diff options
Diffstat (limited to 'libxmlsec/xmlsec1-1.2.6.patch')
-rw-r--r-- | libxmlsec/xmlsec1-1.2.6.patch | 13891 |
1 files changed, 13891 insertions, 0 deletions
diff --git a/libxmlsec/xmlsec1-1.2.6.patch b/libxmlsec/xmlsec1-1.2.6.patch new file mode 100644 index 000000000000..bf5a8838e61a --- /dev/null +++ b/libxmlsec/xmlsec1-1.2.6.patch @@ -0,0 +1,13891 @@ +*** misc/xmlsec1-1.2.6/apps/Makefile.in 2004-08-26 14:00:30.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/apps/Makefile.in 2005-02-23 11:06:36.000000000 +0800 +*************** +*** 370,376 **** + $(CRYPTO_DEPS) \ + $(NULL) + +! all: all-am + + .SUFFIXES: + .SUFFIXES: .c .lo .o .obj +--- 370,376 ---- + $(CRYPTO_DEPS) \ + $(NULL) + +! all: + + .SUFFIXES: + .SUFFIXES: .c .lo .o .obj +*** misc/xmlsec1-1.2.6/configure 2004-08-26 14:00:34.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/configure 2005-02-23 11:06:37.000000000 +0800 +*************** +*** 24598,24604 **** + fi + + LIBXML_MIN_VERSION="2.4.2" +! LIBXML_CONFIG="xml2-config" + LIBXML_CFLAGS="" + LIBXML_LIBS="" + LIBXML_FOUND="no" +--- 24598,24604 ---- + fi + + LIBXML_MIN_VERSION="2.4.2" +! LIBXML_CONFIG="./libxml2-config" + LIBXML_CFLAGS="" + LIBXML_LIBS="" + LIBXML_FOUND="no" +*************** +*** 25683,25689 **** + NSS_CFLAGS="" + NSS_LIBS="" + NSS_LIBS_LIST="-lnss3 -lsmime3" +! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" + NSS_CRYPTO_LIB="$PACKAGE-nss" + NSS_FOUND="no" + +--- 25683,25689 ---- + NSS_CFLAGS="" + NSS_LIBS="" + NSS_LIBS_LIST="-lnss3 -lsmime3" +! NSPR_LIBS_LIST="-lnspr4" + NSS_CRYPTO_LIB="$PACKAGE-nss" + NSS_FOUND="no" + +*************** +*** 25817,25824 **** + ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION + fi + +! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" +! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" + + echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 + echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 +--- 25817,25824 ---- + ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION + fi + +! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" +! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" + + echo "$as_me:$LINENO: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5 + echo $ECHO_N "checking for nspr libraries >= $NSPR_MIN_VERSION... $ECHO_C" >&6 +*** misc/xmlsec1-1.2.6/configure.in 2004-08-26 10:49:24.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/configure.in 2005-02-23 11:06:37.000000000 +0800 +*************** +*** 143,149 **** + dnl find libxml + dnl ========================================================================== + LIBXML_MIN_VERSION="2.4.2" +! LIBXML_CONFIG="xml2-config" + LIBXML_CFLAGS="" + LIBXML_LIBS="" + LIBXML_FOUND="no" +--- 143,149 ---- + dnl find libxml + dnl ========================================================================== + LIBXML_MIN_VERSION="2.4.2" +! LIBXML_CONFIG="./libxml2-config" + LIBXML_CFLAGS="" + LIBXML_LIBS="" + LIBXML_FOUND="no" +*************** +*** 508,514 **** + NSS_CFLAGS="" + NSS_LIBS="" + NSS_LIBS_LIST="-lnss3 -lsmime3" +! NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" + NSS_CRYPTO_LIB="$PACKAGE-nss" + NSS_FOUND="no" + +--- 508,514 ---- + NSS_CFLAGS="" + NSS_LIBS="" + NSS_LIBS_LIST="-lnss3 -lsmime3" +! NSPR_LIBS_LIST="-lnspr4" + NSS_CRYPTO_LIB="$PACKAGE-nss" + NSS_FOUND="no" + +*************** +*** 534,541 **** + ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION + fi + +! ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" +! ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" + + AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) + NSPR_INCLUDES_FOUND="no" +--- 534,541 ---- + ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION + fi + +! ac_nss_lib_dir="${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}" +! ac_nss_inc_dir="${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/mozilla" + + AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION) + NSPR_INCLUDES_FOUND="no" +*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2005-02-23 11:06:57.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/akmngr.h 2005-02-23 11:06:37.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,71 ---- +! /** +! * XMLSec library +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright .......................... +! */ +! #ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ +! #define __XMLSEC_MSCRYPTO_AKMNGR_H__ +! +! #include <windows.h> +! #include <wincrypt.h> +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/keys.h> +! #include <xmlsec/transforms.h> +! +! #ifdef __cplusplus +! extern "C" { +! #endif /* __cplusplus */ +! +! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr +! xmlSecMSCryptoAppliedKeysMngrCreate( +! HCERTSTORE keyStore , +! HCERTSTORE certStore +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( +! xmlSecKeysMngrPtr mngr , +! HCRYPTKEY symKey +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( +! xmlSecKeysMngrPtr mngr , +! HCRYPTKEY pubKey +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( +! xmlSecKeysMngrPtr mngr , +! HCRYPTKEY priKey +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( +! xmlSecKeysMngrPtr mngr , +! HCERTSTORE keyStore +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( +! xmlSecKeysMngrPtr mngr , +! HCERTSTORE trustedStore +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( +! xmlSecKeysMngrPtr mngr , +! HCERTSTORE untrustedStore +! ) ; +! +! #ifdef __cplusplus +! } +! #endif /* __cplusplus */ +! +! #endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ +! +! +*** misc/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2003-09-26 14:12:46.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/mscrypto/x509.h 2005-02-23 11:06:37.000000000 +0800 +*************** +*** 77,82 **** +--- 77,97 ---- + PCCERT_CONTEXT cert, + xmlSecKeyDataType type); + ++ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE keyStore ++ ) ; ++ ++ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE trustedStore ++ ) ; ++ ++ XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE untrustedStore ++ ) ; ++ + + #endif /* XMLSEC_NO_X509 */ + +*** misc/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2005-02-23 11:06:54.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/akmngr.h 2005-02-23 11:06:37.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,55 ---- +! /** +! * XMLSec library +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright .......................... +! */ +! #ifndef __XMLSEC_NSS_AKMNGR_H__ +! #define __XMLSEC_NSS_AKMNGR_H__ +! +! #include <nss.h> +! #include <nspr.h> +! #include <pk11func.h> +! #include <cert.h> +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/keys.h> +! #include <xmlsec/transforms.h> +! +! #ifdef __cplusplus +! extern "C" { +! #endif /* __cplusplus */ +! +! XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr +! xmlSecNssAppliedKeysMngrCreate( +! PK11SlotInfo* slot , +! CERTCertDBHandle* handler +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssAppliedKeysMngrSymKeyLoad( +! xmlSecKeysMngrPtr mngr , +! PK11SymKey* symKey +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssAppliedKeysMngrPubKeyLoad( +! xmlSecKeysMngrPtr mngr , +! SECKEYPublicKey* pubKey +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssAppliedKeysMngrPriKeyLoad( +! xmlSecKeysMngrPtr mngr , +! SECKEYPrivateKey* priKey +! ) ; +! +! #ifdef __cplusplus +! } +! #endif /* __cplusplus */ +! +! #endif /* __XMLSEC_NSS_AKMNGR_H__ */ +! +! +*** misc/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2004-01-13 05:06:14.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/app.h 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 22,27 **** +--- 22,30 ---- + #include <xmlsec/keysmngr.h> + #include <xmlsec/transforms.h> + ++ #include <xmlsec/nss/tokens.h> ++ #include <xmlsec/nss/akmngr.h> ++ + /** + * Init/shutdown + */ +*************** +*** 34,39 **** +--- 37,44 ---- + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, + xmlSecKeyPtr key); ++ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, ++ xmlSecNssKeySlotPtr keySlot); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, + const char* uri); + XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, +*** misc/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2005-02-23 11:06:55.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/ciphers.h 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,35 ---- +! /** +! * XMLSec library +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright .......................... +! */ +! #ifndef __XMLSEC_NSS_CIPHERS_H__ +! #define __XMLSEC_NSS_CIPHERS_H__ +! +! #ifdef __cplusplus +! extern "C" { +! #endif /* __cplusplus */ +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/keys.h> +! #include <xmlsec/transforms.h> +! +! +! XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, +! PK11SymKey* symkey ) ; +! +! XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; +! +! XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); +! +! +! #ifdef __cplusplus +! } +! #endif /* __cplusplus */ +! +! #endif /* __XMLSEC_NSS_CIPHERS_H__ */ +! +! +*** misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2004-01-13 05:06:14.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 264,269 **** +--- 264,278 ---- + xmlSecNssTransformRsaPkcs1GetKlass() + XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void); + ++ /** ++ * xmlSecNssTransformRsaOaepId: ++ * ++ * The RSA OAEP key transport transform klass. ++ */ ++ #define xmlSecNssTransformRsaOaepId \ ++ xmlSecNssTransformRsaOaepGetKlass() ++ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); ++ + #endif /* XMLSEC_NO_RSA */ + + +*** misc/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2003-07-30 10:46:35.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/keysstore.h 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 16,21 **** +--- 16,23 ---- + #endif /* __cplusplus */ + + #include <xmlsec/xmlsec.h> ++ #include <xmlsec/keysmngr.h> ++ #include <xmlsec/nss/tokens.h> + + /**************************************************************************** + * +*************** +*** 31,36 **** +--- 33,40 ---- + XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, + xmlSecKeyPtr key); ++ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, ++ xmlSecNssKeySlotPtr keySlot); + XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, + const char *uri, + xmlSecKeysMngrPtr keysMngr); +*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2003-07-30 10:46:35.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.am 2005-02-23 11:06:37.000000000 +0800 +*************** +*** 3,8 **** +--- 3,9 ---- + xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss + + xmlsecnssinc_HEADERS = \ ++ akmngr.h \ + app.h \ + crypto.h \ + symbols.h \ +*************** +*** 10,15 **** +--- 11,18 ---- + keysstore.h \ + pkikeys.h \ + x509.h \ ++ tokens.h \ ++ ciphers.h \ + $(NULL) + + install-exec-hook: +*** misc/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2004-08-26 14:00:31.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/Makefile.in 2005-02-23 11:06:37.000000000 +0800 +*************** +*** 273,278 **** +--- 273,279 ---- + NULL = + xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss + xmlsecnssinc_HEADERS = \ ++ akmngr.h \ + app.h \ + crypto.h \ + symbols.h \ +*************** +*** 280,285 **** +--- 281,288 ---- + keysstore.h \ + pkikeys.h \ + x509.h \ ++ tokens.h \ ++ ciphers.h \ + $(NULL) + + all: all-am +*** misc/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2005-02-23 11:06:56.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/include/xmlsec/nss/tokens.h 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,182 ---- +! /** +! * XMLSec library +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. +! * +! * Contributor(s): _____________________________ +! * +! */ +! #ifndef __XMLSEC_NSS_TOKENS_H__ +! #define __XMLSEC_NSS_TOKENS_H__ +! +! #include <string.h> +! +! #include <nss.h> +! #include <pk11func.h> +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/list.h> +! +! #ifdef __cplusplus +! extern "C" { +! #endif /* __cplusplus */ +! +! /** +! * xmlSecNssKeySlotListId +! * +! * The crypto mechanism list klass +! */ +! #define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() +! XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; +! +! /******************************************* +! * KeySlot interfaces +! *******************************************/ +! /** +! * Internal NSS key slot data +! * @mechanismList: the mechanisms that the slot bound with. +! * @slot: the pkcs slot +! * +! * This context is located after xmlSecPtrList +! */ +! typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; +! typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; +! +! struct _xmlSecNssKeySlot { +! CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ +! PK11SlotInfo* slot ; +! } ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssKeySlotSetMechList( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE_PTR mechanismList +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssKeySlotEnableMech( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE mechanism +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssKeySlotDisableMech( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE mechanism +! ) ; +! +! XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR +! xmlSecNssKeySlotGetMechList( +! xmlSecNssKeySlotPtr keySlot +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssKeySlotSetSlot( +! xmlSecNssKeySlotPtr keySlot , +! PK11SlotInfo* slot +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssKeySlotInitialize( +! xmlSecNssKeySlotPtr keySlot , +! PK11SlotInfo* slot +! ) ; +! +! XMLSEC_CRYPTO_EXPORT void +! xmlSecNssKeySlotFinalize( +! xmlSecNssKeySlotPtr keySlot +! ) ; +! +! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* +! xmlSecNssKeySlotGetSlot( +! xmlSecNssKeySlotPtr keySlot +! ) ; +! +! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr +! xmlSecNssKeySlotCreate() ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssKeySlotCopy( +! xmlSecNssKeySlotPtr newKeySlot , +! xmlSecNssKeySlotPtr keySlot +! ) ; +! +! XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr +! xmlSecNssKeySlotDuplicate( +! xmlSecNssKeySlotPtr keySlot +! ) ; +! +! XMLSEC_CRYPTO_EXPORT void +! xmlSecNssKeySlotDestroy( +! xmlSecNssKeySlotPtr keySlot +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssKeySlotBindMech( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE type +! ) ; +! +! XMLSEC_CRYPTO_EXPORT int +! xmlSecNssKeySlotSupportMech( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE type +! ) ; +! +! +! /************************************************************************ +! * PKCS#11 crypto token interfaces +! * +! * A PKCS#11 slot repository will be defined internally. From the +! * repository, a user can specify a particular slot for a certain crypto +! * mechanism. +! * +! * In some situation, some cryptographic operation should act in a user +! * designated devices. The interfaces defined here provide the way. If +! * the user do not initialize the repository distinctly, the interfaces +! * use the default functions provided by NSS itself. +! * +! ************************************************************************/ +! /** +! * Initialize NSS pkcs#11 slot repository +! * +! * Returns 0 if success or -1 if an error occurs. +! */ +! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; +! +! /** +! * Shutdown and destroy NSS pkcs#11 slot repository +! */ +! XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; +! +! /** +! * Get PKCS#11 slot handler +! * @type the mechanism that the slot must support. +! * +! * Returns a pointer to PKCS#11 slot or NULL if an error occurs. +! * +! * Notes: The returned handler must be destroied distinctly. +! */ +! XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; +! +! /** +! * Adopt a pkcs#11 slot with a mechanism into the repository +! * @slot: the pkcs#11 slot. +! * @mech: the mechanism. +! * +! * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with +! * this mechanism only can perform on the @slot. +! * +! * Returns 0 if success or -1 if an error occurs. +! */ +! XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; +! +! #ifdef __cplusplus +! } +! #endif /* __cplusplus */ +! +! #endif /* __XMLSEC_NSS_TOKENS_H__ */ +! +*** misc/xmlsec1-1.2.6/libxml2-config 2005-02-23 11:07:03.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/libxml2-config 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,44 ---- +! #! /bin/sh +! +! prefix=${SOLARVERSION}/${INPATH} +! includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external +! libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT} +! +! while test $# -gt 0; do +! case "$1" in +! -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; +! *) optarg= ;; +! esac +! +! case "$1" in +! --prefix=*) +! prefix=$optarg +! includedir=$prefix/include +! libdir=$prefix/lib +! ;; +! +! --prefix) +! echo $prefix +! ;; +! +! --version) +! echo 2.5.4 +! exit 0 +! ;; +! +! --cflags) +! echo -I${includedir} +! ;; +! +! --libs) +! echo -L${libdir} -lxml2 -lz -lm +! ;; +! +! *) +! exit 1 +! ;; +! esac +! shift +! done +! +! exit 0 +*** misc/xmlsec1-1.2.6/src/bn.c 2004-06-22 02:33:27.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/bn.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 170,177 **** + */ + int + xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { +! xmlSecSize i, len; + xmlSecByte ch; + int nn; + int ret; + +--- 170,179 ---- + */ + int + xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { +! xmlSecSize i, len, size; + xmlSecByte ch; ++ xmlSecByte* data; ++ int positive; + int nn; + int ret; + +*************** +*** 183,189 **** + /* trivial case */ + len = xmlStrlen(str); + if(len == 0) { +! return(0); + } + + /* The result size could not exceed the input string length +--- 185,191 ---- + /* trivial case */ + len = xmlStrlen(str); + if(len == 0) { +! return(0); + } + + /* The result size could not exceed the input string length +*************** +*** 191,244 **** + * In truth, it would be likely less than 1/2 input string length + * because each byte is represented by 2 chars. If needed, + * buffer size would be increased by Mul/Add functions. + */ +! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1); + if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnRevLookupTable", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", len / 2 + 1); +! return (-1); + } + +! for(i = 0; i < len; i++) { +! ch = str[i]; +! if(isspace(ch)) { +! continue; +! } +! +! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); +! nn = xmlSecBnLookupTable[ch]; +! if((nn < 0) || ((xmlSecSize)nn > base)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "char=%c;base=%d", +! ch, base); +! return (-1); +! } +! +! ret = xmlSecBnMul(bn, base); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnMul", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "base=%d", base); +! return (-1); +! } +! +! ret = xmlSecBnAdd(bn, nn); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnAdd", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "base=%d", base); +! return (-1); +! } + } + + return(0); +--- 193,323 ---- + * In truth, it would be likely less than 1/2 input string length + * because each byte is represented by 2 chars. If needed, + * buffer size would be increased by Mul/Add functions. ++ * Finally, we can add one byte for 00 or 10 prefix. + */ +! ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1); + if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnRevLookupTable", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", len / 2 + 1); +! return (-1); +! } +! +! /* figure out if it is positive or negative number */ +! positive = 1; +! i = 0; +! while(i < len) { +! ch = str[i++]; +! +! /* skip spaces */ +! if(isspace(ch)) { +! continue; +! } +! +! /* check if it is + or - */ +! if(ch == '+') { +! positive = 1; +! break; +! } else if(ch == '-') { +! positive = 0; +! break; +! } +! +! /* otherwise, it must be start of the number */ +! nn = xmlSecBnLookupTable[ch]; +! if((nn >= 0) && ((xmlSecSize)nn < base)) { +! xmlSecAssert2(i > 0, -1); +! +! /* no sign, positive by default */ +! positive = 1; +! --i; /* make sure that we will look at this character in next loop */ +! break; +! } else { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "char=%c;base=%d", +! ch, base); +! return (-1); +! } +! } +! +! /* now parse the number itself */ +! while(i < len) { +! ch = str[i++]; +! if(isspace(ch)) { +! continue; +! } +! +! xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1); +! nn = xmlSecBnLookupTable[ch]; +! if((nn < 0) || ((xmlSecSize)nn > base)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "char=%c;base=%d", +! ch, base); +! return (-1); +! } +! +! ret = xmlSecBnMul(bn, base); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnMul", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "base=%d", base); +! return (-1); +! } +! +! ret = xmlSecBnAdd(bn, nn); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnAdd", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "base=%d", base); +! return (-1); +! } + } + +! /* check if we need to add 00 prefix */ +! data = xmlSecBufferGetData(bn); +! size = xmlSecBufferGetSize(bn); +! if((size > 0 && data[0] > 127)||(size==0)) { +! ch = 0; +! ret = xmlSecBufferPrepend(bn, &ch, 1); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBufferPrepend", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "base=%d", base); +! return (-1); +! } +! } +! +! /* do 2's compliment and add 1 to represent negative value */ +! if(positive == 0) { +! data = xmlSecBufferGetData(bn); +! size = xmlSecBufferGetSize(bn); +! for(i = 0; i < size; ++i) { +! data[i] ^= 0xFF; +! } +! +! ret = xmlSecBnAdd(bn, 1); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnAdd", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "base=%d", base); +! return (-1); +! } + } + + return(0); +*************** +*** 256,263 **** + */ + xmlChar* + xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { + xmlChar* res; +! xmlSecSize i, len; + int nn; + xmlChar ch; + +--- 335,346 ---- + */ + xmlChar* + xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { ++ xmlSecBn bn2; ++ int positive = 1; + xmlChar* res; +! xmlSecSize i, len, size; +! xmlSecByte* data; +! int ret; + int nn; + xmlChar ch; + +*************** +*** 265,299 **** + xmlSecAssert2(base > 1, NULL); + xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); + + /* Result string len is + * len = log base (256) * <bn size> + * Since the smallest base == 2 then we can get away with + * len = 8 * <bn size> + */ +! len = 8 * xmlSecBufferGetSize(bn) + 1; + res = (xmlChar*)xmlMalloc(len + 1); + if(res == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_MALLOC_FAILED, +! "len=%d", len); +! return (NULL); + } + memset(res, 0, len + 1); + +! for(i = 0; (xmlSecBufferGetSize(bn) > 0) && (i < len); i++) { +! if(xmlSecBnDiv(bn, base, &nn) < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnDiv", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "base=%d", base); +! xmlFree(res); +! return (NULL); +! } +! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); +! res[i] = xmlSecBnRevLookupTable[nn]; + } + xmlSecAssert2(i < len, NULL); + +--- 348,433 ---- + xmlSecAssert2(base > 1, NULL); + xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL); + ++ ++ /* copy bn */ ++ data = xmlSecBufferGetData(bn); ++ size = xmlSecBufferGetSize(bn); ++ ret = xmlSecBnInitialize(&bn2, size); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "size=%d", size); ++ return (NULL); ++ } ++ ++ ret = xmlSecBnSetData(&bn2, data, size); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnSetData", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "size=%d", size); ++ xmlSecBnFinalize(&bn2); ++ return (NULL); ++ } ++ ++ /* check if it is a negative number or not */ ++ data = xmlSecBufferGetData(&bn2); ++ size = xmlSecBufferGetSize(&bn2); ++ if((size > 0) && (data[0] > 127)) { ++ /* subtract 1 and do 2's compliment */ ++ ret = xmlSecBnAdd(&bn2, -1); ++ if(ret < 0) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecBnAdd", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "size=%d", size); ++ xmlSecBnFinalize(&bn2); ++ return (NULL); ++ } ++ for(i = 0; i < size; ++i) { ++ data[i] ^= 0xFF; ++ } ++ ++ positive = 0; ++ } else { ++ positive = 1; ++ } ++ + /* Result string len is + * len = log base (256) * <bn size> + * Since the smallest base == 2 then we can get away with + * len = 8 * <bn size> + */ +! len = 8 * size + 1 + 1; + res = (xmlChar*)xmlMalloc(len + 1); + if(res == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_MALLOC_FAILED, +! "len=%d", len); +! xmlSecBnFinalize(&bn2); +! return (NULL); + } + memset(res, 0, len + 1); + +! for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) { +! if(xmlSecBnDiv(&bn2, base, &nn) < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnDiv", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "base=%d", base); +! xmlFree(res); +! xmlSecBnFinalize(&bn2); +! return (NULL); +! } +! xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL); +! res[i] = xmlSecBnRevLookupTable[nn]; + } + xmlSecAssert2(i < len, NULL); + +*************** +*** 301,313 **** + for(len = i; (len > 1) && (res[len - 1] == '0'); len--); + res[len] = '\0'; + + /* swap the string because we wrote it in reverse order */ + for(i = 0; i < len / 2; i++) { +! ch = res[i]; +! res[i] = res[len - i - 1]; +! res[len - i - 1] = ch; + } + + return(res); + } + +--- 435,454 ---- + for(len = i; (len > 1) && (res[len - 1] == '0'); len--); + res[len] = '\0'; + ++ /* add "-" for negative numbers */ ++ if(positive == 0) { ++ res[len] = '-'; ++ res[++len] = '\0'; ++ } ++ + /* swap the string because we wrote it in reverse order */ + for(i = 0; i < len / 2; i++) { +! ch = res[i]; +! res[i] = res[len - i - 1]; +! res[len - i - 1] = ch; + } + ++ xmlSecBnFinalize(&bn2); + return(res); + } + +*************** +*** 392,398 **** + } + + data = xmlSecBufferGetData(bn); +! for(over = 0, i = xmlSecBufferGetSize(bn); i > 0;) { + xmlSecAssert2(data != NULL, -1); + + over = over + multiplier * data[--i]; +--- 533,541 ---- + } + + data = xmlSecBufferGetData(bn); +! i = xmlSecBufferGetSize(bn); +! over = 0; +! while(i > 0) { + xmlSecAssert2(data != NULL, -1); + + over = over + multiplier * data[--i]; +*************** +*** 487,529 **** + */ + int + xmlSecBnAdd(xmlSecBnPtr bn, int delta) { +! int over; + xmlSecByte* data; + xmlSecSize i; + xmlSecByte ch; + int ret; + + xmlSecAssert2(bn != NULL, -1); +- xmlSecAssert2(delta >= 0, -1); + + if(delta == 0) { +! return(0); + } + + data = xmlSecBufferGetData(bn); +! for(over = delta, i = xmlSecBufferGetSize(bn); i > 0;) { +! xmlSecAssert2(data != NULL, -1); + +! over += data[--i]; +! data[i] = over % 256; +! over = over / 256; +! } + +! while(over > 0) { +! ch = over % 256; +! over = over / 256; + +! ret = xmlSecBufferPrepend(bn, &ch, 1); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBufferPrepend", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=1"); +! return (-1); +! } + } +- + return(0); + } + +--- 630,686 ---- + */ + int + xmlSecBnAdd(xmlSecBnPtr bn, int delta) { +! int over, tmp; + xmlSecByte* data; + xmlSecSize i; + xmlSecByte ch; + int ret; + + xmlSecAssert2(bn != NULL, -1); + + if(delta == 0) { +! return(0); + } + + data = xmlSecBufferGetData(bn); +! if(delta > 0) { +! for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) { +! xmlSecAssert2(data != NULL, -1); + +! tmp = data[--i]; +! over += tmp; +! data[i] = over % 256; +! over = over / 256; +! } + +! while(over > 0) { +! ch = over % 256; +! over = over / 256; + +! ret = xmlSecBufferPrepend(bn, &ch, 1); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBufferPrepend", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=1"); +! return (-1); +! } +! } +! } else { +! for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) { +! xmlSecAssert2(data != NULL, -1); +! +! tmp = data[--i]; +! if(tmp < over) { +! data[i] = 0; +! over = (over - tmp) / 256; +! } else { +! data[i] = tmp - over; +! over = 0; +! } +! } + } + return(0); + } + +*************** +*** 787,793 **** + } + + if(addLineBreaks) { +! xmlNodeAddContent(cur, BAD_CAST "\n"); + } + + switch(format) { +--- 944,950 ---- + } + + if(addLineBreaks) { +! xmlNodeAddContent(cur, xmlSecStringCR); + } + + switch(format) { +*************** +*** 833,839 **** + } + + if(addLineBreaks) { +! xmlNodeAddContent(cur, BAD_CAST "\n"); + } + + return(0); +--- 990,996 ---- + } + + if(addLineBreaks) { +! xmlNodeAddContent(cur, xmlSecStringCR); + } + + return(0); +*** misc/xmlsec1-1.2.6/src/dl.c 2003-10-29 23:57:20.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/dl.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 329,334 **** +--- 329,338 ---- + xmlSecCryptoDLInit(void) { + int ret; + ++ /* use xmlMalloc/xmlFree */ ++ xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; ++ xmlsec_lt_dlfree = xmlSecCryptoDLFree; ++ + ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass()); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +*************** +*** 350,358 **** + } + /* TODO: LTDL_SET_PRELOADED_SYMBOLS(); */ + +- /* use xmlMalloc/xmlFree */ +- xmlsec_lt_dlmalloc = xmlSecCryptoDLMalloc; +- xmlsec_lt_dlfree = xmlSecCryptoDLFree; + return(0); + } + +--- 354,359 ---- +*** misc/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2005-02-23 11:06:59.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/mscrypto/akmngr.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,235 ---- +! /** +! * XMLSec library +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright......................... +! */ +! #include "globals.h" +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/keys.h> +! #include <xmlsec/transforms.h> +! #include <xmlsec/errors.h> +! +! #include <xmlsec/mscrypto/crypto.h> +! #include <xmlsec/mscrypto/keysstore.h> +! #include <xmlsec/mscrypto/akmngr.h> +! #include <xmlsec/mscrypto/x509.h> +! +! /** +! * xmlSecMSCryptoAppliedKeysMngrCreate: +! * @hKeyStore: the pointer to key store. +! * @hCertStore: the pointer to certificate database. +! * +! * Create and load key store and certificate database into keys manager +! * +! * Returns keys manager pointer on success or NULL otherwise. +! */ +! xmlSecKeysMngrPtr +! xmlSecMSCryptoAppliedKeysMngrCreate( +! HCERTSTORE hKeyStore , +! HCERTSTORE hCertStore +! ) { +! xmlSecKeyDataStorePtr certStore = NULL ; +! xmlSecKeysMngrPtr keyMngr = NULL ; +! xmlSecKeyStorePtr keyStore = NULL ; +! +! keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; +! if( keyStore == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeyStoreCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return NULL ; +! } +! +! /*- +! * At present, MS Crypto engine do not provide a way to setup a key store. +! */ +! if( keyStore != NULL ) { +! //TODO: binding key store. +! } +! +! keyMngr = xmlSecKeysMngrCreate() ; +! if( keyMngr == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyStoreDestroy( keyStore ) ; +! return NULL ; +! } +! +! /*- +! * Add key store to manager, from now on keys manager destroys the store if +! * needed +! */ +! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , +! "xmlSecKeysMngrAdoptKeyStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyStoreDestroy( keyStore ) ; +! xmlSecKeysMngrDestroy( keyMngr ) ; +! return NULL ; +! } +! +! /*- +! * Initialize crypto library specific data in keys manager +! */ +! if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecMSCryptoKeysMngrInit" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeysMngrDestroy( keyMngr ) ; +! return NULL ; +! } +! +! /*- +! * Set certificate databse to X509 key data store +! */ +! /*- +! * At present, MS Crypto engine do not provide a way to setup a cert store. +! */ +! +! /*- +! * Set the getKey callback +! */ +! keyMngr->getKey = xmlSecKeysMngrGetKey ; +! +! return keyMngr ; +! } +! +! int +! xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( +! xmlSecKeysMngrPtr mngr , +! HCRYPTKEY symKey +! ) { +! //TODO: import the key into keys manager. +! return(0) ; +! } +! +! int +! xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( +! xmlSecKeysMngrPtr mngr , +! HCRYPTKEY pubKey +! ) { +! //TODO: import the key into keys manager. +! return(0) ; +! } +! +! int +! xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( +! xmlSecKeysMngrPtr mngr , +! HCRYPTKEY priKey +! ) { +! //TODO: import the key into keys manager. +! return(0) ; +! } +! +! int +! xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( +! xmlSecKeysMngrPtr mngr , +! HCERTSTORE keyStore +! ) { +! xmlSecKeyDataStorePtr x509Store ; +! +! xmlSecAssert2( mngr != NULL, -1 ) ; +! xmlSecAssert2( keyStore != NULL, -1 ) ; +! +! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; +! if( x509Store == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrGetDataStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ) ; +! } +! +! if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , +! "xmlSecMSCryptoX509StoreAdoptKeyStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ) ; +! } +! +! return( 0 ) ; +! } +! +! int +! xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( +! xmlSecKeysMngrPtr mngr , +! HCERTSTORE trustedStore +! ) { +! xmlSecKeyDataStorePtr x509Store ; +! +! xmlSecAssert2( mngr != NULL, -1 ) ; +! xmlSecAssert2( trustedStore != NULL, -1 ) ; +! +! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; +! if( x509Store == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrGetDataStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ) ; +! } +! +! if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , +! "xmlSecMSCryptoX509StoreAdoptKeyStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ) ; +! } +! +! return( 0 ) ; +! } +! +! int +! xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( +! xmlSecKeysMngrPtr mngr , +! HCERTSTORE untrustedStore +! ) { +! xmlSecKeyDataStorePtr x509Store ; +! +! xmlSecAssert2( mngr != NULL, -1 ) ; +! xmlSecAssert2( untrustedStore != NULL, -1 ) ; +! +! x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; +! if( x509Store == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrGetDataStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ) ; +! } +! +! if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , +! "xmlSecMSCryptoX509StoreAdoptKeyStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ) ; +! } +! +! return( 0 ) ; +! } +! +*** misc/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2004-03-17 13:06:43.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/mscrypto/certkeys.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 41,46 **** +--- 41,47 ---- + * a public key from xml document is provided, we need HCRYPTKEY.... The focus + * now is however directed to certificates. Wouter + */ ++ /** replaced by a wrapper style for WINNT 4.0 + struct _xmlSecMSCryptoKeyDataCtx { + HCRYPTPROV hProv; + BOOL fCallerFreeProv; +*************** +*** 51,56 **** +--- 52,175 ---- + HCRYPTKEY hKey; + xmlSecKeyDataType type; + }; ++ */ ++ /*- ++ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is ++ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support ++ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 ++ */ ++ struct _mscrypt_key { ++ HCRYPTKEY hKey ; ++ int refcnt ; ++ } ; ++ ++ /*- ++ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is ++ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support ++ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 ++ */ ++ struct _mscrypt_prov { ++ HCRYPTPROV hProv ; ++ BOOL freeprov ; ++ int refcnt ; ++ } ; ++ ++ struct _xmlSecMSCryptoKeyDataCtx { ++ struct _mscrypt_prov* p_prov ; ++ LPCTSTR providerName; ++ DWORD providerType; ++ PCCERT_CONTEXT pCert; ++ DWORD dwKeySpec; ++ struct _mscrypt_key* p_key ; ++ xmlSecKeyDataType type; ++ }; ++ ++ struct _mscrypt_key* mscrypt_create_key( HCRYPTKEY key ) { ++ struct _mscrypt_key* pkey ; ++ ++ pkey = ( struct _mscrypt_key* )xmlMalloc( sizeof( struct _mscrypt_key ) ) ; ++ if( pkey == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ "mscrypt_create_key" , ++ NULL , ++ XMLSEC_ERRORS_R_MALLOC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ++ ) ; ++ } ++ ++ pkey->hKey = key ; ++ pkey->refcnt = 1 ; ++ ++ return pkey ; ++ } ++ ++ struct _mscrypt_key* mscrypt_acquire_key( struct _mscrypt_key* key ) { ++ if( key ) ++ key->refcnt ++ ; ++ ++ return key ; ++ } ++ ++ int mscrypt_release_key( struct _mscrypt_key* key ) { ++ if( key ) { ++ key->refcnt -- ; ++ if( !key->refcnt ) { ++ if( key->hKey ) { ++ CryptDestroyKey( key->hKey ) ; ++ key->hKey = 0 ; ++ } ++ xmlFree( key ) ; ++ } else { ++ return key->refcnt ; ++ } ++ } ++ ++ return 0 ; ++ } ++ ++ struct _mscrypt_prov* mscrypt_create_prov( HCRYPTPROV prov, BOOL callerFree ) { ++ struct _mscrypt_prov* pprov ; ++ ++ pprov = ( struct _mscrypt_prov* )xmlMalloc( sizeof( struct _mscrypt_prov ) ) ; ++ if( pprov == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ "mscrypt_create_prov" , ++ NULL , ++ XMLSEC_ERRORS_R_MALLOC_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ++ ) ; ++ } ++ ++ pprov->hProv = prov ; ++ pprov->freeprov = callerFree ; ++ pprov->refcnt = 1 ; ++ ++ return pprov ; ++ } ++ ++ struct _mscrypt_prov* mscrypt_acquire_prov( struct _mscrypt_prov* prov ) { ++ if( prov ) ++ prov->refcnt ++ ; ++ ++ return prov ; ++ } ++ ++ int mscrypt_release_prov( struct _mscrypt_prov* prov ) { ++ if( prov ) { ++ prov->refcnt -- ; ++ if( !prov->refcnt ) { ++ if( prov->hProv && prov->freeprov ) { ++ CryptReleaseContext( prov->hProv, 0 ) ; ++ prov->hProv = 0 ; ++ } ++ xmlFree( prov ) ; ++ } else { ++ return prov->refcnt ; ++ } ++ } ++ ++ return 0 ; ++ } + + /****************************************************************************** + * +*************** +*** 88,111 **** + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + +! if (ctx->hKey != 0) { +! CryptDestroyKey(ctx->hKey); +! ctx->hKey = 0; +! } + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + ctx->pCert = NULL; + } + +! if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { +! CryptReleaseContext(ctx->hProv, 0); +! ctx->hProv = 0; +! ctx->fCallerFreeProv = FALSE; +! } else { +! ctx->hProv = 0; +! ctx->fCallerFreeProv = FALSE; +! } + + ctx->type = type; + +--- 207,226 ---- + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + +! if( ctx->p_key != 0 ) { +! mscrypt_release_key( ctx->p_key ) ; +! } +! ctx->p_key = mscrypt_create_key( 0 ) ; + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + ctx->pCert = NULL; + } + +! if( ( ctx->p_prov ) ) { +! mscrypt_release_prov( ctx->p_prov ) ; +! } +! ctx->p_prov = mscrypt_create_prov( 0, FALSE ) ; + + ctx->type = type; + +*************** +*** 116,124 **** + if (!CryptAcquireCertificatePrivateKey(pCert, + CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, + NULL, +! &(ctx->hProv), + &(ctx->dwKeySpec), +! &(ctx->fCallerFreeProv))) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptAcquireCertificatePrivateKey", +--- 231,239 ---- + if (!CryptAcquireCertificatePrivateKey(pCert, + CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, + NULL, +! &(ctx->p_prov->hProv), + &(ctx->dwKeySpec), +! &(ctx->p_prov->freeprov))) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptAcquireCertificatePrivateKey", +*************** +*** 127,172 **** + return(-1); + } + } else if((type & xmlSecKeyDataTypePublic) != 0){ +! if (!CryptAcquireContext(&(ctx->hProv), + NULL, +! ctx->providerName, + ctx->providerType, + CRYPT_VERIFYCONTEXT)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CryptAcquireContext", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! ctx->dwKeySpec = 0; +! ctx->fCallerFreeProv = TRUE; + } else { +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "Unsupported keytype"); +! return(-1); +! } +! +! /* CryptImportPublicKeyInfo is only needed when a real key handle +! * is needed. The key handle is needed for de/encrypting and for +! * verifying of a signature, *not* for signing. We could call +! * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead +! * so no unnessecary calls to CryptImportPublicKeyInfo are being +! * made. WK +! */ +! if(!CryptImportPublicKeyInfo(ctx->hProv, +! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, +! &(pCert->pCertInfo->SubjectPublicKeyInfo), +! &(ctx->hKey))) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CryptImportPublicKeyInfo", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); + } + ctx->pCert = pCert; + +--- 242,280 ---- + return(-1); + } + } else if((type & xmlSecKeyDataTypePublic) != 0){ +! if (!CryptAcquireContext(&(ctx->p_prov->hProv), + NULL, +! NULL, /*AF: replaces "ctx->providerName" with "NULL" */ + ctx->providerType, + CRYPT_VERIFYCONTEXT)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CryptAcquireContext", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! ctx->dwKeySpec = 0; +! ctx->p_prov->freeprov = TRUE; +! +! if( !CryptImportPublicKeyInfo( ctx->p_prov->hProv, +! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, +! &(pCert->pCertInfo->SubjectPublicKeyInfo), +! &(ctx->p_key->hKey) ) ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CryptImportPublicKeyInfo", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } + } else { +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "Unsupported keytype"); +! return(-1); + } + ctx->pCert = pCert; + +*************** +*** 190,218 **** + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + +! if(ctx->hKey != 0) { +! CryptDestroyKey(ctx->hKey); +! ctx->hKey = 0; +! } + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + ctx->pCert = NULL; + } + +! if((ctx->hProv != 0) && ctx->fCallerFreeProv) { +! CryptReleaseContext(ctx->hProv, 0); +! ctx->hProv = 0; +! ctx->fCallerFreeProv = FALSE; +! } else { +! ctx->hProv = 0; +! ctx->fCallerFreeProv = FALSE; +! } + +! ctx->hProv = hProv; +! ctx->fCallerFreeProv = fCallerFreeProv; + ctx->dwKeySpec = dwKeySpec; +! ctx->hKey = hKey; + ctx->type = type; + + return(0); +--- 298,323 ---- + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + +! if( ctx->p_key != 0 ) { +! mscrypt_release_key( ctx->p_key ) ; +! ctx->p_key = NULL ; +! } + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + ctx->pCert = NULL; + } + +! if( ( ctx->p_prov ) ) { +! mscrypt_release_prov( ctx->p_prov ) ; +! ctx->p_prov = NULL ; +! } else { +! ctx->p_prov = NULL ; +! } + +! ctx->p_prov = mscrypt_create_prov( hProv, FALSE ) ; + ctx->dwKeySpec = dwKeySpec; +! ctx->p_key = mscrypt_create_key( hKey ) ; + ctx->type = type; + + return(0); +*************** +*** 238,244 **** + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + +! return(ctx->hKey); + } + + /** +--- 343,349 ---- + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + +! return( ctx->p_key ? ctx->p_key->hKey : 0 ); + } + + /** +*************** +*** 273,279 **** + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + +! return(ctx->hProv); + } + + DWORD +--- 378,384 ---- + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + +! return( ctx->p_prov ? ctx->p_prov->hProv : 0 ); + } + + DWORD +*************** +*** 316,340 **** + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } +- } +- +- if (ctxSrc->hKey != 0) { +- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), +- "CryptDuplicateKey", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } + } +! if(ctxSrc->hProv != 0) { +! CryptContextAddRef(ctxSrc->hProv, NULL, 0); +! ctxDst->hProv = ctxSrc->hProv; +! ctxDst->fCallerFreeProv = TRUE; +! } else { +! ctxDst->hProv = 0; +! ctxDst->fCallerFreeProv = FALSE; + } + + ctxDst->dwKeySpec = ctxSrc->dwKeySpec; +--- 421,456 ---- + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +! +! if( ctxSrc->p_key ) { +! if( ctxDst->p_key ) +! mscrypt_release_key( ctxDst->p_key ) ; +! +! ctxDst->p_key = mscrypt_acquire_key( ctxSrc->p_key ) ; +! if( !ctxDst->p_key ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), +! "mscrypt_acquire_key", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! } +! +! if( ctxSrc->p_prov ) { +! if( ctxDst->p_prov ) +! mscrypt_release_prov( ctxDst->p_prov ) ; +! +! ctxDst->p_prov = mscrypt_acquire_prov( ctxSrc->p_prov ) ; +! if( !ctxDst->p_prov ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), +! "mscrypt_acquire_prov", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } + } + + ctxDst->dwKeySpec = ctxSrc->dwKeySpec; +*************** +*** 355,370 **** + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert(ctx != NULL); + +! if (ctx->hKey != 0) { +! CryptDestroyKey(ctx->hKey); + } + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + } + +! if ((ctx->hProv != 0) && ctx->fCallerFreeProv) { +! CryptReleaseContext(ctx->hProv, 0); + } + + memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); +--- 471,486 ---- + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert(ctx != NULL); + +! if( ctx->p_key ) { +! mscrypt_release_key( ctx->p_key ) ; + } + + if(ctx->pCert != NULL) { + CertFreeCertificateContext(ctx->pCert); + } + +! if( ctx->p_prov ) { +! mscrypt_release_prov( ctx->p_prov ) ; + } + + memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); +*************** +*** 384,397 **** + xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); + return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); +! } else if (ctx->hKey != 0) { + DWORD length = 0; + DWORD lenlen = sizeof(DWORD); +! +! if (!CryptGetKeyParam(ctx->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +! "CertDuplicateCertificateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(0); +--- 500,513 ---- + xmlSecAssert2(ctx->pCert->pCertInfo != NULL, 0); + return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &(ctx->pCert->pCertInfo->SubjectPublicKeyInfo))); +! } else if (ctx->p_key != 0 && ctx->p_key->hKey != 0 ) { + DWORD length = 0; + DWORD lenlen = sizeof(DWORD); +! +! if (!CryptGetKeyParam(ctx->p_key->hKey, KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +! "CryptGetKeyParam", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(0); +*************** +*** 938,946 **** + + ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(ctx->hKey != 0, -1); + +! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +--- 1054,1063 ---- + + ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(ctx->p_key != 0, -1); +! xmlSecAssert2(ctx->p_key->hKey != 0, -1); + +! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +*************** +*** 960,966 **** + } + + blob = xmlSecBufferGetData(&buf); +! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +--- 1077,1083 ---- + } + + blob = xmlSecBufferGetData(&buf); +! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +*************** +*** 1797,1805 **** + + ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(ctx->hKey != 0, -1); + +! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +--- 1914,1923 ---- + + ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(ctx->p_key != 0, -1); +! xmlSecAssert2(ctx->p_key->hKey != 0, -1); + +! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +*************** +*** 1819,1825 **** + } + + blob = xmlSecBufferGetData(&buf); +! if (!CryptExportKey(ctx->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +--- 1937,1943 ---- + } + + blob = xmlSecBufferGetData(&buf); +! if (!CryptExportKey(ctx->p_key->hKey, 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", +*************** +*** 2010,2016 **** + HCRYPTKEY hKey = 0; + DWORD dwKeySpec; + DWORD dwSize; +- int res = -1; + int ret; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); +--- 2128,2133 ---- +*************** +*** 2043,2054 **** + dwKeySpec = AT_SIGNATURE; + dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); + if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { +! xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptGenKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +! goto done; + } + + ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, +--- 2160,2173 ---- + dwKeySpec = AT_SIGNATURE; + dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); + if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { +! xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptGenKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +! if (hProv != 0) +! CryptReleaseContext(hProv, 0); +! return -1 ; + } + + ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, +*************** +*** 2059,2082 **** + "xmlSecMSCryptoKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! hProv = 0; +! hKey = 0; + +! /* success */ +! res = 0; +! +! done: +! if (hProv != 0) { +! CryptReleaseContext(ctx->hProv, 0); + } + +! if (hKey != 0) { +! CryptDestroyKey(hKey); +! } +! +! return(res); + } + + static xmlSecKeyDataType +--- 2178,2194 ---- + "xmlSecMSCryptoKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +! if( hKey != 0 ) +! CryptDestroyKey( hKey ) ; +! if( hProv != 0 ) +! CryptReleaseContext( hProv, 0 ) ; + +! return -1 ; + } ++ hProv = 0 ; ++ hKey = 0 ; + +! return 0 ; + } + + static xmlSecKeyDataType +*** misc/xmlsec1-1.2.6/src/mscrypto/crypto.c 2003-11-12 10:38:51.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/mscrypto/crypto.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 330,342 **** + BYTE* + xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { + BYTE* str = NULL; +! + xmlSecAssert2(pszX500 != NULL, NULL); + xmlSecAssert2(len != NULL, NULL); + + if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, +! NULL, NULL, len, NULL)) { + /* this might not be an error, string might just not exist */ + return(NULL); + } + +--- 330,344 ---- + BYTE* + xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) { + BYTE* str = NULL; +! LPCTSTR ppszError = NULL; +! + xmlSecAssert2(pszX500 != NULL, NULL); + xmlSecAssert2(len != NULL, NULL); + + if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, +! NULL, NULL, len, &ppszError)) { + /* this might not be an error, string might just not exist */ ++ DWORD dw = GetLastError(); + return(NULL); + } + +*** misc/xmlsec1-1.2.6/src/mscrypto/x509.c 2003-09-26 08:58:13.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 1572,1577 **** +--- 1572,1578 ---- + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecMSCryptoX509DataCtxPtr ctx; + xmlSecKeyDataStorePtr x509Store; ++ PCCERT_CONTEXT pCert ; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1); +*************** +*** 1610,1615 **** +--- 1611,1619 ---- + return(-1); + } + ++ /*- ++ * Get Public key from cert, which does not always work for sign action. ++ * + keyValue = xmlSecMSCryptoX509CertGetKey(ctx->keyCert); + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +*************** +*** 1619,1624 **** +--- 1623,1673 ---- + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } ++ */ ++ ++ /*- ++ * I'll search key according to KeyReq. ++ */ ++ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; ++ if( pCert == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "CertDuplicateCertificateContext", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ return(-1); ++ } ++ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; ++ if(keyValue == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "xmlSecMSCryptoCertAdopt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ CertFreeCertificateContext( pCert ) ; ++ return(-1); ++ } ++ pCert = NULL ; ++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ++ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; ++ if(keyValue == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), ++ "xmlSecMSCryptoCertAdopt", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ ++ CertFreeCertificateContext( pCert ) ; ++ return(-1); ++ } ++ pCert = NULL ; ++ } ++ ++ + + /* verify that the key matches our expectations */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { +*************** +*** 1882,1888 **** + xmlSecAssert2(nm->pbData != NULL, NULL); + xmlSecAssert2(nm->cbData > 0, NULL); + +! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, NULL, 0); + str = (char *)xmlMalloc(csz); + if (NULL == str) { + xmlSecError(XMLSEC_ERRORS_HERE, +--- 1931,1937 ---- + xmlSecAssert2(nm->pbData != NULL, NULL); + xmlSecAssert2(nm->cbData > 0, NULL); + +! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); + str = (char *)xmlMalloc(csz); + if (NULL == str) { + xmlSecError(XMLSEC_ERRORS_HERE, +*************** +*** 1893,1899 **** + return (NULL); + } + +! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR, str, csz); + if (csz < 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +--- 1942,1948 ---- + return (NULL); + } + +! csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz); + if (csz < 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +*************** +*** 1904,1920 **** + return(NULL); + } + +! res = xmlStrdup(BAD_CAST str); +! if(res == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlStrdup", +! XMLSEC_ERRORS_R_MALLOC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! xmlFree(str); +! return(NULL); + } +- + xmlFree(str); + return(res); + } +--- 1953,1989 ---- + return(NULL); + } + +! /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead. +! * don't ask me how is it possible not to read something you wrote yourself but also +! * see comment in the xmlSecMSCryptoX509FindCert function. +! */ +! if(strncmp(str, "E=", 2) == 0) { +! res = xmlMalloc(strlen(str) + 13 + 1); +! if(res == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlMalloc", +! XMLSEC_ERRORS_R_MALLOC_FAILED, +! "size=%d", +! strlen(str) + 13 + 1); +! xmlFree(str); +! return(NULL); +! } +! +! memcpy(res, "emailAddress=", 13); +! strcpy(res + 13, BAD_CAST (str + 2)); +! } else { +! res = xmlStrdup(BAD_CAST str); +! if(res == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlStrdup", +! XMLSEC_ERRORS_R_MALLOC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! xmlFree(str); +! return(NULL); +! } + } + xmlFree(str); + return(res); + } +*** misc/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2003-09-27 11:12:22.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/mscrypto/x509vfy.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 125,130 **** +--- 125,131 ---- + xmlChar *issuerName, xmlChar *issuerSerial, + xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { + xmlSecMSCryptoX509StoreCtxPtr ctx; ++ PCCERT_CONTEXT pCert ; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); +*************** +*** 132,141 **** + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, NULL); + xmlSecAssert2(ctx->untrusted != NULL, NULL); + +! return(xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski)); +! } + + + static void + xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { +--- 133,149 ---- + ctx = xmlSecMSCryptoX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, NULL); + xmlSecAssert2(ctx->untrusted != NULL, NULL); ++ xmlSecAssert2(ctx->trusted != NULL, NULL); + +! pCert = NULL ; +! if( ctx->untrusted != NULL ) +! pCert = xmlSecMSCryptoX509FindCert( ctx->untrusted, subjectName, issuerName, issuerSerial, ski ) ; +! +! if( ctx->trusted != NULL && pCert == NULL ) +! pCert = xmlSecMSCryptoX509FindCert( ctx->trusted, subjectName, issuerName, issuerSerial, ski ) ; + ++ return( pCert ) ; ++ } + + static void + xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) { +*************** +*** 252,268 **** + } + + static BOOL +! xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, +! xmlSecKeyInfoCtx* keyInfoCtx) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + PCCERT_CONTEXT issuerCert = NULL; + FILETIME fTime; + DWORD flags; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); + xmlSecAssert2(cert != NULL, FALSE); + xmlSecAssert2(cert->pCertInfo != NULL, FALSE); +! xmlSecAssert2(certs != NULL, FALSE); + xmlSecAssert2(keyInfoCtx != NULL, FALSE); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); +--- 260,281 ---- + } + + static BOOL +! xmlSecMSCryptoX509StoreConstructCertsChain( +! xmlSecKeyDataStorePtr store , +! PCCERT_CONTEXT cert , +! HCERTSTORE certStore , +! xmlSecKeyInfoCtx* keyInfoCtx +! ) { + xmlSecMSCryptoX509StoreCtxPtr ctx; + PCCERT_CONTEXT issuerCert = NULL; + FILETIME fTime; + DWORD flags; ++ BOOL selfSigned ; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE); + xmlSecAssert2(cert != NULL, FALSE); + xmlSecAssert2(cert->pCertInfo != NULL, FALSE); +! xmlSecAssert2(certStore != NULL, FALSE); + xmlSecAssert2(keyInfoCtx != NULL, FALSE); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); +*************** +*** 283,342 **** + return(FALSE); + } + +! if (!xmlSecMSCryptoCheckRevocation(certs, cert)) { + return(FALSE); + } + +! /* try the untrusted certs in the chain */ +! issuerCert = CertFindCertificateInStore(certs, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, +! &(cert->pCertInfo->Issuer), + NULL); +! if(issuerCert == cert) { +! /* self signed cert, forget it */ +! CertFreeCertificateContext(issuerCert); +! } else if(issuerCert != NULL) { +! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; +! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { +! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +! CertFreeCertificateContext(issuerCert); +! return(FALSE); +! } +! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { +! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +! CertFreeCertificateContext(issuerCert); +! return(FALSE); +! } +! CertFreeCertificateContext(issuerCert); +! return(TRUE); + } + +! /* try the untrusted certs in the store */ +! issuerCert = CertFindCertificateInStore(ctx->untrusted, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, + &(cert->pCertInfo->Issuer), + NULL); +! if(issuerCert == cert) { +! /* self signed cert, forget it */ +! CertFreeCertificateContext(issuerCert); +! } else if(issuerCert != NULL) { +! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; +! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { +! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +! CertFreeCertificateContext(issuerCert); +! return(FALSE); +! } +! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) { +! CertFreeCertificateContext(issuerCert); +! return(FALSE); + } +- CertFreeCertificateContext(issuerCert); +- return(TRUE); +- } + + /* try to find issuer cert in the trusted cert in the store */ + issuerCert = CertFindCertificateInStore(ctx->trusted, +--- 296,380 ---- + return(FALSE); + } + +! if (!xmlSecMSCryptoCheckRevocation(certStore, cert)) { + return(FALSE); + } + +! /*- +! * Firstly try to find the cert in the trusted cert store. We will trust +! * the certificate in the trusted store. +! */ +! issuerCert = CertFindCertificateInStore(ctx->trusted, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, +! &(cert->pCertInfo->Subject), + NULL); +! if( issuerCert != NULL ) { +! /* We have found the trusted cert, so return true */ +! CertFreeCertificateContext( issuerCert ) ; +! return( TRUE ) ; + } + +! /* Check whether the certificate is self signed certificate */ +! selfSigned = CertCompareCertificateName( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer) ) ; +! +! /* try the untrusted certs in the chain */ +! if( !selfSigned ) { +! issuerCert = CertFindCertificateInStore(certStore, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, + &(cert->pCertInfo->Issuer), + NULL); +! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { +! /* self signed cert, forget it */ +! CertFreeCertificateContext(issuerCert); +! } else if(issuerCert != NULL) { +! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; +! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { +! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +! CertFreeCertificateContext(issuerCert); +! return(FALSE); +! } +! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { +! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +! CertFreeCertificateContext(issuerCert); +! return(FALSE); +! } +! +! CertFreeCertificateContext(issuerCert); +! return(TRUE); +! } +! } +! +! /* try the untrusted certs in the store */ +! if( !selfSigned ) { +! issuerCert = CertFindCertificateInStore(ctx->untrusted, +! X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, +! 0, +! CERT_FIND_SUBJECT_NAME, +! &(cert->pCertInfo->Issuer), +! NULL); +! if( issuerCert != NULL && CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, issuerCert->pCertInfo ) ) { +! /* self signed cert, forget it */ +! CertFreeCertificateContext(issuerCert); +! } else if(issuerCert != NULL) { +! flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; +! if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) { +! xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags); +! CertFreeCertificateContext(issuerCert); +! return(FALSE); +! } +! if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certStore, keyInfoCtx)) { +! CertFreeCertificateContext(issuerCert); +! return(FALSE); +! } +! +! CertFreeCertificateContext(issuerCert); +! return(TRUE); +! } + } + + /* try to find issuer cert in the trusted cert in the store */ + issuerCert = CertFindCertificateInStore(ctx->trusted, +*************** +*** 379,404 **** + xmlSecAssert2(certs != NULL, NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + +! while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){ +! PCCERT_CONTEXT nextCert = NULL; + +! xmlSecAssert2(cert->pCertInfo != NULL, NULL); + +! /* if cert is the issuer of any other cert in the list, then it is +! * to be skipped */ +! nextCert = CertFindCertificateInStore(certs, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_ISSUER_NAME, + &(cert->pCertInfo->Subject), +! NULL); +! if(nextCert != NULL) { +! CertFreeCertificateContext(nextCert); +! continue; +! } +! if(xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { +! return(cert); +! } + } + + return (NULL); +--- 417,463 ---- + xmlSecAssert2(certs != NULL, NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + +! while( ( cert = CertEnumCertificatesInStore( certs, cert ) ) != NULL ) { +! PCCERT_CONTEXT nextCert ; +! unsigned char selected ; + +! xmlSecAssert2( cert->pCertInfo != NULL, NULL ) ; + +! /* if cert is the issuer of any other cert in the list, then it is +! * to be skipped except that the cert list only have one self-signed +! * certificate. +! */ +! for( selected = 0, nextCert = NULL ; ; ) { +! nextCert = CertFindCertificateInStore( certs, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_ISSUER_NAME, + &(cert->pCertInfo->Subject), +! nextCert ) ; +! if( nextCert != NULL ) { +! if( CertCompareCertificate( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, nextCert->pCertInfo ) ) { +! selected = 1 ; +! continue ; +! } else { +! selected = 0 ; +! break ; +! } +! } else { +! selected = 1 ; +! break ; +! } +! } +! +! if( nextCert != NULL ) +! CertFreeCertificateContext( nextCert ) ; +! +! if( !selected ) { +! continue ; +! } +! +! if( xmlSecMSCryptoX509StoreConstructCertsChain( store, cert, certs, keyInfoCtx ) ) { +! return( cert ) ; +! } + } + + return (NULL); +*************** +*** 458,466 **** +--- 517,642 ---- + return(0); + } + ++ int ++ xmlSecMSCryptoX509StoreAdoptKeyStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE keyStore ++ ) { ++ xmlSecMSCryptoX509StoreCtxPtr ctx; ++ int ret; ++ ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ++ xmlSecAssert2( keyStore != NULL, -1); ++ ++ ctx = xmlSecMSCryptoX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, -1); ++ xmlSecAssert2(ctx->trusted != NULL, -1); ++ ++ if( !CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ { ++ PCCERT_CONTEXT ptCert ; ++ ++ ptCert = NULL ; ++ while( 1 ) { ++ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; ++ if( ptCert == NULL ) ++ break ; ++ } ++ } ++ ++ return(0); ++ } ++ ++ int ++ xmlSecMSCryptoX509StoreAdoptTrustedStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE trustedStore ++ ) { ++ xmlSecMSCryptoX509StoreCtxPtr ctx; ++ int ret; ++ ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ++ xmlSecAssert2( trustedStore != NULL, -1); ++ ++ ctx = xmlSecMSCryptoX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, -1); ++ xmlSecAssert2(ctx->trusted != NULL, -1); ++ ++ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ { ++ PCCERT_CONTEXT ptCert ; ++ ++ ptCert = NULL ; ++ while( 1 ) { ++ ptCert = CertEnumCertificatesInStore( ctx->trusted, ptCert ) ; ++ if( ptCert == NULL ) ++ break ; ++ } ++ } ++ ++ return(0); ++ } ++ ++ int ++ xmlSecMSCryptoX509StoreAdoptUntrustedStore ( ++ xmlSecKeyDataStorePtr store, ++ HCERTSTORE untrustedStore ++ ) { ++ xmlSecMSCryptoX509StoreCtxPtr ctx; ++ int ret; ++ ++ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); ++ xmlSecAssert2( untrustedStore != NULL, -1); ++ ++ ctx = xmlSecMSCryptoX509StoreGetCtx(store); ++ xmlSecAssert2(ctx != NULL, -1); ++ xmlSecAssert2(ctx->untrusted != NULL, -1); ++ ++ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ ++ { ++ PCCERT_CONTEXT ptCert ; ++ ++ ptCert = NULL ; ++ while( 1 ) { ++ ptCert = CertEnumCertificatesInStore( ctx->untrusted, ptCert ) ; ++ if( ptCert == NULL ) ++ break ; ++ } ++ } ++ ++ return(0); ++ } ++ + static int + xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { + xmlSecMSCryptoX509StoreCtxPtr ctx; ++ HCERTSTORE hTrustedMemStore ; ++ HCERTSTORE hUntrustedMemStore ; ++ + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1); + + ctx = xmlSecMSCryptoX509StoreGetCtx(store); +*************** +*** 468,503 **** + + memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); + + /* create trusted certs store */ +! ctx->trusted = CertOpenStore(CERT_STORE_PROV_MEMORY, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); +! if(ctx->trusted == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +! /* create trusted certs store */ +! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_MEMORY, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); +! if(ctx->untrusted == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + return(0); + } + +--- 644,747 ---- + + memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx)); + ++ /* create trusted certs store collection */ ++ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, ++ 0, ++ NULL, ++ 0, ++ NULL); ++ if(ctx->trusted == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertOpenStore", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ + /* create trusted certs store */ +! hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); +! if(hTrustedMemStore == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); ++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ ctx->trusted = NULL ; + return(-1); + } + +! /* add the memory trusted certs store to trusted certs store collection */ +! if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! "CertAddStoreToCollection", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); +! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); +! ctx->trusted = NULL ; +! return(-1); +! } +! CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); +! +! /* create untrusted certs store collection */ +! ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION, +! 0, +! NULL, +! 0, +! NULL); +! if(ctx->untrusted == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! "CertOpenStore", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); +! ctx->trusted = NULL ; +! return(-1); +! } +! +! /* create untrusted certs store */ +! hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); +! if(hUntrustedMemStore == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "CertOpenStore", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); ++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ ctx->trusted = NULL ; ++ ctx->untrusted = NULL ; + return(-1); + } + ++ /* add the memory trusted certs store to untrusted certs store collection */ ++ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), ++ "CertAddStoreToCollection", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ++ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ++ ctx->trusted = NULL ; ++ ctx->untrusted = NULL ; ++ return(-1); ++ } ++ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ++ + return(0); + } + +*************** +*** 567,576 **** +--- 811,851 ---- + + if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) { + xmlSecBn issuerSerialBn; ++ xmlChar * p; + CERT_NAME_BLOB cnb; ++ CRYPT_INTEGER_BLOB cib; + BYTE *cName = NULL; + DWORD cNameLen = 0; ++ ++ /* aleksey: for some unknown to me reasons, mscrypto wants Email ++ * instead of emailAddress. This code is not bullet proof and may ++ * produce incorrect results if someone has "emailAddress=" string ++ * in one of the fields, but it is best I can suggest to fix this problem. ++ * Also see xmlSecMSCryptoX509NameWrite function. ++ */ ++ while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) { ++ memcpy(p, " Email=", 13); ++ } ++ ++ ++ ++ /* get issuer name */ ++ cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, ++ issuerName, ++ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ++ &cNameLen); ++ if(cName == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecMSCryptoCertStrToName", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return (NULL); ++ } ++ cnb.pbData = cName; ++ cnb.cbData = cNameLen; + ++ /* get serial number */ + ret = xmlSecBnInitialize(&issuerSerialBn, 0); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +*************** +*** 578,583 **** +--- 853,859 ---- + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); ++ xmlFree(cName); + return(NULL); + } + +*************** +*** 589,614 **** + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBnFinalize(&issuerSerialBn); +! return(NULL); + } + +! cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, +! issuerName, +! CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, +! &cNameLen); +! if(cName == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +! "xmlSecMSCryptoCertStrToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBnFinalize(&issuerSerialBn); +! return (NULL); + } + +! cnb.pbData = cName; +! cnb.cbData = cNameLen; +! while((pCert = CertFindCertificateInStore(store, + PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, + 0, + CERT_FIND_ISSUER_NAME, +--- 865,894 ---- + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBnFinalize(&issuerSerialBn); +! xmlFree(cName); +! return(NULL); + } + +! /* I have no clue why at a sudden a swap is needed to +! * convert from lsb... This code is purely based upon +! * trial and error :( WK +! */ +! ret = xmlSecBnReverse(&issuerSerialBn); +! if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +! "xmlSecBnReverse", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBnFinalize(&issuerSerialBn); +! xmlFree(cName); +! return(NULL); + } + +! cib.pbData = xmlSecBufferGetData(&issuerSerialBn); +! cib.cbData = xmlSecBufferGetSize(&issuerSerialBn); +! +! while((pCert = CertFindCertificateInStore(store, + PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, + 0, + CERT_FIND_ISSUER_NAME, +*************** +*** 622,631 **** + if((pCert->pCertInfo != NULL) && + (pCert->pCertInfo->SerialNumber.pbData != NULL) && + (pCert->pCertInfo->SerialNumber.cbData > 0) && +! (0 == xmlSecBnCompareReverse(&issuerSerialBn, pCert->pCertInfo->SerialNumber.pbData, +! pCert->pCertInfo->SerialNumber.cbData))) { +! +! break; + } + } + xmlFree(cName); +--- 902,910 ---- + if((pCert->pCertInfo != NULL) && + (pCert->pCertInfo->SerialNumber.pbData != NULL) && + (pCert->pCertInfo->SerialNumber.cbData > 0) && +! (CertCompareIntegerBlob(&(pCert->pCertInfo->SerialNumber), &cib) == TRUE) +! ) { +! break; + } + } + xmlFree(cName); +*** misc/xmlsec1-1.2.6/src/nss/akmngr.c 2005-02-23 11:06:58.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/akmngr.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,381 ---- +! /** +! * XMLSec library +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright......................... +! */ +! #include "globals.h" +! +! #include <nspr.h> +! #include <nss.h> +! #include <pk11func.h> +! #include <cert.h> +! #include <keyhi.h> +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/keys.h> +! #include <xmlsec/transforms.h> +! #include <xmlsec/errors.h> +! +! #include <xmlsec/nss/crypto.h> +! #include <xmlsec/nss/tokens.h> +! #include <xmlsec/nss/akmngr.h> +! #include <xmlsec/nss/pkikeys.h> +! #include <xmlsec/nss/ciphers.h> +! #include <xmlsec/nss/keysstore.h> +! +! /** +! * xmlSecNssAppliedKeysMngrCreate: +! * @slot: the pointer to NSS PKCS#11 slot infomation. +! * @handler: the pointer to NSS certificate database. +! * +! * Create and load NSS crypto slot and certificate database into keys manager +! * +! * Returns keys manager pointer on success or NULL otherwise. +! */ +! xmlSecKeysMngrPtr +! xmlSecNssAppliedKeysMngrCreate( +! PK11SlotInfo* slot , +! CERTCertDBHandle* handler +! ) { +! xmlSecKeyDataStorePtr certStore = NULL ; +! xmlSecKeysMngrPtr keyMngr = NULL ; +! xmlSecKeyStorePtr keyStore = NULL ; +! +! keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; +! if( keyStore == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeyStoreCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return NULL ; +! } +! +! if( slot != NULL ) { +! xmlSecNssKeySlotPtr keySlot ; +! +! /* Create a key slot */ +! keySlot = xmlSecNssKeySlotCreate() ; +! if( keySlot == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , +! "xmlSecNssKeySlotCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyStoreDestroy( keyStore ) ; +! return NULL ; +! } +! +! /* Set slot */ +! if( xmlSecNssKeySlotSetSlot( keySlot , slot ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , +! "xmlSecNssKeySlotSetSlot" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyStoreDestroy( keyStore ) ; +! xmlSecNssKeySlotDestroy( keySlot ) ; +! return NULL ; +! } +! +! /* Adopt keySlot */ +! if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , +! "xmlSecNssKeysStoreAdoptKeySlot" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyStoreDestroy( keyStore ) ; +! xmlSecNssKeySlotDestroy( keySlot ) ; +! return NULL ; +! } +! } +! +! keyMngr = xmlSecKeysMngrCreate() ; +! if( keyMngr == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyStoreDestroy( keyStore ) ; +! return NULL ; +! } +! +! /*- +! * Add key store to manager, from now on keys manager destroys the store if +! * needed +! */ +! if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , +! "xmlSecKeysMngrAdoptKeyStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyStoreDestroy( keyStore ) ; +! xmlSecKeysMngrDestroy( keyMngr ) ; +! return NULL ; +! } +! +! /*- +! * Initialize crypto library specific data in keys manager +! */ +! if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeysMngrDestroy( keyMngr ) ; +! return NULL ; +! } +! +! /*- +! * Set certificate databse to X509 key data store +! */ +! /** +! * Because Tej's implementation of certDB use the default DB, so I ignore +! * the certDB handler at present. I'll modify the cert store sources to +! * accept particular certDB instead of default ones. +! certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; +! if( certStore == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , +! "xmlSecKeysMngrGetDataStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeysMngrDestroy( keyMngr ) ; +! return NULL ; +! } +! +! if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , +! "xmlSecNssKeyDataStoreX509SetCertDb" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeysMngrDestroy( keyMngr ) ; +! return NULL ; +! } +! */ +! +! /*- +! * Set the getKey callback +! */ +! keyMngr->getKey = xmlSecKeysMngrGetKey ; +! +! return keyMngr ; +! } +! +! int +! xmlSecNssAppliedKeysMngrSymKeyLoad( +! xmlSecKeysMngrPtr mngr , +! PK11SymKey* symKey +! ) { +! xmlSecKeyPtr key ; +! xmlSecKeyDataPtr data ; +! xmlSecKeyStorePtr keyStore ; +! +! xmlSecAssert2( mngr != NULL , -1 ) ; +! xmlSecAssert2( symKey != NULL , -1 ) ; +! +! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; +! if( keyStore == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrGetKeysStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1) ; +! } +! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; +! +! data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; +! if( data == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1) ; +! } +! +! key = xmlSecKeyCreate() ; +! if( key == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! if( xmlSecKeySetValue( key , data ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDestroy( key ) ; +! return(-1) ; +! } +! +! return(0) ; +! } +! +! int +! xmlSecNssAppliedKeysMngrPubKeyLoad( +! xmlSecKeysMngrPtr mngr , +! SECKEYPublicKey* pubKey +! ) { +! xmlSecKeyPtr key ; +! xmlSecKeyDataPtr data ; +! xmlSecKeyStorePtr keyStore ; +! +! xmlSecAssert2( mngr != NULL , -1 ) ; +! xmlSecAssert2( pubKey != NULL , -1 ) ; +! +! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; +! if( keyStore == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrGetKeysStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1) ; +! } +! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; +! +! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; +! if( data == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssPKIAdoptKey" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1) ; +! } +! +! key = xmlSecKeyCreate() ; +! if( key == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! if( xmlSecKeySetValue( key , data ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDestroy( key ) ; +! return(-1) ; +! } +! +! return(0) ; +! } +! +! int +! xmlSecNssAppliedKeysMngrPriKeyLoad( +! xmlSecKeysMngrPtr mngr , +! SECKEYPrivateKey* priKey +! ) { +! xmlSecKeyPtr key ; +! xmlSecKeyDataPtr data ; +! xmlSecKeyStorePtr keyStore ; +! +! xmlSecAssert2( mngr != NULL , -1 ) ; +! xmlSecAssert2( priKey != NULL , -1 ) ; +! +! keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; +! if( keyStore == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeysMngrGetKeysStore" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1) ; +! } +! xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; +! +! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; +! if( data == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssPKIAdoptKey" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1) ; +! } +! +! key = xmlSecKeyCreate() ; +! if( key == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! if( xmlSecKeySetValue( key , data ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSymKeyDataKeyAdopt" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDestroy( key ) ; +! return(-1) ; +! } +! +! return(0) ; +! } +! +*** misc/xmlsec1-1.2.6/src/nss/ciphers.c 2003-09-26 08:58:15.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/ciphers.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 1,838 **** +! /** +! * XMLSec library +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> +! * Copyright (c) 2003 America Online, Inc. All rights reserved. +! */ + #include "globals.h" + + #include <string.h> + +- #include <nspr.h> + #include <nss.h> +- #include <secoid.h> + #include <pk11func.h> + + #include <xmlsec/xmlsec.h> + #include <xmlsec/keys.h> + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> + +! #define XMLSEC_NSS_MAX_KEY_SIZE 32 +! #define XMLSEC_NSS_MAX_IV_SIZE 32 +! #define XMLSEC_NSS_MAX_BLOCK_SIZE 32 +! +! /************************************************************************** +! * +! * Internal Nss Block cipher CTX + * +! *****************************************************************************/ +! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, +! *xmlSecNssBlockCipherCtxPtr; + struct _xmlSecNssBlockCipherCtx { +! CK_MECHANISM_TYPE cipher; +! PK11Context* cipherCtx; +! xmlSecKeyDataId keyId; +! int keyInitialized; +! int ctxInitialized; +! xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; +! xmlSecSize keySize; +! xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; +! xmlSecSize ivSize; +! }; +! static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, +! xmlSecBufferPtr in, +! xmlSecBufferPtr out, +! int encrypt, +! const xmlChar* cipherName, +! xmlSecTransformCtxPtr transformCtx); +! static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, +! xmlSecBufferPtr in, +! xmlSecBufferPtr out, +! int encrypt, +! const xmlChar* cipherName, +! xmlSecTransformCtxPtr transformCtx); +! static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, +! xmlSecBufferPtr in, +! xmlSecBufferPtr out, +! int encrypt, +! const xmlChar* cipherName, +! xmlSecTransformCtxPtr transformCtx); +! static int +! xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, +! xmlSecBufferPtr in, xmlSecBufferPtr out, +! int encrypt, +! const xmlChar* cipherName, +! xmlSecTransformCtxPtr transformCtx) { +! SECItem keyItem; +! SECItem ivItem; +! PK11SlotInfo* slot; +! PK11SymKey* symKey; +! int ivLen; +! SECStatus rv; +! int ret; +! +! xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(ctx->cipher != 0, -1); +! xmlSecAssert2(ctx->cipherCtx == NULL, -1); +! xmlSecAssert2(ctx->keyInitialized != 0, -1); +! xmlSecAssert2(ctx->ctxInitialized == 0, -1); +! xmlSecAssert2(in != NULL, -1); +! xmlSecAssert2(out != NULL, -1); +! xmlSecAssert2(transformCtx != NULL, -1); +! +! ivLen = PK11_GetIVLength(ctx->cipher); +! xmlSecAssert2(ivLen > 0, -1); +! xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); +! +! if(encrypt) { +! /* generate random iv */ +! rv = PK11_GenerateRandom(ctx->iv, ivLen); +! if(rv != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "PK11_GenerateRandom", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "size=%d", ivLen); +! return(-1); +! } +! +! /* write iv to the output */ +! ret = xmlSecBufferAppend(out, ctx->iv, ivLen); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "xmlSecBufferAppend", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", ivLen); +! return(-1); +! } +! +! } else { +! /* if we don't have enough data, exit and hope that +! * we'll have iv next time */ +! if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { +! return(0); +! } +! +! /* copy iv to our buffer*/ +! xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); +! memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); +! +! /* and remove from input */ +! ret = xmlSecBufferRemoveHead(in, ivLen); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "xmlSecBufferRemoveHead", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", ivLen); +! return(-1); + } +! } + +! memset(&keyItem, 0, sizeof(keyItem)); +! keyItem.data = ctx->key; +! keyItem.len = ctx->keySize; +! memset(&ivItem, 0, sizeof(ivItem)); +! ivItem.data = ctx->iv; +! ivItem.len = ctx->ivSize; +! +! slot = PK11_GetBestSlot(ctx->cipher, NULL); +! if(slot == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "PK11_GetBestSlot", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, +! CKA_SIGN, &keyItem, NULL); +! if(symKey == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "PK11_ImportSymKey", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! PK11_FreeSlot(slot); +! return(-1); +! } + +! ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, +! (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, +! symKey, &ivItem); +! if(ctx->cipherCtx == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "PK11_CreateContextBySymKey", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! PK11_FreeSymKey(symKey); +! PK11_FreeSlot(slot); +! return(-1); + } +! +! ctx->ctxInitialized = 1; +! PK11_FreeSymKey(symKey); +! PK11_FreeSlot(slot); +! return(0); + } + +! static int +! xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, +! xmlSecBufferPtr in, xmlSecBufferPtr out, +! int encrypt, +! const xmlChar* cipherName, +! xmlSecTransformCtxPtr transformCtx) { +! xmlSecSize inSize, inBlocks, outSize; +! int blockLen; +! int outLen = 0; +! xmlSecByte* outBuf; +! SECStatus rv; +! int ret; +! +! xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(ctx->cipher != 0, -1); +! xmlSecAssert2(ctx->cipherCtx != NULL, -1); +! xmlSecAssert2(ctx->ctxInitialized != 0, -1); +! xmlSecAssert2(in != NULL, -1); +! xmlSecAssert2(out != NULL, -1); +! xmlSecAssert2(transformCtx != NULL, -1); + +! blockLen = PK11_GetBlockSize(ctx->cipher, NULL); +! xmlSecAssert2(blockLen > 0, -1); + +! inSize = xmlSecBufferGetSize(in); +! outSize = xmlSecBufferGetSize(out); +! +! if(inSize < (xmlSecSize)blockLen) { +! return(0); +! } + +! if(encrypt) { +! inBlocks = inSize / ((xmlSecSize)blockLen); +! } else { +! /* we want to have the last block in the input buffer +! * for padding check */ +! inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); +! } +! inSize = inBlocks * ((xmlSecSize)blockLen); + +! /* we write out the input size plus may be one block */ +! ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "xmlSecBufferSetMaxSize", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", outSize + inSize + blockLen); +! return(-1); +! } +! outBuf = xmlSecBufferGetData(out) + outSize; +! +! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, +! xmlSecBufferGetData(in), inSize); +! if(rv != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "PK11_CipherOp", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! xmlSecAssert2((xmlSecSize)outLen == inSize, -1); +! +! /* set correct output buffer size */ +! ret = xmlSecBufferSetSize(out, outSize + outLen); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "xmlSecBufferSetSize", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", outSize + outLen); +! return(-1); +! } +! +! /* remove the processed block from input */ +! ret = xmlSecBufferRemoveHead(in, inSize); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "xmlSecBufferRemoveHead", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", inSize); +! return(-1); +! } +! return(0); + } + +! static int +! xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, +! xmlSecBufferPtr in, +! xmlSecBufferPtr out, +! int encrypt, +! const xmlChar* cipherName, +! xmlSecTransformCtxPtr transformCtx) { +! xmlSecSize inSize, outSize; +! int blockLen, outLen = 0; +! xmlSecByte* inBuf; +! xmlSecByte* outBuf; +! SECStatus rv; +! int ret; +! +! xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(ctx->cipher != 0, -1); +! xmlSecAssert2(ctx->cipherCtx != NULL, -1); +! xmlSecAssert2(ctx->ctxInitialized != 0, -1); +! xmlSecAssert2(in != NULL, -1); +! xmlSecAssert2(out != NULL, -1); +! xmlSecAssert2(transformCtx != NULL, -1); +! +! blockLen = PK11_GetBlockSize(ctx->cipher, NULL); +! xmlSecAssert2(blockLen > 0, -1); + +! inSize = xmlSecBufferGetSize(in); +! outSize = xmlSecBufferGetSize(out); + +! if(encrypt != 0) { +! xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); +! +! /* create padding */ +! ret = xmlSecBufferSetMaxSize(in, blockLen); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "xmlSecBufferSetMaxSize", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", blockLen); +! return(-1); +! } +! inBuf = xmlSecBufferGetData(in); +! +! /* generate random padding */ +! if((xmlSecSize)blockLen > (inSize + 1)) { +! rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); +! if(rv != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "PK11_GenerateRandom", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "size=%d", blockLen - inSize - 1); +! return(-1); +! } +! } +! inBuf[blockLen - 1] = blockLen - inSize; +! inSize = blockLen; +! } else { +! if(inSize != (xmlSecSize)blockLen) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "data=%d;block=%d", inSize, blockLen); +! return(-1); + } +- } +- +- /* process last block */ +- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); +- if(ret < 0) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- xmlSecErrorsSafeString(cipherName), +- "xmlSecBufferSetMaxSize", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "size=%d", outSize + 2 * blockLen); +- return(-1); +- } +- outBuf = xmlSecBufferGetData(out) + outSize; + +! rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, +! xmlSecBufferGetData(in), inSize); +! if(rv != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "PK11_CipherOp", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! xmlSecAssert2((xmlSecSize)outLen == inSize, -1); +! +! if(encrypt == 0) { +! /* check padding */ +! if(outLen < outBuf[blockLen - 1]) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "padding=%d;buffer=%d", +! outBuf[blockLen - 1], outLen); +! return(-1); +! } +! outLen -= outBuf[blockLen - 1]; +! } +! +! /* set correct output buffer size */ +! ret = xmlSecBufferSetSize(out, outSize + outLen); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "xmlSecBufferSetSize", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", outSize + outLen); +! return(-1); +! } + +! /* remove the processed block from input */ +! ret = xmlSecBufferRemoveHead(in, inSize); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(cipherName), +! "xmlSecBufferRemoveHead", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "size=%d", inSize); +! return(-1); +! } + +! return(0); + } + +! +! /****************************************************************************** +! * +! * EVP Block Cipher transforms + * +! * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure + * +! *****************************************************************************/ +! #define xmlSecNssBlockCipherSize \ +! (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) +! #define xmlSecNssBlockCipherGetCtx(transform) \ +! ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) +! +! static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); +! static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); +! static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, +! xmlSecKeyReqPtr keyReq); +! static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, +! xmlSecKeyPtr key); +! static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, +! int last, +! xmlSecTransformCtxPtr transformCtx); +! static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); +! + + + static int +! xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { +! #ifndef XMLSEC_NO_DES +! if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { +! return(1); +! } +! #endif /* XMLSEC_NO_DES */ + +! #ifndef XMLSEC_NO_AES +! if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || +! xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || +! xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { +! +! return(1); +! } +! #endif /* XMLSEC_NO_AES */ +! +! return(0); + } + + static int +! xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { +! xmlSecNssBlockCipherCtxPtr ctx; +! +! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); + +! ctx = xmlSecNssBlockCipherGetCtx(transform); +! xmlSecAssert2(ctx != NULL, -1); +! +! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); + +! #ifndef XMLSEC_NO_DES +! if(transform->id == xmlSecNssTransformDes3CbcId) { +! ctx->cipher = CKM_DES3_CBC; +! ctx->keyId = xmlSecNssKeyDataDesId; +! ctx->keySize = 24; +! } else +! #endif /* XMLSEC_NO_DES */ +! +! #ifndef XMLSEC_NO_AES +! if(transform->id == xmlSecNssTransformAes128CbcId) { +! ctx->cipher = CKM_AES_CBC; +! ctx->keyId = xmlSecNssKeyDataAesId; +! ctx->keySize = 16; +! } else if(transform->id == xmlSecNssTransformAes192CbcId) { +! ctx->cipher = CKM_AES_CBC; +! ctx->keyId = xmlSecNssKeyDataAesId; +! ctx->keySize = 24; +! } else if(transform->id == xmlSecNssTransformAes256CbcId) { +! ctx->cipher = CKM_AES_CBC; +! ctx->keyId = xmlSecNssKeyDataAesId; +! ctx->keySize = 32; +! } else +! #endif /* XMLSEC_NO_AES */ +! +! if(1) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! NULL, +! XMLSEC_ERRORS_R_INVALID_TRANSFORM, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! return(0); + } + +! static void +! xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { +! xmlSecNssBlockCipherCtxPtr ctx; + +! xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); +! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); + +! ctx = xmlSecNssBlockCipherGetCtx(transform); +! xmlSecAssert(ctx != NULL); + +! if(ctx->cipherCtx != NULL) { +! PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); +! } +! +! memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); + } + +- static int +- xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { +- xmlSecNssBlockCipherCtxPtr ctx; + +- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +- xmlSecAssert2(keyReq != NULL, -1); +- +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); +- xmlSecAssert2(ctx->keyId != NULL, -1); +- +- keyReq->keyId = ctx->keyId; +- keyReq->keyType = xmlSecKeyDataTypeSymmetric; +- if(transform->operation == xmlSecTransformOperationEncrypt) { +- keyReq->keyUsage = xmlSecKeyUsageEncrypt; +- } else { +- keyReq->keyUsage = xmlSecKeyUsageDecrypt; +- } +- keyReq->keyBitsSize = 8 * ctx->keySize; +- return(0); +- } + + static int +! xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { +! xmlSecNssBlockCipherCtxPtr ctx; +! xmlSecBufferPtr buffer; +! +! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +! xmlSecAssert2(key != NULL, -1); +! +! ctx = xmlSecNssBlockCipherGetCtx(transform); +! xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(ctx->cipher != 0, -1); +! xmlSecAssert2(ctx->keyInitialized == 0, -1); +! xmlSecAssert2(ctx->keyId != NULL, -1); +! xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); +! +! xmlSecAssert2(ctx->keySize > 0, -1); +! xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); +! +! buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); +! xmlSecAssert2(buffer != NULL, -1); +! +! if(xmlSecBufferGetSize(buffer) < ctx->keySize) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! NULL, +! XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, +! "keySize=%d;expected=%d", +! xmlSecBufferGetSize(buffer), ctx->keySize); +! return(-1); +! } +! +! xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); +! memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); +! +! ctx->keyInitialized = 1; +! return(0); + } + +! static int +! xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { +! xmlSecNssBlockCipherCtxPtr ctx; +! xmlSecBufferPtr in, out; +! int ret; +! +! xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); +! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); +! xmlSecAssert2(transformCtx != NULL, -1); + +! in = &(transform->inBuf); +! out = &(transform->outBuf); + +- ctx = xmlSecNssBlockCipherGetCtx(transform); +- xmlSecAssert2(ctx != NULL, -1); + +! if(transform->status == xmlSecTransformStatusNone) { +! transform->status = xmlSecTransformStatusWorking; +! } + +! if(transform->status == xmlSecTransformStatusWorking) { +! if(ctx->ctxInitialized == 0) { +! ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, +! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +! xmlSecTransformGetName(transform), transformCtx); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! "xmlSecNssBlockCipherCtxInit", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! } +! if((ctx->ctxInitialized == 0) && (last != 0)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "not enough data to initialize transform"); +! return(-1); +! } +! +! if(ctx->ctxInitialized != 0) { +! ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, +! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +! xmlSecTransformGetName(transform), transformCtx); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! "xmlSecNssBlockCipherCtxUpdate", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! } +! +! if(last) { +! ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, +! (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, +! xmlSecTransformGetName(transform), transformCtx); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! "xmlSecNssBlockCipherCtxFinal", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! transform->status = xmlSecTransformStatusFinished; +! } +! } else if(transform->status == xmlSecTransformStatusFinished) { +! /* the only way we can get here is if there is no input */ +! xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); +! } else if(transform->status == xmlSecTransformStatusNone) { +! /* the only way we can get here is if there is no enough data in the input */ +! xmlSecAssert2(last == 0, -1); +! } else { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! NULL, +! XMLSEC_ERRORS_R_INVALID_STATUS, +! "status=%d", transform->status); +! return(-1); +! } +! +! return(0); +! } + + +! #ifndef XMLSEC_NO_AES +! /********************************************************************* +! * +! * AES CBC cipher transforms +! * +! ********************************************************************/ +! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +! +! xmlSecNameAes128Cbc, /* const xmlChar* name; */ +! xmlSecHrefAes128Cbc, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; + +! /** +! * xmlSecNssTransformAes128CbcGetKlass: +! * +! * AES 128 CBC encryption transform klass. +! * +! * Returns pointer to AES 128 CBC encryption transform. +! */ +! xmlSecTransformId +! xmlSecNssTransformAes128CbcGetKlass(void) { +! return(&xmlSecNssAes128CbcKlass); +! } + +! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +! +! xmlSecNameAes192Cbc, /* const xmlChar* name; */ +! xmlSecHrefAes192Cbc, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; + + /** +! * xmlSecNssTransformAes192CbcGetKlass: +! * +! * AES 192 CBC encryption transform klass. +! * +! * Returns pointer to AES 192 CBC encryption transform. +! */ +! xmlSecTransformId +! xmlSecNssTransformAes192CbcGetKlass(void) { +! return(&xmlSecNssAes192CbcKlass); + } + +- static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { +- /* klass/object sizes */ +- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +- +- xmlSecNameAes256Cbc, /* const xmlChar* name; */ +- xmlSecHrefAes256Cbc, /* const xmlChar* href; */ +- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +- +- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ +- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +- NULL, /* xmlSecTransformNodeReadMethod readNode; */ +- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +- NULL, /* xmlSecTransformValidateMethod validate; */ +- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +- NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +- NULL, /* xmlSecTransformPopXmlMethod popXml; */ +- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ +- +- NULL, /* void* reserved0; */ +- NULL, /* void* reserved1; */ +- }; +- + /** +! * xmlSecNssTransformAes256CbcGetKlass: +! * +! * AES 256 CBC encryption transform klass. +! * +! * Returns pointer to AES 256 CBC encryption transform. +! */ +! xmlSecTransformId +! xmlSecNssTransformAes256CbcGetKlass(void) { +! return(&xmlSecNssAes256CbcKlass); + } + +! #endif /* XMLSEC_NO_AES */ +! +! #ifndef XMLSEC_NO_DES +! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssBlockCipherSize, /* xmlSecSize objSize */ +! +! xmlSecNameDes3Cbc, /* const xmlChar* name; */ +! xmlSecHrefDes3Cbc, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; + +! /** +! * xmlSecNssTransformDes3CbcGetKlass: + * +! * Triple DES CBC encryption transform klass. +! * +! * Returns pointer to Triple DES encryption transform. + */ +! xmlSecTransformId +! xmlSecNssTransformDes3CbcGetKlass(void) { +! return(&xmlSecNssDes3CbcKlass); + } +! #endif /* XMLSEC_NO_DES */ + +--- 1,951 ---- +! /* -- C Source File -- **/ + #include "globals.h" + ++ #include <stdlib.h> + #include <string.h> + + #include <nss.h> + #include <pk11func.h> + + #include <xmlsec/xmlsec.h> ++ #include <xmlsec/xmltree.h> ++ #include <xmlsec/base64.h> + #include <xmlsec/keys.h> ++ #include <xmlsec/keyinfo.h> + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> ++ #include <xmlsec/nss/ciphers.h> + +! /** +! * Internal Nss Block Cipher Context + * +! * This context is designed for repositing a block cipher for transform +! */ +! typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; +! typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; +! + struct _xmlSecNssBlockCipherCtx { +! CK_MECHANISM_TYPE cipher ; +! PK11SymKey* symkey ; +! PK11Context* cipherCtx ; +! xmlSecKeyDataId keyId ; +! } ; +! +! #define xmlSecNssBlockCipherSize \ +! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) +! +! #define xmlSecNssBlockCipherGetCtx( transform ) \ +! ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) +! +! static int +! xmlSecNssBlockCipherCheckId( +! xmlSecTransformPtr transform +! ) { +! #ifndef XMLSEC_NO_DES +! if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { +! return 1 ; + } +! #endif /* XMLSEC_NO_DES */ + +! #ifndef XMLSEC_NO_AES +! if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || +! xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || +! xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { + +! return 1 ; + } +! #endif /* XMLSEC_NO_AES */ +! +! return 0 ; + } + +! static int +! xmlSecNssBlockCipherFetchCtx( +! xmlSecNssBlockCipherCtxPtr context , +! xmlSecTransformId id +! ) { +! xmlSecAssert2( context != NULL, -1 ) ; +! +! #ifndef XMLSEC_NO_DES +! if( id == xmlSecNssTransformDes3CbcId ) { +! context->cipher = CKM_DES3_CBC ; +! context->keyId = xmlSecNssKeyDataDesId ; +! } else +! #endif /* XMLSEC_NO_DES */ +! +! #ifndef XMLSEC_NO_AES +! if( id == xmlSecNssTransformAes128CbcId ) { +! context->cipher = CKM_AES_CBC ; +! context->keyId = xmlSecNssKeyDataAesId ; +! } else +! if( id == xmlSecNssTransformAes192CbcId ) { +! context->cipher = CKM_AES_CBC ; +! context->keyId = xmlSecNssKeyDataAesId ; +! } else +! if( id == xmlSecNssTransformAes256CbcId ) { +! context->cipher = CKM_AES_CBC ; +! context->keyId = xmlSecNssKeyDataAesId ; +! } else +! #endif /* XMLSEC_NO_AES */ +! +! if( 1 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } + +! return 0 ; +! } + +! /** +! * xmlSecTransformInitializeMethod: +! * @transform: the pointer to transform object. +! * +! * The transform specific initialization method. +! * +! * Returns 0 on success or a negative value otherwise. +! */ +! static int +! xmlSecNssBlockCipherInitialize( +! xmlSecTransformPtr transform +! ) { +! xmlSecNssBlockCipherCtxPtr context = NULL ; +! +! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; +! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; +! +! context = xmlSecNssBlockCipherGetCtx( transform ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherFetchCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } + +! context->symkey = NULL ; +! context->cipherCtx = NULL ; + +! return 0 ; + } + +! /** +! * xmlSecTransformFinalizeMethod: +! * @transform: the pointer to transform object. +! * +! * The transform specific destroy method. +! */ +! static void +! xmlSecNssBlockCipherFinalize( +! xmlSecTransformPtr transform +! ) { +! xmlSecNssBlockCipherCtxPtr context = NULL ; + +! xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; +! xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; + +! context = xmlSecNssBlockCipherGetCtx( transform ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return ; + } + +! if( context->cipherCtx != NULL ) { +! PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; +! context->cipherCtx = NULL ; +! } + +! if( context->symkey != NULL ) { +! PK11_FreeSymKey( context->symkey ) ; +! context->symkey = NULL ; +! } + +! context->cipher = CKM_INVALID_MECHANISM ; +! context->keyId = NULL ; + } + +! /** +! * xmlSecTransformSetKeyRequirementsMethod: +! * @transform: the pointer to transform object. +! * @keyReq: the pointer to key requirements structure. + * +! * Transform specific method to set transform's key requirements. + * +! * Returns 0 on success or a negative value otherwise. +! */ +! static int +! xmlSecNssBlockCipherSetKeyReq( +! xmlSecTransformPtr transform , +! xmlSecKeyReqPtr keyReq +! ) { +! xmlSecNssBlockCipherCtxPtr context = NULL ; +! xmlSecSize cipherSize = 0 ; +! +! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; +! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; +! xmlSecAssert2( keyReq != NULL , -1 ) ; +! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; +! +! context = xmlSecNssBlockCipherGetCtx( transform ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! keyReq->keyId = context->keyId ; +! keyReq->keyType = xmlSecKeyDataTypeSymmetric ; +! +! if( transform->operation == xmlSecTransformOperationEncrypt ) { +! keyReq->keyUsage = xmlSecKeyUsageEncrypt ; +! } else { +! keyReq->keyUsage = xmlSecKeyUsageDecrypt ; +! } +! +! /* +! if( context->symkey != NULL ) +! cipherSize = PK11_GetKeyLength( context->symkey ) ; +! +! keyReq->keyBitsSize = cipherSize * 8 ; +! */ + ++ return 0 ; ++ } + ++ /** ++ * xmlSecTransformSetKeyMethod: ++ * @transform: the pointer to transform object. ++ * @key: the pointer to key. ++ * ++ * The transform specific method to set the key for use. ++ * ++ * Returns 0 on success or a negative value otherwise. ++ */ + static int +! xmlSecNssBlockCipherSetKey( +! xmlSecTransformPtr transform , +! xmlSecKeyPtr key +! ) { +! xmlSecNssBlockCipherCtxPtr context = NULL ; +! xmlSecKeyDataPtr keyData = NULL ; +! PK11SymKey* symkey = NULL ; +! CK_ATTRIBUTE_TYPE operation ; +! int ivLen ; +! +! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; +! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; +! xmlSecAssert2( key != NULL , -1 ) ; +! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; +! +! context = xmlSecNssBlockCipherGetCtx( transform ) ; +! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; +! +! keyData = xmlSecKeyGetValue( key ) ; +! if( keyData == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , +! "xmlSecKeyGetValue" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , +! "xmlSecNssSymKeyDataGetKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } + +! context->symkey = symkey ; +! +! return 0 ; + } + ++ /** ++ * Block cipher transform init ++ */ + static int +! xmlSecNssBlockCipherCtxInit( +! xmlSecNssBlockCipherCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! const xmlChar* cipherName , +! xmlSecTransformCtxPtr transformCtx +! ) { +! SECItem ivItem ; +! SECItem* secParam = NULL ; +! xmlSecBufferPtr ivBuf = NULL ; +! int ivLen ; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipherCtx == NULL , -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! ivLen = PK11_GetIVLength( ctx->cipher ) ; +! if( ivLen < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_GetIVLength" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferCreate" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( encrypt ) { +! if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "PK11_GenerateRandom" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy( ivBuf ) ; +! return -1 ; +! } +! if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferSetSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy( ivBuf ) ; +! return -1 ; +! } +! +! if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferAppend" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy( ivBuf ) ; +! return -1 ; +! } +! } else { +! if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferSetData" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy( ivBuf ) ; +! return -1 ; +! } +! +! if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy( ivBuf ) ; +! return -1 ; +! } +! } +! +! ivItem.data = xmlSecBufferGetData( ivBuf ) ; +! ivItem.len = xmlSecBufferGetSize( ivBuf ) ; +! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "PK11_ParamFromIV" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy( ivBuf ) ; +! return -1 ; +! } +! +! ctx->cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; +! if( ctx->cipherCtx == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! SECITEM_FreeItem( secParam , PR_TRUE ) ; +! xmlSecBufferDestroy( ivBuf ) ; +! return -1 ; +! } + +! SECITEM_FreeItem( secParam , PR_TRUE ) ; +! xmlSecBufferDestroy( ivBuf ) ; + +! return 0 ; + } + +! /** +! * Block cipher transform update +! */ +! static int +! xmlSecNssBlockCipherCtxUpdate( +! xmlSecNssBlockCipherCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! const xmlChar* cipherName , +! xmlSecTransformCtxPtr transformCtx +! ) { +! xmlSecSize inSize ; +! xmlSecSize outSize ; +! xmlSecSize inBlocks ; +! int blockSize ; +! int outLen ; +! xmlSecByte* outBuf ; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "PK11_GetBlockSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! inSize = xmlSecBufferGetSize( in ) ; +! outSize = xmlSecBufferGetSize( out ) ; +! +! inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; +! inSize = inBlocks * blockSize ; +! +! if( inSize < blockSize ) { +! return 0 ; +! } +! +! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferSetMaxSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! outBuf = xmlSecBufferGetData( out ) + outSize ; +! +! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "PK11_CipherOp" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferSetSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } + +! return 0 ; +! } + +! /** +! * Block cipher transform final +! */ +! static int +! xmlSecNssBlockCipherCtxFinal( +! xmlSecNssBlockCipherCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! const xmlChar* cipherName , +! xmlSecTransformCtxPtr transformCtx +! ) { +! xmlSecSize inSize ; +! xmlSecSize outSize ; +! int blockSize ; +! int outLen ; +! xmlSecByte* inBuf ; +! xmlSecByte* outBuf ; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipherCtx != NULL , -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "PK11_GetBlockSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! inSize = xmlSecBufferGetSize( in ) ; +! outSize = xmlSecBufferGetSize( out ) ; +! +! /******************************************************************/ +! if( encrypt != 0 ) { +! xmlSecAssert2( inSize < blockSize, -1 ) ; +! +! /* create padding */ +! if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferSetMaxSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! inBuf = xmlSecBufferGetData( in ) ; +! +! /* generate random */ +! if( blockSize > ( inSize + 1 ) ) { +! if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "PK11_GenerateRandom" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! } +! +! inBuf[blockSize-1] = blockSize - inSize ; +! inSize = blockSize ; +! } else { +! if( inSize != blockSize ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! NULL , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! } +! +! /* process the last block */ +! if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferSetMaxSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! outBuf = xmlSecBufferGetData( out ) + outSize ; +! +! if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "PK11_CipherOp" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( encrypt == 0 ) { +! /* check padding */ +! if( outLen < outBuf[blockSize-1] ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! NULL , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! outLen -= outBuf[blockSize-1] ; +! } +! /******************************************************************/ +! +! /****************************************************************** +! if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferSetMaxSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! outBuf = xmlSecBufferGetData( out ) + outSize ; +! +! if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "PK11_DigestFinal" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! ******************************************************************/ +! +! if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferSetSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( cipherName ) , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! // PK11_Finalize( ctx->cipherCtx ) ; +! PK11_DestroyContext( ctx->cipherCtx , PR_TRUE ) ; +! ctx->cipherCtx = NULL ; + +! return 0 ; + } + + + ++ /** ++ * xmlSecTransformExecuteMethod: ++ * @transform: the pointer to transform object. ++ * @last: the flag: if set to 1 then it's the last data chunk. ++ * @transformCtx: the pointer to transform context object. ++ * ++ * Transform specific method to process a chunk of data. ++ * ++ * Returns 0 on success or a negative value otherwise. ++ */ + static int +! xmlSecNssBlockCipherExecute( +! xmlSecTransformPtr transform , +! int last , +! xmlSecTransformCtxPtr transformCtx +! ) { +! xmlSecNssBlockCipherCtxPtr context = NULL ; +! xmlSecBufferPtr inBuf = NULL ; +! xmlSecBufferPtr outBuf = NULL ; +! const xmlChar* cipherName ; +! int operation ; +! int rtv ; +! +! xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; +! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; +! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! context = xmlSecNssBlockCipherGetCtx( transform ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! inBuf = &( transform->inBuf ) ; +! outBuf = &( transform->outBuf ) ; +! +! if( transform->status == xmlSecTransformStatusNone ) { +! transform->status = xmlSecTransformStatusWorking ; +! } +! +! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; +! cipherName = xmlSecTransformGetName( transform ) ; +! +! if( transform->status == xmlSecTransformStatusWorking ) { +! if( context->cipherCtx == NULL ) { +! rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherCtxInit" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! } +! +! if( context->cipherCtx == NULL && last != 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "No enough data to intialize transform" ) ; +! return -1 ; +! } +! +! if( context->cipherCtx != NULL ) { +! rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherCtxUpdate" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! } +! +! if( last ) { +! rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssBlockCipherCtxFinal" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! transform->status = xmlSecTransformStatusFinished ; +! } +! } else if( transform->status == xmlSecTransformStatusFinished ) { +! if( xmlSecBufferGetSize( inBuf ) != 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "status=%d", transform->status ) ; +! return -1 ; +! } +! } else { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "status=%d", transform->status ) ; +! return -1 ; +! } +! +! return 0 ; + } + +! static xmlSecTransformKlass xmlSecNssAes128CbcKlass = { +! sizeof( xmlSecTransformKlass ) , +! xmlSecNssBlockCipherSize , + +! xmlSecNameAes128Cbc , +! xmlSecHrefAes128Cbc , +! xmlSecTransformUsageEncryptionMethod , +! +! xmlSecNssBlockCipherInitialize , +! xmlSecNssBlockCipherFinalize , +! NULL , +! NULL , +! +! xmlSecNssBlockCipherSetKeyReq , +! xmlSecNssBlockCipherSetKey , +! NULL , +! xmlSecTransformDefaultGetDataType , +! +! xmlSecTransformDefaultPushBin , +! xmlSecTransformDefaultPopBin , +! NULL , +! NULL , +! xmlSecNssBlockCipherExecute , +! +! NULL , +! NULL +! } ; + + +! static xmlSecTransformKlass xmlSecNssAes192CbcKlass = { +! sizeof( xmlSecTransformKlass ) , +! xmlSecNssBlockCipherSize , + +! xmlSecNameAes192Cbc , +! xmlSecHrefAes192Cbc , +! xmlSecTransformUsageEncryptionMethod , +! +! xmlSecNssBlockCipherInitialize , +! xmlSecNssBlockCipherFinalize , +! NULL , +! NULL , +! +! xmlSecNssBlockCipherSetKeyReq , +! xmlSecNssBlockCipherSetKey , +! NULL , +! xmlSecTransformDefaultGetDataType , +! +! xmlSecTransformDefaultPushBin , +! xmlSecTransformDefaultPopBin , +! NULL , +! NULL , +! xmlSecNssBlockCipherExecute , +! +! NULL , +! NULL +! } ; + + +! static xmlSecTransformKlass xmlSecNssAes256CbcKlass = { +! sizeof( xmlSecTransformKlass ) , +! xmlSecNssBlockCipherSize , + +! xmlSecNameAes256Cbc , +! xmlSecHrefAes256Cbc , +! xmlSecTransformUsageEncryptionMethod , +! +! xmlSecNssBlockCipherInitialize , +! xmlSecNssBlockCipherFinalize , +! NULL , +! NULL , +! +! xmlSecNssBlockCipherSetKeyReq , +! xmlSecNssBlockCipherSetKey , +! NULL , +! xmlSecTransformDefaultGetDataType , +! +! xmlSecTransformDefaultPushBin , +! xmlSecTransformDefaultPopBin , +! NULL , +! NULL , +! xmlSecNssBlockCipherExecute , +! +! NULL , +! NULL +! } ; + +! static xmlSecTransformKlass xmlSecNssDes3CbcKlass = { +! sizeof( xmlSecTransformKlass ) , +! xmlSecNssBlockCipherSize , +! +! xmlSecNameDes3Cbc , +! xmlSecHrefDes3Cbc , +! xmlSecTransformUsageEncryptionMethod , +! +! xmlSecNssBlockCipherInitialize , +! xmlSecNssBlockCipherFinalize , +! NULL , +! NULL , +! +! xmlSecNssBlockCipherSetKeyReq , +! xmlSecNssBlockCipherSetKey , +! NULL , +! xmlSecTransformDefaultGetDataType , +! +! xmlSecTransformDefaultPushBin , +! xmlSecTransformDefaultPopBin , +! NULL , +! NULL , +! xmlSecNssBlockCipherExecute , +! +! NULL , +! NULL +! } ; + + /** +! * xmlSecNssTransformAes128CbcGetKlass +! * +! * Get the AES128_CBC transform klass +! * +! * Return AES128_CBC transform klass +! */ +! xmlSecTransformId +! xmlSecNssTransformAes128CbcGetKlass( void ) { +! return ( &xmlSecNssAes128CbcKlass ) ; + } + + /** +! * xmlSecNssTransformAes192CbcGetKlass +! * +! * Get the AES192_CBC transform klass +! * +! * Return AES192_CBC transform klass +! */ +! xmlSecTransformId +! xmlSecNssTransformAes192CbcGetKlass( void ) { +! return ( &xmlSecNssAes192CbcKlass ) ; + } + +! /** +! * xmlSecNssTransformAes256CbcGetKlass +! * +! * Get the AES256_CBC transform klass +! * +! * Return AES256_CBC transform klass +! */ +! xmlSecTransformId +! xmlSecNssTransformAes256CbcGetKlass( void ) { +! return ( &xmlSecNssAes256CbcKlass ) ; +! } + +! /** +! * xmlSecNssTransformDes3CbcGetKlass + * +! * Get the DES3_CBC transform klass +! * +! * Return DES3_CBC transform klass + */ +! xmlSecTransformId +! xmlSecNssTransformDes3CbcGetKlass( void ) { +! return ( &xmlSecNssDes3CbcKlass ) ; + } +! + +*** misc/xmlsec1-1.2.6/src/nss/crypto.c 2003-10-29 23:57:25.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/crypto.c 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 130,135 **** +--- 130,136 ---- + /** + * High level routines form xmlsec command line utility + */ ++ /* + gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit; + gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown; + gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit; +*************** +*** 143,152 **** + gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; + gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; + gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; +! #endif /* XMLSEC_NO_X509 */ + gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; + + return(gXmlSecNssFunctions); + } +--- 144,172 ---- + gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory; + gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad; + gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory; +! #endif + gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad; + gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory; + gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback; ++ */ ++ ++ gXmlSecNssFunctions->cryptoAppInit = NULL ; ++ gXmlSecNssFunctions->cryptoAppShutdown = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = NULL ; ++ #ifndef XMLSEC_NO_X509 ++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= NULL ; ++ gXmlSecNssFunctions->cryptoAppPkcs12Load = NULL ; ++ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyCertLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = NULL ; ++ #endif /* XMLSEC_NO_X509 */ ++ gXmlSecNssFunctions->cryptoAppKeyLoad = NULL ; ++ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = NULL ; ++ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)NULL ; + + return(gXmlSecNssFunctions); + } +*** misc/xmlsec1-1.2.6/src/nss/digests.c 2003-09-26 08:58:15.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/digests.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 21,27 **** + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + +- #include <xmlsec/nss/app.h> + #include <xmlsec/nss/crypto.h> + + #define XMLSEC_NSS_MAX_DIGEST_SIZE 32 +--- 21,26 ---- +*************** +*** 107,113 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SECOID_FindOIDByTag", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +--- 106,112 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SECOID_FindOIDByTag", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + +*************** +*** 117,123 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_CreateDigestContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +--- 116,122 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_CreateDigestContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + +*************** +*** 208,214 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + transform->status = xmlSecTransformStatusWorking; +--- 207,213 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + transform->status = xmlSecTransformStatusWorking; +*************** +*** 225,231 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +--- 224,230 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + +*************** +*** 246,252 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xmlSecAssert2(ctx->dgstSize > 0, -1); +--- 245,251 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + xmlSecAssert2(ctx->dgstSize > 0, -1); +*** misc/xmlsec1-1.2.6/src/nss/hmac.c 2003-09-26 08:58:15.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 23,30 **** + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + +- #include <xmlsec/nss/app.h> + #include <xmlsec/nss/crypto.h> + + #define XMLSEC_NSS_MAX_HMAC_SIZE 128 + +--- 23,30 ---- + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> ++ #include <xmlsec/nss/tokens.h> + + #define XMLSEC_NSS_MAX_HMAC_SIZE 128 + +*************** +*** 241,253 **** + keyItem.data = xmlSecBufferGetData(buffer); + keyItem.len = xmlSecBufferGetSize(buffer); + +! slot = PK11_GetBestSlot(ctx->digestType, NULL); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! "PK11_GetBestSlot", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +--- 241,253 ---- + keyItem.data = xmlSecBufferGetData(buffer); + keyItem.len = xmlSecBufferGetSize(buffer); + +! slot = xmlSecNssSlotGet(ctx->digestType); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + +*************** +*** 258,264 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_ImportSymKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSlot(slot); + return(-1); + } +--- 258,264 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_ImportSymKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + PK11_FreeSlot(slot); + return(-1); + } +*************** +*** 269,275 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_CreateContextBySymKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSymKey(symKey); + PK11_FreeSlot(slot); + return(-1); +--- 269,275 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_CreateContextBySymKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + PK11_FreeSymKey(symKey); + PK11_FreeSlot(slot); + return(-1); +*************** +*** 368,374 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + transform->status = xmlSecTransformStatusWorking; +--- 368,374 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + transform->status = xmlSecTransformStatusWorking; +*************** +*** 385,391 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +--- 385,391 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + +*************** +*** 408,414 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xmlSecAssert2(dgstSize > 0, -1); +--- 408,414 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + xmlSecAssert2(dgstSize > 0, -1); +*** misc/xmlsec1-1.2.6/src/nss/keysstore.c 2003-09-26 08:58:15.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/keysstore.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 1,119 **** + /** + * XMLSec library + * +- * Nss keys store that uses Simple Keys Store under the hood. Uses the +- * Nss DB as a backing store for the finding keys, but the NSS DB is +- * not written to by the keys store. +- * So, if store->findkey is done and the key is not found in the simple +- * keys store, the NSS DB is looked up. +- * If store is called to adopt a key, that key is not written to the NSS +- * DB. +- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate +- * source of keys for xmlsec +- * + * This is free software; see Copyright file in the source + * distribution for precise wording. + * +! * Copyright (c) 2003 America Online, Inc. All rights reserved. + */ +- #include "globals.h" + +! #include <stdlib.h> + #include <string.h> + +! #include <nss.h> +! #include <cert.h> +! #include <pk11func.h> +! #include <keyhi.h> + +- #include <libxml/tree.h> + + #include <xmlsec/xmlsec.h> +! #include <xmlsec/buffer.h> +! #include <xmlsec/base64.h> +! #include <xmlsec/errors.h> +! #include <xmlsec/xmltree.h> +! + #include <xmlsec/keysmngr.h> + + #include <xmlsec/nss/crypto.h> + #include <xmlsec/nss/keysstore.h> +! #include <xmlsec/nss/x509.h> + #include <xmlsec/nss/pkikeys.h> + +! /**************************************************************************** + * +! * Nss Keys Store. Uses Simple Keys Store under the hood +! * +! * Simple Keys Store ptr is located after xmlSecKeyStore + * +! ***************************************************************************/ +! #define xmlSecNssKeysStoreSize \ +! (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) +! +! #define xmlSecNssKeysStoreGetSS(store) \ +! ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ +! (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ +! (xmlSecKeyStorePtr*)NULL) +! +! static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); +! static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); +! static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, +! const xmlChar* name, +! xmlSecKeyInfoCtxPtr keyInfoCtx); + +! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { +! sizeof(xmlSecKeyStoreKlass), +! xmlSecNssKeysStoreSize, + +! /* data */ +! BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ +! +! /* constructors/destructor */ +! xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ +! xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ +! xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ +! +! /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; + +! /** +! * xmlSecNssKeysStoreGetKlass: +! * +! * The Nss list based keys store klass. + * +! * Returns Nss list based keys store klass. + */ +! xmlSecKeyStoreId +! xmlSecNssKeysStoreGetKlass(void) { +! return(&xmlSecNssKeysStoreKlass); + } + +! /** +! * xmlSecNssKeysStoreAdoptKey: +! * @store: the pointer to Nss keys store. +! * @key: the pointer to key. +! * +! * Adds @key to the @store. + * +! * Returns 0 on success or a negative value if an error occurs. + */ +! int +! xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { +! xmlSecKeyStorePtr *ss; +! +! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); +! xmlSecAssert2((key != NULL), -1); + +! ss = xmlSecNssKeysStoreGetSS(store); +! xmlSecAssert2(((ss != NULL) && (*ss != NULL) && +! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); + +! return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); + } + + /** + * xmlSecNssKeysStoreLoad: + * @store: the pointer to Nss keys store. +--- 1,518 ---- + /** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for precise wording. + * +! * Copyright................................ + */ + +! /** +! * NSS key store uses a key list and a slot list as the key repository. NSS slot +! * list is a backup repository for the finding keys. If a key is not found from +! * the key list, the NSS slot list is looked up. +! * +! * Any key in the key list will not save to pkcs11 slot. When a store to called +! * to adopt a key, the key is resident in the key list; While a store to called +! * to set a is resident in the key list; While a store to called to set a slot +! * list, which means that the keys in the listed slot can be used for xml sign- +! * nature or encryption. +! * +! * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. +! * +! * The framework will decrease the user interfaces to administrate xmlSec crypto +! * engine. He can only focus on NSS layer functions. For examples, after the +! * user set up a slot list handler to the keys store, he do not need to do any +! * other work atop xmlSec interfaces, his action on the slot list handler, such +! * as add a token to, delete a token from the list, will directly effect the key +! * store behaviors. +! * +! * For example, a scenariio: +! * 0. Create a slot list;( NSS interfaces ) +! * 1. Create a keys store;( xmlSec interfaces ) +! * 2. Set slot list with the keys store;( xmlSec Interfaces ) +! * 3. Add a slot to the slot list;( NSS interfaces ) +! * 4. Perform xml signature; ( xmlSec Interfaces ) +! * 5. Deleter a slot from the slot list;( NSS interfaces ) +! * 6. Perform xml encryption; ( xmlSec Interfaces ) +! * 7. Perform xml signature;( xmlSec Interfaces ) +! * 8. Destroy the keys store;( xmlSec Interfaces ) +! * 8. Destroy the slot list.( NSS Interfaces ) +! */ +! +! #include "globals.h" + #include <string.h> + +! #include <nss.h> +! #include <pk11func.h> +! #include <prinit.h> +! #include <keyhi.h> + + + #include <xmlsec/xmlsec.h> +! #include <xmlsec/keys.h> + #include <xmlsec/keysmngr.h> ++ #include <xmlsec/transforms.h> ++ #include <xmlsec/xmltree.h> ++ #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> + #include <xmlsec/nss/keysstore.h> +! #include <xmlsec/nss/tokens.h> +! #include <xmlsec/nss/ciphers.h> + #include <xmlsec/nss/pkikeys.h> + +! /** +! * Internal NSS key store context + * +! * This context is located after xmlSecKeyStore +! */ +! typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; +! typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; +! +! struct _xmlSecNssKeysStoreCtx { +! xmlSecPtrListPtr keyList ; +! xmlSecPtrListPtr slotList ; +! } ; +! +! #define xmlSecNssKeysStoreSize \ +! ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) +! +! #define xmlSecNssKeysStoreGetCtx( data ) \ +! ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) +! +! int xmlSecNssKeysStoreAdoptKeySlot( +! xmlSecKeyStorePtr store , +! xmlSecNssKeySlotPtr keySlot +! ) { +! xmlSecNssKeysStoreCtxPtr context = NULL ; +! +! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; +! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; +! +! context = xmlSecNssKeysStoreGetCtx( store ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecNssKeysStoreGetCtx" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( context->slotList == NULL ) { +! if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecPtrListCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! } +! +! if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecPtrListCheckId" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecPtrListAdd" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! return 0 ; +! } +! +! int xmlSecNssKeysStoreAdoptKey( +! xmlSecKeyStorePtr store , +! xmlSecKeyPtr key +! ) { +! xmlSecNssKeysStoreCtxPtr context = NULL ; +! +! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; +! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; +! +! context = xmlSecNssKeysStoreGetCtx( store ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecNssKeysStoreGetCtx" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( context->keyList == NULL ) { +! if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecPtrListCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! } +! +! if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecPtrListCheckId" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecPtrListAdd" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } +! +! return 0 ; +! } +! +! /** +! * xmlSecKeyStoreInitializeMethod: +! * @store: the store. + * +! * Keys store specific initialization method. +! * +! * Returns 0 on success or a negative value if an error occurs. +! */ +! static int +! xmlSecNssKeysStoreInitialize( +! xmlSecKeyStorePtr store +! ) { +! xmlSecNssKeysStoreCtxPtr context = NULL ; +! +! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; +! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; +! +! context = xmlSecNssKeysStoreGetCtx( store ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecNssKeysStoreGetCtx" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } + +! context->keyList = NULL ; +! context->slotList = NULL ; + +! return 0 ; +! } + +! /** +! * xmlSecKeyStoreFinalizeMethod: +! * @store: the store. + * +! * Keys store specific finalization (destroy) method. + */ +! void +! xmlSecNssKeysStoreFinalize( +! xmlSecKeyStorePtr store +! ) { +! xmlSecNssKeysStoreCtxPtr context = NULL ; +! +! xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; +! xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; +! +! context = xmlSecNssKeysStoreGetCtx( store ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecNssKeysStoreGetCtx" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return ; +! } +! +! if( context->keyList != NULL ) { +! xmlSecPtrListDestroy( context->keyList ) ; +! context->keyList = NULL ; +! } +! +! if( context->slotList != NULL ) { +! xmlSecPtrListDestroy( context->slotList ) ; +! context->slotList = NULL ; +! } + } + +! xmlSecKeyPtr +! xmlSecNssKeysStoreFindKeyFromSlot( +! PK11SlotInfo* slot, +! const xmlChar* name, +! xmlSecKeyInfoCtxPtr keyInfoCtx +! ) { +! xmlSecKeyPtr key = NULL ; +! xmlSecKeyDataPtr data = NULL ; +! int length ; +! +! xmlSecAssert2( slot != NULL , NULL ) ; +! xmlSecAssert2( name != NULL , NULL ) ; +! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; +! +! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { +! PK11SymKey* symKey ; +! PK11SymKey* curKey ; +! +! /* Find symmetric key from the slot by name */ +! symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; +! for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { +! /* Check the key request */ +! length = PK11_GetKeyLength( curKey ) ; +! length *= 8 ; +! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && +! ( length > 0 ) && +! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) +! continue ; +! +! /* We find a eligible key */ +! data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; +! if( data == NULL ) { +! /* Do nothing */ +! } +! break ; +! } +! +! /* Destroy the sym key list */ +! for( curKey = symKey ; curKey != NULL ; ) { +! symKey = curKey ; +! curKey = PK11_GetNextSymKey( symKey ) ; +! PK11_FreeSymKey( symKey ) ; +! } +! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { +! SECKEYPublicKeyList* pubKeyList ; +! SECKEYPublicKey* pubKey ; +! SECKEYPublicKeyListNode* curPub ; +! +! /* Find asymmetric key from the slot by name */ +! pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; +! pubKey = NULL ; +! curPub = PUBKEY_LIST_HEAD(pubKeyList); +! for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { +! /* Check the key request */ +! length = SECKEY_PublicKeyStrength( curPub->key ) ; +! length *= 8 ; +! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && +! ( length > 0 ) && +! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) +! continue ; +! +! /* We find a eligible key */ +! pubKey = curPub->key ; +! break ; +! } +! +! if( pubKey != NULL ) { +! data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; +! if( data == NULL ) { +! /* Do nothing */ +! } +! } +! +! /* Destroy the public key list */ +! SECKEY_DestroyPublicKeyList( pubKeyList ) ; +! } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { +! SECKEYPrivateKeyList* priKeyList = NULL ; +! SECKEYPrivateKey* priKey = NULL ; +! SECKEYPrivateKeyListNode* curPri ; +! +! /* Find asymmetric key from the slot by name */ +! priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; +! priKey = NULL ; +! curPri = PRIVKEY_LIST_HEAD(priKeyList); +! for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { +! /* Check the key request */ +! length = PK11_SignatureLen( curPri->key ) ; +! length *= 8 ; +! if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && +! ( length > 0 ) && +! ( length < keyInfoCtx->keyReq.keyBitsSize ) ) +! continue ; +! +! /* We find a eligible key */ +! priKey = curPri->key ; +! break ; +! } +! +! if( priKey != NULL ) { +! data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; +! if( data == NULL ) { +! /* Do nothing */ +! } +! } +! +! /* Destroy the private key list */ +! SECKEY_DestroyPrivateKeyList( priKeyList ) ; +! } +! +! /* If we have gotten the key value */ +! if( data != NULL ) { +! if( ( key = xmlSecKeyCreate() ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeyCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyDataDestroy( data ) ; +! return NULL ; +! } +! +! if( xmlSecKeySetValue( key , data ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecKeySetValue" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecKeyDestroy( key ) ; +! xmlSecKeyDataDestroy( data ) ; +! return NULL ; +! } +! } +! +! return(key); +! } +! +! /** +! * xmlSecKeyStoreFindKeyMethod: +! * @store: the store. +! * @name: the desired key name. +! * @keyInfoCtx: the pointer to key info context. + * +! * Keys store specific find method. The caller is responsible for destroying +! * the returned key using #xmlSecKeyDestroy method. +! * +! * Returns the pointer to a key or NULL if key is not found or an error occurs. + */ +! static xmlSecKeyPtr +! xmlSecNssKeysStoreFindKey( +! xmlSecKeyStorePtr store , +! const xmlChar* name , +! xmlSecKeyInfoCtxPtr keyInfoCtx +! ) { +! xmlSecNssKeysStoreCtxPtr context = NULL ; +! xmlSecKeyPtr key = NULL ; +! xmlSecNssKeySlotPtr keySlot = NULL ; +! xmlSecSize pos ; +! xmlSecSize size ; +! +! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; +! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; +! xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; +! +! context = xmlSecNssKeysStoreGetCtx( store ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecNssKeysStoreGetCtx" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return NULL ; +! } +! +! /*- +! * Look for key at keyList at first. +! */ +! if( context->keyList != NULL ) { +! size = xmlSecPtrListGetSize( context->keyList ) ; +! for( pos = 0 ; pos < size ; pos ++ ) { +! key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; +! if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { +! return xmlSecKeyDuplicate( key ) ; +! } +! } +! } +! +! /*- +! * Find the key from slotList +! */ +! if( context->slotList != NULL ) { +! PK11SlotInfo* slot = NULL ; +! +! size = xmlSecPtrListGetSize( context->slotList ) ; +! for( pos = 0 ; pos < size ; pos ++ ) { +! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; +! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; +! if( slot == NULL ) { +! continue ; +! } else { +! key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; +! if( key == NULL ) { +! continue ; +! } else { +! return( key ) ; +! } +! } +! } +! } +! +! /*- +! * Create a session key if we can not find the key from keyList and slotList +! */ +! if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { +! key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; +! if( key == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , +! "xmlSecKeySetValue" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return NULL ; +! } +! +! return key ; +! } +! +! /** +! * We have no way to find the key any more. +! */ +! return NULL ; +! } + +! static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { +! sizeof( xmlSecKeyStoreKlass ) , +! xmlSecNssKeysStoreSize , +! BAD_CAST "implicit_nss_keys_store" , +! xmlSecNssKeysStoreInitialize , +! xmlSecNssKeysStoreFinalize , +! xmlSecNssKeysStoreFindKey , +! NULL , +! NULL +! } ; + +! /** +! * xmlSecNssKeysStoreGetKlass: +! * +! * The simple list based keys store klass. +! * +! * Returns simple list based keys store klass. +! */ +! xmlSecKeyStoreId +! xmlSecNssKeysStoreGetKlass( void ) { +! return &xmlSecNssKeysStoreKlass ; + } + ++ ++ /************************** ++ * Application routines ++ */ + /** + * xmlSecNssKeysStoreLoad: + * @store: the pointer to Nss keys store. +*************** +*** 125,132 **** + * Returns 0 on success or a negative value if an error occurs. + */ + int +! xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, +! xmlSecKeysMngrPtr keysMngr) { + xmlDocPtr doc; + xmlNodePtr root; + xmlNodePtr cur; +--- 524,534 ---- + * Returns 0 on success or a negative value if an error occurs. + */ + int +! xmlSecNssKeysStoreLoad( +! xmlSecKeyStorePtr store, +! const char *uri, +! xmlSecKeysMngrPtr keysMngr +! ) { + xmlDocPtr doc; + xmlNodePtr root; + xmlNodePtr cur; +*************** +*** 252,505 **** + */ + int + xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { +! xmlSecKeyStorePtr *ss; +! +! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); +! xmlSecAssert2((filename != NULL), -1); +! +! ss = xmlSecNssKeysStoreGetSS(store); +! xmlSecAssert2(((ss != NULL) && (*ss != NULL) && +! (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); +! +! return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); +! } +! +! static int +! xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { +! xmlSecKeyStorePtr *ss; +! +! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); + +! ss = xmlSecNssKeysStoreGetSS(store); +! xmlSecAssert2((*ss == NULL), -1); + +! *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); +! if(*ss == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSecKeyStoreCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "xmlSecSimpleKeysStoreId"); +! return(-1); + } +- +- return(0); +- } +- +- static void +- xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { +- xmlSecKeyStorePtr *ss; +- +- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); +- +- ss = xmlSecNssKeysStoreGetSS(store); +- xmlSecAssert((ss != NULL) && (*ss != NULL)); + +! xmlSecKeyStoreDestroy(*ss); +! } +! +! static xmlSecKeyPtr +! xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, +! xmlSecKeyInfoCtxPtr keyInfoCtx) { +! xmlSecKeyStorePtr* ss; +! xmlSecKeyPtr key = NULL; +! xmlSecKeyPtr retval = NULL; +! xmlSecKeyReqPtr keyReq = NULL; +! CERTCertificate *cert = NULL; +! SECKEYPublicKey *pubkey = NULL; +! SECKEYPrivateKey *privkey = NULL; +! xmlSecKeyDataPtr data = NULL; +! xmlSecKeyDataPtr x509Data = NULL; +! int ret; +! +! xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); +! xmlSecAssert2(keyInfoCtx != NULL, NULL); +! +! ss = xmlSecNssKeysStoreGetSS(store); +! xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); +! +! key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); +! if (key != NULL) { +! return (key); +! } + +! /* Try to find the key in the NSS DB, and construct an xmlSecKey. +! * we must have a name to lookup keys in NSS DB. +! */ +! if (name == NULL) { +! goto done; +! } + +! /* what type of key are we looking for? +! * TBD: For now, we'll look only for public/private keys using the +! * name as a cert nickname. Later on, we can attempt to find +! * symmetric keys using PK11_FindFixedKey +! */ +! keyReq = &(keyInfoCtx->keyReq); +! if (keyReq->keyType & +! (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { +! cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); +! if (cert == NULL) { +! goto done; +! } +! +! if (keyReq->keyType & xmlSecKeyDataTypePublic) { +! pubkey = CERT_ExtractPublicKey(cert); +! if (pubkey == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CERT_ExtractPublicKey", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; + } +- } + +! if (keyReq->keyType & xmlSecKeyDataTypePrivate) { +! privkey = PK11_FindKeyByAnyCert(cert, NULL); +! if (privkey == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_FindKeyByAnyCert", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; + } + } + +! data = xmlSecNssPKIAdoptKey(privkey, pubkey); +! if(data == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssPKIAdoptKey", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! privkey = NULL; +! pubkey = NULL; +! +! key = xmlSecKeyCreate(); +! if (key == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecKeyCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +! return (NULL); +! } +! +! x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); +! if(x509Data == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecKeyDataCreate", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "transform=%s", +! xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); +! goto done; +! } +! +! ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); +! if (ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssKeyDataX509AdoptKeyCert", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "data=%s", +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +! goto done; +! } +! cert = CERT_DupCertificate(cert); +! if (cert == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CERT_DupCertificate", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "data=%s", +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +! goto done; +! } +! +! ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); +! if (ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssKeyDataX509AdoptCert", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "data=%s", +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +! goto done; + } +- cert = NULL; + +! ret = xmlSecKeySetValue(key, data); +! if (ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecKeySetValue", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "data=%s", +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); +! goto done; +! } +! data = NULL; + +! ret = xmlSecKeyAdoptData(key, x509Data); +! if (ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecKeyAdoptData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "data=%s", +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); +! goto done; +! } +! x509Data = NULL; +! +! retval = key; +! key = NULL; +! } +! +! done: +! if (cert != NULL) { +! CERT_DestroyCertificate(cert); +! } +! if (pubkey != NULL) { +! SECKEY_DestroyPublicKey(pubkey); +! } +! if (privkey != NULL) { +! SECKEY_DestroyPrivateKey(privkey); +! } +! if (data != NULL) { +! xmlSecKeyDataDestroy(data); +! } +! if (x509Data != NULL) { +! xmlSecKeyDataDestroy(x509Data); +! } +! if (key != NULL) { +! xmlSecKeyDestroy(key); + } +! +! /* now that we have a key, make sure it is valid and let the simple +! * store adopt it */ +! if (retval) { +! if (xmlSecKeyIsValid(retval)) { +! ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval); +! if (ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSecSimpleKeysStoreAdoptKey", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! xmlSecKeyDestroy(retval); +! retval = NULL; +! } +! } else { +! xmlSecKeyDestroy(retval); +! retval = NULL; +! } +! } +! +! return (retval); + } +--- 654,800 ---- + */ + int + xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { +! xmlSecKeyInfoCtx keyInfoCtx; +! xmlSecNssKeysStoreCtxPtr context ; +! xmlSecPtrListPtr list; +! xmlSecKeyPtr key; +! xmlSecSize i, keysSize; +! xmlDocPtr doc; +! xmlNodePtr cur; +! xmlSecKeyDataPtr data; +! xmlSecPtrListPtr idsList; +! xmlSecKeyDataId dataId; +! xmlSecSize idsSize, j; +! int ret; + +! xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ), -1 ) ; +! xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; +! xmlSecAssert2(filename != NULL, -1); +! +! context = xmlSecNssKeysStoreGetCtx( store ) ; +! xmlSecAssert2( context != NULL, -1 ); +! +! list = context->keyList ; +! xmlSecAssert2( list != NULL, -1 ); +! xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); + +! /* create doc */ +! doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); +! if(doc == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSecCreateTree", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); + } + +! idsList = xmlSecKeyDataIdsGet(); +! xmlSecAssert2(idsList != NULL, -1); +! +! keysSize = xmlSecPtrListGetSize(list); +! idsSize = xmlSecPtrListGetSize(idsList); +! for(i = 0; i < keysSize; ++i) { +! key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); +! xmlSecAssert2(key != NULL, -1); +! +! cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); +! if(cur == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSecAddChild", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "node=%s", +! xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); +! xmlFreeDoc(doc); +! return(-1); +! } + +! /* special data key name */ +! if(xmlSecKeyGetName(key) != NULL) { +! if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSecAddChild", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "node=%s", +! xmlSecErrorsSafeString(xmlSecNodeKeyName)); +! xmlFreeDoc(doc); +! return(-1); +! } +! } +! +! /* create nodes for other keys data */ +! for(j = 0; j < idsSize; ++j) { +! dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); +! xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); + +! if(dataId->dataNodeName == NULL) { +! continue; +! } +! +! data = xmlSecKeyGetData(key, dataId); +! if(data == NULL) { +! continue; + } + +! if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSecAddChild", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "node=%s", +! xmlSecErrorsSafeString(dataId->dataNodeName)); +! xmlFreeDoc(doc); +! return(-1); + } + } + +! ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); +! if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSecKeyInfoCtxInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +! xmlFreeDoc(doc); +! return(-1); + } + +! keyInfoCtx.mode = xmlSecKeyInfoModeWrite; +! keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; +! keyInfoCtx.keyReq.keyType = type; +! keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; + +! /* finally write key in the node */ +! ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); +! if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSecKeyInfoNodeWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! xmlSecKeyInfoCtxFinalize(&keyInfoCtx); +! xmlFreeDoc(doc); +! return(-1); +! } +! xmlSecKeyInfoCtxFinalize(&keyInfoCtx); + } +! +! /* now write result */ +! ret = xmlSaveFormatFile(filename, doc, 1); +! if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), +! "xmlSaveFormatFile", +! XMLSEC_ERRORS_R_XML_FAILED, +! "filename=%s", +! xmlSecErrorsSafeString(filename)); +! xmlFreeDoc(doc); +! return(-1); +! } +! +! xmlFreeDoc(doc); +! return(0); + } ++ +*** misc/xmlsec1-1.2.6/src/nss/keytrans.c 2005-02-23 11:07:00.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/keytrans.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,744 ---- +! /** +! * +! * XMLSec library +! * +! * AES Algorithm support +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright ................................. +! */ +! #include "globals.h" +! +! #include <stdlib.h> +! #include <stdio.h> +! #include <string.h> +! +! #include <nss.h> +! #include <pk11func.h> +! #include <keyhi.h> +! #include <key.h> +! #include <hasht.h> +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/xmltree.h> +! #include <xmlsec/keys.h> +! #include <xmlsec/transforms.h> +! #include <xmlsec/errors.h> +! +! #include <xmlsec/nss/crypto.h> +! #include <xmlsec/nss/pkikeys.h> +! #include <xmlsec/nss/tokens.h> +! +! /********************************************************************* +! * +! * key transform transforms +! * +! ********************************************************************/ +! typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx ; +! typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr ; +! +! #define xmlSecNssKeyTransportSize \ +! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) +! +! #define xmlSecNssKeyTransportGetCtx( transform ) \ +! ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) +! +! struct _xmlSecNssKeyTransportCtx { +! CK_MECHANISM_TYPE cipher ; +! SECKEYPublicKey* pubkey ; +! SECKEYPrivateKey* prikey ; +! xmlSecKeyDataId keyId ; +! xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ +! } ; +! +! static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform); +! static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform); +! static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, +! xmlSecKeyReqPtr keyReq); +! static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, +! xmlSecKeyPtr key); +! static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, +! int last, +! xmlSecTransformCtxPtr transformCtx); +! static xmlSecSize xmlSecNssKeyTransportGetKeySize(xmlSecTransformPtr transform); +! +! static int +! xmlSecNssKeyTransportCheckId( +! xmlSecTransformPtr transform +! ) { +! #ifndef XMLSEC_NO_RSA +! if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) || +! xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) ) { +! +! return(1); +! } +! #endif /* XMLSEC_NO_RSA */ +! +! return(0); +! } +! +! static int +! xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { +! xmlSecNssKeyTransportCtxPtr context ; +! int ret; +! +! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); +! +! context = xmlSecNssKeyTransportGetCtx( transform ) ; +! xmlSecAssert2( context != NULL , -1 ) ; +! +! #ifndef XMLSEC_NO_RSA +! if( transform->id == xmlSecNssTransformRsaPkcs1Id ) { +! context->cipher = CKM_RSA_PKCS ; +! context->keyId = xmlSecNssKeyDataRsaId ; +! } else if( transform->id == xmlSecNssTransformRsaOaepId ) { +! context->cipher = CKM_RSA_PKCS_OAEP ; +! context->keyId = xmlSecNssKeyDataRsaId ; +! } else +! #endif /* XMLSEC_NO_RSA */ +! +! if( 1 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! NULL , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! context->pubkey = NULL ; +! context->prikey = NULL ; +! context->material = NULL ; +! +! return(0); +! } +! +! static void +! xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { +! xmlSecNssKeyTransportCtxPtr context ; +! +! xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); +! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); +! +! context = xmlSecNssKeyTransportGetCtx( transform ) ; +! xmlSecAssert( context != NULL ) ; +! +! if( context->pubkey != NULL ) { +! SECKEY_DestroyPublicKey( context->pubkey ) ; +! context->pubkey = NULL ; +! } +! +! if( context->prikey != NULL ) { +! SECKEY_DestroyPrivateKey( context->prikey ) ; +! context->prikey = NULL ; +! } +! +! if( context->material != NULL ) { +! xmlSecBufferDestroy(context->material); +! context->material = NULL ; +! } +! } +! +! static int +! xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { +! xmlSecNssKeyTransportCtxPtr context ; +! xmlSecSize cipherSize = 0 ; +! +! +! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); +! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +! xmlSecAssert2(keyReq != NULL, -1); +! +! context = xmlSecNssKeyTransportGetCtx( transform ) ; +! xmlSecAssert2( context != NULL , -1 ) ; +! +! keyReq->keyId = context->keyId; +! if(transform->operation == xmlSecTransformOperationEncrypt) { +! keyReq->keyUsage = xmlSecKeyUsageEncrypt; +! keyReq->keyType = xmlSecKeyDataTypePublic; +! } else { +! keyReq->keyUsage = xmlSecKeyUsageDecrypt; +! keyReq->keyType = xmlSecKeyDataTypePrivate; +! } +! +! return(0); +! } +! +! static int +! xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { +! xmlSecNssKeyTransportCtxPtr context = NULL ; +! xmlSecKeyDataPtr keyData = NULL ; +! SECKEYPublicKey* pubkey = NULL ; +! SECKEYPrivateKey* prikey = NULL ; +! +! xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); +! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +! xmlSecAssert2(key != NULL, -1); +! +! context = xmlSecNssKeyTransportGetCtx( transform ) ; +! if( context == NULL || context->keyId == NULL || context->pubkey != NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyTransportGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; +! +! keyData = xmlSecKeyGetValue( key ) ; +! if( keyData == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , +! "xmlSecKeyGetValue" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if(transform->operation == xmlSecTransformOperationEncrypt) { +! if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , +! "xmlSecNssPKIKeyDataGetPubKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! context->pubkey = pubkey ; +! } else { +! if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , +! "xmlSecNssPKIKeyDataGetPrivKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! context->prikey = prikey ; +! } +! +! return(0) ; +! } +! +! /** +! * key wrap transform +! */ +! static int +! xmlSecNssKeyTransportCtxInit( +! xmlSecNssKeyTransportCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! xmlSecTransformCtxPtr transformCtx +! ) { +! xmlSecSize blockSize ; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! if( ctx->material != NULL ) { +! xmlSecBufferDestroy( ctx->material ) ; +! ctx->material = NULL ; +! } +! +! if( ctx->pubkey != NULL ) { +! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; +! } else if( ctx->prikey != NULL ) { +! blockSize = PK11_SignatureLen( ctx->prikey ) ; +! } else { +! blockSize = -1 ; +! } +! +! if( blockSize < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! ctx->material = xmlSecBufferCreate( blockSize ) ; +! if( ctx->material == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferCreate" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! /* read raw key material into context */ +! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferSetData" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! return(0); +! } +! +! /** +! * key wrap transform update +! */ +! static int +! xmlSecNssKeyTransportCtxUpdate( +! xmlSecNssKeyTransportCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! xmlSecTransformCtxPtr transformCtx +! ) { +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( ctx->material != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! /* read raw key material and append into context */ +! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferAppend" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! return(0); +! } +! +! /** +! * Block cipher transform final +! */ +! static int +! xmlSecNssKeyTransportCtxFinal( +! xmlSecNssKeyTransportCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! xmlSecTransformCtxPtr transformCtx +! ) { +! SECKEYPublicKey* targetKey ; +! PK11SymKey* symKey ; +! PK11SlotInfo* slot ; +! SECItem oriskv ; +! xmlSecSize blockSize ; +! xmlSecBufferPtr result ; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( ctx->material != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! /* read raw key material and append into context */ +! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferAppend" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! /* Now we get all of the key materail */ +! /* from now on we will wrap or unwrap the key */ +! if( ctx->pubkey != NULL ) { +! blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; +! } else if( ctx->prikey != NULL ) { +! blockSize = PK11_SignatureLen( ctx->prikey ) ; +! } else { +! blockSize = -1 ; +! } +! +! if( blockSize < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_GetBlockSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! result = xmlSecBufferCreate( blockSize * 2 ) ; +! if( result == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferCreate" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! oriskv.type = siBuffer ; +! oriskv.data = xmlSecBufferGetData( ctx->material ) ; +! oriskv.len = xmlSecBufferGetSize( ctx->material ) ; +! +! if( encrypt != 0 ) { +! CK_OBJECT_HANDLE id ; +! SECItem wrpskv ; +! +! /* Create template symmetric key from material */ +! if( ( slot = ctx->pubkey->pkcs11Slot ) == NULL ) { +! slot = xmlSecNssSlotGet( ctx->cipher ) ; +! if( slot == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssSlotGet" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! +! id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; +! if( id == CK_INVALID_HANDLE ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_ImportPublicKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy(result); +! PK11_FreeSlot( slot ) ; +! return(-1); +! } +! } +! +! /* pay attention to mechanism */ +! symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; +! if( symKey == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_ImportSymKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy(result); +! PK11_FreeSlot( slot ) ; +! return(-1); +! } +! +! wrpskv.type = siBuffer ; +! wrpskv.data = xmlSecBufferGetData( result ) ; +! wrpskv.len = xmlSecBufferGetMaxSize( result ) ; +! +! if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_PubWrapSymKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSymKey( symKey ) ; +! xmlSecBufferDestroy(result); +! PK11_FreeSlot( slot ) ; +! return(-1); +! } +! +! if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferSetSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSymKey( symKey ) ; +! xmlSecBufferDestroy(result); +! PK11_FreeSlot( slot ) ; +! return(-1); +! } +! PK11_FreeSymKey( symKey ) ; +! PK11_FreeSlot( slot ) ; +! } else { +! SECItem* keyItem ; +! CK_OBJECT_HANDLE id1 ; +! +! /* pay attention to mechanism */ +! if( ( symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_PubUnwrapSymKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! +! /* Extract raw data from symmetric key */ +! if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_ExtractKeyValue" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSymKey( symKey ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! +! if( ( keyItem = PK11_GetKeyData( symKey ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_GetKeyData" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSymKey( symKey ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! +! if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_PubUnwrapSymKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSymKey( symKey ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! PK11_FreeSymKey( symKey ) ; +! } +! +! /* Write output */ +! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferAppend" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! xmlSecBufferDestroy(result); +! +! return(0); +! } +! +! static int +! xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { +! xmlSecNssKeyTransportCtxPtr context = NULL ; +! xmlSecBufferPtr inBuf, outBuf ; +! int operation ; +! int rtv ; +! +! xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; +! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; +! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! context = xmlSecNssKeyTransportGetCtx( transform ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyTransportGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! inBuf = &( transform->inBuf ) ; +! outBuf = &( transform->outBuf ) ; +! +! if( transform->status == xmlSecTransformStatusNone ) { +! transform->status = xmlSecTransformStatusWorking ; +! } +! +! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; +! if( transform->status == xmlSecTransformStatusWorking ) { +! if( context->material == NULL ) { +! rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyTransportCtxInit" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! } +! +! if( context->material == NULL && last != 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "No enough data to intialize transform" ) ; +! return(-1); +! } +! +! if( context->material != NULL ) { +! rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyTransportCtxUpdate" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! } +! +! if( last ) { +! rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyTransportCtxFinal" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! transform->status = xmlSecTransformStatusFinished ; +! } +! } else if( transform->status == xmlSecTransformStatusFinished ) { +! if( xmlSecBufferGetSize( inBuf ) != 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "status=%d", transform->status ) ; +! return(-1); +! } +! } else { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "status=%d", transform->status ) ; +! return(-1); +! } +! +! return(0); +! } +! +! +! #ifndef XMLSEC_NO_RSA +! +! static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ +! +! xmlSecNameRsaPkcs1, /* const xmlChar* name; */ +! xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; +! +! static xmlSecTransformKlass xmlSecNssRsaOaepKlass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ +! +! xmlSecNameRsaOaep, /* const xmlChar* name; */ +! xmlSecHrefRsaOaep, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; +! +! /** +! * xmlSecNssTransformRsaPkcs1GetKlass: +! * +! * The RSA-PKCS1 key transport transform klass. +! * +! * Returns RSA-PKCS1 key transport transform klass. +! */ +! xmlSecTransformId +! xmlSecNssTransformRsaPkcs1GetKlass(void) { +! return(&xmlSecNssRsaPkcs1Klass); +! } +! +! /** +! * xmlSecNssTransformRsaOaepGetKlass: +! * +! * The RSA-PKCS1 key transport transform klass. +! * +! * Returns RSA-PKCS1 key transport transform klass. +! */ +! xmlSecTransformId +! xmlSecNssTransformRsaOaepGetKlass(void) { +! return(&xmlSecNssRsaOaepKlass); +! } +! +! #endif /* XMLSEC_NO_RSA */ +! +*** misc/xmlsec1-1.2.6/src/nss/keywrapers.c 2005-02-23 11:07:01.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/keywrapers.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,1197 ---- +! /** +! * +! * XMLSec library +! * +! * AES Algorithm support +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright ................................. +! */ +! #include "globals.h" +! +! #include <stdlib.h> +! #include <stdio.h> +! #include <string.h> +! +! #include <nss.h> +! #include <pk11func.h> +! #include <hasht.h> +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/xmltree.h> +! #include <xmlsec/keys.h> +! #include <xmlsec/transforms.h> +! #include <xmlsec/errors.h> +! +! #include <xmlsec/nss/crypto.h> +! #include <xmlsec/nss/ciphers.h> +! +! #define XMLSEC_NSS_AES128_KEY_SIZE 16 +! #define XMLSEC_NSS_AES192_KEY_SIZE 24 +! #define XMLSEC_NSS_AES256_KEY_SIZE 32 +! #define XMLSEC_NSS_DES3_KEY_SIZE 24 +! #define XMLSEC_NSS_DES3_KEY_LENGTH 24 +! #define XMLSEC_NSS_DES3_IV_LENGTH 8 +! #define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 +! +! static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { +! 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 +! }; +! +! /********************************************************************* +! * +! * key wrap transforms +! * +! ********************************************************************/ +! typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; +! typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; +! +! #define xmlSecNssKeyWrapSize \ +! ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) +! +! #define xmlSecNssKeyWrapGetCtx( transform ) \ +! ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) +! +! struct _xmlSecNssKeyWrapCtx { +! CK_MECHANISM_TYPE cipher ; +! PK11SymKey* symkey ; +! xmlSecKeyDataId keyId ; +! xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ +! } ; +! +! static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); +! static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); +! static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, +! xmlSecKeyReqPtr keyReq); +! static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, +! xmlSecKeyPtr key); +! static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, +! int last, +! xmlSecTransformCtxPtr transformCtx); +! static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); +! +! static int +! xmlSecNssKeyWrapCheckId( +! xmlSecTransformPtr transform +! ) { +! #ifndef XMLSEC_NO_DES +! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { +! return(1); +! } +! #endif /* XMLSEC_NO_DES */ +! +! #ifndef XMLSEC_NO_AES +! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || +! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || +! xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { +! +! return(1); +! } +! #endif /* XMLSEC_NO_AES */ +! +! return(0); +! } +! +! static xmlSecSize +! xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { +! #ifndef XMLSEC_NO_DES +! if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { +! return(XMLSEC_NSS_DES3_KEY_SIZE); +! } else +! #endif /* XMLSEC_NO_DES */ +! +! #ifndef XMLSEC_NO_AES +! if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { +! return(XMLSEC_NSS_AES128_KEY_SIZE); +! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { +! return(XMLSEC_NSS_AES192_KEY_SIZE); +! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { +! return(XMLSEC_NSS_AES256_KEY_SIZE); +! } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { +! return(XMLSEC_NSS_AES256_KEY_SIZE); +! } else +! #endif /* XMLSEC_NO_AES */ +! +! if(1) +! return(0); +! } +! +! +! static int +! xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { +! xmlSecNssKeyWrapCtxPtr context ; +! int ret; +! +! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); +! +! context = xmlSecNssKeyWrapGetCtx( transform ) ; +! xmlSecAssert2( context != NULL , -1 ) ; +! +! #ifndef XMLSEC_NO_DES +! if( transform->id == xmlSecNssTransformKWDes3Id ) { +! context->cipher = CKM_DES3_CBC ; +! context->keyId = xmlSecNssKeyDataDesId ; +! } else +! #endif /* XMLSEC_NO_DES */ +! +! #ifndef XMLSEC_NO_AES +! if( transform->id == xmlSecNssTransformKWAes128Id ) { +! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ; +! context->cipher = CKM_AES_CBC ; +! context->keyId = xmlSecNssKeyDataAesId ; +! } else +! if( transform->id == xmlSecNssTransformKWAes192Id ) { +! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ; +! context->cipher = CKM_AES_CBC ; +! context->keyId = xmlSecNssKeyDataAesId ; +! } else +! if( transform->id == xmlSecNssTransformKWAes256Id ) { +! // context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ; +! context->cipher = CKM_AES_CBC ; +! context->keyId = xmlSecNssKeyDataAesId ; +! } else +! #endif /* XMLSEC_NO_AES */ +! +! +! if( 1 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +! NULL , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! context->symkey = NULL ; +! context->material = NULL ; +! +! return(0); +! } +! +! static void +! xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { +! xmlSecNssKeyWrapCtxPtr context ; +! +! xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); +! xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); +! +! context = xmlSecNssKeyWrapGetCtx( transform ) ; +! xmlSecAssert( context != NULL ) ; +! +! if( context->symkey != NULL ) { +! PK11_FreeSymKey( context->symkey ) ; +! context->symkey = NULL ; +! } +! +! if( context->material != NULL ) { +! xmlSecBufferDestroy(context->material); +! context->material = NULL ; +! } +! } +! +! static int +! xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { +! xmlSecNssKeyWrapCtxPtr context ; +! xmlSecSize cipherSize = 0 ; +! +! +! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); +! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +! xmlSecAssert2(keyReq != NULL, -1); +! +! context = xmlSecNssKeyWrapGetCtx( transform ) ; +! xmlSecAssert2( context != NULL , -1 ) ; +! +! keyReq->keyId = context->keyId; +! keyReq->keyType = xmlSecKeyDataTypeSymmetric; +! if(transform->operation == xmlSecTransformOperationEncrypt) { +! keyReq->keyUsage = xmlSecKeyUsageEncrypt; +! } else { +! keyReq->keyUsage = xmlSecKeyUsageDecrypt; +! } +! +! keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; +! +! return(0); +! } +! +! static int +! xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { +! xmlSecNssKeyWrapCtxPtr context = NULL ; +! xmlSecKeyDataPtr keyData = NULL ; +! PK11SymKey* symkey = NULL ; +! +! xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); +! xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); +! xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); +! xmlSecAssert2(key != NULL, -1); +! +! context = xmlSecNssKeyWrapGetCtx( transform ) ; +! if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyWrapGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; +! +! keyData = xmlSecKeyGetValue( key ) ; +! if( keyData == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , +! "xmlSecKeyGetValue" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , +! "xmlSecNssSymKeyDataGetKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! context->symkey = symkey ; +! +! return(0) ; +! } +! +! /** +! * key wrap transform +! */ +! static int +! xmlSecNssKeyWrapCtxInit( +! xmlSecNssKeyWrapCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! xmlSecTransformCtxPtr transformCtx +! ) { +! xmlSecSize blockSize ; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! if( ctx->material != NULL ) { +! xmlSecBufferDestroy( ctx->material ) ; +! ctx->material = NULL ; +! } +! +! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_GetBlockSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! ctx->material = xmlSecBufferCreate( blockSize ) ; +! if( ctx->material == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferCreate" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! /* read raw key material into context */ +! if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferSetData" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! return(0); +! } +! +! /** +! * key wrap transform update +! */ +! static int +! xmlSecNssKeyWrapCtxUpdate( +! xmlSecNssKeyWrapCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! xmlSecTransformCtxPtr transformCtx +! ) { +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( ctx->material != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! /* read raw key material and append into context */ +! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferAppend" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! return(0); +! } +! +! /** +! * Block cipher transform final +! */ +! static int +! xmlSecNssKeyWrapCtxFinal( +! xmlSecNssKeyWrapCtxPtr ctx , +! xmlSecBufferPtr in , +! xmlSecBufferPtr out , +! int encrypt , +! xmlSecTransformCtxPtr transformCtx +! ) { +! PK11SymKey* targetKey ; +! xmlSecSize blockSize ; +! xmlSecBufferPtr result ; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( ctx->material != NULL , -1 ) ; +! xmlSecAssert2( in != NULL , -1 ) ; +! xmlSecAssert2( out != NULL , -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! /* read raw key material and append into context */ +! if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferAppend" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferRemoveHead" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! /* Now we get all of the key materail */ +! /* from now on we will wrap or unwrap the key */ +! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_GetBlockSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! result = xmlSecBufferCreate( blockSize ) ; +! if( result == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferCreate" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! switch( ctx->cipher ) { +! case CKM_DES3_CBC : +! if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssKeyWrapDesOp" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! break ; +! // case CKM_NETSCAPE_AES_KEY_WRAP : +! case CKM_AES_CBC : +! if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecNssKeyWrapAesOp" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! break ; +! } +! +! /* Write output */ +! if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferAppend" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecBufferDestroy(result); +! return(-1); +! } +! xmlSecBufferDestroy(result); +! +! return(0); +! } +! +! static int +! xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { +! xmlSecSize s; +! xmlSecSize i; +! xmlSecByte c; +! +! xmlSecAssert2(buf != NULL, -1); +! +! s = size / 2; +! --size; +! for(i = 0; i < s; ++i) { +! c = buf[i]; +! buf[i] = buf[size - i]; +! buf[size - i] = c; +! } +! return(0); +! } +! +! static xmlSecByte * +! xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, +! xmlSecByte *out, xmlSecSize outSize) +! { +! PK11Context *context = NULL; +! SECStatus s; +! xmlSecByte *digest = NULL; +! unsigned int len; +! +! xmlSecAssert2(in != NULL, NULL); +! xmlSecAssert2(out != NULL, NULL); +! xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); +! +! /* Create a context for hashing (digesting) */ +! context = PK11_CreateDigestContext(SEC_OID_SHA1); +! if (context == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_CreateDigestContext", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code = %d", PORT_GetError()); +! goto done; +! } +! +! s = PK11_DigestBegin(context); +! if (s != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_DigestBegin", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code = %d", PORT_GetError()); +! goto done; +! } +! +! s = PK11_DigestOp(context, in, inSize); +! if (s != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_DigestOp", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code = %d", PORT_GetError()); +! goto done; +! } +! +! s = PK11_DigestFinal(context, out, &len, outSize); +! if (s != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_DigestFinal", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code = %d", PORT_GetError()); +! goto done; +! } +! xmlSecAssert2(len == SHA1_LENGTH, NULL); +! +! digest = out; +! +! done: +! if (context != NULL) { +! PK11_DestroyContext(context, PR_TRUE); +! } +! return (digest); +! } +! +! static int +! xmlSecNssKWDes3Encrypt( +! PK11SymKey* symKey , +! CK_MECHANISM_TYPE cipherMech , +! const xmlSecByte* iv , +! xmlSecSize ivSize , +! const xmlSecByte* in , +! xmlSecSize inSize , +! xmlSecByte* out , +! xmlSecSize outSize , +! int enc +! ) { +! PK11Context* EncContext = NULL; +! SECItem ivItem ; +! SECItem* secParam = NULL ; +! int tmp1_outlen; +! unsigned int tmp2_outlen; +! int result_len = -1; +! SECStatus rv; +! +! xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( symKey != NULL , -1 ) ; +! xmlSecAssert2(iv != NULL, -1); +! xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); +! xmlSecAssert2(in != NULL, -1); +! xmlSecAssert2(inSize > 0, -1); +! xmlSecAssert2(out != NULL, -1); +! xmlSecAssert2(outSize >= inSize, -1); +! +! /* Prepare IV */ +! ivItem.data = ( unsigned char* )iv ; +! ivItem.len = ivSize ; +! +! secParam = PK11_ParamFromIV(cipherMech, &ivItem); +! if (secParam == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_ParamFromIV", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "Error code = %d", PORT_GetError()); +! goto done; +! } +! +! EncContext = PK11_CreateContextBySymKey(cipherMech, +! enc ? CKA_ENCRYPT : CKA_DECRYPT, +! symKey, secParam); +! if (EncContext == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_CreateContextBySymKey", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "Error code = %d", PORT_GetError()); +! goto done; +! } +! +! tmp1_outlen = tmp2_outlen = 0; +! rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, +! (unsigned char *)in, inSize); +! if (rv != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_CipherOp", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "Error code = %d", PORT_GetError()); +! goto done; +! } +! +! rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, +! &tmp2_outlen, outSize-tmp1_outlen); +! if (rv != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_DigestFinal", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "Error code = %d", PORT_GetError()); +! goto done; +! } +! +! result_len = tmp1_outlen + tmp2_outlen; +! +! done: +! if (secParam) { +! SECITEM_FreeItem(secParam, PR_TRUE); +! } +! if (EncContext) { +! PK11_DestroyContext(EncContext, PR_TRUE); +! } +! +! return(result_len); +! } +! +! static int +! xmlSecNssKeyWrapDesOp( +! xmlSecNssKeyWrapCtxPtr ctx , +! int encrypt , +! xmlSecBufferPtr result +! ) { +! xmlSecByte sha1[SHA1_LENGTH]; +! xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; +! xmlSecByte* in; +! xmlSecSize inSize; +! xmlSecByte* out; +! xmlSecSize outSize; +! xmlSecSize s; +! int ret; +! SECStatus status; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( ctx->material != NULL , -1 ) ; +! xmlSecAssert2( result != NULL , -1 ) ; +! +! in = xmlSecBufferGetData(ctx->material); +! inSize = xmlSecBufferGetSize(ctx->material) ; +! out = xmlSecBufferGetData(result); +! outSize = xmlSecBufferGetMaxSize(result) ; +! if( encrypt ) { +! /* step 2: calculate sha1 and CMS */ +! if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssComputeSHA1", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! /* step 3: construct WKCKS */ +! memcpy(out, in, inSize); +! memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); +! +! /* step 4: generate random iv */ +! status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); +! if(status != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PK11_GenerateRandom", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code = %d", PORT_GetError()); +! return(-1); +! } +! +! /* step 5: first encryption, result is TEMP1 */ +! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, +! iv, XMLSEC_NSS_DES3_IV_LENGTH, +! out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, +! out, outSize, 1); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssKWDes3Encrypt", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! /* step 6: construct TEMP2=IV || TEMP1 */ +! memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, +! inSize + XMLSEC_NSS_DES3_IV_LENGTH); +! memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); +! s = ret + XMLSEC_NSS_DES3_IV_LENGTH; +! +! /* step 7: reverse octets order, result is TEMP3 */ +! ret = xmlSecNssKWDes3BufferReverse(out, s); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssKWDes3BufferReverse", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! /* step 8: second encryption with static IV */ +! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, +! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, +! out, s, +! out, outSize, 1); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssKWDes3Encrypt", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! s = ret; +! +! if( xmlSecBufferSetSize( result , s ) < 0 ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBufferSetSize", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! } else { +! /* step 2: first decryption with static IV, result is TEMP3 */ +! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, +! xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, +! in, inSize, +! out, outSize, 0); +! if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssKWDes3Encrypt", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! s = ret; +! +! /* step 3: reverse octets order in TEMP3, result is TEMP2 */ +! ret = xmlSecNssKWDes3BufferReverse(out, s); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssKWDes3BufferReverse", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ +! ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, +! out, XMLSEC_NSS_DES3_IV_LENGTH, +! out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, +! out, outSize, 0); +! if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssKWDes3Encrypt", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! s = ret - XMLSEC_NSS_DES3_IV_LENGTH; +! +! /* steps 6 and 7: calculate SHA1 and validate it */ +! if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssComputeSHA1", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "SHA1 does not match"); +! return(-1); +! } +! +! if( xmlSecBufferSetSize( result , s ) < 0 ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBufferSetSize", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! } +! +! return(0); +! } +! +! static int +! xmlSecNssKeyWrapAesOp( +! xmlSecNssKeyWrapCtxPtr ctx , +! int encrypt , +! xmlSecBufferPtr result +! ) { +! PK11Context* cipherCtx = NULL; +! SECItem ivItem ; +! SECItem* secParam = NULL ; +! xmlSecSize inSize ; +! xmlSecSize inBlocks ; +! int blockSize ; +! int midSize ; +! int finSize ; +! xmlSecByte* out ; +! xmlSecSize outSize; +! +! xmlSecAssert2( ctx != NULL , -1 ) ; +! xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; +! xmlSecAssert2( ctx->symkey != NULL , -1 ) ; +! xmlSecAssert2( ctx->keyId != NULL , -1 ) ; +! xmlSecAssert2( ctx->material != NULL , -1 ) ; +! xmlSecAssert2( result != NULL , -1 ) ; +! +! /* Do not set any IV */ +! memset(&ivItem, 0, sizeof(ivItem)); +! +! /* Get block size */ +! if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_GetBlockSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! inSize = xmlSecBufferGetSize( ctx->material ) ; +! if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferSetMaxSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! /* Get Param for context initialization */ +! if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_ParamFromIV" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; +! if( cipherCtx == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_CreateContextBySymKey" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! SECITEM_FreeItem( secParam , PR_TRUE ) ; +! return(-1); +! } +! +! out = xmlSecBufferGetData(result) ; +! outSize = xmlSecBufferGetMaxSize(result) ; +! if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_CipherOp" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "PK11_DigestFinal" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! "xmlSecBufferSetSize" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! return 0 ; +! } +! +! static int +! xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { +! xmlSecNssKeyWrapCtxPtr context = NULL ; +! xmlSecBufferPtr inBuf, outBuf ; +! int operation ; +! int rtv ; +! +! xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; +! xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; +! xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; +! xmlSecAssert2( transformCtx != NULL , -1 ) ; +! +! context = xmlSecNssKeyWrapGetCtx( transform ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyWrapGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! inBuf = &( transform->inBuf ) ; +! outBuf = &( transform->outBuf ) ; +! +! if( transform->status == xmlSecTransformStatusNone ) { +! transform->status = xmlSecTransformStatusWorking ; +! } +! +! operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; +! if( transform->status == xmlSecTransformStatusWorking ) { +! if( context->material == NULL ) { +! rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyWrapCtxInit" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! } +! +! if( context->material == NULL && last != 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "No enough data to intialize transform" ) ; +! return(-1); +! } +! +! if( context->material != NULL ) { +! rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyWrapCtxUpdate" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! } +! +! if( last ) { +! rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; +! if( rtv < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! "xmlSecNssKeyWrapCtxFinal" , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! transform->status = xmlSecTransformStatusFinished ; +! } +! } else if( transform->status == xmlSecTransformStatusFinished ) { +! if( xmlSecBufferGetSize( inBuf ) != 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "status=%d", transform->status ) ; +! return(-1); +! } +! } else { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , +! NULL , +! XMLSEC_ERRORS_R_INVALID_STATUS , +! "status=%d", transform->status ) ; +! return(-1); +! } +! +! return(0); +! } +! +! #ifndef XMLSEC_NO_AES +! +! +! static xmlSecTransformKlass xmlSecNssKWAes128Klass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ +! +! xmlSecNameKWAes128, /* const xmlChar* name; */ +! xmlSecHrefKWAes128, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; +! +! static xmlSecTransformKlass xmlSecNssKWAes192Klass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ +! +! xmlSecNameKWAes192, /* const xmlChar* name; */ +! xmlSecHrefKWAes192, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; +! +! static xmlSecTransformKlass xmlSecNssKWAes256Klass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ +! +! xmlSecNameKWAes256, /* const xmlChar* name; */ +! xmlSecHrefKWAes256, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; +! +! /** +! * xmlSecNssTransformKWAes128GetKlass: +! * +! * The AES-128 key wrapper transform klass. +! * +! * Returns AES-128 key wrapper transform klass. +! */ +! xmlSecTransformId +! xmlSecNssTransformKWAes128GetKlass(void) { +! return(&xmlSecNssKWAes128Klass); +! } +! +! /** +! * xmlSecNssTransformKWAes192GetKlass: +! * +! * The AES-192 key wrapper transform klass. +! * +! * Returns AES-192 key wrapper transform klass. +! */ +! xmlSecTransformId +! xmlSecNssTransformKWAes192GetKlass(void) { +! return(&xmlSecNssKWAes192Klass); +! } +! +! /** +! * +! * The AES-256 key wrapper transform klass. +! * +! * Returns AES-256 key wrapper transform klass. +! */ +! xmlSecTransformId +! xmlSecNssTransformKWAes256GetKlass(void) { +! return(&xmlSecNssKWAes256Klass); +! } +! +! #endif /* XMLSEC_NO_AES */ +! +! +! #ifndef XMLSEC_NO_DES +! +! static xmlSecTransformKlass xmlSecNssKWDes3Klass = { +! /* klass/object sizes */ +! sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ +! xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ +! +! xmlSecNameKWDes3, /* const xmlChar* name; */ +! xmlSecHrefKWDes3, /* const xmlChar* href; */ +! xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ +! +! xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ +! xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ +! NULL, /* xmlSecTransformNodeReadMethod readNode; */ +! NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ +! xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ +! xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ +! NULL, /* xmlSecTransformValidateMethod validate; */ +! xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ +! xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ +! xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ +! NULL, /* xmlSecTransformPushXmlMethod pushXml; */ +! NULL, /* xmlSecTransformPopXmlMethod popXml; */ +! xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ +! +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ +! }; +! +! /** +! * xmlSecNssTransformKWDes3GetKlass: +! * +! * The Triple DES key wrapper transform klass. +! * +! * Returns Triple DES key wrapper transform klass. +! */ +! xmlSecTransformId +! xmlSecNssTransformKWDes3GetKlass(void) { +! return(&xmlSecNssKWDes3Klass); +! } +! +! #endif /* XMLSEC_NO_DES */ +! +*** misc/xmlsec1-1.2.6/src/nss/Makefile.am 2003-09-16 17:43:03.