!
! if( 1 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
! NULL ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! context->symkey = NULL ;
! context->material = NULL ;
!
! return(0);
! }
!
! static void
! xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
! xmlSecNssKeyWrapCtxPtr context ;
!
! xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
!
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
! xmlSecAssert( context != NULL ) ;
!
! if( context->symkey != NULL ) {
! PK11_FreeSymKey( context->symkey ) ;
! context->symkey = NULL ;
! }
!
! if( context->material != NULL ) {
! xmlSecBufferDestroy(context->material);
! context->material = NULL ;
! }
! }
!
! static int
! xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
! xmlSecNssKeyWrapCtxPtr context ;
! xmlSecSize cipherSize = 0 ;
!
!
! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
! xmlSecAssert2(keyReq != NULL, -1);
!
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
! xmlSecAssert2( context != NULL , -1 ) ;
!
! keyReq->keyId = context->keyId;
! keyReq->keyType = xmlSecKeyDataTypeSymmetric;
! if(transform->operation == xmlSecTransformOperationEncrypt) {
! keyReq->keyUsage = xmlSecKeyUsageEncrypt;
! } else {
! keyReq->keyUsage = xmlSecKeyUsageDecrypt;
! }
!
! keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
!
! return(0);
! }
!
! static int
! xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
! xmlSecNssKeyWrapCtxPtr context = NULL ;
! xmlSecKeyDataPtr keyData = NULL ;
! PK11SymKey* symkey = NULL ;
!
! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
! xmlSecAssert2(key != NULL, -1);
!
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyWrapGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
!
! keyData = xmlSecKeyGetValue( key ) ;
! if( keyData == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
! "xmlSecKeyGetValue" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
! "xmlSecNssSymKeyDataGetKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! context->symkey = symkey ;
!
! return(0) ;
! }
!
! /**
! * key wrap transform
! */
! static int
! xmlSecNssKeyWrapCtxInit(
! xmlSecNssKeyWrapCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! xmlSecSize blockSize ;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! if( ctx->material != NULL ) {
! xmlSecBufferDestroy( ctx->material ) ;
! ctx->material = NULL ;
! }
!
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_GetBlockSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! ctx->material = xmlSecBufferCreate( blockSize ) ;
! if( ctx->material == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferCreate" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! /* read raw key material into context */
! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferSetData" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! return(0);
! }
!
! /**
! * key wrap transform update
! */
! static int
! xmlSecNssKeyWrapCtxUpdate(
! xmlSecNssKeyWrapCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! /* read raw key material and append into context */
! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferAppend" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! return(0);
! }
!
! static int
! xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
! xmlSecSize s;
! xmlSecSize i;
! xmlSecByte c;
!
! xmlSecAssert2(buf != NULL, -1);
!
! s = size / 2;
! --size;
! for(i = 0; i < s; ++i) {
! c = buf[i];
! buf[i] = buf[size - i];
! buf[size - i] = c;
! }
! return(0);
! }
!
! static xmlSecByte *
! xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
! xmlSecByte *out, xmlSecSize outSize)
! {
! PK11Context *context = NULL;
! SECStatus s;
! xmlSecByte *digest = NULL;
! unsigned int len;
!
! xmlSecAssert2(in != NULL, NULL);
! xmlSecAssert2(out != NULL, NULL);
! xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
!
! /* Create a context for hashing (digesting) */
! context = PK11_CreateDigestContext(SEC_OID_SHA1);
! if (context == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_CreateDigestContext",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code = %d", PORT_GetError());
! goto done;
! }
!
! s = PK11_DigestBegin(context);
! if (s != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_DigestBegin",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code = %d", PORT_GetError());
! goto done;
! }
!
! s = PK11_DigestOp(context, in, inSize);
! if (s != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_DigestOp",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code = %d", PORT_GetError());
! goto done;
! }
!
! s = PK11_DigestFinal(context, out, &len, outSize);
! if (s != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_DigestFinal",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code = %d", PORT_GetError());
! goto done;
! }
! xmlSecAssert2(len == SHA1_LENGTH, NULL);
!
! digest = out;
!
! done:
! if (context != NULL) {
! PK11_DestroyContext(context, PR_TRUE);
! }
! return (digest);
! }
!
! static int
! xmlSecNssKWDes3Encrypt(
! PK11SymKey* symKey ,
! CK_MECHANISM_TYPE cipherMech ,
! const xmlSecByte* iv ,
! xmlSecSize ivSize ,
! const xmlSecByte* in ,
! xmlSecSize inSize ,
! xmlSecByte* out ,
! xmlSecSize outSize ,
! int enc
! ) {
! PK11Context* EncContext = NULL;
! SECItem ivItem ;
! SECItem* secParam = NULL ;
! int tmp1_outlen;
! unsigned int tmp2_outlen;
! int result_len = -1;
! SECStatus rv;
!
! xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( symKey != NULL , -1 ) ;
! xmlSecAssert2(iv != NULL, -1);
! xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
! xmlSecAssert2(in != NULL, -1);
! xmlSecAssert2(inSize > 0, -1);
! xmlSecAssert2(out != NULL, -1);
! xmlSecAssert2(outSize >= inSize, -1);
!
! /* Prepare IV */
! ivItem.data = ( unsigned char* )iv ;
! ivItem.len = ivSize ;
!
! secParam = PK11_ParamFromIV(cipherMech, &ivItem);
! if (secParam == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_ParamFromIV",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "Error code = %d", PORT_GetError());
! goto done;
! }
!
! EncContext = PK11_CreateContextBySymKey(cipherMech,
! enc ? CKA_ENCRYPT : CKA_DECRYPT,
! symKey, secParam);
! if (EncContext == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_CreateContextBySymKey",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "Error code = %d", PORT_GetError());
! goto done;
! }
!
! tmp1_outlen = tmp2_outlen = 0;
! rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
! (unsigned char *)in, inSize);
! if (rv != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_CipherOp",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "Error code = %d", PORT_GetError());
! goto done;
! }
!
! rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
! &tmp2_outlen, outSize-tmp1_outlen);
! if (rv != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_DigestFinal",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "Error code = %d", PORT_GetError());
! goto done;
! }
!
! result_len = tmp1_outlen + tmp2_outlen;
!
! done:
! if (secParam) {
! SECITEM_FreeItem(secParam, PR_TRUE);
! }
! if (EncContext) {
! PK11_DestroyContext(EncContext, PR_TRUE);
! }
!
! return(result_len);
! }
!
! static int
! xmlSecNssKeyWrapDesOp(
! xmlSecNssKeyWrapCtxPtr ctx ,
! int encrypt ,
! xmlSecBufferPtr result
! ) {
! xmlSecByte sha1[SHA1_LENGTH];
! xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
! xmlSecByte* in;
! xmlSecSize inSize;
! xmlSecByte* out;
! xmlSecSize outSize;
! xmlSecSize s;
! int ret;
! SECStatus status;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
! xmlSecAssert2( result != NULL , -1 ) ;
!
! in = xmlSecBufferGetData(ctx->material);
! inSize = xmlSecBufferGetSize(ctx->material) ;
! out = xmlSecBufferGetData(result);
! outSize = xmlSecBufferGetMaxSize(result) ;
! if( encrypt ) {
! /* step 2: calculate sha1 and CMS */
! if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssComputeSHA1",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! /* step 3: construct WKCKS */
! memcpy(out, in, inSize);
! memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
!
! /* step 4: generate random iv */
! status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
! if(status != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PK11_GenerateRandom",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code = %d", PORT_GetError());
! return(-1);
! }
!
! /* step 5: first encryption, result is TEMP1 */
! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
! iv, XMLSEC_NSS_DES3_IV_LENGTH,
! out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
! out, outSize, 1);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssKWDes3Encrypt",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! /* step 6: construct TEMP2=IV || TEMP1 */
! memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
! inSize + XMLSEC_NSS_DES3_IV_LENGTH);
! memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
! s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
!
! /* step 7: reverse octets order, result is TEMP3 */
! ret = xmlSecNssKWDes3BufferReverse(out, s);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssKWDes3BufferReverse",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! /* step 8: second encryption with static IV */
! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
! out, s,
! out, outSize, 1);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssKWDes3Encrypt",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! s = ret;
!
! if( xmlSecBufferSetSize( result , s ) < 0 ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBufferSetSize",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! } else {
! /* step 2: first decryption with static IV, result is TEMP3 */
! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
! in, inSize,
! out, outSize, 0);
! if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssKWDes3Encrypt",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! s = ret;
!
! /* step 3: reverse octets order in TEMP3, result is TEMP2 */
! ret = xmlSecNssKWDes3BufferReverse(out, s);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssKWDes3BufferReverse",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
! out, XMLSEC_NSS_DES3_IV_LENGTH,
! out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
! out, outSize, 0);
! if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssKWDes3Encrypt",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
!
! /* steps 6 and 7: calculate SHA1 and validate it */
! if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssComputeSHA1",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "SHA1 does not match");
! return(-1);
! }
!
! if( xmlSecBufferSetSize( result , s ) < 0 ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBufferSetSize",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! }
!
! return(0);
! }
!
! static int
! xmlSecNssKeyWrapAesOp(
! xmlSecNssKeyWrapCtxPtr ctx ,
! int encrypt ,
! xmlSecBufferPtr result
! ) {
! PK11Context* cipherCtx = NULL;
! SECItem ivItem ;
! SECItem* secParam = NULL ;
! xmlSecSize inSize ;
! xmlSecSize inBlocks ;
! int blockSize ;
! int midSize ;
! int finSize ;
! xmlSecByte* out ;
! xmlSecSize outSize;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
! xmlSecAssert2( result != NULL , -1 ) ;
!
! /* Do not set any IV */
! memset(&ivItem, 0, sizeof(ivItem));
!
! /* Get block size */
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_GetBlockSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! inSize = xmlSecBufferGetSize( ctx->material ) ;
! if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferSetMaxSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! /* Get Param for context initialization */
! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_ParamFromIV" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
! if( cipherCtx == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_CreateContextBySymKey" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! SECITEM_FreeItem( secParam , PR_TRUE ) ;
! return(-1);
! }
!
! out = xmlSecBufferGetData(result) ;
! outSize = xmlSecBufferGetMaxSize(result) ;
! if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_CipherOp" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_DigestFinal" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferSetSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! return 0 ;
! }
!
! /**
! * Block cipher transform final
! */
! static int
! xmlSecNssKeyWrapCtxFinal(
! xmlSecNssKeyWrapCtxPtr ctx ,
! xmlSecBufferPtr in ,
! xmlSecBufferPtr out ,
! int encrypt ,
! xmlSecTransformCtxPtr transformCtx
! ) {
! PK11SymKey* targetKey ;
! xmlSecSize blockSize ;
! xmlSecBufferPtr result ;
!
! xmlSecAssert2( ctx != NULL , -1 ) ;
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
! xmlSecAssert2( in != NULL , -1 ) ;
! xmlSecAssert2( out != NULL , -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! /* read raw key material and append into context */
! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferAppend" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferRemoveHead" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! /* Now we get all of the key materail */
! /* from now on we will wrap or unwrap the key */
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "PK11_GetBlockSize" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! result = xmlSecBufferCreate( blockSize ) ;
! if( result == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferCreate" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! switch( ctx->cipher ) {
! case CKM_DES3_CBC :
! if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssKeyWrapDesOp" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
! break ;
! // case CKM_NETSCAPE_AES_KEY_WRAP :
! case CKM_AES_CBC :
! if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecNssKeyWrapAesOp" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
! break ;
! }
!
! /* Write output */
! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! "xmlSecBufferAppend" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBufferDestroy(result);
! return(-1);
! }
! xmlSecBufferDestroy(result);
!
! return(0);
! }
!
! static int
! xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
! xmlSecNssKeyWrapCtxPtr context = NULL ;
! xmlSecBufferPtr inBuf, outBuf ;
! int operation ;
! int rtv ;
!
! xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
!
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyWrapGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! inBuf = &( transform->inBuf ) ;
! outBuf = &( transform->outBuf ) ;
!
! if( transform->status == xmlSecTransformStatusNone ) {
! transform->status = xmlSecTransformStatusWorking ;
! }
!
! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
! if( transform->status == xmlSecTransformStatusWorking ) {
! if( context->material == NULL ) {
! rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyWrapCtxInit" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! }
!
! if( context->material == NULL && last != 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "No enough data to intialize transform" ) ;
! return(-1);
! }
!
! if( context->material != NULL ) {
! rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyWrapCtxUpdate" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! }
!
! if( last ) {
! rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
! if( rtv < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! "xmlSecNssKeyWrapCtxFinal" ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! transform->status = xmlSecTransformStatusFinished ;
! }
! } else if( transform->status == xmlSecTransformStatusFinished ) {
! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "status=%d", transform->status ) ;
! return(-1);
! }
! } else {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
! NULL ,
! XMLSEC_ERRORS_R_INVALID_STATUS ,
! "status=%d", transform->status ) ;
! return(-1);
! }
!
! return(0);
! }
!
! #ifndef XMLSEC_NO_AES
!
!
! static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
!
! xmlSecNameKWAes128, /* const xmlChar* name; */
! xmlSecHrefKWAes128, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
!
! static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
!
! xmlSecNameKWAes192, /* const xmlChar* name; */
! xmlSecHrefKWAes192, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
!
! static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
!
! xmlSecNameKWAes256, /* const xmlChar* name; */
! xmlSecHrefKWAes256, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
!
! /**
! * xmlSecNssTransformKWAes128GetKlass:
! *
! * The AES-128 key wrapper transform klass.
! *
! * Returns AES-128 key wrapper transform klass.
! */
! xmlSecTransformId
! xmlSecNssTransformKWAes128GetKlass(void) {
! return(&xmlSecNssKWAes128Klass);
! }
!
! /**
! * xmlSecNssTransformKWAes192GetKlass:
! *
! * The AES-192 key wrapper transform klass.
! *
! * Returns AES-192 key wrapper transform klass.
! */
! xmlSecTransformId
! xmlSecNssTransformKWAes192GetKlass(void) {
! return(&xmlSecNssKWAes192Klass);
! }
!
! /**
! *
! * The AES-256 key wrapper transform klass.
! *
! * Returns AES-256 key wrapper transform klass.
! */
! xmlSecTransformId
! xmlSecNssTransformKWAes256GetKlass(void) {
! return(&xmlSecNssKWAes256Klass);
! }
!
! #endif /* XMLSEC_NO_AES */
!
!
! #ifndef XMLSEC_NO_DES
!
! static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
! /* klass/object sizes */
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
!
! xmlSecNameKWDes3, /* const xmlChar* name; */
! xmlSecHrefKWDes3, /* const xmlChar* href; */
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
!
! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
! NULL, /* xmlSecTransformValidateMethod validate; */
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
!
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
! };
!
! /**
! * xmlSecNssTransformKWDes3GetKlass:
! *
! * The Triple DES key wrapper transform klass.
! *
! * Returns Triple DES key wrapper transform klass.
! */
! xmlSecTransformId
! xmlSecNssTransformKWDes3GetKlass(void) {
! return(&xmlSecNssKWDes3Klass);
! }
!
! #endif /* XMLSEC_NO_DES */
!
*** misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 11:43:03.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2005-05-09 19:54:13.215628977 +0200
***************
*** 20,40 ****
$(NULL)
libxmlsec1_nss_la_SOURCES =\
app.c \
bignum.c \
ciphers.c \
crypto.c \
digests.c \
hmac.c \
pkikeys.c \
signatures.c \
symkeys.c \
x509.c \
x509vfy.c \
- keysstore.c \
- kt_rsa.c \
- kw_des.c \
- kw_aes.c \
$(NULL)
libxmlsec1_nss_la_LIBADD = \
--- 20,41 ----
$(NULL)
libxmlsec1_nss_la_SOURCES =\
+ akmngr.c \
app.c \
bignum.c \
ciphers.c \
crypto.c \
digests.c \
hmac.c \
+ keysstore.c \
+ keytrans.c \
+ keywrapers.c \
pkikeys.c \
signatures.c \
symkeys.c \
+ tokens.c \
x509.c \
x509vfy.c \
$(NULL)
libxmlsec1_nss_la_LIBADD = \
*** misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 08:00:32.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2005-05-09 19:54:51.856370203 +0200
***************
*** 54,62 ****
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
am__objects_1 =
! am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \
digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \
! x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \
$(am__objects_1)
libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
--- 54,62 ----
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
am__objects_1 =
! am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \
digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \
! x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \
$(am__objects_1)
libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
***************
*** 65,75 ****
@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \
! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \
! @AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
--- 65,75 ----
@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \
! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \
! @AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \
@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
***************
*** 321,341 ****
$(NULL)
libxmlsec1_nss_la_SOURCES = \
app.c \
bignum.c \
ciphers.c \
crypto.c \
digests.c \
hmac.c \
pkikeys.c \
signatures.c \
symkeys.c \
x509.c \
x509vfy.c \
- keysstore.c \
- kt_rsa.c \
- kw_des.c \
- kw_aes.c \
$(NULL)
libxmlsec1_nss_la_LIBADD = \
--- 321,342 ----
$(NULL)
libxmlsec1_nss_la_SOURCES = \
+ akmngr.c \
app.c \
bignum.c \
ciphers.c \
crypto.c \
digests.c \
hmac.c \
+ keysstore.c \
+ keytrans.c \
+ keywrappers.c \
pkikeys.c \
signatures.c \
symkeys.c \
+ tokens.c \
x509.c \
x509vfy.c \
$(NULL)
libxmlsec1_nss_la_LIBADD = \
***************
*** 418,423 ****
--- 419,425 ----
distclean-compile:
-rm -f *.tab.c
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@
***************
*** 425,433 ****
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
--- 427,435 ----
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
*** misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 06:06:45.000000000 +0100
--- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2005-05-09 19:54:13.227627965 +0200
***************
*** 5,10 ****
--- 5,11 ----
* distribution for preciese wording.
*
* Copyright (c) 2003 America Online, Inc. All rights reserved.
+ * Copyright ...........................
*/
#include "globals.h"
***************
*** 24,29 ****
--- 25,31 ----
#include <xmlsec/nss/crypto.h>
#include <xmlsec/nss/bignum.h>
#include <xmlsec/nss/pkikeys.h>
+ #include <xmlsec/nss/tokens.h>
/**************************************************************************
*
***************
*** 98,111 ****
{
xmlSecAssert(ctx != NULL);
if (ctx->privkey != NULL) {
! SECKEY_DestroyPrivateKey(ctx->privkey);
! ctx->privkey = NULL;
}
! if (ctx->pubkey)
! {
! SECKEY_DestroyPublicKey(ctx->pubkey);
! ctx->pubkey = NULL;
}
}
--- 100,112 ----
{
xmlSecAssert(ctx != NULL);
if (ctx->privkey != NULL) {
! SECKEY_DestroyPrivateKey(ctx->privkey);
! ctx->privkey = NULL;
}
! if (ctx->pubkey) {
! SECKEY_DestroyPublicKey(ctx->pubkey);
! ctx->pubkey = NULL;
}
}
***************
*** 115,143 ****
xmlSecNssPKIKeyDataCtxPtr ctxSrc)
{
xmlSecNSSPKIKeyDataCtxFree(ctxDst);
if (ctxSrc->privkey != NULL) {
! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
! if(ctxDst->privkey == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "SECKEY_CopyPrivateKey",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
}
if (ctxSrc->pubkey != NULL) {
! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
! if(ctxDst->pubkey == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "SECKEY_CopyPublicKey",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
}
return (0);
}
--- 116,147 ----
xmlSecNssPKIKeyDataCtxPtr ctxSrc)
{
xmlSecNSSPKIKeyDataCtxFree(ctxDst);
+ ctxDst->privkey = NULL ;
+ ctxDst->pubkey = NULL ;
if (ctxSrc->privkey != NULL) {
! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
! if(ctxDst->privkey == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "SECKEY_CopyPrivateKey",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
! return(-1);
! }
}
if (ctxSrc->pubkey != NULL) {
! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
! if(ctxDst->pubkey == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "SECKEY_CopyPublicKey",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
! return(-1);
! }
}
+
return (0);
}
***************
*** 147,166 ****
SECKEYPublicKey *pubkey)
{
xmlSecNssPKIKeyDataCtxPtr ctx;
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
if (ctx->privkey) {
! SECKEY_DestroyPrivateKey(ctx->privkey);
}
ctx->privkey = privkey;
if (ctx->pubkey) {
! SECKEY_DestroyPublicKey(ctx->pubkey);
}
ctx->pubkey = pubkey;
--- 151,191 ----
SECKEYPublicKey *pubkey)
{
xmlSecNssPKIKeyDataCtxPtr ctx;
+ KeyType pubType = nullKey ;
+ KeyType priType = nullKey ;
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
+ if( privkey != NULL ) {
+ priType = SECKEY_GetPrivateKeyType( privkey ) ;
+ }
+
+ if( pubkey != NULL ) {
+ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
+ }
+
+ if( priType != nullKey && pubType != nullKey ) {
+ if( pubType != priType ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ "different type of private and public key" ) ;
+ return -1 ;
+ }
+ }
+
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
if (ctx->privkey) {
! SECKEY_DestroyPrivateKey(ctx->privkey);
}
ctx->privkey = privkey;
if (ctx->pubkey) {
! SECKEY_DestroyPublicKey(ctx->pubkey);
}
ctx->pubkey = pubkey;
***************
*** 183,243 ****
{
xmlSecKeyDataPtr data = NULL;
int ret;
! KeyType kt;
!
! if (pubkey != NULL) {
! kt = SECKEY_GetPublicKeyType(pubkey);
! } else {
! kt = SECKEY_GetPrivateKeyType(privkey);
! pubkey = SECKEY_ConvertToPublicKey(privkey);
! }
! switch(kt) {
#ifndef XMLSEC_NO_RSA
case rsaKey:
! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
! if(data == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecKeyDataCreate",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "xmlSecNssKeyDataRsaId");
! return(NULL);
! }
! break;
#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_DSA
case dsaKey:
! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
! if(data == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecKeyDataCreate",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "xmlSecNssKeyDataDsaId");
! return(NULL);
! }
! break;
#endif /* XMLSEC_NO_DSA */
default:
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_TYPE,
! "PKI key type %d not supported", kt);
! return(NULL);
}
xmlSecAssert2(data != NULL, NULL);
ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssPKIKeyDataAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
! xmlSecKeyDataDestroy(data);
! return(NULL);
}
return(data);
}
--- 208,282 ----
{
xmlSecKeyDataPtr data = NULL;
int ret;
! KeyType pubType = nullKey ;
! KeyType priType = nullKey ;
! if( privkey != NULL ) {
! priType = SECKEY_GetPrivateKeyType( privkey ) ;
! }
!
! if( pubkey != NULL ) {
! pubType = SECKEY_GetPublicKeyType( pubkey ) ;
! }
!
! if( priType != nullKey && pubType != nullKey ) {
! if( pubType != priType ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! "different type of private and public key" ) ;
! return( NULL ) ;
! }
! }
!
! pubType = priType != nullKey ? priType : pubType ;
! switch(pubType) {
#ifndef XMLSEC_NO_RSA
case rsaKey:
! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
! if(data == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecKeyDataCreate",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "xmlSecNssKeyDataRsaId");
! return(NULL);
! }
! break;
#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_DSA
case dsaKey:
! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
! if(data == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecKeyDataCreate",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "xmlSecNssKeyDataDsaId");
! return(NULL);
! }
! break;
#endif /* XMLSEC_NO_DSA */
default:
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_TYPE,
! "PKI key type %d not supported", pubType);
! return(NULL);
}
xmlSecAssert2(data != NULL, NULL);
ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssPKIKeyDataAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
! xmlSecKeyDataDestroy(data);
! return(NULL);
}
return(data);
}
***************
*** 263,269 ****
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->pubkey != NULL, NULL);
! ret = SECKEY_CopyPublicKey(ctx->pubkey);
return(ret);
}
--- 302,308 ----
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->pubkey != NULL, NULL);
! ret = SECKEY_CopyPublicKey(ctx->pubkey);
return(ret);
}
***************
*** 312,320 ****
xmlSecAssert2(ctx != NULL, nullKey);
if (ctx->pubkey != NULL) {
! kt = SECKEY_GetPublicKeyType(ctx->pubkey);
} else {
! kt = SECKEY_GetPrivateKeyType(ctx->privkey);
}
return(kt);
}
--- 351,359 ----
xmlSecAssert2(ctx != NULL, nullKey);
if (ctx->pubkey != NULL) {
! kt = SECKEY_GetPublicKeyType(ctx->pubkey);
} else {
! kt = SECKEY_GetPrivateKeyType(ctx->privkey);
}
return(kt);
}
***************
*** 553,565 ****
goto done;
}
! slot = PK11_GetBestSlot(CKM_DSA, NULL);
if(slot == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "PK11_GetBestSlot",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
ret = -1;
goto done;
}
--- 592,604 ----
goto done;
}
! slot = xmlSecNssSlotGet(CKM_DSA);
if(slot == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssSlotGet",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
ret = -1;
goto done;
}
***************
*** 570,576 ****
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"PORT_NewArena",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
ret = -1;
goto done;
}
--- 609,615 ----
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"PORT_NewArena",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
ret = -1;
goto done;
}
***************
*** 582,588 ****
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"PORT_ArenaZAlloc",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
PORT_FreeArena(arena, PR_FALSE);
ret = -1;
goto done;
--- 621,627 ----
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"PORT_ArenaZAlloc",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
PORT_FreeArena(arena, PR_FALSE);
ret = -1;
goto done;
***************
*** 750,770 ****
goto done;
}
data = NULL;
-
ret = 0;
done:
if (slot != NULL) {
! PK11_FreeSlot(slot);
}
! if (ret != 0) {
! if (pubkey != NULL) {
! SECKEY_DestroyPublicKey(pubkey);
! }
! if (data != NULL) {
! xmlSecKeyDataDestroy(data);
! }
}
return(ret);
}
--- 789,809 ----
goto done;
}
data = NULL;
ret = 0;
done:
if (slot != NULL) {
! PK11_FreeSlot(slot);
}
!
! if (pubkey != NULL) {
! SECKEY_DestroyPublicKey(pubkey);
! }
!
! if (data != NULL) {
! xmlSecKeyDataDestroy(data);
}
+
return(ret);
}
***************
*** 783,789 ****
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
/* we can have only private key or public key */
--- 822,828 ----
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
/* we can have only private key or public key */
***************
*** 905,911 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"PK11_PQG_ParamGen",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "size=%d", sizeBits);
goto done;
}
--- 944,951 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"PK11_PQG_ParamGen",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "size=%d, error code=%d", sizeBits, PORT_GetError());
! ret = -1;
goto done;
}
***************
*** 915,925 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"PK11_PQG_VerifyParams",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "size=%d", sizeBits);
goto done;
}
! slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
&pubkey, PR_FALSE, PR_TRUE, NULL);
--- 955,966 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"PK11_PQG_VerifyParams",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "size=%d, error code=%d", sizeBits, PORT_GetError());
! ret = -1;
goto done;
}
! slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
&pubkey, PR_FALSE, PR_TRUE, NULL);
***************
*** 929,936 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"PK11_GenerateKeyPair",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
--- 970,978 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"PK11_GenerateKeyPair",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
+ ret = -1;
goto done;
}
***************
*** 943,971 ****
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
!
ret = 0;
done:
if (slot != NULL) {
! PK11_FreeSlot(slot);
}
if (pqgParams != NULL) {
! PK11_PQG_DestroyParams(pqgParams);
}
if (pqgVerify != NULL) {
! PK11_PQG_DestroyVerify(pqgVerify);
! }
! if (ret == 0) {
! return (0);
}
if (pubkey != NULL) {
! SECKEY_DestroyPublicKey(pubkey);
}
if (privkey != NULL) {
! SECKEY_DestroyPrivateKey(privkey);
}
! return(-1);
}
static xmlSecKeyDataType
--- 985,1016 ----
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
! privkey = NULL ;
! pubkey = NULL ;
ret = 0;
done:
if (slot != NULL) {
! PK11_FreeSlot(slot);
}
+
if (pqgParams != NULL) {
! PK11_PQG_DestroyParams(pqgParams);
}
+
if (pqgVerify != NULL) {
! PK11_PQG_DestroyVerify(pqgVerify);
}
+
if (pubkey != NULL) {
! SECKEY_DestroyPublicKey(pubkey);
}
+
if (privkey != NULL) {
! SECKEY_DestroyPrivateKey(privkey);
}
!
! return(ret);
}
static xmlSecKeyDataType
***************
*** 975,985 ****
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
if (ctx->privkey != NULL) {
! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
! } else {
! return(xmlSecKeyDataTypePublic);
}
return(xmlSecKeyDataTypeUnknown);
--- 1020,1030 ----
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
if (ctx->privkey != NULL) {
! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
! } else if( ctx->pubkey != NULL ) {
! return(xmlSecKeyDataTypePublic);
}
return(xmlSecKeyDataTypeUnknown);
***************
*** 992,998 ****
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
}
--- 1037,1043 ----
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
}
***************
*** 1181,1193 ****
goto done;
}
! slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
if(slot == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "PK11_GetBestSlot",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
ret = -1;
goto done;
}
--- 1226,1238 ----
goto done;
}
! slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
if(slot == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssSlotGet",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
ret = -1;
goto done;
}
***************
*** 1198,1204 ****
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"PORT_NewArena",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
ret = -1;
goto done;
}
--- 1243,1249 ----
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"PORT_NewArena",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
ret = -1;
goto done;
}
***************
*** 1210,1216 ****
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"PORT_ArenaZAlloc",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
PORT_FreeArena(arena, PR_FALSE);
ret = -1;
goto done;
--- 1255,1261 ----
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"PORT_ArenaZAlloc",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
PORT_FreeArena(arena, PR_FALSE);
ret = -1;
goto done;
***************
*** 1349,1355 ****
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
--- 1394,1400 ----
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
***************
*** 1420,1426 ****
params.keySizeInBits = sizeBits;
params.pe = 65537;
! slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
&pubkey, PR_FALSE, PR_TRUE, NULL);
--- 1465,1471 ----
params.keySizeInBits = sizeBits;
params.pe = 65537;
! slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
&pubkey, PR_FALSE, PR_TRUE, NULL);
***************
*** 1430,1436 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"PK11_GenerateKeyPair",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
--- 1475,1481 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"PK11_GenerateKeyPair",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
goto done;
}
***************
*** 1472,1478 ****
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
if (ctx->privkey != NULL) {
return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
} else {
--- 1517,1523 ----
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
if (ctx->privkey != NULL) {
return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
} else {
***************
*** 1490,1496 ****
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
}
--- 1535,1541 ----
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
}
*** misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 02:58:15.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2005-05-09 19:54:13.228627881 +0200
***************
*** 199,205 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SGN_NewContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
} else {
--- 199,205 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SGN_NewContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
} else {
***************
*** 222,228 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"VFY_CreateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
--- 222,228 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"VFY_CreateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
}
***************
*** 282,288 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"VFY_Update, VFY_End",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
xmlSecError(XMLSEC_ERRORS_HERE,
--- 282,288 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"VFY_Update, VFY_End",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
xmlSecError(XMLSEC_ERRORS_HERE,
***************
*** 341,347 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SGN_Begin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
} else {
--- 341,347 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SGN_Begin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
} else {
***************
*** 351,357 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"VFY_Begin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
--- 351,357 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"VFY_Begin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
}
***************
*** 368,374 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SGN_Update",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
} else {
--- 368,374 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SGN_Update",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
} else {
***************
*** 378,384 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"VFY_Update",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
--- 378,384 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"VFY_Update",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
}
***************
*** 404,410 ****
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SGN_End",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
--- 404,410 ----
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SGN_End",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
*** misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 05:12:52.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2005-05-09 19:54:13.232627544 +0200
***************
*** 15,192 ****
#include <stdio.h>
#include <string.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
#include <xmlsec/nss/crypto.h>
/*****************************************************************************
*
! * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
*
****************************************************************************/
! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
! xmlSecKeyDataPtr src);
! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
! xmlSecKeyPtr key,
! xmlNodePtr node,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
! xmlSecKeyPtr key,
! xmlNodePtr node,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
! xmlSecKeyPtr key,
! const xmlSecByte* buf,
! xmlSecSize bufSize,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
! xmlSecKeyPtr key,
! xmlSecByte** buf,
! xmlSecSize* bufSize,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
! xmlSecSize sizeBits,
! xmlSecKeyDataType type);
!
! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
! FILE* output);
! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
! FILE* output);
! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
#define xmlSecNssSymKeyDataCheckId(data) \
(xmlSecKeyDataIsValid((data)) && \
xmlSecNssSymKeyDataKlassCheck((data)->id))
static int
xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
!
! return(xmlSecKeyDataBinaryValueInitialize(data));
}
static int
xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
xmlSecAssert2(dst->id == src->id, -1);
!
! return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
}
static void
xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
!
! xmlSecKeyDataBinaryValueFinalize(data);
}
static int
xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
! return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
}
static int
xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
! return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
}
static int
xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
! const xmlSecByte* buf, xmlSecSize bufSize,
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
! return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
}
static int
xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
! xmlSecByte** buf, xmlSecSize* bufSize,
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
! return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
}
static int
xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
! xmlSecBufferPtr buffer;
!
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
xmlSecAssert2(sizeBits > 0, -1);
! buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
! xmlSecAssert2(buffer != NULL, -1);
!
! return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
}
static xmlSecKeyDataType
xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
! xmlSecBufferPtr buffer;
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
! buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
! xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
! return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
}
static xmlSecSize
xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
!
! return(xmlSecKeyDataBinaryValueGetSize(data));
}
static void
xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
! xmlSecKeyDataBinaryValueDebugDump(data, output);
}
static void
xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
! xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
}
static int
xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
#ifndef XMLSEC_NO_DES
if(klass == xmlSecNssKeyDataDesId) {
! return(1);
}
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_AES
if(klass == xmlSecNssKeyDataAesId) {
! return(1);
}
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_HMAC
if(klass == xmlSecNssKeyDataHmacId) {
! return(1);
}
#endif /* XMLSEC_NO_HMAC */
--- 15,851 ----
#include <stdio.h>
#include <string.h>
+ #include <pk11func.h>
+ #include <nss.h>
+
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
+ #include <xmlsec/base64.h>
#include <xmlsec/keys.h>
#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
#include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/ciphers.h>
+ #include <xmlsec/nss/tokens.h>
/*****************************************************************************
*
! * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
*
****************************************************************************/
! typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
! typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
!
! struct _xmlSecNssSymKeyDataCtx {
! CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
! PK11SlotInfo* slot ; /* the key resident slot */
! PK11SymKey* symkey ; /* the symmetic key */
! } ;
!
! #define xmlSecNssSymKeyDataSize \
! ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
!
! #define xmlSecNssSymKeyDataGetCtx( data ) \
! ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
!
!
! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
! xmlSecKeyDataPtr src);
! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
! xmlSecKeyPtr key,
! xmlNodePtr node,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
! xmlSecKeyPtr key,
! xmlNodePtr node,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
! xmlSecKeyPtr key,
! const xmlSecByte* buf,
! xmlSecSize bufSize,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
! xmlSecKeyPtr key,
! xmlSecByte** buf,
! xmlSecSize* bufSize,
! xmlSecKeyInfoCtxPtr keyInfoCtx);
! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
! xmlSecSize sizeBits,
! xmlSecKeyDataType type);
!
! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
! FILE* output);
! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
! FILE* output);
! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
#define xmlSecNssSymKeyDataCheckId(data) \
(xmlSecKeyDataIsValid((data)) && \
xmlSecNssSymKeyDataKlassCheck((data)->id))
+ /**
+ * xmlSecNssSymKeyDataAdoptKey:
+ * @data: the pointer to symmetric key data.
+ * @symkey: the symmetric key
+ *
+ * Set the value of symmetric key data.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+ int
+ xmlSecNssSymKeyDataAdoptKey(
+ xmlSecKeyDataPtr data ,
+ PK11SymKey* symkey
+ ) {
+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
+
+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
+ xmlSecAssert2( symkey != NULL, -1 ) ;
+
+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
+ xmlSecAssert2(context != NULL, -1);
+
+ context->cipher = PK11_GetMechanism( symkey ) ;
+
+ if( context->slot != NULL ) {
+ PK11_FreeSlot( context->slot ) ;
+ context->slot = NULL ;
+ }
+ context->slot = PK11_GetSlotFromKey( symkey ) ;
+
+ if( context->symkey != NULL ) {
+ PK11_FreeSymKey( context->symkey ) ;
+ context->symkey = NULL ;
+ }
+ context->symkey = PK11_ReferenceSymKey( symkey ) ;
+
+ return 0 ;
+ }
+
+ xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
+ PK11SymKey* symKey
+ ) {
+ xmlSecKeyDataPtr data = NULL ;
+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
+
+ xmlSecAssert2( symKey != NULL , NULL ) ;
+
+ mechanism = PK11_GetMechanism( symKey ) ;
+ switch( mechanism ) {
+ case CKM_DES3_KEY_GEN :
+ case CKM_DES3_CBC :
+ case CKM_DES3_MAC :
+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeyDataCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ "xmlSecNssKeyDataDesId" ) ;
+ return NULL ;
+ }
+ break ;
+ case CKM_AES_KEY_GEN :
+ case CKM_AES_CBC :
+ case CKM_AES_MAC :
+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeyDataCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ "xmlSecNssKeyDataDesId" ) ;
+ return NULL ;
+ }
+ break ;
+ default :
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ "Unsupported mechanism" ) ;
+ return NULL ;
+ }
+
+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataAdoptKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyDataDestroy( data ) ;
+ return NULL ;
+ }
+
+ return data ;
+ }
+
+
+ PK11SymKey*
+ xmlSecNssSymKeyDataGetKey(
+ xmlSecKeyDataPtr data
+ ) {
+ xmlSecNssSymKeyDataCtxPtr ctx;
+ PK11SymKey* symkey ;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
+
+ ctx = xmlSecNssSymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ if( ctx->symkey != NULL ) {
+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
+ } else {
+ symkey = NULL ;
+ }
+
+ return(symkey);
+ }
+
static int
xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecNssSymKeyDataCtxPtr ctx;
+
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
! xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
!
! ctx = xmlSecNssSymKeyDataGetCtx(data);
! xmlSecAssert2(ctx != NULL, -1);
!
! memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
!
! /* Set the block cipher mechanism */
! #ifndef XMLSEC_NO_DES
! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
! ctx->cipher = CKM_DES3_KEY_GEN;
! } else
! #endif /* XMLSEC_NO_DES */
!
! #ifndef XMLSEC_NO_AES
! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
! ctx->cipher = CKM_AES_KEY_GEN;
! } else
! #endif /* XMLSEC_NO_AES */
!
! if(1) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! "Unsupported block cipher" ) ;
! return(-1) ;
! }
!
! return(0);
}
static int
xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecNssSymKeyDataCtxPtr ctxDst;
+ xmlSecNssSymKeyDataCtxPtr ctxSrc;
+
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
xmlSecAssert2(dst->id == src->id, -1);
!
! ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
! xmlSecAssert2(ctxDst != NULL, -1);
!
! ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
! xmlSecAssert2(ctxSrc != NULL, -1);
!
! ctxDst->cipher = ctxSrc->cipher ;
!
! if( ctxSrc->slot != NULL ) {
! if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
! PK11_FreeSlot( ctxDst->slot ) ;
! ctxDst->slot = NULL ;
! }
!
! if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
! ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
! } else {
! if( ctxDst->slot != NULL ) {
! PK11_FreeSlot( ctxDst->slot ) ;
! ctxDst->slot = NULL ;
! }
! }
!
! if( ctxSrc->symkey != NULL ) {
! if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
! PK11_FreeSymKey( ctxDst->symkey ) ;
! ctxDst->symkey = NULL ;
! }
!
! if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
! ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
! } else {
! if( ctxDst->symkey != NULL ) {
! PK11_FreeSymKey( ctxDst->symkey ) ;
! ctxDst->symkey = NULL ;
! }
! }
!
! return(0);
}
static void
xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecNssSymKeyDataCtxPtr ctx;
+
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
! xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
!
! ctx = xmlSecNssSymKeyDataGetCtx(data);
! xmlSecAssert(ctx != NULL);
!
! if( ctx->slot != NULL ) {
! PK11_FreeSlot( ctx->slot ) ;
! ctx->slot = NULL ;
! }
!
! if( ctx->symkey != NULL ) {
! PK11_FreeSymKey( ctx->symkey ) ;
! ctx->symkey = NULL ;
! }
!
! ctx->cipher = CKM_INVALID_MECHANISM ;
}
static int
xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
! PK11SymKey* symKey ;
! PK11SlotInfo* slot ;
! xmlSecBufferPtr keyBuf;
! xmlSecSize len;
! xmlSecKeyDataPtr data;
! xmlSecNssSymKeyDataCtxPtr ctx;
! SECItem keyItem ;
! int ret;
!
! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
! xmlSecAssert2(key != NULL, -1);
! xmlSecAssert2(node != NULL, -1);
! xmlSecAssert2(keyInfoCtx != NULL, -1);
!
! /* Create a new KeyData from a id */
! data = xmlSecKeyDataCreate(id);
! if(data == NULL ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecKeyDataCreate",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! ctx = xmlSecNssSymKeyDataGetCtx(data);
! xmlSecAssert2(ctx != NULL, -1);
!
! /* Create a buffer for raw symmetric key value */
! if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecBufferCreate" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! /* Read the raw key value */
! if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecBufferDestroy( keyBuf ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! /* Get slot */
! slot = xmlSecNssSlotGet(ctx->cipher);
! if( slot == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssSlotGet" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecBufferDestroy( keyBuf ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! /* Wrap the raw key value SECItem */
! keyItem.type = siBuffer ;
! keyItem.data = xmlSecBufferGetData( keyBuf ) ;
! keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
!
! /* Import the raw key into slot temporalily and get the key handler*/
! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
! if( symKey == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "PK11_ImportSymKey" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! PK11_FreeSlot( slot ) ;
! xmlSecBufferDestroy( keyBuf ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
! PK11_FreeSlot( slot ) ;
!
! /* raw key material has been copied into symKey, it isn't used any more */
! xmlSecBufferDestroy( keyBuf ) ;
! /* Adopt the symmetric key into key data */
! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecKeyDataBinaryValueSetBuffer",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! PK11_FreeSymKey( symKey ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1);
! }
! /* symKey has been duplicated into data, it isn't used any more */
! PK11_FreeSymKey( symKey ) ;
!
! /* Check value */
! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecKeyReqMatchKeyValue",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! xmlSecKeyDataDestroy( data ) ;
! return(0);
! }
!
! ret = xmlSecKeySetValue(key, data);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecKeySetValue",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! xmlSecKeyDataDestroy( data ) ;
! return(-1);
! }
!
! return(0);
}
static int
xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
! PK11SymKey* symKey ;
!
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* Get symmetric key from "key" */
+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
+ if( symKey != NULL ) {
+ SECItem* keyItem ;
+ xmlSecBufferPtr keyBuf ;
+
+ /* Extract raw key data from symmetric key */
+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PK11_ExtractKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey( symKey ) ;
+ return(-1);
+ }
+
+ /* Get raw key data from "symKey" */
+ keyItem = PK11_GetKeyData( symKey ) ;
+ if(keyItem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PK11_GetKeyData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey( symKey ) ;
+ return(-1);
+ }
+
+ /* Create key data buffer with raw kwy material */
+ keyBuf = xmlSecBufferCreate(keyItem->len) ;
+ if(keyBuf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey( symKey ) ;
+ return(-1);
+ }
+
+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
+
+ /* Write raw key material into current xml node */
+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferDestroy(keyBuf);
+ PK11_FreeSymKey( symKey ) ;
+ return(-1);
+ }
+ xmlSecBufferDestroy(keyBuf);
+ PK11_FreeSymKey( symKey ) ;
+ }
! return 0 ;
}
static int
xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
! const xmlSecByte* buf, xmlSecSize bufSize,
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
! PK11SymKey* symKey ;
! PK11SlotInfo* slot ;
! xmlSecKeyDataPtr data;
! xmlSecNssSymKeyDataCtxPtr ctx;
! SECItem keyItem ;
! int ret;
! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
! xmlSecAssert2(key != NULL, -1);
! xmlSecAssert2(buf != NULL, -1);
! xmlSecAssert2(bufSize != 0, -1);
! xmlSecAssert2(keyInfoCtx != NULL, -1);
!
! /* Create a new KeyData from a id */
! data = xmlSecKeyDataCreate(id);
! if(data == NULL ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecKeyDataCreate",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
!
! ctx = xmlSecNssSymKeyDataGetCtx(data);
! xmlSecAssert2(ctx != NULL, -1);
!
! /* Get slot */
! slot = xmlSecNssSlotGet(ctx->cipher);
! if( slot == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssSlotGet" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! /* Wrap the raw key value SECItem */
! keyItem.type = siBuffer ;
! keyItem.data = buf ;
! keyItem.len = bufSize ;
!
! /* Import the raw key into slot temporalily and get the key handler*/
! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
! if( symKey == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "PK11_ImportSymKey" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSlot( slot ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1) ;
! }
!
! /* Adopt the symmetric key into key data */
! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecKeyDataBinaryValueSetBuffer",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSymKey( symKey ) ;
! PK11_FreeSlot( slot ) ;
! xmlSecKeyDataDestroy( data ) ;
! return(-1);
! }
! /* symKey has been duplicated into data, it isn't used any more */
! PK11_FreeSymKey( symKey ) ;
! PK11_FreeSlot( slot ) ;
!
! /* Check value */
! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecKeyReqMatchKeyValue",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! xmlSecKeyDataDestroy( data ) ;
! return(0);
! }
!
! ret = xmlSecKeySetValue(key, data);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecKeySetValue",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! xmlSecKeyDataDestroy( data ) ;
! return(-1);
! }
!
! return(0);
}
static int
xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
! xmlSecByte** buf, xmlSecSize* bufSize,
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
! PK11SymKey* symKey ;
!
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize != 0, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* Get symmetric key from "key" */
+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
+ if( symKey != NULL ) {
+ SECItem* keyItem ;
+
+ /* Extract raw key data from symmetric key */
+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PK11_ExtractKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey( symKey ) ;
+ return(-1);
+ }
+
+ /* Get raw key data from "symKey" */
+ keyItem = PK11_GetKeyData( symKey ) ;
+ if(keyItem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PK11_GetKeyData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey( symKey ) ;
+ return(-1);
+ }
+
+ *bufSize = keyItem->len;
+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
+ if( *buf == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey( symKey ) ;
+ return(-1);
+ }
+
+ memcpy((*buf), keyItem->data, (*bufSize));
+ PK11_FreeSymKey( symKey ) ;
+ }
! return 0 ;
}
static int
xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
! PK11SymKey* symkey ;
! PK11SlotInfo* slot ;
! xmlSecNssSymKeyDataCtxPtr ctx;
! int ret;
!
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
xmlSecAssert2(sizeBits > 0, -1);
! ctx = xmlSecNssSymKeyDataGetCtx(data);
! xmlSecAssert2(ctx != NULL, -1);
!
! if( sizeBits % 8 != 0 ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! NULL,
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "Symmetric key size must be octuple");
! return(-1);
! }
!
! /* Get slot */
! slot = xmlSecNssSlotGet(ctx->cipher);
! if( slot == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! "xmlSecNssSlotGet" ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1) ;
! }
!
! if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
! "PK11_Authenticate" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSlot( slot ) ;
! return -1 ;
! }
!
! symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
! if( symkey == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
! "PK11_KeyGen" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSlot( slot ) ;
! return -1 ;
! }
!
! if( ctx->slot != NULL ) {
! PK11_FreeSlot( ctx->slot ) ;
! ctx->slot = NULL ;
! }
! ctx->slot = slot ;
!
! if( ctx->symkey != NULL ) {
! PK11_FreeSymKey( ctx->symkey ) ;
! ctx->symkey = NULL ;
! }
! ctx->symkey = symkey ;
!
! return 0 ;
}
static xmlSecKeyDataType
xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
! xmlSecNssSymKeyDataCtxPtr context = NULL ;
! xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
! context = xmlSecNssSymKeyDataGetCtx( data ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
! "xmlSecNssSymKeyDataGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return xmlSecKeyDataTypeUnknown ;
! }
!
! if( context->symkey != NULL ) {
! type |= xmlSecKeyDataTypeSymmetric ;
! } else {
! type |= xmlSecKeyDataTypeUnknown ;
! }
! return type ;
}
static xmlSecSize
xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecNssSymKeyDataCtxPtr context ;
+ unsigned int length = 0 ;
+
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
! xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
!
! context = xmlSecNssSymKeyDataGetCtx( data ) ;
! if( context == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
! "xmlSecNssSymKeyDataGetCtx" ,
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return 0 ;
! }
!
! if( context->symkey != NULL ) {
! length = PK11_GetKeyLength( context->symkey ) ;
! length *= 8 ;
! }
!
! return length ;
}
static void
xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
! /* print only size, everything else is sensitive */
! fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
! xmlSecKeyDataGetSize(data)) ;
}
static void
xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
! /* print only size, everything else is sensitive */
! fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
! xmlSecKeyDataGetSize(data)) ;
}
static int
xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
#ifndef XMLSEC_NO_DES
if(klass == xmlSecNssKeyDataDesId) {
! return(1);
}
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_AES
if(klass == xmlSecNssKeyDataAesId) {
! return(1);
}
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_HMAC
if(klass == xmlSecNssKeyDataHmacId) {
! return(1);
}
#endif /* XMLSEC_NO_HMAC */
***************
*** 201,240 ****
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
sizeof(xmlSecKeyDataKlass),
! xmlSecKeyDataBinarySize,
/* data */
xmlSecNameAESKeyValue,
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
! /* xmlSecKeyDataUsage usage; */
! xmlSecHrefAESKeyValue, /* const xmlChar* href; */
! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
! xmlSecNs, /* const xmlChar* dataNodeNs; */
/* constructors/destructor */
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
};
/**
--- 860,899 ----
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
sizeof(xmlSecKeyDataKlass),
! xmlSecNssSymKeyDataSize,
/* data */
xmlSecNameAESKeyValue,
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
! /* xmlSecKeyDataUsage usage; */
! xmlSecHrefAESKeyValue, /* const xmlChar* href; */
! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
! xmlSecNs, /* const xmlChar* dataNodeNs; */
/* constructors/destructor */
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
};
/**
***************
*** 251,259 ****
/**
* xmlSecNssKeyDataAesSet:
! * @data: the pointer to AES key data.
! * @buf: the pointer to key value.
! * @bufSize: the key value size (in bytes).
*
* Sets the value of AES key data.
*
--- 910,918 ----
/**
* xmlSecNssKeyDataAesSet:
! * @data: the pointer to AES key data.
! * @buf: the pointer to key value.
! * @bufSize: the key value size (in bytes).
*
* Sets the value of AES key data.
*
***************
*** 282,321 ****
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
sizeof(xmlSecKeyDataKlass),
! xmlSecKeyDataBinarySize,
/* data */
xmlSecNameDESKeyValue,
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
! /* xmlSecKeyDataUsage usage; */
! xmlSecHrefDESKeyValue, /* const xmlChar* href; */
! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
! xmlSecNs, /* const xmlChar* dataNodeNs; */
/* constructors/destructor */
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
};
/**
--- 941,980 ----
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
sizeof(xmlSecKeyDataKlass),
! xmlSecNssSymKeyDataSize,
/* data */
xmlSecNameDESKeyValue,
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
! /* xmlSecKeyDataUsage usage; */
! xmlSecHrefDESKeyValue, /* const xmlChar* href; */
! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
! xmlSecNs, /* const xmlChar* dataNodeNs; */
/* constructors/destructor */
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
};
/**
***************
*** 332,340 ****
/**
* xmlSecNssKeyDataDesSet:
! * @data: the pointer to DES key data.
! * @buf: the pointer to key value.
! * @bufSize: the key value size (in bytes).
*
* Sets the value of DES key data.
*
--- 991,999 ----
/**
* xmlSecNssKeyDataDesSet:
! * @data: the pointer to DES key data.
! * @buf: the pointer to key value.
! * @bufSize: the key value size (in bytes).
*
* Sets the value of DES key data.
*
***************
*** 364,403 ****
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
sizeof(xmlSecKeyDataKlass),
! xmlSecKeyDataBinarySize,
/* data */
xmlSecNameHMACKeyValue,
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
! /* xmlSecKeyDataUsage usage; */
! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
! xmlSecNs, /* const xmlChar* dataNodeNs; */
/* constructors/destructor */
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
};
/**
--- 1023,1062 ----
*************************************************************************/
static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
sizeof(xmlSecKeyDataKlass),
! xmlSecNssSymKeyDataSize,
/* data */
xmlSecNameHMACKeyValue,
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
! /* xmlSecKeyDataUsage usage; */
! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
! xmlSecNs, /* const xmlChar* dataNodeNs; */
/* constructors/destructor */
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
};
/**
***************
*** 414,422 ****
/**
* xmlSecNssKeyDataHmacSet:
! * @data: the pointer to HMAC key data.
! * @buf: the pointer to key value.
! * @bufSize: the key value size (in bytes).
*
* Sets the value of HMAC key data.
*
--- 1073,1081 ----
/**
* xmlSecNssKeyDataHmacSet:
! * @data: the pointer to HMAC key data.
! * @buf: the pointer to key value.
! * @bufSize: the key value size (in bytes).
*
* Sets the value of HMAC key data.
*
*** misc/xmlsec1-1.2.6/src/nss/tokens.c 2005-05-09 19:55:57.269853046 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2005-05-09 19:54:13.234627375 +0200
***************
*** 1 ****
! dummy
--- 1,544 ----
! /**
! * XMLSec library
! *
! * This is free software; see Copyright file in the source
! * distribution for preciese wording.
! *
! * Copyright..................................
! *
! * Contributor(s): _____________________________
! *
! */
!
! /**
! * In order to ensure that particular crypto operation is performed on
! * particular crypto device, a subclass of xmlSecList is used to store slot and
! * mechanism information.
! *
! * In the list, a slot is bound with a mechanism. If the mechanism is available,
! * this mechanism only can perform on the slot; otherwise, it can perform on
! * every eligibl slot in the list.
! *
! * When try to find a slot for a particular mechanism, the slot bound with
! * avaliable mechanism will be looked up firstly.
! */
! #include "globals.h"
! #include <string.h>
!
! #include <xmlsec/xmlsec.h>
! #include <xmlsec/errors.h>
! #include <xmlsec/list.h>
!
! #include <xmlsec/nss/tokens.h>
!
! int
! xmlSecNssKeySlotSetMechList(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE_PTR mechanismList
! ) {
! int counter ;
!
! xmlSecAssert2( keySlot != NULL , -1 ) ;
!
! if( keySlot->mechanismList != CK_NULL_PTR ) {
! xmlFree( keySlot->mechanismList ) ;
!
! for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
! keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
! if( keySlot->mechanismList == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 );
! }
! for( ; counter >= 0 ; counter -- )
! *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
! }
!
! return( 0 );
! }
!
! int
! xmlSecNssKeySlotEnableMech(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE mechanism
! ) {
! int counter ;
! CK_MECHANISM_TYPE_PTR newList ;
!
! xmlSecAssert2( keySlot != NULL , -1 ) ;
!
! if( mechanism != CKM_INVALID_MECHANISM ) {
! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
! newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
! if( newList == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 );
! }
! *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
! *( newList + counter ) = mechanism ;
! for( counter -= 1 ; counter >= 0 ; counter -- )
! *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
!
! xmlFree( keySlot->mechanismList ) ;
! keySlot->mechanismList = newList ;
! }
!
! return(0);
! }
!
! int
! xmlSecNssKeySlotDisableMech(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE mechanism
! ) {
! int counter ;
!
! xmlSecAssert2( keySlot != NULL , -1 ) ;
!
! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
! if( *( keySlot->mechanismList + counter ) == mechanism ) {
! for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
! *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
! }
!
! break ;
! }
! }
!
! return(0);
! }
!
! CK_MECHANISM_TYPE_PTR
! xmlSecNssKeySlotGetMechList(
! xmlSecNssKeySlotPtr keySlot
! ) {
! if( keySlot != NULL )
! return keySlot->mechanismList ;
! else
! return NULL ;
! }
!
! int
! xmlSecNssKeySlotSetSlot(
! xmlSecNssKeySlotPtr keySlot ,
! PK11SlotInfo* slot
! ) {
! xmlSecAssert2( keySlot != NULL , -1 ) ;
!
! if( slot != NULL && keySlot->slot != slot ) {
! if( keySlot->slot != NULL )
! PK11_FreeSlot( keySlot->slot ) ;
!
! if( keySlot->mechanismList != NULL ) {
! xmlFree( keySlot->mechanismList ) ;
! keySlot->mechanismList = NULL ;
! }
!
! keySlot->slot = PK11_ReferenceSlot( slot ) ;
! }
!
! return(0);
! }
!
! int
! xmlSecNssKeySlotInitialize(
! xmlSecNssKeySlotPtr keySlot ,
! PK11SlotInfo* slot
! ) {
! xmlSecAssert2( keySlot != NULL , -1 ) ;
! xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
! xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
!
! if( slot != NULL ) {
! keySlot->slot = PK11_ReferenceSlot( slot ) ;
! }
!
! return(0);
! }
!
! void
! xmlSecNssKeySlotFinalize(
! xmlSecNssKeySlotPtr keySlot
! ) {
! xmlSecAssert( keySlot != NULL ) ;
!
! if( keySlot->mechanismList != NULL ) {
! xmlFree( keySlot->mechanismList ) ;
! keySlot->mechanismList = NULL ;
! }
!
! if( keySlot->slot != NULL ) {
! PK11_FreeSlot( keySlot->slot ) ;
! keySlot->slot = NULL ;
! }
!
! }
!
! PK11SlotInfo*
! xmlSecNssKeySlotGetSlot(
! xmlSecNssKeySlotPtr keySlot
! ) {
! if( keySlot != NULL )
! return keySlot->slot ;
! else
! return NULL ;
! }
!
! xmlSecNssKeySlotPtr
! xmlSecNssKeySlotCreate() {
! xmlSecNssKeySlotPtr keySlot ;
!
! /* Allocates a new xmlSecNssKeySlot and fill the fields */
! keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
! if( keySlot == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( NULL );
! }
! memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
!
! return( keySlot ) ;
! }
!
! int
! xmlSecNssKeySlotCopy(
! xmlSecNssKeySlotPtr newKeySlot ,
! xmlSecNssKeySlotPtr keySlot
! ) {
! CK_MECHANISM_TYPE_PTR mech ;
! int counter ;
!
! xmlSecAssert2( newKeySlot != NULL , -1 ) ;
! xmlSecAssert2( keySlot != NULL , -1 ) ;
!
! if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
! if( newKeySlot->slot != NULL )
! PK11_FreeSlot( newKeySlot->slot ) ;
!
! newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
! }
!
! if( keySlot->mechanismList != CK_NULL_PTR ) {
! xmlFree( newKeySlot->mechanismList ) ;
!
! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
! newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
! if( newKeySlot->mechanismList == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 );
! }
! for( ; counter >= 0 ; counter -- )
! *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
! }
!
! return( 0 );
! }
!
! xmlSecNssKeySlotPtr
! xmlSecNssKeySlotDuplicate(
! xmlSecNssKeySlotPtr keySlot
! ) {
! xmlSecNssKeySlotPtr newKeySlot ;
! int ret ;
!
! xmlSecAssert2( keySlot != NULL , NULL ) ;
!
! newKeySlot = xmlSecNssKeySlotCreate() ;
! if( newKeySlot == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( NULL );
! }
!
! if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( NULL );
! }
!
! return( newKeySlot );
! }
!
! void
! xmlSecNssKeySlotDestroy(
! xmlSecNssKeySlotPtr keySlot
! ) {
! xmlSecAssert( keySlot != NULL ) ;
!
! if( keySlot->mechanismList != NULL )
! xmlFree( keySlot->mechanismList ) ;
!
! if( keySlot->slot != NULL )
! PK11_FreeSlot( keySlot->slot ) ;
!
! xmlFree( keySlot ) ;
! }
!
! int
! xmlSecNssKeySlotBindMech(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE type
! ) {
! int counter ;
!
! xmlSecAssert2( keySlot != NULL , 0 ) ;
! xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
!
! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
! if( *( keySlot->mechanismList + counter ) == type )
! return(1) ;
! }
!
! return( 0 ) ;
! }
!
! int
! xmlSecNssKeySlotSupportMech(
! xmlSecNssKeySlotPtr keySlot ,
! CK_MECHANISM_TYPE type
! ) {
! xmlSecAssert2( keySlot != NULL , 0 ) ;
! xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
!
! if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
! return(1);
! } else
! return(0);
! }
!
! void
! xmlSecNssKeySlotDebugDump(
! xmlSecNssKeySlotPtr keySlot ,
! FILE* output
! ) {
! xmlSecAssert( keySlot != NULL ) ;
! xmlSecAssert( output != NULL ) ;
!
! fprintf( output, "== KEY SLOT\n" );
! }
!
! void
! xmlSecNssKeySlotDebugXmlDump(
! xmlSecNssKeySlotPtr keySlot ,
! FILE* output
! ) {
! }
!
! /**
! * Key Slot List
! */
! static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
! BAD_CAST "mechanism-list",
! (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
! (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
! };
!
! xmlSecPtrListId
! xmlSecNssKeySlotListGetKlass(void) {
! return(&xmlSecNssKeySlotPtrListKlass);
! }
!
!
! /*-
! * Global PKCS#11 crypto token repository -- Key slot list
! */
! static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
!
! PK11SlotInfo*
! xmlSecNssSlotGet(
! CK_MECHANISM_TYPE type
! ) {
! PK11SlotInfo* slot = NULL ;
! xmlSecNssKeySlotPtr keySlot ;
! xmlSecSize ksSize ;
! xmlSecSize ksPos ;
! char flag ;
!
! if( _xmlSecNssKeySlotList == NULL ) {
! slot = PK11_GetBestSlot( type , NULL ) ;
! } else {
! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
!
! /*-
! * Firstly, checking whether the mechanism is bound with a special slot.
! * If no bound slot, we try to find the first eligible slot in the list.
! */
! for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
! if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
! flag = 2 ;
! } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
! flag = 1 ;
! }
!
! if( flag == 2 )
! break ;
! }
! if( slot != NULL )
! slot = PK11_ReferenceSlot( slot ) ;
! }
!
! if( slot != NULL && PK11_NeedLogin( slot ) ) {
! if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! PK11_FreeSlot( slot ) ;
! return( NULL );
! }
! }
!
! return slot ;
! }
!
! int
! xmlSecNssSlotInitialize(
! void
! ) {
! if( _xmlSecNssKeySlotList != NULL ) {
! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
! _xmlSecNssKeySlotList = NULL ;
! }
!
! _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
! if( _xmlSecNssKeySlotList == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return( -1 );
! }
!
! return(0);
! }
!
! void
! xmlSecNssSlotShutdown(
! void
! ) {
! if( _xmlSecNssKeySlotList != NULL ) {
! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
! _xmlSecNssKeySlotList = NULL ;
! }
! }
!
! int
! xmlSecNssSlotAdopt(
! PK11SlotInfo* slot,
! CK_MECHANISM_TYPE type
! ) {
! xmlSecNssKeySlotPtr keySlot ;
! xmlSecSize ksSize ;
! xmlSecSize ksPos ;
! char flag ;
!
! xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
! xmlSecAssert2( slot != NULL, -1 ) ;
!
! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
!
! /*-
! * Firstly, checking whether the slot is in the repository already.
! */
! flag = 0 ;
! for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
! /* If find the slot in the list */
! if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
! /* If mechnism type is valid, bind the slot with the mechanism */
! if( type != CKM_INVALID_MECHANISM ) {
! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
! }
!
! flag = 1 ;
! }
! }
!
! /* If the slot do not in the list, add a new item to the list */
! if( flag == 0 ) {
! /* Create a new KeySlot */
! keySlot = xmlSecNssKeySlotCreate() ;
! if( keySlot == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return(-1);
! }
!
! /* Initialize the keySlot with a slot */
! if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecNssKeySlotDestroy( keySlot ) ;
! return(-1);
! }
!
! /* If mechnism type is valid, bind the slot with the mechanism */
! if( type != CKM_INVALID_MECHANISM ) {
! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecNssKeySlotDestroy( keySlot ) ;
! return(-1);
! }
! }
!
! /* Add keySlot into the list */
! if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE ,
! NULL ,
! NULL ,
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecNssKeySlotDestroy( keySlot ) ;
! return(-1);
! }
! }
!
! return(0);
! }
!
*** misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 05:53:09.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/x509.c 2005-05-09 19:54:13.237627122 +0200
***************
*** 34,40 ****
#include <xmlsec/keys.h>
#include <xmlsec/keyinfo.h>
#include <xmlsec/keysmngr.h>
- #include <xmlsec/x509.h>
#include <xmlsec/base64.h>
#include <xmlsec/errors.h>
--- 34,39 ----
***************
*** 61,97 ****
static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
xmlNodePtr node,
xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
xmlNodePtr node,
xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
xmlNodePtr node,
xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
xmlNodePtr node,
xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
xmlNodePtr node,
xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
xmlSecKeyPtr key,
xmlSecKeyInfoCtxPtr keyInfoCtx);
-
static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf,
xmlSecSize size);
static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf);
--- 60,80 ----
***************
*** 104,112 ****
xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
int base64LineWrap);
- static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
- static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
- static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
FILE* output);
static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
--- 87,92 ----
***************
*** 378,384 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"CERT_NewCertList",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
--- 358,364 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"CERT_NewCertList",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
}
***************
*** 389,395 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"CERT_AddCertToListTail",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ctx->numCerts++;
--- 369,375 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"CERT_AddCertToListTail",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
ctx->numCerts++;
***************
*** 588,594 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
--- 568,574 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
***************
*** 627,633 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
"SEC_DupCrl",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
--- 607,613 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
"SEC_DupCrl",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
***************
*** 652,658 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
--- 632,638 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
***************
*** 752,782 ****
xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
CERTCertificate* cert;
CERTSignedCrl* crl;
xmlSecSize size, pos;
- int content = 0;
- int ret;
xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
! content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
! if (content < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecX509DataGetNodeContent",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "content=%d", content);
! return(-1);
! } else if(content == 0) {
! /* by default we are writing certificates and crls */
! content = XMLSEC_X509DATA_DEFAULT;
}
- /* get x509 data */
data = xmlSecKeyGetData(key, id);
if(data == NULL) {
/* no x509 data in the key */
--- 732,753 ----
xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
+ xmlNodePtr cur;
+ xmlChar* buf;
CERTCertificate* cert;
CERTSignedCrl* crl;
xmlSecSize size, pos;
xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
! /* todo: flag in ctx remove all existing content */
! if(0) {
! xmlNodeSetContent(node, NULL);
}
data = xmlSecKeyGetData(key, id);
if(data == NULL) {
/* no x509 data in the key */
***************
*** 795,874 ****
"pos=%d", pos);
return(-1);
}
!
! if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
! ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssX509CertificateNodeWrite",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "pos=%d", pos);
! return(-1);
! }
}
!
! if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
! ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssX509SubjectNameNodeWrite",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "pos=%d", pos);
! return(-1);
! }
}
! if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
! ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssX509IssuerSerialNodeWrite",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "pos=%d", pos);
! return(-1);
! }
! }
! if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
! ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssX509SKINodeWrite",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "pos=%d", pos);
! return(-1);
! }
! }
! }
! /* write crls if needed */
! if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
! size = xmlSecNssKeyDataX509GetCrlsSize(data);
! for(pos = 0; pos < size; ++pos) {
! crl = xmlSecNssKeyDataX509GetCrl(data, pos);
! if(crl == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssKeyDataX509GetCrl",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "pos=%d", pos);
! return(-1);
! }
!
! ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
! if(ret < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssX509CRLNodeWrite",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "pos=%d", pos);
! return(-1);
! }
! }
}
return(0);
--- 766,840 ----
"pos=%d", pos);
return(-1);
}
!
! /* set base64 lines size from context */
! buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
! if(buf == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssX509CertBase64DerWrite",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
}
!
! cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
! if(cur == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecAddChild",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "node=%s",
! xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
! xmlFree(buf);
! return(-1);
}
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+ }
! /* write crls */
! size = xmlSecNssKeyDataX509GetCrlsSize(data);
! for(pos = 0; pos < size; ++pos) {
! crl = xmlSecNssKeyDataX509GetCrl(data, pos);
! if(crl == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssKeyDataX509GetCrl",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "pos=%d", pos);
! return(-1);
! }
! /* set base64 lines size from context */
! buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
! if(buf == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecNssX509CrlBase64DerWrite",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
! if(cur == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
! "xmlSecAddChild",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "new_node=%s",
! xmlSecErrorsSafeString(xmlSecNodeX509CRL));
! xmlFree(buf);
! return(-1);
! }
! /* todo: add \n around base64 data - from context */
! /* todo: add errors check */
! xmlNodeSetContent(cur, xmlSecStringCR);
! xmlNodeSetContent(cur, buf);
}
return(0);
***************
*** 1015,1033 ****
xmlSecAssert2(keyInfoCtx != NULL, -1);
content = xmlNodeGetContent(node);
! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
! if(content != NULL) {
! xmlFree(content);
! }
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! return(0);
}
cert = xmlSecNssX509CertBase64DerRead(content);
--- 981,993 ----
xmlSecAssert2(keyInfoCtx != NULL, -1);
content = xmlNodeGetContent(node);
! if(content == NULL){
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
}
cert = xmlSecNssX509CertBase64DerRead(content);
***************
*** 1057,1102 ****
return(0);
}
- static int
- xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlChar* buf;
- xmlNodePtr cur;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- /* set base64 lines size from context */
- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CertBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
- xmlFree(buf);
- return(-1);
- }
-
- /* todo: add \n around base64 data - from context */
- /* todo: add errors check */
- xmlNodeSetContent(cur, xmlSecStringCR);
- xmlNodeSetContent(cur, buf);
- xmlFree(buf);
- return(0);
- }
-
static int
xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
--- 1017,1022 ----
***************
*** 1120,1138 ****
}
subject = xmlNodeGetContent(node);
! if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
! if(subject != NULL) {
! xmlFree(subject);
! }
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! return(0);
}
cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
--- 1040,1052 ----
}
subject = xmlNodeGetContent(node);
! if(subject == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
}
cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
***************
*** 1167,1206 ****
return(0);
}
- static int
- xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
- xmlChar* buf = NULL;
- xmlNodePtr cur = NULL;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
-
- buf = xmlSecNssX509NameWrite(&(cert->subject));
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameWrite(&(cert->subject))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
- xmlFree(buf);
- return(-1);
- }
- xmlNodeSetContent(cur, buf);
- xmlFree(buf);
- return(0);
- }
-
static int
xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
--- 1081,1086 ----
***************
*** 1226,1246 ****
}
cur = xmlSecGetNextElementNode(node->children);
! if(cur == NULL) {
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
! XMLSEC_ERRORS_R_NODE_NOT_FOUND,
! "node=%s",
! xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
! return(-1);
! }
! return(0);
! }
!
/* the first is required node X509IssuerName */
! if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
--- 1106,1114 ----
}
cur = xmlSecGetNextElementNode(node->children);
!
/* the first is required node X509IssuerName */
! if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
***************
*** 1332,1409 ****
return(0);
}
- static int
- xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
- xmlNodePtr cur;
- xmlNodePtr issuerNameNode;
- xmlNodePtr issuerNumberNode;
- xmlChar* buf;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
-
- /* create xml nodes */
- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
- return(-1);
- }
-
- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
- if(issuerNameNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
- }
-
- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
- if(issuerNumberNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- return(-1);
- }
-
- /* write data */
- buf = xmlSecNssX509NameWrite(&(cert->issuer));
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameWrite(&(cert->issuer))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- xmlNodeSetContent(issuerNameNode, buf);
- xmlFree(buf);
-
- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- xmlNodeSetContent(issuerNumberNode, buf);
- xmlFree(buf);
-
- return(0);
- }
-
static int
xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
--- 1200,1205 ----
***************
*** 1427,1446 ****
}
ski = xmlNodeGetContent(node);
! if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
! if(ski != NULL) {
! xmlFree(ski);
! }
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
! "node=%s",
! xmlSecErrorsSafeString(xmlSecNodeX509SKI));
! return(-1);
! }
! return(0);
}
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
--- 1223,1236 ----
}
ski = xmlNodeGetContent(node);
! if(ski == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
! "node=%s",
! xmlSecErrorsSafeString(xmlSecNodeX509SKI));
! return(-1);
}
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
***************
*** 1475,1515 ****
return(0);
}
- static int
- xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
- xmlChar *buf = NULL;
- xmlNodePtr cur = NULL;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
-
- buf = xmlSecNssX509SKIWrite(cert);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509SKIWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- xmlFree(buf);
- return(-1);
- }
- xmlNodeSetContent(cur, buf);
- xmlFree(buf);
-
- return(0);
- }
-
static int
xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar *content;
--- 1265,1270 ----
***************
*** 1520,1538 ****
xmlSecAssert2(keyInfoCtx != NULL, -1);
content = xmlNodeGetContent(node);
! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
! if(content != NULL) {
! xmlFree(content);
! }
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! return(0);
}
crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
--- 1275,1287 ----
xmlSecAssert2(keyInfoCtx != NULL, -1);
content = xmlNodeGetContent(node);
! if(content == NULL){
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
}
crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
***************
*** 1552,1598 ****
}
static int
- xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlChar* buf = NULL;
- xmlNodePtr cur = NULL;
-
- xmlSecAssert2(crl != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- /* set base64 lines size from context */
- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CrlBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
- xmlFree(buf);
- return(-1);
- }
- /* todo: add \n around base64 data - from context */
- /* todo: add errors check */
- xmlNodeSetContent(cur, xmlSecStringCR);
- xmlNodeSetContent(cur, buf);
- xmlFree(buf);
-
- return(0);
- }
-
-
- static int
xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecNssX509DataCtxPtr ctx;
--- 1301,1306 ----
***************
*** 1600,1605 ****
--- 1308,1317 ----
int ret;
SECStatus status;
PRTime notBefore, notAfter;
+
+ PK11SlotInfo* slot ;
+ SECKEYPublicKey *pubKey = NULL;
+ SECKEYPrivateKey *priKey = NULL;
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(key != NULL, -1);
***************
*** 1632,1641 ****
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
if(keyValue == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
--- 1344,1356 ----
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(-1);
}
+ /*-
+ * Get Public key from cert, which does not always work for sign action.
+ *
keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
if(keyValue == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
***************
*** 1645,1650 ****
--- 1360,1413 ----
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
+ */
+
+ /*-
+ * I'll search key according to KeyReq.
+ */
+ slot = cert->slot ;
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
+ "PK11_FindPrivateKeyFromCert" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+ }
+
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
+ "CERT_ExtractPublicKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ if( priKey != NULL )
+ SECKEY_DestroyPrivateKey( priKey ) ;
+ return -1 ;
+ }
+ }
+
+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
+ if( keyValue == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
+ "xmlSecNssPKIAdoptKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ if( priKey != NULL )
+ SECKEY_DestroyPrivateKey( priKey ) ;
+
+ if( pubKey != NULL )
+ SECKEY_DestroyPublicKey( pubKey ) ;
+
+ return -1 ;
+ }
+ /* Modify keyValue get Done */
/* verify that the key matches our expectations */
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
***************
*** 1725,1738 ****
return(0);
}
- /**
- * xmlSecNssX509CertGetKey:
- * @cert: the certificate.
- *
- * Extracts public key from the @cert.
- *
- * Returns public key value or NULL if an error occurs.
- */
xmlSecKeyDataPtr
xmlSecNssX509CertGetKey(CERTCertificate* cert) {
xmlSecKeyDataPtr data;
--- 1488,1493 ----
***************
*** 1746,1752 ****
NULL,
"CERT_ExtractPublicKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
--- 1501,1507 ----
NULL,
"CERT_ExtractPublicKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(NULL);
}
***************
*** 1804,1810 ****
NULL,
"__CERT_NewTempCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
--- 1559,1565 ----
NULL,
"__CERT_NewTempCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(NULL);
}
***************
*** 1827,1833 ****
NULL,
"cert->derCert",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
--- 1582,1588 ----
NULL,
"cert->derCert",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(NULL);
}
***************
*** 1890,1896 ****
NULL,
"PK11_GetInternalKeySlot",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return NULL;
}
--- 1645,1651 ----
NULL,
"PK11_GetInternalKeySlot",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return NULL;
}
***************
*** 1905,1911 ****
NULL,
"PK11_ImportCRL",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
PK11_FreeSlot(slot);
return(NULL);
}
--- 1660,1666 ----
NULL,
"PK11_ImportCRL",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
PK11_FreeSlot(slot);
return(NULL);
}
***************
*** 1929,1935 ****
NULL,
"crl->derCrl",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
--- 1684,1690 ----
NULL,
"crl->derCrl",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
return(NULL);
}
***************
*** 1946,2031 ****
return(res);
}
- static xmlChar*
- xmlSecNssX509NameWrite(CERTName* nm) {
- xmlChar *res = NULL;
- char *str;
-
- xmlSecAssert2(nm != NULL, NULL);
-
- str = CERT_NameToAscii(nm);
- if (str == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_NameToAscii",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- res = xmlStrdup(BAD_CAST str);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- PORT_Free(str);
- return(NULL);
- }
- PORT_Free(str);
- return(res);
- }
-
- static xmlChar*
- xmlSecNssASN1IntegerWrite(SECItem *num) {
- xmlChar *res = NULL;
-
- xmlSecAssert2(num != NULL, NULL);
-
- /* TODO : to be implemented after
- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
- */
- return(res);
- }
-
- static xmlChar*
- xmlSecNssX509SKIWrite(CERTCertificate* cert) {
- xmlChar *res = NULL;
- SECItem ski;
- SECStatus rv;
-
- xmlSecAssert2(cert != NULL, NULL);
-
- memset(&ski, 0, sizeof(ski));
-
- rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_FindSubjectKeyIDExtension",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&ski, PR_FALSE);
- return(NULL);
- }
-
- res = xmlSecBase64Encode(ski.data, ski.len, 0);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&ski, PR_FALSE);
- return(NULL);
- }
- SECITEM_FreeItem(&ski, PR_FALSE);
-
- return(res);
- }
-
-
static void
xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
SECItem *sn;
--- 1701,1706 ----
*** misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 02:58:15.000000000 +0200
--- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2005-05-09 19:54:13.239626954 +0200
***************
*** 30,35 ****
--- 30,36 ----
#include <xmlsec/keyinfo.h>
#include <xmlsec/keysmngr.h>
#include <xmlsec/base64.h>
+ #include <xmlsec/bn.h>
#include <xmlsec/errors.h>
#include <xmlsec/nss/crypto.h>
***************
*** 43,50 ****
typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
*xmlSecNssX509StoreCtxPtr;
struct _xmlSecNssX509StoreCtx {
! CERTCertList* certsList; /* just keeping a reference to destroy later */
! };
/****************************************************************************
*
--- 44,51 ----
typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
*xmlSecNssX509StoreCtxPtr;
struct _xmlSecNssX509StoreCtx {
! CERTCertList* certsList; /* just keeping a reference to destroy later */
! };
/****************************************************************************
*
***************
*** 54,98 ****
*
***************************************************************************/
#define xmlSecNssX509StoreGetCtx(store) \
! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
! sizeof(xmlSecKeyDataStoreKlass)))
#define xmlSecNssX509StoreSize \
! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
- static int xmlSecNssX509NameStringRead (xmlSecByte **str,
- int *strLen,
- xmlSecByte *res,
- int resLen,
- xmlSecByte delim,
- int ingoreTrailingSpaces);
- static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
- int len);
-
- static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
! sizeof(xmlSecKeyDataStoreKlass),
! xmlSecNssX509StoreSize,
! /* data */
! xmlSecNameX509Store, /* const xmlChar* name; */
!
! /* constructors/destructor */
! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
!
! /* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
};
static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
! xmlChar *issuerName,
! xmlChar *issuerSerial,
! xmlChar *ski);
/**
--- 55,90 ----
*
***************************************************************************/
#define xmlSecNssX509StoreGetCtx(store) \
! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
! sizeof(xmlSecKeyDataStoreKlass)))
#define xmlSecNssX509StoreSize \
! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
+ static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
! sizeof(xmlSecKeyDataStoreKlass),
! xmlSecNssX509StoreSize,
! /* data */
! xmlSecNameX509Store, /* const xmlChar* name; */
!
! /* constructors/destructor */
! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
!
! /* reserved for the future */
! NULL, /* void* reserved0; */
! NULL, /* void* reserved1; */
};
static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
! xmlChar *issuerName,
! xmlChar *issuerSerial,
! xmlChar *ski);
/**
***************
*** 104,110 ****
*/
xmlSecKeyDataStoreId
xmlSecNssX509StoreGetKlass(void) {
! return(&xmlSecNssX509StoreKlass);
}
/**
--- 96,102 ----
*/
xmlSecKeyDataStoreId
xmlSecNssX509StoreGetKlass(void) {
! return(&xmlSecNssX509StoreKlass);
}
/**
***************
*** 125,139 ****
xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
xmlChar *issuerName, xmlChar *issuerSerial,
xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
! xmlSecNssX509StoreCtxPtr ctx;
!
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert2(ctx != NULL, NULL);
! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
}
/**
--- 117,131 ----
xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
xmlChar *issuerName, xmlChar *issuerSerial,
xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
! xmlSecNssX509StoreCtxPtr ctx;
!
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert2(ctx != NULL, NULL);
! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
}
/**
***************
*** 148,263 ****
*/
CERTCertificate *
xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
! xmlSecKeyInfoCtx* keyInfoCtx) {
! xmlSecNssX509StoreCtxPtr ctx;
! CERTCertListNode* head;
! CERTCertificate* cert = NULL;
! CERTCertListNode* head1;
! CERTCertificate* cert1 = NULL;
! SECStatus status = SECFailure;
! int64 timeboundary;
! int64 tmp1, tmp2;
!
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
! xmlSecAssert2(certs != NULL, NULL);
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
!
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert2(ctx != NULL, NULL);
!
! for (head = CERT_LIST_HEAD(certs);
! !CERT_LIST_END(head, certs);
! head = CERT_LIST_NEXT(head)) {
! cert = head->cert;
if(keyInfoCtx->certsVerificationTime > 0) {
! /* convert the time since epoch in seconds to microseconds */
! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
! tmp1 = (int64)PR_USEC_PER_SEC;
! tmp2 = timeboundary;
! LL_MUL(timeboundary, tmp1, tmp2);
} else {
! timeboundary = PR_Now();
}
/* if cert is the issuer of any other cert in the list, then it is
* to be skipped */
for (head1 = CERT_LIST_HEAD(certs);
! !CERT_LIST_END(head1, certs);
! head1 = CERT_LIST_NEXT(head1)) {
! cert1 = head1->cert;
! if (cert1 == cert) {
continue;
! }
! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
! == SECEqual) {
break;
! }
}
if (!CERT_LIST_END(head1, certs)) {
! continue;
}
status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
cert, PR_FALSE,
(SECCertificateUsage)0,
! timeboundary , NULL, NULL, NULL);
if (status == SECSuccess) {
! break;
}
- }
! if (status == SECSuccess) {
return (cert);
! }
!
! switch(PORT_GetError()) {
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
case SEC_ERROR_CA_CERT_INVALID:
case SEC_ERROR_UNKNOWN_SIGNER:
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! NULL,
! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
! cert->subjectName);
! break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! NULL,
! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
! "cert with subject name %s has expired",
! cert->subjectName);
! break;
case SEC_ERROR_REVOKED_CERTIFICATE:
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! NULL,
! XMLSEC_ERRORS_R_CERT_REVOKED,
! "cert with subject name %s has been revoked",
! cert->subjectName);
! break;
default:
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! NULL,
! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
! "cert with subject name %s could not be verified",
! cert->subjectName);
! break;
! }
! return (NULL);
}
/**
* xmlSecNssX509StoreAdoptCert:
! * @store: the pointer to X509 key data store klass.
! * @cert: the pointer to NSS X509 certificate.
! * @type: the certificate type (trusted/untrusted).
*
* Adds trusted (root) or untrusted certificate to the store.
*
--- 140,256 ----
*/
CERTCertificate *
xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
! xmlSecKeyInfoCtx* keyInfoCtx) {
! xmlSecNssX509StoreCtxPtr ctx;
! CERTCertListNode* head;
! CERTCertificate* cert = NULL;
! CERTCertListNode* head1;
! CERTCertificate* cert1 = NULL;
! SECStatus status = SECFailure;
! int64 timeboundary;
! int64 tmp1, tmp2;
!
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
! xmlSecAssert2(certs != NULL, NULL);
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
!
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert2(ctx != NULL, NULL);
!
! for (head = CERT_LIST_HEAD(certs);
! !CERT_LIST_END(head, certs);
! head = CERT_LIST_NEXT(head)) {
! cert = head->cert;
if(keyInfoCtx->certsVerificationTime > 0) {
! /* convert the time since epoch in seconds to microseconds */
! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
! tmp1 = (int64)PR_USEC_PER_SEC;
! tmp2 = timeboundary;
! LL_MUL(timeboundary, tmp1, tmp2);
} else {
! timeboundary = PR_Now();
}
/* if cert is the issuer of any other cert in the list, then it is
* to be skipped */
for (head1 = CERT_LIST_HEAD(certs);
! !CERT_LIST_END(head1, certs);
! head1 = CERT_LIST_NEXT(head1)) {
! cert1 = head1->cert;
! if (cert1 == cert) {
continue;
! }
! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
! == SECEqual) {
break;
! }
}
if (!CERT_LIST_END(head1, certs)) {
! continue;
}
status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
cert, PR_FALSE,
(SECCertificateUsage)0,
! timeboundary , NULL, NULL, NULL);
if (status == SECSuccess) {
! break;
! }
}
! if (status == SECSuccess) {
return (cert);
! }
!
! switch(PORT_GetError()) {
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
case SEC_ERROR_CA_CERT_INVALID:
case SEC_ERROR_UNKNOWN_SIGNER:
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! NULL,
! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
! cert->subjectName);
! break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! NULL,
! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
! "cert with subject name %s has expired",
! cert->subjectName);
! break;
case SEC_ERROR_REVOKED_CERTIFICATE:
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! NULL,
! XMLSEC_ERRORS_R_CERT_REVOKED,
! "cert with subject name %s has been revoked",
! cert->subjectName);
! break;
default:
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! NULL,
! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
! "cert with subject name %s could not be verified, errcode %d",
! cert->subjectName,
! PORT_GetError());
! break;
! }
! return (NULL);
}
/**
* xmlSecNssX509StoreAdoptCert:
! * @store: the pointer to X509 key data store klass.
! * @cert: the pointer to NSS X509 certificate.
! * @type: the certificate type (trusted/untrusted).
*
* Adds trusted (root) or untrusted certificate to the store.
*
***************
*** 265,331 ****
*/
int
xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
! xmlSecNssX509StoreCtxPtr ctx;
! int ret;
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
! xmlSecAssert2(cert != NULL, -1);
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert2(ctx != NULL, -1);
! if(ctx->certsList == NULL) {
! ctx->certsList = CERT_NewCertList();
! if(ctx->certsList == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! "CERT_NewCertList",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! }
!
! ret = CERT_AddCertToListTail(ctx->certsList, cert);
! if(ret != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! "CERT_AddCertToListTail",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(-1);
! }
! return(0);
}
static int
xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
! xmlSecNssX509StoreCtxPtr ctx;
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert2(ctx != NULL, -1);
! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
! return(0);
}
static void
xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
! xmlSecNssX509StoreCtxPtr ctx;
! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert(ctx != NULL);
!
! if (ctx->certsList) {
CERT_DestroyCertList(ctx->certsList);
ctx->certsList = NULL;
! }
! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
}
--- 258,324 ----
*/
int
xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
! xmlSecNssX509StoreCtxPtr ctx;
! int ret;
!
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
! xmlSecAssert2(cert != NULL, -1);
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert2(ctx != NULL, -1);
! if(ctx->certsList == NULL) {
! ctx->certsList = CERT_NewCertList();
! if(ctx->certsList == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! "CERT_NewCertList",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
! return(-1);
! }
! }
! ret = CERT_AddCertToListTail(ctx->certsList, cert);
! if(ret != SECSuccess) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
! "CERT_AddCertToListTail",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
! return(-1);
! }
! return(0);
}
static int
xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
! xmlSecNssX509StoreCtxPtr ctx;
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert2(ctx != NULL, -1);
! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
! return(0);
}
static void
xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
! xmlSecNssX509StoreCtxPtr ctx;
! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
! ctx = xmlSecNssX509StoreGetCtx(store);
! xmlSecAssert(ctx != NULL);
!
! if (ctx->certsList) {
CERT_DestroyCertList(ctx->certsList);
ctx->certsList = NULL;
! }
! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
}
***************
*** 340,715 ****
*/
static CERTCertificate*
xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
! xmlChar *issuerSerial, xmlChar *ski) {
! CERTCertificate *cert = NULL;
! xmlChar *p = NULL;
! CERTName *name = NULL;
! SECItem *nameitem = NULL;
! PRArenaPool *arena = NULL;
!
! if (subjectName != NULL) {
! p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
! if (p == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssX509NameRead",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "subject=%s",
! xmlSecErrorsSafeString(subjectName));
! goto done;
! }
!
! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
! if (arena == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PORT_NewArena",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
!
! name = CERT_AsciiToName((char*)p);
! if (name == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CERT_AsciiToName",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
!
! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
! SEC_ASN1_GET(CERT_NameTemplate));
! if (nameitem == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "SEC_ASN1EncodeItem",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
!
! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
! goto done;
! }
!
! if((issuerName != NULL) && (issuerSerial != NULL)) {
! CERTIssuerAndSN issuerAndSN;
!
! p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
! if (p == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssX509NameRead",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "issuer=%s",
! xmlSecErrorsSafeString(issuerName));
! goto done;
! }
!
! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
! if (arena == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PORT_NewArena",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
!
! name = CERT_AsciiToName((char*)p);
! if (name == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CERT_AsciiToName",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
!
! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
! SEC_ASN1_GET(CERT_NameTemplate));
! if (nameitem == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "SEC_ASN1EncodeItem",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
!
! memset(&issuerAndSN, 0, sizeof(issuerAndSN));
! issuerAndSN.derIssuer.data = nameitem->data;
! issuerAndSN.derIssuer.len = nameitem->len;
! /* TBD: serial num can be arbitrarily long */
! xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
! &issuerAndSN);
! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
! goto done;
! }
!
! if(ski != NULL) {
! SECItem subjKeyID;
! int len;
!
! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
! if(len < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBase64Decode",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "ski=%s",
! xmlSecErrorsSafeString(ski));
! goto done;
! }
!
! memset(&subjKeyID, 0, sizeof(subjKeyID));
! subjKeyID.data = ski;
! subjKeyID.len = xmlStrlen(ski);
! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
! &subjKeyID);
! }
! done:
! if (p != NULL) {
! PORT_Free(p);
! }
! if (arena != NULL) {
! PORT_FreeArena(arena, PR_FALSE);
! }
! if (name != NULL) {
! CERT_DestroyName(name);
! }
! return(cert);
! }
! /**
! * xmlSecNssX509NameRead:
! */
! static xmlSecByte *
! xmlSecNssX509NameRead(xmlSecByte *str, int len) {
! xmlSecByte name[256];
! xmlSecByte value[256];
! xmlSecByte *retval = NULL;
! xmlSecByte *p = NULL;
! int nameLen, valueLen;
!
! xmlSecAssert2(str != NULL, NULL);
!
! /* return string should be no longer than input string */
! retval = (xmlSecByte *)PORT_Alloc(len+1);
! if(retval == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PORT_Alloc",
! XMLSEC_ERRORS_R_MALLOC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! return(NULL);
! }
! p = retval;
!
! while(len > 0) {
! /* skip spaces after comma or semicolon */
! while((len > 0) && isspace(*str)) {
! ++str; --len;
! }
!
! nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
! if(nameLen < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecNssX509NameStringRead",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
! memcpy(p, name, nameLen);
! p+=nameLen;
! *p++='=';
! if(len > 0) {
! ++str; --len;
! if((*str) == '\"') {
! valueLen = xmlSecNssX509NameStringRead(&str, &len,
! value, sizeof(value), '"', 1);
! if(valueLen < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
! "xmlSecNssX509NameStringRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
! /* skip spaces before comma or semicolon */
! while((len > 0) && isspace(*str)) {
! ++str; --len;
! }
! if((len > 0) && ((*str) != ',')) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "comma is expected");
! goto done;
}
! if(len > 0) {
! ++str; --len;
}
! *p++='\"';
! memcpy(p, value, valueLen);
! p+=valueLen;
! *p++='\"';
! } else if((*str) == '#') {
! /* TODO: read octect values */
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "reading octect values is not implemented yet");
! goto done;
! } else {
! valueLen = xmlSecNssX509NameStringRead(&str, &len,
! value, sizeof(value), ',', 1);
! if(valueLen < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
! "xmlSecNssX509NameStringRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
! XMLSEC_ERRORS_NO_MESSAGE);
! goto done;
! }
! memcpy(p, value, valueLen);
! p+=valueLen;
! if (len > 0)
! *p++=',';
! }
! } else {
! valueLen = 0;
}
! if(len > 0) {
! ++str; --len;
! }
! }
!
! *p = 0;
! return(retval);
!
done:
! PORT_Free(retval);
! return (NULL);
}
! /**
! * xmlSecNssX509NameStringRead:
! */
! static int
! xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
! xmlSecByte *res, int resLen,
! xmlSecByte delim, int ingoreTrailingSpaces) {
! xmlSecByte *p, *q, *nonSpace;
!
! xmlSecAssert2(str != NULL, -1);
! xmlSecAssert2(strLen != NULL, -1);
! xmlSecAssert2(res != NULL, -1);
!
! p = (*str);
! nonSpace = q = res;
! while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
! if((*p) != '\\') {
! if(ingoreTrailingSpaces && !isspace(*p)) {
! nonSpace = q;
! }
! *(q++) = *(p++);
! } else {
! ++p;
! nonSpace = q;
! if(xmlSecIsHex((*p))) {
! if((p - (*str) + 1) >= (*strLen)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "two hex digits expected");
! return(-1);
! }
! *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
! p += 2;
! } else {
! if(((++p) - (*str)) >= (*strLen)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_DATA,
! "escaped symbol missed");
! return(-1);
! }
! *(q++) = *(p++);
! }
! }
! }
! if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! NULL,
! XMLSEC_ERRORS_R_INVALID_SIZE,
! "buffer is too small");
! return(-1);
! }
! (*strLen) -= (p - (*str));
! (*str) = p;
! return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
! }
! /* code lifted from NSS */
! static void
! xmlSecNssNumToItem(SECItem *it, unsigned long ui)
! {
! unsigned char bb[5];
! int len;
!
! bb[0] = 0;
! bb[1] = (unsigned char) (ui >> 24);
! bb[2] = (unsigned char) (ui >> 16);
! bb[3] = (unsigned char) (ui >> 8);
! bb[4] = (unsigned char) (ui);
!
! /*
! ** Small integers are encoded in a single byte. Larger integers
! ** require progressively more space.
! */
! if (ui > 0x7f) {
! if (ui > 0x7fff) {
! if (ui > 0x7fffffL) {
! if (ui >= 0x80000000L) {
! len = 5;
! } else {
! len = 4;
! }
! } else {
! len = 3;
! }
! } else {
! len = 2;
! }
! } else {
! len = 1;
! }
!
! it->data = (unsigned char *)PORT_Alloc(len);
! if (it->data == NULL) {
! return;
! }
! it->len = len;
! PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
}
- #endif /* XMLSEC_NO_X509 */
--- 333,545 ----
*/
static CERTCertificate*
xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
! xmlChar *issuerSerial, xmlChar *ski) {
! CERTCertificate *cert = NULL;
! CERTName *name = NULL;
! SECItem *nameitem = NULL;
! PRArenaPool *arena = NULL;
!
! if (subjectName != NULL) {
! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
! if (arena == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PORT_NewArena",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
! goto done;
! }
! name = CERT_AsciiToName((char*)subjectName);
! if (name == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "CERT_AsciiToName",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "error code=%d", PORT_GetError());
! goto done;
! }
! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
! SEC_ASN1_GET(CERT_NameTemplate));
! if (nameitem == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "SEC_ASN1EncodeItem",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "error code=%d", PORT_GetError());
! goto done;
! }
! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
! goto done;
! }
! if((issuerName != NULL) && (issuerSerial != NULL)) {
! CERTIssuerAndSN issuerAndSN;
! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
! if (arena == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "PORT_NewArena",
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
! "error code=%d", PORT_GetError());
! goto done;
! }
! name = CERT_AsciiToName((char*)issuerName);
! if (name == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
! "CERT_AsciiToName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "error code=%d", PORT_GetError());
! goto done;
}
!
! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
! SEC_ASN1_GET(CERT_NameTemplate));
! if (nameitem == NULL) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "SEC_ASN1EncodeItem",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "error code=%d", PORT_GetError());
! goto done;
}
!
! memset(&issuerAndSN, 0, sizeof(issuerAndSN));
!
! issuerAndSN.derIssuer.data = nameitem->data;
! issuerAndSN.derIssuer.len = nameitem->len;
!
! if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
! xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
! "xmlSecNssIntegerToItem",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "serial number=%s",
! xmlSecErrorsSafeString(issuerSerial));
! goto done;
! }
!
! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
! &issuerAndSN);
! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
! goto done;
! }
!
! if(ski != NULL) {
! SECItem subjKeyID;
! int len;
!
! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
! if(len < 0) {
! xmlSecError(XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBase64Decode",
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
! "ski=%s",
! xmlSecErrorsSafeString(ski));
! goto done;
! }
!
! memset(&subjKeyID, 0, sizeof(subjKeyID));
! subjKeyID.data = ski;
! subjKeyID.len = xmlStrlen(ski);
! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
! &subjKeyID);
}
!
done:
! if (arena != NULL) {
! PORT_FreeArena(arena, PR_FALSE);
! }
! if (name != NULL) {
! CERT_DestroyName(name);
! }
!
! return(cert);
}
+ static int
+ xmlSecNssIntegerToItem(
+ const xmlChar* integer ,
+ SECItem *item
+ ) {
+ xmlSecBn bn ;
+ xmlSecSize i, length ;
+ const xmlSecByte* bnInteger ;
+ xmlSecAssert2( integer != NULL, -1 ) ;
+ xmlSecAssert2( item != NULL, -1 ) ;
! if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnInitialize",
! XMLSEC_ERRORS_R_INVALID_DATA,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! return -1 ;
! }
! if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnFromDecString",
! XMLSEC_ERRORS_R_INVALID_DATA,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecBnFinalize( &bn ) ;
! return -1 ;
! }
!
! length = xmlSecBnGetSize( &bn ) ;
! if( length <= 0 ) {
! xmlSecError( XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnGetSize",
! XMLSEC_ERRORS_R_INVALID_DATA,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecBnFinalize( &bn ) ;
! return -1 ;
! }
!
! bnInteger = xmlSecBnGetData( &bn ) ;
! if( bnInteger == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE,
! NULL,
! "xmlSecBnGetData",
! XMLSEC_ERRORS_R_INVALID_DATA,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
! xmlSecBnFinalize( &bn ) ;
! return -1 ;
! }
!
! item->data = ( unsigned char * )PORT_Alloc( length );
! if( item->data == NULL ) {
! xmlSecError( XMLSEC_ERRORS_HERE,
! NULL,
! "PORT_Alloc",
! XMLSEC_ERRORS_R_INVALID_DATA,
! XMLSEC_ERRORS_NO_MESSAGE ) ;
!
! xmlSecBnFinalize( &bn ) ;
! return -1 ;
! }
!
! item->len = length;
!
! for( i = 0 ; i < length ; i ++ )
! item->data[i] = *( bnInteger + i ) ;
!
! xmlSecBnFinalize( &bn ) ;
!
! return 0 ;
}
+ #endif /* XMLSEC_NO_X509 */
*** misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 16:35:12.000000000 +0200
--- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2005-05-09 19:54:13.240626869 +0200
***************
*** 223,228 ****
--- 223,232 ----
$(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
XMLSEC_NSS_OBJS = \
+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\
+ $(XMLSEC_NSS_INTDIR)\keytrans.obj\
+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
+ $(XMLSEC_NSS_INTDIR)\tokens.obj\
$(XMLSEC_NSS_INTDIR)\app.obj\
$(XMLSEC_NSS_INTDIR)\bignum.obj\
$(XMLSEC_NSS_INTDIR)\ciphers.obj \
***************
*** 235,243 ****
$(XMLSEC_NSS_INTDIR)\x509.obj\
$(XMLSEC_NSS_INTDIR)\x509vfy.obj\
$(XMLSEC_NSS_INTDIR)\keysstore.obj\
- $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\
- $(XMLSEC_NSS_INTDIR)\kw_des.obj\
- $(XMLSEC_NSS_INTDIR)\kw_aes.obj\
$(XMLSEC_NSS_INTDIR)\strings.obj
XMLSEC_NSS_OBJS_A = \
$(XMLSEC_NSS_INTDIR_A)\app.obj\
--- 239,244 ----
***************
*** 258,263 ****
--- 259,265 ----
$(XMLSEC_NSS_INTDIR_A)\strings.obj
XMLSEC_MSCRYPTO_OBJS = \
+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
$(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
$(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
***************
*** 376,382 ****
XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
! XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
--- 378,384 ----
XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
! XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib
XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib