4af1a4779e
2005/08/09 15:17:40 rene 1.6.2.1: #i51542# fix system-libxml2 build. patches by maxweber (libxmlsec) and fridrich_strba (scp2)
14012 lines
413 KiB
Diff
14012 lines
413 KiB
Diff
*** misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 08:00:30.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/apps/Makefile.in 2005-05-09 19:54:13.132635976 +0200
|
|
***************
|
|
*** 370,376 ****
|
|
$(CRYPTO_DEPS) \
|
|
$(NULL)
|
|
|
|
! all: all-am
|
|
|
|
.SUFFIXES:
|
|
.SUFFIXES: .c .lo .o .obj
|
|
--- 370,376 ----
|
|
$(CRYPTO_DEPS) \
|
|
$(NULL)
|
|
|
|
! all:
|
|
|
|
.SUFFIXES:
|
|
.SUFFIXES: .c .lo .o .obj
|
|
*** misc/xmlsec1-1.2.6/configure 2004-08-26 08:00:34.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/configure 2005-05-09 19:54:13.176632266 +0200
|
|
***************
|
|
*** 24598,24604 ****
|
|
fi
|
|
|
|
LIBXML_MIN_VERSION="2.4.2"
|
|
! LIBXML_CONFIG="xml2-config"
|
|
LIBXML_CFLAGS=""
|
|
LIBXML_LIBS=""
|
|
LIBXML_FOUND="no"
|
|
--- 24598,24604 ----
|
|
fi
|
|
|
|
LIBXML_MIN_VERSION="2.4.2"
|
|
! LIBXML_CONFIG="./libxml2-config"
|
|
LIBXML_CFLAGS=""
|
|
LIBXML_LIBS=""
|
|
LIBXML_FOUND="no"
|
|
***************
|
|
*** 25682,25688 ****
|
|
NSPR_MIN_VERSION="4.0"
|
|
NSS_CFLAGS=""
|
|
NSS_LIBS=""
|
|
! NSS_LIBS_LIST="-lnss3 -lsmime3"
|
|
NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
|
|
NSS_CRYPTO_LIB="$PACKAGE-nss"
|
|
NSS_FOUND="no"
|
|
--- 25682,25688 ----
|
|
NSPR_MIN_VERSION="4.0"
|
|
NSS_CFLAGS=""
|
|
NSS_LIBS=""
|
|
! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
|
|
NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
|
|
NSS_CRYPTO_LIB="$PACKAGE-nss"
|
|
NSS_FOUND="no"
|
|
***************
|
|
*** 25817,25824 ****
|
|
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
|
|
fi
|
|
|
|
! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
|
|
! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
|
|
|
|
echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
|
|
echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
|
|
--- 25817,25824 ----
|
|
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
|
|
fi
|
|
|
|
! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
|
|
! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
|
|
|
|
echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
|
|
echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6
|
|
***************
|
|
*** 25853,25859 ****
|
|
done
|
|
|
|
for dir in $ac_nss_lib_dir ; do
|
|
! if test -f $dir/libnspr4.so ; then
|
|
if test "z$dir" = "z/usr/lib" ; then
|
|
NSPR_LIBS="$NSPR_LIBS_LIST"
|
|
else
|
|
--- 25853,25859 ----
|
|
done
|
|
|
|
for dir in $ac_nss_lib_dir ; do
|
|
! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
|
|
if test "z$dir" = "z/usr/lib" ; then
|
|
NSPR_LIBS="$NSPR_LIBS_LIST"
|
|
else
|
|
***************
|
|
*** 25939,25945 ****
|
|
done
|
|
|
|
for dir in $ac_nss_lib_dir ; do
|
|
! if test -f $dir/libnss3.so ; then
|
|
if test "z$dir" = "z/usr/lib" ; then
|
|
NSS_LIBS="$NSS_LIBS_LIST"
|
|
else
|
|
--- 25939,25945 ----
|
|
done
|
|
|
|
for dir in $ac_nss_lib_dir ; do
|
|
! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
|
|
if test "z$dir" = "z/usr/lib" ; then
|
|
NSS_LIBS="$NSS_LIBS_LIST"
|
|
else
|
|
*** misc/xmlsec1-1.2.6/configure.in 2004-08-26 04:49:24.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/configure.in 2005-05-09 19:54:13.179632013 +0200
|
|
***************
|
|
*** 143,149 ****
|
|
dnl find libxml
|
|
dnl ==========================================================================
|
|
LIBXML_MIN_VERSION="2.4.2"
|
|
! LIBXML_CONFIG="xml2-config"
|
|
LIBXML_CFLAGS=""
|
|
LIBXML_LIBS=""
|
|
LIBXML_FOUND="no"
|
|
--- 143,149 ----
|
|
dnl find libxml
|
|
dnl ==========================================================================
|
|
LIBXML_MIN_VERSION="2.4.2"
|
|
! LIBXML_CONFIG="./libxml2-config"
|
|
LIBXML_CFLAGS=""
|
|
LIBXML_LIBS=""
|
|
LIBXML_FOUND="no"
|
|
***************
|
|
*** 507,513 ****
|
|
NSPR_MIN_VERSION="4.0"
|
|
NSS_CFLAGS=""
|
|
NSS_LIBS=""
|
|
! NSS_LIBS_LIST="-lnss3 -lsmime3"
|
|
NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
|
|
NSS_CRYPTO_LIB="$PACKAGE-nss"
|
|
NSS_FOUND="no"
|
|
--- 507,513 ----
|
|
NSPR_MIN_VERSION="4.0"
|
|
NSS_CFLAGS=""
|
|
NSS_LIBS=""
|
|
! NSS_LIBS_LIST="-lnss3 -lsoftokn3 -lsmime3"
|
|
NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
|
|
NSS_CRYPTO_LIB="$PACKAGE-nss"
|
|
NSS_FOUND="no"
|
|
***************
|
|
*** 534,541 ****
|
|
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
|
|
fi
|
|
|
|
! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
|
|
! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
|
|
|
|
AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
|
|
NSPR_INCLUDES_FOUND="no"
|
|
--- 534,541 ----
|
|
ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
|
|
fi
|
|
|
|
! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}"
|
|
! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla"
|
|
|
|
AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
|
|
NSPR_INCLUDES_FOUND="no"
|
|
***************
|
|
*** 570,576 ****
|
|
done
|
|
|
|
for dir in $ac_nss_lib_dir ; do
|
|
! if test -f $dir/libnspr4.so ; then
|
|
dnl do not add -L/usr/lib because compiler does it anyway
|
|
if test "z$dir" = "z/usr/lib" ; then
|
|
NSPR_LIBS="$NSPR_LIBS_LIST"
|
|
--- 570,576 ----
|
|
done
|
|
|
|
for dir in $ac_nss_lib_dir ; do
|
|
! if test -f $dir/libnspr4.so -o -f $dir/libnspr4.dylib ; then
|
|
dnl do not add -L/usr/lib because compiler does it anyway
|
|
if test "z$dir" = "z/usr/lib" ; then
|
|
NSPR_LIBS="$NSPR_LIBS_LIST"
|
|
***************
|
|
*** 641,647 ****
|
|
done
|
|
|
|
for dir in $ac_nss_lib_dir ; do
|
|
! if test -f $dir/libnss3.so ; then
|
|
dnl do not add -L/usr/lib because compiler does it anyway
|
|
if test "z$dir" = "z/usr/lib" ; then
|
|
NSS_LIBS="$NSS_LIBS_LIST"
|
|
--- 641,647 ----
|
|
done
|
|
|
|
for dir in $ac_nss_lib_dir ; do
|
|
! if test -f $dir/libnss3.so -o -f $dir/libnss3.dylib ; then
|
|
dnl do not add -L/usr/lib because compiler does it anyway
|
|
if test "z$dir" = "z/usr/lib" ; then
|
|
NSS_LIBS="$NSS_LIBS_LIST"
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2005-05-09 19:55:57.192859540 +0200
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2005-05-09 19:54:13.180631929 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,71 ----
|
|
! /**
|
|
! * XMLSec library
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright ..........................
|
|
! */
|
|
! #ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
|
|
! #define __XMLSEC_MSCRYPTO_AKMNGR_H__
|
|
!
|
|
! #include <windows.h>
|
|
! #include <wincrypt.h>
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/keys.h>
|
|
! #include <xmlsec/transforms.h>
|
|
!
|
|
! #ifdef __cplusplus
|
|
! extern "C" {
|
|
! #endif /* __cplusplus */
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
|
|
! xmlSecMSCryptoAppliedKeysMngrCreate(
|
|
! HCERTSTORE keyStore ,
|
|
! HCERTSTORE certStore
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCRYPTKEY symKey
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCRYPTKEY pubKey
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCRYPTKEY priKey
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCERTSTORE keyStore
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCERTSTORE trustedStore
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCERTSTORE untrustedStore
|
|
! ) ;
|
|
!
|
|
! #ifdef __cplusplus
|
|
! }
|
|
! #endif /* __cplusplus */
|
|
!
|
|
! #endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
|
|
!
|
|
!
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 08:12:46.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2005-05-09 19:54:13.180631929 +0200
|
|
***************
|
|
*** 77,82 ****
|
|
--- 77,97 ----
|
|
PCCERT_CONTEXT cert,
|
|
xmlSecKeyDataType type);
|
|
|
|
+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore (
|
|
+ xmlSecKeyDataStorePtr store,
|
|
+ HCERTSTORE keyStore
|
|
+ ) ;
|
|
+
|
|
+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore (
|
|
+ xmlSecKeyDataStorePtr store,
|
|
+ HCERTSTORE trustedStore
|
|
+ ) ;
|
|
+
|
|
+ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore (
|
|
+ xmlSecKeyDataStorePtr store,
|
|
+ HCERTSTORE untrustedStore
|
|
+ ) ;
|
|
+
|
|
|
|
#endif /* XMLSEC_NO_X509 */
|
|
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2005-05-09 19:55:57.148863251 +0200
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2005-05-09 19:54:13.181631844 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,55 ----
|
|
! /**
|
|
! * XMLSec library
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright ..........................
|
|
! */
|
|
! #ifndef __XMLSEC_NSS_AKMNGR_H__
|
|
! #define __XMLSEC_NSS_AKMNGR_H__
|
|
!
|
|
! #include <nss.h>
|
|
! #include <nspr.h>
|
|
! #include <pk11func.h>
|
|
! #include <cert.h>
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/keys.h>
|
|
! #include <xmlsec/transforms.h>
|
|
!
|
|
! #ifdef __cplusplus
|
|
! extern "C" {
|
|
! #endif /* __cplusplus */
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
|
|
! xmlSecNssAppliedKeysMngrCreate(
|
|
! PK11SlotInfo* slot ,
|
|
! CERTCertDBHandle* handler
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssAppliedKeysMngrSymKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! PK11SymKey* symKey
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssAppliedKeysMngrPubKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! SECKEYPublicKey* pubKey
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssAppliedKeysMngrPriKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! SECKEYPrivateKey* priKey
|
|
! ) ;
|
|
!
|
|
! #ifdef __cplusplus
|
|
! }
|
|
! #endif /* __cplusplus */
|
|
!
|
|
! #endif /* __XMLSEC_NSS_AKMNGR_H__ */
|
|
!
|
|
!
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-12 22:06:14.000000000 +0100
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2005-05-09 19:54:13.181631844 +0200
|
|
***************
|
|
*** 22,27 ****
|
|
--- 22,30 ----
|
|
#include <xmlsec/keysmngr.h>
|
|
#include <xmlsec/transforms.h>
|
|
|
|
+ #include <xmlsec/nss/tokens.h>
|
|
+ #include <xmlsec/nss/akmngr.h>
|
|
+
|
|
/**
|
|
* Init/shutdown
|
|
*/
|
|
***************
|
|
*** 34,39 ****
|
|
--- 37,44 ----
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr,
|
|
xmlSecKeyPtr key);
|
|
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
|
|
+ xmlSecNssKeySlotPtr keySlot);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
|
|
const char* uri);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2005-05-09 19:55:57.165861817 +0200
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2005-05-09 19:54:13.182631760 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,35 ----
|
|
! /**
|
|
! * XMLSec library
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright ..........................
|
|
! */
|
|
! #ifndef __XMLSEC_NSS_CIPHERS_H__
|
|
! #define __XMLSEC_NSS_CIPHERS_H__
|
|
!
|
|
! #ifdef __cplusplus
|
|
! extern "C" {
|
|
! #endif /* __cplusplus */
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/keys.h>
|
|
! #include <xmlsec/transforms.h>
|
|
!
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
|
|
! PK11SymKey* symkey ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
|
|
!
|
|
!
|
|
! #ifdef __cplusplus
|
|
! }
|
|
! #endif /* __cplusplus */
|
|
!
|
|
! #endif /* __XMLSEC_NSS_CIPHERS_H__ */
|
|
!
|
|
!
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-12 22:06:14.000000000 +0100
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2005-05-09 19:54:13.183631676 +0200
|
|
***************
|
|
*** 264,269 ****
|
|
--- 264,278 ----
|
|
xmlSecNssTransformRsaPkcs1GetKlass()
|
|
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void);
|
|
|
|
+ /**
|
|
+ * xmlSecNssTransformRsaOaepId:
|
|
+ *
|
|
+ * The RSA OAEP key transport transform klass.
|
|
+ */
|
|
+ #define xmlSecNssTransformRsaOaepId \
|
|
+ xmlSecNssTransformRsaOaepGetKlass()
|
|
+ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
|
|
+
|
|
#endif /* XMLSEC_NO_RSA */
|
|
|
|
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 04:46:35.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2005-05-09 19:54:13.183631676 +0200
|
|
***************
|
|
*** 16,21 ****
|
|
--- 16,23 ----
|
|
#endif /* __cplusplus */
|
|
|
|
#include <xmlsec/xmlsec.h>
|
|
+ #include <xmlsec/keysmngr.h>
|
|
+ #include <xmlsec/nss/tokens.h>
|
|
|
|
/****************************************************************************
|
|
*
|
|
***************
|
|
*** 31,36 ****
|
|
--- 33,40 ----
|
|
XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
|
|
xmlSecKeyPtr key);
|
|
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
|
|
+ xmlSecNssKeySlotPtr keySlot);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
|
|
const char *uri,
|
|
xmlSecKeysMngrPtr keysMngr);
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 04:46:35.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2005-05-09 19:54:13.184631591 +0200
|
|
***************
|
|
*** 3,8 ****
|
|
--- 3,9 ----
|
|
xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
|
|
|
|
xmlsecnssinc_HEADERS = \
|
|
+ akmngr.h \
|
|
app.h \
|
|
crypto.h \
|
|
symbols.h \
|
|
***************
|
|
*** 10,15 ****
|
|
--- 11,18 ----
|
|
keysstore.h \
|
|
pkikeys.h \
|
|
x509.h \
|
|
+ tokens.h \
|
|
+ ciphers.h \
|
|
$(NULL)
|
|
|
|
install-exec-hook:
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 08:00:31.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2005-05-09 19:54:13.184631591 +0200
|
|
***************
|
|
*** 273,278 ****
|
|
--- 273,279 ----
|
|
NULL =
|
|
xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
|
|
xmlsecnssinc_HEADERS = \
|
|
+ akmngr.h \
|
|
app.h \
|
|
crypto.h \
|
|
symbols.h \
|
|
***************
|
|
*** 280,285 ****
|
|
--- 281,288 ----
|
|
keysstore.h \
|
|
pkikeys.h \
|
|
x509.h \
|
|
+ tokens.h \
|
|
+ ciphers.h \
|
|
$(NULL)
|
|
|
|
all: all-am
|
|
*** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2005-05-09 19:55:57.178860721 +0200
|
|
--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2005-05-09 19:54:13.185631507 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,182 ----
|
|
! /**
|
|
! * XMLSec library
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
|
|
! *
|
|
! * Contributor(s): _____________________________
|
|
! *
|
|
! */
|
|
! #ifndef __XMLSEC_NSS_TOKENS_H__
|
|
! #define __XMLSEC_NSS_TOKENS_H__
|
|
!
|
|
! #include <string.h>
|
|
!
|
|
! #include <nss.h>
|
|
! #include <pk11func.h>
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/list.h>
|
|
!
|
|
! #ifdef __cplusplus
|
|
! extern "C" {
|
|
! #endif /* __cplusplus */
|
|
!
|
|
! /**
|
|
! * xmlSecNssKeySlotListId
|
|
! *
|
|
! * The crypto mechanism list klass
|
|
! */
|
|
! #define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
|
|
! XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
|
|
!
|
|
! /*******************************************
|
|
! * KeySlot interfaces
|
|
! *******************************************/
|
|
! /**
|
|
! * Internal NSS key slot data
|
|
! * @mechanismList: the mechanisms that the slot bound with.
|
|
! * @slot: the pkcs slot
|
|
! *
|
|
! * This context is located after xmlSecPtrList
|
|
! */
|
|
! typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
|
|
! typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
|
|
!
|
|
! struct _xmlSecNssKeySlot {
|
|
! CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
|
|
! PK11SlotInfo* slot ;
|
|
! } ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssKeySlotSetMechList(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE_PTR mechanismList
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssKeySlotEnableMech(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE mechanism
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssKeySlotDisableMech(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE mechanism
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
|
|
! xmlSecNssKeySlotGetMechList(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssKeySlotSetSlot(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! PK11SlotInfo* slot
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssKeySlotInitialize(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! PK11SlotInfo* slot
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT void
|
|
! xmlSecNssKeySlotFinalize(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
|
|
! xmlSecNssKeySlotGetSlot(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
|
|
! xmlSecNssKeySlotCreate() ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssKeySlotCopy(
|
|
! xmlSecNssKeySlotPtr newKeySlot ,
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
|
|
! xmlSecNssKeySlotDuplicate(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT void
|
|
! xmlSecNssKeySlotDestroy(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssKeySlotBindMech(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE type
|
|
! ) ;
|
|
!
|
|
! XMLSEC_CRYPTO_EXPORT int
|
|
! xmlSecNssKeySlotSupportMech(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE type
|
|
! ) ;
|
|
!
|
|
!
|
|
! /************************************************************************
|
|
! * PKCS#11 crypto token interfaces
|
|
! *
|
|
! * A PKCS#11 slot repository will be defined internally. From the
|
|
! * repository, a user can specify a particular slot for a certain crypto
|
|
! * mechanism.
|
|
! *
|
|
! * In some situation, some cryptographic operation should act in a user
|
|
! * designated devices. The interfaces defined here provide the way. If
|
|
! * the user do not initialize the repository distinctly, the interfaces
|
|
! * use the default functions provided by NSS itself.
|
|
! *
|
|
! ************************************************************************/
|
|
! /**
|
|
! * Initialize NSS pkcs#11 slot repository
|
|
! *
|
|
! * Returns 0 if success or -1 if an error occurs.
|
|
! */
|
|
! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
|
|
!
|
|
! /**
|
|
! * Shutdown and destroy NSS pkcs#11 slot repository
|
|
! */
|
|
! XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
|
|
!
|
|
! /**
|
|
! * Get PKCS#11 slot handler
|
|
! * @type the mechanism that the slot must support.
|
|
! *
|
|
! * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
|
|
! *
|
|
! * Notes: The returned handler must be destroied distinctly.
|
|
! */
|
|
! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
|
|
!
|
|
! /**
|
|
! * Adopt a pkcs#11 slot with a mechanism into the repository
|
|
! * @slot: the pkcs#11 slot.
|
|
! * @mech: the mechanism.
|
|
! *
|
|
! * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
|
|
! * this mechanism only can perform on the @slot.
|
|
! *
|
|
! * Returns 0 if success or -1 if an error occurs.
|
|
! */
|
|
! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
|
|
!
|
|
! #ifdef __cplusplus
|
|
! }
|
|
! #endif /* __cplusplus */
|
|
!
|
|
! #endif /* __XMLSEC_NSS_TOKENS_H__ */
|
|
!
|
|
*** misc/xmlsec1-1.2.6/libxml2-config 2005-05-09 19:55:57.284851780 +0200
|
|
--- misc/build/xmlsec1-1.2.6/libxml2-config 2005-05-09 19:54:13.186631423 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,48 ----
|
|
! #! /bin/sh
|
|
!
|
|
! if test "$SYSTEM_LIBXML" = "YES"
|
|
! then xml2-config "$@"; exit 0
|
|
! fi
|
|
!
|
|
! prefix=${SOLARVERSION}/${INPATH}
|
|
! includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external
|
|
! libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}
|
|
!
|
|
! while test $# -gt 0; do
|
|
! case "$1" in
|
|
! -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
|
! *) optarg= ;;
|
|
! esac
|
|
!
|
|
! case "$1" in
|
|
! --prefix=*)
|
|
! prefix=$optarg
|
|
! includedir=$prefix/include
|
|
! libdir=$prefix/lib
|
|
! ;;
|
|
!
|
|
! --prefix)
|
|
! echo $prefix
|
|
! ;;
|
|
!
|
|
! --version)
|
|
! echo 2.5.4
|
|
! exit 0
|
|
! ;;
|
|
!
|
|
! --cflags)
|
|
! echo -I${includedir}
|
|
! ;;
|
|
!
|
|
! --libs)
|
|
! echo -L${libdir} -lxml2 -lz -lm
|
|
! ;;
|
|
!
|
|
! *)
|
|
! exit 1
|
|
! ;;
|
|
! esac
|
|
! shift
|
|
! done
|
|
!
|
|
! exit 0
|
|
*** misc/xmlsec1-1.2.6/ltmain.sh 2004-08-26 08:00:15.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/ltmain.sh 2005-05-09 19:55:51.745319024 +0200
|
|
***************
|
|
*** 2994,3006 ****
|
|
;;
|
|
|
|
freebsd-aout)
|
|
! major=".$current"
|
|
! versuffix=".$current.$revision";
|
|
;;
|
|
|
|
freebsd-elf)
|
|
! major=".$current"
|
|
! versuffix=".$current";
|
|
;;
|
|
|
|
irix | nonstopux)
|
|
--- 2994,3006 ----
|
|
;;
|
|
|
|
freebsd-aout)
|
|
! major=.`expr $current - $age`
|
|
! versuffix="$major.$age.$revision"
|
|
;;
|
|
|
|
freebsd-elf)
|
|
! major=.`expr $current - $age`
|
|
! versuffix="$major.$age.$revision"
|
|
;;
|
|
|
|
irix | nonstopux)
|
|
***************
|
|
*** 3564,3570 ****
|
|
fi
|
|
else
|
|
eval flag=\"$hardcode_libdir_flag_spec\"
|
|
! dep_rpath="$dep_rpath $flag"
|
|
fi
|
|
elif test -n "$runpath_var"; then
|
|
case "$perm_rpath " in
|
|
--- 3564,3571 ----
|
|
fi
|
|
else
|
|
eval flag=\"$hardcode_libdir_flag_spec\"
|
|
! # what the ...
|
|
! # dep_rpath="$dep_rpath $flag"
|
|
fi
|
|
elif test -n "$runpath_var"; then
|
|
case "$perm_rpath " in
|
|
*** misc/xmlsec1-1.2.6/src/bn.c 2004-06-21 20:33:27.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/bn.c 2005-05-09 19:54:13.188631254 +0200
|
|
***************
|
|
*** 170,177 ****
|
|
*/
|
|
int
|
|
xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
|
|
! xmlSecSize i, len;
|
|
xmlSecByte ch;
|
|
int nn;
|
|
int ret;
|
|
|
|
--- 170,179 ----
|
|
*/
|
|
int
|
|
xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
|
|
! xmlSecSize i, len, size;
|
|
xmlSecByte ch;
|
|
+ xmlSecByte* data;
|
|
+ int positive;
|
|
int nn;
|
|
int ret;
|
|
|
|
***************
|
|
*** 183,189 ****
|
|
/* trivial case */
|
|
len = xmlStrlen(str);
|
|
if(len == 0) {
|
|
! return(0);
|
|
}
|
|
|
|
/* The result size could not exceed the input string length
|
|
--- 185,191 ----
|
|
/* trivial case */
|
|
len = xmlStrlen(str);
|
|
if(len == 0) {
|
|
! return(0);
|
|
}
|
|
|
|
/* The result size could not exceed the input string length
|
|
***************
|
|
*** 191,244 ****
|
|
* In truth, it would be likely less than 1/2 input string length
|
|
* because each byte is represented by 2 chars. If needed,
|
|
* buffer size would be increased by Mul/Add functions.
|
|
*/
|
|
! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1);
|
|
if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnRevLookupTable",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", len / 2 + 1);
|
|
! return (-1);
|
|
}
|
|
|
|
! for(i = 0; i < len; i++) {
|
|
! ch = str[i];
|
|
! if(isspace(ch)) {
|
|
! continue;
|
|
! }
|
|
!
|
|
! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
|
|
! nn = xmlSecBnLookupTable[ch];
|
|
! if((nn < 0) || ((xmlSecSize)nn > base)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "char=%c;base=%d",
|
|
! ch, base);
|
|
! return (-1);
|
|
! }
|
|
!
|
|
! ret = xmlSecBnMul(bn, base);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnMul",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "base=%d", base);
|
|
! return (-1);
|
|
! }
|
|
!
|
|
! ret = xmlSecBnAdd(bn, nn);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnAdd",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "base=%d", base);
|
|
! return (-1);
|
|
! }
|
|
}
|
|
|
|
return(0);
|
|
--- 193,323 ----
|
|
* In truth, it would be likely less than 1/2 input string length
|
|
* because each byte is represented by 2 chars. If needed,
|
|
* buffer size would be increased by Mul/Add functions.
|
|
+ * Finally, we can add one byte for 00 or 10 prefix.
|
|
*/
|
|
! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1);
|
|
if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnRevLookupTable",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", len / 2 + 1);
|
|
! return (-1);
|
|
! }
|
|
!
|
|
! /* figure out if it is positive or negative number */
|
|
! positive = 1;
|
|
! i = 0;
|
|
! while(i < len) {
|
|
! ch = str[i++];
|
|
!
|
|
! /* skip spaces */
|
|
! if(isspace(ch)) {
|
|
! continue;
|
|
! }
|
|
!
|
|
! /* check if it is + or - */
|
|
! if(ch == '+') {
|
|
! positive = 1;
|
|
! break;
|
|
! } else if(ch == '-') {
|
|
! positive = 0;
|
|
! break;
|
|
! }
|
|
!
|
|
! /* otherwise, it must be start of the number */
|
|
! nn = xmlSecBnLookupTable[ch];
|
|
! if((nn >= 0) && ((xmlSecSize)nn < base)) {
|
|
! xmlSecAssert2(i > 0, -1);
|
|
!
|
|
! /* no sign, positive by default */
|
|
! positive = 1;
|
|
! --i; /* make sure that we will look at this character in next loop */
|
|
! break;
|
|
! } else {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "char=%c;base=%d",
|
|
! ch, base);
|
|
! return (-1);
|
|
! }
|
|
! }
|
|
!
|
|
! /* now parse the number itself */
|
|
! while(i < len) {
|
|
! ch = str[i++];
|
|
! if(isspace(ch)) {
|
|
! continue;
|
|
! }
|
|
!
|
|
! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
|
|
! nn = xmlSecBnLookupTable[ch];
|
|
! if((nn < 0) || ((xmlSecSize)nn > base)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "char=%c;base=%d",
|
|
! ch, base);
|
|
! return (-1);
|
|
! }
|
|
!
|
|
! ret = xmlSecBnMul(bn, base);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnMul",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "base=%d", base);
|
|
! return (-1);
|
|
! }
|
|
!
|
|
! ret = xmlSecBnAdd(bn, nn);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnAdd",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "base=%d", base);
|
|
! return (-1);
|
|
! }
|
|
}
|
|
|
|
! /* check if we need to add 00 prefix */
|
|
! data = xmlSecBufferGetData(bn);
|
|
! size = xmlSecBufferGetSize(bn);
|
|
! if((size > 0 && data[0] > 127)||(size==0)) {
|
|
! ch = 0;
|
|
! ret = xmlSecBufferPrepend(bn, &ch, 1);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBufferPrepend",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "base=%d", base);
|
|
! return (-1);
|
|
! }
|
|
! }
|
|
!
|
|
! /* do 2's compliment and add 1 to represent negative value */
|
|
! if(positive == 0) {
|
|
! data = xmlSecBufferGetData(bn);
|
|
! size = xmlSecBufferGetSize(bn);
|
|
! for(i = 0; i < size; ++i) {
|
|
! data[i] ^= 0xFF;
|
|
! }
|
|
!
|
|
! ret = xmlSecBnAdd(bn, 1);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnAdd",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "base=%d", base);
|
|
! return (-1);
|
|
! }
|
|
}
|
|
|
|
return(0);
|
|
***************
|
|
*** 256,263 ****
|
|
*/
|
|
xmlChar*
|
|
xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
|
|
xmlChar* res;
|
|
! xmlSecSize i, len;
|
|
int nn;
|
|
xmlChar ch;
|
|
|
|
--- 335,346 ----
|
|
*/
|
|
xmlChar*
|
|
xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
|
|
+ xmlSecBn bn2;
|
|
+ int positive = 1;
|
|
xmlChar* res;
|
|
! xmlSecSize i, len, size;
|
|
! xmlSecByte* data;
|
|
! int ret;
|
|
int nn;
|
|
xmlChar ch;
|
|
|
|
***************
|
|
*** 265,299 ****
|
|
xmlSecAssert2(base > 1, NULL);
|
|
xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
|
|
|
|
/* Result string len is
|
|
* len = log base (256) * <bn size>
|
|
* Since the smallest base == 2 then we can get away with
|
|
* len = 8 * <bn size>
|
|
*/
|
|
! len = 8 * xmlSecBufferGetSize(bn) + 1;
|
|
res = (xmlChar*)xmlMalloc(len + 1);
|
|
if(res == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
! "len=%d", len);
|
|
! return (NULL);
|
|
}
|
|
memset(res, 0, len + 1);
|
|
|
|
! for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) {
|
|
! if(xmlSecBnDiv(bn, base, &nn) < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnDiv",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "base=%d", base);
|
|
! xmlFree(res);
|
|
! return (NULL);
|
|
! }
|
|
! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
|
|
! res[i] = xmlSecBnRevLookupTable[nn];
|
|
}
|
|
xmlSecAssert2(i < len, NULL);
|
|
|
|
--- 348,433 ----
|
|
xmlSecAssert2(base > 1, NULL);
|
|
xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
|
|
|
|
+
|
|
+ /* copy bn */
|
|
+ data = xmlSecBufferGetData(bn);
|
|
+ size = xmlSecBufferGetSize(bn);
|
|
+ ret = xmlSecBnInitialize(&bn2, size);
|
|
+ if(ret < 0) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecBnCreate",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "size=%d", size);
|
|
+ return (NULL);
|
|
+ }
|
|
+
|
|
+ ret = xmlSecBnSetData(&bn2, data, size);
|
|
+ if(ret < 0) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecBnSetData",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "size=%d", size);
|
|
+ xmlSecBnFinalize(&bn2);
|
|
+ return (NULL);
|
|
+ }
|
|
+
|
|
+ /* check if it is a negative number or not */
|
|
+ data = xmlSecBufferGetData(&bn2);
|
|
+ size = xmlSecBufferGetSize(&bn2);
|
|
+ if((size > 0) && (data[0] > 127)) {
|
|
+ /* subtract 1 and do 2's compliment */
|
|
+ ret = xmlSecBnAdd(&bn2, -1);
|
|
+ if(ret < 0) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecBnAdd",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "size=%d", size);
|
|
+ xmlSecBnFinalize(&bn2);
|
|
+ return (NULL);
|
|
+ }
|
|
+ for(i = 0; i < size; ++i) {
|
|
+ data[i] ^= 0xFF;
|
|
+ }
|
|
+
|
|
+ positive = 0;
|
|
+ } else {
|
|
+ positive = 1;
|
|
+ }
|
|
+
|
|
/* Result string len is
|
|
* len = log base (256) * <bn size>
|
|
* Since the smallest base == 2 then we can get away with
|
|
* len = 8 * <bn size>
|
|
*/
|
|
! len = 8 * size + 1 + 1;
|
|
res = (xmlChar*)xmlMalloc(len + 1);
|
|
if(res == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
! "len=%d", len);
|
|
! xmlSecBnFinalize(&bn2);
|
|
! return (NULL);
|
|
}
|
|
memset(res, 0, len + 1);
|
|
|
|
! for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) {
|
|
! if(xmlSecBnDiv(&bn2, base, &nn) < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnDiv",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "base=%d", base);
|
|
! xmlFree(res);
|
|
! xmlSecBnFinalize(&bn2);
|
|
! return (NULL);
|
|
! }
|
|
! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
|
|
! res[i] = xmlSecBnRevLookupTable[nn];
|
|
}
|
|
xmlSecAssert2(i < len, NULL);
|
|
|
|
***************
|
|
*** 301,313 ****
|
|
for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
|
|
res[len] = '\0';
|
|
|
|
/* swap the string because we wrote it in reverse order */
|
|
for(i = 0; i < len / 2; i++) {
|
|
! ch = res[i];
|
|
! res[i] = res[len - i - 1];
|
|
! res[len - i - 1] = ch;
|
|
}
|
|
|
|
return(res);
|
|
}
|
|
|
|
--- 435,454 ----
|
|
for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
|
|
res[len] = '\0';
|
|
|
|
+ /* add "-" for negative numbers */
|
|
+ if(positive == 0) {
|
|
+ res[len] = '-';
|
|
+ res[++len] = '\0';
|
|
+ }
|
|
+
|
|
/* swap the string because we wrote it in reverse order */
|
|
for(i = 0; i < len / 2; i++) {
|
|
! ch = res[i];
|
|
! res[i] = res[len - i - 1];
|
|
! res[len - i - 1] = ch;
|
|
}
|
|
|
|
+ xmlSecBnFinalize(&bn2);
|
|
return(res);
|
|
}
|
|
|
|
***************
|
|
*** 392,398 ****
|
|
}
|
|
|
|
data = xmlSecBufferGetData(bn);
|
|
! for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) {
|
|
xmlSecAssert2(data != NULL, -1);
|
|
|
|
over = over + multiplier * data[--i];
|
|
--- 533,541 ----
|
|
}
|
|
|
|
data = xmlSecBufferGetData(bn);
|
|
! i = xmlSecBufferGetSize(bn);
|
|
! over = 0;
|
|
! while(i > 0) {
|
|
xmlSecAssert2(data != NULL, -1);
|
|
|
|
over = over + multiplier * data[--i];
|
|
***************
|
|
*** 487,529 ****
|
|
*/
|
|
int
|
|
xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
|
|
! int over;
|
|
xmlSecByte* data;
|
|
xmlSecSize i;
|
|
xmlSecByte ch;
|
|
int ret;
|
|
|
|
xmlSecAssert2(bn != NULL, -1);
|
|
- xmlSecAssert2(delta >= 0, -1);
|
|
|
|
if(delta == 0) {
|
|
! return(0);
|
|
}
|
|
|
|
data = xmlSecBufferGetData(bn);
|
|
! for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) {
|
|
! xmlSecAssert2(data != NULL, -1);
|
|
|
|
! over += data[--i];
|
|
! data[i] = over % 256;
|
|
! over = over / 256;
|
|
! }
|
|
|
|
! while(over > 0) {
|
|
! ch = over % 256;
|
|
! over = over / 256;
|
|
|
|
! ret = xmlSecBufferPrepend(bn, &ch, 1);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBufferPrepend",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=1");
|
|
! return (-1);
|
|
! }
|
|
}
|
|
-
|
|
return(0);
|
|
}
|
|
|
|
--- 630,686 ----
|
|
*/
|
|
int
|
|
xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
|
|
! int over, tmp;
|
|
xmlSecByte* data;
|
|
xmlSecSize i;
|
|
xmlSecByte ch;
|
|
int ret;
|
|
|
|
xmlSecAssert2(bn != NULL, -1);
|
|
|
|
if(delta == 0) {
|
|
! return(0);
|
|
}
|
|
|
|
data = xmlSecBufferGetData(bn);
|
|
! if(delta > 0) {
|
|
! for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) {
|
|
! xmlSecAssert2(data != NULL, -1);
|
|
|
|
! tmp = data[--i];
|
|
! over += tmp;
|
|
! data[i] = over % 256;
|
|
! over = over / 256;
|
|
! }
|
|
|
|
! while(over > 0) {
|
|
! ch = over % 256;
|
|
! over = over / 256;
|
|
|
|
! ret = xmlSecBufferPrepend(bn, &ch, 1);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBufferPrepend",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=1");
|
|
! return (-1);
|
|
! }
|
|
! }
|
|
! } else {
|
|
! for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) {
|
|
! xmlSecAssert2(data != NULL, -1);
|
|
!
|
|
! tmp = data[--i];
|
|
! if(tmp < over) {
|
|
! data[i] = 0;
|
|
! over = (over - tmp) / 256;
|
|
! } else {
|
|
! data[i] = tmp - over;
|
|
! over = 0;
|
|
! }
|
|
! }
|
|
}
|
|
return(0);
|
|
}
|
|
|
|
***************
|
|
*** 787,793 ****
|
|
}
|
|
|
|
if(addLineBreaks) {
|
|
! xmlNodeAddContent(cur, BAD_CAST "\n");
|
|
}
|
|
|
|
switch(format) {
|
|
--- 944,950 ----
|
|
}
|
|
|
|
if(addLineBreaks) {
|
|
! xmlNodeAddContent(cur, xmlSecStringCR);
|
|
}
|
|
|
|
switch(format) {
|
|
***************
|
|
*** 833,839 ****
|
|
}
|
|
|
|
if(addLineBreaks) {
|
|
! xmlNodeAddContent(cur, BAD_CAST "\n");
|
|
}
|
|
|
|
return(0);
|
|
--- 990,996 ----
|
|
}
|
|
|
|
if(addLineBreaks) {
|
|
! xmlNodeAddContent(cur, xmlSecStringCR);
|
|
}
|
|
|
|
return(0);
|
|
*** misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 16:57:20.000000000 +0100
|
|
--- misc/build/xmlsec1-1.2.6/src/dl.c 2005-05-09 19:54:13.189631170 +0200
|
|
***************
|
|
*** 329,334 ****
|
|
--- 329,338 ----
|
|
xmlSecCryptoDLInit(void) {
|
|
int ret;
|
|
|
|
+ /* use xmlMalloc/xmlFree */
|
|
+ xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
|
|
+ xmlsec_lt_dlfree = xmlSecCryptoDLFree;
|
|
+
|
|
ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass());
|
|
if(ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
***************
|
|
*** 350,358 ****
|
|
}
|
|
/* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */
|
|
|
|
- /* use xmlMalloc/xmlFree */
|
|
- xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc;
|
|
- xmlsec_lt_dlfree = xmlSecCryptoDLFree;
|
|
return(0);
|
|
}
|
|
|
|
--- 354,359 ----
|
|
*** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2005-05-09 19:55:57.223856925 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2005-05-09 19:54:13.190631085 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,235 ----
|
|
! /**
|
|
! * XMLSec library
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright.........................
|
|
! */
|
|
! #include "globals.h"
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/keys.h>
|
|
! #include <xmlsec/transforms.h>
|
|
! #include <xmlsec/errors.h>
|
|
!
|
|
! #include <xmlsec/mscrypto/crypto.h>
|
|
! #include <xmlsec/mscrypto/keysstore.h>
|
|
! #include <xmlsec/mscrypto/akmngr.h>
|
|
! #include <xmlsec/mscrypto/x509.h>
|
|
!
|
|
! /**
|
|
! * xmlSecMSCryptoAppliedKeysMngrCreate:
|
|
! * @hKeyStore: the pointer to key store.
|
|
! * @hCertStore: the pointer to certificate database.
|
|
! *
|
|
! * Create and load key store and certificate database into keys manager
|
|
! *
|
|
! * Returns keys manager pointer on success or NULL otherwise.
|
|
! */
|
|
! xmlSecKeysMngrPtr
|
|
! xmlSecMSCryptoAppliedKeysMngrCreate(
|
|
! HCERTSTORE hKeyStore ,
|
|
! HCERTSTORE hCertStore
|
|
! ) {
|
|
! xmlSecKeyDataStorePtr certStore = NULL ;
|
|
! xmlSecKeysMngrPtr keyMngr = NULL ;
|
|
! xmlSecKeyStorePtr keyStore = NULL ;
|
|
!
|
|
! keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
|
|
! if( keyStore == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeyStoreCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /*-
|
|
! * At present, MS Crypto engine do not provide a way to setup a key store.
|
|
! */
|
|
! if( keyStore != NULL ) {
|
|
! //TODO: binding key store.
|
|
! }
|
|
!
|
|
! keyMngr = xmlSecKeysMngrCreate() ;
|
|
! if( keyMngr == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyStoreDestroy( keyStore ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Add key store to manager, from now on keys manager destroys the store if
|
|
! * needed
|
|
! */
|
|
! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
|
|
! "xmlSecKeysMngrAdoptKeyStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyStoreDestroy( keyStore ) ;
|
|
! xmlSecKeysMngrDestroy( keyMngr ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Initialize crypto library specific data in keys manager
|
|
! */
|
|
! if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecMSCryptoKeysMngrInit" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeysMngrDestroy( keyMngr ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Set certificate databse to X509 key data store
|
|
! */
|
|
! /*-
|
|
! * At present, MS Crypto engine do not provide a way to setup a cert store.
|
|
! */
|
|
!
|
|
! /*-
|
|
! * Set the getKey callback
|
|
! */
|
|
! keyMngr->getKey = xmlSecKeysMngrGetKey ;
|
|
!
|
|
! return keyMngr ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCRYPTKEY symKey
|
|
! ) {
|
|
! //TODO: import the key into keys manager.
|
|
! return(0) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCRYPTKEY pubKey
|
|
! ) {
|
|
! //TODO: import the key into keys manager.
|
|
! return(0) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCRYPTKEY priKey
|
|
! ) {
|
|
! //TODO: import the key into keys manager.
|
|
! return(0) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCERTSTORE keyStore
|
|
! ) {
|
|
! xmlSecKeyDataStorePtr x509Store ;
|
|
!
|
|
! xmlSecAssert2( mngr != NULL, -1 ) ;
|
|
! xmlSecAssert2( keyStore != NULL, -1 ) ;
|
|
!
|
|
! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
|
|
! if( x509Store == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrGetDataStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 ) ;
|
|
! }
|
|
!
|
|
! if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
|
|
! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 ) ;
|
|
! }
|
|
!
|
|
! return( 0 ) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCERTSTORE trustedStore
|
|
! ) {
|
|
! xmlSecKeyDataStorePtr x509Store ;
|
|
!
|
|
! xmlSecAssert2( mngr != NULL, -1 ) ;
|
|
! xmlSecAssert2( trustedStore != NULL, -1 ) ;
|
|
!
|
|
! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
|
|
! if( x509Store == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrGetDataStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 ) ;
|
|
! }
|
|
!
|
|
! if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
|
|
! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 ) ;
|
|
! }
|
|
!
|
|
! return( 0 ) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! HCERTSTORE untrustedStore
|
|
! ) {
|
|
! xmlSecKeyDataStorePtr x509Store ;
|
|
!
|
|
! xmlSecAssert2( mngr != NULL, -1 ) ;
|
|
! xmlSecAssert2( untrustedStore != NULL, -1 ) ;
|
|
!
|
|
! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
|
|
! if( x509Store == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrGetDataStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 ) ;
|
|
! }
|
|
!
|
|
! if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
|
|
! "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 ) ;
|
|
! }
|
|
!
|
|
! return( 0 ) ;
|
|
! }
|
|
!
|
|
*** misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 06:06:43.000000000 +0100
|
|
--- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2005-05-09 19:54:13.192630917 +0200
|
|
***************
|
|
*** 41,46 ****
|
|
--- 41,47 ----
|
|
* a public key from xml document is provided, we need HCRYPTKEY.... The focus
|
|
* now is however directed to certificates. Wouter
|
|
*/
|
|
+ /** replaced by a wrapper style for WINNT 4.0
|
|
struct _xmlSecMSCryptoKeyDataCtx {
|
|
HCRYPTPROV hProv;
|
|
BOOL fCallerFreeProv;
|
|
***************
|
|
*** 51,56 ****
|
|
--- 52,175 ----
|
|
HCRYPTKEY hKey;
|
|
xmlSecKeyDataType type;
|
|
};
|
|
+ */
|
|
+ /*-
|
|
+ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is
|
|
+ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support
|
|
+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
|
|
+ */
|
|
+ struct _mscrypt_key {
|
|
+ HCRYPTKEY hKey ;
|
|
+ int refcnt ;
|
|
+ } ;
|
|
+
|
|
+ /*-
|
|
+ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is
|
|
+ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support
|
|
+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
|
|
+ */
|
|
+ struct _mscrypt_prov {
|
|
+ HCRYPTPROV hProv ;
|
|
+ BOOL freeprov ;
|
|
+ int refcnt ;
|
|
+ } ;
|
|
+
|
|
+ struct _xmlSecMSCryptoKeyDataCtx {
|
|
+ struct _mscrypt_prov* p_prov ;
|
|
+ LPCTSTR providerName;
|
|
+ DWORD providerType;
|
|
+ PCCERT_CONTEXT pCert;
|
|
+ DWORD dwKeySpec;
|
|
+ struct _mscrypt_key* p_key ;
|
|
+ xmlSecKeyDataType type;
|
|
+ };
|
|
+
|
|
+ struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) {
|
|
+ struct _mscrypt_key* pkey ;
|
|
+
|
|
+ pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ;
|
|
+ if( pkey == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE,
|
|
+ "mscrypt_create_key" ,
|
|
+ NULL ,
|
|
+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE
|
|
+ ) ;
|
|
+ }
|
|
+
|
|
+ pkey->hKey = key ;
|
|
+ pkey->refcnt = 1 ;
|
|
+
|
|
+ return pkey ;
|
|
+ }
|
|
+
|
|
+ struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) {
|
|
+ if( key )
|
|
+ key->refcnt ++ ;
|
|
+
|
|
+ return key ;
|
|
+ }
|
|
+
|
|
+ int mscrypt_release_key( struct _mscrypt_key* key ) {
|
|
+ if( key ) {
|
|
+ key->refcnt -- ;
|
|
+ if( !key->refcnt ) {
|
|
+ if( key->hKey ) {
|
|
+ CryptDestroyKey( key->hKey ) ;
|
|
+ key->hKey = 0 ;
|
|
+ }
|
|
+ xmlFree( key ) ;
|
|
+ } else {
|
|
+ return key->refcnt ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return 0 ;
|
|
+ }
|
|
+
|
|
+ struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) {
|
|
+ struct _mscrypt_prov* pprov ;
|
|
+
|
|
+ pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ;
|
|
+ if( pprov == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE,
|
|
+ "mscrypt_create_prov" ,
|
|
+ NULL ,
|
|
+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE
|
|
+ ) ;
|
|
+ }
|
|
+
|
|
+ pprov->hProv = prov ;
|
|
+ pprov->freeprov = callerFree ;
|
|
+ pprov->refcnt = 1 ;
|
|
+
|
|
+ return pprov ;
|
|
+ }
|
|
+
|
|
+ struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) {
|
|
+ if( prov )
|
|
+ prov->refcnt ++ ;
|
|
+
|
|
+ return prov ;
|
|
+ }
|
|
+
|
|
+ int mscrypt_release_prov( struct _mscrypt_prov* prov ) {
|
|
+ if( prov ) {
|
|
+ prov->refcnt -- ;
|
|
+ if( !prov->refcnt ) {
|
|
+ if( prov->hProv && prov->freeprov ) {
|
|
+ CryptReleaseContext( prov->hProv, 0 ) ;
|
|
+ prov->hProv = 0 ;
|
|
+ }
|
|
+ xmlFree( prov ) ;
|
|
+ } else {
|
|
+ return prov->refcnt ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return 0 ;
|
|
+ }
|
|
|
|
/******************************************************************************
|
|
*
|
|
***************
|
|
*** 88,111 ****
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! if (ctx->hKey != 0) {
|
|
! CryptDestroyKey(ctx->hKey);
|
|
! ctx->hKey = 0;
|
|
! }
|
|
|
|
if(ctx->pCert != NULL) {
|
|
CertFreeCertificateContext(ctx->pCert);
|
|
ctx->pCert = NULL;
|
|
}
|
|
|
|
! if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) {
|
|
! CryptReleaseContext(ctx->hProv, 0);
|
|
! ctx->hProv = 0;
|
|
! ctx->fCallerFreeProv = FALSE;
|
|
! } else {
|
|
! ctx->hProv = 0;
|
|
! ctx->fCallerFreeProv = FALSE;
|
|
! }
|
|
|
|
ctx->type = type;
|
|
|
|
--- 207,226 ----
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! if( ctx->p_key != 0 ) {
|
|
! mscrypt_release_key( ctx->p_key ) ;
|
|
! }
|
|
! ctx->p_key = mscrypt_create_key( 0 ) ;
|
|
|
|
if(ctx->pCert != NULL) {
|
|
CertFreeCertificateContext(ctx->pCert);
|
|
ctx->pCert = NULL;
|
|
}
|
|
|
|
! if( ( ctx->p_prov ) ) {
|
|
! mscrypt_release_prov( ctx->p_prov ) ;
|
|
! }
|
|
! ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ;
|
|
|
|
ctx->type = type;
|
|
|
|
***************
|
|
*** 116,124 ****
|
|
if (!CryptAcquireCertificatePrivateKey(pCert,
|
|
CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
|
|
NULL,
|
|
! &(ctx->hProv),
|
|
&(ctx->dwKeySpec),
|
|
! &(ctx->fCallerFreeProv))) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
"CryptAcquireCertificatePrivateKey",
|
|
--- 231,239 ----
|
|
if (!CryptAcquireCertificatePrivateKey(pCert,
|
|
CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
|
|
NULL,
|
|
! &(ctx->p_prov->hProv),
|
|
&(ctx->dwKeySpec),
|
|
! &(ctx->p_prov->freeprov))) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
"CryptAcquireCertificatePrivateKey",
|
|
***************
|
|
*** 127,172 ****
|
|
return(-1);
|
|
}
|
|
} else if((type & xmlSecKeyDataTypePublic) != 0){
|
|
! if (!CryptAcquireContext(&(ctx->hProv),
|
|
NULL,
|
|
! ctx->providerName,
|
|
ctx->providerType,
|
|
CRYPT_VERIFYCONTEXT)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CryptAcquireContext",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! ctx->dwKeySpec = 0;
|
|
! ctx->fCallerFreeProv = TRUE;
|
|
} else {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
NULL,
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
"Unsupported keytype");
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* CryptImportPublicKeyInfo is only needed when a real key handle
|
|
! * is needed. The key handle is needed for de/encrypting and for
|
|
! * verifying of a signature, *not* for signing. We could call
|
|
! * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead
|
|
! * so no unnessecary calls to CryptImportPublicKeyInfo are being
|
|
! * made. WK
|
|
! */
|
|
! if(!CryptImportPublicKeyInfo(ctx->hProv,
|
|
! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
! &(pCert->pCertInfo->SubjectPublicKeyInfo),
|
|
! &(ctx->hKey))) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CryptImportPublicKeyInfo",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
}
|
|
ctx->pCert = pCert;
|
|
|
|
--- 242,280 ----
|
|
return(-1);
|
|
}
|
|
} else if((type & xmlSecKeyDataTypePublic) != 0){
|
|
! if (!CryptAcquireContext(&(ctx->p_prov->hProv),
|
|
NULL,
|
|
! NULL, /*AF: replaces "ctx->providerName" with "NULL" */
|
|
ctx->providerType,
|
|
CRYPT_VERIFYCONTEXT)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CryptAcquireContext",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! ctx->dwKeySpec = 0;
|
|
! ctx->p_prov->freeprov = TRUE;
|
|
!
|
|
! if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv,
|
|
! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
! &(pCert->pCertInfo->SubjectPublicKeyInfo),
|
|
! &(ctx->p_key->hKey) ) ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CryptImportPublicKeyInfo",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
} else {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
NULL,
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
"Unsupported keytype");
|
|
! return(-1);
|
|
}
|
|
ctx->pCert = pCert;
|
|
|
|
***************
|
|
*** 190,218 ****
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! if(ctx->hKey != 0) {
|
|
! CryptDestroyKey(ctx->hKey);
|
|
! ctx->hKey = 0;
|
|
! }
|
|
|
|
if(ctx->pCert != NULL) {
|
|
CertFreeCertificateContext(ctx->pCert);
|
|
ctx->pCert = NULL;
|
|
}
|
|
|
|
! if((ctx->hProv != 0) && ctx->fCallerFreeProv) {
|
|
! CryptReleaseContext(ctx->hProv, 0);
|
|
! ctx->hProv = 0;
|
|
! ctx->fCallerFreeProv = FALSE;
|
|
! } else {
|
|
! ctx->hProv = 0;
|
|
! ctx->fCallerFreeProv = FALSE;
|
|
! }
|
|
|
|
! ctx->hProv = hProv;
|
|
! ctx->fCallerFreeProv = fCallerFreeProv;
|
|
ctx->dwKeySpec = dwKeySpec;
|
|
! ctx->hKey = hKey;
|
|
ctx->type = type;
|
|
|
|
return(0);
|
|
--- 298,323 ----
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! if( ctx->p_key != 0 ) {
|
|
! mscrypt_release_key( ctx->p_key ) ;
|
|
! ctx->p_key = NULL ;
|
|
! }
|
|
|
|
if(ctx->pCert != NULL) {
|
|
CertFreeCertificateContext(ctx->pCert);
|
|
ctx->pCert = NULL;
|
|
}
|
|
|
|
! if( ( ctx->p_prov ) ) {
|
|
! mscrypt_release_prov( ctx->p_prov ) ;
|
|
! ctx->p_prov = NULL ;
|
|
! } else {
|
|
! ctx->p_prov = NULL ;
|
|
! }
|
|
|
|
! ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ;
|
|
ctx->dwKeySpec = dwKeySpec;
|
|
! ctx->p_key = mscrypt_create_key( hKey ) ;
|
|
ctx->type = type;
|
|
|
|
return(0);
|
|
***************
|
|
*** 238,244 ****
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, 0);
|
|
|
|
! return(ctx->hKey);
|
|
}
|
|
|
|
/**
|
|
--- 343,349 ----
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, 0);
|
|
|
|
! return( ctx->p_key ? ctx->p_key->hKey : 0 );
|
|
}
|
|
|
|
/**
|
|
***************
|
|
*** 273,279 ****
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, 0);
|
|
|
|
! return(ctx->hProv);
|
|
}
|
|
|
|
DWORD
|
|
--- 378,384 ----
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, 0);
|
|
|
|
! return( ctx->p_prov ? ctx->p_prov->hProv : 0 );
|
|
}
|
|
|
|
DWORD
|
|
***************
|
|
*** 316,340 ****
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
- }
|
|
-
|
|
- if (ctxSrc->hKey != 0) {
|
|
- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
- "CryptDuplicateKey",
|
|
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
}
|
|
! if(ctxSrc->hProv != 0) {
|
|
! CryptContextAddRef(ctxSrc->hProv, NULL, 0);
|
|
! ctxDst->hProv = ctxSrc->hProv;
|
|
! ctxDst->fCallerFreeProv = TRUE;
|
|
! } else {
|
|
! ctxDst->hProv = 0;
|
|
! ctxDst->fCallerFreeProv = FALSE;
|
|
}
|
|
|
|
ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
|
|
--- 421,456 ----
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
}
|
|
!
|
|
! if( ctxSrc->p_key ) {
|
|
! if( ctxDst->p_key )
|
|
! mscrypt_release_key( ctxDst->p_key ) ;
|
|
!
|
|
! ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ;
|
|
! if( !ctxDst->p_key ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
! "mscrypt_acquire_key",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! if( ctxSrc->p_prov ) {
|
|
! if( ctxDst->p_prov )
|
|
! mscrypt_release_prov( ctxDst->p_prov ) ;
|
|
!
|
|
! ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ;
|
|
! if( !ctxDst->p_prov ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
! "mscrypt_acquire_prov",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
}
|
|
|
|
ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
|
|
***************
|
|
*** 355,370 ****
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert(ctx != NULL);
|
|
|
|
! if (ctx->hKey != 0) {
|
|
! CryptDestroyKey(ctx->hKey);
|
|
}
|
|
|
|
if(ctx->pCert != NULL) {
|
|
CertFreeCertificateContext(ctx->pCert);
|
|
}
|
|
|
|
! if ((ctx->hProv != 0) && ctx->fCallerFreeProv) {
|
|
! CryptReleaseContext(ctx->hProv, 0);
|
|
}
|
|
|
|
memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
|
|
--- 471,486 ----
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
|
|
xmlSecAssert(ctx != NULL);
|
|
|
|
! if( ctx->p_key ) {
|
|
! mscrypt_release_key( ctx->p_key ) ;
|
|
}
|
|
|
|
if(ctx->pCert != NULL) {
|
|
CertFreeCertificateContext(ctx->pCert);
|
|
}
|
|
|
|
! if( ctx->p_prov ) {
|
|
! mscrypt_release_prov( ctx->p_prov ) ;
|
|
}
|
|
|
|
memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
|
|
***************
|
|
*** 384,397 ****
|
|
xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0);
|
|
return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
&(ctx->pCert->pCertInfo->SubjectPublicKeyInfo)));
|
|
! } else if (ctx->hKey != 0) {
|
|
DWORD length = 0;
|
|
DWORD lenlen = sizeof(DWORD);
|
|
!
|
|
! if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
! "CertDuplicateCertificateContext",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(0);
|
|
--- 500,513 ----
|
|
xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0);
|
|
return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
&(ctx->pCert->pCertInfo->SubjectPublicKeyInfo)));
|
|
! } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) {
|
|
DWORD length = 0;
|
|
DWORD lenlen = sizeof(DWORD);
|
|
!
|
|
! if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
! "CryptGetKeyParam",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(0);
|
|
***************
|
|
*** 938,946 ****
|
|
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(ctx->hKey != 0, -1);
|
|
|
|
! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"CryptExportKey",
|
|
--- 1054,1063 ----
|
|
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(ctx->p_key != 0, -1);
|
|
! xmlSecAssert2(ctx->p_key->hKey != 0, -1);
|
|
|
|
! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"CryptExportKey",
|
|
***************
|
|
*** 960,966 ****
|
|
}
|
|
|
|
blob = xmlSecBufferGetData(&buf);
|
|
! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"CryptExportKey",
|
|
--- 1077,1083 ----
|
|
}
|
|
|
|
blob = xmlSecBufferGetData(&buf);
|
|
! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"CryptExportKey",
|
|
***************
|
|
*** 1797,1805 ****
|
|
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(ctx->hKey != 0, -1);
|
|
|
|
! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"CryptExportKey",
|
|
--- 1914,1923 ----
|
|
|
|
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(ctx->p_key != 0, -1);
|
|
! xmlSecAssert2(ctx->p_key->hKey != 0, -1);
|
|
|
|
! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"CryptExportKey",
|
|
***************
|
|
*** 1819,1825 ****
|
|
}
|
|
|
|
blob = xmlSecBufferGetData(&buf);
|
|
! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"CryptExportKey",
|
|
--- 1937,1943 ----
|
|
}
|
|
|
|
blob = xmlSecBufferGetData(&buf);
|
|
! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"CryptExportKey",
|
|
***************
|
|
*** 2010,2016 ****
|
|
HCRYPTKEY hKey = 0;
|
|
DWORD dwKeySpec;
|
|
DWORD dwSize;
|
|
- int res = -1;
|
|
int ret;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
|
|
--- 2128,2133 ----
|
|
***************
|
|
*** 2043,2054 ****
|
|
dwKeySpec = AT_SIGNATURE;
|
|
dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
|
|
if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CryptGenKey",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
}
|
|
|
|
ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
|
|
--- 2160,2173 ----
|
|
dwKeySpec = AT_SIGNATURE;
|
|
dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
|
|
if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CryptGenKey",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
! if (hProv != 0)
|
|
! CryptReleaseContext(hProv, 0);
|
|
! return -1 ;
|
|
}
|
|
|
|
ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
|
|
***************
|
|
*** 2059,2082 ****
|
|
"xmlSecMSCryptoKeyDataAdoptKey",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
! hProv = 0;
|
|
! hKey = 0;
|
|
|
|
! /* success */
|
|
! res = 0;
|
|
!
|
|
! done:
|
|
! if (hProv != 0) {
|
|
! CryptReleaseContext(ctx->hProv, 0);
|
|
}
|
|
|
|
! if (hKey != 0) {
|
|
! CryptDestroyKey(hKey);
|
|
! }
|
|
!
|
|
! return(res);
|
|
}
|
|
|
|
static xmlSecKeyDataType
|
|
--- 2178,2194 ----
|
|
"xmlSecMSCryptoKeyDataAdoptKey",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
! if( hKey != 0 )
|
|
! CryptDestroyKey( hKey ) ;
|
|
! if( hProv != 0 )
|
|
! CryptReleaseContext( hProv, 0 ) ;
|
|
|
|
! return -1 ;
|
|
}
|
|
+ hProv = 0 ;
|
|
+ hKey = 0 ;
|
|
|
|
! return 0 ;
|
|
}
|
|
|
|
static xmlSecKeyDataType
|
|
*** misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 03:38:51.000000000 +0100
|
|
--- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2005-05-09 19:54:13.193630832 +0200
|
|
***************
|
|
*** 330,342 ****
|
|
BYTE*
|
|
xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
|
|
BYTE* str = NULL;
|
|
!
|
|
xmlSecAssert2(pszX500 != NULL, NULL);
|
|
xmlSecAssert2(len != NULL, NULL);
|
|
|
|
if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
|
|
! NULL, NULL, len, NULL)) {
|
|
/* this might not be an error, string might just not exist */
|
|
return(NULL);
|
|
}
|
|
|
|
--- 330,344 ----
|
|
BYTE*
|
|
xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
|
|
BYTE* str = NULL;
|
|
! LPCTSTR ppszError = NULL;
|
|
!
|
|
xmlSecAssert2(pszX500 != NULL, NULL);
|
|
xmlSecAssert2(len != NULL, NULL);
|
|
|
|
if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
|
|
! NULL, NULL, len, &ppszError)) {
|
|
/* this might not be an error, string might just not exist */
|
|
+ DWORD dw = GetLastError();
|
|
return(NULL);
|
|
}
|
|
|
|
*** misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 02:58:13.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2005-05-09 19:54:13.195630664 +0200
|
|
***************
|
|
*** 1572,1577 ****
|
|
--- 1572,1578 ----
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecMSCryptoX509DataCtxPtr ctx;
|
|
xmlSecKeyDataStorePtr x509Store;
|
|
+ PCCERT_CONTEXT pCert ;
|
|
int ret;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
|
|
***************
|
|
*** 1610,1615 ****
|
|
--- 1611,1619 ----
|
|
return(-1);
|
|
}
|
|
|
|
+ /*-
|
|
+ * Get Public key from cert, which does not always work for sign action.
|
|
+ *
|
|
keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert);
|
|
if(keyValue == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
***************
|
|
*** 1619,1624 ****
|
|
--- 1623,1673 ----
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
+ */
|
|
+
|
|
+ /*-
|
|
+ * I'll search key according to KeyReq.
|
|
+ */
|
|
+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
|
|
+ if( pCert == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
+ "CertDuplicateCertificateContext",
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
|
|
+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
|
|
+ if(keyValue == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
+ "xmlSecMSCryptoCertAdopt",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+
|
|
+ CertFreeCertificateContext( pCert ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+ pCert = NULL ;
|
|
+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
|
|
+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
|
|
+ if(keyValue == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
+ "xmlSecMSCryptoCertAdopt",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+
|
|
+ CertFreeCertificateContext( pCert ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+ pCert = NULL ;
|
|
+ }
|
|
+
|
|
+
|
|
|
|
/* verify that the key matches our expectations */
|
|
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
|
|
***************
|
|
*** 1882,1888 ****
|
|
xmlSecAssert2(nm->pbData != NULL, NULL);
|
|
xmlSecAssert2(nm->cbData > 0, NULL);
|
|
|
|
! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0);
|
|
str = (char *)xmlMalloc(csz);
|
|
if (NULL == str) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
--- 1931,1937 ----
|
|
xmlSecAssert2(nm->pbData != NULL, NULL);
|
|
xmlSecAssert2(nm->cbData > 0, NULL);
|
|
|
|
! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
|
|
str = (char *)xmlMalloc(csz);
|
|
if (NULL == str) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
***************
|
|
*** 1893,1899 ****
|
|
return (NULL);
|
|
}
|
|
|
|
! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz);
|
|
if (csz < 1) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
--- 1942,1948 ----
|
|
return (NULL);
|
|
}
|
|
|
|
! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz);
|
|
if (csz < 1) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
***************
|
|
*** 1904,1920 ****
|
|
return(NULL);
|
|
}
|
|
|
|
! res = xmlStrdup(BAD_CAST str);
|
|
! if(res == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlStrdup",
|
|
! XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlFree(str);
|
|
! return(NULL);
|
|
}
|
|
-
|
|
xmlFree(str);
|
|
return(res);
|
|
}
|
|
--- 1953,1989 ----
|
|
return(NULL);
|
|
}
|
|
|
|
! /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead.
|
|
! * don't ask me how is it possible not to read something you wrote yourself but also
|
|
! * see comment in the xmlSecMSCryptoX509FindCert function.
|
|
! */
|
|
! if(strncmp(str, "E=", 2) == 0) {
|
|
! res = xmlMalloc(strlen(str) + 13 + 1);
|
|
! if(res == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlMalloc",
|
|
! XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
! "size=%d",
|
|
! strlen(str) + 13 + 1);
|
|
! xmlFree(str);
|
|
! return(NULL);
|
|
! }
|
|
!
|
|
! memcpy(res, "emailAddress=", 13);
|
|
! strcpy(res + 13, BAD_CAST (str + 2));
|
|
! } else {
|
|
! res = xmlStrdup(BAD_CAST str);
|
|
! if(res == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlStrdup",
|
|
! XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlFree(str);
|
|
! return(NULL);
|
|
! }
|
|
}
|
|
xmlFree(str);
|
|
return(res);
|
|
}
|
|
*** misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 05:12:22.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2005-05-09 19:54:13.197630495 +0200
|
|
***************
|
|
*** 125,130 ****
|
|
--- 125,131 ----
|
|
xmlChar *issuerName, xmlChar *issuerSerial,
|
|
xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
|
|
xmlSecMSCryptoX509StoreCtxPtr ctx;
|
|
+ PCCERT_CONTEXT pCert ;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL);
|
|
xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
***************
|
|
*** 132,141 ****
|
|
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
|
|
xmlSecAssert2(ctx != NULL, NULL);
|
|
xmlSecAssert2(ctx->untrusted != NULL, NULL);
|
|
|
|
! return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski));
|
|
! }
|
|
|
|
|
|
static void
|
|
xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
|
|
--- 133,149 ----
|
|
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
|
|
xmlSecAssert2(ctx != NULL, NULL);
|
|
xmlSecAssert2(ctx->untrusted != NULL, NULL);
|
|
+ xmlSecAssert2(ctx->trusted != NULL, NULL);
|
|
|
|
! pCert = NULL ;
|
|
! if( ctx->untrusted != NULL )
|
|
! pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ;
|
|
!
|
|
! if( ctx->trusted != NULL && pCert == NULL )
|
|
! pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ;
|
|
|
|
+ return( pCert ) ;
|
|
+ }
|
|
|
|
static void
|
|
xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
|
|
***************
|
|
*** 252,268 ****
|
|
}
|
|
|
|
static BOOL
|
|
! xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs,
|
|
! xmlSecKeyInfoCtx* keyInfoCtx) {
|
|
xmlSecMSCryptoX509StoreCtxPtr ctx;
|
|
PCCERT_CONTEXT issuerCert = NULL;
|
|
FILETIME fTime;
|
|
DWORD flags;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
|
|
xmlSecAssert2(cert != NULL, FALSE);
|
|
xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
|
|
! xmlSecAssert2(certs != NULL, FALSE);
|
|
xmlSecAssert2(keyInfoCtx != NULL, FALSE);
|
|
|
|
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
|
|
--- 260,281 ----
|
|
}
|
|
|
|
static BOOL
|
|
! xmlSecMSCryptoX509StoreConstructCertsChain(
|
|
! xmlSecKeyDataStorePtr store ,
|
|
! PCCERT_CONTEXT cert ,
|
|
! HCERTSTORE certStore ,
|
|
! xmlSecKeyInfoCtx* keyInfoCtx
|
|
! ) {
|
|
xmlSecMSCryptoX509StoreCtxPtr ctx;
|
|
PCCERT_CONTEXT issuerCert = NULL;
|
|
FILETIME fTime;
|
|
DWORD flags;
|
|
+ BOOL selfSigned ;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
|
|
xmlSecAssert2(cert != NULL, FALSE);
|
|
xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
|
|
! xmlSecAssert2(certStore != NULL, FALSE);
|
|
xmlSecAssert2(keyInfoCtx != NULL, FALSE);
|
|
|
|
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
|
|
***************
|
|
*** 283,342 ****
|
|
return(FALSE);
|
|
}
|
|
|
|
! if (!xmlSecMSCryptoCheckRevocation(certs, cert)) {
|
|
return(FALSE);
|
|
}
|
|
|
|
! /* try the untrusted certs in the chain */
|
|
! issuerCert = CertFindCertificateInStore(certs,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_SUBJECT_NAME,
|
|
! &(cert->pCertInfo->Issuer),
|
|
NULL);
|
|
! if(issuerCert == cert) {
|
|
! /* self signed cert, forget it */
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! } else if(issuerCert != NULL) {
|
|
! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
|
|
! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
|
|
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(FALSE);
|
|
! }
|
|
! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
|
|
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(FALSE);
|
|
! }
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(TRUE);
|
|
}
|
|
|
|
! /* try the untrusted certs in the store */
|
|
! issuerCert = CertFindCertificateInStore(ctx->untrusted,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_SUBJECT_NAME,
|
|
&(cert->pCertInfo->Issuer),
|
|
NULL);
|
|
! if(issuerCert == cert) {
|
|
! /* self signed cert, forget it */
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! } else if(issuerCert != NULL) {
|
|
! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
|
|
! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
|
|
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(FALSE);
|
|
! }
|
|
! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(FALSE);
|
|
}
|
|
- CertFreeCertificateContext(issuerCert);
|
|
- return(TRUE);
|
|
- }
|
|
|
|
/* try to find issuer cert in the trusted cert in the store */
|
|
issuerCert = CertFindCertificateInStore(ctx->trusted,
|
|
--- 296,380 ----
|
|
return(FALSE);
|
|
}
|
|
|
|
! if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) {
|
|
return(FALSE);
|
|
}
|
|
|
|
! /*-
|
|
! * Firstly try to find the cert in the trusted cert store. We will trust
|
|
! * the certificate in the trusted store.
|
|
! */
|
|
! issuerCert = CertFindCertificateInStore(ctx->trusted,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_SUBJECT_NAME,
|
|
! &(cert->pCertInfo->Subject),
|
|
NULL);
|
|
! if( issuerCert != NULL ) {
|
|
! /* We have found the trusted cert, so return true */
|
|
! CertFreeCertificateContext( issuerCert ) ;
|
|
! return( TRUE ) ;
|
|
}
|
|
|
|
! /* Check whether the certificate is self signed certificate */
|
|
! selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ;
|
|
!
|
|
! /* try the untrusted certs in the chain */
|
|
! if( !selfSigned ) {
|
|
! issuerCert = CertFindCertificateInStore(certStore,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_SUBJECT_NAME,
|
|
&(cert->pCertInfo->Issuer),
|
|
NULL);
|
|
! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
|
|
! /* self signed cert, forget it */
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! } else if(issuerCert != NULL) {
|
|
! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
|
|
! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
|
|
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(FALSE);
|
|
! }
|
|
! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
|
|
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(FALSE);
|
|
! }
|
|
!
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(TRUE);
|
|
! }
|
|
! }
|
|
!
|
|
! /* try the untrusted certs in the store */
|
|
! if( !selfSigned ) {
|
|
! issuerCert = CertFindCertificateInStore(ctx->untrusted,
|
|
! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
! 0,
|
|
! CERT_FIND_SUBJECT_NAME,
|
|
! &(cert->pCertInfo->Issuer),
|
|
! NULL);
|
|
! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) {
|
|
! /* self signed cert, forget it */
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! } else if(issuerCert != NULL) {
|
|
! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
|
|
! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
|
|
! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(FALSE);
|
|
! }
|
|
! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) {
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(FALSE);
|
|
! }
|
|
!
|
|
! CertFreeCertificateContext(issuerCert);
|
|
! return(TRUE);
|
|
! }
|
|
}
|
|
|
|
/* try to find issuer cert in the trusted cert in the store */
|
|
issuerCert = CertFindCertificateInStore(ctx->trusted,
|
|
***************
|
|
*** 379,404 ****
|
|
xmlSecAssert2(certs != NULL, NULL);
|
|
xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
|
|
! while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){
|
|
! PCCERT_CONTEXT nextCert = NULL;
|
|
|
|
! xmlSecAssert2(cert->pCertInfo != NULL, NULL);
|
|
|
|
! /* if cert is the issuer of any other cert in the list, then it is
|
|
! * to be skipped */
|
|
! nextCert = CertFindCertificateInStore(certs,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_ISSUER_NAME,
|
|
&(cert->pCertInfo->Subject),
|
|
! NULL);
|
|
! if(nextCert != NULL) {
|
|
! CertFreeCertificateContext(nextCert);
|
|
! continue;
|
|
! }
|
|
! if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
|
|
! return(cert);
|
|
! }
|
|
}
|
|
|
|
return (NULL);
|
|
--- 417,463 ----
|
|
xmlSecAssert2(certs != NULL, NULL);
|
|
xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
|
|
! while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) {
|
|
! PCCERT_CONTEXT nextCert ;
|
|
! unsigned char selected ;
|
|
|
|
! xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ;
|
|
|
|
! /* if cert is the issuer of any other cert in the list, then it is
|
|
! * to be skipped except that the cert list only have one self-signed
|
|
! * certificate.
|
|
! */
|
|
! for( selected = 0, nextCert = NULL ; ; ) {
|
|
! nextCert = CertFindCertificateInStore( certs,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_ISSUER_NAME,
|
|
&(cert->pCertInfo->Subject),
|
|
! nextCert ) ;
|
|
! if( nextCert != NULL ) {
|
|
! if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) {
|
|
! selected = 1 ;
|
|
! continue ;
|
|
! } else {
|
|
! selected = 0 ;
|
|
! break ;
|
|
! }
|
|
! } else {
|
|
! selected = 1 ;
|
|
! break ;
|
|
! }
|
|
! }
|
|
!
|
|
! if( nextCert != NULL )
|
|
! CertFreeCertificateContext( nextCert ) ;
|
|
!
|
|
! if( !selected ) {
|
|
! continue ;
|
|
! }
|
|
!
|
|
! if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) {
|
|
! return( cert ) ;
|
|
! }
|
|
}
|
|
|
|
return (NULL);
|
|
***************
|
|
*** 458,466 ****
|
|
--- 517,642 ----
|
|
return(0);
|
|
}
|
|
|
|
+ int
|
|
+ xmlSecMSCryptoX509StoreAdoptKeyStore (
|
|
+ xmlSecKeyDataStorePtr store,
|
|
+ HCERTSTORE keyStore
|
|
+ ) {
|
|
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
|
|
+ int ret;
|
|
+
|
|
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
|
|
+ xmlSecAssert2( keyStore != NULL, -1);
|
|
+
|
|
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
|
|
+ xmlSecAssert2(ctx != NULL, -1);
|
|
+ xmlSecAssert2(ctx->trusted != NULL, -1);
|
|
+
|
|
+ if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
+ "CertAddStoreToCollection",
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ {
|
|
+ PCCERT_CONTEXT ptCert ;
|
|
+
|
|
+ ptCert = NULL ;
|
|
+ while( 1 ) {
|
|
+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
|
|
+ if( ptCert == NULL )
|
|
+ break ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return(0);
|
|
+ }
|
|
+
|
|
+ int
|
|
+ xmlSecMSCryptoX509StoreAdoptTrustedStore (
|
|
+ xmlSecKeyDataStorePtr store,
|
|
+ HCERTSTORE trustedStore
|
|
+ ) {
|
|
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
|
|
+ int ret;
|
|
+
|
|
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
|
|
+ xmlSecAssert2( trustedStore != NULL, -1);
|
|
+
|
|
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
|
|
+ xmlSecAssert2(ctx != NULL, -1);
|
|
+ xmlSecAssert2(ctx->trusted != NULL, -1);
|
|
+
|
|
+ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
+ "CertAddStoreToCollection",
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ {
|
|
+ PCCERT_CONTEXT ptCert ;
|
|
+
|
|
+ ptCert = NULL ;
|
|
+ while( 1 ) {
|
|
+ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ;
|
|
+ if( ptCert == NULL )
|
|
+ break ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return(0);
|
|
+ }
|
|
+
|
|
+ int
|
|
+ xmlSecMSCryptoX509StoreAdoptUntrustedStore (
|
|
+ xmlSecKeyDataStorePtr store,
|
|
+ HCERTSTORE untrustedStore
|
|
+ ) {
|
|
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
|
|
+ int ret;
|
|
+
|
|
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
|
|
+ xmlSecAssert2( untrustedStore != NULL, -1);
|
|
+
|
|
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
|
|
+ xmlSecAssert2(ctx != NULL, -1);
|
|
+ xmlSecAssert2(ctx->untrusted != NULL, -1);
|
|
+
|
|
+ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
+ "CertAddStoreToCollection",
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ {
|
|
+ PCCERT_CONTEXT ptCert ;
|
|
+
|
|
+ ptCert = NULL ;
|
|
+ while( 1 ) {
|
|
+ ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ;
|
|
+ if( ptCert == NULL )
|
|
+ break ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return(0);
|
|
+ }
|
|
+
|
|
static int
|
|
xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) {
|
|
xmlSecMSCryptoX509StoreCtxPtr ctx;
|
|
+ HCERTSTORE hTrustedMemStore ;
|
|
+ HCERTSTORE hUntrustedMemStore ;
|
|
+
|
|
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
|
|
|
|
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
|
|
***************
|
|
*** 468,503 ****
|
|
|
|
memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
|
|
|
|
/* create trusted certs store */
|
|
! ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_STORE_CREATE_NEW_FLAG,
|
|
NULL);
|
|
! if(ctx->trusted == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
"CertOpenStore",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
! /* create trusted certs store */
|
|
! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_STORE_CREATE_NEW_FLAG,
|
|
NULL);
|
|
! if(ctx->untrusted == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
"CertOpenStore",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
return(0);
|
|
}
|
|
|
|
--- 644,747 ----
|
|
|
|
memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
|
|
|
|
+ /* create trusted certs store collection */
|
|
+ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
|
|
+ 0,
|
|
+ NULL,
|
|
+ 0,
|
|
+ NULL);
|
|
+ if(ctx->trusted == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
+ "CertOpenStore",
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
/* create trusted certs store */
|
|
! hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_STORE_CREATE_NEW_FLAG,
|
|
NULL);
|
|
! if(hTrustedMemStore == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
"CertOpenStore",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
|
|
+ ctx->trusted = NULL ;
|
|
return(-1);
|
|
}
|
|
|
|
! /* add the memory trusted certs store to trusted certs store collection */
|
|
! if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! "CertAddStoreToCollection",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
|
|
! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
|
|
! ctx->trusted = NULL ;
|
|
! return(-1);
|
|
! }
|
|
! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
|
|
!
|
|
! /* create untrusted certs store collection */
|
|
! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
|
|
! 0,
|
|
! NULL,
|
|
! 0,
|
|
! NULL);
|
|
! if(ctx->untrusted == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! "CertOpenStore",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
|
|
! ctx->trusted = NULL ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* create untrusted certs store */
|
|
! hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_STORE_CREATE_NEW_FLAG,
|
|
NULL);
|
|
! if(hUntrustedMemStore == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
"CertOpenStore",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
|
|
+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
|
|
+ ctx->trusted = NULL ;
|
|
+ ctx->untrusted = NULL ;
|
|
return(-1);
|
|
}
|
|
|
|
+ /* add the memory trusted certs store to untrusted certs store collection */
|
|
+ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
+ "CertAddStoreToCollection",
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
|
|
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
|
|
+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
|
|
+ ctx->trusted = NULL ;
|
|
+ ctx->untrusted = NULL ;
|
|
+ return(-1);
|
|
+ }
|
|
+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
|
|
+
|
|
return(0);
|
|
}
|
|
|
|
***************
|
|
*** 567,576 ****
|
|
--- 811,851 ----
|
|
|
|
if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
|
|
xmlSecBn issuerSerialBn;
|
|
+ xmlChar * p;
|
|
CERT_NAME_BLOB cnb;
|
|
+ CRYPT_INTEGER_BLOB cib;
|
|
BYTE *cName = NULL;
|
|
DWORD cNameLen = 0;
|
|
+
|
|
+ /* aleksey: for some unknown to me reasons, mscrypto wants Email
|
|
+ * instead of emailAddress. This code is not bullet proof and may
|
|
+ * produce incorrect results if someone has "emailAddress=" string
|
|
+ * in one of the fields, but it is best I can suggest to fix this problem.
|
|
+ * Also see xmlSecMSCryptoX509NameWrite function.
|
|
+ */
|
|
+ while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) {
|
|
+ memcpy(p, " Email=", 13);
|
|
+ }
|
|
+
|
|
+
|
|
+
|
|
+ /* get issuer name */
|
|
+ cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
+ issuerName,
|
|
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
|
|
+ &cNameLen);
|
|
+ if(cName == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecMSCryptoCertStrToName",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return (NULL);
|
|
+ }
|
|
+ cnb.pbData = cName;
|
|
+ cnb.cbData = cNameLen;
|
|
|
|
+ /* get serial number */
|
|
ret = xmlSecBnInitialize(&issuerSerialBn, 0);
|
|
if(ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
***************
|
|
*** 578,583 ****
|
|
--- 853,859 ----
|
|
"xmlSecBnInitialize",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlFree(cName);
|
|
return(NULL);
|
|
}
|
|
|
|
***************
|
|
*** 589,614 ****
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
xmlSecBnFinalize(&issuerSerialBn);
|
|
! return(NULL);
|
|
}
|
|
|
|
! cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
! issuerName,
|
|
! CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
|
|
! &cNameLen);
|
|
! if(cName == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
! "xmlSecMSCryptoCertStrToName",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
xmlSecBnFinalize(&issuerSerialBn);
|
|
! return (NULL);
|
|
}
|
|
|
|
! cnb.pbData = cName;
|
|
! cnb.cbData = cNameLen;
|
|
! while((pCert = CertFindCertificateInStore(store,
|
|
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_ISSUER_NAME,
|
|
--- 865,894 ----
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
xmlSecBnFinalize(&issuerSerialBn);
|
|
! xmlFree(cName);
|
|
! return(NULL);
|
|
}
|
|
|
|
! /* I have no clue why at a sudden a swap is needed to
|
|
! * convert from lsb... This code is purely based upon
|
|
! * trial and error :( WK
|
|
! */
|
|
! ret = xmlSecBnReverse(&issuerSerialBn);
|
|
! if(ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
! "xmlSecBnReverse",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
xmlSecBnFinalize(&issuerSerialBn);
|
|
! xmlFree(cName);
|
|
! return(NULL);
|
|
}
|
|
|
|
! cib.pbData = xmlSecBufferGetData(&issuerSerialBn);
|
|
! cib.cbData = xmlSecBufferGetSize(&issuerSerialBn);
|
|
!
|
|
! while((pCert = CertFindCertificateInStore(store,
|
|
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_ISSUER_NAME,
|
|
***************
|
|
*** 622,631 ****
|
|
if((pCert->pCertInfo != NULL) &&
|
|
(pCert->pCertInfo->SerialNumber.pbData != NULL) &&
|
|
(pCert->pCertInfo->SerialNumber.cbData > 0) &&
|
|
! (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData,
|
|
! pCert->pCertInfo->SerialNumber.cbData))) {
|
|
!
|
|
! break;
|
|
}
|
|
}
|
|
xmlFree(cName);
|
|
--- 902,910 ----
|
|
if((pCert->pCertInfo != NULL) &&
|
|
(pCert->pCertInfo->SerialNumber.pbData != NULL) &&
|
|
(pCert->pCertInfo->SerialNumber.cbData > 0) &&
|
|
! (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE)
|
|
! ) {
|
|
! break;
|
|
}
|
|
}
|
|
xmlFree(cName);
|
|
*** misc/xmlsec1-1.2.6/src/nss/akmngr.c 2005-05-09 19:55:57.206858359 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2005-05-09 19:54:13.199630327 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,381 ----
|
|
! /**
|
|
! * XMLSec library
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright.........................
|
|
! */
|
|
! #include "globals.h"
|
|
!
|
|
! #include <nspr.h>
|
|
! #include <nss.h>
|
|
! #include <pk11func.h>
|
|
! #include <cert.h>
|
|
! #include <keyhi.h>
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/keys.h>
|
|
! #include <xmlsec/transforms.h>
|
|
! #include <xmlsec/errors.h>
|
|
!
|
|
! #include <xmlsec/nss/crypto.h>
|
|
! #include <xmlsec/nss/tokens.h>
|
|
! #include <xmlsec/nss/akmngr.h>
|
|
! #include <xmlsec/nss/pkikeys.h>
|
|
! #include <xmlsec/nss/ciphers.h>
|
|
! #include <xmlsec/nss/keysstore.h>
|
|
!
|
|
! /**
|
|
! * xmlSecNssAppliedKeysMngrCreate:
|
|
! * @slot: the pointer to NSS PKCS#11 slot infomation.
|
|
! * @handler: the pointer to NSS certificate database.
|
|
! *
|
|
! * Create and load NSS crypto slot and certificate database into keys manager
|
|
! *
|
|
! * Returns keys manager pointer on success or NULL otherwise.
|
|
! */
|
|
! xmlSecKeysMngrPtr
|
|
! xmlSecNssAppliedKeysMngrCreate(
|
|
! PK11SlotInfo* slot ,
|
|
! CERTCertDBHandle* handler
|
|
! ) {
|
|
! xmlSecKeyDataStorePtr certStore = NULL ;
|
|
! xmlSecKeysMngrPtr keyMngr = NULL ;
|
|
! xmlSecKeyStorePtr keyStore = NULL ;
|
|
!
|
|
! keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
|
|
! if( keyStore == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeyStoreCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! if( slot != NULL ) {
|
|
! xmlSecNssKeySlotPtr keySlot ;
|
|
!
|
|
! /* Create a key slot */
|
|
! keySlot = xmlSecNssKeySlotCreate() ;
|
|
! if( keySlot == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
|
|
! "xmlSecNssKeySlotCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyStoreDestroy( keyStore ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /* Set slot */
|
|
! if( xmlSecNssKeySlotSetSlot( keySlot , slot ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
|
|
! "xmlSecNssKeySlotSetSlot" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyStoreDestroy( keyStore ) ;
|
|
! xmlSecNssKeySlotDestroy( keySlot ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /* Adopt keySlot */
|
|
! if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
|
|
! "xmlSecNssKeysStoreAdoptKeySlot" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyStoreDestroy( keyStore ) ;
|
|
! xmlSecNssKeySlotDestroy( keySlot ) ;
|
|
! return NULL ;
|
|
! }
|
|
! }
|
|
!
|
|
! keyMngr = xmlSecKeysMngrCreate() ;
|
|
! if( keyMngr == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyStoreDestroy( keyStore ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Add key store to manager, from now on keys manager destroys the store if
|
|
! * needed
|
|
! */
|
|
! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
|
|
! "xmlSecKeysMngrAdoptKeyStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyStoreDestroy( keyStore ) ;
|
|
! xmlSecKeysMngrDestroy( keyMngr ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Initialize crypto library specific data in keys manager
|
|
! */
|
|
! if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeysMngrDestroy( keyMngr ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Set certificate databse to X509 key data store
|
|
! */
|
|
! /**
|
|
! * Because Tej's implementation of certDB use the default DB, so I ignore
|
|
! * the certDB handler at present. I'll modify the cert store sources to
|
|
! * accept particular certDB instead of default ones.
|
|
! certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
|
|
! if( certStore == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
|
|
! "xmlSecKeysMngrGetDataStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeysMngrDestroy( keyMngr ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
|
|
! "xmlSecNssKeyDataStoreX509SetCertDb" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeysMngrDestroy( keyMngr ) ;
|
|
! return NULL ;
|
|
! }
|
|
! */
|
|
!
|
|
! /*-
|
|
! * Set the getKey callback
|
|
! */
|
|
! keyMngr->getKey = xmlSecKeysMngrGetKey ;
|
|
!
|
|
! return keyMngr ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssAppliedKeysMngrSymKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! PK11SymKey* symKey
|
|
! ) {
|
|
! xmlSecKeyPtr key ;
|
|
! xmlSecKeyDataPtr data ;
|
|
! xmlSecKeyStorePtr keyStore ;
|
|
!
|
|
! xmlSecAssert2( mngr != NULL , -1 ) ;
|
|
! xmlSecAssert2( symKey != NULL , -1 ) ;
|
|
!
|
|
! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
|
|
! if( keyStore == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrGetKeysStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1) ;
|
|
! }
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
!
|
|
! data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
|
|
! if( data == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! key = xmlSecKeyCreate() ;
|
|
! if( key == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! if( xmlSecKeySetValue( key , data ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDestroy( key ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! return(0) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssAppliedKeysMngrPubKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! SECKEYPublicKey* pubKey
|
|
! ) {
|
|
! xmlSecKeyPtr key ;
|
|
! xmlSecKeyDataPtr data ;
|
|
! xmlSecKeyStorePtr keyStore ;
|
|
!
|
|
! xmlSecAssert2( mngr != NULL , -1 ) ;
|
|
! xmlSecAssert2( pubKey != NULL , -1 ) ;
|
|
!
|
|
! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
|
|
! if( keyStore == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrGetKeysStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1) ;
|
|
! }
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
!
|
|
! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
|
|
! if( data == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssPKIAdoptKey" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! key = xmlSecKeyCreate() ;
|
|
! if( key == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! if( xmlSecKeySetValue( key , data ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDestroy( key ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! return(0) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssAppliedKeysMngrPriKeyLoad(
|
|
! xmlSecKeysMngrPtr mngr ,
|
|
! SECKEYPrivateKey* priKey
|
|
! ) {
|
|
! xmlSecKeyPtr key ;
|
|
! xmlSecKeyDataPtr data ;
|
|
! xmlSecKeyStorePtr keyStore ;
|
|
!
|
|
! xmlSecAssert2( mngr != NULL , -1 ) ;
|
|
! xmlSecAssert2( priKey != NULL , -1 ) ;
|
|
!
|
|
! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
|
|
! if( keyStore == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeysMngrGetKeysStore" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1) ;
|
|
! }
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
!
|
|
! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
|
|
! if( data == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssPKIAdoptKey" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! key = xmlSecKeyCreate() ;
|
|
! if( key == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! if( xmlSecKeySetValue( key , data ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSymKeyDataKeyAdopt" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDestroy( key ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! return(0) ;
|
|
! }
|
|
!
|
|
*** misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 02:58:15.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2005-05-09 19:54:13.204629905 +0200
|
|
***************
|
|
*** 1,838 ****
|
|
! /**
|
|
! * XMLSec library
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
|
|
! * Copyright (c) 2003 America Online, Inc. All rights reserved.
|
|
! */
|
|
#include "globals.h"
|
|
|
|
#include <string.h>
|
|
|
|
- #include <nspr.h>
|
|
#include <nss.h>
|
|
- #include <secoid.h>
|
|
#include <pk11func.h>
|
|
|
|
#include <xmlsec/xmlsec.h>
|
|
#include <xmlsec/keys.h>
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
|
|
! #define XMLSEC_NSS_MAX_KEY_SIZE 32
|
|
! #define XMLSEC_NSS_MAX_IV_SIZE 32
|
|
! #define XMLSEC_NSS_MAX_BLOCK_SIZE 32
|
|
!
|
|
! /**************************************************************************
|
|
! *
|
|
! * Internal Nss Block cipher CTX
|
|
*
|
|
! *****************************************************************************/
|
|
! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
|
|
! *xmlSecNssBlockCipherCtxPtr;
|
|
struct _xmlSecNssBlockCipherCtx {
|
|
! CK_MECHANISM_TYPE cipher;
|
|
! PK11Context* cipherCtx;
|
|
! xmlSecKeyDataId keyId;
|
|
! int keyInitialized;
|
|
! int ctxInitialized;
|
|
! xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
|
|
! xmlSecSize keySize;
|
|
! xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
|
|
! xmlSecSize ivSize;
|
|
! };
|
|
! static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
|
|
! xmlSecBufferPtr in,
|
|
! xmlSecBufferPtr out,
|
|
! int encrypt,
|
|
! const xmlChar* cipherName,
|
|
! xmlSecTransformCtxPtr transformCtx);
|
|
! static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
|
|
! xmlSecBufferPtr in,
|
|
! xmlSecBufferPtr out,
|
|
! int encrypt,
|
|
! const xmlChar* cipherName,
|
|
! xmlSecTransformCtxPtr transformCtx);
|
|
! static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
|
|
! xmlSecBufferPtr in,
|
|
! xmlSecBufferPtr out,
|
|
! int encrypt,
|
|
! const xmlChar* cipherName,
|
|
! xmlSecTransformCtxPtr transformCtx);
|
|
! static int
|
|
! xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
|
|
! xmlSecBufferPtr in, xmlSecBufferPtr out,
|
|
! int encrypt,
|
|
! const xmlChar* cipherName,
|
|
! xmlSecTransformCtxPtr transformCtx) {
|
|
! SECItem keyItem;
|
|
! SECItem ivItem;
|
|
! PK11SlotInfo* slot;
|
|
! PK11SymKey* symKey;
|
|
! int ivLen;
|
|
! SECStatus rv;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(ctx->cipher != 0, -1);
|
|
! xmlSecAssert2(ctx->cipherCtx == NULL, -1);
|
|
! xmlSecAssert2(ctx->keyInitialized != 0, -1);
|
|
! xmlSecAssert2(ctx->ctxInitialized == 0, -1);
|
|
! xmlSecAssert2(in != NULL, -1);
|
|
! xmlSecAssert2(out != NULL, -1);
|
|
! xmlSecAssert2(transformCtx != NULL, -1);
|
|
!
|
|
! ivLen = PK11_GetIVLength(ctx->cipher);
|
|
! xmlSecAssert2(ivLen > 0, -1);
|
|
! xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
|
|
!
|
|
! if(encrypt) {
|
|
! /* generate random iv */
|
|
! rv = PK11_GenerateRandom(ctx->iv, ivLen);
|
|
! if(rv != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "PK11_GenerateRandom",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "size=%d", ivLen);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* write iv to the output */
|
|
! ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "xmlSecBufferAppend",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", ivLen);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! } else {
|
|
! /* if we don't have enough data, exit and hope that
|
|
! * we'll have iv next time */
|
|
! if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
|
|
! return(0);
|
|
! }
|
|
!
|
|
! /* copy iv to our buffer*/
|
|
! xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
|
|
! memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
|
|
!
|
|
! /* and remove from input */
|
|
! ret = xmlSecBufferRemoveHead(in, ivLen);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "xmlSecBufferRemoveHead",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", ivLen);
|
|
! return(-1);
|
|
}
|
|
! }
|
|
|
|
! memset(&keyItem, 0, sizeof(keyItem));
|
|
! keyItem.data = ctx->key;
|
|
! keyItem.len = ctx->keySize;
|
|
! memset(&ivItem, 0, sizeof(ivItem));
|
|
! ivItem.data = ctx->iv;
|
|
! ivItem.len = ctx->ivSize;
|
|
!
|
|
! slot = PK11_GetBestSlot(ctx->cipher, NULL);
|
|
! if(slot == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "PK11_GetBestSlot",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
|
|
! CKA_SIGN, &keyItem, NULL);
|
|
! if(symKey == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "PK11_ImportSymKey",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! PK11_FreeSlot(slot);
|
|
! return(-1);
|
|
! }
|
|
|
|
! ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
|
|
! (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
|
|
! symKey, &ivItem);
|
|
! if(ctx->cipherCtx == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "PK11_CreateContextBySymKey",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! PK11_FreeSymKey(symKey);
|
|
! PK11_FreeSlot(slot);
|
|
! return(-1);
|
|
}
|
|
!
|
|
! ctx->ctxInitialized = 1;
|
|
! PK11_FreeSymKey(symKey);
|
|
! PK11_FreeSlot(slot);
|
|
! return(0);
|
|
}
|
|
|
|
! static int
|
|
! xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
|
|
! xmlSecBufferPtr in, xmlSecBufferPtr out,
|
|
! int encrypt,
|
|
! const xmlChar* cipherName,
|
|
! xmlSecTransformCtxPtr transformCtx) {
|
|
! xmlSecSize inSize, inBlocks, outSize;
|
|
! int blockLen;
|
|
! int outLen = 0;
|
|
! xmlSecByte* outBuf;
|
|
! SECStatus rv;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(ctx->cipher != 0, -1);
|
|
! xmlSecAssert2(ctx->cipherCtx != NULL, -1);
|
|
! xmlSecAssert2(ctx->ctxInitialized != 0, -1);
|
|
! xmlSecAssert2(in != NULL, -1);
|
|
! xmlSecAssert2(out != NULL, -1);
|
|
! xmlSecAssert2(transformCtx != NULL, -1);
|
|
|
|
! blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
|
|
! xmlSecAssert2(blockLen > 0, -1);
|
|
|
|
! inSize = xmlSecBufferGetSize(in);
|
|
! outSize = xmlSecBufferGetSize(out);
|
|
!
|
|
! if(inSize < (xmlSecSize)blockLen) {
|
|
! return(0);
|
|
! }
|
|
|
|
! if(encrypt) {
|
|
! inBlocks = inSize / ((xmlSecSize)blockLen);
|
|
! } else {
|
|
! /* we want to have the last block in the input buffer
|
|
! * for padding check */
|
|
! inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
|
|
! }
|
|
! inSize = inBlocks * ((xmlSecSize)blockLen);
|
|
|
|
! /* we write out the input size plus may be one block */
|
|
! ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "xmlSecBufferSetMaxSize",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", outSize + inSize + blockLen);
|
|
! return(-1);
|
|
! }
|
|
! outBuf = xmlSecBufferGetData(out) + outSize;
|
|
!
|
|
! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
|
|
! xmlSecBufferGetData(in), inSize);
|
|
! if(rv != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "PK11_CipherOp",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
|
|
!
|
|
! /* set correct output buffer size */
|
|
! ret = xmlSecBufferSetSize(out, outSize + outLen);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "xmlSecBufferSetSize",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", outSize + outLen);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* remove the processed block from input */
|
|
! ret = xmlSecBufferRemoveHead(in, inSize);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "xmlSecBufferRemoveHead",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", inSize);
|
|
! return(-1);
|
|
! }
|
|
! return(0);
|
|
}
|
|
|
|
! static int
|
|
! xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
|
|
! xmlSecBufferPtr in,
|
|
! xmlSecBufferPtr out,
|
|
! int encrypt,
|
|
! const xmlChar* cipherName,
|
|
! xmlSecTransformCtxPtr transformCtx) {
|
|
! xmlSecSize inSize, outSize;
|
|
! int blockLen, outLen = 0;
|
|
! xmlSecByte* inBuf;
|
|
! xmlSecByte* outBuf;
|
|
! SECStatus rv;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(ctx->cipher != 0, -1);
|
|
! xmlSecAssert2(ctx->cipherCtx != NULL, -1);
|
|
! xmlSecAssert2(ctx->ctxInitialized != 0, -1);
|
|
! xmlSecAssert2(in != NULL, -1);
|
|
! xmlSecAssert2(out != NULL, -1);
|
|
! xmlSecAssert2(transformCtx != NULL, -1);
|
|
!
|
|
! blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
|
|
! xmlSecAssert2(blockLen > 0, -1);
|
|
|
|
! inSize = xmlSecBufferGetSize(in);
|
|
! outSize = xmlSecBufferGetSize(out);
|
|
|
|
! if(encrypt != 0) {
|
|
! xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
|
|
!
|
|
! /* create padding */
|
|
! ret = xmlSecBufferSetMaxSize(in, blockLen);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "xmlSecBufferSetMaxSize",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", blockLen);
|
|
! return(-1);
|
|
! }
|
|
! inBuf = xmlSecBufferGetData(in);
|
|
!
|
|
! /* generate random padding */
|
|
! if((xmlSecSize)blockLen > (inSize + 1)) {
|
|
! rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
|
|
! if(rv != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "PK11_GenerateRandom",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "size=%d", blockLen - inSize - 1);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
! inBuf[blockLen - 1] = blockLen - inSize;
|
|
! inSize = blockLen;
|
|
! } else {
|
|
! if(inSize != (xmlSecSize)blockLen) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "data=%d;block=%d", inSize, blockLen);
|
|
! return(-1);
|
|
}
|
|
- }
|
|
-
|
|
- /* process last block */
|
|
- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
|
|
- if(ret < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- xmlSecErrorsSafeString(cipherName),
|
|
- "xmlSecBufferSetMaxSize",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "size=%d", outSize + 2 * blockLen);
|
|
- return(-1);
|
|
- }
|
|
- outBuf = xmlSecBufferGetData(out) + outSize;
|
|
|
|
! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
|
|
! xmlSecBufferGetData(in), inSize);
|
|
! if(rv != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "PK11_CipherOp",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
|
|
!
|
|
! if(encrypt == 0) {
|
|
! /* check padding */
|
|
! if(outLen < outBuf[blockLen - 1]) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "padding=%d;buffer=%d",
|
|
! outBuf[blockLen - 1], outLen);
|
|
! return(-1);
|
|
! }
|
|
! outLen -= outBuf[blockLen - 1];
|
|
! }
|
|
!
|
|
! /* set correct output buffer size */
|
|
! ret = xmlSecBufferSetSize(out, outSize + outLen);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "xmlSecBufferSetSize",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", outSize + outLen);
|
|
! return(-1);
|
|
! }
|
|
|
|
! /* remove the processed block from input */
|
|
! ret = xmlSecBufferRemoveHead(in, inSize);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(cipherName),
|
|
! "xmlSecBufferRemoveHead",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "size=%d", inSize);
|
|
! return(-1);
|
|
! }
|
|
|
|
! return(0);
|
|
}
|
|
|
|
!
|
|
! /******************************************************************************
|
|
! *
|
|
! * EVP Block Cipher transforms
|
|
*
|
|
! * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
|
|
*
|
|
! *****************************************************************************/
|
|
! #define xmlSecNssBlockCipherSize \
|
|
! (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
|
|
! #define xmlSecNssBlockCipherGetCtx(transform) \
|
|
! ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
|
|
!
|
|
! static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
|
|
! static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
|
|
! static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
|
|
! xmlSecKeyReqPtr keyReq);
|
|
! static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
|
|
! xmlSecKeyPtr key);
|
|
! static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
|
|
! int last,
|
|
! xmlSecTransformCtxPtr transformCtx);
|
|
! static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
|
|
!
|
|
|
|
|
|
static int
|
|
! xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
|
|
! #ifndef XMLSEC_NO_DES
|
|
! if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
|
|
! return(1);
|
|
! }
|
|
! #endif /* XMLSEC_NO_DES */
|
|
|
|
! #ifndef XMLSEC_NO_AES
|
|
! if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
|
|
! xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
|
|
! xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
|
|
!
|
|
! return(1);
|
|
! }
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
! return(0);
|
|
}
|
|
|
|
static int
|
|
! xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
|
|
! xmlSecNssBlockCipherCtxPtr ctx;
|
|
!
|
|
! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
|
|
|
|
! ctx = xmlSecNssBlockCipherGetCtx(transform);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
!
|
|
! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
|
|
|
|
! #ifndef XMLSEC_NO_DES
|
|
! if(transform->id == xmlSecNssTransformDes3CbcId) {
|
|
! ctx->cipher = CKM_DES3_CBC;
|
|
! ctx->keyId = xmlSecNssKeyDataDesId;
|
|
! ctx->keySize = 24;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_DES */
|
|
!
|
|
! #ifndef XMLSEC_NO_AES
|
|
! if(transform->id == xmlSecNssTransformAes128CbcId) {
|
|
! ctx->cipher = CKM_AES_CBC;
|
|
! ctx->keyId = xmlSecNssKeyDataAesId;
|
|
! ctx->keySize = 16;
|
|
! } else if(transform->id == xmlSecNssTransformAes192CbcId) {
|
|
! ctx->cipher = CKM_AES_CBC;
|
|
! ctx->keyId = xmlSecNssKeyDataAesId;
|
|
! ctx->keySize = 24;
|
|
! } else if(transform->id == xmlSecNssTransformAes256CbcId) {
|
|
! ctx->cipher = CKM_AES_CBC;
|
|
! ctx->keyId = xmlSecNssKeyDataAesId;
|
|
! ctx->keySize = 32;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
! if(1) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_TRANSFORM,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
}
|
|
|
|
! static void
|
|
! xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
|
|
! xmlSecNssBlockCipherCtxPtr ctx;
|
|
|
|
! xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
|
|
! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
|
|
|
|
! ctx = xmlSecNssBlockCipherGetCtx(transform);
|
|
! xmlSecAssert(ctx != NULL);
|
|
|
|
! if(ctx->cipherCtx != NULL) {
|
|
! PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
|
|
! }
|
|
!
|
|
! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
|
|
}
|
|
|
|
- static int
|
|
- xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
|
|
- xmlSecNssBlockCipherCtxPtr ctx;
|
|
|
|
- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
|
|
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
|
|
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
|
|
- xmlSecAssert2(keyReq != NULL, -1);
|
|
-
|
|
- ctx = xmlSecNssBlockCipherGetCtx(transform);
|
|
- xmlSecAssert2(ctx != NULL, -1);
|
|
- xmlSecAssert2(ctx->keyId != NULL, -1);
|
|
-
|
|
- keyReq->keyId = ctx->keyId;
|
|
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
|
|
- if(transform->operation == xmlSecTransformOperationEncrypt) {
|
|
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
|
|
- } else {
|
|
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
|
|
- }
|
|
- keyReq->keyBitsSize = 8 * ctx->keySize;
|
|
- return(0);
|
|
- }
|
|
|
|
static int
|
|
! xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
|
|
! xmlSecNssBlockCipherCtxPtr ctx;
|
|
! xmlSecBufferPtr buffer;
|
|
!
|
|
! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
|
|
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
|
|
! xmlSecAssert2(key != NULL, -1);
|
|
!
|
|
! ctx = xmlSecNssBlockCipherGetCtx(transform);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(ctx->cipher != 0, -1);
|
|
! xmlSecAssert2(ctx->keyInitialized == 0, -1);
|
|
! xmlSecAssert2(ctx->keyId != NULL, -1);
|
|
! xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
|
|
!
|
|
! xmlSecAssert2(ctx->keySize > 0, -1);
|
|
! xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
|
|
!
|
|
! buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
|
|
! xmlSecAssert2(buffer != NULL, -1);
|
|
!
|
|
! if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
|
|
! "keySize=%d;expected=%d",
|
|
! xmlSecBufferGetSize(buffer), ctx->keySize);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
|
|
! memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
|
|
!
|
|
! ctx->keyInitialized = 1;
|
|
! return(0);
|
|
}
|
|
|
|
! static int
|
|
! xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
|
|
! xmlSecNssBlockCipherCtxPtr ctx;
|
|
! xmlSecBufferPtr in, out;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
|
|
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
|
|
! xmlSecAssert2(transformCtx != NULL, -1);
|
|
|
|
! in = &(transform->inBuf);
|
|
! out = &(transform->outBuf);
|
|
|
|
- ctx = xmlSecNssBlockCipherGetCtx(transform);
|
|
- xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! if(transform->status == xmlSecTransformStatusNone) {
|
|
! transform->status = xmlSecTransformStatusWorking;
|
|
! }
|
|
|
|
! if(transform->status == xmlSecTransformStatusWorking) {
|
|
! if(ctx->ctxInitialized == 0) {
|
|
! ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
|
|
! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
|
|
! xmlSecTransformGetName(transform), transformCtx);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! "xmlSecNssBlockCipherCtxInit",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
! if((ctx->ctxInitialized == 0) && (last != 0)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "not enough data to initialize transform");
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if(ctx->ctxInitialized != 0) {
|
|
! ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
|
|
! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
|
|
! xmlSecTransformGetName(transform), transformCtx);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! "xmlSecNssBlockCipherCtxUpdate",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! if(last) {
|
|
! ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
|
|
! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
|
|
! xmlSecTransformGetName(transform), transformCtx);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! "xmlSecNssBlockCipherCtxFinal",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! transform->status = xmlSecTransformStatusFinished;
|
|
! }
|
|
! } else if(transform->status == xmlSecTransformStatusFinished) {
|
|
! /* the only way we can get here is if there is no input */
|
|
! xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
|
|
! } else if(transform->status == xmlSecTransformStatusNone) {
|
|
! /* the only way we can get here is if there is no enough data in the input */
|
|
! xmlSecAssert2(last == 0, -1);
|
|
! } else {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS,
|
|
! "status=%d", transform->status);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
|
|
|
|
! #ifndef XMLSEC_NO_AES
|
|
! /*********************************************************************
|
|
! *
|
|
! * AES CBC cipher transforms
|
|
! *
|
|
! ********************************************************************/
|
|
! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameAes128Cbc, /* const xmlChar* name; */
|
|
! xmlSecHrefAes128Cbc, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
|
|
! /**
|
|
! * xmlSecNssTransformAes128CbcGetKlass:
|
|
! *
|
|
! * AES 128 CBC encryption transform klass.
|
|
! *
|
|
! * Returns pointer to AES 128 CBC encryption transform.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformAes128CbcGetKlass(void) {
|
|
! return(&xmlSecNssAes128CbcKlass);
|
|
! }
|
|
|
|
! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameAes192Cbc, /* const xmlChar* name; */
|
|
! xmlSecHrefAes192Cbc, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
|
|
/**
|
|
! * xmlSecNssTransformAes192CbcGetKlass:
|
|
! *
|
|
! * AES 192 CBC encryption transform klass.
|
|
! *
|
|
! * Returns pointer to AES 192 CBC encryption transform.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformAes192CbcGetKlass(void) {
|
|
! return(&xmlSecNssAes192CbcKlass);
|
|
}
|
|
|
|
- static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
|
|
- /* klass/object sizes */
|
|
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
|
|
-
|
|
- xmlSecNameAes256Cbc, /* const xmlChar* name; */
|
|
- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
|
|
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
-
|
|
- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
- NULL, /* xmlSecTransformValidateMethod validate; */
|
|
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
-
|
|
- NULL, /* void* reserved0; */
|
|
- NULL, /* void* reserved1; */
|
|
- };
|
|
-
|
|
/**
|
|
! * xmlSecNssTransformAes256CbcGetKlass:
|
|
! *
|
|
! * AES 256 CBC encryption transform klass.
|
|
! *
|
|
! * Returns pointer to AES 256 CBC encryption transform.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformAes256CbcGetKlass(void) {
|
|
! return(&xmlSecNssAes256CbcKlass);
|
|
}
|
|
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
! #ifndef XMLSEC_NO_DES
|
|
! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameDes3Cbc, /* const xmlChar* name; */
|
|
! xmlSecHrefDes3Cbc, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
|
|
! /**
|
|
! * xmlSecNssTransformDes3CbcGetKlass:
|
|
*
|
|
! * Triple DES CBC encryption transform klass.
|
|
! *
|
|
! * Returns pointer to Triple DES encryption transform.
|
|
*/
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformDes3CbcGetKlass(void) {
|
|
! return(&xmlSecNssDes3CbcKlass);
|
|
}
|
|
! #endif /* XMLSEC_NO_DES */
|
|
|
|
--- 1,951 ----
|
|
! /* -- C Source File -- **/
|
|
#include "globals.h"
|
|
|
|
+ #include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include <nss.h>
|
|
#include <pk11func.h>
|
|
|
|
#include <xmlsec/xmlsec.h>
|
|
+ #include <xmlsec/xmltree.h>
|
|
+ #include <xmlsec/base64.h>
|
|
#include <xmlsec/keys.h>
|
|
+ #include <xmlsec/keyinfo.h>
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
+ #include <xmlsec/nss/ciphers.h>
|
|
|
|
! /**
|
|
! * Internal Nss Block Cipher Context
|
|
*
|
|
! * This context is designed for repositing a block cipher for transform
|
|
! */
|
|
! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
|
|
! typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
|
|
!
|
|
struct _xmlSecNssBlockCipherCtx {
|
|
! CK_MECHANISM_TYPE cipher ;
|
|
! PK11SymKey* symkey ;
|
|
! PK11Context* cipherCtx ;
|
|
! xmlSecKeyDataId keyId ;
|
|
! } ;
|
|
!
|
|
! #define xmlSecNssBlockCipherSize \
|
|
! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
|
|
!
|
|
! #define xmlSecNssBlockCipherGetCtx( transform ) \
|
|
! ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
|
|
!
|
|
! static int
|
|
! xmlSecNssBlockCipherCheckId(
|
|
! xmlSecTransformPtr transform
|
|
! ) {
|
|
! #ifndef XMLSEC_NO_DES
|
|
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
|
|
! return 1 ;
|
|
}
|
|
! #endif /* XMLSEC_NO_DES */
|
|
|
|
! #ifndef XMLSEC_NO_AES
|
|
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
|
|
! xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
|
|
! xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
|
|
|
|
! return 1 ;
|
|
}
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
! return 0 ;
|
|
}
|
|
|
|
! static int
|
|
! xmlSecNssBlockCipherFetchCtx(
|
|
! xmlSecNssBlockCipherCtxPtr context ,
|
|
! xmlSecTransformId id
|
|
! ) {
|
|
! xmlSecAssert2( context != NULL, -1 ) ;
|
|
!
|
|
! #ifndef XMLSEC_NO_DES
|
|
! if( id == xmlSecNssTransformDes3CbcId ) {
|
|
! context->cipher = CKM_DES3_CBC ;
|
|
! context->keyId = xmlSecNssKeyDataDesId ;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_DES */
|
|
!
|
|
! #ifndef XMLSEC_NO_AES
|
|
! if( id == xmlSecNssTransformAes128CbcId ) {
|
|
! context->cipher = CKM_AES_CBC ;
|
|
! context->keyId = xmlSecNssKeyDataAesId ;
|
|
! } else
|
|
! if( id == xmlSecNssTransformAes192CbcId ) {
|
|
! context->cipher = CKM_AES_CBC ;
|
|
! context->keyId = xmlSecNssKeyDataAesId ;
|
|
! } else
|
|
! if( id == xmlSecNssTransformAes256CbcId ) {
|
|
! context->cipher = CKM_AES_CBC ;
|
|
! context->keyId = xmlSecNssKeyDataAesId ;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
! if( 1 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
|
|
! return 0 ;
|
|
! }
|
|
|
|
! /**
|
|
! * xmlSecTransformInitializeMethod:
|
|
! * @transform: the pointer to transform object.
|
|
! *
|
|
! * The transform specific initialization method.
|
|
! *
|
|
! * Returns 0 on success or a negative value otherwise.
|
|
! */
|
|
! static int
|
|
! xmlSecNssBlockCipherInitialize(
|
|
! xmlSecTransformPtr transform
|
|
! ) {
|
|
! xmlSecNssBlockCipherCtxPtr context = NULL ;
|
|
!
|
|
! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
|
|
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
|
|
!
|
|
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherFetchCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
|
|
! context->symkey = NULL ;
|
|
! context->cipherCtx = NULL ;
|
|
|
|
! return 0 ;
|
|
}
|
|
|
|
! /**
|
|
! * xmlSecTransformFinalizeMethod:
|
|
! * @transform: the pointer to transform object.
|
|
! *
|
|
! * The transform specific destroy method.
|
|
! */
|
|
! static void
|
|
! xmlSecNssBlockCipherFinalize(
|
|
! xmlSecTransformPtr transform
|
|
! ) {
|
|
! xmlSecNssBlockCipherCtxPtr context = NULL ;
|
|
|
|
! xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
|
|
! xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
|
|
|
|
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return ;
|
|
}
|
|
|
|
! if( context->cipherCtx != NULL ) {
|
|
! PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
|
|
! context->cipherCtx = NULL ;
|
|
! }
|
|
|
|
! if( context->symkey != NULL ) {
|
|
! PK11_FreeSymKey( context->symkey ) ;
|
|
! context->symkey = NULL ;
|
|
! }
|
|
|
|
! context->cipher = CKM_INVALID_MECHANISM ;
|
|
! context->keyId = NULL ;
|
|
}
|
|
|
|
! /**
|
|
! * xmlSecTransformSetKeyRequirementsMethod:
|
|
! * @transform: the pointer to transform object.
|
|
! * @keyReq: the pointer to key requirements structure.
|
|
*
|
|
! * Transform specific method to set transform's key requirements.
|
|
*
|
|
! * Returns 0 on success or a negative value otherwise.
|
|
! */
|
|
! static int
|
|
! xmlSecNssBlockCipherSetKeyReq(
|
|
! xmlSecTransformPtr transform ,
|
|
! xmlSecKeyReqPtr keyReq
|
|
! ) {
|
|
! xmlSecNssBlockCipherCtxPtr context = NULL ;
|
|
! xmlSecSize cipherSize = 0 ;
|
|
!
|
|
! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
|
|
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
|
|
! xmlSecAssert2( keyReq != NULL , -1 ) ;
|
|
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
|
|
!
|
|
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! keyReq->keyId = context->keyId ;
|
|
! keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
|
|
!
|
|
! if( transform->operation == xmlSecTransformOperationEncrypt ) {
|
|
! keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
|
|
! } else {
|
|
! keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
|
|
! }
|
|
!
|
|
! /*
|
|
! if( context->symkey != NULL )
|
|
! cipherSize = PK11_GetKeyLength( context->symkey ) ;
|
|
!
|
|
! keyReq->keyBitsSize = cipherSize * 8 ;
|
|
! */
|
|
|
|
+ return 0 ;
|
|
+ }
|
|
|
|
+ /**
|
|
+ * xmlSecTransformSetKeyMethod:
|
|
+ * @transform: the pointer to transform object.
|
|
+ * @key: the pointer to key.
|
|
+ *
|
|
+ * The transform specific method to set the key for use.
|
|
+ *
|
|
+ * Returns 0 on success or a negative value otherwise.
|
|
+ */
|
|
static int
|
|
! xmlSecNssBlockCipherSetKey(
|
|
! xmlSecTransformPtr transform ,
|
|
! xmlSecKeyPtr key
|
|
! ) {
|
|
! xmlSecNssBlockCipherCtxPtr context = NULL ;
|
|
! xmlSecKeyDataPtr keyData = NULL ;
|
|
! PK11SymKey* symkey = NULL ;
|
|
! CK_ATTRIBUTE_TYPE operation ;
|
|
! int ivLen ;
|
|
!
|
|
! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
|
|
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
|
|
! xmlSecAssert2( key != NULL , -1 ) ;
|
|
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
|
|
!
|
|
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
|
|
! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
|
|
!
|
|
! keyData = xmlSecKeyGetValue( key ) ;
|
|
! if( keyData == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
|
|
! "xmlSecKeyGetValue" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
|
|
! "xmlSecNssSymKeyDataGetKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
|
|
! context->symkey = symkey ;
|
|
!
|
|
! return 0 ;
|
|
}
|
|
|
|
+ /**
|
|
+ * Block cipher transform init
|
|
+ */
|
|
static int
|
|
! xmlSecNssBlockCipherCtxInit(
|
|
! xmlSecNssBlockCipherCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! const xmlChar* cipherName ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! SECItem ivItem ;
|
|
! SECItem* secParam = NULL ;
|
|
! xmlSecBufferPtr ivBuf = NULL ;
|
|
! int ivLen ;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! ivLen = PK11_GetIVLength( ctx->cipher ) ;
|
|
! if( ivLen < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_GetIVLength" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferCreate" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( encrypt ) {
|
|
! if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "PK11_GenerateRandom" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy( ivBuf ) ;
|
|
! return -1 ;
|
|
! }
|
|
! if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferSetSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy( ivBuf ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferAppend" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy( ivBuf ) ;
|
|
! return -1 ;
|
|
! }
|
|
! } else {
|
|
! if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferSetData" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy( ivBuf ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy( ivBuf ) ;
|
|
! return -1 ;
|
|
! }
|
|
! }
|
|
!
|
|
! ivItem.data = xmlSecBufferGetData( ivBuf ) ;
|
|
! ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
|
|
! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "PK11_ParamFromIV" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy( ivBuf ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
|
|
! if( ctx->cipherCtx == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! SECITEM_FreeItem( secParam , PR_TRUE ) ;
|
|
! xmlSecBufferDestroy( ivBuf ) ;
|
|
! return -1 ;
|
|
! }
|
|
|
|
! SECITEM_FreeItem( secParam , PR_TRUE ) ;
|
|
! xmlSecBufferDestroy( ivBuf ) ;
|
|
|
|
! return 0 ;
|
|
}
|
|
|
|
! /**
|
|
! * Block cipher transform update
|
|
! */
|
|
! static int
|
|
! xmlSecNssBlockCipherCtxUpdate(
|
|
! xmlSecNssBlockCipherCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! const xmlChar* cipherName ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! xmlSecSize inSize ;
|
|
! xmlSecSize outSize ;
|
|
! xmlSecSize inBlocks ;
|
|
! int blockSize ;
|
|
! int outLen ;
|
|
! xmlSecByte* outBuf ;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "PK11_GetBlockSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! inSize = xmlSecBufferGetSize( in ) ;
|
|
! outSize = xmlSecBufferGetSize( out ) ;
|
|
!
|
|
! inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
|
|
! inSize = inBlocks * blockSize ;
|
|
!
|
|
! if( inSize < blockSize ) {
|
|
! return 0 ;
|
|
! }
|
|
!
|
|
! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferSetMaxSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! outBuf = xmlSecBufferGetData( out ) + outSize ;
|
|
!
|
|
! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "PK11_CipherOp" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferSetSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
|
|
! return 0 ;
|
|
! }
|
|
|
|
! /**
|
|
! * Block cipher transform final
|
|
! */
|
|
! static int
|
|
! xmlSecNssBlockCipherCtxFinal(
|
|
! xmlSecNssBlockCipherCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! const xmlChar* cipherName ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! xmlSecSize inSize ;
|
|
! xmlSecSize outSize ;
|
|
! int blockSize ;
|
|
! int outLen ;
|
|
! xmlSecByte* inBuf ;
|
|
! xmlSecByte* outBuf ;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "PK11_GetBlockSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! inSize = xmlSecBufferGetSize( in ) ;
|
|
! outSize = xmlSecBufferGetSize( out ) ;
|
|
!
|
|
! /******************************************************************/
|
|
! if( encrypt != 0 ) {
|
|
! xmlSecAssert2( inSize < blockSize, -1 ) ;
|
|
!
|
|
! /* create padding */
|
|
! if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferSetMaxSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! inBuf = xmlSecBufferGetData( in ) ;
|
|
!
|
|
! /* generate random */
|
|
! if( blockSize > ( inSize + 1 ) ) {
|
|
! if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "PK11_GenerateRandom" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! }
|
|
!
|
|
! inBuf[blockSize-1] = blockSize - inSize ;
|
|
! inSize = blockSize ;
|
|
! } else {
|
|
! if( inSize != blockSize ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! }
|
|
!
|
|
! /* process the last block */
|
|
! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferSetMaxSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! outBuf = xmlSecBufferGetData( out ) + outSize ;
|
|
!
|
|
! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "PK11_CipherOp" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( encrypt == 0 ) {
|
|
! /* check padding */
|
|
! if( outLen < outBuf[blockSize-1] ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! outLen -= outBuf[blockSize-1] ;
|
|
! }
|
|
! /******************************************************************/
|
|
!
|
|
! /******************************************************************
|
|
! if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferSetMaxSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! outBuf = xmlSecBufferGetData( out ) + outSize ;
|
|
!
|
|
! if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "PK11_DigestFinal" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! ******************************************************************/
|
|
!
|
|
! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferSetSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( cipherName ) ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! // PK11_Finalize( ctx->cipherCtx ) ;
|
|
! PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ;
|
|
! ctx->cipherCtx = NULL ;
|
|
|
|
! return 0 ;
|
|
}
|
|
|
|
|
|
|
|
+ /**
|
|
+ * xmlSecTransformExecuteMethod:
|
|
+ * @transform: the pointer to transform object.
|
|
+ * @last: the flag: if set to 1 then it's the last data chunk.
|
|
+ * @transformCtx: the pointer to transform context object.
|
|
+ *
|
|
+ * Transform specific method to process a chunk of data.
|
|
+ *
|
|
+ * Returns 0 on success or a negative value otherwise.
|
|
+ */
|
|
static int
|
|
! xmlSecNssBlockCipherExecute(
|
|
! xmlSecTransformPtr transform ,
|
|
! int last ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! xmlSecNssBlockCipherCtxPtr context = NULL ;
|
|
! xmlSecBufferPtr inBuf = NULL ;
|
|
! xmlSecBufferPtr outBuf = NULL ;
|
|
! const xmlChar* cipherName ;
|
|
! int operation ;
|
|
! int rtv ;
|
|
!
|
|
! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
|
|
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
|
|
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! context = xmlSecNssBlockCipherGetCtx( transform ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! inBuf = &( transform->inBuf ) ;
|
|
! outBuf = &( transform->outBuf ) ;
|
|
!
|
|
! if( transform->status == xmlSecTransformStatusNone ) {
|
|
! transform->status = xmlSecTransformStatusWorking ;
|
|
! }
|
|
!
|
|
! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
|
|
! cipherName = xmlSecTransformGetName( transform ) ;
|
|
!
|
|
! if( transform->status == xmlSecTransformStatusWorking ) {
|
|
! if( context->cipherCtx == NULL ) {
|
|
! rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherCtxInit" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! }
|
|
!
|
|
! if( context->cipherCtx == NULL && last != 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "No enough data to intialize transform" ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( context->cipherCtx != NULL ) {
|
|
! rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherCtxUpdate" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! }
|
|
!
|
|
! if( last ) {
|
|
! rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssBlockCipherCtxFinal" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! transform->status = xmlSecTransformStatusFinished ;
|
|
! }
|
|
! } else if( transform->status == xmlSecTransformStatusFinished ) {
|
|
! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "status=%d", transform->status ) ;
|
|
! return -1 ;
|
|
! }
|
|
! } else {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "status=%d", transform->status ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! return 0 ;
|
|
}
|
|
|
|
! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
|
|
! sizeof( xmlSecTransformKlass ) ,
|
|
! xmlSecNssBlockCipherSize ,
|
|
|
|
! xmlSecNameAes128Cbc ,
|
|
! xmlSecHrefAes128Cbc ,
|
|
! xmlSecTransformUsageEncryptionMethod ,
|
|
!
|
|
! xmlSecNssBlockCipherInitialize ,
|
|
! xmlSecNssBlockCipherFinalize ,
|
|
! NULL ,
|
|
! NULL ,
|
|
!
|
|
! xmlSecNssBlockCipherSetKeyReq ,
|
|
! xmlSecNssBlockCipherSetKey ,
|
|
! NULL ,
|
|
! xmlSecTransformDefaultGetDataType ,
|
|
!
|
|
! xmlSecTransformDefaultPushBin ,
|
|
! xmlSecTransformDefaultPopBin ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! xmlSecNssBlockCipherExecute ,
|
|
!
|
|
! NULL ,
|
|
! NULL
|
|
! } ;
|
|
|
|
|
|
! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
|
|
! sizeof( xmlSecTransformKlass ) ,
|
|
! xmlSecNssBlockCipherSize ,
|
|
|
|
! xmlSecNameAes192Cbc ,
|
|
! xmlSecHrefAes192Cbc ,
|
|
! xmlSecTransformUsageEncryptionMethod ,
|
|
!
|
|
! xmlSecNssBlockCipherInitialize ,
|
|
! xmlSecNssBlockCipherFinalize ,
|
|
! NULL ,
|
|
! NULL ,
|
|
!
|
|
! xmlSecNssBlockCipherSetKeyReq ,
|
|
! xmlSecNssBlockCipherSetKey ,
|
|
! NULL ,
|
|
! xmlSecTransformDefaultGetDataType ,
|
|
!
|
|
! xmlSecTransformDefaultPushBin ,
|
|
! xmlSecTransformDefaultPopBin ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! xmlSecNssBlockCipherExecute ,
|
|
!
|
|
! NULL ,
|
|
! NULL
|
|
! } ;
|
|
|
|
|
|
! static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
|
|
! sizeof( xmlSecTransformKlass ) ,
|
|
! xmlSecNssBlockCipherSize ,
|
|
|
|
! xmlSecNameAes256Cbc ,
|
|
! xmlSecHrefAes256Cbc ,
|
|
! xmlSecTransformUsageEncryptionMethod ,
|
|
!
|
|
! xmlSecNssBlockCipherInitialize ,
|
|
! xmlSecNssBlockCipherFinalize ,
|
|
! NULL ,
|
|
! NULL ,
|
|
!
|
|
! xmlSecNssBlockCipherSetKeyReq ,
|
|
! xmlSecNssBlockCipherSetKey ,
|
|
! NULL ,
|
|
! xmlSecTransformDefaultGetDataType ,
|
|
!
|
|
! xmlSecTransformDefaultPushBin ,
|
|
! xmlSecTransformDefaultPopBin ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! xmlSecNssBlockCipherExecute ,
|
|
!
|
|
! NULL ,
|
|
! NULL
|
|
! } ;
|
|
|
|
! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
|
|
! sizeof( xmlSecTransformKlass ) ,
|
|
! xmlSecNssBlockCipherSize ,
|
|
!
|
|
! xmlSecNameDes3Cbc ,
|
|
! xmlSecHrefDes3Cbc ,
|
|
! xmlSecTransformUsageEncryptionMethod ,
|
|
!
|
|
! xmlSecNssBlockCipherInitialize ,
|
|
! xmlSecNssBlockCipherFinalize ,
|
|
! NULL ,
|
|
! NULL ,
|
|
!
|
|
! xmlSecNssBlockCipherSetKeyReq ,
|
|
! xmlSecNssBlockCipherSetKey ,
|
|
! NULL ,
|
|
! xmlSecTransformDefaultGetDataType ,
|
|
!
|
|
! xmlSecTransformDefaultPushBin ,
|
|
! xmlSecTransformDefaultPopBin ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! xmlSecNssBlockCipherExecute ,
|
|
!
|
|
! NULL ,
|
|
! NULL
|
|
! } ;
|
|
|
|
/**
|
|
! * xmlSecNssTransformAes128CbcGetKlass
|
|
! *
|
|
! * Get the AES128_CBC transform klass
|
|
! *
|
|
! * Return AES128_CBC transform klass
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformAes128CbcGetKlass( void ) {
|
|
! return ( &xmlSecNssAes128CbcKlass ) ;
|
|
}
|
|
|
|
/**
|
|
! * xmlSecNssTransformAes192CbcGetKlass
|
|
! *
|
|
! * Get the AES192_CBC transform klass
|
|
! *
|
|
! * Return AES192_CBC transform klass
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformAes192CbcGetKlass( void ) {
|
|
! return ( &xmlSecNssAes192CbcKlass ) ;
|
|
}
|
|
|
|
! /**
|
|
! * xmlSecNssTransformAes256CbcGetKlass
|
|
! *
|
|
! * Get the AES256_CBC transform klass
|
|
! *
|
|
! * Return AES256_CBC transform klass
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformAes256CbcGetKlass( void ) {
|
|
! return ( &xmlSecNssAes256CbcKlass ) ;
|
|
! }
|
|
|
|
! /**
|
|
! * xmlSecNssTransformDes3CbcGetKlass
|
|
*
|
|
! * Get the DES3_CBC transform klass
|
|
! *
|
|
! * Return DES3_CBC transform klass
|
|
*/
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformDes3CbcGetKlass( void ) {
|
|
! return ( &xmlSecNssDes3CbcKlass ) ;
|
|
}
|
|
!
|
|
|
|
*** misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 16:57:25.000000000 +0100
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2005-05-09 19:54:13.204629905 +0200
|
|
***************
|
|
*** 130,135 ****
|
|
--- 130,136 ----
|
|
/**
|
|
* High level routines form xmlsec command line utility
|
|
*/
|
|
+ /*
|
|
gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
|
|
gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
|
|
gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
|
|
***************
|
|
*** 143,152 ****
|
|
gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
|
|
gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
|
|
gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
|
|
! #endif /* XMLSEC_NO_X509 */
|
|
gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
|
|
gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
|
|
gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback;
|
|
|
|
return(gXmlSecNssFunctions);
|
|
}
|
|
--- 144,172 ----
|
|
gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
|
|
gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
|
|
gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
|
|
! #endif
|
|
gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
|
|
gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
|
|
gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback;
|
|
+ */
|
|
+
|
|
+ gXmlSecNssFunctions->cryptoAppInit = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppShutdown = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ;
|
|
+ #ifndef XMLSEC_NO_X509
|
|
+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ;
|
|
+ #endif /* XMLSEC_NO_X509 */
|
|
+ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ;
|
|
+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ;
|
|
|
|
return(gXmlSecNssFunctions);
|
|
}
|
|
*** misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 02:58:15.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/digests.c 2005-05-09 19:54:13.205629821 +0200
|
|
***************
|
|
*** 21,27 ****
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
- #include <xmlsec/nss/app.h>
|
|
#include <xmlsec/nss/crypto.h>
|
|
|
|
#define XMLSEC_NSS_MAX_DIGEST_SIZE 32
|
|
--- 21,26 ----
|
|
***************
|
|
*** 107,113 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SECOID_FindOIDByTag",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
--- 106,112 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SECOID_FindOIDByTag",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
***************
|
|
*** 117,123 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_CreateDigestContext",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
--- 116,122 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_CreateDigestContext",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
***************
|
|
*** 208,214 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestBegin",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
transform->status = xmlSecTransformStatusWorking;
|
|
--- 207,213 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestBegin",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
transform->status = xmlSecTransformStatusWorking;
|
|
***************
|
|
*** 225,231 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestOp",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
--- 224,230 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestOp",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
***************
|
|
*** 246,252 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestFinal",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
xmlSecAssert2(ctx->dgstSize > 0, -1);
|
|
--- 245,251 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestFinal",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
xmlSecAssert2(ctx->dgstSize > 0, -1);
|
|
*** misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 02:58:15.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2005-05-09 19:54:13.206629736 +0200
|
|
***************
|
|
*** 23,30 ****
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
- #include <xmlsec/nss/app.h>
|
|
#include <xmlsec/nss/crypto.h>
|
|
|
|
#define XMLSEC_NSS_MAX_HMAC_SIZE 128
|
|
|
|
--- 23,30 ----
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
+ #include <xmlsec/nss/tokens.h>
|
|
|
|
#define XMLSEC_NSS_MAX_HMAC_SIZE 128
|
|
|
|
***************
|
|
*** 241,253 ****
|
|
keyItem.data = xmlSecBufferGetData(buffer);
|
|
keyItem.len = xmlSecBufferGetSize(buffer);
|
|
|
|
! slot = PK11_GetBestSlot(ctx->digestType, NULL);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! "PK11_GetBestSlot",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
--- 241,253 ----
|
|
keyItem.data = xmlSecBufferGetData(buffer);
|
|
keyItem.len = xmlSecBufferGetSize(buffer);
|
|
|
|
! slot = xmlSecNssSlotGet(ctx->digestType);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! "xmlSecNssSlotGet",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
***************
|
|
*** 258,264 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_ImportSymKey",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
PK11_FreeSlot(slot);
|
|
return(-1);
|
|
}
|
|
--- 258,264 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_ImportSymKey",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
PK11_FreeSlot(slot);
|
|
return(-1);
|
|
}
|
|
***************
|
|
*** 269,275 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_CreateContextBySymKey",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
PK11_FreeSymKey(symKey);
|
|
PK11_FreeSlot(slot);
|
|
return(-1);
|
|
--- 269,275 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_CreateContextBySymKey",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
PK11_FreeSymKey(symKey);
|
|
PK11_FreeSlot(slot);
|
|
return(-1);
|
|
***************
|
|
*** 368,374 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestBegin",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
transform->status = xmlSecTransformStatusWorking;
|
|
--- 368,374 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestBegin",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
transform->status = xmlSecTransformStatusWorking;
|
|
***************
|
|
*** 385,391 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestOp",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
--- 385,391 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestOp",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
***************
|
|
*** 408,414 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestFinal",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
xmlSecAssert2(dgstSize > 0, -1);
|
|
--- 408,414 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"PK11_DigestFinal",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
xmlSecAssert2(dgstSize > 0, -1);
|
|
*** misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 02:58:15.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2005-05-09 19:54:13.209629483 +0200
|
|
***************
|
|
*** 1,119 ****
|
|
/**
|
|
* XMLSec library
|
|
*
|
|
- * Nss keys store that uses Simple Keys Store under the hood. Uses the
|
|
- * Nss DB as a backing store for the finding keys, but the NSS DB is
|
|
- * not written to by the keys store.
|
|
- * So, if store->findkey is done and the key is not found in the simple
|
|
- * keys store, the NSS DB is looked up.
|
|
- * If store is called to adopt a key, that key is not written to the NSS
|
|
- * DB.
|
|
- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
|
|
- * source of keys for xmlsec
|
|
- *
|
|
* This is free software; see Copyright file in the source
|
|
* distribution for precise wording.
|
|
*
|
|
! * Copyright (c) 2003 America Online, Inc. All rights reserved.
|
|
*/
|
|
- #include "globals.h"
|
|
|
|
! #include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
! #include <nss.h>
|
|
! #include <cert.h>
|
|
! #include <pk11func.h>
|
|
! #include <keyhi.h>
|
|
|
|
- #include <libxml/tree.h>
|
|
|
|
#include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/buffer.h>
|
|
! #include <xmlsec/base64.h>
|
|
! #include <xmlsec/errors.h>
|
|
! #include <xmlsec/xmltree.h>
|
|
!
|
|
#include <xmlsec/keysmngr.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
#include <xmlsec/nss/keysstore.h>
|
|
! #include <xmlsec/nss/x509.h>
|
|
#include <xmlsec/nss/pkikeys.h>
|
|
|
|
! /****************************************************************************
|
|
*
|
|
! * Nss Keys Store. Uses Simple Keys Store under the hood
|
|
! *
|
|
! * Simple Keys Store ptr is located after xmlSecKeyStore
|
|
*
|
|
! ***************************************************************************/
|
|
! #define xmlSecNssKeysStoreSize \
|
|
! (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
|
|
!
|
|
! #define xmlSecNssKeysStoreGetSS(store) \
|
|
! ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
|
|
! (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
|
|
! (xmlSecKeyStorePtr*)NULL)
|
|
!
|
|
! static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
|
|
! static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
|
|
! static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
|
|
! const xmlChar* name,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
|
|
! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
|
|
! sizeof(xmlSecKeyStoreKlass),
|
|
! xmlSecNssKeysStoreSize,
|
|
|
|
! /* data */
|
|
! BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
|
|
!
|
|
! /* constructors/destructor */
|
|
! xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
|
|
! xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
|
|
! xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
|
|
!
|
|
! /* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
|
|
! /**
|
|
! * xmlSecNssKeysStoreGetKlass:
|
|
! *
|
|
! * The Nss list based keys store klass.
|
|
*
|
|
! * Returns Nss list based keys store klass.
|
|
*/
|
|
! xmlSecKeyStoreId
|
|
! xmlSecNssKeysStoreGetKlass(void) {
|
|
! return(&xmlSecNssKeysStoreKlass);
|
|
}
|
|
|
|
! /**
|
|
! * xmlSecNssKeysStoreAdoptKey:
|
|
! * @store: the pointer to Nss keys store.
|
|
! * @key: the pointer to key.
|
|
! *
|
|
! * Adds @key to the @store.
|
|
*
|
|
! * Returns 0 on success or a negative value if an error occurs.
|
|
*/
|
|
! int
|
|
! xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
|
|
! xmlSecKeyStorePtr *ss;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
|
|
! xmlSecAssert2((key != NULL), -1);
|
|
|
|
! ss = xmlSecNssKeysStoreGetSS(store);
|
|
! xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
|
|
! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
|
|
|
|
! return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
|
|
}
|
|
|
|
/**
|
|
* xmlSecNssKeysStoreLoad:
|
|
* @store: the pointer to Nss keys store.
|
|
--- 1,518 ----
|
|
/**
|
|
* XMLSec library
|
|
*
|
|
* This is free software; see Copyright file in the source
|
|
* distribution for precise wording.
|
|
*
|
|
! * Copyright................................
|
|
*/
|
|
|
|
! /**
|
|
! * NSS key store uses a key list and a slot list as the key repository. NSS slot
|
|
! * list is a backup repository for the finding keys. If a key is not found from
|
|
! * the key list, the NSS slot list is looked up.
|
|
! *
|
|
! * Any key in the key list will not save to pkcs11 slot. When a store to called
|
|
! * to adopt a key, the key is resident in the key list; While a store to called
|
|
! * to set a is resident in the key list; While a store to called to set a slot
|
|
! * list, which means that the keys in the listed slot can be used for xml sign-
|
|
! * nature or encryption.
|
|
! *
|
|
! * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
|
|
! *
|
|
! * The framework will decrease the user interfaces to administrate xmlSec crypto
|
|
! * engine. He can only focus on NSS layer functions. For examples, after the
|
|
! * user set up a slot list handler to the keys store, he do not need to do any
|
|
! * other work atop xmlSec interfaces, his action on the slot list handler, such
|
|
! * as add a token to, delete a token from the list, will directly effect the key
|
|
! * store behaviors.
|
|
! *
|
|
! * For example, a scenariio:
|
|
! * 0. Create a slot list;( NSS interfaces )
|
|
! * 1. Create a keys store;( xmlSec interfaces )
|
|
! * 2. Set slot list with the keys store;( xmlSec Interfaces )
|
|
! * 3. Add a slot to the slot list;( NSS interfaces )
|
|
! * 4. Perform xml signature; ( xmlSec Interfaces )
|
|
! * 5. Deleter a slot from the slot list;( NSS interfaces )
|
|
! * 6. Perform xml encryption; ( xmlSec Interfaces )
|
|
! * 7. Perform xml signature;( xmlSec Interfaces )
|
|
! * 8. Destroy the keys store;( xmlSec Interfaces )
|
|
! * 8. Destroy the slot list.( NSS Interfaces )
|
|
! */
|
|
!
|
|
! #include "globals.h"
|
|
#include <string.h>
|
|
|
|
! #include <nss.h>
|
|
! #include <pk11func.h>
|
|
! #include <prinit.h>
|
|
! #include <keyhi.h>
|
|
|
|
|
|
#include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/keys.h>
|
|
#include <xmlsec/keysmngr.h>
|
|
+ #include <xmlsec/transforms.h>
|
|
+ #include <xmlsec/xmltree.h>
|
|
+ #include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
#include <xmlsec/nss/keysstore.h>
|
|
! #include <xmlsec/nss/tokens.h>
|
|
! #include <xmlsec/nss/ciphers.h>
|
|
#include <xmlsec/nss/pkikeys.h>
|
|
|
|
! /**
|
|
! * Internal NSS key store context
|
|
*
|
|
! * This context is located after xmlSecKeyStore
|
|
! */
|
|
! typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
|
|
! typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
|
|
!
|
|
! struct _xmlSecNssKeysStoreCtx {
|
|
! xmlSecPtrListPtr keyList ;
|
|
! xmlSecPtrListPtr slotList ;
|
|
! } ;
|
|
!
|
|
! #define xmlSecNssKeysStoreSize \
|
|
! ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
|
|
!
|
|
! #define xmlSecNssKeysStoreGetCtx( data ) \
|
|
! ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
|
|
!
|
|
! int xmlSecNssKeysStoreAdoptKeySlot(
|
|
! xmlSecKeyStorePtr store ,
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) {
|
|
! xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
!
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
|
|
!
|
|
! context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecNssKeysStoreGetCtx" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( context->slotList == NULL ) {
|
|
! if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecPtrListCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! }
|
|
!
|
|
! if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecPtrListCheckId" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecPtrListAdd" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! return 0 ;
|
|
! }
|
|
!
|
|
! int xmlSecNssKeysStoreAdoptKey(
|
|
! xmlSecKeyStorePtr store ,
|
|
! xmlSecKeyPtr key
|
|
! ) {
|
|
! xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
!
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
|
|
!
|
|
! context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecNssKeysStoreGetCtx" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( context->keyList == NULL ) {
|
|
! if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecPtrListCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
! }
|
|
!
|
|
! if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecPtrListCheckId" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecPtrListAdd" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! return 0 ;
|
|
! }
|
|
!
|
|
! /**
|
|
! * xmlSecKeyStoreInitializeMethod:
|
|
! * @store: the store.
|
|
*
|
|
! * Keys store specific initialization method.
|
|
! *
|
|
! * Returns 0 on success or a negative value if an error occurs.
|
|
! */
|
|
! static int
|
|
! xmlSecNssKeysStoreInitialize(
|
|
! xmlSecKeyStorePtr store
|
|
! ) {
|
|
! xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
!
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
|
|
!
|
|
! context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecNssKeysStoreGetCtx" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
|
|
! context->keyList = NULL ;
|
|
! context->slotList = NULL ;
|
|
|
|
! return 0 ;
|
|
! }
|
|
|
|
! /**
|
|
! * xmlSecKeyStoreFinalizeMethod:
|
|
! * @store: the store.
|
|
*
|
|
! * Keys store specific finalization (destroy) method.
|
|
*/
|
|
! void
|
|
! xmlSecNssKeysStoreFinalize(
|
|
! xmlSecKeyStorePtr store
|
|
! ) {
|
|
! xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
!
|
|
! xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
|
|
! xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
|
|
!
|
|
! context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecNssKeysStoreGetCtx" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return ;
|
|
! }
|
|
!
|
|
! if( context->keyList != NULL ) {
|
|
! xmlSecPtrListDestroy( context->keyList ) ;
|
|
! context->keyList = NULL ;
|
|
! }
|
|
!
|
|
! if( context->slotList != NULL ) {
|
|
! xmlSecPtrListDestroy( context->slotList ) ;
|
|
! context->slotList = NULL ;
|
|
! }
|
|
}
|
|
|
|
! xmlSecKeyPtr
|
|
! xmlSecNssKeysStoreFindKeyFromSlot(
|
|
! PK11SlotInfo* slot,
|
|
! const xmlChar* name,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx
|
|
! ) {
|
|
! xmlSecKeyPtr key = NULL ;
|
|
! xmlSecKeyDataPtr data = NULL ;
|
|
! int length ;
|
|
!
|
|
! xmlSecAssert2( slot != NULL , NULL ) ;
|
|
! xmlSecAssert2( name != NULL , NULL ) ;
|
|
! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
|
|
!
|
|
! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
|
|
! PK11SymKey* symKey ;
|
|
! PK11SymKey* curKey ;
|
|
!
|
|
! /* Find symmetric key from the slot by name */
|
|
! symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
|
|
! for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
|
|
! /* Check the key request */
|
|
! length = PK11_GetKeyLength( curKey ) ;
|
|
! length *= 8 ;
|
|
! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
|
|
! ( length > 0 ) &&
|
|
! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
|
|
! continue ;
|
|
!
|
|
! /* We find a eligible key */
|
|
! data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
|
|
! if( data == NULL ) {
|
|
! /* Do nothing */
|
|
! }
|
|
! break ;
|
|
! }
|
|
!
|
|
! /* Destroy the sym key list */
|
|
! for( curKey = symKey ; curKey != NULL ; ) {
|
|
! symKey = curKey ;
|
|
! curKey = PK11_GetNextSymKey( symKey ) ;
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! }
|
|
! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
|
|
! SECKEYPublicKeyList* pubKeyList ;
|
|
! SECKEYPublicKey* pubKey ;
|
|
! SECKEYPublicKeyListNode* curPub ;
|
|
!
|
|
! /* Find asymmetric key from the slot by name */
|
|
! pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
|
|
! pubKey = NULL ;
|
|
! curPub = PUBKEY_LIST_HEAD(pubKeyList);
|
|
! for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
|
|
! /* Check the key request */
|
|
! length = SECKEY_PublicKeyStrength( curPub->key ) ;
|
|
! length *= 8 ;
|
|
! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
|
|
! ( length > 0 ) &&
|
|
! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
|
|
! continue ;
|
|
!
|
|
! /* We find a eligible key */
|
|
! pubKey = curPub->key ;
|
|
! break ;
|
|
! }
|
|
!
|
|
! if( pubKey != NULL ) {
|
|
! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
|
|
! if( data == NULL ) {
|
|
! /* Do nothing */
|
|
! }
|
|
! }
|
|
!
|
|
! /* Destroy the public key list */
|
|
! SECKEY_DestroyPublicKeyList( pubKeyList ) ;
|
|
! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
|
|
! SECKEYPrivateKeyList* priKeyList = NULL ;
|
|
! SECKEYPrivateKey* priKey = NULL ;
|
|
! SECKEYPrivateKeyListNode* curPri ;
|
|
!
|
|
! /* Find asymmetric key from the slot by name */
|
|
! priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
|
|
! priKey = NULL ;
|
|
! curPri = PRIVKEY_LIST_HEAD(priKeyList);
|
|
! for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
|
|
! /* Check the key request */
|
|
! length = PK11_SignatureLen( curPri->key ) ;
|
|
! length *= 8 ;
|
|
! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
|
|
! ( length > 0 ) &&
|
|
! ( length < keyInfoCtx->keyReq.keyBitsSize ) )
|
|
! continue ;
|
|
!
|
|
! /* We find a eligible key */
|
|
! priKey = curPri->key ;
|
|
! break ;
|
|
! }
|
|
!
|
|
! if( priKey != NULL ) {
|
|
! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
|
|
! if( data == NULL ) {
|
|
! /* Do nothing */
|
|
! }
|
|
! }
|
|
!
|
|
! /* Destroy the private key list */
|
|
! SECKEY_DestroyPrivateKeyList( priKeyList ) ;
|
|
! }
|
|
!
|
|
! /* If we have gotten the key value */
|
|
! if( data != NULL ) {
|
|
! if( ( key = xmlSecKeyCreate() ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeyCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! if( xmlSecKeySetValue( key , data ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecKeySetValue" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecKeyDestroy( key ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return NULL ;
|
|
! }
|
|
! }
|
|
!
|
|
! return(key);
|
|
! }
|
|
!
|
|
! /**
|
|
! * xmlSecKeyStoreFindKeyMethod:
|
|
! * @store: the store.
|
|
! * @name: the desired key name.
|
|
! * @keyInfoCtx: the pointer to key info context.
|
|
*
|
|
! * Keys store specific find method. The caller is responsible for destroying
|
|
! * the returned key using #xmlSecKeyDestroy method.
|
|
! *
|
|
! * Returns the pointer to a key or NULL if key is not found or an error occurs.
|
|
*/
|
|
! static xmlSecKeyPtr
|
|
! xmlSecNssKeysStoreFindKey(
|
|
! xmlSecKeyStorePtr store ,
|
|
! const xmlChar* name ,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx
|
|
! ) {
|
|
! xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
! xmlSecKeyPtr key = NULL ;
|
|
! xmlSecNssKeySlotPtr keySlot = NULL ;
|
|
! xmlSecSize pos ;
|
|
! xmlSecSize size ;
|
|
!
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
|
|
! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
|
|
!
|
|
! context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecNssKeysStoreGetCtx" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Look for key at keyList at first.
|
|
! */
|
|
! if( context->keyList != NULL ) {
|
|
! size = xmlSecPtrListGetSize( context->keyList ) ;
|
|
! for( pos = 0 ; pos < size ; pos ++ ) {
|
|
! key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
|
|
! if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
|
|
! return xmlSecKeyDuplicate( key ) ;
|
|
! }
|
|
! }
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Find the key from slotList
|
|
! */
|
|
! if( context->slotList != NULL ) {
|
|
! PK11SlotInfo* slot = NULL ;
|
|
!
|
|
! size = xmlSecPtrListGetSize( context->slotList ) ;
|
|
! for( pos = 0 ; pos < size ; pos ++ ) {
|
|
! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
|
|
! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
|
|
! if( slot == NULL ) {
|
|
! continue ;
|
|
! } else {
|
|
! key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
|
|
! if( key == NULL ) {
|
|
! continue ;
|
|
! } else {
|
|
! return( key ) ;
|
|
! }
|
|
! }
|
|
! }
|
|
! }
|
|
!
|
|
! /*-
|
|
! * Create a session key if we can not find the key from keyList and slotList
|
|
! */
|
|
! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
|
|
! key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
|
|
! if( key == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
! "xmlSecKeySetValue" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! return key ;
|
|
! }
|
|
!
|
|
! /**
|
|
! * We have no way to find the key any more.
|
|
! */
|
|
! return NULL ;
|
|
! }
|
|
|
|
! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
|
|
! sizeof( xmlSecKeyStoreKlass ) ,
|
|
! xmlSecNssKeysStoreSize ,
|
|
! BAD_CAST "implicit_nss_keys_store" ,
|
|
! xmlSecNssKeysStoreInitialize ,
|
|
! xmlSecNssKeysStoreFinalize ,
|
|
! xmlSecNssKeysStoreFindKey ,
|
|
! NULL ,
|
|
! NULL
|
|
! } ;
|
|
|
|
! /**
|
|
! * xmlSecNssKeysStoreGetKlass:
|
|
! *
|
|
! * The simple list based keys store klass.
|
|
! *
|
|
! * Returns simple list based keys store klass.
|
|
! */
|
|
! xmlSecKeyStoreId
|
|
! xmlSecNssKeysStoreGetKlass( void ) {
|
|
! return &xmlSecNssKeysStoreKlass ;
|
|
}
|
|
|
|
+
|
|
+ /**************************
|
|
+ * Application routines
|
|
+ */
|
|
/**
|
|
* xmlSecNssKeysStoreLoad:
|
|
* @store: the pointer to Nss keys store.
|
|
***************
|
|
*** 125,132 ****
|
|
* Returns 0 on success or a negative value if an error occurs.
|
|
*/
|
|
int
|
|
! xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
|
|
! xmlSecKeysMngrPtr keysMngr) {
|
|
xmlDocPtr doc;
|
|
xmlNodePtr root;
|
|
xmlNodePtr cur;
|
|
--- 524,534 ----
|
|
* Returns 0 on success or a negative value if an error occurs.
|
|
*/
|
|
int
|
|
! xmlSecNssKeysStoreLoad(
|
|
! xmlSecKeyStorePtr store,
|
|
! const char *uri,
|
|
! xmlSecKeysMngrPtr keysMngr
|
|
! ) {
|
|
xmlDocPtr doc;
|
|
xmlNodePtr root;
|
|
xmlNodePtr cur;
|
|
***************
|
|
*** 252,505 ****
|
|
*/
|
|
int
|
|
xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
|
|
! xmlSecKeyStorePtr *ss;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
|
|
! xmlSecAssert2((filename != NULL), -1);
|
|
!
|
|
! ss = xmlSecNssKeysStoreGetSS(store);
|
|
! xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
|
|
! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
|
|
!
|
|
! return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
|
|
! xmlSecKeyStorePtr *ss;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
|
|
|
|
! ss = xmlSecNssKeysStoreGetSS(store);
|
|
! xmlSecAssert2((*ss == NULL), -1);
|
|
|
|
! *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
|
|
! if(*ss == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSecKeyStoreCreate",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "xmlSecSimpleKeysStoreId");
|
|
! return(-1);
|
|
}
|
|
-
|
|
- return(0);
|
|
- }
|
|
-
|
|
- static void
|
|
- xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
|
|
- xmlSecKeyStorePtr *ss;
|
|
-
|
|
- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
|
|
-
|
|
- ss = xmlSecNssKeysStoreGetSS(store);
|
|
- xmlSecAssert((ss != NULL) && (*ss != NULL));
|
|
|
|
! xmlSecKeyStoreDestroy(*ss);
|
|
! }
|
|
!
|
|
! static xmlSecKeyPtr
|
|
! xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
! xmlSecKeyStorePtr* ss;
|
|
! xmlSecKeyPtr key = NULL;
|
|
! xmlSecKeyPtr retval = NULL;
|
|
! xmlSecKeyReqPtr keyReq = NULL;
|
|
! CERTCertificate *cert = NULL;
|
|
! SECKEYPublicKey *pubkey = NULL;
|
|
! SECKEYPrivateKey *privkey = NULL;
|
|
! xmlSecKeyDataPtr data = NULL;
|
|
! xmlSecKeyDataPtr x509Data = NULL;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
|
|
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
!
|
|
! ss = xmlSecNssKeysStoreGetSS(store);
|
|
! xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
|
|
!
|
|
! key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
|
|
! if (key != NULL) {
|
|
! return (key);
|
|
! }
|
|
|
|
! /* Try to find the key in the NSS DB, and construct an xmlSecKey.
|
|
! * we must have a name to lookup keys in NSS DB.
|
|
! */
|
|
! if (name == NULL) {
|
|
! goto done;
|
|
! }
|
|
|
|
! /* what type of key are we looking for?
|
|
! * TBD: For now, we'll look only for public/private keys using the
|
|
! * name as a cert nickname. Later on, we can attempt to find
|
|
! * symmetric keys using PK11_FindFixedKey
|
|
! */
|
|
! keyReq = &(keyInfoCtx->keyReq);
|
|
! if (keyReq->keyType &
|
|
! (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
|
|
! cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
|
|
! if (cert == NULL) {
|
|
! goto done;
|
|
! }
|
|
!
|
|
! if (keyReq->keyType & xmlSecKeyDataTypePublic) {
|
|
! pubkey = CERT_ExtractPublicKey(cert);
|
|
! if (pubkey == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CERT_ExtractPublicKey",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
}
|
|
- }
|
|
|
|
! if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
|
|
! privkey = PK11_FindKeyByAnyCert(cert, NULL);
|
|
! if (privkey == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_FindKeyByAnyCert",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
}
|
|
}
|
|
|
|
! data = xmlSecNssPKIAdoptKey(privkey, pubkey);
|
|
! if(data == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssPKIAdoptKey",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
! privkey = NULL;
|
|
! pubkey = NULL;
|
|
!
|
|
! key = xmlSecKeyCreate();
|
|
! if (key == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecKeyCreate",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return (NULL);
|
|
! }
|
|
!
|
|
! x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
|
|
! if(x509Data == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecKeyDataCreate",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "transform=%s",
|
|
! xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
|
|
! goto done;
|
|
! }
|
|
!
|
|
! ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
|
|
! if (ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssKeyDataX509AdoptKeyCert",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "data=%s",
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
|
|
! goto done;
|
|
! }
|
|
! cert = CERT_DupCertificate(cert);
|
|
! if (cert == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CERT_DupCertificate",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "data=%s",
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
|
|
! goto done;
|
|
! }
|
|
!
|
|
! ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
|
|
! if (ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssKeyDataX509AdoptCert",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "data=%s",
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
|
|
! goto done;
|
|
}
|
|
- cert = NULL;
|
|
|
|
! ret = xmlSecKeySetValue(key, data);
|
|
! if (ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecKeySetValue",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "data=%s",
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
|
|
! goto done;
|
|
! }
|
|
! data = NULL;
|
|
|
|
! ret = xmlSecKeyAdoptData(key, x509Data);
|
|
! if (ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecKeyAdoptData",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "data=%s",
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
|
|
! goto done;
|
|
! }
|
|
! x509Data = NULL;
|
|
!
|
|
! retval = key;
|
|
! key = NULL;
|
|
! }
|
|
!
|
|
! done:
|
|
! if (cert != NULL) {
|
|
! CERT_DestroyCertificate(cert);
|
|
! }
|
|
! if (pubkey != NULL) {
|
|
! SECKEY_DestroyPublicKey(pubkey);
|
|
! }
|
|
! if (privkey != NULL) {
|
|
! SECKEY_DestroyPrivateKey(privkey);
|
|
! }
|
|
! if (data != NULL) {
|
|
! xmlSecKeyDataDestroy(data);
|
|
! }
|
|
! if (x509Data != NULL) {
|
|
! xmlSecKeyDataDestroy(x509Data);
|
|
! }
|
|
! if (key != NULL) {
|
|
! xmlSecKeyDestroy(key);
|
|
}
|
|
!
|
|
! /* now that we have a key, make sure it is valid and let the simple
|
|
! * store adopt it */
|
|
! if (retval) {
|
|
! if (xmlSecKeyIsValid(retval)) {
|
|
! ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval);
|
|
! if (ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSecSimpleKeysStoreAdoptKey",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlSecKeyDestroy(retval);
|
|
! retval = NULL;
|
|
! }
|
|
! } else {
|
|
! xmlSecKeyDestroy(retval);
|
|
! retval = NULL;
|
|
! }
|
|
! }
|
|
!
|
|
! return (retval);
|
|
}
|
|
--- 654,800 ----
|
|
*/
|
|
int
|
|
xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
|
|
! xmlSecKeyInfoCtx keyInfoCtx;
|
|
! xmlSecNssKeysStoreCtxPtr context ;
|
|
! xmlSecPtrListPtr list;
|
|
! xmlSecKeyPtr key;
|
|
! xmlSecSize i, keysSize;
|
|
! xmlDocPtr doc;
|
|
! xmlNodePtr cur;
|
|
! xmlSecKeyDataPtr data;
|
|
! xmlSecPtrListPtr idsList;
|
|
! xmlSecKeyDataId dataId;
|
|
! xmlSecSize idsSize, j;
|
|
! int ret;
|
|
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ;
|
|
! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
|
|
! xmlSecAssert2(filename != NULL, -1);
|
|
!
|
|
! context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
! xmlSecAssert2( context != NULL, -1 );
|
|
!
|
|
! list = context->keyList ;
|
|
! xmlSecAssert2( list != NULL, -1 );
|
|
! xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
|
|
|
|
! /* create doc */
|
|
! doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
|
|
! if(doc == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSecCreateTree",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
}
|
|
|
|
! idsList = xmlSecKeyDataIdsGet();
|
|
! xmlSecAssert2(idsList != NULL, -1);
|
|
!
|
|
! keysSize = xmlSecPtrListGetSize(list);
|
|
! idsSize = xmlSecPtrListGetSize(idsList);
|
|
! for(i = 0; i < keysSize; ++i) {
|
|
! key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
|
|
! xmlSecAssert2(key != NULL, -1);
|
|
!
|
|
! cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
|
|
! if(cur == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSecAddChild",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "node=%s",
|
|
! xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
|
|
! xmlFreeDoc(doc);
|
|
! return(-1);
|
|
! }
|
|
|
|
! /* special data key name */
|
|
! if(xmlSecKeyGetName(key) != NULL) {
|
|
! if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSecAddChild",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "node=%s",
|
|
! xmlSecErrorsSafeString(xmlSecNodeKeyName));
|
|
! xmlFreeDoc(doc);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! /* create nodes for other keys data */
|
|
! for(j = 0; j < idsSize; ++j) {
|
|
! dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
|
|
! xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
|
|
|
|
! if(dataId->dataNodeName == NULL) {
|
|
! continue;
|
|
! }
|
|
!
|
|
! data = xmlSecKeyGetData(key, dataId);
|
|
! if(data == NULL) {
|
|
! continue;
|
|
}
|
|
|
|
! if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSecAddChild",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "node=%s",
|
|
! xmlSecErrorsSafeString(dataId->dataNodeName));
|
|
! xmlFreeDoc(doc);
|
|
! return(-1);
|
|
}
|
|
}
|
|
|
|
! ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
|
|
! if(ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSecKeyInfoCtxInitialize",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlFreeDoc(doc);
|
|
! return(-1);
|
|
}
|
|
|
|
! keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
|
|
! keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
|
|
! keyInfoCtx.keyReq.keyType = type;
|
|
! keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
|
|
|
|
! /* finally write key in the node */
|
|
! ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
|
|
! if(ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSecKeyInfoNodeWrite",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
|
|
! xmlFreeDoc(doc);
|
|
! return(-1);
|
|
! }
|
|
! xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
|
|
}
|
|
!
|
|
! /* now write result */
|
|
! ret = xmlSaveFormatFile(filename, doc, 1);
|
|
! if(ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
! "xmlSaveFormatFile",
|
|
! XMLSEC_ERRORS_R_XML_FAILED,
|
|
! "filename=%s",
|
|
! xmlSecErrorsSafeString(filename));
|
|
! xmlFreeDoc(doc);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! xmlFreeDoc(doc);
|
|
! return(0);
|
|
}
|
|
+
|
|
*** misc/xmlsec1-1.2.6/src/nss/keytrans.c 2005-05-09 19:55:57.237855744 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2005-05-09 19:54:13.211629315 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,744 ----
|
|
! /**
|
|
! *
|
|
! * XMLSec library
|
|
! *
|
|
! * AES Algorithm support
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright .................................
|
|
! */
|
|
! #include "globals.h"
|
|
!
|
|
! #include <stdlib.h>
|
|
! #include <stdio.h>
|
|
! #include <string.h>
|
|
!
|
|
! #include <nss.h>
|
|
! #include <pk11func.h>
|
|
! #include <keyhi.h>
|
|
! #include <key.h>
|
|
! #include <hasht.h>
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/xmltree.h>
|
|
! #include <xmlsec/keys.h>
|
|
! #include <xmlsec/transforms.h>
|
|
! #include <xmlsec/errors.h>
|
|
!
|
|
! #include <xmlsec/nss/crypto.h>
|
|
! #include <xmlsec/nss/pkikeys.h>
|
|
! #include <xmlsec/nss/tokens.h>
|
|
!
|
|
! /*********************************************************************
|
|
! *
|
|
! * key transform transforms
|
|
! *
|
|
! ********************************************************************/
|
|
! typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ;
|
|
! typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ;
|
|
!
|
|
! #define xmlSecNssKeyTransportSize \
|
|
! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) )
|
|
!
|
|
! #define xmlSecNssKeyTransportGetCtx( transform ) \
|
|
! ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
|
|
!
|
|
! struct _xmlSecNssKeyTransportCtx {
|
|
! CK_MECHANISM_TYPE cipher ;
|
|
! SECKEYPublicKey* pubkey ;
|
|
! SECKEYPrivateKey* prikey ;
|
|
! xmlSecKeyDataId keyId ;
|
|
! xmlSecBufferPtr material ; /* to be encrypted/decrypted material */
|
|
! } ;
|
|
!
|
|
! static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform);
|
|
! static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform);
|
|
! static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform,
|
|
! xmlSecKeyReqPtr keyReq);
|
|
! static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform,
|
|
! xmlSecKeyPtr key);
|
|
! static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform,
|
|
! int last,
|
|
! xmlSecTransformCtxPtr transformCtx);
|
|
! static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform);
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyTransportCheckId(
|
|
! xmlSecTransformPtr transform
|
|
! ) {
|
|
! #ifndef XMLSEC_NO_RSA
|
|
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) ||
|
|
! xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) {
|
|
!
|
|
! return(1);
|
|
! }
|
|
! #endif /* XMLSEC_NO_RSA */
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) {
|
|
! xmlSecNssKeyTransportCtxPtr context ;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
|
|
!
|
|
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
|
|
! xmlSecAssert2( context != NULL , -1 ) ;
|
|
!
|
|
! #ifndef XMLSEC_NO_RSA
|
|
! if( transform->id == xmlSecNssTransformRsaPkcs1Id ) {
|
|
! context->cipher = CKM_RSA_PKCS ;
|
|
! context->keyId = xmlSecNssKeyDataRsaId ;
|
|
! } else if( transform->id == xmlSecNssTransformRsaOaepId ) {
|
|
! context->cipher = CKM_RSA_PKCS_OAEP ;
|
|
! context->keyId = xmlSecNssKeyDataRsaId ;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_RSA */
|
|
!
|
|
! if( 1 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! context->pubkey = NULL ;
|
|
! context->prikey = NULL ;
|
|
! context->material = NULL ;
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static void
|
|
! xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) {
|
|
! xmlSecNssKeyTransportCtxPtr context ;
|
|
!
|
|
! xmlSecAssert(xmlSecNssKeyTransportCheckId(transform));
|
|
! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize));
|
|
!
|
|
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
|
|
! xmlSecAssert( context != NULL ) ;
|
|
!
|
|
! if( context->pubkey != NULL ) {
|
|
! SECKEY_DestroyPublicKey( context->pubkey ) ;
|
|
! context->pubkey = NULL ;
|
|
! }
|
|
!
|
|
! if( context->prikey != NULL ) {
|
|
! SECKEY_DestroyPrivateKey( context->prikey ) ;
|
|
! context->prikey = NULL ;
|
|
! }
|
|
!
|
|
! if( context->material != NULL ) {
|
|
! xmlSecBufferDestroy(context->material);
|
|
! context->material = NULL ;
|
|
! }
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
|
|
! xmlSecNssKeyTransportCtxPtr context ;
|
|
! xmlSecSize cipherSize = 0 ;
|
|
!
|
|
!
|
|
! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
|
|
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
|
|
! xmlSecAssert2(keyReq != NULL, -1);
|
|
!
|
|
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
|
|
! xmlSecAssert2( context != NULL , -1 ) ;
|
|
!
|
|
! keyReq->keyId = context->keyId;
|
|
! if(transform->operation == xmlSecTransformOperationEncrypt) {
|
|
! keyReq->keyUsage = xmlSecKeyUsageEncrypt;
|
|
! keyReq->keyType = xmlSecKeyDataTypePublic;
|
|
! } else {
|
|
! keyReq->keyUsage = xmlSecKeyUsageDecrypt;
|
|
! keyReq->keyType = xmlSecKeyDataTypePrivate;
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
|
|
! xmlSecNssKeyTransportCtxPtr context = NULL ;
|
|
! xmlSecKeyDataPtr keyData = NULL ;
|
|
! SECKEYPublicKey* pubkey = NULL ;
|
|
! SECKEYPrivateKey* prikey = NULL ;
|
|
!
|
|
! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
|
|
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
|
|
! xmlSecAssert2(key != NULL, -1);
|
|
!
|
|
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
|
|
! if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyTransportGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
|
|
!
|
|
! keyData = xmlSecKeyGetValue( key ) ;
|
|
! if( keyData == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
|
|
! "xmlSecKeyGetValue" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if(transform->operation == xmlSecTransformOperationEncrypt) {
|
|
! if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
|
|
! "xmlSecNssPKIKeyDataGetPubKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! context->pubkey = pubkey ;
|
|
! } else {
|
|
! if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
|
|
! "xmlSecNssPKIKeyDataGetPrivKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! context->prikey = prikey ;
|
|
! }
|
|
!
|
|
! return(0) ;
|
|
! }
|
|
!
|
|
! /**
|
|
! * key wrap transform
|
|
! */
|
|
! static int
|
|
! xmlSecNssKeyTransportCtxInit(
|
|
! xmlSecNssKeyTransportCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! xmlSecSize blockSize ;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! if( ctx->material != NULL ) {
|
|
! xmlSecBufferDestroy( ctx->material ) ;
|
|
! ctx->material = NULL ;
|
|
! }
|
|
!
|
|
! if( ctx->pubkey != NULL ) {
|
|
! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
|
|
! } else if( ctx->prikey != NULL ) {
|
|
! blockSize = PK11_SignatureLen( ctx->prikey ) ;
|
|
! } else {
|
|
! blockSize = -1 ;
|
|
! }
|
|
!
|
|
! if( blockSize < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! ctx->material = xmlSecBufferCreate( blockSize ) ;
|
|
! if( ctx->material == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferCreate" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* read raw key material into context */
|
|
! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferSetData" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! /**
|
|
! * key wrap transform update
|
|
! */
|
|
! static int
|
|
! xmlSecNssKeyTransportCtxUpdate(
|
|
! xmlSecNssKeyTransportCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! /* read raw key material and append into context */
|
|
! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferAppend" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! /**
|
|
! * Block cipher transform final
|
|
! */
|
|
! static int
|
|
! xmlSecNssKeyTransportCtxFinal(
|
|
! xmlSecNssKeyTransportCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! SECKEYPublicKey* targetKey ;
|
|
! PK11SymKey* symKey ;
|
|
! PK11SlotInfo* slot ;
|
|
! SECItem oriskv ;
|
|
! xmlSecSize blockSize ;
|
|
! xmlSecBufferPtr result ;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! /* read raw key material and append into context */
|
|
! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferAppend" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* Now we get all of the key materail */
|
|
! /* from now on we will wrap or unwrap the key */
|
|
! if( ctx->pubkey != NULL ) {
|
|
! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
|
|
! } else if( ctx->prikey != NULL ) {
|
|
! blockSize = PK11_SignatureLen( ctx->prikey ) ;
|
|
! } else {
|
|
! blockSize = -1 ;
|
|
! }
|
|
!
|
|
! if( blockSize < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_GetBlockSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! result = xmlSecBufferCreate( blockSize * 2 ) ;
|
|
! if( result == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferCreate" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! oriskv.type = siBuffer ;
|
|
! oriskv.data = xmlSecBufferGetData( ctx->material ) ;
|
|
! oriskv.len = xmlSecBufferGetSize( ctx->material ) ;
|
|
!
|
|
! if( encrypt != 0 ) {
|
|
! CK_OBJECT_HANDLE id ;
|
|
! SECItem wrpskv ;
|
|
!
|
|
! /* Create template symmetric key from material */
|
|
! if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) {
|
|
! slot = xmlSecNssSlotGet( ctx->cipher ) ;
|
|
! if( slot == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssSlotGet" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ;
|
|
! if( id == CK_INVALID_HANDLE ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_ImportPublicKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! PK11_FreeSlot( slot ) ;
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! /* pay attention to mechanism */
|
|
! symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ;
|
|
! if( symKey == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_ImportSymKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! PK11_FreeSlot( slot ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! wrpskv.type = siBuffer ;
|
|
! wrpskv.data = xmlSecBufferGetData( result ) ;
|
|
! wrpskv.len = xmlSecBufferGetMaxSize( result ) ;
|
|
!
|
|
! if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_PubWrapSymKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! PK11_FreeSlot( slot ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferSetSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! PK11_FreeSlot( slot ) ;
|
|
! return(-1);
|
|
! }
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! PK11_FreeSlot( slot ) ;
|
|
! } else {
|
|
! SECItem* keyItem ;
|
|
! CK_OBJECT_HANDLE id1 ;
|
|
!
|
|
! /* pay attention to mechanism */
|
|
! if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_PubUnwrapSymKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* Extract raw data from symmetric key */
|
|
! if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_ExtractKeyValue" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_GetKeyData" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_PubUnwrapSymKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! }
|
|
!
|
|
! /* Write output */
|
|
! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferAppend" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
! xmlSecBufferDestroy(result);
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
|
|
! xmlSecNssKeyTransportCtxPtr context = NULL ;
|
|
! xmlSecBufferPtr inBuf, outBuf ;
|
|
! int operation ;
|
|
! int rtv ;
|
|
!
|
|
! xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ;
|
|
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ;
|
|
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! context = xmlSecNssKeyTransportGetCtx( transform ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyTransportGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! inBuf = &( transform->inBuf ) ;
|
|
! outBuf = &( transform->outBuf ) ;
|
|
!
|
|
! if( transform->status == xmlSecTransformStatusNone ) {
|
|
! transform->status = xmlSecTransformStatusWorking ;
|
|
! }
|
|
!
|
|
! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
|
|
! if( transform->status == xmlSecTransformStatusWorking ) {
|
|
! if( context->material == NULL ) {
|
|
! rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyTransportCtxInit" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! if( context->material == NULL && last != 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "No enough data to intialize transform" ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( context->material != NULL ) {
|
|
! rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyTransportCtxUpdate" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! if( last ) {
|
|
! rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyTransportCtxFinal" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! transform->status = xmlSecTransformStatusFinished ;
|
|
! }
|
|
! } else if( transform->status == xmlSecTransformStatusFinished ) {
|
|
! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "status=%d", transform->status ) ;
|
|
! return(-1);
|
|
! }
|
|
! } else {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "status=%d", transform->status ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
!
|
|
! #ifndef XMLSEC_NO_RSA
|
|
!
|
|
! static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameRsaPkcs1, /* const xmlChar* name; */
|
|
! xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
!
|
|
! static xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameRsaOaep, /* const xmlChar* name; */
|
|
! xmlSecHrefRsaOaep, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
!
|
|
! /**
|
|
! * xmlSecNssTransformRsaPkcs1GetKlass:
|
|
! *
|
|
! * The RSA-PKCS1 key transport transform klass.
|
|
! *
|
|
! * Returns RSA-PKCS1 key transport transform klass.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformRsaPkcs1GetKlass(void) {
|
|
! return(&xmlSecNssRsaPkcs1Klass);
|
|
! }
|
|
!
|
|
! /**
|
|
! * xmlSecNssTransformRsaOaepGetKlass:
|
|
! *
|
|
! * The RSA-PKCS1 key transport transform klass.
|
|
! *
|
|
! * Returns RSA-PKCS1 key transport transform klass.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformRsaOaepGetKlass(void) {
|
|
! return(&xmlSecNssRsaOaepKlass);
|
|
! }
|
|
!
|
|
! #endif /* XMLSEC_NO_RSA */
|
|
!
|
|
*** misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2005-05-09 19:55:57.250854648 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2005-05-09 19:54:13.215628977 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,1197 ----
|
|
! /**
|
|
! *
|
|
! * XMLSec library
|
|
! *
|
|
! * AES Algorithm support
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright .................................
|
|
! */
|
|
! #include "globals.h"
|
|
!
|
|
! #include <stdlib.h>
|
|
! #include <stdio.h>
|
|
! #include <string.h>
|
|
!
|
|
! #include <nss.h>
|
|
! #include <pk11func.h>
|
|
! #include <hasht.h>
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/xmltree.h>
|
|
! #include <xmlsec/keys.h>
|
|
! #include <xmlsec/transforms.h>
|
|
! #include <xmlsec/errors.h>
|
|
!
|
|
! #include <xmlsec/nss/crypto.h>
|
|
! #include <xmlsec/nss/ciphers.h>
|
|
!
|
|
! #define XMLSEC_NSS_AES128_KEY_SIZE 16
|
|
! #define XMLSEC_NSS_AES192_KEY_SIZE 24
|
|
! #define XMLSEC_NSS_AES256_KEY_SIZE 32
|
|
! #define XMLSEC_NSS_DES3_KEY_SIZE 24
|
|
! #define XMLSEC_NSS_DES3_KEY_LENGTH 24
|
|
! #define XMLSEC_NSS_DES3_IV_LENGTH 8
|
|
! #define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
|
|
!
|
|
! static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
|
|
! 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
|
|
! };
|
|
!
|
|
! /*********************************************************************
|
|
! *
|
|
! * key wrap transforms
|
|
! *
|
|
! ********************************************************************/
|
|
! typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
|
|
! typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
|
|
!
|
|
! #define xmlSecNssKeyWrapSize \
|
|
! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
|
|
!
|
|
! #define xmlSecNssKeyWrapGetCtx( transform ) \
|
|
! ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
|
|
!
|
|
! struct _xmlSecNssKeyWrapCtx {
|
|
! CK_MECHANISM_TYPE cipher ;
|
|
! PK11SymKey* symkey ;
|
|
! xmlSecKeyDataId keyId ;
|
|
! xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
|
|
! } ;
|
|
!
|
|
! static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
|
|
! static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
|
|
! static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
|
|
! xmlSecKeyReqPtr keyReq);
|
|
! static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
|
|
! xmlSecKeyPtr key);
|
|
! static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
|
|
! int last,
|
|
! xmlSecTransformCtxPtr transformCtx);
|
|
! static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyWrapCheckId(
|
|
! xmlSecTransformPtr transform
|
|
! ) {
|
|
! #ifndef XMLSEC_NO_DES
|
|
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
|
|
! return(1);
|
|
! }
|
|
! #endif /* XMLSEC_NO_DES */
|
|
!
|
|
! #ifndef XMLSEC_NO_AES
|
|
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
|
|
! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
|
|
! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
|
|
!
|
|
! return(1);
|
|
! }
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static xmlSecSize
|
|
! xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
|
|
! #ifndef XMLSEC_NO_DES
|
|
! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
|
|
! return(XMLSEC_NSS_DES3_KEY_SIZE);
|
|
! } else
|
|
! #endif /* XMLSEC_NO_DES */
|
|
!
|
|
! #ifndef XMLSEC_NO_AES
|
|
! if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
|
|
! return(XMLSEC_NSS_AES128_KEY_SIZE);
|
|
! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
|
|
! return(XMLSEC_NSS_AES192_KEY_SIZE);
|
|
! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
|
|
! return(XMLSEC_NSS_AES256_KEY_SIZE);
|
|
! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
|
|
! return(XMLSEC_NSS_AES256_KEY_SIZE);
|
|
! } else
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
! if(1)
|
|
! return(0);
|
|
! }
|
|
!
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
|
|
! xmlSecNssKeyWrapCtxPtr context ;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
|
|
!
|
|
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
|
|
! xmlSecAssert2( context != NULL , -1 ) ;
|
|
!
|
|
! #ifndef XMLSEC_NO_DES
|
|
! if( transform->id == xmlSecNssTransformKWDes3Id ) {
|
|
! context->cipher = CKM_DES3_CBC ;
|
|
! context->keyId = xmlSecNssKeyDataDesId ;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_DES */
|
|
!
|
|
! #ifndef XMLSEC_NO_AES
|
|
! if( transform->id == xmlSecNssTransformKWAes128Id ) {
|
|
! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
|
|
! context->cipher = CKM_AES_CBC ;
|
|
! context->keyId = xmlSecNssKeyDataAesId ;
|
|
! } else
|
|
! if( transform->id == xmlSecNssTransformKWAes192Id ) {
|
|
! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
|
|
! context->cipher = CKM_AES_CBC ;
|
|
! context->keyId = xmlSecNssKeyDataAesId ;
|
|
! } else
|
|
! if( transform->id == xmlSecNssTransformKWAes256Id ) {
|
|
! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;
|
|
! context->cipher = CKM_AES_CBC ;
|
|
! context->keyId = xmlSecNssKeyDataAesId ;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
!
|
|
! if( 1 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! context->symkey = NULL ;
|
|
! context->material = NULL ;
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static void
|
|
! xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
|
|
! xmlSecNssKeyWrapCtxPtr context ;
|
|
!
|
|
! xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
|
|
! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
|
|
!
|
|
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
|
|
! xmlSecAssert( context != NULL ) ;
|
|
!
|
|
! if( context->symkey != NULL ) {
|
|
! PK11_FreeSymKey( context->symkey ) ;
|
|
! context->symkey = NULL ;
|
|
! }
|
|
!
|
|
! if( context->material != NULL ) {
|
|
! xmlSecBufferDestroy(context->material);
|
|
! context->material = NULL ;
|
|
! }
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
|
|
! xmlSecNssKeyWrapCtxPtr context ;
|
|
! xmlSecSize cipherSize = 0 ;
|
|
!
|
|
!
|
|
! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
|
|
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
|
|
! xmlSecAssert2(keyReq != NULL, -1);
|
|
!
|
|
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
|
|
! xmlSecAssert2( context != NULL , -1 ) ;
|
|
!
|
|
! keyReq->keyId = context->keyId;
|
|
! keyReq->keyType = xmlSecKeyDataTypeSymmetric;
|
|
! if(transform->operation == xmlSecTransformOperationEncrypt) {
|
|
! keyReq->keyUsage = xmlSecKeyUsageEncrypt;
|
|
! } else {
|
|
! keyReq->keyUsage = xmlSecKeyUsageDecrypt;
|
|
! }
|
|
!
|
|
! keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
|
|
! xmlSecNssKeyWrapCtxPtr context = NULL ;
|
|
! xmlSecKeyDataPtr keyData = NULL ;
|
|
! PK11SymKey* symkey = NULL ;
|
|
!
|
|
! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
|
|
! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
|
|
! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
|
|
! xmlSecAssert2(key != NULL, -1);
|
|
!
|
|
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
|
|
! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyWrapGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
|
|
!
|
|
! keyData = xmlSecKeyGetValue( key ) ;
|
|
! if( keyData == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
|
|
! "xmlSecKeyGetValue" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
|
|
! "xmlSecNssSymKeyDataGetKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! context->symkey = symkey ;
|
|
!
|
|
! return(0) ;
|
|
! }
|
|
!
|
|
! /**
|
|
! * key wrap transform
|
|
! */
|
|
! static int
|
|
! xmlSecNssKeyWrapCtxInit(
|
|
! xmlSecNssKeyWrapCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! xmlSecSize blockSize ;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! if( ctx->material != NULL ) {
|
|
! xmlSecBufferDestroy( ctx->material ) ;
|
|
! ctx->material = NULL ;
|
|
! }
|
|
!
|
|
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_GetBlockSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! ctx->material = xmlSecBufferCreate( blockSize ) ;
|
|
! if( ctx->material == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferCreate" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* read raw key material into context */
|
|
! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferSetData" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! /**
|
|
! * key wrap transform update
|
|
! */
|
|
! static int
|
|
! xmlSecNssKeyWrapCtxUpdate(
|
|
! xmlSecNssKeyWrapCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! /* read raw key material and append into context */
|
|
! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferAppend" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
|
|
! xmlSecSize s;
|
|
! xmlSecSize i;
|
|
! xmlSecByte c;
|
|
!
|
|
! xmlSecAssert2(buf != NULL, -1);
|
|
!
|
|
! s = size / 2;
|
|
! --size;
|
|
! for(i = 0; i < s; ++i) {
|
|
! c = buf[i];
|
|
! buf[i] = buf[size - i];
|
|
! buf[size - i] = c;
|
|
! }
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static xmlSecByte *
|
|
! xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
|
|
! xmlSecByte *out, xmlSecSize outSize)
|
|
! {
|
|
! PK11Context *context = NULL;
|
|
! SECStatus s;
|
|
! xmlSecByte *digest = NULL;
|
|
! unsigned int len;
|
|
!
|
|
! xmlSecAssert2(in != NULL, NULL);
|
|
! xmlSecAssert2(out != NULL, NULL);
|
|
! xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
|
|
!
|
|
! /* Create a context for hashing (digesting) */
|
|
! context = PK11_CreateDigestContext(SEC_OID_SHA1);
|
|
! if (context == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_CreateDigestContext",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code = %d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
!
|
|
! s = PK11_DigestBegin(context);
|
|
! if (s != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_DigestBegin",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code = %d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
!
|
|
! s = PK11_DigestOp(context, in, inSize);
|
|
! if (s != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_DigestOp",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code = %d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
!
|
|
! s = PK11_DigestFinal(context, out, &len, outSize);
|
|
! if (s != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_DigestFinal",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code = %d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
! xmlSecAssert2(len == SHA1_LENGTH, NULL);
|
|
!
|
|
! digest = out;
|
|
!
|
|
! done:
|
|
! if (context != NULL) {
|
|
! PK11_DestroyContext(context, PR_TRUE);
|
|
! }
|
|
! return (digest);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKWDes3Encrypt(
|
|
! PK11SymKey* symKey ,
|
|
! CK_MECHANISM_TYPE cipherMech ,
|
|
! const xmlSecByte* iv ,
|
|
! xmlSecSize ivSize ,
|
|
! const xmlSecByte* in ,
|
|
! xmlSecSize inSize ,
|
|
! xmlSecByte* out ,
|
|
! xmlSecSize outSize ,
|
|
! int enc
|
|
! ) {
|
|
! PK11Context* EncContext = NULL;
|
|
! SECItem ivItem ;
|
|
! SECItem* secParam = NULL ;
|
|
! int tmp1_outlen;
|
|
! unsigned int tmp2_outlen;
|
|
! int result_len = -1;
|
|
! SECStatus rv;
|
|
!
|
|
! xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( symKey != NULL , -1 ) ;
|
|
! xmlSecAssert2(iv != NULL, -1);
|
|
! xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
|
|
! xmlSecAssert2(in != NULL, -1);
|
|
! xmlSecAssert2(inSize > 0, -1);
|
|
! xmlSecAssert2(out != NULL, -1);
|
|
! xmlSecAssert2(outSize >= inSize, -1);
|
|
!
|
|
! /* Prepare IV */
|
|
! ivItem.data = ( unsigned char* )iv ;
|
|
! ivItem.len = ivSize ;
|
|
!
|
|
! secParam = PK11_ParamFromIV(cipherMech, &ivItem);
|
|
! if (secParam == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_ParamFromIV",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "Error code = %d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
!
|
|
! EncContext = PK11_CreateContextBySymKey(cipherMech,
|
|
! enc ? CKA_ENCRYPT : CKA_DECRYPT,
|
|
! symKey, secParam);
|
|
! if (EncContext == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_CreateContextBySymKey",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "Error code = %d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
!
|
|
! tmp1_outlen = tmp2_outlen = 0;
|
|
! rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
|
|
! (unsigned char *)in, inSize);
|
|
! if (rv != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_CipherOp",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "Error code = %d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
!
|
|
! rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
|
|
! &tmp2_outlen, outSize-tmp1_outlen);
|
|
! if (rv != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_DigestFinal",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "Error code = %d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
!
|
|
! result_len = tmp1_outlen + tmp2_outlen;
|
|
!
|
|
! done:
|
|
! if (secParam) {
|
|
! SECITEM_FreeItem(secParam, PR_TRUE);
|
|
! }
|
|
! if (EncContext) {
|
|
! PK11_DestroyContext(EncContext, PR_TRUE);
|
|
! }
|
|
!
|
|
! return(result_len);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyWrapDesOp(
|
|
! xmlSecNssKeyWrapCtxPtr ctx ,
|
|
! int encrypt ,
|
|
! xmlSecBufferPtr result
|
|
! ) {
|
|
! xmlSecByte sha1[SHA1_LENGTH];
|
|
! xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
|
|
! xmlSecByte* in;
|
|
! xmlSecSize inSize;
|
|
! xmlSecByte* out;
|
|
! xmlSecSize outSize;
|
|
! xmlSecSize s;
|
|
! int ret;
|
|
! SECStatus status;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
|
|
! xmlSecAssert2( result != NULL , -1 ) ;
|
|
!
|
|
! in = xmlSecBufferGetData(ctx->material);
|
|
! inSize = xmlSecBufferGetSize(ctx->material) ;
|
|
! out = xmlSecBufferGetData(result);
|
|
! outSize = xmlSecBufferGetMaxSize(result) ;
|
|
! if( encrypt ) {
|
|
! /* step 2: calculate sha1 and CMS */
|
|
! if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssComputeSHA1",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* step 3: construct WKCKS */
|
|
! memcpy(out, in, inSize);
|
|
! memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
|
|
!
|
|
! /* step 4: generate random iv */
|
|
! status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
|
|
! if(status != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PK11_GenerateRandom",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code = %d", PORT_GetError());
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* step 5: first encryption, result is TEMP1 */
|
|
! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
|
|
! iv, XMLSEC_NSS_DES3_IV_LENGTH,
|
|
! out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
|
|
! out, outSize, 1);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssKWDes3Encrypt",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* step 6: construct TEMP2=IV || TEMP1 */
|
|
! memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
|
|
! inSize + XMLSEC_NSS_DES3_IV_LENGTH);
|
|
! memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
|
|
! s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
|
|
!
|
|
! /* step 7: reverse octets order, result is TEMP3 */
|
|
! ret = xmlSecNssKWDes3BufferReverse(out, s);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssKWDes3BufferReverse",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* step 8: second encryption with static IV */
|
|
! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
|
|
! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
|
|
! out, s,
|
|
! out, outSize, 1);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssKWDes3Encrypt",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! s = ret;
|
|
!
|
|
! if( xmlSecBufferSetSize( result , s ) < 0 ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBufferSetSize",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! } else {
|
|
! /* step 2: first decryption with static IV, result is TEMP3 */
|
|
! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
|
|
! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
|
|
! in, inSize,
|
|
! out, outSize, 0);
|
|
! if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssKWDes3Encrypt",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! s = ret;
|
|
!
|
|
! /* step 3: reverse octets order in TEMP3, result is TEMP2 */
|
|
! ret = xmlSecNssKWDes3BufferReverse(out, s);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssKWDes3BufferReverse",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
|
|
! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
|
|
! out, XMLSEC_NSS_DES3_IV_LENGTH,
|
|
! out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
|
|
! out, outSize, 0);
|
|
! if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssKWDes3Encrypt",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
|
|
!
|
|
! /* steps 6 and 7: calculate SHA1 and validate it */
|
|
! if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssComputeSHA1",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "SHA1 does not match");
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferSetSize( result , s ) < 0 ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBufferSetSize",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyWrapAesOp(
|
|
! xmlSecNssKeyWrapCtxPtr ctx ,
|
|
! int encrypt ,
|
|
! xmlSecBufferPtr result
|
|
! ) {
|
|
! PK11Context* cipherCtx = NULL;
|
|
! SECItem ivItem ;
|
|
! SECItem* secParam = NULL ;
|
|
! xmlSecSize inSize ;
|
|
! xmlSecSize inBlocks ;
|
|
! int blockSize ;
|
|
! int midSize ;
|
|
! int finSize ;
|
|
! xmlSecByte* out ;
|
|
! xmlSecSize outSize;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
|
|
! xmlSecAssert2( result != NULL , -1 ) ;
|
|
!
|
|
! /* Do not set any IV */
|
|
! memset(&ivItem, 0, sizeof(ivItem));
|
|
!
|
|
! /* Get block size */
|
|
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_GetBlockSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! inSize = xmlSecBufferGetSize( ctx->material ) ;
|
|
! if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferSetMaxSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* Get Param for context initialization */
|
|
! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_ParamFromIV" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
|
|
! if( cipherCtx == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_CreateContextBySymKey" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! SECITEM_FreeItem( secParam , PR_TRUE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! out = xmlSecBufferGetData(result) ;
|
|
! outSize = xmlSecBufferGetMaxSize(result) ;
|
|
! if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_CipherOp" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_DigestFinal" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferSetSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return 0 ;
|
|
! }
|
|
!
|
|
! /**
|
|
! * Block cipher transform final
|
|
! */
|
|
! static int
|
|
! xmlSecNssKeyWrapCtxFinal(
|
|
! xmlSecNssKeyWrapCtxPtr ctx ,
|
|
! xmlSecBufferPtr in ,
|
|
! xmlSecBufferPtr out ,
|
|
! int encrypt ,
|
|
! xmlSecTransformCtxPtr transformCtx
|
|
! ) {
|
|
! PK11SymKey* targetKey ;
|
|
! xmlSecSize blockSize ;
|
|
! xmlSecBufferPtr result ;
|
|
!
|
|
! xmlSecAssert2( ctx != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
|
|
! xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
|
|
! xmlSecAssert2( ctx->material != NULL , -1 ) ;
|
|
! xmlSecAssert2( in != NULL , -1 ) ;
|
|
! xmlSecAssert2( out != NULL , -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! /* read raw key material and append into context */
|
|
! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferAppend" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferRemoveHead" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* Now we get all of the key materail */
|
|
! /* from now on we will wrap or unwrap the key */
|
|
! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "PK11_GetBlockSize" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! result = xmlSecBufferCreate( blockSize ) ;
|
|
! if( result == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferCreate" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! switch( ctx->cipher ) {
|
|
! case CKM_DES3_CBC :
|
|
! if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssKeyWrapDesOp" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
! break ;
|
|
! // case CKM_NETSCAPE_AES_KEY_WRAP :
|
|
! case CKM_AES_CBC :
|
|
! if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecNssKeyWrapAesOp" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
! break ;
|
|
! }
|
|
!
|
|
! /* Write output */
|
|
! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! "xmlSecBufferAppend" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecBufferDestroy(result);
|
|
! return(-1);
|
|
! }
|
|
! xmlSecBufferDestroy(result);
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! static int
|
|
! xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
|
|
! xmlSecNssKeyWrapCtxPtr context = NULL ;
|
|
! xmlSecBufferPtr inBuf, outBuf ;
|
|
! int operation ;
|
|
! int rtv ;
|
|
!
|
|
! xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
|
|
! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
|
|
! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
|
|
! xmlSecAssert2( transformCtx != NULL , -1 ) ;
|
|
!
|
|
! context = xmlSecNssKeyWrapGetCtx( transform ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyWrapGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! inBuf = &( transform->inBuf ) ;
|
|
! outBuf = &( transform->outBuf ) ;
|
|
!
|
|
! if( transform->status == xmlSecTransformStatusNone ) {
|
|
! transform->status = xmlSecTransformStatusWorking ;
|
|
! }
|
|
!
|
|
! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
|
|
! if( transform->status == xmlSecTransformStatusWorking ) {
|
|
! if( context->material == NULL ) {
|
|
! rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyWrapCtxInit" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! if( context->material == NULL && last != 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "No enough data to intialize transform" ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! if( context->material != NULL ) {
|
|
! rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyWrapCtxUpdate" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! if( last ) {
|
|
! rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
|
|
! if( rtv < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! "xmlSecNssKeyWrapCtxFinal" ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! transform->status = xmlSecTransformStatusFinished ;
|
|
! }
|
|
! } else if( transform->status == xmlSecTransformStatusFinished ) {
|
|
! if( xmlSecBufferGetSize( inBuf ) != 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "status=%d", transform->status ) ;
|
|
! return(-1);
|
|
! }
|
|
! } else {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_INVALID_STATUS ,
|
|
! "status=%d", transform->status ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! #ifndef XMLSEC_NO_AES
|
|
!
|
|
!
|
|
! static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameKWAes128, /* const xmlChar* name; */
|
|
! xmlSecHrefKWAes128, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
!
|
|
! static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameKWAes192, /* const xmlChar* name; */
|
|
! xmlSecHrefKWAes192, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
!
|
|
! static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameKWAes256, /* const xmlChar* name; */
|
|
! xmlSecHrefKWAes256, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
!
|
|
! /**
|
|
! * xmlSecNssTransformKWAes128GetKlass:
|
|
! *
|
|
! * The AES-128 key wrapper transform klass.
|
|
! *
|
|
! * Returns AES-128 key wrapper transform klass.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformKWAes128GetKlass(void) {
|
|
! return(&xmlSecNssKWAes128Klass);
|
|
! }
|
|
!
|
|
! /**
|
|
! * xmlSecNssTransformKWAes192GetKlass:
|
|
! *
|
|
! * The AES-192 key wrapper transform klass.
|
|
! *
|
|
! * Returns AES-192 key wrapper transform klass.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformKWAes192GetKlass(void) {
|
|
! return(&xmlSecNssKWAes192Klass);
|
|
! }
|
|
!
|
|
! /**
|
|
! *
|
|
! * The AES-256 key wrapper transform klass.
|
|
! *
|
|
! * Returns AES-256 key wrapper transform klass.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformKWAes256GetKlass(void) {
|
|
! return(&xmlSecNssKWAes256Klass);
|
|
! }
|
|
!
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
!
|
|
! #ifndef XMLSEC_NO_DES
|
|
!
|
|
! static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
|
|
! /* klass/object sizes */
|
|
! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
|
|
! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
|
|
!
|
|
! xmlSecNameKWDes3, /* const xmlChar* name; */
|
|
! xmlSecHrefKWDes3, /* const xmlChar* href; */
|
|
! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
|
|
!
|
|
! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
|
|
! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
|
|
! NULL, /* xmlSecTransformNodeReadMethod readNode; */
|
|
! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
|
|
! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
|
|
! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
|
|
! NULL, /* xmlSecTransformValidateMethod validate; */
|
|
! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
|
|
! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
|
|
! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
|
|
! NULL, /* xmlSecTransformPushXmlMethod pushXml; */
|
|
! NULL, /* xmlSecTransformPopXmlMethod popXml; */
|
|
! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
|
|
!
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
! };
|
|
!
|
|
! /**
|
|
! * xmlSecNssTransformKWDes3GetKlass:
|
|
! *
|
|
! * The Triple DES key wrapper transform klass.
|
|
! *
|
|
! * Returns Triple DES key wrapper transform klass.
|
|
! */
|
|
! xmlSecTransformId
|
|
! xmlSecNssTransformKWDes3GetKlass(void) {
|
|
! return(&xmlSecNssKWDes3Klass);
|
|
! }
|
|
!
|
|
! #endif /* XMLSEC_NO_DES */
|
|
!
|
|
*** misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 11:43:03.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2005-05-09 19:54:13.215628977 +0200
|
|
***************
|
|
*** 20,40 ****
|
|
$(NULL)
|
|
|
|
libxmlsec1_nss_la_SOURCES =\
|
|
app.c \
|
|
bignum.c \
|
|
ciphers.c \
|
|
crypto.c \
|
|
digests.c \
|
|
hmac.c \
|
|
pkikeys.c \
|
|
signatures.c \
|
|
symkeys.c \
|
|
x509.c \
|
|
x509vfy.c \
|
|
- keysstore.c \
|
|
- kt_rsa.c \
|
|
- kw_des.c \
|
|
- kw_aes.c \
|
|
$(NULL)
|
|
|
|
libxmlsec1_nss_la_LIBADD = \
|
|
--- 20,41 ----
|
|
$(NULL)
|
|
|
|
libxmlsec1_nss_la_SOURCES =\
|
|
+ akmngr.c \
|
|
app.c \
|
|
bignum.c \
|
|
ciphers.c \
|
|
crypto.c \
|
|
digests.c \
|
|
hmac.c \
|
|
+ keysstore.c \
|
|
+ keytrans.c \
|
|
+ keywrapers.c \
|
|
pkikeys.c \
|
|
signatures.c \
|
|
symkeys.c \
|
|
+ tokens.c \
|
|
x509.c \
|
|
x509vfy.c \
|
|
$(NULL)
|
|
|
|
libxmlsec1_nss_la_LIBADD = \
|
|
*** misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 08:00:32.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2005-05-09 19:54:51.856370203 +0200
|
|
***************
|
|
*** 54,62 ****
|
|
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
|
|
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
|
|
am__objects_1 =
|
|
! am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \
|
|
digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \
|
|
! x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \
|
|
$(am__objects_1)
|
|
libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
|
|
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
|
|
--- 54,62 ----
|
|
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
|
|
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
|
|
am__objects_1 =
|
|
! am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \
|
|
digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \
|
|
! x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \
|
|
$(am__objects_1)
|
|
libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
|
|
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
|
|
***************
|
|
*** 65,75 ****
|
|
@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \
|
|
@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
|
|
@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \
|
|
! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \
|
|
! @AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \
|
|
@AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \
|
|
@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
|
|
! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo
|
|
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
|
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
|
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
|
|
--- 65,75 ----
|
|
@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \
|
|
@AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \
|
|
@AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \
|
|
! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \
|
|
! @AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \
|
|
@AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \
|
|
@AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \
|
|
! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo
|
|
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
|
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
|
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
|
|
***************
|
|
*** 321,341 ****
|
|
$(NULL)
|
|
|
|
libxmlsec1_nss_la_SOURCES = \
|
|
app.c \
|
|
bignum.c \
|
|
ciphers.c \
|
|
crypto.c \
|
|
digests.c \
|
|
hmac.c \
|
|
pkikeys.c \
|
|
signatures.c \
|
|
symkeys.c \
|
|
x509.c \
|
|
x509vfy.c \
|
|
- keysstore.c \
|
|
- kt_rsa.c \
|
|
- kw_des.c \
|
|
- kw_aes.c \
|
|
$(NULL)
|
|
|
|
libxmlsec1_nss_la_LIBADD = \
|
|
--- 321,342 ----
|
|
$(NULL)
|
|
|
|
libxmlsec1_nss_la_SOURCES = \
|
|
+ akmngr.c \
|
|
app.c \
|
|
bignum.c \
|
|
ciphers.c \
|
|
crypto.c \
|
|
digests.c \
|
|
hmac.c \
|
|
+ keysstore.c \
|
|
+ keytrans.c \
|
|
+ keywrappers.c \
|
|
pkikeys.c \
|
|
signatures.c \
|
|
symkeys.c \
|
|
+ tokens.c \
|
|
x509.c \
|
|
x509vfy.c \
|
|
$(NULL)
|
|
|
|
libxmlsec1_nss_la_LIBADD = \
|
|
***************
|
|
*** 418,423 ****
|
|
--- 419,425 ----
|
|
distclean-compile:
|
|
-rm -f *.tab.c
|
|
|
|
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@
|
|
***************
|
|
*** 425,433 ****
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
|
|
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@
|
|
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@
|
|
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
|
|
--- 427,435 ----
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@
|
|
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@
|
|
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@
|
|
! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@
|
|
*** misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 06:06:45.000000000 +0100
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2005-05-09 19:54:13.227627965 +0200
|
|
***************
|
|
*** 5,10 ****
|
|
--- 5,11 ----
|
|
* distribution for preciese wording.
|
|
*
|
|
* Copyright (c) 2003 America Online, Inc. All rights reserved.
|
|
+ * Copyright ...........................
|
|
*/
|
|
#include "globals.h"
|
|
|
|
***************
|
|
*** 24,29 ****
|
|
--- 25,31 ----
|
|
#include <xmlsec/nss/crypto.h>
|
|
#include <xmlsec/nss/bignum.h>
|
|
#include <xmlsec/nss/pkikeys.h>
|
|
+ #include <xmlsec/nss/tokens.h>
|
|
|
|
/**************************************************************************
|
|
*
|
|
***************
|
|
*** 98,111 ****
|
|
{
|
|
xmlSecAssert(ctx != NULL);
|
|
if (ctx->privkey != NULL) {
|
|
! SECKEY_DestroyPrivateKey(ctx->privkey);
|
|
! ctx->privkey = NULL;
|
|
}
|
|
|
|
! if (ctx->pubkey)
|
|
! {
|
|
! SECKEY_DestroyPublicKey(ctx->pubkey);
|
|
! ctx->pubkey = NULL;
|
|
}
|
|
|
|
}
|
|
--- 100,112 ----
|
|
{
|
|
xmlSecAssert(ctx != NULL);
|
|
if (ctx->privkey != NULL) {
|
|
! SECKEY_DestroyPrivateKey(ctx->privkey);
|
|
! ctx->privkey = NULL;
|
|
}
|
|
|
|
! if (ctx->pubkey) {
|
|
! SECKEY_DestroyPublicKey(ctx->pubkey);
|
|
! ctx->pubkey = NULL;
|
|
}
|
|
|
|
}
|
|
***************
|
|
*** 115,143 ****
|
|
xmlSecNssPKIKeyDataCtxPtr ctxSrc)
|
|
{
|
|
xmlSecNSSPKIKeyDataCtxFree(ctxDst);
|
|
if (ctxSrc->privkey != NULL) {
|
|
! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
|
|
! if(ctxDst->privkey == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "SECKEY_CopyPrivateKey",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
}
|
|
|
|
if (ctxSrc->pubkey != NULL) {
|
|
! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
|
|
! if(ctxDst->pubkey == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "SECKEY_CopyPublicKey",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
}
|
|
return (0);
|
|
}
|
|
|
|
--- 116,147 ----
|
|
xmlSecNssPKIKeyDataCtxPtr ctxSrc)
|
|
{
|
|
xmlSecNSSPKIKeyDataCtxFree(ctxDst);
|
|
+ ctxDst->privkey = NULL ;
|
|
+ ctxDst->pubkey = NULL ;
|
|
if (ctxSrc->privkey != NULL) {
|
|
! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
|
|
! if(ctxDst->privkey == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "SECKEY_CopyPrivateKey",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! return(-1);
|
|
! }
|
|
}
|
|
|
|
if (ctxSrc->pubkey != NULL) {
|
|
! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
|
|
! if(ctxDst->pubkey == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "SECKEY_CopyPublicKey",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! return(-1);
|
|
! }
|
|
}
|
|
+
|
|
return (0);
|
|
}
|
|
|
|
***************
|
|
*** 147,166 ****
|
|
SECKEYPublicKey *pubkey)
|
|
{
|
|
xmlSecNssPKIKeyDataCtxPtr ctx;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
|
|
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
if (ctx->privkey) {
|
|
! SECKEY_DestroyPrivateKey(ctx->privkey);
|
|
}
|
|
ctx->privkey = privkey;
|
|
|
|
if (ctx->pubkey) {
|
|
! SECKEY_DestroyPublicKey(ctx->pubkey);
|
|
}
|
|
ctx->pubkey = pubkey;
|
|
|
|
--- 151,191 ----
|
|
SECKEYPublicKey *pubkey)
|
|
{
|
|
xmlSecNssPKIKeyDataCtxPtr ctx;
|
|
+ KeyType pubType = nullKey ;
|
|
+ KeyType priType = nullKey ;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
|
|
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
|
|
|
|
+ if( privkey != NULL ) {
|
|
+ priType = SECKEY_GetPrivateKeyType( privkey ) ;
|
|
+ }
|
|
+
|
|
+ if( pubkey != NULL ) {
|
|
+ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
|
|
+ }
|
|
+
|
|
+ if( priType != nullKey && pubType != nullKey ) {
|
|
+ if( pubType != priType ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ NULL ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ "different type of private and public key" ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+ }
|
|
+
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
if (ctx->privkey) {
|
|
! SECKEY_DestroyPrivateKey(ctx->privkey);
|
|
}
|
|
ctx->privkey = privkey;
|
|
|
|
if (ctx->pubkey) {
|
|
! SECKEY_DestroyPublicKey(ctx->pubkey);
|
|
}
|
|
ctx->pubkey = pubkey;
|
|
|
|
***************
|
|
*** 183,243 ****
|
|
{
|
|
xmlSecKeyDataPtr data = NULL;
|
|
int ret;
|
|
! KeyType kt;
|
|
!
|
|
! if (pubkey != NULL) {
|
|
! kt = SECKEY_GetPublicKeyType(pubkey);
|
|
! } else {
|
|
! kt = SECKEY_GetPrivateKeyType(privkey);
|
|
! pubkey = SECKEY_ConvertToPublicKey(privkey);
|
|
! }
|
|
|
|
! switch(kt) {
|
|
#ifndef XMLSEC_NO_RSA
|
|
case rsaKey:
|
|
! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
|
|
! if(data == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecKeyDataCreate",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "xmlSecNssKeyDataRsaId");
|
|
! return(NULL);
|
|
! }
|
|
! break;
|
|
#endif /* XMLSEC_NO_RSA */
|
|
#ifndef XMLSEC_NO_DSA
|
|
case dsaKey:
|
|
! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
|
|
! if(data == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecKeyDataCreate",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "xmlSecNssKeyDataDsaId");
|
|
! return(NULL);
|
|
! }
|
|
! break;
|
|
#endif /* XMLSEC_NO_DSA */
|
|
default:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
NULL,
|
|
XMLSEC_ERRORS_R_INVALID_TYPE,
|
|
! "PKI key type %d not supported", kt);
|
|
! return(NULL);
|
|
}
|
|
|
|
xmlSecAssert2(data != NULL, NULL);
|
|
ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
|
|
if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
"xmlSecNssPKIKeyDataAdoptKey",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlSecKeyDataDestroy(data);
|
|
! return(NULL);
|
|
}
|
|
return(data);
|
|
}
|
|
--- 208,282 ----
|
|
{
|
|
xmlSecKeyDataPtr data = NULL;
|
|
int ret;
|
|
! KeyType pubType = nullKey ;
|
|
! KeyType priType = nullKey ;
|
|
|
|
! if( privkey != NULL ) {
|
|
! priType = SECKEY_GetPrivateKeyType( privkey ) ;
|
|
! }
|
|
!
|
|
! if( pubkey != NULL ) {
|
|
! pubType = SECKEY_GetPublicKeyType( pubkey ) ;
|
|
! }
|
|
!
|
|
! if( priType != nullKey && pubType != nullKey ) {
|
|
! if( pubType != priType ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! "different type of private and public key" ) ;
|
|
! return( NULL ) ;
|
|
! }
|
|
! }
|
|
!
|
|
! pubType = priType != nullKey ? priType : pubType ;
|
|
! switch(pubType) {
|
|
#ifndef XMLSEC_NO_RSA
|
|
case rsaKey:
|
|
! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
|
|
! if(data == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecKeyDataCreate",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "xmlSecNssKeyDataRsaId");
|
|
! return(NULL);
|
|
! }
|
|
! break;
|
|
#endif /* XMLSEC_NO_RSA */
|
|
#ifndef XMLSEC_NO_DSA
|
|
case dsaKey:
|
|
! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
|
|
! if(data == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecKeyDataCreate",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "xmlSecNssKeyDataDsaId");
|
|
! return(NULL);
|
|
! }
|
|
! break;
|
|
#endif /* XMLSEC_NO_DSA */
|
|
default:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
NULL,
|
|
XMLSEC_ERRORS_R_INVALID_TYPE,
|
|
! "PKI key type %d not supported", pubType);
|
|
! return(NULL);
|
|
}
|
|
|
|
xmlSecAssert2(data != NULL, NULL);
|
|
ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
|
|
if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
"xmlSecNssPKIKeyDataAdoptKey",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlSecKeyDataDestroy(data);
|
|
! return(NULL);
|
|
}
|
|
return(data);
|
|
}
|
|
***************
|
|
*** 263,269 ****
|
|
xmlSecAssert2(ctx != NULL, NULL);
|
|
xmlSecAssert2(ctx->pubkey != NULL, NULL);
|
|
|
|
! ret = SECKEY_CopyPublicKey(ctx->pubkey);
|
|
return(ret);
|
|
}
|
|
|
|
--- 302,308 ----
|
|
xmlSecAssert2(ctx != NULL, NULL);
|
|
xmlSecAssert2(ctx->pubkey != NULL, NULL);
|
|
|
|
! ret = SECKEY_CopyPublicKey(ctx->pubkey);
|
|
return(ret);
|
|
}
|
|
|
|
***************
|
|
*** 312,320 ****
|
|
xmlSecAssert2(ctx != NULL, nullKey);
|
|
|
|
if (ctx->pubkey != NULL) {
|
|
! kt = SECKEY_GetPublicKeyType(ctx->pubkey);
|
|
} else {
|
|
! kt = SECKEY_GetPrivateKeyType(ctx->privkey);
|
|
}
|
|
return(kt);
|
|
}
|
|
--- 351,359 ----
|
|
xmlSecAssert2(ctx != NULL, nullKey);
|
|
|
|
if (ctx->pubkey != NULL) {
|
|
! kt = SECKEY_GetPublicKeyType(ctx->pubkey);
|
|
} else {
|
|
! kt = SECKEY_GetPrivateKeyType(ctx->privkey);
|
|
}
|
|
return(kt);
|
|
}
|
|
***************
|
|
*** 553,565 ****
|
|
goto done;
|
|
}
|
|
|
|
! slot = PK11_GetBestSlot(CKM_DSA, NULL);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "PK11_GetBestSlot",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
--- 592,604 ----
|
|
goto done;
|
|
}
|
|
|
|
! slot = xmlSecNssSlotGet(CKM_DSA);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssSlotGet",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
***************
|
|
*** 570,576 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"PORT_NewArena",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
--- 609,615 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"PORT_NewArena",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
***************
|
|
*** 582,588 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"PORT_ArenaZAlloc",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
PORT_FreeArena(arena, PR_FALSE);
|
|
ret = -1;
|
|
goto done;
|
|
--- 621,627 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"PORT_ArenaZAlloc",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
PORT_FreeArena(arena, PR_FALSE);
|
|
ret = -1;
|
|
goto done;
|
|
***************
|
|
*** 750,770 ****
|
|
goto done;
|
|
}
|
|
data = NULL;
|
|
-
|
|
ret = 0;
|
|
|
|
done:
|
|
if (slot != NULL) {
|
|
! PK11_FreeSlot(slot);
|
|
}
|
|
! if (ret != 0) {
|
|
! if (pubkey != NULL) {
|
|
! SECKEY_DestroyPublicKey(pubkey);
|
|
! }
|
|
! if (data != NULL) {
|
|
! xmlSecKeyDataDestroy(data);
|
|
! }
|
|
}
|
|
return(ret);
|
|
}
|
|
|
|
--- 789,809 ----
|
|
goto done;
|
|
}
|
|
data = NULL;
|
|
ret = 0;
|
|
|
|
done:
|
|
if (slot != NULL) {
|
|
! PK11_FreeSlot(slot);
|
|
}
|
|
!
|
|
! if (pubkey != NULL) {
|
|
! SECKEY_DestroyPublicKey(pubkey);
|
|
! }
|
|
!
|
|
! if (data != NULL) {
|
|
! xmlSecKeyDataDestroy(data);
|
|
}
|
|
+
|
|
return(ret);
|
|
}
|
|
|
|
***************
|
|
*** 783,789 ****
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
|
|
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
|
|
/* we can have only private key or public key */
|
|
--- 822,828 ----
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
|
|
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
|
|
/* we can have only private key or public key */
|
|
***************
|
|
*** 905,911 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_PQG_ParamGen",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "size=%d", sizeBits);
|
|
goto done;
|
|
}
|
|
|
|
--- 944,951 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_PQG_ParamGen",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "size=%d, error code=%d", sizeBits, PORT_GetError());
|
|
! ret = -1;
|
|
goto done;
|
|
}
|
|
|
|
***************
|
|
*** 915,925 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_PQG_VerifyParams",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "size=%d", sizeBits);
|
|
goto done;
|
|
}
|
|
|
|
! slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
|
|
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
|
|
privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
|
|
&pubkey, PR_FALSE, PR_TRUE, NULL);
|
|
--- 955,966 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_PQG_VerifyParams",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "size=%d, error code=%d", sizeBits, PORT_GetError());
|
|
! ret = -1;
|
|
goto done;
|
|
}
|
|
|
|
! slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
|
|
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
|
|
privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
|
|
&pubkey, PR_FALSE, PR_TRUE, NULL);
|
|
***************
|
|
*** 929,936 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_GenerateKeyPair",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
|
|
goto done;
|
|
}
|
|
|
|
--- 970,978 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_GenerateKeyPair",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
|
|
+ ret = -1;
|
|
goto done;
|
|
}
|
|
|
|
***************
|
|
*** 943,971 ****
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
goto done;
|
|
}
|
|
!
|
|
ret = 0;
|
|
|
|
done:
|
|
if (slot != NULL) {
|
|
! PK11_FreeSlot(slot);
|
|
}
|
|
if (pqgParams != NULL) {
|
|
! PK11_PQG_DestroyParams(pqgParams);
|
|
}
|
|
if (pqgVerify != NULL) {
|
|
! PK11_PQG_DestroyVerify(pqgVerify);
|
|
! }
|
|
! if (ret == 0) {
|
|
! return (0);
|
|
}
|
|
if (pubkey != NULL) {
|
|
! SECKEY_DestroyPublicKey(pubkey);
|
|
}
|
|
if (privkey != NULL) {
|
|
! SECKEY_DestroyPrivateKey(privkey);
|
|
}
|
|
! return(-1);
|
|
}
|
|
|
|
static xmlSecKeyDataType
|
|
--- 985,1016 ----
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
goto done;
|
|
}
|
|
! privkey = NULL ;
|
|
! pubkey = NULL ;
|
|
ret = 0;
|
|
|
|
done:
|
|
if (slot != NULL) {
|
|
! PK11_FreeSlot(slot);
|
|
}
|
|
+
|
|
if (pqgParams != NULL) {
|
|
! PK11_PQG_DestroyParams(pqgParams);
|
|
}
|
|
+
|
|
if (pqgVerify != NULL) {
|
|
! PK11_PQG_DestroyVerify(pqgVerify);
|
|
}
|
|
+
|
|
if (pubkey != NULL) {
|
|
! SECKEY_DestroyPublicKey(pubkey);
|
|
}
|
|
+
|
|
if (privkey != NULL) {
|
|
! SECKEY_DestroyPrivateKey(privkey);
|
|
}
|
|
!
|
|
! return(ret);
|
|
}
|
|
|
|
static xmlSecKeyDataType
|
|
***************
|
|
*** 975,985 ****
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
if (ctx->privkey != NULL) {
|
|
! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
|
|
! } else {
|
|
! return(xmlSecKeyDataTypePublic);
|
|
}
|
|
|
|
return(xmlSecKeyDataTypeUnknown);
|
|
--- 1020,1030 ----
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
if (ctx->privkey != NULL) {
|
|
! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
|
|
! } else if( ctx->pubkey != NULL ) {
|
|
! return(xmlSecKeyDataTypePublic);
|
|
}
|
|
|
|
return(xmlSecKeyDataTypeUnknown);
|
|
***************
|
|
*** 992,998 ****
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
|
|
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
|
|
}
|
|
--- 1037,1043 ----
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
|
|
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
|
|
}
|
|
***************
|
|
*** 1181,1193 ****
|
|
goto done;
|
|
}
|
|
|
|
! slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "PK11_GetBestSlot",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
--- 1226,1238 ----
|
|
goto done;
|
|
}
|
|
|
|
! slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssSlotGet",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
***************
|
|
*** 1198,1204 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"PORT_NewArena",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
--- 1243,1249 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"PORT_NewArena",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
***************
|
|
*** 1210,1216 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"PORT_ArenaZAlloc",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
PORT_FreeArena(arena, PR_FALSE);
|
|
ret = -1;
|
|
goto done;
|
|
--- 1255,1261 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
"PORT_ArenaZAlloc",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
PORT_FreeArena(arena, PR_FALSE);
|
|
ret = -1;
|
|
goto done;
|
|
***************
|
|
*** 1349,1355 ****
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
|
|
|
|
|
|
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
|
|
--- 1394,1400 ----
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
|
|
|
|
|
|
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
|
|
***************
|
|
*** 1420,1426 ****
|
|
params.keySizeInBits = sizeBits;
|
|
params.pe = 65537;
|
|
|
|
! slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
|
|
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
|
|
privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms,
|
|
&pubkey, PR_FALSE, PR_TRUE, NULL);
|
|
--- 1465,1471 ----
|
|
params.keySizeInBits = sizeBits;
|
|
params.pe = 65537;
|
|
|
|
! slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
|
|
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
|
|
privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms,
|
|
&pubkey, PR_FALSE, PR_TRUE, NULL);
|
|
***************
|
|
*** 1430,1436 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_GenerateKeyPair",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
|
|
goto done;
|
|
}
|
|
--- 1475,1481 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_GenerateKeyPair",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
|
|
goto done;
|
|
}
|
|
***************
|
|
*** 1472,1478 ****
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
|
|
if (ctx->privkey != NULL) {
|
|
return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
|
|
} else {
|
|
--- 1517,1523 ----
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
|
|
if (ctx->privkey != NULL) {
|
|
return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
|
|
} else {
|
|
***************
|
|
*** 1490,1496 ****
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
|
|
|
|
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
|
|
}
|
|
--- 1535,1541 ----
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
|
|
|
|
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
|
|
}
|
|
*** misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 02:58:15.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2005-05-09 19:54:13.228627881 +0200
|
|
***************
|
|
*** 199,205 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SGN_NewContext",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
} else {
|
|
--- 199,205 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SGN_NewContext",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
} else {
|
|
***************
|
|
*** 222,228 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"VFY_CreateContext",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
}
|
|
--- 222,228 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"VFY_CreateContext",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
}
|
|
***************
|
|
*** 282,288 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"VFY_Update, VFY_End",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
|
|
if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
--- 282,288 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"VFY_Update, VFY_End",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
|
|
if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
***************
|
|
*** 341,347 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SGN_Begin",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
} else {
|
|
--- 341,347 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SGN_Begin",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
} else {
|
|
***************
|
|
*** 351,357 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"VFY_Begin",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
}
|
|
--- 351,357 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"VFY_Begin",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
}
|
|
***************
|
|
*** 368,374 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SGN_Update",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
} else {
|
|
--- 368,374 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SGN_Update",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
} else {
|
|
***************
|
|
*** 378,384 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"VFY_Update",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
}
|
|
--- 378,384 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"VFY_Update",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
}
|
|
***************
|
|
*** 404,410 ****
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SGN_End",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
--- 404,410 ----
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
"SGN_End",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
*** misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 05:12:52.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2005-05-09 19:54:13.232627544 +0200
|
|
***************
|
|
*** 15,192 ****
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
#include <xmlsec/xmlsec.h>
|
|
#include <xmlsec/xmltree.h>
|
|
#include <xmlsec/keys.h>
|
|
#include <xmlsec/keyinfo.h>
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
|
|
/*****************************************************************************
|
|
*
|
|
! * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
|
|
*
|
|
****************************************************************************/
|
|
! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
|
|
! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
|
|
! xmlSecKeyDataPtr src);
|
|
! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
|
|
! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
|
|
! xmlSecKeyPtr key,
|
|
! xmlNodePtr node,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
|
|
! xmlSecKeyPtr key,
|
|
! xmlNodePtr node,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
|
|
! xmlSecKeyPtr key,
|
|
! const xmlSecByte* buf,
|
|
! xmlSecSize bufSize,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
|
|
! xmlSecKeyPtr key,
|
|
! xmlSecByte** buf,
|
|
! xmlSecSize* bufSize,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
|
|
! xmlSecSize sizeBits,
|
|
! xmlSecKeyDataType type);
|
|
!
|
|
! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
|
|
! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
|
|
! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
|
|
! FILE* output);
|
|
! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
|
|
! FILE* output);
|
|
! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
|
|
|
|
#define xmlSecNssSymKeyDataCheckId(data) \
|
|
(xmlSecKeyDataIsValid((data)) && \
|
|
xmlSecNssSymKeyDataKlassCheck((data)->id))
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
|
|
!
|
|
! return(xmlSecKeyDataBinaryValueInitialize(data));
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
|
|
xmlSecAssert2(dst->id == src->id, -1);
|
|
!
|
|
! return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
!
|
|
! xmlSecKeyDataBinaryValueFinalize(data);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
|
|
! return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
|
|
! return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
! const xmlSecByte* buf, xmlSecSize bufSize,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
|
|
! return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
! xmlSecByte** buf, xmlSecSize* bufSize,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
|
|
! return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
|
|
! xmlSecBufferPtr buffer;
|
|
!
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
|
|
xmlSecAssert2(sizeBits > 0, -1);
|
|
|
|
! buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
|
|
! xmlSecAssert2(buffer != NULL, -1);
|
|
!
|
|
! return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
|
|
}
|
|
|
|
static xmlSecKeyDataType
|
|
xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
|
|
! xmlSecBufferPtr buffer;
|
|
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
|
|
|
|
! buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
|
|
! xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
|
|
|
|
! return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
|
|
}
|
|
|
|
static xmlSecSize
|
|
xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
|
|
!
|
|
! return(xmlSecKeyDataBinaryValueGetSize(data));
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
|
|
! xmlSecKeyDataBinaryValueDebugDump(data, output);
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
|
|
! xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
|
|
#ifndef XMLSEC_NO_DES
|
|
if(klass == xmlSecNssKeyDataDesId) {
|
|
! return(1);
|
|
}
|
|
#endif /* XMLSEC_NO_DES */
|
|
|
|
#ifndef XMLSEC_NO_AES
|
|
if(klass == xmlSecNssKeyDataAesId) {
|
|
! return(1);
|
|
}
|
|
#endif /* XMLSEC_NO_AES */
|
|
|
|
#ifndef XMLSEC_NO_HMAC
|
|
if(klass == xmlSecNssKeyDataHmacId) {
|
|
! return(1);
|
|
}
|
|
#endif /* XMLSEC_NO_HMAC */
|
|
|
|
--- 15,851 ----
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
+ #include <pk11func.h>
|
|
+ #include <nss.h>
|
|
+
|
|
#include <xmlsec/xmlsec.h>
|
|
#include <xmlsec/xmltree.h>
|
|
+ #include <xmlsec/base64.h>
|
|
#include <xmlsec/keys.h>
|
|
#include <xmlsec/keyinfo.h>
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
+ #include <xmlsec/nss/ciphers.h>
|
|
+ #include <xmlsec/nss/tokens.h>
|
|
|
|
/*****************************************************************************
|
|
*
|
|
! * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
|
|
*
|
|
****************************************************************************/
|
|
! typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
|
|
! typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
|
|
!
|
|
! struct _xmlSecNssSymKeyDataCtx {
|
|
! CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
|
|
! PK11SlotInfo* slot ; /* the key resident slot */
|
|
! PK11SymKey* symkey ; /* the symmetic key */
|
|
! } ;
|
|
!
|
|
! #define xmlSecNssSymKeyDataSize \
|
|
! ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
|
|
!
|
|
! #define xmlSecNssSymKeyDataGetCtx( data ) \
|
|
! ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
|
|
!
|
|
!
|
|
! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
|
|
! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
|
|
! xmlSecKeyDataPtr src);
|
|
! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
|
|
! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
|
|
! xmlSecKeyPtr key,
|
|
! xmlNodePtr node,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
|
|
! xmlSecKeyPtr key,
|
|
! xmlNodePtr node,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
|
|
! xmlSecKeyPtr key,
|
|
! const xmlSecByte* buf,
|
|
! xmlSecSize bufSize,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
|
|
! xmlSecKeyPtr key,
|
|
! xmlSecByte** buf,
|
|
! xmlSecSize* bufSize,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
|
|
! xmlSecSize sizeBits,
|
|
! xmlSecKeyDataType type);
|
|
!
|
|
! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
|
|
! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
|
|
! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
|
|
! FILE* output);
|
|
! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
|
|
! FILE* output);
|
|
! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
|
|
|
|
#define xmlSecNssSymKeyDataCheckId(data) \
|
|
(xmlSecKeyDataIsValid((data)) && \
|
|
xmlSecNssSymKeyDataKlassCheck((data)->id))
|
|
|
|
+ /**
|
|
+ * xmlSecNssSymKeyDataAdoptKey:
|
|
+ * @data: the pointer to symmetric key data.
|
|
+ * @symkey: the symmetric key
|
|
+ *
|
|
+ * Set the value of symmetric key data.
|
|
+ *
|
|
+ * Returns 0 on success or a negative value if an error occurs.
|
|
+ */
|
|
+ int
|
|
+ xmlSecNssSymKeyDataAdoptKey(
|
|
+ xmlSecKeyDataPtr data ,
|
|
+ PK11SymKey* symkey
|
|
+ ) {
|
|
+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
|
|
+
|
|
+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
|
|
+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
|
|
+ xmlSecAssert2( symkey != NULL, -1 ) ;
|
|
+
|
|
+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
|
|
+ xmlSecAssert2(context != NULL, -1);
|
|
+
|
|
+ context->cipher = PK11_GetMechanism( symkey ) ;
|
|
+
|
|
+ if( context->slot != NULL ) {
|
|
+ PK11_FreeSlot( context->slot ) ;
|
|
+ context->slot = NULL ;
|
|
+ }
|
|
+ context->slot = PK11_GetSlotFromKey( symkey ) ;
|
|
+
|
|
+ if( context->symkey != NULL ) {
|
|
+ PK11_FreeSymKey( context->symkey ) ;
|
|
+ context->symkey = NULL ;
|
|
+ }
|
|
+ context->symkey = PK11_ReferenceSymKey( symkey ) ;
|
|
+
|
|
+ return 0 ;
|
|
+ }
|
|
+
|
|
+ xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
|
|
+ PK11SymKey* symKey
|
|
+ ) {
|
|
+ xmlSecKeyDataPtr data = NULL ;
|
|
+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
|
|
+
|
|
+ xmlSecAssert2( symKey != NULL , NULL ) ;
|
|
+
|
|
+ mechanism = PK11_GetMechanism( symKey ) ;
|
|
+ switch( mechanism ) {
|
|
+ case CKM_DES3_KEY_GEN :
|
|
+ case CKM_DES3_CBC :
|
|
+ case CKM_DES3_MAC :
|
|
+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
|
|
+ if( data == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ "xmlSecKeyDataCreate" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ "xmlSecNssKeyDataDesId" ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+ break ;
|
|
+ case CKM_AES_KEY_GEN :
|
|
+ case CKM_AES_CBC :
|
|
+ case CKM_AES_MAC :
|
|
+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
|
|
+ if( data == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ "xmlSecKeyDataCreate" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ "xmlSecNssKeyDataDesId" ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+ break ;
|
|
+ default :
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ NULL ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ "Unsupported mechanism" ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+
|
|
+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ "xmlSecNssSymKeyDataAdoptKey" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+
|
|
+ return data ;
|
|
+ }
|
|
+
|
|
+
|
|
+ PK11SymKey*
|
|
+ xmlSecNssSymKeyDataGetKey(
|
|
+ xmlSecKeyDataPtr data
|
|
+ ) {
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+ PK11SymKey* symkey ;
|
|
+
|
|
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
|
|
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
|
|
+
|
|
+ ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
+ xmlSecAssert2(ctx != NULL, NULL);
|
|
+
|
|
+ if( ctx->symkey != NULL ) {
|
|
+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
|
|
+ } else {
|
|
+ symkey = NULL ;
|
|
+ }
|
|
+
|
|
+ return(symkey);
|
|
+ }
|
|
+
|
|
static int
|
|
xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
|
|
! xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
|
|
!
|
|
! ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
!
|
|
! memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
|
|
!
|
|
! /* Set the block cipher mechanism */
|
|
! #ifndef XMLSEC_NO_DES
|
|
! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
|
|
! ctx->cipher = CKM_DES3_KEY_GEN;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_DES */
|
|
!
|
|
! #ifndef XMLSEC_NO_AES
|
|
! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
|
|
! ctx->cipher = CKM_AES_KEY_GEN;
|
|
! } else
|
|
! #endif /* XMLSEC_NO_AES */
|
|
!
|
|
! if(1) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! "Unsupported block cipher" ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! return(0);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
|
|
+ xmlSecNssSymKeyDataCtxPtr ctxDst;
|
|
+ xmlSecNssSymKeyDataCtxPtr ctxSrc;
|
|
+
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
|
|
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
|
|
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
|
|
xmlSecAssert2(dst->id == src->id, -1);
|
|
!
|
|
! ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
|
|
! xmlSecAssert2(ctxDst != NULL, -1);
|
|
!
|
|
! ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
|
|
! xmlSecAssert2(ctxSrc != NULL, -1);
|
|
!
|
|
! ctxDst->cipher = ctxSrc->cipher ;
|
|
!
|
|
! if( ctxSrc->slot != NULL ) {
|
|
! if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
|
|
! PK11_FreeSlot( ctxDst->slot ) ;
|
|
! ctxDst->slot = NULL ;
|
|
! }
|
|
!
|
|
! if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
|
|
! ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
|
|
! } else {
|
|
! if( ctxDst->slot != NULL ) {
|
|
! PK11_FreeSlot( ctxDst->slot ) ;
|
|
! ctxDst->slot = NULL ;
|
|
! }
|
|
! }
|
|
!
|
|
! if( ctxSrc->symkey != NULL ) {
|
|
! if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
|
|
! PK11_FreeSymKey( ctxDst->symkey ) ;
|
|
! ctxDst->symkey = NULL ;
|
|
! }
|
|
!
|
|
! if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
|
|
! ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
|
|
! } else {
|
|
! if( ctxDst->symkey != NULL ) {
|
|
! PK11_FreeSymKey( ctxDst->symkey ) ;
|
|
! ctxDst->symkey = NULL ;
|
|
! }
|
|
! }
|
|
!
|
|
! return(0);
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
! xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
|
|
!
|
|
! ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
! xmlSecAssert(ctx != NULL);
|
|
!
|
|
! if( ctx->slot != NULL ) {
|
|
! PK11_FreeSlot( ctx->slot ) ;
|
|
! ctx->slot = NULL ;
|
|
! }
|
|
!
|
|
! if( ctx->symkey != NULL ) {
|
|
! PK11_FreeSymKey( ctx->symkey ) ;
|
|
! ctx->symkey = NULL ;
|
|
! }
|
|
!
|
|
! ctx->cipher = CKM_INVALID_MECHANISM ;
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
! PK11SymKey* symKey ;
|
|
! PK11SlotInfo* slot ;
|
|
! xmlSecBufferPtr keyBuf;
|
|
! xmlSecSize len;
|
|
! xmlSecKeyDataPtr data;
|
|
! xmlSecNssSymKeyDataCtxPtr ctx;
|
|
! SECItem keyItem ;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
|
|
! xmlSecAssert2(key != NULL, -1);
|
|
! xmlSecAssert2(node != NULL, -1);
|
|
! xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
!
|
|
! /* Create a new KeyData from a id */
|
|
! data = xmlSecKeyDataCreate(id);
|
|
! if(data == NULL ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecKeyDataCreate",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
!
|
|
! /* Create a buffer for raw symmetric key value */
|
|
! if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecBufferCreate" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! /* Read the raw key value */
|
|
! if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecBufferDestroy( keyBuf ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! /* Get slot */
|
|
! slot = xmlSecNssSlotGet(ctx->cipher);
|
|
! if( slot == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssSlotGet" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecBufferDestroy( keyBuf ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! /* Wrap the raw key value SECItem */
|
|
! keyItem.type = siBuffer ;
|
|
! keyItem.data = xmlSecBufferGetData( keyBuf ) ;
|
|
! keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
|
|
!
|
|
! /* Import the raw key into slot temporalily and get the key handler*/
|
|
! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
|
|
! if( symKey == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "PK11_ImportSymKey" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! PK11_FreeSlot( slot ) ;
|
|
! xmlSecBufferDestroy( keyBuf ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
! PK11_FreeSlot( slot ) ;
|
|
!
|
|
! /* raw key material has been copied into symKey, it isn't used any more */
|
|
! xmlSecBufferDestroy( keyBuf ) ;
|
|
|
|
! /* Adopt the symmetric key into key data */
|
|
! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecKeyDataBinaryValueSetBuffer",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1);
|
|
! }
|
|
! /* symKey has been duplicated into data, it isn't used any more */
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
!
|
|
! /* Check value */
|
|
! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecKeyReqMatchKeyValue",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(0);
|
|
! }
|
|
!
|
|
! ret = xmlSecKeySetValue(key, data);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecKeySetValue",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
! PK11SymKey* symKey ;
|
|
!
|
|
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
+ xmlSecAssert2(key != NULL, -1);
|
|
+ xmlSecAssert2(node != NULL, -1);
|
|
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
+
|
|
+ /* Get symmetric key from "key" */
|
|
+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
|
|
+ if( symKey != NULL ) {
|
|
+ SECItem* keyItem ;
|
|
+ xmlSecBufferPtr keyBuf ;
|
|
+
|
|
+ /* Extract raw key data from symmetric key */
|
|
+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_ExtractKeyValue",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ /* Get raw key data from "symKey" */
|
|
+ keyItem = PK11_GetKeyData( symKey ) ;
|
|
+ if(keyItem == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_GetKeyData",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ /* Create key data buffer with raw kwy material */
|
|
+ keyBuf = xmlSecBufferCreate(keyItem->len) ;
|
|
+ if(keyBuf == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecBufferCreate",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
|
|
+
|
|
+ /* Write raw key material into current xml node */
|
|
+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecBufferBase64NodeContentWrite",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlSecBufferDestroy(keyBuf);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+ xmlSecBufferDestroy(keyBuf);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ }
|
|
|
|
! return 0 ;
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
! const xmlSecByte* buf, xmlSecSize bufSize,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
! PK11SymKey* symKey ;
|
|
! PK11SlotInfo* slot ;
|
|
! xmlSecKeyDataPtr data;
|
|
! xmlSecNssSymKeyDataCtxPtr ctx;
|
|
! SECItem keyItem ;
|
|
! int ret;
|
|
|
|
! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
|
|
! xmlSecAssert2(key != NULL, -1);
|
|
! xmlSecAssert2(buf != NULL, -1);
|
|
! xmlSecAssert2(bufSize != 0, -1);
|
|
! xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
!
|
|
! /* Create a new KeyData from a id */
|
|
! data = xmlSecKeyDataCreate(id);
|
|
! if(data == NULL ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecKeyDataCreate",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
!
|
|
! /* Get slot */
|
|
! slot = xmlSecNssSlotGet(ctx->cipher);
|
|
! if( slot == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssSlotGet" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! /* Wrap the raw key value SECItem */
|
|
! keyItem.type = siBuffer ;
|
|
! keyItem.data = buf ;
|
|
! keyItem.len = bufSize ;
|
|
!
|
|
! /* Import the raw key into slot temporalily and get the key handler*/
|
|
! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
|
|
! if( symKey == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "PK11_ImportSymKey" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSlot( slot ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! /* Adopt the symmetric key into key data */
|
|
! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecKeyDataBinaryValueSetBuffer",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! PK11_FreeSlot( slot ) ;
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1);
|
|
! }
|
|
! /* symKey has been duplicated into data, it isn't used any more */
|
|
! PK11_FreeSymKey( symKey ) ;
|
|
! PK11_FreeSlot( slot ) ;
|
|
!
|
|
! /* Check value */
|
|
! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecKeyReqMatchKeyValue",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(0);
|
|
! }
|
|
!
|
|
! ret = xmlSecKeySetValue(key, data);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecKeySetValue",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! xmlSecKeyDataDestroy( data ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! return(0);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
! xmlSecByte** buf, xmlSecSize* bufSize,
|
|
! xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
! PK11SymKey* symKey ;
|
|
!
|
|
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
+ xmlSecAssert2(key != NULL, -1);
|
|
+ xmlSecAssert2(buf != NULL, -1);
|
|
+ xmlSecAssert2(bufSize != 0, -1);
|
|
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
+
|
|
+ /* Get symmetric key from "key" */
|
|
+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
|
|
+ if( symKey != NULL ) {
|
|
+ SECItem* keyItem ;
|
|
+
|
|
+ /* Extract raw key data from symmetric key */
|
|
+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_ExtractKeyValue",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ /* Get raw key data from "symKey" */
|
|
+ keyItem = PK11_GetKeyData( symKey ) ;
|
|
+ if(keyItem == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_GetKeyData",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ *bufSize = keyItem->len;
|
|
+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
|
|
+ if( *buf == NULL ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ NULL,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ memcpy((*buf), keyItem->data, (*bufSize));
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ }
|
|
|
|
! return 0 ;
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
|
|
! PK11SymKey* symkey ;
|
|
! PK11SlotInfo* slot ;
|
|
! xmlSecNssSymKeyDataCtxPtr ctx;
|
|
! int ret;
|
|
!
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
|
|
xmlSecAssert2(sizeBits > 0, -1);
|
|
|
|
! ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
!
|
|
! if( sizeBits % 8 != 0 ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "Symmetric key size must be octuple");
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* Get slot */
|
|
! slot = xmlSecNssSlotGet(ctx->cipher);
|
|
! if( slot == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! "xmlSecNssSlotGet" ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1) ;
|
|
! }
|
|
!
|
|
! if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
! "PK11_Authenticate" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSlot( slot ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
|
|
! if( symkey == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
! "PK11_KeyGen" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSlot( slot ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! if( ctx->slot != NULL ) {
|
|
! PK11_FreeSlot( ctx->slot ) ;
|
|
! ctx->slot = NULL ;
|
|
! }
|
|
! ctx->slot = slot ;
|
|
!
|
|
! if( ctx->symkey != NULL ) {
|
|
! PK11_FreeSymKey( ctx->symkey ) ;
|
|
! ctx->symkey = NULL ;
|
|
! }
|
|
! ctx->symkey = symkey ;
|
|
!
|
|
! return 0 ;
|
|
}
|
|
|
|
static xmlSecKeyDataType
|
|
xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
|
|
! xmlSecNssSymKeyDataCtxPtr context = NULL ;
|
|
! xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
|
|
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
|
|
+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
|
|
|
|
! context = xmlSecNssSymKeyDataGetCtx( data ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
! "xmlSecNssSymKeyDataGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return xmlSecKeyDataTypeUnknown ;
|
|
! }
|
|
!
|
|
! if( context->symkey != NULL ) {
|
|
! type |= xmlSecKeyDataTypeSymmetric ;
|
|
! } else {
|
|
! type |= xmlSecKeyDataTypeUnknown ;
|
|
! }
|
|
|
|
! return type ;
|
|
}
|
|
|
|
static xmlSecSize
|
|
xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
|
|
+ xmlSecNssSymKeyDataCtxPtr context ;
|
|
+ unsigned int length = 0 ;
|
|
+
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
|
|
! xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
|
|
!
|
|
! context = xmlSecNssSymKeyDataGetCtx( data ) ;
|
|
! if( context == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
! "xmlSecNssSymKeyDataGetCtx" ,
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return 0 ;
|
|
! }
|
|
!
|
|
! if( context->symkey != NULL ) {
|
|
! length = PK11_GetKeyLength( context->symkey ) ;
|
|
! length *= 8 ;
|
|
! }
|
|
!
|
|
! return length ;
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
|
|
! /* print only size, everything else is sensitive */
|
|
! fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
|
|
! xmlSecKeyDataGetSize(data)) ;
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
|
|
! /* print only size, everything else is sensitive */
|
|
! fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
|
|
! xmlSecKeyDataGetSize(data)) ;
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
|
|
#ifndef XMLSEC_NO_DES
|
|
if(klass == xmlSecNssKeyDataDesId) {
|
|
! return(1);
|
|
}
|
|
#endif /* XMLSEC_NO_DES */
|
|
|
|
#ifndef XMLSEC_NO_AES
|
|
if(klass == xmlSecNssKeyDataAesId) {
|
|
! return(1);
|
|
}
|
|
#endif /* XMLSEC_NO_AES */
|
|
|
|
#ifndef XMLSEC_NO_HMAC
|
|
if(klass == xmlSecNssKeyDataHmacId) {
|
|
! return(1);
|
|
}
|
|
#endif /* XMLSEC_NO_HMAC */
|
|
|
|
***************
|
|
*** 201,240 ****
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
! xmlSecKeyDataBinarySize,
|
|
|
|
/* data */
|
|
xmlSecNameAESKeyValue,
|
|
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
|
|
! /* xmlSecKeyDataUsage usage; */
|
|
! xmlSecHrefAESKeyValue, /* const xmlChar* href; */
|
|
! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
|
|
! xmlSecNs, /* const xmlChar* dataNodeNs; */
|
|
|
|
/* constructors/destructor */
|
|
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
|
|
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
|
|
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
|
|
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
|
|
|
|
/* get info */
|
|
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
|
|
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
|
|
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
|
|
|
|
/* read/write */
|
|
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
|
|
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
|
|
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
|
|
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
|
|
|
|
/* debug */
|
|
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
|
|
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
|
|
|
|
/* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
};
|
|
|
|
/**
|
|
--- 860,899 ----
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
! xmlSecNssSymKeyDataSize,
|
|
|
|
/* data */
|
|
xmlSecNameAESKeyValue,
|
|
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
|
|
! /* xmlSecKeyDataUsage usage; */
|
|
! xmlSecHrefAESKeyValue, /* const xmlChar* href; */
|
|
! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
|
|
! xmlSecNs, /* const xmlChar* dataNodeNs; */
|
|
|
|
/* constructors/destructor */
|
|
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
|
|
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
|
|
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
|
|
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
|
|
|
|
/* get info */
|
|
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
|
|
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
|
|
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
|
|
|
|
/* read/write */
|
|
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
|
|
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
|
|
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
|
|
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
|
|
|
|
/* debug */
|
|
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
|
|
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
|
|
|
|
/* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
};
|
|
|
|
/**
|
|
***************
|
|
*** 251,259 ****
|
|
|
|
/**
|
|
* xmlSecNssKeyDataAesSet:
|
|
! * @data: the pointer to AES key data.
|
|
! * @buf: the pointer to key value.
|
|
! * @bufSize: the key value size (in bytes).
|
|
*
|
|
* Sets the value of AES key data.
|
|
*
|
|
--- 910,918 ----
|
|
|
|
/**
|
|
* xmlSecNssKeyDataAesSet:
|
|
! * @data: the pointer to AES key data.
|
|
! * @buf: the pointer to key value.
|
|
! * @bufSize: the key value size (in bytes).
|
|
*
|
|
* Sets the value of AES key data.
|
|
*
|
|
***************
|
|
*** 282,321 ****
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
! xmlSecKeyDataBinarySize,
|
|
|
|
/* data */
|
|
xmlSecNameDESKeyValue,
|
|
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
|
|
! /* xmlSecKeyDataUsage usage; */
|
|
! xmlSecHrefDESKeyValue, /* const xmlChar* href; */
|
|
! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
|
|
! xmlSecNs, /* const xmlChar* dataNodeNs; */
|
|
|
|
/* constructors/destructor */
|
|
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
|
|
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
|
|
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
|
|
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
|
|
|
|
/* get info */
|
|
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
|
|
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
|
|
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
|
|
|
|
/* read/write */
|
|
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
|
|
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
|
|
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
|
|
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
|
|
|
|
/* debug */
|
|
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
|
|
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
|
|
|
|
/* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
};
|
|
|
|
/**
|
|
--- 941,980 ----
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
! xmlSecNssSymKeyDataSize,
|
|
|
|
/* data */
|
|
xmlSecNameDESKeyValue,
|
|
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
|
|
! /* xmlSecKeyDataUsage usage; */
|
|
! xmlSecHrefDESKeyValue, /* const xmlChar* href; */
|
|
! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
|
|
! xmlSecNs, /* const xmlChar* dataNodeNs; */
|
|
|
|
/* constructors/destructor */
|
|
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
|
|
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
|
|
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
|
|
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
|
|
|
|
/* get info */
|
|
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
|
|
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
|
|
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
|
|
|
|
/* read/write */
|
|
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
|
|
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
|
|
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
|
|
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
|
|
|
|
/* debug */
|
|
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
|
|
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
|
|
|
|
/* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
};
|
|
|
|
/**
|
|
***************
|
|
*** 332,340 ****
|
|
|
|
/**
|
|
* xmlSecNssKeyDataDesSet:
|
|
! * @data: the pointer to DES key data.
|
|
! * @buf: the pointer to key value.
|
|
! * @bufSize: the key value size (in bytes).
|
|
*
|
|
* Sets the value of DES key data.
|
|
*
|
|
--- 991,999 ----
|
|
|
|
/**
|
|
* xmlSecNssKeyDataDesSet:
|
|
! * @data: the pointer to DES key data.
|
|
! * @buf: the pointer to key value.
|
|
! * @bufSize: the key value size (in bytes).
|
|
*
|
|
* Sets the value of DES key data.
|
|
*
|
|
***************
|
|
*** 364,403 ****
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
! xmlSecKeyDataBinarySize,
|
|
|
|
/* data */
|
|
xmlSecNameHMACKeyValue,
|
|
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
|
|
! /* xmlSecKeyDataUsage usage; */
|
|
! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
|
|
! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
|
|
! xmlSecNs, /* const xmlChar* dataNodeNs; */
|
|
|
|
/* constructors/destructor */
|
|
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
|
|
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
|
|
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
|
|
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
|
|
|
|
/* get info */
|
|
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
|
|
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
|
|
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
|
|
|
|
/* read/write */
|
|
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
|
|
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
|
|
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
|
|
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
|
|
|
|
/* debug */
|
|
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
|
|
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
|
|
|
|
/* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
};
|
|
|
|
/**
|
|
--- 1023,1062 ----
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
! xmlSecNssSymKeyDataSize,
|
|
|
|
/* data */
|
|
xmlSecNameHMACKeyValue,
|
|
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
|
|
! /* xmlSecKeyDataUsage usage; */
|
|
! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
|
|
! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
|
|
! xmlSecNs, /* const xmlChar* dataNodeNs; */
|
|
|
|
/* constructors/destructor */
|
|
! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
|
|
! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
|
|
! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
|
|
! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
|
|
|
|
/* get info */
|
|
! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
|
|
! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
|
|
! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
|
|
|
|
/* read/write */
|
|
! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
|
|
! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
|
|
! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
|
|
! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
|
|
|
|
/* debug */
|
|
! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
|
|
! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
|
|
|
|
/* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
};
|
|
|
|
/**
|
|
***************
|
|
*** 414,422 ****
|
|
|
|
/**
|
|
* xmlSecNssKeyDataHmacSet:
|
|
! * @data: the pointer to HMAC key data.
|
|
! * @buf: the pointer to key value.
|
|
! * @bufSize: the key value size (in bytes).
|
|
*
|
|
* Sets the value of HMAC key data.
|
|
*
|
|
--- 1073,1081 ----
|
|
|
|
/**
|
|
* xmlSecNssKeyDataHmacSet:
|
|
! * @data: the pointer to HMAC key data.
|
|
! * @buf: the pointer to key value.
|
|
! * @bufSize: the key value size (in bytes).
|
|
*
|
|
* Sets the value of HMAC key data.
|
|
*
|
|
*** misc/xmlsec1-1.2.6/src/nss/tokens.c 2005-05-09 19:55:57.269853046 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2005-05-09 19:54:13.234627375 +0200
|
|
***************
|
|
*** 1 ****
|
|
! dummy
|
|
--- 1,544 ----
|
|
! /**
|
|
! * XMLSec library
|
|
! *
|
|
! * This is free software; see Copyright file in the source
|
|
! * distribution for preciese wording.
|
|
! *
|
|
! * Copyright..................................
|
|
! *
|
|
! * Contributor(s): _____________________________
|
|
! *
|
|
! */
|
|
!
|
|
! /**
|
|
! * In order to ensure that particular crypto operation is performed on
|
|
! * particular crypto device, a subclass of xmlSecList is used to store slot and
|
|
! * mechanism information.
|
|
! *
|
|
! * In the list, a slot is bound with a mechanism. If the mechanism is available,
|
|
! * this mechanism only can perform on the slot; otherwise, it can perform on
|
|
! * every eligibl slot in the list.
|
|
! *
|
|
! * When try to find a slot for a particular mechanism, the slot bound with
|
|
! * avaliable mechanism will be looked up firstly.
|
|
! */
|
|
! #include "globals.h"
|
|
! #include <string.h>
|
|
!
|
|
! #include <xmlsec/xmlsec.h>
|
|
! #include <xmlsec/errors.h>
|
|
! #include <xmlsec/list.h>
|
|
!
|
|
! #include <xmlsec/nss/tokens.h>
|
|
!
|
|
! int
|
|
! xmlSecNssKeySlotSetMechList(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE_PTR mechanismList
|
|
! ) {
|
|
! int counter ;
|
|
!
|
|
! xmlSecAssert2( keySlot != NULL , -1 ) ;
|
|
!
|
|
! if( keySlot->mechanismList != CK_NULL_PTR ) {
|
|
! xmlFree( keySlot->mechanismList ) ;
|
|
!
|
|
! for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
|
|
! keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
|
|
! if( keySlot->mechanismList == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 );
|
|
! }
|
|
! for( ; counter >= 0 ; counter -- )
|
|
! *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
|
|
! }
|
|
!
|
|
! return( 0 );
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssKeySlotEnableMech(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE mechanism
|
|
! ) {
|
|
! int counter ;
|
|
! CK_MECHANISM_TYPE_PTR newList ;
|
|
!
|
|
! xmlSecAssert2( keySlot != NULL , -1 ) ;
|
|
!
|
|
! if( mechanism != CKM_INVALID_MECHANISM ) {
|
|
! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
|
|
! newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
|
|
! if( newList == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 );
|
|
! }
|
|
! *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
|
|
! *( newList + counter ) = mechanism ;
|
|
! for( counter -= 1 ; counter >= 0 ; counter -- )
|
|
! *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
|
|
!
|
|
! xmlFree( keySlot->mechanismList ) ;
|
|
! keySlot->mechanismList = newList ;
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssKeySlotDisableMech(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE mechanism
|
|
! ) {
|
|
! int counter ;
|
|
!
|
|
! xmlSecAssert2( keySlot != NULL , -1 ) ;
|
|
!
|
|
! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
|
|
! if( *( keySlot->mechanismList + counter ) == mechanism ) {
|
|
! for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
|
|
! *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
|
|
! }
|
|
!
|
|
! break ;
|
|
! }
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! CK_MECHANISM_TYPE_PTR
|
|
! xmlSecNssKeySlotGetMechList(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) {
|
|
! if( keySlot != NULL )
|
|
! return keySlot->mechanismList ;
|
|
! else
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssKeySlotSetSlot(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! PK11SlotInfo* slot
|
|
! ) {
|
|
! xmlSecAssert2( keySlot != NULL , -1 ) ;
|
|
!
|
|
! if( slot != NULL && keySlot->slot != slot ) {
|
|
! if( keySlot->slot != NULL )
|
|
! PK11_FreeSlot( keySlot->slot ) ;
|
|
!
|
|
! if( keySlot->mechanismList != NULL ) {
|
|
! xmlFree( keySlot->mechanismList ) ;
|
|
! keySlot->mechanismList = NULL ;
|
|
! }
|
|
!
|
|
! keySlot->slot = PK11_ReferenceSlot( slot ) ;
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssKeySlotInitialize(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! PK11SlotInfo* slot
|
|
! ) {
|
|
! xmlSecAssert2( keySlot != NULL , -1 ) ;
|
|
! xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
|
|
! xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
|
|
!
|
|
! if( slot != NULL ) {
|
|
! keySlot->slot = PK11_ReferenceSlot( slot ) ;
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! void
|
|
! xmlSecNssKeySlotFinalize(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) {
|
|
! xmlSecAssert( keySlot != NULL ) ;
|
|
!
|
|
! if( keySlot->mechanismList != NULL ) {
|
|
! xmlFree( keySlot->mechanismList ) ;
|
|
! keySlot->mechanismList = NULL ;
|
|
! }
|
|
!
|
|
! if( keySlot->slot != NULL ) {
|
|
! PK11_FreeSlot( keySlot->slot ) ;
|
|
! keySlot->slot = NULL ;
|
|
! }
|
|
!
|
|
! }
|
|
!
|
|
! PK11SlotInfo*
|
|
! xmlSecNssKeySlotGetSlot(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) {
|
|
! if( keySlot != NULL )
|
|
! return keySlot->slot ;
|
|
! else
|
|
! return NULL ;
|
|
! }
|
|
!
|
|
! xmlSecNssKeySlotPtr
|
|
! xmlSecNssKeySlotCreate() {
|
|
! xmlSecNssKeySlotPtr keySlot ;
|
|
!
|
|
! /* Allocates a new xmlSecNssKeySlot and fill the fields */
|
|
! keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
|
|
! if( keySlot == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( NULL );
|
|
! }
|
|
! memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
|
|
!
|
|
! return( keySlot ) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssKeySlotCopy(
|
|
! xmlSecNssKeySlotPtr newKeySlot ,
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) {
|
|
! CK_MECHANISM_TYPE_PTR mech ;
|
|
! int counter ;
|
|
!
|
|
! xmlSecAssert2( newKeySlot != NULL , -1 ) ;
|
|
! xmlSecAssert2( keySlot != NULL , -1 ) ;
|
|
!
|
|
! if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
|
|
! if( newKeySlot->slot != NULL )
|
|
! PK11_FreeSlot( newKeySlot->slot ) ;
|
|
!
|
|
! newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
|
|
! }
|
|
!
|
|
! if( keySlot->mechanismList != CK_NULL_PTR ) {
|
|
! xmlFree( newKeySlot->mechanismList ) ;
|
|
!
|
|
! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
|
|
! newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
|
|
! if( newKeySlot->mechanismList == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 );
|
|
! }
|
|
! for( ; counter >= 0 ; counter -- )
|
|
! *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
|
|
! }
|
|
!
|
|
! return( 0 );
|
|
! }
|
|
!
|
|
! xmlSecNssKeySlotPtr
|
|
! xmlSecNssKeySlotDuplicate(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) {
|
|
! xmlSecNssKeySlotPtr newKeySlot ;
|
|
! int ret ;
|
|
!
|
|
! xmlSecAssert2( keySlot != NULL , NULL ) ;
|
|
!
|
|
! newKeySlot = xmlSecNssKeySlotCreate() ;
|
|
! if( newKeySlot == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( NULL );
|
|
! }
|
|
!
|
|
! if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( NULL );
|
|
! }
|
|
!
|
|
! return( newKeySlot );
|
|
! }
|
|
!
|
|
! void
|
|
! xmlSecNssKeySlotDestroy(
|
|
! xmlSecNssKeySlotPtr keySlot
|
|
! ) {
|
|
! xmlSecAssert( keySlot != NULL ) ;
|
|
!
|
|
! if( keySlot->mechanismList != NULL )
|
|
! xmlFree( keySlot->mechanismList ) ;
|
|
!
|
|
! if( keySlot->slot != NULL )
|
|
! PK11_FreeSlot( keySlot->slot ) ;
|
|
!
|
|
! xmlFree( keySlot ) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssKeySlotBindMech(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE type
|
|
! ) {
|
|
! int counter ;
|
|
!
|
|
! xmlSecAssert2( keySlot != NULL , 0 ) ;
|
|
! xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
|
|
! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
|
|
!
|
|
! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
|
|
! if( *( keySlot->mechanismList + counter ) == type )
|
|
! return(1) ;
|
|
! }
|
|
!
|
|
! return( 0 ) ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssKeySlotSupportMech(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! CK_MECHANISM_TYPE type
|
|
! ) {
|
|
! xmlSecAssert2( keySlot != NULL , 0 ) ;
|
|
! xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
|
|
! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
|
|
!
|
|
! if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
|
|
! return(1);
|
|
! } else
|
|
! return(0);
|
|
! }
|
|
!
|
|
! void
|
|
! xmlSecNssKeySlotDebugDump(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! FILE* output
|
|
! ) {
|
|
! xmlSecAssert( keySlot != NULL ) ;
|
|
! xmlSecAssert( output != NULL ) ;
|
|
!
|
|
! fprintf( output, "== KEY SLOT\n" );
|
|
! }
|
|
!
|
|
! void
|
|
! xmlSecNssKeySlotDebugXmlDump(
|
|
! xmlSecNssKeySlotPtr keySlot ,
|
|
! FILE* output
|
|
! ) {
|
|
! }
|
|
!
|
|
! /**
|
|
! * Key Slot List
|
|
! */
|
|
! static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
|
|
! BAD_CAST "mechanism-list",
|
|
! (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
|
|
! (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
|
|
! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
|
|
! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
|
|
! };
|
|
!
|
|
! xmlSecPtrListId
|
|
! xmlSecNssKeySlotListGetKlass(void) {
|
|
! return(&xmlSecNssKeySlotPtrListKlass);
|
|
! }
|
|
!
|
|
!
|
|
! /*-
|
|
! * Global PKCS#11 crypto token repository -- Key slot list
|
|
! */
|
|
! static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
|
|
!
|
|
! PK11SlotInfo*
|
|
! xmlSecNssSlotGet(
|
|
! CK_MECHANISM_TYPE type
|
|
! ) {
|
|
! PK11SlotInfo* slot = NULL ;
|
|
! xmlSecNssKeySlotPtr keySlot ;
|
|
! xmlSecSize ksSize ;
|
|
! xmlSecSize ksPos ;
|
|
! char flag ;
|
|
!
|
|
! if( _xmlSecNssKeySlotList == NULL ) {
|
|
! slot = PK11_GetBestSlot( type , NULL ) ;
|
|
! } else {
|
|
! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
|
|
!
|
|
! /*-
|
|
! * Firstly, checking whether the mechanism is bound with a special slot.
|
|
! * If no bound slot, we try to find the first eligible slot in the list.
|
|
! */
|
|
! for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
|
|
! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
|
|
! if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
|
|
! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
|
|
! flag = 2 ;
|
|
! } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
|
|
! slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
|
|
! flag = 1 ;
|
|
! }
|
|
!
|
|
! if( flag == 2 )
|
|
! break ;
|
|
! }
|
|
! if( slot != NULL )
|
|
! slot = PK11_ReferenceSlot( slot ) ;
|
|
! }
|
|
!
|
|
! if( slot != NULL && PK11_NeedLogin( slot ) ) {
|
|
! if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! PK11_FreeSlot( slot ) ;
|
|
! return( NULL );
|
|
! }
|
|
! }
|
|
!
|
|
! return slot ;
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssSlotInitialize(
|
|
! void
|
|
! ) {
|
|
! if( _xmlSecNssKeySlotList != NULL ) {
|
|
! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
|
|
! _xmlSecNssKeySlotList = NULL ;
|
|
! }
|
|
!
|
|
! _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
|
|
! if( _xmlSecNssKeySlotList == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return( -1 );
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
! void
|
|
! xmlSecNssSlotShutdown(
|
|
! void
|
|
! ) {
|
|
! if( _xmlSecNssKeySlotList != NULL ) {
|
|
! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
|
|
! _xmlSecNssKeySlotList = NULL ;
|
|
! }
|
|
! }
|
|
!
|
|
! int
|
|
! xmlSecNssSlotAdopt(
|
|
! PK11SlotInfo* slot,
|
|
! CK_MECHANISM_TYPE type
|
|
! ) {
|
|
! xmlSecNssKeySlotPtr keySlot ;
|
|
! xmlSecSize ksSize ;
|
|
! xmlSecSize ksPos ;
|
|
! char flag ;
|
|
!
|
|
! xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
|
|
! xmlSecAssert2( slot != NULL, -1 ) ;
|
|
!
|
|
! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
|
|
!
|
|
! /*-
|
|
! * Firstly, checking whether the slot is in the repository already.
|
|
! */
|
|
! flag = 0 ;
|
|
! for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
|
|
! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
|
|
! /* If find the slot in the list */
|
|
! if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
|
|
! /* If mechnism type is valid, bind the slot with the mechanism */
|
|
! if( type != CKM_INVALID_MECHANISM ) {
|
|
! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! flag = 1 ;
|
|
! }
|
|
! }
|
|
!
|
|
! /* If the slot do not in the list, add a new item to the list */
|
|
! if( flag == 0 ) {
|
|
! /* Create a new KeySlot */
|
|
! keySlot = xmlSecNssKeySlotCreate() ;
|
|
! if( keySlot == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* Initialize the keySlot with a slot */
|
|
! if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecNssKeySlotDestroy( keySlot ) ;
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! /* If mechnism type is valid, bind the slot with the mechanism */
|
|
! if( type != CKM_INVALID_MECHANISM ) {
|
|
! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecNssKeySlotDestroy( keySlot ) ;
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! /* Add keySlot into the list */
|
|
! if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
! NULL ,
|
|
! NULL ,
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! xmlSecNssKeySlotDestroy( keySlot ) ;
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! return(0);
|
|
! }
|
|
!
|
|
*** misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 05:53:09.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/x509.c 2005-05-09 19:54:13.237627122 +0200
|
|
***************
|
|
*** 34,40 ****
|
|
#include <xmlsec/keys.h>
|
|
#include <xmlsec/keyinfo.h>
|
|
#include <xmlsec/keysmngr.h>
|
|
- #include <xmlsec/x509.h>
|
|
#include <xmlsec/base64.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
--- 34,39 ----
|
|
***************
|
|
*** 61,97 ****
|
|
static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
- static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
- static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
- static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
- static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
- static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
|
|
xmlSecKeyPtr key,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
-
|
|
static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf,
|
|
xmlSecSize size);
|
|
static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf);
|
|
--- 60,80 ----
|
|
***************
|
|
*** 104,112 ****
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
|
|
int base64LineWrap);
|
|
- static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
|
|
- static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
|
|
- static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
|
|
static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
|
|
FILE* output);
|
|
static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
|
|
--- 87,92 ----
|
|
***************
|
|
*** 378,384 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CERT_NewCertList",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
}
|
|
--- 358,364 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CERT_NewCertList",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
}
|
|
***************
|
|
*** 389,395 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CERT_AddCertToListTail",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
ctx->numCerts++;
|
|
--- 369,375 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CERT_AddCertToListTail",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
ctx->numCerts++;
|
|
***************
|
|
*** 588,594 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
"CERT_DupCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
--- 568,574 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
"CERT_DupCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
***************
|
|
*** 627,633 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
"SEC_DupCrl",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
--- 607,613 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
"SEC_DupCrl",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
***************
|
|
*** 652,658 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
"CERT_DupCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
|
|
--- 632,638 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
|
|
"CERT_DupCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
|
|
***************
|
|
*** 752,782 ****
|
|
xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataPtr data;
|
|
CERTCertificate* cert;
|
|
CERTSignedCrl* crl;
|
|
xmlSecSize size, pos;
|
|
- int content = 0;
|
|
- int ret;
|
|
|
|
xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
|
|
xmlSecAssert2(key != NULL, -1);
|
|
xmlSecAssert2(node != NULL, -1);
|
|
xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
|
|
! content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
|
|
! if (content < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecX509DataGetNodeContent",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "content=%d", content);
|
|
! return(-1);
|
|
! } else if(content == 0) {
|
|
! /* by default we are writing certificates and crls */
|
|
! content = XMLSEC_X509DATA_DEFAULT;
|
|
}
|
|
|
|
- /* get x509 data */
|
|
data = xmlSecKeyGetData(key, id);
|
|
if(data == NULL) {
|
|
/* no x509 data in the key */
|
|
--- 732,753 ----
|
|
xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataPtr data;
|
|
+ xmlNodePtr cur;
|
|
+ xmlChar* buf;
|
|
CERTCertificate* cert;
|
|
CERTSignedCrl* crl;
|
|
xmlSecSize size, pos;
|
|
|
|
xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
|
|
xmlSecAssert2(key != NULL, -1);
|
|
xmlSecAssert2(node != NULL, -1);
|
|
xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
|
|
! /* todo: flag in ctx remove all existing content */
|
|
! if(0) {
|
|
! xmlNodeSetContent(node, NULL);
|
|
}
|
|
|
|
data = xmlSecKeyGetData(key, id);
|
|
if(data == NULL) {
|
|
/* no x509 data in the key */
|
|
***************
|
|
*** 795,874 ****
|
|
"pos=%d", pos);
|
|
return(-1);
|
|
}
|
|
!
|
|
! if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
|
|
! ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssX509CertificateNodeWrite",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "pos=%d", pos);
|
|
! return(-1);
|
|
! }
|
|
}
|
|
!
|
|
! if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
|
|
! ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssX509SubjectNameNodeWrite",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "pos=%d", pos);
|
|
! return(-1);
|
|
! }
|
|
}
|
|
|
|
! if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
|
|
! ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssX509IssuerSerialNodeWrite",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "pos=%d", pos);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
|
|
! if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
|
|
! ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssX509SKINodeWrite",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "pos=%d", pos);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
! }
|
|
|
|
! /* write crls if needed */
|
|
! if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
|
|
! size = xmlSecNssKeyDataX509GetCrlsSize(data);
|
|
! for(pos = 0; pos < size; ++pos) {
|
|
! crl = xmlSecNssKeyDataX509GetCrl(data, pos);
|
|
! if(crl == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssKeyDataX509GetCrl",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "pos=%d", pos);
|
|
! return(-1);
|
|
! }
|
|
!
|
|
! ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
|
|
! if(ret < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssX509CRLNodeWrite",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "pos=%d", pos);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
}
|
|
|
|
return(0);
|
|
--- 766,840 ----
|
|
"pos=%d", pos);
|
|
return(-1);
|
|
}
|
|
!
|
|
! /* set base64 lines size from context */
|
|
! buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
|
|
! if(buf == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssX509CertBase64DerWrite",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
}
|
|
!
|
|
! cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
|
|
! if(cur == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecAddChild",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "node=%s",
|
|
! xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
|
|
! xmlFree(buf);
|
|
! return(-1);
|
|
}
|
|
+ /* todo: add \n around base64 data - from context */
|
|
+ /* todo: add errors check */
|
|
+ xmlNodeSetContent(cur, xmlSecStringCR);
|
|
+ xmlNodeSetContent(cur, buf);
|
|
+ xmlFree(buf);
|
|
+ }
|
|
|
|
! /* write crls */
|
|
! size = xmlSecNssKeyDataX509GetCrlsSize(data);
|
|
! for(pos = 0; pos < size; ++pos) {
|
|
! crl = xmlSecNssKeyDataX509GetCrl(data, pos);
|
|
! if(crl == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssKeyDataX509GetCrl",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "pos=%d", pos);
|
|
! return(-1);
|
|
! }
|
|
|
|
! /* set base64 lines size from context */
|
|
! buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
|
|
! if(buf == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecNssX509CrlBase64DerWrite",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
|
|
! cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
|
|
! if(cur == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
! "xmlSecAddChild",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "new_node=%s",
|
|
! xmlSecErrorsSafeString(xmlSecNodeX509CRL));
|
|
! xmlFree(buf);
|
|
! return(-1);
|
|
! }
|
|
! /* todo: add \n around base64 data - from context */
|
|
! /* todo: add errors check */
|
|
! xmlNodeSetContent(cur, xmlSecStringCR);
|
|
! xmlNodeSetContent(cur, buf);
|
|
}
|
|
|
|
return(0);
|
|
***************
|
|
*** 1015,1033 ****
|
|
xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
|
|
content = xmlNodeGetContent(node);
|
|
! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
|
|
! if(content != NULL) {
|
|
! xmlFree(content);
|
|
! }
|
|
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! return(0);
|
|
}
|
|
|
|
cert = xmlSecNssX509CertBase64DerRead(content);
|
|
--- 981,993 ----
|
|
xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
|
|
content = xmlNodeGetContent(node);
|
|
! if(content == NULL){
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
}
|
|
|
|
cert = xmlSecNssX509CertBase64DerRead(content);
|
|
***************
|
|
*** 1057,1102 ****
|
|
return(0);
|
|
}
|
|
|
|
- static int
|
|
- xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
- xmlChar* buf;
|
|
- xmlNodePtr cur;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
- xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
-
|
|
- /* set base64 lines size from context */
|
|
- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509CertBase64DerWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
|
|
- xmlFree(buf);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- /* todo: add \n around base64 data - from context */
|
|
- /* todo: add errors check */
|
|
- xmlNodeSetContent(cur, xmlSecStringCR);
|
|
- xmlNodeSetContent(cur, buf);
|
|
- xmlFree(buf);
|
|
- return(0);
|
|
- }
|
|
-
|
|
static int
|
|
xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataStorePtr x509Store;
|
|
--- 1017,1022 ----
|
|
***************
|
|
*** 1120,1138 ****
|
|
}
|
|
|
|
subject = xmlNodeGetContent(node);
|
|
! if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
|
|
! if(subject != NULL) {
|
|
! xmlFree(subject);
|
|
! }
|
|
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! return(0);
|
|
}
|
|
|
|
cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
|
|
--- 1040,1052 ----
|
|
}
|
|
|
|
subject = xmlNodeGetContent(node);
|
|
! if(subject == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
}
|
|
|
|
cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
|
|
***************
|
|
*** 1167,1206 ****
|
|
return(0);
|
|
}
|
|
|
|
- static int
|
|
- xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
|
|
- xmlChar* buf = NULL;
|
|
- xmlNodePtr cur = NULL;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
-
|
|
- buf = xmlSecNssX509NameWrite(&(cert->subject));
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameWrite(&(cert->subject))",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
|
|
- xmlFree(buf);
|
|
- return(-1);
|
|
- }
|
|
- xmlNodeSetContent(cur, buf);
|
|
- xmlFree(buf);
|
|
- return(0);
|
|
- }
|
|
-
|
|
static int
|
|
xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataStorePtr x509Store;
|
|
--- 1081,1086 ----
|
|
***************
|
|
*** 1226,1246 ****
|
|
}
|
|
|
|
cur = xmlSecGetNextElementNode(node->children);
|
|
! if(cur == NULL) {
|
|
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
|
|
! XMLSEC_ERRORS_R_NODE_NOT_FOUND,
|
|
! "node=%s",
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
|
|
! return(-1);
|
|
! }
|
|
! return(0);
|
|
! }
|
|
!
|
|
/* the first is required node X509IssuerName */
|
|
! if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
|
|
--- 1106,1114 ----
|
|
}
|
|
|
|
cur = xmlSecGetNextElementNode(node->children);
|
|
!
|
|
/* the first is required node X509IssuerName */
|
|
! if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
|
|
***************
|
|
*** 1332,1409 ****
|
|
return(0);
|
|
}
|
|
|
|
- static int
|
|
- xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
|
|
- xmlNodePtr cur;
|
|
- xmlNodePtr issuerNameNode;
|
|
- xmlNodePtr issuerNumberNode;
|
|
- xmlChar* buf;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
-
|
|
- /* create xml nodes */
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
|
|
- if(issuerNameNode == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
|
|
- if(issuerNumberNode == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- /* write data */
|
|
- buf = xmlSecNssX509NameWrite(&(cert->issuer));
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameWrite(&(cert->issuer))",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
- xmlNodeSetContent(issuerNameNode, buf);
|
|
- xmlFree(buf);
|
|
-
|
|
- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
- xmlNodeSetContent(issuerNumberNode, buf);
|
|
- xmlFree(buf);
|
|
-
|
|
- return(0);
|
|
- }
|
|
-
|
|
static int
|
|
xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataStorePtr x509Store;
|
|
--- 1200,1205 ----
|
|
***************
|
|
*** 1427,1446 ****
|
|
}
|
|
|
|
ski = xmlNodeGetContent(node);
|
|
! if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
|
|
! if(ski != NULL) {
|
|
! xmlFree(ski);
|
|
! }
|
|
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
! "node=%s",
|
|
! xmlSecErrorsSafeString(xmlSecNodeX509SKI));
|
|
! return(-1);
|
|
! }
|
|
! return(0);
|
|
}
|
|
|
|
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
|
|
--- 1223,1236 ----
|
|
}
|
|
|
|
ski = xmlNodeGetContent(node);
|
|
! if(ski == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
! "node=%s",
|
|
! xmlSecErrorsSafeString(xmlSecNodeX509SKI));
|
|
! return(-1);
|
|
}
|
|
|
|
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
|
|
***************
|
|
*** 1475,1515 ****
|
|
return(0);
|
|
}
|
|
|
|
- static int
|
|
- xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
|
|
- xmlChar *buf = NULL;
|
|
- xmlNodePtr cur = NULL;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
-
|
|
- buf = xmlSecNssX509SKIWrite(cert);
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509SKIWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "new_node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
|
|
- xmlFree(buf);
|
|
- return(-1);
|
|
- }
|
|
- xmlNodeSetContent(cur, buf);
|
|
- xmlFree(buf);
|
|
-
|
|
- return(0);
|
|
- }
|
|
-
|
|
static int
|
|
xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlChar *content;
|
|
--- 1265,1270 ----
|
|
***************
|
|
*** 1520,1538 ****
|
|
xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
|
|
content = xmlNodeGetContent(node);
|
|
! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
|
|
! if(content != NULL) {
|
|
! xmlFree(content);
|
|
! }
|
|
! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! return(0);
|
|
}
|
|
|
|
crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
|
|
--- 1275,1287 ----
|
|
xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
|
|
content = xmlNodeGetContent(node);
|
|
! if(content == NULL){
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
! xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
}
|
|
|
|
crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
|
|
***************
|
|
*** 1552,1598 ****
|
|
}
|
|
|
|
static int
|
|
- xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
- xmlChar* buf = NULL;
|
|
- xmlNodePtr cur = NULL;
|
|
-
|
|
- xmlSecAssert2(crl != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
- xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
-
|
|
- /* set base64 lines size from context */
|
|
- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509CrlBase64DerWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "new_node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
|
|
- xmlFree(buf);
|
|
- return(-1);
|
|
- }
|
|
- /* todo: add \n around base64 data - from context */
|
|
- /* todo: add errors check */
|
|
- xmlNodeSetContent(cur, xmlSecStringCR);
|
|
- xmlNodeSetContent(cur, buf);
|
|
- xmlFree(buf);
|
|
-
|
|
- return(0);
|
|
- }
|
|
-
|
|
-
|
|
- static int
|
|
xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecNssX509DataCtxPtr ctx;
|
|
--- 1301,1306 ----
|
|
***************
|
|
*** 1600,1605 ****
|
|
--- 1308,1317 ----
|
|
int ret;
|
|
SECStatus status;
|
|
PRTime notBefore, notAfter;
|
|
+
|
|
+ PK11SlotInfo* slot ;
|
|
+ SECKEYPublicKey *pubKey = NULL;
|
|
+ SECKEYPrivateKey *priKey = NULL;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
|
|
xmlSecAssert2(key != NULL, -1);
|
|
***************
|
|
*** 1632,1641 ****
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CERT_DupCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
|
|
if(keyValue == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
--- 1344,1356 ----
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CERT_DupCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
+ /*-
|
|
+ * Get Public key from cert, which does not always work for sign action.
|
|
+ *
|
|
keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
|
|
if(keyValue == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
***************
|
|
*** 1645,1650 ****
|
|
--- 1360,1413 ----
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
+ */
|
|
+
|
|
+ /*-
|
|
+ * I'll search key according to KeyReq.
|
|
+ */
|
|
+ slot = cert->slot ;
|
|
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
|
|
+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "PK11_FindPrivateKeyFromCert" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
|
|
+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "CERT_ExtractPublicKey" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ if( priKey != NULL )
|
|
+ SECKEY_DestroyPrivateKey( priKey ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
|
|
+ if( keyValue == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "xmlSecNssPKIAdoptKey" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ if( priKey != NULL )
|
|
+ SECKEY_DestroyPrivateKey( priKey ) ;
|
|
+
|
|
+ if( pubKey != NULL )
|
|
+ SECKEY_DestroyPublicKey( pubKey ) ;
|
|
+
|
|
+ return -1 ;
|
|
+ }
|
|
+ /* Modify keyValue get Done */
|
|
|
|
/* verify that the key matches our expectations */
|
|
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
|
|
***************
|
|
*** 1725,1738 ****
|
|
return(0);
|
|
}
|
|
|
|
- /**
|
|
- * xmlSecNssX509CertGetKey:
|
|
- * @cert: the certificate.
|
|
- *
|
|
- * Extracts public key from the @cert.
|
|
- *
|
|
- * Returns public key value or NULL if an error occurs.
|
|
- */
|
|
xmlSecKeyDataPtr
|
|
xmlSecNssX509CertGetKey(CERTCertificate* cert) {
|
|
xmlSecKeyDataPtr data;
|
|
--- 1488,1493 ----
|
|
***************
|
|
*** 1746,1752 ****
|
|
NULL,
|
|
"CERT_ExtractPublicKey",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(NULL);
|
|
}
|
|
|
|
--- 1501,1507 ----
|
|
NULL,
|
|
"CERT_ExtractPublicKey",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(NULL);
|
|
}
|
|
|
|
***************
|
|
*** 1804,1810 ****
|
|
NULL,
|
|
"__CERT_NewTempCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(NULL);
|
|
}
|
|
|
|
--- 1559,1565 ----
|
|
NULL,
|
|
"__CERT_NewTempCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(NULL);
|
|
}
|
|
|
|
***************
|
|
*** 1827,1833 ****
|
|
NULL,
|
|
"cert->derCert",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(NULL);
|
|
}
|
|
|
|
--- 1582,1588 ----
|
|
NULL,
|
|
"cert->derCert",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(NULL);
|
|
}
|
|
|
|
***************
|
|
*** 1890,1896 ****
|
|
NULL,
|
|
"PK11_GetInternalKeySlot",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return NULL;
|
|
}
|
|
|
|
--- 1645,1651 ----
|
|
NULL,
|
|
"PK11_GetInternalKeySlot",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return NULL;
|
|
}
|
|
|
|
***************
|
|
*** 1905,1911 ****
|
|
NULL,
|
|
"PK11_ImportCRL",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
PK11_FreeSlot(slot);
|
|
return(NULL);
|
|
}
|
|
--- 1660,1666 ----
|
|
NULL,
|
|
"PK11_ImportCRL",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
PK11_FreeSlot(slot);
|
|
return(NULL);
|
|
}
|
|
***************
|
|
*** 1929,1935 ****
|
|
NULL,
|
|
"crl->derCrl",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(NULL);
|
|
}
|
|
|
|
--- 1684,1690 ----
|
|
NULL,
|
|
"crl->derCrl",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
return(NULL);
|
|
}
|
|
|
|
***************
|
|
*** 1946,2031 ****
|
|
return(res);
|
|
}
|
|
|
|
- static xmlChar*
|
|
- xmlSecNssX509NameWrite(CERTName* nm) {
|
|
- xmlChar *res = NULL;
|
|
- char *str;
|
|
-
|
|
- xmlSecAssert2(nm != NULL, NULL);
|
|
-
|
|
- str = CERT_NameToAscii(nm);
|
|
- if (str == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "CERT_NameToAscii",
|
|
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(NULL);
|
|
- }
|
|
-
|
|
- res = xmlStrdup(BAD_CAST str);
|
|
- if(res == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlStrdup",
|
|
- XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- PORT_Free(str);
|
|
- return(NULL);
|
|
- }
|
|
- PORT_Free(str);
|
|
- return(res);
|
|
- }
|
|
-
|
|
- static xmlChar*
|
|
- xmlSecNssASN1IntegerWrite(SECItem *num) {
|
|
- xmlChar *res = NULL;
|
|
-
|
|
- xmlSecAssert2(num != NULL, NULL);
|
|
-
|
|
- /* TODO : to be implemented after
|
|
- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
|
|
- */
|
|
- return(res);
|
|
- }
|
|
-
|
|
- static xmlChar*
|
|
- xmlSecNssX509SKIWrite(CERTCertificate* cert) {
|
|
- xmlChar *res = NULL;
|
|
- SECItem ski;
|
|
- SECStatus rv;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, NULL);
|
|
-
|
|
- memset(&ski, 0, sizeof(ski));
|
|
-
|
|
- rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
|
|
- if (rv != SECSuccess) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "CERT_FindSubjectKeyIDExtension",
|
|
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- SECITEM_FreeItem(&ski, PR_FALSE);
|
|
- return(NULL);
|
|
- }
|
|
-
|
|
- res = xmlSecBase64Encode(ski.data, ski.len, 0);
|
|
- if(res == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecBase64Encode",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- SECITEM_FreeItem(&ski, PR_FALSE);
|
|
- return(NULL);
|
|
- }
|
|
- SECITEM_FreeItem(&ski, PR_FALSE);
|
|
-
|
|
- return(res);
|
|
- }
|
|
-
|
|
-
|
|
static void
|
|
xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
|
|
SECItem *sn;
|
|
--- 1701,1706 ----
|
|
*** misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 02:58:15.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2005-05-09 19:54:13.239626954 +0200
|
|
***************
|
|
*** 30,35 ****
|
|
--- 30,36 ----
|
|
#include <xmlsec/keyinfo.h>
|
|
#include <xmlsec/keysmngr.h>
|
|
#include <xmlsec/base64.h>
|
|
+ #include <xmlsec/bn.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
***************
|
|
*** 43,50 ****
|
|
typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
|
|
*xmlSecNssX509StoreCtxPtr;
|
|
struct _xmlSecNssX509StoreCtx {
|
|
! CERTCertList* certsList; /* just keeping a reference to destroy later */
|
|
! };
|
|
|
|
/****************************************************************************
|
|
*
|
|
--- 44,51 ----
|
|
typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
|
|
*xmlSecNssX509StoreCtxPtr;
|
|
struct _xmlSecNssX509StoreCtx {
|
|
! CERTCertList* certsList; /* just keeping a reference to destroy later */
|
|
! };
|
|
|
|
/****************************************************************************
|
|
*
|
|
***************
|
|
*** 54,98 ****
|
|
*
|
|
***************************************************************************/
|
|
#define xmlSecNssX509StoreGetCtx(store) \
|
|
! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
|
|
! sizeof(xmlSecKeyDataStoreKlass)))
|
|
#define xmlSecNssX509StoreSize \
|
|
! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
|
|
|
|
static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
|
|
static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
|
|
- static int xmlSecNssX509NameStringRead (xmlSecByte **str,
|
|
- int *strLen,
|
|
- xmlSecByte *res,
|
|
- int resLen,
|
|
- xmlSecByte delim,
|
|
- int ingoreTrailingSpaces);
|
|
- static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
|
|
- int len);
|
|
-
|
|
- static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
|
|
|
|
|
|
static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
|
|
! sizeof(xmlSecKeyDataStoreKlass),
|
|
! xmlSecNssX509StoreSize,
|
|
|
|
! /* data */
|
|
! xmlSecNameX509Store, /* const xmlChar* name; */
|
|
!
|
|
! /* constructors/destructor */
|
|
! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
|
|
! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
|
|
!
|
|
! /* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
};
|
|
|
|
static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
|
|
! xmlChar *issuerName,
|
|
! xmlChar *issuerSerial,
|
|
! xmlChar *ski);
|
|
|
|
|
|
/**
|
|
--- 55,90 ----
|
|
*
|
|
***************************************************************************/
|
|
#define xmlSecNssX509StoreGetCtx(store) \
|
|
! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
|
|
! sizeof(xmlSecKeyDataStoreKlass)))
|
|
#define xmlSecNssX509StoreSize \
|
|
! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
|
|
|
|
static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
|
|
static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
|
|
|
|
+ static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
|
|
|
|
static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
|
|
! sizeof(xmlSecKeyDataStoreKlass),
|
|
! xmlSecNssX509StoreSize,
|
|
|
|
! /* data */
|
|
! xmlSecNameX509Store, /* const xmlChar* name; */
|
|
!
|
|
! /* constructors/destructor */
|
|
! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
|
|
! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
|
|
!
|
|
! /* reserved for the future */
|
|
! NULL, /* void* reserved0; */
|
|
! NULL, /* void* reserved1; */
|
|
};
|
|
|
|
static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
|
|
! xmlChar *issuerName,
|
|
! xmlChar *issuerSerial,
|
|
! xmlChar *ski);
|
|
|
|
|
|
/**
|
|
***************
|
|
*** 104,110 ****
|
|
*/
|
|
xmlSecKeyDataStoreId
|
|
xmlSecNssX509StoreGetKlass(void) {
|
|
! return(&xmlSecNssX509StoreKlass);
|
|
}
|
|
|
|
/**
|
|
--- 96,102 ----
|
|
*/
|
|
xmlSecKeyDataStoreId
|
|
xmlSecNssX509StoreGetKlass(void) {
|
|
! return(&xmlSecNssX509StoreKlass);
|
|
}
|
|
|
|
/**
|
|
***************
|
|
*** 125,139 ****
|
|
xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
|
|
xmlChar *issuerName, xmlChar *issuerSerial,
|
|
xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
|
|
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert2(ctx != NULL, NULL);
|
|
|
|
! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
|
|
}
|
|
|
|
/**
|
|
--- 117,131 ----
|
|
xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
|
|
xmlChar *issuerName, xmlChar *issuerSerial,
|
|
xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
|
|
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert2(ctx != NULL, NULL);
|
|
|
|
! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
|
|
}
|
|
|
|
/**
|
|
***************
|
|
*** 148,263 ****
|
|
*/
|
|
CERTCertificate *
|
|
xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
|
|
! xmlSecKeyInfoCtx* keyInfoCtx) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
! CERTCertListNode* head;
|
|
! CERTCertificate* cert = NULL;
|
|
! CERTCertListNode* head1;
|
|
! CERTCertificate* cert1 = NULL;
|
|
! SECStatus status = SECFailure;
|
|
! int64 timeboundary;
|
|
! int64 tmp1, tmp2;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
|
|
! xmlSecAssert2(certs != NULL, NULL);
|
|
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
!
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert2(ctx != NULL, NULL);
|
|
!
|
|
! for (head = CERT_LIST_HEAD(certs);
|
|
! !CERT_LIST_END(head, certs);
|
|
! head = CERT_LIST_NEXT(head)) {
|
|
! cert = head->cert;
|
|
if(keyInfoCtx->certsVerificationTime > 0) {
|
|
! /* convert the time since epoch in seconds to microseconds */
|
|
! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
|
|
! tmp1 = (int64)PR_USEC_PER_SEC;
|
|
! tmp2 = timeboundary;
|
|
! LL_MUL(timeboundary, tmp1, tmp2);
|
|
} else {
|
|
! timeboundary = PR_Now();
|
|
}
|
|
|
|
/* if cert is the issuer of any other cert in the list, then it is
|
|
* to be skipped */
|
|
for (head1 = CERT_LIST_HEAD(certs);
|
|
! !CERT_LIST_END(head1, certs);
|
|
! head1 = CERT_LIST_NEXT(head1)) {
|
|
|
|
! cert1 = head1->cert;
|
|
! if (cert1 == cert) {
|
|
continue;
|
|
! }
|
|
|
|
! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
|
|
! == SECEqual) {
|
|
break;
|
|
! }
|
|
}
|
|
|
|
if (!CERT_LIST_END(head1, certs)) {
|
|
! continue;
|
|
}
|
|
|
|
status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
|
|
cert, PR_FALSE,
|
|
(SECCertificateUsage)0,
|
|
! timeboundary , NULL, NULL, NULL);
|
|
if (status == SECSuccess) {
|
|
! break;
|
|
}
|
|
- }
|
|
|
|
! if (status == SECSuccess) {
|
|
return (cert);
|
|
! }
|
|
!
|
|
! switch(PORT_GetError()) {
|
|
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
|
case SEC_ERROR_CA_CERT_INVALID:
|
|
case SEC_ERROR_UNKNOWN_SIGNER:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
|
|
! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
|
|
! cert->subjectName);
|
|
! break;
|
|
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
|
|
! "cert with subject name %s has expired",
|
|
! cert->subjectName);
|
|
! break;
|
|
case SEC_ERROR_REVOKED_CERTIFICATE:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_CERT_REVOKED,
|
|
! "cert with subject name %s has been revoked",
|
|
! cert->subjectName);
|
|
! break;
|
|
default:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
|
|
! "cert with subject name %s could not be verified",
|
|
! cert->subjectName);
|
|
! break;
|
|
! }
|
|
|
|
! return (NULL);
|
|
}
|
|
|
|
/**
|
|
* xmlSecNssX509StoreAdoptCert:
|
|
! * @store: the pointer to X509 key data store klass.
|
|
! * @cert: the pointer to NSS X509 certificate.
|
|
! * @type: the certificate type (trusted/untrusted).
|
|
*
|
|
* Adds trusted (root) or untrusted certificate to the store.
|
|
*
|
|
--- 140,256 ----
|
|
*/
|
|
CERTCertificate *
|
|
xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
|
|
! xmlSecKeyInfoCtx* keyInfoCtx) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
! CERTCertListNode* head;
|
|
! CERTCertificate* cert = NULL;
|
|
! CERTCertListNode* head1;
|
|
! CERTCertificate* cert1 = NULL;
|
|
! SECStatus status = SECFailure;
|
|
! int64 timeboundary;
|
|
! int64 tmp1, tmp2;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
|
|
! xmlSecAssert2(certs != NULL, NULL);
|
|
! xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
!
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert2(ctx != NULL, NULL);
|
|
!
|
|
! for (head = CERT_LIST_HEAD(certs);
|
|
! !CERT_LIST_END(head, certs);
|
|
! head = CERT_LIST_NEXT(head)) {
|
|
! cert = head->cert;
|
|
if(keyInfoCtx->certsVerificationTime > 0) {
|
|
! /* convert the time since epoch in seconds to microseconds */
|
|
! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
|
|
! tmp1 = (int64)PR_USEC_PER_SEC;
|
|
! tmp2 = timeboundary;
|
|
! LL_MUL(timeboundary, tmp1, tmp2);
|
|
} else {
|
|
! timeboundary = PR_Now();
|
|
}
|
|
|
|
/* if cert is the issuer of any other cert in the list, then it is
|
|
* to be skipped */
|
|
for (head1 = CERT_LIST_HEAD(certs);
|
|
! !CERT_LIST_END(head1, certs);
|
|
! head1 = CERT_LIST_NEXT(head1)) {
|
|
|
|
! cert1 = head1->cert;
|
|
! if (cert1 == cert) {
|
|
continue;
|
|
! }
|
|
|
|
! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
|
|
! == SECEqual) {
|
|
break;
|
|
! }
|
|
}
|
|
|
|
if (!CERT_LIST_END(head1, certs)) {
|
|
! continue;
|
|
}
|
|
|
|
status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
|
|
cert, PR_FALSE,
|
|
(SECCertificateUsage)0,
|
|
! timeboundary , NULL, NULL, NULL);
|
|
if (status == SECSuccess) {
|
|
! break;
|
|
! }
|
|
}
|
|
|
|
! if (status == SECSuccess) {
|
|
return (cert);
|
|
! }
|
|
!
|
|
! switch(PORT_GetError()) {
|
|
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
|
case SEC_ERROR_CA_CERT_INVALID:
|
|
case SEC_ERROR_UNKNOWN_SIGNER:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
|
|
! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
|
|
! cert->subjectName);
|
|
! break;
|
|
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
|
|
! "cert with subject name %s has expired",
|
|
! cert->subjectName);
|
|
! break;
|
|
case SEC_ERROR_REVOKED_CERTIFICATE:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_CERT_REVOKED,
|
|
! "cert with subject name %s has been revoked",
|
|
! cert->subjectName);
|
|
! break;
|
|
default:
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
|
|
! "cert with subject name %s could not be verified, errcode %d",
|
|
! cert->subjectName,
|
|
! PORT_GetError());
|
|
! break;
|
|
! }
|
|
|
|
! return (NULL);
|
|
}
|
|
|
|
/**
|
|
* xmlSecNssX509StoreAdoptCert:
|
|
! * @store: the pointer to X509 key data store klass.
|
|
! * @cert: the pointer to NSS X509 certificate.
|
|
! * @type: the certificate type (trusted/untrusted).
|
|
*
|
|
* Adds trusted (root) or untrusted certificate to the store.
|
|
*
|
|
***************
|
|
*** 265,331 ****
|
|
*/
|
|
int
|
|
xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
! int ret;
|
|
|
|
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
|
|
! xmlSecAssert2(cert != NULL, -1);
|
|
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! if(ctx->certsList == NULL) {
|
|
! ctx->certsList = CERT_NewCertList();
|
|
! if(ctx->certsList == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! "CERT_NewCertList",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
!
|
|
! ret = CERT_AddCertToListTail(ctx->certsList, cert);
|
|
! if(ret != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! "CERT_AddCertToListTail",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(-1);
|
|
! }
|
|
|
|
! return(0);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
|
|
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
|
|
|
|
! return(0);
|
|
}
|
|
|
|
static void
|
|
xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
|
|
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert(ctx != NULL);
|
|
!
|
|
! if (ctx->certsList) {
|
|
CERT_DestroyCertList(ctx->certsList);
|
|
ctx->certsList = NULL;
|
|
! }
|
|
|
|
! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
|
|
}
|
|
|
|
|
|
--- 258,324 ----
|
|
*/
|
|
int
|
|
xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
! int ret;
|
|
!
|
|
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
|
|
! xmlSecAssert2(cert != NULL, -1);
|
|
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! if(ctx->certsList == NULL) {
|
|
! ctx->certsList = CERT_NewCertList();
|
|
! if(ctx->certsList == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! "CERT_NewCertList",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! return(-1);
|
|
! }
|
|
! }
|
|
|
|
! ret = CERT_AddCertToListTail(ctx->certsList, cert);
|
|
! if(ret != SECSuccess) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
|
|
! "CERT_AddCertToListTail",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! return(-1);
|
|
! }
|
|
|
|
! return(0);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
|
|
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert2(ctx != NULL, -1);
|
|
|
|
! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
|
|
|
|
! return(0);
|
|
}
|
|
|
|
static void
|
|
xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
|
|
! xmlSecNssX509StoreCtxPtr ctx;
|
|
! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
|
|
|
|
! ctx = xmlSecNssX509StoreGetCtx(store);
|
|
! xmlSecAssert(ctx != NULL);
|
|
!
|
|
! if (ctx->certsList) {
|
|
CERT_DestroyCertList(ctx->certsList);
|
|
ctx->certsList = NULL;
|
|
! }
|
|
|
|
! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
|
|
}
|
|
|
|
|
|
***************
|
|
*** 340,715 ****
|
|
*/
|
|
static CERTCertificate*
|
|
xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
|
|
! xmlChar *issuerSerial, xmlChar *ski) {
|
|
! CERTCertificate *cert = NULL;
|
|
! xmlChar *p = NULL;
|
|
! CERTName *name = NULL;
|
|
! SECItem *nameitem = NULL;
|
|
! PRArenaPool *arena = NULL;
|
|
!
|
|
! if (subjectName != NULL) {
|
|
! p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
|
|
! if (p == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssX509NameRead",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "subject=%s",
|
|
! xmlSecErrorsSafeString(subjectName));
|
|
! goto done;
|
|
! }
|
|
!
|
|
! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
|
! if (arena == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PORT_NewArena",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! name = CERT_AsciiToName((char*)p);
|
|
! if (name == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CERT_AsciiToName",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
|
|
! SEC_ASN1_GET(CERT_NameTemplate));
|
|
! if (nameitem == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "SEC_ASN1EncodeItem",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! if((issuerName != NULL) && (issuerSerial != NULL)) {
|
|
! CERTIssuerAndSN issuerAndSN;
|
|
!
|
|
! p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
|
|
! if (p == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssX509NameRead",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "issuer=%s",
|
|
! xmlSecErrorsSafeString(issuerName));
|
|
! goto done;
|
|
! }
|
|
!
|
|
! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
|
! if (arena == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PORT_NewArena",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! name = CERT_AsciiToName((char*)p);
|
|
! if (name == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CERT_AsciiToName",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
|
|
! SEC_ASN1_GET(CERT_NameTemplate));
|
|
! if (nameitem == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "SEC_ASN1EncodeItem",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! memset(&issuerAndSN, 0, sizeof(issuerAndSN));
|
|
|
|
! issuerAndSN.derIssuer.data = nameitem->data;
|
|
! issuerAndSN.derIssuer.len = nameitem->len;
|
|
|
|
! /* TBD: serial num can be arbitrarily long */
|
|
! xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
|
|
|
|
! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
|
|
! &issuerAndSN);
|
|
! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! if(ski != NULL) {
|
|
! SECItem subjKeyID;
|
|
! int len;
|
|
!
|
|
! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
|
|
! if(len < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBase64Decode",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "ski=%s",
|
|
! xmlSecErrorsSafeString(ski));
|
|
! goto done;
|
|
! }
|
|
!
|
|
! memset(&subjKeyID, 0, sizeof(subjKeyID));
|
|
! subjKeyID.data = ski;
|
|
! subjKeyID.len = xmlStrlen(ski);
|
|
! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
|
|
! &subjKeyID);
|
|
! }
|
|
|
|
! done:
|
|
! if (p != NULL) {
|
|
! PORT_Free(p);
|
|
! }
|
|
! if (arena != NULL) {
|
|
! PORT_FreeArena(arena, PR_FALSE);
|
|
! }
|
|
! if (name != NULL) {
|
|
! CERT_DestroyName(name);
|
|
! }
|
|
|
|
! return(cert);
|
|
! }
|
|
|
|
! /**
|
|
! * xmlSecNssX509NameRead:
|
|
! */
|
|
! static xmlSecByte *
|
|
! xmlSecNssX509NameRead(xmlSecByte *str, int len) {
|
|
! xmlSecByte name[256];
|
|
! xmlSecByte value[256];
|
|
! xmlSecByte *retval = NULL;
|
|
! xmlSecByte *p = NULL;
|
|
! int nameLen, valueLen;
|
|
!
|
|
! xmlSecAssert2(str != NULL, NULL);
|
|
!
|
|
! /* return string should be no longer than input string */
|
|
! retval = (xmlSecByte *)PORT_Alloc(len+1);
|
|
! if(retval == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PORT_Alloc",
|
|
! XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! return(NULL);
|
|
! }
|
|
! p = retval;
|
|
!
|
|
! while(len > 0) {
|
|
! /* skip spaces after comma or semicolon */
|
|
! while((len > 0) && isspace(*str)) {
|
|
! ++str; --len;
|
|
! }
|
|
!
|
|
! nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
|
|
! if(nameLen < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecNssX509NameStringRead",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
! memcpy(p, name, nameLen);
|
|
! p+=nameLen;
|
|
! *p++='=';
|
|
! if(len > 0) {
|
|
! ++str; --len;
|
|
! if((*str) == '\"') {
|
|
! valueLen = xmlSecNssX509NameStringRead(&str, &len,
|
|
! value, sizeof(value), '"', 1);
|
|
! if(valueLen < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
! "xmlSecNssX509NameStringRead",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
! /* skip spaces before comma or semicolon */
|
|
! while((len > 0) && isspace(*str)) {
|
|
! ++str; --len;
|
|
! }
|
|
! if((len > 0) && ((*str) != ',')) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "comma is expected");
|
|
! goto done;
|
|
}
|
|
! if(len > 0) {
|
|
! ++str; --len;
|
|
}
|
|
! *p++='\"';
|
|
! memcpy(p, value, valueLen);
|
|
! p+=valueLen;
|
|
! *p++='\"';
|
|
! } else if((*str) == '#') {
|
|
! /* TODO: read octect values */
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "reading octect values is not implemented yet");
|
|
! goto done;
|
|
! } else {
|
|
! valueLen = xmlSecNssX509NameStringRead(&str, &len,
|
|
! value, sizeof(value), ',', 1);
|
|
! if(valueLen < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
! "xmlSecNssX509NameStringRead",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! XMLSEC_ERRORS_NO_MESSAGE);
|
|
! goto done;
|
|
! }
|
|
! memcpy(p, value, valueLen);
|
|
! p+=valueLen;
|
|
! if (len > 0)
|
|
! *p++=',';
|
|
! }
|
|
! } else {
|
|
! valueLen = 0;
|
|
}
|
|
! if(len > 0) {
|
|
! ++str; --len;
|
|
! }
|
|
! }
|
|
!
|
|
! *p = 0;
|
|
! return(retval);
|
|
!
|
|
done:
|
|
! PORT_Free(retval);
|
|
! return (NULL);
|
|
}
|
|
|
|
|
|
|
|
! /**
|
|
! * xmlSecNssX509NameStringRead:
|
|
! */
|
|
! static int
|
|
! xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
|
|
! xmlSecByte *res, int resLen,
|
|
! xmlSecByte delim, int ingoreTrailingSpaces) {
|
|
! xmlSecByte *p, *q, *nonSpace;
|
|
!
|
|
! xmlSecAssert2(str != NULL, -1);
|
|
! xmlSecAssert2(strLen != NULL, -1);
|
|
! xmlSecAssert2(res != NULL, -1);
|
|
!
|
|
! p = (*str);
|
|
! nonSpace = q = res;
|
|
! while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
|
|
! if((*p) != '\\') {
|
|
! if(ingoreTrailingSpaces && !isspace(*p)) {
|
|
! nonSpace = q;
|
|
! }
|
|
! *(q++) = *(p++);
|
|
! } else {
|
|
! ++p;
|
|
! nonSpace = q;
|
|
! if(xmlSecIsHex((*p))) {
|
|
! if((p - (*str) + 1) >= (*strLen)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "two hex digits expected");
|
|
! return(-1);
|
|
! }
|
|
! *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
|
|
! p += 2;
|
|
! } else {
|
|
! if(((++p) - (*str)) >= (*strLen)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! "escaped symbol missed");
|
|
! return(-1);
|
|
! }
|
|
! *(q++) = *(p++);
|
|
! }
|
|
! }
|
|
! }
|
|
! if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! NULL,
|
|
! XMLSEC_ERRORS_R_INVALID_SIZE,
|
|
! "buffer is too small");
|
|
! return(-1);
|
|
! }
|
|
! (*strLen) -= (p - (*str));
|
|
! (*str) = p;
|
|
! return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
|
|
! }
|
|
|
|
! /* code lifted from NSS */
|
|
! static void
|
|
! xmlSecNssNumToItem(SECItem *it, unsigned long ui)
|
|
! {
|
|
! unsigned char bb[5];
|
|
! int len;
|
|
!
|
|
! bb[0] = 0;
|
|
! bb[1] = (unsigned char) (ui >> 24);
|
|
! bb[2] = (unsigned char) (ui >> 16);
|
|
! bb[3] = (unsigned char) (ui >> 8);
|
|
! bb[4] = (unsigned char) (ui);
|
|
!
|
|
! /*
|
|
! ** Small integers are encoded in a single byte. Larger integers
|
|
! ** require progressively more space.
|
|
! */
|
|
! if (ui > 0x7f) {
|
|
! if (ui > 0x7fff) {
|
|
! if (ui > 0x7fffffL) {
|
|
! if (ui >= 0x80000000L) {
|
|
! len = 5;
|
|
! } else {
|
|
! len = 4;
|
|
! }
|
|
! } else {
|
|
! len = 3;
|
|
! }
|
|
! } else {
|
|
! len = 2;
|
|
! }
|
|
! } else {
|
|
! len = 1;
|
|
! }
|
|
!
|
|
! it->data = (unsigned char *)PORT_Alloc(len);
|
|
! if (it->data == NULL) {
|
|
! return;
|
|
! }
|
|
|
|
! it->len = len;
|
|
! PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
|
|
}
|
|
- #endif /* XMLSEC_NO_X509 */
|
|
|
|
|
|
--- 333,545 ----
|
|
*/
|
|
static CERTCertificate*
|
|
xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
|
|
! xmlChar *issuerSerial, xmlChar *ski) {
|
|
! CERTCertificate *cert = NULL;
|
|
! CERTName *name = NULL;
|
|
! SECItem *nameitem = NULL;
|
|
! PRArenaPool *arena = NULL;
|
|
!
|
|
! if (subjectName != NULL) {
|
|
! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
|
! if (arena == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PORT_NewArena",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
|
|
! name = CERT_AsciiToName((char*)subjectName);
|
|
! if (name == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "CERT_AsciiToName",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
|
|
! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
|
|
! SEC_ASN1_GET(CERT_NameTemplate));
|
|
! if (nameitem == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "SEC_ASN1EncodeItem",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
|
|
! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
|
|
! goto done;
|
|
! }
|
|
|
|
! if((issuerName != NULL) && (issuerSerial != NULL)) {
|
|
! CERTIssuerAndSN issuerAndSN;
|
|
|
|
! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
|
! if (arena == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PORT_NewArena",
|
|
! XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! goto done;
|
|
! }
|
|
|
|
! name = CERT_AsciiToName((char*)issuerName);
|
|
! if (name == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
! "CERT_AsciiToName",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! goto done;
|
|
}
|
|
!
|
|
! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
|
|
! SEC_ASN1_GET(CERT_NameTemplate));
|
|
! if (nameitem == NULL) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "SEC_ASN1EncodeItem",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "error code=%d", PORT_GetError());
|
|
! goto done;
|
|
}
|
|
!
|
|
! memset(&issuerAndSN, 0, sizeof(issuerAndSN));
|
|
!
|
|
! issuerAndSN.derIssuer.data = nameitem->data;
|
|
! issuerAndSN.derIssuer.len = nameitem->len;
|
|
!
|
|
! if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
! "xmlSecNssIntegerToItem",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "serial number=%s",
|
|
! xmlSecErrorsSafeString(issuerSerial));
|
|
! goto done;
|
|
! }
|
|
!
|
|
! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
|
|
! &issuerAndSN);
|
|
! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
|
|
! goto done;
|
|
! }
|
|
!
|
|
! if(ski != NULL) {
|
|
! SECItem subjKeyID;
|
|
! int len;
|
|
!
|
|
! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
|
|
! if(len < 0) {
|
|
! xmlSecError(XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBase64Decode",
|
|
! XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
! "ski=%s",
|
|
! xmlSecErrorsSafeString(ski));
|
|
! goto done;
|
|
! }
|
|
!
|
|
! memset(&subjKeyID, 0, sizeof(subjKeyID));
|
|
! subjKeyID.data = ski;
|
|
! subjKeyID.len = xmlStrlen(ski);
|
|
! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
|
|
! &subjKeyID);
|
|
}
|
|
!
|
|
done:
|
|
! if (arena != NULL) {
|
|
! PORT_FreeArena(arena, PR_FALSE);
|
|
! }
|
|
! if (name != NULL) {
|
|
! CERT_DestroyName(name);
|
|
! }
|
|
!
|
|
! return(cert);
|
|
}
|
|
|
|
+ static int
|
|
+ xmlSecNssIntegerToItem(
|
|
+ const xmlChar* integer ,
|
|
+ SECItem *item
|
|
+ ) {
|
|
+ xmlSecBn bn ;
|
|
+ xmlSecSize i, length ;
|
|
+ const xmlSecByte* bnInteger ;
|
|
|
|
+ xmlSecAssert2( integer != NULL, -1 ) ;
|
|
+ xmlSecAssert2( item != NULL, -1 ) ;
|
|
|
|
! if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnInitialize",
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
! return -1 ;
|
|
! }
|
|
|
|
! if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnFromDecString",
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecBnFinalize( &bn ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! length = xmlSecBnGetSize( &bn ) ;
|
|
! if( length <= 0 ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnGetSize",
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecBnFinalize( &bn ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! bnInteger = xmlSecBnGetData( &bn ) ;
|
|
! if( bnInteger == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "xmlSecBnGetData",
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
|
|
! xmlSecBnFinalize( &bn ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! item->data = ( unsigned char * )PORT_Alloc( length );
|
|
! if( item->data == NULL ) {
|
|
! xmlSecError( XMLSEC_ERRORS_HERE,
|
|
! NULL,
|
|
! "PORT_Alloc",
|
|
! XMLSEC_ERRORS_R_INVALID_DATA,
|
|
! XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
!
|
|
! xmlSecBnFinalize( &bn ) ;
|
|
! return -1 ;
|
|
! }
|
|
!
|
|
! item->len = length;
|
|
!
|
|
! for( i = 0 ; i < length ; i ++ )
|
|
! item->data[i] = *( bnInteger + i ) ;
|
|
!
|
|
! xmlSecBnFinalize( &bn ) ;
|
|
!
|
|
! return 0 ;
|
|
}
|
|
|
|
+ #endif /* XMLSEC_NO_X509 */
|
|
|
|
*** misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 16:35:12.000000000 +0200
|
|
--- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2005-05-09 19:54:13.240626869 +0200
|
|
***************
|
|
*** 223,228 ****
|
|
--- 223,232 ----
|
|
$(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
|
|
|
|
XMLSEC_NSS_OBJS = \
|
|
+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\
|
|
+ $(XMLSEC_NSS_INTDIR)\keytrans.obj\
|
|
+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
|
|
+ $(XMLSEC_NSS_INTDIR)\tokens.obj\
|
|
$(XMLSEC_NSS_INTDIR)\app.obj\
|
|
$(XMLSEC_NSS_INTDIR)\bignum.obj\
|
|
$(XMLSEC_NSS_INTDIR)\ciphers.obj \
|
|
***************
|
|
*** 235,243 ****
|
|
$(XMLSEC_NSS_INTDIR)\x509.obj\
|
|
$(XMLSEC_NSS_INTDIR)\x509vfy.obj\
|
|
$(XMLSEC_NSS_INTDIR)\keysstore.obj\
|
|
- $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\
|
|
- $(XMLSEC_NSS_INTDIR)\kw_des.obj\
|
|
- $(XMLSEC_NSS_INTDIR)\kw_aes.obj\
|
|
$(XMLSEC_NSS_INTDIR)\strings.obj
|
|
XMLSEC_NSS_OBJS_A = \
|
|
$(XMLSEC_NSS_INTDIR_A)\app.obj\
|
|
--- 239,244 ----
|
|
***************
|
|
*** 258,263 ****
|
|
--- 259,265 ----
|
|
$(XMLSEC_NSS_INTDIR_A)\strings.obj
|
|
|
|
XMLSEC_MSCRYPTO_OBJS = \
|
|
+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
|
|
$(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
|
|
$(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
|
|
$(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
|
|
***************
|
|
*** 376,382 ****
|
|
XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
|
|
XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
|
|
|
|
! XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
|
|
XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
|
|
|
|
XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
|
|
--- 378,384 ----
|
|
XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
|
|
XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
|
|
|
|
! XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib
|
|
XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
|
|
|
|
XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
|