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.am 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 20,40 **** + $(NULL) + + libxmlsec1_nss_la_SOURCES =\ + app.c \ + bignum.c \ + ciphers.c \ + crypto.c \ + digests.c \ + hmac.c \ + pkikeys.c \ + signatures.c \ + symkeys.c \ + x509.c \ + x509vfy.c \ +- keysstore.c \ +- kt_rsa.c \ +- kw_des.c \ +- kw_aes.c \ + $(NULL) + + libxmlsec1_nss_la_LIBADD = \ +--- 20,41 ---- + $(NULL) + + libxmlsec1_nss_la_SOURCES =\ ++ akmngr.c \ + app.c \ + bignum.c \ + ciphers.c \ + crypto.c \ + digests.c \ + hmac.c \ ++ keysstore.c \ ++ keytrans.c \ ++ keywrapers.c \ + pkikeys.c \ + signatures.c \ + symkeys.c \ ++ tokens.c \ + x509.c \ + x509vfy.c \ + $(NULL) + + libxmlsec1_nss_la_LIBADD = \ +*** misc/xmlsec1-1.2.6/src/nss/Makefile.in 2004-08-26 14:00:32.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/Makefile.in 2005-02-23 11:06:38.000000000 +0800 +*************** +*** 54,62 **** + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + am__objects_1 = +! am_libxmlsec1_nss_la_OBJECTS = app.lo bignum.lo ciphers.lo crypto.lo \ + digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ +! x509vfy.lo keysstore.lo kt_rsa.lo kw_des.lo kw_aes.lo \ + $(am__objects_1) + libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) + DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +--- 54,62 ---- + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + am__objects_1 = +! am_libxmlsec1_nss_la_OBJECTS = akmngr.lo app.lo bignum.lo ciphers.lo crypto.lo \ + digests.lo hmac.lo pkikeys.lo signatures.lo symkeys.lo x509.lo \ +! x509vfy.lo keysstore.lo tokens.lo keytrans.lo keywrapers.lo \ + $(am__objects_1) + libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) + DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +*************** +*** 65,75 **** + @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ +! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/kt_rsa.Plo \ +! @AMDEP_TRUE@ ./$(DEPDIR)/kw_aes.Plo ./$(DEPDIR)/kw_des.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ +! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) + LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ +--- 65,75 ---- + @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/app.Plo ./$(DEPDIR)/bignum.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/ciphers.Plo ./$(DEPDIR)/crypto.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/digests.Plo ./$(DEPDIR)/hmac.Plo \ +! @AMDEP_TRUE@ ./$(DEPDIR)/keysstore.Plo ./$(DEPDIR)/tokens.Plo \ +! @AMDEP_TRUE@ ./$(DEPDIR)/keywrapers.Plo ./$(DEPDIR)/keytrans.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/pkikeys.Plo ./$(DEPDIR)/signatures.Plo \ + @AMDEP_TRUE@ ./$(DEPDIR)/symkeys.Plo ./$(DEPDIR)/x509.Plo \ +! @AMDEP_TRUE@ ./$(DEPDIR)/x509vfy.Plo ./$(DEPDIR)/akmngr.Plo + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) + LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ +*************** +*** 321,341 **** + $(NULL) + + libxmlsec1_nss_la_SOURCES = \ + app.c \ + bignum.c \ + ciphers.c \ + crypto.c \ + digests.c \ + hmac.c \ + pkikeys.c \ + signatures.c \ + symkeys.c \ + x509.c \ + x509vfy.c \ +- keysstore.c \ +- kt_rsa.c \ +- kw_des.c \ +- kw_aes.c \ + $(NULL) + + libxmlsec1_nss_la_LIBADD = \ +--- 321,342 ---- + $(NULL) + + libxmlsec1_nss_la_SOURCES = \ ++ akmngr.c \ + app.c \ + bignum.c \ + ciphers.c \ + crypto.c \ + digests.c \ + hmac.c \ ++ keysstore.c \ ++ keytrans.c \ ++ keywrappers.c \ + pkikeys.c \ + signatures.c \ + symkeys.c \ ++ tokens.c \ + x509.c \ + x509vfy.c \ + $(NULL) + + libxmlsec1_nss_la_LIBADD = \ +*************** +*** 418,423 **** +--- 419,425 ---- + distclean-compile: + -rm -f *.tab.c + ++ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/akmngr.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bignum.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Plo@am__quote@ +*************** +*** 425,433 **** + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ +! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kt_rsa.Plo@am__quote@ +! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes.Plo@am__quote@ +! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_des.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ +--- 427,435 ---- + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digests.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysstore.Plo@am__quote@ +! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tokens.Plo@am__quote@ +! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keywrapers.Plo@am__quote@ +! @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytrans.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkikeys.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signatures.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symkeys.Plo@am__quote@ +*** misc/xmlsec1-1.2.6/src/nss/pkikeys.c 2004-03-17 13:06:45.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/pkikeys.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 5,10 **** +--- 5,11 ---- + * distribution for preciese wording. + * + * Copyright (c) 2003 America Online, Inc. All rights reserved. ++ * Copyright ........................... + */ + #include "globals.h" + +*************** +*** 24,29 **** +--- 25,31 ---- + #include <xmlsec/nss/crypto.h> + #include <xmlsec/nss/bignum.h> + #include <xmlsec/nss/pkikeys.h> ++ #include <xmlsec/nss/tokens.h> + + /************************************************************************** + * +*************** +*** 98,111 **** + { + xmlSecAssert(ctx != NULL); + if (ctx->privkey != NULL) { +! SECKEY_DestroyPrivateKey(ctx->privkey); +! ctx->privkey = NULL; + } + +! if (ctx->pubkey) +! { +! SECKEY_DestroyPublicKey(ctx->pubkey); +! ctx->pubkey = NULL; + } + + } +--- 100,112 ---- + { + xmlSecAssert(ctx != NULL); + if (ctx->privkey != NULL) { +! SECKEY_DestroyPrivateKey(ctx->privkey); +! ctx->privkey = NULL; + } + +! if (ctx->pubkey) { +! SECKEY_DestroyPublicKey(ctx->pubkey); +! ctx->pubkey = NULL; + } + + } +*************** +*** 115,143 **** + xmlSecNssPKIKeyDataCtxPtr ctxSrc) + { + xmlSecNSSPKIKeyDataCtxFree(ctxDst); + if (ctxSrc->privkey != NULL) { +! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); +! if(ctxDst->privkey == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "SECKEY_CopyPrivateKey", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } + } + + if (ctxSrc->pubkey != NULL) { +! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); +! if(ctxDst->pubkey == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "SECKEY_CopyPublicKey", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } + } + return (0); + } + +--- 116,147 ---- + xmlSecNssPKIKeyDataCtxPtr ctxSrc) + { + xmlSecNSSPKIKeyDataCtxFree(ctxDst); ++ ctxDst->privkey = NULL ; ++ ctxDst->pubkey = NULL ; + if (ctxSrc->privkey != NULL) { +! ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); +! if(ctxDst->privkey == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "SECKEY_CopyPrivateKey", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); +! return(-1); +! } + } + + if (ctxSrc->pubkey != NULL) { +! ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); +! if(ctxDst->pubkey == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "SECKEY_CopyPublicKey", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); +! return(-1); +! } + } ++ + return (0); + } + +*************** +*** 147,166 **** + SECKEYPublicKey *pubkey) + { + xmlSecNssPKIKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); + + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + if (ctx->privkey) { +! SECKEY_DestroyPrivateKey(ctx->privkey); + } + ctx->privkey = privkey; + + if (ctx->pubkey) { +! SECKEY_DestroyPublicKey(ctx->pubkey); + } + ctx->pubkey = pubkey; + +--- 151,191 ---- + SECKEYPublicKey *pubkey) + { + xmlSecNssPKIKeyDataCtxPtr ctx; ++ KeyType pubType = nullKey ; ++ KeyType priType = nullKey ; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); + ++ if( privkey != NULL ) { ++ priType = SECKEY_GetPrivateKeyType( privkey ) ; ++ } ++ ++ if( pubkey != NULL ) { ++ pubType = SECKEY_GetPublicKeyType( pubkey ) ; ++ } ++ ++ if( priType != nullKey && pubType != nullKey ) { ++ if( pubType != priType ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "different type of private and public key" ) ; ++ return -1 ; ++ } ++ } ++ + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + if (ctx->privkey) { +! SECKEY_DestroyPrivateKey(ctx->privkey); + } + ctx->privkey = privkey; + + if (ctx->pubkey) { +! SECKEY_DestroyPublicKey(ctx->pubkey); + } + ctx->pubkey = pubkey; + +*************** +*** 183,243 **** + { + xmlSecKeyDataPtr data = NULL; + int ret; +! KeyType kt; +! +! if (pubkey != NULL) { +! kt = SECKEY_GetPublicKeyType(pubkey); +! } else { +! kt = SECKEY_GetPrivateKeyType(privkey); +! pubkey = SECKEY_ConvertToPublicKey(privkey); +! } + +! switch(kt) { + #ifndef XMLSEC_NO_RSA + case rsaKey: +! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); +! if(data == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecKeyDataCreate", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "xmlSecNssKeyDataRsaId"); +! return(NULL); +! } +! break; + #endif /* XMLSEC_NO_RSA */ + #ifndef XMLSEC_NO_DSA + case dsaKey: +! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); +! if(data == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecKeyDataCreate", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "xmlSecNssKeyDataDsaId"); +! return(NULL); +! } +! break; + #endif /* XMLSEC_NO_DSA */ + default: +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_TYPE, +! "PKI key type %d not supported", kt); +! return(NULL); + } + + xmlSecAssert2(data != NULL, NULL); + ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); + if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssPKIKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +! xmlSecKeyDataDestroy(data); +! return(NULL); + } + return(data); + } +--- 208,282 ---- + { + xmlSecKeyDataPtr data = NULL; + int ret; +! KeyType pubType = nullKey ; +! KeyType priType = nullKey ; + +! if( privkey != NULL ) { +! priType = SECKEY_GetPrivateKeyType( privkey ) ; +! } +! +! if( pubkey != NULL ) { +! pubType = SECKEY_GetPublicKeyType( pubkey ) ; +! } +! +! if( priType != nullKey && pubType != nullKey ) { +! if( pubType != priType ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! "different type of private and public key" ) ; +! return( NULL ) ; +! } +! } +! +! pubType = priType != nullKey ? priType : pubType ; +! switch(pubType) { + #ifndef XMLSEC_NO_RSA + case rsaKey: +! data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); +! if(data == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecKeyDataCreate", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "xmlSecNssKeyDataRsaId"); +! return(NULL); +! } +! break; + #endif /* XMLSEC_NO_RSA */ + #ifndef XMLSEC_NO_DSA + case dsaKey: +! data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); +! if(data == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecKeyDataCreate", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "xmlSecNssKeyDataDsaId"); +! return(NULL); +! } +! break; + #endif /* XMLSEC_NO_DSA */ + default: +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_TYPE, +! "PKI key type %d not supported", pubType); +! return(NULL); + } + + xmlSecAssert2(data != NULL, NULL); + ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); + if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecNssPKIKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); +! xmlSecKeyDataDestroy(data); +! return(NULL); + } + return(data); + } +*************** +*** 263,269 **** + xmlSecAssert2(ctx != NULL, NULL); + xmlSecAssert2(ctx->pubkey != NULL, NULL); + +! ret = SECKEY_CopyPublicKey(ctx->pubkey); + return(ret); + } + +--- 302,308 ---- + xmlSecAssert2(ctx != NULL, NULL); + xmlSecAssert2(ctx->pubkey != NULL, NULL); + +! ret = SECKEY_CopyPublicKey(ctx->pubkey); + return(ret); + } + +*************** +*** 312,320 **** + xmlSecAssert2(ctx != NULL, nullKey); + + if (ctx->pubkey != NULL) { +! kt = SECKEY_GetPublicKeyType(ctx->pubkey); + } else { +! kt = SECKEY_GetPrivateKeyType(ctx->privkey); + } + return(kt); + } +--- 351,359 ---- + xmlSecAssert2(ctx != NULL, nullKey); + + if (ctx->pubkey != NULL) { +! kt = SECKEY_GetPublicKeyType(ctx->pubkey); + } else { +! kt = SECKEY_GetPrivateKeyType(ctx->privkey); + } + return(kt); + } +*************** +*** 553,565 **** + goto done; + } + +! slot = PK11_GetBestSlot(CKM_DSA, NULL); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "PK11_GetBestSlot", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + ret = -1; + goto done; + } +--- 592,604 ---- + goto done; + } + +! slot = xmlSecNssSlotGet(CKM_DSA); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +*************** +*** 570,576 **** + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + ret = -1; + goto done; + } +--- 609,615 ---- + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +*************** +*** 582,588 **** + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_ArenaZAlloc", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + PORT_FreeArena(arena, PR_FALSE); + ret = -1; + goto done; +--- 621,627 ---- + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_ArenaZAlloc", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + PORT_FreeArena(arena, PR_FALSE); + ret = -1; + goto done; +*************** +*** 750,770 **** + goto done; + } + data = NULL; +- + ret = 0; + + done: + if (slot != NULL) { +! PK11_FreeSlot(slot); + } +! if (ret != 0) { +! if (pubkey != NULL) { +! SECKEY_DestroyPublicKey(pubkey); +! } +! if (data != NULL) { +! xmlSecKeyDataDestroy(data); +! } + } + return(ret); + } + +--- 789,809 ---- + goto done; + } + data = NULL; + ret = 0; + + done: + if (slot != NULL) { +! PK11_FreeSlot(slot); + } +! +! if (pubkey != NULL) { +! SECKEY_DestroyPublicKey(pubkey); +! } +! +! if (data != NULL) { +! xmlSecKeyDataDestroy(data); + } ++ + return(ret); + } + +*************** +*** 783,789 **** + + ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); + + if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { + /* we can have only private key or public key */ +--- 822,828 ---- + + ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); + + if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { + /* we can have only private key or public key */ +*************** +*** 905,911 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_ParamGen", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "size=%d", sizeBits); + goto done; + } + +--- 944,951 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_ParamGen", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "size=%d, error code=%d", sizeBits, PORT_GetError()); +! ret = -1; + goto done; + } + +*************** +*** 915,925 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_VerifyParams", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "size=%d", sizeBits); + goto done; + } + +! slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); + PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, + &pubkey, PR_FALSE, PR_TRUE, NULL); +--- 955,966 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_PQG_VerifyParams", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "size=%d, error code=%d", sizeBits, PORT_GetError()); +! ret = -1; + goto done; + } + +! slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); + PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, + &pubkey, PR_FALSE, PR_TRUE, NULL); +*************** +*** 929,936 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_GenerateKeyPair", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + + goto done; + } + +--- 970,978 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_GenerateKeyPair", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + ++ ret = -1; + goto done; + } + +*************** +*** 943,971 **** + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } +! + ret = 0; + + done: + if (slot != NULL) { +! PK11_FreeSlot(slot); + } + if (pqgParams != NULL) { +! PK11_PQG_DestroyParams(pqgParams); + } + if (pqgVerify != NULL) { +! PK11_PQG_DestroyVerify(pqgVerify); +! } +! if (ret == 0) { +! return (0); + } + if (pubkey != NULL) { +! SECKEY_DestroyPublicKey(pubkey); + } + if (privkey != NULL) { +! SECKEY_DestroyPrivateKey(privkey); + } +! return(-1); + } + + static xmlSecKeyDataType +--- 985,1016 ---- + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } +! privkey = NULL ; +! pubkey = NULL ; + ret = 0; + + done: + if (slot != NULL) { +! PK11_FreeSlot(slot); + } ++ + if (pqgParams != NULL) { +! PK11_PQG_DestroyParams(pqgParams); + } ++ + if (pqgVerify != NULL) { +! PK11_PQG_DestroyVerify(pqgVerify); + } ++ + if (pubkey != NULL) { +! SECKEY_DestroyPublicKey(pubkey); + } ++ + if (privkey != NULL) { +! SECKEY_DestroyPrivateKey(privkey); + } +! +! return(ret); + } + + static xmlSecKeyDataType +*************** +*** 975,985 **** + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); + if (ctx->privkey != NULL) { +! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); +! } else { +! return(xmlSecKeyDataTypePublic); + } + + return(xmlSecKeyDataTypeUnknown); +--- 1020,1030 ---- + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); + if (ctx->privkey != NULL) { +! return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); +! } else if( ctx->pubkey != NULL ) { +! return(xmlSecKeyDataTypePublic); + } + + return(xmlSecKeyDataTypeUnknown); +*************** +*** 992,998 **** + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); + + return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); + } +--- 1037,1043 ---- + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); + + return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); + } +*************** +*** 1181,1193 **** + goto done; + } + +! slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "PK11_GetBestSlot", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + ret = -1; + goto done; + } +--- 1226,1238 ---- + goto done; + } + +! slot = xmlSecNssSlotGet(CKM_RSA_PKCS); + if(slot == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssSlotGet", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +*************** +*** 1198,1204 **** + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + ret = -1; + goto done; + } +--- 1243,1249 ---- + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_NewArena", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + ret = -1; + goto done; + } +*************** +*** 1210,1216 **** + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_ArenaZAlloc", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + PORT_FreeArena(arena, PR_FALSE); + ret = -1; + goto done; +--- 1255,1261 ---- + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PORT_ArenaZAlloc", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + PORT_FreeArena(arena, PR_FALSE); + ret = -1; + goto done; +*************** +*** 1349,1355 **** + + ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); + + + if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { +--- 1394,1400 ---- + + ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); +! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); + + + if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { +*************** +*** 1420,1426 **** + params.keySizeInBits = sizeBits; + params.pe = 65537; + +! slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); + PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, + &pubkey, PR_FALSE, PR_TRUE, NULL); +--- 1465,1471 ---- + params.keySizeInBits = sizeBits; + params.pe = 65537; + +! slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); + PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, + &pubkey, PR_FALSE, PR_TRUE, NULL); +*************** +*** 1430,1436 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_GenerateKeyPair", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + + goto done; + } +--- 1475,1481 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "PK11_GenerateKeyPair", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + + goto done; + } +*************** +*** 1472,1478 **** + + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); + if (ctx->privkey != NULL) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } else { +--- 1517,1523 ---- + + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); + if (ctx->privkey != NULL) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } else { +*************** +*** 1490,1496 **** + + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +! xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); + + return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); + } +--- 1535,1541 ---- + + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); +! // xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); + + return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); + } +*** misc/xmlsec1-1.2.6/src/nss/signatures.c 2003-09-26 08:58:15.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/signatures.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 199,205 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_NewContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { +--- 199,205 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_NewContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + } else { +*************** +*** 222,228 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_CreateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +--- 222,228 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_CreateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + } +*************** +*** 282,288 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Update, VFY_End", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + + if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { + xmlSecError(XMLSEC_ERRORS_HERE, +--- 282,288 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Update, VFY_End", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + + if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { + xmlSecError(XMLSEC_ERRORS_HERE, +*************** +*** 341,347 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_Begin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { +--- 341,347 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_Begin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + } else { +*************** +*** 351,357 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Begin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +--- 351,357 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Begin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + } +*************** +*** 368,374 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_Update", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { +--- 368,374 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_Update", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + } else { +*************** +*** 378,384 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Update", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +--- 378,384 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "VFY_Update", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + } +*************** +*** 404,410 **** + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_End", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +--- 404,410 ---- + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "SGN_End", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + +*** misc/xmlsec1-1.2.6/src/nss/symkeys.c 2003-07-21 11:12:52.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/symkeys.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 15,192 **** + #include <stdio.h> + #include <string.h> + + #include <xmlsec/xmlsec.h> + #include <xmlsec/xmltree.h> + #include <xmlsec/keys.h> + #include <xmlsec/keyinfo.h> + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> + + /***************************************************************************** + * +! * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary + * + ****************************************************************************/ +! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); +! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, +! xmlSecKeyDataPtr src); +! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); +! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, +! xmlSecKeyPtr key, +! xmlNodePtr node, +! xmlSecKeyInfoCtxPtr keyInfoCtx); +! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, +! xmlSecKeyPtr key, +! xmlNodePtr node, +! xmlSecKeyInfoCtxPtr keyInfoCtx); +! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, +! xmlSecKeyPtr key, +! const xmlSecByte* buf, +! xmlSecSize bufSize, +! xmlSecKeyInfoCtxPtr keyInfoCtx); +! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, +! xmlSecKeyPtr key, +! xmlSecByte** buf, +! xmlSecSize* bufSize, +! xmlSecKeyInfoCtxPtr keyInfoCtx); +! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, +! xmlSecSize sizeBits, +! xmlSecKeyDataType type); +! +! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); +! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); +! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, +! FILE* output); +! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, +! FILE* output); +! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); + + #define xmlSecNssSymKeyDataCheckId(data) \ + (xmlSecKeyDataIsValid((data)) && \ + xmlSecNssSymKeyDataKlassCheck((data)->id)) + + static int + xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); +! +! return(xmlSecKeyDataBinaryValueInitialize(data)); + } + + static int + xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); + xmlSecAssert2(dst->id == src->id, -1); +! +! return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); + } + + static void + xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); +! +! xmlSecKeyDataBinaryValueFinalize(data); + } + + static int + xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, +! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + +! return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); + } + + static int + xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, +! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + +! return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); + } + + static int + xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, +! const xmlSecByte* buf, xmlSecSize bufSize, +! xmlSecKeyInfoCtxPtr keyInfoCtx) { +! xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + +! return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); + } + + static int + xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, +! xmlSecByte** buf, xmlSecSize* bufSize, +! xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); + +! return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); + } + + static int + xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +! xmlSecBufferPtr buffer; +! + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); + xmlSecAssert2(sizeBits > 0, -1); + +! buffer = xmlSecKeyDataBinaryValueGetBuffer(data); +! xmlSecAssert2(buffer != NULL, -1); +! +! return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); + } + + static xmlSecKeyDataType + xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { +! xmlSecBufferPtr buffer; + + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); + +! buffer = xmlSecKeyDataBinaryValueGetBuffer(data); +! xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); + +! return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); + } + + static xmlSecSize + xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); +! +! return(xmlSecKeyDataBinaryValueGetSize(data)); + } + + static void + xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); + +! xmlSecKeyDataBinaryValueDebugDump(data, output); + } + + static void + xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); + +! xmlSecKeyDataBinaryValueDebugXmlDump(data, output); + } + + static int + xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { + #ifndef XMLSEC_NO_DES + if(klass == xmlSecNssKeyDataDesId) { +! return(1); + } + #endif /* XMLSEC_NO_DES */ + + #ifndef XMLSEC_NO_AES + if(klass == xmlSecNssKeyDataAesId) { +! return(1); + } + #endif /* XMLSEC_NO_AES */ + + #ifndef XMLSEC_NO_HMAC + if(klass == xmlSecNssKeyDataHmacId) { +! return(1); + } + #endif /* XMLSEC_NO_HMAC */ + +--- 15,851 ---- + #include <stdio.h> + #include <string.h> + ++ #include <pk11func.h> ++ #include <nss.h> ++ + #include <xmlsec/xmlsec.h> + #include <xmlsec/xmltree.h> ++ #include <xmlsec/base64.h> + #include <xmlsec/keys.h> + #include <xmlsec/keyinfo.h> + #include <xmlsec/transforms.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> ++ #include <xmlsec/nss/ciphers.h> ++ #include <xmlsec/nss/tokens.h> + + /***************************************************************************** + * +! * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey + * + ****************************************************************************/ +! typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; +! typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; +! +! struct _xmlSecNssSymKeyDataCtx { +! CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ +! PK11SlotInfo* slot ; /* the key resident slot */ +! PK11SymKey* symkey ; /* the symmetic key */ +! } ; +! +! #define xmlSecNssSymKeyDataSize \ +! ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) +! +! #define xmlSecNssSymKeyDataGetCtx( data ) \ +! ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) +! +! +! static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); +! static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, +! xmlSecKeyDataPtr src); +! static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data); +! static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id, +! xmlSecKeyPtr key, +! xmlNodePtr node, +! xmlSecKeyInfoCtxPtr keyInfoCtx); +! static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id, +! xmlSecKeyPtr key, +! xmlNodePtr node, +! xmlSecKeyInfoCtxPtr keyInfoCtx); +! static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id, +! xmlSecKeyPtr key, +! const xmlSecByte* buf, +! xmlSecSize bufSize, +! xmlSecKeyInfoCtxPtr keyInfoCtx); +! static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id, +! xmlSecKeyPtr key, +! xmlSecByte** buf, +! xmlSecSize* bufSize, +! xmlSecKeyInfoCtxPtr keyInfoCtx); +! static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data, +! xmlSecSize sizeBits, +! xmlSecKeyDataType type); +! +! static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data); +! static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data); +! static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data, +! FILE* output); +! static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data, +! FILE* output); +! static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass); + + #define xmlSecNssSymKeyDataCheckId(data) \ + (xmlSecKeyDataIsValid((data)) && \ + xmlSecNssSymKeyDataKlassCheck((data)->id)) + ++ /** ++ * xmlSecNssSymKeyDataAdoptKey: ++ * @data: the pointer to symmetric key data. ++ * @symkey: the symmetric key ++ * ++ * Set the value of symmetric key data. ++ * ++ * Returns 0 on success or a negative value if an error occurs. ++ */ ++ int ++ xmlSecNssSymKeyDataAdoptKey( ++ xmlSecKeyDataPtr data , ++ PK11SymKey* symkey ++ ) { ++ xmlSecNssSymKeyDataCtxPtr context = NULL ; ++ ++ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; ++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; ++ xmlSecAssert2( symkey != NULL, -1 ) ; ++ ++ context = xmlSecNssSymKeyDataGetCtx( data ) ; ++ xmlSecAssert2(context != NULL, -1); ++ ++ context->cipher = PK11_GetMechanism( symkey ) ; ++ ++ if( context->slot != NULL ) { ++ PK11_FreeSlot( context->slot ) ; ++ context->slot = NULL ; ++ } ++ context->slot = PK11_GetSlotFromKey( symkey ) ; ++ ++ if( context->symkey != NULL ) { ++ PK11_FreeSymKey( context->symkey ) ; ++ context->symkey = NULL ; ++ } ++ context->symkey = PK11_ReferenceSymKey( symkey ) ; ++ ++ return 0 ; ++ } ++ ++ xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( ++ PK11SymKey* symKey ++ ) { ++ xmlSecKeyDataPtr data = NULL ; ++ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; ++ ++ xmlSecAssert2( symKey != NULL , NULL ) ; ++ ++ mechanism = PK11_GetMechanism( symKey ) ; ++ switch( mechanism ) { ++ case CKM_DES3_KEY_GEN : ++ case CKM_DES3_CBC : ++ case CKM_DES3_MAC : ++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyDataCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "xmlSecNssKeyDataDesId" ) ; ++ return NULL ; ++ } ++ break ; ++ case CKM_AES_KEY_GEN : ++ case CKM_AES_CBC : ++ case CKM_AES_MAC : ++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; ++ if( data == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecKeyDataCreate" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "xmlSecNssKeyDataDesId" ) ; ++ return NULL ; ++ } ++ break ; ++ default : ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ NULL , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ "Unsupported mechanism" ) ; ++ return NULL ; ++ } ++ ++ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ NULL , ++ "xmlSecNssSymKeyDataAdoptKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ xmlSecKeyDataDestroy( data ) ; ++ return NULL ; ++ } ++ ++ return data ; ++ } ++ ++ ++ PK11SymKey* ++ xmlSecNssSymKeyDataGetKey( ++ xmlSecKeyDataPtr data ++ ) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ PK11SymKey* symkey ; ++ ++ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); ++ ++ ctx = xmlSecNssSymKeyDataGetCtx(data); ++ xmlSecAssert2(ctx != NULL, NULL); ++ ++ if( ctx->symkey != NULL ) { ++ symkey = PK11_ReferenceSymKey( ctx->symkey ) ; ++ } else { ++ symkey = NULL ; ++ } ++ ++ return(symkey); ++ } ++ + static int + xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); +! xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); +! +! ctx = xmlSecNssSymKeyDataGetCtx(data); +! xmlSecAssert2(ctx != NULL, -1); +! +! memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); +! +! /* Set the block cipher mechanism */ +! #ifndef XMLSEC_NO_DES +! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { +! ctx->cipher = CKM_DES3_KEY_GEN; +! } else +! #endif /* XMLSEC_NO_DES */ +! +! #ifndef XMLSEC_NO_AES +! if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { +! ctx->cipher = CKM_AES_KEY_GEN; +! } else +! #endif /* XMLSEC_NO_AES */ +! +! if(1) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! "Unsupported block cipher" ) ; +! return(-1) ; +! } +! +! return(0); + } + + static int + xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { ++ xmlSecNssSymKeyDataCtxPtr ctxDst; ++ xmlSecNssSymKeyDataCtxPtr ctxSrc; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); ++ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); + xmlSecAssert2(dst->id == src->id, -1); +! +! ctxDst = xmlSecNssSymKeyDataGetCtx(dst); +! xmlSecAssert2(ctxDst != NULL, -1); +! +! ctxSrc = xmlSecNssSymKeyDataGetCtx(src); +! xmlSecAssert2(ctxSrc != NULL, -1); +! +! ctxDst->cipher = ctxSrc->cipher ; +! +! if( ctxSrc->slot != NULL ) { +! if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { +! PK11_FreeSlot( ctxDst->slot ) ; +! ctxDst->slot = NULL ; +! } +! +! if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) +! ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; +! } else { +! if( ctxDst->slot != NULL ) { +! PK11_FreeSlot( ctxDst->slot ) ; +! ctxDst->slot = NULL ; +! } +! } +! +! if( ctxSrc->symkey != NULL ) { +! if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { +! PK11_FreeSymKey( ctxDst->symkey ) ; +! ctxDst->symkey = NULL ; +! } +! +! if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) +! ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; +! } else { +! if( ctxDst->symkey != NULL ) { +! PK11_FreeSymKey( ctxDst->symkey ) ; +! ctxDst->symkey = NULL ; +! } +! } +! +! return(0); + } + + static void + xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr ctx; ++ + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); +! xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); +! +! ctx = xmlSecNssSymKeyDataGetCtx(data); +! xmlSecAssert(ctx != NULL); +! +! if( ctx->slot != NULL ) { +! PK11_FreeSlot( ctx->slot ) ; +! ctx->slot = NULL ; +! } +! +! if( ctx->symkey != NULL ) { +! PK11_FreeSymKey( ctx->symkey ) ; +! ctx->symkey = NULL ; +! } +! +! ctx->cipher = CKM_INVALID_MECHANISM ; + } + + static int + xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, +! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +! PK11SymKey* symKey ; +! PK11SlotInfo* slot ; +! xmlSecBufferPtr keyBuf; +! xmlSecSize len; +! xmlSecKeyDataPtr data; +! xmlSecNssSymKeyDataCtxPtr ctx; +! SECItem keyItem ; +! int ret; +! +! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); +! xmlSecAssert2(key != NULL, -1); +! xmlSecAssert2(node != NULL, -1); +! xmlSecAssert2(keyInfoCtx != NULL, -1); +! +! /* Create a new KeyData from a id */ +! data = xmlSecKeyDataCreate(id); +! if(data == NULL ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecKeyDataCreate", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! ctx = xmlSecNssSymKeyDataGetCtx(data); +! xmlSecAssert2(ctx != NULL, -1); +! +! /* Create a buffer for raw symmetric key value */ +! if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecBufferCreate" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! /* Read the raw key value */ +! if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecBufferDestroy( keyBuf ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! /* Get slot */ +! slot = xmlSecNssSlotGet(ctx->cipher); +! if( slot == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssSlotGet" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecBufferDestroy( keyBuf ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! /* Wrap the raw key value SECItem */ +! keyItem.type = siBuffer ; +! keyItem.data = xmlSecBufferGetData( keyBuf ) ; +! keyItem.len = xmlSecBufferGetSize( keyBuf ) ; +! +! /* Import the raw key into slot temporalily and get the key handler*/ +! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; +! if( symKey == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "PK11_ImportSymKey" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! PK11_FreeSlot( slot ) ; +! xmlSecBufferDestroy( keyBuf ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! PK11_FreeSlot( slot ) ; +! +! /* raw key material has been copied into symKey, it isn't used any more */ +! xmlSecBufferDestroy( keyBuf ) ; + +! /* Adopt the symmetric key into key data */ +! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecKeyDataBinaryValueSetBuffer", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! PK11_FreeSymKey( symKey ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1); +! } +! /* symKey has been duplicated into data, it isn't used any more */ +! PK11_FreeSymKey( symKey ) ; +! +! /* Check value */ +! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecKeyReqMatchKeyValue", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! xmlSecKeyDataDestroy( data ) ; +! return(0); +! } +! +! ret = xmlSecKeySetValue(key, data); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecKeySetValue", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! xmlSecKeyDataDestroy( data ) ; +! return(-1); +! } +! +! return(0); + } + + static int + xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, +! xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +! PK11SymKey* symKey ; +! + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(node != NULL, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Get symmetric key from "key" */ ++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); ++ if( symKey != NULL ) { ++ SECItem* keyItem ; ++ xmlSecBufferPtr keyBuf ; ++ ++ /* Extract raw key data from symmetric key */ ++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ExtractKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Get raw key data from "symKey" */ ++ keyItem = PK11_GetKeyData( symKey ) ; ++ if(keyItem == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_GetKeyData", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Create key data buffer with raw kwy material */ ++ keyBuf = xmlSecBufferCreate(keyItem->len) ; ++ if(keyBuf == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecBufferCreate", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; ++ ++ /* Write raw key material into current xml node */ ++ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "xmlSecBufferBase64NodeContentWrite", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ xmlSecBufferDestroy(keyBuf); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ xmlSecBufferDestroy(keyBuf); ++ PK11_FreeSymKey( symKey ) ; ++ } + +! return 0 ; + } + + static int + xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, +! const xmlSecByte* buf, xmlSecSize bufSize, +! xmlSecKeyInfoCtxPtr keyInfoCtx) { +! PK11SymKey* symKey ; +! PK11SlotInfo* slot ; +! xmlSecKeyDataPtr data; +! xmlSecNssSymKeyDataCtxPtr ctx; +! SECItem keyItem ; +! int ret; + +! xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); +! xmlSecAssert2(key != NULL, -1); +! xmlSecAssert2(buf != NULL, -1); +! xmlSecAssert2(bufSize != 0, -1); +! xmlSecAssert2(keyInfoCtx != NULL, -1); +! +! /* Create a new KeyData from a id */ +! data = xmlSecKeyDataCreate(id); +! if(data == NULL ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecKeyDataCreate", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! +! ctx = xmlSecNssSymKeyDataGetCtx(data); +! xmlSecAssert2(ctx != NULL, -1); +! +! /* Get slot */ +! slot = xmlSecNssSlotGet(ctx->cipher); +! if( slot == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssSlotGet" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! /* Wrap the raw key value SECItem */ +! keyItem.type = siBuffer ; +! keyItem.data = buf ; +! keyItem.len = bufSize ; +! +! /* Import the raw key into slot temporalily and get the key handler*/ +! symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; +! if( symKey == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "PK11_ImportSymKey" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSlot( slot ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1) ; +! } +! +! /* Adopt the symmetric key into key data */ +! ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecKeyDataBinaryValueSetBuffer", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSymKey( symKey ) ; +! PK11_FreeSlot( slot ) ; +! xmlSecKeyDataDestroy( data ) ; +! return(-1); +! } +! /* symKey has been duplicated into data, it isn't used any more */ +! PK11_FreeSymKey( symKey ) ; +! PK11_FreeSlot( slot ) ; +! +! /* Check value */ +! if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecKeyReqMatchKeyValue", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! xmlSecKeyDataDestroy( data ) ; +! return(0); +! } +! +! ret = xmlSecKeySetValue(key, data); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecKeySetValue", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! xmlSecKeyDataDestroy( data ) ; +! return(-1); +! } +! +! return(0); + } + + static int + xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, +! xmlSecByte** buf, xmlSecSize* bufSize, +! xmlSecKeyInfoCtxPtr keyInfoCtx) { +! PK11SymKey* symKey ; +! + xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); ++ xmlSecAssert2(key != NULL, -1); ++ xmlSecAssert2(buf != NULL, -1); ++ xmlSecAssert2(bufSize != 0, -1); ++ xmlSecAssert2(keyInfoCtx != NULL, -1); ++ ++ /* Get symmetric key from "key" */ ++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); ++ if( symKey != NULL ) { ++ SECItem* keyItem ; ++ ++ /* Extract raw key data from symmetric key */ ++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_ExtractKeyValue", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ /* Get raw key data from "symKey" */ ++ keyItem = PK11_GetKeyData( symKey ) ; ++ if(keyItem == NULL) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ "PK11_GetKeyData", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ *bufSize = keyItem->len; ++ *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); ++ if( *buf == NULL ) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), ++ NULL, ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ PK11_FreeSymKey( symKey ) ; ++ return(-1); ++ } ++ ++ memcpy((*buf), keyItem->data, (*bufSize)); ++ PK11_FreeSymKey( symKey ) ; ++ } + +! return 0 ; + } + + static int + xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +! PK11SymKey* symkey ; +! PK11SlotInfo* slot ; +! xmlSecNssSymKeyDataCtxPtr ctx; +! int ret; +! + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); + xmlSecAssert2(sizeBits > 0, -1); + +! ctx = xmlSecNssSymKeyDataGetCtx(data); +! xmlSecAssert2(ctx != NULL, -1); +! +! if( sizeBits % 8 != 0 ) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! NULL, +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "Symmetric key size must be octuple"); +! return(-1); +! } +! +! /* Get slot */ +! slot = xmlSecNssSlotGet(ctx->cipher); +! if( slot == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! "xmlSecNssSlotGet" , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1) ; +! } +! +! if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , +! "PK11_Authenticate" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSlot( slot ) ; +! return -1 ; +! } +! +! symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; +! if( symkey == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , +! "PK11_KeyGen" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSlot( slot ) ; +! return -1 ; +! } +! +! if( ctx->slot != NULL ) { +! PK11_FreeSlot( ctx->slot ) ; +! ctx->slot = NULL ; +! } +! ctx->slot = slot ; +! +! if( ctx->symkey != NULL ) { +! PK11_FreeSymKey( ctx->symkey ) ; +! ctx->symkey = NULL ; +! } +! ctx->symkey = symkey ; +! +! return 0 ; + } + + static xmlSecKeyDataType + xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { +! xmlSecNssSymKeyDataCtxPtr context = NULL ; +! xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; + + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); ++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; + +! context = xmlSecNssSymKeyDataGetCtx( data ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , +! "xmlSecNssSymKeyDataGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return xmlSecKeyDataTypeUnknown ; +! } +! +! if( context->symkey != NULL ) { +! type |= xmlSecKeyDataTypeSymmetric ; +! } else { +! type |= xmlSecKeyDataTypeUnknown ; +! } + +! return type ; + } + + static xmlSecSize + xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { ++ xmlSecNssSymKeyDataCtxPtr context ; ++ unsigned int length = 0 ; ++ + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); +! xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; +! +! context = xmlSecNssSymKeyDataGetCtx( data ) ; +! if( context == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , +! "xmlSecNssSymKeyDataGetCtx" , +! XMLSEC_ERRORS_R_CRYPTO_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return 0 ; +! } +! +! if( context->symkey != NULL ) { +! length = PK11_GetKeyLength( context->symkey ) ; +! length *= 8 ; +! } +! +! return length ; + } + + static void + xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); + +! /* print only size, everything else is sensitive */ +! fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , +! xmlSecKeyDataGetSize(data)) ; + } + + static void + xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); + +! /* print only size, everything else is sensitive */ +! fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , +! xmlSecKeyDataGetSize(data)) ; + } + + static int + xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { + #ifndef XMLSEC_NO_DES + if(klass == xmlSecNssKeyDataDesId) { +! return(1); + } + #endif /* XMLSEC_NO_DES */ + + #ifndef XMLSEC_NO_AES + if(klass == xmlSecNssKeyDataAesId) { +! return(1); + } + #endif /* XMLSEC_NO_AES */ + + #ifndef XMLSEC_NO_HMAC + if(klass == xmlSecNssKeyDataHmacId) { +! return(1); + } + #endif /* XMLSEC_NO_HMAC */ + +*************** +*** 201,240 **** + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { + sizeof(xmlSecKeyDataKlass), +! xmlSecKeyDataBinarySize, + + /* data */ + xmlSecNameAESKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +! /* xmlSecKeyDataUsage usage; */ +! xmlSecHrefAESKeyValue, /* const xmlChar* href; */ +! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ +! xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ + }; + + /** +--- 860,899 ---- + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { + sizeof(xmlSecKeyDataKlass), +! xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameAESKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +! /* xmlSecKeyDataUsage usage; */ +! xmlSecHrefAESKeyValue, /* const xmlChar* href; */ +! xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ +! xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ + }; + + /** +*************** +*** 251,259 **** + + /** + * xmlSecNssKeyDataAesSet: +! * @data: the pointer to AES key data. +! * @buf: the pointer to key value. +! * @bufSize: the key value size (in bytes). + * + * Sets the value of AES key data. + * +--- 910,918 ---- + + /** + * xmlSecNssKeyDataAesSet: +! * @data: the pointer to AES key data. +! * @buf: the pointer to key value. +! * @bufSize: the key value size (in bytes). + * + * Sets the value of AES key data. + * +*************** +*** 282,321 **** + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { + sizeof(xmlSecKeyDataKlass), +! xmlSecKeyDataBinarySize, + + /* data */ + xmlSecNameDESKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +! /* xmlSecKeyDataUsage usage; */ +! xmlSecHrefDESKeyValue, /* const xmlChar* href; */ +! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ +! xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ + }; + + /** +--- 941,980 ---- + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { + sizeof(xmlSecKeyDataKlass), +! xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameDESKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +! /* xmlSecKeyDataUsage usage; */ +! xmlSecHrefDESKeyValue, /* const xmlChar* href; */ +! xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ +! xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ + }; + + /** +*************** +*** 332,340 **** + + /** + * xmlSecNssKeyDataDesSet: +! * @data: the pointer to DES key data. +! * @buf: the pointer to key value. +! * @bufSize: the key value size (in bytes). + * + * Sets the value of DES key data. + * +--- 991,999 ---- + + /** + * xmlSecNssKeyDataDesSet: +! * @data: the pointer to DES key data. +! * @buf: the pointer to key value. +! * @bufSize: the key value size (in bytes). + * + * Sets the value of DES key data. + * +*************** +*** 364,403 **** + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { + sizeof(xmlSecKeyDataKlass), +! xmlSecKeyDataBinarySize, + + /* data */ + xmlSecNameHMACKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +! /* xmlSecKeyDataUsage usage; */ +! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ +! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ +! xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ + }; + + /** +--- 1023,1062 ---- + *************************************************************************/ + static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { + sizeof(xmlSecKeyDataKlass), +! xmlSecNssSymKeyDataSize, + + /* data */ + xmlSecNameHMACKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, +! /* xmlSecKeyDataUsage usage; */ +! xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ +! xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ +! xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ +! xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ +! xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ +! xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ +! xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ +! xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ +! xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ +! NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ +! xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ +! xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ +! xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ +! xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ +! xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ +! xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ + }; + + /** +*************** +*** 414,422 **** + + /** + * xmlSecNssKeyDataHmacSet: +! * @data: the pointer to HMAC key data. +! * @buf: the pointer to key value. +! * @bufSize: the key value size (in bytes). + * + * Sets the value of HMAC key data. + * +--- 1073,1081 ---- + + /** + * xmlSecNssKeyDataHmacSet: +! * @data: the pointer to HMAC key data. +! * @buf: the pointer to key value. +! * @bufSize: the key value size (in bytes). + * + * Sets the value of HMAC key data. + * +*** misc/xmlsec1-1.2.6/src/nss/tokens.c 2005-02-23 11:07:02.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/tokens.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 1 **** +! dummy +--- 1,544 ---- +! /** +! * XMLSec library +! * +! * This is free software; see Copyright file in the source +! * distribution for preciese wording. +! * +! * Copyright.................................. +! * +! * Contributor(s): _____________________________ +! * +! */ +! +! /** +! * In order to ensure that particular crypto operation is performed on +! * particular crypto device, a subclass of xmlSecList is used to store slot and +! * mechanism information. +! * +! * In the list, a slot is bound with a mechanism. If the mechanism is available, +! * this mechanism only can perform on the slot; otherwise, it can perform on +! * every eligibl slot in the list. +! * +! * When try to find a slot for a particular mechanism, the slot bound with +! * avaliable mechanism will be looked up firstly. +! */ +! #include "globals.h" +! #include <string.h> +! +! #include <xmlsec/xmlsec.h> +! #include <xmlsec/errors.h> +! #include <xmlsec/list.h> +! +! #include <xmlsec/nss/tokens.h> +! +! int +! xmlSecNssKeySlotSetMechList( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE_PTR mechanismList +! ) { +! int counter ; +! +! xmlSecAssert2( keySlot != NULL , -1 ) ; +! +! if( keySlot->mechanismList != CK_NULL_PTR ) { +! xmlFree( keySlot->mechanismList ) ; +! +! for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; +! keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; +! if( keySlot->mechanismList == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ); +! } +! for( ; counter >= 0 ; counter -- ) +! *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; +! } +! +! return( 0 ); +! } +! +! int +! xmlSecNssKeySlotEnableMech( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE mechanism +! ) { +! int counter ; +! CK_MECHANISM_TYPE_PTR newList ; +! +! xmlSecAssert2( keySlot != NULL , -1 ) ; +! +! if( mechanism != CKM_INVALID_MECHANISM ) { +! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; +! newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; +! if( newList == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ); +! } +! *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; +! *( newList + counter ) = mechanism ; +! for( counter -= 1 ; counter >= 0 ; counter -- ) +! *( newList + counter ) = *( keySlot->mechanismList + counter ) ; +! +! xmlFree( keySlot->mechanismList ) ; +! keySlot->mechanismList = newList ; +! } +! +! return(0); +! } +! +! int +! xmlSecNssKeySlotDisableMech( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE mechanism +! ) { +! int counter ; +! +! xmlSecAssert2( keySlot != NULL , -1 ) ; +! +! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { +! if( *( keySlot->mechanismList + counter ) == mechanism ) { +! for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { +! *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; +! } +! +! break ; +! } +! } +! +! return(0); +! } +! +! CK_MECHANISM_TYPE_PTR +! xmlSecNssKeySlotGetMechList( +! xmlSecNssKeySlotPtr keySlot +! ) { +! if( keySlot != NULL ) +! return keySlot->mechanismList ; +! else +! return NULL ; +! } +! +! int +! xmlSecNssKeySlotSetSlot( +! xmlSecNssKeySlotPtr keySlot , +! PK11SlotInfo* slot +! ) { +! xmlSecAssert2( keySlot != NULL , -1 ) ; +! +! if( slot != NULL && keySlot->slot != slot ) { +! if( keySlot->slot != NULL ) +! PK11_FreeSlot( keySlot->slot ) ; +! +! if( keySlot->mechanismList != NULL ) { +! xmlFree( keySlot->mechanismList ) ; +! keySlot->mechanismList = NULL ; +! } +! +! keySlot->slot = PK11_ReferenceSlot( slot ) ; +! } +! +! return(0); +! } +! +! int +! xmlSecNssKeySlotInitialize( +! xmlSecNssKeySlotPtr keySlot , +! PK11SlotInfo* slot +! ) { +! xmlSecAssert2( keySlot != NULL , -1 ) ; +! xmlSecAssert2( keySlot->slot == NULL , -1 ) ; +! xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; +! +! if( slot != NULL ) { +! keySlot->slot = PK11_ReferenceSlot( slot ) ; +! } +! +! return(0); +! } +! +! void +! xmlSecNssKeySlotFinalize( +! xmlSecNssKeySlotPtr keySlot +! ) { +! xmlSecAssert( keySlot != NULL ) ; +! +! if( keySlot->mechanismList != NULL ) { +! xmlFree( keySlot->mechanismList ) ; +! keySlot->mechanismList = NULL ; +! } +! +! if( keySlot->slot != NULL ) { +! PK11_FreeSlot( keySlot->slot ) ; +! keySlot->slot = NULL ; +! } +! +! } +! +! PK11SlotInfo* +! xmlSecNssKeySlotGetSlot( +! xmlSecNssKeySlotPtr keySlot +! ) { +! if( keySlot != NULL ) +! return keySlot->slot ; +! else +! return NULL ; +! } +! +! xmlSecNssKeySlotPtr +! xmlSecNssKeySlotCreate() { +! xmlSecNssKeySlotPtr keySlot ; +! +! /* Allocates a new xmlSecNssKeySlot and fill the fields */ +! keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; +! if( keySlot == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( NULL ); +! } +! memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; +! +! return( keySlot ) ; +! } +! +! int +! xmlSecNssKeySlotCopy( +! xmlSecNssKeySlotPtr newKeySlot , +! xmlSecNssKeySlotPtr keySlot +! ) { +! CK_MECHANISM_TYPE_PTR mech ; +! int counter ; +! +! xmlSecAssert2( newKeySlot != NULL , -1 ) ; +! xmlSecAssert2( keySlot != NULL , -1 ) ; +! +! if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { +! if( newKeySlot->slot != NULL ) +! PK11_FreeSlot( newKeySlot->slot ) ; +! +! newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; +! } +! +! if( keySlot->mechanismList != CK_NULL_PTR ) { +! xmlFree( newKeySlot->mechanismList ) ; +! +! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; +! newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; +! if( newKeySlot->mechanismList == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ); +! } +! for( ; counter >= 0 ; counter -- ) +! *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; +! } +! +! return( 0 ); +! } +! +! xmlSecNssKeySlotPtr +! xmlSecNssKeySlotDuplicate( +! xmlSecNssKeySlotPtr keySlot +! ) { +! xmlSecNssKeySlotPtr newKeySlot ; +! int ret ; +! +! xmlSecAssert2( keySlot != NULL , NULL ) ; +! +! newKeySlot = xmlSecNssKeySlotCreate() ; +! if( newKeySlot == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( NULL ); +! } +! +! if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( NULL ); +! } +! +! return( newKeySlot ); +! } +! +! void +! xmlSecNssKeySlotDestroy( +! xmlSecNssKeySlotPtr keySlot +! ) { +! xmlSecAssert( keySlot != NULL ) ; +! +! if( keySlot->mechanismList != NULL ) +! xmlFree( keySlot->mechanismList ) ; +! +! if( keySlot->slot != NULL ) +! PK11_FreeSlot( keySlot->slot ) ; +! +! xmlFree( keySlot ) ; +! } +! +! int +! xmlSecNssKeySlotBindMech( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE type +! ) { +! int counter ; +! +! xmlSecAssert2( keySlot != NULL , 0 ) ; +! xmlSecAssert2( keySlot->slot != NULL , 0 ) ; +! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; +! +! for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { +! if( *( keySlot->mechanismList + counter ) == type ) +! return(1) ; +! } +! +! return( 0 ) ; +! } +! +! int +! xmlSecNssKeySlotSupportMech( +! xmlSecNssKeySlotPtr keySlot , +! CK_MECHANISM_TYPE type +! ) { +! xmlSecAssert2( keySlot != NULL , 0 ) ; +! xmlSecAssert2( keySlot->slot != NULL , 0 ) ; +! xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; +! +! if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { +! return(1); +! } else +! return(0); +! } +! +! void +! xmlSecNssKeySlotDebugDump( +! xmlSecNssKeySlotPtr keySlot , +! FILE* output +! ) { +! xmlSecAssert( keySlot != NULL ) ; +! xmlSecAssert( output != NULL ) ; +! +! fprintf( output, "== KEY SLOT\n" ); +! } +! +! void +! xmlSecNssKeySlotDebugXmlDump( +! xmlSecNssKeySlotPtr keySlot , +! FILE* output +! ) { +! } +! +! /** +! * Key Slot List +! */ +! static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { +! BAD_CAST "mechanism-list", +! (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, +! (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, +! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, +! (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, +! }; +! +! xmlSecPtrListId +! xmlSecNssKeySlotListGetKlass(void) { +! return(&xmlSecNssKeySlotPtrListKlass); +! } +! +! +! /*- +! * Global PKCS#11 crypto token repository -- Key slot list +! */ +! static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; +! +! PK11SlotInfo* +! xmlSecNssSlotGet( +! CK_MECHANISM_TYPE type +! ) { +! PK11SlotInfo* slot = NULL ; +! xmlSecNssKeySlotPtr keySlot ; +! xmlSecSize ksSize ; +! xmlSecSize ksPos ; +! char flag ; +! +! if( _xmlSecNssKeySlotList == NULL ) { +! slot = PK11_GetBestSlot( type , NULL ) ; +! } else { +! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; +! +! /*- +! * Firstly, checking whether the mechanism is bound with a special slot. +! * If no bound slot, we try to find the first eligible slot in the list. +! */ +! for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { +! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; +! if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { +! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; +! flag = 2 ; +! } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { +! slot = xmlSecNssKeySlotGetSlot( keySlot ) ; +! flag = 1 ; +! } +! +! if( flag == 2 ) +! break ; +! } +! if( slot != NULL ) +! slot = PK11_ReferenceSlot( slot ) ; +! } +! +! if( slot != NULL && PK11_NeedLogin( slot ) ) { +! if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! PK11_FreeSlot( slot ) ; +! return( NULL ); +! } +! } +! +! return slot ; +! } +! +! int +! xmlSecNssSlotInitialize( +! void +! ) { +! if( _xmlSecNssKeySlotList != NULL ) { +! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; +! _xmlSecNssKeySlotList = NULL ; +! } +! +! _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; +! if( _xmlSecNssKeySlotList == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return( -1 ); +! } +! +! return(0); +! } +! +! void +! xmlSecNssSlotShutdown( +! void +! ) { +! if( _xmlSecNssKeySlotList != NULL ) { +! xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; +! _xmlSecNssKeySlotList = NULL ; +! } +! } +! +! int +! xmlSecNssSlotAdopt( +! PK11SlotInfo* slot, +! CK_MECHANISM_TYPE type +! ) { +! xmlSecNssKeySlotPtr keySlot ; +! xmlSecSize ksSize ; +! xmlSecSize ksPos ; +! char flag ; +! +! xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; +! xmlSecAssert2( slot != NULL, -1 ) ; +! +! ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; +! +! /*- +! * Firstly, checking whether the slot is in the repository already. +! */ +! flag = 0 ; +! for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { +! keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; +! /* If find the slot in the list */ +! if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { +! /* If mechnism type is valid, bind the slot with the mechanism */ +! if( type != CKM_INVALID_MECHANISM ) { +! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! } +! +! flag = 1 ; +! } +! } +! +! /* If the slot do not in the list, add a new item to the list */ +! if( flag == 0 ) { +! /* Create a new KeySlot */ +! keySlot = xmlSecNssKeySlotCreate() ; +! if( keySlot == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return(-1); +! } +! +! /* Initialize the keySlot with a slot */ +! if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecNssKeySlotDestroy( keySlot ) ; +! return(-1); +! } +! +! /* If mechnism type is valid, bind the slot with the mechanism */ +! if( type != CKM_INVALID_MECHANISM ) { +! if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecNssKeySlotDestroy( keySlot ) ; +! return(-1); +! } +! } +! +! /* Add keySlot into the list */ +! if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE , +! NULL , +! NULL , +! XMLSEC_ERRORS_R_XMLSEC_FAILED , +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! xmlSecNssKeySlotDestroy( keySlot ) ; +! return(-1); +! } +! } +! +! return(0); +! } +! +*** misc/xmlsec1-1.2.6/src/nss/x509.c 2003-09-26 11:53:09.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/x509.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 34,40 **** + #include <xmlsec/keys.h> + #include <xmlsec/keyinfo.h> + #include <xmlsec/keysmngr.h> +- #include <xmlsec/x509.h> + #include <xmlsec/base64.h> + #include <xmlsec/errors.h> + +--- 34,39 ---- +*************** +*** 61,97 **** + static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +- static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +- static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +- static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +- static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +- static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, +- xmlNodePtr node, +- xmlSecKeyInfoCtxPtr keyInfoCtx); + static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, + xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx); +- + static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf, + xmlSecSize size); + static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf); +--- 60,80 ---- +*************** +*** 104,112 **** + xmlSecKeyInfoCtxPtr keyInfoCtx); + static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, + int base64LineWrap); +- static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); +- static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); +- static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); + static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, + FILE* output); + static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, +--- 87,92 ---- +*************** +*** 378,384 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_NewCertList", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } +--- 358,364 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_NewCertList", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + } +*************** +*** 389,395 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_AddCertToListTail", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ctx->numCerts++; +--- 369,375 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_AddCertToListTail", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + ctx->numCerts++; +*************** +*** 588,594 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +--- 568,574 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + +*************** +*** 627,633 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "SEC_DupCrl", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + +--- 607,613 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "SEC_DupCrl", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + +*************** +*** 652,658 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); +--- 632,638 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); +*************** +*** 752,782 **** + xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataPtr data; + CERTCertificate* cert; + CERTSignedCrl* crl; + xmlSecSize size, pos; +- int content = 0; +- int ret; + + xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + +! content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); +! if (content < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecX509DataGetNodeContent", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "content=%d", content); +! return(-1); +! } else if(content == 0) { +! /* by default we are writing certificates and crls */ +! content = XMLSEC_X509DATA_DEFAULT; + } + +- /* get x509 data */ + data = xmlSecKeyGetData(key, id); + if(data == NULL) { + /* no x509 data in the key */ +--- 732,753 ---- + xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataPtr data; ++ xmlNodePtr cur; ++ xmlChar* buf; + CERTCertificate* cert; + CERTSignedCrl* crl; + xmlSecSize size, pos; + + xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + +! /* todo: flag in ctx remove all existing content */ +! if(0) { +! xmlNodeSetContent(node, NULL); + } + + data = xmlSecKeyGetData(key, id); + if(data == NULL) { + /* no x509 data in the key */ +*************** +*** 795,874 **** + "pos=%d", pos); + return(-1); + } +! +! if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { +! ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssX509CertificateNodeWrite", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "pos=%d", pos); +! return(-1); +! } + } +! +! if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { +! ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssX509SubjectNameNodeWrite", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "pos=%d", pos); +! return(-1); +! } + } + +! if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { +! ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssX509IssuerSerialNodeWrite", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "pos=%d", pos); +! return(-1); +! } +! } + +! if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { +! ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssX509SKINodeWrite", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "pos=%d", pos); +! return(-1); +! } +! } +! } + +! /* write crls if needed */ +! if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { +! size = xmlSecNssKeyDataX509GetCrlsSize(data); +! for(pos = 0; pos < size; ++pos) { +! crl = xmlSecNssKeyDataX509GetCrl(data, pos); +! if(crl == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssKeyDataX509GetCrl", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "pos=%d", pos); +! return(-1); +! } +! +! ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); +! if(ret < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssX509CRLNodeWrite", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "pos=%d", pos); +! return(-1); +! } +! } + } + + return(0); +--- 766,840 ---- + "pos=%d", pos); + return(-1); + } +! +! /* set base64 lines size from context */ +! buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); +! if(buf == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssX509CertBase64DerWrite", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); + } +! +! cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); +! if(cur == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecAddChild", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "node=%s", +! xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); +! xmlFree(buf); +! return(-1); + } ++ /* todo: add \n around base64 data - from context */ ++ /* todo: add errors check */ ++ xmlNodeSetContent(cur, xmlSecStringCR); ++ xmlNodeSetContent(cur, buf); ++ xmlFree(buf); ++ } + +! /* write crls */ +! size = xmlSecNssKeyDataX509GetCrlsSize(data); +! for(pos = 0; pos < size; ++pos) { +! crl = xmlSecNssKeyDataX509GetCrl(data, pos); +! if(crl == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssKeyDataX509GetCrl", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "pos=%d", pos); +! return(-1); +! } + +! /* set base64 lines size from context */ +! buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); +! if(buf == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecNssX509CrlBase64DerWrite", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } + +! cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); +! if(cur == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), +! "xmlSecAddChild", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "new_node=%s", +! xmlSecErrorsSafeString(xmlSecNodeX509CRL)); +! xmlFree(buf); +! return(-1); +! } +! /* todo: add \n around base64 data - from context */ +! /* todo: add errors check */ +! xmlNodeSetContent(cur, xmlSecStringCR); +! xmlNodeSetContent(cur, buf); + } + + return(0); +*************** +*** 1015,1033 **** + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); +! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { +! if(content != NULL) { +! xmlFree(content); +! } +! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! return(0); + } + + cert = xmlSecNssX509CertBase64DerRead(content); +--- 981,993 ---- + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); +! if(content == NULL){ +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); + } + + cert = xmlSecNssX509CertBase64DerRead(content); +*************** +*** 1057,1102 **** + return(0); + } + +- static int +- xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlChar* buf; +- xmlNodePtr cur; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- xmlSecAssert2(keyInfoCtx != NULL, -1); +- +- /* set base64 lines size from context */ +- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509CertBase64DerWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); +- xmlFree(buf); +- return(-1); +- } +- +- /* todo: add \n around base64 data - from context */ +- /* todo: add errors check */ +- xmlNodeSetContent(cur, xmlSecStringCR); +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- return(0); +- } +- + static int + xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +--- 1017,1022 ---- +*************** +*** 1120,1138 **** + } + + subject = xmlNodeGetContent(node); +! if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { +! if(subject != NULL) { +! xmlFree(subject); +! } +! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! return(0); + } + + cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); +--- 1040,1052 ---- + } + + subject = xmlNodeGetContent(node); +! if(subject == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); + } + + cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); +*************** +*** 1167,1206 **** + return(0); + } + +- static int +- xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlChar* buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- buf = xmlSecNssX509NameWrite(&(cert->subject)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameWrite(&(cert->subject))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); +- xmlFree(buf); +- return(-1); +- } +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- return(0); +- } +- + static int + xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +--- 1081,1086 ---- +*************** +*** 1226,1246 **** + } + + cur = xmlSecGetNextElementNode(node->children); +! if(cur == NULL) { +! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +! XMLSEC_ERRORS_R_NODE_NOT_FOUND, +! "node=%s", +! xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); +! return(-1); +! } +! return(0); +! } +! + /* the first is required node X509IssuerName */ +! if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +--- 1106,1114 ---- + } + + cur = xmlSecGetNextElementNode(node->children); +! + /* the first is required node X509IssuerName */ +! if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), +*************** +*** 1332,1409 **** + return(0); + } + +- static int +- xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlNodePtr cur; +- xmlNodePtr issuerNameNode; +- xmlNodePtr issuerNumberNode; +- xmlChar* buf; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- /* create xml nodes */ +- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); +- return(-1); +- } +- +- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); +- if(issuerNameNode == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); +- return(-1); +- } +- +- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); +- if(issuerNumberNode == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); +- return(-1); +- } +- +- /* write data */ +- buf = xmlSecNssX509NameWrite(&(cert->issuer)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509NameWrite(&(cert->issuer))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- xmlNodeSetContent(issuerNameNode, buf); +- xmlFree(buf); +- +- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- xmlNodeSetContent(issuerNumberNode, buf); +- xmlFree(buf); +- +- return(0); +- } +- + static int + xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr x509Store; +--- 1200,1205 ---- +*************** +*** 1427,1446 **** + } + + ski = xmlNodeGetContent(node); +! if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { +! if(ski != NULL) { +! xmlFree(ski); +! } +! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +! "node=%s", +! xmlSecErrorsSafeString(xmlSecNodeX509SKI)); +! return(-1); +! } +! return(0); + } + + cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); +--- 1223,1236 ---- + } + + ski = xmlNodeGetContent(node); +! if(ski == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +! "node=%s", +! xmlSecErrorsSafeString(xmlSecNodeX509SKI)); +! return(-1); + } + + cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); +*************** +*** 1475,1515 **** + return(0); + } + +- static int +- xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { +- xmlChar *buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(cert != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- +- buf = xmlSecNssX509SKIWrite(cert); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509SKIWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "new_node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); +- xmlFree(buf); +- return(-1); +- } +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- +- return(0); +- } +- + static int + xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlChar *content; +--- 1265,1270 ---- +*************** +*** 1520,1538 **** + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); +! if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { +! if(content != NULL) { +! xmlFree(content); +! } +! if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! return(0); + } + + crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); +--- 1275,1287 ---- + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); +! if(content == NULL){ +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), +! xmlSecErrorsSafeString(xmlSecNodeGetName(node)), +! XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); + } + + crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); +*************** +*** 1552,1598 **** + } + + static int +- xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +- xmlChar* buf = NULL; +- xmlNodePtr cur = NULL; +- +- xmlSecAssert2(crl != NULL, -1); +- xmlSecAssert2(node != NULL, -1); +- xmlSecAssert2(keyInfoCtx != NULL, -1); +- +- /* set base64 lines size from context */ +- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); +- if(buf == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecNssX509CrlBase64DerWrite", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(-1); +- } +- +- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); +- if(cur == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecAddChild", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- "new_node=%s", +- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); +- xmlFree(buf); +- return(-1); +- } +- /* todo: add \n around base64 data - from context */ +- /* todo: add errors check */ +- xmlNodeSetContent(cur, xmlSecStringCR); +- xmlNodeSetContent(cur, buf); +- xmlFree(buf); +- +- return(0); +- } +- +- +- static int + xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecNssX509DataCtxPtr ctx; +--- 1301,1306 ---- +*************** +*** 1600,1605 **** +--- 1308,1317 ---- + int ret; + SECStatus status; + PRTime notBefore, notAfter; ++ ++ PK11SlotInfo* slot ; ++ SECKEYPublicKey *pubKey = NULL; ++ SECKEYPrivateKey *priKey = NULL; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); + xmlSecAssert2(key != NULL, -1); +*************** +*** 1632,1641 **** + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +--- 1344,1356 ---- + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CERT_DupCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(-1); + } + ++ /*- ++ * Get Public key from cert, which does not always work for sign action. ++ * + keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, +*************** +*** 1645,1650 **** +--- 1360,1413 ---- + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } ++ */ ++ ++ /*- ++ * I'll search key according to KeyReq. ++ */ ++ slot = cert->slot ; ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { ++ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "PK11_FindPrivateKeyFromCert" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ return -1 ; ++ } ++ } ++ ++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { ++ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "CERT_ExtractPublicKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ if( priKey != NULL ) ++ SECKEY_DestroyPrivateKey( priKey ) ; ++ return -1 ; ++ } ++ } ++ ++ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); ++ if( keyValue == NULL ) { ++ xmlSecError( XMLSEC_ERRORS_HERE , ++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , ++ "xmlSecNssPKIAdoptKey" , ++ XMLSEC_ERRORS_R_CRYPTO_FAILED , ++ XMLSEC_ERRORS_NO_MESSAGE ) ; ++ ++ if( priKey != NULL ) ++ SECKEY_DestroyPrivateKey( priKey ) ; ++ ++ if( pubKey != NULL ) ++ SECKEY_DestroyPublicKey( pubKey ) ; ++ ++ return -1 ; ++ } ++ /* Modify keyValue get Done */ + + /* verify that the key matches our expectations */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { +*************** +*** 1725,1738 **** + return(0); + } + +- /** +- * xmlSecNssX509CertGetKey: +- * @cert: the certificate. +- * +- * Extracts public key from the @cert. +- * +- * Returns public key value or NULL if an error occurs. +- */ + xmlSecKeyDataPtr + xmlSecNssX509CertGetKey(CERTCertificate* cert) { + xmlSecKeyDataPtr data; +--- 1488,1493 ---- +*************** +*** 1746,1752 **** + NULL, + "CERT_ExtractPublicKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + +--- 1501,1507 ---- + NULL, + "CERT_ExtractPublicKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(NULL); + } + +*************** +*** 1804,1810 **** + NULL, + "__CERT_NewTempCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + +--- 1559,1565 ---- + NULL, + "__CERT_NewTempCertificate", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(NULL); + } + +*************** +*** 1827,1833 **** + NULL, + "cert->derCert", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + +--- 1582,1588 ---- + NULL, + "cert->derCert", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(NULL); + } + +*************** +*** 1890,1896 **** + NULL, + "PK11_GetInternalKeySlot", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return NULL; + } + +--- 1645,1651 ---- + NULL, + "PK11_GetInternalKeySlot", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return NULL; + } + +*************** +*** 1905,1911 **** + NULL, + "PK11_ImportCRL", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + PK11_FreeSlot(slot); + return(NULL); + } +--- 1660,1666 ---- + NULL, + "PK11_ImportCRL", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + PK11_FreeSlot(slot); + return(NULL); + } +*************** +*** 1929,1935 **** + NULL, + "crl->derCrl", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + +--- 1684,1690 ---- + NULL, + "crl->derCrl", + XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); + return(NULL); + } + +*************** +*** 1946,2031 **** + return(res); + } + +- static xmlChar* +- xmlSecNssX509NameWrite(CERTName* nm) { +- xmlChar *res = NULL; +- char *str; +- +- xmlSecAssert2(nm != NULL, NULL); +- +- str = CERT_NameToAscii(nm); +- if (str == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_NameToAscii", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- return(NULL); +- } +- +- res = xmlStrdup(BAD_CAST str); +- if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlStrdup", +- XMLSEC_ERRORS_R_MALLOC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- PORT_Free(str); +- return(NULL); +- } +- PORT_Free(str); +- return(res); +- } +- +- static xmlChar* +- xmlSecNssASN1IntegerWrite(SECItem *num) { +- xmlChar *res = NULL; +- +- xmlSecAssert2(num != NULL, NULL); +- +- /* TODO : to be implemented after +- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed +- */ +- return(res); +- } +- +- static xmlChar* +- xmlSecNssX509SKIWrite(CERTCertificate* cert) { +- xmlChar *res = NULL; +- SECItem ski; +- SECStatus rv; +- +- xmlSecAssert2(cert != NULL, NULL); +- +- memset(&ski, 0, sizeof(ski)); +- +- rv = CERT_FindSubjectKeyIDExtension(cert, &ski); +- if (rv != SECSuccess) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "CERT_FindSubjectKeyIDExtension", +- XMLSEC_ERRORS_R_CRYPTO_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- SECITEM_FreeItem(&ski, PR_FALSE); +- return(NULL); +- } +- +- res = xmlSecBase64Encode(ski.data, ski.len, 0); +- if(res == NULL) { +- xmlSecError(XMLSEC_ERRORS_HERE, +- NULL, +- "xmlSecBase64Encode", +- XMLSEC_ERRORS_R_XMLSEC_FAILED, +- XMLSEC_ERRORS_NO_MESSAGE); +- SECITEM_FreeItem(&ski, PR_FALSE); +- return(NULL); +- } +- SECITEM_FreeItem(&ski, PR_FALSE); +- +- return(res); +- } +- +- + static void + xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { + SECItem *sn; +--- 1701,1706 ---- +*** misc/xmlsec1-1.2.6/src/nss/x509vfy.c 2003-09-26 08:58:15.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/src/nss/x509vfy.c 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 30,35 **** +--- 30,36 ---- + #include <xmlsec/keyinfo.h> + #include <xmlsec/keysmngr.h> + #include <xmlsec/base64.h> ++ #include <xmlsec/bn.h> + #include <xmlsec/errors.h> + + #include <xmlsec/nss/crypto.h> +*************** +*** 43,50 **** + typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, + *xmlSecNssX509StoreCtxPtr; + struct _xmlSecNssX509StoreCtx { +! CERTCertList* certsList; /* just keeping a reference to destroy later */ +! }; + + /**************************************************************************** + * +--- 44,51 ---- + typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx, + *xmlSecNssX509StoreCtxPtr; + struct _xmlSecNssX509StoreCtx { +! CERTCertList* certsList; /* just keeping a reference to destroy later */ +! }; + + /**************************************************************************** + * +*************** +*** 54,98 **** + * + ***************************************************************************/ + #define xmlSecNssX509StoreGetCtx(store) \ +! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ +! sizeof(xmlSecKeyDataStoreKlass))) + #define xmlSecNssX509StoreSize \ +! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) + + static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); + static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); +- static int xmlSecNssX509NameStringRead (xmlSecByte **str, +- int *strLen, +- xmlSecByte *res, +- int resLen, +- xmlSecByte delim, +- int ingoreTrailingSpaces); +- static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, +- int len); +- +- static void xmlSecNssNumToItem(SECItem *it, unsigned long num); + + + static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { +! sizeof(xmlSecKeyDataStoreKlass), +! xmlSecNssX509StoreSize, + +! /* data */ +! xmlSecNameX509Store, /* const xmlChar* name; */ +! +! /* constructors/destructor */ +! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ +! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ +! +! /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ + }; + + static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, +! xmlChar *issuerName, +! xmlChar *issuerSerial, +! xmlChar *ski); + + + /** +--- 55,90 ---- + * + ***************************************************************************/ + #define xmlSecNssX509StoreGetCtx(store) \ +! ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ +! sizeof(xmlSecKeyDataStoreKlass))) + #define xmlSecNssX509StoreSize \ +! (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx)) + + static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); + static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); + ++ static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; + + static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { +! sizeof(xmlSecKeyDataStoreKlass), +! xmlSecNssX509StoreSize, + +! /* data */ +! xmlSecNameX509Store, /* const xmlChar* name; */ +! +! /* constructors/destructor */ +! xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ +! xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ +! +! /* reserved for the future */ +! NULL, /* void* reserved0; */ +! NULL, /* void* reserved1; */ + }; + + static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName, +! xmlChar *issuerName, +! xmlChar *issuerSerial, +! xmlChar *ski); + + + /** +*************** +*** 104,110 **** + */ + xmlSecKeyDataStoreId + xmlSecNssX509StoreGetKlass(void) { +! return(&xmlSecNssX509StoreKlass); + } + + /** +--- 96,102 ---- + */ + xmlSecKeyDataStoreId + xmlSecNssX509StoreGetKlass(void) { +! return(&xmlSecNssX509StoreKlass); + } + + /** +*************** +*** 125,139 **** + xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, + xmlChar *issuerName, xmlChar *issuerSerial, + xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { +! xmlSecNssX509StoreCtxPtr ctx; +! +! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); +! xmlSecAssert2(keyInfoCtx != NULL, NULL); + +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert2(ctx != NULL, NULL); + +! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); + } + + /** +--- 117,131 ---- + xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, + xmlChar *issuerName, xmlChar *issuerSerial, + xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) { +! xmlSecNssX509StoreCtxPtr ctx; +! +! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); +! xmlSecAssert2(keyInfoCtx != NULL, NULL); + +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert2(ctx != NULL, NULL); + +! return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski)); + } + + /** +*************** +*** 148,263 **** + */ + CERTCertificate * + xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, +! xmlSecKeyInfoCtx* keyInfoCtx) { +! xmlSecNssX509StoreCtxPtr ctx; +! CERTCertListNode* head; +! CERTCertificate* cert = NULL; +! CERTCertListNode* head1; +! CERTCertificate* cert1 = NULL; +! SECStatus status = SECFailure; +! int64 timeboundary; +! int64 tmp1, tmp2; +! +! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); +! xmlSecAssert2(certs != NULL, NULL); +! xmlSecAssert2(keyInfoCtx != NULL, NULL); +! +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert2(ctx != NULL, NULL); +! +! for (head = CERT_LIST_HEAD(certs); +! !CERT_LIST_END(head, certs); +! head = CERT_LIST_NEXT(head)) { +! cert = head->cert; + if(keyInfoCtx->certsVerificationTime > 0) { +! /* convert the time since epoch in seconds to microseconds */ +! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); +! tmp1 = (int64)PR_USEC_PER_SEC; +! tmp2 = timeboundary; +! LL_MUL(timeboundary, tmp1, tmp2); + } else { +! timeboundary = PR_Now(); + } + + /* if cert is the issuer of any other cert in the list, then it is + * to be skipped */ + for (head1 = CERT_LIST_HEAD(certs); +! !CERT_LIST_END(head1, certs); +! head1 = CERT_LIST_NEXT(head1)) { + +! cert1 = head1->cert; +! if (cert1 == cert) { + continue; +! } + +! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) +! == SECEqual) { + break; +! } + } + + if (!CERT_LIST_END(head1, certs)) { +! continue; + } + + status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), + cert, PR_FALSE, + (SECCertificateUsage)0, +! timeboundary , NULL, NULL, NULL); + if (status == SECSuccess) { +! break; + } +- } + +! if (status == SECSuccess) { + return (cert); +! } +! +! switch(PORT_GetError()) { + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_CA_CERT_INVALID: + case SEC_ERROR_UNKNOWN_SIGNER: +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! NULL, +! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, +! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", +! cert->subjectName); +! break; + case SEC_ERROR_EXPIRED_CERTIFICATE: +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! NULL, +! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, +! "cert with subject name %s has expired", +! cert->subjectName); +! break; + case SEC_ERROR_REVOKED_CERTIFICATE: +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! NULL, +! XMLSEC_ERRORS_R_CERT_REVOKED, +! "cert with subject name %s has been revoked", +! cert->subjectName); +! break; + default: +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! NULL, +! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, +! "cert with subject name %s could not be verified", +! cert->subjectName); +! break; +! } + +! return (NULL); + } + + /** + * xmlSecNssX509StoreAdoptCert: +! * @store: the pointer to X509 key data store klass. +! * @cert: the pointer to NSS X509 certificate. +! * @type: the certificate type (trusted/untrusted). + * + * Adds trusted (root) or untrusted certificate to the store. + * +--- 140,256 ---- + */ + CERTCertificate * + xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, +! xmlSecKeyInfoCtx* keyInfoCtx) { +! xmlSecNssX509StoreCtxPtr ctx; +! CERTCertListNode* head; +! CERTCertificate* cert = NULL; +! CERTCertListNode* head1; +! CERTCertificate* cert1 = NULL; +! SECStatus status = SECFailure; +! int64 timeboundary; +! int64 tmp1, tmp2; +! +! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); +! xmlSecAssert2(certs != NULL, NULL); +! xmlSecAssert2(keyInfoCtx != NULL, NULL); +! +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert2(ctx != NULL, NULL); +! +! for (head = CERT_LIST_HEAD(certs); +! !CERT_LIST_END(head, certs); +! head = CERT_LIST_NEXT(head)) { +! cert = head->cert; + if(keyInfoCtx->certsVerificationTime > 0) { +! /* convert the time since epoch in seconds to microseconds */ +! LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); +! tmp1 = (int64)PR_USEC_PER_SEC; +! tmp2 = timeboundary; +! LL_MUL(timeboundary, tmp1, tmp2); + } else { +! timeboundary = PR_Now(); + } + + /* if cert is the issuer of any other cert in the list, then it is + * to be skipped */ + for (head1 = CERT_LIST_HEAD(certs); +! !CERT_LIST_END(head1, certs); +! head1 = CERT_LIST_NEXT(head1)) { + +! cert1 = head1->cert; +! if (cert1 == cert) { + continue; +! } + +! if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject) +! == SECEqual) { + break; +! } + } + + if (!CERT_LIST_END(head1, certs)) { +! continue; + } + + status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), + cert, PR_FALSE, + (SECCertificateUsage)0, +! timeboundary , NULL, NULL, NULL); + if (status == SECSuccess) { +! break; +! } + } + +! if (status == SECSuccess) { + return (cert); +! } +! +! switch(PORT_GetError()) { + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_CA_CERT_INVALID: + case SEC_ERROR_UNKNOWN_SIGNER: +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! NULL, +! XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, +! "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", +! cert->subjectName); +! break; + case SEC_ERROR_EXPIRED_CERTIFICATE: +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! NULL, +! XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, +! "cert with subject name %s has expired", +! cert->subjectName); +! break; + case SEC_ERROR_REVOKED_CERTIFICATE: +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! NULL, +! XMLSEC_ERRORS_R_CERT_REVOKED, +! "cert with subject name %s has been revoked", +! cert->subjectName); +! break; + default: +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! NULL, +! XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, +! "cert with subject name %s could not be verified, errcode %d", +! cert->subjectName, +! PORT_GetError()); +! break; +! } + +! return (NULL); + } + + /** + * xmlSecNssX509StoreAdoptCert: +! * @store: the pointer to X509 key data store klass. +! * @cert: the pointer to NSS X509 certificate. +! * @type: the certificate type (trusted/untrusted). + * + * Adds trusted (root) or untrusted certificate to the store. + * +*************** +*** 265,331 **** + */ + int + xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +! xmlSecNssX509StoreCtxPtr ctx; +! int ret; + +! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); +! xmlSecAssert2(cert != NULL, -1); + +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert2(ctx != NULL, -1); + +! if(ctx->certsList == NULL) { +! ctx->certsList = CERT_NewCertList(); +! if(ctx->certsList == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! "CERT_NewCertList", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } +! } +! +! ret = CERT_AddCertToListTail(ctx->certsList, cert); +! if(ret != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! "CERT_AddCertToListTail", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(-1); +! } + +! return(0); + } + + static int + xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { +! xmlSecNssX509StoreCtxPtr ctx; +! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); + +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert2(ctx != NULL, -1); + +! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); + +! return(0); + } + + static void + xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { +! xmlSecNssX509StoreCtxPtr ctx; +! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); + +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert(ctx != NULL); +! +! if (ctx->certsList) { + CERT_DestroyCertList(ctx->certsList); + ctx->certsList = NULL; +! } + +! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); + } + + +--- 258,324 ---- + */ + int + xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +! xmlSecNssX509StoreCtxPtr ctx; +! int ret; +! +! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); +! xmlSecAssert2(cert != NULL, -1); + +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert2(ctx != NULL, -1); + +! if(ctx->certsList == NULL) { +! ctx->certsList = CERT_NewCertList(); +! if(ctx->certsList == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! "CERT_NewCertList", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); +! return(-1); +! } +! } + +! ret = CERT_AddCertToListTail(ctx->certsList, cert); +! if(ret != SECSuccess) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), +! "CERT_AddCertToListTail", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); +! return(-1); +! } + +! return(0); + } + + static int + xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) { +! xmlSecNssX509StoreCtxPtr ctx; +! xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1); + +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert2(ctx != NULL, -1); + +! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); + +! return(0); + } + + static void + xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) { +! xmlSecNssX509StoreCtxPtr ctx; +! xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId)); + +! ctx = xmlSecNssX509StoreGetCtx(store); +! xmlSecAssert(ctx != NULL); +! +! if (ctx->certsList) { + CERT_DestroyCertList(ctx->certsList); + ctx->certsList = NULL; +! } + +! memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx)); + } + + +*************** +*** 340,715 **** + */ + static CERTCertificate* + xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, +! xmlChar *issuerSerial, xmlChar *ski) { +! CERTCertificate *cert = NULL; +! xmlChar *p = NULL; +! CERTName *name = NULL; +! SECItem *nameitem = NULL; +! PRArenaPool *arena = NULL; +! +! if (subjectName != NULL) { +! p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); +! if (p == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssX509NameRead", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "subject=%s", +! xmlSecErrorsSafeString(subjectName)); +! goto done; +! } +! +! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); +! if (arena == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PORT_NewArena", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! +! name = CERT_AsciiToName((char*)p); +! if (name == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CERT_AsciiToName", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! +! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, +! SEC_ASN1_GET(CERT_NameTemplate)); +! if (nameitem == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "SEC_ASN1EncodeItem", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! +! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); +! goto done; +! } +! +! if((issuerName != NULL) && (issuerSerial != NULL)) { +! CERTIssuerAndSN issuerAndSN; +! +! p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); +! if (p == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssX509NameRead", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "issuer=%s", +! xmlSecErrorsSafeString(issuerName)); +! goto done; +! } +! +! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); +! if (arena == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PORT_NewArena", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! +! name = CERT_AsciiToName((char*)p); +! if (name == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CERT_AsciiToName", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! +! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, +! SEC_ASN1_GET(CERT_NameTemplate)); +! if (nameitem == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "SEC_ASN1EncodeItem", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! +! memset(&issuerAndSN, 0, sizeof(issuerAndSN)); + +! issuerAndSN.derIssuer.data = nameitem->data; +! issuerAndSN.derIssuer.len = nameitem->len; + +! /* TBD: serial num can be arbitrarily long */ +! xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); + +! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), +! &issuerAndSN); +! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); +! goto done; +! } +! +! if(ski != NULL) { +! SECItem subjKeyID; +! int len; +! +! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); +! if(len < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBase64Decode", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "ski=%s", +! xmlSecErrorsSafeString(ski)); +! goto done; +! } +! +! memset(&subjKeyID, 0, sizeof(subjKeyID)); +! subjKeyID.data = ski; +! subjKeyID.len = xmlStrlen(ski); +! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), +! &subjKeyID); +! } + +! done: +! if (p != NULL) { +! PORT_Free(p); +! } +! if (arena != NULL) { +! PORT_FreeArena(arena, PR_FALSE); +! } +! if (name != NULL) { +! CERT_DestroyName(name); +! } + +! return(cert); +! } + +! /** +! * xmlSecNssX509NameRead: +! */ +! static xmlSecByte * +! xmlSecNssX509NameRead(xmlSecByte *str, int len) { +! xmlSecByte name[256]; +! xmlSecByte value[256]; +! xmlSecByte *retval = NULL; +! xmlSecByte *p = NULL; +! int nameLen, valueLen; +! +! xmlSecAssert2(str != NULL, NULL); +! +! /* return string should be no longer than input string */ +! retval = (xmlSecByte *)PORT_Alloc(len+1); +! if(retval == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PORT_Alloc", +! XMLSEC_ERRORS_R_MALLOC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! return(NULL); +! } +! p = retval; +! +! while(len > 0) { +! /* skip spaces after comma or semicolon */ +! while((len > 0) && isspace(*str)) { +! ++str; --len; +! } +! +! nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); +! if(nameLen < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecNssX509NameStringRead", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! memcpy(p, name, nameLen); +! p+=nameLen; +! *p++='='; +! if(len > 0) { +! ++str; --len; +! if((*str) == '\"') { +! valueLen = xmlSecNssX509NameStringRead(&str, &len, +! value, sizeof(value), '"', 1); +! if(valueLen < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +! "xmlSecNssX509NameStringRead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! /* skip spaces before comma or semicolon */ +! while((len > 0) && isspace(*str)) { +! ++str; --len; +! } +! if((len > 0) && ((*str) != ',')) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "comma is expected"); +! goto done; + } +! if(len > 0) { +! ++str; --len; + } +! *p++='\"'; +! memcpy(p, value, valueLen); +! p+=valueLen; +! *p++='\"'; +! } else if((*str) == '#') { +! /* TODO: read octect values */ +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "reading octect values is not implemented yet"); +! goto done; +! } else { +! valueLen = xmlSecNssX509NameStringRead(&str, &len, +! value, sizeof(value), ',', 1); +! if(valueLen < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +! "xmlSecNssX509NameStringRead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +! XMLSEC_ERRORS_NO_MESSAGE); +! goto done; +! } +! memcpy(p, value, valueLen); +! p+=valueLen; +! if (len > 0) +! *p++=','; +! } +! } else { +! valueLen = 0; + } +! if(len > 0) { +! ++str; --len; +! } +! } +! +! *p = 0; +! return(retval); +! + done: +! PORT_Free(retval); +! return (NULL); + } + + + +! /** +! * xmlSecNssX509NameStringRead: +! */ +! static int +! xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, +! xmlSecByte *res, int resLen, +! xmlSecByte delim, int ingoreTrailingSpaces) { +! xmlSecByte *p, *q, *nonSpace; +! +! xmlSecAssert2(str != NULL, -1); +! xmlSecAssert2(strLen != NULL, -1); +! xmlSecAssert2(res != NULL, -1); +! +! p = (*str); +! nonSpace = q = res; +! while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { +! if((*p) != '\\') { +! if(ingoreTrailingSpaces && !isspace(*p)) { +! nonSpace = q; +! } +! *(q++) = *(p++); +! } else { +! ++p; +! nonSpace = q; +! if(xmlSecIsHex((*p))) { +! if((p - (*str) + 1) >= (*strLen)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "two hex digits expected"); +! return(-1); +! } +! *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); +! p += 2; +! } else { +! if(((++p) - (*str)) >= (*strLen)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_DATA, +! "escaped symbol missed"); +! return(-1); +! } +! *(q++) = *(p++); +! } +! } +! } +! if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! NULL, +! XMLSEC_ERRORS_R_INVALID_SIZE, +! "buffer is too small"); +! return(-1); +! } +! (*strLen) -= (p - (*str)); +! (*str) = p; +! return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); +! } + +! /* code lifted from NSS */ +! static void +! xmlSecNssNumToItem(SECItem *it, unsigned long ui) +! { +! unsigned char bb[5]; +! int len; +! +! bb[0] = 0; +! bb[1] = (unsigned char) (ui >> 24); +! bb[2] = (unsigned char) (ui >> 16); +! bb[3] = (unsigned char) (ui >> 8); +! bb[4] = (unsigned char) (ui); +! +! /* +! ** Small integers are encoded in a single byte. Larger integers +! ** require progressively more space. +! */ +! if (ui > 0x7f) { +! if (ui > 0x7fff) { +! if (ui > 0x7fffffL) { +! if (ui >= 0x80000000L) { +! len = 5; +! } else { +! len = 4; +! } +! } else { +! len = 3; +! } +! } else { +! len = 2; +! } +! } else { +! len = 1; +! } +! +! it->data = (unsigned char *)PORT_Alloc(len); +! if (it->data == NULL) { +! return; +! } + +! it->len = len; +! PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); + } +- #endif /* XMLSEC_NO_X509 */ + + +--- 333,545 ---- + */ + static CERTCertificate* + xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, +! xmlChar *issuerSerial, xmlChar *ski) { +! CERTCertificate *cert = NULL; +! CERTName *name = NULL; +! SECItem *nameitem = NULL; +! PRArenaPool *arena = NULL; +! +! if (subjectName != NULL) { +! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); +! if (arena == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PORT_NewArena", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); +! goto done; +! } + +! name = CERT_AsciiToName((char*)subjectName); +! if (name == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "CERT_AsciiToName", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "error code=%d", PORT_GetError()); +! goto done; +! } + +! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, +! SEC_ASN1_GET(CERT_NameTemplate)); +! if (nameitem == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "SEC_ASN1EncodeItem", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "error code=%d", PORT_GetError()); +! goto done; +! } + +! cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem); +! goto done; +! } + +! if((issuerName != NULL) && (issuerSerial != NULL)) { +! CERTIssuerAndSN issuerAndSN; + +! arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); +! if (arena == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "PORT_NewArena", +! XMLSEC_ERRORS_R_CRYPTO_FAILED, +! "error code=%d", PORT_GetError()); +! goto done; +! } + +! name = CERT_AsciiToName((char*)issuerName); +! if (name == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +! "CERT_AsciiToName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "error code=%d", PORT_GetError()); +! goto done; + } +! +! nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, +! SEC_ASN1_GET(CERT_NameTemplate)); +! if (nameitem == NULL) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "SEC_ASN1EncodeItem", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "error code=%d", PORT_GetError()); +! goto done; + } +! +! memset(&issuerAndSN, 0, sizeof(issuerAndSN)); +! +! issuerAndSN.derIssuer.data = nameitem->data; +! issuerAndSN.derIssuer.len = nameitem->len; +! +! if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { +! xmlSecError(XMLSEC_ERRORS_HERE, + NULL, +! "xmlSecNssIntegerToItem", + XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "serial number=%s", +! xmlSecErrorsSafeString(issuerSerial)); +! goto done; +! } +! +! cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), +! &issuerAndSN); +! SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); +! goto done; +! } +! +! if(ski != NULL) { +! SECItem subjKeyID; +! int len; +! +! len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); +! if(len < 0) { +! xmlSecError(XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBase64Decode", +! XMLSEC_ERRORS_R_XMLSEC_FAILED, +! "ski=%s", +! xmlSecErrorsSafeString(ski)); +! goto done; +! } +! +! memset(&subjKeyID, 0, sizeof(subjKeyID)); +! subjKeyID.data = ski; +! subjKeyID.len = xmlStrlen(ski); +! cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(), +! &subjKeyID); + } +! + done: +! if (arena != NULL) { +! PORT_FreeArena(arena, PR_FALSE); +! } +! if (name != NULL) { +! CERT_DestroyName(name); +! } +! +! return(cert); + } + ++ static int ++ xmlSecNssIntegerToItem( ++ const xmlChar* integer , ++ SECItem *item ++ ) { ++ xmlSecBn bn ; ++ xmlSecSize i, length ; ++ const xmlSecByte* bnInteger ; + ++ xmlSecAssert2( integer != NULL, -1 ) ; ++ xmlSecAssert2( item != NULL, -1 ) ; + +! if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnInitialize", +! XMLSEC_ERRORS_R_INVALID_DATA, +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! return -1 ; +! } + +! if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnFromDecString", +! XMLSEC_ERRORS_R_INVALID_DATA, +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecBnFinalize( &bn ) ; +! return -1 ; +! } +! +! length = xmlSecBnGetSize( &bn ) ; +! if( length <= 0 ) { +! xmlSecError( XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnGetSize", +! XMLSEC_ERRORS_R_INVALID_DATA, +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecBnFinalize( &bn ) ; +! return -1 ; +! } +! +! bnInteger = xmlSecBnGetData( &bn ) ; +! if( bnInteger == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE, +! NULL, +! "xmlSecBnGetData", +! XMLSEC_ERRORS_R_INVALID_DATA, +! XMLSEC_ERRORS_NO_MESSAGE ) ; + +! xmlSecBnFinalize( &bn ) ; +! return -1 ; +! } +! +! item->data = ( unsigned char * )PORT_Alloc( length ); +! if( item->data == NULL ) { +! xmlSecError( XMLSEC_ERRORS_HERE, +! NULL, +! "PORT_Alloc", +! XMLSEC_ERRORS_R_INVALID_DATA, +! XMLSEC_ERRORS_NO_MESSAGE ) ; +! +! xmlSecBnFinalize( &bn ) ; +! return -1 ; +! } +! +! item->len = length; +! +! for( i = 0 ; i < length ; i ++ ) +! item->data[i] = *( bnInteger + i ) ; +! +! xmlSecBnFinalize( &bn ) ; +! +! return 0 ; + } + ++ #endif /* XMLSEC_NO_X509 */ + +*** misc/xmlsec1-1.2.6/win32/Makefile.msvc 2004-06-09 22:35:12.000000000 +0800 +--- misc/build/xmlsec1-1.2.6/win32/Makefile.msvc 2005-02-23 11:06:39.000000000 +0800 +*************** +*** 223,228 **** +--- 223,232 ---- + $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj + + XMLSEC_NSS_OBJS = \ ++ $(XMLSEC_NSS_INTDIR)\akmngr.obj\ ++ $(XMLSEC_NSS_INTDIR)\keytrans.obj\ ++ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ ++ $(XMLSEC_NSS_INTDIR)\tokens.obj\ + $(XMLSEC_NSS_INTDIR)\app.obj\ + $(XMLSEC_NSS_INTDIR)\bignum.obj\ + $(XMLSEC_NSS_INTDIR)\ciphers.obj \ +*************** +*** 235,243 **** + $(XMLSEC_NSS_INTDIR)\x509.obj\ + $(XMLSEC_NSS_INTDIR)\x509vfy.obj\ + $(XMLSEC_NSS_INTDIR)\keysstore.obj\ +- $(XMLSEC_NSS_INTDIR)\kt_rsa.obj\ +- $(XMLSEC_NSS_INTDIR)\kw_des.obj\ +- $(XMLSEC_NSS_INTDIR)\kw_aes.obj\ + $(XMLSEC_NSS_INTDIR)\strings.obj + XMLSEC_NSS_OBJS_A = \ + $(XMLSEC_NSS_INTDIR_A)\app.obj\ +--- 239,244 ---- +*************** +*** 258,263 **** +--- 259,265 ---- + $(XMLSEC_NSS_INTDIR_A)\strings.obj + + XMLSEC_MSCRYPTO_OBJS = \ ++ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ + $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ + $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ + $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ +*************** +*** 376,382 **** + XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib + XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib + +! XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib + XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib + + XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib +--- 378,384 ---- + XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib + XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib + +! XMLSEC_NSS_SOLIBS = smime3.lib nss3.lib nspr4.lib kernel32.lib user32.lib gdi32.lib + XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib + + XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib |